diff options
author | Nicolas Iooss | 2017-08-01 21:47:32 +0200 |
---|---|---|
committer | Nicolas Iooss | 2017-08-01 21:47:32 +0200 |
commit | a0e2eccfbc00142e460e229bde8594ad37667397 (patch) | |
tree | 0334c0eb9196085241cc04c5c3a4d17aaf3273d4 | |
download | aur-a0e2eccfbc00142e460e229bde8594ad37667397.tar.gz |
Create selinux-refpolicy-git package
-rw-r--r-- | .SRCINFO | 26 | ||||
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | PKGBUILD | 61 | ||||
-rw-r--r-- | config | 9 | ||||
-rw-r--r-- | selinux-refpolicy-git.install | 27 |
5 files changed, 125 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..22947d3cdf7f --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,26 @@ +pkgbase = selinux-refpolicy-git + pkgdesc = Modular SELinux reference policy including headers and docs + pkgver = RELEASE_2_20170204.r202.g95ab6e9524de + pkgrel = 1 + url = https://github.com/TresysTechnology/refpolicy/wiki + install = selinux-refpolicy-git.install + arch = any + groups = selinux + license = GPL2 + makedepends = git + makedepends = python + makedepends = checkpolicy>=2.6 + makedepends = libsepol>=2.6 + makedepends = libsemanage>=2.6 + depends = policycoreutils>=2.6 + optdepends = linux-hardened: Linux kernel with SELinux support + optdepends = linux-selinux: Linux kernel with SELinux support + source = git+https://github.com/TresysTechnology/refpolicy + source = git+https://github.com/TresysTechnology/refpolicy-contrib + source = config + sha256sums = SKIP + sha256sums = SKIP + sha256sums = a5faaa2a2c3f986770a9296882b1887c2bdd38b0a990a36f95fe22f22ffb5c13 + +pkgname = selinux-refpolicy-git + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..20f793a17795 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/refpolicy/ +/refpolicy-contrib/ diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..16873a3e748a --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,61 @@ +# Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org) + +pkgname=selinux-refpolicy-git +_policyname=refpolicy-git +pkgver=RELEASE_2_20170204.r202.g95ab6e9524de +pkgrel=1 +pkgdesc="Modular SELinux reference policy including headers and docs" +arch=('any') +url="https://github.com/TresysTechnology/refpolicy/wiki" +license=('GPL2') +groups=('selinux') +makedepends=('git' 'python' 'checkpolicy>=2.6' 'libsepol>=2.6' 'libsemanage>=2.6') +depends=('policycoreutils>=2.6') +optdepends=('linux-hardened: Linux kernel with SELinux support' + 'linux-selinux: Linux kernel with SELinux support') +install="${pkgname}.install" +source=("git+https://github.com/TresysTechnology/refpolicy" + "git+https://github.com/TresysTechnology/refpolicy-contrib" + 'config') +sha256sums=('SKIP' + 'SKIP' + 'a5faaa2a2c3f986770a9296882b1887c2bdd38b0a990a36f95fe22f22ffb5c13') + +pkgver() { + cd refpolicy + git describe --long | sed 's/\([^-]*-g\)/r\1/;s/-/./g' +} + +prepare() { + cd refpolicy + + # Check out contrib module + git submodule init + git config submodule.policy/modules/contrib.url "${srcdir}/refpolicy-contrib" + git submodule update + + # Ensure the environment is clean + make bare + + # Configure, overriding build.conf values with the ones given on the command line + make conf NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n +} + +build() { + cd refpolicy + make NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n +} + +package() { + cd refpolicy + make install \ + DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n + make install-headers \ + DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n + make install-docs \ + DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n \ + PKGNAME="${_policyname}" + + # Install main SELinux config file defaulting to refpolicy + install -m644 -D "${srcdir}/config" "${pkgdir}/etc/selinux/config.${_policyname}" +} diff --git a/config b/config new file mode 100644 index 000000000000..7c050817ad16 --- /dev/null +++ b/config @@ -0,0 +1,9 @@ +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=permissive +# SELINUXTYPE= takes the name of SELinux policy to be used. +# Use "refpolicy-git" to use reference policy git master revision +SELINUXTYPE=refpolicy-git diff --git a/selinux-refpolicy-git.install b/selinux-refpolicy-git.install new file mode 100644 index 000000000000..15aa418eb850 --- /dev/null +++ b/selinux-refpolicy-git.install @@ -0,0 +1,27 @@ +post_install() { + echo ">>> Building refpolicy-git policy store. Please wait ..." + /usr/bin/semodule -s refpolicy-git -i /usr/share/selinux/refpolicy-git/*.pp + if [ -e /etc/selinux/config ] + then + echo ">>> In order to use this policy, set SELINUXTYPE=refpolicy-git in /etc/selinux/config." + else + /usr/bin/ln -v -s config.refpolicy-git /etc/selinux/config + fi + echo ">>> Relabeling the filesystem may be needed." + echo ">>> This can be done with: /usr/bin/restorecon -rF /" +} + +post_upgrade() { + post_install +} + +post_remove() { + echo ">>> Removing refpolicy-git left-over files in /var/lib/selinux" + /usr/bin/rm -rf /var/lib/selinux/refpolicy-git + + if [ -L /etc/selinux/config ] && ! [ -e /etc/selinux/config ] + then + echo ">>> Removing now-broken symbolic link /etc/selinux/config" + /usr/bin/rm /etc/selinux/config + fi +} |