public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upgrade selinux from 20100904 -> 20131030

Browse Source
This commit is contained in:
William A. Kennington III 2013-11-28 02:58:06 -06:00
parent 3f449b8ae6
commit 96dc58db9c
8 changed files with 68 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/os-specific/linux/checkpolicy/default.nix
View File

@ -2,12 +2,12 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "checkpolicy-${version}"; name = "checkpolicy-${version}";
version = "2.1.11"; version = "2.2";
inherit (libsepol) se_release se_url; inherit (libsepol) se_release se_url;
src = fetchurl { src = fetchurl {
url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz"; url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz";
sha256 = "1wahs32l4jjlg0s3lyihdhvwmsy7yyvq5pk96q9lsiilc5vvrb06"; sha256 = "1y5dx4s5k404fgpm7hlhgw8a9b9ksn3q2d3fj6f9rdac9n7nkxlz";
}; };
buildInputs = [ libsepol libselinux bison flex ]; buildInputs = [ libsepol libselinux bison flex ];

24
pkgs/os-specific/linux/libselinux/default.nix
View File

@ -8,7 +8,7 @@ with stdenv.lib;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "libselinux-${version}"; name = "libselinux-${version}";
version = "2.1.12"; version = "2.2.1";
inherit (libsepol) se_release se_url; inherit (libsepol) se_release se_url;
src = fetchurl { src = fetchurl {
@ -16,30 +16,22 @@ stdenv.mkDerivation rec {
sha256 = "17navgvljgq35bljzcdwjdj3khajc27s15binr51xkp0h29qgbcd"; sha256 = "17navgvljgq35bljzcdwjdj3khajc27s15binr51xkp0h29qgbcd";
}; };
patch_src = fetchurl {
url = "http://dev.gentoo.org/~swift/patches/libselinux/patchbundle-${name}-r2.tar.gz";
sha256 = "08zaas8iwyf4w9ll1ylyv4gril1nfarckd5h1l53563sxzyf7dqh";
};
patches = [ ./fPIC.patch ]; # libsemanage seems to need -fPIC everywhere
buildInputs = [ pkgconfig libsepol pcre ] buildInputs = [ pkgconfig libsepol pcre ]
++ optionals enablePython [ swig python ]; ++ optionals enablePython [ swig python ];
prePatch = ''
tar xvf ${patch_src}
for p in gentoo-patches/*.patch; do
patch -p1 < "$p"
done
'';
postPatch = optionalString enablePython '' postPatch = optionalString enablePython ''
sed -i -e 's|\$(LIBDIR)/libsepol.a|${libsepol}/lib/libsepol.a|' src/Makefile sed -i -e 's|\$(LIBDIR)/libsepol.a|${libsepol}/lib/libsepol.a|' src/Makefile
''; '';
installFlags = [ "PREFIX=$(out)" "DESTDIR=$(out)" "LIBSEPOLDIR=${libsepol}" ]; installFlags = [ "PREFIX=$(out)" "DESTDIR=$(out)" ];
installTargets = [ "install" ] ++ optional enablePython "install-pywrap"; installTargets = [ "install" ] ++ optional enablePython "install-pywrap";
# TODO: Figure out why the build incorrectly links libselinux.so
postInstall = ''
rm $out/lib/libselinux.so
ln -s libselinux.so.1 $out/lib/libselinux.so
'';
meta = { meta = {
inherit (libsepol.meta) homepage platforms maintainers; inherit (libsepol.meta) homepage platforms maintainers;
}; };

8
pkgs/os-specific/linux/libsemanage/default.nix
View File

@ -1,13 +1,13 @@
{ stdenv, fetchurl, libsepol, libselinux, ustr, bzip2, bison, flex }: { stdenv, fetchurl, libsepol, libselinux, ustr, bzip2, bison, flex, audit }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "libsemanage-${version}"; name = "libsemanage-${version}";
version = "2.1.9"; version = "2.2";
inherit (libsepol) se_release se_url; inherit (libsepol) se_release se_url;
src = fetchurl { src = fetchurl {
url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz"; url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz";
sha256 = "1k1my3n1pj30c5887spykcdk1brgxfpxmrz6frxjyhaijxzx20bg"; sha256 = "0xdx0dwcsyw4kv9l6xwdkfg6v7fc9b5y176rkg6n6q0w1zx0pxhi";
}; };
makeFlags = "PREFIX=$(out) DESTDIR=$(out)"; makeFlags = "PREFIX=$(out) DESTDIR=$(out)";
@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
NIX_CFLAGS_COMPILE = "-fstack-protector-all"; NIX_CFLAGS_COMPILE = "-fstack-protector-all";
NIX_CFLAGS_LINK = "-lsepol"; NIX_CFLAGS_LINK = "-lsepol";
buildInputs = [ libsepol libselinux ustr bzip2 bison flex ]; buildInputs = [ libsepol libselinux ustr bzip2 bison flex audit ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
inherit (libsepol.meta) homepage platforms maintainers; inherit (libsepol.meta) homepage platforms maintainers;

