Import Debian changes 3.0-ok1

libselinux (3.0-ok1) yangtze; urgency=medium

  * Build for openKylin.

debian/README

@@ -0,0 +1,7 @@
+selinuxfs mountpoint
+--------------------
+
+  The /selinux directory has been dropped. Since Wheezy, the selinuxfs
+  filesystem is mounted under /sys/fs/selinux. If it is still mounted under
+  the old location you might want to check if /sys is mounted in the early
+  boot.

debian/changelog

@@ -0,0 +1,5 @@
+libselinux (3.0-ok1) yangtze; urgency=medium
+
+  * Build for openKylin.
+
+ -- openKylinBot <openKylinBot@openkylin.com>  Mon, 25 Apr 2022 22:03:04 +0800

debian/compat

@@ -0,0 +1 @@
+12

debian/control

@@ -0,0 +1,141 @@
+Source: libselinux
+VCS-Git: https://salsa.debian.org/selinux-team/libselinux.git
+VCS-Browser: https://salsa.debian.org/selinux-team/libselinux
+Priority: optional
+Section: libs
+Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
+Uploaders: Laurent Bigonville <bigon@debian.org>,
+           Russell Coker <russell@coker.com.au>
+Standards-Version: 4.4.1
+Build-Depends: debhelper (>= 12),
+               dh-python <!nopython>,
+               file,
+               gem2deb (>= 0.5.0~) <!noruby>,
+               libsepol1-dev (>= 3.0),
+               libpcre2-dev,
+               pkg-config,
+               python3-all-dev <!nopython>,
+               swig <!nopython> <!noruby>
+XS-Ruby-Versions: all
+Homepage: http://userspace.selinuxproject.org/
+
+Package: selinux-utils
+Architecture: linux-any
+Section: admin
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: SELinux utility programs
+ This package provides various utility programs for a Security-enhanced
+ Linux system. Security-enhanced Linux is a patch of the Linux kernel
+ and a number of utilities with enhanced security functionality
+ designed to add mandatory access controls to Linux. This package
+ provides utility programs to get and set process and file security
+ contexts and to obtain security policy decisions.
+
+Package: libselinux1
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: SELinux runtime shared libraries
+ This package provides the shared libraries for Security-enhanced
+ Linux that provides interfaces (e.g. library functions for the
+ SELinux kernel APIs like getcon(), other support functions like
+ getseuserbyname()) to SELinux-aware applications. Security-enhanced
+ Linux is a patch of the Linux kernel and a number of utilities with
+ enhanced security functionality designed to add mandatory access
+ controls to Linux.  The Security-enhanced Linux kernel contains new
+ architectural components originally developed to improve the security
+ of the Flask operating system. These architectural components provide
+ general support for the enforcement of many kinds of mandatory access
+ control policies, including those based on the concepts of Type
+ Enforcement, Role-based Access Control, and Multi-level Security.
+ .
+ libselinux1 provides an API for SELinux applications to get and set
+ process and file security contexts and to obtain security policy
+ decisions.  Required for any applications that use the SELinux
+ API. libselinux may use the shared libsepol to manipulate the binary
+ policy if necessary (e.g. to downgrade the policy format to an older
+ version supported by the kernel) when loading policy.
+
+Package: libselinux1-dev
+Architecture: linux-any
+Depends: libselinux1 (= ${binary:Version}),
+         libsepol1-dev (>= 3.0),
+         libpcre2-dev,
+         ${misc:Depends}
+Section: libdevel
+Multi-Arch: same
+Provides: libselinux-dev
+Conflicts: libselinux-dev
+Description: SELinux development headers
+ This package provides the  static libraries and header files
+ needed for developing SELinux applications.  Security-enhanced Linux
+ is a patch of the Linux kernel and a number of utilities with
+ enhanced security functionality designed to add mandatory access
+ controls to Linux.  The Security-enhanced Linux kernel contains new
+ architectural components originally developed to improve the security
+ of the Flask operating system. These architectural components provide
+ general support for the enforcement of many kinds of mandatory access
+ control policies, including those based on the concepts of Type
+ Enforcement, Role-based Access Control, and Multi-level Security.
+
+Package: libselinux1-udeb
+Architecture: linux-any
+Section: debian-installer
+Package-Type: udeb
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: SELinux runtime shared libraries
+ This package provides the shared libraries for Security-enhanced
+ Linux that provides interfaces (e.g. library functions for the
+ SELinux kernel APIs like getcon(), other support functions like
+ getseuserbyname()) to SELinux-aware applications. Security-enhanced
+ Linux is a patch of the Linux kernel and a number of utilities with
+ enhanced security functionality designed to add mandatory access
+ controls to Linux.  The Security-enhanced Linux kernel contains new
+ architectural components originally developed to improve the security
+ of the Flask operating system. These architectural components provide
+ general support for the enforcement of many kinds of mandatory access
+ control policies, including those based on the concepts of Type
+ Enforcement, Role-based Access Control, and Multi-level Security.
+ .
+ libselinux1-udeb provides the libselinux shared library for use within
+ the Debian installer. Do not install it on a normal system.
+
+Package: ruby-selinux
+Architecture: linux-any
+Depends: ruby | ruby-interpreter, ${misc:Depends}, ${shlibs:Depends}
+Section: ruby
+Multi-Arch: same
+Build-Profiles: <!noruby>
+Description: Ruby bindings to SELinux shared libraries
+ This package provides the Ruby bindings needed for developing Ruby
+ SELinux applications.  Security-enhanced Linux is a patch of the
+ Linux kernel and a number of utilities with enhanced security
+ functionality designed to add mandatory access controls to Linux.
+ The Security-enhanced Linux kernel contains new architectural
+ components originally developed to improve the security of the Flask
+ operating system. These architectural components provide general
+ support for the enforcement of many kinds of mandatory access control
+ policies, including those based on the concepts of Type Enforcement,
+ Role-based Access Control, and Multi-level Security.
+
+Package: python3-selinux
+Architecture: linux-any
+Depends: ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}
+Built-Using: ${Built-Using}
+Section: python
+Provides: ${python3:Provides}
+Build-Profiles: <!nopython>
+Description: Python3 bindings to SELinux shared libraries
+ This package provides the Python3 bindings needed for developing Python
+ SELinux applications.
+ .
+ Security-enhanced Linux is a patch of the Linux kernel and a number
+ of utilities with enhanced security functionality designed to add mandatory
+ access controls to Linux. The Security-enhanced Linux kernel contains
+ new architectural components originally developed to improve the security
+ of the Flask operating system. These architectural components provide
+ general support for the enforcement of many kinds of mandatory access
+ control policies, including those based on the concepts of Type Enforcement,
+ Role-based Access Control, and Multi-level Security.

debian/copyright

@@ -0,0 +1,68 @@
+This is the Debian package for libselinux, and it is built from sources obtained from:
+http://userspace.selinuxproject.org/trac/wiki/Releases
+
+This package was debianized by Colin Walters <walters@debian.org> on
+Thu,  3 Jul 2003 17:10:57 -0400.
+
+This library (libselinux) is public domain software, i.e. not copyrighted.
+
+Warranty Exclusion
+------------------
+You agree that this software is a
+non-commercially developed program that may contain "bugs" (as that
+term is used in the industry) and that it may not function as intended.
+The software is licensed "as is". NSA makes no, and hereby expressly
+disclaims all, warranties, express, implied, statutory, or otherwise
+with respect to the software, including noninfringement and the implied
+warranties of merchantability and fitness for a particular purpose.
+
+Limitation of Liability
+-----------------------
+In no event will NSA be liable for any damages, including loss of data,
+lost profits, cost of cover, or other special, incidental,
+consequential, direct or indirect damages arising from the software or
+the use thereof, however caused and on any theory of liability. This
+limitation will apply even if NSA has been advised of the possibility
+of such damage. You acknowledge that this is a reasonable allocation of
+risk.
+
+----------------------------------------------------------------------------
+ However, one file (utils/avcstat.c) is
+  Copyright: 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ and is distributed underthe terms of the GNU General Public License,
+ version 2.
+
+----------------------------------------------------------------------------
+In addition, The Debian specific package was modified to include an
+excerpt from the GNU libc package in the file
+utils/ia64-inline-syscall.h. The GNU C Library is distributed under
+the terms of the GNU Lesser General Public License as published by the
+Free Software Foundation; either version 2.1 of the License, or (at
+your option) any later version.
+
+You should have received a copy of the GNU Lesser General Public
+License along with the GNU C Library; if not, write to
+        Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+        Boston, MA 02110-1301, USA.
+
+
+On Debian systems, the complete text of the GNU Library
+General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'.
+------------------------------------------------------------------------------
+
+This package is maintained by Manoj Srivastava <srivasta@debian.org>.
+
+The Debian specific changes are © 2005, 2006, Manoj Srivastava
+<srivasta@debian.org>, and distributed under the terms of the GNU
+General Public License, version 2.
+
+On Debian GNU/Linux systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL-2'.
+
+    A copy of the GNU General Public License is also available at
+    <URL:http://www.gnu.org/copyleft/gpl.html>.  You may also obtain
+    it by writing to the Free Software Foundation, Inc., 51 Franklin
+    St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+Manoj Srivastava <srivasta@debian.org>
+arch-tag: d4250e44-a0e0-4ee0-adb9-2bd74f6eeb27

debian/gbp.conf

@@ -0,0 +1,9 @@
+[DEFAULT]
+debian-branch = debian
+upstream-branch = upstream
+pristine-tar = True
+
+[buildpackage]
+sign-tags = True
+tarball-dir = ../tarballs/
+export-dir = ../build-area/

debian/libselinux1-dev.install

@@ -0,0 +1,5 @@
+usr/include/selinux/*.h
+usr/lib/*/*.a
+usr/lib/*/*.so
+usr/lib/*/pkgconfig/*.pc
+usr/share/man/man3/*.3

debian/libselinux1-udeb.install

@@ -0,0 +1 @@
+lib/*/*.so* /lib

debian/libselinux1.install

@@ -0,0 +1 @@
+lib/*/*.so*

debian/libselinux1.symbols

@@ -0,0 +1,245 @@
+libselinux.so.1 libselinux1 #MINVER#
+* Build-Depends-Package: libselinux1-dev
+ avc_add_callback@Base 1.32
+ avc_audit@Base 1.32
+ avc_av_stats@Base 1.32
+ avc_cache_stats@Base 1.32
+ avc_cleanup@Base 1.32
+ avc_compute_create@Base 2.0.15
+ avc_compute_member@Base 2.0.65
+ avc_context_to_sid@Base 1.32
+ avc_context_to_sid_raw@Base 1.32
+ avc_destroy@Base 1.32
+ avc_get_initial_sid@Base 2.0.15
+ avc_has_perm@Base 1.32
+ avc_has_perm_noaudit@Base 1.32
+ avc_init@Base 1.32
+ avc_netlink_acquire_fd@Base 2.0.82
+ avc_netlink_check_nb@Base 2.0.82
+ avc_netlink_close@Base 2.0.82
+ avc_netlink_loop@Base 2.0.82
+ avc_netlink_open@Base 2.0.82
+ avc_netlink_release_fd@Base 2.0.82
+ avc_open@Base 2.0.65
+ avc_reset@Base 1.32
+ avc_sid_stats@Base 1.32
+ avc_sid_to_context@Base 1.32
+ avc_sid_to_context_raw@Base 1.32
+ checkPasswdAccess@Base 1.32
+ context_free@Base 1.32
+ context_new@Base 1.32
+ context_range_get@Base 1.32
+ context_range_set@Base 1.32
+ context_role_get@Base 1.32
+ context_role_set@Base 1.32
+ context_str@Base 1.32
+ context_type_get@Base 1.32
+ context_type_set@Base 1.32
+ context_user_get@Base 1.32
+ context_user_set@Base 1.32
+ dir_xattr_list@Base 2.6
+ fgetfilecon@Base 1.32
+ fini_selinuxmnt@Base 2.1.0
+ fgetfilecon_raw@Base 1.32
+ freecon@Base 1.32
+ freeconary@Base 1.32
+ fsetfilecon@Base 1.32
+ fsetfilecon_raw@Base 2.0.65
+ get_default_context@Base 1.32
+ get_default_context_with_level@Base 1.32
+ get_default_context_with_role@Base 1.32
+ get_default_context_with_rolelevel@Base 1.32
+ get_default_type@Base 1.32
+ get_ordered_context_list@Base 1.32
+ get_ordered_context_list_with_level@Base 1.32
+ getcon@Base 1.32
+ getcon_raw@Base 1.32
+ getexeccon@Base 1.32
+ getexeccon_raw@Base 1.32
+ getfilecon@Base 1.32
+ getfilecon_raw@Base 1.32
+ getfscreatecon@Base 1.32
+ getfscreatecon_raw@Base 1.32
+ getkeycreatecon@Base 1.32
+ getkeycreatecon_raw@Base 1.32
+ getpeercon@Base 1.32
+ getpeercon_raw@Base 1.32
+ getpidcon@Base 1.32
+ getpidcon_raw@Base 1.32
+ getprevcon@Base 1.32
+ getprevcon_raw@Base 1.32
+ getseuser@Base 2.0.85
+ getseuserbyname@Base 1.32
+ getsockcreatecon@Base 1.32
+ getsockcreatecon_raw@Base 1.32
+ is_context_customizable@Base 1.32
+ is_selinux_enabled@Base 1.32
+ is_selinux_mls_enabled@Base 1.32
+ lgetfilecon@Base 1.32
+ lgetfilecon_raw@Base 1.32
+ lsetfilecon@Base 1.32
+ lsetfilecon_raw@Base 1.32
+ manual_user_enter_context@Base 1.32
+ map_class@Base 2.0.65
+ map_decision@Base 2.0.65
+ map_perm@Base 2.0.65
+ matchmediacon@Base 1.32
+ matchpathcon@Base 1.32
+ matchpathcon_checkmatches@Base 1.32
+ matchpathcon_filespec_add@Base 1.32
+ matchpathcon_filespec_destroy@Base 1.32
+ matchpathcon_filespec_eval@Base 1.32
+ matchpathcon_fini@Base 1.32
+ matchpathcon_index@Base 1.32
+ matchpathcon_init@Base 1.32
+ matchpathcon_init_prefix@Base 1.32
+ mode_to_security_class@Base 2.1.13
+ myprintf_compat@Base 2.0.65
+ print_access_vector@Base 1.32
+ query_user_context@Base 1.32
+ realpath_not_final@Base 2.1.9
+ rpm_execcon@Base 1.32
+ security_av_perm_to_string@Base 2.0.15
+ security_av_string@Base 2.0.15
+ security_canonicalize_context@Base 1.32
+ security_canonicalize_context_raw@Base 1.32
+ security_check_context@Base 1.32
+ security_check_context_raw@Base 1.32
+ security_class_to_string@Base 2.0.15
+ security_commit_booleans@Base 1.32
+ security_compute_av@Base 1.32
+ security_compute_av_flags@Base 2.0.82
+ security_compute_av_flags_raw@Base 2.0.82
+ security_compute_av_raw@Base 1.32
+ security_compute_create@Base 1.32
+ security_compute_create_name@Base 2.1.12
+ security_compute_create_name_raw@Base 2.1.12
+ security_compute_create_raw@Base 1.32
+ security_compute_member@Base 1.32
+ security_compute_member_raw@Base 1.32
+ security_compute_relabel@Base 1.32
+ security_compute_relabel_raw@Base 1.32
+ security_compute_user@Base 1.32
+ security_compute_user_raw@Base 1.32
+ security_deny_unknown@Base 2.0.82
+ security_disable@Base 1.32
+ security_get_boolean_active@Base 1.32
+ security_get_boolean_names@Base 1.32
+ security_get_boolean_pending@Base 1.32
+ security_get_checkreqprot@Base 2.7~rc2
+ security_get_initial_context@Base 2.0.15
+ security_get_initial_context_raw@Base 2.0.15
+ security_getenforce@Base 1.32
+ security_load_booleans@Base 1.32
+ security_load_policy@Base 1.32
+ security_policyvers@Base 1.32
+ security_reject_unknown@Base 2.9
+ security_set_boolean@Base 1.32
+ security_set_boolean_list@Base 1.32
+ security_setenforce@Base 1.32
+ security_validatetrans@Base 3.0
+ security_validatetrans_raw@Base 3.0
+ selabel_close@Base 2.0.65
+ selabel_cmp@Base 2.5
+ selabel_digest@Base 2.5
+ selabel_get_digests_all_partial_matches@Base 3.0
+ selabel_hash_all_partial_matches@Base 3.0
+ selabel_lookup@Base 2.0.65
+ selabel_lookup_best_match@Base 2.5
+ selabel_lookup_best_match_raw@Base 2.5
+ selabel_lookup_raw@Base 2.0.65
+ selabel_open@Base 2.0.65
+ selabel_partial_match@Base 2.5
+ selabel_stats@Base 2.0.65
+ selinux_binary_policy_path@Base 1.32
+ selinux_boolean_sub@Base 2.1.12
+ selinux_booleans_path@Base 1.32
+ selinux_booleans_subs_path@Base 2.1.12
+ selinux_check_access@Base 2.1.9
+ selinux_check_passwd_access@Base 1.32
+ selinux_check_securetty_context@Base 2.0.15
+ selinux_colors_path@Base 2.0.82
+ selinux_contexts_path@Base 1.32
+ selinux_current_policy_path@Base 2.2
+ selinux_customizable_types_path@Base 1.32
+ selinux_default_context_path@Base 1.32
+ selinux_default_type_path@Base 1.32
+ selinux_failsafe_context_path@Base 1.32
+ selinux_file_context_cmp@Base 1.32
+ selinux_file_context_homedir_path@Base 1.32
+ selinux_file_context_local_path@Base 1.32
+ selinux_file_context_path@Base 1.32
+ selinux_file_context_subs_dist_path@Base 2.1.0
+ selinux_file_context_subs_path@Base 2.0.82
+ selinux_file_context_verify@Base 1.32
+ selinux_get_callback@Base 2.0.65
+ selinux_getenforcemode@Base 1.32
+ selinux_getpolicytype@Base 1.32
+ selinux_homedir_context_path@Base 1.32
+ selinux_init_load_policy@Base 1.32
+ selinux_lsetfilecon_default@Base 1.32
+ selinux_lxc_contexts_path@Base 2.1.12
+ selinux_media_context_path@Base 1.32
+ selinux_mkload_policy@Base 1.32
+ selinux_mnt@Base 1.32
+ selinux_netfilter_context_path@Base 1.32
+ selinux_openrc_contexts_path@Base 2.6
+ selinux_openssh_contexts_path@Base 2.5
+ selinux_path@Base 1.32
+ selinux_policy_root@Base 1.32
+ selinux_raw_context_to_color@Base 2.0.82
+ selinux_raw_to_trans_context@Base 1.32
+ selinux_removable_context_path@Base 1.32
+ selinux_reset_config@Base 2.0.88
+ selinux_restorecon@Base 2.5
+ selinux_restorecon_default_handle@Base 2.5
+ selinux_restorecon_set_alt_rootpath@Base 2.6
+ selinux_restorecon_set_exclude_list@Base 2.5
+ selinux_restorecon_set_sehandle@Base 2.5
+ selinux_restorecon_xattr@Base 2.6
+ selinux_securetty_types_path@Base 2.0.15
+ selinux_sepgsql_context_path@Base 2.0.94
+ selinux_set_callback@Base 2.0.65
+ selinux_set_mapping@Base 2.0.65
+ selinux_set_policy_root@Base 2.2
+ selinux_snapperd_contexts_path@Base 2.6
+ selinux_status_close@Base 2.1.0
+ selinux_status_deny_unknown@Base 2.1.0
+ selinux_status_getenforce@Base 2.1.0
+ selinux_status_open@Base 2.1.0
+ selinux_status_policyload@Base 2.1.0
+ selinux_status_updated@Base 2.1.0
+ selinux_systemd_contexts_path@Base 2.2
+ selinux_trans_to_raw_context@Base 1.32
+ selinux_translations_path@Base 1.32
+ selinux_user_contexts_path@Base 1.32
+ selinux_users_path@Base 1.32
+ selinux_usersconf_path@Base 1.32
+ selinux_virtual_domain_context_path@Base 2.0.82
+ selinux_virtual_image_context_path@Base 2.0.82
+ selinux_x_context_path@Base 2.0.65
+ selinuxfs_exists@Base 2.1.9
+ set_matchpathcon_canoncon@Base 1.32
+ set_matchpathcon_flags@Base 1.32
+ set_matchpathcon_invalidcon@Base 1.32
+ set_matchpathcon_printf@Base 1.32
+ set_selinuxmnt@Base 1.32
+ setcon@Base 1.32
+ setcon_raw@Base 1.32
+ setexeccon@Base 1.32
+ setexeccon_raw@Base 1.32
+ setexecfilecon@Base 2.3
+ setfilecon@Base 1.32
+ setfilecon_raw@Base 1.32
+ setfscreatecon@Base 1.32
+ setfscreatecon_raw@Base 1.32
+ setkeycreatecon@Base 1.32
+ setkeycreatecon_raw@Base 1.32
+ setsockcreatecon@Base 1.32
+ setsockcreatecon_raw@Base 1.32
+ sidget@Base 1.32
+ sidput@Base 1.32
+ string_to_av_perm@Base 1.32
+ string_to_security_class@Base 1.32
+ unmap_class@Base 2.0.65
+ unmap_perm@Base 2.0.65

debian/patches/python_install-layout.patch

@@ -0,0 +1,15 @@
+Description: Fix installation layout for debian-like distributions
+Author: Laurent Bigonville <bigon@debian.org>
+Forwarded: no
+
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -173,7 +173,7 @@ install: all
+ 	ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
+ 
+ install-pywrap: pywrap
+-	$(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++	$(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` --install-layout=deb
+ 	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
+ 	ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+ 

debian/patches/series

@@ -0,0 +1 @@
+python_install-layout.patch

debian/python.mk

@@ -0,0 +1,18 @@
+#! /usr/bin/make --no-print-directory -f
+
+## Default target
+PYTHON3_VERSIONS := $(shell py3versions -r)
+all: $(PYTHON3_VERSIONS)
+
+## Targets share the same output files, so must be run serially
+.NOTPARALLEL:
+.PHONY: all $(PYTHON3_VERSIONS)
+
+## SELinux does not have a very nice build process
+extra_python_args  = PYTHON=$@
+extra_python_args += PYLIBS=
+
+## How to build and install each individually-versioned copy
+$(PYTHON3_VERSIONS): python%:
+	+$(MAKE) $(extra_python_args) clean-pywrap
+	+$(MAKE) $(extra_python_args) install-pywrap

debian/python3-selinux.install

@@ -0,0 +1 @@
+usr/lib/python3*

debian/ruby-selinux.install

@@ -0,0 +1 @@
+usr/lib/*/ruby

debian/ruby.mk

@@ -0,0 +1,17 @@
+#! /usr/bin/make --no-print-directory -f
+
+## Default target
+RUBY_VERSIONS := $(shell dh_ruby --print-supported)
+all: $(RUBY_VERSIONS)
+
+## Targets share the same output files, so must be run serially
+.NOTPARALLEL:
+.PHONY: all $(RUBY_VERSIONS)
+
+## SELinux does not have a very nice build process
+extra_ruby_args  = RUBY=$@
+
+## How to build and install each individually-versioned copy
+$(RUBY_VERSIONS): ruby%:
+	+$(MAKE) $(extra_ruby_args) clean-rubywrap
+	+$(MAKE) $(extra_ruby_args) install-rubywrap

debian/rules

@@ -0,0 +1,83 @@
+#! /usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+## Figure out some variables
+DEB_HOST_ARCH_OS	?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
+DEB_HOST_GNU_CPU	?= $(shell dpkg-architecture -qDEB_HOST_GNU_CPU)
+DEB_HOST_GNU_TYPE	?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_HOST_MULTIARCH	?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+PKG_CONFIG		?= $(DEB_HOST_GNU_TYPE)-pkg-config
+
+DOPACKAGES = $(shell dh_listpackages)
+
+BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W "libsepol1-dev")
+
+## Default target
+binary:
+
+## Sanity check
+ifneq ($(DEB_HOST_ARCH_OS),linux)
+$(error This is a linux only package. Aborting build.)
+endif
+
+## The build system doesn't use CPPFLAGS, pass them to CFLAGS to enable the
+## missing (hardening) flags.
+export DEB_CFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS)
+
+## Unconditionally run debhelper command targets
+.PHONY: FORCE
+FORCE:
+
+## By default, pass everything through debhelper automatically
+export DH_OPTIONS
+DH_ADDONS =
+ifneq ($(filter python3-selinux,$(DOPACKAGES)),)
+DH_ADDONS += --with=python3
+endif
+ifneq ($(filter ruby-selinux,$(DOPACKAGES)),)
+DH_ADDONS += --with=ruby
+endif
+%: FORCE
+	@dh $@ $(DH_ADDONS)
+
+## Don't try to rebuild the debian/rules file
+debian/rules:
+	@touch $@
+
+## Set up some variables to be passed to the upstream Makefile
+extra_make_args = ARCH=$(DEB_HOST_GNU_CPU)
+extra_make_args += CC=$(DEB_HOST_GNU_TYPE)-gcc
+extra_make_args += PKG_CONFIG=$(PKG_CONFIG)
+extra_make_args += USE_PCRE2=y
+override_dh_auto_build: FORCE
+	+$(MAKE) $(extra_make_args) all
+
+## Work around the very limited SELinux build-system
+DESTDIR = $(CURDIR)/debian/tmp
+base_extra_install_args  = $(extra_make_args)
+base_extra_install_args += DESTDIR=$(DESTDIR)
+extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH)
+extra_install_args += SHLIBDIR=/lib/$(DEB_HOST_MULTIARCH)
+python_extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib
+
+override_dh_auto_install: FORCE
+	+$(MAKE) $(extra_install_args) install
+ifneq ($(filter python3-selinux,$(DOPACKAGES)),)
+	+$(MAKE) $(python_extra_install_args) -f debian/python.mk
+endif
+ifneq ($(filter ruby-selinux,$(DOPACKAGES)),)
+	+$(MAKE) $(extra_install_args) -f debian/ruby.mk
+endif
+
+## Generate a hard error for any upstream files we don't install
+override_dh_missing: FORCE
+	dh_missing --fail-missing
+
+override_dh_gencontrol:
+	dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)"
+
+override_dh_makeshlibs:
+	dh_makeshlibs -plibselinux1 --add-udeb="libselinux1-udeb" -V
+	dh_makeshlibs --remaining-packages

debian/selinux-utils.install

@@ -0,0 +1,5 @@
+usr/sbin/*
+usr/share/man/man5/*.5
+usr/share/man/man8/*.8
+usr/share/man/ru/man5/*.5
+usr/share/man/ru/man8/*.8

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/watch

@@ -0,0 +1,4 @@
+version=4
+
+opts="uversionmangle=s/-(rc)/~$1/" \
+https://github.com/SELinuxProject/selinux/wiki/Releases (?:.*)/releases/download/(?:\d*)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@