* [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/
@ 2011-07-07 18:41 Sven Vermeulen
0 siblings, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2011-07-07 18:41 UTC (permalink / raw
To: gentoo-commits
commit: 182659fcdec1ca2f1f38390d5b6a8e05c8f4749b
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jul 7 18:38:07 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jul 7 18:38:07 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=182659fc
Support python3
---
sys-apps/policycoreutils/ChangeLog | 430 ++++++++++++++++++++
.../files/policycoreutils-2.0.82-python3.tar.gz | Bin 0 -> 20153 bytes
sys-apps/policycoreutils/metadata.xml | 17 +
.../policycoreutils-2.0.82-r2.ebuild | 110 +++++
4 files changed, 557 insertions(+), 0 deletions(-)
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
new file mode 100644
index 0000000..1b3ddf1
--- /dev/null
+++ b/sys-apps/policycoreutils/ChangeLog
@@ -0,0 +1,430 @@
+# ChangeLog for sys-apps/policycoreutils
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.85 2011/06/30 10:35:35 blueness Exp $
+
+ 07 Jul 2011; <swift@gentoo.org> +policycoreutils-2.0.82-r2.ebuild,
+ +files/policycoreutils-2.0.82-python3.tar.gz, +metadata.xml:
+ Initial support for python3
+
+*policycoreutils-2.0.82-r2 (04 Jul 2011)
+
+ 04 Jul 2011; <swift@gentoo.org> +policycoreutils-2.0.82-r2.ebuild,
+ +metadata.xml:
+ Support python3
+
+*policycoreutils-2.0.82-r1 (30 Jun 2011)
+
+ 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82-r1.ebuild:
+ Overwrite invalid .po files with valid ones, fixes bug #372807
+
+ 16 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Drop use_nls dependency on gettext. Its mandatory. See bug #299681.
+ Also put gettext in COMMON_DEPS, it is more than a RDEPEND.
+
+ 28 May 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Stable amd64 x86
+
+ 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
+ Updated metadata info.
+
+ 08 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Set SUPPORT_PYTHON_ABIS (bug #353762). Fix dependencies. Fix installation
+ with FEATURES="multilib-strict".
+
+*policycoreutils-2.0.82 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82.ebuild:
+ New upstream release.
+
+*policycoreutils-2.0.69-r2 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.69-r2.ebuild,
+ +files/policycoreutils-2.0.69-setfiles.diff:
+ Fixed bug #300613
+
+ 04 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
+ policycoreutils-2.0.69-r1.ebuild:
+ Delete calls to deprecated python_version().
+
+*policycoreutils-2.0.69-r1 (20 Sep 2009)
+
+ 20 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69-r1.ebuild:
+ Update rlpkg for ext4 and btrfs.
+
+ 14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.69.ebuild:
+ Fix libsemanage DEP.
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild:
+ Add python_need_rebuild.
+
+*policycoreutils-2.0.69 (02 Aug 2009)
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69.ebuild:
+ New upstream release.
+
+ 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.34.15.ebuild, policycoreutils-2.0.55.ebuild:
+ Mark stable. Remove old ebuilds.
+
+*policycoreutils-2.0.55 (03 Oct 2008)
+
+ 03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.55.ebuild:
+ Initial commit of policycoreutils 2.0.
+
+ 29 May 2008; Ali Polatel <hawking@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
+
+ 26 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ Fix libsemanage dependency.
+
+ 13 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ -files/policycoreutils-1.28-quietlp.diff,
+ -files/policycoreutils-1.32-quietlp.diff,
+ -files/policycoreutils-unsigned-char-ppc.diff,
+ -policycoreutils-1.28.ebuild, -policycoreutils-1.30-r1.ebuild,
+ -policycoreutils-1.34.1.ebuild, -policycoreutils-1.34.11.ebuild,
+ policycoreutils-1.34.15.ebuild:
+ Mark 1.34.15 stable, clear old ebuilds.
+
+*policycoreutils-1.34.15 (29 Jan 2008)
+
+ 29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.15.ebuild:
+ New upstream bugfix release.
+
+ 19 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.11.ebuild:
+ Fix quoting in unpack.
+
+*policycoreutils-1.34.11 (18 Oct 2007)
+
+ 18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.11.ebuild:
+ New upstream release.
+
+ 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.1.ebuild:
+ Mark stable.
+
+*policycoreutils-1.34.1 (15 Feb 2007)
+
+ 15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.1.ebuild:
+ New upstream release.
+
+ 24 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Fix glibc handling.
+
+ 09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Stable to make repoman happy.
+
+*policycoreutils-1.30.30 (05 Oct 2006)
+
+ 05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.32-quietlp.diff, +policycoreutils-1.30.30.ebuild:
+ Add SVN snapshot and updated extras in preparation for reference policy.
+
+ 31 Jul 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30-r1.ebuild:
+ Mark stable, long overdue.
+
+*policycoreutils-1.30-r1 (28 Mar 2006)
+
+ 28 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.30.ebuild, +policycoreutils-1.30-r1.ebuild:
+ Fix install location of python site packages.
+
+ 22 Feb 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Alpha stable
+
+ 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> policycoreutils-1.28.ebuild:
+ Marked stable on mips.
+
+*policycoreutils-1.30 (18 Mar 2006)
+
+ 18 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.30.ebuild:
+ New upstream release.
+
+ 05 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-unsigned-char-ppc.diff,
+ policycoreutils-1.28.ebuild:
+ Add patch to fix #121689.
+
+ 17 Jan 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.28.ebuild:
+ Mark stable, x86, amd64, ppc, sparc.
+
+ 14 Jan 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Added ~alpha
+
+ 15 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24-r2.ebuild,
+ policycoreutils-1.28.ebuild:
+ Tighten up versioning to try to prevent mismatch problems as seen in #112348.
+
+*policycoreutils-1.28 (09 Dec 2005)
+
+ 09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.28-quietlp.diff, -policycoreutils-1.24-r1.ebuild,
+ +policycoreutils-1.28.ebuild:
+ New upstream release.
+
+*policycoreutils-1.24-r2 (08 Dec 2005)
+
+ 08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r2.ebuild:
+ Add compatability symlink for genhomedircon.
+
+*policycoreutils-1.24-r1 (09 Sep 2005)
+
+ 09 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r1.ebuild:
+ Update for fixed selinuxconfig source policy path.
+
+ 11 Jul 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24.ebuild:
+ Fix RDEPEND for building stages. Libsepol is required now.
+
+*policycoreutils-1.24 (25 Jun 2005)
+
+ 25 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.24-genhomedircon-quiet.diff,
+ -policycoreutils-1.20-r1.ebuild, +policycoreutils-1.24.ebuild:
+ New upstream release.
+
+ 10 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ mips stable
+
+ 01 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ Added ~mips.
+
+ 01 May 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild:
+ Mark stable.
+
+*policycoreutils-1.22 (13 Mar 2005)
+
+ 13 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.22-genhomedircon-quiet.diff,
+ +policycoreutils-1.22.ebuild:
+ New upstream release.
+
+*policycoreutils-1.20-r1 (13 Feb 2005)
+
+ 13 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.16.ebuild, +policycoreutils-1.20-r1.ebuild,
+ -policycoreutils-1.20.ebuild:
+ Add back some tools deleted from upstream libselinux.
+
+*policycoreutils-1.20 (07 Jan 2005)
+
+ 07 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18-r1.ebuild, +policycoreutils-1.20.ebuild:
+ New upstream release. Mark 1.18-r1 stable.
+
+*policycoreutils-1.18-r1 (03 Jan 2005)
+
+ 03 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-nonls.diff, +policycoreutils-1.18-r1.ebuild:
+ Make pam and nls optional for embedded systems use.
+
+ 22 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Ensure a few dirs and perms during stage1 build.
+
+ 15 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Fix libsepol dep.
+
+*policycoreutils-1.18 (14 Nov 2004)
+
+ 14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.18.ebuild:
+ New upstream release.
+
+*policycoreutils-1.16 (07 Sep 2004)
+
+ 07 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.16-genhomedircon-compat.diff,
+ +policycoreutils-1.16.ebuild:
+ New upstream release.
+
+ 08 Aug 2004; Tom Martin <slarti@gentoo.org> policycoreutils-1.12-r1.ebuild,
+ policycoreutils-1.12-r2.ebuild, policycoreutils-1.14.ebuild,
+ policycoreutils-1.4-r1.ebuild:
+ Typo in DESCRIPTION: utilites -> utilities. Bug 59717.
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Bump extras to fix free() bug in runscript_selinux.so.
+
+*policycoreutils-1.12-r2 (06 Jul 2004)
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/runscript-selinux.diff, +policycoreutils-1.12-r2.ebuild:
+ Fix free() error in runscript_selinux.so.
+
+ 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Update extras.
+
+*policycoreutils-1.14 (02 Jul 2004)
+
+ 02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.14-genhomedircon-compat.diff,
+ +policycoreutils-1.14.ebuild:
+ New upstream version.
+
+*policycoreutils-1.12-r1 (28 Jun 2004)
+
+ 28 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12-r1.ebuild:
+ Add toggle_bool to extras.
+
+ 11 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.10-r1.ebuild, policycoreutils-1.12.ebuild:
+ Mark stable
+
+*policycoreutils-1.12 (14 May 2004)
+
+ 14 May 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12.ebuild:
+ New upstream release.
+
+*policycoreutils-1.10-r1 (28 Apr 2004)
+
+ 28 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.10-r1.ebuild, -policycoreutils-1.10.ebuild,
+ -policycoreutils-1.8.ebuild:
+ Update extras and mark stable.
+
+*policycoreutils-1.10 (20 Apr 2004)
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.8.ebuild:
+ More specific versioning for libselinux.
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Mark stable for 2004.1
+
+ 15 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Update extras.
+
+*policycoreutils-1.8 (12 Mar 2004)
+
+ 12 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ New upstream release.
+
+*policycoreutils-1.6 (24 Feb 2004)
+
+ 24 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.6.ebuild:
+ New upstream release. Mark 1.4-r1 stable.
+
+*policycoreutils-1.4-r1 (09 Feb 2004)
+
+ 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild:
+ Move extras to mirrors, and add runscript_selinux.so.
+
+ 31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> files/rlpkg:
+ Switch to portageq from inline python. Add missing quotes for completeness.
+
+ 16 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ Mark stable.
+
+*policycoreutils-1.4 (06 Dec 2003)
+
+ 06 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ New upstream version.
+
+*policycoreutils-1.2-r2 (23 Nov 2003)
+
+ 23 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r2.ebuild:
+ Bump to add /sbin/seinit.
+
+ 29 Oct 2003; Joshua Brindle <method@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ added sparc
+
+*policycoreutils-1.2-r1 (20 Oct 2003)
+
+ 20 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ Remove unneeded -lattr linking from Makefiles.
+
+ 07 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild:
+ Mark stable.
+
+*policycoreutils-1.2 (03 Oct 2003)
+
+ 03 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild, files/policycoreutils-1.2-gentoo.diff:
+ New upstream version.
+
+ 29 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Add build USE flag; when asserted, only setfiles is built and merged.
+
+ 22 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Move selinux-base-policy RDEPEND to checkpolicy. No longer RDEPEND on
+ checkpolicy.
+
+ 22 Sep 2003; <paul@gentoo.org> metadata.xml:
+ Fix metadata.xml
+
+ 24 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild, policycoreutils-1.1.ebuild:
+ Mark stable
+
+*policycoreutils-1.1-r1 (18 Aug 2003)
+
+ 18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
+ files/avc_enforcing, files/avc_toggle,
+ files/policycoreutils-1.1-setfiles.diff:
+ Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
+ scripts for ease of use for old API users. Use package description from RPM
+ spec file in metadata.xml long description.
+
+*policycoreutils-1.1 (14 Aug 2003)
+
+ 14 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1.ebuild:
+ New upstream version
+
+ 10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.0.ebuild, files/rlpkg:
+ Add mkinitrd RDEP, add rlpkg.
+
+*policycoreutils-1.0 (03 Aug 2003)
+
+ 03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, files/policycoreutils-1.0-gentoo.diff:
+ Initial commit
+
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.82-python3.tar.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.82-python3.tar.gz
new file mode 100644
index 0000000..64b5d01
Binary files /dev/null and b/sys-apps/policycoreutils/files/policycoreutils-2.0.82-python3.tar.gz differ
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
new file mode 100644
index 0000000..87cddb0
--- /dev/null
+++ b/sys-apps/policycoreutils/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>
+ Policycoreutils contains the policy core utilities that are required
+ for basic operation of a SELinux system. These utilities include
+ load_policy to load policies, setfiles to label filesystems, newrole
+ to switch roles, and run_init to run /etc/init.d scripts in the proper
+ context.
+
+ Gentoo-specific tools include rlpkg for relabeling packages by name,
+ avc_toggle to toggle between enforcing and permissive modes, and
+ avc_enforcing to query the current mode of the system, enforcing or
+ permissive.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.0.82-r2.ebuild b/sys-apps/policycoreutils/policycoreutils-2.0.82-r2.ebuild
new file mode 100644
index 0000000..d5b2fd4
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.0.82-r2.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.0.82-r1.ebuild,v 1.1 2011/06/30 10:35:35 blueness Exp $
+
+EAPI="2"
+PYTHON_DEPEND="*"
+PYTHON_USE_WITH="xml"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="*-jython"
+
+inherit multilib python toolchain-funcs eutils
+
+EXTRAS_VER="1.20"
+SEMNG_VER="2.0.45"
+SELNX_VER="2.0.94"
+SEPOL_VER="2.0.41"
+
+IUSE=""
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="http://userspace.selinuxproject.org"
+SRC_URI="http://userspace.selinuxproject.org/releases/20100525/devel/${P}.tar.gz
+ mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2
+ mirror://gentoo/policycoreutils-2.0.82-python3.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
+ >=sys-libs/glibc-2.4
+ >=sys-process/audit-1.5.1
+ >=sys-libs/libcap-1.10-r10
+ sys-libs/pam
+ >=sys-libs/libsemanage-${SEMNG_VER}[python]
+ sys-libs/libcap-ng
+ >=sys-libs/libsepol-${SEPOL_VER}
+ sys-devel/gettext"
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${COMMON_DEPS}
+ dev-python/sepolgen
+ app-misc/pax-utils"
+
+DEPEND="${COMMON_DEPS}"
+
+S2=${WORKDIR}/policycoreutils-extra
+
+src_prepare() {
+ # rlpkg is more useful than fixfiles
+ sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 1 failed"
+ sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 2 failed"
+ # removing sandbox for the time being, need to
+ # rename in future to sesandbox?
+ sed -i -e 's/sandbox //' "${S}/Makefile" \
+ || die "failed removing sandbox"
+ # Overwrite gl.po, id.po and et.po with valid PO file
+ cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po"
+ cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po"
+ cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po"
+ # "Fixed" scripts for python 3
+ cp "${WORKDIR}/seobject.py" "${S}/semanage/seobject.py" || die "failed to copy seobject.py"
+ cp "${WORKDIR}/semanage" "${S}/semanage/semanage" || die "failed to copy semanage"
+ cp "${WORKDIR}/chcat" "${S}/scripts/chcat" || die "failed to copy chcat"
+ cp "${WORKDIR}/audit2allow" "${S}/audit2allow/audit2allow" || die "failed to copy audit2allow"
+ cp "${WORKDIR}/rlpkg" "${S2}/scripts/rlpkg" || die "failed to copy rlpkg"
+}
+
+src_compile() {
+ python_copy_sources semanage
+ building() {
+ einfo "Compiling policycoreutils"
+ #emake -C "${S}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" swigify
+ emake -C "${S}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)"
+ einfo "Compiling policycoreutils-extra"
+ #emake -C "${S2}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" swigify
+ emake -C "${S2}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)"
+ }
+ python_execute_function -s --source-dir semanage building
+}
+
+src_install() {
+ # Python scripts are present in many places. There are no extension modules.
+ installation() {
+ einfo "Installing policycoreutils"
+ emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1
+
+ einfo "Installing policycoreutils-extra"
+ emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
+ }
+ python_execute_function installation
+ python_merge_intermediate_installation_images "${T}/images"
+
+ # remove redhat-style init script
+ rm -fR "${D}/etc/rc.d"
+
+ # compatibility symlinks
+ dosym /sbin/setfiles /usr/sbin/setfiles
+ dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+}
+
+pkg_postinst() {
+ python_mod_optimize seobject.py
+}
+
+pkg_postrm() {
+ python_mod_cleanup seobject.py
+}
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/
@ 2011-07-13 21:57 Sven Vermeulen
0 siblings, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2011-07-13 21:57 UTC (permalink / raw
To: gentoo-commits
commit: 1e5751d8b256df635ba6f1e489732f11cb729e12
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Jul 13 21:50:06 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Jul 13 21:50:06 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=1e5751d8
Bump policycoreutils to 2.0.85
---
sys-apps/policycoreutils/ChangeLog | 437 ++++++++
...policycoreutils-2.0.85-fix-seunshare-vuln.patch | 1084 ++++++++++++++++++++
.../files/policycoreutils-2.0.85-python3.tar.gz | Bin 0 -> 19750 bytes
.../files/policycoreutils-2.0.85-sesandbox.patch | 387 +++++++
sys-apps/policycoreutils/metadata.xml | 17 +
.../policycoreutils/policycoreutils-2.0.85.ebuild | 116 +++
6 files changed, 2041 insertions(+), 0 deletions(-)
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
new file mode 100644
index 0000000..7888b40
--- /dev/null
+++ b/sys-apps/policycoreutils/ChangeLog
@@ -0,0 +1,437 @@
+# ChangeLog for sys-apps/policycoreutils
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.86 2011/07/08 10:54:27 ssuominen Exp $
+
+ 13 Jul 2011; <swift@gentoo.org> +policycoreutils-2.0.85.ebuild,
+ +files/policycoreutils-2.0.85-fix-seunshare-vuln.patch,
+ +files/policycoreutils-2.0.85-python3.tar.gz,
+ +files/policycoreutils-2.0.85-sesandbox.patch, +metadata.xml:
+ Add fix for bug #374897 and initial support for python3
+
+*policycoreutils-2.0.85 (12 Jul 2011)
+
+ 12 Jul 2011; <swift@gentoo.org> +files/policycoreutils-2.0.69-setfiles.diff,
+ +policycoreutils-2.0.85.ebuild, +metadata.xml:
+ Bump to 2.0.85
+
+ 08 Jul 2011; Samuli Suominen <ssuominen@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
+ policycoreutils-2.0.69-r1.ebuild, policycoreutils-2.0.69-r2.ebuild:
+ Convert from "useq" to "use".
