[Buildroot] [PATCH v3 0/8] Bump of SElinux related libs/tools to 3.0

[Buildroot] [PATCH v3 0/8] Bump of SElinux related libs/tools to 3.0

[Matt Weber]

 - Switches to using the date (i.e. 20191204) abased release tagging
   for better alignment with https://release-monitoring.org/project/01717/

 - Added selinux-python which was missed in the v2 of this bump by
   Adam (http://patchwork.ozlabs.org/project/buildroot/list/?series=156673)

 Tested with the following reduced configuration for legal info and
 build.

BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-virt/linux.config"
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_PACKAGE_POLICYCOREUTILS=y
BR2_PACKAGE_RESTORECOND=y
BR2_PACKAGE_SELINUX_PYTHON=y
BR2_PACKAGE_SELINUX_PYTHON_AUDIT2ALLOW=y
BR2_PACKAGE_SETOOLS=y
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set



Adam Duskett (7):
  package/libselinux: bump version to 3.0
  package/libsemanage: bump version to 3.0
  package/libsepol: bump version to 3.0
  package/policycoreutils: bump version to 3.0
  package/restorecond: bump version to 3.0
  package/semodule-utils: bump version to 3.0
  package/checkpolicy: bump version to 3.0

Matt Weber (1):
  package/selinux-python: bump to version 3.0

 package/checkpolicy/checkpolicy.hash          |   9 +-
 package/checkpolicy/checkpolicy.mk            |   8 +-
 package/libselinux/0001-fix-musl-build.patch  |  22 +-
 ...-and-rely-on-the-installed-file-nam.patch} |  14 +-
 ...ng-against-musl-and-uclibc-libraries.patch |  32 +++
 ...ython-distutils-to-install-SELinux-p.patch | 207 ------------------
 ...-t-pass-bogus-I-and-L-to-python-setu.patch |  34 ---
 package/libselinux/libselinux.hash            |   9 +-
 package/libselinux/libselinux.mk              |  29 +--
 package/libsemanage/libsemanage.hash          |   5 +-
 package/libsemanage/libsemanage.mk            |  20 +-
 .../libsepol/0001-support-static-only.patch   |   6 +-
 package/libsepol/Config.in                    |   3 +-
 package/libsepol/libsepol.hash                |   9 +-
 package/libsepol/libsepol.mk                  |   8 +-
 ...-all-paths-that-use-an-absolute-path.patch |   6 +-
 .../0002-Add-PREFIX-to-host-paths.patch       |  12 +-
 package/policycoreutils/policycoreutils.hash  |   7 +-
 package/policycoreutils/policycoreutils.mk    |   8 +-
 package/restorecond/restorecond.hash          |   9 +-
 package/restorecond/restorecond.mk            |   8 +-
 package/selinux-python/selinux-python.hash    |   9 +-
 package/selinux-python/selinux-python.mk      |   8 +-
 package/semodule-utils/semodule-utils.hash    |   9 +-
 package/semodule-utils/semodule-utils.mk      |   8 +-
 25 files changed, 146 insertions(+), 353 deletions(-)
 rename package/libselinux/{0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch => 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch} (89%)
 create mode 100644 package/libselinux/0003-fix-building-against-musl-and-uclibc-libraries.patch
 delete mode 100644 package/libselinux/0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
 delete mode 100644 package/libselinux/0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch

-- 
2.17.1

[Buildroot] [PATCH v3 1/8] package/libselinux: bump version to 3.0

[Matt Weber]

From: Adam Duskett <aduskett@gmail.com>

Other changes:
  - Remove upstream packages.
  - Modify existing patches to work with 3.0.
  - Remove Python2 check, as 3.0 has removed Python2 support.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 package/libselinux/0001-fix-musl-build.patch  |  22 +-
 ...-and-rely-on-the-installed-file-nam.patch} |  14 +-
 ...ng-against-musl-and-uclibc-libraries.patch |  32 +++
 ...ython-distutils-to-install-SELinux-p.patch | 207 ------------------
 ...-t-pass-bogus-I-and-L-to-python-setu.patch |  34 ---
 package/libselinux/libselinux.hash            |   9 +-
 package/libselinux/libselinux.mk              |  29 +--
 7 files changed, 68 insertions(+), 279 deletions(-)
 rename package/libselinux/{0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch => 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch} (89%)
 create mode 100644 package/libselinux/0003-fix-building-against-musl-and-uclibc-libraries.patch
 delete mode 100644 package/libselinux/0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
 delete mode 100644 package/libselinux/0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch

diff --git a/package/libselinux/0001-fix-musl-build.patch b/package/libselinux/0001-fix-musl-build.patch
index 7af3a3c36f..dbe88b4fc2 100644
--- a/package/libselinux/0001-fix-musl-build.patch
+++ b/package/libselinux/0001-fix-musl-build.patch
@@ -1,4 +1,7 @@
-fix undefined macros in musl
+From 78f7f09028fdd6a5e8e4e4b584749621eaef412f Mon Sep 17 00:00:00 2001
+From: Yann E. MORIN" <yann.morin.1998@free.fr>
+Date: Sat, 7 Dec 2019 17:24:50 -0800
+Subject: [PATCH] fix undefined macros in musl
 
 musl does not define glibc-specific macros, so use a simple version of
 the macro when it is not defined.
@@ -9,11 +12,13 @@ Domain, and we want to avoid license propagation, so this macro is
 completely written from scratch, and non-optimal.
 
 Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
-
-diff -durN libselinux-2.1.13.orig/src/booleans.c libselinux-2.1.13/src/booleans.c
---- libselinux-2.1.13.orig/src/booleans.c	2013-02-06 02:43:22.000000000 +0100
-+++ libselinux-2.1.13/src/booleans.c	2015-07-26 20:40:41.311801914 +0200
-@@ -62,6 +62,14 @@
+[Updated for 3.0]
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
+diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
+index ffa8d26..8569002 100644
+--- a/libselinux/src/booleans.c
++++ b/libselinux/src/booleans.c
+@@ -65,6 +65,14 @@ int security_get_boolean_names(char ***names, int *len)
  		goto bad;
  	}
  
@@ -26,5 +31,8 @@ diff -durN libselinux-2.1.13.orig/src/booleans.c libselinux-2.1.13/src/booleans.
 +#endif
 +
  	for (i = 0; i < *len; i++) {
- 		n[i] = (char *)malloc(_D_ALLOC_NAMLEN(namelist[i]));
+ 		n[i] = strdup(namelist[i]->d_name);
  		if (!n[i]) {
+-- 
+2.23.0
+
diff --git a/package/libselinux/0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
similarity index 89%
rename from package/libselinux/0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
rename to package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index c960e1db7e..9b021c34ed 100644
--- a/package/libselinux/0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -17,14 +17,16 @@ was installed.
 
 [Upstream: https://github.com/SELinuxProject/selinux/pull/184]
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+[Refreshed for 3.0]
+Signed-off-by: Adam Duskett <Aduskett@gmail.com>
 ---
- src/Makefile | 3 +--
+ libselinux/src/Makefile | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)
 
-diff --git a/src/Makefile b/src/Makefile
-index 799df2b0..95684ed7 100644
---- a/src/Makefile
-+++ b/src/Makefile
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index 4b6a4d4..7b14ef1 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
 @@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
  PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
  PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
@@ -43,5 +45,5 @@ index 799df2b0..95684ed7 100644
  install-rubywrap: rubywrap
  	test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) 
 -- 
-2.21.0
+2.23.0
 
diff --git a/package/libselinux/0003-fix-building-against-musl-and-uclibc-libraries.patch b/package/libselinux/0003-fix-building-against-musl-and-uclibc-libraries.patch
new file mode 100644
index 0000000000..72594260ad
--- /dev/null
+++ b/package/libselinux/0003-fix-building-against-musl-and-uclibc-libraries.patch
@@ -0,0 +1,32 @@
+From 0f6cd4ef20639ac3b3e26af8f743ee03b5d6f8a4 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Aduskett@gmail.com>
+Date: Wed, 11 Dec 2019 14:00:16 -0800
+Subject: [PATCH] Fix building against musl and uClibc libc libraries.
+
+Currently, the src/Makefile provides the FTS_LDLIBS when building against musl
+or uClibc. However, this is missing from utils/Makefile, which causes linking
+to fail.
+
+Add the FTS_LDLIBS variable to the LDLIBS variable in utils/Makefile to fix
+compiling against uClibc and musl.
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+
+---
+ libselinux/libselinux/utils/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
+index 36150638..a5632b7c 100644
+--- a/libselinux/utils/Makefile
++++ b/libselinux/utils/Makefile
+@@ -45,7 +45,7 @@ endif
+ 
+ override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
+ override LDFLAGS += -L../src
+-override LDLIBS += -lselinux
++override LDLIBS += -lselinux $(FTS_LDLIBS)
+ PCRE_LDLIBS ?= -lpcre
+ 
+ ifeq ($(ANDROID_HOST),y)
+
diff --git a/package/libselinux/0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch b/package/libselinux/0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
deleted file mode 100644
index b1727af459..0000000000
--- a/package/libselinux/0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-From 89c296e7e9219f54c74f8c3f42940100cbcac962 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Fri, 7 Jun 2019 17:35:44 +0200
-Subject: [PATCH] libselinux: Use Python distutils to install SELinux python
- bindings
-
-Follow officially documented way how to build C extension modules using
-distutils - https://docs.python.org/3.8/extending/building.html#building
-
-Fixes:
-
-- selinux python module fails to load when it's built using SWIG-4.0:
-
->>> import selinux
-Traceback (most recent call last):
-  File "<stdin>", line 1, in <module>
-  File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
-    from . import _selinux
-ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
-
-SWIG-4.0 changed (again?) its behavior so that it uses: from . import _selinux
-which looks for _selinux module in the same directory as where __init__.py is -
-$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
-$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
-of _selinux.so").
-
-- audit2why python module fails to build with Python 3.8
-
-cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DOVERRIDE_GETTID=0 -I../include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8  -Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L. -shared -o python-3.8audit2why.so python-3.8audit2why.lo -lselinux -l:libsepol.a  -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
-/usr/bin/ld: python-3.8audit2why.lo: in function `finish':
-/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:166: undefined reference to `PyArg_ParseTuple'
-/usr/bin/ld: python-3.8audit2why.lo: in function `_Py_INCREF':
-/usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct'
-/usr/bin/ld: /usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct'
-/usr/bin/ld: python-3.8audit2why.lo: in function `check_booleans':
-/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:84: undefined reference to `PyExc_RuntimeError'
-...
-
-It's related to the following Python change
-https://docs.python.org/dev/whatsnew/3.8.html#debug-build-uses-the-same-abi-as-release-build
-
-Python distutils adds correct link options automatically.
-
-- selinux python module doesn't provide any Python metadata
-
-When selinux python module was built manually, it didn't provide any metadata.
-distutils takes care about that so that selinux Python module is visible for
-pip:
-
-$ pip3 list | grep selinux
-selinux              2.9
-
-Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
-[Upstream: commit 2efa06857575e4118e91ca250b6b92da68b130d5]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- src/.gitignore |  2 +-
- src/Makefile   | 36 ++++++++----------------------------
- src/setup.py   | 24 ++++++++++++++++++++++++
- 3 files changed, 33 insertions(+), 29 deletions(-)
- create mode 100644 libselinux/src/setup.py
-
-diff --git a/src/.gitignore b/src/.gitignore
-index 4dcc3b3b..428afe5a 100644
---- a/src/.gitignore
-+++ b/src/.gitignore
-@@ -1,4 +1,4 @@
- selinux.py
--selinuxswig_wrap.c
-+selinuxswig_python_wrap.c
- selinuxswig_python_exception.i
- selinuxswig_ruby_wrap.c
-diff --git a/src/Makefile b/src/Makefile
-index e9ed0383..2b1696a0 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -36,7 +36,7 @@ TARGET=libselinux.so
- LIBPC=libselinux.pc
- SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
- SWIGRUBYIF= selinuxswig_ruby.i
--SWIGCOUT= selinuxswig_wrap.c
-+SWIGCOUT= selinuxswig_python_wrap.c
- SWIGPYOUT= selinux.py
- SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
- SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
-@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
-         LDLIBS_LIBSEPOLA := -l:libsepol.a
- endif
- 
--GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
-+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
- SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
- 
- MAX_STACK_SIZE=32768
-@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
- SRCS:= $(filter-out label_backends_android.c, $(SRCS))
- endif
- 
--SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
--
- SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
- 
- all: $(LIBA) $(LIBSO) $(LIBPC)
- 
--pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
-+pywrap: all selinuxswig_python_exception.i
-+	CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
- 
- rubywrap: all $(SWIGRUBYSO)
- 
--$(SWIGLOBJ): $(SWIGCOUT)
--	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
--
- $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
- 	$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
- 
--$(SWIGSO): $(SWIGLOBJ)
--	$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
--
- $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
- 	$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
- 
-@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
- selinuxswig_python_exception.i: ../include/selinux/selinux.h
- 	bash -e exception.sh > $@ || (rm -f $@ ; false)
- 
--$(AUDIT2WHYLOBJ): audit2why.c
--	$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
--
--$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
--	$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
--
- %.o:  %.c policy.h
- 	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
- 
- %.lo:  %.c policy.h
- 	$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
- 
--$(SWIGCOUT): $(SWIGIF)
--	$(SWIG) $<
--
--$(SWIGPYOUT): $(SWIGCOUT)
--
- $(SWIGRUBYCOUT): $(SWIGRUBYIF)
- 	$(SWIGRUBY) $<
- 
--swigify: $(SWIGIF)
--	$(SWIG) $<
--
- install: all 
- 	test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
- 	install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
-@@ -194,10 +173,9 @@ install: all
- 	ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
- 
- install-pywrap: pywrap
--	test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
--	install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
--	install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
-+	$(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
- 	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
-+	ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
- 
- install-rubywrap: rubywrap
- 	test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) 
-@@ -208,6 +186,8 @@ relabel:
- 
- clean-pywrap:
- 	-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
-+	$(PYTHON) setup.py clean
-+	-rm -rf build *~ \#* *pyc .#*
- 
- clean-rubywrap:
- 	-rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
-diff --git a/src/setup.py b/src/setup.py
-new file mode 100644
-index 00000000..4dc03f55
---- /dev/null
-+++ b/src/setup.py
-@@ -0,0 +1,24 @@
-+#!/usr/bin/python3
-+
-+from distutils.core import Extension, setup
-+
-+setup(
-+    name="selinux",
-+    version="2.9",
-+    description="SELinux python 3 bindings",
-+    author="SELinux Project",
-+    author_email="selinux at vger.kernel.org",
-+    ext_modules=[
-+        Extension('selinux._selinux',
-+                  sources=['selinuxswig_python.i'],
-+                  include_dirs=['../include'],
-+                  library_dirs=['.'],
-+                  libraries=['selinux']),
-+        Extension('selinux.audit2why',
-+                  sources=['audit2why.c'],
-+                  include_dirs=['../include'],
-+                  library_dirs=['.'],
-+                  libraries=['selinux'],
-+                  extra_link_args=['-l:libsepol.a', '-Wl,--version-script=audit2why.map'])
-+    ],
-+)
--- 
-2.21.0
-
diff --git a/package/libselinux/0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch b/package/libselinux/0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch
deleted file mode 100644
index 4c568d3386..0000000000
--- a/package/libselinux/0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 4b1568bce5bbdc7bf76a4bbf1066ba7e7b84649f Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Fri, 25 Oct 2019 11:45:04 +0200
-Subject: [PATCH] src/Makefile: don't pass bogus -I and -L to python setup.py
- build_ext
-
-Using $(DESTDIR) during the build does not follow the normal/standard
-semantic of DESTDIR: it is normally only needed during the
-installation. Therefore, a lot of build systems/environments don't
-pass any DESTDIR at build time, which causes setup.py to be called
-with -I /usr/include -L /usr/lib, which breaks cross-compilation.
-
-[Upstream: https://github.com/SELinuxProject/selinux/pull/183]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- src/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index 2b1696a0..3b8bad81 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -130,7 +130,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
- all: $(LIBA) $(LIBSO) $(LIBPC)
- 
- pywrap: all selinuxswig_python_exception.i
--	CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
-+	CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext
- 
- rubywrap: all $(SWIGRUBYSO)
- 
--- 
-2.21.0
-
diff --git a/package/libselinux/libselinux.hash b/package/libselinux/libselinux.hash
index ed61ea8bd2..fe7dec3bcf 100644
--- a/package/libselinux/libselinux.hash
+++ b/package/libselinux/libselinux.hash
@@ -1,5 +1,4 @@
-# From: https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693 libselinux-2.9.tar.gz
-
-# Hash for license file
-sha256 86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364 LICENSE
+# Generated locally as upstream releases in artifact
+# files under a overall YYYYMMDD dated selinux release
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d libselinux-20191204.tar.gz
+sha256 86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364 libselinux/LICENSE
diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index 1461e34539..ce312a6b1c 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -4,15 +4,17 @@
 #
 ################################################################################
 
-LIBSELINUX_VERSION = 2.9
-LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+LIBSELINUX_VERSION = 20191204
+LIBSELINUX_SITE = $(call github,SELinuxProject,selinux,$(LIBSELINUX_VERSION))
 LIBSELINUX_LICENSE = Public Domain
-LIBSELINUX_LICENSE_FILES = LICENSE
+LIBSELINUX_LICENSE_FILES = $(LIBSELINUX_NAME)/LICENSE
 
 LIBSELINUX_DEPENDENCIES = $(BR2_COREUTILS_HOST_DEPENDENCY) libsepol pcre
 
 LIBSELINUX_INSTALL_STAGING = YES
 
+LIBSELINUX_SUBDIR = $(@D)/$(LIBSELINUX_NAME)
+
 # Set SHLIBDIR to /usr/lib so it has the same value than LIBDIR, as a result
 # we won't have to use a relative path in 0002-revert-ln-relative.patch
 LIBSELINUX_MAKE_OPTS = \
@@ -27,18 +29,13 @@ LIBSELINUX_DEPENDENCIES += musl-fts
 LIBSELINUX_MAKE_OPTS += FTS_LDLIBS=-lfts
 endif
 
-ifeq ($(BR2_PACKAGE_PYTHON)$(BR2_PACKAGE_PYTHON3),y)
 ifeq ($(BR2_PACKAGE_PYTHON3),y)
 LIBSELINUX_DEPENDENCIES += python3 host-swig
 LIBSELINUX_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
-else ifeq ($(BR2_PACKAGE_PYTHON),y)
-LIBSELINUX_DEPENDENCIES += python host-swig
-LIBSELINUX_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
-endif
 
 LIBSELINUX_MAKE_OPTS += \
 	$(PKG_PYTHON_DISTUTILS_ENV) \
-	PYTHON=$(LIBSELINUX_PYLIBVER)
+	PYTHON=python$(PYTHON3_VERSION_MAJOR)
 
 LIBSELINUX_MAKE_INSTALL_TARGETS += install-pywrap
 
@@ -49,7 +46,7 @@ define LIBSELINUX_BUILD_PYTHON_BINDINGS
 	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
 		$(LIBSELINUX_MAKE_OPTS) swigify pywrap
 endef
-endif # python || python3
+endif # python3
 
 # Filter out D_FILE_OFFSET_BITS=64. This fixes errors caused by glibc
 # 2.22. We set CFLAGS and LDFLAGS here because we want to win over the
@@ -82,15 +79,7 @@ define LIBSELINUX_INSTALL_TARGET_CMDS
 endef
 
 HOST_LIBSELINUX_DEPENDENCIES = \
-	host-libsepol host-pcre host-swig
-
-ifeq ($(BR2_PACKAGE_PYTHON3),y)
-HOST_LIBSELINUX_DEPENDENCIES += host-python3
-HOST_LIBSELINUX_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
-else
-HOST_LIBSELINUX_DEPENDENCIES += host-python
-HOST_LIBSELINUX_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
-endif
+	host-libsepol host-pcre host-swig host-python3
 
 HOST_LIBSELINUX_MAKE_OPTS = \
 	$(HOST_CONFIGURE_OPTS) \
@@ -98,7 +87,7 @@ HOST_LIBSELINUX_MAKE_OPTS = \
 	SHLIBDIR=$(HOST_DIR)/lib \
 	LDFLAGS="$(HOST_LDFLAGS) -lpcre -lpthread" \
 	$(HOST_PKG_PYTHON_DISTUTILS_ENV) \
-	PYTHON=$(HOST_LIBSELINUX_PYLIBVER)
+	PYTHON=python$(PYTHON3_VERSION_MAJOR)
 
 define HOST_LIBSELINUX_BUILD_CMDS
 	$(HOST_MAKE_ENV) $(MAKE1) -C $(@D) \
-- 
2.17.1

[Buildroot] [PATCH v3 2/8] package/libsemanage: bump version to 3.0

[Matt Weber]

From: Adam Duskett <aduskett@gmail.com>

Other changes:
  - Remove the Python2 check, as 3.0 has removed support for Python2.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 package/libsemanage/libsemanage.hash |  5 +++--
 package/libsemanage/libsemanage.mk   | 20 +++++++-------------
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/package/libsemanage/libsemanage.hash b/package/libsemanage/libsemanage.hash
index 871ed192c4..3090847686 100644
--- a/package/libsemanage/libsemanage.hash
+++ b/package/libsemanage/libsemanage.hash
@@ -1,5 +1,6 @@
 # From: https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 2576349d344492e73b468059767268dec1dabd8c35f3c7222c3ec2448737bc1c libsemanage-2.9.tar.gz
+# Generated locally as upstream releases in artifact
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d libsemanage-20191204.tar.gz
 
 # Hash for license file
-sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 COPYING
+sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 libsemanage/COPYING
diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
index fd90346049..0bd529f876 100644
--- a/package/libsemanage/libsemanage.mk
+++ b/package/libsemanage/libsemanage.mk
@@ -4,13 +4,15 @@
 #
 ################################################################################
 
-LIBSEMANAGE_VERSION = 2.9
-LIBSEMANAGE_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+LIBSEMANAGE_VERSION = $(LIBSELINUX_VERSION)
+LIBSEMANAGE_SITE = $(LIBSELINUX_SITE)
 LIBSEMANAGE_LICENSE = LGPL-2.1+
-LIBSEMANAGE_LICENSE_FILES = COPYING
+LIBSEMANAGE_LICENSE_FILES = $(LIBSEMANAGE_NAME)/COPYING
 LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux bzip2
 LIBSEMANAGE_INSTALL_STAGING = YES
 
+LIBSEMANAGE_SUBDIR = $(@D)/$(LIBSEMANAGE_NAME)
+
 LIBSEMANAGE_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS)
 
 define LIBSEMANAGE_BUILD_CMDS
@@ -31,7 +33,8 @@ HOST_LIBSEMANAGE_DEPENDENCIES = \
 	host-libsepol \
 	host-libselinux \
 	host-bzip2 \
-	host-swig
+	host-swig \
+	host-python3
 
 HOST_LIBSEMANAGE_MAKE_OPTS += \
 	$(HOST_CONFIGURE_OPTS) \
@@ -39,19 +42,10 @@ HOST_LIBSEMANAGE_MAKE_OPTS += \
 	SWIG_LIB="$(HOST_DIR)/share/swig/$(SWIG_VERSION)/" \
 	DEFAULT_SEMANAGE_CONF_LOCATION=$(HOST_DIR)/etc/selinux/semanage.conf
 
-ifeq ($(BR2_PACKAGE_PYTHON3),y)
-HOST_LIBSEMANAGE_DEPENDENCIES += host-python3
 HOST_LIBSEMANAGE_MAKE_OPTS += \
 	PYINC="-I$(HOST_DIR)/include/python$(PYTHON3_VERSION_MAJOR)/" \
 	PYTHONLIBDIR="$(HOST_DIR)/lib/python$(PYTHON3_VERSION_MAJOR)/" \
 	PYLIBVER="python$(PYTHON3_VERSION_MAJOR)"
-else
-HOST_LIBSEMANAGE_DEPENDENCIES += host-python
-HOST_LIBSEMANAGE_MAKE_OPTS += \
-	PYINC="-I$(HOST_DIR)/include/python$(PYTHON_VERSION_MAJOR)/" \
-	PYTHONLIBDIR="$(HOST_DIR)/lib/python$(PYTHON_VERSION_MAJOR)/" \
-	PYLIBVER="python$(PYTHON_VERSION_MAJOR)"
-endif
 
 define HOST_LIBSEMANAGE_BUILD_CMDS
 	$(HOST_MAKE_ENV) $(MAKE) -C $(@D) $(HOST_LIBSEMANAGE_MAKE_OPTS) all
-- 
2.17.1

[Buildroot] [PATCH v3 3/8] package/libsepol: bump version to 3.0

[Matt Weber]

From: Adam Duskett <aduskett@gmail.com>

Other changes:
  - Add policy version 32 as a default version of toolchains build with kernel
    headers 5.5 or later.

  - Add Help text for the above.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 package/libsepol/0001-support-static-only.patch | 6 +++---
 package/libsepol/Config.in                      | 3 ++-
 package/libsepol/libsepol.hash                  | 9 ++++-----
 package/libsepol/libsepol.mk                    | 8 +++++---
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
index b3eb608f7b..f7051ee03e 100644
--- a/package/libsepol/0001-support-static-only.patch
+++ b/package/libsepol/0001-support-static-only.patch
@@ -17,9 +17,9 @@ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
  src/Makefile | 13 ++++++++++---
  1 file changed, 10 insertions(+), 3 deletions(-)
 
-diff -durNw libsepol-2.7.orig/src/Makefile libsepol-2.7/src/Makefile
---- libsepol-2.7.orig/src/Makefile	2018-01-15 21:07:51.285183415 +0100
-+++ libsepol-2.7/src/Makefile	2018-01-15 21:08:56.515182717 +0100
+diff -durNw libsepol-2.7.orig/libsepol/src/Makefile libsepol-2.7/libsepol/src/Makefile
+--- libsepol-2.7.orig/libsepol/src/Makefile	2018-01-15 21:07:51.285183415 +0100
++++ libsepol-2.7/libsepol/src/Makefile	2018-01-15 21:08:56.515182717 +0100
 @@ -39,7 +39,12 @@
  LN=gln
  endif
diff --git a/package/libsepol/Config.in b/package/libsepol/Config.in
index 21d4d7865c..52c12bf290 100644
--- a/package/libsepol/Config.in
+++ b/package/libsepol/Config.in
@@ -11,6 +11,7 @@ if BR2_PACKAGE_LIBSEPOL
 
 config BR2_PACKAGE_LIBSEPOL_POLICY_VERSION
 	int "Policy version"
+	default 32 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_5
 	default 31 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13
 	default 30 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_3
 	default 29 if BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_14
@@ -27,7 +28,7 @@ config BR2_PACKAGE_LIBSEPOL_POLICY_VERSION
 	  > 3.5 <= 3.14    28 (27 and 28 were added@the same time)
 	  > 3.14 <= 4.3    29
 	  > 4.3 <= 4.13    30
-	  > 4.13           31
+	  > 4.13 <= 5.5    31
 
 endif
 
diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
index 83eb63213e..b58cdb5c2a 100644
--- a/package/libsepol/libsepol.hash
+++ b/package/libsepol/libsepol.hash
@@ -1,5 +1,4 @@
-# From: https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 a34b12b038d121e3e459b1cbaca3c9202e983137819c16baf63658390e3f1d5d  libsepol-2.9.tar.gz
-
-# Hash for license file
-sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3  COPYING
+# Generated locally as upstream releases in artifact
+# files under a overall YYYYMMDD dated selinux release
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d libsepol-20191204.tar.gz
+sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 libsepol/COPYING
diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
index 62b0744aa3..6d0ef867d0 100644
--- a/package/libsepol/libsepol.mk
+++ b/package/libsepol/libsepol.mk
@@ -4,15 +4,17 @@
 #
 ################################################################################
 
-LIBSEPOL_VERSION = 2.9
-LIBSEPOL_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+LIBSEPOL_VERSION = $(LIBSELINUX_VERSION)
+LIBSEPOL_SITE = $(LIBSELINUX_SITE)
 LIBSEPOL_LICENSE = LGPL-2.1+
-LIBSEPOL_LICENSE_FILES = COPYING
+LIBSEPOL_LICENSE_FILES = $(LIBSEPOL_NAME)/COPYING
 
 LIBSEPOL_INSTALL_STAGING = YES
 LIBSEPOL_DEPENDENCIES = host-flex
 HOST_LIBSEPOL_DEPENDENCIES = $(BR2_COREUTILS_HOST_DEPENDENCY) host-flex
 
+LIBSEPOL_SUBDIR = $(@D)/$(LIBSEPOL_NAME)
+
 LIBSEPOL_MAKE_FLAGS = $(TARGET_CONFIGURE_OPTS)
 
 ifeq ($(BR2_STATIC_LIBS),y)
-- 
2.17.1

[Buildroot] [PATCH v3 4/8] package/policycoreutils: bump version to 3.0

[Matt Weber]

From: Adam Duskett <aduskett@gmail.com>

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 ...TDIR-to-all-paths-that-use-an-absolute-path.patch |  6 +++---
 .../0002-Add-PREFIX-to-host-paths.patch              | 12 ++++++------
 package/policycoreutils/policycoreutils.hash         |  7 ++++---
 package/policycoreutils/policycoreutils.mk           |  8 +++++---
 4 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
index 57833d8176..71bf020e54 100644
--- a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
+++ b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
@@ -19,10 +19,10 @@ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
  setfiles/Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/setfiles/Makefile b/setfiles/Makefile
+diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
 index c08e2dd..36c0638 100644
---- a/setfiles/Makefile
-+++ b/setfiles/Makefile
+--- a/policycoreutils/setfiles/Makefile
++++ b/policycoreutils/setfiles/Makefile
 @@ -3,7 +3,7 @@ PREFIX ?= $(DESTDIR)/usr
  PREFIX ?= /usr
  SBINDIR ?= /sbin
diff --git a/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch b/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
index ffe5fcbd44..df5b63bd8b 100644
--- a/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
+++ b/package/policycoreutils/0002-Add-PREFIX-to-host-paths.patch
@@ -19,10 +19,10 @@ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
  run_init/Makefile    | 6 +++---
  3 files changed, 7 insertions(+), 7 deletions(-)
 
-diff --git a/newrole/Makefile b/newrole/Makefile
+diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
 index 196af92..896708f 100644
---- a/newrole/Makefile
-+++ b/newrole/Makefile
+--- a/policycoreutils/newrole/Makefile
++++ b/policycoreutils/newrole/Makefile
 @@ -3,9 +3,9 @@ PREFIX ?= $(DESTDIR)/usr
  BINDIR ?= $(PREFIX)/bin
  MANDIR ?= $(PREFIX)/share/man
@@ -35,10 +35,10 @@ index 196af92..896708f 100644
  # Enable capabilities to permit newrole to generate audit records.
  # This will make newrole a setuid root program.
  # The capabilities used are: CAP_AUDIT_WRITE.
-diff --git a/run_init/Makefile b/run_init/Makefile
+diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile
 index 921f0b0..e1566fc 100644
---- a/run_init/Makefile
-+++ b/run_init/Makefile
+--- a/policycoreutils/run_init/Makefile
++++ b/policycoreutils/run_init/Makefile
 @@ -4,9 +4,9 @@ PREFIX ?= $(DESTDIR)/usr
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR ?= $(PREFIX)/share/man
diff --git a/package/policycoreutils/policycoreutils.hash b/package/policycoreutils/policycoreutils.hash
index c601c7818b..ee011faba5 100644
--- a/package/policycoreutils/policycoreutils.hash
+++ b/package/policycoreutils/policycoreutils.hash
@@ -1,3 +1,4 @@
-# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 c53c344f28007b3c0742bd958751e9b5d2385898adeb8aec6281ae57342f0f7b policycoreutils-2.9.tar.gz
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+# Generated locally as upstream releases in artifact
+# files under a overall YYYYMMDD dated selinux release
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d policycoreutils-20191204.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 policycoreutils/COPYING
diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index 6cd5a019c5..029ddd8d1e 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -4,14 +4,16 @@
 #
 ################################################################################
 
-POLICYCOREUTILS_VERSION = 2.9
-POLICYCOREUTILS_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+POLICYCOREUTILS_VERSION = $(LIBSELINUX_VERSION)
+POLICYCOREUTILS_SITE = $(LIBSELINUX_SITE)
 POLICYCOREUTILS_LICENSE = GPL-2.0
-POLICYCOREUTILS_LICENSE_FILES = COPYING
+POLICYCOREUTILS_LICENSE_FILES = policycoreutils/COPYING
 
 POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng $(TARGET_NLS_DEPENDENCIES)
 POLICYCOREUTILS_MAKE_OPTS = LDLIBS=$(TARGET_NLS_LIBS)
 
+POLICYCOREUTILS_SUBDIR = $(@D)/$(POLICYCOREUTILS_NAME)
+
 ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
 POLICYCOREUTILS_DEPENDENCIES += linux-pam
 POLICYCOREUTILS_MAKE_OPTS += NAMESPACE_PRIV=y
-- 
2.17.1

[Buildroot] [PATCH v3 5/8] package/restorecond: bump version to 3.0

[Matt Weber]

From: Adam Duskett <aduskett@gmail.com>

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 package/restorecond/restorecond.hash | 9 ++++-----
 package/restorecond/restorecond.mk   | 8 +++++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/package/restorecond/restorecond.hash b/package/restorecond/restorecond.hash
index 7a82bda370..2ac12ed1ef 100644
--- a/package/restorecond/restorecond.hash
+++ b/package/restorecond/restorecond.hash
@@ -1,5 +1,4 @@
-# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 cbf9820583e641ee0462fa7bc89e6024676af281e025703e17b2d019b1a25a4f restorecond-2.9.tar.gz
-
-# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+# Generated locally as upstream releases in artifact
+# files under a overall YYYYMMDD dated selinux release
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d restorecond-20191204.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 restorecond/COPYING
diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk
index c519b5de2b..dcf6bf8af6 100644
--- a/package/restorecond/restorecond.mk
+++ b/package/restorecond/restorecond.mk
@@ -4,13 +4,15 @@
 #
 ################################################################################
 
-RESTORECOND_VERSION = 2.9
-RESTORECOND_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+RESTORECOND_VERSION = $(LIBSELINUX_VERSION)
+RESTORECOND_SITE = $(LIBSELINUX_SITE)
 RESTORECOND_LICENSE = GPL-2.0
-RESTORECOND_LICENSE_FILES = COPYING
+RESTORECOND_LICENSE_FILES = $(RESTORECOND_NAME)/COPYING
 
 RESTORECOND_DEPENDENCIES = libglib2 libsepol libselinux dbus-glib
 
+RESTORECOND_SUBDIR = $(@D)/$(RESTORECOND_NAME)
+
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support.
 # See https://bugzilla.redhat.com/show_bug.cgi?id=574992 for more information
-- 
2.17.1

[Buildroot] [PATCH v3 6/8] package/semodule-utils: bump version to 3.0

[Matt Weber]

From: Adam Duskett <aduskett@gmail.com>

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 package/semodule-utils/semodule-utils.hash | 9 ++++-----
 package/semodule-utils/semodule-utils.mk   | 8 +++++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/package/semodule-utils/semodule-utils.hash b/package/semodule-utils/semodule-utils.hash
index 386b442618..5f34178a8c 100644
--- a/package/semodule-utils/semodule-utils.hash
+++ b/package/semodule-utils/semodule-utils.hash
@@ -1,5 +1,4 @@
-# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 8083679ee634570f6e9a18632f2c2862b9134fa308b689b2e1952a369ae5d907 semodule-utils-2.9.tar.gz
-
-# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+# Generated locally as upstream releases in artifact
+# files under a overall YYYYMMDD dated selinux release
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d semodule-utils-20191204.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 semodule-utils/COPYING
diff --git a/package/semodule-utils/semodule-utils.mk b/package/semodule-utils/semodule-utils.mk
index 7102dbc5e0..c7d26a2857 100644
--- a/package/semodule-utils/semodule-utils.mk
+++ b/package/semodule-utils/semodule-utils.mk
@@ -4,12 +4,14 @@
 #
 ################################################################################
 
-SEMODULE_UTILS_VERSION = 2.9
-SEMODULE_UTILS_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+SEMODULE_UTILS_VERSION = $(LIBSELINUX_VERSION)
+SEMODULE_UTILS_SITE = $(LIBSELINUX_SITE)
 SEMODULE_UTILS_LICENSE = GPL-2.0
-SEMODULE_UTILS_LICENSE_FILES = COPYING
+SEMODULE_UTILS_LICENSE_FILES = $(SEMODULE_UTILS_NAME)/COPYING
 SEMODULE_UTILS_DEPENDENCIES = libsepol
 
+SEMODULE_UTILS_SUBDIR = $(@D)/$(SEMODULE_UTILS_NAME)
+
 SEMODULE_UTILS_MAKE_OPTS += \
 	$(TARGET_CONFIGURE_OPTS) \
 	LIBSEPOLA=$(STAGING_DIR)/usr/lib/libsepol.a
-- 
2.17.1

[Buildroot] [PATCH v3 7/8] package/checkpolicy: bump version to 3.0

[Matt Weber]

From: Adam Duskett <aduskett@gmail.com>

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 package/checkpolicy/checkpolicy.hash | 9 ++++-----
 package/checkpolicy/checkpolicy.mk   | 8 +++++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/package/checkpolicy/checkpolicy.hash b/package/checkpolicy/checkpolicy.hash
index 9e77b9b027..1d20ad3eca 100644
--- a/package/checkpolicy/checkpolicy.hash
+++ b/package/checkpolicy/checkpolicy.hash
@@ -1,5 +1,4 @@
-# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 a946c32b284532447857e4c48830f8816867c61220c8c08bdd32e6f691335f8e  checkpolicy-2.9.tar.gz
-
-# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994  COPYING
+# Generated locally as upstream releases in artifact
+# files under a overall YYYYMMDD dated selinux release
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d checkpolicy-20191204.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 checkpolicy/COPYING
diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
index 8f1ec72549..a4b31718f7 100644
--- a/package/checkpolicy/checkpolicy.mk
+++ b/package/checkpolicy/checkpolicy.mk
@@ -4,13 +4,15 @@
 #
 ################################################################################
 
-CHECKPOLICY_VERSION = 2.9
-CHECKPOLICY_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+CHECKPOLICY_VERSION = $(LIBSELINUX_VERSION)
+CHECKPOLICY_SITE = $(LIBSELINUX_SITE)
 CHECKPOLICY_LICENSE = GPL-2.0
-CHECKPOLICY_LICENSE_FILES = COPYING
+CHECKPOLICY_LICENSE_FILES = $(CHECKPOLICY_NAME)/COPYING
 
 CHECKPOLICY_DEPENDENCIES = libselinux flex host-flex host-bison
 
+CHECKPOLICY_SUBDIR = $(@D)/$(CHECKPOLICY_NAME)
+
 CHECKPOLICY_MAKE_OPTS = $(TARGET_CONFIGURE_OPTS) \
 	LEX="$(HOST_DIR)/bin/flex" \
 	YACC="$(HOST_DIR)/bin/bison -y"
-- 
2.17.1

[Buildroot] [PATCH v3 8/8] package/selinux-python: bump to version 3.0

[Matt Weber]

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
Changes v2 -> v3
 - Matt switched over the versioning to use dates
---
 package/selinux-python/selinux-python.hash | 9 ++++-----
 package/selinux-python/selinux-python.mk   | 8 +++++---
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/package/selinux-python/selinux-python.hash b/package/selinux-python/selinux-python.hash
index 8cbac37016..0b8873d115 100644
--- a/package/selinux-python/selinux-python.hash
+++ b/package/selinux-python/selinux-python.hash
@@ -1,5 +1,4 @@
-# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 3650b5393b0d1790cac66db00e34f059aa91c23cfe3c2559676594e295d75fde selinux-python-2.9.tar.gz
-
-# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+# Generated locally as upstream releases in artifact
+# files under a overall YYYYMMDD dated selinux release
+sha256 4cc134210d8cca6c410b7b8c91993e10c6d5b077102ed27e6976bb6d9e483f0d selinux-python-20191204.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 python/COPYING
diff --git a/package/selinux-python/selinux-python.mk b/package/selinux-python/selinux-python.mk
index 978bee7c88..9e1d320046 100644
--- a/package/selinux-python/selinux-python.mk
+++ b/package/selinux-python/selinux-python.mk
@@ -4,10 +4,12 @@
 #
 ################################################################################
 
-SELINUX_PYTHON_VERSION = 2.9
-SELINUX_PYTHON_SITE = https://github.com/SELinuxProject/selinux/releases/download/20190315
+SELINUX_PYTHON_VERSION = $(LIBSELINUX_VERSION)
+SELINUX_PYTHON_SITE = $(LIBSELINUX_SITE)
 SELINUX_PYTHON_LICENSE = GPL-2.0
-SELINUX_PYTHON_LICENSE_FILES = COPYING
+SELINUX_PYTHON_LICENSE_FILES = python/COPYING
+
+SELINUX_PYTHON_SUBDIR = $(@D)/$(SELINUX_PYTHON_NAME)
 
 SELINUX_PYTHON_MAKE_OPTS += \
 	$(TARGET_CONFIGURE_OPTS) \
-- 
2.17.1

[Buildroot] [PATCH v3 0/8] Bump of SElinux related libs/tools to 3.0

[Thomas Petazzoni]

On Tue, 14 Apr 2020 10:25:20 -0500
Matt Weber <matthew.weber@rockwellcollins.com> wrote:

>  - Switches to using the date (i.e. 20191204) abased release tagging
>    for better alignment with https://release-monitoring.org/project/01717/
> 
>  - Added selinux-python which was missed in the v2 of this bump by
>    Adam (http://patchwork.ozlabs.org/project/buildroot/list/?series=156673)

I am not sure I like the change to using the single big tarball with
everything included, and then have each individual package build its
own sub-directory. They ship individual tarballs, it seems a lot better
to use that.

Is the only benefit of that change the fact that it will match with
what release monitoring says ?

Even Fedora, who is the original project using release-monitoring uses
the real version numbers for SELinux:

$ rpm -qa | grep libselinux
libselinux-utils-2.9-5.fc31.x86_64
libselinux-2.9-5.fc31.i686
libselinux-devel-2.9-5.fc31.x86_64
libselinux-2.9-5.fc31.x86_64

So to me, it seems like we should instead change the versions reported
by release-monitoring.org instead.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH v3 0/8] Bump of SElinux related libs/tools to 3.0

[Matthew Weber]

Thomas,


On Tue, Apr 14, 2020 at 11:25 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> On Tue, 14 Apr 2020 10:25:20 -0500
> Matt Weber <matthew.weber@rockwellcollins.com> wrote:
>
> >  - Switches to using the date (i.e. 20191204) abased release tagging
> >    for better alignment with https://release-monitoring.org/project/01717/
> >
> >  - Added selinux-python which was missed in the v2 of this bump by
> >    Adam (http://patchwork.ozlabs.org/project/buildroot/list/?series=156673)
>
> I am not sure I like the change to using the single big tarball with
> everything included, and then have each individual package build its
> own sub-directory. They ship individual tarballs, it seems a lot better
> to use that.
>
> Is the only benefit of that change the fact that it will match with
> what release monitoring says ?

Correct.  If we do stay with the x.y instead, I think it still makes
sense to use the $(LIBSELINUX_VERION) across all those packages as the
bumps should always be the same version for those 7 packages.

>
> Even Fedora, who is the original project using release-monitoring uses
> the real version numbers for SELinux:
>
> $ rpm -qa | grep libselinux
> libselinux-utils-2.9-5.fc31.x86_64
> libselinux-2.9-5.fc31.i686
> libselinux-devel-2.9-5.fc31.x86_64
> libselinux-2.9-5.fc31.x86_64
>
> So to me, it seems like we should instead change the versions reported
> by release-monitoring.org instead.

Is there a way to reorder the versions on release monitoring instead?
As it just happens the dates end up at the top of the list
https://release-monitoring.org/project/01717/

Matt

[Buildroot] [PATCH v3 0/8] Bump of SElinux related libs/tools to 3.0

[Thomas Petazzoni]

Hello,

+Yann, Arnout, Adam.

On Tue, 14 Apr 2020 12:20:40 -0500
Matthew Weber <matthew.weber@collins.com> wrote:

> > Is the only benefit of that change the fact that it will match with
> > what release monitoring says ?  
> 
> Correct.  If we do stay with the x.y instead, I think it still makes
> sense to use the $(LIBSELINUX_VERION) across all those packages as the
> bumps should always be the same version for those 7 packages.

I never remember what are the rules to share a package <pkg>_VERSION
variable with other packages. For example for mesa3d/mesa3d-headers, we
do not share the version information, we duplicate it:

# Not possible to directly refer to mesa3d variables, because of
# first/second expansion trickery...
MESA3D_HEADERS_VERSION = 20.0.4

But in protobuf/python-protobuf:

# When bumping this package, make sure to also verify if the
# python-protobuf package still works, as they share the same
# version/site variables.
PROTOBUF_VERSION = 3.11.4

PYTHON_PROTOBUF_VERSION = $(PROTOBUF_VERSION)
PYTHON_PROTOBUF_SOURCE = protobuf-python-$(PYTHON_PROTOBUF_VERSION).tar.gz
PYTHON_PROTOBUF_SITE = $(PROTOBUF_SITE)

Here we share the version number.

Yann, Arnout, could you re-explain this ? :-)

> > So to me, it seems like we should instead change the versions reported
> > by release-monitoring.org instead.  
> 
> Is there a way to reorder the versions on release monitoring instead?
> As it just happens the dates end up at the top of the list
> https://release-monitoring.org/project/01717/

I have filled in a bug report at
https://github.com/fedora-infra/anitya/issues/897 about this. I
*believe* that with the current description of the project, only
semantic versions should be displayed, because a prefix of libselinux-
for the tags is specified. So it should filter the tags that have the
form libselinux-<something>, and extract the <something>. The other
versions that are there might date back from when this was not
specified, and need to be purged.

Overall, I'll mark your series as Changes Requested. I would suggest to
bump to 3.0, without sharing the version for now, so that we can get
the 3.0 version bump merged soon.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH v3 0/8] Bump of SElinux related libs/tools to 3.0

[Arnout Vandecappelle]

On 15/04/2020 07:43, Thomas Petazzoni wrote:
> Hello,
> 
> +Yann, Arnout, Adam.
> 
> On Tue, 14 Apr 2020 12:20:40 -0500
> Matthew Weber <matthew.weber@collins.com> wrote:
> 
>>> Is the only benefit of that change the fact that it will match with
>>> what release monitoring says ?  
>>
>> Correct.  If we do stay with the x.y instead, I think it still makes
>> sense to use the $(LIBSELINUX_VERION) across all those packages as the
>> bumps should always be the same version for those 7 packages.
> 
> I never remember what are the rules to share a package <pkg>_VERSION
> variable with other packages. 

 You can only do that if it's included from a place that guarantees the
ordering, like e.g. for qt5: package/qt5/qt5.mk sets the version and *then*
include's package/qt5/qt5base/qt5base.mk.

 In any other case, it should be duplicated.

> For example for mesa3d/mesa3d-headers, we
> do not share the version information, we duplicate it:
> 
> # Not possible to directly refer to mesa3d variables, because of
> # first/second expansion trickery...
> MESA3D_HEADERS_VERSION = 20.0.4
> 
> But in protobuf/python-protobuf:
> 
> # When bumping this package, make sure to also verify if the
> # python-protobuf package still works, as they share the same
> # version/site variables.
> PROTOBUF_VERSION = 3.11.4
> 
> PYTHON_PROTOBUF_VERSION = $(PROTOBUF_VERSION)

 This *accidentally* works because we sort the included files in the top-level
Makefile and protobuf < python-protobuf. It's a pretty dangerous thing to do though.

> PYTHON_PROTOBUF_SOURCE = protobuf-python-$(PYTHON_PROTOBUF_VERSION).tar.gz
> PYTHON_PROTOBUF_SITE = $(PROTOBUF_SITE)
> 
> Here we share the version number.
> 
> Yann, Arnout, could you re-explain this ? :-)
> 
>>> So to me, it seems like we should instead change the versions reported
>>> by release-monitoring.org instead.  
>>
>> Is there a way to reorder the versions on release monitoring instead?
>> As it just happens the dates end up at the top of the list
>> https://release-monitoring.org/project/01717/
> 
> I have filled in a bug report at
> https://github.com/fedora-infra/anitya/issues/897 about this. I
> *believe* that with the current description of the project, only
> semantic versions should be displayed, because a prefix of libselinux-
> for the tags is specified. So it should filter the tags that have the
> form libselinux-<something>, and extract the <something>. The other
> versions that are there might date back from when this was not
> specified, and need to be purged.
> 
> Overall, I'll mark your series as Changes Requested. I would suggest to
> bump to 3.0, without sharing the version for now, so that we can get
> the 3.0 version bump merged soon.

 Ack, no sharing of versions please.


 Note that I have a vague idea of how we may be able to share versions (+ some
other features). It is currently not possible because the _VERSION is used
(indirectly) in some rules and conditions in the expansion of
inner-generic-package. So my idea was to delay expansion of
inner-generic-package until after all the packages have been included. This
would also make it possible, for instance, to override a package version in a
br2_external, and indeed modify any package variable in the external. And it
would also make it possible to limit the expansion to just what is specified in
PACKAGES, which would speed up the `make` invocation significantly (I estimate a
factor of two).

 Regards,
 Arnout

[Buildroot] [PATCH v3 0/8] Bump of SElinux related libs/tools to 3.0

[Yann E. MORIN]

Arnout, Thomas, All,

On 2020-04-15 09:40 +0200, Arnout Vandecappelle spake thusly:
> On 15/04/2020 07:43, Thomas Petazzoni wrote:
> > On Tue, 14 Apr 2020 12:20:40 -0500
> > I never remember what are the rules to share a package <pkg>_VERSION
> > variable with other packages. 
>  You can only do that if it's included from a place that guarantees the
> ordering, like e.g. for qt5: package/qt5/qt5.mk sets the version and *then*
> include's package/qt5/qt5base/qt5base.mk.
>  In any other case, it should be duplicated.

Yep.

> > For example for mesa3d/mesa3d-headers, we
> > do not share the version information, we duplicate it:
> > 
> > # Not possible to directly refer to mesa3d variables, because of
> > # first/second expansion trickery...
> > MESA3D_HEADERS_VERSION = 20.0.4
> > 
> > But in protobuf/python-protobuf:
> > 
> > # When bumping this package, make sure to also verify if the
> > # python-protobuf package still works, as they share the same
> > # version/site variables.
> > PROTOBUF_VERSION = 3.11.4
> > 
> > PYTHON_PROTOBUF_VERSION = $(PROTOBUF_VERSION)
> 
>  This *accidentally* works because we sort the included files in the top-level
> Makefile and protobuf < python-protobuf. It's a pretty dangerous thing to do though.

Agreed. This should be fixed so that the version is duplicated, like is
done for mesa3d.

[--SNIP--]
> > Overall, I'll mark your series as Changes Requested. I would suggest to
> > bump to 3.0, without sharing the version for now, so that we can get
> > the 3.0 version bump merged soon.
>  Ack, no sharing of versions please.

Agreed.

>  Note that I have a vague idea of how we may be able to share versions (+ some
> other features). It is currently not possible because the _VERSION is used
> (indirectly) in some rules and conditions in the expansion of
> inner-generic-package. So my idea was to delay expansion of
> inner-generic-package until after all the packages have been included. This
> would also make it possible, for instance, to override a package version in a
> br2_external, and indeed modify any package variable in the external. And it
> would also make it possible to limit the expansion to just what is specified in
> PACKAGES, which would speed up the `make` invocation significantly (I estimate a
> factor of two).

When I had implemeted that years ago as a proof-of-concept, the speedup
was not that noticeable in the end. The issue is that you can't easily
just expand enabled packages, because then you'd miss on some variables
that are defined by the target variant, but used by the host variant.
Allowing for that would require carefully choosing what variables get
defined early, and which would get postponed. And typically, for
VERSION, you want it to be evaluated late, so it can be overriden in a
br2-external. And since the hsopt vairant inherits its version from the
taget variant, you still have to evaluate the target variant first.

So basically, no speedup...

But maybe I missed something...

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'