Accepting request 1091266 from home:aplanas:branches:security

- Recommends the IMA Policy subpackage only if SELinux is configured

OBS-URL: https://build.opensuse.org/request/show/1091266
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=56

rust-keylime.changes

@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
 Wed Jun  7 09:08:22 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
 
-- Make systemd skip the ima-policy load, and use only the service
+- Recommends the IMA Policy subpackage only if SELinux is configured
 
 -------------------------------------------------------------------
 Mon Jun 05 08:41:33 UTC 2023 - aplanas@suse.com

rust-keylime.spec

@@ -51,7 +51,7 @@ BuildRequires:  tpm2-0-tss-devel
 Requires:       libtss2-tcti-device0
 Requires:       logrotate
 Requires:       tpm2.0-abrmd
-Recommends:     keylime-ima-policy
+Recommends:     (keylime-ima-policy if selinux-policy-targeted)
 Provides:       user(keylime)
 %sysusers_requires
 # Disable this line if you wish to support all platforms.  In most
@@ -102,8 +102,6 @@ install -d %{buildroot}%{_libexecdir}/keylime
 mkdir -p %{buildroot}%{_sharedstatedir}/keylime/cv_ca
 
 install -Dpm 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ima/ima-policy
-# TODO: for now we make systemd to not load the policy
-mv %{buildroot}%{_sysconfdir}/ima/ima-policy %{buildroot}%{_sysconfdir}/ima/ima-policy.POST-SYSTEMD
 install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service
 
 # %_check
@@ -148,7 +146,7 @@ install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service
 
 %files -n keylime-ima-policy
 %dir %attr(0750,root,root) %{_sysconfdir}/ima
-%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/ima/ima-policy.POST-SYSTEMD
+%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/ima/ima-policy
 %{_unitdir}/ima-policy.service
 
 %changelog