Accepting request 1102846 from security:SELinux

OBS-URL: https://build.opensuse.org/request/show/1102846 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libselinux?expand=0&rev=75
2023-08-09 15:24:23 +00:00 · 2023-08-09 15:24:23 +00:00 · 8cb8e53187
commit 8cb8e53187
parent 01ed6a17a8 baa5cefbf7
4 changed files with 140 additions and 49 deletions
--- a/libselinux-bindings.changes
+++ b/libselinux-bindings.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Aug  4 13:14:19 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- (bsc#1212618) Divide libselinux and libselinux-bindings again.
+  libselinux itself is in Ring0 so it has to have absolutely
+  minimal dependencies, so it is better to separate
+  libselinux-bindings into a separate pacakge.
+
+-------------------------------------------------------------------
+Tue Jun 20 13:34:39 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Add explicit BuildRequires for python3-pip and python3-wheel on
+  15.5, currently the macros don't do the right thing
+
 -------------------------------------------------------------------
 Thu Jun  1 11:50:33 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>

--- a/libselinux-bindings.spec
+++ b/libselinux-bindings.spec
@ -17,74 +17,59 @@


 %{?sle15_python_module_pythons}
-%if 0%{?suse_version} < 1699
-# Leap15, SLES15
-# have some safe defaults
-%define python_subpackage_name python3-selinux
-%define python_base_requirement python3
-%if "%pythons" == "python36"
-%define python_subpackage_name python36-selinux
-%define python_base_requirement python36
-%endif
-%if "%pythons" == "python310"
-%define python_subpackage_name python310-selinux
-%define python_base_requirement python310
-%endif
-%if "%pythons" == "python311"
-%define python_subpackage_name python311-selinux
-%define python_base_requirement python311
-%endif
-%else
-# Tumbleweed
-%define python_subpackage_name python3-selinux
-%define python_base_requirement python3
-%endif
-
+%define python_subpackage_only 1
 %define libsepol_ver 3.5
+%define upname libselinux
 Name:           libselinux-bindings
 Version:        3.5
 Release:        0
-Summary:        SELinux runtime library and simple utilities
+Summary:        SELinux runtime library and utilities
 License:        SUSE-Public-Domain
 Group:          Development/Libraries/C and C++
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz
-Source1:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz.asc
+Source0:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{upname}-%{version}.tar.gz
+Source1:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{upname}-%{version}.tar.gz.asc
 Source2:        libselinux.keyring
 Source3:        selinux-ready
 Source4:        baselibs.conf
 # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
 Patch4:         readv-proto.patch
+Patch5:         skip_cycles.patch
 # PATCH-FIX-UPSTREAM python3.8-compat.patch mcepl@suse.com
 # Make linking working even when default pkg-config doesn’t provide -lpython<ver>
-Patch5:         python3.8-compat.patch
-Patch6:         swig4_moduleimport.patch
+Patch6:         python3.8-compat.patch
+Patch7:         swig4_moduleimport.patch
+BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module pip}
-BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module wheel}
+BuildRequires:  fdupes
+BuildRequires:  libselinux-devel = %{version}
+BuildRequires:  libsepol-devel >= %{libsepol_ver}
 BuildRequires:  libsepol-devel-static >= %{libsepol_ver}
+BuildRequires:  pkgconfig
 BuildRequires:  python-rpm-macros
-BuildRequires:  python3-devel
 BuildRequires:  ruby-devel
 BuildRequires:  swig
 BuildRequires:  pkgconfig(libpcre2-8)
+%python_subpackages

 %description
 libselinux provides an interface to get and set process and file
 security contexts and to obtain security policy decisions.

-%package -n %{python_subpackage_name}
+%package -n python-selinux
 %define oldpython python
 Summary:        Python bindings for the SELinux runtime library
 Group:          Development/Libraries/Python
-Requires:       %{python_base_requirement}
 Requires:       libselinux1 = %{version}
+Obsoletes:      python-selinux < %{version}
+Provides:       python-selinux = %{version}
 %ifpython2
 Obsoletes:      %{oldpython}-selinux < %{version}
 Provides:       %{oldpython}-selinux = %{version}
 %endif

-%description -n %{python_subpackage_name}
+%description -n python-selinux
 libselinux provides an interface to get and set process and file
 security contexts and to obtain security policy decisions.

@ -105,21 +90,32 @@ This subpackage contains Ruby extensions to use SELinux from that
 language.

