diff --git a/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend b/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend index c1e8ed6..b01ad25 100644 --- a/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend +++ b/meta-python/recipes-extended/augeas/augeas/augeas_%.bbappend @@ -1 +1 @@ -inherit with-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend index 81fe7b7..7719d3b 100644 --- a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend +++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_%.bbappend @@ -1 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc new file mode 100644 index 0000000..81fe7b7 --- /dev/null +++ b/networking-layer/recipes-daemons/iscsi-initiator-utils/iscsi-initiator-utils_selinux.inc @@ -0,0 +1 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" diff --git a/recipes-connectivity/bind/bind_%.bbappend b/recipes-connectivity/bind/bind_%.bbappend index a15e045..7719d3b 100644 --- a/recipes-connectivity/bind/bind_%.bbappend +++ b/recipes-connectivity/bind/bind_%.bbappend @@ -1,13 +1 @@ -PR .= ".3" - -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" - -SRC_URI += "file://volatiles.04_bind" - -do_install_append() { - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind - - sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\ - [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind -} +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-connectivity/bind/bind_selinux.inc b/recipes-connectivity/bind/bind_selinux.inc new file mode 100644 index 0000000..1dfef8a --- /dev/null +++ b/recipes-connectivity/bind/bind_selinux.inc @@ -0,0 +1,11 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI += "file://volatiles.04_bind" + +do_install_append() { + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind + + sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\ + [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind +} diff --git a/recipes-connectivity/dhcp/dhcp_%.bbappend b/recipes-connectivity/dhcp/dhcp_%.bbappend index 2d2232c..7719d3b 100644 --- a/recipes-connectivity/dhcp/dhcp_%.bbappend +++ b/recipes-connectivity/dhcp/dhcp_%.bbappend @@ -1,3 +1 @@ -inherit selinux - -FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-connectivity/dhcp/dhcp_selinux.inc b/recipes-connectivity/dhcp/dhcp_selinux.inc new file mode 100644 index 0000000..08389f1 --- /dev/null +++ b/recipes-connectivity/dhcp/dhcp_selinux.inc @@ -0,0 +1,3 @@ +inherit selinux + +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" diff --git a/recipes-connectivity/iproute2/iproute2_%.bbappend b/recipes-connectivity/iproute2/iproute2_%.bbappend index c866b54..7719d3b 100644 --- a/recipes-connectivity/iproute2/iproute2_%.bbappend +++ b/recipes-connectivity/iproute2/iproute2_%.bbappend @@ -1,9 +1 @@ -inherit with-selinux - -do_configure_append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'true', 'false', d)}; then - sed -i 's/\(HAVE_SELINUX:=\).*/\1y/' ${B}/Config - else - sed -i 's/\(HAVE_SELINUX:=\).*/\1n/' ${B}/Config - fi -} +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-connectivity/iproute2/iproute2_selinux.inc b/recipes-connectivity/iproute2/iproute2_selinux.inc new file mode 100644 index 0000000..b0a7ffe --- /dev/null +++ b/recipes-connectivity/iproute2/iproute2_selinux.inc @@ -0,0 +1,5 @@ +inherit with-selinux + +do_configure_append() { + sed -i 's/\(HAVE_SELINUX:=\).*/\1y/' ${B}/Config +} diff --git a/recipes-connectivity/openssh/openssh_%.bbappend b/recipes-connectivity/openssh/openssh_%.bbappend index 223b8cf..7719d3b 100644 --- a/recipes-connectivity/openssh/openssh_%.bbappend +++ b/recipes-connectivity/openssh/openssh_%.bbappend @@ -1,13 +1 @@ -PR .= ".5" - -inherit with-selinux - -FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}" - -# There is no distro feature just for audit. If we want it, -# uncomment the following. -# -#PACKAGECONFIG += "${@target_selinux(d, 'audit')}" - -PACKAGECONFIG[audit] = "--with-audit=linux,--without-audit,audit," - +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-connectivity/openssh/openssh_selinux.inc b/recipes-connectivity/openssh/openssh_selinux.inc new file mode 100644 index 0000000..ebd2721 --- /dev/null +++ b/recipes-connectivity/openssh/openssh_selinux.inc @@ -0,0 +1,9 @@ +inherit with-selinux + +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +# There is no distro feature just for audit. +PACKAGECONFIG_append = " audit" + +PACKAGECONFIG[audit] = "--with-audit=linux,--without-audit,audit," + diff --git a/recipes-core/busybox/busybox_%.bbappend b/recipes-core/busybox/busybox_%.bbappend index b4935b2..7719d3b 100644 --- a/recipes-core/busybox/busybox_%.bbappend +++ b/recipes-core/busybox/busybox_%.bbappend @@ -1,87 +1 @@ -PR .= ".1" - -FILES_${PN} += "${libdir}/${PN}" - -# We should use sh wrappers instead of links so the commands could get correct -# security labels -python create_sh_wrapper_reset_alternative_vars () { - # We need to load the full set of busybox provides from the /etc/busybox.links - # Use this to see the update-alternatives with the right information - - dvar = d.getVar('D', True) - pn = d.getVar('PN', True) - - def create_sh_alternative_vars(links, target, mode): - import shutil - # Create sh wrapper template - fwp = open("busybox_wrapper", 'w') - fwp.write("#!%s" % (target)) - os.fchmod(fwp.fileno(), mode) - fwp.close() - # Install the sh wrappers and alternatives reset to link to them - wpdir = os.path.join(d.getVar('libdir', True), pn) - wpdir_dest = '%s%s' % (dvar, wpdir) - if not os.path.exists(wpdir_dest): - os.makedirs(wpdir_dest) - f = open('%s%s' % (dvar, links), 'r') - for alt_link_name in f: - alt_link_name = alt_link_name.strip() - alt_name = os.path.basename(alt_link_name) - # Copy script wrapper to wp_path - alt_wppath = '%s%s' % (wpdir, alt_link_name) - alt_wppath_dest = '%s%s' % (wpdir_dest, alt_link_name) - alt_wpdir_dest = os.path.dirname(alt_wppath_dest) - if not os.path.exists(alt_wpdir_dest): - os.makedirs(alt_wpdir_dest) - shutil.copy2("busybox_wrapper", alt_wppath_dest) - # Re-set alternatives - # Match coreutils - if alt_name == '[': - alt_name = 'lbracket' - d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name) - d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name) - if os.path.exists(alt_wppath_dest): - d.setVarFlag('ALTERNATIVE_TARGET', alt_name, alt_wppath) - f.close() - - os.remove("busybox_wrapper") - return - - if os.path.exists('%s/etc/busybox.links' % (dvar)): - create_sh_alternative_vars("/etc/busybox.links", "/bin/busybox", 0o0755) - else: - create_sh_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid", 0o0755) - create_sh_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid", 0o4755) -} - -# Add to PACKAGEBUILDPKGD so it could override the alternatives, which are set in -# do_package_prepend() section of busybox_*.bb. -PACKAGEBUILDPKGD_prepend = "create_sh_wrapper_reset_alternative_vars " - -# Use sh wrappers instead of links -pkg_postinst_${PN} () { - # This part of code is dedicated to the on target upgrade problem. - # It's known that if we don't make appropriate symlinks before update-alternatives calls, - # there will be errors indicating missing commands such as 'sed'. - # These symlinks will later be updated by update-alternatives calls. - test -n 2 > /dev/null || alias test='busybox test' - if test "x$D" = "x"; then - # Remove busybox.nosuid if it's a symlink, because this situation indicates - # that we're installing or upgrading to a one-binary busybox. - if test -h /bin/busybox.nosuid; then - rm -f /bin/busybox.nosuid - fi - for suffix in "" ".nosuid" ".suid"; do - if test -e /etc/busybox.links$suffix; then - while read link; do - if test ! -e "$link"; then - # we can use busybox here because even if we are using splitted busybox - # we've made a symlink from /bin/busybox to /bin/busybox.nosuid. - busybox echo "#!/bin/busybox$suffix" > $link - fi - done < /etc/busybox.links$suffix - fi - done - fi -} - +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-core/busybox/busybox_selinux.inc b/recipes-core/busybox/busybox_selinux.inc new file mode 100644 index 0000000..3f20815 --- /dev/null +++ b/recipes-core/busybox/busybox_selinux.inc @@ -0,0 +1,85 @@ +FILES_${PN} += "${libdir}/${PN}" + +# We should use sh wrappers instead of links so the commands could get correct +# security labels +python create_sh_wrapper_reset_alternative_vars () { + # We need to load the full set of busybox provides from the /etc/busybox.links + # Use this to see the update-alternatives with the right information + + dvar = d.getVar('D', True) + pn = d.getVar('PN', True) + + def create_sh_alternative_vars(links, target, mode): + import shutil + # Create sh wrapper template + fwp = open("busybox_wrapper", 'w') + fwp.write("#!%s" % (target)) + os.fchmod(fwp.fileno(), mode) + fwp.close() + # Install the sh wrappers and alternatives reset to link to them + wpdir = os.path.join(d.getVar('libdir', True), pn) + wpdir_dest = '%s%s' % (dvar, wpdir) + if not os.path.exists(wpdir_dest): + os.makedirs(wpdir_dest) + f = open('%s%s' % (dvar, links), 'r') + for alt_link_name in f: + alt_link_name = alt_link_name.strip() + alt_name = os.path.basename(alt_link_name) + # Copy script wrapper to wp_path + alt_wppath = '%s%s' % (wpdir, alt_link_name) + alt_wppath_dest = '%s%s' % (wpdir_dest, alt_link_name) + alt_wpdir_dest = os.path.dirname(alt_wppath_dest) + if not os.path.exists(alt_wpdir_dest): + os.makedirs(alt_wpdir_dest) + shutil.copy2("busybox_wrapper", alt_wppath_dest) + # Re-set alternatives + # Match coreutils + if alt_name == '[': + alt_name = 'lbracket' + d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name) + d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name) + if os.path.exists(alt_wppath_dest): + d.setVarFlag('ALTERNATIVE_TARGET', alt_name, alt_wppath) + f.close() + + os.remove("busybox_wrapper") + return + + if os.path.exists('%s/etc/busybox.links' % (dvar)): + create_sh_alternative_vars("/etc/busybox.links", "/bin/busybox", 0o0755) + else: + create_sh_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid", 0o0755) + create_sh_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid", 0o4755) +} + +# Add to PACKAGEBUILDPKGD so it could override the alternatives, which are set in +# do_package_prepend() section of busybox_*.bb. +PACKAGEBUILDPKGD_prepend = "create_sh_wrapper_reset_alternative_vars " + +# Use sh wrappers instead of links +pkg_postinst_${PN} () { + # This part of code is dedicated to the on target upgrade problem. + # It's known that if we don't make appropriate symlinks before update-alternatives calls, + # there will be errors indicating missing commands such as 'sed'. + # These symlinks will later be updated by update-alternatives calls. + test -n 2 > /dev/null || alias test='busybox test' + if test "x$D" = "x"; then + # Remove busybox.nosuid if it's a symlink, because this situation indicates + # that we're installing or upgrading to a one-binary busybox. + if test -h /bin/busybox.nosuid; then + rm -f /bin/busybox.nosuid + fi + for suffix in "" ".nosuid" ".suid"; do + if test -e /etc/busybox.links$suffix; then + while read link; do + if test ! -e "$link"; then + # we can use busybox here because even if we are using splitted busybox + # we've made a symlink from /bin/busybox to /bin/busybox.nosuid. + busybox echo "#!/bin/busybox$suffix" > $link + fi + done < /etc/busybox.links$suffix + fi + done + fi +} + diff --git a/recipes-core/coreutils/coreutils_%.bbappend b/recipes-core/coreutils/coreutils_%.bbappend index c1e8ed6..7b9a2dc 100644 --- a/recipes-core/coreutils/coreutils_%.bbappend +++ b/recipes-core/coreutils/coreutils_%.bbappend @@ -1 +1,2 @@ -inherit with-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} + diff --git a/recipes-core/dbus/dbus_%.bbappend b/recipes-core/dbus/dbus_%.bbappend index 8c11cac..ee221e2 100644 --- a/recipes-core/dbus/dbus_%.bbappend +++ b/recipes-core/dbus/dbus_%.bbappend @@ -1 +1,2 @@ -inherit enable-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)} + diff --git a/recipes-core/eudev/eudev_%.bbappend b/recipes-core/eudev/eudev_%.bbappend index e1e7cd1..b0b03ec 100644 --- a/recipes-core/eudev/eudev_%.bbappend +++ b/recipes-core/eudev/eudev_%.bbappend @@ -1,3 +1,2 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} -inherit enable-selinux diff --git a/recipes-core/eudev/eudev_selinux.inc b/recipes-core/eudev/eudev_selinux.inc new file mode 100644 index 0000000..2ad6b13 --- /dev/null +++ b/recipes-core/eudev/eudev_selinux.inc @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +inherit enable-selinux diff --git a/recipes-core/eudev/eudev/init b/recipes-core/eudev/files/init similarity index 100% rename from recipes-core/eudev/eudev/init rename to recipes-core/eudev/files/init diff --git a/recipes-core/eudev/eudev/udev-cache b/recipes-core/eudev/files/udev-cache similarity index 100% rename from recipes-core/eudev/eudev/udev-cache rename to recipes-core/eudev/files/udev-cache diff --git a/recipes-core/glib-2.0/glib-2.0_%.bbappend b/recipes-core/glib-2.0/glib-2.0_%.bbappend index 8c11cac..74e22b3 100644 --- a/recipes-core/glib-2.0/glib-2.0_%.bbappend +++ b/recipes-core/glib-2.0/glib-2.0_%.bbappend @@ -1 +1 @@ -inherit enable-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)} diff --git a/recipes-core/initscripts/initscripts/devpts.sh b/recipes-core/initscripts/files/devpts.sh similarity index 100% rename from recipes-core/initscripts/initscripts/devpts.sh rename to recipes-core/initscripts/files/devpts.sh diff --git a/recipes-core/initscripts/initscripts-1.0_selinux.inc b/recipes-core/initscripts/initscripts-1.0_selinux.inc new file mode 100644 index 0000000..6e8a9b6 --- /dev/null +++ b/recipes-core/initscripts/initscripts-1.0_selinux.inc @@ -0,0 +1,11 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +do_install_append () { + cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh +touch /var/log/lastlog +test ! -x /sbin/restorecon || /sbin/restorecon -iRF /var/volatile/ /var/lib /run \ + /etc/resolv.conf /etc/adjtime +EOF + sed -i '/mount -n -o remount,$rootmode/i\test ! -x /sbin/restorecon || /sbin/restorecon -iRF /run' \ + ${D}${sysconfdir}/init.d/checkroot.sh +} diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend index 0fc7a5e..4f9950b 100644 --- a/recipes-core/initscripts/initscripts_1.0.bbappend +++ b/recipes-core/initscripts/initscripts_1.0.bbappend @@ -1,13 +1 @@ -PR .