From 70ecb218f1d12ee4825d1c511573be51038af70b Mon Sep 17 00:00:00 2001
From: Arnout Engelen <arnout@bzzt.net>
Date: Fri, 20 Nov 2020 14:54:14 +0100
Subject: [PATCH] selinux: 2.9 -> 3.0 (#104087)

Notably, Python 2 code is not be supported in this project anymore and
new Python code should be written only for Python 3, which is no longer
restricted to Python 3.7 (see 780fb563c74171aafc2fb802cfdebd56a68d0705,
5dfd3c497540bb172ff0d04cc8eb5ecbeb59b938)

https://github.com/SELinuxProject/selinux/releases/tag/20191204
---
 pkgs/os-specific/linux/libselinux/default.nix | 20 +++++++++++--------
 pkgs/os-specific/linux/libsepol/default.nix   |  6 +++---
 pkgs/top-level/all-packages.nix               |  4 +---
 pkgs/top-level/python-packages.nix            |  4 ++--
 4 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix
index 741c51e2233b..4dfd6a3f2cd6 100644
--- a/pkgs/os-specific/linux/libselinux/default.nix
+++ b/pkgs/os-specific/linux/libselinux/default.nix
@@ -1,26 +1,26 @@
 { stdenv, fetchurl, pcre, pkgconfig, libsepol
-, enablePython ? true, swig ? null, python ? null
+, enablePython ? true, swig ? null, python3 ? null
 , fts
 }:
 
-assert enablePython -> swig != null && python != null;
+assert enablePython -> swig != null && python3 != null;
 
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
   pname = "libselinux";
-  version = "2.9";
+  version = "3.0";
   inherit (libsepol) se_release se_url;
 
   outputs = [ "bin" "out" "dev" "man" ] ++ optional enablePython "py";
 
   src = fetchurl {
     url = "${se_url}/${se_release}/libselinux-${version}.tar.gz";
-    sha256 = "14r69mgmz7najf9wbizvp68q56mqx4yjbkxjlbcqg5a47s3wik0v";
+    sha256 = "0cr4p0qkr4qd5z1x677vwhz6mlz55kxyijwi2dmrvbhxcw7v78if";
   };
 
-  nativeBuildInputs = [ pkgconfig ] ++ optionals enablePython [ swig python ];
-  buildInputs = [ libsepol pcre fts ] ++ optionals enablePython [ python ];
+  nativeBuildInputs = [ pkgconfig ] ++ optionals enablePython [ swig python3 ];
+  buildInputs = [ libsepol pcre fts ] ++ optionals enablePython [ python3 ];
 
   # drop fortify here since package uses it by default, leading to compile error:
   # command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
@@ -35,14 +35,18 @@ stdenv.mkDerivation rec {
     "MAN3DIR=$(man)/share/man/man3"
     "MAN5DIR=$(man)/share/man/man5"
     "MAN8DIR=$(man)/share/man/man8"
-    "PYTHON=${python.pythonForBuild}/bin/python"
-    "PYTHONLIBDIR=$(py)/${python.sitePackages}"
+    "PYTHON=${python3.pythonForBuild}/bin/python"
+    "PYTHONLIBDIR=$(py)/${python3.sitePackages}"
     "SBINDIR=$(bin)/sbin"
     "SHLIBDIR=$(out)/lib"
 
     "LIBSEPOLA=${stdenv.lib.getLib libsepol}/lib/libsepol.a"
   ];
 
+  preInstall = ''
+    mkdir -p $py/${python3.sitePackages}/selinux
+  '';
+
   installTargets = [ "install" ] ++ optional enablePython "install-pywrap";
 
   meta = removeAttrs libsepol.meta ["outputsToInstall"] // {
diff --git a/pkgs/os-specific/linux/libsepol/default.nix b/pkgs/os-specific/linux/libsepol/default.nix
index 497961af11b4..3592ba1637c1 100644
--- a/pkgs/os-specific/linux/libsepol/default.nix
+++ b/pkgs/os-specific/linux/libsepol/default.nix
@@ -2,15 +2,15 @@
 
 stdenv.mkDerivation rec {
   pname = "libsepol";
-  version = "2.9";
-  se_release = "20190315";
+  version = "3.0";
+  se_release = "20191204";
   se_url = "https://github.com/SELinuxProject/selinux/releases/download";
 
   outputs = [ "bin" "out" "dev" "man" ];
 
   src = fetchurl {
     url = "${se_url}/${se_release}/libsepol-${version}.tar.gz";
-    sha256 = "0p8x7w73jn1nysx1d7416wqrhbi0r6isrjxib7jf68fi72q14jx3";
+    sha256 = "0ygb6dh5lng91xs6xiqf5v0nxa68qmjc787p0s5h9w89364f2yjv";
   };
 
   nativeBuildInputs = [ flex ];
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 964ebcbe9779..4fbc808bdeb2 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -18505,9 +18505,7 @@ in
 
   keyutils = callPackage ../os-specific/linux/keyutils { };
 
-  libselinux = callPackage ../os-specific/linux/libselinux {
-    python = python37;
-  };
+  libselinux = callPackage ../os-specific/linux/libselinux { };
 
   libsemanage = callPackage ../os-specific/linux/libsemanage {
     python = python3;
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index c46cec5436e7..72a14222f252 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -3447,13 +3447,13 @@ in {
       p.overrideAttrs (super: {
         meta = super.meta // {
           outputsToInstall = [ "py" ];
-          broken = (super.meta.broken or false) || pythonAtLeast "3.8";
+          broken = super.meta.broken or isPy27;
         };
       }))
     (p:
       p.override {
         enablePython = true;
-        inherit python;
+        python3 = python;
       })
     (p: p.py)
   ];