Tags: patch I am 95% sure I know what is happening and a solution for this. I think the fix applied to libsemanage is better.
So if one looks at the build log at the time when Ruby shipped both 3.1 and 3.3, one would notice that the line that's responsible for compiling the wrapper is only referenced for Ruby 3.1, but not for Ruby 3.3: cc -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/libselinux-3.8.1=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fno-semantic-interposition -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -DHAVE_STRLCPY -DHAVE_REALLOCARRAY -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations -Wno-deprecated-declarations -I/usr/include/x86_64-linux-gnu/ruby-3.1.0 -I/usr/include/ruby-3.1.0 -fPIC -DSHARED -c -o ruby3.1_selinuxswig_ruby_wrap.lo selinuxswig_ruby_wrap.c The reason I started looking into that line is that when running Ruby under gdb, I noticed that it pulls references from ruby-3.1 libs and started investigating how ruby-selinux is built. So I found that the target in the Makefile does not have a ruby version-specific name, so it gets re-used. I don't know which solution is the best here. I would say that cleaning in-between compilation for different version would be an not so resource-efficient, but bulletproof. However, I went for a simpler one-liner that just makes the target name ruby-specific in the dumbest way possible. After applying the patch and building, we see the line for ruby3.3 appear in the build log: cc -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/libselinux-3.8.1=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fno-semantic-interposition -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -DHAVE_STRLCPY -DHAVE_REALLOCARRAY -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations -Wno-deprecated-declarations -I/usr/include/x86_64-linux-gnu/ruby-3.3.0 -I/usr/include/ruby-3.3.0 -fPIC -DSHARED -c -o ruby3.3_selinuxswig_ruby_wrap.lo selinuxswig_ruby_wrap.c And after installing the new .so, it successfully loads. While writing this update I looked at https://codesearch.debian.net/search?q=SWIGRUBYLOBJ&literal=1, and it seems to suggest that 1) a neighbour package took a much better approach and 2) that android-platform-external-libselinux would require the same fix. Keeping the breadcrumbs of the investigation for whoever needs to debug this again: gdb and debug builds are your friend (as always). -- Regards, Andrey
Description: Compile the Ruby wrapper for all ruby versions. Otherwise the target gets cached. Author: snusmum...@google.com Last-Update: 2025-08-12 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ Index: libselinux-3.8.1-1/src/Makefile =================================================================== --- libselinux-3.8.1-1.orig/src/Makefile +++ libselinux-3.8.1-1/src/Makefile @@ -40,7 +40,7 @@ SWIGCOUT= selinuxswig_python_wrap.c SWIGPYOUT= selinux.py SWIGRUBYCOUT= selinuxswig_ruby_wrap.c SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT)) -SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) +SWIGRUBYLOBJ:= $(RUBY)_$(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) SWIGSO=$(PYPREFIX)_selinux.so SWIGFILES=$(SWIGSO) $(SWIGPYOUT) SWIGRUBYSO=$(RUBYPREFIX)_selinux.so
_______________________________________________ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel
