SLFO-pool/permissions
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
permissions/permissions.spec

136 lines
4.1 KiB
RPMSpec
Raw Permalink Blame History

#
# spec file for package permissions
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define VERSION_DATE 20240206
Name: permissions
Version: %{suse_version}_%{VERSION_DATE}
Release: 0
Summary: SUSE Linux Default Permissions
# Maintained in github by the security team.
License: GPL-2.0-or-later
Group: Productivity/Security
URL: http://github.com/openSUSE/permissions
Source: permissions-%{VERSION_DATE}.tar.xz
Source1: fix_version.sh
Source2: permissions.rpmlintrc
BuildRequires: gcc-c++
BuildRequires: libcap-devel
BuildRequires: libcap-progs
BuildRequires: python-rpm-macros
BuildRequires: tclap
# test suite
BuildRequires: python3-base
Requires: chkstat
Requires: permissions-config
Provides: aaa_base:%{_datadir}/permissions
%prep
%autosetup -n permissions-%{VERSION_DATE}
%build
make %{?_smp_mflags} CXXFLAGS="%{optflags}"
%install
%make_install fillupdir=%{_fillupdir}
# Fix shebang in scripts: Remove dependency on /usr/bin/python3,
# making scripts to depends on the real python3 binary, not the link.
# (bsc#1212476)
for f in %{buildroot}/usr/lib/zypp/plugins/commit/*
do
[ -f $f ] && sed -i "1s@#\!.*python.*@#\!$(realpath %__python3)@" $f
done
%check
# will fail on qemu with unshare: unshare failed: Invalid argument
%if !0%{?qemu_user_space_build}
tests/regtest.py --skip-make > /dev/null
%endif
%description
File and directory permission settings depending on the local security
settings. The local security setting ("easy", "secure", or "paranoid") can be
configured in /etc/sysconfig/security.
This package does not contain files, it just requires the necessary packages.
%files
%package config
Summary: SUSE Linux Default Permissions config files
Group: Productivity/Security
Requires(post): %fillup_prereq
Requires(post): chkstat
#!BuildIgnore: group(trusted)
Requires(pre): group(trusted)
Obsoletes: permissions-doc <= %{suse_version}_%{VERSION_DATE}
BuildArch: noarch
%description config
The actual permissions configuration files, /usr/share/permissions/permission.*.
%files config
%defattr(644, root, root, 755)
%dir %{_datadir}/permissions
%dir %{_datadir}/permissions/permissions.d
%{_datadir}/permissions/permissions
%{_datadir}/permissions/permissions.easy
%{_datadir}/permissions/permissions.secure
%{_datadir}/permissions/permissions.paranoid
%{_datadir}/permissions/variables.conf
%config(noreplace) %{_sysconfdir}/permissions.local
%{_fillupdir}/sysconfig.security
%{_mandir}/man5/permissions.5%{ext_man}
%post config
%{fillup_only -n security}
# apply all potentially changed permissions
%{_bindir}/chkstat --system || :
%package -n chkstat
Summary: SUSE Linux Default Permissions tool
Group: Productivity/Security
%description -n chkstat
Tool to check and set file permissions.
%files -n chkstat
%{_bindir}/chkstat
%{_mandir}/man8/chkstat.8%{ext_man}
%package -n permissions-zypp-plugin
BuildArch: noarch
Requires: permissions = %{version}
Requires: python3-zypp-plugin
Requires: libzypp(plugin:commit) = 1
Summary: A zypper commit plugin for calling chkstat
Group: Productivity/Security
%description -n permissions-zypp-plugin
This package contains a plugin for zypper that calls `chkstat --system` after
new packages have been installed. This is helpful for maintaining custom
entries in /etc/permissions.local.
%files -n permissions-zypp-plugin
%dir /usr/lib/zypp
%dir /usr/lib/zypp/plugins
%dir /usr/lib/zypp/plugins/commit
/usr/lib/zypp/plugins/commit/permissions.py
%changelog
Reference in New Issue View Git Blame Copy Permalink