Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] x11r7: xf86-input-tslib: upgrade to 1.0.0
From: Thomas Petazzoni @ 2017-05-14 12:37 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514075026.13434-1-martink@posteo.de>

Hello,

On Sun, 14 May 2017 09:50:26 +0200, Martin Kepplinger wrote:
> As the update from 0.0.X to 1.0.0 suggests, this is a major update. The driver
> uses X11's touch API now, instead of motion with button emulation. Furthermore
> it supports multitouch when a recent version of tslib is installed.
> 
> It is not backwards compatible for very old versions of the X server. See
> https://github.com/merge/xf86-input-tslib/releases for some details.

What do you call "very old versions of the X server" ?

Buildroot still supports the X server in version 1.14.7. Does this
qualify as a "very old version" ?

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [git commit] package/binutils: finalize the bump ARC tools to arc-2017.03-rc2
From: Thomas Petazzoni @ 2017-05-14 12:39 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=f937bbb71673c66836577a3751e49cd964e6d9d7
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

The commit bumping ARC tools to arc-2017.03-rc2 [1] forgot to
update the ARC tools version in binutils.mk

[1] 043737282010f83e8ec20618a034131bc7e8cae1

Fixes:
http://autobuild.buildroot.net/results/f9c/f9c40610209fc22ac8c0db6bd57bd3b11bbe6d9c

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/binutils/binutils.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/binutils/binutils.mk b/package/binutils/binutils.mk
index 72e2d0b..bc0268e 100644
--- a/package/binutils/binutils.mk
+++ b/package/binutils/binutils.mk
@@ -9,7 +9,7 @@
 BINUTILS_VERSION = $(call qstrip,$(BR2_BINUTILS_VERSION))
 ifeq ($(BINUTILS_VERSION),)
 ifeq ($(BR2_arc),y)
-BINUTILS_VERSION = arc-2017.03-rc1
+BINUTILS_VERSION = arc-2017.03-rc2
 else
 BINUTILS_VERSION = 2.27
 endif

^ permalink raw reply related

* [Buildroot] [PATCH] package/binutils: finalize the bump ARC tools to arc-2017.03-rc2
From: Thomas Petazzoni @ 2017-05-14 12:42 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514104956.4160-1-romain.naour@gmail.com>

Hello,

On Sun, 14 May 2017 12:49:56 +0200, Romain Naour wrote:
> The commit bumping ARC tools to arc-2017.03-rc2 [1] forgot to
> update the ARC tools version in binutils.mk
> 
> [1] 043737282010f83e8ec20618a034131bc7e8cae1
> 
> Fixes:
> http://autobuild.buildroot.net/results/f9c/f9c40610209fc22ac8c0db6bd57bd3b11bbe6d9c
> 
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Alexey Brodkin <abrodkin@synopsys.com>
> ---
>  package/binutils/binutils.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] Analysis of build results for 2017-05-13
From: Thomas Petazzoni @ 2017-05-14 12:49 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514063046.C79A9220A8@mail.free-electrons.com>

Hello,

>       successes : 250
>        failures : 17 

Really good results!

On Sun, 14 May 2017 08:30:46 +0200 (CEST), Thomas Petazzoni wrote:

>          arc |       binutils-arc-2017.03-rc1 | NOK | http://autobuild.buildroot.net/results/5962afffac3a2041d089811cf5a73c3b4a671c60 | ORPH

Fixed in:

  https://git.buildroot.org/buildroot/commit/?id=f937bbb71673c66836577a3751e49cd964e6d9d7

>         i586 |              bluez_utils-4.101 | NOK | http://autobuild.buildroot.net/results/06c930d9c5299b79500d018ac3fb2861ce834c7c |     

Romain has proposed a patch series to fix this:

  https://patchwork.ozlabs.org/patch/762050/
  https://patchwork.ozlabs.org/patch/762051/
  https://patchwork.ozlabs.org/patch/762052/

>       x86_64 |                 cifs-utils-6.6 | NOK | http://autobuild.buildroot.net/results/91f7c6954c337b03f5ac141050d9b1bee1623376 |     

/home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/5.4.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/5.4.0/crtbeginT.o: relocation R_X86_64_32 against hidden symbol `__TMC_END__' can not be used when making a shared object
/home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-buildroot-linux-musl/5.4.0/../../../../x86_64-buildroot-linux-musl/bin/ld: /home/rclinux/rc-buildroot-test/scripts/instance-2/output/host/usr/x86_64-buildroot-linux-musl/sysroot/lib/../lib64/libc.a(__libc_start_main.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC

Not sure what this is...

>         m68k |                     ffmpeg-3.3 | NOK | http://autobuild.buildroot.net/results/b3eaaf6d73cd49f5919143aeaa5cbb4d15a7ccc3 |     

libavutil/libavutil.a(buffer.o): In function `pool_release_buffer':
/home/buildroot/autobuild/run/instance-1/output/build/ffmpeg-3.3/libavutil/buffer.c:301: undefined reference to `__sync_fetch_and_add_4'

I'll have a look at the ffmpeg patches around atomic support.

>         sh4a |                  libv4l-1.12.2 | NOK | http://autobuild.buildroot.net/results/5dff0ec19205e02f6ee373d34cb79f39ac25b609 | ORPH

Forgets to link with librt, I have reproduced the problem locally and
will submit a fix.

>         i686 |                  mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/9f5a497c6242860fb67a5aa2996c3509f49a4564 |     
>         i686 |                  mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/b43978f11c62239a2b8089a4ff60a19af53634d9 |     

Should be fixed by:

  https://patchwork.ozlabs.org/patch/762041/
  https://patchwork.ozlabs.org/patch/762043/
  https://patchwork.ozlabs.org/patch/762042/

>      aarch64 |                   ntp-4.2.8p10 | NOK | http://autobuild.buildroot.net/results/866b1d28595efd8b6becf83d0a64b596538d58b0 | ORPH

A patch was proposed by Romain, but I'm not entirely sure:
https://patchwork.ozlabs.org/patch/762084/.

>        sparc | openblas-f04af36ad0e85b64f1... | NOK | http://autobuild.buildroot.net/results/805087e87b8bb7d11adb49d9eca3959a37aca3a2 |     

Fixed by
https://git.buildroot.org/buildroot/commit/?id=6714d79a22b4c0ad7651659c8009f93574bbd59d

>         i686 |                opencv-2.4.13.2 | NOK | http://autobuild.buildroot.net/results/4e7e3641c20b85465678d4a6d5a97ef53e793330 |     

/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h: In function 'bool jas_safe_size_mul(size_t, size_t, size_t*)':
/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h:185:15: error: 'SIZE_MAX' was not declared in this scope
/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h: In function 'bool jas_safe_size_add(size_t, size_t, size_t*)':
/accts/mlweber1/instance-2/output/host/usr/i686-buildroot-linux-gnu/sysroot/usr/include/jasper/jas_math.h:212:10: error: 'SIZE_MAX' was not declared in this scope

A fix like commit d246cf5fd01bb0d20a0e64194ffed514ea8dd0aa is probably
needed here.

>          arm |                  opencv3-3.2.0 | NOK | http://autobuild.buildroot.net/results/4bae12b9a4e9744f561a79cb243e01bf3e6ea212 |   

/home/buildroot/autobuild/run/instance-3/output/host/usr/arm-buildroot-linux-gnueabi/sysroot/usr/include/openblas_config.h:82:44: warning: "__STDC_VERSION__" is not defined [-Wundef]
 #if ((defined(__STDC_IEC_559_COMPLEX__) || __STDC_VERSION__ >= 199901L || \

Samuel, could you have a look, this has been happening for a while.
  
>          arm |                      php-7.1.4 | NOK | http://autobuild.buildroot.net/results/234985fcaf6012d4ac7fbc2b2a7a4375cb7cd552 | ORPH

/home/peko/autobuild/instance-0/output/host/usr/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libicui18n.a(umsg.o): In function `icu_58::MessageFormatAdapter::getArgTypeList(icu_58::MessageFormat const&, int&)':
umsg.cpp:(.text._ZN6icu_5820MessageFormatAdapter14getArgTypeListERKNS_13MessageFormatERi+0x0): multiple definition of `icu_58::MessageFormatAdapter::getArgTypeList(icu_58::MessageFormat const&, int&)'
ext/intl/msgformat/msgformat_helpers.o:msgformat_helpers.cpp:(.text+0x8): first defined here

Yet another funky static library issue...

>        sparc |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/cc5946f24438b90151b440b65ae178c452e7c876 | ORPH
>        sparc |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/b8a40663222f8930aad247657674c06156024c65 | ORPH

Needs an appropriate atomic dependency.

>         or1k |              rabbitmq-c-v0.8.0 | NOK | http://autobuild.buildroot.net/results/fd45d560ef4a682991bcaf984308f19c9d618d1e |     

Static linking issue: intl + zlib.

>        nios2 | uclibc-ng-test-c9b9876cefc1... | NOK | http://autobuild.buildroot.net/results/11d8a1d71e9fd76e745680dbd442f22121217bb6 |     

Already fixed by
https://git.buildroot.org/buildroot/commit/?id=e7a64ddcbc0b262eaa549fede9bd1e8ca3bb310f.

>      sparc64 |                upmpdcli-1.2.12 | NOK | http://autobuild.buildroot.net/results/c2f6f477dc510484ea126742508ff8e526f43b40 |     

Weird:

/usr/bin/install: cannot change permissions of '/home/rclinux/rc-buildroot-test/scripts/instance-2/output/target/etc/upmpdcli.conf-dist': No such file or directory
make[4]: *** [install-dist_sysconfDATA] Error 1
make[4]: *** Waiting for unfinished jobs....

Matt, is this yet another weird thing in your autobuilder configuration?

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [PATCH/next 1/1] package/kodi-pvr-stalker: fix gcc7 compile
From: Bernd Kuhls @ 2017-05-14 13:38 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170513182944.29833-1-bernd.kuhls@t-online.de>

Hi,

Am Sat, 13 May 2017 20:29:44 +0200 schrieb Bernd Kuhls:

> +  */
> +
> + #include <thread>
> ++#include <functional>
> +
> + #include "SAPI.h"
> +

please note that all lines of the patch need DOS line endings.

Regards, Bernd

^ permalink raw reply

* [Buildroot] Why is /var/log symlinked to a tmpfs?
From: Thomas Petazzoni @ 2017-05-14 13:56 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <1494763200132-164905.post@n4.nabble.com>

Hello,

On Sun, 14 May 2017 05:00:00 -0700 (PDT), PTaylor.us wrote:
> First, I must say that buildroot is a great tool. Thank you.
> 
> I am using buildroot branch 2016.11.x.
> 
> Why is /var/log a symlink to /tmp (which is mounted with a tmpfs). My
> understanding is that */var/log should be persistent across reboots*. I'm
> very curious why the default skeleton was setup like this. It is causing
> problems, for one, with journald where the "fix" I've seen suggested on this
> mailing list is to set the logging to "volatile". 

The reason why /var/log is a symlink to a tmpfs is because we want to
support the root filesystem to be mounted read only.

We know the current skeleton has some issues with journald (see
https://bugs.busybox.net/show_bug.cgi?id=7892), and Yann E. Morin is
working on a patch series to address this, see:

  https://git.buildroot.org/~ymorin/git/buildroot/log/?h=yem/systemd-skeleton
  https://git.buildroot.org/~ymorin/git/buildroot/log/?h=yem/systemd-skeleton-2

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [git commit] package/bluez_utils: add missing host-pkgconf dependency
From: Thomas Petazzoni @ 2017-05-14 13:57 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=d5fec33bd5e4a928d60bdc8693ca2917b3e91a43
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

The configure script use pkg-config.

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/bluez_utils/bluez_utils.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/bluez_utils/bluez_utils.mk b/package/bluez_utils/bluez_utils.mk
index b396886..526804a 100644
--- a/package/bluez_utils/bluez_utils.mk
+++ b/package/bluez_utils/bluez_utils.mk
@@ -8,7 +8,7 @@ BLUEZ_UTILS_VERSION = 4.101
 BLUEZ_UTILS_SOURCE = bluez-$(BLUEZ_UTILS_VERSION).tar.xz
 BLUEZ_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ_UTILS_INSTALL_STAGING = YES
-BLUEZ_UTILS_DEPENDENCIES = dbus libglib2
+BLUEZ_UTILS_DEPENDENCIES = host-pkgconf dbus libglib2
 BLUEZ_UTILS_CONF_OPTS = --enable-test --enable-tools
 BLUEZ_UTILS_AUTORECONF = YES
 BLUEZ_UTILS_LICENSE = GPL-2.0+, LGPL-2.1+

^ permalink raw reply related

* [Buildroot] [PATCH 1/3] package/bluez_utils: add missing host-pkgconf dependency
From: Thomas Petazzoni @ 2017-05-14 13:58 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170513171009.5219-1-romain.naour@gmail.com>

Hello,

On Sat, 13 May 2017 19:10:07 +0200, Romain Naour wrote:
> The configure script use pkg-config.
> 
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yegor Yefremov <yegorslists@googlemail.com>
> ---
>  package/bluez_utils/bluez_utils.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [git commit] package/bluez_utils: add missing check dependency for test program
From: Thomas Petazzoni @ 2017-05-14 14:04 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=8554be9f82301282161cf6310bacdb6067fefb16
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Tests are enabled since this has been introduced [1], so keep
them for now.

bluez_utils needs check tool and check if it's available [2].

