Upgrade selinux from 20100904 -> 20131030

7 files changed, 66 insertions, 31 deletions

diff --git a/pkgs/os-specific/linux/checkpolicy/default.nix b/pkgs/os-specific/linux/checkpolicy/default.nix
index 9125c84bd7a..a718b3656c4 100644
--- a/pkgs/os-specific/linux/checkpolicy/default.nix
+++ b/pkgs/os-specific/linux/checkpolicy/default.nix
@@ -2,12 +2,12 @@
 stdenv.mkDerivation rec {
 
   name = "checkpolicy-${version}";
-  version = "2.1.11";
+  version = "2.2";
   inherit (libsepol) se_release se_url;
 
   src = fetchurl {
     url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz";
-    sha256 = "1wahs32l4jjlg0s3lyihdhvwmsy7yyvq5pk96q9lsiilc5vvrb06";
+    sha256 = "1y5dx4s5k404fgpm7hlhgw8a9b9ksn3q2d3fj6f9rdac9n7nkxlz";
   };
 
   buildInputs = [ libsepol libselinux bison flex ];
diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix
index 01935e76632..2dd5bdfb24c 100644
--- a/pkgs/os-specific/linux/libselinux/default.nix
+++ b/pkgs/os-specific/linux/libselinux/default.nix
@@ -8,7 +8,7 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   name = "libselinux-${version}";
-  version = "2.1.12";
+  version = "2.2.1";
   inherit (libsepol) se_release se_url;
 
   src = fetchurl {
@@ -16,30 +16,22 @@ stdenv.mkDerivation rec {
     sha256 = "17navgvljgq35bljzcdwjdj3khajc27s15binr51xkp0h29qgbcd";
   };
 
-  patch_src = fetchurl {
-    url = "http://dev.gentoo.org/~swift/patches/libselinux/patchbundle-${name}-r2.tar.gz";
-    sha256 = "08zaas8iwyf4w9ll1ylyv4gril1nfarckd5h1l53563sxzyf7dqh";
-  };
-
-  patches = [ ./fPIC.patch ]; # libsemanage seems to need -fPIC everywhere
-
   buildInputs = [ pkgconfig libsepol pcre ]
              ++ optionals enablePython [ swig python ];
 
-  prePatch = ''
-    tar xvf ${patch_src}
-    for p in gentoo-patches/*.patch; do
-      patch -p1 < "$p"
-    done
-  '';
-
   postPatch = optionalString enablePython ''
     sed -i -e 's|\$(LIBDIR)/libsepol.a|${libsepol}/lib/libsepol.a|' src/Makefile
   '';
 
-  installFlags = [ "PREFIX=$(out)" "DESTDIR=$(out)" "LIBSEPOLDIR=${libsepol}" ];
+  installFlags = [ "PREFIX=$(out)" "DESTDIR=$(out)" ];
   installTargets = [ "install" ] ++ optional enablePython "install-pywrap";
 
+  # TODO: Figure out why the build incorrectly links libselinux.so
+  postInstall = ''
+    rm $out/lib/libselinux.so
+    ln -s libselinux.so.1 $out/lib/libselinux.so
+  '';
+
   meta = {
     inherit (libsepol.meta) homepage platforms maintainers;
   };
diff --git a/pkgs/os-specific/linux/libsemanage/default.nix b/pkgs/os-specific/linux/libsemanage/default.nix
index 28908189cf3..afd83f73080 100644
--- a/pkgs/os-specific/linux/libsemanage/default.nix
+++ b/pkgs/os-specific/linux/libsemanage/default.nix
@@ -1,13 +1,13 @@
-{ stdenv, fetchurl, libsepol, libselinux, ustr, bzip2, bison, flex }:
+{ stdenv, fetchurl, libsepol, libselinux, ustr, bzip2, bison, flex, audit }:
 stdenv.mkDerivation rec {
 
   name = "libsemanage-${version}";
-  version = "2.1.9";
+  version = "2.2";
   inherit (libsepol) se_release se_url;
 
   src = fetchurl {
     url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz";
-    sha256 = "1k1my3n1pj30c5887spykcdk1brgxfpxmrz6frxjyhaijxzx20bg";
+    sha256 = "0xdx0dwcsyw4kv9l6xwdkfg6v7fc9b5y176rkg6n6q0w1zx0pxhi";
   };
 
   makeFlags = "PREFIX=$(out) DESTDIR=$(out)";
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE = "-fstack-protector-all";
   NIX_CFLAGS_LINK = "-lsepol";
 
-  buildInputs = [ libsepol libselinux ustr bzip2 bison flex ];
+  buildInputs = [ libsepol libselinux ustr bzip2 bison flex audit ];
 
   meta = with stdenv.lib; {
     inherit (libsepol.meta) homepage platforms maintainers;
diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix
index d41d1cbe752..793137aa21a 100644
--- a/pkgs/os-specific/linux/libsepol/default.nix
+++ b/pkgs/os-specific/linux/libsepol/default.nix
@@ -2,17 +2,23 @@
 
 stdenv.mkDerivation rec {
   name = "libsepol-${version}";
-  version = "2.1.8";
-  se_release = "20120924";
+  version = "2.2";
+  se_release = "20131030";
   se_url = "${meta.homepage}/releases";
 
   src = fetchurl {
     url = "${se_url}/${se_release}/libsepol-${version}.tar.gz";
-    sha256 = "1w38q3lmha5m9aps9w844i51yw4b8q1vhpng2kdywn2n8cpdvvk3";
+    sha256 = "03zw6clp00cmi49x8iq8svhrp91jrcw0093zpnyhan190rqb593p";
   };
 
   preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
 
+  # TODO: Figure out why the build incorrectly links libsepol.so
+  postInstall = ''
+    rm $out/lib/libsepol.so
+    ln -s libsepol.so.1 $out/lib/libsepol.so
+  '';
+
   passthru = { inherit se_release se_url meta; };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix
index e49525a42bf..5c7e704390b 100644
--- a/pkgs/os-specific/linux/policycoreutils/default.nix
+++ b/pkgs/os-specific/linux/policycoreutils/default.nix
@@ -1,23 +1,24 @@
 { stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup
-, libsepol, libselinux, libsemanage
+, libsepol, libselinux, libsemanage, setools
 , python, sepolgen }:
 stdenv.mkDerivation rec {
 
   name = "policycoreutils-${version}";
-  version = "2.1.13";
+  version = "2.2.4";
   inherit (libsepol) se_release se_url;
 
   src = fetchurl {
     url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz";
-    sha256 = "1145nbpwndmhma08vvj1j75bjd8xhjal0vjpazlrw78iyc30y11l";
+    sha256 = "08zpd2a2j45j1qkmq9sz084r2xr0fky1cnld45sn8w5xgdw8k81n";
   };
 
   patchPhase = ''
     substituteInPlace po/Makefile --replace /usr/bin/install install
+    find . -type f -exec sed -i 's,/usr/bin/python,${python}/bin/python,' {} \;
   '';
 
   buildInputs = [ intltool pcre libcap_ng libcgroup
-    libsepol libselinux  libsemanage
+    libsepol libselinux libsemanage setools
     python sepolgen # ToDo? these are optional
   ];
 
@@ -25,6 +26,11 @@ stdenv.mkDerivation rec {
     mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib"
   '';
 
+  # Creation of the system-config-selinux directory is broken
+  preInstall = ''
+    mkdir -p $out/share/system-config-selinux
+  '';
+
   NIX_CFLAGS_COMPILE = "-fstack-protector-all";
   NIX_LDFLAGS = "-lsepol -lpcre";
 
diff --git a/pkgs/os-specific/linux/sepolgen/default.nix b/pkgs/os-specific/linux/sepolgen/default.nix
index 7139ec98c28..812b100699f 100644
--- a/pkgs/os-specific/linux/sepolgen/default.nix
+++ b/pkgs/os-specific/linux/sepolgen/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   name = "sepolgen-${version}";
-  version = "1.1.8";
+  version = "1.2.1";
   inherit (libsepol) se_release se_url;
 
   src = fetchurl {
     url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz";
-    sha256 = "1sssc9d4wz7l23yczlzplsmdr891sqr9w34ccn1bfwlnc4q63xdm";
+    sha256 = "1c41hz4a64mjvbfhgc7c7plydahsc161z0qn46qz2g3bvimj9323";
   };
 
   makeFlags = "PREFIX=$(out) DESTDIR=$(out) PYTHONLIBDIR=lib/${python.libPrefix}/site-packages";
diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix
new file mode 100644
index 00000000000..c95d27005ef
--- /dev/null
+++ b/pkgs/os-specific/linux/setools/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, fetchurl, autoreconfHook, pkgconfig, bison, flex
+, python, swig2, tcl, libsepol, libselinux, libxml2, sqlite, bzip2 }:
+
+stdenv.mkDerivation rec {
+  name = "setools-3.3.8";
+
+  src = fetchurl {
+    url = "http://oss.tresys.com/projects/setools/chrome/site/dists/${name}/${name}.tar.bz2";
+    sha256 = "16g987ijaxabc30zyjzia4nafq49rm038y1pm4vca7i3kb67wf24";
+  };
+
+  # SWIG-TCL is broken in 3.3.8
+  configureFlags = ''
+    --with-tcl=${tcl}/lib
+    --with-sepol-devel=${libsepol}
+    --with-selinux-devel=${libselinux}
+    --disable-gui
+    --disable-swig-tcl
+  '';
+
+  buildInputs = [ autoreconfHook pkgconfig bison flex python swig2 ];
+
+  nativeBuildInputs = [ tcl libsepol libselinux libxml2 sqlite bzip2 ];
+
+  meta = {
+    description = "SELinux Tools";
+    homepage = "http://oss.tresys.com/projects/setools/";
+    license = "GPLv2";
+    platforms = stdenv.lib.platforms.linux;
+  };
+}