Merge remote-tracking branch 'agl/sandbox/ronan/rocko' into HEAD

* agl/sandbox/ronan/rocko: (58 commits) Update ulcb conf file Remove unsed gstreamer backport [GEN3] add preferred version on omx package run-(agl-)postinst: Emit progress to console meta-security: Remove unused content Upgrade wayland-ivi-extension Revert "Fix kernel gcc7 issue" remove backport commit Revert "Fix CVE-2017-1000364 by backporting the patches for gen3" Remove fix for optee-os Remove gcc 6 fix Update rcar gen3 kernel bbappend version Update rcar gen3 driver Remove porter machine dbus-cynara: Upgrade to 1.10.20 xmlsec1: switch to meta-security version systemd: earlier smack label switch cynara: upgrade to 0.14.10 Remove smack recipe Integrate parts of meta-intel-iot-security ... Bug-AGL: SPEC-1181 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org> Conflicts: meta-app-framework/recipes-security/cynara/cynara_git.bbappend Change-Id: I9875fcb31e960038ce6c23165c99b52a3bd1a1c0
author: Jan-Simon Möller <jsmoeller@linuxfoundation.org> 2018-02-14 10:55:35 +0100
committer: Jan-Simon Möller <jsmoeller@linuxfoundation.org> 2018-02-14 10:55:35 +0100
commit: 317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (patch)
tree: bf2b27dc9068924b59b46d2e153936c77be954c3 /meta-app-framework
parent: b6dc44f585b839ab1a2f0133b74958037fe1cb64 (diff)
parent: c9ce37905acd879db107eafe309678053073e086 (diff)
10 files changed, 14 insertions, 176 deletions
diff --git a/meta-app-framework/conf/include/agl-appfw-smack.inc b/meta-app-framework/conf/include/agl-appfw-smack.inc
index b77a5d17c..b6b998a9b 100644
--- a/meta-app-framework/conf/include/agl-appfw-smack.inc
+++ b/meta-app-framework/conf/include/agl-appfw-smack.inc
@@ -1,6 +1,6 @@
 # enable security features (smack, cynara) - required by Application Framework
-OVERRIDES .= ":smack"
-DISTRO_FEATURES_append = " smack dbus-cynara xattr"
+OVERRIDES .= ":with-lsm-smack"
+DISTRO_FEATURES_append = " smack xattr"
 
 # use tar-native to support SMACK extended attributes independently of host config
 IMAGE_CMD_TAR = "tar --xattrs --xattrs-include='*'"
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
index 8ac661527..e160486b2 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
@@ -14,7 +14,7 @@ DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manage
 DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c"
 RDEPENDS_${PN}_class-target += "af-binder-tools"
 
-PACKAGE_WRITE_DEPS_append_smack = " smack-userspace-native libcap-native"
+PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native libcap-native"
 
 EXTRA_OECMAKE_class-native  = "\
 	-DUSE_LIBZIP=1 \
@@ -46,8 +46,8 @@ GROUPADD_PARAM_${PN} = "-r ${afm_name}"
 FILES_${PN} += "\
 	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \
 "
-RDEPENDS_${PN}_append_smack = " smack-userspace bash"
-DEPENDS_append_smack = " smack-userspace-native"
+RDEPENDS_${PN}_append_with-lsm-smack = " smack bash"
+DEPENDS_append_with-lsm-smack = " smack-native"
 
 # short hacks here
 SRC_URI += "\
@@ -90,7 +90,7 @@ pkg_postinst_${PN}() {
     chown ${afm_name}:${afm_name} $D${afm_datadir}/icons
 }
 
-pkg_postinst_${PN}_append_smack() {
+pkg_postinst_${PN}_append_with-lsm-smack() {
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
         chsmack -a 'System::Shared' -t $D${systemd_units_root}/system
         chsmack -a 'System::Shared' -t $D${systemd_units_root}/system/afm-user-session@.target.wants
diff --git a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
index 636bcc4df..b837d03ad 100644
--- a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
@@ -1,5 +1,5 @@
-RDEPENDS_${PN}_append_smack = " smack-userspace"
-PACKAGE_WRITE_DEPS_append_smack = " smack-userspace-native"
+RDEPENDS_${PN}_append_with-lsm-smack = " smack"
+PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
 
 do_install_append() {
     install -d ${D}/${sysconfdir}/skel/app-data
@@ -13,7 +13,7 @@ do_install_append() {
     ln -s ../../var/local ${D}/usr/local
 }
 
-do_install_append_smack () {
+do_install_append_with-lsm-smack () {
     install -d ${D}/${sysconfdir}/smack/accesses.d
     cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user <<EOF
 System User::App-Shared rwxat
@@ -22,7 +22,7 @@ EOF
     chmod 0644 ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user
 }
 
-pkg_postinst_${PN}_append_smack() {
+pkg_postinst_${PN}_append_with-lsm-smack() {
     chsmack -r -a 'User::Home' -t -D $D/${sysconfdir}/skel
     chsmack -a 'User::App-Shared' -D $D/${sysconfdir}/skel/app-data
     cp -rTf --preserve=all $D/${sysconfdir}/skel $D/${ROOT_HOME}
diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend
index 0c9efe465..a8d04ab6d 100644
--- a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend
+++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend
@@ -1,7 +1,6 @@
 RDEPENDS_${PN} += "\
 	xmlsec1 \
 	cynara \
-	dbus-cynara \
 	security-manager \
 	security-manager-policy \
 	agl-users \
diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
index 92b79572f..61c933a7e 100644
--- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
+++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend
@@ -1,6 +1,6 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:"
 
-PACKAGE_WRITE_DEPS_append_smack = " smack-userspace-native"
+PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
 
 SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \
 	     file://init-security-manager-db.service \
diff --git a/meta-app-framework/recipes-kernel/linux/linux-%.bbappend b/meta-app-framework/recipes-kernel/linux/linux-%.bbappend
index 02595efdf..fba5bf13d 100644
--- a/meta-app-framework/recipes-kernel/linux/linux-%.bbappend
+++ b/meta-app-framework/recipes-kernel/linux/linux-%.bbappend
@@ -1,3 +1,3 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
-SRC_URI_append_smack = " file://audit.cfg"
+SRC_URI_append_with-lsm-smack = " file://audit.cfg"
 
diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
index b1eadaffa..5ae62d586 100644
--- a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
+++ b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.12.bbappend
@@ -3,7 +3,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.12:"
 #-------------------------------------------------------------------------
 # smack patches for handling bluetooth
 
-SRC_URI_append_smack = "\
+SRC_URI_append_with-lsm-smack = "\
 	file://0002-smack-fix-cache-of-access-labels.patch \
 	file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \
 	file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \
diff --git a/meta-app-framework/recipes-security/cynara/cynara_git.bbappend b/meta-app-framework/recipes-security/cynara/cynara_git.bbappend
deleted file mode 100644
index 4c38da1cc..000000000
--- a/meta-app-framework/recipes-security/cynara/cynara_git.bbappend
+++ /dev/null
@@ -1,44 +0,0 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
-SRC_URI_append = " file://0001-gcc-7-requires-include-functional-for-std-function.patch"
-
-CXXFLAGS_append = " -Wimplicit-fallthrough=0"
-
-pkg_postinst_${PN} () {
-   # Fail on error.
-   set -e
-
-   # It would be nice to run the code below while building an image,
-   # but currently the calls to cynara-db-chsgen (a binary) in
-   # cynara-db-migration (a script) prevent that. Rely instead
-   # on OE's support for running failed postinst scripts at first boot.
-   if [ x"$D" != "x" ]; then
-      exit 1
-   fi
-
-   mkdir -p $D${sysconfdir}/cynara
-   ${CHSMACK} -a System $D${sysconfdir}/cynara
-
-   # Strip git patch level information, the version comparison code
-   # in cynara-db-migration only expect major.minor.patch version numbers.
-   VERSION=${@d.getVar('PV',d,1).split('+git')[0]}
-   if [ -d $D${localstatedir}/cynara ] ; then
-      # upgrade
-      echo "NOTE: updating cynara DB to version $VERSION"
-      $D${sbindir}/cynara-db-migration upgrade -f 0.0.0 -t $VERSION
-   else
-      # install
-      echo "NOTE: creating cynara DB for version $VERSION"
-      mkdir -p $D${localstatedir}/cynara
-      ${CHSMACK} -a System $D${localstatedir}/cynara
-      $D${sbindir}/cynara-db-migration install -t $VERSION
-   fi
-
-   # Workaround for systemd.bbclass issue: it would call
-   # "systemctl start" without "--no-block", but because
-   # the service is not ready to run at the time when
-   # this scripts gets executed by run-postinsts.service,
-   # booting deadlocks.
-   echo "NOTE: enabling and starting cynara service"
-   systemctl enable cynara
-   systemctl start --no-block cynara
-}
diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch b/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch
deleted file mode 100644
index c92df77f0..000000000
--- a/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 1e39acf581ef47876b058da41774cbc92560d797 Mon Sep 17 00:00:00 2001
-From: Manuel Bachmann <manuel.bachmann@iot.bzh>
-Date: Wed, 27 Jan 2016 14:16:40 +0100
-Subject: [PATCH] Only require libxslt in .pc files when necessary
-
-If we build xmlsec without libxslt ("--without-libxslt" at
-configure time), dependent packages will still require it
-because it is unconditionally mentioned in .pc files (used
-by pkg-config).
-
-We now make sure that this dependency is mentioned only if
-the configure script validates libxslt presence.
-
-Signed-off-by: Manuel Bachmann <manuel.bachmann@iot.bzh>
----
- configure.in         | 4 ++++
- xmlsec-gcrypt.pc.in  | 2 +-
- xmlsec-gnutls.pc.in  | 2 +-
- xmlsec-nss.pc.in     | 2 +-
- xmlsec-openssl.pc.in | 2 +-
- xmlsec.pc.in         | 2 +-
- 6 files changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 7d976d0..a8350a9 100644
---- a/configure.in
-+++ b/configure.in
-@@ -255,6 +255,7 @@ dnl ==========================================================================
- dnl find libxslt
- dnl ==========================================================================
- XMLSEC_NO_LIBXSLT="1"
-+LIBXSLT_COND="libxslt >="
- LIBXSLT_MIN_VERSION=1.0.20
- LIBXSLT_CONFIG="xslt-config"
- LIBXSLT_CFLAGS=""
-@@ -324,6 +325,8 @@ fi
- if test "z$LIBXSLT_FOUND" = "zyes" ; then
-     XMLSEC_NO_LIBXSLT="0"
- else
-+    LIBXSLT_COND=""
-+    LIBXSLT_MIN_VERSION=""
-     XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XSLT=1"
- fi
- 
-@@ -332,6 +335,7 @@ AC_SUBST(LIBXSLT_CFLAGS)
- AC_SUBST(LIBXSLT_LIBS)
- AC_SUBST(LIBXSLT_CONFIG)
- AC_SUBST(LIBXSLT_MIN_VERSION)
-+AC_SUBST(LIBXSLT_COND)
- 
- dnl ==========================================================================
- dnl See if we can find a crypto library
-diff --git a/xmlsec-gcrypt.pc.in b/xmlsec-gcrypt.pc.in
-index 1c00496..33bc2ff 100644
---- a/xmlsec-gcrypt.pc.in
-+++ b/xmlsec-gcrypt.pc.in
-@@ -6,6 +6,6 @@ includedir=@includedir@
- Name: xmlsec1-gcrypt
- Version: @VERSION@
- Description: XML Security Library implements XML Signature and XML Encryption standards
--Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
-+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@
- Cflags: -DXMLSEC_CRYPTO=\"gcrypt\" @XMLSEC_GCRYPT_CFLAGS@
- Libs: @XMLSEC_GCRYPT_LIBS@
-diff --git a/xmlsec-gnutls.pc.in b/xmlsec-gnutls.pc.in
-index e538cd4..d01cf82 100644
---- a/xmlsec-gnutls.pc.in
-+++ b/xmlsec-gnutls.pc.in
-@@ -6,6 +6,6 @@ includedir=@includedir@
- Name: xmlsec1-gnutls
- Version: @VERSION@
- Description: XML Security Library implements XML Signature and XML Encryption standards
--Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
-+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@
- Cflags: -DXMLSEC_CRYPTO=\"gnutls\" @XMLSEC_GNUTLS_CFLAGS@
- Libs: @XMLSEC_GNUTLS_LIBS@
-diff --git a/xmlsec-nss.pc.in b/xmlsec-nss.pc.in
-index a6d6c5c..75f0232 100644
---- a/xmlsec-nss.pc.in
-+++ b/xmlsec-nss.pc.in
-@@ -6,6 +6,6 @@ includedir=@includedir@
- Name: xmlsec1-nss
- Version: @VERSION@
- Description: XML Security Library implements XML Signature and XML Encryption standards
--Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ @NSPR_PACKAGE@ >= @MOZILLA_MIN_VERSION@ @NSS_PACKAGE@ >= @MOZILLA_MIN_VERSION@
-+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ @NSPR_PACKAGE@ >= @MOZILLA_MIN_VERSION@ @NSS_PACKAGE@ >= @MOZILLA_MIN_VERSION@
- Cflags: -DXMLSEC_CRYPTO=\"nss\" -DXMLSEC_CRYPTO_NSS=1 @XMLSEC_CORE_CFLAGS@
- Libs: -L${libdir} -lxmlsec1-nss @XMLSEC_CORE_LIBS@
-diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in
-index 85ee2b0..e9d0651 100644
---- a/xmlsec-openssl.pc.in
-+++ b/xmlsec-openssl.pc.in
-@@ -6,6 +6,6 @@ includedir=@includedir@
- Name: xmlsec1-openssl
- Version: @VERSION@
- Description: XML Security Library implements XML Signature and XML Encryption standards
--Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ 
-+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@
- Cflags: -DXMLSEC_CRYPTO=\"openssl\" @XMLSEC_OPENSSL_CFLAGS@
- Libs: @XMLSEC_OPENSSL_LIBS@
-diff --git a/xmlsec.pc.in b/xmlsec.pc.in
-index a750ab8..14ea670 100644
---- a/xmlsec.pc.in
-+++ b/xmlsec.pc.in
-@@ -6,6 +6,6 @@ includedir=@includedir@
- Name: xmlsec1
- Version: @VERSION@
- Description: XML Security Library implements XML Signature and XML Encryption standards
--Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ 
-+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ 
- Cflags: -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@
- Libs: -L${libdir} @XMLSEC_CORE_LIBS@ 
--- 
-2.6.2
-
diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend
index 8f1972f07..ea1017a9e 100644
--- a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend
+++ b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend
@@ -1,6 +1,4 @@
-FILESEXTRAPATHS_append := ":${THISDIR}/${PN}"
-SRC_URI += "file://Only-require-libxslt-in-.pc-files-when-necessary.patch"
 
-DEPENDS += "libxml2"
+DEPENDS = "libtool libxml2 libxslt openssl"
 
 BBCLASSEXTEND = "native nativesdk"
author	Jan-Simon Möller <jsmoeller@linuxfoundation.org>	2018-02-14 10:55:35 +0100
committer	Jan-Simon Möller <jsmoeller@linuxfoundation.org>	2018-02-14 10:55:35 +0100
commit	317c8a08a6b5943517e67c5ea80b0a9a83a10d63 (patch)
tree	bf2b27dc9068924b59b46d2e153936c77be954c3 /meta-app-framework
parent	b6dc44f585b839ab1a2f0133b74958037fe1cb64 (diff)
parent	c9ce37905acd879db107eafe309678053073e086 (diff)