| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
When usrmerge enabled in DISTRO_FEATURES,
the binary actually installed under ${base_sbindir},
so cannot remove ${D}${base_sbindir} when
usrmerge enabled.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set SBINDIR to ${base_sbindir} to fix below
issue when usrmerge enabled in DISTRO_FEATURES
| ERROR: QA Issue: policycoreutils-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge]
| WARNING: policycoreutils-2.7-r0 do_package: QA Issue: policycoreutils: Files/directories were installed but not shipped in any package:
/sbin/restorecon
/sbin/setfiles
/sbin/load_policy
/sbin/restorecon_xattr
/sbin/fixfiles
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add SBINDIR=${D}/${base_sbindir} to EXTRA_OEMAKE
to fix below error when usrmerge enabled in
DISTRO_FEATURES.
ERROR: QA Issue: mcstrans-dbg package is not obeying usrmerge distro feature. /sbin should be relocated to /usr. [usrmerge]
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
* make pam and audit support configurable;
* remove INITDIR from EXTRA_OEMAKE, the variable is not supported now.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the QA errors when enable multilib:
ERROR: selinux-python-2.7-r0 do_package: QA Issue: selinux-python:
Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/sepolicy-1.1.egg-info
[snip]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The _virtclass-native is obsolete and replaced by _class-native. In
recent oe-core commit c5aa33ac483618bc23fbaccb0a18853186f9155d the
_virtclass-native override was dropped entirely which caused
refpolicy-mls do_install failed:
libsemanage.get_home_dirs: Error while fetching users.
Returning list so far.
libsemanage.semanage_validate_and_compile_fcontexts:
setfiles returned error code 1. (No such file or directory).
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Refresh patches with devtool command to fix do_patch warning
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the discussion here:
https://www.mail-archive.com/yocto@yoctoproject.org/msg40561.html
This should fix the error encountered when building an SDK:
nothing provides semodule-utils = 2.7-r0 needed by
semodule-utils-dev-2.7-r0.core2-32
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Recent versions of bitbake starting with sumo issue warnings if
patches are applied with fuzz (in the future these will be errors).
Regenerated patches using:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Recent versions of bitbake starting with sumo issue a warning if patches are
applied with any fuzz (in the future it will be an errer).
Patches were regenerated using:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Moving the python components to their own package removes a hard
dependency on all of libsemanage but requires an explicit runtime
dependency on python.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Just moving the python script to the -python package.
This allows using libsemanage without requiring python.
Signed-off-by: Jed <jed.openxt@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because 'libdir' is set with ${base_libdir} in recipe file of audit,
package config files(.pc) are installed to ${base_libdir}/pkgconfig that
variable pkgconfigdir is set with ${libdir}/pkgconfig in makefile.
Set pkgconfigdir directly to install .pc files to right directory.
And remove setting of FILES_${PN}-dev which has been done in
bitbake.conf in oe-core.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
bb.data_smart.ExpansionError: Failure expanding variable WARN_QA[:=], expression was ${@oe_filter_out('unsafe-references-in-scripts', 'ldflags useless-rpaths rpaths staticdev libdir xorg-driver-abi textrel already-stripped incompatible-license files-invalid installed-vs-shipped compile-host-path install-host-path pn-overrides infodir build-deps unknown-configure-option symlink-to-sysroot multilib invalid-packageconfig host-user-contaminated uppercase-pn ', d)} which triggered exception NameError: name 'oe_filter_out' is not defined
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'restorecond', 'libselinux', 'python-importlib']
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
| |
* audit_2.7.6.bb : fix error [gzip: stdin: not in gzip format] and checksum
* refpolicy-minimum_git.bb : fix [Failed to resolve typeattributeset statement], dependency for "fsadm" in init.pp
* refpolicy-targeted_2.20170204.bb : added version dependent patches
* patches : separate patches for release 2.20170204 version and 2.20170805+git version
Signed-off-by: Sajjad Ahmed <sajjad_ahmed@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bring in a patch from https://github.com/vorlonofportland/setools,
commit id 790d7a538f515d27d2390f1ef56c9871b107a346.
Fixes an issue where setools fails with:
error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
snprintf(buff, 9, "@ttr%04zd", i + 1);
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
The functional call may not always work as specified, be sure to include the
() to make sure the shell knows this is a function.
Also add both findutils and grep as necessary for fixfiles to run properly
in a minimal environment. Busybox is not adequate at this time.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
| |
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Resolve warning:
${COREBASE}/LICENSE is not a valid license file, please use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM.
Also remove the obsolete PR number.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
| |
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some new packages added after SELinux uprev to 2.7, sync the package
names accordingly:
policycoreutils-audit2allow -> selinux-python-audit2allow
policycoreutils-chcat -> selinux-python-chcat
policycoreutils-python -> selinux-python
policycoreutils-semanage -> selinux-python-semanage
policycoreutils-sandbox -> selinux-sandbox
policycoreutils-sepolgen-ifgen -> selinux-python-sepolgen-ifgen
policycoreutils-sepolicy -> selinux-python-sepolicy,
selinux-dbus
policycoreutils-semodule-deps -> semodule-utils-semodule-deps
policycoreutils-semodule-expand -> semodule-utils-semodule-expand
policycoreutils-semodule-link -> semodule-utils-semodule-link
policycoreutils-semodule-package -> semodule-utils-semodule-package
system-config-selinux -> selinux-gui
sepolgen -> selinux-python-sepolgen
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SETools v4 is a rewrite of SETools in Python, details refer to:
https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3
Changes for upreving:
* removed setools_3.3.8.bb and all useless patch
* add patches to fix cross-compiling issues:
- setools4-fixes-for-cross-compiling.patch
- setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Per discussion w/ Wenzong, added meta-python as a dependency and enabled
the RDEPENDS within the new setools_4.1.1.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
| |
Those tools have been moved from policycoreutils to semodule-utils:
semodule_deps, semodule_expand, semodule_link, semodule_package
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.
