d9ff62c4cd
It's been ages (5 years at the next release) that we've not installed
host packages in $(HOST_DIR)/usr, but we still have a few packages that
reference it or install things in there.
Drop all of those in one fell swoop.
The run-time test still succeeds, and the following defconfig, which
should exercise all touched packages [*], does build:
BR2_x86_i686=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_GAWK=y
BR2_PACKAGE_GETTEXT=y
BR2_PACKAGE_ABOOTIMG=y
BR2_PACKAGE_DBUS_PYTHON=y
BR2_PACKAGE_OLA=y
BR2_PACKAGE_JIMTCL=y
BR2_PACKAGE_LUA=y
# BR2_PACKAGE_LUA_32BITS is not set
BR2_PACKAGE_ARGPARSE=y
BR2_PACKAGE_PERL=y
BR2_PACKAGE_PHP=y
BR2_PACKAGE_PHP_APCU=y
BR2_PACKAGE_PHP_LUA=y
BR2_PACKAGE_PHP_PAM=y
BR2_PACKAGE_PHP_PECL_DBUS=y
BR2_PACKAGE_PYTHON3=y
BR2_PACKAGE_PYTHON_CRYPTOGRAPHY=y
BR2_PACKAGE_PYTHON_PLY=y
BR2_PACKAGE_PYTHON_PYBIND=y
BR2_PACKAGE_LIBVA=y
BR2_PACKAGE_BIND=y
BR2_PACKAGE_BIND_SERVER=y
BR2_PACKAGE_BIND_TOOLS=y
BR2_PACKAGE_APPARMOR=y
BR2_PACKAGE_APPARMOR_BINUTILS=y
BR2_PACKAGE_APPARMOR_UTILS=y
BR2_PACKAGE_APPARMOR_UTILS_EXTRA=y
BR2_PACKAGE_APPARMOR_PROFILES=y
BR2_PACKAGE_REFPOLICY=y
BR2_PACKAGE_URANDOM_SCRIPTS=y
BR2_PACKAGE_BASH=y
# embiggen-disk to exercise go
BR2_PACKAGE_EMBIGGEN_DISK=y
BR2_TARGET_GRUB2=y
BR2_TARGET_GRUB2_I386_PC=y
BR2_TARGET_GRUB2_I386_EFI=y
[*] exceptions:
- zfs was not tested: it needs a kernel to be built;
- compiler-rt was not tsted: it needs llvm to be built, that takes
ages, and other packages already reference the correct location for
llvm-config, so it was assumed that is OK.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Angelo Compagnucci <angelo.compagnucci@gmail.com>
Cc: Anisse Astier <anisse@astier.eu>
Cc: Antoine Tenart <atenart@kernel.org>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Asaf Kahlon <asafka7@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Christian Stewart <christian@paral.in>
Cc: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Cc: Francois Perrad <francois.perrad@gadz.org>
Cc: Guillaume William Brs <guillaume.bressaix@gmail.com>
Cc: Hervé Codina <herve.codina@bootlin.com>
Cc: James Hilliard <james.hilliard1@gmail.com>
Cc: José Luis Salvador Rufo <salvador.joseluis@gmail.com>
Cc: Julien Boibessot <julien.boibessot@armadeus.com>
Cc: Julien Olivain <ju.o@free.fr>
Cc: Matt Weber <matthew.weber@collins.com>
Cc: Nicolas Carrier <nicolas.carrier@orolia.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Vadim Kochan <vadim4j@gmail.com>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
---
Changes v1 -> v2:
- fix new instance that have crept in (Romain)
135 lines
3.9 KiB
Makefile
135 lines
3.9 KiB
Makefile
################################################################################
|
|
#
|
|
# refpolicy
|
|
#
|
|
################################################################################
|
|
|
|
REFPOLICY_LICENSE = GPL-2.0
|
|
REFPOLICY_LICENSE_FILES = COPYING
|
|
REFPOLICY_CPE_ID_VENDOR = selinuxproject
|
|
REFPOLICY_INSTALL_STAGING = YES
|
|
REFPOLICY_DEPENDENCIES = \
|
|
host-m4 \
|
|
host-checkpolicy \
|
|
host-policycoreutils \
|
|
host-python3 \
|
|
host-setools \
|
|
host-gawk \
|
|
host-libxml2
|
|
|
|
ifeq ($(BR2_PACKAGE_REFPOLICY_CUSTOM_GIT),y)
|
|
REFPOLICY_VERSION = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_VERSION))
|
|
REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
|
|
REFPOLICY_SITE_METHOD = git
|
|
BR_NO_CHECK_HASH_FOR += $(REFPOLICY_SOURCE)
|
|
else
|
|
REFPOLICY_VERSION = 2.20220106
|
|
REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
|
|
REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_$(subst .,_,$(REFPOLICY_VERSION))
|
|
endif
|
|
|
|
# Cannot use multiple threads to build the reference policy
|
|
REFPOLICY_MAKE = \
|
|
PYTHON=$(HOST_DIR)/bin/python3 \
|
|
XMLLINT=$(LIBXML2_HOST_BINARY) \
|
|
TEST_TOOLCHAIN=$(HOST_DIR) \
|
|
$(TARGET_MAKE_ENV) \
|
|
$(MAKE1)
|
|
|
|
REFPOLICY_POLICY_VERSION = $(BR2_PACKAGE_LIBSEPOL_POLICY_VERSION)
|
|
REFPOLICY_POLICY_STATE = \
|
|
$(call qstrip,$(BR2_PACKAGE_REFPOLICY_POLICY_STATE))
|
|
|
|
ifeq ($(BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION),y)
|
|
|
|
# Allow to provide out-of-tree SELinux modules in addition to the ones
|
|
# in the refpolicy.
|
|
REFPOLICY_EXTRA_MODULES_DIRS = \
|
|
$(strip \
|
|
$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES_DIRS)) \
|
|
$(PACKAGES_SELINUX_EXTRA_MODULES_DIRS))
|
|
$(foreach dir,$(REFPOLICY_EXTRA_MODULES_DIRS),\
|
|
$(if $(wildcard $(dir)),,\
|
|
$(error BR2_REFPOLICY_EXTRA_MODULES_DIRS contains nonexistent directory $(dir))))
|
|
|
|
REFPOLICY_MODULES = \
|
|
application \
|
|
authlogin \
|
|
getty \
|
|
init \
|
|
libraries \
|
|
locallogin \
|
|
logging \
|
|
miscfiles \
|
|
modutils \
|
|
mount \
|
|
selinuxutil \
|
|
storage \
|
|
sysadm \
|
|
sysnetwork \
|
|
unconfined \
|
|
userdomain \
|
|
$(PACKAGES_SELINUX_MODULES) \
|
|
$(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES)) \
|
|
$(foreach d,$(REFPOLICY_EXTRA_MODULES_DIRS),\
|
|
$(basename $(notdir $(wildcard $(d)/*.te))))
|
|
|
|
define REFPOLICY_COPY_EXTRA_MODULES
|
|
mkdir -p $(@D)/policy/modules/buildroot
|
|
rsync -au $(addsuffix /*,$(REFPOLICY_EXTRA_MODULES_DIRS)) \
|
|
$(@D)/policy/modules/buildroot/
|
|
if [ ! -f $(@D)/policy/modules/buildroot/metadata.xml ]; then \
|
|
echo "<summary>Buildroot extra modules</summary>" > \
|
|
$(@D)/policy/modules/buildroot/metadata.xml; \
|
|
fi
|
|
endef
|
|
|
|
# In the context of a monolithic policy enabling a piece of the policy as
|
|
# 'base' or 'module' is equivalent, so we enable them as 'base'.
|
|
define REFPOLICY_CONFIGURE_MODULES
|
|
$(SED) "s/ = module/ = no/g" $(@D)/policy/modules.conf
|
|
$(foreach m,$(sort $(REFPOLICY_MODULES)),
|
|
$(SED) "/^$(m) =/c\$(m) = base" $(@D)/policy/modules.conf
|
|
)
|
|
endef
|
|
|
|
endif # BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION = y
|
|
|
|
ifeq ($(BR2_INIT_SYSTEMD),y)
|
|
define REFPOLICY_CONFIGURE_SYSTEMD
|
|
$(SED) "/SYSTEMD/c\SYSTEMD = y" $(@D)/build.conf
|
|
endef
|
|
endif
|
|
|
|
define REFPOLICY_CONFIGURE_CMDS
|
|
$(SED) "/OUTPUT_POLICY/c\OUTPUT_POLICY = $(REFPOLICY_POLICY_VERSION)" \
|
|
$(@D)/build.conf
|
|
$(SED) "/MONOLITHIC/c\MONOLITHIC = y" $(@D)/build.conf
|
|
$(SED) "/NAME/c\NAME = targeted" $(@D)/build.conf
|
|
$(REFPOLICY_CONFIGURE_SYSTEMD)
|
|
$(if $(REFPOLICY_EXTRA_MODULES_DIRS), \
|
|
$(REFPOLICY_COPY_EXTRA_MODULES)
|
|
)
|
|
$(REFPOLICY_MAKE) -C $(@D) bare conf
|
|
$(REFPOLICY_CONFIGURE_MODULES)
|
|
endef
|
|
|
|
define REFPOLICY_BUILD_CMDS
|
|
$(REFPOLICY_MAKE) -C $(@D) policy
|
|
endef
|
|
|
|
define REFPOLICY_INSTALL_STAGING_CMDS
|
|
$(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) \
|
|
install-src install-headers
|
|
endef
|
|
|
|
define REFPOLICY_INSTALL_TARGET_CMDS
|
|
$(REFPOLICY_MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
|
|
$(INSTALL) -m 0755 -D package/refpolicy/config \
|
|
$(TARGET_DIR)/etc/selinux/config
|
|
$(SED) "/^SELINUX=/c\SELINUX=$(REFPOLICY_POLICY_STATE)" \
|
|
$(TARGET_DIR)/etc/selinux/config
|
|
endef
|
|
|
|
$(eval $(generic-package))
|