* [Buildroot] [PATCH] x11r7: xf86-input-tslib: upgrade to 1.0.0
From: Thomas Petazzoni @ 2017-05-14 12:37 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514075026.13434-1-martink@posteo.de>
Hello,
On Sun, 14 May 2017 09:50:26 +0200, Martin Kepplinger wrote:
> As the update from 0.0.X to 1.0.0 suggests, this is a major update. The driver
> uses X11's touch API now, instead of motion with button emulation. Furthermore
> it supports multitouch when a recent version of tslib is installed.
>
> It is not backwards compatible for very old versions of the X server. See
> https://github.com/merge/xf86-input-tslib/releases for some details.
What do you call "very old versions of the X server" ?
Buildroot still supports the X server in version 1.14.7. Does this
qualify as a "very old version" ?
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [git commit] package/binutils: finalize the bump ARC tools to arc-2017.03-rc2
From: Thomas Petazzoni @ 2017-05-14 12:39 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=f937bbb71673c66836577a3751e49cd964e6d9d7
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
The commit bumping ARC tools to arc-2017.03-rc2 [1] forgot to
update the ARC tools version in binutils.mk
[1] 043737282010f83e8ec20618a034131bc7e8cae1
Fixes:
http://autobuild.buildroot.net/results/f9c/f9c40610209fc22ac8c0db6bd57bd3b11bbe6d9c
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
package/binutils/binutils.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/binutils/binutils.mk b/package/binutils/binutils.mk
index 72e2d0b..bc0268e 100644
--- a/package/binutils/binutils.mk
+++ b/package/binutils/binutils.mk
@@ -9,7 +9,7 @@
BINUTILS_VERSION = $(call qstrip,$(BR2_BINUTILS_VERSION))
ifeq ($(BINUTILS_VERSION),)
ifeq ($(BR2_arc),y)
-BINUTILS_VERSION = arc-2017.03-rc1
+BINUTILS_VERSION = arc-2017.03-rc2
else
BINUTILS_VERSION = 2.27
endif
^ permalink raw reply related
* [Buildroot] [PATCH] package/binutils: finalize the bump ARC tools to arc-2017.03-rc2
From: Thomas Petazzoni @ 2017-05-14 12:42 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514104956.4160-1-romain.naour@gmail.com>
Hello,
On Sun, 14 May 2017 12:49:56 +0200, Romain Naour wrote:
> The commit bumping ARC tools to arc-2017.03-rc2 [1] forgot to
> update the ARC tools version in binutils.mk
>
> [1] 043737282010f83e8ec20618a034131bc7e8cae1
>
> Fixes:
> http://autobuild.buildroot.net/results/f9c/f9c40610209fc22ac8c0db6bd57bd3b11bbe6d9c
>
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Alexey Brodkin <abrodkin@synopsys.com>
> ---
> package/binutils/binutils.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] Analysis of build results for 2017-05-13
From: Thomas Petazzoni @ 2017-05-14 12:49 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514063046.C79A9220A8@mail.free-electrons.com>
Hello,
> successes : 250
> failures : 17
Really good results!
On Sun, 14 May 2017 08:30:46 +0200 (CEST), Thomas Petazzoni wrote:
> arc | binutils-arc-2017.03-rc1 | NOK | http://autobuild.buildroot.net/results/5962afffac3a2041d089811cf5a73c3b4a671c60 | ORPH
Fixed in:
https://git.buildroot.org/buildroot/commit/?id=f937bbb71673c66836577a3751e49cd964e6d9d7
> i586 | bluez_utils-4.101 | NOK | http://autobuild.buildroot.net/results/06c930d9c5299b79500d018ac3fb2861ce834c7c |
Romain has proposed a patch series to fix this:
https://patchwork.ozlabs.org/patch/762050/
https://patchwork.ozlabs.org/patch/762051/
https://patchwork.ozlabs.org/patch/762052/
> x86_64 | cifs-utils-6.6 | NOK | http://autobuild.buildroot.net/results/91f7c6954c337b03f5ac141050d9b1bee1623376 |
/home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/5.4.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/5.4.0/crtbeginT.o: relocation R_X86_64_32 against hidden symbol `__TMC_END__' can not be used when making a shared object
/home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/5.4.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/usr/x86_64-buildroot-linux-musl/sysroot/lib/../lib64/libc.a(__libc_start_main.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
Not sure what this is...
> m68k | ffmpeg-3.3 | NOK | http://autobuild.buildroot.net/results/b3eaaf6d73cd49f5919143aeaa5cbb4d15a7ccc3 |
libavutil/libavutil.a(buffer.o): In function `pool_release_buffer':
/home/buildroot/autobuild/run/instance-1/output/build/ffmpeg-3.3/libavutil/buffer.c:301: undefined reference to `__sync_fetch_and_add_4'
I'll have a look at the ffmpeg patches around atomic support.
> sh4a | libv4l-1.12.2 | NOK | http://autobuild.buildroot.net/results/5dff0ec19205e02f6ee373d34cb79f39ac25b609 | ORPH
Forgets to link with librt, I have reproduced the problem locally and
will submit a fix.
> i686 | mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/9f5a497c6242860fb67a5aa2996c3509f49a4564 |
> i686 | mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/b43978f11c62239a2b8089a4ff60a19af53634d9 |
Should be fixed by:
https://patchwork.ozlabs.org/patch/762041/
https://patchwork.ozlabs.org/patch/762043/
https://patchwork.ozlabs.org/patch/762042/
> aarch64 | ntp-4.2.8p10 | NOK | http://autobuild.buildroot.net/results/866b1d28595efd8b6becf83d0a64b596538d58b0 | ORPH
A patch was proposed by Romain, but I'm not entirely sure:
https://patchwork.ozlabs.org/patch/762084/.
> sparc | openblas-f04af36ad0e85b64f1... | NOK | http://autobuild.buildroot.net/results/805087e87b8bb7d11adb49d9eca3959a37aca3a2 |
Fixed by
https://git.buildroot.org/buildroot/commit/?id=6714d79a22b4c0ad7651659c8009f93574bbd59d
> i686 | opencv-2.4.13.2 | NOK | http://autobuild.buildroot.net/results/4e7e3641c20b85465678d4a6d5a97ef53e793330 |
/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h: In function 'bool jas_safe_size_mul(size_t, size_t, size_t*)':
/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h:185:15: error: 'SIZE_MAX' was not declared in this scope
/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h: In function 'bool jas_safe_size_add(size_t, size_t, size_t*)':
/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h:212:10: error: 'SIZE_MAX' was not declared in this scope
A fix like commit d246cf5fd01bb0d20a0e64194ffed514ea8dd0aa is probably
needed here.
> arm | opencv3-3.2.0 | NOK | http://autobuild.buildroot.net/results/4bae12b9a4e9744f561a79cb243e01bf3e6ea212 |
/home/buildroot/autobuild/run/instance-3/output/host/usr/arm-buildroot-linux-gnueabi/sysroot/usr/include/openblas_config.h:82:44: warning: "__STDC_VERSION__" is not defined [-Wundef]
#if ((defined(__STDC_IEC_559_COMPLEX__) || __STDC_VERSION__ >= 199901L || \
Samuel, could you have a look, this has been happening for a while.
> arm | php-7.1.4 | NOK | http://autobuild.buildroot.net/results/234985fcaf6012d4ac7fbc2b2a7a4375cb7cd552 | ORPH
/home/peko/autobuild/instance-0/output/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libicui18n.a(umsg.o): In function `icu_58::MessageFormatAdapter::getArgTypeList(icu_58::MessageFormat const&, int&)':
umsg.cpp:(.text._ZN6icu_5820MessageFormatAdapter14getArgTypeListERKNS_13MessageFormatERi+0x0): multiple definition of `icu_58::MessageFormatAdapter::getArgTypeList(icu_58::MessageFormat const&, int&)'
ext/intl/msgformat/msgformat_helpers.o:msgformat_helpers.cpp:(.text+0x8): first defined here
Yet another funky static library issue...
> sparc | protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/cc5946f24438b90151b440b65ae178c452e7c876 | ORPH
> sparc | protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/b8a40663222f8930aad247657674c06156024c65 | ORPH
Needs an appropriate atomic dependency.
> or1k | rabbitmq-c-v0.8.0 | NOK | http://autobuild.buildroot.net/results/fd45d560ef4a682991bcaf984308f19c9d618d1e |
Static linking issue: intl + zlib.
> nios2 | uclibc-ng-test-c9b9876cefc1... | NOK | http://autobuild.buildroot.net/results/11d8a1d71e9fd76e745680dbd442f22121217bb6 |
Already fixed by
https://git.buildroot.org/buildroot/commit/?id=e7a64ddcbc0b262eaa549fede9bd1e8ca3bb310f.
> sparc64 | upmpdcli-1.2.12 | NOK | http://autobuild.buildroot.net/results/c2f6f477dc510484ea126742508ff8e526f43b40 |
Weird:
/usr/bin/install: cannot change permissions of '/home/rclinux/rc-buildroot-test/scripts/instance-2/output/target/etc/upmpdcli.conf-dist': No such file or directory
make[4]: *** [install-dist_sysconfDATA] Error 1
make[4]: *** Waiting for unfinished jobs....
Matt, is this yet another weird thing in your autobuilder configuration?
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [PATCH/next 1/1] package/kodi-pvr-stalker: fix gcc7 compile
From: Bernd Kuhls @ 2017-05-14 13:38 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170513182944.29833-1-bernd.kuhls@t-online.de>
Hi,
Am Sat, 13 May 2017 20:29:44 +0200 schrieb Bernd Kuhls:
> + */
> +
> + #include <thread>
> ++#include <functional>
> +
> + #include "SAPI.h"
> +
please note that all lines of the patch need DOS line endings.
Regards, Bernd
^ permalink raw reply
* [Buildroot] Why is /var/log symlinked to a tmpfs?
From: Thomas Petazzoni @ 2017-05-14 13:56 UTC (permalink / raw)
To: buildroot
In-Reply-To: <1494763200132-164905.post@n4.nabble.com>
Hello,
On Sun, 14 May 2017 05:00:00 -0700 (PDT), PTaylor.us wrote:
> First, I must say that buildroot is a great tool. Thank you.
>
> I am using buildroot branch 2016.11.x.
>
> Why is /var/log a symlink to /tmp (which is mounted with a tmpfs). My
> understanding is that */var/log should be persistent across reboots*. I'm
> very curious why the default skeleton was setup like this. It is causing
> problems, for one, with journald where the "fix" I've seen suggested on this
> mailing list is to set the logging to "volatile".
The reason why /var/log is a symlink to a tmpfs is because we want to
support the root filesystem to be mounted read only.
We know the current skeleton has some issues with journald (see
https://bugs.busybox.net/show_bug.cgi?id=7892), and Yann E. Morin is
working on a patch series to address this, see:
https://git.buildroot.org/~ymorin/git/buildroot/log/?h=yem/systemd-skeleton
https://git.buildroot.org/~ymorin/git/buildroot/log/?h=yem/systemd-skeleton-2
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [git commit] package/bluez_utils: add missing host-pkgconf dependency
From: Thomas Petazzoni @ 2017-05-14 13:57 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=d5fec33bd5e4a928d60bdc8693ca2917b3e91a43
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
The configure script use pkg-config.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
package/bluez_utils/bluez_utils.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/bluez_utils/bluez_utils.mk b/package/bluez_utils/bluez_utils.mk
index b396886..526804a 100644
--- a/package/bluez_utils/bluez_utils.mk
+++ b/package/bluez_utils/bluez_utils.mk
@@ -8,7 +8,7 @@ BLUEZ_UTILS_VERSION = 4.101
BLUEZ_UTILS_SOURCE = bluez-$(BLUEZ_UTILS_VERSION).tar.xz
BLUEZ_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
BLUEZ_UTILS_INSTALL_STAGING = YES
-BLUEZ_UTILS_DEPENDENCIES = dbus libglib2
+BLUEZ_UTILS_DEPENDENCIES = host-pkgconf dbus libglib2
BLUEZ_UTILS_CONF_OPTS = --enable-test --enable-tools
BLUEZ_UTILS_AUTORECONF = YES
BLUEZ_UTILS_LICENSE = GPL-2.0+, LGPL-2.1+
^ permalink raw reply related
* [Buildroot] [PATCH 1/3] package/bluez_utils: add missing host-pkgconf dependency
From: Thomas Petazzoni @ 2017-05-14 13:58 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170513171009.5219-1-romain.naour@gmail.com>
Hello,
On Sat, 13 May 2017 19:10:07 +0200, Romain Naour wrote:
> The configure script use pkg-config.
>
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yegor Yefremov <yegorslists@googlemail.com>
> ---
> package/bluez_utils/bluez_utils.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [git commit] package/bluez_utils: add missing check dependency for test program
From: Thomas Petazzoni @ 2017-05-14 14:04 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=8554be9f82301282161cf6310bacdb6067fefb16
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Tests are enabled since this has been introduced [1], so keep
them for now.
bluez_utils needs check tool and check if it's available [2].
[1] 06c3e2159686a886e52b2522a47e60c300cfb7f7
[2] https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/configure.ac?h=4.101#n51
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
package/bluez_utils/bluez_utils.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/bluez_utils/bluez_utils.mk b/package/bluez_utils/bluez_utils.mk
index 526804a..256f012 100644
--- a/package/bluez_utils/bluez_utils.mk
+++ b/package/bluez_utils/bluez_utils.mk
@@ -8,7 +8,7 @@ BLUEZ_UTILS_VERSION = 4.101
BLUEZ_UTILS_SOURCE = bluez-$(BLUEZ_UTILS_VERSION).tar.xz
BLUEZ_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
BLUEZ_UTILS_INSTALL_STAGING = YES
-BLUEZ_UTILS_DEPENDENCIES = host-pkgconf dbus libglib2
+BLUEZ_UTILS_DEPENDENCIES = host-pkgconf check dbus libglib2
BLUEZ_UTILS_CONF_OPTS = --enable-test --enable-tools
BLUEZ_UTILS_AUTORECONF = YES
BLUEZ_UTILS_LICENSE = GPL-2.0+, LGPL-2.1+
^ permalink raw reply related
* [Buildroot] [git commit] package/bluez_utils: fix test build issues with musl
From: Thomas Petazzoni @ 2017-05-14 14:04 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=d09d3a7fa00585ca570a75fee59b9cb3ac983d98
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Add one missing header and avoid encrypt redefinition.
Fixes:
http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
| 34 +++++++
...test-avoid-conflict-with-encrypt-function.patch | 107 +++++++++++++++++++++
2 files changed, 141 insertions(+)
--git a/package/bluez_utils/0004-test-add-missing-header.patch b/package/bluez_utils/0004-test-add-missing-header.patch
new file mode 100644
index 0000000..c74afb8
--- /dev/null
+++ b/package/bluez_utils/0004-test-add-missing-header.patch
@@ -0,0 +1,34 @@
+From d3c098c2fde55ddf0c7d56eae56925103d35da73 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 13 May 2017 18:56:51 +0200
+Subject: [PATCH] test: add missing header
+
+test/attest.c: In function 'at_command':
+test/attest.c:43:2: error: unknown type name 'fd_set'
+ fd_set rfds;
+ ^
+
+Fixes:
+http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ test/attest.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/test/attest.c b/test/attest.c
+index 12ba682..2626cf1 100644
+--- a/test/attest.c
++++ b/test/attest.c
+@@ -35,6 +35,8 @@
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+
++#include <sys/select.h>
++
+ #include <bluetooth/bluetooth.h>
+ #include <bluetooth/rfcomm.h>
+
+--
+2.9.3
+
diff --git a/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
new file mode 100644
index 0000000..438da97
--- /dev/null
+++ b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
@@ -0,0 +1,107 @@
+From d8056252d0c99bfb2482f0a420dcf9a36019ddf8 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 13 May 2017 18:58:51 +0200
+Subject: [PATCH] test: avoid conflict with encrypt function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With a musl based toolchain:
+
+test/l2test.c:110:12: error: ???encrypt??? redeclared as different kind of symbol
+ static int encrypt = 0;
+ ^
+In file included from test/l2test.c:34:0:
+[...]/sysroot/usr/include/unistd.h:145:6: note: previous declaration of ???encrypt??? was here
+ void encrypt(char *, int);
+ ^
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ test/l2test.c | 8 ++++----
+ test/rctest.c | 8 ++++----
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/test/l2test.c b/test/l2test.c
+index f66486d..9ef6faf 100644
+--- a/test/l2test.c
++++ b/test/l2test.c
+@@ -107,7 +107,7 @@ static char *filename = NULL;
+ static int rfcmode = 0;
+ static int master = 0;
+ static int auth = 0;
+-static int encrypt = 0;
++static int _encrypt = 0;
+ static int secure = 0;
+ static int socktype = SOCK_SEQPACKET;
+ static int linger = 0;
+@@ -340,7 +340,7 @@ static int do_connect(char *svr)
+ opt |= L2CAP_LM_MASTER;
+ if (auth)
+ opt |= L2CAP_LM_AUTH;
+- if (encrypt)
++ if (_encrypt)
+ opt |= L2CAP_LM_ENCRYPT;
+ if (secure)
+ opt |= L2CAP_LM_SECURE;
+@@ -475,7 +475,7 @@ static void do_listen(void (*handler)(int sk))
+ opt |= L2CAP_LM_MASTER;
+ if (auth)
+ opt |= L2CAP_LM_AUTH;
+- if (encrypt)
++ if (_encrypt)
+ opt |= L2CAP_LM_ENCRYPT;
+ if (secure)
+ opt |= L2CAP_LM_SECURE;
+@@ -1407,7 +1407,7 @@ int main(int argc, char *argv[])
+ break;
+
+ case 'E':
+- encrypt = 1;
++ _encrypt = 1;
+ break;
+
+ case 'S':
+diff --git a/test/rctest.c b/test/rctest.c
+index 4d7c90a..7ad5a0b 100644
+--- a/test/rctest.c
++++ b/test/rctest.c
+@@ -79,7 +79,7 @@ static char *filename = NULL;
+
+ static int master = 0;
+ static int auth = 0;
+-static int encrypt = 0;
++static int _encrypt = 0;
+ static int secure = 0;
+ static int socktype = SOCK_STREAM;
+ static int linger = 0;
+@@ -200,7 +200,7 @@ static int do_connect(const char *svr)
+ opt |= RFCOMM_LM_MASTER;
+ if (auth)
+ opt |= RFCOMM_LM_AUTH;
+- if (encrypt)
++ if (_encrypt)
+ opt |= RFCOMM_LM_ENCRYPT;
+ if (secure)
+ opt |= RFCOMM_LM_SECURE;
+@@ -291,7 +291,7 @@ static void do_listen(void (*handler)(int sk))
+ opt |= RFCOMM_LM_MASTER;
+ if (auth)
+ opt |= RFCOMM_LM_AUTH;
+- if (encrypt)
++ if (_encrypt)
+ opt |= RFCOMM_LM_ENCRYPT;
+ if (secure)
+ opt |= RFCOMM_LM_SECURE;
+@@ -701,7 +701,7 @@ int main(int argc, char *argv[])
+ break;
+
+ case 'E':
+- encrypt = 1;
++ _encrypt = 1;
+ break;
+
+ case 'S':
+--
+2.9.3
+
^ permalink raw reply related
* [Buildroot] [PATCH 2/3] bluez_utils: add missing check dependency for test program
From: Thomas Petazzoni @ 2017-05-14 14:04 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170513171009.5219-2-romain.naour@gmail.com>
Hello,
On Sat, 13 May 2017 19:10:08 +0200, Romain Naour wrote:
> Tests are enabled since this has been introduced [1], so keep
> them for now.
