sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild

# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild,v 1.1 2011/07/10 02:30:17 blueness Exp $

EAPI="1"
IUSE="+peer_perms +open_perms +ubac"

inherit eutils

#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
DESCRIPTION="Gentoo base policy for SELinux"
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
        http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"

KEYWORDS="~amd64 ~x86"

RDEPEND=">=sys-apps/policycoreutils-1.30.30
        >=sys-fs/udev-151"
DEPEND="${RDEPEND}
        sys-devel/m4
        >=sys-apps/checkpolicy-1.30.12"

S=${WORKDIR}/

src_unpack() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
        MOD_CONF_VER="20090730"

        unpack ${A}

        cd "${S}"
        epatch "${PATCHBUNDLE}"
        cd "${S}/refpolicy"
        # Fix bug 257111
        sed -i -e 's:system_crond_t:system_cronjob_t:g' \
                "${S}/refpolicy/config/appconfig-standard/default_contexts"

        if ! use peer_perms; then
                sed -i -e '/network_peer_controls/d' \
                        "${S}/refpolicy/policy/policy_capabilities"
        fi

        if ! use open_perms; then
                sed -i -e '/open_perms/d' \
                        "${S}/refpolicy/policy/policy_capabilities"
        fi

        for i in ${POLICY_TYPES}; do
                cp -a "${S}/refpolicy" "${S}/${i}"

                cd "${S}/${i}";
                make conf || die "Make conf in ${i} failed"

                cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
                        "${S}/${i}/policy/modules.conf" \
                        || die "failed to set up modules.conf"
                sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
                        -e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
                        || die "build.conf setup failed."

                if ! use ubac; then
                        sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
                fi

                echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"

                if [ "${i}" == "targeted" ]; then
                        sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
                        "${S}/${i}/config/appconfig-standard/seusers" \
                        || die "targeted seusers setup failed."
                fi
        done
}

src_compile() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"

        for i in ${POLICY_TYPES}; do
                cd "${S}/${i}"
                make base || die "${i} compile failed"
        done
}

src_install() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"

        for i in ${POLICY_TYPES}; do
                cd "${S}/${i}"

                make DESTDIR="${D}" install \
                        || die "${i} install failed."

                make DESTDIR="${D}" install-headers \
                        || die "${i} headers install failed."

                echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"

                echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"

                # libsemanage won't make this on its own
                keepdir "/etc/selinux/${i}/policy"
        done

        dodoc doc/Makefile.example doc/example.{te,fc,if}

        insinto /etc/selinux
        doins "${FILESDIR}/config"
}

pkg_preinst() {
        has_version "<${CATEGORY}/${PN}-2.20101213-r13"
        previous_less_than_r13=$?
}

pkg_postinst() {
        [ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"

        for i in ${POLICY_TYPES}; do
                einfo "Inserting base module into ${i} module store."

                cd "/usr/share/selinux/${i}"
                semodule -s "${i}" -b base.pp || die "Could not load in new base policy"
        done
        elog "Updates on policies might require you to relabel files. If you, after"
        elog "installing new SELinux policies, get 'permission denied' errors,"
        elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
}
1	# Copyright 1999-2011 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20101213-r18.ebuild,v 1.1 2011/07/10 02:30:17 blueness Exp $
4
5	EAPI="1"
6	IUSE="+peer_perms +open_perms +ubac"
7
8	inherit eutils
9
10	#PATCHBUNDLE="${FILESDIR}/patchbundle-${PF}.tar.bz2"
11	PATCHBUNDLE="${DISTDIR}/patchbundle-${PF}.tar.bz2"
12	DESCRIPTION="Gentoo base policy for SELinux"
13	HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
14	#SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2"
15	SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
16	http://dev.gentoo.org/~blueness/patchbundle-selinux-base-policy/patchbundle-${PF}.tar.bz2"
17	LICENSE="GPL-2"
18	SLOT="0"
19
20	KEYWORDS="~amd64 ~x86"
21
22	RDEPEND=">=sys-apps/policycoreutils-1.30.30
23	>=sys-fs/udev-151"
24	DEPEND="${RDEPEND}
25	sys-devel/m4
26	>=sys-apps/checkpolicy-1.30.12"
27
28	S=${WORKDIR}/
29
30	src_unpack() {
31	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
32	MOD_CONF_VER="20090730"
33
34	unpack ${A}
35
36	cd "${S}"
37	epatch "${PATCHBUNDLE}"
38	cd "${S}/refpolicy"
39	# Fix bug 257111
40	sed -i -e 's:system_crond_t:system_cronjob_t:g' \
41	"${S}/refpolicy/config/appconfig-standard/default_contexts"
42
43	if ! use peer_perms; then
44	sed -i -e '/network_peer_controls/d' \
45	"${S}/refpolicy/policy/policy_capabilities"
46	fi
47
48	if ! use open_perms; then
49	sed -i -e '/open_perms/d' \
50	"${S}/refpolicy/policy/policy_capabilities"
51	fi
52
53	for i in ${POLICY_TYPES}; do
54	cp -a "${S}/refpolicy" "${S}/${i}"
55
56	cd "${S}/${i}";
57	make conf \|\| die "Make conf in ${i} failed"
58
59	cp "${FILESDIR}/modules.conf.${i}.${MOD_CONF_VER}" \
60	"${S}/${i}/policy/modules.conf" \
61	\|\| die "failed to set up modules.conf"
62	sed -i -e '/^QUIET/s/n/y/' -e '/^MONOLITHIC/s/y/n/' \
63	-e "/^NAME/s/refpolicy/$i/" "${S}/${i}/build.conf" \
64	\|\| die "build.conf setup failed."
65
66	if ! use ubac; then
67	sed -i -e 's:^UBAC = y:UBAC = n:g' "${S}/${i}/build.conf"
68	fi
69
70	echo "DISTRO = gentoo" >> "${S}/${i}/build.conf"
71
72	if [ "${i}" == "targeted" ]; then
73	sed -i -e '/root/d' -e 's/user_u/unconfined_u/' \
74	"${S}/${i}/config/appconfig-standard/seusers" \
75	\|\| die "targeted seusers setup failed."
76	fi
77	done
78	}
79
80	src_compile() {
81	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
82
83	for i in ${POLICY_TYPES}; do
84	cd "${S}/${i}"
85	make base \|\| die "${i} compile failed"
86	done
87	}
88
89	src_install() {
90	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
91
92	for i in ${POLICY_TYPES}; do
93	cd "${S}/${i}"
94
95	make DESTDIR="${D}" install \
96	\|\| die "${i} install failed."
97
98	make DESTDIR="${D}" install-headers \
99	\|\| die "${i} headers install failed."
100
101	echo "run_init_t" > "${D}/etc/selinux/${i}/contexts/run_init_type"
102
103	echo "textrel_shlib_t" >> "${D}/etc/selinux/${i}/contexts/customizable_types"
104
105	# libsemanage won't make this on its own
106	keepdir "/etc/selinux/${i}/policy"
107	done
108
109	dodoc doc/Makefile.example doc/example.{te,fc,if}
110
111	insinto /etc/selinux
112	doins "${FILESDIR}/config"
113	}
114
115	pkg_preinst() {
116	has_version "<${CATEGORY}/${PN}-2.20101213-r13"
117	previous_less_than_r13=$?
118	}
119
120	pkg_postinst() {
121	[ -z "${POLICY_TYPES}" ] && local POLICY_TYPES="strict targeted"
122
123	for i in ${POLICY_TYPES}; do
124	einfo "Inserting base module into ${i} module store."
125
126	cd "/usr/share/selinux/${i}"
127	semodule -s "${i}" -b base.pp \|\| die "Could not load in new base policy"
128	done
129	elog "Updates on policies might require you to relabel files. If you, after"
130	elog "installing new SELinux policies, get 'permission denied' errors,"
131	elog "relabelling your system using 'rlpkg -a -r' might resolve the issues."
132	}