gentoo resync : 17.02.2020

3 files changed, 161 insertions, 3 deletions

diff --git a/sec-policy/selinux-base/Manifest b/sec-policy/selinux-base/Manifest
index eecac315d704..6d6a4cdc7a1f 100644
--- a/sec-policy/selinux-base/Manifest
+++ b/sec-policy/selinux-base/Manifest
@@ -6,14 +6,17 @@ DIST patchbundle-selinux-base-policy-2.20180114-r3.tar.bz2 302345 BLAKE2B b175c5
 DIST patchbundle-selinux-base-policy-2.20180701-r1.tar.bz2 315378 BLAKE2B eeeb0b04c023c40289b6d964aefd1773d2b5d6912f1dffebf9509e6dcdbb39b17e722ee4483fb2b11193d4b987a85f90c7dc7e61cef3cf982fc2ba368d4900ef SHA512 a8b049120f1c420f9bfb55aba9ed0157ff7896ace402cd1b77b01d1ea52b67e49d915f1c00de83ff4d59b1cf8b8aa1f39b50ba312d842ed4850e75fcc7f5be42
 DIST patchbundle-selinux-base-policy-2.20180701-r2.tar.bz2 320881 BLAKE2B 12382c64ff8d2acef97ae50b0285061b7f018df0d94034670696b6f19003ee9c9c4f66c711e744696e47145857fcbd577a7762fa807921b40a5366e473901687 SHA512 29453f9deb90b7f982d5a6a3161d79a8171d58d20c0e0de523347d4f1296ad3d4ed970ada0823692e8def4f21756d727628bd919802ec2b1c39087ce5d0811b0
 DIST patchbundle-selinux-base-policy-2.20190201-r1.tar.bz2 426390 BLAKE2B 33e05e03e1e087f0bf460930f074108af5fa05688f7681ba3545530d21174be7d29e9035a7bc37e9acdbe3468680891f9865ad83188eb0f8fb9b9012252d6a1e SHA512 f2855a340f4ae7ba6c4cf0ec9445de7ca20f9fc0f11783992340ca2f073bbbf2d4999190f46f3910213dd1555e9578b3609284af6a7712b401053216c004ff7e
+DIST patchbundle-selinux-base-policy-2.20190609-r1.tar.bz2 407664 BLAKE2B e6b6b56f990389365c062522582e2177bc3b70040c99948efad25737e69178f9f72149cc443cb9edacfdd1aa6bc29f637cc61939f66e5cc3841f83298b33c41e SHA512 16195b51bb414ac82821f93756b3b5d0ec206b7035a50379c1f796082d9c53b11369e15086e1e26521808944266364470c43dcfdd1818ba079fda1613b7ef9bd
 DIST refpolicy-2.20180114.tar.bz2 743725 BLAKE2B f64fc08dd68033a1762e147a0f205d8d1b71853017cefe4252ca4ca67029d457f28d81a82ae4e78c01e6c2131e9329d0e5634afee12fb4b291685e7563d59107 SHA512 9acb15d1d84670b25d1fc310e048348f707aa22ea184828e677946817aeb6ee2c590233195ead13aa91c7096544d6d29dfb6e98297120ef9464fc6107ffc9ce7
 DIST refpolicy-2.20180701.tar.bz2 753050 BLAKE2B 7069a1b9b9bef25950e62bb50ac09f4a9d5ef6fd0acc667d321da396c3935939348534458df129f7bc81687dca240b4c4fc120d1f46d452665d335c9f023da8c SHA512 9dd5a1e10da5d25fea96cc25efb682f8ac866e835a1d940b161c1ce944cac9a90a5836b03c14311acad6bf9acd9a78003f36e050d35d8edb43606575523857b5
 DIST refpolicy-2.20190201.tar.bz2 552750 BLAKE2B d3cbdf5c5f8480cd36173d8cfbd2f55a6ad4a9f2176883dcc19eece6059114ca8700d07f8bd318d0430da253bb9e4e6a6e03f7a7db8a7964c95b00452aaab040 SHA512 c6568b679ad1a7c5c566b55291e86ce3784ee609c0091e5d465d41055724d950180780c7eedb3413351101b9182db51c7bce1816db1a9a17b3257861363efc6e
+DIST refpolicy-2.20190609.tar.bz2 555882 BLAKE2B abc45d9c906e0c880b7c47b0fb8e33f4a277c73244e20e8a95c44452db817241110127a5f8a3347cfbf5e30bf91f9dd4e5dd826426eb88b383fdbff5963f5fcd SHA512 f05ca08d31e62b7bf7203d7b243cce9ba87dd68d13b30067b99a44d5007449078fa82d591faa88c2955d370a346e69faedc850c02bd77c5624a8c746a13467f3
 EBUILD selinux-base-2.20180114-r1.ebuild 4121 BLAKE2B be67b8b4bd0d24c36634469ae2be72d570d531087329ae8936e03ec42ef45b02fe3bd4b125e4ce124a065e4b872c6e3d0d656f0ab0afea8faa0e7c6221b3cdd1 SHA512 7374ec82ae0bf20a5423a3804d4532d2ebc4ab0cde42e51822877d9a8b0dcab086499c01d7df4e7de5af15c36d0afab572837b8d98c78342b85d7a0de2eb879e
 EBUILD selinux-base-2.20180114-r2.ebuild 4121 BLAKE2B be67b8b4bd0d24c36634469ae2be72d570d531087329ae8936e03ec42ef45b02fe3bd4b125e4ce124a065e4b872c6e3d0d656f0ab0afea8faa0e7c6221b3cdd1 SHA512 7374ec82ae0bf20a5423a3804d4532d2ebc4ab0cde42e51822877d9a8b0dcab086499c01d7df4e7de5af15c36d0afab572837b8d98c78342b85d7a0de2eb879e
 EBUILD selinux-base-2.20180114-r3.ebuild 4123 BLAKE2B c2c01645221cad12c3f4249cb6f35df3c46ef4658e486802ecf5749e34fe8b5fe78da8341bf8ab65b4c85b41d63bb173d45474cc8a6c0d2dabfe0fa352738bbd SHA512 4d1a78896e92cbdb318600120132295c63f73ac560900b990c0612721781583a05c805b204bc5552d41dd587d426252dc2c57f3ca5e79431ffd10a92da5441ae
 EBUILD selinux-base-2.20180701-r1.ebuild 4129 BLAKE2B 272e1866b03954f2e3a86d6f059738f627a69fee4a9e31299c597bdf16b831f23923a365682377bab772f5091d2469d34a7076f944bf0148b7a3197271687864 SHA512 5f4cc117086fcc09c91ec1a1cdb61c8f6dbe7219c64382fc44274065879aea3932ddb9bbe91411c5bc2c03f025f6728e25b9a4957d38a7fbc2cf86206b81c72b
 EBUILD selinux-base-2.20180701-r2.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682
-EBUILD selinux-base-2.20190201-r1.ebuild 4131 BLAKE2B d5aa01b2cd9b4ca82b7cd50c3f31603b662f294e8b6ce4d665f1d824d77d1a2ac75d530ca056b369c09211c380dd0daf7c1b6f9f407feec2e07891b5b7acc745 SHA512 9ecdf845e201adf5c401236e6933da1d036b5c39810f984bbe7a12220863dc4ab2ac29603954eb2d4227f042a03c2e43377f1d7cd2cfde526cd7e491741e9682
+EBUILD selinux-base-2.20190201-r1.ebuild 4129 BLAKE2B 6a757ed06800b462aac3fdd0343732ee2fd88e45b6c0557187686bb18fb9f296e4159de52e77d440c1f2278e8945de456800918315a492e8d0679189c24877ad SHA512 eb9b30d65d98828c751c16c42f756a7f946a8b2b73e7cfdc0272409d59121a135678a593ad181756747b58db67a5096ac72c79bbe212a2a6c2ee587ae00998ac
+EBUILD selinux-base-2.20190609-r1.ebuild 4164 BLAKE2B 18880e11e2deb3ac150ffc09aa273ac2cc51da775c45f25ec8820a5439dbdd0e2b0c2e3acbed5c21c6d3b6246ebeaf56d78f0e1b8390e9e6f86b63afccc7a844 SHA512 1d3b09ab0b7ae019772d781ec632bb54fb67b691256a8d15eaa95eab21afe55f427b5897d2bdd6951bb84c1826f8d71a08d3567783fd800e15794f72eea782c3
 EBUILD selinux-base-9999.ebuild 4164 BLAKE2B e778e6f3924e97996d0dbfd1ff3ce4ce1ad006e6e82ca52562092f83349f1d8dee29b477c10e5256fcb1233ddebe10b19e4eca2e583f47d904caf63585e77e6e SHA512 28d2d7f5baf51c833ec008e92626a65fb3fa5e9b27f43875423497090859ee9e5afe45ac0ec9df6debbcc347aaf45097c1d368eff0f2e2325a8d6345d69345f7
 MISC metadata.xml 967 BLAKE2B 1d3313048964e8b84c6386c24682735ba255897021b5d9df9739a4852864e092c6c8a42c86b91962274c22764661ff5f4f8c0c34edfbf52abe6ae8583f15fcdd SHA512 fc513a530a30b8114a5b9c02862939a4cdd2e123f370292bdc0399b161afdf4843f53c2a15b4bd505d2111496fc6354a54c408c9022137086a33385e5fa99541
diff --git a/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild
index 16ee9f2b2abb..c172a8fdb9bd 100644
--- a/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild
+++ b/sec-policy/selinux-base/selinux-base-2.20190201-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -13,7 +13,7 @@ else
 	SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
 			https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
 
-	KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
+	KEYWORDS="amd64 -arm ~arm64 ~mips x86"
 fi
 
 IUSE="doc +open_perms +peer_perms systemd +ubac +unconfined"
diff --git a/sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild b/sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild
new file mode 100644
index 000000000000..bb95a29ae659
--- /dev/null
+++ b/sec-policy/selinux-base/selinux-base-2.20190609-r1.ebuild
@@ -0,0 +1,155 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+if [[ ${PV} == 9999* ]]; then
+	EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
+	EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
+
+	inherit git-r3
+else
+	SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
+			https://dev.gentoo.org/~perfinion/patches/selinux-base-policy/patchbundle-selinux-base-policy-${PVR}.tar.bz2"
+
+	KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
+fi
+
+IUSE="doc +unknown-perms systemd +ubac +unconfined"
+
+DESCRIPTION="Gentoo base policy for SELinux"
+HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
+LICENSE="GPL-2"
+SLOT="0"
+
+RDEPEND=">=sys-apps/policycoreutils-2.8
+	virtual/udev"
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	>=sys-apps/checkpolicy-2.8"
+
+S=${WORKDIR}/
+
+src_prepare() {
+	if [[ ${PV} != 9999* ]]; then
+		einfo "Applying SELinux policy updates ... "
+		eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
+	fi
+
+	eapply_user
+
+	cd "${S}/refpolicy" || die
+	emake bare
+}
+
+src_configure() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	# Update the SELinux refpolicy capabilities based on the users' USE flags.
+
+	if use unknown-perms; then
+		sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/build.conf" \
+			|| die "Failed to allow Unknown Permissions Handling"
+		sed -i -e '/^UNK_PERMS/s/deny/allow/' "${S}/refpolicy/Makefile" \
+			|| die "Failed to allow Unknown Permissions Handling"
+	fi
+
+	if ! use ubac; then
+		sed -i -e '/^UBAC/s/y/n/' "${S}/refpolicy/build.conf" \
+			|| die "Failed to disable User Based Access Control"
+	fi
+
+	if use systemd; then
+		sed -i -e '/^SYSTEMD/s/n/y/' "${S}/refpolicy/build.conf" \
+			|| die "Failed to enable SystemD"
+	fi
+
+	echo "DISTRO = gentoo" >> "${S}/refpolicy/build.conf" || die
+
+	# Prepare initial configuration
+	cd "${S}/refpolicy" || die
+	emake conf
+
+	# Setup the policies based on the types delivered by the end user.
+	# These types can be "targeted", "strict", "mcs" and "mls".
+	for i in ${POLICY_TYPES}; do
+		cp -a "${S}/refpolicy" "${S}/${i}" || die
+		cd "${S}/${i}" || die
+
+		#cp "${FILESDIR}/modules-2.20120215.conf" "${S}/${i}/policy/modules.conf"
+		sed -i -e "/= module/d" "${S}/${i}/policy/modules.conf" || die
+
+		sed -i -e '/^QUIET/s/n/y/' -e "/^NAME/s/refpolicy/$i/" \
+			"${S}/${i}/build.conf" || die "build.conf setup failed."
+
+		if [[ "${i}" == "mls" ]] || [[ "${i}" == "mcs" ]];
+		then
+			# MCS/MLS require additional settings
+			sed -i -e "/^TYPE/s/standard/${i}/" "${S}/${i}/build.conf" \
+				|| die "failed to set type to mls"
+		fi
+
+		if [ "${i}" == "targeted" ]; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-standard/seusers" \
+			|| die "targeted seusers setup failed."
+		fi
+
+		if [ "${i}" != "targeted" ] && [ "${i}" != "strict" ] && use unconfined; then
+			sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
+			"${S}/${i}/config/appconfig-${i}/seusers" \
+			|| die "policy seusers setup failed."
+		fi
+	done
+}
+
+src_compile() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}" || die
+		emake base
+		if use doc; then
+			emake html
+		fi
+	done
+}
+
+src_install() {
+	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="targeted strict mls mcs"
+
+	for i in ${POLICY_TYPES}; do
+		cd "${S}/${i}" || die
+
+		emake DESTDIR="${D}" install
+		emake DESTDIR="${D}" install-headers
+
+		echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type" || die
+
+		echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types" || die
+
+		# libsemanage won't make this on its own
+		keepdir "/etc/selinux/${i}/policy"
+
+		if use doc; then
+			docinto ${i}/html
+			dodoc -r doc/html/*;
+		fi
+
+		insinto /usr/share/selinux/devel;
+		doins doc/policy.xml;
+
+	done
+
+	docinto /
+	dodoc doc/Makefile.example doc/example.{te,fc,if}
+
+	doman man/man8/*.8;
+
+	insinto /etc/selinux
+	doins "${FILESDIR}/config"
+
+	insinto /usr/share/portage/config/sets
+	doins "${FILESDIR}/selinux.conf"
+}