Commit graph

24 commits

Author SHA1 Message Date
Stefano Brivio
dd23496619 fedora: Refresh SELinux labels in scriptlets, require -selinux package
Instead of:
  https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft

follow this:
  https://fedoraproject.org/wiki/PackagingDrafts/SELinux_Independent_Policy

which seems to make more sense and fixes the issue that, on a fresh
install, without a reboot, the file contexts for the binaries are not
actually updated.

In detail:

- labels are refreshed using the selinux_relabel_pre and
  selinux_relabel_post on install, upgrade, and uninstall

- use the selinux_modules_install and selinux_modules_uninstall
  macros, instead of calling 'semodule' directly (no functional
  changes in our case)

- require the -selinux package on SELinux-enabled environments and if
  the current system policy is "targeted"

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-03-17 08:26:07 +01:00
Stefano Brivio
70c0765b49 fedora: Install SELinux interface files to shared include directory
Link: https://github.com/fedora-selinux/selinux-policy/pull/1613
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-03-10 20:01:41 +01:00
Stefano Brivio
e23024ccff conf, log, Makefile: Add versioning information
Add a --version option displaying that, and also include this
information in the log files.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-10-15 02:10:28 +02:00
Stefano Brivio
e2cae8f1c3 fedora: Escape % characters in spec file's changelog
...rpmbuild otherwise expands valid macro names in changelog entries.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-07 11:01:22 +02:00
Stefano Brivio
7ce9fd165f fedora: Add selinux-policy Requires: tag
fedora-review says:

  Note: Directories without known owners:
  /usr/share/selinux/packages/passt, /usr/share/doc/passt,
  /usr/share/selinux, /usr/share/selinux/packages

and selinux-policy owns those two last ones.

While at it, split Requires: tags also for post and preun actions
onto different lines, for consistency.

Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-02 18:03:57 +02:00
Stefano Brivio
96dbaf4d96 fedora: Add %dir entries for own SELinux policy directory and documentation
fedora-review says:

  Note: No known owner of /usr/share/selinux/packages/passt,
  /usr/share/doc/passt

While at it, replace "passt" by "%{name}" in a few places for
consistency.

Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-02 17:55:23 +02:00
Stefano Brivio
63d1390229 fedora: Pass explicit bindir, mandir, docdir, and drop OpenSUSE override
Fedora's parameters currently match the ones from the Makefile (which
is based on GNU recommendations), but that's not necessarily
guaranteed.

This should make the OpenSUSE Tumbleweed override for docdir
unnecessary: drop it.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-30 19:17:48 +02:00
Stefano Brivio
345192ad84 fedora: Use full versioning for SELinux subpackage Requires: tag
...as recommended in:
  https://docs.fedoraproject.org/en-US/packaging-guidelines/#_requiring_base_package

Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-30 19:16:44 +02:00
Stefano Brivio
7e6617d227 fedora: Define git_hash in spec file and reuse it
...as it's used twice. The short version, however, appears hardcoded
only once in the output, and it comes straight from the rpkg macro
building the version string -- leave that macro as it is.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-30 19:16:44 +02:00
Stefano Brivio
cfc1984a96 fedora: Drop comment stating the spec file is an example file
...as this ends up in the actual spec file.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-30 19:16:44 +02:00
Stefano Brivio
6da2895cdf fedora: Drop SPDX identifier from spec file
...which makes it fall under MIT licensing terms. Daniel reports that
it's very unusual for spec files to contain explicit licensing terms
and might cause minor inconveniences later on, on mass changes to
spec files.

