policycoreutils: 2.3 -> 2.4

pkgs/os-specific/linux/libselinux/default.nix

@@ -1,5 +1,5 @@
 { stdenv, fetchurl, pkgconfig, libsepol, pcre
-, enablePython ? false, swig ? null, python ? null
+, enablePython ? true, swig ? null, python ? null
 }:
 
 assert enablePython -> swig != null && python != null;

pkgs/os-specific/linux/policycoreutils/default.nix

@@ -1,29 +1,38 @@
-{ stdenv, fetchurl, intltool, pcre, libcap_ng, libcgroup
+{ stdenv, fetchurl, pythonPackages, gettext
-, libsepol, libselinux, libsemanage, setools
+, setools, libsepol, libselinux, libcap_ng, libsemanage, sepolgen
-, python, sepolgen }:
+}:
-stdenv.mkDerivation rec {
 
+stdenv.mkDerivation rec {
   name = "policycoreutils-${version}";
-  version = "2.3";
+  version = "2.4";
   inherit (libsepol) se_release se_url;
 
   src = fetchurl {
     url = "${se_url}/${se_release}/policycoreutils-${version}.tar.gz";
-    sha256 = "1lpwxr5hw3dwhlp2p7y8jcr18mvfcrclwd8c2idz3lmmb3pglk46";
+    sha256 = "0y9l9k60iy21hj0lcvfdfxs1fxydg6d3pxp9rhy7hwr4y5vgh6dq";
   };
 
-  preConfigure = ''
+  postPatch = ''
+    # Fix references to libsepol.a
+    find . -name Makefile -exec sed -i 's,[^ ]*/libsepol.a,${libsepol}/lib/libsepol.a,g' {} \;
+
+    # Fix install references
     substituteInPlace po/Makefile --replace /usr/bin/install install
-    find . -type f -exec sed -i 's,/usr/bin/python,${python}/bin/python,' {} \;
+
+    # Fix references to /usr/share
+    grep -r '/usr/share' | awk -F: '{print $1}' | xargs sed -i "s,\(\$(DESTDIR)\)*/usr/share,$out/share,g"
+
+    # Fix sepolicy install
+    sed -i "s,\(setup.py install\).*,\1 --prefix=$out,g" sepolicy/Makefile
   '';
 
-  buildInputs = [ intltool pcre libcap_ng libcgroup
+  nativeBuildInputs = [ pythonPackages.python gettext ];
-    libsepol libselinux libsemanage setools
+  buildInputs = [ setools libsepol libselinux libcap_ng libsemanage ];
-    python sepolgen # ToDo? these are optional
+  pythonPath = [ libselinux sepolgen ];
-  ];
 
   preBuild = ''
-    mkdir -p "$out/lib" && cp -s "${libsepol}/lib/libsepol.a" "$out/lib"
+    makeFlagsArray+=("PREFIX=$out")
+    makeFlagsArray+=("DESTDIR=$out")
   '';
 
   # Creation of the system-config-selinux directory is broken
@@ -31,14 +40,19 @@ stdenv.mkDerivation rec {
     mkdir -p $out/share/system-config-selinux
   '';
 
+  # Fix the python scripts to include paths to libraries
+  # NOTE: We are not using wrapPythonPrograms or makeWrapper as these scripts
+  # purge the environment as a security measure
+  postInstall = ''
+    grep -r '#!.*python' $out/bin | awk -F: '{print $1}' | xargs sed -i "1a \
+    import sys; \
+    sys.path.append('$(toPythonPath "$out")'); \
+    ${stdenv.lib.flip stdenv.lib.concatMapStrings pythonPath (lib: ''
+      sys.path.append('$(toPythonPath "${lib}")'); \
+    '')}"
+  '';
+
   NIX_CFLAGS_COMPILE = "-fstack-protector-all";
-  NIX_LDFLAGS = "-lsepol -lpcre";
-
-  makeFlags = "PREFIX=$(out) DESTDIR=$(out) LOCALEDIR=$(out)/share/locale";
-
-  patches = [ ./size_format.patch ];
-
-  patchFlags = [ "-p0" ];
 
   meta = with stdenv.lib; {
     description = "SELinux policy core utilities";

pkgs/os-specific/linux/policycoreutils/size_format.patch

@@ -1,11 +0,0 @@
---- setfiles/restore.c.orig	2014-08-21 17:26:00.200788259 +0200
-+++ setfiles/restore.c	2014-08-21 17:26:04.728888118 +0200
-@@ -118,7 +118,7 @@
- 		r_opts->count++;
- 		if (r_opts->count % STAR_COUNT == 0) {
- 			if (r_opts->progress == 1) {
--				fprintf(stdout, "\r%luk", (size_t) r_opts->count / STAR_COUNT );
-+				fprintf(stdout, "\r%zuk", (size_t) r_opts->count / STAR_COUNT );
- 			} else {
- 				if (r_opts->nfile > 0) {
- 					progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100;