From 7cd29bd3a27f9402fc13093cb7294f6a9e1b0059 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Thu, 23 Jun 2016 16:00:59 +0000 Subject: add layer meta-app-framework meta-app-framework is a layer containing the AGL App Framework recipes 4 new layers are added for application framework: * meta-intel-iot-security/meta-security-smack * meta-intel-iot-security/meta-security-framework * meta-agl/meta-agl-security * meta-agl/meta-app-framework Configuration file changes to support AppFw: * activation of Smack and Cynara * modify the tar command to be used to support Smack extended attributes Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632 Signed-off-by: Stephane Desneux --- .../libcap/removing-capability-enforcement.patch | 79 ++++++++++++++ .../recipes-support/libcap/libcap_%.bbappend | 5 + .../libmicrohttpd/allows-upgrade.patch | 14 +++ .../libmicrohttpd/libmicrohttpd_0.9.48.bb | 27 +++++ .../libmicrohttpd/libmicrohttpd_0.9.48.bbappend | 5 + .../recipes-support/libzip/libzip_1.1.1.bb | 32 ++++++ ...quire-libxslt-in-.pc-files-when-necessary.patch | 115 +++++++++++++++++++++ .../recipes-support/xmlsec1/xmlsec1_1.%.bbappend | 4 + 8 files changed, 281 insertions(+) create mode 100644 meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch create mode 100644 meta-app-framework/recipes-support/libcap/libcap_%.bbappend create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend create mode 100644 meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb create mode 100644 meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch create mode 100644 meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend (limited to 'meta-app-framework/recipes-support') diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch new file mode 100644 index 0000000..fd01c19 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch @@ -0,0 +1,79 @@ +From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Fri, 22 Jan 2016 16:23:59 +0100 +Subject: [PATCH] removing capability enforcement + +Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30 +--- + progs/setcap.c | 43 ------------------------------------------- + 1 file changed, 43 deletions(-) + +diff --git a/progs/setcap.c b/progs/setcap.c +index 83090ae..01faa17 100644 +--- a/progs/setcap.c ++++ b/progs/setcap.c +@@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer) + + int main(int argc, char **argv) + { +- int tried_to_cap_setfcap = 0; + char buffer[MAXCAP+1]; + int retval, quiet=0, verify=0; + cap_t mycaps; +@@ -150,53 +149,11 @@ int main(int argc, char **argv) + printf("%s: OK\n", *argv); + } + } else { +- if (!tried_to_cap_setfcap) { +- capflag = CAP_SETFCAP; +- +- /* +- * Raise the effective CAP_SETFCAP. +- */ +- if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET) +- != 0) { +- perror("unable to manipulate CAP_SETFCAP - " +- "try a newer libcap?"); +- exit(1); +- } +- if (cap_set_proc(mycaps) != 0) { +- perror("unable to set CAP_SETFCAP effective capability"); +- exit(1); +- } +- tried_to_cap_setfcap = 1; +- } + retval = cap_set_file(*++argv, cap_d); + if (retval != 0) { +- int explained = 0; +-#ifdef linux +- cap_value_t cap; +- cap_flag_value_t per_state; +- +- for (cap = 0; +- cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1; +- cap++) { +- cap_flag_value_t inh_state, eff_state; +- +- cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state); +- cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state); +- if ((inh_state | per_state) != eff_state) { +- fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n" +- " exactly match the union of selected permitted and inheritable bits.\n"); +- explained = 1; +- break; +- } +- } +-#endif /* def linux */ +- + fprintf(stderr, + "Failed to set capabilities on file `%s' (%s)\n", + argv[0], strerror(errno)); +- if (!explained) { +- usage(); +- } + } + } + if (cap_d) { +-- +2.1.4 + diff --git a/meta-app-framework/recipes-support/libcap/libcap_%.bbappend b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend new file mode 100644 index 0000000..fbe8935 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_append_class-native := ":${THISDIR}/${PN}" +SRC_URI_append_class-native = " file://removing-capability-enforcement.patch" +PACKAGECONFIG_class-native ?= "attr" +DEPENDS_append_class-native = " attr-native" + diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch new file mode 100644 index 0000000..b35d970 --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch @@ -0,0 +1,14 @@ +diff -Naur a/src/microhttpd/connection.c b/src/microhttpd/connection.c +--- a/src/microhttpd/connection.c 2016-04-20 11:35:50.259534537 +0000 ++++ b/src/microhttpd/connection.c 2016-04-20 11:29:46.291569583 +0000 +@@ -733,8 +733,7 @@ + { + if (NULL == end) + return MHD_YES; +- if ( (MHD_str_equal_caseless_ (end, "close")) || +- (MHD_str_equal_caseless_ (end, "upgrade")) ) ++ if ( (MHD_str_equal_caseless_ (end, "close")) ) + return MHD_NO; + return MHD_YES; + } + diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb new file mode 100644 index 0000000..892009e --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb @@ -0,0 +1,27 @@ +DESCRIPTION = "A small C library that is supposed to make it easy to run an HTTP server as part of another application" +HOMEPAGE = "http://www.gnu.org/software/libmicrohttpd/" +LICENSE = "LGPL-2.1+" +LIC_FILES_CHKSUM = "file://COPYING;md5=9331186f4f80db7da0e724bdd6554ee5" +SECTION = "net" +DEPENDS = "libgcrypt gnutls file" + +SRC_URI = "http://ftp.gnu.org/gnu/libmicrohttpd/${BPN}-${PV}.tar.gz" +SRC_URI[md5sum] = "9c298c890088a91fe0d7ac3fec9d0097" +SRC_URI[sha256sum] = "87667e158f2bf8c691a002e256ffe30885d4121a9ee4143af0320c47cdf8a2a4" + +inherit autotools lib_package + +# disable spdy, because it depends on openssl +EXTRA_OECONF += "--disable-static --with-gnutls=${STAGING_LIBDIR}/../" + +PACKAGECONFIG ?= "curl" +PACKAGECONFIG_append_class-target = "\ + ${@base_contains('DISTRO_FEATURES', 'largefile', 'largefile', '', d)} \ +" +PACKAGECONFIG[largefile] = "--enable-largefile,--disable-largefile,," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl," + +do_compile_append() { + sed -i s:-L${STAGING_LIBDIR}::g libmicrohttpd.pc +} + diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend new file mode 100644 index 0000000..c26b811 --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend @@ -0,0 +1,5 @@ + +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +SRC_URI += " file://allows-upgrade.patch" + + diff --git a/meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb b/meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb new file mode 100644 index 0000000..4509711 --- /dev/null +++ b/meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb @@ -0,0 +1,32 @@ +inherit autotools + +SUMMARY = "Library providing support for handling zip files" +DESCRIPTION = "\ + This library is wrapping zlib and allows \ + to easily create, browse, inflate of deflate \ + the zip files. \ + It also provides tools for zip comparing, merging or browsing.\ +" + +HOMEPAGE = "http://nih.at/libzip/index.html" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=23ebf7ca347ed9703b4ef40824d0ef66" + +SRC_URI = "http://nih.at/libzip/libzip-1.1.1.tar.xz;md5sum=0c86a1a94fbc3ec6724801036726ae1f" + +#SRC_URI = "hg://hg.nih.at/libzip;module=libzip;protocol=http" +#SRCREV = "5895e34af7f9" +#S = "${HGDIR}" + +SECTION = "base" + +DEPENDS = "zlib" + +RDEPENDS_${PN} = "zlib" + +PROVIDES += "${PN}-tools" +RDEPENDS_${PN}-tools = "${PN}" +FILES_${PN}-tools = "${bindir}/zipcmp ${bindir}/zipmerge ${bindir}/ziptool" + +BBCLASSEXTEND = "native nativesdk" + diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch b/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch new file mode 100644 index 0000000..c92df77 --- /dev/null +++ b/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch @@ -0,0 +1,115 @@ +From 1e39acf581ef47876b058da41774cbc92560d797 Mon Sep 17 00:00:00 2001 +From: Manuel Bachmann +Date: Wed, 27 Jan 2016 14:16:40 +0100 +Subject: [PATCH] Only require libxslt in .pc files when necessary + +If we build xmlsec without libxslt ("--without-libxslt" at +configure time), dependent packages will still require it +because it is unconditionally mentioned in .pc files (used +by pkg-config). + +We now make sure that this dependency is mentioned only if +the configure script validates libxslt presence. + +Signed-off-by: Manuel Bachmann +--- + configure.in | 4 ++++ + xmlsec-gcrypt.pc.in | 2 +- + xmlsec-gnutls.pc.in | 2 +- + xmlsec-nss.pc.in | 2 +- + xmlsec-openssl.pc.in | 2 +- + xmlsec.pc.in | 2 +- + 6 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/configure.in b/configure.in +index 7d976d0..a8350a9 100644 +--- a/configure.in ++++ b/configure.in +@@ -255,6 +255,7 @@ dnl ========================================================================== + dnl find libxslt + dnl ========================================================================== + XMLSEC_NO_LIBXSLT="1" ++LIBXSLT_COND="libxslt >=" + LIBXSLT_MIN_VERSION=1.0.20 + LIBXSLT_CONFIG="xslt-config" + LIBXSLT_CFLAGS="" +@@ -324,6 +325,8 @@ fi + if test "z$LIBXSLT_FOUND" = "zyes" ; then + XMLSEC_NO_LIBXSLT="0" + else ++ LIBXSLT_COND="" ++ LIBXSLT_MIN_VERSION="" + XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XSLT=1" + fi + +@@ -332,6 +335,7 @@ AC_SUBST(LIBXSLT_CFLAGS) + AC_SUBST(LIBXSLT_LIBS) + AC_SUBST(LIBXSLT_CONFIG) + AC_SUBST(LIBXSLT_MIN_VERSION) ++AC_SUBST(LIBXSLT_COND) + + dnl ========================================================================== + dnl See if we can find a crypto library +diff --git a/xmlsec-gcrypt.pc.in b/xmlsec-gcrypt.pc.in +index 1c00496..33bc2ff 100644 +--- a/xmlsec-gcrypt.pc.in ++++ b/xmlsec-gcrypt.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-gcrypt + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"gcrypt\" @XMLSEC_GCRYPT_CFLAGS@ + Libs: @XMLSEC_GCRYPT_LIBS@ +diff --git a/xmlsec-gnutls.pc.in b/xmlsec-gnutls.pc.in +index e538cd4..d01cf82 100644 +--- a/xmlsec-gnutls.pc.in ++++ b/xmlsec-gnutls.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-gnutls + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"gnutls\" @XMLSEC_GNUTLS_CFLAGS@ + Libs: @XMLSEC_GNUTLS_LIBS@ +diff --git a/xmlsec-nss.pc.in b/xmlsec-nss.pc.in +index a6d6c5c..75f0232 100644 +--- a/xmlsec-nss.pc.in ++++ b/xmlsec-nss.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-nss + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ @NSPR_PACKAGE@ >= @MOZILLA_MIN_VERSION@ @NSS_PACKAGE@ >= @MOZILLA_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ @NSPR_PACKAGE@ >= @MOZILLA_MIN_VERSION@ @NSS_PACKAGE@ >= @MOZILLA_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"nss\" -DXMLSEC_CRYPTO_NSS=1 @XMLSEC_CORE_CFLAGS@ + Libs: -L${libdir} -lxmlsec1-nss @XMLSEC_CORE_LIBS@ +diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in +index 85ee2b0..e9d0651 100644 +--- a/xmlsec-openssl.pc.in ++++ b/xmlsec-openssl.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-openssl + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"openssl\" @XMLSEC_OPENSSL_CFLAGS@ + Libs: @XMLSEC_OPENSSL_LIBS@ +diff --git a/xmlsec.pc.in b/xmlsec.pc.in +index a750ab8..14ea670 100644 +--- a/xmlsec.pc.in ++++ b/xmlsec.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1 + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@ + Libs: -L${libdir} @XMLSEC_CORE_LIBS@ +-- +2.6.2 + diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend new file mode 100644 index 0000000..539a88f --- /dev/null +++ b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +SRC_URI += "file://Only-require-libxslt-in-.pc-files-when-necessary.patch" + +DEPENDS += "libxml2" -- cgit 1.2.3-korg