From 9eedf28d2469ff79b713988f2d242a8a1a5a1282 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Jun 17 2018 02:36:06 +0000 Subject: simplify README.SELinux install All supported releases use the same selinux context (git_sys_content_t). Update README.SELinux and install it as-is. --- diff --git a/README.SELinux b/README.SELinux index 1f63c62..3af6c5a 100644 --- a/README.SELinux +++ b/README.SELinux @@ -11,7 +11,7 @@ handled automatically for repositories in the default path, /var/lib/git. If your repositories are in a different path, /srv/git, for example, you can set the proper context using semanage: - # semanage fcontext -a -t @CGIT_CONTEXT@ "/srv/git(/.*)?" + # semanage fcontext -a -t git_sys_content_t "/srv/git(/.*)?" If you have other confined daemons that need to access the git repositories, you may want to use public_content_t, or public_content_rw_t instead. diff --git a/cgit.spec b/cgit.spec index 9de375b..cb4068e 100644 --- a/cgit.spec +++ b/cgit.spec @@ -69,6 +69,9 @@ Cgit is a fast web interface for git. It uses caching to increase performance. rm -rf git mv git-%{gitver} git +# add README.SELinux +cp -p %{SOURCE3} . + # Use the same options for every invocation of 'make'. # Otherwise it will rebuild in %%install due to flags changes. cat << \EOF > cgit.conf @@ -95,16 +98,6 @@ EOF # remove env shebang's from filter scripts grep -rl '#!.*/env' filters/ | xargs -r sed -Ei 's@^(.+/)env (.+)$@\1\2@' -# I tried to use matchpathcon, but we would need to require -# selinux-policy-targeted probably. - -build_dist=%{?fedora:fedora}%{?rhel:rhel} -build_ver=%{?fedora}%{?rhel} - -cgit_context=git_sys_content_t -sed -e "s|@CGIT_CONTEXT@|$cgit_context|g" \ - %{SOURCE3} > README.SELinux - cat > httpd.conf < - make config: drop redundant DESTDIR/INSTALL, add COPYTREE