[yocto] [meta-selinux][PATCH] Use the SELinux project release tarballs.
wenzong fan
wenzong.fan at windriver.com
Mon Aug 24 02:43:37 PDT 2015
On 08/22/2015 12:01 AM, Philip Tricca wrote:
> Greetings Wenzong,
>
> On 08/21/2015 02:09 AM, wenzong fan wrote:
>> On 08/21/2015 10:48 AM, Philip Tricca wrote:
>>> Any opinions / thoughts on this one? I've got an upgrade for the
>>> toolstack (2.3 -> 2.4) ready to go but I've based it on the release URIs
>>> from the wiki so it depends on this patch.
>>
>> Good to know you have made the selinux toolstack upgrade (2.3 -> 2.4).
>>
>> Did you fix the refpolicy-* build issues with 2.4 tools?
>
> I think so :)
>
>> The policy store is moved to /var/lib/selinux, the install logic from
>> refpolicy_common.inc may fail to build policy DB and generate contexts
>> files.
>
> Indeed it failed spectacularly. Additionally the format of the policy
> store has changed a bit with the addition of the CIL. I've got all of
> this up on github in a branch if you'd like to give it a review. It
> currently works but I'm sure it can be improved:
>
> https://github.com/flihp/meta-selinux/tree/upgrade
Yes, both build & runtime work well.
It also solves my concern about how to build refpolicies with new tools:)
Thanks
Wenzong
>
> Best,
> Philip
>
>>> On 08/15/2015 06:35 AM, Philip Tricca wrote:
>>>> The SRC_URI used for the last SELinux userspace upgrade was the
>>>> wrong one. We were using the URI generated by GitHub when tags are
>>>> added to a repo. These are not the SELinux release tarballs.
>>>>
>>>> The SELinux project generates and releases tarballs for each tool
>>>> and posts them to their GitHub wiki 'Releases' page:
>>>> https://github.com/SELinuxProject/selinux/wiki/Releases. This patch
>>>> fixes this URI, fixes the SELINUX_RELEASE variable that didn't get
>>>> updated during the last upgrade, removes the workaround for the 'S'
>>>> variable and fixes up the SRC_URI hashes.
>>>>
>>>> Signed-off-by: Philip Tricca <flihp at twobit.us>
>>>> ---
>>>> recipes-security/selinux/checkpolicy_2.3.bb | 4 ++--
>>>> recipes-security/selinux/libselinux_2.3.bb | 4 ++--
>>>> recipes-security/selinux/libsemanage_2.3.bb | 4 ++--
>>>> recipes-security/selinux/libsepol_2.3.bb | 4 ++--
>>>> recipes-security/selinux/policycoreutils_2.3.bb | 4 ++--
>>>> recipes-security/selinux/selinux_20140506.inc | 4 ++--
>>>> recipes-security/selinux/selinux_common.inc | 4 ----
>>>> recipes-security/selinux/sepolgen_1.2.1.bb | 4 ++--
>>>> 8 files changed, 14 insertions(+), 18 deletions(-)
>>>>
>>>> diff --git a/recipes-security/selinux/checkpolicy_2.3.bb
>>>> b/recipes-security/selinux/checkpolicy_2.3.bb
>>>> index 9f68487..0efc94e 100644
>>>> --- a/recipes-security/selinux/checkpolicy_2.3.bb
>>>> +++ b/recipes-security/selinux/checkpolicy_2.3.bb
>>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>>
>>>> LIC_FILES_CHKSUM =
>>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>>
>>>> -SRC_URI[md5sum] = "920f1a048b6023a22e1bae7b40fd413c"
>>>> -SRC_URI[sha256sum] =
>>>> "8072c12121613ba943417bbb6d33224d12373ea19d75c5acd1846a35e0e05b74"
>>>> +SRC_URI[md5sum] = "90caed59291291b184890f563bf6c095"
>>>> +SRC_URI[sha256sum] =
>>>> "90632d11afecb66997971d4c5c5d70dfb02d3969ec610ee2918ba6df99c8207b"
>>>> diff --git a/recipes-security/selinux/libselinux_2.3.bb
>>>> b/recipes-security/selinux/libselinux_2.3.bb
>>>> index 81e599d..ff74b61 100644
>>>> --- a/recipes-security/selinux/libselinux_2.3.bb
>>>> +++ b/recipes-security/selinux/libselinux_2.3.bb
>>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>>
>>>> LIC_FILES_CHKSUM =
>>>> "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
>>>>
>>>> -SRC_URI[md5sum] = "d27e249ad8450e7182203134cf4d85e2"
>>>> -SRC_URI[sha256sum] =
>>>> "03fe2baa7ceeea531a64fd321b44ecf09a55f3af5ef66a58a4135944f34e9851"
>>>> +SRC_URI[md5sum] = "b11d4d95ef4bde732dbc8462df57a1e5"
>>>> +SRC_URI[sha256sum] =
>>>> "0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2"
>>>>
>>>> SRC_URI += "\
>>>> file://libselinux-drop-Wno-unused-but-set-variable.patch \
>>>> diff --git a/recipes-security/selinux/libsemanage_2.3.bb
>>>> b/recipes-security/selinux/libsemanage_2.3.bb
>>>> index 5eada94..a238e08 100644
>>>> --- a/recipes-security/selinux/libsemanage_2.3.bb
>>>> +++ b/recipes-security/selinux/libsemanage_2.3.bb
>>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>>
>>>> LIC_FILES_CHKSUM =
>>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
>>>>
>>>> -SRC_URI[md5sum] = "cc313b400637d94e3a549bf77555d8c3"
>>>> -SRC_URI[sha256sum] =
>>>> "4c984379a98ee9f05b80ff6e57dd2de886273d7136146456cabdce21ac32ed7f"
>>>> +SRC_URI[md5sum] = "e564e2b92d18db35707060da29cddab9"
>>>> +SRC_URI[sha256sum] =
>>>> "03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b"
>>>>
>>>> SRC_URI += "\
>>>> file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
>>>> diff --git a/recipes-security/selinux/libsepol_2.3.bb
>>>> b/recipes-security/selinux/libsepol_2.3.bb
>>>> index 0c07d41..478a6ee 100644
>>>> --- a/recipes-security/selinux/libsepol_2.3.bb
>>>> +++ b/recipes-security/selinux/libsepol_2.3.bb
>>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>>
>>>> LIC_FILES_CHKSUM =
>>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
>>>>
>>>> -SRC_URI[md5sum] = "c6b3dc07bf19ab4f364f21bbecb44beb"
>>>> -SRC_URI[sha256sum] =
>>>> "5a4481bfd0fad6fdad1511c786d69de1fc3eddc28154eae1691e1bf4e9e505c3"
>>>> +SRC_URI[md5sum] = "e47e8527b5d4ea971726c455f847efdd"
>>>> +SRC_URI[sha256sum] =
>>>> "cc8d8642c3b7b95d6928d65dcbca2ab0627abc1c05166637851e63c1a6eae68f"
>>>> diff --git a/recipes-security/selinux/policycoreutils_2.3.bb
>>>> b/recipes-security/selinux/policycoreutils_2.3.bb
>>>> index c837266..b77094e 100644
>>>> --- a/recipes-security/selinux/policycoreutils_2.3.bb
>>>> +++ b/recipes-security/selinux/policycoreutils_2.3.bb
>>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>>
>>>> LIC_FILES_CHKSUM =
>>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>>
>>>> -SRC_URI[md5sum] = "4f5c508e3c3867c8beb343e993d353dd"
>>>> -SRC_URI[sha256sum] =
>>>> "11e8815ac13debb87897d2781381b89ec5c6c746a3d44223a493bc7ace6cc71f"
>>>> +SRC_URI[md5sum] = "9a5db20adfe2250f53833b277ac796ae"
>>>> +SRC_URI[sha256sum] =
>>>> "864cfaee58b5d2f15b140c354e59666e57143293c89f2b2e85bc0d0e4beefcd2"
>>>>
>>>> SRC_URI += "\
>>>> file://policycoreutils-fix-sepolicy-install-path.patch \
>>>> diff --git a/recipes-security/selinux/selinux_20140506.inc
>>>> b/recipes-security/selinux/selinux_20140506.inc
>>>> index 01cc52f..beaaff0 100644
>>>> --- a/recipes-security/selinux/selinux_20140506.inc
>>>> +++ b/recipes-security/selinux/selinux_20140506.inc
>>>> @@ -1,5 +1,5 @@
>>>> -SELINUX_RELEASE = "20131030"
>>>> +SELINUX_RELEASE = "20140506"
>>>>
>>>> -SRC_URI =
>>>> "https://github.com/SELinuxProject/selinux/archive/${BPN}-${PV}.tar.gz"
>>>> +SRC_URI =
>>>> "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
>>>>
>>>>
>>>> include selinux_common.inc
>>>> diff --git a/recipes-security/selinux/selinux_common.inc
>>>> b/recipes-security/selinux/selinux_common.inc
>>>> index e53792d..7efa694 100644
>>>> --- a/recipes-security/selinux/selinux_common.inc
>>>> +++ b/recipes-security/selinux/selinux_common.inc
>>>> @@ -5,10 +5,6 @@ HOMEPAGE = "https://github.com/SELinuxProject"
>>>> # we redefine EXTRA_OEMAKE here
>>>> EXTRA_OEMAKE = "-e"
>>>>
>>>> -# Releases are now from the base of the full tree, necessitating our
>>>> skipping
>>>> -# through an extra level of directories.
>>>> -S = "${WORKDIR}/selinux-${BPN}-${PV}/${BPN}"
>>>> -
>>>> do_compile() {
>>>> oe_runmake all \
>>>> INCLUDEDIR='${STAGING_INCDIR}' \
>>>> diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb
>>>> b/recipes-security/selinux/sepolgen_1.2.1.bb
>>>> index b47ff26..c636ac3 100644
>>>> --- a/recipes-security/selinux/sepolgen_1.2.1.bb
>>>> +++ b/recipes-security/selinux/sepolgen_1.2.1.bb
>>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>>
>>>> LIC_FILES_CHKSUM =
>>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>>
>>>> -SRC_URI[md5sum] = "308011ba495b6770239bb3d371d277d3"
>>>> -SRC_URI[sha256sum] =
>>>> "7a5710f7c8be16dfbaf8da98c3c0e46bc6159f2df5340e9efb975b084f61413c"
>>>> +SRC_URI[md5sum] = "ce662a83188bc3a9b40c15792fcaf2c8"
>>>> +SRC_URI[sha256sum] =
>>>> "438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0"
>>>>
>>>
>
>
More information about the yocto
mailing list