proj/gentoo: Initial commit

This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.

This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.

Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed

1 files changed, 208 insertions, 0 deletions

diff --git a/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch b/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
new file mode 100644
index 000000000000..8e523dcbf7e3
--- /dev/null
+++ b/sys-libs/libsemanage/files/0001-libsemanage-do-not-copy-contexts-in-semanage_migrate.patch
@@ -0,0 +1,208 @@
+From 9caebebd598de737f27cdc8d5253a2cebd67d5a9 Mon Sep 17 00:00:00 2001
+From: Jason Zaman <jason@perfinion.com>
+Date: Wed, 22 Apr 2015 18:27:09 +0400
+Subject: [PATCH] libsemanage: do not copy contexts in semanage_migrate_store
+
+The modules from the old store were previously copied to the new one
+using setfscreatecon and shutil.copy2(). Now that refpolicy has rules
+about the new policy location[1], copying the contexts is redundant.
+
+More importantly, the setcreatefscon caused a constraint violation[2]
+which made the migration fail. In python3, shutil.copy2() copies xattrs
+as well which again causes problems. shutil.copy() is enough for our
+needs here as it will copy the file and permissions in both py2 and 3.
+We do not need the extra things that copy2() does (mtime, xattr, etc).
+
+[1] http://oss.tresys.com/pipermail/refpolicy/2014-December/007511.html
+
+[2]
+type=AVC msg=audit(1429438272.872:1869): avc:  denied  { create } for  pid=28739 comm="semanage_migrat" name="strict" scontext=staff_u:sysadm_r:semanage_t tcontext=system_u:object_r:semanage_store_t tclass=dir permissive=0
+	constrain dir { create relabelfrom relabelto } ((u1 == u2 -Fail-)  or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
+allow semanage_t semanage_store_t:dir create;
+
+Signed-off-by: Jason Zaman <jason@perfinion.com>
+---
+ libsemanage/utils/semanage_migrate_store | 77 ++++++++------------------------
+ 1 file changed, 18 insertions(+), 59 deletions(-)
+
+diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
+index 03b492e..2f85e9c 100755
+--- a/libsemanage/utils/semanage_migrate_store
++++ b/libsemanage/utils/semanage_migrate_store
+@@ -8,7 +8,6 @@ import shutil
+ import sys
+ from optparse import OptionParser
+ 
+-import bz2
+ import ctypes
+ 
+ sepol = ctypes.cdll.LoadLibrary('libsepol.so')
+@@ -21,41 +20,20 @@ except:
+ 	exit(1)
+ 
+ 
+-
+-
+-# For some reason this function doesn't exist in libselinux :\
+-def copy_with_context(src, dst):
++def copy_file(src, dst):
+ 	if DEBUG:
+ 		print("copying %s to %s" % (src, dst))
+ 	try:
+-		con = selinux.lgetfilecon_raw(src)[1]
+-	except:
+-		print("Could not get file context of %s" % src, file=sys.stderr)
+-		exit(1)
+-
+-	try:
+-		selinux.setfscreatecon_raw(con)
+-	except:
+-		print("Could not set fs create context: %s" %con, file=sys.stderr)
+-		exit(1)
+-
+-	try:
+-		shutil.copy2(src, dst)
++		shutil.copy(src, dst)
+ 	except OSError as the_err:
+ 		(err, strerr) = the_err.args
+ 		print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr)
+ 		exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def create_dir_from(src, dst, mode):
++def create_dir(dst, mode):
+ 	if DEBUG: print("Making directory %s" % dst)
+ 	try:
+-		con = selinux.lgetfilecon_raw(src)[1]
+-		selinux.setfscreatecon_raw(con)
+ 		os.makedirs(dst, mode)
+ 	except OSError as the_err:
+ 		(err, stderr) = the_err.args
+@@ -65,28 +43,18 @@ def create_dir_from(src, dst, mode):
+ 			print("Error creating %s" % dst, file=sys.stderr)
+ 			exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def create_file_from(src, dst):
++def create_file(dst):
+ 	if DEBUG: print("Making file %s" % dst)
+ 	try:
+-		con = selinux.lgetfilecon_raw(src)[1]
+-		selinux.setfscreatecon_raw(con)
+ 		open(dst, 'a').close()
+ 	except OSError as the_err:
+ 		(err, stderr) = the_err.args
+ 		print("Error creating %s" % dst, file=sys.stderr)
+ 		exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def copy_module(store, name, con, base):
++def copy_module(store, name, base):
+ 	if DEBUG: print("Install module %s" % name)
+ 	(file, ext) = os.path.splitext(name)
+ 	if ext != ".pp":
+@@ -94,8 +62,6 @@ def copy_module(store, name, con, base):
+ 		print("warning: %s has invalid extension, skipping" % name, file=sys.stderr)
+ 		return
+ 	try:
+-		selinux.setfscreatecon_raw(con)
+-
+ 		if base:
+ 			root = oldstore_path(store)
+ 		else:
+@@ -105,7 +71,7 @@ def copy_module(store, name, con, base):
+ 
+ 		os.mkdir("%s/%s" % (bottomdir, file))
+ 
+-		copy_with_context(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
++		copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
+ 
+ 		# This is the ext file that will eventually be used to choose a compiler
+ 		efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600)
+@@ -116,15 +82,11 @@ def copy_module(store, name, con, base):
+ 		print("Error installing module %s" % name, file=sys.stderr)
+ 		exit(1)
+ 
+-	try:
+-		selinux.setfscreatecon_raw(None)
+-	except:
+-		print("Could not reset fs create context. May need to relabel system.", file=sys.stderr)
+ 
+-def disable_module(file, root, name, disabledmodules):
++def disable_module(file, name, disabledmodules):
+ 	if DEBUG: print("Disabling %s" % name)
+ 	(disabledname, disabledext) = os.path.splitext(file)
+-	create_file_from(os.path.join(root, name), "%s/%s" % (disabledmodules, disabledname))
++	create_file("%s/%s" % (disabledmodules, disabledname))
+ 
+ def migrate_store(store):
+ 
+@@ -138,17 +100,14 @@ def migrate_store(store):
+ 	print("Migrating from %s to %s" % (oldstore, newstore))
+ 
+ 	# Build up new directory structure
+-	create_dir_from(oldstore, "%s/%s" % (newroot_path(), store), 0o755)
+-	create_dir_from(oldstore, newstore, 0o700)
+-	create_dir_from(oldstore, newmodules, 0o700)
+-	create_dir_from(oldstore, bottomdir, 0o700)
+-	create_dir_from(oldstore, disabledmodules, 0o700)
+-
+-	# use whatever the file context of bottomdir is for the module directories
+-	con = selinux.lgetfilecon_raw(bottomdir)[1]
++	create_dir("%s/%s" % (newroot_path(), store), 0o755)
++	create_dir(newstore, 0o700)
++	create_dir(newmodules, 0o700)
++	create_dir(bottomdir, 0o700)
++	create_dir(disabledmodules, 0o700)
+ 
+ 	# Special case for base since it was in a different location
+-	copy_module(store, "base.pp", con, 1)
++	copy_module(store, "base.pp", 1)
+ 
+ 	# Dir structure built, start copying files
+ 	for root, dirs, files in os.walk(oldstore):
+@@ -161,7 +120,7 @@ def migrate_store(store):
+ 						newname = "seusers.local"
+ 					else:
+ 						newname = name
+-					copy_with_context(os.path.join(root, name), os.path.join(newstore, newname))
++					copy_file(os.path.join(root, name), os.path.join(newstore, newname))
+ 
+ 		elif root == oldmodules:
+ 			# This should be the modules directory
+@@ -171,9 +130,9 @@ def migrate_store(store):
+ 					print("Error installing module %s, name conflicts with base" % name, file=sys.stderr)
+ 					exit(1)
+ 				elif ext == ".disabled":
+-					disable_module(file, root, name, disabledmodules)
++					disable_module(file, name, disabledmodules)
+ 				else:
+-					copy_module(store, name, con, 0)
++					copy_module(store, name, 0)
+ 
+ def rebuild_policy():
+ 	# Ok, the modules are loaded, lets try to rebuild the policy
+@@ -287,7 +246,7 @@ if __name__ == "__main__":
+ 		"preserve_tunables" ]
+ 
+ 
+-	create_dir_from(oldroot_path(), newroot_path(), 0o755)
++	create_dir(newroot_path(), 0o755)
+ 
+ 	stores = None
+ 	if TYPE is not None:
+-- 
+2.0.5
+