Arch Linux User Repository

@IooNag: I will contact python-selinux maintainers on this issue as soon as I can.

@tallero: It seems that python-selinux, Python package was created to work in Python virtualenv, in order to provide Python bindings to libselinux.so (according to "Pure-python selinux shim module for use in virtualenvs in order to avoid failure to load selinux in Ansible modules." in https://github.com/pycontribs/selinux/blob/321d66619ed59bec00a9dc6216ce417d7befec41/README.rst ). These bindings are provided system-wide by the AUR package selinux-python in the AUR, and I understand for a need of a shim module in virtualenvs. This is why python-selinux includes a "selinux" Python module. However the fact that this module is installed system-wide is strange.

Moreover I do not understand how Arch Linux's python-selinux is supposed to work system-wide: it is supposed to provides transparent Python bindings to libselinux... but require libselinux to be installed too (with its Python bindings). Therefore, in my humble opinion, instead of packaging python-selinux in community, the AUR packages libselinux and selinux-python should be migrated to community if some official packages start to depend on them.

Could you please contact python-selinux's package maintainers in order to understand how this package is supposed to be used on systems with SELinux?

libselinux: /usr/lib/python3.10/site-packages/selinux/__init__.py exists in filesystem (owned by python-selinux)
libselinux: /usr/lib/python3.10/site-packages/selinux/__pycache__/__init__.cpython-310.pyc exists in filesystem (owned by python-selinux)

@IooNag Ok, thanks

But considering that pkgconf is not so frequently used, maybe is better if you add it in the makedepends.

@bred Yes, pkgconf needs to be installed before building this package, as well as make, gcc (for a C compiler)... All these packages are in group base-devel, which is always required for AUR packages.

@IooNag

It seems that the package "pkgconf" is a mandatory dependency for building "libselinux".

After the installation of "pkgconf" it has compiled correctly.

@bred : What version of package pcre have you installed? What is the output of "pkg-config --libs libpcre" (this is the command which is used to normally insert "-lpcre" in the command line that failed)?

I've this error during the linking: (pcre is installed!)

cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -I../include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND  -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -shared -o libselinux.so.1 avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo validatetrans.lo   -ldl -Wl,-soname,libselinux.so.1,-z,defs,-z,relro

/usr/bin/ld: regex.lo: in function `regex_version':
regex.c:(.text+0x12): undefined reference to `pcre_version'
/usr/bin/ld: regex.lo: in function `regex_writef':
regex.c:(.text+0x79): undefined reference to `pcre_fullinfo'
/usr/bin/ld: regex.c:(.text+0xf0): undefined reference to `pcre_fullinfo'
/usr/bin/ld: regex.lo: in function `regex_data_free':
regex.c:(.text+0x1eb): undefined reference to `pcre_free'
/usr/bin/ld: regex.c:(.text+0x1fc): undefined reference to `pcre_free_study'
/usr/bin/ld: regex.lo: in function `regex_prepare_data':
regex.c:(.text+0x26e): undefined reference to `pcre_compile'
/usr/bin/ld: regex.c:(.text+0x294): undefined reference to `pcre_study'
/usr/bin/ld: regex.lo: in function `regex_load_mmap':
regex.c:(.text+0x39c): undefined reference to `pcre_fullinfo'
/usr/bin/ld: regex.c:(.text+0x414): undefined reference to `pcre_fullinfo'
/usr/bin/ld: regex.lo: in function `regex_match':
regex.c:(.text+0x4bf): undefined reference to `pcre_exec'
/usr/bin/ld: regex.lo: in function `regex_cmp':
regex.c:(.text+0x53e): undefined reference to `pcre_fullinfo'
/usr/bin/ld: regex.c:(.text+0x558): undefined reference to `pcre_fullinfo'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:148: libselinux.so.1] Errore 1

@IooNag:

You are of course still free to work on package libselinux-python2 and backport bug fixes that could happen in libselinux's Python bindings.

I am not that interested, too. I just needed an easy-to-use tool and someone adviced system-config-users. It seemed natural to me to package it, even if arch is slowly deprecating all python2-* packages.

If someone will ever want to use it in the future (for whatever reason) now can do it easily (because PKGBUILDs won't be lost even when SELinux will end support).

I did this for screem, too.

@tallero: it seems that system-config-users could be installed on RHEL/CentOS 7, but not on CentOS 8 according to https://unix.stackexchange.com/questions/547437/centos-8-system-config-users. Moreover this question suggests using Cockpit instead, which has already been packaged for Arch Linux (https://www.archlinux.org/packages/community/x86_64/cockpit/).

Anyway, if you want to fork/adopt system-config-users and maintain it on https://gitlab.com/tallero/system-config-users, that's nice. Nevertheless I do not want to maintain a libselinux-python2-v3.0 package because this version is not supported upstream (by SELinux developers) and the future releases of libselinux are likely to break Python 2 compatibility. This is a matter of personal choices in the way I define how I spend my time. You are of course still free to work on package libselinux-python2 and backport bug fixes that could happen in libselinux's Python bindings.

@IooNag: I agree with you. In any case libselinux-python2 packages just bindings and until the tool has not been replaced/ported to pygobject (if ever) it could simply stabilize on 3.0. This was packaged because of this question. Can't find the original git repo, only tarballs, check this.

tallero : is system-config-users maintained? The upstream of this project (Red Hat) seems to no longer maintain it (and the RPM seems not to exist for "recent" releases such as CentOS 8 or Fedora 31 on https://rpmfind.net/linux/rpm2html/search.php?query=system-config-users).

If system-config-users is no longer maintained upstream, I do not want to spend time to support libselinux-python2, for the sake of using old software for which bugs will never be fixed upstream.

@IooNag: I know of Python 2.x EOL; the library (same tar of this package) can still produce 2.x bindings. The software that needs it is system-config-users, the users/groups GUI manager included in Red Hat/CentOS 7.x.

I just noticed gnome-system-tools.

tallero: Python 2 is no longer supported by SELinux userspace tools and libraries, since commit https://github.com/SELinuxProject/selinux/commit/214cb61d539f75e5290928cb7bba5b2646632d0b that is included in release 3.0. This is why I removed Python 2 library from libselinux package.

What software are you using that requires Python 2's bindings of libselinux? This software needs be updated to Python 3 compatibility anyway, as Python 2 is no longer updated "even if someone finds a security problem in it" (cf. https://www.python.org/doc/sunset-python-2/).

I forked the package to build and install only python 2.x bindings in libselinux-python2. Could you add the option to build them into this one so that I can drop the newborn depedency?

paperfolder: As far as I understand, this warning appears for every package that provides a Python library. If you know of a way to bytecode-compile Python scripts without introducing the full path of the scripts in the resulting .pyc files, I will gladly modify the PKGBUILD accordingly.

makepkg returns a warning that the built package contains a reference to $pkgdir - is this a problem during compiling? (archwiki says that this error means the literal string $pkgdir is contained in these files)

==> WARNING: Package contains reference to $pkgdir
usr/lib/python3.8/site-packages/selinux/__pycache__/__init__.cpython-38.opt-1.pyc
usr/lib/python3.8/site-packages/selinux/__pycache__/__init__.cpython-38.pyc

Please bump a pkgrel for python 3.8 rebuild~

reallygrimm: which compiler are you using? The build does not fail with gcc 9.1.0-2 on x86-64, but people on Fedora has reported issues upstreams with gcc 9.1.1 that got fixed by commit https://github.com/SELinuxProject/selinux/commit/ee8f7a870c625de139aa271eae0c40578488c2f6 . I will backport this patch to the package.

I'm getting a build failure, and I'm not sure if it's the patch, upstream or because I've got blinders on.

booleans.c:39:5: error: assuming signed overflow does not occur when changing X +- C1 cmp C2 to X cmp C2 -+ C1 [-Werror=strict-overflow]

39 | int security_get_boolean_names(char ***names, int *len)

iGwadaa: I forgot that Makefile in the source directory overwrote definitions from src/Makefile... This Makefile overwrites PCRE_LDLIBS with "PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE))". Do you have pkg-config command (from package pkgconf)? As it is part of base-devel group, it is supposed to be installed even though it is not listed in the dependencies of libselinux's PKGBUILD.

iGwadaa: libselinux builds fine on my clean environment. pcre_fullinfo is provided by /usr/lib/libpcre.so.1.2.11 from pcre 8.43-1. Moreover the Makefile in src/ adds -lpcre (through an indirection with "PCRE_LDLIBS ?= -lpcre"). Do you know of something specific to your build environment that would explain this build failure?

• regex.c:(.text+0x52e): undefined reference to `pcre_fullinfo'
• /usr/bin/ld: regex.c:(.text+0x548): undefined reference to `pcre_fullinfo'
• collect2: error: ld returned 1 exit status
• make[1]: *** [Makefile:155: libselinux.so.1] Error 1
• make[1]: Leaving directory '/tmp/yaourt-tmp-igwadaa/aur-libselinux/src/libselinux-2.9/src'
• make: *** [Makefile:44: all] Error 1

schlumpf: thanks for your bug report. On my system, libselinux builds fine, and the line which does the linking has a "-lpcre" which is added. This parameter is added in the Makefile by using the output "pkg-config --libs libpcre".

Have you installed pkgconf (which is part of base-devel)? If yes, what does "pkg-config --libs libpcre" print, on your system?

I'm unable to build :(

[...]

cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -I../include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -shared -o libselinux.so.1 avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo -ldl -Wl,-soname,libselinux.so.1,-z,defs,-z,relro /usr/bin/ld: regex.lo: in function regex_version': regex.c:(.text+0x12): undefined reference topcre_version' /usr/bin/ld: regex.lo: in function regex_writef': regex.c:(.text+0x79): undefined reference topcre_fullinfo' /usr/bin/ld: regex.c:(.text+0xf0): undefined reference to pcre_fullinfo' /usr/bin/ld: regex.lo: in functionregex_data_free': regex.c:(.text+0x1eb): undefined reference to pcre_free' /usr/bin/ld: regex.c:(.text+0x1fc): undefined reference topcre_free_study' /usr/bin/ld: regex.lo: in function regex_prepare_data': regex.c:(.text+0x26a): undefined reference topcre_compile' /usr/bin/ld: regex.c:(.text+0x28c): undefined reference to pcre_study' /usr/bin/ld: regex.lo: in functionregex_load_mmap': regex.c:(.text+0x38a): undefined reference to pcre_fullinfo' /usr/bin/ld: regex.c:(.text+0x403): undefined reference topcre_fullinfo' /usr/bin/ld: regex.lo: in function regex_match': regex.c:(.text+0x4ae): undefined reference topcre_exec' /usr/bin/ld: regex.lo: in function regex_cmp': regex.c:(.text+0x52e): undefined reference topcre_fullinfo' /usr/bin/ld: regex.c:(.text+0x548): undefined reference to `pcre_fullinfo'

netrunn3r: if I correctly understand, the issue you report comes from the fact that pkg-config does not use the same Ruby version as the one from your shell environment. However I fail to see the point of building the package with a non-system ruby command. Such a setup would build and install Ruby packages for a Ruby version which is different from the system one (eg. it would put files in the "wrong" system directory, like /usr/lib/ruby/2.3.0/ instead of /usr/lib/ruby/2.4.0/)... Actually it makes sense to define RUBY=/usr/bin/ruby (and use the full paths for PYTHON definitions too) in the PKGBUILD in order to ensure the package is built with the packaged (system-wide) Ruby. Could you please add "RUBY=/usr/bin/ruby" to these lines: * make rubywrap * make DESTDIR="${pkgdir}" USRBINDIR="${pkgdir}"/usr/bin LIBDIR="${pkgdir}"/usr/lib SHLIBDIR="${pkgdir}"/usr/lib install-rubywrap" ... and tell whether this fixed your issue?

I had the same problem which cminus. Problem was with this two lines: RUBYLIBVER ?= $(shell $(RUBY) -e 'print RUBY_VERSION.split(".")[0..1].join(".")') RUBYINC ?= $(shell $(PKG_CONFIG) --exists ruby-$(RUBYLIBVER) && $(PKG_CONFIG) --cflags ruby-$(RUBYLIBVER) || $(PKG_CONFIG) --cflags ruby) First one return wrong version: [netrunner@nightcity] libselinux $ ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")' 2.3 Where I have installed 2.4: [netrunner@nightcity] libselinux $ pacman -Qi ruby Name : ruby Version : 2.4.1-3 pkg-config confirm that: [netrunner@nightcity] libselinux $ pkg-config --exists ruby-2.3 ; echo $? 1 [netrunner@nightcity] libselinux $ pkg-config --exists ruby-2.4 ; echo $? 0 So variable $RUBYINC is empty and my cc looks like that (without /usr/include/ruby-2.4) cc -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -I../include -I/usr/include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations -fPIC -DSHARED -c -o selinuxswig_ruby_wrap.lo selinuxswig_ruby_wrap.c This happen because I also have rvm and I had set default ruby version to 2.3: [netrunner@nightcity] libselinux $ ruby -v ruby 2.3.3p222 (2016-11-21 revision 56859) [x86_64-linux] [netrunner@nightcity] libselinux $ rvm list rvm rubies =* ruby-2.3.3 [ x86_64 ] # => - current # =* - current && default # * - default As you see, I don't had 2.4. After installing and setting as default version 2.4: [netrunner@nightcity] libselinux $ /bin/bash --login # needed for installing ruby with rvm [netrunner@nightcity] libselinux $ rvm install ruby-2.4.1 (...) [netrunner@nightcity] libselinux $ rvm list rvm rubies * ruby-2.3.3 [ x86_64 ] => ruby-2.4.1 [ x86_64 ] # => - current # =* - current && default # * - default [netrunner@nightcity] libselinux $ rvm --default use 2.4.1 [netrunner@nightcity] libselinux $ rvm list rvm rubies ruby-2.3.3 [ x86_64 ] =* ruby-2.4.1 [ x86_64 ] # => - current # =* - current && default # * - default [netrunner@nightcity] libselinux $ makepkg # still in login shell libselinux build successfully. Maybe use something like that: pacman -Q ruby | cut -d ' ' -f 2 | cut -d '.' -f 1,2 to get ruby version?

@IooNag.. I am not sure what happened, but it worked and got installed.. PS: I have removed old rvm and let the process continue.. I am not sure how this relates to the system-installed ruby.. Kinda strange Here there are the current outputs of the lines you requested Arch% echo $RUBY # Blank line Arch% ${RUBY:-ruby} -e 'print RUBY_VERSION.split(".")[0..1].join(".")' 2.4% Arch% pkg-config --cflags ruby-2.4 -I/usr/include/ruby-2.4.0/x86_64-linux -I/usr/include/ruby-2.4.0 Arch% ls /usr/include/ruby-2.4.0/ ruby ruby.h x86_64-linux

cminus: what is the compiler line right before your error? Is it "cc -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -I../include -I/usr/include -D_GNU_SOURCE -DDISABLE_RPM -DNO_ANDROID_BACKEND -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations -I/usr/include/ruby-2.4.0/x86_64-linux -I/usr/include/ruby-2.4.0 -fPIC -DSHARED -c -o selinuxswig_ruby_wrap.lo selinuxswig_ruby_wrap.c"? Also I am interested in the result of these commands on your system (the second and the third ones are used by libselinux Makefile to find where Ruby header files are installed): * echo $RUBY * ${RUBY:-ruby} -e 'print RUBY_VERSION.split(".")[0..1].join(".")' * pkg-config --cflags ruby-2.4 * ls /usr/include/ruby-2.4.0/

I have this error and I don't know how to resolve.. Any help will be appreciated. selinuxswig_ruby_wrap.c:855:18: fatal error: ruby.h: No such file or directory #include <ruby.h> ^

chrisbdaemon: pkg-config is in base-devel, which has to be installed before building any AUR package (cf. https://wiki.archlinux.org/index.php/Arch_User_Repository#Getting_started). Hence I won't add it to makedepends.

Can pkg-config be added to the list of makedepends as well?

Not sure if this is helpful or not, but I was able to build and install this package and its dependency libsepol on armv7h (RPi 2).

Thanks for your comment, but actually it is not libselinux which requires flex to be built but libsepol and libsemanage. I've just added "flex" to their makedepends.

The package dependencies are missing 'flex' currently.

works now thank you

I updated the PKGBUILD to use /usr/bin instead of /usr/sbin and while at it cleaned up a few things (https://github.com/archlinuxhardened/selinux/commit/7a68af5d847389935aa784d8f43c69ac41d0a3a9 ). Does it work better?

Wont install for me error: failed to commit transaction (conflicting files) libselinux: /usr/sbin exists in filesystem Errors occurred, no packages were upgraded.

Upstream moved to GitHub a few weeks ago (http://marc.info/?l=selinux&m=140379660506494&w=2 and https://github.com/SELinuxProject/selinux link "Wiki"->"Release"). I've patched SELinux PKGBUILDs in GitHub: https://github.com/archlinuxhardened/selinux/commit/63e6c3ddbc159775d5d1bfeaa81166e9d429d424 Waiting for maintainer to update AUR packages. Thanks!

source url doesn't exist. correct path: http://archive.ubuntu.com/ubuntu/pool/main/libs/libselinux/libselinux_2.3.orig.tar.gz please correct pkgbuild.

As following Fedora patch changes is quite painful, I'd like to drop this patch from the package. Moreover, it contains some changes which have explicitly been rejected by upstream (http://marc.info/?l=selinux&m=138842015508829&w=2). If people are interested in the Go port, please report it upstream. For users who are interested in testing libselinux 2.3 (without the Fedora patch) before the package is updated, the new PKGBUILD is waiting for testers on https://github.com/Siosm/siosm-selinux/pull/17.

Thank's Alda but sha256sum changed (line 27) : 2c7f13a1fea5c6e7068e43acf628d54cda12afd5e66112958d0ca4a44e7ecbc8

PKGBUILD is currently broken, here is the patch to make it work again: 27c27 < 'd60265f59b7fca51724e401f0ff4d1bbb9ad790ba9595ed4534942b286a7a1e4' --- > '4078b4a8fd94f529cd64bf465bacf0acd2c108edc28a5d73a619857c00104a32' 35c35 < sed -i 's|pkg-config --cflags ruby|pkg-config --cflags ruby-2.0|' src/Makefile --- > sed -i 's|pkg-config --cflags ruby|pkg-config --cflags ruby-2.1|' src/Makefile

I second RobertGasteins comment! Please add armv6h arch to PKGBUILD.

Renamed to libselinux

I have installed it on my Raspberry by adding armv6h to PKGBUILD, because i need this package for the seafile-server! Is it possible to add armv6h to the install script for this package!?

Thank you, added the patch you mentioned.

Package is broken due to known issue involving a Fedora specific patch being sent upstream, Gentoo has a patch to fix it, here is a diff to apply their patch if licencing permits. --- a/PKGBUILD 2013-06-10 16:00:39.701454119 -0400 +++ b/PKGBUILD 2013-06-10 16:00:44.051506513 -0400 @@ -16,14 +16,19 @@ makedepends=('swig') conflicts=('selinux-usr-libselinux-python') options=(!emptydirs) -source=(http://userspace.selinuxproject.org/releases/${_release}/${_origname}-${pkgver}.tar.gz) -sha256sums=('57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a') +source=(http://userspace.selinuxproject.org/releases/${_release}/${_origname}-${pkgver}.tar.gz + http://dev.gentoo.org/~swift/patches/${_origname}/patchbundle-${_origname}-${pkgver}-r2.tar.gz) +sha256sums=('57aad47c06b7ec18a76e8d9870539277a84cb40109cfdcf70ed3260bdb04447a' + 'd71f0923c7bd7cce8d3d305865736aa56d4038de319a1d016582f1470108cb07') build() { cd "${srcdir}/${_origname}-${pkgver}" CFLAGS="${CFLAGS} -lpcre -pthread" + # Add gentoo patches for fedora specific functions + patch -p1 < "${srcdir}/gentoo-patches/0006-introduce-selinux_current_policy_path-from-fedora-needed-by-policycoreutils.patch" + # Set python version sed -i -e "s/ python/ python2/" src/Makefile sed -i -e "s/PYLIBDIR ?= \$(LIBDIR)\/\$(PYLIBVER)/PYLIBDIR ?=\$(LIBDIR)\/python2.7/g" "src/Makefile"

Thanx, added.

audit2allow and practically every python utility doesn't work, I found a workaround for it, add this sed in the build process: sed -i -e "s/PYLIBDIR ?= \$(LIBDIR)\/\$(PYLIBVER)/PYLIBDIR ?= \$(LIBDIR)\/python2.7/g" "src/Makefile"

So I added a feature request: https://bugs.archlinux.org/task/33954

Oh, I see. It's that python issue. Quick workaround is: # cd /usr/lib/pkgconfig/ # ln -s python-2.7.pc python2.pc I think I did requested python2 maintainers to add the link, but apparently I did not... Will do now.

Strange, I built it on 64bit system like 10 days ago. I'll look into it later, if I can reproduce it.

Doesn't build on 64 bit: cc -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -lpcre -I../include -D_GNU_SOURCE -Wl,-O1,--sort-common,--as-needed,-z,relro avcstat.c -L../src -lselinux -L/usr/lib -o avcstat make[1]: Leaving directory `/tmp/yaourt-tmp-root/aur-selinux-usr-libselinux/src/libselinux-2.1.12/utils' make[1]: Entering directory `/tmp/yaourt-tmp-root/aur-selinux-usr-libselinux/src/libselinux-2.1.12/man' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/tmp/yaourt-tmp-root/aur-selinux-usr-libselinux/src/libselinux-2.1.12/man' make -C src pywrap pywrap make[1]: Entering directory `/tmp/yaourt-tmp-root/aur-selinux-usr-libselinux/src/libselinux-2.1.12/src' bash exception.sh > selinuxswig_python_exception.i Package python2 was not found in the pkg-config search path. Perhaps you should add the directory containing `python2.pc' to the PKG_CONFIG_PATH environment variable No package 'python2' found cc -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -lpcre -I../include -I/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -DSHARED -c -o python2audit2why.lo audit2why.c audit2why.c:6:20: fatal error: Python.h: No such file or directory compilation terminated. make[1]: *** [python2audit2why.lo] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory `/tmp/yaourt-tmp-root/aur-selinux-usr-libselinux/src/libselinux-2.1.12/src' make: *** [pywrap] Error 2 ==> ERROR: A failure occurred in build(). Aborting... ==> ERROR: Makepkg was unable to build selinux-usr-libselinux. ==> Restart building selinux-usr-libselinux ? [y/N]

Yeah, that was fine, I forgot to delete that part when I was testing what the issue was

So it's the -lpcre in CFLAGS... OK, addopted. I'm not sure though whats the use of buildflags in options, since I think that is default and of the -L/usr/local/lib in CFLAGS, since I have that directory empty and manage to build the package fine. So from now SELinux userspace is updated to the release of 2012-09-24.

I updated whole SELinux userspace to the release of 2012-02-16 which should build fine, so the dependency for selinux-systemd is satisfied. There is a newer release of 2012-09-24, but I'm still failing to build that for some of the SELinux userspace packages. Now I am stuck with selinux-usr-libselinux, which fail to build due to pcre, though it is installed. Don't quite get it... The trouble with SELinux userspace of 2012-02-16 is that it fails to load the policy for me...

Updated it, hope it's fine: http://pastie.org/6140536