sys-apps/selinux-python: Add from Gentoo

It's from Gentoo commit 1f169055faba2cf169efde90fc70c0c2c657204e.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>

sdk_container/src/third_party/portage-stable/sys-apps/selinux-python/Manifest

@@ -0,0 +1,2 @@
+DIST selinux-python-3.7.tar.gz 3652377 BLAKE2B 59fd7cab0034c175f42f6120ba665701945adcbd4e8af97a0dc2a1c79688a596b199528886ceea079a3f7a969258611fb660449d313d9e893de381293e786381 SHA512 036bc1f0e64cbbaade592dc7899a92765a0bac426140d7d3960f73bad6eb5f95d79d91e0f0e1604f88a991ebf59c4c90ccaaa4158f5dc4d3275ca2aed1673b09
+DIST selinux-python-3.8.1.tar.gz 3652823 BLAKE2B dde6081f55d646a6993083a000524b4ce834718f7cd555c8be88574f227f3d8ed24f390dc4568f3f66c1f3643a606779b6350ad28dfbfe2a1bd9d5a6798c37e0 SHA512 bad791411cff373cf749302d44205495a9d100ca6140ea895cb87a85f5d0b0cfaaf4b7418fca661fb3233d14951755d1c2d85961c731243c92622fdfb343734a

sdk_container/src/third_party/portage-stable/sys-apps/selinux-python/files/selinux-python-3.8.1-no-pip.patch

@@ -0,0 +1,14 @@
+Use eclass functions to install under PEP517
+
+Patch to ensure failure if the change fails to apply.
+
+--- a/sepolicy/Makefile
++++ b/sepolicy/Makefile
+@@ -27,7 +27,6 @@ test:
+ 	@$(PYTHON) test_sepolicy.py -v
+ 
+ install:
+-	$(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
+ 	[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ 	install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ 	(cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)

sdk_container/src/third_party/portage-stable/sys-apps/selinux-python/metadata.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>selinux@gentoo.org</email>
+		<name>SELinux Team</name>
+	</maintainer>
+	<longdescription>
+		selinux-python contains the core python selinux utilities and libraries
+		that are required for basic operation of a SELinux system. These
+		include semanage, sepolicy and sepolgen.
+	</longdescription>
+	<upstream>
+		<remote-id type="github">SELinuxProject/selinux</remote-id>
+	</upstream>
+</pkgmetadata>

sdk_container/src/third_party/portage-stable/sys-apps/selinux-python/selinux-python-3.7-r1.ebuild

@@ -0,0 +1,118 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+PYTHON_COMPAT=( python3_{10..12} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit python-r1 toolchain-funcs
+
+MY_PV="${PV//_/-}"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	S="${WORKDIR}/${P}/${PN#selinux-}"
+else
+	SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="amd64 arm arm64 ~riscv x86"
+	S="${WORKDIR}/${MY_P}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND=">=sys-libs/libselinux-${PV}:=[python]
+	>=sys-libs/libsemanage-${PV}:=[python(+)]
+	>=sys-libs/libsepol-${PV}:=[static-libs(+)]
+	>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
+	>=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}]
+	${PYTHON_DEPS}"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	test? (
+		${RDEPEND}
+		sec-policy/selinux-base
+		>=sys-apps/secilc-${PV}
+	)"
+
+src_prepare() {
+	default
+	sed -i 's/-Werror//g' "${S}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			CC="$(tc-getCC)" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	python_foreach_impl building
+}
+
+src_test() {
+	testing() {
+		# The different subprojects have some interproject dependencies:
+		# - audit2allow depens on sepolgen
+		# - chcat depends on semanage
+		# and maybe others.
+		# Add all the modules of the individual subprojects to the
+		# PYTHONPATH, so they get actually found and used. In
+		# particular, already installed versions on the system are not
+		# used.
+		for dir in audit2allow chcat semanage sepolgen/src sepolicy ; do
+			PYTHONPATH="${BUILD_DIR}/${dir}:${PYTHONPATH}"
+		done
+		PYTHONPATH=${PYTHONPATH} \
+			emake -C "${BUILD_DIR}" \
+				test
+	}
+	python_foreach_impl testing
+}
+
+src_install() {
+	installation() {
+		emake -C "${BUILD_DIR}" \
+			DESTDIR="${D}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+	python_foreach_impl installation
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+		python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage; do
+		python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	# Create sepolgen.conf with different devel location definition
+	mkdir -p "${D}"/etc/selinux || die "Failed to create selinux directory";
+	if [[ -f /etc/selinux/config ]];
+	then
+		local selinuxtype=$(awk -F'=' '/^SELINUXTYPE/ {print $2}' /etc/selinux/config);
+		echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+			> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+	else
+		local selinuxtype="${POLICY_TYPES%% *}";
+		if [[ -n "${selinuxtype}" ]];
+		then
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		else
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/strict/include:/usr/share/selinux/strict" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		fi
+	fi
+}

sdk_container/src/third_party/portage-stable/sys-apps/selinux-python/selinux-python-3.8.1-r2.ebuild

@@ -0,0 +1,142 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{11..13} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit distutils-r1 toolchain-funcs
+
+MY_PV="${PV//_/-}"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	S="${WORKDIR}/${P}/${PN#selinux-}"
+else
+	SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="amd64 arm arm64 ~riscv x86"
+	S="${WORKDIR}/${MY_P}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="test"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=sys-libs/libselinux-${PV}:=[python]
+	>=sys-libs/libsemanage-${PV}:=[python(+)]
+	>=sys-libs/libsepol-${PV}:=[static-libs(+)]
+	>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
+	>=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}]"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	test? (
+		${RDEPEND}
+		sec-policy/selinux-base
+		>=sys-apps/secilc-${PV}
+	)"
+
+PATCHES=(
+	"${FILESDIR}"/selinux-python-3.8.1-no-pip.patch
+)
+
+src_prepare() {
+	default
+
+	sed -e 's/-Werror//g' -i "${S}"/*/Makefile || die "Failed to remove Werror"
+
+	pushd sepolicy >/dev/null || die
+	# To avoid default
+	DISTUTILS_OPTIONAL=1 distutils-r1_src_prepare
+	popd >/dev/null || die
+}
+
+python_compile() {
+	distutils-r1_python_compile
+	emake -C "${S}" \
+		CC="$(tc-getCC)" \
+		LIBDIR="\$(PREFIX)/$(get_libdir)"
+}
+
+src_compile() {
+	pushd sepolicy >/dev/null || die
+	distutils-r1_src_compile
+	popd >/dev/null || die
+}
+
+python_test() {
+	# The different subprojects have some interproject dependencies:
+	# - audit2allow depens on sepolgen
+	# - chcat depends on semanage
+	# and maybe others.
+	# Add all the modules of the individual subprojects to the
+	# PYTHONPATH, so they get actually found and used. In
+	# particular, already installed versions on the system are not
+	# used.
+	for dir in audit2allow chcat semanage sepolgen/src sepolicy ; do
+		PYTHONPATH="${S}/${dir}:${PYTHONPATH}"
+	done
+	PYTHONPATH=${PYTHONPATH} emake -C "${S}" test
+}
+
+src_test() {
+	pushd sepolicy >/dev/null || die
+	distutils-r1_src_test
+	popd >/dev/null || die
+}
+
+python_install() {
+	distutils-r1_python_install
+	emake -C "${S}" \
+		DESTDIR="${D}" \
+		LIBDIR="\$(PREFIX)/$(get_libdir)" \
+		install
+
+	# Install over previously installed scripts to ensure proper python support
+	python_doscript "${S}"/audit2allow/audit2allow
+	python_doscript "${S}"/audit2allow/sepolgen-ifgen
+	python_doscript "${S}"/chcat/chcat
+	python_newscript "${S}"/sepolicy/sepolicy.py sepolicy
+
+	python_scriptinto /usr/sbin
+	python_doscript "${S}"/semanage/semanage
+
+	# set _PYTHON_SCRIPTROOT to the implicit default for the next python target, bug #967869
+	python_scriptinto /usr/bin
+
+	python_optimize
+}
+
+python_install_all() {
+	# Create sepolgen.conf with different devel location definition
+	mkdir -p "${D}"/etc/selinux || die "Failed to create selinux directory";
+	if [[ -f /etc/selinux/config ]];
+	then
+		local selinuxtype=$(awk -F'=' '/^SELINUXTYPE/ {print $2}' /etc/selinux/config);
+		echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+			> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+	else
+		local selinuxtype="${POLICY_TYPES%% *}";
+		if [[ -n "${selinuxtype}" ]];
+		then
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		else
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/strict/include:/usr/share/selinux/strict" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		fi
+	fi
+}
+
+src_install() {
+	pushd sepolicy >/dev/null || die
+	distutils-r1_src_install
+	popd >/dev/null || die
+}

sdk_container/src/third_party/portage-stable/sys-apps/selinux-python/selinux-python-3.8.1.ebuild

@@ -0,0 +1,118 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+PYTHON_COMPAT=( python3_{10..13} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit python-r1 toolchain-funcs
+
+MY_PV="${PV//_/-}"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	S="${WORKDIR}/${P}/${PN#selinux-}"
+else
+	SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="amd64 arm arm64 x86"
+	S="${WORKDIR}/${MY_P}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND=">=sys-libs/libselinux-${PV}:=[python]
+	>=sys-libs/libsemanage-${PV}:=[python(+)]
+	>=sys-libs/libsepol-${PV}:=[static-libs(+)]
+	>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
+	>=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}]
+	${PYTHON_DEPS}"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	test? (
+		${RDEPEND}
+		sec-policy/selinux-base
+		>=sys-apps/secilc-${PV}
+	)"
+
+src_prepare() {
+	default
+	sed -i 's/-Werror//g' "${S}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			CC="$(tc-getCC)" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	python_foreach_impl building
+}
+
+src_test() {
+	testing() {
+		# The different subprojects have some interproject dependencies:
+		# - audit2allow depens on sepolgen
+		# - chcat depends on semanage
+		# and maybe others.
+		# Add all the modules of the individual subprojects to the
+		# PYTHONPATH, so they get actually found and used. In
+		# particular, already installed versions on the system are not
+		# used.
+		for dir in audit2allow chcat semanage sepolgen/src sepolicy ; do
+			PYTHONPATH="${BUILD_DIR}/${dir}:${PYTHONPATH}"
+		done
+		PYTHONPATH=${PYTHONPATH} \
+			emake -C "${BUILD_DIR}" \
+				test
+	}
+	python_foreach_impl testing
+}
+
+src_install() {
+	installation() {
+		emake -C "${BUILD_DIR}" \
+			DESTDIR="${D}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+	python_foreach_impl installation
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+		python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage; do
+		python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	# Create sepolgen.conf with different devel location definition
+	mkdir -p "${D}"/etc/selinux || die "Failed to create selinux directory";
+	if [[ -f /etc/selinux/config ]];
+	then
+		local selinuxtype=$(awk -F'=' '/^SELINUXTYPE/ {print $2}' /etc/selinux/config);
+		echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+			> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+	else
+		local selinuxtype="${POLICY_TYPES%% *}";
+		if [[ -n "${selinuxtype}" ]];
+		then
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		else
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/strict/include:/usr/share/selinux/strict" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		fi
+	fi
+}

sdk_container/src/third_party/portage-stable/sys-apps/selinux-python/selinux-python-9999.ebuild

@@ -0,0 +1,142 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{11..13} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit distutils-r1 toolchain-funcs
+
+MY_PV="${PV//_/-}"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	S="${WORKDIR}/${P}/${PN#selinux-}"
+else
+	SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+	S="${WORKDIR}/${MY_P}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="test"
+RESTRICT="!test? ( test )"
+
+RDEPEND=">=sys-libs/libselinux-${PV}:=[python]
+	>=sys-libs/libsemanage-${PV}:=[python(+)]
+	>=sys-libs/libsepol-${PV}:=[static-libs(+)]
+	>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
+	>=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}]"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	test? (
+		${RDEPEND}
+		sec-policy/selinux-base
+		>=sys-apps/secilc-${PV}
+	)"
+
+PATCHES=(
+	"${FILESDIR}"/selinux-python-3.8.1-no-pip.patch
+)
+
+src_prepare() {
+	default
+
+	sed -e 's/-Werror//g' -i "${S}"/*/Makefile || die "Failed to remove Werror"
+
+	pushd sepolicy >/dev/null || die
+	# To avoid default
+	DISTUTILS_OPTIONAL=1 distutils-r1_src_prepare
+	popd >/dev/null || die
+}
+
+python_compile() {
+	distutils-r1_python_compile
+	emake -C "${S}" \
+		CC="$(tc-getCC)" \
+		LIBDIR="\$(PREFIX)/$(get_libdir)"
+}
+
+src_compile() {
+	pushd sepolicy >/dev/null || die
+	distutils-r1_src_compile
+	popd >/dev/null || die
+}
+
+python_test() {
+	# The different subprojects have some interproject dependencies:
+	# - audit2allow depens on sepolgen
+	# - chcat depends on semanage
+	# and maybe others.
+	# Add all the modules of the individual subprojects to the
+	# PYTHONPATH, so they get actually found and used. In
+	# particular, already installed versions on the system are not
+	# used.
+	for dir in audit2allow chcat semanage sepolgen/src sepolicy ; do
+		PYTHONPATH="${S}/${dir}:${PYTHONPATH}"
+	done
+	PYTHONPATH=${PYTHONPATH} emake -C "${S}" test
+}
+
+src_test() {
+	pushd sepolicy >/dev/null || die
+	distutils-r1_src_test
+	popd >/dev/null || die
+}
+
+python_install() {
+	distutils-r1_python_install
+	emake -C "${S}" \
+		DESTDIR="${D}" \
+		LIBDIR="\$(PREFIX)/$(get_libdir)" \
+		install
+
+	# Install over previously installed scripts to ensure proper python support
+	python_doscript "${S}"/audit2allow/audit2allow
+	python_doscript "${S}"/audit2allow/sepolgen-ifgen
+	python_doscript "${S}"/chcat/chcat
+	python_newscript "${S}"/sepolicy/sepolicy.py sepolicy
+
+	python_scriptinto /usr/sbin
+	python_doscript "${S}"/semanage/semanage
+
+	# set _PYTHON_SCRIPTROOT to the implicit default for the next python target, bug #967869
+	python_scriptinto /usr/bin
+
+	python_optimize
+}
+
+python_install_all() {
+	# Create sepolgen.conf with different devel location definition
+	mkdir -p "${D}"/etc/selinux || die "Failed to create selinux directory";
+	if [[ -f /etc/selinux/config ]];
+	then
+		local selinuxtype=$(awk -F'=' '/^SELINUXTYPE/ {print $2}' /etc/selinux/config);
+		echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+			> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+	else
+		local selinuxtype="${POLICY_TYPES%% *}";
+		if [[ -n "${selinuxtype}" ]];
+		then
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/${selinuxtype}/include:/usr/share/selinux/${selinuxtype}" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		else
+			echo "SELINUX_DEVEL_PATH=/usr/share/selinux/strict/include:/usr/share/selinux/strict" \
+				> "${D}"/etc/selinux/sepolgen.conf || die "Failed to generate sepolgen"
+		fi
+	fi
+}
+
+src_install() {
+	pushd sepolicy >/dev/null || die
+	distutils-r1_src_install
+	popd >/dev/null || die
+}