gentoo resync : 19.01.2018

2 files changed, 125 insertions, 0 deletions

diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index fe39dd1f268d..73aa861eead7 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -5,8 +5,10 @@ DIST patchbundle-selinux-base-policy-2.20170204-r4.tar.bz2 373731 BLAKE2B cb291e
 DIST patchbundle-selinux-base-policy-2.20170805-r2.tar.bz2 314854 BLAKE2B 483d04f364195eb8627153647118eb23812a610db63a40d50819b42c19fc20ffd0a36cd5c1959a764eab2109bd2e5317f74fd3a5cc1c7ddd17d8c85be05579a5 SHA512 1358db158945b82e0e41907e3919a6888564b4f15ad765f0fe2dc7bf284485c18d11c5502d598268e33b2163a6fa0be2a4029a8e9f774abfd4377031ee9afd32
 DIST patchbundle-selinux-base-policy-2.20170805-r3.tar.bz2 324834 BLAKE2B ecc3b0425987aa648b3dd52977a6e1fd987e605fe302c3b6d8742d3eac9a1c89697de1f97331e9863b132bb95814ae7577e161a024cdda297fb84458aa9417fd SHA512 62ec2e70397d06d464e95305a4c0699cc07063d879d986a74442955fb8076a00cbe4a4f7a3cda46876cbf2ad38189be06f0c05ce9698aadafa6e9f02a8daf668
 DIST patchbundle-selinux-base-policy-2.20170805-r4.tar.bz2 689641 BLAKE2B 1accfbecd4825a6cdb8c3c189c9e23898d1dbe8415d2fe26a842782dec634958f01861916a3c040740359562984718b61cee7af7d9395b125590931110e67eff SHA512 2067b090cd054e47d6496c9513d69a7a37a72de8dc873159a8055e27fe2380dc73006354d790c455ae893645f956c6be6d6ad2d30be7428ff8a442604a0c5400
+DIST patchbundle-selinux-base-policy-2.20180114-r1.tar.bz2 285245 BLAKE2B 32ff8fa3330aa1e17d6a2fc3c267e9c66d5f540fe4b7d1da8961cdc8e3c4a86e157db66e144c9cef13d52b85aa8a242e89ccf6e9c3ef455a7133bc448586d70f SHA512 5d5ce77b42e183d0b0241567bbe718622ab388cf9538193730c999da832f3ea7e4e9306f2b96cfbcfad01e6fcc834cf1d43b7b388a5a50242dd7f5ef3e252b42
 DIST refpolicy-2.20170204.tar.bz2 709965 BLAKE2B 7fb10d6054d74204f8c7d6d8ee88603f37b6600ed4a03e937a3a233ea7a80feef6ab90ba01af8d444fa79b266456260b14af3be0ad6a311baff6e3408af7d1ba SHA512 30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f
 DIST refpolicy-2.20170805.tar.bz2 740430 BLAKE2B 0597f51fceb5ca88b3506aa16cbd2d7f3df3a1d9c6afdf4cc5fc7eca25fa19c5810889f90ed1ee0abef401d41384558abb69f6638caf50341f71d075fa99e561 SHA512 dbb6809b028ae75296ad26d5997cc21d835c49555a0e37957cb39b36b144af6e817320073a29247448eba1876ab9e29d3956ff4456f1542b66ba38af459ec586
+DIST refpolicy-2.20180114.tar.bz2 743725 BLAKE2B f64fc08dd68033a1762e147a0f205d8d1b71853017cefe4252ca4ca67029d457f28d81a82ae4e78c01e6c2131e9329d0e5634afee12fb4b291685e7563d59107 SHA512 9acb15d1d84670b25d1fc310e048348f707aa22ea184828e677946817aeb6ee2c590233195ead13aa91c7096544d6d29dfb6e98297120ef9464fc6107ffc9ce7
 EBUILD selinux-base-policy-2.20170204-r1.ebuild 3786 BLAKE2B 1e38aca0b48fc0cba740cf038eb24b0473542387d9432abbc2a0068269185de547e6af8e83fd81d16f4e7e0998e67c621c4d82498c1bd632fea0dff7b85c097b SHA512 c9ad330b65b72d08a864877d563c5de522939a8a0a747641317b3cb70c8ba3c7c11a64d039011865fb4f012f9b00befffb2f7a729e1ba9965bac93b15e930bc5
 EBUILD selinux-base-policy-2.20170204-r2.ebuild 3784 BLAKE2B 13d9e90856016ad20813d25e6a1bad97d3342521fb8a934f543323edd12824b6867c99217d92afa0229891979fcc00ae967905f89a2db248d0e1c53f9d54c950 SHA512 8fe89ca7392cff717e83b358535eb68126562f6a94fc0f8d2d3d0d4a991dc7fa6c28cde728c4a1a9ab5f78608f9931c91660c505abd7685be0dd7e8007cb189c
 EBUILD selinux-base-policy-2.20170204-r3.ebuild 3784 BLAKE2B 13d9e90856016ad20813d25e6a1bad97d3342521fb8a934f543323edd12824b6867c99217d92afa0229891979fcc00ae967905f89a2db248d0e1c53f9d54c950 SHA512 8fe89ca7392cff717e83b358535eb68126562f6a94fc0f8d2d3d0d4a991dc7fa6c28cde728c4a1a9ab5f78608f9931c91660c505abd7685be0dd7e8007cb189c
@@ -14,5 +16,6 @@ EBUILD selinux-base-policy-2.20170204-r4.ebuild 3784 BLAKE2B 13d9e90856016ad2081
 EBUILD selinux-base-policy-2.20170805-r2.ebuild 3731 BLAKE2B b1125281be24405a79edfc239d8974ff09b704030f54cfe6c7e27e72d405e7a9154b2b0961d3aa2b3f7a46c4d3cf8499493b9611cd43be15744525febbe3b0d3 SHA512 acf60b729293958f5eccdd45214b5aace93ed86b926511c802da2f6da75ec60617e00adb980dcc9873b519811130378bbf4fb25de6256328b701043a5bebd3d0
 EBUILD selinux-base-policy-2.20170805-r3.ebuild 3656 BLAKE2B dcc7628e5aa698c5bec439756527717fa71df73d41322382c354bb8fdd17379b184d8dbb6cb5e861db7a0b3c44091cf26f16ea57b6c39924bac4d66b6a1f446f SHA512 0f5cb442bd49e60b4a80cec9f5d4ee73bfbf989d0318c651898c400c622a29db2ad66fbc4e5fc530544a8b8df8b0c4d2551dfe690ece6a806aa039a9e03836a4
