File permissions.spec of Package permissions.13182

#
# spec file for package permissions
#
# Copyright (c) 2019 SUSE LLC.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# icecream 0


BuildRequires:  libcap-devel

Name:           permissions
# NOTE: this version is made up. choosing the date for the version was a bad
# idea. we now have 2015... in SLES-12-SP2 and 2017.... in SLES-15-GA so we
# need some date inbetween for SLES-12-SP4. This is it.
Version:        20170707
Release:        0
Provides:       aaa_base:/etc/permissions
PreReq:         %fillup_prereq
Summary:        SUSE Linux Default Permissions
# Maintained in github by the security team. 
License:        GPL-2.0-or-later
Group:          Productivity/Security
Source:         permissions-%{version}.tar.xz
Patch1:         bsc1110797_amanda.patch
Patch2:         0002-singularity-starter-suid.patch
Patch3:         0003-chkstat-fix-privesc-CVE-2019-3690.patch
Patch4:         0004-squid-pinger-owner-fix-CVE-2019-3688.patch
Patch5:         0005-permissions-fix-error-output.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
URL:            http://github.com/openSUSE/permissions

%description
Permission settings of files and directories depending on the
local security settings. The local security setting (easy, secure,
or paranoid) can be configured in /etc/sysconfig/security.

%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p0
%patch4 -p0
%patch5 -p0

%build
make %{?_smp_mflags} CFLAGS="-W -Wall $RPM_OPT_FLAGS" FSCAPS_DEFAULT_ENABLED=0

%install
make DESTDIR="$RPM_BUILD_ROOT" install

%post
%{fillup_only -n security}
# apply all potentially changed permissions
/usr/bin/chkstat --system

%files
%defattr(-,root,root,-)
%config /etc/permissions
%config /etc/permissions.easy
%config /etc/permissions.secure
%config /etc/permissions.paranoid
%config(noreplace) /etc/permissions.local
%{_bindir}/chkstat
%{_mandir}/man5/permissions.5*
%{_mandir}/man8/chkstat.8*
/var/adm/fillup-templates/sysconfig.security

%changelog