diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
| commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
| tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /sys-libs/libsemanage | |
reinit the tree, so we can have metadata
Diffstat (limited to 'sys-libs/libsemanage')
| -rw-r--r-- | sys-libs/libsemanage/Manifest | 11 | ||||
| -rw-r--r-- | sys-libs/libsemanage/files/libsemanage-2.4-build-paths.patch | 35 | ||||
| -rw-r--r-- | sys-libs/libsemanage/files/libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch | 38 | ||||
| -rw-r--r-- | sys-libs/libsemanage/files/libsemanage-2.6-build-paths.patch | 35 | ||||
| -rw-r--r-- | sys-libs/libsemanage/libsemanage-2.6.ebuild | 134 | ||||
| -rw-r--r-- | sys-libs/libsemanage/libsemanage-2.7.ebuild | 137 | ||||
| -rw-r--r-- | sys-libs/libsemanage/libsemanage-9999.ebuild | 137 | ||||
| -rw-r--r-- | sys-libs/libsemanage/metadata.xml | 12 |
8 files changed, 539 insertions, 0 deletions
diff --git a/sys-libs/libsemanage/Manifest b/sys-libs/libsemanage/Manifest new file mode 100644 index 000000000000..6af7ddebcef9 --- /dev/null +++ b/sys-libs/libsemanage/Manifest @@ -0,0 +1,11 @@ +AUX libsemanage-2.4-build-paths.patch 1322 SHA256 2c0b7a433b450a1af1fe700be31b64add02694fb5b850dcee859a140320be697 SHA512 dc667b90503847702c80e456549c2d4f94b6e4aa56d0babcb15dfd16a8f0f77db6807858eb8ddd204af8856bdcff0e34fb23f77f88b37a02f74f823d97dafb61 WHIRLPOOL 8fc48dc15f123d5001b5ee96be8b86a9c28f55d682db4d4aa495ccd1c3edf5774b318fa93036024fb1bed7d10c7cfa52cbbf7c4ea70d854a177d487a3478212b +AUX libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch 1370 SHA256 4964db92ab8ad5289f3fe2c45af745564e565b922e0a32dcd9af11983bf51458 SHA512 08663502d489730b2bcc2ea2e1a15fc3cb0874dff4d2b9e650fc6b71f74d8e395a6787186ba1d138bfa99897ba44a9acbbe7b695e88e98591a8ea9f4bc3857c3 WHIRLPOOL f729306d3247fee8df47e9479029207025748dcff87e4743ac77ffc2db276f0bbbc2c08f236364d0c6d2fe92736cc0a5037466eb950f58069c4b94333eba5909 +AUX libsemanage-2.6-build-paths.patch 1325 SHA256 83429eb03458ca686f6a682a7d815b6726935cf2f8de27e9e43357a57c9a2065 SHA512 06fb96608f27169efde64bf679b8cc3e337857e4b6cf0743953f96be7df382e11ea0a20837d854c73dc5c216cee8f9723e23b17fa1a7844d3a4b7ef4ebe937d2 WHIRLPOOL 45fb38af7936b535f196cd9f028e89c80d5138cece7fb8e575c38c1043b961e9f6fc8c8f9378685b3cd12eab6c234d3dc80589f5b0aa99c76d26905f8b181583 +DIST libsemanage-2.6.tar.gz 155897 SHA256 4f81541047290b751f2ffb926fcd381c186f22db18d9fe671b0b4a6a54e8cfce SHA512 38741d6e6f7a2669bfeee362e42d6bfd720cceeaf61331e329b2210fdc070444e529656ce86dd82e94aa248eafcfaea4c5d013d9cce76c1039be6fc6a6b2c790 WHIRLPOOL 9fb781c637c4725dd48fa07898fd5db4b2f1e47264e80468e3c9b48fd8afc6bcb6494a44ccbfb0e48dec10dc5db461ab8e1941251d625854ebbebdbfdacb971c +DIST libsemanage-2.7.tar.gz 153465 SHA256 07e9477714ce6a4557a1fe924ea4cb06501b62d0fa0e3c0dc32a2cf47cb8d476 SHA512 6b30ea87f1ab3944935188539bbf869c8e287e05c174ea61cd19722a89cf8156518f336476e23b4117a5a05aec9a99a4db679b58a6952bf0c31ad809e9ab91d9 WHIRLPOOL b1acccb13b54cacd6d956d615a954c5aef4bd97ec225702ccd6818f7a4d64244f60f13c5b8cc02d4fd453e103b6e409919562406510fe2614c1fc6338c19ad67 +EBUILD libsemanage-2.6.ebuild 4890 SHA256 afad97143eaedb88b2cdd730770570e0e165e957a252d400448ff33b5c2c8dbc SHA512 c00a4c4ebe3b09458176bc65138b47491b528880bced8a3313cd30fdd65caca48042042d1bb909a6abd48f68e31a11cafba426bf70f308971ab063167a817d91 WHIRLPOOL b1a265e966ee4737b828cef7b9e9824bdce074b12d6392f5948b90501b2f8e95a08ef67a456302d4b221fc307c05feda4c05fdeae73c8fac5ac5e574b06dab9c +EBUILD libsemanage-2.7.ebuild 4754 SHA256 32bf136cade6890c9dbab36267ea0ba8811f1a6b63ef73936cff28658983b120 SHA512 845728f9434535df540cfea380cf73a15aa13318913a323b9a0575ea08d46680d9f0bc3d6236710c56de0ab36d146037c5600729bbca4d4462bc59298ba09d8d WHIRLPOOL f794bcc0675c8ba3dc7fc617607aae8af92bf0ad245b9bd3f1d57b50ce6c2f78dc45230e907107a0e97133bb8dd95d492c8c2f6efe281b92c024343d5b8166b5 +EBUILD libsemanage-9999.ebuild 4756 SHA256 840297e111e2bd1c6dd1635e79b64f9a63255fabb04847ed380802f6aed581c1 SHA512 e03ec8650939ce65fff76ace83fc7c8fa31263cd4a01d8feaca97553a6e8dd533a615a6df3a64967ed956f8ed1ff53396b8d5209236dc7b8747316b56998498b WHIRLPOOL 71a4136af89a9039e82c492f3e7af81d932fedec7c0c719ee3e68921a0e406fbad6a34b2bb49f0cca0134028e9799a59a9fa739991a5348e14c0b400e6f7d83d +MISC ChangeLog 6750 SHA256 7c693ec390e212643e6cc8117effd450417f5dca794b20f020c09d9ca6c02bd2 SHA512 031b1102c2f3820ea470702fe41996027604c6ca68edce9ebf0235c515dd21160e714c03fec2531cc8366d99212b7cd00e381696df186e4e63f9885aa796f714 WHIRLPOOL 6f560bfc07f6c17fe3854530ce3336deb7711ff18e76cf7a6cd500a792b05f4dee5b58b3ed8e9de6df7043081927e6a83cb39a53914e92d49df22ec30f0eae64 +MISC ChangeLog-2015 13938 SHA256 d7938bb036a37dc37a0d2654be04c655b30cf54cb8c4f019e4f6549ffe3179da SHA512 e006775684003b4a7bd9e77f9fdf173bc1402e3cf05aad684b2e31c1942e8d2a268e7ffa19164a94e04e07f7977c1fdefbaaabf021f4ea4e6e8e8e463f69be3c WHIRLPOOL e87415fff3ee0136db7905a45881fdeed6a46b5dbbbf487fc62adba321a99f747f4eb5c549feb8093ffa22bc8369a60e5370638674a4db2c0aa2a4c020cf4230 +MISC metadata.xml 406 SHA256 0209a41b2fe792b837de815e5e6b2a34fd06890b015a0cb578961d4c63b50381 SHA512 742aba47cdd9ad8f97fcb03a01cc2552c6e1d715f6b717c9dff2ae86ab34b850745888e4f2e3963ec2c258cf16a33cb161205f4ea72563446eada82f6c298479 WHIRLPOOL e00029ce45c8ffa5247ab3a4bcd7afc3f36e4d4a61038ec2075bba0e984cbe6a68a2ffe79a7aee9b3954bbabce5c985376889ce9187613f32bf898bb3300a59b diff --git a/sys-libs/libsemanage/files/libsemanage-2.4-build-paths.patch b/sys-libs/libsemanage/files/libsemanage-2.4-build-paths.patch new file mode 100644 index 000000000000..7eeb9befb318 --- /dev/null +++ b/sys-libs/libsemanage/files/libsemanage-2.4-build-paths.patch @@ -0,0 +1,35 @@ +there's no point in using -I/-L flags to the system paths and this breaks +cross-compiling. just drop them. + +--- a/src/Makefile ++++ b/src/Makefile +@@ -60,7 +60,7 @@ + SWIG_CFLAGS += -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow \ + -Wno-unused-parameter + +-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE ++override CFLAGS += -I../include -D_GNU_SOURCE + RANLIB=ranlib + + SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ +@@ -82,17 +82,17 @@ + $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< + + $(SWIGSO): $(SWIGLOBJ) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR) ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage + + $(SWIGRUBYSO): $(SWIGRUBYLOBJ) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR) ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage + + $(LIBA): $(OBJS) + $(AR) rcs $@ $^ + $(RANLIB) $@ + + $(LIBSO): $(LOBJS) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs + ln -sf $@ $(TARGET) + + $(LIBPC): $(LIBPC).in ../VERSION diff --git a/sys-libs/libsemanage/files/libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch b/sys-libs/libsemanage/files/libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch new file mode 100644 index 000000000000..e3123ed70fe0 --- /dev/null +++ b/sys-libs/libsemanage/files/libsemanage-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch @@ -0,0 +1,38 @@ +From 4cf9b9ce2df06fd5a29e5264a6552c9b02ec0b5b Mon Sep 17 00:00:00 2001 +From: Stephen Smalley <sds@tycho.nsa.gov> +Date: Fri, 14 Oct 2016 13:36:37 -0400 +Subject: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is + enabled + +When a non-MLS policy was used with genhomedircon context_from_record() +in sepol would report an error because an MLS level was present when MLS +is disabled. Based on a patch by Gary Tierney, amended to use +sepol_policydb_mls_enabled rather than semanage_mls_enabled because +we are testing the temporary working policy, not the active policy. + +Reported-by: Jason Zaman <jason@perfinion.com> +Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> +--- + libsemanage/src/genhomedircon.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c +index 6991fff..5e9d722 100644 +--- libsemanage/src/genhomedircon.c ++++ libsemanage/src/genhomedircon.c +@@ -638,7 +638,11 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out, + goto fail; + } + +- if (sepol_context_set_user(sepolh, context, user->sename) < 0 || ++ if (sepol_context_set_user(sepolh, context, user->sename) < 0) { ++ goto fail; ++ } ++ ++ if (sepol_policydb_mls_enabled(s->policydb) && + sepol_context_set_mls(sepolh, context, user->level) < 0) { + goto fail; + } +-- +2.7.3 + diff --git a/sys-libs/libsemanage/files/libsemanage-2.6-build-paths.patch b/sys-libs/libsemanage/files/libsemanage-2.6-build-paths.patch new file mode 100644 index 000000000000..86e5c7e9a6b7 --- /dev/null +++ b/sys-libs/libsemanage/files/libsemanage-2.6-build-paths.patch @@ -0,0 +1,35 @@ +there's no point in using -I/-L flags to the system paths and this breaks +cross-compiling. just drop them. + +--- a/src/Makefile ++++ b/src/Makefile +@@ -60,7 +60,7 @@ + SWIG_CFLAGS += -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow \ + -Wno-unused-parameter + +-override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE ++override CFLAGS += -I../include -D_GNU_SOURCE + RANLIB ?= ranlib + + SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ +@@ -82,17 +82,17 @@ + $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $< + + $(SWIGSO): $(SWIGLOBJ) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage -L$(LIBDIR) ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lsemanage + + $(SWIGRUBYSO): $(SWIGRUBYLOBJ) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage -L$(LIBDIR) ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lsemanage + + $(LIBA): $(OBJS) + $(AR) rcs $@ $^ + $(RANLIB) $@ + + $(LIBSO): $(LOBJS) +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs + ln -sf $@ $(TARGET) + + $(LIBPC): $(LIBPC).in ../VERSION diff --git a/sys-libs/libsemanage/libsemanage-2.6.ebuild b/sys-libs/libsemanage/libsemanage-2.6.ebuild new file mode 100644 index 000000000000..e027c1f35ac8 --- /dev/null +++ b/sys-libs/libsemanage/libsemanage-2.6.ebuild @@ -0,0 +1,134 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_4,3_5} ) + +inherit multilib python-r1 toolchain-funcs multilib-minimal + +MY_P="${P//_/-}" +MY_RELEASEDATE="20161014" + +SEPOL_VER="${PV}" +SELNX_VER="${PV}" + +DESCRIPTION="SELinux kernel and policy management library" +HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" + S="${WORKDIR}/${MY_P}/${PN}" +else + SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~mips x86" + S="${WORKDIR}/${MY_P}" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="python" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}] + >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}] + >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] + >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}] + python? ( ${PYTHON_DEPS} )" +DEPEND="${RDEPEND} + sys-devel/bison + sys-devel/flex + python? ( + >=dev-lang/swig-2.0.4-r1 + virtual/pkgconfig + )" + +# tests are not meant to be run outside of the +# full SELinux userland repo +RESTRICT="test" + +src_prepare() { + echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" + echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" + echo "# or debugging of policy." >> "${S}/src/semanage.conf" + echo "save-linked=false" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" + echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" + echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" + echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" + echo "# would catch." >> "${S}/src/semanage.conf" + echo "expand-check=1" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" + echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" + echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" + echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" + echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" + echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" + echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" + echo "bzip-small=true" >> "${S}/src/semanage.conf" + + eapply "${FILESDIR}"/${PN}-2.6-build-paths.patch + eapply "${FILESDIR}"/${PN}-2.6-0001-libsemanage-genhomedircon-only-set-MLS-level-if-MLS-.patch + + eapply_user + + multilib_copy_sources +} + +multilib_src_compile() { + emake \ + AR="$(tc-getAR)" \ + CC="$(tc-getCC)" \ + LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ + all + + if multilib_is_native_abi && use python; then + building_py() { + python_export PYTHON_INCLUDEDIR PYTHON_LIBPATH + emake CC="$(tc-getCC)" PYINC="-I${PYTHON_INCLUDEDIR}" PYTHONLBIDIR="${PYTHON_LIBPATH}" PYPREFIX="${EPYTHON##*/}" "$@" + } + python_foreach_impl building_py swigify + python_foreach_impl building_py pywrap + fi +} + +multilib_src_install() { + emake \ + LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" \ + DESTDIR="${ED}" install + + if multilib_is_native_abi && use python; then + installation_py() { + emake DESTDIR="${ED}" LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" install-pywrap + python_optimize # bug 531638 + } + python_foreach_impl installation_py + fi +} + +pkg_postinst() { + # Migrate the SELinux semanage configuration store if not done already + local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null) + if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${mcs}/active ] ; then + ewarn "Since the 2.4 SELinux userspace, the policy module store is moved" + ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now." + ewarn "If there are any issues, it can be done manually by running:" + ewarn "/usr/libexec/selinux/semanage_migrate_store" + ewarn "For more information, please see" + ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration" + fi + + # Run the store migration without rebuilds + for POLICY_TYPE in ${POLICY_TYPES} ; do + if [ ! -d "${EROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then + einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)." + /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}" + fi + done +} diff --git a/sys-libs/libsemanage/libsemanage-2.7.ebuild b/sys-libs/libsemanage/libsemanage-2.7.ebuild new file mode 100644 index 000000000000..0d8a7240a2a7 --- /dev/null +++ b/sys-libs/libsemanage/libsemanage-2.7.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_4,3_5} ) + +inherit multilib python-r1 toolchain-funcs multilib-minimal + +MY_P="${P//_/-}" +MY_RELEASEDATE="20170804" + +SEPOL_VER="${PV}" +SELNX_VER="${PV}" + +DESCRIPTION="SELinux kernel and policy management library" +HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" + S="${WORKDIR}/${MY_P}/${PN}" +else + SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz" + KEYWORDS="amd64 ~arm ~arm64 ~mips x86" + S="${WORKDIR}/${MY_P}" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="python" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}] + >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}] + >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] + >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}] + python? ( ${PYTHON_DEPS} )" +DEPEND="${RDEPEND} + sys-devel/bison + sys-devel/flex + python? ( + >=dev-lang/swig-2.0.4-r1 + virtual/pkgconfig + )" + +# tests are not meant to be run outside of the +# full SELinux userland repo +RESTRICT="test" + +src_prepare() { + echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" + echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" + echo "# or debugging of policy." >> "${S}/src/semanage.conf" + echo "save-linked=false" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" + echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" + echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" + echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" + echo "# would catch." >> "${S}/src/semanage.conf" + echo "expand-check=1" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" + echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" + echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" + echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" + echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" + echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" + echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" + echo "bzip-small=true" >> "${S}/src/semanage.conf" + + eapply_user + + multilib_copy_sources +} + +multilib_src_compile() { + emake \ + AR="$(tc-getAR)" \ + CC="$(tc-getCC)" \ + LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ + all + + if multilib_is_native_abi && use python; then + building_py() { + emake \ + AR="$(tc-getAR)" \ + CC="$(tc-getCC)" \ + LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ + "$@" + } + python_foreach_impl building_py swigify + python_foreach_impl building_py pywrap + fi +} + +multilib_src_install() { + emake \ + LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" \ + DESTDIR="${ED}" install + + if multilib_is_native_abi && use python; then + installation_py() { + emake DESTDIR="${ED}" \ + LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" \ + LIBSEPOLA="${EPREFIX%/}/usr/$(get_libdir)/libsepol.a" \ + install-pywrap + python_optimize # bug 531638 + } + python_foreach_impl installation_py + fi +} + +pkg_postinst() { + # Migrate the SELinux semanage configuration store if not done already + local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null) + if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${mcs}/active ] ; then + ewarn "Since the 2.4 SELinux userspace, the policy module store is moved" + ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now." + ewarn "If there are any issues, it can be done manually by running:" + ewarn "/usr/libexec/selinux/semanage_migrate_store" + ewarn "For more information, please see" + ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration" + fi + + # Run the store migration without rebuilds + for POLICY_TYPE in ${POLICY_TYPES} ; do + if [ ! -d "${EROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then + einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)." + /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}" + fi + done +} diff --git a/sys-libs/libsemanage/libsemanage-9999.ebuild b/sys-libs/libsemanage/libsemanage-9999.ebuild new file mode 100644 index 000000000000..5015c4e9fc9e --- /dev/null +++ b/sys-libs/libsemanage/libsemanage-9999.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" +PYTHON_COMPAT=( python{2_7,3_4,3_5} ) + +inherit multilib python-r1 toolchain-funcs multilib-minimal + +MY_P="${P//_/-}" +MY_RELEASEDATE="20170804" + +SEPOL_VER="${PV}" +SELNX_VER="${PV}" + +DESCRIPTION="SELinux kernel and policy management library" +HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git" + S="${WORKDIR}/${MY_P}/${PN}" +else + SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" + S="${WORKDIR}/${MY_P}" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="python" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND=">=sys-libs/libsepol-${SEPOL_VER}[${MULTILIB_USEDEP}] + >=sys-libs/libselinux-${SELNX_VER}[${MULTILIB_USEDEP}] + >=sys-process/audit-2.2.2[${MULTILIB_USEDEP}] + >=dev-libs/ustr-1.0.4-r2[${MULTILIB_USEDEP}] + python? ( ${PYTHON_DEPS} )" +DEPEND="${RDEPEND} + sys-devel/bison + sys-devel/flex + python? ( + >=dev-lang/swig-2.0.4-r1 + virtual/pkgconfig + )" + +# tests are not meant to be run outside of the +# full SELinux userland repo +RESTRICT="test" + +src_prepare() { + echo "# Set this to true to save the linked policy." >> "${S}/src/semanage.conf" + echo "# This is normally only useful for analysis" >> "${S}/src/semanage.conf" + echo "# or debugging of policy." >> "${S}/src/semanage.conf" + echo "save-linked=false" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Set this to 0 to disable assertion checking." >> "${S}/src/semanage.conf" + echo "# This should speed up building the kernel policy" >> "${S}/src/semanage.conf" + echo "# from policy modules, but may leave you open to" >> "${S}/src/semanage.conf" + echo "# dangerous rules which assertion checking" >> "${S}/src/semanage.conf" + echo "# would catch." >> "${S}/src/semanage.conf" + echo "expand-check=1" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Modules in the module store can be compressed" >> "${S}/src/semanage.conf" + echo "# with bzip2. Set this to the bzip2 blocksize" >> "${S}/src/semanage.conf" + echo "# 1-9 when compressing. The higher the number," >> "${S}/src/semanage.conf" + echo "# the more memory is traded off for disk space." >> "${S}/src/semanage.conf" + echo "# Set to 0 to disable bzip2 compression." >> "${S}/src/semanage.conf" + echo "bzip-blocksize=0" >> "${S}/src/semanage.conf" + echo >> "${S}/src/semanage.conf" + echo "# Reduce memory usage for bzip2 compression and" >> "${S}/src/semanage.conf" + echo "# decompression of modules in the module store." >> "${S}/src/semanage.conf" + echo "bzip-small=true" >> "${S}/src/semanage.conf" + + eapply_user + + multilib_copy_sources +} + +multilib_src_compile() { + emake \ + AR="$(tc-getAR)" \ + CC="$(tc-getCC)" \ + LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ + all + + if multilib_is_native_abi && use python; then + building_py() { + emake \ + AR="$(tc-getAR)" \ + CC="$(tc-getCC)" \ + LIBDIR="${EPREFIX}/usr/$(get_libdir)" \ + "$@" + } + python_foreach_impl building_py swigify + python_foreach_impl building_py pywrap + fi +} + +multilib_src_install() { + emake \ + LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" \ + DESTDIR="${ED}" install + + if multilib_is_native_abi && use python; then + installation_py() { + emake DESTDIR="${ED}" \ + LIBDIR="${ED}/usr/$(get_libdir)" \ + SHLIBDIR="${ED}/usr/$(get_libdir)" \ + LIBSEPOLA="${EPREFIX%/}/usr/$(get_libdir)/libsepol.a" \ + install-pywrap + python_optimize # bug 531638 + } + python_foreach_impl installation_py + fi +} + +pkg_postinst() { + # Migrate the SELinux semanage configuration store if not done already + local selinuxtype=$(awk -F'=' '/SELINUXTYPE=/ {print $2}' "${EROOT}"/etc/selinux/config 2>/dev/null) + if [ -n "${selinuxtype}" ] && [ ! -d "${EROOT}"/var/lib/selinux/${mcs}/active ] ; then + ewarn "Since the 2.4 SELinux userspace, the policy module store is moved" + ewarn "from /etc/selinux to /var/lib/selinux. The migration will be run now." + ewarn "If there are any issues, it can be done manually by running:" + ewarn "/usr/libexec/selinux/semanage_migrate_store" + ewarn "For more information, please see" + ewarn "- https://github.com/SELinuxProject/selinux/wiki/Policy-Store-Migration" + fi + + # Run the store migration without rebuilds + for POLICY_TYPE in ${POLICY_TYPES} ; do + if [ ! -d "${EROOT}/var/lib/selinux/${POLICY_TYPE}/active" ] ; then + einfo "Migrating store ${POLICY_TYPE} (without policy rebuild)." + /usr/libexec/selinux/semanage_migrate_store -n -s "${POLICY_TYPE}" || die "Failed to migrate store ${POLICY_TYPE}" + fi + done +} diff --git a/sys-libs/libsemanage/metadata.xml b/sys-libs/libsemanage/metadata.xml new file mode 100644 index 000000000000..d4dc9ab41f9f --- /dev/null +++ b/sys-libs/libsemanage/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>selinux@gentoo.org</email> + <name>SELinux Team</name> + </maintainer> + <longdescription>SELinux policy management libraries</longdescription> + <upstream> + <remote-id type="github">SELinuxProject/selinux</remote-id> + </upstream> +</pkgmetadata> |