diff options
author | Joe Slater <jslater@windriver.com> | 2017-03-09 10:58:06 -0800 |
---|---|---|
committer | Joe MacDonald <joe_macdonald@mentor.com> | 2017-03-24 14:10:17 -0400 |
commit | 916a95029c7d4af9f16eb955f2d2710cb563777c (patch) | |
tree | c68f21afc7d3e41f3b3f01f7e59d7ddfcc72c11e /meta-networking/recipes-support/chrony | |
parent | 64ab19b7d1781093cefa4d360aa9e1f8410e39aa (diff) | |
download | meta-openembedded-916a95029c7d4af9f16eb955f2d2710cb563777c.tar.gz |
chrony: fix build failure for arma9
Eliminate references to syscalls not available
for ARM_EABI. Also add a dependency on libseccomp
which is needed for scfilter to work.
Set PACKAGECONFIG to not enable scfilter, since
kernel CONFIG_SECCOMP is unlikely to be set. This
aligns the usage of libseccomp with that of other packages.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'meta-networking/recipes-support/chrony')
-rw-r--r-- | meta-networking/recipes-support/chrony/chrony/arm_eabi.patch | 57 | ||||
-rw-r--r-- | meta-networking/recipes-support/chrony/chrony_2.4.bb | 5 |
2 files changed, 60 insertions, 2 deletions
diff --git a/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch b/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch new file mode 100644 index 0000000000..d1586bba46 --- /dev/null +++ b/meta-networking/recipes-support/chrony/chrony/arm_eabi.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | chrony: fix build failure for arma9 | ||
2 | |||
3 | Eliminate references to syscalls not available | ||
4 | for ARM_EABI. Also add a dependency on libseccomp | ||
5 | which is needed for scfilter to work. | ||
6 | |||
7 | Set PACKAGECONFIG to not enable scfilter, since | ||
8 | kernel CONFIG_SECCOMP is unlikely to be set. This | ||
9 | aligns the usage of libseccomp with that of other packages. | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | |||
13 | Signed-off-by: Joe Slater <jslater@windriver.com> | ||
14 | |||
15 | --- a/sys_linux.c | ||
16 | +++ b/sys_linux.c | ||
17 | @@ -453,13 +453,12 @@ SYS_Linux_EnableSystemCallFilter(int lev | ||
18 | const int syscalls[] = { | ||
19 | /* Clock */ | ||
20 | SCMP_SYS(adjtimex), SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), | ||
21 | - SCMP_SYS(time), | ||
22 | /* Process */ | ||
23 | - SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getrlimit), | ||
24 | + SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), | ||
25 | SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask), | ||
26 | SCMP_SYS(set_tid_address), SCMP_SYS(sigreturn), SCMP_SYS(wait4), | ||
27 | /* Memory */ | ||
28 | - SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap), SCMP_SYS(mmap2), | ||
29 | + SCMP_SYS(brk), SCMP_SYS(madvise), SCMP_SYS(mmap2), | ||
30 | SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), SCMP_SYS(shmdt), | ||
31 | /* Filesystem */ | ||
32 | SCMP_SYS(access), SCMP_SYS(chmod), SCMP_SYS(chown), SCMP_SYS(chown32), | ||
33 | @@ -470,14 +469,21 @@ SYS_Linux_EnableSystemCallFilter(int lev | ||
34 | SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), | ||
35 | SCMP_SYS(recvfrom), SCMP_SYS(recvmsg), SCMP_SYS(sendmmsg), | ||
36 | SCMP_SYS(sendmsg), SCMP_SYS(sendto), | ||
37 | - /* TODO: check socketcall arguments */ | ||
38 | - SCMP_SYS(socketcall), | ||
39 | /* General I/O */ | ||
40 | SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(pipe), | ||
41 | - SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(futex), SCMP_SYS(select), | ||
42 | + SCMP_SYS(poll), SCMP_SYS(read), SCMP_SYS(futex), | ||
43 | SCMP_SYS(set_robust_list), SCMP_SYS(write), | ||
44 | /* Miscellaneous */ | ||
45 | SCMP_SYS(uname), | ||
46 | + /* not always available */ | ||
47 | +#if ! defined(__ARM_EABI__) | ||
48 | + SCMP_SYS(time), | ||
49 | + SCMP_SYS(getrlimit), | ||
50 | + SCMP_SYS(select), | ||
51 | + SCMP_SYS(mmap), | ||
52 | + /* TODO: check socketcall arguments */ | ||
53 | + SCMP_SYS(socketcall), | ||
54 | +#endif | ||
55 | }; | ||
56 | |||
57 | const int socket_domains[] = { | ||
diff --git a/meta-networking/recipes-support/chrony/chrony_2.4.bb b/meta-networking/recipes-support/chrony/chrony_2.4.bb index ad81701990..71431f4b7b 100644 --- a/meta-networking/recipes-support/chrony/chrony_2.4.bb +++ b/meta-networking/recipes-support/chrony/chrony_2.4.bb | |||
@@ -33,6 +33,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" | |||
33 | SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \ | 33 | SRC_URI = "https://download.tuxfamily.org/chrony/chrony-${PV}.tar.gz \ |
34 | file://chrony.conf \ | 34 | file://chrony.conf \ |
35 | file://chronyd \ | 35 | file://chronyd \ |
36 | file://arm_eabi.patch \ | ||
36 | " | 37 | " |
37 | SRC_URI[md5sum] = "d0598aa8a9be8faccef9386f6fc0d5f2" | 38 | SRC_URI[md5sum] = "d0598aa8a9be8faccef9386f6fc0d5f2" |
38 | SRC_URI[sha256sum] = "8d04e7cda2333289c2104b731d39c3c1db94816e43bae35d7ee4e7ae8af6391f" | 39 | SRC_URI[sha256sum] = "8d04e7cda2333289c2104b731d39c3c1db94816e43bae35d7ee4e7ae8af6391f" |
@@ -58,14 +59,14 @@ inherit update-rc.d systemd | |||
58 | # chrony.conf and init script. | 59 | # chrony.conf and init script. |
59 | # - 'scfilter' enables support for system call filtering, but requires the | 60 | # - 'scfilter' enables support for system call filtering, but requires the |
60 | # kernel to have CONFIG_SECCOMP enabled. | 61 | # kernel to have CONFIG_SECCOMP enabled. |
61 | PACKAGECONFIG ??= "editline scfilter \ | 62 | PACKAGECONFIG ??= "editline \ |
62 | ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ | 63 | ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ |
63 | " | 64 | " |
64 | PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline" | 65 | PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline" |
65 | PACKAGECONFIG[editline] = ",--without-editline,libedit" | 66 | PACKAGECONFIG[editline] = ",--without-editline,libedit" |
66 | PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" | 67 | PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" |
67 | PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" | 68 | PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" |
68 | PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp" | 69 | PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp" |
69 | PACKAGECONFIG[ipv6] = ",--disable-ipv6," | 70 | PACKAGECONFIG[ipv6] = ",--disable-ipv6," |
70 | PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" | 71 | PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" |
71 | PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" | 72 | PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" |