subject:"Re\: \[yocto\] \[meta\-selinux\]\[PATCH\] libselinux\: python\-importlib is now part of python\*\-core"

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

2018-08-14 Thread Yi Zhao




在 2018年05月15日 00:09, Joe MacDonald 写道:

[Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of 
python*-core] On 18.05.14 (Mon 10:05) Mark Hatle wrote:


On 5/11/18 1:19 PM, Rudolf J Streif wrote:

Thank you, Mark. Much appreciated and understood.

Would you be open to tagging the layer for rocko to the right commit and
applying the patches sent to the mailing list by Armin and Kai to master
so that we have known points to move forward?

I'm going to try to sync with Joe later today.  I'll make sure that we
branch rocko..  If Joe can't get to the sumo work this week, I'll do
my best to get it done.

Yeah, just keep everyone in the loop on this, Mark and I will
coordinate, I anticipate having the current meta-selinux queue cleaned
up this week.  I followed up last week to Armin indicating that I was
working on this, but as I'm sure anyone building meta-selinux right now
already knows, things are not happy there and corrective measures are
kind of involved.

As for longer-term maintenance, meta-selinux and SELinux in general is
of particular interest to me personally, but much like Mark, I haven't
has as much time for the layer as it deserves lately, so if anyone wants
to volunteer to help out with it, by all means, let us know.

Hi Joe, Mark and Philip

I'm interested in this  and want to volunteer to help the meta-selinux 
maintenance.  I have enough time to review and test the patches. There 
are some pending patches from Wenzong which can not be merged into 
master. Currently I'm working on them and will re-send them.


Thanks,
Yi





Thanks,
-J.


--Mark


Thank you,
Rudi


On 05/11/2018 10:45 AM, Mark Hatle wrote:

On 5/11/18 12:28 PM, Rudolf J Streif wrote:

Echoing this: may I ask what the current maintenance status of
meta-selinux is. It appears that no updates have been made for more than
9 months. This is of course not to blame anybody but out of concern that
the layer is falling behind even more and to find a solution.

The answer is the current set of people are horribly overworked and busy, so
day-to-day updates have been 'sparse'.

Usually we update meta-selinux about the time of a release, and thus are due.

The last update of meta-selinux was about the time of the Rocko release, so what
is in master is definitely current as of Rocko.  (I did the last set of updates
-- so I know it did work as of Rocko release.)  The master needs to be branched
as Rocko... master needs to be updated to be Sumo compatible.

My assumption is that once Sumo is formally released (any minute now), we'll
collection all of the patches and get them into place and spend some time
cleaning them up...

It looks like Joe is already working through this effort.

(Only speaking for myself,) I don't have time to do day-to-day maintenance of
meta-selinux any longer -- nor do I have the indepth knowledge to understand
when not to do something.  I filled this role purely out of necessity since
nobody else was doing it.

So with that said, if anyone wants to help, we're all open for help here...  I
doubt there would be any objection to adding or replacing existing maintainers
and/or giving more people push access.


In addition to Armin's patches there are two patches submitted by Kai
Kang at Windriver:

* https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html
* https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html

Curiously enough, the second patch has been applied to master but not
the first one.


There is also an issue with building SELinux with systemd. The layer
enables auditing:

meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] =
"--enable-audit,--disable-audit,audit,"
meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit
${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)}

Apparently the --enable-audit switch is passed to meson when running the
configure task, which meson does not appreciate. I am not that familiar
with the audit feature nor with meson, so I currently have no idea on
how to fix this the right way.

audit feature is useful outside of selinux, so my understand was that audit
itself was moving into core during the sumo time frame (if it hadn't already
been oved.)

I don't know anything about meson, so I can't speak to that...


Further, refpolicy_git does not build anymore as the YP specific patches
do not apply anymore since upstream changed.

The refpolicy is and has always been crap.  I've been talking to a few people on
IRC about working to replace the refpolicy with a policy that can be generated
dynamically based on the contents of the recipes.  I don't know if that is
really going to happen, but I hate the way it's currently implemented.

One of the key issues about the refpolicy is that you need to be an expert at
this (which I never claimed to be) in order to make any reasonable decision --
add to that any specific policy needs to userstand overall system design, and I
wouldn't

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

2018-05-11 Thread Rudolf J Streif

Thank you, Mark. Much appreciated and understood.

Would you be open to tagging the layer for rocko to the right commit and
applying the patches sent to the mailing list by Armin and Kai to master
so that we have known points to move forward?

