* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-gpg/files/, sec-policy/selinux-gpg/, ...
@ 2011-07-24 11:05 Sven Vermeulen
0 siblings, 0 replies; only message in thread
From: Sven Vermeulen @ 2011-07-24 11:05 UTC (permalink / raw
To: gentoo-commits
commit: 22d20d7bd562628f179a826aa1adf2345ddb31a6
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Jul 24 11:00:07 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Jul 24 11:00:07 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=22d20d7b
Allow gpg to work for Portage (for instance, signing and signing validation)
Also, use selinux-gpg instead of selinux-gnupg as per our guidelines.
---
sec-policy/selinux-gnupg/ChangeLog | 180 ++++++++++++++++++++
sec-policy/selinux-gnupg/metadata.xml | 6 +
.../selinux-gnupg-2.20101213-r2.ebuild | 16 ++
sec-policy/selinux-gpg/ChangeLog | 13 ++
sec-policy/selinux-gpg/files/fix-apps-gpg-r2.patch | 25 +++
sec-policy/selinux-gpg/metadata.xml | 6 +
.../selinux-gpg/selinux-gpg-2.20101213-r2.ebuild | 17 ++
7 files changed, 263 insertions(+), 0 deletions(-)
diff --git a/sec-policy/selinux-gnupg/ChangeLog b/sec-policy/selinux-gnupg/ChangeLog
new file mode 100644
index 0000000..4f16f3e
--- /dev/null
+++ b/sec-policy/selinux-gnupg/ChangeLog
@@ -0,0 +1,180 @@
+# ChangeLog for sec-policy/selinux-gnupg
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-gnupg/ChangeLog,v 1.32 2011/06/04 16:46:25 blueness Exp $
+
+*selinux-gnupg-2.20101213-r2 (22 Jul 2011)
+
+ 22 Jul 2011; <swift@gentoo.org> +selinux-gnupg-2.20101213-r2.ebuild,
+ +metadata.xml:
+ Switch to selinux-gpg
+
+ 04 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ -selinux-gnupg-2.20090730.ebuild, -selinux-gnupg-2.20091215.ebuild,
+ -selinux-gnupg-2.20101213.ebuild, -selinux-gnupg-20080525.ebuild:
+ Removed deprecated policies
+
+ 02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ selinux-gnupg-2.20101213-r1.ebuild:
+ Stable amd64 x86
+
+*selinux-gnupg-2.20101213-r1 (07 Mar 2011)
+
+ 07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
+ +files/fix-apps-gpg-r1.patch, +selinux-gnupg-2.20101213-r1.ebuild:
+ Allow gnupg / mutt interaction
+
+*selinux-gnupg-2.20101213 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +selinux-gnupg-2.20101213.ebuild:
+ New upstream policy.
+
+*selinux-gnupg-2.20091215 (16 Dec 2009)
+
+ 16 Dec 2009; Chris PeBenito <pebenito@gentoo.org>
+ +selinux-gnupg-2.20091215.ebuild:
+ New upstream release.
+
+ 14 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ -selinux-gnupg-20070329.ebuild, -selinux-gnupg-20070928.ebuild,
+ selinux-gnupg-20080525.ebuild:
+ Mark 20080525 stable, clear old ebuilds.
+
+*selinux-gnupg-2.20090730 (03 Aug 2009)
+
+ 03 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ +selinux-gnupg-2.20090730.ebuild:
+ New upstream release.
+
+ 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+ selinux-gnupg-20070329.ebuild, selinux-gnupg-20070928.ebuild,
+ selinux-gnupg-20080525.ebuild:
+ Drop alpha, mips, ppc, sparc selinux support.
+
+*selinux-gnupg-20080525 (25 May 2008)
+
+ 25 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ +selinux-gnupg-20080525.ebuild:
+ New SVN snapshot.
+
+ 16 Mar 2008; Chris PeBenito <pebenito@gentoo.org>
+ -selinux-gnupg-20050823.ebuild, -selinux-gnupg-20051023.ebuild,
+ -selinux-gnupg-20061114.ebuild:
+ Remove old ebuilds.
+
+ 03 Feb 2008; Chris PeBenito <pebenito@gentoo.org>
+ selinux-gnupg-20070928.ebuild:
+ Mark stable.
+
+*selinux-gnupg-20070928 (26 Nov 2007)
+
+ 26 Nov 2007; Chris PeBenito <pebenito@gentoo.org>
+ +selinux-gnupg-20070928.ebuild:
+ New SVN snapshot.
+
+ 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+ selinux-gnupg-20070329.ebuild:
+ Mark stable.
+
+*selinux-gnupg-20070329 (29 Mar 2007)
+
+ 29 Mar 2007; Chris PeBenito <pebenito@gentoo.org>
+ +selinux-gnupg-20070329.ebuild:
+ New SVN snapshot.
+
+ 22 Feb 2007; Markus Ullmann <jokey@gentoo.org> ChangeLog:
+ Redigest for Manifest2
+
+*selinux-gnupg-20061114 (15 Nov 2006)
+
+ 15 Nov 2006; Chris PeBenito <pebenito@gentoo.org>
+ +selinux-gnupg-20061114.ebuild:
+ New SVN snapshot.
+
+*selinux-gnupg-20061008 (10 Oct 2006)
+
+ 10 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ +selinux-gnupg-20061008.ebuild:
+ First mainstream reference policy testing release.
+
+*selinux-gnupg-20051023 (28 Nov 2005)
+
+ 28 Nov 2005; petre rodan <kaiowas@gentoo.org>
+ -selinux-gnupg-20050626.ebuild, +selinux-gnupg-20051023.ebuild:
+ merge with upstream
+
+ 18 Sep 2005; petre rodan <kaiowas@gentoo.org>
+ selinux-gnupg-20050626.ebuild, selinux-gnupg-20050823.ebuild:
+ mark stable
+
+*selinux-gnupg-20050823 (09 Sep 2005)
+
+ 09 Sep 2005; petre rodan <kaiowas@gentoo.org>
+ -selinux-gnupg-20050408.ebuild, selinux-gnupg-20050626.ebuild,
+ -selinux-gnupg-20050813.ebuild, +selinux-gnupg-20050823.ebuild:
+ re-added some rules removed by latest merge, added mips arch
+
+*selinux-gnupg-20050813 (20 Aug 2005)
+
+ 20 Aug 2005; petre rodan <kaiowas@gentoo.org>
+ +selinux-gnupg-20050813.ebuild:
+ merge with upstream
+
+ 26 Jun 2005; petre rodan <kaiowas@gentoo.org> ChangeLog:
+ mark stable
+
+*selinux-gnupg-20050626 (26 Jun 2005)
+
+ 26 Jun 2005; petre rodan <kaiowas@gentoo.org>
+ -selinux-gnupg-20050219.ebuild, +selinux-gnupg-20050626.ebuild:
+ added name_connect rules
+
+ 07 May 2005; petre rodan <kaiowas@gentoo.org>
+ -selinux-gnupg-20041120.ebuild, selinux-gnupg-20050408.ebuild:
+ mark stable
+
+*selinux-gnupg-20050408 (23 Apr 2005)
+
+ 23 Apr 2005; petre rodan <kaiowas@gentoo.org>
+ +selinux-gnupg-20050408.ebuild:
+ merge with upstream
+
+ 23 Mar 2005; petre rodan <kaiowas@gentoo.org>
+ selinux-gnupg-20050219.ebuild:
+ mark stable
+
+*selinux-gnupg-20050219 (25 Feb 2005)
+
+ 25 Feb 2005; petre rodan <kaiowas@gentoo.org>
+ -selinux-gnupg-20041109.ebuild, -selinux-gnupg-20050119.ebuild,
+ +selinux-gnupg-20050219.ebuild:
+ removed old builds, merge with upstream policy
+
+*selinux-gnupg-20050119 (20 Jan 2005)
+
+ 20 Jan 2005; petre rodan <kaiowas@gentoo.org>
+ +selinux-gnupg-20050119.ebuild:
+ merge with upstream policy
+
+ 20 Jan 2005; petre rodan <kaiowas@gentoo.org>
+ selinux-gnupg-20041120.ebuild:
+ mark stable
+
+*selinux-gnupg-20041120 (12 Dec 2004)
+
+ 12 Dec 2004; petre rodan <kaiowas@gentoo.org>
+ +selinux-gnupg-20041120.ebuild:
+ merge with upstream policy
+
+*selinux-gnupg-20041109 (13 Nov 2004)
+
+ 13 Nov 2004; petre rodan <kaiowas@gentoo.org>
+ +selinux-gnupg-20041109.ebuild:
+ merge with nsa policy
+
+*selinux-gnupg-20040703 (03 Jul 2004)
+
+ 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org> +metadata.xml,
+ +selinux-gnupg-20040703.ebuild:
+ Initial commit
+
diff --git a/sec-policy/selinux-gnupg/metadata.xml b/sec-policy/selinux-gnupg/metadata.xml
new file mode 100644
index 0000000..9090500
--- /dev/null
+++ b/sec-policy/selinux-gnupg/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>Gentoo SELinux policy for gnupg</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-gnupg/selinux-gnupg-2.20101213-r2.ebuild b/sec-policy/selinux-gnupg/selinux-gnupg-2.20101213-r2.ebuild
new file mode 100644
index 0000000..d68ff14
--- /dev/null
+++ b/sec-policy/selinux-gnupg/selinux-gnupg-2.20101213-r2.ebuild
@@ -0,0 +1,16 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-gnupg/selinux-gnupg-2.20101213-r1.ebuild,v 1.2 2011/06/02 12:24:44 blueness Exp $
+
+EAPI=3
+
+DESCRIPTION="SELinux policy for GnuPG (meta-package for selinux-gpg)"
+HOMEPAGE="http://hardened.gentoo.org/selinux"
+SRC_URI=""
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND=">=sec-policy/selinux-gpg-2.20101213-r2"
diff --git a/sec-policy/selinux-gpg/ChangeLog b/sec-policy/selinux-gpg/ChangeLog
new file mode 100644
index 0000000..a7b30e5
--- /dev/null
+++ b/sec-policy/selinux-gpg/ChangeLog
@@ -0,0 +1,13 @@
+# ChangeLog for sec-policy/selinux-gpg
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+ 22 Jul 2011; <swift@gentoo.org> selinux-gpg-2.20101213-r2.ebuild:
+ Add proper blocker to automatically switch from gnupg to gpg
+
+*selinux-gpg-2.20101213-r2 (22 Jul 2011)
+
+ 22 Jul 2011; <swift@gentoo.org> +selinux-gpg-2.20101213-r2.ebuild,
+ +metadata.xml:
+ Use module-based naming as per Gentoo Hardened SELinux guidelines
+
diff --git a/sec-policy/selinux-gpg/files/fix-apps-gpg-r2.patch b/sec-policy/selinux-gpg/files/fix-apps-gpg-r2.patch
new file mode 100644
index 0000000..6bdce58
--- /dev/null
+++ b/sec-policy/selinux-gpg/files/fix-apps-gpg-r2.patch
@@ -0,0 +1,25 @@
+--- apps/gpg.te 2010-12-13 15:11:01.000000000 +0100
++++ apps/gpg.te 2011-07-22 16:43:36.926000872 +0200
+@@ -147,6 +147,11 @@
+ ')
+
+ optional_policy(`
++ gentoo_portage_search_conf(gpg_t)
++ gentoo_portage_read_tmp_files(gpg_t)
++')
++
++optional_policy(`
+ xserver_use_xdm_fds(gpg_t)
+ xserver_rw_xdm_pipes(gpg_t)
+ ')
+@@ -347,6 +352,10 @@
+ ')
+
+ optional_policy(`
++ mutt_manage_tmp_files(gpg_t)
++')
++
++optional_policy(`
+ pulseaudio_exec(gpg_pinentry_t)
+ pulseaudio_rw_home_files(gpg_pinentry_t)
+ pulseaudio_setattr_home_dir(gpg_pinentry_t)
diff --git a/sec-policy/selinux-gpg/metadata.xml b/sec-policy/selinux-gpg/metadata.xml
new file mode 100644
index 0000000..9090500
--- /dev/null
+++ b/sec-policy/selinux-gpg/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>Gentoo SELinux policy for gnupg</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-gpg/selinux-gpg-2.20101213-r2.ebuild b/sec-policy/selinux-gpg/selinux-gpg-2.20101213-r2.ebuild
new file mode 100644
index 0000000..aaf8f55
--- /dev/null
+++ b/sec-policy/selinux-gpg/selinux-gpg-2.20101213-r2.ebuild
@@ -0,0 +1,17 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-gnupg/selinux-gnupg-2.20101213-r1.ebuild,v 1.2 2011/06/02 12:24:44 blueness Exp $
+
+MODS="gpg"
+IUSE=""
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for GNU privacy guard"
+
+KEYWORDS="amd64 x86"
+RDEPEND="!<=sec-policy/selinux-gnupg-2.20101213-r1
+ >=sys-apps/policycoreutils-1.30.30
+ >=sec-policy/selinux-base-policy-${PV}"
+
+POLICY_PATCH="${FILESDIR}/fix-apps-gpg-r2.patch"
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-07-24 11:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-24 11:05 [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-gpg/files/, sec-policy/selinux-gpg/, Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox