* Merge inc file into bb file.
* Drop obsolete patches:
0001-libselinux-do-not-define-gettid-for-musl.patch
libselinux-define-FD_CLOEXEC-as-necessary.patch
libselinux-make-O_CLOEXEC-optional.patch
libselinux-make-SOCK_CLOEXEC-optional.patch
Signed-off-by: Yi Zhao <yi.z...@windriver.com>
---
...elinux-do-not-define-gettid-for-musl.patch | 47 ---------
...linux-define-FD_CLOEXEC-as-necessary.patch | 33 -------
.../libselinux-make-O_CLOEXEC-optional.patch | 99 -------------------
...ibselinux-make-SOCK_CLOEXEC-optional.patch | 38 -------
recipes-security/selinux/libselinux_3.1.bb | 17 ----
.../{libselinux.inc => libselinux_3.2.bb} | 7 +-
6 files changed, 6 insertions(+), 235 deletions(-)
delete mode 100644
recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
delete mode 100644 recipes-security/selinux/libselinux_3.1.bb
rename recipes-security/selinux/{libselinux.inc => libselinux_3.2.bb} (84%)
diff --git
a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
deleted file mode 100644
index 5d6e409..0000000
---
a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 5f6f4a095bc82b29c3871d4d8a15d9c16cef39ef Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.z...@windriver.com>
-Date: Wed, 6 Jan 2021 10:42:11 +0800
-Subject: [PATCH] libselinux: do not define gettid() for musl
-
-The musl has implemented gettid() function:
-http://git.musl-libc.org/cgit/musl/commit/?id=d49cf07541bb54a5ac7aec1feec8514db33db8ea
-
-Fixes:
-procattr.c:38:14: error: static declaration of 'gettid' follows non-static
declaration
- 38 | static pid_t gettid(void)
- | ^~~~~~
-In file included from procattr.c:2:
-/build/tmp/work/core2-32-poky-linux-musl/libselinux/3.1-r0/recipe-sysroot/usr/include/unistd.h:194:7:
-note: previous declaration of 'gettid' was here
- 194 | pid_t gettid(void);
- | ^~~~~~
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao <yi.z...@windriver.com>
----
- src/procattr.c | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/src/procattr.c b/src/procattr.c
-index 926ee54..519e515 100644
---- a/src/procattr.c
-+++ b/src/procattr.c
-@@ -24,13 +24,7 @@ static __thread char destructor_initialized;
-
- /* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h
and
- * has a definition for it */
--#ifdef __BIONIC__
-- #define OVERRIDE_GETTID 0
--#elif !defined(__GLIBC_PREREQ)
-- #define OVERRIDE_GETTID 1
--#elif !__GLIBC_PREREQ(2,30)
-- #define OVERRIDE_GETTID 1
--#else
-+#if !defined(__GLIBC_)
- #define OVERRIDE_GETTID 0
- #endif
-
---
-2.17.1
-
diff --git
a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
b/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
deleted file mode 100644
index 25d4b24..0000000
---
a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d0aaf391ab30b253aa22ef6547a039bcac840fc6 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdon...@windriver.com>
-Date: Tue, 15 Oct 2013 10:14:41 -0400
-Subject: [PATCH] libselinux: define FD_CLOEXEC as necessary
-
-In truly old systems, even FD_CLOEXEC may not be defined. Produce a
-warning and duplicate the #define for FD_CLOEXEC found in
-asm-generic/fcntl.h on more modern platforms.
-
-Upstream-Status: Inappropriate
-
-Signed-off-by: Joe MacDonald <joe.macdon...@windriver.com>
-
----
- src/setrans_client.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/setrans_client.c b/src/setrans_client.c
-index fa188a8..a94f02c 100644
---- a/src/setrans_client.c
-+++ b/src/setrans_client.c
-@@ -39,6 +39,11 @@ static pthread_key_t destructor_key;
- static int destructor_key_initialized = 0;
- static __thread char destructor_initialized;
-
-+#ifndef FD_CLOEXEC
-+#warning FD_CLOEXEC undefined on this platform, this may leak file descriptors
-+#define FD_CLOEXEC 1
-+#endif
-+
- /*
- * setransd_open
- *
diff --git
a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
deleted file mode 100644
index 1d6f3a7..0000000
---
a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 802d224953294463fa9bc793e46f664ecfea057a Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdon...@windriver.com>
-Date: Fri, 11 Oct 2013 09:56:25 -0400
-Subject: [PATCH] libselinux: make O_CLOEXEC optional
-
-Various commits in the selinux tree in the current release added O_CLOEXEC
-to open() calls in an attempt to address file descriptor leaks as
-described:
-
- http://danwalsh.livejournal.com/53603.html
-
-However O_CLOEXEC isn't available on all platforms, so make it a
-compile-time option and generate a warning when it is not available. The
-actual impact of leaking these file descriptors is minimal, though it does
-produce curious AVC Denied messages.
-
-Upstream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and
POSIX since 2008]
-
-Signed-off-by: Joe MacDonald <joe.macdon...@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong....@windriver.com>
-
----
- src/procattr.c | 16 ++++++++++++++--
- src/sestatus.c | 8 +++++++-
- src/stringrep.c | 8 +++++++-
- 3 files changed, 28 insertions(+), 4 deletions(-)
-
-diff --git a/src/procattr.c b/src/procattr.c
-index 48dd8af..8bf8432 100644
---- a/src/procattr.c
-+++ b/src/procattr.c
-@@ -79,7 +79,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
- rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
- if (rc < 0)
- return -1;
-- fd = open(path, flags | O_CLOEXEC);
-+ fd = open(path, flags
-+#ifdef O_CLOEXEC
-+ | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+ );
- if (fd >= 0 || errno != ENOENT)
- goto out;
- free(path);
-@@ -92,7 +98,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
- if (rc < 0)
- return -1;
-
-- fd = open(path, flags | O_CLOEXEC);
-+ fd = open(path, flags
-+#ifdef O_CLOEXEC
-+ | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+ );
- out:
- free(path);
- return fd;
-diff --git a/src/sestatus.c b/src/sestatus.c
-index ed29dc5..0cb15b6 100644
---- a/src/sestatus.c
-+++ b/src/sestatus.c
-@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)
- return -1;
-
- snprintf(path, sizeof(path), "%s/status", selinux_mnt);
-- fd = open(path, O_RDONLY | O_CLOEXEC);
-+ fd = open(path, O_RDONLY
-+#ifdef O_CLOEXEC
-+ | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+ );
- if (fd < 0)
- goto error;
-
-diff --git a/src/stringrep.c b/src/stringrep.c
-index 2d83f96..17e9232 100644
---- a/src/stringrep.c
-+++ b/src/stringrep.c
-@@ -105,7 +105,13 @@ static struct discover_class_node * discover_class(const
char *s)
- struct stat m;
-
- snprintf(path, sizeof path, "%s/class/%s/perms/%s",
selinux_mnt,s,dentry->d_name);
-- fd = open(path, O_RDONLY | O_CLOEXEC);
-+ fd = open(path, O_RDONLY
-+#ifdef O_CLOEXEC
-+ | O_CLOEXEC
-+#else
-+#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+#endif
-+ );
- if (fd < 0)
- goto err4;
-
diff --git
a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
b/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
deleted file mode 100644
index 77a9136..0000000
---
a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From e630805d15a3b8d09330353f87a7e4a9fcc9998a Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe.macdon...@windriver.com>
-Date: Tue, 15 Oct 2013 10:07:43 -0400
-Subject: [PATCH] libselinux: make SOCK_CLOEXEC optional
-
-libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC
-before using it, however libselinux/src/avc_internal.c does not. Since
-SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older
-platforms, we need to ensure we protect the references it it in the same
-way.
-
-Upstream-Status: Inappropriate
-
-Signed-off-by: Joe MacDonald <joe.macdon...@windriver.com>
-
----
- src/avc_internal.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/avc_internal.c b/src/avc_internal.c
-index 49cecc9..148cc83 100644
---- a/src/avc_internal.c
-+++ b/src/avc_internal.c
-@@ -60,7 +60,13 @@ int avc_netlink_open(int blocking)
- int len, rc = 0;
- struct sockaddr_nl addr;
-
-- fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX);
-+ fd = socket(PF_NETLINK, SOCK_RAW
-+#ifdef SOCK_CLOEXEC
-+ | SOCK_CLOEXEC
-+#else
-+#warning SOCK_CLOEXEC undefined on this platform, this may leak file
descriptors
-+#endif
-+ , NETLINK_SELINUX);
- if (fd < 0) {
- rc = fd;
- goto out;
diff --git a/recipes-security/selinux/libselinux_3.1.bb
b/recipes-security/selinux/libselinux_3.1.bb
deleted file mode 100644
index 9d1cda5..0000000
--- a/recipes-security/selinux/libselinux_3.1.bb
+++ /dev/null
@@ -1,17 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-
-SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
-SRC_URI[sha256sum] =
"ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"
-
-SRC_URI += "\
- file://libselinux-make-O_CLOEXEC-optional.patch \
- file://libselinux-make-SOCK_CLOEXEC-optional.patch \
- file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
- "
-
-SRC_URI_append_libc-musl = " \
- file://0001-libselinux-do-not-define-gettid-for-musl.patch \
- "
diff --git a/recipes-security/selinux/libselinux.inc
b/recipes-security/selinux/libselinux_3.2.bb
similarity index 84%
rename from recipes-security/selinux/libselinux.inc
rename to recipes-security/selinux/libselinux_3.2.bb
index fe8c087..5acd576 100644
--- a/recipes-security/selinux/libselinux.inc
+++ b/recipes-security/selinux/libselinux_3.2.bb
@@ -4,20 +4,25 @@ process and file security contexts and to obtain security
policy \
decisions. Required for any applications that use the SELinux API."
SECTION = "base"
LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
+
+require selinux_common.inc
inherit lib_package python3native
DEPENDS += "libsepol libpcre"
DEPENDS_append_libc-musl = " fts"
+S = "${WORKDIR}/git/libselinux"
+
def get_policyconfigarch(d):
import re
target = d.getVar('TARGET_ARCH')
p = re.compile('i.86')
target = p.sub('i386',target)
return "ARCH=%s" % (target)
-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
+EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre'
LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52692): https://lists.yoctoproject.org/g/yocto/message/52692
Mute This Topic: https://lists.yoctoproject.org/mt/81298591/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
