kumquat-buildroot/package/libselinux/libselinux.mk

138 lines
4.6 KiB
Makefile
Raw Normal View History

################################################################################
#
# libselinux
#
################################################################################
LIBSELINUX_VERSION = 3.1
LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/20200710
LIBSELINUX_LICENSE = Public Domain
LIBSELINUX_LICENSE_FILES = LICENSE
LIBSELINUX_CPE_ID_VENDOR = selinuxproject
LIBSELINUX_DEPENDENCIES = $(BR2_COREUTILS_HOST_DEPENDENCY) libsepol pcre
LIBSELINUX_INSTALL_STAGING = YES
# Set SHLIBDIR to /usr/lib so it has the same value than LIBDIR, as a result
# we won't have to use a relative path in 0002-revert-ln-relative.patch
LIBSELINUX_MAKE_OPTS = \
$(TARGET_CONFIGURE_OPTS) \
ARCH=$(KERNEL_ARCH) \
SHLIBDIR=/usr/lib
LIBSELINUX_MAKE_INSTALL_TARGETS = install
ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),)
LIBSELINUX_DEPENDENCIES += musl-fts
LIBSELINUX_MAKE_OPTS += FTS_LDLIBS=-lfts
endif
ifeq ($(BR2_PACKAGE_PYTHON3),y)
LIBSELINUX_DEPENDENCIES += python3 host-swig
LIBSELINUX_MAKE_OPTS += \
package/libselinux: fix the build with Python 3.8 Following the switch to Python 3.8, the libselinux Python extension started to fail building. This is fixed by upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5, which we backport as 0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch. This patch has the nice merit of switching to using distutils to build the Python extension of libselinux, instead of some custom logic. This allows to significantly simplify our libselinux.mk: we can rely on PKG_PYTHON_DISTUTILS_ENV and HOST_PKG_PYTHON_DISTUTILS_ENV instead of lots of custom variables. However, upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5 had its own issues: * Hardcode of -I $(DESTDIR)/$(INCLUDEDIR) -L $(DESTDIR)/$(LIBDIR) at build time, while DESTDIR is normally empty at build time, causing bogus -I /usr/include -L /usr/lib to be used This is fixed in 0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch * New usage of ln --relative, which is not supported in older distributions. This is fixed in 0005-Remove-ln-relative-usage-in-install-pywrap.patch * Usage of the host Python "imp" module to query the extension used for native Python module, but that returns an incorrect result when cross-compiling. We chose to simplify the code to not have to query for this information. This is fixed in 0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch With this patch, the libselinux Python module was built-tested with Python 2 and Python 3, and run-time tested as well in both configurations, for both the target and host variants of libselinux. Fixes: http://autobuild.buildroot.net/results/aeb58de7ad674b980258e6ed30c7da3949a04452/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-25 15:27:31 +02:00
$(PKG_PYTHON_DISTUTILS_ENV) \
PYTHON=python$(PYTHON3_VERSION_MAJOR)
LIBSELINUX_MAKE_INSTALL_TARGETS += install-pywrap
# dependencies are broken and result in file truncation errors at link
# time if the Python bindings are built through the same make
# invocation as the rest of the library.
define LIBSELINUX_BUILD_PYTHON_BINDINGS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
$(LIBSELINUX_MAKE_OPTS) swigify pywrap
endef
endif # python3
# Filter out D_FILE_OFFSET_BITS=64. This fixes errors caused by glibc 2.22. We
# set CFLAGS, CPPFLAGS and LDFLAGS here because we want to win over the
# CFLAGS/CPPFLAGS/LDFLAGS definitions passed by $(PKG_PYTHON_DISTUTILS_ENV)
package/libselinux: fix build on old glibc with <fts.h> incompatible with LFS glibc versions prior to 2.23 have a <fts.h> implementation that is not compatible with large file support, causing build failures such as: In file included from selinux_restorecon.c:17:0: /home/naourr/work/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64" # error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64" Prior to commit 3fce6f1c150dbe4be58d083008ca8dbe7257836e ("package/libselinux: fix the build with Python 3.8"), we were not passing PKG_PYTHON_DISTUTILS_ENV in the environment. But with 3fce6f1c150dbe4be58d083008ca8dbe7257836e, we are now passing the PKG_PYTHON_DISTUTILS_ENV variable, provided by pkg-python.mk, into the build environment. While this is part of fixing the build of libselinux with Python 3.8, it breaks the build because we are no longer filtering out the -D_FILE_OFFSET_BITS=64 option from CFLAGS. Indeed, while we do so at the beginning of libselinux.mk, it gets overridden later by the addition of $(PKG_PYTHON_DISTUTILS_ENV). To avoid this, we pass CFLAGS/LDFLAGS *after* $(PKG_PYTHON_DISTUTILS_ENV) has been added. In practice, the CFLAGS/LDFLAGS passed by $(PKG_PYTHON_DISTUTILS_ENV) are just $(TARGET_CFLAGS) and $(TARGET_LDFLAGS), so we are not missing anything specific. Fixes: http://autobuild.buildroot.net/results/ef6ff91086a094eb25b145d66d072c6d2fc60154/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-28 19:05:02 +01:00
