[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.

Joe MacDonald joe at deserted.net
Mon Oct 21 13:01:55 PDT 2013 

[Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.21 (Mon 10:57) Joe MacDonald wrote:

> Thought I'd best (finally) follow up to the list on this.  I've been
> talking to Philip offline.  These are in the queue for integration but
> some surprising things have cropped up along the way and the integration
> is being delayed a bit.
> 
> I'll be grabbing the other meta-selinux update at the same time.

Further to this, I've finished the merge of this batch and the two other
submissions I've seen for meta-selinux today.  I haven't yet pushed them
to meta-selinux on git.yoctoproject.org.  I'm going to let it cool off
until at least tomorrow since this one proved to be much more
problematic than I think it should have been.  In the meantime, I've
pushed the pending changes to my github project:

   https://github.com/joeythesaint/meta-selinux.git

on the contrib/joeythesaint branch.

-J.

> 
> -J.
> 
> [[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.] On 13.10.17 (Thu 19:06) Philip Tricca wrote:
> 
> > This is a resend of an earlier patch set that never made it to the list
> > AFAIK.
> > 
> > The reference policy package currently pulls in a lot of python stuff
> > that isn't strictly necessary to boot an SELinux system and load a
> > policy. AFAIK this is caused by the mix of python and C utilities in
> > policycoreutils.
> > 
> > This patch set breaks the policycoreutils recipe up into multiple
> > packages, one for each utility. In this way we can have the refpol etc
> > pull in only the utilities necessary for normal operation. This happens
> > to be only the utilities written in C and thus we can remove python
> > completely in a minimal image.
> > 
> > I've attempted to localize these changes as much as possible so this
> > patch set should have minimal impact on recipes outside of the
> > policycoreutils. An example image reicpe is added to demonstrate a
> > minimal image with only the utilities required to load a policy and
> > manipulate the policy store (add / remove policy modules) at runtime.
> > 
> > Regards,
> > - Philip
> > 
> > Philip Tricca (5):
> >  Break policycoreutils out into separate
> >  Remove unnecessary RDEPENDS_${BPN}.
> >  Remove runtime dependency on
> >  Add packagegroup and image recipe for
> >  Add packagegroup for policycoreutils
> > 
> >  .../images/core-image-selinux-minimal.bb           |   15 ++
> >  .../packagegroups/packagegroup-core-selinux.bb     |    4 +-
> >  .../packagegroups/packagegroup-selinux-minimal.bb  |   26 +++
> >  .../packagegroup-selinux-policycoreutils.bb        |   36 ++++
> >  recipes-security/refpolicy/refpolicy_common.inc    |    2 +-
> >  recipes-security/selinux/policycoreutils.inc       |  179 +++++++++++++++++--
> >  6 files changed, 245 insertions(+), 17 deletions(-)
> > 
> > _______________________________________________
> > yocto mailing list
> > yocto at yoctoproject.org
> > https://lists.yoctoproject.org/listinfo/yocto
> 
-- 
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20131021/8d3a9115/attachment.pgp>

More information about the yocto mailing list