 %prep
-%setup -q -n libselinux-%{version}
-%autopatch -p1
+%autosetup -p1 -n %{upname}-%{version}

 %build
-make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" swigify V=1 USE_PCRE2=y
-make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" pywrap V=1 USE_PCRE2=y
-make %{?_smp_mflags} LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" rubywrap V=1 USE_PCRE2=y
+%{python_expand :
+%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" swigify USE_PCRE2=y PYTHON=$python
+%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" pywrap USE_PCRE2=y PYTHON=$python
+%make_build LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fno-semantic-interposition" rubywrap USE_PCRE2=y PYTHON=$python
+}

 %install
-make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a install-pywrap V=1
-make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" LIBSEPOLA=%{_libdir}/libsepol.a install-rubywrap V=1
-rm -rf %{buildroot}/%{_lib} %{buildroot}%{_libdir}/libselinux.* %{buildroot}%{_libdir}/pkgconfig
+mkdir -p %{buildroot}/%{_lib}
+mkdir -p %{buildroot}%{_libdir}
+mkdir -p %{buildroot}%{_includedir}
+mkdir -p %{buildroot}%{_sbindir}
+%{python_expand :
+make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" PYTHON=$python LIBSEPOLA=%{_libdir}/libsepol.a install-pywrap V=1
+make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}" PYTHON=$python LIBSEPOLA=%{_libdir}/libsepol.a install-rubywrap V=1
+}

-%files -n %{python_subpackage_name}
-%{python3_sitearch}/*selinux*
+# Remove duplicate files
+%fdupes -s %{buildroot}%{_mandir}
+
+%files %{python_files selinux}
+%{python_sitearch}/selinux
+%{python_sitearch}/selinux-%{version}*-info
+%{python_sitearch}/_selinux*

 %files -n ruby-selinux
 %{_libdir}/ruby/vendor_ruby/%{rb_ver}/%{rb_arch}/selinux.so
--- a/libselinux.changes
+++ b/libselinux.changes
@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Tue Aug  8 06:59:16 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Do not BuildRequire swig and ruby-devel in the main build phase:
+  those are only needed for the bindings.
+
+-------------------------------------------------------------------
+Fri Aug  4 13:14:14 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- (bsc#1212618) Divide libselinux and libselinux-bindings again.
+  libselinux itself is in Ring0 so it has to have absolutely
+  minimal dependencies, so it is better to separate
+  libselinux-bindings into a separate pacakge.
+
+-------------------------------------------------------------------
+Tue Jul  4 08:32:49 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Fix python packaging by setting the name to a fixed value
+
+-------------------------------------------------------------------
+Fri Jun 23 14:50:33 UTC 2023 - Matej Cepl <mcepl@suse.com>
+
+- Remove separate libselinux-bindings SPEC file (bsc#1212618).
+
+-------------------------------------------------------------------
+Tue Jun 20 13:34:39 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Add explicit BuildRequires for python3-pip and python3-wheel on
+  15.5, currently the macros don't do the right thing
+
+-------------------------------------------------------------------
+Thu Jun  1 11:50:33 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
+
+- allow building this with different python versions, to make this
+  usable for the new sle15 macro (using python3.11)
+
+-------------------------------------------------------------------
+Fri May  5 12:35:31 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add python-wheel build dependency to build correctly with latest
+  python-pip version.
+
 -------------------------------------------------------------------
 Thu May  4 14:04:04 UTC 2023 - Frederic Crozat <fcrozat@suse.com>

@ -29,6 +71,7 @@ Fri Feb 24 07:42:25 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
  * fix memory leaks on the audit2why module init
  * ignore invalid class name lookup
 - Drop restorecon_pin_file.patch, is upstream
+- Refreshed python3.8-compat.patch
 - Added additional developer key (Jason Zaman)

 -------------------------------------------------------------------
@ -126,6 +169,7 @@ Tue Jul 14 08:24:20 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
  * Support for new policy capability genfs_seclabel_symlinks
  * selinuxfs is mounted with noexec and nosuid
  * `security_compute_user()` was deprecated
+  * Refreshed python3.8-compat.patch

 -------------------------------------------------------------------
 Thu Mar 26 15:43:41 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
@ -146,6 +190,12 @@ Tue Mar  3 11:13:12 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
  Dropped Use-Python-distutils-to-install-SELinux.patch, included
  upstream

+-------------------------------------------------------------------
+Mon Dec 16 16:04:41 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
+
+- Added swig4_moduleimport.patch to prevent import errors due to
+  SWIG 4
+
 -------------------------------------------------------------------
 Wed Nov 13 08:03:39 UTC 2019 - Johannes Segitz <jsegitz@suse.de>

@ -153,6 +203,12 @@ Wed Nov 13 08:03:39 UTC 2019 - Johannes Segitz <jsegitz@suse.de>
  Python's distutils instead of building and installing python 
  bindings manually

+-------------------------------------------------------------------
+Wed Oct 30 17:21:00 CET 2019 - Matej Cepl <mcepl@suse.com>
+
+- Add python3.8-compat.patch which makes build possible even with
+  Python 3.8, which doesn’t automatically adds -lpython<ver>
+
 -------------------------------------------------------------------
 Mon Jun  3 09:34:17 UTC 2019 -  <jsegitz@suse.com>

@ -160,6 +216,10 @@ Mon Jun  3 09:34:17 UTC 2019 -  <jsegitz@suse.com>
  * Removed check for selinux-policy package as we don't ship one
    (bsc#1136845)
  * Add check that restorecond is installed and enabled 
+-------------------------------------------------------------------
+Tue May 28 08:28:03 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Disable LTO (boo#1133244).

 -------------------------------------------------------------------
 Fri May 24 11:22:19 UTC 2019 -  <jsegitz@suse.com>
@ -211,6 +271,12 @@ Mon May 14 22:45:54 UTC 2018 - mcepl@cepl.eu
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt

+-------------------------------------------------------------------
+Fri Mar 16 15:25:10 UTC 2018 - jsegitz@suse.com
+
+- Updated spec file to use python3. Added python3.patch to fix
+  build
+
 -------------------------------------------------------------------
 Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com

@ -340,6 +406,12 @@ Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com

 - fixed selinux-ready to work with initrd files created by dracut (bsc#940006)

+-------------------------------------------------------------------
+Wed May 27 11:53:54 UTC 2015 - dimstar@opensuse.org
+
+- Update libselinux-2.2-ruby.patch: use RbConfig instead of
+  deprecated Config.
+
 -------------------------------------------------------------------
 Mon Sep  8 08:25:11 UTC 2014 - jsegitz@suse.com

@ -447,6 +519,7 @@ Fri Mar 29 15:12:50 UTC 2013 - vcizek@suse.com
 Wed Jan 30 11:44:45 UTC 2013 - vcizek@suse.com

 - update to 2.1.12
+- added BuildRequires: pcre-devel
  - added the recent libselinux-rhat.patch
  * Add support for lxc_contexts_path
  * utils: add service to getdefaultcon
@ -541,6 +614,7 @@ Fri Jun  1 18:34:04 CEST 2012 - mls@suse.de
  * selinux_status interfaces
  * simple interface for access checks
  * multiple bug fixes
+- fix build for ruby-1.9

 -------------------------------------------------------------------
 Wed Oct  5 15:09:25 UTC 2011 - uli@suse.com
--- a/libselinux.spec
+++ b/libselinux.spec
@ -32,8 +32,13 @@ Source4:        baselibs.conf
 # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
 Patch4:         readv-proto.patch
 Patch5:         skip_cycles.patch
+# PATCH-FIX-UPSTREAM python3.8-compat.patch mcepl@suse.com
+# Make linking working even when default pkg-config doesn’t provide -lpython<ver>
+Patch6:         python3.8-compat.patch
+Patch7:         swig4_moduleimport.patch
 BuildRequires:  fdupes
 BuildRequires:  libsepol-devel >= %{libsepol_ver}
+BuildRequires:  libsepol-devel-static >= %{libsepol_ver}
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(libpcre2-8)

@ -57,8 +62,8 @@ Security.)
 %package -n selinux-tools
 Summary:        SELinux command-line utilities
 Group:          System/Base
-Provides:       libselinux-utils = %{version}-%{release}
 Requires:       libselinux1 = %{version}
+Provides:       libselinux-utils = %{version}-%{release}

 %description -n selinux-tools
 Security-enhanced Linux is a feature of the kernel and some
@ -98,19 +103,21 @@ This package contains the static development files, which are
 necessary to develop your own software using libselinux.

 %prep
-%setup -q -n libselinux-%{version}
-%patch4 -p1
-%patch5 -p1
+%autosetup -p1 -n libselinux-%{version}

 %build
-make %{?_smp_mflags} LIBDIR="%{_libdir}" CC="gcc" CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" USE_PCRE2=y
+%make_build LIBDIR="%{_libdir}" CC="gcc" \
+    CFLAGS="%{optflags} -fno-semantic-interposition -ffat-lto-objects" \
+    USE_PCRE2=y

 %install
 mkdir -p %{buildroot}/%{_lib}
 mkdir -p %{buildroot}%{_libdir}
 mkdir -p %{buildroot}%{_includedir}
 mkdir -p %{buildroot}%{_sbindir}
-make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_sbindir}" install
+make DESTDIR=%{buildroot} LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" \
+    BINDIR="%{_sbindir}" install
+
 mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
 mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir}/selinux-ready