build: always make SELinux relabel pre and post, correct (un)install syntax, add ghost

main
Tsu-ba-me 9 months ago
parent 11fd4098c4
commit eb899c7edb
  1. 24
      anvil.spec.in

@ -5,9 +5,11 @@
%define debug_package %{nil} %define debug_package %{nil}
%define anviluser admin %define anviluser admin
%define anvilgroup admin %define anvilgroup admin
%define selinuxtype targeted
%define suiapi striker-ui-api %define suiapi striker-ui-api
# selinux
%define selinuxtype targeted
%define selinuxsubnodemodule anvil-subnode
%define selinuxdir %{_datadir}/selinux/packages/%{selinuxtype} %define selinuxdir %{_datadir}/selinux/packages/%{selinuxtype}
Name: anvil Name: anvil
@ -237,6 +239,8 @@ rm -rf %{buildroot}
make install DESTDIR=%{buildroot} make install DESTDIR=%{buildroot}
%pre core %pre core
%selinux_relabel_pre -s %{selinuxtype}
if [ ! -d /usr/share/anvil ]; if [ ! -d /usr/share/anvil ];
then then
mkdir /usr/share/anvil mkdir /usr/share/anvil
@ -252,9 +256,8 @@ getent passwd %{anviluser} >/dev/null || useradd --create-home \
# sed -i.anvil 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config # sed -i.anvil 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
# setenforce 0 # setenforce 0
# #
if [ $1 == 1 ]; then # Always try to install in-case of update
%selinux_modules_install -s %{selinuxtype} -p 200 ${selinuxdir}/anvil-subnode.pp %selinux_modules_install -s %{selinuxtype} -p 200 %{selinuxdir}/%{selinuxsubnodemodule}.pp
fi
# Enable and start the anvil-daemon # Enable and start the anvil-daemon
### TODO: check it if was disabled (if it existed before) and, if so, leave it disabled. ### TODO: check it if was disabled (if it existed before) and, if so, leave it disabled.
@ -365,8 +368,9 @@ touch /etc/anvil/type.dr
# echo "NOTE: Re-enabling SELinux." # echo "NOTE: Re-enabling SELinux."
# sed -i.anvil 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config # sed -i.anvil 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
# setenforce 1 # setenforce 1
# Only uninstall the policy when the package is actually being removed
if [ $1 == 0 ]; then if [ $1 == 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} -p 200 ${selinuxdir}/anvil-subnode.pp %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{selinuxsubnodemodule}
fi fi
%preun striker %preun striker
@ -413,6 +417,11 @@ then
fi fi
%posttrans core
# Relabel in posttrans makes sure files are in-place
%selinux_relabel_post -s %{selinuxtype}
%files core %files core
%doc README.md %doc README.md
%config(noreplace) %{_sysconfdir}/anvil/anvil.conf %config(noreplace) %{_sysconfdir}/anvil/anvil.conf
@ -424,7 +433,10 @@ fi
%{_sysconfdir}/anvil/anvil.version %{_sysconfdir}/anvil/anvil.version
%{_datadir}/perl5/* %{_datadir}/perl5/*
%{_mandir}/* %{_mandir}/*
%{selinuxdir}/*.pp
# selinux
%attr(0644, root, root) %{selinuxdir}/%{selinuxsubnodemodule}.pp
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{selinuxsubnodemodule}
%files striker %files striker
%{_localstatedir}/www/*/* %{_localstatedir}/www/*/*

Loading…
Cancel
Save