[Buildroot] [PATCH 00/30] SELinux improvements

[Buildroot] [PATCH 00/30] SELinux improvements

[Thomas Petazzoni]

Hello,

While working on SELinux support in OpenWRT, I re-did the packaging of
a number of SELinux components, and found that a few things could be
improved in Buildroot. Most notably, OpenWRT uses musl as the C
library, and I was able to make the SELinux stack working on musl
without too much effort, while libselinux (and consequently the rest
of the SELinux stack) in Buildroot currently depends on glibc.

So, this patch series:

 - Drops a number of dependencies of host-policycoreutils that are no
   longer needed, and drops passing the ARCH and DESTDIR variables
   when they are not needed

 - Drops the ustr depends from libsemanage (it is no longer used) and
   remove the ustr package as it was only used by libsemanage.

 - Introduces the musl-fts package, which is a replacement fts
   implementation that can be used when the C library is musl or
   uClibc-ng with FTS support disabled (which is our case). Then
   libselinux is modified to use musl-fts, and the glibc dependency is
   dropped from libselinux and all its reverse dependencies.

 - Re-enables libselinux on ARC (it was disabled on this architecture
   back in 2015, due to toolchain issues, but they are resolved): the
   !BR2_arc dependency is dropped from libselinux and all its reverse
   dependencies

This patch series has been tested with the following defconfigs:

* An ARM uClibc defconfig, with all affected packages enabled:

BR2_arm=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-full-2019.05.1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_4_9=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_14=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
# BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_CHECKPOLICY=y
BR2_PACKAGE_REFPOLICY=y
BR2_PACKAGE_RESTORECOND=y
BR2_PACKAGE_SELINUX_PYTHON=y
BR2_PACKAGE_SEMODULE_UTILS=y
BR2_PACKAGE_SETOOLS=y
BR2_PACKAGE_ANDROID_TOOLS=y
BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT=y
BR2_PACKAGE_ANDROID_TOOLS_ADB=y
BR2_PACKAGE_ANDROID_TOOLS_ADBD=y
# BR2_TARGET_ROOTFS_TAR is not set

* An ARM musl defconfig, with all affected packages enabled:

BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arm-cortex-a9-musl-2019.05.1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_7=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_5_1=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM_MUSL=y
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
BR2_PACKAGE_CHECKPOLICY=y
BR2_PACKAGE_REFPOLICY=y
BR2_PACKAGE_RESTORECOND=y
BR2_PACKAGE_SELINUX_PYTHON=y
BR2_PACKAGE_SEMODULE_UTILS=y
BR2_PACKAGE_SETOOLS=y
BR2_PACKAGE_ANDROID_TOOLS=y
BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT=y
BR2_PACKAGE_ANDROID_TOOLS_ADB=y
BR2_PACKAGE_ANDROID_TOOLS_ADBD=y
# BR2_TARGET_ROOTFS_TAR is not set

* An ARC defconfig, with all affected packages enabled, which can be
  enabled on ARC (indeed 'audit' is still not available on ARC)

BR2_arcle=y
BR2_archs38=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-arcle-hs38-full-2019.05.1.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_8=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_9=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
# BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_RESTORECOND=y
BR2_PACKAGE_SELINUX_PYTHON=y
BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW=y
BR2_PACKAGE_SETOOLS=y
BR2_PACKAGE_ANDROID_TOOLS=y
BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT=y
BR2_PACKAGE_ANDROID_TOOLS_ADB=y
BR2_PACKAGE_ANDROID_TOOLS_ADBD=y
# BR2_TARGET_ROOTFS_TAR is not set

Best regards,

Thomas Petazzoni

Thomas Petazzoni (30):
  package/policycoreutils: drop host-dbus-glib dependency from
    host-policycoreutils
  package/policycoreutils: drop host-python(3) dependency for
    host-policycoreutils
  package/policycoreutils: drop host-setools dependency from
    host-policycoreutils
  package/policycoreutils: drop ARCH variable
  package/policycoreutils: don't pass DESTDIR when building host variant
  package/libsemanage: drop dependency on ustr
  package/ustr: remove package
  package/libsemanage: reformat HOST_LIBSEMANAGE_DEPENDENCIES
  package/musl-fts: new package
  package/libselinux: allow building on !glibc using musl-fts
  package/busybox: selinux support now available on !glibc configs
  package/checkpolicy: now available on !glibc configs
  package/audit: re-enable on musl
  package/selinux-python: now available on !glibc configs
  package/setools: now available on !glibc configs
  package/android-tools: fastboot now available on !glibc toolchains
  package/restorecond: now available on !glibc configs
  package/libsemanage: now available on !glibc configs
  package/policycoreutils: now available on !glibc configs
  package/refpolicy: now available on !glibc configs
  package/libselinux: re-enable on ARC
  package/setools: re-enable on ARC
  package/checkpolicy: re-enable on ARC
  package/selinux-python: re-enable audit2allow on ARC
  package/busybox: re-enable SELinux support on ARC
  package/restorecond: re-enable on ARC
  package/libsemanage: drop !BR2_arc dependency
  package/policycoreutils: drop !BR2_arc dependency
  package/refpolicy: drop !BR2_arc dependency
  package/android-tools: re-enable fastboot on ARC

 Config.in.legacy                              |   8 ++
 DEVELOPERS                                    |   2 +-
 package/Config.in                             |   2 +-
 package/android-tools/Config.in               |   8 +-
 ...tue-functions-for-strndupa-rawmemchr.patch | 133 ++++++++++++++++++
 package/audit/Config.in                       |   6 +-
 package/audit/audit.mk                        |   2 +
 package/busybox/Config.in                     |   2 -
 package/checkpolicy/Config.in                 |   8 +-
 package/libselinux/Config.in                  |  11 +-
 package/libselinux/libselinux.mk              |   5 +
 package/libsemanage/Config.in                 |  12 +-
 package/libsemanage/libsemanage.mk            |  11 +-
 package/musl-fts/Config.in                    |   7 +
 package/musl-fts/musl-fts.hash                |   3 +
 package/musl-fts/musl-fts.mk                  |  21 +++
 package/policycoreutils/Config.in             |   8 +-
 package/policycoreutils/policycoreutils.mk    |  26 +---
 package/refpolicy/Config.in                   |   8 +-
 package/restorecond/Config.in                 |   5 +-
 package/selinux-python/Config.in              |   5 +-
 package/setools/Config.in                     |   9 +-
 package/ustr/Config.in                        |  13 --
 package/ustr/ustr.hash                        |   9 --
 package/ustr/ustr.mk                          |  39 -----
 25 files changed, 214 insertions(+), 149 deletions(-)
 create mode 100644 package/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
 create mode 100644 package/musl-fts/Config.in
 create mode 100644 package/musl-fts/musl-fts.hash
 create mode 100644 package/musl-fts/musl-fts.mk
 delete mode 100644 package/ustr/Config.in
 delete mode 100644 package/ustr/ustr.hash
 delete mode 100644 package/ustr/ustr.mk

-- 
2.21.0

[Buildroot] [PATCH 01/30] package/policycoreutils: drop host-dbus-glib dependency from host-policycoreutils

[Thomas Petazzoni]

Since SELinux 2.7, restorecond has been moved to a separate package
from policycoreutils. Due to this, host-dbus-glib is no longer needed
to build host-policycoreutils.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/policycoreutils/policycoreutils.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index 3b13e2716c..b117aa6902 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -61,7 +61,7 @@ define POLICYCOREUTILS_INSTALL_TARGET_CMDS
 endef
 
 HOST_POLICYCOREUTILS_DEPENDENCIES = \
-	host-libsemanage host-dbus-glib host-setools
+	host-libsemanage host-setools
 
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support.
-- 
2.21.0

[Buildroot] [PATCH 02/30] package/policycoreutils: drop host-python(3) dependency for host-policycoreutils

[Thomas Petazzoni]

Since SELinux 2.7, the python tools that used to be in policycoreutils
have been moved into a separate package, called "python" in upstream
SELinux, and "selinux-python" in Buildroot. Therefore, we can drop the
host-python(3) dependency from host-policycoreutils.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/policycoreutils/policycoreutils.mk | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index b117aa6902..4f7176777c 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -73,22 +73,10 @@ HOST_POLICYCOREUTILS_MAKE_OPTS = \
 	$(HOST_CONFIGURE_OPTS) \
 	CFLAGS="$(HOST_CFLAGS) -U_FILE_OFFSET_BITS" \
 	CPPFLAGS="$(HOST_CPPFLAGS) -U_FILE_OFFSET_BITS" \
-	PYTHON="$(HOST_DIR)/bin/python" \
-	PYTHON_INSTALL_ARGS="$(HOST_PKG_PYTHON_DISTUTILS_INSTALL_OPTS)" \
 	ARCH="$(HOSTARCH)" \
 	DESTDIR=$(HOST_DIR) \
 	PREFIX=$(HOST_DIR)
 
-ifeq ($(BR2_PACKAGE_PYTHON3),y)
-HOST_POLICYCOREUTILS_DEPENDENCIES += host-python3
-HOST_POLICYCOREUTILS_MAKE_OPTS += \
-	PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
-else
-HOST_POLICYCOREUTILS_DEPENDENCIES += host-python
-HOST_POLICYCOREUTILS_MAKE_OPTS += \
-	PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
-endif
-
 # Note: We are only building the programs required by the refpolicy build
 HOST_POLICYCOREUTILS_MAKE_DIRS = \
 	load_policy newrole run_init \
-- 
2.21.0

[Buildroot] [PATCH 03/30] package/policycoreutils: drop host-setools dependency from host-policycoreutils

[Thomas Petazzoni]

There is no reason for host-policycoreutils to depend on host-setools,
it builds/works fine without it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/policycoreutils/policycoreutils.mk | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index 4f7176777c..ff606a7d17 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -60,8 +60,7 @@ define POLICYCOREUTILS_INSTALL_TARGET_CMDS
 	)
 endef
 
-HOST_POLICYCOREUTILS_DEPENDENCIES = \
-	host-libsemanage host-setools
+HOST_POLICYCOREUTILS_DEPENDENCIES = host-libsemanage
 
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support.
-- 
2.21.0

[Buildroot] [PATCH 04/30] package/policycoreutils: drop ARCH variable

[Thomas Petazzoni]

The ARCH variable is no longer referenced by the policycoreutils build
system since upstream commit 4cc808671a18b5405be5707eefedd78b9c693268
("Move policycoreutils/mcstrans to mcstrans.")

