Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD

* agl/sandbox/ronan/rocko: (58 commits)
  Update ulcb conf file
  Remove unsed gstreamer backport
  [GEN3] add preferred version on omx package
  run-(agl-)postinst: Emit progress to console
  meta-security: Remove unused content
  Upgrade wayland-ivi-extension
  Revert "Fix kernel gcc7 issue"
  remove backport commit
  Revert "Fix CVE-2017-1000364 by backporting the patches for gen3"
  Remove fix for optee-os
  Remove gcc 6 fix
  Update rcar gen3 kernel bbappend version
  Update rcar gen3 driver
  Remove porter machine
  dbus-cynara: Upgrade to 1.10.20
  xmlsec1: switch to meta-security version
  systemd: earlier smack label switch
  cynara: upgrade to 0.14.10
  Remove smack recipe
  Integrate parts of meta-intel-iot-security
  ...

Bug-AGL: SPEC-1181

Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>

Conflicts:
	meta-app-framework/recipes-security/cynara/cynara_git.bbappend

Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0

5 files changed, 64 insertions, 40 deletions

diff --git a/meta-agl/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch b/meta-agl/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch
new file mode 100644
index 000000000..46445be73
--- /dev/null
+++ b/meta-agl/recipes-core/systemd/systemd/0001-Switch-Smack-label-earlier.patch
@@ -0,0 +1,52 @@
+From 6cc74075797edb6f698cb7f312bb1c3d8cc6cb28 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Thu, 12 Oct 2017 17:17:56 +0200
+Subject: [PATCH] Switch Smack label earlier
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Switching label after removing capability isn't
+possible.
+
+Change-Id: Ib7dac8f071f36119520ed3205d743c1e3df3cd5e
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ src/core/execute.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index d72e5bf08..0abffd569 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -2707,6 +2707,13 @@ static int exec_child(
+                         }
+                 }
+ 
++                r = setup_smack(context, command);
++                if (r < 0) {
++                        *exit_status = EXIT_SMACK_PROCESS_LABEL;
++                        *error_message = strdup("Failed to set SMACK process label");
++                        return r;
++                }
++
+                 if (!cap_test_all(context->capability_bounding_set)) {
+                         r = capability_bounding_set_drop(context->capability_bounding_set, false);
+                         if (r < 0) {
+@@ -2775,13 +2782,6 @@ static int exec_child(
+                 }
+ #endif
+ 
+-                r = setup_smack(context, command);
+-                if (r < 0) {
+-                        *exit_status = EXIT_SMACK_PROCESS_LABEL;
+-                        *error_message = strdup("Failed to set SMACK process label");
+-                        return r;
+-                }
+-
+ #ifdef HAVE_APPARMOR
+                 if (context->apparmor_profile && mac_apparmor_use()) {
+                         r = aa_change_onexec(context->apparmor_profile);
+-- 
+2.14.3
+
diff --git a/meta-agl/recipes-core/systemd/systemd_234.bbappend b/meta-agl/recipes-core/systemd/systemd_234.bbappend
new file mode 100644
index 000000000..4df7684d0
--- /dev/null
+++ b/meta-agl/recipes-core/systemd/systemd_234.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "\
+    file://0001-Switch-Smack-label-earlier.patch \
+"
+
diff --git a/meta-agl/recipes-core/xmlsec1/xmlsec1_1.2.20.bb b/meta-agl/recipes-core/xmlsec1/xmlsec1_1.2.20.bb
deleted file mode 100644
index 7faf7bfd4..000000000
--- a/meta-agl/recipes-core/xmlsec1/xmlsec1_1.2.20.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-inherit autotools pkgconfig
-
-SUMMARY = "Library providing support for "XML Signature" and "XML Encryption" standards"
-DESCRIPTION = "XML Security Library is a C library based on LibXML2  and OpenSSL. \ 
-The library was created with a goal to support major XML security \
-standards "XML Digital Signature" and "XML Encryption". \
-"
-
-HOMEPAGE = "https://www.aleksey.com/xmlsec"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://Copyright;md5=32e47e213c77c55d2c666351d7ce16b5"
-
-SRC_URI = "git://git.gnome.org/xmlsec;branch=master;protocol=git"
-SRCREV = "84c8281cf927b1cdcc38f343f61c3aa448a5a10f"
-
-SECTION = "base"
-
-S = "${WORKDIR}/git"
-
-RDEPENDS_${PN} = "openssl libxml2"
-
-# choice is made to use openssl only and to not use xslt
-# nss would be a valuable choice
-EXTRA_OECONF = "\
-	--disable-crypto-dl \
-	--disable-apps-crypto-dl \
-	--enable-shared \
-	--disable-static \
-	--without-gnutls \
-	--without-gcrypt \
-	--without-nss \
-	--without-libxslt \
-"
-
-do_install_append() {
-	# discarding this optional file is good for AGL
-	rm ${D}${libdir}/xmlsec1Conf.sh
-}
-
-
diff --git a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service
index 61d6d4679..8f8667db6 100644
--- a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service
+++ b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts.service
@@ -7,6 +7,7 @@ ConditionPathExists=#SYSCONFDIR#/agl-postinsts
 
 [Service]
 Type=oneshot
+StandardOutput=journal+console
 ExecStart=#SBINDIR#/run-agl-postinsts
 ExecStartPost=#BASE_BINDIR#/systemctl disable run-agl-postinsts.service
 RemainAfterExit=No
diff --git a/meta-agl/recipes-devtools/run-postinsts/run-postinsts_%.bbappend b/meta-agl/recipes-devtools/run-postinsts/run-postinsts_%.bbappend
new file mode 100644
index 000000000..fc327b6ef
--- /dev/null
+++ b/meta-agl/recipes-devtools/run-postinsts/run-postinsts_%.bbappend
@@ -0,0 +1,5 @@
+do_configure_append() {
+	if ! grep -q StandardOutput= ${WORKDIR}/run-postinsts.service; then
+		sed -i '/ExecStart=/iStandardOutput=journal+console' ${WORKDIR}/run-postinsts.service
+	fi
+}