From 3eb02164787d2430b30ab1471aca4bddb90277a468fe713e99952ca718e6ea1f Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Wed, 13 Nov 2019 08:25:35 +0000 Subject: [PATCH] Accepting request 748053 from home:jsegitz:branches:security:SELinux - Added Use-Python-distutils-to-install-SELinux.patch to use Python's distutils instead of building and installing python bindings manually OBS-URL: https://build.opensuse.org/request/show/748053 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=118 --- Use-Python-distutils-to-install-SELinux.patch | 166 ++++++++++++++++++ libselinux.changes | 7 + libselinux.spec | 2 + 3 files changed, 175 insertions(+) create mode 100644 Use-Python-distutils-to-install-SELinux.patch diff --git a/Use-Python-distutils-to-install-SELinux.patch b/Use-Python-distutils-to-install-SELinux.patch new file mode 100644 index 0000000..cf1a3ee --- /dev/null +++ b/Use-Python-distutils-to-install-SELinux.patch @@ -0,0 +1,166 @@ +From bb5a63a3e6e19556419a486a00e008ae6af62fc3 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 16 May 2019 15:01:59 +0200 +Subject: [PATCH] libselinux: Use Python distutils to install SELinux python + bindings + +SWIG-4.0 changed its behavior so that it uses: from . import _selinux which +looks for _selinux module in the same directory as where __init__.py is - +$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into +$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location +of _selinux.so"). + +In order to prevent such breakage in future use Python's distutils instead of +building and installing python bindings manually in Makefile. + +Fixes: +>>> import selinux +Traceback (most recent call last): + File "", line 1, in + File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in + from . import _selinux +ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py) +>>> + +Signed-off-by: Petr Lautrbach +--- + libselinux/src/Makefile | 37 ++++++++----------------------------- + libselinux/src/setup.py | 24 ++++++++++++++++++++++++ + 2 files changed, 32 insertions(+), 29 deletions(-) + create mode 100644 libselinux/src/setup.py + +diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile +index e9ed0383..826c830c 100644 +--- a/libselinux/src/Makefile ++++ b/libselinux/src/Makefile +@@ -36,7 +36,7 @@ TARGET=libselinux.so + LIBPC=libselinux.pc + SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i + SWIGRUBYIF= selinuxswig_ruby.i +-SWIGCOUT= selinuxswig_wrap.c ++SWIGCOUT= selinuxswig_python_wrap.c + SWIGPYOUT= selinux.py + SWIGRUBYCOUT= selinuxswig_ruby_wrap.c + SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT)) +@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),) + LDLIBS_LIBSEPOLA := -l:libsepol.a + endif + +-GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i ++GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i + SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c))) + + MAX_STACK_SIZE=32768 +@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND + SRCS:= $(filter-out label_backends_android.c, $(SRCS)) + endif + +-SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS) +- + SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS) + + all: $(LIBA) $(LIBSO) $(LIBPC) + +-pywrap: all $(SWIGFILES) $(AUDIT2WHYSO) ++pywrap: all selinuxswig_python_exception.i ++ CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR) + + rubywrap: all $(SWIGRUBYSO) + +-$(SWIGLOBJ): $(SWIGCOUT) +- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $< +- + $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) + $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< + +-$(SWIGSO): $(SWIGLOBJ) +- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS) +- + $(SWIGRUBYSO): $(SWIGRUBYLOBJ) + $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS) + +@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION + selinuxswig_python_exception.i: ../include/selinux/selinux.h + bash -e exception.sh > $@ || (rm -f $@ ; false) + +-$(AUDIT2WHYLOBJ): audit2why.c +- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $< +- +-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA) +- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs +- + %.o: %.c policy.h + $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< + + %.lo: %.c policy.h + $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< + +-$(SWIGCOUT): $(SWIGIF) +- $(SWIG) $< +- +-$(SWIGPYOUT): $(SWIGCOUT) +- + $(SWIGRUBYCOUT): $(SWIGRUBYIF) + $(SWIGRUBY) $< + +-swigify: $(SWIGIF) +- $(SWIG) $< +- + install: all + test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) + install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) +@@ -194,10 +173,8 @@ install: all + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) + + install-pywrap: pywrap +- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux +- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) +- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT) +- install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py ++ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` ++ install -m 644 selinux.py $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py + + install-rubywrap: rubywrap + test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) +@@ -208,6 +185,8 @@ relabel: + + clean-pywrap: + -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO) ++ $(PYTHON) setup.py clean ++ -rm -rf build *~ \#* *pyc .#* + + clean-rubywrap: + -rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO) +diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py +new file mode 100644 +index 00000000..b12e7869 +--- /dev/null ++++ b/libselinux/src/setup.py +@@ -0,0 +1,24 @@ ++#!/usr/bin/python3 ++ ++from distutils.core import Extension, setup ++ ++setup( ++ name="selinux", ++ version="2.9", ++ description="SELinux python 3 bindings", ++ author="SELinux Project", ++ author_email="selinux@vger.kernel.org", ++ ext_modules=[ ++ Extension('selinux._selinux', ++ sources=['selinuxswig_python.i'], ++ include_dirs=['../include'], ++ library_dirs=['.'], ++ libraries=['selinux']), ++ Extension('selinux.audit2why', ++ sources=['audit2why.c'], ++ include_dirs=['../include'], ++ library_dirs=['.'], ++ libraries=['selinux'], ++ extra_link_args=['-l:libsepol.a']) ++ ], ++) +-- +2.21.0 + diff --git a/libselinux.changes b/libselinux.changes index 1344f93..db3de53 100644 --- a/libselinux.changes +++ b/libselinux.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Nov 13 08:03:39 UTC 2019 - Johannes Segitz + +- Added Use-Python-distutils-to-install-SELinux.patch to use + Python's distutils instead of building and installing python + bindings manually + ------------------------------------------------------------------- Mon Jun 3 09:34:17 UTC 2019 - diff --git a/libselinux.spec b/libselinux.spec index 45c6223..48ff16a 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -29,6 +29,7 @@ Source1: selinux-ready Source2: baselibs.conf # PATCH-FIX-UPSTREAM Include for readv prototype Patch4: readv-proto.patch +Patch5: Use-Python-distutils-to-install-SELinux.patch BuildRequires: fdupes BuildRequires: libsepol-devel >= %{libsepol_ver} BuildRequires: pcre-devel @@ -95,6 +96,7 @@ necessary to develop your own software using libselinux. %prep %setup -q %patch4 -p1 +%patch5 -p2 %build %define _lto_cflags %{nil}