From 7d634556b0400548dd2898d1c523a7a44432cf50 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sun, 28 Aug 2022 10:29:26 +0800 Subject: policycoreutils: upgrade 3.3 -> 3.4 Refresh patch. Signed-off-by: Yi Zhao Signed-off-by: Joe MacDonald --- .../policycoreutils-fixfiles-de-bashify.patch | 14 +- recipes-security/selinux/policycoreutils_3.3.bb | 179 --------------------- recipes-security/selinux/policycoreutils_3.4.bb | 179 +++++++++++++++++++++ 3 files changed, 186 insertions(+), 186 deletions(-) delete mode 100644 recipes-security/selinux/policycoreutils_3.3.bb create mode 100644 recipes-security/selinux/policycoreutils_3.4.bb diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch index 70cdd4f..0e80959 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch +++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch @@ -1,4 +1,4 @@ -From 25ca94680f2fe20f49b80e8b5b180a0dbb903f17 Mon Sep 17 00:00:00 2001 +From cdc8f6e887d9ab8944e3ae89dd18bf55edf080c4 Mon Sep 17 00:00:00 2001 From: Joe MacDonald Date: Fri, 20 Feb 2015 17:00:19 -0500 Subject: [PATCH] fixfiles: de-bashify @@ -10,7 +10,7 @@ necessarily the best option here. Introducing a second invocation of rpm is minimal overhead on an operation that should happen very infrequently, so we'll try that instead. -Upstream-Status: Pending +Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Joe MacDonald Signed-off-by: Wenzong Fan @@ -19,7 +19,7 @@ Signed-off-by: Wenzong Fan 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/scripts/fixfiles b/scripts/fixfiles -index 1aa330f..a10837d 100755 +index c72ca0e..143cc2e 100755 --- a/scripts/fixfiles +++ b/scripts/fixfiles @@ -1,4 +1,4 @@ @@ -51,7 +51,7 @@ index 1aa330f..a10837d 100755 exclude_from_relabelling="$exclude_from_relabelling -e $i" done < /etc/selinux/fixfiles_exclude_dirs fi -@@ -138,7 +139,7 @@ fi +@@ -140,7 +141,7 @@ fi # Log directories excluded from relabelling by configuration file # LogExcluded() { @@ -60,7 +60,7 @@ index 1aa330f..a10837d 100755 echo "skipping the directory $i" done } -@@ -201,8 +202,12 @@ fi +@@ -203,8 +204,12 @@ fi } rpmlist() { @@ -75,7 +75,7 @@ index 1aa330f..a10837d 100755 } # -@@ -276,7 +281,7 @@ relabel() { +@@ -295,7 +300,7 @@ relabel() { exit 1 fi @@ -85,5 +85,5 @@ index 1aa330f..a10837d 100755 return fi -- -2.13.0 +2.25.1 diff --git a/recipes-security/selinux/policycoreutils_3.3.bb b/recipes-security/selinux/policycoreutils_3.3.bb deleted file mode 100644 index 552d354..0000000 --- a/recipes-security/selinux/policycoreutils_3.3.bb +++ /dev/null @@ -1,179 +0,0 @@ -SUMMARY = "SELinux policy core utilities" -DESCRIPTION = "policycoreutils contains the policy core utilities that are required \ -for basic operation of a SELinux system. These utilities include \ -load_policy to load policies, setfiles to label filesystems, newrole \ -to switch roles, and run_init to run /etc/init.d scripts in the proper \ -context." -SECTION = "base" -LICENSE = "GPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833" - -require selinux_common.inc - -SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://policycoreutils-fixfiles-de-bashify.patch \ - " - -PAM_SRC_URI = "file://pam.d/newrole \ - file://pam.d/run_init \ - " - -DEPENDS += "libsepol libselinux libsemanage libcap gettext-native" -EXTRA_DEPENDS = "libcap-ng libcgroup" -DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}" - -S = "${WORKDIR}/git/policycoreutils" - -inherit selinux python3native - -RDEPENDS:${BPN}-fixfiles += "\ - ${BPN}-setfiles \ - grep \ - findutils \ -" -RDEPENDS:${BPN}-genhomedircon += "\ - ${BPN}-semodule \ -" -RDEPENDS:${BPN}-loadpolicy += "\ - libselinux \ - libsepol \ -" -RDEPENDS:${BPN}-newrole += "\ - libcap-ng \ - libselinux \ -" -RDEPENDS:${BPN}-runinit += "libselinux" -RDEPENDS:${BPN}-secon += "libselinux" -RDEPENDS:${BPN}-semodule += "\ - libsepol \ - libselinux \ - libsemanage \ -" -RDEPENDS:${BPN}-sestatus += "libselinux" -RDEPENDS:${BPN}-setfiles += "\ - libselinux \ - libsepol \ -" -RDEPENDS:${BPN}-setsebool += "\ - libsepol \ - libselinux \ - libsemanage \ -" -RDEPENDS:${BPN} += "selinux-python" - -PACKAGES =+ "\ - ${PN}-fixfiles \ - ${PN}-genhomedircon \ - ${PN}-hll \ - ${PN}-loadpolicy \ - ${PN}-newrole \ - ${PN}-runinit \ - ${PN}-secon \ - ${PN}-semodule \ - ${PN}-sestatus \ - ${PN}-setfiles \ - ${PN}-setsebool \ -" -FILES:${PN}-fixfiles += "${base_sbindir}/fixfiles" -FILES:${PN}-genhomedircon += "${base_sbindir}/genhomedircon" -FILES:${PN}-loadpolicy += "\ - ${base_sbindir}/load_policy \ -" -FILES:${PN}-newrole += "\ - ${bindir}/newrole \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \ -" -FILES:${PN}-runinit += "\ - ${base_sbindir}/run_init \ - ${base_sbindir}/open_init_pty \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \ -" -FILES:${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug" -FILES:${PN}-secon += "${bindir}/secon" -FILES:${PN}-semodule += "${base_sbindir}/semodule" -FILES:${PN}-hll += "${prefix}/libexec/selinux/hll/*" -FILES:${PN}-sestatus += "\ - ${base_sbindir}/sestatus \ - ${sysconfdir}/sestatus.conf \ -" -FILES:${PN}-setfiles += "\ - ${base_sbindir}/restorecon \ - ${base_sbindir}/restorecon_xattr \ - ${base_sbindir}/setfiles \ -" -FILES:${PN}-setsebool += "\ - ${base_sbindir}/setsebool \ - ${datadir}/bash-completion/completions/setsebool \ -" - -export STAGING_INCDIR -export STAGING_LIBDIR -export BUILD_SYS -export HOST_SYS - -PACKAGECONFIG:class-target ?= "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)} \ - audit \ -" - -PACKAGECONFIG[libpam] = ",,libpam," -PACKAGECONFIG[audit] = ",,audit," - -EXTRA_OEMAKE += "\ - ${@bb.utils.contains('PACKAGECONFIG', 'libpam', 'PAMH=y', 'PAMH=', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'AUDITH=y', 'AUDITH=', d)} \ - INOTIFYH=n \ - PREFIX=${prefix} \ - SBINDIR=${base_sbindir} \ -" - -BBCLASSEXTEND = "native" - -PCU_NATIVE_CMDS = "setfiles semodule hll" - -do_compile:class-native() { - for PCU_CMD in ${PCU_NATIVE_CMDS} ; do - oe_runmake -C $PCU_CMD \ - INCLUDEDIR='${STAGING_INCDIR}' \ - LIBDIR='${STAGING_LIBDIR}' - done -} - -sysroot_stage_dirs:append:class-native() { - cp -R $from/${prefix}/libexec $to/${prefix}/libexec -} - -do_compile:prepend() { - export PYTHON=python3 - export PYLIBVER='python${PYTHON_BASEVERSION}' - export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}" - export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so" - export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages" -} - -do_install:prepend() { - export PYTHON=python3 - export SBINDIR="${D}/${base_sbindir}" -} - -do_install:class-native() { - for PCU_CMD in ${PCU_NATIVE_CMDS} ; do - oe_runmake -C $PCU_CMD install \ - DESTDIR="${D}" \ - PREFIX="${prefix}" \ - SBINDIR="${base_sbindir}" - done -} - -do_install:append:class-target() { - if [ -e ${WORKDIR}/pam.d ]; then - install -d ${D}${sysconfdir}/pam.d/ - install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ - fi - - # /var/lib/selinux is involved by seobject.py: - # + dirname = "/var/lib/selinux" - # and it's required for running command: - # $ semanage permissive [OPTS] - install -d ${D}${localstatedir}/lib/selinux -} diff --git a/recipes-security/selinux/policycoreutils_3.4.bb b/recipes-security/selinux/policycoreutils_3.4.bb new file mode 100644 index 0000000..ab871a3 --- /dev/null +++ b/recipes-security/selinux/policycoreutils_3.4.bb @@ -0,0 +1,179 @@ +SUMMARY = "SELinux policy core utilities" +DESCRIPTION = "policycoreutils contains the policy core utilities that are required \ +for basic operation of a SELinux system. These utilities include \ +load_policy to load policies, setfiles to label filesystems, newrole \ +to switch roles, and run_init to run /etc/init.d scripts in the proper \ +context." +SECTION = "base" +LICENSE = "GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833" + +require selinux_common.inc + +SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://policycoreutils-fixfiles-de-bashify.patch \ + " + +PAM_SRC_URI = "file://pam.d/newrole \ + file://pam.d/run_init \ + " + +DEPENDS = "libsepol libselinux libsemanage gettext-native" +DEPENDS:append:class-target = " libcap-ng" + +S = "${WORKDIR}/git/policycoreutils" + +inherit selinux python3native + +RDEPENDS:${PN}-fixfiles = "\ + ${PN}-setfiles \ + grep \ + findutils \ +" +RDEPENDS:${PN}-genhomedircon = "\ + ${PN}-semodule \ +" +RDEPENDS:${PN}-loadpolicy = "\ + libselinux \ + libsepol \ +" +RDEPENDS:${PN}-newrole = "\ + libcap-ng \ + libselinux \ +" +RDEPENDS:${PN}-runinit = "libselinux" +RDEPENDS:${PN}-secon = "libselinux" +RDEPENDS:${PN}-semodule = "\ + libsepol \ + libselinux \ + libsemanage \ +" +RDEPENDS:${PN}-sestatus = "libselinux" +RDEPENDS:${PN}-setfiles = "\ + libselinux \ + libsepol \ +" +RDEPENDS:${PN}-setsebool = "\ + libsepol \ + libselinux \ + libsemanage \ +" +RDEPENDS:${PN}:class-target = "selinux-python" + +PACKAGES =+ "\ + ${PN}-fixfiles \ + ${PN}-genhomedircon \ + ${PN}-hll \ + ${PN}-loadpolicy \ + ${PN}-newrole \ + ${PN}-runinit \ + ${PN}-secon \ + ${PN}-semodule \ + ${PN}-sestatus \ + ${PN}-setfiles \ + ${PN}-setsebool \ +" +FILES:${PN}-fixfiles = "${base_sbindir}/fixfiles" +FILES:${PN}-genhomedircon = "${base_sbindir}/genhomedircon" +FILES:${PN}-loadpolicy = "\ + ${base_sbindir}/load_policy \ +" +FILES:${PN}-newrole = "\ + ${bindir}/newrole \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \ +" +FILES:${PN}-runinit = "\ + ${base_sbindir}/run_init \ + ${base_sbindir}/open_init_pty \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \ +" +FILES:${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug" +FILES:${PN}-secon = "${bindir}/secon" +FILES:${PN}-semodule = "${base_sbindir}/semodule" +FILES:${PN}-hll = "${prefix}/libexec/selinux/hll/*" +FILES:${PN}-sestatus = "\ + ${base_sbindir}/sestatus \ + ${sysconfdir}/sestatus.conf \ +" +FILES:${PN}-setfiles = "\ + ${base_sbindir}/restorecon \ + ${base_sbindir}/restorecon_xattr \ + ${base_sbindir}/setfiles \ +" +FILES:${PN}-setsebool = "\ + ${base_sbindir}/setsebool \ + ${datadir}/bash-completion/completions/setsebool \ +" + +export STAGING_INCDIR +export STAGING_LIBDIR +export BUILD_SYS +export HOST_SYS + +PACKAGECONFIG:class-target ?= "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)} \ + audit \ +" +PACKAGECONFIG:class-native ?= "" + +PACKAGECONFIG[libpam] = ",,libpam," +PACKAGECONFIG[audit] = ",,audit," + +EXTRA_OEMAKE = "\ + ${@bb.utils.contains('PACKAGECONFIG', 'libpam', 'PAMH=y', 'PAMH=', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'AUDITH=y', 'AUDITH=', d)} \ + INOTIFYH=n \ + PREFIX=${prefix} \ + SBINDIR=${base_sbindir} \ +" + +BBCLASSEXTEND = "native" + +PCU_NATIVE_CMDS = "setfiles semodule hll" + +do_compile:prepend() { + export PYTHON=python3 + export PYLIBVER='python${PYTHON_BASEVERSION}' + export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}" + export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so" + export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages" +} + +do_compile:class-native() { + for PCU_CMD in ${PCU_NATIVE_CMDS} ; do + oe_runmake -C $PCU_CMD \ + INCLUDEDIR='${STAGING_INCDIR}' \ + LIBDIR='${STAGING_LIBDIR}' + done +} + +sysroot_stage_dirs:append:class-native() { + cp -R $from/${prefix}/libexec $to/${prefix}/libexec +} + +do_install:prepend() { + export PYTHON=python3 + export SBINDIR="${D}/${base_sbindir}" +} + +do_install:class-native() { + for PCU_CMD in ${PCU_NATIVE_CMDS} ; do + oe_runmake -C $PCU_CMD install \ + DESTDIR="${D}" \ + PREFIX="${prefix}" \ + SBINDIR="${base_sbindir}" + done +} + +do_install:append:class-target() { + if [ -e ${WORKDIR}/pam.d ]; then + install -d ${D}${sysconfdir}/pam.d/ + install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ + fi + + # /var/lib/selinux is involved by seobject.py: + # + dirname = "/var/lib/selinux" + # and it's required for running command: + # $ semanage permissive [OPTS] + install -d ${D}${localstatedir}/lib/selinux +} -- cgit v1.2.3-54-g00ecf