From: Philip Tricca <flihp@twobit.us>
To: wenzong fan <wenzong.fan@windriver.com>
Cc: yocto@yoctoproject.org
Subject: Re: [meta-selinux][PATCH] Use the SELinux project release tarballs.
Date: Fri, 21 Aug 2015 09:01:58 -0700 [thread overview]
Message-ID: <55D74B76.5070405@twobit.us> (raw)
In-Reply-To: <55D6EACC.1000703@windriver.com>
Greetings Wenzong,
On 08/21/2015 02:09 AM, wenzong fan wrote:
> On 08/21/2015 10:48 AM, Philip Tricca wrote:
>> Any opinions / thoughts on this one? I've got an upgrade for the
>> toolstack (2.3 -> 2.4) ready to go but I've based it on the release URIs
>> from the wiki so it depends on this patch.
>
> Good to know you have made the selinux toolstack upgrade (2.3 -> 2.4).
>
> Did you fix the refpolicy-* build issues with 2.4 tools?
I think so :)
> The policy store is moved to /var/lib/selinux, the install logic from
> refpolicy_common.inc may fail to build policy DB and generate contexts
> files.
Indeed it failed spectacularly. Additionally the format of the policy
store has changed a bit with the addition of the CIL. I've got all of
this up on github in a branch if you'd like to give it a review. It
currently works but I'm sure it can be improved:
https://github.com/flihp/meta-selinux/tree/upgrade
Best,
Philip
>> On 08/15/2015 06:35 AM, Philip Tricca wrote:
>>> The SRC_URI used for the last SELinux userspace upgrade was the
>>> wrong one. We were using the URI generated by GitHub when tags are
>>> added to a repo. These are not the SELinux release tarballs.
>>>
>>> The SELinux project generates and releases tarballs for each tool
>>> and posts them to their GitHub wiki 'Releases' page:
>>> https://github.com/SELinuxProject/selinux/wiki/Releases. This patch
>>> fixes this URI, fixes the SELINUX_RELEASE variable that didn't get
>>> updated during the last upgrade, removes the workaround for the 'S'
>>> variable and fixes up the SRC_URI hashes.
>>>
>>> Signed-off-by: Philip Tricca <flihp@twobit.us>
>>> ---
>>> recipes-security/selinux/checkpolicy_2.3.bb | 4 ++--
>>> recipes-security/selinux/libselinux_2.3.bb | 4 ++--
>>> recipes-security/selinux/libsemanage_2.3.bb | 4 ++--
>>> recipes-security/selinux/libsepol_2.3.bb | 4 ++--
>>> recipes-security/selinux/policycoreutils_2.3.bb | 4 ++--
>>> recipes-security/selinux/selinux_20140506.inc | 4 ++--
>>> recipes-security/selinux/selinux_common.inc | 4 ----
>>> recipes-security/selinux/sepolgen_1.2.1.bb | 4 ++--
>>> 8 files changed, 14 insertions(+), 18 deletions(-)
>>>
>>> diff --git a/recipes-security/selinux/checkpolicy_2.3.bb
>>> b/recipes-security/selinux/checkpolicy_2.3.bb
>>> index 9f68487..0efc94e 100644
>>> --- a/recipes-security/selinux/checkpolicy_2.3.bb
>>> +++ b/recipes-security/selinux/checkpolicy_2.3.bb
>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>
>>> LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>
>>> -SRC_URI[md5sum] = "920f1a048b6023a22e1bae7b40fd413c"
>>> -SRC_URI[sha256sum] =
>>> "8072c12121613ba943417bbb6d33224d12373ea19d75c5acd1846a35e0e05b74"
>>> +SRC_URI[md5sum] = "90caed59291291b184890f563bf6c095"
>>> +SRC_URI[sha256sum] =
>>> "90632d11afecb66997971d4c5c5d70dfb02d3969ec610ee2918ba6df99c8207b"
>>> diff --git a/recipes-security/selinux/libselinux_2.3.bb
>>> b/recipes-security/selinux/libselinux_2.3.bb
>>> index 81e599d..ff74b61 100644
>>> --- a/recipes-security/selinux/libselinux_2.3.bb
>>> +++ b/recipes-security/selinux/libselinux_2.3.bb
>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>
>>> LIC_FILES_CHKSUM =
>>> "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
>>>
>>> -SRC_URI[md5sum] = "d27e249ad8450e7182203134cf4d85e2"
>>> -SRC_URI[sha256sum] =
>>> "03fe2baa7ceeea531a64fd321b44ecf09a55f3af5ef66a58a4135944f34e9851"
>>> +SRC_URI[md5sum] = "b11d4d95ef4bde732dbc8462df57a1e5"
>>> +SRC_URI[sha256sum] =
>>> "0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2"
>>>
>>> SRC_URI += "\
>>> file://libselinux-drop-Wno-unused-but-set-variable.patch \
>>> diff --git a/recipes-security/selinux/libsemanage_2.3.bb
>>> b/recipes-security/selinux/libsemanage_2.3.bb
>>> index 5eada94..a238e08 100644
>>> --- a/recipes-security/selinux/libsemanage_2.3.bb
>>> +++ b/recipes-security/selinux/libsemanage_2.3.bb
>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>
>>> LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
>>>
>>> -SRC_URI[md5sum] = "cc313b400637d94e3a549bf77555d8c3"
>>> -SRC_URI[sha256sum] =
>>> "4c984379a98ee9f05b80ff6e57dd2de886273d7136146456cabdce21ac32ed7f"
>>> +SRC_URI[md5sum] = "e564e2b92d18db35707060da29cddab9"
>>> +SRC_URI[sha256sum] =
>>> "03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b"
>>>
>>> SRC_URI += "\
>>> file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
>>> diff --git a/recipes-security/selinux/libsepol_2.3.bb
>>> b/recipes-security/selinux/libsepol_2.3.bb
>>> index 0c07d41..478a6ee 100644
>>> --- a/recipes-security/selinux/libsepol_2.3.bb
>>> +++ b/recipes-security/selinux/libsepol_2.3.bb
>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>
>>> LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
>>>
>>> -SRC_URI[md5sum] = "c6b3dc07bf19ab4f364f21bbecb44beb"
>>> -SRC_URI[sha256sum] =
>>> "5a4481bfd0fad6fdad1511c786d69de1fc3eddc28154eae1691e1bf4e9e505c3"
>>> +SRC_URI[md5sum] = "e47e8527b5d4ea971726c455f847efdd"
>>> +SRC_URI[sha256sum] =
>>> "cc8d8642c3b7b95d6928d65dcbca2ab0627abc1c05166637851e63c1a6eae68f"
>>> diff --git a/recipes-security/selinux/policycoreutils_2.3.bb
>>> b/recipes-security/selinux/policycoreutils_2.3.bb
>>> index c837266..b77094e 100644
>>> --- a/recipes-security/selinux/policycoreutils_2.3.bb
>>> +++ b/recipes-security/selinux/policycoreutils_2.3.bb
>>> @@ -3,8 +3,8 @@ include ${BPN}.inc
>>>
>>> LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>
>>> -SRC_URI[md5sum] = "4f5c508e3c3867c8beb343e993d353dd"
>>> -SRC_URI[sha256sum] =
>>> "11e8815ac13debb87897d2781381b89ec5c6c746a3d44223a493bc7ace6cc71f"
>>> +SRC_URI[md5sum] = "9a5db20adfe2250f53833b277ac796ae"
>>> +SRC_URI[sha256sum] =
>>> "864cfaee58b5d2f15b140c354e59666e57143293c89f2b2e85bc0d0e4beefcd2"
>>>
>>> SRC_URI += "\
>>> file://policycoreutils-fix-sepolicy-install-path.patch \
>>> diff --git a/recipes-security/selinux/selinux_20140506.inc
>>> b/recipes-security/selinux/selinux_20140506.inc
>>> index 01cc52f..beaaff0 100644
>>> --- a/recipes-security/selinux/selinux_20140506.inc
>>> +++ b/recipes-security/selinux/selinux_20140506.inc
>>> @@ -1,5 +1,5 @@
>>> -SELINUX_RELEASE = "20131030"
>>> +SELINUX_RELEASE = "20140506"
>>>
>>> -SRC_URI =
>>> "https://github.com/SELinuxProject/selinux/archive/${BPN}-${PV}.tar.gz"
>>> +SRC_URI =
>>> "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
>>>
>>>
>>> include selinux_common.inc
>>> diff --git a/recipes-security/selinux/selinux_common.inc
>>> b/recipes-security/selinux/selinux_common.inc
>>> index e53792d..7efa694 100644
>>> --- a/recipes-security/selinux/selinux_common.inc
>>> +++ b/recipes-security/selinux/selinux_common.inc
>>> @@ -5,10 +5,6 @@ HOMEPAGE = "https://github.com/SELinuxProject"
>>> # we redefine EXTRA_OEMAKE here
>>> EXTRA_OEMAKE = "-e"
>>>
>>> -# Releases are now from the base of the full tree, necessitating our
>>> skipping
>>> -# through an extra level of directories.
>>> -S = "${WORKDIR}/selinux-${BPN}-${PV}/${BPN}"
>>> -
>>> do_compile() {
>>> oe_runmake all \
>>> INCLUDEDIR='${STAGING_INCDIR}' \
>>> diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb
>>> b/recipes-security/selinux/sepolgen_1.2.1.bb
>>> index b47ff26..c636ac3 100644
>>> --- a/recipes-security/selinux/sepolgen_1.2.1.bb
>>> +++ b/recipes-security/selinux/sepolgen_1.2.1.bb
>>> @@ -3,5 +3,5 @@ include ${BPN}.inc
>>>
>>> LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
>>>
>>> -SRC_URI[md5sum] = "308011ba495b6770239bb3d371d277d3"
>>> -SRC_URI[sha256sum] =
>>> "7a5710f7c8be16dfbaf8da98c3c0e46bc6159f2df5340e9efb975b084f61413c"
>>> +SRC_URI[md5sum] = "ce662a83188bc3a9b40c15792fcaf2c8"
>>> +SRC_URI[sha256sum] =
>>> "438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0"
>>>
>>
next prev parent reply other threads:[~2015-08-21 16:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-15 13:35 [meta-selinux][PATCH] Use the SELinux project release tarballs Philip Tricca
2015-08-21 2:48 ` Philip Tricca
2015-08-21 9:09 ` wenzong fan
2015-08-21 16:01 ` Philip Tricca [this message]
2015-08-24 9:43 ` wenzong fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55D74B76.5070405@twobit.us \
--to=flihp@twobit.us \
--cc=wenzong.fan@windriver.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.