1 |
Although only applicable to SELinux users, I'd like to request some feedback |
2 |
from more seasoned developers on this. The very short version of the |
3 |
question: |
4 |
|
5 |
On http://bit.ly/oJdMVz you can find an updated version of the |
6 |
selinux-policy-2.eclass. Current eclass users will not see different results |
7 |
with this version (although it will be a bit faster as it optimizes the |
8 |
patching stuff), but the eclass is enhanced with additional features. |
9 |
|
10 |
My question(s): does the eclass need additional clean-ups? Am I forgetting |
11 |
some serious (or less serious) stuff? Also: is a name bump necessary (I |
12 |
don't believe it is)? |
13 |
|
14 |
Longer version now... |
15 |
|
16 |
As described on the Gentoo Hardened mailinglist [1] the SELinux policy |
17 |
eclass is seeing some updates. For the gory details on the technicalities I |
18 |
refer to the message posted there. |
19 |
|
20 |
[1] http://archives.gentoo.org/gentoo-hardened/msg_3316fc595a6d33c178d0d61ef6acdad0.xml |
21 |
|
22 |
This eclass is used by the sec-policy/selinux-* packages which offer the |
23 |
SELinux policies for Gentoo. What the eclass basically does is to download |
24 |
and extract the upstream reference policy [2], applies the Gentoo-managed |
25 |
patches to it and then builds the SELinux policy module (as identified by |
26 |
the MODS variable) for the right policy types. |
27 |
|
28 |
[2] http://oss.tresys.com/projects/refpolicy |
29 |
|
30 |
Compared with the current selinux-policy-2.eclass, the following changes have |
31 |
been applied (short version) |
32 |
|
33 |
- Support for the BASEPOL version (reuse of patch bundle offered by |
34 |
selinux-base-policy) |
35 |
- Apply patches (once) before copying sources rather than applying multiple |
36 |
times (up to 4) after copying the sources |
37 |
- Add eclass documentation comments |
38 |
- Support higher-level EAPIs |
39 |
- Support bash-style arrays for POLICY_PATCH variable |
40 |
- Quite a few minor fixes |
41 |
|
42 |
I'd like to update the eclass (through a proxy developer) so that we can start |
43 |
pushing out the SELinux policy module ebuilds based on upstream's 2.20110726 |
44 |
release (which will use the new functionality offered by the eclass to increase |
45 |
manageability). |
46 |
|
47 |
Does anyone see issues with the eclass implementation? |
48 |
Are there people who feel that the eclass version should be bumped? |
49 |
Are there opportunities that we should consider while updating the eclass? |
50 |
|
51 |
With thanks to Anthony G. Basile (blueness) and Peter Volkov (pva) for |
52 |
the initial reviews and comments. |