pool/libselinux
SHA256
2
0
Fork 3
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 748056 from security:SELinux

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/748056
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=58
This commit is contained in:
Dominique Leuenberger 2019-11-17 18:20:35 +00:00 committed by Git OBS Bridge
commit 5334aff7f6
6 changed files with 199 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
Use-Python-distutils-to-install-SELinux.patch Normal file
View File

@ -0,0 +1,166 @@
From bb5a63a3e6e19556419a486a00e008ae6af62fc3 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 16 May 2019 15:01:59 +0200
Subject: [PATCH] libselinux: Use Python distutils to install SELinux python
bindings
SWIG-4.0 changed its behavior so that it uses: from . import _selinux which
looks for _selinux module in the same directory as where __init__.py is -
$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
of _selinux.so").
In order to prevent such breakage in future use Python's distutils instead of
building and installing python bindings manually in Makefile.
Fixes:
>>> import selinux
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
from . import _selinux
ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
>>>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libselinux/src/Makefile | 37 ++++++++-----------------------------
libselinux/src/setup.py | 24 ++++++++++++++++++++++++
2 files changed, 32 insertions(+), 29 deletions(-)
create mode 100644 libselinux/src/setup.py
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index e9ed0383..826c830c 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -36,7 +36,7 @@ TARGET=libselinux.so
LIBPC=libselinux.pc
SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
SWIGRUBYIF= selinuxswig_ruby.i
-SWIGCOUT= selinuxswig_wrap.c
+SWIGCOUT= selinuxswig_python_wrap.c
SWIGPYOUT= selinux.py
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
LDLIBS_LIBSEPOLA := -l:libsepol.a
endif
-GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
MAX_STACK_SIZE=32768
@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
SRCS:= $(filter-out label_backends_android.c, $(SRCS))
endif
-SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
-
SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
all: $(LIBA) $(LIBSO) $(LIBPC)
-pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
+pywrap: all selinuxswig_python_exception.i
+ CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
rubywrap: all $(SWIGRUBYSO)
-$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
-$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
-
$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash -e exception.sh > $@ || (rm -f $@ ; false)
-$(AUDIT2WHYLOBJ): audit2why.c
- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
-
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
%.lo: %.c policy.h
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
-$(SWIGCOUT): $(SWIGIF)
- $(SWIG) $<
-
-$(SWIGPYOUT): $(SWIGCOUT)
-
$(SWIGRUBYCOUT): $(SWIGRUBYIF)
$(SWIGRUBY) $<
-swigify: $(SWIGIF)
- $(SWIG) $<
-
install: all
test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
@@ -194,10 +173,8 @@ install: all
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+ install -m 644 selinux.py $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
install-rubywrap: rubywrap
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
@@ -208,6 +185,8 @@ relabel:
clean-pywrap:
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
+ $(PYTHON) setup.py clean
+ -rm -rf build *~ \#* *pyc .#*
clean-rubywrap:
-rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
new file mode 100644
index 00000000..b12e7869
--- /dev/null
+++ b/libselinux/src/setup.py
@@ -0,0 +1,24 @@
+#!/usr/bin/python3
+
+from distutils.core import Extension, setup
+
+setup(
+ name="selinux",
+ version="2.9",
+ description="SELinux python 3 bindings",
+ author="SELinux Project",
+ author_email="selinux@vger.kernel.org",
+ ext_modules=[
+ Extension('selinux._selinux',
+ sources=['selinuxswig_python.i'],
+ include_dirs=['../include'],
+ library_dirs=['.'],
+ libraries=['selinux']),
+ Extension('selinux.audit2why',
+ sources=['audit2why.c'],
+ include_dirs=['../include'],
+ library_dirs=['.'],
+ libraries=['selinux'],
+ extra_link_args=['-l:libsepol.a'])
+ ],
+)
--
2.21.0

6
libselinux-bindings.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Oct 30 17:21:00 CET 2019 - Matej Cepl <mcepl@suse.com>
- Add python3.8-compat.patch which makes build possible even with
Python 3.8, which doesnt automatically adds -lpython<ver>
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 28 08:28:03 UTC 2019 - Martin Liška <mliska@suse.cz> Tue May 28 08:28:03 UTC 2019 - Martin Liška <mliska@suse.cz>

5
libselinux-bindings.spec
View File

@ -31,6 +31,9 @@ Source1: selinux-ready
Source2: baselibs.conf Source2: baselibs.conf
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch Patch4: readv-proto.patch
# PATCH-FIX-UPSTREAM python3.8-compat.patch mcepl@suse.com
# Make linking working even when default pkg-config doesnt provide -lpython<ver>
Patch5: python3.8-compat.patch
BuildRequires: libsepol-devel-static >= %{libsepol_ver} BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: pcre-devel BuildRequires: pcre-devel
BuildRequires: python-rpm-macros BuildRequires: python-rpm-macros
@ -75,7 +78,7 @@ language.
%prep %prep
%setup -q -n libselinux-%{version} %setup -q -n libselinux-%{version}
%patch4 -p1 %autopatch -p1
%build %build
%define _lto_cflags %{nil} %define _lto_cflags %{nil}

7
libselinux.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Nov 13 08:03:39 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
- Added Use-Python-distutils-to-install-SELinux.patch to use
Python's distutils instead of building and installing python
bindings manually
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 3 09:34:17 UTC 2019 - <jsegitz@suse.com> Mon Jun 3 09:34:17 UTC 2019 - <jsegitz@suse.com>

2
libselinux.spec
View File

@ -29,6 +29,7 @@ Source1: selinux-ready
Source2: baselibs.conf Source2: baselibs.conf
# PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
Patch4: readv-proto.patch Patch4: readv-proto.patch
Patch5: Use-Python-distutils-to-install-SELinux.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: libsepol-devel >= %{libsepol_ver} BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: pcre-devel BuildRequires: pcre-devel
@ -95,6 +96,7 @@ necessary to develop your own software using libselinux.
%prep %prep
%setup -q %setup -q
%patch4 -p1 %patch4 -p1
%patch5 -p2
%build %build
%define _lto_cflags %{nil} %define _lto_cflags %{nil}

14
python3.8-compat.patch Normal file
View File

@ -0,0 +1,14 @@
--- a/src/Makefile
+++ b/src/Makefile
@@ -13,7 +13,11 @@ LIBDIR ?= $(PREFIX)/lib
SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
+ifeq ($(shell $(PKG_CONFIG) --exists $(PYPREFIX)-embed && echo true), true)
+PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)-embed)
+else
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
+endif
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')