Date   

Re: Bitbake + Patches

bitflipper <forums@...>
 

Peter, I plugging in the bbappend as is except for the md5sumthat was spit out by the yocto build. Here’s my bbappend file:


FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:”

LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3”

PV = “2.4.54"

SRC_URI += "file://0008-Fix-perl-install-directory-to-usr-bin.patch \
file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
file://0001-make_exports.awk-not-expose-the-path.patch”
SRC_URI_remove = "file://apache-configure_perlbin.patch”

SRC_URI[md5sum] = "<861b43073ab416d689f1fc4dfa087711>”
SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"


When I run bitable, I get the following error:



ERROR: smith-nephew-cp-lwb5-2.4.54-r0 do_populate_lic: QA Issue: smith-nephew-cp-lwb5: LIC_FILES_CHKSUM points to an invalid file: /ct/yocto/imx-5.4.70/build/tmp/work/imx6ulevk-poky-linux-gnueabi/smith-nephew-cp-lwb5/2.4.54-r0/smith-nephew-cp-lwb5-2.4.54/LICENSE [license-checksum]
ERROR: smith-nephew-cp-lwb5-2.4.54-r0 do_populate_lic: Fatal QA errors found, failing task.
ERROR: Logfile of failure stored in: /ct/yocto/imx-5.4.70/build/tmp/work/imx6ulevk-poky-linux-gnueabi/smith-nephew-cp-lwb5/2.4.54-r0/temp/log.do_populate_lic.1455644
ERROR: Task (/ct/yocto/imx-5.4.70/sources/meta-laird-cp/recipes-packages/images/smith-nephew-cp-lwb5.bb:do_populate_lic) failed with exit code '1'


I’m suspecting its something to do with the LIC_FILES_CHKSUM ??

Any input appreciated.



Thanks, Jim

On Aug 28, 2022, at 10:49 PM, bitflipper <forums@...> wrote:



Hi Peter. In my mind this process is starting to come together as to why is happening. So I copied the bbappend file as is and I did get the error your expected that I would about the md5sum:


ERROR: apache2-2.4.54-r0 do_fetch: Checksum failure fetching https://archive.apache.org/dist/httpd/httpd-2.4.54.tar.bz2
ERROR: apache2-2.4.54-r0 do_fetch: Fetcher failure for URL: 'https://archive.apache.org/dist/httpd/httpd-2.4.54.tar.bz2'. Checksum mismatch!
File: '/ct/yocto/imx-5.4.70/downloads/httpd-2.4.54.tar.bz2' has md5 checksum 861b43073ab416d689f1fc4dfa087711 when <I don't have this at hand, but bitbake will tell you what it should be> was expected
If this change is expected (e.g. you have upgraded to a new version without updating the checksums) then you can use these lines within the recipe:
SRC_URI[md5sum] = "861b43073ab416d689f1fc4dfa087711"
SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"
Otherwise you should retry the download and/or check with upstream to determine if the file has become corrupted or otherwise unexpectedly modified.

But then I don’t understand what needs to be done with what you said here:

You then also need to copy the three new patches and any other
patches that differs between zeus and master and put them in your
layer together with the bbappend file (in a subdirectory called
"recipes-httpd/apache2/apache2”)

My assumption here is that I need to copy the difference between the Zeus and Master recipe for apache2 and place them in a file here;

recipies-httpd/apache2/apache2

The name of the file will be apache2 and it will contain the diffs between Zeus and Master for the apache2 recipes. And the diff are from the following file:

./sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.41.bb

Right?


Thanks, Jim






On Aug 26, 2022, at 10:03 AM, Peter Kjellerstedt <peter.kjellerstedt@...> wrote:

[ In the future, please make sure to reply to list and not just to me. ]
[ Top posting since Outlook doesn’t support inline responses to HTML mails. ]

No, you are supposed to copy the suggest text for the bbappend verbatim, with the exception of the SRC_URI[md5sum] which need to be corrected to match the actual MD5 sum (which bitbake will tell you when you try to build). The suggested additions/deletions for SRC_URI in the bbappend I suggested should be correct as specified, based on the differences between the apache2 recipe in Zeus and master. You will also need to copy the three new patch files from master of meta-webserver, and any of the other patches that have been updated between Zeus and master. Changing PV takes care of the actual update of the code to the new version (since it determines which tar ball is fetched from upstream).

//Peter

From: forums <forums@...>
Sent: den 26 augusti 2022 14:21
To: Peter Kjellerstedt <peter.kjellerstedt@...>
Subject: Re: [yocto] Bitbake + Patches


FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"

LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"

PV = "2.4.54"

SRC_URI += "file://0008-Fix-perl-install-directory-to-usr-bin.patch \
file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
file://0001-make_exports.awk-not-expose-the-path.patch"
SRC_URI_remove = "file://apache-configure_perlbin.patch"

SRC_URI[md5sum] = "<I don't have this at hand, but bitbake will tell you what it should be>"
SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"


H Peter. I have t admin, looking at the above bbappend, its really confusing to me. I’ve looked at some of the documents on bitbake and I just can’t find anything to teach me how to put a bbappend together to accomplish upgrading an application.

Like for example:

SRC_URI += "file://0008-Fix-perl-install-directory-to-usr-bin.patch

I believe this one should be:

SRC_URI += file:/usr/bin/patch

The next one:

file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch

I’ve no idea what this one will nee to be.

And this one:

file://0001-make_exports.awk-not-expose-the-path.patch

I don’t know what is supposed to go here either.


Then the SRC_URI_remove will be a pointer to the file containing the patches containing the diff’e between apache 12.4.1 and apache 2.4.54 ? I don’t think you can create a single patch file containing diff’s between multiple versions can you? I think it would have to be diff’s between apache 2.4.41 and 2.4.42. Right. Totally confused as to what to do here.

Any further help appreciated.

If you know of a resource for me to reference please pass it on. I just don’t see any clear documentation that explains how to construct a bbappend file.


Thanks, Jim



Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 413 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “4.1”, “4.2”, “4.3”, "4.99" and "Future", the more pressing/urgent issues being in "4.1" and then “4.2”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Re: [meta-security][PATCH resend] Parsec-service: add parsec user to teeclnt group when optee is present

Nicolas Dechesne <nicolas.dechesne@...>
 



On Mon, Aug 29, 2022 at 4:05 PM Jerome Forissier <jerome.forissier@...> wrote:
The optee-client package provides a PKCS#11 interface that may be used by
Parsec with the below configuration. For this to work, the parsec user
needs to be a member of the teeclnt group. Therefore, add it when 'optee'
is present in MACHINE_FEATURES.

 # Provider configuration in /etc/parsec/config.toml
 [[provider]]
 name = "pkcs11-optee"
 provider_type = "Pkcs11"
 key_info_manager = "sqlite-manager"
 library_path = "/usr/lib/libckteec.so.0"

Signed-off-by: Jerome Forissier <jerome.forissier@...>
---
 .../recipes-parsec/parsec-service/parsec-service_1.0.0.bb        | 1 +
 1 file changed, 1 insertion(+)

This is a resend because a few hours after my initial post I still can't
find it at https://lists.yoctoproject.org/g/yocto/messages. I am now
subscribed to the list so hopefully it will help (although
https://git.yoctoproject.org/meta-security/tree/README doesn't mention
subscription).

Subscription is not required, but then you end up in the moderation queue. I can see your message in the moderation queue, I will delete the original message. 
 

diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
index ad7e560..ea2b0c9 100644
--- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
+++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
@@ -68,6 +68,7 @@ USERADD_PACKAGES = "${PN}"
 USERADD_PARAM:${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
 GROUPADD_PARAM:${PN} = "-r parsec"
 GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss', '', d)}"
+GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('MACHINE_FEATURES', 'optee', '-a parsec -g teeclnt', '', d)}"

 FILES:${PN} += " \
     ${sysconfdir}/parsec/config.toml \
--
2.34.1





[meta-security][PATCH resend] Parsec-service: add parsec user to teeclnt group when optee is present

Jerome Forissier <jerome.forissier@...>
 

The optee-client package provides a PKCS#11 interface that may be used by
Parsec with the below configuration. For this to work, the parsec user
needs to be a member of the teeclnt group. Therefore, add it when 'optee'
is present in MACHINE_FEATURES.

# Provider configuration in /etc/parsec/config.toml
[[provider]]
name = "pkcs11-optee"
provider_type = "Pkcs11"
key_info_manager = "sqlite-manager"
library_path = "/usr/lib/libckteec.so.0"

Signed-off-by: Jerome Forissier <jerome.forissier@...>
---
.../recipes-parsec/parsec-service/parsec-service_1.0.0.bb | 1 +
1 file changed, 1 insertion(+)

This is a resend because a few hours after my initial post I still can't
find it at https://lists.yoctoproject.org/g/yocto/messages. I am now
subscribed to the list so hopefully it will help (although
https://git.yoctoproject.org/meta-security/tree/README doesn't mention
subscription).

diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
index ad7e560..ea2b0c9 100644
--- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
+++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
@@ -68,6 +68,7 @@ USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
GROUPADD_PARAM:${PN} = "-r parsec"
GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss', '', d)}"
+GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('MACHINE_FEATURES', 'optee', '-a parsec -g teeclnt', '', d)}"

FILES:${PN} += " \
${sysconfdir}/parsec/config.toml \
--
2.34.1


Re: [meta-xilinx][PATCH] Use new variable LICENSE_FLAGS_ACCEPTED

Yu, Mingli
 

Ping.

Thanks,

On 4/24/22 11:20, Yu, Mingli wrote:
From: Mingli Yu <mingli.yu@...>
Signed-off-by: Mingli Yu <mingli.yu@...>
---
meta-xilinx-bsp/README.md | 4 ++--
meta-xilinx-core/README.md | 4 ++--
meta-xilinx-core/README.qemu.md | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/meta-xilinx-bsp/README.md b/meta-xilinx-bsp/README.md
index e4142861..85a5b38f 100644
--- a/meta-xilinx-bsp/README.md
+++ b/meta-xilinx-bsp/README.md
@@ -73,11 +73,11 @@ In order to use recipes that rely on restricted content the `xilinx` license
flag must be white-listed in the build configuration (e.g. `local.conf`). This
can be done on a per package basis:
- LICENSE_FLAGS_WHITELIST += "xilinx_pmu-rom"
+ LICENSE_FLAGS_ACCEPTED += "xilinx_pmu-rom"
or generally:
- LICENSE_FLAGS_WHITELIST += "xilinx"
+ LICENSE_FLAGS_ACCEPTED += "xilinx"
Generally speaking Xilinx content that is provided as a restricted download
cannot be obtained without a Xilinx account, in order to use this content you
diff --git a/meta-xilinx-core/README.md b/meta-xilinx-core/README.md
index 8997760c..3fae999f 100644
--- a/meta-xilinx-core/README.md
+++ b/meta-xilinx-core/README.md
@@ -72,11 +72,11 @@ In order to use recipes that rely on restricted content the `xilinx` license
flag must be white-listed in the build configuration (e.g. `local.conf`). This
can be done on a per package basis:
- LICENSE_FLAGS_WHITELIST += "xilinx_pmu-rom-native"
+ LICENSE_FLAGS_ACCEPTED += "xilinx_pmu-rom-native"
or generally:
- LICENSE_FLAGS_WHITELIST += "xilinx"
+ LICENSE_FLAGS_ACCEPTED += "xilinx"
Generally speaking Xilinx content that is provided as a restricted download
cannot be obtained without a Xilinx account, in order to use this content you
diff --git a/meta-xilinx-core/README.qemu.md b/meta-xilinx-core/README.qemu.md
index d0040b09..5cc599a4 100644
--- a/meta-xilinx-core/README.qemu.md
+++ b/meta-xilinx-core/README.qemu.md
@@ -10,11 +10,11 @@ The PMU ROM is available for download, and a specific recipe has been created
to make this available: pmu-rom-native.
The license on the software is Xilinx proprietary, so you may be required to
-enable the approprate LICENSE_FLAGS_WHITELIST to trigger the download.
+enable the approprate LICENSE_FLAGS_ACCEPTED to trigger the download.
The license itself is available within the download at the URL referred to in
meta-xilinx-core/recipes-bsp/pmu-firmware/pmu-rom-native_2022.1.bb.
Add the following to your local.conf to acknowledge you accept the proprietary
xilinx license.
- LICENSE_FLAGS_WHITELIST:append = " xilinx"
+ LICENSE_FLAGS_ACCEPTED:append = " xilinx"


Re: Bitbake + Patches

bitflipper <forums@...>
 

Hi Peter. In my mind this process is starting to come together as to why is happening. So I copied the bbappend file as is and I did get the error your expected that I would about the md5sum:


ERROR: apache2-2.4.54-r0 do_fetch: Checksum failure fetching https://archive.apache.org/dist/httpd/httpd-2.4.54.tar.bz2
ERROR: apache2-2.4.54-r0 do_fetch: Fetcher failure for URL: 'https://archive.apache.org/dist/httpd/httpd-2.4.54.tar.bz2'. Checksum mismatch!
File: '/ct/yocto/imx-5.4.70/downloads/httpd-2.4.54.tar.bz2' has md5 checksum 861b43073ab416d689f1fc4dfa087711 when <I don't have this at hand, but bitbake will tell you what it should be> was expected
If this change is expected (e.g. you have upgraded to a new version without updating the checksums) then you can use these lines within the recipe:
SRC_URI[md5sum] = "861b43073ab416d689f1fc4dfa087711"
SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"
Otherwise you should retry the download and/or check with upstream to determine if the file has become corrupted or otherwise unexpectedly modified.

But then I don’t understand what needs to be done with what you said here:

You then also need to copy the three new patches and any other
patches that differs between zeus and master and put them in your
layer together with the bbappend file (in a subdirectory called
"recipes-httpd/apache2/apache2”)

My assumption here is that I need to copy the difference between the Zeus and Master recipe for apache2 and place them in a file here;

recipies-httpd/apache2/apache2

The name of the file will be apache2 and it will contain the diffs between Zeus and Master for the apache2 recipes. And the diff are from the following file:

./sources/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.41.bb

Right?


Thanks, Jim






On Aug 26, 2022, at 10:03 AM, Peter Kjellerstedt <peter.kjellerstedt@...> wrote:

[ In the future, please make sure to reply to list and not just to me. ]
[ Top posting since Outlook doesn’t support inline responses to HTML mails. ]

No, you are supposed to copy the suggest text for the bbappend verbatim, with the exception of the SRC_URI[md5sum] which need to be corrected to match the actual MD5 sum (which bitbake will tell you when you try to build). The suggested additions/deletions for SRC_URI in the bbappend I suggested should be correct as specified, based on the differences between the apache2 recipe in Zeus and master. You will also need to copy the three new patch files from master of meta-webserver, and any of the other patches that have been updated between Zeus and master. Changing PV takes care of the actual update of the code to the new version (since it determines which tar ball is fetched from upstream).

//Peter

From: forums <forums@...>
Sent: den 26 augusti 2022 14:21
To: Peter Kjellerstedt <peter.kjellerstedt@...>
Subject: Re: [yocto] Bitbake + Patches


FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"

LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"

PV = "2.4.54"

SRC_URI += "file://0008-Fix-perl-install-directory-to-usr-bin.patch \
file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch \
file://0001-make_exports.awk-not-expose-the-path.patch"
SRC_URI_remove = "file://apache-configure_perlbin.patch"

SRC_URI[md5sum] = "<I don't have this at hand, but bitbake will tell you what it should be>"
SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340"


H Peter. I have t admin, looking at the above bbappend, its really confusing to me. I’ve looked at some of the documents on bitbake and I just can’t find anything to teach me how to put a bbappend together to accomplish upgrading an application.

Like for example:

SRC_URI += "file://0008-Fix-perl-install-directory-to-usr-bin.patch

I believe this one should be:

SRC_URI += file:/usr/bin/patch

The next one:

file://0009-support-apxs.in-force-destdir-to-be-empty-string.patch

I’ve no idea what this one will nee to be.

And this one:

file://0001-make_exports.awk-not-expose-the-path.patch

I don’t know what is supposed to go here either.


Then the SRC_URI_remove will be a pointer to the file containing the patches containing the diff’e between apache 12.4.1 and apache 2.4.54 ? I don’t think you can create a single patch file containing diff’s between multiple versions can you? I think it would have to be diff’s between apache 2.4.41 and 2.4.42. Right. Totally confused as to what to do here.

Any further help appreciated.

If you know of a resource for me to reference please pass it on. I just don’t see any clear documentation that explains how to construct a bbappend file.


Thanks, Jim


[meta-selinux][PATCH 16/16] setools: fix buildpaths issue

Yi Zhao
 

Fixes:
QA Issue: File /usr/src/debug/setools/4.4.0-r0/setools/policyrep.c in package setools-src
contains reference to TMPDIR [buildpaths]

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/setools/setools_4.4.0.bb | 33 ++++++++++++-----------
1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/recipes-security/setools/setools_4.4.0.bb b/recipes-security/setools/setools_4.4.0.bb
index f1557b1..81b0bfb 100644
--- a/recipes-security/setools/setools_4.4.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -1,37 +1,38 @@
SUMMARY = "Policy analysis tools for SELinux"
DESCRIPTION = "\
SETools is a collection of graphical tools, command-line tools, and \
-libraries designed to facilitate SELinux policy analysis. \
-\n\
-This meta-package depends upon the main packages necessary to run \
-SETools."
+libraries designed to facilitate SELinux policy analysis."
SECTION = "base"
LICENSE = "GPL-2.0-only & LGPL-2.1-only"

-S = "${WORKDIR}/git"
SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4;protocol=https \
file://setools4-fixes-for-cross-compiling.patch \
-"
-
+ "
SRCREV = "4758cdf803d93274f49cb6445cb2bab527d6549f"

LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"

-DEPENDS += "bison-native flex-native swig-native python3 python3-cython-native libsepol libselinux"
+S = "${WORKDIR}/git"
+
+DEPENDS = "python3-cython-native libsepol libselinux"

-RDEPENDS:${PN} += "python3-networkx python3-decorator python3-setuptools \
- python3-logging python3-json libselinux-python"
+RDEPENDS:${PN} = "python3-networkx python3-setuptools \
+ python3-logging libselinux-python"

-RPROVIDES:${PN} += "${PN}-console"
+RPROVIDES:${PN} = "${PN}-console"

inherit setuptools3

+do_install:prepend() {
+ sed -i -e 's:${RECIPE_SYSROOT}::g' ${S}/setools/policyrep.c
+}
+
do_install:append() {
- # Need PyQt5 support, disable gui tools
- rm -f ${D}${bindir}/apol
- rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
- rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/__pycache__
- rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/*/__pycache__
+ # Need PyQt5 support, disable gui tools
+ rm -f ${D}${bindir}/apol
+ rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
+ rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/__pycache__
+ rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/*/__pycache__
}
--
2.25.1


[meta-selinux][PATCH 15/16] semodule-utils: upgrade 3.3 -> 3.4

Yi Zhao
 

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../{semodule-utils_3.3.bb => semodule-utils_3.4.bb} | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
rename recipes-security/selinux/{semodule-utils_3.3.bb => semodule-utils_3.4.bb} (70%)

diff --git a/recipes-security/selinux/semodule-utils_3.3.bb b/recipes-security/selinux/semodule-utils_3.4.bb
similarity index 70%
rename from recipes-security/selinux/semodule-utils_3.3.bb
rename to recipes-security/selinux/semodule-utils_3.4.bb
index 06e28f4..3f53cf0 100644
--- a/recipes-security/selinux/semodule-utils_3.3.bb
+++ b/recipes-security/selinux/semodule-utils_3.4.bb
@@ -8,10 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc

-DEPENDS += "libsepol"
-RDEPENDS:${PN}-dev = ""
-
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol"

S = "${WORKDIR}/git/semodule-utils"

@@ -21,9 +18,9 @@ PACKAGES =+ "\
${PN}-semodule-package \
"

-FILES:${PN}-semodule-expand += "${bindir}/semodule_expand"
-FILES:${PN}-semodule-link += "${bindir}/semodule_link"
-FILES:${PN}-semodule-package += "\
+FILES:${PN}-semodule-expand = "${bindir}/semodule_expand"
+FILES:${PN}-semodule-link = "${bindir}/semodule_link"
+FILES:${PN}-semodule-package = "\
${bindir}/semodule_package \
${bindir}/semodule_unpackage \
"
--
2.25.1


[meta-selinux][PATCH 14/16] selinux-sandbox: upgrade 3.3 -> 3.4

Yi Zhao
 

* Backport a patch to fix chcat runtime error.
* Refresh patch.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
...andle-unsupported-languages-properly.patch | 49 +++++++++++++++++++
.../selinux-sandbox/sandbox-de-bashify.patch | 6 +--
...-sandbox_3.3.bb => selinux-sandbox_3.4.bb} | 8 +--
3 files changed, 57 insertions(+), 6 deletions(-)
create mode 100644 recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
rename recipes-security/selinux/{selinux-sandbox_3.3.bb => selinux-sandbox_3.4.bb} (77%)

diff --git a/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..f1d8235
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,49 @@
+From 70602601ac1cfc4399430ef8609b96fc224d1e25 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@...>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+ # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+ $ chcat --help
+ Traceback (most recent call last):
+ File "/usr/bin/chcat", line 39, in <module>
+ t = gettext.translation(PROGNAME,
+ File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+ raise FileNotFoundError(ENOENT,
+ FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@...>
+Reviewed-by: Daniel Burgener <dburgener@...>
+Acked-by: Petr Lautrbach <plautrba@...>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ sandbox | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sandbox b/sandbox
+index cd5709f..789621e 100644
+--- a/sandbox
++++ b/sandbox
+@@ -45,7 +45,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+--
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
index e9622f0..6258b7c 100644
--- a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
+++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
@@ -1,4 +1,4 @@
-From b92c39f0be5552c19923f75aef4487348a08b7dc Mon Sep 17 00:00:00 2001
+From d592d59eb4e7dbf8ce6dc84b3f4c0026fd7cc60c Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@...>
Date: Fri, 20 Feb 2015 21:07:47 -0500
Subject: [PATCH] sandbox: de-bashify
@@ -6,7 +6,7 @@ Subject: [PATCH] sandbox: de-bashify
There's no bashisms apparent in either the sandbox initscript nor the
sandboxX script, so point them at /bin/sh instead.

