From c727b184bcdce1265d3decd7cd08b285491c9083146455a149210ef39e408e88 Mon Sep 17 00:00:00 2001
From: Alberto Planas Dominguez <aplanas@suse.com>
Date: Wed, 7 Jun 2023 12:24:09 +0000
Subject: [PATCH] Accepting request 1091266 from home:aplanas:branches:security

- Recommends the IMA Policy subpackage only if SELinux is configured

OBS-URL: https://build.opensuse.org/request/show/1091266
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=56
---
 rust-keylime.changes | 2 +-
 rust-keylime.spec    | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/rust-keylime.changes b/rust-keylime.changes
index b54a50f..e55a7b8 100644
--- a/rust-keylime.changes
+++ b/rust-keylime.changes
@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
 Wed Jun  7 09:08:22 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
 
-- Make systemd skip the ima-policy load, and use only the service
+- Recommends the IMA Policy subpackage only if SELinux is configured
 
 -------------------------------------------------------------------
 Mon Jun 05 08:41:33 UTC 2023 - aplanas@suse.com
diff --git a/rust-keylime.spec b/rust-keylime.spec
index 158d6da..6e5f2d5 100644
--- a/rust-keylime.spec
+++ b/rust-keylime.spec
@@ -51,7 +51,7 @@ BuildRequires:  tpm2-0-tss-devel
 Requires:       libtss2-tcti-device0
 Requires:       logrotate
 Requires:       tpm2.0-abrmd
-Recommends:     keylime-ima-policy
+Recommends:     (keylime-ima-policy if selinux-policy-targeted)
 Provides:       user(keylime)
 %sysusers_requires
 # Disable this line if you wish to support all platforms.  In most
@@ -102,8 +102,6 @@ install -d %{buildroot}%{_libexecdir}/keylime
 mkdir -p %{buildroot}%{_sharedstatedir}/keylime/cv_ca
 
 install -Dpm 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ima/ima-policy
-# TODO: for now we make systemd to not load the policy
-mv %{buildroot}%{_sysconfdir}/ima/ima-policy %{buildroot}%{_sysconfdir}/ima/ima-policy.POST-SYSTEMD
 install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service
 
 # %_check
@@ -148,7 +146,7 @@ install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service
 
 %files -n keylime-ima-policy
 %dir %attr(0750,root,root) %{_sysconfdir}/ima
-%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/ima/ima-policy.POST-SYSTEMD
+%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/ima/ima-policy
 %{_unitdir}/ima-policy.service
 
 %changelog