diff options
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/desktop.eclass | 346 | ||||
| -rw-r--r-- | eclass/fcaps.eclass | 19 | ||||
| -rw-r--r-- | eclass/selinux-policy-2.eclass | 204 | ||||
| -rw-r--r-- | eclass/toolchain.eclass | 10 |
4 files changed, 400 insertions, 179 deletions
diff --git a/eclass/desktop.eclass b/eclass/desktop.eclass index 2ab96ba6b770..299d3d6f739f 100644 --- a/eclass/desktop.eclass +++ b/eclass/desktop.eclass @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: desktop.eclass @@ -15,170 +15,268 @@ case ${EAPI} in *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; esac +# @ECLASS_VARIABLE: _DESKTOP_IDS +# @DEFAULT_UNSET +# @DESCRIPTION: +# Internal array containing any app-ids used by make_desktop_entry() calls. +# Lets us keep track of/avoid duplicate desktop file names. +_DESKTOP_IDS=() + # @FUNCTION: make_desktop_entry -# @USAGE: <command> [name] [icon] [type] [fields] +# @USAGE: [--eapi9] <command> [options] # @DESCRIPTION: -# Make a .desktop file. +# Make a .desktop file and install it in /usr/share/applications/. +# +# @CODE +# --eapi9: Switch to getopts style arguments instead of order based +# As the naming implies, this is off by default for EAPI=[78], +# but mandated by future EAPI. +# command: Exec command the app is being run with, also base for TryExec +# --- Options: +# name: Name that will show up in the menu; defaults to PN +# with --eapi9: must not contain arguments, use --args for that +# icon: Icon to use with the menu entry; defaults to PN +# this can be relative (to /usr/share/pixmaps) or +# a full path to an icon +# categories: Categories for this kind of application. Examples: +# https://specifications.freedesktop.org/menu-spec/latest/apa.html +# if unset, function tries to guess from package's category +# entry: Key=Value entry to append to the desktop file; +# with --eapi9: multiple allowed; old style: a printf string +# --- Additional parameters available using --eapi9: +# args: Arguments (binary params and desktop spec field codes) to add +# to Exec value, separated by a space if multiple +# desktopid: <desktopid>.desktop will be created. Must be same as "app id" +# defined in code (including reverse qualified domain if set); +# defaults to <command> +# comment: Comment (menu entry tooltip), defaults to DESCRIPTION +# @CODE # +# Example usage: # @CODE -# binary: what command does the app run with ? -# name: the name that will show up in the menu -# icon: the icon to use in the menu entry -# this can be relative (to /usr/share/pixmaps) or -# a full path to an icon -# type: what kind of application is this? -# for categories: -# https://specifications.freedesktop.org/menu-spec/latest/apa.html -# if unset, function tries to guess from package's category -# fields: extra fields to append to the desktop file; a printf string +# Deprecated, in order: +# <command> [name] [icon] [categories] [entries...] +# New style: +# --eapi9 <command> [-a args] [-d desktopid] [-C comment] [-i icon] +# --eapi9 <command> [-n name] [-e entry...] [-c categories] # @CODE make_desktop_entry() { - [[ -z $1 ]] && die "make_desktop_entry: You must specify the executable" + local eapi9 + if [[ -n ${1} ]]; then + case ${EAPI} in + 7|8) + if [[ ${1} == --eapi9 ]]; then + eapi9=1 + shift + fi + ;; + *) + if [[ ${1} == --eapi9 ]]; then + ewarn "make_desktop_entry: --eapi9 arg is obsolete in EAPI-${EAPI} and may be cleaned up now." + shift + fi + eapi9=1 + ;; + esac + fi + [[ -z ${1} ]] && die "make_desktop_entry: You must specify at least a command" + + if [[ ${eapi9} ]]; then + local args cats cmd comment desktopid entries icon name + while [[ $# -gt 0 ]] ; do + case "${1}" in + -a|--args) + args="${2}"; shift 2 ;; + -c|--categories) + cats="${2}"; shift 2 ;; + -C|--comment) + comment="${2}"; shift 2 ;; + -d|--desktopid) + desktopid="${2}"; shift 2 ;; + -e|--entry) + entries+=( "${2}" ); shift 2 ;; + -i|--icon) + icon="${2}"; shift 2 ;; + -n|--name) + name="${2}"; shift 2 ;; + *) + if [[ -z ${cmd} ]] ; then + cmd="${1}" + else + die "make_desktop_entry: Can only take one command! First got: ${cmd}; then got: ${1}" + fi + shift ;; + esac + done + [[ -z ${cmd} ]] && die "make_desktop_entry: You must specify at least a command" + [[ -z ${name} ]] && name=${PN} + [[ -z ${icon} ]] && icon=${PN} + else + local cmd=${1} + local name=${2:-${PN}} + local icon=${3:-${PN}} + local cats=${4} + local entries=${5} + fi - local exec=${1} - local name=${2:-${PN}} - local icon=${3:-${PN}} - local type=${4} - local fields=${5} + [[ -z ${comment} ]] && comment="${DESCRIPTION}" - if [[ -z ${type} ]] ; then + if [[ -z ${cats} ]] ; then local catmaj=${CATEGORY%%-*} local catmin=${CATEGORY##*-} case ${catmaj} in app) case ${catmin} in - accessibility) type="Utility;Accessibility";; - admin) type=System;; - antivirus) type=System;; - arch) type="Utility;Archiving";; - backup) type="Utility;Archiving";; - cdr) type="AudioVideo;DiscBurning";; - dicts) type="Office;Dictionary";; - doc) type=Documentation;; - editors) type="Utility;TextEditor";; - emacs) type="Development;TextEditor";; - emulation) type="System;Emulator";; - laptop) type="Settings;HardwareSettings";; - office) type=Office;; - pda) type="Office;PDA";; - vim) type="Development;TextEditor";; - xemacs) type="Development;TextEditor";; + accessibility) cats="Utility;Accessibility";; + admin) cats=System;; + antivirus) cats=System;; + arch) cats="Utility;Archiving";; + backup) cats="Utility;Archiving";; + cdr) cats="AudioVideo;DiscBurning";; + dicts) cats="Office;Dictionary";; + doc) cats=Documentation;; + editors) cats="Utility;TextEditor";; + emacs) cats="Development;TextEditor";; + emulation) cats="System;Emulator";; + laptop) cats="Settings;HardwareSettings";; + office) cats=Office;; + pda) cats="Office;PDA";; + vim) cats="Development;TextEditor";; + xemacs) cats="Development;TextEditor";; esac ;; dev) - type="Development" + cats="Development" ;; games) case ${catmin} in - action|fps) type=ActionGame;; - arcade) type=ArcadeGame;; - board) type=BoardGame;; - emulation) type=Emulator;; - kids) type=KidsGame;; - puzzle) type=LogicGame;; - roguelike) type=RolePlaying;; - rpg) type=RolePlaying;; - simulation) type=Simulation;; - sports) type=SportsGame;; - strategy) type=StrategyGame;; + action|fps) cats=ActionGame;; + arcade) cats=ArcadeGame;; + board) cats=BoardGame;; + emulation) cats=Emulator;; + kids) cats=KidsGame;; + puzzle) cats=LogicGame;; + roguelike) cats=RolePlaying;; + rpg) cats=RolePlaying;; + simulation) cats=Simulation;; + sports) cats=SportsGame;; + strategy) cats=StrategyGame;; esac - type="Game;${type}" + cats="Game;${cats}" ;; gnome) - type="Gnome;GTK" + cats="Gnome;GTK" ;; kde) - type="KDE;Qt" + cats="KDE;Qt" ;; mail) - type="Network;Email" + cats="Network;Email" ;; media) case ${catmin} in gfx) - type=Graphics + cats=Graphics ;; *) case ${catmin} in - radio) type=Tuner;; - sound) type=Audio;; - tv) type=TV;; - video) type=Video;; + radio) cats=Tuner;; + sound) cats=Audio;; + tv) cats=TV;; + video) cats=Video;; esac - type="AudioVideo;${type}" + cats="AudioVideo;${cats}" ;; esac ;; net) case ${catmin} in - dialup) type=Dialup;; - ftp) type=FileTransfer;; - im) type=InstantMessaging;; - irc) type=IRCClient;; - mail) type=Email;; - news) type=News;; - nntp) type=News;; - p2p) type=FileTransfer;; - voip) type=Telephony;; + dialup) cats=Dialup;; + ftp) cats=FileTransfer;; + im) cats=InstantMessaging;; + irc) cats=IRCClient;; + mail) cats=Email;; + news) cats=News;; + nntp) cats=News;; + p2p) cats=FileTransfer;; + voip) cats=Telephony;; esac - type="Network;${type}" + cats="Network;${cats}" ;; sci) case ${catmin} in - astro*) type=Astronomy;; - bio*) type=Biology;; - calc*) type=Calculator;; - chem*) type=Chemistry;; - elec*) type=Electronics;; - geo*) type=Geology;; - math*) type=Math;; - physics) type=Physics;; - visual*) type=DataVisualization;; + astro*) cats=Astronomy;; + bio*) cats=Biology;; + calc*) cats=Calculator;; + chem*) cats=Chemistry;; + elec*) cats=Electronics;; + geo*) cats=Geology;; + math*) cats=Math;; + physics) cats=Physics;; + visual*) cats=DataVisualization;; esac - type="Education;Science;${type}" + cats="Education;Science;${cats}" ;; sys) - type="System" + cats="System" ;; www) case ${catmin} in - client) type=WebBrowser;; + client) cats=WebBrowser;; esac - type="Network;${type}" + cats="Network;${cats}" ;; *) - type= + cats= ;; esac fi - local desktop_exec="${exec%%[[:space:]]*}" - desktop_exec="${desktop_exec##*/}" - local desktop_suffix="-${PN}" - [[ ${SLOT%/*} != 0 ]] && desktop_suffix+="-${SLOT%/*}" - # Replace foo-foo.desktop by foo.desktop - [[ ${desktop_suffix#-} == "${desktop_exec}" ]] && desktop_suffix="" - - # Prevent collisions if a file with the same name already exists #771708 - local desktop="${desktop_exec}${desktop_suffix}" count=0 - while [[ -e ${ED}/usr/share/applications/${desktop}.desktop ]]; do - desktop="${desktop_exec}-$((++count))${desktop_suffix}" - done - desktop="${T}/${desktop}.desktop" + if [[ ${eapi9} ]]; then + if [[ -z ${desktopid} ]]; then + if [[ ${cmd} =~ .+[[:space:]].+ ]]; then + die "make_desktop_entry: --desktopid must be provided when <command> contains a space" + fi + desktopid="${cmd##*/}" + fi + if [[ ! ${desktopid} =~ ^[A-Za-z0-9._-]+$ ]]; then + die "make_desktop_entry: <desktopid> must only consist of ASCII letters, digits, dash, underscore and dots" + fi + if [[ ${_DESKTOP_IDS[*]} =~ (^|[[:space:]])"${desktopid}"($|[[:space:]]) ]]; then + die "make_desktop_entry: desktopid \"${desktopid}\" already used in a previous call, choose a different one" + else + _DESKTOP_IDS+=( "${desktopid}" ) + fi + local desktop="${T}/${desktopid}.desktop" + else + local desktop_exec="${cmd%%[[:space:]]*}" + desktop_exec="${desktop_exec##*/}" + local desktop_suffix="-${PN}" + [[ ${SLOT%/*} != 0 ]] && desktop_suffix+="-${SLOT%/*}" + # Replace foo-foo.desktop by foo.desktop + [[ ${desktop_suffix#-} == "${desktop_exec}" ]] && desktop_suffix="" + + # Prevent collisions if a file with the same name already exists #771708 + local desktop="${desktop_exec}${desktop_suffix}" count=0 + while [[ -e ${ED}/usr/share/applications/${desktop}.desktop ]]; do + desktop="${desktop_exec}-$((++count))${desktop_suffix}" + done + desktop="${T}/${desktop}.desktop" + fi # Don't append another ";" when a valid category value is provided. - type=${type%;}${type:+;} + cats=${cats%;}${cats:+;} if [[ -n ${icon} && ${icon} != /* ]] && [[ ${icon} == *.xpm || ${icon} == *.png || ${icon} == *.svg ]]; then ewarn "As described in the Icon Theme Specification, icon file extensions are not" @@ -186,24 +284,46 @@ make_desktop_entry() { icon=${icon%.*} fi - cat <<-EOF > "${desktop}" || die - [Desktop Entry] - Name=${name} - Type=Application - Comment=${DESCRIPTION} - Exec=${exec} - TryExec=${exec%% *} - Icon=${icon} - Categories=${type} - EOF - - if [[ ${fields:-=} != *=* ]] ; then - # 5th arg used to be value to Path= - ewarn "make_desktop_entry: update your 5th arg to read Path=${fields}" - fields="Path=${fields}" + cat > "${desktop}" <<- _EOF_ || die + [Desktop Entry] + Type=Application + Name=${name} + Comment=${comment} + Icon=${icon} + Categories=${cats} + _EOF_ + + if [[ ${eapi9} ]]; then + local cmd_args="${cmd} ${args}" + cat >> "${desktop}" <<- _EOF_ || die + Exec=${cmd_args%[[:space:]]} + TryExec=${cmd} + _EOF_ + else + cat >> "${desktop}" <<- _EOF_ || die + Exec=${cmd} + TryExec=${cmd%% *} + _EOF_ fi - if [[ -n ${fields} ]]; then - printf '%b\n' "${fields}" >> "${desktop}" || die + + if [[ ${eapi9} && -n ${entries} ]]; then + local entry + for entry in ${entries[@]}; do + if [[ ${entry} =~ ^[A-Za-z0-9-]+=.* ]]; then + printf "%s\n" "${entry}" >> "${desktop}" || die + else + die "make_desktop_entry: <entry> \"${entry}\" rejected; must be passed a Key=Value pair" + fi + done + else + if [[ ${entries:-=} != *=* ]]; then + # 5th arg used to be value to Path= + ewarn "make_desktop_entry: update your 5th arg to read Path=${entries}" + entries="Path=${entries}" + fi + if [[ -n ${entries} ]]; then + printf '%b\n' "${entries}" >> "${desktop}" || die + fi fi ( diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass index 81c1ca62368c..0bbfc867716f 100644 --- a/eclass/fcaps.eclass +++ b/eclass/fcaps.eclass @@ -87,9 +87,8 @@ esac # The caps mode is used to set the permission on the file if capabilities # were properly set on the file. No change is applied by default. # -# If the system is unable to set capabilities, it will use the specified user, -# group, and mode. The user and group default to 0. If mode is unspecified, no -# change is applied. +# If capabilities are not sucessfully applied, the permissions on the file are +# updated according to the owner, group, and mode options, if provided. # # For example, "-m u+s" may be used to enable suid as a fallback when file caps # are unavailable. This should be used with care, typically when the @@ -103,8 +102,8 @@ fcaps() { fi # Process the user options first. - local owner='0' - local group='0' + local owner= + local group= local mode= local caps_mode= @@ -183,12 +182,12 @@ fcaps() { fi fi - # If we're still here, setcaps failed. + # If we're still here, setcaps failed or filecaps are disabled. + if [[ -n ${owner} || -n ${group} ]]; then + debug-print "${FUNCNAME}: setting owner on '${file}'" + chown "${owner}${group:+:}${group}" "${file}" || die + fi if [[ -n ${mode} ]]; then - if [[ -n ${owner} || -n ${group} ]]; then - debug-print "${FUNCNAME}: setting owner on '${file}'" - chown "${owner}:${group}" "${file}" || die - fi debug-print "${FUNCNAME}: setting mode on '${file}'" chmod ${mode} "${file}" || die fi diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass index 5ec7ff99ed74..739acc695cf3 100644 --- a/eclass/selinux-policy-2.eclass +++ b/eclass/selinux-policy-2.eclass @@ -7,7 +7,7 @@ # @ECLASS: selinux-policy-2.eclass # @MAINTAINER: # selinux@gentoo.org -# @SUPPORTED_EAPIS: 7 +# @SUPPORTED_EAPIS: 7 8 # @BLURB: This eclass supports the deployment of the various SELinux modules in sec-policy # @DESCRIPTION: # The selinux-policy-2.eclass supports deployment of the various SELinux modules @@ -19,7 +19,7 @@ # manageable. case ${EAPI} in - 7) ;; + 7|8) ;; *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; esac @@ -55,14 +55,16 @@ _SELINUX_POLICY_2_ECLASS=1 # (space-separated) or a bash array. : "${POLICY_FILES:=""}" -# @ECLASS_VARIABLE: POLICY_TYPES -# @DESCRIPTION: -# This variable informs the eclass for which SELinux policies the module should -# be built. Currently, Gentoo supports targeted, strict, mcs and mls. -# This variable is the same POLICY_TYPES variable that we tell SELinux -# users to set in make.conf. Therefore, it is not the module that should -# override it, but the user. -: "${POLICY_TYPES:="targeted strict mcs mls"}" +if [[ ${EAPI} == 7 ]]; then + # @ECLASS_VARIABLE: POLICY_TYPES + # @DESCRIPTION: + # This variable informs the eclass for which SELinux policies the module should + # be built. Currently, Gentoo supports targeted, strict, mcs and mls. + # This variable is the same POLICY_TYPES variable that we tell SELinux + # users to set in make.conf. Therefore, it is not the module that should + # override it, but the user. + : "${POLICY_TYPES:="targeted strict mcs mls"}" +fi # @ECLASS_VARIABLE: SELINUX_GIT_REPO # @DESCRIPTION: @@ -89,7 +91,13 @@ case ${BASEPOL} in EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy";; esac -IUSE="" +if [[ ${EAPI} == 7 ]]; then + IUSE="" +else + # Build all policy types by default + IUSE="+selinux_policy_types_targeted +selinux_policy_types_strict +selinux_policy_types_mcs +selinux_policy_types_mls" + REQUIRED_USE="|| ( selinux_policy_types_targeted selinux_policy_types_strict selinux_policy_types_mcs selinux_policy_types_mls )" +fi HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux" if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "9999" ]]; then @@ -114,13 +122,32 @@ PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2" # Modules should always depend on at least the first release of the # selinux-base-policy for which they are generated. if [[ -n ${BASEPOL} ]]; then + _BASE_POLICY_VERSION="${BASEPOL}" +else + _BASE_POLICY_VERSION="${PV}" +fi + +if [[ ${EAPI} == 7 ]]; then RDEPEND=">=sys-apps/policycoreutils-2.5 - >=sec-policy/selinux-base-policy-${BASEPOL}" + >=sec-policy/selinux-base-policy-${_BASE_POLICY_VERSION}" else RDEPEND=">=sys-apps/policycoreutils-2.5 - >=sec-policy/selinux-base-policy-${PV}" + selinux_policy_types_targeted? ( + >=sec-policy/selinux-base-policy-${_BASE_POLICY_VERSION}[selinux_policy_types_targeted] + ) + selinux_policy_types_strict? ( + >=sec-policy/selinux-base-policy-${_BASE_POLICY_VERSION}[selinux_policy_types_strict] + ) + selinux_policy_types_mcs? ( + >=sec-policy/selinux-base-policy-${_BASE_POLICY_VERSION}[selinux_policy_types_mcs] + ) + selinux_policy_types_mls? ( + >=sec-policy/selinux-base-policy-${_BASE_POLICY_VERSION}[selinux_policy_types_mls] + )" fi +unset _BASE_POLICY_VERSION + DEPEND="${RDEPEND}" BDEPEND=" sys-devel/m4 @@ -197,14 +224,26 @@ selinux-policy-2_src_prepare() { fi done - for i in ${POLICY_TYPES}; do - mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}" - cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \ - || die "Failed to copy Makefile.example to ${S}/${i}/Makefile" + _selinux_prepare_modules() { + mkdir "${S}"/${1} || die "Failed to create directory ${S}/${1}" + cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${1}/Makefile \ + || die "Failed to copy Makefile.example to ${S}/${1}/Makefile" - cp ${modfiles} "${S}"/${i} \ - || die "Failed to copy the module files to ${S}/${i}" - done + cp ${modfiles} "${S}"/${1} \ + || die "Failed to copy the module files to ${S}/${1}" + } + + if [[ ${EAPI} == 7 ]]; then + for i in ${POLICY_TYPES}; do + _selinux_prepare_modules $i + done + else + for i in targeted strict mcs mls; do + if use selinux_policy_types_${i}; then + _selinux_prepare_modules $i + fi + done + fi } # @FUNCTION: selinux-policy-2_src_compile @@ -213,16 +252,39 @@ selinux-policy-2_src_prepare() { # this for each SELinux policy mentioned in POLICY_TYPES selinux-policy-2_src_compile() { local makeuse="" + # We use IUSE instead of USE so that other variables set in the ebuild + # environment, such as architecture ones, are not included. for useflag in ${IUSE}; do + # Advance past a possible '+' character: that is NOT part of the USE flag, + # but instead indicates whether it is enabled by default. + useflag="${useflag##+}" + + # Only additional USE flags defined in our consumers should be added to + # build options: SELINUX_POLICY_TYPES should NOT be passed to the policy + # build system. + [[ "${useflag}" == selinux_policy_types_* ]] && continue + use ${useflag} && makeuse="${makeuse} -D use_${useflag}" done - for i in ${POLICY_TYPES}; do + _selinux_compile_modules() { # Support USE flags in builds export M4PARAM="${makeuse}" - emake NAME=$i SHAREDIR="${EPREFIX}"/usr/share/selinux -C "${S}"/${i} - done + emake NAME=$1 SHAREDIR="${EPREFIX}"/usr/share/selinux -C "${S}"/${1} + } + + if [[ ${EAPI} == 7 ]]; then + for i in ${POLICY_TYPES}; do + _selinux_compile_modules $i + done + else + for i in targeted strict mcs mls; do + if use selinux_policy_types_${i}; then + _selinux_compile_modules $i + fi + done + fi } # @FUNCTION: selinux-policy-2_src_install @@ -232,22 +294,34 @@ selinux-policy-2_src_compile() { selinux-policy-2_src_install() { local BASEDIR="/usr/share/selinux" - for i in ${POLICY_TYPES}; do - for j in ${MODS}; do - einfo "Installing ${i} ${j} policy package" - insinto ${BASEDIR}/${i} - if [[ -f "${S}/${i}/${j}.pp" ]] ; then - doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}" - elif [[ -f "${S}/${i}/${j}.cil" ]] ; then - doins "${S}"/${i}/${j}.cil || die "Failed to add ${j}.cil to ${i}" + _selinux_install_modules() { + for i in ${MODS}; do + einfo "Installing ${1} ${i} policy package" + insinto ${BASEDIR}/${1} + if [[ -f "${S}/${1}/${i}.pp" ]] ; then + doins "${S}"/${1}/${i}.pp || die "Failed to add ${i}.pp to ${1}" + elif [[ -f "${S}/${1}/${i}.cil" ]] ; then + doins "${S}"/${1}/${i}.cil || die "Failed to add ${i}.cil to ${1}" fi - if [[ "${POLICY_FILES[@]}" == *"${j}.if"* ]]; then - insinto ${BASEDIR}/${i}/include/3rd_party - doins "${S}"/${i}/${j}.if || die "Failed to add ${j}.if to ${i}" + if [[ "${POLICY_FILES[@]}" == *"${i}.if"* ]]; then + insinto ${BASEDIR}/${1}/include/3rd_party + doins "${S}"/${1}/${i}.if || die "Failed to add ${i}.if to ${1}" fi done - done + } + + if [[ ${EAPI} == 7 ]]; then + for i in ${POLICY_TYPES}; do + _selinux_install_modules $i + done + else + for i in targeted strict mcs mls; do + if use selinux_policy_types_${i}; then + _selinux_install_modules $i + fi + done + fi } # @FUNCTION: selinux-policy-2_pkg_postinst @@ -264,31 +338,31 @@ selinux-policy-2_pkg_postinst() { # build up the command in the case of multiple modules local COMMAND - for i in ${POLICY_TYPES}; do - if [[ "${i}" == "strict" ]] && [[ "${MODS}" = "unconfined" ]]; then + _selinux_postinst() { + if [[ "${1}" == "strict" ]] && [[ "${MODS}" = "unconfined" ]]; then einfo "Ignoring loading of unconfined module in strict module store."; continue; fi einfo "Inserting the following modules into the $i module store: ${MODS}" - cd "${ROOT}/usr/share/selinux/${i}" || die "Could not enter /usr/share/selinux/${i}" - for j in ${MODS} ; do - if [[ -f "${j}.pp" ]] ; then - COMMAND="${j}.pp ${COMMAND}" - elif [[ -f "${j}.cil" ]] ; then - COMMAND="${j}.cil ${COMMAND}" + cd "${ROOT}/usr/share/selinux/${1}" || die "Could not enter /usr/share/selinux/${1}" + for i in ${MODS} ; do + if [[ -f "${i}.pp" ]] ; then + COMMAND="${i}.pp ${COMMAND}" + elif [[ -f "${i}.cil" ]] ; then + COMMAND="${i}.cil ${COMMAND}" fi done - semodule ${root_opts} -s ${i} -i ${COMMAND} + semodule ${root_opts} -s ${1} -i ${COMMAND} if [[ $? -ne 0 ]]; then ewarn "SELinux module load failed. Trying full reload..."; - if [[ "${i}" == "targeted" ]]; then - semodule ${root_opts} -s ${i} -i *.pp + if [[ "${1}" == "targeted" ]]; then + semodule ${root_opts} -s ${1} -i *.pp else - semodule ${root_opts} -s ${i} -i $(ls *.pp | grep -v unconfined.pp); + semodule ${root_opts} -s ${1} -i $(ls *.pp | grep -v unconfined.pp); fi if [[ $? -ne 0 ]]; then ewarn "Failed to reload SELinux policies." @@ -302,7 +376,7 @@ selinux-policy-2_pkg_postinst() { ewarn "action since the new SELinux policies are not loaded until the" ewarn "command finished successfully." ewarn "" - ewarn "To reload, run the following command from within /usr/share/selinux/${i}:" + ewarn "To reload, run the following command from within /usr/share/selinux/${1}:" ewarn " semodule -i *.pp" ewarn "or" ewarn " semodule -i \$(ls *.pp | grep -v unconfined.pp)" @@ -314,7 +388,19 @@ selinux-policy-2_pkg_postinst() { einfo "SELinux modules loaded successfully." fi COMMAND=""; - done + } + + if [[ ${EAPI} == 7 ]]; then + for i in ${POLICY_TYPES}; do + _selinux_postinst $i + done + else + for i in targeted strict mcs mls; do + if use selinux_policy_types_${i}; then + _selinux_postinst $i + fi + done + fi # Don't relabel when cross compiling if [[ -z ${ROOT} ]]; then @@ -350,16 +436,28 @@ selinux-policy-2_pkg_postrm() { COMMAND="-r ${i} ${COMMAND}" done - for i in ${POLICY_TYPES}; do - einfo "Removing the following modules from the $i module store: ${MODS}" + _selinux_postrm() { + einfo "Removing the following modules from the $1 module store: ${MODS}" - semodule ${root_opts} -s ${i} ${COMMAND} + semodule ${root_opts} -s ${1} ${COMMAND} if [[ $? -ne 0 ]]; then ewarn "SELinux module unload failed."; else einfo "SELinux modules unloaded successfully." fi - done + } + + if [[ ${EAPI} == 7 ]]; then + for i in ${POLICY_TYPES}; do + _selinux_postrm $i + done + else + for i in targeted strict mcs mls; do + if use selinux_policy_types_${i}; then + _selinux_postrm $i + fi + done + fi fi } diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass index 2afa6df1295a..959e86e5d972 100644 --- a/eclass/toolchain.eclass +++ b/eclass/toolchain.eclass @@ -424,7 +424,7 @@ if tc_has_feature zstd ; then fi if tc_has_feature valgrind ; then - BDEPEND+=" valgrind? ( dev-debug/valgrind )" + DEPEND+=" valgrind? ( dev-debug/valgrind )" fi if [[ ${PN} != gnat-gpl ]] && tc_has_feature ada ; then @@ -1738,7 +1738,7 @@ toolchain_src_configure() { # build without a C library, and you can't build that w/o # already having a compiler... if ! is_crosscompile || \ - $(tc-getCPP ${CTARGET}) -E - <<<"#include <pthread.h>" >& /dev/null + $(unset CC; unset CPP; tc-getCPP ${CTARGET}) -E - <<<"#include <pthread.h>" >& /dev/null then confgcc+=( $(use_enable openmp libgomp) ) else @@ -1801,7 +1801,11 @@ toolchain_src_configure() { # We patch this in w/ PR66487-object-lifetime-instrumentation-for-Valgrind.patch, # so it may not always be available. if grep -q -- '--enable-valgrind-interop' "${S}"/libgcc/configure.ac ; then - confgcc+=( $(use_enable valgrind valgrind-interop) ) + if ! is_crosscompile || $(unset CC; unset CPP; tc-getCPP ${CTARGET}) -E - <<<"#include <valgrind/memcheck.h>" >& /dev/null ; then + confgcc+=( $(use_enable valgrind valgrind-interop) ) + else + confgcc+=( --disable-valgrind-interop ) + fi fi fi |