Overview

File _service:set_version:apparmor.d.spec of Package apparmor.d

#
# spec file for package apparmor.d
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2023 Christian Boltz
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

# defined in home:cboltz:aa4 to enable abi/4.0
%bcond_with aa4

Name:           apparmor.d
Version:        0.0.git.1714047971.e4c3f1f
Release:        0
Summary:        Set of over 1500 AppArmor profiles
License:        GPL-2.0-only
URL:            https://github.com/roddhjav/apparmor.d
Source:         %{name}-%{version}.tar.xz
Source1:        vendor.tar.gz
# BuildRequires:  git-core # not needed for openSUSE, see https://github.com/roddhjav/apparmor.d/issues/132
BuildRequires:  distribution-release
BuildRequires:  golang-packaging
BuildRequires:  rsync

%description
AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes.

For now, all profiles are packaged in complain mode.

%prep
%autosetup -p1 -a1

%build
# complain mode is default - use "make enforce" for enforce mode.
# Note: some profiles not considered stable yet will still be packaged in complain mode.
%make_build build

%if %{with aa4}
echo "=== building with abi/4.0 ==="
./.build/prebuild --complain --abi4
%else
echo "=== building with abi/3.0 ==="
./.build/prebuild --complain
%endif

%install
%make_install

%posttrans
# workaround for bnc#904620#c8 / lp#1392042
# cache location starting with 2.13
rm -f /var/cache/apparmor/* 2>/dev/null
#restart_on_update apparmor - but non-broken (bnc#853019)
systemctl is-active -q apparmor && systemctl reload apparmor ||:

%files
%license LICENSE
%doc README.md

# libvirtd and virt-aa-helper conflict with the profiles shipped in libvirt-daemon-common
%exclude /etc/apparmor.d/libvirtd
%exclude /etc/apparmor.d/virt-aa-helper
# unix-chkpwd (based on, but not idendical to the apparmor.d profile) is now part of the apparmor-profiles package
%exclude /etc/apparmor.d/unix-chkpwd

%config(noreplace) /etc/apparmor.d/

/usr/bin/aa-log

%dir /usr/lib/systemd/system/*.service.d
/usr/lib/systemd/system/*.service.d/apparmor.conf
%dir /usr/lib/systemd/user/*.service.d
/usr/lib/systemd/user/*.service.d/apparmor.conf

/usr/share/bash-completion/completions/aa-log

%dir /usr/share/zsh
%dir /usr/share/zsh/site-functions
/usr/share/zsh/site-functions/_aa-log.zsh


%changelog
openSUSE Build Service is sponsored by
Places