tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / libselinux / default.nix
at netboot-syslinux-multiplatform 85 lines 2.8 kB view raw
1{ lib, stdenv, fetchurl, fetchpatch, buildPackages, pcre, pkg-config, libsepol 2, enablePython ? !stdenv.hostPlatform.isStatic, swig ? null, python3 ? null 3, fts 4}: 5 6assert enablePython -> swig != null && python3 != null; 7 8with lib; 9 10stdenv.mkDerivation rec { 11 pname = "libselinux"; 12 version = "3.3"; 13 inherit (libsepol) se_url; 14 15 outputs = [ "bin" "out" "dev" "man" ] ++ optional enablePython "py"; 16 17 src = fetchurl { 18 url = "${se_url}/${version}/libselinux-${version}.tar.gz"; 19 sha256 = "0mvh793g7fg6wb6zqhkdyrv80x6k84ypqwi8ii89c91xcckyxzdc"; 20 }; 21 22 patches = [ 23 # Make it possible to disable shared builds (for pkgsStatic). 24 # 25 # We can't use fetchpatch because it processes includes/excludes 26 # /after/ stripping the prefix, which wouldn't work here because 27 # there would be no way to distinguish between 28 # e.g. libselinux/src/Makefile and libsepol/src/Makefile. 29 # 30 # This is a static email, so we shouldn't have to worry about 31 # normalizing the patch. 32 (fetchurl { 33 url = "https://lore.kernel.org/selinux/20211113141616.361640-1-hi@alyssa.is/raw"; 34 sha256 = "16a2s2ji9049892i15yyqgp4r20hi1hij4c1s4s8law9jsx65b3n"; 35 postFetch = '' 36 mv "$out" $TMPDIR/patch 37 ${buildPackages.patchutils_0_3_3}/bin/filterdiff \ 38 -i 'a/libselinux/*' --strip 1 <$TMPDIR/patch >"$out" 39 ''; 40 }) 41 ]; 42 43 nativeBuildInputs = [ pkg-config python3 ] ++ optionals enablePython [ swig ]; 44 buildInputs = [ libsepol pcre fts ] ++ optionals enablePython [ python3 ]; 45 46 # drop fortify here since package uses it by default, leading to compile error: 47 # command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror] 48 hardeningDisable = [ "fortify" ]; 49 50 env.NIX_CFLAGS_COMPILE = "-Wno-error"; 51 52 makeFlags = [ 53 "PREFIX=$(out)" 54 "INCDIR=$(dev)/include/selinux" 55 "INCLUDEDIR=$(dev)/include" 56 "MAN3DIR=$(man)/share/man/man3" 57 "MAN5DIR=$(man)/share/man/man5" 58 "MAN8DIR=$(man)/share/man/man8" 59 "SBINDIR=$(bin)/sbin" 60 "SHLIBDIR=$(out)/lib" 61 62 "LIBSEPOLA=${lib.getLib libsepol}/lib/libsepol.a" 63 "ARCH=${stdenv.hostPlatform.linuxArch}" 64 ] ++ optionals stdenv.hostPlatform.isStatic [ 65 "DISABLE_SHARED=y" 66 ] ++ optionals enablePython [ 67 "PYTHON=${python3.pythonForBuild.interpreter}" 68 "PYTHONLIBDIR=$(py)/${python3.sitePackages}" 69 ]; 70 71 postPatch = lib.optionalString stdenv.hostPlatform.isMusl '' 72 substituteInPlace src/procattr.c \ 73 --replace "#include <unistd.h>" "" 74 ''; 75 76 preInstall = optionalString enablePython '' 77 mkdir -p $py/${python3.sitePackages}/selinux 78 ''; 79 80 installTargets = [ "install" ] ++ optional enablePython "install-pywrap"; 81 82 meta = removeAttrs libsepol.meta ["outputsToInstall"] // { 83 description = "SELinux core library"; 84 }; 85}