From bb2473e6d724de6b662f4c45302e7af7b1f87dd2 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sat, 13 Mar 2021 13:50:33 +0800 Subject: libsemanage: update to 3.2 * Merge inc file into bb file. * Drop obsolete patches: libsemanage-define-FD_CLOEXEC-as-necessary.patch Signed-off-by: Yi Zhao Signed-off-by: Joe MacDonald --- recipes-security/selinux/libsemanage.inc | 45 ------------------ ...ibsemanage-define-FD_CLOEXEC-as-necessary.patch | 35 -------------- recipes-security/selinux/libsemanage_3.1.bb | 14 ------ recipes-security/selinux/libsemanage_3.2.bb | 54 ++++++++++++++++++++++ 4 files changed, 54 insertions(+), 94 deletions(-) delete mode 100644 recipes-security/selinux/libsemanage.inc delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch delete mode 100644 recipes-security/selinux/libsemanage_3.1.bb create mode 100644 recipes-security/selinux/libsemanage_3.2.bb diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc deleted file mode 100644 index 0139511..0000000 --- a/recipes-security/selinux/libsemanage.inc +++ /dev/null @@ -1,45 +0,0 @@ -SUMMARY = "SELinux binary policy manipulation library" -DESCRIPTION = "libsemanage provides an API for the manipulation of SELinux binary policies. \ -It is used by checkpolicy (the policy compiler) and similar tools, as well \ -as by programs like load_policy that need to perform specific transformations \ -on binary policies such as customizing policy boolean settings." -SECTION = "base" -LICENSE = "LGPLv2.1+" - -inherit lib_package python3native - -DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native" -DEPENDS_append_class-target = " audit" - -PACKAGES =+ "${PN}-python" - -# For /usr/libexec/selinux/semanage_migrate_store -RDEPENDS_${PN}-python += "python3-core" - -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ - ${libexecdir}/selinux/semanage_migrate_store" -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*" - -FILES_${PN} += "${libexecdir}" - -EXTRA_OEMAKE_class-native += "DISABLE_AUDIT=y" - -do_compile_append() { - oe_runmake pywrap \ - PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \ - PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \ - PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}' -} - -do_install_append() { - oe_runmake install-pywrap \ - PYCEXT='.so' \ - PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \ - PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' - - # Update "policy-version" for semanage.conf - sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 31/' \ - ${D}/etc/selinux/semanage.conf -} - -BBCLASSEXTEND = "native" diff --git a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch b/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch deleted file mode 100644 index 45bcbe6..0000000 --- a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 81f2e8b62ad2298a197c4b16e7182a133c1e116f Mon Sep 17 00:00:00 2001 -From: Joe MacDonald -Date: Tue, 15 Oct 2013 10:17:38 -0400 -Subject: [PATCH] libsemanage: define FD_CLOEXEC as necessary - -In truly old systems, even FD_CLOEXEC may not be defined. Produce a -warning and duplicate the #define for FD_CLOEXEC found in -asm-generic/fcntl.h on more modern platforms. - -Upstream-Status: Inappropriate - -Signed-off-by: Joe MacDonald ---- - src/semanage_store.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/semanage_store.c b/src/semanage_store.c -index 1a94545..b586a8f 100644 ---- a/src/semanage_store.c -+++ b/src/semanage_store.c -@@ -66,6 +66,11 @@ typedef struct dbase_policydb dbase_t; - - #define TRUE 1 - -+#ifndef FD_CLOEXEC -+#warning FD_CLOEXEC undefined on this platform, this may leak file descriptors -+#define FD_CLOEXEC 1 -+#endif -+ - enum semanage_file_defs { - SEMANAGE_ROOT, - SEMANAGE_TRANS_LOCK, --- -2.7.4 - diff --git a/recipes-security/selinux/libsemanage_3.1.bb b/recipes-security/selinux/libsemanage_3.1.bb deleted file mode 100644 index 8e6781f..0000000 --- a/recipes-security/selinux/libsemanage_3.1.bb +++ /dev/null @@ -1,14 +0,0 @@ -require selinux_20200710.inc -require ${BPN}.inc - -LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" - -SRC_URI[md5sum] = "d16eee8c1dc8cf43f59957d575d6bd29" -SRC_URI[sha256sum] = "22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8" - -SRC_URI += "\ - file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ - file://libsemanage-define-FD_CLOEXEC-as-necessary.patch \ - file://libsemanage-allow-to-disable-audit-support.patch \ - file://libsemanage-disable-expand-check-on-policy-load.patch \ - " diff --git a/recipes-security/selinux/libsemanage_3.2.bb b/recipes-security/selinux/libsemanage_3.2.bb new file mode 100644 index 0000000..58b6da4 --- /dev/null +++ b/recipes-security/selinux/libsemanage_3.2.bb @@ -0,0 +1,54 @@ +SUMMARY = "SELinux binary policy manipulation library" +DESCRIPTION = "libsemanage provides an API for the manipulation of SELinux binary policies. \ +It is used by checkpolicy (the policy compiler) and similar tools, as well \ +as by programs like load_policy that need to perform specific transformations \ +on binary policies such as customizing policy boolean settings." +SECTION = "base" +LICENSE = "LGPLv2.1+" +LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" + +require selinux_common.inc + +inherit lib_package python3native + +SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ + file://libsemanage-allow-to-disable-audit-support.patch \ + file://libsemanage-disable-expand-check-on-policy-load.patch \ + " + +DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native" +DEPENDS_append_class-target = " audit" + +S = "${WORKDIR}/git/libsemanage" + +PACKAGES =+ "${PN}-python" + +# For /usr/libexec/selinux/semanage_migrate_store +RDEPENDS_${PN}-python += "python3-core" + +FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ + ${libexecdir}/selinux/semanage_migrate_store" +FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*" +FILES_${PN} += "${libexecdir}" + +EXTRA_OEMAKE_class-native += "DISABLE_AUDIT=y" + +do_compile_append() { + oe_runmake pywrap \ + PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \ + PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \ + PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}' +} + +do_install_append() { + oe_runmake install-pywrap \ + PYCEXT='.so' \ + PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \ + PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' + + # Update "policy-version" for semanage.conf + sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 33/' \ + ${D}/etc/selinux/semanage.conf +} + +BBCLASSEXTEND = "native" -- cgit v1.2.3-54-g00ecf