Gentoo Archives: gentoo-dev

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] [RFC] Update on selinux-policy-2 eclass
Date: Wed, 03 Aug 2011 19:43:01
1 Although only applicable to SELinux users, I'd like to request some feedback
2 from more seasoned developers on this. The very short version of the
3 question:
5 On you can find an updated version of the
6 selinux-policy-2.eclass. Current eclass users will not see different results
7 with this version (although it will be a bit faster as it optimizes the
8 patching stuff), but the eclass is enhanced with additional features.
10 My question(s): does the eclass need additional clean-ups? Am I forgetting
11 some serious (or less serious) stuff? Also: is a name bump necessary (I
12 don't believe it is)?
14 Longer version now...
16 As described on the Gentoo Hardened mailinglist [1] the SELinux policy
17 eclass is seeing some updates. For the gory details on the technicalities I
18 refer to the message posted there.
20 [1]
22 This eclass is used by the sec-policy/selinux-* packages which offer the
23 SELinux policies for Gentoo. What the eclass basically does is to download
24 and extract the upstream reference policy [2], applies the Gentoo-managed
25 patches to it and then builds the SELinux policy module (as identified by
26 the MODS variable) for the right policy types.
28 [2]
30 Compared with the current selinux-policy-2.eclass, the following changes have
31 been applied (short version)
33 - Support for the BASEPOL version (reuse of patch bundle offered by
34 selinux-base-policy)
35 - Apply patches (once) before copying sources rather than applying multiple
36 times (up to 4) after copying the sources
37 - Add eclass documentation comments
38 - Support higher-level EAPIs
39 - Support bash-style arrays for POLICY_PATCH variable
40 - Quite a few minor fixes
42 I'd like to update the eclass (through a proxy developer) so that we can start
43 pushing out the SELinux policy module ebuilds based on upstream's 2.20110726
44 release (which will use the new functionality offered by the eclass to increase
45 manageability).
47 Does anyone see issues with the eclass implementation?
48 Are there people who feel that the eclass version should be bumped?
49 Are there opportunities that we should consider while updating the eclass?
51 With thanks to Anthony G. Basile (blueness) and Peter Volkov (pva) for
52 the initial reviews and comments.