[Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.21 (Mon 16:01) Joe MacDonald wrote:
> [Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from > refpol.] On 13.10.21 (Mon 10:57) Joe MacDonald wrote: > > > Thought I'd best (finally) follow up to the list on this. I've been > > talking to Philip offline. These are in the queue for integration but > > some surprising things have cropped up along the way and the integration > > is being delayed a bit. > > > > I'll be grabbing the other meta-selinux update at the same time. > > Further to this, I've finished the merge of this batch and the two other > submissions I've seen for meta-selinux today. I haven't yet pushed them > to meta-selinux on git.yoctoproject.org. I'm going to let it cool off > until at least tomorrow since this one proved to be much more > problematic than I think it should have been. In the meantime, I've > pushed the pending changes to my github project: > > https://github.com/joeythesaint/meta-selinux.git > > on the contrib/joeythesaint branch. Six of the seven commits that were on that branch are now in the official meta-selinux master branch. The last is the bzip-compressed policy update. Thanks Philip. -J. > > -J. > > > > > -J. > > > > [[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from > > refpol.] On 13.10.17 (Thu 19:06) Philip Tricca wrote: > > > > > This is a resend of an earlier patch set that never made it to the list > > > AFAIK. > > > > > > The reference policy package currently pulls in a lot of python stuff > > > that isn't strictly necessary to boot an SELinux system and load a > > > policy. AFAIK this is caused by the mix of python and C utilities in > > > policycoreutils. > > > > > > This patch set breaks the policycoreutils recipe up into multiple > > > packages, one for each utility. In this way we can have the refpol etc > > > pull in only the utilities necessary for normal operation. This happens > > > to be only the utilities written in C and thus we can remove python > > > completely in a minimal image. > > > > > > I've attempted to localize these changes as much as possible so this > > > patch set should have minimal impact on recipes outside of the > > > policycoreutils. An example image reicpe is added to demonstrate a > > > minimal image with only the utilities required to load a policy and > > > manipulate the policy store (add / remove policy modules) at runtime. > > > > > > Regards, > > > - Philip > > > > > > Philip Tricca (5): > > > Break policycoreutils out into separate > > > Remove unnecessary RDEPENDS_${BPN}. > > > Remove runtime dependency on > > > Add packagegroup and image recipe for > > > Add packagegroup for policycoreutils > > > > > > .../images/core-image-selinux-minimal.bb | 15 ++ > > > .../packagegroups/packagegroup-core-selinux.bb | 4 +- > > > .../packagegroups/packagegroup-selinux-minimal.bb | 26 +++ > > > .../packagegroup-selinux-policycoreutils.bb | 36 ++++ > > > recipes-security/refpolicy/refpolicy_common.inc | 2 +- > > > recipes-security/selinux/policycoreutils.inc | 179 > > > +++++++++++++++++-- > > > 6 files changed, 245 insertions(+), 17 deletions(-) > > > > > > _______________________________________________ > > > yocto mailing list > > > yocto@yoctoproject.org > > > https://lists.yoctoproject.org/listinfo/yocto > > -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
_______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto