[yocto] [meta-security][PATCH 2/2] apparmor: make bash dependency optional

Alexander Kanavin alex.kanavin at gmail.com
Thu Oct 10 04:22:37 PDT 2019 

Bash is only needed by one not particularly important script,
so not requiring bash is a useful option for builds that
cannot have gpl3 components.

Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
---
 recipes-mac/AppArmor/apparmor_2.13.3.bb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/recipes-mac/AppArmor/apparmor_2.13.3.bb b/recipes-mac/AppArmor/apparmor_2.13.3.bb
index 990d870..6183064 100644
--- a/recipes-mac/AppArmor/apparmor_2.13.3.bb
+++ b/recipes-mac/AppArmor/apparmor_2.13.3.bb
@@ -32,11 +32,12 @@ PARALLEL_MAKE = ""
 
 inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd
 
-PACKAGECONFIG ??= "python perl"
+PACKAGECONFIG ??= "python perl aa-decode"
 PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages"
 PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native"
 PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native"
 PACKAGECONFIG[apache2] = ",,apache2,"
+PACKAGECONFIG[aa-decode] = ",,,bash"
 
 PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}"
 HTTPD="${@bb.utils.contains('PACKAGECONFIG', 'apache2', '1', '0', d)}"
@@ -97,6 +98,10 @@ do_install () {
 		rm -f ${D}${sbindir}/aa-notify
 	fi
 
+	if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
+		rm -f ${D}${sbindir}/aa-decode
+	fi
+
 	if test -z "${HTTPD}" ; then
 		oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
 	fi
@@ -161,7 +166,6 @@ PACKAGES += "mod-${PN}"
 FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}"
 FILES_mod-${PN} = "${libdir}/apache2/modules/*"
 
-RDEPENDS_${PN} += "bash"
 RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}"
 RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}"
 RDEPENDS_${PN}-ptest += "perl coreutils dbus-lib bash"
-- 
2.17.1

More information about the yocto mailing list