|
# vim: sw=4:ts=4:et
|
|
#
|
|
# Copyright (c) 2013 Red Hat, Inc.
|
|
|
|
# This program and entire repository is free software: you can redistribute it
|
|
# and/or modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the License,
|
|
# or any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along with
|
|
# this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
%define selinux_variants targeted
|
|
|
|
%if 0%{?rhel} == 5
|
|
# absolute minimum versions for RHEL 5
|
|
%define selinux_policy_ver 3.11.1-81
|
|
%else
|
|
# absolute minimum versions for RHEL 6
|
|
%define selinux_policy_ver 2.4.6-80
|
|
%endif
|
|
%define selinux_policycoreutils_ver 1.33.12-1
|
|
|
|
%define moduletype apps
|
|
%define modulename foreman
|
|
|
|
# set and uncomment all three to set alpha tag
|
|
#global alphatag RC1
|
|
#global dotalphatag .%{alphatag}
|
|
#global dashalphatag -%{alphatag}
|
|
|
|
Name: %{modulename}-selinux
|
|
Version: 1.6.0
|
|
Release: 0.develop%{?dotalphatag}%{?dist}
|
|
Summary: SELinux policy module for Foreman
|
|
|
|
Group: System Environment/Base
|
|
License: GPLv3+
|
|
URL: http://www.theforeman.org
|
|
Source0: http://downloads.theforeman.org/%{name}/%{name}-%{version}%{?dashalphatag}.tar.bz2
|
|
|
|
BuildRequires: checkpolicy, selinux-policy-devel, hardlink
|
|
BuildRequires: policycoreutils >= %{selinux_policycoreutils_ver}
|
|
BuildRequires: /usr/bin/pod2man
|
|
BuildArch: noarch
|
|
|
|
Requires: selinux-policy >= %{selinux_policy_ver}
|
|
Requires(post): /usr/sbin/semodule, /sbin/restorecon, /usr/sbin/setsebool, /usr/sbin/selinuxenabled, /usr/sbin/semanage
|
|
Requires(post): policycoreutils-python
|
|
Requires(post): selinux-policy-targeted
|
|
Requires(postun): /usr/sbin/semodule, /sbin/restorecon
|
|
Requires(pre): %{modulename}
|
|
|
|
%description
|
|
SELinux policy module for Foreman
|
|
|
|
%prep
|
|
%setup -q -n %{name}-%{version}%{?dashalphatag}
|
|
|
|
%build
|
|
# create selinux-friendly version from VR and replace it inplace
|
|
perl -i -pe 'BEGIN { $VER = join ".", grep /^\d+$/, split /\./, "%{version}.%{release}"; } s!\@\@VERSION\@\@!$VER!g;' %{modulename}.te
|
|
|
|
# build policy
|
|
for selinuxvariant in %{selinux_variants}
|
|
do
|
|
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
|
|
bzip2 -9 %{modulename}.pp
|
|
mv %{modulename}.pp.bz2 %{modulename}.ppbz2.${selinuxvariant}
|
|
make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
|
|
done
|
|
|
|
# build man pages
|
|
/usr/bin/pod2man --name=foreman-selinux-enable -c "Foreman Reference" --section=8 --release=%{version} foreman-selinux-enable.pod foreman-selinux-enable.man8
|
|
/usr/bin/pod2man --name=foreman-selinux-disable -c "Foreman Reference" --section=8 --release=%{version} foreman-selinux-disable.pod foreman-selinux-disable.man8
|
|
/usr/bin/pod2man --name=foreman-selinux-relabel -c "Foreman Reference" --section=8 --release=%{version} foreman-selinux-relabel.pod foreman-selinux-relabel.man8
|
|
|
|
%install
|
|
# install policy modules
|
|
for selinuxvariant in %{selinux_variants}
|
|
do
|
|
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
|
|
install -p -m 644 %{modulename}.ppbz2.${selinuxvariant} \
|
|
%{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{modulename}.pp.bz2
|
|
done
|
|
|
|
# install interfaces
|
|
install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
|
|
install -p -m 644 %{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
|
|
|
|
# hardlink identical policy module packages together
|
|
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
|
|
|
|
# install enable/relabel scripts which will be called in %posttrans
|
|
install -d %{buildroot}%{_sbindir}
|
|
install -p -m 755 %{name}-enable %{buildroot}%{_sbindir}/%{name}-enable
|
|
install -p -m 755 %{name}-disable %{buildroot}%{_sbindir}/%{name}-disable
|
|
install -p -m 755 %{name}-relabel %{buildroot}%{_sbindir}/%{name}-relabel
|
|
|
|
# install man pages
|
|
install -d -m 0755 %{buildroot}%{_mandir}/man8
|
|
install -m 0644 foreman-selinux-enable.man8 %{buildroot}%{_mandir}/man8/foreman-selinux-enable.8
|
|
install -m 0644 foreman-selinux-disable.man8 %{buildroot}%{_mandir}/man8/foreman-selinux-disable.8
|
|
install -m 0644 foreman-selinux-relabel.man8 %{buildroot}%{_mandir}/man8/foreman-selinux-relabel.8
|
|
|
|
%post
|
|
if /usr/sbin/selinuxenabled ; then
|
|
%{_sbindir}/%{name}-enable || true
|
|
fi
|
|
|
|
%posttrans
|
|
if /usr/sbin/selinuxenabled ; then
|
|
%{_sbindir}/%{name}-relabel >/dev/null
|
|
fi
|
|
|
|
%preun
|
|
# clean up before package removal
|
|
/usr/sbin/selinuxenabled && [ $1 -eq 0 ] && %{_sbindir}/%{name}-disable
|
|
# relabel before removal/upgrade
|
|
%{_sbindir}/%{name}-relabel >/dev/null
|
|
|
|
%files
|
|
%doc Contributors CHANGELOG LICENSE %{modulename}.fc %{modulename}.if %{modulename}.te %{modulename}.sh
|
|
%attr(0600,root,root) %{_datadir}/selinux/*/%{modulename}.pp.bz2
|
|
%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
|
|
%{_mandir}/man8/*
|
|
%attr(0755,root,root) %{_sbindir}/%{name}-enable
|
|
%attr(0755,root,root) %{_sbindir}/%{name}-disable
|
|
%attr(0755,root,root) %{_sbindir}/%{name}-relabel
|
|
|
|
%changelog
|
|
* Wed Apr 16 2014 Dominic Cleal <dcleal@redhat.com> - 1.6.0-0.develop
|
|
- Bump to version 1.6-develop
|
|
|
|
* Thu Jan 16 2014 Dominic Cleal <dcleal@redhat.com> - 1.5.0-0.develop
|
|
- Bump to version 1.5-develop
|
|
|
|
* Thu Nov 21 2013 Dominic Cleal <dcleal@redhat.com> - 1.4.0-0.develop
|
|
- Bump and change versioning scheme (#3712)
|
|
|
|
* Thu Sep 05 2013 Lukas Zapletal <lzap+rpm[@]redhat.com> - 1.3.9999-1
|
|
- Bump to version 1.3-develop
|
|
|
|
* Mon Jun 03 2013 Lukas Zapletal <lzap+rpm[@]redhat.com> - 1.2.9999-1
|
|
- Brand new SPEC adopted from Katello project
|
|
- Changes to the policy to get SCL working
|
|
|
|
* Tue Feb 26 2013 Sam Kottler <shk@redhat.com> 1.1.1-1
|
|
- Initial version
|