[yocto] [meta-selinux][PATCH 16/21] policycoreutils: fixes for 2.7 uprev
wenzong.fan at windriver.com
wenzong.fan at windriver.com
Mon Sep 4 22:59:53 PDT 2017
From: Wenzong Fan <wenzong.fan at windriver.com>
Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.
Rebase patch:
- policycoreutils-fixfiles-de-bashify.patch
Drop useless patch:
- policycoreutils-loadpolicy-symlink.patch
Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
recipes-security/selinux/policycoreutils.inc | 4 +-
.../policycoreutils-fixfiles-de-bashify.patch | 53 ++++++++++------------
recipes-security/selinux/policycoreutils_2.7.bb | 3 --
3 files changed, 27 insertions(+), 33 deletions(-)
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 5e03ba0..fc181f7 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -16,7 +16,7 @@ PAM_SRC_URI = "file://pam.d/newrole \
"
DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
-EXTRA_DEPENDS = "libcap-ng libcgroup setools"
+EXTRA_DEPENDS = "libcap-ng libcgroup"
DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
inherit selinux pythonnative
@@ -60,7 +60,7 @@ RDEPENDS_${BPN}-setsebool += "\
libselinux \
libsemanage \
"
-RDEPENDS_${BPN} += "setools setools-libs selinux-python"
+RDEPENDS_${BPN} += "selinux-python"
WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}"
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
index 44d7525..0144de7 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
@@ -13,12 +13,13 @@ so we'll try that instead.
Upstream-Status: Pending
Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
+Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
---
- scripts/fixfiles | 26 +++++++++++++++-----------
- 1 file changed, 15 insertions(+), 11 deletions(-)
+ scripts/fixfiles | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/scripts/fixfiles b/scripts/fixfiles
-index 5c29eb9..10a5078 100755
+index 1aa330f..a10837d 100755
--- a/scripts/fixfiles
+++ b/scripts/fixfiles
@@ -1,4 +1,4 @@
@@ -27,29 +28,39 @@ index 5c29eb9..10a5078 100755
# fixfiles
#
# Script to restore labels on a SELinux box
-@@ -25,7 +25,7 @@
+@@ -27,7 +27,7 @@ set -o nounset
# number if the current kernel version is greater than 2.6.30, a negative
# number if the current is less than 2.6.30 and 0 if they are the same.
#
-function useseclabel {
-+useseclabel() {
++useseclabel {
VER=`uname -r`
SUP=2.6.30
expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \
-@@ -91,9 +91,9 @@ exclude_dirs_from_relabelling() {
+@@ -93,9 +93,10 @@ exclude_dirs_from_relabelling() {
# skip not absolute path
# skip not directory
[ -z "${i}" ] && continue
-- [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
+- [[ "${i}" =~ ^[[:blank:]]*# ]] && continue
- [[ ! "${i}" =~ ^/.* ]] && continue
- [[ ! -d "${i}" ]] && continue
+ echo "${i}" | egrep -q '^[[:space:]]*#' && continue
+ echo "${i}" | egrep -v '^/.*' && continue
+ [ ! -d "${i}" ] && continue
++
exclude_from_relabelling="$exclude_from_relabelling -e $i"
- logit "skipping the directory $i"
done < /etc/selinux/fixfiles_exclude_dirs
-@@ -205,8 +205,12 @@ fi
+ fi
+@@ -138,7 +139,7 @@ fi
+ # Log directories excluded from relabelling by configuration file
+ #
+ LogExcluded() {
+-for i in ${EXCLUDEDIRS//-e / }; do
++for i in `echo ${EXCLUDEDIRS} | sed -e 's/-e / /g'`; do
+ echo "skipping the directory $i"
+ done
+ }
+@@ -201,8 +202,12 @@ fi
}
rpmlist() {
@@ -64,29 +75,15 @@ index 5c29eb9..10a5078 100755
}
#
-@@ -233,10 +237,10 @@ if [ -n "${exclude_dirs}" ]
- then
- TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX`
- test -z "$TEMPFCFILE" && exit
-- /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit
-- tmpdirs=${tempdirs//-e/}
-- for p in ${tmpdirs}
-+ /bin/cp -p ${FC} ${TEMPFCFILE} >/dev/null 2>&1 || exit
-+ for p in ${tempdirs}
- do
-+ [ ${p} = "-e" ] && continue
- p="${p%/}"
- p1="${p}(/.*)? -- <<none>>"
- echo "${p1}" >> $TEMPFCFILE
-@@ -288,7 +292,7 @@ relabel() {
- restore Relabel
+@@ -276,7 +281,7 @@ relabel() {
+ exit 1
fi
- if [ $fullFlag == 1 ]; then
-+ if [ $fullFlag = 1 ]; then
++ if [ $fullFlag = 1 ]; then
fullrelabel
+ return
fi
-
--
-1.9.1
+2.13.0
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb
index aa4870d..78bf031 100644
--- a/recipes-security/selinux/policycoreutils_2.7.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -6,6 +6,3 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed"
SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4"
-SRC_URI += "\
- file://policycoreutils-loadpolicy-symlink.patch \
- "
--
2.13.0
More information about the yocto
mailing list