[Buildroot] [PATCH v5 03/24] setools: new package

Clayton Shotwell clayton.shotwell at rockwellcollins.com
Wed May 13 21:39:16 UTC 2015


From: Matt Weber <matthew.weber at rockwellcollins.com>

Signed-off-by: Clayton Shotwell <clayton.shotwell at rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>

---
Changes v4 -> v5:
  - Added dependency on libsepol (Matt W.)
  - Removed limitation of arch it could build for  (Matt W.)
  - Removed depends on GLIBC (Matt W.)
  - Consolidated python configuration (Ryan B.)
  - Removed swig (patch and enabling), it's only needed for
    graphical apol tool (Ryan B.)
  - Added comment to cross compile patch about not upstreaming.
    The package is stable and no updates/reworking since 2013.
    Currently a 4.0 version is in the works but is a major
    build infrastructure rework when compared to 3.3.x. (Ryan B.)
  - Added comments noting why autoreconf and not libtool patch
    (Suggested by Thomas P.)
  - Added comments explaining why python on host but not target
    (Suggested by Thomas P.)
  - Add a dependency on not static libs because libselinux requires not
    static libs. (Clayton S.)
  - Added licene info (Clayton S.)
  - Added depends on C++ (Matt W.)
  - Removed largefile dependency (Clayton S.)

Changes v3 -> v4:
  - No changes

Changes v2 -> v3:
  - Fixed kconfig menu as sepolgen removal removed initial menu
    entry to add to

Changes v1 -> v2:
  - Handle Python 2 vs. Python 3 for the host package.
  - Added hash file
  - Updated download site
---
 package/Config.in                              |   4 +
 package/setools/0001-cross-compile-fixes.patch | 125 +++++++++++++++++++++++++
 package/setools/Config.in                      |  25 +++++
 package/setools/setools.hash                   |   4 +
 package/setools/setools.mk                     |  85 +++++++++++++++++
 5 files changed, 243 insertions(+)
 create mode 100644 package/setools/0001-cross-compile-fixes.patch
 create mode 100644 package/setools/Config.in
 create mode 100644 package/setools/setools.hash
 create mode 100644 package/setools/setools.mk

diff --git a/package/Config.in b/package/Config.in
index af4d2b7..60d63c5 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1337,6 +1337,10 @@ menu "Real-Time"
 	source "package/xenomai/Config.in"
 endmenu
 
