Re: [yocto] Creating a EXT4 rootfs instead of EXT3: How?
Thanks for the reply Nicolas. It seems the problem is that .hddimg uses EXT3 by default (after looking at image_types.bbclass). The ROOTFS type for my build is set in /meta/conf/machine/include/ia32-base.inc: IMAGE_FSTYPES += live Is there a way to make the HDDIMG use EXT4 instead? Thanks, Nick On Wed, Jan 8, 2014 at 12:24 AM, Nicolas Dechesne nicolas.deche...@linaro.org wrote: On Tue, Jan 7, 2014 at 2:19 PM, Nick D'Ademo nickdad...@gmail.com wrote: Can't seem to get the build process to create a EXT4 filesystem - I've tried the following: in general, more details about the actual error you get would be more helpful. 1. Tried adding ROOTFSTYPE ?= *ext4* to the machine .conf file the variable name is IMAGE_FSTYPES, not ROOTFSTYPES. 2. Ensured EXT4 is enabled in the Linux kernel (using menuconfig) this would not impact the image generation, only at runtime when mounting the rootfs This is a build for the Intel NUC hardware. Anyone have any ideas on how to do this? ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] PR server question
I'm using a local PR server for my builds, working on my Linux kernel. When I run this sequence: $ bitbake virtual/kernel -c devshell ... fiddle with some kernel sources $ bitbake virtual/kernel -C compile; bitbake package-index I notice that the package revision for 'kernel-image-*' goes up by 3 on every iteration. Not that it makes much difference (or does it?), but does this make sense? Why does it not just increase by 1 since I've only actually rebuilt the package once? -- Gary Thomas | Consulting for the MLB Associates |Embedded world ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] PR server question
On Wed, Jan 08, 2014 at 05:00:12AM -0700, Gary Thomas wrote: I'm using a local PR server for my builds, working on my Linux kernel. When I run this sequence: $ bitbake virtual/kernel -c devshell ... fiddle with some kernel sources $ bitbake virtual/kernel -C compile; bitbake package-index I notice that the package revision for 'kernel-image-*' goes up by 3 on every iteration. Not that it makes much difference (or does it?), but does this make sense? Why does it not just increase by 1 since I've only actually rebuilt the package once? I don't remember if it was resolved already, but before it was caused by qemuarm/qemux86/qemux86-64 using different SRCREVs so it was bumped 3 times every time it was parsed (and causing continual rebuilds for multi-machine builds). Now the continual rebuilds should be fixed by PR server returning the same number to each MACHINE, but maybe there was something left. -- Gary Thomas | Consulting for the MLB Associates |Embedded world ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto -- Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com signature.asc Description: Digital signature ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Smart PM for upgrade the full image
Hi All, I have several targets deployed in multiple sites. Each target might be running a different version of the product rootfs image. When I release a new rootfs image I would like to use the smart command on each target at the customer site to upgrade the software to the latest image. Going through each package and install it separately is inefficient way of handling the upgrade and I don't expect the customer to have the knowledge for doing so. What we really need is a smart command to compare the latest rootfs image and install, remove or un-change packages based on what is currently installed. Can the smart command achieve that or do I need to write my own script? Thanks, -- *Tarek* ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Smart PM for upgrade the full image
Hi Tarek, On Wednesday 08 January 2014 12:52:42 Tarek El-Sherbiny wrote: I have several targets deployed in multiple sites. Each target might be running a different version of the product rootfs image. When I release a new rootfs image I would like to use the smart command on each target at the customer site to upgrade the software to the latest image. Going through each package and install it separately is inefficient way of handling the upgrade and I don't expect the customer to have the knowledge for doing so. What we really need is a smart command to compare the latest rootfs image and install, remove or un-change packages based on what is currently installed. Can the smart command achieve that or do I need to write my own script? Isn't this the same question you asked the other day? i.e., this is smart upgrade. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Smart PM for upgrade the full image
Hi Paul, Thank you for your replay. Smart upgrade only upgrades packages that is currently installed. It doesn't install new packages nor remove unwanted packages. Is that not true? Thanks, Tarek On Wed, Jan 8, 2014 at 1:33 PM, Paul Eggleton paul.eggle...@linux.intel.com wrote: Hi Tarek, On Wednesday 08 January 2014 12:52:42 Tarek El-Sherbiny wrote: I have several targets deployed in multiple sites. Each target might be running a different version of the product rootfs image. When I release a new rootfs image I would like to use the smart command on each target at the customer site to upgrade the software to the latest image. Going through each package and install it separately is inefficient way of handling the upgrade and I don't expect the customer to have the knowledge for doing so. What we really need is a smart command to compare the latest rootfs image and install, remove or un-change packages based on what is currently installed. Can the smart command achieve that or do I need to write my own script? Isn't this the same question you asked the other day? i.e., this is smart upgrade. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre -- *Tarek* ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Creating a EXT4 rootfs instead of EXT3: How?
