gentoo resync : 20.03.2022

2 files changed, 144 insertions, 0 deletions

diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 2d1a06ac1778..73f2a2078bda 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -1,11 +1,14 @@
 DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
 DIST patchbundle-selinux-base-policy-2.20210203-r1.tar.bz2 298116 BLAKE2B 50c5523a8b758652af6aa59d548e9499b899898b58f52f74f1667a0c552f2b2d0ed5a44352e59245c7f0ebd199e2391400168d6ab27b4160d726fccded0c56f2 SHA512 ddb877ec3e2883f57e54e7380dd449d4d89a0769a1fb87141786e5de741ac21b2ead60362fd17c25888eb1334c68f71da561f4f29f406f0d4b5d13d378f6baff
 DIST patchbundle-selinux-base-policy-2.20210908-r1.tar.bz2 295091 BLAKE2B 649d9a1d9190aac4a42d460b0609175bb7e1a32624d7504ebfa294741ed5fc2eec286471af1b9128f4cdb9845240b37353a8e641e111b9e53250607c34257baf SHA512 5c9cbd97ece391a2ba0f3586bf19811a2425b9c94c9beafa781dd7b175d7572a46e31a46e8f8671a4b7e122186574f5098a247fee62e1be8afc89233d71effb9
+DIST patchbundle-selinux-base-policy-2.20220106-r1.tar.bz2 299683 BLAKE2B 9e48733878e2f809b8634a1e96a4b1bb2fc3e866e562a6ac9449da8d4af591cbe7de380384fabec50c7a7c67733253f82024ce62dee51fc73e35e0653626ff6c SHA512 314c639e08b15a94656e467e81857241b242020884c0e40272cfb422cccc35f2d4a5f067dc6ebdf8926335a65d737c233d1df75f69b356509e07fd60b46b07bf
 DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
 DIST refpolicy-2.20210203.tar.bz2 564099 BLAKE2B a94a11ebb78890ba2c98714be2fe9054fdb8ccaf5154f47b881a9575a4a6865e8df475805550d7bba8039b4230c6a0c9f5c6130bf8c35a26bc7c473d550fb40d SHA512 a6ffe718626dd6121023b4cbc424c933d44ca8b662bd708baad307cf6284be0d80fef40cdc8b37f6f17ecb3636fd8d6c1d5d4072c17d835b7f500e17a3acd9fc
 DIST refpolicy-2.20210908.tar.bz2 556375 BLAKE2B 12791eeed54204ef075b2d95a738c7d5007d48630d2a60d7e698bcb909dda0abcc15233811a91f4646415ab3daabe2cac46fbfbd04e61f71782e729c0209f99d SHA512 7b84330ca5dd631629302f342a11bf6211cf0711ff3f3273d63ddb072e84c8fe8bef48d511b264affc82090ee51036a09421f81878e10b0c047f572d7720de96
+DIST refpolicy-2.20220106.tar.bz2 560342 BLAKE2B bc0e65466333e02acb48adbb28b8176d3c8e508b2ff97d4f8a876d7c0a65534a62d86c9816ac59f6eed583f4b5c51cf432643edd2dad24dd51eb3cf22e2b75ac SHA512 794327d2dd07196b5f36771f9a961cdf294cf68f690735418d6bdd859499b7007c518cc022ccca9c245a5266b85bdb7cacdcaeefee14e4800937c9101476b373
 EBUILD selinux-base-policy-2.20200818-r2.ebuild 3858 BLAKE2B cc4fa5dfe2400aced0d9c9c979a96961051db58b2ad64ced1eb2c894681af47d03f08979170e6baa2183fb59fa6b9b58228f26d20ac1d516c757a2ad5becda88 SHA512 051673659fd4d140152853db2281fa18d5d8d8dc6acaca930d953dd7241b55f383b648e8aa3b95e4c833347bdbd51aa6ddd7091a75ae95bf84a2a3f5057eb808
 EBUILD selinux-base-policy-2.20210203-r1.ebuild 4195 BLAKE2B 60c82839d39e6edde5e5ee8447696e0397828c6758b1d16e1323f45c1ce2b3d0df933095a1740d905fdb8fcfcf580115cedb6e4d52fef0abee818ccb23cc1ae0 SHA512 9f723ef8959da2be0433bc79aaad6f0287b70605ef847198fec1636ad33bd1b2328d24cb5dfa2db40c6dbeff67ab1e1f19a00d36031c15f5ea2d8904deebc63e
 EBUILD selinux-base-policy-2.20210908-r1.ebuild 4195 BLAKE2B 60c82839d39e6edde5e5ee8447696e0397828c6758b1d16e1323f45c1ce2b3d0df933095a1740d905fdb8fcfcf580115cedb6e4d52fef0abee818ccb23cc1ae0 SHA512 9f723ef8959da2be0433bc79aaad6f0287b70605ef847198fec1636ad33bd1b2328d24cb5dfa2db40c6dbeff67ab1e1f19a00d36031c15f5ea2d8904deebc63e
+EBUILD selinux-base-policy-2.20220106-r1.ebuild 4199 BLAKE2B 4a50c4bd60d4e9fde28d45bc3e9773e6644b2c470b1043de8cd03a050f92bc2f85d70157746e94977cc91967e563470e092622e2c6ce478b1f82b2b1bf33eb28 SHA512 608421fb0a4e82a85948d7f340afad637d02fef0b69521d1442b69f11d92f95caf0d258b2d138eb0687aedb4c443173656291b174accdea345e968c79cb263d7
 EBUILD selinux-base-policy-9999.ebuild 4199 BLAKE2B 4a50c4bd60d4e9fde28d45bc3e9773e6644b2c470b1043de8cd03a050f92bc2f85d70157746e94977cc91967e563470e092622e2c6ce478b1f82b2b1bf33eb28 SHA512 608421fb0a4e82a85948d7f340afad637d02fef0b69521d1442b69f11d92f95caf0d258b2d138eb0687aedb4c443173656291b174accdea345e968c79cb263d7
 MISC metadata.xml 535 BLAKE2B db3aa01f5f57a5d30b7a39721a569bd2efe77a87701fb4e5d4e64ead0d13b4055dc5224bb7c95bf261e623163a59c18da5500d8da77b3de07801dcb13a9d4077 SHA512 592e02632b459156a686aa752bdcd04c00b6de8029831e39c2bf7c2e9a5e7886d8ebf0a5d16cbe1f6878428ce4e266dc676bf80657d018d204304d1113af7fcf
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20220106-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20220106-r1.ebuild
new file mode 100644
index 000000000000..c6f79d31df40
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20220106-r1.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+if [[ ${PV} == 9999* ]]; then
+	EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+	EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+	inherit git-r3
+else
+	SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
+			https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
+	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86"
+fi
+
+HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
+DESCRIPTION="SELinux policy for core modules"
+
+IUSE="systemd +unconfined"
+
+PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
+DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+RDEPEND="${DEPEND}"
+BDEPEND="
+	sys-apps/checkpolicy
+	sys-devel/m4"
+
+MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
+DEL_MODS="hotplug"
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+
+# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
+# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
+# added) needs to remain then.
+
+pkg_pretend() {
+	for i in ${POLICY_TYPES}; do
+		if [[ "${i}" == "targeted" ]] && ! use unconfined; then
+			die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
+		fi
+	done
+}
+
+src_prepare() {
+	local modfiles
+
+	if [[ ${PV} != 9999* ]]; then
+		einfo "Applying SELinux policy updates ... "
+		eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
+	fi
+
+	eapply_user
+
+	# Collect only those files needed for this particular module
+	for i in ${MODS}; do
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+	done
+
+	for i in ${DEL_MODS}; do
+		[[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
+		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
+			|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
+
+		cp ${modfiles} "${S}"/${i} \
+			|| die "Failed to copy the module files to ${S}/${i}"
+	done
+}
+
+src_compile() {
+	for i in ${POLICY_TYPES}; do
+		emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i}
+	done
+}
+
+src_install() {
+	local BASEDIR="/usr/share/selinux"
+
+	for i in ${POLICY_TYPES}; do
+		for j in ${MODS}; do
+			einfo "Installing ${i} ${j} policy package"
+			insinto ${BASEDIR}/${i}
+			doins "${S}"/${i}/${j}.pp
+		done
+	done
+}
+
+pkg_postinst() {
+	# Set root path and don't load policy into the kernel when cross compiling
+	local root_opts=""
+	if [[ "${ROOT}" != "" ]]; then
+		root_opts="-p ${ROOT} -n"
+	fi
+
+	# Override the command from the eclass, we need to load in base as well here
+	local COMMAND="-i base.pp"
+	if has_version "<sys-apps/policycoreutils-2.5"; then
+		COMMAND="-b base.pp"
+	fi
+
+	for i in ${MODS}; do
+		COMMAND="${COMMAND} -i ${i}.pp"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
+
+		cd "${ROOT}/usr/share/selinux/${i}"
+
+		semodule ${root_opts} -s ${i} ${COMMAND}
+
+		for mod in ${DEL_MODS}; do
+			if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
+				einfo "Removing obsolete ${i} ${mod} policy package"
+				semodule ${root_opts} -s ${i} -r ${mod}
+			fi
+		done
+	done
+
+	# Don't relabel when cross compiling
+	if [[ "${ROOT}" == "" ]]; then
+		# Relabel depending packages
+		local PKGSET="";
+		if [[ -x /usr/bin/qdepends ]] ; then
+			PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+		elif [[ -x /usr/bin/equery ]] ; then
+			PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+		fi
+		if [[ -n "${PKGSET}" ]] ; then
+			rlpkg ${PKGSET};
+		fi
+	fi
+}