sys-apps/policycoreutils: Sync with Gentoo

krnowak · krnowak · commit 42379ec275fa · 2025-04-29T13:25:07.000+02:00
It's from Gentoo commit b854c7e78dfbd4c9afcadf9d2beb92e9cd24424b.
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/Manifest
@@ -1,2 +1,3 @@
 DIST policycoreutils-3.7.tar.gz 757142 BLAKE2B 95794d48ef80882803199af5330f0ac4f1cee6710562a559e3d8fd94475d117286f8b612ffc5dc9027f4f8f4cd55e82ddb4d328e91d6c9846b18460c9bee159b SHA512 30e3413b15df0bf1a994d2b3a03a719f89b3ee521a708b92fcc684822152145722cb3ef28fd5b7c42b779281b0bd4d69d65c0bc2605eec1af3f388609d985500
+DIST policycoreutils-3.8.1.tar.gz 758726 BLAKE2B cda4c6a967a156874d6adcadbda546d8cf30d19622e0bec85ade88eccf730e4dd143eb7b07678826e1284aaa2fe316c24f828d28f422e15694d38d4e06035b78 SHA512 e14df87d163eec46a57bb7496db77090bd310554b2af1b68c66d9ef2f160bc4ac17305fb889a5415489baeabfd47946c0e37e6ad4dd14e392529c802ad06290b
 DIST policycoreutils-extra-1.37.tar.bz2 8809 BLAKE2B a7f6122c2e27f54b018174e962bd7f4c14af04e09bbb5300bde6967ea7f2dc5cd03b5787919a4e7f5288bcbc6747922962b5bd3b588ab1e3a035fbff4910d8f5 SHA512 0a85cd7cf279256b5e1927f9dfdd89626a1c8b77b0aeb62b496e7e8d1dccbaa315e39f9308fb2df7270f0bc1c10787b19990e7365cad74b47b61e30394c8b23f
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/policycoreutils-3.7.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/policycoreutils-3.7.ebuild
@@ -17,45 +17,32 @@ HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
 if [[ ${PV} == 9999 ]]; then
 	inherit git-r3
 	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
-	SRC_URI="!vanilla? ( https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2 )"
+	SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
 	S1="${WORKDIR}/${P}/${PN}"
 	S2="${WORKDIR}/policycoreutils-extra"
 	S="${S1}"
 else
 	SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz
-		!vanilla? ( https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2 )"
-	KEYWORDS="amd64 ~arm ~arm64 ~riscv x86"
+		https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	KEYWORDS="amd64 arm arm64 ~riscv x86"
 	S1="${WORKDIR}/${MY_P}"
 	S2="${WORKDIR}/policycoreutils-extra"
 	S="${S1}"
 fi
 
 LICENSE="GPL-2"
 SLOT="0"
-IUSE="audit pam split-usr vanilla +python"
-REQUIRED_USE="
-	!vanilla? ( python ${PYTHON_REQUIRED_USE} )
-"
-
-DEPEND="
-	python? (
-		>=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
-		>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
-		audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
-		${PYTHON_DEPS}
-	)
-	!python? (
-		>=sys-libs/libselinux-${PV}:=
-		>=sys-libs/libsemanage-${PV}:=
-		audit? ( >=sys-process/audit-1.5.1 )
-	)
+IUSE="audit pam split-usr"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+DEPEND=">=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
+	>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
 	>=sys-libs/libsepol-${PV}:=
 	sys-libs/libcap-ng:=
+	>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
+	audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
 	pam? ( sys-libs/pam:= )
-	!vanilla? (
-		>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
-	)
-"
+	${PYTHON_DEPS}"
 
 # Avoid dependency loop in the cross-compile case, bug #755173
 # (Still exists in native)
@@ -66,7 +53,7 @@ RDEPEND="${DEPEND}
 	app-misc/pax-utils"
 
 PDEPEND="sys-apps/semodule-utils
-	python? ( sys-apps/selinux-python )"
+	sys-apps/selinux-python"
 
 src_unpack() {
 	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
@@ -84,96 +71,69 @@ src_prepare() {
 		eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch"
 	fi
 
-	if ! use vanilla; then
-		# rlpkg is more useful than fixfiles
-		sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
-			|| die "fixfiles sed 1 failed"
-		sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
-			|| die "fixfiles sed 2 failed"
-	fi
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
 
 	eapply_user
 
 	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
 
-	if ! use vanilla; then
-		python_copy_sources
-		# Our extra code is outside the regular directory, so set it to the extra
-		# directory. We really should optimize this as it is ugly, but the extra
-		# code is needed for Gentoo at the same time that policycoreutils is present
-		# (so we cannot use an additional package for now).
-		S="${S2}"
-		python_copy_sources
-	fi
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
 }
 
 src_compile() {
 	building() {
-		local build_dir=${1}
-		emake -C "${build_dir}" \
+		emake -C "${BUILD_DIR}" \
 			AUDIT_LOG_PRIVS="y" \
 			AUDITH="$(usex audit y n)" \
 			PAMH="$(usex pam y n)" \
 			SESANDBOX="n" \
 			CC="$(tc-getCC)" \
 			LIBDIR="\$(PREFIX)/$(get_libdir)"
 	}
-	if ! use vanilla; then
-		building_with_python() {
-			building "${BUILD_DIR}"
-		}
-		S="${S1}" # Regular policycoreutils
-		python_foreach_impl building_with_python
-		S="${S2}" # Extra set
-		python_foreach_impl building_with_python
-		unset -f building_with_python
-	else
-		S="${S1}" # Regular policycoreutils
-		building "${S}"
-	fi
-	unset -f building
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
 }
 
 src_install() {
-	installation-policycoreutils-base() {
-		local build_dir=${1}
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
 		einfo "Installing policycoreutils"
-		emake -C "${build_dir}" DESTDIR="${D}" \
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
 			AUDIT_LOG_PRIVS="y" \
 			AUDITH="$(usex audit y n)" \
 			PAMH="$(usex pam y n)" \
 			SESANDBOX="n" \
 			CC="$(tc-getCC)" \
 			LIBDIR="\$(PREFIX)/$(get_libdir)" \
 			install
+		python_optimize
 	}
 
-	if ! use vanilla; then
-		# Python scripts are present in many places. There are no extension modules.
-		installation-policycoreutils() {
-			installation-policycoreutils-base "${BUILD_DIR}"
-			python_optimize
-		}
-
-		installation-extras() {
-			einfo "Installing policycoreutils-extra"
-			emake -C "${BUILD_DIR}" \
-				DESTDIR="${D}" \
-				install
-			python_optimize
-		}
-
-		S="${S1}" # policycoreutils
-		python_foreach_impl installation-policycoreutils
-		S="${S2}" # extras
-		python_foreach_impl installation-extras
-		S="${S1}" # back for later
-		unset -f installation-extras installation-policycoreutils
-	else
-		S="${S1}" # policycoreutils
-		installation-policycoreutils-base "${S}"
-	fi
-	unset -f installation-policycoreutils-base
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" \
+			DESTDIR="${D}" \
+			install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
 
 	# remove redhat-style init script
 	rm -fR "${D}/etc/rc.d" || die
@@ -192,12 +152,10 @@ src_install() {
 	dodir /var/lib/selinux
 	keepdir /var/lib/selinux
 
-	if ! use vanilla; then
-		# Set version-specific scripts
-		for pyscript in rlpkg; do
-			python_replicate_script "${ED}/usr/sbin/${pyscript}"
-		done
-	fi
+	# Set version-specific scripts
+	for pyscript in rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
 }
 
 pkg_postinst() {
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/policycoreutils-3.8.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/policycoreutils-3.8.1.ebuild
@@ -0,0 +1,168 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+PYTHON_COMPAT=( python3_{10..13} )
+PYTHON_REQ_USE="xml(+)"
+
+inherit python-r1 toolchain-funcs bash-completion-r1
+
+MY_PV="${PV//_/-}"
+MY_P="${PN}-${MY_PV}"
+EXTRAS_VER="1.37"
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="https://github.com/SELinuxProject/selinux/wiki"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/SELinuxProject/selinux.git"
+	SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	S1="${WORKDIR}/${P}/${PN}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+else
+	SRC_URI="https://github.com/SELinuxProject/selinux/releases/download/${MY_PV}/${MY_P}.tar.gz
+		https://dev.gentoo.org/~perfinion/distfiles/policycoreutils-extra-${EXTRAS_VER}.tar.bz2"
+	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+	S1="${WORKDIR}/${MY_P}"
+	S2="${WORKDIR}/policycoreutils-extra"
+	S="${S1}"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="audit pam split-usr"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+DEPEND=">=sys-libs/libselinux-${PV}:=[python,${PYTHON_USEDEP}]
+	>=sys-libs/libsemanage-${PV}:=[python(+),${PYTHON_USEDEP}]
+	>=sys-libs/libsepol-${PV}:=
+	sys-libs/libcap-ng:=
+	>=app-admin/setools-4.2.0[${PYTHON_USEDEP}]
+	audit? ( >=sys-process/audit-1.5.1[python,${PYTHON_USEDEP}] )
+	pam? ( sys-libs/pam:= )
+	${PYTHON_DEPS}"
+
+# Avoid dependency loop in the cross-compile case, bug #755173
+# (Still exists in native)
+BDEPEND="sys-devel/gettext"
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${DEPEND}
+	app-misc/pax-utils"
+
+PDEPEND="sys-apps/semodule-utils
+	sys-apps/selinux-python"
+
+src_unpack() {
+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
+	default
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	fi
+}
+
+src_prepare() {
+	S="${S1}"
+	cd "${S}" || die "Failed to switch to ${S}"
+	if [[ ${PV} != 9999 ]] ; then
+		# If needed for live ebuilds please use /etc/portage/patches
+		eapply "${FILESDIR}/policycoreutils-3.1-0001-newrole-not-suid.patch"
+	fi
+
+	# rlpkg is more useful than fixfiles
+	sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 1 failed"
+	sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+		|| die "fixfiles sed 2 failed"
+
+	eapply_user
+
+	sed -i 's/-Werror//g' "${S1}"/*/Makefile || die "Failed to remove Werror"
+
+	python_copy_sources
+	# Our extra code is outside the regular directory, so set it to the extra
+	# directory. We really should optimize this as it is ugly, but the extra
+	# code is needed for Gentoo at the same time that policycoreutils is present
+	# (so we cannot use an additional package for now).
+	S="${S2}"
+	python_copy_sources
+}
+
+src_compile() {
+	building() {
+		emake -C "${BUILD_DIR}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit y n)" \
+			PAMH="$(usex pam y n)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)"
+	}
+	S="${S1}" # Regular policycoreutils
+	python_foreach_impl building
+	S="${S2}" # Extra set
+	python_foreach_impl building
+}
+
+src_install() {
+	# Python scripts are present in many places. There are no extension modules.
+	installation-policycoreutils() {
+		einfo "Installing policycoreutils"
+		emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+			AUDIT_LOG_PRIVS="y" \
+			AUDITH="$(usex audit y n)" \
+			PAMH="$(usex pam y n)" \
+			SESANDBOX="n" \
+			CC="$(tc-getCC)" \
+			LIBDIR="\$(PREFIX)/$(get_libdir)" \
+			install
+		python_optimize
+	}
+
+	installation-extras() {
+		einfo "Installing policycoreutils-extra"
+		emake -C "${BUILD_DIR}" \
+			DESTDIR="${D}" \
+			install
+		python_optimize
+	}
+
+	S="${S1}" # policycoreutils
+	python_foreach_impl installation-policycoreutils
+	S="${S2}" # extras
+	python_foreach_impl installation-extras
+	S="${S1}" # back for later
+
+	# remove redhat-style init script
+	rm -fR "${D}/etc/rc.d" || die
+
+	# compatibility symlinks
+	if use split-usr; then
+		dosym ../../sbin/setfiles /usr/sbin/setfiles
+	else
+		# remove sestatus symlink
+		rm -f "${D}"/usr/sbin/sestatus || die
+	fi
+
+	bashcomp_alias setsebool getsebool
+
+	# location for policy definitions
+	dodir /var/lib/selinux
+	keepdir /var/lib/selinux
+
+	# Set version-specific scripts
+	for pyscript in rlpkg; do
+	  python_replicate_script "${ED}/usr/sbin/${pyscript}"
+	done
+}
+
+pkg_postinst() {
+	for POLICY_TYPE in ${POLICY_TYPES} ; do
+		# There have been some changes to the policy store, rebuilding now.
+		# https://marc.info/?l=selinux&m=143757277819717&w=2
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -p "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+	done
+}
diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/policycoreutils-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/policycoreutils/policycoreutils-9999.ebuild

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`DIST policycoreutils-3.7.tar.gz 757142 BLAKE2B 95794d48ef80882803199af5330f0ac4f1cee6710562a559e3d8fd94475d117286f8b612ffc5dc9027f4f8f4cd55e82ddb4d328e91d6c9846b18460c9bee159b SHA512 30e3413b15df0bf1a994d2b3a03a719f89b3ee521a708b92fcc684822152145722cb3ef28fd5b7c42b779281b0bd4d69d65c0bc2605eec1af3f388609d985500`
	`2`	`+DIST policycoreutils-3.8.1.tar.gz 758726 BLAKE2B cda4c6a967a156874d6adcadbda546d8cf30d19622e0bec85ade88eccf730e4dd143eb7b07678826e1284aaa2fe316c24f828d28f422e15694d38d4e06035b78 SHA512 e14df87d163eec46a57bb7496db77090bd310554b2af1b68c66d9ef2f160bc4ac17305fb889a5415489baeabfd47946c0e37e6ad4dd14e392529c802ad06290b`
`2`	`3`	`DIST policycoreutils-extra-1.37.tar.bz2 8809 BLAKE2B a7f6122c2e27f54b018174e962bd7f4c14af04e09bbb5300bde6967ea7f2dc5cd03b5787919a4e7f5288bcbc6747922962b5bd3b588ab1e3a035fbff4910d8f5 SHA512 0a85cd7cf279256b5e1927f9dfdd89626a1c8b77b0aeb62b496e7e8d1dccbaa315e39f9308fb2df7270f0bc1c10787b19990e7365cad74b47b61e30394c8b23f`