From 1a143698b5a44cdc04eb803eef23d9d7f0e507fc Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Wed, 17 Oct 2012 10:27:33 -0400 Subject: broke selinux package into its own specfile --- misc/bcfg2-selinux.spec | 129 ++++++++++++++++++++++++++++++++++++++++++++++++ misc/bcfg2.spec | 106 +++------------------------------------ 2 files changed, 135 insertions(+), 100 deletions(-) create mode 100644 misc/bcfg2-selinux.spec (limited to 'misc') diff --git a/misc/bcfg2-selinux.spec b/misc/bcfg2-selinux.spec new file mode 100644 index 000000000..fa3d447d7 --- /dev/null +++ b/misc/bcfg2-selinux.spec @@ -0,0 +1,129 @@ +%global __python python +%{!?py_ver: %global py_ver %(%{__python} -c 'import sys;print(sys.version[0:3])')} +%global pythonversion %{py_ver} +%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} +%{!?_initrddir: %global _initrddir %{_sysconfdir}/rc.d/init.d} +%global selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0) +%global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null) +%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls strict targeted || echo %{selinux_types}) + +Name: bcfg2-selinux +Version: 1.3.0 +Release: 0.1pre1 +Summary: Bcfg2 Client and Server SELinux policy + +%if 0%{?suse_version} +Group: System/Management +Conflicts: selinux-policy = 2.20120725 +%else +Group: Applications/System +# the selinux reference policy 2.20120725 (3.11.1 in RH versioning) +# contains a bogus bcfg2 module +Conflicts: selinux-policy = 3.11.1 +%endif + +License: BSD +URL: http://bcfg2.org +Source0: ftp://ftp.mcs.anl.gov/pub/bcfg/bcfg2-%{version}.tar.gz +%if 0%{?suse_version} +# SUSEs OBS does not understand the id macro below. +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release} +%else +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +%endif +BuildArch: noarch + +BuildRequires: checkpolicy, selinux-policy-devel, hardlink +BuildRequires: /usr/share/selinux/devel/policyhelp + +Requires: selinux-policy >= %{selinux_policyver} +Requires: %{name} = %{version}-%{release} +Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, bcfg2 +Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, bcfg2 + +%description +Bcfg2 helps system administrators produce a consistent, reproducible, +and verifiable description of their environment, and offers +visualization and reporting tools to aid in day-to-day administrative +tasks. It is the fifth generation of configuration management tools +developed in the Mathematics and Computer Science Division of Argonne +National Laboratory. + +It is based on an operational model in which the specification can be +used to validate and optionally change the state of clients, but in a +feature unique to bcfg2 the client's response to the specification can +also be used to assess the completeness of the specification. Using +this feature, bcfg2 provides an objective measure of how good a job an +administrator has done in specifying the configuration of client +systems. Bcfg2 is therefore built to help administrators construct an +accurate, comprehensive specification. + +Bcfg2 has been designed from the ground up to support gentle +reconciliation between the specification and current client states. It +is designed to gracefully cope with manual system modifications. + +Finally, due to the rapid pace of updates on modern networks, client +systems are constantly changing; if required in your environment, +Bcfg2 can enable the construction of complex change management and +deployment strategies. + +This package includes the Bcfg2 server and client SELinux policy. + +%prep +%setup -q -n bcfg2-%{version} + +%build +cd redhat/selinux +for selinuxvariant in %{selinux_variants}; do + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile + mv bcfg2.pp bcfg2.pp.${selinuxvariant} + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean +done +cd - + +%install +for selinuxvariant in %{selinux_variants}; do + install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} + install -p -m 644 redhat/selinux/bcfg2.pp.${selinuxvariant} \ + %{buildroot}%{_datadir}/selinux/${selinuxvariant}/bcfg2.pp +done +/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux + +%clean +[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot} || exit 2 + +%files +%defattr(-,root,root,0755) +%doc redhat/selinux/* +%{_datadir}/selinux/*/bcfg2.pp + +%post +for selinuxvariant in %{selinux_variants}; do + /usr/sbin/semodule -s ${selinuxvariant} -i \ + %{_datadir}/selinux/${selinuxvariant}/bcfg2.pp &> /dev/null || : +done +/sbin/fixfiles -R bcfg2 restore || : +if rpm -q bcfg2-server >& /dev/null; then + /sbin/fixfiles -R bcfg2-server restore || : +fi +/sbin/restorecon -R %{_localstatedir}/cache/bcfg2 || : +/sbin/restorecon -R %{_localstatedir}/lib/bcfg2 || : + +%postun +if [ $1 -eq 0 ] ; then + for selinuxvariant in %{selinux_variants}; do + /usr/sbin/semodule -s ${selinuxvariant} -r bcfg2 &> /dev/null || : + done + /sbin/fixfiles -R bcfg2 restore || : + if rpm -q bcfg2-server >& /dev/null; then + /sbin/fixfiles -R bcfg2-server restore || : + fi + [ -d %{_localstatedir}/cache/bcfg2 ] && \ + /sbin/restorecon -R %{_localstatedir}/cache/bcfg2 || : + [ -d %{_localstatedir}/lib/bcfg2 ] && \ + /sbin/restorecon -R %{_localstatedir}/lib/bcfg2 || : +fi + +%changelog +* Fri Sep 14 2012 Chris St. Pierre 1.3.0-0.2pre1 +- Broke bcfg2-selinux into its own specfile diff --git a/misc/bcfg2.spec b/misc/bcfg2.spec index a55c9f6b9..aa330c583 100644 --- a/misc/bcfg2.spec +++ b/misc/bcfg2.spec @@ -6,7 +6,7 @@ Name: bcfg2 Version: 1.3.0 -Release: 0.1pre1 +Release: 0.2pre1 Summary: Configuration management system %if 0%{?suse_version} @@ -28,8 +28,7 @@ BuildArch: noarch BuildRequires: python-devel BuildRequires: python-lxml -BuildRequires: checkpolicy, selinux-policy-devel, hardlink -BuildRequires: /usr/share/selinux/devel/policyhelp + %if 0%{?mandriva_version} # mandriva seems to behave differently than other distros and needs # this explicitly. @@ -44,7 +43,7 @@ BuildRequires: libsane1 # RHEL 5 and 6 ship with sphinx 0.6, but sphinx 1.0 is available with # a different package name in EPEL. -%if "%{_vendor}" == "redhat" && 0%{?rhel} != 0 +%if "%{_vendor}" == "redhat" && 0%{?rhel} <= 6 && 0%{?fedora} == 0 BuildRequires: python-sphinx10 # the python-sphinx10 package doesn't set sys.path correctly, so we # have to do it for them @@ -272,55 +271,6 @@ deployment strategies. This package includes the Bcfg2 reports web frontend. -%global selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0) -%global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null) -%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls strict targeted || echo %{selinux_types}) - -%package selinux -Version: 1.3.0 -Summary: Bcfg2 Client and Server SELinux policy -%if 0%{?suse_version} -Group: System/Management -Conflicts: selinux-policy = 2.20120725 -%else -Group: Applications/System -# the selinux reference policy 2.20120725 (3.11.1 in RH versioning) -# contains a bogus bcfg2 module -Conflicts: selinux-policy = 3.11.1 -%endif -Requires: selinux-policy >= %{selinux_policyver} -Requires: %{name} = %{version}-%{release} -Requires(post): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, bcfg2 -Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, bcfg2 - -%description selinux -Bcfg2 helps system administrators produce a consistent, reproducible, -and verifiable description of their environment, and offers -visualization and reporting tools to aid in day-to-day administrative -tasks. It is the fifth generation of configuration management tools -developed in the Mathematics and Computer Science Division of Argonne -National Laboratory. - -It is based on an operational model in which the specification can be -used to validate and optionally change the state of clients, but in a -feature unique to bcfg2 the client's response to the specification can -also be used to assess the completeness of the specification. Using -this feature, bcfg2 provides an objective measure of how good a job an -administrator has done in specifying the configuration of client -systems. Bcfg2 is therefore built to help administrators construct an -accurate, comprehensive specification. - -Bcfg2 has been designed from the ground up to support gentle -reconciliation between the specification and current client states. It -is designed to gracefully cope with manual system modifications. - -Finally, due to the rapid pace of updates on modern networks, client -systems are constantly changing; if required in your environment, -Bcfg2 can enable the construction of complex change management and -deployment strategies. - -This package includes the Bcfg2 server and client SELinux policy. - %prep %setup -q -n %{name}-%{version} @@ -331,14 +281,6 @@ This package includes the Bcfg2 server and client SELinux policy. %{?pythonpath: export PYTHONPATH="%{pythonpath}"} %{__python}%{pythonversion} setup.py build_sphinx -cd redhat/selinux -for selinuxvariant in %{selinux_variants}; do - make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile - mv %{name}.pp %{name}.pp.${selinuxvariant} - make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean -done -cd - - %install rm -rf %{buildroot} %{__python}%{pythonversion} setup.py install --root=%{buildroot} --record=INSTALLED_FILES --prefix=/usr @@ -381,13 +323,6 @@ cp -r build/dtd %{buildroot}%{_defaultdocdir}/bcfg2-doc-%{version}/ %{__mkdir_p} %{buildroot}%{_localstatedir}/cache/%{name} %{__mkdir_p} %{buildroot}%{_localstatedir}/lib/%{name} -for selinuxvariant in %{selinux_variants}; do - install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} - install -p -m 644 redhat/selinux/%{name}.pp.${selinuxvariant} \ - %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{name}.pp -done -/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux - # mandriva and RHEL 5 cannot handle %ghost without the file existing, # so let's touch a bunch of empty config files touch %{buildroot}%{_sysconfdir}/bcfg2.conf %{buildroot}%{_sysconfdir}/bcfg2-web.conf @@ -473,11 +408,6 @@ touch %{buildroot}%{_sysconfdir}/bcfg2.conf %{buildroot}%{_sysconfdir}/bcfg2-web %config(noreplace) %{apache_conf}/conf.d/wsgi_bcfg2.conf %ghost %config(noreplace,missingok) %attr(0640,root,apache) %{_sysconfdir}/bcfg2-web.conf -%files selinux -%defattr(-,root,root,0755) -%doc redhat/selinux/* -%{_datadir}/selinux/*/%{name}.pp - %post server # enable daemon on first install only (not on update). if [ $1 -eq 1 ]; then @@ -519,34 +449,10 @@ if [ $1 -eq 0 ]; then fi %endif -%post selinux -for selinuxvariant in %{selinux_variants}; do - /usr/sbin/semodule -s ${selinuxvariant} -i \ - %{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || : -done -/sbin/fixfiles -R %{name} restore || : -if rpm -q bcfg2-server >& /dev/null; then - /sbin/fixfiles -R bcfg2-server restore || : -fi -/sbin/restorecon -R %{_localstatedir}/cache/%{name} || : -/sbin/restorecon -R %{_localstatedir}/lib/%{name} || : - -%postun selinux -if [ $1 -eq 0 ] ; then - for selinuxvariant in %{selinux_variants}; do - /usr/sbin/semodule -s ${selinuxvariant} -r %{name} &> /dev/null || : - done - /sbin/fixfiles -R %{name} restore || : - if rpm -q bcfg2-server >& /dev/null; then - /sbin/fixfiles -R bcfg2-server restore || : - fi - [ -d %{_localstatedir}/cache/%{name} ] && \ - /sbin/restorecon -R %{_localstatedir}/cache/%{name} || : - [ -d %{_localstatedir}/lib/%{name} ] && \ - /sbin/restorecon -R %{_localstatedir}/lib/%{name} || : -fi - %changelog +* Wed Oct 17 2012 Chris St. Pierre 1.3.0-0.2pre1 +- Split bcfg2-selinux into its own specfile + * Fri Sep 14 2012 Chris St. Pierre 1.3.0-0.1pre1 - Added -selinux subpackage -- cgit v1.2.3-1-g7c22