mysql-selinux/mysql-selinux.spec
Michal Schorm 3461bc3864 Don't ignore errors in SELinux scriptlets
... well, at leats on the SPECfile side. They are still being ignored in the macros themselves

$ rpm -E %selinux_modules_install
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|   /usr/sbin/semodule -n -s ${_policytype} -X 200 -i  || :
|   /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
| fi

$ rpm -E %selinux_modules_uninstall
|
| if [ -e /etc/selinux/config ]; then
|   . /etc/selinux/config
| fi
| _policytype=
| if [ -z "${_policytype}" ]; then
|   _policytype="targeted"
| fi
| if [ $1 -eq 0 ]; then
|   if [ "${SELINUXTYPE}" = "${_policytype}" ]; then
|     /usr/sbin/semodule -n -X 200 -s ${_policytype} -r  &> /dev/null || :
|     /usr/sbin/selinuxenabled && /usr/sbin/load_policy || :
|   fi
| fi

Defined here:
https://src.fedoraproject.org/rpms/selinux-policy/blob/rawhide/f/rpm.macros#_48

The reason is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1665643
TL;DR: The return values of any scriptlet in Fedora MUST be zero.
No matter how the errors in the scriptlets are handled.
For now, the "handled" means "ignored" in the case of SELinux scriplet macros.

Related: RHEL-19372
2024-01-23 10:07:41 +01:00

125 lines
3.8 KiB
RPMSpec

# defining macros needed by SELinux
%global selinuxtype targeted
%global moduletype contrib
%global modulename mysql
Name: mysql-selinux
Version: 1.0.7
Release: 1%{?dist}
License: GPLv3
URL: https://github.com/devexp-db/mysql-selinux
Summary: SELinux policy modules for MySQL and MariaDB packages
Source0: https://github.com/devexp-db/mysql-selinux/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildArch: noarch
BuildRequires: make
BuildRequires: selinux-policy-devel
%{?selinux_requires}
Requires: selinux-policy-%{selinuxtype}
Requires(post): selinux-policy-%{selinuxtype}
%description
SELinux policy modules for MySQL and MariaDB packages.
%prep
%setup -q -n %{name}-%{version}
%build
make
%install
# install policy modules
install -d %{buildroot}%{_datadir}/selinux/packages
install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
%pre
%selinux_relabel_pre -s %{selinuxtype}
%post
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2
%postun
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
fi
%posttrans
%selinux_relabel_post -s %{selinuxtype}
%files
%defattr(-,root,root,0755)
%attr(0644,root,root) %{_datadir}/selinux/packages/%{modulename}.pp.bz2
%ghost %verify(not mode md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%license COPYING
%changelog
* Thu Sep 14 2023 Packit <hello@packit.dev> - 1.0.7-1
- Empty commit to test Fedora PACKIT configuration for packaging automation (Michal Schorm)
* Wed Jul 12 2023 Adam Dobes <adobes@redhat.com> - 1.0.6-1
- Rebase to 1.0.6
* Thu Jun 09 2022 Michal Schorm <mschorm@redhat.com> - 1.0.5-1
- Rebase to 1.0.5
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.4-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue May 04 2021 Lukas Javorsky <ljavorsk@redhat.com> - 1.0.4-1
- Rebase to 1.0.4
- Fix rpm verification it's a ghost file so it should ignore the error
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.2-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Dec 02 2020 Michal Schorm <mschorm@redhat.com> - 1.0.2-1
- Rebase to 1.0.2 release
Added context for "*mariadb*" named executables
* Tue Dec 01 2020 Michal Schorm <mschorm@redhat.com> - 1.0.1-1
- Rebase to 1.0.1 release
This release is just a sync-up with upstream selinux-policy
- URL changed to a new upstream repository
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 11 2019 Kevin Fenzi <kevin@scrye.com> - 1.0.0-7
- Also make sure posttrans does not fail.
* Thu Jan 10 2019 Kevin Fenzi <kevin@scrye.com> - 1.0.0-6
- Add Requires(post) on policycoreutils for semodule and make sure post/postun cannot fail
* Thu Dec 06 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-5
- Sync with upstream
* Wed Aug 29 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-4
- Allow mysqld sys_nice capability
* Mon Aug 20 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-3
- reflect latest changes of mysql policy
* Fri Jul 27 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-2
- reflect latest changes of Independent Product Policy
* Wed Jul 18 2018 Jakub Janco <jjanco@redhat.com> - 1.0.0-1
- First Build