Name: security-manager
Summary: Security manager and utilities
-Version: 0.1.0
+Version: 0.2.0
Release: 1
Group: Security/Service
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
Source1: security-manager.manifest
Source3: libsecurity-manager-client.manifest
+Requires: security-manager-policy
+Requires(post): smack
BuildRequires: cmake
BuildRequires: zip
-BuildRequires: pkgconfig(dlog)
BuildRequires: libattr-devel
-BuildRequires: libcap-devel
BuildRequires: pkgconfig(libsmack)
-BuildRequires: pkgconfig(libprivilege-control)
+BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libsystemd-daemon)
+BuildRequires: pkgconfig(libsystemd-journal)
+BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(db-util)
+BuildRequires: pkgconfig(cynara-admin)
+BuildRequires: pkgconfig(cynara-client)
BuildRequires: boost-devel
%{?systemd_requires}
%description -n libsecurity-manager-client-devel
Development files needed for using the security manager client
+%package policy
+Summary: Security manager policy
+Group: Security/Access Control
+Requires(post): security-manager = %{version}-%{release}
+Requires(post): cyad
+
+%description policy
+Set of security rules that constitute security policy in the system
+
%prep
%setup -q
cp %{SOURCE1} .
export LDFLAGS+="-Wl,--rpath=%{_libdir}"
%cmake . -DVERSION=%{version} \
+ -DBIN_INSTALL_DIR=%{_bindir} \
+ -DDB_INSTALL_DIR=%{TZ_SYS_DB} \
+ -DSYSTEMD_INSTALL_DIR=%{_unitdir} \
-DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \
-DCMAKE_VERBOSE_MAKEFILE=ON
make %{?jobs:-j%jobs}
%install
rm -rf %{buildroot}
-mkdir -p %{buildroot}/usr/share/license
-cp LICENSE %{buildroot}/usr/share/license/%{name}
-cp LICENSE %{buildroot}/usr/share/license/libsecurity-manager-client
-mkdir -p %{buildroot}/etc/smack/
-cp app-rules-template.smack %{buildroot}/etc/smack/
+mkdir -p %{buildroot}%{_datadir}/license
+cp LICENSE %{buildroot}%{_datadir}/license/%{name}
+cp LICENSE %{buildroot}%{_datadir}/license/libsecurity-manager-client
%make_install
-mkdir -p %{buildroot}/usr/lib/systemd/system/multi-user.target.wants
-mkdir -p %{buildroot}/usr/lib/systemd/system/sockets.target.wants
-ln -s ../security-manager.service %{buildroot}/usr/lib/systemd/system/multi-user.target.wants/security-manager.service
-ln -s ../security-manager-installer.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-manager-installer.socket
+mkdir -p %{buildroot}/%{_unitdir}/sockets.target.wants
+ln -s ../security-manager.socket %{buildroot}/%{_unitdir}/sockets.target.wants/security-manager.socket
%clean
rm -rf %{buildroot}
%post
+/sbin/ldconfig
systemctl daemon-reload
if [ $1 = 1 ]; then
# installation
# update
systemctl restart security-manager.service
fi
+chsmack -a System %{TZ_SYS_DB}/.security-manager.db
+chsmack -a System %{TZ_SYS_DB}/.security-manager.db-journal
%preun
if [ $1 = 0 ]; then
fi
%postun
+/sbin/ldconfig
if [ $1 = 0 ]; then
# unistall
systemctl daemon-reload
%postun -n libsecurity-manager-client -p /sbin/ldconfig
+%post policy
+%{_bindir}/security-manager-policy-reload
+
%files -n security-manager
%manifest security-manager.manifest
%defattr(-,root,root,-)
-%attr(755,root,root) /usr/bin/security-manager
+%attr(755,root,root) %{_bindir}/security-manager
+%attr(755,root,root) %{_bindir}/security-manager-cmd
+%attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/50_security-manager-add.post
+%attr(755,root,root) %{_sysconfdir}/gumd/userdel.d/50_security-manager-remove.pre
+
%{_libdir}/libsecurity-manager-commons.so.*
-%attr(-,root,root) /usr/lib/systemd/system/multi-user.target.wants/security-manager.service
-%attr(-,root,root) /usr/lib/systemd/system/security-manager.service
-%attr(-,root,root) /usr/lib/systemd/system/security-manager.target
-%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-manager-installer.socket
-%attr(-,root,root) /usr/lib/systemd/system/security-manager-installer.socket
-%attr(-,root,root) /etc/smack/app-rules-template.smack
+%attr(-,root,root) %{_unitdir}/security-manager.*
+%attr(-,root,root) %{_unitdir}/sockets.target.wants/security-manager.*
+%config(noreplace) %attr(0600,root,root) %{TZ_SYS_DB}/.security-manager.db
+%config(noreplace) %attr(0600,root,root) %{TZ_SYS_DB}/.security-manager.db-journal
%{_datadir}/license/%{name}
%files -n libsecurity-manager-client
%{_libdir}/libsecurity-manager-commons.so
%{_includedir}/security-manager/security-manager.h
%{_libdir}/pkgconfig/security-manager.pc
+
+%files -n security-manager-policy
+%manifest %{name}.manifest
+%{_datadir}/security-manager/policy
+%attr(755,root,root) %{_bindir}/security-manager-policy-reload
projects / platform / core / security / security-manager.git / blobdiff