On Wed, Jan 8, 2014 at 11:55 AM, Nick D'Ademo nickdad...@gmail.com wrote: Thanks for the reply Nicolas. It seems the problem is that .hddimg uses EXT3 by default (after looking at image_types.bbclass). yeah, you're right. ext3 is pretty much hard coded there (and in image-live.bbclass) The ROOTFS type for my build is set in /meta/conf/machine/include/ia32-base.inc: IMAGE_FSTYPES += live Is there a way to make the HDDIMG use EXT4 instead? i don't know if there is a technical reason why ext3 is being hardcoded. right now it doesn't seem possible to easily use ext4. ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Problem Question about FILES_${PN}
On Tue, Jan 7, 2014 at 9:59 PM, Reeve Yang reeve.y...@gmail.com wrote: As you suggested, I removed ${libdir}/${BPN}/*${SOLIBSDEV} from FILES_${PN}-dev, but now I'm getting this error: ERROR: QA Issue: non -dev/-dbg/-nativesdk package contains symlink .so: syslog-ng path '/work/x86_64-poky-linux/syslog-ng/3.2.5-r12.1/packages-split/syslog-ng/usr/lib64/syslog-ng/libafsocket.so' ERROR: QA run found fatal errors. Please consider fixing them. ERROR: Function failed: do_package_qa ERROR: Logfile of failure stored in: /home2/reeve-ws/yocto-dylan-merge/build/tmp/work/x86_64-poky-linux/syslog-ng/3.2.5-r12.1/temp/log.do_package.16779 ERROR: Task 6 (/home2/reeve-ws/yocto-dylan-merge/meta-openembedded/meta-oe/recipes-support/nonworking/syslog-ng/ syslog-ng_3.2.5.bb, do_package) failed with exit code '1' right, this is a 'sanity' check which is done in meta/classes/insane.bbclass to make sure that .so symlink only go in the -dev packages. i am not familiar with your situation and syslog-ng build, but I would expect plugins DLL (e.g. .so files) to be real files, not symlink. symlink .so are typically used for library (linker name vs soname). a good similar example is the Gstreamer plugins which are real .so files. It looks main binary package doesn't have a symlink of .so. How to fix that? it is right for OE to prevent you from having symlink .so in binary packages (to me), so you might need to understand why you get them in the first place. ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Smart PM for upgrade the full image
On Wednesday 08 January 2014 14:07:57 Tarek El-Sherbiny wrote: On Wed, Jan 8, 2014 at 1:33 PM, Paul Eggleton paul.eggle...@linux.intel.com wrote: On Wednesday 08 January 2014 12:52:42 Tarek El-Sherbiny wrote: I have several targets deployed in multiple sites. Each target might be running a different version of the product rootfs image. When I release a new rootfs image I would like to use the smart command on each target at the customer site to upgrade the software to the latest image. Going through each package and install it separately is inefficient way of handling the upgrade and I don't expect the customer to have the knowledge for doing so. What we really need is a smart command to compare the latest rootfs image and install, remove or un-change packages based on what is currently installed. Can the smart command achieve that or do I need to write my own script? Isn't this the same question you asked the other day? i.e., this is smart upgrade. Smart upgrade only upgrades packages that is currently installed. It doesn't install new packages nor remove unwanted packages. Is that not true? That is true, yes. As far as I know, smart has no capabilities in this area beyond what is offered through conflicts - and for situations where one package replaces another, with any of the package management backends we support you should use RPROVIDES + RREPLACES + RCONFLICTS to ensure that the old name is redirected to the new name, new package is installed automatically, and the old package is removed (respectively). If it's a straight old image - new image upgrade, you'll probably have to look at other tools; package managers don't really handle this situation well - at least not out of the box. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Smart PM for upgrade the full image
Hi Paul, Thanks for your reply. As a work around I think I can dump a list of the installed packages from a target that is running the latest SW. $smart query --installed --hide-version file.txt Then on customer targets I could run the install command: $smart install `echo $(cat file.txt)` -y At least this is going to update currently installed packages as well as install new ones. I still need to write a script to remove unwanted ones. Thanks, Tarek On Wed, Jan 8, 2014 at 3:39 PM, Paul Eggleton paul.eggle...@linux.intel.com wrote: On Wednesday 08 January 2014 14:07:57 Tarek El-Sherbiny wrote: On Wed, Jan 8, 2014 at 1:33 PM, Paul Eggleton paul.eggle...@linux.intel.com wrote: On Wednesday 08 January 2014 12:52:42 Tarek El-Sherbiny wrote: I have several targets deployed in multiple sites. Each target might be running a different version of the product rootfs image. When I release a new rootfs image I would like to use the smart command on each target at the customer site to upgrade the software to the latest image. Going through each package and install it separately is inefficient way of handling the upgrade and I don't expect the customer to have the knowledge for doing so. What we really need is a smart command to compare the latest rootfs image and install, remove or un-change packages based on what is currently installed. Can the smart command achieve that or do I need to write my own script? Isn't this the same question you asked the other day? i.e., this is smart upgrade. Smart upgrade only upgrades packages that is currently installed. It doesn't install new packages nor remove unwanted packages. Is that not true? That is true, yes. As far as I know, smart has no capabilities in this area beyond what is offered through conflicts - and for situations where one package replaces another, with any of the package management backends we support you should use RPROVIDES + RREPLACES + RCONFLICTS to ensure that the old name is redirected to the new name, new package is installed automatically, and the old package is removed (respectively). If it's a straight old image - new image upgrade, you'll probably have to look at other tools; package managers don't really handle this situation well - at least not out of the box. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre -- *Tarek* ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Initial posting..
