X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=extras%2Frpm%2Fvpp.spec;h=c6951bf4fabfaedf4ec70437e22c77142420f2da;hb=a7564e8004fd6d9a63eb0605f752f27a71403645;hp=b200df7ee8276e526940f34806bec8c8c0a5a9b6;hpb=b8bbd6521fbab6579e4c571f61489f995f56bc78;p=vpp.git diff --git a/extras/rpm/vpp.spec b/extras/rpm/vpp.spec index b200df7ee82..c6951bf4fab 100644 --- a/extras/rpm/vpp.spec +++ b/extras/rpm/vpp.spec @@ -1,10 +1,9 @@ %bcond_without aesni +%{!?_topdir:%define _topdir %(pwd)} %define _vpp_build_dir build-tool-native %define _unitdir /lib/systemd/system -%define _topdir %(pwd) %define _builddir %{_topdir} -%define _tmp_build_dir %{name}-%{_version}.0 -%define _mu_build_dir %{_topdir}/%{_tmp_build_dir}/build-root +%define _mu_build_dir %{_topdir}/%{name}-%{_version}/build-root %define _vpp_tag %{getenv:TAG} %if "%{_vpp_tag}" == "" %define _vpp_tag vpp @@ -24,25 +23,46 @@ %{?systemd_requires} + +# SELinux Related definitions +%global selinuxtype targeted +%global moduletype services +%global modulenames vpp-custom + +# Usage: _format var format +# Expand 'modulenames' into various formats as needed +# Format must contain '$x' somewhere to do anything useful +%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; + +# Relabel files +%global relabel_files() \ # ADD files in *.fc file + +# Version of distribution SELinux policy package +%global selinux_policyver 3.13.1-128.6.fc22 + + Name: vpp Summary: Vector Packet Processing License: ASL 2.0 Version: %{_version} Release: %{_release} -Requires: vpp-lib = %{_version}-%{_release}, net-tools, pciutils, python +Requires: vpp-lib = %{_version}-%{_release}, vpp-selinux-policy = %{_version}-%{_release}, net-tools, pciutils, python BuildRequires: systemd, chrpath BuildRequires: check, check-devel -BuildRequires: subunit, subunit-devel %if 0%{?fedora} >= 26 +BuildRequires: subunit, subunit-devel BuildRequires: compat-openssl10-devel -BuildRequires: python2-devel, python2-virtualenv +BuildRequires: python2-devel, python2-virtualenv, python2-ply +BuildRequires: mbedtls-devel %else %if 0%{?fedora} == 25 +BuildRequires: subunit, subunit-devel BuildRequires: openssl-devel -BuildRequires: python-devel, python2-virtualenv +BuildRequires: python-devel, python2-virtualenv, python2-ply +BuildRequires: mbedtls-devel %else BuildREquires: openssl-devel -BuildRequires: python-devel, python-virtualenv +BuildRequires: python-devel, python-virtualenv, python-ply %endif %endif BuildRequires: libffi-devel @@ -51,6 +71,7 @@ BuildRequires: apr-devel BuildRequires: numactl-devel BuildRequires: autoconf automake libtool byacc bison flex BuildRequires: boost boost-devel +BuildRequires: selinux-policy selinux-policy-devel Source: %{name}-%{_version}-%{_release}.tar.xz # Source: vpp-latest.tar.xz @@ -64,6 +85,7 @@ vpp_json_test - vector packet engine JSON test tool %package lib Summary: VPP libraries Group: System Environment/Libraries +Requires: vpp-selinux-policy = %{_version}-%{_release} %description lib This package contains the VPP shared libraries, including: @@ -91,7 +113,7 @@ vppinfra %package plugins Summary: Vector Packet Processing--runtime plugins Group: System Environment/Libraries -Requires: vpp = %{_version}-%{_release} +Requires: vpp = %{_version}-%{_release} numactl-libs %description plugins This package contains VPP plugins @@ -119,21 +141,22 @@ Requires: vpp = %{_version}-%{_release}, vpp-lib = %{_version}-%{_release}, pyth %description api-python This package contains the python bindings for the vpp api +%package selinux-policy +Summary: VPP Security-Enhanced Linux (SELinux) policy +Group: System Environment/Base +Requires(post): selinux-policy-base >= %{selinux_policyver}, selinux-policy-targeted >= %{selinux_policyver}, policycoreutils, policycoreutils-python libselinux-utils + +%description selinux-policy +This package contains a tailored VPP SELinux policy + %prep -# Unpack into dir with longer name as work around of debugedit bug in in rpm-build 4.13 -rm -rf %{name}-%{_version} -rm -rf %{_tmp_build_dir} -/usr/bin/xz -dc '%{_sourcedir}/%{name}-%{_version}-%{_release}.tar.xz' | /usr/bin/tar -xf - -mv %{name}-%{_version} %{_tmp_build_dir} -cd '%{_tmp_build_dir}' -/usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . +%setup -q -n %{name}-%{_version} %pre # Add the vpp group groupadd -f -r vpp %build -cd '%{_tmp_build_dir}' %if %{with aesni} make bootstrap make -C build-root PLATFORM=vpp TAG=%{_vpp_tag} install-packages @@ -142,6 +165,7 @@ cd '%{_tmp_build_dir}' make -C build-root PLATFORM=vpp AESNI=n TAG=%{_vpp_tag} install-packages %endif cd %{_mu_build_dir}/../src/vpp-api/python && %py2_build +cd %{_mu_build_dir}/../extras/selinux && make -f %{_datadir}/selinux/devel/Makefile %install # @@ -207,6 +231,19 @@ done # Python bindings cd %{_mu_build_dir}/../src/vpp-api/python && %py2_install +# SELinux Policy +# Install SELinux interfaces +%_format INTERFACES %{_mu_build_dir}/../extras/selinux/$x.if +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} +install -p -m 644 $INTERFACES \ + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} + +# Install policy modules +%_format MODULES %{_mu_build_dir}/../extras/selinux/$x.pp +install -d %{buildroot}%{_datadir}/selinux/packages +install -m 0644 $MODULES \ + %{buildroot}%{_datadir}/selinux/packages + # # devel # @@ -228,6 +265,9 @@ for i in $(ls %{_mu_build_dir}/../src/vpp-api/java/jvpp/gen/jvppgen/*.py); do install -p -m666 ${i} %{buildroot}%{python2_sitelib}/jvppgen done; +install -p -m 644 %{_mu_build_dir}/../src/tools/vppapigen/C.py %{buildroot}/usr/share/vpp +install -p -m 644 %{_mu_build_dir}/../src/tools/vppapigen/JSON.py %{buildroot}/usr/share/vpp + # sample plugin mkdir -p -m755 %{buildroot}/usr/share/doc/vpp/examples/sample-plugin/sample #for file in $(cd %{_mu_build_dir}/%{_vpp_install_dir}/../../src/examples/sample-plugin && git ls-files .) @@ -237,6 +277,10 @@ do %{buildroot}/usr/share/doc/vpp/examples/sample-plugin/$file ) done +# vppctl sockfile directory +mkdir -p -m755 %{buildroot}%{_localstatedir}/run/vpp +# vpp.log directory +mkdir -p -m755 %{buildroot}%{_localstatedir}/log/vpp # # vpp-plugins @@ -274,6 +318,15 @@ fi %preun %systemd_preun vpp.service +%post selinux-policy +%_format MODULES %{_datadir}/selinux/packages/$x.pp +if %{_sbindir}/selinuxenabled ; then + %{_sbindir}/semodule -n -X 400 -s %{selinuxtype} -i $MODULES + %{_sbindir}/load_policy + %relabel_files +fi + + %postun %systemd_postun if [ $1 -eq 0 ] ; then @@ -299,6 +352,15 @@ else echo "Upgrading package, dont' unbind interfaces" fi +%postun selinux-policy +if [ $1 -eq 0 ]; then + %{_sbindir}/semodule -n -r %{modulenames} + if %{_sbindir}/selinuxenabled ; then + %{_sbindir}/load_policy + %relabel_files + fi +fi + %files %defattr(-,bin,bin) %{_unitdir}/vpp.service @@ -309,8 +371,15 @@ fi %config(noreplace) /etc/vpp/startup.conf /usr/share/vpp/api/* +%defattr(-,root,vpp) +%{_localstatedir}/run/vpp* + +%defattr(-,root,root) +%{_localstatedir}/log/vpp* + %files lib %defattr(-,bin,bin) +%global __requires_exclude_from %{_libdir}/librte_pmd_mlx[45]_glue\\.so.*$ %exclude %{_libdir}/vpp_plugins %exclude %{_libdir}/vpp_api_test_plugins %{_libdir}/* @@ -328,7 +397,12 @@ fi %files api-python %defattr(644,root,root) -%{python2_sitelib}/vpp_papi* +%{python2_sitelib}/vpp_* + +%files selinux-policy +%defattr(-,root,root,0755) +%attr(0644,root,root) %{_datadir}/selinux/packages/*.pp +%attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/*.if %files devel %defattr(-,bin,bin) @@ -337,6 +411,7 @@ fi %{_includedir}/* %{python2_sitelib}/jvppgen/* /usr/share/doc/vpp/examples/sample-plugin +/usr/share/vpp %files plugins %defattr(-,bin,bin)