[gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base-policy: selinux-base-policy-9999.ebuild ChangeLog

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Sven Vermeulen (swift)" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base-policy: selinux-base-policy-9999.ebuild ChangeLog
Date: Sat, 13 Oct 2012 16:30:52 +0000 (UTC)	[thread overview]
Message-ID: <20121013163052.8FD4621601@flycatcher.gentoo.org> (raw)

swift       12/10/13 16:30:52

  Modified:             ChangeLog
  Added:                selinux-base-policy-9999.ebuild
  Log:
  Adding live ebuilds for SELinux policies
  
  (Portage version: 2.1.11.9/cvs/Linux x86_64)

Revision  Changes    Path
1.113                sec-policy/selinux-base-policy/ChangeLog

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.113&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?rev=1.113&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog?r1=1.112&r2=1.113

Index: ChangeLog
===================================================================
RCS file: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -r1.112 -r1.113
--- ChangeLog	4 Oct 2012 18:29:16 -0000	1.112
+++ ChangeLog	13 Oct 2012 16:30:52 -0000	1.113
@@ -1,6 +1,11 @@
 # ChangeLog for sec-policy/selinux-base-policy
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.112 2012/10/04 18:29:16 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.113 2012/10/13 16:30:52 swift Exp $
+
+*selinux-base-policy-9999 (13 Oct 2012)
+
+  13 Oct 2012; <swift@gentoo.org> +selinux-base-policy-9999.ebuild:
+  Adding live ebuild
 
   04 Oct 2012; <swift@gentoo.org> selinux-base-policy-2.20120725-r5.ebuild:
   Stabilization



1.1                  sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild?rev=1.1&content-type=text/plain

Index: selinux-base-policy-9999.ebuild
===================================================================
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild,v 1.1 2012/10/13 16:30:52 swift Exp $
EAPI="4"

inherit eutils git-2

HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
DESCRIPTION="SELinux policy for core modules"

IUSE=""
BASEPOL="9999"

RDEPEND="=sec-policy/selinux-base-9999"
DEPEND=""
EGIT_REPO_URI="git://git.overlays.gentoo.org/proj/hardened-refpolicy.git"
EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
KEYWORDS=""

MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil ssh staff storage su sysadm sysnetwork udev userdomain usermanage unprivuser xdg unconfined"
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"

# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
# added) needs to remain then.

src_prepare() {
	local modfiles

	# Apply the additional patches refered to by the module ebuild.
	# But first some magic to differentiate between bash arrays and strings
	if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
	then
		cd "${S}/refpolicy/policy/modules"
		for POLPATCH in "${POLICY_PATCH[@]}";
		do
			epatch "${POLPATCH}"
		done
	else
		if [[ -n ${POLICY_PATCH} ]];
		then
			cd "${S}/refpolicy/policy/modules"
			for POLPATCH in ${POLICY_PATCH};
			do
				epatch "${POLPATCH}"
			done
		fi
	fi

	# Collect only those files needed for this particular module
	for i in ${MODS}; do
		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
	done

	for i in ${POLICY_TYPES}; do
		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
			|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"

		cp ${modfiles} "${S}"/${i} \
			|| die "Failed to copy the module files to ${S}/${i}"
	done
}

src_compile() {
	for i in ${POLICY_TYPES}; do
		# Parallel builds are broken, so we need to force -j1 here
		emake -j1 NAME=$i -C "${S}"/${i} || die "${i} compile failed"
	done
}

src_install() {
	local BASEDIR="/usr/share/selinux"

	for i in ${POLICY_TYPES}; do
		for j in ${MODS}; do
			einfo "Installing ${i} ${j} policy package"
			insinto ${BASEDIR}/${i}
			doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
		done
	done
}

pkg_postinst() {
	# Override the command from the eclass, we need to load in base as well here
	local COMMAND
	for i in ${MODS}; do
		COMMAND="-i ${i}.pp ${COMMAND}"
	done

	for i in ${POLICY_TYPES}; do
		local LOCCOMMAND
		local LOCMODS
		if [[ "${i}" != "targeted" ]]; then
			LOCCOMMAND=$(echo "${COMMAND}" | sed -e 's:-i unconfined.pp::g');
			LOCMODS=$(echo "${MODS}" | sed -e 's: unconfined::g');
		else
			LOCCOMMAND="${COMMAND}"
			LOCMODS="${MODS}"
		fi
		einfo "Inserting the following modules, with base, into the $i module store: ${LOCMODS}"

		cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"

		semodule -s ${i} -b base.pp ${LOCCOMMAND} || die "Failed to load in base and modules ${LOCMODS} in the $i policy store"
	done
}

next             reply	other threads:[~2012-10-13 16:45 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-13 16:30 Sven Vermeulen (swift) [this message]
  -- strict thread matches above, loose matches on Subject: below --
2013-03-29 10:59 [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-base-policy: selinux-base-policy-9999.ebuild ChangeLog Sven Vermeulen (swift)
2014-08-08 18:49 Sven Vermeulen (swift)
2014-08-23 16:18 Sven Vermeulen (swift)
2014-08-24  7:53 Sven Vermeulen (swift)
2014-08-30 20:20 Sven Vermeulen (swift)
2014-11-01 16:13 Sven Vermeulen (swift)
2014-11-23 14:52 Sven Vermeulen (swift)
2014-11-23 15:09 Sven Vermeulen (swift)
2014-12-05  9:10 Jason Zaman (perfinion)
2014-12-07 11:10 Jason Zaman (perfinion)
2015-04-21 10:33 Jason Zaman (perfinion)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121013163052.8FD4621601@flycatcher.gentoo.org \
    --to=swift@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox