diff --git a/tpm2-abrmd-2.3.2.tar.gz b/tpm2-abrmd-2.3.2.tar.gz deleted file mode 100644 index cc92f93..0000000 Binary files a/tpm2-abrmd-2.3.2.tar.gz and /dev/null differ diff --git a/tpm2-abrmd-2.3.3.tar.gz b/tpm2-abrmd-2.3.3.tar.gz new file mode 100644 index 0000000..0d449c1 Binary files /dev/null and b/tpm2-abrmd-2.3.3.tar.gz differ diff --git a/tpm2-abrmd.spec b/tpm2-abrmd.spec index 47b766c..e2c4033 100644 --- a/tpm2-abrmd.spec +++ b/tpm2-abrmd.spec @@ -1,7 +1,7 @@ %global selinuxtype targeted Name: tpm2-abrmd -Version: 2.3.2 +Version: 2.3.3 Release: 1 Summary: A system daemon implementing the TPM2 access broker (TAB) & Resource Manager (RM) spec from the TCG License: BSD @@ -11,6 +11,7 @@ Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/% BuildRequires: systemd pkgconfig(cmocka) pkgconfig(dbus-1) pkgconfig(gio-unix-2.0) pkgconfig(tss2-mu) pkgconfig(tss2-sys) BuildRequires: tpm2-tss-devel libtool autoconf-archive libgcrypt libgcrypt-devel BuildRequires: chrpath +BuildRequires: selinux-policy-devel pkgconfig(systemd) # tpm2-abrmd depends on the package that contains itsSELinux policy module Requires: (%{name}-selinux >= 2.0.0-1 if selinux-policy-%{selinuxtype}) @@ -30,6 +31,18 @@ This package contains development library files, headers and config files of tpm %package_help +%package selinux +BuildArch: noarch +Summary: SELinux policies for tpm2-abrmd +Requires: selinux-policy >= 0.0.1 +Requires(post): selinux-policy-base >= 0.0.1 +Requires(post): libselinux-utils +Requires(post): policycoreutils +Requires(post): policycoreutils-python-utils + +%description selinux +This package contains SELinux policies for tpm2-abrmd + %prep %autosetup -p1 -n %{name}-%{version} @@ -37,10 +50,18 @@ This package contains development library files, headers and config files of tpm export GDBUS_CODEGEN="/usr/bin/gdbus-codegen" %configure --disable-static --disable-silent-rules \ --with-systemdsystemunitdir=%{_unitdir} \ - --with-systemdpresetdir=%{_presetdir} + --with-systemdpresetdir=%{_presetdir} \ + --with-sepolicy %make_build %install +pushd selinux +install -d %{buildroot}%{_datadir}/selinux/packages +install -d -p %{buildroot}%{_datadir}/selinux/devel/include/contrib +install -p -m 644 tabrmd.if %{buildroot}%{_datadir}/selinux/devel/include/contrib +install -m 0644 tabrmd.pp.bz2 %{buildroot}%{_datadir}/selinux/packages +popd + %make_install %delete_la_and_a @@ -54,6 +75,8 @@ echo "/usr/lib64/" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf make test %pre +%selinux_relabel_pre -s targeted + #add a user to sandbox the tpm2-abrmd daemon getent group tss >/dev/null || groupadd -g 59 -r tss getent passwd tss >/dev/null || \ @@ -67,11 +90,19 @@ exit 0 %post /sbin/ldconfig %systemd_post tpm2-abrmd.service +%selinux_modules_install -s targeted %{_datadir}/selinux/packages/tabrmd.pp.bz2 %postun /sbin/ldconfig %systemd_postun tpm2-abrmd.service +if [ $1 -eq 0 ]; then +%selinux_modules_uninstall -s targeted tabrmd +fi + +%posttrans +%selinux_relabel_post -s targeted + %files %defattr(-,root,root) %license LICENSE @@ -95,7 +126,19 @@ exit 0 %{_mandir}/man7/*.7.gz %{_mandir}/man8/*.8.gz +%files selinux +%defattr(-,root,root) +%license LICENSE +%{_datadir}/selinux/devel/include/contrib/tabrmd.if +%{_datadir}/selinux/packages/tabrmd.pp.bz2 + %changelog +* Mon Aug 31 2020 Hugel - 2.3.3-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: update to 2.3.3 + * Thu Jul 30 2020 linwei - 2.3.2-1 - Type:enhancement - ID:NA