python3 support for semanage_migrate_store. bug 529252

(Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key 0x7EF137EC935B0EAF)

3 files changed, 397 insertions, 1 deletions

diff --git a/sys-libs/libsemanage/ChangeLog b/sys-libs/libsemanage/ChangeLog
index edf63d26ede4..831f0b25267a 100644
--- a/sys-libs/libsemanage/ChangeLog
+++ b/sys-libs/libsemanage/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-libs/libsemanage
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/ChangeLog,v 1.81 2014/11/14 19:19:00 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/ChangeLog,v 1.82 2014/11/22 13:27:42 perfinion Exp $
+
+*libsemanage-2.4_rc6-r1 (22 Nov 2014)
+
+  22 Nov 2014; Jason Zaman <perfinon@gentoo.org>
+  +files/0002-semanage_migrate_store-Python3-support.patch,
+  +libsemanage-2.4_rc6-r1.ebuild:
+  python3 support for semanage_migrate_store. bug 529252
 
 *libsemanage-2.4_rc6 (14 Nov 2014)
 
diff --git a/sys-libs/libsemanage/files/0002-semanage_migrate_store-Python3-support.patch b/sys-libs/libsemanage/files/0002-semanage_migrate_store-Python3-support.patch
new file mode 100644
index 000000000000..40f821ae20d7
--- /dev/null
+++ b/sys-libs/libsemanage/files/0002-semanage_migrate_store-Python3-support.patch
@@ -0,0 +1,284 @@
+From 877acdb31ff4261f0fcd03a8fb9ada76703802f3 Mon Sep 17 00:00:00 2001
+From: Jason Zaman <jason@perfinion.com>
+Date: Thu, 20 Nov 2014 00:18:59 +0400
+Subject: [PATCH 2/2] semanage_migrate_store: Python3 support
+
+Mainly used the 2to3 conversion tool. Also added in a __future__
+import so that the script continues to work on Python 2.
+
+Tested on 2.7, 3.3, 3.4. Should work on 2.6 too but untested.
+
+Signed-off-by: Jason Zaman <jason@perfinion.com>
+Acked-by: Steve Lawrence <slawrence@tresys.com>
+---
+ libsemanage/utils/semanage_migrate_store | 86 +++++++++++++++++---------------
+ 1 file changed, 45 insertions(+), 41 deletions(-)
+
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index cbc4f31..0371e49 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -1,6 +1,7 @@
+ #!/usr/bin/python -E
+ 
+ 
++from __future__ import print_function
+ import os
+ import errno
+ import shutil
+@@ -16,7 +17,7 @@ try:
+ 	import selinux
+ 	import semanage
+ except:
+-	print >> sys.stderr, "You must install libselinux-python and libsemanage-python before running this tool"
++	print("You must install libselinux-python and libsemanage-python before running this tool", file=sys.stderr)
+ 	exit(1)
+ 
+ 
+@@ -25,100 +26,103 @@ except:
+ # For some reason this function doesn't exist in libselinux :\
+ def copy_with_context(src, dst):
+ 	if DEBUG:
+-		print "copying %s to %s" % (src, dst)
++		print("copying %s to %s" % (src, dst))
+ 	try:
+ 		con = selinux.lgetfilecon_raw(src)[1]
+ 	except:
+-		print >> sys.stderr, "Could not get file context of %s" % src
++		print("Could not get file context of %s" % src, file=sys.stderr)
+ 		exit(1)
+ 
+ 	try:
+ 		selinux.setfscreatecon_raw(con)
+ 	except:
+-		print >> sys.stderr, "Could not set fs create context: %s" %con
++		print("Could not set fs create context: %s" %con, file=sys.stderr)
+ 		exit(1)
+ 
+ 	try:
+ 		shutil.copy2(src, dst)
+-	except OSError as (err, strerr):
+-		print >> sys.stderr, "Could not copy %s to %s, %s" %(src, dst, strerr)
++	except OSError as the_err:
++		(err, strerr) = the_err.args
++		print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr)
+ 		exit(1)
+ 
+ 	try:
+ 		selinux.setfscreatecon_raw(None)
+ 	except:
+-		print >> sys.stderr, "Could not reset fs create context. May need to relabel system."
++		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+ def create_dir_from(src, dst, mode):
+-	if DEBUG: print "Making directory %s" % dst
++	if DEBUG: print("Making directory %s" % dst)
+ 	try:
+ 		con = selinux.lgetfilecon_raw(src)[1]
+ 		selinux.setfscreatecon_raw(con)
+ 		os.makedirs(dst, mode)
+-	except OSError as (err, stderr):
++	except OSError as the_err:
++		(err, stderr) = the_err.args
+ 		if err == errno.EEXIST:
+ 			pass
+ 		else:
+-			print >> sys.stderr, "Error creating %s" % dst
++			print("Error creating %s" % dst, file=sys.stderr)
+ 			exit(1)
+ 
+ 	try:
+ 		selinux.setfscreatecon_raw(None)
+ 	except:
+-		print >> sys.stderr, "Could not reset fs create context. May need to relabel system."
++		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+ def create_file_from(src, dst):
+-	if DEBUG: print "Making file %s" % dst
++	if DEBUG: print("Making file %s" % dst)
+ 	try:
+ 		con = selinux.lgetfilecon_raw(src)[1]
+ 		selinux.setfscreatecon_raw(con)
+ 		open(dst, 'a').close()
+-	except OSError as (err, stderr):
+-		print >> sys.stderr, "Error creating %s" % dst
++	except OSError as the_err:
++		(err, stderr) = the_err.args
++		print("Error creating %s" % dst, file=sys.stderr)
+ 		exit(1)
+ 
+ 	try:
+ 		selinux.setfscreatecon_raw(None)
+ 	except:
+-		print >> sys.stderr, "Could not reset fs create context. May need to relabel system."
++		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+ def copy_module(store, name, con, base):
+-	if DEBUG: print "Install module %s" % name	
++	if DEBUG: print("Install module %s" % name)
+ 	(file, ext) = os.path.splitext(name)
+ 	if ext != ".pp":
+ 		# Stray non-pp file in modules directory, skip
+-		print >> sys.stderr, "warning: %s has invalid extension, skipping" % name
++		print("warning: %s has invalid extension, skipping" % name, file=sys.stderr)
+ 		return
+ 	try:
+ 		selinux.setfscreatecon_raw(con)
+-	
++
+ 		if base:
+ 			root = oldstore_path(store)
+ 		else:
+ 			root = oldmodules_path(store)
+ 
+ 		bottomdir = bottomdir_path(store)
+-			
++
+ 		os.mkdir("%s/%s" % (bottomdir, file))
+ 
+ 		copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
+ 
+ 		# This is the ext file that will eventually be used to choose a compiler
+-		efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0600)
++		efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600)
+ 		efile.write("pp")
+ 		efile.close()
+ 
+ 	except:
+-		print >> sys.stderr, "Error installing module %s" % name
++		print("Error installing module %s" % name, file=sys.stderr)
+ 		exit(1)
+ 
+ 	try:
+ 		selinux.setfscreatecon_raw(None)
+ 	except:
+-		print >> sys.stderr, "Could not reset fs create context. May need to relabel system."
++		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+ def disable_module(file, root, name, disabledmodules):
+-	if DEBUG: print "Disabling %s" % name
++	if DEBUG: print("Disabling %s" % name)
+ 	(disabledname, disabledext) = os.path.splitext(file)
+ 	create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname))
+ 
+@@ -131,14 +135,14 @@ def migrate_store(store):
+ 	newmodules = newmodules_path(store);
+ 	bottomdir = bottomdir_path(store);
+ 
+-	print "Migrating from %s to %s" % (oldstore, newstore)
++	print("Migrating from %s to %s" % (oldstore, newstore))
+ 
+ 	# Build up new directory structure
+-	create_dir_from(selinux.selinux_policy_root(), "%s/%s" % (newroot_path(), store), 0755)
+-	create_dir_from(oldmodules, newstore, 0700)
+-	create_dir_from(oldstore, newmodules, 0700)
+-	create_dir_from(oldstore, bottomdir, 0700)
+-	create_dir_from(oldstore, disabledmodules, 0700)
++	create_dir_from(selinux.selinux_policy_root(), "%s/%s" % (newroot_path(), store), 0o755)
++	create_dir_from(oldmodules, newstore, 0o700)
++	create_dir_from(oldstore, newmodules, 0o700)
++	create_dir_from(oldstore, bottomdir, 0o700)
++	create_dir_from(oldstore, disabledmodules, 0o700)
+ 
+ 	# use whatever the file context of bottomdir is for the module directories
+ 	con = selinux.lgetfilecon_raw(bottomdir)[1]
+@@ -149,7 +153,7 @@ def migrate_store(store):
+ 	# Dir structure built, start copying files
+ 	for root, dirs, files in os.walk(oldstore):
+ 		if root == oldstore:
+-			# This is the top level directory, need to move 
++			# This is the top level directory, need to move
+ 			for name in files:
+ 				# Check to see if it is in TOPPATHS and copy if so
+ 				if name in TOPPATHS:
+@@ -164,7 +168,7 @@ def migrate_store(store):
+ 			for name in files:
+ 				(file, ext) = os.path.splitext(name)
+ 				if name == "base.pp":
+-					print >> sys.stderr, "Error installing module %s, name conflicts with base" % name
++					print("Error installing module %s, name conflicts with base" % name, file=sys.stderr)
+ 					exit(1)
+ 				elif ext == ".disabled":
+ 					disable_module(file, root, name, disabledmodules)
+@@ -173,32 +177,32 @@ def migrate_store(store):
+ 
+ def rebuild_policy():
+ 	# Ok, the modules are loaded, lets try to rebuild the policy
+-	print "Attempting to rebuild policy from %s" % newroot_path()
++	print("Attempting to rebuild policy from %s" % newroot_path())
+ 
+ 	curstore = selinux.selinux_getpolicytype()[1]
+ 
+ 	handle = semanage.semanage_handle_create()
+ 	if not handle:
+-		print >> sys.stderr, "Could not create semanage handle"
++		print("Could not create semanage handle", file=sys.stderr)
+ 		exit(1)
+ 
+ 	semanage.semanage_select_store(handle, curstore, semanage.SEMANAGE_CON_DIRECT)
+ 
+ 	if not semanage.semanage_is_managed(handle):
+ 		semanage.semanage_handle_destroy(handle)
+-		print >> sys.stderr, "SELinux policy is not managed or store cannot be accessed."
++		print("SELinux policy is not managed or store cannot be accessed.", file=sys.stderr)
+ 		exit(1)
+ 
+ 	rc = semanage.semanage_access_check(handle)
+ 	if rc < semanage.SEMANAGE_CAN_WRITE:
+ 		semanage.semanage_handle_destroy(handle)
+-		print >> sys.stderr, "Cannot write to policy store."
++		print("Cannot write to policy store.", file=sys.stderr)
+ 		exit(1)
+ 
+ 	rc = semanage.semanage_connect(handle)
+ 	if rc < 0:
+ 		semanage.semanage_handle_destroy(handle)
+-		print >> sys.stderr, "Could not establish semanage connection"
++		print("Could not establish semanage connection", file=sys.stderr)
+ 		exit(1)
+ 
+ 	semanage.semanage_set_rebuild(handle, 1)
+@@ -206,12 +210,12 @@ def rebuild_policy():
+ 	rc = semanage.semanage_begin_transaction(handle)
+ 	if rc < 0:
+ 		semanage.semanage_handle_destroy(handle)
+-		print >> sys.stderr, "Could not begin transaction"
++		print("Could not begin transaction", file=sys.stderr)
+ 		exit(1)
+ 
+ 	rc = semanage.semanage_commit(handle)
+ 	if rc < 0:
+-		print >> sys.stderr, "Could not commit transaction"
++		print("Could not commit transaction", file=sys.stderr)
+ 
+ 	semanage.semanage_handle_destroy(handle)
+ 
+@@ -283,7 +287,7 @@ if __name__ == "__main__":
+ 		"preserve_tunables" ]
+ 
+ 
+-	create_dir_from(oldroot_path(), newroot_path(), 0755)
++	create_dir_from(oldroot_path(), newroot_path(), 0o755)
+ 
+ 	stores = None
+ 	if TYPE is not None:
+@@ -299,14 +303,14 @@ if __name__ == "__main__":
+ 
+ 		if os.path.isdir(newstore_path(store)):
+ 			# store has already been migrated, but old modules dir still exits
+-			print >> sys.stderr, "warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store
++			print("warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store, file=sys.stderr)
+ 			continue
+ 
+ 		migrate_store(store)
+ 
+ 		if CLEAN is True:
+ 			def remove_error(function, path, execinfo):
+-				print >> sys.stderr, "warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store)
++				print("warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store), file=sys.stderr)
+ 			shutil.rmtree(oldmodules_path(store), onerror=remove_error)
+ 
+ 	if NOREBUILD is False:
+-- 
+2.0.4
+
diff --git a/sys-libs/libsemanage/libsemanage-2.4_rc6-r1.ebuild b/sys-libs/libsemanage/libsemanage-2.4_rc6-r1.ebuild
new file mode 100644
index 000000000000..59e4b4a1adf1
--- /dev/null
+++ b/sys-libs/libsemanage/libsemanage-2.4_rc6-r1.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/libsemanage/libsemanage-2.4_rc6-r1.ebuild,v 1.1 2014/11/22 13:27:42 perfinion Exp $
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 python3_2 python3_3 python3_4 )
+
+inherit multilib python-r1 toolchain-funcs eutils multilib-minimal
+
+MY_P="${P//_/-}"
+
+SEPOL_VER="2.4_rc6"
+SELNX_VER="2.4_rc6"
+
+DESCRIPTION="SELinux kernel and policy management library"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140826/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="python"
+
+RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}]
+	>=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}]
+	>=sys-process/audit-2.2.2[${MULTILIB_USEDEP}]
+	>=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}]
+	"
+DEPEND="${RDEPEND}
+	sys-devel/bison
+	sys-devel/flex
+	python? (
+		>=dev-lang/swig-2.0.4-r1
+		virtual/pkgconfig
+		${PYTHON_DEPS}
+	)"
+
+# tests are not meant to be run outside of the
+# full SELinux userland repo
+RESTRICT="test"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf"
+	echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf"
+	echo "# or debugging of policy." >> "${S}/src/semanage.conf"
+	echo "save-linked=false" >> "${S}/src/semanage.conf"
+	echo >> "${S}/src/semanage.conf"
+	echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf"
+	echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf"
+	echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf"
+	echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf"
+	echo "# would catch." >> "${S}/src/semanage.conf"
+	echo "expand-check=1" >> "${S}/src/semanage.conf"
+	echo >> "${S}/src/semanage.conf"
+	echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf"
+	echo "# with bzip2.  Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf"
+	echo "# 1-9 when compressing.  The higher the number," >> "${S}/src/semanage.conf"
+	echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf"
+	echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf"
+	echo "bzip-blocksize=0" >> "${S}/src/semanage.conf"
+	echo >> "${S}/src/semanage.conf"
+	echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf"
+	echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf"
+	echo "bzip-small=true" >> "${S}/src/semanage.conf"
+
+	epatch "${FILESDIR}/0002-semanage_migrate_store-Python3-support.patch" # bug 529252
+
+	epatch_user
+
+	multilib_copy_sources
+}
+
+multilib_src_compile() {
+	emake \
+		AR="$(tc-getAR)" \
+		CC="$(tc-getCC)" \
+		LIBDIR="${EPREFIX}/usr/$(get_libdir)" \
+		all
+
+	if multilib_is_native_abi && use python; then
+		building_py() {
+			python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH
+			emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@"
+		}
+		python_foreach_impl building_py swigify
+		python_foreach_impl building_py pywrap
+	fi
+}
+
+multilib_src_install() {
+	emake \
+		LIBDIR="${ED}/usr/$(get_libdir)" \
+		SHLIBDIR="${ED}/usr/$(get_libdir)" \
+		DESTDIR="${ED}" install
+
+	if multilib_is_native_abi && use python; then
+		installation_py() {
+			emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \
+				SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap
+		}
+		python_foreach_impl installation_py
+	fi
+}