>
> bluez_utils needs check tool and check if it's available [2].
>
> [1] 06c3e2159686a886e52b2522a47e60c300cfb7f7
> [2] https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/configure.ac?h=4.101#n51
>
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yegor Yefremov <yegorslists@googlemail.com>
> ---
> package/bluez_utils/bluez_utils.mk | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [PATCH 2/3] bluez_utils: add missing check dependency for test program
From: Thomas Petazzoni @ 2017-05-14 14:05 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170513202845.GB15337@scaer>
Hello,
On Sat, 13 May 2017 22:28:45 +0200, Yann E. MORIN wrote:
> On 2017-05-13 19:10 +0200, Romain Naour spake thusly:
> > Tests are enabled since this has been introduced [1], so keep
> > them for now.
>
> Why don't you want to simply disable tests altogehter, especially since
> there is an option for that:
>
> --disable-test
>
> And if we disable tests, then we do not need patch 3/3.
In bluez_utils, "tests" apparently a good number of tools that are not
really tests, and might be needed on the target. I'll let Yegor answer
on this though, but in the mean time, I believe it's better to fix
things rather than changing the set of available tools on the target,
which is why I've applied Romain's patch.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [PATCH 3/3] package/bluez_utils: fix test build issues with musl
From: Thomas Petazzoni @ 2017-05-14 14:07 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170513171009.5219-3-romain.naour@gmail.com>
Hello,
On Sat, 13 May 2017 19:10:09 +0200, Romain Naour wrote:
> Add one missing header and avoid encrypt redefinition.
>
> Fixes:
> http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/
>
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yegor Yefremov <yegorslists@googlemail.com>
I've applied. See a few comments below though.
> diff --git a/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
> new file mode 100644
> index 0000000..51ab0c1
> --- /dev/null
> +++ b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
> @@ -0,0 +1,107 @@
> +From d8056252d0c99bfb2482f0a420dcf9a36019ddf8 Mon Sep 17 00:00:00 2001
> +From: Romain Naour <romain.naour@gmail.com>
> +Date: Sat, 13 May 2017 18:58:51 +0200
> +Subject: [PATCH 5/5] test: avoid conflict with encrypt function
Please generate patches with 'git format-patch -N' to avoid the
sequence number in the patch itself. Thanks!
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +With a musl based toolchain:
> +
> +test/l2test.c:110:12: error: ?encrypt? redeclared as different kind of symbol
> + static int encrypt = 0;
> + ^
> +In file included from test/l2test.c:34:0:
> +[...]/sysroot/usr/include/unistd.h:145:6: note: previous declaration of ?encrypt? was here
> + void encrypt(char *, int);
This encrypt thing is a bit messy, because the same issue for another
part of bluez_utils is solved in a different way in
0003-fix-compilation-issues-with-musl.patch.
Anyway the existing patches are already a bit messy. Perhaps we should
start thinking about phasing out bluez_utils? Is there a good reason to
still have bluez_utils? Are there some features or hardware devices
that work with bluez_utils and not bluez5_utils? Or does bluez5_utils
requires a recent kernel version?
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [PATCH 1/3] package/mplayer: disable inline sse on i386
From: Thomas Petazzoni @ 2017-05-14 14:08 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170513150918.25427-1-bernd.kuhls@t-online.de>
Hello,
On Sat, 13 May 2017 17:09:16 +0200, Bernd Kuhls wrote:
> Fixes
>
> libavcodec/x86/ac3dsp_init.c: In function 'ac3_downmix_sse':
> libavcodec/x86/ac3dsp_init.c:161:9: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm'
> libavcodec/x86/ac3dsp_init.c:165:9: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm'
> libavcodec/x86/ac3dsp_init.c:161:9: error: 'asm' operand has impossible constraints
> libavcodec/x86/ac3dsp_init.c:165:9: error: 'asm' operand has impossible constraints
> libavcodec/x86/ac3dsp_init.c:174:9: error: 'asm' operand has impossible constraints
>
> found by autobuilder job
> http://autobuild.buildroot.net/results/9f5/9f5a497c6242860fb67a5aa2996c3509f49a4564//
>
> Please note that this patch alone will not fix all build errors, sse2
> and mmxext show similar errors and are fixed by follow-up patches.
All of this is very messy. Why isn't the ffmpeg code building properly
on x86 ? It's a major platform, shouldn't x86 just work ?
