%bcond_without aesni
+%{!?_topdir:%define _topdir %(pwd)}
%define _vpp_build_dir build-tool-native
%define _unitdir /lib/systemd/system
-%define _topdir %(pwd)
%define _builddir %{_topdir}
%define _mu_build_dir %{_topdir}/%{name}-%{_version}/build-root
%define _vpp_tag %{getenv:TAG}
%{?systemd_requires}
+
+# SELinux Related definitions
+%global selinuxtype targeted
+%global moduletype services
+%global modulenames vpp-custom
+
+# Usage: _format var format
+# Expand 'modulenames' into various formats as needed
+# Format must contain '$x' somewhere to do anything useful
+%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
+
+# Relabel files
+%global relabel_files() \ # ADD files in *.fc file
+
+# Version of distribution SELinux policy package
+%global selinux_policyver 3.13.1-128.6.fc22
+
+
Name: vpp
Summary: Vector Packet Processing
License: ASL 2.0
Version: %{_version}
Release: %{_release}
-Requires: vpp-lib = %{_version}-%{_release}, net-tools, pciutils, python
+Requires: vpp-lib = %{_version}-%{_release}, vpp-selinux-policy = %{_version}-%{_release}, net-tools, pciutils, python
BuildRequires: systemd, chrpath
-BuildRequires: libffi-devel, openssl-devel
+BuildRequires: check, check-devel
%if 0%{?fedora} >= 26
-BuildRequires: python2-devel, python2-virtualenv
+BuildRequires: subunit, subunit-devel
+BuildRequires: compat-openssl10-devel
+BuildRequires: python2-devel, python2-virtualenv, python2-ply
+BuildRequires: mbedtls-devel
%else
%if 0%{?fedora} == 25
-BuildRequires: python-devel, python2-virtualenv
+BuildRequires: subunit, subunit-devel
+BuildRequires: openssl-devel
+BuildRequires: python-devel, python2-virtualenv, python2-ply
+BuildRequires: mbedtls-devel
%else
-BuildRequires: python-devel, python-virtualenv
+BuildREquires: openssl-devel
+BuildRequires: python-devel, python-virtualenv, python-ply
%endif
%endif
+BuildRequires: libffi-devel
BuildRequires: glibc-static, java-1.8.0-openjdk, java-1.8.0-openjdk-devel yum-utils, redhat-lsb
BuildRequires: apr-devel
-%if %{with aesni}
-BuildRequires: nasm
-%endif
BuildRequires: numactl-devel
BuildRequires: autoconf automake libtool byacc bison flex
+BuildRequires: boost boost-devel
+BuildRequires: selinux-policy selinux-policy-devel
Source: %{name}-%{_version}-%{_release}.tar.xz
# Source: vpp-latest.tar.xz
%package lib
Summary: VPP libraries
Group: System Environment/Libraries
+Requires: vpp-selinux-policy = %{_version}-%{_release}
%description lib
This package contains the VPP shared libraries, including:
%package plugins
Summary: Vector Packet Processing--runtime plugins
Group: System Environment/Libraries
-Requires: vpp = %{_version}-%{_release}
+Requires: vpp = %{_version}-%{_release} numactl-libs
%description plugins
This package contains VPP plugins
%description api-python
This package contains the python bindings for the vpp api
+%package selinux-policy
+Summary: VPP Security-Enhanced Linux (SELinux) policy
+Group: System Environment/Base
+Requires(post): selinux-policy-base >= %{selinux_policyver}, selinux-policy-targeted >= %{selinux_policyver}, policycoreutils, policycoreutils-python libselinux-utils
+
+%description selinux-policy
+This package contains a tailored VPP SELinux policy
+
%prep
%setup -q -n %{name}-%{_version}
make -C build-root PLATFORM=vpp AESNI=n TAG=%{_vpp_tag} install-packages
%endif
cd %{_mu_build_dir}/../src/vpp-api/python && %py2_build
+cd %{_mu_build_dir}/../extras/selinux && make -f %{_datadir}/selinux/devel/Makefile
%install
#
# Python bindings
cd %{_mu_build_dir}/../src/vpp-api/python && %py2_install
+# SELinux Policy
+# Install SELinux interfaces
+%_format INTERFACES %{_mu_build_dir}/../extras/selinux/$x.if
+install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 $INTERFACES \
+ %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+
+# Install policy modules
+%_format MODULES %{_mu_build_dir}/../extras/selinux/$x.pp
+install -d %{buildroot}%{_datadir}/selinux/packages
+install -m 0644 $MODULES \
+ %{buildroot}%{_datadir}/selinux/packages
+
#
# devel
#
install -p -m666 ${i} %{buildroot}%{python2_sitelib}/jvppgen
done;
+install -p -m 644 %{_mu_build_dir}/../src/tools/vppapigen/C.py %{buildroot}/usr/share/vpp
+install -p -m 644 %{_mu_build_dir}/../src/tools/vppapigen/JSON.py %{buildroot}/usr/share/vpp
+
# sample plugin
mkdir -p -m755 %{buildroot}/usr/share/doc/vpp/examples/sample-plugin/sample
#for file in $(cd %{_mu_build_dir}/%{_vpp_install_dir}/../../src/examples/sample-plugin && git ls-files .)
%{buildroot}/usr/share/doc/vpp/examples/sample-plugin/$file )
done
+# vppctl sockfile directory
+mkdir -p -m755 %{buildroot}%{_localstatedir}/run/vpp
+# vpp.log directory
+mkdir -p -m755 %{buildroot}%{_localstatedir}/log/vpp
#
# vpp-plugins
%preun
%systemd_preun vpp.service
+%post selinux-policy
+%_format MODULES %{_datadir}/selinux/packages/$x.pp
+if %{_sbindir}/selinuxenabled ; then
+ %{_sbindir}/semodule -n -X 400 -s %{selinuxtype} -i $MODULES
+ %{_sbindir}/load_policy
+ %relabel_files
+fi
+
+
%postun
%systemd_postun
if [ $1 -eq 0 ] ; then
echo "Upgrading package, dont' unbind interfaces"
fi
+%postun selinux-policy
+if [ $1 -eq 0 ]; then
+ %{_sbindir}/semodule -n -r %{modulenames}
+ if %{_sbindir}/selinuxenabled ; then
+ %{_sbindir}/load_policy
+ %relabel_files
+ fi
+fi
+
%files
%defattr(-,bin,bin)
%{_unitdir}/vpp.service
%config(noreplace) /etc/vpp/startup.conf
/usr/share/vpp/api/*
+%defattr(-,root,vpp)
+%{_localstatedir}/run/vpp*
+
+%defattr(-,root,root)
+%{_localstatedir}/log/vpp*
+
%files lib
%defattr(-,bin,bin)
+%global __requires_exclude_from %{_libdir}/librte_pmd_mlx[45]_glue\\.so.*$
%exclude %{_libdir}/vpp_plugins
%exclude %{_libdir}/vpp_api_test_plugins
%{_libdir}/*
%files api-python
%defattr(644,root,root)
-%{python2_sitelib}/vpp_papi*
+%{python2_sitelib}/vpp_*
+
+%files selinux-policy
+%defattr(-,root,root,0755)
+%attr(0644,root,root) %{_datadir}/selinux/packages/*.pp
+%attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/*.if
%files devel
%defattr(-,bin,bin)
%{_includedir}/*
%{python2_sitelib}/jvppgen/*
/usr/share/doc/vpp/examples/sample-plugin
+/usr/share/vpp
%files plugins
%defattr(-,bin,bin)