From de70e3739d2e69806ddfd47efa8b21aa1864b15e Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <vcunat@gmail.com>
Date: Sun, 24 Feb 2013 13:25:53 +0100
Subject: SELinux fixes and updates to 2012-09-24

---
 pkgs/os-specific/linux/checkpolicy/default.nix     | 13 ++++----
 pkgs/os-specific/linux/libselinux/default.nix      | 31 +++++++++++++++----
 pkgs/os-specific/linux/libselinux/fPIC.patch       | 13 ++++++++
 pkgs/os-specific/linux/libsemanage/default.nix     | 18 +++++------
 pkgs/os-specific/linux/libsepol/default.nix        | 19 +++++++++---
 pkgs/os-specific/linux/policycoreutils/default.nix | 36 +++++++++++++++-------
 pkgs/os-specific/linux/sepolgen/default.nix        | 22 +++++++++++++
 7 files changed, 115 insertions(+), 37 deletions(-)
 create mode 100644 pkgs/os-specific/linux/libselinux/fPIC.patch
 create mode 100644 pkgs/os-specific/linux/sepolgen/default.nix

(limited to 'pkgs/os-specific')

diff --git a/pkgs/os-specific/linux/checkpolicy/default.nix b/pkgs/os-specific/linux/checkpolicy/default.nix
index a69249b216d..9125c84bd7a 100644
--- a/pkgs/os-specific/linux/checkpolicy/default.nix
+++ b/pkgs/os-specific/linux/checkpolicy/default.nix
@@ -2,11 +2,12 @@
 stdenv.mkDerivation rec {
 
   name = "checkpolicy-${version}";
-  version = "2.0.23";
+  version = "2.1.11";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/checkpolicy-2.0.23.tar.gz";
-    sha256 = "1n34ggacds7xap039r6hqkxmkd4g2wgfkxjdnv3lirq3cqqi8cnd";
+    url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz";
+    sha256 = "1wahs32l4jjlg0s3lyihdhvwmsy7yyvq5pk96q9lsiilc5vvrb06";
   };
 
   buildInputs = [ libsepol libselinux bison flex ];
@@ -14,10 +15,8 @@ stdenv.mkDerivation rec {
   preBuild = '' makeFlags="$makeFlags LEX=flex LIBDIR=${libsepol}/lib PREFIX=$out" '';
 
   meta = with stdenv.lib; {
-    homepage = http://userspace.selinuxproject.org/;
     description = "SELinux policy compiler";
     license = licenses.gpl2;
-    maintainers = [ maintainers.phreedom ];
-    platforms = platforms.linux;
+    inherit (libsepol.meta) homepage platforms maintainers;
   };
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix
index 4be88a20e24..873065d5424 100644
--- a/pkgs/os-specific/linux/libselinux/default.nix
+++ b/pkgs/os-specific/linux/libselinux/default.nix
@@ -1,15 +1,34 @@
-{stdenv, fetchurl, libsepol}:
+{ stdenv, fetchurl, pkgconfig, libsepol, pcre }:
 
 stdenv.mkDerivation rec {
   name = "libselinux-${version}";
-  version = "2.0.98";
+  version = "2.1.12";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz";
-    sha256 = "00irm7nyakgi4z8d6dlm6c70fkbl6rzk5w1w0ny2c564yw0d0dlz";
+    url = "${se_url}/${se_release}/libselinux-${version}.tar.gz";
+    sha256 = "17navgvljgq35bljzcdwjdj3khajc27s15binr51xkp0h29qgbcd";
   };
 
-  buildInputs = [ libsepol ];
+  patch_src = fetchurl {
+    url = "http://dev.gentoo.org/~swift/patches/libselinux/patchbundle-${name}-r2.tar.gz";
+    sha256 = "08zaas8iwyf4w9ll1ylyv4gril1nfarckd5h1l53563sxzyf7dqh";
+  };
+
+  patches = [ ./fPIC.patch ]; # libsemanage seems to need -fPIC everywhere
+
+  buildInputs = [ pkgconfig libsepol pcre ];
 
-  preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
+  prePatch = ''
+    tar xvf ${patch_src}
+    for p in gentoo-patches/*.patch; do
+      patch -p1 < "$p"
+    done
+  '';
+
+  preInstall = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
+
+  meta = {
+    inherit (libsepol.meta) homepage platforms maintainers;
+  };
 }
diff --git a/pkgs/os-specific/linux/libselinux/fPIC.patch b/pkgs/os-specific/linux/libselinux/fPIC.patch
new file mode 100644
index 00000000000..fdc1fa41a33
--- /dev/null
+++ b/pkgs/os-specific/linux/libselinux/fPIC.patch
@@ -0,0 +1,13 @@
+diff --git a/src/Makefile b/src/Makefile
+index ac019df..00432b9 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -132,7 +132,7 @@ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
+ 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+ 
+ %.o:  %.c policy.h
+-	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
++	$(CC) $(CFLAGS) $(TLSFLAGS) -fPIC -c -o $@ $<
+ 
+ %.lo:  %.c policy.h
+ 	$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
diff --git a/pkgs/os-specific/linux/libsemanage/default.nix b/pkgs/os-specific/linux/libsemanage/default.nix
index 22e177191a5..28908189cf3 100644
--- a/pkgs/os-specific/linux/libsemanage/default.nix
+++ b/pkgs/os-specific/linux/libsemanage/default.nix
@@ -2,24 +2,24 @@
 stdenv.mkDerivation rec {
 
   name = "libsemanage-${version}";
-  version = "2.0.46";
+  version = "2.1.9";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz";
-    sha256 = "03ljdw48pn8vlk4h26w8z247c9wykp2198s1ksmxrai3avyz87wf";
+    url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz";
+    sha256 = "1k1my3n1pj30c5887spykcdk1brgxfpxmrz6frxjyhaijxzx20bg";
   };
 
-  NIX_LDFLAGS = "-lsepol";
-
   makeFlags = "PREFIX=$(out) DESTDIR=$(out)";
 
+  NIX_CFLAGS_COMPILE = "-fstack-protector-all";
+  NIX_CFLAGS_LINK = "-lsepol";
+
   buildInputs = [ libsepol libselinux ustr bzip2 bison flex ];
 
   meta = with stdenv.lib; {
-    homepage = http://userspace.selinuxproject.org/;
+    inherit (libsepol.meta) homepage platforms maintainers;
     description = "Policy management tools for SELinux";
     license = licenses.lgpl21;
-    maintainers = [ maintainers.phreedom ];
-    platforms = platforms.linux;
   };
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix
index 1751994e3de..d41d1cbe752 100644
--- a/pkgs/os-specific/linux/libsepol/default.nix
+++ b/pkgs/os-specific/linux/libsepol/default.nix
@@ -1,13 +1,24 @@
-{stdenv, fetchurl}:
+{ stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   name = "libsepol-${version}";
-  version = "2.0.42";
+  version = "2.1.8";
+  se_release = "20120924";
+  se_url = "${meta.homepage}/releases";
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz";
-    sha256 = "0sg61mb9qhyh4vplasar6nwd6j123v453zss93qws3h95fhrfc08";
+    url = "${se_url}/${se_release}/libsepol-${version}.tar.gz";
+    sha256 = "1w38q3lmha5m9aps9w844i51yw4b8q1vhpng2kdywn2n8cpdvvk3";
   };
 
   preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
+
+  passthru = { inherit se_release se_url meta; };
+
+  meta = with stdenv.lib; {
+    homepage = http://userspace.selinuxproject.org;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.phreedom ];
+    license = "GPLv2";
+  };
 }
diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix
index b75405b4272..e49525a42bf 100644
--- a/pkgs/os-specific/linux/policycoreutils/default.nix
+++ b/pkgs/os-specific/linux/policycoreutils/default.nix
@@ -1,25 +1,39 @@
-{ stdenv, fetchurl, libsepol, libselinux }:
+{ stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup
+, libsepol, libselinux, libsemanage
+, python, sepolgen }:
 stdenv.mkDerivation rec {
 
   name = "policycoreutils-${version}";
-  version = "2.0.85";
+  version = "2.1.13";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = http://userspace.selinuxproject.org/releases/20101221/devel/policycoreutils-2.0.85.tar.gz;
-    sha256 = "01q5ifacg24k9jdz85j9m17ps2l1p7abvh8pzy6qz55y68rycifb";
+    url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz";
+    sha256 = "1145nbpwndmhma08vvj1j75bjd8xhjal0vjpazlrw78iyc30y11l";
   };
 
-  buildInputs = [ libsepol libselinux ];
+  patchPhase = ''
+    substituteInPlace po/Makefile --replace /usr/bin/install install
+  '';
 
-  NIX_LDFLAGS = "-lsepol";
+  buildInputs = [ intltool pcre libcap_ng libcgroup
+    libsepol libselinux  libsemanage
+    python sepolgen # ToDo? these are optional
+  ];
 
-  makeFlags = "LOCALEDIR=$(out)/share/locale";
+  preBuild = ''
+    mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib"
+  '';
+
+  NIX_CFLAGS_COMPILE = "-fstack-protector-all";
+  NIX_LDFLAGS = "-lsepol -lpcre";
+
+  makeFlags = "PREFIX=$(out) DESTDIR=$(out) LOCALEDIR=$(out)/share/locale";
 
   meta = with stdenv.lib; {
-    homepage = http://userspace.selinuxproject.org/;
     description = "SELinux policy core utilities";
     license = licenses.gpl2;
-    maintainers = [ maintainers.phreedom ];
-    platforms = platforms.linux;
+    inherit (libsepol.meta) homepage platforms maintainers;
   };
-}
\ No newline at end of file
+}
+
diff --git a/pkgs/os-specific/linux/sepolgen/default.nix b/pkgs/os-specific/linux/sepolgen/default.nix
new file mode 100644
index 00000000000..7139ec98c28
--- /dev/null
+++ b/pkgs/os-specific/linux/sepolgen/default.nix
@@ -0,0 +1,22 @@
+{ stdenv, fetchurl, libsepol, python }:
+
+stdenv.mkDerivation rec {
+  name = "sepolgen-${version}";
+  version = "1.1.8";
+  inherit (libsepol) se_release se_url;
+
+  src = fetchurl {
+    url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz";
+    sha256 = "1sssc9d4wz7l23yczlzplsmdr891sqr9w34ccn1bfwlnc4q63xdm";
+  };
+
+  makeFlags = "PREFIX=$(out) DESTDIR=$(out) PYTHONLIBDIR=lib/${python.libPrefix}/site-packages";
+
+  buildInputs = [ python ];
+
+  meta = with stdenv.lib; {
+    inherit (libsepol.meta) homepage platforms maintainers;
+    description = "SELinux policy generation library";
+    license = licenses.gpl2;
+  };
+}
-- 
cgit 1.4.1