diff --git a/pkgs/os-specific/linux/libselinux/default.nix b/pkgs/os-specific/linux/libselinux/default.nix index d3279780c7cd..22ff351e45a6 100644 --- a/pkgs/os-specific/linux/libselinux/default.nix +++ b/pkgs/os-specific/linux/libselinux/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, libsepol, pcre -, enablePython ? false, swig ? null, python ? null +, enablePython ? true, swig ? null, python ? null }: assert enablePython -> swig != null && python != null; diff --git a/pkgs/os-specific/linux/policycoreutils/default.nix b/pkgs/os-specific/linux/policycoreutils/default.nix index ef7e76824db5..4eb8394a4d34 100644 --- a/pkgs/os-specific/linux/policycoreutils/default.nix +++ b/pkgs/os-specific/linux/policycoreutils/default.nix @@ -1,29 +1,38 @@ -{ stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup -, libsepol, libselinux, libsemanage, setools -, python, sepolgen }: -stdenv.mkDerivation rec { +{ stdenv, fetchurl, pythonPackages, gettext +, setools, libsepol, libselinux, libcap_ng, libsemanage, sepolgen +}: +stdenv.mkDerivation rec { name = "policycoreutils-${version}"; - version = "2.3"; + version = "2.4"; inherit (libsepol) se_release se_url; src = fetchurl { url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz"; - sha256 = "1lpwxr5hw3dwhlp2p7y8jcr18mvfcrclwd8c2idz3lmmb3pglk46"; + sha256 = "0y9l9k60iy21hj0lcvfdfxs1fxydg6d3pxp9rhy7hwr4y5vgh6dq"; }; - preConfigure = '' + postPatch = '' + # Fix references to libsepol.a + find . -name Makefile -exec sed -i 's,[^ ]*/libsepol.a,${libsepol}/lib/libsepol.a,g' {} \; + + # Fix install references substituteInPlace po/Makefile --replace /usr/bin/install install - find . -type f -exec sed -i 's,/usr/bin/python,${python}/bin/python,' {} \; + + # Fix references to /usr/share + grep -r '/usr/share' | awk -F: '{print $1}' | xargs sed -i "s,\(\$(DESTDIR)\)*/usr/share,$out/share,g" + + # Fix sepolicy install + sed -i "s,\(setup.py install\).*,\1 --prefix=$out,g" sepolicy/Makefile ''; - buildInputs = [ intltool pcre libcap_ng libcgroup - libsepol libselinux libsemanage setools - python sepolgen # ToDo? these are optional - ]; + nativeBuildInputs = [ pythonPackages.python gettext ]; + buildInputs = [ setools libsepol libselinux libcap_ng libsemanage ]; + pythonPath = [ libselinux sepolgen ]; preBuild = '' - mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib" + makeFlagsArray+=("PREFIX=$out") + makeFlagsArray+=("DESTDIR=$out") ''; # Creation of the system-config-selinux directory is broken @@ -31,14 +40,19 @@ stdenv.mkDerivation rec { mkdir -p $out/share/system-config-selinux ''; + # Fix the python scripts to include paths to libraries + # NOTE: We are not using wrapPythonPrograms or makeWrapper as these scripts + # purge the environment as a security measure + postInstall = '' + grep -r '#!.*python' $out/bin | awk -F: '{print $1}' | xargs sed -i "1a \ + import sys; \ + sys.path.append('$(toPythonPath "$out")'); \ + ${stdenv.lib.flip stdenv.lib.concatMapStrings pythonPath (lib: '' + sys.path.append('$(toPythonPath "${lib}")'); \ + '')}" + ''; + NIX_CFLAGS_COMPILE = "-fstack-protector-all"; - NIX_LDFLAGS = "-lsepol -lpcre"; - - makeFlags = "PREFIX=$(out) DESTDIR=$(out) LOCALEDIR=$(out)/share/locale"; - - patches = [ ./size_format.patch ]; - - patchFlags = [ "-p0" ]; meta = with stdenv.lib; { description = "SELinux policy core utilities"; diff --git a/pkgs/os-specific/linux/policycoreutils/size_format.patch b/pkgs/os-specific/linux/policycoreutils/size_format.patch deleted file mode 100644 index 044320985479..000000000000 --- a/pkgs/os-specific/linux/policycoreutils/size_format.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- setfiles/restore.c.orig 2014-08-21 17:26:00.200788259 +0200 -+++ setfiles/restore.c 2014-08-21 17:26:04.728888118 +0200 -@@ -118,7 +118,7 @@ - r_opts->count++; - if (r_opts->count % STAR_COUNT == 0) { - if (r_opts->progress == 1) { -- fprintf(stdout, "\r%luk", (size_t) r_opts->count / STAR_COUNT ); -+ fprintf(stdout, "\r%zuk", (size_t) r_opts->count / STAR_COUNT ); - } else { - if (r_opts->nfile > 0) { - progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100;