12
pkgs/os-specific/linux/libsepol/default.nix
View File

@ -2,17 +2,23 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "libsepol-${version}"; name = "libsepol-${version}";
version = "2.1.8"; version = "2.2";
se_release = "20120924"; se_release = "20131030";
se_url = "${meta.homepage}/releases"; se_url = "${meta.homepage}/releases";
src = fetchurl { src = fetchurl {
url = "${se_url}/${se_release}/libsepol-${version}.tar.gz"; url = "${se_url}/${se_release}/libsepol-${version}.tar.gz";
sha256 = "1w38q3lmha5m9aps9w844i51yw4b8q1vhpng2kdywn2n8cpdvvk3"; sha256 = "03zw6clp00cmi49x8iq8svhrp91jrcw0093zpnyhan190rqb593p";
}; };
preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" ''; preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
# TODO: Figure out why the build incorrectly links libsepol.so
postInstall = ''
rm $out/lib/libsepol.so
ln -s libsepol.so.1 $out/lib/libsepol.so
'';
passthru = { inherit se_release se_url meta; }; passthru = { inherit se_release se_url meta; };
meta = with stdenv.lib; { meta = with stdenv.lib; {

14
pkgs/os-specific/linux/policycoreutils/default.nix
View File

@ -1,23 +1,24 @@
{ stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup { stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup
, libsepol, libselinux, libsemanage , libsepol, libselinux, libsemanage, setools
, python, sepolgen }: , python, sepolgen }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "policycoreutils-${version}"; name = "policycoreutils-${version}";
version = "2.1.13"; version = "2.2.4";
inherit (libsepol) se_release se_url; inherit (libsepol) se_release se_url;
src = fetchurl { src = fetchurl {
url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz"; url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz";
sha256 = "1145nbpwndmhma08vvj1j75bjd8xhjal0vjpazlrw78iyc30y11l"; sha256 = "08zpd2a2j45j1qkmq9sz084r2xr0fky1cnld45sn8w5xgdw8k81n";
}; };
patchPhase = '' patchPhase = ''
substituteInPlace po/Makefile --replace /usr/bin/install install substituteInPlace po/Makefile --replace /usr/bin/install install
find . -type f -exec sed -i 's,/usr/bin/python,${python}/bin/python,' {} \;
''; '';
buildInputs = [ intltool pcre libcap_ng libcgroup buildInputs = [ intltool pcre libcap_ng libcgroup
libsepol libselinux libsemanage libsepol libselinux libsemanage setools
python sepolgen # ToDo? these are optional python sepolgen # ToDo? these are optional
]; ];
@ -25,6 +26,11 @@ stdenv.mkDerivation rec {
mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib" mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib"
''; '';
# Creation of the system-config-selinux directory is broken
preInstall = ''
mkdir -p $out/share/system-config-selinux
'';
NIX_CFLAGS_COMPILE = "-fstack-protector-all"; NIX_CFLAGS_COMPILE = "-fstack-protector-all";
NIX_LDFLAGS = "-lsepol -lpcre"; NIX_LDFLAGS = "-lsepol -lpcre";

4
pkgs/os-specific/linux/sepolgen/default.nix
View File

@ -2,12 +2,12 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "sepolgen-${version}"; name = "sepolgen-${version}";
version = "1.1.8"; version = "1.2.1";
inherit (libsepol) se_release se_url; inherit (libsepol) se_release se_url;
src = fetchurl { src = fetchurl {
url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz"; url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz";
sha256 = "1sssc9d4wz7l23yczlzplsmdr891sqr9w34ccn1bfwlnc4q63xdm"; sha256 = "1c41hz4a64mjvbfhgc7c7plydahsc161z0qn46qz2g3bvimj9323";
}; };
makeFlags = "PREFIX=$(out) DESTDIR=$(out) PYTHONLIBDIR=lib/${python.libPrefix}/site-packages"; makeFlags = "PREFIX=$(out) DESTDIR=$(out) PYTHONLIBDIR=lib/${python.libPrefix}/site-packages";

31
pkgs/os-specific/linux/setools/default.nix Normal file
View File

@ -0,0 +1,31 @@
{ stdenv, fetchurl, autoreconfHook, pkgconfig, bison, flex
, python, swig2, tcl, libsepol, libselinux, libxml2, sqlite, bzip2 }:
stdenv.mkDerivation rec {
name = "setools-3.3.8";
src = fetchurl {
url = "http://oss.tresys.com/projects/setools/chrome/site/dists/${name}/${name}.tar.bz2";
sha256 = "16g987ijaxabc30zyjzia4nafq49rm038y1pm4vca7i3kb67wf24";
};
# SWIG-TCL is broken in 3.3.8
configureFlags = ''
--with-tcl=${tcl}/lib
--with-sepol-devel=${libsepol}
--with-selinux-devel=${libselinux}
--disable-gui
--disable-swig-tcl
'';
buildInputs = [ autoreconfHook pkgconfig bison flex python swig2 ];
nativeBuildInputs = [ tcl libsepol libselinux libxml2 sqlite bzip2 ];
meta = {
description = "SELinux Tools";
homepage = "http://oss.tresys.com/projects/setools/";
license = "GPLv2";
platforms = stdenv.lib.platforms.linux;
};
}

2
pkgs/top-level/all-packages.nix
View File

@ -7044,6 +7044,8 @@ let
sepolgen = callPackage ../os-specific/linux/sepolgen { }; sepolgen = callPackage ../os-specific/linux/sepolgen { };
setools = callPackage ../os-specific/linux/setools { };
shadow = callPackage ../os-specific/linux/shadow { }; shadow = callPackage ../os-specific/linux/shadow { };
statifier = builderDefsPackage (import ../os-specific/linux/statifier) { }; statifier = builderDefsPackage (import ../os-specific/linux/statifier) { };