/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r6.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r6.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (hide annotations) (download)
Sat Mar 31 12:29:14 2012 UTC (2 years, 6 months ago) by swift
Branch: MAIN
Pushing out 2.20120215 SELinux policies

(Portage version: 2.1.10.49/cvs/Linux x86_64)

1 swift 1.1 # Copyright 1999-2012 Gentoo Foundation
2     # Distributed under the terms of the GNU General Public License v2
3     # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-dcc/selinux-dcc-2.20110726.ebuild,v 1.2 2011/10/23 12:42:45 swift Exp $
4     EAPI="4"
5    
6     HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
7     DESCRIPTION="SELinux policy for core modules"
8    
9     IUSE=""
10     BASEPOL="2.20120215-r6"
11    
12     inherit eutils
13    
14     RDEPEND=">=sec-policy/selinux-base-2.20120215-r6"
15     DEPEND=""
16     SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
17     http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${BASEPOL}.tar.bz2"
18     KEYWORDS="~amd64 ~x86"
19    
20     MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg unconfined"
21     LICENSE="GPL-2"
22     SLOT="0"
23     S="${WORKDIR}/"
24     PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
25    
26     # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
27     # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
28     # added) needs to remain then.
29    
30     src_prepare() {
31     local modfiles
32    
33     # Patch the sources with the base patchbundle
34     if [[ -n ${BASEPOL} ]];
35     then
36     cd "${S}"
37     EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
38     EPATCH_SUFFIX="patch" \
39     EPATCH_SOURCE="${WORKDIR}" \
40     EPATCH_FORCE="yes" \
41     epatch
42     fi
43    
44     # Apply the additional patches refered to by the module ebuild.
45     # But first some magic to differentiate between bash arrays and strings
46     if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
47     then
48     cd "${S}/refpolicy/policy/modules"
49     for POLPATCH in "${POLICY_PATCH[@]}";
50     do
51     epatch "${POLPATCH}"
52     done
53     else
54     if [[ -n ${POLICY_PATCH} ]];
55     then
56     cd "${S}/refpolicy/policy/modules"
57     for POLPATCH in ${POLICY_PATCH};
58     do
59     epatch "${POLPATCH}"
60     done
61     fi
62     fi
63    
64     # Collect only those files needed for this particular module
65     for i in ${MODS}; do
66     modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
67     modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
68     done
69    
70     for i in ${POLICY_TYPES}; do
71     mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
72     cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
73     || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
74    
75     cp ${modfiles} "${S}"/${i} \
76     || die "Failed to copy the module files to ${S}/${i}"
77     done
78     }
79    
80     src_compile() {
81     for i in ${POLICY_TYPES}; do
82     # Parallel builds are broken, so we need to force -j1 here
83     emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
84     done
85     }
86    
87     src_install() {
88     local BASEDIR="/usr/share/selinux"
89    
90     for i in ${POLICY_TYPES}; do
91     for j in ${MODS}; do
92     einfo "Installing ${i} ${j} policy package"
93     insinto ${BASEDIR}/${i}
94     doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
95     done
96     done
97     }
98    
99     pkg_postinst() {
100     # Override the command from the eclass, we need to load in base as well here
101     local COMMAND
102     for i in ${MODS}; do
103     COMMAND="-i ${i}.pp ${COMMAND}"
104     done
105    
106     for i in ${POLICY_TYPES}; do
107     local LOCCOMMAND
108     local LOCMODS
109     if [[ "${i}" != "targeted" ]]; then
110     LOCCOMMAND=$(echo "${COMMAND}" | sed -e 's:-i unconfined.pp::g');
111     LOCMODS=$(echo "${MODS}" | sed -e 's: unconfined::g');
112     else
113     LOCCOMMAND="${COMMAND}"
114     LOCMODS="${MODS}"
115     fi
116     einfo "Inserting the following modules, with base, into the $i module store: ${LOCMODS}"
117    
118     cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
119    
120     semodule -s ${i} -b base.pp ${LOCCOMMAND} || die "Failed to load in base and modules ${LOCMODS} in the $i policy store"
121     done
122     }

  ViewVC Help
Powered by ViewVC 1.1.20