From de70e3739d2e69806ddfd47efa8b21aa1864b15e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sun, 24 Feb 2013 13:25:53 +0100 Subject: [PATCH] SELinux fixes and updates to 2012-09-24 --- pkgs/development/libraries/ustr/default.nix | 5 ++- pkgs/development/libraries/ustr/va_args.patch | 23 ++++++++++++ .../os-specific/linux/checkpolicy/default.nix | 13 ++++--- pkgs/os-specific/linux/libselinux/default.nix | 31 ++++++++++++---- pkgs/os-specific/linux/libselinux/fPIC.patch | 13 +++++++ .../os-specific/linux/libsemanage/default.nix | 18 +++++----- pkgs/os-specific/linux/libsepol/default.nix | 19 +++++++--- .../linux/policycoreutils/default.nix | 36 +++++++++++++------ pkgs/os-specific/linux/sepolgen/default.nix | 22 ++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 10 files changed, 144 insertions(+), 38 deletions(-) create mode 100644 pkgs/development/libraries/ustr/va_args.patch create mode 100644 pkgs/os-specific/linux/libselinux/fPIC.patch create mode 100644 pkgs/os-specific/linux/sepolgen/default.nix diff --git a/pkgs/development/libraries/ustr/default.nix b/pkgs/development/libraries/ustr/default.nix index ebf9628126e2..b016a6f715c1 100644 --- a/pkgs/development/libraries/ustr/default.nix +++ b/pkgs/development/libraries/ustr/default.nix @@ -8,8 +8,11 @@ stdenv.mkDerivation rec { url = "http://www.and.org/ustr/${version}/${name}.tar.bz2"; sha256 = "1i623ygdj7rkizj7985q9d6vj5amwg686aqb5j3ixpkqkyp6xbrx"; }; + prePatch = "substituteInPlace Makefile --replace /usr/include/ ${glibc}/include/"; + patches = [ ./va_args.patch ]; # fixes bogus warnings that failed libsemanage + makeFlags = "DESTDIR=$(out) prefix= LDCONFIG=echo"; configurePhase = "make ustr-import"; @@ -21,4 +24,4 @@ stdenv.mkDerivation rec { license = licenses.bsd2; maintainers = [ maintainers.phreedom ]; }; -} \ No newline at end of file +} diff --git a/pkgs/development/libraries/ustr/va_args.patch b/pkgs/development/libraries/ustr/va_args.patch new file mode 100644 index 000000000000..f75b537485d8 --- /dev/null +++ b/pkgs/development/libraries/ustr/va_args.patch @@ -0,0 +1,23 @@ +diff --git a/ustr-compiler.h b/ustr-compiler.h +index 9e71276..c5f847a 100644 +--- a/ustr-compiler.h ++++ b/ustr-compiler.h +@@ -11,17 +11,11 @@ + #define USTR_CONF_HAVE_ATTR_FMT 1 + #endif + ++#include + /* We assume this is enough, + * C99 specifies that va_copy() exists and is a macro */ +-#ifdef va_copy + # define USTR_CONF_HAVE_VA_COPY 1 + # define USTR__VA_COPY(x, y) va_copy(x, y) +-#elif __va_copy +-# define USTR_CONF_HAVE_VA_COPY 1 +-# define USTR__VA_COPY(x, y) __va_copy(x, y) +-#else +-# define USTR_CONF_HAVE_VA_COPY 0 +-#endif + + #ifndef USTR_CONF_HAVE_ATTR_NONNULL + #if defined(__GNUC__) && (__GNUC__ > 3) /* not sure */ diff --git a/pkgs/os-specific/linux/checkpolicy/default.nix b/pkgs/os-specific/linux/checkpolicy/default.nix index a69249b216d3..9125c84bd7a1 100644 --- a/pkgs/os-specific/linux/checkpolicy/default.nix +++ b/pkgs/os-specific/linux/checkpolicy/default.nix @@ -2,11 +2,12 @@ stdenv.mkDerivation rec { name = "checkpolicy-${version}"; - version = "2.0.23"; + version = "2.1.11"; + inherit (libsepol) se_release se_url; src = fetchurl { - url = "http://userspace.selinuxproject.org/releases/20101221/devel/checkpolicy-2.0.23.tar.gz"; - sha256 = "1n34ggacds7xap039r6hqkxmkd4g2wgfkxjdnv3lirq3cqqi8cnd"; + url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz"; + sha256 = "1wahs32l4jjlg0s3lyihdhvwmsy7yyvq5pk96q9lsiilc5vvrb06"; }; buildInputs = [ libsepol libselinux bison flex ]; @@ -14,10 +15,8 @@ stdenv.mkDerivation rec { preBuild = '' makeFlags="$makeFlags LEX=flex LIBDIR=${libsepol}/lib PREFIX=$out" ''; meta = with stdenv.lib; { - homepage = http://userspace.selinuxproject.org/; description = "SELinux policy compiler"; license = licenses.gpl2; - maintainers = [ maintainers.phreedom ]; - platforms = platforms.linux; + inherit (libsepol.meta) homepage platforms maintainers; }; -} \ No newline at end of file +} diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix index 4be88a20e24a..873065d54244 100644 --- a/pkgs/os-specific/linux/libselinux/default.nix +++ b/pkgs/os-specific/linux/libselinux/default.nix @@ -1,15 +1,34 @@ -{stdenv, fetchurl, libsepol}: +{ stdenv, fetchurl, pkgconfig, libsepol, pcre }: stdenv.mkDerivation rec { name = "libselinux-${version}"; - version = "2.0.98"; + version = "2.1.12"; + inherit (libsepol) se_release se_url; src = fetchurl { - url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz"; - sha256 = "00irm7nyakgi4z8d6dlm6c70fkbl6rzk5w1w0ny2c564yw0d0dlz"; + url = "${se_url}/${se_release}/libselinux-${version}.tar.gz"; + sha256 = "17navgvljgq35bljzcdwjdj3khajc27s15binr51xkp0h29qgbcd"; }; - buildInputs = [ libsepol ]; + patch_src = fetchurl { + url = "http://dev.gentoo.org/~swift/patches/libselinux/patchbundle-${name}-r2.tar.gz"; + sha256 = "08zaas8iwyf4w9ll1ylyv4gril1nfarckd5h1l53563sxzyf7dqh"; + }; - preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" ''; + patches = [ ./fPIC.patch ]; # libsemanage seems to need -fPIC everywhere + + buildInputs = [ pkgconfig libsepol pcre ]; + + prePatch = '' + tar xvf ${patch_src} + for p in gentoo-patches/*.patch; do + patch -p1 < "$p" + done + ''; + + preInstall = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" ''; + + meta = { + inherit (libsepol.meta) homepage platforms maintainers; + }; } diff --git a/pkgs/os-specific/linux/libselinux/fPIC.patch b/pkgs/os-specific/linux/libselinux/fPIC.patch new file mode 100644 index 000000000000..fdc1fa41a335 --- /dev/null +++ b/pkgs/os-specific/linux/libselinux/fPIC.patch @@ -0,0 +1,13 @@ +diff --git a/src/Makefile b/src/Makefile +index ac019df..00432b9 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -132,7 +132,7 @@ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR) + + %.o: %.c policy.h +- $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< ++ $(CC) $(CFLAGS) $(TLSFLAGS) -fPIC -c -o $@ $< + + %.lo: %.c policy.h + $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< diff --git a/pkgs/os-specific/linux/libsemanage/default.nix b/pkgs/os-specific/linux/libsemanage/default.nix index 22e177191a57..28908189cf32 100644 --- a/pkgs/os-specific/linux/libsemanage/default.nix +++ b/pkgs/os-specific/linux/libsemanage/default.nix @@ -2,24 +2,24 @@ stdenv.mkDerivation rec { name = "libsemanage-${version}"; - version = "2.0.46"; + version = "2.1.9"; + inherit (libsepol) se_release se_url; src = fetchurl { - url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz"; - sha256 = "03ljdw48pn8vlk4h26w8z247c9wykp2198s1ksmxrai3avyz87wf"; + url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz"; + sha256 = "1k1my3n1pj30c5887spykcdk1brgxfpxmrz6frxjyhaijxzx20bg"; }; - NIX_LDFLAGS = "-lsepol"; - makeFlags = "PREFIX=$(out) DESTDIR=$(out)"; + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; + NIX_CFLAGS_LINK = "-lsepol"; + buildInputs = [ libsepol libselinux ustr bzip2 bison flex ]; meta = with stdenv.lib; { - homepage = http://userspace.selinuxproject.org/; + inherit (libsepol.meta) homepage platforms maintainers; description = "Policy management tools for SELinux"; license = licenses.lgpl21; - maintainers = [ maintainers.phreedom ]; - platforms = platforms.linux; }; -} \ No newline at end of file +} diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index 1751994e3de3..d41d1cbe7522 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -1,13 +1,24 @@ -{stdenv, fetchurl}: +{ stdenv, fetchurl }: stdenv.mkDerivation rec { name = "libsepol-${version}"; - version = "2.0.42"; + version = "2.1.8"; + se_release = "20120924"; + se_url = "${meta.homepage}/releases"; src = fetchurl { - url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz"; - sha256 = "0sg61mb9qhyh4vplasar6nwd6j123v453zss93qws3h95fhrfc08"; + url = "${se_url}/${se_release}/libsepol-${version}.tar.gz"; + sha256 = "1w38q3lmha5m9aps9w844i51yw4b8q1vhpng2kdywn2n8cpdvvk3"; }; preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" ''; + + passthru = { inherit se_release se_url meta; }; + + meta = with stdenv.lib; { + homepage = http://userspace.selinuxproject.org; + platforms = platforms.linux; + maintainers = [ maintainers.phreedom ]; + license = "GPLv2"; + }; } diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index b75405b42727..e49525a42bfc 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -1,25 +1,39 @@ -{ stdenv, fetchurl, libsepol, libselinux }: +{ stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup +, libsepol, libselinux, libsemanage +, python, sepolgen }: stdenv.mkDerivation rec { name = "policycoreutils-${version}"; - version = "2.0.85"; + version = "2.1.13"; + inherit (libsepol) se_release se_url; src = fetchurl { - url = http://userspace.selinuxproject.org/releases/20101221/devel/policycoreutils-2.0.85.tar.gz; - sha256 = "01q5ifacg24k9jdz85j9m17ps2l1p7abvh8pzy6qz55y68rycifb"; + url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz"; + sha256 = "1145nbpwndmhma08vvj1j75bjd8xhjal0vjpazlrw78iyc30y11l"; }; - buildInputs = [ libsepol libselinux ]; + patchPhase = '' + substituteInPlace po/Makefile --replace /usr/bin/install install + ''; - NIX_LDFLAGS = "-lsepol"; + buildInputs = [ intltool pcre libcap_ng libcgroup + libsepol libselinux libsemanage + python sepolgen # ToDo? these are optional + ]; - makeFlags = "LOCALEDIR=$(out)/share/locale"; + preBuild = '' + mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib" + ''; + + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; + NIX_LDFLAGS = "-lsepol -lpcre"; + + makeFlags = "PREFIX=$(out) DESTDIR=$(out) LOCALEDIR=$(out)/share/locale"; meta = with stdenv.lib; { - homepage = http://userspace.selinuxproject.org/; description = "SELinux policy core utilities"; license = licenses.gpl2; - maintainers = [ maintainers.phreedom ]; - platforms = platforms.linux; + inherit (libsepol.meta) homepage platforms maintainers; }; -} \ No newline at end of file +} + diff --git a/pkgs/os-specific/linux/sepolgen/default.nix b/pkgs/os-specific/linux/sepolgen/default.nix new file mode 100644 index 000000000000..7139ec98c285 --- /dev/null +++ b/pkgs/os-specific/linux/sepolgen/default.nix @@ -0,0 +1,22 @@ +{ stdenv, fetchurl, libsepol, python }: + +stdenv.mkDerivation rec { + name = "sepolgen-${version}"; + version = "1.1.8"; + inherit (libsepol) se_release se_url; + + src = fetchurl { + url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz"; + sha256 = "1sssc9d4wz7l23yczlzplsmdr891sqr9w34ccn1bfwlnc4q63xdm"; + }; + + makeFlags = "PREFIX=$(out) DESTDIR=$(out) PYTHONLIBDIR=lib/${python.libPrefix}/site-packages"; + + buildInputs = [ python ]; + + meta = with stdenv.lib; { + inherit (libsepol.meta) homepage platforms maintainers; + description = "SELinux policy generation library"; + license = licenses.gpl2; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f70045f2f66d..069d52d8ac6b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6174,6 +6174,8 @@ let sdparm = callPackage ../os-specific/linux/sdparm { }; + sepolgen = callPackage ../os-specific/linux/sepolgen { }; + shadow = callPackage ../os-specific/linux/shadow { }; splashutils = callPackage ../os-specific/linux/splashutils/default.nix { };