Rebase patch:
- policycoreutils-fixfiles-de-bashify.patch
Drop useless patch:
- policycoreutils-loadpolicy-symlink.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update policycoreutils_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
| |
Move policycoreutils/gui to gui and cleanup policycoreutils.inc.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
| |
Move policycoreutils/sepolicy/dbus to dbus.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Move policycoreutils/semodule_* to semodule-utils/*:
- policycoreutils/semodule_deps -> semodule-utils/semodule_deps
- policycoreutils/semodule_expand -> semodule-utils/semodule_expand
- policycoreutils/semodule_link -> semodule-utils/semodule_link
- policycoreutils/semodule_package -> semodule-utils/semodule_package
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move packages to python/*:
- policycoreutils/semanage -> python/semanage
- policycoreutils/audit2allow -> python/audit2allow
- policycoreutils/sepolgen-ifgen -> python/audit2allow/sepolgen-ifgen
- policycoreutils/sepolicy -> python/sepolicy
- policycoreutils/scripts/chcat -> python/chcat
- sepolgen -> python/sepolgen
* Move and rebase patches:
- policycoreutils-fix-TypeError-for-seobject.py.patch
- policycoreutils-fix-sepolicy-install-path.patch
- policycoreutils-process-ValueError-for-sepolicy-seobject.patch
* Cleanup policycoreutils.inc and policycoreutils_2.7.bb
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update policycoreutils_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move policycoreutils/sandbox to sandbox:
* Move and rebase patch:
- policycoreutils-sandbox-de-bashify.patch
* Cleanup policycoreutils.inc
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move policycoreutils/restorecond to restorecond:
* Move and rebase patch:
- policycoreutils-make-O_CLOEXEC-optional.patch
* Cleanup policycoreutils_2.7.bb.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update policycoreutils_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move policycoreutils/mcstrans to mcstrans:
* Move and rebase patches:
- mcstrans-de-bashify.patch
- 0001-mcstrans-fix-the-init-script.patch
* Remove useless patch:
- enable-mcstrans.patch
* Cleanup policycoreutils_2.7.bb and policycoreutils.inc.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update policycoreutils_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
| |
The package has been moved to selinux-python/sepolgen.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev the recipe file as is.
Some packages have been moved out from policycoreutils, they will be
added as new packages and the policycoreutils.inc need to be cleaned
up from later commits accordingly.
Moved packages:
From: To:
- policycoreutils/gui gui
- policycoreutils/mcstrans mcstrans
- policycoreutils/restorecond restorecond
- policycoreutils/sandbox sandbox
- policycoreutils/sepolicy/dbus dbus
- policycoreutils/semodule_deps semodule-utils/semodule_deps
- policycoreutils/semodule_expand semodule-utils/semodule_expand
- policycoreutils/semodule_link semodule-utils/semodule_link
- policycoreutils/semodule_package semodule-utils/semodule_package
- policycoreutils/semanage python/semanage
- policycoreutils/audit2allow python/audit2allow
- policycoreutils/sepolgen-ifgen python/audit2allow/sepolgen-ifgen
- policycoreutils/sepolicy python/sepolicy
- policycoreutils/scripts/chcat python/chcat
Released package list refer to:
https://github.com/SELinuxProject/selinux/wiki/Releases
Cleanup the patch file that have been removed in 2.6:
- policycoreutils-fts_flags-FTS_NOCHDIR.patch
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update policycoreutils_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove patch that included by new version:
- checkpolicy-Do-not-link-against-libfl.patch
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a'
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update checkpolicy_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove patches that included by new version:
- 0001-libsemanage-simplify-string-utilities-functions.patch
- 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
- 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
- 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
- libsemanage-fix-path-len-limit.patch
Rebase patch:
- libsemanage-allow-to-disable-audit-support.patch
Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update libsemanage_git to match.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specify LIBSEPOLA to fix build error:
make[1]: *** No rule to make target `/usr/lib/libsepol.a',
needed by `python-2.7audit2why.so'. Stop.
Add python-importlib to RDEPENDS_${PN}-python.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update libselinux_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Update libsepol_git.bb
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
|
|
| |
Upgrade audit from 2.7.1 to 2.7.6
Signed-off-by: susanbian <bianyq@cn.fujitsu.com>
|
| |
|
|
|
|
|
|
| |
auditd.service should be packaged in 'auditd' instead
of 'audit' since the required binaries and config files
are all in 'auditd'.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
| |
|
|
|
|
|
| |
Underscore ("_") should be used for variable overrides.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
| |
|
|
| |
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
This updates all of the common policies. standard, minimum, mls and
targeted.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
| |
The targeted, mls and minimum recipes had fallen far behind the upstream
refpolicy repository. Refresh all patches and discard ones that are
obviously no longer needed. This should not have any functional change on
the policies.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Fixing labels after local-fs.target to make sure all mounted
filesystems labeled correctly.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The behavior of b{zip,unzip}2 an vary from host to host with
regards to a number of things such as return value or permissions.
We should always use the native bzip2 package to keep the behavior
deterministic. This change prevents a warning at do_package_qa
task of refpolicy-mls package.
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
