2014-12-16 04:53:53 +01:00
|
|
|
################################################################################
|
|
|
|
#
|
|
|
|
# libselinux
|
|
|
|
#
|
|
|
|
################################################################################
|
|
|
|
|
2020-07-15 15:07:34 +02:00
|
|
|
LIBSELINUX_VERSION = 3.1
|
|
|
|
LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710
|
2014-12-16 04:53:53 +01:00
|
|
|
LIBSELINUX_LICENSE = Public Domain
|
|
|
|
LIBSELINUX_LICENSE_FILES = LICENSE
|
2020-12-04 16:46:01 +01:00
|
|
|
LIBSELINUX_CPE_ID_VENDOR = selinuxproject
|
2014-12-16 04:53:53 +01:00
|
|
|
|
2019-12-18 21:39:06 +01:00
|
|
|
LIBSELINUX_DEPENDENCIES = $(BR2_COREUTILS_HOST_DEPENDENCY) libsepol pcre
|
2014-12-16 04:53:53 +01:00
|
|
|
|
|
|
|
LIBSELINUX_INSTALL_STAGING = YES
|
|
|
|
|
2018-10-11 21:37:00 +02:00
|
|
|
# Set SHLIBDIR to /usr/lib so it has the same value than LIBDIR, as a result
|
|
|
|
# we won't have to use a relative path in 0002-revert-ln-relative.patch
|
2014-12-16 04:53:53 +01:00
|
|
|
LIBSELINUX_MAKE_OPTS = \
|
|
|
|
$(TARGET_CONFIGURE_OPTS) \
|
2018-10-11 21:37:00 +02:00
|
|
|
ARCH=$(KERNEL_ARCH) \
|
|
|
|
SHLIBDIR=/usr/lib
|
2014-12-16 04:53:53 +01:00
|
|
|
|
2017-02-02 23:45:04 +01:00
|
|
|
LIBSELINUX_MAKE_INSTALL_TARGETS = install
|
|
|
|
|
2019-09-22 11:06:26 +02:00
|
|
|
ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),)
|
|
|
|
LIBSELINUX_DEPENDENCIES += musl-fts
|
|
|
|
LIBSELINUX_MAKE_OPTS += FTS_LDLIBS=-lfts
|
|
|
|
endif
|
|
|
|
|
2017-02-02 23:45:04 +01:00
|
|
|
ifeq ($(BR2_PACKAGE_PYTHON3),y)
|
|
|
|
LIBSELINUX_DEPENDENCIES += python3 host-swig
|
|
|
|
|
|
|
|
LIBSELINUX_MAKE_OPTS += \
|
package/libselinux: fix the build with Python 3.8
Following the switch to Python 3.8, the libselinux Python extension
started to fail building. This is fixed by upstream commit
2efa06857575e4118e91ca250b6b92da68b130d5, which we backport as
0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch.
This patch has the nice merit of switching to using distutils to build
the Python extension of libselinux, instead of some custom logic. This
allows to significantly simplify our libselinux.mk: we can rely on
PKG_PYTHON_DISTUTILS_ENV and HOST_PKG_PYTHON_DISTUTILS_ENV instead of
lots of custom variables.
However, upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5 had
its own issues:
* Hardcode of -I $(DESTDIR)/$(INCLUDEDIR) -L $(DESTDIR)/$(LIBDIR) at
build time, while DESTDIR is normally empty at build time, causing
bogus -I /usr/include -L /usr/lib to be used
This is fixed in
0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch
* New usage of ln --relative, which is not supported in older
distributions.
This is fixed in
0005-Remove-ln-relative-usage-in-install-pywrap.patch
* Usage of the host Python "imp" module to query the extension used
for native Python module, but that returns an incorrect result when
cross-compiling. We chose to simplify the code to not have to query
for this information.
This is fixed in
0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
With this patch, the libselinux Python module was built-tested with
Python 2 and Python 3, and run-time tested as well in both
configurations, for both the target and host variants of libselinux.
Fixes:
http://autobuild.buildroot.net/results/aeb58de7ad674b980258e6ed30c7da3949a04452/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-25 15:27:31 +02:00
|
|
|
$(PKG_PYTHON_DISTUTILS_ENV) \
|
2020-04-15 14:59:14 +02:00
|
|
|
PYTHON=python$(PYTHON3_VERSION_MAJOR)
|
2017-02-02 23:45:04 +01:00
|
|
|
|
|
|
|
LIBSELINUX_MAKE_INSTALL_TARGETS += install-pywrap
|
2017-04-13 06:16:12 +02:00
|
|
|
|
|
|
|
# dependencies are broken and result in file truncation errors at link
|
|
|
|
# time if the Python bindings are built through the same make
|
|
|
|
# invocation as the rest of the library.
|
|
|
|
define LIBSELINUX_BUILD_PYTHON_BINDINGS
|
|
|
|
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
|
2018-01-16 09:21:53 +01:00
|
|
|
$(LIBSELINUX_MAKE_OPTS) swigify pywrap
|
2017-04-13 06:16:12 +02:00
|
|
|
endef
|
2020-04-15 14:59:14 +02:00
|
|
|
endif # python3
|
2017-02-02 23:45:04 +01:00
|
|
|
|
2020-04-20 22:00:58 +02:00
|
|
|
# Filter out D_FILE_OFFSET_BITS=64. This fixes errors caused by glibc 2.22. We
|
|
|
|
# set CFLAGS, CPPFLAGS and LDFLAGS here because we want to win over the
|
|
|
|
# CFLAGS/CPPFLAGS/LDFLAGS definitions passed by $(PKG_PYTHON_DISTUTILS_ENV)
|
package/libselinux: fix build on old glibc with <fts.h> incompatible with LFS
glibc versions prior to 2.23 have a <fts.h> implementation that is not
compatible with large file support, causing build failures such as:
In file included from selinux_restorecon.c:17:0:
/home/naourr/work/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
# error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
Prior to commit 3fce6f1c150dbe4be58d083008ca8dbe7257836e
("package/libselinux: fix the build with Python 3.8"), we were not
passing PKG_PYTHON_DISTUTILS_ENV in the environment. But with
3fce6f1c150dbe4be58d083008ca8dbe7257836e, we are now passing the
PKG_PYTHON_DISTUTILS_ENV variable, provided by pkg-python.mk, into the
build environment. While this is part of fixing the build of
libselinux with Python 3.8, it breaks the build because we are no
longer filtering out the -D_FILE_OFFSET_BITS=64 option from
CFLAGS. Indeed, while we do so at the beginning of libselinux.mk, it
gets overridden later by the addition of $(PKG_PYTHON_DISTUTILS_ENV).
To avoid this, we pass CFLAGS/LDFLAGS *after*
$(PKG_PYTHON_DISTUTILS_ENV) has been added. In practice, the
CFLAGS/LDFLAGS passed by $(PKG_PYTHON_DISTUTILS_ENV) are just
$(TARGET_CFLAGS) and $(TARGET_LDFLAGS), so we are not missing anything
specific.
Fixes:
http://autobuild.buildroot.net/results/ef6ff91086a094eb25b145d66d072c6d2fc60154/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-28 19:05:02 +01:00
|
|
|
# when the python binding is enabled.
|
|
|
|
LIBSELINUX_MAKE_OPTS += \
|
|
|
|
CFLAGS="$(filter-out -D_FILE_OFFSET_BITS=64,$(TARGET_CFLAGS))" \
|
2020-04-20 22:00:58 +02:00
|
|
|
CPPFLAGS="$(filter-out -D_FILE_OFFSET_BITS=64,$(TARGET_CPPFLAGS))" \
|
package/libselinux: fix build on old glibc with <fts.h> incompatible with LFS
glibc versions prior to 2.23 have a <fts.h> implementation that is not
compatible with large file support, causing build failures such as:
In file included from selinux_restorecon.c:17:0:
/home/naourr/work/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
# error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64"
Prior to commit 3fce6f1c150dbe4be58d083008ca8dbe7257836e
("package/libselinux: fix the build with Python 3.8"), we were not
passing PKG_PYTHON_DISTUTILS_ENV in the environment. But with
3fce6f1c150dbe4be58d083008ca8dbe7257836e, we are now passing the
PKG_PYTHON_DISTUTILS_ENV variable, provided by pkg-python.mk, into the
build environment. While this is part of fixing the build of
libselinux with Python 3.8, it breaks the build because we are no
longer filtering out the -D_FILE_OFFSET_BITS=64 option from
CFLAGS. Indeed, while we do so at the beginning of libselinux.mk, it
gets overridden later by the addition of $(PKG_PYTHON_DISTUTILS_ENV).
To avoid this, we pass CFLAGS/LDFLAGS *after*
$(PKG_PYTHON_DISTUTILS_ENV) has been added. In practice, the
CFLAGS/LDFLAGS passed by $(PKG_PYTHON_DISTUTILS_ENV) are just
$(TARGET_CFLAGS) and $(TARGET_LDFLAGS), so we are not missing anything
specific.
Fixes:
http://autobuild.buildroot.net/results/ef6ff91086a094eb25b145d66d072c6d2fc60154/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-28 19:05:02 +01:00
|
|
|
LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread"
|
|
|
|
|
2014-12-16 04:53:53 +01:00
|
|
|
define LIBSELINUX_BUILD_CMDS
|
2016-10-28 15:18:22 +02:00
|
|
|
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
|
2018-01-16 09:21:53 +01:00
|
|
|
$(LIBSELINUX_MAKE_OPTS) all
|
2017-04-13 06:16:12 +02:00
|
|
|
$(LIBSELINUX_BUILD_PYTHON_BINDINGS)
|
2014-12-16 04:53:53 +01:00
|
|
|
endef
|
|
|
|
|
|
|
|
define LIBSELINUX_INSTALL_STAGING_CMDS
|
2016-10-28 15:18:22 +02:00
|
|
|
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
|
2017-02-02 23:45:04 +01:00
|
|
|
$(LIBSELINUX_MAKE_OPTS) DESTDIR=$(STAGING_DIR) \
|
|
|
|
$(LIBSELINUX_MAKE_INSTALL_TARGETS)
|
2014-12-16 04:53:53 +01:00
|
|
|
endef
|
|
|
|
|
|
|
|
define LIBSELINUX_INSTALL_TARGET_CMDS
|
2016-10-28 15:18:22 +02:00
|
|
|
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
|
2019-10-22 10:49:23 +02:00
|
|
|
$(LIBSELINUX_MAKE_OPTS) DESTDIR=$(TARGET_DIR) \
|
|
|
|
$(LIBSELINUX_MAKE_INSTALL_TARGETS)
|
2014-12-16 04:53:53 +01:00
|
|
|
if ! grep -q "selinuxfs" $(TARGET_DIR)/etc/fstab; then \
|
2020-10-06 17:44:30 +02:00
|
|
|
echo "none /sys/fs/selinux selinuxfs noauto 0 0" >> $(TARGET_DIR)/etc/fstab ; fi
|
2014-12-16 04:53:53 +01:00
|
|
|
endef
|
|
|
|
|
|
|
|
HOST_LIBSELINUX_DEPENDENCIES = \
|
2020-04-15 14:59:14 +02:00
|
|
|
host-libsepol host-pcre host-swig host-python3
|
2014-12-16 04:53:53 +01:00
|
|
|
|
|
|
|
HOST_LIBSELINUX_MAKE_OPTS = \
|
|
|
|
$(HOST_CONFIGURE_OPTS) \
|
2017-07-05 13:14:50 +02:00
|
|
|
PREFIX=$(HOST_DIR) \
|
2018-10-11 21:37:00 +02:00
|
|
|
SHLIBDIR=$(HOST_DIR)/lib \
|
2014-12-16 04:53:53 +01:00
|
|
|
LDFLAGS="$(HOST_LDFLAGS) -lpcre -lpthread" \
|
package/libselinux: fix the build with Python 3.8
Following the switch to Python 3.8, the libselinux Python extension
started to fail building. This is fixed by upstream commit
2efa06857575e4118e91ca250b6b92da68b130d5, which we backport as
0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch.
This patch has the nice merit of switching to using distutils to build
the Python extension of libselinux, instead of some custom logic. This
allows to significantly simplify our libselinux.mk: we can rely on
PKG_PYTHON_DISTUTILS_ENV and HOST_PKG_PYTHON_DISTUTILS_ENV instead of
lots of custom variables.
However, upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5 had
its own issues:
* Hardcode of -I $(DESTDIR)/$(INCLUDEDIR) -L $(DESTDIR)/$(LIBDIR) at
build time, while DESTDIR is normally empty at build time, causing
bogus -I /usr/include -L /usr/lib to be used
This is fixed in
0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch
* New usage of ln --relative, which is not supported in older
distributions.
This is fixed in
0005-Remove-ln-relative-usage-in-install-pywrap.patch
* Usage of the host Python "imp" module to query the extension used
for native Python module, but that returns an incorrect result when
cross-compiling. We chose to simplify the code to not have to query
for this information.
This is fixed in
0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
With this patch, the libselinux Python module was built-tested with
Python 2 and Python 3, and run-time tested as well in both
configurations, for both the target and host variants of libselinux.
Fixes:
http://autobuild.buildroot.net/results/aeb58de7ad674b980258e6ed30c7da3949a04452/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-25 15:27:31 +02:00
|
|
|
$(HOST_PKG_PYTHON_DISTUTILS_ENV) \
|
2020-04-15 14:59:14 +02:00
|
|
|
PYTHON=python$(PYTHON3_VERSION_MAJOR)
|
2014-12-16 04:53:53 +01:00
|
|
|
|
|
|
|
define HOST_LIBSELINUX_BUILD_CMDS
|
2016-10-28 15:18:23 +02:00
|
|
|
$(HOST_MAKE_ENV) $(MAKE1) -C $(@D) \
|
2017-07-05 13:14:50 +02:00
|
|
|
$(HOST_LIBSELINUX_MAKE_OPTS) all
|
2014-12-16 04:53:53 +01:00
|
|
|
# Generate python interface wrapper
|
2016-10-28 15:18:23 +02:00
|
|
|
$(HOST_MAKE_ENV) $(MAKE1) -C $(@D) \
|
2017-07-05 13:14:50 +02:00
|
|
|
$(HOST_LIBSELINUX_MAKE_OPTS) swigify pywrap
|
2014-12-16 04:53:53 +01:00
|
|
|
endef
|
|
|
|
|
|
|
|
define HOST_LIBSELINUX_INSTALL_CMDS
|
2016-10-28 15:18:23 +02:00
|
|
|
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) \
|
2017-07-05 13:14:50 +02:00
|
|
|
$(HOST_LIBSELINUX_MAKE_OPTS) install
|
2014-12-16 04:53:53 +01:00
|
|
|
# Install python interface wrapper
|
2016-10-28 15:18:23 +02:00
|
|
|
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) \
|
2017-07-05 13:14:50 +02:00
|
|
|
$(HOST_LIBSELINUX_MAKE_OPTS) install-pywrap
|
2014-12-16 04:53:53 +01:00
|
|
|
endef
|
|
|
|
|
2020-04-04 14:10:33 +02:00
|
|
|
define LIBSELINUX_LINUX_CONFIG_FIXUPS
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_SELINUX)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_INET)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_NET)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SELINUX)
|
2020-07-31 22:40:52 +02:00
|
|
|
$(call KCONFIG_SET_OPT,CONFIG_LSM,"selinux")
|
2020-07-31 22:40:53 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_EROFS),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_EROFS_FS_XATTR)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_EROFS_FS_SECURITY))
|
2020-07-31 22:40:54 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_EXT2),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT2_FS_XATTR)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT2_FS_SECURITY))
|
2020-07-31 22:40:55 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_EXT2_3),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT3_FS_SECURITY))
|
2020-07-31 22:40:56 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_EXT2_4),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT4_FS_SECURITY))
|
2020-07-31 22:40:57 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_F2FS),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_F2FS_FS_XATTR)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_F2FS_FS_SECURITY))
|
2020-07-31 22:40:58 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_JFFS2),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_JFS_SECURITY))
|
2020-07-31 22:40:59 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_SQUASHFS),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_SQUASHFS_XATTR))
|
2020-07-31 22:41:00 +02:00
|
|
|
$(if $(BR2_TARGET_ROOTFS_UBIFS),
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_UBIFS_FS_XATTR)
|
|
|
|
$(call KCONFIG_ENABLE_OPT,CONFIG_UBIFS_FS_SECURITY))
|
2020-04-04 14:10:33 +02:00
|
|
|
endef
|
|
|
|
|
2014-12-16 04:53:53 +01:00
|
|
|
$(eval $(generic-package))
|
|
|
|
$(eval $(host-generic-package))
|