pkgs/os-specific/linux/policycoreutils/default.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / policycoreutils / default.nix
at 18.03-beta 68 lines 2.1 kB view raw
 1{ stdenv, fetchurl, pythonPackages, gettext
 2, setools, libsepol, libselinux, libcap_ng, libsemanage, sepolgen
 3}:
 4
 5stdenv.mkDerivation rec {
 6  name = "policycoreutils-${version}";
 7  version = "2.4";
 8  inherit (libsepol) se_release se_url;
 9
10  src = fetchurl {
11    url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz";
12    sha256 = "0y9l9k60iy21hj0lcvfdfxs1fxydg6d3pxp9rhy7hwr4y5vgh6dq";
13  };
14
15  patches = [ ./fix-printf-type.patch ];
16
17  postPatch = ''
18    # Fix references to libsepol.a
19    find . -name Makefile -exec sed -i 's,[^ ]*/libsepol.a,${libsepol}/lib/libsepol.a,g' {} \;
20
21    # Fix install references
22    substituteInPlace po/Makefile --replace /usr/bin/install install
23
24    # Fix references to /usr/share
25    grep -r '/usr/share' | awk -F: '{print $1}' | xargs sed -i "s,\(\$(DESTDIR)\)*/usr/share,$out/share,g"
26
27    # Fix sepolicy install
28    sed -i "s,\(setup.py install\).*,\1 --prefix=$out,g" sepolicy/Makefile
29
30    # Fix setuid install
31    sed -i 's|-m 4755|-m 755|' sandbox/Makefile
32  '';
33
34  nativeBuildInputs = [ pythonPackages.python gettext ];
35  buildInputs = [ setools libsepol libselinux libcap_ng libsemanage ];
36  pythonPath = [ libselinux sepolgen ];
37
38  preBuild = ''
39    makeFlagsArray+=("PREFIX=$out")
40    makeFlagsArray+=("DESTDIR=$out")
41  '';
42
43  # Creation of the system-config-selinux directory is broken
44  preInstall = ''
45    mkdir -p $out/share/system-config-selinux
46  '';
47
48  # Fix the python scripts to include paths to libraries
49  # NOTE: We are not using wrapPythonPrograms or makeWrapper as these scripts
50  # purge the environment as a security measure
51  postInstall = ''
52    grep -r '#!.*python' $out/bin | awk -F: '{print $1}' | xargs sed -i "1a \
53    import sys; \
54    sys.path.append('$(toPythonPath "$out")'); \
55    ${stdenv.lib.flip stdenv.lib.concatMapStrings pythonPath (lib: ''
56      sys.path.append('$(toPythonPath "${lib}")'); \
57    '')}"
58  '';
59
60  NIX_CFLAGS_COMPILE = "-fstack-protector-all";
61
62  meta = with stdenv.lib; {
63    description = "SELinux policy core utilities";
64    license = licenses.gpl2;
65    inherit (libsepol.meta) homepage platforms maintainers;
66  };
67}
68