[meta-oe] libseccomp: import from meta-security

Submitted by mingli.yu@windriver.com on July 25, 2019, 7:06 a.m. | Patch ID: 163384

Details

Message ID 1564038385-372982-1-git-send-email-mingli.yu@windriver.com
State Changes Requested
Commit 8db096e97c564e4e20124c3eecc9945b1ec98183
Headers show

Commit Message

mingli.yu@windriver.com July 25, 2019, 7:06 a.m.
From: Mingli Yu <Mingli.Yu@windriver.com>

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
---
 .../recipes-security/libseccomp/files/run-ptest    |  4 +++
 .../libseccomp/libseccomp_2.4.1.bb                 | 41 ++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
 create mode 100644 meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

Patch hide | download patch | download mbox

diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest b/meta-oe/recipes-security/libseccomp/files/run-ptest
new file mode 100644
index 0000000..54b4a63
--- /dev/null
+++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
@@ -0,0 +1,4 @@ 
+#!/bin/sh
+
+cd tests
+./regression -a
diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
new file mode 100644
index 0000000..dba1be5
--- /dev/null
+++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
@@ -0,0 +1,41 @@ 
+SUMMARY = "interface to seccomp filtering mechanism"
+DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
+SECTION = "security"
+LICENSE = "LGPL-2.1"
+LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
+
+SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
+
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
+           file://run-ptest \
+"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig ptest
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
+
+do_compile_ptest() {
+    oe_runmake -C tests check-build
+}
+
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}/tests
+    install -d ${D}${PTEST_PATH}/tools
+    for file in $(find tests/* -executable -type f); do
+        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+    done
+    for file in $(find tests/*.tests -type f); do
+        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+    done
+    for file in $(find tools/* -executable -type f); do
+        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
+    done
+}
+
+FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
+FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
+
+RDEPENDS_${PN}-ptest = "bash"

Comments

Bruce Ashfield July 25, 2019, 1:45 p.m.
On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com> wrote:
>
> From: Mingli Yu <Mingli.Yu@windriver.com>

Can you share some details as to why this should be pulled from
meta-security into a different repo ?

It seems to fit the mandate of meta-security quite nicely ;)

Is there some sort of dependency issue, or other technical problem
that is causing a problem ?

Bruce

>
> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
> ---
>  .../recipes-security/libseccomp/files/run-ptest    |  4 +++
>  .../libseccomp/libseccomp_2.4.1.bb                 | 41 ++++++++++++++++++++++
>  2 files changed, 45 insertions(+)
>  create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
>  create mode 100644 meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>
> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest b/meta-oe/recipes-security/libseccomp/files/run-ptest
> new file mode 100644
> index 0000000..54b4a63
> --- /dev/null
> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +
> +cd tests
> +./regression -a
> diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> new file mode 100644
> index 0000000..dba1be5
> --- /dev/null
> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> @@ -0,0 +1,41 @@
> +SUMMARY = "interface to seccomp filtering mechanism"
> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
> +SECTION = "security"
> +LICENSE = "LGPL-2.1"
> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> +
> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> +
> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
> +           file://run-ptest \
> +"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools-brokensep pkgconfig ptest
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> +
> +do_compile_ptest() {
> +    oe_runmake -C tests check-build
> +}
> +
> +do_install_ptest() {
> +    install -d ${D}${PTEST_PATH}/tests
> +    install -d ${D}${PTEST_PATH}/tools
> +    for file in $(find tests/* -executable -type f); do
> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> +    done
> +    for file in $(find tests/*.tests -type f); do
> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> +    done
> +    for file in $(find tools/* -executable -type f); do
> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> +    done
> +}
> +
> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
> +
> +RDEPENDS_${PN}-ptest = "bash"
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
mingli.yu@windriver.com July 26, 2019, 2:31 a.m.
On 2019年07月25日 21:45, Bruce Ashfield wrote:
> On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com> wrote:
>>
>> From: Mingli Yu <Mingli.Yu@windriver.com>
>
> Can you share some details as to why this should be pulled from
> meta-security into a different repo ?

Considering there is also some security related recipe under 
meta-oe/recipes-security/, I think it's not strange to add a new one 
libseccomp and libseccomp also provides a basic common filtering mechanism.

Meanwhile, the below yocto compliance check error disappears once we
move libseccomp from meta-security to meta-oe.
ERROR: Nothing PROVIDES 'libseccomp' (but 
/buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb 
DEPENDS on or otherwise requires it).
Close matches:
libcomps
ERROR: Required build target 'meta-world-pkgdata' has no buildable 
providers.

Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
'cri-o', 'libseccomp']

Thanks,

>
> It seems to fit the mandate of meta-security quite nicely ;)
>
> Is there some sort of dependency issue, or other technical problem
> that is causing a problem ?
>
> Bruce
>
>>
>> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
>> ---
>>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
>>   .../libseccomp/libseccomp_2.4.1.bb                 | 41 ++++++++++++++++++++++
>>   2 files changed, 45 insertions(+)
>>   create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
>>   create mode 100644 meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>
>> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest b/meta-oe/recipes-security/libseccomp/files/run-ptest
>> new file mode 100644
>> index 0000000..54b4a63
>> --- /dev/null
>> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
>> @@ -0,0 +1,4 @@
>> +#!/bin/sh
>> +
>> +cd tests
>> +./regression -a
>> diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>> new file mode 100644
>> index 0000000..dba1be5
>> --- /dev/null
>> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>> @@ -0,0 +1,41 @@
>> +SUMMARY = "interface to seccomp filtering mechanism"
>> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
>> +SECTION = "security"
>> +LICENSE = "LGPL-2.1"
>> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>> +
>> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
>> +
>> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
>> +           file://run-ptest \
>> +"
>> +
>> +S = "${WORKDIR}/git"
>> +
>> +inherit autotools-brokensep pkgconfig ptest
>> +
>> +PACKAGECONFIG ??= ""
>> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
>> +
>> +do_compile_ptest() {
>> +    oe_runmake -C tests check-build
>> +}
>> +
>> +do_install_ptest() {
>> +    install -d ${D}${PTEST_PATH}/tests
>> +    install -d ${D}${PTEST_PATH}/tools
>> +    for file in $(find tests/* -executable -type f); do
>> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>> +    done
>> +    for file in $(find tests/*.tests -type f); do
>> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>> +    done
>> +    for file in $(find tools/* -executable -type f); do
>> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>> +    done
>> +}
>> +
>> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
>> +
>> +RDEPENDS_${PN}-ptest = "bash"
>> --
>> 2.7.4
>>
>> --
>> _______________________________________________
>> Openembedded-devel mailing list
>> Openembedded-devel@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
>
>
Bruce Ashfield July 26, 2019, 2:46 a.m.
On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu@windriver.com> wrote:

>
>
> On 2019年07月25日 21:45, Bruce Ashfield wrote:
> > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com> wrote:
> >>
> >> From: Mingli Yu <Mingli.Yu@windriver.com>
> >
> > Can you share some details as to why this should be pulled from
> > meta-security into a different repo ?
>
> Considering there is also some security related recipe under
> meta-oe/recipes-security/, I think it's not strange to add a new one
> libseccomp and libseccomp also provides a basic common filtering mechanism.
>

.. but it is literally churn for the sake of churn.

Meaning, that isn't a great reason to move something. If Armin wanted to
put the recipe in meta-oe, he would have done it himself.



>
> Meanwhile, the below yocto compliance check error disappears once we
> move libseccomp from meta-security to meta-oe.
> ERROR: Nothing PROVIDES 'libseccomp' (but
> /buildarea/layers/meta-virtualization/recipes-containers/cri-o/
> cri-o_git.bb
> DEPENDS on or otherwise requires it).
> Close matches:
> libcomps
> ERROR: Required build target 'meta-world-pkgdata' has no buildable
> providers.
>
> Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> 'cri-o', 'libseccomp']
>

Also not a valid reason. We've just fixed meta-virtualization, so there's
no need to shuffle something like this around, just to keep another layers
compliance check working.

Bruce



>
> Thanks,
>
> >
> > It seems to fit the mandate of meta-security quite nicely ;)
> >
> > Is there some sort of dependency issue, or other technical problem
> > that is causing a problem ?
> >
> > Bruce
> >
> >>
> >> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
> >> ---
> >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
> >>   .../libseccomp/libseccomp_2.4.1.bb                 | 41
> ++++++++++++++++++++++
> >>   2 files changed, 45 insertions(+)
> >>   create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
> >>   create mode 100644 meta-oe/recipes-security/libseccomp/
> libseccomp_2.4.1.bb
> >>
> >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >> new file mode 100644
> >> index 0000000..54b4a63
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >> @@ -0,0 +1,4 @@
> >> +#!/bin/sh
> >> +
> >> +cd tests
> >> +./regression -a
> >> diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >> new file mode 100644
> >> index 0000000..dba1be5
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >> @@ -0,0 +1,41 @@
> >> +SUMMARY = "interface to seccomp filtering mechanism"
> >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> platform independent,interface to the Linux Kernel's syscall filtering
> mechanism: seccomp."
> >> +SECTION = "security"
> >> +LICENSE = "LGPL-2.1"
> >> +LIC_FILES_CHKSUM =
> "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >> +
> >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >> +
> >> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> \
> >> +           file://run-ptest \
> >> +"
> >> +
> >> +S = "${WORKDIR}/git"
> >> +
> >> +inherit autotools-brokensep pkgconfig ptest
> >> +
> >> +PACKAGECONFIG ??= ""
> >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> >> +
> >> +do_compile_ptest() {
> >> +    oe_runmake -C tests check-build
> >> +}
> >> +
> >> +do_install_ptest() {
> >> +    install -d ${D}${PTEST_PATH}/tests
> >> +    install -d ${D}${PTEST_PATH}/tools
> >> +    for file in $(find tests/* -executable -type f); do
> >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> +    done
> >> +    for file in $(find tests/*.tests -type f); do
> >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> +    done
> >> +    for file in $(find tools/* -executable -type f); do
> >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >> +    done
> >> +}
> >> +
> >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> ${libdir}/${PN}/tools/.debug"
> >> +
> >> +RDEPENDS_${PN}-ptest = "bash"
> >> --
> >> 2.7.4
> >>
> >> --
> >> _______________________________________________
> >> Openembedded-devel mailing list
> >> Openembedded-devel@lists.openembedded.org
> >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >
> >
> >
>
mingli.yu@windriver.com July 26, 2019, 3:04 a.m.
On 2019年07月26日 10:46, Bruce Ashfield wrote:
>
>
> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu@windriver.com
> <mailto:mingli.yu@windriver.com>> wrote:
>
>
>
>     On 2019年07月25日 21:45, Bruce Ashfield wrote:
>      > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com
>     <mailto:mingli.yu@windriver.com>> wrote:
>      >>
>      >> From: Mingli Yu <Mingli.Yu@windriver.com
>     <mailto:Mingli.Yu@windriver.com>>
>      >
>      > Can you share some details as to why this should be pulled from
>      > meta-security into a different repo ?
>
>     Considering there is also some security related recipe under
>     meta-oe/recipes-security/, I think it's not strange to add a new one
>     libseccomp and libseccomp also provides a basic common filtering
>     mechanism.
>
>
> .. but it is literally churn for the sake of churn.
>
> Meaning, that isn't a great reason to move something. If Armin wanted to
> put the recipe in meta-oe, he would have done it himself.

^_^, I noticed Armin did try to do this in this thread "[oe] 
[meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe" 
in Jun 1, 2018.

>
>
>     Meanwhile, the below yocto compliance check error disappears once we
>     move libseccomp from meta-security to meta-oe.
>     ERROR: Nothing PROVIDES 'libseccomp' (but
>     /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
>     <http://cri-o_git.bb>
>     DEPENDS on or otherwise requires it).
>     Close matches:
>     libcomps
>     ERROR: Required build target 'meta-world-pkgdata' has no buildable
>     providers.
>
>     Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
>     'cri-o', 'libseccomp']
>
>
> Also not a valid reason. We've just fixed meta-virtualization, so
> there's no need to shuffle something like this around, just to keep
> another layers compliance check working.
>
> Bruce
>
>
>     Thanks,
>
>      >
>      > It seems to fit the mandate of meta-security quite nicely ;)
>      >
>      > Is there some sort of dependency issue, or other technical problem
>      > that is causing a problem ?
>      >
>      > Bruce
>      >
>      >>
>      >> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com
>     <mailto:Mingli.Yu@windriver.com>>
>      >> ---
>      >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
>      >>   .../libseccomp/libseccomp_2.4.1.bb
>     <http://libseccomp_2.4.1.bb>                 | 41 ++++++++++++++++++++++
>      >>   2 files changed, 45 insertions(+)
>      >>   create mode 100644
>     meta-oe/recipes-security/libseccomp/files/run-ptest
>      >>   create mode 100644
>     meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>     <http://libseccomp_2.4.1.bb>
>      >>
>      >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
>     b/meta-oe/recipes-security/libseccomp/files/run-ptest
>      >> new file mode 100644
>      >> index 0000000..54b4a63
>      >> --- /dev/null
>      >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
>      >> @@ -0,0 +1,4 @@
>      >> +#!/bin/sh
>      >> +
>      >> +cd tests
>      >> +./regression -a
>      >> diff --git
>     a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>     <http://libseccomp_2.4.1.bb>
>     b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>     <http://libseccomp_2.4.1.bb>
>      >> new file mode 100644
>      >> index 0000000..dba1be5
>      >> --- /dev/null
>      >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>     <http://libseccomp_2.4.1.bb>
>      >> @@ -0,0 +1,41 @@
>      >> +SUMMARY = "interface to seccomp filtering mechanism"
>      >> +DESCRIPTION = "The libseccomp library provides and easy to use,
>     platform independent,interface to the Linux Kernel's syscall
>     filtering mechanism: seccomp."
>      >> +SECTION = "security"
>      >> +LICENSE = "LGPL-2.1"
>      >> +LIC_FILES_CHKSUM =
>     "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>      >> +
>      >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
>      >> +
>      >> +SRC_URI =
>     "git://github.com/seccomp/libseccomp.git;branch=release-2.4
>     <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
>      >> +           file://run-ptest \
>      >> +"
>      >> +
>      >> +S = "${WORKDIR}/git"
>      >> +
>      >> +inherit autotools-brokensep pkgconfig ptest
>      >> +
>      >> +PACKAGECONFIG ??= ""
>      >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
>      >> +
>      >> +do_compile_ptest() {
>      >> +    oe_runmake -C tests check-build
>      >> +}
>      >> +
>      >> +do_install_ptest() {
>      >> +    install -d ${D}${PTEST_PATH}/tests
>      >> +    install -d ${D}${PTEST_PATH}/tools
>      >> +    for file in $(find tests/* -executable -type f); do
>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>      >> +    done
>      >> +    for file in $(find tests/*.tests -type f); do
>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>      >> +    done
>      >> +    for file in $(find tools/* -executable -type f); do
>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>      >> +    done
>      >> +}
>      >> +
>      >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>      >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
>     ${libdir}/${PN}/tools/.debug"
>      >> +
>      >> +RDEPENDS_${PN}-ptest = "bash"
>      >> --
>      >> 2.7.4
>      >>
>      >> --
>      >> _______________________________________________
>      >> Openembedded-devel mailing list
>      >> Openembedded-devel@lists.openembedded.org
>     <mailto:Openembedded-devel@lists.openembedded.org>
>      >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>      >
>      >
>      >
>
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
Bruce Ashfield July 26, 2019, 3:23 a.m.
On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli <mingli.yu@windriver.com> wrote:
>
>
>
> On 2019年07月26日 10:46, Bruce Ashfield wrote:
> >
> >
> > On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu@windriver.com
> > <mailto:mingli.yu@windriver.com>> wrote:
> >
> >
> >
> >     On 2019年07月25日 21:45, Bruce Ashfield wrote:
> >      > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com
> >     <mailto:mingli.yu@windriver.com>> wrote:
> >      >>
> >      >> From: Mingli Yu <Mingli.Yu@windriver.com
> >     <mailto:Mingli.Yu@windriver.com>>
> >      >
> >      > Can you share some details as to why this should be pulled from
> >      > meta-security into a different repo ?
> >
> >     Considering there is also some security related recipe under
> >     meta-oe/recipes-security/, I think it's not strange to add a new one
> >     libseccomp and libseccomp also provides a basic common filtering
> >     mechanism.
> >
> >
> > .. but it is literally churn for the sake of churn.
> >
> > Meaning, that isn't a great reason to move something. If Armin wanted to
> > put the recipe in meta-oe, he would have done it himself.
>
> ^_^, I noticed Armin did try to do this in this thread "[oe]
> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
> in Jun 1, 2018.

