From 992d51a146d493f8dd5d710e033427d323b9c739 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 6 Oct 2023 23:58:42 +0100 Subject: gentoo auto-resync : 06:10:2023 - 23:58:42 --- sec-policy/selinux-base-policy/Manifest | 3 + .../selinux-base-policy-2.20231002-r1.ebuild | 141 +++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r1.ebuild (limited to 'sec-policy/selinux-base-policy') diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 218bd2a6671d..ac5f2d7c1139 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,7 +1,10 @@ DIST patchbundle-selinux-base-policy-2.20221101-r3.tar.bz2 444710 BLAKE2B e33cc01a8be5a354e022be1e8bf242883b09b15ead0673f859819f5e668f18773a16527f2e608878e6976695dcb2890c55658e77877e93c716ae0b2dd2ed5a9b SHA512 52e60b22346903a6fead95c9fb348fa1d4037b7dcd3e5781248a7dfc426c8c3fced258fd22762c779a5f436d8be21eaed5425ed36ff99c267daae5e1cb9c8e7f DIST patchbundle-selinux-base-policy-2.20221101-r4.tar.bz2 457886 BLAKE2B 1e085f9f1739e0640c5eafa70db4c7ec19bca887c682ca2312a457fa57ee3eb176d0c8f16c2f84a1a026669b1240be3ff69066bd825c92fad75dcd2c13739f6c SHA512 da3ba1f076c04746719698aedb3aad48eb7c8a09df95c314b36f7a052538a07d893be413f35f4c34b01c1bf967ebe35ff32c2cea0722fe74a6e089a9d6aa47a6 +DIST patchbundle-selinux-base-policy-2.20231002-r1.tar.bz2 434734 BLAKE2B f2f28674ba93cd3a699cf0bc8fd06ab0500995f9518082cc76734c724b9ac82fcbcfa536f383a22b2fe72a9f781f202a78e630b7eb314880a98410badb32edd2 SHA512 30963590525842b7aaafc4bda99ae5297dc9706031431e69766dc90507357e4852ab0647893bfa27e6c6d82dd12f9af9a3fb5b790e2bd9b8311b8d91dafd083d DIST refpolicy-2.20221101.tar.bz2 583183 BLAKE2B 783d8af40fd77d7ddb848dba32e91921dd7c1380c094c45b719ada7b15f91aacbb52b410ffa6341f2f705ecbc9674b8570bd4867ce998e944fa0054ffd8bdf74 SHA512 29e5a29d90f714018c88fead2d5006ea90338fb5b7a1e4e98cb2e588c96cd861871d32176f6cc6f7c4e864ce5acae1aeed85d4c706ce2da8168986535baaf3a6 +DIST refpolicy-2.20231002.tar.bz2 600458 BLAKE2B 254d6d3d6b95f21e1f8e1df5822520ccaeade427053fb172079427cf70bd33f8ced87a9e09e1d36ec5f7b33f0bac8d730020d91996c6d25eafdcec66ebe35bb3 SHA512 029cd2225ce57d96f681720f24828e962320af41832ad2dc95d4d41d00dbde20bb08d91fa8b964b592812a9fedd908c261734b77ad72cccfde2de541b9c2c74d EBUILD selinux-base-policy-2.20221101-r3.ebuild 4199 BLAKE2B de34a43ae4e7c17e0ff9a189c679e335d721b98edbcf756fd4679fe3c3867af1d58fd93ea8545149f26dbf78fc290e61c171f39c20b5fe9fd6922c387f0f7230 SHA512 b6664f9c433c6fa6225f6459bf962d5fed49767da4249b2468c63e9b281a336875ce80e90c8107981725b581fb43342df8875a31445ed79800f2dc88d6bc7ca6 EBUILD selinux-base-policy-2.20221101-r4.ebuild 4199 BLAKE2B e60165c87cee6aa509e4d5e25ca51db7b5770503d62800d620b574d50fb8f758abe893bcc672083d29b64e83c790b734d638135313da67f8118f1a212e3fd445 SHA512 0099cd43f405db1189afc33df35211d548f8e0a131891d6bd8e0aa86a6b2c229f0e3c02c83027abaa1678570c34622729cc34d9f399718f42213da4cbae592e3 +EBUILD selinux-base-policy-2.20231002-r1.ebuild 4203 BLAKE2B ef81f1652193ee494e767983c4d221a06b68d76f6a7aa580048afc2cb58afb00bc10cdb6b4a98ea01cc67ed04a39b45ad73558591ac17557516e1f87e8f8accd SHA512 b98cd98801f9e7d2282aad58d7329ee823503f1023fa937e4a7596c7c8c42b6e7c572846d37221b6de0585f5fc3b6ab69fc22346eed2e6ffe598799075c43569 EBUILD selinux-base-policy-9999.ebuild 4203 BLAKE2B 347ed6cef732eb6ebe2eff504ea5d632d9596ad0c5495053b84e6442530a18fbf810d67e424478c76343b3b46cd1a5a02edae76985bb2d9e121822a775c29f8d SHA512 d347e516ac4f03f70fba5b5afcaf7cd61af0c87d0cf20874d6091fd5165f2a62e4b18b5ef7aff911b72d60f87d6f1bb5dc8ef60a6b1ee8f32d5a2a2392a5576a MISC metadata.xml 535 BLAKE2B db3aa01f5f57a5d30b7a39721a569bd2efe77a87701fb4e5d4e64ead0d13b4055dc5224bb7c95bf261e623163a59c18da5500d8da77b3de07801dcb13a9d4077 SHA512 592e02632b459156a686aa752bdcd04c00b6de8029831e39c2bf7c2e9a5e7886d8ebf0a5d16cbe1f6878428ce4e266dc676bf80657d018d204304d1113af7fcf diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r1.ebuild new file mode 100644 index 000000000000..aaff2143be85 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r1.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" +RDEPEND="${DEPEND}" +BDEPEND=" + sys-apps/checkpolicy + sys-devel/m4" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" +DEL_MODS="hotplug" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${DEL_MODS}; do + [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp + done + done +} + +pkg_postinst() { + # Set root path and don't load policy into the kernel when cross compiling + local root_opts="" + if [[ "${ROOT}" != "" ]]; then + root_opts="-p ${ROOT} -n" + fi + + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "