diff --git a/debian/README b/debian/README deleted file mode 100644 index ce5fe2d..0000000 --- a/debian/README +++ /dev/null @@ -1,7 +0,0 @@ -selinuxfs mountpoint --------------------- - - The /selinux directory has been dropped. Since Wheezy, the selinuxfs - filesystem is mounted under /sys/fs/selinux. If it is still mounted under - the old location you might want to check if /sys is mounted in the early - boot. diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 48082f7..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -12 diff --git a/debian/control b/debian/control index 95cebc5..21900c6 100644 --- a/debian/control +++ b/debian/control @@ -1,23 +1,22 @@ Source: libselinux -VCS-Git: https://salsa.debian.org/selinux-team/libselinux.git -VCS-Browser: https://salsa.debian.org/selinux-team/libselinux +Vcs-Git: https://gitee.com/openkylin/libselinux.git +Vcs-Browser: https://gitee.com/openkylin/libselinux Priority: optional Section: libs -Maintainer: Debian SELinux maintainers -Uploaders: Laurent Bigonville , - Russell Coker -Standards-Version: 4.4.1 -Build-Depends: debhelper (>= 12), +Maintainer: OpenKylin Developers +Standards-Version: 4.6.0 +Build-Depends: debhelper-compat (= 13), dh-python , file, - gem2deb (>= 0.5.0~) , - libsepol1-dev (>= 3.0), + gem2deb , + libsepol-dev (>= 3.4), libpcre2-dev, pkg-config, python3-all-dev , swig XS-Ruby-Versions: all -Homepage: http://userspace.selinuxproject.org/ +Homepage: https://selinuxproject.org +Rules-Requires-Root: no Package: selinux-utils Architecture: linux-any @@ -60,7 +59,7 @@ Description: SELinux runtime shared libraries Package: libselinux1-dev Architecture: linux-any Depends: libselinux1 (= ${binary:Version}), - libsepol1-dev (>= 3.0), + libsepol-dev (>= 3.4), libpcre2-dev, ${misc:Depends} Section: libdevel diff --git a/debian/libselinux1.symbols b/debian/libselinux1.symbols index 161979c..d7f0e6c 100644 --- a/debian/libselinux1.symbols +++ b/debian/libselinux1.symbols @@ -1,245 +1,243 @@ libselinux.so.1 libselinux1 #MINVER# * Build-Depends-Package: libselinux1-dev - avc_add_callback@Base 1.32 - avc_audit@Base 1.32 - avc_av_stats@Base 1.32 - avc_cache_stats@Base 1.32 - avc_cleanup@Base 1.32 - avc_compute_create@Base 2.0.15 - avc_compute_member@Base 2.0.65 - avc_context_to_sid@Base 1.32 - avc_context_to_sid_raw@Base 1.32 - avc_destroy@Base 1.32 - avc_get_initial_sid@Base 2.0.15 - avc_has_perm@Base 1.32 - avc_has_perm_noaudit@Base 1.32 - avc_init@Base 1.32 - avc_netlink_acquire_fd@Base 2.0.82 - avc_netlink_check_nb@Base 2.0.82 - avc_netlink_close@Base 2.0.82 - avc_netlink_loop@Base 2.0.82 - avc_netlink_open@Base 2.0.82 - avc_netlink_release_fd@Base 2.0.82 - avc_open@Base 2.0.65 - avc_reset@Base 1.32 - avc_sid_stats@Base 1.32 - avc_sid_to_context@Base 1.32 - avc_sid_to_context_raw@Base 1.32 - checkPasswdAccess@Base 1.32 - context_free@Base 1.32 - context_new@Base 1.32 - context_range_get@Base 1.32 - context_range_set@Base 1.32 - context_role_get@Base 1.32 - context_role_set@Base 1.32 - context_str@Base 1.32 - context_type_get@Base 1.32 - context_type_set@Base 1.32 - context_user_get@Base 1.32 - context_user_set@Base 1.32 - dir_xattr_list@Base 2.6 - fgetfilecon@Base 1.32 - fini_selinuxmnt@Base 2.1.0 - fgetfilecon_raw@Base 1.32 - freecon@Base 1.32 - freeconary@Base 1.32 - fsetfilecon@Base 1.32 - fsetfilecon_raw@Base 2.0.65 - get_default_context@Base 1.32 - get_default_context_with_level@Base 1.32 - get_default_context_with_role@Base 1.32 - get_default_context_with_rolelevel@Base 1.32 - get_default_type@Base 1.32 - get_ordered_context_list@Base 1.32 - get_ordered_context_list_with_level@Base 1.32 - getcon@Base 1.32 - getcon_raw@Base 1.32 - getexeccon@Base 1.32 - getexeccon_raw@Base 1.32 - getfilecon@Base 1.32 - getfilecon_raw@Base 1.32 - getfscreatecon@Base 1.32 - getfscreatecon_raw@Base 1.32 - getkeycreatecon@Base 1.32 - getkeycreatecon_raw@Base 1.32 - getpeercon@Base 1.32 - getpeercon_raw@Base 1.32 - getpidcon@Base 1.32 - getpidcon_raw@Base 1.32 - getprevcon@Base 1.32 - getprevcon_raw@Base 1.32 - getseuser@Base 2.0.85 - getseuserbyname@Base 1.32 - getsockcreatecon@Base 1.32 - getsockcreatecon_raw@Base 1.32 - is_context_customizable@Base 1.32 - is_selinux_enabled@Base 1.32 - is_selinux_mls_enabled@Base 1.32 - lgetfilecon@Base 1.32 - lgetfilecon_raw@Base 1.32 - lsetfilecon@Base 1.32 - lsetfilecon_raw@Base 1.32 - manual_user_enter_context@Base 1.32 - map_class@Base 2.0.65 - map_decision@Base 2.0.65 - map_perm@Base 2.0.65 - matchmediacon@Base 1.32 - matchpathcon@Base 1.32 - matchpathcon_checkmatches@Base 1.32 - matchpathcon_filespec_add@Base 1.32 - matchpathcon_filespec_destroy@Base 1.32 - matchpathcon_filespec_eval@Base 1.32 - matchpathcon_fini@Base 1.32 - matchpathcon_index@Base 1.32 - matchpathcon_init@Base 1.32 - matchpathcon_init_prefix@Base 1.32 - mode_to_security_class@Base 2.1.13 - myprintf_compat@Base 2.0.65 - print_access_vector@Base 1.32 - query_user_context@Base 1.32 - realpath_not_final@Base 2.1.9 - rpm_execcon@Base 1.32 - security_av_perm_to_string@Base 2.0.15 - security_av_string@Base 2.0.15 - security_canonicalize_context@Base 1.32 - security_canonicalize_context_raw@Base 1.32 - security_check_context@Base 1.32 - security_check_context_raw@Base 1.32 - security_class_to_string@Base 2.0.15 - security_commit_booleans@Base 1.32 - security_compute_av@Base 1.32 - security_compute_av_flags@Base 2.0.82 - security_compute_av_flags_raw@Base 2.0.82 - security_compute_av_raw@Base 1.32 - security_compute_create@Base 1.32 - security_compute_create_name@Base 2.1.12 - security_compute_create_name_raw@Base 2.1.12 - security_compute_create_raw@Base 1.32 - security_compute_member@Base 1.32 - security_compute_member_raw@Base 1.32 - security_compute_relabel@Base 1.32 - security_compute_relabel_raw@Base 1.32 - security_compute_user@Base 1.32 - security_compute_user_raw@Base 1.32 - security_deny_unknown@Base 2.0.82 - security_disable@Base 1.32 - security_get_boolean_active@Base 1.32 - security_get_boolean_names@Base 1.32 - security_get_boolean_pending@Base 1.32 - security_get_checkreqprot@Base 2.7~rc2 - security_get_initial_context@Base 2.0.15 - security_get_initial_context_raw@Base 2.0.15 - security_getenforce@Base 1.32 - security_load_booleans@Base 1.32 - security_load_policy@Base 1.32 - security_policyvers@Base 1.32 - security_reject_unknown@Base 2.9 - security_set_boolean@Base 1.32 - security_set_boolean_list@Base 1.32 - security_setenforce@Base 1.32 - security_validatetrans@Base 3.0 - security_validatetrans_raw@Base 3.0 - selabel_close@Base 2.0.65 - selabel_cmp@Base 2.5 - selabel_digest@Base 2.5 - selabel_get_digests_all_partial_matches@Base 3.0 - selabel_hash_all_partial_matches@Base 3.0 - selabel_lookup@Base 2.0.65 - selabel_lookup_best_match@Base 2.5 - selabel_lookup_best_match_raw@Base 2.5 - selabel_lookup_raw@Base 2.0.65 - selabel_open@Base 2.0.65 - selabel_partial_match@Base 2.5 - selabel_stats@Base 2.0.65 - selinux_binary_policy_path@Base 1.32 - selinux_boolean_sub@Base 2.1.12 - selinux_booleans_path@Base 1.32 - selinux_booleans_subs_path@Base 2.1.12 - selinux_check_access@Base 2.1.9 - selinux_check_passwd_access@Base 1.32 - selinux_check_securetty_context@Base 2.0.15 - selinux_colors_path@Base 2.0.82 - selinux_contexts_path@Base 1.32 - selinux_current_policy_path@Base 2.2 - selinux_customizable_types_path@Base 1.32 - selinux_default_context_path@Base 1.32 - selinux_default_type_path@Base 1.32 - selinux_failsafe_context_path@Base 1.32 - selinux_file_context_cmp@Base 1.32 - selinux_file_context_homedir_path@Base 1.32 - selinux_file_context_local_path@Base 1.32 - selinux_file_context_path@Base 1.32 - selinux_file_context_subs_dist_path@Base 2.1.0 - selinux_file_context_subs_path@Base 2.0.82 - selinux_file_context_verify@Base 1.32 - selinux_get_callback@Base 2.0.65 - selinux_getenforcemode@Base 1.32 - selinux_getpolicytype@Base 1.32 - selinux_homedir_context_path@Base 1.32 - selinux_init_load_policy@Base 1.32 - selinux_lsetfilecon_default@Base 1.32 - selinux_lxc_contexts_path@Base 2.1.12 - selinux_media_context_path@Base 1.32 - selinux_mkload_policy@Base 1.32 - selinux_mnt@Base 1.32 - selinux_netfilter_context_path@Base 1.32 - selinux_openrc_contexts_path@Base 2.6 - selinux_openssh_contexts_path@Base 2.5 - selinux_path@Base 1.32 - selinux_policy_root@Base 1.32 - selinux_raw_context_to_color@Base 2.0.82 - selinux_raw_to_trans_context@Base 1.32 - selinux_removable_context_path@Base 1.32 - selinux_reset_config@Base 2.0.88 - selinux_restorecon@Base 2.5 - selinux_restorecon_default_handle@Base 2.5 - selinux_restorecon_set_alt_rootpath@Base 2.6 - selinux_restorecon_set_exclude_list@Base 2.5 - selinux_restorecon_set_sehandle@Base 2.5 - selinux_restorecon_xattr@Base 2.6 - selinux_securetty_types_path@Base 2.0.15 - selinux_sepgsql_context_path@Base 2.0.94 - selinux_set_callback@Base 2.0.65 - selinux_set_mapping@Base 2.0.65 - selinux_set_policy_root@Base 2.2 - selinux_snapperd_contexts_path@Base 2.6 - selinux_status_close@Base 2.1.0 - selinux_status_deny_unknown@Base 2.1.0 - selinux_status_getenforce@Base 2.1.0 - selinux_status_open@Base 2.1.0 - selinux_status_policyload@Base 2.1.0 - selinux_status_updated@Base 2.1.0 - selinux_systemd_contexts_path@Base 2.2 - selinux_trans_to_raw_context@Base 1.32 - selinux_translations_path@Base 1.32 - selinux_user_contexts_path@Base 1.32 - selinux_users_path@Base 1.32 - selinux_usersconf_path@Base 1.32 - selinux_virtual_domain_context_path@Base 2.0.82 - selinux_virtual_image_context_path@Base 2.0.82 - selinux_x_context_path@Base 2.0.65 - selinuxfs_exists@Base 2.1.9 - set_matchpathcon_canoncon@Base 1.32 - set_matchpathcon_flags@Base 1.32 - set_matchpathcon_invalidcon@Base 1.32 - set_matchpathcon_printf@Base 1.32 - set_selinuxmnt@Base 1.32 - setcon@Base 1.32 - setcon_raw@Base 1.32 - setexeccon@Base 1.32 - setexeccon_raw@Base 1.32 - setexecfilecon@Base 2.3 - setfilecon@Base 1.32 - setfilecon_raw@Base 1.32 - setfscreatecon@Base 1.32 - setfscreatecon_raw@Base 1.32 - setkeycreatecon@Base 1.32 - setkeycreatecon_raw@Base 1.32 - setsockcreatecon@Base 1.32 - setsockcreatecon_raw@Base 1.32 - sidget@Base 1.32 - sidput@Base 1.32 - string_to_av_perm@Base 1.32 - string_to_security_class@Base 1.32 - unmap_class@Base 2.0.65 - unmap_perm@Base 2.0.65 + LIBSELINUX_1.0@LIBSELINUX_1.0 3.1~ + LIBSELINUX_3.4@LIBSELINUX_3.4 3.4 + avc_add_callback@LIBSELINUX_1.0 3.1~ + avc_audit@LIBSELINUX_1.0 3.1~ + avc_av_stats@LIBSELINUX_1.0 3.1~ + avc_cache_stats@LIBSELINUX_1.0 3.1~ + avc_cleanup@LIBSELINUX_1.0 3.1~ + avc_compute_create@LIBSELINUX_1.0 3.1~ + avc_compute_member@LIBSELINUX_1.0 3.1~ + avc_context_to_sid@LIBSELINUX_1.0 3.1~ + avc_context_to_sid_raw@LIBSELINUX_1.0 