Ebuild backend

Makefile.am

@@ -1,5 +1,5 @@
 
-SUBDIRS = src init doc rules.d
+SUBDIRS = src extra doc rules.d
 EXTRA_DIST = ChangeLog AUTHORS NEWS README.md INSTALL fapolicyd.spec dnf/fapolicyd-dnf-plugin.py autogen.sh
 
 clean-generic:

configure.ac

@@ -149,9 +149,20 @@ if test x$use_deb = xyes ; then
     AC_CHECK_LIB(md, MD5Final, , [AC_MSG_ERROR([libmd is missing])], -lmd)
 fi
 AM_CONDITIONAL(WITH_DEB, test x$use_deb = xyes)
-
 AM_CONDITIONAL(NEED_MD5, test x$use_deb = xyes)
 
+withval=""
+AC_ARG_WITH(ebuild,
+AS_HELP_STRING([--with-ebuild],[Use the ebuild database as a trust source]),
+use_ebuild=$withval,use_ebuild=no)
+
+if test x$use_ebuild = xyes ; then
+    AC_DEFINE(USE_EBUILD,1,[Define if you want to use the ebuild database as trust source.])
+    AC_CHECK_LIB(md, MD5Final, , [AC_MSG_ERROR([libmd is missing])], -lmd)
+fi
+AM_CONDITIONAL(WITH_EBUILD, test x$use_ebuild = xyes)
+AM_CONDITIONAL(NEED_MD5, test x$use_ebuild = xyes)
+
 dnl FIXME some day pass this on the command line
 def_systemdsystemunitdir=${prefix}/lib/systemd/system
 AC_SUBST([systemdsystemunitdir], [$def_systemdsystemunitdir])
@@ -177,7 +188,7 @@ AC_CHECK_LIB(lmdb, mdb_env_create, , [AC_MSG_ERROR([liblmdb not found])], -llmdb
 
 LD_SO_PATH
 
-AC_CONFIG_FILES([Makefile src/Makefile src/tests/Makefile init/Makefile doc/Makefile rules.d/Makefile])
+AC_CONFIG_FILES([Makefile src/Makefile src/tests/Makefile extra/Makefile doc/Makefile rules.d/Makefile])
 AC_OUTPUT
 
 echo .

extra/Makefile.am

@@ -0,0 +1,38 @@
+EXTRA_DIST = \
+	data/fapolicyd-filter.conf \
+	data/fapolicyd.conf \
+	data/fapolicyd.trust \
+	openrc/conf.d/fapolicyd \
+	openrc/init.d/fapolicyd \
+	systemd/fapolicyd.service \
+	fapolicyd-tmpfiles.conf \
+	fapolicyd-magic \
+	fapolicyd.bash_completion \
+	fagenrules
+
+fapolicyddir = $(sysconfdir)/fapolicyd
+
+dist_fapolicyd_DATA = \
+	data/fapolicyd.conf \
+	data/fapolicyd-filter.conf \
+	data/fapolicyd.trust
+
+systemdservicedir = $(systemdsystemunitdir)
+dist_systemdservice_DATA = systemd/fapolicyd.service
+
+openrcinitdir = $(sysconfdir)/init.d
+dist_openrcinit_DATA = openrc/init.d/fapolicyd
+openrcconfdir = $(sysconfdir)/conf.d
+dist_openrcconf_DATA = openrc/conf.d/fapolicyd
+
+sbin_SCRIPTS = fagenrules
+
+completiondir = $(sysconfdir)/bash_completion.d/
+dist_completion_DATA = fapolicyd.bash_completion
+
+MAGIC = fapolicyd-magic.mgc
+pkgdata_DATA = ${MAGIC}
+CLEANFILES = ${MAGIC}
+
+${MAGIC}: $(EXTRA_DIST)
+	file -C -m ${top_srcdir}/extra/fapolicyd-magic

init/fapolicyd-magic → extra/fapolicyd-magic

@@ -13,7 +13,7 @@
 0	string/wt	#!\ /bin/rc		Plan 9 shell script text executable
 !:mime	text/x-plan9-shellscript
 
-0	string/wb	#!\ /usr/bin/ocamlrun	Ocaml byte-compiled executable 
+0	string/wb	#!\ /usr/bin/ocamlrun	Ocaml byte-compiled executable
 !:mime	application/x-bytecode.ocaml
 
 0	string/wt	#!\ /usr/bin/lua	Lua script text executable

extra/openrc/conf.d/fapolicyd

@@ -0,0 +1 @@
+fapolicyd_opts="--permissive --debug"

extra/openrc/init.d/fapolicyd

@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+
+name=$RC_SVCNAME
+cfgfile="/etc/$RC_SVCNAME/$RC_SVCNAME.conf"
+command="/usr/sbin/fapolicyd"
+command_args="${fapolicyd_opts}"
+command_user="fapolicyd"
+pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
+
+# Depend on local disks being mounted
+depend() {
+	need localmount
+}
+
+# Before starting the service update the rulesfile in /etc/fapolicyd
+# from the fragments in /etc/fapolicyd/rules.d
+start_pre() {
+	/usr/sbin/fagenrules
+}

fapolicyd.spec

@@ -144,7 +144,7 @@ popd
 
 %install
 %make_install
-install -p -m 644 -D init/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{name}.conf
+install -p -m 644 -D extra/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{name}.conf
 mkdir -p %{buildroot}/%{_localstatedir}/lib/%{name}
 mkdir -p %{buildroot}/run/%{name}
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}/trust.d
@@ -254,6 +254,8 @@ fi
 %attr(644,root,%{name}) %{_datadir}/%{name}/default-ruleset.known-libs
 %attr(644,root,%{name}) %{_datadir}/%{name}/sample-rules/*
 %attr(644,root,%{name}) %{_datadir}/%{name}/fapolicyd-magic.mgc
+%exclude %{_sysconfdir}/init.d/%{name}
+%exclude %{_sysconfdir}/conf.d/%{name}
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/trust.d
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/rules.d

src/Makefile.am

@@ -74,16 +74,26 @@ libfapolicyd_la_SOURCES += \
 
 endif
 
+if NEED_MD5
+libfapolicyd_la_SOURCES += \
+	library/md5-backend.c \
+	library/md5-backend.h
+endif
+
 if WITH_DEB
-libfapolicyd_la_SOURCES += library/deb-backend.c
+libfapolicyd_la_SOURCES += library/deb-backend.c \
+	library/md5-backend.c \
+	library/md5-backend.h
 fapolicyd_CFLAGS += -DLIBDPKG_VOLATILE_API
 fapolicyd_LDFLAGS += -ldpkg
 endif
 
-if NEED_MD5
-libfapolicyd_la_SOURCES += \
+if WITH_EBUILD
+libfapolicyd_la_SOURCES += library/ebuild-backend.c \
 	library/md5-backend.c \
-	library/md5-backend.h
+	library/md5-backend.h \
+	library/filter.c \
+	library/filter.h
 endif
 
 fapolicyd_cli_CFLAGS = $(fapolicyd_CFLAGS)

src/library/backend-manager.c

@@ -40,6 +40,9 @@ extern backend rpm_backend;
 #ifdef USE_DEB
 extern backend deb_backend;
 #endif
+#ifdef USE_EBUILD
+extern backend ebuild_backend;
+#endif
 
 static backend* compiled[] =
 {
@@ -49,6 +52,9 @@ static backend* compiled[] =
 #endif
 #ifdef USE_DEB
 	&deb_backend,
+#endif
+#ifdef USE_EBUILD
+	&ebuild_backend,
 #endif
 	NULL,
 };
@@ -167,4 +173,3 @@ backend_entry* backend_get_first(void)
 {
 	return backends;
 }
-

src/library/database.c

@@ -105,6 +105,8 @@ const char *lookup_tsource(unsigned int tsource)
 		return "rpmdb";
 	case SRC_DEB:
 		return "debdb";
+	case SRC_EBUILD:
+		return "ebuilddb";
 	case SRC_FILE_DB:
 		return "filedb";
 	}