[packit] 1.0.10 upstream release

1.0.9 upstream release
- Resolves rhbz#2250360 Upstream tag: 1.0.9 Upstream commit: 2d5769f5 Related: RHEL-19372
2024-01-24 03:20:21 +00:00 · 2024-01-23 10:07:59 +01:00 · 2024-01-23 10:07:56 +01:00 · 2024-01-23 10:07:53 +01:00 · 2024-01-23 10:07:51 +01:00 · 2024-01-23 10:07:49 +01:00
3 changed files with 45 additions and 11 deletions
--- a/.mysql-selinux.metadata
+++ b/.mysql-selinux.metadata
@ -0,0 +1 @@
+a1d3b982fc4bfba5b74138ad8cd46e8f41c7f5b1 mysql-selinux-1.0.10.tar.gz
--- a/mysql-selinux.spec
+++ b/mysql-selinux.spec
@ -1,11 +1,16 @@
+# General maintainer notes:
+#   Fedora guideliens for packaging of SELinux rules:
+#     https://fedoraproject.org/wiki/SELinux/IndependentPolicy
+#   RHEL instructions regarding Troubleshooting problems related to SELinux:
+#     https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/troubleshooting-problems-related-to-selinux_using-selinux
+
 # defining macros needed by SELinux
 %global selinuxtype targeted
-%global moduletype contrib
 %global modulename mysql

 Name:           mysql-selinux
-Version:        1.0.4
-Release:        2%{?dist}
+Version:        1.0.10
+Release:        1%{?dist}

 License:        GPLv3
 URL:            https://github.com/devexp-db/mysql-selinux
@ -14,10 +19,13 @@ Summary:        SELinux policy modules for MySQL and MariaDB packages
 Source0:        https://github.com/devexp-db/mysql-selinux/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz

 BuildArch:      noarch
+
 BuildRequires:  make
 BuildRequires:  selinux-policy-devel
-Requires(post): policycoreutils
+
 %{?selinux_requires}
+Requires:       selinux-policy-%{selinuxtype}
+Requires(post): selinux-policy-%{selinuxtype}

 %description
 SELinux policy modules for MySQL and MariaDB packages.
@ -31,32 +39,57 @@ make

 %install
 # install policy modules
-install -d %{buildroot}%{_datadir}/selinux/packages
-install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
+install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
+install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}


 %pre
 %selinux_relabel_pre -s %{selinuxtype}

 %post
-%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2 || :
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2

 %postun
 if [ $1 -eq 0 ]; then
-    %selinux_modules_uninstall -s %{selinuxtype} %{modulename} || :
+    %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
 fi

 %posttrans
-%selinux_relabel_post -s %{selinuxtype} || :
+%selinux_relabel_post -s %{selinuxtype}


 %files
 %defattr(-,root,root,0755)
-%attr(0644,root,root) %{_datadir}/selinux/packages/%{modulename}.pp.bz2
+%attr(0644,root,root) %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
 %ghost %verify(not mode md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
 %license COPYING

+# Note:
+#   we do not pack the *.if file as seen in the example:
+#     https://fedoraproject.org/wiki/SELinux/IndependentPolicy#The_%prep_and_%install_Section
+#   since we do not have any interface to be shared (and even then it is optional)
+
 %changelog
+* Sat Nov 18 2023 Packit <hello@packit.dev> - 1.0.10-1
+- 2nd attempt to fix rhbz#2186996 rhbz#2221433 rhbz#2245705 (Michal Schorm)
+- Resolves rhbz#2250424
+
+* Fri Nov 17 2023 Packit <hello@packit.dev> - 1.0.9-1
+- Revert "Attempt to fix rhbz#2186996 rhbz#2221433 rhbz#2245705" This reverts commit de84778e555b891fd9ea5f3111c87a4990650d6c. (Michal Schorm)
+- Resolves rhbz#2250360
+
+* Tue Sep 26 2023 Michal Schorm <mschorm@redhat.com> - 1.0.7-2
+- Bump release for rebuild
+
+* Thu Sep 14 2023 Packit <hello@packit.dev> - 1.0.7-1
+- Empty commit to test Fedora PACKIT configuration for packaging automation (Michal Schorm)
+
+* Wed Jul 12 2023 Adam Dobes <adobes@redhat.com> - 1.0.6-1
+- Rebase to 1.0.6
+
+* Thu Jun 09 2022 Michal Schorm <mschorm@redhat.com> - 1.0.5-1
+- Rebase to 1.0.5
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.4-2
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (mysql-selinux-1.0.4.tar.gz) = 8fb0adcbb5b41056846da0dcd80852c771027d048556f5c3e5779a6655ddd2a34fb4506bd25048e52a7de14a7091bdb0efd13ef800493ee83ad7c17945517e61
+SHA512 (mysql-selinux-1.0.10.tar.gz) = f990b4a3d4aa026d29594c79d6e91cd2861f508eb3b36d7a4dc43d511b26f169b727120735a8a752fbe0d3e9531ae132cdbb527f00e7faa64cac32cbc7007034
Author	SHA1	Message	Date
Packit	0a257336b7	[packit] 1.0.10 upstream release	2024-01-24 03:20:21 +00:00
Packit	785e90b5bb	1.0.9 upstream release - Resolves rhbz#2250360 Upstream tag: 1.0.9 Upstream commit: 2d5769f5 Related: RHEL-19372	2024-01-23 10:07:59 +01:00
Michal Schorm	099a21f90c	Bump release for rebuild Related: RHEL-19372	2024-01-23 10:07:56 +01:00
Michal Schorm	8bef99ef1c	Fix the file path for the compiled SELinux policy Related: RHEL-19372	2024-01-23 10:07:53 +01:00
Michal Schorm	b19568706c	Add explanation about not packing the SELinux interface file Related: RHEL-19372	2024-01-23 10:07:51 +01:00
Michal Schorm	3beee6268b	Remove unused macro Related: RHEL-19372	2024-01-23 10:07:49 +01:00
Michal Schorm	fc4807dfa1	Add useful notes for maintainers Related: RHEL-19372	2024-01-23 10:07:45 +01:00
Michal Schorm	3461bc3864	Don't ignore errors in SELinux scriptlets ... well, at leats on the SPECfile side. They are still being ignored in the macros themselves $ rpm -E %selinux_modules_install \| \| if [ -e /etc/selinux/config ]; then \| . /etc/selinux/config \| fi \| _policytype= \| if [ -z "${_policytype}" ]; then \| _policytype="targeted" \| fi \| if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \| /usr/sbin/semodule -n -s ${_policytype} -X 200 -i \|\| : \| /usr/sbin/selinuxenabled && /usr/sbin/load_policy \|\| : \| fi $ rpm -E %selinux_modules_uninstall \| \| if [ -e /etc/selinux/config ]; then \| . /etc/selinux/config \| fi \| _policytype= \| if [ -z "${_policytype}" ]; then \| _policytype="targeted" \| fi \| if [ $1 -eq 0 ]; then \| if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \| /usr/sbin/semodule -n -X 200 -s ${_policytype} -r &> /dev/null \|\| : \| /usr/sbin/selinuxenabled && /usr/sbin/load_policy \|\| : \| fi \| fi Defined here: https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_48 The reason is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1665643 TL;DR: The return values of any scriptlet in Fedora MUST be zero. No matter how the errors in the scriptlets are handled. For now, the "handled" means "ignored" in the case of SELinux scriplet macros. Related: RHEL-19372	2024-01-23 10:07:41 +01:00
Michal Schorm	73fb266de6	Additional explanation for the previous commit: In the previous commit, the line: both the line \| Requires(post): policycoreutils and is removed, since it is already contained in the macro \| %{?selinux_requires} on line after them. $ rpm -E %{?selinux_requires} \| \| Requires: selinux-policy >= 37.22-1.fc37 \| BuildRequires: pkgconfig(systemd) \| BuildRequires: selinux-policy \| BuildRequires: selinux-policy-devel \| Requires(post): selinux-policy-base >= 37.22-1.fc37 \| Requires(post): libselinux-utils \| Requires(post): policycoreutils \| %if 037 \|\| 0 > 7 \| Requires(post): policycoreutils-python-utils \| %else \| Requires(post): policycoreutils-python \| %endif Defined here: https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_32 However this can't be applied to the line: \| BuildRequires: selinux-policy-devel Since the it is a recursive problem - the BuildRequires has to be already evaluated for a package containing the macro %{?selinux_requires} to be brought in. So the additional BuildRequires that macro brings has no effect as the evaluation of this kind of symbols has already finished. That's why in the examples as: https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Example_spec_file_changes_to_incorporate_-selinux_subpackage is the lines \| BuildRequires: selinux-policy-devel \| %{?selinux_requires} Next to each other. Even though the first line would seem redundant, it in fact isn´t. In this commit, I've changed ordering of the lines to group up same symbols together as they logically go one after another. I believe that having all BuildRequires grouped together is easier to read and understand. Related: RHEL-19372	2024-01-23 10:07:36 +01:00
Vit Mojzis	7b79126b8b	selinux: Add missing dependencies This policy module only works with "targeted" policy. Signed-off-by: Vit Mojzis <vmojzis@redhat.com> Related: RHEL-19372	2024-01-23 10:07:32 +01:00
Packit	b294906c15	1.0.7 upstream release Upstream tag: 1.0.7 Upstream commit: d718485d Related: RHEL-19372	2024-01-23 10:07:29 +01:00
Adam Dobes	26fef37d8a	Rebase to 1.0.6 Related: RHEL-19372	2024-01-23 10:07:09 +01:00
Michal Schorm	82901c3ccd	Rebase to 1.0.5 -- Cherry-picked Fedora commit: f2713718dcb68db4204f5fd3989387d17ddf9d4e Squashed with Fedora commit: f1c1fc7ee08cb3e8693afda0720a28b5459aa2af -- Resolves: #2073386	2022-06-09 13:20:43 +02:00
				`@ -0,0 +1 @@`
				`a1d3b982fc4bfba5b74138ad8cd46e8f41c7f5b1 mysql-selinux-1.0.10.tar.gz`