diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /sys-apps/policycoreutils |
reinit the tree, so we can have metadata
Diffstat (limited to 'sys-apps/policycoreutils')
13 files changed, 837 insertions, 0 deletions
diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest new file mode 100644 index 000000000000..792c49fdc7ae --- /dev/null +++ b/sys-apps/policycoreutils/Manifest @@ -0,0 +1,18 @@ +AUX 0010-remove-sesandbox-support.patch 747 SHA256 af6969721dede49f4de4e1db8e98e8400a8f0e3ec0b55aee9295aea0d6ba3b9a SHA512 b7b54191d2b8703393dd23a7fcccbdc3e2b7234acd962e994c8549eebae6cae3b6f62055b47a2d5db94510739abfb2fa365090c452422b6fbc02ad625ebe4859 WHIRLPOOL 1ed396c3346123af9fc8a5e911a6c241e2b64d7424b2d5194b0cc7c6b44a960c70afde3d04a508ecf525af038a52c739bc424230db34fcb52096304b2cda2771 +AUX 0020-disable-autodetection-of-pam-and-audit.patch 3924 SHA256 5f322dcc8c24838ec30c1df3aa69876063989fd07389c60ef64802c6fe25e91e SHA512 0efcbe36fdaa369cb1837767e872189f9f18b58d738b38c304ef31c568e60d602cfb5f87328a3b1f209840e2ab102f2d0ee8c4e918b2866c0ca978f33252ad33 WHIRLPOOL 669a451f98f39607e6a5a235e67ab432e480327dfe8204c2fcbb7455f571da4a64e91d76926c34e7fc25cec393ed6fbabb33e46c00e4f7a30848f304ed96b61f +AUX 0030-make-inotify-check-use-flag-triggered.patch 650 SHA256 1cf0d985c865d9afe134e598c50b40420e4a48f4fde6e5d1916a880b8c393a75 SHA512 9ae10652ae14abd8930690363d41d9cacf0d0003ff21cf75dfc52a4ab7a4ab3d1fa9f1dc6994de9ae874483297478d79ee071dae766dfabf07ba70092bd11ba4 WHIRLPOOL ebf776adb8115db80418313ee8ad80f8d03b71358b1aa790ac690cd81b3646f0818da6bbf5d2f570c4be4150e6a2b475ff848622239f65e1479f29c9eb6a44f1 +AUX 0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch 519 SHA256 63d4952efdf1fa8510485900e17f3bcb356086dda9440e3f4dd9fbcad83ec027 SHA512 c49b440ca07003688e115ea792188f37e5456d8afde0ee3be7a49af8c51ca7089e85e64ad237fbdc3c34685a58022f695f00fe443face1052f8181829678a256 WHIRLPOOL 1a246957e0aebf5129117644eb202a123ae8e43cca19b961796cc3940253e92c479819911a681d2434f794693115843cf351f04f9610e46171bef7048b59a8d1 +AUX 0110-build-mcstrans-bug-472912.patch 2509 SHA256 c89ee8947ba7d04c7df30eef7fee91233188da90718c05a93c07112eb272dd8d SHA512 97a6c17e8232dc62dd5beaf101efa1e0462eedfb9fb4eff93d96171bbd866bd12b19ada1c512eef20ba732813e6f009276debbe5385ece373dd3bad1b7e61765 WHIRLPOOL fdb2509aab5e98ed11a942457711132e5888a25c0426bde59a84fb8bd8dc3f065f0e6daba77730e94a114c1e1431a1cee17a6ccf305946a5abed328f027c0bd1 +AUX 0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch 483 SHA256 572d141797d2a164b50b081fd6167f3acd93f62cc878c8859f731580243deb7d SHA512 a8a81158924aa527038696a98503144e50ed941ba1afbf52d26fc5bb9373c7ac6fd3f864070ff717c5b45ddba0470bc43b142f02da134559af8896c15084234f WHIRLPOOL 17836a74dcd4ce605891f6bd1eeeca61d6ed1534d3f6d3e1c65d1ddd7096460cbf75eac868d2c7ef112c85f745c2b1af7ca2abf02644351c3ebbfbbffc90a99b +AUX policycoreutils-2.7-0001-newrole-not-suid.patch 351 SHA256 5146c50018858ae42ec1be492db8aa5f9ca837df81871481240709e72bc3aafa SHA512 41c37a0711011ebdaafee01b357438ac3219b34b6c9e6ebe182c863d61c899e4819ae71bd9adf4b52bee37750c99b5b1cd40c6a92f119899bd227251d37ccd99 WHIRLPOOL 9a5496d01b53fc39c45153fc2adc658aee8bfb9074534f2ae31b61491227c606de51d335636b536d15d0f2963772fe3ba6e0c0c21ced38f2b673e217127ddb77 +AUX policycoreutils-2.7_rc1-0001-newrole-not-suid.patch 342 SHA256 a207960b6a3444dd6be69c63dee4b7cae5c9781a27ca2c3181356243a0ad8a58 SHA512 6d7296b8104d3968243d27a46b37c73155c2e37c2f842bdd8ce278a2c67891e00f08102b7baac8e57766e939213c854b9a6d860aa49470b4973880e0c77eb856 WHIRLPOOL d067a4ddd2603748bc010db6f503625fcd09e70a991716b2ae5a3fb0b37baca76b0ebec494e8ad319a5a6d17d9a47ee13878e8ccb4e717e3c109d07fcbe69ca7 +DIST policycoreutils-2.6.tar.gz 4660087 SHA256 68891b376f5048edc53c6ccb2fca44da3dc7f4563f4b6894e201d70c04a05a29 SHA512 ba289060bc348f9315bce84a5e5daf145600274289fdd2206edc10bb0ee03f9b02a9e40e9c118809961ddfe7844dee7d8952d8c9a239af7282f4fc1614c21e9d WHIRLPOOL c04a5f0f6bb044090e0d443f4497d828713fd32de4a0f5b5442e70e836da99e5e6e562a9deeedb566b07da1687c0a6b056c33b0bbe9836a71891fc6a449da60c +DIST policycoreutils-2.7.tar.gz 2796707 SHA256 0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4 SHA512 ce97d659f72058fd23d8dab8db98fc7c0003806a636c521fa15da465d7358d40ccc8e3eaa9675f00a9b0b8aaa1465d3fb650bc0ebbbf00164e121230673256fb WHIRLPOOL f2360ab5e83f1a9a0f9e63bf700a89c28b61d13f8101c9ea2b68e9f071ede23557a0a5bec9a077b96b42be063421018ab8b85c4443e3bc1021f0d251a62de301 +DIST policycoreutils-extra-1.35.tar.bz2 12124 SHA256 25983df35c0b98fb65423f109d71c02e4d6b86415452b7a7a6e92b5e4fa4a36e SHA512 8cc3c74afee7ec38d7d085744fdd60849d3ae97a75599d2181b12b5b472a6a4445868e8a6aff707e439c10d9c378fb55e329b4db21c0a771f41180bf3b9eabc1 WHIRLPOOL 863ca52e1897cbfb9252f1afe81fef497f27ede10c74e1150c07e9f355390eca0e64c9b0cc0a48e8a7442b310387b1e929b40e2b9c14a9a095850a00983cd5f6 +DIST policycoreutils-extra-1.36.tar.bz2 8830 SHA256 2dfbe799bbbf150e68fab7e168fd71b94505c992623f30c71873213447506e8f SHA512 c6a18e6fb2d65f51dc55b88907f23241f2fbfc033d3d2888b109596d9ed31d509b2c93456727ea4d1f98544831afb15c449ff72d6aedf93b9e474b27817f7fb3 WHIRLPOOL c9772dba472b9b466181204f5bd5fb13d839042c53c84db38999a8b077b0dee1e9e78089b7b5fe4bc4076a1ad1c420528354404b292abd428a73e6f95312d0c4 +EBUILD policycoreutils-2.6-r1.ebuild 5556 SHA256 4351a449551bccb6b379e0719ebd7703da433741490dd8b5f4c9de3d0e10b853 SHA512 657e73bbe5e5540f49ab1b1cceaae293c57a2c5abab67b24624d51549745e674b91ca35619da0ff71c51f31af91500d37784bae280b1d52e715b9eda6d9f9690 WHIRLPOOL 4be6d305b90a2f2754ac9de7c1a1153d293e098d049c179e2c516d9bbd637a2c020e590b4ea0f3a1333319bf64121bd40843553d595e7f6e618b425ed86177a1 +EBUILD policycoreutils-2.7.ebuild 4962 SHA256 894b22ac63ba9f5600a0f4bf18e9ac3fbfdb33d663cd5c3990270c8bbc1b3233 SHA512 e3ec9164a11c29bbd225887784b35bc54f306ee94d9fa80963158f218d2261c8d60a63583cbb96f4186863000294fa552a434bb438d0d1fb2754e8d074bb0c12 WHIRLPOOL a71810832fbc2667bb7fd84ee565ce9835af4369c6fb7a7393e756bdd3fbd180f93fde50d9279af6495b940db7246dcf52a8b7b7283bd4b6198482cd987a61fc +EBUILD policycoreutils-9999.ebuild 4969 SHA256 9b55417597828165a48bf0e690cb39330f632d76aa795ced6a546611270e6ee6 SHA512 6cc7dd5c825bd0c9cc63f14dc3000bbb9f7692f1fef6f9ce0f0e6fa09094846e9994f5fa8f39dea42bc52e38f0118239698e6971643ea5d539ca3a8436d763ad WHIRLPOOL d451dbfef9c95b432e81da8f294f94d3d9f6bfbf63b0833991e6ce9468e0f17891fd80866cb8f78aaab1ea1c1e41388baacd00730d09b1af28b96ff9247aefc8 +MISC ChangeLog 6931 SHA256 1b8fdfb862fa904b8e3ed6b1682d163d6d1235bc30bd44c960379f6a39703013 SHA512 5231762bf1d5e909111830c6f75d6b6aa4609d22053a746684885e032b8f6639aacc971b3c13f52254fe67ce059668da77e6a39107deff3388e6546abdc67ea6 WHIRLPOOL a7a8f56e76eb81854e85fb40258b7e569cf0bba25d659cdedeb7290b57169530cf3e7f0944441144c6797b7ec84406f82dcbe445d1ec6901e3bd4a2027019815 +MISC ChangeLog-2015 27068 SHA256 004588c7a9a83bad3e2c4f8b328c77a570e916332eda797fa504a84750373d22 SHA512 b26e0cf65b36ecd72f30f7ae4a467843434374d6c82fb3a8ca67d3a7294073f3aa78e7225052f20b9647266cff4207c95239528c128b5d13eba04e69b04c34af WHIRLPOOL a05d316fa06a95f73ee98c2f247b0cd715da322725ee2f3f09c1e82d12b0fca83cc1f17e362ad6cfb9080fe5fceccb56fab66057afde3b9a4a81554357b0394b +MISC metadata.xml 1117 SHA256 4b5df713eb05f5d1610a5de599ae97ba21335de28b889ea5128ab52d7819f925 SHA512 1f8703b31ced13b4e15311ecc9d4e03c085eb580e61394e8781744a9c33794e0f10144617415e69b703f5716ca5fd15ad6db14fe93a95c9b5d46c429542beac5 WHIRLPOOL 86f2ca768507b5d12de4d43348bd61f84ee1851beda15e6bc4e69906c31983ab7e4975b472ce041855960252fead92cbf5b8ee889e43b0e017dca77d30706a0c diff --git a/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch b/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch new file mode 100644 index 000000000000..52a34bd1f47b --- /dev/null +++ b/sys-apps/policycoreutils/files/0010-remove-sesandbox-support.patch @@ -0,0 +1,9 @@ +diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile +--- policycoreutils-2.4-rc2.orig/Makefile 2014-08-28 20:13:23.212622408 +0200 ++++ policycoreutils-2.4-rc2/Makefile 2014-08-28 20:14:24.136624808 +0200 +@@ -1,4 +1,4 @@ +-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll ++SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll + + INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) + diff --git a/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch b/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch new file mode 100644 index 000000000000..a3eeaed901d5 --- /dev/null +++ b/sys-apps/policycoreutils/files/0020-disable-autodetection-of-pam-and-audit.patch @@ -0,0 +1,108 @@ +diff -uNr policycoreutils-2.2.1.orig/newrole/Makefile policycoreutils-2.2.1/newrole/Makefile +--- policycoreutils-2.2.1.orig/newrole/Makefile 2013-11-04 21:37:27.197018032 +0100 ++++ policycoreutils-2.2.1/newrole/Makefile 2013-11-04 21:37:47.602018075 +0100 +@@ -4,8 +4,8 @@ + MANDIR ?= $(PREFIX)/share/man + ETCDIR ?= $(DESTDIR)/etc + LOCALEDIR = /usr/share/locale +-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) ++PAMH ?= no ++AUDITH ?= no + # Enable capabilities to permit newrole to generate audit records. + # This will make newrole a setuid root program. + # The capabilities used are: CAP_AUDIT_WRITE. +@@ -24,7 +24,7 @@ + EXTRA_OBJS = + override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" + LDLIBS += -lselinux -L$(PREFIX)/lib +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) ++ifeq ($(PAMH), yes) + override CFLAGS += -DUSE_PAM + EXTRA_OBJS += hashtab.o + LDLIBS += -lpam -lpam_misc +@@ -32,7 +32,7 @@ + override CFLAGS += -D_XOPEN_SOURCE=500 + LDLIBS += -lcrypt + endif +-ifeq ($(AUDITH), /usr/include/libaudit.h) ++ifeq ($(AUDITH), yes) + override CFLAGS += -DUSE_AUDIT + LDLIBS += -laudit + endif +@@ -49,7 +49,7 @@ + IS_SUID=y + endif + ifeq ($(IS_SUID),y) +- MODE := 4555 ++ MODE := 0555 + LDLIBS += -lcap-ng + else + MODE := 0555 +@@ -66,7 +66,7 @@ + test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 + install -m $(MODE) newrole $(BINDIR) + install -m 644 newrole.1 $(MANDIR)/man1/ +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) ++ifeq ($(PAMH), yes) + test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d + ifeq ($(LSPP_PRIV),y) + install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole +diff -uNr policycoreutils-2.2.1.orig/run_init/Makefile policycoreutils-2.2.1/run_init/Makefile +--- policycoreutils-2.2.1.orig/run_init/Makefile 2013-11-04 21:37:27.115018032 +0100 ++++ policycoreutils-2.2.1/run_init/Makefile 2013-11-04 21:37:47.603018075 +0100 +@@ -5,20 +5,20 @@ + MANDIR ?= $(PREFIX)/share/man + ETCDIR ?= $(DESTDIR)/etc + LOCALEDIR ?= /usr/share/locale +-PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null) +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) ++PAMH ?= no ++AUDITH ?= no + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" + LDLIBS += -lselinux -L$(PREFIX)/lib +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) ++ifeq ($(PAMH), yes) + override CFLAGS += -DUSE_PAM + LDLIBS += -lpam -lpam_misc + else + override CFLAGS += -D_XOPEN_SOURCE=500 + LDLIBS += -lcrypt + endif +-ifeq ($(AUDITH), /usr/include/libaudit.h) ++ifeq ($(AUDITH), yes) + override CFLAGS += -DUSE_AUDIT + LDLIBS += -laudit + endif +@@ -38,7 +38,7 @@ + install -m 755 open_init_pty $(SBINDIR) + install -m 644 run_init.8 $(MANDIR)/man8/ + install -m 644 open_init_pty.8 $(MANDIR)/man8/ +-ifeq ($(PAMH), /usr/include/security/pam_appl.h) ++ifeq ($(PAMH), yes) + install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init + endif + +diff -uNr policycoreutils-2.2.1.orig/setfiles/Makefile policycoreutils-2.2.1/setfiles/Makefile +--- policycoreutils-2.2.1.orig/setfiles/Makefile 2013-11-04 21:37:27.198018032 +0100 ++++ policycoreutils-2.2.1/setfiles/Makefile 2013-11-04 21:37:47.603018075 +0100 +@@ -3,7 +3,7 @@ + SBINDIR ?= $(DESTDIR)/sbin + MANDIR = $(PREFIX)/share/man + LIBDIR ?= $(PREFIX)/lib +-AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null) ++AUDITH ?= no + + PROGRESS_STEP=$(shell grep "^\#define STAR_COUNT" restore.h | awk -S '{ print $$3 }') + ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }') +@@ -12,7 +12,7 @@ + override CFLAGS += -I$(PREFIX)/include + LDLIBS = -lselinux -lsepol -L$(LIBDIR) + +-ifeq ($(AUDITH), /usr/include/libaudit.h) ++ifeq ($(AUDITH), yes) + override CFLAGS += -DUSE_AUDIT + LDLIBS += -laudit + endif diff --git a/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch b/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch new file mode 100644 index 000000000000..6a31e255a952 --- /dev/null +++ b/sys-apps/policycoreutils/files/0030-make-inotify-check-use-flag-triggered.patch @@ -0,0 +1,14 @@ +diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile +--- policycoreutils-2.4-rc2.orig/Makefile 2014-08-28 20:22:45.230644554 +0200 ++++ policycoreutils-2.4-rc2/Makefile 2014-08-28 20:27:08.642654934 +0200 +@@ -1,8 +1,8 @@ + SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll + +-INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) ++INOTIFYH ?= no + +-ifeq (${INOTIFYH}, /usr/include/sys/inotify.h) ++ifeq (${INOTIFYH}, yes) + SUBDIRS += restorecond + endif + diff --git a/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch b/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch new file mode 100644 index 000000000000..7d438983bb7e --- /dev/null +++ b/sys-apps/policycoreutils/files/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch @@ -0,0 +1,11 @@ +diff -uNr policycoreutils-2.2.1.orig/load_policy/Makefile policycoreutils-2.2.1/load_policy/Makefile +--- policycoreutils-2.2.1.orig/load_policy/Makefile 2013-11-04 21:41:28.289018546 +0100 ++++ policycoreutils-2.2.1/load_policy/Makefile 2013-11-04 21:43:31.118018808 +0100 +@@ -19,7 +19,6 @@ + test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 + install -m 644 load_policy.8 $(MANDIR)/man8/ + -mkdir -p $(USRSBINDIR) +- -ln -sf $(SBINDIR)/load_policy $(USRSBINDIR)/load_policy + + clean: + -rm -f $(TARGETS) *.o diff --git a/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch b/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch new file mode 100644 index 000000000000..68033c705cd5 --- /dev/null +++ b/sys-apps/policycoreutils/files/0110-build-mcstrans-bug-472912.patch @@ -0,0 +1,64 @@ +diff -uNr policycoreutils-2.4-rc2.orig/Makefile policycoreutils-2.4-rc2/Makefile +--- policycoreutils-2.4-rc2.orig/Makefile 2014-08-28 20:31:19.563664821 +0200 ++++ policycoreutils-2.4-rc2/Makefile 2014-08-28 20:32:25.900667435 +0200 +@@ -1,4 +1,4 @@ +-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll ++SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui hll mcstrans + + INOTIFYH ?= n + +diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile policycoreutils-2.4-rc2/mcstrans/src/Makefile +--- policycoreutils-2.4-rc2.orig/mcstrans/src/Makefile 2014-08-28 20:31:19.562664821 +0200 ++++ policycoreutils-2.4-rc2/mcstrans/src/Makefile 2014-08-28 20:33:39.345670329 +0200 +@@ -1,23 +1,10 @@ + ARCH = $(shell uname -i) +-ifeq "$(ARCH)" "x86_64" +- # In case of 64 bit system, use these lines +- LIBDIR=/usr/lib64 +-else +-ifeq "$(ARCH)" "i686" +- # In case of 32 bit system, use these lines +- LIBDIR=/usr/lib +-else +-ifeq "$(ARCH)" "i386" +- # In case of 32 bit system, use these lines +- LIBDIR=/usr/lib +-endif +-endif +-endif + # Installation directories. + PREFIX ?= $(DESTDIR)/usr + SBINDIR ?= $(DESTDIR)/sbin + INITDIR ?= $(DESTDIR)/etc/rc.d/init.d + SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd ++LIBDIR ?= $(PREFIX)/lib + + PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c + PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC)) +diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile policycoreutils-2.4-rc2/mcstrans/utils/Makefile +--- policycoreutils-2.4-rc2.orig/mcstrans/utils/Makefile 2014-08-28 20:31:19.556664821 +0200 ++++ policycoreutils-2.4-rc2/mcstrans/utils/Makefile 2014-08-28 20:34:14.145671701 +0200 +@@ -3,22 +3,7 @@ + BINDIR ?= $(PREFIX)/sbin + + ARCH = $(shell uname -i) +-ifeq "$(ARCH)" "x86_64" +- # In case of 64 bit system, use these lines +- LIBDIR=/usr/lib64 +-else +-ifeq "$(ARCH)" "i686" +- # In case of 32 bit system, use these lines +- LIBDIR=/usr/lib +-else +-ifeq "$(ARCH)" "i386" +- # In case of 32 bit system, use these lines +- LIBDIR=/usr/lib +-endif +-endif +-endif +- +- ++LIBDIR ?= $(PREFIX)/lib + CFLAGS ?= -Wall + override CFLAGS += -I../src -D_GNU_SOURCE + LDLIBS += -L../src ../src/mcstrans.o ../src/mls_level.o -lselinux -lpcre $(LIBDIR)/libsepol.a diff --git a/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch b/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch new file mode 100644 index 000000000000..cf50664264e1 --- /dev/null +++ b/sys-apps/policycoreutils/files/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch @@ -0,0 +1,11 @@ +diff -uNr policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c +--- policycoreutils-2.4-rc2.orig/mcstrans/src/mcscolor.c 2014-08-28 21:26:25.125795076 +0200 ++++ policycoreutils-2.4-rc2/mcstrans/src/mcscolor.c 2014-08-28 21:27:03.509796589 +0200 +@@ -11,6 +11,7 @@ + #include <syslog.h> + #include <selinux/selinux.h> + #include <selinux/context.h> ++#include <selinux/av_permissions.h> + #include "mcstrans.h" + + /* Define data structures */ diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch new file mode 100644 index 000000000000..6049bbe282af --- /dev/null +++ b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch @@ -0,0 +1,13 @@ +diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile +index bdefbb8..9cff135 100644 +--- policycoreutils/newrole/Makefile ++++ policycoreutils/newrole/Makefile +@@ -49,7 +49,7 @@ ifeq ($(NAMESPACE_PRIV),y) + IS_SUID=y + endif + ifeq ($(IS_SUID),y) +- MODE := 4555 ++ MODE := 0555 + override LDLIBS += -lcap-ng + else + MODE := 0555 diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch new file mode 100644 index 000000000000..d4aa531063ff --- /dev/null +++ b/sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch @@ -0,0 +1,13 @@ +diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile +index bdefbb8..9cff135 100644 +--- policycoreutils/newrole/Makefile ++++ policycoreutils/newrole/Makefile +@@ -49,7 +49,7 @@ ifeq ($(NAMESPACE_PRIV),y) + IS_SUID=y + endif + ifeq ($(IS_SUID),y) +- MODE := 4555 ++ MODE := 0555 + LDLIBS += -lcap-ng + else + MODE := 0555 diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml new file mode 100644 index 000000000000..16effc34b8ee --- /dev/null +++ b/sys-apps/policycoreutils/metadata.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>selinux@gentoo.org</email> + <name>SELinux Team</name> + </maintainer> + <longdescription> + Policycoreutils contains the policy core utilities that are required + for basic operation of a SELinux system. These utilities include + load_policy to load policies, setfiles to label filesystems, newrole + to switch roles, and run_init to run /etc/init.d scripts in the proper + context. + + Gentoo-specific tools include rlpkg for relabeling packages by name, + avc_toggle to toggle between enforcing and permissive modes, and + avc_enforcing to query the current mode of the system, enforcing or + permissive. + </longdescription> + <use> + <flag name="audit">Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:redhat:policycoreutils</remote-id> + <remote-id type="github">SELinuxProject/selinux</remote-id> + </upstream> +</pkgmetadata> diff --git a/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild new file mode 100644 index 000000000000..6a544ae2b9dd --- /dev/null +++ b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild @@ -0,0 +1,187 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_4,3_5} ) +PYTHON_REQ_USE="xml" + +inherit multilib python-r1 toolchain-funcs bash-completion-r1 + +MY_P="${P//_/-}" + +MY_RELEASEDATE="20161014" +EXTRAS_VER="1.35" +SEMNG_VER="${PV}" +SELNX_VER="${PV}" +SEPOL_VER="${PV}" + +IUSE="audit pam dbus" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +DESCRIPTION="SELinux core utilities" +HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" + SRC_URI="https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" + S1="${WORKDIR}/${MY_P}/${PN}" + S2="${WORKDIR}/policycoreutils-extra" + S="${S1}" +else + SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz + https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" + KEYWORDS="amd64 ~arm64 ~mips x86" + S1="${WORKDIR}/${MY_P}" + S2="${WORKDIR}/policycoreutils-extra" + S="${S1}" +fi + +LICENSE="GPL-2" +SLOT="0" + +DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}] + >=sys-libs/glibc-2.4 + >=sys-libs/libcap-1.10-r10:= + >=sys-libs/libsemanage-${SEMNG_VER}:=[python,${PYTHON_USEDEP}] + sys-libs/libcap-ng:= + >=sys-libs/libsepol-${SEPOL_VER}:= + >=app-admin/setools-4.0[${PYTHON_USEDEP}] + sys-devel/gettext + dev-python/ipy[${PYTHON_USEDEP}] + dbus? ( + sys-apps/dbus + dev-libs/dbus-glib:= + ) + audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] ) + pam? ( sys-libs/pam:= ) + ${PYTHON_DEPS} + !<sec-policy/selinux-base-policy-2.20151208-r6" +# 2.20151208-r6 and higher has support for new setfiles + +### libcgroup -> seunshare +### dbus -> restorecond + +# pax-utils for scanelf used by rlpkg +RDEPEND="${DEPEND} + dev-python/sepolgen[${PYTHON_USEDEP}] + app-misc/pax-utils + !<sys-apps/openrc-0.14" + +src_unpack() { + # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds + default + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + fi +} + +src_prepare() { + S="${S1}" + cd "${S}" || die "Failed to switch to ${S}" + if [[ ${PV} != 9999 ]] ; then + # If needed for live ebuilds please use /etc/portage/patches + eapply "${FILESDIR}/0010-remove-sesandbox-support.patch" + eapply "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch" + eapply "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch" + eapply "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch" + eapply "${FILESDIR}/0110-build-mcstrans-bug-472912.patch" + eapply "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch" + fi + + # rlpkg is more useful than fixfiles + sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ + || die "fixfiles sed 1 failed" + sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ + || die "fixfiles sed 2 failed" + + eapply_user + + sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror" + + python_copy_sources + # Our extra code is outside the regular directory, so set it to the extra + # directory. We really should optimize this as it is ugly, but the extra + # code is needed for Gentoo at the same time that policycoreutils is present + # (so we cannot use an additional package for now). + S="${S2}" + python_copy_sources +} + +src_compile() { + building() { + emake -C "${BUILD_DIR}" \ + AUDIT_LOG_PRIVS="y" \ + AUDITH="$(usex audit)" \ + PAMH="$(usex pam)" \ + INOTIFYH="$(usex dbus)" \ + SESANDBOX="n" \ + CC="$(tc-getCC)" \ + PYLIBVER="${EPYTHON}" \ + LIBDIR="\$(PREFIX)/$(get_libdir)" + } + S="${S1}" # Regular policycoreutils + python_foreach_impl building + S="${S2}" # Extra set + python_foreach_impl building +} + +src_install() { + # Python scripts are present in many places. There are no extension modules. + installation-policycoreutils() { + einfo "Installing policycoreutils" + emake -C "${BUILD_DIR}" DESTDIR="${D}" \ + AUDITH="$(usex audit)" \ + PAMH="$(usex pam)" \ + INOTIFYH="$(usex dbus)" \ + SESANDBOX="n" \ + AUDIT_LOG_PRIV="y" \ + PYLIBVER="${EPYTHON}" \ + LIBDIR="\$(PREFIX)/$(get_libdir)" \ + install + python_optimize + } + + installation-extras() { + einfo "Installing policycoreutils-extra" + emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install + python_optimize + } + + S="${S1}" # policycoreutils + python_foreach_impl installation-policycoreutils + S="${S2}" # extras + python_foreach_impl installation-extras + S="${S1}" # back for later + + # remove redhat-style init script + rm -fR "${D}/etc/rc.d" || die + + # compatibility symlinks + dosym /sbin/setfiles /usr/sbin/setfiles + bashcomp_alias setsebool getsebool + + # location for policy definitions + dodir /var/lib/selinux + keepdir /var/lib/selinux + + # Set version-specific scripts + for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do + python_replicate_script "${ED}/usr/bin/${pyscript}" + done + for pyscript in semanage rlpkg; do + python_replicate_script "${ED}/usr/sbin/${pyscript}" + done + + dodir /usr/share/doc/${PF}/mcstrans/examples + cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples" || die +} + +pkg_postinst() { + for POLICY_TYPE in ${POLICY_TYPES} ; do + # There have been some changes to the policy store, rebuilding now. + # https://marc.info/?l=selinux&m=143757277819717&w=2 + einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)." + semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" + done +} diff --git a/sys-apps/policycoreutils/policycoreutils-2.7.ebuild b/sys-apps/policycoreutils/policycoreutils-2.7.ebuild new file mode 100644 index 000000000000..2f74519d79bd --- /dev/null +++ b/sys-apps/policycoreutils/policycoreutils-2.7.ebuild @@ -0,0 +1,181 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_4,3_5} ) +PYTHON_REQ_USE="xml" + +inherit multilib python-r1 toolchain-funcs bash-completion-r1 + +MY_P="${P//_/-}" + +MY_RELEASEDATE="20170804" +EXTRAS_VER="1.36" +SEMNG_VER="${PV}" +SELNX_VER="${PV}" +SEPOL_VER="${PV}" + +IUSE="audit pam dbus" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +DESCRIPTION="SELinux core utilities" +HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" + SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" + S1="${WORKDIR}/${MY_P}/${PN}" + S2="${WORKDIR}/policycoreutils-extra" + S="${S1}" +else + SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz + https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" + KEYWORDS="amd64 ~arm64 ~mips x86" + S1="${WORKDIR}/${MY_P}" + S2="${WORKDIR}/policycoreutils-extra" + S="${S1}" +fi + +LICENSE="GPL-2" +SLOT="0" + +DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}] + >=sys-libs/glibc-2.4 + >=sys-libs/libcap-1.10-r10:= + >=sys-libs/libsemanage-${SEMNG_VER}:=[python,${PYTHON_USEDEP}] + sys-libs/libcap-ng:= + >=sys-libs/libsepol-${SEPOL_VER}:= + >=app-admin/setools-4.1.1[${PYTHON_USEDEP}] + sys-devel/gettext + dev-python/ipy[${PYTHON_USEDEP}] + dbus? ( + sys-apps/dbus + dev-libs/dbus-glib:= + ) + audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] ) + pam? ( sys-libs/pam:= ) + ${PYTHON_DEPS} + !<sec-policy/selinux-base-policy-2.20151208-r6" +# 2.20151208-r6 and higher has support for new setfiles + +### libcgroup -> seunshare +### dbus -> restorecond + +# pax-utils for scanelf used by rlpkg +RDEPEND="${DEPEND} + app-misc/pax-utils + !<sys-apps/openrc-0.14" + +PDEPEND="sys-apps/semodule-utils + sys-apps/selinux-python" + +src_unpack() { + # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds + default + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + fi +} + +src_prepare() { + S="${S1}" + cd "${S}" || die "Failed to switch to ${S}" + if [[ ${PV} != 9999 ]] ; then + # If needed for live ebuilds please use /etc/portage/patches + eapply "${FILESDIR}/policycoreutils-2.7-0001-newrole-not-suid.patch" + fi + + # rlpkg is more useful than fixfiles + sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ + || die "fixfiles sed 1 failed" + sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ + || die "fixfiles sed 2 failed" + + eapply_user + + sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror" + + python_copy_sources + # Our extra code is outside the regular directory, so set it to the extra + # directory. We really should optimize this as it is ugly, but the extra + # code is needed for Gentoo at the same time that policycoreutils is present + # (so we cannot use an additional package for now). + S="${S2}" + python_copy_sources +} + +src_compile() { + building() { + emake -C "${BUILD_DIR}" \ + AUDIT_LOG_PRIVS="y" \ + AUDITH="$(usex audit y n)" \ + PAMH="$(usex pam y n)" \ + INOTIFYH="$(usex dbus y n)" \ + SESANDBOX="n" \ + CC="$(tc-getCC)" \ + PYLIBVER="${EPYTHON}" \ + LIBDIR="\$(PREFIX)/$(get_libdir)" + } + S="${S1}" # Regular policycoreutils + python_foreach_impl building + S="${S2}" # Extra set + python_foreach_impl building +} + +src_install() { + # Python scripts are present in many places. There are no extension modules. + installation-policycoreutils() { + einfo "Installing policycoreutils" + emake -C "${BUILD_DIR}" DESTDIR="${D}" \ + AUDITH="$(usex audit y n)" \ + PAMH="$(usex pam y n)" \ + INOTIFYH="$(usex dbus y n)" \ + SESANDBOX="n" \ + AUDIT_LOG_PRIV="y" \ + LIBDIR="\$(PREFIX)/$(get_libdir)" \ + install + python_optimize + } + + installation-extras() { + einfo "Installing policycoreutils-extra" + emake -C "${BUILD_DIR}" \ + DESTDIR="${D}" \ + INOTIFYH="$(usex dbus)" \ + SHLIBDIR="${D}$(get_libdir)/rc" \ + install + python_optimize + } + + S="${S1}" # policycoreutils + python_foreach_impl installation-policycoreutils + S="${S2}" # extras + python_foreach_impl installation-extras + S="${S1}" # back for later + + # remove redhat-style init script + rm -fR "${D}/etc/rc.d" || die + + # compatibility symlinks + dosym /sbin/setfiles /usr/sbin/setfiles + bashcomp_alias setsebool getsebool + + # location for policy definitions + dodir /var/lib/selinux + keepdir /var/lib/selinux + + # Set version-specific scripts + for pyscript in rlpkg; do + python_replicate_script "${ED}/usr/sbin/${pyscript}" + done +} + +pkg_postinst() { + for POLICY_TYPE in ${POLICY_TYPES} ; do + # There have been some changes to the policy store, rebuilding now. + # https://marc.info/?l=selinux&m=143757277819717&w=2 + einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)." + semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" + done +} diff --git a/sys-apps/policycoreutils/policycoreutils-9999.ebuild b/sys-apps/policycoreutils/policycoreutils-9999.ebuild new file mode 100644 index 000000000000..9996621df2c0 --- /dev/null +++ b/sys-apps/policycoreutils/policycoreutils-9999.ebuild @@ -0,0 +1,181 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_4,3_5} ) +PYTHON_REQ_USE="xml" + +inherit multilib python-r1 toolchain-funcs bash-completion-r1 + +MY_P="${P//_/-}" + +MY_RELEASEDATE="20170804" +EXTRAS_VER="1.36" +SEMNG_VER="${PV}" +SELNX_VER="${PV}" +SEPOL_VER="${PV}" + +IUSE="audit pam dbus" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +DESCRIPTION="SELinux core utilities" +HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" + SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" + S1="${WORKDIR}/${MY_P}/${PN}" + S2="${WORKDIR}/policycoreutils-extra" + S="${S1}" +else + SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz + https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2" + KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" + S1="${WORKDIR}/${MY_P}" + S2="${WORKDIR}/policycoreutils-extra" + S="${S1}" +fi + +LICENSE="GPL-2" +SLOT="0" + +DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}] + >=sys-libs/glibc-2.4 + >=sys-libs/libcap-1.10-r10:= + >=sys-libs/libsemanage-${SEMNG_VER}:=[python,${PYTHON_USEDEP}] + sys-libs/libcap-ng:= + >=sys-libs/libsepol-${SEPOL_VER}:= + >=app-admin/setools-4.1.1[${PYTHON_USEDEP}] + sys-devel/gettext + dev-python/ipy[${PYTHON_USEDEP}] + dbus? ( + sys-apps/dbus + dev-libs/dbus-glib:= + ) + audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] ) + pam? ( sys-libs/pam:= ) + ${PYTHON_DEPS} + !<sec-policy/selinux-base-policy-2.20151208-r6" +# 2.20151208-r6 and higher has support for new setfiles + +### libcgroup -> seunshare +### dbus -> restorecond + +# pax-utils for scanelf used by rlpkg +RDEPEND="${DEPEND} + app-misc/pax-utils + !<sys-apps/openrc-0.14" + +PDEPEND="sys-apps/semodule-utils + sys-apps/selinux-python" + +src_unpack() { + # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds + default + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + fi +} + +src_prepare() { + S="${S1}" + cd "${S}" || die "Failed to switch to ${S}" + if [[ ${PV} != 9999 ]] ; then + # If needed for live ebuilds please use /etc/portage/patches + eapply "${FILESDIR}/policycoreutils-2.7-0001-newrole-not-suid.patch" + fi + + # rlpkg is more useful than fixfiles + sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ + || die "fixfiles sed 1 failed" + sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ + || die "fixfiles sed 2 failed" + + eapply_user + + sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror" + + python_copy_sources + # Our extra code is outside the regular directory, so set it to the extra + # directory. We really should optimize this as it is ugly, but the extra + # code is needed for Gentoo at the same time that policycoreutils is present + # (so we cannot use an additional package for now). + S="${S2}" + python_copy_sources +} + +src_compile() { + building() { + emake -C "${BUILD_DIR}" \ + AUDIT_LOG_PRIVS="y" \ + AUDITH="$(usex audit y n)" \ + PAMH="$(usex pam y n)" \ + INOTIFYH="$(usex dbus y n)" \ + SESANDBOX="n" \ + CC="$(tc-getCC)" \ + PYLIBVER="${EPYTHON}" \ + LIBDIR="\$(PREFIX)/$(get_libdir)" + } + S="${S1}" # Regular policycoreutils + python_foreach_impl building + S="${S2}" # Extra set + python_foreach_impl building +} + +src_install() { + # Python scripts are present in many places. There are no extension modules. + installation-policycoreutils() { + einfo "Installing policycoreutils" + emake -C "${BUILD_DIR}" DESTDIR="${D}" \ + AUDITH="$(usex audit y n)" \ + PAMH="$(usex pam y n)" \ + INOTIFYH="$(usex dbus y n)" \ + SESANDBOX="n" \ + AUDIT_LOG_PRIV="y" \ + LIBDIR="\$(PREFIX)/$(get_libdir)" \ + install + python_optimize + } + + installation-extras() { + einfo "Installing policycoreutils-extra" + emake -C "${BUILD_DIR}" \ + DESTDIR="${D}" \ + INOTIFYH="$(usex dbus)" \ + SHLIBDIR="${D}$(get_libdir)/rc" \ + install + python_optimize + } + + S="${S1}" # policycoreutils + python_foreach_impl installation-policycoreutils + S="${S2}" # extras + python_foreach_impl installation-extras + S="${S1}" # back for later + + # remove redhat-style init script + rm -fR "${D}/etc/rc.d" || die + + # compatibility symlinks + dosym /sbin/setfiles /usr/sbin/setfiles + bashcomp_alias setsebool getsebool + + # location for policy definitions + dodir /var/lib/selinux + keepdir /var/lib/selinux + + # Set version-specific scripts + for pyscript in rlpkg; do + python_replicate_script "${ED}/usr/sbin/${pyscript}" + done +} + +pkg_postinst() { + for POLICY_TYPE in ${POLICY_TYPES} ; do + # There have been some changes to the policy store, rebuilding now. + # https://marc.info/?l=selinux&m=143757277819717&w=2 + einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)." + semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" + done +} |