diff mbox

[1/2] smack: new package.

Message ID 1398020044-21021-2-git-send-email-eric.le.bihan.dev@free.fr
State Accepted
Headers show

Commit Message

Eric Le Bihan April 20, 2014, 6:54 p.m. UTC 
SMACK stands for Simplified Mandatory Access Control Kernel. It is a Linux
Security Module which provides a Mandatory Access Control mechanism,
like SELinux, but aiming towards simplicity.

This package provides the tools to load/unload the policy from the
kernel as well as a library allowing applications to interact with
SMACK. The proper kernel options are also set.

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
---
 linux/linux.mk          |  4 ++++
 package/Config.in       |  1 +
 package/smack/Config.in | 28 ++++++++++++++++++++++++++++
 package/smack/smack.mk  | 14 ++++++++++++++
 4 files changed, 47 insertions(+)
 create mode 100644 package/smack/Config.in
 create mode 100644 package/smack/smack.mk

Comments

Thomas Petazzoni April 21, 2014, 10:19 a.m. UTC | #1 
Dear Eric Le Bihan,

On Sun, 20 Apr 2014 20:54:03 +0200, Eric Le Bihan wrote:

> diff --git a/package/smack/Config.in b/package/smack/Config.in
> new file mode 100644
> index 0000000..971b79a
> --- /dev/null
> +++ b/package/smack/Config.in
> @@ -0,0 +1,28 @@
> +config BR2_PACKAGE_SMACK
> +	bool "smack"

Dependency on !BR2_PREFER_STATIC_LIB was missing, due to <dlfcn.h>
usage. Remember to build test your packages with
http://autobuild.buildroot.org/toolchains/configs/free-electrons/bfin-linux-uclibc.config
(to test !MMU) and
http://autobuild.buildroot.org/toolchains/configs/free-electrons/bfin-uclinux.config
(to test !MMU and BR2_PREFER_STATIC_LIB).


> +SMACK_VERSION = 1.0.4
> +SMACK_SITE = $(call github,smack-team,smack,v$(SMACK_VERSION))
> +SMACK_LICENSE = LGPLv2.1+

License is actually LGPLv2.1, according to comment headers in the
source code.

> +SMACK_LICENSE_FILES = COPYING
> +SMACK_INSTALL_STAGING = YES
> +SMACK_AUTORECONF = YES

Dependency on host-pkgconf was missing, the configure.ac script uses
PKG_CHECK_MODULES.

Applied with those changes,

Thomas
Thomas Petazzoni April 21, 2014, 11:55 a.m. UTC | #2 
Dear Eric Le Bihan,

On Mon, 21 Apr 2014 13:56:07 +0200, Eric Le Bihan wrote:

> Thanks for the polishing! Wouldn't it be useful to add a stanza in the
> docs/manual/contribute.txt about performing some compliancy tests using these
> two configurations before submitting new packages? Are there any other
> criteria that could fit compliancy tests/checklist?

While reviewing these packages, I was indeed thinking of writing a
"package addition check list" for the manual. But I'm wondering if this
wouldn't replicate quite a lot of informations already in the manual,
though it's true the idea of testing with some specific toolchain
configurations isn't written anywhere.

Thomas
Eric Le Bihan April 21, 2014, 11:56 a.m. UTC | #3 
Hi!

On Mon, Apr 21, 2014 at 12:19:01PM +0200, Thomas Petazzoni wrote:
> Dear Eric Le Bihan,
>
> On Sun, 20 Apr 2014 20:54:03 +0200, Eric Le Bihan wrote:
>
> > diff --git a/package/smack/Config.in b/package/smack/Config.in
> > new file mode 100644
> > index 0000000..971b79a
> > --- /dev/null
> > +++ b/package/smack/Config.in
> > @@ -0,0 +1,28 @@
> > +config BR2_PACKAGE_SMACK
> > +	bool "smack"
>
> Dependency on !BR2_PREFER_STATIC_LIB was missing, due to <dlfcn.h>
> usage. Remember to build test your packages with
> http://autobuild.buildroot.org/toolchains/configs/free-electrons/bfin-linux-uclibc.config
> (to test !MMU) and
> http://autobuild.buildroot.org/toolchains/configs/free-electrons/bfin-uclinux.config
> (to test !MMU and BR2_PREFER_STATIC_LIB).
Thanks for the polishing! Wouldn't it be useful to add a stanza in the
docs/manual/contribute.txt about performing some compliancy tests using these
two configurations before submitting new packages? Are there any other
criteria that could fit compliancy tests/checklist?

Best regards,
ELB
Thomas De Schampheleire April 21, 2014, 12:49 p.m. UTC | #4 
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> schreef:
>Dear Eric Le Bihan,
>
>On Mon, 21 Apr 2014 13:56:07 +0200, Eric Le Bihan wrote:
>
>> Thanks for the polishing! Wouldn't it be useful to add a stanza in the
>> docs/manual/contribute.txt about performing some compliancy tests using these
>> two configurations before submitting new packages? Are there any other
>> criteria that could fit compliancy tests/checklist?
>
>While reviewing these packages, I was indeed thinking of writing a
>"package addition check list" for the manual. But I'm wondering if this
>wouldn't replicate quite a lot of informations already in the manual,
>though it's true the idea of testing with some specific toolchain
>configurations isn't written anywhere.

I certainly think a checklist would be a good addition to the manual. The checklist would not contain details, but only references to other parts of the manual.

Adding a list of toolchain configurations to test packages with is also on my todo list but I haven't gotten around these improvements yet...

Best regards,
Thomas
Peter Korsgaard April 24, 2014, 8:14 p.m. UTC | #5 
>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin@gmail.com> writes:

Hi,

 >> While reviewing these packages, I was indeed thinking of writing a
 >> "package addition check list" for the manual. But I'm wondering if this
 >> wouldn't replicate quite a lot of informations already in the manual,
 >> though it's true the idea of testing with some specific toolchain
 >> configurations isn't written anywhere.

 > I certainly think a checklist would be a good addition to the
 > manual. The checklist would not contain details, but only references
 > to other parts of the manual.

 > Adding a list of toolchain configurations to test packages with is
 > also on my todo list but I haven't gotten around these improvements
 > yet...

Perhaps we need something like checkpatch.pl to test a package with the
various toolchain combinations?
Thomas Petazzoni April 25, 2014, 7:16 a.m. UTC | #6 
Dear Peter Korsgaard,

On Thu, 24 Apr 2014 22:14:34 +0200, Peter Korsgaard wrote:

>  >> While reviewing these packages, I was indeed thinking of writing a
>  >> "package addition check list" for the manual. But I'm wondering if this
>  >> wouldn't replicate quite a lot of informations already in the manual,
>  >> though it's true the idea of testing with some specific toolchain
>  >> configurations isn't written anywhere.
> 
>  > I certainly think a checklist would be a good addition to the
>  > manual. The checklist would not contain details, but only references
>  > to other parts of the manual.
> 
>  > Adding a list of toolchain configurations to test packages with is
>  > also on my todo list but I haven't gotten around these improvements
>  > yet...
> 
> Perhaps we need something like checkpatch.pl to test a package with the
> various toolchain combinations?

That could work with the packages that don't have crazy dependencies.
But as soon as the package starts depending on OpenGL or things like
that, it would be more difficult I believe.

Thomas
diff mbox

Patch

diff --git a/linux/linux.mk b/linux/linux.mk
index e270705..bd3f2ac 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -200,6 +200,10 @@  define LINUX_CONFIGURE_CMDS
 		$(call KCONFIG_ENABLE_OPT,CONFIG_AUTOFS4_FS,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_ACL,$(@D)/.config)
 		$(call KCONFIG_ENABLE_OPT,CONFIG_TMPFS_POSIX_XATTR,$(@D)/.config))
+	$(if $(BR2_PACKAGE_SMACK),
+		$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY,$(@D)/.config)
+		$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SMACK,$(@D)/.config)
+		$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK,$(@D)/.config))
 	$(if $(BR2_LINUX_KERNEL_APPENDED_DTB),
 		$(call KCONFIG_ENABLE_OPT,CONFIG_ARM_APPENDED_DTB,$(@D)/.config))
 	yes '' | $(TARGET_MAKE_ENV) $(MAKE1) $(LINUX_MAKE_FLAGS) -C $(@D) oldconfig
diff --git a/package/Config.in b/package/Config.in
index 44c35ea..323596e 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1104,6 +1104,7 @@  source "package/quota/Config.in"
 if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
 source "package/rsyslog/Config.in"
 endif
+source "package/smack/Config.in"
 source "package/supervisor/Config.in"
 if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
 source "package/sysklogd/Config.in"
diff --git a/package/smack/Config.in b/package/smack/Config.in
new file mode 100644
index 0000000..971b79a
--- /dev/null
+++ b/package/smack/Config.in
@@ -0,0 +1,28 @@ 
+config BR2_PACKAGE_SMACK
+	bool "smack"
+	help
+	  User space programs and libraries for SMACK.
+
+	  SMACK stands for Simplified Mandatory Access Control Kernel.
+	  It is a Linux Security Module which provides a Mandatory Access
+	  Control mechanism, aimed towards simplicity.
+
+	  This package provides a library which allows applications to work
+	  with SMACK and tools to load/unload rules from the kernel, as well
+	  as query the policy.
+
+	  SMACK requires the following kernel options to be enabled:
+
+	  - CONFIG_SECURITY
+	  - CONFIG_SECURITY_SMACK
+	  - CONFIG_SECURITY_NETWORK
+
+	  These options will be automatically enabled by Buildroot if it is
+	  responsible for building the kernel. Otherwise, if you are building
+	  your kernel outside of Buildroot, make sure these options are
+	  enabled.
+
+	  To activate SMACK, do not forget to add "security=smack" to your
+	  kernel command line.
+
+	  https://github.com/smack-team/smack
diff --git a/package/smack/smack.mk b/package/smack/smack.mk
new file mode 100644
index 0000000..41f71a4
--- /dev/null
+++ b/package/smack/smack.mk
@@ -0,0 +1,14 @@ 
+################################################################################
+#
+# smack
+#
+################################################################################
+
+SMACK_VERSION = 1.0.4
+SMACK_SITE = $(call github,smack-team,smack,v$(SMACK_VERSION))
+SMACK_LICENSE = LGPLv2.1+
+SMACK_LICENSE_FILES = COPYING
+SMACK_INSTALL_STAGING = YES
+SMACK_AUTORECONF = YES
+
+$(eval $(autotools-package))