pyrox.dev / nixpkgs
lol
fork atom

selinux-python: 3.3 -> 3.8.1; fix runtime

Morgan Jones 79edf9c8 9de17e0a

+58 -15
unified split
+58 -15
pkgs/by-name/se/selinux-python/package.nix
··· 3 3 stdenv, 4 4 fetchurl, 5 5 python3, 6 + gettext, 6 7 libselinux, 7 8 libsemanage, 8 9 libsepol, 9 10 setools, 10 11 }: 11 12 12 - # this is python3 only because setools only supports python3 13 - stdenv.mkDerivation rec { 13 + let 14 + selinuxPython3 = python3.withPackages ( 15 + ps: with ps; [ 16 + pip 17 + setuptools 18 + ] 19 + ); 20 + in 21 + stdenv.mkDerivation (finalAttrs: { 14 22 pname = "selinux-python"; 15 - version = "3.3"; 23 + version = "3.8.1"; 16 24 17 25 inherit (libsepol) se_url; 18 26 19 27 src = fetchurl { 20 - url = "${se_url}/${version}/selinux-python-${version}.tar.gz"; 21 - sha256 = "1v244hpb45my303793xa4kcn7qnxjgxn4ja7rdn9k1q361hi1nca"; 28 + url = "${finalAttrs.se_url}/${finalAttrs.version}/selinux-python-${finalAttrs.version}.tar.gz"; 29 + hash = "sha256-dJAlv6SqDgCb8//EVdVloY1Ntxz+eWvkQFghcXIGwlo="; 22 30 }; 23 31 24 32 strictDeps = true; 25 33 26 34 nativeBuildInputs = [ 27 - python3 28 - python3.pkgs.distutils 35 + selinuxPython3 29 36 python3.pkgs.wrapPython 37 + gettext 30 38 ]; 31 - buildInputs = [ libsepol ]; 32 - propagatedBuildInputs = [ 39 + 40 + buildInputs = [ 41 + python3 42 + libsepol 33 43 libselinux 34 - libsemanage 44 + ]; 45 + 46 + pythonPath = [ 47 + python3.pkgs.libselinux.py 48 + libsemanage.py 35 49 setools 36 - python3.pkgs.ipy 37 50 ]; 38 51 39 52 postPatch = '' 40 - substituteInPlace sepolicy/Makefile --replace "echo --root" "echo --prefix" 41 - substituteInPlace sepolgen/src/share/Makefile --replace "/var/lib/sepolgen" \ 42 - "\$PREFIX/var/lib/sepolgen" 53 + # We would like to disable build isolation so we use the provided setuptools (this is part of a `pip install` command) 54 + substituteInPlace sepolicy/Makefile --replace-fail 'echo --root' 'echo --no-build-isolation --root' 55 + 56 + # Replace hardcoded paths. 57 + substituteInPlace sepolgen/src/share/Makefile --replace-fail "/var/lib/sepolgen" \ 58 + '$(PREFIX)/var/lib/sepolgen' 59 + substituteInPlace po/Makefile --replace-fail "/usr/bin/install" "install" 43 60 ''; 44 61 45 62 makeFlags = [ 46 63 "PREFIX=$(out)" 64 + # This makes pip successfully install it (note the test -n "$(DESTDIR)" nonsense) 65 + # https://github.com/SELinuxProject/selinux/blob/d1e3170556e1023e07b3c071ce89543ead6ba6f8/python/sepolicy/Makefile#L30 66 + "DESTDIR=/" 47 67 "LOCALEDIR=$(out)/share/locale" 48 68 "BASHCOMPLETIONDIR=$(out)/share/bash-completion/completions" 49 69 "PYTHON=python" ··· 51 71 "LIBSEPOLA=${lib.getLib libsepol}/lib/libsepol.a" 52 72 ]; 53 73 74 + preFixup = '' 75 + patchShebangs --host $out/bin/* 76 + ''; 77 + 54 78 postFixup = '' 55 79 wrapPythonPrograms 56 80 ''; 57 81 82 + doInstallCheck = true; 83 + 84 + installCheckPhase = '' 85 + # Version hasn't changed in 17 years, if it suddenly does these tests deserve to break 86 + $out/bin/audit2allow --version | grep -Fm1 'audit2allow .1' 87 + $out/bin/audit2why --version | grep -Fm1 'audit2allow .1' 88 + $out/bin/sepolgen-ifgen --version | grep -Fm1 'sepolgen-ifgen .1' 89 + 90 + # "chcat: Requires a mls enabled system" or help, which includes chcat 91 + { $out/bin/chcat --help || true; } | grep -Fm1 'chcat' 92 + 93 + $out/bin/semanage --help | grep -Fm1 'semanage' 94 + $out/bin/sepolgen --help | grep -Fm1 'sepolicy' 95 + $out/bin/sepolicy --help | grep -Fm1 'sepolicy' 96 + 97 + # Should at least run, even if we can't provide it a policy file and need to provide /dev/zero 98 + { $out/bin/sepolgen-ifgen-attr-helper test /dev/null 2>&1 || true; } | grep -Fm1 'error(s) encountered' >/dev/null 99 + ''; 100 + 58 101 meta = with lib; { 59 102 description = "SELinux policy core utilities written in Python"; 60 103 license = licenses.gpl2Plus; ··· 62 105 maintainers = with lib.maintainers; [ RossComputerGuy ]; 63 106 platforms = platforms.linux; 64 107 }; 65 - } 108 + })