# For automatic rebuilds in COPR

# The following tag is to get correct syntax highlighting for this file in vim text editor
# vim: syntax=spec

%global debug_package %{nil}

# Some bits borrowed from the openstack-selinux package
%global selinuxtype targeted
%global moduletype services
%global modulenames qm

%global _installscriptdir %{_prefix}/lib/qm

# Usage: _format var format
# Expand 'modulenames' into various formats as needed
# Format must contain '$x' somewhere to do anything useful
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %%1+=" "; done;

Name: qm
Epoch: 101
Version: 0.1.0
Release: 1.20230412181337148055.pr13%{?dist}
License: GPLv2
URL: https://github.com/containers/qm
Summary: Containerized environment for running functionally safe QM (Quality Management) software.
VCS: git+https://github.com/containers/qm#a24fba59d623aa7f2e151a7257352a604f553d0e:
Source: %{name}-0.1.0.tar.gz
BuildArch: noarch
BuildRequires: go-md2man
BuildRequires: container-selinux
BuildRequires: make
BuildRequires: git-core
BuildRequires: pkgconfig(systemd)
BuildRequires: selinux-policy >= %_selinux_policy_version
BuildRequires: selinux-policy-devel >= %_selinux_policy_version
Requires: selinux-policy >= %_selinux_policy_version
Requires(post): selinux-policy-base >= %_selinux_policy_version
Requires(post): selinux-policy-targeted >= %_selinux_policy_version
Requires(post): policycoreutils
Requires(post): libselinux-utils

%description
This package allow users to setup an environment which prevents applications
and container tools from interfering with other all other processes on the
system.

The QM runs its own version of systemd and Podman to isolate not only the
applications and containers launched by systemd and Podman but systemd and
Podman themselves.

Software install into the QM environment under /usr/lib/qm/rootfs is
automatically isolated from the host. If developers need to further
isolate there applications from other processes in the QM they should
use container tools like Podman.

%prep
%autosetup -Sgit -n %{name}-0.1.0
sed -i 's/install: man/install:/' Makefile

# Remove unavailable tokens
%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9
sed -i '/user_namespace/d' qm.if
%endif

%build
%{__make}

%install
# install policy modules
%_format MODULES $x.pp.bz2
%{__make} DESTDIR=%{buildroot} DATADIR=%{_datadir} install

%pre

%post
# Install all modules in a single transaction
%_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2
%selinux_modules_install -s %{selinuxtype} $MODULES

%postun
if [ $1 -eq 0 ]; then
   %selinux_modules_uninstall -s %{selinuxtype} %{modulenames}
fi

%posttrans

#define license tag if not already defined
%{!?_licensedir:%global license %doc}

%files
%doc README.md
%dir %{_datadir}/selinux
%{_datadir}/selinux/*
%dir %{_datadir}/qm
%{_datadir}/qm/containers.conf
%{_datadir}/qm/contexts
%{_datadir}/qm/file_contexts
%{_datadir}/qm/setup
%ghost %dir %{_datadir}/containers
%ghost %dir %{_datadir}/containers/systemd
%{_sysconfdir}/containers/systemd/qm.container
%{_mandir}/man8/*

%changelog