[gentoo-commits] repo/gentoo:master commit in: sys-apps/policycoreutils/

["Sven Vermeulen" <swift@gentoo.org>]

commit:     e5dd3905dd034a68bd4519432b09a28a81d541f1
Author:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 30 19:29:47 2017 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Jan 30 19:30:11 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5dd3905

sys-apps/policycoreutils: Properly depend on audit[python] and fix selocal attribute resolving

The first bug this release fixes is bug 597978. Previous policycoreutils versions
provided a selocal application which can't deal with the new setools. The previous
setools had seinfo return a non-zero return code if an attribute (or role, or ...
depending on what was asked) was not found. The newer setools gives this in the
output, but keeps the zero return code. selocal depended on the return code
previously.

The second bug this release fixes is bug 605692. Well, partially, because the bug
has two issues mentioned. The first one is the (wrong) dependency on audit. If the
policycoreutils package is build with USE="audit" then it should depend on audit[python]
rather than just audit. This is the issue that is fixed in this release.

The second issue (not being able to use a number of semanage commands when
USE="-audit") is not resolved yet.

Package-Manager: portage-2.3.3

 .../policycoreutils/policycoreutils-2.6-r1.ebuild  | 187 +++++++++++++++++++++
 1 file changed, 187 insertions(+)

diff --git a/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild
new file mode 100644
index 00000000..555f256
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.6-r1.ebuild
@@ -0,0 +1,187 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+PYTHON_REQ_USE="xml"
+
+inherit multilib python-r1 toolchain-funcs bash-completion-r1
+
+MY_P="${P//_/-}"
+
+MY_RELEASEDATE="20161014"
+EXTRAS_VER="1.35"
+SEMNG_VER="${PV}"
+SELNX_VER="${PV}"
+SEPOL_VER="${PV}"
+
+IUSE="audit pam dbus"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	SRC_URI="https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	S1="${WORKDIR}/${MY_P}/${PN}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${MY_RELEASEDATE}/${MY_P}.tar.gz
+		https://dev.gentoo.org/~swift/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	KEYWORDS="~amd64 ~arm64 ~mips ~x86"
+	S1="${WORKDIR}/${MY_P}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+
+DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python]
+	>=sys-libs/glibc-2.4
+	>=sys-libs/libcap-1.10-r10:=
+	>=sys-libs/libsemanage-${SEMNG_VER}:=[python]
+	sys-libs/libcap-ng:=
+	>=sys-libs/libsepol-${SEPOL_VER}:=
+	>=app-admin/setools-4.0
+	sys-devel/gettext
+	dev-python/ipy[${PYTHON_USEDEP}]
+	dbus? (
+		sys-apps/dbus
+		dev-libs/dbus-glib:=
+	)
+	audit? ( >=sys-process/audit-1.5.1[python] )
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}
+	!<sec-policy/selinux-base-policy-2.20151208-r6"
+# 2.20151208-r6 and higher has support for new setfiles
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	dev-python/sepolgen
+	app-misc/pax-utils
+	!<sys-apps/openrc-0.14"
+
+src_unpack() {
+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
+	default
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	fi
+}
+
+src_prepare() {
+	S="${S1}"
+	cd "${S}" || die "Failed to switch to ${S}"
+	if [[ ${PV} != 9999 ]] ; then
+		# If needed for live ebuilds please use /etc/portage/patches
+		eapply "${FILESDIR}/0010-remove-sesandbox-support.patch"
+		eapply "${FILESDIR}/0020-disable-autodetection-of-pam-and-audit.patch"
+		eapply "${FILESDIR}/0030-make-inotify-check-use-flag-triggered.patch"
+		eapply "${FILESDIR}/0070-remove-symlink-attempt-fails-with-gentoo-sandbox-approach.patch"
+		eapply "${FILESDIR}/0110-build-mcstrans-bug-472912.patch"
+		eapply "${FILESDIR}/0120-build-failure-for-mcscolor-for-CONTEXT__CONTAINS.patch"
+	fi
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	eapply_user
+
+	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+			AUDITH="$(usex audit)" \
+			PAMH="$(usex pam)" \
+			INOTIFYH="$(usex dbus)" \
+			SESANDBOX="n" \
+			AUDIT_LOG_PRIV="y" \
+			PYLIBVER="${EPYTHON}" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" INOTIFYH="$(usex dbus)" SHLIBDIR="${D}$(get_libdir)/rc" install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d" || die
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	bashcomp_alias setsebool getsebool
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in audit2allow sepolgen-ifgen sepolicy chcat; do
+	  python_replicate_script "${ED}/usr/bin/${pyscript}"
+	done
+	for pyscript in semanage rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+
+	dodir /usr/share/doc/${PF}/mcstrans/examples
+	cp -dR "${S1}"/mcstrans/share/examples/* "${D}/usr/share/doc/${PF}/mcstrans/examples" || die
+}
+
+pkg_postinst() {
+	for POLICY_TYPE in ${POLICY_TYPES} ; do
+		# There have been some changes to the policy store, rebuilding now.
+		# https://marc.info/?l=selinux&m=143757277819717&w=2
+		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
+		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+	done
+}