commit 79edf9c8b083ce70eee3098884381cac7889a3bc · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

selinux-python: 3.3 -> 3.8.1; fix runtime

Morgan Jones 10 months ago 79edf9c8 9de17e0a

+58 -15

1 changed file

expand all

unified split

pkgs

by-name

selinux-python

package.nix

+58 -15

pkgs/by-name/se/selinux-python/package.nix

··· 3 stdenv, 4 fetchurl, 5 python3, 6 libselinux, 7 libsemanage, 8 libsepol, 9 setools, 10 }: 11 12 - # this is python3 only because setools only supports python3 13 - stdenv.mkDerivation rec { 14 pname = "selinux-python"; 15 - version = "3.3"; 16 17 inherit (libsepol) se_url; 18 19 src = fetchurl { 20 - url = "${se_url}/${version}/selinux-python-${version}.tar.gz"; 21 - sha256 = "1v244hpb45my303793xa4kcn7qnxjgxn4ja7rdn9k1q361hi1nca"; 22 }; 23 24 strictDeps = true; 25 26 nativeBuildInputs = [ 27 - python3 28 - python3.pkgs.distutils 29 python3.pkgs.wrapPython 30 ]; 31 - buildInputs = [ libsepol ]; 32 - propagatedBuildInputs = [ 33 libselinux 34 - libsemanage 35 setools 36 - python3.pkgs.ipy 37 ]; 38 39 postPatch = '' 40 - substituteInPlace sepolicy/Makefile --replace "echo --root" "echo --prefix" 41 - substituteInPlace sepolgen/src/share/Makefile --replace "/var/lib/sepolgen" \ 42 - "\$PREFIX/var/lib/sepolgen" 43 ''; 44 45 makeFlags = [ 46 "PREFIX=$(out)" 47 "LOCALEDIR=$(out)/share/locale" 48 "BASHCOMPLETIONDIR=$(out)/share/bash-completion/completions" 49 "PYTHON=python" ··· 51 "LIBSEPOLA=${lib.getLib libsepol}/lib/libsepol.a" 52 ]; 53 54 postFixup = '' 55 wrapPythonPrograms 56 ''; 57 58 meta = with lib; { 59 description = "SELinux policy core utilities written in Python"; 60 license = licenses.gpl2Plus; ··· 62 maintainers = with lib.maintainers; [ RossComputerGuy ]; 63 platforms = platforms.linux; 64 }; 65 - }

··· 3 stdenv, 4 fetchurl, 5 python3, 6 + gettext, 7 libselinux, 8 libsemanage, 9 libsepol, 10 setools, 11 }: 12 13 + let 14 + selinuxPython3 = python3.withPackages ( 15 + ps: with ps; [ 16 + pip 17 + setuptools 18 + ] 19 + ); 20 + in 21 + stdenv.mkDerivation (finalAttrs: { 22 pname = "selinux-python"; 23 + version = "3.8.1"; 24 25 inherit (libsepol) se_url; 26 27 src = fetchurl { 28 + url = "${finalAttrs.se_url}/${finalAttrs.version}/selinux-python-${finalAttrs.version}.tar.gz"; 29 + hash = "sha256-dJAlv6SqDgCb8//EVdVloY1Ntxz+eWvkQFghcXIGwlo="; 30 }; 31 32 strictDeps = true; 33 34 nativeBuildInputs = [ 35 + selinuxPython3 36 python3.pkgs.wrapPython 37 + gettext 38 ]; 39 + 40 + buildInputs = [ 41 + python3 42 + libsepol 43 libselinux 44 + ]; 45 + 46 + pythonPath = [ 47 + python3.pkgs.libselinux.py 48 + libsemanage.py 49 setools 50 ]; 51 52 postPatch = '' 53 + # We would like to disable build isolation so we use the provided setuptools (this is part of a `pip install` command) 54 + substituteInPlace sepolicy/Makefile --replace-fail 'echo --root' 'echo --no-build-isolation --root' 55 + 56 + # Replace hardcoded paths. 57 + substituteInPlace sepolgen/src/share/Makefile --replace-fail "/var/lib/sepolgen" \ 58 + '$(PREFIX)/var/lib/sepolgen' 59 + substituteInPlace po/Makefile --replace-fail "/usr/bin/install" "install" 60 ''; 61 62 makeFlags = [ 63 "PREFIX=$(out)" 64 + # This makes pip successfully install it (note the test -n "$(DESTDIR)" nonsense) 65 + # https://github.com/SELinuxProject/selinux/blob/d1e3170556e1023e07b3c071ce89543ead6ba6f8/python/sepolicy/Makefile#L30 66 + "DESTDIR=/" 67 "LOCALEDIR=$(out)/share/locale" 68 "BASHCOMPLETIONDIR=$(out)/share/bash-completion/completions" 69 "PYTHON=python" ··· 71 "LIBSEPOLA=${lib.getLib libsepol}/lib/libsepol.a" 72 ]; 73 74 + preFixup = '' 75 + patchShebangs --host $out/bin/* 76 + ''; 77 + 78 postFixup = '' 79 wrapPythonPrograms 80 ''; 81 82 + doInstallCheck = true; 83 + 84 + installCheckPhase = '' 85 + # Version hasn't changed in 17 years, if it suddenly does these tests deserve to break 86 + $out/bin/audit2allow --version | grep -Fm1 'audit2allow .1' 87 + $out/bin/audit2why --version | grep -Fm1 'audit2allow .1' 88 + $out/bin/sepolgen-ifgen --version | grep -Fm1 'sepolgen-ifgen .1' 89 + 90 + # "chcat: Requires a mls enabled system" or help, which includes chcat 91 + { $out/bin/chcat --help || true; } | grep -Fm1 'chcat' 92 + 93 + $out/bin/semanage --help | grep -Fm1 'semanage' 94 + $out/bin/sepolgen --help | grep -Fm1 'sepolicy' 95 + $out/bin/sepolicy --help | grep -Fm1 'sepolicy' 96 + 97 + # Should at least run, even if we can't provide it a policy file and need to provide /dev/zero 98 + { $out/bin/sepolgen-ifgen-attr-helper test /dev/null 2>&1 || true; } | grep -Fm1 'error(s) encountered' >/dev/null 99 + ''; 100 + 101 meta = with lib; { 102 description = "SELinux policy core utilities written in Python"; 103 license = licenses.gpl2Plus; ··· 105 maintainers = with lib.maintainers; [ RossComputerGuy ]; 106 platforms = platforms.linux; 107 }; 108 + })