diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2025-03-10 01:49:12 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2025-03-10 01:49:12 +0000 |
| commit | 7c5ebaf83da4c538dd11b56fdd5dfdf39dcbc096 (patch) | |
| tree | 5cd412784dc4fb63a7f56eb252196ed9dd6980c4 /sec-policy/selinux-base-policy | |
| parent | 0b832a429ecd6081aa9faa0eb262303b019d87ea (diff) | |
gentoo auto-resync : 10:03:2025 - 01:49:12
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 3 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20250213-r1.ebuild | 141 |
2 files changed, 144 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 84124cbb7e6a..d0200b60f7e8 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,8 +1,11 @@ DIST patchbundle-selinux-base-policy-2.20240226-r2.tar.bz2 442650 BLAKE2B f2f7c5e4a595afafc072fd78fc4ef3930cf739d05cbe9670f2fb2956fe84e3045518345e103bc3880603d2562f06ba0597fc005d8d394e9f8cd057363f9bf95f SHA512 2cb00d088eebdb098a6496f156eeb3dcee026fc6e53d732bac5bc8a4cfee1ce3bf2bdbbbfbbe9bba237d61c06f299d96bb9d123a57a44aaaa17cc122e15ea268 DIST patchbundle-selinux-base-policy-2.20240916-r1.tar.bz2 274891 BLAKE2B 72b8181424450998164979ab582e8edee6d73b9110b4535e7880d1f7c989bd0ac391422872858da7bad3e3d77516996af93aa2f149f7d4a7f8fd329c481964cf SHA512 fd8259c91cc779301d6e0964827133529a9141dc235301da135210ea4359b800023848a25e33c45678477fa4f54e75da51be9ec85a3bed8b07cf5487e73b84f3 +DIST patchbundle-selinux-base-policy-2.20250213-r1.tar.bz2 276621 BLAKE2B 5a4b0c5fe017fd6c59c3f5d3a1af97e31485bd4325b10a2769883091e5ea6fd205ad42f346c06e6d443aeed9e46bf962febc177f58241c4633058918db6b7fb6 SHA512 1098cfb396d56dfc4f0c2b3ff90dcb9de3bf0b081f1d0c21d793fccc78e48d35a93883bb7fd54a0acd5fa2b06edc8965cbfe72e2b8f3ea325bbee18a8c8e7163 DIST refpolicy-2.20240226.tar.bz2 610561 BLAKE2B 5dc54dcf7238776d4e4b282c1dcbc499f45c0d96676dbf931da39592854034874b5dd6197a2e2776fccec5106d5f245eea3fb9419959bd4d61e9b2c12aeaaa85 SHA512 896a57afb024bd131f25d2831a9a5ac90ee7e5d76b0565bc818c156f6c310d86758bcd4cedbd9df5b29954c9a92a42300d16685a7e07a5efd8f789320724b3f9 DIST refpolicy-2.20240916.tar.bz2 618218 BLAKE2B d86ca75d254eef10f4aa57ef3977825211200cdf1eaa9bf9d416c9a52acee476b3f8719c3b0c8c17fdff2abc0c396989961e37e313a7b3bd3b4b0266a6280e75 SHA512 a8b6c90f8e186796b4c7db1e2d8ed3c3b8690bb5b8f180dcb6d5468ba80467e2969012c4edddf74429c0f5ce900d68fbbc0c2f8e253165af28f93f191039f064 +DIST refpolicy-2.20250213.tar.bz2 627837 BLAKE2B 64d64549bf1fcfc33107e8f4c842af4e3279a856c3a140d05749bae687ffadfe25e4b7383bef3618b13bbd553046d162fcd48b713500d3fd59073b5bece91008 SHA512 cbaf65dfe6d7cc886674bb37160170dac060265d5cf241bfac0c0e5ef45744f057107d81c933f01411c5cd538c95755b7a92331197e2b97b995efc4d6f266895 EBUILD selinux-base-policy-2.20240226-r2.ebuild 4200 BLAKE2B 972d92d1347a52eb5c6e8a09e433a0f01c4b2d909dce5c3271550555fb4ae3d1383991527184d29327ef609bef66f32caef874ad4a742fa8a15172ac7f20779a SHA512 5562898520bbfaa5307e4ced3480e17fce38a4b3a0921fb046de31ac79664404239d154e0f574e1ea29f0e0c221a29a3a32a6a552c0db6a8c8d661a9546bea06 EBUILD selinux-base-policy-2.20240916-r1.ebuild 4200 BLAKE2B 972d92d1347a52eb5c6e8a09e433a0f01c4b2d909dce5c3271550555fb4ae3d1383991527184d29327ef609bef66f32caef874ad4a742fa8a15172ac7f20779a SHA512 5562898520bbfaa5307e4ced3480e17fce38a4b3a0921fb046de31ac79664404239d154e0f574e1ea29f0e0c221a29a3a32a6a552c0db6a8c8d661a9546bea06 +EBUILD selinux-base-policy-2.20250213-r1.ebuild 4204 BLAKE2B 6697c15e0c46174b2ef6f9aa3ee3d271543affefc50be1affdf4f85e24642b4bebd7b935ca8a7550f10a400bf1f9e4e59c54173fe9b0bb546ba7dee8648c0d65 SHA512 2a3d63360ada024cfca2b5512c78927d30924afd41c76d3ea3bba16c9f59730896a419e1d107c971444230d03f68533a0c39114f872313c2b0bda09c166a8e97 EBUILD selinux-base-policy-9999.ebuild 4204 BLAKE2B 22f1b8dd634963ed73dc3ac9a9ef1d075e6a2942b0cfbad5e84b4b58f351ad2cdeafec078da1b711408a8b69b20cfe3598e54acec6fe0b801e984e8796b069ec SHA512 94a3449207e3359e81504af0ad26cd45b56dfa211af04d39d603b159194d0afb8438ca16fc1013ccc77b466f78e280f6b00bb65077bc16d8a431393d869e1c24 MISC metadata.xml 535 BLAKE2B db3aa01f5f57a5d30b7a39721a569bd2efe77a87701fb4e5d4e64ead0d13b4055dc5224bb7c95bf261e623163a59c18da5500d8da77b3de07801dcb13a9d4077 SHA512 592e02632b459156a686aa752bdcd04c00b6de8029831e39c2bf7c2e9a5e7886d8ebf0a5d16cbe1f6878428ce4e266dc676bf80657d018d204304d1113af7fcf diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20250213-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20250213-r1.ebuild new file mode 100644 index 000000000000..08b8534f7f5f --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20250213-r1.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86" +fi + +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" +RDEPEND="${DEPEND}" +BDEPEND=" + sys-apps/checkpolicy + sys-devel/m4" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" +DEL_MODS="hotplug" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${DEL_MODS}; do + [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp + done + done +} + +pkg_postinst() { + # Set root path and don't load policy into the kernel when cross compiling + local root_opts="" + if [[ "${ROOT}" != "" ]]; then + root_opts="-p ${ROOT} -n" + fi + + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "<sys-apps/policycoreutils-2.5"; then + COMMAND="-b base.pp" + fi + + for i in ${MODS}; do + COMMAND="${COMMAND} -i ${i}.pp" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd "${ROOT}/usr/share/selinux/${i}" + + semodule ${root_opts} -s ${i} ${COMMAND} + + for mod in ${DEL_MODS}; do + if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then + einfo "Removing obsolete ${i} ${mod} policy package" + semodule ${root_opts} -s ${i} -r ${mod} + fi + done + done + + # Don't relabel when cross compiling + if [[ "${ROOT}" == "" ]]; then + # Relabel depending packages + local PKGSET=""; + if [[ -x /usr/bin/qdepends ]] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [[ -x /usr/bin/equery ]] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [[ -n "${PKGSET}" ]] ; then + rlpkg ${PKGSET}; + fi + fi +} |