sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild

   1 # Copyright 1999-2020 Gentoo Authors
   2 # Distributed under the terms of the GNU General Public License v2
   3
   4 EAPI="6"
   5
   6 if [[ ${PV} == 9999* ]]; then
   7         EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
   8         EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
   9         EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
  10
  11         inherit git-r3
  12 else
  13         SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
  14                         https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
  15         KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
  16 fi
  17
  18 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
  19 DESCRIPTION="SELinux policy for core modules"
  20
  21 IUSE="systemd +unconfined"
  22
  23 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
  24 DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
  25 RDEPEND="$DEPEND"
  26
  27 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
  28 LICENSE="GPL-2"
  29 SLOT="0"
  30 S="${WORKDIR}/"
  31
  32 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
  33 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
  34 # added) needs to remain then.
  35
  36 pkg_pretend() {
  37         for i in ${POLICY_TYPES}; do
  38                 if [[ "${i}" == "targeted" ]] && ! use unconfined; then
  39                         die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
  40                 fi
  41         done
  42 }
  43
  44 src_prepare() {
  45         local modfiles
  46
  47         if [[ ${PV} != 9999* ]]; then
  48                 einfo "Applying SELinux policy updates ... "
  49                 eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
  50         fi
  51
  52         eapply_user
  53
  54         # Collect only those files needed for this particular module
  55         for i in ${MODS}; do
  56                 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
  57                 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
  58         done
  59
  60         for i in ${POLICY_TYPES}; do
  61                 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
  62                 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
  63                         || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
  64
  65                 cp ${modfiles} "${S}"/${i} \
  66                         || die "Failed to copy the module files to ${S}/${i}"
  67         done
  68 }
  69
  70 src_compile() {
  71         for i in ${POLICY_TYPES}; do
  72                 emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i}
  73         done
  74 }
  75
  76 src_install() {
  77         local BASEDIR="/usr/share/selinux"
  78
  79         for i in ${POLICY_TYPES}; do
  80                 for j in ${MODS}; do
  81                         einfo "Installing ${i} ${j} policy package"
  82                         insinto ${BASEDIR}/${i}
  83                         doins "${S}"/${i}/${j}.pp
  84                 done
  85         done
  86 }
  87
  88 pkg_postinst() {
  89         # Set root path and don't load policy into the kernel when cross compiling
  90         local root_opts=""
  91         if [[ "${ROOT%/}" != "" ]]; then
  92                 root_opts="-p ${ROOT%/} -n"
  93         fi
  94
  95         # Override the command from the eclass, we need to load in base as well here
  96         local COMMAND="-i base.pp"
  97         if has_version "<sys-apps/policycoreutils-2.5"; then
  98                 COMMAND="-b base.pp"
  99         fi
 100
 101         for i in ${MODS}; do
 102                 COMMAND="${COMMAND} -i ${i}.pp"
 103         done
 104
 105         for i in ${POLICY_TYPES}; do
 106                 einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
 107
 108                 cd "${ROOT%/}/usr/share/selinux/${i}"
 109
 110                 semodule ${root_opts} -s ${i} ${COMMAND}
 111         done
 112
 113         # Don't relabel when cross compiling
 114         if [[ "${ROOT%/}" == "" ]]; then
 115                 # Relabel depending packages
 116                 local PKGSET="";
 117                 if [[ -x /usr/bin/qdepends ]] ; then
 118                         PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
 119                 elif [[ -x /usr/bin/equery ]] ; then
 120                         PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
 121                 fi
 122                 if [[ -n "${PKGSET}" ]] ; then
 123                         rlpkg ${PKGSET};
 124                 fi
 125         fi
 126 }