# # spec file for package permissions # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define VERSION_DATE 20200506 Name: permissions Version: %{VERSION_DATE}.%{suse_version} Release: 0 Summary: SUSE Linux Default Permissions # Maintained in github by the security team. License: GPL-2.0-or-later Group: Productivity/Security URL: http://github.com/openSUSE/permissions Source: permissions-%{VERSION_DATE}.tar.xz Source1: fix_version.sh BuildRequires: gcc-c++ BuildRequires: libcap-devel BuildRequires: libcap-progs Requires: chkstat Requires: permissions-config Recommends: permissions-doc Provides: aaa_base:%{_datadir}/permissions %prep %setup -q -n permissions-%{VERSION_DATE} %build make %{?_smp_mflags} CFLAGS="-W -Wall %{optflags}" FSCAPS_DEFAULT_ENABLED=0 %install %make_install fillupdir=%{_fillupdir} # regression tests disabled for the moment, needs adjustment for the new /usr/share world #%check #tests/regtest.py %description Permission settings of files and directories depending on the local security settings. The local security setting ("easy", "secure", or "paranoid") can be configured in /etc/sysconfig/security. This package does not contain files, it just requires the necessary packages. %files %package doc Summary: SUSE Linux Default Permissions documentation Group: Documentation/Man Version: %{suse_version}_%{VERSION_DATE} Release: 0 %description doc Documentation for the permission files /usr/share/permissions/permissions*. %files doc %{_mandir}/man5/permissions.5%{ext_man} %package config Summary: SUSE Linux Default Permissions config files Group: Productivity/Security Version: %{suse_version}_%{VERSION_DATE} Release: 0 Requires(post): %fillup_prereq Requires(post): chkstat #!BuildIgnore: group(trusted) Requires(pre): group(trusted) %description config The actual permissions configuration files, /usr/share/permissions/permission.*. %files config %defattr(644, root, root, 755) %dir %{_datadir}/permissions %{_datadir}/permissions/permissions %{_datadir}/permissions/permissions.easy %{_datadir}/permissions/permissions.secure %{_datadir}/permissions/permissions.paranoid %config(noreplace) %{_sysconfdir}/permissions.local %{_fillupdir}/sysconfig.security %post config %{fillup_only -n security} # apply all potentially changed permissions %{_bindir}/chkstat --system || : %package -n chkstat Summary: SUSE Linux Default Permissions tool Group: Productivity/Security Version: %{suse_version}_%{VERSION_DATE} Release: 0 %description -n chkstat Tool to check and set file permissions. %files -n chkstat %{_bindir}/chkstat %{_mandir}/man8/chkstat.8%{ext_man} %package -n permissions-zypp-plugin BuildArch: noarch Requires: permissions = %{VERSION_DATE}.%{suse_version} Requires: python3-zypp-plugin Requires: libzypp(plugin:commit) = 1 Summary: A zypper commit plugin for calling chkstat Group: Productivity/Security %description -n permissions-zypp-plugin This package contains a plugin for zypper that calls `chkstat --system` after new packages have been installed. This is helpful for maintaining custom entries in /etc/permissions.local. %files -n permissions-zypp-plugin %dir /usr/lib/zypp %dir /usr/lib/zypp/plugins %dir /usr/lib/zypp/plugins/commit /usr/lib/zypp/plugins/commit/permissions.py %changelog