rpm-ostree/tests/common/compose/yum/nonrootcap.spec

Summary: An app that has non-root files and caps
Name: nonrootcap
Version: 1.0
Release: 1
License: GPL+
Group: Development/Tools
URL: http://foo.bar.com
BuildArch: x86_64

%description
%{summary}

%prep

%build
cat > tmp << EOF
#!/bin/sh
echo "Hello!"
EOF

chmod a+x tmp
echo nrc.conf > nrc.conf
cp tmp nrc-none.sh
cp tmp nrc-user.sh
cp tmp nrc-group.sh
cp tmp nrc-caps.sh
cp tmp nrc-caps-setuid.sh
cp tmp nrc-usergroup.sh
cp tmp nrc-usergroupcaps.sh
cp tmp nrc-usergroupcaps-setuid.sh
rm tmp

%pre
groupadd -r nrcgroup
useradd -r nrcuser -g nrcgroup -s /sbin/nologin

%install
install -D nrc.conf %{buildroot}/etc/nrc.conf
ln -sr %{buildroot}/etc/nrc.conf %{buildroot}/etc/nrc-link.conf
mkdir -p %{buildroot}/usr/bin
install *.sh %{buildroot}/usr/bin
ln -sr %{buildroot}/usr/bin/{nrc-user.sh,nrc-user-link.sh}
mkdir -p %{buildroot}/var/lib/nonrootcap
mkdir -p %{buildroot}/run/nonrootcap
mkdir -p %{buildroot}/var/lib/nonrootcap-rootowned
mkdir -p %{buildroot}/run/nonrootcap-rootowned

%clean
rm -rf %{buildroot}

%files
/usr/bin/nrc-none.sh
%attr(-, nrcuser, -) /etc/nrc.conf
%attr(-, nrcuser, -) /etc/nrc-link.conf
%attr(-, nrcuser, -) /usr/bin/nrc-user.sh
%attr(-, nrcuser, -) /usr/bin/nrc-user-link.sh
%attr(-, -, nrcgroup) /usr/bin/nrc-group.sh
%caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh
%attr(4775, -, -) %caps(cap_net_bind_service=ep) /usr/bin/nrc-caps-setuid.sh
%attr(-, nrcuser, nrcgroup) /usr/bin/nrc-usergroup.sh
%attr(-, nrcuser, nrcgroup) %caps(cap_net_bind_service=ep) /usr/bin/nrc-usergroupcaps.sh
%attr(4775, nrcuser, nrcgroup) %caps(cap_net_bind_service=ep) /usr/bin/nrc-usergroupcaps-setuid.sh
%attr(-, nrcuser, nrcgroup) /var/lib/nonrootcap
%attr(-, nrcuser, nrcgroup) /run/nonrootcap
/var/lib/nonrootcap-rootowned
/run/nonrootcap-rootowned

%changelog
* Wed Jan 05 2017 Jonathan Lebon <jlebon@redhat.com> 1.0-1
- First Build
core: Apply rpmfi overrides for /etc to /usr/etc This fixes installing `mock`, which for some reason has files in `/etc/mock` owned by `root:mock`. Closes: https://github.com/projectatomic/rpm-ostree/issues/671 Closes: #677 Approved by: jlebon 2017-03-11 18:43:42 +03:00			`Summary: An app that has non-root files and caps`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00			`Name: nonrootcap`
			`Version: 1.0`
			`Release: 1`
			`License: GPL+`
			`Group: Development/Tools`
			`URL: http://foo.bar.com`
			`BuildArch: x86_64`

			`%description`
			`%{summary}`

			`%prep`

			`%build`
			`cat > tmp << EOF`
			`#!/bin/sh`
			`echo "Hello!"`
			`EOF`

			`chmod a+x tmp`
core: Apply rpmfi overrides for /etc to /usr/etc This fixes installing `mock`, which for some reason has files in `/etc/mock` owned by `root:mock`. Closes: https://github.com/projectatomic/rpm-ostree/issues/671 Closes: #677 Approved by: jlebon 2017-03-11 18:43:42 +03:00			`echo nrc.conf > nrc.conf`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00			`cp tmp nrc-none.sh`
			`cp tmp nrc-user.sh`
			`cp tmp nrc-group.sh`
			`cp tmp nrc-caps.sh`
			`cp tmp nrc-caps-setuid.sh`
			`cp tmp nrc-usergroup.sh`
			`cp tmp nrc-usergroupcaps.sh`
			`cp tmp nrc-usergroupcaps-setuid.sh`
			`rm tmp`

			`%pre`
			`groupadd -r nrcgroup`
			`useradd -r nrcuser -g nrcgroup -s /sbin/nologin`

			`%install`
core: Apply rpmfi overrides for /etc to /usr/etc This fixes installing `mock`, which for some reason has files in `/etc/mock` owned by `root:mock`. Closes: https://github.com/projectatomic/rpm-ostree/issues/671 Closes: #677 Approved by: jlebon 2017-03-11 18:43:42 +03:00			`install -D nrc.conf %{buildroot}/etc/nrc.conf`
core: Also apply mode overrides to symlinks I originally thought there was a bug here, but missed we were skipping symlinks earlier above. See [previous discussion][1]. Now, I'm not aware right now of something this patch actively fixes, but I think it makes sense to be consistent in our handling of things here with respect to symlinks. 1: https://github.com/projectatomic/rpm-ostree/pull/561/files/29dd1bd8012f0d34385fb5b1225bf47ccd5b4249..8158dcfb47a112f56c9e6565085d180f359f1b3c#r95017893 Closes: #689 Approved by: jlebon 2017-03-17 16:46:13 +03:00			`ln -sr %{buildroot}/etc/nrc.conf %{buildroot}/etc/nrc-link.conf`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00			`mkdir -p %{buildroot}/usr/bin`
			`install *.sh %{buildroot}/usr/bin`
core: Also apply mode overrides to symlinks I originally thought there was a bug here, but missed we were skipping symlinks earlier above. See [previous discussion][1]. Now, I'm not aware right now of something this patch actively fixes, but I think it makes sense to be consistent in our handling of things here with respect to symlinks. 1: https://github.com/projectatomic/rpm-ostree/pull/561/files/29dd1bd8012f0d34385fb5b1225bf47ccd5b4249..8158dcfb47a112f56c9e6565085d180f359f1b3c#r95017893 Closes: #689 Approved by: jlebon 2017-03-17 16:46:13 +03:00			`ln -sr %{buildroot}/usr/bin/{nrc-user.sh,nrc-user-link.sh}`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00			`mkdir -p %{buildroot}/var/lib/nonrootcap`
			`mkdir -p %{buildroot}/run/nonrootcap`
unpacker: support root-owned /var & /run files I'm not sure why we weren't doing this before, but we need to also support files in /var and /run that are owned by root. Related: RHBZ#1421781 Closes: #622 Approved by: cgwalters 2017-02-13 19:32:19 +03:00			`mkdir -p %{buildroot}/var/lib/nonrootcap-rootowned`
			`mkdir -p %{buildroot}/run/nonrootcap-rootowned`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00
			`%clean`
			`rm -rf %{buildroot}`

			`%files`
			`/usr/bin/nrc-none.sh`
core: Apply rpmfi overrides for /etc to /usr/etc This fixes installing `mock`, which for some reason has files in `/etc/mock` owned by `root:mock`. Closes: https://github.com/projectatomic/rpm-ostree/issues/671 Closes: #677 Approved by: jlebon 2017-03-11 18:43:42 +03:00			`%attr(-, nrcuser, -) /etc/nrc.conf`
core: Also apply mode overrides to symlinks I originally thought there was a bug here, but missed we were skipping symlinks earlier above. See [previous discussion][1]. Now, I'm not aware right now of something this patch actively fixes, but I think it makes sense to be consistent in our handling of things here with respect to symlinks. 1: https://github.com/projectatomic/rpm-ostree/pull/561/files/29dd1bd8012f0d34385fb5b1225bf47ccd5b4249..8158dcfb47a112f56c9e6565085d180f359f1b3c#r95017893 Closes: #689 Approved by: jlebon 2017-03-17 16:46:13 +03:00			`%attr(-, nrcuser, -) /etc/nrc-link.conf`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00			`%attr(-, nrcuser, -) /usr/bin/nrc-user.sh`
core: Also apply mode overrides to symlinks I originally thought there was a bug here, but missed we were skipping symlinks earlier above. See [previous discussion][1]. Now, I'm not aware right now of something this patch actively fixes, but I think it makes sense to be consistent in our handling of things here with respect to symlinks. 1: https://github.com/projectatomic/rpm-ostree/pull/561/files/29dd1bd8012f0d34385fb5b1225bf47ccd5b4249..8158dcfb47a112f56c9e6565085d180f359f1b3c#r95017893 Closes: #689 Approved by: jlebon 2017-03-17 16:46:13 +03:00			`%attr(-, nrcuser, -) /usr/bin/nrc-user-link.sh`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00			`%attr(-, -, nrcgroup) /usr/bin/nrc-group.sh`
			`%caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh`
			`%attr(4775, -, -) %caps(cap_net_bind_service=ep) /usr/bin/nrc-caps-setuid.sh`
			`%attr(-, nrcuser, nrcgroup) /usr/bin/nrc-usergroup.sh`
			`%attr(-, nrcuser, nrcgroup) %caps(cap_net_bind_service=ep) /usr/bin/nrc-usergroupcaps.sh`
			`%attr(4775, nrcuser, nrcgroup) %caps(cap_net_bind_service=ep) /usr/bin/nrc-usergroupcaps-setuid.sh`
			`%attr(-, nrcuser, nrcgroup) /var/lib/nonrootcap`
			`%attr(-, nrcuser, nrcgroup) /run/nonrootcap`
unpacker: support root-owned /var & /run files I'm not sure why we weren't doing this before, but we need to also support files in /var and /run that are owned by root. Related: RHBZ#1421781 Closes: #622 Approved by: cgwalters 2017-02-13 19:32:19 +03:00			`/var/lib/nonrootcap-rootowned`
			`/run/nonrootcap-rootowned`
vmcheck: add test-layering-non-root-caps.sh This new test exercises the new support for non-root file paths and files with capabilities. Closes: #561 Approved by: cgwalters 2017-01-06 17:52:57 +03:00
			`%changelog`
			`* Wed Jan 05 2017 Jonathan Lebon <jlebon@redhat.com> 1.0-1`
			`- First Build`