LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File policycoreutils.spec of Package policycoreutils (Project security:SELinux)

#
# spec file for package policycoreutils
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define libaudit_ver     1.4.2
%define libsepol_ver     2.1.4
%define libsemanage_ver  2.0.43
%define libselinux_ver   2.0.90
%define sepolgen_ver     1.1.5

Name:           policycoreutils
Version:        2.1.10
Release:        0
Url:            http://userspace.selinuxproject.org/
Summary:        SELinux policy core utilities
License:        GPL-2.0+
Group:          Productivity/Security
Source:         http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
Source1:        http://userspace.selinuxproject.org/releases/20120216/sepolgen-%{sepolgen_ver}.tar.gz
Source2:        system-config-selinux.png
Source3:        system-config-selinux.desktop
Source4:        system-config-selinux.pam
Source5:        system-config-selinux.console
Source6:        selinux-polgengui.desktop
Source7:        selinux-polgengui.console
Source8:        policycoreutils_man_ru2.tar.bz2
Source9:        restorecond.service
Patch1:         policycoreutils-po.patch.bz2
Patch2:         policycoreutils-gui.patch.bz2
Patch4:         policycoreutils-initscript.patch
Patch5:         policycoreutils-pam-common.patch
Patch6:         policycoreutils-glibc217.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  audit-devel >= %{libaudit_ver}
BuildRequires:  dbus-1-glib-devel
BuildRequires:  fdupes
BuildRequires:  gettext
BuildRequires:  libcap-devel
BuildRequires:  libcap-ng-devel
BuildRequires:  libcgroup-devel
BuildRequires:  libselinux-devel >= %{libselinux_ver}
BuildRequires:  libsemanage-devel >= %{libsemanage_ver}
BuildRequires:  libsepol-devel-static >= %{libsepol_ver}
BuildRequires:  pam-devel
BuildRequires:  python-devel
BuildRequires:  update-desktop-files
%if 0%{?suse_version} > 1140
BuildRequires:  systemd
%endif
Requires(pre):  %insserv_prereq  %fillup_prereq permissions
Requires:       audit-libs-python
Requires:       checkpolicy
Requires:       gawk
Requires:       python-selinux
Requires:       rpm
Requires:       util-linux
%{?systemd_requires}
Recommends:     %{name}-lang

%description
Security-enhanced Linux is a feature of the Linux(R) kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement(R), Role-based Access
Control, and Multi-level Security.

policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.

%lang_package

%prep
%setup -q -a 1
#%patch0 -p2
%patch1 -p1
%patch2 -p1
%patch4
%patch5
%patch6 -p2
# sleep 5
# touch po/policycoreutils.pot
# sleep 5

%build
export SUSE_ASNEEDED=0
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C sepolgen-%{sepolgen_ver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all

%install
mkdir -p {buildroot}%{_initddir}
mkdir -p %{buildroot}/var/lib/selinux
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}/sbin
mkdir -p %{buildroot}%{_mandir}/man1
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" INITDIR="%{buildroot}%{_initddir}" install
make -C sepolgen-%{sepolgen_ver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
install -D -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png
%if 0%{?suse_version} > 1140
install -D -m 0644 %SOURCE9 %{buildroot}/%{_unitdir}/restorecond.service
%endif
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
tar -jxf %{SOURCE8} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
ln -sf %{_initddir}/restorecond %{buildroot}%{_sbindir}/rcrestorecond
ln -sf %{_initddir}/sandbox %{buildroot}%{_sbindir}/rcsandbox
mkdir -p %{buildroot}/var/adm/fillup-templates/
mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox %{buildroot}/var/adm/fillup-templates/sysconfig.sandbox
rmdir %{buildroot}/%{_sysconfdir}/sysconfig
%suse_update_desktop_file -i system-config-selinux System Security Settings
%suse_update_desktop_file -i selinux-polgengui System Security Settings
%find_lang %{name}
%fdupes -s %{buildroot}/%{_datadir}

%package python
Summary:        SELinux policy core python utilities
Group:          Productivity/Security
Requires:       audit-libs-python >= %{libaudit_ver}
Requires:       policycoreutils = %{version}
Requires:       python-ipy
Requires:       python-selinux >= %{libselinux_ver}
Requires:       python-semanage >= %{libsemanage_ver}
Requires:       python-setools
Requires:       python-xml

%description python
The policycoreutils-python package contains the management tools used to manage an SELinux environment.

%files python
%defattr(-,root,root,-)
%{_sbindir}/semanage
%{_bindir}/audit2allow
%{_bindir}/audit2why
%{_bindir}/chcat
%{_bindir}/sandbox
%{_bindir}/sepolgen-ifgen
%{_bindir}/sepolgen-ifgen-attr-helper
%{python_sitearch}/seobject.py*
%{python_sitearch}/sepolgen
#%{python_sitearch}/%{name}
#%{python_sitearch}/%{name}*.egg-info
%dir  /var/lib/sepolgen
%dir  /var/lib/selinux
/var/lib/sepolgen/perm_map
%{_mandir}/man1/audit2allow.1*
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/sandbox.8*
%{_mandir}/man5/sandbox*
%{_mandir}/man8/semanage.8*
%{_mandir}/ru/man8/semanage.8*

%post python
selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen 2>/dev/null
exit 0

%package sandbox
Summary:        SELinux sandbox utilities
Group:          Productivity/Security
Requires:       policycoreutils-python = %{version}
Requires:       xorg-x11-server-extra
# Requires:       matchbox-window-manager

%description sandbox
The sandbox package contains the scripts to create graphical sandboxes

%files sandbox
%defattr(-,root,root,-)
%{_initddir}/sandbox
%{_sbindir}/rcsandbox
%attr(0755,root,root) %{_sbindir}/seunshare
%dir %{_datadir}/sandbox
%{_datadir}/sandbox/sandboxX.sh
%{_datadir}/sandbox/start
/var/adm/fillup-templates/sysconfig.sandbox
%doc %{_mandir}/man8/seunshare.8*

%post sandbox
%fillup_and_insserv sandbox

%preun sandbox
if [ "$1" -eq "0" ]; then
    %stop_on_removal sandbox
    %insserv_cleanup
fi

%postun sandbox
if [ "$1" -ge "1" ]; then
    %restart_on_update sandbox
    %insserv_cleanup
fi

%package newrole
Summary:        The newrole application for RBAC/MLS
Group:          Productivity/Security
Requires:       policycoreutils = %{version}
Requires(pre):  permissions

%description newrole
RBAC/MLS policy machines require newrole as a way of changing the role
or level of a logged in user.

%files newrole
%defattr(-,root,root)
%verify(not mode) %attr(0755,root,root) %{_bindir}/newrole
%{_mandir}/man1/newrole.1.gz
%config(noreplace) %{_sysconfdir}/pam.d/newrole

%post newrole
%set_permissions %{_bindir}/newrole

%verifyscript
%verify_permissions -e %{_bindir}/newrole

%package gui
Summary:        SELinux configuration GUI
Group:          Productivity/Security
Requires:       policycoreutils-python = %{version}
Requires:       python-gnome
Requires:       python-gtk
# Requires:    gnome-python2-canvas
# Requires:    usermode-gtk
Requires:       python
Requires:       selinux-policy
Requires:       setools-console

%description gui
system-config-selinux is a utility for managing the SELinux environment

%files gui
%defattr(-,root,root)
%{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui
#%{_bindir}/sepolgen
%{_datadir}/applications/selinux-polgengui.desktop
%{_datadir}/applications/system-config-selinux.desktop
%{_datadir}/pixmaps/system-config-selinux.png
#%dir %{_datadir}/system-config-selinux
#%dir %{_datadir}/system-config-selinux/templates
#%{_datadir}/system-config-selinux/*.py*
#%{_datadir}/system-config-selinux/selinux.tbl
#%{_datadir}/system-config-selinux/*.glade
#%{_datadir}/system-config-selinux/templates/*.py*
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
%dir %{_sysconfdir}/security/console.apps
%config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root)
/sbin/restorecon
/sbin/fixfiles
/sbin/setfiles
/sbin/load_policy
%{_sbindir}/genhomedircon
%{_sbindir}/load_policy
%{_sbindir}/restorecond
%{_sbindir}/setsebool
%{_sbindir}/semodule
%{_sbindir}/sestatus
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
%{_bindir}/secon
%{_bindir}/semodule_deps
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%{_bindir}/semodule_unpackage
%if 0%{?suse_version} > 1140
%{_unitdir}/restorecond.service
%endif
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%attr(755,root,root) %{_initddir}/restorecond
%{_sbindir}/rcrestorecond
%config(noreplace) /etc/selinux/restorecond.conf
%config(noreplace) /etc/selinux/restorecond_user.conf
%{_sysconfdir}/xdg/autostart/restorecond.desktop
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%dir %{_mandir}/ru
%dir %{_mandir}/ru/man1
%dir %{_mandir}/ru/man8
%{_mandir}/man5/selinux_config.5*
%{_mandir}/man5/sestatus.conf.5*
%{_mandir}/man8/semodule_unpackage.8*
%{_mandir}/man8/fixfiles.8*
%{_mandir}/ru/man8/fixfiles.8*
%{_mandir}/man8/load_policy.8*
%{_mandir}/ru/man8/load_policy.8*
%{_mandir}/man8/open_init_pty.8*
%{_mandir}/ru/man8/open_init_pty.8*
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
%{_mandir}/man8/run_init.8*
%{_mandir}/ru/man8/run_init.8*
%{_mandir}/man8/semodule.8*
%{_mandir}/ru/man8/semodule.8*
%{_mandir}/man8/semodule_deps.8*
%{_mandir}/ru/man8/semodule_deps.8*
%{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8*
%{_mandir}/ru/man8/semodule_link.8*
%{_mandir}/man8/semodule_package.8*
%{_mandir}/ru/man8/semodule_package.8*
%{_mandir}/man8/sestatus.8*
%{_mandir}/ru/man8/sestatus.8*
%{_mandir}/man8/setfiles.8*
%{_mandir}/ru/man8/setfiles.8*
%{_mandir}/man8/setsebool.8*
%{_mandir}/ru/man8/setsebool.8*
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/genhomedircon.8*

%files lang -f %{name}.lang

%pre
%if 0%{?suse_version} > 1140
%service_add_pre restorecond.service
%endif

%post
%fillup_and_insserv restorecond
%if 0%{?suse_version} > 1140
%service_add_post restorecond.service
%endif

%preun
if [ "$1" -eq "0" ]; then
    %stop_on_removal restorecond
    %insserv_cleanup
fi
%if 0%{?suse_version} > 1140
%service_del_preun restorecond.service
%endif

%postun
if [ "$1" -ge "1" ]; then
    %restart_on_update restorecond
    %insserv_cleanup
fi
%if 0%{?suse_version} > 1140
%service_del_postun restorecond.service
%endif

%changelog