[yocto] [meta-selinux][PATCH] Use the SELinux project release tarballs.

Philip Tricca flihp at twobit.us
Fri Aug 21 09:01:58 PDT 2015 

Greetings Wenzong,

On 08/21/2015 02:09 AM, wenzong fan wrote:
> On 08/21/2015 10:48 AM, Philip Tricca wrote:
>> Any opinions / thoughts on this one? I've got an upgrade for the
>> toolstack (2.3 -> 2.4) ready to go but I've based it on the release URIs
>> from the wiki so it depends on this patch.
> 
> Good to know you have made the selinux toolstack upgrade (2.3 -> 2.4).
> 
> Did you fix the refpolicy-* build issues with 2.4 tools?

I think so :)

> The policy store is moved to /var/lib/selinux, the install logic from
> refpolicy_common.inc may fail to build policy DB and generate contexts
> files.

Indeed it failed spectacularly. Additionally the format of the policy
store has changed a bit with the addition of the CIL. I've got all of
this up on github in a branch if you'd like to give it a review. It
currently works but I'm sure it can be improved:

https://github.com/flihp/meta-selinux/tree/upgrade

Best,
Philip

>> On 08/15/2015 06:35 AM, Philip Tricca wrote:
>>> The SRC_URI used for the last SELinux userspace upgrade was the
>>> wrong one. We were using the URI generated by GitHub when tags are
>>> added to a repo. These are not the SELinux release tarballs.
>>>
>>> The SELinux project generates and releases tarballs for each tool
>>> and posts them to their GitHub wiki 'Releases' page:
>>> https://github.com/SELinuxProject/selinux/wiki/Releases. This patch
>>> fixes this URI, fixes the SELINUX_RELEASE variable that didn't get
>>> updated during the last upgrade, removes the workaround for the 'S'
>>> variable and fixes up the SRC_URI hashes.
>>>
>>> Signed-off-by: Philip Tricca <flihp at twobit.us>
>>> ---
>>>   recipes-security/selinux/checkpolicy_2.3.bb     | 4 ++--
>>>   recipes-security/selinux/libselinux_2.3.bb      | 4 ++--
>>>   recipes-security/selinux/libsemanage_2.3.bb     | 4 ++--
>>>   recipes-security/selinux/libsepol_2.3.bb        | 4 ++--
>>>   recipes-security/selinux/policycoreutils_2.3.bb | 4 ++--
>>>   recipes-security/selinux/selinux_20140506.inc   | 4 ++--
>>>   recipes-security/selinux/selinux_common.inc     | 4 ----
>>>   recipes-security/selinux/sepolgen_1.2.1.bb      | 4 ++--
>>>   8 files changed, 14 insertions(+), 18 deletions(-)
>>>
>>> diff --git a/recipes-security/selinux/checkpolicy_2.3.bb
>>> b/recipes-security/selinux/checkpolicy_2.3.bb
>>> index 9f68487..0efc94e 100644
>>> --- a/recipes-security/selinux/checkpolicy_2.3.bb
>>> +++ b/recipes-security/selinux/checkpolicy_2.3.bb
>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>
>>>   LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>
>>> -SRC_URI[md5sum] = "920f1a048b6023a22e1bae7b40fd413c"
>>> -SRC_URI[sha256sum] =
>>> "8072c12121613ba943417bbb6d33224d12373ea19d75c5acd1846a35e0e05b74"
>>> +SRC_URI[md5sum] = "90caed59291291b184890f563bf6c095"
>>> +SRC_URI[sha256sum] =
>>> "90632d11afecb66997971d4c5c5d70dfb02d3969ec610ee2918ba6df99c8207b"
>>> diff --git a/recipes-security/selinux/libselinux_2.3.bb
>>> b/recipes-security/selinux/libselinux_2.3.bb
>>> index 81e599d..ff74b61 100644
>>> --- a/recipes-security/selinux/libselinux_2.3.bb
>>> +++ b/recipes-security/selinux/libselinux_2.3.bb
>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>
>>>   LIC_FILES_CHKSUM =
>>> "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
>>>
>>> -SRC_URI[md5sum] = "d27e249ad8450e7182203134cf4d85e2"
>>> -SRC_URI[sha256sum] =
>>> "03fe2baa7ceeea531a64fd321b44ecf09a55f3af5ef66a58a4135944f34e9851"
>>> +SRC_URI[md5sum] = "b11d4d95ef4bde732dbc8462df57a1e5"
>>> +SRC_URI[sha256sum] =
>>> "0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2"
>>>
>>>   SRC_URI += "\
>>>           file://libselinux-drop-Wno-unused-but-set-variable.patch \
>>> diff --git a/recipes-security/selinux/libsemanage_2.3.bb
>>> b/recipes-security/selinux/libsemanage_2.3.bb
>>> index 5eada94..a238e08 100644
>>> --- a/recipes-security/selinux/libsemanage_2.3.bb
>>> +++ b/recipes-security/selinux/libsemanage_2.3.bb
>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>
>>>   LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
>>>
>>> -SRC_URI[md5sum] = "cc313b400637d94e3a549bf77555d8c3"
>>> -SRC_URI[sha256sum] =
>>> "4c984379a98ee9f05b80ff6e57dd2de886273d7136146456cabdce21ac32ed7f"
>>> +SRC_URI[md5sum] = "e564e2b92d18db35707060da29cddab9"
>>> +SRC_URI[sha256sum] =
>>> "03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b"
>>>
>>>   SRC_URI += "\
>>>       file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
>>> diff --git a/recipes-security/selinux/libsepol_2.3.bb
>>> b/recipes-security/selinux/libsepol_2.3.bb
>>> index 0c07d41..478a6ee 100644
>>> --- a/recipes-security/selinux/libsepol_2.3.bb
>>> +++ b/recipes-security/selinux/libsepol_2.3.bb
>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>
>>>   LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
>>>
>>> -SRC_URI[md5sum] = "c6b3dc07bf19ab4f364f21bbecb44beb"
>>> -SRC_URI[sha256sum] =
>>> "5a4481bfd0fad6fdad1511c786d69de1fc3eddc28154eae1691e1bf4e9e505c3"
>>> +SRC_URI[md5sum] = "e47e8527b5d4ea971726c455f847efdd"
>>> +SRC_URI[sha256sum] =
>>> "cc8d8642c3b7b95d6928d65dcbca2ab0627abc1c05166637851e63c1a6eae68f"
>>> diff --git a/recipes-security/selinux/policycoreutils_2.3.bb
>>> b/recipes-security/selinux/policycoreutils_2.3.bb
>>> index c837266..b77094e 100644
>>> --- a/recipes-security/selinux/policycoreutils_2.3.bb
>>> +++ b/recipes-security/selinux/policycoreutils_2.3.bb
>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>
>>>   LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>
>>> -SRC_URI[md5sum] = "4f5c508e3c3867c8beb343e993d353dd"
>>> -SRC_URI[sha256sum] =
>>> "11e8815ac13debb87897d2781381b89ec5c6c746a3d44223a493bc7ace6cc71f"
>>> +SRC_URI[md5sum] = "9a5db20adfe2250f53833b277ac796ae"
>>> +SRC_URI[sha256sum] =
>>> "864cfaee58b5d2f15b140c354e59666e57143293c89f2b2e85bc0d0e4beefcd2"
>>>
>>>   SRC_URI += "\
>>>       file://policycoreutils-fix-sepolicy-install-path.patch \
>>> diff --git a/recipes-security/selinux/selinux_20140506.inc
>>> b/recipes-security/selinux/selinux_20140506.inc
>>> index 01cc52f..beaaff0 100644
>>> --- a/recipes-security/selinux/selinux_20140506.inc
>>> +++ b/recipes-security/selinux/selinux_20140506.inc
>>> @@ -1,5 +1,5 @@
>>> -SELINUX_RELEASE = "20131030"
>>> +SELINUX_RELEASE = "20140506"
>>>
>>> -SRC_URI =
>>> "https://github.com/SELinuxProject/selinux/archive/${BPN}-${PV}.tar.gz"
>>> +SRC_URI =
>>> "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
>>>
>>>
>>>   include selinux_common.inc
>>> diff --git a/recipes-security/selinux/selinux_common.inc
>>> b/recipes-security/selinux/selinux_common.inc
>>> index e53792d..7efa694 100644
>>> --- a/recipes-security/selinux/selinux_common.inc
>>> +++ b/recipes-security/selinux/selinux_common.inc
>>> @@ -5,10 +5,6 @@ HOMEPAGE = "https://github.com/SELinuxProject"
>>>   # we redefine EXTRA_OEMAKE here
>>>   EXTRA_OEMAKE = "-e"
>>>
>>> -# Releases are now from the base of the full tree, necessitating our
>>> skipping
>>> -# through an extra level of directories.
>>> -S = "${WORKDIR}/selinux-${BPN}-${PV}/${BPN}"
>>> -
>>>   do_compile() {
>>>       oe_runmake all \
>>>               INCLUDEDIR='${STAGING_INCDIR}' \
>>> diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb
>>> b/recipes-security/selinux/sepolgen_1.2.1.bb
>>> index b47ff26..c636ac3 100644
>>> --- a/recipes-security/selinux/sepolgen_1.2.1.bb
>>> +++ b/recipes-security/selinux/sepolgen_1.2.1.bb
>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>
>>>   LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>
>>> -SRC_URI[md5sum] = "308011ba495b6770239bb3d371d277d3"
>>> -SRC_URI[sha256sum] =
>>> "7a5710f7c8be16dfbaf8da98c3c0e46bc6159f2df5340e9efb975b084f61413c"
>>> +SRC_URI[md5sum] = "ce662a83188bc3a9b40c15792fcaf2c8"
>>> +SRC_URI[sha256sum] =
>>> "438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0"
>>>
>>

More information about the yocto mailing list