summary refs log tree commit diff
path: root/gnu/packages/selinux.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/selinux.scm')
-rw-r--r--gnu/packages/selinux.scm126
1 files changed, 25 insertions, 101 deletions
diff --git a/gnu/packages/selinux.scm b/gnu/packages/selinux.scm
index 729ae646b2..99f9e76e29 100644
--- a/gnu/packages/selinux.scm
+++ b/gnu/packages/selinux.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -20,6 +20,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
@@ -44,16 +45,17 @@
 (define-public libsepol
   (package
     (name "libsepol")
-    (version "2.6")
-    (source (let ((release "20161014"))
+    (version "2.7")
+    (source (let ((release "20170804"))
               (origin
-                (method url-fetch)
-                (uri (string-append "https://github.com/SELinuxProject/selinux/"
-                                    "archive/" release ".tar.gz"))
-                (file-name (string-append "selinux-" release ".tar.gz"))
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/SELinuxProject/selinux.git")
+                      (commit release)))
+                (file-name (string-append "selinux-" release "-checkout"))
                 (sha256
                  (base32
-                  "1dpwynfb6n31928343blac4159g4jbrwxdp61q5yffmxpy3c3czi")))))
+                  "1l1nn8bx08v4cxkw5kb0wgr61rfqj5ra9dh1dy5jslillj93vivq")))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; tests require checkpolicy, which requires libsepol
@@ -92,11 +94,9 @@ boolean settings).")
        #:make-flags
        (let ((out (assoc-ref %outputs "out")))
          (list (string-append "PREFIX=" out)
-               (string-append "LDLIBS="
+               (string-append "LIBSEPOLA="
                               (assoc-ref %build-inputs "libsepol")
-                              "/lib/libsepol.a "
-                              (assoc-ref %build-inputs "flex")
-                              "/lib/libfl.a")
+                              "/lib/libsepol.a")
                "CC=gcc"))
        #:phases
        (modify-phases %standard-phases
@@ -125,6 +125,9 @@ module into a binary representation.")
      (substitute-keyword-arguments (package-arguments libsepol)
        ((#:make-flags flags)
         `(cons* "PYTHON=python3"
+                (string-append "LIBSEPOLA="
+                              (assoc-ref %build-inputs "libsepol")
+                              "/lib/libsepol.a")
                 (string-append "PYSITEDIR="
                                (assoc-ref %outputs "out")
                                "/lib/python"
@@ -135,14 +138,6 @@ module into a binary representation.")
         `(modify-phases ,phases
            (replace 'enter-dir
              (lambda _ (chdir ,name) #t))
-           ;; libsepol.a is not located in this package's LIBDIR.
-           (add-after 'enter-dir 'patch-libsepol-path
-             (lambda* (#:key inputs #:allow-other-keys)
-               (substitute* "src/Makefile"
-                 (("\\$\\(LIBDIR\\)/libsepol.a")
-                  (string-append (assoc-ref inputs "libsepol")
-                                 "/lib/libsepol.a")))
-               #t))
            (add-after 'enter-dir 'remove-Werror
              (lambda _
                ;; GCC complains about the fact that the output does not (yet)
@@ -256,7 +251,7 @@ binary policies.")
            ((#:phases phases)
             `(modify-phases ,phases
                (replace 'enter-dir
-                 (lambda _ (chdir "sepolgen") #t))
+                 (lambda _ (chdir "python/sepolgen") #t))
                ;; By default all Python files would be installed to
                ;; $out/gnu/store/...-python-.../, so we override the
                ;; PACKAGEDIR to fix this.
@@ -297,20 +292,19 @@ based on required access.")
     ;; GPLv2 only
     (license license:gpl2)))
 
-;; The latest 4.1.x version does not work with the latest 2.6 release of
-;; policycoreutils, so we use the last 4.0.x release.
 (define-public python-setools
   (package
     (name "python-setools")
-    (version "4.0.1")
+    (version "4.1.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/TresysTechnology/"
-                                  "setools/archive/" version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/TresysTechnology/setools.git")
+                    (commit version)))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
-                "1zndpl4ck5c23p7s4sci06db89q1w87jig3jbd4f8s1ggy3lj82c"))))
+                "0459xxly6zzqc5azcwk3rbbcxvj60dq08f8z6xr05y7dsbb16cg6"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f ; the test target causes a rebuild
@@ -352,10 +346,6 @@ tools, and libraries designed to facilitate SELinux policy analysis.")
 (define-public policycoreutils
   (package (inherit libsepol)
     (name "policycoreutils")
-    (source
-     (origin (inherit (package-source libsepol))
-             (patches (search-patches "policycoreutils-make-sepolicy-use-python3.patch"))
-             (patch-flags '("-p1" "-d" "policycoreutils"))))
     (arguments
      `(#:test-target "test"
        #:make-flags
@@ -399,79 +389,13 @@ tools, and libraries designed to facilitate SELinux policy analysis.")
                 (string-append (assoc-ref inputs "pam") file))
                (("/usr(/include/libaudit.h)" _ file)
                 (string-append (assoc-ref inputs "audit") file)))
-             #t))
-         (add-after 'enter-dir 'fix-glib-cflags
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "restorecond/Makefile"
-               (("/usr(/include/glib-2.0|/lib/glib-2.0/include)" _ path)
-                (string-append (assoc-ref inputs "glib") path))
-               (("/usr(/include/dbus-1.0|/lib/dbus-1.0/include)" _ path)
-                (string-append (assoc-ref inputs "dbus") path
-                               " -I"
-                               (assoc-ref inputs "dbus-glib") path)))
-             #t))
-         (add-after 'enter-dir 'fix-linkage-with-libsepol
-           (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* '("semodule_deps/Makefile"
-                            "sepolgen-ifgen/Makefile")
-               (("\\$\\(LIBDIR\\)")
-                (string-append (assoc-ref inputs "libsepol") "/lib/")))))
-         (add-after 'enter-dir 'fix-target-paths
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (substitute* "audit2allow/sepolgen-ifgen"
-                 (("ATTR_HELPER = \"/usr/bin/sepolgen-ifgen-attr-helper\"")
-                  (string-append "ATTR_HELPER = \"" out
-                                 "/bin/sepolgen-ifgen-attr-helper\"")))
-               (substitute* "sepolicy/sepolicy/__init__.py"
-                 (("/usr/bin/sepolgen-ifgen")
-                  (string-append out "/bin/sepolgen-ifgen")))
-               (substitute* "sepolicy/Makefile"
-                 ;; By default all Python files would be installed to
-                 ;; $out/gnu/store/...-python-.../.
-                 (("setup.py install.*$")
-                  (string-append "setup.py install --prefix=" out "\n"))
-                 (("\\$\\(DESTDIR\\)/etc")
-                  (string-append out "/etc"))
-                 (("\\$\\(DESTDIR\\)/usr") out)))
-             #t))
-         (add-after 'install 'wrap-python-tools
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out (assoc-ref outputs "out"))
-                    (var (string-append out "/lib/python"
-                                        ,(version-major+minor (package-version python))
-                                        "/site-packages:"
-                                        (getenv "PYTHONPATH"))))
-               ;; The scripts' shebangs tell Python to ignore the PYTHONPATH,
-               ;; so we need to patch them before wrapping.
-               (for-each (lambda (file)
-                           (let ((path (string-append out "/" file)))
-                             (substitute* path
-                               (("bin/python -Es") "bin/python -s"))
-                             (wrap-program path
-                               `("PYTHONPATH" ":" prefix (,var)))))
-                         '("bin/audit2allow"
-                           "bin/chcat"
-                           "bin/sandbox"
-                           "bin/sepolgen-ifgen"
-                           "bin/sepolicy"
-                           "sbin/semanage")))
              #t)))))
     (inputs
-     `(("python" ,python-wrapper)
-       ("audit" ,audit)
+     `(("audit" ,audit)
        ("pam" ,linux-pam)
        ("libsepol" ,libsepol)
        ("libselinux" ,libselinux)
-       ("libsemanage" ,libsemanage)
-       ("python-sepolgen" ,python-sepolgen)
-       ("python-setools" ,python-setools)
-       ("python-ipy" ,python-ipy)
-       ("libcap-ng" ,libcap-ng)
-       ("pcre" ,pcre)
-       ("dbus" ,dbus)
-       ("dbus-glib" ,dbus-glib)
-       ("glib" ,glib)))
+       ("libsemanage" ,libsemanage)))
     (native-inputs
      `(("gettext" ,gettext-minimal)))
     (synopsis "SELinux core utilities")