diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2022-09-04 04:20:30 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2022-09-04 04:20:30 +0100 |
| commit | 67717f5ed7e33856e34f632d5f17a5e218401c0a (patch) | |
| tree | 609008d60c8ff9be5d300757865570d31c29ac0d /sec-policy/selinux-base-policy | |
| parent | 71f9cc21aab4168093940b3d2e267444d712bff5 (diff) | |
gentoo auto-resync : 04:09:2022 - 04:20:30
Diffstat (limited to 'sec-policy/selinux-base-policy')
| -rw-r--r-- | sec-policy/selinux-base-policy/Manifest | 3 | ||||
| -rw-r--r-- | sec-policy/selinux-base-policy/selinux-base-policy-2.20220520-r1.ebuild | 141 |
2 files changed, 144 insertions, 0 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index 93cfdf67fbe5..e180d5f5f142 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,9 +1,12 @@ DIST patchbundle-selinux-base-policy-2.20220106-r1.tar.bz2 299683 BLAKE2B 9e48733878e2f809b8634a1e96a4b1bb2fc3e866e562a6ac9449da8d4af591cbe7de380384fabec50c7a7c67733253f82024ce62dee51fc73e35e0653626ff6c SHA512 314c639e08b15a94656e467e81857241b242020884c0e40272cfb422cccc35f2d4a5f067dc6ebdf8926335a65d737c233d1df75f69b356509e07fd60b46b07bf DIST patchbundle-selinux-base-policy-2.20220106-r2.tar.bz2 436316 BLAKE2B 07d6ba7a5fa8e8213e922bfd4c698b73c1cdf598ceaa5efe98be095b51aafa446af8ea7217dcc2bc001bfadaa250bfcc8b8dea3d9aa630384f8cdf139512170d SHA512 68a71d098ae09b034cb57f8e38c06b23a6584f5538b94a44fb1e48e48c718f2b37eb5e38931e55e8769481ebf0ed8c8642cfa85a45ac23a71be31cc35380fbad DIST patchbundle-selinux-base-policy-2.20220106-r3.tar.bz2 309416 BLAKE2B 89852cce079300edcb00da41cfe42ea5041507f7d0a2a9897a4bd14f3ac68edfcc40ef49320e5ab826b1abb7fe7fc7ca4268042bbc019b3c76a58b9e112601c3 SHA512 4e23ad5e83df6c3501f0ac0a7201786d9f00809bedef248ae3a4b6af994e0006aaf70151c29ca21bb1c9c8887cc5bfeb18389d4f8e3bd3861c61d2d95d3a4e75 +DIST patchbundle-selinux-base-policy-2.20220520-r1.tar.bz2 294472 BLAKE2B 12dbda1952bde3db32758470735327c9934f42128dd54513c5a5d082d41cc73e39f49567dafa6abca3fd9d7d036e3a032a26a572e3ba3871de451a78f3757057 SHA512 d75e66f484281d1987e9c6fbe18a483934af39f28f908cfd21c14ba72acbf2ce9afc3bb9211f83e17badbbfaeadbd5263845dc8535eb28bf3b6b56f89db62d43 DIST refpolicy-2.20220106.tar.bz2 560342 BLAKE2B bc0e65466333e02acb48adbb28b8176d3c8e508b2ff97d4f8a876d7c0a65534a62d86c9816ac59f6eed583f4b5c51cf432643edd2dad24dd51eb3cf22e2b75ac SHA512 794327d2dd07196b5f36771f9a961cdf294cf68f690735418d6bdd859499b7007c518cc022ccca9c245a5266b85bdb7cacdcaeefee14e4800937c9101476b373 +DIST refpolicy-2.20220520.tar.bz2 577155 BLAKE2B d4352009ef5eb8599feb4adbec0ecef7fd5c9617b820300ab5e95723ddc790dc9244628417c71097ea3f7fff47c1d47a6e4a39da539e6b662acfd9d7ea8cc190 SHA512 eeeca3817fd305f82f62a53ae9c5120775fdf6f6c57d5420584e225019cd66357f7da119e8ea8f21549631d14b1c8076e9ac81aa4907de6c6fa0d7fc827b67ff EBUILD selinux-base-policy-2.20220106-r1.ebuild 4195 BLAKE2B 60c82839d39e6edde5e5ee8447696e0397828c6758b1d16e1323f45c1ce2b3d0df933095a1740d905fdb8fcfcf580115cedb6e4d52fef0abee818ccb23cc1ae0 SHA512 9f723ef8959da2be0433bc79aaad6f0287b70605ef847198fec1636ad33bd1b2328d24cb5dfa2db40c6dbeff67ab1e1f19a00d36031c15f5ea2d8904deebc63e EBUILD selinux-base-policy-2.20220106-r2.ebuild 4195 BLAKE2B 