[Buildroot] [PATCH v4 3/5] libsepol: bump to 2.7, setools: bump to 4.1.1
Matthew Weber
matthew.weber at rockwellcollins.com
Fri Oct 13 03:14:47 UTC 2017
Adam,
On Thu, Oct 12, 2017 at 9:36 PM, Adam Duskett <aduskett at gmail.com> wrote:
> The reason for combining these patches is because the old version of
> setools is not compatible iwth libsepol 2.7. If a user where to do a
> git pull on a patch that only updates libsepol or setools, the build
> would fail to compile.
>
> setools has been completely rewritten in python instead of C.
>
> The current version of setools includes a few programs that require
> python-qt5 or python-networkx to run, however the package does not
> check to see if these exist when compiling, and will install the scripts
> to the target directory even if they don't exist.
>
> In the case of python-networkx, this package is not available on Buildroot.
> The scripts that require them are: sedta and seinfoflow.
> In the case of python-qt5, qpol is the script that requires it.
>
> Some setools.mk notes to get the package to compile:
>
> - Convert the package .mk to use python-package instead of autotools-package.
>
> - Remove host variant of setools as it is no longer a dependency for
> policycoreutils.
>
> - setup.py hard codes base_lib_dirs to point to several host directories.
> To fix this, sed is used before compiling to point the base_lib_dirs to
> the staging directory.
>
> - setup.py also includes the "Werror" flag, however compilers before gcc6
> cause a few autogenerated variables to not be initialized before use,
> causing the build to fail.
> To fix this, sed is used before compiling to remove the Werror flag.
>
> - Remove sedta and seinfoflow from the target system after install. These
> packages rely on the package python-networkx which is not available in
> buildroot.
>
> - Remove the installed apol package and the setoolsgui directory from the
> target directory if python-qt5 is not selected.
>
> Other changes:
> - Removed all patches, as they are not compatible with the new version of
> setools.
>
> - Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
>
> Signed-off-by: Adam Duskett <Adamduskett at outlook.com>
> ---
> Changes v1 -> v2:
> - None
>
> Changes v2 -> v3:
> - Added setools update to this patch due to build failures. (Matthew Weber)
>
> Changes v3 -> v4:
> - Change commit message to read:
> "Convert the package .mk to use python-package instead of
> autotools-package." (Thomas)
> - Added comment explaining that setools is no longer a dependency for
> policycoreutils. (Thomas)
> - Add "depends on BR2_USE_MMU" to setools Config.in (Thomas)
> - Add "(requires python-qt5)" to apol line in setools Config.in (Thomas)
> - Fix setools comment. (Thomas)
> - Add prefix to variables in setools.mk (Thomas)
> - Add remove-werror-flag-from-setup.patch patch. (Thomas)
> - enclose SETOOLS_REMOVE_QT_SCRIPTS in "ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)"
>
> package/libsepol/0001-support-static-only.patch | 32 +++---
> package/libsepol/0003-revert-ln-relative.patch | 18 ++-
> package/libsepol/libsepol.hash | 4 +-
> package/libsepol/libsepol.mk | 4 +-
> package/setools/0001-cross-compile-fixes.patch | 125 ---------------------
> .../0001-remove-werror-flag-from-setup.patch | 29 +++++
> package/setools/0002-move-python-check.patch | 25 -----
> ...s-Update-for-2015-02-02-Userspace-release.patch | 90 ---------------
> package/setools/Config.in | 35 ++----
> package/setools/setools.hash | 7 +-
> package/setools/setools.mk | 101 ++++++-----------
> 11 files changed, 115 insertions(+), 355 deletions(-)
> delete mode 100644 package/setools/0001-cross-compile-fixes.patch
> create mode 100644 package/setools/0001-remove-werror-flag-from-setup.patch
> delete mode 100644 package/setools/0002-move-python-check.patch
> delete mode 100644 package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
>
> diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
> index 3e6d555e96..185a5641de 100644
> --- a/package/libsepol/0001-support-static-only.patch
> +++ b/package/libsepol/0001-support-static-only.patch
> @@ -1,4 +1,7 @@
> -Add support for static-only build
> +From 2140db697c7f1da2a0a3f7bbcb14c1a0dade84e5 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett at outlook.com>
> +Date: Mon, 9 Oct 2017 16:28:12 -0400
> +Subject: [PATCH] Add support for static-only build
>
> Instead of unconditionally building shared libraries, this patch
> improves the libsepol build system with a "STATIC" variable, which
> @@ -7,30 +10,30 @@ libraries. It allows to support cases where the target architecture
> does not have support for shared libraries.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
> -Signed-off-by: Adam Duskett <Aduskett at gmail.com>
> -
> -Index: b/src/Makefile
> -===================================================================
> +Signed-off-by: Adam Duskett <Adamduskett at outlook.com>
> +---
> + src/Makefile | 13 ++++++++++---
> + 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/src/Makefile b/src/Makefile
> -index db6c2ba..0006285 100644
> +index 819d261..040921d 100644
> --- a/src/Makefile
> +++ b/src/Makefile
> -@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
> - override CFLAGS += -I$(CILDIR)/include
> +@@ -40,7 +40,12 @@ LDFLAGS += -undefined dynamic_lookup
> + LN=gln
> endif
>
> +-all: $(LIBA) $(LIBSO) $(LIBPC)
> +ALL_TARGETS = $(LIBA) $(LIBPC)
> +ifeq ($(STATIC),)
> +ALL_TARGETS += $(LIBSO)
> +endif
> -
> --all: $(LIBA) $(LIBSO) $(LIBPC)
> ++
> +all: $(ALL_TARGETS)
>
> -
> +
> $(LIBA): $(OBJS)
> -@@ -66,11 +70,13 @@
> +@@ -82,11 +87,13 @@ endif
> install: all
> test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
> install -m 644 $(LIBA) $(LIBDIR)
> @@ -41,8 +44,11 @@ index db6c2ba..0006285 100644
> +ifeq ($(STATIC),)
> + test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> + install -m 755 $(LIBSO) $(SHLIBDIR)
> - ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> + $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> +endif
>
> relabel:
> /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> +--
> +2.13.6
> +
> diff --git a/package/libsepol/0003-revert-ln-relative.patch b/package/libsepol/0003-revert-ln-relative.patch
> index 0902d8d40e..488a9abea0 100644
> --- a/package/libsepol/0003-revert-ln-relative.patch
> +++ b/package/libsepol/0003-revert-ln-relative.patch
> @@ -1,4 +1,7 @@
> -Makefile: revert libsepol: use ln --relative to create .so symlinks
> +From 16b2b0e21e10727065042a1baabd1a887757c65c Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett at outlook.com>
> +Date: Mon, 9 Oct 2017 16:29:36 -0400
> +Subject: [PATCH] Makefile: revert libsepol: use ln --relative to create .so symlinks
>
> This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998
>
> @@ -9,16 +12,23 @@ they are maintained (up to 10 years in some cases?).
> For the sake of Buildroot, revert the upstream patch.
>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
> +---
> + src/Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff -durN a/src/Makefile b/src/Makefile
> +diff --git a/src/Makefile b/src/Makefile
> +index 040921d..e811c9e 100644
> --- a/src/Makefile
> +++ b/src/Makefile
> -@@ -77,7 +77,7 @@
> +@@ -92,7 +92,7 @@ install: all
> ifeq ($(STATIC),)
> test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
> install -m 755 $(LIBSO) $(SHLIBDIR)
> -- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> +- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> + cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
> endif
>
> relabel:
> +--
> +2.13.6
> +
> diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
> index 6c705067a2..08e2bf97a4 100644
> --- a/package/libsepol/libsepol.hash
> +++ b/package/libsepol/libsepol.hash
> @@ -1,2 +1,2 @@
> -# From https://github.com/SELinuxProject/selinux/wiki/Releases
> -sha256 d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874 libsepol-2.6.tar.gz
> +# From: https://github.com/SELinuxProject/selinux/wiki/Releases
> +sha256 d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7 libsepol-2.7.tar.gz
> diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
> index 21ca419c74..c54c3bfc42 100644
> --- a/package/libsepol/libsepol.mk
> +++ b/package/libsepol/libsepol.mk
> @@ -4,8 +4,8 @@
> #
> ################################################################################
>
> -LIBSEPOL_VERSION = 2.6
> -LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
> +LIBSEPOL_VERSION = 2.7
> +LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
> LIBSEPOL_LICENSE = LGPL-2.1+
> LIBSEPOL_LICENSE_FILES = COPYING
>
> diff --git a/package/setools/0001-cross-compile-fixes.patch b/package/setools/0001-cross-compile-fixes.patch
> deleted file mode 100644
> index 1a4af0ce31..0000000000
> --- a/package/setools/0001-cross-compile-fixes.patch
> +++ /dev/null
> @@ -1,125 +0,0 @@
> -Correct build issues to enable cross compiling. These changes require the
> -package to be auto reconfigured.
> -
> -These updates were not upsteamed as the 3.3.x version has stablized and they
> -were only taking bug fixes. Also the 4.0 preview has completely reworked
> -the build infrastructure which will require this to be revisited.
> -
> -Signed-off-by Clayton Shotwell <clshotwe at rockwellcollins.com>
> -
> -diff -urN a/configure.ac b/configure.ac
> ---- a/configure.ac 2013-01-16 10:36:24.000000000 -0600
> -+++ b/configure.ac 2013-07-12 08:22:10.380255248 -0500
> -@@ -448,8 +448,9 @@
> - sepol_srcdir="")
> - if test "x${sepol_srcdir}" = "x"; then
> - sepol_srcdir=${sepol_devel_libdir}
> -- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
> -- AC_MSG_ERROR([make sure libsepol-static is installed]))
> -+ if test ! -f ${sepol_srcdir}/libsepol.a; then
> -+ AC_MSG_ERROR([could not find precompiled libsepol.a])
> -+ fi
> - else
> - AC_MSG_CHECKING([for compatible sepol source tree])
> - sepol_version=${sepol_srcdir}/VERSION
> -@@ -484,8 +485,9 @@
> - AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
> - CFLAGS="${sepol_src_save_CFLAGS}"
> - CPPFLAGS="${sepol_src_save_CPPFLAGS}"
> -- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
> -- AC_MSG_ERROR([could not find precompiled libsepol.a]))
> -+ if test ! -f ${sepol_srcdir}/libsepol.a; then
> -+ AC_MSG_ERROR([could not find precompiled libsepol.a])
> -+ fi
> - sepol_devel_incdir="${sepol_srcdir}/../include"
> - fi
> - SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
> -@@ -578,12 +580,13 @@
> - [AC_LANG_SOURCE([
> - #include <sepol/policydb/expand.h>
> - int main () {
> -- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
> -+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
> - }])],
> - AC_MSG_RESULT([yes]),
> - AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
> - fi
> - sepol_new_expand_boolmap="yes"
> -+ sepol_new_user_role_mapping="yes"
> - else
> - sepol_new_expand_boolmap="no"
> - fi
> -@@ -607,7 +610,8 @@
> - exit(EXIT_FAILURE);
> - }])],
> - sepol_policy_version_max=`cat conftest.data`,
> -- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
> -+ AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
> -+ sepol_policy_version_max="26")
> - AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
> - CFLAGS="${sepol_save_CFLAGS}"
> - CPPFLAGS="${sepol_save_CPPFLAGS}"
> -@@ -631,7 +635,7 @@
> - changequote([,])dnl
> - selinux_save_CFLAGS="${CFLAGS}"
> - CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
> -- gcc ${CFLAGS} -o conftest conftest.c >&5
> -+ ${CC} ${CFLAGS} -o conftest conftest.c >&5
> - selinux_policy_dir=`./conftest`
> - AC_MSG_RESULT(${selinux_policy_dir})
> - CFLAGS="${selinux_save_CFLAGS}"
> -diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
> ---- a/libqpol/src/policy_define.c 2013-01-16 10:36:24.000000000 -0600
> -+++ b/libqpol/src/policy_define.c 2013-07-12 08:22:10.380255248 -0500
> -@@ -2135,7 +2135,7 @@
> - #ifdef HAVE_SEPOL_ROLE_ATTRS
> - if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
> - #elif HAVE_SEPOL_USER_ROLE_MAPPING
> -- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
> -+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
> - #else
> - if (role_set_expand(&roles, &e_roles, policydbp))
> - #endif
> -diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
> ---- a/m4/ac_python_devel.m4 2013-01-16 10:36:22.000000000 -0600
> -+++ b/m4/ac_python_devel.m4 2013-07-12 08:22:10.380255248 -0500
> -@@ -234,7 +234,7 @@
> - AC_MSG_CHECKING([consistency of all components of python development environment])
> - AC_LANG_PUSH([C])
> - # save current global flags
> -- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
> -+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
> - CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
> - AC_TRY_LINK([
> - #include <Python.h>
> -diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
> ---- a/python/setools/Makefile.am 2013-01-16 10:36:22.000000000 -0600
> -+++ b/python/setools/Makefile.am 2013-07-12 08:22:19.200251011 -0500
> -@@ -22,13 +22,13 @@
> - python-build: sesearch.c seinfo.c
> - @mkdir -p setools
> - @cp __init__.py setools
> -- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
> -+ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
> -
> - install-exec-hook:
> -- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
> -+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
> -
> - uninstall-hook:
> -- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
> -+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
> -
> - clean-local:
> - $(PYTHON) setup.py clean -a
> ---- a/python/setools/setup.py 2013-01-16 10:36:22.000000000 -0600
> -+++ b/python/setools/setup.py 2013-09-04 09:17:48.452916991 -0500
> -@@ -8,7 +8,7 @@
> - try:
> - inc=os.getenv("INCLUDES").split(" ")
> - INCLUDES=map(lambda x: x[2:], inc)
> -- LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
> -+ LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
> - except:
> - INCLUDES=""
> - LIBDIRS=""
> diff --git a/package/setools/0001-remove-werror-flag-from-setup.patch b/package/setools/0001-remove-werror-flag-from-setup.patch
> new file mode 100644
> index 0000000000..b1446e2ec3
> --- /dev/null
> +++ b/package/setools/0001-remove-werror-flag-from-setup.patch
> @@ -0,0 +1,29 @@
> +From b2fe84bfd00117d4897f1f2e8f83d3410eb188b8 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett at outlook.com>
> +Date: Thu, 12 Oct 2017 22:04:58 -0400
> +Subject: [PATCH] remove werror flag from setup
> +
> +Compilers older than gcc6 will generate uninitialized variable warnings which
> +will cause compiling to fail.
> +
> +Signed-off-by: Adam Duskett <Adamduskett at outlook.com>
> +---
> + setup.py | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/setup.py b/setup.py
> +index 2ca44c9..9319bf6 100644
> +--- a/setup.py
> ++++ b/setup.py
> +@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
> + 'libqpol/policy_scan.c',
> + 'libqpol/xen_query.c'],
> + include_dirs=include_dirs,
> +- extra_compile_args=['-Werror', '-Wextra',
> ++ extra_compile_args=['-Wextra',
> + '-Waggregate-return',
> + '-Wfloat-equal',
> + '-Wformat', '-Wformat=2',
> +--
> +2.13.6
> +
> diff --git a/package/setools/0002-move-python-check.patch b/package/setools/0002-move-python-check.patch
> deleted file mode 100644
> index cef2cec996..0000000000
> --- a/package/setools/0002-move-python-check.patch
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -Correct a build issue that occurs when python is not found
> -in the path. This check should only be done if swig-python
> -option is selected.
> -
> -Signed-off-by Clayton Shotwell <clshotwe at rockwellcollins.com>
> -
> ---- a/configure.ac 2015-05-15 12:28:07.566060349 -0500
> -+++ b/configure.ac 2015-05-28 15:07:25.357072800 -0500
> -@@ -217,8 +217,6 @@
> - do_swigify=yes
> - fi
> -
> --AM_PATH_PYTHON(2.7)
> --
> - AC_ARG_ENABLE(swig-python,
> - AC_HELP_STRING([--enable-swig-python],
> - [build SWIG interfaces for Python]),
> -@@ -227,6 +225,7 @@
> - if test ${do_swigify} = no; then
> - AC_PROG_SWIG(2.0.0)
> - fi
> -+ AM_PATH_PYTHON(2.7)
> - SWIG_PYTHON
> - do_swigify_python=yes
> - do_swigify=yes
> diff --git a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch b/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
> deleted file mode 100644
> index b0842d961a..0000000000
> --- a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
> +++ /dev/null
> @@ -1,90 +0,0 @@
> -setools: Add patch to support 2.4 toolstack.
> -Signed-off-by: Philip Tricca <flihp at twobit.us>
> -Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
> -URL: https://github.com/flihp/meta-selinux/commit/e09eaef7a9acb552a4a5e1f90117154ae06b6fda
> -
> -Signed-off-by: Adam Duskett <Aduskett at gmail.com>
> -
> -diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
> -index fad6b60..231962f 100644
> ---- a/libqpol/src/policy_define.c
> -+++ b/libqpol/src/policy_define.c
> -@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
> - return -1;
> - }
> - class_perm_node_init(perm);
> -- perm->class = i + 1;
> -+ perm->tclass = i + 1;
> - perm->data = datum->s.value;
> - perm->next = avrule->perms;
> - avrule->perms = perm;
> -@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
> - goto out;
> - }
> - class_perm_node_init(cur_perms);
> -- cur_perms->class = i + 1;
> -+ cur_perms->tclass = i + 1;
> - if (!perms)
> - perms = cur_perms;
> - if (tail)
> -diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
> -index 5325a87..1417271 100644
> ---- a/libqpol/src/policy_extend.c
> -+++ b/libqpol/src/policy_extend.c
> -@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> - for (class_node = rule->perms; class_node; class_node = class_node->next) {
> - key.rule_type = rule->specified;
> - key.source_val = key.target_val = i + 1;
> -- key.class_val = class_node->class;
> -+ key.class_val = class_node->tclass;
> - key.cond = cond;
> - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> - goto err;
> -@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> - key.rule_type = rule->specified;
> - key.source_val = i + 1;
> - key.target_val = j + 1;
> -- key.class_val = class_node->class;
> -+ key.class_val = class_node->tclass;
> - key.cond = cond;
> - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> - goto err;
> -diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
> -index 3e63204..d7578f1 100644
> ---- a/libqpol/src/syn_rule_query.c
> -+++ b/libqpol/src/syn_rule_query.c
> -@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
> - return NULL;
> - }
> -
> -- return db->class_val_to_struct[srcs->cur->class - 1];
> -+ return db->class_val_to_struct[srcs->cur->tclass - 1];
> - }
> -
> - static int syn_rule_class_state_next(qpol_iterator_t * iter)
> -@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
> - }
> -
> - for (node = internal_rule->perms; node; node = node->next) {
> -- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
> -+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
> - if (!(node->data & (1 << i)))
> - continue;
> -- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
> -+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
> - if (tmp) {
> - tmp++; /* remove prepended space */
> - for (cur = 0; cur < perm_list_sz; cur++)
> -diff --git a/secmds/replcon.cc b/secmds/replcon.cc
> -index 34f7c1a..307c39f 100644
> ---- a/secmds/replcon.cc
> -+++ b/secmds/replcon.cc
> -@@ -60,7 +60,7 @@ static struct option const longopts[] = {
> - {NULL, 0, NULL, 0}
> - };
> -
> --extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
> -+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
> -
> - /**
> - * As that setools must work with older libselinux versions that may
