[gentoo-commits] repo/gentoo:master commit in: sys-apps/policycoreutils/, sys-apps/policycoreutils/files/
commit: 10fc678631a6a54f8183d54c1494aaeb9b08a1da Author: Jason Zaman gentoo org> AuthorDate: Sun Feb 7 04:16:19 2021 + Commit: Jason Zaman gentoo org> CommitDate: Sun Feb 7 04:16:19 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10fc6786 sys-apps/policycoreutils: drop old Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Jason Zaman gentoo.org> ...policycoreutils-2.7-0001-newrole-not-suid.patch | 13 -- .../policycoreutils/policycoreutils-3.1-r1.ebuild | 179 - 2 files changed, 192 deletions(-) diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch deleted file mode 100644 index 6049bbe282a..000 --- a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile -index bdefbb8..9cff135 100644 policycoreutils/newrole/Makefile -+++ policycoreutils/newrole/Makefile -@@ -49,7 +49,7 @@ ifeq ($(NAMESPACE_PRIV),y) - IS_SUID=y - endif - ifeq ($(IS_SUID),y) -- MODE := 4555 -+ MODE := 0555 - override LDLIBS += -lcap-ng - else - MODE := 0555 diff --git a/sys-apps/policycoreutils/policycoreutils-3.1-r1.ebuild b/sys-apps/policycoreutils/policycoreutils-3.1-r1.ebuild deleted file mode 100644 index 9381dac4c14..000 --- a/sys-apps/policycoreutils/policycoreutils-3.1-r1.ebuild +++ /dev/null @@ -1,179 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" -PYTHON_COMPAT=( python{3_7,3_8} ) -PYTHON_REQ_USE="xml" - -inherit multilib python-r1 toolchain-funcs bash-completion-r1 - -MY_P="${P//_/-}" - -MY_RELEASEDATE="20200710" -EXTRAS_VER="1.37" -SEMNG_VER="${PV}" -SELNX_VER="${PV}" -SEPOL_VER="${PV}" - -IUSE="audit dbus pam split-usr" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" - -DESCRIPTION="SELinux core utilities" -HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki; - -if [[ ${PV} == ]]; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git; - SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2; - S1="${WORKDIR}/${MY_P}/${PN}" - S2="${WORKDIR}/policycoreutils-extra" - S="${S1}" -else - SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_RELEASEDATE}/${MY_P}.tar.gz - https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2; - KEYWORDS="amd64 ~arm64 ~mips x86" - S1="${WORKDIR}/${MY_P}" - S2="${WORKDIR}/policycoreutils-extra" - S="${S1}" -fi - -LICENSE="GPL-2" -SLOT="0" - -DEPEND=">=sys-libs/libselinux-${SELNX_VER}:=[python,${PYTHON_USEDEP}] - >=sys-libs/libcap-1.10-r10:= - >=sys-libs/libsemanage-${SEMNG_VER}:=[python(+),${PYTHON_USEDEP}] - sys-libs/libcap-ng:= - >=sys-libs/libsepol-${SEPOL_VER}:= - >=app-admin/setools-4.2.0[${PYTHON_USEDEP}] - dev-python/ipy[${PYTHON_USEDEP}] - dbus? ( - sys-apps/dbus - dev-libs/dbus-glib:= - ) - audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] ) - pam? ( sys-libs/pam:= ) - ${PYTHON_DEPS}" - -# Avoid dependency loop in the cross-compile case, bug #755173 -# (Still exists in native) -BDEPEND="sys-devel/gettext" - -### libcgroup -> seunshare -### dbus -> restorecond - -# pax-utils for scanelf used by rlpkg -RDEPEND="${DEPEND} - app-misc/pax-utils" - -PDEPEND="sys-apps/semodule-utils - sys-apps/selinux-python" - -src_unpack() { - # Override default one because we need the SRC_URI ones even in case of ebuilds - default - if [[ ${PV} == ]] ; then - git-r3_src_unpack - fi -} - -src_prepare() { - S="${S1}" - cd "${S}" || die "Failed to switch to ${S}" - if [[ ${PV} != ]] ; then - # If needed for live ebuilds please use /etc/portage/patches - eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch" - fi - - # rlpkg is more useful than fixfiles - sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \ - || die "fixfiles sed 1 failed" - sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \ - || die "fixfiles sed 2 failed" - - eapply_user - - sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror" - - python_copy_sources - # Our extra code is outside the regular directory, so set it to the extra - # directory. We really should optimize this as it is ugly, but the extra - # code is needed for Gentoo at the same time that policycoreutils is present - # (so we cannot use an additional package for
[gentoo-commits] repo/gentoo:master commit in: sys-apps/policycoreutils/, sys-apps/policycoreutils/files/
commit: cb4e07769b3f0b7ec6ad3f3a9b6b6b3e45705d0a Author: Jonathan Davies protonmail com> AuthorDate: Tue Sep 1 20:21:30 2020 + Commit: Jason Zaman gentoo org> CommitDate: Tue Sep 15 03:40:21 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb4e0776 sys-apps/policycoreutils: Version bump to 3.1. Signed-off-by: Jonathan Davies protonmail.com> Signed-off-by: Jason Zaman gentoo.org> sys-apps/policycoreutils/Manifest | 2 ++ .../files/policycoreutils-3.1-0001-newrole-not-suid.patch | 11 +++ ...policycoreutils-.ebuild => policycoreutils-3.1.ebuild} | 8 sys-apps/policycoreutils/policycoreutils-.ebuild | 8 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest index 86052aaf9b0..f5fdac8fb42 100644 --- a/sys-apps/policycoreutils/Manifest +++ b/sys-apps/policycoreutils/Manifest @@ -1,3 +1,5 @@ DIST policycoreutils-2.9.tar.gz 2819360 BLAKE2B b0af912e3b4fb2c9598b10ce413c8ffb3f5972a4d5d59270cff40abe8d4e385e0664e24a4f533a95ad2d1657644f3368213f955ac63d9f8c46a661417b07c8b3 SHA512 d8356115671ba66de05f1c13193ab47fab69cc4d09603a92171ed40afafc084dd191591bf336b7d722de637378ad09622ebb6eca85c06063ca9ddd6db10e02a2 DIST policycoreutils-3.0.tar.gz 2818089 BLAKE2B 6e4aa6d6eecf809efaefccbfa16c44050242d129f496594763aacbb9aaeca23d92b27d30a6f9ae0e49513adc0a1bd58499253eb9ffc003547387c04aa643b462 SHA512 d8d25db48c1caef69228e87d7ebb2c0f075e44e4ff6bf18a26af341d948b81375b33945128cd0410ffebc64ca478fd19a207295189c716c95e6a3c586e9f053d +DIST policycoreutils-3.1.tar.gz 2817914 BLAKE2B ef68bb5f9cf577164ead44803b6be2bd6401c9e923d2c775c7c8c47f0e803749feaec4247fec5cc1cb766314954402fd2506370bb397f746437ecfcf65b384f3 SHA512 0592f218563a99ba95d2cfd07fdc3761b61c1cc3c01a17ab89ad840169e1a7d4083521d5cacc72d1b76911d516bf592db7a3f90d9ef0cc11ceed007e4580e140 DIST policycoreutils-extra-1.36.tar.bz2 8830 BLAKE2B 6d98e41ea379d3e95221a6e53d8a8b144e4e15ca5581381e76a529dbbaca304d5587b30419797c8c70cbd7c2b2588e5ecd62adcf97294e429950899c1c318346 SHA512 c6a18e6fb2d65f51dc55b88907f23241f2fbfc033d3d2888b109596d9ed31d509b2c93456727ea4d1f98544831afb15c449ff72d6aedf93b9e474b27817f7fb3 +DIST policycoreutils-extra-1.37.tar.bz2 8809 BLAKE2B a7f6122c2e27f54b018174e962bd7f4c14af04e09bbb5300bde6967ea7f2dc5cd03b5787919a4e7f5288bcbc6747922962b5bd3b588ab1e3a035fbff4910d8f5 SHA512 0a85cd7cf279256b5e1927f9dfdd89626a1c8b77b0aeb62b496e7e8d1dccbaa315e39f9308fb2df7270f0bc1c10787b19990e7365cad74b47b61e30394c8b23f diff --git a/sys-apps/policycoreutils/files/policycoreutils-3.1-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-3.1-0001-newrole-not-suid.patch new file mode 100644 index 000..360a4904978 --- /dev/null +++ b/sys-apps/policycoreutils/files/policycoreutils-3.1-0001-newrole-not-suid.patch @@ -0,0 +1,11 @@ +--- a/newrole/Makefile b/newrole/Makefile +@@ -50,7 +50,7 @@ ifeq ($(NAMESPACE_PRIV),y) + IS_SUID=y + endif + ifeq ($(IS_SUID),y) +- MODE := 4555 ++ MODE := 0555 + override LDLIBS += -lcap-ng + else + MODE := 0555 diff --git a/sys-apps/policycoreutils/policycoreutils-.ebuild b/sys-apps/policycoreutils/policycoreutils-3.1.ebuild similarity index 97% copy from sys-apps/policycoreutils/policycoreutils-.ebuild copy to sys-apps/policycoreutils/policycoreutils-3.1.ebuild index d083c523220..569dc07cfcf 100644 --- a/sys-apps/policycoreutils/policycoreutils-.ebuild +++ b/sys-apps/policycoreutils/policycoreutils-3.1.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="6" +EAPI="7" PYTHON_COMPAT=( python{3_6,3_7} ) PYTHON_REQ_USE="xml" @@ -9,8 +9,8 @@ inherit multilib python-r1 toolchain-funcs bash-completion-r1 MY_P="${P//_/-}" -MY_RELEASEDATE="20191204" -EXTRAS_VER="1.36" +MY_RELEASEDATE="20200710" +EXTRAS_VER="1.37" SEMNG_VER="${PV}" SELNX_VER="${PV}" SEPOL_VER="${PV}" @@ -79,7 +79,7 @@ src_prepare() { cd "${S}" || die "Failed to switch to ${S}" if [[ ${PV} != ]] ; then # If needed for live ebuilds please use /etc/portage/patches - eapply "${FILESDIR}/policycoreutils-2.7-0001-newrole-not-suid.patch" + eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch" fi # rlpkg is more useful than fixfiles diff --git a/sys-apps/policycoreutils/policycoreutils-.ebuild b/sys-apps/policycoreutils/policycoreutils-.ebuild index d083c523220..569dc07cfcf 100644 --- a/sys-apps/policycoreutils/policycoreutils-.ebuild +++ b/sys-apps/policycoreutils/policycoreutils-.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="6" +EAPI="7" PYTHON_COMPAT=( python{3_6,3_7} ) PYTHON_REQ_USE="xml" @@ -9,8 +9,8
[gentoo-commits] repo/gentoo:master commit in: sys-apps/policycoreutils/, sys-apps/policycoreutils/files/
commit: 07f19bdf64a33eb8bc7b2e1a8368bb53e0b0585c Author: Jason Zaman gentoo org> AuthorDate: Sun Jul 9 09:49:32 2017 + Commit: Jason Zaman gentoo org> CommitDate: Sun Jul 9 10:03:09 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07f19bdf sys-apps/policycoreutils: update suid patch Package-Manager: Portage-2.3.6, Repoman-2.3.1 .../files/policycoreutils-2.7-0001-newrole-not-suid.patch | 2 +- ...t-suid.patch => policycoreutils-2.7_rc1-0001-newrole-not-suid.patch} | 0 sys-apps/policycoreutils/policycoreutils-2.7_rc1.ebuild | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch index d4aa531063f..6049bbe282a 100644 --- a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch +++ b/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch @@ -8,6 +8,6 @@ index bdefbb8..9cff135 100644 ifeq ($(IS_SUID),y) - MODE := 4555 + MODE := 0555 - LDLIBS += -lcap-ng + override LDLIBS += -lcap-ng else MODE := 0555 diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch b/sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch similarity index 100% copy from sys-apps/policycoreutils/files/policycoreutils-2.7-0001-newrole-not-suid.patch copy to sys-apps/policycoreutils/files/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch diff --git a/sys-apps/policycoreutils/policycoreutils-2.7_rc1.ebuild b/sys-apps/policycoreutils/policycoreutils-2.7_rc1.ebuild index 4e75a4f5dc6..fd1ae7ab7c6 100644 --- a/sys-apps/policycoreutils/policycoreutils-2.7_rc1.ebuild +++ b/sys-apps/policycoreutils/policycoreutils-2.7_rc1.ebuild @@ -83,7 +83,7 @@ src_prepare() { cd "${S}" || die "Failed to switch to ${S}" if [[ ${PV} != ]] ; then # If needed for live ebuilds please use /etc/portage/patches - eapply "${FILESDIR}/policycoreutils-2.7-0001-newrole-not-suid.patch" + eapply "${FILESDIR}/policycoreutils-2.7_rc1-0001-newrole-not-suid.patch" fi # rlpkg is more useful than fixfiles
[gentoo-commits] repo/gentoo:master commit in: sys-apps/policycoreutils/, sys-apps/policycoreutils/files/
commit: cb0bae402bbc3a661c63ad1a53df8f74677f4bf3 Author: Sven Vermeulen swift AT gentoo DOT org AuthorDate: Tue Aug 25 16:30:41 2015 + Commit: Sven Vermeulen swift AT gentoo DOT org CommitDate: Tue Aug 25 16:35:34 2015 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb0bae40 sys-apps/policycoreutils: Support policy generation and don't fail on user modification Two bugs have been reported where (1.) generating policies using sepolgen generate failed and (2.) changing user definitions failed. Both have been fixed upstream, and are now taken part of our patchset. Gentoo-Bug: 557370 Gentoo-Bug: 534682 Package-Manager: portage-2.2.20.1 ...PM-enabled-Linux-distributions-bug-534682.patch | 69 ++ ...-sename-after-calling-semanage-bug-557370.patch | 29 + .../policycoreutils/policycoreutils-.ebuild| 7 +-- 3 files changed, 101 insertions(+), 4 deletions(-) diff --git a/sys-apps/policycoreutils/files/0130-Only-invoke-RPM-on-RPM-enabled-Linux-distributions-bug-534682.patch b/sys-apps/policycoreutils/files/0130-Only-invoke-RPM-on-RPM-enabled-Linux-distributions-bug-534682.patch new file mode 100644 index 000..25fc900 --- /dev/null +++ b/sys-apps/policycoreutils/files/0130-Only-invoke-RPM-on-RPM-enabled-Linux-distributions-bug-534682.patch @@ -0,0 +1,69 @@ +From 73b7ff410c1b2958c5c1f8e26cae5347d56416d4 Mon Sep 17 00:00:00 2001 +From: Sven Vermeulen sven.vermeu...@siphos.be +Date: Tue, 9 Jun 2015 13:26:24 +0200 +Subject: [PATCH 1/1] Only invoke RPM on RPM-enabled Linux distributions + +When calling sepolgen generate to automatically generate a SELinux +policy template, the command fails when it cannot invoke RPM related +commands on Linux distributions that do not support RPM by default: + +Failed to retrieve rpm info for selinux-policy +Traceback (most recent call last): + File /usr/lib/python-exec/python2.7/sepolicy, line 643, in module +args.func(args) + File /usr/lib/python-exec/python2.7/sepolicy, line 517, in generate +print mypolicy.generate(args.path) + File /usr/lib64/python2.7/site-packages/sepolicy/generate.py, line 1370, in generate +out += %s # %s\n % (self.write_spec(out_dir), _(Spec file)) + File /usr/lib64/python2.7/site-packages/sepolicy/generate.py, line 1219, in write_spec +fd.write(self.generate_spec()) + File /usr/lib64/python2.7/site-packages/sepolicy/generate.py, line 1181, in generate_spec +selinux_policyver = get_rpm_nvr_list(selinux-policy)[1] +TypeError: 'NoneType' object has no attribute '__getitem__' + +As the RPM related steps are only needed on RPM-enabled distributions, +we should ignore these steps on other Linux distribution platforms. + +In this patch, we use the Python platform module to get the Linux +distribution, and only start the RPM-related activities on Linux +distributions that use RPM as their native package manager. + +Signed-off-by: Sven Vermeulen sven.vermeu...@siphos.be +--- + policycoreutils/sepolicy/sepolicy/generate.py | 7 +-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py +index 6b53035..4858582 100644 +--- a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py +@@ -26,6 +26,7 @@ import re + import sepolicy + from sepolicy import get_all_types, get_all_attributes, get_all_roles + import time ++import platform + + from templates import executable + from templates import boolean +@@ -1171,7 +1172,8 @@ allow %s_t %s_t:%s_socket name_%s; + newsh += re.sub(TEMPLATETYPE, self.name, t1) + + newsh += self.generate_user_sh() +-newsh += re.sub(TEMPLATEFILE, self.file_name, script.rpm) ++if (platform.linux_distribution(full_distribution_name=0)[0] in (redhat,centos,SuSE,fedora,mandrake,mandriva)): ++newsh += re.sub(TEMPLATEFILE, self.file_name, script.rpm) + + return newsh + +@@ -1367,6 +1369,7 @@ Warning %s does not exist + out += %s # %s\n % (self.write_if(out_dir), _(Interface file)) + out += %s # %s\n % (self.write_fc(out_dir), _(File Contexts file)) + if self.type != NEWTYPE: +-out += %s # %s\n % (self.write_spec(out_dir), _(Spec file)) ++if (platform.linux_distribution(full_distribution_name=0)[0] in (redhat,centos,SuSE,fedora,mandrake,mandriva)): ++out += %s # %s\n % (self.write_spec(out_dir), _(Spec file)) + out += %s # %s\n % (self.write_sh(out_dir), _(Setup Script)) + return out +-- +2.4.6 + diff --git a/sys-apps/policycoreutils/files/0140-Set-self.sename-to-sename-after-calling-semanage-bug-557370.patch b/sys-apps/policycoreutils/files/0140-Set-self.sename-to-sename-after-calling-semanage-bug-557370.patch new file mode 100644 index 000..1a11d39 ---