[v4,3/5] libsepol: bump to 2.7, setools: bump to 4.1.1

Message ID 20171013023621.4081-3-Adamduskett@outlook.com
State Superseded, archived
Headers show
Series
  • [v4,1/5] libselinux: bump to 2.7
Related show

Commit Message

Adam Duskett Oct. 13, 2017, 2:36 a.m.
The reason for combining these patches is because the old version of
setools is not compatible iwth libsepol 2.7.  If a user where to do a
git pull on a patch that only updates libsepol or setools, the build
would fail to compile.

setools has been completely rewritten in python instead of C.

The current version of setools includes a few programs that require
python-qt5 or python-networkx to run, however the package does not
check to see if these exist when compiling, and will install the scripts
to the target directory even if they don't exist.

In the case of python-networkx, this package is not available on Buildroot.
The scripts that require them are: sedta and seinfoflow.
In the case of python-qt5, qpol is the script that requires it.

Some setools.mk notes to get the package to compile:

- Convert the package .mk to use python-package instead of autotools-package.

- Remove host variant of setools as it is no longer a dependency for
  policycoreutils.

- setup.py hard codes base_lib_dirs to point to several host directories.
  To fix this, sed is used before compiling to point the base_lib_dirs to
  the staging directory.

- setup.py also includes the "Werror" flag, however compilers before gcc6
  cause a few autogenerated variables to not be initialized before use,
  causing the build to fail.
  To fix this, sed is used before compiling to remove the Werror flag.

- Remove sedta and seinfoflow from the target system after install.  These
  packages rely on the package python-networkx which is not available in
  buildroot.

- Remove the installed apol package and the setoolsgui directory from the
  target directory if python-qt5 is not selected.

Other changes:
- Removed all patches, as they are not compatible with the new version of
  setools.

- Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
---
Changes v1 -> v2:
  - None

Changes v2 -> v3:
  - Added setools update to this patch due to build failures. (Matthew Weber)

Changes v3 -> v4:
  - Change commit message to read: 
    "Convert the package .mk to use python-package instead of 
    autotools-package." (Thomas)
  - Added comment explaining that setools is no longer a dependency for
    policycoreutils. (Thomas)
  - Add "depends on BR2_USE_MMU" to setools Config.in (Thomas)
  - Add "(requires python-qt5)" to apol line in setools Config.in (Thomas)
  - Fix setools comment. (Thomas)
  - Add prefix to variables in setools.mk (Thomas)
  - Add remove-werror-flag-from-setup.patch patch. (Thomas)
  - enclose SETOOLS_REMOVE_QT_SCRIPTS in "ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)"

 package/libsepol/0001-support-static-only.patch    |  32 +++---
 package/libsepol/0003-revert-ln-relative.patch     |  18 ++-
 package/libsepol/libsepol.hash                     |   4 +-
 package/libsepol/libsepol.mk                       |   4 +-
 package/setools/0001-cross-compile-fixes.patch     | 125 ---------------------
 .../0001-remove-werror-flag-from-setup.patch       |  29 +++++
 package/setools/0002-move-python-check.patch       |  25 -----
 ...s-Update-for-2015-02-02-Userspace-release.patch |  90 ---------------
 package/setools/Config.in                          |  35 ++----
 package/setools/setools.hash                       |   7 +-
 package/setools/setools.mk                         | 101 ++++++-----------
 11 files changed, 115 insertions(+), 355 deletions(-)
 delete mode 100644 package/setools/0001-cross-compile-fixes.patch
 create mode 100644 package/setools/0001-remove-werror-flag-from-setup.patch
 delete mode 100644 package/setools/0002-move-python-check.patch
 delete mode 100644 package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch

Comments

Matt Weber Oct. 13, 2017, 3:14 a.m. | #1
Adam,

On Thu, Oct 12, 2017 at 9:36 PM, Adam Duskett <aduskett@gmail.com> wrote:
> The reason for combining these patches is because the old version of
> setools is not compatible iwth libsepol 2.7.  If a user where to do a
> git pull on a patch that only updates libsepol or setools, the build
> would fail to compile.
>
> setools has been completely rewritten in python instead of C.
>
> The current version of setools includes a few programs that require
> python-qt5 or python-networkx to run, however the package does not
> check to see if these exist when compiling, and will install the scripts
> to the target directory even if they don't exist.
>
> In the case of python-networkx, this package is not available on Buildroot.
> The scripts that require them are: sedta and seinfoflow.
> In the case of python-qt5, qpol is the script that requires it.
>
> Some setools.mk notes to get the package to compile:
>
> - Convert the package .mk to use python-package instead of autotools-package.
>
> - Remove host variant of setools as it is no longer a dependency for
>   policycoreutils.
>
> - setup.py hard codes base_lib_dirs to point to several host directories.
>   To fix this, sed is used before compiling to point the base_lib_dirs to
>   the staging directory.
>
> - setup.py also includes the "Werror" flag, however compilers before gcc6
>   cause a few autogenerated variables to not be initialized before use,
>   causing the build to fail.
>   To fix this, sed is used before compiling to remove the Werror flag.
>
> - Remove sedta and seinfoflow from the target system after install.  These
>   packages rely on the package python-networkx which is not available in
>   buildroot.
>
> - Remove the installed apol package and the setoolsgui directory from the
>   target directory if python-qt5 is not selected.
>
> Other changes:
> - Removed all patches, as they are not compatible with the new version of
>   setools.
>
> - Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
>
> Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> ---
> Changes v1 -> v2:
>   - None
>
> Changes v2 -> v3:
>   - Added setools update to this patch due to build failures. (Matthew Weber)
>
> Changes v3 -> v4:
>   - Change commit message to read:
>     "Convert the package .mk to use python-package instead of
>     autotools-package." (Thomas)
>   - Added comment explaining that setools is no longer a dependency for
>     policycoreutils. (Thomas)
>   - Add "depends on BR2_USE_MMU" to setools Config.in (Thomas)
>   - Add "(requires python-qt5)" to apol line in setools Config.in (Thomas)
>   - Fix setools comment. (Thomas)
>   - Add prefix to variables in setools.mk (Thomas)
>   - Add remove-werror-flag-from-setup.patch patch. (Thomas)
>   - enclose SETOOLS_REMOVE_QT_SCRIPTS in "ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)"
>
>  package/libsepol/0001-support-static-only.patch    |  32 +++---
>  package/libsepol/0003-revert-ln-relative.patch     |  18 ++-
>  package/libsepol/libsepol.hash                     |   4 +-
>  package/libsepol/libsepol.mk                       |   4 +-
>  package/setools/0001-cross-compile-fixes.patch     | 125 ---------------------
>  .../0001-remove-werror-flag-from-setup.patch       |  29 +++++
>  package/setools/0002-move-python-check.patch       |  25 -----
>  ...s-Update-for-2015-02-02-Userspace-release.patch |  90 ---------------
>  package/setools/Config.in                          |  35 ++----
>  package/setools/setools.hash                       |   7 +-
>  package/setools/setools.mk                         | 101 ++++++-----------
>  11 files changed, 115 insertions(+), 355 deletions(-)
>  delete mode 100644 package/setools/0001-cross-compile-fixes.patch
>  create mode 100644 package/setools/0001-remove-werror-flag-from-setup.patch
>  delete mode 100644 package/setools/0002-move-python-check.patch
>  delete mode 100644 package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
>
> diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
> index 3e6d555e96..185a5641de 100644
> --- a/package/libsepol/0001-support-static-only.patch
> +++ b/package/libsepol/0001-support-static-only.patch
> @@ -1,4 +1,7 @@
> -Add support for static-only build
> +From 2140db697c7f1da2a0a3f7bbcb14c1a0dade84e5 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett@outlook.com>
> +Date: Mon, 9 Oct 2017 16:28:12 -0400
> +Subject: [PATCH] Add support for static-only build
>
>  Instead of unconditionally building shared libraries, this patch
>  improves the libsepol build system with a "STATIC" variable, which
> @@ -7,30 +10,30 @@ libraries. It allows to support cases where the target architecture
>  does not have support for shared libraries.
>
>  Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> -Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> -
> -Index: b/src/Makefile
> -===================================================================
> +Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> +---
> + src/Makefile | 13 ++++++++++---
> + 1 file changed, 10 insertions(+), 3 deletions(-)
>
>  diff --git a/src/Makefile b/src/Makefile
> -index db6c2ba..0006285 100644
> +index 819d261..040921d 100644
>  --- a/src/Makefile
>  +++ b/src/Makefile
> -@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
> - override CFLAGS += -I$(CILDIR)/include
> +@@ -40,7 +40,12 @@ LDFLAGS += -undefined dynamic_lookup
> + LN=gln
>   endif
>
> +-all: $(LIBA) $(LIBSO) $(LIBPC)
>  +ALL_TARGETS = $(LIBA) $(LIBPC)
>  +ifeq ($(STATIC),)
>  +ALL_TARGETS += $(LIBSO)
>  +endif
> -
> --all: $(LIBA) $(LIBSO) $(LIBPC)
> ++
>  +all: $(ALL_TARGETS)
>
> -
> +
>   $(LIBA):  $(OBJS)
> -@@ -66,11 +70,13 @@
> +@@ -82,11 +87,13 @@ endif
>   install: all
>         test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
>         install -m 644 $(LIBA) $(LIBDIR)
> @@ -41,8 +44,11 @@ index db6c2ba..0006285 100644
>  +ifeq ($(STATIC),)
>  +      test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
>  +      install -m 755 $(LIBSO) $(SHLIBDIR)
> -       ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> +       $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
>  +endif
>
>   relabel:
>         /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
> +--
> +2.13.6
> +
> diff --git a/package/libsepol/0003-revert-ln-relative.patch b/package/libsepol/0003-revert-ln-relative.patch
> index 0902d8d40e..488a9abea0 100644
> --- a/package/libsepol/0003-revert-ln-relative.patch
> +++ b/package/libsepol/0003-revert-ln-relative.patch
> @@ -1,4 +1,7 @@
> -Makefile: revert libsepol: use ln --relative to create .so symlinks
> +From 16b2b0e21e10727065042a1baabd1a887757c65c Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett@outlook.com>
> +Date: Mon, 9 Oct 2017 16:29:36 -0400
> +Subject: [PATCH] Makefile: revert libsepol: use ln --relative to create .so symlinks
>
>  This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998
>
> @@ -9,16 +12,23 @@ they are maintained (up to 10 years in some cases?).
>  For the sake of Buildroot, revert the upstream patch.
>
>  Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> +---
> + src/Makefile | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff -durN a/src/Makefile b/src/Makefile
> +diff --git a/src/Makefile b/src/Makefile
> +index 040921d..e811c9e 100644
>  --- a/src/Makefile
>  +++ b/src/Makefile
> -@@ -77,7 +77,7 @@
> +@@ -92,7 +92,7 @@ install: all
>   ifeq ($(STATIC),)
>         test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
>         install -m 755 $(LIBSO) $(SHLIBDIR)
> --      ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
> +-      $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
>  +      cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
>   endif
>
>   relabel:
> +--
> +2.13.6
> +
> diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
> index 6c705067a2..08e2bf97a4 100644
> --- a/package/libsepol/libsepol.hash
> +++ b/package/libsepol/libsepol.hash
> @@ -1,2 +1,2 @@
> -# From https://github.com/SELinuxProject/selinux/wiki/Releases
> -sha256 d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874  libsepol-2.6.tar.gz
> +# From: https://github.com/SELinuxProject/selinux/wiki/Releases
> +sha256 d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7  libsepol-2.7.tar.gz
> diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
> index 21ca419c74..c54c3bfc42 100644
> --- a/package/libsepol/libsepol.mk
> +++ b/package/libsepol/libsepol.mk
> @@ -4,8 +4,8 @@
>  #
>  ################################################################################
>
> -LIBSEPOL_VERSION = 2.6
> -LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
> +LIBSEPOL_VERSION = 2.7
> +LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
>  LIBSEPOL_LICENSE = LGPL-2.1+
>  LIBSEPOL_LICENSE_FILES = COPYING
>
> diff --git a/package/setools/0001-cross-compile-fixes.patch b/package/setools/0001-cross-compile-fixes.patch
> deleted file mode 100644
> index 1a4af0ce31..0000000000
> --- a/package/setools/0001-cross-compile-fixes.patch
> +++ /dev/null
> @@ -1,125 +0,0 @@
> -Correct build issues to enable cross compiling.  These changes require the
> -package to be auto reconfigured.
> -
> -These updates were not upsteamed as the 3.3.x version has stablized and they
> -were only taking bug fixes.  Also the 4.0 preview has completely reworked
> -the build infrastructure which will require this to be revisited.
> -
> -Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
> -
> -diff -urN a/configure.ac b/configure.ac
> ---- a/configure.ac     2013-01-16 10:36:24.000000000 -0600
> -+++ b/configure.ac     2013-07-12 08:22:10.380255248 -0500
> -@@ -448,8 +448,9 @@
> -               sepol_srcdir="")
> - if test "x${sepol_srcdir}" = "x"; then
> -    sepol_srcdir=${sepol_devel_libdir}
> --   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
> --      AC_MSG_ERROR([make sure libsepol-static is installed]))
> -+   if test ! -f ${sepol_srcdir}/libsepol.a; then
> -+      AC_MSG_ERROR([could not find precompiled libsepol.a])
> -+   fi
> - else
> -    AC_MSG_CHECKING([for compatible sepol source tree])
> -    sepol_version=${sepol_srcdir}/VERSION
> -@@ -484,8 +485,9 @@
> -    AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
> -    CFLAGS="${sepol_src_save_CFLAGS}"
> -    CPPFLAGS="${sepol_src_save_CPPFLAGS}"
> --   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
> --      AC_MSG_ERROR([could not find precompiled libsepol.a]))
> -+   if test ! -f ${sepol_srcdir}/libsepol.a; then
> -+      AC_MSG_ERROR([could not find precompiled libsepol.a])
> -+   fi
> -    sepol_devel_incdir="${sepol_srcdir}/../include"
> - fi
> - SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
> -@@ -578,12 +580,13 @@
> -                          [AC_LANG_SOURCE([
> - #include <sepol/policydb/expand.h>
> - int main () {
> --  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
> -+  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
> - }])],
> -                          AC_MSG_RESULT([yes]),
> -                          AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
> -     fi
> -     sepol_new_expand_boolmap="yes"
> -+    sepol_new_user_role_mapping="yes"
> - else
> -     sepol_new_expand_boolmap="no"
> - fi
> -@@ -607,7 +610,8 @@
> -     exit(EXIT_FAILURE);
> - }])],
> -     sepol_policy_version_max=`cat conftest.data`,
> --    AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
> -+    AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
> -+    sepol_policy_version_max="26")
> - AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
> - CFLAGS="${sepol_save_CFLAGS}"
> - CPPFLAGS="${sepol_save_CPPFLAGS}"
> -@@ -631,7 +635,7 @@
> -     changequote([,])dnl
> -     selinux_save_CFLAGS="${CFLAGS}"
> -     CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
> --    gcc ${CFLAGS} -o conftest conftest.c >&5
> -+    ${CC} ${CFLAGS} -o conftest conftest.c >&5
> -     selinux_policy_dir=`./conftest`
> -     AC_MSG_RESULT(${selinux_policy_dir})
> -     CFLAGS="${selinux_save_CFLAGS}"
> -diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
> ---- a/libqpol/src/policy_define.c      2013-01-16 10:36:24.000000000 -0600
> -+++ b/libqpol/src/policy_define.c      2013-07-12 08:22:10.380255248 -0500
> -@@ -2135,7 +2135,7 @@
> - #ifdef HAVE_SEPOL_ROLE_ATTRS
> -       if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
> - #elif HAVE_SEPOL_USER_ROLE_MAPPING
> --      if (role_set_expand(&roles, &e_roles, policydbp, NULL))
> -+      if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
> - #else
> -       if (role_set_expand(&roles, &e_roles, policydbp))
> - #endif
> -diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
> ---- a/m4/ac_python_devel.m4    2013-01-16 10:36:22.000000000 -0600
> -+++ b/m4/ac_python_devel.m4    2013-07-12 08:22:10.380255248 -0500
> -@@ -234,7 +234,7 @@
> -       AC_MSG_CHECKING([consistency of all components of python development environment])
> -       AC_LANG_PUSH([C])
> -       # save current global flags
> --      LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
> -+      LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
> -       CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
> -       AC_TRY_LINK([
> -               #include <Python.h>
> -diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
> ---- a/python/setools/Makefile.am       2013-01-16 10:36:22.000000000 -0600
> -+++ b/python/setools/Makefile.am       2013-07-12 08:22:19.200251011 -0500
> -@@ -22,13 +22,13 @@
> - python-build: sesearch.c seinfo.c
> -       @mkdir -p setools
> -       @cp __init__.py setools
> --      LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
> -+      LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
> -
> - install-exec-hook:
> --      $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
> -+      $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
> -
> - uninstall-hook:
> --      $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
> -+      $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
> -
> - clean-local:
> -       $(PYTHON) setup.py clean -a
> ---- a/python/setools/setup.py  2013-01-16 10:36:22.000000000 -0600
> -+++ b/python/setools/setup.py  2013-09-04 09:17:48.452916991 -0500
> -@@ -8,7 +8,7 @@
> - try:
> -     inc=os.getenv("INCLUDES").split(" ")
> -     INCLUDES=map(lambda x: x[2:], inc)
> --    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
> -+    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
> - except:
> -     INCLUDES=""
> -     LIBDIRS=""
> diff --git a/package/setools/0001-remove-werror-flag-from-setup.patch b/package/setools/0001-remove-werror-flag-from-setup.patch
> new file mode 100644
> index 0000000000..b1446e2ec3
> --- /dev/null
> +++ b/package/setools/0001-remove-werror-flag-from-setup.patch
> @@ -0,0 +1,29 @@
> +From b2fe84bfd00117d4897f1f2e8f83d3410eb188b8 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <Adamduskett@outlook.com>
> +Date: Thu, 12 Oct 2017 22:04:58 -0400
> +Subject: [PATCH] remove werror flag from setup
> +
> +Compilers older than gcc6 will generate uninitialized variable warnings which
> +will cause compiling to fail.
> +
> +Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
> +---
> + setup.py | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/setup.py b/setup.py
> +index 2ca44c9..9319bf6 100644
> +--- a/setup.py
> ++++ b/setup.py
> +@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
> +                           'libqpol/policy_scan.c',
> +                           'libqpol/xen_query.c'],
> +                          include_dirs=include_dirs,
> +-                         extra_compile_args=['-Werror', '-Wextra',
> ++                         extra_compile_args=['-Wextra',
> +                                              '-Waggregate-return',
> +                                              '-Wfloat-equal',
> +                                              '-Wformat', '-Wformat=2',
> +--
> +2.13.6
> +
> diff --git a/package/setools/0002-move-python-check.patch b/package/setools/0002-move-python-check.patch
> deleted file mode 100644
> index cef2cec996..0000000000
> --- a/package/setools/0002-move-python-check.patch
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -Correct a build issue that occurs when python is not found
> -in the path. This check should only be done if swig-python
> -option is selected.
> -
> -Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
> -
> ---- a/configure.ac     2015-05-15 12:28:07.566060349 -0500
> -+++ b/configure.ac     2015-05-28 15:07:25.357072800 -0500
> -@@ -217,8 +217,6 @@
> -    do_swigify=yes
> - fi
> -
> --AM_PATH_PYTHON(2.7)
> --
> - AC_ARG_ENABLE(swig-python,
> -               AC_HELP_STRING([--enable-swig-python],
> -                              [build SWIG interfaces for Python]),
> -@@ -227,6 +225,7 @@
> -    if test ${do_swigify} = no; then
> -       AC_PROG_SWIG(2.0.0)
> -    fi
> -+   AM_PATH_PYTHON(2.7)
> -    SWIG_PYTHON
> -    do_swigify_python=yes
> -    do_swigify=yes
> diff --git a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch b/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
> deleted file mode 100644
> index b0842d961a..0000000000
> --- a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
> +++ /dev/null
> @@ -1,90 +0,0 @@
> -setools: Add patch to support 2.4 toolstack.
> -Signed-off-by: Philip Tricca <flihp@twobit.us>
> -Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
> -URL: https://github.com/flihp/meta-selinux/commit/e09eaef7a9acb552a4a5e1f90117154ae06b6fda
> -
> -Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> -
> -diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
> -index fad6b60..231962f 100644
> ---- a/libqpol/src/policy_define.c
> -+++ b/libqpol/src/policy_define.c
> -@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
> -                               return -1;
> -                       }
> -                       class_perm_node_init(perm);
> --                      perm->class = i + 1;
> -+                      perm->tclass = i + 1;
> -                       perm->data = datum->s.value;
> -                       perm->next = avrule->perms;
> -                       avrule->perms = perm;
> -@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
> -                       goto out;
> -               }
> -               class_perm_node_init(cur_perms);
> --              cur_perms->class = i + 1;
> -+              cur_perms->tclass = i + 1;
> -               if (!perms)
> -                       perms = cur_perms;
> -               if (tail)
> -diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
> -index 5325a87..1417271 100644
> ---- a/libqpol/src/policy_extend.c
> -+++ b/libqpol/src/policy_extend.c
> -@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> -                       for (class_node = rule->perms; class_node; class_node = class_node->next) {
> -                               key.rule_type = rule->specified;
> -                               key.source_val = key.target_val = i + 1;
> --                              key.class_val = class_node->class;
> -+                              key.class_val = class_node->tclass;
> -                               key.cond = cond;
> -                               if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> -                                       goto err;
> -@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
> -                               key.rule_type = rule->specified;
> -                               key.source_val = i + 1;
> -                               key.target_val = j + 1;
> --                              key.class_val = class_node->class;
> -+                              key.class_val = class_node->tclass;
> -                               key.cond = cond;
> -                               if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
> -                                       goto err;
> -diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
> -index 3e63204..d7578f1 100644
> ---- a/libqpol/src/syn_rule_query.c
> -+++ b/libqpol/src/syn_rule_query.c
> -@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
> -               return NULL;
> -       }
> -
> --      return db->class_val_to_struct[srcs->cur->class - 1];
> -+      return db->class_val_to_struct[srcs->cur->tclass - 1];
> - }
> -
> - static int syn_rule_class_state_next(qpol_iterator_t * iter)
> -@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
> -       }
> -
> -       for (node = internal_rule->perms; node; node = node->next) {
> --              for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
> -+              for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
> -                       if (!(node->data & (1 << i)))
> -                               continue;
> --                      tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
> -+                      tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
> -                       if (tmp) {
> -                               tmp++; /* remove prepended space */
> -                               for (cur = 0; cur < perm_list_sz; cur++)
> -diff --git a/secmds/replcon.cc b/secmds/replcon.cc
> -index 34f7c1a..307c39f 100644
> ---- a/secmds/replcon.cc
> -+++ b/secmds/replcon.cc
> -@@ -60,7 +60,7 @@ static struct option const longopts[] = {
> -       {NULL, 0, NULL, 0}
> - };
> -
> --extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
> -+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
> -
> - /**
> -  * As that setools must work with older libselinux versions that may
> diff --git a/package/setools/Config.in b/package/setools/Config.in
> index d7b119ffc6..193a7fb03e 100644
> --- a/package/setools/Config.in
> +++ b/package/setools/Config.in
> @@ -1,36 +1,25 @@
>  config BR2_PACKAGE_SETOOLS
>         bool "setools"
> -       depends on BR2_TOOLCHAIN_HAS_THREADS
> +       depends on !BR2_arc # arc: libselinux not available
>         depends on !BR2_STATIC_LIBS
> -       depends on BR2_INSTALL_LIBSTDCPP
> +       depends on BR2_TOOLCHAIN_HAS_THREADS
>         depends on BR2_USE_WCHAR
>         depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
> -       # bfin: infamous _ symbol prefix issue
> -       # nios2: triggers some toolchain issue "No symbol version
> -       # section for versioned symbol"
> -       # arc: libselinux not available
> -       depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
> +       depends on BR2_USE_MMU
> +       select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
>         select BR2_PACKAGE_LIBSELINUX
> -       select BR2_PACKAGE_SQLITE
> -       select BR2_PACKAGE_LIBXML2
> -       select BR2_PACKAGE_BZIP2
>         help
>           SETools is an open source project designed to facilitate
>           SELinux policy analysis. The primary tools are:
> -          * apol - analyze a SELinux policy.
> -          * seaudit - analyze audit messages from SELinux.
> -          * seaudit-report - generate highly-customized audit log
> -            reports.
> -          * sechecker - command line tool for performing modular
> -            checks on an SELinux policy.
> +          * apol - analyze a SELinux policy. (requires python-qt5)
>            * sediff - semantic policy difference tool for SELinux.
> -          * secmds - command-line tools to analyze and search SELinux
> -            policy.
> +          * sedta - Perform domain transition analyses
> +          * sesearch - Search rules (allow, type_transition, etc.)
>
> -         https://github.com/TresysTechnology/setools3/wiki
> +         https://github.com/TresysTechnology/setools
>
>  comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
> -       depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
> -               || !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP \
> -               || !BR2_TOOLCHAIN_USES_GLIBC
> -       depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
> +       depends on BR2_USE_MMU && !BR2_arc
> +       depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
> +               !BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
> +               !BR2_INSTALL_LIBSTDCPP
> diff --git a/package/setools/setools.hash b/package/setools/setools.hash
> index d422e6607b..8729297064 100644
> --- a/package/setools/setools.hash
> +++ b/package/setools/setools.hash
> @@ -1,4 +1,7 @@
>  # From https://github.com/TresysTechnology/setools3/wiki/Download
> -md5    d68d0d4e4da0f01da0f208782ff04b91        setools-3.3.8.tar.bz2
> +md5    d68d0d4e4da0f01da0f208782ff04b91        setools-4.1.1.tar.bz2
>  # Locally computed
> -sha256 44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999        setools-3.3.8.tar.bz2
> +sha256 46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610 setools-4.1.1.tar.gz
> +sha256  2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
> +sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
> +sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
> diff --git a/package/setools/setools.mk b/package/setools/setools.mk
> index d2e9f05998..41c9205668 100644
> --- a/package/setools/setools.mk
> +++ b/package/setools/setools.mk
> @@ -4,81 +4,44 @@
>  #
>  ################################################################################
>
> -SETOOLS_VERSION = 3.3.8
> -SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
> -SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)
> -SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2 host-bison host-flex
> +SETOOLS_VERSION = 4.1.1
> +SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
> +SETOOLS_DEPENDENCIES = libselinux libsepol host-bison host-flex host-swig
>  SETOOLS_INSTALL_STAGING = YES
>  SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
>  SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
> -
> -# configure.ac is patched by the cross compile patch,
> -# so autoreconf is necessary
> -SETOOLS_AUTORECONF = YES
> -
> -# Notes: Need "disable-selinux-check" so the configure does not check to see
> -#        if host has selinux enabled.
> -#        No python support as only the libraries and commandline tools are
> -#        installed on target
> -SETOOLS_CONF_OPTS = \
> -       --disable-debug \
> -       --disable-gui \
> -       --disable-bwidget-check \
> -       --disable-selinux-check \
> -       --disable-swig-java \
> -       --disable-swig-python \
> -       --disable-swig-tcl \
> -       --with-sepol-devel="$(STAGING_DIR)/usr" \
> -       --with-selinux-devel="$(STAGING_DIR)/usr"
> -
> -ifeq ($(BR2_sparc64):$(BR2_STATIC_LIBS),y:)
> -SETOOLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -fPIC"
> -endif
> -
> -HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
> -       host-libxml2 host-bzip2 host-bison
> +SETOOLS_SETUP_TYPE = setuptools
>
>  ifeq ($(BR2_PACKAGE_PYTHON3),y)
> -HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
> -HOST_SETOOLS_DEPENDENCIES += host-python3
> -HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
> +SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
>  else
> -HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
> -HOST_SETOOLS_DEPENDENCIES += host-python
> -HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
> +SETOOLS_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
>  endif
>
> -HOST_SETOOLS_PYTHON_SITE_PACKAGES = $(HOST_DIR)/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages
> -HOST_SETOOLS_PYTHON_INCLUDES = $(HOST_DIR)/include/python$(HOST_SETOOLS_PYTHON_VERSION)
> -HOST_SETOOLS_PYTHON_LIB = -lpython$(HOST_SETOOLS_PYTHON_VERSION)
> -
> -# Notes: Need "disable-selinux-check" so the configure does not check to see
> -#        if host has selinux enabled.
> -#        Host builds with python support to enable tools for offline target
> -#        policy analysis
> -HOST_SETOOLS_CONF_OPTS = \
> -       --disable-debug \
> -       --disable-gui \
> -       --disable-bwidget-check \
> -       --disable-selinux-check \
> -       --disable-swig-java \
> -       --disable-swig-python \
> -       --disable-swig-tcl \
> -       --with-sepol-devel="$(HOST_DIR)" \
> -       --with-selinux-devel="$(HOST_DIR)" \
> -       PYTHON_LDFLAGS="-L$(HOST_DIR)/lib/" \
> -       PYTHON_CPPFLAGS="-I$(HOST_SETOOLS_PYTHON_INCLUDES)" \
> -       PYTHON_SITE_PKG="$(HOST_SETOOLS_PYTHON_SITE_PACKAGES)" \
> -       PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil $(HOST_SETOOLS_PYTHON_LIB)"
> -
> -HOST_SETOOLS_CONF_ENV += \
> -       am_cv_pathless_PYTHON=python \
> -       ac_cv_path_PYTHON=$(HOST_DIR)/bin/python \
> -       am_cv_python_platform=linux2 \
> -       am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
> -       am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> -       am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
> -       am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
> +define SETOOLS_FIX_SETUP
> +       # By default, setup.py will look for libsepol.a in the host directory.  This
> +       # needs to be changed to the staging directory.
> +       $(SED) "s@base_lib_dirs =.*@base_lib_dirs = ['$(STAGING_DIR)/usr/lib']@g" \
> +               $(@D)/setup.py
> +endef
> +SETOOLS_POST_PATCH_HOOKS += SETOOLS_FIX_SETUP

Need a host variant of this fixup

> +
> +# sedta and seinfoflow depends on python-networkx. This package is not
> +# available in buildroot.
> +define SETOOLS_REMOVE_BROKEN_SCRIPTS
> +       $(RM) $(TARGET_DIR)/usr/bin/sedta
> +       $(RM) $(TARGET_DIR)/usr/bin/seinfoflow
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += REMOVE_BROKEN_SCRIPTS
> +
> +# apol requires pyqt5, but is installed by default.  Remove these scripts from
> +# the target it pyqt5 is not selected.
> +ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
> +define SETOOLS_REMOVE_QT_SCRIPTS
> +       $(RM) $(TARGET_DIR)/usr/bin/apol
> +       rmdir --ignore-fail-on-non-empty $(TARGET_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
> +endef
> +SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
> +endif
>
> -$(eval $(autotools-package))
> -$(eval $(host-autotools-package))
> +$(eval $(python-package))

There is a host-setools dependency which needs  a host target here.

Thanks for the update!
-Matt

Patch

diff --git a/package/libsepol/0001-support-static-only.patch b/package/libsepol/0001-support-static-only.patch
index 3e6d555e96..185a5641de 100644
--- a/package/libsepol/0001-support-static-only.patch
+++ b/package/libsepol/0001-support-static-only.patch
@@ -1,4 +1,7 @@ 
-Add support for static-only build
+From 2140db697c7f1da2a0a3f7bbcb14c1a0dade84e5 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:28:12 -0400
+Subject: [PATCH] Add support for static-only build
 
 Instead of unconditionally building shared libraries, this patch
 improves the libsepol build system with a "STATIC" variable, which
@@ -7,30 +10,30 @@  libraries. It allows to support cases where the target architecture
 does not have support for shared libraries.
 
 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-Index: b/src/Makefile
-===================================================================
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ src/Makefile | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index db6c2ba..0006285 100644
+index 819d261..040921d 100644
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
- override CFLAGS += -I$(CILDIR)/include
+@@ -40,7 +40,12 @@ LDFLAGS += -undefined dynamic_lookup
+ LN=gln
  endif
  
+-all: $(LIBA) $(LIBSO) $(LIBPC)
 +ALL_TARGETS = $(LIBA) $(LIBPC)
 +ifeq ($(STATIC),)
 +ALL_TARGETS += $(LIBSO)
 +endif
-
--all: $(LIBA) $(LIBSO) $(LIBPC)
++
 +all: $(ALL_TARGETS)
  
-
+ 
  $(LIBA):  $(OBJS)
-@@ -66,11 +70,13 @@
+@@ -82,11 +87,13 @@ endif
  install: all
  	test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
  	install -m 644 $(LIBA) $(LIBDIR)
@@ -41,8 +44,11 @@  index db6c2ba..0006285 100644
 +ifeq ($(STATIC),)
 +	test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
 +	install -m 755 $(LIBSO) $(SHLIBDIR)
- 	ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ 	$(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
 +endif
  
  relabel:
  	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+-- 
+2.13.6
+
diff --git a/package/libsepol/0003-revert-ln-relative.patch b/package/libsepol/0003-revert-ln-relative.patch
index 0902d8d40e..488a9abea0 100644
--- a/package/libsepol/0003-revert-ln-relative.patch
+++ b/package/libsepol/0003-revert-ln-relative.patch
@@ -1,4 +1,7 @@ 
-Makefile: revert libsepol: use ln --relative to create .so symlinks
+From 16b2b0e21e10727065042a1baabd1a887757c65c Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:29:36 -0400
+Subject: [PATCH] Makefile: revert libsepol: use ln --relative to create .so symlinks
 
 This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998
 
@@ -9,16 +12,23 @@  they are maintained (up to 10 years in some cases?).
 For the sake of Buildroot, revert the upstream patch.
 
 Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+---
+ src/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff -durN a/src/Makefile b/src/Makefile
+diff --git a/src/Makefile b/src/Makefile
+index 040921d..e811c9e 100644
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -77,7 +77,7 @@
+@@ -92,7 +92,7 @@ install: all
  ifeq ($(STATIC),)
  	test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
  	install -m 755 $(LIBSO) $(SHLIBDIR)
--	ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+-	$(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
 +	cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
  endif
  
  relabel:
+-- 
+2.13.6
+
diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
index 6c705067a2..08e2bf97a4 100644
--- a/package/libsepol/libsepol.hash
+++ b/package/libsepol/libsepol.hash
@@ -1,2 +1,2 @@ 
-# From https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874  libsepol-2.6.tar.gz
+# From: https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7  libsepol-2.7.tar.gz
diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
index 21ca419c74..c54c3bfc42 100644
--- a/package/libsepol/libsepol.mk
+++ b/package/libsepol/libsepol.mk
@@ -4,8 +4,8 @@ 
 #
 ################################################################################
 
-LIBSEPOL_VERSION = 2.6
-LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
+LIBSEPOL_VERSION = 2.7
+LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
 LIBSEPOL_LICENSE = LGPL-2.1+
 LIBSEPOL_LICENSE_FILES = COPYING
 
diff --git a/package/setools/0001-cross-compile-fixes.patch b/package/setools/0001-cross-compile-fixes.patch
deleted file mode 100644
index 1a4af0ce31..0000000000
--- a/package/setools/0001-cross-compile-fixes.patch
+++ /dev/null
@@ -1,125 +0,0 @@ 
-Correct build issues to enable cross compiling.  These changes require the
-package to be auto reconfigured.
-
-These updates were not upsteamed as the 3.3.x version has stablized and they
-were only taking bug fixes.  Also the 4.0 preview has completely reworked
-the build infrastructure which will require this to be revisited.
-
-Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
-
-diff -urN a/configure.ac b/configure.ac
---- a/configure.ac	2013-01-16 10:36:24.000000000 -0600
-+++ b/configure.ac	2013-07-12 08:22:10.380255248 -0500
-@@ -448,8 +448,9 @@
-               sepol_srcdir="")
- if test "x${sepol_srcdir}" = "x"; then
-    sepol_srcdir=${sepol_devel_libdir}
--   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
--      AC_MSG_ERROR([make sure libsepol-static is installed]))
-+   if test ! -f ${sepol_srcdir}/libsepol.a; then
-+      AC_MSG_ERROR([could not find precompiled libsepol.a])
-+   fi
- else
-    AC_MSG_CHECKING([for compatible sepol source tree])
-    sepol_version=${sepol_srcdir}/VERSION
-@@ -484,8 +485,9 @@
-    AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
-    CFLAGS="${sepol_src_save_CFLAGS}"
-    CPPFLAGS="${sepol_src_save_CPPFLAGS}"
--   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
--      AC_MSG_ERROR([could not find precompiled libsepol.a]))
-+   if test ! -f ${sepol_srcdir}/libsepol.a; then
-+      AC_MSG_ERROR([could not find precompiled libsepol.a])
-+   fi
-    sepol_devel_incdir="${sepol_srcdir}/../include"
- fi
- SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
-@@ -578,12 +580,13 @@
-                          [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
--  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
-+  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
- }])],
-                          AC_MSG_RESULT([yes]),
-                          AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
-     fi
-     sepol_new_expand_boolmap="yes"
-+    sepol_new_user_role_mapping="yes"
- else
-     sepol_new_expand_boolmap="no"
- fi
-@@ -607,7 +610,8 @@
-     exit(EXIT_FAILURE);
- }])],
-     sepol_policy_version_max=`cat conftest.data`,
--    AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
-+    AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
-+    sepol_policy_version_max="26")
- AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
- CFLAGS="${sepol_save_CFLAGS}"
- CPPFLAGS="${sepol_save_CPPFLAGS}"
-@@ -631,7 +635,7 @@
-     changequote([,])dnl
-     selinux_save_CFLAGS="${CFLAGS}"
-     CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
--    gcc ${CFLAGS} -o conftest conftest.c >&5
-+    ${CC} ${CFLAGS} -o conftest conftest.c >&5
-     selinux_policy_dir=`./conftest`
-     AC_MSG_RESULT(${selinux_policy_dir})
-     CFLAGS="${selinux_save_CFLAGS}"
-diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
---- a/libqpol/src/policy_define.c	2013-01-16 10:36:24.000000000 -0600
-+++ b/libqpol/src/policy_define.c	2013-07-12 08:22:10.380255248 -0500
-@@ -2135,7 +2135,7 @@
- #ifdef HAVE_SEPOL_ROLE_ATTRS
- 	if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
- #elif HAVE_SEPOL_USER_ROLE_MAPPING
--	if (role_set_expand(&roles, &e_roles, policydbp, NULL))
-+	if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
- #else
- 	if (role_set_expand(&roles, &e_roles, policydbp))
- #endif
-diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
---- a/m4/ac_python_devel.m4	2013-01-16 10:36:22.000000000 -0600
-+++ b/m4/ac_python_devel.m4	2013-07-12 08:22:10.380255248 -0500
-@@ -234,7 +234,7 @@
- 	AC_MSG_CHECKING([consistency of all components of python development environment])
- 	AC_LANG_PUSH([C])
- 	# save current global flags
--	LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
-+	LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- 	CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- 	AC_TRY_LINK([
- 		#include <Python.h>
-diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
---- a/python/setools/Makefile.am	2013-01-16 10:36:22.000000000 -0600
-+++ b/python/setools/Makefile.am	2013-07-12 08:22:19.200251011 -0500
-@@ -22,13 +22,13 @@
- python-build: sesearch.c seinfo.c
- 	@mkdir -p setools
- 	@cp __init__.py setools
--	LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
-+	LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
- 
- install-exec-hook:
--	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+	$(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
- 
- uninstall-hook: 
--	$(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+	$(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
- 
- clean-local:
- 	$(PYTHON) setup.py clean -a 
---- a/python/setools/setup.py	2013-01-16 10:36:22.000000000 -0600
-+++ b/python/setools/setup.py	2013-09-04 09:17:48.452916991 -0500
-@@ -8,7 +8,7 @@
- try:
-     inc=os.getenv("INCLUDES").split(" ")    
-     INCLUDES=map(lambda x: x[2:], inc)
--    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
-+    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
- except:
-     INCLUDES=""
-     LIBDIRS=""
diff --git a/package/setools/0001-remove-werror-flag-from-setup.patch b/package/setools/0001-remove-werror-flag-from-setup.patch
new file mode 100644
index 0000000000..b1446e2ec3
--- /dev/null
+++ b/package/setools/0001-remove-werror-flag-from-setup.patch
@@ -0,0 +1,29 @@ 
+From b2fe84bfd00117d4897f1f2e8f83d3410eb188b8 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Thu, 12 Oct 2017 22:04:58 -0400
+Subject: [PATCH] remove werror flag from setup
+
+Compilers older than gcc6 will generate uninitialized variable warnings which
+will cause compiling to fail.
+
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 2ca44c9..9319bf6 100644
+--- a/setup.py
++++ b/setup.py
+@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
+                           'libqpol/policy_scan.c',
+                           'libqpol/xen_query.c'],
+                          include_dirs=include_dirs,
+-                         extra_compile_args=['-Werror', '-Wextra',
++                         extra_compile_args=['-Wextra',
+                                              '-Waggregate-return',
+                                              '-Wfloat-equal',
+                                              '-Wformat', '-Wformat=2',
+-- 
+2.13.6
+
diff --git a/package/setools/0002-move-python-check.patch b/package/setools/0002-move-python-check.patch
deleted file mode 100644
index cef2cec996..0000000000
--- a/package/setools/0002-move-python-check.patch
+++ /dev/null
@@ -1,25 +0,0 @@ 
-Correct a build issue that occurs when python is not found
-in the path. This check should only be done if swig-python
-option is selected.
-
-Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
-
---- a/configure.ac	2015-05-15 12:28:07.566060349 -0500
-+++ b/configure.ac	2015-05-28 15:07:25.357072800 -0500
-@@ -217,8 +217,6 @@
-    do_swigify=yes
- fi
- 
--AM_PATH_PYTHON(2.7)
--
- AC_ARG_ENABLE(swig-python,
-               AC_HELP_STRING([--enable-swig-python],
-                              [build SWIG interfaces for Python]),
-@@ -227,6 +225,7 @@
-    if test ${do_swigify} = no; then
-       AC_PROG_SWIG(2.0.0)
-    fi
-+   AM_PATH_PYTHON(2.7)
-    SWIG_PYTHON
-    do_swigify_python=yes
-    do_swigify=yes
diff --git a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch b/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
deleted file mode 100644
index b0842d961a..0000000000
--- a/package/setools/0003-setools-Update-for-2015-02-02-Userspace-release.patch
+++ /dev/null
@@ -1,90 +0,0 @@ 
-setools: Add patch to support 2.4 toolstack.
-Signed-off-by: Philip Tricca <flihp@twobit.us>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-URL: https://github.com/flihp/meta-selinux/commit/e09eaef7a9acb552a4a5e1f90117154ae06b6fda
-
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
-index fad6b60..231962f 100644
---- a/libqpol/src/policy_define.c
-+++ b/libqpol/src/policy_define.c
-@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
- 				return -1;
- 			}
- 			class_perm_node_init(perm);
--			perm->class = i + 1;
-+			perm->tclass = i + 1;
- 			perm->data = datum->s.value;
- 			perm->next = avrule->perms;
- 			avrule->perms = perm;
-@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
- 			goto out;
- 		}
- 		class_perm_node_init(cur_perms);
--		cur_perms->class = i + 1;
-+		cur_perms->tclass = i + 1;
- 		if (!perms)
- 			perms = cur_perms;
- 		if (tail)
-diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
-index 5325a87..1417271 100644
---- a/libqpol/src/policy_extend.c
-+++ b/libqpol/src/policy_extend.c
-@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- 			for (class_node = rule->perms; class_node; class_node = class_node->next) {
- 				key.rule_type = rule->specified;
- 				key.source_val = key.target_val = i + 1;
--				key.class_val = class_node->class;
-+				key.class_val = class_node->tclass;
- 				key.cond = cond;
- 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- 					goto err;
-@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- 				key.rule_type = rule->specified;
- 				key.source_val = i + 1;
- 				key.target_val = j + 1;
--				key.class_val = class_node->class;
-+				key.class_val = class_node->tclass;
- 				key.cond = cond;
- 				if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- 					goto err;
-diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
-index 3e63204..d7578f1 100644
---- a/libqpol/src/syn_rule_query.c
-+++ b/libqpol/src/syn_rule_query.c
-@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
- 		return NULL;
- 	}
-
--	return db->class_val_to_struct[srcs->cur->class - 1];
-+	return db->class_val_to_struct[srcs->cur->tclass - 1];
- }
-
- static int syn_rule_class_state_next(qpol_iterator_t * iter)
-@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
- 	}
-
- 	for (node = internal_rule->perms; node; node = node->next) {
--		for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
-+		for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
- 			if (!(node->data & (1 << i)))
- 				continue;
--			tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
-+			tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
- 			if (tmp) {
- 				tmp++; /* remove prepended space */
- 				for (cur = 0; cur < perm_list_sz; cur++)
-diff --git a/secmds/replcon.cc b/secmds/replcon.cc
-index 34f7c1a..307c39f 100644
---- a/secmds/replcon.cc
-+++ b/secmds/replcon.cc
-@@ -60,7 +60,7 @@ static struct option const longopts[] = {
- 	{NULL, 0, NULL, 0}
- };
-
--extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
-+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
-
- /**
-  * As that setools must work with older libselinux versions that may
diff --git a/package/setools/Config.in b/package/setools/Config.in
index d7b119ffc6..193a7fb03e 100644
--- a/package/setools/Config.in
+++ b/package/setools/Config.in
@@ -1,36 +1,25 @@ 
 config BR2_PACKAGE_SETOOLS
 	bool "setools"
-	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_arc # arc: libselinux not available
 	depends on !BR2_STATIC_LIBS
-	depends on BR2_INSTALL_LIBSTDCPP
+	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_USE_WCHAR
 	depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
-	# bfin: infamous _ symbol prefix issue
-	# nios2: triggers some toolchain issue "No symbol version
-	# section for versioned symbol"
-	# arc: libselinux not available
-	depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
+	depends on BR2_USE_MMU
+	select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
 	select BR2_PACKAGE_LIBSELINUX
-	select BR2_PACKAGE_SQLITE
-	select BR2_PACKAGE_LIBXML2
-	select BR2_PACKAGE_BZIP2
 	help
 	  SETools is an open source project designed to facilitate
 	  SELinux policy analysis. The primary tools are:
-	   * apol - analyze a SELinux policy.
-	   * seaudit - analyze audit messages from SELinux.
-	   * seaudit-report - generate highly-customized audit log
-	     reports.
-	   * sechecker - command line tool for performing modular
-	     checks on an SELinux policy.
+	   * apol - analyze a SELinux policy. (requires python-qt5)
 	   * sediff - semantic policy difference tool for SELinux.
-	   * secmds - command-line tools to analyze and search SELinux
-	     policy.
+	   * sedta - Perform domain transition analyses
+	   * sesearch - Search rules (allow, type_transition, etc.)
 
-	  https://github.com/TresysTechnology/setools3/wiki
+	  https://github.com/TresysTechnology/setools
 
 comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
-	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
-		|| !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP \
-		|| !BR2_TOOLCHAIN_USES_GLIBC
-	depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
+	depends on BR2_USE_MMU && !BR2_arc
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
+		!BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
+		!BR2_INSTALL_LIBSTDCPP
diff --git a/package/setools/setools.hash b/package/setools/setools.hash
index d422e6607b..8729297064 100644
--- a/package/setools/setools.hash
+++ b/package/setools/setools.hash
@@ -1,4 +1,7 @@ 
 # From https://github.com/TresysTechnology/setools3/wiki/Download
-md5	d68d0d4e4da0f01da0f208782ff04b91	setools-3.3.8.tar.bz2
+md5	d68d0d4e4da0f01da0f208782ff04b91	setools-4.1.1.tar.bz2
 # Locally computed
-sha256	44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999	setools-3.3.8.tar.bz2
+sha256	46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610 setools-4.1.1.tar.gz
+sha256  2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
+sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
diff --git a/package/setools/setools.mk b/package/setools/setools.mk
index d2e9f05998..41c9205668 100644
--- a/package/setools/setools.mk
+++ b/package/setools/setools.mk
@@ -4,81 +4,44 @@ 
 #
 ################################################################################
 
-SETOOLS_VERSION = 3.3.8
-SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
-SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)
-SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2 host-bison host-flex
+SETOOLS_VERSION = 4.1.1
+SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
+SETOOLS_DEPENDENCIES = libselinux libsepol host-bison host-flex host-swig
 SETOOLS_INSTALL_STAGING = YES
 SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
 SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
-
-# configure.ac is patched by the cross compile patch,
-# so autoreconf is necessary
-SETOOLS_AUTORECONF = YES
-
-# Notes: Need "disable-selinux-check" so the configure does not check to see
-#        if host has selinux enabled.
-#        No python support as only the libraries and commandline tools are
-#        installed on target
-SETOOLS_CONF_OPTS = \
-	--disable-debug \
-	--disable-gui \
-	--disable-bwidget-check \
-	--disable-selinux-check \
-	--disable-swig-java \
-	--disable-swig-python \
-	--disable-swig-tcl \
-	--with-sepol-devel="$(STAGING_DIR)/usr" \
-	--with-selinux-devel="$(STAGING_DIR)/usr"
-
-ifeq ($(BR2_sparc64):$(BR2_STATIC_LIBS),y:)
-SETOOLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -fPIC"
-endif
-
-HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
-	host-libxml2 host-bzip2 host-bison
+SETOOLS_SETUP_TYPE = setuptools
 
 ifeq ($(BR2_PACKAGE_PYTHON3),y)
-HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
-HOST_SETOOLS_DEPENDENCIES += host-python3
-HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
+SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
 else
-HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
-HOST_SETOOLS_DEPENDENCIES += host-python
-HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
+SETOOLS_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
 endif
 
-HOST_SETOOLS_PYTHON_SITE_PACKAGES = $(HOST_DIR)/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages
-HOST_SETOOLS_PYTHON_INCLUDES = $(HOST_DIR)/include/python$(HOST_SETOOLS_PYTHON_VERSION)
-HOST_SETOOLS_PYTHON_LIB = -lpython$(HOST_SETOOLS_PYTHON_VERSION)
-
-# Notes: Need "disable-selinux-check" so the configure does not check to see
-#        if host has selinux enabled.
-#        Host builds with python support to enable tools for offline target
-#        policy analysis
-HOST_SETOOLS_CONF_OPTS = \
-	--disable-debug \
-	--disable-gui \
-	--disable-bwidget-check \
-	--disable-selinux-check \
-	--disable-swig-java \
-	--disable-swig-python \
-	--disable-swig-tcl \
-	--with-sepol-devel="$(HOST_DIR)" \
-	--with-selinux-devel="$(HOST_DIR)" \
-	PYTHON_LDFLAGS="-L$(HOST_DIR)/lib/" \
-	PYTHON_CPPFLAGS="-I$(HOST_SETOOLS_PYTHON_INCLUDES)" \
-	PYTHON_SITE_PKG="$(HOST_SETOOLS_PYTHON_SITE_PACKAGES)" \
-	PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil $(HOST_SETOOLS_PYTHON_LIB)"
-
-HOST_SETOOLS_CONF_ENV += \
-	am_cv_pathless_PYTHON=python \
-	ac_cv_path_PYTHON=$(HOST_DIR)/bin/python \
-	am_cv_python_platform=linux2 \
-	am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
-	am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
-	am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
-	am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
+define SETOOLS_FIX_SETUP
+	# By default, setup.py will look for libsepol.a in the host directory.  This
+	# needs to be changed to the staging directory.
+	$(SED) "s@base_lib_dirs =.*@base_lib_dirs = ['$(STAGING_DIR)/usr/lib']@g" \
+		$(@D)/setup.py
+endef
+SETOOLS_POST_PATCH_HOOKS += SETOOLS_FIX_SETUP
+
+# sedta and seinfoflow depends on python-networkx. This package is not
+# available in buildroot.
+define SETOOLS_REMOVE_BROKEN_SCRIPTS
+	$(RM) $(TARGET_DIR)/usr/bin/sedta
+	$(RM) $(TARGET_DIR)/usr/bin/seinfoflow
+endef
+SETOOLS_POST_INSTALL_TARGET_HOOKS += REMOVE_BROKEN_SCRIPTS
+
+# apol requires pyqt5, but is installed by default.  Remove these scripts from
+# the target it pyqt5 is not selected.
+ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
+define SETOOLS_REMOVE_QT_SCRIPTS
+	$(RM) $(TARGET_DIR)/usr/bin/apol
+	rmdir --ignore-fail-on-non-empty $(TARGET_DIR)/usr/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
+endef
+SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
+endif
 
-$(eval $(autotools-package))
-$(eval $(host-autotools-package))
+$(eval $(python-package))