2013-01-22 22:23:19 +00:00
|
|
|
%define ruby_inc %(pkg-config --cflags ruby)
|
2024-06-27 14:28:30 +00:00
|
|
|
%define libsepolver 3.7-1
|
2018-04-23 11:21:56 +00:00
|
|
|
|
2004-09-09 07:41:25 +00:00
|
|
|
Summary: SELinux library and simple utilities
|
|
|
|
Name: libselinux
|
2024-06-27 14:28:30 +00:00
|
|
|
Version: 3.7
|
2024-10-29 15:44:07 +00:00
|
|
|
Release: 4%{?dist}
|
2022-11-09 16:15:43 +00:00
|
|
|
License: LicenseRef-Fedora-Public-Domain
|
2015-04-21 12:38:05 +00:00
|
|
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
2024-06-27 14:28:30 +00:00
|
|
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz
|
2024-06-27 14:35:42 +00:00
|
|
|
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc
|
|
|
|
Source2: https://github.com/bachradsusi.gpg
|
|
|
|
Source3: selinuxconlist.8
|
|
|
|
Source4: selinuxdefcon.8
|
|
|
|
|
2015-02-06 18:05:31 +00:00
|
|
|
Url: https://github.com/SELinuxProject/selinux/wiki
|
2019-10-15 14:38:59 +00:00
|
|
|
# $ git clone https://github.com/fedora-selinux/selinux.git
|
2019-05-09 15:26:36 +00:00
|
|
|
# $ cd selinux
|
2024-06-27 14:28:30 +00:00
|
|
|
# $ git format-patch -N 3.7 -- libselinux
|
2019-05-09 15:26:36 +00:00
|
|
|
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
2019-10-15 14:38:59 +00:00
|
|
|
# Patch list start
|
2022-12-23 15:28:38 +00:00
|
|
|
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
|
2024-07-09 19:36:54 +00:00
|
|
|
Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch
|
2024-08-09 15:52:55 +00:00
|
|
|
Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch
|
|
|
|
Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
|
2024-10-17 06:44:31 +00:00
|
|
|
Patch0005: 0005-libselinux-deprecate-security_disable-3.patch
|
|
|
|
Patch0006: 0006-libselinux-fix-swig-bindings-for-4.3.0.patch
|
2019-10-15 14:38:59 +00:00
|
|
|
# Patch list end
|
2020-11-04 19:21:31 +00:00
|
|
|
BuildRequires: gcc make
|
2024-04-01 18:25:35 +00:00
|
|
|
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
|
2023-05-26 09:32:55 +00:00
|
|
|
BuildRequires: python3 python3-devel python3-setuptools python3-wheel python3-pip
|
2017-08-02 08:50:28 +00:00
|
|
|
BuildRequires: systemd
|
2024-06-27 14:35:42 +00:00
|
|
|
BuildRequires: gnupg2
|
2017-09-26 19:24:15 +00:00
|
|
|
Requires: libsepol%{?_isa} >= %{libsepolver} pcre2
|
2015-07-21 08:50:08 +00:00
|
|
|
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
2004-09-09 07:41:25 +00:00
|
|
|
|
|
|
|
%description
|
2005-09-29 02:12:47 +00:00
|
|
|
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
2004-09-09 07:41:25 +00:00
|
|
|
of utilities with enhanced security functionality designed to add
|
|
|
|
mandatory access controls to Linux. The Security-enhanced Linux
|
|
|
|
kernel contains new architectural components originally developed to
|
|
|
|
improve the security of the Flask operating system. These
|
|
|
|
architectural components provide general support for the enforcement
|
|
|
|
of many kinds of mandatory access control policies, including those
|
|
|
|
based on the concepts of Type Enforcement®, Role-based Access
|
|
|
|
Control, and Multi-level Security.
|
|
|
|
|
|
|
|
libselinux provides an API for SELinux applications to get and set
|
|
|
|
process and file security contexts and to obtain security policy
|
|
|
|
decisions. Required for any applications that use the SELinux API.
|
|
|
|
|
2008-09-09 19:07:33 +00:00
|
|
|
%package utils
|
2019-05-31 06:21:02 +00:00
|
|
|
Summary: SELinux libselinux utilities
|
2016-02-26 15:50:49 +00:00
|
|
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
2008-09-09 19:07:33 +00:00
|
|
|
|
|
|
|
%description utils
|
|
|
|
The libselinux-utils package contains the utilities
|
|
|
|
|
2017-08-12 12:26:21 +00:00
|
|
|
%package -n python3-libselinux
|
2010-06-16 13:23:15 +00:00
|
|
|
Summary: SELinux python 3 bindings for libselinux
|
2016-02-26 15:50:49 +00:00
|
|
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
2017-08-12 12:26:21 +00:00
|
|
|
%{?python_provide:%python_provide python3-libselinux}
|
|
|
|
# Remove before F30
|
2017-08-19 20:44:54 +00:00
|
|
|
Provides: %{name}-python3 = %{version}-%{release}
|
2017-08-12 12:26:21 +00:00
|
|
|
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
|
|
|
|
Obsoletes: %{name}-python3 < %{version}-%{release}
|
2010-06-16 13:23:15 +00:00
|
|
|
|
2017-08-12 12:26:21 +00:00
|
|
|
%description -n python3-libselinux
|
2010-06-16 13:23:15 +00:00
|
|
|
The libselinux-python3 package contains python 3 bindings for developing
|
|
|
|
SELinux applications.
|
|
|
|
|
2008-07-09 20:57:21 +00:00
|
|
|
%package ruby
|
|
|
|
Summary: SELinux ruby bindings for libselinux
|
2016-02-26 15:50:49 +00:00
|
|
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
2009-06-24 21:37:23 +00:00
|
|
|
Provides: ruby(selinux)
|
2008-07-09 20:57:21 +00:00
|
|
|
|
|
|
|
%description ruby
|
|
|
|
The libselinux-ruby package contains the ruby bindings for developing
|
|
|
|
SELinux applications.
|
|
|
|
|
2004-09-09 07:41:25 +00:00
|
|
|
%package devel
|
|
|
|
Summary: Header files and libraries used to build SELinux
|
2016-02-26 15:50:49 +00:00
|
|
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
|
Requires: libsepol-devel%{?_isa} >= %{libsepolver}
|
2004-09-09 07:41:25 +00:00
|
|
|
|
|
|
|
%description devel
|
2008-01-21 21:42:38 +00:00
|
|
|
The libselinux-devel package contains the libraries and header files
|
|
|
|
needed for developing SELinux applications.
|
|
|
|
|
|
|
|
%package static
|
|
|
|
Summary: Static libraries used to build SELinux
|
2016-02-26 15:50:49 +00:00
|
|
|
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
2008-01-21 21:42:38 +00:00
|
|
|
|
|
|
|
%description static
|
|
|
|
The libselinux-static package contains the static libraries
|
2004-09-09 07:41:25 +00:00
|
|
|
needed for developing SELinux applications.
|
|
|
|
|
|
|
|
%prep
|
2024-06-27 14:35:42 +00:00
|
|
|
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
2023-12-14 08:46:25 +00:00
|
|
|
%autosetup -p 2 -n libselinux-%{version}
|
2005-02-21 14:10:27 +00:00
|
|
|
|
2004-09-09 07:41:25 +00:00
|
|
|
%build
|
2015-12-10 16:55:10 +00:00
|
|
|
export DISABLE_RPM="y"
|
2017-08-07 11:56:34 +00:00
|
|
|
export USE_PCRE2="y"
|
2015-08-14 18:51:07 +00:00
|
|
|
|
2019-03-11 09:56:01 +00:00
|
|
|
%set_build_flags
|
2020-07-21 17:48:47 +00:00
|
|
|
CFLAGS="$CFLAGS -fno-semantic-interposition"
|
2019-03-11 09:56:01 +00:00
|
|
|
|
2010-06-16 13:23:15 +00:00
|
|
|
# To support building the Python wrapper against multiple Python runtimes
|
|
|
|
# Define a function, for how to perform a "build" of the python wrapper against
|
|
|
|
# a specific runtime:
|
|
|
|
BuildPythonWrapper() {
|
|
|
|
BinaryName=$1
|
|
|
|
|
|
|
|
# Perform the build from the upstream Makefile:
|
2020-07-21 17:48:47 +00:00
|
|
|
%make_build \
|
2011-08-22 15:04:32 +00:00
|
|
|
PYTHON=$BinaryName \
|
2020-07-21 17:48:47 +00:00
|
|
|
LIBDIR="%{_libdir}" \
|
2010-06-16 13:23:15 +00:00
|
|
|
pywrap
|
|
|
|
}
|
|
|
|
|
2020-07-13 22:30:57 +00:00
|
|
|
%make_build LIBDIR="%{_libdir}" swigify
|
|
|
|
%make_build LIBDIR="%{_libdir}" all
|
2010-06-16 13:23:15 +00:00
|
|
|
|
2011-08-22 15:04:32 +00:00
|
|
|
BuildPythonWrapper %{__python3}
|
2010-06-16 13:23:15 +00:00
|
|
|
|
2020-07-13 22:30:57 +00:00
|
|
|
%make_build RUBYINC="%{ruby_inc}" SHLIBDIR="%{_libdir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" rubywrap
|
2004-09-09 07:41:25 +00:00
|
|
|
|
|
|
|
%install
|
2010-06-16 13:23:15 +00:00
|
|
|
InstallPythonWrapper() {
|
|
|
|
BinaryName=$1
|
|
|
|
|
|
|
|
make \
|
2011-08-22 15:04:32 +00:00
|
|
|
PYTHON=$BinaryName \
|
2018-03-13 11:39:22 +00:00
|
|
|
DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" \
|
|
|
|
SHLIBDIR="%{_lib}" BINDIR="%{_bindir}" \
|
|
|
|
SBINDIR="%{_sbindir}" \
|
2017-08-07 11:56:34 +00:00
|
|
|
LIBSEPOLA="%{_libdir}/libsepol.a" \
|
2012-01-27 19:50:47 +00:00
|
|
|
install-pywrap
|
2010-06-16 13:23:15 +00:00
|
|
|
}
|
|
|
|
|
2006-05-17 00:49:24 +00:00
|
|
|
rm -rf %{buildroot}
|
2017-08-02 08:50:28 +00:00
|
|
|
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
|
mkdir -p %{buildroot}%{_libdir}
|
|
|
|
mkdir -p %{buildroot}%{_includedir}
|
2006-05-17 00:49:24 +00:00
|
|
|
mkdir -p %{buildroot}%{_sbindir}
|
2017-08-02 08:50:28 +00:00
|
|
|
install -d -m 0755 %{buildroot}%{_rundir}/setrans
|
|
|
|
echo "d %{_rundir}/setrans 0755 root root" > %{buildroot}%{_tmpfilesdir}/libselinux.conf
|
2006-05-08 14:08:21 +00:00
|
|
|
|
2011-08-22 15:04:32 +00:00
|
|
|
InstallPythonWrapper %{__python3}
|
2010-06-16 13:23:15 +00:00
|
|
|
|
2020-07-21 17:48:47 +00:00
|
|
|
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}"
|
|
|
|
make DESTDIR="%{buildroot}" RUBYINSTALL=%{ruby_vendorarchdir} install-rubywrap
|
2004-09-09 07:41:25 +00:00
|
|
|
|
2004-10-27 20:53:11 +00:00
|
|
|
# Nuke the files we don't want to distribute
|
2006-05-17 00:49:24 +00:00
|
|
|
rm -f %{buildroot}%{_sbindir}/compute_*
|
|
|
|
rm -f %{buildroot}%{_sbindir}/deftype
|
|
|
|
rm -f %{buildroot}%{_sbindir}/execcon
|
|
|
|
rm -f %{buildroot}%{_sbindir}/getenforcemode
|
|
|
|
rm -f %{buildroot}%{_sbindir}/getfilecon
|
|
|
|
rm -f %{buildroot}%{_sbindir}/getpidcon
|
|
|
|
rm -f %{buildroot}%{_sbindir}/mkdircon
|
|
|
|
rm -f %{buildroot}%{_sbindir}/policyvers
|
|
|
|
rm -f %{buildroot}%{_sbindir}/setfilecon
|
|
|
|
rm -f %{buildroot}%{_sbindir}/selinuxconfig
|
|
|
|
rm -f %{buildroot}%{_sbindir}/selinuxdisable
|
2006-05-30 12:44:31 +00:00
|
|
|
rm -f %{buildroot}%{_sbindir}/getseuser
|
2013-03-06 17:18:42 +00:00
|
|
|
rm -f %{buildroot}%{_sbindir}/togglesebool
|
2007-01-05 17:54:21 +00:00
|
|
|
rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
|
2008-05-07 17:34:12 +00:00
|
|
|
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
|
|
|
|
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
|
2012-10-25 20:27:52 +00:00
|
|
|
install -d %{buildroot}%{_mandir}/man8/
|
2024-06-27 14:35:42 +00:00
|
|
|
install -m 644 %{SOURCE3} %{buildroot}%{_mandir}/man8/
|
|
|
|
install -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man8/
|
2013-12-05 20:44:38 +00:00
|
|
|
rm -f %{buildroot}%{_mandir}/man8/togglesebool*
|
2004-10-27 20:53:11 +00:00
|
|
|
|
2018-02-03 17:19:15 +00:00
|
|
|
%ldconfig_scriptlets
|
2004-09-09 07:41:25 +00:00
|
|
|
|
2005-11-28 22:02:25 +00:00
|
|
|
%files
|
2017-02-02 01:28:46 +00:00
|
|
|
%license LICENSE
|
install everything in /usr
This patch is needed for the /usr-move feature
https://fedoraproject.org/wiki/Features/UsrMove
This package requires now 'filesystem' >= 3, which is only installable
on a system which has /bin, /sbin, /lib, /lib64 as symlinks to /usr and
not regular directories. The 'filesystem' package acts as a guard, to
prevent *this* package to be installed on old unconverted systems.
New installations will have the 'filesystem' >=3 layout right away, old
installations need to be converted with anaconda or dracut first; only
after that, the 'filesystem' package, and also *this* package can be
installed.
Packages *should* not install files in /bin, /sbin, /lib, /lib64, but
only in the corresponding directories in /usr. Packages *must* not
install conflicting files with the same names in the corresponding
directories in / and /usr. Especially compatibility symlinks must not be
installed.
Feel free to modify any of the changes to the spec file, but keep the
above in mind.
2012-01-25 18:01:37 +00:00
|
|
|
%{_libdir}/libselinux.so.*
|
2017-08-02 08:50:28 +00:00
|
|
|
%dir %{_rundir}/setrans/
|
|
|
|
%{_tmpfilesdir}/libselinux.conf
|
2008-09-09 19:07:33 +00:00
|
|
|
|
|
|
|
%files utils
|
2006-05-30 12:44:31 +00:00
|
|
|
%{_sbindir}/avcstat
|
|
|
|
%{_sbindir}/getenforce
|
2023-02-13 14:53:55 +00:00
|
|
|
%{_sbindir}/getpidprevcon
|
2023-11-14 19:02:27 +00:00
|
|
|
%{_sbindir}/getpolicyload
|
2006-05-30 12:44:31 +00:00
|
|
|
%{_sbindir}/getsebool
|
2013-03-06 17:18:42 +00:00
|
|
|
%{_sbindir}/matchpathcon
|
2018-08-02 09:35:14 +00:00
|
|
|
%{_sbindir}/sefcontext_compile
|
2008-05-07 17:34:12 +00:00
|
|
|
%{_sbindir}/selinuxconlist
|
|
|
|
%{_sbindir}/selinuxdefcon
|
2011-05-25 18:25:56 +00:00
|
|
|
%{_sbindir}/selinuxexeccon
|
2006-05-30 12:44:31 +00:00
|
|
|
%{_sbindir}/selinuxenabled
|
|
|
|
%{_sbindir}/setenforce
|
2016-01-08 21:39:45 +00:00
|
|
|
%{_sbindir}/selabel_digest
|
|
|
|
%{_sbindir}/selabel_lookup
|
|
|
|
%{_sbindir}/selabel_lookup_best_match
|
|
|
|
%{_sbindir}/selabel_partial_match
|
2017-08-07 11:56:34 +00:00
|
|
|
%{_sbindir}/selinux_check_access
|
2019-10-15 14:38:59 +00:00
|
|
|
%{_sbindir}/selabel_get_digests_all_partial_matches
|
|
|
|
%{_sbindir}/validatetrans
|
2007-06-21 15:34:10 +00:00
|
|
|
%{_mandir}/man5/*
|
2005-11-28 22:02:25 +00:00
|
|
|
%{_mandir}/man8/*
|
|
|
|
|
2004-09-09 07:41:25 +00:00
|
|
|
%files devel
|
2007-11-15 15:29:15 +00:00
|
|
|
%{_libdir}/libselinux.so
|
2009-11-02 18:11:50 +00:00
|
|
|
%{_libdir}/pkgconfig/libselinux.pc
|
2017-09-01 07:26:34 +00:00
|
|
|
%{_includedir}/selinux/
|
2004-09-09 07:42:26 +00:00
|
|
|
%{_mandir}/man3/*
|
2004-09-09 07:41:25 +00:00
|
|
|
|
2008-01-21 21:42:38 +00:00
|
|
|
%files static
|
|
|
|
%{_libdir}/libselinux.a
|
|
|
|
|
2017-08-12 12:26:21 +00:00
|
|
|
%files -n python3-libselinux
|
2017-09-01 07:26:34 +00:00
|
|
|
%{python3_sitearch}/selinux/
|
2019-10-15 14:38:59 +00:00
|
|
|
%{python3_sitearch}/selinux-%{version}*
|
|
|
|
%{python3_sitearch}/_selinux*
|
2010-06-16 13:23:15 +00:00
|
|
|
|
2008-07-09 20:57:21 +00:00
|
|
|
%files ruby
|
2013-03-20 09:31:48 +00:00
|
|
|
%{ruby_vendorarchdir}/selinux.so
|
2008-07-09 20:57:21 +00:00
|
|
|
|
2004-09-09 07:41:25 +00:00
|
|
|
%changelog
|
2024-10-29 15:44:07 +00:00
|
|
|
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.7-4
|
|
|
|
- Bump release for October 2024 mass rebuild:
|
|
|
|
Resolves: RHEL-64018
|
|
|
|
|
2024-06-27 14:36:33 +00:00
|
|
|
%autochangelog
|