1 |
commit: e5dd3905dd034a68bd4519432b09a28a81d541f1 |
2 |
Author: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jan 30 19:29:47 2017 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jan 30 19:30:11 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5dd3905 |
7 |
|
8 |
sys-apps/policycoreutils: Properly depend on audit[python] and fix selocal attribute resolving |
9 |
|
10 |
The first bug this release fixes is bug 597978. Previous policycoreutils versions |
11 |
provided a selocal application which can't deal with the new setools. The previous |
12 |
setools had seinfo return a non-zero return code if an attribute (or role, or ... |
13 |
depending on what was asked) was not found. The newer setools gives this in the |
14 |
output, but keeps the zero return code. selocal depended on the return code |
15 |
previously. |
16 |
|
17 |
The second bug this release fixes is bug 605692. Well, partially, because the bug |
18 |
has two issues mentioned. The first one is the (wrong) dependency on audit. If the |
19 |
policycoreutils package is build with USE="audit" then it should depend on audit[python] |
20 |
rather than just audit. This is the issue that is fixed in this release. |
21 |
|
22 |
The second issue (not being able to use a number of semanage commands when |
23 |
USE="-audit") is not resolved yet. |
24 |
|
25 |
Package-Manager: portage-2.3.3 |
26 |
|
27 |
.../policycoreutils/policycoreutils-2.6-r1.ebuild | 187 +++++++++++++++++++++ |
28 |
1 file changed, 187 insertions(+) |
29 |
|
30 |
diff --git a/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild |
31 |
new file mode 100644 |
32 |
index 00000000..555f256 |
33 |
--- /dev/null |
34 |
+++ b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild |
35 |
@@ -0,0 +1,187 @@ |
36 |
+# Copyright 1999-2017 Gentoo Foundation |
37 |
+# Distributed under the terms of the GNU General Public License v2 |
38 |
+# $Id$ |
39 |
+ |
40 |
+EAPI="6" |
41 |
+PYTHON_COMPAT=( python{2_7,3_4,3_5} ) |
42 |
+PYTHON_REQ_USE="xml" |
43 |
+ |
44 |
+inherit multilib python-r1 toolchain-funcs bash-completion-r1 |
45 |
+ |
46 |
+MY_P="${P//_/-}" |
47 |
+ |
48 |
+MY_RELEASEDATE="20161014" |
49 |
+EXTRAS_VER="1.35" |
50 |
+SEMNG_VER="${PV}" |
51 |
+SELNX_VER="${PV}" |
52 |
+SEPOL_VER="${PV}" |
53 |
+ |
54 |
+IUSE="audit pam dbus" |
55 |
+ |
56 |
+DESCRIPTION="SELinux core utilities" |
57 |
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" |
58 |
+ |
59 |
+if [[ ${PV} == 9999 ]] ; then |
60 |
+ inherit git-r3 |
61 |
+ EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" |
62 |
+ SRC_URI="https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" |
63 |
+ S1="${WORKDIR}/${MY_P}/${PN}" |
64 |
+ S2="${WORKDIR}/policycoreutils-extra" |
65 |
+ S="${S1}" |
66 |
+else |
67 |
+ SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz |
68 |
+ https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" |
69 |
+ KEYWORDS="~amd64 ~arm64 ~mips ~x86" |
70 |
+ S1="${WORKDIR}/${MY_P}" |
71 |
+ S2="${WORKDIR}/policycoreutils-extra" |
72 |
+ S="${S1}" |
73 |
+fi |
74 |
+ |
75 |
+LICENSE="GPL-2" |
76 |
+SLOT="0" |
77 |
+ |
78 |
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python] |
79 |
+ >=sys-libs/glibc-2.4 |
80 |
+ >=sys-libs/libcap-1.10-r10:= |
81 |
+ >=sys-libs/libsemanage-${SEMNG_VER}:=[python] |
82 |
+ sys-libs/libcap-ng:= |
83 |
+ >=sys-libs/libsepol-${SEPOL_VER}:= |
84 |
+ >=app-admin/setools-4.0 |
85 |
+ sys-devel/gettext |
86 |
+ dev-python/ipy[${PYTHON_USEDEP}] |
87 |
+ dbus? ( |
88 |
+ sys-apps/dbus |
89 |
+ dev-libs/dbus-glib:= |
90 |
+ ) |
91 |
+ audit? ( >=sys-process/audit-1.5.1[python] ) |
92 |
+ pam? ( sys-libs/pam:= ) |
93 |
+ ${PYTHON_DEPS} |
94 |
+ !<sec-policy/selinux-base-policy-2.20151208-r6" |
95 |
+# 2.20151208-r6 and higher has support for new setfiles |
96 |
+ |
97 |
+### libcgroup -> seunshare |
98 |
+### dbus -> restorecond |
99 |
+ |
100 |
+# pax-utils for scanelf used by rlpkg |
101 |
+RDEPEND="${DEPEND} |
102 |
+ dev-python/sepolgen |
103 |
+ app-misc/pax-utils |
104 |
+ !<sys-apps/openrc-0.14" |
105 |
+ |
106 |
+src_unpack() { |
107 |
+ # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds |
108 |
+ default |
109 |
+ if [[ ${PV} == 9999 ]] ; then |
110 |
+ git-r3_src_unpack |
111 |
+ fi |
112 |
+} |
113 |
+ |
114 |
+src_prepare() { |
115 |
+ S="${S1}" |
116 |
+ cd "${S}" || die "Failed to switch to ${S}" |
117 |
+ if [[ ${PV} != 9999 ]] ; then |
118 |
+ # If needed for live ebuilds please use /etc/portage/patches |
119 |
+ eapply "${FILESDIR}/0010-remove-sesandbox-support.patch" |
120 |
+ eapply "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch" |
121 |
+ eapply "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch" |
122 |
+ eapply "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch" |
123 |
+ eapply "${FILESDIR}/0110-build-mcstrans-bug-472912.patch" |
124 |
+ eapply "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch" |
125 |
+ fi |
126 |
+ |
127 |
+ # rlpkg is more useful than fixfiles |
128 |
+ sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ |
129 |
+ || die "fixfiles sed 1 failed" |
130 |
+ sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ |
131 |
+ || die "fixfiles sed 2 failed" |
132 |
+ |
133 |
+ eapply_user |
134 |
+ |
135 |
+ sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror" |
136 |
+ |
137 |
+ python_copy_sources |
138 |
+ # Our extra code is outside the regular directory, so set it to the extra |
139 |
+ # directory. We really should optimize this as it is ugly, but the extra |
140 |
+ # code is needed for Gentoo at the same time that policycoreutils is present |
141 |
+ # (so we cannot use an additional package for now). |
142 |
+ S="${S2}" |
143 |
+ python_copy_sources |
144 |
+} |
145 |
+ |
146 |
+src_compile() { |
147 |
+ building() { |
148 |
+ emake -C "${BUILD_DIR}" \ |
149 |
+ AUDIT_LOG_PRIVS="y" \ |
150 |
+ AUDITH="$(usex audit)" \ |
151 |
+ PAMH="$(usex pam)" \ |
152 |
+ INOTIFYH="$(usex dbus)" \ |
153 |
+ SESANDBOX="n" \ |
154 |
+ CC="$(tc-getCC)" \ |
155 |
+ PYLIBVER="${EPYTHON}" \ |
156 |
+ LIBDIR="\$(PREFIX)/$(get_libdir)" |
157 |
+ } |
158 |
+ S="${S1}" # Regular policycoreutils |
159 |
+ python_foreach_impl building |
160 |
+ S="${S2}" # Extra set |
161 |
+ python_foreach_impl building |
162 |
+} |
163 |
+ |
164 |
+src_install() { |
165 |
+ # Python scripts are present in many places. There are no extension modules. |
166 |
+ installation-policycoreutils() { |
167 |
+ einfo "Installing policycoreutils" |
168 |
+ emake -C "${BUILD_DIR}" DESTDIR="${D}" \ |
169 |
+ AUDITH="$(usex audit)" \ |
170 |
+ PAMH="$(usex pam)" \ |
171 |
+ INOTIFYH="$(usex dbus)" \ |
172 |
+ SESANDBOX="n" \ |
173 |
+ AUDIT_LOG_PRIV="y" \ |
174 |
+ PYLIBVER="${EPYTHON}" \ |
175 |
+ LIBDIR="\$(PREFIX)/$(get_libdir)" \ |
176 |
+ install |
177 |
+ python_optimize |
178 |
+ } |
179 |
+ |
180 |
+ installation-extras() { |
181 |
+ einfo "Installing policycoreutils-extra" |
182 |
+ emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install |
183 |
+ python_optimize |
184 |
+ } |
185 |
+ |
186 |
+ S="${S1}" # policycoreutils |
187 |
+ python_foreach_impl installation-policycoreutils |
188 |
+ S="${S2}" # extras |
189 |
+ python_foreach_impl installation-extras |
190 |
+ S="${S1}" # back for later |
191 |
+ |
192 |
+ # remove redhat-style init script |
193 |
+ rm -fR "${D}/etc/rc.d" || die |
194 |
+ |
195 |
+ # compatibility symlinks |
196 |
+ dosym /sbin/setfiles /usr/sbin/setfiles |
197 |
+ bashcomp_alias setsebool getsebool |
198 |
+ |
199 |
+ # location for policy definitions |
200 |
+ dodir /var/lib/selinux |
201 |
+ keepdir /var/lib/selinux |
202 |
+ |
203 |
+ # Set version-specific scripts |
204 |
+ for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do |
205 |
+ python_replicate_script "${ED}/usr/bin/${pyscript}" |
206 |
+ done |
207 |
+ for pyscript in semanage rlpkg; do |
208 |
+ python_replicate_script "${ED}/usr/sbin/${pyscript}" |
209 |
+ done |
210 |
+ |
211 |
+ dodir /usr/share/doc/${PF}/mcstrans/examples |
212 |
+ cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples" || die |
213 |
+} |
214 |
+ |
215 |
+pkg_postinst() { |
216 |
+ for POLICY_TYPE in ${POLICY_TYPES} ; do |
217 |
+ # There have been some changes to the policy store, rebuilding now. |
218 |
+ # https://marc.info/?l=selinux&m=143757277819717&w=2 |
219 |
+ einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)." |
220 |
+ semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" |
221 |
+ done |
222 |
+} |