Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Sven Vermeulen (swift)" <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base: selinux-base-2.20140311-r7.ebuild ChangeLog
Date: Sat, 01 Nov 2014 17:29:34
Message-Id: 20141101172618.0272B938F@oystercatcher.gentoo.org
1 swift 14/11/01 17:26:17
2
3 Modified: ChangeLog
4 Added: selinux-base-2.20140311-r7.ebuild
5 Log:
6 Bump revision r7 of SELinux policies
7
8 (Portage version: 2.2.8-r2/cvs/Linux x86_64, signed Manifest commit with key 0x2EDD52403B68AF47)
9
10 Revision Changes Path
11 1.55 sec-policy/selinux-base/ChangeLog
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?rev=1.55&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?rev=1.55&content-type=text/plain
15 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/ChangeLog?r1=1.54&r2=1.55
16
17 Index: ChangeLog
18 ===================================================================
19 RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v
20 retrieving revision 1.54
21 retrieving revision 1.55
22 diff -u -r1.54 -r1.55
23 --- ChangeLog 1 Nov 2014 16:13:32 -0000 1.54
24 +++ ChangeLog 1 Nov 2014 17:26:17 -0000 1.55
25 @@ -1,6 +1,12 @@
26 # ChangeLog for sec-policy/selinux-base
27 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
28 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.54 2014/11/01 16:13:32 swift Exp $
29 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/ChangeLog,v 1.55 2014/11/01 17:26:17 swift Exp $
30 +
31 +*selinux-base-2.20140311-r7 (01 Nov 2014)
32 +
33 + 01 Nov 2014; Sven Vermeulen <swift@g.o>
34 + +selinux-base-2.20140311-r7.ebuild:
35 + Bump revision r7 of SELinux policies
36
37 01 Nov 2014; Sven Vermeulen <swift@g.o> selinux-base-9999.ebuild:
38 Add KEYWORDS logic in -9999 ebuilds for ease of copying
39
40
41
42 1.1 sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild
43
44 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild?rev=1.1&view=markup
45 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild?rev=1.1&content-type=text/plain
46
47 Index: selinux-base-2.20140311-r7.ebuild
48 ===================================================================
49 # Copyright 1999-2014 Gentoo Foundation
50 # Distributed under the terms of the GNU General Public License v2
51 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base/selinux-base-2.20140311-r7.ebuild,v 1.1 2014/11/01 17:26:17 swift Exp $
52 EAPI="5"
53
54 inherit eutils
55
56 if [[ ${PV} == 9999* ]]; then
57 EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://git.overlays.gentoo.org/proj/hardened-refpolicy.git https://git.overlays.gentoo.org/gitroot/proj/hardened-refpolicy.git}"
58 EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
59 EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
60
61 inherit git-2
62
63 if [[ $PV == 9999* ]] ; then
64 KEYWORDS=""
65 else
66 KEYWORDS="~amd64 ~x86"
67 fi
68 else
69 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
70 http://dev.gentoo.org/~swift/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
71
72 KEYWORDS="~amd64 ~x86"
73 fi
74
75 IUSE="+peer_perms +open_perms +ubac +unconfined doc"
76
77 DESCRIPTION="Gentoo base policy for SELinux"
78 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
79 LICENSE="GPL-2"
80 SLOT="0"
81
82 RDEPEND=">=sys-apps/policycoreutils-2.3
83 virtual/udev
84 !<=sec-policy/selinux-base-policy-2.20120725"
85 DEPEND="${RDEPEND}
86 sys-devel/m4
87 >=sys-apps/checkpolicy-2.3"
88
89 S=${WORKDIR}/
90
91 #src_unpack() {
92 # git-2_src_unpack
93 #}
94
95 src_prepare() {
96 if [[ ${PV} != 9999* ]]; then
97 # Apply the gentoo patches to the policy. These patches are only necessary
98 # for base policies, or for interface changes on modules.
99 EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
100 EPATCH_SUFFIX="patch" \
101 EPATCH_SOURCE="${WORKDIR}" \
102 EPATCH_FORCE="yes" \
103 epatch
104 fi
105
106 cd "${S}/refpolicy"
107 make bare
108 # Fix bug 257111 - Correct the initial sid for cron-started jobs in the
109 # system_r role
110 sed -i -e 's:system_crond_t:system_cronjob_t:g' \
111 "${S}/refpolicy/config/appconfig-standard/default_contexts"
112 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
113 "${S}/refpolicy/config/appconfig-mls/default_contexts"
114 sed -i -e 's|system_r:cronjob_t|system_r:system_cronjob_t|g' \
115 "${S}/refpolicy/config/appconfig-mcs/default_contexts"
116
117 epatch_user
118 }
119
120 src_configure() {
121 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
122
123 # Update the SELinux refpolicy capabilities based on the users' USE flags.
124
125 if ! use peer_perms; then
126 sed -i -e '/network_peer_controls/d' \
127 "${S}/refpolicy/policy/policy_capabilities"
128 fi
129
130 if ! use open_perms; then
131 sed -i -e '/open_perms/d' \
132 "${S}/refpolicy/policy/policy_capabilities"
133 fi
134
135 if ! use ubac; then
136 sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
137 || die "Failed to disable User Based Access Control"
138 fi
139
140 echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf"
141
142 # Prepare initial configuration
143 cd "${S}/refpolicy";
144 make conf || die "Make conf failed"
145
146 # Setup the policies based on the types delivered by the end user.
147 # These types can be "targeted", "strict", "mcs" and "mls".
148 for i in ${POLICY_TYPES}; do
149 cp -a "${S}/refpolicy" "${S}/${i}"
150 cd "${S}/${i}";
151
152 #cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
153 sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf"
154
155 sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
156 "${S}/${i}/build.conf" || die "build.conf setup failed."
157
158 if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
159 then
160 # MCS/MLS require additional settings
161 sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
162 || die "failed to set type to mls"
163 fi
164
165 if [ "${i}" == "targeted" ]; then
166 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
167 "${S}/${i}/config/appconfig-standard/seusers" \
168 || die "targeted seusers setup failed."
169 fi
170
171 if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
172 sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
173 "${S}/${i}/config/appconfig-${i}/seusers" \
174 || die "policy seusers setup failed."
175 fi
176 done
177 }
178
179 src_compile() {
180 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
181
182 for i in ${POLICY_TYPES}; do
183 cd "${S}/${i}"
184 make base || die "${i} compile failed"
185 if use doc; then
186 make html || die
187 fi
188 done
189 }
190
191 src_install() {
192 [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
193
194 for i in ${POLICY_TYPES}; do
195 cd "${S}/${i}"
196
197 make DESTDIR="${D}" install \
198 || die "${i} install failed."
199
200 make DESTDIR="${D}" install-headers \
201 || die "${i} headers install failed."
202
203 echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
204
205 echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
206
207 # libsemanage won't make this on its own
208 keepdir "/etc/selinux/${i}/policy"
209
210 if use doc; then
211 dohtml doc/html/*;
212 fi
213
214 insinto /usr/share/selinux/devel;
215 doins doc/policy.xml;
216
217 done
218
219 dodoc doc/Makefile.example doc/example.{te,fc,if}
220
221 doman man/man8/*.8;
222
223 insinto /etc/selinux
224 doins "${FILESDIR}/config"
225 }
226
227 pkg_preinst() {
228 has_version "<${CATEGORY}/${PN}-2.20101213-r13"
229 previous_less_than_r13=$?
230 }
Report Message
Find on MARC Find on Google Groups