selinux-python: Update to 3.5, reorganize package

* Added packages: * python3-seobject Contains the seobject.py library file which was previously included in selinux-semanage * selinux-sepolicy Contains the sepolicy and sepolgen tools which were previously included in python3-sepolicy * selinux-sepolgen-ifgen Contains the sepolgen-ifgen tool which was previously included in selinux-audit2allow * selinux-python A meta-package to install all tools * Change the python3-sepolgen data_dir from /usr/share/sepolgen to /etc/sepolgen (updated 0001-sepolgen-adjust-data_dir.patch), and add the directory to conffiles By default, the sepolgen-ifgen tool writes to a file named "interface_info" in the data directory, to be read by the audit2allow tool. The header comment in the perm_map file also suggests that the file is customizable. The best place for these files would be in /var/lib, but /etc is more appropriate than /usr. * Remove gui files from python3-sepolicy (0003-sepolicy-no-gui.patch) * Fix ModuleNotFoundError raised by sepolicy (0004-sepolicy-fix-get_os_version-except.patch) Patch has been submitted upstream: https://lore.kernel.org/selinux/20230619063217.3165462-1-jeffery.to@gmail.com/ * Update package titles, descriptions, and dependencies * Use Py3Package to build Python bytecode and source packages Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2023-06-09 12:41:13 +08:00 · 2023-06-09 12:41:13 +08:00 · 6bd71dac0c
parent 61e79aad69
commit 6bd71dac0c
5 changed files with 235 additions and 40 deletions
--- a/utils/selinux-python/Makefile
+++ b/utils/selinux-python/Makefile
@ -6,18 +6,20 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=selinux-python
-PKG_VERSION:=3.2
-PKG_RELEASE:=3
+PKG_VERSION:=3.5
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
-PKG_HASH:=770855ea8120ef23007fdb9db94b1ed6e8cd77917b584ed8877bbee9c16e74fb
+PKG_HASH:=8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b

 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 PKG_LICENSE:=GPL-2.0-only
-PKG_LICENSE_FILES:=COPYING
-PYTHON3_PKG_BUILD:=0
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
+PYTHON3_PKG_BUILD:=0

 include $(INCLUDE_DIR)/package.mk
 include ../../lang/python/python3-package.mk
@ -28,7 +30,7 @@ include ../../lang/python/python3-package.mk

 define Package/selinux-python/Default
  URL:=http://selinuxproject.org/page/Main_Page
-  DEPENDS:=+python3
+  DEPENDS:=+python3-light
 endef

 define Package/selinux-python/Default/python
@ -36,48 +38,78 @@ $(call Package/selinux-python/Default)
  SUBMENU:=Python
  SECTION:=lang
  CATEGORY:=Languages
-  DEPENDS:=
 endef

 define Package/selinux-python/Default/util
 $(call Package/selinux-python/Default)
  SECTION:=utils
  CATEGORY:=Utilities
+  TITLE:=SELinux management utility
 endef

 define Package/selinux-python/Default/description
-	A set of SELinux tools written in python that help with
-	managing a system with SELinux enabled.
+A set of SELinux tools written in Python that help with managing a
+system with SELinux enabled.
 endef

 MAKE_VARS = \
-	PYTHON=$(HOST_PYTHON3_BIN) \
-	PYTHONLIBDIR=$(PYTHON3_PKG_DIR) \
-	$(PYTHON3_VARS)
+	$(PYTHON3_VARS) \
+	$(HOST_PYTHON3_PIP_VARS) \
+	PYTHON_SETUP_ARGS=--no-compile

 define Build/Compile
 	$(call Build/Compile/Default,all)
 endef

+#
+# python3-seobject
+#
+
+define Package/python3-seobject
+$(call Package/selinux-python/Default/python)
+  TITLE:=SELinux seobject library
+  DEPENDS+= +python3-selinux +python3-semanage +python3-sepolicy +python3-setools
+endef
+
+define Package/python3-seobject/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the seobject library.
+endef
+
+define Py3Package/python3-seobject/filespec
+|$(PYTHON3_PKG_DIR)/seobject.py
+endef
+
+Py3Package/python3-seobject/install:=:
+
 #
 # python3-sepolgen
 #

 define Package/python3-sepolgen
 $(call Package/selinux-python/Default/python)
-  TITLE:=python3-sepolgen
+  TITLE:=SELinux policy generation library
+  DEPENDS+= +python3-selinux
 endef

 define Package/python3-sepolgen/description
 $(call Package/selinux-python/Default/description)
-  This package contains the sepolgen Python library.
+
+This package contains the SELinux policy generation Python library.
 endef

-define Package/python3-sepolgen/install
-	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install
-	$(INSTALL_DIR) $(1)/usr/share/sepolgen/
-	$(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map
-	$(RM) -rf $(1)/var
+define Package/python3-sepolgen/conffiles
+/etc/sepolgen/
+endef
+
+define Py3Package/python3-sepolgen/filespec
+|$(PYTHON3_PKG_DIR)/sepolgen
+endef
+
+define Py3Package/python3-sepolgen/install
+	$(INSTALL_DIR) $(1)/etc/sepolgen
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/var/lib/sepolgen/perm_map $(1)/etc/sepolgen/
 endef

 #
@ -86,37 +118,45 @@ endef

 define Package/python3-sepolicy
 $(call Package/selinux-python/Default/python)
-  TITLE:=python3-sepolicy
+  TITLE:=SELinux Policy Analyses binding
+  DEPENDS+= +python3-selinux +python3-sepolgen +python3-xml +python3-setools
 endef

 define Package/python3-sepolicy/description
 $(call Package/selinux-python/Default/description)
-  This package contains the sepolicy Python library.
+
+This package contains a Python binding for SELinux Policy Analyses.
 endef

-define Package/python3-sepolicy/install
-	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install
-	rm -rf $(1)/usr/share
+define Py3Package/python3-sepolicy/filespec
+|$(PYTHON3_PKG_DIR)/sepolicy
+-|$(PYTHON3_PKG_DIR)/sepolicy/gui.py
+-|$(PYTHON3_PKG_DIR)/sepolicy/sedbus.py
+|$(PYTHON3_PKG_DIR)/sepolicy-$(PKG_VERSION).dist-info
 endef

+Py3Package/python3-sepolicy/install:=:
+
 #
 # selinux-audit2allow
 #

 define Package/selinux-audit2allow
 $(call Package/selinux-python/Default/util)
-  TITLE:=selinux-audit2allow
-  DEPENDS+= +python3-selinux +python3-sepolgen +libselinux +libsepol
+  TITLE+= audit2allow
+  DEPENDS+= +python3-selinux +python3-sepolgen
 endef

 define Package/selinux-audit2allow/description
 $(call Package/selinux-python/Default/description)
-  This package contains the audit2allow and audit2why tools.
+
+This package contains the audit2allow and audit2why tools.
 endef

 define Package/selinux-audit2allow/install
-	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/audit2allow DESTDIR=$(1) install
-	rm -rf $(1)/usr/share/man
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/audit2allow $(1)/usr/bin/
+	$(LN) audit2allow $(1)/usr/bin/audit2why
 endef

 #
@ -125,42 +165,125 @@ endef

 define Package/selinux-chcat
 $(call Package/selinux-python/Default/util)
-  TITLE:=selinux-chcat
-  DEPENDS+= +python3-selinux
+  TITLE+= chcat
+  DEPENDS+= +python3-selinux +python3-seobject +selinux-semanage
 endef

 define Package/selinux-chcat/description
 $(call Package/selinux-python/Default/description)
-  This package contains the chcat tool.
+
+This package contains the chcat tool.
 endef

 define Package/selinux-chcat/install
-	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/chcat DESTDIR=$(1) install
-	rm -rf $(1)/usr/share
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/chcat $(1)/usr/bin/
 endef

+#
+# selinux-python
+#
+
+define Package/selinux-python
+$(call Package/selinux-python/Default/util)
+  TITLE+= meta-package
+  DEPENDS:= \
+    +selinux-audit2allow \
+    +selinux-chcat \
+    +selinux-semanage \
+    +selinux-sepolgen-ifgen \
+    +selinux-sepolicy
+endef
+
+define Package/selinux-python/description
+$(call Package/selinux-python/Default/description)
+
+This is a meta-package that installs all of the SELinux management
+utilities.
+endef
+
+Package/selinux-python/install:=:
+
 #
 # selinux-semanage
 #

 define Package/selinux-semanage
 $(call Package/selinux-python/Default/util)
-  TITLE:=selinux-semanage
-  DEPENDS+= +python3-selinux +python3-sepolicy +python3-semanage +setools
+  TITLE+= semanage
+  DEPENDS+= +python3-seobject
 endef

 define Package/selinux-semanage/description
 $(call Package/selinux-python/Default/description)
-  This package contains the semanage tool.
+
+This package contains the semanage tool.
 endef

 define Package/selinux-semanage/install
-	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/semanage DESTDIR=$(1) install
-	rm -rf $(1)/usr/share
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/semanage $(1)/usr/sbin/
 endef

