[Buildroot] [PATCH v4 06/27] policycoreutils: new package

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v4 06/27] policycoreutils: new package
Date: Fri, 9 Jan 2015 17:34:02 +0100	[thread overview]
Message-ID: <20150109173402.7e1d6818@free-electrons.com> (raw)
In-Reply-To: <1420816288-8750-7-git-send-email-matthew.weber@rockwellcollins.com>

Dear Matt Weber,

On Fri,  9 Jan 2015 09:11:07 -0600, Matt Weber wrote:

>  menu "Security"
> +menu "policycoreutils"
> +	source "package/policycoreutils/Config.in"
> +endmenu

Why a menu...endmenu here? If you really want a menu, it should be
defined inside this package Config.in file, not in package/Config.in.

> diff --git a/package/policycoreutils/0001-cross-compile-fixes.patch b/package/policycoreutils/0001-cross-compile-fixes.patch
> new file mode 100644
> index 0000000..8f47907
> --- /dev/null
> +++ b/package/policycoreutils/0001-cross-compile-fixes.patch
> @@ -0,0 +1,332 @@
> +Patch to enable cross compile build and install.
> +
> +Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>

Please split that up in several patches, for the different issues. And
submit upstream.

> +-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
> ++INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
> + 
> +-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
> ++ifeq (${INOTIFYH}, $(DESTDIR)/usr/include/sys/inotify.h)

This is really horrible :-/. If you do a build with
DESTDIR=$(TARGET_DIR), things won't work because there are no headers
in $(TARGET_DIR). It's not going to cause a practical problem, but it's
not nice.

> + CFLAGS ?= -g -Werror -Wall -W
> +-override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include
> ++override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I$(PREFIX)/include/glib-2.0 \
> ++		-I$(PREFIX)/lib64/glib-2.0/include -I$(PREFIX)/lib/glib-2.0/include

Can we do something sane, like:

	$(shell pkg-config --cflags glib-2.0)

> + LDLIBS += -lselinux $(DBUSLIB) -lglib-2.0 -L$(LIBDIR)
> + 
> + all: restorecond
> + 
> ++%.o: %.c
> ++	$(CC) $(CFLAGS) -c -o $@ $<

Huh? This is normally part of make implicit rules. I don't see why you
would need this.

> ++PYTHON_ARGS = LDSHARED="$(CC) -shared" \
> ++		CROSS_COMPILING=yes              \
> ++		_python_sysroot=$(DESTDIR)       \
> ++		_python_srcdir=$(PYTHON_SRC)     \
> ++		_python_prefix=/usr              \
> ++		_python_exec_prefix=/usr
> ++
> + all: python-build
> + 
> + python-build: info.c search.c common.h policy.h policy.c
> +-	$(PYTHON) setup.py build
> ++	$(PYTHON_ARGS) $(PYTHON) setup.py build

This is not really great, as this cannot be upstreamed: some of those
Python variables only exist because the patches Buildroot has on
Python. Maybe the Buildroot .mk file should pass them, instead?

> +-PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
> +-ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
> ++PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk '{ print $$3 }')
> ++ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk '{ print $$3 }')

Removing -S. Why?

> diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in
> new file mode 100644
> index 0000000..67bfacf
> --- /dev/null
> +++ b/package/policycoreutils/Config.in
> @@ -0,0 +1,71 @@
> +config BR2_PACKAGE_POLICYCOREUTILS
> +	bool "policycoreutils"
> +	select BR2_PACKAGE_LIBSEMANAGE
> +	select BR2_PACKAGE_SEPOLGEN # host python bindings

Not clear what you mean by "host python bindings" here. Host package
dependencies are not reflected in Config.in files.


> +if BR2_PACKAGE_POLICYCOREUTILS
> +
> +config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
> +	bool "restorecond Utility"
> +	select BR2_PACKAGE_DBUS_GLIB
> +	depends on BR2_USE_WCHAR # dbus-glib
> +	depends on BR2_USE_MMU # dbus-glib
> +	help
> +	  Enable restorecond to be built
> +
> +comment "restorecond needs a toolchain w/ wchar, mmu"
> +	depends on !BR2_USE_WCHAR || !BR2_USE_MMU
> +
> +config BR2_PACKAGE_POLICYCOREUTILS_MCSTRANS
> +	bool "mcstrans Utility"
> +	select BR2_PACKAGE_PCRE
> +	select BR2_PACKAGE_LIBCAP
> +	help
> +	  Enable mcstrans to be built
> +
> +config BR2_PACKAGE_POLICYCOREUTILS_SANDBOX
> +	bool "sandbox Utility"
> +	select BR2_PACKAGE_POLICYCOREUTILS_POLICY_DEBUGGING

Where is this option defined?

> +	select BR2_PACKAGE_LIBCGROUP
> +	depends on BR2_INSTALL_LIBSTDCPP # libcgroup
> +	help
> +	  Enable sandbox to be built
> +
> +comment "policycoreutils sandbox needs an toolchain w/ C++"
> +	depends on !BR2_INSTALL_LIBSTDCPP
> +
> +endif
> diff --git a/package/policycoreutils/S15restorecond b/package/policycoreutils/S15restorecond
> new file mode 100644
> index 0000000..e408281
> --- /dev/null
> +++ b/package/policycoreutils/S15restorecond
> @@ -0,0 +1,85 @@
> +#!/bin/sh
> +#
> +# restorecond:		Daemon used to maintain path file context
> +#
> +# description:	restorecond uses inotify to look for creation of new files \
> +# listed in the /etc/selinux/restorecond.conf file, and restores the \
> +# correct security context.
> +#
> +# processname: /usr/sbin/restorecond
> +# config: /etc/selinux/restorecond.conf 
> +# pidfile: /var/run/restorecond.pid
> +#
> +# Return values according to LSB for all commands but status:
> +# 0 - success
> +# 1 - generic or unspecified error
> +# 2 - invalid or excess argument(s)
> +# 3 - unimplemented feature (e.g. "reload")
> +# 4 - insufficient privilege
> +# 5 - program is not installed
> +# 6 - program is not configured
> +# 7 - program is not running
> +
> +PATH=/sbin:/bin:/usr/bin:/usr/sbin
> +
> +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
> +
> +# Check that we are root ... so non-root users stop here
> +test $EUID = 0  || exit 4
> +
> +test -x /usr/sbin/restorecond  || exit 5
> +test -f /etc/selinux/restorecond.conf  || exit 6
> +
> +RETVAL=0
> +
> +start() 
> +{
> +	echo -n $"Starting restorecond: "
> +	unset HOME MAIL USER USERNAME
> +	/usr/sbin/restorecond 
> +	RETVAL=$?
> +	touch /var/lock/subsys/restorecond
> +	echo
> +	return $RETVAL
> +}
> +
> +stop() 
> +{
> +	echo -n $"Shutting down restorecond: "
> +	killproc restorecond
> +	RETVAL=$?
> +	rm -f  /var/lock/subsys/restorecond
> +	echo
> +	return $RETVAL
> +}
> +
> +restart() 
> +{
> +	stop
> +	start
> +}
> +
> +# See how we were called.
> +case "$1" in
> +  start)
> +	start
> +	;;
> +  stop)
> +	stop
> +	;;
> +  status)
> +	status restorecond
> +	RETVAL=$?
> +	;;
> +  force-reload|restart|reload)
> +	restart
> +	;;
> +  condrestart)
> +	[ -e /var/lock/subsys/restorecond ] && restart || :
> +	;;
> +  *)
> +	echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
> +	RETVAL=3
> +esac
> +
> +exit $RETVAL

Same comment as for other init scripts: please make this more similar
to other Buildroot init scripts.

> diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
> new file mode 100644
> index 0000000..0e5d802
> --- /dev/null
> +++ b/package/policycoreutils/policycoreutils.mk
> @@ -0,0 +1,243 @@
> +################################################################################
> +#
> +# policycoreutils
> +#
> +################################################################################
> +
> +POLICYCOREUTILS_VERSION = 2.1.14
> +POLICYCOREUTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
> +POLICYCOREUTILS_LICENSE = GPLv2
> +POLICYCOREUTILS_LICENSE_FILES = COPYING
> +
> +POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng

Why is libcap-ng a mandatory dependency here, but not referenced in the
Config.in file?

> +
> +ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
> +	POLICYCOREUTILS_DEPENDENCIES += linux-pam
> +	POLICYCOREUTILS_MAKE_OPTS += NAMESPACE_PRIV=y
> +define POLICYCOREUTILS_INSTALL_TARGET_LINUX_PAM_CONFS
> +	$(INSTALL) -D -m 0644 $(@D)/newrole/newrole-lspp.pamd $(TARGET_DIR)/etc/pam.d/newrole
> +	$(INSTALL) -D -m 0644 $(@D)/run_init/run_init.pamd $(TARGET_DIR)/etc/pam.d/run_init
> +endef
> +endif
> +
> +ifeq ($(BR2_PACKAGE_AUDIT),y)
> +	POLICYCOREUTILS_DEPENDENCIES += audit
> +	POLICYCOREUTILS_MAKE_OPTS += AUDIT_LOG_PRIV=y
> +endif
> +
> +# Enable LSPP_PRIV if both audit and linux pam are enabled
> +ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
> +ifeq ($(BR2_PACKAGE_AUDIT),y)

This can be:

ifeq ($(BR2_PACKAGE_LINUX_PAM)$(BR2_PACKAGE_AUDIT),yy)

> +	POLICYCOREUTILS_MAKE_OPTS += LSPP_PRIV=y
> +endif
> +endif
> +
> +# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h 
> +# large file support.
> +# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
> +POLICYCOREUTILS_MAKE_OPTS = \
> +	$(TARGET_CONFIGURE_OPTS) \
> +	CFLAGS+="-U_FILE_OFFSET_BITS"

Should be:

	CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS"

In some other packages, I've opted for a filter-out,
seehttp://git.buildroot.net/buildroot/tree/package/musl/musl.mk#n24.
But maybe a -U<foo> as you did is better.

> +
> +ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
> +
> +POLICYCOREUTILS_DEPENDENCIES += dbus-glib
> +
> +define POLICYCOREUTILS_RESTORECOND_BUILD_CMDS
> +	$(MAKE) -C $(@D)/restorecond $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all

No quotes around $(STAGING_DIR), we don't do it anywhere else.

> +endef
> +
> +define POLICYCOREUTILS_RESTORECOND_INSTALL_TARGET_CMDS
> +	$(MAKE) -C $(@D)/restorecond $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(TARGET_DIR)" install

Ditto.

> +	rm $(TARGET_DIR)/etc/init.d/restorecond
> +endef
> +
> +define POLICYCOREUTILS_RESTORECOND_INSTALL_INIT_SYSV
> +	$(INSTALL) -m 0755 package/policycoreutils/S15restorecond \
> +		$(TARGET_DIR)/etc/init.d/
> +endef
> +
> +endif # End of BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
> +
> +ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_MCSTRANS),y)
> +
> +POLICYCOREUTILS_DEPENDENCIES += pcre libcap
> +
> +define POLICYCOREUTILS_MCSTRANS_BUILD_CMDS
> +	$(MAKE) -C $(@D)/mcstrans $(TARGET_CONFIGURE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +endef
> +
> +define POLICYCOREUTILS_MCSTRANS_INSTALL_TARGET_CMDS
> +	$(MAKE) -C $(@D)/mcstrans $(TARGET_CONFIGURE_OPTS) \
> +		DESTDIR="$(TARGET_DIR)" install
> +endef
> +
> +endif # End of BR2_PACKAGE_POLICYCOREUTILS_MCSTRANS
> +
> +ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_SANDBOX),y)
> +
> +POLICYCOREUTILS_DEPENDENCIES += libcgroup
> +
> +define POLICYCOREUTILS_SANDBOX_BUILD_CMDS
> +	$(MAKE) -C $(@D)/sandbox $(TARGET_CONFIGURE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +endef
> +
> +define POLICYCOREUTILS_SANDBOX_INSTALL_TARGET_CMDS
> +	$(MAKE) -C $(@D)/sandbox $(TARGET_CONFIGURE_OPTS) \
> +		DESTDIR="$(TARGET_DIR)" install
> +endef
> +
> +endif # End of BR2_PACKAGE_POLICYCOREUTILS_SANDBOX
> +
> +define POLICYCOREUTILS_BUILD_CMDS
> +	$(MAKE) -C $(@D)/load_policy $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/newrole $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/run_init $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/secon $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/semodule $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/semodule_deps $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/semodule_expand $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/semodule_link $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/semodule_package $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/sepolgen-ifgen $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/sestatus $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/setfiles $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(MAKE) -C $(@D)/setsebool $(POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(STAGING_DIR)" all
> +	$(POLICYCOREUTILS_RESTORECOND_BUILD_CMDS)
> +	$(POLICYCOREUTILS_MCSTRANS_BUILD_CMDS)
> +	$(POLICYCOREUTILS_SANDBOX_BUILD_CMDS)
> +endef

Very repetitive, no? What about:

POLICYCOREUTILS_MAKE_DIRS = load_policy newrole run_init \
	secon semodule semodule_deps semodule_expand semodule_link \
	semodule_package sepolgen-ifgen sestatus setfiles setsebool

ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
POLICYCOREUTILS_DEPENDENCIES += dbus-glib
POLICYCOREUTILS_MAKE_DIRS + restorecond
endif

ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_MCSTRANS),y)
POLICYCOREUTILS_DEPENDENCIES += pcre libcap
POLICYCOREUTILS_MAKE_DIRS + mcstrans
endif

... ditto for sandbox ...

and then:

define POLICYCOREUTILS_BUILD_CMDS
	for dir in $(POLICYCOREUTILS_MAKE_DIRS) ; do \
		$(MAKE) -C $(@D)/$${dir} $(POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(STAGING_DIR) all || exit 1 ; \
	done
endef

define POLICYCOREUTILS_INSTALL_TARGET_CMDS
	for dir in $(POLICYCOREUTILS_MAKE_DIRS) ; do \
		$(MAKE) -C $(@D)/$${dir} $(POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install || exit 1 ; \
	done
endef

Seems a bit smarter, no?

> +HOST_POLICYCOREUTILS_DEPENDENCIES += host-libsemanage host-dbus-glib host-sepolgen host-setools

Why a += ?

> +
> +# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h 
> +# large file support.
> +# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
> +HOST_POLICYCOREUTILS_MAKE_OPTS = \
> +	$(HOST_CONFIGURE_OPTS) \
> +	CFLAGS+="-U_FILE_OFFSET_BITS" \
> +	PYTHON="$(HOST_DIR)/usr/bin/python"
> +
> +ifeq ($(BR2_PACKAGE_PYTHON3),y)
> +HOST_POLICYCOREUTILS_DEPENDENCIES += host-python3
> +HOST_POLICYCOREUTILS_MAKE_OPTS = \
> +	$(HOST_CONFIGURE_OPTS) \
> +	CFLAGS+="-U_FILE_OFFSET_BITS" \
> +	PYLIBVER="python$(PYTHON3_VERSION_MAJOR)" \
> +	PYTHON_SRC="$(BUILD_DIR)/host-python$(PYTHON3_VERSION)"
> +else
> +HOST_POLICYCOREUTILS_DEPENDENCIES += host-python
> +HOST_POLICYCOREUTILS_MAKE_OPTS = \
> +	$(HOST_CONFIGURE_OPTS) \
> +	CFLAGS+="-U_FILE_OFFSET_BITS" \
> +	PYLIBVER="python$(PYTHON_VERSION_MAJOR)" \
> +	PYTHON_SRC="$(BUILD_DIR)/host-python$(PYTHON_VERSION)"
> +endif

Why do you duplicate things?

