diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..ce5fe2d --- /dev/null +++ b/debian/README @@ -0,0 +1,7 @@ +selinuxfs mountpoint +-------------------- + + The /selinux directory has been dropped. Since Wheezy, the selinuxfs + filesystem is mounted under /sys/fs/selinux. If it is still mounted under + the old location you might want to check if /sys is mounted in the early + boot. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..75aa587 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +libselinux (3.0-ok1) yangtze; urgency=medium + + * Build for openKylin. + + -- openKylinBot Mon, 25 Apr 2022 22:03:04 +0800 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..48082f7 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +12 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..95cebc5 --- /dev/null +++ b/debian/control @@ -0,0 +1,141 @@ +Source: libselinux +VCS-Git: https://salsa.debian.org/selinux-team/libselinux.git +VCS-Browser: https://salsa.debian.org/selinux-team/libselinux +Priority: optional +Section: libs +Maintainer: Debian SELinux maintainers +Uploaders: Laurent Bigonville , + Russell Coker +Standards-Version: 4.4.1 +Build-Depends: debhelper (>= 12), + dh-python , + file, + gem2deb (>= 0.5.0~) , + libsepol1-dev (>= 3.0), + libpcre2-dev, + pkg-config, + python3-all-dev , + swig +XS-Ruby-Versions: all +Homepage: http://userspace.selinuxproject.org/ + +Package: selinux-utils +Architecture: linux-any +Section: admin +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: SELinux utility programs + This package provides various utility programs for a Security-enhanced + Linux system. Security-enhanced Linux is a patch of the Linux kernel + and a number of utilities with enhanced security functionality + designed to add mandatory access controls to Linux. This package + provides utility programs to get and set process and file security + contexts and to obtain security policy decisions. + +Package: libselinux1 +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: SELinux runtime shared libraries + This package provides the shared libraries for Security-enhanced + Linux that provides interfaces (e.g. library functions for the + SELinux kernel APIs like getcon(), other support functions like + getseuserbyname()) to SELinux-aware applications. Security-enhanced + Linux is a patch of the Linux kernel and a number of utilities with + enhanced security functionality designed to add mandatory access + controls to Linux. The Security-enhanced Linux kernel contains new + architectural components originally developed to improve the security + of the Flask operating system. These architectural components provide + general support for the enforcement of many kinds of mandatory access + control policies, including those based on the concepts of Type + Enforcement, Role-based Access Control, and Multi-level Security. + . + libselinux1 provides an API for SELinux applications to get and set + process and file security contexts and to obtain security policy + decisions. Required for any applications that use the SELinux + API. libselinux may use the shared libsepol to manipulate the binary + policy if necessary (e.g. to downgrade the policy format to an older + version supported by the kernel) when loading policy. + +Package: libselinux1-dev +Architecture: linux-any +Depends: libselinux1 (= ${binary:Version}), + libsepol1-dev (>= 3.0), + libpcre2-dev, + ${misc:Depends} +Section: libdevel +Multi-Arch: same +Provides: libselinux-dev +Conflicts: libselinux-dev +Description: SELinux development headers + This package provides the static libraries and header files + needed for developing SELinux applications. Security-enhanced Linux + is a patch of the Linux kernel and a number of utilities with + enhanced security functionality designed to add mandatory access + controls to Linux. The Security-enhanced Linux kernel contains new + architectural components originally developed to improve the security + of the Flask operating system. These architectural components provide + general support for the enforcement of many kinds of mandatory access + control policies, including those based on the concepts of Type + Enforcement, Role-based Access Control, and Multi-level Security. + +Package: libselinux1-udeb +Architecture: linux-any +Section: debian-installer +Package-Type: udeb +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: SELinux runtime shared libraries + This package provides the shared libraries for Security-enhanced + Linux that provides interfaces (e.g. library functions for the + SELinux kernel APIs like getcon(), other support functions like + getseuserbyname()) to SELinux-aware applications. Security-enhanced + Linux is a patch of the Linux kernel and a number of utilities with + enhanced security functionality designed to add mandatory access + controls to Linux. The Security-enhanced Linux kernel contains new + architectural components originally developed to improve the security + of the Flask operating system. These architectural components provide + general support for the enforcement of many kinds of mandatory access + control policies, including those based on the concepts of Type + Enforcement, Role-based Access Control, and Multi-level Security. + . + libselinux1-udeb provides the libselinux shared library for use within + the Debian installer. Do not install it on a normal system. + +Package: ruby-selinux +Architecture: linux-any +Depends: ruby | ruby-interpreter, ${misc:Depends}, ${shlibs:Depends} +Section: ruby +Multi-Arch: same +Build-Profiles: +Description: Ruby bindings to SELinux shared libraries + This package provides the Ruby bindings needed for developing Ruby + SELinux applications. Security-enhanced Linux is a patch of the + Linux kernel and a number of utilities with enhanced security + functionality designed to add mandatory access controls to Linux. + The Security-enhanced Linux kernel contains new architectural + components originally developed to improve the security of the Flask + operating system. These architectural components provide general + support for the enforcement of many kinds of mandatory access control + policies, including those based on the concepts of Type Enforcement, + Role-based Access Control, and Multi-level Security. + +Package: python3-selinux +Architecture: linux-any +Depends: ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends} +Built-Using: ${Built-Using} +Section: python +Provides: ${python3:Provides} +Build-Profiles: +Description: Python3 bindings to SELinux shared libraries + This package provides the Python3 bindings needed for developing Python + SELinux applications. + . + Security-enhanced Linux is a patch of the Linux kernel and a number + of utilities with enhanced security functionality designed to add mandatory + access controls to Linux. The Security-enhanced Linux kernel contains + new architectural components originally developed to improve the security + of the Flask operating system. These architectural components provide + general support for the enforcement of many kinds of mandatory access + control policies, including those based on the concepts of Type Enforcement, + Role-based Access Control, and Multi-level Security. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..56275e4 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,68 @@ +This is the Debian package for libselinux, and it is built from sources obtained from: +http://userspace.selinuxproject.org/trac/wiki/Releases + +This package was debianized by Colin Walters on +Thu, 3 Jul 2003 17:10:57 -0400. + +This library (libselinux) is public domain software, i.e. not copyrighted. + +Warranty Exclusion +------------------ +You agree that this software is a +non-commercially developed program that may contain "bugs" (as that +term is used in the industry) and that it may not function as intended. +The software is licensed "as is". NSA makes no, and hereby expressly +disclaims all, warranties, express, implied, statutory, or otherwise +with respect to the software, including noninfringement and the implied +warranties of merchantability and fitness for a particular purpose. + +Limitation of Liability +----------------------- +In no event will NSA be liable for any damages, including loss of data, +lost profits, cost of cover, or other special, incidental, +consequential, direct or indirect damages arising from the software or +the use thereof, however caused and on any theory of liability. This +limitation will apply even if NSA has been advised of the possibility +of such damage. You acknowledge that this is a reasonable allocation of +risk. + +---------------------------------------------------------------------------- + However, one file (utils/avcstat.c) is + Copyright: 2004 Red Hat, Inc., James Morris + and is distributed underthe terms of the GNU General Public License, + version 2. + +---------------------------------------------------------------------------- +In addition, The Debian specific package was modified to include an +excerpt from the GNU libc package in the file +utils/ia64-inline-syscall.h. The GNU C Library is distributed under +the terms of the GNU Lesser General Public License as published by the +Free Software Foundation; either version 2.1 of the License, or (at +your option) any later version. + +You should have received a copy of the GNU Lesser General Public +License along with the GNU C Library; if not, write to + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301, USA. + + +On Debian systems, the complete text of the GNU Library +General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'. +------------------------------------------------------------------------------ + +This package is maintained by Manoj Srivastava . + +The Debian specific changes are © 2005, 2006, Manoj Srivastava +, and distributed under the terms of the GNU +General Public License, version 2. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. + + A copy of the GNU General Public License is also available at + . You may also obtain + it by writing to the Free Software Foundation, Inc., 51 Franklin + St, Fifth Floor, Boston, MA 02110-1301, USA. + +Manoj Srivastava +arch-tag: d4250e44-a0e0-4ee0-adb9-2bd74f6eeb27 diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..557fbe8 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,9 @@ +[DEFAULT] +debian-branch = debian +upstream-branch = upstream +pristine-tar = True + +[buildpackage] +sign-tags = True +tarball-dir = ../tarballs/ +export-dir = ../build-area/ diff --git a/debian/libselinux1-dev.install b/debian/libselinux1-dev.install new file mode 100644 index 0000000..9b93167 --- /dev/null +++ b/debian/libselinux1-dev.install @@ -0,0 +1,5 @@ +usr/include/selinux/*.h +usr/lib/*/*.a +usr/lib/*/*.so +usr/lib/*/pkgconfig/*.pc +usr/share/man/man3/*.3 diff --git a/debian/libselinux1-udeb.install b/debian/libselinux1-udeb.install new file mode 100644 index 0000000..6801ea0 --- /dev/null +++ b/debian/libselinux1-udeb.install @@ -0,0 +1 @@ +lib/*/*.so* /lib diff --git a/debian/libselinux1.install b/debian/libselinux1.install new file mode 100644 index 0000000..4032480 --- /dev/null +++ b/debian/libselinux1.install @@ -0,0 +1 @@ +lib/*/*.so* diff --git a/debian/libselinux1.symbols b/debian/libselinux1.symbols new file mode 100644 index 0000000..161979c --- /dev/null +++ b/debian/libselinux1.symbols @@ -0,0 +1,245 @@ +libselinux.so.1 libselinux1 #MINVER# +* Build-Depends-Package: libselinux1-dev + avc_add_callback@Base 1.32 + avc_audit@Base 1.32 + avc_av_stats@Base 1.32 + avc_cache_stats@Base 1.32 + avc_cleanup@Base 1.32 + avc_compute_create@Base 2.0.15 + avc_compute_member@Base 2.0.65 + avc_context_to_sid@Base 1.32 + avc_context_to_sid_raw@Base 1.32 + avc_destroy@Base 1.32 + avc_get_initial_sid@Base 2.0.15 + avc_has_perm@Base 1.32 + avc_has_perm_noaudit@Base 1.32 + avc_init@Base 1.32 + avc_netlink_acquire_fd@Base 2.0.82 + avc_netlink_check_nb@Base 2.0.82 + avc_netlink_close@Base 2.0.82 + avc_netlink_loop@Base 2.0.82 + avc_netlink_open@Base 2.0.82 + avc_netlink_release_fd@Base 2.0.82 + avc_open@Base 2.0.65 + avc_reset@Base 1.32 + avc_sid_stats@Base 1.32 + avc_sid_to_context@Base 1.32 + avc_sid_to_context_raw@Base 1.32 + checkPasswdAccess@Base 1.32 + context_free@Base 1.32 + context_new@Base 1.32 + context_range_get@Base 1.32 + context_range_set@Base 1.32 + context_role_get@Base 1.32 + context_role_set@Base 1.32 + context_str@Base 1.32 + context_type_get@Base 1.32 + context_type_set@Base 1.32 + context_user_get@Base 1.32 + context_user_set@Base 1.32 + dir_xattr_list@Base 2.6 + fgetfilecon@Base 1.32 + fini_selinuxmnt@Base 2.1.0 + fgetfilecon_raw@Base 1.32 + freecon@Base 1.32 + freeconary@Base 1.32 + fsetfilecon@Base 1.32 + fsetfilecon_raw@Base 2.0.65 + get_default_context@Base 1.32 + get_default_context_with_level@Base 1.32 + get_default_context_with_role@Base 1.32 + get_default_context_with_rolelevel@Base 1.32 + get_default_type@Base 1.32 + get_ordered_context_list@Base 1.32 + get_ordered_context_list_with_level@Base 1.32 + getcon@Base 1.32 + getcon_raw@Base 1.32 + getexeccon@Base 1.32 + getexeccon_raw@Base 1.32 + getfilecon@Base 1.32 + getfilecon_raw@Base 1.32 + getfscreatecon@Base 1.32 + getfscreatecon_raw@Base 1.32 + getkeycreatecon@Base 1.32 + getkeycreatecon_raw@Base 1.32 + getpeercon@Base 1.32 + getpeercon_raw@Base 1.32 + getpidcon@Base 1.32 + getpidcon_raw@Base 1.32 + getprevcon@Base 1.32 + getprevcon_raw@Base 1.32 + getseuser@Base 2.0.85 + getseuserbyname@Base 1.32 + getsockcreatecon@Base 1.32 + getsockcreatecon_raw@Base 1.32 + is_context_customizable@Base 1.32 + is_selinux_enabled@Base 1.32 + is_selinux_mls_enabled@Base 1.32 + lgetfilecon@Base 1.32 + lgetfilecon_raw@Base 1.32 + lsetfilecon@Base 1.32 + lsetfilecon_raw@Base 1.32 + manual_user_enter_context@Base 1.32 + map_class@Base 2.0.65 + map_decision@Base 2.0.65 + map_perm@Base 2.0.65 + matchmediacon@Base 1.32 + matchpathcon@Base 1.32 + matchpathcon_checkmatches@Base 1.32 + matchpathcon_filespec_add@Base 1.32 + matchpathcon_filespec_destroy@Base 1.32 + matchpathcon_filespec_eval@Base 1.32 + matchpathcon_fini@Base 1.32 + matchpathcon_index@Base 1.32 + matchpathcon_init@Base 1.32 + matchpathcon_init_prefix@Base 1.32 + mode_to_security_class@Base 2.1.13 + myprintf_compat@Base 2.0.65 + print_access_vector@Base 1.32 + query_user_context@Base 1.32 + realpath_not_final@Base 2.1.9 + rpm_execcon@Base 1.32 + security_av_perm_to_string@Base 2.0.15 + security_av_string@Base 2.0.15 + security_canonicalize_context@Base 1.32 + security_canonicalize_context_raw@Base 1.32 + security_check_context@Base 1.32 + security_check_context_raw@Base 1.32 + security_class_to_string@Base 2.0.15 + security_commit_booleans@Base 1.32 + security_compute_av@Base 1.32 + security_compute_av_flags@Base 2.0.82 + security_compute_av_flags_raw@Base 2.0.82 + security_compute_av_raw@Base 1.32 + security_compute_create@Base 1.32 + security_compute_create_name@Base 2.1.12 + security_compute_create_name_raw@Base 2.1.12 + security_compute_create_raw@Base 1.32 + security_compute_member@Base 1.32 + security_compute_member_raw@Base 1.32 + security_compute_relabel@Base 1.32 + security_compute_relabel_raw@Base 1.32 + security_compute_user@Base 1.32 + security_compute_user_raw@Base 1.32 + security_deny_unknown@Base 2.0.82 + security_disable@Base 1.32 + security_get_boolean_active@Base 1.32 + security_get_boolean_names@Base 1.32 + security_get_boolean_pending@Base 1.32 + security_get_checkreqprot@Base 2.7~rc2 + security_get_initial_context@Base 2.0.15 + security_get_initial_context_raw@Base 2.0.15 + security_getenforce@Base 1.32 + security_load_booleans@Base 1.32 + security_load_policy@Base 1.32 + security_policyvers@Base 1.32 + security_reject_unknown@Base 2.9 + security_set_boolean@Base 1.32 + security_set_boolean_list@Base 1.32 + security_setenforce@Base 1.32 + security_validatetrans@Base 3.0 + security_validatetrans_raw@Base 3.0 + selabel_close@Base 2.0.65 + selabel_cmp@Base 2.5 + selabel_digest@Base 2.5 + selabel_get_digests_all_partial_matches@Base 3.0 + selabel_hash_all_partial_matches@Base 3.0 + selabel_lookup@Base 2.0.65 + selabel_lookup_best_match@Base 2.5 + selabel_lookup_best_match_raw@Base 2.5 + selabel_lookup_raw@Base 2.0.65 + selabel_open@Base 2.0.65 + selabel_partial_match@Base 2.5 + selabel_stats@Base 2.0.65 + selinux_binary_policy_path@Base 1.32 + selinux_boolean_sub@Base 2.1.12 + selinux_booleans_path@Base 1.32 + selinux_booleans_subs_path@Base 2.1.12 + selinux_check_access@Base 2.1.9 + selinux_check_passwd_access@Base 1.32 + selinux_check_securetty_context@Base 2.0.15 + selinux_colors_path@Base 2.0.82 + selinux_contexts_path@Base 1.32 + selinux_current_policy_path@Base 2.2 + selinux_customizable_types_path@Base 1.32 + selinux_default_context_path@Base 1.32 + selinux_default_type_path@Base 1.32 + selinux_failsafe_context_path@Base 1.32 + selinux_file_context_cmp@Base 1.32 + selinux_file_context_homedir_path@Base 1.32 + selinux_file_context_local_path@Base 1.32 + selinux_file_context_path@Base 1.32 + selinux_file_context_subs_dist_path@Base 2.1.0 + selinux_file_context_subs_path@Base 2.0.82 + selinux_file_context_verify@Base 1.32 + selinux_get_callback@Base 2.0.65 + selinux_getenforcemode@Base 1.32 + selinux_getpolicytype@Base 1.32 + selinux_homedir_context_path@Base 1.32 + selinux_init_load_policy@Base 1.32 + selinux_lsetfilecon_default@Base 1.32 + selinux_lxc_contexts_path@Base 2.1.12 + selinux_media_context_path@Base 1.32 + selinux_mkload_policy@Base 1.32 + selinux_mnt@Base 1.32 + selinux_netfilter_context_path@Base 1.32 + selinux_openrc_contexts_path@Base 2.6 + selinux_openssh_contexts_path@Base 2.5 + selinux_path@Base 1.32 + selinux_policy_root@Base 1.32 + selinux_raw_context_to_color@Base 2.0.82 + selinux_raw_to_trans_context@Base 1.32 + selinux_removable_context_path@Base 1.32 + selinux_reset_config@Base 2.0.88 + selinux_restorecon@Base 2.5 + selinux_restorecon_default_handle@Base 2.5 + selinux_restorecon_set_alt_rootpath@Base 2.6 + selinux_restorecon_set_exclude_list@Base 2.5 + selinux_restorecon_set_sehandle@Base 2.5 + selinux_restorecon_xattr@Base 2.6 + selinux_securetty_types_path@Base 2.0.15 + selinux_sepgsql_context_path@Base 2.0.94 + selinux_set_callback@Base 2.0.65 + selinux_set_mapping@Base 2.0.65 + selinux_set_policy_root@Base 2.2 + selinux_snapperd_contexts_path@Base 2.6 + selinux_status_close@Base 2.1.0 + selinux_status_deny_unknown@Base 2.1.0 + selinux_status_getenforce@Base 2.1.0 + selinux_status_open@Base 2.1.0 + selinux_status_policyload@Base 2.1.0 + selinux_status_updated@Base 2.1.0 + selinux_systemd_contexts_path@Base 2.2 + selinux_trans_to_raw_context@Base 1.32 + selinux_translations_path@Base 1.32 + selinux_user_contexts_path@Base 1.32 + selinux_users_path@Base 1.32 + selinux_usersconf_path@Base 1.32 + selinux_virtual_domain_context_path@Base 2.0.82 + selinux_virtual_image_context_path@Base 2.0.82 + selinux_x_context_path@Base 2.0.65 + selinuxfs_exists@Base 2.1.9 + set_matchpathcon_canoncon@Base 1.32 + set_matchpathcon_flags@Base 1.32 + set_matchpathcon_invalidcon@Base 1.32 + set_matchpathcon_printf@Base 1.32 + set_selinuxmnt@Base 1.32 + setcon@Base 1.32 + setcon_raw@Base 1.32 + setexeccon@Base 1.32 + setexeccon_raw@Base 1.32 + setexecfilecon@Base 2.3 + setfilecon@Base 1.32 + setfilecon_raw@Base 1.32 + setfscreatecon@Base 1.32 + setfscreatecon_raw@Base 1.32 + setkeycreatecon@Base 1.32 + setkeycreatecon_raw@Base 1.32 + setsockcreatecon@Base 1.32 + setsockcreatecon_raw@Base 1.32 + sidget@Base 1.32 + sidput@Base 1.32 + string_to_av_perm@Base 1.32 + string_to_security_class@Base 1.32 + unmap_class@Base 2.0.65 + unmap_perm@Base 2.0.65 diff --git a/debian/patches/python_install-layout.patch b/debian/patches/python_install-layout.patch new file mode 100644 index 0000000..c1bbad5 --- /dev/null +++ b/debian/patches/python_install-layout.patch @@ -0,0 +1,15 @@ +Description: Fix installation layout for debian-like distributions +Author: Laurent Bigonville +Forwarded: no + +--- a/src/Makefile ++++ b/src/Makefile +@@ -173,7 +173,7 @@ install: all + ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) + + install-pywrap: pywrap +- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` ++ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` --install-layout=deb + install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py + ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..3b8fbdd --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +python_install-layout.patch diff --git a/debian/python.mk b/debian/python.mk new file mode 100644 index 0000000..ac50646 --- /dev/null +++ b/debian/python.mk @@ -0,0 +1,18 @@ +#! /usr/bin/make --no-print-directory -f + +## Default target +PYTHON3_VERSIONS := $(shell py3versions -r) +all: $(PYTHON3_VERSIONS) + +## Targets share the same output files, so must be run serially +.NOTPARALLEL: +.PHONY: all $(PYTHON3_VERSIONS) + +## SELinux does not have a very nice build process +extra_python_args = PYTHON=$@ +extra_python_args += PYLIBS= + +## How to build and install each individually-versioned copy +$(PYTHON3_VERSIONS): python%: + +$(MAKE) $(extra_python_args) clean-pywrap + +$(MAKE) $(extra_python_args) install-pywrap diff --git a/debian/python3-selinux.install b/debian/python3-selinux.install new file mode 100644 index 0000000..4606faa --- /dev/null +++ b/debian/python3-selinux.install @@ -0,0 +1 @@ +usr/lib/python3* diff --git a/debian/ruby-selinux.install b/debian/ruby-selinux.install new file mode 100644 index 0000000..267ca7a --- /dev/null +++ b/debian/ruby-selinux.install @@ -0,0 +1 @@ +usr/lib/*/ruby diff --git a/debian/ruby.mk b/debian/ruby.mk new file mode 100644 index 0000000..2800d4b --- /dev/null +++ b/debian/ruby.mk @@ -0,0 +1,17 @@ +#! /usr/bin/make --no-print-directory -f + +## Default target +RUBY_VERSIONS := $(shell dh_ruby --print-supported) +all: $(RUBY_VERSIONS) + +## Targets share the same output files, so must be run serially +.NOTPARALLEL: +.PHONY: all $(RUBY_VERSIONS) + +## SELinux does not have a very nice build process +extra_ruby_args = RUBY=$@ + +## How to build and install each individually-versioned copy +$(RUBY_VERSIONS): ruby%: + +$(MAKE) $(extra_ruby_args) clean-rubywrap + +$(MAKE) $(extra_ruby_args) install-rubywrap diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..0f2cf8b --- /dev/null +++ b/debian/rules @@ -0,0 +1,83 @@ +#! /usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +## Figure out some variables +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +DEB_HOST_GNU_CPU ?= $(shell dpkg-architecture -qDEB_HOST_GNU_CPU) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +PKG_CONFIG ?= $(DEB_HOST_GNU_TYPE)-pkg-config + +DOPACKAGES = $(shell dh_listpackages) + +BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W "libsepol1-dev") + +## Default target +binary: + +## Sanity check +ifneq ($(DEB_HOST_ARCH_OS),linux) +$(error This is a linux only package. Aborting build.) +endif + +## The build system doesn't use CPPFLAGS, pass them to CFLAGS to enable the +## missing (hardening) flags. +export DEB_CFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS) + +## Unconditionally run debhelper command targets +.PHONY: FORCE +FORCE: + +## By default, pass everything through debhelper automatically +export DH_OPTIONS +DH_ADDONS = +ifneq ($(filter python3-selinux,$(DOPACKAGES)),) +DH_ADDONS += --with=python3 +endif +ifneq ($(filter ruby-selinux,$(DOPACKAGES)),) +DH_ADDONS += --with=ruby +endif +%: FORCE + @dh $@ $(DH_ADDONS) + +## Don't try to rebuild the debian/rules file +debian/rules: + @touch $@ + +## Set up some variables to be passed to the upstream Makefile +extra_make_args = ARCH=$(DEB_HOST_GNU_CPU) +extra_make_args += CC=$(DEB_HOST_GNU_TYPE)-gcc +extra_make_args += PKG_CONFIG=$(PKG_CONFIG) +extra_make_args += USE_PCRE2=y +override_dh_auto_build: FORCE + +$(MAKE) $(extra_make_args) all + +## Work around the very limited SELinux build-system +DESTDIR = $(CURDIR)/debian/tmp +base_extra_install_args = $(extra_make_args) +base_extra_install_args += DESTDIR=$(DESTDIR) +extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH) +extra_install_args += SHLIBDIR=/lib/$(DEB_HOST_MULTIARCH) +python_extra_install_args = $(base_extra_install_args) LIBDIR=/usr/lib + +override_dh_auto_install: FORCE + +$(MAKE) $(extra_install_args) install +ifneq ($(filter python3-selinux,$(DOPACKAGES)),) + +$(MAKE) $(python_extra_install_args) -f debian/python.mk +endif +ifneq ($(filter ruby-selinux,$(DOPACKAGES)),) + +$(MAKE) $(extra_install_args) -f debian/ruby.mk +endif + +## Generate a hard error for any upstream files we don't install +override_dh_missing: FORCE + dh_missing --fail-missing + +override_dh_gencontrol: + dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)" + +override_dh_makeshlibs: + dh_makeshlibs -plibselinux1 --add-udeb="libselinux1-udeb" -V + dh_makeshlibs --remaining-packages diff --git a/debian/selinux-utils.install b/debian/selinux-utils.install new file mode 100644 index 0000000..de19d6d --- /dev/null +++ b/debian/selinux-utils.install @@ -0,0 +1,5 @@ +usr/sbin/* +usr/share/man/man5/*.5 +usr/share/man/man8/*.8 +usr/share/man/ru/man5/*.5 +usr/share/man/ru/man8/*.8 diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..033c3c6 --- /dev/null +++ b/debian/watch @@ -0,0 +1,4 @@ +version=4 + +opts="uversionmangle=s/-(rc)/~$1/" \ +https://github.com/SELinuxProject/selinux/wiki/Releases (?:.*)/releases/download/(?:\d*)/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@