[Re: [yocto] [meta-selinux][PATCH] libselinux: python-importlib is now part of python*-core] On 18.05.14 (Mon 10:05) Mark Hatle wrote:
> On 5/11/18 1:19 PM, Rudolf J Streif wrote: > > Thank you, Mark. Much appreciated and understood. > > > > Would you be open to tagging the layer for rocko to the right commit and > > applying the patches sent to the mailing list by Armin and Kai to master > > so that we have known points to move forward? > > I'm going to try to sync with Joe later today. I'll make sure that we > branch rocko.. If Joe can't get to the sumo work this week, I'll do > my best to get it done. Yeah, just keep everyone in the loop on this, Mark and I will coordinate, I anticipate having the current meta-selinux queue cleaned up this week. I followed up last week to Armin indicating that I was working on this, but as I'm sure anyone building meta-selinux right now already knows, things are not happy there and corrective measures are kind of involved. As for longer-term maintenance, meta-selinux and SELinux in general is of particular interest to me personally, but much like Mark, I haven't has as much time for the layer as it deserves lately, so if anyone wants to volunteer to help out with it, by all means, let us know. Thanks, -J. > > --Mark > > > Thank you, > > Rudi > > > > > > On 05/11/2018 10:45 AM, Mark Hatle wrote: > >> On 5/11/18 12:28 PM, Rudolf J Streif wrote: > >>> Echoing this: may I ask what the current maintenance status of > >>> meta-selinux is. It appears that no updates have been made for more than > >>> 9 months. This is of course not to blame anybody but out of concern that > >>> the layer is falling behind even more and to find a solution. > >> The answer is the current set of people are horribly overworked and busy, > >> so > >> day-to-day updates have been 'sparse'. > >> > >> Usually we update meta-selinux about the time of a release, and thus are > >> due. > >> > >> The last update of meta-selinux was about the time of the Rocko release, > >> so what > >> is in master is definitely current as of Rocko. (I did the last set of > >> updates > >> -- so I know it did work as of Rocko release.) The master needs to be > >> branched > >> as Rocko... master needs to be updated to be Sumo compatible. > >> > >> My assumption is that once Sumo is formally released (any minute now), > >> we'll > >> collection all of the patches and get them into place and spend some time > >> cleaning them up... > >> > >> It looks like Joe is already working through this effort. > >> > >> (Only speaking for myself,) I don't have time to do day-to-day maintenance > >> of > >> meta-selinux any longer -- nor do I have the indepth knowledge to > >> understand > >> when not to do something. I filled this role purely out of necessity since > >> nobody else was doing it. > >> > >> So with that said, if anyone wants to help, we're all open for help > >> here... I > >> doubt there would be any objection to adding or replacing existing > >> maintainers > >> and/or giving more people push access. > >> > >>> In addition to Armin's patches there are two patches submitted by Kai > >>> Kang at Windriver: > >>> > >>> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039917.html > >>> * https://lists.yoctoproject.org/pipermail/yocto/2018-February/039918.html > >>> > >>> Curiously enough, the second patch has been applied to master but not > >>> the first one. > >>> > >>> > >>> There is also an issue with building SELinux with systemd. The layer > >>> enables auditing: > >>> > >>> meta-selinux/classes/enable-audit.bbclass:PACKAGECONFIG[audit] = > >>> "--enable-audit,--disable-audit,audit," > >>> meta-selinux/recipes-core/systemd/systemd_%.bbappend:inherit > >>> ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)} > >>> > >>> Apparently the --enable-audit switch is passed to meson when running the > >>> configure task, which meson does not appreciate. I am not that familiar > >>> with the audit feature nor with meson, so I currently have no idea on > >>> how to fix this the right way. > >> audit feature is useful outside of selinux, so my understand was that audit > >> itself was moving into core during the sumo time frame (if it hadn't > >> already > >> been oved.) > >> > >> I don't know anything about meson, so I can't speak to that... > >> > >>> Further, refpolicy_git does not build anymore as the YP specific patches > >>> do not apply anymore since upstream changed. > >> The refpolicy is and has always been crap. I've been talking to a few > >> people on > >> IRC about working to replace the refpolicy with a policy that can be > >> generated > >> dynamically based on the contents of the recipes. I don't know if that is > >> really going to happen, but I hate the way it's currently implemented. > >> > >> One of the key issues about the refpolicy is that you need to be an expert > >> at > >> this (which I never claimed to be) in order to make any reasonable > >> decision -- > >> add to that any specific policy needs to userstand overall system design, > >> and I > >> wouldn't trust any of the refpolicy items as they stand in meta-selinux. > >> > >> --Mark > >> > >>> Thanks, > >>> Rudi > >>> > >>> > >>> > >>> On 05/07/2018 10:20 AM, akuster808 wrote: > >>>> On 04/14/2018 07:08 PM, Armin Kuster wrote: > >>>>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata', > >>>>> 'restorecond', 'libselinux', 'python-importlib'] > >>>>> > >>>>> Signed-off-by: Armin Kuster <akus...@mvista.com> > >>>> ping > >>>>> --- > >>>>> recipes-security/selinux/libselinux.inc | 2 +- > >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>>>> > >>>>> diff --git a/recipes-security/selinux/libselinux.inc > >>>>> b/recipes-security/selinux/libselinux.inc > >>>>> index bd5ce8d..51d0875 100644 > >>>>> --- a/recipes-security/selinux/libselinux.inc > >>>>> +++ b/recipes-security/selinux/libselinux.inc > >>>>> @@ -8,7 +8,7 @@ LICENSE = "PD" > >>>>> inherit lib_package pythonnative > >>>>> > >>>>> DEPENDS += "libsepol python libpcre swig-native" > >>>>> -RDEPENDS_${PN}-python += "python-importlib" > >>>>> +RDEPENDS_${PN}-python += "python-core" > >>>>> > >>>>> PACKAGES += "${PN}-python" > >>>>> FILES_${PN}-python = > >>>>> "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" > >>> > >>> > > > > -- -Joe MacDonald. :wq
signature.asc
Description: PGP signature
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
