├── .dockerignore ├── .github └── workflows │ └── main.yml ├── .gitignore ├── Dockerfile ├── README.md ├── _pgp_cache ├── 296D6F29A020808E8717A8842DB5BD89A340AEB7.asc ├── 3C8672A0F49637FE064AC30F52A43A1E4B77B059.asc ├── 59C2118ED206D927E667EBE3D3E5F56B6D920D30.asc ├── 59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB.asc ├── 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc ├── 5D2FB320B825D93904D205193938F96BDF50FEA5.asc ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc ├── 63CDA1E5D3FC22B998D20DD6327F26951A015CC4.asc ├── 647F28654894E3BD457199BE38DBBDC86092693E.asc ├── 66D0387DB85D320F8408166DB175CFA98F192AF2.asc ├── 6C37DC12121A5006BC1DB804DF6FD971306037D9.asc ├── 7168B983815A5EEF59A4ADFD2A3F414E736060BA.asc ├── 8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB.asc ├── 8ECCDF12100AD84DA2EE7EBFC78CE737A3C3E28E.asc ├── 992A96E075056E79CD8214F9873DB37572A37B36.asc ├── 9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc ├── 9F6FC345B05BE7E766B83C8F80A77F6095CDE47E.asc ├── A2FF3A36AAA56654109064AB19802F8B0D70FC30.asc ├── A5189DB69C1164D33002936646502EF796917195.asc ├── A9348594CE31283A826FBDD8D57633D441E25BB5.asc ├── A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E.asc ├── ABAF11C65A2970B130ABE3C479BE3E4300411886.asc ├── B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284.asc ├── B8682847764DF60DF52D992CBC3905F235179CF1.asc ├── BE5FBC8C9C1C9F60A4F0AEAE7A4F3A09EBDEFF26.asc ├── DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90.asc └── E853C1848B0185CF42864DF363A8AD4B982C4373.asc ├── _vagrant ├── README.md ├── Vagrantfile ├── install_local_refpolicy.sh ├── step1_install_and_configure.sh ├── step2_relabel.sh ├── vagrant-custom.cil └── vagrant-reload.rb ├── base-devel-selinux ├── .SRCINFO └── PKGBUILD ├── base-selinux ├── .SRCINFO └── PKGBUILD ├── base_pkglist.txt ├── build.sh ├── build_and_install_all.sh ├── build_cleanpkg.sh ├── checkpolicy ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── clean.sh ├── commit_update.sh ├── compare_base.py ├── coreutils-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── PKGBUILD └── keys │ └── pgp │ └── 6C37DC12121A5006BC1DB804DF6FD971306037D9.asc ├── cronie-selinux ├── .SRCINFO ├── 80-cronie.hook ├── PKGBUILD ├── cron-deny ├── cronie-1.7.2-fix-for-gcc15.patch ├── crontab └── default-anacron ├── dbus-broker-selinux ├── .SRCINFO ├── 0001-units-Enable-statically.patch ├── PKGBUILD └── keys │ └── pgp │ └── BE5FBC8C9C1C9F60A4F0AEAE7A4F3A09EBDEFF26.asc ├── dbus-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── 0001-Arch-Linux-tweaks.patch ├── PKGBUILD ├── dbus-reload.hook └── keys │ └── pgp │ └── DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90.asc ├── export_pgp_keys_in_cache.sh ├── findutils-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── PKGBUILD └── keys │ └── pgp │ └── A5189DB69C1164D33002936646502EF796917195.asc ├── iproute2-selinux ├── .SRCINFO ├── .nvchecker.toml ├── 0001-make-iproute2-fhs-compliant.patch ├── 0002-bdb-5-3.patch ├── PKGBUILD └── keys │ └── pgp │ └── 9F6FC345B05BE7E766B83C8F80A77F6095CDE47E.asc ├── libselinux ├── .SRCINFO ├── PKGBUILD ├── keys │ └── pgp │ │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc └── libselinux.tmpfiles.d ├── libsemanage ├── .SRCINFO ├── PKGBUILD ├── keys │ └── pgp │ │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── libsemanage.install └── semanage.conf ├── libsepol ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── local-pacman.conf ├── logrotate-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── PKGBUILD ├── keys │ └── pgp │ │ ├── 8ECCDF12100AD84DA2EE7EBFC78CE737A3C3E28E.asc │ │ └── 992A96E075056E79CD8214F9873DB37572A37B36.asc └── logrotate.conf ├── mcstrans ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── merge_aur.sh ├── namcap_all.sh ├── openssh-selinux ├── .SRCINFO ├── .nvchecker.toml ├── 70-openssh-restart-sshd.hook ├── 99-archlinux.conf ├── PKGBUILD ├── keys │ └── pgp │ │ └── 7168B983815A5EEF59A4ADFD2A3F414E736060BA.asc ├── openssh.tmpfiles ├── ssh-agent.service ├── sshd.pam ├── sshd.service └── sshdgenkeys.service ├── pam-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── PKGBUILD ├── keys │ └── pgp │ │ ├── 296D6F29A020808E8717A8842DB5BD89A340AEB7.asc │ │ └── 8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB.asc └── pam.tmpfiles ├── pambase-selinux ├── .SRCINFO ├── PKGBUILD ├── other ├── system-auth ├── system-local-login ├── system-login ├── system-remote-login └── system-services ├── policycoreutils ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── psmisc-selinux ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ └── 5D2FB320B825D93904D205193938F96BDF50FEA5.asc ├── recv_gpg_keys.sh ├── restorecond ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── secilc ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── selinux-alpm-hook ├── .SRCINFO ├── PKGBUILD ├── follow_hook.py ├── hook_tracking_db.txt ├── relabel-selinux.hook └── selinux-alpm-hook ├── selinux-dbus-config ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── selinux-gui ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── selinux-python ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── selinux-refpolicy-arch ├── .SRCINFO ├── .gitignore ├── PKGBUILD ├── config └── selinux-refpolicy-arch.install ├── selinux-refpolicy-git ├── .SRCINFO ├── .gitignore ├── PKGBUILD ├── config └── selinux-refpolicy-git.install ├── selinux-refpolicy-src ├── .SRCINFO └── PKGBUILD ├── selinux-sandbox ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── semodule-utils ├── .SRCINFO ├── PKGBUILD └── keys │ └── pgp │ ├── 63191CE94183098689CAB8DB7EF137EC935B0EAF.asc │ └── 68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc ├── sepolgen ├── .SRCINFO └── PKGBUILD ├── setools ├── .SRCINFO ├── 0001-setup.py-Move-static-definitions-to-pyproject.toml.patch └── PKGBUILD ├── setroubleshoot ├── .SRCINFO ├── PKGBUILD ├── setroubleshoot-sysusers.conf ├── setroubleshoot.logrotate └── setroubleshoot.tmpfiles ├── shadow-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── 0001-Disable-replaced-tools-their-man-pages-and-PAM-integ.patch ├── 0002-Adapt-login.defs-for-PAM-and-util-linux.patch ├── 0003-Add-Arch-Linux-defaults-for-login.defs.patch ├── PKGBUILD ├── keys │ └── pgp │ │ ├── 66D0387DB85D320F8408166DB175CFA98F192AF2.asc │ │ └── A9348594CE31283A826FBDD8D57633D441E25BB5.asc ├── shadow.service ├── shadow.sysusers ├── shadow.timer ├── shadow.tmpfiles └── useradd.defaults ├── sudo-selinux ├── .SRCINFO ├── PKGBUILD ├── keys │ └── pgp │ │ └── 59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB.asc ├── sudo.install ├── sudo.pam └── sudo_logsrvd.service ├── sync_srcinfos.sh ├── systemd-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── 0001-Use-Arch-Linux-device-access-groups.patch ├── 20-systemd-sysusers.hook ├── 30-systemd-binfmt.hook ├── 30-systemd-catalog.hook ├── 30-systemd-daemon-reload-system.hook ├── 30-systemd-daemon-reload-user.hook ├── 30-systemd-hwdb.hook ├── 30-systemd-restart-marked.hook ├── 30-systemd-sysctl.hook ├── 30-systemd-tmpfiles.hook ├── 30-systemd-udev-reload.hook ├── 30-systemd-update.hook ├── PKGBUILD ├── arch.conf ├── keys │ └── pgp │ │ ├── 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc │ │ ├── 63CDA1E5D3FC22B998D20DD6327F26951A015CC4.asc │ │ ├── 9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc │ │ └── A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E.asc ├── loader.conf ├── systemd-hook ├── systemd-user.pam └── systemd.install ├── ustr-selinux ├── .SRCINFO ├── 0001-Fix-the-prototype-of-ustrp_utf8_valid.patch ├── 0002-Mark-inline-functions-as-static-to-fix-build-with-GC.patch └── PKGBUILD └── util-linux-selinux ├── .SRCINFO ├── .gitignore ├── .nvchecker.toml ├── 60-rfkill.rules ├── PKGBUILD ├── keys └── pgp │ └── B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284.asc ├── pam-common ├── pam-login ├── pam-remote ├── pam-runuser ├── pam-su ├── rfkill-block_.service ├── rfkill-unblock_.service ├── util-linux-BSD-2-Clause.txt └── util-linux.sysusers /.dockerignore: -------------------------------------------------------------------------------- 1 | # Do not copy to the container the .git directory or Docker files 2 | .git/ 3 | Dockerfile 4 | .dockerignore 5 | 6 | # .gitignore 7 | *~ 8 | *.part 9 | 10 | */src 11 | */pkg 12 | */*x86_64.pkg.tar.xz 13 | */*x86_64.pkg.tar.xz.sig 14 | */*x86_64.pkg.tar.zst 15 | */*x86_64.pkg.tar.zst.sig 16 | */*any.pkg.tar.xz 17 | */*any.pkg.tar.xz.sig 18 | */*any.pkg.tar.zst 19 | */*any.pkg.tar.zst.sig 20 | */*.src.tar.gz 21 | 22 | base-noselinux/ 23 | .pacman-db/ 24 | _vagrant/.vagrant/ 25 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | *.asc 3 | *.bz2 4 | *.gz 5 | *.log 6 | *.orig 7 | *.rej 8 | *.sig 9 | *.sign 10 | *.part 11 | *.xz 12 | *.zst 13 | 14 | */src 15 | */pkg 16 | 17 | !/_pgp_cache/*.asc 18 | !/*/keys/pgp/*.asc 19 | 20 | /base-noselinux/ 21 | /.pacman-db/ 22 | /_vagrant/.vagrant/ 23 | 24 | /setools/????????????????????????????????????????.patch 25 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Build SELinux packages for Arch linux in Docker/Podman container 2 | 3 | # Usage: 4 | # sudo docker build -t arch-selinux-build . 5 | # or 6 | # podman build -t arch-selinux-build . 7 | # 8 | # Once the container is built, you can get the packages in "pkgs" directory with: 9 | # sudo docker run -v "$(pwd)/pkgs:/packages" --rm -ti arch-selinux-build 10 | # or 11 | # podman run -v "$(pwd)/pkgs:/packages" --rm -ti arch-selinux-build 12 | 13 | # Use official Arch Linux Docker image: 14 | # https://gitlab.archlinux.org/archlinux/archlinux-docker 15 | FROM docker.io/archlinux/archlinux:latest 16 | LABEL Description="Build SELinux packages for Arch Linux" 17 | 18 | COPY . /startdir 19 | 20 | # * Install base packages which needed to build SELinux packages, 21 | # upgrading the system because mirrors remove older versions of package and 22 | # weird issues can occur for example when python or ruby is up to date but not 23 | # their dependencies (like libxcrypt, openssl, etc.). 24 | # * Configure the system to be able to build packages as builduser, like makechrootpkg: 25 | # https://github.com/archlinux/devtools/blob/20200407/makechrootpkg.in#L155 26 | # * Sync GPG keys used to verify package sources 27 | # * Build and install every package, using /build as build directory 28 | # * Remove temporary files 29 | RUN \ 30 | pacman -q --noconfirm -Syu base base-devel expect git && \ 31 | pacman --noconfirm -Sc && \ 32 | rm -rf /var/cache/pacman/pkg/* && \ 33 | ln -sf /usr/share/zoneinfo/UTC /etc/localtime && \ 34 | useradd -g users -m builduser && \ 35 | echo 'builduser ALL=(ALL) NOPASSWD: /usr/bin/pacman' >> /etc/sudoers && \ 36 | echo 'builduser ALL=(ALL) NOPASSWD: /usr/bin/sh -c { pacman --noconfirm --ask=4 -U sudo-selinux/sudo-selinux-*.pkg.tar.zst && if test -e /etc/sudoers.pacsave ; then mv /etc/sudoers.pacsave /etc/sudoers ; fi }' >> /etc/sudoers && \ 37 | echo 'MAKEFLAGS="-j$(nproc)"' >> /etc/makepkg.conf && \ 38 | echo 'BUILDDIR=/build' >> /etc/makepkg.conf && \ 39 | echo 'LOGDEST=/logdest' >> /etc/makepkg.conf && \ 40 | mkdir /packages /build /logdest && \ 41 | chown -R builduser /startdir /packages /build /logdest && \ 42 | sudo -u builduser /startdir/clean.sh && \ 43 | sudo -u builduser /startdir/recv_gpg_keys.sh && \ 44 | sudo -u builduser /startdir/build_and_install_all.sh && \ 45 | rm -rf /startdir/*/src/ /startdir/*/pkg/ && \ 46 | pacman --noconfirm -Sc && rm -rf /var/cache/pacman/pkg/* 47 | 48 | WORKDIR /startdir 49 | 50 | # Copy packages to /packages when running, so that they can be easily exported. 51 | CMD ["sh", "-c", "cp /startdir/*/*.pkg.tar.zst /packages"] 52 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![build](https://github.com/archlinuxhardened/selinux/workflows/Build/badge.svg) 2 | 3 | PKGBUILDs for SELinux support in Arch Linux 4 | =========================================== 5 | 6 | Complete documentation will soon be available at: 7 | https://wiki.archlinux.org/index.php/SELinux 8 | 9 | Authors 10 | ------- 11 | 12 | Authors are credited in the PKGBUILD file for each package. 13 | 14 | Binary repository 15 | ----------------- 16 | 17 | The releases page functions as a pacman repository. It can also be used when 18 | installing Arch Linux using `base-selinux` -package instead of plain `base`. 19 | 20 | To use it, add the following lines to your `/etc/pacman.conf`: 21 | ``` 22 | [selinux] 23 | Server = https://github.com/archlinuxhardened/selinux/releases/download/ArchLinux-SELinux 24 | SigLevel = Never 25 | ``` 26 | While the repository remains unsigned, SigLevel has to be set to Never. 27 | 28 | Build order 29 | ----------- 30 | 31 | Remember to build as a non-root user, and to keep a root logged-in console to 32 | install packages (especially for sudo/shadow/pam packages). 33 | 34 | First, we build all packages from the SELinux userspace project. They do not 35 | replace any official Arch Linux packages: 36 | 37 | * libsepol 38 | * libselinux 39 | * secilc 40 | * checkpolicy 41 | * setools 42 | * libsemanage 43 | * semodule-utils 44 | * policycoreutils 45 | * selinux-dbus-config 46 | * selinux-gui 47 | * selinux-python 48 | * selinux-sandbox 49 | * mcstrans 50 | * restorecond 51 | 52 | This makes it possible to install a pacman hook which relabels files when installing and updating packages: 53 | * selinux-alpm-hook 54 | 55 | Now we start replacing core packages: 56 | 57 | * pambase-selinux 58 | * pam-selinux 59 | * coreutils-selinux shadow-selinux cronie-selinux sudo-selinux 60 | * util-linux-selinux 61 | * systemd-selinux 62 | * logrotate-selinux 63 | * dbus-selinux 64 | 65 | Optional but very nice to have: 66 | * openssh-selinux findutils-selinux iproute2-selinux psmisc-selinux 67 | 68 | Policy 69 | ------ 70 | 71 | There is not yet a SELinux policy for Arch. To build a policy, here are some useful links: 72 | 73 | * https://github.com/SELinuxProject/refpolicy The Reference Policy 74 | * https://github.com/pebenito/refpolicy ongoing work to include a systemd policy in the refpolicy (announcement: http://oss.tresys.com/pipermail/refpolicy/2014-October/007430.html) 75 | * http://anonscm.debian.org/cgit/selinux/refpolicy.git/tree/debian/patches Debian patches for refpolicy package (including systemd patches) 76 | * https://github.com/selinux-policy/selinux-policy/tree/rawhide-base Fedora policy 77 | -------------------------------------------------------------------------------- /_pgp_cache/5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5s 4 | oJjlMyfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2 5 | Cjk3xUwAynCsSsgg5KrjdYWRqLSTZ3zEABm/gNg6OgA5l6QU+geXcQ9+P285WoUu 6 | j0j7HN6T217Bd+RcVxNWOMxsqx+b0rjWa8db1KiwM95wddCwzMPB2S/6IswD1P8n 7 | VfGnkgp7pfoTyMuDkVU6hmO5RHq9M26eNoQ4sJZuXe5YjODnjgxkKKilFLY8hUkj 8 | wa1VPrx4QnTwzIn16JlUO03At9tpe+9SnShDV0cBlHxo3DhnHmCPWJ0HquLGpdDV 9 | i8d9tn0nlit96z9Svb9ii6Uq/J8zR1Bp+hxCMN/ON1c4U+cf1jfADPO5c3KV89y5 10 | wvvQvzjTjuzVolR4ZZmkNSql+4vspo94JrssymEv9WWiMJyOjN50QhLbgmWiuzYj 11 | odZiL0CTB4MAC+hTrDZrZfyAnbAttBLfNWd/jcdK+AGVRXtqU997sZPzj8z3b7v2 12 | N5YJqgm2aQTiDehtHtHDJ8rKh7kcsssnhzzoZluTKl96JHgllFWUC6sedAFVxHDm 13 | b7cxb+Sr0krwbt22is+41gPCuoz1MRKwQYQPTYgcCzX/PzyOHj6KEYZCIQARAQAB 14 | tDBaYmlnbmlldyBKxJlkcnplamV3c2tpLVN6bWVrIDx6YnlzemVrQGluLndhdy5w 15 | bD6JAjgEEwECACIFAlBHPMsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ 16 | EMVMozbP61V+T80QAIHvIeDdKKrqiN98ob+aNe4McpqXWgiLoDMWaxQ7R8K+2Uia 17 | HMn2J6abhKidvUr7mnixkyBZaRxi1JiT8uzX4HTQ3B/UVJgf2QiRHRvZpdSVn7O7 18 | OF0u4SqH6BEw5UaA30hMWtgz7m6aXSAN1aitd4efgKjBYKtfsHJ63HhFrpJyIyOG 19 | g0eLGObXJxjW04cUbzPoCoNuFcpphzW3WhdaJ5PXblfjNxWxKzwvAzRhevDjrrKU 20 | 4jARNAIkLUMi4gUoC+7th6ATGWjYV8iOvju1cLExn8ktYMZl+BhbkYiRMddMZaZ/ 21 | nY2T2SqQ8kkEXJyY6SNtd/BWuCPyt0RlTgPSK4SK9JGArVJ/PSXJrn53JUl1MUc4 22 | /75JE2KEBPkN4jQpeshlPfm0mzo/+opyi6iyVnPTZT7m7r9P7Vxc18J+IlPdfl0w 23 | s0YPnR+0oUvo370zoNqqhJ9aNU+5d4VCPUHVIvEWEF3MHuXHKq0mnnI/4jJMvZn3 24 | 0+okZZfYABYXkMZVTA0XprkIxZm38X9s/uw886xvMqPh8fhqpVdTHD5/2h8ahkMM 25 | G1zKs6W6gCfM7gYh+BT37Ce1szo/7RHtbvYq5BTwcWXhpSKzywluRe6rYUPJ0MCZ 26 | 17Jk6AXStD1aRYS6rCykryRL0OvMz/4Gd8f+dcQjg5Si23mAj8VJtyrX1MaXuQIN 27 | BFBHPMsBEACtDR2e2G4uL/MKtDsJu3cwQFlK9kmGEX4UqePBc29xn1BTfU6o1Y4p 28 | AXRoLrGvXuVruOwznNdkpjF8kb1BpO/li8qNU6LKyv2n9Hyg0bxRQA24TVC4bF4m 29 | fdqaGGYLqxe3iXI/TRmhsmiSg7WoEWxj0NEaEjydTAieT4kz2ASCYtnzhGM8iS2T 30 | e+scUXYcGNyE2nPjiacJGiLeKiOj21+j6sICTrKX8TAcXSU7btPEy2IIocxBoxZe 31 | Ofp0rNw4293cLVu0kEasB4h43lE1Uax7JYX1q9LC4TkqLaLDa3YyDGvK2FOPNNIr 32 | sKcoYG6Y43DcmaSPZCJ1ApVvoxPct7UI+EYy9VBu3wwY0obRadweXSNgscZZNvEx 33 | ZgdjRXJypv8A9A+nvc2xBMWw/9fAlHzrpjds+3Z2RxbGC4Qav/sdP0WqQZ8xo5U2 34 | YPxBSHwWCjSxvQWcoDLLOgMlB05oheR2g1VDk4QA+AXDwmxurpvJLh/fyX3mi7nP 35 | VUynTLV/UeWaXbZneh+mT3Lc1ZVYnntSoZv7aYQqnA+a2ajm08lVMmpb5v8L7Zia 36 | dvW2xptVATlWI1DeBTyNwZYyx7GuUsfFTSyQJixtjuWim0acpqNUp8z6TgXj02Ht 37 | Rfk9SwzvBCgJT5mWoGlSu04FR/0pn5ReVCM8RSb6/HOROnrfswGeGQARAQABiQIf 38 | BBgBAgAJBQJQRzzLAhsMAAoJEMVMozbP61V+qg8P/1BuLn6+bVgDdye37GV4kXSV 39 | xB5SQZj8ElwTj+daWq8ZEIoZ0ySyRz2uC7Haeh5XulF1hj13AYfM4Ary9Whx9hCQ 40 | 98D4+JK5eiagBuSpIApCkQk+jj44q7VKLanyZV0kWRNBSfr0TnE6GoBSL1gTjpsq 41 | t/mUR2R5zgCE59Ex4HHBwvosIcXgGopbPGNtX9S4Rm7f2wWOSdXGc6pfnuFsVtkb 42 | k8z+uITyK3WX+jHiW5JRgyHWaFyYqwDjds8q0LkmIL80scPa3sEl9QzfT7+7xqcv 43 | iKfemg6XgCwYmSOhPHSK/E6MIC6Wb4QY6H3ixCuMfaic6AsB4sH4vFPoPnJWmIGm 44 | QlU3L1UJz4VNvzCaClaxWPa5nZZAWyFRMof4VtO2Q1LTZa6NQbGNFRRLPDBXpcOq 45 | CNicjZjSaHO9Zxp/V+9W9GgH6u7i/eAnxifwUFvN0BfkwbDnp4BNyvyA+fpZ4oPW 46 | InygfP1P/fvALssBvJjo/q6eZ4b5O11Ut/13JzO4IYNISK8uKnt5AbU9YUnSKClg 47 | 1MtTRlBCD3v+UYy102F7p8rJnVTHelfgmjP9UPhP7AUwZ0UQYq9QypNeoRvR4GjL 48 | /3Yz53yHFeYaN/lBglm4jNQOmHTQSibvz8lx8ALGbLxTaUr8j+UG4Gu2z3tFpYo0 49 | NHq9Ahd8L7JVIsbKtcoP 50 | =a25g 51 | -----END PGP PUBLIC KEY BLOCK----- 52 | -------------------------------------------------------------------------------- /_pgp_cache/8ECCDF12100AD84DA2EE7EBFC78CE737A3C3E28E.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFmr5WEBEACsbVDGAx8dLby3CUhMGsi2AzWSqejm+98B5OWiOFJ0VqDY2TB7 4 | T3dDy5Pb3X7tgp8QZGi8xwpQlw1iF0jYRxzp8MyB56ikNOpMBhxJPPcPpAy0cha+ 5 | 4nLlvCsvUQgYdKOqfHEHMEYohB5p0h/68P7VUydk1iTc9IbMXhpXyF/jwTuN0aV2 6 | WqzF4261MRVmQJoOFDHFd9F/6YdE4GP0vyuuLewPNARVVYqWsjM6Eun0OxN0sjfD 7 | /KZ5e5Icwt6AlQZmHE7NRF38okVeVE2hPQ/prLeFYzp+wmACB/ryF1PWIrAID+VX 8 | Ba/cLN5VRNFCCfHGAAiqQizWgdUvvXn/DWjRDhA3/Gm0vwCb4kv2OvaJMg/RyRw/ 9 | Gw5qjpuMBbuVKH7yw5YKeJSWU/gd+oiJOlojeO2K2bqeRHxQOfjtNhJtCSnmuQ+3 10 | Tv97uy2owdqOmIYh57Gjf4C2IqPPpm3dUwCHtr1ApX9pQurGPvKtPCIuy/1jSsv7 11 | EyQvu6RLlmreQb/WNCVp3hUcceKyXPxx+6+nu1TZd7PMK1jnBKeipkqQaaaI/Wzi 12 | OVM6TZVRfiem8TmS+hRcm2nTOzbH6ZQVEoXLyMSqBMB4wr74lYF3tr20LRRs9jq5 13 | 3U71ryPHe+ancLhF4feJI//wUM7/OgZSsAytnoPD9Mmk0PccLkiZ/rcKIwARAQAB 14 | tCxDaHJpc3RpYW4gR8O2dHRzY2hlIDxjZ3pvbmVzQGdvb2dsZW1haWwuY29tPokC 15 | VAQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBI7M3xIQCthNou5+ 16 | v8eM5zejw+KOBQJk4NJ2BQkNFiCVAAoJEMeM5zejw+KOH6wP/RPcpnK4zTn5CI2D 17 | kUbRz/ioACq2PkUDcN1xnay5hQtMNGZ9+W+pIwwyQ5xBAkqwaAfBbi/4D/uEovRQ 18 | eSgXtTooMa3pS169gwxPnrXByB2dc9bOTC1t+kDe9zWIpf2Zvx7PewS7NghlQTrW 19 | ueOUeP9Y309S8bSSdvqV57LILYJUPiHWj4dWXMEvCndzPgAaWoyqpKhwKLg1GVbE 20 | ABnczjLqtuCRSmWvQ5MPES+LuSN1HNTIHGkBu2A7NyjwZDNNMIa+3rizZ+7SE1hU 21 | LQooylD/0xRtFLF+9v6lwbjfawqFT1PoUvUozJa+SYbxGI1AJIhcGtYOSA2jR1z+ 22 | /HIztWcug5lNRtywJyBsJ8KXNh1e0U8N2Xr1tMd/m0XHkFnElZq8cyJCi9qbXnFE 23 | aFN4Ts5/VbN6CZOUOEdau/OmJUHyPRGclUwh4E+znfBj63pkK8xFhh+23tX2oQ8I 24 | kM5JP07xWae36nPttFxwNADXJueXFh22cSnb87w4nQbave90PEaDaQQ7PPT4HneE 25 | rY/AHq40VXn38A4NtB1Hi03pMxzwGntYp4mg8qumebeNNavwwykqF/EjSDa2W0+8 26 | zQ58SpxjUwPo1UVc4yoMTVFFl1g60nwXkuBHJsljLIq3YgbeTq8Kx26+DBxMnsrY 27 | bORjhv6jw9jhKYNUy88IlZYCretduQINBFmr5WEBEADR7DRcyFe5dFk9ZWzlHRoE 28 | 1ehf3I3T5/oS8285I4xQ95ga1GWqo7OaOQJXkz0iihcdpQ0JYDE02r4YdaCbkXx6 29 | skGk+jNyMKVopc8Wl2qt1i3nzztxkjshK1mxYFHBFNit/pEm6pW/XfPozvRcnxVw 30 | 1H0udG/MQM8Qaa10uOy86dNlUYiXgXj7tkWEzr33swIcqEyGWdBTA6e1T6JhNs+b 31 | nqyliOPunpUaUNoTuFAEP6ALlkrNG2j7WjK80AmFMjpYsRu9MMXxLu/ZXmie/3dz 32 | e+qub46LItXFIlVwAciNHmdzHEOqS3uBwgZ95ChJbcbAUOz6zVjNGckJf0xvz1qt 33 | qjS6ZUVdSf4eubtAAQETsQ3IVF84zqJZFsXSG4A0A9cpzY85GiFq6b1MPUaJUDBX 34 | YDAnlEzg95wOxWiLJ2FYWsTBxmW3jFZPlTi/1V+qhQ3zDDwJjdMGKRgvSxeLB0Vd 35 | lXHYju3eO/ata8jnZUdvJVztYCSGsfHUfQLRKAy6GuMhAYdfTEJZYUNIzaaXCE9x 36 | z6ICROOhWYSpQym6BympaX0hToth5mvs1EGtGwprYCNO3NYJLOjibxMf6YnrxljV 37 | 1sImVAQiMfX3tbXtmP2HCcKAOAjjl89uWCX0alzKpzuktPh+aJGxB98VcP0ZFDWT 38 | raQpUNtEkriujQFDeAqhiwARAQABiQI8BBgBCAAmAhsMFiEEjszfEhAK2E2i7n6/ 39 | x4znN6PD4o4FAmTg0oUFCQ0WIKQACgkQx4znN6PD4o5i4g/7BpruR/vUugXJZcpA 40 | fhekst+PwQQ1A5kCeWnm77pku7HqU+BBjxlvBUZdlgzAcuO59Vqqn2Uptn6ha7Kp 41 | N3LelrQHt/7N3Kz/wI8s3ft+m1qwI2l9IZ/49fecaVTPdPBJuyK9ksCEZkV0+lb1 42 | Iu+oc81zUNDM1s63JXasKBFbKcparyd7TO3/wf49UzmOgxPnJtL31NhXvMUMnc6F 43 | 28z1bC+bIoOu7KG56wDeK+7iFVqoxFVuzf8nnCLPDgdmIes77YPcalGJP37nauEa 44 | XvBeaHKJwSPgg/3ZQL8bGsFLxIJxYudDFzf2S45mURyLo1XXFRoqq4TAQMREl0t2 45 | ZgMths3z1colKWy7rREutQz2WZ5QrC9A4i1dG4yw4CQFDKZmfpGONWp5WMEh+oGQ 46 | 5G6whIPoTMzS/1FnV8HssEJC4ziwRE2xR9QR/+MLivRDa0ggm71vTZLacdhMM5bH 47 | h5P/N30RS2zXTMhlsYcT+0MZzgQzKBJ22xKArSLzl2CmmTXflhgE8cGvHm6N5ril 48 | dCsm4gmDxvZTI6MUeR48rSxSLViqG32XhNFoKSW40G+i/CpsoITxLCKNRfOpZMmi 49 | zeP5Lj9DYiuPMvJ164KA8uDlI2pKhL2Ro0MyMENP4TTILLQ1rsEXTaFQUe646o7e 50 | gW11fMmMQPlY/73PUt+oaJT7pPs= 51 | =mn6O 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /_pgp_cache/9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGJ+vc0BEACRcuRdhpQCw4ccAwirgpN3RYkaOX4F1lgz+mhBGvIAm5pr3GKD 4 | pQ+dV+68ehvflL7rkxDpXFXAKIcaZSQlMPidi+w04iM7Vlz+3tPXeCbMRSNvrbDE 5 | MBWuDizGXPU8+5iA+hcuuuKqJ9EkHzPXRv+JJdy1CYOptwz24L3jwLGs2y3ESe0o 6 | Vc+co9d71FUOGtixpSoKiSI/cYr16xLC3rPsRogvSm/Pn7SLbFQLWUH9arWJLYIn 7 | q3/h30npK+jsLX1Q+fu6GA5cY6e3yljrHv2QX2Guo/8uyxvHx0UI+F2WK87embz4 8 | lOgpITgU7gAgNwIkSpVpt06GvH74xqWfyIFuDB0E9uOnAyyXzcYQc869O7Abb46a 9 | +axN2a3G1//lj0pcU9mxUUSbcReNLiGjkh8alTQs+UupVozzdKPIoQjdorqQEtWG 10 | IyEkwgscGAL7ByWS+sEYzWdUFdHlMA9uLiBqWf06zN1Nay9LdyUfQWLBFBlHeJJL 11 | SIAPXCfCbRhdIYnBbdv155aclPDoS+RoIL+CDXDlBW4NSm1UgcCjgjfYV6bc4wfl 12 | pY/esUhXmZLUe3xxWk/rIovZyBgS+P8GS0/BrZD5BGzSnJdVouHbjiH0NU2ug57L 13 | fLkQB8yV2AXYEh7AfxiO1OW+NPgAQ3web4fxnH/zpV6n4j0654p7HgDcyQARAQAB 14 | tCpZdSBXYXRhbmFiZSA8d2F0YW5hYmUueXUrZ2l0aHViQGdtYWlsLmNvbT6JAlIE 15 | EwEIADwWIQSad02125lsFU67+/2gCZoY4pMm4QUCYn69zQIbAwULCQgHAgMiAgEG 16 | FQoJCAsCBBYCAwECHgcCF4AACgkQoAmaGOKTJuHbdw/+KvzX2M/d7A8ethhtNSZ4 17 | kiDTC1AGS2zqpJJQLmvtZveWZ5U5zYH1a//ju6Giyq071KCxeZ3Fa2yiXLPXtjDy 18 | ao3hIAPFTtWgEOlRgpzO/iRFwx6ihUbiW2LIa+LoKeivH6EV4AwCSAbrUEQ5nXih 19 | yvVie6uyZ+qS9END62atSXqfue1k+QNNFvtyqVTSKnrFgXcH/C1c0aA/s/ByGNVX 20 | XKRslmnVqqwxR2OHMRrOnNubgQYlgAjelgoiohzsgus7YzdkUXfQ9CN2B2gajxsp 21 | xznt7HJVRjwugkvPIDLsQfEA2typHViOxijaJgohOz5l87v9hKppc/BLj28/jC0o 22 | EyafbubBUmYiCV65UgL/PCfTXnHraS4xZDs+dwaq2X4Ba0XBHO2BnIT/kdIoUN7R 23 | gyf9qzVst4/p/O5G9U5nOG3H6yGQ0Q1Smyb9gR7n8pkZEv+96Br65FrM2SXcBc5g 24 | iifuW0Kfsqp0OVBNSbVBiIQ5spfQc3SzBAgj0TmG2doxyJvErAfsJPzWeVnMNAsc 25 | qCDXBx1y6Mib79xE9iqeDz+c3S9ZsOLDmBkVNh5jjRJj4HL1D3g2W+w6Y/qvdycv 26 | OH+pWMycmJVYri74LJbWMBFQysGqv9DjjZb6yajK3Na3Kv96HsE+37V2qFYVB97I 27 | 50uFPxH6BZlz91NepqS4nhy5Ag0EYn69zQEQAKr4PhfbF1Z5todAQEV2koIk1Yvx 28 | /K3eDI/JnmXc/x65Abhvt0LUC0ukWvAcuusffOk8BpSA4YNT3fOL2CdnAkP3lWKy 29 | YZeHtd4sjxR6zMUOPV62oTSTt8RmZ4alWXP2b0pW7/cKt/Dz/WRYbk0XFOffuCiZ 30 | OQ4aqc7e+YHwB/YkVs9R14ID5Tio6Pg/wz1zmSkJhmesN+hxJixa9I9V/qyfJhRr 31 | XCZh5NCAGMnKFSFtub6J35zlXa4DEFi78z2sHkK6cdw/rEeWvSewaBZukBKDWdhN 32 | zOkLcg0Z84I/Ds3sXM74NRVZTRxLMKCCjWJrOhBrFAFaOh/2SEIoURwvJuj0uC/Z 33 | q8+QNX87weFFaSSawwy4X3Px+zRl9wpqNlMPZuZKi68F8AMeUmIxo7WL886UBeZ+ 34 | /wksoj/6t6bCIZwMNNsS8Jg5d7KrIeORjDMi6iNzafDXArMWIPkimg+xlppFnJLU 35 | 1+jMXjdixgl2va8wp2btTxCKYy8ICKC2lqB2DpFq0/CcBdSyI+ao4c5S3Kvv9rRV 36 | CKbGKNAtqWATztpcOv1RjQ94UKWGi0iJKPBRh+mVoIOXQWiYmpv+8kpY9/bsK+lr 37 | p6RrCwvlbD0PUWJM6e6X3OSV8mVPGNpjdLlK5iuVedHU+ONyVqlAl4l5slYYz6U5 38 | qgG+EiBk6etuqfEdABEBAAGJAjYEGAEIACAWIQSad02125lsFU67+/2gCZoY4pMm 39 | 4QUCYn69zQIbDAAKCRCgCZoY4pMm4e/yD/93SEVwimmAy0qBILAj6jUSkVddea60 40 | e4IQv1Xp5sbY+8JdGB7REakFAHOvwRhv/RYV+l0UBscW+u5j1JG4dvgpBCdDGAy9 41 | M35kVof9OdMQCxmUJO5D7wU7bENS+9JgjuM7NHHddzmFhTagAhAInCNSvlnZaTBZ 42 | KSBS880WZH28F3GJrmSJzZd2OpjcKFqzCmM6HwvxFimUhr4S4/5awduW3zMjQoyv 43 | +kJgKZWKUtS97UdnPK8BRANfbjeXDn70ao7TebJm0DaNnB0UddkQMbnYpZOTqEPD 44 | mJ39Ugc8tk3cw5EqHwD9H9yhsbVBEJmOTaMd6WjgcVN6PNs1So+7TveSh66Jj2l3 45 | A4zGhPP+CuRD+ZXZHdNwsvIYVN4No1UGgXUs23gRtP2hwtT1t2hCXAJYVE4sD4D6 46 | didtR9JVb46psxfTANexe5S/uzqMZ9bJsg54dxFhhw0wZFhptNEmSUjfDTvlD9Rk 47 | uil3324HFVAm7ZrefiP+NGPqj/FTc4ZKThhyoPNQRhbANFvNfD3+EYiqDXCkkkkv 48 | p7HR47nbhzl7RC/y7QY7OFkeNRdgZyOvaaizwuxuncoejPcivjGQ+KbRvG2c0Kr/ 49 | D+ZeTj9fkqce3cHVkxqFEcx9e8Ps0jwd6LRqQ04zRtFTJxK5ac+e+dtDW5hrwGFA 50 | HcRCOxTr2xTemQ== 51 | =+88M 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /_pgp_cache/A5189DB69C1164D33002936646502EF796917195.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQENBFPirzMBCACyzYldTjQ4ufFOkByY5Nn5USb5GFoL48nWBwNHjd9KUbtRRNlQ 4 | iPNKd6hKGvd3BGi5aoFKA4ytfRk6jbAbW3jVb3R8wYaV08mOy4KVEKxqN4bxsXlM 5 | jNChXVR+rtKDmfI+oPTL+cPH2X6gW4W02IRbVw0uUhNm6zEedC/gNrY/mTlf1enZ 6 | 46jxZ7BTUZaG+kx38UMISIMBzSzLRtdkwgmHj4jS3p1fF2cwRqLclIfMjKGpbNFP 7 | EXeXKWrCLcqHw78795eAR9q0YvrDkfInGdDBwfb3VM4NdulwIFzvYZMSXvSbbyPL 8 | B5YkHU5aAWQHUse4WlfT5ccDpbzUYldRAvF9ABEBAAG0K0Jlcm5oYXJkIFZvZWxr 9 | ZXIgPG1haWxAYmVybmhhcmQtdm9lbGtlci5kZT6JATkEEwECACMFAlPirzMCGwMH 10 | CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBGUC73lpFxle5wCACCdbs0QaJ0 11 | vR3Sff2cKdTk41rUq3YfWngsR///IOU0C5DdkePmCnJE/lUsUy0LRTxcUDLxQR+x 12 | QHU8ssRT0JUO9726dI3miy36UdsgmBYaOtLvQcidGmW1R7o0PYYf04+TFtyqKgng 13 | OUBPpMgR6o4UsQxy/OD4bN1WDqOgIjL+D/qJpkKmgp6L6+hhaBCpiOFKRmmV7YyQ 14 | 3SqVlfQNiHs5ZtkRnXpIjgZARV+GllKucI17bO0CGmTJZ1tstVy0+W3DQT1lbBkT 15 | Tc++5LONM99D3jjn23l1ocOpfolR53F7I4cb2RNfT23v1I59RH37lB9wMOqrKj0U 16 | jYAC2YoPGQ3BuQENBFPirzMBCADXLWWpQihBldY6reca8ZKdc3T9qXEOa3akE3DW 17 | KztIBmNJhtYOjmpLYajQTkGa7UoJTnbmZE2Rn6ZEoNnvb0gcFNAIcY95KOI+bjOR 18 | 8HEgh4cx2REXh6L6olIgyXqt/KFusE4wtVZAFxZl+30HzN6nD+1HvrjXxPJRX6Ms 19 | IYOYyyX9/6OofwJK6QHODYGp8WL2olHDnmsXg4AT6Wlr7qKpKrQELlcFR4xkvdmg 20 | L/Ghw/tK0yJTxMIcewCCZWLPOXRmFRbvAadZWPAgVsJ63siNyUlVnVMSzDgTJl+s 21 | l/DMabXpqrJQx3/1Yy6mTaDs3XZT/wmBKaTLXx/LByaPxQQ7ABEBAAGJAR8EGAEC 22 | AAkFAlPirzMCGwwACgkQRlAu95aRcZWVPwgAqZT6iTXkoP37wYb41323RzhBcJ8J 23 | Sk4cyBDBUXX0lMrM3qhiClKG7phpxVdu817Gwc6Hsecg7FfjQAV8MHQ0ZFeEFdk3 24 | b2rKBqfsStc+h49/xF3Fb+ifCzR9qeQF82fMSxkg18++7hMcHCMO/hPZ/Q0xRi+l 25 | rSr2QKDJQuLzSyVU14TxrCkevZjEhtmaVNvcJlJzCbiBXee9Fpc5jITUXPFG8E8d 26 | xqo1n+duOyIMgozrAnzP7X5V/Ob/Ozf/aGGX9+JdinyfCX18nWcHALKMU/36Eua/ 27 | ylalf/2c2YkBp9KCLVmGgPkUgW52EeRPgroIsiwu+rwCSV6ZUyCJ+OymCg== 28 | =d/K6 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /_pgp_cache/ABAF11C65A2970B130ABE3C479BE3E4300411886.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQENBE55CJIBCACkn+aOLmsaq1ejUcXCAOXkO3w7eiLqjR/ziTL2KZ30p7bxP8cT 4 | UXvfM7fwE7EnqCCkji25x2xsoKXB8AlUswIEYUFCOupj2BOsVmJ/rKZW7fCvKTOK 5 | +BguKjebDxNbgmif39bfSnHDWrW832f5HrYmZn7a/VySDQFdul8Gl/R6gs6PHJbg 6 | jjt+K7Px6cQVMVNvY/VBWdvA1zckO/4h6gf3kWWZN+Wlq8wv/pxft8QzNFgweH9o 7 | 5bj4tnQ+wMCLCLiDsgEuVawoOAkg3dRMugIUoiKoBKw7b21q9Vjp4jezRvciC6Ys 8 | 4kGUSFG1ZjIn3MpY3f3xZ3yuYwrxQ8JcA7KTABEBAAG0JExpbnVzIFRvcnZhbGRz 9 | IDx0b3J2YWxkc0BrZXJuZWwub3JnPokBTgQTAQgAOBYhBKuvEcZaKXCxMKvjxHm+ 10 | PkMAQRiGBQJaHxkTAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEHm+PkMA 11 | QRiGzMcH/ieyxrsHR0ng3pi+qy1/sLiTT4WEBN53+1FsGWdP6/DCD3sprFdWDkkB 12 | Dfh9vPCVzPqX7siZMJxw3+wOfjNnGBRiGj7mTE/1XeXJHDwFRyBEVa/bY8ExLKbv 13 | Bf+xpiWOg2Myj5RYaOUBFbOEtfTPob0FtvfZvK3PXkjODTHhDH7QJT2zNPivHG+E 14 | R5VyF1yJEpl10rDTM91NhEeV0n4wpfZkgL8a3JSzo9H2AJX3y35+Dk9wtNge440Z 15 | SVWAnjwxhBLX2R0LUszRhU925c0vP2l20eFncBmAT0NKpn7v9a670WHv45PluG+S 16 | KKktf6b5/BtfqpC3eV58I6FEtSVpM1u0LkxpbnVzIFRvcnZhbGRzIDx0b3J2YWxk 17 | c0BsaW51eC1mb3VuZGF0aW9uLm9yZz6JATgEEwECACIFAk55CJICGwMGCwkIBwMC 18 | BhUIAgkKCwQWAgMBAh4BAheAAAoJEHm+PkMAQRiGbpwH/2jMNyBq6SjFrltEwt6c 19 | wOJak1lkjpP5IfFMemfKPH03jBv98Yb7nnVE/VofRQi0erPvzU9HPitzmq9Hdaz8 20 | pTVD1nNiejn6MBHREY5T10U8J9Holn9S1G3CUvEUaBg+YEhHwWA8hhxFCIRcfz6N 21 | PRkZH5zi9xdXBnjLrE3CpoZwVguwCT/25DuSqqJnviKiH+BOvJi/BnHSnjV1J71M 22 | OpVabaTZKxQ1Qkwiyo7KRa/MrBV4Cw87MjF1jmja91wWNOuAwv1ST+aSaI038zcl 23 | VqbFrc9gHkTeP3o5p8DG3Q7A1pE/yVLRUW+3jucKtiojylWaqxX7FD0RZtIuhNsU 24 | ig+5AQ0ETnkIkgEIAN+ybgD0IlgKRPJ3eksafd+KORseBWwxUy3GH0yAg/4jZCsf 25 | HZ7jpbRKzxNTKW1kE6ClSqehUsuXT5Vc1eh6079erN3y+JNxl6zZPC9v+5GNyc28 26 | qSfNejt4wmwa/y86T7oQfgo77o8Gu/aO/xzOjw7jSDDR3u9p/hFVtsqzptxZzvs3 27 | hVaiLS+0mar9qYZheaCUqOXOKVo38Vg5gkOhMEwKvZs9x3fINU/t8ckxOHq6KiLa 28 | p5Bq87XP0ZJsCaMBwdLYhOFxAiEVtlzwyo3DvMplIahqqNELb71YDhpMq/Hu+42o 29 | R3pqASCPLfO/0GUSdAGXJVhv7L7ng02ETSBmVOUAEQEAAYkBHwQYAQIACQUCTnkI 30 | kgIbDAAKCRB5vj5DAEEYhuobB/9Fi1GVG5qnPq14S0WKYEW3N891L37LaXmDh977 31 | r/j2dyZOoYIiV4rx6a6urhq9UbcgNw/ke01TNM4y7EhW/lFnxJQXSMjdsXGcb9Hw 32 | UevDk2FMV1h9gkHLlqRUlTpjVdQwTB9wMd4bWhZsxybTnGh6o8dCwBEaGNsHsSBY 33 | O81OXrTE/fcZEgKCeKW2xdKRiazu6Mu5WLU6gBy2nOc6oL2zKJZjACfllQzBx5+6 34 | z2N4Sj0JBOobz4RR2JLElMEckMbdqbIS+c+n02ItMmCORgakf74k+TEbaZx3ZTVH 35 | nhvqQqanZz1i4I5IwHJxkUsYLddgYrylZH+MwNDlB5u3I138 36 | =d8eq 37 | -----END PGP PUBLIC KEY BLOCK----- 38 | -------------------------------------------------------------------------------- /_pgp_cache/B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBE6StA4BEACp9++Y+DgbBloJEuVhsDjDIvAR1n/aHPDyPQQzg/DkKtR3BXHn 4 | dGfTL9/DR8y9YzLNwUf2lWsEAvwHZ2XfUTp5S5nVbgpAB0/Q2ebP0TnkNYaRkxq7 5 | VJF+kvUcA6hxYKYcIos2kJyfVytPE6FpFBqlgTmjcCTx4HHwePkVTVRyotOoA2V/ 6 | UUwixgkyG7aVfy4QBKHAkATpTPC4l+ISaOHKUiajxRoa99rpmBPl4FhIw3b5rPYA 7 | 26q9Pz8q1AwbXA1PXxzwKVqqfwEkl6sxUVKiM8rUuhic2lnDMIXexNMvqznpFqtB 8 | v7n+z/5N8RbB1DQjWpy/Z7OW6yyYXW9e33c6IgU5n46rIyTPYyzq3mDfOsJdvoG/ 9 | nhF7VUkGDPYWfmx9ejvpKdoNCQ2q+MVp20msntcETcOq1r9SJwNXcsx+I/3ptbtX 10 | Q+MQyA1L5FifkpA7+akITF5luOqUb2TToEBLiF/nn8y0sIUa/HGgcUrK2N9E1VNJ 11 | tcIt/z0sZJUHYC+EBh/G0UNt9tRwPdnUks5sua1sCquXnkd9IS0Kr3Kq/C6JOKzz 12 | UDGdFKVc6wExf70hX5h0g1kkypyjNwipGSdk+qVXO0IF/tKMToa8WZqoK3enzryI 13 | Kmdq7IQ0ThdTTTC1ctVk4367/30prpNHF4/642G0OOiQCzWBrb0V217HvQARAQAB 14 | tBtLYXJlbCBaYWsgPGt6YWtAcmVkaGF0LmNvbT6JAlUEEwEIAD8CGwMGCwkIBwMC 15 | BhUIAgkKCwQWAgMBAh4BAheAFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmRkpsEF 16 | CSid9bMACgkQ5LcdXuw5woSvFA/+LYBDPSubYZF4lS8lNlWwRNe1gP9VrCkaF5mb 17 | Psx7cV8eHQICR/QJD7WDSIHlnfaBCmNelwGRc76PB23Huvq8xwvTYiQDWdqIN4Vl 18 | gDLqSganq53poN1BNBFRP6ubsdGjHlSYH+ygf8XXL/h+/b9Ud61eb43XQ5sUhFQU 19 | kEZEiJ26rCwOQWnlyJBMzo0axwW55qKoMmNjcwtRrB5kW7QDZ8BHVZiEqVrjJxQh 20 | 0NpwrjlFdRZ8Ak+/3Iz1UOIJl+p0+5sjx6iY7Xy7oKP28msdLcqRy/o58A+IHGQ1 21 | Y5DeeosNkatnT9+7TQdAxJdJzuLpH9WTmXyIoG1DP8p2A2fjvLpYMEomWKYBb6ci 22 | 1MZaI1Kdw9BX3xfaI0OhRDArLN0Nu630jTLafwf+jv8OtNEtb2BnbHWIrQw0rRc7 23 | 877VRu7wmyTroj5IJthuEVr+NWw9RqCMljO/SDoR3GzE+2xSvKQlZU//vIBdHiVV 24 | u4IbKhHlYELFMiqmNWoqlTFwstpP+TgYYtwf0Xuhv/1Y7PezI8Zvp8/pjYwmjCg6 25 | CdtTZMSonFBmMuA5hA/5Eg2KEwplHUfz/XgCe4wNv21tnvUY7QuHU2ZvlInEFACM 26 | /4L1cIz7/PmQke7z7WvXP0d2pCMtfTra0RqH1nneNgq0VAhGnyI5qpK+n+hSYTqV 27 | 3VQNNQi5Ag0ETpK0DgEQAMbkeKd3rViqhdcei2tok7Z6Ow+LLcHFJlNB634gk7m3 28 | JRFJdUi/5m5X8wFFL/zx+QEvacekrlsG0lPXUPZkRKbOJlYaAy1lFXi9rd+HcZox 29 | 5V2LmlemY9mnh8FzrQXeIIp93VXz/VrPCJxm12FOmGRzo7sRMKvbjQ6smg6C+KVu 30 | m/xa5XCGN8Q4vYPAohMrq3NtrVVJxeJ6EOGFOyw/XhFCIf85wwW6IcIcl4dA4f2S 31 | 7h/OpPb+XHFKjiQxYpHZWyVbXt/dmvdm+tuL9vxQT/dP9GyhpCfaaX0F8OIyA3BP 32 | iXYguUTselkx8PZYA/qK0YeiVx1uE1qPEAwd0/m3rjNJ3AqYHwBu4ijudswq4kyI 33 | 92Q5L/zHdgdGV7hYQR5FZMRyrLOqQyowKoovFzhIK5Iy/6KeAOsev53m6y4yVCNP 34 | xzvU8iKmX06kzwmSXwIjZOhUXbTCKNg6h/hP+OM5tiJmTUpyqoqFDMxcSEoK32Er 35 | kBooyrkGK5uVL9DkRenNxGBWYb5Iwd2FQ0s3uCKUXHn3f0S/7fpM0T9/rqv1qIX5 36 | ZuIjVXUkazQthXIXPCYUwKBBSyfKrIBE1EScvKx0sT3w8NI7YRLG70E7uRO+U/Sr 37 | mn4wpCJiP+znBKpfDwQMJIEf27T8VCKDJXRr4nvRZlk2l2LnCr6pVnXosQ1B3G0r 38 | ABEBAAGJAjwEGAEIACYCGwwWIQSwxk0UMBzG767fYOTktx1e7DnChAUCZGSnpQUJ 39 | KJ32lwAKCRDktx1e7DnChJ0gD/wOsq5mWpoSvBmhI/Xa4WOl2D9ltYYJxrQpdTd+ 40 | IhUuQUCZle/z6dSO2jsrpcvnwn3OHBQguvX8vzBr2qFeQDjrAbZ4V76teY2Zg+5o 41 | HFy21TlCFrNeFLrk4m8PyCrfQVoQ55ESLPUBp0qK5VLzKjFAHD7+Z90bEie6IGUc 42 | rJyUokTNc7hSWsQk96rAENE6cxCgsEGZhtsS41iBZ4lkhkaVfpPj/yxiiOFw101N 43 | G1PXq+EAJ6iaIvBbNiy+AI9EFVAkX6uMM8INely0HAn/H3/hc/xADiUFolPiIEwK 44 | E04L/8KHVH5vn007kUeMD4DecvL+8XYyT18+jH/Hvpai610uWwfBP50HoKa9A8JD 45 | ppBZaqBGzeNvCMUWU6rxyLoNOeJduUwFTh3mUesBoF7Iqdpe1CphuUlOKWUYY6Jq 46 | ZEZ7oQN630z0QsLzr6YZinnnfMbO9xNktfJPBMju6UPmOHfYI/zJFRe5VTqvG8w3 47 | SxJVriqs75jFpGqSC/a7IcW3j2FeVQ66sAcik4XRA9JO7SpsTJtebAw0tQ8nIkIj 48 | ekmNJnNAlIKOnisKca9QRzuUn5HNPl8UDeN9KjxsFkmDMEkRSuijpLEFe+66bkjP 49 | NdEeAGQJbiXWb1z9vHHQpDPKMXhK18D5PBnLDIl8iFnpDE+M088Xnavf9eYapj2k 50 | Zh9rvA== 51 | =cevX 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /_vagrant/README.md: -------------------------------------------------------------------------------- 1 | Vagrant machine to use SELinux with Arch Linux 2 | ============================================== 3 | 4 | Build an Arch Linux virtual machine with SELinux set up. 5 | 6 | Basic usage 7 | ----------- 8 | 9 | First Vagrant needs to be installed (cf. https://wiki.archlinux.org/index.php/Vagrant) and a box named "``archlinux``" needs to be added. 10 | There are several ways to achieve this: 11 | 12 | * Use a base image from [Arch Linux wiki](https://wiki.archlinux.org/index.php/Vagrant#Base_Boxes_for_Vagrant), for example: 13 | 14 | vagrant box add --name archlinux terrywang/archlinux 15 | 16 | * or use [Packer Arch](https://github.com/elasticdog/packer-arch): 17 | 18 | git clone https://github.com/elasticdog/packer-arch 19 | cd packer-arch 20 | ./wrapacker -p virtualbox 21 | vagrant box add --name archlinux output/packer_arch_virtualbox.box 22 | 23 | It is also possible to use libvirt instead of VirtualBox as Vagrant backend. The boxes can be mutated using vagrant mutate plugin: 24 | 25 | vagrant plugin install migrate 26 | vagrant mutate archlinux libvirt 27 | 28 | Once there is an ``archlinux`` box in vagrant storage, these commands clone the git repository and build a new vagrant virtual machine. 29 | 30 | git clone https://github.com/archlinuxhardened/selinux 31 | cd selinux/_vagrant 32 | vagrant up 33 | vagrant ssh 34 | 35 | The ``vagrant up`` command takes some time because all packages related to SELinux are built in the provisioning phase. 36 | Once ``vagrant up`` completed, you can enjoy SELinux by connecting to the virtual machine with ``vagrant ssh``. 37 | 38 | When you want to destroy the virtual machine, simply run ``vagrant destroy``. 39 | -------------------------------------------------------------------------------- /_vagrant/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | require './vagrant-reload' 5 | 6 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 7 | # configures the configuration version (we support older styles for 8 | # backwards compatibility). Please don't change it unless you know what 9 | # you're doing. 10 | Vagrant.configure(2) do |config| 11 | config.vm.define "arch-selinux" do |machine| 12 | # Use Arch Linux Vagrant Base box 13 | # https://wiki.archlinux.org/index.php/Vagrant#Base_Boxes_for_Vagrant 14 | machine.vm.box = "archlinux/archlinux" 15 | 16 | # SETools 4 requires more than 2048 MB of RAM 17 | machine.vm.provider :libvirt do |v| 18 | v.memory = 3072 19 | 20 | # Disable "Copy host CPU Configuration" to prevent the following KVM error on Intel CPUs: 21 | # "the CPU is incompatible with host CPU: Host CPU does not provide required features: svm" 22 | #v.cpu_mode = "custom" 23 | #v.cpu_model = nil 24 | end 25 | machine.vm.provider :virtualbox do |v| 26 | v.memory = 3072 27 | end 28 | 29 | # Do not use a shared folder for packages, as VirtualBox shared folders 30 | # cause issues when using "install" files. 31 | machine.vm.synced_folder "..", "/srv/arch-selinux", type: "rsync", 32 | rsync__exclude: [".git/", "_vagrant/.vagrant/"] 33 | 34 | # Build and install packages and configure SELinux 35 | machine.vm.provision :shell, path: "step1_install_and_configure.sh" 36 | machine.vm.provision :reload 37 | # After the first reboot, relabel everything 38 | machine.vm.provision :shell, path: "step2_relabel.sh" 39 | # Reboot in a clean environment 40 | machine.vm.provision :reload 41 | end 42 | end 43 | -------------------------------------------------------------------------------- /_vagrant/install_local_refpolicy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Install refpolicy in the virtual machine when it is found in a subdirectory. 3 | # This allows testing the latest revision of the reference policy with custom 4 | # patches before they are submitted upstream. 5 | # 6 | # In order to create the refpolicy directory, this command can be used from the 7 | # root directory of this project: 8 | # cd _vagrant && git clone --recursive https://github.com/SELinuxProject/refpolicy.git 9 | # 10 | # In order to load a policy: 11 | # vagrant rsync && echo '/vagrant/install_local_refpolicy.sh' | vagrant ssh 12 | 13 | # Exit once a command fails 14 | set -e 15 | 16 | REFPOL_DIR="$(dirname -- "$0")/refpolicy" 17 | 18 | # Ensure that build.conf contains settings suitable to Arch Linux 19 | if ! grep '^DISTRO *= *arch$' "$REFPOL_DIR/build.conf" > /dev/null 20 | then 21 | echo 'DISTRO = arch' >> "$REFPOL_DIR/build.conf" 22 | fi 23 | 24 | # Arch Linux uses systemd 25 | if ! grep '^SYSTEMD *= *y$' "$REFPOL_DIR/build.conf" > /dev/null 26 | then 27 | echo 'SYSTEMD = y' >> "$REFPOL_DIR/build.conf" 28 | fi 29 | 30 | # Let's disable user-based access control for now 31 | if ! grep '^UBAC *= *n$' "$REFPOL_DIR/build.conf" > /dev/null 32 | then 33 | echo 'UBAC = n' >> "$REFPOL_DIR/build.conf" 34 | fi 35 | 36 | make -C "$REFPOL_DIR" clean 37 | make -C "$REFPOL_DIR" conf 38 | make -C "$REFPOL_DIR" all 39 | make -C "$REFPOL_DIR" validate 40 | sudo -s make -C "$REFPOL_DIR" install 41 | sudo -s make -C "$REFPOL_DIR" install-headers 42 | if ! (LANG=C sestatus -v | grep '^Loaded policy name:\s*refpolicy$' > /dev/null) 43 | then 44 | # Use the new policy 45 | sudo -s sed -i -e 's/^\(SELINUXTYPE=\).*/SELINUXTYPE=refpolicy/' /etc/selinux/config 46 | fi 47 | sudo -s semodule -s refpolicy -i /usr/share/selinux/refpolicy/*.pp 48 | sudo -s semodule --reload 49 | 50 | # Update interface_info 51 | sudo -s sepolgen-ifgen -o /var/lib/sepolgen/interface_info -i /usr/share/selinux/refpolicy 52 | 53 | # Fix the SELinux user of the policy store and configuration 54 | sudo -s restorecon -RF /etc/selinux/ /var/lib/selinux/ 55 | echo 'Success: SELinux now uses refpolicy.' 56 | -------------------------------------------------------------------------------- /_vagrant/step2_relabel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Step 2: relabel all files 3 | 4 | set -e 5 | 6 | # Fail early if not booted with SELinux 7 | if ! (LANG=C sestatus | grep '^SELinux status: *enabled') 8 | then 9 | echo >&2 "SELinux is not enabled. Step 1 failed!" 10 | exit 1 11 | fi 12 | 13 | # Allow SSH login for sysadm_u 14 | semanage boolean --modify --on ssh_sysadm_login 15 | 16 | # Allow every domain to use /dev/urandom 17 | semanage boolean --modify --on global_ssp 18 | 19 | # Allow users to send ping 20 | semanage boolean --modify --on user_ping 21 | 22 | # Allow systemd-tmpfiles to manage every file 23 | semanage boolean --modify --on systemd_tmpfiles_manage_all 24 | 25 | # Make vagrant user use sysadm_u context 26 | if ! (semanage login -l | grep '^vagrant' > /dev/null) 27 | then 28 | echo "Configuring SELinux context for vagrant user" 29 | semanage login -a -s sysadm_u vagrant 30 | fi 31 | 32 | # Label /srv/arch-selinux and /vagrant as vagrant's home files 33 | if semanage fcontext --list | grep '^/srv/arch-selinux(/\.\*)?' 34 | then 35 | semanage fcontext -m -s sysadm_u -t user_home_t '/srv/arch-selinux(/.*)?' 36 | else 37 | semanage fcontext -a -s sysadm_u -t user_home_t '/srv/arch-selinux(/.*)?' 38 | fi 39 | if semanage fcontext --list | grep '^/vagrant(/\.\*)?' 40 | then 41 | semanage fcontext -m -s sysadm_u -t user_home_t '/vagrant(/.*)?' 42 | else 43 | semanage fcontext -a -s sysadm_u -t user_home_t '/vagrant(/.*)?' 44 | fi 45 | 46 | # On systems with syslinux, ldlinux.sys is immutable but needs to be relabelled 47 | if [ -e /boot/syslinux/ldlinux.sys ] 48 | then 49 | if ! (getfilecon /boot/syslinux/ldlinux.sys | grep system_u:object_r:boot_t > /dev/null) 50 | then 51 | chattr -i /boot/syslinux/ldlinux.sys 52 | restorecon -vF /boot/syslinux/ldlinux.sys 53 | syslinux-install_update -u 54 | fi 55 | fi 56 | 57 | echo "Relabelling the system..." 58 | restorecon -RF / 59 | -------------------------------------------------------------------------------- /_vagrant/vagrant-custom.cil: -------------------------------------------------------------------------------- 1 | ; Custom SELinux policy rules for Vagrant VM 2 | 3 | ; Vagrant performs "ssh sudo ..." without allocating a pseudo-terminal. 4 | ; This leads sudo to directly using sshd pipes, as well as other processes 5 | ; spawned from the provision script 6 | (typeattribute can_use_sshd_pipe) 7 | (typeattributeset can_use_sshd_pipe ( 8 | gpg_t 9 | load_policy_t 10 | semanage_t 11 | setfiles_t 12 | sysadm_sudo_t 13 | )) 14 | (allow can_use_sshd_pipe sshd_t (fifo_file (append getattr ioctl read write))) 15 | 16 | ; "vagrant rsync" makes Vagrant invoke "sudo rsync" without a shell which would 17 | ; make sudo transition out of sysadm_sudo_t. 18 | ; Therefore add a transition from sysadm_sudo_t to sysadm_t through rsync_exec_t 19 | (optional sysadm_sudo_rsync_transition 20 | (allow sysadm_t rsync_exec_t (file (entrypoint))) 21 | (typetransition sysadm_sudo_t rsync_exec_t process sysadm_t) 22 | ) 23 | -------------------------------------------------------------------------------- /_vagrant/vagrant-reload.rb: -------------------------------------------------------------------------------- 1 | # From https://raw.githubusercontent.com/aidanns/vagrant-reload 2 | begin 3 | require "vagrant" 4 | rescue LoadError 5 | raise "The Vagrant AWS plugin must be run within Vagrant." 6 | end 7 | 8 | # This is a sanity check to make sure no one is attempting to install 9 | # this into an early Vagrant version. 10 | if Vagrant::VERSION < "1.2.0" 11 | raise "The Vagrant Reload plugin is only compatible with Vagrant 1.2+" 12 | end 13 | 14 | module VagrantPlugins 15 | module Reload 16 | 17 | VERSION = "0.0.1" 18 | 19 | class Plugin < Vagrant.plugin("2") 20 | name "Reload" 21 | description <<-DESC 22 | The reload plugin allows a VM to be reloaded as a provisioning step. 23 | DESC 24 | 25 | provisioner "reload" do 26 | class ReloadProvisioner < Vagrant.plugin("2", :provisioner) 27 | 28 | def initialize(machine, config) 29 | super 30 | end 31 | 32 | def configure(root_config) 33 | end 34 | 35 | def provision 36 | options = {} 37 | options[:provision_ignore_sentinel] = false 38 | @machine.action(:reload, options) 39 | begin 40 | sleep 10 41 | end until @machine.communicate.ready? 42 | end 43 | 44 | def cleanup 45 | end 46 | 47 | end 48 | ReloadProvisioner 49 | 50 | end 51 | end 52 | end 53 | end 54 | 55 | -------------------------------------------------------------------------------- /base-devel-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = base-devel-selinux 2 | pkgdesc = Meta package that substitutes base-devel group with SELinux support 3 | pkgver = 1 4 | pkgrel = 1 5 | url = https://github.com/archlinuxhardened/selinux 6 | arch = any 7 | groups = selinux 8 | license = GPL 9 | depends = base-selinux 10 | depends = autoconf 11 | depends = automake 12 | depends = binutils 13 | depends = bison 14 | depends = fakeroot 15 | depends = flex 16 | depends = gcc 17 | depends = groff 18 | depends = libtool 19 | depends = m4 20 | depends = make 21 | depends = patch 22 | depends = pkgconf 23 | depends = sudo-selinux 24 | depends = texinfo 25 | depends = which 26 | 27 | pkgname = base-devel-selinux 28 | 29 | -------------------------------------------------------------------------------- /base-devel-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Substitution for Arch Linux's base-devel -group as a meta package for SELinux 2 | # https://www.archlinux.org/groups/x86_64/base-devel/ 3 | # https://wiki.archlinux.org/index.php/SELinux 4 | 5 | # Maintainer: Tuomo Kuure 6 | 7 | pkgname=base-devel-selinux 8 | pkgver=1 9 | pkgrel=1 10 | pkgdesc='Meta package that substitutes base-devel group with SELinux support' 11 | arch=('any') 12 | license=('GPL') 13 | url='https://github.com/archlinuxhardened/selinux' 14 | groups=('selinux') 15 | depends=( 16 | 'base-selinux' 17 | 'autoconf' 18 | 'automake' 19 | 'binutils' 20 | 'bison' 21 | 'fakeroot' 22 | 'flex' 23 | 'gcc' 24 | 'groff' 25 | 'libtool' 26 | 'm4' 27 | 'make' 28 | 'patch' 29 | 'pkgconf' 30 | 'sudo-selinux' 31 | 'texinfo' 32 | 'which' 33 | ) 34 | -------------------------------------------------------------------------------- /base-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = base-selinux 2 | pkgdesc = Minimal packages for Arch Linux installation with SELinux support 3 | pkgver = 1 4 | pkgrel = 1 5 | url = https://github.com/archlinuxhardened/selinux 6 | arch = any 7 | groups = selinux 8 | license = GPL 9 | depends = filesystem 10 | depends = gcc-libs 11 | depends = glibc 12 | depends = bash 13 | depends = coreutils-selinux 14 | depends = file 15 | depends = findutils-selinux 16 | depends = gawk 17 | depends = grep 18 | depends = procps-ng 19 | depends = sed 20 | depends = tar 21 | depends = gettext 22 | depends = pciutils 23 | depends = psmisc-selinux 24 | depends = shadow-selinux 25 | depends = util-linux-selinux 26 | depends = bzip2 27 | depends = gzip 28 | depends = xz 29 | depends = licenses 30 | depends = pacman 31 | depends = systemd-selinux 32 | depends = systemd-sysvcompat-selinux 33 | depends = selinux-alpm-hook 34 | depends = iputils 35 | depends = iproute2-selinux 36 | depends = selinux-refpolicy-arch 37 | depends = secilc 38 | depends = dbus-selinux 39 | depends = selinux-dbus-config 40 | depends = mcstrans 41 | depends = restorecond 42 | depends = logrotate-selinux 43 | depends = checkpolicy 44 | 45 | pkgname = base-selinux 46 | 47 | -------------------------------------------------------------------------------- /base-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Substitution for Arch Linux's base -package - SELinux support 2 | # https://wiki.archlinux.org/index.php/SELinux 3 | 4 | # Maintainer: Tuomo Kuure 5 | 6 | pkgname=base-selinux 7 | pkgver=1 8 | pkgrel=1 9 | pkgdesc='Minimal packages for Arch Linux installation with SELinux support' 10 | arch=('any') 11 | license=('GPL') 12 | url='https://github.com/archlinuxhardened/selinux' 13 | groups=('selinux') 14 | depends=( 15 | # Basics 16 | 'filesystem' 'gcc-libs' 'glibc' 'bash' 17 | 18 | # POSIX tools 19 | 'coreutils-selinux' 'file' 'findutils-selinux' 'gawk' 'grep' 'procps-ng' 'sed' 'tar' 20 | 21 | # Standard linux toolset 22 | 'gettext' 'pciutils' 'psmisc-selinux' 'shadow-selinux' 'util-linux-selinux' 'bzip2' 'gzip' 'xz' 23 | 24 | # Arch Linux specific 25 | 'licenses' 'pacman' 'systemd-selinux' 'systemd-sysvcompat-selinux' 'selinux-alpm-hook' 26 | 27 | # Networking 28 | 'iputils' 'iproute2-selinux' 29 | 30 | # SELinux packages 31 | 'selinux-refpolicy-arch' 'secilc' 'dbus-selinux' 'selinux-dbus-config' 'mcstrans' 'restorecond' 32 | 'logrotate-selinux' 'checkpolicy' 33 | ) 34 | -------------------------------------------------------------------------------- /base_pkglist.txt: -------------------------------------------------------------------------------- 1 | ; Here is a list of Arch Linux packages which need to be recompiled with SELinux support. 2 | ; "core/foo = 1.4.2-1" means that: 3 | ; * "foo" is a base package from "core", which is replaced by "foo-selinux" 4 | ; * "foo-selinux/PKGBUILD" is in sync with "foo" version 1.4.2-1 5 | ; the version is optional. Not having it means that the -selinux package uses 6 | ; the same pkgrel as the base package. 7 | 8 | core/coreutils 9 | extra/cronie = 1.7.2-1 10 | core/dbus 11 | core/dbus-broker 12 | core/findutils 13 | core/iproute2 14 | core/logrotate 15 | core/openssh 16 | core/pam 17 | core/pambase 18 | core/psmisc 19 | core/shadow 20 | core/sudo 21 | core/systemd 22 | core/util-linux 23 | -------------------------------------------------------------------------------- /build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Build in a per-user temporary folder by default, if there is no directory 4 | # specified in /etc/makepkg.conf. 5 | # This directory can be specifically mounted with "exec" option on systems 6 | # where /tmp is mounted "noexec". 7 | 8 | # Find the configured BUILDDIR 9 | if [ -z "$BUILDDIR" ] ; then 10 | BUILDDIR="$(bash -c 'shopt -u extglob ; source /etc/makepkg.conf ; echo $BUILDDIR')" 11 | if [ -z "$BUILDDIR" ] ; then 12 | BUILDDIR="/tmp/makepkg-$(id -nu)" 13 | fi 14 | fi 15 | export BUILDDIR 16 | 17 | # Build a package 18 | pkgbuild() { 19 | # Uncomment the following line to skip already-installed packages 20 | #if pacman -Qq "$1" > /dev/null 2>&1 ; then return; fi 21 | 22 | # Clean up the package folder 23 | rm -rf "./$1/src" "./$1/pkg" 24 | rm -f "./$1/"*.pkg.tar.xz "./$1/"*.pkg.tar.xz.sig 25 | rm -f "./$1/"*.pkg.tar.zst "./$1/"*.pkg.tar.zst.sig 26 | 27 | # makepkg options: 28 | # -s (--syncdeps): Install missing dependencies 29 | # -C (--cleanbuild): Remove $srcdir before building the package 30 | (cd "./$1" && makepkg -s -C) || exit $? 31 | 32 | # Uncomment the following line to install or update the non-debug packages 33 | #sudo pacman -U $(ls "./$1/"*.pkg.tar.zst | grep -vE '[-]debug') || exit $? 34 | } 35 | 36 | # Build SELinux userspace packages 37 | pkgbuild libsepol 38 | pkgbuild libselinux 39 | pkgbuild checkpolicy 40 | pkgbuild secilc 41 | pkgbuild setools 42 | pkgbuild libsemanage 43 | pkgbuild sepolgen 44 | pkgbuild semodule-utils 45 | pkgbuild restorecond 46 | pkgbuild mcstrans 47 | pkgbuild policycoreutils 48 | pkgbuild selinux-python 49 | pkgbuild selinux-gui 50 | pkgbuild selinux-dbus-config 51 | pkgbuild selinux-sandbox 52 | 53 | # Build core packages with SELinux support 54 | pkgbuild pambase-selinux 55 | pkgbuild pam-selinux 56 | pkgbuild coreutils-selinux 57 | pkgbuild findutils-selinux 58 | pkgbuild iproute2-selinux 59 | pkgbuild logrotate-selinux 60 | pkgbuild openssh-selinux 61 | pkgbuild psmisc-selinux 62 | pkgbuild shadow-selinux 63 | pkgbuild sudo-selinux 64 | pkgbuild util-linux-selinux 65 | pkgbuild systemd-selinux 66 | pkgbuild dbus-selinux 67 | pkgbuild dbus-broker-selinux 68 | pkgbuild cronie-selinux 69 | 70 | # Build refpolicy source package and Arch Linux policy and pacman hook 71 | pkgbuild selinux-refpolicy-src 72 | pkgbuild selinux-refpolicy-arch 73 | pkgbuild selinux-refpolicy-git 74 | pkgbuild selinux-alpm-hook 75 | -------------------------------------------------------------------------------- /checkpolicy/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = checkpolicy 2 | pkgdesc = SELinux policy compiler 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL2 11 | makedepends = libsepol>=3.8 12 | provides = selinux-usr-checkpolicy=3.8-1 13 | conflicts = selinux-usr-checkpolicy 14 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/checkpolicy-3.8.tar.gz 15 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/checkpolicy-3.8.tar.gz.asc 16 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 17 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 18 | sha256sums = 65fa2ba8a251d6d42f030646714e5e2de807ae16e0231de2b03b940aadbadfa5 19 | sha256sums = SKIP 20 | 21 | pkgname = checkpolicy 22 | -------------------------------------------------------------------------------- /checkpolicy/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Timothée Ravier 3 | # Contributor: Nicky726 (Nicky726 gmail com) 4 | # Contributor: Sergej Pupykin (pupykin s+arch gmail com) 5 | # 6 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 7 | # If you want to help keep it up to date, please open a Pull Request there. 8 | 9 | pkgname=checkpolicy 10 | pkgver=3.8 11 | pkgrel=1 12 | pkgdesc="SELinux policy compiler" 13 | arch=('i686' 'x86_64' 'aarch64') 14 | url='https://github.com/SELinuxProject/selinux' 15 | license=('GPL2') 16 | groups=('selinux') 17 | makedepends=('libsepol>=3.8') 18 | conflicts=("selinux-usr-${pkgname}") 19 | provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") 20 | validpgpkeys=( 21 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 22 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 23 | ) 24 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 25 | sha256sums=('65fa2ba8a251d6d42f030646714e5e2de807ae16e0231de2b03b940aadbadfa5' 26 | 'SKIP') 27 | 28 | build() { 29 | cd "${pkgname}-${pkgver}" 30 | make 31 | } 32 | 33 | package() { 34 | cd "${pkgname}-${pkgver}" 35 | make DESTDIR="${pkgdir}" install 36 | install -m 0755 test/dismod "${pkgdir}"/usr/bin/sedismod 37 | install -m 0755 test/dispol "${pkgdir}"/usr/bin/sedispol 38 | } 39 | -------------------------------------------------------------------------------- /clean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Clean all compiled packages and AUR source tarballs 3 | # This does NOT clean downloaded files. To find these files, you can use: 4 | # git ls-files --ignored --others --exclude-standard 5 | 6 | # Ensure current directory is the top dir 7 | cd "$(dirname -- "$0")" 8 | 9 | rm -frv ./*/src/ ./*/pkg/ 10 | rm -fv ./*/*.pkg.tar.xz 11 | rm -fv ./*/*.pkg.tar.xz.sig 12 | rm -fv ./*/*.pkg.tar.zst 13 | rm -fv ./*/*.pkg.tar.zst.sig 14 | rm -fv ./*/*.src.tar.gz 15 | rm -fv ./*/*.log 16 | 17 | # Also clean the downloaded base PKGBUILDs 18 | rm -frv base-noselinux/ 19 | -------------------------------------------------------------------------------- /commit_update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Commit local modifications to prepare the update of AUR packages 3 | 4 | cd "$(dirname -- "$0")" || exit $? 5 | 6 | # Run the given command after displaying it 7 | log_and_run() { 8 | echo "Running: $*" 9 | "$@" || exit $? 10 | } 11 | 12 | # reset the git repository 13 | log_and_run git reset HEAD 14 | 15 | for DIR in $(find . -maxdepth 2 -name PKGBUILD -printf '%h\n' | sort) 16 | do 17 | PKGNAME="${DIR##*/}" 18 | 19 | # Ignore directories without any change 20 | [ -n "$(git status --porcelain "$DIR")" ] || continue 21 | 22 | # Update .SRCINFO 23 | echo "Committing update to ${DIR#./} package" 24 | (cd "$DIR" && makepkg --printsrcinfo > .SRCINFO) || exit $? 25 | 26 | # Commit everything with a custom commit message 27 | log_and_run git add "$DIR" 28 | PKGVER="$(sed -n 's/^\s*pkgver = \(.*\)$/\1/p' "$DIR/.SRCINFO" | head -n1)" 29 | PKGREL="$(sed -n 's/^\s*pkgrel = \(.*\)$/\1/p' "$DIR/.SRCINFO" | head -n1)" 30 | log_and_run git commit -m "$PKGNAME $PKGVER-$PKGREL update" 31 | tput bold 32 | echo "$PKGNAME changes has been committed. You can now push them to the AUR with:" 33 | echo "git subtree push --prefix=${DIR#./} aur-$PKGNAME master" 34 | tput sgr0 35 | done 36 | -------------------------------------------------------------------------------- /coreutils-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = coreutils-selinux 2 | pkgdesc = The basic file, shell and text manipulation utilities of the GNU operating system with SELinux support 3 | pkgver = 9.7 4 | pkgrel = 1 5 | url = https://www.gnu.org/software/coreutils/ 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = GPL-3.0-or-later 10 | license = GFDL-1.3-or-later 11 | makedepends = git 12 | makedepends = gperf 13 | makedepends = python 14 | makedepends = wget 15 | depends = acl 16 | depends = attr 17 | depends = glibc 18 | depends = gmp 19 | depends = libcap 20 | depends = libselinux 21 | depends = openssl 22 | provides = coreutils=9.7-1 23 | provides = selinux-coreutils=9.7-1 24 | conflicts = coreutils 25 | conflicts = selinux-coreutils 26 | source = git+https://git.savannah.gnu.org/git/coreutils.git?signed#tag=v9.7 27 | source = git+https://git.savannah.gnu.org/git/gnulib.git 28 | validpgpkeys = 6C37DC12121A5006BC1DB804DF6FD971306037D9 29 | b2sums = 9c18801f93853f6f78919f79ce84256260e9f5fa5f496e73ac8b9e2c66106cdcd808fe971f6c064cf4f9a97aae4dd4afc97126a8ac89b59497557f89a3734bab 30 | b2sums = SKIP 31 | 32 | pkgname = coreutils-selinux 33 | -------------------------------------------------------------------------------- /coreutils-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | /coreutils/ 2 | /gnulib/ 3 | -------------------------------------------------------------------------------- /coreutils-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [coreutils] 2 | source = "git" 3 | git = "https://git.savannah.gnu.org/git/coreutils.git" 4 | prefix = "v" 5 | -------------------------------------------------------------------------------- /cronie-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = cronie-selinux 2 | pkgdesc = Daemon that runs specified programs at scheduled times and related tools with SELinux support 3 | pkgver = 1.7.2 4 | pkgrel = 2 5 | url = https://github.com/cronie-crond/cronie/ 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = custom:BSD 11 | depends = pam-selinux 12 | depends = bash 13 | depends = run-parts 14 | depends = libselinux 15 | optdepends = smtp-server: send job output via email 16 | optdepends = smtp-forwarder: forward job output to email server 17 | provides = cron 18 | provides = cronie=1.7.2-2 19 | provides = selinux-cronie=1.7.2-2 20 | conflicts = cron 21 | conflicts = cronie 22 | conflicts = selinux-cronie 23 | backup = etc/anacrontab 24 | backup = etc/cron.d/0hourly 25 | backup = etc/cron.deny 26 | backup = etc/crontab 27 | backup = etc/default/anacron 28 | backup = etc/pam.d/crond 29 | backup = etc/sysconfig/crond 30 | source = https://github.com/cronie-crond/cronie/releases/download/cronie-1.7.2/cronie-1.7.2.tar.gz 31 | source = 80-cronie.hook 32 | source = cron-deny 33 | source = crontab 34 | source = default-anacron 35 | source = cronie-1.7.2-fix-for-gcc15.patch 36 | sha256sums = f1da374a15ba7605cf378347f96bc8b678d3d7c0765269c8242cfe5b0789c571 37 | sha256sums = f85e9a68bf3bf446f8a6167f068371c06afffe11ca71935d8ee5487b38b2c9db 38 | sha256sums = ae6e533ecdfc1bd2dd80a9e25acb0260cbe9f00c4e4abee93d552b3660f263fc 39 | sha256sums = 64d517a8d011b5cfa6b2433d528498e80fa8d0748c91f1b73e6ded70e776dc35 40 | sha256sums = c5772fd0df22d807ed6b62edf4052db529aafb626b1bfe8961229fb864039a5c 41 | sha256sums = 0c96be00c25b0c8fbb46df0d6ba1a7b60f2c85b33cb9bcafaf220064fe8d4662 42 | 43 | pkgname = cronie-selinux 44 | -------------------------------------------------------------------------------- /cronie-selinux/80-cronie.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Operation = Upgrade 3 | Type = Package 4 | Target = glibc 5 | 6 | [Action] 7 | Description = Restarting cronie for libc upgrade... 8 | When = PostTransaction 9 | Exec = /usr/bin/systemctl try-restart cronie.service 10 | -------------------------------------------------------------------------------- /cronie-selinux/cron-deny: -------------------------------------------------------------------------------- 1 | # without this file, only users listed in /etc/cron.allow can use crontab 2 | -------------------------------------------------------------------------------- /cronie-selinux/cronie-1.7.2-fix-for-gcc15.patch: -------------------------------------------------------------------------------- 1 | From 09c630c654b2aeff06a90a412cce0a60ab4955a4 Mon Sep 17 00:00:00 2001 2 | From: Tomas Mraz 3 | Date: Mon, 18 Nov 2024 21:02:30 +0100 4 | Subject: [PATCH] load_entry(): Make error_func prototype complete 5 | 6 | Fixes #193 7 | --- 8 | src/entry.c | 2 +- 9 | src/funcs.h | 2 +- 10 | 2 files changed, 2 insertions(+), 2 deletions(-) 11 | 12 | diff --git a/src/entry.c b/src/entry.c 13 | index 586eb9d..a2077e8 100644 14 | --- a/src/entry.c 15 | +++ b/src/entry.c 16 | @@ -90,7 +90,7 @@ void free_entry(entry * e) { 17 | /* return NULL if eof or syntax error occurs; 18 | * otherwise return a pointer to a new entry. 19 | */ 20 | -entry *load_entry(FILE * file, void (*error_func) (), struct passwd *pw, 21 | +entry *load_entry(FILE * file, void (*error_func) (const char *), struct passwd *pw, 22 | char **envp) { 23 | /* this function reads one crontab entry -- the next -- from a file. 24 | * it skips any leading blank lines, ignores comments, and returns 25 | diff --git a/src/funcs.h b/src/funcs.h 26 | index 427e027..f28d634 100644 27 | --- a/src/funcs.h 28 | +++ b/src/funcs.h 29 | @@ -89,7 +89,7 @@ char *env_get(const char *, char **), 30 | user *load_user(int, struct passwd *, const char *, const char *, const char *), 31 | *find_user(cron_db *, const char *, const char *); 32 | 33 | -entry *load_entry(FILE *, void (*)(), struct passwd *, char **); 34 | +entry *load_entry(FILE *, void (*)(const char *), struct passwd *, char **); 35 | 36 | FILE *cron_popen(char *, const char *, struct passwd *, char **); 37 | 38 | -------------------------------------------------------------------------------- /cronie-selinux/crontab: -------------------------------------------------------------------------------- 1 | # /etc/crontab: configuration file for cron 2 | 3 | # See cron(8) and crontab(5) for details. 4 | 5 | # m h dom mon dow user command 6 | -------------------------------------------------------------------------------- /cronie-selinux/default-anacron: -------------------------------------------------------------------------------- 1 | # /etc/default/anacron 2 | # Set this to 'yes' to have anacron run while on battery 3 | # By default it is not run while on battery 4 | #ANACRON_RUN_ON_BATTERY_POWER=no 5 | -------------------------------------------------------------------------------- /dbus-broker-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = dbus-broker-selinux 2 | pkgdesc = Linux D-Bus Message Broker with SELinux support 3 | pkgver = 36 4 | pkgrel = 2 5 | url = https://github.com/bus1/dbus-broker/wiki 6 | arch = x86_64 7 | groups = selinux 8 | license = Apache-2.0 9 | makedepends = meson 10 | makedepends = python-docutils 11 | makedepends = systemd 12 | depends = audit 13 | depends = libcap-ng 14 | depends = expat 15 | depends = systemd-libs 16 | depends = libselinux 17 | source = https://github.com/bus1/dbus-broker/releases/download/v36/dbus-broker-36.tar.xz 18 | source = https://github.com/bus1/dbus-broker/releases/download/v36/dbus-broker-36.tar.xz.asc 19 | source = 0001-units-Enable-statically.patch 20 | validpgpkeys = BE5FBC8C9C1C9F60A4F0AEAE7A4F3A09EBDEFF26 21 | sha256sums = d333d99bd2688135b6d6961e7ad1360099d186078781c87102230910ea4e162b 22 | sha256sums = SKIP 23 | sha256sums = 20dcaf03d837d0715f71ccce3d393cba06a4b96f89f4fec3b6e35c1de0592d7d 24 | b2sums = 84a805982f038f0d9fe62b7f34de8ecbbdbd9b889edba05ab182f00116612545d2bf44d6ea0c6b5e121591a5ab3d2f0f6d5fa3dd413e8c36fe3494e35ac050f3 25 | b2sums = SKIP 26 | b2sums = 02e30f49224835af2d327d6c3eecad5509913ad69b75c6b04d00cb4a8a0c9b8e0c043055d43172a215a4e3729527a2f807115117a9b1d1dc27c5f43259a12e36 27 | 28 | pkgname = dbus-broker-selinux 29 | depends = audit 30 | depends = libcap-ng 31 | depends = expat 32 | depends = systemd-libs 33 | depends = libselinux 34 | depends = libaudit.so 35 | depends = libcap-ng.so 36 | depends = libexpat.so 37 | depends = libsystemd.so 38 | provides = dbus-broker 39 | conflicts = dbus-broker 40 | -------------------------------------------------------------------------------- /dbus-broker-selinux/0001-units-Enable-statically.patch: -------------------------------------------------------------------------------- 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 2 | From: "Jan Alexander Steffens (heftig)" 3 | Date: Fri, 8 Dec 2023 21:28:52 +0100 4 | Subject: [PATCH] units: Enable statically 5 | 6 | --- 7 | src/units/system/meson.build | 5 +++++ 8 | src/units/user/meson.build | 5 +++++ 9 | 2 files changed, 10 insertions(+) 10 | 11 | diff --git a/src/units/system/meson.build b/src/units/system/meson.build 12 | index a946b4673130..97f1d46fc5e2 100644 13 | --- a/src/units/system/meson.build 14 | +++ b/src/units/system/meson.build 15 | @@ -8,3 +8,8 @@ configure_file( 16 | configuration: conf, 17 | install_dir: conf.get('systemunitdir'), 18 | ) 19 | + 20 | +install_symlink('dbus.service', 21 | + pointing_to: 'dbus-broker.service', 22 | + install_dir: conf.get('systemunitdir'), 23 | +) 24 | diff --git a/src/units/user/meson.build b/src/units/user/meson.build 25 | index 876ff9817bae..b45aee31f205 100644 26 | --- a/src/units/user/meson.build 27 | +++ b/src/units/user/meson.build 28 | @@ -8,3 +8,8 @@ configure_file( 29 | configuration: conf, 30 | install_dir: conf.get('userunitdir'), 31 | ) 32 | + 33 | +install_symlink('dbus.service', 34 | + pointing_to: 'dbus-broker.service', 35 | + install_dir: conf.get('userunitdir'), 36 | +) 37 | -------------------------------------------------------------------------------- /dbus-broker-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Jan Alexander Steffens (heftig) 2 | # Contributor: David Herrmann 3 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 4 | # 5 | # This PKGBUILD does not build a variant for dbus-broker-units, as there is nothing specific to SELinux there 6 | 7 | pkgbase=dbus-broker-selinux 8 | pkgname=( 9 | dbus-broker-selinux 10 | ) 11 | pkgver=36 12 | pkgrel=2 13 | pkgdesc="Linux D-Bus Message Broker with SELinux support" 14 | url="https://github.com/bus1/dbus-broker/wiki" 15 | arch=(x86_64) 16 | license=("Apache-2.0") 17 | groups=(selinux) 18 | depends=( 19 | audit 20 | libcap-ng 21 | expat 22 | systemd-libs 23 | libselinux 24 | ) 25 | makedepends=( 26 | meson 27 | python-docutils 28 | systemd 29 | ) 30 | source=( 31 | https://github.com/bus1/dbus-broker/releases/download/v$pkgver/${pkgbase/-selinux}-$pkgver.tar.xz{,.asc} 32 | 0001-units-Enable-statically.patch 33 | ) 34 | b2sums=('84a805982f038f0d9fe62b7f34de8ecbbdbd9b889edba05ab182f00116612545d2bf44d6ea0c6b5e121591a5ab3d2f0f6d5fa3dd413e8c36fe3494e35ac050f3' 35 | 'SKIP' 36 | '02e30f49224835af2d327d6c3eecad5509913ad69b75c6b04d00cb4a8a0c9b8e0c043055d43172a215a4e3729527a2f807115117a9b1d1dc27c5f43259a12e36') 37 | validpgpkeys=( 38 | BE5FBC8C9C1C9F60A4F0AEAE7A4F3A09EBDEFF26 # David Herrmann 39 | ) 40 | 41 | # https://github.com/bus1/dbus-broker/releases 42 | sha256sums=('d333d99bd2688135b6d6961e7ad1360099d186078781c87102230910ea4e162b' 43 | 'SKIP' 44 | '20dcaf03d837d0715f71ccce3d393cba06a4b96f89f4fec3b6e35c1de0592d7d') 45 | 46 | prepare() { 47 | cd ${pkgbase/-selinux}-$pkgver 48 | patch -Np1 -i ../0001-units-Enable-statically.patch 49 | } 50 | 51 | build() { 52 | local meson_options=( 53 | -D audit=true 54 | -D docs=true 55 | -D linux-4-17=true 56 | -D system-console-users=gdm,sddm,lightdm,lxdm 57 | -D selinux=true 58 | ) 59 | 60 | arch-meson ${pkgbase/-selinux}-$pkgver build "${meson_options[@]}" 61 | meson compile -C build 62 | } 63 | 64 | check() { 65 | meson test -C build --print-errorlogs 66 | } 67 | 68 | _pick() { 69 | local p="$1" f d; shift 70 | for f; do 71 | d="$srcdir/$p/${f#$pkgdir/}" 72 | mkdir -p "$(dirname "$d")" 73 | mv "$f" "$d" 74 | rmdir -p --ignore-fail-on-non-empty "$(dirname "$f")" 75 | done 76 | } 77 | 78 | package_dbus-broker-selinux() { 79 | depends+=( 80 | libaudit.so 81 | libcap-ng.so 82 | libexpat.so 83 | libsystemd.so 84 | ) 85 | provides=("${pkgname/-selinux}") 86 | conflicts=("${pkgname/-selinux}") 87 | 88 | meson install -C build --destdir "$pkgdir" 89 | 90 | _pick unit "$pkgdir"/usr/lib/systemd/{system,user}/dbus.service 91 | } 92 | 93 | # vim:set sw=2 sts=-1 et: 94 | -------------------------------------------------------------------------------- /dbus-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = dbus-selinux 2 | pkgdesc = Freedesktop.org message bus system with SELinux support 3 | pkgver = 1.16.2 4 | pkgrel = 1 5 | url = https://www.freedesktop.org/wiki/Software/dbus/ 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = AFL-2.1 OR GPL-2.0-or-later 10 | makedepends = docbook-xsl 11 | makedepends = doxygen 12 | makedepends = git 13 | makedepends = glib2 14 | makedepends = mallard-ducktype 15 | makedepends = meson 16 | makedepends = python 17 | makedepends = qt5-tools 18 | makedepends = systemd-selinux 19 | makedepends = xmlto 20 | makedepends = yelp-tools 21 | depends = audit 22 | depends = expat 23 | depends = glibc 24 | depends = libcap-ng 25 | depends = libselinux 26 | depends = systemd-libs-selinux>=242.84-2 27 | source = git+https://gitlab.freedesktop.org/dbus/dbus.git?signed#tag=dbus-1.16.2 28 | source = 0001-Arch-Linux-tweaks.patch 29 | source = dbus-reload.hook 30 | validpgpkeys = DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90 31 | b2sums = 669cd4203fbac908db3a20c5b51355d9e84b68c9cc94f8de52e35544a636c6d5d1df8ee2bbdfd6dead53a6bd9865db547aa4af0e913bac697b138c698840d3ce 32 | b2sums = 3896c994aa7afde605aebb88b7123f33c578ad1ede2dc3e76982dbc021d6994874c5c735d31a66c7b3e9d3cba77ebbba7db05013716bbac14948618b1464e4a8 33 | b2sums = 05ab81bf72e7cf45ad943f5b84eaecef4f06bed94979c579a3e23134cbabd7ea6f65fa9ac252f8b43ceb4a3295e0d2325f06560a044fe7ddf125fc30dfc2b7e2 34 | 35 | pkgname = dbus-selinux 36 | depends = audit 37 | depends = expat 38 | depends = glibc 39 | depends = libcap-ng 40 | depends = libselinux 41 | depends = systemd-libs-selinux>=242.84-2 42 | depends = libaudit.so 43 | depends = libcap-ng.so 44 | depends = libexpat.so 45 | depends = libsystemd.so 46 | provides = libdbus 47 | provides = libdbus-1.so 48 | provides = libdbus-selinux 49 | provides = dbus=1.16.2-1 50 | provides = selinux-dbus=1.16.2-1 51 | conflicts = libdbus 52 | conflicts = libdbus-selinux 53 | conflicts = dbus 54 | conflicts = selinux-dbus 55 | replaces = libdbus 56 | replaces = libdbus-selinux 57 | 58 | pkgname = dbus-docs-selinux 59 | pkgdesc = Freedesktop.org message bus system with SELinux support - Documentation 60 | depends = 61 | conflicts = dbus-docs 62 | -------------------------------------------------------------------------------- /dbus-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | /dbus/ 2 | -------------------------------------------------------------------------------- /dbus-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [dbus] 2 | source = "git" 3 | git = "https://gitlab.freedesktop.org/dbus/dbus.git" 4 | include_regex = 'dbus-\d+\.\d*[02468]\.\d+' 5 | prefix = "dbus-" 6 | -------------------------------------------------------------------------------- /dbus-selinux/0001-Arch-Linux-tweaks.patch: -------------------------------------------------------------------------------- 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 2 | From: "Jan Alexander Steffens (heftig)" 3 | Date: Tue, 17 Dec 2024 09:09:09 +0100 4 | Subject: [PATCH] Arch Linux tweaks 5 | 6 | - Remove legacy config 7 | - Don't package runstatedir 8 | - Use our preassigned message bus UID (81) 9 | --- 10 | bus/meson.build | 2 -- 11 | bus/sysusers.d/dbus.conf.in | 2 +- 12 | 2 files changed, 1 insertion(+), 3 deletions(-) 13 | 14 | diff --git a/bus/meson.build b/bus/meson.build 15 | index 176894d62c2e..0fffe8c18dbf 100644 16 | --- a/bus/meson.build 17 | +++ b/bus/meson.build 18 | @@ -84,7 +84,6 @@ if use_systemd 19 | endif 20 | endif 21 | 22 | -subdir('legacy-config') 23 | 24 | 25 | libdbus_daemon_internal_sources = [ 26 | @@ -190,7 +189,6 @@ install_emptydirs += [ 27 | 28 | if platform_unix 29 | install_emptydirs += [ 30 | - runstatedir / 'dbus', 31 | get_option('datadir') / 'dbus-1' / 'system.d', 32 | get_option('datadir') / 'dbus-1' / 'system-services', 33 | ] 34 | diff --git a/bus/sysusers.d/dbus.conf.in b/bus/sysusers.d/dbus.conf.in 35 | index fb35702ddfb7..f01000b83158 100644 36 | --- a/bus/sysusers.d/dbus.conf.in 37 | +++ b/bus/sysusers.d/dbus.conf.in 38 | @@ -2,4 +2,4 @@ 39 | # at boot on systemd-based systems that ship with an unpopulated 40 | # /etc. See sysusers.d(5) for details. 41 | 42 | -u @DBUS_USER@ - "System Message Bus" 43 | +u @DBUS_USER@ 81 "System Message Bus" 44 | -------------------------------------------------------------------------------- /dbus-selinux/dbus-reload.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Operation = Remove 6 | Target = etc/dbus-1/system.d/*.conf 7 | Target = usr/share/dbus-1/system.d/*.conf 8 | Target = usr/share/dbus-1/system-services/*.service 9 | 10 | [Action] 11 | Description = Reloading system bus configuration... 12 | When = PostTransaction 13 | Exec = /usr/share/libalpm/scripts/systemd-hook reload dbus 14 | -------------------------------------------------------------------------------- /export_pgp_keys_in_cache.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Export all the PGP keys used by packages in a cache directory 3 | 4 | cd "$(dirname -- "$0")" || exit $? 5 | 6 | mkdir -p _pgp_cache || exit $? 7 | 8 | for DIR in $(find . -maxdepth 2 -name PKGBUILD -printf '%h\n' | sort) 9 | do 10 | validpgpkeys=() 11 | if ! source "$DIR/PKGBUILD" ; then 12 | echo >&2 "Failed to source $DIR/PKGBUILD" 13 | exit 1 14 | fi 15 | PKG="${DIR#./}" 16 | for GPGKEY in "${validpgpkeys[@]}" ; do 17 | echo "$PKG: exporting key $GPGKEY" 18 | rm -f "_pgp_cache/$GPGKEY.asc" 19 | gpg --export --armor --output "_pgp_cache/$GPGKEY.asc" "$GPGKEY" 20 | done 21 | done 22 | -------------------------------------------------------------------------------- /findutils-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = findutils-selinux 2 | pkgdesc = GNU utilities to locate files with SELinux support 3 | pkgver = 4.10.0 4 | pkgrel = 2 5 | url = https://www.gnu.org/software/findutils/ 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = GPL-3.0-or-later 10 | makedepends = git 11 | makedepends = wget 12 | makedepends = python 13 | depends = glibc 14 | depends = sh 15 | depends = libselinux 16 | provides = findutils=4.10.0-2 17 | provides = selinux-findutils=4.10.0-2 18 | conflicts = findutils 19 | conflicts = selinux-findutils 20 | source = git+https://git.savannah.gnu.org/git/findutils.git?signed#tag=v4.10.0 21 | validpgpkeys = A5189DB69C1164D33002936646502EF796917195 22 | b2sums = a6d99d922df4c6895d9956a6902518c5f911e6ad1fdcbfc99bb083ce0a725fa4e87bb83a1a2d16e6d900755da9e9094b20f56f971c8e6a6008572cd417fe3e95 23 | 24 | pkgname = findutils-selinux 25 | -------------------------------------------------------------------------------- /findutils-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | /findutils/ 2 | -------------------------------------------------------------------------------- /findutils-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [findutils] 2 | source = "git" 3 | git = "https://git.savannah.gnu.org/git/findutils.git" 4 | prefix = "v" 5 | -------------------------------------------------------------------------------- /findutils-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Tobias Powalowski 2 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 3 | # SELinux Contributor: Timothée Ravier 4 | # SELinux Contributor: Nicky726 5 | # 6 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 7 | # If you want to help keep it up to date, please open a Pull Request there. 8 | 9 | pkgname=findutils-selinux 10 | pkgver=4.10.0 11 | pkgrel=2 12 | pkgdesc="GNU utilities to locate files with SELinux support" 13 | arch=('x86_64' 'aarch64') 14 | license=('GPL-3.0-or-later') 15 | groups=('selinux') 16 | depends=('glibc' 'sh' 'libselinux') 17 | makedepends=('git' 'wget' 'python') 18 | conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}") 19 | provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" 20 | "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") 21 | url='https://www.gnu.org/software/findutils/' 22 | source=("git+https://git.savannah.gnu.org/git/findutils.git?signed#tag=v${pkgver}") 23 | b2sums=('a6d99d922df4c6895d9956a6902518c5f911e6ad1fdcbfc99bb083ce0a725fa4e87bb83a1a2d16e6d900755da9e9094b20f56f971c8e6a6008572cd417fe3e95') 24 | validpgpkeys=('A5189DB69C1164D33002936646502EF796917195') # Bernhard Voelker 25 | 26 | prepare() { 27 | cd "${pkgname/-selinux}" 28 | ./bootstrap 29 | } 30 | 31 | build() { 32 | cd "${pkgname/-selinux}" 33 | 34 | # Don't build or install locate because we use mlocate, 35 | # which is a secure version of locate. 36 | sed -e '/^SUBDIRS/s/locate//' -e 's/frcode locate updatedb//' -i Makefile.in 37 | 38 | ./configure --prefix=/usr 39 | # don't build locate, but the docs want a file in there. 40 | make -C locate dblocation.texi 41 | make 42 | } 43 | 44 | check() { 45 | cd "${pkgname/-selinux}" 46 | make check 47 | } 48 | 49 | package() { 50 | cd "${pkgname/-selinux}" 51 | make DESTDIR="${pkgdir}" install 52 | } 53 | -------------------------------------------------------------------------------- /findutils-selinux/keys/pgp/A5189DB69C1164D33002936646502EF796917195.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQENBFPirzMBCACyzYldTjQ4ufFOkByY5Nn5USb5GFoL48nWBwNHjd9KUbtRRNlQ 4 | iPNKd6hKGvd3BGi5aoFKA4ytfRk6jbAbW3jVb3R8wYaV08mOy4KVEKxqN4bxsXlM 5 | jNChXVR+rtKDmfI+oPTL+cPH2X6gW4W02IRbVw0uUhNm6zEedC/gNrY/mTlf1enZ 6 | 46jxZ7BTUZaG+kx38UMISIMBzSzLRtdkwgmHj4jS3p1fF2cwRqLclIfMjKGpbNFP 7 | EXeXKWrCLcqHw78795eAR9q0YvrDkfInGdDBwfb3VM4NdulwIFzvYZMSXvSbbyPL 8 | B5YkHU5aAWQHUse4WlfT5ccDpbzUYldRAvF9ABEBAAG0K0Jlcm5oYXJkIFZvZWxr 9 | ZXIgPG1haWxAYmVybmhhcmQtdm9lbGtlci5kZT6JATkEEwECACMFAlPirzMCGwMH 10 | CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBGUC73lpFxle5wCACCdbs0QaJ0 11 | vR3Sff2cKdTk41rUq3YfWngsR///IOU0C5DdkePmCnJE/lUsUy0LRTxcUDLxQR+x 12 | QHU8ssRT0JUO9726dI3miy36UdsgmBYaOtLvQcidGmW1R7o0PYYf04+TFtyqKgng 13 | OUBPpMgR6o4UsQxy/OD4bN1WDqOgIjL+D/qJpkKmgp6L6+hhaBCpiOFKRmmV7YyQ 14 | 3SqVlfQNiHs5ZtkRnXpIjgZARV+GllKucI17bO0CGmTJZ1tstVy0+W3DQT1lbBkT 15 | Tc++5LONM99D3jjn23l1ocOpfolR53F7I4cb2RNfT23v1I59RH37lB9wMOqrKj0U 16 | jYAC2YoPGQ3BuQENBFPirzMBCADXLWWpQihBldY6reca8ZKdc3T9qXEOa3akE3DW 17 | KztIBmNJhtYOjmpLYajQTkGa7UoJTnbmZE2Rn6ZEoNnvb0gcFNAIcY95KOI+bjOR 18 | 8HEgh4cx2REXh6L6olIgyXqt/KFusE4wtVZAFxZl+30HzN6nD+1HvrjXxPJRX6Ms 19 | IYOYyyX9/6OofwJK6QHODYGp8WL2olHDnmsXg4AT6Wlr7qKpKrQELlcFR4xkvdmg 20 | L/Ghw/tK0yJTxMIcewCCZWLPOXRmFRbvAadZWPAgVsJ63siNyUlVnVMSzDgTJl+s 21 | l/DMabXpqrJQx3/1Yy6mTaDs3XZT/wmBKaTLXx/LByaPxQQ7ABEBAAGJAR8EGAEC 22 | AAkFAlPirzMCGwwACgkQRlAu95aRcZWVPwgAqZT6iTXkoP37wYb41323RzhBcJ8J 23 | Sk4cyBDBUXX0lMrM3qhiClKG7phpxVdu817Gwc6Hsecg7FfjQAV8MHQ0ZFeEFdk3 24 | b2rKBqfsStc+h49/xF3Fb+ifCzR9qeQF82fMSxkg18++7hMcHCMO/hPZ/Q0xRi+l 25 | rSr2QKDJQuLzSyVU14TxrCkevZjEhtmaVNvcJlJzCbiBXee9Fpc5jITUXPFG8E8d 26 | xqo1n+duOyIMgozrAnzP7X5V/Ob/Ozf/aGGX9+JdinyfCX18nWcHALKMU/36Eua/ 27 | ylalf/2c2YkBp9KCLVmGgPkUgW52EeRPgroIsiwu+rwCSV6ZUyCJ+OymCg== 28 | =d/K6 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | -------------------------------------------------------------------------------- /iproute2-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = iproute2-selinux 2 | pkgdesc = IP Routing Utilities with SELinux support 3 | pkgver = 6.14.0 4 | pkgrel = 1 5 | url = https://git.kernel.org/pub/scm/network/iproute2/iproute2.git 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = GPL-2.0-or-later 10 | makedepends = db5.3 11 | makedepends = linux-atm 12 | makedepends = iptables 13 | depends = glibc 14 | depends = libxtables.so 15 | depends = libcap 16 | depends = libcap.so 17 | depends = libelf 18 | depends = libbpf 19 | depends = libbpf.so 20 | depends = libselinux 21 | optdepends = db5.3: userspace arp daemon 22 | optdepends = linux-atm: ATM support 23 | optdepends = python: for routel 24 | provides = iproute 25 | provides = iproute2=6.14.0-1 26 | conflicts = iproute2 27 | options = !emptydirs 28 | source = https://www.kernel.org/pub/linux/utils/net/iproute2/iproute2-6.14.0.tar.xz 29 | source = https://www.kernel.org/pub/linux/utils/net/iproute2/iproute2-6.14.0.tar.sign 30 | source = 0001-make-iproute2-fhs-compliant.patch 31 | source = 0002-bdb-5-3.patch 32 | validpgpkeys = 9F6FC345B05BE7E766B83C8F80A77F6095CDE47E 33 | sha256sums = a6d23588150096591c3d00fc27a324a82ee71d7a1a9eea78df5df17ad9b8461f 34 | sha256sums = SKIP 35 | sha256sums = 758b82bd61ed7512d215efafd5fab5ae7a28fbfa6161b85e2ce7373285e56a5d 36 | sha256sums = 611c1ad7946aab226a5f4059922d9430f51b3377e33911427f8fdf7f7d31f7d6 37 | 38 | pkgname = iproute2-selinux 39 | -------------------------------------------------------------------------------- /iproute2-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [iproute2] 2 | source = "git" 3 | git = "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git" 4 | prefix = "v" 5 | -------------------------------------------------------------------------------- /iproute2-selinux/0001-make-iproute2-fhs-compliant.patch: -------------------------------------------------------------------------------- 1 | From d8d8dd628302f5bde4f55f11137690bf40abaa88 Mon Sep 17 00:00:00 2001 2 | From: Christian Hesse 3 | Date: Thu, 28 Jul 2016 08:49:20 +0200 4 | Subject: [PATCH 1/1] make iproute2 fhs compliant 5 | 6 | --- 7 | Makefile | 2 +- 8 | netem/Makefile | 4 ++-- 9 | tc/q_netem.c | 2 +- 10 | tc/tc_util.c | 15 +++++++++++++++ 11 | tc/tc_util.h | 1 + 12 | 5 files changed, 20 insertions(+), 4 deletions(-) 13 | 14 | diff --git a/Makefile b/Makefile 15 | index f6214534..f80f46c9 100644 16 | --- a/Makefile 17 | +++ b/Makefile 18 | @@ -32,7 +32,7 @@ DBM_INCLUDE:=$(DESTDIR)/usr/include 19 | 20 | SHARED_LIBS = y 21 | 22 | -DEFINES= -DRESOLVE_HOSTNAMES -DLIBDIR=\"$(LIBDIR)\" 23 | +DEFINES= -DRESOLVE_HOSTNAMES -DLIBDIR=\"$(LIBDIR)\" -DDATADIR=\"$(DATADIR)\" 24 | ifneq ($(SHARED_LIBS),y) 25 | DEFINES+= -DNO_SHARED_LIBS 26 | endif 27 | diff --git a/netem/Makefile b/netem/Makefile 28 | index ba4c5a76..cb197afa 100644 29 | --- a/netem/Makefile 30 | +++ b/netem/Makefile 31 | @@ -23,9 +23,9 @@ stats: stats.c 32 | $(HOSTCC) $(CCOPTS) -I../include -o $@ $@.c -lm 33 | 34 | install: all 35 | - mkdir -p $(DESTDIR)$(LIBDIR)/tc 36 | + mkdir -p $(DESTDIR)$(DATADIR)/tc 37 | for i in $(DISTDATA); \ 38 | - do install -m 644 $$i $(DESTDIR)$(LIBDIR)/tc; \ 39 | + do install -m 644 $$i $(DESTDIR)$(DATADIR)/tc; \ 40 | done 41 | 42 | clean: 43 | diff --git a/tc/q_netem.c b/tc/q_netem.c 44 | index f45a64b9..83fa952d 100644 45 | --- a/tc/q_netem.c 46 | +++ b/tc/q_netem.c 47 | @@ -128,7 +128,7 @@ static int get_distribution(const char *type, __s16 *data, int maxdata) 48 | char *line = NULL; 49 | char name[128]; 50 | 51 | - snprintf(name, sizeof(name), "%s/%s.dist", get_tc_lib(), type); 52 | + snprintf(name, sizeof(name), "%s/%s.dist", get_tc_datadir(), type); 53 | f = fopen(name, "r"); 54 | if (f == NULL) { 55 | fprintf(stderr, "No distribution data for %s (%s: %s)\n", 56 | diff --git a/tc/tc_util.c b/tc/tc_util.c 57 | index ba34aed7..0adbb9ba 100644 58 | --- a/tc/tc_util.c 59 | +++ b/tc/tc_util.c 60 | @@ -31,6 +31,10 @@ 61 | #define LIBDIR "/usr/lib" 62 | #endif 63 | 64 | +#ifndef DATADIR 65 | +#define DATADIR "/usr/share" 66 | +#endif 67 | + 68 | static struct db_names *cls_names; 69 | 70 | #define NAMES_DB "/etc/iproute2/tc_cls" 71 | @@ -72,6 +76,17 @@ const char *get_tc_lib(void) 72 | return lib_dir; 73 | } 74 | 75 | +const char *get_tc_datadir(void) 76 | +{ 77 | + const char *data_dir; 78 | + 79 | + data_dir = getenv("TC_DATA_DIR"); 80 | + if (!data_dir) 81 | + data_dir = DATADIR "/tc/"; 82 | + 83 | + return data_dir; 84 | +} 85 | + 86 | int get_qdisc_handle(__u32 *h, const char *str) 87 | { 88 | __u32 maj; 89 | diff --git a/tc/tc_util.h b/tc/tc_util.h 90 | index b197bcdd..e812b895 100644 91 | --- a/tc/tc_util.h 92 | +++ b/tc/tc_util.h 93 | @@ -71,6 +71,7 @@ struct exec_util { 94 | }; 95 | 96 | const char *get_tc_lib(void); 97 | +const char *get_tc_datadir(void); 98 | 99 | struct qdisc_util *get_qdisc_kind(const char *str); 100 | struct filter_util *get_filter_kind(const char *str); 101 | -- 102 | 2.35.1 103 | 104 | -------------------------------------------------------------------------------- /iproute2-selinux/0002-bdb-5-3.patch: -------------------------------------------------------------------------------- 1 | --- a/configure 2022-12-13 01:08:01.607329918 +0100 2 | +++ b/configure 2022-12-13 01:08:58.083857594 +0100 3 | @@ -433,7 +433,7 @@ 4 | return 0; 5 | } 6 | EOF 7 | - if $CC -I$INCLUDE -o $TMPDIR/dbtest $TMPDIR/dbtest.c -ldb >/dev/null 2>&1; then 8 | + if $CC -I$INCLUDE -I/usr/include/db5.3 -o $TMPDIR/dbtest $TMPDIR/dbtest.c -ldb-5.3 >/dev/null 2>&1; then 9 | echo "HAVE_BERKELEY_DB:=y" >>$CONFIG 10 | echo "yes" 11 | else 12 | --- a/misc/Makefile 2022-12-13 12:21:04.709608051 +0100 13 | +++ b/misc/Makefile 2022-12-13 12:21:19.966264418 +0100 14 | @@ -25,7 +25,7 @@ 15 | $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o rtacct rtacct.c $(LDLIBS) -lm 16 | 17 | arpd: arpd.c 18 | - $(QUIET_CC)$(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(CPPFLAGS) $(LDFLAGS) -o arpd arpd.c $(LDLIBS) -ldb 19 | + $(QUIET_CC)$(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(CPPFLAGS) $(LDFLAGS) -o arpd arpd.c $(LDLIBS) -ldb-5.3 20 | 21 | ssfilter.tab.c: ssfilter.y 22 | $(QUIET_YACC)$(YACC) -b ssfilter ssfilter.y 23 | -------------------------------------------------------------------------------- /iproute2-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Christian Hesse 2 | # Maintainer: Ronald van Haren 3 | # Contributor: Judd Vinet 4 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 5 | # 6 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 7 | # If you want to help keep it up to date, please open a Pull Request there. 8 | 9 | pkgname=iproute2-selinux 10 | pkgver=6.14.0 11 | pkgrel=1 12 | pkgdesc='IP Routing Utilities with SELinux support' 13 | arch=('x86_64' 'aarch64') 14 | license=('GPL-2.0-or-later') 15 | groups=('selinux') 16 | url='https://git.kernel.org/pub/scm/network/iproute2/iproute2.git' 17 | depends=('glibc' 18 | 'libxtables.so' # from iptables or iptables-nft 19 | 'libcap' 'libcap.so' 20 | 'libelf' 21 | 'libbpf' 'libbpf.so' 22 | 'libselinux') 23 | makedepends=('db5.3' 'linux-atm' 'iptables') 24 | optdepends=('db5.3: userspace arp daemon' 25 | 'linux-atm: ATM support' 26 | 'python: for routel') 27 | provides=('iproute' "${pkgname/-selinux}=${pkgver}-${pkgrel}") 28 | conflicts=("${pkgname/-selinux}") 29 | options=('!emptydirs') 30 | validpgpkeys=('9F6FC345B05BE7E766B83C8F80A77F6095CDE47E') # Stephen Hemminger 31 | source=("https://www.kernel.org/pub/linux/utils/net/${pkgname/-selinux}/${pkgname/-selinux}-${pkgver}.tar."{xz,sign} 32 | '0001-make-iproute2-fhs-compliant.patch' 33 | '0002-bdb-5-3.patch') 34 | sha256sums=('a6d23588150096591c3d00fc27a324a82ee71d7a1a9eea78df5df17ad9b8461f' 35 | 'SKIP' 36 | '758b82bd61ed7512d215efafd5fab5ae7a28fbfa6161b85e2ce7373285e56a5d' 37 | '611c1ad7946aab226a5f4059922d9430f51b3377e33911427f8fdf7f7d31f7d6') 38 | 39 | prepare() { 40 | cd "${srcdir}/${pkgname/-selinux}-${pkgver}" 41 | 42 | # set correct fhs structure 43 | patch -Np1 -i "${srcdir}"/0001-make-iproute2-fhs-compliant.patch 44 | 45 | # use Berkeley DB 5.3 46 | patch -Np1 -i "${srcdir}"/0002-bdb-5-3.patch 47 | } 48 | 49 | build() { 50 | cd "${srcdir}/${pkgname/-selinux}-${pkgver}" 51 | 52 | # ./configure auto-detects SELinux as a build dependency for "ss": 53 | # https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/configure?h=v5.14.0#n373 54 | ./configure 55 | make DBM_INCLUDE='/usr/include/db5.3' 56 | } 57 | 58 | package() { 59 | cd "${srcdir}/${pkgname/-selinux}-${pkgver}" 60 | 61 | make DESTDIR="${pkgdir}" SBINDIR="/usr/bin" install 62 | } 63 | -------------------------------------------------------------------------------- /libselinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = libselinux 2 | pkgdesc = SELinux library and simple utilities 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux 6 | arch = i686 7 | arch = x86_64 8 | arch = armv6h 9 | arch = aarch64 10 | groups = selinux 11 | license = custom 12 | makedepends = pkgconf 13 | makedepends = python 14 | makedepends = python-pip 15 | makedepends = python-setuptools 16 | makedepends = ruby 17 | makedepends = xz 18 | makedepends = swig 19 | depends = libsepol>=3.8 20 | depends = pcre2 21 | optdepends = python: python bindings 22 | optdepends = ruby: ruby bindings 23 | provides = selinux-usr-libselinux=3.8-1 24 | conflicts = selinux-usr-libselinux 25 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/libselinux-3.8.tar.gz 26 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/libselinux-3.8.tar.gz.asc 27 | source = libselinux.tmpfiles.d 28 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 29 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 30 | sha256sums = 0c3756bca047c9270281d7c4dcdecd000b72e38a183c930661eba9690839b541 31 | sha256sums = SKIP 32 | sha256sums = afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc 33 | 34 | pkgname = libselinux 35 | provides = selinux-usr-libselinux=3.8-1 36 | provides = libselinux.so 37 | -------------------------------------------------------------------------------- /libselinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Timothée Ravier 3 | # Contributor: Nicky726 (Nicky726 gmail com) 4 | # Contributor: Sergej Pupykin (pupykin s+arch gmail com) 5 | # Contributor: Zezadas 6 | # 7 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 8 | # If you want to help keep it up to date, please open a Pull Request there. 9 | 10 | pkgname=libselinux 11 | pkgver=3.8 12 | pkgrel=1 13 | pkgdesc="SELinux library and simple utilities" 14 | arch=('i686' 'x86_64' 'armv6h' 'aarch64') 15 | url='https://github.com/SELinuxProject/selinux' 16 | license=('custom') 17 | groups=('selinux') 18 | makedepends=('pkgconf' 'python' 'python-pip' 'python-setuptools' 'ruby' 'xz' 'swig') 19 | depends=('libsepol>=3.8' 'pcre2') 20 | optdepends=('python: python bindings' 21 | 'ruby: ruby bindings') 22 | conflicts=("selinux-usr-${pkgname}") 23 | provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") 24 | validpgpkeys=( 25 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 26 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 27 | ) 28 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc} 29 | "libselinux.tmpfiles.d") 30 | sha256sums=('0c3756bca047c9270281d7c4dcdecd000b72e38a183c930661eba9690839b541' 31 | 'SKIP' 32 | 'afe23890fb2e12e6756e5d81bad3c3da33f38a95d072731c0422fbeb0b1fa1fc') 33 | 34 | build() { 35 | cd "${pkgname}-${pkgver}" 36 | 37 | # Do not build deprecated rpm_execcon() interface. It is useless on Arch Linux anyway. 38 | export DISABLE_RPM=y 39 | 40 | # Use pcre2 explicitely even though it is the default since 41 | # https://github.com/SELinuxProject/selinux/commit/e0da140d82c0ebebf1060ce87d0f11276c7fc59a 42 | export USE_PCRE2=y 43 | 44 | export CFLAGS="${CFLAGS} -fno-semantic-interposition" 45 | make swigify 46 | make all 47 | make PYTHON=/usr/bin/python3 pywrap 48 | make RUBY=/usr/bin/ruby rubywrap 49 | } 50 | 51 | package() { 52 | provides+=( 53 | libselinux.so 54 | ) 55 | 56 | cd "${pkgname}-${pkgver}" 57 | 58 | export DISABLE_RPM=y 59 | 60 | make DESTDIR="${pkgdir}" SBINDIR=/usr/bin SHLIBDIR=/usr/lib install 61 | make DESTDIR="${pkgdir}" PYTHON=/usr/bin/python3 SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-pywrap 62 | make DESTDIR="${pkgdir}" RUBY=/usr/bin/ruby SBINDIR=/usr/bin SHLIBDIR=/usr/lib install-rubywrap 63 | /usr/bin/python3 -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')" 64 | 65 | install -Dm 0644 "${srcdir}"/libselinux.tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/libselinux.conf 66 | 67 | install -Dm 0644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" 68 | } 69 | -------------------------------------------------------------------------------- /libselinux/libselinux.tmpfiles.d: -------------------------------------------------------------------------------- 1 | d /run/setrans 0755 root root 2 | -------------------------------------------------------------------------------- /libsemanage/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = libsemanage 2 | pkgdesc = SELinux binary policy manipulation library 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux 6 | install = libsemanage.install 7 | arch = i686 8 | arch = x86_64 9 | arch = aarch64 10 | groups = selinux 11 | license = LGPL2.1 12 | makedepends = flex 13 | makedepends = pkgconf 14 | makedepends = python 15 | makedepends = ruby 16 | makedepends = swig 17 | depends = libselinux>=3.8 18 | depends = audit 19 | optdepends = python: python bindings 20 | optdepends = ruby: ruby bindings 21 | provides = selinux-usr-libsemanage=3.8-1 22 | conflicts = selinux-usr-libsemanage 23 | options = !emptydirs 24 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/libsemanage-3.8.tar.gz 25 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/libsemanage-3.8.tar.gz.asc 26 | source = semanage.conf 27 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 28 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 29 | sha256sums = aac95988a572cc897a1ac1be77d360be1171fc0b2d7c66195a745601baf25bef 30 | sha256sums = SKIP 31 | sha256sums = 5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0 32 | 33 | pkgname = libsemanage 34 | provides = selinux-usr-libsemanage=3.8-1 35 | provides = libsemanage.so 36 | -------------------------------------------------------------------------------- /libsemanage/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Timothée Ravier 3 | # Contributor: Nicky726 (Nicky726 gmail com) 4 | # Contributor: Sergej Pupykin (pupykin s+arch gmail com) 5 | # 6 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 7 | # If you want to help keep it up to date, please open a Pull Request there. 8 | 9 | pkgname=libsemanage 10 | pkgver=3.8 11 | pkgrel=1 12 | pkgdesc="SELinux binary policy manipulation library" 13 | arch=('i686' 'x86_64' 'aarch64') 14 | url='https://github.com/SELinuxProject/selinux' 15 | license=('LGPL2.1') 16 | groups=('selinux') 17 | makedepends=('flex' 'pkgconf' 'python' 'ruby' 'swig') 18 | depends=('libselinux>=3.8' 'audit') 19 | optdepends=('python: python bindings' 20 | 'ruby: ruby bindings') 21 | options=(!emptydirs) # For /var/lib/selinux 22 | install=libsemanage.install 23 | conflicts=("selinux-usr-${pkgname}") 24 | provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") 25 | validpgpkeys=( 26 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 27 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 28 | ) 29 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc} 30 | "semanage.conf") 31 | sha256sums=('aac95988a572cc897a1ac1be77d360be1171fc0b2d7c66195a745601baf25bef' 32 | 'SKIP' 33 | '5b0e6929428e095b561701ccdfa9c8b0c3d70dad3fc46e667eb46a85b246a4a0') 34 | 35 | build() { 36 | cd "${pkgname}-${pkgver}" 37 | 38 | export CFLAGS="${CFLAGS} -fno-semantic-interposition" 39 | make swigify 40 | make all 41 | make PYTHON=/usr/bin/python3 pywrap 42 | make RUBY=/usr/bin/ruby rubywrap 43 | } 44 | 45 | package() { 46 | provides+=( 47 | libsemanage.so 48 | ) 49 | 50 | cd "${pkgname}-${pkgver}" 51 | make DESTDIR="${pkgdir}" LIBEXECDIR=/usr/lib SHLIBDIR=/usr/lib install 52 | make DESTDIR="${pkgdir}" PYTHON=/usr/bin/python3 LIBEXECDIR=/usr/lib SHLIBDIR=/usr/lib install-pywrap 53 | make DESTDIR="${pkgdir}" RUBY=/usr/bin/ruby LIBEXECDIR=/usr/lib SHLIBDIR=/usr/lib install-rubywrap 54 | /usr/bin/python3 -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'from distutils.sysconfig import *; print(get_python_lib(plat_specific=1))')" 55 | 56 | install -D -m0644 "${srcdir}/semanage.conf" "${pkgdir}/etc/selinux/semanage.conf" 57 | 58 | # Create /var/lib/selinux for the policy store 59 | mkdir -p "${pkgdir}/var/lib/selinux" 60 | } 61 | -------------------------------------------------------------------------------- /libsemanage/libsemanage.install: -------------------------------------------------------------------------------- 1 | post_upgrade() { 2 | if [ "$(vercmp 2.4 "$2")" -eq 1 ]; then 3 | echo "The policy storage location changed in SELinux Userspace Project 2.4 from /etc/selinux to /var/lib/selinux." 4 | echo "Run /usr/lib/selinux/semanage_migrate_store to migrate your policy files to the new location." 5 | fi 6 | } 7 | -------------------------------------------------------------------------------- /libsemanage/semanage.conf: -------------------------------------------------------------------------------- 1 | # Authors: Jason Tang 2 | # 3 | # Copyright (C) 2004-2005 Tresys Technology, LLC 4 | # 5 | # This library is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU Lesser General Public 7 | # License as published by the Free Software Foundation; either 8 | # version 2.1 of the License, or (at your option) any later version. 9 | # 10 | # This library is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # Lesser General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU Lesser General Public 16 | # License along with this library; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 | # 19 | # Specify how libsemanage will interact with a SELinux policy manager. 20 | # The four options are: 21 | # 22 | # "source" - libsemanage manipulates a source SELinux policy 23 | # "direct" - libsemanage will write directly to a module store. 24 | # /foo/bar - Write by way of a policy management server, whose 25 | # named socket is at /foo/bar. The path must begin 26 | # with a '/'. 27 | # foo.com:4242 - Establish a TCP connection to a remote policy 28 | # management server at foo.com. If there is a colon 29 | # then the remainder is interpreted as a port number; 30 | # otherwise default to port 4242. 31 | module-store = direct 32 | 33 | # When generating the final linked and expanded policy, by default 34 | # semanage will set the policy version to POLICYDB_VERSION_MAX, as 35 | # given in . Change this setting if a different 36 | # version is necessary. 37 | #policy-version = 19 38 | 39 | # By default, semanage will generate policies for the SELinux target. 40 | # To build policies for Xen, uncomment the following line. 41 | #target-platform = xen 42 | 43 | # Arch Linux path to policy compilers 44 | compiler-directory = /usr/lib/selinux/hll 45 | -------------------------------------------------------------------------------- /libsepol/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = libsepol 2 | pkgdesc = SELinux binary policy manipulation library 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux 6 | arch = i686 7 | arch = x86_64 8 | arch = armv6h 9 | arch = aarch64 10 | groups = selinux 11 | license = LGPL2.1 12 | makedepends = flex 13 | depends = glibc 14 | provides = selinux-usr-libsepol=3.8-1 15 | conflicts = selinux-usr-libsepol 16 | options = staticlibs 17 | options = !lto 18 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/libsepol-3.8.tar.gz 19 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/libsepol-3.8.tar.gz.asc 20 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 21 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 22 | sha256sums = 844fbdbf02334b9ce03833ad8a671053f67b4076d72db4f03e0ee2665ec2eb55 23 | sha256sums = SKIP 24 | 25 | pkgname = libsepol 26 | provides = selinux-usr-libsepol=3.8-1 27 | provides = libsepol.so 28 | -------------------------------------------------------------------------------- /libsepol/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Timothée Ravier 3 | # Contributor: Nicky726 (Nicky726 gmail com) 4 | # Contributor: Sergej Pupykin (pupykin s+arch gmail com) 5 | # 6 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 7 | # If you want to help keep it up to date, please open a Pull Request there. 8 | 9 | pkgname=libsepol 10 | pkgver=3.8 11 | pkgrel=1 12 | pkgdesc="SELinux binary policy manipulation library" 13 | arch=('i686' 'x86_64' 'armv6h' 'aarch64') 14 | url='https://github.com/SELinuxProject/selinux' 15 | license=('LGPL2.1') 16 | groups=('selinux') 17 | makedepends=('flex') 18 | depends=('glibc') 19 | # Disable LTO as it is incompatible with the static library 20 | options=(staticlibs '!lto') 21 | conflicts=("selinux-usr-${pkgname}") 22 | provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") 23 | validpgpkeys=( 24 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 25 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 26 | ) 27 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 28 | sha256sums=('844fbdbf02334b9ce03833ad8a671053f67b4076d72db4f03e0ee2665ec2eb55' 29 | 'SKIP') 30 | 31 | build() { 32 | cd "${pkgname}-${pkgver}" 33 | 34 | export CFLAGS="${CFLAGS} -fno-semantic-interposition" 35 | make 36 | } 37 | 38 | package() { 39 | provides+=( 40 | libsepol.so 41 | ) 42 | 43 | cd "${pkgname}-${pkgver}" 44 | make DESTDIR="${pkgdir}" SHLIBDIR=/usr/lib install 45 | } 46 | -------------------------------------------------------------------------------- /local-pacman.conf: -------------------------------------------------------------------------------- 1 | # pacman configuration to keep in sync only interesting repositories 2 | # to compare SELinux packages with their base equivalent ones. 3 | [options] 4 | Architecture = auto 5 | ILoveCandy 6 | 7 | [core] 8 | Include = /etc/pacman.d/mirrorlist 9 | 10 | [extra] 11 | Include = /etc/pacman.d/mirrorlist 12 | -------------------------------------------------------------------------------- /logrotate-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = logrotate-selinux 2 | pkgdesc = Rotates system logs automatically with SELinux support 3 | pkgver = 3.22.0 4 | pkgrel = 1 5 | url = https://github.com/logrotate/logrotate 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = GPL 10 | depends = popt 11 | depends = gzip 12 | depends = acl 13 | depends = libselinux 14 | provides = logrotate=3.22.0-1 15 | provides = selinux-logrotate=3.22.0-1 16 | conflicts = logrotate 17 | conflicts = selinux-logrotate 18 | backup = etc/logrotate.conf 19 | source = https://github.com/logrotate/logrotate/releases/download/3.22.0/logrotate-3.22.0.tar.xz 20 | source = https://github.com/logrotate/logrotate/releases/download/3.22.0/logrotate-3.22.0.tar.xz.asc 21 | source = logrotate.conf 22 | validpgpkeys = 8ECCDF12100AD84DA2EE7EBFC78CE737A3C3E28E 23 | sha256sums = 42b4080ee99c9fb6a7d12d8e787637d057a635194e25971997eebbe8d5e57618 24 | sha256sums = SKIP 25 | sha256sums = 42e289081a4d6b144c89dbfc49bde7a01b383055bf90a05a764f8c3dee25a6ce 26 | 27 | pkgname = logrotate-selinux 28 | -------------------------------------------------------------------------------- /logrotate-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | *-build.log 2 | *-check.log 3 | *-package*.log 4 | PKGBUILD-namcap.log 5 | *.pkg.tar.* 6 | *.pkg.tar.*-namcap.log 7 | *-pkgver.log 8 | *-prepare.log 9 | -------------------------------------------------------------------------------- /logrotate-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [logrotate] 2 | source = 'github' 3 | github = 'logrotate/logrotate' 4 | use_max_tag = true 5 | -------------------------------------------------------------------------------- /logrotate-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Pierre Schmitz 2 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 3 | # 4 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 5 | # If you want to help keep it up to date, please open a Pull Request there. 6 | 7 | pkgname=logrotate-selinux 8 | pkgver=3.22.0 9 | pkgrel=1 10 | pkgdesc="Rotates system logs automatically with SELinux support" 11 | arch=('x86_64' 'aarch64') 12 | url="https://github.com/logrotate/logrotate" 13 | license=('GPL') 14 | groups=('selinux') 15 | depends=('popt' 'gzip' 'acl' 'libselinux') 16 | conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}") 17 | provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" 18 | "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") 19 | backup=('etc/logrotate.conf') 20 | source=("https://github.com/logrotate/logrotate/releases/download/${pkgver}/${pkgname/-selinux}-${pkgver}.tar.xz"{,.asc} 21 | 'logrotate.conf') 22 | sha256sums=('42b4080ee99c9fb6a7d12d8e787637d057a635194e25971997eebbe8d5e57618' 23 | 'SKIP' 24 | '42e289081a4d6b144c89dbfc49bde7a01b383055bf90a05a764f8c3dee25a6ce') 25 | validpgpkeys=('8ECCDF12100AD84DA2EE7EBFC78CE737A3C3E28E') 26 | 27 | prepare() { 28 | cd "$srcdir/${pkgname/-selinux}-${pkgver}" 29 | 30 | echo '#!/bin/true' > test/test-0110.sh 31 | 32 | # Skip test-0112 to work around https://github.com/logrotate/logrotate/issues/632 33 | echo '#!/bin/true' > test/test-0112.sh 34 | } 35 | 36 | build() { 37 | cd "$srcdir/${pkgname/-selinux}-${pkgver}" 38 | 39 | ./configure \ 40 | --prefix=/usr \ 41 | --sbindir=/usr/bin \ 42 | --mandir=/usr/share/man \ 43 | --with-compress-command=/usr/bin/gzip \ 44 | --with-uncompress-command=/usr/bin/gunzip \ 45 | --with-default-mail-command=/usr/bin/mail \ 46 | --with-acl \ 47 | --with-selinux 48 | make 49 | } 50 | 51 | check() { 52 | cd "$srcdir/${pkgname/-selinux}-${pkgver}" 53 | 54 | make test 55 | } 56 | 57 | package() { 58 | cd "$srcdir/${pkgname/-selinux}-${pkgver}" 59 | 60 | make DESTDIR="$pkgdir" install 61 | 62 | install -dm755 "$pkgdir/etc/logrotate.d" 63 | install -Dm644 "$srcdir/logrotate.conf" "$pkgdir/etc/logrotate.conf" 64 | 65 | install -D -m644 examples/logrotate.timer "${pkgdir}/usr/lib/systemd/system/logrotate.timer" 66 | install -D -m644 examples/logrotate.service "${pkgdir}/usr/lib/systemd/system/logrotate.service" 67 | install -d -m755 "$pkgdir/usr/lib/systemd/system/timers.target.wants" 68 | ln -s ../logrotate.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/logrotate.timer" 69 | } 70 | -------------------------------------------------------------------------------- /logrotate-selinux/keys/pgp/8ECCDF12100AD84DA2EE7EBFC78CE737A3C3E28E.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFmr5WEBEACsbVDGAx8dLby3CUhMGsi2AzWSqejm+98B5OWiOFJ0VqDY2TB7 4 | T3dDy5Pb3X7tgp8QZGi8xwpQlw1iF0jYRxzp8MyB56ikNOpMBhxJPPcPpAy0cha+ 5 | 4nLlvCsvUQgYdKOqfHEHMEYohB5p0h/68P7VUydk1iTc9IbMXhpXyF/jwTuN0aV2 6 | WqzF4261MRVmQJoOFDHFd9F/6YdE4GP0vyuuLewPNARVVYqWsjM6Eun0OxN0sjfD 7 | /KZ5e5Icwt6AlQZmHE7NRF38okVeVE2hPQ/prLeFYzp+wmACB/ryF1PWIrAID+VX 8 | Ba/cLN5VRNFCCfHGAAiqQizWgdUvvXn/DWjRDhA3/Gm0vwCb4kv2OvaJMg/RyRw/ 9 | Gw5qjpuMBbuVKH7yw5YKeJSWU/gd+oiJOlojeO2K2bqeRHxQOfjtNhJtCSnmuQ+3 10 | Tv97uy2owdqOmIYh57Gjf4C2IqPPpm3dUwCHtr1ApX9pQurGPvKtPCIuy/1jSsv7 11 | EyQvu6RLlmreQb/WNCVp3hUcceKyXPxx+6+nu1TZd7PMK1jnBKeipkqQaaaI/Wzi 12 | OVM6TZVRfiem8TmS+hRcm2nTOzbH6ZQVEoXLyMSqBMB4wr74lYF3tr20LRRs9jq5 13 | 3U71ryPHe+ancLhF4feJI//wUM7/OgZSsAytnoPD9Mmk0PccLkiZ/rcKIwARAQAB 14 | tCxDaHJpc3RpYW4gR8O2dHRzY2hlIDxjZ3pvbmVzQGdvb2dsZW1haWwuY29tPokC 15 | VAQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBI7M3xIQCthNou5+ 16 | v8eM5zejw+KOBQJk4NJ2BQkNFiCVAAoJEMeM5zejw+KOH6wP/RPcpnK4zTn5CI2D 17 | kUbRz/ioACq2PkUDcN1xnay5hQtMNGZ9+W+pIwwyQ5xBAkqwaAfBbi/4D/uEovRQ 18 | eSgXtTooMa3pS169gwxPnrXByB2dc9bOTC1t+kDe9zWIpf2Zvx7PewS7NghlQTrW 19 | ueOUeP9Y309S8bSSdvqV57LILYJUPiHWj4dWXMEvCndzPgAaWoyqpKhwKLg1GVbE 20 | ABnczjLqtuCRSmWvQ5MPES+LuSN1HNTIHGkBu2A7NyjwZDNNMIa+3rizZ+7SE1hU 21 | LQooylD/0xRtFLF+9v6lwbjfawqFT1PoUvUozJa+SYbxGI1AJIhcGtYOSA2jR1z+ 22 | /HIztWcug5lNRtywJyBsJ8KXNh1e0U8N2Xr1tMd/m0XHkFnElZq8cyJCi9qbXnFE 23 | aFN4Ts5/VbN6CZOUOEdau/OmJUHyPRGclUwh4E+znfBj63pkK8xFhh+23tX2oQ8I 24 | kM5JP07xWae36nPttFxwNADXJueXFh22cSnb87w4nQbave90PEaDaQQ7PPT4HneE 25 | rY/AHq40VXn38A4NtB1Hi03pMxzwGntYp4mg8qumebeNNavwwykqF/EjSDa2W0+8 26 | zQ58SpxjUwPo1UVc4yoMTVFFl1g60nwXkuBHJsljLIq3YgbeTq8Kx26+DBxMnsrY 27 | bORjhv6jw9jhKYNUy88IlZYCretduQINBFmr5WEBEADR7DRcyFe5dFk9ZWzlHRoE 28 | 1ehf3I3T5/oS8285I4xQ95ga1GWqo7OaOQJXkz0iihcdpQ0JYDE02r4YdaCbkXx6 29 | skGk+jNyMKVopc8Wl2qt1i3nzztxkjshK1mxYFHBFNit/pEm6pW/XfPozvRcnxVw 30 | 1H0udG/MQM8Qaa10uOy86dNlUYiXgXj7tkWEzr33swIcqEyGWdBTA6e1T6JhNs+b 31 | nqyliOPunpUaUNoTuFAEP6ALlkrNG2j7WjK80AmFMjpYsRu9MMXxLu/ZXmie/3dz 32 | e+qub46LItXFIlVwAciNHmdzHEOqS3uBwgZ95ChJbcbAUOz6zVjNGckJf0xvz1qt 33 | qjS6ZUVdSf4eubtAAQETsQ3IVF84zqJZFsXSG4A0A9cpzY85GiFq6b1MPUaJUDBX 34 | YDAnlEzg95wOxWiLJ2FYWsTBxmW3jFZPlTi/1V+qhQ3zDDwJjdMGKRgvSxeLB0Vd 35 | lXHYju3eO/ata8jnZUdvJVztYCSGsfHUfQLRKAy6GuMhAYdfTEJZYUNIzaaXCE9x 36 | z6ICROOhWYSpQym6BympaX0hToth5mvs1EGtGwprYCNO3NYJLOjibxMf6YnrxljV 37 | 1sImVAQiMfX3tbXtmP2HCcKAOAjjl89uWCX0alzKpzuktPh+aJGxB98VcP0ZFDWT 38 | raQpUNtEkriujQFDeAqhiwARAQABiQI8BBgBCAAmAhsMFiEEjszfEhAK2E2i7n6/ 39 | x4znN6PD4o4FAmTg0oUFCQ0WIKQACgkQx4znN6PD4o5i4g/7BpruR/vUugXJZcpA 40 | fhekst+PwQQ1A5kCeWnm77pku7HqU+BBjxlvBUZdlgzAcuO59Vqqn2Uptn6ha7Kp 41 | N3LelrQHt/7N3Kz/wI8s3ft+m1qwI2l9IZ/49fecaVTPdPBJuyK9ksCEZkV0+lb1 42 | Iu+oc81zUNDM1s63JXasKBFbKcparyd7TO3/wf49UzmOgxPnJtL31NhXvMUMnc6F 43 | 28z1bC+bIoOu7KG56wDeK+7iFVqoxFVuzf8nnCLPDgdmIes77YPcalGJP37nauEa 44 | XvBeaHKJwSPgg/3ZQL8bGsFLxIJxYudDFzf2S45mURyLo1XXFRoqq4TAQMREl0t2 45 | ZgMths3z1colKWy7rREutQz2WZ5QrC9A4i1dG4yw4CQFDKZmfpGONWp5WMEh+oGQ 46 | 5G6whIPoTMzS/1FnV8HssEJC4ziwRE2xR9QR/+MLivRDa0ggm71vTZLacdhMM5bH 47 | h5P/N30RS2zXTMhlsYcT+0MZzgQzKBJ22xKArSLzl2CmmTXflhgE8cGvHm6N5ril 48 | dCsm4gmDxvZTI6MUeR48rSxSLViqG32XhNFoKSW40G+i/CpsoITxLCKNRfOpZMmi 49 | zeP5Lj9DYiuPMvJ164KA8uDlI2pKhL2Ro0MyMENP4TTILLQ1rsEXTaFQUe646o7e 50 | gW11fMmMQPlY/73PUt+oaJT7pPs= 51 | =mn6O 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /logrotate-selinux/keys/pgp/992A96E075056E79CD8214F9873DB37572A37B36.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFgjU54BEACwGTSIP9AVBahlfv/y4snLRvlU4UWWqn8bxjh/GFTVs+l8gqOD 4 | 3dT9AhbnMWfvr94nA6dXVVx8t8akn3ybVLKeii3vOSel8ayAnIXYjtowPh/TlheO 5 | BSo4EcVo0IFLtiUhC0XHMngITkr6mGphzKOAjS5Kur1j09tawhWMtgeDWw9dZnvc 6 | mH7f03mwvFv49YYqztaKcGvWlrLjj1O18Un5euGx18L+udG3RfeWMpzinwvcv2n7 7 | sH45FVqH6wu/okOJkXShsD883NRlz652knvzuUZNqcc+l/uNm8FVB8hH7qvKJu7P 8 | v1HpNSYlLqRpAREepYxdb/KJEJ5X3EoczLHM1zugB6cRi9REQ5rt1dqS8VOn5Svw 9 | v4OZZUjZf/LvAB3KOl5RI40pa8zAI/ymxTZ6qZzFOp7u8XEy3GzURrYBMKJIW03Z 10 | E61RI+7SJKr4yeboWSfYJbV6RQJyu8X77H9L0F6O+LHoLSoHIRmkcniwEMwl5THV 11 | tUl9Daxgey+qNq1twLLV6vx8f8eyuPCdeP6ZhhUhOH4sAyh0oGZMHxiNhAFeyRdo 12 | JqTXfgqLX39jwH54eJ3Cbhndwu47glipMO1HQX1XS5Rt7LfEMCTLUGSFW1xljLOI 13 | 8d9fExEyTzJMVIsQJoaAvPEX4cfhcAUFQLijPkt29Wvv3WsAIVFEgoLMNwARAQAB 14 | tB9LYW1pbCBEdWRrYSA8a2R1ZGthQHJlZGhhdC5jb20+iQJUBBMBCAA+AhsDBQsJ 15 | CAcCBhUICQoLAgQWAgMBAh4BAheAFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAl+1 16 | eU8FCQ8W87EACgkQhz2zdXKjezaYpw//UwiegIs8Xe79CERudpz7AM0BbRE6VaAU 17 | QP1dMsTzIUU3HqpRrRfuCLIcbbUb7lCzAmu0SShvrt1ZUY87RXZQDJFsbHneHIKb 18 | wIxIr6bRtwv1+I9A6bIWYDPdjgost4v2O2GdvDegdC6aDFJa6p7uYF3YqR1GvlCN 19 | RC0DPvoZLIaHO7q+9o9WN6pe1OBmHdkzfJue9FmJxUhXGhaFGNQ/E9ahZRWv7D4e 20 | 3fxH8B2lqgmLGAYsbMjgiOJFxcbIWMzltIj0hJ1x3ajUdY1B6rLf6QcgXnKJIXVR 21 | Svp0s283PfhnCzoXvKFvBuUaXQfNsW3MnIJFJEWDuy1TzMdK44AmQp8iQTGVIajd 22 | 2Wdmxxd54dl3GjuHPXXJZ92DG5H52cC+4TZuM4yH9gvOxwtdIafOSkvtTHYh4POF 23 | piqiM67UG2a8JkW7CKPGFqfrdkM+yOfU31ouHL68q3XIpkB4z1f2w6mscdW2d7AQ 24 | 3VLpb+WCeoWRy6HrRYAJZjs78Rea8N9dSzUOI2ac2OUR9Mqp6TMXed6V+6b1ogbI 25 | 4I0Ni8562kPFxnjiTUhrcXNroBvQUktkEXjuk5ZOG/fJaL0lN39Cq9ImznCEGuvn 26 | mb+sZ//kH7N5w8tTc3mK4NvQw8LkDyS5LItx1H2Gzybxsl5d0OajJpUY4PZeppjH 27 | rxXke/QpXHq5Ag0EWCNTngEQALkRI0PUaVE9j19uyjINlxb/3nwKHmbTChQzPJFn 28 | adUwbmXfChmK/vyE8XBaIFIWSJ/94W9Y1/aGPlK4my7GqkiS4q6Lf32YWBNqihvH 29 | mxKuIYv2+6Z8E34yRFwmbA20RpZCy7AGIg0/LACfM4Bw+DVUhTRMl2O/muKrxd/O 30 | /WLn30RoYG+D4+mE0xJu+XsHivx2DqvdkKO+Rzo8131ByiWOk6P37McFtYiPjEjh 31 | ztTBcnNjd+a3xB/XDHd1Lcs7GmBqw0X10KnxC8xSzSqGSRFYF1aJYdxhayxXGJz/ 32 | p1Dd6mt2eT46rYUGhFWlFH7FXGsWapR8ELY42clcFgGmQ7Yps+dZ6Kx8HnEYKsIY 33 | ONBqjS/dTKSrOMvkCSY0CwiCjKPM5uan5lQ9GMwbEZOQ5dcEVJOiVSfneeYpEjD/ 34 | oyapPrDefdsCD5Gvt2kSbDZSDR5GeO8epZ02hu/zMQxDayqdLTxAaDByDVTvRCnc 35 | BLDcpvzXVAUdjIkfzDqZlLRgZu/8oNjOpWypUEE0mQfus6fDOLrt1h/0SqcJar70 36 | mi0QzBlOLrksJerXygDYJus80trCJPbr5DkCy2nQdfaeUissbt4kJTBirhhMtuyZ 37 | bBOQ42qm5pGef74hye1dCUddlBcb/BmIecsQ5a7EegKBDoU6ZsLcs5xnPgNwJa5U 38 | 5VstABEBAAGJAjwEGAEIACYCGwwWIQSZKpbgdQVuec2CFPmHPbN1cqN7NgUCX7V5 39 | agUJDxbzzAAKCRCHPbN1cqN7NiVdEACGZX+sMSfpW47ARmsg9EsWh983SafWEi4V 40 | Gp3bRgOM3X4hwp8iFS/jpD8iNQpiRztSAx6s0l2pirAKFiKaaHrarVrYM4lrSoau 41 | J1LeWeAy9jHRstk21Iu/myM8gfBdl9tOlrdv5NhD98tCdE/2hTtOLlZbYboNl+ug 42 | 0g/3yM4KPgqXLvVpS3QBoiueTfFoSawb20lZCcDon43BGg+wS/2j7Vu9Q1Dj3fEz 43 | +QV4S7JvMFP6MYV2ITvj3xajXpRkuNG8s76o/u8m2PYQ77sAl+mN446Lp+bwdQeE 44 | s7j79i/2kk+djVDtgTGyRyDD/4drXOMtVKRpxDDp1YOl896cRP4PJWNK8oLlF8IY 45 | ItdhN/UijK6hZoXLyQDK/DQfmTjpGEQTzFCNW8CdwvTSjK7o6lJZtrv4R4rBJ3Sd 46 | kcr9rQO/uGlYblzX70iXQMKpiCb1xo3MBCUFfiq05sTNVzRNVleo9nVf0WhCgnl7 47 | M9Tojh31sra9IzDAy9exga8dD/tvnebYjXYmGXfQyrPAnSSTLSjAQmlNzgx8FM96 48 | WB+XJDJFALy/MV35XKi9c5SLE3hSPEhqrwnTQ5g3jOPrexhUZR6w0qDXVoQH/3p0 49 | vXqQ3yx3yrREeBOW6qhHeYk3w2z7EAg4nNovAHgd68zXE9ZfCAGfWIerZsOuhdHS 50 | lwvfpMesuQ== 51 | =XhUt 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /logrotate-selinux/logrotate.conf: -------------------------------------------------------------------------------- 1 | # see "man logrotate" for details 2 | # rotate log files weekly 3 | weekly 4 | 5 | # keep 4 weeks worth of backlogs 6 | rotate 4 7 | 8 | # restrict maximum size of log files 9 | #size 20M 10 | 11 | # create new (empty) log files after rotating old ones 12 | create 13 | 14 | # uncomment this if you want your log files compressed 15 | #compress 16 | 17 | # Logs are moved into directory for rotation 18 | # olddir /var/log/archive 19 | 20 | # Ignore pacman saved files 21 | tabooext + .pacorig .pacnew .pacsave 22 | 23 | # Arch packages drop log rotation information into this directory 24 | include /etc/logrotate.d 25 | 26 | /var/log/wtmp { 27 | monthly 28 | create 0664 root utmp 29 | minsize 1M 30 | rotate 1 31 | } 32 | 33 | /var/log/btmp { 34 | missingok 35 | monthly 36 | create 0600 root utmp 37 | rotate 1 38 | } 39 | -------------------------------------------------------------------------------- /mcstrans/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = mcstrans 2 | pkgdesc = SELinux MCS translation daemon 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux/wiki 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL2 11 | depends = libcap 12 | depends = libselinux>=3.8 13 | depends = pcre2 14 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/mcstrans-3.8.tar.gz 15 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/mcstrans-3.8.tar.gz.asc 16 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 17 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 18 | sha256sums = 5d12798adfd0f47d497ab43048dc03390b11c7136686068e1599883ffe447990 19 | sha256sums = SKIP 20 | 21 | pkgname = mcstrans 22 | -------------------------------------------------------------------------------- /mcstrans/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=mcstrans 7 | pkgver=3.8 8 | pkgrel=1 9 | pkgdesc="SELinux MCS translation daemon" 10 | arch=('i686' 'x86_64' 'aarch64') 11 | url='https://github.com/SELinuxProject/selinux/wiki' 12 | license=('GPL2') 13 | groups=('selinux') 14 | depends=('libcap' 'libselinux>=3.8' 'pcre2') 15 | validpgpkeys=( 16 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 17 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 18 | ) 19 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 20 | sha256sums=('5d12798adfd0f47d497ab43048dc03390b11c7136686068e1599883ffe447990' 21 | 'SKIP') 22 | 23 | build() { 24 | cd "${pkgname}-${pkgver}" 25 | make 26 | } 27 | 28 | package() { 29 | cd "${pkgname}-${pkgver}" 30 | make DESTDIR="${pkgdir}" SBINDIR=/usr/bin install 31 | 32 | # Remove mcstrans init script 33 | rm -rf "${pkgdir}/etc/rc.d" 34 | rmdir "${pkgdir}/etc" 35 | } 36 | -------------------------------------------------------------------------------- /merge_aur.