From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Petazzoni Date: Fri, 6 Sep 2013 19:56:09 +0200 Subject: [Buildroot] [PATCH 05/17] checkpolicy: new package In-Reply-To: <1378336196-27403-6-git-send-email-clshotwe@rockwellcollins.com> References: <1378336196-27403-1-git-send-email-clshotwe@rockwellcollins.com> <1378336196-27403-6-git-send-email-clshotwe@rockwellcollins.com> Message-ID: <20130906195609.237ba6d0@skate> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: buildroot@busybox.net Dear Clayton Shotwell, On Wed, 4 Sep 2013 18:09:44 -0500, Clayton Shotwell wrote: > --- /dev/null > +++ b/package/checkpolicy/Config.in > @@ -0,0 +1,11 @@ > +config BR2_PACKAGE_CHECKPOLICY > + bool "checkpolicy" > + select BR2_PACKAGE_FLEX > + help > + checkpolicy is the policy compiler. It uses libsepol to > + generate the binary policy. checkpolicy uses the static > + libsepol since it deals with low level details of the policy > + that have not been encapsulated/abstracted by a proper > + shared library interface. > + > + http://selinuxproject.org/page/Main_Page Is a target variant of this package really needed? In the context of Buildroot and cross-compilation, I would expect the policy to be written on the development machine, the compilation to happen on the development machine, and only the resulting binary copied to the target. We generally don't support "development" on the target, and we expect the system generated by Buildroot to be ready to use. I am not familiar with SELinux at all, but my understanding is that this Buildroot policy should translate into just the SELinux binary policy to be installed on the target, the compiler being kept on the host. Other comments below. > diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk > new file mode 100644 > index 0000000..e61e053 > --- /dev/null > +++ b/package/checkpolicy/checkpolicy.mk > @@ -0,0 +1,71 @@ > +############################################################# > +# > +# checkpolicy > +# > +############################################################# 80 dashes, empty line missing. > +CHECKPOLICY_VERSION = 2.1.12 > +CHECKPOLICY_SOURCE = checkpolicy-$(CHECKPOLICY_VERSION).tar.gz Not needed, that's the default. > +CHECKPOLICY_SITE = http://userspace.selinuxproject.org/releases/20130423/ > +CHECKPOLICY_LICENSE = GPLv2 Really GPLv2, not GPLv2+ ? > +CHECKPOLICY_LICENSE_FILES = COPYING > + > +############################## > +# Target Section > +############################## We can remove this comment. > +CHECKPOLICY_DEPENDENCIES = host-flex host-bison libselinux flex So flex is needed both on the target, and at runtime? > + > +CHECKPOLICY_INSTALL_STAGING = YES > +CHECKPOLICY_INSTALL_TARGET = YES Last line not needed, that's the default. > + > +CHECKPOLICY_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \ > + LEX="$(HOST_DIR)/usr/bin/flex" \ > + YACC="$(HOST_DIR)/usr/bin/bison -y" > + > +define CHECKPOLICY_BUILD_CMDS > + $(MAKE) -C $(@D) $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR) > +endef > + > +define CHECKPOLICY_INSTALL_STAGING_CMDS > + $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(STAGING_DIR) > +endef > + > +define CHECKPOLICY_INSTALL_TARGET_CMDS > + $(MAKE) -C $(@D) install $(CHECKPOLICY_MAKE_CMDS) DESTDIR=$(TARGET_DIR) > +endef > + > +define CHECKPOLICY_CLEAN_CMDS > + $(MAKE) -C $(@D) clean > +endef > + > +define CHECKPOLICY_UNINSTALL_STAGING_CMDS > + rm -f $(STAGING_DIR)/usr/bin/checkpolicy > + rm -f $(addprefix $(STAGING_DIR)/usr/man/man8/,$(notdir $(wildcard $(@D)/*.8))) > +endef > + > +define CHECKPOLICY_UNINSTALL_TARGET_CMDS > + rm -f $(TARGET_DIR)/usr/bin/checkpolicy > +endef You can get rid of uninstall commands. > +############################## > +# Host Section > +############################## Comment not needed. > +HOST_CHECKPOLICY_DEPENDENCIES = host-libselinux host-flex host-bison > + > +HOST_CHECKPOLICY_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \ > + LEX="$(HOST_DIR)/usr/bin/flex" \ > + YACC="$(HOST_DIR)/usr/bin/bison -y" > + > +define HOST_CHECKPOLICY_BUILD_CMDS > + $(MAKE) -C $(@D) $(HOST_CHECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR) > +endef > + > +define HOST_CHECKPOLICY_INSTALL_CMDS > + $(MAKE) -C $(@D) install $(CHOST_HECKPOLICY_MAKE_CMDS) DESTDIR=$(HOST_DIR) > +endef > + > +define HOST_CHECKPOLICY_CLEAN_CMDS > + $(MAKE) -C $(@D) clean > +endef > + > +$(eval $(generic-package)) > +$(eval $(host-generic-package)) Thanks, Thomas -- Thomas Petazzoni, Free Electrons Kernel, drivers, real-time and embedded Linux development, consulting, training and support. http://free-electrons.com