# Maintainer: Tycho Andersen global pkgname := 'refpolicy' global pkgver := '20170204' global pkgrel := '0' global pkgdesc := '"SELinux policy reference'" global url := '"https://github.com/TresysTechnology/refpolicy/wiki'" global arch := '"noarch'" global license := '"GPLv2'" global depends := ''"" global depends_dev := ''"" global makedepends := ""$depends_dev checkpolicy python gawk"" global install := ''"" global subpackages := ""$pkgname-doc"" global source := ""https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-2.$pkgver.tar.bz2 Makefile.devel"" global builddir := ""$srcdir/refpolicy"" # refpolicy config global monolithic := 'n' global distro := 'gentoo' # unknown perms here means what to do with perms that are unknown to the # current userspace, because the kernel version is newer. By default, we deny. global unknown_perms := 'deny' # These are somewhat related to what is in the CentOS spec file, although they # are slightly differnet in what they install. # # https://selinuxproject.org/page/NB_RefPolicy#Reference_Policy_Build_Options_-_build.conf # are the build options: M{L,C}S_CATS are the number of categories for m{l,c}s policies. proc make_cmds { make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 bare || return 1 make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 conf || return 1 } proc install_cmds { make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" base.pp make validate UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" modules make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install-appconfig make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install-docs make UNK_PERMS=$3 NAME=$1 TYPE=$2 DISTRO=$distro UBAC=n DIRECT_INITRC=y MONOLITHIC=$monolithic MLS_CATS=1024 MCS_CATS=1024 DESTDIR="$pkgdir" install-headers } proc build { cd $builddir make_cmds targeted mcs $unknown_perms || return 1 } proc package { cd $builddir install_cmds targeted mcs $unknown_perms || return 1 mkdir -p $pkgdir/usr/share/selinux/devel || return 1 cp -r "$pkgdir/usr/share/selinux/targeted/include" "$pkgdir/usr/share/selinux/devel/include" cp $srcdir/Makefile.devel "$pkgdir/usr/share/selinux/devel/Makefile" || return 1 install -m 644 doc/example.* "$pkgdir/usr/share/selinux/devel" || return 1 install -m 644 doc/policy.* "$pkgdir/usr/share/selinux/devel" || return 1 # TODO: libselinux needs to build the python bindings for this to work # sepolicy manpage -a -p "$pkgdir/usr/share/man/man8/" -w -r "$pkgdir" || return 1 } global sha512sums := '"30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f refpolicy-2.20170204.tar.bz2 01bd5f58e05feba2f318f6b80fb4c6cbe405691f947fee48566ad75c935d6e824ccfda5de88c5dad74b531ed28c18615d8ef4e2c2371d71c776b78767eb33740 Makefile.devel'" (CommandList children: [ (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgname) op:Equal rhs:{(refpolicy)} spids:[3])] spids: [3] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgver) op:Equal rhs:{(20170204)} spids:[6])] spids: [6] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:pkgrel) op:Equal rhs:{(0)} spids:[9])] spids: [9] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:pkgdesc) op: Equal rhs: {(DQ ("SELinux policy reference"))} spids: [12] ) ] spids: [12] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:url) op: Equal rhs: {(DQ ("https://github.com/TresysTechnology/refpolicy/wiki"))} spids: [17] ) ] spids: [17] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:arch) op:Equal rhs:{(DQ (noarch))} spids:[22])] spids: [22] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:license) op:Equal rhs:{(DQ (GPLv2))} spids:[27])] spids: [27] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:depends) op:Equal rhs:{(DQ )} spids:[32])] spids: [32] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:depends_dev) op:Equal rhs:{(DQ )} spids:[36])] spids: [36] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:makedepends) op: Equal rhs: {(DQ ($ VSub_Name "$depends_dev") (" checkpolicy python gawk"))} spids: [40] ) ] spids: [40] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:install) op:Equal rhs:{(DQ )} spids:[46])] spids: [46] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:subpackages) op: Equal rhs: {(DQ ($ VSub_Name "$pkgname") (-doc))} spids: [50] ) ] spids: [50] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:source) op: Equal rhs: { (DQ ( "https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-2." ) ($ VSub_Name "$pkgver") (".tar.bz2\n") ("\tMakefile.devel") ) } spids: [56] ) ] spids: [56] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:builddir) op: Equal rhs: {(DQ ($ VSub_Name "$srcdir") (/refpolicy))} spids: [64] ) ] spids: [64] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:monolithic) op:Equal rhs:{(n)} spids:[74])] spids: [74] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:distro) op:Equal rhs:{(gentoo)} spids:[77])] spids: [77] ) (Assignment keyword: Assign_None pairs: [(assign_pair lhs:(LhsName name:unknown_perms) op:Equal rhs:{(deny)} spids:[86])] spids: [86] ) (FuncDef name: make_cmds body: (BraceGroup children: [ (AndOr children: [ (C {(make)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(bare)} ) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(make)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(conf)} ) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) ] spids: [109] ) spids: [105 108] ) (FuncDef name: install_cmds body: (BraceGroup children: [ (C {(make)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(Lit_VarLike "SEMOD_EXP=") (DQ ("/usr/bin/semodule_expand -a"))} {(base.pp)} ) (C {(make)} {(validate)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(Lit_VarLike "SEMOD_EXP=") (DQ ("/usr/bin/semodule_expand -a"))} {(modules)} ) (C {(make)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(Lit_VarLike "DESTDIR=") (DQ ($ VSub_Name "$pkgdir"))} {(install)} ) (C {(make)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(Lit_VarLike "DESTDIR=") (DQ ($ VSub_Name "$pkgdir"))} {(install-appconfig)} ) (C {(make)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(Lit_VarLike "DESTDIR=") (DQ ($ VSub_Name "$pkgdir"))} {(install-docs)} ) (C {(make)} {(Lit_VarLike "UNK_PERMS=") ($ VSub_Number "$3")} {(Lit_VarLike "NAME=") ($ VSub_Number "$1")} {(Lit_VarLike "TYPE=") ($ VSub_Number "$2")} {(Lit_VarLike "DISTRO=") ($ VSub_Name "$distro")} {(Lit_VarLike "UBAC=") (n)} {(Lit_VarLike "DIRECT_INITRC=") (y)} {(Lit_VarLike "MONOLITHIC=") ($ VSub_Name "$monolithic")} {(Lit_VarLike "MLS_CATS=") (1024)} {(Lit_VarLike "MCS_CATS=") (1024)} {(Lit_VarLike "DESTDIR=") (DQ ($ VSub_Name "$pkgdir"))} {(install-headers)} ) ] spids: [194] ) spids: [190 193] ) (FuncDef name: build body: (BraceGroup children: [ (C {(cd)} {(DQ ($ VSub_Name "$builddir"))}) (AndOr children: [ (C {(make_cmds)} {(targeted)} {(mcs)} {($ VSub_Name "$unknown_perms")}) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) ] spids: [427] ) spids: [423 426] ) (FuncDef name: package body: (BraceGroup children: [ (C {(cd)} {(DQ ($ VSub_Name "$builddir"))}) (AndOr children: [ (C {(install_cmds)} {(targeted)} {(mcs)} {($ VSub_Name "$unknown_perms")}) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(mkdir)} {(-p)} {($ VSub_Name "$pkgdir") (/usr/share/selinux/devel)}) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) (C {(cp)} {(-r)} {(DQ ($ VSub_Name "$pkgdir") (/usr/share/selinux/targeted/include))} {(DQ ($ VSub_Name "$pkgdir") (/usr/share/selinux/devel/include))} ) (AndOr children: [ (C {(cp)} {($ VSub_Name "$srcdir") (/Makefile.devel)} {(DQ ($ VSub_Name "$pkgdir") (/usr/share/selinux/devel/Makefile))} ) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(install)} {(-m)} {(644)} {(doc/example.) (Lit_Other "*")} {(DQ ($ VSub_Name "$pkgdir") (/usr/share/selinux/devel))} ) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) (AndOr children: [ (C {(install)} {(-m)} {(644)} {(doc/policy.) (Lit_Other "*")} {(DQ ($ VSub_Name "$pkgdir") (/usr/share/selinux/devel))} ) (ControlFlow token: arg_word:{(1)}) ] op_id: Op_DPipe ) ] spids: [458] ) spids: [454 457] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:sha512sums) op: Equal rhs: { (DQ ( "30deabb02a5bde51c463e3e89988d850cff51596c2e72733a064245dec152ea46317eea79550dbe82a7a0d327ec0bcfbd9474ff8a902507392df0da00df6397f refpolicy-2.20170204.tar.bz2\n" ) ( "01bd5f58e05feba2f318f6b80fb4c6cbe405691f947fee48566ad75c935d6e824ccfda5de88c5dad74b531ed28c18615d8ef4e2c2371d71c776b78767eb33740 Makefile.devel" ) ) } spids: [581] ) ] spids: [581] ) ] )