[oe] [meta-oe][PATCH] libseccomp: import from meta-security
Khem Raj
raj.khem at gmail.com
Fri Jul 26 22:27:36 UTC 2019
On Fri, Jul 26, 2019 at 2:00 AM akuster808 <akuster808 at gmail.com> wrote:
>
>
>
> On 7/25/19 8:23 PM, Bruce Ashfield wrote:
> > On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli <mingli.yu at windriver.com> wrote:
> >>
> >>
> >> On 2019年07月26日 10:46, Bruce Ashfield wrote:
> >>>
> >>> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu at windriver.com
> >>> <mailto:mingli.yu at windriver.com>> wrote:
> >>>
> >>>
> >>>
> >>> On 2019年07月25日 21:45, Bruce Ashfield wrote:
> >>> > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu at windriver.com
> >>> <mailto:mingli.yu at windriver.com>> wrote:
> >>> >>
> >>> >> From: Mingli Yu <Mingli.Yu at windriver.com
> >>> <mailto:Mingli.Yu at windriver.com>>
> >>> >
> >>> > Can you share some details as to why this should be pulled from
> >>> > meta-security into a different repo ?
> >>>
> >>> Considering there is also some security related recipe under
> >>> meta-oe/recipes-security/, I think it's not strange to add a new one
> >>> libseccomp and libseccomp also provides a basic common filtering
> >>> mechanism.
> >>>
> >>>
> >>> .. but it is literally churn for the sake of churn.
> >>>
> >>> Meaning, that isn't a great reason to move something. If Armin wanted to
> >>> put the recipe in meta-oe, he would have done it himself.
> >> ^_^, I noticed Armin did try to do this in this thread "[oe]
> >> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
> >> in Jun 1, 2018.
> > In that case, follow up to that thread so folks can remember why it
> > didn't happen, or check to see if it was simply forgotten. Putting the
> > maintainers on the cc' from the start of something like this helps
> > immensely.
> >
> > But I see you added Armin to this thread, so that should be enough.
>
> I am fine if we move the recipe. The issue was Khem didn't want the
> "bash" dependency and I never followed up to clean that up.
>
I think this cleanup would be good to have before we move this in. It
has built well
in preliminary build testing, since there are recipes in meta-oe using
this package it
will become a common place to have it so there might be value.
Other way would be to see if security-recipes in meta-oe could be
moved out into meta-security
> I would have responded sooner but this is the first time I have reliable
> Internet.
>
> - armin
> >
> > Bruce
> >
> >>>
> >>> Meanwhile, the below yocto compliance check error disappears once we
> >>> move libseccomp from meta-security to meta-oe.
> >>> ERROR: Nothing PROVIDES 'libseccomp' (but
> >>> /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> >>> <http://cri-o_git.bb>
> >>> DEPENDS on or otherwise requires it).
> >>> Close matches:
> >>> libcomps
> >>> ERROR: Required build target 'meta-world-pkgdata' has no buildable
> >>> providers.
> >>>
> >>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> >>> 'cri-o', 'libseccomp']
> >>>
> >>>
> >>> Also not a valid reason. We've just fixed meta-virtualization, so
> >>> there's no need to shuffle something like this around, just to keep
> >>> another layers compliance check working.
> >>>
> >>> Bruce
> >>>
> >>>
> >>> Thanks,
> >>>
> >>> >
> >>> > It seems to fit the mandate of meta-security quite nicely ;)
> >>> >
> >>> > Is there some sort of dependency issue, or other technical problem
> >>> > that is causing a problem ?
> >>> >
> >>> > Bruce
> >>> >
> >>> >>
> >>> >> Signed-off-by: Mingli Yu <Mingli.Yu at windriver.com
> >>> <mailto:Mingli.Yu at windriver.com>>
> >>> >> ---
> >>> >> .../recipes-security/libseccomp/files/run-ptest | 4 +++
> >>> >> .../libseccomp/libseccomp_2.4.1.bb
> >>> <http://libseccomp_2.4.1.bb> | 41 ++++++++++++++++++++++
> >>> >> 2 files changed, 45 insertions(+)
> >>> >> create mode 100644
> >>> meta-oe/recipes-security/libseccomp/files/run-ptest
> >>> >> create mode 100644
> >>> meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> <http://libseccomp_2.4.1.bb>
> >>> >>
> >>> >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>> b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>> >> new file mode 100644
> >>> >> index 0000000..54b4a63
> >>> >> --- /dev/null
> >>> >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>> >> @@ -0,0 +1,4 @@
> >>> >> +#!/bin/sh
> >>> >> +
> >>> >> +cd tests
> >>> >> +./regression -a
> >>> >> diff --git
> >>> a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> <http://libseccomp_2.4.1.bb>
> >>> b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> <http://libseccomp_2.4.1.bb>
> >>> >> new file mode 100644
> >>> >> index 0000000..dba1be5
> >>> >> --- /dev/null
> >>> >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> <http://libseccomp_2.4.1.bb>
> >>> >> @@ -0,0 +1,41 @@
> >>> >> +SUMMARY = "interface to seccomp filtering mechanism"
> >>> >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> >>> platform independent,interface to the Linux Kernel's syscall
> >>> filtering mechanism: seccomp."
> >>> >> +SECTION = "security"
> >>> >> +LICENSE = "LGPL-2.1"
> >>> >> +LIC_FILES_CHKSUM =
> >>> "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >>> >> +
> >>> >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >>> >> +
> >>> >> +SRC_URI =
> >>> "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> >>> <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
> >>> >> + file://run-ptest \
> >>> >> +"
> >>> >> +
> >>> >> +S = "${WORKDIR}/git"
> >>> >> +
> >>> >> +inherit autotools-brokensep pkgconfig ptest
> >>> >> +
> >>> >> +PACKAGECONFIG ??= ""
> >>> >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> >>> >> +
> >>> >> +do_compile_ptest() {
> >>> >> + oe_runmake -C tests check-build
> >>> >> +}
> >>> >> +
> >>> >> +do_install_ptest() {
> >>> >> + install -d ${D}${PTEST_PATH}/tests
> >>> >> + install -d ${D}${PTEST_PATH}/tools
> >>> >> + for file in $(find tests/* -executable -type f); do
> >>> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >>> >> + done
> >>> >> + for file in $(find tests/*.tests -type f); do
> >>> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >>> >> + done
> >>> >> + for file in $(find tools/* -executable -type f); do
> >>> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >>> >> + done
> >>> >> +}
> >>> >> +
> >>> >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >>> >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> >>> ${libdir}/${PN}/tools/.debug"
> >>> >> +
> >>> >> +RDEPENDS_${PN}-ptest = "bash"
> >>> >> --
> >>> >> 2.7.4
> >>> >>
> >>> >> --
> >>> >> _______________________________________________
> >>> >> Openembedded-devel mailing list
> >>> >> Openembedded-devel at lists.openembedded.org
> >>> <mailto:Openembedded-devel at lists.openembedded.org>
> >>> >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >>> >
> >>> >
> >>> >
> >>>
> >>>
> >>>
> >>> --
> >>> - Thou shalt not follow the NULL pointer, for chaos and madness await
> >>> thee at its end
> >>> - "Use the force Harry" - Gandalf, Star Trek II
> >>>
> >
> >
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
More information about the Openembedded-devel
mailing list