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
^ permalink raw reply
* [Buildroot] [PATCH/next 1/1] package/tor: bump version to 0.3.0.6
From: Bernd Kuhls @ 2017-05-14 14:28 UTC (permalink / raw)
To: buildroot
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/tor/tor.hash | 2 +-
package/tor/tor.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index d14db040e..5b83aa43d 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,2 +1,2 @@
# Locally computed
-sha256 d611283e1fb284b5f884f8c07e7d3151016851848304f56cfdf3be2a88bd1341 tor-0.2.9.10.tar.gz
+sha256 a3e512e93cb555601fd207d914d7c5fe981d66d6ebb5821ecdf5dea738c2fb14 tor-0.3.0.6.tar.gz
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 389af6656..e6cb2b729 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
#
################################################################################
-TOR_VERSION = 0.2.9.10
+TOR_VERSION = 0.3.0.6
TOR_SITE = https://dist.torproject.org
TOR_LICENSE = BSD-3-Clause
TOR_LICENSE_FILES = LICENSE
--
2.11.0
^ permalink raw reply related
* [Buildroot] [PATCH/next 1/1] package/vdr: bump version to 2.3.4
From: Bernd Kuhls @ 2017-05-14 14:32 UTC (permalink / raw)
To: buildroot
Also fixes compile error with gcc7:
dvbdevice.c: In member function 'bool cDvbTuner::SetFrontend()':
dvbdevice.c:848:31: error: call of overloaded 'abs(unsigned int&)' is ambiguous
frequency = abs(frequency); // Allow for C-band, where the frequency is less than the LOF
^
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/vdr/vdr.hash | 6 +++---
package/vdr/vdr.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/vdr/vdr.hash b/package/vdr/vdr.hash
index edbcd3fcc..b4800d53f 100644
--- a/package/vdr/vdr.hash
+++ b/package/vdr/vdr.hash
@@ -1,4 +1,4 @@
-# From https://www.linuxtv.org/pipermail/vdr/2016-December/029178.html
-md5 6dbb208ea3d59658a18912b49af175b3 vdr-2.3.2.tar.bz2
+# From https://www.linuxtv.org/pipermail/vdr/2017-April/029243.html
+md5 7b1c985d5e7703f7ec46e3818f546702 vdr-2.3.4.tar.bz2
# Locally computed
-sha256 6c6ab08cf4dadd296e5e4a1c13f793c2e9222ec23103ae7aa9d616619f1496c0 vdr-2.3.2.tar.bz2
+sha256 97600301e8bb16ac6a6ed58c0b7c18a48e3ab1cc7130311d405178109777c03a vdr-2.3.4.tar.bz2
diff --git a/package/vdr/vdr.mk b/package/vdr/vdr.mk
index 24467f79d..694081389 100644
--- a/package/vdr/vdr.mk
+++ b/package/vdr/vdr.mk
@@ -4,7 +4,7 @@
#
################################################################################
-VDR_VERSION = 2.3.2
+VDR_VERSION = 2.3.4
VDR_SOURCE = vdr-$(VDR_VERSION).tar.bz2
VDR_SITE = ftp://ftp.tvdr.de/vdr/Developer
VDR_LICENSE = GPL-2.0+
--
2.11.0
^ permalink raw reply related
* [Buildroot] [PATCH 2/3] bluez_utils: add missing check dependency for test program
From: Yegor Yefremov @ 2017-05-14 14:59 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514160551.68cc2329@free-electrons.com>
On Sun, May 14, 2017 at 4:05 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Sat, 13 May 2017 22:28:45 +0200, Yann E. MORIN wrote:
>
>> On 2017-05-13 19:10 +0200, Romain Naour spake thusly:
>> > Tests are enabled since this has been introduced [1], so keep
>> > them for now.
>>
>> Why don't you want to simply disable tests altogehter, especially since
>> there is an option for that:
>>
>> --disable-test
>>
>> And if we disable tests, then we do not need patch 3/3.
>
> In bluez_utils, "tests" apparently a good number of tools that are not
> really tests, and might be needed on the target. I'll let Yegor answer
> on this though, but in the mean time, I believe it's better to fix
> things rather than changing the set of available tools on the target,
> which is why I've applied Romain's patch.
I'll have to take a closer look at this. Haven't used bluez_utils for ages.
Yegor
^ permalink raw reply
* [Buildroot] [PATCH v2 0/3] refpolicy: new package cover letter.
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
To: buildroot
Refpolicy is one of the last pieces for buildroot to truley have a easy way to
create a buildroot build with SELinux enabled. As such I feel it's important
to have it in the buildroot mainline.
The patchset by Bryce Ferguson that was submitted in January adds a refpolicy
that is from early 2015, and as such is quite out of date. Also the overall
package submitted has some issues that I wanted to fix up as well.
I contacted Bryce on May 10th and asked if I could take over the refpolicy
patches again from him and he was glad to let me do so, if anybody needs a copy
of the email I will gladly forward it to them.
Here are some of the issues I saw that were cleaned up or are changed from
Bryce Fergusons patch set:
Patch1: refpolicy: new package.
- Removed 0001-Fix-awk-references-to-use-variable.patch: Fixed upstream.
- Renamed 0002-support-fc_sort-use-_FOR_BUILD.patch to
0001-fc_sort-use-CFLAGS_FOR_BUILD.patch.
- Updated 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch to work with new version
of Refpolicy.
- Remove S00selinux, as this would be a bit too much for section 21.5.1
paragraph 3 of the buildroot manual. The first patch in this series
should build and install just a reference policy on the target.
- Stripped down patch to include just enough to build refpolicy and
install the policy on the target.
Config.in:
- Fixed attributes order.
- Fixed text wrapping.
- Removed policy type selection.
- Removed default state selection.
refpolicy.hash:
- Updated hash, however this doesn't work anyways because git
submodule packages aren't checked for hash consistancy yet.
refpolicy.mk:
- Updated version number in refpolicy.mk
- Changed ordering in refpolicy.mk. I tend to put the DEPENDENCIES line
below lines that aren't likely to change often, such as INSTALL_STAGING.
- Combined REFPOLICY_MAKE_OPTS and REFPOLICY_MAKE_ENV into REFPOLICY_MAKE.
This cleans up the rest of the makefile.
- Removed AWK= and M4= in refpolicy.mk, as these are no longer needed with
the newer version of refpolicy.
- Removed REFPOLICY_NAME, as the first patch only references a policy name
once.
- Changed "br_policy" to "targeted", as that's what most distributions
that use SELinux have for their default name.
- Set the default policy version number to 30, as this is the highest
currently supported by the kernel.
- Removed install-docs, as they generally installed for buildroot.
- Broke up CONFIFGURE_CMDS and BUILD_CMDS: The original patch configured
and built refpolicies in REFPOLICY_CONFIGURE_CMDS, which doesn't follow
other buildroot package.mk conventions.
- Combined making bare and conf into a single line.
- Removed creatings $(TARGET_DIR)/etc/selinux/config in initial patch.
- Removed INIT_SYSV section.
patch2: refpolicy-add-ability-to-specify-policy-version
- The reason why this is a standalone patch is that it follows section 21.5.1
paragraph 3 of the buildroot manual. Adding the ability to set a default
state is secondary to the policy version. As such I decided to break up
this patch into it's own seperate patch.
patch3: refpolicy-add-ability-to-specify-policy-version
- Broke this patch up into it's own seperate patch so that it follows section
21.5.1 paragraph 3 of the buildroot manual. This patch adds only the
ability to set the default selinux state.
- Re-added a template config file with SELINUXTYPE of targeted.
Config.in:
- Changed ENFORCE to ENFORCING because it matches the actual string.
- Changed DISABLE to DISABLED because it matches the actual string.
refpolicy.mk:
- Added only one set command to $(TARGET_DIR)/etc/selinux/config
Adam Duskett (3):
refpolicy: new package
add ability to specify policy version
refpolicy: add ability to set default state.
package/Config.in | 1 +
.../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch | 30 ++++++++++
package/refpolicy/Config.in | 70 ++++++++++++++++++++++
package/refpolicy/config | 9 +++
package/refpolicy/refpolicy.hash | 2 +
package/refpolicy/refpolicy.mk | 55 +++++++++++++++++
6 files changed, 167 insertions(+)
create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/config
create mode 100644 package/refpolicy/refpolicy.hash
create mode 100644 package/refpolicy/refpolicy.mk
--
2.9.3
^ permalink raw reply
* [Buildroot] [PATCH v2 1/3] refpolicy: new package
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514172157.1780-1-Adamduskett@outlook.com>
The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- Added cover letter explaining the new patch set.
- Added 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch from previous patch set.
- Readded dependencies from Bryce Ferguson's patch set.
- Readded comment in refpolicy.mk explaining why git submodules is needed.
package/Config.in | 1 +
.../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch | 30 +++++++++++++
package/refpolicy/Config.in | 37 ++++++++++++++++
package/refpolicy/refpolicy.hash | 2 +
package/refpolicy/refpolicy.mk | 49 ++++++++++++++++++++++
5 files changed, 119 insertions(+)
create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/refpolicy.hash
create mode 100644 package/refpolicy/refpolicy.mk
diff --git a/package/Config.in b/package/Config.in
index d57813c..6aa6885 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1754,6 +1754,7 @@ endmenu
menu "Security"
source "package/checkpolicy/Config.in"
source "package/policycoreutils/Config.in"
+ source "package/refpolicy/Config.in"
source "package/sepolgen/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch b/package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
new file mode 100644
index 0000000..e854e41
--- /dev/null
+++ b/package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
@@ -0,0 +1,30 @@
+From da468bd4f312cc7ad76836e1a21020ae423f9bf5 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Sun, 14 May 2017 12:02:28 -0400
+Subject: [PATCH] fc_sort-use-CFLAGS_FOR_BUILD
+
+Updates the one C based tool to use the CC_FOR_BUILD and respective flags
+variable as a full host build isn't required.
+
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 154beb5..cfff20f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -403,7 +403,7 @@ conf.intermediate: $(polxml)
+ # Generate the fc_sort program
+ #
+ $(fcsort) : $(support)/fc_sort.c
+- $(verbose) $(CC) $(CFLAGS) $^ -o $@
++ $(verbose) $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $^ -o $@
+
+ ########################################
+ #
+--
+2.9.3
+
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..a937055
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,37 @@
+config BR2_PACKAGE_REFPOLICY
+ bool "refpolicy"
+ depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
+ depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
+ depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # libsemanage
+ depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
+ depends on BR2_TOOLCHAIN_USES_GLIBC # libsemanage
+ depends on !BR2_STATIC_LIBS #libsemanage
+ depends on !BR2_arc # libsemanage
+ select BR2_PACKAGE_POLICYCOREUTILS
+ select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+ help
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis
+ for creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish
+ many additional goals.
+
+ The current refpolicy does not fully support Buildroot
+ and needs modifications to work with the default system
+ file layout. These changes should be added as patches to
+ the refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive mode. Only
+ the basic set of utilities are enabled in the example policy
+ config and some of the pathing in the policies is not correct.
+ Individual policies would need to be tweaked to get everything
+ functioning properly.
+
+ https://github.com/TresysTechnology/refpolicy
+
+comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
+ depends on !BR2_arc
+ depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
+ depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
+ !BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
new file mode 100644
index 0000000..7aeac41
--- /dev/null
+++ b/package/refpolicy/refpolicy.hash
@@ -0,0 +1,2 @@
+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e refpolicy-RELEASE_2_20170204.tar.gz
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..d565cbd
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,49 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = RELEASE_2_20170204
+
+# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
+REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
+REFPOLICY_SITE_METHOD = git
+REFPOLICY_GIT_SUBMODULES = y # Required for refpolicy-contrib
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_DEPENDENCIES += \
+ host-m4 \
+ host-checkpolicy \
+ host-policycoreutils \
+ host-setools \
+ host-gawk \
+ host-python \
+ policycoreutils
+
+REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
+
+define REFPOLICY_CONFIGURE_CMDS
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+ $(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
+endef
+
+define REFPOLICY_BUILD_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
+ DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+endef
+
+$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related
* [Buildroot] [PATCH v2 2/3] refpolicy add ability to specify policy version
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514172157.1780-1-Adamduskett@outlook.com>
Refpolicy by default will build the highest version supported.
This may cause older kernels to not load the policy.
This patch adds a custom policy version string which is defaulted
to 30, which is the highest supported as of today.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- Added cover letter explaining the new patch set.
package/refpolicy/Config.in | 8 ++++++++
package/refpolicy/refpolicy.mk | 4 ++--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index a937055..9d4e0e6 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -35,3 +35,11 @@ comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_VERSION
+ string "Policy version"
+ default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index d565cbd..b60c456 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -28,7 +28,7 @@ REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-p
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
define REFPOLICY_CONFIGURE_CMDS
- $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(BR2_PACKAGE_REFPOLICY_VERSION)" $(@D)/build.conf
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
endef
--
2.9.3
^ permalink raw reply related
* [Buildroot] [PATCH v2 3/3] refpolicy: add ability to set default state.