In that case, follow up to that thread so folks can remember why it
didn't happen, or check to see if it was simply forgotten. Putting the
maintainers on the cc' from the start of something like this helps
immensely.

But I see you added Armin to this thread, so that should be enough.

Bruce

>
> >
> >
> >     Meanwhile, the below yocto compliance check error disappears once we
> >     move libseccomp from meta-security to meta-oe.
> >     ERROR: Nothing PROVIDES 'libseccomp' (but
> >     /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> >     <http://cri-o_git.bb>
> >     DEPENDS on or otherwise requires it).
> >     Close matches:
> >     libcomps
> >     ERROR: Required build target 'meta-world-pkgdata' has no buildable
> >     providers.
> >
> >     Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> >     'cri-o', 'libseccomp']
> >
> >
> > Also not a valid reason. We've just fixed meta-virtualization, so
> > there's no need to shuffle something like this around, just to keep
> > another layers compliance check working.
> >
> > Bruce
> >
> >
> >     Thanks,
> >
> >      >
> >      > It seems to fit the mandate of meta-security quite nicely ;)
> >      >
> >      > Is there some sort of dependency issue, or other technical problem
> >      > that is causing a problem ?
> >      >
> >      > Bruce
> >      >
> >      >>
> >      >> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com
> >     <mailto:Mingli.Yu@windriver.com>>
> >      >> ---
> >      >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
> >      >>   .../libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>                 | 41 ++++++++++++++++++++++
> >      >>   2 files changed, 45 insertions(+)
> >      >>   create mode 100644
> >     meta-oe/recipes-security/libseccomp/files/run-ptest
> >      >>   create mode 100644
> >     meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >      >>
> >      >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> >     b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >      >> new file mode 100644
> >      >> index 0000000..54b4a63
> >      >> --- /dev/null
> >      >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >      >> @@ -0,0 +1,4 @@
> >      >> +#!/bin/sh
> >      >> +
> >      >> +cd tests
> >      >> +./regression -a
> >      >> diff --git
> >     a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >     b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >      >> new file mode 100644
> >      >> index 0000000..dba1be5
> >      >> --- /dev/null
> >      >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >     <http://libseccomp_2.4.1.bb>
> >      >> @@ -0,0 +1,41 @@
> >      >> +SUMMARY = "interface to seccomp filtering mechanism"
> >      >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> >     platform independent,interface to the Linux Kernel's syscall
> >     filtering mechanism: seccomp."
> >      >> +SECTION = "security"
> >      >> +LICENSE = "LGPL-2.1"
> >      >> +LIC_FILES_CHKSUM =
> >     "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >      >> +
> >      >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >      >> +
> >      >> +SRC_URI =
> >     "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> >     <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
> >      >> +           file://run-ptest \
> >      >> +"
> >      >> +
> >      >> +S = "${WORKDIR}/git"
> >      >> +
> >      >> +inherit autotools-brokensep pkgconfig ptest
> >      >> +
> >      >> +PACKAGECONFIG ??= ""
> >      >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> >      >> +
> >      >> +do_compile_ptest() {
> >      >> +    oe_runmake -C tests check-build
> >      >> +}
> >      >> +
> >      >> +do_install_ptest() {
> >      >> +    install -d ${D}${PTEST_PATH}/tests
> >      >> +    install -d ${D}${PTEST_PATH}/tools
> >      >> +    for file in $(find tests/* -executable -type f); do
> >      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >      >> +    done
> >      >> +    for file in $(find tests/*.tests -type f); do
> >      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >      >> +    done
> >      >> +    for file in $(find tools/* -executable -type f); do
> >      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >      >> +    done
> >      >> +}
> >      >> +
> >      >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >      >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> >     ${libdir}/${PN}/tools/.debug"
> >      >> +
> >      >> +RDEPENDS_${PN}-ptest = "bash"
> >      >> --
> >      >> 2.7.4
> >      >>
> >      >> --
> >      >> _______________________________________________
> >      >> Openembedded-devel mailing list
> >      >> Openembedded-devel@lists.openembedded.org
> >     <mailto:Openembedded-devel@lists.openembedded.org>
> >      >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >      >
> >      >
> >      >
> >
> >
> >
> > --
> > - Thou shalt not follow the NULL pointer, for chaos and madness await
> > thee at its end
> > - "Use the force Harry" - Gandalf, Star Trek II
> >
mingli.yu@windriver.com July 26, 2019, 8:51 a.m.
On 2019年07月26日 11:23, Bruce Ashfield wrote:
> On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli <mingli.yu@windriver.com> wrote:
>>
>>
>>
>> On 2019年07月26日 10:46, Bruce Ashfield wrote:
>>>
>>>
>>> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu@windriver.com
>>> <mailto:mingli.yu@windriver.com>> wrote:
>>>
>>>
>>>
>>>      On 2019年07月25日 21:45, Bruce Ashfield wrote:
>>>       > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com
>>>      <mailto:mingli.yu@windriver.com>> wrote:
>>>       >>
>>>       >> From: Mingli Yu <Mingli.Yu@windriver.com
>>>      <mailto:Mingli.Yu@windriver.com>>
>>>       >
>>>       > Can you share some details as to why this should be pulled from
>>>       > meta-security into a different repo ?
>>>
>>>      Considering there is also some security related recipe under
>>>      meta-oe/recipes-security/, I think it's not strange to add a new one
>>>      libseccomp and libseccomp also provides a basic common filtering
>>>      mechanism.
>>>
>>>
>>> .. but it is literally churn for the sake of churn.
>>>
>>> Meaning, that isn't a great reason to move something. If Armin wanted to
>>> put the recipe in meta-oe, he would have done it himself.
>>
>> ^_^, I noticed Armin did try to do this in this thread "[oe]
>> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
>> in Jun 1, 2018.
>
> In that case, follow up to that thread so folks can remember why it
> didn't happen, or check to see if it was simply forgotten. Putting the
> maintainers on the cc' from the start of something like this helps
> immensely.
>
> But I see you added Armin to this thread, so that should be enough.

