gentoo resync : 14.12.2020

4 files changed, 23 insertions, 152 deletions

diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 0d1b10d66e92..0161ce36673a 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -1,11 +1,8 @@
-DIST patchbundle-selinux-base-policy-2.20190201-r1.tar.bz2 426390 BLAKE2B 33e05e03e1e087f0bf460930f074108af5fa05688f7681ba3545530d21174be7d29e9035a7bc37e9acdbe3468680891f9865ad83188eb0f8fb9b9012252d6a1e SHA512 f2855a340f4ae7ba6c4cf0ec9445de7ca20f9fc0f11783992340ca2f073bbbf2d4999190f46f3910213dd1555e9578b3609284af6a7712b401053216c004ff7e
 DIST patchbundle-selinux-base-policy-2.20190609-r1.tar.bz2 407664 BLAKE2B e6b6b56f990389365c062522582e2177bc3b70040c99948efad25737e69178f9f72149cc443cb9edacfdd1aa6bc29f637cc61939f66e5cc3841f83298b33c41e SHA512 16195b51bb414ac82821f93756b3b5d0ec206b7035a50379c1f796082d9c53b11369e15086e1e26521808944266364470c43dcfdd1818ba079fda1613b7ef9bd
-DIST patchbundle-selinux-base-policy-2.20200818-r1.tar.bz2 278147 BLAKE2B 1e63517f15ed297c3cc1ed068db30ef60c0ebb11790abb89a80cde44da882b9381a8eccc66378576d84c106af7e9f7fd9e65b76b8e6f5134b34a2b517f5bb7f1 SHA512 d688e3f9d5dceb8a8747025adeddcfdd923e39757ab5ad7b92be00b544e47f0aa0c47aaf5a71eb4d3f616743d3291b8a8babdedfa238913371d58be3fccd4812
-DIST refpolicy-2.20190201.tar.bz2 552750 BLAKE2B d3cbdf5c5f8480cd36173d8cfbd2f55a6ad4a9f2176883dcc19eece6059114ca8700d07f8bd318d0430da253bb9e4e6a6e03f7a7db8a7964c95b00452aaab040 SHA512 c6568b679ad1a7c5c566b55291e86ce3784ee609c0091e5d465d41055724d950180780c7eedb3413351101b9182db51c7bce1816db1a9a17b3257861363efc6e
+DIST patchbundle-selinux-base-policy-2.20200818-r2.tar.bz2 433623 BLAKE2B f0655c45c50347faf1217e5861298dce822e4b726c0b4489d4c70c4815842f7c17ac1b0a302ae5482a3ad25d1d5b6c4c3b6395194e79005f31560d103ad0fce6 SHA512 9fd22683ecd602a429b2d489f7b8c2936409fa060046255b72a4b95c9fdefa2455ba7655945278dc972c22f3ade6617898ed169e22001aaaaded4b47ca51b0c3
 DIST refpolicy-2.20190609.tar.bz2 555882 BLAKE2B abc45d9c906e0c880b7c47b0fb8e33f4a277c73244e20e8a95c44452db817241110127a5f8a3347cfbf5e30bf91f9dd4e5dd826426eb88b383fdbff5963f5fcd SHA512 f05ca08d31e62b7bf7203d7b243cce9ba87dd68d13b30067b99a44d5007449078fa82d591faa88c2955d370a346e69faedc850c02bd77c5624a8c746a13467f3
 DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7
-EBUILD selinux-base-policy-2.20190201-r1.ebuild 3876 BLAKE2B 3fdf86914afa4ea4851b7a61011589e4f1fb2c20775ee260bdce26c3197ab9b1ad97c871a58c1ff7704f9ca23609def48f802167f1238773f9a2c4daab0e2b07 SHA512 03f531f3ce9d7646b9101a159cb96a091011a5a9215491ecc7fcadf7412814e30abb285de3939c7f0584232b540f61b9a1e3ebefbf228f5713da5de9ed9a553f
 EBUILD selinux-base-policy-2.20190609-r1.ebuild 3816 BLAKE2B a52fb08dc3d36042f251afe98c7894b955c3160890eb4eb84f0b69428a90b05d764b7b1ef12315cea44d5b00617b5747303872e906f67e68c28945cf48197d48 SHA512 cf062f6526826c9b7225ef3c8fe0a3b74da3905b35ba0a174328de422cfc383fbb6831dcbded65f876a956d66523bab39c89f5e23c7a5f80eebc5067ce72a550
-EBUILD selinux-base-policy-2.20200818-r1.ebuild 3818 BLAKE2B 78071157fd3f922bbd200d84027dfaefa39b66a0b294753027694183fec9adb45fa5faab31784432255cf12d767a01e2217a2e04950105e7a60d0a01d200f75f SHA512 a76925a23a78c805f3b21263dd80d3569deb10b82d8d86a67a617d83090984300447249bbf313999657bea180c58d833474b20b3e57c650abb4fd8365d9fde5a
-EBUILD selinux-base-policy-9999.ebuild 3818 BLAKE2B e5c0dbf7326cfb52fb95951c7ec7ad29a09c0604f2106198c63d182923157933590c97f70b993b77810e83d67dc667d8cf12d46450f3548629abfd3fe0a88d6b SHA512 ed99b8042b5b16247d4cd2bc02d8f3a6ee13a3fd1ca16d5500b6ba3df56d9d20d1cbd82add3e280c4cd4c27216ec794690af645e14ed6e0af0cf9a70aa983a95
+EBUILD selinux-base-policy-2.20200818-r2.ebuild 3853 BLAKE2B 2f2ea84e89392c4804f9b58091bbf507defbcd0c9b4fbfbfd90ef5e3210e623d7223477bb3321ed0f489ca555e2ace214db8d265d4f64b0d6140046bc2b85b2f SHA512 f97a595e9fce3c3d0e70502abcb62d602b0b67f91fe4400231aa9cf08edaad463203abe1a6505d1ca442d42232dac68520dfccd0f29a8b5f474c5977e251f99d
+EBUILD selinux-base-policy-9999.ebuild 3855 BLAKE2B a73f84895229a688ae90c06f08f281ddb0ca8d947024468ad485a7ee3f75dd58f4547a80f9c02f5bbd78442a33bfa5bf192aa94e20b0829db5675fa4bffbb7df SHA512 dbe686f2132878b7e85255f9ee8c296ca625b8d77be0ddc5018be4ef49c2240ebedbf789157c96a3c74f94afb24cf0304353c23dc3480c0d4e64793f39ddcc56
