mysql-selinux/mysql-selinux.spec

130 lines
4.1 KiB
RPMSpec
Raw Normal View History

# General maintainer notes:
# Fedora guideliens for packaging of SELinux rules:
# https://fedoraproject.org/wiki/SELinux/IndependentPolicy
# RHEL instructions regarding Troubleshooting problems related to SELinux:
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/troubleshooting-problems-related-to-selinux_using-selinux
# defining macros needed by SELinux
%global selinuxtype targeted
%global modulename mysql
Name: mysql-selinux
Version: 1.0.7
Release: 1%{?dist}
License: GPLv3
URL: https://github.com/devexp-db/mysql-selinux
Summary: SELinux policy modules for MySQL and MariaDB packages
Source0: https://github.com/devexp-db/mysql-selinux/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildArch: noarch
Additional explanation for the previous commit: In the previous commit, the line: both the line | Requires(post): policycoreutils and is removed, since it is already contained in the macro | %{?selinux_requires} on line after them. $ rpm -E %{?selinux_requires} | | Requires: selinux-policy >= 37.22-1.fc37 | BuildRequires: pkgconfig(systemd) | BuildRequires: selinux-policy | BuildRequires: selinux-policy-devel | Requires(post): selinux-policy-base >= 37.22-1.fc37 | Requires(post): libselinux-utils | Requires(post): policycoreutils | %if 037 || 0 > 7 | Requires(post): policycoreutils-python-utils | %else | Requires(post): policycoreutils-python | %endif Defined here: https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_32 However this can't be applied to the line: | BuildRequires: selinux-policy-devel Since the it is a recursive problem - the BuildRequires has to be already evaluated for a package containing the macro %{?selinux_requires} to be brought in. So the additional BuildRequires that macro brings has no effect as the evaluation of this kind of symbols has already finished. That's why in the examples as: https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Example_spec_file_changes_to_incorporate_-selinux_subpackage is the lines | BuildRequires: selinux-policy-devel | %{?selinux_requires} Next to each other. Even though the first line would seem redundant, it in fact isn´t. In this commit, I've changed ordering of the lines to group up same symbols together as they logically go one after another. I believe that having all BuildRequires grouped together is easier to read and understand. Related: RHEL-19372
2023-09-15 12:46:53 +00:00
BuildRequires: make
BuildRequires: selinux-policy-devel
Additional explanation for the previous commit: In the previous commit, the line: both the line | Requires(post): policycoreutils and is removed, since it is already contained in the macro | %{?selinux_requires} on line after them. $ rpm -E %{?selinux_requires} | | Requires: selinux-policy >= 37.22-1.fc37 | BuildRequires: pkgconfig(systemd) | BuildRequires: selinux-policy | BuildRequires: selinux-policy-devel | Requires(post): selinux-policy-base >= 37.22-1.fc37 | Requires(post): libselinux-utils | Requires(post): policycoreutils | %if 037 || 0 > 7 | Requires(post): policycoreutils-python-utils | %else | Requires(post): policycoreutils-python | %endif Defined here: https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_32 However this can't be applied to the line: | BuildRequires: selinux-policy-devel Since the it is a recursive problem - the BuildRequires has to be already evaluated for a package containing the macro %{?selinux_requires} to be brought in. So the additional BuildRequires that macro brings has no effect as the evaluation of this kind of symbols has already finished. That's why in the examples as: https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Example_spec_file_changes_to_incorporate_-selinux_subpackage is the lines | BuildRequires: selinux-policy-devel | %{?selinux_requires} Next to each other. Even though the first line would seem redundant, it in fact isn´t. In this commit, I've changed ordering of the lines to group up same symbols together as they logically go one after another. I believe that having all BuildRequires grouped together is easier to read and understand. Related: RHEL-19372
2023-09-15 12:46:53 +00:00
%{?selinux_requires}
Additional explanation for the previous commit: In the previous commit, the line: both the line | Requires(post): policycoreutils and is removed, since it is already contained in the macro | %{?selinux_requires} on line after them. $ rpm -E %{?selinux_requires} | | Requires: selinux-policy >= 37.22-1.fc37 | BuildRequires: pkgconfig(systemd) | BuildRequires: selinux-policy | BuildRequires: selinux-policy-devel | Requires(post): selinux-policy-base >= 37.22-1.fc37 | Requires(post): libselinux-utils | Requires(post): policycoreutils | %if 037 || 0 > 7 | Requires(post): policycoreutils-python-utils | %else | Requires(post): policycoreutils-python | %endif Defined here: https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_32 However this can't be applied to the line: | BuildRequires: selinux-policy-devel Since the it is a recursive problem - the BuildRequires has to be already evaluated for a package containing the macro %{?selinux_requires} to be brought in. So the additional BuildRequires that macro brings has no effect as the evaluation of this kind of symbols has already finished. That's why in the examples as: https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Example_spec_file_changes_to_incorporate_-selinux_subpackage is the lines | BuildRequires: selinux-policy-devel | %{?selinux_requires} Next to each other. Even though the first line would seem redundant, it in fact isn´t. In this commit, I've changed ordering of the lines to group up same symbols together as they logically go one after another. I believe that having all BuildRequires grouped together is easier to read and understand. Related: RHEL-19372
2023-09-15 12:46:53 +00:00
Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype}
%description
SELinux policy modules for MySQL and MariaDB packages.
%prep
%setup -q -n %{name}-%{version}
%build
make
%install
# install policy modules
install -d %{buildroot}%{_datadir}/selinux/packages
install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
%pre
%selinux_relabel_pre -s %{selinuxtype}
%post
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2
%postun
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
fi
%posttrans
%selinux_relabel_post -s %{selinuxtype}
%files
%defattr(-,root,root,0755)
%attr(0644,root,root) %{_datadir}/selinux/packages/%{modulename}.pp.bz2
%ghost %verify(not mode md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%license COPYING
%changelog
* Thu Sep 14 2023 Packit <hello@packit.dev> - 1.0.7-1
- Empty commit to test Fedora PACKIT configuration for packaging automation (Michal Schorm)
2023-07-12 07:50:00 +00:00
* Wed Jul 12 2023 Adam Dobes <adobes@redhat.com> - 1.0.6-1
- Rebase to 1.0.6
* Thu Jun 09 2022 Michal Schorm <mschorm@redhat.com> - 1.0.5-1
- Rebase to 1.0.5
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.4-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue May 04 2021 Lukas Javorsky <ljavorsk@redhat.com> - 1.0.4-1
- Rebase to 1.0.4
- Fix rpm verification it's a ghost file so it should ignore the error
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.2-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Dec 02 2020 Michal Schorm <mschorm@redhat.com> - 1.0.2-1
- Rebase to 1.0.2 release
Added context for "*mariadb*" named executables
* Tue Dec 01 2020 Michal Schorm <mschorm@redhat.com> - 1.0.1-1
- Rebase to 1.0.1 release
This release is just a sync-up with upstream selinux-policy
- URL changed to a new upstream repository
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 11 2019 Kevin Fenzi <kevin@scrye.com> - 1.0.0-7
- Also make sure posttrans does not fail.
* Thu Jan 10 2019 Kevin Fenzi <kevin@scrye.com> - 1.0.0-6
- Add Requires(post) on policycoreutils for semodule and make sure post/postun cannot fail
* Thu Dec 06 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-5
- Sync with upstream
* Wed Aug 29 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-4
- Allow mysqld sys_nice capability
* Mon Aug 20 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-3
- reflect latest changes of mysql policy
* Fri Jul 27 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-2
- reflect latest changes of Independent Product Policy
* Wed Jul 18 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-1
- First Build