!23 [sync] PR-21: package pruning to minimize dependencies

From: @openeuler-sync-bot Reviewed-by: @gwei3 Signed-off-by: @gwei3
2024-04-24 09:52:04 +00:00 · 2024-04-24 09:52:04 +00:00 · b25678312b
commit b25678312b
parent 65ac68a7fe deff47403e
1 changed files with 37 additions and 23 deletions
--- a/crypto-policies.spec
+++ b/crypto-policies.spec
@ -4,7 +4,7 @@

 Name:           crypto-policies
 Version:        %{git_date}
-Release:        1.git%{git_commit_hash}
+Release:        2.git%{git_commit_hash}
 Summary:        Crypto policies package for Fedora

 License:        LGPLv2+
@ -82,6 +82,7 @@ make %{?_smp_mflags}

 %install
 mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/
+mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/
 mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/
 mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/state/
 mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/
@ -91,14 +92,21 @@ mkdir -p -m 755 %{buildroot}%{_bindir}

 make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install
 install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config
+touch %{buildroot}%{_sysconfdir}/crypto-policies/state/current
+touch %{buildroot}%{_sysconfdir}/crypto-policies/state/CURRENT.pol

 # Create back-end configs for mounting with read-only /etc/
 for d in LEGACY DEFAULT FUTURE FIPS ; do
+    mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d
    for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do
-        ln -s $(basename $f) $(dirname $f)/$(basename $f .txt).config
+        ln $f %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d/$(basename $f .txt).config
    done
 done

+for f in %{buildroot}%{_datarootdir}/crypto-policies/DEFAULT/* ; do
+    ln -sf %{_datarootdir}/crypto-policies/DEFAULT/$(basename $f) %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/$(basename $f .txt).config
+done
+
 %py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python

 %check
@ -109,10 +117,9 @@ sed -i '/\ GOST-ONLY\ /d' Makefile

 make check %{?_smp_mflags}

-%post
+%posttrans scripts
 %{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :

-
 %files

 %dir %{_sysconfdir}/crypto-policies/
@ -125,35 +132,40 @@ make check %{?_smp_mflags}

 %config(noreplace) %{_sysconfdir}/crypto-policies/config

-%ghost %{_sysconfdir}/crypto-policies/back-ends/gnutls.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/openssl.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/openssh.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/opensshserver.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/nss.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/bind.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/java.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/krb5.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/openjdk.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/javasystem.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/sequoia.config
-%ghost %{_sysconfdir}/crypto-policies/back-ends/rpm-sequoia.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssl.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssh.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/opensshserver.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/nss.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/bind.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/java.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/javasystem.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/sequoia.config
+%config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/rpm-sequoia.config
+
+%ghost %{_sysconfdir}/crypto-policies/state/current
+%ghost %{_sysconfdir}/crypto-policies/state/CURRENT.pol

-%{_bindir}/update-crypto-policies
 %{_mandir}/man7/crypto-policies.7*
-%{_mandir}/man8/update-crypto-policies.8*
 %{_datarootdir}/crypto-policies/LEGACY/*
 %{_datarootdir}/crypto-policies/DEFAULT/*
 %{_datarootdir}/crypto-policies/FUTURE/*
 %{_datarootdir}/crypto-policies/FIPS/*
 %{_datarootdir}/crypto-policies/EMPTY/*
+%{_datarootdir}/crypto-policies/back-ends/*
 %{_datarootdir}/crypto-policies/default-config
 %{_datarootdir}/crypto-policies/reload-cmds.sh
 %{_datarootdir}/crypto-policies/policies
-%{_datarootdir}/crypto-policies/python

 %files scripts
+%{_bindir}/update-crypto-policies
+%{_mandir}/man8/update-crypto-policies.8*
+%{_datarootdir}/crypto-policies/python
+
 %{_bindir}/fips-mode-setup
 %{_bindir}/fips-finish-install
 %{_mandir}/man8/fips-mode-setup.8*
@ -163,6 +175,9 @@ make check %{?_smp_mflags}
 %license COPYING.LESSER

 %changelog
+* Thu Mar 21 2024 duyiwei <duyiwei@kylinos.cn> - 20230614-2.git5f3458e
+- package pruning to minimize dependencies
+
 * Fri Jan 26 2024 yixiangzhike <yixiangzhike007@163.com> - 20230614-1.git5f3458e
 - update version to 20230614
  - DEFAULT policy drop DH<2048bits,TLS1.0,TLS1.1,SHA-1
@ -438,5 +453,4 @@ make check %{?_smp_mflags}
 - Updated spec based on comments by Petr Lautrbach.

 * Mon May 19 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-1-20140519gitf15621a
- Initial package build
-
+- Initial package build