diff --git a/sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r2.ebuild b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r2.ebuild index 599c890996..dfb32553a8 100644 --- a/sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r2.ebuild +++ b/sdk_container/src/third_party/portage-stable/sec-policy/selinux-base-policy/selinux-base-policy-2.20231002-r2.ebuild @@ -1,8 +1,10 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" +inherit selinux-policy-utils + if [[ ${PV} == 9999* ]]; then EGIT_REPO_URI="${SELINUX_GIT_REPO:-https://anongit.gentoo.org/git/proj/hardened-refpolicy.git}" EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}" @@ -33,109 +35,51 @@ LICENSE="GPL-2" SLOT="0" S="${WORKDIR}/" -# Code entirely copied from selinux-eclass (cannot inherit due to dependency on -# itself), when reworked reinclude it. Only postinstall (where -b base.pp is -# added) needs to remain then. - pkg_pretend() { - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "targeted" ]] && ! use unconfined; then + local pt + + for pt in ${POLICY_TYPES}; do + if [[ ${pt} = targeted ]] && ! use unconfined; then die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory." fi done } src_prepare() { - local modfiles + local path_to_patch='' policy_files_dir=${FILESDIR} + # no extra policy files nor patches + local -a policy_files=() policy_patches=() if [[ ${PV} != 9999* ]]; then - einfo "Applying SELinux policy updates ... " - eapply -p0 "${WORKDIR}/0001-full-patch-against-stable-release.patch" + path_to_patch="${WORKDIR}/0001-full-patch-against-stable-release.patch" fi - eapply_user - - # Collect only those files needed for this particular module - for i in ${MODS}; do - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.te) $modfiles" - modfiles="$(find "${S}"/refpolicy/policy/modules -iname $i.fc) $modfiles" + local mod + for mod in ${DEL_MODS}; do + [[ " ${MODS} " != *" ${mod} "* ]] || die "Duplicate module in MODS and DEL_MODS: ${mod}" done - for i in ${DEL_MODS}; do - [[ "${MODS}" != *${i}* ]] || die "Duplicate module in MODS and DEL_MODS: ${i}" - done - - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" - - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done + selinux-policy-utils-prepare \ + "${path_to_patch}" "${policy_files_dir}" "${S}" \ + ${POLICY_TYPES} -- ${MODS} -- "${policy_files[@]}" -- "${policy_patches[@]}" } src_compile() { - for i in ${POLICY_TYPES}; do - emake NAME=$i SHAREDIR="${SYSROOT%/}/usr/share/selinux" -C "${S}"/${i} - done + local m4param='' + selinux-policy-utils-compile-policy-packages "${S}" "${m4param}" ${POLICY_TYPES} } src_install() { - local BASEDIR="/usr/share/selinux" - - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - doins "${S}"/${i}/${j}.pp - done - done + # no extra policy files + local -a policy_files=() + selinux-policy-utils-install-policy-packages "${S}" \ + ${POLICY_TYPES} -- ${MODS} -- "${policy_files[@]}" } pkg_postinst() { - # Set root path and don't load policy into the kernel when cross compiling - local root_opts="" - if [[ "${ROOT}" != "" ]]; then - root_opts="-p ${ROOT} -n" - fi - - # Override the command from the eclass, we need to load in base as well here - local COMMAND="-i base.pp" - if has_version "