commit: 91ebad34fdd2900c65166dc14fd583fd6b75cc3a Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Sun Sep 19 06:17:09 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Sep 19 06:30:29 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91ebad34
sys-apps/selinux-python: don't import all of setools Bug: https://bugs.gentoo.org/809038 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> Signed-off-by: Sam James <sam <AT> gentoo.org> .../selinux-python-3.2-optional-networkx.patch | 271 +++++++++++++++++++++ ...hon-3.2.ebuild => selinux-python-3.2-r1.ebuild} | 4 + 2 files changed, 275 insertions(+) diff --git a/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch b/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch new file mode 100644 index 00000000000..a9525ddda93 --- /dev/null +++ b/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch @@ -0,0 +1,271 @@ +Avoid importing networkx which ends up having a Fortran (and other large) +dependencies. + +https://bugs.gentoo.org/809038 +https://github.com/SELinuxProject/selinux/commit/ba23ba068364ab11ff51f52bd1e20e3c63798a62 + +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <[email protected]> +Date: Wed, 25 Aug 2021 11:19:40 +0200 +Subject: [PATCH] python: Import specific modules from setools for less deps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Import the setools classes needed for Python bindings from specific +setools modules in order to reduce the dependency footprint +of the Python bindings. Importing the top-level module causes all +setools modules to be loaded which includes the modules that require +networkx. + +SELinux packages belong to the group of core system packages on Gentoo +Linux. It is desirable to keep the system set as small as possible, +and the dependency between setools and networkx seems to be the easiest +link to break without major loss of functionality. + +Signed-off-by: Michał Górny <[email protected]> +--- a/semanage/seobject.py ++++ b/semanage/seobject.py +@@ -31,7 +31,8 @@ + from semanage import * + PROGNAME = "policycoreutils" + import sepolicy +-import setools ++from setools.policyrep import SELinuxPolicy ++from setools.typequery import TypeQuery + import ipaddress + + try: +@@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords): + def __init__(self, args = None): + semanageRecords.__init__(self, args) + try: +- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"]) ++ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"]) + self.valid_types = sorted(str(t) for t in q.results()) + except: + pass +@@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords): + def __init__(self, args = None): + semanageRecords.__init__(self, args) + try: +- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"]) ++ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"]) + self.valid_types = set(str(t) for t in q.results()) + except: + pass +--- a/sepolicy/sepolicy/__init__.py ++++ b/sepolicy/sepolicy/__init__.py +@@ -4,7 +4,6 @@ + + import errno + import selinux +-import setools + import glob + import sepolgen.defaults as defaults + import sepolgen.interfaces as interfaces +@@ -13,6 +12,17 @@ + import re + import gzip + ++from setools.boolquery import BoolQuery ++from setools.portconquery import PortconQuery ++from setools.policyrep import SELinuxPolicy ++from setools.objclassquery import ObjClassQuery ++from setools.rbacrulequery import RBACRuleQuery ++from setools.rolequery import RoleQuery ++from setools.terulequery import TERuleQuery ++from setools.typeattrquery import TypeAttributeQuery ++from setools.typequery import TypeQuery ++from setools.userquery import UserQuery ++ + PROGNAME = "policycoreutils" + try: + import gettext +@@ -168,7 +178,7 @@ def policy(policy_file): + global _pol + + try: +- _pol = setools.SELinuxPolicy(policy_file) ++ _pol = SELinuxPolicy(policy_file) + except: + raise ValueError(_("Failed to read %s policy file") % policy_file) + +@@ -188,7 +198,7 @@ def info(setype, name=None): + init_policy() + + if setype == TYPE: +- q = setools.TypeQuery(_pol) ++ q = TypeQuery(_pol) + q.name = name + results = list(q.results()) + +@@ -206,7 +216,7 @@ def info(setype, name=None): + } for x in results) + + elif setype == ROLE: +- q = setools.RoleQuery(_pol) ++ q = RoleQuery(_pol) + if name: + q.name = name + +@@ -217,7 +227,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == ATTRIBUTE: +- q = setools.TypeAttributeQuery(_pol) ++ q = TypeAttributeQuery(_pol) + if name: + q.name = name + +@@ -227,7 +237,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == PORT: +- q = setools.PortconQuery(_pol) ++ q = PortconQuery(_pol) + if name: + ports = [int(i) for i in name.split("-")] + if len(ports) == 2: +@@ -251,7 +261,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == USER: +- q = setools.UserQuery(_pol) ++ q = UserQuery(_pol) + if name: + q.name = name + +@@ -268,7 +278,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == BOOLEAN: +- q = setools.BoolQuery(_pol) ++ q = BoolQuery(_pol) + if name: + q.name = name + +@@ -278,7 +288,7 @@ def info(setype, name=None): + } for x in q.results()) + + elif setype == TCLASS: +- q = setools.ObjClassQuery(_pol) ++ q = ObjClassQuery(_pol) + if name: + q.name = name + +@@ -372,11 +382,11 @@ def search(types, seinfo=None): + tertypes.append(DONTAUDIT) + + if len(tertypes) > 0: +- q = setools.TERuleQuery(_pol, +- ruletype=tertypes, +- source=source, +- target=target, +- tclass=tclass) ++ q = TERuleQuery(_pol, ++ ruletype=tertypes, ++ source=source, ++ target=target, ++ tclass=tclass) + + if PERMS in seinfo: + q.perms = seinfo[PERMS] +@@ -385,11 +395,11 @@ def search(types, seinfo=None): + + if TRANSITION in types: + rtypes = ['type_transition', 'type_change', 'type_member'] +- q = setools.TERuleQuery(_pol, +- ruletype=rtypes, +- source=source, +- target=target, +- tclass=tclass) ++ q = TERuleQuery(_pol, ++ ruletype=rtypes, ++ source=source, ++ target=target, ++ tclass=tclass) + + if PERMS in seinfo: + q.perms = seinfo[PERMS] +@@ -398,11 +408,11 @@ def search(types, seinfo=None): + + if ROLE_ALLOW in types: + ratypes = ['allow'] +- q = setools.RBACRuleQuery(_pol, +- ruletype=ratypes, +- source=source, +- target=target, +- tclass=tclass) ++ q = RBACRuleQuery(_pol, ++ ruletype=ratypes, ++ source=source, ++ target=target, ++ tclass=tclass) + + for r in q.results(): + toret.append({'source': str(r.source), +@@ -720,11 +730,11 @@ def get_all_entrypoints(): + + + def get_entrypoint_types(setype): +- q = setools.TERuleQuery(_pol, +- ruletype=[ALLOW], +- source=setype, +- tclass=["file"], +- perms=["entrypoint"]) ++ q = TERuleQuery(_pol, ++ ruletype=[ALLOW], ++ source=setype, ++ tclass=["file"], ++ perms=["entrypoint"]) + return [str(x.target) for x in q.results() if x.source == setype] + + +@@ -739,10 +749,10 @@ def get_init_transtype(path): + + + def get_init_entrypoint(transtype): +- q = setools.TERuleQuery(_pol, +- ruletype=["type_transition"], +- source="init_t", +- tclass=["process"]) ++ q = TERuleQuery(_pol, ++ ruletype=["type_transition"], ++ source="init_t", ++ tclass=["process"]) + entrypoints = [] + for i in q.results(): + try: +@@ -754,10 +764,10 @@ def get_init_entrypoint(transtype): + return entrypoints + + def get_init_entrypoints_str(): +- q = setools.TERuleQuery(_pol, +- ruletype=["type_transition"], +- source="init_t", +- tclass=["process"]) ++ q = TERuleQuery(_pol, ++ ruletype=["type_transition"], ++ source="init_t", ++ tclass=["process"]) + entrypoints = {} + for i in q.results(): + try: +@@ -837,7 +847,7 @@ def get_all_role_allows(): + return role_allows + role_allows = {} + +- q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW]) ++ q = RBACRuleQuery(_pol, ruletype=[ALLOW]) + for r in q.results(): + src = str(r.source) + tgt = str(r.target) +@@ -923,7 +933,7 @@ def get_all_roles(): + if not _pol: + init_policy() + +- q = setools.RoleQuery(_pol) ++ q = RoleQuery(_pol) + roles = [str(x) for x in q.results() if str(x) != "object_r"] + return roles + diff --git a/sys-apps/selinux-python/selinux-python-3.2.ebuild b/sys-apps/selinux-python/selinux-python-3.2-r1.ebuild similarity index 98% rename from sys-apps/selinux-python/selinux-python-3.2.ebuild rename to sys-apps/selinux-python/selinux-python-3.2-r1.ebuild index affdd90050d..15b87bbd725 100644 --- a/sys-apps/selinux-python/selinux-python-3.2.ebuild +++ b/sys-apps/selinux-python/selinux-python-3.2-r1.ebuild @@ -39,6 +39,10 @@ BDEPEND=" >=sys-apps/secilc-${PV} )" +PATCHES=( + "${FILESDIR}"/${PN}-3.2-optional-networkx.patch +) + src_prepare() { default sed -i 's/-Werror//g' "${S}"/*/Makefile || die "Failed to remove Werror"
