1 |
commit: 0742bf1dc476bebb2f89798418dabb5b027aeece |
2 |
Author: Luis Ressel <aranea <AT> aixah <DOT> de> |
3 |
AuthorDate: Mon Nov 13 06:37:52 2017 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Nov 13 09:44:43 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0742bf1d |
7 |
|
8 |
sys-apps/policycoreutils: Import from ::gentoo |
9 |
|
10 |
sys-apps/policycoreutils/Manifest | 2 + |
11 |
...policycoreutils-2.7-0001-newrole-not-suid.patch | 13 ++ |
12 |
sys-apps/policycoreutils/metadata.xml | 27 +++ |
13 |
.../policycoreutils/policycoreutils-2.7.ebuild | 181 +++++++++++++++++++++ |
14 |
4 files changed, 223 insertions(+) |
15 |
|
16 |
diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest |
17 |
new file mode 100644 |
18 |
index 0000000..9703b5b |
19 |
--- /dev/null |
20 |
+++ b/sys-apps/policycoreutils/Manifest |
21 |
@@ -0,0 +1,2 @@ |
22 |
+DIST policycoreutils-2.7.tar.gz 2796707 SHA256 0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4 SHA512 ce97d659f72058fd23d8dab8db98fc7c0003806a636c521fa15da465d7358d40ccc8e3eaa9675f00a9b0b8aaa1465d3fb650bc0ebbbf00164e121230673256fb WHIRLPOOL f2360ab5e83f1a9a0f9e63bf700a89c28b61d13f8101c9ea2b68e9f071ede23557a0a5bec9a077b96b42be063421018ab8b85c4443e3bc1021f0d251a62de301 |
23 |
+DIST policycoreutils-extra-1.36.tar.bz2 8830 SHA256 2dfbe799bbbf150e68fab7e168fd71b94505c992623f30c71873213447506e8f SHA512 c6a18e6fb2d65f51dc55b88907f23241f2fbfc033d3d2888b109596d9ed31d509b2c93456727ea4d1f98544831afb15c449ff72d6aedf93b9e474b27817f7fb3 WHIRLPOOL c9772dba472b9b466181204f5bd5fb13d839042c53c84db38999a8b077b0dee1e9e78089b7b5fe4bc4076a1ad1c420528354404b292abd428a73e6f95312d0c4 |
24 |
|
25 |
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch |
26 |
new file mode 100644 |
27 |
index 0000000..6049bbe |
28 |
--- /dev/null |
29 |
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch |
30 |
@@ -0,0 +1,13 @@ |
31 |
+diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile |
32 |
+index bdefbb8..9cff135 100644 |
33 |
+--- policycoreutils/newrole/Makefile |
34 |
++++ policycoreutils/newrole/Makefile |
35 |
+@@ -49,7 +49,7 @@ ifeq ($(NAMESPACE_PRIV),y) |
36 |
+ IS_SUID=y |
37 |
+ endif |
38 |
+ ifeq ($(IS_SUID),y) |
39 |
+- MODE := 4555 |
40 |
++ MODE := 0555 |
41 |
+ override LDLIBS += -lcap-ng |
42 |
+ else |
43 |
+ MODE := 0555 |
44 |
|
45 |
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml |
46 |
new file mode 100644 |
47 |
index 0000000..16effc3 |
48 |
--- /dev/null |
49 |
+++ b/sys-apps/policycoreutils/metadata.xml |
50 |
@@ -0,0 +1,27 @@ |
51 |
+<?xml version="1.0" encoding="UTF-8"?> |
52 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
53 |
+<pkgmetadata> |
54 |
+ <maintainer type="project"> |
55 |
+ <email>selinux@g.o</email> |
56 |
+ <name>SELinux Team</name> |
57 |
+ </maintainer> |
58 |
+ <longdescription> |
59 |
+ Policycoreutils contains the policy core utilities that are required |
60 |
+ for basic operation of a SELinux system. These utilities include |
61 |
+ load_policy to load policies, setfiles to label filesystems, newrole |
62 |
+ to switch roles, and run_init to run /etc/init.d scripts in the proper |
63 |
+ context. |
64 |
+ |
65 |
+ Gentoo-specific tools include rlpkg for relabeling packages by name, |
66 |
+ avc_toggle to toggle between enforcing and permissive modes, and |
67 |
+ avc_enforcing to query the current mode of the system, enforcing or |
68 |
+ permissive. |
69 |
+ </longdescription> |
70 |
+ <use> |
71 |
+ <flag name="audit">Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag> |
72 |
+ </use> |
73 |
+ <upstream> |
74 |
+ <remote-id type="cpe">cpe:/a:redhat:policycoreutils</remote-id> |
75 |
+ <remote-id type="github">SELinuxProject/selinux</remote-id> |
76 |
+ </upstream> |
77 |
+</pkgmetadata> |
78 |
|
79 |
diff --git a/sys-apps/policycoreutils/policycoreutils-2.7.ebuild b/sys-apps/policycoreutils/policycoreutils-2.7.ebuild |
80 |
new file mode 100644 |
81 |
index 0000000..2f74519 |
82 |
--- /dev/null |
83 |
+++ b/sys-apps/policycoreutils/policycoreutils-2.7.ebuild |
84 |
@@ -0,0 +1,181 @@ |
85 |
+# Copyright 1999-2017 Gentoo Foundation |
86 |
+# Distributed under the terms of the GNU General Public License v2 |
87 |
+ |
88 |
+EAPI="6" |
89 |
+PYTHON_COMPAT=( python{2_7,3_4,3_5} ) |
90 |
+PYTHON_REQ_USE="xml" |
91 |
+ |
92 |
+inherit multilib python-r1 toolchain-funcs bash-completion-r1 |
93 |
+ |
94 |
+MY_P="${P//_/-}" |
95 |
+ |
96 |
+MY_RELEASEDATE="20170804" |
97 |
+EXTRAS_VER="1.36" |
98 |
+SEMNG_VER="${PV}" |
99 |
+SELNX_VER="${PV}" |
100 |
+SEPOL_VER="${PV}" |
101 |
+ |
102 |
+IUSE="audit pam dbus" |
103 |
+REQUIRED_USE="${PYTHON_REQUIRED_USE}" |
104 |
+ |
105 |
+DESCRIPTION="SELinux core utilities" |
106 |
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" |
107 |
+ |
108 |
+if [[ ${PV} == 9999 ]] ; then |
109 |
+ inherit git-r3 |
110 |
+ EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" |
111 |
+ SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" |
112 |
+ S1="${WORKDIR}/${MY_P}/${PN}" |
113 |
+ S2="${WORKDIR}/policycoreutils-extra" |
114 |
+ S="${S1}" |
115 |
+else |
116 |
+ SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz |
117 |
+ https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" |
118 |
+ KEYWORDS="amd64 ~arm64 ~mips x86" |
119 |
+ S1="${WORKDIR}/${MY_P}" |
120 |
+ S2="${WORKDIR}/policycoreutils-extra" |
121 |
+ S="${S1}" |
122 |
+fi |
123 |
+ |
124 |
+LICENSE="GPL-2" |
125 |
+SLOT="0" |
126 |
+ |
127 |
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}] |
128 |
+ >=sys-libs/glibc-2.4 |
129 |
+ >=sys-libs/libcap-1.10-r10:= |
130 |
+ >=sys-libs/libsemanage-${SEMNG_VER}:=[python,${PYTHON_USEDEP}] |
131 |
+ sys-libs/libcap-ng:= |
132 |
+ >=sys-libs/libsepol-${SEPOL_VER}:= |
133 |
+ >=app-admin/setools-4.1.1[${PYTHON_USEDEP}] |
134 |
+ sys-devel/gettext |
135 |
+ dev-python/ipy[${PYTHON_USEDEP}] |
136 |
+ dbus? ( |
137 |
+ sys-apps/dbus |
138 |
+ dev-libs/dbus-glib:= |
139 |
+ ) |
140 |
+ audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] ) |
141 |
+ pam? ( sys-libs/pam:= ) |
142 |
+ ${PYTHON_DEPS} |
143 |
+ !<sec-policy/selinux-base-policy-2.20151208-r6" |
144 |
+# 2.20151208-r6 and higher has support for new setfiles |
145 |
+ |
146 |
+### libcgroup -> seunshare |
147 |
+### dbus -> restorecond |
148 |
+ |
149 |
+# pax-utils for scanelf used by rlpkg |
150 |
+RDEPEND="${DEPEND} |
151 |
+ app-misc/pax-utils |
152 |
+ !<sys-apps/openrc-0.14" |
153 |
+ |
154 |
+PDEPEND="sys-apps/semodule-utils |
155 |
+ sys-apps/selinux-python" |
156 |
+ |
157 |
+src_unpack() { |
158 |
+ # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds |
159 |
+ default |
160 |
+ if [[ ${PV} == 9999 ]] ; then |
161 |
+ git-r3_src_unpack |
162 |
+ fi |
163 |
+} |
164 |
+ |
165 |
+src_prepare() { |
166 |
+ S="${S1}" |
167 |
+ cd "${S}" || die "Failed to switch to ${S}" |
168 |
+ if [[ ${PV} != 9999 ]] ; then |
169 |
+ # If needed for live ebuilds please use /etc/portage/patches |
170 |
+ eapply "${FILESDIR}/policycoreutils-2.7-0001-newrole-not-suid.patch" |
171 |
+ fi |
172 |
+ |
173 |
+ # rlpkg is more useful than fixfiles |
174 |
+ sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ |
175 |
+ || die "fixfiles sed 1 failed" |
176 |
+ sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ |
177 |
+ || die "fixfiles sed 2 failed" |
178 |
+ |
179 |
+ eapply_user |
180 |
+ |
181 |
+ sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror" |
182 |
+ |
183 |
+ python_copy_sources |
184 |
+ # Our extra code is outside the regular directory, so set it to the extra |
185 |
+ # directory. We really should optimize this as it is ugly, but the extra |
186 |
+ # code is needed for Gentoo at the same time that policycoreutils is present |
187 |
+ # (so we cannot use an additional package for now). |
188 |
+ S="${S2}" |
189 |
+ python_copy_sources |
190 |
+} |
191 |
+ |
192 |
+src_compile() { |
193 |
+ building() { |
194 |
+ emake -C "${BUILD_DIR}" \ |
195 |
+ AUDIT_LOG_PRIVS="y" \ |
196 |
+ AUDITH="$(usex audit y n)" \ |
197 |
+ PAMH="$(usex pam y n)" \ |
198 |
+ INOTIFYH="$(usex dbus y n)" \ |
199 |
+ SESANDBOX="n" \ |
200 |
+ CC="$(tc-getCC)" \ |
201 |
+ PYLIBVER="${EPYTHON}" \ |
202 |
+ LIBDIR="\$(PREFIX)/$(get_libdir)" |
203 |
+ } |
204 |
+ S="${S1}" # Regular policycoreutils |
205 |
+ python_foreach_impl building |
206 |
+ S="${S2}" # Extra set |
207 |
+ python_foreach_impl building |
208 |
+} |
209 |
+ |
210 |
+src_install() { |
211 |
+ # Python scripts are present in many places. There are no extension modules. |
212 |
+ installation-policycoreutils() { |
213 |
+ einfo "Installing policycoreutils" |
214 |
+ emake -C "${BUILD_DIR}" DESTDIR="${D}" \ |
215 |
+ AUDITH="$(usex audit y n)" \ |
216 |
+ PAMH="$(usex pam y n)" \ |
217 |
+ INOTIFYH="$(usex dbus y n)" \ |
218 |
+ SESANDBOX="n" \ |
219 |
+ AUDIT_LOG_PRIV="y" \ |
220 |
+ LIBDIR="\$(PREFIX)/$(get_libdir)" \ |
221 |
+ install |
222 |
+ python_optimize |
223 |
+ } |
224 |
+ |
225 |
+ installation-extras() { |
226 |
+ einfo "Installing policycoreutils-extra" |
227 |
+ emake -C "${BUILD_DIR}" \ |
228 |
+ DESTDIR="${D}" \ |
229 |
+ INOTIFYH="$(usex dbus)" \ |
230 |
+ SHLIBDIR="${D}$(get_libdir)/rc" \ |
231 |
+ install |
232 |
+ python_optimize |
233 |
+ } |
234 |
+ |
235 |
+ S="${S1}" # policycoreutils |
236 |
+ python_foreach_impl installation-policycoreutils |
237 |
+ S="${S2}" # extras |
238 |
+ python_foreach_impl installation-extras |
239 |
+ S="${S1}" # back for later |
240 |
+ |
241 |
+ # remove redhat-style init script |
242 |
+ rm -fR "${D}/etc/rc.d" || die |
243 |
+ |
244 |
+ # compatibility symlinks |
245 |
+ dosym /sbin/setfiles /usr/sbin/setfiles |
246 |
+ bashcomp_alias setsebool getsebool |
247 |
+ |
248 |
+ # location for policy definitions |
249 |
+ dodir /var/lib/selinux |
250 |
+ keepdir /var/lib/selinux |
251 |
+ |
252 |
+ # Set version-specific scripts |
253 |
+ for pyscript in rlpkg; do |
254 |
+ python_replicate_script "${ED}/usr/sbin/${pyscript}" |
255 |
+ done |
256 |
+} |
257 |
+ |
258 |
+pkg_postinst() { |
259 |
+ for POLICY_TYPE in ${POLICY_TYPES} ; do |
260 |
+ # There have been some changes to the policy store, rebuilding now. |
261 |
+ # https://marc.info/?l=selinux&m=143757277819717&w=2 |
262 |
+ einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)." |
263 |
+ semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" |
264 |
+ done |
265 |
+} |