/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Sat Oct 13 16:30:52 2012 UTC (22 months, 1 week ago) by swift
Branch: MAIN
Adding live ebuilds for SELinux policies

(Portage version: 2.1.11.9/cvs/Linux x86_64)

1 # Copyright 1999-2012 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-dcc/selinux-dcc-2.20110726.ebuild,v 1.2 2011/10/23 12:42:45 swift Exp $
4 EAPI="4"
5
6 inherit eutils git-2
7
8 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
9 DESCRIPTION="SELinux policy for core modules"
10
11 IUSE=""
12 BASEPOL="9999"
13
14 RDEPEND="=sec-policy/selinux-base-9999"
15 DEPEND=""
16 EGIT_REPO_URI="git://git.overlays.gentoo.org/proj/hardened-refpolicy.git"
17 EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
18 KEYWORDS=""
19
20 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg unconfined"
21 LICENSE="GPL-2"
22 SLOT="0"
23 S="${WORKDIR}/"
24
25 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
26 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
27 # added) needs to remain then.
28
29 src_prepare() {
30 local modfiles
31
32 # Apply the additional patches refered to by the module ebuild.
33 # But first some magic to differentiate between bash arrays and strings
34 if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
35 then
36 cd "${S}/refpolicy/policy/modules"
37 for POLPATCH in "${POLICY_PATCH[@]}";
38 do
39 epatch "${POLPATCH}"
40 done
41 else
42 if [[ -n ${POLICY_PATCH} ]];
43 then
44 cd "${S}/refpolicy/policy/modules"
45 for POLPATCH in ${POLICY_PATCH};
46 do
47 epatch "${POLPATCH}"
48 done
49 fi
50 fi
51
52 # Collect only those files needed for this particular module
53 for i in ${MODS}; do
54 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
55 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
56 done
57
58 for i in ${POLICY_TYPES}; do
59 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
60 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
61 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
62
63 cp ${modfiles} "${S}"/${i} \
64 || die "Failed to copy the module files to ${S}/${i}"
65 done
66 }
67
68 src_compile() {
69 for i in ${POLICY_TYPES}; do
70 # Parallel builds are broken, so we need to force -j1 here
71 emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
72 done
73 }
74
75 src_install() {
76 local BASEDIR="/usr/share/selinux"
77
78 for i in ${POLICY_TYPES}; do
79 for j in ${MODS}; do
80 einfo "Installing ${i} ${j} policy package"
81 insinto ${BASEDIR}/${i}
82 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
83 done
84 done
85 }
86
87 pkg_postinst() {
88 # Override the command from the eclass, we need to load in base as well here
89 local COMMAND
90 for i in ${MODS}; do
91 COMMAND="-i ${i}.pp ${COMMAND}"
92 done
93
94 for i in ${POLICY_TYPES}; do
95 local LOCCOMMAND
96 local LOCMODS
97 if [[ "${i}" != "targeted" ]]; then
98 LOCCOMMAND=$(echo "${COMMAND}" | sed -e 's:-i unconfined.pp::g');
99 LOCMODS=$(echo "${MODS}" | sed -e 's: unconfined::g');
100 else
101 LOCCOMMAND="${COMMAND}"
102 LOCMODS="${MODS}"
103 fi
104 einfo "Inserting the following modules, with base, into the $i module store: ${LOCMODS}"
105
106 cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
107
108 semodule -s ${i} -b base.pp ${LOCCOMMAND} || die "Failed to load in base and modules ${LOCMODS} in the $i policy store"
109 done
110 }

  ViewVC Help
Powered by ViewVC 1.1.20