File apparmor.spec of Package apparmor.9207

#
# spec file for package apparmor
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2011-2018 Christian Boltz
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


# warning - confusing syntax ahead ;-)
# bcond_with means "disable"
# bcond_without means "enable"
%bcond_with tomcat
%bcond_without pam
%bcond_without apache
%bcond_without perl
%bcond_with python
%bcond_without python3
%bcond_without ruby

%define CATALINA_HOME /usr/share/tomcat6
#define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
#define JNI_SO libJNIChangeHat.so
%define JAR_FILE changeHatValve.jar
%define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR)

Name:           apparmor
Version:        2.12
Release:        0
Summary:        AppArmor userlevel parser utility
License:        GPL-2.0+
Group:          Productivity/Networking/Security
Url:            https://launchpad.net/apparmor
Source0:        apparmor-%{version}.tar.gz
Source1:        apparmor-%{version}.tar.gz.asc
Source2:        %{name}.keyring

Source5:        update-trans.sh
Source6:        baselibs.conf
Source7:        apparmor-rpmlintrc
Source8:        apparmor.service
Source9:        apparmor.systemd
Source10:       aa-teardown

# enable caching of profiles (= massive performance speedup when loading profiles)
Patch1:         apparmor-enable-profile-cache.diff

# include autogenerated profile sniplet for samba shares (bnc#688040)
Patch2:         apparmor-samba-include-permissions-for-shares.diff

# Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
Patch5:         ruby-2_0-mkmf-destdir.patch

# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
Patch7:         apparmor-lessopen-profile.patch

# logparser.py: ignore ouid if it's 2^32 - 1 which means no ouid given in a log event on 32 bit systems (submitted upstream 2017-12-26)
Patch8:         32-bit-no-uid.diff

# make cache write failures a warning instead of an error - (patch from https://gitlab.com/apparmor/apparmor/merge_requests/49 2018-01-04)
Patch9:         parser-write-cache-warn-only.diff

# Disable write cache if filesystem is read-only, don't abort
Patch10:        disable-cache-on-ro-fs.diff
Patch11:	add-dovecot-stats.patch
Patch12:	set-flags-for-profiles-represented-by-glob.patch
Patch13:	fix-regression-in-set-flags.patch
# bug 1092099 - Allow smbd to load new shared libraries. Allow Winbindd to read and write new kerberos cache location
Patch14:        fix-samba-profiles.patch
# bsc#1111345 Backport fix for dnsmasq into Tumbleweed (add permission to open log files)
Patch15:        dnsmasq-Add-permission-to-open-log-files.patch

PreReq:         sed
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor
BuildRequires:  bison
BuildRequires:  dejagnu
BuildRequires:  flex
BuildRequires:  gcc-c++
BuildRequires:  pcre-devel
BuildRequires:  pkg-config
BuildRequires:  python
BuildRequires:  python3-pyflakes
BuildRequires:  perl(Locale::gettext)

BuildRequires:  swig

%if %{with python}
BuildRequires:  python-devel
BuildRequires:  swig
%endif

%if %{with python3}
BuildRequires:  python3-devel
BuildRequires:  swig
%endif

%if %{with ruby}
BuildRequires:  ruby-devel
BuildRequires:  swig
%endif

%if %{with apache}
BuildRequires:  apache2-devel
%endif

%if %{with tomcat}
BuildRequires:  ant
BuildRequires:  java-devel >= 1.6.0
BuildRequires:  tomcat6
%endif

%package parser
Summary:        AppArmor userlevel parser utility
License:        GPL-2.0+
Group:          Productivity/Networking/Security
Obsoletes:      libimnxcert < 2.9
Obsoletes:      subdomain-leaf-cert < 2.9
Obsoletes:      subdomain-parser < 2.9
Obsoletes:      subdomain-parser-common < 2.9
Obsoletes:      subdomain-parser-demo < 2.9
Obsoletes:      subdomain_parser < 2.9
Provides:       libimnxcert = %{version}
Provides:       subdomain-leaf-cert = %{version}
Provides:       subdomain-parser = %{version}
Provides:       subdomain-parser-common = %{version}
Provides:       subdomain-parser-demo = %{version}
Provides:       subdomain_parser = %{version}
Provides:       apparmor-parser(CAP_SYSLOG)
BuildRequires:  systemd-rpm-macros
%{?systemd_requires}

%description parser
The AppArmor Parser is a userlevel program that is used to load in
program profiles to the AppArmor Security kernel module.

This package is part of a suite of tools that used to be named
SubDomain.

%package docs
Summary:        AppArmor Documentation package
License:        GPL-2.0+
Group:          Documentation/Other
BuildArch:      noarch

%description docs
This package contains documentation for AppArmor.

This package is part of a suite of tools that used to be named
SubDomain.

%if %{with apache}

%package -n apache2-mod_apparmor
Summary:        AppArmor module for apache2
License:        GPL-2.0+
Group:          Productivity/Security

%description -n apache2-mod_apparmor
apache2-modapparmor adds support to apache2 to provide AppArmor
confinement to individual cgi scripts handled by apache modules like
mod_php and mod_perl.

This package is part of a suite of tools that used to be named
SubDomain.

The documentation is in the apparmor-admin_en package.

%endif

%if %{with perl}

%package -n perl-apparmor
Summary:        Perl interface for libapparmor functions
License:        GPL-2.0 AND LGPL-2.1+
Group:          Development/Libraries/Perl
Requires:       libapparmor1 = %{version}
Requires:       perl = %{perl_version}
Provides:       perl-libapparmor = %{version}
Obsoletes:      perl-libapparmor < 2.5

%description -n perl-apparmor
This package provides the perl interface to AppArmor. It is used for perl
applications interfacing with AppArmor.

%endif

%if %{with python}

%package -n python-apparmor
Summary:        Python 2 interface for libapparmor functions
License:        GPL-2.0 AND LGPL-2.1+
Group:          Development/Libraries/Python
BuildRequires:  python
Requires:       libapparmor1 = %{version}
Requires:       python = %{python_version}
Requires:       python(abi) = %{python_version}
Provides:       python-libapparmor = %{version}
Obsoletes:      python-libapparmor < 2.5

%description -n python-apparmor
This package provides the python interface to AppArmor. It is used for python
applications interfacing with AppArmor.

%endif

%if %{with python3}

%package -n python3-apparmor
Summary:        Python 3 interface for libapparmor functions
License:        GPL-2.0 AND LGPL-2.1+
Group:          Development/Libraries/Python
Requires:       libapparmor1 = %{version}
Requires:       python = %{py3_ver}
Requires:       python(abi) = %{py3_ver}
Provides:       python-libapparmor = %{version}

%description -n python3-apparmor
This package provides the python interface to AppArmor. It is used for python
applications interfacing with AppArmor.

%endif

%if %{with ruby}

%package -n ruby-apparmor
Summary:        Ruby interface for libapparmor functions
License:        GPL-2.0 AND LGPL-2.1+
Group:          Development/Languages/Ruby
Requires:       libapparmor1 = %{version}
Requires:       ruby = %(rpm -q --qf '%%{version}' ruby)
Provides:       ruby-libapparmor = %{version}
Obsoletes:      ruby-libapparmor < 2.5

%description -n ruby-apparmor
This package provides the ruby interface to AppArmor. It is used for ruby
applications interfacing with AppArmor.

%endif

%package abstractions
Summary:        AppArmor abstractions and directory structure
License:        GPL-2.0 AND LGPL-2.1+
Group:          Productivity/Security
Requires:       apparmor-parser(CAP_SYSLOG)
BuildArch:      noarch

%description abstractions
AppArmor abstractions (common parts used in various profiles) and
the /etc/apparmor.d/ directory structure.

AppArmor is a file and network mandatory access control mechanism.
AppArmor confines processes to the resources allowed by the systems
administrator and can constrain the scope of potential security
vulnerabilities.

This package is part of a suite of tools that used to be named
SubDomain.

%package profiles
Summary:        AppArmor profiles that are loaded into the apparmor kernel module
License:        GPL-2.0 AND LGPL-2.1+
Group:          Productivity/Security
Requires:       apparmor-abstractions >= %{version}
Requires:       apparmor-parser(CAP_SYSLOG)
Obsoletes:      subdomain-profiles < 2.9
Provides:       subdomain-profiles = %{version}
BuildArch:      noarch

%description profiles
Base profiles. AppArmor is a file and network mandatory access control
mechanism. AppArmor confines processes to the resources allowed by the
systems administrator and can constrain the scope of potential security
vulnerabilities.

This package is part of a suite of tools that used to be named
SubDomain.

%package utils
Summary:        AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
License:        GPL-2.0 AND LGPL-2.1+
Group:          Productivity/Security
Requires:       libapparmor1 = %{version}
# some of the tools are still perl-based (aa-decode and aa-notify)
Requires:       perl = %{perl_version}
Requires:       perl-apparmor = %{version}
%if %{with python3}
Requires:       python3-apparmor = %{version}
Requires:       python3-base
%else
Requires:       python-apparmor = %{version}
Requires:       python-base
%endif
# aa-unconfined needs ss
Recommends:     iproute2
# aa-notify -p needs notify-send (only "Suggests", see boo#1067477)
Suggests:       libnotify-tools
BuildArch:      noarch

%description utils
This package provides the aa-logprof, aa-genprof, aa-autodep,
aa-enforce, and aa-complain tools to assist with profile authoring.
Besides it provides the aa-unconfined server information tool.
It is part of a suite of tools that used to be named SubDomain.

%if %{with tomcat}

%package -n tomcat_apparmor
Summary:        Tomcat 6 plugin for AppArmor change_hat
License:        GPL-2.0 AND LGPL-2.1+
Group:          System/Libraries
Requires:       libapparmor1 = %{version}
Requires:       tomcat6

%description -n tomcat_apparmor
tomcat_apparmor - is a plugin for Apache Tomcat version 6 that
provides support for AppArmor change_hat for creating AppArmor
containers that are bound to discrete elements of processing within the
Tomcat servlet container. The AppArmor containers, or "hats", can be
created for individual URL processing or per servlet.

%endif

%if %{with pam}

%package -n pam_apparmor
Summary:        PAM module for AppArmor change_hat
License:        GPL-2.0 AND LGPL-2.1+
Group:          Productivity/Security
BuildRequires:  pam-devel
PreReq:         pam
PreReq:         pam-config
Requires:       pam
Requires:       pam-config

%description -n pam_apparmor
The pam_apparmor module provides the means for any PAM applications
that call pam_open_session() to automatically perform an AppArmor
change_hat operation in order to switch to a user-specific security
policy.

%endif

%description
The AppArmor Parser is a userlevel program that is used to load in
program profiles to the AppArmor Security kernel module.

This package is part of a suite of tools that used to be named
SubDomain.

%lang_package -n apparmor-utils
%lang_package -n apparmor-parser

%prep
%setup -q
%patch1 -p1
%patch2
%patch5 -p1
%patch7
%patch8 -p1
%patch9 -p1
%patch10 -p0
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1

%build
export SUSE_ASNEEDED=0

%if %{with python3}
export PYTHON=/usr/bin/python3
%endif

# libapparmor:
(
  cd ./libraries/libapparmor
  %configure \
%if %{with perl}
  --with-perl \
%endif
%if %{with python}%{with python3}
  --with-python \
%else
  --without-python \
%endif
%if %{with ruby}
  --with-ruby \
%else
  --without-ruby \
%endif

  make
)

# Utilities:
make -C utils

# binutils
make -C binutils

# parser:
make -C parser V=1

# Apache mod_apparmor:
%if %{with apache}
  make -C changehat/mod_apparmor
%endif

# PAM AppArmor:
%if %{with pam}
  make -C changehat/pam_apparmor
%endif

# Profiles:
make -C profiles

%if %{with tomcat}
  make -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{CATALINA_HOME}
%endif

%check
%if %{with python3}
export PYTHON=/usr/bin/python3
export PYTHON_VERSIONS=python3
%endif

make check -C libraries/libapparmor
make check -C parser
make check -C binutils

# profiles make check fails for the utils (libapparmor PYTHONPATH issues), therefore only do parser-based checks
# also, check-parser breaks if using 'make -C' (but works if cd'ing into the directory)
(cd profiles && make check-parser)

make check -C utils

%install

%if %{with python3}
export PYTHON=/usr/bin/python3
%endif

# libapparmor: swig bindings only, libapparmor is packaged via libapparmor.spec
%makeinstall -C libraries/libapparmor/swig

# utilities
%makeinstall -C utils
test ! -x %{buildroot}/%{_bindir}/aa-easyprof && chmod +x %{buildroot}/%{_bindir}/aa-easyprof # https://bugs.launchpad.net/apparmor/+bug/1366568
mkdir -p %{buildroot}%{_localstatedir}/log/apparmor

# binutils
%makeinstall -C binutils
( cd %{buildroot}/%{_sbindir} && ln -s %{_bindir}/aa-exec exec )

%makeinstall -C profiles

%makeinstall -C parser
# default cache dir is /etc/apparmor.d/cache - not the best location.
# Use /var/lib/apparmor/cache and make /etc/apparmor.d/cache a symlink to it
mkdir -p %{buildroot}%{_localstatedir}/lib/apparmor/cache
( cd %{buildroot}/%{_sysconfdir}/apparmor.d/ && ln -s ../../%{_localstatedir}/lib/apparmor/cache cache )

%if %{with apache}
  %makeinstall -C changehat/mod_apparmor
%endif

%if %{with pam}
  %makeinstall -C changehat/pam_apparmor SECDIR=%{buildroot}/%{_lib}/security
%endif

%if %{with tomcat}
  mkdir -p %{buildroot}/%{CATALINA_HOME}
  %makeinstall -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{buildroot}/%{CATALINA_HOME}
%endif

find %{buildroot} -name .packlist -exec rm -vf {} \;
find %{buildroot} -name perllocal.pod -exec rm -vf {} \;

# Re-create the links to the old names, but only for tools and manpages that had it for historic reasons[tm].
# Tools and manpages added in >= 2.9 won't get symlinks without aa- prefix
for file in %{buildroot}%{_prefix}/{sbin,share/man/man[0-9]}/aa-*; do
    d=$(dirname $file)
    f=$(basename $file)
    case "${f#aa-}" in
        audit    | autodep    | complain    | decode | disable                  | enforce    | exec    | genprof    | logprof    | notify   | status   | unconfined  | \
        audit.8* | autodep.8* | complain.8*          | disable.8* | easyprof.8* | enforce.8* | exec.1* | genprof.8* | logprof.8* | notify.8 | status.8 | unconfined.8* )
            if [ "${f#aa-}" != "$f" ]; then
                ln -s $f $d/${f#aa-}
            fi
        ;;
    esac
done

mv -f %{buildroot}%{_mandir}/man8/{status.8,apparmor_status.8}
mv -f %{buildroot}%{_mandir}/man8/{notify.8,apparmor_notify.8}
rm -f %{buildroot}%{_mandir}/man8/decode.8

for pkg in apparmor-utils apparmor-parser aa-binutils; do
    %find_lang $pkg
done

# remove *.la files
rm -fv %{buildroot}%{_libdir}/libapparmor.la

# Adjust for systemd
test ! -f %{buildroot}%{_unitdir}/apparmor.service
install -D -m0644 %{S:8} %{buildroot}%{_unitdir}/apparmor.service
test ! -f %{buildroot}%{apparmor_bin_prefix}/apparmor.systemd
install -m0755 %{S:9} %{buildroot}%{apparmor_bin_prefix}
test ! -f %{buildroot}%{_sbindir}/aa-teardown
install -m0755 %{S:10} %{buildroot}%{_sbindir}
rm %{buildroot}%{_sysconfdir}/init.d/boot.apparmor
rm %{buildroot}/sbin/rcsubdomain
ln -sf service %{buildroot}/sbin/rcapparmor

echo -------------------------------------------------------------------
#find -ls
echo -------------------------------------------------------------------
#find %{buildroot} -ls
echo -------------------------------------------------------------------

%files docs
%defattr(-,root,root)
%doc parser/*.[1-9].html
%doc utils/vim/apparmor.vim.5.html
%doc common/apparmor.css
%doc parser/techdoc.pdf
# apparmor.vim is included in the vim package. Ideally it should be in a -devel package, but that's overmuch for one file
%dir %{_datadir}/apparmor
%{_datadir}/apparmor/apparmor.vim

%files parser
%defattr(-,root,root)
%doc parser/README parser/COPYING.GPL
/sbin/apparmor_parser
%{_bindir}/aa-enabled
%{_bindir}/aa-exec
%{_sbindir}/aa-teardown
%dir %attr(-, root, root) %{_sysconfdir}/apparmor
%dir %{_sysconfdir}/apparmor.d
%{_sysconfdir}/apparmor.d/cache
/sbin/rcapparmor
%{_unitdir}/apparmor.service
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
%config(noreplace) %{_sysconfdir}/apparmor/parser.conf
%{_localstatedir}/lib/apparmor
%dir %attr(-, root, root) %{apparmor_bin_prefix}
%{apparmor_bin_prefix}/rc.apparmor.functions
%{apparmor_bin_prefix}/apparmor.systemd
%doc %{_mandir}/man1/aa-enabled.1.gz
%doc %{_mandir}/man1/aa-exec.1.gz
%doc %{_mandir}/man1/exec.1.gz
%doc %{_mandir}/man5/apparmor.d.5.gz
%doc %{_mandir}/man5/apparmor.vim.5.gz
%doc %{_mandir}/man5/subdomain.conf.5.gz
%doc %{_mandir}/man7/apparmor.7.gz
%doc %{_mandir}/man8/apparmor_parser.8.gz

%pre parser
if [ -f %{_sysconfdir}/init.d/subdomain ] ; then
  chkconfig --del subdomain
fi
%service_add_pre apparmor.service

%files parser-lang -f apparmor-parser.lang -f aa-binutils.lang
%defattr(-,root,root)

%files abstractions
%defattr(644,root,root,755)
%dir %{_sysconfdir}/apparmor.d/
%dir %{_sysconfdir}/apparmor.d/abstractions
%config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/*
%dir %{_sysconfdir}/apparmor.d/disable
%dir %{_sysconfdir}/apparmor.d/local
%dir %{_sysconfdir}/apparmor.d/tunables
%config(noreplace) %{_sysconfdir}/apparmor.d/tunables/*

%files profiles
%defattr(644,root,root,755)
%dir %{_sysconfdir}/apparmor.d/apache2.d
%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
%config(noreplace) %{_sysconfdir}/apparmor.d/bin.*
%config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
%config(noreplace) %{_sysconfdir}/apparmor.d/local/*
/usr/share/apparmor/extra-profiles/

%files utils
%defattr(-,root,root)
%dir %{_sysconfdir}/apparmor
%config(noreplace) %{_sysconfdir}/apparmor/easyprof.conf
%config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
%config(noreplace) %{_sysconfdir}/apparmor/notify.conf
%config(noreplace) %{_sysconfdir}/apparmor/severity.db
%{_sbindir}/aa-audit
%{_sbindir}/aa-autodep
%{_sbindir}/aa-cleanprof
%{_sbindir}/aa-complain
%{_sbindir}/aa-decode
%{_sbindir}/aa-disable
%{_sbindir}/aa-enforce
%{_sbindir}/aa-genprof
%{_sbindir}/aa-logprof
%{_sbindir}/aa-mergeprof
%{_sbindir}/aa-notify
%{_sbindir}/aa-remove-unknown
%{_sbindir}/aa-status
%{_sbindir}/aa-unconfined
%{_sbindir}/apparmor_status
%{_sbindir}/audit
%{_sbindir}/autodep
%{_sbindir}/complain
%{_sbindir}/decode
%{_sbindir}/disable
%{_sbindir}/enforce
%{_sbindir}/exec
%{_sbindir}/genprof
%{_sbindir}/logprof
%{_sbindir}/notify
%{_sbindir}/status
%{_sbindir}/unconfined
%{_bindir}/aa-easyprof
%dir %{_datadir}/apparmor
%{_datadir}/apparmor/easyprof/
%dir %{_localstatedir}/log/apparmor
%doc %{_mandir}/man5/logprof.conf.5.gz
%doc %{_mandir}/man8/apparmor_notify.8.gz
%doc %{_mandir}/man8/aa-audit.8.gz
%doc %{_mandir}/man8/aa-autodep.8.gz
%doc %{_mandir}/man8/aa-cleanprof.8.gz
%doc %{_mandir}/man8/aa-complain.8.gz
%doc %{_mandir}/man8/aa-decode.8.gz
%doc %{_mandir}/man8/aa-disable.8.gz
%doc %{_mandir}/man8/aa-easyprof.8.gz
%doc %{_mandir}/man8/aa-enforce.8.gz
%doc %{_mandir}/man8/aa-genprof.8.gz
%doc %{_mandir}/man8/aa-logprof.8.gz
%doc %{_mandir}/man8/aa-mergeprof.8.gz
%doc %{_mandir}/man8/aa-notify.8.gz
%doc %{_mandir}/man8/aa-remove-unknown.8.gz
%doc %{_mandir}/man8/aa-status.8.gz
%doc %{_mandir}/man8/aa-unconfined.8.gz

%doc %{_mandir}/man8/apparmor_status.8.gz
%doc %{_mandir}/man8/audit.8.gz
%doc %{_mandir}/man8/autodep.8.gz
%doc %{_mandir}/man8/complain.8.gz
%doc %{_mandir}/man8/disable.8.gz
%doc %{_mandir}/man8/easyprof.8.gz
%doc %{_mandir}/man8/enforce.8.gz
%doc %{_mandir}/man8/genprof.8.gz
%doc %{_mandir}/man8/logprof.8.gz
%doc %{_mandir}/man8/unconfined.8.gz
%doc utils/*.[0-9].html
%doc common/apparmor.css

%files utils-lang -f apparmor-utils.lang

%if %{with perl}
%files -n perl-apparmor
%defattr(-,root,root)
%{perl_vendorarch}/auto/LibAppArmor/
%{perl_vendorarch}/LibAppArmor.pm
%endif

%if %{with python}

%files -n python-apparmor
%defattr(-,root,root)
%{python_sitearch}/LibAppArmor-%{version}-py%{python_version}.egg-info
%dir %{python_sitearch}/LibAppArmor
%{python_sitearch}/LibAppArmor/_LibAppArmor.so
%{python_sitearch}/LibAppArmor/__init__.py
%{python_sitearch}/LibAppArmor/__init__.pyc
%{python_sitelib}/apparmor/
%{python_sitelib}/apparmor-%{version}-py%{python_version}.egg-info
%endif

%if %{with python3}

%files -n python3-apparmor
%defattr(-,root,root)
%{python3_sitearch}/LibAppArmor-%{version}-py*.egg-info
%dir %{python3_sitearch}/LibAppArmor
%dir %{python3_sitearch}/LibAppArmor/__pycache__
%{python3_sitearch}/LibAppArmor/_LibAppArmor.cpython-*.so
%{python3_sitearch}/LibAppArmor/__pycache__/__init__.cpython-*.pyc
%{python3_sitearch}/LibAppArmor/__pycache__/LibAppArmor.cpython-*.pyc
%{python3_sitearch}/LibAppArmor/__init__.py
%{python3_sitearch}/LibAppArmor/LibAppArmor.py
%{python3_sitelib}/apparmor/
%{python3_sitelib}/apparmor-%{version}-py*.egg-info
%endif

%if %{with ruby}

%files -n ruby-apparmor
%defattr(-,root,root)
%{rb_sitearchdir}/LibAppArmor.so
%endif

%if %{with pam}

%files -n pam_apparmor
%defattr(444,root,root,755)
%attr(555,root,root) /%{_lib}/security/pam_apparmor.so
%endif

%if %{with tomcat}

%files -n tomcat_apparmor
%defattr(-,root,root)
%{CATALINA_HOME}/lib/%{JAR_FILE}
%{_libdir}/libJNI*
%doc %attr(0644,root,root) changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor
%endif

%if %{with apache}

%files -n apache2-mod_apparmor
%defattr(-,root,root)
%{apache_module_path}/mod_apparmor.so
%doc %{_mandir}/man8/mod_apparmor.8.gz
%endif

%post parser
%service_add_post apparmor.service

%preun parser
%service_del_preun apparmor.service

%postun parser
# don't call try-restart, see bnc#853019
export DISABLE_RESTART_ON_UPDATE="yes"
%service_del_postun apparmor.service

%post abstractions
#restart_on_update apparmor - but non-broken (bnc#853019)
systemctl is-active -q apparmor && systemctl reload apparmor ||:

%post profiles
# workaround for bnc#904620#c8 / lp#1392042
rm -f /var/lib/apparmor/cache/* 2>/dev/null
#restart_on_update apparmor - but non-broken (bnc#853019)
systemctl is-active -q apparmor && systemctl reload apparmor ||:

%if %{with tomcat}

%post -n tomcat_apparmor -p /sbin/ldconfig

%postun -n tomcat_apparmor -p /sbin/ldconfig
%endif

%if %{with pam}

%post -n pam_apparmor
pam-config -a --apparmor
pam-config --update

%postun -n pam_apparmor
pam-config -d --apparmor
pam-config --update
%endif

%changelog
openSUSE Build Service is sponsored by