I originally added licensing information using SPDX identifiers to
make the project fully compliant with the REUSE Specification 3.0
(https://reuse.software/spec/), but there are anyway a few more files
not including explicit licensing information. It might be worth to
fix that later on, in any case.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-30 19:16:44 +02:00
Stefano Brivio
7aff403c1e fedora: Adopt versioning guideline for snapshots
The "Simple versioning" scheme:
  https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_simple_versioning

probably doesn't apply to passt, given that upstream git tags are
not really releases. Switch to the "Snapshots" versioning scheme:
  https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_snapshots

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-30 19:16:01 +02:00
Stefano Brivio
7b710946b1 Makefile: Use more GNU-style directory variables, explicit docdir for OpenSUSE
It turns out that, while on most distributions "docdir" would be
/usr/share/doc, it's /usr/share/doc/packages/ on OpenSUSE Tumbleweed.
Use an explicit docdir as shown in:
  https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto

and don't unnecessarily hardcode directory variables in the Makefile.
Otherwise, RPM builds for OpenSUSE will fail now that we have a README
there.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-21 22:25:51 +02:00
Stefano Brivio
662407de0f fedora: Fix man pages wildcards in spec file
If the man pages are not compressed, the current wildcards wouldn't
match them. Drop the trailing '.' from them.

Reported-by: Artur Frenszek-Iwicki <fedora@svgames.pl>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
fece3c7612 fedora: Don't hardcode CFLAGS setting, use %set_build_flags macro instead
This will also set any distribution-specific LDFLAGS. It's not needed
anymore starting from Fedora 36, but the package might be built on
other versions and distributions too (including e.g. CentOS Stream 8).

Reported-by: Artur Frenszek-Iwicki <fedora@svgames.pl>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
9652674abf fedora: Build SELinux subpackage as noarch
Otherwise, passt-selinux will be built separately for each supported
architecture.

Suggested-by: Artur Frenszek-Iwicki <fedora@svgames.pl>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
ebf9009361 fedora: Change source URL to HEAD link with explicit commit SHA
This is required as Fedora doesn't accept a temporary pointer to
a source URL.

Reported-by: Ralf Corsepius <rc040203@freenet.de>
Reported-by: Artur Frenszek-Iwicki <fedora@svgames.pl>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
31031d20e2 fedora: Drop VCS tag from spec file
It seems to be exposed by Koji (https://pagure.io/koji/issue/2541),
but it's not actually in use, so we have to drop that. The website
the URL tag points to reports all the needed information anyway.

Reported-by: Artur Frenszek-Iwicki <fedora@svgames.pl>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
7d0b29c477 fedora: Start Release tag from 1, not 0
...as specified by the Fedora Packaging Guidelines:
  https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_simple_versioning

Reported-by: Artur Frenszek-Iwicki <fedora@svgames.pl>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
41b5ff0a14 fedora: Introduce own rpkg macro for changelog
git_dir_changelog is useful in theory, but it requires pairs of
annotated tags, which should be generated by rpkg itself to make any
sense, implying a relatively heavyweight interaction whenever I want
to push a new package version.

Also, the default content of the changelog entries include the full
list of changes, but the Fedora Packaging Guidelines specifically
mention that:

  [t]hey must never simply contain an entire copy of the source
  CHANGELOG entries.

We don't have a CHANGELOG file, but the full git history is
conceptually equivalent for this purpose, I guess.

Introduce our own passt_git_changelog() rpkg macro, building
changelog entries, using tags in the form DATE-SHA, where DATE
is an ISO 8601 date representation, and SHA is a short (7-digits)
form of the head commit at a given moment (git push).

These changelog entries mention, specifically, changes to the
packaging information itself (entries under contrib/fedora), and
simply report a link to cgit for the ranges between tags.

Reported-by: Benson Muite <benson_muite@emailplus.org>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
d0c3f8fa9b fedora: Install "plain" README, instead of web version, and demo script
Suggested-by: Benson Muite <benson_muite@emailplus.org>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-20 19:07:12 +02:00
Stefano Brivio
fb59cfc909 contrib/fedora: Use pre-processing macros in spec file
...they seem to be supported by COPR now and make things simpler.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-06-08 09:43:48 +02:00
Stefano Brivio
bb8a7b8a2a contrib/fedora: Drop dashes from version
COPR doesn't like them, and I'm trying to build packages there now.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-06-07 17:06:09 +02:00
Stefano Brivio
81c2461408 contrib: Add example spec file for Fedora
...with SELinux package, too. Tested on Fedora 35, but it should
work on pretty much any version.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-30 05:52:39 +02:00