Greetings Wenzong, On 08/21/2015 02:09 AM, wenzong fan wrote: > On 08/21/2015 10:48 AM, Philip Tricca wrote: >> Any opinions / thoughts on this one? I've got an upgrade for the >> toolstack (2.3 -> 2.4) ready to go but I've based it on the release URIs >> from the wiki so it depends on this patch. > > Good to know you have made the selinux toolstack upgrade (2.3 -> 2.4). > > Did you fix the refpolicy-* build issues with 2.4 tools?
I think so :) > The policy store is moved to /var/lib/selinux, the install logic from > refpolicy_common.inc may fail to build policy DB and generate contexts > files. Indeed it failed spectacularly. Additionally the format of the policy store has changed a bit with the addition of the CIL. I've got all of this up on github in a branch if you'd like to give it a review. It currently works but I'm sure it can be improved: https://github.com/flihp/meta-selinux/tree/upgrade Best, Philip >> On 08/15/2015 06:35 AM, Philip Tricca wrote: >>> The SRC_URI used for the last SELinux userspace upgrade was the >>> wrong one. We were using the URI generated by GitHub when tags are >>> added to a repo. These are not the SELinux release tarballs. >>> >>> The SELinux project generates and releases tarballs for each tool >>> and posts them to their GitHub wiki 'Releases' page: >>> https://github.com/SELinuxProject/selinux/wiki/Releases. This patch >>> fixes this URI, fixes the SELINUX_RELEASE variable that didn't get >>> updated during the last upgrade, removes the workaround for the 'S' >>> variable and fixes up the SRC_URI hashes. >>> >>> Signed-off-by: Philip Tricca <fl...@twobit.us> >>> --- >>> recipes-security/selinux/checkpolicy_2.3.bb | 4 ++-- >>> recipes-security/selinux/libselinux_2.3.bb | 4 ++-- >>> recipes-security/selinux/libsemanage_2.3.bb | 4 ++-- >>> recipes-security/selinux/libsepol_2.3.bb | 4 ++-- >>> recipes-security/selinux/policycoreutils_2.3.bb | 4 ++-- >>> recipes-security/selinux/selinux_20140506.inc | 4 ++-- >>> recipes-security/selinux/selinux_common.inc | 4 ---- >>> recipes-security/selinux/sepolgen_1.2.1.bb | 4 ++-- >>> 8 files changed, 14 insertions(+), 18 deletions(-) >>> >>> diff --git a/recipes-security/selinux/checkpolicy_2.3.bb >>> b/recipes-security/selinux/checkpolicy_2.3.bb >>> index 9f68487..0efc94e 100644 >>> --- a/recipes-security/selinux/checkpolicy_2.3.bb >>> +++ b/recipes-security/selinux/checkpolicy_2.3.bb >>> @@ -3,5 +3,5 @@ include ${BPN}.inc >>> >>> LIC_FILES_CHKSUM = >>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" >>> >>> -SRC_URI[md5sum] = "920f1a048b6023a22e1bae7b40fd413c" >>> -SRC_URI[sha256sum] = >>> "8072c12121613ba943417bbb6d33224d12373ea19d75c5acd1846a35e0e05b74" >>> +SRC_URI[md5sum] = "90caed59291291b184890f563bf6c095" >>> +SRC_URI[sha256sum] = >>> "90632d11afecb66997971d4c5c5d70dfb02d3969ec610ee2918ba6df99c8207b" >>> diff --git a/recipes-security/selinux/libselinux_2.3.bb >>> b/recipes-security/selinux/libselinux_2.3.bb >>> index 81e599d..ff74b61 100644 >>> --- a/recipes-security/selinux/libselinux_2.3.bb >>> +++ b/recipes-security/selinux/libselinux_2.3.bb >>> @@ -3,8 +3,8 @@ include ${BPN}.inc >>> >>> LIC_FILES_CHKSUM = >>> "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0" >>> >>> -SRC_URI[md5sum] = "d27e249ad8450e7182203134cf4d85e2" >>> -SRC_URI[sha256sum] = >>> "03fe2baa7ceeea531a64fd321b44ecf09a55f3af5ef66a58a4135944f34e9851" >>> +SRC_URI[md5sum] = "b11d4d95ef4bde732dbc8462df57a1e5" >>> +SRC_URI[sha256sum] = >>> "0b1e0b43ecd84a812713d09564019b08e7c205d89072b5cbcd07b052cd8e77b2" >>> >>> SRC_URI += "\ >>> file://libselinux-drop-Wno-unused-but-set-variable.patch \ >>> diff --git a/recipes-security/selinux/libsemanage_2.3.bb >>> b/recipes-security/selinux/libsemanage_2.3.bb >>> index 5eada94..a238e08 100644 >>> --- a/recipes-security/selinux/libsemanage_2.3.bb >>> +++ b/recipes-security/selinux/libsemanage_2.3.bb >>> @@ -3,8 +3,8 @@ include ${BPN}.inc >>> >>> LIC_FILES_CHKSUM = >>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" >>> >>> -SRC_URI[md5sum] = "cc313b400637d94e3a549bf77555d8c3" >>> -SRC_URI[sha256sum] = >>> "4c984379a98ee9f05b80ff6e57dd2de886273d7136146456cabdce21ac32ed7f" >>> +SRC_URI[md5sum] = "e564e2b92d18db35707060da29cddab9" >>> +SRC_URI[sha256sum] = >>> "03e09e35e611c286e446bef92b6023ef2623815996f5a53394bb02e49a312e4b" >>> >>> SRC_URI += "\ >>> file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \ >>> diff --git a/recipes-security/selinux/libsepol_2.3.bb >>> b/recipes-security/selinux/libsepol_2.3.bb >>> index 0c07d41..478a6ee 100644 >>> --- a/recipes-security/selinux/libsepol_2.3.bb >>> +++ b/recipes-security/selinux/libsepol_2.3.bb >>> @@ -3,5 +3,5 @@ include ${BPN}.inc >>> >>> LIC_FILES_CHKSUM = >>> "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" >>> >>> -SRC_URI[md5sum] = "c6b3dc07bf19ab4f364f21bbecb44beb" >>> -SRC_URI[sha256sum] = >>> "5a4481bfd0fad6fdad1511c786d69de1fc3eddc28154eae1691e1bf4e9e505c3" >>> +SRC_URI[md5sum] = "e47e8527b5d4ea971726c455f847efdd" >>> +SRC_URI[sha256sum] = >>> "cc8d8642c3b7b95d6928d65dcbca2ab0627abc1c05166637851e63c1a6eae68f" >>> diff --git a/recipes-security/selinux/policycoreutils_2.3.bb >>> b/recipes-security/selinux/policycoreutils_2.3.bb >>> index c837266..b77094e 100644 >>> --- a/recipes-security/selinux/policycoreutils_2.3.bb >>> +++ b/recipes-security/selinux/policycoreutils_2.3.bb >>> @@ -3,8 +3,8 @@ include ${BPN}.inc >>> >>> LIC_FILES_CHKSUM = >>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" >>> >>> -SRC_URI[md5sum] = "4f5c508e3c3867c8beb343e993d353dd" >>> -SRC_URI[sha256sum] = >>> "11e8815ac13debb87897d2781381b89ec5c6c746a3d44223a493bc7ace6cc71f" >>> +SRC_URI[md5sum] = "9a5db20adfe2250f53833b277ac796ae" >>> +SRC_URI[sha256sum] = >>> "864cfaee58b5d2f15b140c354e59666e57143293c89f2b2e85bc0d0e4beefcd2" >>> >>> SRC_URI += "\ >>> file://policycoreutils-fix-sepolicy-install-path.patch \ >>> diff --git a/recipes-security/selinux/selinux_20140506.inc >>> b/recipes-security/selinux/selinux_20140506.inc >>> index 01cc52f..beaaff0 100644 >>> --- a/recipes-security/selinux/selinux_20140506.inc >>> +++ b/recipes-security/selinux/selinux_20140506.inc >>> @@ -1,5 +1,5 @@ >>> -SELINUX_RELEASE = "20131030" >>> +SELINUX_RELEASE = "20140506" >>> >>> -SRC_URI = >>> "https://github.com/SELinuxProject/selinux/archive/${BPN}-${PV}.tar.gz"; >>> +SRC_URI = >>> "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"; >>> >>> >>> include selinux_common.inc >>> diff --git a/recipes-security/selinux/selinux_common.inc >>> b/recipes-security/selinux/selinux_common.inc >>> index e53792d..7efa694 100644 >>> --- a/recipes-security/selinux/selinux_common.inc >>> +++ b/recipes-security/selinux/selinux_common.inc >>> @@ -5,10 +5,6 @@ HOMEPAGE = "https://github.com/SELinuxProject"; >>> # we redefine EXTRA_OEMAKE here >>> EXTRA_OEMAKE = "-e" >>> >>> -# Releases are now from the base of the full tree, necessitating our >>> skipping >>> -# through an extra level of directories. >>> -S = "${WORKDIR}/selinux-${BPN}-${PV}/${BPN}" >>> - >>> do_compile() { >>> oe_runmake all \ >>> INCLUDEDIR='${STAGING_INCDIR}' \ >>> diff --git a/recipes-security/selinux/sepolgen_1.2.1.bb >>> b/recipes-security/selinux/sepolgen_1.2.1.bb >>> index b47ff26..c636ac3 100644 >>> --- a/recipes-security/selinux/sepolgen_1.2.1.bb >>> +++ b/recipes-security/selinux/sepolgen_1.2.1.bb >>> @@ -3,5 +3,5 @@ include ${BPN}.inc >>> >>> LIC_FILES_CHKSUM = >>> "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" >>> >>> -SRC_URI[md5sum] = "308011ba495b6770239bb3d371d277d3" >>> -SRC_URI[sha256sum] = >>> "7a5710f7c8be16dfbaf8da98c3c0e46bc6159f2df5340e9efb975b084f61413c" >>> +SRC_URI[md5sum] = "ce662a83188bc3a9b40c15792fcaf2c8" >>> +SRC_URI[sha256sum] = >>> "438c246bdc6b3cf1b12116831f4c601aaae6e93decb007dddab212a3c88781b0" >>> >> -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