= ".3" - -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -do_install_append () { - cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh -touch /var/log/lastlog -test ! -x /sbin/restorecon || /sbin/restorecon -iRF /var/volatile/ /var/lib /run \ - /etc/resolv.conf /etc/adjtime -EOF - sed -i '/mount -n -o remount,$rootmode/i\test ! -x /sbin/restorecon || /sbin/restorecon -iRF /run' \ - ${D}${sysconfdir}/init.d/checkroot.sh -} +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'initscripts-1.0_selinux.inc', '', d)} diff --git a/recipes-core/libcgroup/libcgroup_%.bbappend b/recipes-core/libcgroup/libcgroup_%.bbappend index b7e0c5f..7719d3b 100644 --- a/recipes-core/libcgroup/libcgroup_%.bbappend +++ b/recipes-core/libcgroup/libcgroup_%.bbappend @@ -1,12 +1 @@ -PR .= ".3" - -EXTRA_OECONF_virtclass-native = "--enable-pam=no" - -do_install_append() { - test ! -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 || { - mv -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ${D}${base_libdir}/security/pam_cgroup.so - rm -f ${D}${base_libdir}/security/pam_cgroup.so.* - } -} - -BBCLASSEXTEND = "native" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-core/libcgroup/libcgroup_selinux.inc b/recipes-core/libcgroup/libcgroup_selinux.inc new file mode 100644 index 0000000..f81188f --- /dev/null +++ b/recipes-core/libcgroup/libcgroup_selinux.inc @@ -0,0 +1,10 @@ +EXTRA_OECONF_virtclass-native = "--enable-pam=no" + +do_install_append() { + test ! -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 || { + mv -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ${D}${base_libdir}/security/pam_cgroup.so + rm -f ${D}${base_libdir}/security/pam_cgroup.so.* + } +} + +BBCLASSEXTEND = "native" diff --git a/recipes-core/systemd/systemd_%.bbappend b/recipes-core/systemd/systemd_%.bbappend index f1bdaf8..5ac3adb 100644 --- a/recipes-core/systemd/systemd_%.bbappend +++ b/recipes-core/systemd/systemd_%.bbappend @@ -1 +1 @@ -inherit enable-audit +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-audit', '', d)} diff --git a/recipes-core/sysvinit/sysvinit-2.88dsf/sysvinit-fix-is_selinux_enabled.patch b/recipes-core/sysvinit/files/sysvinit-fix-is_selinux_enabled.patch similarity index 100% rename from recipes-core/sysvinit/sysvinit-2.88dsf/sysvinit-fix-is_selinux_enabled.patch rename to recipes-core/sysvinit/files/sysvinit-fix-is_selinux_enabled.patch diff --git a/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc b/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc new file mode 100644 index 0000000..fcfbdb7 --- /dev/null +++ b/recipes-core/sysvinit/sysvinit-2.88dsf_selinux.inc @@ -0,0 +1,11 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +B = "${S}" + +SRC_URI += "file://sysvinit-fix-is_selinux_enabled.patch" + +inherit selinux + +DEPENDS += "${LIBSELINUX}" + +EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}" diff --git a/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend b/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend index 636dc5e..9df30b6 100644 --- a/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend +++ b/recipes-core/sysvinit/sysvinit_2.88dsf.bbappend @@ -1,14 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:" - -B = "${S}" - -SRC_URI += "file://sysvinit-fix-is_selinux_enabled.patch" - -inherit selinux - -DEPENDS += "${LIBSELINUX}" - -EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}" - -PR .= ".2" - +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'sysvinit-2.88dsf_selinux.inc', '', d)} diff --git a/recipes-core/util-linux/util-linux_%.bbappend b/recipes-core/util-linux/util-linux_%.bbappend index 7695b77..b01ad25 100644 --- a/recipes-core/util-linux/util-linux_%.bbappend +++ b/recipes-core/util-linux/util-linux_%.bbappend @@ -1,3 +1 @@ -PR .= ".3" - -inherit with-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} diff --git a/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend index 7acaf48..7719d3b 100644 --- a/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend +++ b/recipes-devtools/e2fsprogs/e2fsprogs_%.bbappend @@ -1,2 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -SRC_URI += "file://misc_create_inode.c-label_rootfs.patch" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc b/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc new file mode 100644 index 0000000..9cbb7fe --- /dev/null +++ b/recipes-devtools/e2fsprogs/e2fsprogs_selinux.inc @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI += "file://misc_create_inode.c-label_rootfs.patch" diff --git a/recipes-devtools/e2fsprogs/e2fsprogs/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch b/recipes-devtools/e2fsprogs/files/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch similarity index 100% rename from recipes-devtools/e2fsprogs/e2fsprogs/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch rename to recipes-devtools/e2fsprogs/files/lib-ext2fs-ext2_ext_attr.h-add-xattr-index.patch diff --git a/recipes-devtools/e2fsprogs/e2fsprogs/misc_create_inode.c-label_rootfs.patch b/recipes-devtools/e2fsprogs/files/misc_create_inode.c-label_rootfs.patch similarity index 100% rename from recipes-devtools/e2fsprogs/e2fsprogs/misc_create_inode.c-label_rootfs.patch rename to recipes-devtools/e2fsprogs/files/misc_create_inode.c-label_rootfs.patch diff --git a/recipes-devtools/prelink/prelink_git.bbappend b/recipes-devtools/prelink/prelink_git.bbappend index 366fdf5..74e22b3 100644 --- a/recipes-devtools/prelink/prelink_git.bbappend +++ b/recipes-devtools/prelink/prelink_git.bbappend @@ -1,3 +1 @@ -PR .= ".2" - -inherit enable-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)} diff --git a/recipes-devtools/python/python/sitecustomize.py b/recipes-devtools/python/files/sitecustomize.py similarity index 100% rename from recipes-devtools/python/python/sitecustomize.py rename to recipes-devtools/python/files/sitecustomize.py diff --git a/recipes-devtools/python/python_%.bbappend b/recipes-devtools/python/python_%.bbappend index 9eefd2d..7719d3b 100644 --- a/recipes-devtools/python/python_%.bbappend +++ b/recipes-devtools/python/python_%.bbappend @@ -1,3 +1 @@ -inherit selinux -# If selinux enabled, disable handlers to rw command history file -FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/${PN}:')}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-devtools/python/python_selinux.inc b/recipes-devtools/python/python_selinux.inc new file mode 100644 index 0000000..bb54a90 --- /dev/null +++ b/recipes-devtools/python/python_selinux.inc @@ -0,0 +1,5 @@ +# If selinux enabled, disable handlers to rw command history file +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +inherit selinux + diff --git a/recipes-devtools/rpm/rpm_%.bbappend b/recipes-devtools/rpm/rpm_%.bbappend index 9f3ec90..7719d3b 100644 --- a/recipes-devtools/rpm/rpm_%.bbappend +++ b/recipes-devtools/rpm/rpm_%.bbappend @@ -1,4 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -inherit with-selinux -PACKAGECONFIG[selinux] = "${WITH_SELINUX},${WITHOUT_SELINUX},libsemanage," +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-devtools/rpm/rpm_selinux.inc b/recipes-devtools/rpm/rpm_selinux.inc new file mode 100644 index 0000000..983dda7 --- /dev/null +++ b/recipes-devtools/rpm/rpm_selinux.inc @@ -0,0 +1,2 @@ +inherit with-selinux +PACKAGECONFIG[selinux] = "${WITH_SELINUX},${WITHOUT_SELINUX},libsemanage," diff --git a/recipes-extended/at/at_%.bbappend b/recipes-extended/at/at_%.bbappend index c1e8ed6..b01ad25 100644 --- a/recipes-extended/at/at_%.bbappend +++ b/recipes-extended/at/at_%.bbappend @@ -1 +1 @@ -inherit with-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} diff --git a/recipes-extended/cronie/cronie_%.bbappend b/recipes-extended/cronie/cronie_%.bbappend index a398bec..cfa56ca 100644 --- a/recipes-extended/cronie/cronie_%.bbappend +++ b/recipes-extended/cronie/cronie_%.bbappend @@ -1,3 +1,2 @@ -PR .= ".2" - -inherit with-selinux with-audit +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-audit', '', d)} +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} diff --git a/recipes-extended/findutils/findutils_4.6.%.bbappend b/recipes-extended/findutils/findutils_4.6.%.bbappend index a24a14f..b01ad25 100644 --- a/recipes-extended/findutils/findutils_4.6.%.bbappend +++ b/recipes-extended/findutils/findutils_4.6.%.bbappend @@ -1,2 +1 @@ -inherit with-selinux - +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} diff --git a/recipes-extended/logrotate/logrotate_%.bbappend b/recipes-extended/logrotate/logrotate_%.bbappend index 1bdca98..7719d3b 100644 --- a/recipes-extended/logrotate/logrotate_%.bbappend +++ b/recipes-extended/logrotate/logrotate_%.bbappend @@ -1,5 +1 @@ -inherit selinux - -DEPENDS += "${LIBSELINUX}" - -EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-extended/logrotate/logrotate_selinux.inc b/recipes-extended/logrotate/logrotate_selinux.inc new file mode 100644 index 0000000..1bdca98 --- /dev/null +++ b/recipes-extended/logrotate/logrotate_selinux.inc @@ -0,0 +1,5 @@ +inherit selinux + +DEPENDS += "${LIBSELINUX}" + +EXTRA_OEMAKE += "${@target_selinux(d, 'WITH_SELINUX=\"yes\"')}" diff --git a/recipes-extended/lsof/lsof_%.bbappend b/recipes-extended/lsof/lsof_%.bbappend index 793b13f..7719d3b 100644 --- a/recipes-extended/lsof/lsof_%.bbappend +++ b/recipes-extended/lsof/lsof_%.bbappend @@ -1,16 +1 @@ -PR .= ".2" - -inherit selinux - -DEPENDS += "${LIBSELINUX}" - -do_configure_prepend () { - export LINUX_HASSELINUX="${@target_selinux(d, 'Y', 'N')}" - export LSOF_CFGF="${CFLAGS}" - export LSOF_CFGL="${LDFLAGS}" - export LSOF_CC="${BUILD_CC}" -} - -do_compile () { - oe_runmake 'CC=${CC}' 'DEBUG=' -} +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-extended/lsof/lsof_selinux.inc b/recipes-extended/lsof/lsof_selinux.inc new file mode 100644 index 0000000..6691b4c --- /dev/null +++ b/recipes-extended/lsof/lsof_selinux.inc @@ -0,0 +1,14 @@ +inherit selinux + +DEPENDS += "${LIBSELINUX}" + +do_configure_prepend () { + export LINUX_HASSELINUX="${@target_selinux(d, 'Y', 'N')}" + export LSOF_CFGF="${CFLAGS}" + export LSOF_CFGL="${LDFLAGS}" + export LSOF_CC="${BUILD_CC}" +} + +do_compile () { + oe_runmake 'CC=${CC}' 'DEBUG=' +} diff --git a/recipes-extended/net-tools/net-tools/netstat-selinux-support.patch b/recipes-extended/net-tools/files/netstat-selinux-support.patch similarity index 100% rename from recipes-extended/net-tools/net-tools/netstat-selinux-support.patch rename to recipes-extended/net-tools/files/netstat-selinux-support.patch diff --git a/recipes-extended/net-tools/net-tools_%.bbappend b/recipes-extended/net-tools/net-tools_%.bbappend index e99a5bc..7719d3b 100644 --- a/recipes-extended/net-tools/net-tools_%.bbappend +++ b/recipes-extended/net-tools/net-tools_%.bbappend @@ -1,11 +1 @@ -PR .= ".2" - -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -SRC_URI += "file://netstat-selinux-support.patch" - -inherit selinux - -DEPENDS += "${LIBSELINUX}" - -EXTRA_OEMAKE += "${@target_selinux(d, 'HAVE_SELINUX=1', 'HAVE_SELINUX=0')}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-extended/net-tools/net-tools_selinux.inc b/recipes-extended/net-tools/net-tools_selinux.inc new file mode 100644 index 0000000..cc3196f --- /dev/null +++ b/recipes-extended/net-tools/net-tools_selinux.inc @@ -0,0 +1,9 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI += "file://netstat-selinux-support.patch" + +inherit selinux + +DEPENDS += "${LIBSELINUX}" + +EXTRA_OEMAKE += "${@target_selinux(d, 'HAVE_SELINUX=1', 'HAVE_SELINUX=0')}" diff --git a/recipes-extended/pam/libpam_%.bbappend b/recipes-extended/pam/libpam_%.bbappend index adcf938..7719d3b 100644 --- a/recipes-extended/pam/libpam_%.bbappend +++ b/recipes-extended/pam/libpam_%.bbappend @@ -1,3 +1 @@ -inherit enable-selinux - -RDEPENDS_${PN}-runtime += "${@target_selinux(d, 'pam-plugin-selinux')}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-extended/pam/libpam_selinux.inc b/recipes-extended/pam/libpam_selinux.inc new file mode 100644 index 0000000..adcf938 --- /dev/null +++ b/recipes-extended/pam/libpam_selinux.inc @@ -0,0 +1,3 @@ +inherit enable-selinux + +RDEPENDS_${PN}-runtime += "${@target_selinux(d, 'pam-plugin-selinux')}" diff --git a/recipes-extended/parted/parted_%.bbappend b/recipes-extended/parted/parted_%.bbappend index 366fdf5..74e22b3 100644 --- a/recipes-extended/parted/parted_%.bbappend +++ b/recipes-extended/parted/parted_%.bbappend @@ -1,3 +1 @@ -PR .= ".2" - -inherit enable-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)} diff --git a/recipes-extended/psmisc/psmisc_%.bbappend b/recipes-extended/psmisc/psmisc_%.bbappend index bbb84f4..74e22b3 100644 --- a/recipes-extended/psmisc/psmisc_%.bbappend +++ b/recipes-extended/psmisc/psmisc_%.bbappend @@ -1,5 +1 @@ -PR .= ".2" - -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -inherit enable-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)} diff --git a/recipes-extended/sed/sed_4.2.2.bbappend b/recipes-extended/sed/sed_4.2.2.bbappend index 7695b77..b01ad25 100644 --- a/recipes-extended/sed/sed_4.2.2.bbappend +++ b/recipes-extended/sed/sed_4.2.2.bbappend @@ -1,3 +1 @@ -PR .= ".3" - -inherit with-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} diff --git a/recipes-extended/shadow/shadow_%.bbappend b/recipes-extended/shadow/shadow_%.bbappend index b7ccf40..7719d3b 100644 --- a/recipes-extended/shadow/shadow_%.bbappend +++ b/recipes-extended/shadow/shadow_%.bbappend @@ -1,7 +1 @@ -PR .= ".1" - -inherit with-selinux with-audit - -PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage," - -FILESEXTRAPATHS_prepend := "${@target_selinux(d, '${THISDIR}/files:')}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-extended/shadow/shadow_selinux.inc b/recipes-extended/shadow/shadow_selinux.inc new file mode 100644 index 0000000..496ea6a --- /dev/null +++ b/recipes-extended/shadow/shadow_selinux.inc @@ -0,0 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +inherit with-selinux with-audit + +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage," + diff --git a/recipes-extended/sudo/sudo_%.bbappend b/recipes-extended/sudo/sudo_%.bbappend index 5ad8973..b01ad25 100644 --- a/recipes-extended/sudo/sudo_%.bbappend +++ b/recipes-extended/sudo/sudo_%.bbappend @@ -1,3 +1 @@ -PR .= ".2" - -inherit with-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'with-selinux', '', d)} diff --git a/recipes-extended/sysklogd/sysklogd_%.bbappend b/recipes-extended/sysklogd/sysklogd_%.bbappend index 81fe7b7..7719d3b 100644 --- a/recipes-extended/sysklogd/sysklogd_%.bbappend +++ b/recipes-extended/sysklogd/sysklogd_%.bbappend @@ -1 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-extended/sysklogd/sysklogd_selinux.inc b/recipes-extended/sysklogd/sysklogd_selinux.inc new file mode 100644 index 0000000..81fe7b7 --- /dev/null +++ b/recipes-extended/sysklogd/sysklogd_selinux.inc @@ -0,0 +1 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" diff --git a/recipes-extended/tar/tar_%.bbappend b/recipes-extended/tar/tar_%.bbappend index 4b48777..7719d3b 100644 --- a/recipes-extended/tar/tar_%.bbappend +++ b/recipes-extended/tar/tar_%.bbappend @@ -1,6 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -inherit with-selinux - - -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-extended/tar/tar_selinux.inc b/recipes-extended/tar/tar_selinux.inc new file mode 100644 index 0000000..341df8b --- /dev/null +++ b/recipes-extended/tar/tar_selinux.inc @@ -0,0 +1,3 @@ +inherit with-selinux + +PACKAGECONFIG_append = "${@bb.utils.contains('DISTRO_FEATURES', 'acl', ' acl', '', d)}" diff --git a/recipes-graphics/mesa/mesa_%.bbappend b/recipes-graphics/mesa/mesa_%.bbappend index 0004f71..b0b03ec 100644 --- a/recipes-graphics/mesa/mesa_%.bbappend +++ b/recipes-graphics/mesa/mesa_%.bbappend @@ -1,6 +1,2 @@ -inherit enable-selinux +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} -# But wait! There's more! mesa builds a host program named builtin_compiler -# and it needs selinux, too. We replace the PACKAGECONFIG[] in the bbclass. -# -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux libselinux-native," diff --git a/recipes-graphics/mesa/mesa_selinux.inc b/recipes-graphics/mesa/mesa_selinux.inc new file mode 100644 index 0000000..0004f71 --- /dev/null +++ b/recipes-graphics/mesa/mesa_selinux.inc @@ -0,0 +1,6 @@ +inherit enable-selinux + +# But wait! There's more! mesa builds a host program named builtin_compiler +# and it needs selinux, too. We replace the PACKAGECONFIG[] in the bbclass. +# +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux libselinux-native," diff --git a/recipes-graphics/xcb/libxcb_%.bbappend b/recipes-graphics/xcb/libxcb_%.bbappend index f1bd5a8..7719d3b 100644 --- a/recipes-graphics/xcb/libxcb_%.bbappend +++ b/recipes-graphics/xcb/libxcb_%.bbappend @@ -1,8 +1 @@ -PR .= ".1" - -inherit enable-selinux -# libxcb-xselinux will not build with libselinux, so remove the depend -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,," - -PACKAGES += "${PN}-xselinux" -FILES_${PN}-xselinux += "${libdir}/libxcb-xselinux.so.*" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-graphics/xcb/libxcb_selinux.inc b/recipes-graphics/xcb/libxcb_selinux.inc new file mode 100644 index 0000000..29bdadb --- /dev/null +++ b/recipes-graphics/xcb/libxcb_selinux.inc @@ -0,0 +1,6 @@ +inherit enable-selinux +# libxcb-xselinux will not build with libselinux, so remove the depend +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,," + +PACKAGES += "${PN}-xselinux" +FILES_${PN}-xselinux += "${libdir}/libxcb-xselinux.so.*" diff --git a/recipes-kernel/linux/linux-yocto/selinux.cfg b/recipes-kernel/linux/files/selinux.cfg similarity index 100% rename from recipes-kernel/linux/linux-yocto/selinux.cfg rename to recipes-kernel/linux/files/selinux.cfg diff --git a/recipes-kernel/linux/linux-yocto_4.%.bbappend b/recipes-kernel/linux/linux-yocto_4.%.bbappend index a8c0647..7719d3b 100644 --- a/recipes-kernel/linux/linux-yocto_4.%.bbappend +++ b/recipes-kernel/linux/linux-yocto_4.%.bbappend @@ -1,8 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" - -# Enable selinux support in the kernel if the feature is enabled -SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}" - -# For inconsistent kallsyms data bug on ARM -# http://lists.infradead.org/pipermail/linux-arm-kernel/2012-March/thread.html#89718 -EXTRA_OEMAKE += "${@bb.utils.contains('TARGET_ARCH', 'arm', ' KALLSYMS_EXTRA_PASS=1', '', d)}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-kernel/linux/linux-yocto_selinux.inc b/recipes-kernel/linux/linux-yocto_selinux.inc new file mode 100644 index 0000000..3312e06 --- /dev/null +++ b/recipes-kernel/linux/linux-yocto_selinux.inc @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +# Enable selinux support in the kernel if the feature is enabled +SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'file://selinux.cfg', '', d)}" diff --git a/recipes-kernel/perf/perf.bbappend b/recipes-kernel/perf/perf.bbappend index 93df43e..b0b03ec 100644 --- a/recipes-kernel/perf/perf.bbappend +++ b/recipes-kernel/perf/perf.bbappend @@ -1 +1,2 @@ -DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'audit', '', d)}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} + diff --git a/recipes-kernel/perf/perf_selinux.inc b/recipes-kernel/perf/perf_selinux.inc new file mode 100644 index 0000000..bed3cc2 --- /dev/null +++ b/recipes-kernel/perf/perf_selinux.inc @@ -0,0 +1 @@ +DEPENDS .= "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', ' audit', '', d)}" diff --git a/recipes-support/attr/attr_%.bbappend b/recipes-support/attr/attr_%.bbappend index 6be8191..7719d3b 100644 --- a/recipes-support/attr/attr_%.bbappend +++ b/recipes-support/attr/attr_%.bbappend @@ -1,5 +1 @@ -inherit selinux - -FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" - -SRC_URI += "${@target_selinux(d, 'file://fix-ptest-failures-when-selinux-enabled.patch')}" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-support/attr/attr_selinux.inc b/recipes-support/attr/attr_selinux.inc new file mode 100644 index 0000000..ba0314e --- /dev/null +++ b/recipes-support/attr/attr_selinux.inc @@ -0,0 +1,5 @@ +inherit selinux + +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI += "file://fix-ptest-failures-when-selinux-enabled.patch" diff --git a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch b/recipes-support/attr/files/fix-ptest-failures-when-selinux-enabled.patch similarity index 100% rename from recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch rename to recipes-support/attr/files/fix-ptest-failures-when-selinux-enabled.patch diff --git a/recipes-support/gnupg/gnupg_2.%.bbappend b/recipes-support/gnupg/gnupg_2.%.bbappend index 12571b4..7719d3b 100644 --- a/recipes-support/gnupg/gnupg_2.%.bbappend +++ b/recipes-support/gnupg/gnupg_2.%.bbappend @@ -1,3 +1 @@ -inherit enable-selinux -# gnupg will not build with libselinux, so remove the depend -PACKAGECONFIG[selinux] = "--enable-selinux-support,--disable-selinux-support,," +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-support/gnupg/gnupg_selinux.inc b/recipes-support/gnupg/gnupg_selinux.inc new file mode 100644 index 0000000..12571b4 --- /dev/null +++ b/recipes-support/gnupg/gnupg_selinux.inc @@ -0,0 +1,3 @@ +inherit enable-selinux +# gnupg will not build with libselinux, so remove the depend +PACKAGECONFIG[selinux] = "--enable-selinux-support,--disable-selinux-support,," diff --git a/recipes-support/libpcre/libpcre_%.bbappend b/recipes-support/libpcre/libpcre_%.bbappend index ad18d61..7719d3b 100644 --- a/recipes-support/libpcre/libpcre_%.bbappend +++ b/recipes-support/libpcre/libpcre_%.bbappend @@ -1,14 +1 @@ -PR .= "9" - -do_install_append () { - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - realsofile=`readlink ${D}${libdir}/libpcre.so` - mkdir -p ${D}/${base_libdir}/ - mv -f ${D}${libdir}/libpcre.so.* ${D}${base_libdir}/ - relpath=${@os.path.relpath("${base_libdir}", "${libdir}")} - ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so - ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so.1 - fi -} - -FILES_${PN} += "${base_libdir}/libpcre.so.*" +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', '${BPN}_selinux.inc', '', d)} diff --git a/recipes-support/libpcre/libpcre_selinux.inc b/recipes-support/libpcre/libpcre_selinux.inc new file mode 100644 index 0000000..59c0184 --- /dev/null +++ b/recipes-support/libpcre/libpcre_selinux.inc @@ -0,0 +1,12 @@ +do_install_append () { + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + realsofile=`readlink ${D}${libdir}/libpcre.so` + mkdir -p ${D}/${base_libdir}/ + mv -f ${D}${libdir}/libpcre.so.* ${D}${base_libdir}/ + relpath=${@os.path.relpath("${base_libdir}", "${libdir}")} + ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so + ln -sf ${relpath}/${realsofile} ${D}${libdir}/libpcre.so.1 + fi +} + +FILES_${PN} += "${base_libdir}/libpcre.so.*" diff --git a/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend b/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend index 8c11cac..74e22b3 100644 --- a/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend +++ b/virtualization-layer/recipes-containers/lxc/lxc_%.bbappend @@ -1 +1 @@ -inherit enable-selinux +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'enable-selinux', '', d)}