%define major 1 %define libnameold %mklibname selinux 1 %define libname %mklibname selinux %{major} %define libnamedevel %mklibname selinux -d %define libnamestaticdevel %mklibname selinux -d -s %define ruby_inc %(pkg-config --cflags ruby) %define libsepolver 3.4-1 Summary: SELinux library and simple utilities Name: libselinux Version: 3.4 Release: %mkrel 2 Group: System/Libraries License: Public Domain # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libselinux-3.4.tar.gz Source1: selinuxconlist.8 Source2: selinuxdefcon.8 Url: https://github.com/SELinuxProject/selinux/wiki # $ git clone https://github.com/fedora-selinux/selinux.git # $ cd selinux # $ git format-patch -N 3.4 -- libselinux # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch Patch0002: 0002-Revert-libselinux-restorecon-pin-file-to-avoid-TOCTO.patch # Patch list end BuildRequires: gcc make BuildRequires: ruby-devel ruby sepol-static-devel >= %{libsepolver} swig pcre2-devel xz-devel BuildRequires: python3 python3-devel BuildRequires: systemd Requires: libsepol%{?_isa} >= %{libsepolver} # Convert this require in mageia style #pcre2 %description Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API. %package -n %{libname} Summary: SELinux library and simple utilities Group: System/Libraries Requires(pre): filesystem >= 2.1.9 Requires: libselinux >= %{version}-%{release} Provides: selinux = %{version}-%{release} %description -n %{libname} libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API. %package -n %{libnamedevel} Summary: Development libraries and header files for %{name} Group: Development/C Requires(pre): filesystem >= 2.1.9 Requires: %{libname} = %{version}-%{release} Provides: libselinux-devel = %{version}-%{release} Provides: selinux-devel = %{version}-%{release} Obsoletes: %{libnameold}-devel < %{version}-%{release} %description -n %{libnamedevel} The selinux-devel package contains the libraries and header files needed for developing SELinux applications. %package -n %{libnamestaticdevel} Summary: Static development libraries for %{name} Group: Development/C Provides: selinux-static-devel = %{version}-%{release} Requires: %{libnamedevel} = %{version}-%{release} %description -n %{libnamestaticdevel} The selinux-static-devel package contains the static libraries needed for developing SELinux applications. %package utils Summary: SELinux libselinux utilities Requires: %{name}%{?_isa} = %{version}-%{release} %description utils The libselinux-utils package contains the utilities %package -n python3-libselinux Summary: SELinux python 3 bindings for libselinux Requires: %{name}%{?_isa} = %{version}-%{release} %{?python_provide:%python_provide python3-libselinux} # Remove before F30 Provides: %{name}-python3 = %{version}-%{release} Provides: %{name}-python3%{?_isa} = %{version}-%{release} Obsoletes: %{name}-python3 < %{version}-%{release} %description -n python3-libselinux The libselinux-python3 package contains python 3 bindings for developing SELinux applications. %package ruby Summary: SELinux ruby bindings for libselinux Requires: %{name}%{?_isa} = %{version}-%{release} Provides: ruby(selinux) %description ruby The libselinux-ruby package contains the ruby bindings for developing SELinux applications. %prep %autosetup -p 2 -n libselinux-%{version} %build export DISABLE_RPM="y" export USE_PCRE2="y" %set_build_flags CFLAGS="$CFLAGS -fno-semantic-interposition" # To support building the Python wrapper against multiple Python runtimes # Define a function, for how to perform a "build" of the python wrapper against # a specific runtime: BuildPythonWrapper() { BinaryName=$1 # Perform the build from the upstream Makefile: %make_build \ PYTHON=$BinaryName \ LIBDIR="%{_libdir}" \ pywrap } %make_build LIBDIR="%{_libdir}" swigify %make_build LIBDIR="%{_libdir}" all BuildPythonWrapper %{__python3} %make_build RUBYINC="%{ruby_inc}" SHLIBDIR="%{_libdir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" rubywrap %install InstallPythonWrapper() { BinaryName=$1 make \ PYTHON=$BinaryName \ DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" \ SHLIBDIR="%{_lib}" BINDIR="%{_bindir}" \ SBINDIR="%{_sbindir}" \ LIBSEPOLA="%{_libdir}/libsepol.a" \ install-pywrap } rm -rf %{buildroot} mkdir -p %{buildroot}%{_tmpfilesdir} mkdir -p %{buildroot}%{_libdir} mkdir -p %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_sbindir} install -d -m 0755 %{buildroot}%{_rundir}/setrans echo "d %{_rundir}/setrans 0755 root root" > %{buildroot}%{_tmpfilesdir}/libselinux.conf InstallPythonWrapper %{__python3} %make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" make DESTDIR="%{buildroot}" RUBYINSTALL=%{ruby_vendorarchdir} install-rubywrap # Nuke the files we don't want to distribute rm -f %{buildroot}%{_sbindir}/compute_* rm -f %{buildroot}%{_sbindir}/deftype rm -f %{buildroot}%{_sbindir}/execcon rm -f %{buildroot}%{_sbindir}/getenforcemode rm -f %{buildroot}%{_sbindir}/getfilecon rm -f %{buildroot}%{_sbindir}/getpidcon rm -f %{buildroot}%{_sbindir}/mkdircon rm -f %{buildroot}%{_sbindir}/policyvers rm -f %{buildroot}%{_sbindir}/setfilecon rm -f %{buildroot}%{_sbindir}/selinuxconfig rm -f %{buildroot}%{_sbindir}/selinuxdisable rm -f %{buildroot}%{_sbindir}/getseuser rm -f %{buildroot}%{_sbindir}/togglesebool rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist install -d %{buildroot}%{_mandir}/man8/ install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/ install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %ldconfig_scriptlets %files %license LICENSE %dir %ghost %attr(0755, root, root) %{_rundir}/setrans/ %{_tmpfilesdir}/libselinux.conf %files utils %{_sbindir}/avcstat %{_sbindir}/getenforce %{_sbindir}/getsebool %{_sbindir}/matchpathcon %{_sbindir}/sefcontext_compile %{_sbindir}/selinuxconlist %{_sbindir}/selinuxdefcon %{_sbindir}/selinuxexeccon %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/selabel_digest %{_sbindir}/selabel_lookup %{_sbindir}/selabel_lookup_best_match %{_sbindir}/selabel_partial_match %{_sbindir}/selinux_check_access %{_sbindir}/selabel_get_digests_all_partial_matches %{_sbindir}/validatetrans %{_mandir}/man5/* %{_mandir}/man8/* %{_mandir}/ru/man5/* %{_mandir}/ru/man8/* %files -n %{libname} %{_libdir}/libselinux.so.%{major} %files -n %{libnamedevel} %{_libdir}/libselinux.so %{_libdir}/pkgconfig/libselinux.pc %{_includedir}/selinux/ %{_mandir}/man3/* %files -n %{libnamestaticdevel} %{_libdir}/libselinux.a %files -n python3-libselinux %{python3_sitearch}/selinux/ %{python3_sitearch}/selinux-%{version}* %{python3_sitearch}/_selinux* %files ruby %{ruby_vendorarchdir}/selinux.so %changelog * Mon Oct 10 2022 wally <wally> 3.4-2.mga9 + Revision: 1896181 - loosen lib pkg requires - drop bogus conflicts * Mon Oct 10 2022 neoclust <neoclust> 3.4-1.mga9 + Revision: 1896132 - New version 3.4 * Fri Mar 25 2022 umeabot <umeabot> 3.2-0.rc1.8.mga9 + Revision: 1825988 - Mageia 9 Mass Rebuild * Fri Feb 25 2022 pterjan <pterjan> 3.2-0.rc1.7.mga9 + Revision: 1784568 - Rebuild for Ruby 3.1 * Mon Feb 21 2022 tv <tv> 3.2-0.rc1.6.mga9 + Revision: 1782177 - Rebuild for python-3.10 * Thu Mar 18 2021 neoclust <neoclust> 3.2-0.rc1.5.mga9 + Revision: 1704348 - Rebuild against python 3.9 * Fri Jan 29 2021 neoclust <neoclust> 3.2-0.rc1.4.mga8 + Revision: 1674004 - Versionnate Obsoletes * Fri Jan 29 2021 neoclust <neoclust> 3.2-0.rc1.3.mga8 + Revision: 1673986 - Obsoletes older libselinux python binding rpm * Fri Jan 29 2021 neoclust <neoclust> 3.2-0.rc1.2.mga8 + Revision: 1673957 - Remove conflicts, created cyclic deps * Fri Jan 29 2021 neoclust <neoclust> 3.2-0.rc1.1.mga8 + Revision: 1673947 - Re-mageiafy - New version 3.2-rc1 * Thu Apr 23 2020 joequant <joequant> 2.5-12.mga8 + Revision: 1571397 - remove python2 build for cauldron compile + umeabot <umeabot> - Mageia 8 Mass Rebuild * Tue Jan 08 2019 shlomif <shlomif> 2.5-10.mga7 + Revision: 1352769 - Rebuild for python3 3.7 * Sun Dec 02 2018 daviddavid <daviddavid> 2.5-9.mga7 + Revision: 1337437 - move _selinux.so to /usr/lib(64)/python*/site-packages * this should fix selinux-policy build failure * Sun Sep 23 2018 umeabot <umeabot> 2.5-8.mga7 + Revision: 1299138 - Mageia 7 Mass Rebuild * Sat Aug 05 2017 pterjan <pterjan> 2.5-7.mga7 + Revision: 1135259 - Rebuild for python 3.6 * Tue Jul 05 2016 spuhler <spuhler> 2.5-6.mga6 + Revision: 1039048 - added Obsoletes: python-selinux < %%{version}-%%{release} to make it upgrade from mga5 * Sat Apr 23 2016 tv <tv> 2.5-5.mga6 + Revision: 1005572 - provides libselinux-devel * Thu Mar 31 2016 luigiwalser <luigiwalser> 2.5-4.mga6 + Revision: 997252 - provide python-selinux * Wed Mar 02 2016 spuhler <spuhler> 2.5-3.mga6 + Revision: 983681 - changed names of python packages * Thu Feb 25 2016 spuhler <spuhler> 2.5-1.mga6 + Revision: 979145 - we still call python2 python - upgrade to vers. 2.5 - upgrade to vers. 2.5 * Tue Jan 19 2016 daviddavid <daviddavid> 2.4-2.mga6 + Revision: 925765 - add python3 package (python3-selinux) - use new python macros * Sun Nov 15 2015 spuhler <spuhler> 2.4-1.mga6 + Revision: 903136 - ugrade to vers. 2.4 * removed already incorporated patch * Fri Aug 21 2015 tmb <tmb> 2.3-5.mga6 + Revision: 867721 - rebuild for new gcc * Wed Oct 15 2014 umeabot <umeabot> 2.3-4.mga5 + Revision: 745403 - Second Mageia 5 Mass Rebuild * Sat Sep 27 2014 tv <tv> 2.3-3.mga5 + Revision: 726862 - rebuild for missing pythoneggs deps * Tue Sep 16 2014 umeabot <umeabot> 2.3-2.mga5 + Revision: 681773 - Mageia 5 Mass Rebuild * Sun Jun 15 2014 spuhler <spuhler> 2.3-1.mga5 + Revision: 636656 - upgrade to ver 2.3 * Sat May 31 2014 pterjan <pterjan> 2.2.2-2.mga5 + Revision: 628308 - Rebuild for new Python * Thu Feb 06 2014 spuhler <spuhler> 2.2.2-1.mga5 + Revision: 584805 - added BuildRequires: lzma-devel - upgrade to ver. 2.2.2 - rediffed patch * Sat Oct 19 2013 umeabot <umeabot> 2.1.13-2.mga4 + Revision: 535968 - Mageia 4 Mass Rebuild * Tue Feb 26 2013 spuhler <spuhler> 2.1.13-1.mga4 + Revision: 400401 - upgrade to 2.1.13 * audit2why: make sure path is nul terminated *utils: new file context regex compiler *label_file: use precompiled filecontext when possible *do not leak mmapfd *sefcontontext_compile: Add error handling to help debug problems in libsemanage. *man: make selinux.8 mention service man pages *audit2why: Fix segfault if finish() called twice *audit2why: do not leak on multiple init() calls *mode_to_security_class: interface to translate a mode_t in to a security class *audit2why: Cleanup audit2why analysys function *man: Fix program synopsis and function prototypes in man pages *man: Fix man pages formatting *man: Fix typo in man page *man: Add references and man page links to _raw function variants *Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions *man: context_new(3): fix the return value description *selinux_status_open: handle error from sysconf *selinux_status_open: do not leak statusfd on exec *Fix errors found by coverity *Change boooleans.subs to booleans.subs_dist. *optimize set*con functions *pkg-config do not specifc ruby version *unmap file contexts on selabel_close() *do not leak file contexts with mmap'd backend *sefcontext_compile: do not leak fd on error *matchmediacon: do not leak fd *src/label_android_property: do not leak fd on error - updated patch from rhat for 2.1.13 * Sat Jan 12 2013 umeabot <umeabot> 2.1.12-3.mga3 + Revision: 358137 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Sun Dec 02 2012 spuhler <spuhler> 2.1.12-2.mga3 + Revision: 324836 - reversed to filesystem >=2.1.9 for the time being * Sun Dec 02 2012 spuhler <spuhler> 2.1.12-1.mga3 + Revision: 324734 - added BuilRequires: pcre-devel - upgrade to 2.1.12 arranged spec file to make it build - added selinixdefcon file - added selinuxconlist file * Mon Sep 17 2012 fwang <fwang> 2.1.11-2.mga3 + Revision: 294805 - update file list - force regenerate symlink * Sat Jul 21 2012 colin <colin> 2.1.11-1.mga3 + Revision: 273164 - Add BuildRequire for swig - New version: 2.1.11 - Update for usrmove + tv <tv> - new release - new release * Fri Feb 11 2011 dmorgan <dmorgan> 2.0.78-3.mga1 + Revision: 50036 - Remove mdv macros - imported package libselinux * Fri Nov 12 2010 Funda Wang <fwang@mandriva.org> 2.0.78-3mdv2011.0 + Revision: 596436 - fix build * Sun Sep 13 2009 Thierry Vignaud <tv@mandriva.org> 2.0.78-2mdv2010.0 + Revision: 438737 - rebuild * Fri Mar 06 2009 Jérôme Soyer <saispo@mandriva.org> 2.0.78-1mdv2009.1 + Revision: 349887 - New upstream release * Thu Jan 15 2009 Jérôme Soyer <saispo@mandriva.org> 2.0.77-1mdv2009.1 + Revision: 329813 - New upstream release * Sun Jan 04 2009 Funda Wang <fwang@mandriva.org> 2.0.76-2mdv2009.1 + Revision: 324113 - rebuild * Sun Jan 04 2009 Jérôme Soyer <saispo@mandriva.org> 2.0.76-1mdv2009.1 + Revision: 324069 - New upstream release * Sun Jan 04 2009 Jérôme Soyer <saispo@mandriva.org> 2.0.65-1mdv2009.1 + Revision: 324051 - New upstream release * Fri Aug 08 2008 Thierry Vignaud <tv@mandriva.org> 2.0.61-2mdv2009.0 + Revision: 267992 - rebuild early 2009.0 package (before pixel changes) + Pixel <pixel@mandriva.com> - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers * Mon Apr 21 2008 David Walluck <walluck@mandriva.org> 2.0.61-1mdv2009.0 + Revision: 196090 - fix build - 2.0.61 * Wed Jan 02 2008 David Walluck <walluck@mandriva.org> 2.0.35-1mdv2008.1 + Revision: 140263 - 2.0.35 - tabs to spaces - enable parallel make + Thierry Vignaud <tv@mandriva.org> - kill re-definition of %%buildroot on Pixel's request * Tue Sep 04 2007 David Walluck <walluck@mandriva.org> 2.0.8-5mdv2008.0 + Revision: 79171 - fix Provides - fix major on Obsolete devel package * Mon Sep 03 2007 David Walluck <walluck@mandriva.org> 2.0.8-3mdv2008.0 + Revision: 78475 - move %%py_requires -d to python-selinux subpackage * Mon Sep 03 2007 David Walluck <walluck@mandriva.org> 2.0.8-2mdv2008.0 + Revision: 78469 - Obsoletes: %%{libname}-devel < %%{version}-%%{release} - fix static-devel Provides * Sun Sep 02 2007 David Walluck <walluck@mandriva.org> 2.0.8-1mdv2008.0 + Revision: 78367 - 2.0.8 - use python macros - new lib policy - do not use parallel make * Sat Aug 11 2007 David Walluck <walluck@mandriva.org> 1.28-2mdv2008.0 + Revision: 61847 - Provides: selinux-devel + Thierry Vignaud <tv@mandriva.org> - Import libselinux * Thu Dec 22 2005 Oden Eriksson <oeriksson@mandriva.com> 1.28-1mdk - 1.28 - fix deps - added the python-selinux sub package * Wed Mar 02 2005 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.21.11-1mdk - 1.21.11 * Thu Feb 17 2005 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.21.9-1mdk - 1.21.9 - sync with fedora patch * Tue Feb 01 2005 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.21.4-1mdk - 1.21.4 - drop useless provides * Thu Jan 13 2005 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.20.1-1mdk - 1.20.1 * Mon Jan 03 2005 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.19.4-1mdk - 1.19.4 * Fri Dec 10 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.19.3-1mdk - 1.19.3 - drop P0 * Thu Dec 02 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.19.1-1mdk - 1.19.1 - sync with fedora patch * Wed Nov 10 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.18-1mdk - 1.18 * Wed Aug 18 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.15.4-2mdk - fix provides * Wed Aug 18 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.15.4-1mdk - 1.15.4 - sync patch with fedora - drop useless-explicit-provides * Sun Jul 25 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.15.1-1mdk - 1.15.1 * Wed Jul 14 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.14.1-1mdk - 1.14.1 - drop P1 (merged upstream) * Tue Jun 29 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.13.4-1mdk - 1.13.4 - drop P0 (merged upstream) - add nlclass patch (P1 from fedora) * Wed Jun 16 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.13.3-1mdk - 1.13.3 - update P0 from fedora - add man pages * Thu Dec 18 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.4-1mdk - initial cooker contrib - ripped parts from fedora, but adapted for mandrake