sec-policy/selinux-base-policy/selinux-base-policy-2.20190201-r1.ebuild

   1 # Copyright 1999-2019 Gentoo Authors
   2 # Distributed under the terms of the GNU General Public License v2
   3
   4 EAPI="6"
   5
   6 if [[ ${PV} == 9999* ]]; then
   7         EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}"
   8         EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
   9         EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy"
  10
  11         inherit git-r3
  12 else
  13         SRC_URI="https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_${PV/./_}/refpolicy-${PV}.tar.bz2
  14                         https://dev.gentoo.org/~perfinion/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
  15         KEYWORDS="~amd64 -arm ~arm64 ~mips ~x86"
  16 fi
  17
  18 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux"
  19 DESCRIPTION="SELinux policy for core modules"
  20
  21 IUSE="systemd +unconfined"
  22
  23 PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
  24 DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
  25 RDEPEND="$DEPEND"
  26
  27 MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
  28 LICENSE="GPL-2"
  29 SLOT="0"
  30 S="${WORKDIR}/"
  31
  32 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on
  33 # itself), when reworked reinclude it. Only postinstall (where -b base.pp is
  34 # added) needs to remain then.
  35
  36 pkg_setup() {
  37         if use systemd; then
  38                 MODS="${MODS} systemd"
  39         fi
  40 }
  41
  42 pkg_pretend() {
  43         for i in ${POLICY_TYPES}; do
  44                 if [[ "${i}" == "targeted" ]] && ! use unconfined; then
  45                         die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
  46                 fi
  47         done
  48 }
  49
  50 src_prepare() {
  51         local modfiles
  52
  53         if [[ ${PV} != 9999* ]]; then
  54                 einfo "Applying SELinux policy updates ... "
  55                 eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch"
  56         fi
  57
  58         eapply_user
  59
  60         # Collect only those files needed for this particular module
  61         for i in ${MODS}; do
  62                 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
  63                 modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
  64         done
  65
  66         for i in ${POLICY_TYPES}; do
  67                 mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
  68                 cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
  69                         || die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
  70
  71                 cp ${modfiles} "${S}"/${i} \
  72                         || die "Failed to copy the module files to ${S}/${i}"
  73         done
  74 }
  75
  76 src_compile() {
  77         for i in ${POLICY_TYPES}; do
  78                 emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i} || die "${i} compile failed"
  79         done
  80 }
  81
  82 src_install() {
  83         local BASEDIR="/usr/share/selinux"
  84
  85         for i in ${POLICY_TYPES}; do
  86                 for j in ${MODS}; do
  87                         einfo "Installing ${i} ${j} policy package"
  88                         insinto ${BASEDIR}/${i}
  89                         doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
  90                 done
  91         done
  92 }
  93
  94 pkg_postinst() {
  95         # Set root path and don't load policy into the kernel when cross compiling
  96         local root_opts=""
  97         if [[ "${ROOT%/}" != "" ]]; then
  98                 root_opts="-p ${ROOT%/} -n"
  99         fi
 100
 101         # Override the command from the eclass, we need to load in base as well here
 102         local COMMAND="-i base.pp"
 103         if has_version "<sys-apps/policycoreutils-2.5"; then
 104                 COMMAND="-b base.pp"
 105         fi
 106
 107         for i in ${MODS}; do
 108                 COMMAND="${COMMAND} -i ${i}.pp"
 109         done
 110
 111         for i in ${POLICY_TYPES}; do
 112                 einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
 113
 114                 cd "${ROOT%/}/usr/share/selinux/${i}"
 115
 116                 semodule ${root_opts} -s ${i} ${COMMAND}
 117         done
 118
 119         # Don't relabel when cross compiling
 120         if [[ "${ROOT%/}" == "" ]]; then
 121                 # Relabel depending packages
 122                 local PKGSET="";
 123                 if [[ -x /usr/bin/qdepends ]] ; then
 124                         PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
 125                 elif [[ -x /usr/bin/equery ]] ; then
 126                         PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
 127                 fi
 128                 if [[ -n "${PKGSET}" ]] ; then
 129                         rlpkg ${PKGSET};
 130                 fi
 131         fi
 132 }