diff options
author | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2018-02-14 10:55:35 +0100 |
---|---|---|
committer | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2018-02-14 10:55:35 +0100 |
commit | 317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (patch) | |
tree | bf2b27dc9068924b59b46d2e153936c77be954c3 /meta-agl | |
parent | b6dc44f585b839ab1a2f0133b74958037fe1cb64 (diff) | |
parent | c9ce37905acd879db107eafe309678053073e086 (diff) |
Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD
* agl/sandbox/ronan/rocko: (58 commits)
Update ulcb conf file
Remove unsed gstreamer backport
[GEN3] add preferred version on omx package
run-(agl-)postinst: Emit progress to console
meta-security: Remove unused content
Upgrade wayland-ivi-extension
Revert "Fix kernel gcc7 issue"
remove backport commit
Revert "Fix CVE-2017-1000364 by backporting the patches for gen3"
Remove fix for optee-os
Remove gcc 6 fix
Update rcar gen3 kernel bbappend version
Update rcar gen3 driver
Remove porter machine
dbus-cynara: Upgrade to 1.10.20
xmlsec1: switch to meta-security version
systemd: earlier smack label switch
cynara: upgrade to 0.14.10
Remove smack recipe
Integrate parts of meta-intel-iot-security
...
Bug-AGL: SPEC-1181
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Conflicts:
meta-app-framework/recipes-security/cynara/cynara_git.bbappend
Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0
Diffstat (limited to 'meta-agl')
5 files changed, 64 insertions, 40 deletions
diff --git a/meta-agl/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch b/meta-agl/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch new file mode 100644 index 000000000..46445be73 --- /dev/null +++ b/meta-agl/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch @@ -0,0 +1,52 @@ +From 6cc74075797edb6f698cb7f312bb1c3d8cc6cb28 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> +Date: Thu, 12 Oct 2017 17:17:56 +0200 +Subject: [PATCH] Switch Smack label earlier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Switching label after removing capability isn't +possible. + +Change-Id: Ib7dac8f071f36119520ed3205d743c1e3df3cd5e +Signed-off-by: José Bollo <jose.bollo@iot.bzh> +--- + src/core/execute.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index d72e5bf08..0abffd569 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2707,6 +2707,13 @@ static int exec_child( + } + } + ++ r = setup_smack(context, command); ++ if (r < 0) { ++ *exit_status = EXIT_SMACK_PROCESS_LABEL; ++ *error_message = strdup("Failed to set SMACK process label"); ++ return r; ++ } ++ + if (!cap_test_all(context->capability_bounding_set)) { + r = capability_bounding_set_drop(context->capability_bounding_set, false); + if (r < 0) { +@@ -2775,13 +2782,6 @@ static int exec_child( + } + #endif + +- r = setup_smack(context, command); +- if (r < 0) { +- *exit_status = EXIT_SMACK_PROCESS_LABEL; +- *error_message = strdup("Failed to set SMACK process label"); +- return r; +- } +- + #ifdef HAVE_APPARMOR + if (context->apparmor_profile && mac_apparmor_use()) { + r = aa_change_onexec(context->apparmor_profile); +-- +2.14.3 + diff --git a/meta-agl/recipes-core/systemd/systemd_234.bbappend b/meta-agl/recipes-core/systemd/systemd_234.bbappend new file mode 100644 index 000000000..4df7684d0 --- /dev/null +++ b/meta-agl/recipes-core/systemd/systemd_234.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += "\ + file://0001-Switch-Smack-label-earlier.patch \ +" + diff --git a/meta-agl/recipes-core/xmlsec1/xmlsec1_1.2.20.bb b/meta-agl/recipes-core/xmlsec1/xmlsec1_1.2.20.bb deleted file mode 100644 index 7faf7bfd4..000000000 --- a/meta-agl/recipes-core/xmlsec1/xmlsec1_1.2.20.bb +++ /dev/null @@ -1,40 +0,0 @@ -inherit autotools pkgconfig - -SUMMARY = "Library providing support for "XML Signature" and "XML Encryption" standards" -DESCRIPTION = "XML Security Library is a C library based on LibXML2 and OpenSSL. \ -The library was created with a goal to support major XML security \ -standards "XML Digital Signature" and "XML Encryption". \ -" - -HOMEPAGE = "https://www.aleksey.com/xmlsec" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://Copyright;md5=32e47e213c77c55d2c666351d7ce16b5" - -SRC_URI = "git://git.gnome.org/xmlsec;branch=master;protocol=git" -SRCREV = "84c8281cf927b1cdcc38f343f61c3aa448a5a10f" - -SECTION = "base" - -S = "${WORKDIR}/git" - -RDEPENDS_${PN} = "openssl libxml2" - -# choice is made to use openssl only and to not use xslt -# nss would be a valuable choice -EXTRA_OECONF = "\ - --disable-crypto-dl \ - --disable-apps-crypto-dl \ - --enable-shared \ - --disable-static \ - --without-gnutls \ - --without-gcrypt \ - --without-nss \ - --without-libxslt \ -" - -do_install_append() { - # discarding this optional file is good for AGL - rm ${D}${libdir}/xmlsec1Conf.sh -} - - diff --git a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service index 61d6d4679..8f8667db6 100644 --- a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service +++ b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service @@ -7,6 +7,7 @@ ConditionPathExists=#SYSCONFDIR#/agl-postinsts [Service] Type=oneshot +StandardOutput=journal+console ExecStart=#SBINDIR#/run-agl-postinsts ExecStartPost=#BASE_BINDIR#/systemctl disable run-agl-postinsts.service RemainAfterExit=No diff --git a/meta-agl/recipes-devtools/run-postinsts/run-postinsts_%.bbappend b/meta-agl/recipes-devtools/run-postinsts/run-postinsts_%.bbappend new file mode 100644 index 000000000..fc327b6ef --- /dev/null +++ b/meta-agl/recipes-devtools/run-postinsts/run-postinsts_%.bbappend @@ -0,0 +1,5 @@ +do_configure_append() { + if ! grep -q StandardOutput= ${WORKDIR}/run-postinsts.service; then + sed -i '/ExecStart=/iStandardOutput=journal+console' ${WORKDIR}/run-postinsts.service + fi +} |