diff options
Diffstat (limited to 'sec-policy/selinux-base-policy')
3 files changed, 131 insertions, 2 deletions
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest index bb934ada255f..0d1b10d66e92 100644 --- a/sec-policy/selinux-base-policy/Manifest +++ b/sec-policy/selinux-base-policy/Manifest @@ -1,8 +1,11 @@ DIST patchbundle-selinux-base-policy-2.20190201-r1.tar.bz2 426390 BLAKE2B 33e05e03e1e087f0bf460930f074108af5fa05688f7681ba3545530d21174be7d29e9035a7bc37e9acdbe3468680891f9865ad83188eb0f8fb9b9012252d6a1e SHA512 f2855a340f4ae7ba6c4cf0ec9445de7ca20f9fc0f11783992340ca2f073bbbf2d4999190f46f3910213dd1555e9578b3609284af6a7712b401053216c004ff7e DIST patchbundle-selinux-base-policy-2.20190609-r1.tar.bz2 407664 BLAKE2B e6b6b56f990389365c062522582e2177bc3b70040c99948efad25737e69178f9f72149cc443cb9edacfdd1aa6bc29f637cc61939f66e5cc3841f83298b33c41e SHA512 16195b51bb414ac82821f93756b3b5d0ec206b7035a50379c1f796082d9c53b11369e15086e1e26521808944266364470c43dcfdd1818ba079fda1613b7ef9bd +DIST patchbundle-selinux-base-policy-2.20200818-r1.tar.bz2 278147 BLAKE2B 1e63517f15ed297c3cc1ed068db30ef60c0ebb11790abb89a80cde44da882b9381a8eccc66378576d84c106af7e9f7fd9e65b76b8e6f5134b34a2b517f5bb7f1 SHA512 d688e3f9d5dceb8a8747025adeddcfdd923e39757ab5ad7b92be00b544e47f0aa0c47aaf5a71eb4d3f616743d3291b8a8babdedfa238913371d58be3fccd4812 DIST refpolicy-2.20190201.tar.bz2 552750 BLAKE2B d3cbdf5c5f8480cd36173d8cfbd2f55a6ad4a9f2176883dcc19eece6059114ca8700d07f8bd318d0430da253bb9e4e6a6e03f7a7db8a7964c95b00452aaab040 SHA512 c6568b679ad1a7c5c566b55291e86ce3784ee609c0091e5d465d41055724d950180780c7eedb3413351101b9182db51c7bce1816db1a9a17b3257861363efc6e DIST refpolicy-2.20190609.tar.bz2 555882 BLAKE2B abc45d9c906e0c880b7c47b0fb8e33f4a277c73244e20e8a95c44452db817241110127a5f8a3347cfbf5e30bf91f9dd4e5dd826426eb88b383fdbff5963f5fcd SHA512 f05ca08d31e62b7bf7203d7b243cce9ba87dd68d13b30067b99a44d5007449078fa82d591faa88c2955d370a346e69faedc850c02bd77c5624a8c746a13467f3 +DIST refpolicy-2.20200818.tar.bz2 570896 BLAKE2B 502c00fec39e1b81e42de3f7f942623f8b3fbdeac19f9f01126722a368b7d4f70427d6e4a574754c4f2fa551e4bc75c912dbc515c004f0dcd5eb28ab416498f6 SHA512 e4b527bb7a87b9359fc42eb111d5008103f57c37128998ea0e21ec7b0b8607ffe3f67697450e4c51a0db172ece69083335b279bacef4b1bd0b7748b58caa99a7 EBUILD selinux-base-policy-2.20190201-r1.ebuild 3876 BLAKE2B 3fdf86914afa4ea4851b7a61011589e4f1fb2c20775ee260bdce26c3197ab9b1ad97c871a58c1ff7704f9ca23609def48f802167f1238773f9a2c4daab0e2b07 SHA512 03f531f3ce9d7646b9101a159cb96a091011a5a9215491ecc7fcadf7412814e30abb285de3939c7f0584232b540f61b9a1e3ebefbf228f5713da5de9ed9a553f -EBUILD selinux-base-policy-2.20190609-r1.ebuild 3818 BLAKE2B 78071157fd3f922bbd200d84027dfaefa39b66a0b294753027694183fec9adb45fa5faab31784432255cf12d767a01e2217a2e04950105e7a60d0a01d200f75f SHA512 a76925a23a78c805f3b21263dd80d3569deb10b82d8d86a67a617d83090984300447249bbf313999657bea180c58d833474b20b3e57c650abb4fd8365d9fde5a +EBUILD selinux-base-policy-2.20190609-r1.ebuild 3816 BLAKE2B a52fb08dc3d36042f251afe98c7894b955c3160890eb4eb84f0b69428a90b05d764b7b1ef12315cea44d5b00617b5747303872e906f67e68c28945cf48197d48 SHA512 cf062f6526826c9b7225ef3c8fe0a3b74da3905b35ba0a174328de422cfc383fbb6831dcbded65f876a956d66523bab39c89f5e23c7a5f80eebc5067ce72a550 +EBUILD selinux-base-policy-2.20200818-r1.ebuild 3818 BLAKE2B 78071157fd3f922bbd200d84027dfaefa39b66a0b294753027694183fec9adb45fa5faab31784432255cf12d767a01e2217a2e04950105e7a60d0a01d200f75f SHA512 a76925a23a78c805f3b21263dd80d3569deb10b82d8d86a67a617d83090984300447249bbf313999657bea180c58d833474b20b3e57c650abb4fd8365d9fde5a EBUILD selinux-base-policy-9999.ebuild 3818 BLAKE2B e5c0dbf7326cfb52fb95951c7ec7ad29a09c0604f2106198c63d182923157933590c97f70b993b77810e83d67dc667d8cf12d46450f3548629abfd3fe0a88d6b SHA512 ed99b8042b5b16247d4cd2bc02d8f3a6ee13a3fd1ca16d5500b6ba3df56d9d20d1cbd82add3e280c4cd4c27216ec794690af645e14ed6e0af0cf9a70aa983a95 MISC metadata.xml 534 BLAKE2B 1bb289204431150ae974c9fd677926faf72e75def3294b9df405a048e398ac3b6147de8483512487edaeea378e1dbd32df0675acb7fa50326c48382603c5dbfe SHA512 d8340bec9d0ec0feb396b17b53a6d53e3caa7ddd1efdc5e5de07baf86592ad0526d08fc08908295cf18a915eef1c7429c72970d56967162b2390eed6f28c822a diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild index 2cf75e0c5f40..3bfca9781cb9 100644 --- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild @@ -12,7 +12,7 @@ if [[ ${PV} == 9999* ]]; then else SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" - KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" + KEYWORDS="amd64 -arm ~arm64 ~mips x86" fi HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r1.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r1.ebuild new file mode 100644 index 000000000000..2cf75e0c5f40 --- /dev/null +++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20200818-r1.ebuild @@ -0,0 +1,126 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" + EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" + EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy" + + inherit git-r3 +else + SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2 + https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2" + KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86" +fi + +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" +DESCRIPTION="SELinux policy for core modules" + +IUSE="systemd +unconfined" + +PDEPEND="unconfined? ( sec-policy/selinux-unconfined )" +DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]" +RDEPEND="$DEPEND" + +MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg" +LICENSE="GPL-2" +SLOT="0" +S="${WORKDIR}/" + +# Code entirely copied from selinux-eclass (cannot inherit due to dependency on +# itself), when reworked reinclude it. Only postinstall (where -b base.pp is +# added) needs to remain then. + +pkg_pretend() { + for i in ${POLICY_TYPES}; do + if [[ "${i}" == "targeted" ]] && ! use unconfined; then + die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." + fi + done +} + +src_prepare() { + local modfiles + + if [[ ${PV} != 9999* ]]; then + einfo "Applying SELinux policy updates ... " + eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + fi + + eapply_user + + # Collect only those files needed for this particular module + for i in ${MODS}; do + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles" + modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles" + done + + for i in ${POLICY_TYPES}; do + mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + + cp ${modfiles} "${S}"/${i} \ + || die "Failed to copy the module files to ${S}/${i}" + done +} + +src_compile() { + for i in ${POLICY_TYPES}; do + emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i} + done +} + +src_install() { + local BASEDIR="/usr/share/selinux" + + for i in ${POLICY_TYPES}; do + for j in ${MODS}; do + einfo "Installing ${i} ${j} policy package" + insinto ${BASEDIR}/${i} + doins "${S}"/${i}/${j}.pp + done + done +} + +pkg_postinst() { + # Set root path and don't load policy into the kernel when cross compiling + local root_opts="" + if [[ "${ROOT%/}" != "" ]]; then + root_opts="-p ${ROOT%/} -n" + fi + + # Override the command from the eclass, we need to load in base as well here + local COMMAND="-i base.pp" + if has_version "<sys-apps/policycoreutils-2.5"; then + COMMAND="-b base.pp" + fi + + for i in ${MODS}; do + COMMAND="${COMMAND} -i ${i}.pp" + done + + for i in ${POLICY_TYPES}; do + einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" + + cd "${ROOT%/}/usr/share/selinux/${i}" + + semodule ${root_opts} -s ${i} ${COMMAND} + done + + # Don't relabel when cross compiling + if [[ "${ROOT%/}" == "" ]]; then + # Relabel depending packages + local PKGSET=""; + if [[ -x /usr/bin/qdepends ]] ; then + PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + elif [[ -x /usr/bin/equery ]] ; then + PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); + fi + if [[ -n "${PKGSET}" ]] ; then + rlpkg ${PKGSET}; + fi + fi +} |