[oe] [meta-oe][PATCH] libseccomp: import from meta-security

Yu, Mingli mingli.yu at windriver.com
Fri Jul 26 08:51:05 UTC 2019 


On 2019年07月26日 11:23, Bruce Ashfield wrote:
> On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli <mingli.yu at windriver.com> wrote:
>>
>>
>>
>> On 2019年07月26日 10:46, Bruce Ashfield wrote:
>>>
>>>
>>> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu at windriver.com
>>> <mailto:mingli.yu at windriver.com>> wrote:
>>>
>>>
>>>
>>>      On 2019年07月25日 21:45, Bruce Ashfield wrote:
>>>       > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu at windriver.com
>>>      <mailto:mingli.yu at windriver.com>> wrote:
>>>       >>
>>>       >> From: Mingli Yu <Mingli.Yu at windriver.com
>>>      <mailto:Mingli.Yu at windriver.com>>
>>>       >
>>>       > Can you share some details as to why this should be pulled from
>>>       > meta-security into a different repo ?
>>>
>>>      Considering there is also some security related recipe under
>>>      meta-oe/recipes-security/, I think it's not strange to add a new one
>>>      libseccomp and libseccomp also provides a basic common filtering
>>>      mechanism.
>>>
>>>
>>> .. but it is literally churn for the sake of churn.
>>>
>>> Meaning, that isn't a great reason to move something. If Armin wanted to
>>> put the recipe in meta-oe, he would have done it himself.
>>
>> ^_^, I noticed Armin did try to do this in this thread "[oe]
>> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
>> in Jun 1, 2018.
>
> In that case, follow up to that thread so folks can remember why it
> didn't happen, or check to see if it was simply forgotten. Putting the
> maintainers on the cc' from the start of something like this helps
> immensely.
>
> But I see you added Armin to this thread, so that should be enough.

Hi Bruce,

I'm okay to keep libseccomp under meta-security and can consider moving 
it to meta-oe if anyone thinks it is worth.

>
> Bruce
>
>>
>>>
>>>
>>>      Meanwhile, the below yocto compliance check error disappears once we
>>>      move libseccomp from meta-security to meta-oe.
>>>      ERROR: Nothing PROVIDES 'libseccomp' (but
>>>      /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
>>>      <http://cri-o_git.bb>
>>>      DEPENDS on or otherwise requires it).
>>>      Close matches:
>>>      libcomps
>>>      ERROR: Required build target 'meta-world-pkgdata' has no buildable
>>>      providers.
>>>
>>>      Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
>>>      'cri-o', 'libseccomp']

I will find other solution to solve the above error related to yocto 
compliance check.

Thanks,

>>>
>>>
>>> Also not a valid reason. We've just fixed meta-virtualization, so
>>> there's no need to shuffle something like this around, just to keep
>>> another layers compliance check working.
>>>
>>> Bruce
>>>
>>>
>>>      Thanks,
>>>
>>>       >
>>>       > It seems to fit the mandate of meta-security quite nicely ;)
>>>       >
>>>       > Is there some sort of dependency issue, or other technical problem
>>>       > that is causing a problem ?
>>>       >
>>>       > Bruce
>>>       >
>>>       >>
>>>       >> Signed-off-by: Mingli Yu <Mingli.Yu at windriver.com
>>>      <mailto:Mingli.Yu at windriver.com>>
>>>       >> ---
>>>       >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
>>>       >>   .../libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>                 | 41 ++++++++++++++++++++++
>>>       >>   2 files changed, 45 insertions(+)
>>>       >>   create mode 100644
>>>      meta-oe/recipes-security/libseccomp/files/run-ptest
>>>       >>   create mode 100644
>>>      meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>       >>
>>>       >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>      b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>       >> new file mode 100644
>>>       >> index 0000000..54b4a63
>>>       >> --- /dev/null
>>>       >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>       >> @@ -0,0 +1,4 @@
>>>       >> +#!/bin/sh
>>>       >> +
>>>       >> +cd tests
>>>       >> +./regression -a
>>>       >> diff --git
>>>      a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>      b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>       >> new file mode 100644
>>>       >> index 0000000..dba1be5
>>>       >> --- /dev/null
>>>       >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>       >> @@ -0,0 +1,41 @@
>>>       >> +SUMMARY = "interface to seccomp filtering mechanism"
>>>       >> +DESCRIPTION = "The libseccomp library provides and easy to use,
>>>      platform independent,interface to the Linux Kernel's syscall
>>>      filtering mechanism: seccomp."
>>>       >> +SECTION = "security"
>>>       >> +LICENSE = "LGPL-2.1"
>>>       >> +LIC_FILES_CHKSUM =
>>>      "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>>>       >> +
>>>       >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
>>>       >> +
>>>       >> +SRC_URI =
>>>      "git://github.com/seccomp/libseccomp.git;branch=release-2.4
>>>      <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
>>>       >> +           file://run-ptest \
>>>       >> +"
>>>       >> +
>>>       >> +S = "${WORKDIR}/git"
>>>       >> +
>>>       >> +inherit autotools-brokensep pkgconfig ptest
>>>       >> +
>>>       >> +PACKAGECONFIG ??= ""
>>>       >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
>>>       >> +
>>>       >> +do_compile_ptest() {
>>>       >> +    oe_runmake -C tests check-build
>>>       >> +}
>>>       >> +
>>>       >> +do_install_ptest() {
>>>       >> +    install -d ${D}${PTEST_PATH}/tests
>>>       >> +    install -d ${D}${PTEST_PATH}/tools
>>>       >> +    for file in $(find tests/* -executable -type f); do
>>>       >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>       >> +    done
>>>       >> +    for file in $(find tests/*.tests -type f); do
>>>       >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>       >> +    done
>>>       >> +    for file in $(find tools/* -executable -type f); do
>>>       >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>>>       >> +    done
>>>       >> +}
>>>       >> +
>>>       >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>>>       >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
>>>      ${libdir}/${PN}/tools/.debug"
>>>       >> +
>>>       >> +RDEPENDS_${PN}-ptest = "bash"
>>>       >> --
>>>       >> 2.7.4
>>>       >>
>>>       >> --
>>>       >> _______________________________________________
>>>       >> Openembedded-devel mailing list
>>>       >> Openembedded-devel at lists.openembedded.org
>>>      <mailto:Openembedded-devel at lists.openembedded.org>
>>>       >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>>>       >
>>>       >
>>>       >
>>>
>>>
>>>
>>> --
>>> - Thou shalt not follow the NULL pointer, for chaos and madness await
>>> thee at its end
>>> - "Use the force Harry" - Gandalf, Star Trek II
>>>
>
>
>

More information about the Openembedded-devel mailing list