diff options
Diffstat (limited to 'sys-apps/selinux-python')
-rw-r--r-- | sys-apps/selinux-python/Manifest | 3 | ||||
-rw-r--r-- | sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch | 271 | ||||
-rw-r--r-- | sys-apps/selinux-python/selinux-python-3.2-r1.ebuild (renamed from sys-apps/selinux-python/selinux-python-3.2.ebuild) | 4 |
3 files changed, 277 insertions, 1 deletions
diff --git a/sys-apps/selinux-python/Manifest b/sys-apps/selinux-python/Manifest index 83911365eda0..0f322318726e 100644 --- a/sys-apps/selinux-python/Manifest +++ b/sys-apps/selinux-python/Manifest @@ -1,6 +1,7 @@ +AUX selinux-python-3.2-optional-networkx.patch 9043 BLAKE2B 326638e25813f0183906f112f20b971dc95edd3fa99d8614435f726ab49c97c21b00acb6b999aba762b7077059904e20e7646fc66fbe87c0b5ba628c0977ab8a SHA512 9e00c162fec9e9d716e95f8e4aac519d2f4dbe82b94c6304e47f38820443841c35ac2595a92c9a03b013deb3ad150670aa5bd7976fa1487e0ac7b019a0860dbe DIST selinux-python-3.1.tar.gz 2100549 BLAKE2B c5d207bad60c379259e3bfc8f029f76d4572818cdd41a263498ed4434a70eaf7ff51af7772cfb27de0e9e4af03bcf9906ab0f6a59e88de10e81cbe0e8c5928b8 SHA512 5dd98f77ae8ea8bac6a89ec7def76e12496b9a9f8c9612c4cc1dac7a8e8c60380a00c857426bfefbcb4273706addd2594e9b467f69408ef284f082a09d45bd49 DIST selinux-python-3.2.tar.gz 2101106 BLAKE2B b4b185a7468de68eb2146011a9bc82ffb7db9878517833c1e8dfa23279aec3dfbf46a27b70b17c1e317a2c939bcf6d1748638fd4a078325b853de34ae3c51a6f SHA512 2c3483e27c4ad6942e23e39897e0eccf61b95d685ace62315678cb49739d300d4ca4a7a51fa7a9aacaa98737446a70923855d15827eb6275ffd6999be0b2a755 EBUILD selinux-python-3.1-r2.ebuild 2548 BLAKE2B a449b67df1783f7a74859bb5fda7c6c17d4c71c21abb5e3f286872befd15c6f8b85b0a12b67232682bc4e5bcdb6701c0b926d78b4b428d56cec6f0f264072ca9 SHA512 a7ca65aab8c6c7fbcd16e1b26a0b21569f72ffc10e7784ca6cba5cbc1bf4cb57fc846095abd0056d0e4ddb4dc6065b464defef55053e4d554cf5baa086bd70f1 -EBUILD selinux-python-3.2.ebuild 3089 BLAKE2B 4e9c3574ac73dedebaabc0c4c1d70d88a5988a323f558c9f8666c2985bc1677f05c9fd03e6b0235bf92425c297755822aa3a178246c68979ea8fc17d0f5ada18 SHA512 c060076f20c54549833ab1cb3882e9b7180bfd73fb1e92ab95d51e004ad2085fd985fd06ded24b2115fc080a77e7fae8ec9a320af37fae308836483728115746 +EBUILD selinux-python-3.2-r1.ebuild 3151 BLAKE2B 159662cefe46f74a32aeec0c15fd580e08c575e8cb7f46c5b7f8dd0550add8d435f5c1f12719c0e1f0cc171321f58a25613f3a7985ded8abfefd017496e7b621 SHA512 90c34db3aa7db0cf058635fa6da82b71d9c2f7c23f8c154bf7731545b4279451464df5b294440ad31c7f79bb5eb44ba6b9e84e7d88af27580fc2585cbd05b330 EBUILD selinux-python-9999.ebuild 3091 BLAKE2B f808560e53edca86a9bf4048f90f271039c7904da00cc71628ed3e34abbb5c57607ce8dfb408cfcfb98218baab88ffe95d13f044451b9fcbd3023c669ad3d6ba SHA512 badf21087e5b5d43791c2351c25ba2c087e9db7b1ef1a4db3a9bdf9c4283a03399cb999acb5dfb88e9c13c21e1c82f5684f0c041f0f5b081b9861eb2974aac0d MISC metadata.xml 558 BLAKE2B 6fba5f27d19e5ea730bd1bfb9b63c536a86f0b47c7156388df9e9af9bda8856c8e4291bf822b469afb333638504d75f64215ef86f3bf65b68812a829b0e94f38 SHA512 df8eaff3f7e69d8d0f437d29dc38b654b81a5769c32e8c0fb98aeb83cf18a1598845d03d177b1837a6b0b628a34c524a52fae5672b7c186a6a8567f349b25304 diff --git a/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch b/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch new file mode 100644 index 000000000000..a9525ddda939 --- /dev/null +++ b/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch @@ -0,0 +1,271 @@ +Avoid importing networkx which ends up having a Fortran (and other large) +dependencies. + +https://bugs.gentoo.org/809038 +https://github.com/SELinuxProject/selinux/commit/ba23ba068364ab11ff51f52bd1e20e3c63798a62 + +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> +Date: Wed, 25 Aug 2021 11:19:40 +0200 +Subject: [PATCH] python: Import specific modules from setools for less deps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Import the setools classes needed for Python bindings from specific +setools modules in order to reduce the dependency footprint +of the Python bindings. Importing the top-level module causes all +setools modules to be loaded which includes the modules that require +networkx. + +SELinux packages belong to the group of core system packages on Gentoo +Linux. It is desirable to keep the system set as small as possible, +and the dependency between setools and networkx seems to be the easiest +link to break without major loss of functionality. + +Signed-off-by: Michał Górny <mgorny@gentoo.org> +--- a/semanage/seobject.py ++++ b/semanage/seobject.py +@@ -31,7 +31,8 @@ + from semanage import * + PROGNAME = "policycoreutils" + import sepolicy +-import setools ++from setools.policyrep import SELinuxPolicy ++from setools.typequery import TypeQuery + import ipaddress + + try: +@@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords): + def __init__(self, args = None): + semanageRecords.__init__(self, args) + try: +- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"]) ++ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"]) + self.valid_types = sorted(str(t) for t in q.results()) + except: + pass +@@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords): + def __init__(self, args = None): + semanageRecords.__init__(self, args) + try: +- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"]) ++ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"]) + self.valid_types = set(str(t) for t in q.results()) + except: + pass +--- a/sepolicy/sepolicy/__init__.py ++++ b/sepolicy/sepolicy/__init__.py +@@ -4,7 +4,6 @@ + + import errno + import selinux +-import setools + import glob + import sepolgen.defaults as defaults + import sepolgen.interfaces as interfaces +@@ -13,6 +12,17 @@ + import re + import gzip + ++from setools.boolquery import BoolQuery ++from setools.portconquery import PortconQuery ++from setools.policyrep import SELinuxPolicy ++from setools.objclassquery import ObjClassQuery ++from setools.rbacrulequery import RBACRuleQuery ++from setools.rolequery import RoleQuery ++from setools.terulequery import TERuleQuery ++from setools.typeattrquery import TypeAttributeQuery ++from setools.typequery import TypeQuery ++from setools.userquery import UserQuery ++ + PROGNAME = "policycoreutils" + try: + import gettext +@@ -168,7 +178,7 @@ def policy(policy_file): + global _pol + + try: +- _pol = setools.SELinuxPolicy(policy_file) ++ _pol = SELinuxPolicy(policy_file) + except: + raise ValueError(_("Failed to read %s policy file") % policy_file) + +@@ -188,7 +198,7 @@ def info(setype, name=None): + init_policy() + + if setype == TYPE: +- q = setools.TypeQuery(_pol) ++ q = TypeQuery(_pol) + q.name = name + results = list(q.results()) + +@@ -206,7 +216,7 @@ def info(setype, name=None): + } for x in results) + + elif setype == ROLE: +- q = setools.RoleQuery(_pol) ++ q = RoleQuery(_pol) + if name: + q.name = name + +@@ -217,7 +227,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == ATTRIBUTE: +- q = setools.TypeAttributeQuery(_pol) ++ q = TypeAttributeQuery(_pol) + if name: + q.name = name + +@@ -227,7 +237,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == PORT: +- q = setools.PortconQuery(_pol) ++ q = PortconQuery(_pol) + if name: + ports = [int(i) for i in name.split("-")] + if len(ports) == 2: +@@ -251,7 +261,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == USER: +- q = setools.UserQuery(_pol) ++ q = UserQuery(_pol) + if name: + q.name = name + +@@ -268,7 +278,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == BOOLEAN: +- q = setools.BoolQuery(_pol) ++ q = BoolQuery(_pol) + if name: + q.name = name + +@@ -278,7 +288,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == TCLASS: +- q = setools.ObjClassQuery(_pol) ++ q = ObjClassQuery(_pol) + if name: + q.name = name + +@@ -372,11 +382,11 @@ def search(types, seinfo=None): + tertypes.append(DONTAUDIT) + + if len(tertypes) > 0: +- q = setools.TERuleQuery(_pol, +- ruletype=tertypes, +- source=source, +- target=target, +- tclass=tclass) ++ q = TERuleQuery(_pol, ++ ruletype=tertypes, ++ source=source, ++ target=target, ++ tclass=tclass) + + if PERMS in seinfo: + q.perms = seinfo[PERMS] +@@ -385,11 +395,11 @@ def search(types, seinfo=None): + + if TRANSITION in types: + rtypes = ['type_transition', 'type_change', 'type_member'] +- q = setools.TERuleQuery(_pol, +- ruletype=rtypes, +- source=source, +- target=target, +- tclass=tclass) ++ q = TERuleQuery(_pol, ++ ruletype=rtypes, ++ source=source, ++ target=target, ++ tclass=tclass) + + if PERMS in seinfo: + q.perms = seinfo[PERMS] +@@ -398,11 +408,11 @@ def search(types, seinfo=None): + + if ROLE_ALLOW in types: + ratypes = ['allow'] +- q = setools.RBACRuleQuery(_pol, +- ruletype=ratypes, +- source=source, +- target=target, +- tclass=tclass) ++ q = RBACRuleQuery(_pol, ++ ruletype=ratypes, ++ source=source, ++ target=target, ++ tclass=tclass) + + for r in q.results(): + toret.append({'source': str(r.source), +@@ -720,11 +730,11 @@ def get_all_entrypoints(): + + + def get_entrypoint_types(setype): +- q = setools.TERuleQuery(_pol, +- ruletype=[ALLOW], +- source=setype, +- tclass=["file"], +- perms=["entrypoint"]) ++ q = TERuleQuery(_pol, ++ ruletype=[ALLOW], ++ source=setype, ++ tclass=["file"], ++ perms=["entrypoint"]) + return [str(x.target) for x in q.results() if x.source == setype] + + +@@ -739,10 +749,10 @@ def get_init_transtype(path): + + + def get_init_entrypoint(transtype): +- q = setools.TERuleQuery(_pol, +- ruletype=["type_transition"], +- source="init_t", +- tclass=["process"]) ++ q = TERuleQuery(_pol, ++ ruletype=["type_transition"], ++ source="init_t", ++ tclass=["process"]) + entrypoints = [] + for i in q.results(): + try: +@@ -754,10 +764,10 @@ def get_init_entrypoint(transtype): + return entrypoints + + def get_init_entrypoints_str(): +- q = setools.TERuleQuery(_pol, +- ruletype=["type_transition"], +- source="init_t", +- tclass=["process"]) ++ q = TERuleQuery(_pol, ++ ruletype=["type_transition"], ++ source="init_t", ++ tclass=["process"]) + entrypoints = {} + for i in q.results(): + try: +@@ -837,7 +847,7 @@ def get_all_role_allows(): + return role_allows + role_allows = {} + +- q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW]) ++ q = RBACRuleQuery(_pol, ruletype=[ALLOW]) + for r in q.results(): + src = str(r.source) + tgt = str(r.target) +@@ -923,7 +933,7 @@ def get_all_roles(): + if not _pol: + init_policy() + +- q = setools.RoleQuery(_pol) ++ q = RoleQuery(_pol) + roles = [str(x) for x in q.results() if str(x) != "object_r"] + return roles + diff --git a/sys-apps/selinux-python/selinux-python-3.2.ebuild b/sys-apps/selinux-python/selinux-python-3.2-r1.ebuild index affdd90050d8..15b87bbd7251 100644 --- a/sys-apps/selinux-python/selinux-python-3.2.ebuild +++ b/sys-apps/selinux-python/selinux-python-3.2-r1.ebuild @@ -39,6 +39,10 @@ BDEPEND=" >=sys-apps/secilc-${PV} )" +PATCHES=( + "${FILESDIR}"/${PN}-3.2-optional-networkx.patch +) + src_prepare() { default sed -i 's/-Werror//g' "${S}"/*/Makefile || die "Failed to remove Werror" |