Re: [yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?
On 08/18/2015 10:28 AM, Randy MacLeod wrote: On 2015-08-14 02:41 AM, wenzong fan wrote: On 08/12/2015 09:05 PM, Joe MacDonald wrote: [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote: Hi All, There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the one in meta-selinux is 0.7.3. How about removing the one in meta-selinux and get this layer depends on meta-oe? Any suggestions? The last time we had this discussion my sense was that most users of meta-selinux wanted to continue with it only depending on oe-core. That's my preference as well. I'm happy to merge an updated version of libcap-ng (or maybe I'll get to it myself, since I've known about it since Armin removed it from meta-security, that was the time of the last discussion, I think). All I'm saying right now is that this isn't a case of accidental duplication of recipes in multiple layers, it's the result of a conscious decision. It's totally worthwhile re-visiting that decision, though to make sure the reasons are still valid. Thanks for clarifying this, just send out an update patch for libcap-ng. I still think it belongs in oe-core. Wenzong, Can you try to build up a case for that? If I look at the dependencies on Ubuntu-15.04: Reverse Depends: qemu-system-common,libcap-ng0 libvirt0,libcap-ng0 libvirt-bin,libcap-ng0 libcap-ng0:i386,libcap-ng0 0.7.4-2 libcap-ng0:i386,libcap-ng0 0.7.4-2 suricata,libcap-ng0 libcap-ng-utils,libcap-ng0 0.7.4-2 ladvd,libcap-ng0 heimdal-kdc,libcap-ng0 audispd-plugins,libcap-ng0 smartmontools,libcap-ng0 qemu-system-common,libcap-ng0 libvirt0,libcap-ng0 libvirt-bin,libcap-ng0 libcap-ng-dev,libcap-ng0 0.7.4-2 irqbalance,libcap-ng0 gnome-keyring,libcap-ng0 dbus-1-dbg,libcap-ng0 dbus,libcap-ng0 note that pkgs in: meta-virtualization: irqbalance, libvirt, more? meta-selinux: audit meta-security-framework: audit could drop the local versions of libcap-ng and use the oe-core libcap-ng. Please check on the actual source/configure options so that we(I!!) get a better understanding of where libcap vs libcap-ng is used. In fact, since meta-security-framework isn't using selinux, I'd say that both audit and libcap-ng should both move to oe-core. And the swig that libcap-ng depends on (swig-native) if we to do so. Thanks Wenzong Thanks, ../Randy Wenzong -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?
On 2015-08-14 02:41 AM, wenzong fan wrote: On 08/12/2015 09:05 PM, Joe MacDonald wrote: [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote: Hi All, There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the one in meta-selinux is 0.7.3. How about removing the one in meta-selinux and get this layer depends on meta-oe? Any suggestions? The last time we had this discussion my sense was that most users of meta-selinux wanted to continue with it only depending on oe-core. That's my preference as well. I'm happy to merge an updated version of libcap-ng (or maybe I'll get to it myself, since I've known about it since Armin removed it from meta-security, that was the time of the last discussion, I think). All I'm saying right now is that this isn't a case of accidental duplication of recipes in multiple layers, it's the result of a conscious decision. It's totally worthwhile re-visiting that decision, though to make sure the reasons are still valid. Thanks for clarifying this, just send out an update patch for libcap-ng. I still think it belongs in oe-core. Wenzong, Can you try to build up a case for that? If I look at the dependencies on Ubuntu-15.04: Reverse Depends: qemu-system-common,libcap-ng0 libvirt0,libcap-ng0 libvirt-bin,libcap-ng0 libcap-ng0:i386,libcap-ng0 0.7.4-2 libcap-ng0:i386,libcap-ng0 0.7.4-2 suricata,libcap-ng0 libcap-ng-utils,libcap-ng0 0.7.4-2 ladvd,libcap-ng0 heimdal-kdc,libcap-ng0 audispd-plugins,libcap-ng0 smartmontools,libcap-ng0 qemu-system-common,libcap-ng0 libvirt0,libcap-ng0 libvirt-bin,libcap-ng0 libcap-ng-dev,libcap-ng0 0.7.4-2 irqbalance,libcap-ng0 gnome-keyring,libcap-ng0 dbus-1-dbg,libcap-ng0 dbus,libcap-ng0 note that pkgs in: meta-virtualization: irqbalance, libvirt, more? meta-selinux: audit meta-security-framework: audit could drop the local versions of libcap-ng and use the oe-core libcap-ng. Please check on the actual source/configure options so that we(I!!) get a better understanding of where libcap vs libcap-ng is used. In fact, since meta-security-framework isn't using selinux, I'd say that both audit and libcap-ng should both move to oe-core. Thanks, ../Randy Wenzong -- # Randy MacLeod. SMTS, Linux, Wind River Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON, Canada, K2K 2W5 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?
On 08/12/2015 09:05 PM, Joe MacDonald wrote: [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote: Hi All, There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the one in meta-selinux is 0.7.3. How about removing the one in meta-selinux and get this layer depends on meta-oe? Any suggestions? The last time we had this discussion my sense was that most users of meta-selinux wanted to continue with it only depending on oe-core. That's my preference as well. I'm happy to merge an updated version of libcap-ng (or maybe I'll get to it myself, since I've known about it since Armin removed it from meta-security, that was the time of the last discussion, I think). All I'm saying right now is that this isn't a case of accidental duplication of recipes in multiple layers, it's the result of a conscious decision. It's totally worthwhile re-visiting that decision, though to make sure the reasons are still valid. Thanks for clarifying this, just send out an update patch for libcap-ng. Wenzong -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?
[[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote: > Hi All, > > There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the > one in meta-selinux is 0.7.3. > > How about removing the one in meta-selinux and get this layer depends on > meta-oe? Any suggestions? The last time we had this discussion my sense was that most users of meta-selinux wanted to continue with it only depending on oe-core. That's my preference as well. I'm happy to merge an updated version of libcap-ng (or maybe I'll get to it myself, since I've known about it since Armin removed it from meta-security, that was the time of the last discussion, I think). All I'm saying right now is that this isn't a case of accidental duplication of recipes in multiple layers, it's the result of a conscious decision. It's totally worthwhile re-visiting that decision, though to make sure the reasons are still valid. -- -Joe MacDonald. :wq signature.asc Description: Digital signature -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?
Hi All, There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the one in meta-selinux is 0.7.3. How about removing the one in meta-selinux and get this layer depends on meta-oe? Any suggestions? Thanks Wenzong -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
