[Buildroot] [PATCH 1/7] audit: bump to version 2.5.2

[Buildroot] [PATCH 1/7] audit: bump to version 2.5.2

[Adam Duskett]

Added the ability to compile audit against host as well, this is needed as the host version of libsemanage requires libaudit.h

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 package/audit/audit.hash |  2 +-
 package/audit/audit.mk   | 24 +++++++++++++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/package/audit/audit.hash b/package/audit/audit.hash
index f234fdb..ad7f09a 100644
--- a/package/audit/audit.hash
+++ b/package/audit/audit.hash
@@ -1,2 +1,2 @@
 #Locally computed
-sha256	25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23	audit-2.4.4.tar.gz
+sha256	f7c35a8c27d98255303f0e828d1045df43f968957bc733338335c64f2ede024d audit-2.5.2.tar.gz
diff --git a/package/audit/audit.mk b/package/audit/audit.mk
index 1fbc623..f705483 100644
--- a/package/audit/audit.mk
+++ b/package/audit/audit.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-AUDIT_VERSION = 2.4.4
+AUDIT_VERSION = 2.5.2
 AUDIT_SITE = http://people.redhat.com/sgrubb/audit
 AUDIT_LICENSE = GPLv2
 AUDIT_LICENSE_FILES = COPYING
@@ -46,6 +46,7 @@ define AUDIT_INSTALL_INIT_SYSTEMD
 	ln -fs ../../../../usr/lib/systemd/system/auditd.service \
 		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/auditd.service
 
+	mkdir -p $(TARGET_DIR)/usr/lib/tmpfiles.d
 	$(INSTALL) -D -m 644 package/audit/audit_tmpfiles.conf \
 		$(TARGET_DIR)/usr/lib/tmpfiles.d/audit.conf
 endef
@@ -56,4 +57,25 @@ define AUDIT_INSTALL_CLEANUP
 endef
 AUDIT_POST_INSTALL_TARGET_HOOKS += AUDIT_INSTALL_CLEANUP
 
+HOST_AUDIT_CONF_OPTS = --without-python --without-python3 --disable-zos-remote --with-libcap-ng=no
+ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
+HOST_AUDIT_DEPENDENCIES += libcap-ng
+HOST_AUDIT_CONF_OPTS += --with-libcap-ng=yes
+else
+HOST_AUDIT_CONF_OPTS += --with-libcap-ng=no
+endif
+
+ifeq ($(BR2_INIT_SYSTEMD),y)
+HOST_AUDIT_CONF_OPTS += --enable-systemd
+else
+HOST_AUDIT_CONF_OPTS += --disable-systemd
+endif
+
+define AUDIT_INSTALL_CLEANUP
+	$(RM) -rf $(HOST_DIR)/etc/rc.d
+	$(RM) -rf $(HOST_DIR)/etc/sysconfig
+endef
+
+
 $(eval $(autotools-package))
+$(eval $(host-autotools-package))
-- 
2.7.4

[Buildroot] [PATCH 2/7] checkpolicy: bump to version 2.5

[Adam Duskett]

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 package/checkpolicy/checkpolicy.hash | 2 +-
 package/checkpolicy/checkpolicy.mk   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/checkpolicy/checkpolicy.hash b/package/checkpolicy/checkpolicy.hash
index 32b5ff6..bc5199c 100644
--- a/package/checkpolicy/checkpolicy.hash
+++ b/package/checkpolicy/checkpolicy.hash
@@ -1,2 +1,2 @@
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 e6a0ac539b74859b4262b317eb90d9914deb15e7aa509659f47724d50fe2ecc6  checkpolicy-2.1.12.tar.gz
+sha256 33af9f3eb19135a7e6536ecd3fbb9686323000016cd51eb88346346ed7546001  checkpolicy-2.5.tar.gz
diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
index 4b7b2f3..f1b76d0 100644
--- a/package/checkpolicy/checkpolicy.mk
+++ b/package/checkpolicy/checkpolicy.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-CHECKPOLICY_VERSION = 2.1.12
-CHECKPOLICY_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
+CHECKPOLICY_VERSION = 2.5
+CHECKPOLICY_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
 CHECKPOLICY_LICENSE = GPLv2
 CHECKPOLICY_LICENSE_FILES = COPYING
 
-- 
2.7.4

[Buildroot] [PATCH 3/7] Add host-libcap-ng capabilities.

[Adam Duskett]

host-libcap-ng can be a requirement for host-audit.  This allows libcap-ng to be compiled as a host package.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 package/libcap-ng/libcap-ng.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/libcap-ng/libcap-ng.mk b/package/libcap-ng/libcap-ng.mk
index d78f5dc..543cbe6 100644
--- a/package/libcap-ng/libcap-ng.mk
+++ b/package/libcap-ng/libcap-ng.mk
@@ -13,4 +13,8 @@ LIBCAP_NG_INSTALL_STAGING = YES
 LIBCAP_NG_CONF_ENV = ac_cv_prog_swig_found=no
 LIBCAP_NG_CONF_OPTS = --without-python
 
+HOST_LIBCAP_NG_CONF_ENV = ac_cv_prog_swig_found=no
+HOST_LIBCAP_NG_CONF_OPTS = --without-python
+
 $(eval $(autotools-package))
+$(eval $(host-autotools-package))
-- 
2.7.4

[Buildroot] [PATCH 4/7] v3-libselinux: bump to version 2.5

[Adam Duskett]

In addition, glibc 2.22 will fail to compile against the default flag -D_FILE_OFFSET_BITS64
This option is now overwritten in libselinux.mk to ensure that toolchains compiled against glibc 2.22
will build the new version of the package.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 package/libselinux/libselinux.hash | 2 +-
 package/libselinux/libselinux.mk   | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/package/libselinux/libselinux.hash b/package/libselinux/libselinux.hash
index 861c327..a4c3440 100644
--- a/package/libselinux/libselinux.hash
+++ b/package/libselinux/libselinux.hash
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a libselinux-2.1.13.tar.gz
+sha256 94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f libselinux-2.5.tar.gz
diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index d4b96c4..f2757ab 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-LIBSELINUX_VERSION = 2.1.13
-LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
+LIBSELINUX_VERSION = 2.5
+LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
 LIBSELINUX_LICENSE = Public Domain
 LIBSELINUX_LICENSE_FILES = LICENSE
 
@@ -13,8 +13,10 @@ LIBSELINUX_DEPENDENCIES = libsepol pcre
 
 LIBSELINUX_INSTALL_STAGING = YES
 
+#Because Glibc 2.22 fails to compile against -D_FILE_OFFSET_BITS64, CFLAGS have to be specified manually.
 LIBSELINUX_MAKE_OPTS = \
 	$(TARGET_CONFIGURE_OPTS) \
+	CFLAGS="-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" \
 	LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread" \
 	ARCH=$(KERNEL_ARCH)
 
-- 
2.7.4

[Buildroot] [PATCH 5/7] libsemanage: bump to version 2.5

[Adam Duskett]

In addition to bumping the version to 2.5, the new version requires audit (as far as I can tell, it fails compilation without it while compilaining it can't find audit.h)
Also the new version of libsemanage already has the fix provided by 0001-execption-lib-path-fix.patch and therefor I removed it.
Because of the removal of that patch, I renamed 0002-workaround-blackfin-issue.patch to 0001-workaround-blackfin-issue.patch

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 package/libsemanage/0001-execption-lib-path-fix.patch      | 14 --------------
 ...in-issue.patch => 0001-workaround-blackfin-issue.patch} |  4 ++--
 package/libsemanage/libsemanage.hash                       |  2 +-
 package/libsemanage/libsemanage.mk                         |  6 +++---
 4 files changed, 6 insertions(+), 20 deletions(-)
 delete mode 100644 package/libsemanage/0001-execption-lib-path-fix.patch
 rename package/libsemanage/{0002-workaround-blackfin-issue.patch => 0001-workaround-blackfin-issue.patch} (94%)

diff --git a/package/libsemanage/0001-execption-lib-path-fix.patch b/package/libsemanage/0001-execption-lib-path-fix.patch
deleted file mode 100644
index cbcbea5..0000000
--- a/package/libsemanage/0001-execption-lib-path-fix.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-Patch to correct a missing header file issue.
-
-Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
-
---- a/src/exception.sh	2011-12-21 11:46:04.000000000 -0600
-+++ b/src/exception.sh	2012-08-27 11:29:58.000000000 -0500
-@@ -9,6 +9,6 @@
- }
- "
- }
--gcc -x c -c - -aux-info temp.aux < ../include/semanage/semanage.h
-+gcc -x c -c - -aux-info temp.aux -I../include < ../include/semanage/semanage.h
- for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done
- rm -f -- temp.aux -.o
diff --git a/package/libsemanage/0002-workaround-blackfin-issue.patch b/package/libsemanage/0001-workaround-blackfin-issue.patch
similarity index 94%
rename from package/libsemanage/0002-workaround-blackfin-issue.patch
rename to package/libsemanage/0001-workaround-blackfin-issue.patch
index 5d00c69..af28a63 100644
--- a/package/libsemanage/0002-workaround-blackfin-issue.patch
+++ b/package/libsemanage/0001-workaround-blackfin-issue.patch
@@ -14,8 +14,8 @@ Index: b/src/dso.h
 --- a/src/dso.h
 +++ b/src/dso.h
 @@ -1,7 +1,7 @@
- #ifndef _SELINUX_DSO_H
- #define _SELINUX_DSO_H	1
+ #ifndef _SEPOL_DSO_H
+ #define _SEPOL_DSO_H	1
  
 -#ifdef SHARED
 +#if defined(SHARED) && !defined(__bfin__)
diff --git a/package/libsemanage/libsemanage.hash b/package/libsemanage/libsemanage.hash
index d4204d1..69f7c8d 100644
--- a/package/libsemanage/libsemanage.hash
+++ b/package/libsemanage/libsemanage.hash
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 de2e8077245581e94576276f54e80a53c23c28d6961d2dfbe2f004eaba452e91 libsemanage-2.1.10.tar.gz
+sha256 46e2f36254369b6e91d1eea0460c262b139361b055a3a67d3ceea2d8ef72e006 libsemanage-2.5.tar.gz
diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
index 197c14e..fead50d 100644
--- a/package/libsemanage/libsemanage.mk
+++ b/package/libsemanage/libsemanage.mk
@@ -4,11 +4,11 @@
 #
 ################################################################################
 
-LIBSEMANAGE_VERSION = 2.1.10
-LIBSEMANAGE_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
+LIBSEMANAGE_VERSION = 2.5
+LIBSEMANAGE_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
 LIBSEMANAGE_LICENSE = LGPLv2.1+
 LIBSEMANAGE_LICENSE_FILES = COPYING
-LIBSEMANAGE_DEPENDENCIES = host-bison host-flex libselinux ustr bzip2
+LIBSEMANAGE_DEPENDENCIES = host-bison host-flex host-audit libselinux ustr bzip2
 LIBSEMANAGE_INSTALL_STAGING = YES
 
 LIBSEMANAGE_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS)
-- 
2.7.4

[Buildroot] [PATCH 6/7] libsepol: bump version to 2.5

[Adam Duskett]

I also updated the patches to work with the new version.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 package/libsepol/0001-support-static-only.patch    | 25 +++++++++++-----------
 .../libsepol/0002-workaround-blackfin-issue.patch  |  7 +++---
 package/libsepol/libsepol.hash                     |  2 +-
 package/libsepol/libsepol.mk                       |  4 ++--
 4 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
index b974680..02ae994 100644
--- a/package/libsepol/0001-support-static-only.patch
+++ b/package/libsepol/0001-support-static-only.patch
@@ -10,34 +10,33 @@ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 
 Index: b/src/Makefile
 ===================================================================
+
+diff --git a/src/Makefile b/src/Makefile
+index db6c2ba..0006285 100644
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -17,7 +17,12 @@
- CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
- override CFLAGS += -I. -I../include -D_GNU_SOURCE
+@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
+ override CFLAGS += -I$(CILDIR)/include
+ endif
  
--all: $(LIBA) $(LIBSO) $(LIBPC)
 +ALL_TARGETS = $(LIBA) $(LIBPC)
 +ifeq ($(STATIC),)
 +ALL_TARGETS += $(LIBSO)
 +endif
-+
+
+-all: $(LIBA) $(LIBSO) $(LIBPC)
 +all: $(ALL_TARGETS)
  
+
  $(LIBA):  $(OBJS)
- 	$(AR) rcs $@ $^
-@@ -39,11 +44,13 @@
- install: all
- 	test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- 	install -m 644 $(LIBA) $(LIBDIR)
--	test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
--	install -m 755 $(LIBSO) $(SHLIBDIR)
+@@ -70,7 +74,11 @@ install: all
+ 	install -m 755 $(LIBSO) $(SHLIBDIR)
  	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
  	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
 +ifeq ($(STATIC),)
 +	test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
 +	install -m 755 $(LIBSO) $(SHLIBDIR)
- 	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+ 	ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
 +endif
  
  relabel:
diff --git a/package/libsepol/0002-workaround-blackfin-issue.patch b/package/libsepol/0002-workaround-blackfin-issue.patch
index 5d00c69..b6809fe 100644
--- a/package/libsepol/0002-workaround-blackfin-issue.patch
+++ b/package/libsepol/0002-workaround-blackfin-issue.patch
@@ -13,12 +13,13 @@ Index: b/src/dso.h
 ===================================================================
 --- a/src/dso.h
 +++ b/src/dso.h
-@@ -1,7 +1,7 @@
- #ifndef _SELINUX_DSO_H
- #define _SELINUX_DSO_H	1
+@@ -5,7 +5,7 @@
+     #define DISABLE_SYMVER 1
+ #endif
  
 -#ifdef SHARED
 +#if defined(SHARED) && !defined(__bfin__)
  # define hidden __attribute__ ((visibility ("hidden")))
  # define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
  # define __hidden_proto(fct, internal)	\
+
diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
index df5dabd..266ce43 100644
--- a/package/libsepol/libsepol.hash
+++ b/package/libsepol/libsepol.hash
@@ -1,2 +1,2 @@
 # From https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256	290d17f583635a4a5d8a2141511272adf0571c4205cdea38b5a68df20d58a70b  libsepol-2.1.9.tar.gz
+sha256 2bdeec56d0a08b082b93b40703b4b3329cc5562152f7254d8f6ef6b56afe850a  libsepol-2.5.tar.gz
diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
index 1e709c6..93896cf 100644
--- a/package/libsepol/libsepol.mk
+++ b/package/libsepol/libsepol.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-LIBSEPOL_VERSION = 2.1.9
-LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
+LIBSEPOL_VERSION = 2.5
+LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
 LIBSEPOL_LICENSE = LGPLv2.1+
 LIBSEPOL_LICENSE_FILES = COPYING
 
