File policycoreutils.spec of Package policycoreutils
#
# spec file for package policycoreutils (Version 2.0.57)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
%define libaudit_ver 1.4.2
%define libsepol_ver 2.0.19
%define libsemanage_ver 2.0.27
%define libselinux_ver 2.0.46
%define sepolgen_ver 1.0.13
Name: policycoreutils
Version: 2.0.57
Release: 3
Url: http://www.nsa.gov/selinux/
License: GPL v2 or later
Group: Productivity/Security
Summary: SELinux policy core utilities
Source: %{name}-%{version}.tar.bz2
Source1: sepolgen-%{sepolgen_ver}.tar.bz2
Source2: system-config-selinux.png
Source3: system-config-selinux.desktop
Source4: system-config-selinux.pam
Source5: system-config-selinux.console
Source6: selinux-polgengui.desktop
Source7: selinux-polgengui.console
Source8: policycoreutils_man_ru2.tar.bz2
Patch0: policycoreutils-rhat.patch
Patch1: policycoreutils-po.patch.bz2
Patch2: policycoreutils-gui.patch.bz2
Patch3: policycoreutils-sepolgen.patch
Patch4: policycoreutils-initscript.patch
Patch5: policycoreutils-pam-common.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gettext libcap-devel pam-devel python-devel update-desktop-files
BuildRequires: libsepol-devel >= %{libsepol_ver}
BuildRequires: libsemanage-devel >= %{libsemanage_ver}
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: audit-devel >= %{libaudit_ver}
PreReq: %insserv_prereq %fillup_prereq permissions
Requires: util-linux gawk rpm checkpolicy python-selinux audit-libs-python
%description
Security-enhanced Linux is a feature of the Linux(R) kernel and a
number of utilities with enhanced security functionality designed to
add mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole to
switch roles, and run_init to run /etc/init.d scripts in the proper
context.
%package gui
License: GPL v2 or later
Summary: SELinux policy core utilities
Group: Productivity/Security
Requires: policycoreutils = %{version}-%{release}
Requires: python python-gnome python-gtk
Requires: usermode usermode-consoleonly
Requires: setools-console
%description gui
Security-enhanced Linux is a feature of the Linux(R) kernel and a
number of utilities with enhanced security functionality designed to
add mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole to
switch roles, and run_init to run /etc/init.d scripts in the proper
context.
%prep
%setup -q -a 1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4
%patch5
sleep 1
touch po/policycoreutils.pot
sleep 1
%build
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C sepolgen-%{sepolgen_ver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="$RPM_OPT_FLAGS -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
%install
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/init.d
mkdir -p $RPM_BUILD_ROOT/var/lib/selinux
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
mkdir -p $RPM_BUILD_ROOT/sbin
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{1,8}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
#mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps
make LSPP_PRIV=y DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" INITDIR="$RPM_BUILD_ROOT%{_sysconfdir}/init.d" install
make -C sepolgen-%{sepolgen_ver} DESTDIR="$RPM_BUILD_ROOT" LIBDIR="$RPM_BUILD_ROOT%{_libdir}" install
install -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/pixmaps/system-config-selinux.png
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/selinux-polgengui
# install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps/system-config-selinux
# install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps/selinux-polgengui
tar -jxf %{SOURCE8} -C $RPM_BUILD_ROOT/
ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/system-config-selinux
ln -sf consolehelper $RPM_BUILD_ROOT%{_bindir}/selinux-polgengui
