[meta-selinux] How about remove libcap-ng from meta-selinux?

[meta-selinux] How about remove libcap-ng from meta-selinux?

[wenzong fan]

Hi All,

There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and 
the one in meta-selinux is 0.7.3.

How about removing the one in meta-selinux and get this layer depends on 
meta-oe? Any suggestions?

Thanks
Wenzong

Re: [meta-selinux] How about remove libcap-ng from meta-selinux?

[Joe MacDonald]

[-- Attachment #1: Type: text/plain, Size: 1018 bytes --]

[[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote:

> Hi All,
> 
> There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the
> one in meta-selinux is 0.7.3.
> 
> How about removing the one in meta-selinux and get this layer depends on
> meta-oe? Any suggestions?

The last time we had this discussion my sense was that most users of
meta-selinux wanted to continue with it only depending on oe-core.
That's my preference as well.

I'm happy to merge an updated version of libcap-ng (or maybe I'll get to
it myself, since I've known about it since Armin removed it from
meta-security, that was the time of the last discussion, I think).

All I'm saying right now is that this isn't a case of accidental
duplication of recipes in multiple layers, it's the result of a
conscious decision.  It's totally worthwhile re-visiting that decision,
though to make sure the reasons are still valid.

-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 484 bytes --]

Re: [meta-selinux] How about remove libcap-ng from meta-selinux?

[wenzong fan]

On 08/12/2015 09:05 PM, Joe MacDonald wrote:
> [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?] On 15.08.12 (Wed 17:08) wenzong fan wrote:
>
>> Hi All,
>>
>> There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7 and the
>> one in meta-selinux is 0.7.3.
>>
>> How about removing the one in meta-selinux and get this layer depends on
>> meta-oe? Any suggestions?
>
> The last time we had this discussion my sense was that most users of
> meta-selinux wanted to continue with it only depending on oe-core.
> That's my preference as well.
>
> I'm happy to merge an updated version of libcap-ng (or maybe I'll get to
> it myself, since I've known about it since Armin removed it from
> meta-security, that was the time of the last discussion, I think).
>
> All I'm saying right now is that this isn't a case of accidental
> duplication of recipes in multiple layers, it's the result of a
> conscious decision.  It's totally worthwhile re-visiting that decision,
> though to make sure the reasons are still valid.
>

Thanks for clarifying this, just send out an update patch for libcap-ng.

Wenzong

Re: [meta-selinux] How about remove libcap-ng from meta-selinux?

[Randy MacLeod]

On 2015-08-14 02:41 AM, wenzong fan wrote:
> On 08/12/2015 09:05 PM, Joe MacDonald wrote:
>> [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?]
>> On 15.08.12 (Wed 17:08) wenzong fan wrote:
>>
>>> Hi All,
>>>
>>> There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7
>>> and the
>>> one in meta-selinux is 0.7.3.
>>>
>>> How about removing the one in meta-selinux and get this layer depends on
>>> meta-oe? Any suggestions?
>>
>> The last time we had this discussion my sense was that most users of
>> meta-selinux wanted to continue with it only depending on oe-core.
>> That's my preference as well.
>>
>> I'm happy to merge an updated version of libcap-ng (or maybe I'll get to
>> it myself, since I've known about it since Armin removed it from
>> meta-security, that was the time of the last discussion, I think).
>>
>> All I'm saying right now is that this isn't a case of accidental
>> duplication of recipes in multiple layers, it's the result of a
>> conscious decision.  It's totally worthwhile re-visiting that decision,
>> though to make sure the reasons are still valid.
>>
>
> Thanks for clarifying this, just send out an update patch for libcap-ng.

I still think it belongs in oe-core.

Wenzong,

Can you try to build up a case for that?
If I look at the dependencies on Ubuntu-15.04:

Reverse Depends:
   qemu-system-common,libcap-ng0
   libvirt0,libcap-ng0
   libvirt-bin,libcap-ng0
   libcap-ng0:i386,libcap-ng0 0.7.4-2
   libcap-ng0:i386,libcap-ng0 0.7.4-2
   suricata,libcap-ng0
   libcap-ng-utils,libcap-ng0 0.7.4-2
   ladvd,libcap-ng0
   heimdal-kdc,libcap-ng0
   audispd-plugins,libcap-ng0
   smartmontools,libcap-ng0
   qemu-system-common,libcap-ng0
   libvirt0,libcap-ng0
   libvirt-bin,libcap-ng0
   libcap-ng-dev,libcap-ng0 0.7.4-2
   irqbalance,libcap-ng0
   gnome-keyring,libcap-ng0
   dbus-1-dbg,libcap-ng0
   dbus,libcap-ng0

note that pkgs in:
   meta-virtualization: irqbalance, libvirt, more?
   meta-selinux: audit
   meta-security-framework: audit
could drop the local versions of libcap-ng and use the
oe-core libcap-ng.


Please check on the actual source/configure options so that
we(I!!) get a better understanding of where libcap vs libcap-ng
is used.

In fact, since meta-security-framework isn't using selinux, I'd
say that both audit and libcap-ng should both move to oe-core.


Thanks,
../Randy


>
> Wenzong


-- 
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON, 
Canada, K2K 2W5

Re: [meta-selinux] How about remove libcap-ng from meta-selinux?

[wenzong fan]

On 08/18/2015 10:28 AM, Randy MacLeod wrote:
> On 2015-08-14 02:41 AM, wenzong fan wrote:
>> On 08/12/2015 09:05 PM, Joe MacDonald wrote:
>>> [[yocto] [meta-selinux] How about remove libcap-ng from meta-selinux?]
>>> On 15.08.12 (Wed 17:08) wenzong fan wrote:
>>>
>>>> Hi All,
>>>>
>>>> There's a libcap-ng in meta-oe layer, it has been updated to 0.7.7
>>>> and the
>>>> one in meta-selinux is 0.7.3.
>>>>
>>>> How about removing the one in meta-selinux and get this layer
>>>> depends on
>>>> meta-oe? Any suggestions?
>>>
>>> The last time we had this discussion my sense was that most users of
>>> meta-selinux wanted to continue with it only depending on oe-core.
>>> That's my preference as well.
>>>
>>> I'm happy to merge an updated version of libcap-ng (or maybe I'll get to
>>> it myself, since I've known about it since Armin removed it from
>>> meta-security, that was the time of the last discussion, I think).
>>>
>>> All I'm saying right now is that this isn't a case of accidental
>>> duplication of recipes in multiple layers, it's the result of a
>>> conscious decision.  It's totally worthwhile re-visiting that decision,
>>> though to make sure the reasons are still valid.
>>>
>>
>> Thanks for clarifying this, just send out an update patch for libcap-ng.
>
> I still think it belongs in oe-core.
>
> Wenzong,
>
> Can you try to build up a case for that?
> If I look at the dependencies on Ubuntu-15.04:
>
> Reverse Depends:
>    qemu-system-common,libcap-ng0
>    libvirt0,libcap-ng0
>    libvirt-bin,libcap-ng0
>    libcap-ng0:i386,libcap-ng0 0.7.4-2
>    libcap-ng0:i386,libcap-ng0 0.7.4-2
>    suricata,libcap-ng0
>    libcap-ng-utils,libcap-ng0 0.7.4-2
>    ladvd,libcap-ng0
>    heimdal-kdc,libcap-ng0
>    audispd-plugins,libcap-ng0
>    smartmontools,libcap-ng0
>    qemu-system-common,libcap-ng0
>    libvirt0,libcap-ng0
>    libvirt-bin,libcap-ng0
>    libcap-ng-dev,libcap-ng0 0.7.4-2
>    irqbalance,libcap-ng0
>    gnome-keyring,libcap-ng0
>    dbus-1-dbg,libcap-ng0
>    dbus,libcap-ng0
>
> note that pkgs in:
>    meta-virtualization: irqbalance, libvirt, more?
>    meta-selinux: audit
>    meta-security-framework: audit
> could drop the local versions of libcap-ng and use the
> oe-core libcap-ng.
>
>
> Please check on the actual source/configure options so that
> we(I!!) get a better understanding of where libcap vs libcap-ng
> is used.
>
> In fact, since meta-security-framework isn't using selinux, I'd
> say that both audit and libcap-ng should both move to oe-core.
>

And the swig that libcap-ng depends on (swig-native) if we to do so.

Thanks
Wenzong

>
> Thanks,
> ../Randy
>
>
>>
>> Wenzong
>
>