/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r6.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20120215-r6.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Sat Mar 31 12:29:14 2012 UTC (2 years, 5 months ago) by swift
Branch: MAIN
Pushing out 2.20120215 SELinux policies

(Portage version: 2.1.10.49/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-dcc/selinux-dcc-2.20110726.ebuild,v 1.2 2011/10/23 12:42:45 swift Exp $
4 EAPI="4"
5
6 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
7 DESCRIPTION="SELinux policy for core modules"
8
9 IUSE=""
10 BASEPOL="2.20120215-r6"
11
12 inherit eutils
13
14 RDEPEND=">=sec-policy/selinux-base-2.20120215-r6"
15 DEPEND=""
16 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
17 http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${BASEPOL}.tar.bz2"
18 KEYWORDS="~amd64 ~x86"
19
20 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg unconfined"
21 LICENSE="GPL-2"
22 SLOT="0"
23 S="${WORKDIR}/"
24 PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
25
26 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
27 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
28 # added) needs to remain then.
29
30 src_prepare() {
31 local modfiles
32
33 # Patch the sources with the base patchbundle
34 if [[ -n ${BASEPOL} ]];
35 then
36 cd "${S}"
37 EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
38 EPATCH_SUFFIX="patch" \
39 EPATCH_SOURCE="${WORKDIR}" \
40 EPATCH_FORCE="yes" \
41 epatch
42 fi
43
44 # Apply the additional patches refered to by the module ebuild.
45 # But first some magic to differentiate between bash arrays and strings
46 if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
47 then
48 cd "${S}/refpolicy/policy/modules"
49 for POLPATCH in "${POLICY_PATCH[@]}";
50 do
51 epatch "${POLPATCH}"
52 done
53 else
54 if [[ -n ${POLICY_PATCH} ]];
55 then
56 cd "${S}/refpolicy/policy/modules"
57 for POLPATCH in ${POLICY_PATCH};
58 do
59 epatch "${POLPATCH}"
60 done
61 fi
62 fi
63
64 # Collect only those files needed for this particular module
65 for i in ${MODS}; do
66 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
67 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
68 done
69
70 for i in ${POLICY_TYPES}; do
71 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
72 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
73 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
74
75 cp ${modfiles} "${S}"/${i} \
76 || die "Failed to copy the module files to ${S}/${i}"
77 done
78 }
79
80 src_compile() {
81 for i in ${POLICY_TYPES}; do
82 # Parallel builds are broken, so we need to force -j1 here
83 emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
84 done
85 }
86
87 src_install() {
88 local BASEDIR="/usr/share/selinux"
89
90 for i in ${POLICY_TYPES}; do
91 for j in ${MODS}; do
92 einfo "Installing ${i} ${j} policy package"
93 insinto ${BASEDIR}/${i}
94 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
95 done
96 done
97 }
98
99 pkg_postinst() {
100 # Override the command from the eclass, we need to load in base as well here
101 local COMMAND
102 for i in ${MODS}; do
103 COMMAND="-i ${i}.pp ${COMMAND}"
104 done
105
106 for i in ${POLICY_TYPES}; do
107 local LOCCOMMAND
108 local LOCMODS
109 if [[ "${i}" != "targeted" ]]; then
110 LOCCOMMAND=$(echo "${COMMAND}" | sed -e 's:-i unconfined.pp::g');
111 LOCMODS=$(echo "${MODS}" | sed -e 's: unconfined::g');
112 else
113 LOCCOMMAND="${COMMAND}"
114 LOCMODS="${MODS}"
115 fi
116 einfo "Inserting the following modules, with base, into the $i module store: ${LOCMODS}"
117
118 cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
119
120 semodule -s ${i} -b base.pp ${LOCCOMMAND} || die "Failed to load in base and modules ${LOCMODS} in the $i policy store"
121 done
122 }

  ViewVC Help
Powered by ViewVC 1.1.20