+#
+# selinux-sepolgen-ifgen
+#
+
+define Package/selinux-sepolgen-ifgen
+$(call Package/selinux-python/Default/util)
+  TITLE+= sepolgen-ifgen
+  DEPENDS+= +python3-selinux +python3-sepolgen +libselinux
+endef
+
+define Package/selinux-sepolgen-iften/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the sepolgen-ifgen tool.
+endef
+
+define Package/selinux-sepolgen-ifgen/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolgen-ifgen-attr-helper $(1)/usr/bin/
+endef
+
+#
+# selinux-sepolicy
+#
+
+define Package/selinux-sepolicy
+$(call Package/selinux-python/Default/util)
+  TITLE+= sepolicy
+  DEPENDS+= +python3-multiprocessing +python3-selinux +python3-sepolicy
+endef
+
+define Package/selinux-sepolicy/description
+$(call Package/selinux-python/Default/description)
+
+This package contains the sepolicy and sepolgen tools.
+endef
+
+define Package/selinux-sepolicy/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sepolicy $(1)/usr/bin/
+	$(LN) sepolicy $(1)/usr/bin/sepolgen
+endef
+
+$(eval $(call Py3Package,python3-seobject))
+$(eval $(call Py3Package,python3-sepolgen))
+$(eval $(call Py3Package,python3-sepolicy))
+
+$(eval $(call BuildPackage,python3-seobject))
 $(eval $(call BuildPackage,python3-sepolgen))
 $(eval $(call BuildPackage,python3-sepolicy))
+
+$(eval $(call BuildPackage,python3-seobject-src))
+$(eval $(call BuildPackage,python3-sepolgen-src))
+$(eval $(call BuildPackage,python3-sepolicy-src))
+
 $(eval $(call BuildPackage,selinux-audit2allow))
 $(eval $(call BuildPackage,selinux-chcat))
+$(eval $(call BuildPackage,selinux-python))
 $(eval $(call BuildPackage,selinux-semanage))
+$(eval $(call BuildPackage,selinux-sepolgen-ifgen))
+$(eval $(call BuildPackage,selinux-sepolicy))
--- a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
+++ b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch
@ -4,6 +4,8 @@ Date: Wed, 2 Oct 2019 12:04:24 +0200
 Subject: [PATCH] sepolgen: adjust data_dir()

 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+(changed data_dir prefix from /usr/share to /etc)
+Signed-off-by: Jeffery To <jeffery.to@gmail.com>
 ---
 sepolgen/src/sepolgen/defaults.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
@ -15,7 +17,7 @@ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 
 def data_dir():
 -    return "/var/lib/sepolgen"
-+    return "/usr/share/sepolgen"
+    return "/etc/sepolgen"
 
 def perm_map():
     return data_dir() + "/perm_map"
--- a/utils/selinux-python/patches/0003-sepolicy-no-gui.patch
+++ b/utils/selinux-python/patches/0003-sepolicy-no-gui.patch
@ -0,0 +1,23 @@
+--- a/sepolicy/sepolicy.py
+++ b/sepolicy/sepolicy.py
+@@ -685,7 +685,6 @@ if __name__ == '__main__':
+     gen_booleans_args(subparsers)
+     gen_communicate_args(subparsers)
+     gen_generate_args(subparsers)
+-    gen_gui_args(subparsers)
+     gen_interface_args(subparsers)
+     gen_manpage_args(subparsers)
+     gen_network_args(subparsers)
+--- a/sepolicy/setup.py
+++ b/sepolicy/setup.py
+@@ -13,10 +13,5 @@ setup(
+     packages=[
+         "sepolicy",
+         "sepolicy.templates",
+-        "sepolicy.help"
+     ],
+-    package_data={
+-        'sepolicy': ['*.glade'],
+-        'sepolicy.help': ['*.txt', '*.png']
+-    }
+ )
--- a/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch
+++ b/utils/selinux-python/patches/0004-sepolicy-fix-get_os_version-except.patch
@ -0,0 +1,39 @@
+commit 80ba6c49dec9c2c48775e70a4d4564ba5e59eea1
+Author: Jeffery To <jeffery.to@gmail.com>
+Date:   Mon Jun 19 14:15:45 2023 +0800
+
+    python/sepolicy: Fix get_os_version except clause
+    
+    This adds more exceptions to be handled by the except clause in
+    `get_os_version()`:
+    
+    * If the `distro` package is not installed, then `import distro` raises
+      a `ModuleNotFoundError` exception.
+    
+    * The distro documentation[1] lists `OSError` and `UnicodeError` as
+      exceptions that can be raised.
+    
+    * Older versions of distro (<= 1.6.0) may also raise
+      `subprocessCalledProcessError`[2].
+    
+    [1]: https://github.com/python-distro/distro/blob/v1.8.0/src/distro/distro.py#L749-L753
+    [2]: https://github.com/python-distro/distro/blob/v1.6.0/distro.py#L726-L728
+    
+    Signed-off-by: Jeffery To <jeffery.to@gmail.com>
+
+--- a/sepolicy/sepolicy/__init__.py
+++ b/sepolicy/sepolicy/__init__.py
+@@ -1240,11 +1240,12 @@ def boolean_desc(boolean):
+ 
+ 
+ def get_os_version():
+    import subprocess
+     system_release = ""
+     try:
+         import distro
+         system_release = distro.name(pretty=True)
+-    except IOError:
+    except (ModuleNotFoundError, OSError, IOError, UnicodeError, subprocess.CalledProcessError):
+         system_release = "Misc"
+ 
+     return system_release
--- a/utils/selinux-python/patches/0005-no-translations.patch
+++ b/utils/selinux-python/patches/0005-no-translations.patch
@ -0,0 +1,8 @@
+--- a/Makefile
+++ b/Makefile
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
+ 
+ all install relabel clean indent test:
+ 	@for subdir in $(SUBDIRS); do \