feat: add secilc

Also add libsepol used by secilc Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
siderolabs · Aug 22, 2024 · 86b5363 · 86b5363
1 parent 41ed4b2
commit 86b5363
Show file tree

Hide file tree

Showing 7 changed files with 106 additions and 0 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -37,6 +37,7 @@
                 "mirror/ncurses",
                 "PCRE2Project/pcre2",
                 "plougher/squashfs-tools",
+                "https://github.com/SELinuxProject/selinux.git",
                 "git://git.savannah.gnu.org/make.git",
                 "git://git.kernel.org/pub/scm/utils/util-linux/util-linux.git",
                 "git://git.savannah.gnu.org/automake.git",

diff --git a/Pkgfile b/Pkgfile
@@ -178,6 +178,11 @@ vars:
   libnl_sha256: 9fe43ccbeeea72c653bdcf8c93332583135cda46a79507bfd0a483bb57f65939
   libnl_sha512: 80fbbc079299c90afd2a5eda62e4d4f98bf4ef23958c3ce5101f4ed4d81d783af733213bb3bab15f218555d8460bc2394898f909f4ac024fc27281faec86a041
 
+  # renovate: datasource=git-tags depName=SELinuxProject/selinux
+  libsepol_version: 3.7
+  libsepol_sha256: cd741e25244e7ef6cd934d633614131a266c3eaeab33d8bfa45e8a93b45cc901
+  libsepol_sha512: 85d12d0ba5a7a3225f08d041a18fd59641608db5e0a78a1e9649754e45be54a807cd422d4889b88da6e806b4af546336c7a0913448f08ac33dc6ffb983890ef8
+
   # renovate: datasource=git-tags extractVersion=^v(?<version>.*)$ depName=https://gitlab.com/gnutls/libtasn1.git
   libtasn1_version: 4.19.0
   libtasn1_sha256: 1613f0ac1cf484d6ec0ce3b8c06d56263cc7242f1c23b30d82d23de345a63f7a
@@ -299,6 +304,11 @@ vars:
   rhash_sha256: 8e7d1a8ccac0143c8fe9b68ebac67d485df119ea17a613f4038cda52f84ef52a
   rhash_sha512: 00a7e5e058b53ce20ae79509815452ed9cb699d1322b678220b72c61dea3ea2f8fa131acfade8bb6d9f6af913f0c3c472330841181b22314b8755166310c946f
 
+  # renovate: datasource=git-tags depName=SELinuxProject/selinux
+  secilc_version: 3.7
+  secilc_sha256: 0802e920b779e9e915bb7e68ee22e995f99776554cfcdf9a2af6cb7c3b9873dc
+  secilc_sha512: 1f6061587242b63583370e04cc113b4884060c6071774b90908655df17ddc702187960d1f5b1ed53de9eb6ebd7f0029160e58d8c5f0c1126464bf6222f6f7d3e
+
   # renovate: datasource=git-tags extractVersion=^v(?<version>.*)$ depName=git://git.savannah.gnu.org/sed.git
   sed_version: 4.9
   sed_sha256: 6e226b732e1cd739464ad6862bd1a1aba42d7982922da7a53519631d24975181

diff --git a/libsepol/patches/busybox-ln.patch b/libsepol/patches/busybox-ln.patch
@@ -0,0 +1,13 @@
+diff --git a/src/Makefile b/src/Makefile
+index 7b0e8446..440913ba 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -91,7 +91,7 @@ install: all
+ 	install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ 	test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ 	install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+-	$(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
++	$(LN) -sf $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
+
+ relabel:
+ 	/sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
diff --git a/libsepol/pkg.yaml b/libsepol/pkg.yaml
@@ -0,0 +1,25 @@
+name: libsepol
+dependencies:
+  - stage: base
+  - stage: patch
+  - stage: flex
+  - stage: m4
+steps:
+  - sources:
+      - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .libsepol_version }}/libsepol-{{ .libsepol_version }}.tar.gz
+        destination: libsepol.tar.gz
+        sha256: "{{ .libsepol_sha256 }}"
+        sha512: "{{ .libsepol_sha512 }}"
+    prepare:
+      - |
+        tar -xzf libsepol.tar.gz --strip-components=1
+        patch -p1 < /pkg/patches/busybox-ln.patch
+    build:
+      - |
+        make -j $(nproc)
+    install:
+      - |
+        make install DESTDIR=/rootfs PREFIX=/toolchain
+finalize:
+  - from: /rootfs
+    to: /
diff --git a/secilc/patches/disable-manpages.patch b/secilc/patches/disable-manpages.patch
@@ -0,0 +1,30 @@
+diff --git a/Makefile b/Makefile
+index ef7bc8cd..db1fc6c2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -28,7 +28,7 @@ CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align
+ override CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
+ override LDLIBS += -lsepol
+
+-all: $(SECILC) $(SECIL2CONF) $(SECIL2TREE) man
++all: $(SECILC) $(SECIL2CONF) $(SECIL2TREE)
+
+ $(SECILC): $(SECILC_OBJS)
+ 	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+@@ -56,15 +56,11 @@ $(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
+ $(SECIL2TREE_MANPAGE): $(SECIL2TREE_MANPAGE).xml
+ 	$(XMLTO) man $(SECIL2TREE_MANPAGE).xml
+
+-install: all man
++install: all
+ 	-mkdir -p $(DESTDIR)$(BINDIR)
+-	-mkdir -p $(DESTDIR)$(MANDIR)/man8
+ 	install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ 	install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ 	install -m 755 $(SECIL2TREE) $(DESTDIR)$(BINDIR)
+-	install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+-	install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+-	install -m 644 $(SECIL2TREE_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+
+ doc:
+ 	$(MAKE) -C docs
diff --git a/secilc/pkg.yaml b/secilc/pkg.yaml
@@ -0,0 +1,25 @@
+name: secilc
+dependencies:
+  - stage: base
+  - stage: patch
+  - stage: libsepol
+    runtime: true
+steps:
+  - sources:
+      - url: https://github.com/SELinuxProject/selinux/releases/download/{{ .secilc_version }}/secilc-{{ .secilc_version }}.tar.gz
+        destination: secilc.tar.gz
+        sha256: "{{ .secilc_sha256 }}"
+        sha512: "{{ .secilc_sha512 }}"
+    prepare:
+      - |
+        tar -xzf secilc.tar.gz --strip-components=1
+        patch -p1 < /pkg/patches/disable-manpages.patch
+    build:
+      - |
+        make -j $(nproc) all
+    install:
+      - |
+        make install DESTDIR=/rootfs PREFIX=/toolchain
+finalize:
+  - from: /rootfs
+    to: /
diff --git a/tools/pkg.yaml b/tools/pkg.yaml
@@ -40,6 +40,7 @@ dependencies:
   - stage: libcap
   - stage: libffi
   - stage: libnl
+  - stage: libsepol
   - stage: libtasn1
   - stage: libtool
   - stage: libunistring
@@ -64,6 +65,7 @@ dependencies:
   - stage: protoc-gen-go-grpc
   - stage: python3
   - stage: rhash
+  - stage: secilc
   - stage: sd-boot
   - stage: sed
   - stage: squashfs-tools