2011-01-17 17:43:05 +01:00
#
2011-01-17 17:43:15 +01:00
# spec file for package apparmor
2011-01-17 17:43:05 +01:00
#
2018-01-04 15:54:12 +01:00
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2011-2018 Christian Boltz
2011-01-17 17:43:05 +01:00
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
2018-10-10 20:56:55 +02:00
# Please submit bugfixes or comments via https://bugs.opensuse.org/
2011-01-17 17:43:05 +01:00
#
2013-08-15 14:10:13 +02:00
# warning - confusing syntax ahead ;-)
# bcond_with means "disable"
# bcond_without means "enable"
2011-09-14 13:56:46 +02:00
%bcond_with tomcat
2011-01-17 17:43:05 +01:00
%bcond_without pam
2016-12-06 01:26:20 +01:00
%bcond_without apache
2014-09-07 21:10:23 +02:00
%bcond_without perl
2017-01-28 13:45:16 +01:00
%bcond_with python
%bcond_without python3
%bcond_without ruby
2011-01-17 17:43:05 +01:00
%define CATALINA_HOME /usr/share/tomcat6
2014-09-07 21:10:23 +02:00
#define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
#define JNI_SO libJNIChangeHat.so
2011-01-17 17:43:05 +01:00
%define JAR_FILE changeHatValve.jar
%define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR)
Name : apparmor
2018-12-21 15:30:43 +01:00
Version : 2.13.2
Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
- move various permissions from httpd2-prefork profile to
abstractions/apache2-common. Backward-incompatible change: *.htaccess
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
- allow various .conf files for dovecot (lp#458922)
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
and abstractions/private-files-strict (lp#911847)
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
to use ~/.kde4, not only ~/.kde (bnc#741592)
- block write access to ~/.kde{,4}/env in abstractions/private-files
(lp#914190)
- allow write access for personal dictionary etc. in abstractions/aspell
(lp#917859)
- when using genprof for a script, include read access to the script itsself
- automatically include abstractions/python or abstractions/ruby for
python/ruby scripts
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
- allow creation of the .config directory in abstractions/enchant (lp#914184)
- allow TFTP read-only access in dnsmasq profile (lp#905412)
- allow capability dac_read_search for syslog-ng (bnc#731876)
- add p11-kit abstraction and include it in abstractions/authentification
(lp#912754, lp#912752)
- add audacity to abstractions/ubuntu-media-players (lp#899963)
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
lp#890894, lp#890894, lp#884748)
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
- allow avahi to do dbus introspection (lp#769148)
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
abstractions/cups-client (lp#887992)
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
abstractions/python (lp#860856)
- various updates to the sshd profile (lp#817956)
- (and some more changes I already included in the apparmor-2.7-branch.diff)
OBS-URL: https://build.opensuse.org/request/show/102458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
2012-02-02 17:56:20 +01:00
Release : 0
2011-09-14 13:56:46 +02:00
Summary : AppArmor userlevel parser utility
2018-03-03 11:25:05 +01:00
License : GPL-2.0-or-later
2011-01-17 17:43:05 +01:00
Group : Productivity/Networking/Security
2017-01-28 13:45:16 +01:00
Url : https://launchpad.net/apparmor
2011-09-14 13:56:46 +02:00
Source0 : apparmor-%{version} .tar.gz
2012-12-07 17:18:41 +01:00
Source1 : apparmor-%{version} .tar.gz.asc
Source2 : %{name} .keyring
2011-03-25 09:04:51 +01:00
2012-12-07 17:18:41 +01:00
Source5 : update-trans.sh
2013-02-17 16:48:15 +01:00
Source6 : baselibs.conf
2014-08-02 12:53:38 +02:00
Source7 : apparmor-rpmlintrc
2017-10-25 23:04:37 +02:00
2011-10-10 14:10:08 +02:00
# enable caching of profiles (= massive performance speedup when loading profiles)
2018-04-20 01:30:53 +02:00
# and set cache-loc in parser.conf and apparmor.service accordingly
2011-10-10 14:10:08 +02:00
Patch1 : apparmor-enable-profile-cache.diff
2011-10-19 13:56:25 +02:00
# include autogenerated profile sniplet for samba shares (bnc#688040)
Patch2 : apparmor-samba-include-permissions-for-shares.diff
2013-08-15 14:10:13 +02:00
# Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
2014-10-05 21:34:36 +02:00
Patch5 : ruby-2_0-mkmf-destdir.patch
2014-09-06 23:13:24 +02:00
2014-12-21 17:26:04 +01:00
# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
2014-12-21 17:18:25 +01:00
Patch7 : apparmor-lessopen-profile.patch
2018-12-22 16:48:06 +01:00
# fate#325872 netconfig: write resolv.conf to /run with link to /etc - submitted upstream 2018-12-22 https://gitlab.com/apparmor/apparmor/merge_requests/294
Patch8 : apparmor-nameservice-resolv-conf-link.patch
2011-01-17 17:43:05 +01:00
PreReq : sed
2011-09-14 13:56:46 +02:00
BuildRoot : %{_tmppath} /%{name} -%{version} -build
%define apparmor_bin_prefix /lib/apparmor
BuildRequires : bison
2017-01-28 13:45:16 +01:00
BuildRequires : dejagnu
2011-09-14 13:56:46 +02:00
BuildRequires : flex
2011-01-17 17:43:05 +01:00
BuildRequires : gcc-c++
2011-01-17 17:43:15 +01:00
BuildRequires : pcre-devel
2011-09-14 13:56:46 +02:00
BuildRequires : pkg-config
2012-05-08 22:39:34 +02:00
BuildRequires : python
2017-01-28 13:45:16 +01:00
BuildRequires : python3-pyflakes
2016-08-27 00:07:45 +02:00
BuildRequires : perl(Locale::gettext)
2011-09-14 13:56:46 +02:00
2011-01-17 17:43:15 +01:00
BuildRequires : swig
2011-01-17 17:43:05 +01:00
%if %{with python}
2011-09-14 13:56:46 +02:00
BuildRequires : python-devel
BuildRequires : swig
2011-01-17 17:43:05 +01:00
%endif
2013-08-15 14:10:13 +02:00
%if %{with python3}
BuildRequires : python3-devel
BuildRequires : swig
%endif
2011-01-17 17:43:05 +01:00
%if %{with ruby}
2011-09-14 13:56:46 +02:00
BuildRequires : ruby-devel
BuildRequires : swig
2011-01-17 17:43:05 +01:00
%endif
%if %{with apache}
2011-01-17 17:43:15 +01:00
BuildRequires : apache2-devel
2011-01-17 17:43:05 +01:00
%endif
%if %{with tomcat}
2011-09-14 13:56:46 +02:00
BuildRequires : ant
BuildRequires : java-devel >= 1.6.0
BuildRequires : tomcat6
2011-01-17 17:43:05 +01:00
%endif
%package parser
Summary : AppArmor userlevel parser utility
2018-03-03 11:25:05 +01:00
License : GPL-2.0-or-later
2011-01-17 17:43:05 +01:00
Group : Productivity/Networking/Security
2017-01-28 13:45:16 +01:00
Obsoletes : libimnxcert < 2.9
Obsoletes : subdomain-leaf-cert < 2.9
Obsoletes : subdomain-parser < 2.9
Obsoletes : subdomain-parser-common < 2.9
Obsoletes : subdomain-parser-demo < 2.9
Obsoletes : subdomain_parser < 2.9
2012-04-17 07:43:31 +02:00
Provides : libimnxcert = %{version}
Provides : subdomain-leaf-cert = %{version}
2011-01-17 17:43:15 +01:00
Provides : subdomain-parser = %{version}
Provides : subdomain-parser-common = %{version}
2012-04-17 07:43:31 +02:00
Provides : subdomain-parser-demo = %{version}
Provides : subdomain_parser = %{version}
2011-02-03 22:31:16 +01:00
Provides : apparmor-parser(CAP_SYSLOG)
2015-06-16 00:42:34 +02:00
BuildRequires : systemd-rpm-macros
%{?systemd_requires}
2011-01-17 17:43:05 +01:00
%description parser
The AppArmor Parser is a userlevel program that is used to load in
program profiles to the AppArmor Security kernel module.
This package is part of a suite of tools that used to be named
SubDomain.
%package docs
2011-01-17 17:43:15 +01:00
Summary : AppArmor Documentation package
2018-03-03 11:25:05 +01:00
License : GPL-2.0-or-later
2011-01-17 17:43:15 +01:00
Group : Documentation/Other
2011-07-05 13:45:31 +02:00
BuildArch : noarch
2011-01-17 17:43:05 +01:00
%description docs
This package contains documentation for AppArmor.
This package is part of a suite of tools that used to be named
SubDomain.
%if %{with apache}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%package -n apache2-mod_apparmor
Summary : AppArmor module for apache2
2018-03-03 11:25:05 +01:00
License : GPL-2.0-or-later
2011-01-17 17:43:05 +01:00
Group : Productivity/Security
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%description -n apache2-mod_apparmor
apache2-modapparmor adds support to apache2 to provide AppArmor
confinement to individual cgi scripts handled by apache modules like
mod_php and mod_perl.
This package is part of a suite of tools that used to be named
SubDomain.
The documentation is in the apparmor-admin_en package.
%endif
2014-09-07 21:10:23 +02:00
%if %{with perl}
2011-01-17 17:43:05 +01:00
%package -n perl-apparmor
2011-09-14 13:56:46 +02:00
Summary : Perl interface for libapparmor functions
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2011-09-14 13:56:46 +02:00
Group : Development/Libraries/Perl
2011-01-17 17:43:05 +01:00
Requires : libapparmor1 = %{version}
Requires : perl = %{perl_version}
2011-11-28 12:52:47 +01:00
Provides : perl-libapparmor = %{version}
2011-01-17 17:43:15 +01:00
Obsoletes : perl-libapparmor < 2.5
2011-01-17 17:43:05 +01:00
%description -n perl-apparmor
This package provides the perl interface to AppArmor. It is used for perl
2017-12-26 15:30:01 +01:00
applications interfacing with AppArmor.
2011-01-17 17:43:05 +01:00
2014-09-07 21:10:23 +02:00
%endif
2011-01-17 17:43:05 +01:00
%if %{with python}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%package -n python-apparmor
2013-08-15 14:10:13 +02:00
Summary : Python 2 interface for libapparmor functions
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2011-09-14 13:56:46 +02:00
Group : Development/Libraries/Python
2011-01-17 17:43:15 +01:00
BuildRequires : python
2011-09-14 13:56:46 +02:00
Requires : libapparmor1 = %{version}
2011-01-17 17:43:05 +01:00
Requires : python = %{python_version}
2017-08-15 18:08:48 +02:00
Requires : python(abi) = %{python_version}
2013-08-15 14:10:13 +02:00
Provides : python-libapparmor = %{version}
2011-01-17 17:43:15 +01:00
Obsoletes : python-libapparmor < 2.5
2011-01-17 17:43:05 +01:00
%description -n python-apparmor
This package provides the python interface to AppArmor. It is used for python
applications interfacing with AppArmor.
%endif
2013-08-15 14:10:13 +02:00
%if %{with python3}
%package -n python3-apparmor
Summary : Python 3 interface for libapparmor functions
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2013-08-15 14:10:13 +02:00
Group : Development/Libraries/Python
Requires : libapparmor1 = %{version}
2017-08-15 18:08:48 +02:00
Requires : python = %{py3_ver}
2013-08-19 18:02:10 +02:00
Requires : python(abi) = %{py3_ver}
2013-08-15 14:10:13 +02:00
Provides : python-libapparmor = %{version}
%description -n python3-apparmor
This package provides the python interface to AppArmor. It is used for python
applications interfacing with AppArmor.
%endif
2011-01-17 17:43:05 +01:00
%if %{with ruby}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%package -n ruby-apparmor
2011-09-14 13:56:46 +02:00
Summary : Ruby interface for libapparmor functions
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2013-08-15 14:10:13 +02:00
Group : Development/Languages/Ruby
2011-01-17 17:43:05 +01:00
Requires : libapparmor1 = %{version}
2013-08-24 00:02:24 +02:00
Requires : ruby = %(rpm -q --qf '%%{version}' ruby)
2013-08-15 14:10:13 +02:00
Provides : ruby-libapparmor = %{version}
2011-01-17 17:43:15 +01:00
Obsoletes : ruby-libapparmor < 2.5
2011-01-17 17:43:05 +01:00
%description -n ruby-apparmor
This package provides the ruby interface to AppArmor. It is used for ruby
applications interfacing with AppArmor.
%endif
2014-10-05 18:17:38 +02:00
%package abstractions
Summary : AppArmor abstractions and directory structure
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2014-10-05 18:17:38 +02:00
Group : Productivity/Security
Requires : apparmor-parser(CAP_SYSLOG)
BuildArch : noarch
%description abstractions
2014-10-05 21:34:36 +02:00
AppArmor abstractions (common parts used in various profiles) and
2014-10-05 18:17:38 +02:00
the /etc/apparmor.d/ directory structure.
2014-10-05 21:34:36 +02:00
AppArmor is a file and network mandatory access control mechanism.
2014-10-05 18:17:38 +02:00
AppArmor confines processes to the resources allowed by the systems
administrator and can constrain the scope of potential security
vulnerabilities.
This package is part of a suite of tools that used to be named
SubDomain.
2011-01-17 17:43:05 +01:00
%package profiles
Summary : AppArmor profiles that are loaded into the apparmor kernel module
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2011-01-17 17:43:05 +01:00
Group : Productivity/Security
2014-10-05 18:17:38 +02:00
Requires : apparmor-abstractions >= %{version}
2011-09-14 13:56:46 +02:00
Requires : apparmor-parser(CAP_SYSLOG)
2017-01-28 13:45:16 +01:00
Obsoletes : subdomain-profiles < 2.9
2011-01-17 17:43:15 +01:00
Provides : subdomain-profiles = %{version}
2011-07-05 13:45:31 +02:00
BuildArch : noarch
2011-01-17 17:43:05 +01:00
%description profiles
Base profiles. AppArmor is a file and network mandatory access control
mechanism. AppArmor confines processes to the resources allowed by the
systems administrator and can constrain the scope of potential security
vulnerabilities.
This package is part of a suite of tools that used to be named
SubDomain.
%package utils
Summary : AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2011-01-17 17:43:05 +01:00
Group : Productivity/Security
2011-01-17 17:43:15 +01:00
Requires : libapparmor1 = %{version}
2017-01-28 13:45:16 +01:00
# some of the tools are still perl-based (aa-decode and aa-notify)
2011-09-14 13:56:46 +02:00
Requires : perl = %{perl_version}
2011-01-17 17:43:15 +01:00
Requires : perl-apparmor = %{version}
2014-09-07 21:10:23 +02:00
%if %{with python3}
Requires : python3-apparmor = %{version}
Requires : python3-base
%else
Requires : python-apparmor = %{version}
Requires : python-base
%endif
2017-01-28 13:45:16 +01:00
# aa-unconfined needs ss
Recommends: iproute2
2018-01-04 15:54:12 +01:00
# aa-notify -p needs notify-send (only "Suggests", see boo#1067477)
Suggests : libnotify-tools
2011-01-17 17:43:15 +01:00
BuildArch : noarch
2011-01-17 17:43:05 +01:00
%description utils
This package provides the aa-logprof, aa-genprof, aa-autodep,
aa-enforce, and aa-complain tools to assist with profile authoring.
2015-07-22 18:38:30 +02:00
Besides it provides the aa-unconfined server information tool.
2011-10-10 14:10:08 +02:00
It is part of a suite of tools that used to be named SubDomain.
2011-01-17 17:43:05 +01:00
%if %{with tomcat}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%package -n tomcat_apparmor
Summary : Tomcat 6 plugin for AppArmor change_hat
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2011-01-17 17:43:05 +01:00
Group : System/Libraries
2011-09-14 13:56:46 +02:00
Requires : libapparmor1 = %{version}
Requires : tomcat6
2011-01-17 17:43:05 +01:00
%description -n tomcat_apparmor
tomcat_apparmor - is a plugin for Apache Tomcat version 6 that
provides support for AppArmor change_hat for creating AppArmor
containers that are bound to discrete elements of processing within the
Tomcat servlet container. The AppArmor containers, or " h a t s " , can be
created for individual URL processing or per servlet.
%endif
%if %{with pam}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%package -n pam_apparmor
2011-09-09 11:06:14 +02:00
Summary : PAM module for AppArmor change_hat
2018-03-03 11:25:05 +01:00
License : GPL-2.0-only AND LGPL-2.1-or-later
2011-01-17 17:43:05 +01:00
Group : Productivity/Security
2011-09-09 11:06:14 +02:00
BuildRequires : pam-devel
2011-09-14 13:56:46 +02:00
PreReq : pam
PreReq : pam-config
Requires : pam
Requires : pam-config
2011-01-17 17:43:05 +01:00
%description -n pam_apparmor
The pam_apparmor module provides the means for any PAM applications
that call pam_open_session() to automatically perform an AppArmor
change_hat operation in order to switch to a user-specific security
policy.
%endif
%description
The AppArmor Parser is a userlevel program that is used to load in
program profiles to the AppArmor Security kernel module.
This package is part of a suite of tools that used to be named
SubDomain.
%lang_package -n apparmor-utils
%lang_package -n apparmor-parser
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%prep
2012-05-08 22:39:34 +02:00
%setup -q
2018-04-20 01:21:57 +02:00
%patch1
2013-11-26 00:58:28 +01:00
%patch2
2014-10-05 21:34:36 +02:00
%patch5 -p1
2017-12-26 15:30:01 +01:00
%patch7
2018-12-22 16:48:06 +01:00
%patch8 -p1
2014-10-06 20:24:32 +02:00
2011-01-17 17:43:05 +01:00
%build
export SUSE_ASNEEDED=0
2013-08-15 14:10:13 +02:00
%if %{with python3}
export PYTHON=/usr/bin/python3
%endif
2011-09-14 13:56:46 +02:00
# libapparmor:
(
cd ./libraries/libapparmor
2014-09-07 21:10:23 +02:00
%configure \
%if %{with perl}
--with-perl \
%endif
2013-08-15 14:10:13 +02:00
%if %{with python}%{with python3}
2011-09-14 13:56:46 +02:00
--with-python \
2011-01-17 17:43:05 +01:00
%else
2011-09-14 13:56:46 +02:00
--without-python \
2011-01-17 17:43:05 +01:00
%endif
%if %{with ruby}
2011-09-14 13:56:46 +02:00
--with-ruby \
2011-01-17 17:43:05 +01:00
%else
2011-09-14 13:56:46 +02:00
--without-ruby \
2011-01-17 17:43:05 +01:00
%endif
2011-09-14 13:56:46 +02:00
make
)
# Utilities:
make -C utils
2017-01-28 13:45:16 +01:00
# binutils
make -C binutils
2011-09-14 13:56:46 +02:00
# parser:
2012-09-21 22:10:44 +02:00
make -C parser V=1
2011-09-14 13:56:46 +02:00
# Apache mod_apparmor:
%if %{with apache}
make -C changehat/mod_apparmor
2011-01-17 17:43:05 +01:00
%endif
2011-09-14 13:56:46 +02:00
# PAM AppArmor:
2011-01-17 17:43:05 +01:00
%if %{with pam}
2011-09-14 13:56:46 +02:00
make -C changehat/pam_apparmor
2011-01-17 17:43:05 +01:00
%endif
2011-09-14 13:56:46 +02:00
# Profiles:
make -C profiles
%if %{with tomcat}
make -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{CATALINA_HOME}
2011-01-17 17:43:05 +01:00
%endif
2018-04-20 01:21:57 +02:00
# pre-build profile cache
# note that -L only works with an absolute path, therefore prefix it with $(pwd)
parser/apparmor_parser --write-cache -QT -L $(pwd)/profiles/cache -I profiles/apparmor.d/ profiles/apparmor.d/
2016-08-27 00:07:45 +02:00
%check
%if %{with python3}
export PYTHON=/usr/bin/python3
export PYTHON_VERSIONS=python3
%endif
make check -C libraries/libapparmor
make check -C parser
2017-01-28 13:45:16 +01:00
make check -C binutils
2016-08-27 00:07:45 +02:00
# profiles make check fails for the utils (libapparmor PYTHONPATH issues), therefore only do parser-based checks
2018-04-20 00:21:11 +02:00
make -C profiles check-parser
2017-01-28 13:45:16 +01:00
2018-04-20 01:21:57 +02:00
# test for a few files that should exist in the cache
test -f profiles/cache/*/bin.ping
test -f profiles/cache/*/.features
2017-01-28 13:45:16 +01:00
make check -C utils
2016-08-27 00:07:45 +02:00
2011-01-17 17:43:05 +01:00
%install
2014-09-07 21:10:23 +02:00
%if %{with python3}
export PYTHON=/usr/bin/python3
%endif
2017-01-30 23:53:15 +01:00
# libapparmor: swig bindings only, libapparmor is packaged via libapparmor.spec
%makeinstall -C libraries/libapparmor/swig
2011-01-17 17:43:05 +01:00
2011-09-14 13:56:46 +02:00
# utilities
2011-09-19 22:48:33 +02:00
%makeinstall -C utils
2014-09-07 21:10:23 +02:00
test ! -x %{buildroot} /%{_bindir} /aa-easyprof && chmod +x %{buildroot} /%{_bindir} /aa-easyprof # https://bugs.launchpad.net/apparmor/+bug/1366568
2011-10-10 14:10:08 +02:00
mkdir -p %{buildroot} %{_localstatedir} /log/apparmor
2017-01-28 13:45:16 +01:00
# binutils
%makeinstall -C binutils
( cd %{buildroot} /%{_sbindir} && ln -s %{_bindir} /aa-exec exec )
2014-09-07 21:10:23 +02:00
2011-10-10 14:10:08 +02:00
%makeinstall -C profiles
2011-01-17 17:43:05 +01:00
2018-04-20 01:21:57 +02:00
install -d -m 755 %{buildroot} /usr/share/apparmor/cache
2018-04-30 01:15:47 +02:00
echo " * * * W A R N I N G : p r e c o m p i l i n g c a c h e i s k n o w n t o f a i l u n d e r ' o s c b u i l d ' - u s e ' o s c b u i l d - - v m - t y p e k v m ' i n s t e a d * * * "
2018-04-20 01:21:57 +02:00
cp -a profiles/cache/* %{buildroot} /usr/share/apparmor/cache
test -f %{buildroot} /usr/share/apparmor/cache/*/.features
test -f %{buildroot} /usr/share/apparmor/cache/*/bin.ping
2011-09-14 13:56:46 +02:00
%makeinstall -C parser
2018-04-20 01:21:57 +02:00
# default cache dir (up to 2.12) is /etc/apparmor.d/cache - not the best location.
2017-01-24 15:23:09 +01:00
# Use /var/lib/apparmor/cache and make /etc/apparmor.d/cache a symlink to it
mkdir -p %{buildroot} %{_localstatedir} /lib/apparmor/cache
( cd %{buildroot} /%{_sysconfdir} /apparmor.d/ && ln -s ../../%{_localstatedir} /lib/apparmor/cache cache )
2018-04-20 01:21:57 +02:00
# default cache dir (starting with 2.13) is /etc/apparmor.d/cache.d - also not the best location
# Use /var/cache/apparmor and make /etc/apparmor.d/cache.d a symlink to it
mkdir -p %{buildroot} %{_localstatedir} /cache/apparmor
( cd %{buildroot} /%{_sysconfdir} /apparmor.d/ && ln -s ../../%{_localstatedir} /cache/apparmor cache.d )
2011-01-17 17:43:05 +01:00
2011-09-14 13:56:46 +02:00
%if %{with apache}
%makeinstall -C changehat/mod_apparmor
%endif
%if %{with pam}
2017-01-28 13:45:16 +01:00
%makeinstall -C changehat/pam_apparmor SECDIR=%{buildroot} /%{_lib}/security
2011-09-14 13:56:46 +02:00
%endif
%if %{with tomcat}
mkdir -p %{buildroot} /%{CATALINA_HOME}
%makeinstall -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{buildroot} /%{CATALINA_HOME}
%endif
2017-01-28 13:45:16 +01:00
find %{buildroot} -name .packlist -exec rm -vf {} \;
find %{buildroot} -name perllocal.pod -exec rm -vf {} \;
2011-01-17 17:43:05 +01:00
2014-09-07 21:10:23 +02:00
# Re-create the links to the old names, but only for tools and manpages that had it for historic reasons[tm].
# Tools and manpages added in >= 2.9 won't get symlinks without aa- prefix
2011-09-14 13:56:46 +02:00
for file in %{buildroot} %{_prefix} /{sbin,share/man/man[0-9]}/aa-*; do
2014-09-07 21:10:23 +02:00
d=$(dirname $file)
f=$(basename $file)
case " $ { f # a a - } " in
audit | autodep | complain | decode | disable | enforce | exec | genprof | logprof | notify | status | unconfined | \
2017-01-28 13:45:16 +01:00
audit.8* | autodep.8* | complain.8* | disable.8* | easyprof.8* | enforce.8* | exec.1* | genprof.8* | logprof.8* | notify.8 | status.8 | unconfined.8* )
2014-09-07 21:10:23 +02:00
if [ " $ { f # a a - } " != " $ f " ]; then
ln -s $f $d/${f#aa-}
fi
;;
esac
2011-01-17 17:43:05 +01:00
done
2011-09-14 13:56:46 +02:00
mv -f %{buildroot} %{_mandir} /man8/{status.8,apparmor_status.8}
mv -f %{buildroot} %{_mandir} /man8/{notify.8,apparmor_notify.8}
rm -f %{buildroot} %{_mandir} /man8/decode.8
2011-01-17 17:43:05 +01:00
2017-01-28 13:45:16 +01:00
for pkg in apparmor-utils apparmor-parser aa-binutils; do
2014-09-07 21:10:23 +02:00
%find_lang $pkg
2011-01-17 17:43:05 +01:00
done
2011-09-14 13:56:46 +02:00
# remove *.la files
2017-01-28 13:45:16 +01:00
rm -fv %{buildroot} %{_libdir} /libapparmor.la
2011-01-17 17:43:05 +01:00
2011-09-14 13:56:46 +02:00
echo -------------------------------------------------------------------
2013-08-15 14:10:13 +02:00
#find -ls
2011-09-14 13:56:46 +02:00
echo -------------------------------------------------------------------
2013-08-15 14:10:13 +02:00
#find %{buildroot} -ls
2011-09-14 13:56:46 +02:00
echo -------------------------------------------------------------------
2011-01-17 17:43:05 +01:00
%files docs
%defattr (-,root,root)
%doc parser/*.[1-9].html
2014-10-18 15:47:32 +02:00
%doc utils/vim/apparmor.vim.5.html
2011-01-17 17:43:05 +01:00
%doc common/apparmor.css
2017-01-28 13:45:16 +01:00
%doc parser/techdoc.pdf
2012-05-08 22:39:34 +02:00
# apparmor.vim is included in the vim package. Ideally it should be in a -devel package, but that's overmuch for one file
2012-06-02 23:50:07 +02:00
%dir %{_datadir} /apparmor
%{_datadir} /apparmor/apparmor.vim
2011-01-17 17:43:05 +01:00
%files parser
%defattr (-,root,root)
%doc parser/README parser/COPYING.GPL
/sbin/apparmor_parser
2017-01-28 13:45:16 +01:00
%{_bindir} /aa-enabled
%{_bindir} /aa-exec
2017-12-26 15:30:01 +01:00
%{_sbindir} /aa-teardown
2018-04-20 00:21:11 +02:00
%{_sbindir} /exec
2011-01-17 17:43:05 +01:00
%dir %attr (-, root, root) %{_sysconfdir} /apparmor
2011-10-10 14:10:08 +02:00
%dir %{_sysconfdir} /apparmor.d
2017-01-24 15:23:09 +01:00
%{_sysconfdir} /apparmor.d/cache
2018-04-20 01:21:57 +02:00
%{_sysconfdir} /apparmor.d/cache.d
2017-03-19 20:14:12 +01:00
/sbin/rcapparmor
2015-04-12 23:08:34 +02:00
%{_unitdir} /apparmor.service
2011-01-17 17:43:05 +01:00
%config (noreplace) %{_sysconfdir} /apparmor/subdomain.conf
2011-10-10 14:10:08 +02:00
%config (noreplace) %{_sysconfdir} /apparmor/parser.conf
%{_localstatedir} /lib/apparmor
2018-04-20 01:21:57 +02:00
%{_localstatedir} /cache/apparmor
2011-01-17 17:43:05 +01:00
%dir %attr (-, root, root) %{apparmor_bin_prefix}
%{apparmor_bin_prefix} /rc.apparmor.functions
2017-03-19 20:14:12 +01:00
%{apparmor_bin_prefix} /apparmor.systemd
2017-01-28 13:45:16 +01:00
%doc %{_mandir} /man1/aa-enabled.1.gz
%doc %{_mandir} /man1/aa-exec.1.gz
%doc %{_mandir} /man1/exec.1.gz
2011-01-17 17:43:05 +01:00
%doc %{_mandir} /man5/apparmor.d.5.gz
%doc %{_mandir} /man5/apparmor.vim.5.gz
%doc %{_mandir} /man5/subdomain.conf.5.gz
%doc %{_mandir} /man7/apparmor.7.gz
2018-04-20 00:21:11 +02:00
%doc %{_mandir} /man8/aa-teardown.8.gz
2011-01-17 17:43:05 +01:00
%doc %{_mandir} /man8/apparmor_parser.8.gz
%pre parser
if [ -f %{_sysconfdir} /init.d/subdomain ] ; then
chkconfig --del subdomain
fi
2015-04-12 23:08:34 +02:00
%service_add_pre apparmor.service
2011-01-17 17:43:05 +01:00
2017-01-28 13:45:16 +01:00
%files parser-lang -f apparmor-parser.lang -f aa-binutils.lang
%defattr (-,root,root)
2011-01-17 17:43:05 +01:00
2014-10-05 18:17:38 +02:00
%files abstractions
2011-09-14 13:56:46 +02:00
%defattr (644,root,root,755)
2012-09-26 22:23:10 +02:00
%dir %{_sysconfdir} /apparmor.d/
2013-05-14 01:00:39 +02:00
%dir %{_sysconfdir} /apparmor.d/abstractions
%config (noreplace) %{_sysconfdir} /apparmor.d/abstractions/*
2013-05-14 01:04:07 +02:00
%dir %{_sysconfdir} /apparmor.d/disable
2014-10-05 18:17:38 +02:00
%dir %{_sysconfdir} /apparmor.d/local
%dir %{_sysconfdir} /apparmor.d/tunables
%config (noreplace) %{_sysconfdir} /apparmor.d/tunables/*
%files profiles
%defattr (644,root,root,755)
%dir %{_sysconfdir} /apparmor.d/apache2.d
2013-05-14 01:00:39 +02:00
%config (noreplace) %{_sysconfdir} /apparmor.d/apache2.d/phpsysinfo
2013-08-15 14:10:13 +02:00
%config (noreplace) %{_sysconfdir} /apparmor.d/bin.*
%config (noreplace) %{_sysconfdir} /apparmor.d/sbin.*
%config (noreplace) %{_sysconfdir} /apparmor.d/usr.*
2018-12-21 15:30:43 +01:00
%config (noreplace) %{_sysconfdir} /apparmor.d/nvidia_modprobe
2013-05-14 01:00:39 +02:00
%config (noreplace) %{_sysconfdir} /apparmor.d/local/*
2018-04-20 01:21:57 +02:00
%dir /usr/share/apparmor/
/usr/share/apparmor/cache/
2014-09-07 21:10:23 +02:00
/usr/share/apparmor/extra-profiles/
2011-01-17 17:43:05 +01:00
%files utils
%defattr (-,root,root)
%dir %{_sysconfdir} /apparmor
2012-06-02 23:50:07 +02:00
%config (noreplace) %{_sysconfdir} /apparmor/easyprof.conf
2011-01-17 17:43:05 +01:00
%config (noreplace) %{_sysconfdir} /apparmor/logprof.conf
%config (noreplace) %{_sysconfdir} /apparmor/notify.conf
%config (noreplace) %{_sysconfdir} /apparmor/severity.db
2017-12-26 15:30:01 +01:00
%{_sbindir} /aa-audit
%{_sbindir} /aa-autodep
%{_sbindir} /aa-cleanprof
%{_sbindir} /aa-complain
%{_sbindir} /aa-decode
%{_sbindir} /aa-disable
%{_sbindir} /aa-enforce
%{_sbindir} /aa-genprof
%{_sbindir} /aa-logprof
%{_sbindir} /aa-mergeprof
%{_sbindir} /aa-notify
%{_sbindir} /aa-remove-unknown
%{_sbindir} /aa-status
%{_sbindir} /aa-unconfined
2014-09-07 21:10:23 +02:00
%{_sbindir} /apparmor_status
%{_sbindir} /audit
%{_sbindir} /autodep
%{_sbindir} /complain
%{_sbindir} /decode
%{_sbindir} /disable
%{_sbindir} /enforce
%{_sbindir} /genprof
%{_sbindir} /logprof
%{_sbindir} /notify
%{_sbindir} /status
%{_sbindir} /unconfined
2012-06-02 23:50:07 +02:00
%{_bindir} /aa-easyprof
%dir %{_datadir} /apparmor
%{_datadir} /apparmor/easyprof/
2011-10-10 14:10:08 +02:00
%dir %{_localstatedir} /log/apparmor
2011-01-17 17:43:05 +01:00
%doc %{_mandir} /man5/logprof.conf.5.gz
%doc %{_mandir} /man8/apparmor_notify.8.gz
2017-12-26 15:30:01 +01:00
%doc %{_mandir} /man8/aa-audit.8.gz
%doc %{_mandir} /man8/aa-autodep.8.gz
%doc %{_mandir} /man8/aa-cleanprof.8.gz
%doc %{_mandir} /man8/aa-complain.8.gz
%doc %{_mandir} /man8/aa-decode.8.gz
%doc %{_mandir} /man8/aa-disable.8.gz
%doc %{_mandir} /man8/aa-easyprof.8.gz
%doc %{_mandir} /man8/aa-enforce.8.gz
%doc %{_mandir} /man8/aa-genprof.8.gz
%doc %{_mandir} /man8/aa-logprof.8.gz
%doc %{_mandir} /man8/aa-mergeprof.8.gz
%doc %{_mandir} /man8/aa-notify.8.gz
%doc %{_mandir} /man8/aa-remove-unknown.8.gz
%doc %{_mandir} /man8/aa-status.8.gz
%doc %{_mandir} /man8/aa-unconfined.8.gz
2011-01-17 17:43:05 +01:00
%doc %{_mandir} /man8/apparmor_status.8.gz
%doc %{_mandir} /man8/audit.8.gz
%doc %{_mandir} /man8/autodep.8.gz
%doc %{_mandir} /man8/complain.8.gz
2011-09-14 13:56:46 +02:00
%doc %{_mandir} /man8/disable.8.gz
2012-06-02 23:50:07 +02:00
%doc %{_mandir} /man8/easyprof.8.gz
2011-01-17 17:43:05 +01:00
%doc %{_mandir} /man8/enforce.8.gz
%doc %{_mandir} /man8/genprof.8.gz
%doc %{_mandir} /man8/logprof.8.gz
%doc %{_mandir} /man8/unconfined.8.gz
%doc utils/*.[0-9].html
%doc common/apparmor.css
%files utils-lang -f apparmor-utils.lang
2014-09-07 21:10:23 +02:00
%if %{with perl}
2011-01-17 17:43:05 +01:00
%files -n perl-apparmor
%defattr (-,root,root)
2011-09-14 13:56:46 +02:00
%{perl_vendorarch} /auto/LibAppArmor/
2011-01-17 17:43:05 +01:00
%{perl_vendorarch} /LibAppArmor.pm
2014-09-07 21:10:23 +02:00
%endif
2011-01-17 17:43:05 +01:00
%if %{with python}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%files -n python-apparmor
%defattr (-,root,root)
2013-08-15 14:10:13 +02:00
%{python_sitearch} /LibAppArmor-%{version} -py%{python_version} .egg-info
%dir %{python_sitearch} /LibAppArmor
%{python_sitearch} /LibAppArmor/_LibAppArmor.so
%{python_sitearch} /LibAppArmor/__init__.py
%{python_sitearch} /LibAppArmor/__init__.pyc
2014-09-07 21:10:23 +02:00
%{python_sitelib} /apparmor/
%{python_sitelib} /apparmor-%{version} -py%{python_version} .egg-info
2013-08-15 14:10:13 +02:00
%endif
%if %{with python3}
%files -n python3-apparmor
%defattr (-,root,root)
%{python3_sitearch} /LibAppArmor-%{version} -py*.egg-info
%dir %{python3_sitearch} /LibAppArmor
%dir %{python3_sitearch} /LibAppArmor/__pycache__
2013-08-19 18:02:10 +02:00
%{python3_sitearch} /LibAppArmor/_LibAppArmor.cpython-*.so
2013-08-15 14:10:13 +02:00
%{python3_sitearch} /LibAppArmor/__pycache__/__init__.cpython-*.pyc
2016-08-27 00:07:45 +02:00
%{python3_sitearch} /LibAppArmor/__pycache__/LibAppArmor.cpython-*.pyc
2013-08-15 14:10:13 +02:00
%{python3_sitearch} /LibAppArmor/__init__.py
2016-08-27 00:07:45 +02:00
%{python3_sitearch} /LibAppArmor/LibAppArmor.py
2014-09-07 21:10:23 +02:00
%{python3_sitelib} /apparmor/
%{python3_sitelib} /apparmor-%{version} -py*.egg-info
2011-01-17 17:43:05 +01:00
%endif
%if %{with ruby}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%files -n ruby-apparmor
%defattr (-,root,root)
2014-02-01 13:26:11 +01:00
%{rb_sitearchdir} /LibAppArmor.so
2011-01-17 17:43:05 +01:00
%endif
%if %{with pam}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%files -n pam_apparmor
%defattr (444,root,root,755)
2017-01-28 13:45:16 +01:00
%attr (555,root,root) /%{_lib}/security/pam_apparmor.so
2011-01-17 17:43:05 +01:00
%endif
%if %{with tomcat}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%files -n tomcat_apparmor
%defattr (-,root,root)
%{CATALINA_HOME} /lib/%{JAR_FILE}
%{_libdir} /libJNI*
%doc %attr (0644,root,root) changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor
%endif
%if %{with apache}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%files -n apache2-mod_apparmor
%defattr (-,root,root)
%{apache_module_path} /mod_apparmor.so
%doc %{_mandir} /man8/mod_apparmor.8.gz
%endif
%post parser
2015-04-12 23:08:34 +02:00
%service_add_post apparmor.service
2011-01-17 17:43:05 +01:00
%preun parser
2015-04-12 23:08:34 +02:00
%service_del_preun apparmor.service
2011-01-17 17:43:05 +01:00
%postun parser
2015-04-17 21:38:20 +02:00
# don't call try-restart, see bnc#853019
export DISABLE_RESTART_ON_UPDATE=" y e s "
2015-04-12 23:08:34 +02:00
%service_del_postun apparmor.service
2014-10-05 18:17:38 +02:00
%post abstractions
2018-04-20 01:21:57 +02:00
# workaround for bnc#904620#c8 / lp#1392042
rm -f /var/cache/apparmor/* 2>/dev/null
2017-07-18 21:59:57 +02:00
#restart_on_update apparmor - but non-broken (bnc#853019)
systemctl is-active -q apparmor && systemctl reload apparmor ||:
2014-10-05 18:17:38 +02:00
2014-01-02 14:01:50 +01:00
%post profiles
2017-03-19 20:14:12 +01:00
# workaround for bnc#904620#c8 / lp#1392042
2018-04-20 01:21:57 +02:00
# old cache location up to 2.12
2017-03-19 20:14:12 +01:00
rm -f /var/lib/apparmor/cache/* 2>/dev/null
2018-04-20 01:21:57 +02:00
# cache location starting with 2.13
rm -f /var/cache/apparmor/* 2>/dev/null
2017-07-18 21:59:57 +02:00
#restart_on_update apparmor - but non-broken (bnc#853019)
systemctl is-active -q apparmor && systemctl reload apparmor ||:
2014-01-02 14:01:50 +01:00
2011-01-17 17:43:05 +01:00
%if %{with tomcat}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%post -n tomcat_apparmor -p /sbin/ldconfig
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%postun -n tomcat_apparmor -p /sbin/ldconfig
%endif
%if %{with pam}
2011-01-17 17:43:15 +01:00
2011-01-17 17:43:05 +01:00
%post -n pam_apparmor
pam-config -a --apparmor
pam-config --update
%postun -n pam_apparmor
pam-config -d --apparmor
pam-config --update
%endif
%changelog