+menu "Security"
+	source "package/setools/Config.in"
+endmenu
+
 menu "Shell and utilities"
 comment "Shells"
 if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
diff --git a/package/setools/0001-cross-compile-fixes.patch b/package/setools/0001-cross-compile-fixes.patch
new file mode 100644
index 0000000..1a4af0c
--- /dev/null
+++ b/package/setools/0001-cross-compile-fixes.patch
@@ -0,0 +1,125 @@
+Correct build issues to enable cross compiling.  These changes require the
+package to be auto reconfigured.
+
+These updates were not upsteamed as the 3.3.x version has stablized and they
+were only taking bug fixes.  Also the 4.0 preview has completely reworked
+the build infrastructure which will require this to be revisited.
+
+Signed-off-by Clayton Shotwell <clshotwe at rockwellcollins.com>
+
+diff -urN a/configure.ac b/configure.ac
+--- a/configure.ac	2013-01-16 10:36:24.000000000 -0600
++++ b/configure.ac	2013-07-12 08:22:10.380255248 -0500
+@@ -448,8 +448,9 @@
+               sepol_srcdir="")
+ if test "x${sepol_srcdir}" = "x"; then
+    sepol_srcdir=${sepol_devel_libdir}
+-   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
+-      AC_MSG_ERROR([make sure libsepol-static is installed]))
++   if test ! -f ${sepol_srcdir}/libsepol.a; then
++      AC_MSG_ERROR([could not find precompiled libsepol.a])
++   fi
+ else
+    AC_MSG_CHECKING([for compatible sepol source tree])
+    sepol_version=${sepol_srcdir}/VERSION
+@@ -484,8 +485,9 @@
+    AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
+    CFLAGS="${sepol_src_save_CFLAGS}"
+    CPPFLAGS="${sepol_src_save_CPPFLAGS}"
+-   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
+-      AC_MSG_ERROR([could not find precompiled libsepol.a]))
++   if test ! -f ${sepol_srcdir}/libsepol.a; then
++      AC_MSG_ERROR([could not find precompiled libsepol.a])
++   fi
+    sepol_devel_incdir="${sepol_srcdir}/../include"
+ fi
+ SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
+@@ -578,12 +580,13 @@
+                          [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+-  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
++  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
+ }])],
+                          AC_MSG_RESULT([yes]),
+                          AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
+     fi
+     sepol_new_expand_boolmap="yes"
++    sepol_new_user_role_mapping="yes"
+ else
+     sepol_new_expand_boolmap="no"
+ fi
+@@ -607,7 +610,8 @@
+     exit(EXIT_FAILURE);
+ }])],
+     sepol_policy_version_max=`cat conftest.data`,
+-    AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
++    AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
++    sepol_policy_version_max="26")
+ AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
+ CFLAGS="${sepol_save_CFLAGS}"
+ CPPFLAGS="${sepol_save_CPPFLAGS}"
+@@ -631,7 +635,7 @@
+     changequote([,])dnl
+     selinux_save_CFLAGS="${CFLAGS}"
+     CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
+-    gcc ${CFLAGS} -o conftest conftest.c >&5
++    ${CC} ${CFLAGS} -o conftest conftest.c >&5
+     selinux_policy_dir=`./conftest`
+     AC_MSG_RESULT(${selinux_policy_dir})
+     CFLAGS="${selinux_save_CFLAGS}"
+diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
+--- a/libqpol/src/policy_define.c	2013-01-16 10:36:24.000000000 -0600
++++ b/libqpol/src/policy_define.c	2013-07-12 08:22:10.380255248 -0500
+@@ -2135,7 +2135,7 @@
+ #ifdef HAVE_SEPOL_ROLE_ATTRS
+ 	if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
+ #elif HAVE_SEPOL_USER_ROLE_MAPPING
+-	if (role_set_expand(&roles, &e_roles, policydbp, NULL))
++	if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
+ #else
+ 	if (role_set_expand(&roles, &e_roles, policydbp))
+ #endif
+diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
+--- a/m4/ac_python_devel.m4	2013-01-16 10:36:22.000000000 -0600
++++ b/m4/ac_python_devel.m4	2013-07-12 08:22:10.380255248 -0500
+@@ -234,7 +234,7 @@
+ 	AC_MSG_CHECKING([consistency of all components of python development environment])
+ 	AC_LANG_PUSH([C])
+ 	# save current global flags
+-	LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
++	LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
+ 	CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
+ 	AC_TRY_LINK([
+ 		#include <Python.h>
+diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
+--- a/python/setools/Makefile.am	2013-01-16 10:36:22.000000000 -0600
++++ b/python/setools/Makefile.am	2013-07-12 08:22:19.200251011 -0500
+@@ -22,13 +22,13 @@
+ python-build: sesearch.c seinfo.c
+ 	@mkdir -p setools
+ 	@cp __init__.py setools
+-	LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
++	LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
+ 
+ install-exec-hook:
+-	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
+ 
+ uninstall-hook: 
+-	$(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++	$(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
+ 
+ clean-local:
+ 	$(PYTHON) setup.py clean -a 
+--- a/python/setools/setup.py	2013-01-16 10:36:22.000000000 -0600
++++ b/python/setools/setup.py	2013-09-04 09:17:48.452916991 -0500
+@@ -8,7 +8,7 @@
+ try:
+     inc=os.getenv("INCLUDES").split(" ")    
+     INCLUDES=map(lambda x: x[2:], inc)
+-    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
++    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
+ except:
+     INCLUDES=""
+     LIBDIRS=""
diff --git a/package/setools/Config.in b/package/setools/Config.in
new file mode 100644
index 0000000..43b4b27
--- /dev/null
+++ b/package/setools/Config.in
@@ -0,0 +1,25 @@
+config BR2_PACKAGE_SETOOLS
+	bool "setools"
+	select BR2_PACKAGE_LIBSELINUX
+	select BR2_PACKAGE_SQLITE
+	select BR2_PACKAGE_LIBXML2
+	select BR2_PACKAGE_BZIP2
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_STATIC_LIBS
+	depends on BR2_INSTALL_LIBSTDCPP
+	help
+	  SETools is an open source project designed to facilitate
+	  SELinux policy analysis. The primary tools are:
+	   * apol - analyze a SELinux policy.
+	   * seaudit - analyze audit messages from SELinux.
+	   * seaudit-report - generate highly-customized audit log
+	     reports.
+	   * sechecker - command line tool for performing modular
+	     checks on an SELinux policy.
+	   * sediff - semantic policy difference tool for SELinux.
+	   * secmds - command-line tools to analyze and search SELinux
+             policy.
+
+comment "setools needs a toolchain w/ threads, c++, dynamic library"
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
+		|| !BR2_INSTALL_LIBSTDCPP
diff --git a/package/setools/setools.hash b/package/setools/setools.hash
new file mode 100644
index 0000000..3fac21d
--- /dev/null
+++ b/package/setools/setools.hash
@@ -0,0 +1,4 @@
+# From https://github.com/TresysTechnology/setools3/wiki/Download
+md5	d68d0d4e4da0f01da0f208782ff04b91	setools-3.3.8.tar.bz2
+#Locally computed
+sha256	44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999	setools-3.3.8.tar.bz2
diff --git a/package/setools/setools.mk b/package/setools/setools.mk
new file mode 100644
index 0000000..bd4de5f
--- /dev/null
+++ b/package/setools/setools.mk
@@ -0,0 +1,85 @@
+################################################################################
+#
+# setools
+#
+################################################################################
+
+SETOOLS_VERSION = 3.3.8
+SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
+SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)/
+SETOOLS_DEPENDENCIES = libselinux sqlite libxml2 bzip2
+SETOOLS_INSTALL_STAGING = YES
+SETOOLS_LICENSE = GPLv2+ LGPLv2.1+
+SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
+
+# Generate the configuration script
+SETOOLS_AUTORECONF = YES
+SETOOLS_AUTORECONF_OPTS = -i -s
+# Prevent patching since autoreconf sets ltmain.sh as a symlink to
+# to host/usr/share/libtool/build-aux/ltmain.sh
+SETOOLS_LIBTOOL_PATCH = NO
+
+# Notes: Need "disable-selinux-check" so the configure does not check to see
+#        if host has selinux enabled.
+#        No python support as only the libraries and commandline tools are
+#        installed on target
+SETOOLS_CONF_OPTS = \
+	--disable-debug \
+	--disable-gui \
+	--disable-bwidget-check \
+	--disable-selinux-check \
+	--disable-swig-java \
+	--disable-swig-python \
+	--disable-swig-tcl \
+	--with-sepol-devel="$(STAGING_DIR)/usr" \
+	--with-selinux-devel="$(STAGING_DIR)/usr"
+
+HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
+	host-libxml2 host-bzip2
+
+# Generate the configuration script
+HOST_SETOOLS_AUTORECONF = YES
+HOST_SETOOLS_AUTORECONF_OPTS = -i -s
+
+# Notes: Need "disable-selinux-check" so the configure does not check to see
+#        if host has selinux enabled.
+#        Host builds with python support to enable tools for offline target
+#        policy analysis
+HOST_SETOOLS_CONF_OPTS = \
+	--disable-debug \
+	--disable-gui \
+	--disable-bwidget-check \
+	--disable-selinux-check \
+	--disable-swig-java \
+	--disable-swig-python \
+	--disable-swig-tcl \
+	--with-sepol-devel="$(HOST_DIR)/usr" \
+	--with-selinux-devel="$(HOST_DIR)/usr" \
+	PYTHON_LDFLAGS="-L$(HOST_DIR)/usr/lib/"
+
+HOST_SETOOLS_CONF_ENV += \
+	am_cv_pathless_PYTHON=python \
+	ac_cv_path_PYTHON=$(HOST_DIR)/usr/bin/python \
+	am_cv_python_platform=linux2
+
+ifeq ($(BR2_PACKAGE_PYTHON3),y)
+HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
+HOST_SETOOLS_DEPENDENCIES += host-python3
+HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
+else
+HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
+HOST_SETOOLS_DEPENDENCIES += host-python
+HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
+endif
+
+HOST_SETOOLS_CONF_ENV += \
+	am_cv_python_pythondir=$(HOST_DIR)/usr/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages \
+	am_cv_python_pyexecdir=$(HOST_DIR)/usr/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages \
+	am_cv_python_includes=-I$(HOST_DIR)/usr/include/python$(HOST_SETOOLS_PYTHON_VERSION)
+HOST_SETOOLS_CONF_OPTS += \
+	PYTHON_CPPFLAGS="-I$(HOST_DIR)/usr/include/python$(HOST_SETOOLS_PYTHON_VERSION)" \
+	PYTHON_SITE_PKG="$(HOST_DIR)/usr/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages" \
+	PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil -lpython$(HOST_SETOOLS_PYTHON_VERSION)"
+
+$(eval $(autotools-package))
+$(eval $(host-autotools-package))
-- 
1.9.1



More information about the buildroot mailing list