File apparmor-parser.spec of Package apparmor-parser

#
# spec file for package apparmor-parser (Version 2.3.1)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild


Name:           apparmor-parser
%if ! %{?distro:1}0
%if %{?suse_version:1}0
  %define distro suse
%endif
%if %{?fedora_version:1}0
  %define distro redhat
%endif
%endif
%if ! %{?distro:1}0
  %define distro suse
%endif
Summary:        AppArmor userlevel parser utility
Version:        2.3.1
Release:        8.14.9
Group:          Productivity/Networking/Security
Source0:        %{name}-%{version}-1365.tar.gz
Patch1:         apparmor-init.patch
Patch2:         apparmor-parser-line-numbers
Patch3:         apparmor-parser-support-dry-run
Patch4:         apparmor-parser-fix-recognition-of-non-inet-net-domains
Patch5:         apparmor-parser-removal-whitespace-fix
Patch6:         apparmor-parser-translations
Patch7:         apparmor-parser-fix-debug-mode
Patch8:         apparmor-parser-separate-hat-removal-fix
License:        GPL v2 or later
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Url:            http://forge.novell.com/modules/xfmod/project/?apparmor
PreReq:         sed
%if %{distro} == "suse"
PreReq:         %{insserv_prereq} aaa_base
%endif
BuildRequires:  gcc-c++
Obsoletes:      subdomain_parser subdomain-parser
Obsoletes:      subdomain-parser-demo subdomain-parser-common subdomain-leaf-cert
Obsoletes:      libimnxcert
Provides:       subdomain_parser subdomain-parser
Provides:       subdomain-parser-demo subdomain-parser-common subdomain-leaf-cert
Provides:       libimnxcert
%define apparmor_bin_prefix /lib/apparmor
BuildRequires:  bison flex latex2html w3m
%if 0%{?suse_version} > 1020
BuildRequires:  texlive-latex
%else
BuildRequires:  te_latex
%endif

%description
The AppArmor Parser is a userlevel program that is used to load in
program profiles to the AppArmor Security kernel module.

This package is part of a suite of tools that used to be named
SubDomain.



Authors:
--------
    jjohansen@suse.de
    sbeattie@suse.de
    tonyj@suse.de

%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1

%build
make clean all CFLAGS="${RPM_OPT_FLAGS}"
make techdoc.txt

%install
make install DESTDIR=${RPM_BUILD_ROOT} \
	     MANDIR=%{_mandir} \
	     DISTRO=%{distro} \
	     APPARMOR_BIN_PREFIX=${RPM_BUILD_ROOT}%{apparmor_bin_prefix}
%find_lang %{name}

%clean
rm -rf $RPM_BUILD_ROOT

%files -f %{name}.lang
%defattr(-,root,root)
%doc README COPYING.GPL
/sbin/apparmor_parser
%dir %attr(-, root, root) /etc/apparmor
%if %{distro} == "suse"
  /sbin/rcsubdomain
  /sbin/rcapparmor
  /etc/init.d/boot.apparmor
  /sbin/rcaaeventd
  /etc/init.d/aaeventd
%else
  /etc/init.d/apparmor
  /etc/init.d/aaeventd
%endif
%config(noreplace) /etc/apparmor/subdomain.conf
/var/lib/apparmor
%dir %attr(-, root, root) %{apparmor_bin_prefix}
%{apparmor_bin_prefix}/rc.apparmor.functions
%if 0%{?suse_version} <= 1010
# needed on sles
%dir %{_prefix}/share/locale/si
%dir %{_prefix}/share/locale/si/LC_MESSAGES
%endif
%doc %{_mandir}/man*/*
%if %{distro} == "redhat" || %{distro} == "rhel4"

%pre
if [ -f /etc/init.d/subdomain ] ; then
  chkconfig --del subdomain
fi
%endif

%post
%if %{distro} == "suse"
  # SUSE uses insserv
  # For package renaming from subdomain -> apparmor
  # we check the existence of the AppArmor 1.1 and 
  # AppArmor 1.2 based init script to help determine 
  # whether  we are upgrading
  SUBDOMAIN_PARSER_INSTALLED="no"
  if test -e /etc/init.d/boot.subdomain -o -e /etc/init.d/subdomain; then
    SUBDOMAIN_PARSER_INSTALLED="yes"
  fi
  if  test "$1" == 1  -a $SUBDOMAIN_PARSER_INSTALLED = "no"; then
    %{insserv_force_if_yast boot.apparmor}
  elif test -e /etc/rc.d/boot.d/S??boot.subdomain  -o \
            -e /etc/rc.d/boot.d/S??boot.apparmor  -o \
            -e /etc/rc.d/rc3.d/S??subdomain ; then
    %{insserv_force_if_yast boot.apparmor}
  else
    %{fillup_and_insserv -f boot.apparmor}
  fi
%endif
%if %{distro} == "redhat" || %{distro} == "rhel4"
  chkconfig --add apparmor
%endif
%if %{distro} == "slackware"
  if grep -qs "# BEGIN rc.subdomain INSERTION" /etc/rc.d/rc.M ; then true ; else
    %{apparmor_bin_prefix}/install/frob_slack_rc --init
  fi
  if grep -qs "# BEGIN rc.subdomain INSERTION" /etc/rc.d/rc.K ; then true ; else
    %{apparmor_bin_prefix}/install/frob_slack_rc --shutdown
  fi
%endif

%preun
if [ "$1" = 0 ] ; then
%if %{distro} == "suse"
  %{stop_on_removal aaeventd}
  %{stop_on_removal boot.apparmor}
%endif
%if %{distro} == "redhat" || %{distro} == "rhel4"
  chkconfig --del aaeventd
  chkconfig --del apparmor
%endif
fi

%postun
%if %{distro} == "suse"
  %{insserv_cleanup}
%endif

%changelog
* Fri Apr 30 2010 jeffm@suse.de
- Newer kernels don't require separate removal of hats (bnc#588248)
- Fixed compilation of debug mode
* Thu Mar 25 2010 jeffm@suse.de
- Update to final translation files
* Mon Mar 15 2010 jeffm@suse.de
- Fix handling of removing profiles with whitespace (bnc#510740)
- Provide meaningful line numbers in error reports (bnc#520013)
- Support dry-run mode
- Fix recognition of non-inet net domains (bnc#588185)
* Sat Feb  7 2009 jjohansen@suse.de
- Update to final translation files
* Fri Nov 21 2008 jjohansen@suse.de
- fixes for
  bnc#442694 - Revision on original patch that had a bug that could
    cause infinite loop.
  bnc#426461 - Alias rules fail when they are not the first rules in
    a profile
  bnc#446574 - execute transitions not handled correctly for hats
    and local profiles
* Fri Nov  7 2008 jjohansen@suse.de
- update po translation files
- fixes for
  bnc#429895 - apparmor init script makes use of utilities from /usr/bin
    breaking /usr on NFS|SMB
  bnc#435501 - Bash syntax errors appear in /etc/init.d/aaeventd
  bnc#435510 - Bash syntax errors appear in /etc/init.d/boot.apparmor
  bnc#426149 - race condition between boot.apparmor and boot.cleanup
  bnc#442694 - AppArmor parser allocates memory until crash
* Fri Sep 12 2008 jjohansen@suse.de
- sync to upstream apparmor 2.3.1 containing bug fix release for 2.3
* Sun Aug 24 2008 aj@suse.de
- Fix init scripts.
* Wed Jun  4 2008 jjohansen@suse.de
- fix policy reload and remove bug that would prevent rc.apparmor
  stop and rc.apparmor restart from properly removing or reloading
  policy in the cases of unattached profiles and profiles containing
  hats (bnc#397014)
- also covers the shell syntax bug (bnc#395060) as that incorrect
  test was removed by the fix for (bnc#397014), because it removes
  the need to generate the fake profile, thus avoiding the name
  mangling.
* Tue Jun  3 2008 coolo@suse.de
- fixing shell syntax (bnc#395060)
* Mon May 26 2008 jjohansen@suse.de
- update to new translation files
- incorporate Apr 29, AF_CAN fix into main source
* Tue Apr 29 2008 aj@suse.de
- Fix build: AF_CAN is ignored.
* Wed Apr 16 2008 jjohansen@suse.de
- Code drop of AppArmor 2.3 parser - feature implementation complete
* Mon Apr  7 2008 jjohansen@suse.de
- Bump version to 2.3 in preparation for AppArmor 2.3 code drop
* Sun Mar 16 2008 crrodriguez@suse.de
- fix file-not-in-lang errors
* Fri Aug 31 2007 sbeattie@suse.de
- only run apparmor initscript at boot level (#286749)
* Tue Aug 21 2007 ro@suse.de
- split off apparmor-docs to its own specfile to keep it noarch
* Mon Aug 20 2007 sbeattie@suse.de
- disabled aaeventd initscript before uninstalling [#301418]
- Fix double free bug
* Mon Aug  6 2007 dreynolds@suse.de
- Added updated translations
- Fix turkish localization problem - patch
  from S.Çağlar Onur <caglar@pardus.org.tr>
- Updated makefile to handle AF_RXRPC protocol from socket.h
* Sat Jul 28 2007 sbeattie@suse.de
- Allow inverted character classes in unquoted pathnames
- Fix return code propogation in initscripts
- Add change_profile support
- Add basic network mediation
- Add mediation modes for append-only and locks
- Allow reverse ordered file permission rules
* Sat Apr 21 2007 aj@suse.de
- Use texlive for building.
* Thu Apr 12 2007 sbeattie@suse.de
- Add manpages to package
- Add apparmor-docs as subpackage
- Add techdoc to docs package
- Fix initscript to support apparmor as builtin
- Translation updates
* Sat Mar 31 2007 agruen@suse.de
- Update to version 2.0.2: DFA based kernel module.
* Thu Mar 29 2007 coolo@suse.de
- BuildRequire flex and bison
* Mon Nov 20 2006 dreynolds@suse.de
-  More translation updates
* Mon Nov 20 2006 dreynolds@suse.de
- Updates from the translation team
* Tue Nov 14 2006 sbeattie@suse.de
- fix rc.aaeventd to depend on apparmor, not boot.apparmor (#214293)
* Thu Nov  9 2006 sbeattie@suse.de
- Add audit_write and audit_control capabilities (#218961)
  (jjohansen@suse.de)
- pull translation updates from lcn (ddrewelow@suse.de)
- Use kernel's capability defines rather than libcap
- /lib/lsb/init-functions provides killproc(), use it instead.
* Sat Oct 28 2006 olh@suse.de
- boot.apparmor should start after boot.localfs (#215156)
* Sun Oct 15 2006 sbeattie@suse.de
- add support for #include'ing directories
- remove /subdomain (#160020)
- updated translation files (from SLE10)
* Fri Jul 28 2006 olh@suse.de
- make boot.localfs optional in boot.apparmor (#181972)
* Mon Jun  5 2006 sbeattie@suse.de
- Add support for 'm' flag (mmap w/PROT_EXEC permission) (#175388)
- Add Px and Ux flags to indicate to ld.so that sensitive environemnt
  variables should be filtered on exec() (#172061) The m, Px, and Ux
  flags are added in such a way that apparmor modules without
  corresponding support will just ignore them.
- Fix segv if profiles directory does not exist (#160330)
- Fix aaeventd initscript description (#172961)
- Add check to verify module supports pcre
- Add regression tests and run on every build
- Other minor fixups
* Fri May 26 2006 schwab@suse.de
- Don't strip binaries.
* Mon Apr  3 2006 dreynolds@suse.de
- Fix upgrade problems from sles9/sl10.0 (#156990)
* Mon Mar 27 2006 jmichael@suse.de
- Split aaeventd startup into its own init script so we don't start
  daemons while in the "boot" runlevel (#158613)
- Obsoleted libimnxcert (#157450)
* Mon Feb 13 2006 dreynolds@suse.de
- sbeattie@suse.de changes...
- Filter multiple slashes and trailing slashes in pathnames
- Use RPM_OPT_FLAGS
- A few s/SubDomain/AppArmor/ fixups in error messages
* Mon Feb  6 2006 sbeattie@suse.de
- Fix one last issue in initscript handling of whitespace (#141288)
- Add libcap-devel dependency for newer SUSE distros
- Fix shutting down aa-eventd
- Add option to enable/disable aa-eventd (#145465)
- Disable owlsm warning if module doesn't support it (#146470)
* Sun Jan 29 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Sun Jan 29 2006 sbeattie@suse.de
- s/none/securityfs/ in the initscript (#143372)
- add support for if {} else if {}
- rename initscript to rc.apparmor
- support /etc/apparmor.d
- add buildrequires on libcap-devel
- (dreynolds) Updated rc.subdomain.functions to reference newly named event daemon aa-eventd
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Mon Jan 23 2006 sbeattie@suse.de
- convert to insserv macros, reenable apparmor by default (#143372)
- add prereq on aaa_base (#143372)
- remove initscript dependency on boot.ldconfig
- Don't edit fstab on newer suse releases (#143402)
- Add build dependency on libcap-devel
* Tue Jan 17 2006 dreynolds@suse.de
- Removed calls to inssrv to prevent the boot.subdomain service from being enabled by default.
* Sat Jan 14 2006 sbeattie@suse.de
- Add support for giving a filename on the parser command line
- Some refactoring of code in prep for variable support.
- Add svn repo to tarball
- Rename service provided by initscript to apparmor
- Initial set variable support
- Restructure global policy list
- Fix leaks found by valgrind
- Restructure hats within profiles, detect duplicate hats
- Add basic conditional statement support
- Fix debug mode to not attempt to load policy
- Add svn repo number to tarball name
* Fri Dec  9 2005 sbeattie@suse.de
-  Fix references to old package name in .po files
* Thu Dec  8 2005 sbeattie@suse.de
- rename subdomain-parser package to apparmor-parser
- Relicense package to GPL for open source release
- Reset version to 2.0-1
- add support for securityfs in initscript and parser