summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO6
-rw-r--r--0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch205
-rw-r--r--PKGBUILD14
3 files changed, 220 insertions, 5 deletions
diff --git a/.SRCINFO b/.SRCINFO
index eeb2a0b4a77..c2aab4726e1 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = libselinux
pkgdesc = SELinux library and simple utilities
pkgver = 2.9
- pkgrel = 1
+ pkgrel = 2
url = http://userspace.selinuxproject.org
arch = i686
arch = x86_64
@@ -18,12 +18,14 @@ pkgbase = libselinux
optdepends = python2: python2 bindings
optdepends = python: python bindings
optdepends = ruby: ruby bindings
- provides = selinux-usr-libselinux=2.9-1
+ provides = selinux-usr-libselinux=2.9-2
conflicts = selinux-usr-libselinux
source = https://github.com/SELinuxProject/selinux/releases/download/20190315/libselinux-2.9.tar.gz
source = libselinux.tmpfiles.d
+ source = 0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
sha256sums = 1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693
sha256sums = afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc
+ sha256sums = 47e8c4b6c67d1778bd0a8de782ea6d2406e8de3ad13064c85d53deba222100af
pkgname = libselinux
diff --git a/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch b/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
new file mode 100644
index 00000000000..18333b3fcaa
--- /dev/null
+++ b/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
@@ -0,0 +1,205 @@
+From 2efa06857575e4118e91ca250b6b92da68b130d5 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Fri, 7 Jun 2019 17:35:44 +0200
+Subject: [PATCH 1/1] libselinux: Use Python distutils to install SELinux
+ python bindings
+
+Follow officially documented way how to build C extension modules using
+distutils - https://docs.python.org/3.8/extending/building.html#building
+
+Fixes:
+
+- selinux python module fails to load when it's built using SWIG-4.0:
+
+>>> import selinux
+Traceback (most recent call last):
+ File "<stdin>", line 1, in <module>
+ File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
+ from . import _selinux
+ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
+
+SWIG-4.0 changed (again?) its behavior so that it uses: from . import _selinux
+which looks for _selinux module in the same directory as where __init__.py is -
+$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
+$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
+of _selinux.so").
+
+- audit2why python module fails to build with Python 3.8
+
+cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DOVERRIDE_GETTID=0 -I../include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L. -shared -o python-3.8audit2why.so python-3.8audit2why.lo -lselinux -l:libsepol.a -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
+/usr/bin/ld: python-3.8audit2why.lo: in function `finish':
+/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:166: undefined reference to `PyArg_ParseTuple'
+/usr/bin/ld: python-3.8audit2why.lo: in function `_Py_INCREF':
+/usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct'
+/usr/bin/ld: /usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct'
+/usr/bin/ld: python-3.8audit2why.lo: in function `check_booleans':
+/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:84: undefined reference to `PyExc_RuntimeError'
+...
+
+It's related to the following Python change
+https://docs.python.org/dev/whatsnew/3.8.html#debug-build-uses-the-same-abi-as-release-build
+
+Python distutils adds correct link options automatically.
+
+- selinux python module doesn't provide any Python metadata
+
+When selinux python module was built manually, it didn't provide any metadata.
+distutils takes care about that so that selinux Python module is visible for
+pip:
+
+$ pip3 list | grep selinux
+selinux 2.9
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ libselinux/src/.gitignore | 2 +-
+ libselinux/src/Makefile | 36 ++++++++----------------------------
+ libselinux/src/setup.py | 24 ++++++++++++++++++++++++
+ 3 files changed, 33 insertions(+), 29 deletions(-)
+ create mode 100644 libselinux/src/setup.py
+
+diff --git a/libselinux/src/.gitignore b/libselinux/src/.gitignore
+index 4dcc3b3b40fb..428afe5ae7d9 100644
+--- a/libselinux/src/.gitignore
++++ b/libselinux/src/.gitignore
+@@ -1,4 +1,4 @@
+ selinux.py
+-selinuxswig_wrap.c
++selinuxswig_python_wrap.c
+ selinuxswig_python_exception.i
+ selinuxswig_ruby_wrap.c
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index e9ed0383f592..2b1696a0c17b 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -36,7 +36,7 @@ TARGET=libselinux.so
+ LIBPC=libselinux.pc
+ SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
+ SWIGRUBYIF= selinuxswig_ruby.i
+-SWIGCOUT= selinuxswig_wrap.c
++SWIGCOUT= selinuxswig_python_wrap.c
+ SWIGPYOUT= selinux.py
+ SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
+ SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
+@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+ endif
+
+-GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
++GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
+ SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
+
+ MAX_STACK_SIZE=32768
+@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
+ SRCS:= $(filter-out label_backends_android.c, $(SRCS))
+ endif
+
+-SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
+-
+ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
+
+ all: $(LIBA) $(LIBSO) $(LIBPC)
+
+-pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
++pywrap: all selinuxswig_python_exception.i
++ CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
+
+ rubywrap: all $(SWIGRUBYSO)
+
+-$(SWIGLOBJ): $(SWIGCOUT)
+- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
+-
+ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+
+-$(SWIGSO): $(SWIGLOBJ)
+- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
+-
+ $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
+
+@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
+ selinuxswig_python_exception.i: ../include/selinux/selinux.h
+ bash -e exception.sh > $@ || (rm -f $@ ; false)
+
+-$(AUDIT2WHYLOBJ): audit2why.c
+- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
+-
+-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
+- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
+-
+ %.o: %.c policy.h
+ $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
+
+ %.lo: %.c policy.h
+ $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+
+-$(SWIGCOUT): $(SWIGIF)
+- $(SWIG) $<
+-
+-$(SWIGPYOUT): $(SWIGCOUT)
+-
+ $(SWIGRUBYCOUT): $(SWIGRUBYIF)
+ $(SWIGRUBY) $<
+
+-swigify: $(SWIGIF)
+- $(SWIG) $<
+-
+ install: all
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+@@ -194,10 +173,9 @@ install: all
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
+
+ install-pywrap: pywrap
+- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
+- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
++ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+ install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
++ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+
+ install-rubywrap: rubywrap
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+@@ -208,6 +186,8 @@ relabel:
+
+ clean-pywrap:
+ -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
++ $(PYTHON) setup.py clean
++ -rm -rf build *~ \#* *pyc .#*
+
+ clean-rubywrap:
+ -rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
+diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
+new file mode 100644
+index 000000000000..4dc03f55926f
+--- /dev/null
++++ b/libselinux/src/setup.py
+@@ -0,0 +1,24 @@
++#!/usr/bin/python3
++
++from distutils.core import Extension, setup
++
++setup(
++ name="selinux",
++ version="2.9",
++ description="SELinux python 3 bindings",
++ author="SELinux Project",
++ author_email="selinux@vger.kernel.org",
++ ext_modules=[
++ Extension('selinux._selinux',
++ sources=['selinuxswig_python.i'],
++ include_dirs=['../include'],
++ library_dirs=['.'],
++ libraries=['selinux']),
++ Extension('selinux.audit2why',
++ sources=['audit2why.c'],
++ include_dirs=['../include'],
++ library_dirs=['.'],
++ libraries=['selinux'],
++ extra_link_args=['-l:libsepol.a', '-Wl,--version-script=audit2why.map'])
++ ],
++)
+--
+2.22.0
+
diff --git a/PKGBUILD b/PKGBUILD
index d764aa13330..df402287799 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -9,7 +9,7 @@
pkgname=libselinux
pkgver=2.9
-pkgrel=1
+pkgrel=2
pkgdesc="SELinux library and simple utilities"
arch=('i686' 'x86_64' 'armv6h')
url='http://userspace.selinuxproject.org'
@@ -23,9 +23,17 @@ optdepends=('python2: python2 bindings'
conflicts=("selinux-usr-${pkgname}")
provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}")
source=("https://github.com/SELinuxProject/selinux/releases/download/20190315/${pkgname}-${pkgver}.tar.gz"
- "libselinux.tmpfiles.d")
+ "libselinux.tmpfiles.d"
+ '0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch')
sha256sums=('1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693'
- 'afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc')
+ 'afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc'
+ '47e8c4b6c67d1778bd0a8de782ea6d2406e8de3ad13064c85d53deba222100af')
+
+prepare() {
+ cd "${pkgname}-${pkgver}"
+
+ patch -Np2 -i ../0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
+}
build() {
cd "${pkgname}-${pkgver}"