Age | Commit message (Collapse) | Author |
|
The libselinux SWIG wrapper imports shutil.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The do_install function is assuming that ${S}/../ is ${WORKDIR},
but this is not true when using `devtool modify audit'.
So change to use ${WORKDIR}.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Backport patch from setools upstream to fix build failure with GCC 7 due
to possible truncation of snprintf output. It could be reproduced on 64
bit bsps such as qemux86-64 and qemumips64 with configs:
SELECTED_OPTIMIZATION = "${DEBUG_OPTIMIZATION}"
DEBUG_BUILD = "1"
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The git version of libselinux libsemanage libsepol checkpolicy and
policycoreutils are far behind the master branch and now they can not
build due to the do_patch error. The current stable 2.8 version works
well so we can remove them.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
When trying to build a minimal image (eg: without python), the default
user on autologin is not mapped to the intended user/role/domain:
# id -Z
system_u:system_r:kernel_t:s0
And the following error is displayed on autologin:
Unable to get valid context for <user>
While on an image built with the core-selinux packagegroup:
# id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Adding selinux-init to the minimal package list fixes the issue.
This package does not seem to bring along additional dependencies.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Additionally, the README has fallen out of date, update it to reflect the
current reality of layer dependencies.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Audit 2.8.4 fails to build with musl. The fixes have been committed
to the upstream master branch and can be backported.
Building with glibc is unaffected.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Using AUTOREV in the main repository has its downsides.
1. The checked out version isn't actually the version depicted
by PV.
2. Breaks builds in scenarios where network isn't available
or BB_NO_NETWORK is used even after sources are already
fetched.
1 is self explanatory, for 2 whenever SRCREV is set to AUTOREV and
SRCPV is used in PV the fetcher tries to access the network in order
to determine SRCPV (bb.fetch2.get_srcrev) and fails for obvious
reasons during parsing even when versioned recipes are used as
PREFERRED_VERSION because parsing still happens for recipes that are
in BB's search paths and we see.
Traceback (most recent call last):
bb.data_smart.ExpansionError: Failure expanding variable SRCPV, expression was ${@bb.fetch2.get_srcrev(d)} which triggered exception NetworkAccess: Network access disabled through BB_NO_NETWORK (or set indirectly due to use of BB_FETCH_PREMIRRORONLY) but access requested with command git -c core.fsyncobjectfiles=0 ls-remote git://github.com/TresysTechnology/refpolicy.git (for url git://github.com/TresysTechnology/refpolicy.git)
So we lock the REVs and do that with a soft assignment which
allows overriding the REVs from elsewhere.
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Musl libc does not implement file traversal functions from fts.h.
Oe-core provides fts library which implements those. Libselinux makefile
allows us to use such additional library by specifying required linker
flags via FTS_LDLIBS variable.
Signed-off-by: Piotr Tworek <tworaz666@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
The package needs logging, json and argparse modules to start.
Additionaly, it also needs libselinux-python in order to really work.
Without it it'll just print an error message instructing the user to
install it.
Signed-off-by: Piotr Tworek <tworaz666@gmail.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
SBINDIR was changed to ${base_sbindir} in commit:
8cc9c17 policycoreutils: fix installed-but-not-shipped on updated recipes
FILES_${PN}-* must now capture files installed in ${base_sbindir}
accordingly.
Signed-off-by: Eric Chanudet <chanudete@ainfosec.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Add aarch64 support
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Remove package semodule-utils-semodule-deps as it had been removed
upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Remove package semodule-deps as it had been removed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Rebase patch:
fix-sepolicy-install-path.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Remove unused patch:
policycoreutils-loadpolicy-symlink.patch
Add the following patches to change commands path for backward
compatibility:
policycoreutils-fix-fixfiles-install-path.patch
policycoreutils-fix-fixfiles-install-path.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Rebase patch:
0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Rebase patch:
0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Rebase patch:
0001-src-Makefile-fix-includedir-in-libsepol.pc.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
When usrmerge enabled in DISTRO_FEATURES,
the binary actually installed under ${base_sbindir},
so cannot remove ${D}${base_sbindir} when
usrmerge enabled.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Set SBINDIR to ${base_sbindir} to fix below
issue when usrmerge enabled in DISTRO_FEATURES
| ERROR: QA Issue: policycoreutils-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge]
| WARNING: policycoreutils-2.7-r0 do_package: QA Issue: policycoreutils: Files/directories were installed but not shipped in any package:
/sbin/restorecon
/sbin/setfiles
/sbin/load_policy
/sbin/restorecon_xattr
/sbin/fixfiles
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Add SBINDIR=${D}/${base_sbindir} to EXTRA_OEMAKE
to fix below error when usrmerge enabled in
DISTRO_FEATURES.
ERROR: QA Issue: mcstrans-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge]
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* make pam and audit support configurable;
* remove INITDIR from EXTRA_OEMAKE, the variable is not supported now.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Fix the QA errors when enable multilib:
ERROR: selinux-python-2.7-r0 do_package: QA Issue: selinux-python:
Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/sepolicy-1.1.egg-info
[snip]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
The _virtclass-native is obsolete and replaced by _class-native. In
recent oe-core commit c5aa33ac483618bc23fbaccb0a18853186f9155d the
_virtclass-native override was dropped entirely which caused
refpolicy-mls do_install failed:
libsemanage.get_home_dirs: Error while fetching users.
Returning list so far.
libsemanage.semanage_validate_and_compile_fcontexts:
setfiles returned error code 1. (No such file or directory).
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Refresh patches with devtool command to fix do_patch warning
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Based on the discussion here:
https://www.mail-archive.com/yocto@yoctoproject.org/msg40561.html
This should fix the error encountered when building an SDK:
nothing provides semodule-utils = 2.7-r0 needed by
semodule-utils-dev-2.7-r0.core2-32
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Recent versions of bitbake starting with sumo issue warnings if
patches are applied with fuzz (in the future these will be errors).
Regenerated patches using:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Recent versions of bitbake starting with sumo issue a warning if patches are
applied with any fuzz (in the future it will be an errer).
Patches were regenerated using:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Moving the python components to their own package removes a hard
dependency on all of libsemanage but requires an explicit runtime
dependency on python.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Just moving the python script to the -python package.
This allows using libsemanage without requiring python.
Signed-off-by: Jed <jed.openxt@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Because 'libdir' is set with ${base_libdir} in recipe file of audit,
package config files(.pc) are installed to ${base_libdir}/pkgconfig that
variable pkgconfigdir is set with ${libdir}/pkgconfig in makefile.
Set pkgconfigdir directly to install .pc files to right directory.
And remove setting of FILES_${PN}-dev which has been done in
bitbake.conf in oe-core.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
bb.data_smart.ExpansionError: Failure expanding variable WARN_QA[:=], expression was ${@oe_filter_out('unsafe-references-in-scripts', 'ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi textrel already-stripped incompatible-license files-invalid installed-vs-shipped compile-host-path install-host-path pn-overrides infodir build-deps unknown-configure-option symlink-to-sysroot multilib invalid-packageconfig host-user-contaminated uppercase-pn ', d)} which triggered exception NameError: name 'oe_filter_out' is not defined
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'restorecond', 'libselinux', 'python-importlib']
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
* audit_2.7.6.bb : fix error [gzip: stdin: not in gzip format] and checksum
* refpolicy-minimum_git.bb : fix [Failed to resolve typeattributeset statement], dependency for "fsadm" in init.pp
* refpolicy-targeted_2.20170204.bb : added version dependent patches
* patches : separate patches for release 2.20170204 version and 2.20170805+git version
Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Bring in a patch from https://github.com/vorlonofportland/setools,
commit id 790d7a538f515d27d2390f1ef56c9871b107a346.
Fixes an issue where setools fails with:
error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
snprintf(buff, 9, "@ttr%04zd", i + 1);
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
The functional call may not always work as specified, be sure to include the
() to make sure the shell knows this is a function.
Also add both findutils and grep as necessary for fixfiles to run properly
in a minimal environment. Busybox is not adequate at this time.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Resolve warning:
${COREBASE}/LICENSE is not a valid license file, please use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM.
Also remove the obsolete PR number.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|