| 1 |
Although only applicable to SELinux users, I'd like to request some feedback |
| 2 |
from more seasoned developers on this. The very short version of the |
| 3 |
question: |
| 4 |
|
| 5 |
On http://bit.ly/oJdMVz you can find an updated version of the |
| 6 |
selinux-policy-2.eclass. Current eclass users will not see different results |
| 7 |
with this version (although it will be a bit faster as it optimizes the |
| 8 |
patching stuff), but the eclass is enhanced with additional features. |
| 9 |
|
| 10 |
My question(s): does the eclass need additional clean-ups? Am I forgetting |
| 11 |
some serious (or less serious) stuff? Also: is a name bump necessary (I |
| 12 |
don't believe it is)? |
| 13 |
|
| 14 |
Longer version now... |
| 15 |
|
| 16 |
As described on the Gentoo Hardened mailinglist [1] the SELinux policy |
| 17 |
eclass is seeing some updates. For the gory details on the technicalities I |
| 18 |
refer to the message posted there. |
| 19 |
|
| 20 |
[1] http://archives.gentoo.org/gentoo-hardened/msg_3316fc595a6d33c178d0d61ef6acdad0.xml |
| 21 |
|
| 22 |
This eclass is used by the sec-policy/selinux-* packages which offer the |
| 23 |
SELinux policies for Gentoo. What the eclass basically does is to download |
| 24 |
and extract the upstream reference policy [2], applies the Gentoo-managed |
| 25 |
patches to it and then builds the SELinux policy module (as identified by |
| 26 |
the MODS variable) for the right policy types. |
| 27 |
|
| 28 |
[2] http://oss.tresys.com/projects/refpolicy |
| 29 |
|
| 30 |
Compared with the current selinux-policy-2.eclass, the following changes have |
| 31 |
been applied (short version) |
| 32 |
|
| 33 |
- Support for the BASEPOL version (reuse of patch bundle offered by |
| 34 |
selinux-base-policy) |
| 35 |
- Apply patches (once) before copying sources rather than applying multiple |
| 36 |
times (up to 4) after copying the sources |
| 37 |
- Add eclass documentation comments |
| 38 |
- Support higher-level EAPIs |
| 39 |
- Support bash-style arrays for POLICY_PATCH variable |
| 40 |
- Quite a few minor fixes |
| 41 |
|
| 42 |
I'd like to update the eclass (through a proxy developer) so that we can start |
| 43 |
pushing out the SELinux policy module ebuilds based on upstream's 2.20110726 |
| 44 |
release (which will use the new functionality offered by the eclass to increase |
| 45 |
manageability). |
| 46 |
|
| 47 |
Does anyone see issues with the eclass implementation? |
| 48 |
Are there people who feel that the eclass version should be bumped? |
| 49 |
Are there opportunities that we should consider while updating the eclass? |
| 50 |
|
| 51 |
With thanks to Anthony G. Basile (blueness) and Peter Volkov (pva) for |
| 52 |
the initial reviews and comments. |
Archives