Hi Bruce,

I'm okay to keep libseccomp under meta-security and can consider moving 
it to meta-oe if anyone thinks it is worth.

>
> Bruce
>
>>
>>>
>>>
>>>      Meanwhile, the below yocto compliance check error disappears once we
>>>      move libseccomp from meta-security to meta-oe.
>>>      ERROR: Nothing PROVIDES 'libseccomp' (but
>>>      /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
>>>      <http://cri-o_git.bb>
>>>      DEPENDS on or otherwise requires it).
>>>      Close matches:
>>>      libcomps
>>>      ERROR: Required build target 'meta-world-pkgdata' has no buildable
>>>      providers.
>>>
>>>      Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
>>>      'cri-o', 'libseccomp']

I will find other solution to solve the above error related to yocto 
compliance check.

Thanks,

>>>
>>>
>>> Also not a valid reason. We've just fixed meta-virtualization, so
>>> there's no need to shuffle something like this around, just to keep
>>> another layers compliance check working.
>>>
>>> Bruce
>>>
>>>
>>>      Thanks,
>>>
>>>       >
>>>       > It seems to fit the mandate of meta-security quite nicely ;)
>>>       >
>>>       > Is there some sort of dependency issue, or other technical problem
>>>       > that is causing a problem ?
>>>       >
>>>       > Bruce
>>>       >
>>>       >>
>>>       >> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com
>>>      <mailto:Mingli.Yu@windriver.com>>
>>>       >> ---
>>>       >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
>>>       >>   .../libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>                 | 41 ++++++++++++++++++++++
>>>       >>   2 files changed, 45 insertions(+)
>>>       >>   create mode 100644
>>>      meta-oe/recipes-security/libseccomp/files/run-ptest
>>>       >>   create mode 100644
>>>      meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>       >>
>>>       >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>      b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>       >> new file mode 100644
>>>       >> index 0000000..54b4a63
>>>       >> --- /dev/null
>>>       >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>       >> @@ -0,0 +1,4 @@
>>>       >> +#!/bin/sh
>>>       >> +
>>>       >> +cd tests
>>>       >> +./regression -a
>>>       >> diff --git
>>>      a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>      b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>       >> new file mode 100644
>>>       >> index 0000000..dba1be5
>>>       >> --- /dev/null
>>>       >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>      <http://libseccomp_2.4.1.bb>
>>>       >> @@ -0,0 +1,41 @@
>>>       >> +SUMMARY = "interface to seccomp filtering mechanism"
>>>       >> +DESCRIPTION = "The libseccomp library provides and easy to use,
>>>      platform independent,interface to the Linux Kernel's syscall
>>>      filtering mechanism: seccomp."
>>>       >> +SECTION = "security"
>>>       >> +LICENSE = "LGPL-2.1"
>>>       >> +LIC_FILES_CHKSUM =
>>>      "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>>>       >> +
>>>       >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
>>>       >> +
>>>       >> +SRC_URI =
>>>      "git://github.com/seccomp/libseccomp.git;branch=release-2.4
>>>      <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
>>>       >> +           file://run-ptest \
>>>       >> +"
>>>       >> +
>>>       >> +S = "${WORKDIR}/git"
>>>       >> +
>>>       >> +inherit autotools-brokensep pkgconfig ptest
>>>       >> +
>>>       >> +PACKAGECONFIG ??= ""
>>>       >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
>>>       >> +
>>>       >> +do_compile_ptest() {
>>>       >> +    oe_runmake -C tests check-build
>>>       >> +}
>>>       >> +
>>>       >> +do_install_ptest() {
>>>       >> +    install -d ${D}${PTEST_PATH}/tests
>>>       >> +    install -d ${D}${PTEST_PATH}/tools
>>>       >> +    for file in $(find tests/* -executable -type f); do
>>>       >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>       >> +    done
>>>       >> +    for file in $(find tests/*.tests -type f); do
>>>       >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>       >> +    done
>>>       >> +    for file in $(find tools/* -executable -type f); do
>>>       >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>>>       >> +    done
>>>       >> +}
>>>       >> +
>>>       >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>>>       >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
>>>      ${libdir}/${PN}/tools/.debug"
>>>       >> +
>>>       >> +RDEPENDS_${PN}-ptest = "bash"
>>>       >> --
>>>       >> 2.7.4
>>>       >>
>>>       >> --
>>>       >> _______________________________________________
>>>       >> Openembedded-devel mailing list
>>>       >> Openembedded-devel@lists.openembedded.org
>>>      <mailto:Openembedded-devel@lists.openembedded.org>
>>>       >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>>>       >
>>>       >
>>>       >
>>>
>>>
>>>
>>> --
>>> - Thou shalt not follow the NULL pointer, for chaos and madness await
>>> thee at its end
>>> - "Use the force Harry" - Gandalf, Star Trek II
>>>
>
>
>
Armin Kuster July 26, 2019, 8:59 a.m.
On 7/25/19 8:23 PM, Bruce Ashfield wrote:
> On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli <mingli.yu@windriver.com> wrote:
>>
>>
>> On 2019年07月26日 10:46, Bruce Ashfield wrote:
>>>
>>> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu@windriver.com
>>> <mailto:mingli.yu@windriver.com>> wrote:
>>>
>>>
>>>
>>>     On 2019年07月25日 21:45, Bruce Ashfield wrote:
>>>      > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com
>>>     <mailto:mingli.yu@windriver.com>> wrote:
>>>      >>
>>>      >> From: Mingli Yu <Mingli.Yu@windriver.com
>>>     <mailto:Mingli.Yu@windriver.com>>
>>>      >
>>>      > Can you share some details as to why this should be pulled from
>>>      > meta-security into a different repo ?
>>>
>>>     Considering there is also some security related recipe under
>>>     meta-oe/recipes-security/, I think it's not strange to add a new one
>>>     libseccomp and libseccomp also provides a basic common filtering
>>>     mechanism.
>>>
>>>
>>> .. but it is literally churn for the sake of churn.
>>>
>>> Meaning, that isn't a great reason to move something. If Armin wanted to
>>> put the recipe in meta-oe, he would have done it himself.
>> ^_^, I noticed Armin did try to do this in this thread "[oe]
>> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
>> in Jun 1, 2018.
> In that case, follow up to that thread so folks can remember why it
> didn't happen, or check to see if it was simply forgotten. Putting the
> maintainers on the cc' from the start of something like this helps
> immensely.
>
> But I see you added Armin to this thread, so that should be enough.

I am fine if we move the recipe. The issue was Khem didn't want the
"bash" dependency and I never followed up to clean that up.

I would have responded sooner but this is the first time I have reliable
Internet.

- armin
>
> Bruce
>
>>>
>>>     Meanwhile, the below yocto compliance check error disappears once we
>>>     move libseccomp from meta-security to meta-oe.
>>>     ERROR: Nothing PROVIDES 'libseccomp' (but
>>>     /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
>>>     <http://cri-o_git.bb>
>>>     DEPENDS on or otherwise requires it).
>>>     Close matches:
>>>     libcomps
>>>     ERROR: Required build target 'meta-world-pkgdata' has no buildable
>>>     providers.
>>>
>>>     Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
>>>     'cri-o', 'libseccomp']
>>>
>>>
>>> Also not a valid reason. We've just fixed meta-virtualization, so
>>> there's no need to shuffle something like this around, just to keep
>>> another layers compliance check working.
>>>
>>> Bruce
>>>
>>>
>>>     Thanks,
>>>
>>>      >
>>>      > It seems to fit the mandate of meta-security quite nicely ;)
>>>      >
>>>      > Is there some sort of dependency issue, or other technical problem
>>>      > that is causing a problem ?
>>>      >
>>>      > Bruce
>>>      >
>>>      >>
>>>      >> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com
>>>     <mailto:Mingli.Yu@windriver.com>>
>>>      >> ---
>>>      >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
>>>      >>   .../libseccomp/libseccomp_2.4.1.bb
>>>     <http://libseccomp_2.4.1.bb>                 | 41 ++++++++++++++++++++++
>>>      >>   2 files changed, 45 insertions(+)
>>>      >>   create mode 100644
>>>     meta-oe/recipes-security/libseccomp/files/run-ptest
>>>      >>   create mode 100644
>>>     meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>     <http://libseccomp_2.4.1.bb>
>>>      >>
>>>      >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>     b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>      >> new file mode 100644
>>>      >> index 0000000..54b4a63
>>>      >> --- /dev/null
>>>      >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>      >> @@ -0,0 +1,4 @@
>>>      >> +#!/bin/sh
>>>      >> +
>>>      >> +cd tests
>>>      >> +./regression -a
>>>      >> diff --git
>>>     a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>     <http://libseccomp_2.4.1.bb>
>>>     b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>     <http://libseccomp_2.4.1.bb>
>>>      >> new file mode 100644
>>>      >> index 0000000..dba1be5
>>>      >> --- /dev/null
>>>      >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>>     <http://libseccomp_2.4.1.bb>
>>>      >> @@ -0,0 +1,41 @@
>>>      >> +SUMMARY = "interface to seccomp filtering mechanism"
>>>      >> +DESCRIPTION = "The libseccomp library provides and easy to use,
>>>     platform independent,interface to the Linux Kernel's syscall
>>>     filtering mechanism: seccomp."
>>>      >> +SECTION = "security"
>>>      >> +LICENSE = "LGPL-2.1"
>>>      >> +LIC_FILES_CHKSUM =
>>>     "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>>>      >> +
>>>      >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
>>>      >> +
>>>      >> +SRC_URI =
>>>     "git://github.com/seccomp/libseccomp.git;branch=release-2.4
>>>     <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
>>>      >> +           file://run-ptest \
>>>      >> +"
>>>      >> +
>>>      >> +S = "${WORKDIR}/git"
>>>      >> +
>>>      >> +inherit autotools-brokensep pkgconfig ptest
>>>      >> +
>>>      >> +PACKAGECONFIG ??= ""
>>>      >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
>>>      >> +
>>>      >> +do_compile_ptest() {
>>>      >> +    oe_runmake -C tests check-build
>>>      >> +}
>>>      >> +
>>>      >> +do_install_ptest() {
>>>      >> +    install -d ${D}${PTEST_PATH}/tests
>>>      >> +    install -d ${D}${PTEST_PATH}/tools
>>>      >> +    for file in $(find tests/* -executable -type f); do
>>>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>      >> +    done
>>>      >> +    for file in $(find tests/*.tests -type f); do
>>>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>      >> +    done
>>>      >> +    for file in $(find tools/* -executable -type f); do
>>>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>>>      >> +    done
>>>      >> +}
>>>      >> +
>>>      >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>>>      >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
>>>     ${libdir}/${PN}/tools/.debug"
>>>      >> +
>>>      >> +RDEPENDS_${PN}-ptest = "bash"
>>>      >> --
>>>      >> 2.7.4
>>>      >>
>>>      >> --
>>>      >> _______________________________________________
>>>      >> Openembedded-devel mailing list
>>>      >> Openembedded-devel@lists.openembedded.org
>>>     <mailto:Openembedded-devel@lists.openembedded.org>
>>>      >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>>>      >
>>>      >
>>>      >
>>>
>>>
>>>
>>> --
>>> - Thou shalt not follow the NULL pointer, for chaos and madness await
>>> thee at its end
>>> - "Use the force Harry" - Gandalf, Star Trek II
>>>
>
>
Khem Raj July 26, 2019, 10:27 p.m.
On Fri, Jul 26, 2019 at 2:00 AM akuster808 <akuster808@gmail.com> wrote:
>
>
>
> On 7/25/19 8:23 PM, Bruce Ashfield wrote:
> > On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli <mingli.yu@windriver.com> wrote:
> >>
> >>
> >> On 2019年07月26日 10:46, Bruce Ashfield wrote:
> >>>
> >>> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli <mingli.yu@windriver.com
> >>> <mailto:mingli.yu@windriver.com>> wrote:
> >>>
> >>>
> >>>
> >>>     On 2019年07月25日 21:45, Bruce Ashfield wrote:
> >>>      > On Thu, Jul 25, 2019 at 3:06 AM <mingli.yu@windriver.com
> >>>     <mailto:mingli.yu@windriver.com>> wrote:
> >>>      >>
> >>>      >> From: Mingli Yu <Mingli.Yu@windriver.com
> >>>     <mailto:Mingli.Yu@windriver.com>>
> >>>      >
> >>>      > Can you share some details as to why this should be pulled from
> >>>      > meta-security into a different repo ?
> >>>
> >>>     Considering there is also some security related recipe under
> >>>     meta-oe/recipes-security/, I think it's not strange to add a new one
> >>>     libseccomp and libseccomp also provides a basic common filtering
> >>>     mechanism.
> >>>
> >>>
> >>> .. but it is literally churn for the sake of churn.
> >>>
> >>> Meaning, that isn't a great reason to move something. If Armin wanted to
> >>> put the recipe in meta-oe, he would have done it himself.
> >> ^_^, I noticed Armin did try to do this in this thread "[oe]
> >> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
> >> in Jun 1, 2018.
> > In that case, follow up to that thread so folks can remember why it
> > didn't happen, or check to see if it was simply forgotten. Putting the
> > maintainers on the cc' from the start of something like this helps
> > immensely.
> >
> > But I see you added Armin to this thread, so that should be enough.
>
> I am fine if we move the recipe. The issue was Khem didn't want the
> "bash" dependency and I never followed up to clean that up.
>

I think this cleanup would be good to have before we move this in. It
has built well
in preliminary build testing, since there are recipes in meta-oe using
this package it
will become a common place to have it so there might be value.