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Pull modifications from AUR git repositories using "git subtree merge" 3 | 4 | cd "$(dirname -- "$0")" || exit $? 5 | 6 | # Run the given command after displaying it 7 | log_and_run() { 8 | tput bold 9 | echo "Running: $*" 10 | tput sgr0 11 | "$@" 12 | } 13 | 14 | # Be on master branch 15 | log_and_run git checkout master || exit $? 16 | 17 | for DIR in $(find . -maxdepth 2 -name PKGBUILD -printf '%h\n' | sort) 18 | do 19 | PKGNAME="${DIR##*/}" 20 | 21 | # Create a remote for AUR if it does not exist 22 | REMOTE_NAME="aur-$PKGNAME" 23 | REMOTE_URL="https://aur.archlinux.org/$PKGNAME.git" 24 | REMOTE_PUSHURL="ssh+git://aur.archlinux.org/$PKGNAME.git" 25 | if ! (git remote show | grep -q "^$REMOTE_NAME\$") 26 | then 27 | log_and_run git remote add "$REMOTE_NAME" "$REMOTE_URL" || exit $? 28 | log_and_run git remote set-url --push "$REMOTE_NAME" "$REMOTE_PUSHURL" || exit $? 29 | fi 30 | log_and_run git fetch "$REMOTE_NAME" || exit $? 31 | 32 | # Merge the remote subtree and keep track of the commit number 33 | # Use "-c core.editor=true" to merge without editing the message 34 | OLDHEAD="$(git rev-parse HEAD)" 35 | log_and_run git -c core.editor=true subtree merge --prefix="${DIR#./}" "$REMOTE_NAME/master" || \ 36 | exit $? 37 | NEWHEAD="$(git rev-parse HEAD)" 38 | PKGVER="$(sed -n 's/^\s*pkgver = \(.*\)$/\1/p' "$DIR/.SRCINFO" | head -n1)" 39 | PKGREL="$(sed -n 's/^\s*pkgrel = \(.*\)$/\1/p' "$DIR/.SRCINFO" | head -n1)" 40 | if [ "$OLDHEAD" != "$NEWHEAD" ] 41 | then 42 | # A merge commit has been created 43 | REMOTE_COMMIT="$(git rev-parse "$REMOTE_NAME/master")" 44 | git commit --date=now --amend --message \ 45 | "Merge $PKGNAME $PKGVER-$PKGREL update 46 | 47 | Merge AUR commit $REMOTE_COMMIT: 48 | https://aur.archlinux.org/cgit/aur.git/commit/?h=$PKGNAME&id=$REMOTE_COMMIT" 49 | fi 50 | done 51 | -------------------------------------------------------------------------------- /namcap_all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Run namcap on every package 3 | 4 | for PKG_PKGBUILD in $(find . -maxdepth 2 -name PKGBUILD | sort) 5 | do 6 | # Run namcap on PKGBUID files 7 | namcap "$PKG_PKGBUILD" 8 | 9 | # Run namcap on packages 10 | for PKG in $(find "$(dirname "$PKG_PKGBUILD")" -name '*.pkg.tar*' | sort) 11 | do 12 | if echo "$PKG" | grep -q '[-]debug-' 13 | then 14 | # debug packages do have dangling symlinks 15 | namcap -e symlink "$PKG" 16 | else 17 | namcap "$PKG" 18 | fi 19 | done 20 | done 21 | -------------------------------------------------------------------------------- /openssh-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [openssh] 2 | source = "git" 3 | git = "https://github.com/openssh/openssh-portable" 4 | from_pattern = 'V_(\d+)_(\d+)_P(\d+)' 5 | to_pattern = '\1.\2p\3' 6 | -------------------------------------------------------------------------------- /openssh-selinux/70-openssh-restart-sshd.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Operation = Upgrade 3 | Type = Package 4 | Target = openssh 5 | 6 | [Action] 7 | Description = Restart a running sshd.service 8 | When = PostTransaction 9 | Exec = /usr/bin/systemctl try-restart sshd.service 10 | -------------------------------------------------------------------------------- /openssh-selinux/99-archlinux.conf: -------------------------------------------------------------------------------- 1 | # sshd_config defaults on Arch Linux 2 | KbdInteractiveAuthentication no 3 | UsePAM yes 4 | PrintMotd no 5 | -------------------------------------------------------------------------------- /openssh-selinux/keys/pgp/7168B983815A5EEF59A4ADFD2A3F414E736060BA.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBF/uZg0BEADPa+uw7cLPy9ilpe9zm0326WgcGl4yXsVvkDlThcHfq7HckTTe 4 | bEhaClVoK0qDA8DBo6mvLAwF57eMmHbEEi6/dzLUlIH/MKXXZ6tQRCFKqTzBzhJa 5 | i7+H15yXkvRvfbnmVtrJ5NYlprPYSNXN7NuJE6p4dNeR3wCCuNuvojNx3Jw5mJUr 6 | xIuN2kI3wD1XOqMPsUuxD6Lgw32wT5XtCNQBKdMQ8GC9WGsRfXTFBNqCjIXbbfRe 7 | VxhIq/asumCTsnYvOMVas1n+bYCuIwyDWNAYqKNgwdXV/k9D8NLJ7/1BNQ8vAfOJ 8 | Fl6TsDelkZOO/hurVPLBzx3RWa8Tnoh9UiyfVxiFiriYGbYh5ZM74hzFWMBLa583 9 | xFS7wycWcUeiHMpUHpDsKDgeGJSCY2frGdETn03G5N3fQ5xMPFDRI2AmNJF8wyry 10 | eXS6lAIMfmSytVIJQ8H3kYt47Za1KAw4Gx595lxBTfLRDLFGQFfWwHUfzi728Xbk 11 | VkcfMwmZ34+FZb5XyfTTCevzOlR2+YHMgbPcL3VjQOMnF7CZ9i+CgEPzRxIX1IlD 12 | kfC+TUz/Xbmx9QE3WsG+HTw43eYy9/F2zh15Pwa1zw3viCBZhEaAlSRi9MRzwejQ 13 | UZaSD9VM15FMRju0jNWbZeiNYy90rXvfex/VveYRXc1PKpi4OefGOgNrRwARAQAB 14 | tB9EYW1pZW4gTWlsbGVyIDxkam1AbWluZHJvdC5vcmc+iQJOBBMBCAA4FiEEcWi5 15 | g4FaXu9ZpK39Kj9BTnNgYLoFAl/uZg0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC 16 | F4AACgkQKj9BTnNgYLqQjg/8DERhTxdO5kdjMCKbuwdGv5nUeeSeuA32YYvce4LL 17 | wfxx05mRAucdI6ZiMZ84pE1PNaJuvfoJ3gREJc/5uUMK2SsXDVAugtEgJnmckJwV 18 | KvkJqetTzvBTAJDTF+SQ+XyIXyPV2isgNk560Aq6afzvApic2mEZCJ89kXkZLQ1L 19 | 5enu+aD5H5ptNMJJOfEU0/CJAnBGb+Vc74DhsIdy48v9fW99URg4BFL6feXb2Cmc 20 | dSiuiJYoL8X4dG+vqjh0gCaX6MyrrEEwHqP3JizLM2ur3oYzFcMu88JSQRp33r6B 21 | Ha9Ekm8UxQxr23NzgL2f8qzy3mzu6breXd5JiUe5Uvpp0j1KVUtvPK50Gvs/6ZTe 22 | vTPG9ijNPM8AvCCiGzhtiJap20T3L6ouwmuDnMzWDmAUlYAVY2FeR8HXQ16hg3Qv 23 | wjJFkxoGrjXnh+D315pAERPOHWqjIATXBnkMXPMYyfRnmCrJh3qlPFiiX7pQgW+S 24 | 4huG/OjsCcRBv0IzMJx4lw9pIOhYmfwxeJuBxHzND5skv0Gg7B69O48FFGDh1bog 25 | 4EMSoGPNnKxIjsRPfpH31awGrSTG0+OatujkbroOSvAMGmzuyCBGDZjbe2Cas6yw 26 | NWzM356sL7zRcKUNMHPybIHfLp3hVT51YbifRkMYkT7Dpg1k3/akIoRKWBTx7krm 27 | pS25Ag0EX+5mDQEQANombPGwYrMa+WkBNYE1V8L4LZyDo0OmgzofW5op2gELYPp7 28 | bzRYuh1M0rwdF04wMPLB9gc9/ApHM7g33eGH2TswCUSUxufDQLmwDA4yd8h63z/7 29 | l5/ilRFHQ2L/sE22wOHD87TC4TcTScIDyo1S4/RRpHWCwnvsUw9zzosDDrWs6VuL 30 | ncpzQnENT/gyD8x7jorCdQJGKg60oXJRFHIrTuOP/vCc4Yih/R8cKJji5Lu5cIxd 31 | ZxMr1QusyV5calyJm3hRUWyi5SLXG61Q9UiVgRehLLRYEghXIxtPijfOi0QAX6ff 32 | NODox4kgYgzk09FuFuYnA5yjs4/mZbHUnUiHMAJy8+57IKG4I1GkT6LNNd3XXDAx 33 | UiEvkjbQBP7IuCR3SxlFQih+UYB8ljIytjEBsdywmhz1U/xItLi3UmyraS6UrGLD 34 | aJJYsPOAs3erFI40fyIR4ye68g+HiUsl7e77menvbcMibpnDyb1sN33hYxqhipoc 35 | KcOr4ipGBKg0pEuyCUanUvDMtTzJt/BMOtVmkmGHobnh9cjv/1rZaNoWHxYeDeB3 36 | LvROjXiQTRHNtIM+rU5JMm7iLgrGXUa/TBGYHBBMB/jH9/Oi6fv1an6ZspFGk+Fw 37 | E5M4Uh4hRcd8tYw/4ApTeMwE5kvbNtXX/DaKHKlkyYzoy5ip/Z3r6eCa3+TRABEB 38 | AAGJAjYEGAEIACAWIQRxaLmDgVpe71mkrf0qP0FOc2BgugUCX+5mDQIbDAAKCRAq 39 | P0FOc2Bgumv6EACo6IB4kKkSi7GkY+coqcudorPL147A3Yb9vRkxVf9Gi6z3BceT 40 | ZBz3+ZkLDf5NX2H8B2qtrsBri/2AekWunmQTj/8XdIuyaVC60j0wwVhIKheVM7mm 41 | 0CWPKGCvEXQOUUuk3OEN/C/X/UWx2Dxr0YA3m2Z4DFTlEDg9LOBJAGMKHzjhP2uU 42 | vk8vtdqO7fgUxbnI4Bf0YqIDt/B8nlHqSoiRVL7kkXJbiLx2qKC7wzL35mU/52YW 43 | bKgGt50+/NDoPWqKSN+rZlLmUkdXyeY2II+XVNyQNdR1mosG2YlVxJzQ4f1j68zP 44 | JPihn/3ccpi7gm0TnPsMI4aolhp+3CiXFSx80gjtKz1Wib65Yk7otMrUS0ORdwPP 45 | p7KvOJWx1w2Vp2DHBlRdIpbkJLG0JHPVT7p0SFQN1Hz7ezv6yvC5GZSbbSj2S9ON 46 | iAu76zxWSBw22JeThEMKITueb/9DILWg83Pz5O5p1ZHC8r2i9cpfBVnvnymOCZPE 47 | lAsoMMQgo7Qr+01mGjRnqXpUKJ8EVsQsn/sVGpxKzsYAB4S34K8xVt9alNp63dlG 48 | 27Y+o18LSTTHj9WQgS+QYHFKcqWFIfQ8sbI3Upo4ZhZOFFwQqaX+T6P9akqa+Sj5 49 | sLlk3dChghJ6LFPUUqSbRO/KYcapCmgfANx5kXjyYMkuIdgS9DYEESEVVg== 50 | =NtKR 51 | -----END PGP PUBLIC KEY BLOCK----- 52 | -------------------------------------------------------------------------------- /openssh-selinux/openssh.tmpfiles: -------------------------------------------------------------------------------- 1 | C /etc/pam.d/sshd 2 | C /etc/ssh/moduli 3 | C /etc/ssh/ssh_config 4 | C /etc/ssh/sshd_config 5 | C /etc/ssh/sshd_config.d/99-archlinux.conf 6 | 7 | d /etc/ssh/ssh_config.d 8 | d /etc/ssh/sshd_config.d 9 | -------------------------------------------------------------------------------- /openssh-selinux/ssh-agent.service: -------------------------------------------------------------------------------- 1 | # Requires SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket" to be set in environment 2 | [Unit] 3 | ConditionEnvironment=!SSH_AGENT_PID 4 | Description=OpenSSH key agent 5 | Documentation=man:ssh-agent(1) man:ssh-add(1) man:ssh(1) 6 | 7 | [Service] 8 | Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket 9 | ExecStart=/usr/bin/ssh-agent -D -a ${SSH_AUTH_SOCK} 10 | SuccessExitStatus=2 11 | Type=simple 12 | 13 | [Install] 14 | WantedBy=default.target 15 | -------------------------------------------------------------------------------- /openssh-selinux/sshd.pam: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth include system-remote-login 4 | account include system-remote-login 5 | password include system-remote-login 6 | session include system-remote-login 7 | -------------------------------------------------------------------------------- /openssh-selinux/sshd.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=OpenSSH Daemon 3 | Wants=sshdgenkeys.service 4 | After=sshdgenkeys.service 5 | After=network.target 6 | 7 | [Service] 8 | Type=notify-reload 9 | ExecStart=/usr/bin/sshd -D 10 | KillMode=process 11 | Restart=always 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /openssh-selinux/sshdgenkeys.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=SSH Key Generation 3 | ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key 4 | ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub 5 | ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key 6 | ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub 7 | ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key 8 | ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub 9 | 10 | [Service] 11 | ExecStart=/usr/bin/ssh-keygen -A 12 | Type=oneshot 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /pam-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = pam-selinux 2 | pkgdesc = SELinux aware PAM (Pluggable Authentication Modules) library 3 | pkgver = 1.7.0 4 | pkgrel = 1 5 | url = http://linux-pam.org 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = GPL-2.0-only 10 | makedepends = docbook-xml 11 | makedepends = docbook-xsl 12 | makedepends = docbook5-xml 13 | makedepends = flex 14 | makedepends = fop 15 | makedepends = git 16 | makedepends = libxslt 17 | makedepends = meson 18 | makedepends = w3m 19 | depends = audit 20 | depends = glibc 21 | depends = libaudit.so 22 | depends = libcrypt.so 23 | depends = libnsl 24 | depends = libselinux 25 | depends = libtirpc 26 | depends = libxcrypt 27 | depends = pambase-selinux 28 | depends = systemd-libs 29 | provides = libpam.so 30 | provides = libpamc.so 31 | provides = libpam_misc.so 32 | provides = pam=1.7.0-1 33 | provides = selinux-pam=1.7.0-1 34 | conflicts = pam 35 | conflicts = selinux-pam 36 | options = !emptydirs 37 | backup = etc/security/access.conf 38 | backup = etc/security/faillock.conf 39 | backup = etc/security/group.conf 40 | backup = etc/security/limits.conf 41 | backup = etc/security/namespace.conf 42 | backup = etc/security/namespace.init 43 | backup = etc/security/pwhistory.conf 44 | backup = etc/security/pam_env.conf 45 | backup = etc/security/time.conf 46 | backup = etc/environment 47 | source = pam::git+https://github.com/linux-pam/linux-pam?signed#tag=v1.7.0 48 | source = pam.tmpfiles 49 | validpgpkeys = 8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB 50 | validpgpkeys = 296D6F29A020808E8717A8842DB5BD89A340AEB7 51 | b2sums = 88ecba59692fe86f6f6516007b87fb897018cc5f818c106a037f15df4dda7c31e50fbfcb137493d49cb754e41f2f69a60f24ffea3374ff5e38ce6263bfa7abac 52 | b2sums = 36582c80020008c3810b311a2e126d2fb4ffc94e565ea4c0c0ab567fdb92943e269781ffa548550742feb685847c26c340906c7454dcc31df4e1e47d511d8d6f 53 | 54 | pkgname = pam-selinux 55 | -------------------------------------------------------------------------------- /pam-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | /pam/ 2 | -------------------------------------------------------------------------------- /pam-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [pam] 2 | source = "git" 3 | git = "https://github.com/linux-pam/linux-pam.git" 4 | prefix = "v" 5 | -------------------------------------------------------------------------------- /pam-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Tobias Powalowski 2 | # Maintainer: Levente Polyak 3 | # Contributor: judd 4 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 5 | # SELinux Contributor: Timothée Ravier 6 | # SELinux Contributor: Nicky726 7 | # 8 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 9 | # If you want to help keep it up to date, please open a Pull Request there. 10 | 11 | pkgname=pam-selinux 12 | pkgver=1.7.0 13 | pkgrel=1 14 | pkgdesc="SELinux aware PAM (Pluggable Authentication Modules) library" 15 | arch=('x86_64' 'aarch64') 16 | license=('GPL-2.0-only') 17 | url="http://linux-pam.org" 18 | depends=( 19 | audit 20 | glibc 21 | libaudit.so 22 | libcrypt.so 23 | libnsl 24 | libselinux 25 | libtirpc 26 | libxcrypt 27 | pambase-selinux 28 | systemd-libs 29 | ) 30 | makedepends=( 31 | docbook-xml 32 | docbook-xsl 33 | docbook5-xml 34 | flex 35 | fop 36 | git 37 | libxslt 38 | meson 39 | w3m 40 | ) 41 | conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}") 42 | provides=( 43 | libpam.so 44 | libpamc.so 45 | libpam_misc.so 46 | "${pkgname/-selinux}=${pkgver}-${pkgrel}" 47 | "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}" 48 | ) 49 | backup=( 50 | etc/security/{access.conf,faillock.conf,group.conf,limits.conf,namespace.conf,namespace.init,pwhistory.conf,pam_env.conf,time.conf} 51 | etc/environment 52 | ) 53 | groups=('selinux') 54 | source=("pam::git+https://github.com/linux-pam/linux-pam?signed#tag=v${pkgver}" 55 | "${pkgname/-selinux}.tmpfiles") 56 | validpgpkeys=( 57 | '8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB' # Thorsten Kukuk 58 | '296D6F29A020808E8717A8842DB5BD89A340AEB7' # Dimitry V. Levin 59 | ) 60 | b2sums=('88ecba59692fe86f6f6516007b87fb897018cc5f818c106a037f15df4dda7c31e50fbfcb137493d49cb754e41f2f69a60f24ffea3374ff5e38ce6263bfa7abac' 61 | '36582c80020008c3810b311a2e126d2fb4ffc94e565ea4c0c0ab567fdb92943e269781ffa548550742feb685847c26c340906c7454dcc31df4e1e47d511d8d6f') 62 | options=('!emptydirs') 63 | 64 | prepare() { 65 | cd "${pkgname/-selinux}" 66 | # apply patch from the source array (should be a pacman feature) 67 | local src 68 | for src in "${source[@]}"; do 69 | src="${src%%::*}" 70 | src="${src##*/}" 71 | [[ $src = *.patch ]] || continue 72 | echo "Applying patch ${src}..." 73 | patch -Np1 < "../${src}" 74 | done 75 | } 76 | 77 | build() { 78 | arch-meson "${pkgname/-selinux}" \ 79 | -Dlogind=enabled \ 80 | -Deconf=disabled \ 81 | -Dselinux=enabled \ 82 | -Dpam_userdb=disabled \ 83 | build 84 | meson compile -C build 85 | } 86 | 87 | check() { 88 | meson test -C build 89 | } 90 | 91 | package() { 92 | meson install -C build --destdir "${pkgdir}" 93 | install -Dm 644 ${pkgname/-selinux}.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/${pkgname/-selinux}.conf 94 | 95 | # set unix_chkpwd uid 96 | chmod +s "${pkgdir}"/usr/bin/unix_chkpwd 97 | } 98 | 99 | -------------------------------------------------------------------------------- /pam-selinux/keys/pgp/8C6BFD92EE0F42EDF91A6A736D1A7F052E5924BB.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQGiBEQ9EVMRBAC9QJWF86a9UWNEGQioCXmiSDO1AL3Pw0+iQ5KsBUz0c3xskla/ 4 | t7SPunDasBndA/wRBcG9+/xmW9Zdr+q8CZfKrv/Lku3+n6YexUZ0aMBCtLdRTrYY 5 | 1lalS7PvtgAmnSdjc1jzigU4dZf9ZZ44ScnjHQDVyqAWPdseZo4IZmTtywCg/XsO 6 | rLg401ZHpfR+KrxtSx5Q/B8D/2Rknz3sYPUQXm2eRsLpkrgSgBaCEgmt6BE4NCbV 7 | rjiEN1J6QnDnlQRHT4VZd5oMpjVxURJDkTa2ec6j0JoA34XZopJWuSNrthk7hgX7 8 | RRVfzVfwuR3mkOGfLBJ+O1hI2A+FQzAwzpkhRMMqvMaB/qywUBSesB4sEPj8L/a6 9 | Vsb8A/9yD9hiR4sKQsQBGK2XHfeWxdI9QAxohnHzhIarzA0+f2anE7ZBTTYuJhLL 10 | veQma0dWTte0e6Q2wubmObDSo7YAMXtMQABNN1YxMasQwxOKdFLScWT2LDnKfoYQ 11 | 80slywAymYnQX3vjnR6SA4XWIqTcrFUSEXpo5ctGwVtlDGkrZrQqVGhvcnN0ZW4g 12 | S3VrdWsgKHByaXZhdCkgPGt1a3VrQHRoa3VrdWsuZGU+iGkEExECACkCGwMGCwkI 13 | BwMCBBUCCAMEFgIDAQIeAQIXgAIZAQUCWxPXQwUJGLf5cAAKCRBtGn8FLlkku7Fp 14 | AJ4rqF2oEwkjHUm3kII8zN+Yyl251wCfYPzDYNUVbK+7Yf/hrzg2rMOeqnS0KVRo 15 | b3JzdGVuIEt1a3VrIChidXNpbmVzcykgPGt1a3VrQHN1c2UuZGU+iGYEExECACYC 16 | GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCWxPXRwUJGLf5cAAKCRBtGn8FLlkk 17 | u6agAKDkwS8WKBeBQfh4puCg7P3Q11cEvQCgqS/Xh4u7LBspbapjPvQoWMTbp5W0 18 | KlRob3JzdGVuIEt1a3VrIChidXNpbmVzcykgPGt1a3VrQHN1c2UuY29tPohpBBMR 19 | AgApAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AFAlsT10cFCRi3+XAACgkQ 20 | bRp/BS5ZJLuY5QCeNGnaOf96+z6imhk4sy7f4gTeQu0An1Xg8MEY1RAdSSW3n287 21 | jO7LV4Rl 22 | =cAoF 23 | -----END PGP PUBLIC KEY BLOCK----- 24 | -------------------------------------------------------------------------------- /pam-selinux/pam.tmpfiles: -------------------------------------------------------------------------------- 1 | d /run/faillock 0755 root root - 2 | -------------------------------------------------------------------------------- /pambase-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = pambase-selinux 2 | pkgdesc = SELinux aware base PAM configuration for services 3 | pkgver = 20230918 4 | pkgrel = 1 5 | url = https://www.archlinux.org 6 | arch = any 7 | groups = selinux 8 | license = GPL-3.0-or-later 9 | provides = pambase=20230918-1 10 | provides = selinux-pambase=20230918-1 11 | conflicts = pambase 12 | conflicts = selinux-pambase 13 | conflicts = pam-selinux<1.4.0 14 | backup = etc/pam.d/system-auth 15 | backup = etc/pam.d/system-local-login 16 | backup = etc/pam.d/system-login 17 | backup = etc/pam.d/system-remote-login 18 | backup = etc/pam.d/system-services 19 | backup = etc/pam.d/other 20 | source = system-auth 21 | source = system-local-login 22 | source = system-login 23 | source = system-remote-login 24 | source = system-services 25 | source = other 26 | sha512sums = af25e6428930c3e915d9052d091f8bd5db050bcc4f07eb05fe84c101589d2817ad4fbd1471a7ab5da366e89f9bdab8e2113b3932bd4bfe888a1301f027b2ae1a 27 | sha512sums = 83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1 28 | sha512sums = 14207afee8b3f286ef3676fc925f75f110e42d8461771ddcaff483a4b29df3b7d4eafa7b7d869bc31872fca1efc76434f54f8ed01303574eebd8ff39a839b644 29 | sha512sums = 83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1 30 | sha512sums = 5c2947f8644803783d19cc97ddc19fdaa234dac41a939edd32c9452e78bb2a4751bceeb4737d0791fb122ca932b8b941aab869b6dec3146bf90e94517d31724a 31 | sha512sums = df554f70f017dd3f6023a3c62b95d19123eaf41c08deaac0c4bc343fcce6eeefcf468910f7cb9ba58ee2846abb88091d18d718eb0228e38f6ce26ebced94c407 32 | b2sums = 189fb86628a959e53512e16ac506b4e925d0005f4cd19289f23c0c7c70ac961f7750f784ae3d7948d0d3320813af1ad53044f8f763c66fd4a1e403f2e8e7bd0c 33 | b2sums = 900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6 34 | b2sums = 55c606bf9dc6410606a6046b3520848b79260ba35e95990a81d0f539e234ad63aeec1ea157e25fbf86d2b3350b0cfe414ed96ca3c37b5f2f7478f15deee787d9 35 | b2sums = 900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6 36 | b2sums = e11e8959c961036a384016096f0fce0696d8a3ecc63d0d12d8016cc7c27a7afc80f8580ab639c97360aed0d49af3159462d85260b4404b9d65963f440eb77243 37 | b2sums = 3de32ccd196fecaf0a3cce8e61867f93f85fff651044519d8521a28d9f8d6ddaf51f3e30eac4979884c505f9f52d01f458e5bccc5d5adc4f1d7d372068dd02da 38 | 39 | pkgname = pambase-selinux 40 | -------------------------------------------------------------------------------- /pambase-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: David Runge 2 | # Contributor: Dave Reisner 3 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 4 | # SELinux Contributor: Timothée Ravier 5 | # SELinux Contributor: Nicky726 (Nicky726 gmail com) 6 | # 7 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 8 | # If you want to help keep it up to date, please open a Pull Request there. 9 | 10 | pkgname=pambase-selinux 11 | pkgver=20230918 12 | pkgrel=1 13 | pkgdesc="SELinux aware base PAM configuration for services" 14 | arch=(any) 15 | url="https://www.archlinux.org" 16 | license=(GPL-3.0-or-later) 17 | groups=(selinux) 18 | conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}" 'pam-selinux<1.4.0') 19 | provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" 20 | "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") 21 | backup=( 22 | etc/pam.d/system-auth 23 | etc/pam.d/system-local-login 24 | etc/pam.d/system-login 25 | etc/pam.d/system-remote-login 26 | etc/pam.d/system-services 27 | etc/pam.d/other 28 | ) 29 | source=( 30 | system-auth 31 | system-local-login 32 | system-login 33 | system-remote-login 34 | system-services 35 | other 36 | ) 37 | sha512sums=('af25e6428930c3e915d9052d091f8bd5db050bcc4f07eb05fe84c101589d2817ad4fbd1471a7ab5da366e89f9bdab8e2113b3932bd4bfe888a1301f027b2ae1a' 38 | '83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1' 39 | '14207afee8b3f286ef3676fc925f75f110e42d8461771ddcaff483a4b29df3b7d4eafa7b7d869bc31872fca1efc76434f54f8ed01303574eebd8ff39a839b644' 40 | '83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1' 41 | '5c2947f8644803783d19cc97ddc19fdaa234dac41a939edd32c9452e78bb2a4751bceeb4737d0791fb122ca932b8b941aab869b6dec3146bf90e94517d31724a' 42 | 'df554f70f017dd3f6023a3c62b95d19123eaf41c08deaac0c4bc343fcce6eeefcf468910f7cb9ba58ee2846abb88091d18d718eb0228e38f6ce26ebced94c407') 43 | b2sums=('189fb86628a959e53512e16ac506b4e925d0005f4cd19289f23c0c7c70ac961f7750f784ae3d7948d0d3320813af1ad53044f8f763c66fd4a1e403f2e8e7bd0c' 44 | '900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6' 45 | '55c606bf9dc6410606a6046b3520848b79260ba35e95990a81d0f539e234ad63aeec1ea157e25fbf86d2b3350b0cfe414ed96ca3c37b5f2f7478f15deee787d9' 46 | '900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6' 47 | 'e11e8959c961036a384016096f0fce0696d8a3ecc63d0d12d8016cc7c27a7afc80f8580ab639c97360aed0d49af3159462d85260b4404b9d65963f440eb77243' 48 | '3de32ccd196fecaf0a3cce8e61867f93f85fff651044519d8521a28d9f8d6ddaf51f3e30eac4979884c505f9f52d01f458e5bccc5d5adc4f1d7d372068dd02da') 49 | 50 | package() { 51 | install -vDm 644 "${source[@]}" -t "$pkgdir/etc/pam.d/" 52 | } 53 | 54 | # vim:set ts=2 sw=2 et: 55 | -------------------------------------------------------------------------------- /pambase-selinux/other: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required pam_deny.so 3 | auth required pam_warn.so 4 | account required pam_deny.so 5 | account required pam_warn.so 6 | password required pam_deny.so 7 | password required pam_warn.so 8 | session required pam_deny.so 9 | session required pam_warn.so 10 | -------------------------------------------------------------------------------- /pambase-selinux/system-auth: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth required pam_faillock.so preauth 4 | # Optionally use requisite above if you do not want to prompt for the password 5 | # on locked accounts. 6 | -auth [success=2 default=ignore] pam_systemd_home.so 7 | auth [success=1 default=bad] pam_unix.so try_first_pass nullok 8 | auth [default=die] pam_faillock.so authfail 9 | auth optional pam_permit.so 10 | auth required pam_env.so 11 | auth required pam_faillock.so authsucc 12 | # If you drop the above call to pam_faillock.so the lock will be done also 13 | # on non-consecutive authentication failures. 14 | 15 | -account [success=1 default=ignore] pam_systemd_home.so 16 | account required pam_unix.so 17 | account optional pam_permit.so 18 | account required pam_time.so 19 | 20 | -password [success=1 default=ignore] pam_systemd_home.so 21 | password required pam_unix.so try_first_pass nullok shadow 22 | password optional pam_permit.so 23 | 24 | -session optional pam_systemd_home.so 25 | session required pam_limits.so 26 | session required pam_unix.so 27 | session optional pam_permit.so 28 | -------------------------------------------------------------------------------- /pambase-selinux/system-local-login: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth include system-login 4 | account include system-login 5 | password include system-login 6 | session include system-login 7 | -------------------------------------------------------------------------------- /pambase-selinux/system-login: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth required pam_shells.so 4 | auth requisite pam_nologin.so 5 | auth include system-auth 6 | 7 | account required pam_access.so 8 | account required pam_nologin.so 9 | account include system-auth 10 | 11 | password include system-auth 12 | 13 | # pam_selinux.so close should be the first session rule 14 | session required pam_selinux.so close 15 | session optional pam_loginuid.so 16 | session optional pam_keyinit.so force revoke 17 | session include system-auth 18 | # pam_selinux.so open should only be followed by sessions to be executed in the user context 19 | session required pam_selinux.so open 20 | session optional pam_motd.so 21 | session optional pam_mail.so dir=/var/spool/mail standard quiet 22 | session optional pam_umask.so 23 | -session optional pam_systemd.so 24 | session required pam_env.so 25 | -------------------------------------------------------------------------------- /pambase-selinux/system-remote-login: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth include system-login 4 | account include system-login 5 | password include system-login 6 | session include system-login 7 | -------------------------------------------------------------------------------- /pambase-selinux/system-services: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth sufficient pam_permit.so 4 | 5 | account include system-auth 6 | 7 | session optional pam_loginuid.so 8 | session required pam_limits.so 9 | session required pam_unix.so 10 | session optional pam_permit.so 11 | session required pam_env.so 12 | -------------------------------------------------------------------------------- /policycoreutils/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = policycoreutils 2 | pkgdesc = SELinux policy core utilities 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL2 11 | depends = libsemanage>=3.8 12 | depends = pam 13 | optdepends = mcstrans: SELinux MCS translation daemon 14 | optdepends = restorecond: SELinux daemon that fixes SELinux file contexts 15 | optdepends = selinux-dbus-config: D-Bus configuration for SELinux 16 | optdepends = selinux-gui: GUI tools for SELinux 17 | optdepends = selinux-python: Python tools and libraries for SELinux 18 | optdepends = selinux-sandbox: sandboxing tool for SELinux 19 | optdepends = semodule-utils: SELinux module tools 20 | provides = selinux-usr-policycoreutils=3.8-1 21 | conflicts = selinux-usr-policycoreutils 22 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/policycoreutils-3.8.tar.gz 23 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/policycoreutils-3.8.tar.gz.asc 24 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 25 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 26 | sha256sums = 2c430b8662aafb3a757251e9d8d62ecaabc1c24be2b2a6ac6e87d3fa08b04e22 27 | sha256sums = SKIP 28 | 29 | pkgname = policycoreutils 30 | -------------------------------------------------------------------------------- /policycoreutils/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Timothée Ravier 3 | # Contributor: Nicky726 (Nicky726 gmail com) 4 | # Contributor: Sergej Pupykin (pupykin s+arch gmail com) 5 | # Contributor: angelux/xangelux (xangelux gmail com) 6 | # 7 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 8 | # If you want to help keep it up to date, please open a Pull Request there. 9 | 10 | pkgname=policycoreutils 11 | pkgver=3.8 12 | pkgrel=1 13 | pkgdesc="SELinux policy core utilities" 14 | arch=('i686' 'x86_64' 'aarch64') 15 | url='https://github.com/SELinuxProject/selinux' 16 | license=('GPL2') 17 | groups=('selinux') 18 | depends=('libsemanage>=3.8' 'pam') 19 | optdepends=('mcstrans: SELinux MCS translation daemon' 20 | 'restorecond: SELinux daemon that fixes SELinux file contexts' 21 | 'selinux-dbus-config: D-Bus configuration for SELinux' 22 | 'selinux-gui: GUI tools for SELinux' 23 | 'selinux-python: Python tools and libraries for SELinux' 24 | 'selinux-sandbox: sandboxing tool for SELinux' 25 | 'semodule-utils: SELinux module tools') 26 | conflicts=("selinux-usr-${pkgname}") 27 | provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") 28 | validpgpkeys=( 29 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 30 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 31 | ) 32 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 33 | sha256sums=('2c430b8662aafb3a757251e9d8d62ecaabc1c24be2b2a6ac6e87d3fa08b04e22' 34 | 'SKIP') 35 | 36 | build() { 37 | cd "${pkgname}-${pkgver}" 38 | make LSPP_PRIV=y all 39 | } 40 | 41 | package() { 42 | cd "${pkgname}-${pkgver}" 43 | make DESTDIR="${pkgdir}" LIBEXECDIR=/usr/lib SBINDIR=/usr/bin install 44 | } 45 | -------------------------------------------------------------------------------- /psmisc-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = psmisc-selinux 2 | pkgdesc = Miscellaneous procfs tools with SELinux support 3 | pkgver = 23.7 4 | pkgrel = 1 5 | url = https://gitlab.com/psmisc/psmisc 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = GPL 10 | makedepends = git 11 | makedepends = po4a 12 | depends = ncurses 13 | depends = libselinux 14 | provides = psmisc=23.7-1 15 | provides = selinux-psmisc=23.7-1 16 | conflicts = psmisc 17 | conflicts = selinux-psmisc 18 | source = git+https://gitlab.com/psmisc/psmisc.git#tag=v23.7?signed 19 | validpgpkeys = 5D2FB320B825D93904D205193938F96BDF50FEA5 20 | sha256sums = 80ae6e626ba83232b7af1c02f3f528834ebdd96325367b701f69125d3e196f2f 21 | 22 | pkgname = psmisc-selinux 23 | -------------------------------------------------------------------------------- /psmisc-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Eric Bélanger 2 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 3 | # SELinux Contributor: Timothée Ravier 4 | # SELinux Contributor: Nicky726 5 | # 6 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 7 | # If you want to help keep it up to date, please open a Pull Request there. 8 | 9 | pkgname=psmisc-selinux 10 | pkgver=23.7 11 | pkgrel=1 12 | pkgdesc='Miscellaneous procfs tools with SELinux support' 13 | arch=('x86_64' 'aarch64') 14 | url='https://gitlab.com/psmisc/psmisc' 15 | license=('GPL') 16 | groups=('selinux') 17 | depends=('ncurses' 'libselinux') 18 | makedepends=('git' 'po4a') 19 | conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}") 20 | provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" 21 | "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") 22 | validpgpkeys=('5D2FB320B825D93904D205193938F96BDF50FEA5') # Craig Small 23 | source=("git+https://gitlab.com/psmisc/psmisc.git#tag=v${pkgver}?signed") 24 | sha256sums=('80ae6e626ba83232b7af1c02f3f528834ebdd96325367b701f69125d3e196f2f') 25 | 26 | prepare() { 27 | cd ${pkgname/-selinux} 28 | 29 | ./autogen.sh 30 | } 31 | 32 | build() { 33 | cd ${pkgname/-selinux} 34 | 35 | ./configure \ 36 | --prefix=/usr \ 37 | --enable-selinux 38 | make 39 | } 40 | 41 | package() { 42 | cd ${pkgname/-selinux} 43 | 44 | make DESTDIR="${pkgdir}" install 45 | } 46 | -------------------------------------------------------------------------------- /recv_gpg_keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Receive every gpg keys used by packages 3 | set -eu 4 | cd "$(dirname -- "$0")" 5 | 6 | # Import all keys from the packages 7 | gpg --import ./*/keys/pgp/*.asc 8 | 9 | # Import all keys from the cache 10 | gpg --import _pgp_cache/*.asc 11 | 12 | # Download missing keys from a keyserver 13 | # GnuPG key server to use 14 | GPG_KEYSRV="${GPG_KEYSRV:-hkp://keys.gnupg.net}" 15 | 16 | for DIR in $(find . -maxdepth 2 -name PKGBUILD -printf '%h\n' | sort) 17 | do 18 | PKG="${DIR#./}" 19 | sed -n 's/^\s*validpgpkeys = //p' < "$DIR/.SRCINFO" | \ 20 | while IFS= read -r GPGKEY ; do 21 | if gpg --list-keys "$GPGKEY" > /dev/null 2>&1 ; then 22 | echo "$PKG: key $GPGKEY found." 23 | else 24 | echo "$PKG: receiving key..." 25 | gpg --keyserver "$GPG_KEYSRV" --recv-keys "$GPGKEY" 26 | fi 27 | done 28 | done 29 | -------------------------------------------------------------------------------- /restorecond/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = restorecond 2 | pkgdesc = SELinux restorecon daemon 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux/wiki 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL2 11 | makedepends = pkgconf 12 | depends = dbus-glib 13 | depends = libselinux>=2.7 14 | conflicts = policycoreutils<2.7 15 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/restorecond-3.8.tar.gz 16 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/restorecond-3.8.tar.gz.asc 17 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 18 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 19 | sha256sums = 0f1a7a3bf121e5d1b9d6548765393b392da3ee42906e45c26217ec66e91f6cd3 20 | sha256sums = SKIP 21 | 22 | pkgname = restorecond 23 | -------------------------------------------------------------------------------- /restorecond/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=restorecond 7 | pkgver=3.8 8 | pkgrel=1 9 | pkgdesc="SELinux restorecon daemon" 10 | arch=('i686' 'x86_64' 'aarch64') 11 | url='https://github.com/SELinuxProject/selinux/wiki' 12 | license=('GPL2') 13 | groups=('selinux') 14 | makedepends=('pkgconf') 15 | depends=('dbus-glib' 'libselinux>=2.7') 16 | conflicts=('policycoreutils<2.7') 17 | validpgpkeys=( 18 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 19 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 20 | ) 21 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 22 | sha256sums=('0f1a7a3bf121e5d1b9d6548765393b392da3ee42906e45c26217ec66e91f6cd3' 23 | 'SKIP') 24 | 25 | build() { 26 | cd "${pkgname}-${pkgver}" 27 | make 28 | } 29 | 30 | package() { 31 | cd "${pkgname}-${pkgver}" 32 | make DESTDIR="${pkgdir}" SBINDIR=/usr/bin install 33 | 34 | # Remove restorecond init script 35 | rm -rf "${pkgdir}/etc/rc.d" 36 | } 37 | -------------------------------------------------------------------------------- /secilc/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = secilc 2 | pkgdesc = SELinux Common Intermediate Language Compiler 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/cil/wiki 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = custom 11 | checkdepends = checkpolicy 12 | makedepends = xmlto 13 | makedepends = docbook-xml 14 | makedepends = docbook-xsl 15 | depends = libsepol>=3.8 16 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/secilc-3.8.tar.gz 17 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/secilc-3.8.tar.gz.asc 18 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 19 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 20 | sha256sums = 1db6835f1ebed659a3f6703df58571a8ef05a26f81472e25af07e185f1dbcd5a 21 | sha256sums = SKIP 22 | 23 | pkgname = secilc 24 | -------------------------------------------------------------------------------- /secilc/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=secilc 7 | pkgver=3.8 8 | pkgrel=1 9 | pkgdesc="SELinux Common Intermediate Language Compiler" 10 | groups=('selinux') 11 | arch=('i686' 'x86_64' 'aarch64') 12 | url='https://github.com/SELinuxProject/cil/wiki' 13 | license=('custom') 14 | makedepends=('xmlto' 'docbook-xml' 'docbook-xsl') 15 | checkdepends=('checkpolicy') 16 | depends=('libsepol>=3.8') 17 | validpgpkeys=( 18 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 19 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 20 | ) 21 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 22 | sha256sums=('1db6835f1ebed659a3f6703df58571a8ef05a26f81472e25af07e185f1dbcd5a' 23 | 'SKIP') 24 | 25 | build() { 26 | cd "${pkgname}-${pkgver}" 27 | make all 28 | } 29 | 30 | check() { 31 | cd "${pkgname}-${pkgver}" 32 | make test 33 | } 34 | 35 | package() { 36 | cd "${pkgname}-${pkgver}" 37 | make DESTDIR="${pkgdir}" install 38 | 39 | install -Dm 0644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" 40 | } 41 | -------------------------------------------------------------------------------- /selinux-alpm-hook/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-alpm-hook 2 | pkgdesc = SELinux ALPM hook 3 | pkgver = 0.1 4 | pkgrel = 4 5 | url = https://github.com/archlinuxhardened/selinux 6 | arch = any 7 | groups = selinux 8 | license = GPL 9 | depends = policycoreutils>=3.4 10 | source = relabel-selinux.hook 11 | source = selinux-alpm-hook 12 | sha256sums = 4df844a89a50fe1caebe0cb92fc925b3dedf7a1a8258eef53f0dd328c1cc089e 13 | sha256sums = 6786b7ba2dd6887daef304dbbab425b425ddec611d6df943fce27f13ef95def1 14 | 15 | pkgname = selinux-alpm-hook 16 | -------------------------------------------------------------------------------- /selinux-alpm-hook/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | 3 | pkgname=selinux-alpm-hook 4 | pkgver=0.1 5 | pkgrel=4 6 | pkgdesc="SELinux ALPM hook" 7 | arch=('any') 8 | url="https://github.com/archlinuxhardened/selinux" 9 | license=('GPL') 10 | groups=('selinux') 11 | depends=('policycoreutils>=3.4') 12 | source=('relabel-selinux.hook' 13 | 'selinux-alpm-hook') 14 | sha256sums=('4df844a89a50fe1caebe0cb92fc925b3dedf7a1a8258eef53f0dd328c1cc089e' 15 | '6786b7ba2dd6887daef304dbbab425b425ddec611d6df943fce27f13ef95def1') 16 | 17 | package() { 18 | cd "${srcdir}" 19 | 20 | # Prefix the hook file with "zz-" so that it is run after all other hooks 21 | install -D -m 644 'relabel-selinux.hook' "${pkgdir}/usr/share/libalpm/hooks/zzz-relabel-selinux.hook" 22 | 23 | install -D -m 755 'selinux-alpm-hook' "${pkgdir}/usr/share/libalpm/scripts/selinux-alpm-hook" 24 | } 25 | -------------------------------------------------------------------------------- /selinux-alpm-hook/relabel-selinux.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Operation = Install 3 | Operation = Upgrade 4 | Type = File 5 | Target = * 6 | 7 | [Action] 8 | Description = SELinux: relabel installed files 9 | Depends = policycoreutils 10 | When = PostTransaction 11 | Exec = /usr/share/libalpm/scripts/selinux-alpm-hook 12 | NeedsTargets 13 | -------------------------------------------------------------------------------- /selinux-dbus-config/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-dbus-config 2 | pkgdesc = DBus service which allows managing SELinux configuration 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux/wiki 6 | arch = any 7 | groups = selinux 8 | license = GPL2 9 | depends = python 10 | depends = selinux-python 11 | conflicts = policycoreutils<2.7 12 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-dbus-3.8.tar.gz 13 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-dbus-3.8.tar.gz.asc 14 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 15 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 16 | sha256sums = bd00e7895f14a2610b65459d30b6eac512123b18303098c66d4717c9be8003e1 17 | sha256sums = SKIP 18 | 19 | pkgname = selinux-dbus-config 20 | -------------------------------------------------------------------------------- /selinux-dbus-config/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=selinux-dbus-config 7 | _pkgname=selinux-dbus 8 | pkgver=3.8 9 | pkgrel=1 10 | pkgdesc="DBus service which allows managing SELinux configuration" 11 | groups=('selinux') 12 | arch=('any') 13 | url='https://github.com/SELinuxProject/selinux/wiki' 14 | license=('GPL2') 15 | depends=('python' 'selinux-python') 16 | conflicts=('policycoreutils<2.7') 17 | validpgpkeys=( 18 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 19 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 20 | ) 21 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${_pkgname}-${pkgver}.tar.gz"{,.asc}) 22 | sha256sums=('bd00e7895f14a2610b65459d30b6eac512123b18303098c66d4717c9be8003e1' 23 | 'SKIP') 24 | 25 | build() { 26 | cd "${_pkgname}-${pkgver}" 27 | make 28 | } 29 | 30 | package() { 31 | cd "${_pkgname}-${pkgver}" 32 | make DESTDIR="${pkgdir}" install 33 | } 34 | -------------------------------------------------------------------------------- /selinux-gui/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-gui 2 | pkgdesc = SELinux GUI tools 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux/wiki 6 | arch = any 7 | groups = selinux 8 | license = GPL2 9 | depends = python-gobject 10 | depends = hicolor-icon-theme 11 | depends = selinux-python 12 | depends = gtk3 13 | conflicts = policycoreutils<2.7 14 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-gui-3.8.tar.gz 15 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-gui-3.8.tar.gz.asc 16 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 17 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 18 | sha256sums = 4b69fc4e6369717d3268244f4a2f025fea7d4d19b62bcc3b3ba45c1177ffbd5a 19 | sha256sums = SKIP 20 | 21 | pkgname = selinux-gui 22 | -------------------------------------------------------------------------------- /selinux-gui/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=selinux-gui 7 | pkgver=3.8 8 | pkgrel=1 9 | pkgdesc="SELinux GUI tools" 10 | groups=('selinux') 11 | arch=('any') 12 | url='https://github.com/SELinuxProject/selinux/wiki' 13 | license=('GPL2') 14 | depends=('python-gobject' 'hicolor-icon-theme' 'selinux-python' 'gtk3') 15 | conflicts=('policycoreutils<2.7') 16 | validpgpkeys=( 17 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 18 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 19 | ) 20 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 21 | sha256sums=('4b69fc4e6369717d3268244f4a2f025fea7d4d19b62bcc3b3ba45c1177ffbd5a' 22 | 'SKIP') 23 | 24 | build() { 25 | cd "${pkgname}-${pkgver}" 26 | make 27 | } 28 | 29 | package() { 30 | cd "${pkgname}-${pkgver}" 31 | make DESTDIR="${pkgdir}" install 32 | 33 | # Compile Python files into bytecode 34 | python -m compileall "${pkgdir}/usr/share/system-config-selinux" 35 | } 36 | -------------------------------------------------------------------------------- /selinux-python/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-python 2 | pkgdesc = SELinux python tools and libraries 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux/wiki 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL2 11 | makedepends = python-pip 12 | makedepends = python-setuptools 13 | depends = python 14 | depends = python-audit 15 | depends = libsemanage>=3.8 16 | depends = setools>=4.4.0 17 | provides = sepolgen=3.8-1 18 | conflicts = sepolgen<2.7 19 | conflicts = policycoreutils<2.7 20 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-python-3.8.tar.gz 21 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-python-3.8.tar.gz.asc 22 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 23 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 24 | sha256sums = f18329750a02a431947a6901d36108ca2662b106978956f33c22f01cc8ef76dc 25 | sha256sums = SKIP 26 | 27 | pkgname = selinux-python 28 | -------------------------------------------------------------------------------- /selinux-python/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=selinux-python 7 | pkgver=3.8 8 | pkgrel=1 9 | pkgdesc="SELinux python tools and libraries" 10 | groups=('selinux') 11 | arch=('i686' 'x86_64' 'aarch64') 12 | url='https://github.com/SELinuxProject/selinux/wiki' 13 | license=('GPL2') 14 | makedepends=('python-pip' 'python-setuptools') 15 | depends=('python' 'python-audit' 'libsemanage>=3.8' 'setools>=4.4.0') 16 | conflicts=('sepolgen<2.7' 'policycoreutils<2.7') 17 | provides=("sepolgen=${pkgver}-${pkgrel}") 18 | validpgpkeys=( 19 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 20 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 21 | ) 22 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 23 | sha256sums=('f18329750a02a431947a6901d36108ca2662b106978956f33c22f01cc8ef76dc' 24 | 'SKIP') 25 | 26 | build() { 27 | cd "${pkgbase}-${pkgver}" 28 | make PYTHON=/usr/bin/python3 29 | } 30 | 31 | package() { 32 | cd "${pkgbase}-${pkgver}" 33 | make PYTHON=/usr/bin/python3 DESTDIR="${pkgdir}" SBINDIR=/usr/bin install 34 | /usr/bin/python3 -m compileall "${pkgdir}/$(/usr/bin/python3 -c 'import site; print(site.getsitepackages()[0])')" 35 | } 36 | -------------------------------------------------------------------------------- /selinux-refpolicy-arch/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-refpolicy-arch 2 | pkgdesc = Modular SELinux reference policy including headers and docs with Arch Linux patches 3 | pkgver = 20240916 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/refpolicy/wiki 6 | install = selinux-refpolicy-arch.install 7 | arch = any 8 | groups = selinux 9 | license = GPL2 10 | makedepends = git 11 | makedepends = python 12 | makedepends = checkpolicy>=3.0 13 | makedepends = semodule-utils 14 | depends = policycoreutils>=3.0 15 | source = git+https://github.com/archlinuxhardened/selinux-policy-arch#commit=5edb9487e7b4b2eca0cc98a102a795c0f8883425 16 | source = config 17 | sha256sums = c91a1559ab4cffc728dbb5554af53e05e150bbbe9f548427cb42741222f10042 18 | sha256sums = c9f7cce9a06fd0595b3dd47d4fdde9d9c7457120c42c5f08bfdc5e89eb9a61df 19 | 20 | pkgname = selinux-refpolicy-arch 21 | -------------------------------------------------------------------------------- /selinux-refpolicy-arch/.gitignore: -------------------------------------------------------------------------------- 1 | /selinux-policy-arch/ 2 | -------------------------------------------------------------------------------- /selinux-refpolicy-arch/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Nicky726 (Nicky726 gmail com) 3 | # Contributor: Simon Peter Nicholls (simon mintsource org) 4 | # 5 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 6 | # If you want to help keep it up to date, please open a Pull Request there. 7 | 8 | pkgname=selinux-refpolicy-arch 9 | _reponame=selinux-policy-arch 10 | _policyname=refpolicy-arch 11 | pkgver=20240916 12 | pkgrel=1 13 | pkgdesc="Modular SELinux reference policy including headers and docs with Arch Linux patches" 14 | arch=('any') 15 | url="https://github.com/SELinuxProject/refpolicy/wiki" 16 | license=('GPL2') 17 | groups=('selinux') 18 | makedepends=('git' 'python' 'checkpolicy>=3.0' 'semodule-utils') 19 | depends=('policycoreutils>=3.0') 20 | install="${pkgname}.install" 21 | _commit=5edb9487e7b4b2eca0cc98a102a795c0f8883425 22 | source=("git+https://github.com/archlinuxhardened/${_reponame}#commit=${_commit}" 23 | 'config') 24 | sha256sums=('c91a1559ab4cffc728dbb5554af53e05e150bbbe9f548427cb42741222f10042' 25 | 'c9f7cce9a06fd0595b3dd47d4fdde9d9c7457120c42c5f08bfdc5e89eb9a61df') 26 | 27 | build() { 28 | cd "${srcdir}/${_reponame}" 29 | make bare 30 | make conf 31 | make 32 | } 33 | 34 | package() { 35 | cd "${srcdir}/${_reponame}" 36 | make DESTDIR="${pkgdir}" install 37 | make DESTDIR="${pkgdir}" install-headers 38 | make DESTDIR="${pkgdir}" PKGNAME="${_policyname}" install-docs 39 | 40 | # Create /var/lib/selinux, which is necessary for loading policy, 41 | # which is done via install script. 42 | install -d -m0755 "${pkgdir}/var/lib/selinux" 43 | 44 | # Install main SELinux config file besides /etc/selinux/config. 45 | # The install script will create a symlink. 46 | install -m644 -D "${srcdir}/config" "${pkgdir}/etc/selinux/config.${_policyname}" 47 | } 48 | -------------------------------------------------------------------------------- /selinux-refpolicy-arch/config: -------------------------------------------------------------------------------- 1 | # This file controls the state of SELinux on the system. 2 | # SELINUX= can take one of these three values: 3 | # enforcing - SELinux security policy is enforced. 4 | # permissive - SELinux prints warnings instead of enforcing. 5 | # disabled - No SELinux policy is loaded. 6 | SELINUX=permissive 7 | # SELINUXTYPE= takes the name of SELinux policy to be used. 8 | # Use "refpolicy-arch" to use reference policy with Arch Linux patches 9 | SELINUXTYPE=refpolicy-arch 10 | -------------------------------------------------------------------------------- /selinux-refpolicy-arch/selinux-refpolicy-arch.install: -------------------------------------------------------------------------------- 1 | post_install() { 2 | # Configure /etc/selinux/config 3 | if [ -e /etc/selinux/config ] 4 | then 5 | echo ">>> In order to use this policy, set SELINUXTYPE=refpolicy-arch in /etc/selinux/config." 6 | else 7 | /usr/bin/ln -v -s config.refpolicy-arch /etc/selinux/config 8 | fi 9 | 10 | # In release 20170805, apm module has been renamed to acpi. This causes a 11 | # conflict when rebuilding the policy 12 | if /usr/bin/semodule -s refpolicy-arch -l 2>/dev/null | /usr/bin/grep -q '^apm$' 13 | then 14 | semodule --noreload -s refpolicy-arch -r apm 15 | fi 16 | 17 | echo ">>> Building refpolicy-arch policy store. Please wait..." 18 | /usr/bin/semodule -s refpolicy-arch -i /usr/share/selinux/refpolicy-arch/*.pp 19 | echo ">>> Relabeling the filesystem may be needed." 20 | echo ">>> This can be done with: /usr/bin/restorecon -rF /" 21 | } 22 | 23 | post_upgrade() { 24 | post_install 25 | } 26 | 27 | post_remove() { 28 | echo ">>> Removing refpolicy left-over files." 29 | /usr/bin/rm -rf /etc/selinux/refpolicy-arch 30 | 31 | if [ -L /etc/selinux/config ] && ! [ -e /etc/selinux/config ] 32 | then 33 | echo ">>> Removing now-broken symbolic link /etc/selinux/config" 34 | /usr/bin/rm /etc/selinux/config 35 | fi 36 | } 37 | -------------------------------------------------------------------------------- /selinux-refpolicy-git/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-refpolicy-git 2 | pkgdesc = Modular SELinux reference policy including headers and docs 3 | pkgver = RELEASE_2_20210908.r29.ge49243a08f4d 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/refpolicy/wiki 6 | install = selinux-refpolicy-git.install 7 | arch = any 8 | groups = selinux 9 | license = GPL2 10 | makedepends = git 11 | makedepends = python 12 | makedepends = checkpolicy>=3.0 13 | makedepends = semodule-utils 14 | depends = policycoreutils>=3.0 15 | source = git+https://github.com/SELinuxProject/refpolicy 16 | source = config 17 | sha256sums = SKIP 18 | sha256sums = a5faaa2a2c3f986770a9296882b1887c2bdd38b0a990a36f95fe22f22ffb5c13 19 | 20 | pkgname = selinux-refpolicy-git 21 | -------------------------------------------------------------------------------- /selinux-refpolicy-git/.gitignore: -------------------------------------------------------------------------------- 1 | /refpolicy/ 2 | /refpolicy-contrib/ 3 | -------------------------------------------------------------------------------- /selinux-refpolicy-git/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=selinux-refpolicy-git 7 | _policyname=refpolicy-git 8 | pkgver=RELEASE_2_20210908.r29.ge49243a08f4d 9 | pkgrel=1 10 | pkgdesc="Modular SELinux reference policy including headers and docs" 11 | arch=('any') 12 | url="https://github.com/SELinuxProject/refpolicy/wiki" 13 | license=('GPL2') 14 | groups=('selinux') 15 | makedepends=('git' 'python' 'checkpolicy>=3.0' 'semodule-utils') 16 | depends=('policycoreutils>=3.0') 17 | install="${pkgname}.install" 18 | # refpolicy 2.20180701 moved the repository to SELinuxProject Github organization 19 | # When updating, if makepkg reports "refpolicy is not a clone of https://github.com/SELinuxProject/refpolicy", 20 | # you need to update the remote of the git repository, for example with the following command: 21 | # git -C refpolicy remote set-url origin https://github.com/SELinuxProject/refpolicy 22 | source=("git+https://github.com/SELinuxProject/refpolicy" 23 | 'config') 24 | sha256sums=('SKIP' 25 | 'a5faaa2a2c3f986770a9296882b1887c2bdd38b0a990a36f95fe22f22ffb5c13') 26 | 27 | pkgver() { 28 | cd refpolicy 29 | git describe --long | sed 's/\([^-]*-g\)/r\1/;s/-/./g' 30 | } 31 | 32 | build() { 33 | cd refpolicy 34 | 35 | # Ensure the environment is clean 36 | make bare 37 | 38 | # Configure, overriding build.conf values with the ones given on the command line 39 | make conf NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n 40 | 41 | # This tries to install /etc/selinux/refpolicy-git/contexts/files/file_contexts.subs_dist 42 | # due to a bug, so move the build to function package (2024-12-14) 43 | #make all NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n 44 | } 45 | 46 | package() { 47 | cd refpolicy 48 | make all \ 49 | DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n 50 | make install \ 51 | DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n 52 | make install-headers \ 53 | DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n 54 | make install-docs \ 55 | DESTDIR="${pkgdir}" NAME="${_policyname}" DISTRO=arch SYSTEMD=y UBAC=n \ 56 | PKGNAME="${_policyname}" 57 | 58 | # Create /var/lib/selinux, which is necessary for loading policy, 59 | # which is done via install script. 60 | install -d -m0755 "${pkgdir}/var/lib/selinux" 61 | 62 | # Install main SELinux config file defaulting to refpolicy 63 | install -m644 -D "${srcdir}/config" "${pkgdir}/etc/selinux/config.${_policyname}" 64 | } 65 | -------------------------------------------------------------------------------- /selinux-refpolicy-git/config: -------------------------------------------------------------------------------- 1 | # This file controls the state of SELinux on the system. 2 | # SELINUX= can take one of these three values: 3 | # enforcing - SELinux security policy is enforced. 4 | # permissive - SELinux prints warnings instead of enforcing. 5 | # disabled - No SELinux policy is loaded. 6 | SELINUX=permissive 7 | # SELINUXTYPE= takes the name of SELinux policy to be used. 8 | # Use "refpolicy-git" to use reference policy git master revision 9 | SELINUXTYPE=refpolicy-git 10 | -------------------------------------------------------------------------------- /selinux-refpolicy-git/selinux-refpolicy-git.install: -------------------------------------------------------------------------------- 1 | post_install() { 2 | # Configure /etc/selinux/config 3 | if [ -e /etc/selinux/config ] 4 | then 5 | echo ">>> In order to use this policy, set SELINUXTYPE=refpolicy-git in /etc/selinux/config." 6 | else 7 | /usr/bin/ln -v -s config.refpolicy-git /etc/selinux/config 8 | fi 9 | 10 | echo ">>> Building refpolicy-git policy store. Please wait..." 11 | /usr/bin/semodule -s refpolicy-git -i /usr/share/selinux/refpolicy-git/*.pp 12 | echo ">>> Relabeling the filesystem may be needed." 13 | echo ">>> This can be done with: /usr/bin/restorecon -rF /" 14 | } 15 | 16 | post_upgrade() { 17 | post_install 18 | } 19 | 20 | post_remove() { 21 | echo ">>> Removing refpolicy-git left-over files in /var/lib/selinux" 22 | /usr/bin/rm -rf /var/lib/selinux/refpolicy-git 23 | 24 | if [ -L /etc/selinux/config ] && ! [ -e /etc/selinux/config ] 25 | then 26 | echo ">>> Removing now-broken symbolic link /etc/selinux/config" 27 | /usr/bin/rm /etc/selinux/config 28 | fi 29 | } 30 | -------------------------------------------------------------------------------- /selinux-refpolicy-src/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-refpolicy-src 2 | pkgdesc = SELinux reference policy sources 3 | pkgver = 20231002 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/refpolicy/wiki 6 | arch = any 7 | groups = selinux 8 | groups = selinux-policies 9 | license = GPL 10 | makedepends = python 11 | makedepends = checkpolicy>=3.0 12 | makedepends = policycoreutils>=3.0 13 | makedepends = libsepol>=3.0 14 | makedepends = libsemanage>=3.0 15 | optdepends = linux-hardened: Linux kernel with SELinux support 16 | source = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20231002/refpolicy-2.20231002.tar.bz2 17 | sha256sums = c89cd3b2e5d99765cc24536fd8e76de83951ad23e05472350328b5a4f8bee410 18 | 19 | pkgname = selinux-refpolicy-src 20 | -------------------------------------------------------------------------------- /selinux-refpolicy-src/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Nicky726 (Nicky726 gmail com) 3 | # Contributor: Sergej Pupykin (pupykin s+arch gmail com) 4 | # 5 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 6 | # If you want to help keep it up to date, please open a Pull Request there. 7 | 8 | pkgname=selinux-refpolicy-src 9 | _origname=refpolicy 10 | pkgver=20231002 11 | pkgrel=1 12 | pkgdesc="SELinux reference policy sources" 13 | arch=('any') 14 | url="https://github.com/SELinuxProject/refpolicy/wiki" 15 | license=('GPL') 16 | groups=('selinux' 'selinux-policies') 17 | optdepends=('linux-hardened: Linux kernel with SELinux support') 18 | makedepends=('python' 'checkpolicy>=3.0' 'policycoreutils>=3.0' 19 | 'libsepol>=3.0' 'libsemanage>=3.0') 20 | source=("https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_${pkgver}/${_origname}-2.${pkgver}.tar.bz2") 21 | sha256sums=('c89cd3b2e5d99765cc24536fd8e76de83951ad23e05472350328b5a4f8bee410') 22 | 23 | package() { 24 | cd "${srcdir}/${_origname}" 25 | make DESTDIR="${pkgdir}" install-src 26 | } 27 | -------------------------------------------------------------------------------- /selinux-sandbox/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = selinux-sandbox 2 | pkgdesc = sandboxing tool for SELinux 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux/wiki 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL2 11 | depends = libcap-ng 12 | depends = selinux-python 13 | conflicts = policycoreutils<2.7 14 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-sandbox-3.8.tar.gz 15 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/selinux-sandbox-3.8.tar.gz.asc 16 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 17 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 18 | sha256sums = 2ac76d3cf91781ead91311cb1a0d30f97da3807d3aeb6019827b03328ec1ebe7 19 | sha256sums = SKIP 20 | 21 | pkgname = selinux-sandbox 22 | -------------------------------------------------------------------------------- /selinux-sandbox/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=selinux-sandbox 7 | pkgver=3.8 8 | pkgrel=1 9 | pkgdesc="sandboxing tool for SELinux" 10 | arch=('i686' 'x86_64' 'aarch64') 11 | url='https://github.com/SELinuxProject/selinux/wiki' 12 | license=('GPL2') 13 | groups=('selinux') 14 | depends=('libcap-ng' 'selinux-python') 15 | conflicts=('policycoreutils<2.7') 16 | validpgpkeys=( 17 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 18 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 19 | ) 20 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 21 | sha256sums=('2ac76d3cf91781ead91311cb1a0d30f97da3807d3aeb6019827b03328ec1ebe7' 22 | 'SKIP') 23 | 24 | build() { 25 | cd "${pkgname}-${pkgver}" 26 | make 27 | } 28 | 29 | package() { 30 | cd "${pkgname}-${pkgver}" 31 | make DESTDIR="${pkgdir}" SBINDIR="/usr/bin" install 32 | } 33 | -------------------------------------------------------------------------------- /semodule-utils/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = semodule-utils 2 | pkgdesc = SELinux module tools 3 | pkgver = 3.8 4 | pkgrel = 1 5 | url = https://github.com/SELinuxProject/selinux/wiki 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL2 11 | depends = libsepol>=2.7 12 | conflicts = policycoreutils<2.7 13 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/semodule-utils-3.8.tar.gz 14 | source = https://github.com/SELinuxProject/selinux/releases/download/3.8/semodule-utils-3.8.tar.gz.asc 15 | validpgpkeys = 63191CE94183098689CAB8DB7EF137EC935B0EAF 16 | validpgpkeys = 68D21823342A13683AEB3E4EFB4C685B5DC1C13E 17 | sha256sums = 4305537cdfc338552803e32c4ae3065a5aa8f7dac223ba83431cd6a0819cc029 18 | sha256sums = SKIP 19 | 20 | pkgname = semodule-utils 21 | -------------------------------------------------------------------------------- /semodule-utils/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # 3 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 4 | # If you want to help keep it up to date, please open a Pull Request there. 5 | 6 | pkgname=semodule-utils 7 | pkgver=3.8 8 | pkgrel=1 9 | pkgdesc="SELinux module tools" 10 | arch=('i686' 'x86_64' 'aarch64') 11 | url='https://github.com/SELinuxProject/selinux/wiki' 12 | license=('GPL2') 13 | groups=('selinux') 14 | depends=('libsepol>=2.7') 15 | conflicts=('policycoreutils<2.7') 16 | validpgpkeys=( 17 | '63191CE94183098689CAB8DB7EF137EC935B0EAF' # Jason Zaman 18 | '68D21823342A13683AEB3E4EFB4C685B5DC1C13E' # Petr Lautrbach 19 | ) 20 | source=("https://github.com/SELinuxProject/selinux/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}) 21 | sha256sums=('4305537cdfc338552803e32c4ae3065a5aa8f7dac223ba83431cd6a0819cc029' 22 | 'SKIP') 23 | 24 | build() { 25 | cd "${pkgname}-${pkgver}" 26 | make 27 | } 28 | 29 | package() { 30 | cd "${pkgname}-${pkgver}" 31 | make DESTDIR="${pkgdir}" install 32 | } 33 | -------------------------------------------------------------------------------- /sepolgen/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = sepolgen 2 | pkgdesc = SELinux policy generator 3 | pkgver = 2.6 4 | pkgrel = 2 5 | url = http://userspace.selinuxproject.org 6 | arch = any 7 | groups = selinux 8 | license = GPL 9 | makedepends = python2 10 | depends = python 11 | depends = libselinux 12 | optdepends = python2: python2 bindings 13 | provides = selinux-usr-sepolgen=2.6-2 14 | conflicts = selinux-usr-sepolgen 15 | source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-2.6.tar.gz 16 | sha256sums = 6a327b1576d914e57ad796a541a7a9bcceefb14c445355559993de0fdb8e7a60 17 | 18 | pkgname = sepolgen 19 | 20 | -------------------------------------------------------------------------------- /sepolgen/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Timothée Ravier 3 | # Contributor: Nicky726 (Nicky726 gmail com) 4 | # Contributor: Sergej Pupykin (pupykin s+arch gmail com) 5 | 6 | pkgname=sepolgen 7 | pkgver=2.6 8 | pkgrel=2 9 | pkgdesc="SELinux policy generator" 10 | groups=('selinux') 11 | arch=('any') 12 | url='http://userspace.selinuxproject.org' 13 | license=('GPL') 14 | makedepends=('python2') 15 | depends=('python' 'libselinux') 16 | optdepends=('python2: python2 bindings') 17 | conflicts=("selinux-usr-${pkgname}") 18 | provides=("selinux-usr-${pkgname}=${pkgver}-${pkgrel}") 19 | source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/${pkgname}-${pkgver}.tar.gz") 20 | sha256sums=('6a327b1576d914e57ad796a541a7a9bcceefb14c445355559993de0fdb8e7a60') 21 | 22 | build() { 23 | cd "${pkgname}-${pkgver}" 24 | make PYTHON=python2 25 | make PYTHON=python3 26 | } 27 | 28 | package(){ 29 | cd "${pkgname}-${pkgver}" 30 | make PYTHON=python2 DESTDIR="${pkgdir}" install 31 | make PYTHON=python3 DESTDIR="${pkgdir}" install 32 | python2 -m compileall "${pkgdir}/$(python2 -c 'import site; print(site.getsitepackages()[0])')" 33 | python3 -m compileall "${pkgdir}/$(python3 -c 'import site; print(site.getsitepackages()[0])')" 34 | } 35 | -------------------------------------------------------------------------------- /setools/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = setools 2 | pkgdesc = Policy analysis tools for SELinux 3 | pkgver = 4.5.1 4 | pkgrel = 3 5 | url = https://github.com/SELinuxProject/setools/wiki 6 | arch = i686 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = GPL 11 | license = LGPL 12 | checkdepends = checkpolicy 13 | checkdepends = pyside6 14 | checkdepends = python-pytest 15 | checkdepends = python-pytest-qt 16 | makedepends = cython 17 | makedepends = python-tox 18 | depends = libsepol>=3.2 19 | depends = libselinux>=3.2 20 | depends = python 21 | depends = python-networkx>=2.6 22 | depends = python-setuptools 23 | optdepends = python-graphviz: for seinfoflow, sedta, apol 24 | optdepends = python-pyqt6: needed for graphical tools 25 | optdepends = qt6-tools: display apol help with Qt Assistant 26 | provides = selinux-setools=4.5.1-3 27 | conflicts = selinux-setools 28 | source = https://github.com/SELinuxProject/setools/releases/download/4.5.1/setools-4.5.1.tar.bz2 29 | source = 0001-setup.py-Move-static-definitions-to-pyproject.toml.patch 30 | sha256sums = 25e47d00bbffd6046f55409c9ba3b08d9b1d5788cc159ea247d9e0ced8e482e7 31 | sha256sums = 27fd3673709767038fcd5253f13a057dac48b5c6884e07507ff3f1461223cd21 32 | 33 | pkgname = setools 34 | -------------------------------------------------------------------------------- /setools/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Nicolas Iooss (nicolas iooss m4x org) 2 | # Contributor: Timothée Ravier 3 | # Contributor: Nicky726 4 | # Contributor: Xiao-Long Chen 5 | # 6 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 7 | # If you want to help keep it up to date, please open a Pull Request there. 8 | 9 | # /!\ Important note when upgrading from setools 3 /!\ 10 | # When upgrading with policycoreutils 2.5-3, pacman fails with: 11 | # failed to prepare transaction (could not satisfy dependencies) 12 | # :: policycoreutils: installing setools (4.0.1-1) breaks dependency 'setools3-libs' 13 | # In order to upgrade setools, you can either: 14 | # - build setools 4.0.1-1 and setools3-libs 3.3.8-1 and install both packages 15 | # at the same time (with a single "pacman -U" command) 16 | # - temporarily uninstall policycoreutils while upgrading and install it 17 | # again afterwards, or 18 | # - replace setools 3.3.8 with setools3-libs and install setools then. 19 | 20 | pkgname=setools 21 | pkgver=4.5.1 22 | pkgrel=3 23 | pkgdesc="Policy analysis tools for SELinux" 24 | groups=('selinux') 25 | arch=('i686' 'x86_64' 'aarch64') 26 | url="https://github.com/SELinuxProject/setools/wiki" 27 | license=('GPL' 'LGPL') 28 | depends=('libsepol>=3.2' 'libselinux>=3.2' 'python' 'python-networkx>=2.6' 'python-setuptools') 29 | optdepends=('python-graphviz: for seinfoflow, sedta, apol' 30 | 'python-pyqt6: needed for graphical tools' 31 | 'qt6-tools: display apol help with Qt Assistant') 32 | makedepends=('cython' 'python-tox') 33 | checkdepends=('checkpolicy' 'pyside6' 'python-pytest' 'python-pytest-qt') 34 | conflicts=("selinux-${pkgname}") 35 | provides=("selinux-${pkgname}=${pkgver}-${pkgrel}") 36 | source=("https://github.com/SELinuxProject/setools/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.bz2" 37 | 0001-setup.py-Move-static-definitions-to-pyproject.toml.patch 38 | ) 39 | sha256sums=('25e47d00bbffd6046f55409c9ba3b08d9b1d5788cc159ea247d9e0ced8e482e7' 40 | '27fd3673709767038fcd5253f13a057dac48b5c6884e07507ff3f1461223cd21') 41 | 42 | prepare() { 43 | cd "${pkgname}" 44 | patch -Np1 -i "../0001-setup.py-Move-static-definitions-to-pyproject.toml.patch" 45 | } 46 | 47 | build() { 48 | cd "${pkgname}" 49 | python setup.py build_ext 50 | python setup.py build 51 | } 52 | 53 | check() { 54 | cd "${pkgname}" 55 | # Instructions from https://github.com/SELinuxProject/setools/blob/4.5.1/README.md#unit-tests 56 | python setup.py build_ext -i 57 | pytest tests 58 | } 59 | 60 | package() { 61 | cd "${pkgname}" 62 | python setup.py install --root="$pkgdir" --optimize=1 --skip-build 63 | } 64 | -------------------------------------------------------------------------------- /setroubleshoot/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = setroubleshoot 2 | pkgdesc = Provides tools to help diagnose SELinux problems 3 | pkgver = 3.3.23 4 | pkgrel = 1 5 | url = https://pagure.io/setroubleshoot 6 | arch = x86_64 7 | arch = aarch64 8 | groups = selinux 9 | license = GPL2 10 | makedepends = audit 11 | makedepends = dbus 12 | makedepends = desktop-file-utils 13 | makedepends = gtk3 14 | makedepends = libnotify 15 | makedepends = libreport 16 | makedepends = policycoreutils 17 | makedepends = polkit 18 | makedepends = python-gobject 19 | makedepends = python-pydbus 20 | makedepends = python-slip 21 | makedepends = python-systemd 22 | makedepends = xdg-utils 23 | source = https://releases.pagure.org/setroubleshoot/setroubleshoot-3.3.23.tar.gz 24 | source = setroubleshoot.logrotate 25 | source = setroubleshoot.tmpfiles 26 | source = setroubleshoot-sysusers.conf 27 | sha256sums = 437033bc5dd12d625f903bd3a3fc32d1945280ed982b6a754a4d2ce59d53f0c7 28 | sha256sums = 894a75c33d568f908f0c3fa7fe4d7f82824369695194aa005fe42cf961298893 29 | sha256sums = eb7321b7db2fd8951c7ce3c7c42680fcfe7641c3d7be9e8d69a8fbb992a9d086 30 | sha256sums = fa20d1ec3522aa877fc5462d56692b318b4c8af1cd9ecb62ec41ad6647662d77 31 | 32 | pkgname = setroubleshoot 33 | pkgdesc = Provides tools to help diagnose SELinux problems - GUI 34 | depends = setroubleshoot-server 35 | depends = hicolor-icon-theme 36 | depends = python 37 | 38 | pkgname = setroubleshoot-server 39 | pkgdesc = SELinux troubleshoot server 40 | depends = audit 41 | depends = dbus 42 | depends = desktop-file-utils 43 | depends = gtk3 44 | depends = libnotify 45 | depends = libreport 46 | depends = policycoreutils 47 | depends = polkit 48 | depends = python-gobject 49 | depends = python-pydbus 50 | depends = python-slip 51 | depends = python-systemd 52 | depends = xdg-utils 53 | -------------------------------------------------------------------------------- /setroubleshoot/setroubleshoot-sysusers.conf: -------------------------------------------------------------------------------- 1 | u setroubleshoot - "SELinux troubleshoot utility" /var/lib/setroubleshoot /bin/nologin 2 | -------------------------------------------------------------------------------- /setroubleshoot/setroubleshoot.logrotate: -------------------------------------------------------------------------------- 1 | /var/log/setroubleshoot/*.log { 2 | weekly 3 | rotate 2 4 | missingok 5 | sharedscripts 6 | } 7 | -------------------------------------------------------------------------------- /setroubleshoot/setroubleshoot.tmpfiles: -------------------------------------------------------------------------------- 1 | d /run/setroubleshoot 711 setroubleshoot setroubleshoot - 2 | -------------------------------------------------------------------------------- /shadow-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | /shadow/ 2 | -------------------------------------------------------------------------------- /shadow-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [shadow] 2 | source = "git" 3 | git = "https://github.com/shadow-maint/shadow" 4 | include_regex = "([\\d]+[.]+)()([\\d.]+)" 5 | exclude_regex = ".*(dev|rc|RC|alpha|beta|bp).*" 6 | -------------------------------------------------------------------------------- /shadow-selinux/0003-Add-Arch-Linux-defaults-for-login.defs.patch: -------------------------------------------------------------------------------- 1 | From d311fe2dbfbf6ce39b02a582561592189220075e Mon Sep 17 00:00:00 2001 2 | From: David Runge 3 | Date: Mon, 31 Oct 2022 10:10:22 +0100 4 | Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs 5 | 6 | etc/login.defs: 7 | - Change `ENV_PATH` and `ENV_SUPATH` to only use 8 | /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and 9 | bin merge distribution. 10 | - Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022` 11 | while creating home directories in a privacy conserving manner. 12 | - Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for 13 | distribution added UIDs and GIDs of system users. 14 | - Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm 15 | than DES. 16 | --- 17 | etc/login.defs | 12 ++++++------ 18 | 1 file changed, 6 insertions(+), 6 deletions(-) 19 | 20 | diff --git a/etc/login.defs b/etc/login.defs 21 | index 797ca6b3..c4accbf8 100644 22 | --- a/etc/login.defs 23 | +++ b/etc/login.defs 24 | @@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin 25 | # *REQUIRED* The default PATH settings, for superuser and normal users. 26 | # 27 | # (they are minimal, add the rest in the shell startup files) 28 | -ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin 29 | -ENV_PATH PATH=/bin:/usr/bin 30 | +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin 31 | +ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin 32 | 33 | # 34 | # Terminal permissions 35 | @@ -84,7 +84,7 @@ UMASK 022 36 | # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new 37 | # home directories. 38 | # If HOME_MODE is not set, the value of UMASK is used to create the mode. 39 | -#HOME_MODE 0700 40 | +HOME_MODE 0700 41 | 42 | # 43 | # Password aging controls: 44 | @@ -103,7 +103,7 @@ PASS_WARN_AGE 7 45 | UID_MIN 1000 46 | UID_MAX 60000 47 | # System accounts 48 | -SYS_UID_MIN 101 49 | +SYS_UID_MIN 500 50 | SYS_UID_MAX 999 51 | # Extra per user uids 52 | SUB_UID_MIN 100000 53 | @@ -116,7 +116,7 @@ SUB_UID_COUNT 65536 54 | GID_MIN 1000 55 | GID_MAX 60000 56 | # System accounts 57 | -SYS_GID_MIN 101 58 | +SYS_GID_MIN 500 59 | SYS_GID_MAX 999 60 | # Extra per user group ids 61 | SUB_GID_MIN 100000 62 | @@ -152,7 +152,7 @@ CHFN_RESTRICT rwh 63 | # Note: If you use PAM, it is recommended to use a value consistent with 64 | # the PAM modules configuration. 65 | # 66 | -#ENCRYPT_METHOD DES 67 | +ENCRYPT_METHOD YESCRYPT 68 | 69 | # 70 | # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. 71 | -- 72 | 2.48.1 73 | 74 | -------------------------------------------------------------------------------- /shadow-selinux/shadow.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Verify integrity of password and group files 3 | After=systemd-sysusers.service 4 | 5 | [Service] 6 | CapabilityBoundingSet=CAP_DAC_READ_SEARCH 7 | # Always run both checks, but fail the service if either fails 8 | ExecStart=/bin/sh -c '/usr/bin/pwck -qr || r=1; /usr/bin/grpck -r && exit $r' 9 | Nice=19 10 | IOSchedulingClass=best-effort 11 | IOSchedulingPriority=7 12 | IPAddressDeny=any 13 | LockPersonality=yes 14 | MemoryDenyWriteExecute=yes 15 | NoNewPrivileges=yes 16 | PrivateDevices=yes 17 | PrivateNetwork=yes 18 | PrivateTmp=yes 19 | ProcSubset=pid 20 | ProtectClock=yes 21 | ProtectControlGroups=yes 22 | ProtectHome=read-only 23 | ProtectHostname=yes 24 | ProtectKernelLogs=yes 25 | ProtectKernelModules=yes 26 | ProtectKernelTunables=yes 27 | ProtectProc=invisible 28 | ProtectSystem=strict 29 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 30 | RestrictNamespaces=yes 31 | RestrictSUIDSGID=yes 32 | RestrictRealtime=yes 33 | SystemCallArchitectures=native 34 | SystemCallFilter=@system-service 35 | SystemCallFilter=~@resources 36 | SystemCallFilter=~@privileged 37 | UMask=0077 38 | -------------------------------------------------------------------------------- /shadow-selinux/shadow.sysusers: -------------------------------------------------------------------------------- 1 | g groups - - 2 | -------------------------------------------------------------------------------- /shadow-selinux/shadow.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Daily verification of password and group files 3 | 4 | [Timer] 5 | OnCalendar=daily 6 | AccuracySec=12h 7 | Persistent=true 8 | -------------------------------------------------------------------------------- /shadow-selinux/shadow.tmpfiles: -------------------------------------------------------------------------------- 1 | z /usr/bin/groupmems 2750 root groups - - 2 | -------------------------------------------------------------------------------- /shadow-selinux/useradd.defaults: -------------------------------------------------------------------------------- 1 | # Default values for useradd(8) 2 | # 3 | # The SHELL variable specifies the default login shell on your 4 | # system. 5 | SHELL=/usr/bin/bash 6 | 7 | # The default group for users 8 | GROUP=users 9 | 10 | # The default home directory. 11 | HOME=/home 12 | 13 | # The number of days after a password expires until the account is permanently 14 | # disabled 15 | INACTIVE=-1 16 | 17 | # The default expire date 18 | EXPIRE= 19 | 20 | # The SKEL variable specifies the directory containing "skeletal" user files; 21 | # in other words, files such as a sample .profile that will be copied to the 22 | # new user's home directory when it is created. 23 | SKEL=/etc/skel 24 | 25 | # Defines whether the mail spool should be created while 26 | # creating the account 27 | CREATE_MAIL_SPOOL=no 28 | -------------------------------------------------------------------------------- /sudo-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = sudo-selinux 2 | pkgdesc = Give certain users the ability to run some commands as root - SELinux support 3 | pkgver = 1.9.16.p2 4 | pkgrel = 1 5 | url = https://www.sudo.ws/sudo/ 6 | install = sudo.install 7 | arch = x86_64 8 | arch = aarch64 9 | groups = selinux 10 | license = custom 11 | depends = glibc 12 | depends = openssl 13 | depends = pam-selinux 14 | depends = libldap 15 | depends = zlib 16 | depends = libselinux 17 | provides = sudo=1.9.16.p2-1 18 | provides = selinux-sudo=1.9.16.p2-1 19 | conflicts = sudo 20 | conflicts = selinux-sudo 21 | backup = etc/pam.d/sudo 22 | backup = etc/sudo.conf 23 | backup = etc/sudo_logsrvd.conf 24 | backup = etc/sudoers 25 | source = https://www.sudo.ws/sudo/dist/sudo-1.9.16p2.tar.gz 26 | source = https://www.sudo.ws/sudo/dist/sudo-1.9.16p2.tar.gz.sig 27 | source = sudo_logsrvd.service 28 | source = sudo.pam 29 | validpgpkeys = 59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB 30 | sha256sums = 976aa56d3e3b2a75593307864288addb748c9c136e25d95a9cc699aafa77239c 31 | sha256sums = SKIP 32 | sha256sums = bd4bc2f5d85cbe14d7e7acc5008cb4fe62c38de7d42dc6876c87bfaa273c0a6e 33 | sha256sums = d1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2 34 | 35 | pkgname = sudo-selinux 36 | depends = glibc 37 | depends = openssl 38 | depends = pam-selinux 39 | depends = libldap 40 | depends = zlib 41 | depends = libselinux 42 | depends = libcrypto.so 43 | depends = libssl.so 44 | -------------------------------------------------------------------------------- /sudo-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # Maintainer: Evangelos Foutras 2 | # Contributor: Allan McRae 3 | # Contributor: Tom Newsom 4 | # SELinux Maintainer: Nicolas Iooss (nicolas iooss m4x org) 5 | # SELinux Contributor: Timothée Ravier 6 | # SELinux Contributor: Nicky726 7 | # 8 | # This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux. 9 | # If you want to help keep it up to date, please open a Pull Request there. 10 | 11 | pkgname=sudo-selinux 12 | _sudover=1.9.16p2 13 | pkgrel=1 14 | pkgver=${_sudover/p/.p} 15 | pkgdesc="Give certain users the ability to run some commands as root - SELinux support" 16 | arch=('x86_64' 'aarch64') 17 | url="https://www.sudo.ws/sudo/" 18 | license=('custom') 19 | groups=('selinux') 20 | depends=('glibc' 'openssl' 'pam-selinux' 'libldap' 'zlib' 'libselinux') 21 | conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}") 22 | provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" 23 | "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") 24 | backup=('etc/pam.d/sudo' 25 | 'etc/sudo.conf' 26 | 'etc/sudo_logsrvd.conf' 27 | 'etc/sudoers') 28 | install=${pkgname/-selinux}.install 29 | source=(https://www.sudo.ws/sudo/dist/${pkgname/-selinux}-$_sudover.tar.gz{,.sig} 30 | sudo_logsrvd.service 31 | sudo.pam) 32 | sha256sums=('976aa56d3e3b2a75593307864288addb748c9c136e25d95a9cc699aafa77239c' 33 | 'SKIP' 34 | 'bd4bc2f5d85cbe14d7e7acc5008cb4fe62c38de7d42dc6876c87bfaa273c0a6e' 35 | 'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2') 36 | validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB') 37 | 38 | prepare() { 39 | cd "${pkgname/-selinux}-$_sudover" 40 | } 41 | 42 | build() { 43 | cd "${pkgname/-selinux}-$_sudover" 44 | 45 | ./configure \ 46 | --prefix=/usr \ 47 | --sbindir=/usr/bin \ 48 | --libexecdir=/usr/lib \ 49 | --with-rundir=/run/sudo \ 50 | --with-vardir=/var/db/sudo \ 51 | --with-logfac=auth \ 52 | --enable-tmpfiles.d \ 53 | --with-pam \ 54 | --with-sssd \ 55 | --with-ldap \ 56 | --with-ldap-conf-file=/etc/openldap/ldap.conf \ 57 | --with-env-editor \ 58 | --with-passprompt="[sudo] password for %p: " \ 59 | --with-secure-path-value=/usr/local/sbin:/usr/local/bin:/usr/bin \ 60 | --with-all-insults \ 61 | --with-selinux 62 | make 63 | } 64 | 65 | check() { 66 | cd "${pkgname/-selinux}-$_sudover" 67 | make check 68 | } 69 | 70 | package() { 71 | depends+=('libcrypto.so' 'libssl.so') 72 | 73 | cd "$srcdir/${pkgname/-selinux}-$_sudover" 74 | make DESTDIR="$pkgdir" install 75 | 76 | # sudo_logsrvd service file (taken from sudo-logsrvd-1.9.0-1.el8.x86_64.rpm) 77 | install -Dm644 -t "$pkgdir/usr/lib/systemd/system" ../sudo_logsrvd.service 78 | 79 | # Remove sudoers.dist; not needed since pacman manages updates to sudoers 80 | rm "$pkgdir/etc/sudoers.dist" 81 | 82 | # Remove /run/sudo directory; we create it using systemd-tmpfiles 83 | rmdir "$pkgdir/run/sudo" 84 | rmdir "$pkgdir/run" 85 | 86 | install -Dm644 "$srcdir/sudo.pam" "$pkgdir/etc/pam.d/sudo" 87 | 88 | install -Dm644 LICENSE.md -t "$pkgdir/usr/share/licenses/sudo-selinux" 89 | } 90 | 91 | # vim:set ts=2 sw=2 et: 92 | -------------------------------------------------------------------------------- /sudo-selinux/keys/pgp/59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFokaiQBEADMmTjkUBpTgLLiv85lz0UGmgVj39si2Gd3RC2/qz3UmHhS0qnL 4 | 4x3LejZQOifaevT3wIgOjU+YtyHleW2lZp0a/ndtFgXHeVJTQ12Ej5NbOHBFECWk 5 | WyXj1Rv/vBopI7OxERjAjoUQLSu6nsksclYoO0pZywm+K17os1i5Qbi0djdYjHT5 6 | Asiqnef5g02a8DJzQCq37VM046gFRhnp/unJoi4iexpjH/HL4tlRO7/3pDwV6MFV 7 | WDhNcrlP6AnmSzYbFv8Nt4MsbWU0oYa1TtRmuqxn5R/Lb9i4Uj793qZz3I/cDqv7 8 | 8kd3lRJ5TbjXR1D2alhGVP6+0KWOKd5rpDSwYNojwKdVI6faJUOjRRSHGmZiNYFW 9 | p5UXDQUeFXmzEFWaXgIXbmH0SqpVkKvwhH/sn0G3ryLXnPizjM3RSmoxSzpJNTHB 10 | FGPBLd9eJ724IvF5Qigo8IdpPTZUv7EHmK2va97nH+AK7HDAPWTsOpM49CZXy1xz 11 | 9N8Be3I8ayUgMO6aVuAKpQFGEpuNGq+DCvyUOyVa5jeEf50wWHXBMPlVjdZK/46a 12 | NKmg9YyGDmZn1YIGeAc6mhW0yM/+vvz9Wof5+RHHOBbVmAI7e7Mm7gR6xLZ0zty9 13 | FdPtEvxPnzzPIBjStPxvFr3j/9maW7iJNX1c/FTqXY+VAfUy7mpvrEZrGQARAQAB 14 | tCRUb2RkIEMuIE1pbGxlciA8VG9kZC5NaWxsZXJAc3Vkby53cz6JAk4EEwEIADgW 15 | IQRZ0enMuis3ZwT901up9MAhzqRw+wUCWiRqJAIbAwULCQgHAwUVCgkICwUWAgMB 16 | AAIeAQIXgAAKCRCp9MAhzqRw+5TmEACtyNWwMIfo/0okILNHryc61nA96XznSsQS 17 | 9u5AaRN06l6dp+1ix7FrSlXvCq1Oq7kajsF8Nnq9y2r7Os9ZsZSwGF1JGTt/qBT8 18 | N+Y+pEIe7igTSxv3UJINuY2uQvR6y7GOmvMVHvLUAR48WXhS3w4UVlBfDx4UEuLF 19 | ocurDsNgqYBEv3QYORUNCVMZlJg6/d8X3KpAK+Og3V13L8NjqZ546sRZub42FjJh 20 | xNh1mKLU+Q1Y+9JmB3EMBBOTY+OAnwQJiLcW3l1RdA8d2wTQ3+CnwywJrcUm3yKw 21 | MGgPxs8+ywol9B2G5DtXYO82Flzfzb8kHQ6JRKBFVa3dz2NZt82VIIovfEl90zvB 22 | aEJVlNH/XH5qsVLYLHB/NZUwxxz573HSMW4YCQgZZWaZ0byjb27KYd6S7Tj/DV5u 23 | QvVmGcRQ7sAcJoKVG3XVlm+n5XnCWXddySOtt3XZbByIAyC5iu8LuLjCauO0sUX0 24 | L4yKnc0e4bqCglImJGZuuOL5tLYOL7Bd/RWj2uC+dpPaol6VAefGDUv8GqKa+Y28 25 | FRXKVvxcQwLYLm4DA6hYV9f/0RjjPT/8VDk/dfytydhpaDnNu1nieAa5lx3/BPYP 26 | iuLgWg4DXpfW4IIGIMaEULDOfN7xOELfbTnIru89aWc+kqdzfrMPhLwxClHg2JWr 27 | juE+BPzMXrkCDQRaJGokARAAxGZu+BKBt8rY8lF/7wQBfrqx2nlUTvdMlmUELT3e 28 | 8Gw/z7+qArjYn+Xm7TTh490KMaATKFnDol0vfvlMXre4hyCC1/+B2qjEKiUCvVhw 29 | mKQFNV3pmbugTlbdEnHuf5sbzU32HWb2x2L4jMcrN97CQq6qx65S05uo7TS7DM7x 30 | PUCrGZKeXvlQVmJv0gH3symIy2ZQoLtTYyMoaDfifKLHbQfR2WSxPy7cb6mjX1jM 31 | OD8dGGazLDGohCDpLhs4MbFTjwh1PBhFETBbAh5/ElNefpfT25w7RkPaMLiXmxTS 32 | Qu/uugldjAsz5uQ8D39TueoeFymBOUH76dM1VewNzHxZTp0GpnOfvhtleKg/870t 33 | NhLphf811g1HxeNM+W9oU5kY/dcFo71SHwuVzMSGU3QOuJmLso3epFsMfs5mDML8 34 | UT+gXZgI2gfu0VPja4ashJ6Pd+OUpH7awFNLa7CoGILpBTIN1xxUCyzk1DNkscWY 35 | CgMUobdSEi/W59iCPlrDW5tPCfIzTA06F6WhjFKoYaM9oqBM113J9j+t4FK7gkra 36 | o9ksF6eKaohNEiGJWRFJUwHf1jiHWafwZTAm1ZE9yuUksBbWrcEYdoak4CRcc1Ba 37 | ZWNd4PKn9IFoFSjbe8WAGoRLcv0sNujmN+UiQ+LesIUw3QA0YWXsN9sijUxroC/C 38 | lZMAEQEAAYkCNgQYAQgAIBYhBFnR6cy6KzdnBP3TW6n0wCHOpHD7BQJaJGokAhsM 39 | AAoJEKn0wCHOpHD7ok0QAJSNCcZAUTmQRlhncToRg6lLqwgIDx/GLYq6F/WDYn6M 40 | e2QalyUskpFX12qmJBlaMFHAus7bhbtyQBcEmPW9MY+HhItvRYXpKMbgEdxnMvD5 41 | uY+zDHiScRECH8gtZy8Uld0HiCy2aWgwt3LtVRuLu/wt5KsLq1s9zpEHQ0P9AHnz 42 | +EWFArCHCC8FatWE47zZLDLOuMSLeS7HBSheloyTwezfdzbKnyD3JVwoTID0LP2W 43 | o5FspqwYkIN93zRyTrlC6lmPR+TMzMsAeAh2kHpoV03z6isTO59jIqj1Nrai8fhd 44 | 4DyfnRBBjkoXJTPeTM+MFa1gdU2B8VJfoqG7Ti780Tg83Z4/H9EEdD/pHzI8ay6x 45 | X5ABJhDnPHTPz3fKPaxwrfOJGyCvAr8qbCVql1Dp8b3sTAlWbG/Cqz7q3NhF298o 46 | 4A1EDu5IADWKOhekdjF/dutRHMCbvJKA0q4XiZu9YVYv7yysRPTicwvN9W5z7a5o 47 | IJLCXXtetNtoFZFoUDDZjmaCA6pcbFX9FZ96b9jLNa/BKvtlCTsosJHxf9XNiSx5 48 | dW9wHuojr60wvLxVK/N2anvjEfYuVxlfcKjOHpJuOX7xAcOAVAWnNvY/vSZCvAo2 49 | azMB5NOxu2Iz3pyqARpClI6b14giASYMfWkb2Bfx2Sc44SHXcm5MxiTt51tB8i+d 50 | =vIKA 51 | -----END PGP PUBLIC KEY BLOCK----- 52 | -------------------------------------------------------------------------------- /sudo-selinux/sudo.install: -------------------------------------------------------------------------------- 1 | pre_upgrade() { 2 | # Permissions of /var/db/sudo were changed from 0700 to 0711 in sudo 1.8.10 3 | # http://www.sudo.ws/repos/sudo/rev/5c38d77a2d0c 4 | if (($(vercmp $2 1.8.10-1) < 0)); then 5 | chmod 0711 var/db/sudo 6 | fi 7 | } 8 | 9 | # vim:set ts=2 sw=2 et: 10 | -------------------------------------------------------------------------------- /sudo-selinux/sudo.pam: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth include system-auth 3 | account include system-auth 4 | session include system-auth 5 | -------------------------------------------------------------------------------- /sudo-selinux/sudo_logsrvd.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Sudo central log server 3 | Documentation=man:sudo_logsrvd(8) man:sudo_logsrvd.conf(5) 4 | Documentation=https://www.sudo.ws/man.html 5 | After=network.target auditd.service 6 | 7 | [Service] 8 | ExecStart=/usr/bin/sudo_logsrvd -n 9 | KillMode=process 10 | Type=exec 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /sync_srcinfos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Sync the .SRCINFO files with the PKGBUILDs 3 | 4 | set -e 5 | 6 | cd "$(dirname -- "$0")" 7 | 8 | find . \( -name base-noselinux -prune \) -o \( -name .git -prune \) -o -name PKGBUILD -printf '%h\n' | sort | \ 9 | while read -r DIR 10 | do 11 | echo "Generating $DIR/.SRCINFO" 12 | 13 | # For base-selinux and base-devel-selinux, updpkgsums does not work 14 | # (there is no sources) 15 | if [ "$DIR" = ./base-devel-selinux ] || [ "$DIR" = ./base-selinux ] 16 | then 17 | (cd "$DIR" && makepkg --printsrcinfo > .SRCINFO) 18 | else 19 | (cd "$DIR" && updpkgsums && makepkg --printsrcinfo > .SRCINFO) 20 | fi 21 | done 22 | -------------------------------------------------------------------------------- /systemd-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | /splash-arch.bmp 2 | /systemd/ 3 | /systemd-stable/ 4 | -------------------------------------------------------------------------------- /systemd-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [systemd] 2 | source = "git" 3 | git = "https://github.com/systemd/systemd.git" 4 | prefix = "v" 5 | exclude_regex = ".*rc.*" 6 | -------------------------------------------------------------------------------- /systemd-selinux/20-systemd-sysusers.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Target = usr/lib/sysusers.d/*.conf 6 | 7 | [Action] 8 | Description = Creating system user accounts... 9 | When = PostTransaction 10 | Exec = /usr/share/libalpm/scripts/systemd-hook sysusers 11 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-binfmt.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Target = usr/lib/binfmt.d/*.conf 6 | 7 | [Action] 8 | Description = Registering binary formats... 9 | When = PostTransaction 10 | Exec = /usr/share/libalpm/scripts/systemd-hook binfmt 11 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-catalog.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Operation = Remove 6 | Target = usr/lib/systemd/catalog/* 7 | 8 | [Action] 9 | Description = Updating journal message catalog... 10 | When = PostTransaction 11 | Exec = /usr/share/libalpm/scripts/systemd-hook catalog 12 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-daemon-reload-system.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Operation = Remove 6 | Target = usr/lib/systemd/system/* 7 | 8 | [Action] 9 | Description = Reloading system manager configuration... 10 | When = PostTransaction 11 | Exec = /usr/share/libalpm/scripts/systemd-hook daemon-reload-system 12 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-daemon-reload-user.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Operation = Remove 6 | Target = usr/lib/systemd/user/* 7 | 8 | [Action] 9 | Description = Reloading user manager configuration... 10 | When = PostTransaction 11 | Exec = /usr/share/libalpm/scripts/systemd-hook daemon-reload-user 12 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-hwdb.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Operation = Remove 6 | Target = usr/lib/udev/hwdb.d/* 7 | 8 | [Action] 9 | Description = Updating udev hardware database... 10 | When = PostTransaction 11 | Exec = /usr/share/libalpm/scripts/systemd-hook hwdb 12 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-restart-marked.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Upgrade 4 | Target = usr/lib/systemd/system/* 5 | 6 | [Action] 7 | Description = Restarting marked services... 8 | When = PostTransaction 9 | Exec = /usr/share/libalpm/scripts/systemd-hook restart-marked 10 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-sysctl.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Target = usr/lib/sysctl.d/*.conf 6 | 7 | [Action] 8 | Description = Applying kernel sysctl settings... 9 | When = PostTransaction 10 | Exec = /usr/share/libalpm/scripts/systemd-hook sysctl 11 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-tmpfiles.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Target = usr/lib/tmpfiles.d/*.conf 6 | 7 | [Action] 8 | Description = Creating temporary files... 9 | When = PostTransaction 10 | Exec = /usr/share/libalpm/scripts/systemd-hook tmpfiles 11 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-udev-reload.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Operation = Remove 6 | Target = usr/lib/udev/rules.d/* 7 | 8 | [Action] 9 | Description = Reloading device manager configuration... 10 | When = PostTransaction 11 | Exec = /usr/share/libalpm/scripts/systemd-hook udev-reload 12 | -------------------------------------------------------------------------------- /systemd-selinux/30-systemd-update.hook: -------------------------------------------------------------------------------- 1 | [Trigger] 2 | Type = Path 3 | Operation = Install 4 | Operation = Upgrade 5 | Operation = Remove 6 | Target = usr/ 7 | 8 | [Action] 9 | Description = Arming ConditionNeedsUpdate... 10 | When = PostTransaction 11 | Exec = /usr/share/libalpm/scripts/systemd-hook update 12 | -------------------------------------------------------------------------------- /systemd-selinux/arch.conf: -------------------------------------------------------------------------------- 1 | ## This is just an example config file. 2 | ## Please edit the paths and kernel parameters according to your system. 3 | 4 | title Arch Linux 5 | linux /vmlinuz-linux 6 | initrd /initramfs-linux.img 7 | options root=PARTUUID=XXXX rootfstype=XXXX add_efi_memmap 8 | -------------------------------------------------------------------------------- /systemd-selinux/keys/pgp/5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5s 4 | oJjlMyfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2 5 | Cjk3xUwAynCsSsgg5KrjdYWRqLSTZ3zEABm/gNg6OgA5l6QU+geXcQ9+P285WoUu 6 | j0j7HN6T217Bd+RcVxNWOMxsqx+b0rjWa8db1KiwM95wddCwzMPB2S/6IswD1P8n 7 | VfGnkgp7pfoTyMuDkVU6hmO5RHq9M26eNoQ4sJZuXe5YjODnjgxkKKilFLY8hUkj 8 | wa1VPrx4QnTwzIn16JlUO03At9tpe+9SnShDV0cBlHxo3DhnHmCPWJ0HquLGpdDV 9 | i8d9tn0nlit96z9Svb9ii6Uq/J8zR1Bp+hxCMN/ON1c4U+cf1jfADPO5c3KV89y5 10 | wvvQvzjTjuzVolR4ZZmkNSql+4vspo94JrssymEv9WWiMJyOjN50QhLbgmWiuzYj 11 | odZiL0CTB4MAC+hTrDZrZfyAnbAttBLfNWd/jcdK+AGVRXtqU997sZPzj8z3b7v2 12 | N5YJqgm2aQTiDehtHtHDJ8rKh7kcsssnhzzoZluTKl96JHgllFWUC6sedAFVxHDm 13 | b7cxb+Sr0krwbt22is+41gPCuoz1MRKwQYQPTYgcCzX/PzyOHj6KEYZCIQARAQAB 14 | tDBaYmlnbmlldyBKxJlkcnplamV3c2tpLVN6bWVrIDx6YnlzemVrQGluLndhdy5w 15 | bD6JAjgEEwECACIFAlBHPMsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ 16 | EMVMozbP61V+T80QAIHvIeDdKKrqiN98ob+aNe4McpqXWgiLoDMWaxQ7R8K+2Uia 17 | HMn2J6abhKidvUr7mnixkyBZaRxi1JiT8uzX4HTQ3B/UVJgf2QiRHRvZpdSVn7O7 18 | OF0u4SqH6BEw5UaA30hMWtgz7m6aXSAN1aitd4efgKjBYKtfsHJ63HhFrpJyIyOG 19 | g0eLGObXJxjW04cUbzPoCoNuFcpphzW3WhdaJ5PXblfjNxWxKzwvAzRhevDjrrKU 20 | 4jARNAIkLUMi4gUoC+7th6ATGWjYV8iOvju1cLExn8ktYMZl+BhbkYiRMddMZaZ/ 21 | nY2T2SqQ8kkEXJyY6SNtd/BWuCPyt0RlTgPSK4SK9JGArVJ/PSXJrn53JUl1MUc4 22 | /75JE2KEBPkN4jQpeshlPfm0mzo/+opyi6iyVnPTZT7m7r9P7Vxc18J+IlPdfl0w 23 | s0YPnR+0oUvo370zoNqqhJ9aNU+5d4VCPUHVIvEWEF3MHuXHKq0mnnI/4jJMvZn3 24 | 0+okZZfYABYXkMZVTA0XprkIxZm38X9s/uw886xvMqPh8fhqpVdTHD5/2h8ahkMM 25 | G1zKs6W6gCfM7gYh+BT37Ce1szo/7RHtbvYq5BTwcWXhpSKzywluRe6rYUPJ0MCZ 26 | 17Jk6AXStD1aRYS6rCykryRL0OvMz/4Gd8f+dcQjg5Si23mAj8VJtyrX1MaXuQIN 27 | BFBHPMsBEACtDR2e2G4uL/MKtDsJu3cwQFlK9kmGEX4UqePBc29xn1BTfU6o1Y4p 28 | AXRoLrGvXuVruOwznNdkpjF8kb1BpO/li8qNU6LKyv2n9Hyg0bxRQA24TVC4bF4m 29 | fdqaGGYLqxe3iXI/TRmhsmiSg7WoEWxj0NEaEjydTAieT4kz2ASCYtnzhGM8iS2T 30 | e+scUXYcGNyE2nPjiacJGiLeKiOj21+j6sICTrKX8TAcXSU7btPEy2IIocxBoxZe 31 | Ofp0rNw4293cLVu0kEasB4h43lE1Uax7JYX1q9LC4TkqLaLDa3YyDGvK2FOPNNIr 32 | sKcoYG6Y43DcmaSPZCJ1ApVvoxPct7UI+EYy9VBu3wwY0obRadweXSNgscZZNvEx 33 | ZgdjRXJypv8A9A+nvc2xBMWw/9fAlHzrpjds+3Z2RxbGC4Qav/sdP0WqQZ8xo5U2 34 | YPxBSHwWCjSxvQWcoDLLOgMlB05oheR2g1VDk4QA+AXDwmxurpvJLh/fyX3mi7nP 35 | VUynTLV/UeWaXbZneh+mT3Lc1ZVYnntSoZv7aYQqnA+a2ajm08lVMmpb5v8L7Zia 36 | dvW2xptVATlWI1DeBTyNwZYyx7GuUsfFTSyQJixtjuWim0acpqNUp8z6TgXj02Ht 37 | Rfk9SwzvBCgJT5mWoGlSu04FR/0pn5ReVCM8RSb6/HOROnrfswGeGQARAQABiQIf 38 | BBgBAgAJBQJQRzzLAhsMAAoJEMVMozbP61V+qg8P/1BuLn6+bVgDdye37GV4kXSV 39 | xB5SQZj8ElwTj+daWq8ZEIoZ0ySyRz2uC7Haeh5XulF1hj13AYfM4Ary9Whx9hCQ 40 | 98D4+JK5eiagBuSpIApCkQk+jj44q7VKLanyZV0kWRNBSfr0TnE6GoBSL1gTjpsq 41 | t/mUR2R5zgCE59Ex4HHBwvosIcXgGopbPGNtX9S4Rm7f2wWOSdXGc6pfnuFsVtkb 42 | k8z+uITyK3WX+jHiW5JRgyHWaFyYqwDjds8q0LkmIL80scPa3sEl9QzfT7+7xqcv 43 | iKfemg6XgCwYmSOhPHSK/E6MIC6Wb4QY6H3ixCuMfaic6AsB4sH4vFPoPnJWmIGm 44 | QlU3L1UJz4VNvzCaClaxWPa5nZZAWyFRMof4VtO2Q1LTZa6NQbGNFRRLPDBXpcOq 45 | CNicjZjSaHO9Zxp/V+9W9GgH6u7i/eAnxifwUFvN0BfkwbDnp4BNyvyA+fpZ4oPW 46 | InygfP1P/fvALssBvJjo/q6eZ4b5O11Ut/13JzO4IYNISK8uKnt5AbU9YUnSKClg 47 | 1MtTRlBCD3v+UYy102F7p8rJnVTHelfgmjP9UPhP7AUwZ0UQYq9QypNeoRvR4GjL 48 | /3Yz53yHFeYaN/lBglm4jNQOmHTQSibvz8lx8ALGbLxTaUr8j+UG4Gu2z3tFpYo0 49 | NHq9Ahd8L7JVIsbKtcoP 50 | =a25g 51 | -----END PGP PUBLIC KEY BLOCK----- 52 | -------------------------------------------------------------------------------- /systemd-selinux/keys/pgp/9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBGJ+vc0BEACRcuRdhpQCw4ccAwirgpN3RYkaOX4F1lgz+mhBGvIAm5pr3GKD 4 | pQ+dV+68ehvflL7rkxDpXFXAKIcaZSQlMPidi+w04iM7Vlz+3tPXeCbMRSNvrbDE 5 | MBWuDizGXPU8+5iA+hcuuuKqJ9EkHzPXRv+JJdy1CYOptwz24L3jwLGs2y3ESe0o 6 | Vc+co9d71FUOGtixpSoKiSI/cYr16xLC3rPsRogvSm/Pn7SLbFQLWUH9arWJLYIn 7 | q3/h30npK+jsLX1Q+fu6GA5cY6e3yljrHv2QX2Guo/8uyxvHx0UI+F2WK87embz4 8 | lOgpITgU7gAgNwIkSpVpt06GvH74xqWfyIFuDB0E9uOnAyyXzcYQc869O7Abb46a 9 | +axN2a3G1//lj0pcU9mxUUSbcReNLiGjkh8alTQs+UupVozzdKPIoQjdorqQEtWG 10 | IyEkwgscGAL7ByWS+sEYzWdUFdHlMA9uLiBqWf06zN1Nay9LdyUfQWLBFBlHeJJL 11 | SIAPXCfCbRhdIYnBbdv155aclPDoS+RoIL+CDXDlBW4NSm1UgcCjgjfYV6bc4wfl 12 | pY/esUhXmZLUe3xxWk/rIovZyBgS+P8GS0/BrZD5BGzSnJdVouHbjiH0NU2ug57L 13 | fLkQB8yV2AXYEh7AfxiO1OW+NPgAQ3web4fxnH/zpV6n4j0654p7HgDcyQARAQAB 14 | tCpZdSBXYXRhbmFiZSA8d2F0YW5hYmUueXUrZ2l0aHViQGdtYWlsLmNvbT6JAlIE 15 | EwEIADwWIQSad02125lsFU67+/2gCZoY4pMm4QUCYn69zQIbAwULCQgHAgMiAgEG 16 | FQoJCAsCBBYCAwECHgcCF4AACgkQoAmaGOKTJuHbdw/+KvzX2M/d7A8ethhtNSZ4 17 | kiDTC1AGS2zqpJJQLmvtZveWZ5U5zYH1a//ju6Giyq071KCxeZ3Fa2yiXLPXtjDy 18 | ao3hIAPFTtWgEOlRgpzO/iRFwx6ihUbiW2LIa+LoKeivH6EV4AwCSAbrUEQ5nXih 19 | yvVie6uyZ+qS9END62atSXqfue1k+QNNFvtyqVTSKnrFgXcH/C1c0aA/s/ByGNVX 20 | XKRslmnVqqwxR2OHMRrOnNubgQYlgAjelgoiohzsgus7YzdkUXfQ9CN2B2gajxsp 21 | xznt7HJVRjwugkvPIDLsQfEA2typHViOxijaJgohOz5l87v9hKppc/BLj28/jC0o 22 | EyafbubBUmYiCV65UgL/PCfTXnHraS4xZDs+dwaq2X4Ba0XBHO2BnIT/kdIoUN7R 23 | gyf9qzVst4/p/O5G9U5nOG3H6yGQ0Q1Smyb9gR7n8pkZEv+96Br65FrM2SXcBc5g 24 | iifuW0Kfsqp0OVBNSbVBiIQ5spfQc3SzBAgj0TmG2doxyJvErAfsJPzWeVnMNAsc 25 | qCDXBx1y6Mib79xE9iqeDz+c3S9ZsOLDmBkVNh5jjRJj4HL1D3g2W+w6Y/qvdycv 26 | OH+pWMycmJVYri74LJbWMBFQysGqv9DjjZb6yajK3Na3Kv96HsE+37V2qFYVB97I 27 | 50uFPxH6BZlz91NepqS4nhy5Ag0EYn69zQEQAKr4PhfbF1Z5todAQEV2koIk1Yvx 28 | /K3eDI/JnmXc/x65Abhvt0LUC0ukWvAcuusffOk8BpSA4YNT3fOL2CdnAkP3lWKy 29 | YZeHtd4sjxR6zMUOPV62oTSTt8RmZ4alWXP2b0pW7/cKt/Dz/WRYbk0XFOffuCiZ 30 | OQ4aqc7e+YHwB/YkVs9R14ID5Tio6Pg/wz1zmSkJhmesN+hxJixa9I9V/qyfJhRr 31 | XCZh5NCAGMnKFSFtub6J35zlXa4DEFi78z2sHkK6cdw/rEeWvSewaBZukBKDWdhN 32 | zOkLcg0Z84I/Ds3sXM74NRVZTRxLMKCCjWJrOhBrFAFaOh/2SEIoURwvJuj0uC/Z 33 | q8+QNX87weFFaSSawwy4X3Px+zRl9wpqNlMPZuZKi68F8AMeUmIxo7WL886UBeZ+ 34 | /wksoj/6t6bCIZwMNNsS8Jg5d7KrIeORjDMi6iNzafDXArMWIPkimg+xlppFnJLU 35 | 1+jMXjdixgl2va8wp2btTxCKYy8ICKC2lqB2DpFq0/CcBdSyI+ao4c5S3Kvv9rRV 36 | CKbGKNAtqWATztpcOv1RjQ94UKWGi0iJKPBRh+mVoIOXQWiYmpv+8kpY9/bsK+lr 37 | p6RrCwvlbD0PUWJM6e6X3OSV8mVPGNpjdLlK5iuVedHU+ONyVqlAl4l5slYYz6U5 38 | qgG+EiBk6etuqfEdABEBAAGJAjYEGAEIACAWIQSad02125lsFU67+/2gCZoY4pMm 39 | 4QUCYn69zQIbDAAKCRCgCZoY4pMm4e/yD/93SEVwimmAy0qBILAj6jUSkVddea60 40 | e4IQv1Xp5sbY+8JdGB7REakFAHOvwRhv/RYV+l0UBscW+u5j1JG4dvgpBCdDGAy9 41 | M35kVof9OdMQCxmUJO5D7wU7bENS+9JgjuM7NHHddzmFhTagAhAInCNSvlnZaTBZ 42 | KSBS880WZH28F3GJrmSJzZd2OpjcKFqzCmM6HwvxFimUhr4S4/5awduW3zMjQoyv 43 | +kJgKZWKUtS97UdnPK8BRANfbjeXDn70ao7TebJm0DaNnB0UddkQMbnYpZOTqEPD 44 | mJ39Ugc8tk3cw5EqHwD9H9yhsbVBEJmOTaMd6WjgcVN6PNs1So+7TveSh66Jj2l3 45 | A4zGhPP+CuRD+ZXZHdNwsvIYVN4No1UGgXUs23gRtP2hwtT1t2hCXAJYVE4sD4D6 46 | didtR9JVb46psxfTANexe5S/uzqMZ9bJsg54dxFhhw0wZFhptNEmSUjfDTvlD9Rk 47 | uil3324HFVAm7ZrefiP+NGPqj/FTc4ZKThhyoPNQRhbANFvNfD3+EYiqDXCkkkkv 48 | p7HR47nbhzl7RC/y7QY7OFkeNRdgZyOvaaizwuxuncoejPcivjGQ+KbRvG2c0Kr/ 49 | D+ZeTj9fkqce3cHVkxqFEcx9e8Ps0jwd6LRqQ04zRtFTJxK5ac+e+dtDW5hrwGFA 50 | HcRCOxTr2xTemQ== 51 | =+88M 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /systemd-selinux/loader.conf: -------------------------------------------------------------------------------- 1 | default arch 2 | -------------------------------------------------------------------------------- /systemd-selinux/systemd-hook: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | skip_chrooted() { 4 | if systemd-detect-virt --chroot; then 5 | echo >&2 " Skipped: Running in chroot." 6 | exit 0 7 | fi 8 | } 9 | 10 | systemd_live() { 11 | skip_chrooted 12 | 13 | if ! systemd-notify --booted >/dev/null 2>&1; then 14 | echo >&2 " Skipped: Current root is not booted." 15 | exit 0 16 | fi 17 | } 18 | 19 | udevd_live() { 20 | skip_chrooted 21 | 22 | if [ ! -S /run/udev/control ]; then 23 | echo >&2 " Skipped: Device manager is not running." 24 | exit 0 25 | fi 26 | } 27 | 28 | op="$1"; shift 29 | 30 | case "$op" in 31 | binfmt) 32 | systemd_live 33 | /usr/lib/systemd/systemd-binfmt 34 | ;; 35 | catalog) 36 | /usr/bin/journalctl --update-catalog 37 | ;; 38 | daemon-reload-system) 39 | systemd_live 40 | /usr/bin/systemctl --system daemon-reload 41 | ;; 42 | daemon-reload-user) 43 | systemd_live 44 | /usr/bin/systemctl reload 'user@*.service' 45 | ;; 46 | hwdb) 47 | /usr/bin/systemd-hwdb --usr update 48 | ;; 49 | sysctl) 50 | systemd_live 51 | /usr/lib/systemd/systemd-sysctl 52 | ;; 53 | sysusers) 54 | /usr/bin/systemd-sysusers 55 | ;; 56 | tmpfiles) 57 | /usr/bin/systemd-tmpfiles --create 58 | ;; 59 | update) 60 | touch -c /usr 61 | ;; 62 | udev-reload) 63 | udevd_live 64 | /usr/bin/udevadm control --reload 65 | if [ ! -e /etc/systemd/do-not-udevadm-trigger-on-update ]; then 66 | /usr/bin/udevadm trigger -c change 67 | /usr/bin/udevadm settle 68 | fi 69 | ;; 70 | 71 | # marked with 'systemctl set-property ... Markers=needs-restart' 72 | restart-marked) 73 | systemd_live 74 | /usr/bin/systemctl reload-or-restart --marked 75 | ;; 76 | 77 | # For use by other packages 78 | reload) 79 | systemd_live 80 | /usr/bin/systemctl try-reload-or-restart "$@" 81 | ;; 82 | 83 | *) 84 | echo >&2 " Invalid operation '$op'" 85 | exit 1 86 | ;; 87 | esac 88 | 89 | exit 0 90 | -------------------------------------------------------------------------------- /systemd-selinux/systemd-user.pam: -------------------------------------------------------------------------------- 1 | # Used by systemd --user instances. 2 | 3 | account include system-login 4 | session required pam_loginuid.so 5 | session include system-login 6 | -------------------------------------------------------------------------------- /systemd-selinux/systemd.install: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sd_booted() { 4 | [[ -d run/systemd/system && ! -L run/systemd/system ]] 5 | } 6 | 7 | services_needing_restart() { 8 | systemctl list-units --state=running --plain --quiet 'systemd-*.service' \ 9 | | cut -d' ' -f1 \ 10 | | grep -Ev '^systemd-(logind|networkd)\.service$' \ 11 | | grep -Ev '^systemd-.*@.*\.service$' 12 | } 13 | 14 | post_common() { 15 | systemd-sysusers 16 | journalctl --update-catalog 17 | 18 | if ! grep -qe '^/usr/bin/systemd-home-fallback-shell$' etc/shells; then 19 | echo '/usr/bin/systemd-home-fallback-shell' >> etc/shells 20 | fi 21 | } 22 | 23 | post_install() { 24 | systemd-machine-id-setup 25 | 26 | post_common "$@" 27 | 28 | # enable some services by default, but don't track them 29 | systemctl enable \ 30 | getty@tty1.service \ 31 | remote-fs.target \ 32 | systemd-userdbd.socket 33 | 34 | # group 'systemd-journal-remote' is created by systemd-sysusers 35 | mkdir -m2755 var/log/journal/remote 36 | chgrp systemd-journal-remote var/log/journal/remote 37 | } 38 | 39 | post_upgrade() { 40 | post_common "$@" 41 | 42 | if sd_booted; then 43 | # reexec systemd system instance 44 | systemctl --system daemon-reexec 45 | 46 | # reexec systemd user instances 47 | systemctl reload 'user@*.service' 48 | 49 | # mark systemd services for later restart 50 | for UNIT in $(services_needing_restart); do 51 | systemctl set-property --runtime "${UNIT}" Markers=needs-restart 52 | done 53 | fi 54 | 55 | # show for feature release: 255 -> 256 -> 257 -> ... 56 | if [ $(vercmp "${1%%[!0-9]*}" "${2%%[!0-9]*}") -ne 0 ]; then 57 | cat <<-EOM 58 | :: This is a systemd feature update. You may want to have a look at 59 | NEWS for what changed, or if you observe unexpected behavior: 60 | /usr/share/doc/systemd/NEWS 61 | EOM 62 | fi 63 | 64 | local v upgrades=( 65 | ) 66 | 67 | for v in "${upgrades[@]}"; do 68 | if [[ $(vercmp "$v" "$2") -eq 1 ]]; then 69 | "_${v//[.-]/_}_changes" 70 | fi 71 | done 72 | } 73 | 74 | post_remove() { 75 | sed -i -r '/^\/usr\/bin\/systemd-home-fallback-shell$/d' etc/shells 76 | } 77 | 78 | # vim:set ts=2 sw=2 et: 79 | -------------------------------------------------------------------------------- /ustr-selinux/.SRCINFO: -------------------------------------------------------------------------------- 1 | pkgbase = ustr-selinux 2 | pkgdesc = micro string API for C with patches to make it work with gcc>=5.1 3 | pkgver = 1.0.4 4 | pkgrel = 4 5 | url = http://www.and.org/ustr/ 6 | arch = i686 7 | arch = x86_64 8 | groups = selinux 9 | license = GPL 10 | depends = glibc 11 | provides = ustr=1.0.4-4 12 | conflicts = ustr 13 | source = http://pkgs.fedoraproject.org/repo/pkgs/ustr/ustr-1.0.4.tar.bz2/93147d9f0c9765d4cd0f04f7e44bdfce/ustr-1.0.4.tar.bz2 14 | source = 0001-Fix-the-prototype-of-ustrp_utf8_valid.patch 15 | source = 0002-Mark-inline-functions-as-static-to-fix-build-with-GC.patch 16 | md5sums = 93147d9f0c9765d4cd0f04f7e44bdfce 17 | md5sums = d01d97898f4c3b33a87c06e602ca9409 18 | md5sums = 9e7830ea74ff2f24f9b029746e883f3e 19 | 20 | pkgname = ustr-selinux 21 | 22 | -------------------------------------------------------------------------------- /ustr-selinux/0001-Fix-the-prototype-of-ustrp_utf8_valid.patch: -------------------------------------------------------------------------------- 1 | From de0204c2e353fbcf415cdb94dff17229835756c8 Mon Sep 17 00:00:00 2001 2 | From: Nicolas Iooss 3 | Date: Sat, 30 May 2015 10:51:04 +0800 4 | Subject: [PATCH 1/2] Fix the prototype of ustrp_utf8_valid 5 | 6 | As ustrp_utf8_valid can be inlined, use USTR_CONF_EI_PROTO instead of 7 | USTR_CONF_E_PROTO. 8 | --- 9 | ustr-utf8.h | 2 +- 10 | 1 file changed, 1 insertion(+), 1 deletion(-) 11 | 12 | diff --git a/ustr-utf8.h b/ustr-utf8.h 13 | index c22b6bb95302..522509436862 100644 14 | --- a/ustr-utf8.h 15 | +++ b/ustr-utf8.h 16 | @@ -32,7 +32,7 @@ USTR_CONF_E_PROTO 17 | size_t ustr_utf8_bytes2chars(const struct Ustr *, size_t, size_t, size_t *) 18 | USTR__COMPILE_ATTR_WARN_UNUSED_RET() USTR__COMPILE_ATTR_NONNULL_L((1)); 19 | 20 | -USTR_CONF_E_PROTO 21 | +USTR_CONF_EI_PROTO 22 | int ustrp_utf8_valid(const struct Ustrp *) 23 | USTR__COMPILE_ATTR_PURE() USTR__COMPILE_ATTR_WARN_UNUSED_RET() 24 | USTR__COMPILE_ATTR_NONNULL_A(); 25 | -- 26 | 2.5.2 27 | 28 | -------------------------------------------------------------------------------- /ustr-selinux/PKGBUILD: -------------------------------------------------------------------------------- 1 | # $Id: PKGBUILD 100295 2013-11-02 08:51:09Z spupykin $ 2 | # Maintainer: Sergej Pupykin 3 | 4 | pkgname=ustr-selinux 5 | pkgver=1.0.4 6 | pkgrel=4 7 | pkgdesc="micro string API for C with patches to make it work with gcc>=5.1" 8 | arch=(i686 x86_64) 9 | url="http://www.and.org/ustr/" 10 | license=('GPL') 11 | groups=('selinux') 12 | depends=('glibc') 13 | conflicts=("${pkgname/-selinux}") 14 | provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}") 15 | # http://www.and.org/ustr/$pkgver/ustr-$pkgver.tar.bz2 is no longer available 16 | source=(http://pkgs.fedoraproject.org/repo/pkgs/ustr/ustr-$pkgver.tar.bz2/93147d9f0c9765d4cd0f04f7e44bdfce/ustr-$pkgver.tar.bz2 17 | 0001-Fix-the-prototype-of-ustrp_utf8_valid.patch 18 | 0002-Mark-inline-functions-as-static-to-fix-build-with-GC.patch) 19 | md5sums=('93147d9f0c9765d4cd0f04f7e44bdfce' 20 | 'd01d97898f4c3b33a87c06e602ca9409' 21 | '9e7830ea74ff2f24f9b029746e883f3e') 22 | 23 | prepare() { 24 | cd "$srcdir/${pkgname/-selinux}-$pkgver" 25 | patch -Np1 -i ../0001-Fix-the-prototype-of-ustrp_utf8_valid.patch 26 | patch -Np1 -i ../0002-Mark-inline-functions-as-static-to-fix-build-with-GC.patch 27 | } 28 | 29 | build() { 30 | cd "$srcdir/${pkgname/-selinux}-$pkgver" 31 | make 32 | } 33 | 34 | package() { 35 | cd "$srcdir/${pkgname/-selinux}-$pkgver" 36 | make DESTDIR="$pkgdir" install 37 | mv $pkgdir/usr/share/doc/man $pkgdir/usr/share/ 38 | } 39 | -------------------------------------------------------------------------------- /util-linux-selinux/.gitignore: -------------------------------------------------------------------------------- 1 | /util-linux/ 2 | -------------------------------------------------------------------------------- /util-linux-selinux/.nvchecker.toml: -------------------------------------------------------------------------------- 1 | [util-linux] 2 | source = "git" 3 | git = "https://github.com/util-linux/util-linux.git" 4 | prefix = "v" 5 | -------------------------------------------------------------------------------- /util-linux-selinux/60-rfkill.rules: -------------------------------------------------------------------------------- 1 | KERNEL=="rfkill", GROUP="rfkill", MODE="0664" 2 | -------------------------------------------------------------------------------- /util-linux-selinux/keys/pgp/B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBE6StA4BEACp9++Y+DgbBloJEuVhsDjDIvAR1n/aHPDyPQQzg/DkKtR3BXHn 4 | dGfTL9/DR8y9YzLNwUf2lWsEAvwHZ2XfUTp5S5nVbgpAB0/Q2ebP0TnkNYaRkxq7 5 | VJF+kvUcA6hxYKYcIos2kJyfVytPE6FpFBqlgTmjcCTx4HHwePkVTVRyotOoA2V/ 6 | UUwixgkyG7aVfy4QBKHAkATpTPC4l+ISaOHKUiajxRoa99rpmBPl4FhIw3b5rPYA 7 | 26q9Pz8q1AwbXA1PXxzwKVqqfwEkl6sxUVKiM8rUuhic2lnDMIXexNMvqznpFqtB 8 | v7n+z/5N8RbB1DQjWpy/Z7OW6yyYXW9e33c6IgU5n46rIyTPYyzq3mDfOsJdvoG/ 9 | nhF7VUkGDPYWfmx9ejvpKdoNCQ2q+MVp20msntcETcOq1r9SJwNXcsx+I/3ptbtX 10 | Q+MQyA1L5FifkpA7+akITF5luOqUb2TToEBLiF/nn8y0sIUa/HGgcUrK2N9E1VNJ 11 | tcIt/z0sZJUHYC+EBh/G0UNt9tRwPdnUks5sua1sCquXnkd9IS0Kr3Kq/C6JOKzz 12 | UDGdFKVc6wExf70hX5h0g1kkypyjNwipGSdk+qVXO0IF/tKMToa8WZqoK3enzryI 13 | Kmdq7IQ0ThdTTTC1ctVk4367/30prpNHF4/642G0OOiQCzWBrb0V217HvQARAQAB 14 | tBtLYXJlbCBaYWsgPGt6YWtAcmVkaGF0LmNvbT6JAlUEEwEIAD8CGwMGCwkIBwMC 15 | BhUIAgkKCwQWAgMBAh4BAheAFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmRkpsEF 16 | CSid9bMACgkQ5LcdXuw5woSvFA/+LYBDPSubYZF4lS8lNlWwRNe1gP9VrCkaF5mb 17 | Psx7cV8eHQICR/QJD7WDSIHlnfaBCmNelwGRc76PB23Huvq8xwvTYiQDWdqIN4Vl 18 | gDLqSganq53poN1BNBFRP6ubsdGjHlSYH+ygf8XXL/h+/b9Ud61eb43XQ5sUhFQU 19 | kEZEiJ26rCwOQWnlyJBMzo0axwW55qKoMmNjcwtRrB5kW7QDZ8BHVZiEqVrjJxQh 20 | 0NpwrjlFdRZ8Ak+/3Iz1UOIJl+p0+5sjx6iY7Xy7oKP28msdLcqRy/o58A+IHGQ1 21 | Y5DeeosNkatnT9+7TQdAxJdJzuLpH9WTmXyIoG1DP8p2A2fjvLpYMEomWKYBb6ci 22 | 1MZaI1Kdw9BX3xfaI0OhRDArLN0Nu630jTLafwf+jv8OtNEtb2BnbHWIrQw0rRc7 23 | 877VRu7wmyTroj5IJthuEVr+NWw9RqCMljO/SDoR3GzE+2xSvKQlZU//vIBdHiVV 24 | u4IbKhHlYELFMiqmNWoqlTFwstpP+TgYYtwf0Xuhv/1Y7PezI8Zvp8/pjYwmjCg6 25 | CdtTZMSonFBmMuA5hA/5Eg2KEwplHUfz/XgCe4wNv21tnvUY7QuHU2ZvlInEFACM 26 | /4L1cIz7/PmQke7z7WvXP0d2pCMtfTra0RqH1nneNgq0VAhGnyI5qpK+n+hSYTqV 27 | 3VQNNQi5Ag0ETpK0DgEQAMbkeKd3rViqhdcei2tok7Z6Ow+LLcHFJlNB634gk7m3 28 | JRFJdUi/5m5X8wFFL/zx+QEvacekrlsG0lPXUPZkRKbOJlYaAy1lFXi9rd+HcZox 29 | 5V2LmlemY9mnh8FzrQXeIIp93VXz/VrPCJxm12FOmGRzo7sRMKvbjQ6smg6C+KVu 30 | m/xa5XCGN8Q4vYPAohMrq3NtrVVJxeJ6EOGFOyw/XhFCIf85wwW6IcIcl4dA4f2S 31 | 7h/OpPb+XHFKjiQxYpHZWyVbXt/dmvdm+tuL9vxQT/dP9GyhpCfaaX0F8OIyA3BP 32 | iXYguUTselkx8PZYA/qK0YeiVx1uE1qPEAwd0/m3rjNJ3AqYHwBu4ijudswq4kyI 33 | 92Q5L/zHdgdGV7hYQR5FZMRyrLOqQyowKoovFzhIK5Iy/6KeAOsev53m6y4yVCNP 34 | xzvU8iKmX06kzwmSXwIjZOhUXbTCKNg6h/hP+OM5tiJmTUpyqoqFDMxcSEoK32Er 35 | kBooyrkGK5uVL9DkRenNxGBWYb5Iwd2FQ0s3uCKUXHn3f0S/7fpM0T9/rqv1qIX5 36 | ZuIjVXUkazQthXIXPCYUwKBBSyfKrIBE1EScvKx0sT3w8NI7YRLG70E7uRO+U/Sr 37 | mn4wpCJiP+znBKpfDwQMJIEf27T8VCKDJXRr4nvRZlk2l2LnCr6pVnXosQ1B3G0r 38 | ABEBAAGJAjwEGAEIACYCGwwWIQSwxk0UMBzG767fYOTktx1e7DnChAUCZGSnpQUJ 39 | KJ32lwAKCRDktx1e7DnChJ0gD/wOsq5mWpoSvBmhI/Xa4WOl2D9ltYYJxrQpdTd+ 40 | IhUuQUCZle/z6dSO2jsrpcvnwn3OHBQguvX8vzBr2qFeQDjrAbZ4V76teY2Zg+5o 41 | HFy21TlCFrNeFLrk4m8PyCrfQVoQ55ESLPUBp0qK5VLzKjFAHD7+Z90bEie6IGUc 42 | rJyUokTNc7hSWsQk96rAENE6cxCgsEGZhtsS41iBZ4lkhkaVfpPj/yxiiOFw101N 43 | G1PXq+EAJ6iaIvBbNiy+AI9EFVAkX6uMM8INely0HAn/H3/hc/xADiUFolPiIEwK 44 | E04L/8KHVH5vn007kUeMD4DecvL+8XYyT18+jH/Hvpai610uWwfBP50HoKa9A8JD 45 | ppBZaqBGzeNvCMUWU6rxyLoNOeJduUwFTh3mUesBoF7Iqdpe1CphuUlOKWUYY6Jq 46 | ZEZ7oQN630z0QsLzr6YZinnnfMbO9xNktfJPBMju6UPmOHfYI/zJFRe5VTqvG8w3 47 | SxJVriqs75jFpGqSC/a7IcW3j2FeVQ66sAcik4XRA9JO7SpsTJtebAw0tQ8nIkIj 48 | ekmNJnNAlIKOnisKca9QRzuUn5HNPl8UDeN9KjxsFkmDMEkRSuijpLEFe+66bkjP 49 | NdEeAGQJbiXWb1z9vHHQpDPKMXhK18D5PBnLDIl8iFnpDE+M088Xnavf9eYapj2k 50 | Zh9rvA== 51 | =cevX 52 | -----END PGP PUBLIC KEY BLOCK----- 53 | -------------------------------------------------------------------------------- /util-linux-selinux/pam-common: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth sufficient pam_rootok.so 3 | auth required pam_unix.so 4 | account required pam_unix.so 5 | session required pam_unix.so 6 | password required pam_permit.so 7 | -------------------------------------------------------------------------------- /util-linux-selinux/pam-login: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth requisite pam_nologin.so 4 | auth include system-local-login 5 | account include system-local-login 6 | session include system-local-login 7 | password include system-local-login 8 | -------------------------------------------------------------------------------- /util-linux-selinux/pam-remote: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth required pam_securetty.so 4 | auth requisite pam_nologin.so 5 | auth include system-remote-login 6 | account include system-remote-login 7 | session include system-remote-login 8 | password include system-remote-login 9 | -------------------------------------------------------------------------------- /util-linux-selinux/pam-runuser: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | auth sufficient pam_rootok.so 4 | session include system-login 5 | -------------------------------------------------------------------------------- /util-linux-selinux/pam-su: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth sufficient pam_rootok.so 3 | # Uncomment the following line to implicitly trust users in the "wheel" group. 4 | #auth sufficient pam_wheel.so trust use_uid 5 | # Uncomment the following line to require a user to be in the "wheel" group. 6 | #auth required pam_wheel.so use_uid 7 | auth required pam_unix.so 8 | account required pam_unix.so 9 | session required pam_unix.so 10 | password include system-auth 11 | -------------------------------------------------------------------------------- /util-linux-selinux/rfkill-block_.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=RFKill-Block %I 3 | After=rfkill-unblock@all.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/usr/bin/rfkill block %I 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /util-linux-selinux/rfkill-unblock_.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=RFKill-Unblock %I 3 | After=rfkill-block@all.service 4 | 5 | [Service] 6 | Type=oneshot 7 | ExecStart=/usr/bin/rfkill unblock %I 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | -------------------------------------------------------------------------------- /util-linux-selinux/util-linux-BSD-2-Clause.txt: -------------------------------------------------------------------------------- 1 | xxHash Library 2 | Copyright (c) 2012-2021 Yann Collet 3 | All rights reserved. 4 | 5 | BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php) 6 | 7 | Redistribution and use in source and binary forms, with or without modification, 8 | are permitted provided that the following conditions are met: 9 | 10 | * Redistributions of source code must retain the above copyright notice, this 11 | list of conditions and the following disclaimer. 12 | 13 | * Redistributions in binary form must reproduce the above copyright notice, this 14 | list of conditions and the following disclaimer in the documentation and/or 15 | other materials provided with the distribution. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 18 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 19 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 20 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 21 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 22 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 24 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | -------------------------------------------------------------------------------- /util-linux-selinux/util-linux.sysusers: -------------------------------------------------------------------------------- 1 | g rfkill - - - 2 | --------------------------------------------------------------------------------