From b42b4442ca2a6c4a4286fdc2ce9dbdaacf6f6368 Mon Sep 17 00:00:00 2001 From: Adam Duskett Date: Tue, 25 Apr 2023 10:14:52 -0700 Subject: [PATCH] package/selinux-python: bump to version 3.5 Also: - Change the license file to LICENSE. The hash remains the same. - Add 0001-python-sepolgen-fix-ausearch-path.patch as audit 3.1 installs ausearch to /usr/sbin not /sbin Signed-off-by: Adam Duskett [yann.morin.1998@free.fr: rewrite 0001 into an upstreamable patch] Signed-off-by: Yann E. MORIN --- ...01-python-sepolgen-fix-ausearch-path.patch | 63 +++++++++++++++++++ package/selinux-python/selinux-python.hash | 4 +- package/selinux-python/selinux-python.mk | 4 +- 3 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 package/selinux-python/0001-python-sepolgen-fix-ausearch-path.patch diff --git a/package/selinux-python/0001-python-sepolgen-fix-ausearch-path.patch b/package/selinux-python/0001-python-sepolgen-fix-ausearch-path.patch new file mode 100644 index 0000000000..31c5013d69 --- /dev/null +++ b/package/selinux-python/0001-python-sepolgen-fix-ausearch-path.patch @@ -0,0 +1,63 @@ +From 8610efc1610a4e9d4cbfa19ed4a519a6425aee70 Mon Sep 17 00:00:00 2001 +From: "Yann E. MORIN" +Date: Tue, 9 May 2023 22:28:36 +0200 +Subject: [PATCH] python?sepolgen: fix ausearch path + +ausearch is not always isntalled in /sbin; some systems install it in +/usr/sbin, or it can also be locally installed in /usr/local/sbin. + +The python doc [0] suggests using shutil.which() to find the path where +a command is. which() returns None if the command is not found. If +ausearch is not found, that would result in an exception being raised by +Popen(): + TypeError: expected str, bytes or os.PathLike object, not NoneType + +This is not very informative of what actually failed... + +However, the doc suggests so for portability. In our case, the python +tools are only ever going to run on a Linux host (by their virtue of +dealing with SELinux), so the search will be reliably done by looking in +PATH, so we can let Popen() bubble the resolving of an unqualified +command, down to execvpe() (or the similar actual syscall of the exec*() +familly). If ausearch is then not found, Popen() raises an exception +that is wy more informative then: + FileNotFoundError: [Errno 2] No such file or directory: 'ausearch' + +[0] https://docs.python.org/3/library/subprocess.html#subprocess.Popen + +Signed-off-by: Adam Duskett +[yann.morin.1998@free.fr: + - let Popen() resolve from PATH + - rewrite commit log +] +Signed-off-by: Yann E. MORIN +Upstream: not submitted +--- + python/sepolgen/src/sepolgen/audit.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/python/sepolgen/src/sepolgen/audit.py b/python/sepolgen/src/sepolgen/audit.py +index 4adb851f..5eafa587 100644 +--- a/sepolgen/src/sepolgen/audit.py ++++ b/sepolgen/src/sepolgen/audit.py +@@ -41,7 +41,7 @@ def get_audit_boot_msgs(): + s = time.localtime(time.time() - off) + bootdate = time.strftime("%x", s) + boottime = time.strftime("%X", s) +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], ++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +@@ -56,7 +56,7 @@ def get_audit_msgs(): + string contain all of the audit messages returned by ausearch. + """ + import subprocess +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], ++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +-- +2.25.1 + diff --git a/package/selinux-python/selinux-python.hash b/package/selinux-python/selinux-python.hash index 6ada3fee36..3592540703 100644 --- a/package/selinux-python/selinux-python.hash +++ b/package/selinux-python/selinux-python.hash @@ -1,5 +1,5 @@ # https://github.com/SELinuxProject/selinux/wiki/Releases -sha256 8ad91061300387996ccb474962fb93dde263d924aa8f740618be16b22e2444ec selinux-python-3.3.tar.gz +sha256 8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b selinux-python-3.5.tar.gz # Hash for license file -sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING +sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE diff --git a/package/selinux-python/selinux-python.mk b/package/selinux-python/selinux-python.mk index 0cec602f3d..7505474aa4 100644 --- a/package/selinux-python/selinux-python.mk +++ b/package/selinux-python/selinux-python.mk @@ -4,10 +4,10 @@ # ################################################################################ -SELINUX_PYTHON_VERSION = 3.3 +SELINUX_PYTHON_VERSION = 3.5 SELINUX_PYTHON_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(SELINUX_PYTHON_VERSION) SELINUX_PYTHON_LICENSE = GPL-2.0 -SELINUX_PYTHON_LICENSE_FILES = COPYING +SELINUX_PYTHON_LICENSE_FILES = LICENSE SELINUX_PYTHON_DEPENDENCIES = python3 SELINUX_PYTHON_MAKE_OPTS += \