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514172157.1780-1-Adamduskett@outlook.com>
SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.
This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy. In this case, the
default name is targeted.
This patch adds:
- A choice menu on Config.in that allows the user to select a default
SELinux state.
- A basic config file that will be installed to
target/etc/selinux and will set SELINUX= to the selected state.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- Added cover letter explaining the new patch set.
package/refpolicy/Config.in | 25 +++++++++++++++++++++++++
package/refpolicy/config | 9 +++++++++
package/refpolicy/refpolicy.mk | 6 ++++++
3 files changed, 40 insertions(+)
create mode 100644 package/refpolicy/config
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 9d4e0e6..a51e411 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -41,5 +41,30 @@ if BR2_PACKAGE_REFPOLICY
config BR2_PACKAGE_REFPOLICY_VERSION
string "Policy version"
default "30"
+choice
+ prompt "SELinux default state"
+ default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ bool "Enforcing"
+ help
+ SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ bool "Permissive"
+ help
+ SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
+ bool "Disabled"
+ help
+ No SELinux policy is loaded
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_STATE
+ string
+ default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
endif
diff --git a/package/refpolicy/config b/package/refpolicy/config
new file mode 100644
index 0000000..a45a349
--- /dev/null
+++ b/package/refpolicy/config
@@ -0,0 +1,9 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=disabled
+
+SELINUXTYPE=targeted
+
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index b60c456..4834a46 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
policycoreutils
REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+REFPOLICY_NAME = "targeted"
# Cannot use multiple threads to build the reference policy
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
@@ -44,6 +45,11 @@ endef
define REFPOLICY_INSTALL_TARGET_CMDS
$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+ $(INSTALL) -m 0755 -D package/refpolicy/config \
+ $(TARGET_DIR)/etc/selinux/config
+
+ $(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
+ $(TARGET_DIR)/etc/selinux/config
endef
$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related
* [Buildroot] [PATCH v3 0/3] refpolicy: new package cover letter.
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
To: buildroot
Refpolicy is one of the last pieces for buildroot to truley have a easy way to
create a buildroot build with SELinux enabled. As such I feel it's important
to have it in the buildroot mainline.
The patchset by Bryce Ferguson that was submitted in January adds a refpolicy
that is from early 2015, and as such is quite out of date. Also the overall
package submitted has some issues that I wanted to fix up as well.
I contacted Bryce on May 10th and asked if I could take over the refpolicy
patches again from him and he was glad to let me do so, if anybody needs a copy
of the email I will gladly forward it to them.
Here are some of the issues I saw that were cleaned up or are changed from
Bryce Fergusons patch set:
Patch1: refpolicy: new package.
- Removed 0001-Fix-awk-references-to-use-variable.patch: Fixed upstream.
- Removed 0002-support-fc_sort-use-_FOR_BUILD.patch as this doesn't work in
the new version of refpolicy.
- Updated 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch to work with new version
of Refpolicy.
- Remove S00selinux, as this would be a bit too much for section 21.5.1
paragraph 3 of the buildroot manual. The first patch in this series
should build and install just a reference policy on the target.
- Stripped down patch to include just enough to build refpolicy and
install the policy on the target.
Config.in:
- Fixed attributes order.
- Fixed text wrapping.
- Removed policy type selection.
- Removed default state selection.
refpolicy.hash:
- Updated hash, however this doesn't work anyways because git
submodule packages aren't checked for hash consistancy yet.
refpolicy.mk:
- Updated version number in refpolicy.mk
- Changed ordering in refpolicy.mk. I tend to put the DEPENDENCIES line
below lines that aren't likely to change often, such as INSTALL_STAGING.
- Combined REFPOLICY_MAKE_OPTS and REFPOLICY_MAKE_ENV into REFPOLICY_MAKE.
This cleans up the rest of the makefile.
- Removed AWK= and M4= in refpolicy.mk, as these are no longer needed with
the newer version of refpolicy.
- Removed REFPOLICY_NAME, as the first patch only references a policy name
once.
- Changed "br_policy" to "targeted", as that's what most distributions
that use SELinux have for their default name.
- Set the default policy version number to 30, as this is the highest
currently supported by the kernel.
- Removed install-docs, as they generally installed for buildroot.
- Broke up CONFIFGURE_CMDS and BUILD_CMDS: The original patch configured
and built refpolicies in REFPOLICY_CONFIGURE_CMDS, which doesn't follow
other buildroot package.mk conventions.
- Combined making bare and conf into a single line.
- Removed creatings $(TARGET_DIR)/etc/selinux/config in initial patch.
- Removed INIT_SYSV section.
patch2: refpolicy-add-ability-to-specify-policy-version
- The reason why this is a standalone patch is that it follows section 21.5.1
paragraph 3 of the buildroot manual. Adding the ability to set a default
state is secondary to the policy version. As such I decided to break up
this patch into it's own seperate patch.
patch3: refpolicy-add-ability-to-specify-policy-version
- Broke this patch up into it's own seperate patch so that it follows section
21.5.1 paragraph 3 of the buildroot manual. This patch adds only the
ability to set the default selinux state.
- Re-added a template config file with SELINUXTYPE of targeted.
Config.in:
- Changed ENFORCE to ENFORCING because it matches the actual string.
- Changed DISABLE to DISABLED because it matches the actual string.
refpolicy.mk:
- Added only one set command to $(TARGET_DIR)/etc/selinux/config
Adam Duskett (3):
refpolicy: new package
add ability to specify policy version
refpolicy: add ability to set default state.
package/Config.in | 1 +
.../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch | 30 ++++++++++
package/refpolicy/Config.in | 70 ++++++++++++++++++++++
package/refpolicy/config | 9 +++
package/refpolicy/refpolicy.hash | 2 +
package/refpolicy/refpolicy.mk | 55 +++++++++++++++++
6 files changed, 167 insertions(+)
create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/config
create mode 100644 package/refpolicy/refpolicy.hash
create mode 100644 package/refpolicy/refpolicy.mk
--
2.9.3
^ permalink raw reply
* [Buildroot] [PATCH v3 1/3] refpolicy: new package
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514174053.26140-1-Adamduskett@outlook.com>
The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v2 -> v3:
- Removed 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch as this causes compilation
problems in the newer refpolicy and doesn't seem to be needed anymore.
