/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20140311-r7.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20140311-r7.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.4 - (show annotations) (download)
Sat Apr 25 16:28:44 2015 UTC (2 years, 5 months ago) by floppym
Branch: MAIN
CVS Tags: HEAD
Changes since 1.3: +3 -3 lines
Replace links pointing at git.overlays.gentoo.org.

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0BBEEA1FEA4843A4)

1 # Copyright 1999-2015 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20140311-r7.ebuild,v 1.3 2014/12/07 13:21:06 perfinion Exp $
4 EAPI="5"
5
6 inherit eutils
7
8 if [[ ${PV} == 9999* ]]; then
9 EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
10 EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
11 EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
12
13 inherit git-2
14
15 KEYWORDS=""
16 else
17 SRC_URI="http://oss.tresys.com/files/refpolicy/refpolicy-${PV}.tar.bz2
18 http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
19 KEYWORDS="amd64 x86"
20 fi
21
22 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
23 DESCRIPTION="SELinux policy for core modules"
24
25 IUSE="+unconfined"
26
27 RDEPEND="=sec-policy/selinux-base-${PVR}"
28 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
29 DEPEND=""
30
31 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
32 LICENSE="GPL-2"
33 SLOT="0"
34 S="${WORKDIR}/"
35
36 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
37 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
38 # added) needs to remain then.
39
40 pkg_pretend() {
41 for i in ${POLICY_TYPES}; do
42 if [[ "${i}" == "targeted" ]] && ! use unconfined; then
43 die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
44 fi
45 done
46 }
47
48 src_prepare() {
49 local modfiles
50
51 if [[ ${PV} != 9999* ]]; then
52 # Patch the source with the base patchbundle
53 cd "${S}"
54 EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
55 EPATCH_SUFFIX="patch" \
56 EPATCH_SOURCE="${WORKDIR}" \
57 EPATCH_FORCE="yes" \
58 epatch
59 fi
60
61 # Apply the additional patches refered to by the module ebuild.
62 # But first some magic to differentiate between bash arrays and strings
63 if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
64 then
65 cd "${S}/refpolicy/policy/modules"
66 for POLPATCH in "${POLICY_PATCH[@]}";
67 do
68 epatch "${POLPATCH}"
69 done
70 else
71 if [[ -n ${POLICY_PATCH} ]];
72 then
73 cd "${S}/refpolicy/policy/modules"
74 for POLPATCH in ${POLICY_PATCH};
75 do
76 epatch "${POLPATCH}"
77 done
78 fi
79 fi
80
81 # Calling user patches
82 epatch_user
83
84 # Collect only those files needed for this particular module
85 for i in ${MODS}; do
86 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
87 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
88 done
89
90 for i in ${POLICY_TYPES}; do
91 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
92 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
93 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
94
95 cp ${modfiles} "${S}"/${i} \
96 || die "Failed to copy the module files to ${S}/${i}"
97 done
98 }
99
100 src_compile() {
101 for i in ${POLICY_TYPES}; do
102 # Parallel builds are broken, so we need to force -j1 here
103 emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
104 done
105 }
106
107 src_install() {
108 local BASEDIR="/usr/share/selinux"
109
110 for i in ${POLICY_TYPES}; do
111 for j in ${MODS}; do
112 einfo "Installing ${i} ${j} policy package"
113 insinto ${BASEDIR}/${i}
114 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
115 done
116 done
117 }
118
119 pkg_postinst() {
120 # Override the command from the eclass, we need to load in base as well here
121 local COMMAND
122 for i in ${MODS}; do
123 COMMAND="-i ${i}.pp ${COMMAND}"
124 done
125
126 for i in ${POLICY_TYPES}; do
127 einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
128
129 cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
130
131 semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
132 done
133
134 # Relabel depending packages
135 local PKGSET="";
136 if [ -x /usr/bin/qdepends ] ; then
137 PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
138 elif [ -x /usr/bin/equery ] ; then
139 PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
140 fi
141 if [ -n "${PKGSET}" ] ; then
142 rlpkg ${PKGSET};
143 fi
144 }

  ViewVC Help
Powered by ViewVC 1.1.20