diff options
| author |   Jason Zaman <perfinion@gentoo.org> | 2016-02-13 15:51:14 +0800 |
|---|---|---|
| committer | Jason Zaman <perfinion@gentoo.org> | 2016-02-13 15:54:50 +0800 |
| commit | 0333142e5f15118238f4557c5dbbc495fc29bc57 (patch) | |
| tree | 57c12af84f451bf7e6159aafc84234e37ab27b2b /sec-policy/selinux-base-policy | |
| parent | app-editors/emacs: Stable for HPPA (bug #573490). (diff) | |
| download | gentoo-0333142e5f15118238f4557c5dbbc495fc29bc57.tar.gz gentoo-0333142e5f15118238f4557c5dbbc495fc29bc57.tar.bz2 gentoo-0333142e5f15118238f4557c5dbbc495fc29bc57.zip | |
sec-policy: Release of SELinux policies 2.20151208-r2
Package-Manager: portage-2.2.26
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 1 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20151208-r2.ebuild | 143 |
2 files changed, 144 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 4fe3ce038442..ee80cd94f5a1 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -9,5 +9,6 @@ DIST patchbundle-selinux-base-policy-2.20141203-r7.tar.bz2 295833 SHA256 ba2219b DIST patchbundle-selinux-base-policy-2.20141203-r8.tar.bz2 297919 SHA256 77539eb3d78105f8789cd8205d2698bd27e2abf100163bdd162cda860fd15120 SHA512 2f8a19e1e4bb65f32b480275f49099aed3ae9df543c7de862b3bbd93e81b89cd96dadac3d091e28673d09a6885db8c5656b3a77d0080775c110b04f2753de7a6 WHIRLPOOL 79cb7e620eb8e838192dc557c7a9ce7e713227d783cc8b63792825559b2145cad70d0af6f99948c1527557bc363feffd846c73893682b4a14fc7d08b9e20c649 DIST patchbundle-selinux-base-policy-2.20141203-r9.tar.bz2 299602 SHA256 e8518004942a6c57170a609683e22b1410c93a2a195829c41dc8fbc703d941b5 SHA512 ce6484fbca1d2d074e50d1a3953392bd3ce0a4617df98fbac37747b469b4f160a9331586dfe1c3ddccb1ccbee24876a2f05ab49e37c8492a48baf83c2d01d140 WHIRLPOOL 1fd7b956e98e95a64c3a713a944d4531259bd156a7feabf6a89c4b5f33ac846377730eede97889e85183be086f282ebd18e860214f6ca3f01b40f2323470ee04 DIST patchbundle-selinux-base-policy-2.20151208-r1.tar.bz2 281828 SHA256 08884d11088f7c9120692c27477b2b43a25a6ad013a87d663697c17209ee9418 SHA512 a2c51b41c1ac909a31e89f52ee7661a22af1ae7950383cd63c7f7bcd1cabac062221a5bac27d12d1ea63a0c30f834ea13c0c75df4bc8b08d8eb31b89a8cc7f02 WHIRLPOOL 87807f84ce7d2207434b2f7f1216f769a50d72960d3999e11f877795c46dcd7ba66e750a8365f5efa3616816aa81585bb921862bb61d9b75b34d4cb744d8748d +DIST patchbundle-selinux-base-policy-2.20151208-r2.tar.bz2 288485 SHA256 ffacc59c80b9bd1cfbe715fdf6d517ba7cf3ccf07c9614c884ba66705c4efdd8 SHA512 6ebd72539362e96711686ea1a5579fd911d5cff53ea1cf7dd910208b2afb07a9f80a8d6c2e7580e1ac996d767dc91440b2eb2781cc3583e070bc9bd34e2cce42 WHIRLPOOL 7492d5b699d9ec0d50bcb03fefd315d0d132c7f087d44c5b6ab5fb36c5f310df5835f544e39428fb749a4f6e6de62badc3e2f13b10dd6f498d994744aa3d30df DIST refpolicy-2.20141203.tar.bz2 680243 SHA256 f438209c430d8a2d4ddcbe4bdd3edb46f6af7dc4913637af0b73c635e40c1522 SHA512 682e4280c5799e4c12ec7594afc1389f67be35055748d2e0dbdc3419159a16c96d4946ca6178daee8370515951f8653b2e452efe8c962b8d7f9bc192f0b15a0c WHIRLPOOL 74bca232534e7af9051bb1ab9f77c1ff6c425781cf4561f781d6e9a40cc5ca0d9add540249ea5493e8782a9372aea296ead6c165c6c440ae1509eb319d151ee5 DIST refpolicy-2.20151208.tar.bz2 698182 SHA256 2dd2f45a7132137afe8302805c3b7839739759b9ab73dd1815c01afe34ac99de SHA512 cbefe117f143adea834065949e24e9fe86336c049e9e0518026597d5b0a18c482a9717422bd39b7fb0012d19df00365c969d87e1f13a7bb9dcb9996313ed6cf8 WHIRLPOOL cb843a602dde4234a62e6f92001bff689a457796215b015bcccce79e7aa73bfe875a82bdbdbf59236f218eb41aaf665fcc5753c42d86eb3ed1caa1b69ddc2efa diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20151208-r2.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20151208-r2.ebuild new file mode 100644 index 000000000000..55b9d0f964f9 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20151208-r2.ebuild @@ -0,0 +1,143 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ +EAPI="5" + +inherit eutils + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 + + KEYWORDS="" +else + SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 ~x86" +fi + +HOMEPAGE="https://www.gentoo.org/proj/en/hardened/selinux/" +DESCRIPTION="SELinux policy for core modules" + +IUSE="+unconfined" + +RDEPEND="=sec-policy/selinux-base-${PVR}" +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + # Patch the source with the base patchbundle + cd "${S}" + EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ + EPATCH_SUFFIX="patch" \ + EPATCH_SOURCE="${WORKDIR}" \ + EPATCH_FORCE="yes" \ + epatch + fi + + # Apply the additional patches refered to by the module ebuild. + # But first some magic to differentiate between bash arrays and strings + if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]]; + then + cd "${S}/refpolicy/policy/modules" + for POLPATCH in "${POLICY_PATCH[@]}"; + do + epatch "${POLPATCH}" + done + else + if [[ -n ${POLICY_PATCH} ]]; + then + cd "${S}/refpolicy/policy/modules" + for POLPATCH in ${POLICY_PATCH}; + do + epatch "${POLPATCH}" + done + fi + fi + + # Calling user patches + epatch_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i -C "${S}"/${i} || die "${i} compile failed" + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + done + done +} + +pkg_postinst() { + # Override the command from the eclass, we need to load in base as well here + local COMMAND + for i in ${MODS}; do + COMMAND="-i ${i}.pp ${COMMAND}" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" + + semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" + done + + # Relabel depending packages + local PKGSET=""; + if [ -x /usr/bin/qdepends ] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [ -x /usr/bin/equery ] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [ -n "${PKGSET}" ] ; then + rlpkg ${PKGSET}; + fi +} |