Accepting request 453533 from home:cboltz

- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)

- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)

- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
  with minimum BuildRequires

OBS-URL: https://build.opensuse.org/request/show/453533
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=166
This commit is contained in:
Christian Boltz 2017-01-30 22:53:15 +00:00 committed by Git OBS Bridge
parent fcc884a7e3
commit 8c83a952f7
5 changed files with 1258 additions and 61 deletions

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Mon Jan 30 21:37:48 UTC 2017 - suse-beta@cboltz.de
- add upstream-changes-r3616..3628.diff:
- update abstractions/base, abstractions/apache2-common and dovecot profiles
- merge ask_the_questions() of aa-logprof and aa-mergeprof
- pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
-------------------------------------------------------------------
Sat Jan 28 21:40:11 UTC 2017 - suse-beta@cboltz.de
- split libapparmor into separate spec to get rid of build loop
involving mariadb, systemd, apparmor, libapr and mariadb again
(see the discussion in SR 448871 for details)
-------------------------------------------------------------------
Fri Jan 27 20:08:03 UTC 2017 - suse-beta@cboltz.de

View File

@ -82,6 +82,9 @@ Patch7: apparmor-lessopen-profile.patch
# drop local/ include from sshd profile to prevent failure in "make check" (taken from upstream bzr trunk r3615)
Patch8: sshd-profile-drop-local-include-r3615.diff
# upstream changes (trunk r3616..3628)
Patch9: upstream-changes-r3616..3628.diff
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{distro} == "suse"
@ -188,33 +191,6 @@ The documentation is in the apparmor-admin_en package.
%endif
%package -n libapparmor1
Summary: Utility library for AppArmor
License: LGPL-2.1+
Group: Development/Libraries/C and C++
%ifarch ppc64
Obsoletes: libapparmor-64bit < 2.9
Provides: libapparmor-64bit = %{version}
%endif
Provides: libapparmor = %{version}
Obsoletes: libapparmor < 2.9
%description -n libapparmor1
This package provides the libapparmor library, which contains the
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
well as functions to parse AppArmor log messages.
%package -n libapparmor-devel
Summary: Development headers and libraries for libapparmor
License: LGPL-2.1+
Group: Development/Libraries/C and C++
Requires: libapparmor1 = %{version}
Provides: libapparmor:/usr/include/sys/apparmor.h
%description -n libapparmor-devel
These libraries are needed for developing software that makes use of the
AppArmor API.
%if %{with perl}
%package -n perl-apparmor
@ -415,6 +391,7 @@ SubDomain.
%patch6
%patch7 -p1
%patch8
%patch9
# search for left-over multiline rules
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"
@ -511,10 +488,8 @@ make check -C utils
export PYTHON=/usr/bin/python3
%endif
# libapparmor
%makeinstall -C libraries/libapparmor
# create symlink for old change_hat(2) manpage
( cd %{buildroot}/%{_mandir}/man2/ && ln -s aa_change_hat.2 change_hat.2 )
# libapparmor: swig bindings only, libapparmor is packaged via libapparmor.spec
%makeinstall -C libraries/libapparmor/swig
# utilities
%makeinstall -C utils
@ -638,31 +613,6 @@ fi
%files parser-lang -f apparmor-parser.lang -f aa-binutils.lang
%defattr(-,root,root)
%files -n libapparmor1
%defattr(-,root,root)
%{_libdir}/libapparmor.so.*
%files -n libapparmor-devel
%defattr(-,root,root)
%{_libdir}/libapparmor.a
%{_libdir}/libapparmor.so
%{_libdir}/pkgconfig/libapparmor.pc
%doc %{_mandir}/man2/aa_change_hat.2.gz
%doc %{_mandir}/man2/aa_change_profile.2.gz
%doc %{_mandir}/man2/aa_stack_profile.2.gz
%doc %{_mandir}/man2/change_hat.2.gz
%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
%doc %{_mandir}/man2/aa_getcon.2.gz
%doc %{_mandir}/man2/aa_query_label.2.gz
%doc %{_mandir}/man3/aa_features.3.gz
%doc %{_mandir}/man3/aa_kernel_interface.3.gz
%doc %{_mandir}/man3/aa_policy_cache.3.gz
%doc %{_mandir}/man3/aa_splitcon.3.gz
%dir %{_includedir}/aalogparse
%{_includedir}/sys/apparmor.h
%{_includedir}/sys/apparmor_private.h
%{_includedir}/aalogparse/*
%files abstractions
%defattr(644,root,root,755)
%dir %{_sysconfdir}/apparmor.d/
@ -875,7 +825,7 @@ export DISABLE_RESTART_ON_UPDATE="yes"
%post profiles
%if %{distro} == "suse"
# workaround for bnc#904620#c8 / lp#1392042
rm -f /var/cache/apparmor/*
rm -f /var/lib/apparmor/cache/* 2>/dev/null
#restart_on_update boot.apparmor - but non-broken (bnc#853019)
# (copy&paste from parser postun script)
test -n "$FIRST_ARG" || FIRST_ARG=$1
@ -887,10 +837,6 @@ export DISABLE_RESTART_ON_UPDATE="yes"
fi
%endif
%post -n libapparmor1 -p /sbin/ldconfig
%postun -n libapparmor1 -p /sbin/ldconfig
%if %{with tomcat}
%post -n tomcat_apparmor -p /sbin/ldconfig

11
libapparmor.changes Normal file
View File

@ -0,0 +1,11 @@
-------------------------------------------------------------------
Sat Jan 28 21:40:11 UTC 2017 - suse-beta@cboltz.de
- split libapparmor into separate spec to get rid of build loop
involving mariadb, systemd, apparmor, libapr and mariadb again
(see the discussion in SR 448871 for details)
- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
with minimum BuildRequires

122
libapparmor.spec Normal file
View File

@ -0,0 +1,122 @@
#
# spec file for package libapparmor
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2011-2017 Christian Boltz
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: libapparmor
Version: 2.11.0
Release: 0
Summary: Utility library for AppArmor
License: LGPL-2.1+
Group: Development/Libraries/C and C++
Url: https://launchpad.net/apparmor
Source0: apparmor-%{version}.tar.gz
Source1: apparmor-%{version}.tar.gz.asc
BuildRequires: bison
BuildRequires: dejagnu
BuildRequires: flex
BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This package provides the libapparmor library, which contains the
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
well as functions to parse AppArmor log messages.
%package -n libapparmor1
Summary: Utility library for AppArmor
Group: Development/Libraries/C and C++
%ifarch ppc64
Obsoletes: libapparmor-64bit < 2.9
Provides: libapparmor-64bit = %{version}
%endif
Provides: libapparmor = %{version}
Obsoletes: libapparmor < 2.9
%description -n libapparmor1
This package provides the libapparmor library, which contains the
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
well as functions to parse AppArmor log messages.
%package -n libapparmor-devel
Summary: Development headers and libraries for libapparmor
Group: Development/Libraries/C and C++
Requires: libapparmor1 = %{version}
Provides: libapparmor:/usr/include/sys/apparmor.h
%description -n libapparmor-devel
These libraries are needed for developing software that makes use of the
AppArmor API.
%prep
%setup -q -n apparmor-%{version}
%build
(
cd ./libraries/libapparmor
%configure \
--without-perl \
--without-python \
--without-ruby \
make
)
%check
make check -C libraries/libapparmor
%install
%makeinstall -C libraries/libapparmor
# create symlink for old change_hat(2) manpage
( cd %{buildroot}/%{_mandir}/man2/ && ln -s aa_change_hat.2 change_hat.2 )
# remove *.la files
rm -fv %{buildroot}%{_libdir}/libapparmor.la
%post -n libapparmor1 -p /sbin/ldconfig
%postun -n libapparmor1 -p /sbin/ldconfig
%files -n libapparmor1
%defattr(-,root,root)
%{_libdir}/libapparmor.so.*
%files -n libapparmor-devel
%defattr(-,root,root)
%{_libdir}/libapparmor.a
%{_libdir}/libapparmor.so
%{_libdir}/pkgconfig/libapparmor.pc
%doc %{_mandir}/man2/aa_change_hat.2.gz
%doc %{_mandir}/man2/aa_change_profile.2.gz
%doc %{_mandir}/man2/aa_stack_profile.2.gz
%doc %{_mandir}/man2/change_hat.2.gz
%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
%doc %{_mandir}/man2/aa_getcon.2.gz
%doc %{_mandir}/man2/aa_query_label.2.gz
%doc %{_mandir}/man3/aa_features.3.gz
%doc %{_mandir}/man3/aa_kernel_interface.3.gz
%doc %{_mandir}/man3/aa_policy_cache.3.gz
%doc %{_mandir}/man3/aa_splitcon.3.gz
%dir %{_includedir}/aalogparse
%{_includedir}/sys/apparmor.h
%{_includedir}/sys/apparmor_private.h
%{_includedir}/aalogparse/*
%changelog

File diff suppressed because it is too large Load Diff