+
+*policycoreutils-2.0.82-r1 (30 Jun 2011)
+
+ 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82-r1.ebuild:
+ Overwrite invalid .po files with valid ones, fixes bug #372807
+
+ 16 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Drop use_nls dependency on gettext. Its mandatory. See bug #299681.
+ Also put gettext in COMMON_DEPS, it is more than a RDEPEND.
+
+ 28 May 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Stable amd64 x86
+
+ 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
+ Updated metadata info.
+
+ 08 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Set SUPPORT_PYTHON_ABIS (bug #353762). Fix dependencies. Fix installation
+ with FEATURES="multilib-strict".
+
+*policycoreutils-2.0.82 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82.ebuild:
+ New upstream release.
+
+*policycoreutils-2.0.69-r2 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.69-r2.ebuild,
+ +files/policycoreutils-2.0.69-setfiles.diff:
+ Fixed bug #300613
+
+ 04 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
+ policycoreutils-2.0.69-r1.ebuild:
+ Delete calls to deprecated python_version().
+
+*policycoreutils-2.0.69-r1 (20 Sep 2009)
+
+ 20 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69-r1.ebuild:
+ Update rlpkg for ext4 and btrfs.
+
+ 14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.69.ebuild:
+ Fix libsemanage DEP.
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild:
+ Add python_need_rebuild.
+
+*policycoreutils-2.0.69 (02 Aug 2009)
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69.ebuild:
+ New upstream release.
+
+ 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.34.15.ebuild, policycoreutils-2.0.55.ebuild:
+ Mark stable. Remove old ebuilds.
+
+*policycoreutils-2.0.55 (03 Oct 2008)
+
+ 03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.55.ebuild:
+ Initial commit of policycoreutils 2.0.
+
+ 29 May 2008; Ali Polatel <hawking@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
+
+ 26 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ Fix libsemanage dependency.
+
+ 13 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ -files/policycoreutils-1.28-quietlp.diff,
+ -files/policycoreutils-1.32-quietlp.diff,
+ -files/policycoreutils-unsigned-char-ppc.diff,
+ -policycoreutils-1.28.ebuild, -policycoreutils-1.30-r1.ebuild,
+ -policycoreutils-1.34.1.ebuild, -policycoreutils-1.34.11.ebuild,
+ policycoreutils-1.34.15.ebuild:
+ Mark 1.34.15 stable, clear old ebuilds.
+
+*policycoreutils-1.34.15 (29 Jan 2008)
+
+ 29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.15.ebuild:
+ New upstream bugfix release.
+
+ 19 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.11.ebuild:
+ Fix quoting in unpack.
+
+*policycoreutils-1.34.11 (18 Oct 2007)
+
+ 18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.11.ebuild:
+ New upstream release.
+
+ 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.1.ebuild:
+ Mark stable.
+
+*policycoreutils-1.34.1 (15 Feb 2007)
+
+ 15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.1.ebuild:
+ New upstream release.
+
+ 24 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Fix glibc handling.
+
+ 09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Stable to make repoman happy.
+
+*policycoreutils-1.30.30 (05 Oct 2006)
+
+ 05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.32-quietlp.diff, +policycoreutils-1.30.30.ebuild:
+ Add SVN snapshot and updated extras in preparation for reference policy.
+
+ 31 Jul 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30-r1.ebuild:
+ Mark stable, long overdue.
+
+*policycoreutils-1.30-r1 (28 Mar 2006)
+
+ 28 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.30.ebuild, +policycoreutils-1.30-r1.ebuild:
+ Fix install location of python site packages.
+
+ 22 Feb 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Alpha stable
+
+ 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> policycoreutils-1.28.ebuild:
+ Marked stable on mips.
+
+*policycoreutils-1.30 (18 Mar 2006)
+
+ 18 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.30.ebuild:
+ New upstream release.
+
+ 05 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-unsigned-char-ppc.diff,
+ policycoreutils-1.28.ebuild:
+ Add patch to fix #121689.
+
+ 17 Jan 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.28.ebuild:
+ Mark stable, x86, amd64, ppc, sparc.
+
+ 14 Jan 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Added ~alpha
+
+ 15 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24-r2.ebuild,
+ policycoreutils-1.28.ebuild:
+ Tighten up versioning to try to prevent mismatch problems as seen in #112348.
+
+*policycoreutils-1.28 (09 Dec 2005)
+
+ 09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.28-quietlp.diff, -policycoreutils-1.24-r1.ebuild,
+ +policycoreutils-1.28.ebuild:
+ New upstream release.
+
+*policycoreutils-1.24-r2 (08 Dec 2005)
+
+ 08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r2.ebuild:
+ Add compatability symlink for genhomedircon.
+
+*policycoreutils-1.24-r1 (09 Sep 2005)
+
+ 09 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r1.ebuild:
+ Update for fixed selinuxconfig source policy path.
+
+ 11 Jul 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24.ebuild:
+ Fix RDEPEND for building stages. Libsepol is required now.
+
+*policycoreutils-1.24 (25 Jun 2005)
+
+ 25 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.24-genhomedircon-quiet.diff,
+ -policycoreutils-1.20-r1.ebuild, +policycoreutils-1.24.ebuild:
+ New upstream release.
+
+ 10 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ mips stable
+
+ 01 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ Added ~mips.
+
+ 01 May 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild:
+ Mark stable.
+
+*policycoreutils-1.22 (13 Mar 2005)
+
+ 13 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.22-genhomedircon-quiet.diff,
+ +policycoreutils-1.22.ebuild:
+ New upstream release.
+
+*policycoreutils-1.20-r1 (13 Feb 2005)
+
+ 13 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.16.ebuild, +policycoreutils-1.20-r1.ebuild,
+ -policycoreutils-1.20.ebuild:
+ Add back some tools deleted from upstream libselinux.
+
+*policycoreutils-1.20 (07 Jan 2005)
+
+ 07 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18-r1.ebuild, +policycoreutils-1.20.ebuild:
+ New upstream release. Mark 1.18-r1 stable.
+
+*policycoreutils-1.18-r1 (03 Jan 2005)
+
+ 03 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-nonls.diff, +policycoreutils-1.18-r1.ebuild:
+ Make pam and nls optional for embedded systems use.
+
+ 22 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Ensure a few dirs and perms during stage1 build.
+
+ 15 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Fix libsepol dep.
+
+*policycoreutils-1.18 (14 Nov 2004)
+
+ 14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.18.ebuild:
+ New upstream release.
+
+*policycoreutils-1.16 (07 Sep 2004)
+
+ 07 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.16-genhomedircon-compat.diff,
+ +policycoreutils-1.16.ebuild:
+ New upstream release.
+
+ 08 Aug 2004; Tom Martin <slarti@gentoo.org> policycoreutils-1.12-r1.ebuild,
+ policycoreutils-1.12-r2.ebuild, policycoreutils-1.14.ebuild,
+ policycoreutils-1.4-r1.ebuild:
+ Typo in DESCRIPTION: utilites -> utilities. Bug 59717.
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Bump extras to fix free() bug in runscript_selinux.so.
+
+*policycoreutils-1.12-r2 (06 Jul 2004)
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/runscript-selinux.diff, +policycoreutils-1.12-r2.ebuild:
+ Fix free() error in runscript_selinux.so.
+
+ 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Update extras.
+
+*policycoreutils-1.14 (02 Jul 2004)
+
+ 02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.14-genhomedircon-compat.diff,
+ +policycoreutils-1.14.ebuild:
+ New upstream version.
+
+*policycoreutils-1.12-r1 (28 Jun 2004)
+
+ 28 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12-r1.ebuild:
+ Add toggle_bool to extras.
+
+ 11 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.10-r1.ebuild, policycoreutils-1.12.ebuild:
+ Mark stable
+
+*policycoreutils-1.12 (14 May 2004)
+
+ 14 May 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12.ebuild:
+ New upstream release.
+
+*policycoreutils-1.10-r1 (28 Apr 2004)
+
+ 28 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.10-r1.ebuild, -policycoreutils-1.10.ebuild,
+ -policycoreutils-1.8.ebuild:
+ Update extras and mark stable.
+
+*policycoreutils-1.10 (20 Apr 2004)
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.8.ebuild:
+ More specific versioning for libselinux.
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Mark stable for 2004.1
+
+ 15 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Update extras.
+
+*policycoreutils-1.8 (12 Mar 2004)
+
+ 12 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ New upstream release.
+
+*policycoreutils-1.6 (24 Feb 2004)
+
+ 24 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.6.ebuild:
+ New upstream release. Mark 1.4-r1 stable.
+
+*policycoreutils-1.4-r1 (09 Feb 2004)
+
+ 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild:
+ Move extras to mirrors, and add runscript_selinux.so.
+
+ 31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> files/rlpkg:
+ Switch to portageq from inline python. Add missing quotes for completeness.
+
+ 16 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ Mark stable.
+
+*policycoreutils-1.4 (06 Dec 2003)
+
+ 06 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ New upstream version.
+
+*policycoreutils-1.2-r2 (23 Nov 2003)
+
+ 23 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r2.ebuild:
+ Bump to add /sbin/seinit.
+
+ 29 Oct 2003; Joshua Brindle <method@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ added sparc
+
+*policycoreutils-1.2-r1 (20 Oct 2003)
+
+ 20 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ Remove unneeded -lattr linking from Makefiles.
+
+ 07 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild:
+ Mark stable.
+
+*policycoreutils-1.2 (03 Oct 2003)
+
+ 03 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild, files/policycoreutils-1.2-gentoo.diff:
+ New upstream version.
+
+ 29 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Add build USE flag; when asserted, only setfiles is built and merged.
+
+ 22 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Move selinux-base-policy RDEPEND to checkpolicy. No longer RDEPEND on
+ checkpolicy.
+
+ 22 Sep 2003; <paul@gentoo.org> metadata.xml:
+ Fix metadata.xml
+
+ 24 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild, policycoreutils-1.1.ebuild:
+ Mark stable
+
+*policycoreutils-1.1-r1 (18 Aug 2003)
+
+ 18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
+ files/avc_enforcing, files/avc_toggle,
+ files/policycoreutils-1.1-setfiles.diff:
+ Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
+ scripts for ease of use for old API users. Use package description from RPM
+ spec file in metadata.xml long description.
+
+*policycoreutils-1.1 (14 Aug 2003)
+
+ 14 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1.ebuild:
+ New upstream version
+
+ 10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.0.ebuild, files/rlpkg:
+ Add mkinitrd RDEP, add rlpkg.
+
+*policycoreutils-1.0 (03 Aug 2003)
+
+ 03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, files/policycoreutils-1.0-gentoo.diff:
+ Initial commit
+
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch
new file mode 100644
index 0000000..ba00a0f
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch
@@ -0,0 +1,1084 @@
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox policycoreutils-2.0.85/sandbox/sandbox
+--- policycoreutils-2.0.85.orig/sandbox/sandbox 2011-07-13 19:49:59.186002432 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox 2011-07-13 23:19:06.323002791 +0200
+@@ -19,16 +19,18 @@
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ #
+
+-import os, sys, socket, random, fcntl, shutil, re, subprocess
++import os, stat, sys, socket, random, fcntl, shutil, re, subprocess
+ import selinux
+ import signal
+ from tempfile import mkdtemp
+ import pwd
++import commands
++import gettext
+
+ PROGNAME = "policycoreutils"
+-HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
++SEUNSHARE = "/usr/sbin/seunshare"
++SANDBOXSH = "/usr/share/sesandbox/sesandboxX.sh"
+
+-import gettext
+ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+ gettext.textdomain(PROGNAME)
+
+@@ -41,6 +43,7 @@
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
++DEFAULT_WINDOWSIZE = "1000x700"
+ DEFAULT_TYPE = "sandbox_t"
+ DEFAULT_X_TYPE = "sandbox_x_t"
+ SAVE_FILES = {}
+@@ -63,15 +66,15 @@
+ sys.stderr.flush()
+ sys.exit(1)
+
+-def copyfile(file, dir, dest):
++def copyfile(file, srcdir, dest):
+ import re
+- if file.startswith(dir):
++ if file.startswith(srcdir):
+ dname = os.path.dirname(file)
+ bname = os.path.basename(file)
+- if dname == dir:
++ if dname == srcdir:
+ dest = dest + "/" + bname
+ else:
+- newdir = re.sub(dir, dest, dname)
++ newdir = re.sub(srcdir, dest, dname)
+ if not os.path.exists(newdir):
+ os.makedirs(newdir)
+ dest = newdir + "/" + bname
+@@ -81,9 +84,10 @@
+ shutil.copytree(file, dest)
+ else:
+ shutil.copy2(file, dest)
++
+ except shutil.Error, elist:
+- for e in elist:
+- sys.stderr.write(e[1])
++ for e in elist.message:
++ sys.stderr.write(e[2])
+
+ SAVE_FILES[file] = (dest, os.path.getmtime(dest))
+
+@@ -161,7 +165,7 @@
+ if not self.__options.homedir or not self.__options.tmpdir:
+ self.usage(_("Homedir and tempdir required for level mounts"))
+
+- if not os.path.exists("/usr/sbin/seunshare"):
++ if not os.path.exists(SEUNSHARE):
+ raise ValueError(_("""
+ /usr/sbin/seunshare is required for the action you want to perform.
+ """))
+@@ -194,6 +198,8 @@
+ self.__include(option, opt, i[:-1], parser)
+ except IOError, e:
+ sys.stderr.write(str(e))
++ except TypeError, e:
++ sys.stderr.write(str(e))
+ fd.close()
+
+ def __copyfiles(self):
+@@ -212,7 +218,9 @@
+ /etc/gdm/Xsession
+ """)
+ else:
+- command = " ".join(self.__paths)
++ command = self.__paths[0] + " "
++ for p in self.__paths[1:]:
++ command += "'%s' " % p
+ fd.write("""#! /bin/sh
+ #TITLE: %s
+ /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
+@@ -230,9 +238,9 @@
+ def __parse_options(self):
+ from optparse import OptionParser
+ usage = _("""
+-sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
++sesandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
+
+-sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
++sesandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
+ """)
+
+ parser = OptionParser(version=self.VERSION, usage=usage)
+@@ -268,6 +276,10 @@
+ action="callback", callback=self.__validdir,
+ help=_("alternate /tmp directory to use for mounting"))
+
++ parser.add_option("-w", "--windowsize", dest="windowsize",
++ type="string", default=DEFAULT_WINDOWSIZE,
++ help="size of the sandbox window")
++
+ parser.add_option("-W", "--windowmanager", dest="wm",
+ type="string",
+ default="/usr/bin/matchbox-window-manager -use_titlebar no",
+@@ -276,12 +288,18 @@
+ parser.add_option("-l", "--level", dest="level",
+ help=_("MCS/MLS level for the sesandbox"))
+
++ parser.add_option("-C", "--capabilities",
++ action="store_true", dest="usecaps", default=False,
++ help="Allow apps requiring capabilities to run within the sandbox.")
++
++
+ self.__parser=parser
+
+ self.__options, cmds = parser.parse_args()
+
+ if self.__options.X_ind:
+ self.setype = DEFAULT_X_TYPE
++ self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2")
+
+ if self.__options.setype:
+ self.setype = self.__options.setype
+@@ -300,6 +318,10 @@
+ self.__homedir = self.__options.homedir
+ self.__tmpdir = self.__options.tmpdir
+ else:
++ if self.__options.level:
++ self.__homedir = self.__options.homedir
++ self.__tmpdir = self.__options.tmpdir
++
+ if len(cmds) == 0:
+ self.usage(_("Command required"))
+ cmds[0] = fullpath(cmds[0])
+@@ -329,44 +351,45 @@
+ def __setup_dir(self):
+ if self.__options.level or self.__options.session:
+ return
+- sandboxdir = HOMEDIR + "/.sesandbox"
+- if not os.path.exists(sandboxdir):
+- os.mkdir(sandboxdir)
+
+ if self.__options.homedir:
+ selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
+ self.__homedir = self.__options.homedir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sesandbox")
++ self.__homedir = mkdtemp(dir="/tmp", prefix=".sesandbox_home_")
+
+ if self.__options.tmpdir:
+ selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
+ self.__tmpdir = self.__options.tmpdir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox")
++ self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox_tmp_")
+ selinux.setfscreatecon(None)
+ self.__copyfiles()
+
+ def __execute(self):
+ try:
+- if self.__options.X_ind:
+- xmodmapfile = self.__homedir + "/.xmodmap"
+- xd = open(xmodmapfile,"w")
+- subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
+- xd.close()
+-
+- self.__setup_sandboxrc(self.__options.wm)
+-
+- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sesandbox/sesandboxX.sh" ]
+- rc = subprocess.Popen(cmds).wait()
+- return rc
+-
++ cmds = [ SEUNSHARE, "-Z", self.__execcon ]
++ if self.__options.usecaps:
++ cmds.append('-C')
++ if not self.__options.level:
++ cmds.append('-k')
+ if self.__mount:
+- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths
+- rc = subprocess.Popen(cmds).wait()
+- return rc
++ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
++
++ if self.__options.X_ind:
++ xmodmapfile = self.__homedir + "/.xmodmap"
++ xd = open(xmodmapfile,"w")
++ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
++ xd.close()
++
++ self.__setup_sandboxrc(self.__options.wm)
++
++ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ]
++ else:
++ cmds += [ "--" ] + self.__paths
++ return subprocess.Popen(cmds).wait()
+
+ selinux.setexeccon(self.__execcon)
+ rc = subprocess.Popen(self.__cmds).wait()
+@@ -404,7 +427,7 @@
+ sandbox = Sandbox()
+ rc = sandbox.main()
+ except OSError, error:
+- error_exit(error.args[1])
++ error_exit(error)
+ except ValueError, error:
+ error_exit(error.args[0])
+ except KeyError, error:
+diff -uNr policycoreutils-2.0.85.orig/sandbox/seunshare.c policycoreutils-2.0.85/sandbox/seunshare.c
+--- policycoreutils-2.0.85.orig/sandbox/seunshare.c 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/seunshare.c 2011-07-13 21:33:33.601002609 +0200
+@@ -1,10 +1,17 @@
++/*
++ * Authors: Dan Walsh <dwalsh@redhat.com>
++ * Authors: Thomas Liu <tliu@fedoraproject.org>
++ *
++ * Does not include cgroups support (as opposed to seunshare in fedora)
++ */
++
++#define _GNU_SOURCE
+ #include <signal.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <syslog.h>
+ #include <sys/mount.h>
+ #include <pwd.h>
+-#define _GNU_SOURCE
+ #include <sched.h>
+ #include <string.h>
+ #include <stdio.h>
+@@ -15,6 +22,10 @@
+ #include <limits.h>
+ #include <stdlib.h>
+ #include <errno.h>
++#include <regex.h>
++#include <sys/fsuid.h>
++#include <fcntl.h>
++#include <dirent.h>
+
+ #include <selinux/selinux.h>
+ #include <selinux/context.h> /* for context-mangling functions */
+@@ -22,6 +33,8 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <glob.h>
++#include <regex.h>
+
+ #ifdef USE_NLS
+ #include <locale.h> /* for setlocale() */
+@@ -39,26 +52,44 @@
+ #define MS_PRIVATE 1<<18
+ #endif
+
++static int verbose = 0;
++static int child = 0;
++
++static capng_select_t cap_set = CAPNG_SELECT_BOTH;
++
+ /**
+- * This function will drop all capabilities
+- * Returns zero on success, non-zero otherwise
++ * This function will drop all capabilities
+ */
+-static int drop_capabilities(uid_t uid)
++static int drop_caps()
+ {
+- capng_clear(CAPNG_SELECT_BOTH);
+-
+- if (capng_lock() < 0)
++ if (capng_have_capabilities(cap_set) == CAPNG_NONE)
++ return 0;
++ capng_clear(cap_set);
++ if (capng_lock() == -1 || capng_apply(cap_set) == -1) {
++ fprintf(stderr, _("Failed to drop all capabilities\n"));
+ return -1;
+- /* Change uid */
+- if (setresuid(uid, uid, uid)) {
+- fprintf(stderr, _("Error changing uid, aborting.\n"));
++ }
++ return 0;
++}
++
++/**
++ * This function will drop all privileges.
