[oe] [meta-oe][PATCH] libseccomp: import from meta-security
Bruce Ashfield
bruce.ashfield at gmail.com
Fri Jul 26 02:46:51 UTC 2019
On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu at windriver.com> wrote:
>
>
> On 2019年07月25日 21:45, Bruce Ashfield wrote:
> > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu at windriver.com> wrote:
> >>
> >> From: Mingli Yu <Mingli.Yu at windriver.com>
> >
> > Can you share some details as to why this should be pulled from
> > meta-security into a different repo ?
>
> Considering there is also some security related recipe under
> meta-oe/recipes-security/, I think it's not strange to add a new one
> libseccomp and libseccomp also provides a basic common filtering mechanism.
>
.. but it is literally churn for the sake of churn.
Meaning, that isn't a great reason to move something. If Armin wanted to
put the recipe in meta-oe, he would have done it himself.
>
> Meanwhile, the below yocto compliance check error disappears once we
> move libseccomp from meta-security to meta-oe.
> ERROR: Nothing PROVIDES 'libseccomp' (but
> /buildarea/layers/meta-virtualization/recipes-containers/cri-o/
> cri-o_git.bb
> DEPENDS on or otherwise requires it).
> Close matches:
> libcomps
> ERROR: Required build target 'meta-world-pkgdata' has no buildable
> providers.
>
> Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> 'cri-o', 'libseccomp']
>
Also not a valid reason. We've just fixed meta-virtualization, so there's
no need to shuffle something like this around, just to keep another layers
compliance check working.
Bruce
>
> Thanks,
>
> >
> > It seems to fit the mandate of meta-security quite nicely ;)
> >
> > Is there some sort of dependency issue, or other technical problem
> > that is causing a problem ?
> >
> > Bruce
> >
> >>
> >> Signed-off-by: Mingli Yu <Mingli.Yu at windriver.com>
> >> ---
> >> .../recipes-security/libseccomp/files/run-ptest | 4 +++
> >> .../libseccomp/libseccomp_2.4.1.bb | 41
> ++++++++++++++++++++++
> >> 2 files changed, 45 insertions(+)
> >> create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
> >> create mode 100644 meta-oe/recipes-security/libseccomp/
> libseccomp_2.4.1.bb
> >>
> >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >> new file mode 100644
> >> index 0000000..54b4a63
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >> @@ -0,0 +1,4 @@
> >> +#!/bin/sh
> >> +
> >> +cd tests
> >> +./regression -a
> >> diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >> new file mode 100644
> >> index 0000000..dba1be5
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >> @@ -0,0 +1,41 @@
> >> +SUMMARY = "interface to seccomp filtering mechanism"
> >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> platform independent,interface to the Linux Kernel's syscall filtering
> mechanism: seccomp."
> >> +SECTION = "security"
> >> +LICENSE = "LGPL-2.1"
> >> +LIC_FILES_CHKSUM =
> "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >> +
> >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >> +
> >> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> \
> >> + file://run-ptest \
> >> +"
> >> +
> >> +S = "${WORKDIR}/git"
> >> +
> >> +inherit autotools-brokensep pkgconfig ptest
> >> +
> >> +PACKAGECONFIG ??= ""
> >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> >> +
> >> +do_compile_ptest() {
> >> + oe_runmake -C tests check-build
> >> +}
> >> +
> >> +do_install_ptest() {
> >> + install -d ${D}${PTEST_PATH}/tests
> >> + install -d ${D}${PTEST_PATH}/tools
> >> + for file in $(find tests/* -executable -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> + done
> >> + for file in $(find tests/*.tests -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> + done
> >> + for file in $(find tools/* -executable -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >> + done
> >> +}
> >> +
> >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> ${libdir}/${PN}/tools/.debug"
> >> +
> >> +RDEPENDS_${PN}-ptest = "bash"
> >> --
> >> 2.7.4
> >>
> >> --
> >> _______________________________________________
> >> Openembedded-devel mailing list
> >> Openembedded-devel at lists.openembedded.org
> >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >
> >
> >
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II
More information about the Openembedded-devel
mailing list