3.1~ + avc_destroy@LIBSELINUX_1.0 3.1~ + avc_get_initial_sid@LIBSELINUX_1.0 3.1~ + avc_has_perm@LIBSELINUX_1.0 3.1~ + avc_has_perm_noaudit@LIBSELINUX_1.0 3.1~ + avc_init@LIBSELINUX_1.0 3.1~ + avc_netlink_acquire_fd@LIBSELINUX_1.0 3.1~ + avc_netlink_check_nb@LIBSELINUX_1.0 3.1~ + avc_netlink_close@LIBSELINUX_1.0 3.1~ + avc_netlink_loop@LIBSELINUX_1.0 3.1~ + avc_netlink_open@LIBSELINUX_1.0 3.1~ + avc_netlink_release_fd@LIBSELINUX_1.0 3.1~ + avc_open@LIBSELINUX_1.0 3.1~ + avc_reset@LIBSELINUX_1.0 3.1~ + avc_sid_stats@LIBSELINUX_1.0 3.1~ + avc_sid_to_context@LIBSELINUX_1.0 3.1~ + avc_sid_to_context_raw@LIBSELINUX_1.0 3.1~ + checkPasswdAccess@LIBSELINUX_1.0 3.1~ + context_free@LIBSELINUX_1.0 3.1~ + context_new@LIBSELINUX_1.0 3.1~ + context_range_get@LIBSELINUX_1.0 3.1~ + context_range_set@LIBSELINUX_1.0 3.1~ + context_role_get@LIBSELINUX_1.0 3.1~ + context_role_set@LIBSELINUX_1.0 3.1~ + context_str@LIBSELINUX_1.0 3.1~ + context_type_get@LIBSELINUX_1.0 3.1~ + context_type_set@LIBSELINUX_1.0 3.1~ + context_user_get@LIBSELINUX_1.0 3.1~ + context_user_set@LIBSELINUX_1.0 3.1~ + fgetfilecon@LIBSELINUX_1.0 3.1~ + fini_selinuxmnt@LIBSELINUX_1.0 3.1~ + fgetfilecon_raw@LIBSELINUX_1.0 3.1~ + freecon@LIBSELINUX_1.0 3.1~ + freeconary@LIBSELINUX_1.0 3.1~ + fsetfilecon@LIBSELINUX_1.0 3.1~ + fsetfilecon_raw@LIBSELINUX_1.0 3.1~ + get_default_context@LIBSELINUX_1.0 3.1~ + get_default_context_with_level@LIBSELINUX_1.0 3.1~ + get_default_context_with_role@LIBSELINUX_1.0 3.1~ + get_default_context_with_rolelevel@LIBSELINUX_1.0 3.1~ + get_default_type@LIBSELINUX_1.0 3.1~ + get_ordered_context_list@LIBSELINUX_1.0 3.1~ + get_ordered_context_list_with_level@LIBSELINUX_1.0 3.1~ + getcon@LIBSELINUX_1.0 3.1~ + getcon_raw@LIBSELINUX_1.0 3.1~ + getexeccon@LIBSELINUX_1.0 3.1~ + getexeccon_raw@LIBSELINUX_1.0 3.1~ + getfilecon@LIBSELINUX_1.0 3.1~ + getfilecon_raw@LIBSELINUX_1.0 3.1~ + getfscreatecon@LIBSELINUX_1.0 3.1~ + getfscreatecon_raw@LIBSELINUX_1.0 3.1~ + getkeycreatecon@LIBSELINUX_1.0 3.1~ + getkeycreatecon_raw@LIBSELINUX_1.0 3.1~ + getpeercon@LIBSELINUX_1.0 3.1~ + getpeercon_raw@LIBSELINUX_1.0 3.1~ + getpidcon@LIBSELINUX_1.0 3.1~ + getpidcon_raw@LIBSELINUX_1.0 3.1~ + getprevcon@LIBSELINUX_1.0 3.1~ + getprevcon_raw@LIBSELINUX_1.0 3.1~ + getseuser@LIBSELINUX_1.0 3.1~ + getseuserbyname@LIBSELINUX_1.0 3.1~ + getsockcreatecon@LIBSELINUX_1.0 3.1~ + getsockcreatecon_raw@LIBSELINUX_1.0 3.1~ + is_context_customizable@LIBSELINUX_1.0 3.1~ + is_selinux_enabled@LIBSELINUX_1.0 3.1~ + is_selinux_mls_enabled@LIBSELINUX_1.0 3.1~ + lgetfilecon@LIBSELINUX_1.0 3.1~ + lgetfilecon_raw@LIBSELINUX_1.0 3.1~ + lsetfilecon@LIBSELINUX_1.0 3.1~ + lsetfilecon_raw@LIBSELINUX_1.0 3.1~ + manual_user_enter_context@LIBSELINUX_1.0 3.1~ + matchmediacon@LIBSELINUX_1.0 3.1~ + matchpathcon@LIBSELINUX_1.0 3.1~ + matchpathcon_checkmatches@LIBSELINUX_1.0 3.1~ + matchpathcon_filespec_add@LIBSELINUX_1.0 3.1~ + matchpathcon_filespec_destroy@LIBSELINUX_1.0 3.1~ + matchpathcon_filespec_eval@LIBSELINUX_1.0 3.1~ + matchpathcon_fini@LIBSELINUX_1.0 3.1~ + matchpathcon_index@LIBSELINUX_1.0 3.1~ + matchpathcon_init@LIBSELINUX_1.0 3.1~ + matchpathcon_init_prefix@LIBSELINUX_1.0 3.1~ + mode_to_security_class@LIBSELINUX_1.0 3.1~ + print_access_vector@LIBSELINUX_1.0 3.1~ + query_user_context@LIBSELINUX_1.0 3.1~ + realpath_not_final@LIBSELINUX_1.0 3.1~ + rpm_execcon@LIBSELINUX_1.0 3.1~ + security_av_perm_to_string@LIBSELINUX_1.0 3.1~ + security_av_string@LIBSELINUX_1.0 3.1~ + security_canonicalize_context@LIBSELINUX_1.0 3.1~ + security_canonicalize_context_raw@LIBSELINUX_1.0 3.1~ + security_check_context@LIBSELINUX_1.0 3.1~ + security_check_context_raw@LIBSELINUX_1.0 3.1~ + security_class_to_string@LIBSELINUX_1.0 3.1~ + security_commit_booleans@LIBSELINUX_1.0 3.1~ + security_compute_av@LIBSELINUX_1.0 3.1~ + security_compute_av_flags@LIBSELINUX_1.0 3.1~ + security_compute_av_flags_raw@LIBSELINUX_1.0 3.1~ + security_compute_av_raw@LIBSELINUX_1.0 3.1~ + security_compute_create@LIBSELINUX_1.0 3.1~ + security_compute_create_name@LIBSELINUX_1.0 3.1~ + security_compute_create_name_raw@LIBSELINUX_1.0 3.1~ + security_compute_create_raw@LIBSELINUX_1.0 3.1~ + security_compute_member@LIBSELINUX_1.0 3.1~ + security_compute_member_raw@LIBSELINUX_1.0 3.1~ + security_compute_relabel@LIBSELINUX_1.0 3.1~ + security_compute_relabel_raw@LIBSELINUX_1.0 3.1~ + security_compute_user@LIBSELINUX_1.0 3.1~ + security_compute_user_raw@LIBSELINUX_1.0 3.1~ + security_deny_unknown@LIBSELINUX_1.0 3.1~ + security_disable@LIBSELINUX_1.0 3.1~ + security_get_boolean_active@LIBSELINUX_1.0 3.1~ + security_get_boolean_names@LIBSELINUX_1.0 3.1~ + security_get_boolean_pending@LIBSELINUX_1.0 3.1~ + security_get_checkreqprot@LIBSELINUX_1.0 3.1~ + security_get_initial_context@LIBSELINUX_1.0 3.1~ + security_get_initial_context_raw@LIBSELINUX_1.0 3.1~ + security_getenforce@LIBSELINUX_1.0 3.1~ + security_load_booleans@LIBSELINUX_1.0 3.1~ + security_load_policy@LIBSELINUX_1.0 3.1~ + security_policyvers@LIBSELINUX_1.0 3.1~ + security_reject_unknown@LIBSELINUX_1.0 3.1~ + security_set_boolean@LIBSELINUX_1.0 3.1~ + security_set_boolean_list@LIBSELINUX_1.0 3.1~ + security_setenforce@LIBSELINUX_1.0 3.1~ + security_validatetrans@LIBSELINUX_1.0 3.1~ + security_validatetrans_raw@LIBSELINUX_1.0 3.1~ + selabel_close@LIBSELINUX_1.0 3.1~ + selabel_cmp@LIBSELINUX_1.0 3.1~ + selabel_digest@LIBSELINUX_1.0 3.1~ + selabel_get_digests_all_partial_matches@LIBSELINUX_1.0 3.1~ + selabel_hash_all_partial_matches@LIBSELINUX_1.0 3.1~ + selabel_lookup@LIBSELINUX_1.0 3.1~ + selabel_lookup_best_match@LIBSELINUX_1.0 3.1~ + selabel_lookup_best_match_raw@LIBSELINUX_1.0 3.1~ + selabel_lookup_raw@LIBSELINUX_1.0 3.1~ + selabel_open@LIBSELINUX_1.0 3.1~ + selabel_partial_match@LIBSELINUX_1.0 3.1~ + selabel_stats@LIBSELINUX_1.0 3.1~ + selinux_binary_policy_path@LIBSELINUX_1.0 3.1~ + selinux_boolean_sub@LIBSELINUX_1.0 3.1~ + selinux_booleans_path@LIBSELINUX_1.0 3.1~ + selinux_booleans_subs_path@LIBSELINUX_1.0 3.1~ + selinux_check_access@LIBSELINUX_1.0 3.1~ + selinux_check_passwd_access@LIBSELINUX_1.0 3.1~ + selinux_check_securetty_context@LIBSELINUX_1.0 3.1~ + selinux_colors_path@LIBSELINUX_1.0 3.1~ + selinux_contexts_path@LIBSELINUX_1.0 3.1~ + selinux_current_policy_path@LIBSELINUX_1.0 3.1~ + selinux_customizable_types_path@LIBSELINUX_1.0 3.1~ + selinux_default_context_path@LIBSELINUX_1.0 3.1~ + selinux_default_type_path@LIBSELINUX_1.0 3.1~ + selinux_failsafe_context_path@LIBSELINUX_1.0 3.1~ + selinux_file_context_cmp@LIBSELINUX_1.0 3.1~ + selinux_file_context_homedir_path@LIBSELINUX_1.0 3.1~ + selinux_file_context_local_path@LIBSELINUX_1.0 3.1~ + selinux_file_context_path@LIBSELINUX_1.0 3.1~ + selinux_file_context_subs_dist_path@LIBSELINUX_1.0 3.1~ + selinux_file_context_subs_path@LIBSELINUX_1.0 3.1~ + selinux_file_context_verify@LIBSELINUX_1.0 3.1~ + selinux_flush_class_cache@LIBSELINUX_1.0 3.1~ + selinux_get_callback@LIBSELINUX_1.0 3.1~ + selinux_getenforcemode@LIBSELINUX_1.0 3.1~ + selinux_getpolicytype@LIBSELINUX_1.0 3.1~ + selinux_homedir_context_path@LIBSELINUX_1.0 3.1~ + selinux_init_load_policy@LIBSELINUX_1.0 3.1~ + selinux_lsetfilecon_default@LIBSELINUX_1.0 3.1~ + selinux_lxc_contexts_path@LIBSELINUX_1.0 3.1~ + selinux_media_context_path@LIBSELINUX_1.0 3.1~ + selinux_mkload_policy@LIBSELINUX_1.0 3.1~ + selinux_mnt@LIBSELINUX_1.0 3.1~ + selinux_netfilter_context_path@LIBSELINUX_1.0 3.1~ + selinux_openrc_contexts_path@LIBSELINUX_1.0 3.1~ + selinux_openssh_contexts_path@LIBSELINUX_1.0 3.1~ + selinux_path@LIBSELINUX_1.0 3.1~ + selinux_policy_root@LIBSELINUX_1.0 3.1~ + selinux_raw_context_to_color@LIBSELINUX_1.0 3.1~ + selinux_raw_to_trans_context@LIBSELINUX_1.0 3.1~ + selinux_removable_context_path@LIBSELINUX_1.0 3.1~ + selinux_reset_config@LIBSELINUX_1.0 3.1~ + selinux_restorecon@LIBSELINUX_1.0 3.1~ + selinux_restorecon_default_handle@LIBSELINUX_1.0 3.1~ + selinux_restorecon_get_skipped_errors@LIBSELINUX_3.4 3.4 + selinux_restorecon_parallel@LIBSELINUX_3.4 3.4 + selinux_restorecon_set_alt_rootpath@LIBSELINUX_1.0 3.1~ + selinux_restorecon_set_exclude_list@LIBSELINUX_1.0 3.1~ + selinux_restorecon_set_sehandle@LIBSELINUX_1.0 3.1~ + selinux_restorecon_xattr@LIBSELINUX_1.0 3.1~ + selinux_securetty_types_path@LIBSELINUX_1.0 3.1~ + selinux_sepgsql_context_path@LIBSELINUX_1.0 3.1~ + selinux_set_callback@LIBSELINUX_1.0 3.1~ + selinux_set_mapping@LIBSELINUX_1.0 3.1~ + selinux_set_policy_root@LIBSELINUX_1.0 3.1~ + selinux_snapperd_contexts_path@LIBSELINUX_1.0 3.1~ + selinux_status_close@LIBSELINUX_1.0 3.1~ + selinux_status_deny_unknown@LIBSELINUX_1.0 3.1~ + selinux_status_getenforce@LIBSELINUX_1.0 3.1~ + selinux_status_open@LIBSELINUX_1.0 3.1~ + selinux_status_policyload@LIBSELINUX_1.0 3.1~ + selinux_status_updated@LIBSELINUX_1.0 3.1~ + selinux_systemd_contexts_path@LIBSELINUX_1.0 3.1~ + selinux_trans_to_raw_context@LIBSELINUX_1.0 3.1~ + selinux_translations_path@LIBSELINUX_1.0 3.1~ + selinux_user_contexts_path@LIBSELINUX_1.0 3.1~ + selinux_users_path@LIBSELINUX_1.0 3.1~ + selinux_usersconf_path@LIBSELINUX_1.0 3.1~ + selinux_virtual_domain_context_path@LIBSELINUX_1.0 3.1~ + selinux_virtual_image_context_path@LIBSELINUX_1.0 3.1~ + selinux_x_context_path@LIBSELINUX_1.0 3.1~ + selinuxfs_exists@LIBSELINUX_1.0 3.1~ + set_matchpathcon_canoncon@LIBSELINUX_1.0 3.1~ + set_matchpathcon_flags@LIBSELINUX_1.0 3.1~ + set_matchpathcon_invalidcon@LIBSELINUX_1.0 3.1~ + set_matchpathcon_printf@LIBSELINUX_1.0 3.1~ + set_selinuxmnt@LIBSELINUX_1.0 3.1~ + setcon@LIBSELINUX_1.0 3.1~ + setcon_raw@LIBSELINUX_1.0 3.1~ + setexeccon@LIBSELINUX_1.0 3.1~ + setexeccon_raw@LIBSELINUX_1.0 3.1~ + setexecfilecon@LIBSELINUX_1.0 3.1~ + setfilecon@LIBSELINUX_1.0 3.1~ + setfilecon_raw@LIBSELINUX_1.0 3.1~ + setfscreatecon@LIBSELINUX_1.0 3.1~ + setfscreatecon_raw@LIBSELINUX_1.0 3.1~ + setkeycreatecon@LIBSELINUX_1.0 3.1~ + setkeycreatecon_raw@LIBSELINUX_1.0 3.1~ + setsockcreatecon@LIBSELINUX_1.0 3.1~ + setsockcreatecon_raw@LIBSELINUX_1.0 3.1~ + sidget@LIBSELINUX_1.0 3.1~ + sidput@LIBSELINUX_1.0 3.1~ + string_to_av_perm@LIBSELINUX_1.0 3.1~ + string_to_security_class@LIBSELINUX_1.0 3.1~ diff --git a/debian/python.mk b/debian/python.mk deleted file mode 100644 index ac50646..0000000 --- a/debian/python.mk +++ /dev/null @@ -1,18 +0,0 @@ -#! /usr/bin/make --no-print-directory -f - -## Default target -PYTHON3_VERSIONS := $(shell py3versions -r) -all: $(PYTHON3_VERSIONS) - -## Targets share the same output files, so must be run serially -.NOTPARALLEL: -.PHONY: all $(PYTHON3_VERSIONS) - -## SELinux does not have a very nice build process -extra_python_args = PYTHON=$@ -extra_python_args += PYLIBS= - -## How to build and install each individually-versioned copy -$(PYTHON3_VERSIONS): python%: - +$(MAKE) $(extra_python_args) clean-pywrap - +$(MAKE) $(extra_python_args) install-pywrap diff --git a/debian/ruby.mk b/debian/ruby.mk deleted file mode 100644 index 2800d4b..0000000 --- a/debian/ruby.mk +++ /dev/null @@ -1,17 +0,0 @@ -#! /usr/bin/make --no-print-directory -f - -## Default target -RUBY_VERSIONS := $(shell dh_ruby --print-supported) -all: $(RUBY_VERSIONS) - -## Targets share the same output files, so must be run serially -.NOTPARALLEL: -.PHONY: all $(RUBY_VERSIONS) - -## SELinux does not have a very nice build process -extra_ruby_args = RUBY=$@ - -## How to build and install each individually-versioned copy -$(RUBY_VERSIONS): ruby%: - +$(MAKE) $(extra_ruby_args) clean-rubywrap - +$(MAKE) $(extra_ruby_args) install-rubywrap diff --git a/debian/rules b/debian/rules index 0f2cf8b..5e55659 100755 --- a/debian/rules +++ b/debian/rules @@ -3,77 +3,86 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -## Figure out some variables -DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) -DEB_HOST_GNU_CPU ?= $(shell dpkg-architecture -qDEB_HOST_GNU_CPU) -DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) -DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) -PKG_CONFIG ?= $(DEB_HOST_GNU_TYPE)-pkg-config +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +include /usr/share/dpkg/architecture.mk +# for cross compilation +ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) +export CC := $(DEB_HOST_GNU_TYPE)-gcc +export PKG_CONFIG := $(DEB_HOST_GNU_TYPE)-pkg-config +endif + +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + MAKEFLAGS += -j$(NUMJOBS) +endif DOPACKAGES = $(shell dh_listpackages) -BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W "libsepol1-dev") - -## Default target -binary: - -## Sanity check -ifneq ($(DEB_HOST_ARCH_OS),linux) -$(error This is a linux only package. Aborting build.) -endif +BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W "libsepol-dev") +# Upstream recommends using this flag +export DEB_CFLAGS_MAINT_APPEND = -fno-semantic-interposition ## The build system doesn't use CPPFLAGS, pass them to CFLAGS to enable the -## missing (hardening) flags. -export DEB_CFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS) +## missing (hardening) flags. Also enable Wall and Wextra to spot basic irregularities. +export DEB_CFLAGS_MAINT_APPEND += $(shell dpkg-buildflags --get CPPFLAGS) -Wall -Wextra -## Unconditionally run debhelper command targets -.PHONY: FORCE -FORCE: - -## By default, pass everything through debhelper automatically -export DH_OPTIONS DH_ADDONS = ifneq ($(filter python3-selinux,$(DOPACKAGES)),) +PY3VERSIONS = $(shell py3versions -rv) DH_ADDONS += --with=python3 endif ifneq ($(filter ruby-selinux,$(DOPACKAGES)),) +RUBY_VERSIONS := $(shell dh_ruby --print-supported) DH_ADDONS += --with=ruby endif -%: FORCE + +%: @dh $@ $(DH_ADDONS) -## Don't try to rebuild the debian/rules file -debian/rules: - @touch $@ - ## Set up some variables to be passed to the upstream Makefile -extra_make_args = ARCH=$(DEB_HOST_GNU_CPU) -extra_make_args += CC=$(DEB_HOST_GNU_TYPE)-gcc -extra_make_args += PKG_CONFIG=$(PKG_CONFIG) +extra_make_args = ARCH=$(patsubst i%86,i386,$(DEB_HOST_GNU_CPU)) extra_make_args += USE_PCRE2=y -override_dh_auto_build: FORCE - +$(MAKE) $(extra_make_args) all - -## Work around the very limited SELinux build-system -DESTDIR = $(CURDIR)/debian/tmp -base_extra_install_args = $(extra_make_args) -base_extra_install_args += DESTDIR=$(DESTDIR) -extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) -extra_install_args += SHLIBDIR=/lib/$(DEB_HOST_MULTIARCH) -python_extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib - -override_dh_auto_install: FORCE - +$(MAKE) $(extra_install_args) install +override_dh_auto_build: + $(MAKE) all $(extra_make_args) ifneq ($(filter python3-selinux,$(DOPACKAGES)),) - +$(MAKE) $(python_extra_install_args) -f debian/python.mk + set -e; for version in $(PY3VERSIONS); do \ + $(MAKE) pywrap $(extra_make_args) PYTHON=python$$version; \ + done; endif ifneq ($(filter ruby-selinux,$(DOPACKAGES)),) - +$(MAKE) $(extra_install_args) -f debian/ruby.mk + set -e; for version in $(RUBY_VERSIONS); do \ + $(MAKE) rubywrap $(extra_make_args) RUBY=$$version; \ + done; endif -## Generate a hard error for any upstream files we don't install -override_dh_missing: FORCE - dh_missing --fail-missing +override_dh_auto_install: + $(MAKE) install $(extra_make_args) DESTDIR="${CURDIR}/debian/tmp" \ + LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) \ + SHLIBDIR=/lib/$(DEB_HOST_MULTIARCH) +ifneq ($(filter python3-selinux,$(DOPACKAGES)),) + set -e; for version in $(PY3VERSIONS); do \ + $(MAKE) install-pywrap $(extra_make_args) PYTHON=python$$version DESTDIR="${CURDIR}/debian/tmp" PYTHON_SETUP_ARGS=--install-layout=deb; \ + done; +endif +ifneq ($(filter ruby-selinux,$(DOPACKAGES)),) + set -e; for version in $(RUBY_VERSIONS); do \ + $(MAKE) install-rubywrap $(extra_make_args) RUBY=$$version DESTDIR="${CURDIR}/debian/tmp"; \ + done; +endif + +override_dh_auto_clean: + $(MAKE) distclean $(extra_make_args) PYTHON=true +ifneq ($(filter python3-selinux,$(DOPACKAGES)),) + set -e; for version in $(PY3VERSIONS); do \ + $(MAKE) clean-pywrap $(extra_make_args) PYTHON=python$$version; \ + done; +endif +ifneq ($(filter ruby-selinux,$(DOPACKAGES)),) + set -e; for version in $(RUBY_VERSIONS); do \ + $(MAKE) clean-rubywrap $(extra_make_args) RUBY=$$version; \ + done; +endif override_dh_gencontrol: dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)" diff --git a/debian/tests/build b/debian/tests/build new file mode 100755 index 0000000..b7422f6 --- /dev/null +++ b/debian/tests/build @@ -0,0 +1,20 @@ +#!/bin/sh + +set -eux + +cd "$AUTOPKGTEST_TMP" +cat < libselinux.c +#include + +int main(void) +{ + is_selinux_enabled(); + return 0; +} +EOF + +gcc -o libselinux-test libselinux.c $(pkg-config --cflags --libs libselinux) +echo "build (libselinux): OK" + +./libselinux-test +echo "run (libselinux): OK" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..f74b52e --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,8 @@ +Tests: build +Depends: build-essential, libselinux1-dev, pkg-config +Restrictions: allow-stderr, superficial + +Test-Command: set -e ; for py in $(py3versions -r 2>/dev/null) ; do cd "$AUTOPKGTEST_TMP" ; echo "Testing with $py:" ; $py -c "import selinux; print(selinux)" ; done +Depends: python3-all, python3-selinux +Restrictions: allow-stderr, superficial +Features: test-name=autodep8-python3 diff --git a/debian/watch b/debian/watch index 033c3c6..a27ca25 100644 --- a/debian/watch +++ b/debian/watch @@ -1,4 +1,4 @@ version=4 -opts="uversionmangle=s/-(rc)/~$1/" \ -https://github.com/SELinuxProject/selinux/wiki/Releases (?:.*)/releases/download/(?:\d*)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ +opts="uversionmangle=s/-(rc)/~$1/,pgpmode=auto" \ +https://github.com/SELinuxProject/selinux/wiki/Releases (?:.*)/releases/download/(?:\d\.\d[\.\d]?)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@