Thank you,
Rudi


On 05/11/2018 10:45 AM, Mark Hatle wrote:
> On 5/11/18 12:28 PM, Rudolf J Streif wrote:
>> Echoing this: may I ask what the current maintenance status of
>> meta-selinux is. It appears that no updates have been made for more than
>> 9 months. This is of course not to blame anybody but out of concern that
>> the layer is falling behind even more and to find a solution.
> The answer is the current set of people are horribly overworked and busy, so
> day-to-day updates have been 'sparse'.
>
> Usually we update meta-selinux about the time of a release, and thus are due.
>
> The last update of meta-selinux was about the time of the Rocko release, so 
> what
> is in master is definitely current as of Rocko.  (I did the last set of 
> updates
> -- so I know it did work as of Rocko release.)  The master needs to be 
> branched
> as Rocko... master needs to be updated to be Sumo compatible.
>
> My assumption is that once Sumo is formally released (any minute now), we'll
> collection all of the patches and get them into place and spend some time
> cleaning them up...
>
> It looks like Joe is already working through this effort.
>
> (Only speaking for myself,) I don't have time to do day-to-day maintenance of
> meta-selinux any longer -- nor do I have the indepth knowledge to understand
> when not to do something.  I filled this role purely out of necessity since
> nobody else was doing it.
>
> So with that said, if anyone wants to help, we're all open for help here...  I
> doubt there would be any objection to adding or replacing existing maintainers
> and/or giving more people push access.
>
>> In addition to Armin's patches there are two patches submitted by Kai
>> Kang at Windriver:
>>
>> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html
>> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html
>>
>> Curiously enough, the second patch has been applied to master but not
>> the first one.
>>
>>
>> There is also an issue with building SELinux with systemd. The layer
>> enables auditing:
>>
>> meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] =
>> "--enable-audit,--disable-audit,audit,"
>> meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit
>> ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)}
>>
>> Apparently the --enable-audit switch is passed to meson when running the
>> configure task, which meson does not appreciate. I am not that familiar
>> with the audit feature nor with meson, so I currently have no idea on
>> how to fix this the right way.
> audit feature is useful outside of selinux, so my understand was that audit
> itself was moving into core during the sumo time frame (if it hadn't already
> been oved.)
>
> I don't know anything about meson, so I can't speak to that...
>
>> Further, refpolicy_git does not build anymore as the YP specific patches
>> do not apply anymore since upstream changed.
> The refpolicy is and has always been crap.  I've been talking to a few people 
> on
> IRC about working to replace the refpolicy with a policy that can be generated
> dynamically based on the contents of the recipes.  I don't know if that is
> really going to happen, but I hate the way it's currently implemented.
>
> One of the key issues about the refpolicy is that you need to be an expert at
> this (which I never claimed to be) in order to make any reasonable decision --
> add to that any specific policy needs to userstand overall system design, and 
> I
> wouldn't trust any of the refpolicy items as they stand in meta-selinux.
>
> --Mark
>
>> Thanks,
>> Rudi
>>
>>
>>
>> On 05/07/2018 10:20 AM, akuster808 wrote:
>>> On 04/14/2018 07:08 PM, Armin Kuster wrote:
 Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
 'restorecond', 'libselinux', 'python-importlib']

 Signed-off-by: Armin Kuster 
>>> ping
 ---
  recipes-security/selinux/libselinux.inc | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/recipes-security/selinux/libselinux.inc 
 b/recipes-security/selinux/libselinux.inc
 index bd5ce8d..51d0875 100644
 --- a/recipes-security/selinux/libselinux.inc
 +++ b/recipes-security/selinux/libselinux.inc
 @@ -8,7 +8,7 @@ LICENSE = "PD"
  inherit lib_package pythonnative
  
  DEPENDS += "libsepol python libpcre swig-native"
 -RDEPENDS_${PN}-python += "python-importlib"
 +RDEPENDS_${PN}-python += "python-core"
  
  PACKAGES += "${PN}-python"
  FILES_${PN}-python = 
 "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
>>
>>

-- 
Rudolf J Streif




signature.asc
Description: OpenPGP digital signature
--

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

2018-05-11 Thread Mark Hatle

On 5/11/18 12:28 PM, Rudolf J Streif wrote:
> Echoing this: may I ask what the current maintenance status of
> meta-selinux is. It appears that no updates have been made for more than
> 9 months. This is of course not to blame anybody but out of concern that
> the layer is falling behind even more and to find a solution.

The answer is the current set of people are horribly overworked and busy, so
day-to-day updates have been 'sparse'.

Usually we update meta-selinux about the time of a release, and thus are due.

The last update of meta-selinux was about the time of the Rocko release, so what
is in master is definitely current as of Rocko.  (I did the last set of updates
-- so I know it did work as of Rocko release.)  The master needs to be branched
as Rocko... master needs to be updated to be Sumo compatible.

My assumption is that once Sumo is formally released (any minute now), we'll
collection all of the patches and get them into place and spend some time
cleaning them up...

It looks like Joe is already working through this effort.

(Only speaking for myself,) I don't have time to do day-to-day maintenance of
meta-selinux any longer -- nor do I have the indepth knowledge to understand
when not to do something.  I filled this role purely out of necessity since
nobody else was doing it.

So with that said, if anyone wants to help, we're all open for help here...  I
doubt there would be any objection to adding or replacing existing maintainers
and/or giving more people push access.

> In addition to Armin's patches there are two patches submitted by Kai
> Kang at Windriver:
> 
> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html
> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html
> 
> Curiously enough, the second patch has been applied to master but not
> the first one.
> 
> 
> There is also an issue with building SELinux with systemd. The layer
> enables auditing:
> 
> meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] =
> "--enable-audit,--disable-audit,audit,"
> meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit
> ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)}
> 
> Apparently the --enable-audit switch is passed to meson when running the
> configure task, which meson does not appreciate. I am not that familiar
> with the audit feature nor with meson, so I currently have no idea on
> how to fix this the right way.

audit feature is useful outside of selinux, so my understand was that audit
itself was moving into core during the sumo time frame (if it hadn't already
been oved.)

I don't know anything about meson, so I can't speak to that...

> 
> Further, refpolicy_git does not build anymore as the YP specific patches
> do not apply anymore since upstream changed.

The refpolicy is and has always been crap.  I've been talking to a few people on
IRC about working to replace the refpolicy with a policy that can be generated
dynamically based on the contents of the recipes.  I don't know if that is
really going to happen, but I hate the way it's currently implemented.

One of the key issues about the refpolicy is that you need to be an expert at
this (which I never claimed to be) in order to make any reasonable decision --
add to that any specific policy needs to userstand overall system design, and I
wouldn't trust any of the refpolicy items as they stand in meta-selinux.

--Mark

> Thanks,
> Rudi
> 
> 
> 
> On 05/07/2018 10:20 AM, akuster808 wrote:
>>
>> On 04/14/2018 07:08 PM, Armin Kuster wrote:
>>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
>>> 'restorecond', 'libselinux', 'python-importlib']
>>>
>>> Signed-off-by: Armin Kuster 
>> ping
>>> ---
>>>  recipes-security/selinux/libselinux.inc | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/recipes-security/selinux/libselinux.inc 
>>> b/recipes-security/selinux/libselinux.inc
>>> index bd5ce8d..51d0875 100644
>>> --- a/recipes-security/selinux/libselinux.inc
>>> +++ b/recipes-security/selinux/libselinux.inc
>>> @@ -8,7 +8,7 @@ LICENSE = "PD"
>>>  inherit lib_package pythonnative
>>>  
>>>  DEPENDS += "libsepol python libpcre swig-native"
>>> -RDEPENDS_${PN}-python += "python-importlib"
>>> +RDEPENDS_${PN}-python += "python-core"
>>>  
>>>  PACKAGES += "${PN}-python"
>>>  FILES_${PN}-python = 
>>> "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
> 
> 
> 

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

2018-05-11 Thread Rudolf J Streif

Echoing this: may I ask what the current maintenance status of
meta-selinux is. It appears that no updates have been made for more than
9 months. This is of course not to blame anybody but out of concern that
the layer is falling behind even more and to find a solution.

In addition to Armin's patches there are two patches submitted by Kai
Kang at Windriver:

* https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html
* https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html

Curiously enough, the second patch has been applied to master but not
the first one.

There is also an issue with building SELinux with systemd. The layer
enables auditing:

meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] =
"--enable-audit,--disable-audit,audit,"
meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit
${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)}

Apparently the --enable-audit switch is passed to meson when running the
configure task, which meson does not appreciate. I am not that familiar
with the audit feature nor with meson, so I currently have no idea on
how to fix this the right way.

Further, refpolicy_git does not build anymore as the YP specific patches
do not apply anymore since upstream changed.

Thanks,
Rudi

On 05/07/2018 10:20 AM, akuster808 wrote:
>
> On 04/14/2018 07:08 PM, Armin Kuster wrote:
>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
>> 'restorecond', 'libselinux', 'python-importlib']
>>
>> Signed-off-by: Armin Kuster 
> ping
>> ---
>>  recipes-security/selinux/libselinux.inc | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/recipes-security/selinux/libselinux.inc 
>> b/recipes-security/selinux/libselinux.inc
>> index bd5ce8d..51d0875 100644
>> --- a/recipes-security/selinux/libselinux.inc
>> +++ b/recipes-security/selinux/libselinux.inc
>> @@ -8,7 +8,7 @@ LICENSE = "PD"
>>  inherit lib_package pythonnative
>>  
>>  DEPENDS += "libsepol python libpcre swig-native"
>> -RDEPENDS_${PN}-python += "python-importlib"
>> +RDEPENDS_${PN}-python += "python-core"
>>  
>>  PACKAGES += "${PN}-python"
>>  FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"

-- 
Rudolf J Streif

signature.asc
Description: OpenPGP digital signature
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

2018-05-08 Thread Joe MacDonald

[Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of 
python*-core] On 18.05.07 (Mon 10:20) akuster808 wrote:

> 
> 
> On 04/14/2018 07:08 PM, Armin Kuster wrote:
> > Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
> > 'restorecond', 'libselinux', 'python-importlib']
> >
> > Signed-off-by: Armin Kuster <akus...@mvista.com>
> ping

Hey all,

I'm working through selinux issues now.

-J.

> > ---
> >  recipes-security/selinux/libselinux.inc | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/recipes-security/selinux/libselinux.inc 
> > b/recipes-security/selinux/libselinux.inc
> > index bd5ce8d..51d0875 100644
> > --- a/recipes-security/selinux/libselinux.inc
> > +++ b/recipes-security/selinux/libselinux.inc
> > @@ -8,7 +8,7 @@ LICENSE = "PD"
> >  inherit lib_package pythonnative
> >  
> >  DEPENDS += "libsepol python libpcre swig-native"
> > -RDEPENDS_${PN}-python += "python-importlib"
> > +RDEPENDS_${PN}-python += "python-core"
> >  
> >  PACKAGES += "${PN}-python"
> >  FILES_${PN}-python = 
> > "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
> 
-- 
-Joe MacDonald.
:wq


signature.asc
Description: PGP signature
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

2018-05-07 Thread akuster808



On 04/14/2018 07:08 PM, Armin Kuster wrote:
> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
> 'restorecond', 'libselinux', 'python-importlib']
>
> Signed-off-by: Armin Kuster 
ping
> ---
>  recipes-security/selinux/libselinux.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/recipes-security/selinux/libselinux.inc 
> b/recipes-security/selinux/libselinux.inc
> index bd5ce8d..51d0875 100644
> --- a/recipes-security/selinux/libselinux.inc
> +++ b/recipes-security/selinux/libselinux.inc
> @@ -8,7 +8,7 @@ LICENSE = "PD"
>  inherit lib_package pythonnative
>  
>  DEPENDS += "libsepol python libpcre swig-native"
> -RDEPENDS_${PN}-python += "python-importlib"
> +RDEPENDS_${PN}-python += "python-core"
>  
>  PACKAGES += "${PN}-python"
>  FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

2018-04-21 Thread akuster808



On 04/14/2018 07:08 PM, Armin Kuster wrote:
> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
> 'restorecond', 'libselinux', 'python-importlib']
>
> Signed-off-by: Armin Kuster 
> ---
>  recipes-security/selinux/libselinux.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
Ping
>
> diff --git a/recipes-security/selinux/libselinux.inc 
> b/recipes-security/selinux/libselinux.inc
> index bd5ce8d..51d0875 100644
> --- a/recipes-security/selinux/libselinux.inc
> +++ b/recipes-security/selinux/libselinux.inc
> @@ -8,7 +8,7 @@ LICENSE = "PD"
>  inherit lib_package pythonnative
>  
>  DEPENDS += "libsepol python libpcre swig-native"
> -RDEPENDS_${PN}-python += "python-importlib"
> +RDEPENDS_${PN}-python += "python-core"
>  
>  PACKAGES += "${PN}-python"
>  FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

7 matches

Site Navigation

Mail list logo

Footer information