To whom it may concern, I am new to the Yocto Project (as is my company Biamp). We have started a new x86 project and bought 4 seats of Intel System Studio. I am using YoctoProject and have built a NUC image which works. I have tried using Hob with limited success. It seems to error out often when collecting packages from GIT whereas the command lines tools (bitbake) seem to work fine. Should I submit a specific bug report? Thanks, Jeff Jeff Sondermeyer * DSP Development Manager Biamp Systems * 9300 SW Gemini Drive, Beaverton, OR 97008 www.biamp.comhttp://www.biamp.com/ * dir. +1.503.718.9262 * tel. +1.503.641.7287 * fax +1.503.626.0281 [cid:image001.png@01CF0C68.A3F1D220] --- BIAMP SYSTEMS EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. ---inline: image001.png___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yocto and ccache
On 01/07/14 02:50, Søren Holm wrote: How to I make yocto utilize ccache - it does not seem to do it on it's own? I don't think it's necessary to explicitly use ccache since the OE/Yocto framework already provides a sstate.bbclass which implements this sort of logic and is designed to work better with the sorts of things bitbake does: http://www.yoctoproject.org/docs/1.6/ref-manual/ref-manual.html#shared-state-cache ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yocto and ccache
I don't think it's necessary to explicitly use ccache since the OE/Yocto framework already provides a sstate.bbclass which implements this sort of logic and is designed to work better with the sorts of things bitbake does: Yes, it does only cache complete compiled and packed recipes. My workflow will many times be tat I compile the same software with minor changes. And since it is always from scratch it will always take the same amount of time. Basically I use Jenkins for rebuilding my image and specific recipes are then tracking a branch in my application. -- Søren Holm ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] exception MalformedUrl error
Hi all, I tried to apply a patch directly to linux-gumstix_3.5.7.bb and kept .patch file in /yocto/poky/meta-gumstix/recipes-kernel/linux/linux-gumstix-3.5/ directory along with other patches, and ran bitbake gumstix-console-image. Output: ERROR: ExpansionError during parsing /home/zaif/yocto/poky/meta-gumstix/recipes-kernel/linux/linux-gumstix_3.5.7.bb: Failure expanding expression ${@bb.fetch.get_checksum_file_list(d)} which triggered exception MalformedUrl: The URL: 'missing' is invalid and cannot be interpreted ERROR: Command execution failed: Exited with 1 I removed the patch file and patch entry from linux-gumstix_3.5.7.bb, then ran bitbake gumstix-console-image, I get the same error. I then ran bitbake -c cleansstate linux-gumstix-3.5 bitbake world hob All of these returned the same error: ERROR: ExpansionError during parsing /home/zaif/yocto/poky/meta-gumstix/recipes-kernel/linux/linux-gumstix_3.5.7.bb: Failure expanding expression ${@bb.fetch.get_checksum_file_list(d)} which triggered exception MalformedUrl: The URL: 'missing' is invalid and cannot be interpreted ERROR: Command execution failed: Exited with 1 I am trying to add this patch: http://pastebin.com/W3S6hW0M Did I messed up something ? -- Regards, Zafrullah Syed ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 00/10] selinux userspace: uprev packages to release 20131030
From: Wenzong Fan wenzong@windriver.com Changes: 1) Uprev selinux packages to release 20131030; 2) Fix build dependency to libsemanage; 3) Fix QA issues to policycoreutils; 4) Update LIC_FILES_CHKSUM for selinux packagegroups. Some Tests: 1) build test: - add meta-selinux path to conf/bblayers.conf; - add DISTRO_FEATURES_append= pam selinux to conf/local.conf; - build selinux image: $ bitbake core-image-selinux - add below configs to conf/local.conf and run image build: PREFERRED_VERSION_checkpolicy = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_libselinux = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_libsemanage = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_libsepol = 2.2+gitAUTOINC+edc2e99687 PREFERRED_VERSION_policycoreutils = 2.2.5+gitAUTOINC+edc2e99687 PREFERRED_VERSION_sepolgen = 1.2.1+gitAUTOINC+edc2e99687 All builds successfully. 2) basic verification on target: $ runqemu qemux86 core-image-selinux ext3 nographic qemuparams=-m 1024 qemux86 login: root root@qemux86:~# id -Z root:sysadm_r:sysadm_t:s0-s15:c0.c1023 root@qemux86:~# sestatus SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: mls Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219: policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/selinux-uprev http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/selinux-uprev Wenzong Fan (10): selinux userspace: uprev packages to release 20131030 checkpolicy: migrate SRC_URI to 2.2 libselinux: migrate SRC_URI and patches to 2.2 libsemanage: migrate SRC_URI to 2.2 libsepol: migrate SRC_URI to 2.2 policycoreutils: migrate SRC_URI and patches to 2.2.5 sepolgen: migrate SRC_URI to 1.2.1 libsemanage: add audit dependency policycoreutils: fix QA issues selinux packagegroups: update LIC_FILES_CHKSUM recipes-security/audit/audit_2.3.2.bb |8 - .../packagegroups/packagegroup-core-selinux.bb |2 +- .../packagegroups/packagegroup-selinux-minimal.bb |2 +- .../packagegroup-selinux-policycoreutils.bb|2 +- recipes-security/selinux/checkpolicy_2.1.12.bb |9 -- recipes-security/selinux/checkpolicy_2.2.bb|9 ++ recipes-security/selinux/checkpolicy_git.bb|2 +- .../libselinux-fix-init-load-policy.patch | 27 .../libselinux/libselinux-pcre-link-order.patch| 31 -- .../{libselinux_2.1.13.bb = libselinux_2.2.bb}|8 ++--- recipes-security/selinux/libselinux_git.bb | 10 -- recipes-security/selinux/libsemanage.inc |2 +- .../libsemanage/libsemanage-fix-path-nologin.patch |9 +++--- .../{libsemanage_2.1.10.bb = libsemanage_2.2.bb} |6 ++-- recipes-security/selinux/libsemanage_git.bb|3 +- recipes-security/selinux/libsepol.inc |5 ++- ...ibsepol-Change-ranlib-for-cross-compiling.patch | 31 -- recipes-security/selinux/libsepol_2.1.9.bb | 11 --- recipes-security/selinux/libsepol_2.2.bb |9 ++ recipes-security/selinux/libsepol_git.bb |4 +-- recipes-security/selinux/policycoreutils.inc | 12 --- ...policycoreutils-fix-sepolicy-install-path.patch | 18 +-- .../policycoreutils-fix-strict-prototypes.patch| 34 .../policycoreutils-make-O_CLOEXEC-optional.patch | 28 ...oreutils_2.1.14.bb = policycoreutils_2.2.5.bb} |9 +++--- recipes-security/selinux/policycoreutils_git.bb|8 +++-- recipes-security/selinux/selinux_20130423.inc | 12 --- recipes-security/selinux/selinux_20131030.inc | 12 +++ recipes-security/selinux/selinux_git.inc |4 +-- recipes-security/selinux/sepolgen_1.1.9.bb |9 -- recipes-security/selinux/sepolgen_1.2.1.bb |9 ++ recipes-security/selinux/sepolgen_git.bb |2 +- 32 files changed, 117 insertions(+), 230 deletions(-) delete mode 100644 recipes-security/selinux/checkpolicy_2.1.12.bb create mode 100644 recipes-security/selinux/checkpolicy_2.2.bb delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch rename recipes-security/selinux/{libselinux_2.1.13.bb = libselinux_2.2.bb} (58%) rename recipes-security/selinux/{libsemanage_2.1.10.bb = libsemanage_2.2.bb} (70%) delete mode 100644