Changes v1 -> v2:
- Added cover letter explaining the new patch set.
- Added 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch from previous patch set.
- Readded dependencies from Bryce Ferguson's patch set.
- Readded comment in refpolicy.mk explaining why git submodules is needed.
package/Config.in | 1 +
.../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch | 30 +++++++++++++
package/refpolicy/Config.in | 37 ++++++++++++++++
package/refpolicy/refpolicy.hash | 2 +
package/refpolicy/refpolicy.mk | 49 ++++++++++++++++++++++
5 files changed, 119 insertions(+)
create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
create mode 100644 package/refpolicy/Config.in
create mode 100644 package/refpolicy/refpolicy.hash
create mode 100644 package/refpolicy/refpolicy.mk
diff --git a/package/Config.in b/package/Config.in
index d57813c..6aa6885 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1754,6 +1754,7 @@ endmenu
menu "Security"
source "package/checkpolicy/Config.in"
source "package/policycoreutils/Config.in"
+ source "package/refpolicy/Config.in"
source "package/sepolgen/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..a937055
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,37 @@
+config BR2_PACKAGE_REFPOLICY
+ bool "refpolicy"
+ depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
+ depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
+ depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # libsemanage
+ depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
+ depends on BR2_TOOLCHAIN_USES_GLIBC # libsemanage
+ depends on !BR2_STATIC_LIBS #libsemanage
+ depends on !BR2_arc # libsemanage
+ select BR2_PACKAGE_POLICYCOREUTILS
+ select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+ help
+ The SELinux Reference Policy project (refpolicy) is a
+ complete SELinux policy that can be used as the system
+ policy for a variety of systems and used as the basis
+ for creating other policies. Reference Policy was originally
+ based on the NSA example policy, but aims to accomplish
+ many additional goals.
+
+ The current refpolicy does not fully support Buildroot
+ and needs modifications to work with the default system
+ file layout. These changes should be added as patches to
+ the refpolicy that modify a single SELinux policy.
+
+ The refpolicy works for the most part in permissive mode. Only
+ the basic set of utilities are enabled in the example policy
+ config and some of the pathing in the policies is not correct.
+ Individual policies would need to be tweaked to get everything
+ functioning properly.
+
+ https://github.com/TresysTechnology/refpolicy
+
+comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
+ depends on !BR2_arc
+ depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
+ depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
+ !BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
new file mode 100644
index 0000000..7aeac41
--- /dev/null
+++ b/package/refpolicy/refpolicy.hash
@@ -0,0 +1,2 @@
+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e refpolicy-RELEASE_2_20170204.tar.gz
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..d565cbd
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,49 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = RELEASE_2_20170204
+
+# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
+REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
+REFPOLICY_SITE_METHOD = git
+REFPOLICY_GIT_SUBMODULES = y # Required for refpolicy-contrib
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_DEPENDENCIES += \
+ host-m4 \
+ host-checkpolicy \
+ host-policycoreutils \
+ host-setools \
+ host-gawk \
+ host-python \
+ policycoreutils
+
+REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
+
+define REFPOLICY_CONFIGURE_CMDS
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+ $(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
+endef
+
+define REFPOLICY_BUILD_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
+ DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+ $(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+endef
+
+$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related
* [Buildroot] [PATCH v3 2/3] refpolicy add ability to specify policy version
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514174053.26140-1-Adamduskett@outlook.com>
Refpolicy by default will build the highest version supported.
This may cause older kernels to not load the policy.
This patch adds a custom policy version string which is defaulted
to 30, which is the highest supported as of today.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v2 -> v3:
- No changes.
Changes v1 -> v2:
- Added cover letter explaining the new patch set.
package/refpolicy/Config.in | 8 ++++++++
package/refpolicy/refpolicy.mk | 4 ++--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index a937055..9d4e0e6 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -35,3 +35,11 @@ comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_VERSION
+ string "Policy version"
+ default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index d565cbd..b60c456 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -28,7 +28,7 @@ REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-p
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
define REFPOLICY_CONFIGURE_CMDS
- $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+ $(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(BR2_PACKAGE_REFPOLICY_VERSION)" $(@D)/build.conf
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
endef
--
2.9.3
^ permalink raw reply related
* [Buildroot] [PATCH v3 3/3] refpolicy: add ability to set default state.
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
To: buildroot
In-Reply-To: <20170514174053.26140-1-Adamduskett@outlook.com>
SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.
This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy. In this case, the
default name is targeted.
This patch adds:
- A choice menu on Config.in that allows the user to select a default
SELinux state.
- A basic config file that will be installed to
target/etc/selinux and will set SELINUX= to the selected state.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v2 -> v3:
- No changes.
Changes v1 -> v2:
- Added cover letter explaining the new patch set.
package/refpolicy/Config.in | 25 +++++++++++++++++++++++++
package/refpolicy/config | 9 +++++++++
package/refpolicy/refpolicy.mk | 6 ++++++
3 files changed, 40 insertions(+)
create mode 100644 package/refpolicy/config
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 9d4e0e6..a51e411 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -41,5 +41,30 @@ if BR2_PACKAGE_REFPOLICY
config BR2_PACKAGE_REFPOLICY_VERSION
string "Policy version"
default "30"
+choice
+ prompt "SELinux default state"
+ default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ bool "Enforcing"
+ help
+ SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ bool "Permissive"
+ help
+ SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
+ bool "Disabled"
+ help
+ No SELinux policy is loaded
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_STATE
+ string
+ default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+ default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+ default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
endif
diff --git a/package/refpolicy/config b/package/refpolicy/config
new file mode 100644
index 0000000..a45a349
--- /dev/null
+++ b/package/refpolicy/config
@@ -0,0 +1,9 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=disabled
+
+SELINUXTYPE=targeted
+
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index b60c456..4834a46 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
policycoreutils
REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+REFPOLICY_NAME = "targeted"
# Cannot use multiple threads to build the reference policy
REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
@@ -44,6 +45,11 @@ endef
define REFPOLICY_INSTALL_TARGET_CMDS
$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+ $(INSTALL) -m 0755 -D package/refpolicy/config \
+ $(TARGET_DIR)/etc/selinux/config
+
+ $(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
+ $(TARGET_DIR)/etc/selinux/config
endef
$(eval $(generic-package))
--
2.9.3
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox