[oe] [meta-oe][PATCH] libseccomp: import from meta-security

Bruce Ashfield bruce.ashfield at gmail.com
Fri Jul 26 03:23:22 UTC 2019 

On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli <mingli.yu at windriver.com> wrote:
>
>
>
> On 2019年07月26日 10:46, Bruce Ashfield wrote:
> >
> >
> > On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu at windriver.com
> > <mailto:mingli.yu at windriver.com>> wrote:
> >
> >
> >
> >     On 2019年07月25日 21:45, Bruce Ashfield wrote:
> >      > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu at windriver.com
> >     <mailto:mingli.yu at windriver.com>> wrote:
> >      >>
> >      >> From: Mingli Yu <Mingli.Yu at windriver.com
> >     <mailto:Mingli.Yu at windriver.com>>
> >      >
> >      > Can you share some details as to why this should be pulled from
> >      > meta-security into a different repo ?
> >
> >     Considering there is also some security related recipe under
> >     meta-oe/recipes-security/, I think it's not strange to add a new one
> >     libseccomp and libseccomp also provides a basic common filtering
> >     mechanism.
> >
> >
> > .. but it is literally churn for the sake of churn.
> >
> > Meaning, that isn't a great reason to move something. If Armin wanted to
> > put the recipe in meta-oe, he would have done it himself.
>
> ^_^, I noticed Armin did try to do this in this thread "[oe]
> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
> in Jun 1, 2018.

In that case, follow up to that thread so folks can remember why it
didn't happen, or check to see if it was simply forgotten. Putting the
maintainers on the cc' from the start of something like this helps
immensely.

But I see you added Armin to this thread, so that should be enough.

Bruce

>
> >
> >
> >     Meanwhile, the below yocto compliance check error disappears once we
> >     move libseccomp from meta-security to meta-oe.
> >     ERROR: Nothing PROVIDES 'libseccomp' (but
> >     /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> >     <http://cri-o_git.bb>
> >     DEPENDS on or otherwise requires it).
> >     Close matches:
> >     libcomps
> >     ERROR: Required build target 'meta-world-pkgdata' has no buildable
> >     providers.
> >
> >     Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> >     'cri-o', 'libseccomp']
> >
> >
> > Also not a valid reason. We've just fixed meta-virtualization, so
> > there's no need to shuffle something like this around, just to keep
> > another layers compliance check working.
> >
> > Bruce
> >
> >
> >     Thanks,
> >
> >      >
> >      > It seems to fit the mandate of meta-security quite nicely ;)
> >      >
> >      > Is there some sort of dependency issue, or other technical problem
> >      > that is causing a problem ?
> >      >
> >      > Bruce
> >      >
> >      >>
> >      >> Signed-off-by: Mingli Yu <Mingli.Yu at windriver.com
> >     <mailto:Mingli.Yu at windriver.com>>
> >      >> ---
> >      >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
> >      >>   .../libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>                 | 41 ++++++++++++++++++++++
> >      >>   2 files changed, 45 insertions(+)
> >      >>   create mode 100644
> >     meta-oe/recipes-security/libseccomp/files/run-ptest
> >      >>   create mode 100644
> >     meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >      >>
> >      >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> >     b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >      >> new file mode 100644
> >      >> index 0000000..54b4a63
> >      >> --- /dev/null
> >      >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >      >> @@ -0,0 +1,4 @@
> >      >> +#!/bin/sh
> >      >> +
> >      >> +cd tests
> >      >> +./regression -a
> >      >> diff --git
> >     a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >     b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >      >> new file mode 100644
> >      >> index 0000000..dba1be5
> >      >> --- /dev/null
> >      >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >      >> @@ -0,0 +1,41 @@
> >      >> +SUMMARY = "interface to seccomp filtering mechanism"
> >      >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> >     platform independent,interface to the Linux Kernel's syscall
> >     filtering mechanism: seccomp."
> >      >> +SECTION = "security"
> >      >> +LICENSE = "LGPL-2.1"
> >      >> +LIC_FILES_CHKSUM =
> >     "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >      >> +
> >      >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >      >> +
> >      >> +SRC_URI =
> >     "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> >     <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
> >      >> +           file://run-ptest \
> >      >> +"
> >      >> +
> >      >> +S = "${WORKDIR}/git"
> >      >> +
> >      >> +inherit autotools-brokensep pkgconfig ptest
> >      >> +
> >      >> +PACKAGECONFIG ??= ""
> >      >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> >      >> +
> >      >> +do_compile_ptest() {
> >      >> +    oe_runmake -C tests check-build
> >      >> +}
> >      >> +
> >      >> +do_install_ptest() {
> >      >> +    install -d ${D}${PTEST_PATH}/tests
> >      >> +    install -d ${D}${PTEST_PATH}/tools
> >      >> +    for file in $(find tests/* -executable -type f); do
> >      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >      >> +    done
> >      >> +    for file in $(find tests/*.tests -type f); do
> >      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >      >> +    done
> >      >> +    for file in $(find tools/* -executable -type f); do
> >      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >      >> +    done
> >      >> +}
> >      >> +
> >      >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >      >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> >     ${libdir}/${PN}/tools/.debug"
> >      >> +
> >      >> +RDEPENDS_${PN}-ptest = "bash"
> >      >> --
> >      >> 2.7.4
> >      >>
> >      >> --
> >      >> _______________________________________________
> >      >> Openembedded-devel mailing list
> >      >> Openembedded-devel at lists.openembedded.org
> >     <mailto:Openembedded-devel at lists.openembedded.org>
> >      >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >      >
> >      >
> >      >
> >
> >
> >
> > --
> > - Thou shalt not follow the NULL pointer, for chaos and madness await
> > thee at its end
> > - "Use the force Harry" - Gandalf, Star Trek II
> >



-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

More information about the Openembedded-devel mailing list