# when the python binding is enabled.
LIBSELINUX_MAKE_OPTS += \
CFLAGS="$(filter-out -D_FILE_OFFSET_BITS=64,$(TARGET_CFLAGS))" \
CPPFLAGS="$(filter-out -D_FILE_OFFSET_BITS=64,$(TARGET_CPPFLAGS))" \
package/libselinux: fix build on old glibc with <fts.h> incompatible with LFS glibc versions prior to 2.23 have a <fts.h> implementation that is not compatible with large file support, causing build failures such as: In file included from selinux_restorecon.c:17:0: /home/naourr/work/instance-0/output-1/host/arm-buildroot-linux-gnueabi/sysroot/usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64" # error "<fts.h> cannot be used with -D_FILE_OFFSET_BITS==64" Prior to commit 3fce6f1c150dbe4be58d083008ca8dbe7257836e ("package/libselinux: fix the build with Python 3.8"), we were not passing PKG_PYTHON_DISTUTILS_ENV in the environment. But with 3fce6f1c150dbe4be58d083008ca8dbe7257836e, we are now passing the PKG_PYTHON_DISTUTILS_ENV variable, provided by pkg-python.mk, into the build environment. While this is part of fixing the build of libselinux with Python 3.8, it breaks the build because we are no longer filtering out the -D_FILE_OFFSET_BITS=64 option from CFLAGS. Indeed, while we do so at the beginning of libselinux.mk, it gets overridden later by the addition of $(PKG_PYTHON_DISTUTILS_ENV). To avoid this, we pass CFLAGS/LDFLAGS *after* $(PKG_PYTHON_DISTUTILS_ENV) has been added. In practice, the CFLAGS/LDFLAGS passed by $(PKG_PYTHON_DISTUTILS_ENV) are just $(TARGET_CFLAGS) and $(TARGET_LDFLAGS), so we are not missing anything specific. Fixes: http://autobuild.buildroot.net/results/ef6ff91086a094eb25b145d66d072c6d2fc60154/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-28 19:05:02 +01:00
LDFLAGS="$(TARGET_LDFLAGS) -lpcre -lpthread"
define LIBSELINUX_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
$(LIBSELINUX_MAKE_OPTS) all
$(LIBSELINUX_BUILD_PYTHON_BINDINGS)
endef
define LIBSELINUX_INSTALL_STAGING_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
$(LIBSELINUX_MAKE_OPTS) DESTDIR=$(STAGING_DIR) \
$(LIBSELINUX_MAKE_INSTALL_TARGETS)
endef
define LIBSELINUX_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) \
$(LIBSELINUX_MAKE_OPTS) DESTDIR=$(TARGET_DIR) \
$(LIBSELINUX_MAKE_INSTALL_TARGETS)
if ! grep -q "selinuxfs" $(TARGET_DIR)/etc/fstab; then \
echo "none /sys/fs/selinux selinuxfs noauto 0 0" >> $(TARGET_DIR)/etc/fstab ; fi
endef
HOST_LIBSELINUX_DEPENDENCIES = \
host-libsepol host-pcre host-swig host-python3
HOST_LIBSELINUX_MAKE_OPTS = \
$(HOST_CONFIGURE_OPTS) \
PREFIX=$(HOST_DIR) \
SHLIBDIR=$(HOST_DIR)/lib \
LDFLAGS="$(HOST_LDFLAGS) -lpcre -lpthread" \
package/libselinux: fix the build with Python 3.8 Following the switch to Python 3.8, the libselinux Python extension started to fail building. This is fixed by upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5, which we backport as 0003-libselinux-Use-Python-distutils-to-install-SELinux-p.patch. This patch has the nice merit of switching to using distutils to build the Python extension of libselinux, instead of some custom logic. This allows to significantly simplify our libselinux.mk: we can rely on PKG_PYTHON_DISTUTILS_ENV and HOST_PKG_PYTHON_DISTUTILS_ENV