From mboxrd@z Thu Jan 1 00:00:00 1970 From: Samuel Martin Date: Tue, 14 Jul 2015 14:26:46 +0200 Subject: [Buildroot] [PATCH v8 01/16] policycoreutils: new package In-Reply-To: <1436570882-56442-2-git-send-email-clayton.shotwell@rockwellcollins.com> References: <1436570882-56442-1-git-send-email-clayton.shotwell@rockwellcollins.com> <1436570882-56442-2-git-send-email-clayton.shotwell@rockwellcollins.com> Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: buildroot@busybox.net Clayton, all, On Sat, Jul 11, 2015 at 1:27 AM, Clayton Shotwell wrote: [...] > diff --git a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch > new file mode 100644 > index 0000000..016980f > --- /dev/null > +++ b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch > @@ -0,0 +1,258 @@ > +From a8eea90050551e42d4dc81867853f351282f9f90 Mon Sep 17 00:00:00 2001 > +From: Clayton Shotwell > +Date: Fri, 10 Jul 2015 11:44:08 -0500 > +Subject: [PATCH 1/3] Add DESTDIR to all paths that use an absolute path > + > +To aid in cross compiling, add the DESTDIR variable to the start of all > +of the paths used during compilation. Most paths already used DESTDIR. > + > +Signed-off-by: Clayton Shotwell > +--- > + Makefile | 4 ++-- > + audit2allow/Makefile | 2 +- > + load_policy/Makefile | 2 +- > + mcstrans/src/Makefile | 11 +++++++---- > + mcstrans/utils/Makefile | 9 ++++++--- > + newrole/Makefile | 12 ++++++------ > + restorecond/Makefile | 6 ++++-- > + run_init/Makefile | 12 ++++++------ > + sepolicy/Makefile | 2 +- > + setfiles/Makefile | 4 ++-- > + 10 files changed, 36 insertions(+), 28 deletions(-) > + > +diff --git a/Makefile b/Makefile > +index 3980799..0fca022 100644 > +--- a/Makefile > ++++ b/Makefile > +@@ -1,8 +1,8 @@ > + SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui > + > +-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) > ++INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null) > + > +-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h) > ++ifeq (${INOTIFYH}, $(DESTDIR)/usr/include/sys/inotify.h) > + SUBDIRS += restorecond > + endif > + > +diff --git a/audit2allow/Makefile b/audit2allow/Makefile > +index 88635d4..933e520 100644 > +--- a/audit2allow/Makefile > ++++ b/audit2allow/Makefile > +@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr > + BINDIR ?= $(PREFIX)/bin > + LIBDIR ?= $(PREFIX)/lib > + MANDIR ?= $(PREFIX)/share/man > +-LOCALEDIR ?= /usr/share/locale > ++LOCALEDIR ?= $(DESTDIR)/usr/share/locale nit: could be set to: $(PREFIX)/share/locale > + > + all: ; > + > +diff --git a/load_policy/Makefile b/load_policy/Makefile > +index 7c5bab0..4129d8f 100644 > +--- a/load_policy/Makefile > ++++ b/load_policy/Makefile > +@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr > + SBINDIR ?= $(DESTDIR)/sbin > + USRSBINDIR ?= $(PREFIX)/sbin > + MANDIR ?= $(PREFIX)/share/man > +-LOCALEDIR ?= /usr/share/locale > ++LOCALEDIR ?= $(DESTDIR)/usr/share/locale ditto > + > + CFLAGS ?= -Werror -Wall -W > + override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" > +diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile > +index fb44490..1982b43 100644 > +--- a/mcstrans/src/Makefile > ++++ b/mcstrans/src/Makefile > +@@ -1,15 +1,18 @@ > + ARCH = $(shell uname -i) This can break target build, no? Unless you set ARCH=... on the right of make. (I don't something like that in the *.mk.) Note that for the host, BR2_HOSTARCH is also defined. > + ifeq "$(ARCH)" "x86_64" > + # In case of 64 bit system, use these lines > +- LIBDIR=/usr/lib64 > +-else > ++ LIBDIR=$(DESTDIR)/usr/lib64 > ++else > + ifeq "$(ARCH)" "i686" > + # In case of 32 bit system, use these lines > +- LIBDIR=/usr/lib > ++ LIBDIR=$(DESTDIR)/usr/lib > + else > + ifeq "$(ARCH)" "i386" > + # In case of 32 bit system, use these lines > +- LIBDIR=/usr/lib > ++ LIBDIR=$(DESTDIR)/usr/lib > ++else > ++ # Default to these lines if arch is unknown > ++ LIBDIR=$(DESTDIR)/usr/lib > + endif > + endif Note that a couple of targets set BR2_ARCH to i486 or i586, see [1]. > + endif > +diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile > +index 1ffb027..dcdc68b 100644 > +--- a/mcstrans/utils/Makefile > ++++ b/mcstrans/utils/Makefile > +@@ -5,15 +5,18 @@ BINDIR ?= $(PREFIX)/sbin > + ARCH = $(shell uname -i) ditto here and below. > + ifeq "$(ARCH)" "x86_64" > + # In case of 64 bit system, use these lines > +- LIBDIR=/usr/lib64 > ++ LIBDIR=$(DESTDIR)/usr/lib64 > + else > + ifeq "$(ARCH)" "i686" > + # In case of 32 bit system, use these lines > +- LIBDIR=/usr/lib > ++ LIBDIR=$(DESTDIR)/usr/lib > + else > + ifeq "$(ARCH)" "i386" > + # In case of 32 bit system, use these lines > +- LIBDIR=/usr/lib > ++ LIBDIR=$(DESTDIR)/usr/lib > ++else > ++ # Default to these lines if arch is unknown > ++ LIBDIR=$(DESTDIR)/usr/lib > + endif > + endif > + endif > +diff --git a/newrole/Makefile b/newrole/Makefile > +index 646cd4d..a876ff3 100644 > +--- a/newrole/Makefile > ++++ b/newrole/Makefile > +@@ -3,9 +3,9 @@ PREFIX ?= $(DESTDIR)/usr > + BINDIR ?= $(PREFIX)/bin > + MANDIR ?= $(PREFIX)/share/man > + ETCDIR ?= $(DESTDIR)/etc > +-LOCALEDIR = /usr/share/locale > +-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) > +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) > ++LOCALEDIR = $(DESTDIR)/usr/share/locale or s@/usr@$(PREFIX)@ > ++PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null) ditto > ++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null) ditto > + # Enable capabilities to permit newrole to generate audit records. > + # This will make newrole a setuid root program. > + # The capabilities used are: CAP_AUDIT_WRITE. > +@@ -24,7 +24,7 @@ CFLAGS ?= -Werror -Wall -W > + EXTRA_OBJS = > + override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" > + LDLIBS += -lselinux -L$(PREFIX)/lib > +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) > ++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h) ditto > + override CFLAGS += -DUSE_PAM > + EXTRA_OBJS += hashtab.o > + LDLIBS += -lpam -lpam_misc > +@@ -32,7 +32,7 @@ else > + override CFLAGS += -D_XOPEN_SOURCE=500 > + LDLIBS += -lcrypt > + endif > +-ifeq ($(AUDITH), /usr/include/libaudit.h) > ++ifeq ($(AUDITH), $(DESTDIR)/usr/include/libaudit.h) ditto > + override CFLAGS += -DUSE_AUDIT > + LDLIBS += -laudit > + endif > +@@ -66,7 +66,7 @@ install: all > + test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 > + install -m $(MODE) newrole $(BINDIR) > + install -m 644 newrole.1 $(MANDIR)/man1/ > +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) > ++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h) ditto > + test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d > + ifeq ($(LSPP_PRIV),y) > + install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole > +diff --git a/restorecond/Makefile b/restorecond/Makefile > +index 3074542..7c40f95 100644 > +--- a/restorecond/Makefile > ++++ b/restorecond/Makefile > +@@ -10,11 +10,13 @@ autostart_DATA = sealertauto.desktop > + INITDIR = $(DESTDIR)/etc/rc.d/init.d > + SELINUXDIR = $(DESTDIR)/etc/selinux > + > +-DBUSFLAGS = -DHAVE_DBUS -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include > ++DBUSFLAGS = -DHAVE_DBUS -I$(PREFIX)/include/dbus-1.0 -I$(PREFIX)/lib64/dbus-1.0/include \ > ++ -I$(PREFIX)/lib/dbus-1.0/include > + DBUSLIB = -ldbus-glib-1 -ldbus-1 > + > + CFLAGS ?= -g -Werror -Wall -W > +-override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include > ++override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I$(PREFIX)/include/glib-2.0 \ > ++ -I$(PREFIX)/lib64/glib-2.0/include -I$(PREFIX)/lib/glib-2.0/include > + > + LDLIBS += -lselinux $(DBUSLIB) -lglib-2.0 -L$(LIBDIR) > + > +diff --git a/run_init/Makefile b/run_init/Makefile > +index 12b39b4..3c6f58a 100644 > +--- a/run_init/Makefile > ++++ b/run_init/Makefile > +@@ -4,21 +4,21 @@ PREFIX ?= $(DESTDIR)/usr > + SBINDIR ?= $(PREFIX)/sbin > + MANDIR ?= $(PREFIX)/share/man > + ETCDIR ?= $(DESTDIR)/etc > +-LOCALEDIR ?= /usr/share/locale > +-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) > +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) > ++LOCALEDIR ?= $(DESTDIR)/usr/share/locale > ++PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null) > ++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null) ditto > + > + CFLAGS ?= -Werror -Wall -W > + override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" > + LDLIBS += -lselinux -L$(PREFIX)/lib > +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) > ++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h) ditto > + override CFLAGS += -DUSE_PAM > + LDLIBS += -lpam -lpam_misc > + else > + override CFLAGS += -D_XOPEN_SOURCE=500 > + LDLIBS += -lcrypt > + endif > +-ifeq ($(AUDITH), /usr/include/libaudit.h) > ++ifeq ($(AUDITH), $(DESTDIR)/usr/include/libaudit.h) ditto > + override CFLAGS += -DUSE_AUDIT > + LDLIBS += -laudit > + endif > +@@ -38,7 +38,7 @@ install: all > + install -m 755 open_init_pty $(SBINDIR) > + install -m 644 run_init.8 $(MANDIR)/man8/ > + install -m 644 open_init_pty.8 $(MANDIR)/man8/ > +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) > ++ifeq ($(PAMH), $(DESTDIR)/usr/include/security/pam_appl.h) ditto > + install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init > + endif > + > +diff --git a/sepolicy/Makefile b/sepolicy/Makefile > +index 11b534f..1074d26 100644 > +--- a/sepolicy/Makefile > ++++ b/sepolicy/Makefile > +@@ -5,7 +5,7 @@ LIBDIR ?= $(PREFIX)/lib > + BINDIR ?= $(PREFIX)/bin > + SBINDIR ?= $(PREFIX)/sbin > + MANDIR ?= $(PREFIX)/share/man > +-LOCALEDIR ?= /usr/share/locale > ++LOCALEDIR ?= $(DESTDIR)/usr/share/locale ditto > + PYTHON ?= /usr/bin/python > + BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/ > + SHAREDIR ?= $(PREFIX)/share/sandbox > +diff --git a/setfiles/Makefile b/setfiles/Makefile > +index 4b44b3c..dc04d9a 100644 > +--- a/setfiles/Makefile > ++++ b/setfiles/Makefile > +@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr > + SBINDIR ?= $(DESTDIR)/sbin > + MANDIR = $(PREFIX)/share/man > + LIBDIR ?= $(PREFIX)/lib > +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) > ++AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null) ditto > + > + PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }') > + ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }') > +@@ -12,7 +12,7 @@ CFLAGS = -g -Werror -Wall -W > + override CFLAGS += -I$(PREFIX)/include > + LDLIBS = -lselinux -lsepol -L$(LIBDIR) > + > +-ifeq ($(AUDITH), /usr/include/libaudit.h) > ++ifeq ($(AUDITH), $(DESTDIR)/usr/include/libaudit.h) ditto > + override CFLAGS += -DUSE_AUDIT > + LDLIBS += -laudit > + endif > +-- > +1.9.1 > + > diff --git a/package/policycoreutils/0002-Allow-CFLAGS-to-be-overwritten.patch b/package/policycoreutils/0002-Allow-CFLAGS-to-be-overwritten.patch > new file mode 100644 > index 0000000..54aecae > --- /dev/null > +++ b/package/policycoreutils/0002-Allow-CFLAGS-to-be-overwritten.patch > @@ -0,0 +1,57 @@ > +From 656740d38ad34cbd5a89e900dab82ec521d0a522 Mon Sep 17 00:00:00 2001 > +From: Clayton Shotwell > +Date: Fri, 10 Jul 2015 11:47:09 -0500 > +Subject: [PATCH 2/3] Allow CFLAGS to be overwritten > + > +Allow all CFLAGS declarations to be overwritten to aid in cross > +compiling. > + > +Signed-off-by: Clayton Shotwell > +--- > + sepolicy/Makefile | 2 +- > + sestatus/Makefile | 2 +- > + setfiles/Makefile | 2 +- > + 3 files changed, 3 insertions(+), 3 deletions(-) > + > +diff --git a/sepolicy/Makefile b/sepolicy/Makefile > +index 1074d26..9d44ac2 100644 > +--- a/sepolicy/Makefile > ++++ b/sepolicy/Makefile > +@@ -9,7 +9,7 @@ LOCALEDIR ?= $(DESTDIR)/usr/share/locale > + PYTHON ?= /usr/bin/python > + BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/ > + SHAREDIR ?= $(PREFIX)/share/sandbox > +-override CFLAGS = $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared > ++override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared Ditch -Werror here please, otherwise it will always be in the CFLAGS :-/ > + > + BASHCOMPLETIONS=sepolicy-bash-completion.sh > + > +diff --git a/sestatus/Makefile b/sestatus/Makefile > +index c5db7a3..c04ff00 100644 > +--- a/sestatus/Makefile > ++++ b/sestatus/Makefile > +@@ -5,7 +5,7 @@ MANDIR = $(PREFIX)/share/man > + ETCDIR ?= $(DESTDIR)/etc > + LIBDIR ?= $(PREFIX)/lib > + > +-CFLAGS = -Werror -Wall -W > ++CFLAGS ?= -Werror -Wall -W > + override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 > + LDLIBS = -lselinux -L$(LIBDIR) > + > +diff --git a/setfiles/Makefile b/setfiles/Makefile > +index dc04d9a..67d9ef0 100644 > +--- a/setfiles/Makefile > ++++ b/setfiles/Makefile > +@@ -8,7 +8,7 @@ AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null) > + PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }') > + ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }') > + > +-CFLAGS = -g -Werror -Wall -W > ++CFLAGS ?= -g -Werror -Wall -W > + override CFLAGS += -I$(PREFIX)/include > + LDLIBS = -lselinux -lsepol -L$(LIBDIR) > + > +-- > +1.9.1 > + > diff --git a/package/policycoreutils/0003-Change-sepolicy-python-install-arguments-to-be-a-var.patch b/package/policycoreutils/0003-Change-sepolicy-python-install-arguments-to-be-a-var.patch > new file mode 100644 > index 0000000..4e35d92 > --- /dev/null > +++ b/package/policycoreutils/0003-Change-sepolicy-python-install-arguments-to-be-a-var.patch > @@ -0,0 +1,42 @@ > +From c8f1022be057cfe28101fbd0d6dedf6f42477ffc Mon Sep 17 00:00:00 2001 > +From: Clayton Shotwell > +Date: Fri, 10 Jul 2015 11:56:49 -0500 > +Subject: [PATCH 3/3] Change sepolicy python install arguments to be a variable > + > +To allow the python install arguments to be overwritten, change the > +arguments to be a variable. This also cleans up the DESTDIR detection a > +little bit. > + > +Signed-off-by: Clayton Shotwell > +--- > + sepolicy/Makefile | 7 ++++++- > + 1 file changed, 6 insertions(+), 1 deletion(-) > + > +diff --git a/sepolicy/Makefile b/sepolicy/Makefile > +index 9d44ac2..bd8a383 100644 > +--- a/sepolicy/Makefile > ++++ b/sepolicy/Makefile > +@@ -7,6 +7,11 @@ SBINDIR ?= $(PREFIX)/sbin > + MANDIR ?= $(PREFIX)/share/man > + LOCALEDIR ?= $(DESTDIR)/usr/share/locale > + PYTHON ?= /usr/bin/python > ++ifneq (,$(DESTDIR)) > ++PYTHON_INSTALL_ARGS ?= --root $(DESTDIR) Why not a += ? Can it be preset through the env. or command line? > ++else > ++PYTHON_INSTALL_ARGS ?= > ++endif > + BASHCOMPLETIONDIR ?= $(DESTDIR)/etc/bash_completion.d/ > + SHAREDIR ?= $(PREFIX)/share/sandbox > + override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared > +@@ -23,7 +28,7 @@ clean: > + -rm -rf build *~ \#* *pyc .#* > + > + install: > +- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` > ++ $(PYTHON) setup.py install $(PYTHON_INSTALL_ARGS) > + [ -d $(BINDIR) ] || mkdir -p $(BINDIR) > + install -m 755 sepolicy.py $(BINDIR)/sepolicy > + -mkdir -p $(MANDIR)/man8 > +-- > +1.9.1 > + > diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in > new file mode 100644 > index 0000000..1dc01c4 > --- /dev/null > +++ b/package/policycoreutils/Config.in > @@ -0,0 +1,59 @@ > +config BR2_PACKAGE_POLICYCOREUTILS > + bool "policycoreutils" > + select BR2_PACKAGE_LIBSEMANAGE > + select BR2_PACKAGE_LIBCAP_NG > + select BR2_PACKAGE_GETTEXT if BR2_NEEDS_GETTEXT > + depends on BR2_TOOLCHAIN_HAS_THREADS # libsemanage > + depends on BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL # uses fts.h > + help > + Policycoreutils is a collection of policy utilities (originally > + the "core" set of utilities needed to use SELinux, although it > + has grown a bit over time), which have different dependencies. > + sestatus, secon, run_init, and newrole only use libselinux. > + load_policy and setfiles only use libselinux and libsepol. > + semodule and semanage use libsemanage (and thus bring in > + dependencies on libsepol and libselinux as well). setsebool > + uses libselinux to make non-persistent boolean changes (via > + the kernel interface) and uses libsemanage to make persistent > + boolean changes. > + > + The base package will install the following utilities: > + load_policy > + newrole > + restorecond > + run_init > + secon > + semodule > + semodule_deps > + semodule_expand > + semodule_link > + semodule_package > + sepolgen-ifgen > + sestatus > + setfiles > + setsebool > + > + http://selinuxproject.org/page/Main_Page > + > +comment "policycoreutils needs a glibc or musl toolchain w/ threads" > + depends on !BR2_TOOLCHAIN_HAS_THREADS \ > + || !(BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_MUSL) > + > +if BR2_PACKAGE_POLICYCOREUTILS > + > +config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND > + bool "restorecond Utility" > + select BR2_PACKAGE_DBUS_GLIB > + depends on BR2_PACKAGE_DBUS Why a "depends on" instead of a select? > + depends on BR2_USE_WCHAR # glib2 > + depends on BR2_TOOLCHAIN_HAS_THREADS # glib2 > + depends on BR2_USE_MMU # glib2 > + help > + Enable restorecond to be built > + > +comment "restorecond needs a toolchain w/ wchar, threads, dbus" > + depends on BR2_USE_MMU > + depends on BR2_PACKAGE_DBUS > + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS > + > +endif > diff --git a/package/policycoreutils/policycoreutils.hash b/package/policycoreutils/policycoreutils.hash > new file mode 100644 > index 0000000..575dd25 > --- /dev/null > +++ b/package/policycoreutils/policycoreutils.hash > @@ -0,0 +1,2 @@ > +# https://github.com/SELinuxProject/selinux/wiki/Releases > +sha256 b6881741f9f9988346a73bfeccb0299941dc117349753f0ef3f23ee86f06c1b5 policycoreutils-2.1.14.tar.gz > diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk > new file mode 100644 > index 0000000..2b954b9 > --- /dev/null > +++ b/package/policycoreutils/policycoreutils.mk > @@ -0,0 +1,107 @@ > +################################################################################ > +# > +# policycoreutils > +# > +################################################################################ > + > +POLICYCOREUTILS_VERSION = 2.1.14 > +POLICYCOREUTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20130423 > +POLICYCOREUTILS_LICENSE = GPLv2 > +POLICYCOREUTILS_LICENSE_FILES = COPYING > + > +# gettext for load_policy.c use of libintl_* functions > +POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng $(if $(BR2_NEEDS_GETTEXT),gettext) > + > +ifeq ($(BR2_PACKAGE_LINUX_PAM),y) > +POLICYCOREUTILS_DEPENDENCIES += linux-pam > +POLICYCOREUTILS_MAKE_OPTS += NAMESPACE_PRIV=y > +define POLICYCOREUTILS_INSTALL_TARGET_LINUX_PAM_CONFS > + $(INSTALL) -D -m 0644 $(@D)/newrole/newrole-lspp.pamd $(TARGET_DIR)/etc/pam.d/newrole > + $(INSTALL) -D -m 0644 $(@D)/run_init/run_init.pamd $(TARGET_DIR)/etc/pam.d/run_init > +endef > +endif > + > +ifeq ($(BR2_PACKAGE_AUDIT),y) > +POLICYCOREUTILS_DEPENDENCIES += audit > +POLICYCOREUTILS_MAKE_OPTS += AUDIT_LOG_PRIV=y > +endif > + > +# Enable LSPP_PRIV if both audit and linux pam are enabled > +ifeq ($(BR2_PACKAGE_LINUX_PAM)$(BR2_PACKAGE_AUDIT),yy) > +POLICYCOREUTILS_MAKE_OPTS += LSPP_PRIV=y > +endif > + > +# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h > +# large file support. > +# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information > +POLICYCOREUTILS_MAKE_OPTS = \ s/=/+=/ Otherwise, options set for linux-pam and audit are lost. Also, no ARCH=$(BR2_ARCH) in the *_MAKE_OPTS (see my comment above)? > + CC="$(TARGET_CC)" \ > + CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS" \ > + LDFLAGS="$(TARGET_LDFLAGS) $(if $(BR2_NEEDS_GETTEXT),-lintl)" > + > +POLICYCOREUTILS_MAKE_DIRS = load_policy newrole run_init \ > + secon semodule semodule_deps semodule_expand semodule_link \ > + semodule_package sepolgen-ifgen sestatus setfiles setsebool > + > +ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y) > +POLICYCOREUTILS_DEPENDENCIES += dbus-glib > +POLICYCOREUTILS_MAKE_DIRS += restorecond > +endif > + > +define POLICYCOREUTILS_BUILD_CMDS > + for dir in $(POLICYCOREUTILS_MAKE_DIRS) ; do \ > + $(MAKE) -C $(@D)/$${dir} $(POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(STAGING_DIR) all || exit 1 ; \ > + done > +endef > + > +define POLICYCOREUTILS_INSTALL_TARGET_CMDS > + for dir in $(POLICYCOREUTILS_MAKE_DIRS) ; do \ > + $(MAKE) -C $(@D)/$${dir} $(POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install || exit 1 ; \ > + done > +endef > + > +HOST_POLICYCOREUTILS_DEPENDENCIES = host-libsemanage host-dbus-glib host-sepolgen host-setools > + > +# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h > +# large file support. > +# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information > +HOST_POLICYCOREUTILS_MAKE_OPTS = \ > + CC="$(HOSTCC)" \ > + CFLAGS="$(HOST_CFLAGS) -U_FILE_OFFSET_BITS" \ > + PYTHON="$(HOST_DIR)/usr/bin/python" \ > + PYTHON_INSTALL_ARGS="$(HOST_PKG_PYTHON_DISTUTILS_INSTALL_OPTS)" > + > + > +ifeq ($(BR2_PACKAGE_PYTHON3),y) > +HOST_POLICYCOREUTILS_DEPENDENCIES += host-python3 > +HOST_POLICYCOREUTILS_MAKE_OPTS += \ > + PYLIBVER="python$(PYTHON3_VERSION_MAJOR)" > +else > +HOST_POLICYCOREUTILS_DEPENDENCIES += host-python > +HOST_POLICYCOREUTILS_MAKE_OPTS += \ > + PYLIBVER="python$(PYTHON_VERSION_MAJOR)" > +endif > + > +# Note: We are only building the programs required by the refpolicy build > +HOST_POLICYCOREUTILS_MAKE_DIRS = load_policy semodule semodule_deps semodule_expand semodule_link \ > + semodule_package setfiles restorecond audit2allow audit2why scripts semanage sepolicy > + > +define HOST_POLICYCOREUTILS_BUILD_CMDS > + for dir in $(HOST_POLICYCOREUTILS_MAKE_DIRS) ; do \ > + $(MAKE) -C $(@D)/$${dir} $(HOST_POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(HOST_DIR) all || exit 1 ; \ > + done > +endef > + > +define HOST_POLICYCOREUTILS_INSTALL_CMDS > + for dir in $(HOST_POLICYCOREUTILS_MAKE_DIRS) ; do \ > + $(MAKE) -C $(@D)/$${dir} $(HOST_POLICYCOREUTILS_MAKE_OPTS) DESTDIR=$(HOST_DIR) install || exit 1 ; \ > + done > + # Fix python paths > + $(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/audit2allow > + $(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/audit2why > + $(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/sepolgen-ifgen > + $(SED) 's%/usr/bin/%$(HOST_DIR)/usr/bin/%g' $(HOST_DIR)/usr/bin/sepolicy > +endef > + > +$(eval $(generic-package)) > +$(eval $(host-generic-package)) > -- > 1.9.1 > > _______________________________________________ > buildroot mailing list > buildroot at busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot [1] http://git.buildroot.net/buildroot/tree/arch/Config.in.x86#n201 Regards, -- Samuel