[yocto] [meta-selinux][PATCH 19/19] audit: switch to python3

* Switch to python3 * Drop patches: audit-python-configure.patch audit-python.patch fix-swig-host-contamination.patch Signed-off-by: Yi Zhao --- .../audit/audit/audit-python-configure.patch | 46 - .../audit/audit/audit-python.patch| 64

[yocto] [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2

* Switch to python3 * Drop patches: Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch setools4-fix-cross-compiling-errors-for-powerpc-mips.patch Signed-off-by: Yi Zhao --- ...e-with-GCC-7-due-to-possible-truncat.patch | 105 -- ...ss-compiling-errors-for-powerpc

[yocto] [meta-selinux][PATCH 15/19] selinux-gui: uprev to 2.9 (20190315)

* Switch to python3 Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-gui.inc| 2 +- recipes-security/selinux/selinux-gui_2.8.bb | 7 --- recipes-security/selinux/selinux-gui_2.9.bb | 7 +++ 3 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 recipes

[yocto] [meta-selinux][PATCH 13/19] selinux-dbus: uprev to 2.9 (20190315)

* Switch to python3 Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-dbus.inc| 2 +- recipes-security/selinux/selinux-dbus_2.8.bb | 7 --- recipes-security/selinux/selinux-dbus_2.9.bb | 7 +++ 3 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 recipes

[yocto] [meta-selinux][PATCH 14/19] selinux-sandbox: uprev to 2.9 (20190315)

* Switch to python3 * Rebase patch Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-sandbox.inc | 10 -- .../selinux/selinux-sandbox/sandbox-de-bashify.patch | 9 + recipes-security/selinux/selinux-sandbox_2.8.bb| 7 --- recipes-security

[yocto] [meta-selinux][PATCH 16/19] semodule-utils: uprev to 2.9 (20190315)

Signed-off-by: Yi Zhao --- recipes-security/selinux/semodule-utils_2.8.bb | 7 --- recipes-security/selinux/semodule-utils_2.9.bb | 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 recipes-security/selinux/semodule-utils_2.8.bb create mode 100644 recipes

[yocto] [meta-selinux][PATCH 17/19] selinux-init: fix build error when enable usrmerge feature

them or delete them within do_install. selinux-init: 1 installed and not shipped files. [installed-vs-shipped] We don't need to install systemd service file when systemd feature is not enabled. Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-initsh.inc | 5 ++--- 1 file chang

[yocto] [meta-selinux][PATCH 10/19] mcstrans: uprev to 2.9 (20190315)

* Rebase patches Signed-off-by: Yi Zhao --- recipes-security/selinux/mcstrans.inc | 4 ++-- .../mcstrans/mcstrans-de-bashify.patch| 23 +++ ...tch => mcstrans-fix-the-init-script.patch} | 14 +++ recipes-security/selinux/mcstrans_2.8.bb |

[yocto] [meta-selinux][PATCH 09/19] policycoreutils: uprev to 2.9 (20190315)

* Switch to python3 Signed-off-by: Yi Zhao --- recipes-security/selinux/policycoreutils.inc| 16 recipes-security/selinux/policycoreutils_2.8.bb | 8 recipes-security/selinux/policycoreutils_2.9.bb | 8 3 files changed, 12 insertions(+), 20 deletions

[yocto] [meta-selinux][PATCH 12/19] selinux-python: uprev to 2.9 (20190315)

* Switch to python3 * Drop patches: fix-TypeError-for-seobject.py.patch process-ValueError-for-sepolicy-seobject.patch * Rebase patches Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-python.inc | 62 +-- .../fix-TypeError-for-seobject.py.patch | 30

[yocto] [meta-selinux][PATCH 08/19] secilc: uprev to 2.9 (20190315)

Signed-off-by: Yi Zhao --- recipes-security/selinux/secilc_2.8.bb | 7 --- recipes-security/selinux/secilc_2.9.bb | 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 recipes-security/selinux/secilc_2.8.bb create mode 100644 recipes-security/selinux/secilc_2.9

[yocto] [meta-selinux][PATCH 11/19] restorecond: uprev to 2.9 (20190315)

* Rebase patches Signed-off-by: Yi Zhao --- ...icycoreutils-make-O_CLOEXEC-optional.patch | 29 +++ recipes-security/selinux/restorecond_2.8.bb | 7 - recipes-security/selinux/restorecond_2.9.bb | 7 + 3 files changed, 24 insertions(+), 19 deletions(-) delete mode

[yocto] [meta-selinux][PATCH 06/19] libsemanage: uprev to 2.9 (20190315)

* Switch to python3 * Drop patches: libsemanage-fix-path-nologin.patch 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch * Rebase patches * Update policy version to 31 Signed-off-by: Yi Zhao --- recipes-security/selinux/libsemanage.inc | 26 ++--- ...file-fix

[yocto] [meta-selinux][PATCH 07/19] checkpolicy: uprev to 2.9 (20190315)

Signed-off-by: Yi Zhao --- recipes-security/selinux/checkpolicy_2.8.bb | 7 --- recipes-security/selinux/checkpolicy_2.9.bb | 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 recipes-security/selinux/checkpolicy_2.8.bb create mode 100644 recipes-security

[yocto] [meta-selinux][PATCH 05/19] libselinux-python: add recipe

After switch to python3, There is a loop dependency error with libselinux-python package when build libselinux. Split the original libselinux recipe into libselinux and libselinux-python. Signed-off-by: Yi Zhao --- .../selinux/libselinux-python.inc | 40

[yocto] [meta-selinux][PATCH 04/19] libselinux: uprev to 2.9 (20190315)

* Switch to python3 * Drop patches: 0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch * Split into libselinux recipe and libselinux-python recipe to fix the loop dependency error. Signed-off-by: Yi Zhao --- recipes

[yocto] [meta-selinux][PATCH 03/19] libsepol: uprev to 2.9 (20190315)

* Drop patch 0001-src-Makefile-fix-includedir-in-libsepol.pc.patch Signed-off-by: Yi Zhao --- ...kefile-fix-includedir-in-libsepol.pc.patch | 29 --- recipes-security/selinux/libsepol_2.8.bb | 9 -- recipes-security/selinux/libsepol_2.9.bb | 7 + 3 files

[yocto] [meta-selinux][PATCH 02/19] selinux: uprev inc files to 2.9 (20190315)

* Update SRC_URI * Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux_20180524.inc | 5 - recipes-security/selinux/selinux_20190315.inc | 8 recipes-security/selinux/selinux_common.inc | 4 +--- 3 files changed, 9

[yocto] [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9

* Upgrade to 2.9 * Switch to python3 * Refresh patches Yi Zhao (19): python-ipy: upgrade to 1.00 and add python3 version selinux: uprev inc files to 2.9 (20190315) libsepol: uprev to 2.9 (20190315) libselinux: uprev to 2.9 (20190315) libselinux-python: add recipe libsemanage: uprev to

[yocto] [meta-selinux][PATCH 01/19] python-ipy: upgrade to 1.00 and add python3 version

Signed-off-by: Yi Zhao --- recipes-devtools/python/python-ipy.inc | 18 recipes-devtools/python/python-ipy_0.83.bb | 32 - recipes-devtools/python/python-ipy_1.00.bb | 2 ++ recipes-devtools/python/python3-ipy_1.00.bb | 2 ++ 4 files changed, 22

[yocto] [meta-cgl][PATCH] ucarp: add initscripts-functions as runtime dependency when using systemd

. Signed-off-by: Yi Zhao --- meta-cgl-common/recipes-cgl/ucarp/ucarp_1.5.2.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-cgl-common/recipes-cgl/ucarp/ucarp_1.5.2.bb b/meta-cgl-common/recipes-cgl/ucarp/ucarp_1.5.2.bb index 6f30bf7..f5be421 100644 --- a/meta-cgl-common/recipes-cgl/ucarp

[yocto] [meta-selinux][PATCH] audit: explicitly disable golang bindings

Disable golang bindings to avoid potential host contamination issue. Fixes: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13166 Signed-off-by: Yi Zhao --- recipes-security/audit/audit_2.8.5.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/audit/audit_2.8.5.bb b

Re: [yocto] [meta-selinux][PATCH] conf/layer.conf: use BBFILES_DYNAMIC for dynamic layers

On 9/10/19 1:11 AM, Joe MacDonald wrote: Hi Yi, [[meta-selinux][PATCH] conf/layer.conf: use BBFILES_DYNAMIC for dynamic layers] On 19.09.09 (Mon 14:01) Yi Zhao wrote: From: Robert Yang The previous code add all BBFILE_COLLECTIONS/recipes*/*/*.bbappend to BBFILES, which causes the parsing

[yocto] [meta-selinux][PATCH] conf/layer.conf: use BBFILES_DYNAMIC for dynamic layers

* After: $ rm -fr tmp-glibc/ cache; time bitbake -p real0m25.542s user0m0.572s sys 0m0.040s It wasted 20s which wasn't worth (The host has 128 threads, it should cost more time on less power host), use BBFILES_DYNAMIC can fix the problem. Signed-off-by: Robert Yang Signed-off-by: Yi

[yocto] [meta-selinux][PATCH V2] selinux-autorelabel: disable enforcing mode before relabel

rcing mode before relabel. Signed-off-by: Yi Zhao --- .../selinux/selinux-autorelabel/selinux-autorelabel.sh | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/recipes-security/selinux/selinux-autorelabel/selinux-autorelabel.sh b/recipes-security/selinux/selinux-a

Re: [yocto] [meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel

On 9/5/19 7:57 PM, Joe MacDonald wrote: [[meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel] On 19.09.05 (Thu 16:57) Yi Zhao wrote: The commit b0d31db104d9a4e94bc1409c2ffcc1d82f4a780f introduced an issue when first boot with bootparams="selinux=1 enforc

[yocto] [meta-selinux][PATCH] selinux-autorelabel: disable enforcing mode before relabel

to ensure the enforcing mode is disabled before relabel. Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-autorelabel/selinux-autorelabel.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/selinux/selinux-autorelabel/selinux-autorelabel.sh b/recipes-securi

[yocto] [meta-selinux][PATCH 2/2] mcstrans: specify INITDIR

By default the mcstrans init script will be installed to /etc/rc.d/init.d directory. Specify INITDIR to install it to /etc/init.d directory. Signed-off-by: Yi Zhao --- recipes-security/selinux/mcstrans.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security

[yocto] [meta-selinux][PATCH 1/2] setools: update SRC_URI

SETools has moved from https://github.com/TresysTechnology/setools to https://github.com/SELinuxProject/setools See: https://github.com/TresysTechnology/setools/wiki Signed-off-by: Yi Zhao --- recipes-security/setools/setools_4.1.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

Re: [yocto] [meta-selinux][PATCH 3/3] util-linux: drop obsolete patch

Hi Joe, Seems you were missing this patch. Would you please merge it? Thanks. //Yi On 5/20/19 12:41 PM, Yi Zhao wrote: Signed-off-by: Yi Zhao --- .../util-linux/fix-libmount_la_DEPENDENCIES.patch | 28 -- 1 file changed, 28 deletions(-) delete mode 100644

[yocto] [meta-selinux][PATCH] selinux-sandbox: add runtime dependency on python-core

Fixes: ERROR: QA Issue: /usr/share/sandbox/start contained in package selinux-sandbox requires /usr/bin/python, but no providers found in RDEPENDS_selinux-sandbox? [file-rdeps] Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-sandbox.inc | 1 + 1 file changed, 1 insertion

[yocto] [meta-security][PATCH] openscap: add runtime dependency on bash and python3-core

? [file-rdeps] Signed-off-by: Yi Zhao --- meta-security-compliance/recipes-openscap/openscap/openscap.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap/openscap

[yocto] [meta-selinux][PATCH 1/2] selinux-python: add python-core as runtime dependency

/bin/python, but no providers found in RDEPENDS_selinux-python-audit2allow? [file-rdeps] QA Issue: /usr/bin/chcat contained in package selinux-python-chcat requires /usr/bin/python, but no providers found in RDEPENDS_selinux-python-chcat? [file-rdeps] Signed-off-by: Yi Zhao --- recipes

[yocto] [meta-selinux][PATCH 2/2 V2] setools: do not use unstable github archive tarballs

/setools/wiki Signed-off-by: Hongxu Jia Signed-off-by: Yi Zhao --- recipes-security/setools/setools_4.1.1.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-security/setools/setools_4.1.1.bb b/recipes-security/setools/setools_4.1.1.bb index c5a2d34..db529f4

[yocto] [meta-anaconda][PATCH] packagegroup-installer-x11-anaconda: use libsdl2 instead of libsdl

The libsdl had been moved out of oe-core because it is obsolete. Switch to libsdl2. Signed-off-by: Yi Zhao --- recipes-installer/packagegroups/packagegroup-installer-x11-anaconda.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-installer/packagegroups/packagegroup

[yocto] [meta-security][PATCH] openscap: fix scap-security-guide build error

ap-build-artifacts even if using sstate cache. Signed-off-by: Yi Zhao --- meta-security-compliance/recipes-openscap/openscap/openscap.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security-compliance/recipes-openscap

[yocto] [meta-selinux][PATCH] libselinux: fix build with glibc 2.30

std.h:1170, from procattr.c:2: /buildarea/build/tmp/work/core2-64-poky-linux/libselinux/2.8-r0/recipe-sysroot/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of 'gettid' was here 34 | extern __pid_t gettid (void) __THROW; |^~~~~~ Si

[yocto] [meta-security][PATCH] xmlsec1: upgrade 1.2.27 -> 1.2.28

Signed-off-by: Yi Zhao --- recipes-security/xmlsec1/{xmlsec1_1.2.27.bb => xmlsec1_1.2.28.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename recipes-security/xmlsec1/{xmlsec1_1.2.27.bb => xmlsec1_1.2.28.bb} (93%) diff --git a/recipes-security/xmlsec1/xmlsec1_1.2.27

[yocto] [meta-security][PATCH 2/2] scap-security-guide: fix typo

Fix typo: RDEPNEDS_${PN} -> RDEPENDS_${PN} Signed-off-by: Yi Zhao --- .../recipes-openscap/scap-security-guide/scap-security-guide.inc| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-security-compliance/recipes-openscap/scap-security-guide/scap-secur

[yocto] [meta-security][PATCH 1/2] openscap: cleanup DEPENDS

Remove autoconf-archive from DEPENDS because it is using CMake/Ninjia build now. Also remove unused dpkg-native dependency from DEPENDS_class-native. Signed-off-by: Yi Zhao --- meta-security-compliance/recipes-openscap/openscap/openscap.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions

[yocto] [meta-security][PATCH 1/2 V2] openscap: update recipe

the unused patch * Add PV * Clean up DEPENDS Signed-off-by: Yi Zhao --- .../openscap/files/probe_dir_fixup.patch | 17 -- .../recipes-openscap/openscap/files/run-ptest | 3 - .../recipes-openscap/openscap/openscap.inc | 67 -- .../recipes-openscap

[yocto] [meta-security][PATCH 2/2 V2] scap-security-guide: update recipe

* Set B="${S}/build" to fix the build failure for out of source directory * Remove do_complile and do_install. Use the default functions from cmake.bbclass. * Install the artifacts to /usr/share rather than /usr/local/share Signed-off-by: Yi Zhao --- .../scap-security-guide/sca

[yocto] [meta-security][PATCH 0/2 V2] openscap/scap-security-guide: update recipes

Changes from V1: openscap: Clean up DEPENDS. Remove autoconf-archive and dpkg-native from DEPENDS because we are using CMake/Ninjia now scap-security-guide: Fix typo: RDEPNEDS_${PN} -> RDEPENDS_${PN} Yi Zhao (2): openscap: update recipe scap-security-guide: update recipe .../opens

[yocto] [meta-security][PATCH 1/2] openscap: update recipe

the unused patch * Add PV Signed-off-by: Yi Zhao --- .../openscap/files/probe_dir_fixup.patch | 17 - .../recipes-openscap/openscap/files/run-ptest | 3 - .../recipes-openscap/openscap/openscap.inc | 77 -- .../recipes-openscap/openscap

[yocto] [meta-security][PATCH 2/2] scap-security-guide: update recipe

* Set B="${S}/build" to fix the build failure for out of source directory * Remove do_complile and do_install. Use the default functions from cmake.bbclass. * Install the artifacts to /usr/share rather than /usr/local/share Signed-off-by: Yi Zhao --- .../scap-security-guide/sca

Re: [yocto] PREMIRROR

On 7/24/19 4:49 AM, Russell Peterson wrote: Hello, I am looking to have bitbake pick up files for a particular recipe from a local git repository using the PREMIRROR functionality. Basically, the recipe (bb file) points to github but in my local build I add PREMIRROR_prepend = "git://.*/.*

Re: [yocto] [meta-security-compliance][PATCH 2/4] openscap: add 1.3.1 recipes for upstream source

On 7/23/19 2:38 PM, Akuster808 wrote: On Jul 23, 2019, at 02:51, Yi Zhao wrote: Hi Armin, I got the following error when build openscap: ERROR: openscap-git-r0 do_compile_ptest_base: Function failed: do_compile_ptest_base (log file is located at /buildarea/build/tmp/work/core2-64-poky

Re: [yocto] [meta-security-compliance][PATCH 2/4] openscap: add 1.3.1 recipes for upstream source

Hi Armin, I got the following error when build openscap: ERROR: openscap-git-r0 do_compile_ptest_base: Function failed: do_compile_ptest_base (log file is located at /buildarea/build/tmp/work/core2-64-poky-linux/openscap/git-r0/temp/log.do_compile_ptest_base.329146) ERROR: Logfile of failure

[yocto] [meta-cgl][PATCH 3/3] libhtml-tagset-perl: remove recipe

The libhtml-tagset-perl recipe was added to meta-perl layer with commit: 4058e65f3c4e17ad04423f4c9edf8607fe6fdb4f We can drop this duplicate recipe. Signed-off-by: Yi Zhao --- .../recipes-perl/perl/libhtml-tagset-perl_3.20.bb | 17 - 1 file changed, 17 deletions(-) delete

[yocto] [meta-cgl][PATCH 2/3] packagegroup-cgl-applications: only install libpam and pam-passwdqc if pam distro flag set

ES 'libpam' (but /buildarea/poky/meta-cgl/meta-cgl-common/packagegroups/packagegroup-cgl-applications.bb RDEPENDS on or otherwise requires it) Signed-off-by: Yi Zhao --- meta-cgl-common/packagegroups/packagegroup-cgl-applications.bb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) d

[yocto] [meta-cgl][PATCH 1/3] packagegroup-cgl-middleware: remove ipsec-tools and umip

The ipsec-tools and umip had been removed from meta-openembedded. We should remove them from the packagegroup. Signed-off-by: Yi Zhao --- meta-cgl-common/packagegroups/packagegroup-cgl-middleware.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta-cgl-common/packagegroups/packagegroup

[yocto] [meta-selinux][PATCH] audit: upgrade 2.8.4 -> 2.8.5

* Drop backport patch: 0001-Remove-strdupa-as-suggested-in-pull-request-25.patch * Refresh all patches. Signed-off-by: Yi Zhao --- ...e-strdupa-as-suggested-in-pull-request-25.patch | 47 -- ...bstitue-functions-for-strndupa-rawmemchr.patch} | 23 +-- .../audit

Re: [yocto] [meta-selinux][PATCH] glib-2.0: fix configure error for meson build

On 6/12/19 6:03 PM, Alexander Kanavin wrote: On Wed, 12 Jun 2019 at 09:54, Yi Zhao <mailto:yi.z...@windriver.com>> wrote: +PACKAGECONFIG[selinux] = "-Dselinux=enabled,-Dselinux=disabled,libselinux," This line should probably go into the oe-core recipe? It is fi

[yocto] [meta-selinux][PATCH] glib-2.0: fix configure error for meson build

In glib 2.60.x, it turns selinux into a meson feature. We should use '-Dselinux=enabled/disabled' rather than '-Dselinux=true/false' to enable/disable the feature. Add meso-enable-selinux.bbclass for this change and inherit it in glib-2.0 bbappend to fix the configure error

[yocto] [meta-selinux][PATCH 2/3] findutils: drop obsolete patch

Signed-off-by: Yi Zhao --- .../findutils-4.2.31/findutils-selinux.patch | 499 - 1 file changed, 499 deletions(-) delete mode 100644 recipes-extended/findutils/findutils-4.2.31/findutils-selinux.patch diff --git a/recipes-extended/findutils/findutils-4.2.31

[yocto] [meta-selinux][PATCH 3/3] util-linux: drop obsolete patch

Signed-off-by: Yi Zhao --- .../util-linux/fix-libmount_la_DEPENDENCIES.patch | 28 -- 1 file changed, 28 deletions(-) delete mode 100644 recipes-core/util-linux/util-linux/fix-libmount_la_DEPENDENCIES.patch diff --git a/recipes-core/util-linux/util-linux/fix

[yocto] [meta-selinux][PATCH 1/3] mesa: switch to meson build

The mesa had been converted to use meson build system in oe-core commit c72b6d46d392bfbcf54154f43663a7a8ada8c567. Update the bbappend to adapt it. Signed-off-by: Yi Zhao --- recipes-graphics/mesa/mesa_%.bbappend | 2 +- recipes-graphics/mesa/mesa_selinux.inc | 6 -- 2 files changed, 1

[yocto] [meta-security][PATCH 1/2] meta-tpm/conf/layer.conf: update layer dependencies

tup-tpm-incubator' has no buildable providers. Missing or unbuildable dependency chain was: ['cryptsetup-tpm-incubator', 'libdevmapper'] ERROR: Required build target 'tpm2-totp' has no buildable providers. Missing or unbuildable dependency chain was: ['tpm2-to

[yocto] [meta-security][PATCH 2/2] meta-tpm/README: update

Add more description Signed-off-by: Yi Zhao --- meta-tpm/README | 57 + 1 file changed, 57 insertions(+) diff --git a/meta-tpm/README b/meta-tpm/README index bbc70bb..dd662b3 100644 --- a/meta-tpm/README +++ b/meta-tpm/README @@ -2,3

[yocto] [meta-selinux][PATCH] refpolicy: refresh patches

Refrefsh 0001-refpolicy-minimum-audit-logging-getty-audit-related-.patch and 0004-refpolicy-minimum-systemd-mount-logging-authlogin-ad.patch. Remove the trailing line: \ No newline at end of file Signed-off-by: Yi Zhao --- ...y-minimum-audit-logging-getty-audit-related-.patch | 1 - ...y

[yocto] [meta-selinux][PATCH] refpolicy: update source checksums for refpolicy 20190201

The previous md5sum and sha256sum are not correct. See: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20190201 Signed-off-by: Yi Zhao --- recipes-security/refpolicy/refpolicy_2.20190201.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes

Re: [yocto] [meta-selinux][PULL] refpolicy: update to 2.20190201 and git HEAD policies (2019-04-10 10:57:14 -0400)

Hi Joe, Thank you for working on the refpolicy upgrade. I have a quick test with your patch. Here are the results: Machine: qemux86-64 Image: core-image-selinux Init manager: systemd Boot command: runqemu qemux86-64 kvm nographic bootparams="selinux=1 enforcing=X" qemuparams="-m 1024" 1. All

[yocto] [meta-selinux][PATCH] selinux: remove git version

The git version of libselinux libsemanage libsepol checkpolicy and policycoreutils are far behind the master branch and now they can not build due to the do_patch error. The current stable 2.8 version works well so we can remove them. Signed-off-by: Yi Zhao --- recipes-security/selinux

[yocto] [meta-selinux][PATCH] linux-yocto: add bbappend for kernel 5.0

Signed-off-by: Yi Zhao --- recipes-kernel/linux/linux-yocto_5.%.bbappend | 1 + 1 file changed, 1 insertion(+) create mode 100644 recipes-kernel/linux/linux-yocto_5.%.bbappend diff --git a/recipes-kernel/linux/linux-yocto_5.%.bbappend b/recipes-kernel/linux/linux-yocto_5.%.bbappend new file

[yocto] [meta-security][PATCH] oe-scap: fix inconsistent indentation

Signed-off-by: Yi Zhao --- .../recipes-openscap/oe-scap/oe-scap_1.0.bb | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security-compliance/recipes-openscap/oe-scap/oe

[yocto] [meta-security][PATCH] openscap-daemon: backport patch to fix build error with python 3.7

22, in | from openscap_daemon.system import System | File "/buildarea/build/tmp/work/core2-64-poky-linux/openscap-daemon/0.1.10-r0/git/openscap_daemon/system.py", line 29 | from openscap_daemon import async | ^ | SyntaxError: invalid

[yocto] [meta-security][PATCH] scap-security-guide: use makefile generator instead of ninja for cmake

Fixes build error: | make: *** No rule to make target 'openembedded'. Stop. Signed-off-by: Yi Zhao --- .../recipes-openscap/scap-security-guide/scap-security-guide_0.1.33.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-security-compliance/recipes-openscap/scap-secu

[yocto] [meta-selinux][PATCH 2/2] selinux-image.bbclass: using append instead of += for IMAGE_PREPROCESS_COMMAND

missive=1 When using "+=" for IMAGE_PREPROCESS_COMMAND, the selinux_set_labels process would run before prelink process to set the security labels for the files. But the label for /lib/libc-2.28.so and /lib/ld-2.28.so would be changed after run prelink process. Use "_append" to make sure t

[yocto] [meta-selinux][PATCH 2/2] openssh: update sshd_config

Update sshd_config based on openssh 7.9p1. Drop the deprecated option UsePrivilegeSeparation Signed-off-by: Yi Zhao --- recipes-connectivity/openssh/files/sshd_config | 53 +- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/recipes-connectivity/openssh

[yocto] [meta-selinux][PATCH 1/2] core-image-selinux.bb: remove trailing whitespace

Signed-off-by: Yi Zhao --- recipes-security/images/core-image-selinux.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/images/core-image-selinux.bb b/recipes-security/images/core-image-selinux.bb index 70b525e..68bf7ef 100644 --- a/recipes-security/images

[yocto] [meta-security][PATCH] keynote: remove recipe

The keynote is unmaintained for a long time. It had been removed from main distributions (Fedora, Suse and Debian). See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594867 Signed-off-by: Yi Zhao --- .../configure-remove-hardcode-path.patch | 37 .../keynote

[yocto] [meta-security][PATCH] keynote: depend on openssl10

Signed-off-by: Yi Zhao --- recipes-security/keynote/keynote_2.3.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/keynote/keynote_2.3.bb b/recipes-security/keynote/keynote_2.3.bb index 0300894..6ec26b8 100644 --- a/recipes-security/keynote/keynote_2.3.bb

Re: [yocto] [meta-selinux][PATCH 00/16] selinux: upgrade 2.7 -> 2.8

Ping //Yi 在 2018年09月05日 08:18, Yi Zhao 写道: Yi Zhao (16): selinux: uprev inc files to 2.8 (20180524) libsepol: uprev to 2.8 (20180524) libselinux: uprev to 2.8 (20180524) libsemanage: uprev to 2.8 (20180524) checkpolicy: uprev to 2.8 (20180524) secilc: uprev to 2.8

[yocto] [meta-selinux][PATCH 16/16 V2] audit: uprev to 2.8.4

Add aarch64 support Signed-off-by: Yi Zhao --- .../audit/{audit_2.7.6.bb => audit_2.8.4.bb} | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) rename recipes-security/audit/{audit_2.7.6.bb => audit_2.8.4.bb} (90%) diff --git a/recipes-security

[yocto] [meta-selinux][PATCH 16/16] audit: uprev to 2.8.4

Signed-off-by: Yi Zhao --- .../audit/{audit_2.7.6.bb => audit_2.8.4.bb} | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) rename recipes-security/audit/{audit_2.7.6.bb => audit_2.8.4.bb} (91%) diff --git a/recipes-security/audit/audit_2.7.6.bb b/r

[yocto] [meta-selinux][PATCH 15/16] packagegroup-selinux-policycoreutils: remove semodule-utils-semodule-deps

Remove package semodule-utils-semodule-deps as it had been removed upstream. Signed-off-by: Yi Zhao --- recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb | 1 - 1 file changed, 1 deletion(-) diff --git a/recipes-security/packagegroups/packagegroup-selinux

[yocto] [meta-selinux][PATCH 14/16] selinux-gui: uprev to 2.8 (20180524)

Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-gui_2.7.bb | 7 --- recipes-security/selinux/selinux-gui_2.8.bb | 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 recipes-security/selinux/selinux-gui_2.7.bb create mode 100644 recipes-security

[yocto] [meta-selinux][PATCH 13/16] selinux-dbus: uprev to 2.8 (20180524)

Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-dbus_2.7.bb | 7 --- recipes-security/selinux/selinux-dbus_2.8.bb | 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 recipes-security/selinux/selinux-dbus_2.7.bb create mode 100644 recipes-security

[yocto] [meta-selinux][PATCH 12/16] semodule-utils: uprev to 2.8 (20180524)

Remove package semodule-deps as it had been removed upstream. Signed-off-by: Yi Zhao --- recipes-security/selinux/semodule-utils.inc| 2 -- recipes-security/selinux/semodule-utils_2.7.bb | 7 --- recipes-security/selinux/semodule-utils_2.8.bb | 7 +++ 3 files changed, 7 insertions

[yocto] [meta-selinux][PATCH 11/16] selinux-python: uprev to 2.8 (20180524)

Rebase patch: fix-sepolicy-install-path.patch Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-python.inc| 2 +- .../selinux-python/fix-sepolicy-install-path.patch | 23 -- recipes-security/selinux/selinux-python_2.7.bb | 7 --- recipes-security

[yocto] [meta-selinux][PATCH 10/16] selinux-sandbox: uprev to 2.8 (20180524)

Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-sandbox_2.7.bb | 7 --- recipes-security/selinux/selinux-sandbox_2.8.bb | 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 recipes-security/selinux/selinux-sandbox_2.7.bb create mode 100644 recipes

[yocto] [meta-selinux][PATCH 09/16] restorecond: uprev to 2.8 (20180524)

Signed-off-by: Yi Zhao --- recipes-security/selinux/restorecond.inc| 4 recipes-security/selinux/restorecond_2.7.bb | 7 --- recipes-security/selinux/restorecond_2.8.bb | 7 +++ 3 files changed, 7 insertions(+), 11 deletions(-) delete mode 100644 recipes-security/selinux

[yocto] [meta-selinux][PATCH 08/16] mcstrans: uprev to 2.8 (20180524)

Signed-off-by: Yi Zhao --- recipes-security/selinux/mcstrans.inc| 1 - recipes-security/selinux/mcstrans_2.7.bb | 7 --- recipes-security/selinux/mcstrans_2.8.bb | 7 +++ 3 files changed, 7 insertions(+), 8 deletions(-) delete mode 100644 recipes-security/selinux/mcstrans_2.7.bb

[yocto] [meta-selinux][PATCH 07/16] policycoreutils: uprev to 2.8 (20180524)

Remove unused patch: policycoreutils-loadpolicy-symlink.patch Add the following patches to change commands path for backward compatibility: policycoreutils-fix-fixfiles-install-path.patch policycoreutils-fix-fixfiles-install-path.patch Signed-off-by: Yi Zhao --- recipes-security/selinux

[yocto] [meta-selinux][PATCH 06/16] secilc: uprev to 2.8 (20180524)

Signed-off-by: Yi Zhao --- recipes-security/selinux/secilc_2.7.bb | 7 --- recipes-security/selinux/secilc_2.8.bb | 7 +++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 recipes-security/selinux/secilc_2.7.bb create mode 100644 recipes-security/selinux/secilc_2.8

[yocto] [meta-selinux][PATCH 05/16] checkpolicy: uprev to 2.8 (20180524)

Signed-off-by: Yi Zhao --- recipes-security/selinux/checkpolicy.inc| 1 - recipes-security/selinux/checkpolicy_2.7.bb | 7 --- recipes-security/selinux/checkpolicy_2.8.bb | 7 +++ 3 files changed, 7 insertions(+), 8 deletions(-) delete mode 100644 recipes-security/selinux

[yocto] [meta-selinux][PATCH 04/16] libsemanage: uprev to 2.8 (20180524)

Rebase patch: 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch Signed-off-by: Yi Zhao --- recipes-security/selinux/libsemanage.inc | 12 ++-- ...rc-Makefile-fix-includedir-in-libselinux.pc.patch | 20 +++- .../{libsemanage_2.7.bb => libsemanage_2.8

[yocto] [meta-selinux][PATCH 03/16] libselinux: uprev to 2.8 (20180524)

Rebase patch: 0001-src-Makefile-fix-includedir-in-libselinux.pc.patch Signed-off-by: Yi Zhao --- recipes-security/selinux/libselinux.inc | 2 +- ...rc-Makefile-fix-includedir-in-libselinux.pc.patch | 20 +++- .../selinux/{libselinux_2.7.bb => libselinux_2.8

[yocto] [meta-selinux][PATCH 02/16] libsepol: uprev to 2.8 (20180524)

Rebase patch: 0001-src-Makefile-fix-includedir-in-libsepol.pc.patch Signed-off-by: Yi Zhao --- .../0001-src-Makefile-fix-includedir-in-libsepol.pc.patch | 13 +++-- recipes-security/selinux/libsepol_2.7.bb| 9 - recipes-security/selinux/libsepol_2.8.bb

[yocto] [meta-selinux][PATCH 01/16] selinux: uprev inc files to 2.8 (20180524)

Signed-off-by: Yi Zhao --- .../selinux/{selinux_20170804.inc => selinux_20180524.inc} | 2 +- recipes-security/selinux/selinux_common.inc | 9 + 2 files changed, 6 insertions(+), 5 deletions(-) rename recipes-security/selinux/{selinux_20170804.

[yocto] [meta-selinux][PATCH 00/16] selinux: upgrade 2.7 -> 2.8

Yi Zhao (16): selinux: uprev inc files to 2.8 (20180524) libsepol: uprev to 2.8 (20180524) libselinux: uprev to 2.8 (20180524) libsemanage: uprev to 2.8 (20180524) checkpolicy: uprev to 2.8 (20180524) secilc: uprev to 2.8 (20180524) policycoreutils: uprev to 2.8 (20180524

[yocto] [meta-security][PATCH 2/2] xmlsec1: upgrade 1.2.25 -> 1.2.26

Drop patch xmlsec1-fix-a-typo-in-examples-verify3.c.patch since the issue had been fixed upstream. Rebase patch change-finding-path-of-nss.patch Signed-off-by: Yi Zhao --- .../xmlsec1/change-finding-path-of-nss.patch | 107 ++--- .../xmlsec1-fix-a-typo-in-examples-verify3

[yocto] [meta-security][PATCH 1/2] samhain: upgrade 4.2.2 -> 4.2.4

Signed-off-by: Yi Zhao --- .../samhain/{samhain-client_4.2.2.bb => samhain-client_4.2.4.bb} | 0 .../samhain/{samhain-server_4.2.2.bb => samhain-server_4.2.4.bb} | 0 .../{samhain-standalone_4.2.2.bb => samhain-standalone_4.2.4.bb} | 0 recipes-security/samhain/sa

[yocto] [meta-selinux][PATCH 2/2] policycoreutils: add PACKAGECONFIG for libpam, audit

From: Wenzong Fan * make pam and audit support configurable; * remove INITDIR from EXTRA_OEMAKE, the variable is not supported now. Signed-off-by: Wenzong Fan Signed-off-by: Yi Zhao --- recipes-security/selinux/policycoreutils.inc | 21 ++--- 1 file changed, 14 insertions

[yocto] [meta-selinux][PATCH 1/2] selinux-python: fix installed-vs-shipped QA errors

/sepolicy-1.1.egg-info [snip] Signed-off-by: Wenzong Fan Signed-off-by: Yi Zhao --- recipes-security/selinux/selinux-python.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/selinux/selinux-python.inc b/recipes-security/selinux/selinux-python.inc index 55060e3..2a5d657

[yocto] [meta-selinux][resend][PATCH 0/2] meta-selinux fixes

Rebase and resend Wenzong's meta-selinux patches Wenzong Fan (2): selinux-python: fix installed-vs-shipped QA errors policycoreutils: add PACKAGECONFIG for libpam, audit recipes-security/selinux/policycoreutils.inc | 21 ++--- recipes-security/selinux/selinux-python.inc | 1

Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

在 2018年05月15日 00:09, Joe MacDonald 写道: [Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core] On 18.05.14 (Mon 10:05) Mark Hatle wrote: On 5/11/18 1:19 PM, Rudolf J Streif wrote: Thank you, Mark. Much appreciated and understood. Would you be open to ta

[yocto] [meta-selinux][PATCH 2/2] libcgroup: replace _virtclass-native with _class-native

The _virtclass-native is obsolete. Replace it with _class-native. Signed-off-by: Yi Zhao --- recipes-core/libcgroup/libcgroup_selinux.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-core/libcgroup/libcgroup_selinux.inc b/recipes-core/libcgroup

[yocto] [meta-selinux][PATCH 1/2] policycoreutils: replace _virtclass-native with _class-native

list so far. libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1. (No such file or directory). Signed-off-by: Yi Zhao --- recipes-security/selinux/policycoreutils.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-security

[yocto] [meta-selinux][PATCH 3/3] selinux-python: refresh patches to fix QA warning

Refresh patches with devtool command to fix do_patch warning Signed-off-by: Yi Zhao --- .../fix-TypeError-for-seobject.py.patch | 17 + .../selinux-python/fix-sepolicy-install-path.patch | 21 - .../process-ValueError-for-sepolicy-seobject.patch

  1   2   >