* [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7
@ 2017-10-17 16:14 Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 2/5] libsemanage: " Adam Duskett
` (4 more replies)
0 siblings, 5 replies; 7+ messages in thread
From: Adam Duskett @ 2017-10-17 16:14 UTC (permalink / raw)
To: buildroot
remove patch as it's in this release.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- None
Changes v2 -> v3:
- None
Changes v3 -> v4:
- None
Changes v4 -> v5:
- None
Changes v5 -> v6:
- None
Changes v6 -> v7:
- None
Changes v7 -> v8:
- None
...src-regex.c-support-old-compilers-for-the.patch | 47 ----------------------
package/libselinux/libselinux.hash | 4 +-
package/libselinux/libselinux.mk | 4 +-
3 files changed, 4 insertions(+), 51 deletions(-)
delete mode 100644 package/libselinux/0001-libselinux-src-regex.c-support-old-compilers-for-the.patch
diff --git a/package/libselinux/0001-libselinux-src-regex.c-support-old-compilers-for-the.patch b/package/libselinux/0001-libselinux-src-regex.c-support-old-compilers-for-the.patch
deleted file mode 100644
index 3bda607512..0000000000
--- a/package/libselinux/0001-libselinux-src-regex.c-support-old-compilers-for-the.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From e0803c0bdbb1abf06b6b5bb1b52fdb733505b8f7 Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Date: Wed, 25 Jan 2017 22:41:02 +1300
-Subject: [PATCH] src/regex.c: support old compilers for the endian
- check
-
-libselinux 2.6 has added some code in regex.c that uses __BYTE_ORDER__
-to determine the system endianness. Unfortunately, this definition
-provided directly by the compiler doesn't exist in older gcc versions
-such as gcc 4.4.
-
-In order to address this, this commit extends the logic to use
-<endian.h> definitions if __BYTE_ORDER__ is not provided by the
-compiler. This allows libselinux to build properly with gcc 4.4.
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
----
- src/regex.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/src/regex.c b/src/regex.c
-index a3b427b..0c5ad27 100644
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -13,7 +13,18 @@
- #endif
-
- #ifndef __BYTE_ORDER__
--#error __BYTE_ORDER__ not defined. Unable to determine endianness.
-+
-+/* If the compiler doesn't define __BYTE_ORDER__, try to use the C
-+ * library <endian.h> header definitions. */
-+#include <endian.h>
-+#ifndef __BYTE_ORDER
-+#error Neither __BYTE_ORDER__ nor __BYTE_ORDER defined. Unable to determine endianness.
-+#endif
-+
-+#define __ORDER_LITTLE_ENDIAN __LITTLE_ENDIAN
-+#define __ORDER_BIG_ENDIAN __BIG_ENDIAN
-+#define __BYTE_ORDER__ __BYTE_ORDER
-+
- #endif
-
- #ifdef USE_PCRE2
---
-2.7.4
-
diff --git a/package/libselinux/libselinux.hash b/package/libselinux/libselinux.hash
index 76130b2dc0..3c60d5111d 100644
--- a/package/libselinux/libselinux.hash
+++ b/package/libselinux/libselinux.hash
@@ -1,2 +1,2 @@
-# Locally computed
-sha256 4ea2dde50665c202253ba5caac7738370ea0337c47b251ba981c60d24e1a118a libselinux-2.6.tar.gz
+# From: https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 d0fec0769b3ad60aa7baf9b9a4b7a056827769dc2dadda0dc0eb59b3d1c18c57 libselinux-2.7.tar.gz
diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index f23eea4962..8ac8000de5 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -4,8 +4,8 @@
#
################################################################################
-LIBSELINUX_VERSION = 2.6
-LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
+LIBSELINUX_VERSION = 2.7
+LIBSELINUX_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
LIBSELINUX_LICENSE = Public Domain
LIBSELINUX_LICENSE_FILES = LICENSE
--
2.13.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH v8 2/5] libsemanage: bump to 2.7
2017-10-17 16:14 [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7 Adam Duskett
@ 2017-10-17 16:14 ` Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1 Adam Duskett
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Adam Duskett @ 2017-10-17 16:14 UTC (permalink / raw)
To: buildroot
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- None
Changes v2 -> v3:
- None
Changes v3 -> v4:
- None
Changes v4 -> v5:
- None
Changes v5 -> v6:
- None
Changes v6 -> v7:
- None
Changes v7 -> v8:
- None
package/libsemanage/libsemanage.hash | 4 ++--
package/libsemanage/libsemanage.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/libsemanage/libsemanage.hash b/package/libsemanage/libsemanage.hash
index 62f4d833a5..c386571591 100644
--- a/package/libsemanage/libsemanage.hash
+++ b/package/libsemanage/libsemanage.hash
@@ -1,2 +1,2 @@
-# Locally computed
-sha256 4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce libsemanage-2.6.tar.gz
+# From: https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 07e9477714ce6a4557a1fe924ea4cb06501b62d0fa0e3c0dc32a2cf47cb8d476 libsemanage-2.7.tar.gz
diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
index 2964c56f96..829409f527 100644
--- a/package/libsemanage/libsemanage.mk
+++ b/package/libsemanage/libsemanage.mk
@@ -4,8 +4,8 @@
#
################################################################################
-LIBSEMANAGE_VERSION = 2.6
-LIBSEMANAGE_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
+LIBSEMANAGE_VERSION = 2.7
+LIBSEMANAGE_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
LIBSEMANAGE_LICENSE = LGPL-2.1+
LIBSEMANAGE_LICENSE_FILES = COPYING
LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux ustr bzip2
--
2.13.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH v8 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1
2017-10-17 16:14 [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7 Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 2/5] libsemanage: " Adam Duskett
@ 2017-10-17 16:14 ` Adam Duskett
2017-10-17 16:28 ` Matthew Weber
2017-10-17 16:14 ` [Buildroot] [PATCH v8 4/5] checkpolicy: bump to 2.7 Adam Duskett
` (2 subsequent siblings)
4 siblings, 1 reply; 7+ messages in thread
From: Adam Duskett @ 2017-10-17 16:14 UTC (permalink / raw)
To: buildroot
The reason for combining these patches is because the old version of
setools is not compatible iwth libsepol 2.7. If a user where to do a
git pull on a patch that only updates libsepol or setools, the build
would fail to compile.
setools has been completely rewritten in python instead of C.
The current version of setools includes a few programs that require
python-qt5 or python-networkx to run, however the package does not
check to see if these exist when compiling, and will install the scripts
to the target directory even if they don't exist.
In the case of python-networkx, this package is not available on Buildroot.
The scripts that require them are: sedta and seinfoflow.
In the case of python-qt5, qpol is the script that requires it.
Some setools.mk notes to get the package to compile:
- Convert the package .mk to use python-package instead of autotools-package.
- Remove host variant of setools as it is no longer a dependency for
policycoreutils.
- setup.py hard codes base_lib_dirs to point to several host directories.
To fix this, sed is used before compiling to point the base_lib_dirs to
the staging directory.
- setup.py also includes the "Werror" flag, however compilers before gcc6
cause a few autogenerated variables to not be initialized before use,
causing the build to fail.
To fix this, sed is used before compiling to remove the Werror flag.
- Remove sedta and seinfoflow from the target system after install. These
packages rely on the package python-networkx which is not available in
buildroot.
- Remove the installed apol package and the setoolsgui directory from the
target directory if python-qt5 is not selected.
Other changes:
- Removed all patches, as they are not compatible with the new version of
setools.
- Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- None
Changes v2 -> v3:
- Added setools update to this patch due to build failures. (Matthew Weber)
Changes v3 -> v4:
- Change commit message to read:
"Convert the package .mk to use python-package instead of
autotools-package." (Thomas)
- Added comment explaining that setools is no longer a dependency for
policycoreutils. (Thomas)
- Add "depends on BR2_USE_MMU" to setools Config.in (Thomas)
- Add "(requires python-qt5)" to apol line in setools Config.in (Thomas)
- Fix setools comment. (Thomas)
- Add prefix to variables in setools.mk (Thomas)
- Add remove-werror-flag-from-setup.patch patch. (Thomas)
- enclose SETOOLS_REMOVE_QT_SCRIPTS in "ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)"
Changes v4 -> v5:
- Add host variant of setools because the package "refpolicy" depends on it.
(Matthew Weber)
Changes v5 -> v6:
- Add two patches from setools-4.1.1-5.fc28.src.rpm, these are needed to run
the console tools.
- Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch:
- This patch removes the need for networkx for the console tools.
- bswap_-macros-are-defined-in-byteswap.h.patch:
- This patch fixes a ImportError on s390x.
- Add prefix on line 44 of setools.mk to REMOVE_BROKEN_SCRIPTS variable.
- Add python-setuptools as a dependency of setools (pkg_resources)
- Add python-enum34 as a dependency of setools if python2 is selected.
Changes v6 -> v7:
- None
Changes v7 -> v8:
- Removed uneeded 0003-bswap_-macros-are-defined-in-byteswap.h.patch (Thomas)
- Added HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS to setools.mk (Matthew Weber)
package/libsepol/0001-support-static-only.patch | 32 +++--
package/libsepol/0003-revert-ln-relative.patch | 18 ++-
package/libsepol/libsepol.hash | 4 +-
package/libsepol/libsepol.mk | 4 +-
package/setools/0001-cross-compile-fixes.patch | 125 ------------------
.../0001-remove-werror-flag-from-setup.patch | 29 +++++
...rt-use-setools.InfoFlowAnalysis-and-setoo.patch | 142 +++++++++++++++++++++
package/setools/0002-move-python-check.patch | 25 ----
...s-Update-for-2015-02-02-Userspace-release.patch | 90 -------------
package/setools/Config.in | 37 ++----
package/setools/setools.hash | 7 +-
package/setools/setools.mk | 117 ++++++++---------
12 files changed, 278 insertions(+), 352 deletions(-)
delete mode 100644 package/setools/0001-cross-compile-fixes.patch
create mode 100644 package/setools/0001-remove-werror-flag-from-setup.patch
create mode 100644 package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
delete mode 100644 package/setools/0002-move-python-check.patch
delete mode 100644 package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
index 3e6d555e96..185a5641de 100644
--- a/package/libsepol/0001-support-static-only.patch
+++ b/package/libsepol/0001-support-static-only.patch
@@ -1,4 +1,7 @@
-Add support for static-only build
+From 2140db697c7f1da2a0a3f7bbcb14c1a0dade84e5 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:28:12 -0400
+Subject: [PATCH] Add support for static-only build
Instead of unconditionally building shared libraries, this patch
improves the libsepol build system with a "STATIC" variable, which
@@ -7,30 +10,30 @@ libraries. It allows to support cases where the target architecture
does not have support for shared libraries.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-Index: b/src/Makefile
-===================================================================
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ src/Makefile | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/Makefile b/src/Makefile
-index db6c2ba..0006285 100644
+index 819d261..040921d 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
- override CFLAGS += -I$(CILDIR)/include
+@@ -40,7 +40,12 @@ LDFLAGS += -undefined dynamic_lookup
+ LN=gln
endif
+-all: $(LIBA) $(LIBSO) $(LIBPC)
+ALL_TARGETS = $(LIBA) $(LIBPC)
+ifeq ($(STATIC),)
+ALL_TARGETS += $(LIBSO)
+endif
-
--all: $(LIBA) $(LIBSO) $(LIBPC)
++
+all: $(ALL_TARGETS)
-
+
$(LIBA): $(OBJS)
-@@ -66,11 +70,13 @@
+@@ -82,11 +87,13 @@ endif
install: all
test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
install -m 644 $(LIBA) $(LIBDIR)
@@ -41,8 +44,11 @@ index db6c2ba..0006285 100644
+ifeq ($(STATIC),)
+ test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
+ install -m 755 $(LIBSO) $(SHLIBDIR)
- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+endif
relabel:
/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+--
+2.13.6
+
diff --git a/package/libsepol/0003-revert-ln-relative.patch b/package/libsepol/0003-revert-ln-relative.patch
index 0902d8d40e..488a9abea0 100644
--- a/package/libsepol/0003-revert-ln-relative.patch
+++ b/package/libsepol/0003-revert-ln-relative.patch
@@ -1,4 +1,7 @@
-Makefile: revert libsepol: use ln --relative to create .so symlinks
+From 16b2b0e21e10727065042a1baabd1a887757c65c Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:29:36 -0400
+Subject: [PATCH] Makefile: revert libsepol: use ln --relative to create .so symlinks
This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998
@@ -9,16 +12,23 @@ they are maintained (up to 10 years in some cases?).
For the sake of Buildroot, revert the upstream patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+---
+ src/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
-diff -durN a/src/Makefile b/src/Makefile
+diff --git a/src/Makefile b/src/Makefile
+index 040921d..e811c9e 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -77,7 +77,7 @@
+@@ -92,7 +92,7 @@ install: all
ifeq ($(STATIC),)
test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
install -m 755 $(LIBSO) $(SHLIBDIR)
-- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
endif
relabel:
+--
+2.13.6
+
diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
index 6c705067a2..08e2bf97a4 100644
--- a/package/libsepol/libsepol.hash
+++ b/package/libsepol/libsepol.hash
@@ -1,2 +1,2 @@
-# From https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874 libsepol-2.6.tar.gz
+# From: https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7 libsepol-2.7.tar.gz
diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
index 21ca419c74..c54c3bfc42 100644
--- a/package/libsepol/libsepol.mk
+++ b/package/libsepol/libsepol.mk
@@ -4,8 +4,8 @@
#
################################################################################
-LIBSEPOL_VERSION = 2.6
-LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
+LIBSEPOL_VERSION = 2.7
+LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
LIBSEPOL_LICENSE = LGPL-2.1+
LIBSEPOL_LICENSE_FILES = COPYING
diff --git a/package/setools/0001-cross-compile-fixes.patch b/package/setools/0001-cross-compile-fixes.patch
deleted file mode 100644
index 1a4af0ce31..0000000000
--- a/package/setools/0001-cross-compile-fixes.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-Correct build issues to enable cross compiling. These changes require the
-package to be auto reconfigured.
-
-These updates were not upsteamed as the 3.3.x version has stablized and they
-were only taking bug fixes. Also the 4.0 preview has completely reworked
-the build infrastructure which will require this to be revisited.
-
-Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
-
-diff -urN a/configure.ac b/configure.ac
---- a/configure.ac 2013-01-16 10:36:24.000000000 -0600
-+++ b/configure.ac 2013-07-12 08:22:10.380255248 -0500
-@@ -448,8 +448,9 @@
- sepol_srcdir="")
- if test "x${sepol_srcdir}" = "x"; then
- sepol_srcdir=${sepol_devel_libdir}
-- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
-- AC_MSG_ERROR([make sure libsepol-static is installed]))
-+ if test ! -f ${sepol_srcdir}/libsepol.a; then
-+ AC_MSG_ERROR([could not find precompiled libsepol.a])
-+ fi
- else
- AC_MSG_CHECKING([for compatible sepol source tree])
- sepol_version=${sepol_srcdir}/VERSION
-@@ -484,8 +485,9 @@
- AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
- CFLAGS="${sepol_src_save_CFLAGS}"
- CPPFLAGS="${sepol_src_save_CPPFLAGS}"
-- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
-- AC_MSG_ERROR([could not find precompiled libsepol.a]))
-+ if test ! -f ${sepol_srcdir}/libsepol.a; then
-+ AC_MSG_ERROR([could not find precompiled libsepol.a])
-+ fi
- sepol_devel_incdir="${sepol_srcdir}/../include"
- fi
- SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
-@@ -578,12 +580,13 @@
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
-+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
- }])],
- AC_MSG_RESULT([yes]),
- AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
- fi
- sepol_new_expand_boolmap="yes"
-+ sepol_new_user_role_mapping="yes"
- else
- sepol_new_expand_boolmap="no"
- fi
-@@ -607,7 +610,8 @@
- exit(EXIT_FAILURE);
- }])],
- sepol_policy_version_max=`cat conftest.data`,
-- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
-+ AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
-+ sepol_policy_version_max="26")
- AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
- CFLAGS="${sepol_save_CFLAGS}"
- CPPFLAGS="${sepol_save_CPPFLAGS}"
-@@ -631,7 +635,7 @@
- changequote([,])dnl
- selinux_save_CFLAGS="${CFLAGS}"
- CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
-- gcc ${CFLAGS} -o conftest conftest.c >&5
-+ ${CC} ${CFLAGS} -o conftest conftest.c >&5
- selinux_policy_dir=`./conftest`
- AC_MSG_RESULT(${selinux_policy_dir})
- CFLAGS="${selinux_save_CFLAGS}"
-diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
---- a/libqpol/src/policy_define.c 2013-01-16 10:36:24.000000000 -0600
-+++ b/libqpol/src/policy_define.c 2013-07-12 08:22:10.380255248 -0500
-@@ -2135,7 +2135,7 @@
- #ifdef HAVE_SEPOL_ROLE_ATTRS
- if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
- #elif HAVE_SEPOL_USER_ROLE_MAPPING
-- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
-+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
- #else
- if (role_set_expand(&roles, &e_roles, policydbp))
- #endif
-diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
---- a/m4/ac_python_devel.m4 2013-01-16 10:36:22.000000000 -0600
-+++ b/m4/ac_python_devel.m4 2013-07-12 08:22:10.380255248 -0500
-@@ -234,7 +234,7 @@
- AC_MSG_CHECKING([consistency of all components of python development environment])
- AC_LANG_PUSH([C])
- # save current global flags
-- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
-+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- AC_TRY_LINK([
- #include <Python.h>
-diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
---- a/python/setools/Makefile.am 2013-01-16 10:36:22.000000000 -0600
-+++ b/python/setools/Makefile.am 2013-07-12 08:22:19.200251011 -0500
-@@ -22,13 +22,13 @@
- python-build: sesearch.c seinfo.c
- @mkdir -p setools
- @cp __init__.py setools
-- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
-+ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
-
- install-exec-hook:
-- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
-
- uninstall-hook:
-- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
-
- clean-local:
- $(PYTHON) setup.py clean -a
---- a/python/setools/setup.py 2013-01-16 10:36:22.000000000 -0600
-+++ b/python/setools/setup.py 2013-09-04 09:17:48.452916991 -0500
-@@ -8,7 +8,7 @@
- try:
- inc=os.getenv("INCLUDES").split(" ")
- INCLUDES=map(lambda x: x[2:], inc)
-- LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
-+ LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
- except:
- INCLUDES=""
- LIBDIRS=""
diff --git a/package/setools/0001-remove-werror-flag-from-setup.patch b/package/setools/0001-remove-werror-flag-from-setup.patch
new file mode 100644
index 0000000000..b1446e2ec3
--- /dev/null
+++ b/package/setools/0001-remove-werror-flag-from-setup.patch
@@ -0,0 +1,29 @@
+From b2fe84bfd00117d4897f1f2e8f83d3410eb188b8 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Thu, 12 Oct 2017 22:04:58 -0400
+Subject: [PATCH] remove werror flag from setup
+
+Compilers older than gcc6 will generate uninitialized variable warnings which
+will cause compiling to fail.
+
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 2ca44c9..9319bf6 100644
+--- a/setup.py
++++ b/setup.py
+@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
+ 'libqpol/policy_scan.c',
+ 'libqpol/xen_query.c'],
+ include_dirs=include_dirs,
+- extra_compile_args=['-Werror', '-Wextra',
++ extra_compile_args=['-Wextra',
+ '-Waggregate-return',
+ '-Wfloat-equal',
+ '-Wformat', '-Wformat=2',
+--
+2.13.6
+
diff --git a/package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
new file mode 100644
index 0000000000..1ef1cd69bc
--- /dev/null
+++ b/package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
@@ -0,0 +1,142 @@
+From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 23 Feb 2017 08:17:07 +0100
+Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
+ setools.DomainTransitionAnalysis
+
+dta and infoflow modules require networkx which brings lot of dependencies.
+These dependencies are not necessary for setools module itself as it's
+used in policycoreutils.
+
+Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
+setools.dta.DomainTransitionAnalysis and let the package containing
+sedta and seinfoflow to require python3-networkx
+
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ sedta | 3 ++-
+ seinfoflow | 3 ++-
+ setools/__init__.py | 4 ++--
+ setoolsgui/apol/dta.py | 2 +-
+ setoolsgui/apol/infoflow.py | 2 +-
+ tests/dta.py | 3 ++-
+ tests/infoflow.py | 3 ++-
+ 7 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/sedta b/sedta
+index 1c76ebb..255ad49 100755
+--- a/sedta
++++ b/sedta
+@@ -23,6 +23,7 @@ import argparse
+ import logging
+
+ import setools
++import setools.dta
+
+
+ def print_transition(trans):
+@@ -111,7 +112,7 @@ else:
+
+ try:
+ p = setools.SELinuxPolicy(args.policy)
+- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
++ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+
+ if args.shortest_path or args.all_paths:
+ if args.shortest_path:
+diff --git a/seinfoflow b/seinfoflow
+index b287921..d53bdef 100755
+--- a/seinfoflow
++++ b/seinfoflow
+@@ -19,6 +19,7 @@
+
+ from __future__ import print_function
+ import setools
++import setools.infoflow
+ import argparse
+ import sys
+ import logging
+@@ -79,7 +80,7 @@ else:
+ try:
+ p = setools.SELinuxPolicy(args.policy)
+ m = setools.PermissionMap(args.map)
+- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
+
+ if args.shortest_path or args.all_paths:
+ if args.shortest_path:
+diff --git a/setools/__init__.py b/setools/__init__.py
+index a84c846..a53c5a7 100644
+--- a/setools/__init__.py
++++ b/setools/__init__.py
+@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
+ from .devicetreeconquery import DevicetreeconQuery
+
+ # Information Flow Analysis
+-from .infoflow import InfoFlowAnalysis
++# from .infoflow import InfoFlowAnalysis
+ from .permmap import PermissionMap
+
+ # Domain Transition Analysis
+-from .dta import DomainTransitionAnalysis
++# from .dta import DomainTransitionAnalysis
+
+ # Policy difference
+ from .diff import PolicyDifference
+diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
+index 0aaf13f..5b1ea20 100644
+--- a/setoolsgui/apol/dta.py
++++ b/setoolsgui/apol/dta.py
+@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+ QTreeWidgetItem
+-from setools import DomainTransitionAnalysis
++from setools.dta import DomainTransitionAnalysis
+
+ from ..logtosignal import LogHandlerToSignal
+ from .analysistab import AnalysisTab
+diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
+index 1ae16de..fdf8f7b 100644
+--- a/setoolsgui/apol/infoflow.py
++++ b/setoolsgui/apol/infoflow.py
+@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+ QTreeWidgetItem
+-from setools import InfoFlowAnalysis
++from setools.infoflow import InfoFlowAnalysis
+ from setools.exception import UnmappedClass, UnmappedPermission
+
+ from ..logtosignal import LogHandlerToSignal
+diff --git a/tests/dta.py b/tests/dta.py
+index 32b9271..2bdd052 100644
+--- a/tests/dta.py
++++ b/tests/dta.py
+@@ -17,7 +17,8 @@
+ #
+ import unittest
+
+-from setools import SELinuxPolicy, DomainTransitionAnalysis
++from setools import SELinuxPolicy
++from setools.dta import DomainTransitionAnalysis
+ from setools import TERuletype as TERT
+ from setools.policyrep.exception import InvalidType
+ from setools.policyrep.typeattr import Type
+diff --git a/tests/infoflow.py b/tests/infoflow.py
+index 7751dda..a21c683 100644
+--- a/tests/infoflow.py
++++ b/tests/infoflow.py
+@@ -17,7 +17,8 @@
+ #
+ import unittest
+
+-from setools import SELinuxPolicy, InfoFlowAnalysis
++from setools import SELinuxPolicy
++from setools.infoflow import InfoFlowAnalysis
+ from setools import TERuletype as TERT
+ from setools.permmap import PermissionMap
+ from setools.policyrep.exception import InvalidType
+--
+2.9.3
+
diff --git a/package/setools/0002-move-python-check.patch b/package/setools/0002-move-python-check.patch
deleted file mode 100644
index cef2cec996..0000000000
--- a/package/setools/0002-move-python-check.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Correct a build issue that occurs when python is not found
-in the path. This check should only be done if swig-python
-option is selected.
-
-Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
-
---- a/configure.ac 2015-05-15 12:28:07.566060349 -0500
-+++ b/configure.ac 2015-05-28 15:07:25.357072800 -0500
-@@ -217,8 +217,6 @@
- do_swigify=yes
- fi
-
--AM_PATH_PYTHON(2.7)
--
- AC_ARG_ENABLE(swig-python,
- AC_HELP_STRING([--enable-swig-python],
- [build SWIG interfaces for Python]),
-@@ -227,6 +225,7 @@
- if test ${do_swigify} = no; then
- AC_PROG_SWIG(2.0.0)
- fi
-+ AM_PATH_PYTHON(2.7)
- SWIG_PYTHON
- do_swigify_python=yes
- do_swigify=yes
diff --git a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch b/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
deleted file mode 100644
index b0842d961a..0000000000
--- a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-setools: Add patch to support 2.4 toolstack.
-Signed-off-by: Philip Tricca <flihp@twobit.us>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-URL: https://github.com/flihp/meta-selinux/commit/e09eaef7a9acb552a4a5e1f90117154ae06b6fda
-
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
-index fad6b60..231962f 100644
---- a/libqpol/src/policy_define.c
-+++ b/libqpol/src/policy_define.c
-@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
- return -1;
- }
- class_perm_node_init(perm);
-- perm->class = i + 1;
-+ perm->tclass = i + 1;
- perm->data = datum->s.value;
- perm->next = avrule->perms;
- avrule->perms = perm;
-@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
- goto out;
- }
- class_perm_node_init(cur_perms);
-- cur_perms->class = i + 1;
-+ cur_perms->tclass = i + 1;
- if (!perms)
- perms = cur_perms;
- if (tail)
-diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
-index 5325a87..1417271 100644
---- a/libqpol/src/policy_extend.c
-+++ b/libqpol/src/policy_extend.c
-@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- for (class_node = rule->perms; class_node; class_node = class_node->next) {
- key.rule_type = rule->specified;
- key.source_val = key.target_val = i + 1;
-- key.class_val = class_node->class;
-+ key.class_val = class_node->tclass;
- key.cond = cond;
- if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- goto err;
-@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- key.rule_type = rule->specified;
- key.source_val = i + 1;
- key.target_val = j + 1;
-- key.class_val = class_node->class;
-+ key.class_val = class_node->tclass;
- key.cond = cond;
- if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- goto err;
-diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
-index 3e63204..d7578f1 100644
---- a/libqpol/src/syn_rule_query.c
-+++ b/libqpol/src/syn_rule_query.c
-@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
- return NULL;
- }
-
-- return db->class_val_to_struct[srcs->cur->class - 1];
-+ return db->class_val_to_struct[srcs->cur->tclass - 1];
- }
-
- static int syn_rule_class_state_next(qpol_iterator_t * iter)
-@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
- }
-
- for (node = internal_rule->perms; node; node = node->next) {
-- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
-+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
- if (!(node->data & (1 << i)))
- continue;
-- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
-+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
- if (tmp) {
- tmp++; /* remove prepended space */
- for (cur = 0; cur < perm_list_sz; cur++)
-diff --git a/secmds/replcon.cc b/secmds/replcon.cc
-index 34f7c1a..307c39f 100644
---- a/secmds/replcon.cc
-+++ b/secmds/replcon.cc
-@@ -60,7 +60,7 @@ static struct option const longopts[] = {
- {NULL, 0, NULL, 0}
- };
-
--extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
-+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
-
- /**
- * As that setools must work with older libselinux versions that may
diff --git a/package/setools/Config.in b/package/setools/Config.in
index d7b119ffc6..ae0c45fe3f 100644
--- a/package/setools/Config.in
+++ b/package/setools/Config.in
@@ -1,36 +1,27 @@
config BR2_PACKAGE_SETOOLS
bool "setools"
- depends on BR2_TOOLCHAIN_HAS_THREADS
+ depends on !BR2_arc # arc: libselinux not available
depends on !BR2_STATIC_LIBS
- depends on BR2_INSTALL_LIBSTDCPP
+ depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_USE_WCHAR
depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
- # bfin: infamous _ symbol prefix issue
- # nios2: triggers some toolchain issue "No symbol version
- # section for versioned symbol"
- # arc: libselinux not available
- depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
+ depends on BR2_USE_MMU
+ select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
+ select BR2_PACKAGE_PYTHON_ENUM34 if !BR2_PACKAGE_PYTHON3
+ select BR2_PACKAGE_PYTHON_SETUPTOOLS
select BR2_PACKAGE_LIBSELINUX
- select BR2_PACKAGE_SQLITE
- select BR2_PACKAGE_LIBXML2
- select BR2_PACKAGE_BZIP2
help
SETools is an open source project designed to facilitate
SELinux policy analysis. The primary tools are:
- * apol - analyze a SELinux policy.
- * seaudit - analyze audit messages from SELinux.
- * seaudit-report - generate highly-customized audit log
- reports.
- * sechecker - command line tool for performing modular
- checks on an SELinux policy.
+ * apol - analyze a SELinux policy. (requires python-qt5)
* sediff - semantic policy difference tool for SELinux.
- * secmds - command-line tools to analyze and search SELinux
- policy.
+ * sedta - Perform domain transition analyses
+ * sesearch - Search rules (allow, type_transition, etc.)
- https://github.com/TresysTechnology/setools3/wiki
+ https://github.com/TresysTechnology/setools
comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
- depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
- || !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP \
- || !BR2_TOOLCHAIN_USES_GLIBC
- depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
+ depends on BR2_USE_MMU && !BR2_arc
+ depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
+ !BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
+ !BR2_INSTALL_LIBSTDCPP
diff --git a/package/setools/setools.hash b/package/setools/setools.hash
index d422e6607b..8729297064 100644
--- a/package/setools/setools.hash
+++ b/package/setools/setools.hash
@@ -1,4 +1,7 @@
# From https://github.com/TresysTechnology/setools3/wiki/Download
-md5 d68d0d4e4da0f01da0f208782ff04b91 setools-3.3.8.tar.bz2
+md5 d68d0d4e4da0f01da0f208782ff04b91 setools-4.1.1.tar.bz2
# Locally computed
-sha256 44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999 setools-3.3.8.tar.bz2
+sha256 46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610 setools-4.1.1.tar.gz
+sha256 2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
+sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
diff --git a/package/setools/setools.mk b/package/setools/setools.mk
index d2e9f05998..77b57bc531 100644
--- a/package/setools/setools.mk
+++ b/package/setools/setools.mk
@@ -4,81 +4,66 @@
#
################################################################################
-SETOOLS_VERSION = 3.3.8
-SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
-SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)
-SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2 host-bison host-flex
+SETOOLS_VERSION = 4.1.1
+SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
+SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-flex host-swig
SETOOLS_INSTALL_STAGING = YES
SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
+SETOOLS_SETUP_TYPE = setuptools
-# configure.ac is patched by the cross compile patch,
-# so autoreconf is necessary
-SETOOLS_AUTORECONF = YES
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
+else
+SETOOLS_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
+SETOOLS_DEPENDENCIES += python-enum34
+endif
-# Notes: Need "disable-selinux-check" so the configure does not check to see
-# if host has selinux enabled.
-# No python support as only the libraries and commandline tools are
-# installed on target
-SETOOLS_CONF_OPTS = \
- --disable-debug \
- --disable-gui \
- --disable-bwidget-check \
- --disable-selinux-check \
- --disable-swig-java \
- --disable-swig-python \
- --disable-swig-tcl \
- --with-sepol-devel="$(STAGING_DIR)/usr" \
- --with-selinux-devel="$(STAGING_DIR)/usr"
+define SETOOLS_FIX_SETUP
+ # By default, setup.py will look for libsepol.a in the host directory. This
+ # needs to be changed to the staging directory.
+ $(SED) "s at base_lib_dirs =.*@base_lib_dirs = ['$(STAGING_DIR)/usr/lib']@g" \
+ $(@D)/setup.py
+endef
+SETOOLS_POST_PATCH_HOOKS += SETOOLS_FIX_SETUP
-ifeq ($(BR2_sparc64):$(BR2_STATIC_LIBS),y:)
-SETOOLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -fPIC"
-endif
+define HOST_SETOOLS_FIX_SETUP
+ # By default, setup.py will look for libsepol.a in the host directory. This
+ # needs to be changed to the staging directory.
+ $(SED) "s@base_lib_dirs =.*@base_lib_dirs = ['$(HOST_DIR)/usr/lib']@g" \
+ $(@D)/setup.py
+endef
+HOST_SETOOLS_POST_PATCH_HOOKS += HOST_SETOOLS_FIX_SETUP
-HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
- host-libxml2 host-bzip2 host-bison
+# sedta and seinfoflow depends on python-networkx. This package is not
+# available in buildroot.
+define SETOOLS_REMOVE_BROKEN_SCRIPTS
+ $(RM) $(TARGET_DIR)/usr/bin/sedta
+ $(RM) $(TARGET_DIR)/usr/bin/seinfoflow
+endef
+SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_BROKEN_SCRIPTS
-ifeq ($(BR2_PACKAGE_PYTHON3),y)
-HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
-HOST_SETOOLS_DEPENDENCIES += host-python3
-HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
-else
-HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
-HOST_SETOOLS_DEPENDENCIES += host-python
-HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
+# apol requires pyqt5, but is installed by default. Remove these scripts from
+# the target it pyqt5 is not selected.
+ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
+define SETOOLS_REMOVE_QT_SCRIPTS
+ $(RM) $(TARGET_DIR)/usr/bin/apol
+ rmdir --ignore-fail-on-non-empty $(TARGET_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
+endef
+SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
endif
-HOST_SETOOLS_PYTHON_SITE_PACKAGES = $(HOST_DIR)/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages
-HOST_SETOOLS_PYTHON_INCLUDES = $(HOST_DIR)/include/python$(HOST_SETOOLS_PYTHON_VERSION)
-HOST_SETOOLS_PYTHON_LIB = -lpython$(HOST_SETOOLS_PYTHON_VERSION)
-
-# Notes: Need "disable-selinux-check" so the configure does not check to see
-# if host has selinux enabled.
-# Host builds with python support to enable tools for offline target
-# policy analysis
-HOST_SETOOLS_CONF_OPTS = \
- --disable-debug \
- --disable-gui \
- --disable-bwidget-check \
- --disable-selinux-check \
- --disable-swig-java \
- --disable-swig-python \
- --disable-swig-tcl \
- --with-sepol-devel="$(HOST_DIR)" \
- --with-selinux-devel="$(HOST_DIR)" \
- PYTHON_LDFLAGS="-L$(HOST_DIR)/lib/" \
- PYTHON_CPPFLAGS="-I$(HOST_SETOOLS_PYTHON_INCLUDES)" \
- PYTHON_SITE_PKG="$(HOST_SETOOLS_PYTHON_SITE_PACKAGES)" \
- PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil $(HOST_SETOOLS_PYTHON_LIB)"
-HOST_SETOOLS_CONF_ENV += \
- am_cv_pathless_PYTHON=python \
- ac_cv_path_PYTHON=$(HOST_DIR)/bin/python \
- am_cv_python_platform=linux2 \
- am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
- am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
- am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
- am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
+# sedta and seinfoflow depends on python-networkx. This package is not
+# available in buildroot. pyqt5 is not a host-package. Remove these scripts
+# from the host directory as well.
+define HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
+ $(RM) $(HOST_DIR)/usr/bin/sedta
+ $(RM) $(HOST_DIR)/usr/bin/seinfoflow
+ $(RM) $(HOST_DIR)/usr/bin/apol
+ rmdir --ignore-fail-on-non-empty $(HOST_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
+endef
+HOST_SETOOLS_POST_INSTALL_TARGET_HOOKS += HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
-$(eval $(autotools-package))
-$(eval $(host-autotools-package))
+$(eval $(python-package))
+$(eval $(host-python-package))
--
2.13.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH v8 4/5] checkpolicy: bump to 2.7
2017-10-17 16:14 [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7 Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 2/5] libsemanage: " Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1 Adam Duskett
@ 2017-10-17 16:14 ` Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 5/5] policycoreutils: split packages and " Adam Duskett
2017-10-18 18:28 ` [Buildroot] [PATCH v8 1/5] libselinux: " Matthew Weber
4 siblings, 0 replies; 7+ messages in thread
From: Adam Duskett @ 2017-10-17 16:14 UTC (permalink / raw)
To: buildroot
Also remove patch, as it's in this release.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- None
Changes v2 -> v3:
- None
Changes v3 -> v4:
- None
Changes v4 -> v5:
- None
Changes v5 -> v6:
- None
Changes v6 -> v7:
- None
Changes v7 -> v8:
- None
.../0001-checkpolicy-remove-lfl-from-LDLIBS.patch | 58 ----------------------
package/checkpolicy/checkpolicy.hash | 2 +-
package/checkpolicy/checkpolicy.mk | 4 +-
3 files changed, 3 insertions(+), 61 deletions(-)
delete mode 100644 package/checkpolicy/0001-checkpolicy-remove-lfl-from-LDLIBS.patch
diff --git a/package/checkpolicy/0001-checkpolicy-remove-lfl-from-LDLIBS.patch b/package/checkpolicy/0001-checkpolicy-remove-lfl-from-LDLIBS.patch
deleted file mode 100644
index c0b6de8a5a..0000000000
--- a/package/checkpolicy/0001-checkpolicy-remove-lfl-from-LDLIBS.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 4d215a1e8111e14f6074f7abe2559800b6f4838c Mon Sep 17 00:00:00 2001
-From: Adam Duskett <Adamduskett@outlook.com>
-Date: Sat, 20 May 2017 11:01:08 -0400
-Subject: [PATCH] checkpolicy: remove -lfl from LDLIBSlogin
-
-When building checkpolicy/test, the linker reports the following error:
-cc dispol.o -lfl /usr/src/selinux/DESTDIR/usr/lib/libsepol.a
--L/usr/src/selinux/DESTDIR/usr/lib -o dispol
-/usr/lib/gcc/x86_64-pc-linux-gnu/6.2.1/../../../../lib/libfl.so:
-undefined reference to `yylex'
-collect2: error: ld returned 1 exit status
-
-According to flex documentation
-(https://github.com/westes/flex/blob/master/doc/flex.texi), -lfl is used
-to provide an implementation for yywrap(). However every flex file now
-uses "%option noyywrap", which makes -lfl no longer mandatory. Remove
-this option from checkpolicy Makefiles.
-
-
-Backported from:
-https://patchwork.kernel.org/patch/9450549/
-
-Original author: Nicolas Iooss <nicolas.iooss@m4x.org>
-Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
----
- Makefile | 2 +-
- test/Makefile | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 53a3074..875cf00 100644
---- a/Makefile
-+++ b/Makefile
-@@ -20,7 +20,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
- CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
- CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
-
--LDLIBS=$(LIBDIR)/libsepol.a -lfl
-+LDLIBS=$(LIBDIR)/libsepol.a
-
- GENERATED=lex.yy.c y.tab.c y.tab.h
-
-diff --git a/test/Makefile b/test/Makefile
-index c2367e1..e7bd717 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
- CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
- override CFLAGS += -I$(INCLUDEDIR)
-
--LDLIBS=-lfl $(LIBDIR)/libsepol.a -L$(LIBDIR)
-+LDLIBS=$(LIBDIR)/libsepol.a -L$(LIBDIR)
-
- all: dispol dismod
-
---
-2.9.3
-
diff --git a/package/checkpolicy/checkpolicy.hash b/package/checkpolicy/checkpolicy.hash
index 6208d7749c..7397393a76 100644
--- a/package/checkpolicy/checkpolicy.hash
+++ b/package/checkpolicy/checkpolicy.hash
@@ -1,2 +1,2 @@
# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157 checkpolicy-2.6.tar.gz
+sha256 5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201 checkpolicy-2.7.tar.gz
diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
index f0cca593d3..c1fb43da4d 100644
--- a/package/checkpolicy/checkpolicy.mk
+++ b/package/checkpolicy/checkpolicy.mk
@@ -4,8 +4,8 @@
#
################################################################################
-CHECKPOLICY_VERSION = 2.6
-CHECKPOLICY_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
+CHECKPOLICY_VERSION = 2.7
+CHECKPOLICY_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
CHECKPOLICY_LICENSE = GPL-2.0
CHECKPOLICY_LICENSE_FILES = COPYING
--
2.13.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH v8 5/5] policycoreutils: split packages and bump to 2.7
2017-10-17 16:14 [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7 Adam Duskett
` (2 preceding siblings ...)
2017-10-17 16:14 ` [Buildroot] [PATCH v8 4/5] checkpolicy: bump to 2.7 Adam Duskett
@ 2017-10-17 16:14 ` Adam Duskett
2017-10-18 18:28 ` [Buildroot] [PATCH v8 1/5] libselinux: " Matthew Weber
4 siblings, 0 replies; 7+ messages in thread
From: Adam Duskett @ 2017-10-17 16:14 UTC (permalink / raw)
To: buildroot
Policycoreutils was broken up into several packages, as such several
changes needed to happen for this patch to work:
- Remove patches 3, 4, and 5 as they no longer apply.
- Refresh patches 1 and 2 to work with version 2.7
- Remove semodule_${deps,expand,link,package} and sestatus from the makedirs
in the mk file.
- Remove restorecond from the make and config file. (Seperate package)
- Remove Audit2allow from the make and config file. (In a different package)
- Remove the package sepolgen
- Add the package selinux-python
- Add the package restorecond
- Add the package semodule-utils
- Add the relevant Config.in.legacy options into the menu.
Because these are utilities that work on top of python, the older versions of
these utilites still work, and as such this should be a single patch.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
- Combine this patch, sepolgen removal, restorecond, and selinux-python
into a single patch. (Adam)
- Add Config.in.legacy entries for: Audit2allow, sepolgen, and audit2allow
(Arnout)
- Remove excess SOB lines from policycoreutils patches. (Arnout)
- Fixed line length in restorecond Config.in (Arnout)
- Added comment about _FILE_OFFSET_BITS in restorecond.mk (Arnout)
- Fixed capitalization in restorecond.mk comment. (Arnout)
- Added comment in selinux-python help explaining that if no package is
selected, that no package will be built. (Arnout)
- Removed sepolgen from requirements of selinux-python. (Arnout)
- Moved python selection up to BR2_PACKAGE_SELINUX_PYTHON level. (Arnout)
- Added global comment for when selinux-python is not available. (Arnout)
- Added global comment for when audit2allow is not available. (Arnout)
- Cleaned up audit2allow help text (Arnout)
- Removed left over selinux-python host make commands. No packages require
host variants of selinux-python packages anymore.
Changes v2 -> v3:
- Remove host-sepolgen from policycoreutils.mk (Matthew Weber)
- Add COPYING license file to policycoreutils.hash.
Changes v3 -> v4:
- Fix Config.in.legacy logic (Thomas)
restorecond:
- Changed depends on BR2_PACKAGE_DBUS to select. (Thomas)
- Added missing upstream URL. (Thomas)
- Added Config.in comment (Thomas)
- Changed installed restorecond init.d script to S20restorecond (Thomas)
- Removed host generic-package call from .mk file. (Thomas)
selinux-python:
- changed "selinux python" to "selinux-python" (Thomas)
- Removed "packages" comment. (Thomas)
- Removed "python3" comments. (Thomas)
- Changed "SELinux Python" to "selinux-python" (Thomas)
Changes v4 -> v5:
- Fix building the host variant of policycoreutils by removing make
directories that no longer exist in HOST_POLICYCOREUTILS_MAKE_DIRS
and from HOST_POLICYCOREUTILS_INSTALL_CMDS. (Matthew Weber)
Changes v5 -> v6:
- None
Changes v6 -> v7:
- Added package semodule-utils, without these utilities, audit2allow will
fail to run.
- semodule-utils is selected if audit2allow is selected.
Changes v7 -> v8:
- None.
Config.in.legacy | 29 +++
DEVELOPERS | 4 +-
package/Config.in | 4 +-
...IR-to-all-paths-that-use-an-absolute-path.patch | 120 ++-----------
.../0002-Add-PREFIX-to-host-paths.patch | 198 +++------------------
.../0003-Remove-hardcoded-arch-variable.patch | 43 -----
...licy-python-install-arguments-to-be-a-var.patch | 42 -----
.../0005-Check-to-see-if-DBUS-is-enabled.patch | 56 ------
package/policycoreutils/Config.in | 43 -----
package/policycoreutils/policycoreutils.hash | 3 +-
package/policycoreutils/policycoreutils.mk | 42 +----
package/restorecond/Config.in | 19 ++
package/restorecond/restorecond.hash | 2 +
package/restorecond/restorecond.mk | 52 ++++++
package/selinux-python/Config.in | 63 +++++++
package/selinux-python/selinux-python.hash | 2 +
package/selinux-python/selinux-python.mk | 50 ++++++
package/semodule-utils/Config.in | 23 +++
package/semodule-utils/semodule-utils.hash | 2 +
package/semodule-utils/semodule-utils.mk | 27 +++
package/sepolgen/Config.in | 19 --
package/sepolgen/sepolgen.hash | 2 -
package/sepolgen/sepolgen.mk | 49 -----
23 files changed, 325 insertions(+), 569 deletions(-)
delete mode 100644 package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
delete mode 100644 package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
delete mode 100644 package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
create mode 100644 package/restorecond/Config.in
create mode 100644 package/restorecond/restorecond.hash
create mode 100644 package/restorecond/restorecond.mk
create mode 100644 package/selinux-python/Config.in
create mode 100644 package/selinux-python/selinux-python.hash
create mode 100644 package/selinux-python/selinux-python.mk
create mode 100644 package/semodule-utils/Config.in
create mode 100644 package/semodule-utils/semodule-utils.hash
create mode 100644 package/semodule-utils/semodule-utils.mk
delete mode 100644 package/sepolgen/Config.in
delete mode 100644 package/sepolgen/sepolgen.hash
delete mode 100644 package/sepolgen/sepolgen.mk
diff --git a/Config.in.legacy b/Config.in.legacy
index 748876880c..ea69f5a924 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -145,6 +145,35 @@ endif
###############################################################################
comment "Legacy options removed in 2017.11"
+config BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW
+ bool "policycoreutils audit2allow option removed"
+ select BR2_LEGACY
+ select BR2_PACKAGE_SELINUX_PYTHON
+ select BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
+ help
+ The policycoreutils package no longer offers audit2allow
+ as a option. This package has been moved into the
+ selinux-python package by the SELinux maintainers.
+
+config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
+ bool "policycoreutils restorecond option removed"
+ select BR2_LEGACY
+ select BR2_PACKAGE_RESTORECOND
+ help
+ The policycoreutils package no longer offers restorecond
+ as a option. This package has been moved into a seperate
+ package maintained by the SELinux maintainers.
+
+config BR2_PACKAGE_SEPOLGEN
+ bool "sepolgen package has been removed"
+ select BR2_LEGACY
+ select BR2_PACKAGE_SELINUX_PYTHON
+ select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
+ help
+ Sepolgen is no longer a individual package, but instead has
+ been moved into the selinux-python package by the SELinux
+ maintainers.
+
config BR2_PACKAGE_OPENOBEX_BLUEZ
bool "openobex bluez option removed"
select BR2_LEGACY
diff --git a/DEVELOPERS b/DEVELOPERS
index f35d6f3688..f52964bd90 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -41,8 +41,10 @@ F: package/libsepol/
F: package/nginx-naxsi/
F: package/policycoreutils/
F: package/python-mutagen/
+F: package/restorecond/
F: package/refpolicy/
-F: package/sepolgen/
+F: package/selinux-python/
+F: package/semodule-utils/
F: package/setools/
F: package/sngrep/
diff --git a/package/Config.in b/package/Config.in
index aa0f2d7f8e..a3e678939a 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1842,7 +1842,9 @@ menu "Security"
source "package/paxtest/Config.in"
source "package/policycoreutils/Config.in"
source "package/refpolicy/Config.in"
- source "package/sepolgen/Config.in"
+ source "package/restorecond/Config.in"
+ source "package/selinux-python/Config.in"
+ source "package/semodule-utils/Config.in"
source "package/setools/Config.in"
endmenu
diff --git a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
index bbd6895e7f..3c0ddcc54b 100644
--- a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
+++ b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
@@ -1,3 +1,8 @@
+From 85763549c53b2907dab094163f1404b2233f8029 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:51:20 -0400
+Subject: [PATCH] Add DESTDIR to setfiles
+
The addition of this patch makes the use of DESTDIR
mandatory as there are conditional checks which would fail if it's not
defined.
@@ -8,124 +13,23 @@ accomodate version 2.5
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
- policycoreutils/Makefile | 2 +-
- policycoreutils/newrole/Makefile | 4 ++--
- policycoreutils/restorecond/Makefile | 5 +++--
- policycoreutils/run_init/Makefile | 4 ++--
- policycoreutils/sepolicy/Makefile | 2 +-
- policycoreutils/sestatus/Makefile | 2 +-
- policycoreutils/setfiles/Makefile | 4 ++--
- 7 files changed, 12 insertions(+), 11 deletions(-)
+ setfiles/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/Makefile b/Makefile
-index 962ac12..0634a2a 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
-
--INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-+INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
-
- ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
- SUBDIRS += restorecond
-diff --git a/newrole/Makefile b/newrole/Makefile
-index 646cd4d..f124a6a 100644
---- a/newrole/Makefile
-+++ b/newrole/Makefile
-@@ -4,8 +4,8 @@ BINDIR ?= $(PREFIX)/bin
- MANDIR ?= $(PREFIX)/share/man
- ETCDIR ?= $(DESTDIR)/etc
- LOCALEDIR = /usr/share/locale
--PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
--AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-+PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
-+AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
- # Enable capabilities to permit newrole to generate audit records.
- # This will make newrole a setuid root program.
- # The capabilities used are: CAP_AUDIT_WRITE.
-diff --git a/restorecond/Makefile b/restorecond/Makefile
-index f99e1e7..92a4a4d 100644
---- a/restorecond/Makefile
-+++ b/restorecond/Makefile
-@@ -11,11 +11,12 @@ autostart_DATA = sealertauto.desktop
- INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
- SELINUXDIR = $(DESTDIR)/etc/selinux
-
--DBUSFLAGS = -DHAVE_DBUS -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/lib/dbus-1.0/include
-+DBUSFLAGS = -DHAVE_DBUS -I$(DESTDIR)/usr/include/dbus-1.0 -I$(DESTDIR)/usr/lib64/dbus-1.0/include -I$(DESTDIR)/usr/lib/dbus-1.0/include
- DBUSLIB = -ldbus-glib-1 -ldbus-1
-
- CFLAGS ?= -g -Werror -Wall -W
--override CFLAGS += -I$(PREFIX)/include $(DBUSFLAGS) -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib/glib-2.0/include
-+override CFLAGS += -I$(DESTDIR)/usr/include $(DBUSFLAGS) -I$(DESTDIR)/usr/include/glib-2.0 \
-+-I$(DESTDIR)/usr/lib64/glib-2.0/include -I$(DESTDIR)/usr/lib/glib-2.0/include
-
- LDLIBS += -lselinux $(DBUSLIB) -lglib-2.0 -L$(LIBDIR)
-
-diff --git a/run_init/Makefile b/run_init/Makefile
-index 5815a08..c81179b 100644
---- a/run_init/Makefile
-+++ b/run_init/Makefile
-@@ -5,8 +5,8 @@ SBINDIR ?= $(PREFIX)/sbin
- MANDIR ?= $(PREFIX)/share/man
- ETCDIR ?= $(DESTDIR)/etc
- LOCALEDIR ?= /usr/share/locale
--PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
--AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-+PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
-+AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
-
- CFLAGS ?= -Werror -Wall -W
- override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-diff --git a/sepolicy/Makefile b/sepolicy/Makefile
-index 39d46e8..6624373 100644
---- a/sepolicy/Makefile
-+++ b/sepolicy/Makefile
-@@ -12,7 +12,7 @@ LOCALEDIR ?= /usr/share/locale
- BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
- SHAREDIR ?= $(PREFIX)/share/sandbox
- CFLAGS ?= -Wall -Werror -Wextra -W
--override CFLAGS += -I$(PREFIX)/include -DPACKAGE="policycoreutils" -DSHARED -shared
-+override CFLAGS = $(LDFLAGS) -I$(DESTDIR)/usr/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W -DSHARED -shared
-
- BASHCOMPLETIONS=sepolicy-bash-completion.sh
-
-diff --git a/sestatus/Makefile b/sestatus/Makefile
-index c04ff00..e10c32c 100644
---- a/sestatus/Makefile
-+++ b/sestatus/Makefile
-@@ -6,7 +6,7 @@ ETCDIR ?= $(DESTDIR)/etc
- LIBDIR ?= $(PREFIX)/lib
-
- CFLAGS ?= -Werror -Wall -W
--override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
-+override CFLAGS += -I$(DESTDIR)/usr/include -D_FILE_OFFSET_BITS=64
- LDLIBS = -lselinux -L$(LIBDIR)
-
- all: sestatus
diff --git a/setfiles/Makefile b/setfiles/Makefile
-index 98f4f7d..eb26ed0 100644
+index c08e2dd..36c0638 100644
--- a/setfiles/Makefile
+++ b/setfiles/Makefile
-@@ -3,13 +3,13 @@ PREFIX ?= $(DESTDIR)/usr
+@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(DESTDIR)/sbin
MANDIR = $(PREFIX)/share/man
LIBDIR ?= $(PREFIX)/lib
--AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
-+AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+-AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
++AUDITH ?= $(shell test -f $(DESTDIR)/include/libaudit.h && echo y)
- PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }')
ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
- CFLAGS ?= -g -Werror -Wall -W
--override CFLAGS += -I$(PREFIX)/include
-+override CFLAGS += -I$(DESTDIR)/usr/include
- LDLIBS = -lselinux -lsepol -L$(LIBDIR)
-
- ifeq ($(AUDITH), /usr/include/libaudit.h)
--
-2.7.4
+2.13.6
diff --git a/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch b/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
index 56aae74ba0..32d2ae92e6 100644
--- a/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
+++ b/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
@@ -1,6 +1,6 @@
-From 7f99a727cdb8160d49bb0d0554fc88787980c971 Mon Sep 17 00:00:00 2001
-From: Adam Duskett <Aduskett@gmail.com>
-Date: Thu, 14 Jul 2016 13:16:03 -0400
+From a221304344b3f9db7e86d928cf97d77542bcf456 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:47:19 -0400
Subject: [PATCH] Add PREFIX to host paths
Updates the remaining hardcoded host paths used in the build to be
@@ -11,201 +11,59 @@ Updated to work with version 2.5
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
- policycoreutils/Makefile | 4 +++-
- policycoreutils/audit2allow/Makefile | 2 +-
- policycoreutils/load_policy/Makefile | 2 +-
- policycoreutils/mcstrans/src/Makefile | 17 +++++++++--------
- policycoreutils/newrole/Makefile | 8 ++++----
- policycoreutils/run_init/Makefile | 8 ++++----
- policycoreutils/sepolicy/Makefile | 2 +-
- policycoreutils/setfiles/Makefile | 4 ++--
- 8 files changed, 25 insertions(+), 22 deletions(-)
+ load_policy/Makefile | 2 +-
+ newrole/Makefile | 6 +++---
+ run_init/Makefile | 6 +++---
+ 3 files changed, 7 insertions(+), 7 deletions(-)
-diff --git a/Makefile b/Makefile
-index 0634a2a..bd99b1c 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,8 +1,10 @@
-+PREFIX ?= $(DESTDIR)/usr
-+
- SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll
-
- INOTIFYH = $(shell ls $(DESTDIR)/usr/include/sys/inotify.h 2>/dev/null)
-
--ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)
-+ifeq (${INOTIFYH}, $(PREFIX)/include/sys/inotify.h)
- SUBDIRS += restorecond
- endif
-
-diff --git a/audit2allow/Makefile b/audit2allow/Makefile
-index 87d2502..d4108fe 100644
---- a/audit2allow/Makefile
-+++ b/audit2allow/Makefile
-@@ -5,7 +5,7 @@ PREFIX ?= $(DESTDIR)/usr
- BINDIR ?= $(PREFIX)/bin
- LIBDIR ?= $(PREFIX)/lib
- MANDIR ?= $(PREFIX)/share/man
--LOCALEDIR ?= /usr/share/locale
-+LOCALEDIR ?= $(PREFIX)/share/locale
-
- all: audit2why
-
diff --git a/load_policy/Makefile b/load_policy/Makefile
-index 7c5bab0..5cd0bbb 100644
+index b85833c..6a45f31 100644
--- a/load_policy/Makefile
+++ b/load_policy/Makefile
-@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
+@@ -2,7 +2,7 @@
+ PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(DESTDIR)/sbin
- USRSBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(PREFIX)/share/locale
CFLAGS ?= -Werror -Wall -W
- override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
-index 907a1f1..6fda57e 100644
---- a/mcstrans/src/Makefile
-+++ b/mcstrans/src/Makefile
-@@ -1,23 +1,24 @@
- ARCH = $(shell uname -i)
-+# Installation directories.
-+PREFIX ?= $(DESTDIR)/usr
-+SBINDIR ?= $(DESTDIR)/sbin
-+INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-+SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
-+
- ifeq "$(ARCH)" "x86_64"
- # In case of 64 bit system, use these lines
-- LIBDIR=/usr/lib64
-+ LIBDIR=$(PREFIX)/lib64
- else
- ifeq "$(ARCH)" "i686"
- # In case of 32 bit system, use these lines
-- LIBDIR=/usr/lib
-+ LIBDIR=$(PREFIX)/lib
- else
- ifeq "$(ARCH)" "i386"
- # In case of 32 bit system, use these lines
-- LIBDIR=/usr/lib
-+ LIBDIR=$(PREFIX)/lib
- endif
- endif
- endif
--# Installation directories.
--PREFIX ?= $(DESTDIR)/usr
--SBINDIR ?= $(DESTDIR)/sbin
--INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
--SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
-
- PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
- PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
+ override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
diff --git a/newrole/Makefile b/newrole/Makefile
-index f124a6a..b687a09 100644
+index 196af92..896708f 100644
--- a/newrole/Makefile
+++ b/newrole/Makefile
-@@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
+@@ -3,9 +3,9 @@ PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
-+LOCALEDIR = $(PREFIX)/share/locale
- PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
- AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
+-PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
+-AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
++LOCALEDIR = $(PREFIX)/share/locale
++PAMH ?= $(shell test -f $(PREFIX)/include/security/pam_appl.h && echo y)
++AUDITH ?= $(shell test -f $(PREFIX)/include/libaudit.h && echo y)
# Enable capabilities to permit newrole to generate audit records.
-@@ -24,7 +24,7 @@ CFLAGS ?= -Werror -Wall -W
- EXTRA_OBJS =
- override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
- LDLIBS += -lselinux -L$(PREFIX)/lib
--ifeq ($(PAMH), /usr/include/security/pam_appl.h)
-+ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
- override CFLAGS += -DUSE_PAM
- EXTRA_OBJS += hashtab.o
- LDLIBS += -lpam -lpam_misc
-@@ -32,7 +32,7 @@ else
- override CFLAGS += -D_XOPEN_SOURCE=500
- LDLIBS += -lcrypt
- endif
--ifeq ($(AUDITH), /usr/include/libaudit.h)
-+ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
- override CFLAGS += -DUSE_AUDIT
- LDLIBS += -laudit
- endif
-@@ -66,7 +66,7 @@ install: all
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
--ifeq ($(PAMH), /usr/include/security/pam_appl.h)
-+ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
- ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ # This will make newrole a setuid root program.
+ # The capabilities used are: CAP_AUDIT_WRITE.
diff --git a/run_init/Makefile b/run_init/Makefile
-index c81179b..ce0df9f 100644
+index 921f0b0..e1566fc 100644
--- a/run_init/Makefile
+++ b/run_init/Makefile
-@@ -4,21 +4,21 @@ PREFIX ?= $(DESTDIR)/usr
+@@ -4,9 +4,9 @@ PREFIX ?= $(DESTDIR)/usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+-PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
+-AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
+LOCALEDIR ?= $(PREFIX)/share/locale
- PAMH = $(shell ls $(DESTDIR)/usr/include/security/pam_appl.h 2>/dev/null)
- AUDITH = $(shell ls $(DESTDIR)/usr/include/libaudit.h 2>/dev/null)
++PAMH ?= $(shell test -f $(PREFIX)/include/security/pam_appl.h && echo y)
++AUDITH ?= $(shell test -f $(PREFIX)/include/libaudit.h && echo y)
CFLAGS ?= -Werror -Wall -W
- override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
- LDLIBS += -lselinux -L$(PREFIX)/lib
--ifeq ($(PAMH), /usr/include/security/pam_appl.h)
-+ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
- override CFLAGS += -DUSE_PAM
- LDLIBS += -lpam -lpam_misc
- else
- override CFLAGS += -D_XOPEN_SOURCE=500
- LDLIBS += -lcrypt
- endif
--ifeq ($(AUDITH), /usr/include/libaudit.h)
-+ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
- override CFLAGS += -DUSE_AUDIT
- LDLIBS += -laudit
- endif
-@@ -38,7 +38,7 @@ install: all
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
--ifeq ($(PAMH), /usr/include/security/pam_appl.h)
-+ifeq ($(PAMH), $(PREFIX)/include/security/pam_appl.h)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
- endif
-
-diff --git a/sepolicy/Makefile b/sepolicy/Makefile
-index 6624373..a16f8de 100644
---- a/sepolicy/Makefile
-+++ b/sepolicy/Makefile
-@@ -8,7 +8,7 @@ BINDIR ?= $(PREFIX)/bin
- SBINDIR ?= $(PREFIX)/sbin
- DATADIR ?= $(PREFIX)/share
- MANDIR ?= $(PREFIX)/share/man
--LOCALEDIR ?= /usr/share/locale
-+LOCALEDIR ?= $(PREFIX)/share/locale
- BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
- SHAREDIR ?= $(PREFIX)/share/sandbox
- CFLAGS ?= -Wall -Werror -Wextra -W
-diff --git a/setfiles/Makefile b/setfiles/Makefile
-index eb26ed0..3c6b80d 100644
---- a/setfiles/Makefile
-+++ b/setfiles/Makefile
-@@ -12,7 +12,7 @@ CFLAGS ?= -g -Werror -Wall -W
- override CFLAGS += -I$(DESTDIR)/usr/include
- LDLIBS = -lselinux -lsepol -L$(LIBDIR)
-
--ifeq ($(AUDITH), /usr/include/libaudit.h)
-+ifeq ($(AUDITH), $(PREFIX)/include/libaudit.h)
- override CFLAGS += -DUSE_AUDIT
- LDLIBS += -laudit
- endif
+ override CFLAGS += -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
--
-2.7.4
+2.13.6
diff --git a/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch b/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
deleted file mode 100644
index 375fb577f7..0000000000
--- a/package/policycoreutils/0003-Remove-hardcoded-arch-variable.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7424f2bea0cb412e96202f596ad8077131589f40 Mon Sep 17 00:00:00 2001
-From: Adam Duskett <Aduskett@gmail.com>
-Date: Thu, 14 Jul 2016 13:18:24 -0400
-Subject: [PATCH] Remove hardcoded arch variable.
-
-Allow the ARCH value to be passed in as original configuration was
-solely based on host architecture.
-
-This patch was updated to work with version 2.5
-
-Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
-Signed-off-by: Niranjan Reddy <niranjan.reddy@rockwellcollins.com>
-Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
----
- policycoreutils/mcstrans/src/Makefile | 1 -
- policycoreutils/mcstrans/utils/Makefile | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
-index 6fda57e..7b4489f 100644
---- a/mcstrans/src/Makefile
-+++ b/mcstrans/src/Makefile
-@@ -1,4 +1,3 @@
--ARCH = $(shell uname -i)
- # Installation directories.
- PREFIX ?= $(DESTDIR)/usr
- SBINDIR ?= $(DESTDIR)/sbin
-diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
-index 1ffb027..912fe12 100644
---- a/mcstrans/utils/Makefile
-+++ b/mcstrans/utils/Makefile
-@@ -2,7 +2,6 @@
- PREFIX ?= $(DESTDIR)/usr
- BINDIR ?= $(PREFIX)/sbin
-
--ARCH = $(shell uname -i)
- ifeq "$(ARCH)" "x86_64"
- # In case of 64 bit system, use these lines
- LIBDIR=/usr/lib64
---
-2.7.4
-
diff --git a/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch b/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
deleted file mode 100644
index 636b722b70..0000000000
--- a/package/policycoreutils/0004-Change-sepolicy-python-install-arguments-to-be-a-var.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 27fd1c85ca95b5d66ab0241a08242a75b60b375c Mon Sep 17 00:00:00 2001
-From: Adam Duskett <Aduskett@gmail.com>
-Date: Thu, 14 Jul 2016 13:22:57 -0400
-Subject: [PATCH] Change sepolicy python install arguments to be a variable
-
-To allow the python install arguments to be overwritten, change the
-arguments to be a variable. This also cleans up the DESTDIR detection a
-little bit.
-
-Updated to work with version 2.5
-
-Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
-Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
----
- policycoreutils/sepolicy/Makefile | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/sepolicy/Makefile b/sepolicy/Makefile
-index a16f8de..2013301 100644
---- a/sepolicy/Makefile
-+++ b/sepolicy/Makefile
-@@ -1,4 +1,7 @@
- PYTHON ?= python
-+ifneq ($(DESTDIR),)
-+PYTHON_INSTALL_ARGS ?= --root $(DESTDIR)
-+endif
-
- # Installation directories.
- PREFIX ?= $(DESTDIR)/usr
-@@ -32,7 +35,7 @@ test:
- @$(PYTHON) test_sepolicy.py -v
-
- install:
-- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py install $(PYTHON_INSTALL_ARGS)
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
---
-2.7.4
-
diff --git a/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch b/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
deleted file mode 100644
index 37ffac8de8..0000000000
--- a/package/policycoreutils/0005-Check-to-see-if-DBUS-is-enabled.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From d1bc28c5b2efe60a0ee04d9c171928d0f3475654 Mon Sep 17 00:00:00 2001
-From: Adam Duskett <Aduskett@gmail.com>
-Date: Thu, 14 Jul 2016 13:26:23 -0400
-Subject: [PATCH] Check to see if DBUS is enabled.
-
-Adds a condition to prevent linking against dbus when at build time
-dbus has not been enabled.
-
-Updated for 2.5.
-
-Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
-Signed-off-by: Adam Duskett <AdamDuskett@outlook.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
----
- policycoreutils/restorecond/Makefile | 2 ++
- policycoreutils/restorecond/user.c | 2 +-
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/restorecond/Makefile b/restorecond/Makefile
-index 92a4a4d..95f38a6 100644
---- a/restorecond/Makefile
-+++ b/restorecond/Makefile
-@@ -11,8 +11,10 @@ autostart_DATA = sealertauto.desktop
- INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
- SELINUXDIR = $(DESTDIR)/etc/selinux
-
-+ifdef ENABLE_DBUS
- DBUSFLAGS = -DHAVE_DBUS -I$(DESTDIR)/usr/include/dbus-1.0 -I$(DESTDIR)/usr/lib64/dbus-1.0/include -I$(DESTDIR)/usr/lib/dbus-1.0/include
- DBUSLIB = -ldbus-glib-1 -ldbus-1
-+endif
-
- CFLAGS ?= -g -Werror -Wall -W
- override CFLAGS += -I$(DESTDIR)/usr/include $(DBUSFLAGS) -I$(DESTDIR)/usr/include/glib-2.0 \
-diff --git a/restorecond/user.c b/restorecond/user.c
-index 714aae7..a04cddb 100644
---- a/restorecond/user.c
-+++ b/restorecond/user.c
-@@ -54,7 +54,6 @@ static const char *PATH="/org/selinux/Restorecond";
- static const char *INTERFACE="org.selinux.RestorecondIface";
- static const char *RULE="type='signal',interface='org.selinux.RestorecondIface'";
-
--static int local_lock_fd = -1;
-
- static DBusHandlerResult
- signal_filter (DBusConnection *connection __attribute__ ((__unused__)), DBusMessage *message, void *user_data)
-@@ -101,6 +100,7 @@ static int dbus_server(GMainLoop *loop) {
- #include <selinux/selinux.h>
- #include <sys/file.h>
-
-+static int local_lock_fd = -1;
- /* size of the event structure, not counting name */
- #define EVENT_SIZE (sizeof (struct inotify_event))
- /* reasonable guess as to size of 1024 events */
---
-2.7.4
-
diff --git a/package/policycoreutils/Config.in b/package/policycoreutils/Config.in
index 6b58d6ea33..0d69fb51a5 100644
--- a/package/policycoreutils/Config.in
+++ b/package/policycoreutils/Config.in
@@ -28,54 +28,11 @@ config BR2_PACKAGE_POLICYCOREUTILS
The base package will install the following utilities:
load_policy
newrole
- restorecond
run_init
secon
semodule
- semodule_deps
- semodule_expand
- semodule_link
- semodule_package
- sepolgen-ifgen
sestatus
setfiles
setsebool
http://selinuxproject.org/page/Main_Page
-
-if BR2_PACKAGE_POLICYCOREUTILS
-
-config BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW
- bool "audit2allow"
- depends on BR2_USE_WCHAR # python3, sepolgen
- depends on BR2_USE_MMU # python3, sepolgen
- depends on BR2_TOOLCHAIN_HAS_THREADS # python3, sepolgen, checkpolicy
- depends on !BR2_STATIC_LIBS # python3, sepolgen
- depends on BR2_TOOLCHAIN_USES_GLIBC # checkpolicy
- depends on !BR2_arc # checkpolicy
- select BR2_PACKAGE_SEPOLGEN
- select BR2_PACKAGE_CHECKPOLICY
- select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
- help
- Enable audit2allow to be built
-
-comment "audit2allow needs a glibc toolchain w/ wchar, threads, dynamic library"
- depends on BR2_USE_MMU
- depends on !BR2_arc
- depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
- BR2_STATIC_LIBS
-
-config BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND
- bool "restorecond"
- depends on BR2_USE_WCHAR # glib2
- depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
- depends on BR2_USE_MMU # glib2
- select BR2_PACKAGE_LIBGLIB2
- help
- Enable restorecond to be built
-
-comment "restorecond needs a toolchain w/ wchar, threads"
- depends on BR2_USE_MMU
- depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
-
-endif
diff --git a/package/policycoreutils/policycoreutils.hash b/package/policycoreutils/policycoreutils.hash
index 999a7788d2..241905ca22 100644
--- a/package/policycoreutils/policycoreutils.hash
+++ b/package/policycoreutils/policycoreutils.hash
@@ -1,2 +1,3 @@
# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 68891b376f5048edc53c6ccb2fca44da3dc7f4563f4b6894e201d70c04a05a29 policycoreutils-2.6.tar.gz
+sha256 0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4 policycoreutils-2.7.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index 6fec4afb25..21c5470cec 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -4,8 +4,8 @@
#
################################################################################
-POLICYCOREUTILS_VERSION = 2.6
-POLICYCOREUTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
+POLICYCOREUTILS_VERSION = 2.7
+POLICYCOREUTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
POLICYCOREUTILS_LICENSE = GPL-2.0
POLICYCOREUTILS_LICENSE_FILES = COPYING
@@ -41,28 +41,8 @@ POLICYCOREUTILS_MAKE_OPTS += \
POLICYCOREUTILS_MAKE_DIRS = \
load_policy newrole run_init \
- secon semodule semodule_deps \
- semodule_expand semodule_link \
- semodule_package sepolgen-ifgen \
- sestatus setfiles setsebool
-
-ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_RESTORECOND),y)
-POLICYCOREUTILS_MAKE_DIRS += restorecond
-POLICYCOREUTILS_DEPENDENCIES += libglib2
-endif
-
-ifeq ($(BR2_PACKAGE_POLICYCOREUTILS_AUDIT2ALLOW),y)
-ifeq ($(BR2_PACKAGE_PYTHON3),y)
-POLICYCOREUTILS_DEPENDENCIES += python3
-POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
-else
-POLICYCOREUTILS_DEPENDENCIES += python
-POLICYCOREUTILS_MAKE_OPTS += PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
-endif
-
-POLICYCOREUTILS_DEPENDENCIES += sepolgen checkpolicy
-POLICYCOREUTILS_MAKE_DIRS += audit2allow
-endif
+ secon semodule sestatus setfiles \
+ setsebool
# We need to pass DESTDIR at build time because it's used by
# policycoreutils build system to find headers and libraries.
@@ -81,8 +61,7 @@ define POLICYCOREUTILS_INSTALL_TARGET_CMDS
endef
HOST_POLICYCOREUTILS_DEPENDENCIES = \
- host-libsemanage host-dbus-glib \
- host-sepolgen host-setools
+ host-libsemanage host-dbus-glib host-setools
# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
# large file support.
@@ -112,10 +91,9 @@ endif
# Note: We are only building the programs required by the refpolicy build
HOST_POLICYCOREUTILS_MAKE_DIRS = \
- load_policy semodule semodule_deps \
- semodule_expand semodule_link \
- semodule_package setfiles restorecond \
- audit2allow scripts semanage sepolicy
+ load_policy newrole run_init \
+ secon semodule sestatus setfiles \
+ setsebool
define HOST_POLICYCOREUTILS_BUILD_CMDS
$(foreach d,$(HOST_POLICYCOREUTILS_MAKE_DIRS),
@@ -127,10 +105,6 @@ define HOST_POLICYCOREUTILS_INSTALL_CMDS
$(foreach d,$(HOST_POLICYCOREUTILS_MAKE_DIRS),
$(MAKE) -C $(@D)/$(d) $(HOST_POLICYCOREUTILS_MAKE_OPTS) install
)
- # Fix python paths
- $(SED) 's%/usr/bin/%$(HOST_DIR)/bin/%g' $(HOST_DIR)/bin/audit2allow
- $(SED) 's%/usr/bin/%$(HOST_DIR)/bin/%g' $(HOST_DIR)/bin/sepolgen-ifgen
- $(SED) 's%/usr/bin/%$(HOST_DIR)/bin/%g' $(HOST_DIR)/bin/sepolicy
endef
$(eval $(generic-package))
diff --git a/package/restorecond/Config.in b/package/restorecond/Config.in
new file mode 100644
index 0000000000..46fcec1dc2
--- /dev/null
+++ b/package/restorecond/Config.in
@@ -0,0 +1,19 @@
+config BR2_PACKAGE_RESTORECOND
+ bool "restorecond"
+ depends on BR2_USE_WCHAR # glib2
+ depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
+ depends on BR2_USE_MMU # glib2
+ depends on BR2_TOOLCHAIN_USES_GLIBC #libselinux
+ select BR2_PACKAGE_DBUS
+ select BR2_PACKAGE_DBUS_GLIB
+ select BR2_PACKAGE_LIBSELINUX
+ select BR2_PACKAGE_LIBGLIB2
+ help
+ restorecond is a daemon that watches for file creation and
+ then sets the default SELinux file context for that file.
+
+ https://github.com/SELinuxProject/selinux/wiki/Releases
+
+comment "restorecond needs a toolchain w/ glibc, wchar, threads, dynamic library"
+ depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_MMU || \
+ !BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/restorecond/restorecond.hash b/package/restorecond/restorecond.hash
new file mode 100644
index 0000000000..f52bbd2161
--- /dev/null
+++ b/package/restorecond/restorecond.hash
@@ -0,0 +1,2 @@
+# https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 cb8e0a8d706cb2c1f105125f3514dffffefcbcfb49199183a7f91ab0bdf1f24d restorecond-2.7.tar.gz
diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk
new file mode 100644
index 0000000000..31a7110ac6
--- /dev/null
+++ b/package/restorecond/restorecond.mk
@@ -0,0 +1,52 @@
+################################################################################
+#
+# restorecond
+#
+################################################################################
+
+RESTORECOND_VERSION = 2.7
+RESTORECOND_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
+RESTORECOND_LICENSE = GPL-2.0
+RESTORECOND_LICENSE_FILES = COPYING
+
+RESTORECOND_DEPENDENCIES = libglib2 libselinux dbus-glib
+
+# Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
+# large file support.
+# See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
+RESTORECOND_MAKE_OPTS += \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS) -U_FILE_OFFSET_BITS" \
+ CPPFLAGS="$(TARGET_CPPFLAGS) -U_FILE_OFFSET_BITS" \
+ ARCH="$(BR2_ARCH)"
+
+# We need to pass DESTDIR at build time because it's used by
+# restorecond build system to find headers and libraries.
+define RESTORECOND_BUILD_CMDS
+ $(MAKE) -C $(@D) $(RESTORECOND_MAKE_OPTS) DESTDIR=$(STAGING_DIR) all
+endef
+
+define RESTORECOND_INSTALL_INIT_SYSV
+ $(INSTALL) -m 0755 -D $(@D)/restorecond.init \
+ $(TARGET_DIR)/etc/init.d/S20restorecond
+endef
+
+define RESTORECOND_INSTALL_INIT_SYSTEMD
+ $(INSTALL) -m 0644 -D $(@D)/restorecond.service \
+ $(TARGET_DIR)/usr/lib/systemd/system/restorecond.service
+
+ mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
+ ln -fs ../../../../usr/lib/systemd/system/restorecond.service \
+ $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/restorecond.service
+
+ $(INSTALL) -m 0600 -D $(@D)/org.selinux.Restorecond.service \
+ $(TARGET_DIR)/etc/systemd/system/org.selinux.Restorecond.service
+endef
+
+define RESTORECOND_INSTALL_TARGET_CMDS
+ $(INSTALL) -m 0644 -D $(@D)/restorecond.conf $(TARGET_DIR)/etc/selinux/restorecond.conf
+ $(INSTALL) -m 0644 -D $(@D)/restorecond_user.conf $(TARGET_DIR)/etc/selinux/restorecond_user.conf
+ $(INSTALL) -m 0755 -D $(@D)/restorecond $(TARGET_DIR)/usr/sbin/restorecond
+endef
+
+$(eval $(generic-package))
diff --git a/package/selinux-python/Config.in b/package/selinux-python/Config.in
new file mode 100644
index 0000000000..44fdc1e4e6
--- /dev/null
+++ b/package/selinux-python/Config.in
@@ -0,0 +1,63 @@
+menuconfig BR2_PACKAGE_SELINUX_PYTHON
+ bool "selinux-python"
+ select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
+ depends on BR2_USE_MMU
+ depends on BR2_USE_WCHAR
+ depends on BR2_TOOLCHAIN_HAS_THREADS
+ depends on !BR2_STATIC_LIBS
+ help
+ A set of SELinux tools written in python that help with
+ managing a system with SELinux enabled. If no packages are
+ selected nothing will actually be built.
+ https://github.com/SELinuxProject/selinux/wiki
+
+if BR2_PACKAGE_SELINUX_PYTHON
+
+config BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW
+ bool "audit2allow"
+ depends on BR2_USE_WCHAR # sepolgen
+ depends on BR2_USE_MMU # sepolgen
+ depends on BR2_TOOLCHAIN_HAS_THREADS # sepolgen, checkpolicy
+ depends on !BR2_STATIC_LIBS # sepolgen
+ depends on BR2_TOOLCHAIN_USES_GLIBC # checkpolicy
+ depends on !BR2_arc # checkpolicy
+ select BR2_PACKAGE_CHECKPOLICY
+ select BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
+ select BR2_PACKAGE_SEMODULE_UTILS
+ help
+ This module installs two programs:
+
+ audit2allow - Generate SELinux policy allow/dontaudit rules
+ from logs of denied operations.
+
+ audit2why - translates SELinux audit messages into a
+ description of why the access was denied (audit2allow -w)
+
+comment "audit2allow needs a glibc toolchain w/ wchar, threads, dynamic library"
+ depends on BR2_USE_MMU
+ depends on !BR2_arc
+ depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+ BR2_STATIC_LIBS
+
+config BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN
+ bool "sepolgen"
+ depends on BR2_USE_WCHAR
+ depends on BR2_USE_MMU
+ depends on BR2_TOOLCHAIN_HAS_THREADS
+ depends on !BR2_STATIC_LIBS
+ select BR2_PACKAGE_SEMODULE_UTILS
+ help
+ This package contains a Python module that allows you to
+ generate an initial SELinux policy module template.
+
+comment "sepolgen needs a toolchain w/ wchar, threads, dynamic library"
+ depends on BR2_USE_MMU
+ depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+ BR2_STATIC_LIBS
+
+endif
+
+comment "selinux-python packages needs a toolchain w/ wchar, threads, dynamic library"
+ depends on BR2_USE_MMU
+ depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+ BR2_STATIC_LIBS
diff --git a/package/selinux-python/selinux-python.hash b/package/selinux-python/selinux-python.hash
new file mode 100644
index 0000000000..42fe575e7b
--- /dev/null
+++ b/package/selinux-python/selinux-python.hash
@@ -0,0 +1,2 @@
+# https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 4217cb965ecda96c91e15ffcc2e7ddd13ecc2bf5631100f3cd072a7616f140ed selinux-python-2.7.tar.gz
diff --git a/package/selinux-python/selinux-python.mk b/package/selinux-python/selinux-python.mk
new file mode 100644
index 0000000000..9a4622da44
--- /dev/null
+++ b/package/selinux-python/selinux-python.mk
@@ -0,0 +1,50 @@
+################################################################################
+#
+# selinux-python
+#
+################################################################################
+
+SELINUX_PYTHON_VERSION = 2.7
+SELINUX_PYTHON_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
+SELINUX_PYTHON_LICENSE = GPL-2.0
+SELINUX_PYTHON_LICENSE_FILES = COPYING
+
+SELINUX_PYTHON_MAKE_OPTS += \
+ $(TARGET_CONFIGURE_OPTS) \
+ ARCH="$(BR2_ARCH)" \
+ LIBDIR="$(STAGING_DIR)/usr/lib"
+
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+SELINUX_PYTHON_DEPENDENCIES += python3
+SELINUX_PYTHON_MAKE_OPTS += \
+ PYTHONLIBDIR="usr/lib/python$(PYTHON3_VERSION_MAJOR)"
+else
+SELINUX_PYTHON_DEPENDENCIES += python
+SELINUX_PYTHON_MAKE_OPTS += \
+ PYTHONLIBDIR="usr/lib/python$(PYTHON_VERSION_MAJOR)"
+endif
+
+ifeq ($(BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW),y)
+SELINUX_PYTHON_DEPENDENCIES += checkpolicy
+SELINUX_PYTHON_MAKE_DIRS += audit2allow
+endif
+
+ifeq ($(BR2_PACKAGE_SELINUX_PYTHON_SEPOLGEN),y)
+SELINUX_PYTHON_MAKE_DIRS += sepolgen/src/sepolgen
+endif
+
+define SELINUX_PYTHON_BUILD_CMDS
+ $(foreach d,$(SELINUX_PYTHON_MAKE_DIRS),
+ $(MAKE) -C $(@D)/$(d) $(SELINUX_PYTHON_MAKE_OPTS) \
+ DESTDIR=$(STAGING_DIR) all
+ )
+endef
+
+define SELINUX_PYTHON_INSTALL_TARGET_CMDS
+ $(foreach d,$(SELINUX_PYTHON_MAKE_DIRS),
+ $(MAKE) -C $(@D)/$(d) $(SELINUX_PYTHON_MAKE_OPTS) \
+ DESTDIR=$(TARGET_DIR) install
+ )
+endef
+
+$(eval $(generic-package))
diff --git a/package/semodule-utils/Config.in b/package/semodule-utils/Config.in
new file mode 100644
index 0000000000..6dc59ba501
--- /dev/null
+++ b/package/semodule-utils/Config.in
@@ -0,0 +1,23 @@
+config BR2_PACKAGE_SEMODULE_UTILS
+ bool "semodule-utils"
+ depends on BR2_USE_WCHAR # glib2
+ depends on BR2_TOOLCHAIN_HAS_THREADS # glib2
+ depends on BR2_USE_MMU # glib2
+ depends on BR2_TOOLCHAIN_USES_GLIBC #libselinux
+ select BR2_PACKAGE_LIBSEPOL
+ select BR2_PACKAGE_LIBGLIB2
+ help
+ semodule-utils is a package that contains tools for handling
+ selinux modules.
+
+ The package will install the following utilities:
+ * semodule_deps - Show the dependencies between SELinux policy packages.
+ * semodule_expand - Expand a SELinux policy module package.
+ * semodule_link - Link SELinux policy module packages together
+ * semodule_package - Create a SELinux policy module package.
+
+ https://github.com/SELinuxProject/selinux/wiki/Releases
+
+comment "semodule-utils needs a toolchain w/ glibc, wchar, threads, dynamic library"
+ depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_MMU || \
+ !BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC
diff --git a/package/semodule-utils/semodule-utils.hash b/package/semodule-utils/semodule-utils.hash
new file mode 100644
index 0000000000..18c8217ca6
--- /dev/null
+++ b/package/semodule-utils/semodule-utils.hash
@@ -0,0 +1,2 @@
+# https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 90c98b3362a43b4da2a51a9176820a56f3e615225e23e3395bc566c4490786ba semodule-utils-2.7.tar.gz
diff --git a/package/semodule-utils/semodule-utils.mk b/package/semodule-utils/semodule-utils.mk
new file mode 100644
index 0000000000..2c8923f82e
--- /dev/null
+++ b/package/semodule-utils/semodule-utils.mk
@@ -0,0 +1,27 @@
+################################################################################
+#
+# semodule-utils
+#
+################################################################################
+
+SEMODULE_UTILS_VERSION = 2.7
+SEMODULE_UTILS_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
+SEMODULE_UTILS_LICENSE = GPL-2.0
+SEMODULE_UTILS_LICENSE_FILES = COPYING
+SEMODULE_UTILS_DEPENDENCIES = libselinux
+
+SEMODULE_UTILS_MAKE_OPTS += \
+ $(TARGET_CONFIGURE_OPTS) \
+ LIBSEPOLA=$(STAGING_DIR)/usr/lib/libsepol.a
+
+# We need to pass DESTDIR at build time because it's used by
+# semodule-utils build system to find headers and libraries.
+define SEMODULE_UTILS_BUILD_CMDS
+ $(MAKE) -C $(@D) $(SEMODULE_UTILS_MAKE_OPTS) DESTDIR=$(STAGING_DIR) all
+endef
+
+define SEMODULE_UTILS_INSTALL_TARGET_CMDS
+ $(MAKE) -C $(@D) $(SEMODULE_UTILS_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install
+endef
+
+$(eval $(generic-package))
diff --git a/package/sepolgen/Config.in b/package/sepolgen/Config.in
deleted file mode 100644
index 8dd90388c8..0000000000
--- a/package/sepolgen/Config.in
+++ /dev/null
@@ -1,19 +0,0 @@
-config BR2_PACKAGE_SEPOLGEN
- bool "sepolgen"
- depends on BR2_USE_WCHAR # python3
- depends on BR2_USE_MMU # python3
- depends on BR2_TOOLCHAIN_HAS_THREADS # python3
- depends on !BR2_STATIC_LIBS # python3
- select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
- help
- This package contains a Python module that forms the core of
- the modern audit2allow (which is a part of the package
- policycoreutils). It contains infrastructure for parsing
- SELinux related messages as produced by the audit system.
- It has facilities for generating policy based on required
- access.
-
-comment "sepolgen needs a toolchain w/ wchar, threads, dynamic library"
- depends on BR2_USE_MMU
- depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
- BR2_STATIC_LIBS
diff --git a/package/sepolgen/sepolgen.hash b/package/sepolgen/sepolgen.hash
deleted file mode 100644
index b338a7019f..0000000000
--- a/package/sepolgen/sepolgen.hash
+++ /dev/null
@@ -1,2 +0,0 @@
-# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 6a327b1576d914e57ad796a541a7a9bcceefb14c445355559993de0fdb8e7a60 sepolgen-2.6.tar.gz
diff --git a/package/sepolgen/sepolgen.mk b/package/sepolgen/sepolgen.mk
deleted file mode 100644
index ab7f18d857..0000000000
--- a/package/sepolgen/sepolgen.mk
+++ /dev/null
@@ -1,49 +0,0 @@
-################################################################################
-#
-# sepolgen
-#
-################################################################################
-
-SEPOLGEN_VERSION = 2.6
-SEPOLGEN_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
-SEPOLGEN_LICENSE = GPL-2.0
-SEPOLGEN_LICENSE_FILES = COPYING
-
-ifeq ($(BR2_PACKAGE_PYTHON3),y)
-SEPOLGEN_DEPENDENCIES = python3
-SEPOLGEN_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
- PYTHONLIBDIR=/usr/lib/python$(PYTHON3_VERSION_MAJOR)/site-packages
-else
-SEPOLGEN_DEPENDENCIES = python
-SEPOLGEN_MAKE_CMDS = $(TARGET_CONFIGURE_OPTS) \
- PYTHONLIBDIR=/usr/lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-endif
-
-define SEPOLGEN_BUILD_CMDS
- $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) $(TARGET_SEPOLGEN_MAKE_CMDS) DESTDIR=$(TARGET_DIR)
-endef
-
-define SEPOLGEN_INSTALL_TARGET_CMDS
- $(MAKE_ENV) $(MAKE) -C $(@D) $(SEPOLGEN_MAKE_CMDS) DESTDIR=$(TARGET_DIR) install
-endef
-
-ifeq ($(BR2_PACKAGE_PYTHON3),y)
-HOST_SEPOLGEN_DEPENDENCIES = host-python3
-HOST_SEPOLGEN_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
- PYTHONLIBDIR=lib/python$(PYTHON3_VERSION_MAJOR)/site-packages
-else
-HOST_SEPOLGEN_DEPENDENCIES = host-python
-HOST_SEPOLGEN_MAKE_CMDS = $(HOST_CONFIGURE_OPTS) \
- PYTHONLIBDIR=lib/python$(PYTHON_VERSION_MAJOR)/site-packages
-endif
-
-define HOST_SEPOLGEN_BUILD_CMDS
- $(HOST_MAKE_ENV) $(MAKE) -C $(@D) $(HOST_SEPOLGEN_MAKE_CMDS) DESTDIR=$(HOST_DIR)
-endef
-
-define HOST_SEPOLGEN_INSTALL_CMDS
- $(HOST_MAKE_ENV) $(MAKE) -C $(@D) $(HOST_SEPOLGEN_MAKE_CMDS) DESTDIR=$(HOST_DIR) install
-endef
-
-$(eval $(generic-package))
-$(eval $(host-generic-package))
--
2.13.6
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH v8 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1
2017-10-17 16:14 ` [Buildroot] [PATCH v8 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1 Adam Duskett
@ 2017-10-17 16:28 ` Matthew Weber
0 siblings, 0 replies; 7+ messages in thread
From: Matthew Weber @ 2017-10-17 16:28 UTC (permalink / raw)
To: buildroot
Adam,
On Tue, Oct 17, 2017 at 11:14 AM, Adam Duskett <aduskett@gmail.com> wrote:
> The reason for combining these patches is because the old version of
> setools is not compatible iwth libsepol 2.7. If a user where to do a
> git pull on a patch that only updates libsepol or setools, the build
> would fail to compile.
>
> setools has been completely rewritten in python instead of C.
>
> The current version of setools includes a few programs that require
> python-qt5 or python-networkx to run, however the package does not
> check to see if these exist when compiling, and will install the scripts
> to the target directory even if they don't exist.
>
> In the case of python-networkx, this package is not available on Buildroot.
> The scripts that require them are: sedta and seinfoflow.
> In the case of python-qt5, qpol is the script that requires it.
>
> Some setools.mk notes to get the package to compile:
>
> - Convert the package .mk to use python-package instead of autotools-package.
>
> - Remove host variant of setools as it is no longer a dependency for
> policycoreutils.
>
> - setup.py hard codes base_lib_dirs to point to several host directories.
> To fix this, sed is used before compiling to point the base_lib_dirs to
> the staging directory.
>
> - setup.py also includes the "Werror" flag, however compilers before gcc6
> cause a few autogenerated variables to not be initialized before use,
> causing the build to fail.
> To fix this, sed is used before compiling to remove the Werror flag.
>
> - Remove sedta and seinfoflow from the target system after install. These
> packages rely on the package python-networkx which is not available in
> buildroot.
>
> - Remove the installed apol package and the setoolsgui directory from the
> target directory if python-qt5 is not selected.
>
> Other changes:
> - Removed all patches, as they are not compatible with the new version of
> setools.
>
> - Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
>
> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> ---
> Changes v1 -> v2:
> - None
>
> Changes v2 -> v3:
> - Added setools update to this patch due to build failures. (Matthew Weber)
>
> Changes v3 -> v4:
> - Change commit message to read:
> "Convert the package .mk to use python-package instead of
> autotools-package." (Thomas)
> - Added comment explaining that setools is no longer a dependency for
> policycoreutils. (Thomas)
> - Add "depends on BR2_USE_MMU" to setools Config.in (Thomas)
> - Add "(requires python-qt5)" to apol line in setools Config.in (Thomas)
> - Fix setools comment. (Thomas)
> - Add prefix to variables in setools.mk (Thomas)
> - Add remove-werror-flag-from-setup.patch patch. (Thomas)
> - enclose SETOOLS_REMOVE_QT_SCRIPTS in "ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)"
>
> Changes v4 -> v5:
> - Add host variant of setools because the package "refpolicy" depends on it.
> (Matthew Weber)
>
> Changes v5 -> v6:
> - Add two patches from setools-4.1.1-5.fc28.src.rpm, these are needed to run
> the console tools.
> - Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch:
> - This patch removes the need for networkx for the console tools.
> - bswap_-macros-are-defined-in-byteswap.h.patch:
> - This patch fixes a ImportError on s390x.
> - Add prefix on line 44 of setools.mk to REMOVE_BROKEN_SCRIPTS variable.
> - Add python-setuptools as a dependency of setools (pkg_resources)
> - Add python-enum34 as a dependency of setools if python2 is selected.
>
> Changes v6 -> v7:
> - None
>
> Changes v7 -> v8:
> - Removed uneeded 0003-bswap_-macros-are-defined-in-byteswap.h.patch (Thomas)
> - Added HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS to setools.mk (Matthew Weber)
My mistake on this one. These host version of the scripts should be
fixed vs removed. sedta and seinfoflow depend on python-network which
isn't part of buildroot. Those tools are needed for offline policy
inspection/proofs. (offline using the host tools is the only way to
validate a completely policy enforced system)
Up to you if you want to fix this, but it does break functionality
from the current state where the host tools can be used for offline
policy analysis. I'll have to propose a working version at some point
if we leave these out now.
>
> package/libsepol/0001-support-static-only.patch | 32 +++--
> package/libsepol/0003-revert-ln-relative.patch | 18 ++-
> package/libsepol/libsepol.hash | 4 +-
> package/libsepol/libsepol.mk | 4 +-
> package/setools/0001-cross-compile-fixes.patch | 125 ------------------
> .../0001-remove-werror-flag-from-setup.patch | 29 +++++
> ...rt-use-setools.InfoFlowAnalysis-and-setoo.patch | 142 +++++++++++++++++++++
> package/setools/0002-move-python-check.patch | 25 ----
> ...s-Update-for-2015-02-02-Userspace-release.patch | 90 -------------
> package/setools/Config.in | 37 ++----
> package/setools/setools.hash | 7 +-
> package/setools/setools.mk | 117 ++++++++---------
> 12 files changed, 278 insertions(+), 352 deletions(-)
> delete mode 100644 package/setools/0001-cross-compile-fixes.patch
> create mode 100644 package/setools/0001-remove-werror-flag-from-setup.patch
> create mode 100644 package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
> delete mode 100644 package/setools/0002-move-python-check.patch
> delete mode 100644 package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
>
> diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
> index 3e6d555e96..185a5641de 100644
> --- a/package/libsepol/0001-support-static-only.patch
> +++ b/package/libsepol/0001-support-static-only.patch
> @@ -1,4 +1,7 @@
> -Add support for static-only build
> +From 2140db697c7f1da2a0a3f7bbcb14c1a0dade84e5 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett@outlook.com>
> +Date: Mon, 9 Oct 2017 16:28:12 -0400
> +Subject: [PATCH] Add support for static-only build
>
> Instead of unconditionally building shared libraries, this patch
> improves the libsepol build system with a "STATIC" variable, which
> @@ -7,30 +10,30 @@ libraries. It allows to support cases where the target architecture
> does not have support for shared libraries.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> -Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> -
> -Index: b/src/Makefile
> -===================================================================
> +Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> +---
> + src/Makefile | 13 ++++++++++---
> + 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/src/Makefile b/src/Makefile
> -index db6c2ba..0006285 100644
> +index 819d261..040921d 100644
> --- a/src/Makefile
> +++ b/src/Makefile
> -@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
> - override CFLAGS += -I$(CILDIR)/include
> +@@ -40,7 +40,12 @@ LDFLAGS += -undefined dynamic_lookup
> + LN=gln
> endif
>
> +-all: $(LIBA) $(LIBSO) $(LIBPC)
> +ALL_TARGETS = $(LIBA) $(LIBPC)
> +ifeq ($(STATIC),)
> +ALL_TARGETS += $(LIBSO)
> +endif
> -
> --all: $(LIBA) $(LIBSO) $(LIBPC)
> ++
> +all: $(ALL_TARGETS)
>
> -
> +
> $(LIBA): $(OBJS)
> -@@ -66,11 +70,13 @@
> +@@ -82,11 +87,13 @@ endif
> install: all
> test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> install -m 644 $(LIBA) $(LIBDIR)
> @@ -41,8 +44,11 @@ index db6c2ba..0006285 100644
> +ifeq ($(STATIC),)
> + test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> + install -m 755 $(LIBSO) $(SHLIBDIR)
> - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> + $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> +endif
>
> relabel:
> /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> +--
> +2.13.6
> +
> diff --git a/package/libsepol/0003-revert-ln-relative.patch b/package/libsepol/0003-revert-ln-relative.patch
> index 0902d8d40e..488a9abea0 100644
> --- a/package/libsepol/0003-revert-ln-relative.patch
> +++ b/package/libsepol/0003-revert-ln-relative.patch
> @@ -1,4 +1,7 @@
> -Makefile: revert libsepol: use ln --relative to create .so symlinks
> +From 16b2b0e21e10727065042a1baabd1a887757c65c Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett@outlook.com>
> +Date: Mon, 9 Oct 2017 16:29:36 -0400
> +Subject: [PATCH] Makefile: revert libsepol: use ln --relative to create .so symlinks
>
> This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998
>
> @@ -9,16 +12,23 @@ they are maintained (up to 10 years in some cases?).
> For the sake of Buildroot, revert the upstream patch.
>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> +---
> + src/Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff -durN a/src/Makefile b/src/Makefile
> +diff --git a/src/Makefile b/src/Makefile
> +index 040921d..e811c9e 100644
> --- a/src/Makefile
> +++ b/src/Makefile
> -@@ -77,7 +77,7 @@
> +@@ -92,7 +92,7 @@ install: all
> ifeq ($(STATIC),)
> test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> install -m 755 $(LIBSO) $(SHLIBDIR)
> -- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> +- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> + cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> endif
>
> relabel:
> +--
> +2.13.6
> +
> diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
> index 6c705067a2..08e2bf97a4 100644
> --- a/package/libsepol/libsepol.hash
> +++ b/package/libsepol/libsepol.hash
> @@ -1,2 +1,2 @@
> -# From https://github.com/SELinuxProject/selinux/wiki/Releases
> -sha256 d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874 libsepol-2.6.tar.gz
> +# From: https://github.com/SELinuxProject/selinux/wiki/Releases
> +sha256 d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7 libsepol-2.7.tar.gz
> diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
> index 21ca419c74..c54c3bfc42 100644
> --- a/package/libsepol/libsepol.mk
> +++ b/package/libsepol/libsepol.mk
> @@ -4,8 +4,8 @@
> #
> ################################################################################
>
> -LIBSEPOL_VERSION = 2.6
> -LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
> +LIBSEPOL_VERSION = 2.7
> +LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
> LIBSEPOL_LICENSE = LGPL-2.1+
> LIBSEPOL_LICENSE_FILES = COPYING
>
> diff --git a/package/setools/0001-cross-compile-fixes.patch b/package/setools/0001-cross-compile-fixes.patch
> deleted file mode 100644
> index 1a4af0ce31..0000000000
> --- a/package/setools/0001-cross-compile-fixes.patch
> +++ /dev/null
> @@ -1,125 +0,0 @@
> -Correct build issues to enable cross compiling. These changes require the
> -package to be auto reconfigured.
> -
> -These updates were not upsteamed as the 3.3.x version has stablized and they
> -were only taking bug fixes. Also the 4.0 preview has completely reworked
> -the build infrastructure which will require this to be revisited.
> -
> -Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
> -
> -diff -urN a/configure.ac b/configure.ac
> ---- a/configure.ac 2013-01-16 10:36:24.000000000 -0600
> -+++ b/configure.ac 2013-07-12 08:22:10.380255248 -0500
> -@@ -448,8 +448,9 @@
> - sepol_srcdir="")
> - if test "x${sepol_srcdir}" = "x"; then
> - sepol_srcdir=${sepol_devel_libdir}
> -- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
> -- AC_MSG_ERROR([make sure libsepol-static is installed]))
> -+ if test ! -f ${sepol_srcdir}/libsepol.a; then
> -+ AC_MSG_ERROR([could not find precompiled libsepol.a])
> -+ fi
> - else
> - AC_MSG_CHECKING([for compatible sepol source tree])
> - sepol_version=${sepol_srcdir}/VERSION
> -@@ -484,8 +485,9 @@
> - AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
> - CFLAGS="${sepol_src_save_CFLAGS}"
> - CPPFLAGS="${sepol_src_save_CPPFLAGS}"
> -- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
> -- AC_MSG_ERROR([could not find precompiled libsepol.a]))
> -+ if test ! -f ${sepol_srcdir}/libsepol.a; then
> -+ AC_MSG_ERROR([could not find precompiled libsepol.a])
> -+ fi
> - sepol_devel_incdir="${sepol_srcdir}/../include"
> - fi
> - SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
> -@@ -578,12 +580,13 @@
> - [AC_LANG_SOURCE([
> - #include <sepol/policydb/expand.h>
> - int main () {
> -- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
> -+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
> - }])],
> - AC_MSG_RESULT([yes]),
> - AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
> - fi
> - sepol_new_expand_boolmap="yes"
> -+ sepol_new_user_role_mapping="yes"
> - else
> - sepol_new_expand_boolmap="no"
> - fi
> -@@ -607,7 +610,8 @@
> - exit(EXIT_FAILURE);
> - }])],
> - sepol_policy_version_max=`cat conftest.data`,
> -- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
> -+ AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
> -+ sepol_policy_version_max="26")
> - AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
> - CFLAGS="${sepol_save_CFLAGS}"
> - CPPFLAGS="${sepol_save_CPPFLAGS}"
> -@@ -631,7 +635,7 @@
> - changequote([,])dnl
> - selinux_save_CFLAGS="${CFLAGS}"
> - CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
> -- gcc ${CFLAGS} -o conftest conftest.c >&5
> -+ ${CC} ${CFLAGS} -o conftest conftest.c >&5
> - selinux_policy_dir=`./conftest`
> - AC_MSG_RESULT(${selinux_policy_dir})
> - CFLAGS="${selinux_save_CFLAGS}"
> -diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
> ---- a/libqpol/src/policy_define.c 2013-01-16 10:36:24.000000000 -0600
> -+++ b/libqpol/src/policy_define.c 2013-07-12 08:22:10.380255248 -0500
> -@@ -2135,7 +2135,7 @@
> - #ifdef HAVE_SEPOL_ROLE_ATTRS
> - if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
> - #elif HAVE_SEPOL_USER_ROLE_MAPPING
> -- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
> -+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
> - #else
> - if (role_set_expand(&roles, &e_roles, policydbp))
> - #endif
> -diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
> ---- a/m4/ac_python_devel.m4 2013-01-16 10:36:22.000000000 -0600
> -+++ b/m4/ac_python_devel.m4 2013-07-12 08:22:10.380255248 -0500
> -@@ -234,7 +234,7 @@
> - AC_MSG_CHECKING([consistency of all components of python development environment])
> - AC_LANG_PUSH([C])
> - # save current global flags
> -- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
> -+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
> - CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
> - AC_TRY_LINK([
> - #include <Python.h>
> -diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
> ---- a/python/setools/Makefile.am 2013-01-16 10:36:22.000000000 -0600
> -+++ b/python/setools/Makefile.am 2013-07-12 08:22:19.200251011 -0500
> -@@ -22,13 +22,13 @@
> - python-build: sesearch.c seinfo.c
> - @mkdir -p setools
> - @cp __init__.py setools
> -- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
> -+ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
> -
> - install-exec-hook:
> -- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
> -+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
> -
> - uninstall-hook:
> -- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
> -+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
> -
> - clean-local:
> - $(PYTHON) setup.py clean -a
> ---- a/python/setools/setup.py 2013-01-16 10:36:22.000000000 -0600
> -+++ b/python/setools/setup.py 2013-09-04 09:17:48.452916991 -0500
> -@@ -8,7 +8,7 @@
> - try:
> - inc=os.getenv("INCLUDES").split(" ")
> - INCLUDES=map(lambda x: x[2:], inc)
> -- LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
> -+ LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
> - except:
> - INCLUDES=""
> - LIBDIRS=""
> diff --git a/package/setools/0001-remove-werror-flag-from-setup.patch b/package/setools/0001-remove-werror-flag-from-setup.patch
> new file mode 100644
> index 0000000000..b1446e2ec3
> --- /dev/null
> +++ b/package/setools/0001-remove-werror-flag-from-setup.patch
> @@ -0,0 +1,29 @@
> +From b2fe84bfd00117d4897f1f2e8f83d3410eb188b8 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett@outlook.com>
> +Date: Thu, 12 Oct 2017 22:04:58 -0400
> +Subject: [PATCH] remove werror flag from setup
> +
> +Compilers older than gcc6 will generate uninitialized variable warnings which
> +will cause compiling to fail.
> +
> +Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> +---
> + setup.py | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/setup.py b/setup.py
> +index 2ca44c9..9319bf6 100644
> +--- a/setup.py
> ++++ b/setup.py
> +@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
> + 'libqpol/policy_scan.c',
> + 'libqpol/xen_query.c'],
> + include_dirs=include_dirs,
> +- extra_compile_args=['-Werror', '-Wextra',
> ++ extra_compile_args=['-Wextra',
> + '-Waggregate-return',
> + '-Wfloat-equal',
> + '-Wformat', '-Wformat=2',
> +--
> +2.13.6
> +
> diff --git a/package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
> new file mode 100644
> index 0000000000..1ef1cd69bc
> --- /dev/null
> +++ b/package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
> @@ -0,0 +1,142 @@
> +From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
> +From: rpm-build <rpm-build>
> +Date: Thu, 23 Feb 2017 08:17:07 +0100
> +Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
> + setools.DomainTransitionAnalysis
> +
> +dta and infoflow modules require networkx which brings lot of dependencies.
> +These dependencies are not necessary for setools module itself as it's
> +used in policycoreutils.
> +
> +Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
> +setools.dta.DomainTransitionAnalysis and let the package containing
> +sedta and seinfoflow to require python3-networkx
> +
> +Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> +---
> + sedta | 3 ++-
> + seinfoflow | 3 ++-
> + setools/__init__.py | 4 ++--
> + setoolsgui/apol/dta.py | 2 +-
> + setoolsgui/apol/infoflow.py | 2 +-
> + tests/dta.py | 3 ++-
> + tests/infoflow.py | 3 ++-
> + 7 files changed, 12 insertions(+), 8 deletions(-)
> +
> +diff --git a/sedta b/sedta
> +index 1c76ebb..255ad49 100755
> +--- a/sedta
> ++++ b/sedta
> +@@ -23,6 +23,7 @@ import argparse
> + import logging
> +
> + import setools
> ++import setools.dta
> +
> +
> + def print_transition(trans):
> +@@ -111,7 +112,7 @@ else:
> +
> + try:
> + p = setools.SELinuxPolicy(args.policy)
> +- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
> ++ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
> +
> + if args.shortest_path or args.all_paths:
> + if args.shortest_path:
> +diff --git a/seinfoflow b/seinfoflow
> +index b287921..d53bdef 100755
> +--- a/seinfoflow
> ++++ b/seinfoflow
> +@@ -19,6 +19,7 @@
> +
> + from __future__ import print_function
> + import setools
> ++import setools.infoflow
> + import argparse
> + import sys
> + import logging
> +@@ -79,7 +80,7 @@ else:
> + try:
> + p = setools.SELinuxPolicy(args.policy)
> + m = setools.PermissionMap(args.map)
> +- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
> ++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
> +
> + if args.shortest_path or args.all_paths:
> + if args.shortest_path:
> +diff --git a/setools/__init__.py b/setools/__init__.py
> +index a84c846..a53c5a7 100644
> +--- a/setools/__init__.py
> ++++ b/setools/__init__.py
> +@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
> + from .devicetreeconquery import DevicetreeconQuery
> +
> + # Information Flow Analysis
> +-from .infoflow import InfoFlowAnalysis
> ++# from .infoflow import InfoFlowAnalysis
> + from .permmap import PermissionMap
> +
> + # Domain Transition Analysis
> +-from .dta import DomainTransitionAnalysis
> ++# from .dta import DomainTransitionAnalysis
> +
> + # Policy difference
> + from .diff import PolicyDifference
> +diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
> +index 0aaf13f..5b1ea20 100644
> +--- a/setoolsgui/apol/dta.py
> ++++ b/setoolsgui/apol/dta.py
> +@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
> + from PyQt5.QtGui import QPalette, QTextCursor
> + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
> + QTreeWidgetItem
> +-from setools import DomainTransitionAnalysis
> ++from setools.dta import DomainTransitionAnalysis
> +
> + from ..logtosignal import LogHandlerToSignal
> + from .analysistab import AnalysisTab
> +diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
> +index 1ae16de..fdf8f7b 100644
> +--- a/setoolsgui/apol/infoflow.py
> ++++ b/setoolsgui/apol/infoflow.py
> +@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
> + from PyQt5.QtGui import QPalette, QTextCursor
> + from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
> + QTreeWidgetItem
> +-from setools import InfoFlowAnalysis
> ++from setools.infoflow import InfoFlowAnalysis
> + from setools.exception import UnmappedClass, UnmappedPermission
> +
> + from ..logtosignal import LogHandlerToSignal
> +diff --git a/tests/dta.py b/tests/dta.py
> +index 32b9271..2bdd052 100644
> +--- a/tests/dta.py
> ++++ b/tests/dta.py
> +@@ -17,7 +17,8 @@
> + #
> + import unittest
> +
> +-from setools import SELinuxPolicy, DomainTransitionAnalysis
> ++from setools import SELinuxPolicy
> ++from setools.dta import DomainTransitionAnalysis
> + from setools import TERuletype as TERT
> + from setools.policyrep.exception import InvalidType
> + from setools.policyrep.typeattr import Type
> +diff --git a/tests/infoflow.py b/tests/infoflow.py
> +index 7751dda..a21c683 100644
> +--- a/tests/infoflow.py
> ++++ b/tests/infoflow.py
> +@@ -17,7 +17,8 @@
> + #
> + import unittest
> +
> +-from setools import SELinuxPolicy, InfoFlowAnalysis
> ++from setools import SELinuxPolicy
> ++from setools.infoflow import InfoFlowAnalysis
> + from setools import TERuletype as TERT
> + from setools.permmap import PermissionMap
> + from setools.policyrep.exception import InvalidType
> +--
> +2.9.3
> +
> diff --git a/package/setools/0002-move-python-check.patch b/package/setools/0002-move-python-check.patch
> deleted file mode 100644
> index cef2cec996..0000000000
> --- a/package/setools/0002-move-python-check.patch
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -Correct a build issue that occurs when python is not found
> -in the path. This check should only be done if swig-python
> -option is selected.
> -
> -Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
> -
> ---- a/configure.ac 2015-05-15 12:28:07.566060349 -0500
> -+++ b/configure.ac 2015-05-28 15:07:25.357072800 -0500
> -@@ -217,8 +217,6 @@
> - do_swigify=yes
> - fi
> -
> --AM_PATH_PYTHON(2.7)
> --
> - AC_ARG_ENABLE(swig-python,
> - AC_HELP_STRING([--enable-swig-python],
> - [build SWIG interfaces for Python]),
> -@@ -227,6 +225,7 @@
> - if test ${do_swigify} = no; then
> - AC_PROG_SWIG(2.0.0)
> - fi
> -+ AM_PATH_PYTHON(2.7)
> - SWIG_PYTHON
> - do_swigify_python=yes
> - do_swigify=yes
> diff --git a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch b/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
> deleted file mode 100644
> index b0842d961a..0000000000
> --- a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
> +++ /dev/null
> @@ -1,90 +0,0 @@
> -setools: Add patch to support 2.4 toolstack.
> -Signed-off-by: Philip Tricca <flihp@twobit.us>
> -Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
> -URL: https://github.com/flihp/meta-selinux/commit/e09eaef7a9acb552a4a5e1f90117154ae06b6fda
> -
> -Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> -
> -diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
> -index fad6b60..231962f 100644
> ---- a/libqpol/src/policy_define.c
> -+++ b/libqpol/src/policy_define.c
> -@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
> - return -1;
> - }
> - class_perm_node_init(perm);
> -- perm->class = i + 1;
> -+ perm->tclass = i + 1;
> - perm->data = datum->s.value;
> - perm->next = avrule->perms;
> - avrule->perms = perm;
> -@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
> - goto out;
> - }
> - class_perm_node_init(cur_perms);
> -- cur_perms->class = i + 1;
> -+ cur_perms->tclass = i + 1;
> - if (!perms)
> - perms = cur_perms;
> - if (tail)
> -diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
> -index 5325a87..1417271 100644
> ---- a/libqpol/src/policy_extend.c
> -+++ b/libqpol/src/policy_extend.c
> -@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> - for (class_node = rule->perms; class_node; class_node = class_node->next) {
> - key.rule_type = rule->specified;
> - key.source_val = key.target_val = i + 1;
> -- key.class_val = class_node->class;
> -+ key.class_val = class_node->tclass;
> - key.cond = cond;
> - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> - goto err;
> -@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> - key.rule_type = rule->specified;
> - key.source_val = i + 1;
> - key.target_val = j + 1;
> -- key.class_val = class_node->class;
> -+ key.class_val = class_node->tclass;
> - key.cond = cond;
> - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> - goto err;
> -diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
> -index 3e63204..d7578f1 100644
> ---- a/libqpol/src/syn_rule_query.c
> -+++ b/libqpol/src/syn_rule_query.c
> -@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
> - return NULL;
> - }
> -
> -- return db->class_val_to_struct[srcs->cur->class - 1];
> -+ return db->class_val_to_struct[srcs->cur->tclass - 1];
> - }
> -
> - static int syn_rule_class_state_next(qpol_iterator_t * iter)
> -@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
> - }
> -
> - for (node = internal_rule->perms; node; node = node->next) {
> -- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
> -+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
> - if (!(node->data & (1 << i)))
> - continue;
> -- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
> -+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
> - if (tmp) {
> - tmp++; /* remove prepended space */
> - for (cur = 0; cur < perm_list_sz; cur++)
> -diff --git a/secmds/replcon.cc b/secmds/replcon.cc
> -index 34f7c1a..307c39f 100644
> ---- a/secmds/replcon.cc
> -+++ b/secmds/replcon.cc
> -@@ -60,7 +60,7 @@ static struct option const longopts[] = {
> - {NULL, 0, NULL, 0}
> - };
> -
> --extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
> -+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
> -
> - /**
> - * As that setools must work with older libselinux versions that may
> diff --git a/package/setools/Config.in b/package/setools/Config.in
> index d7b119ffc6..ae0c45fe3f 100644
> --- a/package/setools/Config.in
> +++ b/package/setools/Config.in
> @@ -1,36 +1,27 @@
> config BR2_PACKAGE_SETOOLS
> bool "setools"
> - depends on BR2_TOOLCHAIN_HAS_THREADS
> + depends on !BR2_arc # arc: libselinux not available
> depends on !BR2_STATIC_LIBS
> - depends on BR2_INSTALL_LIBSTDCPP
> + depends on BR2_TOOLCHAIN_HAS_THREADS
> depends on BR2_USE_WCHAR
> depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
> - # bfin: infamous _ symbol prefix issue
> - # nios2: triggers some toolchain issue "No symbol version
> - # section for versioned symbol"
> - # arc: libselinux not available
> - depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
> + depends on BR2_USE_MMU
> + select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
> + select BR2_PACKAGE_PYTHON_ENUM34 if !BR2_PACKAGE_PYTHON3
> + select BR2_PACKAGE_PYTHON_SETUPTOOLS
> select BR2_PACKAGE_LIBSELINUX
> - select BR2_PACKAGE_SQLITE
> - select BR2_PACKAGE_LIBXML2
> - select BR2_PACKAGE_BZIP2
> help
> SETools is an open source project designed to facilitate
> SELinux policy analysis. The primary tools are:
> - * apol - analyze a SELinux policy.
> - * seaudit - analyze audit messages from SELinux.
> - * seaudit-report - generate highly-customized audit log
> - reports.
> - * sechecker - command line tool for performing modular
> - checks on an SELinux policy.
> + * apol - analyze a SELinux policy. (requires python-qt5)
> * sediff - semantic policy difference tool for SELinux.
> - * secmds - command-line tools to analyze and search SELinux
> - policy.
> + * sedta - Perform domain transition analyses
> + * sesearch - Search rules (allow, type_transition, etc.)
>
> - https://github.com/TresysTechnology/setools3/wiki
> + https://github.com/TresysTechnology/setools
>
> comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
> - depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
> - || !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP \
> - || !BR2_TOOLCHAIN_USES_GLIBC
> - depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
> + depends on BR2_USE_MMU && !BR2_arc
> + depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
> + !BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
> + !BR2_INSTALL_LIBSTDCPP
> diff --git a/package/setools/setools.hash b/package/setools/setools.hash
> index d422e6607b..8729297064 100644
> --- a/package/setools/setools.hash
> +++ b/package/setools/setools.hash
> @@ -1,4 +1,7 @@
> # From https://github.com/TresysTechnology/setools3/wiki/Download
> -md5 d68d0d4e4da0f01da0f208782ff04b91 setools-3.3.8.tar.bz2
> +md5 d68d0d4e4da0f01da0f208782ff04b91 setools-4.1.1.tar.bz2
> # Locally computed
> -sha256 44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999 setools-3.3.8.tar.bz2
> +sha256 46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610 setools-4.1.1.tar.gz
> +sha256 2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
> +sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
> +sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
> diff --git a/package/setools/setools.mk b/package/setools/setools.mk
> index d2e9f05998..77b57bc531 100644
> --- a/package/setools/setools.mk
> +++ b/package/setools/setools.mk
> @@ -4,81 +4,66 @@
> #
> ################################################################################
>
> -SETOOLS_VERSION = 3.3.8
> -SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
> -SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)
> -SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2 host-bison host-flex
> +SETOOLS_VERSION = 4.1.1
> +SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
> +SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-flex host-swig
> SETOOLS_INSTALL_STAGING = YES
> SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
> SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
> +SETOOLS_SETUP_TYPE = setuptools
>
> -# configure.ac is patched by the cross compile patch,
> -# so autoreconf is necessary
> -SETOOLS_AUTORECONF = YES
> +ifeq ($(BR2_PACKAGE_PYTHON3),y)
> +SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
> +else
> +SETOOLS_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
> +SETOOLS_DEPENDENCIES += python-enum34
> +endif
>
> -# Notes: Need "disable-selinux-check" so the configure does not check to see
> -# if host has selinux enabled.
> -# No python support as only the libraries and commandline tools are
> -# installed on target
> -SETOOLS_CONF_OPTS = \
> - --disable-debug \
> - --disable-gui \
> - --disable-bwidget-check \
> - --disable-selinux-check \
> - --disable-swig-java \
> - --disable-swig-python \
> - --disable-swig-tcl \
> - --with-sepol-devel="$(STAGING_DIR)/usr" \
> - --with-selinux-devel="$(STAGING_DIR)/usr"
> +define SETOOLS_FIX_SETUP
> + # By default, setup.py will look for libsepol.a in the host directory. This
> + # needs to be changed to the staging directory.
> + $(SED) "s at base_lib_dirs =.*@base_lib_dirs = ['$(STAGING_DIR)/usr/lib']@g" \
> + $(@D)/setup.py
> +endef
> +SETOOLS_POST_PATCH_HOOKS += SETOOLS_FIX_SETUP
>
> -ifeq ($(BR2_sparc64):$(BR2_STATIC_LIBS),y:)
> -SETOOLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -fPIC"
> -endif
> +define HOST_SETOOLS_FIX_SETUP
> + # By default, setup.py will look for libsepol.a in the host directory. This
> + # needs to be changed to the staging directory.
> + $(SED) "s at base_lib_dirs =.*@base_lib_dirs = ['$(HOST_DIR)/usr/lib']@g" \
> + $(@D)/setup.py
> +endef
> +HOST_SETOOLS_POST_PATCH_HOOKS += HOST_SETOOLS_FIX_SETUP
>
> -HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
> - host-libxml2 host-bzip2 host-bison
> +# sedta and seinfoflow depends on python-networkx. This package is not
> +# available in buildroot.
> +define SETOOLS_REMOVE_BROKEN_SCRIPTS
> + $(RM) $(TARGET_DIR)/usr/bin/sedta
> + $(RM) $(TARGET_DIR)/usr/bin/seinfoflow
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_BROKEN_SCRIPTS
>
> -ifeq ($(BR2_PACKAGE_PYTHON3),y)
> -HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
> -HOST_SETOOLS_DEPENDENCIES += host-python3
> -HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
> -else
> -HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
> -HOST_SETOOLS_DEPENDENCIES += host-python
> -HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
> +# apol requires pyqt5, but is installed by default. Remove these scripts from
> +# the target it pyqt5 is not selected.
> +ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
> +define SETOOLS_REMOVE_QT_SCRIPTS
> + $(RM) $(TARGET_DIR)/usr/bin/apol
> + rmdir --ignore-fail-on-non-empty $(TARGET_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
> endif
>
> -HOST_SETOOLS_PYTHON_SITE_PACKAGES = $(HOST_DIR)/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages
> -HOST_SETOOLS_PYTHON_INCLUDES = $(HOST_DIR)/include/python$(HOST_SETOOLS_PYTHON_VERSION)
> -HOST_SETOOLS_PYTHON_LIB = -lpython$(HOST_SETOOLS_PYTHON_VERSION)
> -
> -# Notes: Need "disable-selinux-check" so the configure does not check to see
> -# if host has selinux enabled.
> -# Host builds with python support to enable tools for offline target
> -# policy analysis
> -HOST_SETOOLS_CONF_OPTS = \
> - --disable-debug \
> - --disable-gui \
> - --disable-bwidget-check \
> - --disable-selinux-check \
> - --disable-swig-java \
> - --disable-swig-python \
> - --disable-swig-tcl \
> - --with-sepol-devel="$(HOST_DIR)" \
> - --with-selinux-devel="$(HOST_DIR)" \
> - PYTHON_LDFLAGS="-L$(HOST_DIR)/lib/" \
> - PYTHON_CPPFLAGS="-I$(HOST_SETOOLS_PYTHON_INCLUDES)" \
> - PYTHON_SITE_PKG="$(HOST_SETOOLS_PYTHON_SITE_PACKAGES)" \
> - PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil $(HOST_SETOOLS_PYTHON_LIB)"
>
> -HOST_SETOOLS_CONF_ENV += \
> - am_cv_pathless_PYTHON=python \
> - ac_cv_path_PYTHON=$(HOST_DIR)/bin/python \
> - am_cv_python_platform=linux2 \
> - am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
> - am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> - am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> - am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
> +# sedta and seinfoflow depends on python-networkx. This package is not
> +# available in buildroot. pyqt5 is not a host-package. Remove these scripts
> +# from the host directory as well.
> +define HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
> + $(RM) $(HOST_DIR)/usr/bin/sedta
> + $(RM) $(HOST_DIR)/usr/bin/seinfoflow
> + $(RM) $(HOST_DIR)/usr/bin/apol
> + rmdir --ignore-fail-on-non-empty $(HOST_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
> +endef
> +HOST_SETOOLS_POST_INSTALL_TARGET_HOOKS += HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
>
> -$(eval $(autotools-package))
> -$(eval $(host-autotools-package))
> +$(eval $(python-package))
> +$(eval $(host-python-package))
> --
> 2.13.6
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software / Secure Platforms
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7
2017-10-17 16:14 [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7 Adam Duskett
` (3 preceding siblings ...)
2017-10-17 16:14 ` [Buildroot] [PATCH v8 5/5] policycoreutils: split packages and " Adam Duskett
@ 2017-10-18 18:28 ` Matthew Weber
4 siblings, 0 replies; 7+ messages in thread
From: Matthew Weber @ 2017-10-18 18:28 UTC (permalink / raw)
To: buildroot
Adam,
On Tue, Oct 17, 2017 at 11:14 AM, Adam Duskett <aduskett@gmail.com> wrote:
> remove patch as it's in this release.
>
> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> ---
> Changes v1 -> v2:
> - None
>
> Changes v2 -> v3:
> - None
>
> Changes v3 -> v4:
> - None
>
> Changes v4 -> v5:
> - None
>
> Changes v5 -> v6:
> - None
>
> Changes v6 -> v7:
> - None
Was there python swig stuff conslidated from another selinux related
package into this package as part of the 2.7 bump? Wondering if we
already have this swig fix in another patch we can pull over before I
look to deep....
http://autobuild.buildroot.net/results/990/990aaa4c05bc28dd19668442f2b672d6bb095dcd/build-end.log
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-10-18 18:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-17 16:14 [Buildroot] [PATCH v8 1/5] libselinux: bump to 2.7 Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 2/5] libsemanage: " Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1 Adam Duskett
2017-10-17 16:28 ` Matthew Weber
2017-10-17 16:14 ` [Buildroot] [PATCH v8 4/5] checkpolicy: bump to 2.7 Adam Duskett
2017-10-17 16:14 ` [Buildroot] [PATCH v8 5/5] policycoreutils: split packages and " Adam Duskett
2017-10-18 18:28 ` [Buildroot] [PATCH v8 1/5] libselinux: " Matthew Weber
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.