-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]

Signed-off-by: Joe MacDonald <joe_macdonald@...>
Signed-off-by: Wenzong Fan <wenzong.fan@...>
@@ -37,5 +37,5 @@ index eaa500d..8755d75 100644
context=`id -Z | secon -t -l -P`
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
--
-2.7.4
+2.25.1

diff --git a/recipes-security/selinux/selinux-sandbox_3.3.bb b/recipes-security/selinux/selinux-sandbox_3.4.bb
similarity index 77%
rename from recipes-security/selinux/selinux-sandbox_3.3.bb
rename to recipes-security/selinux/selinux-sandbox_3.4.bb
index cc9baad..a5a8e13 100644
--- a/recipes-security/selinux/selinux-sandbox_3.3.bb
+++ b/recipes-security/selinux/selinux-sandbox_3.4.bb
@@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc

-SRC_URI += "file://sandbox-de-bashify.patch"
+SRC_URI += "file://sandbox-de-bashify.patch \
+ file://0001-gettext-handle-unsupported-languages-properly.patch \
+ "

S = "${WORKDIR}/git/sandbox"

-DEPENDS += "libcap-ng libselinux"
+DEPENDS = "libselinux libcap-ng gettext-native"

-RDEPENDS:${PN} += "\
+RDEPENDS:${PN} = "\
python3-core \
python3-math \
python3-shell \
--
2.25.1


[meta-selinux][PATCH 13/16] selinux-gui: upgrade 3.3 -> 3.4

Yi Zhao
 

Backport a patch to fix chcat runtime error.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
...andle-unsupported-languages-properly.patch | 199 ++++++++++++++++++
...{selinux-gui_3.3.bb => selinux-gui_3.4.bb} | 5 +-
2 files changed, 203 insertions(+), 1 deletion(-)
create mode 100644 recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
rename recipes-security/selinux/{selinux-gui_3.3.bb => selinux-gui_3.4.bb} (78%)

diff --git a/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..d79db22
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,199 @@
+From a0a67119412622141a7f8365eff10de6395be7ca Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@...>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+ # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+ $ chcat --help
+ Traceback (most recent call last):
+ File "/usr/bin/chcat", line 39, in <module>
+ t = gettext.translation(PROGNAME,
+ File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+ raise FileNotFoundError(ENOENT,
+ FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@...>
+Reviewed-by: Daniel Burgener <dburgener@...>
+Acked-by: Petr Lautrbach <plautrba@...>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ booleansPage.py | 3 ++-
+ domainsPage.py | 3 ++-
+ fcontextPage.py | 3 ++-
+ loginsPage.py | 3 ++-
+ modulesPage.py | 3 ++-
+ polgengui.py | 3 ++-
+ portsPage.py | 3 ++-
+ semanagePage.py | 3 ++-
+ statusPage.py | 3 ++-
+ system-config-selinux.py | 3 ++-
+ usersPage.py | 3 ++-
+ 11 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/booleansPage.py b/booleansPage.py
+index 5beec58..ad11a9b 100644
+--- a/booleansPage.py
++++ b/booleansPage.py
+@@ -46,7 +46,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/domainsPage.py b/domainsPage.py
+index e08f34b..e6eadd6 100644
+--- a/domainsPage.py
++++ b/domainsPage.py
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/fcontextPage.py b/fcontextPage.py
+index bac2bec..767664f 100644
+--- a/fcontextPage.py
++++ b/fcontextPage.py
+@@ -55,7 +55,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/loginsPage.py b/loginsPage.py
+index 18b93d8..7e08232 100644
+--- a/loginsPage.py
++++ b/loginsPage.py
+@@ -37,7 +37,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/modulesPage.py b/modulesPage.py
+index c546d45..02b79f1 100644
+--- a/modulesPage.py
++++ b/modulesPage.py
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/polgengui.py b/polgengui.py
+index a18f1cb..7a3ecd5 100644
+--- a/polgengui.py
++++ b/polgengui.py
+@@ -71,7 +71,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/portsPage.py b/portsPage.py
+index 54aa80d..bee2bdf 100644
+--- a/portsPage.py
++++ b/portsPage.py
+@@ -43,7 +43,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/semanagePage.py b/semanagePage.py
+index 1371d4e..efad14d 100644
+--- a/semanagePage.py
++++ b/semanagePage.py
+@@ -30,7 +30,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/statusPage.py b/statusPage.py
+index c241ef8..832849e 100644
+--- a/statusPage.py
++++ b/statusPage.py
+@@ -43,7 +43,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/system-config-selinux.py b/system-config-selinux.py
+index 1b460c9..9f53b7f 100644
+--- a/system-config-selinux.py
++++ b/system-config-selinux.py
+@@ -53,7 +53,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/usersPage.py b/usersPage.py
+index d51bd96..9acd3b8 100644
+--- a/usersPage.py
++++ b/usersPage.py
+@@ -37,7 +37,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+--
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-gui_3.3.bb b/recipes-security/selinux/selinux-gui_3.4.bb
similarity index 78%
rename from recipes-security/selinux/selinux-gui_3.3.bb
rename to recipes-security/selinux/selinux-gui_3.4.bb
index 9916afb..fa80860 100644
--- a/recipes-security/selinux/selinux-gui_3.3.bb
+++ b/recipes-security/selinux/selinux-gui_3.4.bb
@@ -8,9 +8,12 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc

+SRC_URI += "file://0001-gettext-handle-unsupported-languages-properly.patch"
+
S = "${WORKDIR}/git/gui"

-RDEPENDS:${PN} += "python3-core"
+DEPENDS = "gettext-native"
+RDEPENDS:${PN} = "python3-core"

FILES:${PN} += " \
${datadir}/system-config-selinux/* \
--
2.25.1


[meta-selinux][PATCH 12/16] selinux-dbus: upgrade 3.3 -> 3.4

Yi Zhao
 

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb} (89%)

diff --git a/recipes-security/selinux/selinux-dbus_3.3.bb b/recipes-security/selinux/selinux-dbus_3.4.bb
similarity index 89%
rename from recipes-security/selinux/selinux-dbus_3.3.bb
rename to recipes-security/selinux/selinux-dbus_3.4.bb
index 936baed..1619829 100644
--- a/recipes-security/selinux/selinux-dbus_3.3.bb
+++ b/recipes-security/selinux/selinux-dbus_3.4.bb
@@ -9,7 +9,7 @@ require selinux_common.inc

S = "${WORKDIR}/git/dbus"

-RDEPENDS:${PN} += "python3-core selinux-python-sepolicy"
+RDEPENDS:${PN} = "python3-core selinux-python-sepolicy"

FILES:${PN} += "\
${datadir}/system-config-selinux/selinux_server.py \
--
2.25.1


[meta-selinux][PATCH 11/16] selinux-python: upgrade 3.3 -> 3.4

Yi Zhao
 

* Backport a patch to fix chcat runtime error.
* Refresh patch.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
...andle-unsupported-languages-properly.patch | 173 ++++++++++++++++++
.../fix-sepolicy-install-path.patch | 4 +-
...ux-python_3.3.bb => selinux-python_3.4.bb} | 51 +++---
3 files changed, 201 insertions(+), 27 deletions(-)
create mode 100644 recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
rename recipes-security/selinux/{selinux-python_3.3.bb => selinux-python_3.4.bb} (82%)

diff --git a/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..b83300d
--- /dev/null
+++ b/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,173 @@
+From 4693794ff8c52f87a4abdb68fe9dae6618023c03 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@...>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+ # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+ $ chcat --help
+ Traceback (most recent call last):
+ File "/usr/bin/chcat", line 39, in <module>
+ t = gettext.translation(PROGNAME,
+ File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+ raise FileNotFoundError(ENOENT,
+ FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@...>
+Reviewed-by: Daniel Burgener <dburgener@...>
+Acked-by: Petr Lautrbach <plautrba@...>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@...>
+---
+ chcat/chcat | 5 +++--
+ semanage/semanage | 3 ++-
+ semanage/seobject.py | 3 ++-
+ sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++-
+ sepolicy/sepolicy.py | 3 ++-
+ sepolicy/sepolicy/__init__.py | 3 ++-
+ sepolicy/sepolicy/generate.py | 3 ++-
+ sepolicy/sepolicy/gui.py | 3 ++-
+ sepolicy/sepolicy/interface.py | 3 ++-
+ 9 files changed, 20 insertions(+), 10 deletions(-)
+
+diff --git a/chcat/chcat b/chcat/chcat
+index e779fcc..952cb81 100755
+--- a/chcat/chcat
++++ b/chcat/chcat
+@@ -38,9 +38,10 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+-except ImportError:
++except:
+ try:
+ import builtins
+ builtins.__dict__['_'] = str
+diff --git a/semanage/semanage b/semanage/semanage
+index 8f4e44a..f45061a 100644
+--- a/semanage/semanage
++++ b/semanage/semanage
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/semanage/seobject.py b/semanage/seobject.py
+index ff8f4e9..0782c08 100644
+--- a/semanage/seobject.py
++++ b/semanage/seobject.py
+@@ -42,7 +42,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolgen/src/sepolgen/sepolgeni18n.py b/sepolgen/src/sepolgen/sepolgeni18n.py
+index 56ebd80..1ff307d 100644
+--- a/sepolgen/src/sepolgen/sepolgeni18n.py
++++ b/sepolgen/src/sepolgen/sepolgeni18n.py
+@@ -19,7 +19,9 @@
+
+ try:
+ import gettext
+- t = gettext.translation( 'selinux-python' )
++ t = gettext.translation("selinux-python",
++ localedir="/usr/share/locale",
++ fallback=True)
+ _ = t.gettext
+ except:
+ def _(str):
+diff --git a/sepolicy/sepolicy.py b/sepolicy/sepolicy.py
+index 7ebe0ef..c7a70e0 100755
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -36,7 +36,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/__init__.py b/sepolicy/sepolicy/__init__.py
+index 7208234..9c3caa0 100644
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -31,7 +31,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/generate.py b/sepolicy/sepolicy/generate.py
+index 67189fc..3717d5d 100644
+--- a/sepolicy/sepolicy/generate.py
++++ b/sepolicy/sepolicy/generate.py
+@@ -56,7 +56,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/gui.py b/sepolicy/sepolicy/gui.py
+index b026374..5bdbfeb 100644
+--- a/sepolicy/sepolicy/gui.py
++++ b/sepolicy/sepolicy/gui.py
+@@ -49,7 +49,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/interface.py b/sepolicy/sepolicy/interface.py
+index 599f97f..43f8644 100644
+--- a/sepolicy/sepolicy/interface.py
++++ b/sepolicy/sepolicy/interface.py
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+--
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
index 4e91df7..bd14450 100644
--- a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
+++ b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
@@ -1,4 +1,4 @@
-From df40fadfb251cc2aebdbd2e216f99a8ae7da7763 Mon Sep 17 00:00:00 2001
+From d43220e336edf8ccaaa7bd3eb9c13874ed34d468 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@...>
Date: Mon, 23 Sep 2013 21:17:59 +0800
Subject: [PATCH] sepolicy: fix install path for new pymodule sepolicy
@@ -26,5 +26,5 @@ index 3361be4..5842321 100644
install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
(cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
--
-2.17.1
+2.25.1

diff --git a/recipes-security/selinux/selinux-python_3.3.bb b/recipes-security/selinux/selinux-python_3.4.bb
similarity index 82%
rename from recipes-security/selinux/selinux-python_3.3.bb
rename to recipes-security/selinux/selinux-python_3.4.bb
index 8f76718..cc279f2 100644
--- a/recipes-security/selinux/selinux-python_3.3.bb
+++ b/recipes-security/selinux/selinux-python_3.4.bb
@@ -10,40 +10,41 @@ require selinux_common.inc

inherit python3native

-SRC_URI += "file://fix-sepolicy-install-path.patch"
+SRC_URI += "file://fix-sepolicy-install-path.patch \
+ file://0001-gettext-handle-unsupported-languages-properly.patch \
+ "

S = "${WORKDIR}/git/python"

-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol libselinux gettext-native"

-DEPENDS += "python3 libsepol libselinux"
-RDEPENDS:${BPN}-audit2allow += "\
- python3-core \
- libselinux-python \
- ${BPN}-sepolgen \
-"
-RDEPENDS:${BPN}-chcat += "\
+RDEPENDS:${PN} = "\
python3-core \
python3-codecs \
- python3-shell \
+ python3-io \
+ python3-ipy \
python3-stringold \
+ python3-syslog \
python3-unixadmin \
libselinux-python \
- ${BPN} \
+ libsemanage-python \
+ setools \
"
-RDEPENDS:${BPN} += "\
+RDEPENDS:${PN}-audit2allow = "\
+ python3-core \
+ libselinux-python \
+ ${PN}-sepolgen \
+"
+RDEPENDS:${PN}-chcat = "\
python3-core \
python3-codecs \
- python3-io \
- python3-ipy \
+ python3-shell \
python3-stringold \
- python3-syslog \
python3-unixadmin \
libselinux-python \
- libsemanage-python \
- setools \
+ ${PN} \
"
-RDEPENDS:${BPN}-semanage += "\
+RDEPENDS:${PN}-semanage = "\
python3-core \
python3-ipy \
python3-compression \
@@ -51,16 +52,16 @@ RDEPENDS:${BPN}-semanage += "\
python3-misc \
libselinux-python \
audit-python \
- ${BPN} \
+ ${PN} \
"
-RDEPENDS:${BPN}-sepolicy += "\
+RDEPENDS:${PN}-sepolicy = "\
python3-core \
python3-codecs \
python3-syslog \
python3-multiprocessing \
- ${BPN} \
+ ${PN} \
"
-RDEPENDS:${BPN}-sepolgen-ifgen += "\
+RDEPENDS:${PN}-sepolgen-ifgen = "\
python3-core \
libselinux-python \
"
@@ -85,16 +86,16 @@ FILES:${PN}-semanage = "\
${datadir}/bash-completion/completions/semanage \
"
# The ${bindir}/sepolgen is a symlink to ${bindir}/sepolicy
-FILES:${PN}-sepolicy += "\
+FILES:${PN}-sepolicy = "\
${bindir}/sepolgen \
${bindir}/sepolicy \
${datadir}/bash-completion/completions/sepolicy \
"
-FILES:${PN}-sepolgen-ifgen += "\
+FILES:${PN}-sepolgen-ifgen = "\
${bindir}/sepolgen-ifgen \
${bindir}/sepolgen-ifgen-attr-helper \
"
-FILES:${PN}-sepolgen += "\
+FILES:${PN}-sepolgen = "\
${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolgen* \
${localstatedir}/lib/sepolgen/perm_map \
"
--
2.25.1


[meta-selinux][PATCH 10/16] restorecond: upgrade 3.3 -> 3.4

Yi Zhao
 

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../selinux/{restorecond_3.3.bb => restorecond_3.4.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{restorecond_3.3.bb => restorecond_3.4.bb} (86%)

diff --git a/recipes-security/selinux/restorecond_3.3.bb b/recipes-security/selinux/restorecond_3.4.bb
similarity index 86%
rename from recipes-security/selinux/restorecond_3.3.bb
rename to recipes-security/selinux/restorecond_3.4.bb
index ee1cb44..5b690d8 100644
--- a/recipes-security/selinux/restorecond_3.3.bb
+++ b/recipes-security/selinux/restorecond_3.4.bb
@@ -10,11 +10,11 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc

-inherit systemd update-rc.d
+inherit pkgconfig systemd update-rc.d

-DEPENDS += "libsepol libselinux libpcre dbus-glib glib-2.0 pkgconfig-native"
+DEPENDS = "libsepol libselinux glib-2.0"

-EXTRA_OEMAKE += "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
+EXTRA_OEMAKE = "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
SYSTEMDUSERUNITDIR=${systemd_user_unitdir} \
"

--
2.25.1


[meta-selinux][PATCH 09/16] mcstrans: upgrade 3.3 -> 3.4

Yi Zhao
 

Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../selinux/mcstrans/mcstrans-de-bashify.patch | 6 +++---
.../mcstrans/mcstrans-fix-the-init-script.patch | 4 ++--
.../selinux/{mcstrans_3.3.bb => mcstrans_3.4.bb} | 12 ++++++------
3 files changed, 11 insertions(+), 11 deletions(-)
rename recipes-security/selinux/{mcstrans_3.3.bb => mcstrans_3.4.bb} (87%)

diff --git a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
index 27fd677..74ae879 100644
--- a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
@@ -1,4 +1,4 @@
-From 544b3c078374e5001e7fdc1b7d0b2eafda36f8fe Mon Sep 17 00:00:00 2001
+From 580a625e9e1266d92c248a5e3f471d12d42c149b Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@...>
Date: Fri, 7 Aug 2015 15:16:45 -0400
Subject: [PATCH] mcstrans: remove dependency on bash in initscript
@@ -8,7 +8,7 @@ dependency on bash.

Signed-off-by: Joe MacDonald <joe_macdonald@...>

-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]

Signed-off-by: Wenzong Fan <wenzong.fan@...>
Signed-off-by: Yi Zhao <yi.zhao@...>
@@ -27,5 +27,5 @@ index 2804ec0..8b4737d 100644
# mcstransd This starts and stops mcstransd
#
--
-2.7.4
+2.25.1

diff --git a/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
index 79be090..a560722 100644
--- a/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
@@ -1,4 +1,4 @@
-From 4d918a9679d2902ca2d41fe769a4d76f07a67b5f Mon Sep 17 00:00:00 2001
+From 123d5b6413905bfad535a072ff0ab5a495cb2a2a Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@...>
Date: Wed, 6 Nov 2019 22:13:33 +0800
Subject: [PATCH] mcstrans: fix the init script
@@ -28,5 +28,5 @@ index 8b4737d..86c89ea 100644
echo
if test $RETVAL = 0 ; then
--
-2.7.4
+2.25.1

diff --git a/recipes-security/selinux/mcstrans_3.3.bb b/recipes-security/selinux/mcstrans_3.4.bb
similarity index 87%
rename from recipes-security/selinux/mcstrans_3.3.bb
rename to recipes-security/selinux/mcstrans_3.4.bb
index cd8780b..b5d6b54 100644
--- a/recipes-security/selinux/mcstrans_3.3.bb
+++ b/recipes-security/selinux/mcstrans_3.4.bb
@@ -9,18 +9,18 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"

require selinux_common.inc

-inherit systemd update-rc.d
+inherit pkgconfig systemd update-rc.d

SRC_URI += "file://mcstrans-de-bashify.patch \
file://mcstrans-fix-the-init-script.patch \
"

-DEPENDS += "libsepol libselinux libcap"
+DEPENDS = "libsepol libselinux libcap"

-EXTRA_OEMAKE += "SBINDIR=${base_sbindir} \
- INITDIR=${sysconfdir}/init.d \
- SYSTEMDDIR=${systemd_unitdir} \
- "
+EXTRA_OEMAKE = "SBINDIR=${base_sbindir} \
+ INITDIR=${sysconfdir}/init.d \
+ SYSTEMDDIR=${systemd_unitdir} \
+ "

S = "${WORKDIR}/git/mcstrans"

--
2.25.1


[meta-selinux][PATCH 08/16] policycoreutils: upgrade 3.3 -> 3.4

Yi Zhao
 

Refresh patch.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../policycoreutils-fixfiles-de-bashify.patch | 14 ++--
...oreutils_3.3.bb => policycoreutils_3.4.bb} | 72 +++++++++----------
2 files changed, 43 insertions(+), 43 deletions(-)
rename recipes-security/selinux/{policycoreutils_3.3.bb => policycoreutils_3.4.bb} (78%)

diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
index 70cdd4f..0e80959 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
@@ -1,4 +1,4 @@
-From 25ca94680f2fe20f49b80e8b5b180a0dbb903f17 Mon Sep 17 00:00:00 2001
+From cdc8f6e887d9ab8944e3ae89dd18bf55edf080c4 Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@...>
Date: Fri, 20 Feb 2015 17:00:19 -0500
Subject: [PATCH] fixfiles: de-bashify
@@ -10,7 +10,7 @@ necessarily the best option here. Introducing a second invocation of rpm
is minimal overhead on an operation that should happen very infrequently,
so we'll try that instead.

-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]

Signed-off-by: Joe MacDonald <joe_macdonald@...>
Signed-off-by: Wenzong Fan <wenzong.fan@...>
@@ -19,7 +19,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@...>
1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/scripts/fixfiles b/scripts/fixfiles
-index 1aa330f..a10837d 100755
+index c72ca0e..143cc2e 100755
--- a/scripts/fixfiles
+++ b/scripts/fixfiles
@@ -1,4 +1,4 @@
@@ -51,7 +51,7 @@ index 1aa330f..a10837d 100755
exclude_from_relabelling="$exclude_from_relabelling -e $i"
done < /etc/selinux/fixfiles_exclude_dirs
fi
-@@ -138,7 +139,7 @@ fi
+@@ -140,7 +141,7 @@ fi
# Log directories excluded from relabelling by configuration file
#
LogExcluded() {
@@ -60,7 +60,7 @@ index 1aa330f..a10837d 100755
echo "skipping the directory $i"
done
}
-@@ -201,8 +202,12 @@ fi
+@@ -203,8 +204,12 @@ fi
}

rpmlist() {
@@ -75,7 +75,7 @@ index 1aa330f..a10837d 100755
}

#
-@@ -276,7 +281,7 @@ relabel() {
+@@ -295,7 +300,7 @@ relabel() {
exit 1
fi

@@ -85,5 +85,5 @@ index 1aa330f..a10837d 100755
return
fi
--
-2.13.0
+2.25.1

diff --git a/recipes-security/selinux/policycoreutils_3.3.bb b/recipes-security/selinux/policycoreutils_3.4.bb
similarity index 78%
rename from recipes-security/selinux/policycoreutils_3.3.bb
rename to recipes-security/selinux/policycoreutils_3.4.bb
index 552d354..ab871a3 100644
--- a/recipes-security/selinux/policycoreutils_3.3.bb
+++ b/recipes-security/selinux/policycoreutils_3.4.bb
@@ -18,48 +18,47 @@ PAM_SRC_URI = "file://pam.d/newrole \
file://pam.d/run_init \
"

-DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
-EXTRA_DEPENDS = "libcap-ng libcgroup"
-DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
+DEPENDS = "libsepol libselinux libsemanage gettext-native"
+DEPENDS:append:class-target = " libcap-ng"

S = "${WORKDIR}/git/policycoreutils"

inherit selinux python3native

-RDEPENDS:${BPN}-fixfiles += "\
- ${BPN}-setfiles \
+RDEPENDS:${PN}-fixfiles = "\
+ ${PN}-setfiles \
grep \
findutils \
"
-RDEPENDS:${BPN}-genhomedircon += "\
- ${BPN}-semodule \
+RDEPENDS:${PN}-genhomedircon = "\
+ ${PN}-semodule \
"
-RDEPENDS:${BPN}-loadpolicy += "\
+RDEPENDS:${PN}-loadpolicy = "\
libselinux \
libsepol \
"
-RDEPENDS:${BPN}-newrole += "\
+RDEPENDS:${PN}-newrole = "\
libcap-ng \
libselinux \
"
-RDEPENDS:${BPN}-runinit += "libselinux"
-RDEPENDS:${BPN}-secon += "libselinux"
-RDEPENDS:${BPN}-semodule += "\
+RDEPENDS:${PN}-runinit = "libselinux"
+RDEPENDS:${PN}-secon = "libselinux"
+RDEPENDS:${PN}-semodule = "\
libsepol \
libselinux \
libsemanage \
"
-RDEPENDS:${BPN}-sestatus += "libselinux"
-RDEPENDS:${BPN}-setfiles += "\
+RDEPENDS:${PN}-sestatus = "libselinux"
+RDEPENDS:${PN}-setfiles = "\
libselinux \
libsepol \
"
-RDEPENDS:${BPN}-setsebool += "\
+RDEPENDS:${PN}-setsebool = "\
libsepol \
libselinux \
libsemanage \
"
-RDEPENDS:${BPN} += "selinux-python"
+RDEPENDS:${PN}:class-target = "selinux-python"

PACKAGES =+ "\
${PN}-fixfiles \
@@ -74,34 +73,34 @@ PACKAGES =+ "\
${PN}-setfiles \
${PN}-setsebool \
"
-FILES:${PN}-fixfiles += "${base_sbindir}/fixfiles"
-FILES:${PN}-genhomedircon += "${base_sbindir}/genhomedircon"
-FILES:${PN}-loadpolicy += "\
+FILES:${PN}-fixfiles = "${base_sbindir}/fixfiles"
+FILES:${PN}-genhomedircon = "${base_sbindir}/genhomedircon"
+FILES:${PN}-loadpolicy = "\
${base_sbindir}/load_policy \
"
-FILES:${PN}-newrole += "\
+FILES:${PN}-newrole = "\
${bindir}/newrole \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \
"
-FILES:${PN}-runinit += "\
+FILES:${PN}-runinit = "\
${base_sbindir}/run_init \
${base_sbindir}/open_init_pty \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \
"
FILES:${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug"
-FILES:${PN}-secon += "${bindir}/secon"
-FILES:${PN}-semodule += "${base_sbindir}/semodule"
-FILES:${PN}-hll += "${prefix}/libexec/selinux/hll/*"
-FILES:${PN}-sestatus += "\
+FILES:${PN}-secon = "${bindir}/secon"
+FILES:${PN}-semodule = "${base_sbindir}/semodule"
+FILES:${PN}-hll = "${prefix}/libexec/selinux/hll/*"
+FILES:${PN}-sestatus = "\
${base_sbindir}/sestatus \
${sysconfdir}/sestatus.conf \
"
-FILES:${PN}-setfiles += "\
+FILES:${PN}-setfiles = "\
${base_sbindir}/restorecon \
${base_sbindir}/restorecon_xattr \
${base_sbindir}/setfiles \
"
-FILES:${PN}-setsebool += "\
+FILES:${PN}-setsebool = "\
${base_sbindir}/setsebool \
${datadir}/bash-completion/completions/setsebool \
"
@@ -115,11 +114,12 @@ PACKAGECONFIG:class-target ?= "\
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)} \
audit \
"
+PACKAGECONFIG:class-native ?= ""

PACKAGECONFIG[libpam] = ",,libpam,"
PACKAGECONFIG[audit] = ",,audit,"

-EXTRA_OEMAKE += "\
+EXTRA_OEMAKE = "\
${@bb.utils.contains('PACKAGECONFIG', 'libpam', 'PAMH=y', 'PAMH=', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'audit', 'AUDITH=y', 'AUDITH=', d)} \
INOTIFYH=n \
@@ -131,6 +131,14 @@ BBCLASSEXTEND = "native"

PCU_NATIVE_CMDS = "setfiles semodule hll"

+do_compile:prepend() {
+ export PYTHON=python3
+ export PYLIBVER='python${PYTHON_BASEVERSION}'
+ export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
+ export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
+ export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
+}
+
do_compile:class-native() {
for PCU_CMD in ${PCU_NATIVE_CMDS} ; do
oe_runmake -C $PCU_CMD \
@@ -143,14 +151,6 @@ sysroot_stage_dirs:append:class-native() {
cp -R $from/${prefix}/libexec $to/${prefix}/libexec
}

-do_compile:prepend() {
- export PYTHON=python3
- export PYLIBVER='python${PYTHON_BASEVERSION}'
- export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
- export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
- export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
-}
-
do_install:prepend() {
export PYTHON=python3
export SBINDIR="${D}/${base_sbindir}"
--
2.25.1


[meta-selinux][PATCH 07/16] secilc: upgrade 3.3 -> 3.4

Yi Zhao
 

Use precise license BSD-2-Clause instead of license BSD.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} (85%)

diff --git a/recipes-security/selinux/secilc_3.3.bb b/recipes-security/selinux/secilc_3.4.bb
similarity index 85%
rename from recipes-security/selinux/secilc_3.3.bb
rename to recipes-security/selinux/secilc_3.4.bb
index 60ab2fe..e30cd3a 100644
--- a/recipes-security/selinux/secilc_3.3.bb
+++ b/recipes-security/selinux/secilc_3.4.bb
@@ -3,12 +3,12 @@ DESCRIPTION = "\
This package contains secilc, the SELinux Common Intermediate \
Language (CIL) compiler."
SECTION = "base"
-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c7e802b9a3b0c2c852669864c08b9138"

require selinux_common.inc

-DEPENDS += "libsepol xmlto-native"
+DEPENDS = "libsepol xmlto-native"

S = "${WORKDIR}/git/secilc"

--
2.25.1


[meta-selinux][PATCH 06/16] checkpolicy: upgrade 3.3 -> 3.4

Yi Zhao
 

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb} | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
rename recipes-security/selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb} (84%)

diff --git a/recipes-security/selinux/checkpolicy_3.3.bb b/recipes-security/selinux/checkpolicy_3.4.bb
similarity index 84%
rename from recipes-security/selinux/checkpolicy_3.3.bb
rename to recipes-security/selinux/checkpolicy_3.4.bb
index ad90cc2..3df1bbb 100644
--- a/recipes-security/selinux/checkpolicy_3.3.bb
+++ b/recipes-security/selinux/checkpolicy_3.4.bb
@@ -11,10 +11,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"

require selinux_common.inc

-DEPENDS += "libsepol bison-native flex-native"
-
-EXTRA_OEMAKE += "LEX='flex'"
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol bison-native"

S = "${WORKDIR}/git/checkpolicy"

--
2.25.1


[meta-selinux][PATCH 05/16] libsemanage: upgrade 3.3 -> 3.4

Yi Zhao
 

Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../libsemanage-Fix-execve-segfaults-on-Ubuntu.patch | 10 +++++-----
.../libsemanage-allow-to-disable-audit-support.patch | 8 ++++----
...bsemanage-disable-expand-check-on-policy-load.patch | 8 ++++----
.../selinux/{libsemanage_3.3.bb => libsemanage_3.4.bb} | 9 +++++----
4 files changed, 18 insertions(+), 17 deletions(-)
rename recipes-security/selinux/{libsemanage_3.3.bb => libsemanage_3.4.bb} (91%)

diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
index 0b1f3d8..5a03d30 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
@@ -1,4 +1,4 @@
-From 01a37b94a1f5605a395e8b45ee9ec653ce716c06 Mon Sep 17 00:00:00 2001
+From 2111f86dce8defd9bebd9b43008339e3b5af0aa7 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@...>
Date: Mon, 26 Mar 2012 15:15:16 +0800
Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu.
@@ -9,7 +9,7 @@ Such as "make load" while building refpolicy.

http://oss.tresys.com/pipermail/refpolicy/2011-December/004859.html

-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]

Signed-off-by: Yi Zhao <yi.zhao@...>
---
@@ -17,10 +17,10 @@ Signed-off-by: Yi Zhao <yi.zhao@...>
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 58dded6..1a94545 100644
+index 14a0957..0a9200e 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
-@@ -1441,7 +1441,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
+@@ -1470,7 +1470,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
if (forkval == 0) {
/* child process. file descriptors will be closed
* because they were set as close-on-exec. */
@@ -30,5 +30,5 @@ index 58dded6..1a94545 100644
}

--
-2.7.4
+2.25.1

diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index ff5cb00..19263d8 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,9 +1,9 @@
-From e76867515be3bc296174aeb26c7996a0939a2a8c Mon Sep 17 00:00:00 2001
+From 5718384543ff06ad4032e90291f9e4398a2749c4 Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@...>
Date: Mon, 20 Jan 2014 03:53:48 -0500
Subject: [PATCH] libsemanage: allow to disable audit support

-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]

Signed-off-by: Wenzong Fan <wenzong.fan@...>
---
@@ -13,7 +13,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@...>
3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/Makefile b/src/Makefile
-index a0eb374..afc4437 100644
+index 71c2a1d..52f335e 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
@@ -122,5 +122,5 @@ index 69f49a3..f914492 100644
OBJECTS = $(SOURCES:.c=.o)
POLICIES = $(CILS:.cil=.policy)
--
-2.17.1
+2.25.1

diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
index d1e5720..6e0faeb 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
@@ -1,4 +1,4 @@
-From 35196d58cd37fec89fcf95e3d43b41de7008f0be Mon Sep 17 00:00:00 2001
+From dd52bfb66d710473aeb75c5fe92d5cf0a66b637e Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@...>
Date: Wed, 7 May 2014 11:36:27 -0400
Subject: [PATCH] libsemanage: disable expand-check on policy load
@@ -17,10 +17,10 @@ Signed-off-by: Joe MacDonald <joe@...>
1 file changed, 4 insertions(+)

diff --git a/src/semanage.conf b/src/semanage.conf
-index dc8d46b..254f156 100644
+index 98d769b..708fa8c 100644
--- a/src/semanage.conf
+++ b/src/semanage.conf
-@@ -39,3 +39,7 @@ module-store = direct
+@@ -40,3 +40,7 @@ module-store = direct
# By default, semanage will generate policies for the SELinux target.
# To build policies for Xen, uncomment the following line.
#target-platform = xen
@@ -29,5 +29,5 @@ index dc8d46b..254f156 100644
+# module. This results in a significant speed-up in policy loading.
+expand-check=0
--
-2.7.4
+2.25.1

diff --git a/recipes-security/selinux/libsemanage_3.3.bb b/recipes-security/selinux/libsemanage_3.4.bb
similarity index 91%
rename from recipes-security/selinux/libsemanage_3.3.bb
rename to recipes-security/selinux/libsemanage_3.4.bb
index b17eb68..08d2c9c 100644
--- a/recipes-security/selinux/libsemanage_3.3.bb
+++ b/recipes-security/selinux/libsemanage_3.4.bb
@@ -16,23 +16,24 @@ SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
file://libsemanage-disable-expand-check-on-policy-load.patch \
"

-DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native"
+DEPENDS = "libsepol libselinux bison-native swig-native"
+
DEPENDS:append:class-target = " audit"

S = "${WORKDIR}/git/libsemanage"

+EXTRA_OEMAKE:class-native = "DISABLE_AUDIT=y"
+
PACKAGES =+ "${PN}-python"

# For /usr/libexec/selinux/semanage_migrate_store
-RDEPENDS:${PN}-python += "python3-core"
+RDEPENDS:${PN}-python = "python3-core"

FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
${libexecdir}/selinux/semanage_migrate_store"
FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
FILES:${PN} += "${libexecdir}"

-EXTRA_OEMAKE:class-native += "DISABLE_AUDIT=y"
-
do_compile:append() {
oe_runmake pywrap \
PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
--
2.25.1


[meta-selinux][PATCH 04/16] libselinux-python: upgrade 3.3 -> 3.4

Yi Zhao
 

* Use libpcre2 instead of libpcre.
* Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
...linux-python_3.3.bb => libselinux-python_3.4.bb} | 13 +++++++------
...ix-python-modules-install-path-for-multili.patch | 8 ++++----
...PYCEXT-and-rely-on-the-installed-file-nam.patch} | 8 ++++----
3 files changed, 15 insertions(+), 14 deletions(-)
rename recipes-security/selinux/{libselinux-python_3.3.bb => libselinux-python_3.4.bb} (79%)
rename recipes-security/selinux/libselinux/{0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch => 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch} (94%)

diff --git a/recipes-security/selinux/libselinux-python_3.3.bb b/recipes-security/selinux/libselinux-python_3.4.bb
similarity index 79%
rename from recipes-security/selinux/libselinux-python_3.3.bb
rename to recipes-security/selinux/libselinux-python_3.4.bb
index 136f538..a850369 100644
--- a/recipes-security/selinux/libselinux-python_3.3.bb
+++ b/recipes-security/selinux/libselinux-python_3.4.bb
@@ -8,18 +8,20 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"

require selinux_common.inc

-inherit python3native python3targetconfig pkgconfig
+inherit python3targetconfig pkgconfig

FILESEXTRAPATHS:prepend := "${THISDIR}/libselinux:"
SRC_URI += "\
file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \
- file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
+ file://0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
"

S = "${WORKDIR}/git/libselinux"

-DEPENDS += "python3 swig-native libpcre libsepol"
-RDEPENDS:${PN} += "libselinux python3-core python3-shell"
+DEPENDS = "libsepol libpcre2 swig-native"
+DEPENDS:append:libc-musl = " fts"
+
+RDEPENDS:${PN} = "libselinux python3-core python3-shell"

def get_policyconfigarch(d):
import re
@@ -28,8 +30,7 @@ def get_policyconfigarch(d):
target = p.sub('i386',target)
return "ARCH=%s" % (target)

-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE = "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE:append:libc-musl = " FTS_LDLIBS=-lfts"

FILES:${PN} = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
diff --git a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
index 9dfd8d4..9750cd6 100644
--- a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
+++ b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
@@ -1,4 +1,4 @@
-From 41540f5c4e3552a2806097613f016d1a2fd4754a Mon Sep 17 00:00:00 2001
+From 1ff60a36bb0bfc95ce33cf950f58e121548a3c8a Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@...>
Date: Mon, 13 Apr 2020 12:44:23 +0800
Subject: [PATCH] Makefile: fix python modules install path for multilib
@@ -11,10 +11,10 @@ Signed-off-by: Yi Zhao <yi.zhao@...>
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Makefile b/src/Makefile
-index 190016e..dcdeb10 100644
+index 04bf4f2..81ae6a2 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -174,7 +174,7 @@ install: all
+@@ -181,7 +181,7 @@ install: all
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)

install-pywrap: pywrap
@@ -24,5 +24,5 @@ index 190016e..dcdeb10 100644
ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)

--
-2.17.1
+2.25.1

diff --git a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
similarity index 94%
rename from recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
rename to recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index 0fafcef..db7d68f 100644
--- a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -1,4 +1,4 @@
-From 1542c79660484a2f2e24ee0593586dba35c3ad13 Mon Sep 17 00:00:00 2001
+From dae53d7cd4d7875f7fb7aba016a0331559044eea Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@...>
Date: Fri, 25 Oct 2019 13:37:14 +0200
Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
@@ -27,7 +27,7 @@ Signed-off-by: Changqing Li <changqing.li@...>
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Makefile b/src/Makefile
-index dcdeb10..da6f719 100644
+index 81ae6a2..37399e1 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
@@ -38,7 +38,7 @@ index dcdeb10..da6f719 100644
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-@@ -176,7 +175,7 @@ install: all
+@@ -183,7 +182,7 @@ install: all
install-pywrap: pywrap
$(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) $(PYTHON_SETUP_ARGS)
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
@@ -48,5 +48,5 @@ index dcdeb10..da6f719 100644
install-rubywrap: rubywrap
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
--
-2.17.1
+2.25.1

--
2.25.1


[meta-selinux][PATCH 03/16] libselinux: upgrade 3.3 -> 3.4

Yi Zhao
 

Use libpcre2 instead of libpcre.

Signed-off-by: Yi Zhao <yi.zhao@...>
---
.../selinux/{libselinux_3.3.bb => libselinux_3.4.bb} | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
rename recipes-security/selinux/{libselinux_3.3.bb => libselinux_3.4.bb} (77%)

diff --git a/recipes-security/selinux/libselinux_3.3.bb b/recipes-security/selinux/libselinux_3.4.bb
similarity index 77%
rename from recipes-security/selinux/libselinux_3.3.bb
rename to recipes-security/selinux/libselinux_3.4.bb
index 1144840..8009d6d 100644
--- a/recipes-security/selinux/libselinux_3.3.bb
+++ b/recipes-security/selinux/libselinux_3.4.bb
@@ -8,9 +8,9 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"

require selinux_common.inc

-inherit lib_package python3native pkgconfig
+inherit lib_package pkgconfig

-DEPENDS += "libsepol libpcre"
+DEPENDS = "libsepol libpcre2"
DEPENDS:append:libc-musl = " fts"

S = "${WORKDIR}/git/libselinux"
@@ -22,8 +22,7 @@ def get_policyconfigarch(d):
target = p.sub('i386',target)
return "ARCH=%s" % (target)

-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE = "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE:append:libc-musl = " FTS_LDLIBS=-lfts"

BBCLASSEXTEND = "native"
--
2.25.1