[yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core

Tue Aug 14 22:48:03 PDT 2018

在 2018年05月15日 00:09, Joe MacDonald 写道:
> [Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core] On 18.05.14 (Mon 10:05) Mark Hatle wrote:
>
>> On 5/11/18 1:19 PM, Rudolf J Streif wrote:
>>> Thank you, Mark. Much appreciated and understood.
>>>
>>> Would you be open to tagging the layer for rocko to the right commit and
>>> applying the patches sent to the mailing list by Armin and Kai to master
>>> so that we have known points to move forward?
>> I'm going to try to sync with Joe later today.  I'll make sure that we
>> branch rocko..  If Joe can't get to the sumo work this week, I'll do
>> my best to get it done.
> Yeah, just keep everyone in the loop on this, Mark and I will
> coordinate, I anticipate having the current meta-selinux queue cleaned
> up this week.  I followed up last week to Armin indicating that I was
> working on this, but as I'm sure anyone building meta-selinux right now
> already knows, things are not happy there and corrective measures are
> kind of involved.
>
> As for longer-term maintenance, meta-selinux and SELinux in general is
> of particular interest to me personally, but much like Mark, I haven't
> has as much time for the layer as it deserves lately, so if anyone wants
> to volunteer to help out with it, by all means, let us know.
Hi Joe, Mark and Philip

I'm interested in this  and want to volunteer to help the meta-selinux 
maintenance.  I have enough time to review and test the patches. There 
are some pending patches from Wenzong which can not be merged into 
master. Currently I'm working on them and will re-send them.

Thanks,
Yi

>
>
> Thanks,
> -J.
>
>> --Mark
>>
>>> Thank you,
>>> Rudi
>>>
>>>
>>> On 05/11/2018 10:45 AM, Mark Hatle wrote:
>>>> On 5/11/18 12:28 PM, Rudolf J Streif wrote:
>>>>> Echoing this: may I ask what the current maintenance status of
>>>>> meta-selinux is. It appears that no updates have been made for more than
>>>>> 9 months. This is of course not to blame anybody but out of concern that
>>>>> the layer is falling behind even more and to find a solution.
>>>> The answer is the current set of people are horribly overworked and busy, so
>>>> day-to-day updates have been 'sparse'.
>>>>
>>>> Usually we update meta-selinux about the time of a release, and thus are due.
>>>>
>>>> The last update of meta-selinux was about the time of the Rocko release, so what
>>>> is in master is definitely current as of Rocko.  (I did the last set of updates
>>>> -- so I know it did work as of Rocko release.)  The master needs to be branched
>>>> as Rocko... master needs to be updated to be Sumo compatible.
>>>>
>>>> My assumption is that once Sumo is formally released (any minute now), we'll
>>>> collection all of the patches and get them into place and spend some time
>>>> cleaning them up...
>>>>
>>>> It looks like Joe is already working through this effort.
>>>>
>>>> (Only speaking for myself,) I don't have time to do day-to-day maintenance of
>>>> meta-selinux any longer -- nor do I have the indepth knowledge to understand
>>>> when not to do something.  I filled this role purely out of necessity since
>>>> nobody else was doing it.
>>>>
>>>> So with that said, if anyone wants to help, we're all open for help here...  I
>>>> doubt there would be any objection to adding or replacing existing maintainers
>>>> and/or giving more people push access.
>>>>
>>>>> In addition to Armin's patches there are two patches submitted by Kai
>>>>> Kang at Windriver:
>>>>>
>>>>> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html
>>>>> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html
>>>>>
>>>>> Curiously enough, the second patch has been applied to master but not
>>>>> the first one.
>>>>>
>>>>>
>>>>> There is also an issue with building SELinux with systemd. The layer
>>>>> enables auditing:
>>>>>
>>>>> meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] =
>>>>> "--enable-audit,--disable-audit,audit,"
>>>>> meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit
>>>>> ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)}
>>>>>
>>>>> Apparently the --enable-audit switch is passed to meson when running the
>>>>> configure task, which meson does not appreciate. I am not that familiar
>>>>> with the audit feature nor with meson, so I currently have no idea on
>>>>> how to fix this the right way.
>>>> audit feature is useful outside of selinux, so my understand was that audit
>>>> itself was moving into core during the sumo time frame (if it hadn't already
>>>> been oved.)
>>>>
>>>> I don't know anything about meson, so I can't speak to that...
>>>>
>>>>> Further, refpolicy_git does not build anymore as the YP specific patches
>>>>> do not apply anymore since upstream changed.
>>>> The refpolicy is and has always been crap.  I've been talking to a few people on
>>>> IRC about working to replace the refpolicy with a policy that can be generated
>>>> dynamically based on the contents of the recipes.  I don't know if that is
>>>> really going to happen, but I hate the way it's currently implemented.
>>>>
>>>> One of the key issues about the refpolicy is that you need to be an expert at
>>>> this (which I never claimed to be) in order to make any reasonable decision --
>>>> add to that any specific policy needs to userstand overall system design, and I
>>>> wouldn't trust any of the refpolicy items as they stand in meta-selinux.
>>>>
>>>> --Mark
>>>>
>>>>> Thanks,
>>>>> Rudi
>>>>>
>>>>>
>>>>>
>>>>> On 05/07/2018 10:20 AM, akuster808 wrote:
>>>>>> On 04/14/2018 07:08 PM, Armin Kuster wrote:
>>>>>>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'restorecond', 'libselinux', 'python-importlib']
>>>>>>>
>>>>>>> Signed-off-by: Armin Kuster <akuster at mvista.com>
>>>>>> ping
>>>>>>> ---
>>>>>>>   recipes-security/selinux/libselinux.inc | 2 +-
>>>>>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>>
>>>>>>> diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux.inc
>>>>>>> index bd5ce8d..51d0875 100644
>>>>>>> --- a/recipes-security/selinux/libselinux.inc
>>>>>>> +++ b/recipes-security/selinux/libselinux.inc
>>>>>>> @@ -8,7 +8,7 @@ LICENSE = "PD"
>>>>>>>   inherit lib_package pythonnative
>>>>>>>   
>>>>>>>   DEPENDS += "libsepol python libpcre swig-native"
>>>>>>> -RDEPENDS_${PN}-python += "python-importlib"
>>>>>>> +RDEPENDS_${PN}-python += "python-core"
>>>>>>>   
>>>>>>>   PACKAGES += "${PN}-python"
>>>>>>>   FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
>>>>>
>>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20180815/61a39644/attachment.html>