| 1 |
swift 14/05/29 18:57:41 |
| 2 |
|
| 3 |
Modified: ChangeLog |
| 4 |
Added: selinux-base-policy-2.20140311-r3.ebuild |
| 5 |
Log: |
| 6 |
Bump to 2.20140311-r3 |
| 7 |
|
| 8 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2EDD52403B68AF47) |
| 9 |
|
| 10 |
Revision Changes Path |
| 11 |
1.143 sec-policy/selinux-base-policy/ChangeLog |
| 12 |
|
| 13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.143&view=markup |
| 14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.143&content-type=text/plain |
| 15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.142&r2=1.143 |
| 16 |
|
| 17 |
Index: ChangeLog |
| 18 |
=================================================================== |
| 19 |
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v |
| 20 |
retrieving revision 1.142 |
| 21 |
retrieving revision 1.143 |
| 22 |
diff -u -r1.142 -r1.143 |
| 23 |
--- ChangeLog 19 Apr 2014 15:51:42 -0000 1.142 |
| 24 |
+++ ChangeLog 29 May 2014 18:57:41 -0000 1.143 |
| 25 |
@@ -1,6 +1,12 @@ |
| 26 |
# ChangeLog for sec-policy/selinux-base-policy |
| 27 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
| 28 |
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.142 2014/04/19 15:51:42 swift Exp $ |
| 29 |
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.143 2014/05/29 18:57:41 swift Exp $ |
| 30 |
+ |
| 31 |
+*selinux-base-policy-2.20140311-r3 (29 May 2014) |
| 32 |
+ |
| 33 |
+ 29 May 2014; Sven Vermeulen <swift@g.o> |
| 34 |
+ +selinux-base-policy-2.20140311-r3.ebuild: |
| 35 |
+ Bump to 2.20140311-r3 |
| 36 |
|
| 37 |
19 Apr 2014; Sven Vermeulen <swift@g.o> |
| 38 |
selinux-base-policy-2.20140311-r1.ebuild: |
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
1.1 sec-policy/selinux-base-policy/selinux-base-policy-2.20140311-r3.ebuild |
| 43 |
|
| 44 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20140311-r3.ebuild?rev=1.1&view=markup |
| 45 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20140311-r3.ebuild?rev=1.1&content-type=text/plain |
| 46 |
|
| 47 |
Index: selinux-base-policy-2.20140311-r3.ebuild |
| 48 |
=================================================================== |
| 49 |
# Copyright 1999-2014 Gentoo Foundation |
| 50 |
# Distributed under the terms of the GNU General Public License v2 |
| 51 |
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20140311-r3.ebuild,v 1.1 2014/05/29 18:57:41 swift Exp $ |
| 52 |
EAPI="5" |
| 53 |
|
| 54 |
inherit eutils |
| 55 |
|
| 56 |
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/" |
| 57 |
DESCRIPTION="SELinux policy for core modules" |
| 58 |
|
| 59 |
IUSE="+unconfined" |
| 60 |
BASEPOL="2.20140311-r3" |
| 61 |
|
| 62 |
RDEPEND=">=sec-policy/selinux-base-${PVR}" |
| 63 |
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" |
| 64 |
DEPEND="" |
| 65 |
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2 |
| 66 |
http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${BASEPOL}.tar.bz2" |
| 67 |
KEYWORDS="~amd64 ~x86" |
| 68 |
|
| 69 |
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg" |
| 70 |
LICENSE="GPL-2" |
| 71 |
SLOT="0" |
| 72 |
S="${WORKDIR}/" |
| 73 |
PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2" |
| 74 |
|
| 75 |
# Code entirely copied from selinux-eclass (cannot inherit due to dependency on |
| 76 |
# itself), when reworked reinclude it. Only postinstall (where -b base.pp is |
| 77 |
# added) needs to remain then. |
| 78 |
|
| 79 |
pkg_pretend() { |
| 80 |
for i in ${POLICY_TYPES}; do |
| 81 |
if [[ "${i}" == "targeted" ]] && ! use unconfined; then |
| 82 |
die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." |
| 83 |
fi |
| 84 |
done |
| 85 |
} |
| 86 |
|
| 87 |
src_prepare() { |
| 88 |
local modfiles |
| 89 |
|
| 90 |
# Patch the sources with the base patchbundle |
| 91 |
if [[ -n ${BASEPOL} ]]; |
| 92 |
then |
| 93 |
cd "${S}" |
| 94 |
EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \ |
| 95 |
EPATCH_SUFFIX="patch" \ |
| 96 |
EPATCH_SOURCE="${WORKDIR}" \ |
| 97 |
EPATCH_FORCE="yes" \ |
| 98 |
epatch |
| 99 |
fi |
| 100 |
|
| 101 |
# Apply the additional patches refered to by the module ebuild. |
| 102 |
# But first some magic to differentiate between bash arrays and strings |
| 103 |
if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]]; |
| 104 |
then |
| 105 |
cd "${S}/refpolicy/policy/modules" |
| 106 |
for POLPATCH in "${POLICY_PATCH[@]}"; |
| 107 |
do |
| 108 |
epatch "${POLPATCH}" |
| 109 |
done |
| 110 |
else |
| 111 |
if [[ -n ${POLICY_PATCH} ]]; |
| 112 |
then |
| 113 |
cd "${S}/refpolicy/policy/modules" |
| 114 |
for POLPATCH in ${POLICY_PATCH}; |
| 115 |
do |
| 116 |
epatch "${POLPATCH}" |
| 117 |
done |
| 118 |
fi |
| 119 |
fi |
| 120 |
|
| 121 |
# Calling user patches |
| 122 |
epatch_user |
| 123 |
|
| 124 |
# Collect only those files needed for this particular module |
| 125 |
for i in ${MODS}; do |
| 126 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" |
| 127 |
modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" |
| 128 |
done |
| 129 |
|
| 130 |
for i in ${POLICY_TYPES}; do |
| 131 |
mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" |
| 132 |
cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ |
| 133 |
|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile" |
| 134 |
|
| 135 |
cp ${modfiles} "${S}"/${i} \ |
| 136 |
|| die "Failed to copy the module files to ${S}/${i}" |
| 137 |
done |
| 138 |
} |
| 139 |
|
| 140 |
src_compile() { |
| 141 |
for i in ${POLICY_TYPES}; do |
| 142 |
# Parallel builds are broken, so we need to force -j1 here |
| 143 |
emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed" |
| 144 |
done |
| 145 |
} |
| 146 |
|
| 147 |
src_install() { |
| 148 |
local BASEDIR="/usr/share/selinux" |
| 149 |
|
| 150 |
for i in ${POLICY_TYPES}; do |
| 151 |
for j in ${MODS}; do |
| 152 |
einfo "Installing ${i} ${j} policy package" |
| 153 |
insinto ${BASEDIR}/${i} |
| 154 |
doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" |
| 155 |
done |
| 156 |
done |
| 157 |
} |
| 158 |
|
| 159 |
pkg_postinst() { |
| 160 |
# Override the command from the eclass, we need to load in base as well here |
| 161 |
local COMMAND |
| 162 |
for i in ${MODS}; do |
| 163 |
COMMAND="-i ${i}.pp ${COMMAND}" |
| 164 |
done |
| 165 |
|
| 166 |
for i in ${POLICY_TYPES}; do |
| 167 |
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" |
| 168 |
|
| 169 |
cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" |
| 170 |
|
| 171 |
semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" |
| 172 |
done |
| 173 |
} |
Archives