File apparmor-utils.spec of Package apparmor-utils

#
# spec file for package apparmor-utils (Version 2.1)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild
# usedforbuild    aaa_base acl attr audit-libs autoconf automake bash binutils bzip2 coreutils cpio cpp cpp42 cracklib cvs diffutils file filesystem fillup findutils gawk gcc gcc42 gdbm gettext gettext-devel glibc glibc-devel glibc-locale grep groff gzip info insserv less libacl libattr libbz2-1 libbz2-devel libdb-4_5 libgcc42 libgomp42 libltdl-3 libmudflap42 libreadline5 libstdc++42 libtool libuuid1 libvolume_id libxcrypt libzio linux-kernel-headers m4 make man mktemp ncurses net-tools netcfg pam pam-modules patch perl perl-base permissions popt rpm sed sysvinit tar texinfo timezone util-linux zlib

Name:           apparmor-utils
%if ! %{?distro:1}0
    %define distro suse
%endif
Summary:        AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
Version:        2.1
Release:        11
Group:          Productivity/Security
Source0:        %{name}-%{version}-981.tar.gz
License:        GPL v2 or later, LGPL v2 or later
Patch0:         syslog_2_1_regex.diff
Patch1:         apparmor-utils-328707-update-repo-profiles-before-execdecision.diff
Patch2:         apparmor-utils-328045-profiles_left_in_complain_mode.diff
Patch3:         apparmor-utils-328033-complain_flags_should_not_be_sent_to_repo.diff
Patch4:         apparmor-utils-logparse.diff
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch
Url:            http://forge.novell.com/modules/xfmod/project/?apparmor
%if %{distro} == "rhel4"
# Bleah, on RHEL4, individual requirements on perl modules are
# calculated, even if the modules are conditionally used.
Requires:       perl
Requires:       /bin/sh
AutoReqProv:    no
Requires:       perl-DateManip
%else
Requires:       perl-TimeDate
%endif
Requires:       perl-DBI perl-DBD-SQLite perl-File-Tail perl-gettext perl-RPC-XML perl-TermReadKey perl-libapparmor
Obsoletes:      subdomain-utils
Provides:       subdomain-utils

%description
This package provides the aa-logprof, aa-genprof, aa-autodep,
aa-enforce, and aa-complain tools to assist with profile authoring.
Besides it provides the aa-unconfined server information tool and the
aa-eventd event reporting system. It is part of a suite of tools that
used to be named SubDomain.



Authors:
--------
    jmichael@suse.de
    seth.arnold@suse.de

%debug_package
%prep
%setup -q
%patch0 -p2
%patch1 -p2
%patch2 -p2
%patch3 -p2
%patch4 -p2


%build
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}

%install
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
make install DESTDIR=${RPM_BUILD_ROOT} DISTRO=%{distro} \
	     BINDIR=${RPM_BUILD_ROOT}%{_prefix}/sbin/ \
	     PERLDIR=${RPM_BUILD_ROOT}%{_prefix}/lib/perl5/vendor_perl/Immunix \
	     MANDIR=%{_mandir}

%clean 
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}

%files
%defattr(-,root,root)
%config /etc/apparmor/*
%{_prefix}/sbin/*
%{_prefix}/lib/perl5/vendor_perl/*
%{_prefix}/share/locale/*/*/apparmor-utils.mo
%dir /var/log/apparmor
%dir /etc/apparmor
%{_mandir}/man*/*
%doc *.[0-9].html
%doc common/apparmor.css

%preun
if [ -x "/usr/sbin/sd-event-dispatch.pl" -a -e "/var/run/sd-event-dispatch.init.pid" ] ; then
	echo "Shutting down SubDomain Event daemon" ;
	/sbin/killproc -p /var/run/sd-event-disptach.init.pid -TERM /usr/sbin/sd-event-dispatch.pl >& /dev/null ;
fi
# only do the following when uninstalling
if [ "$1" = 0 ] ; then
	if [ -x "/usr/sbin/aa-eventd" -a -e "/var/run/aa-eventd.pid" ] ; then
      		echo "Shutting down AppArmor Event daemon" ;
      		/sbin/killproc  -p /var/run/aa-eventd.pid  -TERM /usr/sbin/aa-eventd  >& /dev/null;
   	fi 
fi
%changelog
* Thu Feb 14 2008 - dominicreynolds@gmail.com
- Use AppArmor logparsing library to read log events
* Mon Nov 12 2007 - dominicreynolds@gmail.com
- Fixes for bug #328045 - profiles left in complain mode
- Fixes for bug #328033 - complain enforce status stored in the repository
- Fixes for bug #328707 - tools check for newer repo profile after exec
  decisions, potentially overwriting users choices.
* Mon Sep 17 2007 - dreynolds@suse.de
- Bug 309151 - AppArmor uses test server for repository
- Bug 304491 - profile tools don't work with syslog messages
- Bug 305735 - YaST - edit AppArmor profile does not allow new features
* Tue Aug 21 2007 - dreynolds@suse.de
- Updated spec file for missing directories not owned by a package in the slert
  codebase
  * /usr//locale/share/si /usr/locale/share/si/LC_MESSAGES
- Remove repository config ffom /etc/apparmor/logprof.conf
* Mon Aug 20 2007 - dreynolds@suse.de
- ddrewelow@suse.de
- Update to aa-eventd to use the logparsing library for log events
- Added a dep for the perl logparsing lib
* Mon Aug 20 2007 - dreynolds@suse.de
  [ changes from sbeattie@suse.de, mathias gug (ubuntu), dreynolds@suse.de ]
- Fix for #298840, "apparmor-utils misses perl-TermReadKey dep"
- Skip files suffixed with .dpkg-old Added comments to both file-skipping
  locations referencing the other location that needs to be modified.
- Make the location of logger configurable via /etc/apparmor/logprof.conf
- Added support for capablities and network toggles in #includes.
- Fix problems with missing hotkey for "(S)can for SubDomain Events" in
  genprof. Replace occurances of SubDomain in msgstr with AppArmor.
- New audit manpage
- Updated translations for missing shortcuts in msgstr fields.
- Fixes for "mandatory profile not found" profiling bug, empty configs in
  logprof.conf generating undefined value errors, repository code prompting
user even if no configuration is present that specifies a default repository.
- Remove default/required hats for ssh in logprof.conf
- Minor changes to ensure that removal of the repository section in
  logprof.conf disables repository integration.
- Missing shortcut fixes for german.
* Mon Aug 06 2007 - dreynolds@suse.de
- Added updated translation files.
* Mon Jul 30 2007 - dreynolds@suse.de
- Add support for basic network access control toggles Fate: 300516
- Added support for new mediated security features: file append, and file
  locking
- Fixes for the tools to handle new sematics for directory specificati  on in
  rules
- Updated the tools to support new AppArmor audit message format
- Numerous fixes for the repository integration in genprof/logprof and  YaST
  analogous wizards.
* Mon Jul 16 2007 - dreynolds@suse.de
- Add support for the AppArmor profile repository Fate: 300517
- Changes to support refactored kernel module
  * Read and write new change hat profile syntax Read in the new audit message
  * format used by the module Updated the tools to handle the newer directory
  * mediation in apparmor Fri Apr 13 2007 - sbeattie@suse.de
- Keep genprof from spinning on logfile (#263527)
- Include manpages in package
- Assorted misc minor cleanups/bugfixes
- Translation updates
* Mon Nov 20 2006 - dreynolds@suse.de
- More translation updates
* Mon Nov 20 2006 - dreynolds@suse.de
- Translation updates from the translation team
* Wed Nov 15 2006 - srarnold@suse.de
- Many new translations
- Remove half-baked profilelint.py from tarball
- Bug 215207 - apparmor-profiles: lib-ld missing in the profile now that the
  apparmor-profiles package has removed the ld.so profiles, genprof/autodep
shouldn't be automatically providing 'px' access
* Mon Oct 16 2006 - dreynolds@suse.de
- Add support for syntax checks for profiles Fate: 300906
* Wed Jun 07 2006 - jmichael@suse.de
- add support for the new m mode (#175388)
- add support for the new Px/Ux modes (#172061)
- make aaeventd process all of the events in the log file, not just those that
  occur after it's already running. (#154239)
- look for the changing_profile hint on the next AppArmor or audit line in the
  log file, not strictly the very next in the file.  (#175421)
* Sun Apr 09 2006 - jmichael@suse.de
- remove invalid debugging code that got accidentally left in
* Mon Apr 03 2006 - dreynolds@suse.de
  jmichael@suse.de
- create hats with same enforcement mode as their parent.  bz #158357
- strip some debuging messages that had accidentally been left in and put in
  some missing gettext() localization calls.
- clean up the code to generate a skeleton profile. #118387
- support whitespace in program names and clean up the logprof internals some
  more.  fixes bugzilla #141281
- support $ and + in filenames.  fixes bz #144014 and #144019
* Mon Mar 27 2006 - jmichael@suse.de
- Split aaeventd startup into its own init script so we don't start daemons
  while in the "boot" runlevel (#158613)
- Remove apparmor vim syntax file to stop breaking vim install (#158598)
* Mon Mar 13 2006 - dreynolds@suse.de
  (jmichael@suse.de)
- Switch to use perl-File-Tail and monitor both syslog and audit.log [#151263]
- Add /srv to severity.db #153313
- Fix for missing notification messages #150971
- Fix for empty verbose ssecurity report #151288
- Fix for logprof/genprof skipping mkdir/rmdir/xattr messages from the module
  #152073
* Mon Feb 13 2006 - dreynolds@suse.de
- Ignore vsdo lib output from ldd for autodep
- Include counter (and time) in genprof logmark
* Mon Feb 06 2006 - sbeattie@suse.de
- Only kill aa-eventd on uninstall, not for upgrades
- (jmichael) in reporting, enable/start aaeventd if not already
- Fix signal handling problems when being shutdown
- (seth.arnold) add symlinks for aa-audit, aa-autodep, aa-status
* Sun Jan 29 2006 - sbeattie@suse.de
- Add svn repo number to tarball name
- (dreynolds) Added support for read events from the audit system to:
  genprof/logprof and sd-event-dispatch.pl
- (dreynolds) Renaming changes: apparmor_status, apparmor.vim, aa-eventd, and
  aa- prefix for profile utils
- Fix SubDomain.pm and apparmor_status to deal with module/parser renaming
- (dreynolds) Changes to work with profiles located under /etc/apparmor.d.
- (dreynolds) Disable AALite check
- (seth.arnold) don't drop variables
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Mon Jan 23 2006 - dreynolds@suse.de
- Added support for read events from the audit system to: genprof/logprof and
  sd-event-dispatch.pl
* Fri Dec 09 2005 - sbeattie@suse.de
- drewelow: fix parsing/sql errors in reports bug #137742
- dreynolds: fix unconfined to support securityfs
- jmichael: fix for xattr handling in genprof/logprof
- jmichael: fix genprof/logprof to support securityfs
- fix textdomain() calls to reflect new package name
- fix references to old package name within .po files
* Thu Dec 08 2005 - sbeattie@suse.de
- rename package to apparmor-utils
- relicense package to GPL for open source release
- reset version to 2.0-1
- add /usr/sbin/subdomain_status