[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python dependency from refpol.
Philip Tricca
flihp at twobit.us
Tue Oct 22 09:50:49 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 10/22/2013 11:37 AM, Joe MacDonald wrote:
> [Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python
> dependency from refpol.] On 13.10.21 (Mon 16:01) Joe MacDonald
> wrote:
>
>> [Re: [yocto] [meta-selinux][PATCH 0/5] Resend: Remove python
>> dependency from refpol.] On 13.10.21 (Mon 10:57) Joe MacDonald
>> wrote:
>>
>>> Thought I'd best (finally) follow up to the list on this.
>>> I've been talking to Philip offline. These are in the queue
>>> for integration but some surprising things have cropped up
>>> along the way and the integration is being delayed a bit.
>>>
>>> I'll be grabbing the other meta-selinux update at the same
>>> time.
>>
>> Further to this, I've finished the merge of this batch and the
>> two other submissions I've seen for meta-selinux today. I
>> haven't yet pushed them to meta-selinux on git.yoctoproject.org.
>> I'm going to let it cool off until at least tomorrow since this
>> one proved to be much more problematic than I think it should
>> have been. In the meantime, I've pushed the pending changes to
>> my github project:
>>
>> https://github.com/joeythesaint/meta-selinux.git
>>
>> on the contrib/joeythesaint branch.
>
> Six of the seven commits that were on that branch are now in the
> official meta-selinux master branch. The last is the
> bzip-compressed policy update.
>
> Thanks Philip.
Sure thing Joe. Thanks for spending the time to get these integrated.
- - Philip
>
> -J.
>
>>
>> -J.
>>
>>>
>>> -J.
>>>
>>> [[yocto] [meta-selinux][PATCH 0/5] Resend: Remove python
>>> dependency from refpol.] On 13.10.17 (Thu 19:06) Philip Tricca
>>> wrote:
>>>
>>>> This is a resend of an earlier patch set that never made it
>>>> to the list AFAIK.
>>>>
>>>> The reference policy package currently pulls in a lot of
>>>> python stuff that isn't strictly necessary to boot an
>>>> SELinux system and load a policy. AFAIK this is caused by the
>>>> mix of python and C utilities in policycoreutils.
>>>>
>>>> This patch set breaks the policycoreutils recipe up into
>>>> multiple packages, one for each utility. In this way we can
>>>> have the refpol etc pull in only the utilities necessary for
>>>> normal operation. This happens to be only the utilities
>>>> written in C and thus we can remove python completely in a
>>>> minimal image.
>>>>
>>>> I've attempted to localize these changes as much as possible
>>>> so this patch set should have minimal impact on recipes
>>>> outside of the policycoreutils. An example image reicpe is
>>>> added to demonstrate a minimal image with only the utilities
>>>> required to load a policy and manipulate the policy store
>>>> (add / remove policy modules) at runtime.
>>>>
>>>> Regards, - Philip
>>>>
>>>> Philip Tricca (5): Break policycoreutils out into separate
>>>> Remove unnecessary RDEPENDS_${BPN}. Remove runtime
>>>> dependency on Add packagegroup and image recipe for Add
>>>> packagegroup for policycoreutils
>>>>
>>>> .../images/core-image-selinux-minimal.bb | 15 ++
>>>> .../packagegroups/packagegroup-core-selinux.bb | 4 +-
>>>> .../packagegroups/packagegroup-selinux-minimal.bb | 26
>>>> +++ .../packagegroup-selinux-policycoreutils.bb |
>>>> 36 ++++ recipes-security/refpolicy/refpolicy_common.inc |
>>>> 2 +- recipes-security/selinux/policycoreutils.inc | 179
>>>> +++++++++++++++++-- 6 files changed, 245 insertions(+), 17
>>>> deletions(-)
>>>>
>>>> _______________________________________________ yocto
>>>> mailing list yocto at yoctoproject.org
>>>> https://lists.yoctoproject.org/listinfo/yocto
>>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQIcBAEBCgAGBQJSZqzpAAoJEDL3fnXC4dO6Z6UP/0UoTumQK0wIlyk4YviqsTKr
E0F62JvgzCgf9BLadGmbBSEvgS9Zg50fGr+wM4p0wc7TW2egNnQrPQRa70Y2ycjL
jEQhBRuW6HFTSNZYTsrrt20IjE7nTQEDQnvSZW18lDMKbSyWHdrLGL9lgqWKjiRC
mf0g6cyO4CNnhxdYIZvWTNWoDdbDTQRpyzWhO2S4YkM7Vkh7lvg3IPadGwTAd6MM
nGS6iLKaaaUcqw/i5axOwd8xH2C0/MGDPPYkRwcxAjU7nuH4uOS5uaq5k0dGiuLF
IRp374YwCOypcPtmZT0w3C80CmJSC6e2fxHeH8xQNWBnsFSweG3sT/9DGhVYeZky
HuvkFFFKmsbSfZHFuTQsH5AiV3YaHQTOgWCefQ22xCDEB03t52E6IPY0rAzlxXIi
apL8fhtHjlQ0GaY5yoV7n6+KyfqlQm7WpHXAqowfWEYS3P/pVPJe4pTq+PrzadF2
o5DpGVR5Du2QzLBsFZetFIrLg3kKYkq9011RHwBFl9frsVxTYAdBm58GvceBJL1K
wecuveTH30KhYjiDzMZTNL3Tm/vMJLL/CzIWF5NdrMwCUt8+TwFGJvB7a2QEssS0
14SMdPKjtvbGutlAkOT/9T/1HrpIZhoZtkwEnyKgdXEk469+Vp6aBHjf52JPHyFn
5JJhKda01naDs+KA9G6p
=uocy
-----END PGP SIGNATURE-----
More information about the yocto
mailing list