60c82839d39e6edde5e5ee8447696e0397828c6758b1d16e1323f45c1ce2b3d0df933095a1740d905fdb8fcfcf580115cedb6e4d52fef0abee818ccb23cc1ae0 SHA512 9f723ef8959da2be0433bc79aaad6f0287b70605ef847198fec1636ad33bd1b2328d24cb5dfa2db40c6dbeff67ab1e1f19a00d36031c15f5ea2d8904deebc63e EBUILD selinux-base-policy-2.20220106-r3.ebuild 4195 BLAKE2B 60c82839d39e6edde5e5ee8447696e0397828c6758b1d16e1323f45c1ce2b3d0df933095a1740d905fdb8fcfcf580115cedb6e4d52fef0abee818ccb23cc1ae0 SHA512 9f723ef8959da2be0433bc79aaad6f0287b70605ef847198fec1636ad33bd1b2328d24cb5dfa2db40c6dbeff67ab1e1f19a00d36031c15f5ea2d8904deebc63e +EBUILD selinux-base-policy-2.20220520-r1.ebuild 4199 BLAKE2B 4a50c4bd60d4e9fde28d45bc3e9773e6644b2c470b1043de8cd03a050f92bc2f85d70157746e94977cc91967e563470e092622e2c6ce478b1f82b2b1bf33eb28 SHA512 608421fb0a4e82a85948d7f340afad637d02fef0b69521d1442b69f11d92f95caf0d258b2d138eb0687aedb4c443173656291b174accdea345e968c79cb263d7 EBUILD selinux-base-policy-9999.ebuild 4199 BLAKE2B 4a50c4bd60d4e9fde28d45bc3e9773e6644b2c470b1043de8cd03a050f92bc2f85d70157746e94977cc91967e563470e092622e2c6ce478b1f82b2b1bf33eb28 SHA512 608421fb0a4e82a85948d7f340afad637d02fef0b69521d1442b69f11d92f95caf0d258b2d138eb0687aedb4c443173656291b174accdea345e968c79cb263d7 MISC metadata.xml 535 BLAKE2B db3aa01f5f57a5d30b7a39721a569bd2efe77a87701fb4e5d4e64ead0d13b4055dc5224bb7c95bf261e623163a59c18da5500d8da77b3de07801dcb13a9d4077 SHA512 592e02632b459156a686aa752bdcd04c00b6de8029831e39c2bf7c2e9a5e7886d8ebf0a5d16cbe1f6878428ce4e266dc676bf80657d018d204304d1113af7fcf diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20220520-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20220520-r1.ebuild new file mode 100644 index 000000000000..c6f79d31df40 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20220520-r1.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" +RDEPEND="${DEPEND}" +BDEPEND=" + sys-apps/checkpolicy + sys-devel/m4" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" +DEL_MODS="hotplug" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${DEL_MODS}; do + [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp + done + done +} + +pkg_postinst() { + # Set root path and don't load policy into the kernel when cross compiling + local root_opts="" + if [[ "${ROOT}" != "" ]]; then + root_opts="-p ${ROOT} -n" + fi + + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "<sys-apps/policycoreutils-2.5"; then + COMMAND="-b base.pp" + fi + + for i in ${MODS}; do + COMMAND="${COMMAND} -i ${i}.pp" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd "${ROOT}/usr/share/selinux/${i}" + + semodule ${root_opts} -s ${i} ${COMMAND} + + for mod in ${DEL_MODS}; do + if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then + einfo "Removing obsolete ${i} ${mod} policy package" + semodule ${root_opts} -s ${i} -r ${mod} + fi + done + done + + # Don't relabel when cross compiling + if [[ "${ROOT}" == "" ]]; then + # Relabel depending packages + local PKGSET=""; + if [[ -x /usr/bin/qdepends ]] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [[ -x /usr/bin/equery ]] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [[ -n "${PKGSET}" ]] ; then + rlpkg ${PKGSET}; + fi + fi +} |