Add fix for bug #374897 and initial support for python3

Package-Manager: portage-2.1.10.3/cvs/Linux x86_64
author: Anthony G. Basile <blueness@gentoo.org> 2011-07-15 23:29:30 +0000
committer: Anthony G. Basile <blueness@gentoo.org> 2011-07-15 23:29:30 +0000
commit: 38e4e4ba516dacacb7350399c6c1f764379be6e2 (patch)
tree: 38473808778878461ad5dc8e382bc86b38365ea5 /sys-apps/policycoreutils
parent: Changed dependency on sci-electronics/ng-spice-rework to sci-electronics/ngsp... (diff)
download: historical-38e4e4ba516dacacb7350399c6c1f764379be6e2.tar.gz
historical-38e4e4ba516dacacb7350399c6c1f764379be6e2.tar.bz2
historical-38e4e4ba516dacacb7350399c6c1f764379be6e2.zip
5 files changed, 134 insertions, 5 deletions
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
index 0bc63fc026f2..d02a01c4b9ff 100644
--- a/sys-apps/policycoreutils/ChangeLog
+++ b/sys-apps/policycoreutils/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-apps/policycoreutils
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.86 2011/07/08 10:54:27 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.87 2011/07/15 23:29:30 blueness Exp $
+
+*policycoreutils-2.0.85 (15 Jul 2011)
+
+  15 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+  +policycoreutils-2.0.85.ebuild,
+  +files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz,
+  +files/policycoreutils-2.0.85-sesandbox.patch.gz:
+  Add fix for bug #374897 and initial support for python3
 
   08 Jul 2011; Samuli Suominen <ssuominen@gentoo.org>
   policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest
index 971e32dab96b..f717711c7f65 100644
--- a/sys-apps/policycoreutils/Manifest
+++ b/sys-apps/policycoreutils/Manifest
@@ -2,9 +2,13 @@
 Hash: SHA256
 
 AUX policycoreutils-2.0.69-setfiles.diff 333 RMD160 78309e288913b244200afa47dfe9b22442b45a52 SHA1 18f244ff52513bac481605e1419479c965b41cb9 SHA256 70a857ee7695fe6492db7c7ddc491fdaaf155f583a1c8c55c9b1d864811f3242
+AUX policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz 8962 RMD160 4175ac56c5c72ba37b3bd94009cbe17345444445 SHA1 f9a3b6d64f7b6632b8740cc4f07d8db029039e7c SHA256 2dc16bc7489d626a91d93356d80651795eb757a25fd807fbbf93c772f392b50f
+AUX policycoreutils-2.0.85-sesandbox.patch.gz 4551 RMD160 28ea43ae81418e0d1da95904276b8cc7423ee1e1 SHA1 dfcbc87fecfbd335b51f1c020ca0f642245b6417 SHA256 9854b390e1283194b76335dcacc0b8f7d45d8fb025592e4e9b701122c925d1e1
 DIST policycoreutils-2.0.55.tar.gz 306314 RMD160 f4f8e5eec52603e4a23424c7d0e419ee088bcad7 SHA1 b2eacc4d0e520749b182945ca7aebe537ac27ffc SHA256 4f1a880f4784bec8a06241438a854e5b438c039193e53d0c3b1b68324418f19f
 DIST policycoreutils-2.0.69.tar.gz 832883 RMD160 f94527fcf5952d477741d62445cd5a2f593f6c58 SHA1 a82eb4b0208531dee65692919c7b4fd77a68e421 SHA256 bdbe0789885363c47c304758545b75b07a475b1f1b94b7007dd0bda2e4ad2b6b
 DIST policycoreutils-2.0.82.tar.gz 834447 RMD160 b8ff1b968e77b2554fb485a1c9bbe7069522bd21 SHA1 1abea421581e1ec3384e15752be0222514134757 SHA256 72bbf62bbe4f01657f4884c4601732f8dcb9c43c49a68f8a2985c2b5bc3d8cea
+DIST policycoreutils-2.0.85-python3.tar.gz 19750 RMD160 ae5daef8bf9083964e37b101a6168dc6ce5b8bb2 SHA1 61c058cb39ef9f13dd54af844a033ac724de743c SHA256 4bc78bfd39ce43a010c4e1de3d7f4ff45fcfc7bac4bc70e28c9bdb681053fe4e
+DIST policycoreutils-2.0.85.tar.gz 885929 RMD160 b9dea38eaa2ec7f2eabd49f7634eb6a47008aeff SHA1 f004048a32f3954a2ac420e34d4ec190905e805f SHA256 cb45e63332be948f8dff17c1bdd4b9810a7d4fa84916f49b4c9388c7948b0507
 DIST policycoreutils-extra-1.19.tar.bz2 19139 RMD160 26a696ce304392f3fb2345cf4937420dbd0cdc16 SHA1 8fd3e22bb58c36eabdd9f18d7c55c8a565a71cb1 SHA256 7461733113f273b297c843cd90447d24110650ed6f1bf2ccd4bc94b4807eac5c
 DIST policycoreutils-extra-1.20.tar.bz2 18532 RMD160 f2f837b6759036581453bb51683d3ee9ca7de01b SHA1 44a1eb06a21217da5c4dcdbdb7204771abe81d4e SHA256 2965e81dd39b0c4b0bb29439c0c8e816e0445ec42699b8a78c3361e988c54cc0
 EBUILD policycoreutils-2.0.55.ebuild 2651 RMD160 ac85ecaf5080679528b696ce13434864521768cd SHA1 1f28985de8af8bbf71a5cefb256f668cf5199428 SHA256 692afb0c17f16321e481ee86011546acef41ce7e4ef56c26b858dee467b07cd4
@@ -13,12 +17,13 @@ EBUILD policycoreutils-2.0.69-r2.ebuild 2724 RMD160 59b98cfd017c77661aeca05daebc
 EBUILD policycoreutils-2.0.69.ebuild 2658 RMD160 e74966b31e87ab9c4c1f76748649468b420b87b9 SHA1 a5ebcdc803b719c0517fb4f7ee1fd4e5283e6e56 SHA256 fc59a62f34a5b21ecab71cea4784fb5c51a93cd9ccee1acc37113517ab3adef0
 EBUILD policycoreutils-2.0.82-r1.ebuild 2942 RMD160 1cfce90dabb327055b07bb5a16cb0a1e037d5574 SHA1 73fc250f3fc8afffc9e21b3aa0da276c1136f913 SHA256 c5296af03152194212caeae3186db3e80d1419a8ad4385dc257abc4e423571df
 EBUILD policycoreutils-2.0.82.ebuild 2633 RMD160 b8077adda572a73ed616526ec0ca97cc6038e6a2 SHA1 7d40d7119a01fa4e7fcbd3d68fc9aa43f8d97704 SHA256 852d23bfa05fce1e25a0c65c726309b2316051ced113c2b6d444c39ed19ffe94
-MISC ChangeLog 13538 RMD160 3c38ba1637afa49269fdcd81aadaa1051d0d324a SHA1 78d17713b12f1155c125e64383ee510af85c3138 SHA256 63379b83c91e6b7ebea2434cdefe427e011075499660968272c9a6e4eb267360
+EBUILD policycoreutils-2.0.85.ebuild 4308 RMD160 5eeae4b104c7f801d3d3582837d6e40ec1d85639 SHA1 1880f9fa1d4d5498a03927d39b078608945ba52a SHA256 f0e37a61d23c8a92110873cb031359c982e6b051e17592629586cf6ef6f40b98
+MISC ChangeLog 13837 RMD160 31a59587db59b1952b22abf06a94c7f9c758c419 SHA1 3a84f9bf4517a6a750f6de01d16bbf10eda7e6ef SHA256 084c7c8eb25b090430c09bcd7c2335b171a4b566331fb0992778fc9c2de9d3b1
 MISC metadata.xml 717 RMD160 0fc1c3cf181bfbe5d0e2c31e7c0db5f7a837cd91 SHA1 2ee21a2645c4e8e96e4714ba12ad0037631e83b9 SHA256 0c06ffad8c7c95b22992240c5fe0516a3e29a65ebe8da43e184fc2c8b08a1971
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iF4EAREIAAYFAk4W4ZUACgkQXkR9YqOcLPEbBQD/bvygeZ6CJjOohmswM/VOEToi
-VpWJtPjS0kThGj6as9wA/iirzuGeT0VDKnOWv/6CmmvUgBKEbMOfswfcKhOdEP4o
-=f7lJ
+iEYEAREIAAYFAk4gzWQACgkQl5yvQNBFVTU52wCePrxaVTBuWkksLworiUicFVka
+YEgAn2xDwE7Q9WK63Z0gYOkeuDEu4Zc6
+=8FnM
 -----END PGP SIGNATURE-----
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz
new file mode 100644
index 000000000000..d58b5b384139
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch.gz
new file mode 100644
index 000000000000..336dcb21bb7f
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch.gz
diff --git a/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild b/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild
new file mode 100644
index 000000000000..9d2917cd588d
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild,v 1.1 2011/07/15 23:29:30 blueness Exp $
+
+EAPI="3"
+PYTHON_DEPEND="*"
+PYTHON_USE_WITH="xml"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="*-jython"
+
+inherit multilib python toolchain-funcs eutils
+
+EXTRAS_VER="1.20"
+SEMNG_VER="2.0.46"
+SELNX_VER="2.0.98"
+SEPOL_VER="2.0.42"
+
+IUSE=""
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="http://userspace.selinuxproject.org"
+SRC_URI="http://userspace.selinuxproject.org/releases/20101221/devel/${P}.tar.gz
+	mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2
+	mirror://gentoo/policycoreutils-2.0.85-python3.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
+	>=sys-libs/glibc-2.4
+	>=sys-process/audit-1.5.1
+	>=sys-libs/libcap-1.10-r10
+	sys-libs/pam
+	>=sys-libs/libsemanage-${SEMNG_VER}[python]
+	sys-libs/libcap-ng
+	>=sys-libs/libsepol-${SEPOL_VER}
+	sys-devel/gettext"
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${COMMON_DEPS}
+	dev-python/sepolgen
+	app-misc/pax-utils"
+
+DEPEND="${COMMON_DEPS}"
+
+S2=${WORKDIR}/policycoreutils-extra
+
+src_prepare() {
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+	# We currently do not support MCS, so the sandbox code in policycoreutils
+	# is not usable yet. However, work for MCS is on the way and a reported
+	# vulnerability (bug #374897) might go by unnoticed if we ignore it now.
+	# As such, we will
+	# - prepare support for switching name from "sandbox" to "sesandbox"
+	epatch "${FILESDIR}/policycoreutils-2.0.85-sesandbox.patch.gz"
+	# - patch the sandbox and seunshare code to fix the vulnerability
+	#   (uses, with permission, extract from
+	#   http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob_plain;f=policycoreutils-rhat.patch;hb=HEAD)
+	epatch "${FILESDIR}/policycoreutils-2.0.85-fix-seunshare-vuln.patch.gz"
+	# But for now, disable building sandbox code
+	sed -i -e 's/sandbox //' "${S}/Makefile" || die "failed removing sandbox"
+	# Overwrite gl.po, id.po and et.po with valid PO file
+	cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po"
+	cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po"
+	cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po"
+	# Fixed scripts for Python 3 support
+	cp "${WORKDIR}/seobject.py" "${S}/semanage/seobject.py" || die "failed to copy seobject.py"
+	cp "${WORKDIR}/semanage" "${S}/semanage/semanage" || die "failed to copy semanage"
+	cp "${WORKDIR}/chcat" "${S}/scripts/chcat" || die "failed to copy chcat"
+	cp "${WORKDIR}/audit2allow" "${S}/audit2allow/audit2allow" || die "failed to copy audit2allow"
+	cp "${WORKDIR}/rlpkg" "${S2}/scripts/rlpkg" || die "failed to copy rlpkg"
+}
+
+src_compile() {
+	python_copy_sources semanage sandbox
+	building() {
+		einfo "Compiling policycoreutils"
+		emake -C "${S}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+		einfo "Compiling policycoreutils-extra"
+		emake -C "${S2}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+	}
+	python_execute_function -s --source-dir semanage building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation() {
+		einfo "Installing policycoreutils"
+		emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1
+
+		einfo "Installing policycoreutils-extra"
+		emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
+	}
+	python_execute_function installation
+	python_merge_intermediate_installation_images "${T}/images"
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d"
+
+	# compatibility symlinks
+	dosym /sbin/setfiles /usr/sbin/setfiles
+	dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+}
+
+pkg_postinst() {
+	python_mod_optimize seobject.py
+}
+
+pkg_postrm() {
+	python_mod_cleanup seobject.py
+}
author	Anthony G. Basile <blueness@gentoo.org>	2011-07-15 23:29:30 +0000
committer	Anthony G. Basile <blueness@gentoo.org>	2011-07-15 23:29:30 +0000
commit	38e4e4ba516dacacb7350399c6c1f764379be6e2 (patch)
tree	38473808778878461ad5dc8e382bc86b38365ea5 /sys-apps/policycoreutils
parent	Changed dependency on sci-electronics/ng-spice-rework to sci-electronics/ngsp... (diff)
download	historical-38e4e4ba516dacacb7350399c6c1f764379be6e2.tar.gz historical-38e4e4ba516dacacb7350399c6c1f764379be6e2.tar.bz2 historical-38e4e4ba516dacacb7350399c6c1f764379be6e2.zip