feat: add secilc

Also add libsepol used by secilc Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
siderolabs · Aug 22, 2024 · 86b5363 · 86b5363
1 parent 41ed4b2
commit 86b5363
Show file tree

Hide file tree

Showing 7 changed files with 106 additions and 0 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -37,6 +37,7 @@
  "mirror/ncurses",
  "PCRE2Project/pcre2",
  "plougher/squashfs-tools",
+ "https://github.com/SELinuxProject/selinux.git",
  "git://git.savannah.gnu.org/make.git",
  "git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git",
  "git://git.savannah.gnu.org/automake.git",

diff --git a/Pkgfile b/Pkgfile
@@ -178,6 +178,11 @@ vars:
  libnl_sha256: 9fe43ccbeeea72c653bdcf8c93332583135cda46a79507bfd0a483bb57f65939
  libnl_sha512: 80fbbc079299c90afd2a5eda62e4d4f98bf4ef23958c3ce5101f4ed4d81d783af733213bb3bab15f218555d8460bc2394898f909f4ac024fc27281faec86a041
 
+ # renovate: datasource=git-tags depName=SELinuxProject/selinux
+ libsepol_version: 3.7
+ libsepol_sha256: cd741e25244e7ef6cd934d633614131a266c3eaeab33d8bfa45e8a93b45cc901
+ libsepol_sha512: 85d12d0ba5a7a3225f08d041a18fd59641608db5e0a78a1e9649754e45be54a807cd422d4889b88da6e806b4af546336c7a0913448f08ac33dc6ffb983890ef8
+
  # renovate: datasource=git-tags extractVersion=^v(?<version>.*)$ depName=https://gitlab.com/gnutls/libtasn1.git
  libtasn1_version: 4.19.0
  libtasn1_sha256: 1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a
@@ -299,6 +304,11 @@ vars:
  rhash_sha256: 8e7d1a8ccac0143c8fe9b68ebac67d485df119ea17a613f4038cda52f84ef52a
  rhash_sha512: 00a7e5e058b53ce20ae79509815452ed9cb699d1322b678220b72c61dea3ea2f8fa131acfade8bb6d9f6af913f0c3c472330841181b22314b8755166310c946f
 
+ # renovate: datasource=git-tags depName=SELinuxProject/selinux
+ secilc_version: 3.7
+ secilc_sha256: 0802e920b779e9e915bb7e68ee22e995f99776554cfcdf9a2af6cb7c3b9873dc
+ secilc_sha512: 1f6061587242b63583370e04cc113b4884060c6071774b90908655df17ddc702187960d1f5b1ed53de9eb6ebd7f0029160e58d8c5f0c1126464bf6222f6f7d3e
+
  # renovate: datasource=git-tags extractVersion=^v(?<version>.*)$ depName=git://git.savannah.gnu.org/sed.git
  sed_version: 4.9
  sed_sha256: 6e226b732e1cd739464ad6862bd1a1aba42d7982922da7a53519631d24975181

diff --git a/libsepol/patches/busybox-ln.patch b/libsepol/patches/busybox-ln.patch
@@ -0,0 +1,13 @@
+diff --git a/src/Makefile b/src/Makefile
+index 7b0e8446..440913ba 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -91,7 +91,7 @@ install: all
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+- $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
++ $(LN) -sf $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
+
+ relabel:
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
diff --git a/libsepol/pkg.yaml b/libsepol/pkg.yaml
@@ -0,0 +1,25 @@
+name: libsepol
+dependencies:
+ - stage: base
+ - stage: patch
+ - stage: flex
+ - stage: m4
+steps:
+ - sources:
+ - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .libsepol_version }}/libsepol-{{ .libsepol_version }}.tar.gz
+ destination: libsepol.tar.gz
+ sha256: "{{ .libsepol_sha256 }}"
+ sha512: "{{ .libsepol_sha512 }}"
+ prepare:
+ - |
+ tar -xzf libsepol.tar.gz --strip-components=1
+ patch -p1 < /pkg/patches/busybox-ln.patch
+ build:
+ - |
+ make -j $(nproc)
+ install:
+ - |
+ make install DESTDIR=/rootfs PREFIX=/toolchain
+finalize:
+ - from: /rootfs
+ to: /
diff --git a/secilc/patches/disable-manpages.patch b/secilc/patches/disable-manpages.patch
@@ -0,0 +1,30 @@
+diff --git a/Makefile b/Makefile
+index ef7bc8cd..db1fc6c2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -28,7 +28,7 @@ CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align
+ override CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
+ override LDLIBS += -lsepol
+
+-all: $(SECILC) $(SECIL2CONF) $(SECIL2TREE) man
++all: $(SECILC) $(SECIL2CONF) $(SECIL2TREE)
+
+ $(SECILC): $(SECILC_OBJS)
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+@@ -56,15 +56,11 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
+ $(SECIL2TREE_MANPAGE): $(SECIL2TREE_MANPAGE).xml
+ $(XMLTO) man $(SECIL2TREE_MANPAGE).xml
+
+-install: all man
++install: all
+ -mkdir -p $(DESTDIR)$(BINDIR)
+- -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2TREE) $(DESTDIR)$(BINDIR)
+- install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+- install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+- install -m 644 $(SECIL2TREE_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+
+ doc:
+ $(MAKE) -C docs
diff --git a/secilc/pkg.yaml b/secilc/pkg.yaml
@@ -0,0 +1,25 @@
+name: secilc
+dependencies:
+ - stage: base
+ - stage: patch
+ - stage: libsepol
+ runtime: true
+steps:
+ - sources:
+ - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .secilc_version }}/secilc-{{ .secilc_version }}.tar.gz
+ destination: secilc.tar.gz
+ sha256: "{{ .secilc_sha256 }}"
+ sha512: "{{ .secilc_sha512 }}"
+ prepare:
+ - |
+ tar -xzf secilc.tar.gz --strip-components=1
+ patch -p1 < /pkg/patches/disable-manpages.patch
+ build:
+ - |
+ make -j $(nproc) all
+ install:
+ - |
+ make install DESTDIR=/rootfs PREFIX=/toolchain
+finalize:
+ - from: /rootfs
+ to: /
diff --git a/tools/pkg.yaml b/tools/pkg.yaml
@@ -40,6 +40,7 @@ dependencies:
  - stage: libcap
  - stage: libffi
  - stage: libnl
+ - stage: libsepol
  - stage: libtasn1
  - stage: libtool
  - stage: libunistring
@@ -64,6 +65,7 @@ dependencies:
  - stage: protoc-gen-go-grpc
  - stage: python3
  - stage: rhash
+ - stage: secilc
  - stage: sd-boot
  - stage: sed
  - stage: squashfs-tools