177 lines
4.7 KiB
RPMSpec
Executable File
177 lines
4.7 KiB
RPMSpec
Executable File
%define secconf_pck secpaver-secconf-1.0.0
|
|
Name: secpaver
|
|
Summary: Security policy development tool
|
|
Version: 1.0.2
|
|
Release: 15
|
|
License: MulanPSL-2.0
|
|
URL: https://gitee.com/openeuler/secpaver
|
|
Source: https://gitee.com/openeuler/secpaver/repository/archive/%{name}-%{version}.tar.gz
|
|
#source1 version sys@v0.0.0-20220908164124-27713097b956
|
|
Source1: sys.tar.gz
|
|
Source2: %{secconf_pck}.zip
|
|
|
|
Patch0001: dont-do-daemon-reload-in-make-install.patch
|
|
Patch0002: set-default-log-path.patch
|
|
Patch0003: support-clang-build.patch
|
|
Patch0004: fix-go-build-ref-cldflags.patch
|
|
Patch0005: remove-unused-socket.patch
|
|
|
|
%ifarch riscv64 loongarch64
|
|
Patch1000: 1000-fix-build-on-riscv64.patch
|
|
%endif
|
|
|
|
# secconf
|
|
Patch2000: Add-example-of-how-to-import-digest-list-when-using-.patch
|
|
Patch2001: fix-some-bugs.patch
|
|
Patch2002: restore-ima-selinux-type-when-perform-new-configurat.patch
|
|
Patch2003: extend-check_ima-to-check-whether-gen_ima-is-right.patch
|
|
Patch2004: add-the-wget-timeout-mechanism-and-optimize-the-dim-.patch
|
|
|
|
BuildRequires: golang make systemd
|
|
Requires: %{name}-plugin = %{version}-%{release}
|
|
|
|
%define debug_package %{nil}
|
|
|
|
%description
|
|
Security policy development tool
|
|
|
|
%package secconf
|
|
Summary: Security feature configuration hardening tool
|
|
License: MuLan PSL v2
|
|
|
|
%description secconf
|
|
Security feature configuration hardening tool
|
|
|
|
%package selinux
|
|
Summary: SELinux plugin for secPaver
|
|
License: MuLan PSL v2
|
|
BuildRequires: libselinux-devel libsepol-devel libsemanage-devel
|
|
Requires: %{name} = %{version}-%{release}
|
|
Requires: libselinux libsepol libsemanage checkpolicy policycoreutils
|
|
Provides: %{name}-plugin = %{version}-%{release}
|
|
|
|
%description selinux
|
|
SELinux plugin for secPaver.
|
|
|
|
%prep
|
|
%setup -n %{name}-%{version}
|
|
%ifarch loongarch64
|
|
rm -rf vendor/golang.org/x/sys
|
|
tar -xf %{SOURCE1} -C vendor/golang.org/x/
|
|
%endif
|
|
unzip %{SOURCE2}
|
|
%patch0001 -p1
|
|
%patch0002 -p1
|
|
%patch0003 -p1
|
|
%patch0004 -p1
|
|
%patch0005 -p1
|
|
|
|
%ifarch riscv64 loongarch64
|
|
%patch1000 -p1
|
|
%endif
|
|
# secconfg
|
|
cd ./%{secconf_pck}
|
|
%patch2000 -p1
|
|
%patch2001 -p1
|
|
%patch2002 -p1
|
|
%patch2003 -p1
|
|
%patch2004 -p1
|
|
|
|
%build
|
|
%make_build everything
|
|
cd ./%{secconf_pck}
|
|
make
|
|
|
|
%install
|
|
%make_install DESTDIR="%{buildroot}"
|
|
cd ./%{secconf_pck}
|
|
%make_install DESTDIR="%{buildroot}"
|
|
|
|
%check
|
|
cd ./%{secconf_pck}
|
|
make test
|
|
|
|
%files
|
|
%defattr(0600,root,root,0700)
|
|
%attr(0500,root,root) %{_bindir}/pav
|
|
%attr(0500,root,root) %{_bindir}/pavd
|
|
%dir %{_sysconfdir}/secpaver
|
|
%dir %{_sysconfdir}/secpaver/pavd
|
|
%dir %{_libdir}/secpaver
|
|
%dir %{_datadir}/secpaver
|
|
%dir %{_datadir}/secpaver/scripts
|
|
%dir %{_localstatedir}/local/secpaver
|
|
%dir %{_localstatedir}/local/secpaver/policies
|
|
%dir %{_localstatedir}/local/secpaver/projects
|
|
%config(noreplace) %{_sysconfdir}/secpaver/pavd/config.json
|
|
%{_unitdir}/pavd.service
|
|
|
|
%files selinux
|
|
%defattr(0600,root,root,0700)
|
|
%attr(0700,root,root) %{_libdir}/secpaver/selinux.so
|
|
%dir %{_localstatedir}/local/secpaver/policies/selinux
|
|
%dir %{_datadir}/secpaver/scripts/selinux
|
|
%{_datadir}/secpaver/scripts/selinux/config
|
|
%attr(0700,root,root) %{_datadir}/secpaver/scripts/selinux/*.sh
|
|
|
|
%files secconf
|
|
%defattr(0600,root,root,0700)
|
|
%attr(0500,root,root) %{_bindir}/sec_conf
|
|
%dir %{_datadir}/secpaver/scripts/sec_conf
|
|
%{_datadir}/secpaver/scripts/sec_conf/*
|
|
|
|
%post
|
|
%systemd_post pavd.service
|
|
|
|
%preun
|
|
%systemd_preun pavd.service
|
|
|
|
%postun
|
|
%systemd_postun_with_restart pavd.service
|
|
|
|
%changelog
|
|
* Tue Dec 10 2024 jinlun <jinlun@huawei.com> - 1.0.2-15
|
|
- fix some bugs
|
|
|
|
* Mon Dec 2 2024 xuce <xuce10@h-partners.com> - 1.0.2-14
|
|
- restore ima selinux type when perform new configuration
|
|
|
|
* Thu Nov 28 2024 xuce <xuce10@h-partners.com> - 1.0.2-13
|
|
- Add example of how to import digest list when using IMA appraise
|
|
|
|
* Mon Nov 25 2024 jinlun <jinlun@huawei.com> - 1.0.2-12
|
|
- add sec_conf feature
|
|
|
|
* Sun Jun 09 2024 yueyuankun <yueyuankun@kylinos.cn> - 1.0.2-11
|
|
- Fix build on loongarch64
|
|
|
|
* Sat Apr 13 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 1.0.2-10
|
|
- remove unused socket
|
|
|
|
* Mon Apr 8 2024 luofeng <luofeng13@huawei.com> - 1.0.2-9
|
|
- modify pav and pavd premission from 700 to 500
|
|
|
|
* Mon Apr 1 2024 luofeng <luofeng13@huawei.com> - 1.0.2-8
|
|
- fix go build ref C LDFLAGS
|
|
|
|
* Fri Mar 1 2024 luofeng <luofeng13@huawei.com> - 1.0.2-7
|
|
- support clang build
|
|
|
|
* Fri Sep 15 2023 misaka00251 <liuxin@iscas.ac.cn> - 1.0.2-6
|
|
- Fix build on riscv64
|
|
|
|
* Tue Jul 11 2023 huajingyun <huajingyun@loongson.cn> - 1.0.2-5
|
|
- Add loong64 support
|
|
|
|
* Mon Jan 16 2023 yangchenguang <yangchenguang@uniontech.com> - 1.0.2-4
|
|
- add buildrequires systemd for macros.systemd %{_unitdir}
|
|
|
|
* Tue Aug 16 2022 fushanqing <fushanqing@kylinos.cn> - 1.0.2-3
|
|
- Unified license name specification
|
|
|
|
* Thu Sep 30 2021 luhuaxin <1539327763@qq.com> - 1.0.2-2
|
|
- set default log path
|
|
|
|
* Thu Sep 30 2021 luhuaxin <1539327763@qq.com> - 1.0.2-1
|
|
- Package init
|