summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO18
-rw-r--r--0001-libselinux-Fix-security_get_boolean_names-build-erro.patch49
-rw-r--r--0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch205
-rw-r--r--PKGBUILD39
4 files changed, 16 insertions, 295 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 4260184ff07..96f1f22bb45 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,33 +1,27 @@
pkgbase = libselinux
pkgdesc = SELinux library and simple utilities
- pkgver = 2.9
- pkgrel = 4
+ pkgver = 3.0
+ pkgrel = 1
url = http://userspace.selinuxproject.org
arch = i686
arch = x86_64
arch = armv6h
groups = selinux
license = custom
- makedepends = python2
makedepends = python
makedepends = ruby
makedepends = xz
makedepends = swig
- depends = libsepol>=2.8
+ depends = libsepol>=3.0
depends = pcre
- optdepends = python2: python2 bindings
optdepends = python: python bindings
optdepends = ruby: ruby bindings
- provides = selinux-usr-libselinux=2.9-4
+ provides = selinux-usr-libselinux=3.0-1
conflicts = selinux-usr-libselinux
- source = https://github.com/SELinuxProject/selinux/releases/download/20190315/libselinux-2.9.tar.gz
+ source = https://github.com/SELinuxProject/selinux/releases/download/20191204/libselinux-3.0.tar.gz
source = libselinux.tmpfiles.d
- source = 0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
- source = 0001-libselinux-Fix-security_get_boolean_names-build-erro.patch
- sha256sums = 1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693
+ sha256sums = 2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433
sha256sums = afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc
- sha256sums = 47e8c4b6c67d1778bd0a8de782ea6d2406e8de3ad13064c85d53deba222100af
- sha256sums = 9a0bcf7b8e2ec60fe954d2bbcd527f3b5d34e4cdb898ab19cd8b2ef869eed241
pkgname = libselinux
diff --git a/0001-libselinux-Fix-security_get_boolean_names-build-erro.patch b/0001-libselinux-Fix-security_get_boolean_names-build-erro.patch
deleted file mode 100644
index 232aa8c1a4c..00000000000
--- a/0001-libselinux-Fix-security_get_boolean_names-build-erro.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From ee8f7a870c625de139aa271eae0c40578488c2f6 Mon Sep 17 00:00:00 2001
-From: Richard Haines <richard_c_haines@btinternet.com>
-Date: Mon, 8 Jul 2019 14:37:01 +0100
-Subject: [PATCH 1/1] libselinux: Fix security_get_boolean_names build error
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When running 'make' from libselinux on Fedora 30 (gcc 9.1.1) the
-following error is reported:
-
-bute=const -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wstrict-overflow=5
--I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -c -o booleans.o
-booleans.c
-booleans.c: In function ‘security_get_boolean_names’:
-booleans.c:39:5: error: assuming signed overflow does not occur when
-changing X +- C1 cmp C2 to X cmp C2 -+ C1 [-Werror=strict-overflow]
- 39 | int security_get_boolean_names(char ***names, int *len)
- | ^~~~~~~~~~~~~~~~~~~~~~~~~~
-cc1: all warnings being treated as errors
-make[1]: *** [Makefile:171: booleans.o] Error 1
-
-This is caused by the '--i' in the: 'for (--i; i >= 0; --i)' loop.
-
-Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
----
- libselinux/src/booleans.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
-index ab1e0754e961..a9154ce86b5d 100644
---- a/libselinux/src/booleans.c
-+++ b/libselinux/src/booleans.c
-@@ -81,8 +81,10 @@ int security_get_boolean_names(char ***names, int *len)
- free(namelist);
- return rc;
- bad_freen:
-- for (--i; i >= 0; --i)
-- free(n[i]);
-+ if (i > 0) {
-+ while (i >= 1)
-+ free(n[--i]);
-+ }
- free(n);
- bad:
- goto out;
---
-2.22.0
-
diff --git a/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch b/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
deleted file mode 100644
index 18333b3fcaa..00000000000
--- a/0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From 2efa06857575e4118e91ca250b6b92da68b130d5 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Fri, 7 Jun 2019 17:35:44 +0200
-Subject: [PATCH 1/1] libselinux: Use Python distutils to install SELinux
- python bindings
-
-Follow officially documented way how to build C extension modules using
-distutils - https://docs.python.org/3.8/extending/building.html#building
-
-Fixes:
-
-- selinux python module fails to load when it's built using SWIG-4.0:
-
->>> import selinux
-Traceback (most recent call last):
- File "<stdin>", line 1, in <module>
- File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
- from . import _selinux
-ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
-
-SWIG-4.0 changed (again?) its behavior so that it uses: from . import _selinux
-which looks for _selinux module in the same directory as where __init__.py is -
-$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
-$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
-of _selinux.so").