[1] 06c3e2159686a886e52b2522a47e60c300cfb7f7
[2] https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/configure.ac?h=4.101#n51

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/bluez_utils/bluez_utils.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/bluez_utils/bluez_utils.mk b/package/bluez_utils/bluez_utils.mk
index 526804a..256f012 100644
--- a/package/bluez_utils/bluez_utils.mk
+++ b/package/bluez_utils/bluez_utils.mk
@@ -8,7 +8,7 @@ BLUEZ_UTILS_VERSION = 4.101
 BLUEZ_UTILS_SOURCE = bluez-$(BLUEZ_UTILS_VERSION).tar.xz
 BLUEZ_UTILS_SITE = $(BR2_KERNEL_MIRROR)/linux/bluetooth
 BLUEZ_UTILS_INSTALL_STAGING = YES
-BLUEZ_UTILS_DEPENDENCIES = host-pkgconf dbus libglib2
+BLUEZ_UTILS_DEPENDENCIES = host-pkgconf check dbus libglib2
 BLUEZ_UTILS_CONF_OPTS = --enable-test --enable-tools
 BLUEZ_UTILS_AUTORECONF = YES
 BLUEZ_UTILS_LICENSE = GPL-2.0+, LGPL-2.1+

^ permalink raw reply related

* [Buildroot] [git commit] package/bluez_utils: fix test build issues with musl
From: Thomas Petazzoni @ 2017-05-14 14:04 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=d09d3a7fa00585ca570a75fee59b9cb3ac983d98
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Add one missing header and avoid encrypt redefinition.

Fixes:
http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 .../bluez_utils/0004-test-add-missing-header.patch |  34 +++++++
 ...test-avoid-conflict-with-encrypt-function.patch | 107 +++++++++++++++++++++
 2 files changed, 141 insertions(+)

diff --git a/package/bluez_utils/0004-test-add-missing-header.patch b/package/bluez_utils/0004-test-add-missing-header.patch
new file mode 100644
index 0000000..c74afb8
--- /dev/null
+++ b/package/bluez_utils/0004-test-add-missing-header.patch
@@ -0,0 +1,34 @@
+From d3c098c2fde55ddf0c7d56eae56925103d35da73 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 13 May 2017 18:56:51 +0200
+Subject: [PATCH] test: add missing header
+
+test/attest.c: In function 'at_command':
+test/attest.c:43:2: error: unknown type name 'fd_set'
+  fd_set rfds;
+  ^
+
+Fixes:
+http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ test/attest.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/test/attest.c b/test/attest.c
+index 12ba682..2626cf1 100644
+--- a/test/attest.c
++++ b/test/attest.c
+@@ -35,6 +35,8 @@
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+ 
++#include <sys/select.h>
++
+ #include <bluetooth/bluetooth.h>
+ #include <bluetooth/rfcomm.h>
+ 
+-- 
+2.9.3
+
diff --git a/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
new file mode 100644
index 0000000..438da97
--- /dev/null
+++ b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
@@ -0,0 +1,107 @@
+From d8056252d0c99bfb2482f0a420dcf9a36019ddf8 Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour@gmail.com>
+Date: Sat, 13 May 2017 18:58:51 +0200
+Subject: [PATCH] test: avoid conflict with encrypt function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With a musl based toolchain:
+
+test/l2test.c:110:12: error: ???encrypt??? redeclared as different kind of symbol
+ static int encrypt = 0;
+            ^
+In file included from test/l2test.c:34:0:
+[...]/sysroot/usr/include/unistd.h:145:6: note: previous declaration of ???encrypt??? was here
+ void encrypt(char *, int);
+      ^
+
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+---
+ test/l2test.c | 8 ++++----
+ test/rctest.c | 8 ++++----
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/test/l2test.c b/test/l2test.c
+index f66486d..9ef6faf 100644
+--- a/test/l2test.c
++++ b/test/l2test.c
+@@ -107,7 +107,7 @@ static char *filename = NULL;
+ static int rfcmode = 0;
+ static int master = 0;
+ static int auth = 0;
+-static int encrypt = 0;
++static int _encrypt = 0;
+ static int secure = 0;
+ static int socktype = SOCK_SEQPACKET;
+ static int linger = 0;
+@@ -340,7 +340,7 @@ static int do_connect(char *svr)
+ 		opt |= L2CAP_LM_MASTER;
+ 	if (auth)
+ 		opt |= L2CAP_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= L2CAP_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= L2CAP_LM_SECURE;
+@@ -475,7 +475,7 @@ static void do_listen(void (*handler)(int sk))
+ 		opt |= L2CAP_LM_MASTER;
+ 	if (auth)
+ 		opt |= L2CAP_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= L2CAP_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= L2CAP_LM_SECURE;
+@@ -1407,7 +1407,7 @@ int main(int argc, char *argv[])
+ 			break;
+ 
+ 		case 'E':
+-			encrypt = 1;
++			_encrypt = 1;
+ 			break;
+ 
+ 		case 'S':
+diff --git a/test/rctest.c b/test/rctest.c
+index 4d7c90a..7ad5a0b 100644
+--- a/test/rctest.c
++++ b/test/rctest.c
+@@ -79,7 +79,7 @@ static char *filename = NULL;
+ 
+ static int master = 0;
+ static int auth = 0;
+-static int encrypt = 0;
++static int _encrypt = 0;
+ static int secure = 0;
+ static int socktype = SOCK_STREAM;
+ static int linger = 0;
+@@ -200,7 +200,7 @@ static int do_connect(const char *svr)
+ 		opt |= RFCOMM_LM_MASTER;
+ 	if (auth)
+ 		opt |= RFCOMM_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= RFCOMM_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= RFCOMM_LM_SECURE;
+@@ -291,7 +291,7 @@ static void do_listen(void (*handler)(int sk))
+ 		opt |= RFCOMM_LM_MASTER;
+ 	if (auth)
+ 		opt |= RFCOMM_LM_AUTH;
+-	if (encrypt)
++	if (_encrypt)
+ 		opt |= RFCOMM_LM_ENCRYPT;
+ 	if (secure)
+ 		opt |= RFCOMM_LM_SECURE;
+@@ -701,7 +701,7 @@ int main(int argc, char *argv[])
+ 			break;
+ 
+ 		case 'E':
+-			encrypt = 1;
++			_encrypt = 1;
+ 			break;
+ 
+ 		case 'S':
+-- 
+2.9.3
+

^ permalink raw reply related

* [Buildroot] [PATCH 2/3] bluez_utils: add missing check dependency for test program
From: Thomas Petazzoni @ 2017-05-14 14:04 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170513171009.5219-2-romain.naour@gmail.com>

Hello,

On Sat, 13 May 2017 19:10:08 +0200, Romain Naour wrote:
> Tests are enabled since this has been introduced [1], so keep
> them for now.
> 
> bluez_utils needs check tool and check if it's available [2].
> 
> [1] 06c3e2159686a886e52b2522a47e60c300cfb7f7
> [2] https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/configure.ac?h=4.101#n51
> 
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yegor Yefremov <yegorslists@googlemail.com>
> ---
>  package/bluez_utils/bluez_utils.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [PATCH 2/3] bluez_utils: add missing check dependency for test program
From: Thomas Petazzoni @ 2017-05-14 14:05 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170513202845.GB15337@scaer>

Hello,

On Sat, 13 May 2017 22:28:45 +0200, Yann E. MORIN wrote:

> On 2017-05-13 19:10 +0200, Romain Naour spake thusly:
> > Tests are enabled since this has been introduced [1], so keep
> > them for now.  
> 
> Why don't you want to simply disable tests altogehter, especially since
> there is an option for that:
> 
>     --disable-test
> 
> And if we disable tests, then we do not need patch 3/3.

In bluez_utils, "tests" apparently a good number of tools that are not
really tests, and might be needed on the target. I'll let Yegor answer
on this though, but in the mean time, I believe it's better to fix
things rather than changing the set of available tools on the target,
which is why I've applied Romain's patch.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [PATCH 3/3] package/bluez_utils: fix test build issues with musl
From: Thomas Petazzoni @ 2017-05-14 14:07 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170513171009.5219-3-romain.naour@gmail.com>

Hello,

On Sat, 13 May 2017 19:10:09 +0200, Romain Naour wrote:
> Add one missing header and avoid encrypt redefinition.
> 
> Fixes:
> http://autobuild.buildroot.net/results/06c/06c930d9c5299b79500d018ac3fb2861ce834c7c/
> 
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Cc: Yegor Yefremov <yegorslists@googlemail.com>

I've applied. See a few comments below though.

> diff --git a/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
> new file mode 100644
> index 0000000..51ab0c1
> --- /dev/null
> +++ b/package/bluez_utils/0005-test-avoid-conflict-with-encrypt-function.patch
> @@ -0,0 +1,107 @@
> +From d8056252d0c99bfb2482f0a420dcf9a36019ddf8 Mon Sep 17 00:00:00 2001
> +From: Romain Naour <romain.naour@gmail.com>
> +Date: Sat, 13 May 2017 18:58:51 +0200
> +Subject: [PATCH 5/5] test: avoid conflict with encrypt function

Please generate patches with 'git format-patch -N' to avoid the
sequence number in the patch itself. Thanks!

> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +With a musl based toolchain:
> +
> +test/l2test.c:110:12: error: ?encrypt? redeclared as different kind of symbol
> + static int encrypt = 0;
> +            ^
> +In file included from test/l2test.c:34:0:
> +[...]/sysroot/usr/include/unistd.h:145:6: note: previous declaration of ?encrypt? was here
> + void encrypt(char *, int);

This encrypt thing is a bit messy, because the same issue for another
part of bluez_utils is solved in a different way in
0003-fix-compilation-issues-with-musl.patch.

Anyway the existing patches are already a bit messy. Perhaps we should
start thinking about phasing out bluez_utils? Is there a good reason to
still have bluez_utils? Are there some features or hardware devices
that work with bluez_utils and not bluez5_utils? Or does bluez5_utils
requires a recent kernel version?

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [PATCH 1/3] package/mplayer: disable inline sse on i386
From: Thomas Petazzoni @ 2017-05-14 14:08 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170513150918.25427-1-bernd.kuhls@t-online.de>

Hello,

On Sat, 13 May 2017 17:09:16 +0200, Bernd Kuhls wrote:
> Fixes
> 
> libavcodec/x86/ac3dsp_init.c: In function 'ac3_downmix_sse':
> libavcodec/x86/ac3dsp_init.c:161:9: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm'
> libavcodec/x86/ac3dsp_init.c:165:9: error: can't find a register in class 'GENERAL_REGS' while reloading 'asm'
> libavcodec/x86/ac3dsp_init.c:161:9: error: 'asm' operand has impossible constraints
> libavcodec/x86/ac3dsp_init.c:165:9: error: 'asm' operand has impossible constraints
> libavcodec/x86/ac3dsp_init.c:174:9: error: 'asm' operand has impossible constraints
> 
> found by autobuilder job
> http://autobuild.buildroot.net/results/9f5/9f5a497c6242860fb67a5aa2996c3509f49a4564//
> 
> Please note that this patch alone will not fix all build errors, sse2
> and mmxext show similar errors and are fixed by follow-up patches.

All of this is very messy. Why isn't the ffmpeg code building properly
on x86 ? It's a major platform, shouldn't x86 just work ?

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

^ permalink raw reply

* [Buildroot] [PATCH/next 1/1] package/tor: bump version to 0.3.0.6
From: Bernd Kuhls @ 2017-05-14 14:28 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 package/tor/tor.hash | 2 +-
 package/tor/tor.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index d14db040e..5b83aa43d 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 d611283e1fb284b5f884f8c07e7d3151016851848304f56cfdf3be2a88bd1341  tor-0.2.9.10.tar.gz
+sha256 a3e512e93cb555601fd207d914d7c5fe981d66d6ebb5821ecdf5dea738c2fb14  tor-0.3.0.6.tar.gz
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 389af6656..e6cb2b729 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TOR_VERSION = 0.2.9.10
+TOR_VERSION = 0.3.0.6
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3-Clause
 TOR_LICENSE_FILES = LICENSE
-- 
2.11.0

^ permalink raw reply related

* [Buildroot] [PATCH/next 1/1] package/vdr: bump version to 2.3.4
From: Bernd Kuhls @ 2017-05-14 14:32 UTC (permalink / raw)
  To: buildroot

Also fixes compile error with gcc7:

dvbdevice.c: In member function 'bool cDvbTuner::SetFrontend()':
dvbdevice.c:848:31: error: call of overloaded 'abs(unsigned int&)' is ambiguous
      frequency = abs(frequency); // Allow for C-band, where the frequency is less than the LOF
                               ^

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 package/vdr/vdr.hash | 6 +++---
 package/vdr/vdr.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/vdr/vdr.hash b/package/vdr/vdr.hash
index edbcd3fcc..b4800d53f 100644
--- a/package/vdr/vdr.hash
+++ b/package/vdr/vdr.hash
@@ -1,4 +1,4 @@
-# From https://www.linuxtv.org/pipermail/vdr/2016-December/029178.html
-md5 6dbb208ea3d59658a18912b49af175b3  vdr-2.3.2.tar.bz2
+# From https://www.linuxtv.org/pipermail/vdr/2017-April/029243.html
+md5 7b1c985d5e7703f7ec46e3818f546702  vdr-2.3.4.tar.bz2
 # Locally computed
-sha256 6c6ab08cf4dadd296e5e4a1c13f793c2e9222ec23103ae7aa9d616619f1496c0  vdr-2.3.2.tar.bz2
+sha256 97600301e8bb16ac6a6ed58c0b7c18a48e3ab1cc7130311d405178109777c03a  vdr-2.3.4.tar.bz2
diff --git a/package/vdr/vdr.mk b/package/vdr/vdr.mk
index 24467f79d..694081389 100644
--- a/package/vdr/vdr.mk
+++ b/package/vdr/vdr.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VDR_VERSION = 2.3.2
+VDR_VERSION = 2.3.4
 VDR_SOURCE = vdr-$(VDR_VERSION).tar.bz2
 VDR_SITE = ftp://ftp.tvdr.de/vdr/Developer
 VDR_LICENSE = GPL-2.0+
-- 
2.11.0

^ permalink raw reply related

* [Buildroot] [PATCH 2/3] bluez_utils: add missing check dependency for test program
From: Yegor Yefremov @ 2017-05-14 14:59 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514160551.68cc2329@free-electrons.com>

On Sun, May 14, 2017 at 4:05 PM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Sat, 13 May 2017 22:28:45 +0200, Yann E. MORIN wrote:
>
>> On 2017-05-13 19:10 +0200, Romain Naour spake thusly:
>> > Tests are enabled since this has been introduced [1], so keep
>> > them for now.
>>
>> Why don't you want to simply disable tests altogehter, especially since
>> there is an option for that:
>>
>>     --disable-test
>>
>> And if we disable tests, then we do not need patch 3/3.
>
> In bluez_utils, "tests" apparently a good number of tools that are not
> really tests, and might be needed on the target. I'll let Yegor answer
> on this though, but in the mean time, I believe it's better to fix
> things rather than changing the set of available tools on the target,
> which is why I've applied Romain's patch.

I'll have to take a closer look at this. Haven't used bluez_utils for ages.

Yegor

^ permalink raw reply

* [Buildroot] [PATCH v2 0/3] refpolicy: new package cover letter.
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
  To: buildroot

Refpolicy is one of the last pieces for buildroot to truley have a easy way to
create a buildroot build with SELinux enabled.  As such I feel it's important
to have it in the buildroot mainline.

The patchset by Bryce Ferguson that was submitted in January adds a refpolicy
that is from early 2015, and as such is quite out of date.  Also the overall
package submitted has some issues that I wanted to fix up as well.

I contacted Bryce on May 10th and asked if I could take over the refpolicy
patches again from him and he was glad to let me do so, if anybody needs a copy
of the email I will gladly forward it to them.


Here are some of the issues I saw that were cleaned up or are changed from
Bryce Fergusons patch set:

Patch1: refpolicy: new package.
  - Removed 0001-Fix-awk-references-to-use-variable.patch: Fixed upstream.
  - Renamed 0002-support-fc_sort-use-_FOR_BUILD.patch to 
    0001-fc_sort-use-CFLAGS_FOR_BUILD.patch.
  - Updated 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch to work with new version
    of Refpolicy.
  - Remove S00selinux, as this would be a bit too much for section 21.5.1
    paragraph 3 of the buildroot manual.  The first patch in this series
    should build and install just a reference policy on the target.
  - Stripped down patch to include just enough to build refpolicy and
    install the policy on the target.
    
  Config.in:
    - Fixed attributes order.
    - Fixed text wrapping.
    - Removed policy type selection.
    - Removed default state selection.

  refpolicy.hash:  
    - Updated hash, however this doesn't work anyways because git
      submodule packages aren't checked for hash consistancy yet.

  refpolicy.mk:
    - Updated version number in refpolicy.mk
    - Changed ordering in refpolicy.mk.  I tend to put the DEPENDENCIES line
      below lines that aren't likely to change often, such as INSTALL_STAGING.
    - Combined REFPOLICY_MAKE_OPTS and REFPOLICY_MAKE_ENV into REFPOLICY_MAKE.
      This cleans up the rest of the makefile.
    - Removed AWK= and M4= in refpolicy.mk, as these are no longer needed with
      the newer version of refpolicy.
    - Removed REFPOLICY_NAME, as the first patch only references a policy name
      once.
    - Changed "br_policy" to "targeted", as that's what most distributions
      that use SELinux have for their default name.
    - Set the default policy version number to 30, as this is the highest
      currently supported by the kernel.
    - Removed install-docs, as they generally installed for buildroot.
    - Broke up CONFIFGURE_CMDS and BUILD_CMDS:  The original patch configured
      and built refpolicies in REFPOLICY_CONFIGURE_CMDS, which doesn't follow
      other buildroot package.mk conventions.
    - Combined making bare and conf into a single line.
    - Removed creatings $(TARGET_DIR)/etc/selinux/config in initial patch.
    - Removed INIT_SYSV section.


patch2: refpolicy-add-ability-to-specify-policy-version
  - The reason why this is a standalone patch is that it follows section 21.5.1
    paragraph 3 of the buildroot manual.  Adding the ability to set a default
    state is secondary to the policy version.  As such I decided to break up
    this patch into it's own seperate patch.
  

patch3: refpolicy-add-ability-to-specify-policy-version
  - Broke this patch up into it's own seperate patch so that it follows section
    21.5.1 paragraph 3 of the buildroot manual.  This patch adds only the
    ability to set the default selinux state.
  - Re-added a template config file with SELINUXTYPE of targeted.
    
  Config.in:
    - Changed ENFORCE to ENFORCING because it matches the actual string.
    - Changed DISABLE to DISABLED because it matches the actual string.
  
  refpolicy.mk:
    - Added only one set command to $(TARGET_DIR)/etc/selinux/config

Adam Duskett (3):
  refpolicy: new package
  add ability to specify policy version
  refpolicy: add ability to set default state.

 package/Config.in                                  |  1 +
 .../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch        | 30 ++++++++++
 package/refpolicy/Config.in                        | 70 ++++++++++++++++++++++
 package/refpolicy/config                           |  9 +++
 package/refpolicy/refpolicy.hash                   |  2 +
 package/refpolicy/refpolicy.mk                     | 55 +++++++++++++++++
 6 files changed, 167 insertions(+)
 create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
 create mode 100644 package/refpolicy/Config.in
 create mode 100644 package/refpolicy/config
 create mode 100644 package/refpolicy/refpolicy.hash
 create mode 100644 package/refpolicy/refpolicy.mk

-- 
2.9.3

^ permalink raw reply

* [Buildroot] [PATCH v2 1/3] refpolicy: new package
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514172157.1780-1-Adamduskett@outlook.com>

The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - Added cover letter explaining the new patch set. 
  - Added 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch from previous patch set.
  - Readded dependencies from  Bryce Ferguson's patch set.
  - Readded comment in refpolicy.mk explaining why git submodules is needed.
  
 package/Config.in                                  |  1 +
 .../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch        | 30 +++++++++++++
 package/refpolicy/Config.in                        | 37 ++++++++++++++++
 package/refpolicy/refpolicy.hash                   |  2 +
 package/refpolicy/refpolicy.mk                     | 49 ++++++++++++++++++++++
 5 files changed, 119 insertions(+)
 create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
 create mode 100644 package/refpolicy/Config.in
 create mode 100644 package/refpolicy/refpolicy.hash
 create mode 100644 package/refpolicy/refpolicy.mk

diff --git a/package/Config.in b/package/Config.in
index d57813c..6aa6885 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1754,6 +1754,7 @@ endmenu
 menu "Security"
 	source "package/checkpolicy/Config.in"
 	source "package/policycoreutils/Config.in"
+	source "package/refpolicy/Config.in"
 	source "package/sepolgen/Config.in"
 	source "package/setools/Config.in"
 endmenu
diff --git a/package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch b/package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
new file mode 100644
index 0000000..e854e41
--- /dev/null
+++ b/package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
@@ -0,0 +1,30 @@
+From da468bd4f312cc7ad76836e1a21020ae423f9bf5 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Sun, 14 May 2017 12:02:28 -0400
+Subject: [PATCH] fc_sort-use-CFLAGS_FOR_BUILD
+
+Updates the one C based tool to use the CC_FOR_BUILD and respective flags
+variable as a full host build isn't required.
+
+Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 154beb5..cfff20f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -403,7 +403,7 @@ conf.intermediate: $(polxml)
+ # Generate the fc_sort program
+ #
+ $(fcsort) : $(support)/fc_sort.c
+-	$(verbose) $(CC) $(CFLAGS) $^ -o $@
++	$(verbose) $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $^ -o $@
+ 
+ ########################################
+ #
+-- 
+2.9.3
+
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..a937055
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,37 @@
+config BR2_PACKAGE_REFPOLICY
+	bool "refpolicy"
+	depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
+	depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
+	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # libsemanage
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
+	depends on BR2_TOOLCHAIN_USES_GLIBC # libsemanage
+	depends on !BR2_STATIC_LIBS #libsemanage
+	depends on !BR2_arc # libsemanage
+	select BR2_PACKAGE_POLICYCOREUTILS
+	select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+	help
+	  The SELinux Reference Policy project (refpolicy) is a
+	  complete SELinux policy that can be used as the system
+	  policy for a variety of systems and used as the basis
+	  for creating other policies. Reference Policy was originally
+	  based on the NSA example policy, but aims to accomplish
+	  many additional goals.
+
+	  The current refpolicy does not fully support Buildroot
+	  and needs modifications to work with the default system
+	  file layout. These changes should be added as patches to
+	  the refpolicy that modify a single SELinux policy.
+
+	  The refpolicy works for the most part in permissive mode. Only
+	  the basic set of utilities are enabled in the example policy
+	  config and some of the pathing in the policies is not correct.
+	  Individual policies would need to be tweaked to get everything
+	  functioning properly.
+
+	  https://github.com/TresysTechnology/refpolicy
+
+comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
+	depends on !BR2_arc
+	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
+	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
+		!BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
new file mode 100644
index 0000000..7aeac41
--- /dev/null
+++ b/package/refpolicy/refpolicy.hash
@@ -0,0 +1,2 @@
+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e  refpolicy-RELEASE_2_20170204.tar.gz
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..d565cbd
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,49 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = RELEASE_2_20170204
+
+# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
+REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
+REFPOLICY_SITE_METHOD = git
+REFPOLICY_GIT_SUBMODULES = y # Required for refpolicy-contrib
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_DEPENDENCIES += \
+	host-m4 \
+	host-checkpolicy \
+	host-policycoreutils \
+	host-setools \
+	host-gawk \
+	host-python \
+	policycoreutils
+
+REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
+
+define REFPOLICY_CONFIGURE_CMDS
+	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
+endef
+
+define REFPOLICY_BUILD_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
+	DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+endef
+
+$(eval $(generic-package))
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 2/3] refpolicy add ability to specify policy version
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514172157.1780-1-Adamduskett@outlook.com>

Refpolicy by default will build the highest version supported.
This may cause older kernels to not load the policy.

This patch adds a custom policy version string which is defaulted
to 30, which is the highest supported as of today.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - Added cover letter explaining the new patch set. 

 package/refpolicy/Config.in    | 8 ++++++++
 package/refpolicy/refpolicy.mk | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index a937055..9d4e0e6 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -35,3 +35,11 @@ comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
 		!BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_VERSION
+	string "Policy version"
+	default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index d565cbd..b60c456 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -28,7 +28,7 @@ REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-p
 REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
 
 define REFPOLICY_CONFIGURE_CMDS
-	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(BR2_PACKAGE_REFPOLICY_VERSION)" $(@D)/build.conf
 	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
 	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
 endef
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 3/3] refpolicy: add ability to set default state.
From: Adam Duskett @ 2017-05-14 17:21 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514172157.1780-1-Adamduskett@outlook.com>

SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.

This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy.  In this case, the
default name is targeted.

This patch adds:
- A choice menu on Config.in that allows the user to select a default
  SELinux state.

- A basic config file that will be installed to
  target/etc/selinux and will set SELINUX= to the selected state.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - Added cover letter explaining the new patch set. 

 package/refpolicy/Config.in    | 25 +++++++++++++++++++++++++
 package/refpolicy/config       |  9 +++++++++
 package/refpolicy/refpolicy.mk |  6 ++++++
 3 files changed, 40 insertions(+)
 create mode 100644 package/refpolicy/config

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 9d4e0e6..a51e411 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -41,5 +41,30 @@ if BR2_PACKAGE_REFPOLICY
 config BR2_PACKAGE_REFPOLICY_VERSION
 	string "Policy version"
 	default "30"
+choice
+	prompt "SELinux default state"
+	default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+	bool "Enforcing"
+	help
+	  SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+	bool "Permissive"
+	help
+	  SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
+	bool "Disabled"
+	help
+	  No SELinux policy is loaded
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_STATE
+	string
+	default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+	default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+	default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
 
 endif
diff --git a/package/refpolicy/config b/package/refpolicy/config
new file mode 100644
index 0000000..a45a349
--- /dev/null
+++ b/package/refpolicy/config
@@ -0,0 +1,9 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
+SELINUX=disabled
+
+SELINUXTYPE=targeted
+
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index b60c456..4834a46 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
 	policycoreutils
 
 REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+REFPOLICY_NAME = "targeted"
 
 # Cannot use multiple threads to build the reference policy
 REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
@@ -44,6 +45,11 @@ endef
 
 define REFPOLICY_INSTALL_TARGET_CMDS
 	$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+	$(INSTALL) -m 0755 -D package/refpolicy/config \
+		$(TARGET_DIR)/etc/selinux/config
+
+	$(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
+		$(TARGET_DIR)/etc/selinux/config
 endef
 
 $(eval $(generic-package))
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v3 0/3] refpolicy: new package cover letter.
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
  To: buildroot

Refpolicy is one of the last pieces for buildroot to truley have a easy way to
create a buildroot build with SELinux enabled.  As such I feel it's important
to have it in the buildroot mainline.

The patchset by Bryce Ferguson that was submitted in January adds a refpolicy
that is from early 2015, and as such is quite out of date.  Also the overall
package submitted has some issues that I wanted to fix up as well.

I contacted Bryce on May 10th and asked if I could take over the refpolicy
patches again from him and he was glad to let me do so, if anybody needs a copy
of the email I will gladly forward it to them.


Here are some of the issues I saw that were cleaned up or are changed from
Bryce Fergusons patch set:

Patch1: refpolicy: new package.
  - Removed 0001-Fix-awk-references-to-use-variable.patch: Fixed upstream.
  - Removed 0002-support-fc_sort-use-_FOR_BUILD.patch as this doesn't work in
    the new version of refpolicy.
  - Updated 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch to work with new version
    of Refpolicy.
  - Remove S00selinux, as this would be a bit too much for section 21.5.1
    paragraph 3 of the buildroot manual.  The first patch in this series
    should build and install just a reference policy on the target.
  - Stripped down patch to include just enough to build refpolicy and
    install the policy on the target.
    
  Config.in:
    - Fixed attributes order.
    - Fixed text wrapping.
    - Removed policy type selection.
    - Removed default state selection.

  refpolicy.hash:  
    - Updated hash, however this doesn't work anyways because git
      submodule packages aren't checked for hash consistancy yet.

  refpolicy.mk:
    - Updated version number in refpolicy.mk
    - Changed ordering in refpolicy.mk.  I tend to put the DEPENDENCIES line
      below lines that aren't likely to change often, such as INSTALL_STAGING.
    - Combined REFPOLICY_MAKE_OPTS and REFPOLICY_MAKE_ENV into REFPOLICY_MAKE.
      This cleans up the rest of the makefile.
    - Removed AWK= and M4= in refpolicy.mk, as these are no longer needed with
      the newer version of refpolicy.
    - Removed REFPOLICY_NAME, as the first patch only references a policy name
      once.
    - Changed "br_policy" to "targeted", as that's what most distributions
      that use SELinux have for their default name.
    - Set the default policy version number to 30, as this is the highest
      currently supported by the kernel.
    - Removed install-docs, as they generally installed for buildroot.
    - Broke up CONFIFGURE_CMDS and BUILD_CMDS:  The original patch configured
      and built refpolicies in REFPOLICY_CONFIGURE_CMDS, which doesn't follow
      other buildroot package.mk conventions.
    - Combined making bare and conf into a single line.
    - Removed creatings $(TARGET_DIR)/etc/selinux/config in initial patch.
    - Removed INIT_SYSV section.


patch2: refpolicy-add-ability-to-specify-policy-version
  - The reason why this is a standalone patch is that it follows section 21.5.1
    paragraph 3 of the buildroot manual.  Adding the ability to set a default
    state is secondary to the policy version.  As such I decided to break up
    this patch into it's own seperate patch.
  

patch3: refpolicy-add-ability-to-specify-policy-version
  - Broke this patch up into it's own seperate patch so that it follows section
    21.5.1 paragraph 3 of the buildroot manual.  This patch adds only the
    ability to set the default selinux state.
  - Re-added a template config file with SELINUXTYPE of targeted.
    
  Config.in:
    - Changed ENFORCE to ENFORCING because it matches the actual string.
    - Changed DISABLE to DISABLED because it matches the actual string.
  
  refpolicy.mk:
    - Added only one set command to $(TARGET_DIR)/etc/selinux/config

Adam Duskett (3):
  refpolicy: new package
  add ability to specify policy version
  refpolicy: add ability to set default state.

 package/Config.in                                  |  1 +
 .../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch        | 30 ++++++++++
 package/refpolicy/Config.in                        | 70 ++++++++++++++++++++++
 package/refpolicy/config                           |  9 +++
 package/refpolicy/refpolicy.hash                   |  2 +
 package/refpolicy/refpolicy.mk                     | 55 +++++++++++++++++
 6 files changed, 167 insertions(+)
 create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
 create mode 100644 package/refpolicy/Config.in
 create mode 100644 package/refpolicy/config
 create mode 100644 package/refpolicy/refpolicy.hash
 create mode 100644 package/refpolicy/refpolicy.mk

-- 
2.9.3

^ permalink raw reply

* [Buildroot] [PATCH v3 1/3] refpolicy: new package
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514174053.26140-1-Adamduskett@outlook.com>

The patch is for adding selinux reference policy (refpolicy).
It is a complete SELinux policy that can be used as the system policy
for a variety of systems and used as the basis for creating other policies.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v2 -> v3:
  - Removed 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch as this causes compilation
    problems in the newer refpolicy and doesn't seem to be needed anymore.

Changes v1 -> v2:
  - Added cover letter explaining the new patch set. 
  - Added 0001-fc_sort-use-CFLAGS_FOR_BUILD.patch from previous patch set.
  - Readded dependencies from  Bryce Ferguson's patch set.
  - Readded comment in refpolicy.mk explaining why git submodules is needed.

 package/Config.in                                  |  1 +
 .../0001-fc_sort-use-CFLAGS_FOR_BUILD.patch        | 30 +++++++++++++
 package/refpolicy/Config.in                        | 37 ++++++++++++++++
 package/refpolicy/refpolicy.hash                   |  2 +
 package/refpolicy/refpolicy.mk                     | 49 ++++++++++++++++++++++
 5 files changed, 119 insertions(+)
 create mode 100644 package/refpolicy/0001-fc_sort-use-CFLAGS_FOR_BUILD.patch
 create mode 100644 package/refpolicy/Config.in
 create mode 100644 package/refpolicy/refpolicy.hash
 create mode 100644 package/refpolicy/refpolicy.mk

diff --git a/package/Config.in b/package/Config.in
index d57813c..6aa6885 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1754,6 +1754,7 @@ endmenu
 menu "Security"
 	source "package/checkpolicy/Config.in"
 	source "package/policycoreutils/Config.in"
+	source "package/refpolicy/Config.in"
 	source "package/sepolgen/Config.in"
 	source "package/setools/Config.in"
 endmenu
diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
new file mode 100644
index 0000000..a937055
--- /dev/null
+++ b/package/refpolicy/Config.in
@@ -0,0 +1,37 @@
+config BR2_PACKAGE_REFPOLICY
+	bool "refpolicy"
+	depends on BR2_TOOLCHAIN_HAS_THREADS # policycoreutils
+	depends on BR2_TOOLCHAIN_USES_GLIBC # policycoreutils
+	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS # libsemanage
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage
+	depends on BR2_TOOLCHAIN_USES_GLIBC # libsemanage
+	depends on !BR2_STATIC_LIBS #libsemanage
+	depends on !BR2_arc # libsemanage
+	select BR2_PACKAGE_POLICYCOREUTILS
+	select BR2_PACKAGE_BUSYBOX_SELINUX if BR2_PACKAGE_BUSYBOX
+	help
+	  The SELinux Reference Policy project (refpolicy) is a
+	  complete SELinux policy that can be used as the system
+	  policy for a variety of systems and used as the basis
+	  for creating other policies. Reference Policy was originally
+	  based on the NSA example policy, but aims to accomplish
+	  many additional goals.
+
+	  The current refpolicy does not fully support Buildroot
+	  and needs modifications to work with the default system
+	  file layout. These changes should be added as patches to
+	  the refpolicy that modify a single SELinux policy.
+
+	  The refpolicy works for the most part in permissive mode. Only
+	  the basic set of utilities are enabled in the example policy
+	  config and some of the pathing in the policies is not correct.
+	  Individual policies would need to be tweaked to get everything
+	  functioning properly.
+
+	  https://github.com/TresysTechnology/refpolicy
+
+comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
+	depends on !BR2_arc
+	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
+	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
+		!BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
new file mode 100644
index 0000000..7aeac41
--- /dev/null
+++ b/package/refpolicy/refpolicy.hash
@@ -0,0 +1,2 @@
+#From https://github.com/TresysTechnology/refpolicy/wiki/DownloadRelease
+sha256 08f9e2afc5e4939c23e56deeec7c47da029d7b85d82fb4ded01a36eb5da0651e  refpolicy-RELEASE_2_20170204.tar.gz
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
new file mode 100644
index 0000000..d565cbd
--- /dev/null
+++ b/package/refpolicy/refpolicy.mk
@@ -0,0 +1,49 @@
+################################################################################
+#
+# refpolicy
+#
+################################################################################
+
+REFPOLICY_VERSION = RELEASE_2_20170204
+
+# Do not use GitHub helper as git submodules are needed for refpolicy-contrib
+REFPOLICY_SITE = https://github.com/TresysTechnology/refpolicy.git
+REFPOLICY_SITE_METHOD = git
+REFPOLICY_GIT_SUBMODULES = y # Required for refpolicy-contrib
+REFPOLICY_LICENSE = GPLv2
+REFPOLICY_LICENSE_FILES = COPYING
+REFPOLICY_INSTALL_STAGING = YES
+REFPOLICY_DEPENDENCIES += \
+	host-m4 \
+	host-checkpolicy \
+	host-policycoreutils \
+	host-setools \
+	host-gawk \
+	host-python \
+	policycoreutils
+
+REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+
+# Cannot use multiple threads to build the reference policy
+REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
+
+define REFPOLICY_CONFIGURE_CMDS
+	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
+	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
+endef
+
+define REFPOLICY_BUILD_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) bare conf DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_STAGING_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) install-src install-headers \
+	DESTDIR=$(STAGING_DIR)
+endef
+
+define REFPOLICY_INSTALL_TARGET_CMDS
+	$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+endef
+
+$(eval $(generic-package))
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v3 2/3] refpolicy add ability to specify policy version
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514174053.26140-1-Adamduskett@outlook.com>

Refpolicy by default will build the highest version supported.
This may cause older kernels to not load the policy.

This patch adds a custom policy version string which is defaulted
to 30, which is the highest supported as of today.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v2 -> v3:
  - No changes.

Changes v1 -> v2:
  - Added cover letter explaining the new patch set. 

 package/refpolicy/Config.in    | 8 ++++++++
 package/refpolicy/refpolicy.mk | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index a937055..9d4e0e6 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -35,3 +35,11 @@ comment "refpolicy needs a glibc toolchain w/ threads, dynamic library"
 	depends on BR2_PACKAGE_AUDIT_ARCH_SUPPORTS
 	depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || \
 		!BR2_TOOLCHAIN_USES_GLIBC
+
+if BR2_PACKAGE_REFPOLICY
+
+config BR2_PACKAGE_REFPOLICY_VERSION
+	string "Policy version"
+	default "30"
+
+endif
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index d565cbd..b60c456 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -28,7 +28,7 @@ REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-p
 REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
 
 define REFPOLICY_CONFIGURE_CMDS
-	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = 30" $(@D)/build.conf
+	$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(BR2_PACKAGE_REFPOLICY_VERSION)" $(@D)/build.conf
 	$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
 	$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
 endef
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v3 3/3] refpolicy: add ability to set default state.
From: Adam Duskett @ 2017-05-14 17:40 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170514174053.26140-1-Adamduskett@outlook.com>

SELinux requires a config file in /etc/selinux which controls the state
of SELinux on the system.

This config file has two options set in it:
SELINUX which set's the state of selinux on boot.
SELINUXTYPE which should equal the name of the policy.  In this case, the
default name is targeted.

This patch adds:
- A choice menu on Config.in that allows the user to select a default
  SELinux state.

- A basic config file that will be installed to
  target/etc/selinux and will set SELINUX= to the selected state.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v2 -> v3:
  - No changes.

Changes v1 -> v2:
  - Added cover letter explaining the new patch set. 

 package/refpolicy/Config.in    | 25 +++++++++++++++++++++++++
 package/refpolicy/config       |  9 +++++++++
 package/refpolicy/refpolicy.mk |  6 ++++++
 3 files changed, 40 insertions(+)
 create mode 100644 package/refpolicy/config

diff --git a/package/refpolicy/Config.in b/package/refpolicy/Config.in
index 9d4e0e6..a51e411 100644
--- a/package/refpolicy/Config.in
+++ b/package/refpolicy/Config.in
@@ -41,5 +41,30 @@ if BR2_PACKAGE_REFPOLICY
 config BR2_PACKAGE_REFPOLICY_VERSION
 	string "Policy version"
 	default "30"
+choice
+	prompt "SELinux default state"
+	default BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+
+config BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+	bool "Enforcing"
+	help
+	  SELinux security policy is enforced
+
+config BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+	bool "Permissive"
+	help
+	  SELinux prints warnings instead of enforcing
+
+config BR2_PACKAGE_REFPOLICY_STATE_DISABLED
+	bool "Disabled"
+	help
+	  No SELinux policy is loaded
+endchoice
+
+config BR2_PACKAGE_REFPOLICY_STATE
+	string
+	default "permissive" if BR2_PACKAGE_REFPOLICY_STATE_PERMISSIVE
+	default "enforcing" if BR2_PACKAGE_REFPOLICY_STATE_ENFORCING
+	default "disabled" if BR2_PACKAGE_REFPOLICY_STATE_DISABLED
 
 endif
diff --git a/package/refpolicy/config b/package/refpolicy/config
new file mode 100644
index 0000000..a45a349
--- /dev/null
+++ b/package/refpolicy/config
@@ -0,0 +1,9 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
+SELINUX=disabled
+
+SELINUXTYPE=targeted
+
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index b60c456..4834a46 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,6 +23,7 @@ REFPOLICY_DEPENDENCIES += \
 	policycoreutils
 
 REFPOLICY_PYINC = -I$(HOST_DIR)/usr/include/python$(PYTHON_VERSION_MAJOR)/site-packages
+REFPOLICY_NAME = "targeted"
 
 # Cannot use multiple threads to build the reference policy
 REFPOLICY_MAKE = PYTHON="$(HOST_DIR)/usr/bin/python2" $(TARGET_MAKE_ENV) $(MAKE1)
@@ -44,6 +45,11 @@ endef
 
 define REFPOLICY_INSTALL_TARGET_CMDS
 	$(REFPOLICY_MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+	$(INSTALL) -m 0755 -D package/refpolicy/config \
+		$(TARGET_DIR)/etc/selinux/config
+
+	$(SED) "/^SELINUX=/c\SELINUX=$(BR2_PACKAGE_REFPOLICY_STATE)" \
+		$(TARGET_DIR)/etc/selinux/config
 endef
 
 $(eval $(generic-package))
-- 
2.9.3

^ permalink raw reply related


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox