diff options
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 1 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20170204-r3.ebuild | 121 |
2 files changed, 122 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 2f256bb5e489..fa6871257b2f 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -5,6 +5,7 @@ DIST patchbundle-selinux-base-policy-2.20161023-r3.tar.bz2 321394 SHA256 7652140 DIST patchbundle-selinux-base-policy-2.20161023-r4.tar.bz2 358553 SHA256 d105d5fbf2859d7f9766ef46ef29c3d71165b4f5ff9548bcbdeca5a1f76b0c27 SHA512 a99f3eda699eb4b040c19f51060a96a116a76aabda323d1a2d840f130c6ccfe34118645d296d48f855a2a2abb0ab6db686b37d02950012798796eafcebfdd781 WHIRLPOOL 849b0e88ed3f1f54de18c0c2edcc0fecd3968e30eb970aace41d0b79aa3d203b2bbcf96f4c564fed95e7b3c8e3b2f524e11c9942ab36e6d6c49431696925b8a8 DIST patchbundle-selinux-base-policy-2.20170204-r1.tar.bz2 327838 SHA256 66ca7d95e7af81f30dce42550f6dccba0cabc52fefa18747a552ef8caa892e4c SHA512 727dd11bc5a777388199fb1da67add940a6051cca874456cdc4bb65f567216481e70b92fcf37ac59cc48d907fbe87b67e97c3813c4c97d5f31b7c66b7246f166 WHIRLPOOL 6235b026ee9c9acff18923634b6047e155d836a3544ae8e5e4448cc198732629fc163e5374b0546187703afe020a3473d3e2bc3883533a96fe3537fa14487fa4 DIST patchbundle-selinux-base-policy-2.20170204-r2.tar.bz2 354083 SHA256 95a77b781be01ed29fe02df2b72fa1fe90e993c1a9513ccd94ad3f39d6170367 SHA512 ac907590cefdc69638fce25de481d3dce625f0f1511e0fa3d0bcc78b2a18c57c0bea392c225d314645b1aec5abbcedf67bfc50b66be8580447bbcac7223ea66d WHIRLPOOL d447bb2afb33d66c11db77b1b3401b9151394f3cc306a660efd4e858648a4f8d2c9b6281bc1c41f820103bd352bc47e933e2d84e0d351c4b6be038877b7f167e +DIST patchbundle-selinux-base-policy-2.20170204-r3.tar.bz2 342266 SHA256 c5d99de3af1a6aec5aced5c4776ee47e15dbf467e116daa9d2df6f69653cf1c9 SHA512 df46b785a17c633d6fcd063b48258a362a0df13fcb71fb699b6c19281f4d647db43639e08e083157fcd49405c5c38c8408534decff99536d28ada64e9192d130 WHIRLPOOL 703c227d4490d9ba291089ac425c1e2924ad28644e5e7fbacbdc43c77eb7df6eaf776bef52b4019316f104ba29f06f90fc6222eb43106f7a9d678cf369eaf807 DIST refpolicy-2.20151208.tar.bz2 698182 SHA256 2dd2f45a7132137afe8302805c3b7839739759b9ab73dd1815c01afe34ac99de SHA512 cbefe117f143adea834065949e24e9fe86336c049e9e0518026597d5b0a18c482a9717422bd39b7fb0012d19df00365c969d87e1f13a7bb9dcb9996313ed6cf8 WHIRLPOOL cb843a602dde4234a62e6f92001bff689a457796215b015bcccce79e7aa73bfe875a82bdbdbf59236f218eb41aaf665fcc5753c42d86eb3ed1caa1b69ddc2efa DIST refpolicy-2.20161023.tar.bz2 1768667 SHA256 14c9576e2cdf0ecf656134bc59cba99589dbba2895344d2fc226bdb5d8e541c7 SHA512 3201ca3c6cada1053343d3763d36072cf40afa46bf5343087a8254320879cb61fef539dc7742e04e5645d0c886b8f4bf552bf502e9716f7a3282efc0b0ed970d WHIRLPOOL 3f44955c3b13f5a6152d8ca8b75b3c8d52becc1c47b3b0126f5c86fbdad8bf6a1ae72c42e0b130352e139f987340b3c0d3d37aac5b80c5e3d731fcd666b88504 DIST refpolicy-2.20170204.tar.bz2 709965 SHA256 5e4daee61d89dfdc8c7bf369f81c99845931e337916dc6401e301c5de57ea336 SHA512 30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f WHIRLPOOL a6b6aa1265f3e7e78c6e8012f0cb8098e0727e77bfcf8165866e876b41c18648711c82d87750c081cc49e89b85be03ef3b420a2df25269e2ce070181af308ec6 diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20170204-r3.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20170204-r3.ebuild new file mode 100644 index 000000000000..24ff4807a9d4 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20170204-r3.ebuild @@ -0,0 +1,121 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +EAPI="6" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://www.gentoo.org/proj/en/hardened/selinux/" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_setup() { + if use systemd; then + MODS="${MODS} systemd" + fi +} + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i -C "${S}"/${i} || die "${i} compile failed" + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" + done + done +} + +pkg_postinst() { + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "<sys-apps/policycoreutils-2.5"; then + COMMAND="-b base.pp" + fi + + for i in ${MODS}; do + COMMAND="${COMMAND} -i ${i}.pp" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" + + semodule -s ${i} ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" + done + + # Relabel depending packages + local PKGSET=""; + if [[ -x /usr/bin/qdepends ]] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [[ -x /usr/bin/equery ]] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [[ -n "${PKGSET}" ]] ; then + rlpkg ${PKGSET}; + fi +} |