diff options
author | Nicolas Iooss | 2019-12-08 21:11:45 +0100 |
---|---|---|
committer | Nicolas Iooss | 2019-12-08 21:11:45 +0100 |
commit | f717bef8131622ad8545f4bdffe7bafdc35e9808 (patch) | |
tree | a2e66327968e9b9321318e1b11d0bd88767f2f9f | |
parent | cbdb1e980631bafedacef8c2491ab8f05db4a04e (diff) | |
download | aur-f717bef8131622ad8545f4bdffe7bafdc35e9808.tar.gz |
libselinux 3.0-1 update
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | 0001-libselinux-Fix-security_get_boolean_names-build-erro.patch | 49 | ||||
-rw-r--r-- | 0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch | 205 | ||||
-rw-r--r-- | PKGBUILD | 39 |
4 files changed, 16 insertions, 295 deletions
@@ -1,33 +1,27 @@ pkgbase = libselinux pkgdesc = SELinux library and simple utilities - pkgver = 2.9 - pkgrel = 4 + pkgver = 3.0 + pkgrel = 1 url = http://userspace.selinuxproject.org arch = i686 arch = x86_64 arch = armv6h groups = selinux license = custom - makedepends = python2 makedepends = python makedepends = ruby makedepends = xz makedepends = swig - depends = libsepol>=2.8 + depends = libsepol>=3.0 depends = pcre - optdepends = python2: python2 bindings optdepends = python: python bindings optdepends = ruby: ruby bindings - provides = selinux-usr-libselinux=2.9-4 + provides = selinux-usr-libselinux=3.0-1 conflicts = selinux-usr-libselinux - source = https://github.com/SELinuxProject/selinux/releases/download/20190315/libselinux-2.9.tar.gz + source = https://github.com/SELinuxProject/selinux/releases/download/20191204/libselinux-3.0.tar.gz source = libselinux.tmpfiles.d - source = 0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch - source = 0001-libselinux-Fix-security_get_boolean_names-build-erro.patch - sha256sums = 1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693 + sha256sums = 2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433 sha256sums = afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc - sha256sums = 47e8c4b6c67d1778bd0a8de782ea6d2406e8de3ad13064c85d53deba222100af - sha256sums = 9a0bcf7b8e2ec60fe954d2bbcd527f3b5d34e4cdb898ab19cd8b2ef869eed241 pkgname = libselinux diff --git a/0001-libselinux-Fix-security_get_boolean_names-build-erro.patch b/0001-libselinux-Fix-security_get_boolean_names-build-erro.patch deleted file mode 100644 index 232aa8c1a4ca..000000000000 --- a/0001-libselinux-Fix-security_get_boolean_names-build-erro.patch +++ /dev/null @@ -1,49 +0,0 @@ -From ee8f7a870c625de139aa271eae0c40578488c2f6 Mon Sep 17 00:00:00 2001 -From: Richard Haines <richard_c_haines@btinternet.com> -Date: Mon, 8 Jul 2019 14:37:01 +0100 -Subject: [PATCH 1/1] libselinux: Fix security_get_boolean_names build error -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When running 'make' from libselinux on Fedora 30 (gcc 9.1.1) the -following error is reported: - -bute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wstrict-overflow=5 --I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -c -o booleans.o -booleans.c -booleans.c: In function ‘security_get_boolean_names’: -booleans.c:39:5: error: assuming signed overflow does not occur when -changing X +- C1 cmp C2 to X cmp C2 -+ C1 [-Werror=strict-overflow] - 39 | int security_get_boolean_names(char ***names, int *len) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -make[1]: *** [Makefile:171: booleans.o] Error 1 - -This is caused by the '--i' in the: 'for (--i; i >= 0; --i)' loop. - -Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> ---- - libselinux/src/booleans.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c -index ab1e0754e961..a9154ce86b5d 100644 ---- a/libselinux/src/booleans.c -+++ b/libselinux/src/booleans.c -@@ -81,8 +81,10 @@ int security_get_boolean_names(char ***names, int *len) - free(namelist); - return rc; - bad_freen: -- for (--i; i >= 0; --i) -- free(n[i]); -+ if (i > 0) { -+ while (i >= 1) -+ free(n[--i]); -+ } - free(n); - bad: - goto out; --- -2.22.0 - diff --git a/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch b/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch deleted file mode 100644 index 18333b3fcaa1..000000000000 --- a/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 2efa06857575e4118e91ca250b6b92da68b130d5 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach <plautrba@redhat.com> -Date: Fri, 7 Jun 2019 17:35:44 +0200 -Subject: [PATCH 1/1] libselinux: Use Python distutils to install SELinux - python bindings - -Follow officially documented way how to build C extension modules using -distutils - https://docs.python.org/3.8/extending/building.html#building - -Fixes: - -- selinux python module fails to load when it's built using SWIG-4.0: - ->>> import selinux -Traceback (most recent call last): - File "<stdin>", line 1, in <module> - File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module> - from . import _selinux -ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py) - -SWIG-4.0 changed (again?) its behavior so that it uses: from . import _selinux -which looks for _selinux module in the same directory as where __init__.py is - -$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into -$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location -of _selinux.so"). - -- audit2why python module fails to build with Python 3.8 - -cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DOVERRIDE_GETTID=0 -I../include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L. -shared -o python-3.8audit2why.so python-3.8audit2why.lo -lselinux -l:libsepol.a -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs -/usr/bin/ld: python-3.8audit2why.lo: in function `finish': -/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:166: undefined reference to `PyArg_ParseTuple' -/usr/bin/ld: python-3.8audit2why.lo: in function `_Py_INCREF': -/usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct' -/usr/bin/ld: /usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct' -/usr/bin/ld: python-3.8audit2why.lo: in function `check_booleans': -/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:84: undefined reference to `PyExc_RuntimeError' -... - -It's related to the following Python change -https://docs.python.org/dev/whatsnew/3.8.html#debug-build-uses-the-same-abi-as-release-build - -Python distutils adds correct link options automatically. - -- selinux python module doesn't provide any Python metadata - -When selinux python module was built manually, it didn't provide any metadata. -distutils takes care about that so that selinux Python module is visible for -pip: - -$ pip3 list | grep selinux -selinux 2.9 - -Signed-off-by: Petr Lautrbach <plautrba@redhat.com> ---- - libselinux/src/.gitignore | 2 +- - libselinux/src/Makefile | 36 ++++++++---------------------------- - libselinux/src/setup.py | 24 ++++++++++++++++++++++++ - 3 files changed, 33 insertions(+), 29 deletions(-) - create mode 100644 libselinux/src/setup.py - -diff --git a/libselinux/src/.gitignore b/libselinux/src/.gitignore -index 4dcc3b3b40fb..428afe5ae7d9 100644 ---- a/libselinux/src/.gitignore -+++ b/libselinux/src/.gitignore -@@ -1,4 +1,4 @@ - selinux.py --selinuxswig_wrap.c -+selinuxswig_python_wrap.c - selinuxswig_python_exception.i - selinuxswig_ruby_wrap.c -diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile -index e9ed0383f592..2b1696a0c17b 100644 ---- a/libselinux/src/Makefile -+++ b/libselinux/src/Makefile -@@ -36,7 +36,7 @@ TARGET=libselinux.so - LIBPC=libselinux.pc - SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i - SWIGRUBYIF= selinuxswig_ruby.i --SWIGCOUT= selinuxswig_wrap.c -+SWIGCOUT= selinuxswig_python_wrap.c - SWIGPYOUT= selinux.py - SWIGRUBYCOUT= selinuxswig_ruby_wrap.c - SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT)) -@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),) - LDLIBS_LIBSEPOLA := -l:libsepol.a - endif - --GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i -+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i - SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c))) - - MAX_STACK_SIZE=32768 -@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND - SRCS:= $(filter-out label_backends_android.c, $(SRCS)) - endif - --SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS) -- - SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS) - - all: $(LIBA) $(LIBSO) $(LIBPC) - --pywrap: all $(SWIGFILES) $(AUDIT2WHYSO) -+pywrap: all selinuxswig_python_exception.i -+ CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR) - - rubywrap: all $(SWIGRUBYSO) - --$(SWIGLOBJ): $(SWIGCOUT) -- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $< -- - $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) - $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< - --$(SWIGSO): $(SWIGLOBJ) -- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS) -- - $(SWIGRUBYSO): $(SWIGRUBYLOBJ) - $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS) - -@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION - selinuxswig_python_exception.i: ../include/selinux/selinux.h - bash -e exception.sh > $@ || (rm -f $@ ; false) - --$(AUDIT2WHYLOBJ): audit2why.c -- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $< -- --$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) -- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs -- - %.o: %.c policy.h - $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< - - %.lo: %.c policy.h - $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< - --$(SWIGCOUT): $(SWIGIF) -- $(SWIG) $< -- --$(SWIGPYOUT): $(SWIGCOUT) -- - $(SWIGRUBYCOUT): $(SWIGRUBYIF) - $(SWIGRUBY) $< - --swigify: $(SWIGIF) -- $(SWIG) $< -- - install: all - test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) - install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) -@@ -194,10 +173,9 @@ install: all - ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) - - install-pywrap: pywrap -- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux -- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) -- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT) -+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` - install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py -+ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) - - install-rubywrap: rubywrap - test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) -@@ -208,6 +186,8 @@ relabel: - - clean-pywrap: - -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO) -+ $(PYTHON) setup.py clean -+ -rm -rf build *~ \#* *pyc .#* - - clean-rubywrap: - -rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO) -diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py -new file mode 100644 -index 000000000000..4dc03f55926f ---- /dev/null -+++ b/libselinux/src/setup.py -@@ -0,0 +1,24 @@ -+#!/usr/bin/python3 -+ -+from distutils.core import Extension, setup -+ -+setup( -+ name="selinux", -+ version="2.9", -+ description="SELinux python 3 bindings", -+ author="SELinux Project", -+ author_email="selinux@vger.kernel.org", -+ ext_modules=[ -+ Extension('selinux._selinux', -+ sources=['selinuxswig_python.i'], -+ include_dirs=['../include'], -+ library_dirs=['.'], -+ libraries=['selinux']), -+ Extension('selinux.audit2why', -+ sources=['audit2why.c'], -+ include_dirs=['../include'], -+ library_dirs=['.'], -+ libraries=['selinux'], -+ extra_link_args=['-l:libsepol.a', '-Wl,--version-script=audit2why.map']) -+ ], -+) --- -2.22.0 - @@ -8,40 +8,23 @@ # If you want to help keep it up to date, please open a Pull Request there. pkgname=libselinux -pkgver=2.9 -pkgrel=4 +pkgver=3.0 +pkgrel=1 pkgdesc="SELinux library and simple utilities" arch=('i686' 'x86_64' 'armv6h') url='http://userspace.selinuxproject.org' license=('custom') groups=('selinux') -makedepends=('python2' 'python' 'ruby' 'xz' 'swig') -depends=('libsepol>=2.8' 'pcre') -optdepends=('python2: python2 bindings' - 'python: python bindings' +makedepends=('python' 'ruby' 'xz' 'swig') +depends=('libsepol>=3.0' 'pcre') +optdepends=('python: python bindings' 'ruby: ruby bindings') conflicts=("selinux-usr-${pkgname}") provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") -source=("https://github.com/SELinuxProject/selinux/releases/download/20190315/${pkgname}-${pkgver}.tar.gz" - "libselinux.tmpfiles.d" - '0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch' - '0001-libselinux-Fix-security_get_boolean_names-build-erro.patch') -sha256sums=('1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693' - 'afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc' - '47e8c4b6c67d1778bd0a8de782ea6d2406e8de3ad13064c85d53deba222100af' - '9a0bcf7b8e2ec60fe954d2bbcd527f3b5d34e4cdb898ab19cd8b2ef869eed241') - -prepare() { - cd "${pkgname}-${pkgver}" - - # Backport "libselinux: Use Python distutils to install SELinux python bindings" - # https://github.com/SELinuxProject/selinux/commit/2efa06857575e4118e91ca250b6b92da68b130d5 - patch -Np2 -i ../0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch - - # Backport "libselinux: Fix security_get_boolean_names build error" - # https://github.com/SELinuxProject/selinux/commit/ee8f7a870c625de139aa271eae0c40578488c2f6 - patch -Np2 -i ../0001-libselinux-Fix-security_get_boolean_names-build-erro.patch -} +source=("https://github.com/SELinuxProject/selinux/releases/download/20191204/${pkgname}-${pkgver}.tar.gz" + "libselinux.tmpfiles.d") +sha256sums=('2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433' + 'afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc') build() { cd "${pkgname}-${pkgver}" @@ -51,7 +34,6 @@ build() { make swigify make all - make PYTHON=/usr/bin/python2 pywrap make PYTHON=/usr/bin/python3 pywrap make RUBY=/usr/bin/ruby rubywrap } @@ -62,11 +44,10 @@ package() { export DISABLE_RPM=y make DESTDIR="${pkgdir}" SBINDIR=/usr/bin SHLIBDIR=/usr/lib install - make DESTDIR="${pkgdir}" PYTHON=/usr/bin/python2 SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-pywrap make DESTDIR="${pkgdir}" PYTHON=/usr/bin/python3 SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-pywrap make DESTDIR="${pkgdir}" RUBY=/usr/bin/ruby SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-rubywrap - /usr/bin/python2 -m compileall "${pkgdir}/$(/usr/bin/python2 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')" /usr/bin/python3 -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')" + /usr/bin/python3 -O -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')" install -Dm 0644 "${srcdir}"/libselinux.tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/libselinux.conf |