-
-- audit2why python module fails to build with Python 3.8
-
-cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DOVERRIDE_GETTID=0 -I../include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L. -shared -o python-3.8audit2why.so python-3.8audit2why.lo -lselinux -l:libsepol.a -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
-/usr/bin/ld: python-3.8audit2why.lo: in function `finish':
-/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:166: undefined reference to `PyArg_ParseTuple'
-/usr/bin/ld: python-3.8audit2why.lo: in function `_Py_INCREF':
-/usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct'
-/usr/bin/ld: /usr/include/python3.8/object.h:449: undefined reference to `_Py_NoneStruct'
-/usr/bin/ld: python-3.8audit2why.lo: in function `check_booleans':
-/builddir/build/BUILD/libselinux-2.9/src/audit2why.c:84: undefined reference to `PyExc_RuntimeError'
-...
-
-It's related to the following Python change
-https://docs.python.org/dev/whatsnew/3.8.html#debug-build-uses-the-same-abi-as-release-build
-
-Python distutils adds correct link options automatically.
-
-- selinux python module doesn't provide any Python metadata
-
-When selinux python module was built manually, it didn't provide any metadata.
-distutils takes care about that so that selinux Python module is visible for
-pip:
-
-$ pip3 list | grep selinux
-selinux 2.9
-
-Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
----
- libselinux/src/.gitignore | 2 +-
- libselinux/src/Makefile | 36 ++++++++----------------------------
- libselinux/src/setup.py | 24 ++++++++++++++++++++++++
- 3 files changed, 33 insertions(+), 29 deletions(-)
- create mode 100644 libselinux/src/setup.py
-
-diff --git a/libselinux/src/.gitignore b/libselinux/src/.gitignore
-index 4dcc3b3b40fb..428afe5ae7d9 100644
---- a/libselinux/src/.gitignore
-+++ b/libselinux/src/.gitignore
-@@ -1,4 +1,4 @@
- selinux.py
--selinuxswig_wrap.c
-+selinuxswig_python_wrap.c
- selinuxswig_python_exception.i
- selinuxswig_ruby_wrap.c
-diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index e9ed0383f592..2b1696a0c17b 100644
---- a/libselinux/src/Makefile
-+++ b/libselinux/src/Makefile
-@@ -36,7 +36,7 @@ TARGET=libselinux.so
- LIBPC=libselinux.pc
- SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
- SWIGRUBYIF= selinuxswig_ruby.i
--SWIGCOUT= selinuxswig_wrap.c
-+SWIGCOUT= selinuxswig_python_wrap.c
- SWIGPYOUT= selinux.py
- SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
- SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
-@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
- LDLIBS_LIBSEPOLA := -l:libsepol.a
- endif
-
--GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
-+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
- SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
-
- MAX_STACK_SIZE=32768
-@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
- SRCS:= $(filter-out label_backends_android.c, $(SRCS))
- endif
-
--SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
--
- SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
-
- all: $(LIBA) $(LIBSO) $(LIBPC)
-
--pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
-+pywrap: all selinuxswig_python_exception.i
-+ CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
-
- rubywrap: all $(SWIGRUBYSO)
-
--$(SWIGLOBJ): $(SWIGCOUT)
-- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
--
- $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
-
--$(SWIGSO): $(SWIGLOBJ)
-- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
--
- $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
-
-@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
- selinuxswig_python_exception.i: ../include/selinux/selinux.h
- bash -e exception.sh > $@ || (rm -f $@ ; false)
-
--$(AUDIT2WHYLOBJ): audit2why.c
-- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
--
--$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
-- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
--
- %.o: %.c policy.h
- $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
-
- %.lo: %.c policy.h
- $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
-
--$(SWIGCOUT): $(SWIGIF)
-- $(SWIG) $<
--
--$(SWIGPYOUT): $(SWIGCOUT)
--
- $(SWIGRUBYCOUT): $(SWIGRUBYIF)
- $(SWIGRUBY) $<
-
--swigify: $(SWIGIF)
-- $(SWIG) $<
--
- install: all
- test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
- install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
-@@ -194,10 +173,9 @@ install: all
- ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
-
- install-pywrap: pywrap
-- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
-- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
-- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
-+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
- install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
-+ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
-
- install-rubywrap: rubywrap
- test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
-@@ -208,6 +186,8 @@ relabel:
-
- clean-pywrap:
- -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
-+ $(PYTHON) setup.py clean
-+ -rm -rf build *~ \#* *pyc .#*
-
- clean-rubywrap:
- -rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
-diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
-new file mode 100644
-index 000000000000..4dc03f55926f
---- /dev/null
-+++ b/libselinux/src/setup.py
-@@ -0,0 +1,24 @@
-+#!/usr/bin/python3
-+
-+from distutils.core import Extension, setup
-+
-+setup(
-+ name="selinux",
-+ version="2.9",
-+ description="SELinux python 3 bindings",
-+ author="SELinux Project",
-+ author_email="selinux@vger.kernel.org",
-+ ext_modules=[
-+ Extension('selinux._selinux',
-+ sources=['selinuxswig_python.i'],
-+ include_dirs=['../include'],
-+ library_dirs=['.'],
-+ libraries=['selinux']),
-+ Extension('selinux.audit2why',
-+ sources=['audit2why.c'],
-+ include_dirs=['../include'],
-+ library_dirs=['.'],
-+ libraries=['selinux'],
-+ extra_link_args=['-l:libsepol.a', '-Wl,--version-script=audit2why.map'])
-+ ],
-+)
---
-2.22.0
-
diff --git a/PKGBUILD b/PKGBUILD
index 20eef6cd6f1..9acb10573de 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,40 +8,23 @@
# If you want to help keep it up to date, please open a Pull Request there.
pkgname=libselinux
-pkgver=2.9
-pkgrel=4
+pkgver=3.0
+pkgrel=1
pkgdesc="SELinux library and simple utilities"
arch=('i686' 'x86_64' 'armv6h')
url='http://userspace.selinuxproject.org'
license=('custom')
groups=('selinux')
-makedepends=('python2' 'python' 'ruby' 'xz' 'swig')
-depends=('libsepol>=2.8' 'pcre')
-optdepends=('python2: python2 bindings'
- 'python: python bindings'
+makedepends=('python' 'ruby' 'xz' 'swig')
+depends=('libsepol>=3.0' 'pcre')
+optdepends=('python: python bindings'
'ruby: ruby bindings')
conflicts=("selinux-usr-${pkgname}")
provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}")
-source=("https://github.com/SELinuxProject/selinux/releases/download/20190315/${pkgname}-${pkgver}.tar.gz"
- "libselinux.tmpfiles.d"
- '0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch'
- '0001-libselinux-Fix-security_get_boolean_names-build-erro.patch')
-sha256sums=('1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693'
- 'afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc'
- '47e8c4b6c67d1778bd0a8de782ea6d2406e8de3ad13064c85d53deba222100af'
- '9a0bcf7b8e2ec60fe954d2bbcd527f3b5d34e4cdb898ab19cd8b2ef869eed241')
-
-prepare() {
- cd "${pkgname}-${pkgver}"
-
- # Backport "libselinux: Use Python distutils to install SELinux python bindings"
- # https://github.com/SELinuxProject/selinux/commit/2efa06857575e4118e91ca250b6b92da68b130d5
- patch -Np2 -i ../0001-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
-
- # Backport "libselinux: Fix security_get_boolean_names build error"
- # https://github.com/SELinuxProject/selinux/commit/ee8f7a870c625de139aa271eae0c40578488c2f6
- patch -Np2 -i ../0001-libselinux-Fix-security_get_boolean_names-build-erro.patch
-}
+source=("https://github.com/SELinuxProject/selinux/releases/download/20191204/${pkgname}-${pkgver}.tar.gz"
+ "libselinux.tmpfiles.d")
+sha256sums=('2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433'
+ 'afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc')
build() {
cd "${pkgname}-${pkgver}"
@@ -51,7 +34,6 @@ build() {
make swigify
make all
- make PYTHON=/usr/bin/python2 pywrap
make PYTHON=/usr/bin/python3 pywrap
make RUBY=/usr/bin/ruby rubywrap
}
@@ -62,11 +44,10 @@ package() {
export DISABLE_RPM=y
make DESTDIR="${pkgdir}" SBINDIR=/usr/bin SHLIBDIR=/usr/lib install
- make DESTDIR="${pkgdir}" PYTHON=/usr/bin/python2 SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-pywrap
make DESTDIR="${pkgdir}" PYTHON=/usr/bin/python3 SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-pywrap
make DESTDIR="${pkgdir}" RUBY=/usr/bin/ruby SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-rubywrap
- /usr/bin/python2 -m compileall "${pkgdir}/$(/usr/bin/python2 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')"
/usr/bin/python3 -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')"
+ /usr/bin/python3 -O -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')"
install -Dm 0644 "${srcdir}"/libselinux.tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/libselinux.conf