macros.systemd000064400000005562147207414670007466 0ustar00# -*- Mode: makefile; indent-tabs-mode: t -*- */ # # This file is part of systemd. # # Copyright 2012 Lennart Poettering # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # systemd is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with systemd; If not, see . # RPM macros for packages installing systemd unit files %_unitdir /usr/lib/systemd/system %_userunitdir /usr/lib/systemd/user %_presetdir /usr/lib/systemd/system-preset %_udevhwdbdir /usr/lib/udev/hwdb.d %_udevrulesdir /usr/lib/udev/rules.d %_journalcatalogdir /usr/lib/systemd/catalog %_tmpfilesdir /usr/lib/tmpfiles.d %_sysusersdir /usr/lib/sysusers.d %_sysctldir /usr/lib/sysctl.d %_binfmtdir /usr/lib/binfmt.d %systemd_requires \ Requires(post): systemd \ Requires(preun): systemd \ Requires(postun): systemd \ %{nil} %systemd_post() \ if [ $1 -eq 1 ] ; then \ # Initial installation \ systemctl preset %{?*} >/dev/null 2>&1 || : \ fi \ %{nil} %systemd_user_post() %{expand:%systemd_post \\--global %%{?*}} %systemd_preun() \ if [ $1 -eq 0 ] ; then \ # Package removal, not upgrade \ systemctl --no-reload disable %{?*} > /dev/null 2>&1 || : \ systemctl stop %{?*} > /dev/null 2>&1 || : \ fi \ %{nil} %systemd_user_preun() \ if [ $1 -eq 0 ] ; then \ # Package removal, not upgrade \ systemctl --global disable %{?*} > /dev/null 2>&1 || : \ fi \ %{nil} %systemd_postun() \ systemctl daemon-reload >/dev/null 2>&1 || : \ %{nil} %systemd_user_postun() %{nil} %systemd_postun_with_restart() \ systemctl daemon-reload >/dev/null 2>&1 || : \ if [ $1 -ge 1 ] ; then \ # Package upgrade, not uninstall \ systemctl try-restart %{?*} >/dev/null 2>&1 || : \ fi \ %{nil} %systemd_user_postun_with_restart() %{nil} %udev_hwdb_update() \ udevadm hwdb --update >/dev/null 2>&1 || : \ %{nil} %udev_rules_update() \ udevadm control --reload >/dev/null 2>&1 || : \ %{nil} %journal_catalog_update() \ journalctl --update-catalog >/dev/null 2>&1 || : \ %{nil} %tmpfiles_create() \ systemd-tmpfiles --create %{?*} >/dev/null 2>&1 || : \ %{nil} %sysusers_create() \ systemd-sysusers %{?*} >/dev/null 2>&1 || : \ %{nil} %sysusers_create_inline() \ echo %{?*} | systemd-sysusers - >/dev/null 2>&1 || : \ %{nil} %sysctl_apply() \ /usr/lib/systemd/systemd-sysctl %{?*} >/dev/null 2>&1 || : \ %{nil} %binfmt_apply() \ /usr/lib/systemd/systemd-binfmt %{?*} >/dev/null 2>&1 || : \ %{nil} macros.systemtap000064400000000316147207414670010017 0ustar00# -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */ # # RPM macros for packages installing systemtap tapset files %_systemtap_tapsetdir /usr/share/systemtap/tapset %_systemtap_datadir /usr/share/systemtap macros.selinux-policy000064400000015166147207414670010763 0ustar00# Copyright (C) 2017 Red Hat, Inc. All rights reserved. # # Author: Petr Lautrbach # Author: Lukáš Vrabec # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # RPM macros for packages installing SELinux modules %_selinux_policy_version 3.13.1-268.el7_9.2 %_selinux_store_path /etc/selinux %_selinux_store_policy_path %{_selinux_store_path}/${_policytype} %_file_context_file %{_sysconfdir}/selinux/${SELINUXTYPE}/contexts/files/file_contexts %_file_context_file_pre %{_localstatedir}/lib/rpm-state/file_contexts.pre %_file_custom_defined_booleans %{_selinux_store_policy_path}/rpmbooleans.custom %_file_custom_defined_booleans_tmp %{_selinux_store_policy_path}/rpmbooleans.custom.tmp # %selinux_requires %selinux_requires \ Requires: selinux-policy >= %{_selinux_policy_version} \ BuildRequires: git \ BuildRequires: pkgconfig(systemd) \ BuildRequires: selinux-policy \ BuildRequires: selinux-policy-devel \ Requires(post): selinux-policy-base >= %{_selinux_policy_version} \ Requires(post): libselinux-utils \ Requires(post): policycoreutils \ %if 0%{?fedora} || 0%{?rhel} > 7\ Requires(post): policycoreutils-python-utils \ %else \ Requires(post): policycoreutils-python \ %endif \ %{nil} # %selinux_modules_install [-s ] [-p ] module [module]... %selinux_modules_install("s:p:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ %{_sbindir}/semodule -n -s ${_policytype} -X %{!-p:200}%{-p*} -i %* \ %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \ fi \ %{nil} # %selinux_modules_uninstall [-s ] [-p ] module [module]... %selinux_modules_uninstall("s:p:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if [ $1 -eq 0 ]; then \ if [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ %{_sbindir}/semodule -n -X %{!-p:200}%{-p*} -s ${_policytype} -r %* &> /dev/null || : \ %{_sbindir}/selinuxenabled && %{_sbindir}/load_policy || : \ fi \ fi \ %{nil} # %selinux_relabel_pre [-s ] %selinux_relabel_pre("s:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ [ -f %{_file_context_file_pre} ] || cp -f %{_file_context_file} %{_file_context_file_pre} \ fi \ %{nil} # %selinux_relabel_post [-s ] %selinux_relabel_post("s:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ if [ -f %{_file_context_file_pre} ]; then \ %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \ rm -f %{_file_context_file_pre} \ fi \ fi \ %{nil} # %selinux_set_booleans [-s ] boolean [boolean]... %selinux_set_booleans("s:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if [ -d "%{_selinux_store_policy_path}" ]; then \ LOCAL_MODIFICATIONS=$(%{_sbindir}/semanage boolean -E) \ if [ ! -f %_file_custom_defined_booleans ]; then \ /bin/echo "# This file is managed by macros.selinux-policy. Do not edit it manually" > %_file_custom_defined_booleans \ fi \ semanage_import='' \ for boolean in %*; do \ boolean_name=${boolean%=*} \ boolean_value=${boolean#*=} \ boolean_local_string=$(grep "$boolean_name\$" <<<$LOCAL_MODIFICATIONS) \ if [ -n "$boolean_local_string" ]; then \ semanage_import="${semanage_import}\\nboolean -m -$boolean_value $boolean_name" \ boolean_customized_string=$(grep "$boolean_name\$" %_file_custom_defined_booleans | tail -n 1) \ if [ -n "$boolean_customized_string" ]; then \ /bin/echo $boolean_customized_string >> %_file_custom_defined_booleans \ else \ /bin/echo $boolean_local_string >> %_file_custom_defined_booleans \ fi \ else \ semanage_import="${semanage_import}\\nboolean -m -$boolean_value $boolean_name" \ boolean_default_value=$(LC_ALL=C %{_sbindir}/semanage boolean -l | grep "^$boolean_name " | sed 's/[^(]*([^,]*, *\\(on\\|off\\).*/\\1/') \ /bin/echo "boolean -m --$boolean_default_value $boolean_name" >> %_file_custom_defined_booleans \ fi \ done; \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" \ elif test -d /usr/share/selinux/"${_policytype}"/base.lst; then \ /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" -N \ fi \ fi \ %{nil} # %selinux_unset_booleans [-s ] boolean [boolean]... %selinux_unset_booleans("s:") \ . /etc/selinux/config \ _policytype=%{-s*} \ if [ -z "${_policytype}" ]; then \ _policytype="targeted" \ fi \ if [ -d "%{_selinux_store_policy_path}" ]; then \ semanage_import='' \ for boolean in %*; do \ boolean_name=${boolean%=*} \ boolean_customized_string=$(grep "$boolean_name\$" %_file_custom_defined_booleans | tail -n 1) \ if [ -n "$boolean_customized_string" ]; then \ awk "/$boolean_customized_string/ && !f{f=1; next} 1" %_file_custom_defined_booleans > %_file_custom_defined_booleans_tmp && mv %_file_custom_defined_booleans_tmp %_file_custom_defined_booleans \ if ! grep -q "$boolean_name\$" %_file_custom_defined_booleans; then \ semanage_import="${semanage_import}\\n${boolean_customized_string}" \ fi \ fi \ done; \ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \ /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" \ elif test -d /usr/share/selinux/"${_policytype}"/base.lst; then \ /bin/echo -e "$semanage_import" | %{_sbindir}/semanage import -S "${_policytype}" -N \ fi \ fi \ %{nil} macros.firewalld000064400000000357147207414670007744 0ustar00# RPM macros for packages installing firewalld services/zones # put this into %post otherwise firewalld won't load new service/zone file %firewalld_reload() \ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || : \ %{nil}