From a62028633423578b21b219bd1617a1e6c7b0d10b Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Wed, 21 Feb 2024 14:47:01 +0100
Subject: [PATCH] sys-apps/policycoreutils: Sync with Gentoo

It's from Gentoo commit c4719a957590a9b209422d93c8136075c2781af7.
---
 .../sys-apps/policycoreutils/Manifest         |  2 +-
 .../files/tmpfiles.d/10-var-lib-selinux.conf  |  2 -
 ...-3.5.ebuild => policycoreutils-3.6.ebuild} | 54 ++++++++++++-------
 3 files changed, 37 insertions(+), 21 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/tmpfiles.d/10-var-lib-selinux.conf
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/{policycoreutils-3.5.ebuild => policycoreutils-3.6.ebuild} (72%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/Manifest
index cfc08315c2..8b299836d9 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/Manifest
@@ -1,2 +1,2 @@
-DIST policycoreutils-3.5.tar.gz 775639 BLAKE2B 777b8564484e89385db7a184c4cad9a99aabf1fd1ac41abd5826c7e6ad29118ae9d6f0d0fd968b6ced87f2f04bc6d7cd207b67428151522915367f656fb8d3f8 SHA512 7978ef6b7a278c6384c9b397734d03c4932c8aefecceaa1e6a1345be27b253dbe276fdcd219ce83ad732c6ed55d53bbc3254e39bccadd67d2cd1152a14749444
+DIST policycoreutils-3.6.tar.gz 755682 BLAKE2B a8b180c8006989192d152651dcfa51856956780bfe1139cc1dc0162eb66ba1eef4f7d64f68a48479572b02e2e97a68c7082722a745d22a9453e8378373319e3c SHA512 e1f32e6e0310b879a5aadab157b103314a61bf3b8fd59c1212d701fbf39900e3b9a0b727338988103d784a7e505355a871ba519dd91520b135a3b9dae40bf1b0
 DIST policycoreutils-extra-1.37.tar.bz2 8809 BLAKE2B a7f6122c2e27f54b018174e962bd7f4c14af04e09bbb5300bde6967ea7f2dc5cd03b5787919a4e7f5288bcbc6747922962b5bd3b588ab1e3a035fbff4910d8f5 SHA512 0a85cd7cf279256b5e1927f9dfdd89626a1c8b77b0aeb62b496e7e8d1dccbaa315e39f9308fb2df7270f0bc1c10787b19990e7365cad74b47b61e30394c8b23f
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/tmpfiles.d/10-var-lib-selinux.conf b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/tmpfiles.d/10-var-lib-selinux.conf
deleted file mode 100644
index f763cf3e45..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/files/tmpfiles.d/10-var-lib-selinux.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-#Type	Path			Mode	UID 	GID 	Age	Argument
-L	/var/lib/selinux/	-	-	-	-	../../usr/lib/selinux/policy
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.6.ebuild
similarity index 72%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.6.ebuild
index 202a894257..e2527faa68 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.5.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.6.ebuild
@@ -1,12 +1,11 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
-PYTHON_COMPAT=( python3_{9..11} )
+PYTHON_COMPAT=( python3_{10..11} )
 PYTHON_REQ_USE="xml(+)"
 
-TMPFILES_OPTIONAL=1
-inherit multilib python-r1 toolchain-funcs bash-completion-r1 tmpfiles
+inherit python-r1 toolchain-funcs bash-completion-r1
 
 MY_PV="${PV//_/-}"
 MY_P="${PN}-${MY_PV}"
@@ -36,12 +35,14 @@ SLOT="0"
 IUSE="audit pam split-usr"
 REQUIRED_USE="${PYTHON_REQUIRED_USE}"
 
-DEPEND=">=sys-libs/libselinux-${PV}:=
-	>=sys-libs/libsemanage-${PV}:=
+DEPEND=">=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
+	>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
 	>=sys-libs/libsepol-${PV}:=
 	sys-libs/libcap-ng:=
+	>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
 	audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
-	pam? ( sys-libs/pam:= )"
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}"
 
 # Avoid dependency loop in the cross-compile case, bug #755173
 # (Still exists in native)
@@ -51,7 +52,8 @@ BDEPEND="sys-devel/gettext"
 RDEPEND="${DEPEND}
 	app-misc/pax-utils"
 
-PDEPEND="sys-apps/semodule-utils"
+PDEPEND="sys-apps/semodule-utils
+	sys-apps/selinux-python"
 
 src_unpack() {
 	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
@@ -78,6 +80,14 @@ src_prepare() {
 	eapply_user
 
 	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
 }
 
 src_compile() {
@@ -90,8 +100,10 @@ src_compile() {
 			CC="$(tc-getCC)" \
 			LIBDIR="\$(PREFIX)/$(get_libdir)"
 	}
-	BUILD_DIR="${S1}"
-	building
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
 }
 
 src_install() {
@@ -106,6 +118,7 @@ src_install() {
 			CC="$(tc-getCC)" \
 			LIBDIR="\$(PREFIX)/$(get_libdir)" \
 			install
+		python_optimize
 	}
 
 	installation-extras() {
@@ -113,11 +126,14 @@ src_install() {
 		emake -C "${BUILD_DIR}" \
 			DESTDIR="${D}" \
 			install
+		python_optimize
 	}
 
-	BUILD_DIR="${S1}"
-	installation-policycoreutils
-
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
 
 	# remove redhat-style init script
 	rm -fR "${D}/etc/rc.d" || die
@@ -132,12 +148,14 @@ src_install() {
 
 	bashcomp_alias setsebool getsebool
 
-	dodir /usr/lib/selinux/policy
-	dosym ../../usr/lib/selinux/policy /var/lib/selinux
-	keepdir /usr/lib/selinux/policy
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
 
-	# Recreate the symlink in /var in case of wiping the root filesystem.
-	dotmpfiles "${FILESDIR}/tmpfiles.d/10-var-lib-selinux.conf"
+	# Set version-specific scripts
+	for pyscript in rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
 }
 
 pkg_postinst() {