-- 
2.7.4

[Buildroot] [PATCH 7/7] setools: Added 0003-fix-compile-against-new-selinux-libraries.patch

[Adam Duskett]

setools 3.3.8 won't cleanly compile against newer versions of the new selinux libraries.
This patch fixes these errors.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
 ...fix-compile-against-new-selinux-libraries.patch | 83 ++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 package/setools/0003-fix-compile-against-new-selinux-libraries.patch

diff --git a/package/setools/0003-fix-compile-against-new-selinux-libraries.patch b/package/setools/0003-fix-compile-against-new-selinux-libraries.patch
new file mode 100644
index 0000000..565efbc
--- /dev/null
+++ b/package/setools/0003-fix-compile-against-new-selinux-libraries.patch
@@ -0,0 +1,83 @@
+diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
+index fad6b60..231962f 100644
+--- a/libqpol/src/policy_define.c
++++ b/libqpol/src/policy_define.c
+@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
+ 				return -1;
+ 			}
+ 			class_perm_node_init(perm);
+-			perm->class = i + 1;
++			perm->tclass = i + 1;
+ 			perm->data = datum->s.value;
+ 			perm->next = avrule->perms;
+ 			avrule->perms = perm;
+@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
+ 			goto out;
+ 		}
+ 		class_perm_node_init(cur_perms);
+-		cur_perms->class = i + 1;
++		cur_perms->tclass = i + 1;
+ 		if (!perms)
+ 			perms = cur_perms;
+ 		if (tail)
+diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
+index 5325a87..1417271 100644
+--- a/libqpol/src/policy_extend.c
++++ b/libqpol/src/policy_extend.c
+@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
+ 			for (class_node = rule->perms; class_node; class_node = class_node->next) {
+ 				key.rule_type = rule->specified;
+ 				key.source_val = key.target_val = i + 1;
+-				key.class_val = class_node->class;
++				key.class_val = class_node->tclass;
+ 				key.cond = cond;
+ 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
+ 					goto err;
+@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
+ 				key.rule_type = rule->specified;
+ 				key.source_val = i + 1;
+ 				key.target_val = j + 1;
+-				key.class_val = class_node->class;
++				key.class_val = class_node->tclass;
+ 				key.cond = cond;
+ 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
+ 					goto err;
+diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
+index 3e63204..d7578f1 100644
+--- a/libqpol/src/syn_rule_query.c
++++ b/libqpol/src/syn_rule_query.c
+@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
+ 		return NULL;
+ 	}
+
+-	return db->class_val_to_struct[srcs->cur->class - 1];
++	return db->class_val_to_struct[srcs->cur->tclass - 1];
+ }
+
+ static int syn_rule_class_state_next(qpol_iterator_t * iter)
+@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
+ 	}
+
+ 	for (node = internal_rule->perms; node; node = node->next) {
+-		for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
++		for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
+ 			if (!(node->data & (1 << i)))
+ 				continue;
+-			tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
++			tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
+ 			if (tmp) {
+ 				tmp++; /* remove prepended space */
+ 				for (cur = 0; cur < perm_list_sz; cur++)
+diff --git a/secmds/replcon.cc b/secmds/replcon.cc
+index 34f7c1a..307c39f 100644
+--- a/secmds/replcon.cc
++++ b/secmds/replcon.cc
+@@ -60,7 +60,7 @@ static struct option const longopts[] = {
+ 	{NULL, 0, NULL, 0}
+ };
+
+-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
++extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
+
+ /**
+  * As that setools must work with older libselinux versions that may
-- 
2.7.4

[Buildroot] [PATCH 1/7] audit: bump to version 2.5.2

[Yann E. MORIN]

Adam, All,

[Note: I did not really look at the previous iteration, and only had a
cursory look at Thomas previous review. However, here are my comments;
if they clash with Thomas', then Thomas is right.]

Since this is the second iteration, you should have added:

  - a 'v2' in the mail subjects;

  - a commit changelog in the message, stating what you changed.

For example:


    [PATCH 1/7 v2] audit: bump to version 2.5.2

    Update to version 2.5.2, needed for blabla foo bar
    buz...

    Signed-off-by: Your NAME <you@there>

    ---
    Changes v1 -> v2:
      - do not drop bundeld patches  (Thomas)


See the manual:
    https://buildroot.org/downloads/manual/manual.html#submitting-patches

and especially chap. 21.5.4, Patch revision changelog.

On 2016-06-24 17:32 -0400, Adam Duskett spake thusly:
> Added the ability to compile audit against host as well, this is needed as the host version of libsemanage requires libaudit.h

Messages should be wrapped at <80 chars per line (I cut mines@73).

So, this patch does two things:
  - bump the version,
  - add the host variants,

Which is a good indication that it should have been two patches (first
to bump, second to add host variant).

> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> ---
>  package/audit/audit.hash |  2 +-
>  package/audit/audit.mk   | 24 +++++++++++++++++++++++-
>  2 files changed, 24 insertions(+), 2 deletions(-)
> 
> diff --git a/package/audit/audit.hash b/package/audit/audit.hash
> index f234fdb..ad7f09a 100644
> --- a/package/audit/audit.hash
> +++ b/package/audit/audit.hash
> @@ -1,2 +1,2 @@
>  #Locally computed
> -sha256	25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23	audit-2.4.4.tar.gz
> +sha256	f7c35a8c27d98255303f0e828d1045df43f968957bc733338335c64f2ede024d audit-2.5.2.tar.gz
> diff --git a/package/audit/audit.mk b/package/audit/audit.mk
> index 1fbc623..f705483 100644
> --- a/package/audit/audit.mk
> +++ b/package/audit/audit.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -AUDIT_VERSION = 2.4.4
> +AUDIT_VERSION = 2.5.2
>  AUDIT_SITE = http://people.redhat.com/sgrubb/audit
>  AUDIT_LICENSE = GPLv2
>  AUDIT_LICENSE_FILES = COPYING
> @@ -46,6 +46,7 @@ define AUDIT_INSTALL_INIT_SYSTEMD
>  	ln -fs ../../../../usr/lib/systemd/system/auditd.service \
>  		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/auditd.service
>  
> +	mkdir -p $(TARGET_DIR)/usr/lib/tmpfiles.d

Not needed, as "install -D" will create the necessary directory
structure.

>  	$(INSTALL) -D -m 644 package/audit/audit_tmpfiles.conf \
>  		$(TARGET_DIR)/usr/lib/tmpfiles.d/audit.conf
>  endef
> @@ -56,4 +57,25 @@ define AUDIT_INSTALL_CLEANUP
>  endef
>  AUDIT_POST_INSTALL_TARGET_HOOKS += AUDIT_INSTALL_CLEANUP
>  
> +HOST_AUDIT_CONF_OPTS = --without-python --without-python3 --disable-zos-remote --with-libcap-ng=no

Please split long lines so that they are no longer than 80-chars:

However, in this case, it would not even be needed, as you don't need
the trailing "--with-libcap-ng=no" , as you're deaing with it below.

> +ifeq ($(BR2_PACKAGE_LIBCAP_NG),y)
> +HOST_AUDIT_DEPENDENCIES += libcap-ng

This looks wrong: the host variant of the package depends on the target
variant?

Instead you want it to depend on host-libcap-ng (but we do not have a
host variant of libcap-ng, so you'd have to add it first).

And anyway, is it required that the host variant has the same set of
features as the target variant? Can't we always and unconditionally build
with libcap-ng?

> +HOST_AUDIT_CONF_OPTS += --with-libcap-ng=yes
> +else
> +HOST_AUDIT_CONF_OPTS += --with-libcap-ng=no
> +endif
> +
> +ifeq ($(BR2_INIT_SYSTEMD),y)
> +HOST_AUDIT_CONF_OPTS += --enable-systemd

Similarly: why the target init system should have an impact on the host
variant?

I think we would not need systemd at all on the host variant, would we?

> +else
> +HOST_AUDIT_CONF_OPTS += --disable-systemd
> +endif
> +
> +define AUDIT_INSTALL_CLEANUP
> +	$(RM) -rf $(HOST_DIR)/etc/rc.d
> +	$(RM) -rf $(HOST_DIR)/etc/sysconfig
> +endef

First: unucessaru to cleanup the host directory. Second: this macro is
not assigned to any hook, so it's not used.

Regards,
Yann E. MORIN.

> +
>  $(eval $(autotools-package))
> +$(eval $(host-autotools-package))
> -- 
> 2.7.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 2/7] checkpolicy: bump to version 2.5

[Yann E. MORIN]

Adam, All,

On 2016-06-24 17:32 -0400, Adam Duskett spake thusly:
> Signed-off-by: Adam Duskett <Aduskett@gmail.com>

Hash checked to be OK.

Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

Regards,
Yann E. MORIN.

> ---
>  package/checkpolicy/checkpolicy.hash | 2 +-
>  package/checkpolicy/checkpolicy.mk   | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/checkpolicy/checkpolicy.hash b/package/checkpolicy/checkpolicy.hash
> index 32b5ff6..bc5199c 100644
> --- a/package/checkpolicy/checkpolicy.hash
> +++ b/package/checkpolicy/checkpolicy.hash
> @@ -1,2 +1,2 @@
>  # https://github.com/SELinuxProject/selinux/wiki/Releases
> -sha256 e6a0ac539b74859b4262b317eb90d9914deb15e7aa509659f47724d50fe2ecc6  checkpolicy-2.1.12.tar.gz
> +sha256 33af9f3eb19135a7e6536ecd3fbb9686323000016cd51eb88346346ed7546001  checkpolicy-2.5.tar.gz
> diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
> index 4b7b2f3..f1b76d0 100644
> --- a/package/checkpolicy/checkpolicy.mk
> +++ b/package/checkpolicy/checkpolicy.mk
> @@ -4,8 +4,8 @@
>  #
>  ################################################################################
>  
> -CHECKPOLICY_VERSION = 2.1.12
> -CHECKPOLICY_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
> +CHECKPOLICY_VERSION = 2.5
> +CHECKPOLICY_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
>  CHECKPOLICY_LICENSE = GPLv2
>  CHECKPOLICY_LICENSE_FILES = COPYING
>  
> -- 
> 2.7.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 3/7] Add host-libcap-ng capabilities.

[Yann E. MORIN]

Adam, All,

On 2016-06-24 17:32 -0400, Adam Duskett spake thusly:
> host-libcap-ng can be a requirement for host-audit.  This allows libcap-ng to be compiled as a host package.

Too long line. Please wrap at <80 chars.

> Signed-off-by: Adam Duskett <Aduskett@gmail.com>

Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>

However, as discussed on IRC: this patch should come before you
introduce the host variant for the audit package.

So, probably in this order:

  - add host-libcap-ng
  - bump audit to 2.5
  - add host-audit

Regards,
Yann E. MORIN.

> ---
>  package/libcap-ng/libcap-ng.mk | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/package/libcap-ng/libcap-ng.mk b/package/libcap-ng/libcap-ng.mk
> index d78f5dc..543cbe6 100644
> --- a/package/libcap-ng/libcap-ng.mk
> +++ b/package/libcap-ng/libcap-ng.mk
> @@ -13,4 +13,8 @@ LIBCAP_NG_INSTALL_STAGING = YES
>  LIBCAP_NG_CONF_ENV = ac_cv_prog_swig_found=no
>  LIBCAP_NG_CONF_OPTS = --without-python
>  
> +HOST_LIBCAP_NG_CONF_ENV = ac_cv_prog_swig_found=no
> +HOST_LIBCAP_NG_CONF_OPTS = --without-python
> +
>  $(eval $(autotools-package))
> +$(eval $(host-autotools-package))
> -- 
> 2.7.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 4/7] v3-libselinux: bump to version 2.5

[Yann E. MORIN]

Adam, All,

On 2016-06-24 17:32 -0400, Adam Duskett spake thusly:
> In addition, glibc 2.22 will fail to compile against the default flag -D_FILE_OFFSET_BITS64
> This option is now overwritten in libselinux.mk to ensure that toolchains compiled against glibc 2.22
> will build the new version of the package.

Wrap long lines... ;-)

> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> ---
>  package/libselinux/libselinux.hash | 2 +-
>  package/libselinux/libselinux.mk   | 6 ++++--
>  2 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/package/libselinux/libselinux.hash b/package/libselinux/libselinux.hash
> index 861c327..a4c3440 100644
> --- a/package/libselinux/libselinux.hash
> +++ b/package/libselinux/libselinux.hash
> @@ -1,2 +1,2 @@
>  # Locally computed
> -sha256 57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a libselinux-2.1.13.tar.gz
> +sha256 94c9e97706280bedcc288f784f67f2b9d3d6136c192b2c9f812115edba58514f libselinux-2.5.tar.gz
> diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
> index d4b96c4..f2757ab 100644
> --- a/package/libselinux/libselinux.mk
> +++ b/package/libselinux/libselinux.mk
> @@ -4,8 +4,8 @@
>  #
>  ################################################################################
>  
> -LIBSELINUX_VERSION = 2.1.13
> -LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
> +LIBSELINUX_VERSION = 2.5
> +LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
>  LIBSELINUX_LICENSE = Public Domain
>  LIBSELINUX_LICENSE_FILES = LICENSE
>  
> @@ -13,8 +13,10 @@ LIBSELINUX_DEPENDENCIES = libsepol pcre
>  
>  LIBSELINUX_INSTALL_STAGING = YES
>  
> +#Because Glibc 2.22 fails to compile against -D_FILE_OFFSET_BITS64, CFLAGS have to be specified manually.

Space after the # sign. Wrapl ong lines... ;-)

>  LIBSELINUX_MAKE_OPTS = \
>  	$(TARGET_CONFIGURE_OPTS) \
> +	CFLAGS="-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" \

What about the other CFLAGS, from $(TARGET_CFLAGS)? You probably want to
use them, likes so:

    CFLAGS="$(TARGET_CFLAGS) -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" \

>  	LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread" \

... like we do here for LDFLAGS.

Regards,
Yann E. MORIN.

>  	ARCH=$(KERNEL_ARCH)
>  
> -- 
> 2.7.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 5/7] libsemanage: bump to version 2.5

[Yann E. MORIN]

Adam, All,

On 2016-06-24 17:32 -0400, Adam Duskett spake thusly:
> In addition to bumping the version to 2.5, the new version requires audit (as far as I can tell, it fails compilation without it while compilaining it can't find audit.h)
> Also the new version of libsemanage already has the fix provided by 0001-execption-lib-path-fix.patch and therefor I removed it.
> Because of the removal of that patch, I renamed 0002-workaround-blackfin-issue.patch to 0001-workaround-blackfin-issue.patch

Long lines... ;-)

> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> ---
[--SNIP--]
> diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
> index 197c14e..fead50d 100644
> --- a/package/libsemanage/libsemanage.mk
> +++ b/package/libsemanage/libsemanage.mk
> @@ -4,11 +4,11 @@
>  #
>  ################################################################################
>  
> -LIBSEMANAGE_VERSION = 2.1.10
> -LIBSEMANAGE_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
> +LIBSEMANAGE_VERSION = 2.5
> +LIBSEMANAGE_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
>  LIBSEMANAGE_LICENSE = LGPLv2.1+
>  LIBSEMANAGE_LICENSE_FILES = COPYING
> -LIBSEMANAGE_DEPENDENCIES = host-bison host-flex libselinux ustr bzip2
> +LIBSEMANAGE_DEPENDENCIES = host-bison host-flex host-audit libselinux ustr bzip2

So, it only needs audit as a host tool during the build? That's weird,
as, as you report, it complains about a missing audit.h, which seems to
imply it wants to include it, so needs the target variant.

So, probably you meant to add just 'audit', not 'host-audit'. Right?

Regards,
Yann E. MORIN.

>  LIBSEMANAGE_INSTALL_STAGING = YES
>  
>  LIBSEMANAGE_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS)
> -- 
> 2.7.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 6/7] libsepol: bump version to 2.5

[Yann E. MORIN]

Adam, All,

On 2016-06-24 17:32 -0400, Adam Duskett spake thusly:
> I also updated the patches to work with the new version.
> 
> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> ---
>  package/libsepol/0001-support-static-only.patch    | 25 +++++++++++-----------
>  .../libsepol/0002-workaround-blackfin-issue.patch  |  7 +++---
>  package/libsepol/libsepol.hash                     |  2 +-
>  package/libsepol/libsepol.mk                       |  4 ++--
>  4 files changed, 19 insertions(+), 19 deletions(-)
> 
> diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
> index b974680..02ae994 100644
> --- a/package/libsepol/0001-support-static-only.patch
> +++ b/package/libsepol/0001-support-static-only.patch
> @@ -10,34 +10,33 @@ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

Since you changed that patch, you should add your own Signed-off-by
line, just below Thomas' own SoB-line.

>  
>  Index: b/src/Makefile
>  ===================================================================
> +
> +diff --git a/src/Makefile b/src/Makefile
> +index db6c2ba..0006285 100644
>  --- a/src/Makefile
>  +++ b/src/Makefile
> -@@ -17,7 +17,12 @@
> - CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
> - override CFLAGS += -I. -I../include -D_GNU_SOURCE
> +@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
> + override CFLAGS += -I$(CILDIR)/include
> + endif
>   
> --all: $(LIBA) $(LIBSO) $(LIBPC)
>  +ALL_TARGETS = $(LIBA) $(LIBPC)
>  +ifeq ($(STATIC),)
>  +ALL_TARGETS += $(LIBSO)
>  +endif
> -+
> +
> +-all: $(LIBA) $(LIBSO) $(LIBPC)
>  +all: $(ALL_TARGETS)
>   
> +
>   $(LIBA):  $(OBJS)
> - 	$(AR) rcs $@ $^
> -@@ -39,11 +44,13 @@
> - install: all
> - 	test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> - 	install -m 644 $(LIBA) $(LIBDIR)
> --	test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> --	install -m 755 $(LIBSO) $(SHLIBDIR)
> +@@ -70,7 +74,11 @@ install: all
> + 	install -m 755 $(LIBSO) $(SHLIBDIR)
>   	test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
>   	install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
>  +ifeq ($(STATIC),)
>  +	test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
>  +	install -m 755 $(LIBSO) $(SHLIBDIR)
> - 	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> + 	ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
>  +endif
>   
>   relabel:
> diff --git a/package/libsepol/0002-workaround-blackfin-issue.patch b/package/libsepol/0002-workaround-blackfin-issue.patch
> index 5d00c69..b6809fe 100644
> --- a/package/libsepol/0002-workaround-blackfin-issue.patch
> +++ b/package/libsepol/0002-workaround-blackfin-issue.patch

Ditto.

Regards,
Yann E. MORIN.

> @@ -13,12 +13,13 @@ Index: b/src/dso.h
>  ===================================================================
>  --- a/src/dso.h
>  +++ b/src/dso.h
> -@@ -1,7 +1,7 @@
> - #ifndef _SELINUX_DSO_H
> - #define _SELINUX_DSO_H	1
> +@@ -5,7 +5,7 @@
> +     #define DISABLE_SYMVER 1
> + #endif
>   
>  -#ifdef SHARED
>  +#if defined(SHARED) && !defined(__bfin__)
>   # define hidden __attribute__ ((visibility ("hidden")))
>   # define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
>   # define __hidden_proto(fct, internal)	\
> +
> diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
> index df5dabd..266ce43 100644
> --- a/package/libsepol/libsepol.hash
> +++ b/package/libsepol/libsepol.hash
> @@ -1,2 +1,2 @@
>  # From https://github.com/SELinuxProject/selinux/wiki/Releases
> -sha256	290d17f583635a4a5d8a2141511272adf0571c4205cdea38b5a68df20d58a70b  libsepol-2.1.9.tar.gz
> +sha256 2bdeec56d0a08b082b93b40703b4b3329cc5562152f7254d8f6ef6b56afe850a  libsepol-2.5.tar.gz
> diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
> index 1e709c6..93896cf 100644
> --- a/package/libsepol/libsepol.mk
> +++ b/package/libsepol/libsepol.mk
> @@ -4,8 +4,8 @@
>  #
>  ################################################################################
>  
> -LIBSEPOL_VERSION = 2.1.9
> -LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423
> +LIBSEPOL_VERSION = 2.5
> +LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223
>  LIBSEPOL_LICENSE = LGPLv2.1+
>  LIBSEPOL_LICENSE_FILES = COPYING
>  
> -- 
> 2.7.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 7/7] setools: Added 0003-fix-compile-against-new-selinux-libraries.patch

[Yann E. MORIN]

Adam, All,

Subject for this change should probably be soething like:

  package/setools: fix build with latest selinux libs

On 2016-06-24 17:32 -0400, Adam Duskett spake thusly:
> setools 3.3.8 won't cleanly compile against newer versions of the new selinux libraries.
> This patch fixes these errors.

Long line... ;-)

> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> ---
>  ...fix-compile-against-new-selinux-libraries.patch | 83 ++++++++++++++++++++++
>  1 file changed, 83 insertions(+)
>  create mode 100644 package/setools/0003-fix-compile-against-new-selinux-libraries.patch
> 
> diff --git a/package/setools/0003-fix-compile-against-new-selinux-libraries.patch b/package/setools/0003-fix-compile-against-new-selinux-libraries.patch
> new file mode 100644
> index 0000000..565efbc
> --- /dev/null
> +++ b/package/setools/0003-fix-compile-against-new-selinux-libraries.patch
> @@ -0,0 +1,83 @@

This patch should have its own subject, ciommit log, and SoB-line.

Did you write that patch, or did you back-port it from upstream?
If the latter, please add a pointer to the corresponding commit (in
their git tree or mailing list or whatever).

And if you backported it, add your own SoB-line too.

Regards,
Yann E. MORIN.

> +diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
> +index fad6b60..231962f 100644
> +--- a/libqpol/src/policy_define.c
> ++++ b/libqpol/src/policy_define.c
> +@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
> + 				return -1;
> + 			}
> + 			class_perm_node_init(perm);
> +-			perm->class = i + 1;
> ++			perm->tclass = i + 1;
> + 			perm->data = datum->s.value;
> + 			perm->next = avrule->perms;
> + 			avrule->perms = perm;
> +@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
> + 			goto out;
> + 		}
> + 		class_perm_node_init(cur_perms);
> +-		cur_perms->class = i + 1;
> ++		cur_perms->tclass = i + 1;
> + 		if (!perms)
> + 			perms = cur_perms;
> + 		if (tail)
> +diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
> +index 5325a87..1417271 100644
> +--- a/libqpol/src/policy_extend.c
> ++++ b/libqpol/src/policy_extend.c
> +@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> + 			for (class_node = rule->perms; class_node; class_node = class_node->next) {
> + 				key.rule_type = rule->specified;
> + 				key.source_val = key.target_val = i + 1;
> +-				key.class_val = class_node->class;
> ++				key.class_val = class_node->tclass;
> + 				key.cond = cond;
> + 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> + 					goto err;
> +@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> + 				key.rule_type = rule->specified;
> + 				key.source_val = i + 1;
> + 				key.target_val = j + 1;
> +-				key.class_val = class_node->class;
> ++				key.class_val = class_node->tclass;
> + 				key.cond = cond;
> + 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> + 					goto err;
> +diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
> +index 3e63204..d7578f1 100644
> +--- a/libqpol/src/syn_rule_query.c
> ++++ b/libqpol/src/syn_rule_query.c
> +@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
> + 		return NULL;
> + 	}
> +
> +-	return db->class_val_to_struct[srcs->cur->class - 1];
> ++	return db->class_val_to_struct[srcs->cur->tclass - 1];
> + }
> +
> + static int syn_rule_class_state_next(qpol_iterator_t * iter)
> +@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
> + 	}
> +
> + 	for (node = internal_rule->perms; node; node = node->next) {
> +-		for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
> ++		for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
> + 			if (!(node->data & (1 << i)))
> + 				continue;
> +-			tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
> ++			tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
> + 			if (tmp) {
> + 				tmp++; /* remove prepended space */
> + 				for (cur = 0; cur < perm_list_sz; cur++)
> +diff --git a/secmds/replcon.cc b/secmds/replcon.cc
> +index 34f7c1a..307c39f 100644
> +--- a/secmds/replcon.cc
> ++++ b/secmds/replcon.cc
> +@@ -60,7 +60,7 @@ static struct option const longopts[] = {
> + 	{NULL, 0, NULL, 0}
> + };
> +
> +-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
> ++extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
> +
> + /**
> +  * As that setools must work with older libselinux versions that may
> -- 
> 2.7.4
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'