* bug#26561: [PATCH 0/9] SELinux @ 2017-04-19 12:56 Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus 2017-04-19 20:01 ` bug#26561: [PATCH 0/9] SELinux Marius Bakke 0 siblings, 2 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 12:56 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus This patch series adds SELinux libraries and tools. Ricardo Wurmus (9): gnu: Add libsepol. gnu: Add checkpolicy. gnu: Add libselinux. gnu: Add libsemanage. gnu: Add secilc. gnu: Add python-sepolgen. gnu: Add python-ipy. gnu: Add python-setools. gnu: Add policycoreutils. gnu/local.mk | 2 + gnu/packages/networking.scm | 20 +- ...policycoreutils-make-sepolicy-use-python3.patch | 335 +++++++++++++++ gnu/packages/selinux.scm | 475 +++++++++++++++++++++ 4 files changed, 831 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch create mode 100644 gnu/packages/selinux.scm -- 2.12.2 ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 1/9] gnu: Add libsepol. 2017-04-19 12:56 bug#26561: [PATCH 0/9] SELinux Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 2/9] gnu: Add checkpolicy Ricardo Wurmus ` (8 more replies) 2017-04-19 20:01 ` bug#26561: [PATCH 0/9] SELinux Marius Bakke 1 sibling, 9 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/selinux.scm | 71 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 gnu/packages/selinux.scm diff --git a/gnu/local.mk b/gnu/local.mk index 5822add4c..77302573a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -342,6 +342,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/sdl.scm \ %D%/packages/search.scm \ %D%/packages/security-token.scm \ + %D%/packages/selinux.scm \ %D%/packages/serialization.scm \ %D%/packages/serveez.scm \ %D%/packages/shells.scm \ diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm new file mode 100644 index 000000000..75758dd6b --- /dev/null +++ b/gnu/packages/selinux.scm @@ -0,0 +1,71 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu packages selinux) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix utils) + #:use-module (guix build-system gnu) + #:use-module (gnu packages) + #:use-module (gnu packages flex)) + +;; Update the SELinux packages together! + +(define-public libsepol + (package + (name "libsepol") + (version "2.6") + (source (let ((release "20161014")) + (origin + (method url-fetch) + (uri (string-append "https://github.com/SELinuxProject/selinux/" + "archive/" release ".tar.gz")) + (file-name (string-append "selinux-" release ".tar.gz")) + (sha256 + (base32 + "1dpwynfb6n31928343blac4159g4jbrwxdp61q5yffmxpy3c3czi"))))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; tests require checkpolicy, which requires libsepol + #:test-target "test" + #:make-flags + (let ((out (assoc-ref %outputs "out"))) + (list (string-append "PREFIX=" out) + (string-append "DESTDIR=" out) + (string-append "MAN3DIR=" out "/share/man/man3") + (string-append "MAN5DIR=" out "/share/man/man5") + (string-append "MAN8DIR=" out "/share/man/man8") + (string-append "LDFLAGS=-Wl,-rpath=" out "/lib") + "CC=gcc")) + #:phases + (modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'enter-dir + (lambda _ (chdir ,name) #t))))) + (native-inputs + `(("flex" ,flex))) + (home-page "http://selinuxproject.org/") + (synopsis "Library for manipulating SELinux policies") + (description + "The libsepol library provides an API for the manipulation of SELinux +binary policies. It is used by @code{checkpolicy} (the policy compiler) and +similar tools, and programs such as @code{load_policy}, which must perform +specific transformations on binary policies (for example, customizing policy +boolean settings).") + (license license:lgpl2.1+))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 2/9] gnu: Add checkpolicy. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 3/9] gnu: Add libselinux Ricardo Wurmus ` (7 subsequent siblings) 8 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm (checkpolicy): New variable. --- gnu/packages/selinux.scm | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index 75758dd6b..5f7e11928 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -23,6 +23,7 @@ #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (gnu packages) + #:use-module (gnu packages bison) #:use-module (gnu packages flex)) ;; Update the SELinux packages together! @@ -69,3 +70,37 @@ similar tools, and programs such as @code{load_policy}, which must perform specific transformations on binary policies (for example, customizing policy boolean settings).") (license license:lgpl2.1+))) + +(define-public checkpolicy + (package (inherit libsepol) + (name "checkpolicy") + (arguments + `(#:tests? #f ; there is no check target + #:make-flags + (let ((out (assoc-ref %outputs "out"))) + (list (string-append "PREFIX=" out) + (string-append "LDLIBS=" + (assoc-ref %build-inputs "libsepol") + "/lib/libsepol.a " + (assoc-ref %build-inputs "flex") + "/lib/libfl.a") + "CC=gcc")) + #:phases + (modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'enter-dir + (lambda _ (chdir ,name) #t))))) + (inputs + `(("libsepol" ,libsepol))) + (native-inputs + `(("bison" ,bison) + ("flex" ,flex))) + (synopsis "Check SELinux security policy configurations and modules") + (description + "This package provides the tools \"checkpolicy\" and \"checkmodule\". +Checkpolicy is a program that checks and compiles a SELinux security policy +configuration into a binary representation that can be loaded into the kernel. +Checkmodule is a program that checks and compiles a SELinux security policy +module into a binary representation.") + ;; GPLv2 only + (license license:gpl2))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 3/9] gnu: Add libselinux. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 2/9] gnu: Add checkpolicy Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 4/9] gnu: Add libsemanage Ricardo Wurmus ` (6 subsequent siblings) 8 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm (libselinux): New variable. --- gnu/packages/selinux.scm | 62 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index 5f7e11928..bf5a62a87 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -22,9 +22,14 @@ #:use-module (guix download) #:use-module (guix utils) #:use-module (guix build-system gnu) + #:use-module (guix build-system python) #:use-module (gnu packages) #:use-module (gnu packages bison) - #:use-module (gnu packages flex)) + #:use-module (gnu packages flex) + #:use-module (gnu packages pcre) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages python) + #:use-module (gnu packages swig)) ;; Update the SELinux packages together! @@ -104,3 +109,58 @@ Checkmodule is a program that checks and compiles a SELinux security policy module into a binary representation.") ;; GPLv2 only (license license:gpl2))) + +(define-public libselinux + (package (inherit libsepol) + (name "libselinux") + (arguments + (substitute-keyword-arguments (package-arguments libsepol) + ((#:make-flags flags) + `(cons* "PYTHON=python3" + (string-append "PYSITEDIR=" + (assoc-ref %outputs "out") + "/lib/python3.5/site-packages/") + ,flags)) + ((#:phases phases) + `(modify-phases ,phases + (replace 'enter-dir + (lambda _ (chdir ,name) #t)) + ;; libsepol.a is not located in this package's LIBDIR. + (add-after 'enter-dir 'patch-libsepol-path + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "src/Makefile" + (("\\$\\(LIBDIR\\)/libsepol.a") + (string-append (assoc-ref inputs "libsepol") + "/lib/libsepol.a"))) + #t)) + (add-after 'enter-dir 'remove-Werror + (lambda _ + ;; GCC complains about the fact that the output does not (yet) + ;; have an "include" directory, even though it is referenced. + (substitute* '("src/Makefile" + "utils/Makefile") + (("-Werror ") "")) + #t)) + (add-after 'build 'pywrap + (lambda* (#:key make-flags #:allow-other-keys) + (zero? (apply system* "make" "pywrap" make-flags)))) + (add-after 'install 'install-pywrap + (lambda* (#:key make-flags #:allow-other-keys) + (zero? (apply system* "make" "install-pywrap" make-flags)))))))) + (inputs + `(("libsepol" ,libsepol) + ("pcre" ,pcre) + ;; For pywrap phase + ("python" ,python-wrapper))) + ;; These inputs are only needed for the pywrap phase. + (native-inputs + `(("swig" ,swig) + ("pkg-config" ,pkg-config))) + (synopsis "SELinux core libraries and utilities") + (description + "The libselinux library provides an API for SELinux applications to get +and set process and file security contexts, and to obtain security policy +decisions. It is required for any applications that use the SELinux API, and +used by all applications that are SELinux-aware. This package also includes +the core SELinux management utilities.") + (license license:public-domain))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 4/9] gnu: Add libsemanage. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 2/9] gnu: Add checkpolicy Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 3/9] gnu: Add libselinux Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 5/9] gnu: Add secilc Ricardo Wurmus ` (5 subsequent siblings) 8 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm (libsemanage): New variable. --- gnu/packages/selinux.scm | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index bf5a62a87..0ef8b9620 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -24,12 +24,14 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system python) #:use-module (gnu packages) + #:use-module (gnu packages admin) #:use-module (gnu packages bison) #:use-module (gnu packages flex) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) - #:use-module (gnu packages swig)) + #:use-module (gnu packages swig) + #:use-module (gnu packages textutils)) ;; Update the SELinux packages together! @@ -164,3 +166,43 @@ decisions. It is required for any applications that use the SELinux API, and used by all applications that are SELinux-aware. This package also includes the core SELinux management utilities.") (license license:public-domain))) + +(define-public libsemanage + (package (inherit libsepol) + (name "libsemanage") + (arguments + (substitute-keyword-arguments (package-arguments libsepol) + ((#:make-flags flags) + `(cons* "PYTHON=python3" + (string-append "PYSITEDIR=" + (assoc-ref %outputs "out") + "/lib/python3.5/site-packages/") + ,flags)) + ((#:phases phases) + `(modify-phases ,phases + (replace 'enter-dir + (lambda _ (chdir ,name) #t)) + (add-after 'build 'pywrap + (lambda* (#:key make-flags #:allow-other-keys) + (zero? (apply system* "make" "pywrap" make-flags)))) + (add-after 'install 'install-pywrap + (lambda* (#:key make-flags #:allow-other-keys) + (zero? (apply system* "make" "install-pywrap" make-flags)))))))) + (inputs + `(("libsepol" ,libsepol) + ("libselinux" ,libselinux) + ("audit" ,audit) + ("ustr" ,ustr) + ;; For pywrap phase + ("python" ,python-wrapper))) + (native-inputs + `(("bison" ,bison) + ("flex" ,flex) + ;; For pywrap phase + ("swig" ,swig) + ("pkg-config" ,pkg-config))) + (synopsis "SELinux policy management libraries") + (description + "The libsemanage library provides an API for the manipulation of SELinux +binary policies.") + (license license:lgpl2.1+))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 5/9] gnu: Add secilc. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus ` (2 preceding siblings ...) 2017-04-19 14:29 ` bug#26561: [PATCH 4/9] gnu: Add libsemanage Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 6/9] gnu: Add python-sepolgen Ricardo Wurmus ` (4 subsequent siblings) 8 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm (secilc): New variable. --- gnu/packages/selinux.scm | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index 0ef8b9620..e73bc0ec6 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -26,12 +26,14 @@ #:use-module (gnu packages) #:use-module (gnu packages admin) #:use-module (gnu packages bison) + #:use-module (gnu packages docbook) #:use-module (gnu packages flex) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages swig) - #:use-module (gnu packages textutils)) + #:use-module (gnu packages textutils) + #:use-module (gnu packages xml)) ;; Update the SELinux packages together! @@ -206,3 +208,29 @@ the core SELinux management utilities.") "The libsemanage library provides an API for the manipulation of SELinux binary policies.") (license license:lgpl2.1+))) + +(define-public secilc + (package (inherit libsepol) + (name "secilc") + (arguments + (substitute-keyword-arguments (package-arguments libsepol) + ((#:make-flags flags) + `(let ((docbook (assoc-ref %build-inputs "docbook-xsl"))) + (cons (string-append "XMLTO=xmlto --skip-validation -x " + docbook "/xml/xsl/docbook-xsl-" + ,(package-version docbook-xsl) + "/manpages/docbook.xsl") + ,flags))) + ((#:phases phases) + `(modify-phases ,phases + (replace 'enter-dir + (lambda _ (chdir ,name) #t)))))) + (inputs + `(("libsepol" ,libsepol))) + (native-inputs + `(("xmlto" ,xmlto) + ("docbook-xsl" ,docbook-xsl))) + (synopsis "SELinux common intermediate language (CIL) compiler") + (description "The SELinux CIL compiler is a compiler that converts the +@dfn{common intermediate language} (CIL) into a kernel binary policy file.") + (license license:bsd-2))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 6/9] gnu: Add python-sepolgen. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus ` (3 preceding siblings ...) 2017-04-19 14:29 ` bug#26561: [PATCH 5/9] gnu: Add secilc Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 7/9] gnu: Add python-ipy Ricardo Wurmus ` (3 subsequent siblings) 8 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm (python-sepolgen): New variable. --- gnu/packages/selinux.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index e73bc0ec6..8f3750daf 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -234,3 +234,55 @@ binary policies.") (description "The SELinux CIL compiler is a compiler that converts the @dfn{common intermediate language} (CIL) into a kernel binary policy file.") (license license:bsd-2))) + +(define-public python-sepolgen + (package (inherit libsepol) + (name "python-sepolgen") + (arguments + `(#:modules ((srfi srfi-1) + (guix build gnu-build-system) + (guix build utils)) + ,@(substitute-keyword-arguments (package-arguments libsepol) + ((#:phases phases) + `(modify-phases ,phases + (replace 'enter-dir + (lambda _ (chdir "sepolgen") #t)) + ;; By default all Python files would be installed to + ;; $out/gnu/store/...-python-.../, so we override the + ;; PACKAGEDIR to fix this. + (add-after 'enter-dir 'fix-target-path + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((get-python-version + ;; FIXME: copied from python-build-system + (lambda (python) + (let* ((version (last (string-split python #\-))) + (components (string-split version #\.)) + (major+minor (take components 2))) + (string-join major+minor "."))))) + (substitute* "src/sepolgen/Makefile" + (("^PACKAGEDIR.*") + (string-append "PACKAGEDIR=" + (assoc-ref outputs "out") + "/lib/python" + (get-python-version + (assoc-ref inputs "python")) + "/site-packages/sepolgen"))) + (substitute* "src/share/Makefile" + (("\\$\\(DESTDIR\\)") (assoc-ref outputs "out")))) + #t))))))) + (inputs + `(("python" ,python-wrapper))) + (native-inputs '()) + (synopsis "Python module for generating SELinux policies") + (description + "This package contains a Python module that forms the core of +@code{audit2allow}, a part of the package @code{policycoreutils}. The +sepolgen library contains: Reference Policy Representation, which are Objects +for representing policies and the reference policy interfaces. It has objects +and algorithms for representing access and sets of access in an abstract way +and searching that access. It also has a parser for reference policy +\"headers\". It contains infrastructure for parsing SELinux related messages +as produced by the audit system. It has facilities for generating policy +based on required access.") + ;; GPLv2 only + (license license:gpl2))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 7/9] gnu: Add python-ipy. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus ` (4 preceding siblings ...) 2017-04-19 14:29 ` bug#26561: [PATCH 6/9] gnu: Add python-sepolgen Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 8/9] gnu: Add python-setools Ricardo Wurmus ` (2 subsequent siblings) 8 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/networking.scm (python-ipy): New variable. --- gnu/packages/networking.scm | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index cb9903791..efef2d5a7 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org> -;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015, 2016 Stefan Reichör <stefan@xsteve.at> ;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com> @@ -1122,6 +1122,24 @@ IPFIX, RSPAN, CLI, LACP, 802.1ag).") license:bsd-2 license:bsd-3 license:asl2.0)))) ; all other +(define-public python-ipy + (package + (name "python-ipy") + (version "0.83") + (source (origin + (method url-fetch) + (uri (pypi-uri "IPy" version)) + (sha256 + (base32 + "1f6sdrxclifky4gvkf4gvyv5hx3fjh8vzspnfrqki6qm5d9mmnk1")))) + (build-system python-build-system) + (home-page "https://github.com/autocracy/python-ipy/") + (synopsis "Python class and tools for handling IP addresses and networks") + (description "The @code{IP} class allows a comfortable parsing and +handling for most notations in use for IPv4 and IPv6 addresses and +networks.") + (license license:bsd-3))) + (define-public speedtest-cli (package (name "speedtest-cli") -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 8/9] gnu: Add python-setools. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus ` (5 preceding siblings ...) 2017-04-19 14:29 ` bug#26561: [PATCH 7/9] gnu: Add python-ipy Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 9/9] gnu: Add policycoreutils Ricardo Wurmus 2017-04-19 19:57 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Marius Bakke 8 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm (python-setools): New variable. --- gnu/packages/selinux.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index 8f3750daf..05197b85c 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -286,3 +286,55 @@ as produced by the audit system. It has facilities for generating policy based on required access.") ;; GPLv2 only (license license:gpl2))) + +;; The latest 4.1.x version does not work with the latest 2.6 release of +;; policycoreutils, so we use the last 4.0.x release. +(define-public python-setools + (package + (name "python-setools") + (version "4.0.1") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/TresysTechnology/" + "setools/archive/" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1zndpl4ck5c23p7s4sci06db89q1w87jig3jbd4f8s1ggy3lj82c")))) + (build-system python-build-system) + (arguments + `(#:tests? #f ; the test target causes a rebuild + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'set-SEPOL-variable + (lambda* (#:key inputs #:allow-other-keys) + (setenv "SEPOL" + (string-append (assoc-ref inputs "libsepol") + "/lib/libsepol.a")))) + (add-after 'unpack 'remove-Werror + (lambda _ + (substitute* "setup.py" + (("'-Werror',") "")) + #t)) + (add-after 'unpack 'fix-target-paths + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "setup.py" + (("join\\(sys.prefix") + (string-append "join(\"" (assoc-ref outputs "out") "/\""))) + #t))))) + (propagated-inputs + `(("python-networkx" ,python-networkx))) + (inputs + `(("libsepol" ,libsepol) + ("libselinux" ,libselinux))) + (native-inputs + `(("bison" ,bison) + ("flex" ,flex) + ("swig" ,swig))) + (home-page "https://github.com/TresysTechnology/setools") + (synopsis "Tools for SELinux policy analysis") + (description "SETools is a collection of graphical tools, command-line +tools, and libraries designed to facilitate SELinux policy analysis.") + ;; Some programs are under GPL, all libraries under LGPL. + (license (list license:lgpl2.1+ + license:gpl2+)))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 9/9] gnu: Add policycoreutils. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus ` (6 preceding siblings ...) 2017-04-19 14:29 ` bug#26561: [PATCH 8/9] gnu: Add python-setools Ricardo Wurmus @ 2017-04-19 14:29 ` Ricardo Wurmus 2017-04-19 19:59 ` Marius Bakke 2017-04-19 19:57 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Marius Bakke 8 siblings, 1 reply; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-19 14:29 UTC (permalink / raw) To: 26561; +Cc: Ricardo Wurmus * gnu/packages/selinux.scm (policycoreutils): New variable. --- gnu/local.mk | 1 + ...policycoreutils-make-sepolicy-use-python3.patch | 335 +++++++++++++++++++++ gnu/packages/selinux.scm | 135 +++++++++ 3 files changed, 471 insertions(+) create mode 100644 gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch diff --git a/gnu/local.mk b/gnu/local.mk index 77302573a..79ffbe2fe 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -856,6 +856,7 @@ dist_patch_DATA = \ %D%/packages/patches/plink-endian-detection.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/polkit-drop-test.patch \ + %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ diff --git a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch new file mode 100644 index 000000000..befe9fbb2 --- /dev/null +++ b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch @@ -0,0 +1,335 @@ +Downloaded from https://anonscm.debian.org/cgit/selinux/policycoreutils.git/plain/debian/patches/policycoreutils-Make-sepolicy-work-with-python3.patch + +From 2d7ca0b862a35196d562f59bd098df011fd7f0e6 Mon Sep 17 00:00:00 2001 +From: Laurent Bigonville <bigon@bigon.be> +Date: Mon, 7 Nov 2016 10:51:08 +0100 +Subject: [PATCH] policycoreutils: Make sepolicy work with python3 + +Add python3 support for sepolicy + +Signed-off-by: Laurent Bigonville <bigon@bigon.be> +--- + policycoreutils/sepolicy/selinux_client.py | 6 ++-- + policycoreutils/sepolicy/sepolicy.py | 38 ++++++++++++------------ + policycoreutils/sepolicy/sepolicy/__init__.py | 16 ++++++---- + policycoreutils/sepolicy/sepolicy/communicate.py | 4 +-- + policycoreutils/sepolicy/sepolicy/generate.py | 30 +++++++++---------- + policycoreutils/sepolicy/sepolicy/interface.py | 14 ++++++--- + policycoreutils/sepolicy/sepolicy/manpage.py | 7 +++-- + 7 files changed, 65 insertions(+), 50 deletions(-) + +diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py +index 7f4a91c..dc29f28 100644 +--- a/sepolicy/selinux_client.py ++++ b/sepolicy/selinux_client.py +@@ -39,6 +39,6 @@ if __name__ == "__main__": + try: + dbus_proxy = SELinuxDBus() + resp = dbus_proxy.customized() +- print convert_customization(resp) +- except dbus.DBusException, e: +- print e ++ print(convert_customization(resp)) ++ except dbus.DBusException as e: ++ print(e) +diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py +index 3e502a7..5bf9b52 100755 +--- a/sepolicy/sepolicy.py ++++ b/sepolicy/sepolicy.py +@@ -262,7 +262,7 @@ def _print_net(src, protocol, perm): + if len(portdict) > 0: + bold_start = "\033[1m" + bold_end = "\033[0;0m" +- print "\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end ++ print("\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end) + port_strings = [] + boolean_text = "" + for p in portdict: +@@ -275,7 +275,7 @@ def _print_net(src, protocol, perm): + port_strings.append("%s (%s)" % (", ".join(recs), t)) + port_strings.sort(numcmp) + for p in port_strings: +- print "\t" + p ++ print("\t" + p) + + + def network(args): +@@ -286,7 +286,7 @@ def network(args): + if i[0] not in all_ports: + all_ports.append(i[0]) + all_ports.sort() +- print "\n".join(all_ports) ++ print("\n".join(all_ports)) + + for port in args.port: + found = False +@@ -297,18 +297,18 @@ def network(args): + else: + range = "%s-%s" % (i[0], i[1]) + found = True +- print "%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range) ++ print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)) + if not found: + if port < 500: +- print "Undefined reserved port type" ++ print("Undefined reserved port type") + else: +- print "Undefined port type" ++ print("Undefined port type") + + for t in args.type: + if (t, 'tcp') in portrecs.keys(): +- print "%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])) ++ print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))) + if (t, 'udp') in portrecs.keys(): +- print "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])) ++ print( "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))) + + for a in args.applications: + d = sepolicy.get_init_transtype(a) +@@ -357,7 +357,7 @@ def manpage(args): + + for domain in test_domains: + m = ManPage(domain, path, args.root, args.source_files, args.web) +- print m.get_man_page_path() ++ print(m.get_man_page_path()) + + if args.web: + HTMLManPages(manpage_roles, manpage_domains, path, args.os) +@@ -418,7 +418,7 @@ def communicate(args): + out = list(set(writable) & set(readable)) + + for t in out: +- print t ++ print(t) + + + def gen_communicate_args(parser): +@@ -445,7 +445,7 @@ def booleans(args): + args.booleans.sort() + + for b in args.booleans: +- print "%s=_(\"%s\")" % (b, boolean_desc(b)) ++ print("%s=_(\"%s\")" % (b, boolean_desc(b))) + + + def gen_booleans_args(parser): +@@ -484,16 +484,16 @@ def print_interfaces(interfaces, args, append=""): + for i in interfaces: + if args.verbose: + try: +- print get_interface_format_text(i + append) ++ print(get_interface_format_text(i + append)) + except KeyError: +- print i ++ print(i) + if args.compile: + try: + interface_compile_test(i) + except KeyError: +- print i ++ print(i) + else: +- print i ++ print(i) + + + def interface(args): +@@ -565,7 +565,7 @@ def generate(args): + if args.policytype in APPLICATIONS: + mypolicy.gen_writeable() + mypolicy.gen_symbols() +- print mypolicy.generate(args.path) ++ print(mypolicy.generate(args.path)) + + + def gen_interface_args(parser): +@@ -698,12 +698,12 @@ if __name__ == '__main__': + args = parser.parse_args(args=parser_args) + args.func(args) + sys.exit(0) +- except ValueError, e: ++ except ValueError as e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) +- except IOError, e: ++ except IOError as e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) + except KeyboardInterrupt: +- print "Out" ++ print("Out") + sys.exit(0) +diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py +index 8fbd5b4..fee6438 100644 +--- a/sepolicy/sepolicy/__init__.py ++++ b/sepolicy/sepolicy/__init__.py +@@ -695,7 +695,7 @@ def get_methods(): + # List of per_role_template interfaces + ifs = interfaces.InterfaceSet() + ifs.from_file(fd) +- methods = ifs.interfaces.keys() ++ methods = list(ifs.interfaces.keys()) + fd.close() + except: + sys.stderr.write("could not open interface info [%s]\n" % fn) +@@ -752,7 +752,10 @@ def get_all_entrypoint_domains(): + + + def gen_interfaces(): +- import commands ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput + ifile = defaults.interface_info() + headers = defaults.headers() + try: +@@ -763,7 +766,7 @@ def gen_interfaces(): + + if os.getuid() != 0: + raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen")) +- print(commands.getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) ++ print(getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) + + + def gen_port_dict(): +@@ -1085,8 +1088,11 @@ def get_os_version(): + os_version = "" + pkg_name = "selinux-policy" + try: +- import commands +- rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name) ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput ++ rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) + if rc == 0: + os_version = output.split(".")[-2] + except: +diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py +index b96c4b9..299316e 100755 +--- a/sepolicy/sepolicy/communicate.py ++++ b/sepolicy/sepolicy/communicate.py +@@ -34,8 +34,8 @@ def usage(parser, msg): + + def expand_attribute(attribute): + try: +- return sepolicy.info(sepolicy.ATTRIBUTE, attribute)[0]["types"] +- except RuntimeError: ++ return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"]) ++ except StopIteration: + return [attribute] + + +diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py +index 65b33b6..5696110 100644 +--- a/sepolicy/sepolicy/generate.py ++++ b/sepolicy/sepolicy/generate.py +@@ -31,21 +31,21 @@ import time + import types + import platform + +-from templates import executable +-from templates import boolean +-from templates import etc_rw +-from templates import unit_file +-from templates import var_cache +-from templates import var_spool +-from templates import var_lib +-from templates import var_log +-from templates import var_run +-from templates import tmp +-from templates import rw +-from templates import network +-from templates import script +-from templates import spec +-from templates import user ++from .templates import executable ++from .templates import boolean ++from .templates import etc_rw ++from .templates import unit_file ++from .templates import var_cache ++from .templates import var_spool ++from .templates import var_lib ++from .templates import var_log ++from .templates import var_run ++from .templates import tmp ++from .templates import rw ++from .templates import network ++from .templates import script ++from .templates import spec ++from .templates import user + import sepolgen.interfaces as interfaces + import sepolgen.defaults as defaults + +diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py +index c2cb971..8956f39 100644 +--- a/sepolicy/sepolicy/interface.py ++++ b/sepolicy/sepolicy/interface.py +@@ -192,10 +192,13 @@ def generate_compile_te(interface, idict, name="compiletest"): + def get_xml_file(if_file): + """ Returns xml format of interfaces for given .if policy file""" + import os +- import commands ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput + basedir = os.path.dirname(if_file) + "/" + filename = os.path.basename(if_file).split(".")[0] +- rc, output = commands.getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) ++ rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) + if rc != 0: + sys.stderr.write("\n Could not proceed selected interface file.\n") + sys.stderr.write("\n%s" % output) +@@ -208,7 +211,10 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" + exclude_interfaces = ["userdom", "kernel", "corenet", "files", "dev"] + exclude_interface_type = ["template"] + +- import commands ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput + import os + policy_files = {'pp': "compiletest.pp", 'te': "compiletest.te", 'fc': "compiletest.fc", 'if': "compiletest.if"} + idict = get_interface_dict(path) +@@ -219,7 +225,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" + fd = open(policy_files['te'], "w") + fd.write(generate_compile_te(interface, idict)) + fd.close() +- rc, output = commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) ++ rc, output = getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) + if rc != 0: + sys.stderr.write(output) + sys.stderr.write(_("\nCompile test for %s failed.\n") % interface) +diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py +index 7365f93..773a9ab 100755 +--- a/sepolicy/sepolicy/manpage.py ++++ b/sepolicy/sepolicy/manpage.py +@@ -27,7 +27,6 @@ __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_d + import string + import selinux + import sepolicy +-import commands + import os + import time + +@@ -162,7 +161,11 @@ def get_alphabet_manpages(manpage_list): + + + def convert_manpage_to_html(html_manpage, manpage): +- rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) ++ try: ++ from commands import getstatusoutput ++ except ImportError: ++ from subprocess import getstatusoutput ++ rc, output = getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) + if rc == 0: + print(html_manpage, "has been created") + fd = open(html_manpage, 'w') +-- +2.10.2 + diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm index 05197b85c..7acda89a6 100644 --- a/gnu/packages/selinux.scm +++ b/gnu/packages/selinux.scm @@ -28,6 +28,10 @@ #:use-module (gnu packages bison) #:use-module (gnu packages docbook) #:use-module (gnu packages flex) + #:use-module (gnu packages gettext) + #:use-module (gnu packages glib) + #:use-module (gnu packages linux) + #:use-module (gnu packages networking) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) @@ -338,3 +342,134 @@ tools, and libraries designed to facilitate SELinux policy analysis.") ;; Some programs are under GPL, all libraries under LGPL. (license (list license:lgpl2.1+ license:gpl2+)))) + +(define-public policycoreutils + (package (inherit libsepol) + (name "policycoreutils") + (source + (origin (inherit (package-source libsepol)) + (patches (search-patches "policycoreutils-make-sepolicy-use-python3.patch")) + (patch-flags '("-p1" "-d" "policycoreutils")))) + (arguments + `(#:test-target "test" + #:make-flags + (let ((out (assoc-ref %outputs "out"))) + (list "CC=gcc" + (string-append "PREFIX=" out) + (string-append "LOCALEDIR=" out "/share/locale") + (string-append "BASHCOMPLETIONDIR=" out + "/share/bash-completion/completions") + "INSTALL=install -c -p" + "INSTALL_DIR=install -d" + ;; These ones are needed because some Makefiles define the + ;; directories relative to DESTDIR, not relative to PREFIX. + (string-append "SBINDIR=" out "/sbin") + (string-append "ETCDIR=" out "/etc") + (string-append "SYSCONFDIR=" out "/etc/sysconfig") + (string-append "MAN5DIR=" out "/share/man/man5") + (string-append "INSTALL_NLS_DIR=" out "/share/locale") + (string-append "AUTOSTARTDIR=" out "/etc/xdg/autostart") + (string-append "DBUSSERVICEDIR=" out "/share/dbus-1/services") + (string-append "SYSTEMDDIR=" out "/lib/systemd") + (string-append "INITDIR=" out "/etc/rc.d/init.d") + (string-append "SELINUXDIR=" out "/etc/selinux"))) + #:phases + (modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'enter-dir + (lambda _ (chdir ,name) #t)) + (add-after 'enter-dir 'ignore-/usr-tests + (lambda* (#:key inputs #:allow-other-keys) + ;; The Makefile decides to build restorecond only if it finds the + ;; inotify header somewhere under /usr. + (substitute* "Makefile" + (("ifeq.*") "") + (("endif.*") "")) + ;; Rewrite lookup paths for header files. + (substitute* '("newrole/Makefile" + "setfiles/Makefile" + "run_init/Makefile") + (("/usr(/include/security/pam_appl.h)" _ file) + (string-append (assoc-ref inputs "pam") file)) + (("/usr(/include/libaudit.h)" _ file) + (string-append (assoc-ref inputs "audit") file))) + #t)) + (add-after 'enter-dir 'fix-glib-cflags + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "restorecond/Makefile" + (("/usr(/include/glib-2.0|/lib/glib-2.0/include)" _ path) + (string-append (assoc-ref inputs "glib") path)) + (("/usr(/include/dbus-1.0|/lib/dbus-1.0/include)" _ path) + (string-append (assoc-ref inputs "dbus") path + " -I" + (assoc-ref inputs "dbus-glib") path))) + #t)) + (add-after 'enter-dir 'fix-linkage-with-libsepol + (lambda* (#:key inputs #:allow-other-keys) + (substitute* '("semodule_deps/Makefile" + "sepolgen-ifgen/Makefile") + (("\\$\\(LIBDIR\\)") + (string-append (assoc-ref inputs "libsepol") "/lib/"))))) + (add-after 'enter-dir 'fix-target-paths + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* "audit2allow/sepolgen-ifgen" + (("ATTR_HELPER = \"/usr/bin/sepolgen-ifgen-attr-helper\"") + (string-append "ATTR_HELPER = \"" out + "/bin/sepolgen-ifgen-attr-helper\""))) + (substitute* "sepolicy/sepolicy/__init__.py" + (("/usr/bin/sepolgen-ifgen") + (string-append out "/bin/sepolgen-ifgen"))) + (substitute* "sepolicy/Makefile" + ;; By default all Python files would be installed to + ;; $out/gnu/store/...-python-.../. + (("setup.py install.*$") + (string-append "setup.py install --prefix=" out "\n")) + (("\\$\\(DESTDIR\\)/etc") + (string-append out "/etc")) + (("\\$\\(DESTDIR\\)/usr") out))) + #t)) + (add-after 'install 'wrap-python-tools + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (var (string-append out "/lib/python3.5/site-packages:" + (getenv "PYTHONPATH")))) + ;; The scripts' shebangs tell Python to ignore the PYTHONPATH, + ;; so we need to patch them before wrapping. + (for-each (lambda (file) + (let ((path (string-append out "/" file))) + (substitute* path + (("bin/python -Es") "bin/python -s")) + (wrap-program path + `("PYTHONPATH" ":" prefix (,var))))) + '("bin/audit2allow" + "bin/chcat" + "bin/sandbox" + "bin/sepolgen-ifgen" + "bin/sepolicy" + "sbin/semanage"))) + #t))))) + (inputs + `(("python" ,python-wrapper) + ("audit" ,audit) + ("pam" ,linux-pam) + ("libsepol" ,libsepol) + ("libselinux" ,libselinux) + ("libsemanage" ,libsemanage) + ("python-sepolgen" ,python-sepolgen) + ("python-setools" ,python-setools) + ("python-ipy" ,python-ipy) + ("libcap-ng" ,libcap-ng) + ("pcre" ,pcre) + ("dbus" ,dbus) + ("dbus-glib" ,dbus-glib) + ("glib" ,glib))) + (native-inputs + `(("gettext" ,gettext-minimal))) + (synopsis "SELinux core utilities") + (description "The policycoreutils package contains the core utilities that +are required for the basic operation of an SELinux-enabled GNU system and its +policies. These utilities include @code{load_policy} to load policies, +@code{setfiles} to label file systems, @code{newrole} to switch roles, and +@code{run_init} to run service scripts in their proper context.") + (license license:gpl2+))) -- 2.12.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 9/9] gnu: Add policycoreutils. 2017-04-19 14:29 ` bug#26561: [PATCH 9/9] gnu: Add policycoreutils Ricardo Wurmus @ 2017-04-19 19:59 ` Marius Bakke 0 siblings, 0 replies; 16+ messages in thread From: Marius Bakke @ 2017-04-19 19:59 UTC (permalink / raw) To: Ricardo Wurmus, 26561 [-- Attachment #1: Type: text/plain, Size: 23274 bytes --] Ricardo Wurmus <rekado@elephly.net> writes: > * gnu/packages/selinux.scm (policycoreutils): New variable. > --- > gnu/local.mk | 1 + > ...policycoreutils-make-sepolicy-use-python3.patch | 335 +++++++++++++++++++++ > gnu/packages/selinux.scm | 135 +++++++++ > 3 files changed, 471 insertions(+) > create mode 100644 gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch > > diff --git a/gnu/local.mk b/gnu/local.mk > index 77302573a..79ffbe2fe 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -856,6 +856,7 @@ dist_patch_DATA = \ > %D%/packages/patches/plink-endian-detection.patch \ > %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ > %D%/packages/patches/polkit-drop-test.patch \ > + %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \ > %D%/packages/patches/portaudio-audacity-compat.patch \ > %D%/packages/patches/portmidi-modular-build.patch \ > %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ > diff --git a/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch > new file mode 100644 > index 000000000..befe9fbb2 > --- /dev/null > +++ b/gnu/packages/patches/policycoreutils-make-sepolicy-use-python3.patch > @@ -0,0 +1,335 @@ > +Downloaded from https://anonscm.debian.org/cgit/selinux/policycoreutils.git/plain/debian/patches/policycoreutils-Make-sepolicy-work-with-python3.patch > + > +From 2d7ca0b862a35196d562f59bd098df011fd7f0e6 Mon Sep 17 00:00:00 2001 > +From: Laurent Bigonville <bigon@bigon.be> > +Date: Mon, 7 Nov 2016 10:51:08 +0100 > +Subject: [PATCH] policycoreutils: Make sepolicy work with python3 > + > +Add python3 support for sepolicy > + > +Signed-off-by: Laurent Bigonville <bigon@bigon.be> > +--- > + policycoreutils/sepolicy/selinux_client.py | 6 ++-- > + policycoreutils/sepolicy/sepolicy.py | 38 ++++++++++++------------ > + policycoreutils/sepolicy/sepolicy/__init__.py | 16 ++++++---- > + policycoreutils/sepolicy/sepolicy/communicate.py | 4 +-- > + policycoreutils/sepolicy/sepolicy/generate.py | 30 +++++++++---------- > + policycoreutils/sepolicy/sepolicy/interface.py | 14 ++++++--- > + policycoreutils/sepolicy/sepolicy/manpage.py | 7 +++-- > + 7 files changed, 65 insertions(+), 50 deletions(-) > + > +diff --git a/policycoreutils/sepolicy/selinux_client.py b/policycoreutils/sepolicy/selinux_client.py > +index 7f4a91c..dc29f28 100644 > +--- a/sepolicy/selinux_client.py > ++++ b/sepolicy/selinux_client.py > +@@ -39,6 +39,6 @@ if __name__ == "__main__": > + try: > + dbus_proxy = SELinuxDBus() > + resp = dbus_proxy.customized() > +- print convert_customization(resp) > +- except dbus.DBusException, e: > +- print e > ++ print(convert_customization(resp)) > ++ except dbus.DBusException as e: > ++ print(e) > +diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py > +index 3e502a7..5bf9b52 100755 > +--- a/sepolicy/sepolicy.py > ++++ b/sepolicy/sepolicy.py > +@@ -262,7 +262,7 @@ def _print_net(src, protocol, perm): > + if len(portdict) > 0: > + bold_start = "\033[1m" > + bold_end = "\033[0;0m" > +- print "\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end > ++ print("\n" + bold_start + "%s: %s %s" % (src, protocol, perm) + bold_end) > + port_strings = [] > + boolean_text = "" > + for p in portdict: > +@@ -275,7 +275,7 @@ def _print_net(src, protocol, perm): > + port_strings.append("%s (%s)" % (", ".join(recs), t)) > + port_strings.sort(numcmp) > + for p in port_strings: > +- print "\t" + p > ++ print("\t" + p) > + > + > + def network(args): > +@@ -286,7 +286,7 @@ def network(args): > + if i[0] not in all_ports: > + all_ports.append(i[0]) > + all_ports.sort() > +- print "\n".join(all_ports) > ++ print("\n".join(all_ports)) > + > + for port in args.port: > + found = False > +@@ -297,18 +297,18 @@ def network(args): > + else: > + range = "%s-%s" % (i[0], i[1]) > + found = True > +- print "%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range) > ++ print("%d: %s %s %s" % (port, i[2], portrecsbynum[i][0], range)) > + if not found: > + if port < 500: > +- print "Undefined reserved port type" > ++ print("Undefined reserved port type") > + else: > +- print "Undefined port type" > ++ print("Undefined port type") > + > + for t in args.type: > + if (t, 'tcp') in portrecs.keys(): > +- print "%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp'])) > ++ print("%s: tcp: %s" % (t, ",".join(portrecs[t, 'tcp']))) > + if (t, 'udp') in portrecs.keys(): > +- print "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp'])) > ++ print( "%s: udp: %s" % (t, ",".join(portrecs[t, 'udp']))) > + > + for a in args.applications: > + d = sepolicy.get_init_transtype(a) > +@@ -357,7 +357,7 @@ def manpage(args): > + > + for domain in test_domains: > + m = ManPage(domain, path, args.root, args.source_files, args.web) > +- print m.get_man_page_path() > ++ print(m.get_man_page_path()) > + > + if args.web: > + HTMLManPages(manpage_roles, manpage_domains, path, args.os) > +@@ -418,7 +418,7 @@ def communicate(args): > + out = list(set(writable) & set(readable)) > + > + for t in out: > +- print t > ++ print(t) > + > + > + def gen_communicate_args(parser): > +@@ -445,7 +445,7 @@ def booleans(args): > + args.booleans.sort() > + > + for b in args.booleans: > +- print "%s=_(\"%s\")" % (b, boolean_desc(b)) > ++ print("%s=_(\"%s\")" % (b, boolean_desc(b))) > + > + > + def gen_booleans_args(parser): > +@@ -484,16 +484,16 @@ def print_interfaces(interfaces, args, append=""): > + for i in interfaces: > + if args.verbose: > + try: > +- print get_interface_format_text(i + append) > ++ print(get_interface_format_text(i + append)) > + except KeyError: > +- print i > ++ print(i) > + if args.compile: > + try: > + interface_compile_test(i) > + except KeyError: > +- print i > ++ print(i) > + else: > +- print i > ++ print(i) > + > + > + def interface(args): > +@@ -565,7 +565,7 @@ def generate(args): > + if args.policytype in APPLICATIONS: > + mypolicy.gen_writeable() > + mypolicy.gen_symbols() > +- print mypolicy.generate(args.path) > ++ print(mypolicy.generate(args.path)) > + > + > + def gen_interface_args(parser): > +@@ -698,12 +698,12 @@ if __name__ == '__main__': > + args = parser.parse_args(args=parser_args) > + args.func(args) > + sys.exit(0) > +- except ValueError, e: > ++ except ValueError as e: > + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) > + sys.exit(1) > +- except IOError, e: > ++ except IOError as e: > + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) > + sys.exit(1) > + except KeyboardInterrupt: > +- print "Out" > ++ print("Out") > + sys.exit(0) > +diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py > +index 8fbd5b4..fee6438 100644 > +--- a/sepolicy/sepolicy/__init__.py > ++++ b/sepolicy/sepolicy/__init__.py > +@@ -695,7 +695,7 @@ def get_methods(): > + # List of per_role_template interfaces > + ifs = interfaces.InterfaceSet() > + ifs.from_file(fd) > +- methods = ifs.interfaces.keys() > ++ methods = list(ifs.interfaces.keys()) > + fd.close() > + except: > + sys.stderr.write("could not open interface info [%s]\n" % fn) > +@@ -752,7 +752,10 @@ def get_all_entrypoint_domains(): > + > + > + def gen_interfaces(): > +- import commands > ++ try: > ++ from commands import getstatusoutput > ++ except ImportError: > ++ from subprocess import getstatusoutput > + ifile = defaults.interface_info() > + headers = defaults.headers() > + try: > +@@ -763,7 +766,7 @@ def gen_interfaces(): > + > + if os.getuid() != 0: > + raise ValueError(_("You must regenerate interface info by running /usr/bin/sepolgen-ifgen")) > +- print(commands.getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) > ++ print(getstatusoutput("/usr/bin/sepolgen-ifgen")[1]) > + > + > + def gen_port_dict(): > +@@ -1085,8 +1088,11 @@ def get_os_version(): > + os_version = "" > + pkg_name = "selinux-policy" > + try: > +- import commands > +- rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name) > ++ try: > ++ from commands import getstatusoutput > ++ except ImportError: > ++ from subprocess import getstatusoutput > ++ rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) > + if rc == 0: > + os_version = output.split(".")[-2] > + except: > +diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py > +index b96c4b9..299316e 100755 > +--- a/sepolicy/sepolicy/communicate.py > ++++ b/sepolicy/sepolicy/communicate.py > +@@ -34,8 +34,8 @@ def usage(parser, msg): > + > + def expand_attribute(attribute): > + try: > +- return sepolicy.info(sepolicy.ATTRIBUTE, attribute)[0]["types"] > +- except RuntimeError: > ++ return list(next(sepolicy.info(sepolicy.ATTRIBUTE, attribute))["types"]) > ++ except StopIteration: > + return [attribute] > + > + > +diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py > +index 65b33b6..5696110 100644 > +--- a/sepolicy/sepolicy/generate.py > ++++ b/sepolicy/sepolicy/generate.py > +@@ -31,21 +31,21 @@ import time > + import types > + import platform > + > +-from templates import executable > +-from templates import boolean > +-from templates import etc_rw > +-from templates import unit_file > +-from templates import var_cache > +-from templates import var_spool > +-from templates import var_lib > +-from templates import var_log > +-from templates import var_run > +-from templates import tmp > +-from templates import rw > +-from templates import network > +-from templates import script > +-from templates import spec > +-from templates import user > ++from .templates import executable > ++from .templates import boolean > ++from .templates import etc_rw > ++from .templates import unit_file > ++from .templates import var_cache > ++from .templates import var_spool > ++from .templates import var_lib > ++from .templates import var_log > ++from .templates import var_run > ++from .templates import tmp > ++from .templates import rw > ++from .templates import network > ++from .templates import script > ++from .templates import spec > ++from .templates import user > + import sepolgen.interfaces as interfaces > + import sepolgen.defaults as defaults > + > +diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py > +index c2cb971..8956f39 100644 > +--- a/sepolicy/sepolicy/interface.py > ++++ b/sepolicy/sepolicy/interface.py > +@@ -192,10 +192,13 @@ def generate_compile_te(interface, idict, name="compiletest"): > + def get_xml_file(if_file): > + """ Returns xml format of interfaces for given .if policy file""" > + import os > +- import commands > ++ try: > ++ from commands import getstatusoutput > ++ except ImportError: > ++ from subprocess import getstatusoutput > + basedir = os.path.dirname(if_file) + "/" > + filename = os.path.basename(if_file).split(".")[0] > +- rc, output = commands.getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) > ++ rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) > + if rc != 0: > + sys.stderr.write("\n Could not proceed selected interface file.\n") > + sys.stderr.write("\n%s" % output) > +@@ -208,7 +211,10 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" > + exclude_interfaces = ["userdom", "kernel", "corenet", "files", "dev"] > + exclude_interface_type = ["template"] > + > +- import commands > ++ try: > ++ from commands import getstatusoutput > ++ except ImportError: > ++ from subprocess import getstatusoutput > + import os > + policy_files = {'pp': "compiletest.pp", 'te': "compiletest.te", 'fc': "compiletest.fc", 'if': "compiletest.if"} > + idict = get_interface_dict(path) > +@@ -219,7 +225,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" > + fd = open(policy_files['te'], "w") > + fd.write(generate_compile_te(interface, idict)) > + fd.close() > +- rc, output = commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) > ++ rc, output = getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp']) > + if rc != 0: > + sys.stderr.write(output) > + sys.stderr.write(_("\nCompile test for %s failed.\n") % interface) > +diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py > +index 7365f93..773a9ab 100755 > +--- a/sepolicy/sepolicy/manpage.py > ++++ b/sepolicy/sepolicy/manpage.py > +@@ -27,7 +27,6 @@ __all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_d > + import string > + import selinux > + import sepolicy > +-import commands > + import os > + import time > + > +@@ -162,7 +161,11 @@ def get_alphabet_manpages(manpage_list): > + > + > + def convert_manpage_to_html(html_manpage, manpage): > +- rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) > ++ try: > ++ from commands import getstatusoutput > ++ except ImportError: > ++ from subprocess import getstatusoutput > ++ rc, output = getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage) > + if rc == 0: > + print(html_manpage, "has been created") > + fd = open(html_manpage, 'w') > +-- > +2.10.2 > + > diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm > index 05197b85c..7acda89a6 100644 > --- a/gnu/packages/selinux.scm > +++ b/gnu/packages/selinux.scm > @@ -28,6 +28,10 @@ > #:use-module (gnu packages bison) > #:use-module (gnu packages docbook) > #:use-module (gnu packages flex) > + #:use-module (gnu packages gettext) > + #:use-module (gnu packages glib) > + #:use-module (gnu packages linux) > + #:use-module (gnu packages networking) > #:use-module (gnu packages pcre) > #:use-module (gnu packages pkg-config) > #:use-module (gnu packages python) > @@ -338,3 +342,134 @@ tools, and libraries designed to facilitate SELinux policy analysis.") > ;; Some programs are under GPL, all libraries under LGPL. > (license (list license:lgpl2.1+ > license:gpl2+)))) > + > +(define-public policycoreutils > + (package (inherit libsepol) > + (name "policycoreutils") > + (source > + (origin (inherit (package-source libsepol)) > + (patches (search-patches "policycoreutils-make-sepolicy-use-python3.patch")) > + (patch-flags '("-p1" "-d" "policycoreutils")))) > + (arguments > + `(#:test-target "test" > + #:make-flags > + (let ((out (assoc-ref %outputs "out"))) > + (list "CC=gcc" > + (string-append "PREFIX=" out) > + (string-append "LOCALEDIR=" out "/share/locale") > + (string-append "BASHCOMPLETIONDIR=" out > + "/share/bash-completion/completions") > + "INSTALL=install -c -p" > + "INSTALL_DIR=install -d" > + ;; These ones are needed because some Makefiles define the > + ;; directories relative to DESTDIR, not relative to PREFIX. > + (string-append "SBINDIR=" out "/sbin") > + (string-append "ETCDIR=" out "/etc") > + (string-append "SYSCONFDIR=" out "/etc/sysconfig") > + (string-append "MAN5DIR=" out "/share/man/man5") > + (string-append "INSTALL_NLS_DIR=" out "/share/locale") > + (string-append "AUTOSTARTDIR=" out "/etc/xdg/autostart") > + (string-append "DBUSSERVICEDIR=" out "/share/dbus-1/services") > + (string-append "SYSTEMDDIR=" out "/lib/systemd") > + (string-append "INITDIR=" out "/etc/rc.d/init.d") > + (string-append "SELINUXDIR=" out "/etc/selinux"))) > + #:phases > + (modify-phases %standard-phases > + (delete 'configure) > + (add-after 'unpack 'enter-dir > + (lambda _ (chdir ,name) #t)) > + (add-after 'enter-dir 'ignore-/usr-tests > + (lambda* (#:key inputs #:allow-other-keys) > + ;; The Makefile decides to build restorecond only if it finds the > + ;; inotify header somewhere under /usr. > + (substitute* "Makefile" > + (("ifeq.*") "") > + (("endif.*") "")) > + ;; Rewrite lookup paths for header files. > + (substitute* '("newrole/Makefile" > + "setfiles/Makefile" > + "run_init/Makefile") > + (("/usr(/include/security/pam_appl.h)" _ file) > + (string-append (assoc-ref inputs "pam") file)) > + (("/usr(/include/libaudit.h)" _ file) > + (string-append (assoc-ref inputs "audit") file))) > + #t)) > + (add-after 'enter-dir 'fix-glib-cflags > + (lambda* (#:key inputs #:allow-other-keys) > + (substitute* "restorecond/Makefile" > + (("/usr(/include/glib-2.0|/lib/glib-2.0/include)" _ path) > + (string-append (assoc-ref inputs "glib") path)) > + (("/usr(/include/dbus-1.0|/lib/dbus-1.0/include)" _ path) > + (string-append (assoc-ref inputs "dbus") path > + " -I" > + (assoc-ref inputs "dbus-glib") path))) > + #t)) > + (add-after 'enter-dir 'fix-linkage-with-libsepol > + (lambda* (#:key inputs #:allow-other-keys) > + (substitute* '("semodule_deps/Makefile" > + "sepolgen-ifgen/Makefile") > + (("\\$\\(LIBDIR\\)") > + (string-append (assoc-ref inputs "libsepol") "/lib/"))))) > + (add-after 'enter-dir 'fix-target-paths > + (lambda* (#:key outputs #:allow-other-keys) > + (let ((out (assoc-ref outputs "out"))) > + (substitute* "audit2allow/sepolgen-ifgen" > + (("ATTR_HELPER = \"/usr/bin/sepolgen-ifgen-attr-helper\"") > + (string-append "ATTR_HELPER = \"" out > + "/bin/sepolgen-ifgen-attr-helper\""))) > + (substitute* "sepolicy/sepolicy/__init__.py" > + (("/usr/bin/sepolgen-ifgen") > + (string-append out "/bin/sepolgen-ifgen"))) > + (substitute* "sepolicy/Makefile" > + ;; By default all Python files would be installed to > + ;; $out/gnu/store/...-python-.../. > + (("setup.py install.*$") > + (string-append "setup.py install --prefix=" out "\n")) > + (("\\$\\(DESTDIR\\)/etc") > + (string-append out "/etc")) > + (("\\$\\(DESTDIR\\)/usr") out))) > + #t)) > + (add-after 'install 'wrap-python-tools > + (lambda* (#:key outputs #:allow-other-keys) > + (let* ((out (assoc-ref outputs "out")) > + (var (string-append out "/lib/python3.5/site-packages:" ^^^ Can we use (version-major+minor (package-version python)) here? I plan to start a 3.6 branch soonish, unless someone beats me to it :) > + (getenv "PYTHONPATH")))) > + ;; The scripts' shebangs tell Python to ignore the PYTHONPATH, > + ;; so we need to patch them before wrapping. > + (for-each (lambda (file) > + (let ((path (string-append out "/" file))) > + (substitute* path > + (("bin/python -Es") "bin/python -s")) > + (wrap-program path > + `("PYTHONPATH" ":" prefix (,var))))) > + '("bin/audit2allow" > + "bin/chcat" > + "bin/sandbox" > + "bin/sepolgen-ifgen" > + "bin/sepolicy" > + "sbin/semanage"))) > + #t))))) > + (inputs > + `(("python" ,python-wrapper) > + ("audit" ,audit) > + ("pam" ,linux-pam) > + ("libsepol" ,libsepol) > + ("libselinux" ,libselinux) > + ("libsemanage" ,libsemanage) > + ("python-sepolgen" ,python-sepolgen) > + ("python-setools" ,python-setools) > + ("python-ipy" ,python-ipy) > + ("libcap-ng" ,libcap-ng) > + ("pcre" ,pcre) > + ("dbus" ,dbus) > + ("dbus-glib" ,dbus-glib) > + ("glib" ,glib))) > + (native-inputs > + `(("gettext" ,gettext-minimal))) > + (synopsis "SELinux core utilities") > + (description "The policycoreutils package contains the core utilities that > +are required for the basic operation of an SELinux-enabled GNU system and its > +policies. These utilities include @code{load_policy} to load policies, > +@code{setfiles} to label file systems, @code{newrole} to switch roles, and > +@code{run_init} to run service scripts in their proper context.") > + (license license:gpl2+))) > -- > 2.12.2 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 1/9] gnu: Add libsepol. 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus ` (7 preceding siblings ...) 2017-04-19 14:29 ` bug#26561: [PATCH 9/9] gnu: Add policycoreutils Ricardo Wurmus @ 2017-04-19 19:57 ` Marius Bakke 2017-04-21 22:21 ` Ricardo Wurmus 8 siblings, 1 reply; 16+ messages in thread From: Marius Bakke @ 2017-04-19 19:57 UTC (permalink / raw) To: Ricardo Wurmus, 26561 [-- Attachment #1: Type: text/plain, Size: 4348 bytes --] Ricardo Wurmus <rekado@elephly.net> writes: > * gnu/packages/selinux.scm: New file. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. > --- > gnu/local.mk | 1 + > gnu/packages/selinux.scm | 71 ++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 72 insertions(+) > create mode 100644 gnu/packages/selinux.scm > > diff --git a/gnu/local.mk b/gnu/local.mk > index 5822add4c..77302573a 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -342,6 +342,7 @@ GNU_SYSTEM_MODULES = \ > %D%/packages/sdl.scm \ > %D%/packages/search.scm \ > %D%/packages/security-token.scm \ > + %D%/packages/selinux.scm \ > %D%/packages/serialization.scm \ > %D%/packages/serveez.scm \ > %D%/packages/shells.scm \ > diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm > new file mode 100644 > index 000000000..75758dd6b > --- /dev/null > +++ b/gnu/packages/selinux.scm > @@ -0,0 +1,71 @@ > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net> > +;;; > +;;; This file is part of GNU Guix. > +;;; > +;;; GNU Guix is free software; you can redistribute it and/or modify it > +;;; under the terms of the GNU General Public License as published by > +;;; the Free Software Foundation; either version 3 of the License, or (at > +;;; your option) any later version. > +;;; > +;;; GNU Guix is distributed in the hope that it will be useful, but > +;;; WITHOUT ANY WARRANTY; without even the implied warranty of > +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +;;; GNU General Public License for more details. > +;;; > +;;; You should have received a copy of the GNU General Public License > +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. > + > +(define-module (gnu packages selinux) > + #:use-module ((guix licenses) #:prefix license:) > + #:use-module (guix packages) > + #:use-module (guix download) > + #:use-module (guix utils) > + #:use-module (guix build-system gnu) > + #:use-module (gnu packages) > + #:use-module (gnu packages flex)) > + > +;; Update the SELinux packages together! > + > +(define-public libsepol > + (package > + (name "libsepol") > + (version "2.6") > + (source (let ((release "20161014")) > + (origin > + (method url-fetch) > + (uri (string-append "https://github.com/SELinuxProject/selinux/" > + "archive/" release ".tar.gz")) > + (file-name (string-append "selinux-" release ".tar.gz")) > + (sha256 > + (base32 > + "1dpwynfb6n31928343blac4159g4jbrwxdp61q5yffmxpy3c3czi"))))) > + (build-system gnu-build-system) > + (arguments > + `(#:tests? #f ; tests require checkpolicy, which requires libsepol I guess we could work around this as with other circular dependencies, but that can be done later. > + #:test-target "test" > + #:make-flags > + (let ((out (assoc-ref %outputs "out"))) > + (list (string-append "PREFIX=" out) > + (string-append "DESTDIR=" out) > + (string-append "MAN3DIR=" out "/share/man/man3") > + (string-append "MAN5DIR=" out "/share/man/man5") > + (string-append "MAN8DIR=" out "/share/man/man8") > + (string-append "LDFLAGS=-Wl,-rpath=" out "/lib") > + "CC=gcc")) > + #:phases > + (modify-phases %standard-phases > + (delete 'configure) > + (add-after 'unpack 'enter-dir > + (lambda _ (chdir ,name) #t))))) > + (native-inputs > + `(("flex" ,flex))) > + (home-page "http://selinuxproject.org/") ^^^ https* > + (synopsis "Library for manipulating SELinux policies") > + (description > + "The libsepol library provides an API for the manipulation of SELinux > +binary policies. It is used by @code{checkpolicy} (the policy compiler) and > +similar tools, and programs such as @code{load_policy}, which must perform > +specific transformations on binary policies (for example, customizing policy > +boolean settings).") > + (license license:lgpl2.1+))) > -- > 2.12.2 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 1/9] gnu: Add libsepol. 2017-04-19 19:57 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Marius Bakke @ 2017-04-21 22:21 ` Ricardo Wurmus 0 siblings, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-21 22:21 UTC (permalink / raw) To: Marius Bakke; +Cc: 26561 Marius Bakke <mbakke@fastmail.com> writes: >> + (native-inputs >> + `(("flex" ,flex))) >> + (home-page "http://selinuxproject.org/") > ^^^ > https* Ha, good catch! Thanks! -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 0/9] SELinux 2017-04-19 12:56 bug#26561: [PATCH 0/9] SELinux Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus @ 2017-04-19 20:01 ` Marius Bakke 2017-04-20 8:30 ` julien lepiller 2017-04-21 22:40 ` Ricardo Wurmus 1 sibling, 2 replies; 16+ messages in thread From: Marius Bakke @ 2017-04-19 20:01 UTC (permalink / raw) To: Ricardo Wurmus, 26561 [-- Attachment #1: Type: text/plain, Size: 509 bytes --] Ricardo Wurmus <rekado@elephly.net> writes: > This patch series adds SELinux libraries and tools. > > Ricardo Wurmus (9): > gnu: Add libsepol. > gnu: Add checkpolicy. > gnu: Add libselinux. > gnu: Add libsemanage. > gnu: Add secilc. > gnu: Add python-sepolgen. > gnu: Add python-ipy. > gnu: Add python-setools. > gnu: Add policycoreutils. Wow, amazing work! I've read through the patches and they LGTM apart from the minor nitpicks sent separately. Thanks a lot for this! [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 0/9] SELinux 2017-04-19 20:01 ` bug#26561: [PATCH 0/9] SELinux Marius Bakke @ 2017-04-20 8:30 ` julien lepiller 2017-04-21 22:40 ` Ricardo Wurmus 1 sibling, 0 replies; 16+ messages in thread From: julien lepiller @ 2017-04-20 8:30 UTC (permalink / raw) To: 26561 Le 2017-04-19 22:01, Marius Bakke a écrit : > Ricardo Wurmus <rekado@elephly.net> writes: > >> This patch series adds SELinux libraries and tools. >> >> Ricardo Wurmus (9): >> gnu: Add libsepol. >> gnu: Add checkpolicy. >> gnu: Add libselinux. >> gnu: Add libsemanage. >> gnu: Add secilc. >> gnu: Add python-sepolgen. >> gnu: Add python-ipy. >> gnu: Add python-setools. >> gnu: Add policycoreutils. > > Wow, amazing work! I've read through the patches and they LGTM apart > from the minor nitpicks sent separately. Thanks a lot for this! How exciting! I once tried to install all that on my LFS system, but I couldn't find how to enable SELinux (setenforce 1 wouldn't work). Could you explain what steps need to be taken so I can activate SELinux on GuixSD? Or what is still laking? Could we imagine configuring the policy from the operating-system declaration? ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#26561: [PATCH 0/9] SELinux 2017-04-19 20:01 ` bug#26561: [PATCH 0/9] SELinux Marius Bakke 2017-04-20 8:30 ` julien lepiller @ 2017-04-21 22:40 ` Ricardo Wurmus 1 sibling, 0 replies; 16+ messages in thread From: Ricardo Wurmus @ 2017-04-21 22:40 UTC (permalink / raw) To: Marius Bakke; +Cc: 26561-done Marius Bakke <mbakke@fastmail.com> writes: > Ricardo Wurmus <rekado@elephly.net> writes: > >> This patch series adds SELinux libraries and tools. >> >> Ricardo Wurmus (9): >> gnu: Add libsepol. >> gnu: Add checkpolicy. >> gnu: Add libselinux. >> gnu: Add libsemanage. >> gnu: Add secilc. >> gnu: Add python-sepolgen. >> gnu: Add python-ipy. >> gnu: Add python-setools. >> gnu: Add policycoreutils. > > Wow, amazing work! I've read through the patches and they LGTM apart > from the minor nitpicks sent separately. Thanks a lot for this! Thanks for the review. I made the suggested changes and pushed to master with commit 6ef94ecba. -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2017-04-21 22:41 UTC | newest] Thread overview: 16+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-04-19 12:56 bug#26561: [PATCH 0/9] SELinux Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 2/9] gnu: Add checkpolicy Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 3/9] gnu: Add libselinux Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 4/9] gnu: Add libsemanage Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 5/9] gnu: Add secilc Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 6/9] gnu: Add python-sepolgen Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 7/9] gnu: Add python-ipy Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 8/9] gnu: Add python-setools Ricardo Wurmus 2017-04-19 14:29 ` bug#26561: [PATCH 9/9] gnu: Add policycoreutils Ricardo Wurmus 2017-04-19 19:59 ` Marius Bakke 2017-04-19 19:57 ` bug#26561: [PATCH 1/9] gnu: Add libsepol Marius Bakke 2017-04-21 22:21 ` Ricardo Wurmus 2017-04-19 20:01 ` bug#26561: [PATCH 0/9] SELinux Marius Bakke 2017-04-20 8:30 ` julien lepiller 2017-04-21 22:40 ` Ricardo Wurmus
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).