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/policycoreutils/policycoreutils.mk | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index ff606a7d17..9c50b02a9e 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -36,8 +36,7 @@ endif
 POLICYCOREUTILS_MAKE_OPTS += \
 	$(TARGET_CONFIGURE_OPTS) \
 	CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS" \
-	CPPFLAGS="$(TARGET_CPPFLAGS) -U_FILE_OFFSET_BITS" \
-	ARCH="$(BR2_ARCH)"
+	CPPFLAGS="$(TARGET_CPPFLAGS) -U_FILE_OFFSET_BITS"
 
 POLICYCOREUTILS_MAKE_DIRS = \
 	load_policy newrole run_init \
@@ -72,7 +71,6 @@ HOST_POLICYCOREUTILS_MAKE_OPTS = \
 	$(HOST_CONFIGURE_OPTS) \
 	CFLAGS="$(HOST_CFLAGS) -U_FILE_OFFSET_BITS" \
 	CPPFLAGS="$(HOST_CPPFLAGS) -U_FILE_OFFSET_BITS" \
-	ARCH="$(HOSTARCH)" \
 	DESTDIR=$(HOST_DIR) \
 	PREFIX=$(HOST_DIR)
 
-- 
2.21.0

[Buildroot] [PATCH 05/30] package/policycoreutils: don't pass DESTDIR when building host variant

[Thomas Petazzoni]

DESTDIR was needed before upstream commit
6b901a4fb80cc61c46f75144b5bb366b8da38e82 ("policycoreutils: build:
follow standard semantics for DESTDIR and PREFIX"), but now the proper
semantic is used for DESTDIR and PREFIX.

However, in addition to the PREFIX that is already passed, we also
need to pass ETCDIR and SBINDIR, which are not defined in terms of
PREFIX.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/policycoreutils/policycoreutils.mk | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index 9c50b02a9e..9114b152eb 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -64,15 +64,14 @@ HOST_POLICYCOREUTILS_DEPENDENCIES = host-libsemanage
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support.
 # See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
-# We need to pass DESTDIR at build time because it's used by
-# policycoreutils build system to find headers and libraries.
 # We also need to pass PREFIX because it defaults to $(DESTDIR)/usr
 HOST_POLICYCOREUTILS_MAKE_OPTS = \
 	$(HOST_CONFIGURE_OPTS) \
 	CFLAGS="$(HOST_CFLAGS) -U_FILE_OFFSET_BITS" \
 	CPPFLAGS="$(HOST_CPPFLAGS) -U_FILE_OFFSET_BITS" \
-	DESTDIR=$(HOST_DIR) \
-	PREFIX=$(HOST_DIR)
+	PREFIX=$(HOST_DIR) \
+	ETCDIR=$(HOST_DIR)/etc \
+	SBINDIR=$(HOST_DIR)/sbin
 
 # Note: We are only building the programs required by the refpolicy build
 HOST_POLICYCOREUTILS_MAKE_DIRS = \
-- 
2.21.0

[Buildroot] [PATCH 06/30] package/libsemanage: drop dependency on ustr

[Thomas Petazzoni]

Since SELinux 2.7 (upstream commit
920ee9ee18024c7714f1121e91854f38fa1eef73), ustr is no longer used by
libsemanage.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/libsemanage/Config.in      | 1 -
 package/libsemanage/libsemanage.mk | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/package/libsemanage/Config.in b/package/libsemanage/Config.in
index 7ee9c38606..ad3555aee0 100644
--- a/package/libsemanage/Config.in
+++ b/package/libsemanage/Config.in
@@ -10,7 +10,6 @@ config BR2_PACKAGE_LIBSEMANAGE
 	depends on !BR2_arc
 	select BR2_PACKAGE_AUDIT
 	select BR2_PACKAGE_LIBSELINUX
-	select BR2_PACKAGE_USTR
 	select BR2_PACKAGE_BZIP2
 	help
 	  libsemanage is the policy management library. It uses
diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
index a139ad0a68..9a4ddc1a4d 100644
--- a/package/libsemanage/libsemanage.mk
+++ b/package/libsemanage/libsemanage.mk
@@ -8,7 +8,7 @@ LIBSEMANAGE_VERSION = 2.9
 LIBSEMANAGE_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
 LIBSEMANAGE_LICENSE = LGPL-2.1+
 LIBSEMANAGE_LICENSE_FILES = COPYING
-LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux ustr bzip2
+LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux bzip2
 LIBSEMANAGE_INSTALL_STAGING = YES
 
 LIBSEMANAGE_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS)
@@ -26,7 +26,7 @@ define LIBSEMANAGE_INSTALL_TARGET_CMDS
 endef
 
 HOST_LIBSEMANAGE_DEPENDENCIES = host-bison host-audit host-libsepol host-libselinux \
-				host-ustr host-bzip2 host-swig
+				host-bzip2 host-swig
 
 HOST_LIBSEMANAGE_MAKE_OPTS += \
 	$(HOST_CONFIGURE_OPTS) \
-- 
2.21.0

[Buildroot] [PATCH 07/30] package/ustr: remove package

[Thomas Petazzoni]

This package was only used by libsemanage, but it is no longer used
since SELinux 2.7, so drop it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 Config.in.legacy       |  8 ++++++++
 DEVELOPERS             |  1 -
 package/Config.in      |  1 -
 package/ustr/Config.in | 13 -------------
 package/ustr/ustr.hash |  9 ---------
 package/ustr/ustr.mk   | 39 ---------------------------------------
 6 files changed, 8 insertions(+), 63 deletions(-)
 delete mode 100644 package/ustr/Config.in
 delete mode 100644 package/ustr/ustr.hash
 delete mode 100644 package/ustr/ustr.mk

diff --git a/Config.in.legacy b/Config.in.legacy
index 67d696a259..b8b550e5ee 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -146,6 +146,14 @@ endif
 
 comment "Legacy options removed in 2019.11"
 
+config BR2_PACKAGE_USTR
+	bool "ustr package removed"
+	select BR2_LEGACY
+	help
+	  The 'ustr' package was only used by SELinux libsemanage, but
+	  since SELinux 2.7, ustr is no longer used. Therefore, we
+	  removed this package from Buildroot.
+
 config BR2_PACKAGE_KODI_SCREENSAVER_PLANESTATE
 	bool "kodi-screensaver-planestate package was removed"
 	select BR2_LEGACY
diff --git a/DEVELOPERS b/DEVELOPERS
index 92e5058e9d..b427fd92ae 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -577,7 +577,6 @@ F:	package/libselinux/
 F:	package/libsemanage/
 F:	package/libsepol/
 F:	package/policycoreutils/
-F:	package/ustr/
 
