| 1 |
commit: e5dd3905dd034a68bd4519432b09a28a81d541f1 |
| 2 |
Author: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Mon Jan 30 19:29:47 2017 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Jan 30 19:30:11 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5dd3905 |
| 7 |
|
| 8 |
sys-apps/policycoreutils: Properly depend on audit[python] and fix selocal attribute resolving |
| 9 |
|
| 10 |
The first bug this release fixes is bug 597978. Previous policycoreutils versions |
| 11 |
provided a selocal application which can't deal with the new setools. The previous |
| 12 |
setools had seinfo return a non-zero return code if an attribute (or role, or ... |
| 13 |
depending on what was asked) was not found. The newer setools gives this in the |
| 14 |
output, but keeps the zero return code. selocal depended on the return code |
| 15 |
previously. |
| 16 |
|
| 17 |
The second bug this release fixes is bug 605692. Well, partially, because the bug |
| 18 |
has two issues mentioned. The first one is the (wrong) dependency on audit. If the |
| 19 |
policycoreutils package is build with USE="audit" then it should depend on audit[python] |
| 20 |
rather than just audit. This is the issue that is fixed in this release. |
| 21 |
|
| 22 |
The second issue (not being able to use a number of semanage commands when |
| 23 |
USE="-audit") is not resolved yet. |
| 24 |
|
| 25 |
Package-Manager: portage-2.3.3 |
| 26 |
|
| 27 |
.../policycoreutils/policycoreutils-2.6-r1.ebuild | 187 +++++++++++++++++++++ |
| 28 |
1 file changed, 187 insertions(+) |
| 29 |
|
| 30 |
diff --git a/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild |
| 31 |
new file mode 100644 |
| 32 |
index 00000000..555f256 |
| 33 |
--- /dev/null |
| 34 |
+++ b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild |
| 35 |
@@ -0,0 +1,187 @@ |
| 36 |
+# Copyright 1999-2017 Gentoo Foundation |
| 37 |
+# Distributed under the terms of the GNU General Public License v2 |
| 38 |
+# $Id$ |
| 39 |
+ |
| 40 |
+EAPI="6" |
| 41 |
+PYTHON_COMPAT=( python{2_7,3_4,3_5} ) |
| 42 |
+PYTHON_REQ_USE="xml" |
| 43 |
+ |
| 44 |
+inherit multilib python-r1 toolchain-funcs bash-completion-r1 |
| 45 |
+ |
| 46 |
+MY_P="${P//_/-}" |
| 47 |
+ |
| 48 |
+MY_RELEASEDATE="20161014" |
| 49 |
+EXTRAS_VER="1.35" |
| 50 |
+SEMNG_VER="${PV}" |
| 51 |
+SELNX_VER="${PV}" |
| 52 |
+SEPOL_VER="${PV}" |
| 53 |
+ |
| 54 |
+IUSE="audit pam dbus" |
| 55 |
+ |
| 56 |
+DESCRIPTION="SELinux core utilities" |
| 57 |
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" |
| 58 |
+ |
| 59 |
+if [[ ${PV} == 9999 ]] ; then |
| 60 |
+ inherit git-r3 |
| 61 |
+ EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" |
| 62 |
+ SRC_URI="https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" |
| 63 |
+ S1="${WORKDIR}/${MY_P}/${PN}" |
| 64 |
+ S2="${WORKDIR}/policycoreutils-extra" |
| 65 |
+ S="${S1}" |
| 66 |
+else |
| 67 |
+ SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz |
| 68 |
+ https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" |
| 69 |
+ KEYWORDS="~amd64 ~arm64 ~mips ~x86" |
| 70 |
+ S1="${WORKDIR}/${MY_P}" |
| 71 |
+ S2="${WORKDIR}/policycoreutils-extra" |
| 72 |
+ S="${S1}" |
| 73 |
+fi |
| 74 |
+ |
| 75 |
+LICENSE="GPL-2" |
| 76 |
+SLOT="0" |
| 77 |
+ |
| 78 |
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python] |
| 79 |
+ >=sys-libs/glibc-2.4 |
| 80 |
+ >=sys-libs/libcap-1.10-r10:= |
| 81 |
+ >=sys-libs/libsemanage-${SEMNG_VER}:=[python] |
| 82 |
+ sys-libs/libcap-ng:= |
| 83 |
+ >=sys-libs/libsepol-${SEPOL_VER}:= |
| 84 |
+ >=app-admin/setools-4.0 |
| 85 |
+ sys-devel/gettext |
| 86 |
+ dev-python/ipy[${PYTHON_USEDEP}] |
| 87 |
+ dbus? ( |
| 88 |
+ sys-apps/dbus |
| 89 |
+ dev-libs/dbus-glib:= |
| 90 |
+ ) |
| 91 |
+ audit? ( >=sys-process/audit-1.5.1[python] ) |
| 92 |
+ pam? ( sys-libs/pam:= ) |
| 93 |
+ ${PYTHON_DEPS} |
| 94 |
+ !<sec-policy/selinux-base-policy-2.20151208-r6" |
| 95 |
+# 2.20151208-r6 and higher has support for new setfiles |
| 96 |
+ |
| 97 |
+### libcgroup -> seunshare |
| 98 |
+### dbus -> restorecond |
| 99 |
+ |
| 100 |
+# pax-utils for scanelf used by rlpkg |
| 101 |
+RDEPEND="${DEPEND} |
| 102 |
+ dev-python/sepolgen |
| 103 |
+ app-misc/pax-utils |
| 104 |
+ !<sys-apps/openrc-0.14" |
| 105 |
+ |
| 106 |
+src_unpack() { |
| 107 |
+ # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds |
| 108 |
+ default |
| 109 |
+ if [[ ${PV} == 9999 ]] ; then |
| 110 |
+ git-r3_src_unpack |
| 111 |
+ fi |
| 112 |
+} |
| 113 |
+ |
| 114 |
+src_prepare() { |
| 115 |
+ S="${S1}" |
| 116 |
+ cd "${S}" || die "Failed to switch to ${S}" |
| 117 |
+ if [[ ${PV} != 9999 ]] ; then |
| 118 |
+ # If needed for live ebuilds please use /etc/portage/patches |
| 119 |
+ eapply "${FILESDIR}/0010-remove-sesandbox-support.patch" |
| 120 |
+ eapply "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch" |
| 121 |
+ eapply "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch" |
| 122 |
+ eapply "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch" |
| 123 |
+ eapply "${FILESDIR}/0110-build-mcstrans-bug-472912.patch" |
| 124 |
+ eapply "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch" |
| 125 |
+ fi |
| 126 |
+ |
| 127 |
+ # rlpkg is more useful than fixfiles |
| 128 |
+ sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ |
| 129 |
+ || die "fixfiles sed 1 failed" |
| 130 |
+ sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ |
| 131 |
+ || die "fixfiles sed 2 failed" |
| 132 |
+ |
| 133 |
+ eapply_user |
| 134 |
+ |
| 135 |
+ sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror" |
| 136 |
+ |
| 137 |
+ python_copy_sources |
| 138 |
+ # Our extra code is outside the regular directory, so set it to the extra |
| 139 |
+ # directory. We really should optimize this as it is ugly, but the extra |
| 140 |
+ # code is needed for Gentoo at the same time that policycoreutils is present |
| 141 |
+ # (so we cannot use an additional package for now). |
| 142 |
+ S="${S2}" |
| 143 |
+ python_copy_sources |
| 144 |
+} |
| 145 |
+ |
| 146 |
+src_compile() { |
| 147 |
+ building() { |
| 148 |
+ emake -C "${BUILD_DIR}" \ |
| 149 |
+ AUDIT_LOG_PRIVS="y" \ |
| 150 |
+ AUDITH="$(usex audit)" \ |
| 151 |
+ PAMH="$(usex pam)" \ |
| 152 |
+ INOTIFYH="$(usex dbus)" \ |
| 153 |
+ SESANDBOX="n" \ |
| 154 |
+ CC="$(tc-getCC)" \ |
| 155 |
+ PYLIBVER="${EPYTHON}" \ |
| 156 |
+ LIBDIR="\$(PREFIX)/$(get_libdir)" |
| 157 |
+ } |
| 158 |
+ S="${S1}" # Regular policycoreutils |
| 159 |
+ python_foreach_impl building |
| 160 |
+ S="${S2}" # Extra set |
| 161 |
+ python_foreach_impl building |
| 162 |
+} |
| 163 |
+ |
| 164 |
+src_install() { |
| 165 |
+ # Python scripts are present in many places. There are no extension modules. |
| 166 |
+ installation-policycoreutils() { |
| 167 |
+ einfo "Installing policycoreutils" |
| 168 |
+ emake -C "${BUILD_DIR}" DESTDIR="${D}" \ |
| 169 |
+ AUDITH="$(usex audit)" \ |
| 170 |
+ PAMH="$(usex pam)" \ |
| 171 |
+ INOTIFYH="$(usex dbus)" \ |
| 172 |
+ SESANDBOX="n" \ |
| 173 |
+ AUDIT_LOG_PRIV="y" \ |
| 174 |
+ PYLIBVER="${EPYTHON}" \ |
| 175 |
+ LIBDIR="\$(PREFIX)/$(get_libdir)" \ |
| 176 |
+ install |
| 177 |
+ python_optimize |
| 178 |
+ } |
| 179 |
+ |
| 180 |
+ installation-extras() { |
| 181 |
+ einfo "Installing policycoreutils-extra" |
| 182 |
+ emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install |
| 183 |
+ python_optimize |
| 184 |
+ } |
| 185 |
+ |
| 186 |
+ S="${S1}" # policycoreutils |
| 187 |
+ python_foreach_impl installation-policycoreutils |
| 188 |
+ S="${S2}" # extras |
| 189 |
+ python_foreach_impl installation-extras |
| 190 |
+ S="${S1}" # back for later |
| 191 |
+ |
| 192 |
+ # remove redhat-style init script |
| 193 |
+ rm -fR "${D}/etc/rc.d" || die |
| 194 |
+ |
| 195 |
+ # compatibility symlinks |
| 196 |
+ dosym /sbin/setfiles /usr/sbin/setfiles |
| 197 |
+ bashcomp_alias setsebool getsebool |
| 198 |
+ |
| 199 |
+ # location for policy definitions |
| 200 |
+ dodir /var/lib/selinux |
| 201 |
+ keepdir /var/lib/selinux |
| 202 |
+ |
| 203 |
+ # Set version-specific scripts |
| 204 |
+ for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do |
| 205 |
+ python_replicate_script "${ED}/usr/bin/${pyscript}" |
| 206 |
+ done |
| 207 |
+ for pyscript in semanage rlpkg; do |
| 208 |
+ python_replicate_script "${ED}/usr/sbin/${pyscript}" |
| 209 |
+ done |
| 210 |
+ |
| 211 |
+ dodir /usr/share/doc/${PF}/mcstrans/examples |
| 212 |
+ cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples" || die |
| 213 |
+} |
| 214 |
+ |
| 215 |
+pkg_postinst() { |
| 216 |
+ for POLICY_TYPE in ${POLICY_TYPES} ; do |
| 217 |
+ # There have been some changes to the policy store, rebuilding now. |
| 218 |
+ # https://marc.info/?l=selinux&m=143757277819717&w=2 |
| 219 |
+ einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)." |
| 220 |
+ semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" |
| 221 |
+ done |
| 222 |
+} |
Archives