1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
| | ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages selinux)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages bison)
#:use-module (gnu packages flex))
;; Update the SELinux packages together!
(define-public libsepol
(package
(name "libsepol")
(version "2.6")
(source (let ((release "20161014"))
(origin
(method url-fetch)
(uri (string-append "https://github.com/SELinuxProject/selinux/"
"archive/" release ".tar.gz"))
(file-name (string-append "selinux-" release ".tar.gz"))
(sha256
(base32
"1dpwynfb6n31928343blac4159g4jbrwxdp61q5yffmxpy3c3czi")))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; tests require checkpolicy, which requires libsepol
#:test-target "test"
#:make-flags
(let ((out (assoc-ref %outputs "out")))
(list (string-append "PREFIX=" out)
(string-append "DESTDIR=" out)
(string-append "MAN3DIR=" out "/share/man/man3")
(string-append "MAN5DIR=" out "/share/man/man5")
(string-append "MAN8DIR=" out "/share/man/man8")
(string-append "LDFLAGS=-Wl,-rpath=" out "/lib")
"CC=gcc"))
#:phases
(modify-phases %standard-phases
(delete 'configure)
(add-after 'unpack 'enter-dir
(lambda _ (chdir ,name) #t)))))
(native-inputs
`(("flex" ,flex)))
(home-page "http://selinuxproject.org/")
(synopsis "Library for manipulating SELinux policies")
(description
"The libsepol library provides an API for the manipulation of SELinux
binary policies. It is used by @code{checkpolicy} (the policy compiler) and
similar tools, and programs such as @code{load_policy}, which must perform
specific transformations on binary policies (for example, customizing policy
boolean settings).")
(license license:lgpl2.1+)))
(define-public checkpolicy
(package (inherit libsepol)
(name "checkpolicy")
(arguments
`(#:tests? #f ; there is no check target
#:make-flags
(let ((out (assoc-ref %outputs "out")))
(list (string-append "PREFIX=" out)
(string-append "LDLIBS="
(assoc-ref %build-inputs "libsepol")
"/lib/libsepol.a "
(assoc-ref %build-inputs "flex")
"/lib/libfl.a")
"CC=gcc"))
#:phases
(modify-phases %standard-phases
(delete 'configure)
(add-after 'unpack 'enter-dir
(lambda _ (chdir ,name) #t)))))
(inputs
`(("libsepol" ,libsepol)))
(native-inputs
`(("bison" ,bison)
("flex" ,flex)))
(synopsis "Check SELinux security policy configurations and modules")
(description
"This package provides the tools \"checkpolicy\" and \"checkmodule\".
Checkpolicy is a program that checks and compiles a SELinux security policy
configuration into a binary representation that can be loaded into the kernel.
Checkmodule is a program that checks and compiles a SELinux security policy
module into a binary representation.")
;; GPLv2 only
(license license:gpl2)))
|