 MISC metadata.xml 534 BLAKE2B 1bb289204431150ae974c9fd677926faf72e75def3294b9df405a048e398ac3b6147de8483512487edaeea378e1dbd32df0675acb7fa50326c48382603c5dbfe SHA512 d8340bec9d0ec0feb396b17b53a6d53e3caa7ddd1efdc5e5de07baf86592ad0526d08fc08908295cf18a915eef1c7429c72970d56967162b2390eed6f28c822a
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20190201-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20190201-r1.ebuild
deleted file mode 100644
index 7f61ed4c2fc3..000000000000
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20190201-r1.ebuild
+++ /dev/null
@@ -1,132 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-if [[ ${PV} == 9999* ]]; then
-	EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
-	EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
-	EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
-
-	inherit git-r3
-else
-	SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
-			https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
-	KEYWORDS="amd64 -arm ~arm64 ~mips x86"
-fi
-
-HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
-DESCRIPTION="SELinux policy for core modules"
-
-IUSE="systemd +unconfined"
-
-PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
-DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
-RDEPEND="$DEPEND"
-
-MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
-LICENSE="GPL-2"
-SLOT="0"
-S="${WORKDIR}/"
-
-# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
-# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
-# added) needs to remain then.
-
-pkg_setup() {
-	if use systemd; then
-		MODS="${MODS} systemd"
-	fi
-}
-
-pkg_pretend() {
-	for i in ${POLICY_TYPES}; do
-		if [[ "${i}" == "targeted" ]] && ! use unconfined; then
-			die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
-		fi
-	done
-}
-
-src_prepare() {
-	local modfiles
-
-	if [[ ${PV} != 9999* ]]; then
-		einfo "Applying SELinux policy updates ... "
-		eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
-	fi
-
-	eapply_user
-
-	# Collect only those files needed for this particular module
-	for i in ${MODS}; do
-		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
-		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
-	done
-
-	for i in ${POLICY_TYPES}; do
-		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
-		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
-			|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
-
-		cp ${modfiles} "${S}"/${i} \
-			|| die "Failed to copy the module files to ${S}/${i}"
-	done
-}
-
-src_compile() {
-	for i in ${POLICY_TYPES}; do
-		emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i}
-	done
-}
-
-src_install() {
-	local BASEDIR="/usr/share/selinux"
-
-	for i in ${POLICY_TYPES}; do
-		for j in ${MODS}; do
-			einfo "Installing ${i} ${j} policy package"
-			insinto ${BASEDIR}/${i}
-			doins "${S}"/${i}/${j}.pp
-		done
-	done
-}
-
-pkg_postinst() {
-	# Set root path and don't load policy into the kernel when cross compiling
-	local root_opts=""
-	if [[ "${ROOT%/}" != "" ]]; then
-		root_opts="-p ${ROOT%/} -n"
-	fi
-
-	# Override the command from the eclass, we need to load in base as well here
-	local COMMAND="-i base.pp"
-	if has_version "<sys-apps/policycoreutils-2.5"; then
-		COMMAND="-b base.pp"
-	fi
-
-	for i in ${MODS}; do
-		COMMAND="${COMMAND} -i ${i}.pp"
-	done
-
-	for i in ${POLICY_TYPES}; do
-		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
-
-		cd "${ROOT%/}/usr/share/selinux/${i}"
-
-		semodule ${root_opts} -s ${i} ${COMMAND}
-	done
-
-	# Don't relabel when cross compiling
-	if [[ "${ROOT%/}" == "" ]]; then
-		# Relabel depending packages
-		local PKGSET="";
-		if [[ -x /usr/bin/qdepends ]] ; then
-			PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
-		elif [[ -x /usr/bin/equery ]] ; then
-			PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
-		fi
-		if [[ -n "${PKGSET}" ]] ; then
-			rlpkg ${PKGSET};
-		fi
-	fi
-}
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r2.ebuild
index 2cf75e0c5f40..33b6548c3a23 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r1.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r2.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="6"
+EAPI="7"
 
 if [[ ${PV} == 9999* ]]; then
 	EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
@@ -12,7 +12,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
 			https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
-	KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
+	KEYWORDS="amd64 -arm ~arm64 ~mips x86"
 fi
 
 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
@@ -23,6 +23,9 @@ IUSE="systemd +unconfined"
 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
 DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
 RDEPEND="$DEPEND"
+BDEPEND="
+	sys-apps/checkpolicy
+	sys-devel/m4"
 
 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
 LICENSE="GPL-2"
@@ -69,7 +72,7 @@ src_prepare() {
 
 src_compile() {
 	for i in ${POLICY_TYPES}; do
-		emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i}
+		emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
 	done
 }
 
@@ -88,8 +91,8 @@ src_install() {
 pkg_postinst() {
 	# Set root path and don't load policy into the kernel when cross compiling
 	local root_opts=""
-	if [[ "${ROOT%/}" != "" ]]; then
-		root_opts="-p ${ROOT%/} -n"
+	if [[ "${ROOT}" != "" ]]; then
+		root_opts="-p ${ROOT} -n"
 	fi
 
 	# Override the command from the eclass, we need to load in base as well here
@@ -105,13 +108,13 @@ pkg_postinst() {
 	for i in ${POLICY_TYPES}; do
 		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
 
-		cd "${ROOT%/}/usr/share/selinux/${i}"
+		cd "${ROOT}/usr/share/selinux/${i}"
 
 		semodule ${root_opts} -s ${i} ${COMMAND}
 	done
 
 	# Don't relabel when cross compiling
-	if [[ "${ROOT%/}" == "" ]]; then
+	if [[ "${ROOT}" == "" ]]; then
 		# Relabel depending packages
 		local PKGSET="";
 		if [[ -x /usr/bin/qdepends ]] ; then
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
index 17908940fcb0..5de9dfd5ff41 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="6"
+EAPI="7"
 
 if [[ ${PV} == 9999* ]]; then
 	EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
@@ -23,6 +23,9 @@ IUSE="systemd +unconfined"
 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
 DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
 RDEPEND="$DEPEND"
+BDEPEND="
+	sys-apps/checkpolicy
+	sys-devel/m4"
 
 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
 LICENSE="GPL-2"
@@ -69,7 +72,7 @@ src_prepare() {
 
 src_compile() {
 	for i in ${POLICY_TYPES}; do
-		emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i}
+		emake NAME=$i SHAREDIR="${ROOT}"/usr/share/selinux -C "${S}"/${i}
 	done
 }
 
@@ -88,8 +91,8 @@ src_install() {
 pkg_postinst() {
 	# Set root path and don't load policy into the kernel when cross compiling
 	local root_opts=""
-	if [[ "${ROOT%/}" != "" ]]; then
-		root_opts="-p ${ROOT%/} -n"
+	if [[ "${ROOT}" != "" ]]; then
+		root_opts="-p ${ROOT} -n"
 	fi
 
 	# Override the command from the eclass, we need to load in base as well here
@@ -105,13 +108,13 @@ pkg_postinst() {
 	for i in ${POLICY_TYPES}; do
 		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
 
-		cd "${ROOT%/}/usr/share/selinux/${i}"
+		cd "${ROOT}/usr/share/selinux/${i}"
 
 		semodule ${root_opts} -s ${i} ${COMMAND}
 	done
 
 	# Don't relabel when cross compiling
-	if [[ "${ROOT%/}" == "" ]]; then
+	if [[ "${ROOT}" == "" ]]; then
 		# Relabel depending packages
 		local PKGSET="";
 		if [[ -x /usr/bin/qdepends ]] ; then