From e586ea37409a6724afa328d362dd0a79a436aa5a Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 19 Dec 2022 10:43:48 -0600 Subject: [PATCH] Add RPM spec --- .gitignore | 5 +++ Makefile | 84 ++++++++++++++++++++++++++++++++++++++++++++++-- dch-selinux.spec | 65 +++++++++++++++++++++++++++++++++++++ 3 files changed, 151 insertions(+), 3 deletions(-) create mode 100644 dch-selinux.spec diff --git a/.gitignore b/.gitignore index 5552bee..a168f0e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,7 @@ +BUILD/ +BUILDROOT/ +repo/ tmp/ *.pp +*.rpm +*.tar.xz diff --git a/Makefile b/Makefile index 5030cd4..d6c68e7 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,83 @@ -NAME ?= targetd +NAME ?= targeted +REPO ?= repo -.PHONY: all -all: +RPMBUILDFLAGS = \ + -D "_topdir ${PWD}" \ + -D "_srcrpmdir ${PWD}" \ + -D "_sourcedir ${PWD}" \ + -D "_specdir ${PWD}" \ + -D "_rpmdir ${PWD}" + +ARCH = noarch +VERSION = $(shell rpm -q --qf '%{VERSION}' --specfile dch-selinux.spec) +RELEASE = $(shell rpm -q --qf '%{RELEASE}' --specfile dch-selinux.spec) +TAR = dch-selinux-$(VERSION).tar.xz +SPEC = dch-selinux.spec +RPM = dch-selinux-$(VERSION)-$(RELEASE).$(ARCH).rpm +SRPM = dch-selinux-$(VERSION)-$(RELEASE).src.rpm + +define buildpp $(MAKE) NAME=$(NAME) -f /usr/share/selinux/devel/Makefile +endef + +.PHONY: \ + clean \ + default \ + dist \ + mockbuild \ + pp \ + publish \ + repo \ + rpm \ + srpm + +default: pp + +dch-samba.pp: dch-samba.fc dch-samba.if dch-samba.te + $(call buildpp) + +$(TAR): \ + $(wildcard *.fc) \ + $(wildcard *.if) \ + $(wildcard *.te) + tar -cJf $@ --transform 's/^/dch-selinux-$(VERSION)\//' $^ + +$(RPM): $(SPEC) $(TAR) + rpmbuild $(RPMBUILDFLAGS) -bb -v $< + mv $(ARCH)/$@ $@ + rmdir $(ARCH) + +$(SRPM): $(SPEC) $(TAR) + rpmbuild $(RPMBUILDFLAGS) -bs -v $< + +dist: $(TAR) + +clean: + rm -f *.pp *.rpm *.srpm *.tar.xz + rm -rf BUILD BUILDROOT + rm -rf repo + rm -rf tmp + +mockbuild: $(SRPM) +ifeq ($(MOCKTARGET),) + $(error MOCKTARGET is required, e.g. make MOCKTARGET=fedora-37-x86_64 mockbuild) +endif + mock -r '$(MOCKTARGET)' $(SRPM) + cp -a /var/lib/mock/$(MOCKTARGET)/result/*.noarch.rpm . + +publish: repo +ifeq ($(PUBLISH_HOST),) + $(error PUBLISH_HOST and PUBLISH_PATH are required) +endif + rsync -rtiO --delete $(REPO)/ $(PUBLISH_HOST):$(PUBLISH_PATH) + +repo: + mkdir -p '$(REPO)' + cp *.rpm '$(REPO)'/ + createrepo '$(REPO)' + +rpm: $(RPM) + +srpm: $(SRPM) + +pp: dch-samba.pp diff --git a/dch-selinux.spec b/dch-selinux.spec new file mode 100644 index 0000000..9a25999 --- /dev/null +++ b/dch-selinux.spec @@ -0,0 +1,65 @@ +%global selinux_variants mls targeted + +Name: dch-selinux +Version: 1.0.0 +Release: 1%{?dist} +Summary: Dustin's custom SELinux policy modules + +License: GPLv2+ +URL: https://git.pyrocufflink.net/dustin/dch-selinux +Source0: %{name}-%{version}.tar.xz + +BuildArch: noarch + +BuildRequires: checkpolicy +BuildRequires: hardlink +BuildRequires: selinux-policy-devel + +Requires: selinux-policy >= %{_selinux_policy_version} + +Requires(post): policycoreutils, selinux-policy-base +Requires(postun): policycoreutils + +%description +This is a collection of SELinux policy modules that fix or augment the default +SELinux policy for Fedora/RHEL. + + +%prep +%setup + +%build +for v in %{selinux_variants}; do + make NAME=$v -f %{_datarootdir}/selinux/devel/Makefile + mv dch-samba.pp dch-samba.pp.$v + make NAME=$v -f %{_datarootdir}/selinux/devel/Makefile clean +done + +%install +for v in %{selinux_variants}; do + install -d %{buildroot}%{_datadir}/selinux/$v + install -p -m 644 dch-samba.pp.$v \ + %{buildroot}%{_datadir}/selinux/$v/dch-samba.pp +done +hardlink -cv %{buildroot}%{_datadir}/selinux + + +%post +for v in %{selinux_variants}; do + /usr/sbin/semodule -s $v \ + -i %{_datadir}/selinux/$v/dch-samba.pp >&- 2>&- || : +done + + +%postun +for v in %{selinux_variants}; do + /usr/sbin/semodule -s $v -r dch-samba.pp >&- 2>&- || : +done + + +%files +%{_datadir}/selinux/*/*.pp + +%changelog +* Mon Dec 19 2022 Dustin C. Hatch 1.0.0-1 +- New spec for dch-selinux