Message ID | 20241120172921.1881462-2-a-shenai@ti.com |
---|---|
State | Accepted |
Delegated to: | Ryan Eatmon |
Headers | show |
Series | meta-arago: Enable SELinux package | expand |
Hi, On 20/11/24 22:59, Aashvij Shenai wrote: > - This patch allows the building of selinux packages conditional on the > layer being present via dynamic layers. Only if the meta-selinux layer > is present, tisdk-default-image recipe will build the packagegroup. > > - meta-selinux maintains a list of kernel configs that are needed for > the kernel to include SELinux. Append these configs from the > meta-selinux layer into our meta-ti Linux build s/meta-ti/meta-arago > > Signed-off-by: Aashvij Shenai <a-shenai@ti.com> > --- > meta-arago-distro/conf/layer.conf | 2 ++ > .../images/tisdk-default-image.bbappend | 3 +++ > .../linux/linux-ti-staging_%.bbappend | 13 +++++++++++++ > 3 files changed, 18 insertions(+) > create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend > create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend > > diff --git a/meta-arago-distro/conf/layer.conf b/meta-arago-distro/conf/layer.conf > index 00afb5b2..824c5773 100644 > --- a/meta-arago-distro/conf/layer.conf > +++ b/meta-arago-distro/conf/layer.conf > @@ -26,10 +26,12 @@ LAYERDEPENDS_meta-arago-distro = " \ > > LAYERRECOMMENDS_meta-arago-distro = " \ > chromium-browser-layer \ > + selinux \ > " > > BBFILES_DYNAMIC += " \ > chromium-browser-layer:${LAYERDIR}/dynamic-layers/chromium-browser-layer/recipes*/*/*.bbappend \ > + selinux:${LAYERDIR}/dynamic-layers/selinux/recipes*/*/*.bbappend \ > " > > BB_DANGLINGAPPENDS_WARNONLY = "true" > diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend > new file mode 100644 > index 00000000..9c84bd83 > --- /dev/null > +++ b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend > @@ -0,0 +1,3 @@ > +PR:append = ".selinux0" > + > +IMAGE_INSTALL:append = " packagegroup-core-selinux" > diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend > new file mode 100644 > index 00000000..058db4f4 > --- /dev/null > +++ b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend > @@ -0,0 +1,13 @@ > +# The meta-selinux layer includes an selinux.cfg file containing > +# configs necessary for the Linux kernel to enable SELinux > + > +# In order to reduce maintainability issues, the file will > +# be retained in meta-selinux layer > + > +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'recipes-kernel/linux/linux-yocto_selinux.inc', '', d)} > + > +do_configure:append() { > + if echo "${DISTRO_FEATURES}" | grep -q "selinux"; then > + cat ${WORKDIR}/selinux.cfg >> ${B}/.config WORKDIR is fine for scarthgap but for master we should use UNPACKDIR now [1][2] You might have to send a separate version with UNPACKDIR for master [1]: https://git.openembedded.org/openembedded-core/commit/?id=e022d62ba917790af2121da57646271ef17c03fa [2]: https://git.ti.com/cgit/arago-project/meta-ti/commit/?id=afcdfa2e638292d43cbe0eed8dc1271c95a1931e --- Chirag > + fi > +} > \ No newline at end of file
diff --git a/meta-arago-distro/conf/layer.conf b/meta-arago-distro/conf/layer.conf index 00afb5b2..824c5773 100644 --- a/meta-arago-distro/conf/layer.conf +++ b/meta-arago-distro/conf/layer.conf @@ -26,10 +26,12 @@ LAYERDEPENDS_meta-arago-distro = " \ LAYERRECOMMENDS_meta-arago-distro = " \ chromium-browser-layer \ + selinux \ " BBFILES_DYNAMIC += " \ chromium-browser-layer:${LAYERDIR}/dynamic-layers/chromium-browser-layer/recipes*/*/*.bbappend \ + selinux:${LAYERDIR}/dynamic-layers/selinux/recipes*/*/*.bbappend \ " BB_DANGLINGAPPENDS_WARNONLY = "true" diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend new file mode 100644 index 00000000..9c84bd83 --- /dev/null +++ b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend @@ -0,0 +1,3 @@ +PR:append = ".selinux0" + +IMAGE_INSTALL:append = " packagegroup-core-selinux" diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend new file mode 100644 index 00000000..058db4f4 --- /dev/null +++ b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend @@ -0,0 +1,13 @@ +# The meta-selinux layer includes an selinux.cfg file containing +# configs necessary for the Linux kernel to enable SELinux + +# In order to reduce maintainability issues, the file will +# be retained in meta-selinux layer + +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'recipes-kernel/linux/linux-yocto_selinux.inc', '', d)} + +do_configure:append() { + if echo "${DISTRO_FEATURES}" | grep -q "selinux"; then + cat ${WORKDIR}/selinux.cfg >> ${B}/.config + fi +} \ No newline at end of file
- This patch allows the building of selinux packages conditional on the layer being present via dynamic layers. Only if the meta-selinux layer is present, tisdk-default-image recipe will build the packagegroup. - meta-selinux maintains a list of kernel configs that are needed for the kernel to include SELinux. Append these configs from the meta-selinux layer into our meta-ti Linux build Signed-off-by: Aashvij Shenai <a-shenai@ti.com> --- meta-arago-distro/conf/layer.conf | 2 ++ .../images/tisdk-default-image.bbappend | 3 +++ .../linux/linux-ti-staging_%.bbappend | 13 +++++++++++++ 3 files changed, 18 insertions(+) create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend