From 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 28 Apr 2021 20:21:43 +0100 Subject: gentoo resync : 28.04.2021 --- sec-policy/selinux-base-policy/Manifest | 3 + .../selinux-base-policy-2.20210203-r1.ebuild | 129 +++++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100644 sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild (limited to 'sec-policy/selinux-base-policy') diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index af434579157b..f93868720749 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,5 +1,8 @@ DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3 +DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7 +DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc EBUILD selinux-base-policy-2.20200818-r2.ebuild 3853 BLAKE2B 2f2ea84e89392c4804f9b58091bbf507defbcd0c9b4fbfbfd90ef5e3210e623d7223477bb3321ed0f489ca555e2ace214db8d265d4f64b0d6140046bc2b85b2f SHA512 f97a595e9fce3c3d0e70502abcb62d602b0b67f91fe4400231aa9cf08edaad463203abe1a6505d1ca442d42232dac68520dfccd0f29a8b5f474c5977e251f99d +EBUILD selinux-base-policy-2.20210203-r1.ebuild 3847 BLAKE2B a3044fed56f1a9195d07d6282fdd8b9506c29d6246575d24967c5066b939c656de30a7b5fb1bb508ce3b595859d2de2d0fa459c0032db987e46ca9411b4d73f4 SHA512 735b1a96d2e51fa79210d0ab738a16b1deba3082483efc91b5630bd09c6aed204bd87d43e04d0a8a00b04001d86321645d754afdb780041a8504687e5bb87658 EBUILD selinux-base-policy-9999.ebuild 3847 BLAKE2B a3044fed56f1a9195d07d6282fdd8b9506c29d6246575d24967c5066b939c656de30a7b5fb1bb508ce3b595859d2de2d0fa459c0032db987e46ca9411b4d73f4 SHA512 735b1a96d2e51fa79210d0ab738a16b1deba3082483efc91b5630bd09c6aed204bd87d43e04d0a8a00b04001d86321645d754afdb780041a8504687e5bb87658 MISC metadata.xml 534 BLAKE2B 1bb289204431150ae974c9fd677926faf72e75def3294b9df405a048e398ac3b6147de8483512487edaeea378e1dbd32df0675acb7fa50326c48382603c5dbfe SHA512 d8340bec9d0ec0feb396b17b53a6d53e3caa7ddd1efdc5e5de07baf86592ad0526d08fc08908295cf18a915eef1c7429c72970d56967162b2390eed6f28c822a diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild new file mode 100644 index 000000000000..171244e9e45e --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild @@ -0,0 +1,129 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" +RDEPEND="$DEPEND" +BDEPEND=" + sys-apps/checkpolicy + sys-devel/m4" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i} + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp + done + done +} + +pkg_postinst() { + # Set root path and don't load policy into the kernel when cross compiling + local root_opts="" + if [[ "${ROOT}" != "" ]]; then + root_opts="-p ${ROOT} -n" + fi + + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "