rpms
/
passt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

passt-0^20230222.g4ddbcb9-4.el9 

In passt-0^20230222.g4ddbcb9-3.el9, I mistakenly added patches for
the Fedora spec file solving these issues, instead of actually
applying those changes to the spec file we use. Drop them, and
actually fix those issues.

Resolves: rhbz#2183089 rhbz#2183106
This commit is contained in:
Stefano Brivio 2023-06-11 11:48:25 +02:00
parent 9d7340a561
commit 66073926b2
4 changed files with 20 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
0020-fedora-Install-SELinux-interface-files-to-shared-inc.patch
View File

@ -1,40 +0,0 @@
From 61676035ec5f58df4f4cca024c772d7e0b43d7dc Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Fri, 10 Mar 2023 19:10:01 +0100
Subject: [PATCH 20/20] fedora: Install SELinux interface files to shared
include directory
Link: https://github.com/fedora-selinux/selinux-policy/pull/1613
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
(cherry picked from commit 70c0765b49e19b76639908a7686d8f795ba3ed24)
---
contrib/fedora/passt.spec | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec
index 7f67bee..51cad90 100644
--- a/contrib/fedora/passt.spec
+++ b/contrib/fedora/passt.spec
@@ -61,7 +61,9 @@ ln -sr %{buildroot}%{_mandir}/man1/pasta.1 %{buildroot}%{_mandir}/man1/pasta.avx
pushd contrib/selinux
make -f %{_datadir}/selinux/devel/Makefile
install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp
+install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/passt.if
install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp
+install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if
popd
%post selinux
@@ -93,7 +95,9 @@ semodule -r pasta 2>/dev/null || :
%files selinux
%dir %{_datadir}/selinux/packages/%{name}
%{_datadir}/selinux/packages/%{name}/passt.pp
+%{_datadir}/selinux/devel/include/contrib/passt.if
%{_datadir}/selinux/packages/%{name}/pasta.pp
+%{_datadir}/selinux/devel/include/contrib/pasta.if
%changelog
{{{ passt_git_changelog }}}
--
2.39.2

84
0021-fedora-Refresh-SELinux-labels-in-scriptlets-require-.patch
View File

@ -1,84 +0,0 @@
From 41dd4e1b8d5fd8371b7e4e123340bc6a5a6ac226 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Thu, 16 Mar 2023 20:51:23 +0100
Subject: [PATCH 1/2] fedora: Refresh SELinux labels in scriptlets, require
-selinux package
Instead of:
https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft
follow this:
https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy
which seems to make more sense and fixes the issue that, on a fresh
install, without a reboot, the file contexts for the binaries are not
actually updated.
In detail:
- labels are refreshed using the selinux_relabel_pre and
selinux_relabel_post on install, upgrade, and uninstall
- use the selinux_modules_install and selinux_modules_uninstall
macros, instead of calling 'semodule' directly (no functional
changes in our case)
- require the -selinux package on SELinux-enabled environments and if
the current system policy is "targeted"
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
(cherry picked from commit dd2349661933c4e9756e524ae9465f38b53b7557)
---
contrib/fedora/passt.spec | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec
index 51cad90..f6aa117 100644
--- a/contrib/fedora/passt.spec
+++ b/contrib/fedora/passt.spec
@@ -8,6 +8,7 @@
# Author: Stefano Brivio <sbrivio@redhat.com>
%global git_hash {{{ git_head }}}
+%global selinuxtype targeted
Name: passt
Version: {{{ git_version }}}
@@ -19,6 +20,7 @@ URL: https://passt.top/
Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz
BuildRequires: gcc, make, checkpolicy, selinux-policy-devel
+Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
%description
passt implements a translation layer between a Layer-2 network interface and
@@ -66,13 +68,21 @@ install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/p
install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if
popd
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
%post selinux
-semodule -i %{_datadir}/selinux/packages/%{name}/passt.pp 2>/dev/null || :
-semodule -i %{_datadir}/selinux/packages/%{name}/pasta.pp 2>/dev/null || :
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{name}/passt.pp
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{name}/pasta.pp
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+ %selinux_modules_uninstall -s %{selinuxtype} passt
+ %selinux_modules_uninstall -s %{selinuxtype} pasta
+fi
-%preun selinux
-semodule -r passt 2>/dev/null || :
-semodule -r pasta 2>/dev/null || :
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
%files
%license LICENSES/{AGPL-3.0-or-later.txt,BSD-3-Clause.txt}
--
2.39.2

41
0022-fedora-Don-t-install-useless-SELinux-interface-file-.patch
View File

@ -1,41 +0,0 @@
From b065e1adbfb4ee5ed618b8269fd5135b4a201e2f Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Mon, 27 Mar 2023 19:50:01 +0200
Subject: [PATCH 2/2] fedora: Don't install useless SELinux interface file for
pasta
That was meant to be an example, and I just dropped it in the
previous commit -- passt.if should be more than enough as a possible
example.
Reported-by: Carl G. <carlg@fedoraproject.org>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2182145
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
(cherry picked from commit 387f4aca7477ee630fe3c261a19f5f1a9055bfe5)
---
contrib/fedora/passt.spec | 2 --
1 file changed, 2 deletions(-)
diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec
index f6aa117..da1accb 100644
--- a/contrib/fedora/passt.spec
+++ b/contrib/fedora/passt.spec
@@ -65,7 +65,6 @@ make -f %{_datadir}/selinux/devel/Makefile
install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp
install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/passt.if
install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp
-install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if
popd
%pre selinux
@@ -107,7 +106,6 @@ fi
%{_datadir}/selinux/packages/%{name}/passt.pp
%{_datadir}/selinux/devel/include/contrib/passt.if
%{_datadir}/selinux/packages/%{name}/pasta.pp
-%{_datadir}/selinux/devel/include/contrib/pasta.if
%changelog
{{{ passt_git_changelog }}}
--
2.39.2

38
passt.spec
View File

@ -38,9 +38,6 @@ Patch16: 0016-tcp-Clamp-MSS-value-when-queueing-data-to-tap-also-f.patch
Patch17: 0017-contrib-selinux-Drop-example-from-headers-this-is-th.patch
Patch18: 0018-contrib-selinux-Drop-unused-passt_read_data-interfac.patch
Patch19: 0019-contrib-selinux-Split-interfaces-into-smaller-bits.patch
Patch20: 0020-fedora-Install-SELinux-interface-files-to-shared-inc.patch
Patch21: 0021-fedora-Refresh-SELinux-labels-in-scriptlets-require-.patch
Patch22: 0022-fedora-Don-t-install-useless-SELinux-interface-file-.patch
BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
@ -85,23 +82,25 @@ ln -sr %{buildroot}%{_mandir}/man1/pasta.1 %{buildroot}%{_mandir}/man1/pasta.avx
pushd contrib/selinux
make -f %{_datadir}/selinux/devel/Makefile
install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp
install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/passt.if
install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp
install -p -m 644 -D pasta.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/pasta.if
install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/passt.pp
install -p -m 644 -D passt.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/passt.if
install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
popd
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
semodule -i %{_datadir}/selinux/packages/%{name}/passt.pp 2>/dev/null || :
semodule -i %{_datadir}/selinux/packages/%{name}/pasta.pp 2>/dev/null || :
%selinux_relabel_post -s %{selinuxtype}
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/passt.pp
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
%preun selinux
semodule -r passt 2>/dev/null || :
semodule -r pasta 2>/dev/null || :
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} passt
%selinux_modules_uninstall -s %{selinuxtype} pasta
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
%files
@ -123,13 +122,16 @@ semodule -r pasta 2>/dev/null || :
%endif
%files selinux
%dir %{_datadir}/selinux/packages/%{name}
%{_datadir}/selinux/packages/%{name}/passt.pp
%{_datadir}/selinux/devel/include/contrib/passt.if
%{_datadir}/selinux/packages/%{name}/pasta.pp
%{_datadir}/selinux/devel/include/contrib/pasta.if
%{_datadir}/selinux/packages/%{selinuxtype}/passt.pp
%{_datadir}/selinux/devel/include/distributed/passt.if
%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
%changelog
* Sun Jun 11 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-4
- Drop (pointless) patches 20, 21, 22, actually apply changes to the spec file!
- Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089)
- Don't install useless SELinux interface file for pasta (rhbz#2183106)
* Fri Apr 28 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-3
- Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089)
- Don't install useless SELinux interface file for pasta (rhbz#2183106)