++ */
++static int drop_privs(uid_t uid) {
++ if (drop_caps() == -1 || setresuid(uid, uid, uid) == -1) {
++ fprintf(stderr, _("Failed to drop privileges\n"));
+ return -1;
+ }
+- return capng_apply(CAPNG_SELECT_BOTH);
++ return 0;
+ }
+
+-#define DEFAULT_PATH "/usr/bin:/bin"
+-static int verbose = 0;
++/**
++ * If the user sends a siginto to seunshare, kill the child's session
++ */
++void handler(int sig) {
++ if (child > 0)
++ kill(-child, sig);
++}
+
+ /**
+ * Take care of any signal setup
+@@ -81,24 +112,109 @@
+ return -1;
+ }
+
++ if (signal(SIGINT, handler) == SIG_ERR) {
++ perror("Unable to set SIGHUP handler");
++ return -1;
++ }
++
+ return 0;
+ }
+
++#define status_to_retval(status,retval) do { \
++ if ((status) == -1) \
++ retval = -1; \
++ else if (WIFEXITED((status))) \
++ retval = WEXITSTATUS((status)); \
++ else if (WIFSIGNALED((status))) \
++ retval = 128 + WTERMSIG((status)); \
++ else \
++ retval = -1; \
++ } while(0)
++
++
++/**
++ * Spawn external command using system() with dropped privileges.
++ * TODO: avoid system() and use exec*() instead.
++ */
++static int spawn_command(const char *cmd, uid_t uid) {
++ int child;
++ int status = -1;
++
++ if (verbose > 1)
++ printf("spawn_command: %s\n", cmd);
++
++ child = fork();
++ if (child == -1) {
++ perror(_("Unable to fork"));
++ return status;
++ }
++
++ if (child == 0) {
++ if (drop_privs(uid) != 0)
++ exit(-1);
++
++ status = system(cmd);
++ status_to_retval(status, status);
++ exit(status);
++ }
++
++ waitpid(child, &status, 0);
++ status_to_retval(status, status);
++ return status;
++}
++
+ /**
+- * This function makes sure the mounted directory is owned by the user executing
+- * seunshare.
+- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
++ * Check file/directory ownership, struct stat * must be passed to the functions.
+ */
+-static int verify_mount(const char *mntdir, struct passwd *pwd) {
++static int check_owner_uid(uid_t uid, const char *file, struct stat *st) {
++ if (S_ISLNK(st->st_mode)) {
++ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++ return -1;
++ }
++ if (st->st_uid != uid) {
++ fprintf(stderr, _("Error: %s not owned by UID %d\n"), file, uid);
++ return -1;
++ }
++ return 0;
++}
++
++static int check_owner_gid(gid_t gid, const char *file, struct stat *st) {
++ if (S_ISLNK(st->st_mode)) {
++ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++ return -1;
++ }
++ if (st->st_gid != gid) {
++ fprintf(stderr, _("Error: %s not owned by GID %d\n"), file, gid);
++ return -1;
++ }
++ return 0;
++}
++
++#define equal_stats(one,two) \
++ ((one)->st_dev == (two)->st_dev && (one)->st_ino == (two)->st_ino && \
++ (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \
++ (one)->st_mode == (two)->st_mode)
++
++/**
++ * Sanity check specified directory. Store stat info for future comparison, or compare
++ * with previously saved info to detect replaced directories.
++ * Note: this function does not perform owner checks.
++ */
++static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) {
+ struct stat sb;
+- if (stat(mntdir, &sb) == -1) {
+- fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir, strerror(errno));
++
++ if (st_out == NULL) st_out = &sb;
++
++ if (lstat(dir, st_out) == -1) {
++ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
+ return -1;
+ }
+- if (sb.st_uid != pwd->pw_uid) {
+- errno = EPERM;
+- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
+- perror(_("Invalid mount point, reporting to administrator"));
++ if (! S_ISDIR(st_out->st_mode)) {
++ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
++ return -1;
++ }
++ if (st_in && !equal_stats(st_in, st_out)) {
++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
+ return -1;
+ }
+ return 0;
+@@ -123,7 +239,7 @@
+
+ /* check the shell skipping newline char */
+ if (!strcmp(shell_name, buf)) {
+- rc = 1;
++ rc = 0;
+ break;
+ }
+ }
+@@ -131,45 +247,388 @@
+ return rc;
+ }
+
+-static int seunshare_mount(const char *src, const char *dst, struct passwd *pwd) {
++/*
++ * Mount directory and check that we mounted the right directory.
++ */
++static int seunshare_mount(const char *src, const char *dst, struct stat *src_st) {
++ int flags = MS_REC;
++ int is_tmp = 0;
++
+ if (verbose)
+- printf("Mount %s on %s\n", src, dst);
+- if (mount(dst, dst, NULL, MS_BIND | MS_REC, NULL) < 0) {
++ printf(_("Mounting %s on %s\n"), src, dst);
++
++ if (strcmp("/tmp", dst) == 0) {
++ flags = flags | MS_NODEV | MS_NOSUID | MS_NOEXEC;
++ is_tmp = 1;
++ }
++
++ /* mount directory */
++ if (mount(dst, dst, NULL, MS_BIND | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst, strerror(errno));
+ return -1;
+ }
+
+- if (mount(dst, dst, NULL, MS_PRIVATE | MS_REC, NULL) < 0) {
++ if (mount(dst, dst, NULL, MS_PRIVATE | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to make %s private: %s\n"), dst, strerror(errno));
+ return -1;
+ }
+
+- if (mount(src, dst, NULL, MS_BIND | MS_REC, NULL) < 0) {
++ if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
+ return -1;
+ }
+
+- if (verify_mount(dst, pwd) < 0)
++ /* verify whether we mounted what we expected to mount */
++ if (verify_directory(dst, src_st, NULL) < 0)
+ return -1;
++
++ /* bind mount /tmp on /var/tmp too */
++ if (is_tmp) {
++ if (verbose)
++ printf(_("Mounting /tmp on /var/tmp\n"));
++
++ if (mount("/var/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
++ return -1;
++ }
++ if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
++ return -1;
++ }
++ if (mount("/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to mount /tmp on /var/tmp: %s\n"), strerror(errno));
++ return -1;
++ }
++ }
++
++ return 0;
+ }
+
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++/*
++ * If path is empty or ends with "/." or "/.." return -1 else return 0;
++ */
++static int bad_path(const char *path) {
++ const char *ptr;
++ ptr = path;
++ while (*ptr) ptr++;
++ if (ptr == path) return -1; // ptr null
++ ptr--;
++ if (ptr != path && *ptr == '.') {
++ ptr--;
++ if (*ptr == '/') return -1; // path ends in /.
++ if (*ptr == '.') {
++ if (ptr != path) {
++ ptr--;
++ if (*ptr == '/') return -1; // path ends in /..
++ }
++ }
++ }
++ return 0;
++}
++
++static int rsynccmd(const char *src, const char *dst, char **cmdbuf) {
++ char *buf = NULL;
++ char *newbuf = NULL;
++ glob_t fglob;
++ fglob.gl_offs = 0;
++ int flags = GLOB_PERIOD;
++ unsigned int i = 0;
++ int rc = -1;
++
++ /* match glob for all files in src dir */
++ if (asprintf(&buf, "%s/*", src) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ return -1;
++ }
++
++ if (glob(buf, flags, NULL, &fglob) != 0) {
++ free(buf);
++ buf = NULL;
++ return -1;
++ }
++
++ free(buf);
++ buf = NULL;
++
++ for (i=0; i < fglob.gl_pathc; i++) {
++ const char * path = fglob.gl_pathv[i];
++
++ if (bad_path(path))
++ continue;
++
++ if (!buf) {
++ if (asprintf(&newbuf, "\'%s\'", path) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ } else {
++ if (asprintf(&newbuf, "%s \'%s\'", buf, path) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ }
++
++ free(buf); buf = newbuf;
++ newbuf = NULL;
++ }
++
++ if (buf) {
++ if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s'", buf, dst) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ *cmdbuf = newbuf;
++ } else {
++ *cmdbuf = NULL;
++ }
++ rc = 0;
++
++err:
++ free(buf);
++ buf = NULL;
++ globfree(&fglob);
++ return rc;
++}
++
++/**
++ * Clean up runtime temporary directory. Returns 0 if no problem was detected,
++ * >0 if some error was detected, but errors here are treated as non-fatal and
++ * left to tmpwatch to finish incomplete cleanup.
++ */
++static int cleanup_tmpdir(const char *tmpdir, const char *src, struct passwd *pwd, int copy_content) {
++ char *cmdbuf = NULL;
++ int rc = 0;
++
++ /* rsync files back */
++ if (copy_content) {
++ if (asprintf(&cmdbuf, "/usr/bin/rsync --exclude=.X11-unix -utrlHDq --delete '%s/' '%s/'", tmpdir, src) == -1) {
++ fprintf(stderr, _("Out of memory\n"));
++ cmdbuf = NULL;
++ rc++;
++ }
++ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
++ fprintf(stderr, _("Failed to copy files from the runtime temporary directory\n"));
++ rc++;
++ }
++ free(cmdbuf);
++ cmdbuf = NULL;
++ }
++
++ /* remove files from the runtime temporary directory */
++ if (asprintf(&cmdbuf, "/bin/rm -r '%s/' 2>/dev/null", tmpdir) == -1) {
++ fprintf(stderr, _("Out of memory\n"));
++ cmdbuf = NULL;
++ rc++;
++ }
++ /* this may fail if there's root-owned file left in the runtime tmpdir */
++ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0)
++ rc++;
++ free(cmdbuf);
++ cmdbuf = NULL;
++
++ /* remove runtime temporary directory */
++ setfsuid(0);
++ if (rmdir(tmpdir) == -1)
++ fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno));
++ setfsuid(pwd->pw_uid);
++
++ return 0;
++}
++
++/**
++ * seunshare will create a tmpdir in /tmp, with root ownership. The parent process
++ * waits for its child to exit to attempt to remove the directory. If it fails to remove
++ * the directory, we will need to rely on tmpreaper/tmpwatch to clean it up.
++ */
++static char *create_tmpdir(const char *src, struct stat *src_st, struct stat *out_st, struct passwd *pwd, security_context_t execcon) {
++ char *tmpdir = NULL;
++ char *cmdbuf = NULL;
++ int fd_t = -1, fd_s = -1;
++ struct stat tmp_st;
++ security_context_t con = NULL;
++
++ /* get selinux context */
++ if (execcon) {
++ setfsuid(pwd->pw_uid);
++ if ((fd_s = open(src, O_RDONLY)) < 0) {
++ fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
++ goto err;
++ }
++ if (fstat(fd_s, &tmp_st) == -1) {
++ fprintf(stderr, _("Failed to stat directory %s: %s\n"), src, strerror(errno));
++ goto err;
++ }
++ if (!equal_stats(src_st, &tmp_st)) {
++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), src);
++ goto err;
++ }
++
++ /* ok to not reach this if there is an error */
++ setfsuid(0);
++ }
++
++ if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
++ fprintf(stderr, _("Out of memory\n"));
++ tmpdir = NULL;
++ goto err;
++ }
++ if (mkdtemp(tmpdir) == NULL) {
++ fprintf(stderr, _("Failed to create temporary directory: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ /* temporary directory must be owned by root:user */
++ if (verify_directory(tmpdir, NULL, out_st) < 0) {
++ goto err;
++ }
++ if (check_owner_uid(0, tmpdir, out_st) < 0) goto err;
++ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) goto err;
++
++ /* change permission of the temporary directory */
++ if ((fd_t = open(tmpdir, O_RDONLY)) < 0) {
++ fprintf(stderr, _("Failed to open directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ if (fstat(fd_t, &tmp_st) == -1) {
++ fprintf(stderr, _("Failed to stat directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ if (!equal_stats(out_st, &tmp_st)) {
++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), tmpdir);
++ goto err;
++ }
++ if (fchmod(fd_t, 01770) == -1) {
++ fprintf(stderr, _("Unable to change mode on %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ /* re-stat again to pick change mode */
++ if (fstat(fd_t, out_st) == -1) {
++ fprintf(stderr, _("Failed to stat directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++
++ /* copy selinux context */
++ if (execcon) {
++ if (fsetfilecon(fd_t, con) == -1) {
++ fprintf(stderr, _("Failed to set context of the directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ }
++
++ setfsuid(pwd->pw_uid);
++
++ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
++ goto err;
++ }
++
++ /* ok to not reach this if there is an error */
++ setfsuid(0);
++
++ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
++ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
++ cleanup_tmpdir(tmpdir, src, pwd, 0);
++ goto err;
++ }
++
++ goto good;
++err:
++ free(tmpdir);
++ tmpdir = NULL;
++good:
++ free(cmdbuf);
++ cmdbuf = NULL;
++ freecon(con);
++ con = NULL;
++ if (fd_t >= 0)
++ close(fd_t);
++ if (fd_s >= 0)
++ close(fd_s);
++ return tmpdir;
++}
++
++#define DEFAULT_PATH "/usr/bin:/bin"
++#define USAGE_STRING _("USAGE: seunshare [ -v ] -C -t tmpdir -h homedir [-Z context] -- executable [args]")
++#define PROC_BASE "/proc"
++
++static int killall (security_context_t execcon) {
++ DIR *dir;
++ security_context_t scon;
++ struct dirent *de;
++ pid_t *pid_table, pid, self;
++ int i;
++ int pids, max_pids;
++ int running = 0;
++ self = getpid();
++ if (!(dir = opendir(PROC_BASE))) {
++ return -1;
++ }
++ max_pids = 256;
++ pid_table = malloc(max_pids * sizeof(pid_t));
++ if (!pid_table) {
++ return -1;
++ }
++ pids = 0;
++ context_t con;
++ con = context_new(execcon);
++ const char *mcs = context_range_get(con);
++ printf("mcs=%s\n", mcs);
++ while ((de = readdir(dir)) != NULL) {
++ if (!(pid = (pid_t)atoi(de->d_name)) || pid == self)
++ continue;
++
++ if (pids == max_pids) {
++ if(!(pid_table = realloc(pid_table, 2*pids*sizeof(pid_t)))) {
++ return -1;
++ }
++ max_pids *= 2;
++ }
++ pid_table[pids++] = pid;
++ }
++
++ (void)closedir(dir);
++
++ for (i = 0; i < pids; i++) {
++ pid_t id = pid_table[i];
++
++ if (getpidcon(id, &scon) == 0) {
++ context_t pidcon = context_new(scon);
++ /* Attempt to kill remaining processes */
++ if (strcmp(context_range_get(pidcon), mcs) == 0)
++ kill(id, SIGKILL);
++
++ context_free(pidcon);
++ freecon(scon);
++ }
++ running++;
++ }
++
++ context_free(con);
++ free(pid_table);
++ return running;
++}
+
+ int main(int argc, char **argv) {
+- int rc;
+ int status = -1;
++ security_context_t execcon = NULL;
+
+- security_context_t scontext;
+-
+- int flag_index; /* flag index in argv[] */
+ int clflag; /* holds codes for command line flags */
+- char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */
++ int kill_all = 0;
++
+ char *homedir_s = NULL; /* homedir spec'd by user in argv[] */
++ char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */
++ char * tmpdir_r = NULL; /* tmpdir created by seunshare */
++
++ struct stat st_homedir;
++ struct stat st_tmpdir_s;
++ struct stat st_tmpdir_r;
+
+ const struct option long_options[] = {
+ {"homedir", 1, 0, 'h'},
+ {"tmpdir", 1, 0, 't'},
++ {"kill", 1, 0, 'k'},
+ {"verbose", 1, 0, 'v'},
++ {"context", 1, 0, 'Z'},
++ {"capabilities", 1, 0, 'C'},
+ {NULL, 0, 0, 0}
+ };
+
+@@ -187,34 +646,33 @@
+ }
+
+ if (verify_shell(pwd->pw_shell) < 0) {
+- fprintf(stderr, _("Error! Shell is not valid.\n"));
++ fprintf(stderr, _("Error: User shell is not valid.\n"));
+ return -1;
+ }
+
+ while (1) {
+- clflag = getopt_long(argc, argv, "h:t:", long_options,
+- &flag_index);
++ clflag = getopt_long(argc, argv, "Cvh:t:Z", long_options, NULL);
+ if (clflag == -1)
+ break;
+
+ switch (clflag) {
+ case 't':
+- if (!(tmpdir_s = realpath(optarg, NULL))) {
+- fprintf(stderr, _("Invalid mount point %s: %s\n"), optarg, strerror(errno));
+- return -1;
+- }
+- if (verify_mount(tmpdir_s, pwd) < 0) return -1;
++ tmpdir_s = optarg;
++ break;
++ case 'k':
++ kill_all = 1;
+ break;
+ case 'h':
+- if (!(homedir_s = realpath(optarg, NULL))) {
+- fprintf(stderr, _("Invalid mount point %s: %s\n"), optarg, strerror(errno));
+- return -1;
+- }
+- if (verify_mount(homedir_s, pwd) < 0) return -1;
+- if (verify_mount(pwd->pw_dir, pwd) < 0) return -1;
++ homedir_s = optarg;
+ break;
+ case 'v':
+- verbose = 1;
++ verbose++;
++ break;
++ case 'C':
++ cap_set = CAPNG_SELECT_CAPS;
++ break;
++ case 'Z':
++ execcon = optarg;
+ break;
+ default:
+ fprintf(stderr, "%s\n", USAGE_STRING);
+@@ -223,74 +681,80 @@
+ }
+
+ if (! homedir_s && ! tmpdir_s) {
+- fprintf(stderr, _("Error: tmpdir and/or homedir required \n"),
+- "%s\n", USAGE_STRING);
++ fprintf(stderr, _("Error: tmpdir and/or homedir required\n %s\n"), USAGE_STRING);
+ return -1;
+ }
+
+- if (argc - optind < 2) {
+- fprintf(stderr, _("Error: context and executable required \n"),
+- "%s\n", USAGE_STRING);
++ if (argc - optind < 1) {
++ fprintf(stderr, _("Error: executable required \n %s\n"), USAGE_STRING);
+ return -1;
+ }
+
+- scontext = argv[optind++];
+-
+- if (set_signal_handles())
+- return -1;
+-
+- if (unshare(CLONE_NEWNS) < 0) {
+- perror(_("Failed to unshare"));
++ if (execcon && is_selinux_enabled() != -1) {
++ fprintf(stderr, _("Error: execution context specified, but SELinux is not enabled\n"));
+ return -1;
+ }
+
+- if (homedir_s && tmpdir_s && (strncmp(pwd->pw_dir, tmpdir_s, strlen(pwd->pw_dir)) == 0)) {
+- if (seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
+- return -1;
+- if (seunshare_mount(homedir_s, pwd->pw_dir, pwd) < 0)
+- return -1;
+- } else {
+- if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir, pwd) < 0)
+- return -1;
+-
+- if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
+- return -1;
+- }
++ if (set_signal_handles()) return -1;
++
++ /* set fsuid to ruid */
++ /* Changing fsuid is usually required when user-specified directory is
++ * on an NFS mount. It's also desired to avoid leaking info about
++ * existence of the files not accessible to the user.
