-
Notifications
You must be signed in to change notification settings - Fork 20
Expand file tree
/
Copy path_base-ruby-selinux.rb
More file actions
145 lines (132 loc) · 7.33 KB
/
_base-ruby-selinux.rb
File metadata and controls
145 lines (132 loc) · 7.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#####
# Component release information:
# https://github.com/SELinuxProject/selinux/releases
# Notes:
# This file is a basis for multiple versions/targets of ruby-selinux.
# It should not be included as a component; Instead other components should
# load it with instance_eval. See ruby-x.y-selinux.rb configs.
#####
pkg.add_source("file://resources/patches/ruby-selinux/selinuxswig_ruby_wrap.patch")
pkg.add_source("file://resources/patches/ruby-selinux/selinuxswig_ruby_undefining_allocator.patch")
pkg.add_source("file://resources/patches/ruby-selinux/undefining_allocator_el_7.patch")
# These can be overridden by the including component.
ruby_version ||= settings[:ruby_version]
host_ruby ||= settings[:host_ruby]
ruby_bindir ||= settings[:ruby_bindir]
# We download tarballs because system development packages (e.g.
# libselinux-devel) don't necessarily include Swig interface files (*.i files)
if platform.name =~ /el-(6|7)|ubuntu-(16|18.04-amd64)/
pkg.version "2.0.94"
pkg.md5sum "544f75aab11c2af352facc51af12029f"
pkg.url "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20100525/devel/libselinux-#{pkg.get_version}.tar.gz"
elsif platform.name.start_with?('el-9')
# SELinux 3.3 is the minimum version available in RHEL 9 repos
pkg.version '3.3'
pkg.sha256sum 'acfdee27633d2496508c28727c3d41d3748076f66d42fccde2e6b9f3463a7057'
pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz"
elsif platform.name.start_with?('debian-12')
# SELinux 3.4 is the minimum version available in Debian 12 repos
pkg.version '3.4'
pkg.sha256sum '77c294a927e6795c2e98f74b5c3adde9c8839690e9255b767c5fca6acff9b779'
pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz"
pkg.build_requires 'python3-distutils'
elsif platform.name.start_with?('debian-13')
# SELinux 3.8.1 is the minimum version available in Debian 13 repos
# Double check when Trixie is released
pkg.version '3.8.1'
pkg.sha256sum 'ec2d2789f931152d21c1db1eb4bc202ce4eccede34d9be9e360e3b45243cee2c'
pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz"
pkg.build_requires 'python3-setuptools'
elsif platform.name.start_with?('ubuntu-24')
# SELinux 3.5 is the minimum version available in Ubuntu 24 repos
pkg.version '3.5'
pkg.sha256sum '9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19'
pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz"
pkg.build_requires 'python3-setuptools'
elsif platform.name =~ /el-10|ubuntu-25.04/
# SELinux 3.7 is the minimum version available in RHEL 10 repos
pkg.version '3.7'
pkg.sha256sum 'ea03f42d13a4f95757997dba8cf0b26321fac5d2f164418b4cc856a92d2b17bd'
pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz"
pkg.build_requires 'python3-setuptools'
else
pkg.version "2.9"
pkg.md5sum "bb449431b6ed55a0a0496dbc366d6e31"
pkg.apply_patch "resources/patches/ruby-selinux/selinux-29-function.patch"
pkg.url "https://github.com/SELinuxProject/selinux/releases/download/20190315/libselinux-#{pkg.get_version}.tar.gz"
end
pkg.mirror "#{settings[:buildsources_url]}/libselinux-#{pkg.get_version}.tar.gz"
pkg.build_requires "ruby-#{ruby_version}"
cc = "/opt/pl-build-tools/bin/gcc"
system_include = '-I/usr/include'
ruby = "#{ruby_bindir}/ruby -rrbconfig"
# The RHEL 9 libselinux-devel package provides headers, but we don't want to
# use the package becuase of a compatibility issue with the shared library.
# Instead, we use the headers provided in the tarball.
system_include.prepend('-I./include ') if platform.name =~ /el-(9|10)/
if platform.is_cross_compiled_linux?
cc = "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc"
system_include = "-I/opt/pl-build-tools/#{settings[:platform_triple]}/sysroot/usr/include"
pkg.environment "RUBY", host_ruby
ruby = "#{host_ruby} -r#{settings[:datadir]}/doc/rbconfig-#{ruby_version}-orig.rb"
end
cflags = ""
# The platforms below use pl-build-tools
unless platform.name =~ /el-6|ubuntu-(16-amd64)/
cc = '/usr/bin/gcc'
cflags += "#{settings[:cppflags]} #{settings[:cflags]}"
end
pkg.build do
steps = [
"export RUBYHDRDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"rubyhdrdir\"]')",
"export VENDORARCHDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"vendorarchdir\"]')",
"export ARCHDIR=$${RUBYHDRDIR}/$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"arch\"]')",
"export INCLUDESTR=\"-I#{settings[:includedir]} -I$${RUBYHDRDIR} -I$${ARCHDIR}\"",
"cp -pr src/{selinuxswig_ruby.i,selinuxswig.i} .",
"swig -Wall -ruby #{system_include} -o selinuxswig_ruby_wrap.c -outdir ./ selinuxswig_ruby.i"
]
if ruby_version =~ /^3/
# swig 4.1 generated interface does not need patching, so skip
# when running debian >= 12, fedora >= 40, etc
unless (platform.is_debian? && platform.os_version.to_i >= 12) ||
(platform.is_fedora? && platform.os_version.to_i >= 40) ||
(platform.is_ubuntu? && platform.os_version.to_i >= 24) ||
(platform.is_el? && platform.os_version.to_i >= 10)
steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../selinuxswig_ruby_wrap.patch"
end
# EL 7 uses an older version of swig (2.0) so a different patch is needed to
# fix warning:undefining the allocator of T_DATA class
if platform.name =~ /el-7|redhatfips-7/
steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../undefining_allocator_el_7.patch"
else
# Ubuntu 24, Fedora 40, EL 10, and Debian 13 use a newer swig that already has the fix that's
# being patched
unless (platform.is_fedora? && platform.os_version.to_i >= 40) ||
(platform.is_ubuntu? && platform.os_version.to_i >= 24) ||
(platform.is_el? && platform.os_version.to_i >= 10) ||
(platform.is_debian? && platform.os_version.to_i >= 13)
steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../selinuxswig_ruby_undefining_allocator.patch"
end
end
end
# libselinux 3.3 is the minimum version we want to build on RHEL 9, but the
# libeselinux-devel-3.3 package confusingly installs a shared library that
# uses 3.4. The hacky workaround for this is to symlink an existing library.
# PDK builds two Rubies so check if symlink exists first. Similar issue
# exists for RHEL 10.
if platform.name =~ /el-(9|10)/
steps << 'if [ ! -L /usr/lib64/libselinux.so ]; then ln -s /usr/lib64/libselinux.so.1 /usr/lib64/libselinux.so; fi'
end
steps.concat([
"#{cc} $${INCLUDESTR} #{system_include} #{cflags} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -DSHARED -c -o selinuxswig_ruby_wrap.lo selinuxswig_ruby_wrap.c",
"#{cc} $${INCLUDESTR} #{system_include} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -shared -o _rubyselinux.so selinuxswig_ruby_wrap.lo -lselinux -Wl,-z,relro,-z,now,-soname,_rubyselinux.so",
])
end
pkg.install do
[
"export VENDORARCHDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"vendorarchdir\"]')",
"install -d $${VENDORARCHDIR}",
"install -p -m755 _rubyselinux.so $${VENDORARCHDIR}/selinux.so",
"#{platform[:make]} -e clean",
]
end