pkgs/by-name/se/selinux-python/package.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / by-name / se / selinux-python / package.nix
at master 111 lines 3.1 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchurl,
  5  python3,
  6  gettext,
  7  libselinux,
  8  libsemanage,
  9  libsepol,
 10  setools,
 11}:
 12
 13let
 14  selinuxPython3 = python3.withPackages (
 15    ps: with ps; [
 16      pip
 17      setuptools
 18    ]
 19  );
 20in
 21stdenv.mkDerivation (finalAttrs: {
 22  pname = "selinux-python";
 23  version = "3.8.1";
 24
 25  inherit (libsepol) se_url;
 26
 27  src = fetchurl {
 28    url = "${finalAttrs.se_url}/${finalAttrs.version}/selinux-python-${finalAttrs.version}.tar.gz";
 29    hash = "sha256-dJAlv6SqDgCb8//EVdVloY1Ntxz+eWvkQFghcXIGwlo=";
 30  };
 31
 32  strictDeps = true;
 33
 34  nativeBuildInputs = [
 35    selinuxPython3
 36    python3.pkgs.wrapPython
 37    gettext
 38  ];
 39
 40  buildInputs = [
 41    python3
 42    libsepol
 43    libselinux
 44  ];
 45
 46  pythonPath = [
 47    python3.pkgs.libselinux.py
 48    libsemanage.py
 49    setools
 50  ];
 51
 52  postPatch = ''
 53    # We would like to disable build isolation so we use the provided setuptools (this is part of a `pip install` command)
 54    substituteInPlace sepolicy/Makefile --replace-fail 'echo --root' 'echo --no-build-isolation --root'
 55
 56    # Replace hardcoded paths.
 57    substituteInPlace sepolgen/src/share/Makefile --replace-fail "/var/lib/sepolgen" \
 58                                                            '$(PREFIX)/var/lib/sepolgen'
 59    substituteInPlace po/Makefile --replace-fail "/usr/bin/install" "install"
 60  '';
 61
 62  makeFlags = [
 63    "PREFIX=$(out)"
 64    # This makes pip successfully install it (note the test -n "$(DESTDIR)" nonsense)
 65    # https://github.com/SELinuxProject/selinux/blob/d1e3170556e1023e07b3c071ce89543ead6ba6f8/python/sepolicy/Makefile#L30
 66    "DESTDIR=/"
 67    "LOCALEDIR=$(out)/share/locale"
 68    "BASHCOMPLETIONDIR=$(out)/share/bash-completion/completions"
 69    "PYTHON=python"
 70    "PYTHONLIBDIR=$(out)/${python3.sitePackages}"
 71    "LIBSEPOLA=${lib.getLib libsepol}/lib/libsepol.a"
 72  ];
 73
 74  preFixup = ''
 75    patchShebangs --host $out/bin/*
 76  '';
 77
 78  postFixup = ''
 79    wrapPythonPrograms
 80  '';
 81
 82  doInstallCheck = true;
 83
 84  installCheckPhase = ''
 85    # Version hasn't changed in 17 years, if it suddenly does these tests deserve to break
 86    $out/bin/audit2allow --version | grep -Fm1 'audit2allow .1'
 87    $out/bin/audit2why --version | grep -Fm1 'audit2allow .1'
 88    $out/bin/sepolgen-ifgen --version | grep -Fm1 'sepolgen-ifgen .1'
 89
 90    # "chcat: Requires a mls enabled system" or help, which includes chcat
 91    { $out/bin/chcat --help || true; } | grep -Fm1 'chcat'
 92
 93    $out/bin/semanage --help | grep -Fm1 'semanage'
 94    $out/bin/sepolgen --help | grep -Fm1 'sepolicy'
 95    $out/bin/sepolicy --help | grep -Fm1 'sepolicy'
 96
 97    # Should at least run, even if we can't provide it a policy file and need to provide /dev/zero
 98    { $out/bin/sepolgen-ifgen-attr-helper test /dev/null 2>&1 || true; } | grep -Fm1 'error(s) encountered' >/dev/null
 99  '';
100
101  meta = with lib; {
102    description = "SELinux policy core utilities written in Python";
103    license = licenses.gpl2Plus;
104    homepage = "https://selinuxproject.org";
105    maintainers = with lib.maintainers; [
106      RossComputerGuy
107      numinit
108    ];
109    platforms = platforms.linux;
110  };
111})