package/libselinux: allow pip to use system-provided packages

Since the bump of pip to version 25.3 in commit
285097051d4a7dd821f01d15c705867f7e26c635, the build of the Python
bindings of libselinux is broken for both the host and target
variants.

For the host variant, because "pip install" no longer finds the
system-provided setuptools and tries to download setuptools by itself,
causing build issues because our host-python doesn't have SSL support:

  Could not fetch URL https://pypi.org/simple/setuptools/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/setuptools/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping

For the target variant, because "pip install" no longer finds the
sysconfigdata package:

  ModuleNotFoundError: No module named '_sysconfigdata__linux_sparc64-linux-gnu'
  [end of output]

We fix this by taking a patch from Debian, which is slightly tweaked
to also cover our host package (the original Debian patch was passing
--no-build-isolation only when DESTDIR was not empty, but in Buildroot
host packages are built with DESTDIR empty, and we do need
--no-build-isolation).

Fixes:

  https://autobuild.buildroot.net/results/0e9de0c0d8b6ec57eea9f8834f02076b296ba4f1/ (host-libselinux)
  https://autobuild.buildroot.org/results/1b87c659f1901b0bf33fa4a2ff0ed40b13114bba/ (libselinux)

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Co-Authored-By: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/libselinux/0003-libselinux-src-Makefile-build-python-module-without-.patch

@@ -0,0 +1,51 @@
+From 8cfe4535f23a7768ee5efa615d11563a8404777c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Mon, 27 Oct 2025 22:40:59 +0100
+Subject: [PATCH] libselinux/src/Makefile: build python module without
+ isolation
+
+The "pip install" logic in libselinux/src/Makefile tries to get
+setuptools from the network, which is not correct as during the
+build/installation, there shouldn't be any network access, or
+downloading of arbitrary resources from the network.
+
+This causes build issues in Debian:
+
+  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121121
+
+And in Buildroot:
+
+  https://autobuild.buildroot.net/results/0e9/0e9de0c0d8b6ec57eea9f8834f02076b296ba4f1/build-end.log
+
+To fix this, we use the --no-build-isolation pip install argument so
+that pip install is allowed to use the system-provided setuptools,
+instead of wanting to download this one.
+
+This patch is derived from
+https://sources.debian.org/src/libselinux/3.9-4/debian/patches/Build-python-module-without-isolation-Closes-1119155.patch,
+with the change that --no-build-isolation is passed unconditionally,
+regardless of whether $(DESTDIR) is empty or not.
+
+Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+Upstream: https://lore.kernel.org/selinux/20251227143911.1630813-1-thomas.petazzoni@bootlin.com/
+---
+ libselinux/src/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index e9141bb9..9bc10606 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -197,7 +197,7 @@ ifneq ($(DISABLE_SHARED),y)
+ endif
+ 
+ install-pywrap: pywrap
+-	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
++	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --no-build-isolation --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
+ 	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
+ 	ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux*.so $(DESTDIR)$(PYTHONLIBDIR)/
+ 
+-- 
+2.52.0
+

package/libselinux/libselinux.mk

@@ -35,8 +35,12 @@ LIBSELINUX_DEPENDENCIES += \
 	python3 \
 	python-setuptools \
 	host-python-pip \
+	host-python-setuptools \
 	host-swig
 
+LIBSELINUX_MAKE_ENV += \
+	$(PKG_PYTHON_SETUPTOOLS_ENV)
+
 LIBSELINUX_MAKE_OPTS += \
 	$(PKG_PYTHON_SETUPTOOLS_ENV) \
 	PYTHON=python$(PYTHON3_VERSION_MAJOR)