[meta-virtualization] [PATCH] meta-virtualization: add layer depends on selinux
Mark Hatle
mark.hatle at windriver.com
Fri Jul 26 09:46:16 PDT 2019
On 7/25/19 9:38 PM, Bruce Ashfield wrote:
>
>
> On Thu, Jul 25, 2019 at 10:31 PM Bruce Ashfield <bruce.ashfield at gmail.com
> <mailto:bruce.ashfield at gmail.com>> wrote:
>
>
>
> On Thu, Jul 25, 2019 at 9:57 PM Yu, Mingli <mingli.yu at windriver.com
> <mailto:mingli.yu at windriver.com>> wrote:
>
>
>
> On 2019年07月26日 02:28, Bruce Ashfield wrote:
> > On Wed, Jul 24, 2019 at 11:43 PM <mingli.yu at windriver.com
> <mailto:mingli.yu at windriver.com>> wrote:
> >>
> >> From: Mingli Yu <Mingli.Yu at windriver.com
> <mailto:Mingli.Yu at windriver.com>>
> >>
> >> Since cri-o of meta-virtualization depends on
> >> libselinux which comes from selinux, add missing
> >> layer depends back.
> >
> > This is already covered in the README. Since cri-o is optional, I
> > didn't want it to be a hard depends.
>
> Not matter cri-o is optional or not, but first the cri-o recipe indeed
> exists in meta-virtualization layer until now as
> ./meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> <http://cri-o_git.bb> and second
> there is below logic in
>
>
> considering that I wrote the recipe .. I know this.
>
>
>
> ./meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> <http://cri-o_git.bb> and clearly
> it depends on libselinux.
> DEPENDS = " \
> glib-2.0 \
> btrfs-tools \
> gpgme \
> ostree \
> libdevmapper \
> libseccomp \
> libselinux \
> "
Why does cri-o (any version) require libselinux? (libseccomp I can see).
Is this something that changed upstream to make it mandatory? If so, any way to
reverse it? selinux is horribly heavy weight for a lot of things.
> So we should add the layer depends selinux(libselinux in selinux layer)
> for meta-virtualization layer, otherwise there comes below error when do
> yocto compliance check:
> ERROR: Nothing PROVIDES 'libselinux' (but
> /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> <http://cri-o_git.bb>
> DEPENDS on or otherwise requires it)
>
>
> My point is that I disagree with that compliance check. Unless I'm building
> the recipe, I don't have that dependency, I want a way to express that.
>
>
> That being said, I did merge the patch so the layer will be in compliance while
> I look into options for not always requiring that dependency.
The way to do this is make the recipe based on a dynamic dependency.
IMHO the -best- way to do this, if possible, is to split the libselinux
dependency out. Make it buildable with it. But either way the setup is similar.
conf/layer.conf:
BBFILES_DYNAMIC += "selinux:${LAYERDIR}/dynamic-layers/selinux/recipes*/*/*.bb \
selinux:${LAYERDIR}/dynamic-layers/selinux/recipes*/*/*.bbappend"
LAYERRECOMMENDS_<collection> = " \
selinux \
"
The above says that selinux is recommended for use with this (layerindex can
read this and process it.) The BBFILES_DYNAMIC says to only bring in that path
if 'selinux' collection is available.
Then move the recipe (or break out the selinux part in a bbappend) into:
dynamic-layers/selinux/recipes-containers/cri-o/...
--Mark
> Bruce
>
>
>
>
> Bruce
>
>
>
> ERROR: Required build target 'meta-world-pkgdata' has no buildable
> providers.
>
> Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> 'cri-o', 'libselinux'
> ]
>
> Thanks,
>
> >
> > Required for cri-o:
> > URI: git://github.com/advancedtelematic/meta-updater
> <http://github.com/advancedtelematic/meta-updater>
> > URI: git://git.yoctoproject.org/meta-selinux
> <http://git.yoctoproject.org/meta-selinux>
> > URI: git://git.yoctoproject.org/meta-security
> <http://git.yoctoproject.org/meta-security>
> > branch: master
> > revision: HEAD
> > prio: default
> >
> >
> > I haven't seen a way to do a conditional depends .. has anyone else ?
> >
> > Bruce
> >
> >>
> >> Signed-off-by: Mingli Yu <Mingli.Yu at windriver.com
> <mailto:Mingli.Yu at windriver.com>>
> >> ---
> >> conf/layer.conf | 1 +
> >> 1 file changed, 1 insertion(+)
> >>
> >> diff --git a/conf/layer.conf b/conf/layer.conf
> >> index be1f222..23efcb8 100644
> >> --- a/conf/layer.conf
> >> +++ b/conf/layer.conf
> >> @@ -21,6 +21,7 @@ LAYERDEPENDS_virtualization-layer = " \
> >> networking-layer \
> >> filesystems-layer \
> >> meta-python \
> >> + selinux \
> >> "
> >>
> >> # webserver: naigos requires apache2
> >> --
> >> 2.7.4
> >>
> >
> >
>
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await thee
> at its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at
> its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
More information about the meta-virtualization
mailing list