794682 – selinux-policy-2.eclass: unable to apply POLICY_PATCH

Bug 794682 - selinux-policy-2.eclass: unable to apply POLICY_PATCH

Summary: selinux-policy-2.eclass: unable to apply POLICY_PATCH

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Eclasses (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	SE Linux Bugs

URL:
Whiteboard:
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2021-06-07 07:43 UTC by Mathieu Tortuyaux
Modified:	2022-06-30 17:05 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/26148
Package list:
Runtime testing required:	---

Attachments
emerge selinux-virt (selinux-virt-2.20200818-r2.log,3.06 KB, text/x-log) 2021-06-07 07:43 UTC, Mathieu Tortuyaux	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mathieu Tortuyaux 2021-06-07 07:43:38 UTC

Created attachment 714105 [details]
emerge selinux-virt

Hi,

`selinux-policy-2` eclass allows user to apply `POLICY_PATCH` when emerging:

```
POLICY_PATCH=(
    "${FILESDIR}"/my-patch.patch
)
```

Since this commit: https://github.com/gentoo/gentoo/commit/e84846288b5c018fec9337b9154fa01796675ce1 the eapply seems broken (see selinux-virt-2.20200818-r2.log file)

According to the [doc](https://devmanual.gentoo.org/ebuild-writing/functions/src_prepare/epatch/index.html): 
> When specifying a directory, at least one file with a name ending in .patch or .diff must exist or the command fails. Other files are ignored.

So it seems the `-d` argument is interpreted as "move into this directory then apply any patches you'll find in it" but there is nothing to apply since patches are located into `${FILESDIR}`

Reverting the way patches are applied did the trick: https://gist.github.com/tormath1/a717cf9398ab1ee429ece5398ef83187

Let me know if you need anything else and thanks :)

Comment 1 Larry the Git Cow gentoo-dev

2022-06-30 17:04:16 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0be96d697774e1d79685290f3a0547dba118673

commit a0be96d697774e1d79685290f3a0547dba118673
Author:     Krzesimir Nowak <knowak@microsoft.com>
AuthorDate: 2022-06-29 15:05:23 +0000
Commit:     Kenton Groombridge <concord@gentoo.org>
CommitDate: 2022-06-30 17:03:24 +0000

    eclass/selinux-policy-2: fix POLICY_PATCH applying
    
    eapply as implemented in portage has some heuristics to find out where
    the parameters that should be passed to patch utility end and actual
    diff/patch files begin. It first tries to find -- which is the
    explicit way of separating parameters from input files. Since there's
    none, it tries to find a first non-option. And it finds the refpolicy
    directory as a first non-option, while it is supposed to be a value of
    the -d parameter. The said directory is then treated as an input
    directory, which is expected to contain at least one patch or diff
    file. Since there's none, eapply fails.
    
    Help eapply's heuristics by explicitly delimiting the parameters from
    input files with --.
    
    Bug: https://bugs.gentoo.org/794682
    Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
    Closes: https://github.com/gentoo/gentoo/pull/26148
    Signed-off-by: Kenton Groombridge <concord@gentoo.org>

 eclass/selinux-policy-2.eclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)