Пакет selinux-policy-altlinux: Specfile

%define policy_name altlinux
%define date 20140411
%define seconf %_sysconfdir/selinux/config
%define default_mode permissive

Summary: SELinux %policy_name policy
Name: selinux-policy-altlinux
Version: 0.0.18
Release: alt1
License: %distributable
Group: System/Base
Source: %name-%date.tar
BuildArch: noarch

BuildRequires(pre): rpm-build-licenses
Requires(pre): libsemanage
Requires(pre): policycoreutils
Requires(pre): policycoreutils-newrole

Requires: policycoreutils-newrole
Requires: checkpolicy
Requires: policycoreutils-mcstransd
Requires: policycoreutils-gui
Requires: policycoreutils-restorecond
Requires: libshell
Requires: m4
Requires: netlabel_tools
Requires: setools-console

%define policy_conf %_sysconfdir/selinux/%policy_name
%define policy_data %_datadir/selinux/%policy_name

%set_findreq_skiplist /lib/systemd/selinux-autorelabel
%add_findreq_skiplist %_bindir/slrun2

%description
SELinux %policy_name policy

%prep 
%setup -n %name

%install
mkdir %buildroot
cp -a * %buildroot

# Ghost files. Do not actually pack them.
tmpfile=$(mktemp)
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/contexts/files/file_contexts
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/contexts/files/file_contexts.bin
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/contexts/files/file_contexts.homedirs
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/contexts/files/file_contexts.homedirs.bin
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/contexts/files/file_contexts.local
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/contexts/files/file_contexts.local.bin
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/contexts/netfilter_contexts
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/semanage.read.LOCK
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/semanage.trans.LOCK
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/seusers
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/setrans.conf
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/policy/policy.28
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/policy/policy.29
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/base.pp
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/commit_num
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/file_contexts
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/file_contexts.homedirs
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/file_contexts.template
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/homedir_template
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/netfilter_contexts
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/seusers
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/policy.kern
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/seusers.final
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/users_extra
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/policy/policy.28
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/policy/policy.29

# modules
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/modules/dolphin.pp
install -D -m0644 "$tmpfile" %buildroot/%policy_conf/modules/active/modules/xorg.pp


#
# %%post
#
%post

# XXX bug in 'semodule'
mkdir -p %policy_conf/contexts/files
touch %policy_conf/contexts/files/file_contexts.local
# XXX

# Check SeLinux mode and status
# Possible cases:
# 1. SeLinux is enabled, Enforcing is On, current policy is active
# 2. SeLinux is enabled, Enforcing if Off, current policy is active
# 3. SeLinux is enabled, Enforcing is On, another policy is active
# 4. SeLinux is enabled, Enforcing is Off, another policy is active
# 5. SeLinux is disabled

enforce_mode="$(getenforce)"
echo -e "\tCurrent SeLinux enforce mode is: $enforce_mode"

if ! selinuxenabled; then
   echo -e "\tSeLinux is disabled."
fi

# Cleanup previous modules. Existing modules may be a problem to install base policy.
modules="$(semodule -l -s %policy_name | sed -n -e '/[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/ s/[[:space:]].*$//p' | tr '\n' ' ' )"
if [ -n "${modules// /}" ]; then
    echo -e "\tRemove all current (even 3rd party) modules for '%policy_name' policy:"
fi
for i in $modules; do
    echo -e "\t\t* Remove previous module '$i'"
    semodule -n -s %policy_name -r $i
done

# Always install new policy
semodule -n -s %policy_name -b %policy_data/base.pp

# Always install all modules
echo -e "\tActivate modules for '%policy_name' policy:"
for i in %policy_data/modules/*.pp; do
    echo -e "\t\t* Install module '$(basename "$i")'" 
    semodule -n -s %policy_name -i "$i"
done

policy_name_active="$(sestatus | sed -n -e '/policy name/ s/^.\+[[:space:]]//p')"
# Upgrade
if [ $1 -eq 2 ]; then
    if [ "$policy_name_active" = "%policy_name" ]; then
        echo -e "\tSeLinux policy has been updated. Please do a reboot."
    fi
fi

# XXX: suppose there are no other working policy.
# Install
if [ $1 -eq 1 ]; then
    echo "Warning:"
    echo -e "\tSeLinux config '%seconf' is updated with 'SELINUX=%default_mode'"
    ( . shell-config; shell_config_set "%seconf" "SELINUX" "%default_mode" )
    ( . shell-config; shell_config_set "%seconf" "SELINUXTYPE" "%policy_name" )

    # Relabel all FileSystem
    echo -e "\tMake sure to:"
    echo -e "\t\t * Enable SeLinux in kernel."
    echo -e "\t\t * Configure PAM for SeLinux."
    echo -e "\tIt is necessary to relabel FS. Please do a reboot."
    echo -e "\tFor more information visit: http://www.altlinux.org/sl";
    touch /.autorelabel
fi

exit 0 # End of %%post section

#
# %%preun
#
%preun

policy_name_active="$(sestatus | sed -n -e '/policy name/ s/^.\+[[:space:]]//p')"

# The last version of a package is erased
if [ $1 = 0 ]; then
    # Cleanup installed modules
    modules="$(semodule -l -s %policy_name | sed -n -e '/[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/ s/[[:space:]].*$//p' | tr '\n' ' ' )"
    if [ -n "${modules// /}" ]; then
       echo -e "\tCleanup all installed (even 3rd party) modules for '%policy_name' policy:"
    fi
    for i in $modules; do
       echo -e "\t\t* Cleanup module '$i'"
        semodule -n -s %policy_name -r $i
    done
    if [ "$policy_name_active" = "%policy_name" ]; then
        echo "Warning:"
        echo -e "\tSeLinux is disabled in config: %seconf"
        ( . shell-config; shell_config_set "%seconf" "SELINUX" "disabled" )
        echo -e "\tSeLinux policy package '$policy_name_active' is uninstalled completely."
        echo -e "\tPlease reboot computer as soon as possible."
    fi
fi

exit 0 # End of %%preun section

%files
%dir %policy_conf
%dir %policy_conf/contexts
%dir %policy_conf/contexts/users
%dir %policy_conf/contexts/files
%dir %policy_conf/modules
%dir %policy_conf/modules/active
%dir %policy_conf/modules/active/modules
%dir %policy_conf/modules/policy
%dir %policy_conf/policy
%dir %policy_data
%dir %policy_data/support
%dir %policy_data/modules
%dir %_sysconfdir/security/alt.newrole

%policy_conf/contexts/dbus_contexts
%policy_conf/contexts/default_contexts
%policy_conf/contexts/default_type
%policy_conf/contexts/x_contexts
%policy_conf/contexts/netfilter_contexts
%policy_conf/contexts/securetty_types

%policy_conf/contexts/users/*

%policy_data/*.pp
%policy_data/modules/*.pp
%policy_data/*.if

%policy_data/support/*.spt
%policy_data/Makefile

%attr(0755,root,root) %_sysconfdir/security/alt.newrole/helper
%attr(0755,root,root) %_sysconfdir/security/alt.newrole/mkdirs
%config(noreplace) %_sysconfdir/security/alt.newrole/dirs
%config(noreplace) %_sysconfdir/security/alt.newrole/config

%_bindir/slrun
%_bindir/slrun2

/lib/systemd/selinux-autorelabel
%_unitdir/selinux-autorelabel-mark.service
%_unitdir/selinux-autorelabel.service
%_unitdir/sysinit.target.wants/selinux-autorelabel.service

#%%doc /usr/share/doc/selinux-policy-altlinux/README
%doc %_docdir/%name

# Files that are auto created at installation step.
# Let's take care of them.
# List them here, to be removed at rpm-remove stage.
%ghost %policy_conf/contexts/files/file_contexts
%ghost %policy_conf/contexts/files/file_contexts.bin
%ghost %policy_conf/contexts/files/file_contexts.homedirs
%ghost %policy_conf/contexts/files/file_contexts.homedirs.bin
%ghost %policy_conf/contexts/files/file_contexts.local
%ghost %policy_conf/contexts/files/file_contexts.local.bin
%ghost %policy_conf/contexts/netfilter_contexts
%ghost %policy_conf/modules/semanage.read.LOCK
%ghost %policy_conf/modules/semanage.trans.LOCK
%ghost %policy_conf/seusers
%ghost %policy_conf/setrans.conf
%ghost %policy_conf/modules/policy/policy.28
%ghost %policy_conf/modules/policy/policy.29
%ghost %policy_conf/modules/active/base.pp
%ghost %policy_conf/modules/active/commit_num
%ghost %policy_conf/modules/active/file_contexts
%ghost %policy_conf/modules/active/file_contexts.homedirs
%ghost %policy_conf/modules/active/file_contexts.template
%ghost %policy_conf/modules/active/homedir_template
%ghost %policy_conf/modules/active/netfilter_contexts
%ghost %policy_conf/modules/active/seusers
%ghost %policy_conf/modules/active/policy.kern
%ghost %policy_conf/modules/active/seusers.final
%ghost %policy_conf/modules/active/users_extra
%ghost %policy_conf/policy/policy.28
%ghost %policy_conf/policy/policy.29

# modules
%ghost %policy_conf/modules/active/modules/dolphin.pp
%ghost %policy_conf/modules/active/modules/xorg.pp

%changelog
* Fri Apr 11 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.18-alt1
- 20140411

* Thu Apr 10 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.17-alt1
- 20140410

* Tue Apr 08 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.16-alt1
- 20140408

* Mon Apr 07 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.15-alt1
- 20140407

* Thu Apr 03 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.14-alt1
- 20140403

* Fri Feb 07 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.12-alt2
- Remove dependency from kde4libs & systemd

* Wed Jan 22 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.12-alt1
- 20140122

* Fri Jan 17 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.11-alt1
- 20140117 (service's methods)

* Fri Jan 17 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.10-alt1
- 20140117

* Mon Jan 13 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.9-alt1
- Build: 20140113

* Fri Jan 10 2014 Andriy Stepanov <stanv@altlinux.ru> 0.0.8-alt1
- Build: 20140110

* Fri Dec 20 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.7-alt1
- Build: 20131220

* Wed Dec 11 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.6-alt1
- Build: 20131211

* Tue Dec 10 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.5-alt1
- Build: 20131210

* Fri Nov 29 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.4-alt1
- Network stuff

* Fri Nov 29 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.3-alt5
- Build: 20131129

* Thu Nov 28 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.3-alt4
- Build: 20131128

* Wed Nov 27 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.3-alt3
- Add more %%ghost files to RPM spec

* Wed Nov 27 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.3-alt2
- Update RPM spec

* Mon Nov 25 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.3-alt1
- Build: 20131125

* Fri Nov 08 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt8
- Build: 20131108

* Thu Sep 19 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt7
- Build: 20130919

* Tue Sep 17 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt6
- Build: 20130917

* Thu Sep 12 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt5
- Build: 20130912

* Thu Sep 05 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt4
- Build: 20130905

* Thu Jul 25 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt3
- Build: 20130725

* Wed Jun 19 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt2
- Post script for modules

* Wed Jun 19 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.2-alt1
- Build: 20130619

* Mon May 20 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.1-alt4
- Build: 20130520

* Wed Apr 24 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.1-alt3
- Build: 20130425

* Fri Apr 19 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.1-alt2
- Build: 20130422

* Wed Apr 17 2013 Andriy Stepanov <stanv@altlinux.ru> 0.0.1-alt1
- Initial. Build version from: 20130417
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.4.2