File 6313ae4c2b475e1b73fd272434089cfc4631e14d.patch of Package google-authenticator-libpam

commit 6313ae4c2b475e1b73fd272434089cfc4631e14d
Author: Thomas Habets <habets@google.com>
Date:   Mon Nov 10 17:57:39 2025 +0000

    SELinux: fix build when SELinux is not present

diff --git a/Makefile.am b/Makefile.am
index 911d146..db3412e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -31,7 +31,7 @@ pam_google_authenticator_la_SOURCES = \
 	src/pam_google_authenticator.c \
 	$(CORE_SRC)
 pam_google_authenticator_la_LIBADD  = -lpam
-pam_google_authenticator_la_CFLAGS  = $(AM_CFLAGS)
+pam_google_authenticator_la_CFLAGS  = $(AM_CFLAGS) $(SELINUX_CFLAGS)
 pam_google_authenticator_la_LDFLAGS = $(AM_LDFLAGS) $(MODULES_LDFLAGS) -export-symbols-regex "pam_sm_(setcred|open_session|authenticate)"
 
 
diff --git a/configure.ac b/configure.ac
index e4b2839..e3bce7b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -17,7 +17,11 @@ LT_INIT
 AC_PROG_CC
 AC_PROG_CC_STDC
 
-AC_CHECK_HEADERS([sys/fsuid.h])
+AC_CHECK_HEADERS([
+        sys/fsuid.h
+        selinux/selinux.h
+        selinux/context.h
+])
 AC_CHECK_FUNCS([ \
 	explicit_bzero \
 	setfsuid \
@@ -84,7 +88,6 @@ have_selinux=no
 if test "x$enable_selinux" != "xno"; then
     PKG_CHECK_MODULES([SELINUX], [libselinux], [
         have_selinux=yes
-        SELINUX_LIBS="-lselinux"
         AC_DEFINE([HAVE_SELINUX], [1], [Define if SELinux is available])
     ], [
         if test "x$enable_selinux" = "xyes"; then
@@ -94,6 +97,7 @@ if test "x$enable_selinux" != "xno"; then
     ])
 fi
 
+AC_SUBST([SELINUX_CFLAGS])
 AC_SUBST([SELINUX_LIBS])
 AM_CONDITIONAL([HAVE_SELINUX], [test "x$have_selinux" = "xyes"])
 
@@ -110,4 +114,6 @@ echo "
   Debug Build....: $debug
   C Compiler.....: $CC $CFLAGS $CPPFLAGS
   Linker.........: $LD $LDFLAGS $LIBS
+  SELinux CFlags.: $SELINUX_CFLAGS
+  SELinux libs...: $SELINUX_LIBS
 "
diff --git a/src/pam_google_authenticator.c b/src/pam_google_authenticator.c
index c9fa68a..d37374b 100644
--- a/src/pam_google_authenticator.c
+++ b/src/pam_google_authenticator.c
@@ -30,8 +30,14 @@
 #include <time.h>
 #include <unistd.h>
 
+#ifdef HAVE_SELINUX
+#ifdef HAVE_SELINUX_SELINUX_H
 #include <selinux/selinux.h>
+#endif
+#ifdef HAVE_SELINUX_CONTEXT_H
 #include <selinux/context.h>
+#endif
+#endif
 
 #ifdef HAVE_SYS_FSUID_H
 // We much rather prefer to use setfsuid(), but this function is unfortunately
@@ -579,8 +585,9 @@ full_write(int fd, const char* buf, size_t len) {
 }
 
 static int set_selinux_context(int fd) {
-  char *old_context = NULL;
   int err = 0;
+#ifdef HAVE_SELINUX
+  char *old_context = NULL;
 
   // skip if SELinux is not enabled
   if (!is_selinux_enabled()) {
@@ -624,7 +631,7 @@ cleanup:
   if (old_context) {
     freecon(old_context);
   }
-
+#endif
   return err;
 }