 EBUILD selinux-base-policy-2.20170805-r4.ebuild 3658 BLAKE2B 7d3b8311b5eb17e0cad01d07366401db104aa3b7e1d7e621319514db5edec8c44187760eda6432f06dd97aca19c010725d125b30efb7526a85023d7833d1e63b SHA512 4484bca5ac53864f1ab88887e45cc708e31832a8022c75119127bbe3814f7c3073e8a1522b8026370a91b8b41f7821392603a3d99d9609e859240de1b3b33aeb
+EBUILD selinux-base-policy-2.20180114-r1.ebuild 3733 BLAKE2B 20357c6ec23f87c597ef1b1ba14ede43e4fe98da7340c9a7b86a20e8f2f5081a6a848f5e9dca0cf17fa83f86bfad16ce9d4726fea157467e571c5edf24c9a02b SHA512 3c15a3b70886aadfc419ef6ce15e124b0534b34553ac1eb6820e9859d319df5412729d6ba2f2b0f75f955aa9c757cb7ac531cf1af2902876ac3b1d939f3d560c
 EBUILD selinux-base-policy-9999.ebuild 3733 BLAKE2B 9bcd77ab3ccc6f7983975547571051e78d1a0092fb1f1785d6bdb541bfb1a25f206c693fe91bad068e8086192db3bcb5bfead8ace1f2583b6225a692c6506eb6 SHA512 4718bfed0759c58ad9a115beb90b8769973985d3ca6e0cdb8cb6ab4afc16da4aa7dde1fea3b4d06ba3c8de87a8e394a905db076444c54d15e0a7c4b37148e934
 MISC metadata.xml 534 BLAKE2B 1bb289204431150ae974c9fd677926faf72e75def3294b9df405a048e398ac3b6147de8483512487edaeea378e1dbd32df0675acb7fa50326c48382603c5dbfe SHA512 d8340bec9d0ec0feb396b17b53a6d53e3caa7ddd1efdc5e5de07baf86592ad0526d08fc08908295cf18a915eef1c7429c72970d56967162b2390eed6f28c822a
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r1.ebuild
new file mode 100644
index 000000000000..5dadfcb0904b
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+if [[ ${PV} == 9999* ]]; then
+	EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+	EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+	inherit git-r3
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
+			https://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
+	KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
+fi
+
+HOMEPAGE="https://www.gentoo.org/proj/en/hardened/selinux/"
+DESCRIPTION="SELinux policy for core modules"
+
+IUSE="systemd +unconfined"
+
+PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
+DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+
+MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+
+# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
+# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
+# added) needs to remain then.
+
+pkg_setup() {
+	if use systemd; then
+		MODS="${MODS} systemd"
+	fi
+}
+
+pkg_pretend() {
+	for i in ${POLICY_TYPES}; do
+		if [[ "${i}" == "targeted" ]] && ! use unconfined; then
+			die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
+		fi
+	done
+}
+
+src_prepare() {
+	local modfiles
+
+	if [[ ${PV} != 9999* ]]; then
+		einfo "Applying SELinux policy updates ... "
+		eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
+	fi
+
+	eapply_user
+
+	# Collect only those files needed for this particular module
+	for i in ${MODS}; do
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
+		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
+			|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
+
+		cp ${modfiles} "${S}"/${i} \
+			|| die "Failed to copy the module files to ${S}/${i}"
+	done
+}
+
+src_compile() {
+	for i in ${POLICY_TYPES}; do
+		emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	local BASEDIR="/usr/share/selinux"
+
+	for i in ${POLICY_TYPES}; do
+		for j in ${MODS}; do
+			einfo "Installing ${i} ${j} policy package"
+			insinto ${BASEDIR}/${i}
+			doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
+		done
+	done
+}
+
+pkg_postinst() {
+	# Override the command from the eclass, we need to load in base as well here
+	local COMMAND="-i base.pp"
+	if has_version "<sys-apps/policycoreutils-2.5"; then
+		COMMAND="-b base.pp"
+	fi
+
+	for i in ${MODS}; do
+		COMMAND="${COMMAND} -i ${i}.pp"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
+
+		cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
+
+		semodule -s ${i} ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
+	done
+
+	# Relabel depending packages
+	local PKGSET="";
+	if [[ -x /usr/bin/qdepends ]] ; then
+		PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+	elif [[ -x /usr/bin/equery ]] ; then
+		PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+	fi
+	if [[ -n "${PKGSET}" ]] ; then
+		rlpkg ${PKGSET};
+	fi
+}