selinux: add packages. (#8114)

* libcap-ng: add package.

* audit: add package.

* selinux: add packages.

* update and test autoconf check packages.

* try packagedeps.

* fix & test.

* update.

* update.

packages/a/audit/xmake.lua

@@ -0,0 +1,69 @@
+package("audit")
+    set_description("Userspace components of the audit framework.")
+
+    add_urls("https://github.com/linux-audit/audit-userspace/archive/refs/tags/$(version).tar.gz",
+             "https://github.com/linux-audit/audit-userspace.git")
+    add_versions("v4.1.2", "5c638bbeef9adb6c5715d3a60f0f5adb93e9b81633608af13d23c61f5e5db04d")
+
+    add_configs("listener",       {description = "Enable auditd network listener support.", default = true, type = "boolean"})
+    add_configs("zos_remote",     {description = "Enable audisp zos remote plugin.", default = true, type = "boolean"})
+    add_configs("legacy_actions", {description = "Enable legacy actions.", default = true, type = "boolean"})
+    add_configs("gssapi_krb5",    {description = "Enable gssapi kerberos 5 support.", default = true, type = "boolean"})
+    add_configs("experimental",   {description = "Enable experimental audit components.", default = false, type = "boolean"})
+
+    add_configs("arm",       {description = "Enable armeabi processor support.", default = false, type = "boolean"})
+    add_configs("aarch64",   {description = "Enable aarch64 processor support.", default = false, type = "boolean"})
+    add_configs("riscv",     {description = "Enable risc-v processor support.", default = false, type = "boolean"})
+    add_configs("apparmor",  {description = "Enable apparmor events.", default = false, type = "boolean"})
+    add_configs("io_uring",  {description = "Enable io_uring support.", default = false, type = "boolean"})
+    add_configs("nftables",  {description = "Use nftables. (default is nftables)", default = true, type = "boolean"})
+    add_configs("libcap_ng", {description = "Add libcap-ng support.", default = true, type = "boolean"})
+
+    add_deps("autotools")
+    on_load(function (package)
+        if package:config("zos_remote") then
+            package:add("deps", "openldap")
+        end
+        if package:config("gssapi_krb5") then
+            package:add("deps", "krb5")
+        end
+        if package:config("libcap_ng") then
+            package:add("deps", "libcap-ng")
+        end
+    end)
+
+    on_install("linux", function (package)
+        local configs = {
+            "--disable-dependency-tracking",
+            "--without-python3",
+            "--without-golang"
+        }
+
+        table.insert(configs, "--enable-listener=" .. (package:config("listener") and "yes" or "no"))
+        table.insert(configs, "--enable-zos-remote=" .. (package:config("zos_remote") and "yes" or "no"))
+        table.insert(configs, "--enable-legacy-actions=" .. (package:config("legacy_actions") and "yes" or "no"))
+        table.insert(configs, "--enable-gssapi-krb5=" .. (package:config("gssapi_krb5") and "yes" or "no"))
+        table.insert(configs, "--enable-experimental=" .. (package:config("experimental") and "yes" or "no"))
+
+        table.insert(configs, "--with-arm=" .. (package:config("arm") and "yes" or "no"))
+        table.insert(configs, "--with-aarch64=" .. (package:config("aarch64") and "yes" or "no"))
+        table.insert(configs, "--with-riscv=" .. (package:config("riscv") and "yes" or "no"))
+        table.insert(configs, "--with-apparmor=" .. (package:config("apparmor") and "yes" or "no"))
+        table.insert(configs, "--with-io_uring=" .. (package:config("io_uring") and "yes" or "no"))
+        table.insert(configs, "--with-nftables=" .. (package:config("nftables") and "yes" or "no"))
+        table.insert(configs, "--with-libcap-ng=" .. (package:config("libcap_ng") and "yes" or "no"))
+
+        io.replace("src/Makefile.am", "SUBDIRS = test", "SUBDIRS = ", {plain = true})
+        io.replace("auparse/Makefile.am", "SUBDIRS = . test", "SUBDIRS = .", {plain = true})
+
+        local packagedeps = {}
+        for _, dep in ipairs(package:librarydeps()) do
+            table.insert(packagedeps, dep:name())
+        end
+
+        import("package.tools.autoconf").install(package, configs, {packagedeps = packagedeps})
+    end)
+
+    on_test(function (package)
+        assert(package:has_cfuncs("audit_get_session", {includes = "libaudit.h"}))
+    end)

packages/c/checkpolicy/xmake.lua

@@ -0,0 +1,49 @@
+package("checkpolicy")
+    set_kind("binary")
+    set_homepage("https://github.com/SELinuxProject/selinux")
+    set_description("SELinux policy compiler.")
+    set_license("GPL-2.0")
+
+    add_urls("https://github.com/SELinuxProject/selinux/releases/download/$(version)/checkpolicy-$(version).tar.gz")
+    add_versions("3.9", "dd85b0173ca6e96b22ebf472bcbccf04eb10e1aa07add8f1b7e0e9e8e995e027")
+
+    add_deps("flex", "bison")
+    on_load(function (package)
+        package:add("deps", "libsepol >=" .. package:version_str())
+        package:add("deps", "libselinux >=" .. package:version_str())
+    end)
+
+    on_install("linux", function (package)
+        import("package.tools.make")
+
+        local configs = {"PREFIX="}
+        table.insert(configs, "DEBUG=" .. (package:is_debug() and "1" or "0"))
+        table.insert(configs, "DESTDIR=" .. package:installdir())
+
+        local envs = make.buildenvs(package)
+        local cflags = {}
+        local ldflags = {}
+        for _, dep in ipairs(package:orderdeps()) do
+            local fetchinfo = dep:fetch()
+            if fetchinfo then
+                for _, includedir in ipairs(fetchinfo.includedirs or fetchinfo.sysincludedirs) do
+                    table.insert(cflags, "-I" .. includedir)
+                end
+                for _, linkdir in ipairs(fetchinfo.linkdirs) do
+                    table.insert(ldflags, "-L" .. linkdir)
+                end
+            end
+        end
+
+        envs.CFLAGS = envs.CFLAGS .. " " .. table.concat(cflags, " ")
+        envs.LDFLAGS = envs.LDFLAGS .. " " .. table.concat(ldflags, " ")
+
+        make.build(package, configs, {envs = envs})
+
+        table.insert(configs, "install")
+        make.make(package, configs, {envs = envs})
+    end)
+
+    on_test(function (package)
+        assert(os.isexec(package:installdir("bin/checkpolicy")), "checkpolicy executable not found!")
+    end)

packages/l/libcap-ng/xmake.lua

@@ -0,0 +1,31 @@
+package("libcap-ng")
+    set_homepage("https://github.com/stevegrubb/libcap-ng")
+    set_description("Libcap-ng is a library for Linux that makes using posix capabilities easy.")
+
+    add_urls("https://github.com/stevegrubb/libcap-ng/archive/refs/tags/$(version).tar.gz",
+             "https://github.com/stevegrubb/libcap-ng.git")
+    add_versions("v0.8.5", "e4be07fdd234f10b866433f224d183626003c65634ed0552b02e654a380244c2")
+
+    add_configs("utils", {description = "Build utilities.", default = true, type = "boolean"})
+
+    add_deps("autotools")
+    on_install("linux", function (package)
+        local configs = {
+            "--disable-dependency-tracking",
+            "--without-python3"
+        }
+        table.insert(configs, "--with-debug=" .. (package:is_debug() and "yes" or "no"))
+
+        local subdirs = {"src", "m4"}
+        if package:config("utils") then
+            table.insert(subdirs, "utils")
+        end
+        io.replace("Makefile.am", "SUBDIRS = src utils m4 docs", "SUBDIRS = " .. table.concat(subdirs, " "), {plain = true})
+        io.replace("src/Makefile.am", "SUBDIRS = test", "SUBDIRS =", {plain = true})
+
+        import("package.tools.autoconf").install(package, configs)
+    end)
+
+    on_test(function (package)
+        assert(package:has_cfuncs("capng_setpid", {includes = "cap-ng.h"}))
+    end)

packages/l/libselinux/xmake.lua

@@ -0,0 +1,86 @@
+package("libselinux")
+    set_homepage("https://github.com/SELinuxProject/selinux")
+    set_description("SELinux library and simple utilities.")
+
+    add_urls("https://github.com/SELinuxProject/selinux/releases/download/$(version)/libselinux-$(version).tar.gz")
+    add_versions("3.9", "e7ee2c01dba64a0c35c9d7c9c0e06209d8186b325b0638a0d83f915cc3c101e8")
+
+    add_configs("utils", {description = "Build utilities.", default = true, type = "boolean"})
+
+    add_configs("setrans", {description = "Enable selinux translation daemon support.", default = true, type = "boolean"})
+    add_configs("rpm",     {description = "Enable rpm_execcon support.", default = true, type = "boolean"})
+    add_configs("bool",    {description = "Enable selinux boolean support.", default = true, type = "boolean"})
+    add_configs("x11",     {description = "Enable X11 media context support.", default = true, type = "boolean"})
+
+    add_configs("pcre2", {description = "Enable use of pcre2.", default = true, type = "boolean"})
+    add_configs("lfs",   {description = "Enable large file support.", default = true, type = "boolean"})
+
+    on_load(function (package)
+        package:add("deps", "libsepol >=" .. package:version_str())
+        if package:config("pcre2") then
+            package:add("deps", "pcre2")
+        end
+    end)
+
+    on_install("linux", function (package)
+        import("package.tools.make")
+
+        local configs = {"PREFIX="}
+
+        table.insert(configs, "DEBUG=" .. (package:is_debug() and "1" or "0"))
+        table.insert(configs, "DESTDIR=" .. package:installdir())
+
+        table.insert(configs, "DISABLE_SETRANS=" .. (package:config("setrans") and "n" or "y"))
+        table.insert(configs, "DISABLE_RPM=" .. (package:config("rpm") and "n" or "y"))
+        table.insert(configs, "DISABLE_BOOL=" .. (package:config("bool") and "n" or "y"))
+        table.insert(configs, "DISABLE_X11=" .. (package:config("x11") and "n" or "y"))
+
+        table.insert(configs, "USE_PCRE2=" .. (package:config("pcre2") and "y" or "n"))
+        table.insert(configs, "USE_LFS=" .. (package:config("lfs") and "y" or "n"))
+
+        local subdirs = {"include", "src"}
+        if package:config("utils") then
+            table.insert(subdirs, "utils")
+        end
+
+        table.insert(configs, "DISABLE_SHARED=" .. (package:config("shared") and "n" or "y"))
+        if package:config("shared") then
+            -- io.replace("src/Makefile", "all: $(LIBA)", "all:", {plain = true})
+            io.replace("src/Makefile", "install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)", "", {plain = true})
+        end
+
+        -- fix pkg-config
+        io.replace("src/Makefile", ":@prefix@:$(PREFIX):", ":@prefix@:$(DESTDIR):", {plain = true})
+
+        local envs = make.buildenvs(package)
+        local cflags = {}
+        local ldflags = {}
+        for _, dep in ipairs(package:orderdeps()) do
+            local fetchinfo = dep:fetch()
+            if fetchinfo then
+                for _, includedir in ipairs(fetchinfo.includedirs or fetchinfo.sysincludedirs) do
+                    table.insert(cflags, "-I" .. includedir)
+                end
+                for _, linkdir in ipairs(fetchinfo.linkdirs) do
+                    table.insert(ldflags, "-L" .. linkdir)
+                end
+            end
+        end
+
+        if package:config("pic") then
+            table.insert(cflags, "-fPIC")
+        end
+
+        envs.CFLAGS = envs.CFLAGS .. " " .. table.concat(cflags, " ")
+        envs.LDFLAGS = envs.LDFLAGS .. " " .. table.concat(ldflags, " ")
+
+        table.insert(configs, "SUBDIRS=" .. table.concat(subdirs, " "))
+        make.build(package, configs, {envs = envs})
+
+        table.insert(configs, "install")
+        make.make(package, configs, {envs = envs})
+    end)
+
+    on_test(function (package)
+        assert(package:has_cfuncs("is_selinux_enabled", {includes = {"selinux/selinux.h"}}))
+    end)

packages/l/libsemanage/xmake.lua

@@ -0,0 +1,77 @@
+package("libsemanage")
+    set_homepage("https://github.com/SELinuxProject/selinux")
+    set_description("SELinux binary policy manipulation library.")
+    set_license("LGPL-2.1")
+
+    add_urls("https://github.com/SELinuxProject/selinux/releases/download/$(version)/libsemanage-$(version).tar.gz")
+    add_versions("3.9", "ec05850aef48bfb8e02135a7f4f3f7edba3670f63d5e67f2708d4bd80b9a4634")
+
+    add_configs("utils", {description = "Build utilities.", default = true, type = "boolean"})
+
+    add_deps("flex", "bison", "bzip2", "audit")
+    on_load(function (package)
+        package:add("deps", "libselinux >=" .. package:version_str())
+    end)
+
+    on_install("linux", function (package)
+        import("package.tools.make")
+
+        local configs = {"PREFIX="}
+        table.insert(configs, "DEBUG=" .. (package:is_debug() and "1" or "0"))
+        table.insert(configs, "DESTDIR=" .. package:installdir())
+
+        table.insert(configs, "DISABLE_SHARED=" .. (package:config("shared") and "n" or "y"))
+        if package:config("shared") then
+            io.replace("src/Makefile", "all: $(LIBA)", "all:", {plain = true})
+            io.replace("src/Makefile", "install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)", "", {plain = true})
+        end
+
+        if not package:config("utils") then
+            io.replace("Makefile", "$(MAKE) -C utils install", "", {plain = true})
+        end
+
+        io.replace("Makefile", "$(MAKE) -C man install", "", {plain = true})
+
+        -- fix pkg-config
+        io.replace("src/Makefile", ":@prefix@:$(PREFIX):", ":@prefix@:$(DESTDIR):", {plain = true})
+
+        local envs = make.buildenvs(package)
+        local cflags = {}
+        local ldflags = {}
+        for _, dep in ipairs(package:orderdeps()) do
+            local fetchinfo = dep:fetch()
+            if fetchinfo then
+                for _, includedir in ipairs(fetchinfo.includedirs or fetchinfo.sysincludedirs) do
+                    table.insert(cflags, "-I" .. includedir)
+                end
+                for _, linkdir in ipairs(fetchinfo.linkdirs) do
+                    table.insert(ldflags, "-L" .. linkdir)
+                end
+            end
+        end
+
+        if package:config("pic") then
+            table.insert(cflags, "-fPIC")
+        end
+
+        local links_missing_in_cascading = ""
+        if package:dep("audit"):config("libcap_ng") then
+            links_missing_in_cascading = links_missing_in_cascading .. " -lcap-ng"
+        end
+        if package:dep("libselinux"):config("pcre2") then
+            links_missing_in_cascading = links_missing_in_cascading .. " -lpcre2-8"
+        end
+        io.replace("src/Makefile", "-lselinux", "-lselinux" .. links_missing_in_cascading, {plain = true})
+
+        envs.CFLAGS = envs.CFLAGS .. " " .. table.concat(cflags, " ")
+        envs.LDFLAGS = envs.LDFLAGS .. " " .. table.concat(ldflags, " ")
+
+        make.build(package, configs, {envs = envs})
+
+        table.insert(configs, "install")
+        make.make(package, configs, {envs = envs})
+    end)
+
+    on_test(function (package)
+        assert(package:has_cfuncs("semanage_module_install", {includes = {"semanage/modules.h"}}))
+    end)

packages/l/libsepol/xmake.lua

@@ -0,0 +1,57 @@
+package("libsepol")
+    set_homepage("https://github.com/SELinuxProject/selinux")
+    set_description("SELinux binary policy manipulation library.")
+    set_license("LGPL-2.1")
+
+    add_urls("https://github.com/SELinuxProject/selinux/releases/download/$(version)/libsepol-$(version).tar.gz")
+    add_versions("3.9", "ba630b59e50c5fbf9e9dd45eb3734f373cf78d689d8c10c537114c9bd769fa2e")
+
+    add_configs("cil",   {description = "Build with CIL support.", default = true, type = "boolean"})
+    add_configs("utils", {description = "Build utilities.", default = true, type = "boolean"})
+
+    on_load(function (package)
+        if package:config("cil") then
+            package:add("deps", "flex")
+        end
+    end)
+
+    on_install("linux", function (package)
+        import("package.tools.make")
+
+        local configs = {"PREFIX="}
+        table.insert(configs, "DEBUG=" .. (package:is_debug() and "1" or "0"))
+        table.insert(configs, "DESTDIR=" .. package:installdir())
+
+        table.insert(configs, "DISABLE_SHARED=" .. (package:config("shared") and "n" or "y"))
+        if package:config("shared") then
+            io.replace("src/Makefile", "all: $(LIBA)", "all:", {plain = true})
+            io.replace("src/Makefile", "install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)", "", {plain = true})
+        end
+
+        table.insert(configs, "DISABLE_CIL=" .. (package:config("cil") and "n" or "y"))
+        if not package:config("utils") then
+            io.replace("Makefile", "$(MAKE) -C utils install", "", {plain = true})
+            io.replace("Makefile", "$(MAKE) -C utils", "", {plain = true})
+        end
+
+        io.replace("Makefile", "$(MAKE) -C man install", "", {plain = true})
+
+        -- fix pkg-config
+        io.replace("src/Makefile", ":@prefix@:$(PREFIX):", ":@prefix@:$(DESTDIR):", {plain = true})
+
+        local envs = make.buildenvs(package)
+        local cflags = {}
+        if package:config("pic") then
+            table.insert(cflags, "-fPIC")
+        end
+        envs.CFLAGS = envs.CFLAGS .. " " .. table.concat(cflags, " ")
+
+        make.build(package, configs, {envs = envs})
+
+        table.insert(configs, "install")
+        make.make(package, configs, {envs = envs})
+    end)
+
+    on_test(function (package)
+        assert(package:has_cfuncs("sepol_set_policydb_from_file", {includes = {"sepol/sepol.h"}}))
+    end)

packages/p/policycoreutils/xmake.lua

@@ -0,0 +1,61 @@
+package("policycoreutils")
+    set_kind("binary")
+    set_homepage("https://github.com/SELinuxProject/selinux")
+    set_description("SELinux policy core utilities.")
+
+    add_urls("https://github.com/SELinuxProject/selinux/releases/download/$(version)/policycoreutils-$(version).tar.gz")
+    add_versions("3.9", "44a294139876cf4c7969cb6a75d1932cb42543d74a7661760ded44a20bf7ebe8")
+
+    add_deps("gettext")
+    on_load(function (package)
+        package:add("deps", "libsemanage >=" .. package:version_str())
+    end)
+
+    on_install("linux", function (package)
+        import("package.tools.make")
+
+        local configs = {"PREFIX="}
+        table.insert(configs, "DEBUG=" .. (package:is_debug() and "1" or "0"))
+        table.insert(configs, "DESTDIR=" .. package:installdir())
+
+        local envs = make.buildenvs(package)
+        local cflags = {}
+        local ldflags = {}
+        for _, dep in ipairs(package:orderdeps()) do
+            local fetchinfo = dep:fetch()
+            if fetchinfo then
+                for _, includedir in ipairs(fetchinfo.includedirs or fetchinfo.sysincludedirs) do
+                    table.insert(cflags, "-I" .. includedir)
+                end
+                for _, linkdir in ipairs(fetchinfo.linkdirs) do
+                    table.insert(ldflags, "-L" .. linkdir)
+                end
+            end
+        end
+
+        local links_missing_in_cascading = ""
+        if package:dep("audit"):config("libcap_ng") then
+            links_missing_in_cascading = links_missing_in_cascading .. " -lcap-ng"
+        end
+        if package:dep("libselinux"):config("pcre2") then
+            links_missing_in_cascading = links_missing_in_cascading .. " -lpcre2-8"
+        end
+        for _, file in ipairs(os.files("**/Makefile")) do
+            io.replace(file, "-laudit", "-laudit" .. links_missing_in_cascading, {plain = true})
+            io.replace(file, "$(LIBSELINUX_LDLIBS)", "$(LIBSELINUX_LDLIBS) -lsepol" .. links_missing_in_cascading, {plain = true})
+            io.replace(file, "$(LIBSEMANAGE_LDLIBS)", "$(LIBSEMANAGE_LDLIBS) -laudit -lbz2", {plain = true})
+        end
+
+
+        envs.CFLAGS = envs.CFLAGS .. " " .. table.concat(cflags, " ")
+        envs.LDFLAGS = envs.LDFLAGS .. " " .. table.concat(ldflags, " ")
+
+        make.build(package, configs, {envs = envs})
+
+        table.insert(configs, "install")
+        make.make(package, configs, {envs = envs})
+    end)
+
+    on_test(function (package)
+        assert(os.isexec(package:installdir("bin/sestatus")), "policycoreutils executable not found!")
+    end)

packages/s/secilc/xmake.lua

@@ -0,0 +1,53 @@
+package("secilc")
+    set_kind("binary")
+    set_homepage("https://github.com/SELinuxProject/selinux")
+    set_description("SELinux Common Intermediate Language Compiler")
+
+    add_urls("https://github.com/SELinuxProject/selinux/releases/download/$(version)/secilc-$(version).tar.gz")
+    add_versions("3.9", "c53fb7218ac158c05f28de186e48404857eb191bd4f9415802f85449fdf6da7f")
+
+    on_load(function (package)
+        package:add("deps", "libsepol >=" .. package:version_str())
+    end)
+
+    on_install("linux", function (package)
+        import("package.tools.make")
+
+        local configs = {"PREFIX="}
+        table.insert(configs, "DEBUG=" .. (package:is_debug() and "1" or "0"))
+        table.insert(configs, "DESTDIR=" .. package:installdir())
+
+        local envs = make.buildenvs(package)
+        local cflags = {}
+        local ldflags = {}
+        for _, dep in ipairs(package:orderdeps()) do
+            local fetchinfo = dep:fetch()
+            if fetchinfo then
+                for _, includedir in ipairs(fetchinfo.includedirs or fetchinfo.sysincludedirs) do
+                    table.insert(cflags, "-I" .. includedir)
+                end
+                for _, linkdir in ipairs(fetchinfo.linkdirs) do
+                    table.insert(ldflags, "-L" .. linkdir)
+                end
+            end
+        end
+
+        envs.CFLAGS = envs.CFLAGS .. " " .. table.concat(cflags, " ")
+        envs.LDFLAGS = envs.LDFLAGS .. " " .. table.concat(ldflags, " ")
+
+        io.replace("Makefile", "$(SECIL2TREE) man", "$(SECIL2TREE)", {plain = true})
+        io.replace("Makefile", "install: all man", "install: all", {plain = true})
+        io.replace("Makefile", "-mkdir -p $(DESTDIR)$(MANDIR)/man8", "", {plain = true})
+        io.replace("Makefile", [[	install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+	install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+	install -m 644 $(SECIL2TREE_MANPAGE) $(DESTDIR)$(MANDIR)/man8]], "", {plain = true})
+
+        make.build(package, configs, {envs = envs})
+
+        table.insert(configs, "install")
+        make.make(package, configs, {envs = envs})
+    end)
+
+    on_test(function (package)
+        assert(os.isexec(package:installdir("bin/secilc")), "secilc executable not found!")
+    end)

scripts/test.lua

@@ -291,8 +291,7 @@ end
 function _lock_packages(packages)
     local locked_packages = {
         "flashlight",
-        "systemd",
-        "libselinux",
+        "systemd"
     }
     for _, package in ipairs(packages) do
         if table.contains(locked_packages, package) then