setools: new package

	source "package/xenomai/Config.in"

endmenu

menu "Security"

	source "package/setools/Config.in"

endmenu

menu "Shell and utilities"

comment "Shells"

if BR2_PACKAGE_BUSYBOX_SHOW_OTHERS

Correct build issues to enable cross compiling.  These changes require the

package to be auto reconfigured.

These updates were not upsteamed as the 3.3.x version has stablized and they

were only taking bug fixes.  Also the 4.0 preview has completely reworked

the build infrastructure which will require this to be revisited.

Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>

diff -urN a/configure.ac b/configure.ac

--- a/configure.ac	2013-01-16 10:36:24.000000000 -0600

+++ b/configure.ac	2013-07-12 08:22:10.380255248 -0500

@@ -448,8 +448,9 @@

               sepol_srcdir="")

 if test "x${sepol_srcdir}" = "x"; then

    sepol_srcdir=${sepol_devel_libdir}

-   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,

-      AC_MSG_ERROR([make sure libsepol-static is installed]))

+   if test ! -f ${sepol_srcdir}/libsepol.a; then

+      AC_MSG_ERROR([could not find precompiled libsepol.a])

+   fi

 else

    AC_MSG_CHECKING([for compatible sepol source tree])

    sepol_version=${sepol_srcdir}/VERSION

@@ -484,8 +485,9 @@

    AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))

    CFLAGS="${sepol_src_save_CFLAGS}"

    CPPFLAGS="${sepol_src_save_CPPFLAGS}"

-   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,

-      AC_MSG_ERROR([could not find precompiled libsepol.a]))

+   if test ! -f ${sepol_srcdir}/libsepol.a; then

+      AC_MSG_ERROR([could not find precompiled libsepol.a])

+   fi

    sepol_devel_incdir="${sepol_srcdir}/../include"

 fi

 SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"

@@ -578,12 +580,13 @@

                          [AC_LANG_SOURCE([

 #include <sepol/policydb/expand.h>

 int main () {

-  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);

+  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);

 }])],

                          AC_MSG_RESULT([yes]),

                          AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))

     fi

     sepol_new_expand_boolmap="yes"

+    sepol_new_user_role_mapping="yes"

 else

     sepol_new_expand_boolmap="no"

 fi

@@ -607,7 +610,8 @@

     exit(EXIT_FAILURE);

 }])],

     sepol_policy_version_max=`cat conftest.data`,

-    AC_MSG_FAILURE([could not determine maximum libsepol policy version]))

+    AC_MSG_FAILURE([could not determine maximum libsepol policy version]),

+    sepol_policy_version_max="26")

 AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])

 CFLAGS="${sepol_save_CFLAGS}"

 CPPFLAGS="${sepol_save_CPPFLAGS}"

@@ -631,7 +635,7 @@

     changequote([,])dnl

     selinux_save_CFLAGS="${CFLAGS}"

     CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"

-    gcc ${CFLAGS} -o conftest conftest.c >&5

+    ${CC} ${CFLAGS} -o conftest conftest.c >&5

     selinux_policy_dir=`./conftest`

     AC_MSG_RESULT(${selinux_policy_dir})

     CFLAGS="${selinux_save_CFLAGS}"

diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c

--- a/libqpol/src/policy_define.c	2013-01-16 10:36:24.000000000 -0600

+++ b/libqpol/src/policy_define.c	2013-07-12 08:22:10.380255248 -0500

@@ -2135,7 +2135,7 @@

 #ifdef HAVE_SEPOL_ROLE_ATTRS

 	if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))

 #elif HAVE_SEPOL_USER_ROLE_MAPPING

-	if (role_set_expand(&roles, &e_roles, policydbp, NULL))

+	if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))

 #else

 	if (role_set_expand(&roles, &e_roles, policydbp))

 #endif

diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4

--- a/m4/ac_python_devel.m4	2013-01-16 10:36:22.000000000 -0600

+++ b/m4/ac_python_devel.m4	2013-07-12 08:22:10.380255248 -0500

@@ -234,7 +234,7 @@

 	AC_MSG_CHECKING([consistency of all components of python development environment])

 	AC_LANG_PUSH([C])

 	# save current global flags

-	LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"

+	LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"

 	CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"

 	AC_TRY_LINK([

 		#include <Python.h>

diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am

--- a/python/setools/Makefile.am	2013-01-16 10:36:22.000000000 -0600

+++ b/python/setools/Makefile.am	2013-07-12 08:22:19.200251011 -0500

@@ -22,13 +22,13 @@

 python-build: sesearch.c seinfo.c

 	@mkdir -p setools

 	@cp __init__.py setools

-	LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build

+	LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext

 install-exec-hook:

-	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`

+	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`

 uninstall-hook: 

-	$(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`

+	$(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`

 clean-local:

 	$(PYTHON) setup.py clean -a 

--- a/python/setools/setup.py	2013-01-16 10:36:22.000000000 -0600

+++ b/python/setools/setup.py	2013-09-04 09:17:48.452916991 -0500

@@ -8,7 +8,7 @@

 try:

     inc=os.getenv("INCLUDES").split(" ")    

     INCLUDES=map(lambda x: x[2:], inc)

-    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())

+    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())

 except:

     INCLUDES=""

     LIBDIRS=""

Correct a build issue that occurs when python is not found

in the path. This check should only be done if swig-python

option is selected.

Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>

--- a/configure.ac	2015-05-15 12:28:07.566060349 -0500

+++ b/configure.ac	2015-05-28 15:07:25.357072800 -0500

@@ -217,8 +217,6 @@

    do_swigify=yes

 fi

-AM_PATH_PYTHON(2.7)

-

 AC_ARG_ENABLE(swig-python,

               AC_HELP_STRING([--enable-swig-python],

                              [build SWIG interfaces for Python]),

@@ -227,6 +225,7 @@

    if test ${do_swigify} = no; then

       AC_PROG_SWIG(2.0.0)

    fi

+   AM_PATH_PYTHON(2.7)

    SWIG_PYTHON

    do_swigify_python=yes

    do_swigify=yes

config BR2_PACKAGE_SETOOLS

	bool "setools"

	select BR2_PACKAGE_LIBSELINUX

	select BR2_PACKAGE_SQLITE

	select BR2_PACKAGE_LIBXML2

	select BR2_PACKAGE_BZIP2

	depends on BR2_TOOLCHAIN_HAS_THREADS

	depends on !BR2_STATIC_LIBS

	depends on BR2_INSTALL_LIBSTDCPP

	help

	  SETools is an open source project designed to facilitate

	  SELinux policy analysis. The primary tools are:

	   * apol - analyze a SELinux policy.

	   * seaudit - analyze audit messages from SELinux.

	   * seaudit-report - generate highly-customized audit log

	     reports.

	   * sechecker - command line tool for performing modular

	     checks on an SELinux policy.

	   * sediff - semantic policy difference tool for SELinux.

	   * secmds - command-line tools to analyze and search SELinux

             policy.

comment "setools needs a toolchain w/ threads, C++, dynamic library"

	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \

		|| !BR2_INSTALL_LIBSTDCPP

# From https://github.com/TresysTechnology/setools3/wiki/Download

md5	d68d0d4e4da0f01da0f208782ff04b91	setools-3.3.8.tar.bz2

# Locally computed

sha256	44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999	setools-3.3.8.tar.bz2