diff options
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/checkpolicy/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 1 | ||||
-rw-r--r-- | pkgs/os-specific/linux/libselinux/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/libsemanage/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/libsepol/default.nix | 23 | ||||
-rw-r--r-- | pkgs/os-specific/linux/nftables/default.nix | 7 | ||||
-rw-r--r-- | pkgs/os-specific/linux/policycoreutils/default.nix | 10 | ||||
-rw-r--r-- | pkgs/os-specific/linux/selinux-python/default.nix | 9 | ||||
-rw-r--r-- | pkgs/os-specific/linux/selinux-sandbox/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/semodule-utils/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/sepolgen/default.nix | 24 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/service-wrapper/service-wrapper.sh | 70 | ||||
-rw-r--r-- | pkgs/os-specific/linux/setools/default.nix | 12 |
13 files changed, 75 insertions, 121 deletions
diff --git a/pkgs/os-specific/linux/checkpolicy/default.nix b/pkgs/os-specific/linux/checkpolicy/default.nix index c3d8928c7ba..52cf0a3ec03 100644 --- a/pkgs/os-specific/linux/checkpolicy/default.nix +++ b/pkgs/os-specific/linux/checkpolicy/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "checkpolicy"; - version = "2.9"; - inherit (libsepol) se_release se_url; + version = "3.3"; + inherit (libsepol) se_url; src = fetchurl { - url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz"; - sha256 = "13jz6f8zdrijvn5w1j102b36fs41z0q8ii74axw48cj550mw6im9"; + url = "${se_url}/${version}/checkpolicy-${version}.tar.gz"; + sha256 = "118l8c2vvnnckbd269saslr7adv6rdavr5rv0z5vh2m1lgglxj15"; }; nativeBuildInputs = [ bison flex ]; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index e492bb1ba56..9ddb4ef3800 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -41,6 +41,7 @@ let (whenAtLeast "5.2" yes) ]; DEBUG_INFO_BTF = whenAtLeast "5.2" (option yes); + BPF_LSM = whenAtLeast "5.7" (option yes); DEBUG_KERNEL = yes; DEBUG_DEVRES = no; DYNAMIC_DEBUG = yes; diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix index fcea787ed79..1e0a2945162 100644 --- a/pkgs/os-specific/linux/libselinux/default.nix +++ b/pkgs/os-specific/linux/libselinux/default.nix @@ -9,14 +9,14 @@ with lib; stdenv.mkDerivation rec { pname = "libselinux"; - version = "3.0"; - inherit (libsepol) se_release se_url; + version = "3.3"; + inherit (libsepol) se_url; outputs = [ "bin" "out" "dev" "man" ] ++ optional enablePython "py"; src = fetchurl { - url = "${se_url}/${se_release}/libselinux-${version}.tar.gz"; - sha256 = "0cr4p0qkr4qd5z1x677vwhz6mlz55kxyijwi2dmrvbhxcw7v78if"; + url = "${se_url}/${version}/libselinux-${version}.tar.gz"; + sha256 = "0mvh793g7fg6wb6zqhkdyrv80x6k84ypqwi8ii89c91xcckyxzdc"; }; nativeBuildInputs = [ pkg-config ] ++ optionals enablePython [ swig python3 ]; diff --git a/pkgs/os-specific/linux/libsemanage/default.nix b/pkgs/os-specific/linux/libsemanage/default.nix index 0f9f26c8c5b..d828c38be1d 100644 --- a/pkgs/os-specific/linux/libsemanage/default.nix +++ b/pkgs/os-specific/linux/libsemanage/default.nix @@ -6,12 +6,12 @@ with lib; stdenv.mkDerivation rec { pname = "libsemanage"; - version = "2.9"; - inherit (libsepol) se_release se_url; + version = "3.3"; + inherit (libsepol) se_url; src = fetchurl { - url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz"; - sha256 = "075w6y3l9hiy5hicgwrmijyxmhfyd1r7cnc08qxyg4j46jfk8xi5"; + url = "${se_url}/${version}/libsemanage-${version}.tar.gz"; + sha256 = "1s3wb66l47blc15s6lkqs11j9l8pycdqqbb03x3vpfrlz9dfrl44"; }; outputs = [ "out" "dev" "man" ] ++ optional enablePython "py"; diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix index e90c0894209..c1df217944c 100644 --- a/pkgs/os-specific/linux/libsepol/default.nix +++ b/pkgs/os-specific/linux/libsepol/default.nix @@ -2,31 +2,16 @@ stdenv.mkDerivation rec { pname = "libsepol"; - version = "3.0"; - se_release = "20191204"; + version = "3.3"; se_url = "https://github.com/SELinuxProject/selinux/releases/download"; outputs = [ "bin" "out" "dev" "man" ]; src = fetchurl { - url = "${se_url}/${se_release}/libsepol-${version}.tar.gz"; - sha256 = "0ygb6dh5lng91xs6xiqf5v0nxa68qmjc787p0s5h9w89364f2yjv"; + url = "${se_url}/${version}/libsepol-${version}.tar.gz"; + sha256 = "12r39ygn7aa1kz52wibfr4520m0cp75hlrn3i6rnjqa6p0zdz5rd"; }; - patches = [ - # upstream build fix against -fno-common compilers like >=gcc-10 - (fetchpatch { - url = "https://github.com/SELinuxProject/selinux/commit/a96e8c59ecac84096d870b42701a504791a8cc8c.patch"; - sha256 = "0aybv4kzbhx8xq6s82dsh4ib76k59qzh2bgxmk44iq5cjnqn5rd6"; - stripLen = 1; - }) - (fetchpatch { - url = "https://github.com/SELinuxProject/selinux/commit/3d32fc24d6aff360a538c63dad08ca5c957551b0.patch"; - sha256 = "1mphwdlj4d6mwmsp5xkpf6ci4rxhgbi3fm79d08h4jbzxaf4wny4"; - stripLen = 1; - }) - ]; - postPatch = lib.optionalString stdenv.hostPlatform.isStatic '' substituteInPlace src/Makefile --replace 'all: $(LIBA) $(LIBSO)' 'all: $(LIBA)' sed -i $'/^\t.*LIBSO/d' src/Makefile @@ -46,7 +31,7 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = "-Wno-error"; - passthru = { inherit se_release se_url; }; + passthru = { inherit se_url; }; meta = with lib; { description = "SELinux binary policy manipulation library"; diff --git a/pkgs/os-specific/linux/nftables/default.nix b/pkgs/os-specific/linux/nftables/default.nix index ebca6b2623c..0b6291226bc 100644 --- a/pkgs/os-specific/linux/nftables/default.nix +++ b/pkgs/os-specific/linux/nftables/default.nix @@ -10,12 +10,12 @@ with lib; stdenv.mkDerivation rec { - version = "1.0.0"; + version = "1.0.1"; pname = "nftables"; src = fetchurl { url = "https://netfilter.org/projects/nftables/files/${pname}-${version}.tar.bz2"; - sha256 = "1x25zs2czmn14mmq1nqi4zibsvh04vqjbx5lxj42nylnmxym9gsq"; + sha256 = "08x4xw0s5sap3q7jfr91v7mrkxrydi4dvsckw85ims0qb1ibmviw"; }; nativeBuildInputs = [ @@ -35,6 +35,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-json" + "--with-cli=readline" # TODO: maybe switch to editline ] ++ optional (!withDebugSymbols) "--disable-debug" ++ optional (!withPython) "--disable-python" ++ optional withPython "--enable-python" @@ -45,6 +46,6 @@ stdenv.mkDerivation rec { homepage = "https://netfilter.org/projects/nftables/"; license = licenses.gpl2Only; platforms = platforms.linux; - maintainers = with maintainers; [ izorkin ]; + maintainers = with maintainers; [ izorkin ajs124 ]; }; } diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index 7e2ff29325a..c066dd4c4c5 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "policycoreutils"; - version = "2.9"; - inherit (libsepol) se_release se_url; + version = "3.3"; + inherit (libsepol) se_url; src = fetchurl { - url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz"; - sha256 = "0yqg5ws5gbl1cbn8msxdk1c3ilmmx58qg5dx883kqyq0517k8g65"; + url = "${se_url}/${version}/policycoreutils-${version}.tar.gz"; + sha256 = "0y0hl32b2ks7r0fhbx3k2j1gqqms5aplyasjs3fz50caxl6096a1"; }; postPatch = '' @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { makeFlags = [ "PREFIX=$(out)" - "SBINDIR=$(out)/sbin" + "SBINDIR=$(out)/bin" "ETCDIR=$(out)/etc" "BASHCOMPLETIONDIR=$out/share/bash-completion/completions" "LOCALEDIR=$(out)/share/locale" diff --git a/pkgs/os-specific/linux/selinux-python/default.nix b/pkgs/os-specific/linux/selinux-python/default.nix index b6394b3e1f6..c50f4ffccd0 100644 --- a/pkgs/os-specific/linux/selinux-python/default.nix +++ b/pkgs/os-specific/linux/selinux-python/default.nix @@ -7,13 +7,13 @@ with lib; stdenv.mkDerivation rec { pname = "selinux-python"; - version = "2.9"; + version = "3.3"; - inherit (libsepol) se_release se_url; + inherit (libsepol) se_url; src = fetchurl { - url = "${se_url}/${se_release}/selinux-python-${version}.tar.gz"; - sha256 = "1pjzsyay5535cxcjag7y7k193ajry0s0xc3dqv5905qd7cwval1n"; + url = "${se_url}/${version}/selinux-python-${version}.tar.gz"; + sha256 = "1v244hpb45my303793xa4kcn7qnxjgxn4ja7rdn9k1q361hi1nca"; }; strictDeps = true; @@ -49,4 +49,3 @@ stdenv.mkDerivation rec { platforms = platforms.linux; }; } - diff --git a/pkgs/os-specific/linux/selinux-sandbox/default.nix b/pkgs/os-specific/linux/selinux-sandbox/default.nix index a10588bacf1..0d2843d216a 100644 --- a/pkgs/os-specific/linux/selinux-sandbox/default.nix +++ b/pkgs/os-specific/linux/selinux-sandbox/default.nix @@ -9,12 +9,12 @@ with python3.pkgs; stdenv.mkDerivation rec { pname = "selinux-sandbox"; - version = "2.9"; - inherit (policycoreutils) se_release se_url; + version = "3.3"; + inherit (policycoreutils) se_url; src = fetchurl { - url = "${se_url}/${se_release}/selinux-sandbox-${version}.tar.gz"; - sha256 = "0qj20jyi8v1653xdqj5yak3wwbvg5bw8f2jmx8fpahl6y1bmz481"; + url = "${se_url}/${version}/selinux-sandbox-${version}.tar.gz"; + sha256 = "0rw8pxfqhl6ww4w31fbf4hi3zilh1n3b1rfjm7ra76mm78wfyylj"; }; nativeBuildInputs = [ wrapPython ]; diff --git a/pkgs/os-specific/linux/semodule-utils/default.nix b/pkgs/os-specific/linux/semodule-utils/default.nix index b76e715dbc2..5c8d83c3f82 100644 --- a/pkgs/os-specific/linux/semodule-utils/default.nix +++ b/pkgs/os-specific/linux/semodule-utils/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "semodule-utils"; - version = "2.9"; + version = "3.3"; - inherit (libsepol) se_release se_url; + inherit (libsepol) se_url; src = fetchurl { - url = "${se_url}/${se_release}/${pname}-${version}.tar.gz"; - sha256 = "01yrwnd3calmw6r8kdh8ld7i7fb250n2yqqqk9p0ymrlwsg6g0w0"; + url = "${se_url}/${version}/${pname}-${version}.tar.gz"; + sha256 = "0qvhl40a6jlm8p719nnlw2ghlxbh8lxbcsd59azxp884bxgfr61h"; }; buildInputs = [ libsepol ]; diff --git a/pkgs/os-specific/linux/sepolgen/default.nix b/pkgs/os-specific/linux/sepolgen/default.nix deleted file mode 100644 index f7ef1cb9c3a..00000000000 --- a/pkgs/os-specific/linux/sepolgen/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ lib, stdenv, fetchurl, libsepol, python }: - -stdenv.mkDerivation rec { - pname = "sepolgen"; - version = "1.2.2"; - inherit (libsepol) se_release se_url; - - src = fetchurl { - url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz"; - sha256 = "09139kspr41zgksayi4dh982p8080lrfl96p4dld51nknbpaigdy"; - }; - - preBuild = '' - makeFlagsArray+=("PREFIX=$out") - makeFlagsArray+=("DESTDIR=$out") - makeFlagsArray+=("PYTHONLIBDIR=lib/${python.libPrefix}/site-packages") - ''; - - meta = with lib; { - inherit (libsepol.meta) homepage platforms maintainers; - description = "SELinux policy generation library"; - license = licenses.gpl2; - }; -} diff --git a/pkgs/os-specific/linux/service-wrapper/service-wrapper.sh b/pkgs/os-specific/linux/service-wrapper/service-wrapper.sh index a7c3bc9758b..2889adc1868 100755 --- a/pkgs/os-specific/linux/service-wrapper/service-wrapper.sh +++ b/pkgs/os-specific/linux/service-wrapper/service-wrapper.sh @@ -33,12 +33,12 @@ is_ignored_file() { - case "$1" in - skeleton | README | *.dpkg-dist | *.dpkg-old | rc | rcS | single | reboot | bootclean.sh) - return 0 - ;; - esac - return 1 + case "$1" in + skeleton | README | *.dpkg-dist | *.dpkg-old | rc | rcS | single | reboot | bootclean.sh) + return 0 + ;; + esac + return 1 } VERSION=$(@coreutils@/bin/basename $0)" ver. 19-04" @@ -75,35 +75,35 @@ while [ $# -gt 0 ]; do if [ -z "${SERVICE}" -a $# -eq 1 -a "${1}" = "--status-all" ]; then if [ -d "${SERVICEDIR}" ]; then cd ${SERVICEDIR} - for SERVICE in * ; do - case "${SERVICE}" in - functions | halt | killall | single| linuxconf| kudzu) - ;; - *) - if ! is_ignored_file "${SERVICE}" \ - && [ -x "${SERVICEDIR}/${SERVICE}" ]; then - out=$(env -i LANG="$LANG" LANGUAGE="$LANGUAGE" LC_CTYPE="$LC_CTYPE" LC_NUMERIC="$LC_NUMERIC" LC_TIME="$LC_TIME" LC_COLLATE="$LC_COLLATE" LC_MONETARY="$LC_MONETARY" LC_MESSAGES="$LC_MESSAGES" LC_PAPER="$LC_PAPER" LC_NAME="$LC_NAME" LC_ADDRESS="$LC_ADDRESS" LC_TELEPHONE="$LC_TELEPHONE" LC_MEASUREMENT="$LC_MEASUREMENT" LC_IDENTIFICATION="$LC_IDENTIFICATION" LC_ALL="$LC_ALL" PATH="$PATH" TERM="$TERM" "$SERVICEDIR/$SERVICE" status 2>&1) - retval=$? - if echo "$out" | egrep -iq "usage:"; then - #printf " %s %-60s %s\n" "[?]" "$SERVICE:" "unknown" 1>&2 - echo " [ ? ] $SERVICE" 1>&2 - continue - else - if [ "$retval" = "0" -a -n "$out" ]; then - #printf " %s %-60s %s\n" "[+]" "$SERVICE:" "running" - echo " [ + ] $SERVICE" - continue - else - #printf " %s %-60s %s\n" "[-]" "$SERVICE:" "NOT running" - echo " [ - ] $SERVICE" - continue - fi - fi - #env -i LANG="$LANG" LANGUAGE="$LANGUAGE" LC_CTYPE="$LC_CTYPE" LC_NUMERIC="$LC_NUMERIC" LC_TIME="$LC_TIME" LC_COLLATE="$LC_COLLATE" LC_MONETARY="$LC_MONETARY" LC_MESSAGES="$LC_MESSAGES" LC_PAPER="$LC_PAPER" LC_NAME="$LC_NAME" LC_ADDRESS="$LC_ADDRESS" LC_TELEPHONE="$LC_TELEPHONE" LC_MEASUREMENT="$LC_MEASUREMENT" LC_IDENTIFICATION="$LC_IDENTIFICATION" LC_ALL="$LC_ALL" PATH="$PATH" TERM="$TERM" "$SERVICEDIR/$SERVICE" status - fi - ;; - esac - done + for SERVICE in * ; do + case "${SERVICE}" in + functions | halt | killall | single| linuxconf| kudzu) + ;; + *) + if ! is_ignored_file "${SERVICE}" \ + && [ -x "${SERVICEDIR}/${SERVICE}" ]; then + out=$(env -i LANG="$LANG" LANGUAGE="$LANGUAGE" LC_CTYPE="$LC_CTYPE" LC_NUMERIC="$LC_NUMERIC" LC_TIME="$LC_TIME" LC_COLLATE="$LC_COLLATE" LC_MONETARY="$LC_MONETARY" LC_MESSAGES="$LC_MESSAGES" LC_PAPER="$LC_PAPER" LC_NAME="$LC_NAME" LC_ADDRESS="$LC_ADDRESS" LC_TELEPHONE="$LC_TELEPHONE" LC_MEASUREMENT="$LC_MEASUREMENT" LC_IDENTIFICATION="$LC_IDENTIFICATION" LC_ALL="$LC_ALL" PATH="$PATH" TERM="$TERM" "$SERVICEDIR/$SERVICE" status 2>&1) + retval=$? + if echo "$out" | egrep -iq "usage:"; then + #printf " %s %-60s %s\n" "[?]" "$SERVICE:" "unknown" 1>&2 + echo " [ ? ] $SERVICE" 1>&2 + continue + else + if [ "$retval" = "0" -a -n "$out" ]; then + #printf " %s %-60s %s\n" "[+]" "$SERVICE:" "running" + echo " [ + ] $SERVICE" + continue + else + #printf " %s %-60s %s\n" "[-]" "$SERVICE:" "NOT running" + echo " [ - ] $SERVICE" + continue + fi + fi + #env -i LANG="$LANG" LANGUAGE="$LANGUAGE" LC_CTYPE="$LC_CTYPE" LC_NUMERIC="$LC_NUMERIC" LC_TIME="$LC_TIME" LC_COLLATE="$LC_COLLATE" LC_MONETARY="$LC_MONETARY" LC_MESSAGES="$LC_MESSAGES" LC_PAPER="$LC_PAPER" LC_NAME="$LC_NAME" LC_ADDRESS="$LC_ADDRESS" LC_TELEPHONE="$LC_TELEPHONE" LC_MEASUREMENT="$LC_MEASUREMENT" LC_IDENTIFICATION="$LC_IDENTIFICATION" LC_ALL="$LC_ALL" PATH="$PATH" TERM="$TERM" "$SERVICEDIR/$SERVICE" status + fi + ;; + esac + done else systemctl $sctl_args list-units fi diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix index 842a525353d..9d547d2007e 100644 --- a/pkgs/os-specific/linux/setools/default.nix +++ b/pkgs/os-specific/linux/setools/default.nix @@ -1,6 +1,5 @@ { lib, fetchFromGitHub, python3 , libsepol, libselinux, checkpolicy -, fetchpatch , withGraphics ? false }: @@ -9,22 +8,15 @@ with python3.pkgs; buildPythonApplication rec { pname = "setools"; - version = "4.3.0"; + version = "4.4.0"; src = fetchFromGitHub { owner = "SELinuxProject"; repo = pname; rev = version; - sha256 = "0vr20bi8w147z5lclqz1l0j1b34137zg2r04pkafkgqqk7qbyjk6"; + sha256 = "1qvd5j6zwq4fmlahg45swjplhif2z89x7s6pnp07gvcp2fbqdsh5"; }; - patches = [ - (fetchpatch { # included in 4.4.0 - url = "https://github.com/SELinuxProject/setools/commit/f1b4a5d375be05fbccedb258c940d771bff8e524.diff"; - sha256 = "1r38s6i4i6bdr2zdp5wcg1yifpf3pd018c73a511mgynyg7d11xy"; - }) - ]; - nativeBuildInputs = [ cython ]; buildInputs = [ libsepol ]; propagatedBuildInputs = [ enum34 libselinux networkx ] |