++ */
++ setfsuid(uid);
+
+- if (drop_capabilities(uid)) {
+- perror(_("Failed to drop all capabilities"));
++ /* verify homedir and tmpdir */
++ if (homedir_s && (
++ verify_directory(homedir_s, NULL, &st_homedir) < 0 ||
++ check_owner_uid(uid, homedir_s, &st_homedir))) return -1;
++ if (tmpdir_s && (
++ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
++ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
++ setfsuid(0);
++
++ /* create runtime tmpdir */
++ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s, &st_tmpdir_r, pwd, execcon)) == NULL) {
++ fprintf(stderr, _("Failed to create runtime temporary directory\n"));
+ return -1;
+ }
+
+- int child = fork();
++ /* spawn child process */
++ child = fork();
+ if (child == -1) {
+ perror(_("Unable to fork"));
+- return -1;
++ goto err;
+ }
+
+- if (!child) {
+- char *display=NULL;
+- /* Construct a new environment */
+- char *d = getenv("DISPLAY");
+- if (d) {
+- display = strdup(d);
+- if (!display) {
+- perror(_("Out of memory"));
+- exit(-1);
+- }
++ if (child == 0) {
++ char *display = NULL;
++ int rc = -1;
++
++ if (unshare(CLONE_NEWNS) < 0) {
++ perror(_("Failed to unshare"));
++ goto childerr;
+ }
+
+- if ((rc = clearenv())) {
+- perror(_("Unable to clear environment"));
+- free(display);
+- exit(-1);
++ /* assume fsuid == ruid after this point */
++ setfsuid(uid);
++
++ /* mount homedir and tmpdir, in this order */
++ if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir, &st_homedir) != 0) goto childerr;
++ if (tmpdir_s && seunshare_mount(tmpdir_r, "/tmp", &st_tmpdir_r) != 0) goto childerr;
++
++ if (drop_privs(uid) != 0) goto childerr;
++
++ /* construct a new environment */
++ if ((display = getenv("DISPLAY")) != NULL) {
++ if ((display = strdup(display)) == NULL) {
++ perror(_("Out of memory"));
++ goto childerr;
++ }
+ }
+-
+- if (setexeccon(scontext)) {
+- fprintf(stderr, _("Could not set exec context to %s.\n"),
+- scontext);
+- free(display);
+- exit(-1);
++
++ if ((rc = clearenv()) != 0) {
++ perror(_("Failed to clear environment"));
++ goto childerr;
+ }
+
+ if (display)
+@@ -300,22 +764,46 @@
+ rc |= setenv("USER", pwd->pw_name, 1);
+ rc |= setenv("LOGNAME", pwd->pw_name, 1);
+ rc |= setenv("PATH", DEFAULT_PATH, 1);
+-
++
++ if (rc != 0) {
++ fprintf(stderr, _("Failed to construct environment\n"));
++ goto childerr;
++ }
++
++ /* selinux context */
++ if (execcon && setexeccon(execcon) != 0) {
++ fprintf(stderr, _("Could not set exec context to %s.\n"), execcon);
++ goto childerr;
++ }
++
+ if (chdir(pwd->pw_dir)) {
+ perror(_("Failed to change dir to homedir"));
+- exit(-1);
++ goto childerr;
+ }
++
+ setsid();
++
+ execv(argv[optind], argv + optind);
++ fprintf(stderr, _("Failed to execute command %s: %s\n"), argv[optind], strerror(errno));
++childerr:
+ free(display);
+- perror("execv");
+ exit(-1);
+- } else {
+- waitpid(child, &status, 0);
+ }
+
+- free(tmpdir_s);
+- free(homedir_s);
++ drop_caps();
+
++ /* parent waits for child exit to do the cleanup */
++ waitpid(child, &status, 0);
++ status_to_retval(status, status);
++
++ /* Make sure all child processes exit */
++ kill(-child, SIGTERM);
++
++ if (execcon && kill_all)
++ killall(execcon);
++
++ if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
++err:
++ free(tmpdir_r);
+ return status;
+ }
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz
new file mode 100644
index 0000000..49b3169
Binary files /dev/null and b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz differ
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch
new file mode 100644
index 0000000..42bd083
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch
@@ -0,0 +1,387 @@
+diff -uNr policycoreutils-2.0.85.orig/sandbox/Makefile policycoreutils-2.0.85/sandbox/Makefile
+--- policycoreutils-2.0.85.orig/sandbox/Makefile 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/Makefile 2011-07-13 19:32:10.337002401 +0200
+@@ -6,28 +6,37 @@
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+-SHAREDIR ?= $(PREFIX)/share/sandbox
++SHAREDIR ?= $(PREFIX)/share/sesandbox
+ override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -lcap-ng
+
+-all: sandbox seunshare sandboxX.sh
++all: sesandbox seunshare sesandboxX.sh
++
++sesandbox: sandbox
++ cp sandbox sesandbox
++ cp sandbox.8 sesandbox.8
++ cp sandbox.init sesandbox.init
++ cp sandbox.config sesandbox.config
++
++sesandboxX.sh: sandboxX.sh
++ cp sandboxX.sh sesandboxX.sh
+
+ seunshare: seunshare.o $(EXTRA_OBJS)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+ install: all
+ -mkdir -p $(BINDIR)
+- install -m 755 sandbox $(BINDIR)
++ install -m 755 sesandbox $(BINDIR)
+ -mkdir -p $(MANDIR)/man8
+- install -m 644 sandbox.8 $(MANDIR)/man8/
++ install -m 644 sesandbox.8 $(MANDIR)/man8/
+ -mkdir -p $(SBINDIR)
+ install -m 4755 seunshare $(SBINDIR)/
+ -mkdir -p $(SHAREDIR)
+- install -m 755 sandboxX.sh $(SHAREDIR)
++ install -m 755 sesandboxX.sh $(SHAREDIR)
+ -mkdir -p $(INITDIR)
+- install -m 755 sandbox.init $(INITDIR)/sandbox
++ install -m 755 sesandbox.init $(INITDIR)/sesandbox
+ -mkdir -p $(SYSCONFDIR)
+- install -m 644 sandbox.config $(SYSCONFDIR)/sandbox
++ install -m 644 sesandbox.config $(SYSCONFDIR)/sesandbox
+
+ test:
+ @python test_sandbox.py -v
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox policycoreutils-2.0.85/sandbox/sandbox
+--- policycoreutils-2.0.85.orig/sandbox/sandbox 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox 2011-07-13 18:39:07.068002310 +0200
+@@ -142,7 +142,7 @@
+ return cmd
+
+ class Sandbox:
+- VERSION = "sandbox .1"
++ VERSION = "sesandbox .1"
+ SYSLOG = "/var/log/messages"
+
+ def __init__(self):
+@@ -204,7 +204,7 @@
+ copyfile(f, "/tmp", self.__tmpdir)
+
+ def __setup_sandboxrc(self, wm = "/usr/bin/matchbox-window-manager -use_titlebar no"):
+- execfile =self.__homedir + "/.sandboxrc"
++ execfile =self.__homedir + "/.sesandboxrc"
+ fd = open(execfile, "w+")
+ if self.__options.session:
+ fd.write("""#!/bin/sh
+@@ -230,9 +230,9 @@
+ def __parse_options(self):
+ from optparse import OptionParser
+ usage = _("""
+-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
++sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
+
+-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
++sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
+ """)
+
+ parser = OptionParser(version=self.VERSION, usage=usage)
+@@ -240,22 +240,22 @@
+ parser.add_option("-i", "--include",
+ action="callback", callback=self.__include,
+ type="string",
+- help=_("include file in sandbox"))
++ help=_("include file in sesandbox"))
+ parser.add_option("-I", "--includefile", action="callback", callback=self.__includefile,
+ type="string",
+- help=_("read list of files to include in sandbox from INCLUDEFILE"))
++ help=_("read list of files to include in sesandbox from INCLUDEFILE"))
+ parser.add_option("-t", "--type", dest="setype", action="store", default=None,
+- help=_("run sandbox with SELinux type"))
++ help=_("run sesandbox with SELinux type"))
+ parser.add_option("-M", "--mount",
+ action="callback", callback=self.__mount_callback,
+ help=_("mount new home and/or tmp directory"))
+
+ parser.add_option("-S", "--session", action="store_true", dest="session",
+- default=False, help=_("run complete desktop session within sandbox"))
++ default=False, help=_("run complete desktop session within sesandbox"))
+
+ parser.add_option("-X", dest="X_ind",
+ action="callback", callback=self.__x_callback,
+- default=False, help=_("run X application within a sandbox"))
++ default=False, help=_("run X application within a sesandbox"))
+
+ parser.add_option("-H", "--homedir",
+ action="callback", callback=self.__validdir,
+@@ -274,7 +274,7 @@
+ help=_("alternate window manager"))
+
+ parser.add_option("-l", "--level", dest="level",
+- help=_("MCS/MLS level for the sandbox"))
++ help=_("MCS/MLS level for the sesandbox"))
+
+ self.__parser=parser
+
+@@ -293,9 +293,9 @@
+ if not self.__options.setype:
+ self.setype = selinux.getcon()[1].split(":")[2]
+ if not self.__options.homedir or not self.__options.tmpdir:
+- self.usage(_("You must specify a Homedir and tempdir when setting up a session sandbox"))
++ self.usage(_("You must specify a Homedir and tempdir when setting up a session sesandbox"))
+ if len(cmds) > 0:
+- self.usage(_("Commands are not allowed in a session sandbox"))
++ self.usage(_("Commands are not allowed in a session sesandbox"))
+ self.__options.X_ind = True
+ self.__homedir = self.__options.homedir
+ self.__tmpdir = self.__options.tmpdir
+@@ -329,7 +329,7 @@
+ def __setup_dir(self):
+ if self.__options.level or self.__options.session:
+ return
+- sandboxdir = HOMEDIR + "/.sandbox"
++ sandboxdir = HOMEDIR + "/.sesandbox"
+ if not os.path.exists(sandboxdir):
+ os.mkdir(sandboxdir)
+
+@@ -338,14 +338,14 @@
+ self.__homedir = self.__options.homedir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sandbox")
++ self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sesandbox")
+
+ if self.__options.tmpdir:
+ selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
+ self.__tmpdir = self.__options.tmpdir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
++ self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox")
+ selinux.setfscreatecon(None)
+ self.__copyfiles()
+
+@@ -359,7 +359,7 @@
+
+ self.__setup_sandboxrc(self.__options.wm)
+
+- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sandbox/sandboxX.sh" ]
++ cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sesandbox/sesandboxX.sh" ]
+ rc = subprocess.Popen(cmds).wait()
+ return rc
+
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox.8 policycoreutils-2.0.85/sandbox/sandbox.8
+--- policycoreutils-2.0.85.orig/sandbox/sandbox.8 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox.8 2011-07-13 18:40:09.803002312 +0200
+@@ -1,8 +1,8 @@
+ .TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+ .SH NAME
+-sandbox \- Run cmd under an SELinux sandbox
++sesandbox \- Run cmd under an SELinux sandbox
+ .SH SYNOPSIS
+-.B sandbox
++.B sesandbox
+ [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
+ [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
+ .br
+@@ -12,11 +12,8 @@
+ .I cmd
+ application within a tightly confined SELinux domain. The default sandbox domain only allows applications the ability to read and write stdin, stdout and any other file descriptors handed to it. It is not allowed to open any other files. The -M option will mount an alternate homedir and tmpdir to be used by the sandbox.
+
+-If you have the
+-.I policycoreutils-sandbox
+-package installed, you can use the -X option and the -M option.
+ .B sandbox -X
+-allows you to run X applications within a sandbox. These applications will start up their own X Server and create a temporary home directory and /tmp. The default SELinux policy does not allow any capabilities or network access. It also prevents all access to the users other processes and files. Files specified on the command that are in the home directory or /tmp will be copied into the sandbox directories.
++allows you to run X applications within a sandbox. These applications will start up their own X Server and create a temporary home directory and /tmp. The default SELinux policy does not allow any capabilities or network access. It also prevents all access to the users other processes and files. Files specified on the command that are in the home directory or /tmp will be copied into the sesandbox directories.
+
+ If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the user is responsible to set the correct labels.
+ .PP
+@@ -25,10 +22,10 @@
+ Use alternate homedir to mount over your home directory. Defaults to temporary. Requires -X or -M.
+ .TP
+ \fB\-i file\fR
+-Copy this file into the appropriate temporary sandbox directory. Command can be repeated.
++Copy this file into the appropriate temporary sesandbox directory. Command can be repeated.
+ .TP
+ \fB\-I inputfile\fR Copy all files listed in inputfile into the
+-appropriate temporary sandbox directories.
++appropriate temporary sesandbox directories.
+ .TP
+ \fB\-l\fR
+ Specify the MLS/MCS Security Level to run the sandbox with. Defaults to random.
+@@ -44,7 +41,7 @@
+ .TP
+ \fB\-W windowmanager\fR
+ Select alternative window manager to run within
+-.B sandbox -X.
++.B sesandbox -X.
+ Default to /usr/bin/matchbox-window-manager.
+ .TP
+ \fB\-X\fR
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox.init policycoreutils-2.0.85/sandbox/sandbox.init
+--- policycoreutils-2.0.85.orig/sandbox/sandbox.init 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox.init 2011-07-13 18:38:08.850002308 +0200
+@@ -1,22 +1,22 @@
+ #!/bin/bash
+ ## BEGIN INIT INFO
+-# Provides: sandbox
++# Provides: sesandbox
+ # Default-Start: 3 4 5
+ # Default-Stop: 0 1 2 3 4 6
+ # Required-Start:
+ #
+ ## END INIT INFO
+-# sandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
++# sesandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sesandbox unshared
+ #
+ # chkconfig: 345 1 99
+ #
+-# Description: sandbox and other apps that want to use pam_namespace
++# Description: sesandbox and other apps that want to use pam_namespace
+ # on /var/tmp, /tmp and home directories, requires this script
+ # to be run at boot time.
+ # This script sets up the / mount point and all of its
+ # subdirectories as shared. The script sets up
+ # /tmp, /var/tmp, /home and any homedirs listed in
+-# /etc/sysconfig/sandbox and all of their subdirectories
++# /etc/sysconfig/sesandbox and all of their subdirectories
+ # as unshared.
