Name:           ly-git
Version:        7506d6a7d5ce841ee8c24e5b3eaa930681a39199
Release:        2
Summary:        TUI (ncurses-like) display manager
License:        WTFPL
Group:          System/Console
URL:            https://github.com/fairyglade/ly

BuildRequires:  git
BuildRequires:  systemd-rpm-macros
BuildRequires:  pkgconfig(pam)
BuildRequires:  pkgconfig(xcb)
#BuildRequires:  xdg-utils
BuildRequires:  zig
BuildRequires:  wget
BuildRequires:  make
BuildRequires:  selinux-policy-devel

%description
A lightweight, TUI (ncurses-like) display manager for linux.

%prep
rm -rf %{name}
git clone %{url} %{name}
cd %{name}
git checkout %{version}
wget https://ziglang.org/download/0.12.0/zig-linux-x86_64-0.12.0.tar.xz
tar -xf zig-linux-x86_64-0.12.0.tar.xz

mkdir selinux
cat << 'EOF' > selinux/ly.fc
/usr/bin/ly		--	gen_context(system_u:object_r:ly_exec_t,s0)
EOF
cat << 'EOF' > selinux/ly.if

## <summary>policy for ly</summary>

########################################
## <summary>
##	Execute ly_exec_t in the ly domain.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`ly_domtrans',`
	gen_require(`
		type ly_t, ly_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, ly_exec_t, ly_t)
')

######################################
## <summary>
##	Execute ly in the caller domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`ly_exec',`
	gen_require(`
		type ly_exec_t;
	')

	corecmd_search_bin($1)
	can_exec($1, ly_exec_t)
')
EOF
cat << 'EOF' > selinux/ly.te
policy_module(ly, 1.0.0)

########################################
#
# Declarations
#

type ly_t;
type ly_exec_t;
init_daemon_domain(ly_t, ly_exec_t)

permissive ly_t;

########################################
#
# ly local policy
#
allow ly_t self:fifo_file rw_fifo_file_perms;
allow ly_t self:unix_stream_socket create_stream_socket_perms;

domain_use_interactive_fds(ly_t)

files_read_etc_files(ly_t)

miscfiles_read_localization(ly_t)
EOF

%build
cd %{name}
make -f /usr/share/selinux/devel/Makefile -C selinux
zig-linux-x86_64-0.12.0/zig build
pushd selinux
bzip2 ly.pp
popd

%install
cd %{name}
#zig make install
#zig-linux-x86_64-0.12.0/zig DESTDIR=%{buildroot} installsystemd
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{_sysconfdir}/ly
mkdir -p %{buildroot}%{_docdir}/ly
mkdir -p %{buildroot}%{_datadir}/selinux/packages/targeted/

cp ./zig-out/bin/ly %{buildroot}%{_bindir}
cp ./res/ly.service %{buildroot}%{_unitdir}
cp ./res/config.ini %{buildroot}%{_sysconfdir}/ly/
cp ./res/*setup.sh %{buildroot}%{_sysconfdir}/ly/
cp -r ./res/lang %{buildroot}%{_sysconfdir}/ly/
#cp ./readme.md %{buildroot}
cp -r ./res/pam.d %{buildroot}%{_sysconfdir}/
cp ./selinux/ly.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/targeted/ly.pp.bz2

#%pre
#%systemd_pre ly.service

%post
%systemd_post ly.service
# this is very jank
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/ly.pp.bz2
%selinux_relabel_post -s %{selinuxtype}

%preun
%systemd_preun ly.service

%postun
%systemd_postun ly.service
%pre
# SELinux contexts are saved so that only affected files can be
# relabeled after the policy module installation
%selinux_relabel_pre -s %{selinuxtype}

if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} %{name}
    %selinux_relabel_post -s %{selinuxtype}
fi

%files
#%doc readme.md
%dir %{_sysconfdir}/ly
%dir %{_sysconfdir}/ly/lang
%config(noreplace) %{_sysconfdir}/ly/config.ini
%config %{_sysconfdir}/ly/lang/*.ini
%config %{_sysconfdir}/pam.d/ly
%{_sysconfdir}/ly/*.sh
%{_bindir}/ly
#%{_sbindir}/rcly
%{_unitdir}/ly.service
%{_datadir}/selinux/packages/targeted/ly.pp.bz2

%changelog
%autochangelog