/[gentoo-x86]/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r3.ebuild
Gentoo

Contents of /sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r3.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations) (download)
Sat Apr 25 16:28:44 2015 UTC (2 years, 7 months ago) by floppym
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +2 -2 lines
Replace links pointing at git.overlays.gentoo.org.

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0BBEEA1FEA4843A4)

1 # Copyright 1999-2015 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r3.ebuild,v 1.2 2015/03/22 14:17:10 swift Exp $
4 EAPI="5"
5
6 inherit eutils
7
8 if [[ ${PV} == 9999* ]]; then
9 EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://anongit.gentoo.org/proj/hardened-refpolicy.git https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
10 EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
11 EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
12
13 inherit git-2
14
15 KEYWORDS=""
16 else
17 SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
18 http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
19 KEYWORDS="amd64 x86"
20 fi
21
22 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
23 DESCRIPTION="SELinux policy for core modules"
24
25 IUSE="+unconfined"
26
27 RDEPEND="=sec-policy/selinux-base-${PVR}"
28 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
29 DEPEND=""
30
31 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
32 LICENSE="GPL-2"
33 SLOT="0"
34 S="${WORKDIR}/"
35
36 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
37 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
38 # added) needs to remain then.
39
40 pkg_pretend() {
41 for i in ${POLICY_TYPES}; do
42 if [[ "${i}" == "targeted" ]] && ! use unconfined; then
43 die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
44 fi
45 done
46 }
47
48 src_prepare() {
49 local modfiles
50
51 if [[ ${PV} != 9999* ]]; then
52 # Patch the source with the base patchbundle
53 cd "${S}"
54 EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
55 EPATCH_SUFFIX="patch" \
56 EPATCH_SOURCE="${WORKDIR}" \
57 EPATCH_FORCE="yes" \
58 epatch
59 fi
60
61 # Apply the additional patches refered to by the module ebuild.
62 # But first some magic to differentiate between bash arrays and strings
63 if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
64 then
65 cd "${S}/refpolicy/policy/modules"
66 for POLPATCH in "${POLICY_PATCH[@]}";
67 do
68 epatch "${POLPATCH}"
69 done
70 else
71 if [[ -n ${POLICY_PATCH} ]];
72 then
73 cd "${S}/refpolicy/policy/modules"
74 for POLPATCH in ${POLICY_PATCH};
75 do
76 epatch "${POLPATCH}"
77 done
78 fi
79 fi
80
81 # Calling user patches
82 epatch_user
83
84 # Collect only those files needed for this particular module
85 for i in ${MODS}; do
86 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
87 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
88 done
89
90 for i in ${POLICY_TYPES}; do
91 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
92 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
93 || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
94
95 cp ${modfiles} "${S}"/${i} \
96 || die "Failed to copy the module files to ${S}/${i}"
97 done
98 }
99
100 src_compile() {
101 for i in ${POLICY_TYPES}; do
102 emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
103 done
104 }
105
106 src_install() {
107 local BASEDIR="/usr/share/selinux"
108
109 for i in ${POLICY_TYPES}; do
110 for j in ${MODS}; do
111 einfo "Installing ${i} ${j} policy package"
112 insinto ${BASEDIR}/${i}
113 doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
114 done
115 done
116 }
117
118 pkg_postinst() {
119 # Override the command from the eclass, we need to load in base as well here
120 local COMMAND
121 for i in ${MODS}; do
122 COMMAND="-i ${i}.pp ${COMMAND}"
123 done
124
125 for i in ${POLICY_TYPES}; do
126 einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
127
128 cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
129
130 semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
131 done
132
133 # Relabel depending packages
134 local PKGSET="";
135 if [ -x /usr/bin/qdepends ] ; then
136 PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
137 elif [ -x /usr/bin/equery ] ; then
138 PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
139 fi
140 if [ -n "${PKGSET}" ] ; then
141 rlpkg ${PKGSET};
142 fi
143 }

  ViewVC Help
Powered by ViewVC 1.1.20