rpi/domo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Bump buidlroot version to 2018.02.6

Browse Source
This commit is contained in:
jbnadal
2018-10-22 14:55:59 +02:00
parent 222960cedb
commit bec94fdb63
6150 changed files with 84803 additions and 117446 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
bsp/buildroot/package/setools/0001-cross-compile-fixes.patch
View File

@@ -1,125 +0,0 @@
Correct build issues to enable cross compiling. These changes require the
package to be auto reconfigured.
These updates were not upsteamed as the 3.3.x version has stablized and they
were only taking bug fixes. Also the 4.0 preview has completely reworked
the build infrastructure which will require this to be revisited.
Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
diff -urN a/configure.ac b/configure.ac
--- a/configure.ac 2013-01-16 10:36:24.000000000 -0600
+++ b/configure.ac 2013-07-12 08:22:10.380255248 -0500
@@ -448,8 +448,9 @@
sepol_srcdir="")
if test "x${sepol_srcdir}" = "x"; then
sepol_srcdir=${sepol_devel_libdir}
- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
- AC_MSG_ERROR([make sure libsepol-static is installed]))
+ if test ! -f ${sepol_srcdir}/libsepol.a; then
+ AC_MSG_ERROR([could not find precompiled libsepol.a])
+ fi
else
AC_MSG_CHECKING([for compatible sepol source tree])
sepol_version=${sepol_srcdir}/VERSION
@@ -484,8 +485,9 @@
AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
CFLAGS="${sepol_src_save_CFLAGS}"
CPPFLAGS="${sepol_src_save_CPPFLAGS}"
- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
- AC_MSG_ERROR([could not find precompiled libsepol.a]))
+ if test ! -f ${sepol_srcdir}/libsepol.a; then
+ AC_MSG_ERROR([could not find precompiled libsepol.a])
+ fi
sepol_devel_incdir="${sepol_srcdir}/../include"
fi
SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
@@ -578,12 +580,13 @@
[AC_LANG_SOURCE([
#include <sepol/policydb/expand.h>
int main () {
- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
}])],
AC_MSG_RESULT([yes]),
AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
fi
sepol_new_expand_boolmap="yes"
+ sepol_new_user_role_mapping="yes"
else
sepol_new_expand_boolmap="no"
fi
@@ -607,7 +610,8 @@
exit(EXIT_FAILURE);
}])],
sepol_policy_version_max=`cat conftest.data`,
- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
+ AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
+ sepol_policy_version_max="26")
AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
CFLAGS="${sepol_save_CFLAGS}"
CPPFLAGS="${sepol_save_CPPFLAGS}"
@@ -631,7 +635,7 @@
changequote([,])dnl
selinux_save_CFLAGS="${CFLAGS}"
CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
- gcc ${CFLAGS} -o conftest conftest.c >&5
+ ${CC} ${CFLAGS} -o conftest conftest.c >&5
selinux_policy_dir=`./conftest`
AC_MSG_RESULT(${selinux_policy_dir})
CFLAGS="${selinux_save_CFLAGS}"
diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
--- a/libqpol/src/policy_define.c 2013-01-16 10:36:24.000000000 -0600
+++ b/libqpol/src/policy_define.c 2013-07-12 08:22:10.380255248 -0500
@@ -2135,7 +2135,7 @@
#ifdef HAVE_SEPOL_ROLE_ATTRS
if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
#elif HAVE_SEPOL_USER_ROLE_MAPPING
- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
#else
if (role_set_expand(&roles, &e_roles, policydbp))
#endif
diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
--- a/m4/ac_python_devel.m4 2013-01-16 10:36:22.000000000 -0600
+++ b/m4/ac_python_devel.m4 2013-07-12 08:22:10.380255248 -0500
@@ -234,7 +234,7 @@
AC_MSG_CHECKING([consistency of all components of python development environment])
AC_LANG_PUSH([C])
# save current global flags
- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
AC_TRY_LINK([
#include <Python.h>
diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
--- a/python/setools/Makefile.am 2013-01-16 10:36:22.000000000 -0600
+++ b/python/setools/Makefile.am 2013-07-12 08:22:19.200251011 -0500
@@ -22,13 +22,13 @@
python-build: sesearch.c seinfo.c
@mkdir -p setools
@cp __init__.py setools
- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
+ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
install-exec-hook:
- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
uninstall-hook:
- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
clean-local:
$(PYTHON) setup.py clean -a
--- a/python/setools/setup.py 2013-01-16 10:36:22.000000000 -0600
+++ b/python/setools/setup.py 2013-09-04 09:17:48.452916991 -0500
@@ -8,7 +8,7 @@
try:
inc=os.getenv("INCLUDES").split(" ")
INCLUDES=map(lambda x: x[2:], inc)
- LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
+ LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
except:
INCLUDES=""
LIBDIRS=""

29
bsp/buildroot/package/setools/0001-remove-werror-flag-from-setup.patch Normal file
View File

@@ -0,0 +1,29 @@
From b2fe84bfd00117d4897f1f2e8f83d3410eb188b8 Mon Sep 17 00:00:00 2001
From: Adam Duskett <Adamduskett@outlook.com>
Date: Thu, 12 Oct 2017 22:04:58 -0400
Subject: [PATCH] remove werror flag from setup
Compilers older than gcc6 will generate uninitialized variable warnings which
will cause compiling to fail.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 2ca44c9..9319bf6 100644
--- a/setup.py
+++ b/setup.py
@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
'libqpol/policy_scan.c',
'libqpol/xen_query.c'],
include_dirs=include_dirs,
- extra_compile_args=['-Werror', '-Wextra',
+ extra_compile_args=['-Wextra',
'-Waggregate-return',
'-Wfloat-equal',
'-Wformat', '-Wformat=2',
--
2.13.6

142
bsp/buildroot/package/setools/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Normal file
View File

@@ -0,0 +1,142 @@
From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 23 Feb 2017 08:17:07 +0100
Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
setools.DomainTransitionAnalysis
dta and infoflow modules require networkx which brings lot of dependencies.
These dependencies are not necessary for setools module itself as it's
used in policycoreutils.
Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
setools.dta.DomainTransitionAnalysis and let the package containing
sedta and seinfoflow to require python3-networkx
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
sedta | 3 ++-
seinfoflow | 3 ++-
setools/__init__.py | 4 ++--
setoolsgui/apol/dta.py | 2 +-
setoolsgui/apol/infoflow.py | 2 +-
tests/dta.py | 3 ++-
tests/infoflow.py | 3 ++-
7 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/sedta b/sedta
index 1c76ebb..255ad49 100755
--- a/sedta
+++ b/sedta
@@ -23,6 +23,7 @@ import argparse
import logging
import setools
+import setools.dta
def print_transition(trans):
@@ -111,7 +112,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/seinfoflow b/seinfoflow
index b287921..d53bdef 100755
--- a/seinfoflow
+++ b/seinfoflow
@@ -19,6 +19,7 @@
from __future__ import print_function
import setools
+import setools.infoflow
import argparse
import sys
import logging
@@ -79,7 +80,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
m = setools.PermissionMap(args.map)
- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/setools/__init__.py b/setools/__init__.py
index a84c846..a53c5a7 100644
--- a/setools/__init__.py
+++ b/setools/__init__.py
@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
from .devicetreeconquery import DevicetreeconQuery
# Information Flow Analysis
-from .infoflow import InfoFlowAnalysis
+# from .infoflow import InfoFlowAnalysis
from .permmap import PermissionMap
# Domain Transition Analysis
-from .dta import DomainTransitionAnalysis
+# from .dta import DomainTransitionAnalysis
# Policy difference
from .diff import PolicyDifference
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
index 0aaf13f..5b1ea20 100644
--- a/setoolsgui/apol/dta.py
+++ b/setoolsgui/apol/dta.py
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import DomainTransitionAnalysis
+from setools.dta import DomainTransitionAnalysis
from ..logtosignal import LogHandlerToSignal
from .analysistab import AnalysisTab
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
index 1ae16de..fdf8f7b 100644
--- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py
@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
-from setools import InfoFlowAnalysis
+from setools.infoflow import InfoFlowAnalysis
from setools.exception import UnmappedClass, UnmappedPermission
from ..logtosignal import LogHandlerToSignal
diff --git a/tests/dta.py b/tests/dta.py
index 32b9271..2bdd052 100644
--- a/tests/dta.py
+++ b/tests/dta.py
@@ -17,7 +17,8 @@
#
import unittest
-from setools import SELinuxPolicy, DomainTransitionAnalysis
+from setools import SELinuxPolicy
+from setools.dta import DomainTransitionAnalysis
from setools import TERuletype as TERT
from setools.policyrep.exception import InvalidType
from setools.policyrep.typeattr import Type
diff --git a/tests/infoflow.py b/tests/infoflow.py
index 7751dda..a21c683 100644
--- a/tests/infoflow.py
+++ b/tests/infoflow.py
@@ -17,7 +17,8 @@
#
import unittest
-from setools import SELinuxPolicy, InfoFlowAnalysis
+from setools import SELinuxPolicy
+from setools.infoflow import InfoFlowAnalysis
from setools import TERuletype as TERT
from setools.permmap import PermissionMap
from setools.policyrep.exception import InvalidType
--
2.9.3

25
bsp/buildroot/package/setools/0002-move-python-check.patch
View File

@@ -1,25 +0,0 @@
Correct a build issue that occurs when python is not found
in the path. This check should only be done if swig-python
option is selected.
Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
--- a/configure.ac 2015-05-15 12:28:07.566060349 -0500
+++ b/configure.ac 2015-05-28 15:07:25.357072800 -0500
@@ -217,8 +217,6 @@
do_swigify=yes
fi
-AM_PATH_PYTHON(2.7)
-
AC_ARG_ENABLE(swig-python,
AC_HELP_STRING([--enable-swig-python],
[build SWIG interfaces for Python]),
@@ -227,6 +225,7 @@
if test ${do_swigify} = no; then
AC_PROG_SWIG(2.0.0)
fi
+ AM_PATH_PYTHON(2.7)
SWIG_PYTHON
do_swigify_python=yes
do_swigify=yes

90
bsp/buildroot/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
View File

@@ -1,90 +0,0 @@
setools: Add patch to support 2.4 toolstack.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
URL: https://github.com/flihp/meta-selinux/commit/e09eaef7a9acb552a4a5e1f90117154ae06b6fda
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
index fad6b60..231962f 100644
--- a/libqpol/src/policy_define.c
+++ b/libqpol/src/policy_define.c
@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
return -1;
}
class_perm_node_init(perm);
- perm->class = i + 1;
+ perm->tclass = i + 1;
perm->data = datum->s.value;
perm->next = avrule->perms;
avrule->perms = perm;
@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
goto out;
}
class_perm_node_init(cur_perms);
- cur_perms->class = i + 1;
+ cur_perms->tclass = i + 1;
if (!perms)
perms = cur_perms;
if (tail)
diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
index 5325a87..1417271 100644
--- a/libqpol/src/policy_extend.c
+++ b/libqpol/src/policy_extend.c
@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
for (class_node = rule->perms; class_node; class_node = class_node->next) {
key.rule_type = rule->specified;
key.source_val = key.target_val = i + 1;
- key.class_val = class_node->class;
+ key.class_val = class_node->tclass;
key.cond = cond;
if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
goto err;
@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
key.rule_type = rule->specified;
key.source_val = i + 1;
key.target_val = j + 1;
- key.class_val = class_node->class;
+ key.class_val = class_node->tclass;
key.cond = cond;
if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
goto err;
diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
index 3e63204..d7578f1 100644
--- a/libqpol/src/syn_rule_query.c
+++ b/libqpol/src/syn_rule_query.c
@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
return NULL;
}
- return db->class_val_to_struct[srcs->cur->class - 1];
+ return db->class_val_to_struct[srcs->cur->tclass - 1];
}
static int syn_rule_class_state_next(qpol_iterator_t * iter)
@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
}
for (node = internal_rule->perms; node; node = node->next) {
- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
if (!(node->data & (1 << i)))
continue;
- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
if (tmp) {
tmp++; /* remove prepended space */
for (cur = 0; cur < perm_list_sz; cur++)
diff --git a/secmds/replcon.cc b/secmds/replcon.cc
index 34f7c1a..307c39f 100644
--- a/secmds/replcon.cc
+++ b/secmds/replcon.cc
@@ -60,7 +60,7 @@ static struct option const longopts[] = {
{NULL, 0, NULL, 0}
};
-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
/**
* As that setools must work with older libselinux versions that may

39
bsp/buildroot/package/setools/Config.in
View File

@@ -1,36 +1,27 @@
config BR2_PACKAGE_SETOOLS
bool "setools"
select BR2_PACKAGE_LIBSELINUX
select BR2_PACKAGE_SQLITE
select BR2_PACKAGE_LIBXML2
select BR2_PACKAGE_BZIP2
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_arc # arc: libselinux not available
depends on !BR2_STATIC_LIBS
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_USE_WCHAR
depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
# bfin: infamous _ symbol prefix issue
# nios2: triggers some toolchain issue "No symbol version
# section for versioned symbol"
# arc: libselinux not available
depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
depends on BR2_USE_MMU
select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
select BR2_PACKAGE_PYTHON_ENUM34 if !BR2_PACKAGE_PYTHON3
select BR2_PACKAGE_PYTHON_SETUPTOOLS
select BR2_PACKAGE_LIBSELINUX
help
SETools is an open source project designed to facilitate
SELinux policy analysis. The primary tools are:
* apol - analyze a SELinux policy.
* seaudit - analyze audit messages from SELinux.
* seaudit-report - generate highly-customized audit log
reports.
* sechecker - command line tool for performing modular
checks on an SELinux policy.
* apol - analyze a SELinux policy. (requires python-qt5)
* sediff - semantic policy difference tool for SELinux.
* secmds - command-line tools to analyze and search SELinux
policy.
* sedta - Perform domain transition analyses
* sesearch - Search rules (allow, type_transition, etc.)
https://github.com/TresysTechnology/setools3/wiki
https://github.com/TresysTechnology/setools
comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
|| !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP \
|| !BR2_TOOLCHAIN_USES_GLIBC
depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
depends on BR2_USE_MMU && !BR2_arc
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
!BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
!BR2_INSTALL_LIBSTDCPP

7
bsp/buildroot/package/setools/setools.hash
View File

@@ -1,4 +1,7 @@
# From https://github.com/TresysTechnology/setools3/wiki/Download
md5 d68d0d4e4da0f01da0f208782ff04b91 setools-3.3.8.tar.bz2
md5 d68d0d4e4da0f01da0f208782ff04b91 setools-4.1.1.tar.bz2
# Locally computed
sha256 44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999 setools-3.3.8.tar.bz2
sha256 46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610 setools-4.1.1.tar.gz
sha256 2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL

121
bsp/buildroot/package/setools/setools.mk
View File

@@ -4,81 +4,66 @@
#
################################################################################
SETOOLS_VERSION = 3.3.8
SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)
SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2 host-bison host-flex
SETOOLS_VERSION = 4.1.1
SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-flex host-swig
SETOOLS_INSTALL_STAGING = YES
SETOOLS_LICENSE = GPLv2+, LGPLv2.1+
SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
# configure.ac is patched by the cross compile patch,
# so autoreconf is necessary
SETOOLS_AUTORECONF = YES
# Notes: Need "disable-selinux-check" so the configure does not check to see
# if host has selinux enabled.
# No python support as only the libraries and commandline tools are
# installed on target
SETOOLS_CONF_OPTS = \
--disable-debug \
--disable-gui \
--disable-bwidget-check \
--disable-selinux-check \
--disable-swig-java \
--disable-swig-python \
--disable-swig-tcl \
--with-sepol-devel="$(STAGING_DIR)/usr" \
--with-selinux-devel="$(STAGING_DIR)/usr"
ifeq ($(BR2_sparc64):$(BR2_STATIC_LIBS),y:)
SETOOLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -fPIC"
endif
HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
host-libxml2 host-bzip2 host-bison
SETOOLS_SETUP_TYPE = setuptools
HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol
ifeq ($(BR2_PACKAGE_PYTHON3),y)
HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
HOST_SETOOLS_DEPENDENCIES += host-python3
HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
else
HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
HOST_SETOOLS_DEPENDENCIES += host-python
HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
SETOOLS_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
SETOOLS_DEPENDENCIES += python-enum34
endif
HOST_SETOOLS_PYTHON_SITE_PACKAGES = $(HOST_DIR)/usr/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages
HOST_SETOOLS_PYTHON_INCLUDES = $(HOST_DIR)/usr/include/python$(HOST_SETOOLS_PYTHON_VERSION)
HOST_SETOOLS_PYTHON_LIB = -lpython$(HOST_SETOOLS_PYTHON_VERSION)
define SETOOLS_FIX_SETUP
# By default, setup.py will look for libsepol.a in the host machines
# /usr/lib directory. This needs to be changed to the staging directory.
$(SED) "s@base_lib_dirs =.*@base_lib_dirs = ['$(STAGING_DIR)/usr/lib']@g" \
$(@D)/setup.py
endef
SETOOLS_POST_PATCH_HOOKS += SETOOLS_FIX_SETUP
# Notes: Need "disable-selinux-check" so the configure does not check to see
# if host has selinux enabled.
# Host builds with python support to enable tools for offline target
# policy analysis
HOST_SETOOLS_CONF_OPTS = \
--disable-debug \
--disable-gui \
--disable-bwidget-check \
--disable-selinux-check \
--disable-swig-java \
--disable-swig-python \
--disable-swig-tcl \
--with-sepol-devel="$(HOST_DIR)/usr" \
--with-selinux-devel="$(HOST_DIR)/usr" \
PYTHON_LDFLAGS="-L$(HOST_DIR)/usr/lib/" \
PYTHON_CPPFLAGS="-I$(HOST_SETOOLS_PYTHON_INCLUDES)" \
PYTHON_SITE_PKG="$(HOST_SETOOLS_PYTHON_SITE_PACKAGES)" \
PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil $(HOST_SETOOLS_PYTHON_LIB)"
define HOST_SETOOLS_FIX_SETUP
# By default, setup.py will look for libsepol.a in the host machines
# /usr/lib directory. This needs to be changed to the host directory.
$(SED) "s@base_lib_dirs =.*@base_lib_dirs = ['$(HOST_DIR)/lib']@g" \
$(@D)/setup.py
endef
HOST_SETOOLS_POST_PATCH_HOOKS += HOST_SETOOLS_FIX_SETUP
HOST_SETOOLS_CONF_ENV += \
am_cv_pathless_PYTHON=python \
ac_cv_path_PYTHON=$(HOST_DIR)/usr/bin/python \
am_cv_python_platform=linux2 \
am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
# sedta and seinfoflow depend on python-networkx. This package is not
# available in buildroot.
define SETOOLS_REMOVE_BROKEN_SCRIPTS
$(RM) $(TARGET_DIR)/usr/bin/sedta
$(RM) $(TARGET_DIR)/usr/bin/seinfoflow
endef
SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_BROKEN_SCRIPTS
$(eval $(autotools-package))
$(eval $(host-autotools-package))
# apol requires pyqt5. However, the setools installation
# process will install apol even if pyqt5 is missing.
# Remove these scripts from the target it pyqt5 is not selected.
ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
define SETOOLS_REMOVE_QT_SCRIPTS
$(RM) $(TARGET_DIR)/usr/bin/apol
$(RM) -r $(TARGET_DIR)/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
endef
SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
endif
# sedta and seinfoflow depend on python-networkx. This package is not
# available in buildroot. pyqt5 is not a host-package, remove apol
# from the host directory as well.
define HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
$(RM) $(HOST_DIR)/bin/sedta
$(RM) $(HOST_DIR)/bin/seinfoflow
$(RM) $(HOST_DIR)/bin/apol
endef
HOST_SETOOLS_POST_INSTALL_HOOKS += HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
$(eval $(python-package))
$(eval $(host-python-package))