> +# Note: We are only building the programs required by the refpolicy build
> +define HOST_POLICYCOREUTILS_BUILD_CMDS
> +	$(MAKE) -C $(@D)/semodule $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_package $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_link $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_expand $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_deps $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/load_policy $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/setfiles $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/restorecond $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(HOST_DIR)" all
> +	$(MAKE) -C $(@D)/audit2allow $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(HOST_DIR)" all
> +	$(MAKE) -C $(@D)/audit2why $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(HOST_DIR)" all
> +	$(MAKE) -C $(@D)/scripts $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(HOST_DIR)" all
> +	$(MAKE) -C $(@D)/semanage $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(HOST_DIR)" all
> +	$(MAKE) -C $(@D)/sepolicy $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR="$(HOST_DIR)" all
> +endef
> +
> +define HOST_POLICYCOREUTILS_INSTALL_CMDS
> +	$(MAKE) -C $(@D)/semodule install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_package install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_link install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_expand install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semodule_deps install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/load_policy install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/setfiles install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/restorecond install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/audit2allow install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/audit2why install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/scripts install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/semanage install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	$(MAKE) -C $(@D)/sepolicy install $(HOST_POLICYCOREUTILS_MAKE_OPTS) \
> +		DESTDIR=$(HOST_DIR)
> +	# Fix python paths
> +	$(SED) 's~/usr/bin/~$(HOST_DIR)/usr/bin/~g' $(HOST_DIR)/usr/bin/audit2allow
> +	$(SED) 's~/usr/bin/~$(HOST_DIR)/usr/bin/~g' $(HOST_DIR)/usr/bin/audit2why
> +	$(SED) 's~/usr/bin/~$(HOST_DIR)/usr/bin/~g' $(HOST_DIR)/usr/bin/sepolgen-ifgen
> +	$(SED) 's~/usr/bin/~$(HOST_DIR)/usr/bin/~g' $(HOST_DIR)/usr/bin/sepolicy
> +endef

Same comment, please refactor.

> +
> +$(eval $(generic-package))
> +$(eval $(host-generic-package))

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

next prev parent reply	other threads:[~2015-01-09 16:34 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-09 15:11 [Buildroot] [PATCH v4 00/27] SELinux Buildroot Additions Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 01/27] sepolgen: new package Matt Weber
2015-01-09 15:22   ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 02/27] sqlite: Add host build support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 03/27] setools: new package Matt Weber
2015-01-09 15:37   ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 04/27] python-pyparsing: Add host build option Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 05/27] audit: new package Matt Weber
2015-01-09 15:32   ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 06/27] policycoreutils: " Matt Weber
2015-01-09 16:34   ` Thomas Petazzoni [this message]
2015-01-09 15:11 ` [Buildroot] [PATCH v4 07/27] python-pyxml: " Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 08/27] refpolicy: " Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 09/27] repolicy: base policy modifications for embedded target Matt Weber
2015-01-09 15:42   ` Thomas Petazzoni
2015-01-09 15:11 ` [Buildroot] [PATCH v4 10/27] refpolicy: custom git repo Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 11/27] shadow: new package Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 12/27] busybox: applets as individual binaries Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 13/27] busybox: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 14/27] busybox: added linux-pam support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 15/27] busybox: default selinux config which disables init and uses sysvinit Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 16/27] qemu_x86_selinux_defconfig: base SELinux QEMU image for x86 Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 17/27] linux-pam: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 18/27] sysvinit: added libselinux dependency Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 19/27] dbus: selinux file context support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 20/27] logrotate: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 21/27] openssh: selinux and pam support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 22/27] util-linux: selinux, audit, " Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 23/27] vim: selinux support Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 24/27] rsyslog: fix config file comment style Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 25/27] qemu x86 readme: documented selinux target Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 26/27] readline: host support for host-sqlite Matt Weber
2015-01-09 15:11 ` [Buildroot] [PATCH v4 27/27] libsemanage: cleanup python use and license definition Matt Weber
2015-01-10 15:51 ` [Buildroot] [PATCH v4 00/27] SELinux Buildroot Additions Thomas Petazzoni
2015-01-12 15:32   ` Matthew Weber

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150109173402.7e1d6818@free-electrons.com \
    --to=thomas.petazzoni@free-electrons.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox