From 6554a270ed267b587ac36f34f10e63563a27d601 Mon Sep 17 00:00:00 2001 From: Xin Ouyang Date: Wed, 11 Apr 2012 17:40:01 +0800 Subject: Pick selinux(v2.20120215) bb changes to git bb recipes. selinux packages v2.20120215: * libselinux-2.1.9 * libsemanage-2.1.6 * checkpolicy-2.1.8 * policycoreutils-2.1.10 * sepolgen-1.1.5 --- recipes-security/selinux/checkpolicy_git.bb | 8 +++++++- recipes-security/selinux/libselinux_git.bb | 2 +- recipes-security/selinux/libsemanage_git.bb | 16 +++++++++++----- recipes-security/selinux/policycoreutils_git.bb | 17 +++++++++-------- recipes-security/selinux/sepolgen_git.bb | 14 +++++++++++++- 5 files changed, 41 insertions(+), 16 deletions(-) diff --git a/recipes-security/selinux/checkpolicy_git.bb b/recipes-security/selinux/checkpolicy_git.bb index 424e6f2..3653306 100644 --- a/recipes-security/selinux/checkpolicy_git.bb +++ b/recipes-security/selinux/checkpolicy_git.bb @@ -1,5 +1,11 @@ SUMMARY = "SELinux policy compiler" -DESCRIPTION = "SELinux policy compiler" +DESCRIPTION = "\ +This package contains checkpolicy, the SELinux policy compiler. Only \ +required for building policies. It uses libsepol to generate the \ +binary policy. checkpolicy uses the static libsepol since it deals \ +with low level details of the policy that have not been \ +encapsulated/abstracted by a proper shared library interface." + SECTION = "base" PR = "r1" LICENSE = "GPLv2+" diff --git a/recipes-security/selinux/libselinux_git.bb b/recipes-security/selinux/libselinux_git.bb index 286af67..c9446f9 100644 --- a/recipes-security/selinux/libselinux_git.bb +++ b/recipes-security/selinux/libselinux_git.bb @@ -4,7 +4,7 @@ process and file security contexts and to obtain security policy \ decisions. Required for any applications that use the SELinux API." SECTION = "base" PR = "r1" -LICENSE = "NSA-Public_Domain" +LICENSE = "Public Domain" LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0" include selinux_git.inc diff --git a/recipes-security/selinux/libsemanage_git.bb b/recipes-security/selinux/libsemanage_git.bb index 3bcbc05..4f4864d 100644 --- a/recipes-security/selinux/libsemanage_git.bb +++ b/recipes-security/selinux/libsemanage_git.bb @@ -17,13 +17,15 @@ PV = "2.1.6+git${SRCPV}" DEPENDS += "libsepol libselinux ustr bzip2 python" SRC_URI += "file://Fix-segfault-for-standard-policy.patch" +SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch" +SRC_URI += "file://libsemanage-semanage.conf-for-cross-compile.patch" PACKAGES += "${PN}-python" FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*" do_compile_append() { - oe_runmake pywrap -j1 \ + oe_runmake pywrap \ INCLUDEDIR='${STAGING_INCDIR}' \ LIBDIR='${STAGING_LIBDIR}' \ PYLIBVER='python${PYTHON_BASEVERSION}' \ @@ -32,14 +34,18 @@ do_compile_append() { PYTHONLIBDIR='${PYLIB}' } -do_install_append() { +do_install() { + oe_runmake install \ + DESTDIR="${D}" \ + PREFIX="${D}/${prefix}" \ + INCLUDEDIR="${D}/${includedir}" \ + LIBDIR="${D}/${libdir}" \ + SHLIBDIR="${D}/${libdir}" + oe_runmake install-pywrap swigify \ DESTDIR=${D} \ PYLIBVER='python${PYTHON_BASEVERSION}' \ PYLIBDIR='${D}/${libdir}/$(PYLIBVER)' - cd ${D}${libdir} && \ - rm -f libsemanage.so && \ - ln -s ../../`basename ${libdir}`/libsemanage.so.1 libsemanage.so } BBCLASSEXTEND = "native" diff --git a/recipes-security/selinux/policycoreutils_git.bb b/recipes-security/selinux/policycoreutils_git.bb index 668dec8..e25d692 100644 --- a/recipes-security/selinux/policycoreutils_git.bb +++ b/recipes-security/selinux/policycoreutils_git.bb @@ -14,15 +14,16 @@ include selinux_git.inc SRCREV = "339f8079d7b9dd1e0b0138e2d096dc7c60b2092e" PV = "2.1.10+git${SRCPV}" -DEPENDS += "libsepol libselinux libsemanage libcap-ng libcgroup" -DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam audit', '', d)}" +DEPENDS += "libsepol libselinux libsemanage" +DEPENDS_${BPN} += "libcap-ng libcgroup" +DEPENDS_${BPN} += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam audit', '', d)}" -RDEPENDS_${PN} += "\ +RDEPENDS_${BPN} += "\ libselinux-python \ libsemanage-python \ sepolgen \ " -RDEPENDS_${PN} += "\ +RDEPENDS_${BPN} += "\ python \ python-unixadmin \ python-shell \ @@ -32,9 +33,7 @@ RDEPENDS_${PN} += "\ python-textutils \ python-IPy \ " -#RDEPENDS_${PN} += "setools" - -RDEPENDS_${PN}_virtclass-native = "python-native sepolgen-native" +RDEPENDS_${BPN} += "setools" PACKAGES =+ "${PN}-python ${PN}-sandbox" @@ -44,7 +43,9 @@ FILES_${PN}-sandbox += "${bindir}/sandbox" FILES_${PN}-sandbox += "${sbindir}/seunshare" CFLAGS_append = " -Wno-error=format-security" -EXTRA_OEMAKE += "${@base_contains('DISTRO_FEATURES', 'pam', 'PAMH=y AUDITH=y', '', d)}" +AUDITH="`ls ${STAGING_INCDIR}/libaudit.h >/dev/null 2>&1 && echo /usr/include/libaudit.h `" +PAMH="`ls ${STAGING_INCDIR}/security/pam_appl.h >/dev/null 2>&1 && echo /usr/include/security/pam_appl.h `" +EXTRA_OEMAKE += "PAMH=${PAMH} AUDITH=${AUDITH} INOTIFYH=n" EXTRA_OEMAKE += "PREFIX=${D}" BBCLASSEXTEND = "native" diff --git a/recipes-security/selinux/sepolgen_git.bb b/recipes-security/selinux/sepolgen_git.bb index e665cd0..3a14b0b 100644 --- a/recipes-security/selinux/sepolgen_git.bb +++ b/recipes-security/selinux/sepolgen_git.bb @@ -1,5 +1,17 @@ SUMMARY = "Python modules for supporting various SELinux utilities." -DESCRIPTION = "Python modules for supporting various SELinux utilities." +DESCRIPTION = "\ +This package contains a Python module that forms the core of the \ +modern audit2allow (which is a part of the package policycoreutils). \ +The sepolgen library is structured to give flexibility to the \ +application using it. The library contains: Reference Policy \ +Representation, which are Objects for representing policies and the \ +reference policy interfaces. Secondly, it has objects and algorithms \ +for representing access and sets of access in an abstract way and \ +searching that access. It also has a parser for reference policy \ +"headers". It contains infrastructure for parsing SELinux related \ +messages as produced by the audit system. It has facilities for \ +generating policy based on required access." + SECTION = "base" PR = "r1" LICENSE = "LGPLv2+" -- cgit v1.2.3-54-g00ecf