[Buildroot] [PATCH v9 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1

Thomas Petazzoni thomas.petazzoni at free-electrons.com
Tue Oct 17 21:23:37 UTC 2017


Hello,

On Tue, 17 Oct 2017 15:18:52 -0400, Adam Duskett wrote:
> The reason for combining these patches is because the
> old version of setools is not compatible iwth libsepol 2.7.  If a user where
> to do a git pull on a patch that only updates libsepol or setools, the build
> would fail to compile.
> 
> setools has been completely rewritten in python instead of C.
> 
> The current version of setools includes a few programs that require
> python-qt5 or python-networkx to run, however the package does not
> check to see if these exist when compiling, and will install the scripts
> to the target directory even if they don't exist.
> 
> In the case of python-networkx, this package is not available on Buildroot.
> The scripts that require them are: sedta and seinfoflow.
> In the case of python-qt5, qpol is the script that requires it.
>
> - Remove host variant of setools as it is no longer a dependency for
>   policycoreutils.

This is no longer true: there is a host variant of setools, and it is
used.

> - setup.py also includes the "Werror" flag, however compilers before gcc6
>   cause a few autogenerated variables to not be initialized before use,
>   causing the build to fail.
>   To fix this, sed is used before compiling to remove the Werror flag.

This is no longer true, you use a patch.

> +SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
> +SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-flex host-swig

Are you sure you need python-setuptools on the target ?


> +define HOST_SETOOLS_FIX_SETUP
> +	# By default, setup.py will look for libsepol.a in the host machines
> +	# /usr/lib directory. This needs to be changed to the host directory.
> +	$(SED) "s at base_lib_dirs =.*@base_lib_dirs = ['$(HOST_DIR)/usr/lib']@g" \

$(HOST_DIR)/lib, the $(HOST_DIR)/usr folder has been removed.

> +# sedta and seinfoflow depends on python-networkx. This package is not

depends -> depend

> +# available in buildroot.
> +define SETOOLS_REMOVE_BROKEN_SCRIPTS
> +	$(RM) $(TARGET_DIR)/usr/bin/sedta
> +	$(RM) $(TARGET_DIR)/usr/bin/seinfoflow
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_BROKEN_SCRIPTS
> +
> +# apol requires pyqt5, but is installed even if it's not installed.

"is installed even if it's not installed", wow a bit weird :)

Perhaps: "apol requires pyqt5. However, the setools installation
process will install apol even if pyqt5 is missing." Or something
better than what I propose :)

> +# Remove these scripts from the target it pyqt5 is not selected.
> +ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
> +define SETOOLS_REMOVE_QT_SCRIPTS
> +	$(RM) $(TARGET_DIR)/usr/bin/apol
> +	$(RM) -r $(TARGET_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
> +endif
>  
> -HOST_SETOOLS_CONF_ENV += \
> -	am_cv_pathless_PYTHON=python \
> -	ac_cv_path_PYTHON=$(HOST_DIR)/bin/python \
> -	am_cv_python_platform=linux2 \
> -	am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
> -	am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> -	am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> -	am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
> +# sedta and seinfoflow depends on python-networkx. This package is not
> +# available in buildroot. pyqt5 is not a host-package, remove apol
> +# from the host directory as well.
> +define HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
> +	$(RM) $(HOST_DIR)/usr/bin/sedta
> +	$(RM) $(HOST_DIR)/usr/bin/seinfoflow
> +	$(RM) $(HOST_DIR)/usr/bin/apol

$(HOST_DIR)/bin and not $(HOST_DIR)/usr/bin.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com



More information about the buildroot mailing list