From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 5135D138A1F for ; Wed, 6 Aug 2014 08:30:39 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 80DD8E0997; Wed, 6 Aug 2014 08:30:33 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D876BE0991 for ; Wed, 6 Aug 2014 08:30:32 +0000 (UTC) Received: by smtp.gentoo.org (Postfix, from userid 617) id D66F633FFF1; Wed, 6 Aug 2014 08:30:31 +0000 (UTC) Date: Wed, 6 Aug 2014 08:30:31 +0000 From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] Update on SELinux eclass to support different git repo or branch Message-ID: <20140806083031.GA29948@gentoo.org> Mail-Followup-To: gentoo-hardened@gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline User-Agent: Mutt/1.5.22 (2013-10-16) X-Archives-Salt: 289f0f49-8e65-4b28-ba6f-3b0999bca4df X-Archives-Hash: b089c1b97f7679c1ba254c16d1692017 Hi all Our live sec-policy/selinux-* packages (the ones with the -9999 version) have been using our git repository for some time. Although users could always override these with packagename_LIVE_REPO, it meant that they had to generate such variables for each and every sec-policy/ package out there. As that is a big nuisance (and you should also not forget to substitute "-" with "_" in that case) I added two more variables in the SELinux eclass to make this a lot simpler: SELINUX_GIT_REPO can now point to a different repo set if you want SELINUX_GIT_BRANCH can be used to pull in a different branch (default is master) The first one (SELINUX_GIT_REPO) allows users to use their own SELinux policy repository with the live ebuilds, rather than having to use ours (or do some cludgy things to get their own policies to be loaded). All that we require is that the repository is still a reference policy clone. The second one (SELINUX_GIT_BRANCH) allows users to pick a different branch. This can be interesting when we're doing larger updates on the SELinux policies with wider testing (or in between developers). The changes are fully backwards compatible and do not affect users not using the -9999 ebuilds. Wkr, Sven Vermeulen