 N:	Corentin Guillevic <corentin.guillevic@smile.fr>
 F:	package/libloki/
diff --git a/package/Config.in b/package/Config.in
index f71e155faf..2fc11065f6 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1815,7 +1815,6 @@ menu "Text and terminal handling"
 	source "package/readline/Config.in"
 	source "package/slang/Config.in"
 	source "package/tclap/Config.in"
-	source "package/ustr/Config.in"
 endmenu
 
 endmenu
diff --git a/package/ustr/Config.in b/package/ustr/Config.in
deleted file mode 100644
index 9d6561c343..0000000000
--- a/package/ustr/Config.in
+++ /dev/null
@@ -1,13 +0,0 @@
-config BR2_PACKAGE_USTR
-	bool "ustr"
-	# unconditionally builds a shared library
-	depends on !BR2_STATIC_LIBS
-	depends on !BR2_TOOLCHAIN_USES_MUSL # broken vsnprintf detection
-	help
-	  A small, safe string library.
-
-	  http://www.and.org/ustr/
-
-comment "ustr needs a toolchain w/ dynamic library"
-	depends on BR2_STATIC_LIBS
-	depends on !BR2_TOOLCHAIN_USES_MUSL
diff --git a/package/ustr/ustr.hash b/package/ustr/ustr.hash
deleted file mode 100644
index a917b0f18f..0000000000
--- a/package/ustr/ustr.hash
+++ /dev/null
@@ -1,9 +0,0 @@
-# Locally computed
-sha256 3daf6eae9f78de1e872c0b2b83cce35515b94d4bb8a074e48f331fd99e1fc2c4 ustr-1.0.4.tar.bz2
-sha256 d90681590c012d4bdb2ee98752a6638bbccb4be7a1f1753e9fce86bbb291dc24 LICENSE
-sha256 2a52acaf526a89bb2da713d38328d5fb2e19b1227a14181d4a37c7c188bb05f9 LICENSE_BSD
-sha256 5bbcbb737e60fe9deba08ecbd00920cfcc3403ba2e534c64fdeea49d6bb87509 LICENSE_LGPL
-sha256 d7b9a61065e7c63e4854644779d69098b988a3e3d6ef804d41da5f18b69b2fb9 LICENSE_MIT
-
-# From http://debian.gtisc.gatech.edu/debian/pool/main/u/ustr/ustr_1.0.4-6.dsc
-sha256 75aa6be2c70eba632ac63078e55ecb4b5a45e6624501a8ed6d81b9a2014d149e ustr_1.0.4-6.debian.tar.xz
diff --git a/package/ustr/ustr.mk b/package/ustr/ustr.mk
deleted file mode 100644
index c99ada5276..0000000000
--- a/package/ustr/ustr.mk
+++ /dev/null
@@ -1,39 +0,0 @@
-################################################################################
-#
-# ustr
-#
-################################################################################
-
-# When bumping the version to a new upstream release, be sure to remove
-# the ldconfig hack, below.
-USTR_VERSION = 1.0.4
-USTR_SOURCE = ustr-$(USTR_VERSION).tar.bz2
-USTR_SITE = http://www.and.org/ustr/$(USTR_VERSION)
-USTR_LICENSE = BSD-2-Clause, MIT, LGPL-2.0+
-USTR_LICENSE_FILES = LICENSE LICENSE_BSD LICENSE_LGPL LICENSE_MIT
-USTR_AUTORECONF = YES
-USTR_PATCH = \
-	http://snapshot.debian.org/archive/debian/20180131T223129Z/pool/main/u/ustr/ustr_$(USTR_VERSION)-6.debian.tar.xz
-
-USTR_INSTALL_STAGING = YES
-
-# ustr only builds the static library by default, but the default
-# install rule will install both the static and the shared libraries,
-# which means the shared one is build during the install step. :-(
-#
-# We can however instruct ustr to build both at build time, by adding
-# 'all-shared' to the default 'all' rule.
-USTR_MAKE_OPTS = all all-shared
-
-USTR_CONF_OPTS += LDCONFIG=/bin/true
-HOST_USTR_CONF_OPTS += LDCONFIG=/bin/true
-
-# for some reason, ustr finds it useful to install its source code in
-# /usr/share, which is totally useless on the target
-define USTR_REMOVE_SOURCE_CODE
-	$(RM) -rf $(TARGET_DIR)/usr/share/ustr-$(USTR_VERSION)
-endef
-USTR_POST_INSTALL_TARGET_HOOKS += USTR_REMOVE_SOURCE_CODE
-
-$(eval $(autotools-package))
-$(eval $(host-autotools-package))
-- 
2.21.0

[Buildroot] [PATCH 08/30] package/libsemanage: reformat HOST_LIBSEMANAGE_DEPENDENCIES

[Thomas Petazzoni]

Use a more common formatting for HOST_LIBSEMANAGE_DEPENDENCIES.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/libsemanage/libsemanage.mk | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
index 9a4ddc1a4d..bd1e01febf 100644
--- a/package/libsemanage/libsemanage.mk
+++ b/package/libsemanage/libsemanage.mk
@@ -25,8 +25,13 @@ define LIBSEMANAGE_INSTALL_TARGET_CMDS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(LIBSEMANAGE_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install
 endef
 
-HOST_LIBSEMANAGE_DEPENDENCIES = host-bison host-audit host-libsepol host-libselinux \
-				host-bzip2 host-swig
+HOST_LIBSEMANAGE_DEPENDENCIES = \
+	host-bison \
+	host-audit \
+	host-libsepol \
+	host-libselinux \
+	host-bzip2 \
+	host-swig
 
 HOST_LIBSEMANAGE_MAKE_OPTS += \
 	$(HOST_CONFIGURE_OPTS) \
-- 
2.21.0

[Buildroot] [PATCH 09/30] package/musl-fts: new package

[Thomas Petazzoni]

This package provides a replacement implementation for <fts.h>
functions missing from musl and uClibc-ng.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 DEVELOPERS                     |  1 +
 package/Config.in              |  1 +
 package/musl-fts/Config.in     |  7 +++++++
 package/musl-fts/musl-fts.hash |  3 +++
 package/musl-fts/musl-fts.mk   | 21 +++++++++++++++++++++
 5 files changed, 33 insertions(+)
 create mode 100644 package/musl-fts/Config.in
 create mode 100644 package/musl-fts/musl-fts.hash
 create mode 100644 package/musl-fts/musl-fts.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index b427fd92ae..18ef50c311 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -2291,6 +2291,7 @@ F:	package/monit/
 F:	package/mpdecimal/
 F:	package/msmtp/
 F:	package/musl/
+F:	package/musl-fts/
 F:	package/ne10/
 F:	package/pkg-python.mk
 F:	package/pkg-autotools.mk
diff --git a/package/Config.in b/package/Config.in
index 2fc11065f6..15572e7a1d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1766,6 +1766,7 @@ endif
 	source "package/msgpack/Config.in"
 	source "package/mtdev2tuio/Config.in"
 	source "package/musl-compat-headers/Config.in"
+	source "package/musl-fts/Config.in"
 	source "package/openblas/Config.in"
 	source "package/orc/Config.in"
 	source "package/p11-kit/Config.in"
diff --git a/package/musl-fts/Config.in b/package/musl-fts/Config.in
new file mode 100644
index 0000000000..a7f38c182e
--- /dev/null
+++ b/package/musl-fts/Config.in
@@ -0,0 +1,7 @@
+config BR2_PACKAGE_MUSL_FTS
+	bool "musl-fts"
+	depends on !BR2_TOOLCHAIN_USES_GLIBC
+	help
+	  The musl-fts package implements the fts(3) functions
+	  fts_open, fts_read, fts_children, fts_set and fts_close,
+	  which are missing in musl and uClibc-ng C libraries.
diff --git a/package/musl-fts/musl-fts.hash b/package/musl-fts/musl-fts.hash
new file mode 100644
index 0000000000..207fef31ad
--- /dev/null
+++ b/package/musl-fts/musl-fts.hash
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256	  49ae567a96dbab22823d045ffebe0d6b14b9b799925e9ca9274d47d26ff482a6  musl-fts-v1.2.7.tar.gz
+sha256	  55af87e4017668f54467a3380e7ebbac5e672d8c763bfe95e6fc882a6fdc4046  COPYING
diff --git a/package/musl-fts/musl-fts.mk b/package/musl-fts/musl-fts.mk
new file mode 100644
index 0000000000..190f3864b4
--- /dev/null
+++ b/package/musl-fts/musl-fts.mk
@@ -0,0 +1,21 @@
+################################################################################
+#
+# musl-fts
+#
+################################################################################
+
+MUSL_FTS_VERSION = v1.2.7
+MUSL_FTS_SITE = $(call github,void-linux,musl-fts,$(MUSL_FTS_VERSION))
+MUSL_FTS_AUTORECONF = YES
+MUSL_FTS_LICENSE = BSD-3-Clause
+MUSL_FTS_LICENSE_FILES = COPYING
+# pkg-config needed for autoreconf
+MUSL_FTS_DEPENDENCIES = host-pkgconf
+MUSL_FTS_INSTALL_STAGING = YES
+
+define MUSL_FTS_CREATE_M4_DIR
+	mkdir -p $(@D)/m4
+endef
+MUSL_FTS_POST_PATCH_HOOKS += MUSL_FTS_CREATE_M4_DIR
+
+$(eval $(autotools-package))
-- 
2.21.0

[Buildroot] [PATCH 09/30] package/musl-fts: new package

[Matthew Weber]

Thomas,


On Sun, Sep 22, 2019 at 4:07 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> This package provides a replacement implementation for <fts.h>
> functions missing from musl and uClibc-ng.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  DEVELOPERS                     |  1 +
>  package/Config.in              |  1 +
>  package/musl-fts/Config.in     |  7 +++++++
>  package/musl-fts/musl-fts.hash |  3 +++
>  package/musl-fts/musl-fts.mk   | 21 +++++++++++++++++++++
>  5 files changed, 33 insertions(+)
>  create mode 100644 package/musl-fts/Config.in
>  create mode 100644 package/musl-fts/musl-fts.hash
>  create mode 100644 package/musl-fts/musl-fts.mk
>
> diff --git a/DEVELOPERS b/DEVELOPERS
> index b427fd92ae..18ef50c311 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -2291,6 +2291,7 @@ F:        package/monit/
>  F:     package/mpdecimal/
>  F:     package/msmtp/
>  F:     package/musl/
> +F:     package/musl-fts/
>  F:     package/ne10/
>  F:     package/pkg-python.mk
>  F:     package/pkg-autotools.mk
> diff --git a/package/Config.in b/package/Config.in
> index 2fc11065f6..15572e7a1d 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -1766,6 +1766,7 @@ endif
>         source "package/msgpack/Config.in"
>         source "package/mtdev2tuio/Config.in"
>         source "package/musl-compat-headers/Config.in"
> +       source "package/musl-fts/Config.in"
>         source "package/openblas/Config.in"
>         source "package/orc/Config.in"
>         source "package/p11-kit/Config.in"
> diff --git a/package/musl-fts/Config.in b/package/musl-fts/Config.in
> new file mode 100644
> index 0000000000..a7f38c182e
> --- /dev/null
> +++ b/package/musl-fts/Config.in
> @@ -0,0 +1,7 @@
> +config BR2_PACKAGE_MUSL_FTS
> +       bool "musl-fts"
> +       depends on !BR2_TOOLCHAIN_USES_GLIBC
> +       help
> +         The musl-fts package implements the fts(3) functions
> +         fts_open, fts_read, fts_children, fts_set and fts_close,
> +         which are missing in musl and uClibc-ng C libraries.
> diff --git a/package/musl-fts/musl-fts.hash b/package/musl-fts/musl-fts.hash
> new file mode 100644
> index 0000000000..207fef31ad
> --- /dev/null
> +++ b/package/musl-fts/musl-fts.hash
> @@ -0,0 +1,3 @@
> +# Locally calculated
> +sha256   49ae567a96dbab22823d045ffebe0d6b14b9b799925e9ca9274d47d26ff482a6  musl-fts-v1.2.7.tar.gz
> +sha256   55af87e4017668f54467a3380e7ebbac5e672d8c763bfe95e6fc882a6fdc4046  COPYING
> diff --git a/package/musl-fts/musl-fts.mk b/package/musl-fts/musl-fts.mk
> new file mode 100644
> index 0000000000..190f3864b4
> --- /dev/null
> +++ b/package/musl-fts/musl-fts.mk
> @@ -0,0 +1,21 @@
> +################################################################################
> +#
> +# musl-fts
> +#
> +################################################################################
> +
> +MUSL_FTS_VERSION = v1.2.7

Does it make sense in this case to move the "v" to the SITE like the
other version fix-ups?  I checked release monitoring and it doesn't
look like there is an entry yet for this package (ie. no precedence
has been set yet)

> +MUSL_FTS_SITE = $(call github,void-linux,musl-fts,$(MUSL_FTS_VERSION))

Regards,
Matt

[Buildroot] [PATCH 09/30] package/musl-fts: new package

[Thomas Petazzoni]

On Mon, 23 Sep 2019 08:12:17 -0500
Matthew Weber <matthew.weber@collins.com> wrote:

> > +MUSL_FTS_VERSION = v1.2.7  
> 
> Does it make sense in this case to move the "v" to the SITE like the
> other version fix-ups?  I checked release monitoring and it doesn't
> look like there is an entry yet for this package (ie. no precedence
> has been set yet)

It makes complete sense to move the "v" to the site of course. My bad,
this patch was sitting in a Buildroot branch for quite a while, and I
didn't rework it after the "v" cleanup in all other Buildroot packages.

I'll wait for other comments before sending a v2 (which would be
another 22 patches sent on the mailing list), unless someone applies my
patch and does the fix.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [External] Re: [PATCH 09/30] package/musl-fts: new package

[Matthew Weber]

Thomas,

On Mon, Sep 23, 2019 at 8:33 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> On Mon, 23 Sep 2019 08:12:17 -0500
> Matthew Weber <matthew.weber@collins.com> wrote:
>
> > > +MUSL_FTS_VERSION = v1.2.7
> >
> > Does it make sense in this case to move the "v" to the SITE like the
> > other version fix-ups?  I checked release monitoring and it doesn't
> > look like there is an entry yet for this package (ie. no precedence
> > has been set yet)
>
> It makes complete sense to move the "v" to the site of course. My bad,
> this patch was sitting in a Buildroot branch for quite a while, and I
> didn't rework it after the "v" cleanup in all other Buildroot packages.
>
> I'll wait for other comments before sending a v2 (which would be
> another 22 patches sent on the mailing list), unless someone applies my
> patch and does the fix.
>

I probably won't send a Reviewed by for the other patches individually
but I did go through them and it looks good.  (Had a few side
conversations on the host selinux dependency removal for
policycoreutils and it seems fine)

Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>

[Buildroot] [External] Re: [PATCH 09/30] package/musl-fts: new package

[Thomas Petazzoni]

On Mon, 23 Sep 2019 08:36:59 -0500
Matthew Weber <matthew.weber@collins.com> wrote:

> I probably won't send a Reviewed by for the other patches individually
> but I did go through them and it looks good.  (Had a few side
> conversations on the host selinux dependency removal for
> policycoreutils and it seems fine)

Thanks!

Speaking of host python dependencies, I'm also wondering about making
the host-python dependency of host-libselinux and libsemanage optional.
Indeed, they are only needed if you want the Python bindings of
libselinux/libsemanage on the host, and you can perfectly fine have a
working SELinux stack without those.

Now the question is what should trigger the build of those Python
bindings. A visible Config.in.host option ? A hidden Config.in.host
option, but then selected by what ? I guess it's mainly host-setools
that needs the Python bindings of host-libselinux. I'm not sure what
uses the Python bindings of host-libsemanage though.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 09/30] package/musl-fts: new package

[Arnout Vandecappelle]

On 22/09/2019 11:06, Thomas Petazzoni wrote:
> This package provides a replacement implementation for <fts.h>
> functions missing from musl and uClibc-ng.
> 
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

 Now this is applied, a couple of additional packages/options might be enabled
as well...

- clamav's --disable-fanotify might be removed;
- elfutils has a huge patch to add fts which might be removed;
- libcgroup;
- ltp-testsuite depends on !MUSL; neither the Config.in nor commit baedef979cda
explain why exactly, but it might be due to fts.


 Regards,
 Arnout

[Buildroot] [PATCH 09/30] package/musl-fts: new package

[Thomas Petazzoni]

On Thu, 10 Oct 2019 00:31:53 +0200
Arnout Vandecappelle <arnout@mind.be> wrote:

>  Now this is applied, a couple of additional packages/options might be enabled
> as well...
> 
> - clamav's --disable-fanotify might be removed;
> - elfutils has a huge patch to add fts which might be removed;
> - libcgroup;
> - ltp-testsuite depends on !MUSL; neither the Config.in nor commit baedef979cda
> explain why exactly, but it might be due to fts.

Absolutely, there's a whole bunch of stuff that can be improved thanks
to this. But the series was already 30 patches long, so I thought it
was already enough.

Thanks for reviewing and merging!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 09/30] package/musl-fts: new package

[Petr Vorel]

Hi Arnout,

>  Now this is applied, a couple of additional packages/options might be enabled
> as well...

> - clamav's --disable-fanotify might be removed;
> - elfutils has a huge patch to add fts which might be removed;
> - libcgroup;
> - ltp-testsuite depends on !MUSL; neither the Config.in nor commit baedef979cda
> explain why exactly, but it might be due to fts.
Thanks for adding musl-fts, I was thinking about it.

ATM LTP on musl is not blocked by missing fts.h (I need to update that comment
in ltp-testsuite.mk), just cpuset tests aren't compiled if it's not available.
But it'd be nice to select it for uclibc to have these tests compiled.
Feel free to do it or I'll do it (hopefully soon).

LTP under musl itself has more problems. These are mainly caused by some old and
dirty code which depends on glibc specific features (we're slowly rewriting
these tests which fixes it). Some of these problems are on uclibc as well,
Waldemar Brodkorb solved it with just deleting problematic parts. For previous
release I enabled LTP for musl using the same way (more tests needed to be
deleted). I thought I posted it, but it looks like I didn't. I'll update the
patch and send it again.

Kind regards,
Petr

[Buildroot] [PATCH 10/30] package/libselinux: allow building on !glibc using musl-fts

[Thomas Petazzoni]

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/libselinux/Config.in     | 8 +++-----
 package/libselinux/libselinux.mk | 5 +++++
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/package/libselinux/Config.in b/package/libselinux/Config.in
index 6be816db77..8cebd34fb2 100644
--- a/package/libselinux/Config.in
+++ b/package/libselinux/Config.in
@@ -2,12 +2,11 @@ config BR2_PACKAGE_LIBSELINUX
 	bool "libselinux"
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_STATIC_LIBS
-	# Uses <fts.h>, not available in musl or uClibc
-	depends on BR2_TOOLCHAIN_USES_GLIBC
 	# Toolchain issue: "fixup not contained within frag"
 	depends on !BR2_arc
 	select BR2_PACKAGE_LIBSEPOL
 	select BR2_PACKAGE_PCRE
+	select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC
 	help
 	  libselinux is the runtime SELinux library that provides
 	  interfaces (e.g. library functions for the SELinux kernel
@@ -19,7 +18,6 @@ config BR2_PACKAGE_LIBSELINUX
 
 	  http://selinuxproject.org/page/Main_Page
 
-comment "libselinux needs a glibc toolchain w/ threads, dynamic library"
+comment "libselinux needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_arc
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
-		!BR2_TOOLCHAIN_USES_GLIBC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index 977f9e2e8b..c707c8a25e 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -25,6 +25,11 @@ LIBSELINUX_MAKE_OPTS = \
 
 LIBSELINUX_MAKE_INSTALL_TARGETS = install
 
+ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),)
+LIBSELINUX_DEPENDENCIES += musl-fts
+LIBSELINUX_MAKE_OPTS += FTS_LDLIBS=-lfts
+endif
+
 ifeq ($(BR2_PACKAGE_PYTHON)$(BR2_PACKAGE_PYTHON3),y)
 ifeq ($(BR2_PACKAGE_PYTHON3),y)
 LIBSELINUX_DEPENDENCIES += python3 host-swig
-- 
2.21.0

[Buildroot] [PATCH 11/30] package/busybox: selinux support now available on !glibc configs

[Thomas Petazzoni]

libselinux can now be selected for non-glibc toolchains, so
BR2_PACKAGE_BUSYBOX_SELINUX can loose its BR2_TOOLCHAIN_USES_GLIBC
dependency.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/busybox/Config.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package/busybox/Config.in b/package/busybox/Config.in
index bab00bf835..cddf9f3908 100644
--- a/package/busybox/Config.in
+++ b/package/busybox/Config.in
@@ -40,7 +40,6 @@ config BR2_PACKAGE_BUSYBOX_SELINUX
 	bool "Enable SELinux support"
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_STATIC_LIBS
-	depends on BR2_TOOLCHAIN_USES_GLIBC
 	depends on !BR2_arc
 	select BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES
 	select BR2_PACKAGE_LIBSELINUX
-- 
2.21.0

[Buildroot] [PATCH 12/30] package/checkpolicy: now available on !glibc configs

[Thomas Petazzoni]

liselinux can now be selected on !glibc toolchains, so we can drop the
glibc dependency of the checkpolicy package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/checkpolicy/Config.in | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/package/checkpolicy/Config.in b/package/checkpolicy/Config.in
index 97ad0b7704..f7b03df11d 100644
--- a/package/checkpolicy/Config.in
+++ b/package/checkpolicy/Config.in
@@ -2,7 +2,6 @@ config BR2_PACKAGE_CHECKPOLICY
 	bool "checkpolicy"
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libselinux
 	depends on !BR2_STATIC_LIBS # libselinux
-	depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
 	depends on !BR2_arc # libselinux
 	select BR2_PACKAGE_LIBSELINUX
 	select BR2_PACKAGE_FLEX
@@ -15,7 +14,6 @@ config BR2_PACKAGE_CHECKPOLICY
 
 	  http://selinuxproject.org/page/Main_Page
 
-comment "checkpolicy needs a glibc toolchain w/ threads, dynamic library"
+comment "checkpolicy needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_arc
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
-		!BR2_TOOLCHAIN_USES_GLIBC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
-- 
2.21.0

[Buildroot] [PATCH 13/30] package/audit: re-enable on musl

[Thomas Petazzoni]

Backport an upstream patch (which will be part of the next 3.0
release) that provides replacement functions for functions not
implemented in musl. This allows to re-enable audit on musl.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 ...tue-functions-for-strndupa-rawmemchr.patch | 133 ++++++++++++++++++
 package/audit/Config.in                       |   6 +-
 package/audit/audit.mk                        |   2 +
 3 files changed, 137 insertions(+), 4 deletions(-)
 create mode 100644 package/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch

diff --git a/package/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch b/package/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
new file mode 100644
index 0000000000..ac292c57d1
--- /dev/null
+++ b/package/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
@@ -0,0 +1,133 @@
+From c39a071e7c021f6ff3554aca2758e97b47a9777c Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Tue, 26 Feb 2019 18:33:33 -0500
+Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
+
+(cherry picked from commit d579a08bb1cde71f939c13ac6b2261052ae9f77e)
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ auparse/auparse.c   | 12 +++++++++++-
+ auparse/interpret.c |  9 ++++++++-
+ configure.ac        | 14 +++++++++++++-
+ src/ausearch-lol.c  | 12 +++++++++++-
+ 4 files changed, 43 insertions(+), 4 deletions(-)
+
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index 650db02..2e1c737 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -1,5 +1,5 @@
+ /* auparse.c --
+- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
++ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
+  * All Rights Reserved.
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e)
+ 	return 0;
+ }
+ 
++#ifndef HAVE_STRNDUPA
++static inline char *strndupa(const char *old, size_t n)
++{
++	size_t len = strnlen(old, n);
++	char *tmp = alloca(len + 1);
++	tmp[len] = 0;
++	return memcpy(tmp, old, len);
++}
++#endif
++
+ /* Returns 0 on success and 1 on error */
+ static int extract_timestamp(const char *b, au_event_t *e)
+ {
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 51c4a5e..67b7b77 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -853,6 +853,13 @@ err_out:
+ 		return print_escaped(id->val);
+ }
+ 
++// rawmemchr is faster. Let's use it if we have it.
++#ifdef HAVE_RAWMEMCHR
++#define STRCHR rawmemchr
++#else
++#define STRCHR strchr
++#endif
++
+ static const char *print_proctitle(const char *val)
+ {
+ 	char *out = (char *)print_escaped(val);
+@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
+ 		// Proctitle has arguments separated by NUL bytes
+ 		// We need to write over the NUL bytes with a space
+ 		// so that we can see the arguments
+-		while ((ptr  = rawmemchr(ptr, '\0'))) {
++		while ((ptr  = STRCHR(ptr, '\0'))) {
+ 			if (ptr >= end)
+ 				break;
+ 			*ptr = ' ';
+diff --git a/configure.ac b/configure.ac
+index 6e345f1..6f3007e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1,7 +1,7 @@
+ dnl
+ define([AC_INIT_NOTICE],
+ [### Generated automatically using autoconf version] AC_ACVERSION [
+-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
++### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
+ ###
+ ### Permission is hereby granted, free of charge, to any person obtaining a
+ ### copy of this software and associated documentation files (the "Software"),
+@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
+ AC_CHECK_FUNCS([posix_fallocate])
+ dnl; signalfd is needed for libev
+ AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
++dnl; check if rawmemchr is available
++AC_CHECK_FUNCS([rawmemchr])
++dnl; check if strndupa is available
++AC_LINK_IFELSE(
++  [AC_LANG_SOURCE(
++    [[
++      #define _GNU_SOURCE
++      #include <string.h>
++      int main() { (void) strndupa("test", 10); return 0; }]])],
++ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
++ []
++)
+ 
+ ALLWARNS=""
+ ALLDEBUG="-g"
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index 5d17a72..758c33e 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-lol.c - linked list of linked lists library
+-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved. 
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
+ 	return 0;
+ }
+ 
++#ifndef HAVE_STRNDUPA
++static inline char *strndupa(const char *old, size_t n)
++{
++	size_t len = strnlen(old, n);
++	char *tmp = alloca(len + 1);
++	tmp[len] = 0;
++	return memcpy(tmp, old, len);
++}
++#endif
++
+ /*
+  * This function will look at the line and pick out pieces of it.
+  */
+-- 
+2.21.0
+
diff --git a/package/audit/Config.in b/package/audit/Config.in
index 023ac79d30..6e5761533f 100644
--- a/package/audit/Config.in
+++ b/package/audit/Config.in
@@ -10,7 +10,6 @@ config BR2_PACKAGE_AUDIT
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_STATIC_LIBS
-	depends on !BR2_TOOLCHAIN_USES_MUSL # strndupa()
 	help
 	  The audit package contains the user space utilities for
 	  storing and searching the audit records generated by
@@ -20,7 +19,6 @@ config BR2_PACKAGE_AUDIT
 
 	  http://people.redhat.com/sgrubb/audit/
 
-comment "audit needs a uClibc or glibc toolchain w/ threads, dynamic library"
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
-		|| BR2_TOOLCHAIN_USES_MUSL
+comment "audit needs a toolchain w/ threads, dynamic library"
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
diff --git a/package/audit/audit.mk b/package/audit/audit.mk
index 31053fed99..1e05688f45 100644
--- a/package/audit/audit.mk
+++ b/package/audit/audit.mk
@@ -8,6 +8,8 @@ AUDIT_VERSION = 2.8.5
 AUDIT_SITE = http://people.redhat.com/sgrubb/audit
 AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
 AUDIT_LICENSE_FILES = COPYING COPYING.LIB
+# 0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
+AUDIT_AUTORECONF = YES
 
 AUDIT_INSTALL_STAGING = YES
 
-- 
2.21.0

[Buildroot] [PATCH 14/30] package/selinux-python: now available on !glibc configs

[Thomas Petazzoni]

The BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW was not available on !glibc
due to its dependency on checkpolicy. Now that checkpolicy is
available on !glibc systems, we can drop that dependency.

Note that the Config.in comment was wrong: it did mention the glibc
dependency, but the corresponding "depends on" was not there.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/selinux-python/Config.in | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package/selinux-python/Config.in b/package/selinux-python/Config.in
index b9fab9aaa1..3b6eff88af 100644
--- a/package/selinux-python/Config.in
+++ b/package/selinux-python/Config.in
@@ -19,7 +19,6 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
 	depends on BR2_USE_MMU # sepolgen
 	depends on BR2_TOOLCHAIN_HAS_THREADS # sepolgen, checkpolicy
 	depends on !BR2_STATIC_LIBS # sepolgen
-	depends on BR2_TOOLCHAIN_USES_GLIBC # checkpolicy
 	depends on !BR2_arc # checkpolicy
 	select BR2_PACKAGE_CHECKPOLICY
 	select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
@@ -33,7 +32,7 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
 	  audit2why - translates SELinux audit messages into a
 	  description of why the access was denied (audit2allow -w)
 
-comment "audit2allow needs a glibc toolchain w/ wchar, threads, dynamic library"
+comment "audit2allow needs a toolchain w/ wchar, threads, dynamic library"
 	depends on BR2_USE_MMU
 	depends on !BR2_arc
 	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
-- 
2.21.0

[Buildroot] [PATCH 15/30] package/setools: now available on !glibc configs

[Thomas Petazzoni]

Now that libselinux can be built on !glibc configs, we can re-enable
setools as well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/setools/Config.in | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/package/setools/Config.in b/package/setools/Config.in
index 0a7899b5eb..f22e1cec08 100644
--- a/package/setools/Config.in
+++ b/package/setools/Config.in
@@ -4,7 +4,6 @@ config BR2_PACKAGE_SETOOLS
 	depends on !BR2_STATIC_LIBS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_USE_WCHAR
-	depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
 	depends on BR2_USE_MMU
 	select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
 	select BR2_PACKAGE_PYTHON_ENUM34 if !BR2_PACKAGE_PYTHON3
@@ -22,8 +21,7 @@ config BR2_PACKAGE_SETOOLS
 
 	  https://github.com/TresysTechnology/setools
 
-comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
+comment "setools needs a toolchain w/ threads, C++, wchar, dynamic library"
 	depends on BR2_USE_MMU && !BR2_arc
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
-		!BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
-		!BR2_INSTALL_LIBSTDCPP
+		!BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP
-- 
2.21.0

[Buildroot] [PATCH 16/30] package/android-tools: fastboot now available on !glibc toolchains

[Thomas Petazzoni]

libselinux can now be built on !glibc toolchains, so we can re-enable
building fastboot on !glibc toolchains as well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/android-tools/Config.in | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/package/android-tools/Config.in b/package/android-tools/Config.in
index 478f1392dc..881fa3b2a6 100644
--- a/package/android-tools/Config.in
+++ b/package/android-tools/Config.in
@@ -38,7 +38,6 @@ config BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT
 	bool "fastboot"
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libselinux
 	depends on !BR2_STATIC_LIBS # libselinux
-	depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
 	depends on !BR2_arc # libselinux
 	depends on BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT_GOOD_KERNEL_HEADERS
 	select BR2_PACKAGE_LIBSELINUX
@@ -48,10 +47,9 @@ config BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT
 	  the target, which can be used to reflash other target devices
 	  implementing the fastboot protocol.
 
-comment "fastboot needs a glibc toolchain w/ threads, dynamic library"
+comment "fastboot needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_arc
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
-		!BR2_TOOLCHAIN_USES_GLIBC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
 
 comment "fastboot needs headers >= 3.10 (PowerPC64), headers >= 3.16 (MIPS64)"
 	depends on !BR2_arc
-- 
2.21.0

[Buildroot] [PATCH 17/30] package/restorecond: now available on !glibc configs

[Thomas Petazzoni]

libselinux can now be built on !glibc configurations, so we can
re-enable restorecond on !glibc configurations as well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/restorecond/Config.in | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package/restorecond/Config.in b/package/restorecond/Config.in
index 54a5545a12..10ca74e351 100644
--- a/package/restorecond/Config.in
+++ b/package/restorecond/Config.in
@@ -5,7 +5,6 @@ config BR2_PACKAGE_RESTORECOND
 	depends on BR2_USE_WCHAR # libglib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
 	depends on !BR2_STATIC_LIBS # libselinux
-	depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
 	select BR2_PACKAGE_DBUS
 	select BR2_PACKAGE_DBUS_GLIB
 	select BR2_PACKAGE_LIBGLIB2
@@ -21,4 +20,4 @@ comment "restorecond needs a toolchain w/ wchar, threads, dynamic library"
 	depends on BR2_USE_MMU
 	depends on !BR2_arc
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR || \
-		BR2_STATIC_LIBS || !BR2_TOOLCHAIN_USES_GLIBC
+		BR2_STATIC_LIBS
-- 
2.21.0

[Buildroot] [PATCH 18/30] package/libsemanage: now available on !glibc configs

[Thomas Petazzoni]

libsemanage was only available in glibc configurations, for three
reasons, which are all no longer true:

 - The usage of fts.h by libselinux is now provided by the musl-fts
   package when uClibc-ng or musl are used, which makes libselinux
   available to all C libraries.

 - libsemanage use of getpwent_r() has been removed by upstream commit
   2c651e0a2822368c74587efe6ec920e64e72f37b ("genhomedircon: avoid use
   of non-standard `getpwent_r`"), which is in SELinux since version
   2.7

 - audit is now available on musl, thanks to Buildroot commit
   "package/audit: re-enable on musl", which backports an upstream
   patch to make audit build with musl

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/libsemanage/Config.in | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/package/libsemanage/Config.in b/package/libsemanage/Config.in
index ad3555aee0..e51b711cae 100644
--- a/package/libsemanage/Config.in
+++ b/package/libsemanage/Config.in
@@ -3,10 +3,6 @@ config BR2_PACKAGE_LIBSEMANAGE
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_STATIC_LIBS
-	# - libselinux needs fts.h (not available in uClibc/musl)
-	# - libsemanage itself needs getpwent_r() not available in musl
-	# - audit is not available on musl
-	depends on BR2_TOOLCHAIN_USES_GLIBC
 	depends on !BR2_arc
 	select BR2_PACKAGE_AUDIT
 	select BR2_PACKAGE_LIBSELINUX
@@ -22,8 +18,7 @@ config BR2_PACKAGE_LIBSEMANAGE
 
 	  http://selinuxproject.org/page/Main_Page
 
-comment "libsemanage needs a glibc toolchain w/ threads, dynamic library"
+comment "libsemanage needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_arc
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
-		!BR2_TOOLCHAIN_USES_GLIBC
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
-- 
2.21.0

[Buildroot] [PATCH 19/30] package/policycoreutils: now available on !glibc configs

[Thomas Petazzoni]

Now that libsemanage is available on non-glibc configurations, we can
also allow the selection of policycoreutils for such configurations.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/policycoreutils/Config.in | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in
index 0d69fb51a5..73e86d0bfb 100644
--- a/package/policycoreutils/Config.in
+++ b/package/policycoreutils/Config.in
@@ -1,8 +1,7 @@
-comment "policycoreutils needs a glibc toolchain w/ threads, dynamic library"
+comment "policycoreutils needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_arc
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
-	depends on !BR2_TOOLCHAIN_USES_GLIBC || \
-		!BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
 
 config BR2_PACKAGE_POLICYCOREUTILS
 	bool "policycoreutils"
@@ -10,7 +9,6 @@ config BR2_PACKAGE_POLICYCOREUTILS
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
 	depends on !BR2_STATIC_LIBS #libsemanage
 	depends on !BR2_arc # libsemanage
-	depends on BR2_TOOLCHAIN_USES_GLIBC # libsemanage
 	select BR2_PACKAGE_LIBSEMANAGE
 	select BR2_PACKAGE_LIBCAP_NG
 	help
-- 
2.21.0

[Buildroot] [PATCH 20/30] package/refpolicy: now available on !glibc configs

[Thomas Petazzoni]

Now that policycoreutils is available on !glibc configurations, we can
also make refpolicy available for such configurations.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/refpolicy/Config.in | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 954dc3a093..2e4fbf323c 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -1,7 +1,6 @@
 config BR2_PACKAGE_REFPOLICY
 	bool "refpolicy"
 	depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
-	depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # policycoreutils
 	depends on !BR2_STATIC_LIBS # policycoreutils
 	depends on !BR2_arc # policycoreutils
@@ -28,11 +27,10 @@ config BR2_PACKAGE_REFPOLICY
 
 	  https://github.com/TresysTechnology/refpolicy
 
-comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
+comment "refpolicy needs a toolchain w/ threads, dynamic library"
 	depends on !BR2_arc
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
-	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
-		!BR2_TOOLCHAIN_USES_GLIBC
+	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS
 
 if BR2_PACKAGE_REFPOLICY
 
-- 
2.21.0

[Buildroot] [PATCH 21/30] package/libselinux: re-enable on ARC

[Thomas Petazzoni]

The build on ARC was disabled in commit
881845f5fcc7e30654a95ea8a21e574df60980d1 ("libselinux: mark as not
available on ARC") and since then the ARC toolchain support has made a
lot of progress. libselinux now builds fine on ARC, so we can
re-enable it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/libselinux/Config.in | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/package/libselinux/Config.in b/package/libselinux/Config.in
index 8cebd34fb2..62070c8d59 100644
--- a/package/libselinux/Config.in
+++ b/package/libselinux/Config.in
@@ -2,8 +2,6 @@ config BR2_PACKAGE_LIBSELINUX
 	bool "libselinux"
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_STATIC_LIBS
-	# Toolchain issue: "fixup not contained within frag"
-	depends on !BR2_arc
 	select BR2_PACKAGE_LIBSEPOL
 	select BR2_PACKAGE_PCRE
 	select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC
@@ -19,5 +17,4 @@ config BR2_PACKAGE_LIBSELINUX
 	  http://selinuxproject.org/page/Main_Page
 
 comment "libselinux needs a toolchain w/ threads, dynamic library"
-	depends on !BR2_arc
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
-- 
2.21.0

[Buildroot] [PATCH 22/30] package/setools: re-enable on ARC

[Thomas Petazzoni]

libselinux is now available on ARC, so we can re-enable setools as
well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/setools/Config.in | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package/setools/Config.in b/package/setools/Config.in
index f22e1cec08..56a85b01c8 100644
--- a/package/setools/Config.in
+++ b/package/setools/Config.in
@@ -1,6 +1,5 @@
 config BR2_PACKAGE_SETOOLS
 	bool "setools"
-	depends on !BR2_arc # arc: libselinux not available
 	depends on !BR2_STATIC_LIBS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_USE_WCHAR
@@ -22,6 +21,6 @@ config BR2_PACKAGE_SETOOLS
 	  https://github.com/TresysTechnology/setools
 
 comment "setools needs a toolchain w/ threads, C++, wchar, dynamic library"
-	depends on BR2_USE_MMU && !BR2_arc
+	depends on BR2_USE_MMU
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
 		!BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP
-- 
2.21.0

[Buildroot] [PATCH 23/30] package/checkpolicy: re-enable on ARC

[Thomas Petazzoni]

libselinux is now available on ARC, so we can re-enable checkpolicy as
well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/checkpolicy/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/checkpolicy/Config.in b/package/checkpolicy/Config.in
index f7b03df11d..ad769d22b7 100644
--- a/package/checkpolicy/Config.in
+++ b/package/checkpolicy/Config.in
@@ -2,7 +2,6 @@ config BR2_PACKAGE_CHECKPOLICY
 	bool "checkpolicy"
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libselinux
 	depends on !BR2_STATIC_LIBS # libselinux
-	depends on !BR2_arc # libselinux
 	select BR2_PACKAGE_LIBSELINUX
 	select BR2_PACKAGE_FLEX
 	help
@@ -15,5 +14,4 @@ config BR2_PACKAGE_CHECKPOLICY
 	  http://selinuxproject.org/page/Main_Page
 
 comment "checkpolicy needs a toolchain w/ threads, dynamic library"
-	depends on !BR2_arc
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
-- 
2.21.0

[Buildroot] [PATCH 24/30] package/selinux-python: re-enable audit2allow on ARC

[Thomas Petazzoni]

checkpolicy is now available on ARC, so we can re-enable building
audit2allow on ARC as well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/selinux-python/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/selinux-python/Config.in b/package/selinux-python/Config.in
index 3b6eff88af..2013bd6445 100644
--- a/package/selinux-python/Config.in
+++ b/package/selinux-python/Config.in
@@ -19,7 +19,6 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
 	depends on BR2_USE_MMU # sepolgen
 	depends on BR2_TOOLCHAIN_HAS_THREADS # sepolgen, checkpolicy
 	depends on !BR2_STATIC_LIBS # sepolgen
-	depends on !BR2_arc # checkpolicy
 	select BR2_PACKAGE_CHECKPOLICY
 	select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
 	select BR2_PACKAGE_SEMODULE_UTILS
@@ -34,7 +33,6 @@ config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
 
 comment "audit2allow needs a toolchain w/ wchar, threads, dynamic library"
 	depends on BR2_USE_MMU
-	depends on !BR2_arc
 	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
 		BR2_STATIC_LIBS
 
-- 
2.21.0

[Buildroot] [PATCH 25/30] package/busybox: re-enable SELinux support on ARC

[Thomas Petazzoni]

libselinux is now available on ARC, so we can re-enable the SELinux
support in Busybox on ARC as well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/busybox/Config.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package/busybox/Config.in b/package/busybox/Config.in
index cddf9f3908..be8b0e4799 100644
--- a/package/busybox/Config.in
+++ b/package/busybox/Config.in
@@ -40,7 +40,6 @@ config BR2_PACKAGE_BUSYBOX_SELINUX
 	bool "Enable SELinux support"
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_STATIC_LIBS
-	depends on !BR2_arc
 	select BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES
 	select BR2_PACKAGE_LIBSELINUX
 	help
-- 
2.21.0

[Buildroot] [PATCH 26/30] package/restorecond: re-enable on ARC

[Thomas Petazzoni]

libselinux is now available on ARC, so we can allow the selection of
restorecond on ARC as well.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/restorecond/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/restorecond/Config.in b/package/restorecond/Config.in
index 10ca74e351..31f85f2882 100644
--- a/package/restorecond/Config.in
+++ b/package/restorecond/Config.in
@@ -1,6 +1,5 @@
 config BR2_PACKAGE_RESTORECOND
 	bool "restorecond"
-	depends on !BR2_arc
 	depends on BR2_USE_MMU # libglib2
 	depends on BR2_USE_WCHAR # libglib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
@@ -18,6 +17,5 @@ config BR2_PACKAGE_RESTORECOND
 
 comment "restorecond needs a toolchain w/ wchar, threads, dynamic library"
 	depends on BR2_USE_MMU
-	depends on !BR2_arc
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR || \
 		BR2_STATIC_LIBS
-- 
2.21.0

[Buildroot] [PATCH 27/30] package/libsemanage: drop !BR2_arc dependency

[Thomas Petazzoni]

Now that libselinux is available on ARC, we can drop the !BR2_arc
dependency from libsemanage.

Note that in practice, libsemanage is still not available on ARC,
because BR2_PACKAGE_AUDIT_ARCH_SUPPORTS does not include the ARC
architecture. But still, it makes sense to drop that !BR2_arc which
was inherited from libselinux.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/libsemanage/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/libsemanage/Config.in b/package/libsemanage/Config.in
index e51b711cae..3c7050ee51 100644
--- a/package/libsemanage/Config.in
+++ b/package/libsemanage/Config.in
@@ -3,7 +3,6 @@ config BR2_PACKAGE_LIBSEMANAGE
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on !BR2_STATIC_LIBS
-	depends on !BR2_arc
 	select BR2_PACKAGE_AUDIT
 	select BR2_PACKAGE_LIBSELINUX
 	select BR2_PACKAGE_BZIP2
@@ -19,6 +18,5 @@ config BR2_PACKAGE_LIBSEMANAGE
 	  http://selinuxproject.org/page/Main_Page
 
 comment "libsemanage needs a toolchain w/ threads, dynamic library"
-	depends on !BR2_arc
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
-- 
2.21.0

[Buildroot] [PATCH 28/30] package/policycoreutils: drop !BR2_arc dependency

[Thomas Petazzoni]

libsemanage no longer has the !BR2_arc dependency, so we can drop it
as well from policycoreutils. In practice, we still can't select
policycoreutils on ARC due to BR2_PACKAGE_AUDIT_ARCH_SUPPORTS.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/policycoreutils/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in
index 73e86d0bfb..81900b4e41 100644
--- a/package/policycoreutils/Config.in
+++ b/package/policycoreutils/Config.in
@@ -1,5 +1,4 @@
 comment "policycoreutils needs a toolchain w/ threads, dynamic library"
-	depends on !BR2_arc
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
 
@@ -8,7 +7,6 @@ config BR2_PACKAGE_POLICYCOREUTILS
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # libsemanage
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
 	depends on !BR2_STATIC_LIBS #libsemanage
-	depends on !BR2_arc # libsemanage
 	select BR2_PACKAGE_LIBSEMANAGE
 	select BR2_PACKAGE_LIBCAP_NG
 	help
-- 
2.21.0

[Buildroot] [PATCH 29/30] package/refpolicy: drop !BR2_arc dependency

[Thomas Petazzoni]

policycoreutils no longer has the !BR2_arc dependency, so we can drop
it as well from refpolicy.

Note that in practice, we still can't enable refpolicy on ARC due to
BR2_PACKAGE_AUDIT_ARCH_SUPPORTS.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/refpolicy/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 2e4fbf323c..e775865317 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -3,7 +3,6 @@ config BR2_PACKAGE_REFPOLICY
 	depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # policycoreutils
 	depends on !BR2_STATIC_LIBS # policycoreutils
-	depends on !BR2_arc # policycoreutils
 	select BR2_PACKAGE_POLICYCOREUTILS
 	select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
 	help
@@ -28,7 +27,6 @@ config BR2_PACKAGE_REFPOLICY
 	  https://github.com/TresysTechnology/refpolicy
 
 comment "refpolicy needs a toolchain w/ threads, dynamic library"
-	depends on !BR2_arc
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS
 
-- 
2.21.0

[Buildroot] [PATCH 30/30] package/android-tools: re-enable fastboot on ARC

[Thomas Petazzoni]

libselinux is now available on ARC, so we can re-enable the fastboot
option on this architecture.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/android-tools/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/android-tools/Config.in b/package/android-tools/Config.in
index 881fa3b2a6..a36c4db189 100644
--- a/package/android-tools/Config.in
+++ b/package/android-tools/Config.in
@@ -38,7 +38,6 @@ config BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT
 	bool "fastboot"
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libselinux
 	depends on !BR2_STATIC_LIBS # libselinux
-	depends on !BR2_arc # libselinux
 	depends on BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT_GOOD_KERNEL_HEADERS
 	select BR2_PACKAGE_LIBSELINUX
 	select BR2_PACKAGE_ZLIB
@@ -48,7 +47,6 @@ config BR2_PACKAGE_ANDROID_TOOLS_FASTBOOT
 	  implementing the fastboot protocol.
 
 comment "fastboot needs a toolchain w/ threads, dynamic library"
-	depends on !BR2_arc
 	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
 
 comment "fastboot needs headers >= 3.10 (PowerPC64), headers >= 3.16 (MIPS64)"
-- 
2.21.0

[Buildroot] [PATCH 00/30] SELinux improvements

[Arnout Vandecappelle]

On 22/09/2019 11:06, Thomas Petazzoni wrote:
[snip]
> Thomas Petazzoni (30):
>   package/policycoreutils: drop host-dbus-glib dependency from
>     host-policycoreutils
>   package/policycoreutils: drop host-python(3) dependency for
>     host-policycoreutils
>   package/policycoreutils: drop host-setools dependency from
>     host-policycoreutils
>   package/policycoreutils: drop ARCH variable
>   package/policycoreutils: don't pass DESTDIR when building host variant
>   package/libsemanage: drop dependency on ustr
>   package/ustr: remove package
>   package/libsemanage: reformat HOST_LIBSEMANAGE_DEPENDENCIES

 Patches 1-8 applied to master, thanks.

 Regards,
 Arnout

>   package/musl-fts: new package
>   package/libselinux: allow building on !glibc using musl-fts
>   package/busybox: selinux support now available on !glibc configs
>   package/checkpolicy: now available on !glibc configs
>   package/audit: re-enable on musl
>   package/selinux-python: now available on !glibc configs
>   package/setools: now available on !glibc configs
>   package/android-tools: fastboot now available on !glibc toolchains
>   package/restorecond: now available on !glibc configs
>   package/libsemanage: now available on !glibc configs
>   package/policycoreutils: now available on !glibc configs
>   package/refpolicy: now available on !glibc configs
>   package/libselinux: re-enable on ARC
>   package/setools: re-enable on ARC
>   package/checkpolicy: re-enable on ARC
>   package/selinux-python: re-enable audit2allow on ARC
>   package/busybox: re-enable SELinux support on ARC
>   package/restorecond: re-enable on ARC
>   package/libsemanage: drop !BR2_arc dependency
>   package/policycoreutils: drop !BR2_arc dependency
>   package/refpolicy: drop !BR2_arc dependency
>   package/android-tools: re-enable fastboot on ARC
> 
>  Config.in.legacy                              |   8 ++
>  DEVELOPERS                                    |   2 +-
>  package/Config.in                             |   2 +-
>  package/android-tools/Config.in               |   8 +-
>  ...tue-functions-for-strndupa-rawmemchr.patch | 133 ++++++++++++++++++
>  package/audit/Config.in                       |   6 +-
>  package/audit/audit.mk                        |   2 +
>  package/busybox/Config.in                     |   2 -
>  package/checkpolicy/Config.in                 |   8 +-
>  package/libselinux/Config.in                  |  11 +-
>  package/libselinux/libselinux.mk              |   5 +
>  package/libsemanage/Config.in                 |  12 +-
>  package/libsemanage/libsemanage.mk            |  11 +-
>  package/musl-fts/Config.in                    |   7 +
>  package/musl-fts/musl-fts.hash                |   3 +
>  package/musl-fts/musl-fts.mk                  |  21 +++
>  package/policycoreutils/Config.in             |   8 +-
>  package/policycoreutils/policycoreutils.mk    |  26 +---
>  package/refpolicy/Config.in                   |   8 +-
>  package/restorecond/Config.in                 |   5 +-
>  package/selinux-python/Config.in              |   5 +-
>  package/setools/Config.in                     |   9 +-
>  package/ustr/Config.in                        |  13 --
>  package/ustr/ustr.hash                        |   9 --
>  package/ustr/ustr.mk                          |  39 -----
>  25 files changed, 214 insertions(+), 149 deletions(-)
>  create mode 100644 package/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
>  create mode 100644 package/musl-fts/Config.in
>  create mode 100644 package/musl-fts/musl-fts.hash
>  create mode 100644 package/musl-fts/musl-fts.mk
>  delete mode 100644 package/ustr/Config.in
>  delete mode 100644 package/ustr/ustr.hash
>  delete mode 100644 package/ustr/ustr.mk
> 

[Buildroot] [PATCH 00/30] SELinux improvements

[Arnout Vandecappelle]

On 22/09/2019 20:09, Arnout Vandecappelle wrote:
> 
> 
> On 22/09/2019 11:06, Thomas Petazzoni wrote:
> [snip]
>> Thomas Petazzoni (30):
>>   package/policycoreutils: drop host-dbus-glib dependency from
>>     host-policycoreutils
>>   package/policycoreutils: drop host-python(3) dependency for
>>     host-policycoreutils
>>   package/policycoreutils: drop host-setools dependency from
>>     host-policycoreutils
>>   package/policycoreutils: drop ARCH variable
>>   package/policycoreutils: don't pass DESTDIR when building host variant
>>   package/libsemanage: drop dependency on ustr
>>   package/ustr: remove package
>>   package/libsemanage: reformat HOST_LIBSEMANAGE_DEPENDENCIES
> 
>  Patches 1-8 applied to master, thanks.
> 
>  Regards,
>  Arnout
> 
>>   package/musl-fts: new package
>>   package/libselinux: allow building on !glibc using musl-fts
>>   package/busybox: selinux support now available on !glibc configs
>>   package/checkpolicy: now available on !glibc configs
>>   package/audit: re-enable on musl
>>   package/selinux-python: now available on !glibc configs
>>   package/setools: now available on !glibc configs
>>   package/android-tools: fastboot now available on !glibc toolchains
>>   package/restorecond: now available on !glibc configs
>>   package/libsemanage: now available on !glibc configs
>>   package/policycoreutils: now available on !glibc configs
>>   package/refpolicy: now available on !glibc configs
>>   package/libselinux: re-enable on ARC
>>   package/setools: re-enable on ARC
>>   package/checkpolicy: re-enable on ARC
>>   package/selinux-python: re-enable audit2allow on ARC
>>   package/busybox: re-enable SELinux support on ARC
>>   package/restorecond: re-enable on ARC
>>   package/libsemanage: drop !BR2_arc dependency
>>   package/policycoreutils: drop !BR2_arc dependency
>>   package/refpolicy: drop !BR2_arc dependency
>>   package/android-tools: re-enable fastboot on ARC

 And now the rest of the series has been applied.

 Regards,
 Arnout

>>
>>  Config.in.legacy                              |   8 ++
>>  DEVELOPERS                                    |   2 +-
>>  package/Config.in                             |   2 +-
>>  package/android-tools/Config.in               |   8 +-
>>  ...tue-functions-for-strndupa-rawmemchr.patch | 133 ++++++++++++++++++
>>  package/audit/Config.in                       |   6 +-
>>  package/audit/audit.mk                        |   2 +
>>  package/busybox/Config.in                     |   2 -
>>  package/checkpolicy/Config.in                 |   8 +-
>>  package/libselinux/Config.in                  |  11 +-
>>  package/libselinux/libselinux.mk              |   5 +
>>  package/libsemanage/Config.in                 |  12 +-
>>  package/libsemanage/libsemanage.mk            |  11 +-
>>  package/musl-fts/Config.in                    |   7 +
>>  package/musl-fts/musl-fts.hash                |   3 +
>>  package/musl-fts/musl-fts.mk                  |  21 +++
>>  package/policycoreutils/Config.in             |   8 +-
>>  package/policycoreutils/policycoreutils.mk    |  26 +---
>>  package/refpolicy/Config.in                   |   8 +-
>>  package/restorecond/Config.in                 |   5 +-
>>  package/selinux-python/Config.in              |   5 +-
>>  package/setools/Config.in                     |   9 +-
>>  package/ustr/Config.in                        |  13 --
>>  package/ustr/ustr.hash                        |   9 --
>>  package/ustr/ustr.mk                          |  39 -----
>>  25 files changed, 214 insertions(+), 149 deletions(-)
>>  create mode 100644 package/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
>>  create mode 100644 package/musl-fts/Config.in
>>  create mode 100644 package/musl-fts/musl-fts.hash
>>  create mode 100644 package/musl-fts/musl-fts.mk
>>  delete mode 100644 package/ustr/Config.in
>>  delete mode 100644 package/ustr/ustr.hash
>>  delete mode 100644 package/ustr/ustr.mk
>>