Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
在 2018年05月15日 00:09, Joe MacDonald 写道: [Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core] On 18.05.14 (Mon 10:05) Mark Hatle wrote: On 5/11/18 1:19 PM, Rudolf J Streif wrote: Thank you, Mark. Much appreciated and understood. Would you be open to tagging the layer for rocko to the right commit and applying the patches sent to the mailing list by Armin and Kai to master so that we have known points to move forward? I'm going to try to sync with Joe later today. I'll make sure that we branch rocko.. If Joe can't get to the sumo work this week, I'll do my best to get it done. Yeah, just keep everyone in the loop on this, Mark and I will coordinate, I anticipate having the current meta-selinux queue cleaned up this week. I followed up last week to Armin indicating that I was working on this, but as I'm sure anyone building meta-selinux right now already knows, things are not happy there and corrective measures are kind of involved. As for longer-term maintenance, meta-selinux and SELinux in general is of particular interest to me personally, but much like Mark, I haven't has as much time for the layer as it deserves lately, so if anyone wants to volunteer to help out with it, by all means, let us know. Hi Joe, Mark and Philip I'm interested in this and want to volunteer to help the meta-selinux maintenance. I have enough time to review and test the patches. There are some pending patches from Wenzong which can not be merged into master. Currently I'm working on them and will re-send them. Thanks, Yi Thanks, -J. --Mark Thank you, Rudi On 05/11/2018 10:45 AM, Mark Hatle wrote: On 5/11/18 12:28 PM, Rudolf J Streif wrote: Echoing this: may I ask what the current maintenance status of meta-selinux is. It appears that no updates have been made for more than 9 months. This is of course not to blame anybody but out of concern that the layer is falling behind even more and to find a solution. The answer is the current set of people are horribly overworked and busy, so day-to-day updates have been 'sparse'. Usually we update meta-selinux about the time of a release, and thus are due. The last update of meta-selinux was about the time of the Rocko release, so what is in master is definitely current as of Rocko. (I did the last set of updates -- so I know it did work as of Rocko release.) The master needs to be branched as Rocko... master needs to be updated to be Sumo compatible. My assumption is that once Sumo is formally released (any minute now), we'll collection all of the patches and get them into place and spend some time cleaning them up... It looks like Joe is already working through this effort. (Only speaking for myself,) I don't have time to do day-to-day maintenance of meta-selinux any longer -- nor do I have the indepth knowledge to understand when not to do something. I filled this role purely out of necessity since nobody else was doing it. So with that said, if anyone wants to help, we're all open for help here... I doubt there would be any objection to adding or replacing existing maintainers and/or giving more people push access. In addition to Armin's patches there are two patches submitted by Kai Kang at Windriver: * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html Curiously enough, the second patch has been applied to master but not the first one. There is also an issue with building SELinux with systemd. The layer enables auditing: meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit," meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)} Apparently the --enable-audit switch is passed to meson when running the configure task, which meson does not appreciate. I am not that familiar with the audit feature nor with meson, so I currently have no idea on how to fix this the right way. audit feature is useful outside of selinux, so my understand was that audit itself was moving into core during the sumo time frame (if it hadn't already been oved.) I don't know anything about meson, so I can't speak to that... Further, refpolicy_git does not build anymore as the YP specific patches do not apply anymore since upstream changed. The refpolicy is and has always been crap. I've been talking to a few people on IRC about working to replace the refpolicy with a policy that can be generated dynamically based on the contents of the recipes. I don't know if that is really going to happen, but I hate the way it's currently implemented. One of the key issues about the refpolicy is that you need to be an expert at this (which I never claimed to be) in order to make any reasonable decision -- add to that any specific policy needs to userstand overall system design, and I wouldn't
Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
Thank you, Mark. Much appreciated and understood. Would you be open to tagging the layer for rocko to the right commit and applying the patches sent to the mailing list by Armin and Kai to master so that we have known points to move forward? Thank you, Rudi On 05/11/2018 10:45 AM, Mark Hatle wrote: > On 5/11/18 12:28 PM, Rudolf J Streif wrote: >> Echoing this: may I ask what the current maintenance status of >> meta-selinux is. It appears that no updates have been made for more than >> 9 months. This is of course not to blame anybody but out of concern that >> the layer is falling behind even more and to find a solution. > The answer is the current set of people are horribly overworked and busy, so > day-to-day updates have been 'sparse'. > > Usually we update meta-selinux about the time of a release, and thus are due. > > The last update of meta-selinux was about the time of the Rocko release, so > what > is in master is definitely current as of Rocko. (I did the last set of > updates > -- so I know it did work as of Rocko release.) The master needs to be > branched > as Rocko... master needs to be updated to be Sumo compatible. > > My assumption is that once Sumo is formally released (any minute now), we'll > collection all of the patches and get them into place and spend some time > cleaning them up... > > It looks like Joe is already working through this effort. > > (Only speaking for myself,) I don't have time to do day-to-day maintenance of > meta-selinux any longer -- nor do I have the indepth knowledge to understand > when not to do something. I filled this role purely out of necessity since > nobody else was doing it. > > So with that said, if anyone wants to help, we're all open for help here... I > doubt there would be any objection to adding or replacing existing maintainers > and/or giving more people push access. > >> In addition to Armin's patches there are two patches submitted by Kai >> Kang at Windriver: >> >> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html >> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html >> >> Curiously enough, the second patch has been applied to master but not >> the first one. >> >> >> There is also an issue with building SELinux with systemd. The layer >> enables auditing: >> >> meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] = >> "--enable-audit,--disable-audit,audit," >> meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit >> ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)} >> >> Apparently the --enable-audit switch is passed to meson when running the >> configure task, which meson does not appreciate. I am not that familiar >> with the audit feature nor with meson, so I currently have no idea on >> how to fix this the right way. > audit feature is useful outside of selinux, so my understand was that audit > itself was moving into core during the sumo time frame (if it hadn't already > been oved.) > > I don't know anything about meson, so I can't speak to that... > >> Further, refpolicy_git does not build anymore as the YP specific patches >> do not apply anymore since upstream changed. > The refpolicy is and has always been crap. I've been talking to a few people > on > IRC about working to replace the refpolicy with a policy that can be generated > dynamically based on the contents of the recipes. I don't know if that is > really going to happen, but I hate the way it's currently implemented. > > One of the key issues about the refpolicy is that you need to be an expert at > this (which I never claimed to be) in order to make any reasonable decision -- > add to that any specific policy needs to userstand overall system design, and > I > wouldn't trust any of the refpolicy items as they stand in meta-selinux. > > --Mark > >> Thanks, >> Rudi >> >> >> >> On 05/07/2018 10:20 AM, akuster808 wrote: >>> On 04/14/2018 07:08 PM, Armin Kuster wrote: Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'restorecond', 'libselinux', 'python-importlib'] Signed-off-by: Armin Kuster>>> ping --- recipes-security/selinux/libselinux.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux.inc index bd5ce8d..51d0875 100644 --- a/recipes-security/selinux/libselinux.inc +++ b/recipes-security/selinux/libselinux.inc @@ -8,7 +8,7 @@ LICENSE = "PD" inherit lib_package pythonnative DEPENDS += "libsepol python libpcre swig-native" -RDEPENDS_${PN}-python += "python-importlib" +RDEPENDS_${PN}-python += "python-core" PACKAGES += "${PN}-python" FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" >> >> -- Rudolf J Streif signature.asc Description: OpenPGP digital signature --
Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
On 5/11/18 12:28 PM, Rudolf J Streif wrote: > Echoing this: may I ask what the current maintenance status of > meta-selinux is. It appears that no updates have been made for more than > 9 months. This is of course not to blame anybody but out of concern that > the layer is falling behind even more and to find a solution. The answer is the current set of people are horribly overworked and busy, so day-to-day updates have been 'sparse'. Usually we update meta-selinux about the time of a release, and thus are due. The last update of meta-selinux was about the time of the Rocko release, so what is in master is definitely current as of Rocko. (I did the last set of updates -- so I know it did work as of Rocko release.) The master needs to be branched as Rocko... master needs to be updated to be Sumo compatible. My assumption is that once Sumo is formally released (any minute now), we'll collection all of the patches and get them into place and spend some time cleaning them up... It looks like Joe is already working through this effort. (Only speaking for myself,) I don't have time to do day-to-day maintenance of meta-selinux any longer -- nor do I have the indepth knowledge to understand when not to do something. I filled this role purely out of necessity since nobody else was doing it. So with that said, if anyone wants to help, we're all open for help here... I doubt there would be any objection to adding or replacing existing maintainers and/or giving more people push access. > In addition to Armin's patches there are two patches submitted by Kai > Kang at Windriver: > > * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html > * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html > > Curiously enough, the second patch has been applied to master but not > the first one. > > > There is also an issue with building SELinux with systemd. The layer > enables auditing: > > meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] = > "--enable-audit,--disable-audit,audit," > meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit > ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)} > > Apparently the --enable-audit switch is passed to meson when running the > configure task, which meson does not appreciate. I am not that familiar > with the audit feature nor with meson, so I currently have no idea on > how to fix this the right way. audit feature is useful outside of selinux, so my understand was that audit itself was moving into core during the sumo time frame (if it hadn't already been oved.) I don't know anything about meson, so I can't speak to that... > > Further, refpolicy_git does not build anymore as the YP specific patches > do not apply anymore since upstream changed. The refpolicy is and has always been crap. I've been talking to a few people on IRC about working to replace the refpolicy with a policy that can be generated dynamically based on the contents of the recipes. I don't know if that is really going to happen, but I hate the way it's currently implemented. One of the key issues about the refpolicy is that you need to be an expert at this (which I never claimed to be) in order to make any reasonable decision -- add to that any specific policy needs to userstand overall system design, and I wouldn't trust any of the refpolicy items as they stand in meta-selinux. --Mark > Thanks, > Rudi > > > > On 05/07/2018 10:20 AM, akuster808 wrote: >> >> On 04/14/2018 07:08 PM, Armin Kuster wrote: >>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', >>> 'restorecond', 'libselinux', 'python-importlib'] >>> >>> Signed-off-by: Armin Kuster>> ping >>> --- >>> recipes-security/selinux/libselinux.inc | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/recipes-security/selinux/libselinux.inc >>> b/recipes-security/selinux/libselinux.inc >>> index bd5ce8d..51d0875 100644 >>> --- a/recipes-security/selinux/libselinux.inc >>> +++ b/recipes-security/selinux/libselinux.inc >>> @@ -8,7 +8,7 @@ LICENSE = "PD" >>> inherit lib_package pythonnative >>> >>> DEPENDS += "libsepol python libpcre swig-native" >>> -RDEPENDS_${PN}-python += "python-importlib" >>> +RDEPENDS_${PN}-python += "python-core" >>> >>> PACKAGES += "${PN}-python" >>> FILES_${PN}-python = >>> "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" > > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
Echoing this: may I ask what the current maintenance status of meta-selinux is. It appears that no updates have been made for more than 9 months. This is of course not to blame anybody but out of concern that the layer is falling behind even more and to find a solution. In addition to Armin's patches there are two patches submitted by Kai Kang at Windriver: * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html Curiously enough, the second patch has been applied to master but not the first one. There is also an issue with building SELinux with systemd. The layer enables auditing: meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit," meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)} Apparently the --enable-audit switch is passed to meson when running the configure task, which meson does not appreciate. I am not that familiar with the audit feature nor with meson, so I currently have no idea on how to fix this the right way. Further, refpolicy_git does not build anymore as the YP specific patches do not apply anymore since upstream changed. Thanks, Rudi On 05/07/2018 10:20 AM, akuster808 wrote: > > On 04/14/2018 07:08 PM, Armin Kuster wrote: >> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', >> 'restorecond', 'libselinux', 'python-importlib'] >> >> Signed-off-by: Armin Kuster> ping >> --- >> recipes-security/selinux/libselinux.inc | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/recipes-security/selinux/libselinux.inc >> b/recipes-security/selinux/libselinux.inc >> index bd5ce8d..51d0875 100644 >> --- a/recipes-security/selinux/libselinux.inc >> +++ b/recipes-security/selinux/libselinux.inc >> @@ -8,7 +8,7 @@ LICENSE = "PD" >> inherit lib_package pythonnative >> >> DEPENDS += "libsepol python libpcre swig-native" >> -RDEPENDS_${PN}-python += "python-importlib" >> +RDEPENDS_${PN}-python += "python-core" >> >> PACKAGES += "${PN}-python" >> FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" -- Rudolf J Streif signature.asc Description: OpenPGP digital signature -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
[Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core] On 18.05.07 (Mon 10:20) akuster808 wrote: > > > On 04/14/2018 07:08 PM, Armin Kuster wrote: > > Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > > 'restorecond', 'libselinux', 'python-importlib'] > > > > Signed-off-by: Armin Kuster <akus...@mvista.com> > ping Hey all, I'm working through selinux issues now. -J. > > --- > > recipes-security/selinux/libselinux.inc | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/recipes-security/selinux/libselinux.inc > > b/recipes-security/selinux/libselinux.inc > > index bd5ce8d..51d0875 100644 > > --- a/recipes-security/selinux/libselinux.inc > > +++ b/recipes-security/selinux/libselinux.inc > > @@ -8,7 +8,7 @@ LICENSE = "PD" > > inherit lib_package pythonnative > > > > DEPENDS += "libsepol python libpcre swig-native" > > -RDEPENDS_${PN}-python += "python-importlib" > > +RDEPENDS_${PN}-python += "python-core" > > > > PACKAGES += "${PN}-python" > > FILES_${PN}-python = > > "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" > -- -Joe MacDonald. :wq signature.asc Description: PGP signature -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
On 04/14/2018 07:08 PM, Armin Kuster wrote: > Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > 'restorecond', 'libselinux', 'python-importlib'] > > Signed-off-by: Armin Kusterping > --- > recipes-security/selinux/libselinux.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/recipes-security/selinux/libselinux.inc > b/recipes-security/selinux/libselinux.inc > index bd5ce8d..51d0875 100644 > --- a/recipes-security/selinux/libselinux.inc > +++ b/recipes-security/selinux/libselinux.inc > @@ -8,7 +8,7 @@ LICENSE = "PD" > inherit lib_package pythonnative > > DEPENDS += "libsepol python libpcre swig-native" > -RDEPENDS_${PN}-python += "python-importlib" > +RDEPENDS_${PN}-python += "python-core" > > PACKAGES += "${PN}-python" > FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
On 04/14/2018 07:08 PM, Armin Kuster wrote: > Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > 'restorecond', 'libselinux', 'python-importlib'] > > Signed-off-by: Armin Kuster> --- > recipes-security/selinux/libselinux.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Ping > > diff --git a/recipes-security/selinux/libselinux.inc > b/recipes-security/selinux/libselinux.inc > index bd5ce8d..51d0875 100644 > --- a/recipes-security/selinux/libselinux.inc > +++ b/recipes-security/selinux/libselinux.inc > @@ -8,7 +8,7 @@ LICENSE = "PD" > inherit lib_package pythonnative > > DEPENDS += "libsepol python libpcre swig-native" > -RDEPENDS_${PN}-python += "python-importlib" > +RDEPENDS_${PN}-python += "python-core" > > PACKAGES += "${PN}-python" > FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'restorecond', 'libselinux', 'python-importlib'] Signed-off-by: Armin Kuster--- recipes-security/selinux/libselinux.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux.inc index bd5ce8d..51d0875 100644 --- a/recipes-security/selinux/libselinux.inc +++ b/recipes-security/selinux/libselinux.inc @@ -8,7 +8,7 @@ LICENSE = "PD" inherit lib_package pythonnative DEPENDS += "libsepol python libpcre swig-native" -RDEPENDS_${PN}-python += "python-importlib" +RDEPENDS_${PN}-python += "python-core" PACKAGES += "${PN}-python" FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto