From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 05/17] checkpolicy: new package
Date: Fri, 6 Sep 2013 19:56:09 +0200 [thread overview]
Message-ID: <20130906195609.237ba6d0@skate> (raw)
In-Reply-To: <1378336196-27403-6-git-send-email-clshotwe@rockwellcollins.com>
Dear Clayton Shotwell,
On Wed, 4 Sep 2013 18:09:44 -0500, Clayton Shotwell wrote:
> --- /dev/null
> +++ b/package/checkpolicy/Config.in
> @@ -0,0 +1,11 @@
> +config BR2_PACKAGE_CHECKPOLICY
> + bool "checkpolicy"
> + select BR2_PACKAGE_FLEX
> + help
> + checkpolicy is the policy compiler. It uses libsepol to
> + generate the binary policy. checkpolicy uses the static
> + libsepol since it deals with low level details of the policy
> + that have not been encapsulated/abstracted by a proper
> + shared library interface.
> +
> + http://selinuxproject.org/page/Main_Page
Is a target variant of this package really needed? In the context of
Buildroot and cross-compilation, I would expect the policy to be
written on the development machine, the compilation to happen on the
development machine, and only the resulting binary copied to the target.
We generally don't support "development" on the target, and we expect
the system generated by Buildroot to be ready to use. I am not familiar
with SELinux at all, but my understanding is that this Buildroot policy
should translate into just the SELinux binary policy to be installed on
the target, the compiler being kept on the host.
Other comments below.
> diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
> new file mode 100644
> index 0000000..e61e053
> --- /dev/null
> +++ b/package/checkpolicy/checkpolicy.mk
> @@ -0,0 +1,71 @@
> +#############################################################
> +#
> +# checkpolicy
> +#
> +#############################################################
80 dashes, empty line missing.
> +CHECKPOLICY_VERSION = 2.1.12
> +CHECKPOLICY_SOURCE = checkpolicy-$(CHECKPOLICY_VERSION).tar.gz
Not needed, that's the default.
> +CHECKPOLICY_SITE = http://userspace.selinuxproject.org/releases/20130423/
> +CHECKPOLICY_LICENSE = GPLv2
Really GPLv2, not GPLv2+ ?
> +CHECKPOLICY_LICENSE_FILES = COPYING
> +
> +##############################
> +# Target Section
> +##############################
We can remove this comment.
> +CHECKPOLICY_DEPENDENCIES = host-flex host-bison libselinux flex
So flex is needed both on the target, and at runtime?
> +
> +CHECKPOLICY_INSTALL_STAGING = YES
> +CHECKPOLICY_INSTALL_TARGET = YES
Last line not needed, that's the default.
> +
> +CHECKPOLICY_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
> + LEX="$(HOST_DIR)/usr/bin/flex" \
> + YACC="$(HOST_DIR)/usr/bin/bison -y"
> +
> +define CHECKPOLICY_BUILD_CMDS
> + $(MAKE) -C $(@D) $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define CHECKPOLICY_INSTALL_STAGING_CMDS
> + $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR)
> +endef
> +
> +define CHECKPOLICY_INSTALL_TARGET_CMDS
> + $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
> +endef
> +
> +define CHECKPOLICY_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +define CHECKPOLICY_UNINSTALL_STAGING_CMDS
> + rm -f $(STAGING_DIR)/usr/bin/checkpolicy
> + rm -f $(addprefix $(STAGING_DIR)/usr/man/man8/,$(notdir $(wildcard $(@D)/*.8)))
> +endef
> +
> +define CHECKPOLICY_UNINSTALL_TARGET_CMDS
> + rm -f $(TARGET_DIR)/usr/bin/checkpolicy
> +endef
You can get rid of uninstall commands.
> +##############################
> +# Host Section
> +##############################
Comment not needed.
> +HOST_CHECKPOLICY_DEPENDENCIES = host-libselinux host-flex host-bison
> +
> +HOST_CHECKPOLICY_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
> + LEX="$(HOST_DIR)/usr/bin/flex" \
> + YACC="$(HOST_DIR)/usr/bin/bison -y"
> +
> +define HOST_CHECKPOLICY_BUILD_CMDS
> + $(MAKE) -C $(@D) $(HOST_CHECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> +endef
> +
> +define HOST_CHECKPOLICY_INSTALL_CMDS
> + $(MAKE) -C $(@D) install $(CHOST_HECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR)
> +endef
> +
> +define HOST_CHECKPOLICY_CLEAN_CMDS
> + $(MAKE) -C $(@D) clean
> +endef
> +
> +$(eval $(generic-package))
> +$(eval $(host-generic-package))
Thanks,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
next prev parent reply other threads:[~2013-09-06 17:56 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-04 23:09 [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 01/17] libsepol: new package Clayton Shotwell
2013-09-05 7:44 ` Thomas Petazzoni
2013-09-05 12:58 ` clshotwe at rockwellcollins.com
2013-09-05 13:19 ` Thomas Petazzoni
2013-09-05 16:46 ` Arnout Vandecappelle
2013-09-06 6:28 ` Thomas Petazzoni
2013-09-09 17:36 ` Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 02/17] libselinux: " Clayton Shotwell
2013-09-05 7:51 ` Thomas Petazzoni
2013-09-05 13:18 ` clshotwe at rockwellcollins.com
2013-09-04 23:09 ` [Buildroot] [PATCH 03/17] ustr: " Clayton Shotwell
2013-09-05 7:57 ` Thomas Petazzoni
2013-09-04 23:09 ` [Buildroot] [PATCH 04/17] libsemanage: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 05/17] checkpolicy: " Clayton Shotwell
2013-09-06 17:56 ` Thomas Petazzoni [this message]
2013-09-09 17:33 ` Clayton Shotwell
2013-09-11 16:44 ` Arnout Vandecappelle
2013-09-12 7:17 ` Thomas Petazzoni
2013-09-04 23:09 ` [Buildroot] [PATCH 06/17] sepolgen: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 07/17] setools: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 08/17] libcgroup: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 09/17] policycoreutils: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 10/17] python-pyxml: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 11/17] refpolicy: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 12/17] python-pyparsing: Add host build option Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 13/17] audit: new package Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 14/17] shadow: " Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 15/17] pcre: Add host build support Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 16/17] bzip2: Add host build shared library installation Clayton Shotwell
2013-09-04 23:09 ` [Buildroot] [PATCH 17/17] sqlite: Add host build support Clayton Shotwell
2013-09-06 17:49 ` [Buildroot] [PATCH 00/17] SELinux Buildroot Additions Thomas Petazzoni
2013-09-06 18:07 ` Ryan Barnett
2013-09-07 10:44 ` Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130906195609.237ba6d0@skate \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox