summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2021-09-19 07:17:09 +0100
committerSam James <sam@gentoo.org>2021-09-19 07:30:29 +0100
commit91ebad34fdd2900c65166dc14fd583fd6b75cc3a (patch)
tree58e4f973cc94dc624d70b675a0c835b54896f90d
parentdev-ruby/mocha: cleanup (diff)
downloadgentoo-91ebad34fdd2900c65166dc14fd583fd6b75cc3a.tar.gz
gentoo-91ebad34fdd2900c65166dc14fd583fd6b75cc3a.tar.bz2
gentoo-91ebad34fdd2900c65166dc14fd583fd6b75cc3a.zip
sys-apps/selinux-python: don't import all of setools
Bug: https://bugs.gentoo.org/809038 Signed-off-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r--sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch271
-rw-r--r--sys-apps/selinux-python/selinux-python-3.2-r1.ebuild (renamed from sys-apps/selinux-python/selinux-python-3.2.ebuild)4
2 files changed, 275 insertions, 0 deletions
diff --git a/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch b/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch
new file mode 100644
index 000000000000..a9525ddda939
--- /dev/null
+++ b/sys-apps/selinux-python/files/selinux-python-3.2-optional-networkx.patch
@@ -0,0 +1,271 @@
+Avoid importing networkx which ends up having a Fortran (and other large)
+dependencies.
+
+https://bugs.gentoo.org/809038
+https://github.com/SELinuxProject/selinux/commit/ba23ba068364ab11ff51f52bd1e20e3c63798a62
+
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Wed, 25 Aug 2021 11:19:40 +0200
+Subject: [PATCH] python: Import specific modules from setools for less deps
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Import the setools classes needed for Python bindings from specific
+setools modules in order to reduce the dependency footprint
+of the Python bindings. Importing the top-level module causes all
+setools modules to be loaded which includes the modules that require
+networkx.
+
+SELinux packages belong to the group of core system packages on Gentoo
+Linux. It is desirable to keep the system set as small as possible,
+and the dependency between setools and networkx seems to be the easiest
+link to break without major loss of functionality.
+
+Signed-off-by: Michał Górny <mgorny@gentoo.org>
+--- a/semanage/seobject.py
++++ b/semanage/seobject.py
+@@ -31,7 +31,8 @@
+ from semanage import *
+ PROGNAME = "policycoreutils"
+ import sepolicy
+-import setools
++from setools.policyrep import SELinuxPolicy
++from setools.typequery import TypeQuery
+ import ipaddress
+
+ try:
+@@ -1339,7 +1340,7 @@ class ibpkeyRecords(semanageRecords):
+ def __init__(self, args = None):
+ semanageRecords.__init__(self, args)
+ try:
+- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
++ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
+ self.valid_types = sorted(str(t) for t in q.results())
+ except:
+ pass
+@@ -1599,7 +1600,7 @@ class ibendportRecords(semanageRecords):
+ def __init__(self, args = None):
+ semanageRecords.__init__(self, args)
+ try:
+- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
++ q = TypeQuery(SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
+ self.valid_types = set(str(t) for t in q.results())
+ except:
+ pass
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -4,7 +4,6 @@
+
+ import errno
+ import selinux
+-import setools
+ import glob
+ import sepolgen.defaults as defaults
+ import sepolgen.interfaces as interfaces
+@@ -13,6 +12,17 @@
+ import re
+ import gzip
+
++from setools.boolquery import BoolQuery
++from setools.portconquery import PortconQuery
++from setools.policyrep import SELinuxPolicy
++from setools.objclassquery import ObjClassQuery
++from setools.rbacrulequery import RBACRuleQuery
++from setools.rolequery import RoleQuery
++from setools.terulequery import TERuleQuery
++from setools.typeattrquery import TypeAttributeQuery
++from setools.typequery import TypeQuery
++from setools.userquery import UserQuery
++
+ PROGNAME = "policycoreutils"
+ try:
+ import gettext
+@@ -168,7 +178,7 @@ def policy(policy_file):
+ global _pol
+
+ try:
+- _pol = setools.SELinuxPolicy(policy_file)
++ _pol = SELinuxPolicy(policy_file)
+ except:
+ raise ValueError(_("Failed to read %s policy file") % policy_file)
+
+@@ -188,7 +198,7 @@ def info(setype, name=None):
+ init_policy()
+
+ if setype == TYPE:
+- q = setools.TypeQuery(_pol)
++ q = TypeQuery(_pol)
+ q.name = name
+ results = list(q.results())
+
+@@ -206,7 +216,7 @@ def info(setype, name=None):
+ } for x in results)
+
+ elif setype == ROLE:
+- q = setools.RoleQuery(_pol)
++ q = RoleQuery(_pol)
+ if name:
+ q.name = name
+
+@@ -217,7 +227,7 @@ def info(setype, name=None):
+ } for x in q.results())
+
+ elif setype == ATTRIBUTE:
+- q = setools.TypeAttributeQuery(_pol)
++ q = TypeAttributeQuery(_pol)
+ if name:
+ q.name = name
+
+@@ -227,7 +237,7 @@ def info(setype, name=None):
+ } for x in q.results())
+
+ elif setype == PORT:
+- q = setools.PortconQuery(_pol)
++ q = PortconQuery(_pol)
+ if name:
+ ports = [int(i) for i in name.split("-")]
+ if len(ports) == 2:
+@@ -251,7 +261,7 @@ def info(setype, name=None):
+ } for x in q.results())
+
+ elif setype == USER:
+- q = setools.UserQuery(_pol)
++ q = UserQuery(_pol)
+ if name:
+ q.name = name
+
+@@ -268,7 +278,7 @@ def info(setype, name=None):
+ } for x in q.results())
+
+ elif setype == BOOLEAN:
+- q = setools.BoolQuery(_pol)
++ q = BoolQuery(_pol)
+ if name:
+ q.name = name
+
+@@ -278,7 +288,7 @@ def info(setype, name=None):
+ } for x in q.results())
+
+ elif setype == TCLASS:
+- q = setools.ObjClassQuery(_pol)
++ q = ObjClassQuery(_pol)
+ if name:
+ q.name = name
+
+@@ -372,11 +382,11 @@ def search(types, seinfo=None):
+ tertypes.append(DONTAUDIT)
+
+ if len(tertypes) > 0:
+- q = setools.TERuleQuery(_pol,
+- ruletype=tertypes,
+- source=source,
+- target=target,
+- tclass=tclass)
++ q = TERuleQuery(_pol,
++ ruletype=tertypes,
++ source=source,
++ target=target,
++ tclass=tclass)
+
+ if PERMS in seinfo:
+ q.perms = seinfo[PERMS]
+@@ -385,11 +395,11 @@ def search(types, seinfo=None):
+
+ if TRANSITION in types:
+ rtypes = ['type_transition', 'type_change', 'type_member']
+- q = setools.TERuleQuery(_pol,
+- ruletype=rtypes,
+- source=source,
+- target=target,
+- tclass=tclass)
++ q = TERuleQuery(_pol,
++ ruletype=rtypes,
++ source=source,
++ target=target,
++ tclass=tclass)
+
+ if PERMS in seinfo:
+ q.perms = seinfo[PERMS]
+@@ -398,11 +408,11 @@ def search(types, seinfo=None):
+
+ if ROLE_ALLOW in types:
+ ratypes = ['allow']
+- q = setools.RBACRuleQuery(_pol,
+- ruletype=ratypes,
+- source=source,
+- target=target,
+- tclass=tclass)
++ q = RBACRuleQuery(_pol,
++ ruletype=ratypes,
++ source=source,
++ target=target,
++ tclass=tclass)
+
+ for r in q.results():
+ toret.append({'source': str(r.source),
+@@ -720,11 +730,11 @@ def get_all_entrypoints():
+
+
+ def get_entrypoint_types(setype):
+- q = setools.TERuleQuery(_pol,
+- ruletype=[ALLOW],
+- source=setype,
+- tclass=["file"],
+- perms=["entrypoint"])
++ q = TERuleQuery(_pol,
++ ruletype=[ALLOW],
++ source=setype,
++ tclass=["file"],
++ perms=["entrypoint"])
+ return [str(x.target) for x in q.results() if x.source == setype]
+
+
+@@ -739,10 +749,10 @@ def get_init_transtype(path):
+
+
+ def get_init_entrypoint(transtype):
+- q = setools.TERuleQuery(_pol,
+- ruletype=["type_transition"],
+- source="init_t",
+- tclass=["process"])
++ q = TERuleQuery(_pol,
++ ruletype=["type_transition"],
++ source="init_t",
++ tclass=["process"])
+ entrypoints = []
+ for i in q.results():
+ try:
+@@ -754,10 +764,10 @@ def get_init_entrypoint(transtype):
+ return entrypoints
+
+ def get_init_entrypoints_str():
+- q = setools.TERuleQuery(_pol,
+- ruletype=["type_transition"],
+- source="init_t",
+- tclass=["process"])
++ q = TERuleQuery(_pol,
++ ruletype=["type_transition"],
++ source="init_t",
++ tclass=["process"])
+ entrypoints = {}
+ for i in q.results():
+ try:
+@@ -837,7 +847,7 @@ def get_all_role_allows():
+ return role_allows
+ role_allows = {}
+
+- q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])
++ q = RBACRuleQuery(_pol, ruletype=[ALLOW])
+ for r in q.results():
+ src = str(r.source)
+ tgt = str(r.target)
+@@ -923,7 +933,7 @@ def get_all_roles():
+ if not _pol:
+ init_policy()
+
+- q = setools.RoleQuery(_pol)
++ q = RoleQuery(_pol)
+ roles = [str(x) for x in q.results() if str(x) != "object_r"]
+ return roles
+
diff --git a/sys-apps/selinux-python/selinux-python-3.2.ebuild b/sys-apps/selinux-python/selinux-python-3.2-r1.ebuild
index affdd90050d8..15b87bbd7251 100644
--- a/sys-apps/selinux-python/selinux-python-3.2.ebuild
+++ b/sys-apps/selinux-python/selinux-python-3.2-r1.ebuild
@@ -39,6 +39,10 @@ BDEPEND="
>=sys-apps/secilc-${PV}
)"
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.2-optional-networkx.patch
+)
+
src_prepare() {
default
sed -i 's/-Werror//g' "${S}"/*/Makefile || die "Failed to remove Werror"