Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package passt for openSUSE:Factory checked
in at 2025-07-11 21:29:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/passt (Old)
and /work/SRC/openSUSE:Factory/.passt.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "passt"
Fri Jul 11 21:29:06 2025 rev:29 rq:1291672 version:20250611.0293c6f
Changes:
--------
--- /work/SRC/openSUSE:Factory/passt/passt.changes 2025-06-18
22:28:52.015974460 +0200
+++ /work/SRC/openSUSE:Factory/.passt.new.7373/passt.changes 2025-07-11
21:29:07.538604664 +0200
@@ -1,0 +2,11 @@
+Wed Jul 9 04:41:56 UTC 2025 - Danish Prakash <danish.prak...@suse.com>
+
+- Fixes to spec (ref: bsc#1245074):
+ * Install binaries for pasta, and not symlinks
+ * Remove circular dependency between passt and passt-selinux
+ * Install missing passt-repair.pp SELinux policy module
+ * Install modules at the correct location
.../selinux/packages/%{selinuxtype}/
+ * Require container-selinux for container related policies
+ * Single line macro to load SELinux policies for better performance
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ passt.spec ++++++
--- /var/tmp/diff_new_pack.3y450r/_old 2025-07-11 21:29:08.778656112 +0200
+++ /var/tmp/diff_new_pack.3y450r/_new 2025-07-11 21:29:08.782656278 +0200
@@ -57,9 +57,6 @@
BuildRequires: gcc, make
%if %{with selinux}
Requires: (%{name}-selinux = %{version}-%{release} if
selinux-policy-targeted)
-BuildRequires: checkpolicy
-BuildRequires: selinux-policy-devel
-BuildRequires: selinux-policy-targeted
%endif
%if %{with apparmor}
BuildRequires: apparmor-abstractions, apparmor-rpm-macros, libapparmor-devel
@@ -95,10 +92,13 @@
Summary: SELinux support for passt and pasta
Requires: %{name} = %{version}-%{release}
Requires: selinux-policy
-Requires(post): %{name}
+Requires: container-selinux
Requires(post): policycoreutils
-Requires(preun): %{name}
+Requires(post): container-selinux
Requires(preun): policycoreutils
+BuildRequires: checkpolicy
+BuildRequires: selinux-policy-devel
+Recommends: selinux-policy-%{selinuxtype}
%description selinux
This package adds SELinux enforcement to passt(1) and pasta(1).
@@ -109,7 +109,18 @@
%build
%set_build_flags
-%make_build VERSION=%{version}-%{release}
+# The Makefile creates symbolic links for pasta, but we need actual copies for
+# SELinux file contexts to work as intended. Same with pasta.avx2 if present.
+# Build twice, changing the version string, to avoid duplicate Build-IDs.
+# Ran into something similar for apparmor -
https://github.com/containers/buildah/issues/5440.
+%make_build VERSION=%{version}-%{release}-pasta
+%ifarch x86_64
+mv -f passt.avx2 pasta.avx2
+%make_build passt passt.avx2 VERSION="%{version}-%{release}"
+%else
+%make_build passt VERSION="%{version}-%{release}"
+%endif
+
%install
%make_install prefix=%{_prefix} bindir=%{_bindir} mandir=%{_mandir}
docdir=%{_docdir}/%{name}
@@ -136,9 +147,10 @@
%if %{with selinux}
pushd contrib/selinux
make -f %{_datadir}/selinux/devel/Makefile
-install -p -m 644 -D passt.pp
%{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp
+install -p -m 644 -D passt.pp
%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/passt.pp
+install -p -m 644 -D passt-repair.pp
%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/passt-repair.pp
+install -p -m 644 -D pasta.pp
%{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
install -p -m 644 -D passt.if
%{buildroot}%{_datadir}/selinux/devel/include/distributed/passt.if
-install -p -m 644 -D pasta.pp
%{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp
popd
%endif
@@ -153,17 +165,23 @@
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
-%selinux_modules_install -s %{selinuxtype}
%{_datadir}/selinux/packages/%{name}/passt.pp
-%selinux_modules_install -s %{selinuxtype}
%{_datadir}/selinux/packages/%{name}/pasta.pp
+%selinux_modules_install -s %{selinuxtype}
%{_datadir}/selinux/packages/%{selinuxtype}/passt.pp
%{_datadir}/selinux/packages/%{selinuxtype}/passt-repair.pp
%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
%postun selinux
if [ $1 -eq 0 ]; then
- %selinux_modules_uninstall -s %{selinuxtype} passt
- %selinux_modules_uninstall -s %{selinuxtype} pasta
+ %selinux_modules_uninstall -s %{selinuxtype} passt pasta passt-repair
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
+# %selinux_relabel_post calls fixfiles(8) with the previous file_contexts file
+# (see selabel_file(5)) in order to restore only the file contexts which
+# actually changed. However, as file_contexts doesn't support %{USERID}
+# substitutions, this will not work for specific file contexts that pasta needs
+# to have under /run/user. Restore those explicitly.
+#
+# https://passt.top/passt/commit/?id=e019323538699967c155c29411545223dadfc0f5
+restorecon -R /run/user 2>/dev/null
%endif
%files
@@ -188,9 +206,10 @@
%if %{with selinux}
%files selinux
-%dir %{_datadir}/selinux/packages/%{name}
-%{_datadir}/selinux/packages/%{name}/passt.pp
-%{_datadir}/selinux/packages/%{name}/pasta.pp
+%dir %{_datadir}/selinux/packages/%{selinuxtype}
+%{_datadir}/selinux/packages/%{selinuxtype}/passt.pp
+%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
+%{_datadir}/selinux/packages/%{selinuxtype}/passt-repair.pp
%dir %{_datadir}/selinux/devel/include/distributed
%{_datadir}/selinux/devel/include/distributed/passt.if
%endif
