Merge branch 'p/selinux' of git://github.com/vcunat/nixpkgs

This branch adds libcap-ng and updates SELinux. It doesn't seem like
anyone is actually using SELinux from nixpkgs, but everything compiles
and looks right.

Signed-off-by: Shea Levy <shea@shealevy.com>

pkgs/development/libraries/ustr/default.nix

@@ -8,8 +8,11 @@ stdenv.mkDerivation rec {
     url = "http://www.and.org/ustr/${version}/${name}.tar.bz2";
     sha256 = "1i623ygdj7rkizj7985q9d6vj5amwg686aqb5j3ixpkqkyp6xbrx";
   };
+
   prePatch = "substituteInPlace Makefile --replace /usr/include/ ${glibc}/include/";
 
+  patches = [ ./va_args.patch ]; # fixes bogus warnings that failed libsemanage
+
   makeFlags = "DESTDIR=$(out) prefix= LDCONFIG=echo";
 
   configurePhase = "make ustr-import";
@@ -21,4 +24,4 @@ stdenv.mkDerivation rec {
     license = licenses.bsd2;
     maintainers = [ maintainers.phreedom ];
   };
-}
+}

pkgs/development/libraries/ustr/va_args.patch

@@ -0,0 +1,23 @@
+diff --git a/ustr-compiler.h b/ustr-compiler.h
+index 9e71276..c5f847a 100644
+--- a/ustr-compiler.h
++++ b/ustr-compiler.h
+@@ -11,17 +11,11 @@
+ #define USTR_CONF_HAVE_ATTR_FMT 1
+ #endif
+ 
++#include <stdarg.h>
+ /* We assume this is enough,
+  * C99 specifies that va_copy() exists and is a macro */
+-#ifdef va_copy
+ # define USTR_CONF_HAVE_VA_COPY 1
+ # define USTR__VA_COPY(x, y)   va_copy(x, y)
+-#elif __va_copy
+-# define USTR_CONF_HAVE_VA_COPY 1
+-# define USTR__VA_COPY(x, y) __va_copy(x, y)
+-#else
+-# define USTR_CONF_HAVE_VA_COPY 0
+-#endif
+ 
+ #ifndef USTR_CONF_HAVE_ATTR_NONNULL
+ #if defined(__GNUC__) && (__GNUC__ > 3) /* not sure */

pkgs/os-specific/linux/checkpolicy/default.nix

@@ -2,11 +2,12 @@
 stdenv.mkDerivation rec {
 
   name = "checkpolicy-${version}";
-  version = "2.0.23";
+  version = "2.1.11";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/checkpolicy-2.0.23.tar.gz";
-    sha256 = "1n34ggacds7xap039r6hqkxmkd4g2wgfkxjdnv3lirq3cqqi8cnd";
+    url = "${se_url}/${se_release}/checkpolicy-${version}.tar.gz";
+    sha256 = "1wahs32l4jjlg0s3lyihdhvwmsy7yyvq5pk96q9lsiilc5vvrb06";
   };
 
   buildInputs = [ libsepol libselinux bison flex ];
@@ -14,10 +15,8 @@ stdenv.mkDerivation rec {
   preBuild = '' makeFlags="$makeFlags LEX=flex LIBDIR=${libsepol}/lib PREFIX=$out" '';
 
   meta = with stdenv.lib; {
-    homepage = http://userspace.selinuxproject.org/;
     description = "SELinux policy compiler";
     license = licenses.gpl2;
-    maintainers = [ maintainers.phreedom ];
-    platforms = platforms.linux;
+    inherit (libsepol.meta) homepage platforms maintainers;
   };
-}
+}

pkgs/os-specific/linux/libcap-ng/default.nix

@@ -0,0 +1,22 @@
+{ stdenv, fetchurl, python }:
+
+assert stdenv.isLinux;
+
+stdenv.mkDerivation rec {
+  name = "libcap-ng-${version}";
+  version = "0.7.3";
+
+  src = fetchurl {
+    url = "${meta.homepage}/${name}.tar.gz";
+    sha256 = "1cavlcrpqi4imkmagjhw65br8rv2fsbhf68mm3lczr51sg44392w";
+  };
+
+  buildInputs = [ python ]; # ToDo? optional swig for python bindings
+
+  meta = {
+    description = "Library for working with POSIX capabilities";
+    homepage = http://people.redhat.com/sgrubb/libcap-ng/;
+    platforms = stdenv.lib.platforms.linux;
+    license = "LGPLv2.1";
+  };
+}

pkgs/os-specific/linux/libselinux/default.nix

@@ -1,15 +1,34 @@
-{stdenv, fetchurl, libsepol}:
+{ stdenv, fetchurl, pkgconfig, libsepol, pcre }:
 
 stdenv.mkDerivation rec {
   name = "libselinux-${version}";
-  version = "2.0.98";
+  version = "2.1.12";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz";
-    sha256 = "00irm7nyakgi4z8d6dlm6c70fkbl6rzk5w1w0ny2c564yw0d0dlz";
+    url = "${se_url}/${se_release}/libselinux-${version}.tar.gz";
+    sha256 = "17navgvljgq35bljzcdwjdj3khajc27s15binr51xkp0h29qgbcd";
   };
 
-  buildInputs = [ libsepol ];
+  patch_src = fetchurl {
+    url = "http://dev.gentoo.org/~swift/patches/libselinux/patchbundle-${name}-r2.tar.gz";
+    sha256 = "08zaas8iwyf4w9ll1ylyv4gril1nfarckd5h1l53563sxzyf7dqh";
+  };
 
-  preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
+  patches = [ ./fPIC.patch ]; # libsemanage seems to need -fPIC everywhere
+
+  buildInputs = [ pkgconfig libsepol pcre ];
+
+  prePatch = ''
+    tar xvf ${patch_src}
+    for p in gentoo-patches/*.patch; do
+      patch -p1 < "$p"
+    done
+  '';
+
+  preInstall = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
+
+  meta = {
+    inherit (libsepol.meta) homepage platforms maintainers;
+  };
 }

pkgs/os-specific/linux/libselinux/fPIC.patch

@@ -0,0 +1,13 @@
+diff --git a/src/Makefile b/src/Makefile
+index ac019df..00432b9 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -132,7 +132,7 @@ $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ)
+ 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
+ 
+ %.o:  %.c policy.h
+-	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
++	$(CC) $(CFLAGS) $(TLSFLAGS) -fPIC -c -o $@ $<
+ 
+ %.lo:  %.c policy.h
+ 	$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<

pkgs/os-specific/linux/libsemanage/default.nix

@@ -2,24 +2,24 @@
 stdenv.mkDerivation rec {
 
   name = "libsemanage-${version}";
-  version = "2.0.46";
+  version = "2.1.9";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz";
-    sha256 = "03ljdw48pn8vlk4h26w8z247c9wykp2198s1ksmxrai3avyz87wf";
+    url = "${se_url}/${se_release}/libsemanage-${version}.tar.gz";
+    sha256 = "1k1my3n1pj30c5887spykcdk1brgxfpxmrz6frxjyhaijxzx20bg";
   };
 
-  NIX_LDFLAGS = "-lsepol";
-
   makeFlags = "PREFIX=$(out) DESTDIR=$(out)";
 
+  NIX_CFLAGS_COMPILE = "-fstack-protector-all";
+  NIX_CFLAGS_LINK = "-lsepol";
+
   buildInputs = [ libsepol libselinux ustr bzip2 bison flex ];
 
   meta = with stdenv.lib; {
-    homepage = http://userspace.selinuxproject.org/;
+    inherit (libsepol.meta) homepage platforms maintainers;
     description = "Policy management tools for SELinux";
     license = licenses.lgpl21;
-    maintainers = [ maintainers.phreedom ];
-    platforms = platforms.linux;
   };
-}
+}

pkgs/os-specific/linux/libsepol/default.nix

@@ -1,13 +1,24 @@
-{stdenv, fetchurl}:
+{ stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   name = "libsepol-${version}";
-  version = "2.0.42";
+  version = "2.1.8";
+  se_release = "20120924";
+  se_url = "${meta.homepage}/releases";
 
   src = fetchurl {
-    url = "http://userspace.selinuxproject.org/releases/20101221/devel/${name}.tar.gz";
-    sha256 = "0sg61mb9qhyh4vplasar6nwd6j123v453zss93qws3h95fhrfc08";
+    url = "${se_url}/${se_release}/libsepol-${version}.tar.gz";
+    sha256 = "1w38q3lmha5m9aps9w844i51yw4b8q1vhpng2kdywn2n8cpdvvk3";
   };
 
   preBuild = '' makeFlags="$makeFlags PREFIX=$out DESTDIR=$out" '';
+
+  passthru = { inherit se_release se_url meta; };
+
+  meta = with stdenv.lib; {
+    homepage = http://userspace.selinuxproject.org;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.phreedom ];
+    license = "GPLv2";
+  };
 }

pkgs/os-specific/linux/policycoreutils/default.nix

@@ -1,25 +1,39 @@
-{ stdenv, fetchurl, libsepol, libselinux }:
+{ stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup
+, libsepol, libselinux, libsemanage
+, python, sepolgen }:
 stdenv.mkDerivation rec {
 
   name = "policycoreutils-${version}";
-  version = "2.0.85";
+  version = "2.1.13";
+  inherit (libsepol) se_release se_url;
 
   src = fetchurl {
-    url = http://userspace.selinuxproject.org/releases/20101221/devel/policycoreutils-2.0.85.tar.gz;
-    sha256 = "01q5ifacg24k9jdz85j9m17ps2l1p7abvh8pzy6qz55y68rycifb";
+    url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz";
+    sha256 = "1145nbpwndmhma08vvj1j75bjd8xhjal0vjpazlrw78iyc30y11l";
   };
 
-  buildInputs = [ libsepol libselinux ];
+  patchPhase = ''
+    substituteInPlace po/Makefile --replace /usr/bin/install install
+  '';
 
-  NIX_LDFLAGS = "-lsepol";
+  buildInputs = [ intltool pcre libcap_ng libcgroup
+    libsepol libselinux  libsemanage
+    python sepolgen # ToDo? these are optional
+  ];
 
-  makeFlags = "LOCALEDIR=$(out)/share/locale";
+  preBuild = ''
+    mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib"
+  '';
+
+  NIX_CFLAGS_COMPILE = "-fstack-protector-all";
+  NIX_LDFLAGS = "-lsepol -lpcre";
+
+  makeFlags = "PREFIX=$(out) DESTDIR=$(out) LOCALEDIR=$(out)/share/locale";
 
   meta = with stdenv.lib; {
-    homepage = http://userspace.selinuxproject.org/;
     description = "SELinux policy core utilities";
     license = licenses.gpl2;
-    maintainers = [ maintainers.phreedom ];
-    platforms = platforms.linux;
+    inherit (libsepol.meta) homepage platforms maintainers;
   };
-}
+}
+

pkgs/os-specific/linux/sepolgen/default.nix

@@ -0,0 +1,22 @@
+{ stdenv, fetchurl, libsepol, python }:
+
+stdenv.mkDerivation rec {
+  name = "sepolgen-${version}";
+  version = "1.1.8";
+  inherit (libsepol) se_release se_url;
+
+  src = fetchurl {
+    url = "${se_url}/${se_release}/sepolgen-${version}.tar.gz";
+    sha256 = "1sssc9d4wz7l23yczlzplsmdr891sqr9w34ccn1bfwlnc4q63xdm";
+  };
+
+  makeFlags = "PREFIX=$(out) DESTDIR=$(out) PYTHONLIBDIR=lib/${python.libPrefix}/site-packages";
+
+  buildInputs = [ python ];
+
+  meta = with stdenv.lib; {
+    inherit (libsepol.meta) homepage platforms maintainers;
+    description = "SELinux policy generation library";
+    license = licenses.gpl2;
+  };
+}

pkgs/top-level/all-packages.nix

@@ -6087,6 +6087,8 @@ let
 
   libcap_manpages = callPackage ../os-specific/linux/libcap/man.nix { };
 
+  libcap_ng = callPackage ../os-specific/linux/libcap-ng { };
+
   libnscd = callPackage ../os-specific/linux/libnscd { };
 
   libnotify = callPackage ../development/libraries/libnotify { };
@@ -6199,6 +6201,8 @@ let
 
   sdparm = callPackage ../os-specific/linux/sdparm { };
 
+  sepolgen = callPackage ../os-specific/linux/sepolgen { };
+
   shadow = callPackage ../os-specific/linux/shadow { };
 
   splashutils = callPackage ../os-specific/linux/splashutils/default.nix { };