--- ebuild.sh.orig	2003-10-22 11:14:43.000000000 -0500
+++ ebuild.sh	2003-11-11 13:33:25.000000000 -0600
@@ -795,30 +795,62 @@
 	if [[ $UNSAFE > 0 ]]; then
 		die "There are ${UNSAFE} unsafe files. Portage will not install them."
 	fi
+	
+	find ${D}/ -user  portage -print0 | $XARGS -0 -n100 chown root
+	if [ "$USERLAND" == "BSD" ]; then
+		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel
+	else
+		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root
+	fi
+
+	echo ">>> Completed installing into ${D}"
+	echo
+	cd ${BUILDDIR}
+	trap SIGINT SIGQUIT
+}
+
+dyn_preinst() {
+	pkg_preinst
+
+	# set IMAGE depending if this is a binary or compile merge
+	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF} \
+					|| IMAGE=${D}
+
+	# remove man pages
+	if has noman $FEATURES; then
+		rm -fR ${IMAGE}/usr/share/man
+	fi
+
+	# remove info pages
+	if has noinfo $FEATURES; then
+		rm -fR ${IMAGE}/usr/share/info
+	fi
+
+	# remove docs
+	if has nodoc $FEATURES; then
+		rm -fR ${IMAGE}/usr/share/doc
+	fi
 
 	# Smart FileSystem Permissions
 	if has sfperms $FEATURES; then
-		for i in $(find ${D}/ -type f -perm -4000); do
+		for i in $(find ${IMAGE}/ -type f -perm -4000); do
 			ebegin ">>> SetUID: [chmod go-r] $i "
 			chmod go-r $i
 			eend $?
 		done
-		for i in $(find ${D}/ -type f -perm -2000); do
+		for i in $(find ${IMAGE}/ -type f -perm -2000); do
 			ebegin ">>> SetGID: [chmod o-r] $i "
 			chmod o-r $i
 			eend $?
 		done
 	fi
-	
-	find ${D}/ -user  portage -print0 | $XARGS -0 -n100 chown root
-	if [ "$USERLAND" == "BSD" ]; then
-		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel
-	else
-		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root
-	fi
 
+	# SELinux file labeling (needs to always be last in dyn_preinst)
 	if use selinux; then
-		if [ -x /usr/sbin/setfiles ]; then
+		# only attempt to label if setfiles is executable
+		# and 'context' is available on selinuxfs.
+		if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then
+			echo ">>> Setting SELinux security labels"
 			if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then
 				cp -f ${POLICYDIR}/file_contexts/file_contexts ${T}
 			else
@@ -826,13 +858,14 @@
 			fi
 
 			addwrite /selinux/context
-			/usr/sbin/setfiles -r ${D} ${T}/file_contexts ${D}
+			/usr/sbin/setfiles -r ${IMAGE} ${T}/file_contexts ${IMAGE} \
+				|| die "Failed to set SELinux security labels."
+		else
+			# nonfatal, since merging can happen outside a SE kernel
+			# like during a recovery situation
+			echo "!!! Unable to set SELinux security labels"
 		fi
 	fi
-
-	echo ">>> Completed installing into ${D}"
-	echo
-	cd ${BUILDDIR}
 	trap SIGINT SIGQUIT
 }
 
@@ -1232,7 +1265,7 @@
 	nofetch)
 		pkg_nofetch
 		;;
-	prerm|postrm|preinst|postinst|config)
+	prerm|postrm|postinst|config)
 		export SANDBOX_ON="0"
 		if [ "$PORTAGE_DEBUG" != "1" ]; then
 			pkg_${myarg}
@@ -1261,7 +1294,7 @@
 		fi
 		export SANDBOX_ON="0"
 		;;
-	help|clean|setup)
+	help|clean|setup|preinst)
 		#pkg_setup needs to be out of the sandbox for tmp file creation;
 		#for example, awking and piping a file in /tmp requires a temp file to be created
 		#in /etc.  If pkg_setup is in the sandbox, both our lilo and apache ebuilds break.