From 65283a21d6b8ebbd12cac281e9a0044283e96497fd64584a6b16f0b8df1ee7cd Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 8 Mar 2024 07:51:51 +0000 Subject: [PATCH] Accepting request 1156260 from home:alarrosa:branches:GNOME:Factory - Add a flatpak-selinux subpackage that provides a SELinux policy module (boo#1220591). OBS-URL: https://build.opensuse.org/request/show/1156260 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=189 --- flatpak.changes | 6 ++++++ flatpak.spec | 46 +++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/flatpak.changes b/flatpak.changes index 6f937d0..04ac476 100644 --- a/flatpak.changes +++ b/flatpak.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Mar 7 11:21:12 UTC 2024 - Antonio Larrosa + +- Add a flatpak-selinux subpackage that provides a SELinux policy + module (boo#1220591). + ------------------------------------------------------------------- Tue Nov 14 19:34:15 UTC 2023 - Bjørn Lie diff --git a/flatpak.spec b/flatpak.spec index b66d2fb..26c338c 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -1,7 +1,7 @@ # # spec file for package flatpak # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,7 @@ # +%global selinuxtype targeted %define libname libflatpak0 %define bubblewrap_version 0.8.0 %define ostree_version 2020.8 @@ -60,6 +61,7 @@ BuildRequires: libgpgme-devel >= 1.1.8 BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: python3-pyparsing +BuildRequires: selinux-policy-devel BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools BuildRequires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version} @@ -94,6 +96,7 @@ Requires: bubblewrap >= %{bubblewrap_version} Requires: ostree >= %{ostree_version} Requires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version} Requires: xdg-desktop-portal >= 0.10 +Requires: (flatpak-selinux = %{version} if selinux-policy-%{selinuxtype}) Requires: user(flatpak) # Remove after openSUSE Leap 42 is out of scope Provides: xdg-app = %{version} @@ -160,8 +163,8 @@ more information. Summary: Add Flathub repository to system flatpak Group: System/Packages Requires: flatpak -Requires(postun):flatpak -Requires(postun):sed +Requires(postun): flatpak +Requires(postun): sed Supplements: flatpak BuildArch: noarch @@ -169,6 +172,20 @@ BuildArch: noarch Flathub is a widely used repository for Flatpak applications. This package adds the Flathub repository to the list of system flatpak remotes. +%package selinux +Summary: SELinux policy module for flatpak +Group: System Environment/Base +Requires: flatpak +BuildArch: noarch +%{?selinux_requires} + +%description selinux +flatpak is a system for building, distributing and running sandboxed desktop +applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for +more information. + +This package provides the SELinux policy module for flatpak. + %postun remote-flathub # upon uninstall if [ $1 == 0 ]; then @@ -199,6 +216,7 @@ sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-* --enable-documentation \ --enable-gtk-doc \ --with-wayland-security-context=yes \ + --with-selinux_module=yes \ %{nil} %make_build %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf @@ -263,6 +281,24 @@ fi %service_del_postun update-system-flatpaks.service %service_del_postun update-system-flatpaks.timer +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/flatpak.pp.bz2 + +%preun selinux +%selinux_relabel_pre -s %{selinuxtype} + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} flatpak + %selinux_relabel_post -s %{selinuxtype} +fi; + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} + %files -f %{name}.lang %license COPYING %{_bindir}/flatpak @@ -356,4 +392,8 @@ fi %files remote-flathub %config %{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo +%files selinux +%{_datadir}/selinux/devel/include/contrib/flatpak.if +%{_datadir}/selinux/packages/flatpak.pp.bz2 + %changelog