+ # All processes that use pam_namespace will see
+ # modifications to the global mountspace, except for the
+@@ -28,14 +28,14 @@
+
+ HOMEDIRS="/home"
+
+-. /etc/sysconfig/sandbox
++. /etc/sysconfig/sesandbox
+
+-LOCKFILE=/var/lock/subsys/sandbox
++LOCKFILE=/var/lock/subsys/sesandbox
+
+ base=${0##*/}
+
+ start() {
+- echo -n "Starting sandbox"
++ echo -n "Starting sesandbox"
+
+ [ -f "$LOCKFILE" ] && return 1
+
+@@ -54,7 +54,7 @@
+ }
+
+ stop() {
+- echo -n "Stopping sandbox"
++ echo -n "Stopping sesandbox"
+
+ [ -f "$LOCKFILE" ] || return 1
+ }
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandboxX.sh policycoreutils-2.0.85/sandbox/sandboxX.sh
+--- policycoreutils-2.0.85.orig/sandbox/sandboxX.sh 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandboxX.sh 2011-07-13 18:40:28.382002312 +0200
+@@ -1,13 +1,13 @@
+ #!/bin/bash
+ context=`id -Z | secon -t -l -P`
+-export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
++export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sesandboxrc | /usr/bin/cut -b8-80`"
+ export SCREENSIZE="1000x700"
+ #export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+ trap "exit 0" HUP
+
+ (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
+- python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])'
++ python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sesandboxrc" % os.environ["HOME"])'
+ export EXITCODE=$?
+ kill -HUP 0
+ break
+diff -uNr policycoreutils-2.0.85.orig/sandbox/test_sandbox.py policycoreutils-2.0.85/sandbox/test_sandbox.py
+--- policycoreutils-2.0.85.orig/sandbox/test_sandbox.py 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/test_sandbox.py 2011-07-13 18:42:21.058002316 +0200
+@@ -19,73 +19,73 @@
+ '"Sandbox should have succeeded for this test %r' % err)
+
+ def test_simple_success(self):
+- "Verify that we can read file descriptors handed to sandbox"
++ "Verify that we can read file descriptors handed to sesandbox"
+ p1 = Popen(['cat', '/etc/passwd'], stdout = PIPE)
+- p2 = Popen(['sandbox', 'grep', 'root'], stdin = p1.stdout, stdout=PIPE)
++ p2 = Popen(['sesandbox', 'grep', 'root'], stdin = p1.stdout, stdout=PIPE)
+ out, err = p2.communicate()
+ self.assert_('root' in out)
+
+ def test_cant_kill(self):
+- "Verify that we cannot send kill signal in the sandbox"
++ "Verify that we cannot send kill signal in the sesandbox"
+ pid = os.getpid()
+- p = Popen(['sandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE)
++ p = Popen(['sesandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertDenied(err)
+
+ def test_cant_ping(self):
+- "Verify that we can't ping within the sandbox"
+- p = Popen(['sandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't ping within the sesandbox"
++ p = Popen(['sesandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertDenied(err)
+
+ def test_cant_mkdir(self):
+- "Verify that we can't mkdir within the sandbox"
+- p = Popen(['sandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't mkdir within the sesandbox"
++ p = Popen(['sesandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertFailure(p.returncode)
+
+ def test_cant_list_homedir(self):
+- "Verify that we can't list homedir within the sandbox"
+- p = Popen(['sandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't list homedir within the sesandbox"
++ p = Popen(['sesandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertFailure(p.returncode)
+
+ def test_cant_send_mail(self):
+- "Verify that we can't send mail within the sandbox"
+- p = Popen(['sandbox', 'mail'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't send mail within the sesandbox"
++ p = Popen(['sesandbox', 'mail'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertDenied(err)
+
+ def test_cant_sudo(self):
+- "Verify that we can't run sudo within the sandbox"
+- p = Popen(['sandbox', 'sudo'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't run sudo within the sesandbox"
++ p = Popen(['sesandbox', 'sudo'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertFailure(p.returncode)
+
+ def test_mount(self):
+ "Verify that we mount a file system"
+- p = Popen(['sandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ p = Popen(['sesandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_set_level(self):
+ "Verify that we set level a file system"
+- p = Popen(['sandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE)
++ p = Popen(['sesandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_homedir(self):
+ "Verify that we set homedir a file system"
+- homedir = mkdtemp(dir=".", prefix=".sandbox_test")
+- p = Popen(['sandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ homedir = mkdtemp(dir=".", prefix=".sesandbox_test")
++ p = Popen(['sesandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ shutil.rmtree(homedir)
+ self.assertSuccess(p.returncode, err)
+
+ def test_tmpdir(self):
+ "Verify that we set tmpdir a file system"
+- tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_test")
+- p = Popen(['sandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox_test")
++ p = Popen(['sesandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ shutil.rmtree(tmpdir)
+ self.assertSuccess(p.returncode, err)
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
new file mode 100644
index 0000000..87cddb0
--- /dev/null
+++ b/sys-apps/policycoreutils/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>
+ Policycoreutils contains the policy core utilities that are required
+ for basic operation of a SELinux system. These utilities include
+ load_policy to load policies, setfiles to label filesystems, newrole
+ to switch roles, and run_init to run /etc/init.d scripts in the proper
+ context.
+
+ Gentoo-specific tools include rlpkg for relabeling packages by name,
+ avc_toggle to toggle between enforcing and permissive modes, and
+ avc_enforcing to query the current mode of the system, enforcing or
+ permissive.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild b/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild
new file mode 100644
index 0000000..cc8b09a
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.0.82.ebuild,v 1.4 2011/06/16 01:33:17 blueness Exp $
+
+EAPI="3"
+PYTHON_DEPEND="*"
+PYTHON_USE_WITH="xml"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="*-jython"
+
+inherit multilib python toolchain-funcs eutils
+
+EXTRAS_VER="1.20"
+SEMNG_VER="2.0.46"
+SELNX_VER="2.0.98"
+SEPOL_VER="2.0.42"
+
+IUSE=""
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="http://userspace.selinuxproject.org"
+SRC_URI="http://userspace.selinuxproject.org/releases/20101221/devel/${P}.tar.gz
+ mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2
+ http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=blob_plain;f=sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
+ >=sys-libs/glibc-2.4
+ >=sys-process/audit-1.5.1
+ >=sys-libs/libcap-1.10-r10
+ sys-libs/pam
+ >=sys-libs/libsemanage-${SEMNG_VER}[python]
+ sys-libs/libcap-ng
+ >=sys-libs/libsepol-${SEPOL_VER}
+ sys-devel/gettext"
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${COMMON_DEPS}
+ dev-python/sepolgen
+ app-misc/pax-utils"
+
+DEPEND="${COMMON_DEPS}"
+
+S2=${WORKDIR}/policycoreutils-extra
+
+src_prepare() {
+ # rlpkg is more useful than fixfiles
+ sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 1 failed"
+ sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 2 failed"
+ # We currently do not support MCS, so the sandbox code in policycoreutils
+ # is not usable yet. However, work for MCS is on the way and a reported
+ # vulnerability (bug #374897) might go by unnoticed if we ignore it now.
+ # As such, we will
+ # - prepare support for switching name from "sandbox" to "sesandbox"
+ epatch "${FILESDIR}/policycoreutils-2.0.85-sesandbox.patch"
+ # - patch the sandbox and seunshare code to fix the vulnerability
+ # (uses, with permission, extract from
+ # http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob_plain;f=policycoreutils-rhat.patch;hb=HEAD)
+ epatch "${FILESDIR}/policycoreutils-2.0.85-fix-seunshare-vuln.patch"
+ # But for now, disable building sandbox code
+ sed -i -e 's/sandbox //' "${S}/Makefile" || die "failed removing sandbox"
+ # Overwrite gl.po, id.po and et.po with valid PO file
+ cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po"
+ cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po"
+ cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po"
+ # Fixed scripts for Python 3 support
+ cp "${WORKDIR}/seobject.py" "${S}/semanage/seobject.py" || die "failed to copy seobject.py"
+ cp "${WORKDIR}/semanage" "${S}/semanage/semanage" || die "failed to copy semanage"
+ cp "${WORKDIR}/chcat" "${S}/scripts/chcat" || die "failed to copy chcat"
+ cp "${WORKDIR}/audit2allow" "${S}/audit2allow/audit2allow" || die "failed to copy audit2allow"
+ cp "${WORKDIR}/rlpkg" "${S2}/scripts/rlpkg" || die "failed to copy rlpkg"
+}
+
+src_compile() {
+ python_copy_sources semanage sandbox
+ building() {
+ einfo "Compiling policycoreutils"
+ emake -C "${S}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+ einfo "Compiling policycoreutils-extra"
+ emake -C "${S2}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+ }
+ python_execute_function -s --source-dir semanage building
+}
+
+src_install() {
+ # Python scripts are present in many places. There are no extension modules.
+ installation() {
+ einfo "Installing policycoreutils"
+ emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1
+
+ einfo "Installing policycoreutils-extra"
+ emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
+ }
+ python_execute_function installation
+ python_merge_intermediate_installation_images "${T}/images"
+
+ # remove redhat-style init script
+ rm -fR "${D}/etc/rc.d"
+
+ # compatibility symlinks
+ dosym /sbin/setfiles /usr/sbin/setfiles
+ dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+}
+
+pkg_postinst() {
+ python_mod_optimize seobject.py
+}
+
+pkg_postrm() {
+ python_mod_cleanup seobject.py
+}
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/
@ 2011-07-13 21:57 Sven Vermeulen
0 siblings, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2011-07-13 21:57 UTC (permalink / raw
To: gentoo-commits
commit: c0930a99bb08ea84e46f9c6bd4fbedd9d73e9ed6
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Jul 13 21:48:46 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Jul 13 21:48:46 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=c0930a99
Remove unnecessary ebuilds
---
sys-apps/policycoreutils/ChangeLog | 433 --------------------
.../files/policycoreutils-2.0.82-python3.tar.gz | Bin 20153 -> 0 bytes
sys-apps/policycoreutils/metadata.xml | 17 -
.../policycoreutils-2.0.82-r2.ebuild | 110 -----
4 files changed, 0 insertions(+), 560 deletions(-)
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
deleted file mode 100644
index b557eaf..0000000
--- a/sys-apps/policycoreutils/ChangeLog
+++ /dev/null
@@ -1,433 +0,0 @@
-# ChangeLog for sys-apps/policycoreutils
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.85 2011/06/30 10:35:35 blueness Exp $
-
- 08 Jul 2011; <swift@gentoo.org> policycoreutils-2.0.82-r2.ebuild:
- Switch towards gogo location
-
- 07 Jul 2011; <swift@gentoo.org> +policycoreutils-2.0.82-r2.ebuild,
- +files/policycoreutils-2.0.82-python3.tar.gz, +metadata.xml:
- Initial support for python3
-
-*policycoreutils-2.0.82-r2 (04 Jul 2011)
-
- 04 Jul 2011; <swift@gentoo.org> +policycoreutils-2.0.82-r2.ebuild,
- +metadata.xml:
- Support python3
-
-*policycoreutils-2.0.82-r1 (30 Jun 2011)
-
- 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- +policycoreutils-2.0.82-r1.ebuild:
- Overwrite invalid .po files with valid ones, fixes bug #372807
-
- 16 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- policycoreutils-2.0.82.ebuild:
- Drop use_nls dependency on gettext. Its mandatory. See bug #299681.
- Also put gettext in COMMON_DEPS, it is more than a RDEPEND.
-
- 28 May 2011; Anthony G. Basile <blueness@gentoo.org>
- policycoreutils-2.0.82.ebuild:
- Stable amd64 x86
-
- 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
- Updated metadata info.
-
- 08 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
- policycoreutils-2.0.82.ebuild:
- Set SUPPORT_PYTHON_ABIS (bug #353762). Fix dependencies. Fix installation
- with FEATURES="multilib-strict".
-
-*policycoreutils-2.0.82 (05 Feb 2011)
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
- +policycoreutils-2.0.82.ebuild:
- New upstream release.
-
-*policycoreutils-2.0.69-r2 (05 Feb 2011)
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
- +policycoreutils-2.0.69-r2.ebuild,
- +files/policycoreutils-2.0.69-setfiles.diff:
- Fixed bug #300613
-
- 04 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
- policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
- policycoreutils-2.0.69-r1.ebuild:
- Delete calls to deprecated python_version().
-
-*policycoreutils-2.0.69-r1 (20 Sep 2009)
-
- 20 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-2.0.69-r1.ebuild:
- Update rlpkg for ext4 and btrfs.
-
- 14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-2.0.69.ebuild:
- Fix libsemanage DEP.
-
- 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild:
- Add python_need_rebuild.
-
-*policycoreutils-2.0.69 (02 Aug 2009)
-
- 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-2.0.69.ebuild:
- New upstream release.
-
- 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.34.15.ebuild, policycoreutils-2.0.55.ebuild:
- Mark stable. Remove old ebuilds.
-
-*policycoreutils-2.0.55 (03 Oct 2008)
-
- 03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-2.0.55.ebuild:
- Initial commit of policycoreutils 2.0.
-
- 29 May 2008; Ali Polatel <hawking@gentoo.org>
- policycoreutils-1.34.15.ebuild:
- python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
-
- 26 May 2008; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.34.15.ebuild:
- Fix libsemanage dependency.
-
- 13 May 2008; Chris PeBenito <pebenito@gentoo.org>
- -files/policycoreutils-1.28-quietlp.diff,
- -files/policycoreutils-1.32-quietlp.diff,
- -files/policycoreutils-unsigned-char-ppc.diff,
- -policycoreutils-1.28.ebuild, -policycoreutils-1.30-r1.ebuild,
- -policycoreutils-1.34.1.ebuild, -policycoreutils-1.34.11.ebuild,
- policycoreutils-1.34.15.ebuild:
- Mark 1.34.15 stable, clear old ebuilds.
-
-*policycoreutils-1.34.15 (29 Jan 2008)
-
- 29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.34.15.ebuild:
- New upstream bugfix release.
-
- 19 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.34.11.ebuild:
- Fix quoting in unpack.
-
-*policycoreutils-1.34.11 (18 Oct 2007)
-
- 18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.34.11.ebuild:
- New upstream release.
-
- 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.34.1.ebuild:
- Mark stable.
-
-*policycoreutils-1.34.1 (15 Feb 2007)
-
- 15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.34.1.ebuild:
- New upstream release.
-
- 24 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.30.30.ebuild:
- Fix glibc handling.
-
- 09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.30.30.ebuild:
- Stable to make repoman happy.
-
-*policycoreutils-1.30.30 (05 Oct 2006)
-
- 05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.32-quietlp.diff, +policycoreutils-1.30.30.ebuild:
- Add SVN snapshot and updated extras in preparation for reference policy.
-
- 31 Jul 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.30-r1.ebuild:
- Mark stable, long overdue.
-
-*policycoreutils-1.30-r1 (28 Mar 2006)
-
- 28 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.30.ebuild, +policycoreutils-1.30-r1.ebuild:
- Fix install location of python site packages.
-
- 22 Feb 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
- Alpha stable
-
- 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> policycoreutils-1.28.ebuild:
- Marked stable on mips.
-
-*policycoreutils-1.30 (18 Mar 2006)
-
- 18 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.30.ebuild:
- New upstream release.
-
- 05 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-unsigned-char-ppc.diff,
- policycoreutils-1.28.ebuild:
- Add patch to fix #121689.
-
- 17 Jan 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.28.ebuild:
- Mark stable, x86, amd64, ppc, sparc.
-
- 14 Jan 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
- Added ~alpha
-
- 15 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.22.ebuild, policycoreutils-1.24-r2.ebuild,
- policycoreutils-1.28.ebuild:
- Tighten up versioning to try to prevent mismatch problems as seen in #112348.
-
-*policycoreutils-1.28 (09 Dec 2005)
-
- 09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.28-quietlp.diff, -policycoreutils-1.24-r1.ebuild,
- +policycoreutils-1.28.ebuild:
- New upstream release.
-
-*policycoreutils-1.24-r2 (08 Dec 2005)
-
- 08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.24-r2.ebuild:
- Add compatability symlink for genhomedircon.
-
-*policycoreutils-1.24-r1 (09 Sep 2005)
-
- 09 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.24-r1.ebuild:
- Update for fixed selinuxconfig source policy path.
-
- 11 Jul 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.22.ebuild, policycoreutils-1.24.ebuild:
- Fix RDEPEND for building stages. Libsepol is required now.
-
-*policycoreutils-1.24 (25 Jun 2005)
-
- 25 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.24-genhomedircon-quiet.diff,
- -policycoreutils-1.20-r1.ebuild, +policycoreutils-1.24.ebuild:
- New upstream release.
-
- 10 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
- mips stable
-
- 01 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
- Added ~mips.
-
- 01 May 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.22.ebuild:
- Mark stable.
-
-*policycoreutils-1.22 (13 Mar 2005)
-
- 13 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.22-genhomedircon-quiet.diff,
- +policycoreutils-1.22.ebuild:
- New upstream release.
-
-*policycoreutils-1.20-r1 (13 Feb 2005)
-
- 13 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.16.ebuild, +policycoreutils-1.20-r1.ebuild,
- -policycoreutils-1.20.ebuild:
- Add back some tools deleted from upstream libselinux.
-
-*policycoreutils-1.20 (07 Jan 2005)
-
- 07 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.18-r1.ebuild, +policycoreutils-1.20.ebuild:
- New upstream release. Mark 1.18-r1 stable.
-
-*policycoreutils-1.18-r1 (03 Jan 2005)
-
- 03 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-nonls.diff, +policycoreutils-1.18-r1.ebuild:
- Make pam and nls optional for embedded systems use.
-
- 22 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.18.ebuild:
- Ensure a few dirs and perms during stage1 build.
-
- 15 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.18.ebuild:
- Fix libsepol dep.
-
-*policycoreutils-1.18 (14 Nov 2004)
-
- 14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.18.ebuild:
- New upstream release.
-
-*policycoreutils-1.16 (07 Sep 2004)
-
- 07 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.16-genhomedircon-compat.diff,
- +policycoreutils-1.16.ebuild:
- New upstream release.
-
- 08 Aug 2004; Tom Martin <slarti@gentoo.org> policycoreutils-1.12-r1.ebuild,
- policycoreutils-1.12-r2.ebuild, policycoreutils-1.14.ebuild,
- policycoreutils-1.4-r1.ebuild:
- Typo in DESCRIPTION: utilites -> utilities. Bug 59717.
-
- 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.14.ebuild:
- Bump extras to fix free() bug in runscript_selinux.so.
-
-*policycoreutils-1.12-r2 (06 Jul 2004)
-
- 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- +files/runscript-selinux.diff, +policycoreutils-1.12-r2.ebuild:
- Fix free() error in runscript_selinux.so.
-
- 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.14.ebuild:
- Update extras.
-
-*policycoreutils-1.14 (02 Jul 2004)
-
- 02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.14-genhomedircon-compat.diff,
- +policycoreutils-1.14.ebuild:
- New upstream version.
-
-*policycoreutils-1.12-r1 (28 Jun 2004)
-
- 28 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.12-r1.ebuild:
- Add toggle_bool to extras.
-
- 11 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.10-r1.ebuild, policycoreutils-1.12.ebuild:
- Mark stable
-
-*policycoreutils-1.12 (14 May 2004)
-
- 14 May 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.12.ebuild:
- New upstream release.
-
-*policycoreutils-1.10-r1 (28 Apr 2004)
-
- 28 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.10-r1.ebuild, -policycoreutils-1.10.ebuild,
- -policycoreutils-1.8.ebuild:
- Update extras and mark stable.
-
-*policycoreutils-1.10 (20 Apr 2004)
-
- 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4-r1.ebuild, policycoreutils-1.8.ebuild:
- More specific versioning for libselinux.
-
- 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.8.ebuild:
- Mark stable for 2004.1
-
- 15 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.8.ebuild:
- Update extras.
-
-*policycoreutils-1.8 (12 Mar 2004)
-
- 12 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.8.ebuild:
- New upstream release.
-
-*policycoreutils-1.6 (24 Feb 2004)
-
- 24 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4-r1.ebuild, policycoreutils-1.6.ebuild:
- New upstream release. Mark 1.4-r1 stable.
-
-*policycoreutils-1.4-r1 (09 Feb 2004)
-
- 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4-r1.ebuild:
- Move extras to mirrors, and add runscript_selinux.so.
-
- 31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> files/rlpkg:
- Switch to portageq from inline python. Add missing quotes for completeness.
-
- 16 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4.ebuild:
- Mark stable.
-
-*policycoreutils-1.4 (06 Dec 2003)
-
- 06 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4.ebuild:
- New upstream version.
-
-*policycoreutils-1.2-r2 (23 Nov 2003)
-
- 23 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2-r2.ebuild:
- Bump to add /sbin/seinit.
-
- 29 Oct 2003; Joshua Brindle <method@gentoo.org>
- policycoreutils-1.2-r1.ebuild:
- added sparc
-
-*policycoreutils-1.2-r1 (20 Oct 2003)
-
- 20 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2-r1.ebuild:
- Remove unneeded -lattr linking from Makefiles.
-
- 07 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2.ebuild:
- Mark stable.
-
-*policycoreutils-1.2 (03 Oct 2003)
-
- 03 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2.ebuild, files/policycoreutils-1.2-gentoo.diff:
- New upstream version.
-
- 29 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1-r1.ebuild:
- Add build USE flag; when asserted, only setfiles is built and merged.
-
- 22 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1-r1.ebuild:
- Move selinux-base-policy RDEPEND to checkpolicy. No longer RDEPEND on
- checkpolicy.
-
- 22 Sep 2003; <paul@gentoo.org> metadata.xml:
- Fix metadata.xml
-
- 24 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1-r1.ebuild, policycoreutils-1.1.ebuild:
- Mark stable
-
-*policycoreutils-1.1-r1 (18 Aug 2003)
-
- 18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
- policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
- files/avc_enforcing, files/avc_toggle,
- files/policycoreutils-1.1-setfiles.diff:
- Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
- scripts for ease of use for old API users. Use package description from RPM
- spec file in metadata.xml long description.
-
-*policycoreutils-1.1 (14 Aug 2003)
-
- 14 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1.ebuild:
- New upstream version
-
- 10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.0.ebuild, files/rlpkg:
- Add mkinitrd RDEP, add rlpkg.
-
-*policycoreutils-1.0 (03 Aug 2003)
-
- 03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
- policycoreutils-1.0.ebuild, files/policycoreutils-1.0-gentoo.diff:
- Initial commit
-
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.82-python3.tar.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.82-python3.tar.gz
deleted file mode 100644
index 64b5d01..0000000
Binary files a/sys-apps/policycoreutils/files/policycoreutils-2.0.82-python3.tar.gz and /dev/null differ
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
deleted file mode 100644
index 87cddb0..0000000
--- a/sys-apps/policycoreutils/metadata.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>selinux</herd>
- <longdescription>
- Policycoreutils contains the policy core utilities that are required
- for basic operation of a SELinux system. These utilities include
- load_policy to load policies, setfiles to label filesystems, newrole
- to switch roles, and run_init to run /etc/init.d scripts in the proper
- context.
-
- Gentoo-specific tools include rlpkg for relabeling packages by name,
- avc_toggle to toggle between enforcing and permissive modes, and
- avc_enforcing to query the current mode of the system, enforcing or
- permissive.
- </longdescription>
-</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.0.82-r2.ebuild b/sys-apps/policycoreutils/policycoreutils-2.0.82-r2.ebuild
deleted file mode 100644
index 203e3ab..0000000
--- a/sys-apps/policycoreutils/policycoreutils-2.0.82-r2.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.0.82-r1.ebuild,v 1.1 2011/06/30 10:35:35 blueness Exp $
-
-EAPI="2"
-PYTHON_DEPEND="*"
-PYTHON_USE_WITH="xml"
-SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="*-jython"
-
-inherit multilib python toolchain-funcs eutils
-
-EXTRAS_VER="1.20"
-SEMNG_VER="2.0.45"
-SELNX_VER="2.0.94"
-SEPOL_VER="2.0.41"
-
-IUSE=""
-
-DESCRIPTION="SELinux core utilities"
-HOMEPAGE="http://userspace.selinuxproject.org"
-SRC_URI="http://userspace.selinuxproject.org/releases/20100525/devel/${P}.tar.gz
- mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2
- http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=blob_plain;f=sys-apps/policycoreutils/files/policycoreutils-2.0.82-python3.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-
-COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
- >=sys-libs/glibc-2.4
- >=sys-process/audit-1.5.1
- >=sys-libs/libcap-1.10-r10
- sys-libs/pam
- >=sys-libs/libsemanage-${SEMNG_VER}[python]
- sys-libs/libcap-ng
- >=sys-libs/libsepol-${SEPOL_VER}
- sys-devel/gettext"
-
-# pax-utils for scanelf used by rlpkg
-RDEPEND="${COMMON_DEPS}
- dev-python/sepolgen
- app-misc/pax-utils"
-
-DEPEND="${COMMON_DEPS}"
-
-S2=${WORKDIR}/policycoreutils-extra
-
-src_prepare() {
- # rlpkg is more useful than fixfiles
- sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
- || die "fixfiles sed 1 failed"
- sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
- || die "fixfiles sed 2 failed"
- # removing sandbox for the time being, need to
- # rename in future to sesandbox?
- sed -i -e 's/sandbox //' "${S}/Makefile" \
- || die "failed removing sandbox"
- # Overwrite gl.po, id.po and et.po with valid PO file
- cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po"
- cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po"
- cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po"
- # "Fixed" scripts for python 3
- cp "${WORKDIR}/seobject.py" "${S}/semanage/seobject.py" || die "failed to copy seobject.py"
- cp "${WORKDIR}/semanage" "${S}/semanage/semanage" || die "failed to copy semanage"
- cp "${WORKDIR}/chcat" "${S}/scripts/chcat" || die "failed to copy chcat"
- cp "${WORKDIR}/audit2allow" "${S}/audit2allow/audit2allow" || die "failed to copy audit2allow"
- cp "${WORKDIR}/rlpkg" "${S2}/scripts/rlpkg" || die "failed to copy rlpkg"
-}
-
-src_compile() {
- python_copy_sources semanage
- building() {
- einfo "Compiling policycoreutils"
- #emake -C "${S}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" swigify
- emake -C "${S}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)"
- einfo "Compiling policycoreutils-extra"
- #emake -C "${S2}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" swigify
- emake -C "${S2}" AUDIT_LOG_PRIV="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)"
- }
- python_execute_function -s --source-dir semanage building
-}
-
-src_install() {
- # Python scripts are present in many places. There are no extension modules.
- installation() {
- einfo "Installing policycoreutils"
- emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1
-
- einfo "Installing policycoreutils-extra"
- emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
- }
- python_execute_function installation
- python_merge_intermediate_installation_images "${T}/images"
-
- # remove redhat-style init script
- rm -fR "${D}/etc/rc.d"
-
- # compatibility symlinks
- dosym /sbin/setfiles /usr/sbin/setfiles
- dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
-}
-
-pkg_postinst() {
- python_mod_optimize seobject.py
-}
-
-pkg_postrm() {
- python_mod_cleanup seobject.py
-}
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/
@ 2011-08-03 10:19 Anthony G. Basile
0 siblings, 0 replies; 5+ messages in thread
From: Anthony G. Basile @ 2011-08-03 10:19 UTC (permalink / raw
To: gentoo-commits
commit: 6bad4a07a65a4461fbd991793200b8da944141a5
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 3 10:19:02 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Aug 3 10:19:02 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=6bad4a07
sys-apps/policycoreutils: moved to tree
---
sys-apps/policycoreutils/ChangeLog | 441 --------------------
.../files/policycoreutils-2.0.69-setfiles.diff | 12 -
...icycoreutils-2.0.85-fix-seunshare-vuln.patch.gz | Bin 8962 -> 0 bytes
.../policycoreutils-2.0.85-sesandbox.patch.gz | Bin 4551 -> 0 bytes
sys-apps/policycoreutils/metadata.xml | 17 -
.../policycoreutils/policycoreutils-2.1.0.ebuild | 115 -----
6 files changed, 0 insertions(+), 585 deletions(-)
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
deleted file mode 100644
index 13c6ced..0000000
--- a/sys-apps/policycoreutils/ChangeLog
+++ /dev/null
@@ -1,441 +0,0 @@
-# ChangeLog for sys-apps/policycoreutils
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.87 2011/07/15 23:29:30 blueness Exp $
-
-*policycoreutils-2.1.0 (02 Aug 2011)
-
- 02 Aug 2011; <swift@gentoo.org> +files/policycoreutils-2.0.69-setfiles.diff,
- +files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz,
- +files/policycoreutils-2.0.85-sesandbox.patch.gz,
- +policycoreutils-2.1.0.ebuild, +metadata.xml:
- Bump to 20110727 SELinux userspace release
-
-*policycoreutils-2.0.85 (15 Jul 2011)
-
- 15 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
- +policycoreutils-2.0.85.ebuild,
- +files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz,
- +files/policycoreutils-2.0.85-sesandbox.patch.gz:
- Add fix for bug #374897 and initial support for python3
-
- 08 Jul 2011; Samuli Suominen <ssuominen@gentoo.org>
- policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
- policycoreutils-2.0.69-r1.ebuild, policycoreutils-2.0.69-r2.ebuild:
- Convert from "useq" to "use".
-
-*policycoreutils-2.0.82-r1 (30 Jun 2011)
-
- 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- +policycoreutils-2.0.82-r1.ebuild:
- Overwrite invalid .po files with valid ones, fixes bug #372807
-
- 16 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- policycoreutils-2.0.82.ebuild:
- Drop use_nls dependency on gettext. Its mandatory. See bug #299681.
- Also put gettext in COMMON_DEPS, it is more than a RDEPEND.
-
- 28 May 2011; Anthony G. Basile <blueness@gentoo.org>
- policycoreutils-2.0.82.ebuild:
- Stable amd64 x86
-
- 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
- Updated metadata info.
-
- 08 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
- policycoreutils-2.0.82.ebuild:
- Set SUPPORT_PYTHON_ABIS (bug #353762). Fix dependencies. Fix installation
- with FEATURES="multilib-strict".
-
-*policycoreutils-2.0.82 (05 Feb 2011)
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
- +policycoreutils-2.0.82.ebuild:
- New upstream release.
-
-*policycoreutils-2.0.69-r2 (05 Feb 2011)
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
- +policycoreutils-2.0.69-r2.ebuild,
- +files/policycoreutils-2.0.69-setfiles.diff:
- Fixed bug #300613
-
- 04 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
- policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
- policycoreutils-2.0.69-r1.ebuild:
- Delete calls to deprecated python_version().
-
-*policycoreutils-2.0.69-r1 (20 Sep 2009)
-
- 20 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-2.0.69-r1.ebuild:
- Update rlpkg for ext4 and btrfs.
-
- 14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-2.0.69.ebuild:
- Fix libsemanage DEP.
-
- 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild:
- Add python_need_rebuild.
-
-*policycoreutils-2.0.69 (02 Aug 2009)
-
- 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-2.0.69.ebuild:
- New upstream release.
-
- 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.34.15.ebuild, policycoreutils-2.0.55.ebuild:
- Mark stable. Remove old ebuilds.
-
-*policycoreutils-2.0.55 (03 Oct 2008)
-
- 03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-2.0.55.ebuild:
- Initial commit of policycoreutils 2.0.
-
- 29 May 2008; Ali Polatel <hawking@gentoo.org>
- policycoreutils-1.34.15.ebuild:
- python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
-
- 26 May 2008; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.34.15.ebuild:
- Fix libsemanage dependency.
-
- 13 May 2008; Chris PeBenito <pebenito@gentoo.org>
- -files/policycoreutils-1.28-quietlp.diff,
- -files/policycoreutils-1.32-quietlp.diff,
- -files/policycoreutils-unsigned-char-ppc.diff,
- -policycoreutils-1.28.ebuild, -policycoreutils-1.30-r1.ebuild,
- -policycoreutils-1.34.1.ebuild, -policycoreutils-1.34.11.ebuild,
- policycoreutils-1.34.15.ebuild:
- Mark 1.34.15 stable, clear old ebuilds.
-
-*policycoreutils-1.34.15 (29 Jan 2008)
-
- 29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.34.15.ebuild:
- New upstream bugfix release.
-
- 19 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.34.11.ebuild:
- Fix quoting in unpack.
-
-*policycoreutils-1.34.11 (18 Oct 2007)
-
- 18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.34.11.ebuild:
- New upstream release.
-
- 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.34.1.ebuild:
- Mark stable.
-
-*policycoreutils-1.34.1 (15 Feb 2007)
-
- 15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.34.1.ebuild:
- New upstream release.
-
- 24 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.30.30.ebuild:
- Fix glibc handling.
-
- 09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.30.30.ebuild:
- Stable to make repoman happy.
-
-*policycoreutils-1.30.30 (05 Oct 2006)
-
- 05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.32-quietlp.diff, +policycoreutils-1.30.30.ebuild:
- Add SVN snapshot and updated extras in preparation for reference policy.
-
- 31 Jul 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.30-r1.ebuild:
- Mark stable, long overdue.
-
-*policycoreutils-1.30-r1 (28 Mar 2006)
-
- 28 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.30.ebuild, +policycoreutils-1.30-r1.ebuild:
- Fix install location of python site packages.
-
- 22 Feb 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
- Alpha stable
-
- 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> policycoreutils-1.28.ebuild:
- Marked stable on mips.
-
-*policycoreutils-1.30 (18 Mar 2006)
-
- 18 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.30.ebuild:
- New upstream release.
-
- 05 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-unsigned-char-ppc.diff,
- policycoreutils-1.28.ebuild:
- Add patch to fix #121689.
-
- 17 Jan 2006; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.28.ebuild:
- Mark stable, x86, amd64, ppc, sparc.
-
- 14 Jan 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
- Added ~alpha
-
- 15 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.22.ebuild, policycoreutils-1.24-r2.ebuild,
- policycoreutils-1.28.ebuild:
- Tighten up versioning to try to prevent mismatch problems as seen in #112348.
-
-*policycoreutils-1.28 (09 Dec 2005)
-
- 09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.28-quietlp.diff, -policycoreutils-1.24-r1.ebuild,
- +policycoreutils-1.28.ebuild:
- New upstream release.
-
-*policycoreutils-1.24-r2 (08 Dec 2005)
-
- 08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.24-r2.ebuild:
- Add compatability symlink for genhomedircon.
-
-*policycoreutils-1.24-r1 (09 Sep 2005)
-
- 09 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.24-r1.ebuild:
- Update for fixed selinuxconfig source policy path.
-
- 11 Jul 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.22.ebuild, policycoreutils-1.24.ebuild:
- Fix RDEPEND for building stages. Libsepol is required now.
-
-*policycoreutils-1.24 (25 Jun 2005)
-
- 25 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.24-genhomedircon-quiet.diff,
- -policycoreutils-1.20-r1.ebuild, +policycoreutils-1.24.ebuild:
- New upstream release.
-
- 10 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
- mips stable
-
- 01 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
- Added ~mips.
-
- 01 May 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.22.ebuild:
- Mark stable.
-
-*policycoreutils-1.22 (13 Mar 2005)
-
- 13 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.22-genhomedircon-quiet.diff,
- +policycoreutils-1.22.ebuild:
- New upstream release.
-
-*policycoreutils-1.20-r1 (13 Feb 2005)
-
- 13 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.16.ebuild, +policycoreutils-1.20-r1.ebuild,
- -policycoreutils-1.20.ebuild:
- Add back some tools deleted from upstream libselinux.
-
-*policycoreutils-1.20 (07 Jan 2005)
-
- 07 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.18-r1.ebuild, +policycoreutils-1.20.ebuild:
- New upstream release. Mark 1.18-r1 stable.
-
-*policycoreutils-1.18-r1 (03 Jan 2005)
-
- 03 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-nonls.diff, +policycoreutils-1.18-r1.ebuild:
- Make pam and nls optional for embedded systems use.
-
- 22 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.18.ebuild:
- Ensure a few dirs and perms during stage1 build.
-
- 15 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.18.ebuild:
- Fix libsepol dep.
-
-*policycoreutils-1.18 (14 Nov 2004)
-
- 14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.18.ebuild:
- New upstream release.
-
-*policycoreutils-1.16 (07 Sep 2004)
-
- 07 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.16-genhomedircon-compat.diff,
- +policycoreutils-1.16.ebuild:
- New upstream release.
-
- 08 Aug 2004; Tom Martin <slarti@gentoo.org> policycoreutils-1.12-r1.ebuild,
- policycoreutils-1.12-r2.ebuild, policycoreutils-1.14.ebuild,
- policycoreutils-1.4-r1.ebuild:
- Typo in DESCRIPTION: utilites -> utilities. Bug 59717.
-
- 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.14.ebuild:
- Bump extras to fix free() bug in runscript_selinux.so.
-
-*policycoreutils-1.12-r2 (06 Jul 2004)
-
- 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- +files/runscript-selinux.diff, +policycoreutils-1.12-r2.ebuild:
- Fix free() error in runscript_selinux.so.
-
- 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.14.ebuild:
- Update extras.
-
-*policycoreutils-1.14 (02 Jul 2004)
-
- 02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
- +files/policycoreutils-1.14-genhomedircon-compat.diff,
- +policycoreutils-1.14.ebuild:
- New upstream version.
-
-*policycoreutils-1.12-r1 (28 Jun 2004)
-
- 28 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.12-r1.ebuild:
- Add toggle_bool to extras.
-
- 11 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
- -policycoreutils-1.10-r1.ebuild, policycoreutils-1.12.ebuild:
- Mark stable
-
-*policycoreutils-1.12 (14 May 2004)
-
- 14 May 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.12.ebuild:
- New upstream release.
-
-*policycoreutils-1.10-r1 (28 Apr 2004)
-
- 28 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- +policycoreutils-1.10-r1.ebuild, -policycoreutils-1.10.ebuild,
- -policycoreutils-1.8.ebuild:
- Update extras and mark stable.
-
-*policycoreutils-1.10 (20 Apr 2004)
-
- 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4-r1.ebuild, policycoreutils-1.8.ebuild:
- More specific versioning for libselinux.
-
- 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.8.ebuild:
- Mark stable for 2004.1
-
- 15 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.8.ebuild:
- Update extras.
-
-*policycoreutils-1.8 (12 Mar 2004)
-
- 12 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.8.ebuild:
- New upstream release.
-
-*policycoreutils-1.6 (24 Feb 2004)
-
- 24 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4-r1.ebuild, policycoreutils-1.6.ebuild:
- New upstream release. Mark 1.4-r1 stable.
-
-*policycoreutils-1.4-r1 (09 Feb 2004)
-
- 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4-r1.ebuild:
- Move extras to mirrors, and add runscript_selinux.so.
-
- 31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> files/rlpkg:
- Switch to portageq from inline python. Add missing quotes for completeness.
-
- 16 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4.ebuild:
- Mark stable.
-
-*policycoreutils-1.4 (06 Dec 2003)
-
- 06 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.4.ebuild:
- New upstream version.
-
-*policycoreutils-1.2-r2 (23 Nov 2003)
-
- 23 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2-r2.ebuild:
- Bump to add /sbin/seinit.
-
- 29 Oct 2003; Joshua Brindle <method@gentoo.org>
- policycoreutils-1.2-r1.ebuild:
- added sparc
-
-*policycoreutils-1.2-r1 (20 Oct 2003)
-
- 20 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2-r1.ebuild:
- Remove unneeded -lattr linking from Makefiles.
-
- 07 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2.ebuild:
- Mark stable.
-
-*policycoreutils-1.2 (03 Oct 2003)
-
- 03 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.2.ebuild, files/policycoreutils-1.2-gentoo.diff:
- New upstream version.
-
- 29 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1-r1.ebuild:
- Add build USE flag; when asserted, only setfiles is built and merged.
-
- 22 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1-r1.ebuild:
- Move selinux-base-policy RDEPEND to checkpolicy. No longer RDEPEND on
- checkpolicy.
-
- 22 Sep 2003; <paul@gentoo.org> metadata.xml:
- Fix metadata.xml
-
- 24 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1-r1.ebuild, policycoreutils-1.1.ebuild:
- Mark stable
-
-*policycoreutils-1.1-r1 (18 Aug 2003)
-
- 18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
- policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
- files/avc_enforcing, files/avc_toggle,
- files/policycoreutils-1.1-setfiles.diff:
- Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
- scripts for ease of use for old API users. Use package description from RPM
- spec file in metadata.xml long description.
-
-*policycoreutils-1.1 (14 Aug 2003)
-
- 14 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.1.ebuild:
- New upstream version
-
- 10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
- policycoreutils-1.0.ebuild, files/rlpkg:
- Add mkinitrd RDEP, add rlpkg.
-
-*policycoreutils-1.0 (03 Aug 2003)
-
- 03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
- policycoreutils-1.0.ebuild, files/policycoreutils-1.0-gentoo.diff:
- Initial commit
-
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.69-setfiles.diff b/sys-apps/policycoreutils/files/policycoreutils-2.0.69-setfiles.diff
deleted file mode 100644
index 7ad233d..0000000
--- a/sys-apps/policycoreutils/files/policycoreutils-2.0.69-setfiles.diff
+++ /dev/null
@@ -1,12 +0,0 @@
-*** setfiles/setfiles.c 2010-12-03 23:49:12.372000001 +0000
---- setfiles/setfiles.c 2010-12-03 01:21:09.435000002 +0000
-***************
-*** 12,17 ****
---- 12,18 ----
- #include <regex.h>
- #include <sys/vfs.h>
- #include <sys/utsname.h>
-+#include <sys/stat.h>
- #define __USE_XOPEN_EXTENDED 1 /* nftw */
- #define SKIP -2
- #define ERR -1
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz
deleted file mode 100644
index d58b5b3..0000000
Binary files a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz and /dev/null differ
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch.gz
deleted file mode 100644
index 336dcb2..0000000
Binary files a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch.gz and /dev/null differ
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
deleted file mode 100644
index 87cddb0..0000000
--- a/sys-apps/policycoreutils/metadata.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>selinux</herd>
- <longdescription>
- Policycoreutils contains the policy core utilities that are required
- for basic operation of a SELinux system. These utilities include
- load_policy to load policies, setfiles to label filesystems, newrole
- to switch roles, and run_init to run /etc/init.d scripts in the proper
- context.
-
- Gentoo-specific tools include rlpkg for relabeling packages by name,
- avc_toggle to toggle between enforcing and permissive modes, and
- avc_enforcing to query the current mode of the system, enforcing or
- permissive.
- </longdescription>
-</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.1.0.ebuild b/sys-apps/policycoreutils/policycoreutils-2.1.0.ebuild
deleted file mode 100644
index ef4966a..0000000
--- a/sys-apps/policycoreutils/policycoreutils-2.1.0.ebuild
+++ /dev/null
@@ -1,115 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild,v 1.1 2011/07/15 23:29:30 blueness Exp $
-
-EAPI="3"
-PYTHON_DEPEND="*"
-PYTHON_USE_WITH="xml"
-SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="*-jython"
-
-inherit multilib python toolchain-funcs eutils
-
-EXTRAS_VER="1.21"
-SEMNG_VER="2.1.0"
-SELNX_VER="2.1.0"
-SEPOL_VER="2.1.0"
-
-IUSE=""
-
-DESCRIPTION="SELinux core utilities"
-HOMEPAGE="http://userspace.selinuxproject.org"
-SRC_URI="http://userspace.selinuxproject.org/releases/20110727/devel/${P}.tar.gz
- mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2
- mirror://gentoo/policycoreutils-2.0.85-python3.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-
-COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
- >=sys-libs/glibc-2.4
- >=sys-process/audit-1.5.1
- >=sys-libs/libcap-1.10-r10
- sys-libs/pam
- >=sys-libs/libsemanage-${SEMNG_VER}[python]
- sys-libs/libcap-ng
- >=sys-libs/libsepol-${SEPOL_VER}
- sys-devel/gettext"
-
-# pax-utils for scanelf used by rlpkg
-RDEPEND="${COMMON_DEPS}
- dev-python/sepolgen
- app-misc/pax-utils"
-
-DEPEND="${COMMON_DEPS}"
-
-S2=${WORKDIR}/policycoreutils-extra
-
-src_prepare() {
- # rlpkg is more useful than fixfiles
- sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
- || die "fixfiles sed 1 failed"
- sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
- || die "fixfiles sed 2 failed"
- # We currently do not support MCS, so the sandbox code in policycoreutils
- # is not usable yet. However, work for MCS is on the way and a reported
- # vulnerability (bug #374897) might go by unnoticed if we ignore it now.
- # As such, we will
- # - prepare support for switching name from "sandbox" to "sesandbox"
- epatch "${FILESDIR}/policycoreutils-2.0.85-sesandbox.patch.gz"
- # - patch the sandbox and seunshare code to fix the vulnerability
- # (uses, with permission, extract from
- # http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob_plain;f=policycoreutils-rhat.patch;hb=HEAD)
- epatch "${FILESDIR}/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz"
- # But for now, disable building sandbox code
- sed -i -e 's/sandbox //' "${S}/Makefile" || die "failed removing sandbox"
- # Overwrite gl.po, id.po and et.po with valid PO file
- cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po"
- cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po"
- cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po"
- # Fixed scripts for Python 3 support
- cp "${WORKDIR}/seobject.py" "${S}/semanage/seobject.py" || die "failed to copy seobject.py"
- cp "${WORKDIR}/semanage" "${S}/semanage/semanage" || die "failed to copy semanage"
- cp "${WORKDIR}/chcat" "${S}/scripts/chcat" || die "failed to copy chcat"
- cp "${WORKDIR}/audit2allow" "${S}/audit2allow/audit2allow" || die "failed to copy audit2allow"
-}
-
-src_compile() {
- python_copy_sources semanage sandbox
- building() {
- einfo "Compiling policycoreutils"
- emake -C "${S}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
- einfo "Compiling policycoreutils-extra"
- emake -C "${S2}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
- }
- python_execute_function -s --source-dir semanage building
-}
-
-src_install() {
- # Python scripts are present in many places. There are no extension modules.
- installation() {
- einfo "Installing policycoreutils"
- emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1
-
- einfo "Installing policycoreutils-extra"
- emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
- }
- python_execute_function installation
- python_merge_intermediate_installation_images "${T}/images"
-
- # remove redhat-style init script
- rm -fR "${D}/etc/rc.d"
-
- # compatibility symlinks
- dosym /sbin/setfiles /usr/sbin/setfiles
- dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
-}
-
-pkg_postinst() {
- python_mod_optimize seobject.py
-}
-
-pkg_postrm() {
- python_mod_cleanup seobject.py
-}
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/
@ 2012-05-26 14:48 Sven Vermeulen
0 siblings, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2012-05-26 14:48 UTC (permalink / raw
To: gentoo-commits
commit: 81f31baf97cf9312497b9b4da8ab2100eb6264bc
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat May 26 14:45:33 2012 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sat May 26 14:45:33 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=81f31baf
Support python3
---
sys-apps/policycoreutils/ChangeLog | 497 ++++++++++++++++++++
| 108 +++++
sys-apps/policycoreutils/metadata.xml | 21 +
.../policycoreutils-2.1.10-r3.ebuild | 141 ++++++
4 files changed, 767 insertions(+), 0 deletions(-)
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
new file mode 100644
index 0000000..93130ad
--- /dev/null
+++ b/sys-apps/policycoreutils/ChangeLog
@@ -0,0 +1,497 @@
+# ChangeLog for sys-apps/policycoreutils
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.98 2012/04/29 10:08:04 swift Exp $
+
+*policycoreutils-2.1.10-r2 (30 Apr 2012)
+
+ 30 Apr 2012; <swift@gentoo.org> +policycoreutils-2.1.10-r2.ebuild:
+ Updating rlpkg with proper python3 support
+
+*policycoreutils-2.1.10-r1 (29 Apr 2012)
+
+ 29 Apr 2012; <swift@gentoo.org> policycoreutils-2.1.10.ebuild,
+ +policycoreutils-2.1.10-r1.ebuild:
+ Remove dependency on libcgroup (but drop sesandbox support along the way)
+
+ 29 Apr 2012; <swift@gentoo.org> policycoreutils-2.1.10.ebuild:
+ Stabilization
+
+*policycoreutils-2.1.10 (31 Mar 2012)
+
+ 31 Mar 2012; <swift@gentoo.org> +policycoreutils-2.1.10.ebuild, metadata.xml:
+ Bump to version 2.1.10
+
+ 26 Feb 2012; <swift@gentoo.org> policycoreutils-2.1.0-r2.ebuild:
+ Stabilization
+
+ 14 Jan 2012; <swift@gentoo.org> +policycoreutils-2.1.0-r2.ebuild,
+ metadata.xml:
+ Mark audit as a local USE flag
+
+*policycoreutils-2.1.0-r2 (14 Jan 2012)
+
+ 14 Jan 2012; <swift@gentoo.org> +policycoreutils-2.1.0-r2.ebuild:
+ Override auto-detection of pam and audit, use USE flags for this
+
+ 12 Nov 2011; <swift@gentoo.org> -policycoreutils-2.0.82.ebuild,
+ -policycoreutils-2.0.82-r1.ebuild, -policycoreutils-2.0.85.ebuild,
+ -policycoreutils-2.1.0.ebuild:
+ removing obsoleted ebuilds
+
+ 23 Oct 2011; <swift@gentoo.org> policycoreutils-2.1.0-r1.ebuild:
+ Stabilization (tracker #384231)
+
+ 23 Oct 2011; <swift@gentoo.org> policycoreutils-2.0.82-r1.ebuild:
+ Stabilize 2.0.82-r1 to fix #372807
+
+*policycoreutils-2.1.0-r1 (17 Sep 2011)
+
+ 17 Sep 2011; <swift@gentoo.org> +policycoreutils-2.1.0-r1.ebuild:
+ Add /var/lib/selinux directory, needed for 'semodule permissive' support (bug
+ #381755)
+
+ 02 Sep 2011; <swift@gentoo.org> policycoreutils-2.0.85.ebuild,
+ policycoreutils-2.1.0.ebuild:
+ Update patch locations to dev.g.o instead of files/ folder
+
+ 12 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
+ -policycoreutils-2.0.55.ebuild, -policycoreutils-2.0.69.ebuild,
+ -policycoreutils-2.0.69-r1.ebuild, -policycoreutils-2.0.69-r2.ebuild,
+ -files/policycoreutils-2.0.69-setfiles.diff:
+ Removed deprecated versions
+
+*policycoreutils-2.1.0 (03 Aug 2011)
+
+ 03 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.1.0.ebuild:
+ Bump to 20110727 SELinux userspace release
+
+*policycoreutils-2.0.85 (15 Jul 2011)
+
+ 15 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.85.ebuild,
+ +files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz,
+ +files/policycoreutils-2.0.85-sesandbox.patch.gz:
+ Add fix for bug #374897 and initial support for python3
+
+ 08 Jul 2011; Samuli Suominen <ssuominen@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
+ policycoreutils-2.0.69-r1.ebuild, policycoreutils-2.0.69-r2.ebuild:
+ Convert from "useq" to "use".
+
+*policycoreutils-2.0.82-r1 (30 Jun 2011)
+
+ 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82-r1.ebuild:
+ Overwrite invalid .po files with valid ones, fixes bug #372807
+
+ 16 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Drop use_nls dependency on gettext. Its mandatory. See bug #299681.
+ Also put gettext in COMMON_DEPS, it is more than a RDEPEND.
+
+ 28 May 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Stable amd64 x86
+
+ 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
+ Updated metadata info.
+
+ 08 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Set SUPPORT_PYTHON_ABIS (bug #353762). Fix dependencies. Fix installation
+ with FEATURES="multilib-strict".
+
+*policycoreutils-2.0.82 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82.ebuild:
+ New upstream release.
+
+*policycoreutils-2.0.69-r2 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.69-r2.ebuild,
+ +files/policycoreutils-2.0.69-setfiles.diff:
+ Fixed bug #300613
+
+ 04 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
+ policycoreutils-2.0.69-r1.ebuild:
+ Delete calls to deprecated python_version().
+
+*policycoreutils-2.0.69-r1 (20 Sep 2009)
+
+ 20 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69-r1.ebuild:
+ Update rlpkg for ext4 and btrfs.
+
+ 14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.69.ebuild:
+ Fix libsemanage DEP.
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild:
+ Add python_need_rebuild.
+
+*policycoreutils-2.0.69 (02 Aug 2009)
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69.ebuild:
+ New upstream release.
+
+ 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.34.15.ebuild, policycoreutils-2.0.55.ebuild:
+ Mark stable. Remove old ebuilds.
+
+*policycoreutils-2.0.55 (03 Oct 2008)
+
+ 03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.55.ebuild:
+ Initial commit of policycoreutils 2.0.
+
+ 29 May 2008; Ali Polatel <hawking@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
+
+ 26 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ Fix libsemanage dependency.
+
+ 13 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ -files/policycoreutils-1.28-quietlp.diff,
+ -files/policycoreutils-1.32-quietlp.diff,
+ -files/policycoreutils-unsigned-char-ppc.diff,
+ -policycoreutils-1.28.ebuild, -policycoreutils-1.30-r1.ebuild,
+ -policycoreutils-1.34.1.ebuild, -policycoreutils-1.34.11.ebuild,
+ policycoreutils-1.34.15.ebuild:
+ Mark 1.34.15 stable, clear old ebuilds.
+
+*policycoreutils-1.34.15 (29 Jan 2008)
+
+ 29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.15.ebuild:
+ New upstream bugfix release.
+
+ 19 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.11.ebuild:
+ Fix quoting in unpack.
+
+*policycoreutils-1.34.11 (18 Oct 2007)
+
+ 18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.11.ebuild:
+ New upstream release.
+
+ 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.1.ebuild:
+ Mark stable.
+
+*policycoreutils-1.34.1 (15 Feb 2007)
+
+ 15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.1.ebuild:
+ New upstream release.
+
+ 24 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Fix glibc handling.
+
+ 09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Stable to make repoman happy.
+
+*policycoreutils-1.30.30 (05 Oct 2006)
+
+ 05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.32-quietlp.diff, +policycoreutils-1.30.30.ebuild:
+ Add SVN snapshot and updated extras in preparation for reference policy.
+
+ 31 Jul 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30-r1.ebuild:
+ Mark stable, long overdue.
+
+*policycoreutils-1.30-r1 (28 Mar 2006)
+
+ 28 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.30.ebuild, +policycoreutils-1.30-r1.ebuild:
+ Fix install location of python site packages.
+
+ 22 Feb 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Alpha stable
+
+ 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> policycoreutils-1.28.ebuild:
+ Marked stable on mips.
+
+*policycoreutils-1.30 (18 Mar 2006)
+
+ 18 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.30.ebuild:
+ New upstream release.
+
+ 05 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-unsigned-char-ppc.diff,
+ policycoreutils-1.28.ebuild:
+ Add patch to fix #121689.
+
+ 17 Jan 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.28.ebuild:
+ Mark stable, x86, amd64, ppc, sparc.
+
+ 14 Jan 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Added ~alpha
+
+ 15 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24-r2.ebuild,
+ policycoreutils-1.28.ebuild:
+ Tighten up versioning to try to prevent mismatch problems as seen in #112348.
+
+*policycoreutils-1.28 (09 Dec 2005)
+
+ 09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.28-quietlp.diff, -policycoreutils-1.24-r1.ebuild,
+ +policycoreutils-1.28.ebuild:
+ New upstream release.
+
+*policycoreutils-1.24-r2 (08 Dec 2005)
+
+ 08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r2.ebuild:
+ Add compatability symlink for genhomedircon.
+
+*policycoreutils-1.24-r1 (09 Sep 2005)
+
+ 09 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r1.ebuild:
+ Update for fixed selinuxconfig source policy path.
+
+ 11 Jul 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24.ebuild:
+ Fix RDEPEND for building stages. Libsepol is required now.
+
+*policycoreutils-1.24 (25 Jun 2005)
+
+ 25 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.24-genhomedircon-quiet.diff,
+ -policycoreutils-1.20-r1.ebuild, +policycoreutils-1.24.ebuild:
+ New upstream release.
+
+ 10 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ mips stable
+
+ 01 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ Added ~mips.
+
+ 01 May 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild:
+ Mark stable.
+
+*policycoreutils-1.22 (13 Mar 2005)
+
+ 13 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.22-genhomedircon-quiet.diff,
+ +policycoreutils-1.22.ebuild:
+ New upstream release.
+
+*policycoreutils-1.20-r1 (13 Feb 2005)
+
+ 13 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.16.ebuild, +policycoreutils-1.20-r1.ebuild,
+ -policycoreutils-1.20.ebuild:
+ Add back some tools deleted from upstream libselinux.
+
+*policycoreutils-1.20 (07 Jan 2005)
+
+ 07 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18-r1.ebuild, +policycoreutils-1.20.ebuild:
+ New upstream release. Mark 1.18-r1 stable.
+
+*policycoreutils-1.18-r1 (03 Jan 2005)
+
+ 03 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-nonls.diff, +policycoreutils-1.18-r1.ebuild:
+ Make pam and nls optional for embedded systems use.
+
+ 22 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Ensure a few dirs and perms during stage1 build.
+
+ 15 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Fix libsepol dep.
+
+*policycoreutils-1.18 (14 Nov 2004)
+
+ 14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.18.ebuild:
+ New upstream release.
+
+*policycoreutils-1.16 (07 Sep 2004)
+
+ 07 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.16-genhomedircon-compat.diff,
+ +policycoreutils-1.16.ebuild:
+ New upstream release.
+
+ 08 Aug 2004; Tom Martin <slarti@gentoo.org> policycoreutils-1.12-r1.ebuild,
+ policycoreutils-1.12-r2.ebuild, policycoreutils-1.14.ebuild,
+ policycoreutils-1.4-r1.ebuild:
+ Typo in DESCRIPTION: utilites -> utilities. Bug 59717.
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Bump extras to fix free() bug in runscript_selinux.so.
+
+*policycoreutils-1.12-r2 (06 Jul 2004)
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/runscript-selinux.diff, +policycoreutils-1.12-r2.ebuild:
+ Fix free() error in runscript_selinux.so.
+
+ 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Update extras.
+
+*policycoreutils-1.14 (02 Jul 2004)
+
+ 02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.14-genhomedircon-compat.diff,
+ +policycoreutils-1.14.ebuild:
+ New upstream version.
+
+*policycoreutils-1.12-r1 (28 Jun 2004)
+
+ 28 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12-r1.ebuild:
+ Add toggle_bool to extras.
+
+ 11 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.10-r1.ebuild, policycoreutils-1.12.ebuild:
+ Mark stable
+
+*policycoreutils-1.12 (14 May 2004)
+
+ 14 May 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12.ebuild:
+ New upstream release.
+
+*policycoreutils-1.10-r1 (28 Apr 2004)
+
+ 28 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.10-r1.ebuild, -policycoreutils-1.10.ebuild,
+ -policycoreutils-1.8.ebuild:
+ Update extras and mark stable.
+
+*policycoreutils-1.10 (20 Apr 2004)
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.8.ebuild:
+ More specific versioning for libselinux.
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Mark stable for 2004.1
+
+ 15 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Update extras.
+
+*policycoreutils-1.8 (12 Mar 2004)
+
+ 12 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ New upstream release.
+
+*policycoreutils-1.6 (24 Feb 2004)
+
+ 24 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.6.ebuild:
+ New upstream release. Mark 1.4-r1 stable.
+
+*policycoreutils-1.4-r1 (09 Feb 2004)
+
+ 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild:
+ Move extras to mirrors, and add runscript_selinux.so.
+
+ 31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> files/rlpkg:
+ Switch to portageq from inline python. Add missing quotes for completeness.
+
+ 16 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ Mark stable.
+
+*policycoreutils-1.4 (06 Dec 2003)
+
+ 06 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ New upstream version.
+
+*policycoreutils-1.2-r2 (23 Nov 2003)
+
+ 23 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r2.ebuild:
+ Bump to add /sbin/seinit.
+
+ 29 Oct 2003; Joshua Brindle <method@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ added sparc
+
+*policycoreutils-1.2-r1 (20 Oct 2003)
+
+ 20 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ Remove unneeded -lattr linking from Makefiles.
+
+ 07 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild:
+ Mark stable.
+
+*policycoreutils-1.2 (03 Oct 2003)
+
+ 03 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild, files/policycoreutils-1.2-gentoo.diff:
+ New upstream version.
+
+ 29 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Add build USE flag; when asserted, only setfiles is built and merged.
+
+ 22 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Move selinux-base-policy RDEPEND to checkpolicy. No longer RDEPEND on
+ checkpolicy.
+
+ 22 Sep 2003; <paul@gentoo.org> metadata.xml:
+ Fix metadata.xml
+
+ 24 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild, policycoreutils-1.1.ebuild:
+ Mark stable
+
+*policycoreutils-1.1-r1 (18 Aug 2003)
+
+ 18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
+ files/avc_enforcing, files/avc_toggle,
+ files/policycoreutils-1.1-setfiles.diff:
+ Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
+ scripts for ease of use for old API users. Use package description from RPM
+ spec file in metadata.xml long description.
+
+*policycoreutils-1.1 (14 Aug 2003)
+
+ 14 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1.ebuild:
+ New upstream version
+
+ 10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.0.ebuild, files/rlpkg:
+ Add mkinitrd RDEP, add rlpkg.
+
+*policycoreutils-1.0 (03 Aug 2003)
+
+ 03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, files/policycoreutils-1.0-gentoo.diff:
+ Initial commit
+
--git a/sys-apps/policycoreutils/files/policycoreutils-extra-1.21-fix-python3.patch b/sys-apps/policycoreutils/files/policycoreutils-extra-1.21-fix-python3.patch
new file mode 100644
index 0000000..66979ab
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-extra-1.21-fix-python3.patch
@@ -0,0 +1,108 @@
+diff -ur policycoreutils-extra.orig/scripts/rlpkg policycoreutils-extra/scripts/rlpkg
+--- policycoreutils-extra.orig/scripts/rlpkg 2012-05-01 16:01:43.321023704 +0200
++++ policycoreutils-extra/scripts/rlpkg 2012-05-01 16:01:53.192023725 +0200
+@@ -86,7 +86,7 @@
+ t = portage.db["/"]["vartree"].dbapi.match(search_key)
+ # catch the "amgigous package" Exception
+ except ValueError as e:
+- if type(e[0]) == types.ListType:
++ if type(e[0]) == list:
+ t = []
+ for cp in e[0]:
+ t += portage.db["/"]["vartree"].dbapi.match(cp)
+@@ -112,7 +112,7 @@
+
+ def find_xattr_mounts():
+ """Find mounted xattr filesystems"""
+- print("Relabeling filesystem types: "+" ".join(xattrfs))
++ print(("Relabeling filesystem types: "+" ".join(xattrfs)))
+ mounts=open("/etc/mtab", "r")
+
+ fs_matches=[]
+@@ -158,29 +158,29 @@
+
+ (ret,context) = selinux.getfilecon(filename)
+ if ret < 0:
+- print("Error getting context of "+filename)
++ print(("Error getting context of "+filename))
+ continue
+
+ ctx = string.split(context,":")
+
+ if len(ctx) < 3:
+- print("Debug: getfilecon on \""+filename+"\" returned a context of \""+context+"\" which split incorrectly ("+ctx+").")
++ print(("Debug: getfilecon on \""+filename+"\" returned a context of \""+context+"\" which split incorrectly ("+ctx+")."))
+ continue
+
+ if ctx[2] in textrel_ok_relabelfrom:
+ if verbose:
+- print("Relabeling "+filename+" to "+textrel_type+".")
++ print(("Relabeling "+filename+" to "+textrel_type+"."))
+ ctx[2] = textrel_type
+ if selinux.setfilecon(filename,string.join(ctx,":")) < 0:
+- print("Failed to relabel "+filename)
++ print(("Failed to relabel "+filename))
+ elif ctx[2] == textrel_type:
+ if verbose:
+- print("Skipping "+filename+" because it is already "+textrel_type+".")
++ print(("Skipping "+filename+" because it is already "+textrel_type+"."))
+ else:
+- print("Not relabeling "+filename+" because it is "+ctx[2]+".")
++ print(("Not relabeling "+filename+" because it is "+ctx[2]+"."))
+ notok += 1
+
+- print("%(a)d libraries with text relocations, %(b)d not relabeled." % {"a":textrel_libs, "b":notok})
++ print(("%(a)d libraries with text relocations, %(b)d not relabeled." % {"a":textrel_libs, "b":notok}))
+
+ if notok > 0:
+ print("\nSome files were not relabeled! This is not necessarily bad,")
+@@ -197,10 +197,10 @@
+
+ textrel_bins = 0
+ for line in tb.stdout.readline():
+- print("PIE executable "+line.split()[1]+" has text relocations!")
++ print(("PIE executable "+line.split()[1]+" has text relocations!"))
+ textrel_bins += 1
+
+- print("%d binaries with text relocations detected." % (textrel_bins))
++ print(("%d binaries with text relocations detected." % (textrel_bins)))
+
+ if textrel_bins > 0:
+ print("\nPIE binaries with text relocations have been detected!")
+@@ -234,8 +234,8 @@
+ childin = os.popen(string.join(cmdline),'w')
+
+ for i in pkglist:
+- print("Relabeling: "+i.get_cpv())
+- for j in i.get_contents().keys():
++ print(("Relabeling: "+i.get_cpv()))
++ for j in list(i.get_contents().keys()):
+ childin.write(j+'\n')
+
+ rc = childin.close()
+@@ -245,14 +245,14 @@
+ if rc == None:
+ rc = 0
+ else:
+- print("Error relabeling: %d" % (rc))
++ print(("Error relabeling: %d" % (rc)))
+
+ return rc
+
+ def usage(message=""):
+ pgmname = os.path.basename(sys.argv[0])
+
+- print("Usage: %s [OPTIONS] {<pkg1> [<pkg2> ...]}" % (pgmname))
++ print(("Usage: %s [OPTIONS] {<pkg1> [<pkg2> ...]}" % (pgmname)))
+ print("\n\
+ -a, --all Relabel the entire filesystem instead of individual packages.\n\
+ -r, --reset Force reset of context if the file's selinux identity is\n\
+@@ -266,7 +266,7 @@
+ \"policycoreutils\" or \">=sys-apps/policycoreutils-1.30\".\n\
+ ")
+ if message != "":
+- print(pgmname+": "+message)
++ print((pgmname+": "+message))
+ sys.exit(1)
+ else:
+ sys.exit(0)
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
new file mode 100644
index 0000000..e7a78d9
--- /dev/null
+++ b/sys-apps/policycoreutils/metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>
+ Policycoreutils contains the policy core utilities that are required
+ for basic operation of a SELinux system. These utilities include
+ load_policy to load policies, setfiles to label filesystems, newrole
+ to switch roles, and run_init to run /etc/init.d scripts in the proper
+ context.
+
+ Gentoo-specific tools include rlpkg for relabeling packages by name,
+ avc_toggle to toggle between enforcing and permissive modes, and
+ avc_enforcing to query the current mode of the system, enforcing or
+ permissive.
+ </longdescription>
+ <use>
+ <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg> and use the audit_* functions (like audit_getuid instead of getuid())</flag>
+ <flag name='sesandbox'>Enable support for SELinux sandbox application</flag>
+ </use>
+</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.1.10-r3.ebuild b/sys-apps/policycoreutils/policycoreutils-2.1.10-r3.ebuild
new file mode 100644
index 0000000..d474c87
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.1.10-r3.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.1.10-r1.ebuild,v 1.1 2012/04/29 10:08:04 swift Exp $
+
+EAPI="4"
+PYTHON_DEPEND="*"
+PYTHON_USE_WITH="xml"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="*-jython"
+
+inherit multilib python toolchain-funcs eutils
+
+EXTRAS_VER="1.21"
+SEMNG_VER="2.1.6"
+SELNX_VER="2.1.9"
+SEPOL_VER="2.1.4"
+
+IUSE="audit pam dbus sesandbox"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="http://userspace.selinuxproject.org"
+SRC_URI="http://userspace.selinuxproject.org/releases/20120216/${P}.tar.gz
+ http://dev.gentoo.org/~swift/patches/policycoreutils/patchbundle-${P}-gentoo-r1.tar.gz
+ mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
+ >=sys-libs/glibc-2.4
+ >=sys-libs/libcap-1.10-r10
+ >=sys-libs/libsemanage-${SEMNG_VER}[python]
+ sys-libs/libcap-ng
+ >=sys-libs/libsepol-${SEPOL_VER}
+ sys-devel/gettext
+ dev-python/ipy
+ sesandbox? ( dev-libs/libcgroup )
+ dbus? (
+ sys-apps/dbus
+ dev-libs/dbus-glib
+ )
+ audit? ( >=sys-process/audit-1.5.1 )
+ pam? ( sys-libs/pam )"
+
+### libcgroup -> seunshare
+### dbus -> restorecond
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${COMMON_DEPS}
+ dev-python/sepolgen
+ app-misc/pax-utils"
+
+DEPEND="${COMMON_DEPS}"
+
+S2=${WORKDIR}/policycoreutils-extra
+
+src_prepare() {
+ # rlpkg is more useful than fixfiles
+ sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 1 failed"
+ sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 2 failed"
+
+ EPATCH_MULTI_MSG="Applying policycoreutils patches ... " \
+ EPATCH_SUFFIX="patch" \
+ EPATCH_SOURCE="${WORKDIR}/gentoo-patches" \
+ EPATCH_FORCE="yes" \
+ epatch
+
+ # Overwrite gl.po, id.po and et.po with valid PO file
+ cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po"
+ cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po"
+ cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po"
+ # Fixes for Python 3 support in the extras
+ cd "${S2}";
+ epatch "${FILESDIR}/policycoreutils-extra-1.21-fix-python3.patch"
+}
+
+src_compile() {
+ local use_audit="n";
+ local use_pam="n";
+ local use_dbus="n";
+ local use_sesandbox="n";
+
+ use audit && use_audit="y";
+ use pam && use_pam="y";
+ use dbus && use_dbus="y";
+ use sesandbox && use_sesandbox="y";
+
+ python_copy_sources semanage sandbox
+ building() {
+ einfo "Compiling policycoreutils"
+ emake -C "${S}" AUDIT_LOG_PRIVS="y" AUDITH="${use_audit}" PAMH="${use_pam}" INOTIFYH="${use_dbus}" SESANDBOX="${use_sesandbox}" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+ einfo "Compiling policycoreutils-extra "
+ emake -C "${S2}" AUDIT_LOG_PRIVS="y" AUDITH="${use_audit}" PAMH="${use_pam}" INOTIFYH="${use_dbus}" SESANDBOX="${use_sesandbox}" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+ }
+ python_execute_function -s --source-dir semanage building
+}
+
+src_install() {
+ local use_audit="n";
+ local use_pam="n";
+ local use_dbus="n";
+ local use_sesandbox="n";
+
+ use audit && use_audit="y";
+ use pam && use_pam="y";
+ use dbus && use_dbus="y";
+ use sesandbox && use_sesandbox="y";
+
+ # Python scripts are present in many places. There are no extension modules.
+ installation() {
+ einfo "Installing policycoreutils"
+ emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDITH="${use_audit}" PAMH="${use_pam}" INOTIFYH="${use_dbus}" SESANDBOX="${use_sesandbox}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1
+
+ einfo "Installing policycoreutils-extra"
+ emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
+ }
+ python_execute_function installation
+ python_merge_intermediate_installation_images "${T}/images"
+
+ # remove redhat-style init script
+ rm -fR "${D}/etc/rc.d"
+
+ # compatibility symlinks
+ dosym /sbin/setfiles /usr/sbin/setfiles
+ dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+
+ # location for permissive definitions
+ dodir /var/lib/selinux
+ keepdir /var/lib/selinux
+}
+
+pkg_postinst() {
+ python_mod_optimize seobject.py
+}
+
+pkg_postrm() {
+ python_mod_cleanup seobject.py
+}
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-05-26 14:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-07 18:41 [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/ Sven Vermeulen
-- strict thread matches above, loose matches on Subject: below --
2011-07-13 21:57 Sven Vermeulen
2011-07-13 21:57 Sven Vermeulen
2011-08-03 10:19 Anthony G. Basile
2012-05-26 14:48 Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox