From eb899c7edbb7d8a35d512b201da17f0ab429c6b8 Mon Sep 17 00:00:00 2001
From: Tsu-ba-me <ynho.li.aa.e@gmail.com>
Date: Thu, 28 Mar 2024 11:54:51 -0400
Subject: [PATCH] build: always make SELinux relabel pre and post, correct
 (un)install syntax, add ghost

---
 anvil.spec.in | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/anvil.spec.in b/anvil.spec.in
index 75ae9621..8e1d4da5 100644
--- a/anvil.spec.in
+++ b/anvil.spec.in
@@ -5,10 +5,12 @@
 %define debug_package %{nil}
 %define anviluser     admin
 %define anvilgroup    admin
-%define selinuxtype   targeted
 %define suiapi        striker-ui-api
 
-%define selinuxdir    %{_datadir}/selinux/packages/%{selinuxtype}
+# selinux
+%define selinuxtype             targeted
+%define selinuxsubnodemodule    anvil-subnode
+%define selinuxdir              %{_datadir}/selinux/packages/%{selinuxtype}
 
 Name:           anvil
 Version:        @version@
@@ -237,6 +239,8 @@ rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
 
 %pre core
+%selinux_relabel_pre -s %{selinuxtype}
+
 if [ ! -d /usr/share/anvil ];
 then
     mkdir /usr/share/anvil
@@ -252,9 +256,8 @@ getent passwd %{anviluser} >/dev/null || useradd --create-home \
 # sed -i.anvil 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
 # setenforce 0
 #
-if [ $1 == 1 ]; then
-	%selinux_modules_install -s %{selinuxtype} -p 200 ${selinuxdir}/anvil-subnode.pp
-fi
+# Always try to install in-case of update
+%selinux_modules_install -s %{selinuxtype} -p 200 %{selinuxdir}/%{selinuxsubnodemodule}.pp
 
 # Enable and start the anvil-daemon
 ### TODO: check it if was disabled (if it existed before) and, if so, leave it disabled.
@@ -365,8 +368,9 @@ touch /etc/anvil/type.dr
 # echo "NOTE: Re-enabling SELinux."
 # sed -i.anvil 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
 # setenforce 1
+# Only uninstall the policy when the package is actually being removed
 if [ $1 == 0 ]; then
-	%selinux_modules_uninstall -s %{selinuxtype} -p 200 ${selinuxdir}/anvil-subnode.pp
+	%selinux_modules_uninstall -s %{selinuxtype} -p 200 %{selinuxsubnodemodule}
 fi
 
 %preun striker
@@ -413,6 +417,11 @@ then
 fi
 
 
+%posttrans core
+# Relabel in posttrans makes sure files are in-place
+%selinux_relabel_post -s %{selinuxtype}
+
+
 %files core
 %doc README.md
 %config(noreplace) %{_sysconfdir}/anvil/anvil.conf
@@ -424,7 +433,10 @@ fi
 %{_sysconfdir}/anvil/anvil.version
 %{_datadir}/perl5/*
 %{_mandir}/*
-%{selinuxdir}/*.pp
+
+# selinux
+%attr(0644, root, root) %{selinuxdir}/%{selinuxsubnodemodule}.pp
+%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{selinuxsubnodemodule}
 
 %files striker
 %{_localstatedir}/www/*/*