[yocto] [meta-selinux][PATCH 04/10] libsemanage: migrate SRC_URI to 2.2
From: Wenzong Fan wenzong@windriver.com Updated patch: - libsemanage-fix-path-nologin.patch Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../libsemanage/libsemanage-fix-path-nologin.patch |9 + recipes-security/selinux/libsemanage_2.2.bb|6 +++--- recipes-security/selinux/libsemanage_git.bb|3 ++- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch index 7ce586b..5fc1e17 100644 --- a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch +++ b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch @@ -6,12 +6,13 @@ shadow package of oe-core and Debian has installed nologin into Upstream-Status: Inappropriate [configuration] Signed-off-by: Xin Ouyang xin.ouy...@windriver.com +Signed-off-by: Wenzong Fan wenzong@windriver.com --- src/genhomedircon.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/genhomedircon.c b/src/genhomedircon.c -index 262a6cd..a50e03d 100644 +index f3b9b5c..4f4865a 100644 --- a/src/genhomedircon.c +++ b/src/genhomedircon.c @@ -58,7 +58,7 @@ @@ -23,12 +24,12 @@ index 262a6cd..a50e03d 100644 /* comments written to context file */ #define COMMENT_FILE_CONTEXT_HEADER #\n#\n# \ -@@ -392,7 +392,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s) +@@ -393,7 +393,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s) /* NOTE: old genhomedircon printed a warning on match */ if (hand.matched) { -- WARN(s-h_semanage, %s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin., pwbuf-pw_name, pwbuf-pw_dir, minuid); -+ WARN(s-h_semanage, %s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /usr/sbin/nologin., pwbuf-pw_name, pwbuf-pw_dir, minuid); +- WARN(s-h_semanage, %s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /sbin/nologin., pwbuf-pw_name, pwbuf-pw_dir, minuid, maxuid); ++ WARN(s-h_semanage, %s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /usr/sbin/nologin., pwbuf-pw_name, pwbuf-pw_dir, minuid, maxuid); } else { if (semanage_list_push(homedir_list, path)) goto fail; diff --git a/recipes-security/selinux/libsemanage_2.2.bb b/recipes-security/selinux/libsemanage_2.2.bb index 900d608..4ee93c0 100644 --- a/recipes-security/selinux/libsemanage_2.2.bb +++ b/recipes-security/selinux/libsemanage_2.2.bb @@ -1,12 +1,12 @@ PR = r0 -include selinux_20130423.inc +include selinux_20131030.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 -SRC_URI[md5sum] = 44fc8a3387486378a21d8df7454b9d42 -SRC_URI[sha256sum] = de2e8077245581e94576276f54e80a53c23c28d6961d2dfbe2f004eaba452e91 +SRC_URI[md5sum] = 2a939538645de6023633bc2247a5e72e +SRC_URI[sha256sum] = 11f60bfa0f1c6063cd9bd99ce0cb4acc9d6d9e9b8d7743d39e847bcd7803bd75 SRC_URI += \ file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb index 6553c6b..c3799fd 100644 --- a/recipes-security/selinux/libsemanage_git.bb +++ b/recipes-security/selinux/libsemanage_git.bb @@ -1,5 +1,5 @@ PR = r0 -PV = 2.1.10+git${SRCPV} +PV = 2.2+git${SRCPV} include selinux_git.inc include ${BPN}.inc @@ -11,4 +11,5 @@ SRC_URI += \ file://libsemanage-fix-path-len-limit.patch \ file://libsemanage-fix-path-nologin.patch \ file://libsemanage-drop-Wno-unused-but-set-variable.patch \ + file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \ -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 01/10] selinux userspace: uprev packages to release 20131030
From: Wenzong Fan wenzong@windriver.com Upreved packages: - checkpolicy to 2.2 - libselinux to 2.2 - libsemanage to 2.2 - libsepol to 2.2 - policycoreutils to 2.2.5 - sepolgen to 1.2.1 Migrate patches in next commits. Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../{checkpolicy_2.1.12.bb = checkpolicy_2.2.bb} |0 .../{libselinux_2.1.13.bb = libselinux_2.2.bb}|0 .../{libsemanage_2.1.10.bb = libsemanage_2.2.bb} |0 .../selinux/{libsepol_2.1.9.bb = libsepol_2.2.bb} |0 ...oreutils_2.1.14.bb = policycoreutils_2.2.5.bb} |0 recipes-security/selinux/selinux_20130423.inc | 12 recipes-security/selinux/selinux_20131030.inc | 12 recipes-security/selinux/selinux_git.inc |4 +--- .../{sepolgen_1.1.9.bb = sepolgen_1.2.1.bb} |0 9 files changed, 13 insertions(+), 15 deletions(-) rename recipes-security/selinux/{checkpolicy_2.1.12.bb = checkpolicy_2.2.bb} (100%) rename recipes-security/selinux/{libselinux_2.1.13.bb = libselinux_2.2.bb} (100%) rename recipes-security/selinux/{libsemanage_2.1.10.bb = libsemanage_2.2.bb} (100%) rename recipes-security/selinux/{libsepol_2.1.9.bb = libsepol_2.2.bb} (100%) rename recipes-security/selinux/{policycoreutils_2.1.14.bb = policycoreutils_2.2.5.bb} (100%) delete mode 100644 recipes-security/selinux/selinux_20130423.inc create mode 100644 recipes-security/selinux/selinux_20131030.inc rename recipes-security/selinux/{sepolgen_1.1.9.bb = sepolgen_1.2.1.bb} (100%) diff --git a/recipes-security/selinux/checkpolicy_2.1.12.bb b/recipes-security/selinux/checkpolicy_2.2.bb similarity index 100% rename from recipes-security/selinux/checkpolicy_2.1.12.bb rename to recipes-security/selinux/checkpolicy_2.2.bb diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.2.bb similarity index 100% rename from recipes-security/selinux/libselinux_2.1.13.bb rename to recipes-security/selinux/libselinux_2.2.bb diff --git a/recipes-security/selinux/libsemanage_2.1.10.bb b/recipes-security/selinux/libsemanage_2.2.bb similarity index 100% rename from recipes-security/selinux/libsemanage_2.1.10.bb rename to recipes-security/selinux/libsemanage_2.2.bb diff --git a/recipes-security/selinux/libsepol_2.1.9.bb b/recipes-security/selinux/libsepol_2.2.bb similarity index 100% rename from recipes-security/selinux/libsepol_2.1.9.bb rename to recipes-security/selinux/libsepol_2.2.bb diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.2.5.bb similarity index 100% rename from recipes-security/selinux/policycoreutils_2.1.14.bb rename to recipes-security/selinux/policycoreutils_2.2.5.bb diff --git a/recipes-security/selinux/selinux_20130423.inc b/recipes-security/selinux/selinux_20130423.inc deleted file mode 100644 index d692a57..000 --- a/recipes-security/selinux/selinux_20130423.inc +++ /dev/null @@ -1,12 +0,0 @@ -SELINUX_RELEASE = 20130423 - -SRC_URI = http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz; - -PREFERRED_VERSION_checkpolicy = 2.1.12 -PREFERRED_VERSION_libselinux = 2.1.13 -PREFERRED_VERSION_libsemanage = 2.1.10 -PREFERRED_VERSION_libsepol = 2.1.9 -PREFERRED_VERSION_policycoreutils = 2.1.14 -PREFERRED_VERSION_sepolgen = 1.1.9 - -include selinux_common.inc diff --git a/recipes-security/selinux/selinux_20131030.inc b/recipes-security/selinux/selinux_20131030.inc new file mode 100644 index 000..807a37c --- /dev/null +++ b/recipes-security/selinux/selinux_20131030.inc @@ -0,0 +1,12 @@ +SELINUX_RELEASE = 20131030 + +SRC_URI = http://userspace.selinuxproject.org/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz; + +PREFERRED_VERSION_checkpolicy = 2.2 +PREFERRED_VERSION_libselinux = 2.2 +PREFERRED_VERSION_libsemanage = 2.2 +PREFERRED_VERSION_libsepol = 2.2 +PREFERRED_VERSION_policycoreutils = 2.2.5 +PREFERRED_VERSION_sepolgen = 1.2.1 + +include selinux_common.inc diff --git a/recipes-security/selinux/selinux_git.inc b/recipes-security/selinux/selinux_git.inc index 37ea8e8..bb64d0d 100644 --- a/recipes-security/selinux/selinux_git.inc +++ b/recipes-security/selinux/selinux_git.inc @@ -1,8 +1,6 @@ -SRCREV = 3f52a123af40bae33bde2a1f2ecfb2320b61f9ad +SRCREV = edc2e99687b050d5be21a78a66d038aa1fc068d9 SRC_URI = git://oss.tresys.com/git/selinux.git;protocol=http -SRC_URI[md5sum] = 4ec64a0d24aaa77c80b86e74d271e464 -SRC_URI[sha256sum] = 9c8a8643c9a4dd0eb76fcda1420d636b750b84b27656c6f8bc6886a829d7e520 S = ${WORKDIR}/git/${BPN} diff --git a/recipes-security/selinux/sepolgen_1.1.9.bb b/recipes-security/selinux/sepolgen_1.2.1.bb similarity index 100% rename from recipes-security/selinux/sepolgen_1.1.9.bb rename to recipes-security/selinux/sepolgen_1.2.1.bb -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 02/10] checkpolicy: migrate SRC_URI to 2.2
From: Wenzong Fan wenzong@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/selinux/checkpolicy_2.2.bb |6 +++--- recipes-security/selinux/checkpolicy_git.bb |2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-security/selinux/checkpolicy_2.2.bb b/recipes-security/selinux/checkpolicy_2.2.bb index 198de31..8388e0f 100644 --- a/recipes-security/selinux/checkpolicy_2.2.bb +++ b/recipes-security/selinux/checkpolicy_2.2.bb @@ -1,9 +1,9 @@ PR = r0 -include selinux_20130423.inc +include selinux_20131030.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://COPYING;md5=393a5ca445f6965873eca0259a17f833 -SRC_URI[md5sum] = b82c55a95855611b67ac99c7e8f48552 -SRC_URI[sha256sum] = e6a0ac539b74859b4262b317eb90d9914deb15e7aa509659f47724d50fe2ecc6 +SRC_URI[md5sum] = 9662eaa1163de67cf3d392b58d262552 +SRC_URI[sha256sum] = 9ff6698f4d4cb59c9c916e348187d533ada4107f90c253ef7304905934e9adf8 diff --git a/recipes-security/selinux/checkpolicy_git.bb b/recipes-security/selinux/checkpolicy_git.bb index bd59001..bf6250d 100644 --- a/recipes-security/selinux/checkpolicy_git.bb +++ b/recipes-security/selinux/checkpolicy_git.bb @@ -1,5 +1,5 @@ PR = r0 -PV = 2.1.12+git${SRCPV} +PV = 2.2+git${SRCPV} include selinux_git.inc include ${BPN}.inc -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 03/10] libselinux: migrate SRC_URI and patches to 2.2
From: Wenzong Fan wenzong@windriver.com These two patches are removed since they are merged by new version: - libselinux-fix-init-load-policy.patch - libselinux-pcre-link-order.patch Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../libselinux-fix-init-load-policy.patch | 27 - .../libselinux/libselinux-pcre-link-order.patch| 31 recipes-security/selinux/libselinux_2.2.bb |8 ++--- recipes-security/selinux/libselinux_git.bb | 10 +-- 4 files changed, 10 insertions(+), 66 deletions(-) delete mode 100644 recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch delete mode 100644 recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch diff --git a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch b/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch deleted file mode 100644 index 67e32d6..000 --- a/recipes-security/selinux/libselinux/libselinux-fix-init-load-policy.patch +++ /dev/null @@ -1,27 +0,0 @@ -From ac70ca3b336b52b01cdc38157d25bf7e85098ee1 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang xin.ouy...@windriver.com -Date: Thu, 12 Apr 2012 16:10:10 +0800 -Subject: [PATCH] libselinux: fix init load policy - -selinux_init_load_policy() would fail if we use the new mount point -for selinuxfs(/sys/fs/selinux) while sysfs(/sys) is still not -mounted. - src/load_policy.c |1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/src/load_policy.c b/src/load_policy.c -index f569664..60e7efd 100644 a/src/load_policy.c -+++ b/src/load_policy.c -@@ -370,6 +370,7 @@ int selinux_init_load_policy(int *enforce) -* mount it if present for use in the calls below. -*/ - const char *mntpoint = NULL; -+ rc = mount(sysfs, /sys, sysfs, 0, 0); - if (mount(SELINUXFS, SELINUXMNT, SELINUXFS, 0, 0) == 0 || errno == EBUSY) { - mntpoint = SELINUXMNT; - } else { --- -1.7.5.4 - diff --git a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch b/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch deleted file mode 100644 index f011f1a..000 --- a/recipes-security/selinux/libselinux/libselinux-pcre-link-order.patch +++ /dev/null @@ -1,31 +0,0 @@ -Subject: [PATCH] libselinux: Put -lpcre in LDADD for correct linking order - -Upstream-Status: pending - -Signed-off-by: Xin Ouyang xin.ouy...@windriver.com - src/Makefile |4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/Makefile b/src/Makefile -index c4f5d4c..8f5aec5 100644 a/src/Makefile -+++ b/src/Makefile -@@ -20,7 +20,7 @@ RUBYINC ?= $(shell pkg-config --cflags ruby) - RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) - LIBBASE=$(shell basename $(LIBDIR)) - --LDFLAGS ?= -lpcre -lpthread -+LDADD ?= -lpcre -lpthread - - VERSION = $(shell cat ../VERSION) - LIBVERSION = 1 -@@ -116,7 +116,7 @@ $(LIBA): $(OBJS) - $(RANLIB) $@ - - $(LIBSO): $(LOBJS) -- $(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro -+ $(CC) $(CFLAGS) -shared -o $@ $^ -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro $(LDADD) - ln -sf $@ $(TARGET) - - $(LIBPC): $(LIBPC).in ../VERSION diff --git a/recipes-security/selinux/libselinux_2.2.bb b/recipes-security/selinux/libselinux_2.2.bb index caed650..23bb9cb 100644 --- a/recipes-security/selinux/libselinux_2.2.bb +++ b/recipes-security/selinux/libselinux_2.2.bb @@ -1,16 +1,14 @@ PR = r0 -include selinux_20130423.inc +include selinux_20131030.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0 -SRC_URI[md5sum] = 32bf7b5182977a8a9248a1eeefe49a22 -SRC_URI[sha256sum] = 57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a +SRC_URI[md5sum] = d82beab880749a017f2737e6687fec30 +SRC_URI[sha256sum] = e9dc64216543a7283d786f623ac28e8867f8794138e7deba474a3aa8d02dce33 SRC_URI += \ -file://libselinux-fix-init-load-policy.patch \ -file://libselinux-pcre-link-order.patch \ file://libselinux-drop-Wno-unused-but-set-variable.patch \ file://libselinux-make-O_CLOEXEC-optional.patch \ file://libselinux-make-SOCK_CLOEXEC-optional.patch \ diff --git a/recipes-security/selinux/libselinux_git.bb b/recipes-security/selinux/libselinux_git.bb index 6f93fd4..fb4fef2 100644 --- a/recipes-security/selinux/libselinux_git.bb +++ b/recipes-security/selinux/libselinux_git.bb @@ -1,10 +1,14 @@ PR = r0 -PV = 2.1.13+git${SRCPV} +PV = 2.2+git${SRCPV} include selinux_git.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0 -SRC_URI += file://libselinux-fix-init-load-policy.patch \ - file://libselinux-pcre-link-order.patch +SRC_URI += \ + file://libselinux-drop-Wno-unused-but-set-variable.patch \
[yocto] [meta-selinux][PATCH 07/10] sepolgen: migrate SRC_URI to 1.2.1
From: Wenzong Fan wenzong@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/selinux/sepolgen_1.2.1.bb |6 +++--- recipes-security/selinux/sepolgen_git.bb |2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb b/recipes-security/selinux/sepolgen_1.2.1.bb index a132727..eb1065a 100644 --- a/recipes-security/selinux/sepolgen_1.2.1.bb +++ b/recipes-security/selinux/sepolgen_1.2.1.bb @@ -1,9 +1,9 @@ PR = r0 -include selinux_20130423.inc +include selinux_20131030.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://COPYING;md5=393a5ca445f6965873eca0259a17f833 -SRC_URI[md5sum] = 505a8b70eb110b770119e6560d183216 -SRC_URI[sha256sum] = 8a1c6d3a78c9b6ad3555c74def555f65a62950bf21c111c585bfc382fec3a645 +SRC_URI[md5sum] = ce662a83188bc3a9b40c15792fcaf2c8 +SRC_URI[sha256sum] = 438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0 diff --git a/recipes-security/selinux/sepolgen_git.bb b/recipes-security/selinux/sepolgen_git.bb index 710019d..95c3491 100644 --- a/recipes-security/selinux/sepolgen_git.bb +++ b/recipes-security/selinux/sepolgen_git.bb @@ -1,5 +1,5 @@ PR = r0 -PV = 1.1.9+git${SRCPV} +PV = 1.2.1+git${SRCPV} include selinux_git.inc include ${BPN}.inc -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 06/10] policycoreutils: migrate SRC_URI and patches to 2.2.5
From: Wenzong Fan wenzong@windriver.com This patch is removed since it is merged by new version: - policycoreutils-fix-strict-prototypes.patch These two patches are updated: - policycoreutils-fix-sepolicy-install-path.patch - policycoreutils-make-O_CLOEXEC-optional.patch Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/selinux/policycoreutils.inc |2 +- ...policycoreutils-fix-sepolicy-install-path.patch | 18 +-- .../policycoreutils-fix-strict-prototypes.patch| 34 .../policycoreutils-make-O_CLOEXEC-optional.patch | 28 recipes-security/selinux/policycoreutils_2.2.5.bb |9 +++--- recipes-security/selinux/policycoreutils_git.bb|8 +++-- 6 files changed, 32 insertions(+), 67 deletions(-) delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index a474cb0..430b03f 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -1,4 +1,4 @@ -PRINC = 3 +PRINC = 1 SUMMARY = SELinux policy core utilities DESCRIPTION = policycoreutils contains the policy core utilities that are required \ diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch index aaf2e66..617908a 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch +++ b/recipes-security/selinux/policycoreutils/policycoreutils-fix-sepolicy-install-path.patch @@ -1,35 +1,33 @@ -From 086f715e2a0dd05c07f0428f424017cc96acc387 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang xin.ouy...@windriver.com -Date: Thu, 22 Aug 2013 16:40:26 +0800 Subject: [PATCH] policycoreutils: fix install path for new pymodule sepolicy Signed-off-by: Xin Ouyang xin.ouy...@windriver.com +Signed-off-by: Wenzong Fan wenzong@windriver.com --- sepolicy/Makefile |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sepolicy/Makefile b/sepolicy/Makefile -index 11b534f..9e46b74 100644 +index 2b8716c..70f4bdd 100644 --- a/sepolicy/Makefile +++ b/sepolicy/Makefile -@@ -11,6 +11,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/ +@@ -12,6 +12,8 @@ BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions SHAREDIR ?= $(PREFIX)/share/sandbox - override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE=policycoreutils -Wall -Werror -Wextra -W -DSHARED -shared + override CFLAGS = -I$(PREFIX)/include -DPACKAGE=policycoreutils -Wall -Werror -Wextra -W -DSHARED -shared +PYLIBVER ?= $(shell python -c 'import sys;print python%d.%d % sys.version_info[0:2]') + - BASHCOMPLETIONS=sepolicy-bash-completion.sh + BASHCOMPLETIONS=sepolicy-bash-completion.sh all: python-build -@@ -23,7 +25,7 @@ clean: - -rm -rf build *~ \#* *pyc .#* +@@ -30,7 +32,7 @@ test: + @python test_sepolicy.py -v install: - $(PYTHON) setup.py install `test -n $(DESTDIR) echo --root $(DESTDIR)` + $(PYTHON) setup.py install --install-lib $(LIBDIR)/$(PYLIBVER)/site-packages [ -d $(BINDIR) ] || mkdir -p $(BINDIR) install -m 755 sepolicy.py $(BINDIR)/sepolicy - -mkdir -p $(MANDIR)/man8 + (cd $(BINDIR); ln -sf sepolicy sepolgen) -- 1.7.9.5 diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch deleted file mode 100644 index 9bb353a..000 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fix-strict-prototypes.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 5944e9908fc12d69d19a1d24128cbc6d1a423c3d Mon Sep 17 00:00:00 2001 -From: Xin Ouyang xin.ouy...@windriver.com -Date: Tue, 18 Jun 2013 12:29:00 +0800 -Subject: [PATCH] policycoreutils: fix build strict-prototypes failure - -| policy.c:90:6: error: function declaration isn't a prototype -[-Werror=strict-prototypes] -| cc1: all warnings being treated as errors -| error: command 'i586-poky-linux-gcc' failed with exit status 1 -| make[1]: *** [python-build] Error 1 - -Upstream-Status: pending - -Signed-off-by: Xin Ouyang xin.ouy...@windriver.com - sepolicy/policy.c |2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sepolicy/policy.c b/sepolicy/policy.c -index 4eca22d..e454e75 100644 a/sepolicy/policy.c -+++ b/sepolicy/policy.c -@@ -87,7 +87,7 @@ static PyMethodDef methods[] = { - {NULL, NULL, 0, NULL} /* sentinel */ - }; - --void init_policy() { -+void init_policy(void) { - PyObject *m; - m = Py_InitModule(_policy, methods); - init_info(m); --- -1.7.9.5 - diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
[yocto] [meta-selinux][PATCH 05/10] libsepol: migrate SRC_URI to 2.2
From: Wenzong Fan wenzong@windriver.com Removed patch and ported changes to 2.2 bbfile: - libsepol-Change-ranlib-for-cross-compiling.patch Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/selinux/libsepol.inc |5 +++- ...ibsepol-Change-ranlib-for-cross-compiling.patch | 31 recipes-security/selinux/libsepol_2.2.bb |8 ++--- recipes-security/selinux/libsepol_git.bb |4 +-- 4 files changed, 8 insertions(+), 40 deletions(-) delete mode 100644 recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch diff --git a/recipes-security/selinux/libsepol.inc b/recipes-security/selinux/libsepol.inc index 8f0dc33..b7509e2 100644 --- a/recipes-security/selinux/libsepol.inc +++ b/recipes-security/selinux/libsepol.inc @@ -10,5 +10,8 @@ LICENSE = LGPLv2+ inherit lib_package -BBCLASSEXTEND = native +# Change RANLIB for cross compiling, use host-tools $(AR) rather than +# local ranlib. +EXTRA_OEMAKE += RANLIB='$(AR) s' +BBCLASSEXTEND = native diff --git a/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch b/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch deleted file mode 100644 index f2fc313..000 --- a/recipes-security/selinux/libsepol/libsepol-Change-ranlib-for-cross-compiling.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2ee1e9651ec4aa78daf15dfef74e0b6aaeb8db1e Mon Sep 17 00:00:00 2001 -From: Xin Ouyang xin.ouy...@windriver.com -Date: Tue, 21 Feb 2012 14:47:45 +0800 -Subject: [PATCH] libsepol: Change ranlib for cross compiling. - -Use target host-tools to encapsulate any difference between local tools -on different machines. For example, on local PC, libsepol.a's index could -be added successfully by local ranlib, however, it will fail on some sever, -so we'd better use host-tools $(AR) rather than any local ranlib. - -Signed-off-by: Harry Ciaoqingtao@windriver.com - src/Makefile |2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/src/Makefile b/src/Makefile -index cd8e767..beea232 100644 a/src/Makefile -+++ b/src/Makefile -@@ -21,7 +21,7 @@ all: $(LIBA) $(LIBSO) $(LIBPC) - - $(LIBA): $(OBJS) - $(AR) rcs $@ $^ -- ranlib $@ -+ $(AR) s $@ - - $(LIBSO): $(LOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -Wl,-soname,$(LIBSO),--version-script=libsepol.map,-z,defs --- -1.7.5.4 - diff --git a/recipes-security/selinux/libsepol_2.2.bb b/recipes-security/selinux/libsepol_2.2.bb index efedb63..b4d717c 100644 --- a/recipes-security/selinux/libsepol_2.2.bb +++ b/recipes-security/selinux/libsepol_2.2.bb @@ -1,11 +1,9 @@ PR = r0 -include selinux_20130423.inc +include selinux_20131030.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 -SRC_URI[md5sum] = 980964224683fa29d4ed65beb94b56ee -SRC_URI[sha256sum] = 290d17f583635a4a5d8a2141511272adf0571c4205cdea38b5a68df20d58a70b - -SRC_URI += file://libsepol-Change-ranlib-for-cross-compiling.patch +SRC_URI[md5sum] = 41cbe38ea809b5752f520bdeac4d2cf8 +SRC_URI[sha256sum] = 77a4b27006295805bdbd7f240038cb32a49be1d60847d413899501702933fc0f diff --git a/recipes-security/selinux/libsepol_git.bb b/recipes-security/selinux/libsepol_git.bb index 1fa83a4..bc2bd8f 100644 --- a/recipes-security/selinux/libsepol_git.bb +++ b/recipes-security/selinux/libsepol_git.bb @@ -1,9 +1,7 @@ PR = r0 -PV = 2.1.9+git${SRCPV} +PV = 2.2+git${SRCPV} include selinux_git.inc include ${BPN}.inc LIC_FILES_CHKSUM = file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 - -SRC_URI += file://libsepol-Change-ranlib-for-cross-compiling.patch -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 08/10] libsemanage: add audit dependency
From: Wenzong Fan wenzong@windriver.com Building libsemanage 2.2 need the header libaudit.h. Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/audit/audit_2.3.2.bb|8 +++- recipes-security/selinux/libsemanage.inc |2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/recipes-security/audit/audit_2.3.2.bb b/recipes-security/audit/audit_2.3.2.bb index bd7b4eb..b546297 100644 --- a/recipes-security/audit/audit_2.3.2.bb +++ b/recipes-security/audit/audit_2.3.2.bb @@ -26,6 +26,7 @@ SRC_URI[md5sum] = 4e8d065b5cc16b77b9b61e93a9ed160e SRC_URI[sha256sum] = 8872e0b5392888789061db8034164305ef0e1b34543e1e7004d275f039081d29 DEPENDS += python tcp-wrappers libcap-ng linux-libc-headers (= 2.6.30) +DEPENDS_class-native = EXTRA_OECONF += --without-prelude \ --with-libwrap \ @@ -37,6 +38,9 @@ EXTRA_OECONF += --without-prelude \ --sbindir=${base_sbindir} \ +# Remove extra configs for native build +EXTRA_OECONF_class-native = --with-python=no + EXTRA_OEMAKE += PYLIBVER='python${PYTHON_BASEVERSION}' \ PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ @@ -62,7 +66,7 @@ FILES_${PN}-dbg += ${libdir}/python${PYTHON_BASEVERSION}/*/.debug FILES_${PN}-python = ${libdir}/python${PYTHON_BASEVERSION} FILES_${PN}-dev += ${base_libdir}/*.so ${base_libdir}/*.la -do_install_append() { +do_install_append_class-target() { rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la @@ -75,3 +79,5 @@ do_install_append() { install -D -m 0755 ${S}/../auditd ${D}/etc/init.d/auditd rm -rf ${D}/etc/rc.d } + +BBCLASSEXTEND = native diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc index dfc3006..a978c75 100644 --- a/recipes-security/selinux/libsemanage.inc +++ b/recipes-security/selinux/libsemanage.inc @@ -10,7 +10,7 @@ LICENSE = LGPLv2.1+ inherit lib_package -DEPENDS += libsepol libselinux ustr bzip2 python bison-native flex-native +DEPENDS += libsepol libselinux ustr bzip2 python audit bison-native flex-native PACKAGES += ${PN}-python FILES_${PN}-python = ${libdir}/python${PYTHON_BASEVERSION}/site-packages/* -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 09/10] policycoreutils: fix QA issues
From: Wenzong Fan wenzong@windriver.com ERROR: QA Issue: policycoreutils: Files/directories were installed \ but not shipped /usr/share/icons/hicolor/24x24/apps/system-config-selinux.png /usr/share/bash-completion/completions/setsebool /usr/share/bash-completion/completions/sepolicy /usr/share/bash-completion/completions/semanage /usr/share/dbus-1/system-services/org.selinux.service /usr/share/polkit-1/actions/org.selinux.config.policy /usr/share/polkit-1/actions/org.selinux.policy Signed-off-by: Wenzong Fan wenzong@windriver.com --- recipes-security/selinux/policycoreutils.inc | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 430b03f..56470e9 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -176,7 +176,7 @@ FILES_${PN}-sandbox += \ FILES_${PN}-secon += ${bindir}/secon FILES_${PN}-semanage = \ ${sbindir}/semanage \ - ${sysconfdir}/bash_completion.d/semanage-bash-completion.sh \ + ${datadir}/bash-completion/completions/semanage \ FILES_${PN}-semodule += ${sbindir}/semodule FILES_${PN}-semodule-deps += ${bindir}/semodule_deps @@ -188,7 +188,9 @@ FILES_${PN}-semodule-package += \ FILES_${PN}-sepolicy += \ ${bindir}/sepolicy \ - ${sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh \ + ${datadir}/bash-completion/completions/sepolicy \ + ${datadir}/dbus-1/system-services/org.selinux.service \ + ${datadir}/polkit-1/actions/org.selinux.policy \ FILES_${PN}-sepolgen-ifgen += \ ${bindir}/sepolgen-ifgen \ @@ -204,11 +206,13 @@ FILES_${PN}-setfiles += \ FILES_${PN}-setsebool += \ ${sbindir}/setsebool \ - ${sysconfdir}/bash_completion.d/setsebool-bash-completion.sh \ + ${datadir}/bash-completion/completions/setsebool \ FILES_system-config-selinux = \ ${bindir}/sepolgen \ ${datadir}/system-config-selinux/* \ +${datadir}/icons/hicolor/24x24/apps/system-config-selinux.png \ +${datadir}/polkit-1/actions/org.selinux.config.policy \ export STAGING_INCDIR -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 10/10] selinux packagegroups: update LIC_FILES_CHKSUM
From: Wenzong Fan wenzong@windriver.com Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../packagegroups/packagegroup-core-selinux.bb |2 +- .../packagegroups/packagegroup-selinux-minimal.bb |2 +- .../packagegroup-selinux-policycoreutils.bb|2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb index 76863b0..1852aba 100644 --- a/recipes-security/packagegroups/packagegroup-core-selinux.bb +++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb @@ -1,6 +1,6 @@ DESCRIPTION = SELinux packagegroup for Poky LICENSE = MIT -LIC_FILES_CHKSUM = file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \ +LIC_FILES_CHKSUM = file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 PR = r0 diff --git a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb index bae15ea..2ff16f8 100644 --- a/recipes-security/packagegroups/packagegroup-selinux-minimal.bb +++ b/recipes-security/packagegroups/packagegroup-selinux-minimal.bb @@ -1,6 +1,6 @@ DESCRIPTION = SELinux packagegroup with only packages required for basic operations LICENSE = MIT -LIC_FILES_CHKSUM = file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \ +LIC_FILES_CHKSUM = file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 PR = r0 diff --git a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb index bb221eb..7f56d7c 100644 --- a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb +++ b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb @@ -1,6 +1,6 @@ DESCRIPTION = SELinux policycoreutils packagegroup LICENSE = MIT -LIC_FILES_CHKSUM = file://${COREBASE}/LICENSE;md5=3f40d7994397109285ec7b81fdeb3b58 \ +LIC_FILES_CHKSUM = file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \ PR = r0 -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 1/1] refpolicy: fix real path for udevd
From: Wenzong Fan wenzong@windriver.com In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes the init issues like: udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted udevd[89]: setfilecon /dev/fb0 failed: Operation not permitted Signed-off-by: Wenzong Fan wenzong@windriver.com --- .../refpolicy-2.20130424/poky-fc-udevd.patch | 27 .../refpolicy/refpolicy_2.20130424.inc |1 + 2 files changed, 28 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch diff --git a/recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch b/recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch new file mode 100644 index 000..d6540a9 --- /dev/null +++ b/recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch @@ -0,0 +1,27 @@ +From 86fd93b15b97042bcf5ff1b2d1228e7d64b8cfd1 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan wenzong@windriver.com +Date: Tue, 7 Jan 2014 22:22:00 -0500 +Subject: [PATCH] refpolicy: fix real path for udevd + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Wenzong Fan wenzong@windriver.com +--- + policy/modules/system/udev.fc |1 + + 1 file changed, 1 insertion(+) + +diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc +index 40928d8..36d471d 100644 +--- a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc +@@ -10,6 +10,7 @@ + /etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0) + + /lib/udev/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0) ++/lib/udev/udevd-- gen_context(system_u:object_r:udev_exec_t,s0) + + ifdef(`distro_debian',` + /lib/udev/create_static_nodes -- gen_context(system_u:object_r:udev_exec_t,s0) +-- +1.7.9.5 + diff --git a/recipes-security/refpolicy/refpolicy_2.20130424.inc b/recipes-security/refpolicy/refpolicy_2.20130424.inc index 6871813..cfeeaed 100644 --- a/recipes-security/refpolicy/refpolicy_2.20130424.inc +++ b/recipes-security/refpolicy/refpolicy_2.20130424.inc @@ -27,6 +27,7 @@ SRC_URI += file://poky-fc-subs_dist.patch \ file://poky-fc-ssh.patch \ file://poky-fc-su.patch \ file://poky-fc-sysnetwork.patch \ +file://poky-fc-udevd.patch \ # Specific policy for Poky -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 0/1] refpolicy: fix real path for udevd
From: Wenzong Fan wenzong@windriver.com In Yocto the real path for udevd is /lib/udev/udevd, this patch fixes the init issues like: udevd[87]: setfilecon /dev/vcsa2 failed: Operation not permitted udevd[89]: setfilecon /dev/fb0 failed: Operation not permitted The following changes since commit 2209cb5fc21c1ad5a7471897528ed64170f70219: policy: Create compressed_policy distro feature (2013-12-05 09:03:41 -0500) are available in the git repository at: git://git.pokylinux.org/poky-contrib wenzong/fix-udevd-path http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=wenzong/fix-udevd-path Wenzong Fan (1): refpolicy: fix real path for udevd .../refpolicy-2.20130424/poky-fc-udevd.patch | 27 .../refpolicy/refpolicy_2.20130424.inc |1 + 2 files changed, 28 insertions(+) create mode 100644 recipes-security/refpolicy/refpolicy-2.20130424/poky-fc-udevd.patch -- 1.7.9.5 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] hob build failed with an error Nothing RPROVIDES libgstinterfaces-0.10
Hi , I am trying to build images with hob command for the Intel Baytrail taget (core-image-sato). I am able to build the image without editing the recipes and packages. But when I Include the packages for further customizing the Image, build always fail with an error message Hob found an error: Required build target 'hob-image-20140108-135930' has no buildable providers. Missing or unbuildable dependency chain was ['hob- image-20140108-135930', 'libgstinterfaces-0.10'] Any clues what could cause the problem. Thanks Regards Khaja ::DISCLAIMER:: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto