Create selinux-refpolicy-git package

author: Nicolas Iooss 2017-08-01 21:47:32 +0200
committer: Nicolas Iooss 2017-08-01 21:47:32 +0200
commit: a0e2eccfbc00142e460e229bde8594ad37667397 (patch)
tree: 0334c0eb9196085241cc04c5c3a4d17aaf3273d4
download: aur-a0e2eccfbc00142e460e229bde8594ad37667397.tar.gz
5 files changed, 125 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..22947d3cdf7f
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,26 @@
+pkgbase = selinux-refpolicy-git
+	pkgdesc = Modular SELinux reference policy including headers and docs
+	pkgver = RELEASE_2_20170204.r202.g95ab6e9524de
+	pkgrel = 1
+	url = https://github.com/TresysTechnology/refpolicy/wiki
+	install = selinux-refpolicy-git.install
+	arch = any
+	groups = selinux
+	license = GPL2
+	makedepends = git
+	makedepends = python
+	makedepends = checkpolicy>=2.6
+	makedepends = libsepol>=2.6
+	makedepends = libsemanage>=2.6
+	depends = policycoreutils>=2.6
+	optdepends = linux-hardened: Linux kernel with SELinux support
+	optdepends = linux-selinux: Linux kernel with SELinux support
+	source = git+https://github.com/TresysTechnology/refpolicy
+	source = git+https://github.com/TresysTechnology/refpolicy-contrib
+	source = config
+	sha256sums = SKIP
+	sha256sums = SKIP
+	sha256sums = a5faaa2a2c3f986770a9296882b1887c2bdd38b0a990a36f95fe22f22ffb5c13
+
+pkgname = selinux-refpolicy-git
+
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000000..20f793a17795
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/refpolicy/
+/refpolicy-contrib/
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..16873a3e748a
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,61 @@
+# Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org)
+
+pkgname=selinux-refpolicy-git
+_policyname=refpolicy-git
+pkgver=RELEASE_2_20170204.r202.g95ab6e9524de
+pkgrel=1
+pkgdesc="Modular SELinux reference policy including headers and docs"
+arch=('any')
+url="https://github.com/TresysTechnology/refpolicy/wiki"
+license=('GPL2')
+groups=('selinux')
+makedepends=('git' 'python' 'checkpolicy>=2.6' 'libsepol>=2.6' 'libsemanage>=2.6')
+depends=('policycoreutils>=2.6')
+optdepends=('linux-hardened: Linux kernel with SELinux support'
+            'linux-selinux: Linux kernel with SELinux support')
+install="${pkgname}.install"
+source=("git+https://github.com/TresysTechnology/refpolicy"
+        "git+https://github.com/TresysTechnology/refpolicy-contrib"
+        'config')
+sha256sums=('SKIP'
+            'SKIP'
+            'a5faaa2a2c3f986770a9296882b1887c2bdd38b0a990a36f95fe22f22ffb5c13')
+
+pkgver() {
+  cd refpolicy
+  git describe --long | sed 's/\([^-]*-g\)/r\1/;s/-/./g'
+}
+
+prepare() {
+  cd refpolicy
+
+  # Check out contrib module
+  git submodule init
+  git config submodule.policy/modules/contrib.url "${srcdir}/refpolicy-contrib"
+  git submodule update
+
+  # Ensure the environment is clean
+  make bare
+
+  # Configure, overriding build.conf values with the ones given on the command line
+  make conf NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n
+}
+
+build() {
+  cd refpolicy
+  make NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n
+}
+
+package() {
+  cd refpolicy
+  make install \
+    DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n
+  make install-headers \
+    DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n
+  make install-docs \
+    DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n \
+    PKGNAME="${_policyname}"
+
+  # Install main SELinux config file defaulting to refpolicy
+  install -m644 -D "${srcdir}/config" "${pkgdir}/etc/selinux/config.${_policyname}"
+}
diff --git a/config b/config
new file mode 100644
index 000000000000..7c050817ad16
--- /dev/null
+++ b/config
@@ -0,0 +1,9 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#       enforcing - SELinux security policy is enforced.
+#       permissive - SELinux prints warnings instead of enforcing.
+#       disabled - No SELinux policy is loaded.
+SELINUX=permissive
+# SELINUXTYPE= takes the name of SELinux policy to be used.
+# Use "refpolicy-git" to use reference policy git master revision
+SELINUXTYPE=refpolicy-git
diff --git a/selinux-refpolicy-git.install b/selinux-refpolicy-git.install
new file mode 100644
index 000000000000..15aa418eb850
--- /dev/null
+++ b/selinux-refpolicy-git.install
@@ -0,0 +1,27 @@
+post_install() {
+  echo ">>> Building refpolicy-git policy store. Please wait ..."
+  /usr/bin/semodule -s refpolicy-git -i /usr/share/selinux/refpolicy-git/*.pp
+  if [ -e /etc/selinux/config ]
+  then
+    echo ">>> In order to use this policy, set SELINUXTYPE=refpolicy-git in /etc/selinux/config."
+  else
+    /usr/bin/ln -v -s config.refpolicy-git /etc/selinux/config
+  fi
+  echo ">>> Relabeling the filesystem may be needed."
+  echo ">>> This can be done with: /usr/bin/restorecon -rF /"
+}
+
+post_upgrade() {
+  post_install
+}
+
+post_remove() {
+  echo ">>> Removing refpolicy-git left-over files in /var/lib/selinux"
+  /usr/bin/rm -rf /var/lib/selinux/refpolicy-git
+
+  if [ -L /etc/selinux/config ] && ! [ -e /etc/selinux/config ]
+  then
+    echo ">>> Removing now-broken symbolic link /etc/selinux/config"
+    /usr/bin/rm /etc/selinux/config
+  fi
+}
author	Nicolas Iooss	2017-08-01 21:47:32 +0200
committer	Nicolas Iooss	2017-08-01 21:47:32 +0200
commit	a0e2eccfbc00142e460e229bde8594ad37667397 (patch)
tree	0334c0eb9196085241cc04c5c3a4d17aaf3273d4
download	aur-a0e2eccfbc00142e460e229bde8594ad37667397.tar.gz