ln -sf ../../etc/init.d/restorecond $RPM_BUILD_ROOT%{_sbindir}/rcrestorecond
%suse_update_desktop_file -i system-config-selinux System Security Settings
%suse_update_desktop_file -i selinux-polgengui System Security Settings
mv $RPM_BUILD_ROOT%{_datadir}/locale/sr@latin $RPM_BUILD_ROOT%{_datadir}/locale/sr@Latn
%find_lang %{name}
%clean
rm -rf $RPM_BUILD_ROOT
%preun
if [ "$1" -eq "0" ]; then
%stop_on_removal restorecond
%insserv_cleanup
fi
%post
%run_permissions
%fillup_and_insserv restorecond
[ -f %{_datadir}/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen > /dev/null
exit 0
%postun
if [ "$1" -ge "1" ]; then
%restart_on_update rsyncd
%insserv_cleanup
fi
%verifyscript
%verify_permissions -e %{_bindir}/newrole
%files -f %{name}.lang
%defattr(-,root,root)
/sbin/restorecon
/sbin/fixfiles
/sbin/setfiles
%{_sbindir}/genhomedircon
%{_sbindir}/restorecond
%{_sbindir}/setsebool
%{_sbindir}/semodule
%{_sbindir}/semanage
%{_sbindir}/load_policy
%{_sbindir}/sestatus
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
%{_bindir}/sepolgen-ifgen
%{_bindir}/audit2allow
%{_bindir}/audit2why
%{_bindir}/chcat
%{_bindir}/secon
%{_bindir}/semodule_deps
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
%verify(not mode) %attr(0755,root,root) %{_bindir}/newrole
%{_mandir}/man1/*
%{_mandir}/man8/*
%dir %{_mandir}/ru
%dir %{_mandir}/ru/man1
%dir %{_mandir}/ru/man8
%{_mandir}/ru/man1/*
%{_mandir}/ru/man8/*
%config(noreplace) %{_sysconfdir}/pam.d/newrole
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
%{py_sitedir}/seobject.py*
%attr(755,root,root) %{_sysconfdir}/init.d/restorecond
%{_sbindir}/rcrestorecond
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
%dir %{py_sitedir}/sepolgen
%{py_sitedir}/sepolgen/*
%dir /var/lib/sepolgen
%dir /var/lib/selinux
/var/lib/sepolgen/perm_map
%files gui
%defattr(-,root,root)
%{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui
%{_datadir}/applications/*.desktop
%{_datadir}/pixmaps/*
%dir %{_datadir}/system-config-selinux
%dir %{_datadir}/system-config-selinux/templates
%{_datadir}/system-config-selinux/*.py*
%{_datadir}/system-config-selinux/selinux.tbl
%{_datadir}/system-config-selinux/*.glade
%{_datadir}/system-config-selinux/templates/*.py*
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
# %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
# %config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
%changelog
* Mon Nov 10 2008 ro@suse.de
- package "newrole" with permissions matching
"secure" permissions mode
* Fri Nov 07 2008 ro@suse.de
- buildfix: prevent regeneration of policycoreutils.pot
* Fri Oct 31 2008 prusnak@suse.cz
- use permissions for newrole
* Mon Oct 20 2008 prusnak@suse.cz
- updated to 2.0.57
* Update po files from Dan Walsh.
- updated to 2.0.56
* fixfiles will now remove all files in /tmp and will check for
unlabeled_t in /tmp and /var/tmp from Dan Walsh.
* add glob support to restorecond from Dan Walsh.
* allow semanage to handle multi-line commands in a single transaction
from Dan Walsh.
* Mon Sep 08 2008 prusnak@suse.cz
- fix scriptlets
* Tue Sep 02 2008 prusnak@suse.cz
- updated to 2.0.55
* Merged semanage node support from Christian Kuester.
- updated to 2.0.54
* Add support for boolean files and group support for seusers from Dan Walsh.
* Ensure that setfiles -p output is newline terminated from Russell Coker.
- updated to 2.0.53
* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
- updated sepolgen to 1.0.13
* Only append s0 suffix if MLS is enabled from Karl MacMillan.
- added missing preun/post/postun scriptlets
* Mon Aug 04 2008 ro@suse.de
- add directory to filelist to fix build
* Tue Jul 15 2008 prusnak@suse.cz
- initial version 2.0.52
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>