> diff --git a/package/setools/Config.in b/package/setools/Config.in
> index d7b119ffc6..193a7fb03e 100644
> --- a/package/setools/Config.in
> +++ b/package/setools/Config.in
> @@ -1,36 +1,25 @@
> config BR2_PACKAGE_SETOOLS
> bool "setools"
> - depends on BR2_TOOLCHAIN_HAS_THREADS
> + depends on !BR2_arc # arc: libselinux not available
> depends on !BR2_STATIC_LIBS
> - depends on BR2_INSTALL_LIBSTDCPP
> + depends on BR2_TOOLCHAIN_HAS_THREADS
> depends on BR2_USE_WCHAR
> depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
> - # bfin: infamous _ symbol prefix issue
> - # nios2: triggers some toolchain issue "No symbol version
> - # section for versioned symbol"
> - # arc: libselinux not available
> - depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
> + depends on BR2_USE_MMU
> + select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
> select BR2_PACKAGE_LIBSELINUX
> - select BR2_PACKAGE_SQLITE
> - select BR2_PACKAGE_LIBXML2
> - select BR2_PACKAGE_BZIP2
> help
> SETools is an open source project designed to facilitate
> SELinux policy analysis. The primary tools are:
> - * apol - analyze a SELinux policy.
> - * seaudit - analyze audit messages from SELinux.
> - * seaudit-report - generate highly-customized audit log
> - reports.
> - * sechecker - command line tool for performing modular
> - checks on an SELinux policy.
> + * apol - analyze a SELinux policy. (requires python-qt5)
> * sediff - semantic policy difference tool for SELinux.
> - * secmds - command-line tools to analyze and search SELinux
> - policy.
> + * sedta - Perform domain transition analyses
> + * sesearch - Search rules (allow, type_transition, etc.)
>
> - https://github.com/TresysTechnology/setools3/wiki
> + https://github.com/TresysTechnology/setools
>
> comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
> - depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
> - || !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP \
> - || !BR2_TOOLCHAIN_USES_GLIBC
> - depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
> + depends on BR2_USE_MMU && !BR2_arc
> + depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
> + !BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
> + !BR2_INSTALL_LIBSTDCPP
> diff --git a/package/setools/setools.hash b/package/setools/setools.hash
> index d422e6607b..8729297064 100644
> --- a/package/setools/setools.hash
> +++ b/package/setools/setools.hash
> @@ -1,4 +1,7 @@
> # From https://github.com/TresysTechnology/setools3/wiki/Download
> -md5 d68d0d4e4da0f01da0f208782ff04b91 setools-3.3.8.tar.bz2
> +md5 d68d0d4e4da0f01da0f208782ff04b91 setools-4.1.1.tar.bz2
> # Locally computed
> -sha256 44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999 setools-3.3.8.tar.bz2
> +sha256 46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610 setools-4.1.1.tar.gz
> +sha256 2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
> +sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
> +sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
> diff --git a/package/setools/setools.mk b/package/setools/setools.mk
> index d2e9f05998..41c9205668 100644
> --- a/package/setools/setools.mk
> +++ b/package/setools/setools.mk
> @@ -4,81 +4,44 @@
> #
> ################################################################################
>
> -SETOOLS_VERSION = 3.3.8
> -SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
> -SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)
> -SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2 host-bison host-flex
> +SETOOLS_VERSION = 4.1.1
> +SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
> +SETOOLS_DEPENDENCIES = libselinux libsepol host-bison host-flex host-swig
> SETOOLS_INSTALL_STAGING = YES
> SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
> SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
> -
> -# configure.ac is patched by the cross compile patch,
> -# so autoreconf is necessary
> -SETOOLS_AUTORECONF = YES
> -
> -# Notes: Need "disable-selinux-check" so the configure does not check to see
> -# if host has selinux enabled.
> -# No python support as only the libraries and commandline tools are
> -# installed on target
> -SETOOLS_CONF_OPTS = \
> - --disable-debug \
> - --disable-gui \
> - --disable-bwidget-check \
> - --disable-selinux-check \
> - --disable-swig-java \
> - --disable-swig-python \
> - --disable-swig-tcl \
> - --with-sepol-devel="$(STAGING_DIR)/usr" \
> - --with-selinux-devel="$(STAGING_DIR)/usr"
> -
> -ifeq ($(BR2_sparc64):$(BR2_STATIC_LIBS),y:)
> -SETOOLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -fPIC"
> -endif
> -
> -HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
> - host-libxml2 host-bzip2 host-bison
> +SETOOLS_SETUP_TYPE = setuptools
>
> ifeq ($(BR2_PACKAGE_PYTHON3),y)
> -HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
> -HOST_SETOOLS_DEPENDENCIES += host-python3
> -HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
> +SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
> else
> -HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
> -HOST_SETOOLS_DEPENDENCIES += host-python
> -HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
> +SETOOLS_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
> endif
>
> -HOST_SETOOLS_PYTHON_SITE_PACKAGES = $(HOST_DIR)/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages
> -HOST_SETOOLS_PYTHON_INCLUDES = $(HOST_DIR)/include/python$(HOST_SETOOLS_PYTHON_VERSION)
> -HOST_SETOOLS_PYTHON_LIB = -lpython$(HOST_SETOOLS_PYTHON_VERSION)
> -
> -# Notes: Need "disable-selinux-check" so the configure does not check to see
> -# if host has selinux enabled.
> -# Host builds with python support to enable tools for offline target
> -# policy analysis
> -HOST_SETOOLS_CONF_OPTS = \
> - --disable-debug \
> - --disable-gui \
> - --disable-bwidget-check \
> - --disable-selinux-check \
> - --disable-swig-java \
> - --disable-swig-python \
> - --disable-swig-tcl \
> - --with-sepol-devel="$(HOST_DIR)" \
> - --with-selinux-devel="$(HOST_DIR)" \
> - PYTHON_LDFLAGS="-L$(HOST_DIR)/lib/" \
> - PYTHON_CPPFLAGS="-I$(HOST_SETOOLS_PYTHON_INCLUDES)" \
> - PYTHON_SITE_PKG="$(HOST_SETOOLS_PYTHON_SITE_PACKAGES)" \
> - PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil $(HOST_SETOOLS_PYTHON_LIB)"
> -
> -HOST_SETOOLS_CONF_ENV += \
> - am_cv_pathless_PYTHON=python \
> - ac_cv_path_PYTHON=$(HOST_DIR)/bin/python \
> - am_cv_python_platform=linux2 \
> - am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
> - am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> - am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> - am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
> +define SETOOLS_FIX_SETUP
> + # By default, setup.py will look for libsepol.a in the host directory. This
> + # needs to be changed to the staging directory.
> + $(SED) "s at base_lib_dirs =.*@base_lib_dirs = ['$(STAGING_DIR)/usr/lib']@g" \
> + $(@D)/setup.py
> +endef
> +SETOOLS_POST_PATCH_HOOKS += SETOOLS_FIX_SETUP
Need a host variant of this fixup
> +
> +# sedta and seinfoflow depends on python-networkx. This package is not
> +# available in buildroot.
> +define SETOOLS_REMOVE_BROKEN_SCRIPTS
> + $(RM) $(TARGET_DIR)/usr/bin/sedta
> + $(RM) $(TARGET_DIR)/usr/bin/seinfoflow
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += REMOVE_BROKEN_SCRIPTS
> +
> +# apol requires pyqt5, but is installed by default. Remove these scripts from
> +# the target it pyqt5 is not selected.
> +ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
> +define SETOOLS_REMOVE_QT_SCRIPTS
> + $(RM) $(TARGET_DIR)/usr/bin/apol
> + rmdir --ignore-fail-on-non-empty $(TARGET_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
> +endif
>
> -$(eval $(autotools-package))
> -$(eval $(host-autotools-package))
> +$(eval $(python-package))
There is a host-setools dependency which needs a host target here.
Thanks for the update!
-Matt
More information about the buildroot
mailing list