[yocto] [meta-security][PATCH 2/2] Bastille: Remove dependency on lib-perl
Joe MacDonald
joe at deserted.net
Thu Sep 19 21:20:14 PDT 2013
Bastille never uses more than the minimal functionality provided by the
'lib' module, just pre-pending a named directory to @INC (and, optionally,
the directory with a ${archname}/auto appended to it). Lighten this a bit
by updating the Bastille code base and remove lib-perl from meta-security
entirely since it no longer serves any purpose.
Signed-off-by: Joe MacDonald <joe at deserted.net>
---
recipes-security/bastille/bastille_3.2.1.bb | 3 +-
...-lib-remove-dependency-on-lib-perl-module.patch | 495 ++++++++++++++++++++
recipes-security/perl/lib-perl_0.63.bb | 28 --
3 files changed, 497 insertions(+), 29 deletions(-)
create mode 100644 recipes-security/bastille/files/0001-lib-remove-dependency-on-lib-perl-module.patch
delete mode 100644 recipes-security/perl/lib-perl_0.63.bb
diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb
index d506399..20a331a 100644
--- a/recipes-security/bastille/bastille_3.2.1.bb
+++ b/recipes-security/bastille/bastille_3.2.1.bb
@@ -6,7 +6,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
# Bash is needed for set +o privileged (check busybox), might also need ncurses
DEPENDS = "virtual/kernel"
-RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils"
+RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils"
FILES_${PN} += "/run/lock/subsys/bastille"
inherit allarch module-base
@@ -32,6 +32,7 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3
file://edit_usage_message.patch \
file://organize_distro_discovery.patch \
file://do_not_apply_config.patch \
+ file://0001-lib-remove-dependency-on-lib-perl-module.patch \
"
SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b"
diff --git a/recipes-security/bastille/files/0001-lib-remove-dependency-on-lib-perl-module.patch b/recipes-security/bastille/files/0001-lib-remove-dependency-on-lib-perl-module.patch
new file mode 100644
index 0000000..a3ec88d
--- /dev/null
+++ b/recipes-security/bastille/files/0001-lib-remove-dependency-on-lib-perl-module.patch
@@ -0,0 +1,495 @@
+From 23126d70d69251b735bd8f0e43c3b7c299e7ab0f Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe at deserted.net>
+Date: Thu, 19 Sep 2013 10:16:53 -0400
+Subject: [PATCH] lib: remove dependency on lib-perl module
+
+The perl 'lib' module isn't really necessary based on the usage pattern in
+Bastille, so remove the dependency on it.
+
+Upstream-Status: Submitted [SourceForge project: https://sourceforge.net/p/bastille-linux/bugs/160/]
+
+Signed-off-by: Joe MacDonald <joe at deserted.net>
+---
+ Bastille/AccountSecurity.pm | 8 +++++++-
+ Bastille/Apache.pm | 8 +++++++-
+ Bastille/BootSecurity.pm | 8 +++++++-
+ Bastille/ConfigureMiscPAM.pm | 8 +++++++-
+ Bastille/DNS.pm | 8 +++++++-
+ Bastille/DisableUserTools.pm | 8 +++++++-
+ Bastille/FTP.pm | 8 +++++++-
+ Bastille/FilePermissions.pm | 8 +++++++-
+ Bastille/IOLoader.pm | 8 +++++++-
+ Bastille/Logging.pm | 8 +++++++-
+ Bastille/MiscellaneousDaemons.pm | 8 +++++++-
+ Bastille/OSXFirewall.pm | 8 +++++++-
+ Bastille/PSAD.pm | 8 +++++++-
+ Bastille/Printing.pm | 8 +++++++-
+ Bastille/RemoteAccess.pm | 8 +++++++-
+ Bastille/SecureInetd.pm | 8 +++++++-
+ Bastille/Sendmail.pm | 8 +++++++-
+ Bastille/TMPDIR.pm | 8 +++++++-
+ Bastille/TestDriver.pm | 12 +++++++++---
+ BastilleBackEnd | 10 +++++++++-
+ InteractiveBastille | 10 +++++++++-
+ RevertBastille | 10 +++++++++-
+ find_bastille_affected_files.pl | 9 ++++++++-
+ 23 files changed, 170 insertions(+), 25 deletions(-)
+
+diff --git a/Bastille/AccountSecurity.pm b/Bastille/AccountSecurity.pm
+index e0ebc8a..96e27fd 100644
+--- a/Bastille/AccountSecurity.pm
++++ b/Bastille/AccountSecurity.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::AccountSecurity;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+
+ use Bastille::API;
+diff --git a/Bastille/Apache.pm b/Bastille/Apache.pm
+index f6ee3f9..f419a72 100644
+--- a/Bastille/Apache.pm
++++ b/Bastille/Apache.pm
+@@ -4,7 +4,13 @@
+
+
+ package Bastille::Apache;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::HPSpecific;
+diff --git a/Bastille/BootSecurity.pm b/Bastille/BootSecurity.pm
+index cd4ac7b..6a9372f 100644
+--- a/Bastille/BootSecurity.pm
++++ b/Bastille/BootSecurity.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::BootSecurity;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::HPSpecific;
+diff --git a/Bastille/ConfigureMiscPAM.pm b/Bastille/ConfigureMiscPAM.pm
+index 2986dc4..c127ce5 100644
+--- a/Bastille/ConfigureMiscPAM.pm
++++ b/Bastille/ConfigureMiscPAM.pm
+@@ -2,7 +2,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::ConfigureMiscPAM;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::FileContent;
+diff --git a/Bastille/DNS.pm b/Bastille/DNS.pm
+index e98309a..2bdceb8 100644
+--- a/Bastille/DNS.pm
++++ b/Bastille/DNS.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::DNS;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::HPSpecific;
+diff --git a/Bastille/DisableUserTools.pm b/Bastille/DisableUserTools.pm
+index b065dd4..22a62c2 100644
+--- a/Bastille/DisableUserTools.pm
++++ b/Bastille/DisableUserTools.pm
+@@ -2,7 +2,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::DisableUserTools;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+
+diff --git a/Bastille/FTP.pm b/Bastille/FTP.pm
+index 39bf40d..63221ad 100644
+--- a/Bastille/FTP.pm
++++ b/Bastille/FTP.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::FTP;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::ServiceAdmin;
+diff --git a/Bastille/FilePermissions.pm b/Bastille/FilePermissions.pm
+index ea6e8bf..e585fdb 100644
+--- a/Bastille/FilePermissions.pm
++++ b/Bastille/FilePermissions.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::FilePermissions;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+ use strict;
+ use File::Find ();
+ use Bastille::API;
+diff --git a/Bastille/IOLoader.pm b/Bastille/IOLoader.pm
+index abb94d7..fdd71a6 100644
+--- a/Bastille/IOLoader.pm
++++ b/Bastille/IOLoader.pm
+@@ -2,7 +2,13 @@
+ # Copyright (C) 2001-2006 Hewlett Packard Development Company, L.P.
+ # Licensed under the GNU General Public License, version 2
+ package Bastille::IOLoader;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::HPSpecific;
+diff --git a/Bastille/Logging.pm b/Bastille/Logging.pm
+index c5ad049..413ddc9 100644
+--- a/Bastille/Logging.pm
++++ b/Bastille/Logging.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::Logging;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::ServiceAdmin;
+diff --git a/Bastille/MiscellaneousDaemons.pm b/Bastille/MiscellaneousDaemons.pm
+index d6f31c4..4625b42 100644
+--- a/Bastille/MiscellaneousDaemons.pm
++++ b/Bastille/MiscellaneousDaemons.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::MiscellaneousDaemons;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::ServiceAdmin;
+diff --git a/Bastille/OSXFirewall.pm b/Bastille/OSXFirewall.pm
+index 3c6f00d..43f0061 100755
+--- a/Bastille/OSXFirewall.pm
++++ b/Bastille/OSXFirewall.pm
+@@ -2,7 +2,13 @@
+ # Licensed under the GNU General Public License
+
+ package Bastille::OSXFirewall;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+
+diff --git a/Bastille/PSAD.pm b/Bastille/PSAD.pm
+index 5f5c523..a5d9320 100644
+--- a/Bastille/PSAD.pm
++++ b/Bastille/PSAD.pm
+@@ -17,7 +17,13 @@
+ #
+
+ package Bastille::PSAD;
+-use lib '/usr/lib';
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::ServiceAdmin;
+diff --git a/Bastille/Printing.pm b/Bastille/Printing.pm
+index 6b2a34a..5bcd7e4 100644
+--- a/Bastille/Printing.pm
++++ b/Bastille/Printing.pm
+@@ -2,7 +2,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::Printing;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::AccountPermission;
+diff --git a/Bastille/RemoteAccess.pm b/Bastille/RemoteAccess.pm
+index e46588f..2b4d7d4 100644
+--- a/Bastille/RemoteAccess.pm
++++ b/Bastille/RemoteAccess.pm
+@@ -2,7 +2,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::RemoteAccess;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::FileContent;
+diff --git a/Bastille/SecureInetd.pm b/Bastille/SecureInetd.pm
+index defbb78..abfddb2 100644
+--- a/Bastille/SecureInetd.pm
++++ b/Bastille/SecureInetd.pm
+@@ -9,7 +9,13 @@
+
+ package Bastille::SecureInetd;
+
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ use Bastille::API::AccountPermission;
+diff --git a/Bastille/Sendmail.pm b/Bastille/Sendmail.pm
+index 9e30024..2cfbbf7 100644
+--- a/Bastille/Sendmail.pm
++++ b/Bastille/Sendmail.pm
+@@ -3,7 +3,13 @@
+ # Licensed under the GNU General Public License, version 2
+
+ package Bastille::Sendmail;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+
+diff --git a/Bastille/TMPDIR.pm b/Bastille/TMPDIR.pm
+index 3889e2c..f5ddbf8 100644
+--- a/Bastille/TMPDIR.pm
++++ b/Bastille/TMPDIR.pm
+@@ -11,7 +11,13 @@
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ package Bastille::TMPDIR;
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
+
+ use Bastille::API;
+ @ENV="";
+diff --git a/Bastille/TestDriver.pm b/Bastille/TestDriver.pm
+index 123fbc3..840621d 100644
+--- a/Bastille/TestDriver.pm
++++ b/Bastille/TestDriver.pm
+@@ -7,7 +7,15 @@
+ #than an API.
+
+ package Bastille::TestDriver;
+-use lib "/usr/lib";
++BEGIN {
++ foreach $new_lib ("/usr/lib","/usr/lib/perl5/site_perl") {
++ unshift (@INC,$new_lib);
++ use Config;
++ if (-e "$new_lib/$Config{archname}/auto" ) {
++ unshift (@INC,"$new_lib/$Config{archname}/auto");
++ }
++ }
++}
+
+ use Bastille::API;
+
+@@ -16,8 +24,6 @@ use Exporter;
+ @EXPORT = qw( B_run_test
+ );
+
+-use lib "/usr/lib","/usr/lib/perl5/site_perl/"; #"/usr/lib/Bastille";
+-
+
+ ###########################################################################
+ # define tests
+diff --git a/BastilleBackEnd b/BastilleBackEnd
+index 45ff41a..6ceb134 100755
+--- a/BastilleBackEnd
++++ b/BastilleBackEnd
+@@ -39,7 +39,15 @@
+ ## Our use of modules is somewhat strange for Perl: we have a main routine
+ ## in each module which runs on the "use" command.
+
+-use lib "/usr/lib","/usr/lib/perl5/site_perl/","/usr/lib/Bastille";
++BEGIN {
++ foreach $new_lib ("/usr/lib","/usr/lib/perl5/site_perl/","/usr/lib/Bastille") {
++ unshift (@INC,"$new_lib");
++ use Config;
++ if (-e "$new_lib/$Config{archname}/auto" ) {
++ unshift (@INC,"$new_lib/$Config{archname}/auto");
++ }
++ }
++}
+ use Getopt::Long;
+ use File::Copy;
+
+diff --git a/InteractiveBastille b/InteractiveBastille
+index 6065eda..b8f74aa 100755
+--- a/InteractiveBastille
++++ b/InteractiveBastille
+@@ -185,7 +185,15 @@ $TEST_ONLY = 0;
+ use Getopt::Long;
+ use Text::Wrap;
+
+-use lib "/usr/lib","/usr/lib/perl5/site_perl/","/usr/lib/Bastille";
++BEGIN {
++ foreach $new_lib ("/usr/lib","/usr/lib/perl5/site_perl","/usr/lib/Bastille") {
++ unshift (@INC,$new_lib);
++ use Config;
++ if (-e "$new_lib/$Config{archname}/auto" ) {
++ unshift (@INC,"$new_lib/$Config{archname}/auto");
++ }
++ }
++}
+
+ # make sure we don't look in the current directory for the modules!
+ $i = 0;
+diff --git a/RevertBastille b/RevertBastille
+index f1a00cc..4a46a69 100644
+--- a/RevertBastille
++++ b/RevertBastille
+@@ -18,7 +18,15 @@ use File::Basename;
+ use File::Copy;
+
+
+-use lib "/usr/lib","/usr/lib/perl5/site_perl","/usr/lib/Bastille", "/usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi";
++BEGIN {
++ foreach $new_lib ("/usr/lib","/usr/lib/perl5/site_perl","/usr/lib/Bastille", "/usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi") {
++ unshift (@INC,$new_lib);
++ use Config;
++ if (-e "$new_lib/$Config{archname}/auto" ) {
++ unshift (@INC,"$new_lib/$Config{archname}/auto");
++ }
++ }
++}
+
+ require Bastille::API;
+ import Bastille::API;
+diff --git a/find_bastille_affected_files.pl b/find_bastille_affected_files.pl
+index 10ec0fa..707ea3f 100644
+--- a/find_bastille_affected_files.pl
++++ b/find_bastille_affected_files.pl
+@@ -2,7 +2,14 @@
+
+
+
+-use lib "/usr/lib";
++BEGIN {
++ unshift (@INC,"/usr/lib");
++ use Config;
++ if (-e "/usr/lib/$Config{archname}/auto" ) {
++ unshift (@INC,"/usr/lib/$Config{archname}/auto");
++ }
++}
++
+ push (@INC,"/usr/lib/perl5/site_perl/");
+ push (@INC,"/usr/lib/Bastille");
+
+--
+1.7.10.4
+
diff --git a/recipes-security/perl/lib-perl_0.63.bb b/recipes-security/perl/lib-perl_0.63.bb
deleted file mode 100644
index c05ae1e..0000000
--- a/recipes-security/perl/lib-perl_0.63.bb
+++ /dev/null
@@ -1,28 +0,0 @@
-DESCRIPTION = "This is a small simple module which simplifies the \
-manipulation of @INC at compile time. It is typically used to add extra \
-directories to Perl's search path so that later "use" or "require" statements \
-will find modules which are not located in the default search path."
-
-SECTION = "libs"
-LICENSE = "Artistic-1.0 | GPL-1.0+"
-PR = "r0"
-
-LIC_FILES_CHKSUM = "file://README;beginline=26;endline=30;md5=94b119f1a7b8d611efc89b5d562a1a50"
-
-DEPENDS += "perl"
-
-SRC_URI = "http://www.cpan.org/authors/id/S/SM/SMUELLER/lib-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "8607ac4e0d9d43585ec28312f52df67c"
-SRC_URI[sha256sum] = "72f63db9220098e834d7a38231626bd0c9b802c1ec54a628e2df35f3818e5a00"
-
-S = "${WORKDIR}/lib-${PV}"
-
-EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
-
-inherit cpan
-
-do_compile() {
- export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
- cpan_do_compile
-}
--
1.7.10.4
More information about the yocto
mailing list