diff mbox series

[meta-arago,master/scarthgap,v2,1/1] meta-arago: Enable SELinux package

Message ID 20241120172921.1881462-2-a-shenai@ti.com
State Accepted
Delegated to: Ryan Eatmon
Headers show
Series meta-arago: Enable SELinux package | expand

Commit Message

Aashvij Shenai Nov. 20, 2024, 5:29 p.m. UTC
- This patch allows the building of selinux packages conditional on the
  layer being present via dynamic layers. Only if the meta-selinux layer
  is present, tisdk-default-image recipe will build the packagegroup.

- meta-selinux maintains a list of kernel configs that are needed for
  the kernel to include SELinux. Append these configs from the
  meta-selinux layer into our meta-ti Linux build

Signed-off-by: Aashvij Shenai <a-shenai@ti.com>
---
 meta-arago-distro/conf/layer.conf                   |  2 ++
 .../images/tisdk-default-image.bbappend             |  3 +++
 .../linux/linux-ti-staging_%.bbappend               | 13 +++++++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend
 create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend

Comments

Chirag Shilwant Nov. 21, 2024, 2:37 p.m. UTC | #1
Hi,

On 20/11/24 22:59, Aashvij Shenai wrote:
> - This patch allows the building of selinux packages conditional on the
>    layer being present via dynamic layers. Only if the meta-selinux layer
>    is present, tisdk-default-image recipe will build the packagegroup.
>
> - meta-selinux maintains a list of kernel configs that are needed for
>    the kernel to include SELinux. Append these configs from the
>    meta-selinux layer into our meta-ti Linux build


s/meta-ti/meta-arago


>
> Signed-off-by: Aashvij Shenai <a-shenai@ti.com>
> ---
>   meta-arago-distro/conf/layer.conf                   |  2 ++
>   .../images/tisdk-default-image.bbappend             |  3 +++
>   .../linux/linux-ti-staging_%.bbappend               | 13 +++++++++++++
>   3 files changed, 18 insertions(+)
>   create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend
>   create mode 100644 meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend
>
> diff --git a/meta-arago-distro/conf/layer.conf b/meta-arago-distro/conf/layer.conf
> index 00afb5b2..824c5773 100644
> --- a/meta-arago-distro/conf/layer.conf
> +++ b/meta-arago-distro/conf/layer.conf
> @@ -26,10 +26,12 @@ LAYERDEPENDS_meta-arago-distro = " \
>   
>   LAYERRECOMMENDS_meta-arago-distro = " \
>       chromium-browser-layer \
> +    selinux \
>   "
>   
>   BBFILES_DYNAMIC += " \
>       chromium-browser-layer:${LAYERDIR}/dynamic-layers/chromium-browser-layer/recipes*/*/*.bbappend \
> +    selinux:${LAYERDIR}/dynamic-layers/selinux/recipes*/*/*.bbappend \
>   "
>   
>   BB_DANGLINGAPPENDS_WARNONLY = "true"
> diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend
> new file mode 100644
> index 00000000..9c84bd83
> --- /dev/null
> +++ b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend
> @@ -0,0 +1,3 @@
> +PR:append = ".selinux0"
> +
> +IMAGE_INSTALL:append = " packagegroup-core-selinux"
> diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend
> new file mode 100644
> index 00000000..058db4f4
> --- /dev/null
> +++ b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend
> @@ -0,0 +1,13 @@
> +# The meta-selinux layer includes an selinux.cfg file containing
> +# configs necessary for the Linux kernel to enable SELinux
> +
> +# In order to reduce maintainability issues, the file will
> +# be retained in meta-selinux layer
> +
> +require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'recipes-kernel/linux/linux-yocto_selinux.inc', '', d)}
> +
> +do_configure:append() {
> +    if echo "${DISTRO_FEATURES}" | grep -q "selinux"; then
> +        cat ${WORKDIR}/selinux.cfg >> ${B}/.config


WORKDIR is fine for scarthgap but for master we should use UNPACKDIR now 
[1][2]
You might have to send a separate version with UNPACKDIR for master


[1]: 
https://git.openembedded.org/openembedded-core/commit/?id=e022d62ba917790af2121da57646271ef17c03fa
[2]: 
https://git.ti.com/cgit/arago-project/meta-ti/commit/?id=afcdfa2e638292d43cbe0eed8dc1271c95a1931e


---
Chirag


> +    fi
> +}
> \ No newline at end of file
diff mbox series

Patch

diff --git a/meta-arago-distro/conf/layer.conf b/meta-arago-distro/conf/layer.conf
index 00afb5b2..824c5773 100644
--- a/meta-arago-distro/conf/layer.conf
+++ b/meta-arago-distro/conf/layer.conf
@@ -26,10 +26,12 @@  LAYERDEPENDS_meta-arago-distro = " \
 
 LAYERRECOMMENDS_meta-arago-distro = " \
     chromium-browser-layer \
+    selinux \
 "
 
 BBFILES_DYNAMIC += " \
     chromium-browser-layer:${LAYERDIR}/dynamic-layers/chromium-browser-layer/recipes*/*/*.bbappend \
+    selinux:${LAYERDIR}/dynamic-layers/selinux/recipes*/*/*.bbappend \
 "
 
 BB_DANGLINGAPPENDS_WARNONLY = "true"
diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend
new file mode 100644
index 00000000..9c84bd83
--- /dev/null
+++ b/meta-arago-distro/dynamic-layers/selinux/recipes-core/images/tisdk-default-image.bbappend
@@ -0,0 +1,3 @@ 
+PR:append = ".selinux0"
+
+IMAGE_INSTALL:append = " packagegroup-core-selinux"
diff --git a/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend
new file mode 100644
index 00000000..058db4f4
--- /dev/null
+++ b/meta-arago-distro/dynamic-layers/selinux/recipes-kernel/linux/linux-ti-staging_%.bbappend
@@ -0,0 +1,13 @@ 
+# The meta-selinux layer includes an selinux.cfg file containing
+# configs necessary for the Linux kernel to enable SELinux
+
+# In order to reduce maintainability issues, the file will 
+# be retained in meta-selinux layer
+
+require ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'recipes-kernel/linux/linux-yocto_selinux.inc', '', d)} 
+
+do_configure:append() {
+    if echo "${DISTRO_FEATURES}" | grep -q "selinux"; then
+        cat ${WORKDIR}/selinux.cfg >> ${B}/.config
+    fi
+}
\ No newline at end of file