Other way would be to see if security-recipes in meta-oe could be
moved out into meta-security

> I would have responded sooner but this is the first time I have reliable
> Internet.
>
> - armin
> >
> > Bruce
> >
> >>>
> >>>     Meanwhile, the below yocto compliance check error disappears once we
> >>>     move libseccomp from meta-security to meta-oe.
> >>>     ERROR: Nothing PROVIDES 'libseccomp' (but
> >>>     /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> >>>     <http://cri-o_git.bb>
> >>>     DEPENDS on or otherwise requires it).
> >>>     Close matches:
> >>>     libcomps
> >>>     ERROR: Required build target 'meta-world-pkgdata' has no buildable
> >>>     providers.
> >>>
> >>>     Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> >>>     'cri-o', 'libseccomp']
> >>>
> >>>
> >>> Also not a valid reason. We've just fixed meta-virtualization, so
> >>> there's no need to shuffle something like this around, just to keep
> >>> another layers compliance check working.
> >>>
> >>> Bruce
> >>>
> >>>
> >>>     Thanks,
> >>>
> >>>      >
> >>>      > It seems to fit the mandate of meta-security quite nicely ;)
> >>>      >
> >>>      > Is there some sort of dependency issue, or other technical problem
> >>>      > that is causing a problem ?
> >>>      >
> >>>      > Bruce
> >>>      >
> >>>      >>
> >>>      >> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com
> >>>     <mailto:Mingli.Yu@windriver.com>>
> >>>      >> ---
> >>>      >>   .../recipes-security/libseccomp/files/run-ptest    |  4 +++
> >>>      >>   .../libseccomp/libseccomp_2.4.1.bb
> >>>     <http://libseccomp_2.4.1.bb>                 | 41 ++++++++++++++++++++++
> >>>      >>   2 files changed, 45 insertions(+)
> >>>      >>   create mode 100644
> >>>     meta-oe/recipes-security/libseccomp/files/run-ptest
> >>>      >>   create mode 100644
> >>>     meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>>     <http://libseccomp_2.4.1.bb>
> >>>      >>
> >>>      >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>>     b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>>      >> new file mode 100644
> >>>      >> index 0000000..54b4a63
> >>>      >> --- /dev/null
> >>>      >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>>      >> @@ -0,0 +1,4 @@
> >>>      >> +#!/bin/sh
> >>>      >> +
> >>>      >> +cd tests
> >>>      >> +./regression -a
> >>>      >> diff --git
> >>>     a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>>     <http://libseccomp_2.4.1.bb>
> >>>     b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>>     <http://libseccomp_2.4.1.bb>
> >>>      >> new file mode 100644
> >>>      >> index 0000000..dba1be5
> >>>      >> --- /dev/null
> >>>      >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>>     <http://libseccomp_2.4.1.bb>
> >>>      >> @@ -0,0 +1,41 @@
> >>>      >> +SUMMARY = "interface to seccomp filtering mechanism"
> >>>      >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> >>>     platform independent,interface to the Linux Kernel's syscall
> >>>     filtering mechanism: seccomp."
> >>>      >> +SECTION = "security"
> >>>      >> +LICENSE = "LGPL-2.1"
> >>>      >> +LIC_FILES_CHKSUM =
> >>>     "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >>>      >> +
> >>>      >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >>>      >> +
> >>>      >> +SRC_URI =
> >>>     "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> >>>     <http://github.com/seccomp/libseccomp.git;branch=release-2.4> \
> >>>      >> +           file://run-ptest \
> >>>      >> +"
> >>>      >> +
> >>>      >> +S = "${WORKDIR}/git"
> >>>      >> +
> >>>      >> +inherit autotools-brokensep pkgconfig ptest
> >>>      >> +
> >>>      >> +PACKAGECONFIG ??= ""
> >>>      >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> >>>      >> +
> >>>      >> +do_compile_ptest() {
> >>>      >> +    oe_runmake -C tests check-build
> >>>      >> +}
> >>>      >> +
> >>>      >> +do_install_ptest() {
> >>>      >> +    install -d ${D}${PTEST_PATH}/tests
> >>>      >> +    install -d ${D}${PTEST_PATH}/tools
> >>>      >> +    for file in $(find tests/* -executable -type f); do
> >>>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >>>      >> +    done
> >>>      >> +    for file in $(find tests/*.tests -type f); do
> >>>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >>>      >> +    done
> >>>      >> +    for file in $(find tools/* -executable -type f); do
> >>>      >> +        install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >>>      >> +    done
> >>>      >> +}
> >>>      >> +
> >>>      >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >>>      >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> >>>     ${libdir}/${PN}/tools/.debug"
> >>>      >> +
> >>>      >> +RDEPENDS_${PN}-ptest = "bash"
> >>>      >> --
> >>>      >> 2.7.4
> >>>      >>
> >>>      >> --
> >>>      >> _______________________________________________
> >>>      >> Openembedded-devel mailing list
> >>>      >> Openembedded-devel@lists.openembedded.org
> >>>     <mailto:Openembedded-devel@lists.openembedded.org>
> >>>      >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >>>      >
> >>>      >
> >>>      >
> >>>
> >>>
> >>>
> >>> --
> >>> - Thou shalt not follow the NULL pointer, for chaos and madness await
> >>> thee at its end
> >>> - "Use the force Harry" - Gandalf, Star Trek II
> >>>
> >
> >
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel