# Spec file for Open vSwitch selinux policy.

# Copyright (C) 2018, Red Hat, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.  This file is offered as-is,
# without warranty of any kind.
#

%global selinuxtype targeted
%global selinux_policyver 3.13.1-166.9
%global moduletype contrib
%global modulename openvswitch-custom

Name: openvswitch-selinux-extra-policy
Summary: Open vSwitch Extra SELinux Policy
Group: System Environment/Daemons
URL: http://www.openvswitch.org/
Version: 1.0
Source0: http://aconole.bytheb.org/files/openvswitch-selinux-policy.tar.gz

License: ASL 2.0
BuildArch: noarch
Release: 5%{?dist}

BuildRequires: autoconf automake libtool
BuildRequires: systemd-units openssl openssl-devel
BuildRequires: checkpolicy selinux-policy-devel git pkgconfig(systemd)
Requires: selinux-policy-targeted
Requires(post): selinux-policy >= %{selinux_policyver}
Requires(post): libselinux-utils
Requires(post): policycoreutils
%if 0%{?fedora} || 0%{?rhel} > 7
Requires(post): policycoreutils-python-utils
%else
Requires(post): policycoreutils-python
%endif

%description
Tailored Open vSwitch SELinux policy for distribution

%prep
%autosetup -p 1

%build
make

%install
rm -rf $RPM_BUILD_ROOT
install -d %{buildroot}%{_datadir}/selinux/packages
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
# install -p -m 644 %{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
install -m 0644 %{modulename}.pp %{buildroot}%{_datadir}/selinux/packages

%check

%pre
if %{_sbindir}/selinuxenabled ; then
    %selinux_relabel_pre -s %{selinuxtype}
fi

%post
if %{_sbindir}/selinuxenabled ; then
    %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp
fi

%postun
if [ $1 -eq 0 ]; then
    if %{_sbindir}/selinuxenabled ; then
        %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
    fi
fi

%posttrans
if %{_sbindir}/selinuxenabled ; then
    %selinux_relabel_post -s %{selinuxtype}
fi

%files
%defattr(-,root,root,0755)
%attr(0644,root,root) %{_datadir}/selinux/packages/%{modulename}.pp
# %attr(0644,root,root) %{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if

%changelog
* Thu Jul 26 2018 Aaron Conole <aconole@redhat.com> - 1.0-5
- include net_broadcast and net_raw bits
- fix up the selinux macros for systems that don't have selinux installed
- use autosetup macro

* Mon Feb 12 2018 Aaron Conole <aconole@redhat.com> - 1.0-0
- First Build