From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by yocto-www.yoctoproject.org (Postfix, from userid 118) id E0B74E00ACC; Mon, 24 Aug 2015 02:44:03 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on yocto-www.yoctoproject.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-HAM-Report: * -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, * medium trust * [147.11.1.11 listed in list.dnswl.org] * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] Received: from mail.windriver.com (mail.windriver.com [147.11.1.11]) by yocto-www.yoctoproject.org (Postfix) with ESMTP id A40ABE00ABE for ; Mon, 24 Aug 2015 02:43:54 -0700 (PDT) Received: from ALA-HCB.corp.ad.wrs.com (ala-hcb.corp.ad.wrs.com [147.11.189.41]) by mail.windriver.com (8.15.2/8.15.1) with ESMTPS id t7O9he2D023878 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 24 Aug 2015 02:43:41 -0700 (PDT) Received: from [128.224.162.176] (128.224.162.176) by ALA-HCB.corp.ad.wrs.com (147.11.189.41) with Microsoft SMTP Server id 14.3.235.1; Mon, 24 Aug 2015 02:43:40 -0700 Message-ID: <55DAE749.8030103@windriver.com> Date: Mon, 24 Aug 2015 17:43:37 +0800 From: wenzong fan User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Philip Tricca References: <1439645701-15785-1-git-send-email-flihp@twobit.us> <55D69175.7080708@twobit.us> <55D6EACC.1000703@windriver.com> <55D74B76.5070405@twobit.us> In-Reply-To: <55D74B76.5070405@twobit.us> Cc: yocto@yoctoproject.org, "Radzykewycz, T \(Radzy\)" Subject: Re: [meta-selinux][PATCH] Use the SELinux project release tarballs. X-BeenThere: yocto@yoctoproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Discussion of all things Yocto Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 09:44:04 -0000 Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit On 08/22/2015 12:01 AM, Philip Tricca wrote: > Greetings Wenzong, > > On 08/21/2015 02:09 AM, wenzong fan wrote: >> On 08/21/2015 10:48 AM, Philip Tricca wrote: >>> Any opinions / thoughts on this one? I've got an upgrade for the >>> toolstack (2.3 -> 2.4) ready to go but I've based it on the release URIs >>> from the wiki so it depends on this patch. >> >> Good to know you have made the selinux toolstack upgrade (2.3 -> 2.4). >> >> Did you fix the refpolicy-* build issues with 2.4 tools? > > I think so :) > >> The policy store is moved to /var/lib/selinux, the install logic from >> refpolicy_common.inc may fail to build policy DB and generate contexts >> files. > > Indeed it failed spectacularly. Additionally the format of the policy > store has changed a bit with the addition of the CIL. I've got all of > this up on github in a branch if you'd like to give it a review. It > currently works but I'm sure it can be improved: > > https://github.com/flihp/meta-selinux/tree/upgrade Yes, both build & runtime work well. It also solves my concern about how to build refpolicies with new tools:) Thanks Wenzong > > Best, > Philip > >>> On 08/15/2015 06:35 AM, Philip Tricca wrote: >>>> The SRC_URI used for the last SELinux userspace upgrade was the >>>> wrong one. We were using the URI generated by GitHub when tags are >>>> added to a repo. These are not the SELinux release tarballs. >>>> >>>> The SELinux project generates and releases tarballs for each tool >>>> and posts them to their GitHub wiki 'Releases' page: >>>> https://github.com/SELinuxProject/selinux/wiki/Releases. This patch >>>> fixes this URI, fixes the SELINUX_RELEASE variable that didn't get >>>> updated during the last upgrade, removes the workaround for the 'S' >>>> variable and fixes up the SRC_URI hashes. >>>> >>>> Signed-off-by: Philip Tricca >>>> --- >>>> recipes-security/selinux/checkpolicy_2.3.bb | 4 ++-- >>>> recipes-security/selinux/libselinux_2.3.bb | 4 ++-- >>>> recipes-security/selinux/libsemanage_2.3.bb | 4 ++-- >>>> recipes-security/selinux/libsepol_2.3.bb | 4 ++-- >>>> recipes-security/selinux/policycoreutils_2.3.bb | 4 ++-- >>>> recipes-security/selinux/selinux_20140506.inc | 4 ++-- >>>> recipes-security/selinux/selinux_common.inc | 4 ---- >>>> recipes-security/selinux/sepolgen_1.2.1.bb | 4 ++-- >>>> 8 files changed, 14 insertions(+), 18 deletions(-) >>>> >>>> diff --git a/recipes-security/selinux/checkpolicy_2.3.bb >>>> b/recipes-security/selinux/checkpolicy_2.3.bb >>>> index 9f68487..0efc94e 100644 >>>> --- a/recipes-security/selinux/checkpolicy_2.3.bb >>>> +++ b/recipes-security/selinux/checkpolicy_2.3.bb >>>> @@ -3,5 +3,5 @@ include ${BPN}.inc >>>> >>>> LIC_FILES_CHKSUM = >>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" >>>> >>>> -SRC_URI[md5sum] = "920f1a048b6023a22e1bae7b40fd413c" >>>> -SRC_URI[sha256sum] = >>>> "8072c12121613ba943417bbb6d33224d12373ea19d75c5acd1846a35e0e05b74" >>>> +SRC_URI[md5sum] = "90caed59291291b184890f563bf6c095" >>>> +SRC_URI[sha256sum] = >>>> "90632d11afecb66997971d4c5c5d70dfb02d3969ec610ee2918ba6df99c8207b" >>>> diff --git a/recipes-security/selinux/libselinux_2.3.bb >>>> b/recipes-security/selinux/libselinux_2.3.bb >>>> index 81e599d..ff74b61 100644 >>>> --- a/recipes-security/selinux/libselinux_2.3.bb >>>> +++ b/recipes-security/selinux/libselinux_2.3.bb >>>> @@ -3,8 +3,8 @@ include ${BPN}.inc >>>> >>>> LIC_FILES_CHKSUM = >>>> "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0" >>>> >>>> -SRC_URI[md5sum] = "d27e249ad8450e7182203134cf4d85e2" >>>> -SRC_URI[sha256sum] = >>>> "03fe2baa7ceeea531a64fd321b44ecf09a55f3af5ef66a58a4135944f34e9851" >>>> +SRC_URI[md5sum] = "b11d4d95ef4bde732dbc8462df57a1e5" >>>> +SRC_URI[sha256sum] = >>>> "0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2" >>>> >>>> SRC_URI += "\ >>>> file://libselinux-drop-Wno-unused-but-set-variable.patch \ >>>> diff --git a/recipes-security/selinux/libsemanage_2.3.bb >>>> b/recipes-security/selinux/libsemanage_2.3.bb >>>> index 5eada94..a238e08 100644 >>>> --- a/recipes-security/selinux/libsemanage_2.3.bb >>>> +++ b/recipes-security/selinux/libsemanage_2.3.bb >>>> @@ -3,8 +3,8 @@ include ${BPN}.inc >>>> >>>> LIC_FILES_CHKSUM = >>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" >>>> >>>> -SRC_URI[md5sum] = "cc313b400637d94e3a549bf77555d8c3" >>>> -SRC_URI[sha256sum] = >>>> "4c984379a98ee9f05b80ff6e57dd2de886273d7136146456cabdce21ac32ed7f" >>>> +SRC_URI[md5sum] = "e564e2b92d18db35707060da29cddab9" >>>> +SRC_URI[sha256sum] = >>>> "03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b" >>>> >>>> SRC_URI += "\ >>>> file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ >>>> diff --git a/recipes-security/selinux/libsepol_2.3.bb >>>> b/recipes-security/selinux/libsepol_2.3.bb >>>> index 0c07d41..478a6ee 100644 >>>> --- a/recipes-security/selinux/libsepol_2.3.bb >>>> +++ b/recipes-security/selinux/libsepol_2.3.bb >>>> @@ -3,5 +3,5 @@ include ${BPN}.inc >>>> >>>> LIC_FILES_CHKSUM = >>>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" >>>> >>>> -SRC_URI[md5sum] = "c6b3dc07bf19ab4f364f21bbecb44beb" >>>> -SRC_URI[sha256sum] = >>>> "5a4481bfd0fad6fdad1511c786d69de1fc3eddc28154eae1691e1bf4e9e505c3" >>>> +SRC_URI[md5sum] = "e47e8527b5d4ea971726c455f847efdd" >>>> +SRC_URI[sha256sum] = >>>> "cc8d8642c3b7b95d6928d65dcbca2ab0627abc1c05166637851e63c1a6eae68f" >>>> diff --git a/recipes-security/selinux/policycoreutils_2.3.bb >>>> b/recipes-security/selinux/policycoreutils_2.3.bb >>>> index c837266..b77094e 100644 >>>> --- a/recipes-security/selinux/policycoreutils_2.3.bb >>>> +++ b/recipes-security/selinux/policycoreutils_2.3.bb >>>> @@ -3,8 +3,8 @@ include ${BPN}.inc >>>> >>>> LIC_FILES_CHKSUM = >>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" >>>> >>>> -SRC_URI[md5sum] = "4f5c508e3c3867c8beb343e993d353dd" >>>> -SRC_URI[sha256sum] = >>>> "11e8815ac13debb87897d2781381b89ec5c6c746a3d44223a493bc7ace6cc71f" >>>> +SRC_URI[md5sum] = "9a5db20adfe2250f53833b277ac796ae" >>>> +SRC_URI[sha256sum] = >>>> "864cfaee58b5d2f15b140c354e59666e57143293c89f2b2e85bc0d0e4beefcd2" >>>> >>>> SRC_URI += "\ >>>> file://policycoreutils-fix-sepolicy-install-path.patch \ >>>> diff --git a/recipes-security/selinux/selinux_20140506.inc >>>> b/recipes-security/selinux/selinux_20140506.inc >>>> index 01cc52f..beaaff0 100644 >>>> --- a/recipes-security/selinux/selinux_20140506.inc >>>> +++ b/recipes-security/selinux/selinux_20140506.inc >>>> @@ -1,5 +1,5 @@ >>>> -SELINUX_RELEASE = "20131030" >>>> +SELINUX_RELEASE = "20140506" >>>> >>>> -SRC_URI = >>>> "https://github.com/SELinuxProject/selinux/archive/${BPN}-${PV}.tar.gz" >>>> +SRC_URI = >>>> "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz" >>>> >>>> >>>> include selinux_common.inc >>>> diff --git a/recipes-security/selinux/selinux_common.inc >>>> b/recipes-security/selinux/selinux_common.inc >>>> index e53792d..7efa694 100644 >>>> --- a/recipes-security/selinux/selinux_common.inc >>>> +++ b/recipes-security/selinux/selinux_common.inc >>>> @@ -5,10 +5,6 @@ HOMEPAGE = "https://github.com/SELinuxProject" >>>> # we redefine EXTRA_OEMAKE here >>>> EXTRA_OEMAKE = "-e" >>>> >>>> -# Releases are now from the base of the full tree, necessitating our >>>> skipping >>>> -# through an extra level of directories. >>>> -S = "${WORKDIR}/selinux-${BPN}-${PV}/${BPN}" >>>> - >>>> do_compile() { >>>> oe_runmake all \ >>>> INCLUDEDIR='${STAGING_INCDIR}' \ >>>> diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb >>>> b/recipes-security/selinux/sepolgen_1.2.1.bb >>>> index b47ff26..c636ac3 100644 >>>> --- a/recipes-security/selinux/sepolgen_1.2.1.bb >>>> +++ b/recipes-security/selinux/sepolgen_1.2.1.bb >>>> @@ -3,5 +3,5 @@ include ${BPN}.inc >>>> >>>> LIC_FILES_CHKSUM = >>>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" >>>> >>>> -SRC_URI[md5sum] = "308011ba495b6770239bb3d371d277d3" >>>> -SRC_URI[sha256sum] = >>>> "7a5710f7c8be16dfbaf8da98c3c0e46bc6159f2df5340e9efb975b084f61413c" >>>> +SRC_URI[md5sum] = "ce662a83188bc3a9b40c15792fcaf2c8" >>>> +SRC_URI[sha256sum] = >>>> "438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0" >>>> >>> > >