Commit Graph

16 Commits

Author SHA1 Message Date
Michal Schorm
8bef99ef1c Fix the file path for the compiled SELinux policy
Related: RHEL-19372
2024-01-23 10:07:53 +01:00
Michal Schorm
b19568706c Add explanation about not packing the SELinux interface file
Related: RHEL-19372
2024-01-23 10:07:51 +01:00
Michal Schorm
3beee6268b Remove unused macro
Related: RHEL-19372
2024-01-23 10:07:49 +01:00
Michal Schorm
fc4807dfa1 Add useful notes for maintainers
Related: RHEL-19372
2024-01-23 10:07:45 +01:00
Michal Schorm
3461bc3864 Don't ignore errors in SELinux scriptlets
... well, at leats on the SPECfile side. They are still being ignored in the macros themselves

$ rpm -E %selinux_modules_install
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|   /usr/sbin/semodule -n -s ${_policytype} -X 200 -i  || :
|   /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
| fi

$ rpm -E %selinux_modules_uninstall
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ $1 -eq 0 ]; then
|   if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|     /usr/sbin/semodule -n -X 200 -s ${_policytype} -r  &> /dev/null || :
|     /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
|   fi
| fi

Defined here:
https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_48

The reason is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1665643
TL;DR: The return values of any scriptlet in Fedora MUST be zero.
No matter how the errors in the scriptlets are handled.
For now, the "handled" means "ignored" in the case of SELinux scriplet macros.

Related: RHEL-19372
2024-01-23 10:07:41 +01:00
Michal Schorm
73fb266de6 Additional explanation for the previous commit:
In the previous commit, the line:
both the line
| Requires(post): policycoreutils
and
is removed, since it is already contained in the macro
| %{?selinux_requires}
on line after them.

$ rpm -E %{?selinux_requires}
|
| Requires: selinux-policy >= 37.22-1.fc37
| BuildRequires: pkgconfig(systemd)
| BuildRequires: selinux-policy
| BuildRequires: selinux-policy-devel
| Requires(post): selinux-policy-base >= 37.22-1.fc37
| Requires(post): libselinux-utils
| Requires(post): policycoreutils
| %if 037 || 0 > 7
| Requires(post): policycoreutils-python-utils
| %else
| Requires(post): policycoreutils-python
| %endif

Defined here:
https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_32

However this can't be applied to the line:
| BuildRequires:  selinux-policy-devel
Since the it is a recursive problem - the BuildRequires has to be already evaluated
for a package containing the macro %{?selinux_requires} to be brought in.
So the additional BuildRequires that macro brings has no effect as the evaluation
of this kind of symbols has already finished.

That's why in the examples as:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Example_spec_file_changes_to_incorporate_-selinux_subpackage
is the lines
| BuildRequires:       selinux-policy-devel
| %{?selinux_requires}
Next to each other.
Even though the first line would seem redundant, it in fact isn´t.

In this commit, I've changed ordering of the lines to group up same symbols together as they logically go one after another.
I believe that having all BuildRequires grouped together is easier to read and understand.

Related: RHEL-19372
2024-01-23 10:07:36 +01:00
Vit Mojzis
7b79126b8b selinux: Add missing dependencies
This policy module only works with "targeted" policy.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Related: RHEL-19372
2024-01-23 10:07:32 +01:00
Packit
b294906c15 1.0.7 upstream release
Upstream tag: 1.0.7
Upstream commit: d718485d

Related: RHEL-19372
2024-01-23 10:07:29 +01:00
Adam Dobes
26fef37d8a Rebase to 1.0.6
Related: RHEL-19372
2024-01-23 10:07:09 +01:00
Michal Schorm
82901c3ccd Rebase to 1.0.5
--

Cherry-picked Fedora commit: f2713718dc
Squashed with Fedora commit: f1c1fc7ee0

--

Resolves: #2073386
2022-06-09 13:20:43 +02:00
Michal Schorm
bac48fef99 Code reorganisation
- whitespace changes
 - remove empty %check phase
 - move all scriptlets to one place

--

Cherry-picked Fedora commit: 082bdac247

--

Related: #2073386
2022-06-09 13:04:46 +02:00
Michal Schorm
4768a64196 Fix RPMLint warning: "invalid-url Source0"
Fixed by: https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/#_troublesome_urls

--

Cherry-picked Fedora commit: 298890f801

--

Related: #2073386
2022-06-09 13:04:39 +02:00
Mohan Boddu
9a625101a8 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:25:53 +00:00
Lukas Javorsky
4491a0e60e Rebase to 1.0.4
Fix rpm verify error
Resolves: bz#1954070
2021-05-04 10:54:53 +02:00
Mohan Boddu
c67bfca195 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:19:41 +00:00
DistroBaker
b0f2450d85 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/mysql-selinux.git#7e7c60d6498ee587f87fc114f867ef78086bc7d1
2021-02-06 04:35:20 +00:00