instead of lots of custom variables. However, upstream commit 2efa06857575e4118e91ca250b6b92da68b130d5 had its own issues: * Hardcode of -I $(DESTDIR)/$(INCLUDEDIR) -L $(DESTDIR)/$(LIBDIR) at build time, while DESTDIR is normally empty at build time, causing bogus -I /usr/include -L /usr/lib to be used This is fixed in 0004-src-Makefile-don-t-pass-bogus-I-and-L-to-python-setu.patch * New usage of ln --relative, which is not supported in older distributions. This is fixed in 0005-Remove-ln-relative-usage-in-install-pywrap.patch * Usage of the host Python "imp" module to query the extension used for native Python module, but that returns an incorrect result when cross-compiling. We chose to simplify the code to not have to query for this information. This is fixed in 0006-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch With this patch, the libselinux Python module was built-tested with Python 2 and Python 3, and run-time tested as well in both configurations, for both the target and host variants of libselinux. Fixes: http://autobuild.buildroot.net/results/aeb58de7ad674b980258e6ed30c7da3949a04452/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-10-25 15:27:31 +02:00
$(HOST_PKG_PYTHON_DISTUTILS_ENV) \
PYTHON=python$(PYTHON3_VERSION_MAJOR)
define HOST_LIBSELINUX_BUILD_CMDS
$(HOST_MAKE_ENV) $(MAKE1) -C $(@D) \
$(HOST_LIBSELINUX_MAKE_OPTS) all
# Generate python interface wrapper
$(HOST_MAKE_ENV) $(MAKE1) -C $(@D) \
$(HOST_LIBSELINUX_MAKE_OPTS) swigify pywrap
endef
define HOST_LIBSELINUX_INSTALL_CMDS
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) \
$(HOST_LIBSELINUX_MAKE_OPTS) install
# Install python interface wrapper
$(HOST_MAKE_ENV) $(MAKE) -C $(@D) \
$(HOST_LIBSELINUX_MAKE_OPTS) install-pywrap
endef
define LIBSELINUX_LINUX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_AUDIT)
$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_SECURITY_SELINUX)
$(call KCONFIG_ENABLE_OPT,CONFIG_INET)
$(call KCONFIG_ENABLE_OPT,CONFIG_NET)
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY)
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_NETWORK)
$(call KCONFIG_ENABLE_OPT,CONFIG_SECURITY_SELINUX)
$(call KCONFIG_SET_OPT,CONFIG_LSM,"selinux")
$(if $(BR2_TARGET_ROOTFS_EROFS),
$(call KCONFIG_ENABLE_OPT,CONFIG_EROFS_FS_XATTR)
$(call KCONFIG_ENABLE_OPT,CONFIG_EROFS_FS_SECURITY))
$(if $(BR2_TARGET_ROOTFS_EXT2),
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT2_FS_XATTR)
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT2_FS_SECURITY))
$(if $(BR2_TARGET_ROOTFS_EXT2_3),
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT3_FS_SECURITY))
$(if $(BR2_TARGET_ROOTFS_EXT2_4),
$(call KCONFIG_ENABLE_OPT,CONFIG_EXT4_FS_SECURITY))
$(if $(BR2_TARGET_ROOTFS_F2FS),
$(call KCONFIG_ENABLE_OPT,CONFIG_F2FS_FS_XATTR)
$(call KCONFIG_ENABLE_OPT,CONFIG_F2FS_FS_SECURITY))
$(if $(BR2_TARGET_ROOTFS_JFFS2),
$(call KCONFIG_ENABLE_OPT,CONFIG_JFS_SECURITY))
$(if $(BR2_TARGET_ROOTFS_SQUASHFS),
$(call KCONFIG_ENABLE_OPT,CONFIG_SQUASHFS_XATTR))
$(if $(BR2_TARGET_ROOTFS_UBIFS),
$(call KCONFIG_ENABLE_OPT,CONFIG_UBIFS_FS_XATTR)
$(call KCONFIG_ENABLE_OPT,CONFIG_UBIFS_FS_SECURITY))
endef
$(eval $(generic-package))
$(eval $(host-generic-package))