SHA256
1
0
forked from pool/permissions
permissions/permissions.spec
Johannes Segitz c6c0f68644 Accepting request 847754 from home:mgerstner:branches:Base:System
- Update to version 20201111:
  * squid: remove basic_pam_auth which doesn't need special perms (bsc#1171569)
  * mgetty: remove long dead (or never existing) locks directory (bsc#1171882)
  * adjust squid pinger path (bsc#1171569)
  * profiles: remove now superfluous squid pinger paths (bsc#1171569)
  * ksgrd_network_helper: remove obviously wrong path
  * etc/permissions: remove unnecessary, duplicate, outdated entries
  * chkstat: implement support for variables in profile paths in new
    variables.conf
  * man pages: add documentation about variables, update copyrights
  * profiles: use new variables feature to remove redundant entries
  * profiles: prepare /usr/sbin versions of profile entries (bsc#1029961)
  * Makefile: support CXXFLAGS and LDFLAGS override / extension via make/env variables (bsc#1178475)
  * Makefile: compile with LFO support to fix 32-bit emulation on 64-bit hosts (bsc#1178476)
  * README: added information about know limitations of this approach
- adjusted spec file:
  - package new variables.conf
  - apply %{optflags} correctly via CXXFLAGS variable
  - drop FSCAPS_DEFAULT_ENABLED which isn't recognized anymore by the
    refactored chkstat sources. This is now the default.

OBS-URL: https://build.opensuse.org/request/show/847754
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=289
2020-11-11 10:46:39 +00:00

137 lines
4.0 KiB
RPMSpec

#
# spec file for package permissions
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define VERSION_DATE 20201111
Name: permissions
Version: %{VERSION_DATE}.%{suse_version}
Release: 0
Summary: SUSE Linux Default Permissions
# Maintained in github by the security team.
License: GPL-2.0-or-later
Group: Productivity/Security
URL: http://github.com/openSUSE/permissions
Source: permissions-%{VERSION_DATE}.tar.xz
Source1: fix_version.sh
BuildRequires: gcc-c++
BuildRequires: libcap-devel
BuildRequires: libcap-progs
BuildRequires: tclap
# test suite
BuildRequires: python3-base
Requires: chkstat
Requires: permissions-config
Recommends: permissions-doc
Provides: aaa_base:%{_datadir}/permissions
%prep
%autosetup -n permissions-%{VERSION_DATE}
%build
make %{?_smp_mflags} CXXFLAGS="%{optflags}"
%install
%make_install fillupdir=%{_fillupdir}
%check
tests/regtest.py --skip-make > /dev/null
%description
Permission settings of files and directories depending on the local
security settings. The local security setting ("easy", "secure", or "paranoid")
can be configured in /etc/sysconfig/security.
This package does not contain files, it just requires the necessary packages.
%files
%package doc
Summary: SUSE Linux Default Permissions documentation
Group: Documentation/Man
Version: %{suse_version}_%{VERSION_DATE}
Release: 0
%description doc
Documentation for the permission files /usr/share/permissions/permissions*.
%files doc
%{_mandir}/man5/permissions.5%{ext_man}
%package config
Summary: SUSE Linux Default Permissions config files
Group: Productivity/Security
Version: %{suse_version}_%{VERSION_DATE}
Release: 0
Requires(post): %fillup_prereq
Requires(post): chkstat
#!BuildIgnore: group(trusted)
Requires(pre): group(trusted)
%description config
The actual permissions configuration files, /usr/share/permissions/permission.*.
%files config
%defattr(644, root, root, 755)
%dir %{_datadir}/permissions
%{_datadir}/permissions/permissions
%{_datadir}/permissions/permissions.easy
%{_datadir}/permissions/permissions.secure
%{_datadir}/permissions/permissions.paranoid
%{_datadir}/permissions/variables.conf
%config(noreplace) %{_sysconfdir}/permissions.local
%{_fillupdir}/sysconfig.security
%post config
%{fillup_only -n security}
# apply all potentially changed permissions
%{_bindir}/chkstat --system || :
%package -n chkstat
Summary: SUSE Linux Default Permissions tool
Group: Productivity/Security
Version: %{suse_version}_%{VERSION_DATE}
Release: 0
%description -n chkstat
Tool to check and set file permissions.
%files -n chkstat
%{_bindir}/chkstat
%{_mandir}/man8/chkstat.8%{ext_man}
%package -n permissions-zypp-plugin
BuildArch: noarch
Requires: permissions = %{VERSION_DATE}.%{suse_version}
Requires: python3-zypp-plugin
Requires: libzypp(plugin:commit) = 1
Summary: A zypper commit plugin for calling chkstat
Group: Productivity/Security
%description -n permissions-zypp-plugin
This package contains a plugin for zypper that calls `chkstat --system` after
new packages have been installed. This is helpful for maintaining custom
entries in /etc/permissions.local.
%files -n permissions-zypp-plugin
%dir /usr/lib/zypp
%dir /usr/lib/zypp/plugins
%dir /usr/lib/zypp/plugins/commit
/usr/lib/zypp/plugins/commit/permissions.py
%changelog