[Buildroot] [PATCH v3 3/3] setools: update to add sedta and seinfoflow

Jared Bents jared.bents at rockwellcollins.com
Wed Mar 21 13:06:32 UTC 2018 

Yegor,

On Wed, Mar 21, 2018 at 5:04 AM, Yegor Yefremov
<yegorslists at googlemail.com> wrote:
> On Tue, Mar 20, 2018 at 9:39 PM, Jared Bents
> <jared.bents at rockwellcollins.com> wrote:
>> Update to add sedta and seinfoflow to setools
>>
>> Signed-off-by: Jared Bents <jared.bents at rockwellcollins.com>
>
> Reviewed-by: Yegor Yefremov <yegorslists at googlemail.com>
>
> Just curious what BR package is really uses host-setools with Python
> functionality. I've built refpolicy without setools'
> host-python-networx dependency and the build was successful.
>
> Yegor
>

I don't think any package needs host-setools as nothing selects
setools from what I can tell.  I can also build and use refpolicy
without host-setools but the security team on my project is using
host-setools for analysis.  I am assuming host-setools is listed as a
host dependency for refpolicy so that if a user selects setools, the
host package gets built for the user to use.

Jared

>> --
>> v2 -> v3: Update to remove target dependencies change but kept
>>           the host package dependency as it is required for
>>           host-python-networkx to be built and thus available
>>           at runtime
>> v1 -> v2: No change
>>
>> ---
>>  package/setools/Config.in  |  2 ++
>>  package/setools/setools.mk | 16 ++--------------
>>  2 files changed, 4 insertions(+), 14 deletions(-)
>>
>> diff --git a/package/setools/Config.in b/package/setools/Config.in
>> index ae0c45f..32a9315 100644
>> --- a/package/setools/Config.in
>> +++ b/package/setools/Config.in
>> @@ -8,6 +8,7 @@ config BR2_PACKAGE_SETOOLS
>>         depends on BR2_USE_MMU
>>         select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
>>         select BR2_PACKAGE_PYTHON_ENUM34 if !BR2_PACKAGE_PYTHON3
>> +       select BR2_PACKAGE_PYTHON_NETWORKX
>>         select BR2_PACKAGE_PYTHON_SETUPTOOLS
>>         select BR2_PACKAGE_LIBSELINUX
>>         help
>> @@ -16,6 +17,7 @@ config BR2_PACKAGE_SETOOLS
>>            * apol - analyze a SELinux policy. (requires python-qt5)
>>            * sediff - semantic policy difference tool for SELinux.
>>            * sedta - Perform domain transition analyses
>> +          * seinfoflow - information flow analysis for SELinux
>>            * sesearch - Search rules (allow, type_transition, etc.)
>>
>>           https://github.com/TresysTechnology/setools
>> diff --git a/package/setools/setools.mk b/package/setools/setools.mk
>> index 6748c95..1ed7e97 100644
>> --- a/package/setools/setools.mk
>> +++ b/package/setools/setools.mk
>> @@ -11,7 +11,7 @@ SETOOLS_INSTALL_STAGING = YES
>>  SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
>>  SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
>>  SETOOLS_SETUP_TYPE = setuptools
>> -HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol
>> +HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-python-networkx
>>
>>  ifeq ($(BR2_PACKAGE_PYTHON3),y)
>>  SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
>> @@ -36,14 +36,6 @@ define HOST_SETOOLS_FIX_SETUP
>>  endef
>>  HOST_SETOOLS_POST_PATCH_HOOKS += HOST_SETOOLS_FIX_SETUP
>>
>> -# sedta and seinfoflow depend on python-networkx. This package is not
>> -# available in buildroot.
>> -define SETOOLS_REMOVE_BROKEN_SCRIPTS
>> -       $(RM) $(TARGET_DIR)/usr/bin/sedta
>> -       $(RM) $(TARGET_DIR)/usr/bin/seinfoflow
>> -endef
>> -SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_BROKEN_SCRIPTS
>> -
>>  # apol requires pyqt5. However, the setools installation
>>  # process will install apol even if pyqt5 is missing.
>>  # Remove these scripts from the target it pyqt5 is not selected.
>> @@ -55,12 +47,8 @@ endef
>>  SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
>>  endif
>>
>> -# sedta and seinfoflow depend on python-networkx. This package is not
>> -# available in buildroot. pyqt5 is not a host-package, remove apol
>> -# from the host directory as well.
>> +# pyqt5 is not a host-package, remove apol from the host directory.
>>  define HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
>> -       $(RM) $(HOST_DIR)/bin/sedta
>> -       $(RM) $(HOST_DIR)/bin/seinfoflow
>>         $(RM) $(HOST_DIR)/bin/apol
>>  endef
>>  HOST_SETOOLS_POST_INSTALL_HOOKS += HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
>> --
>> 1.9.1
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot

More information about the buildroot mailing list