From 81c2461408bc2284f911a0d1a8f1c94e871797c3 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Mon, 28 Mar 2022 16:37:39 +0200 Subject: contrib: Add example spec file for Fedora ...with SELinux package, too. Tested on Fedora 35, but it should work on pretty much any version. Signed-off-by: Stefano Brivio --- contrib/fedora/passt.spec | 95 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 contrib/fedora/passt.spec diff --git a/contrib/fedora/passt.spec b/contrib/fedora/passt.spec new file mode 100644 index 0000000..aa312ed --- /dev/null +++ b/contrib/fedora/passt.spec @@ -0,0 +1,95 @@ +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# PASST - Plug A Simple Socket Transport +# for qemu/UNIX domain socket mode +# +# PASTA - Pack A Subtle Tap Abstraction +# for network namespace/tap device mode +# +# contrib/fedora/passt.spec - Example spec file for fedora +# +# Copyright (c) 2022 Red Hat GmbH +# Author: Stefano Brivio + +Name: passt +Version: 0+git-8fd20ad99d24 +Release: 0 +Summary: User-mode networking daemons for virtual machines and namespaces +License: AGPLv3+ and BSD +URL: https://passt.top/ +Source: https://passt.top/passt/snapshot/passt-8fd20ad99d24a517fa1771e1863f51a32d2fe8a4.tar.xz + +BuildRequires: gcc, make, checkpolicy, selinux-policy-devel + +%description +passt implements a translation layer between a Layer-2 network interface and +native Layer-4 sockets (TCP, UDP, ICMP/ICMPv6 echo) on a host. It doesn't +require any capabilities or privileges, and it can be used as a simple +replacement for Slirp. + +pasta (same binary as passt, different command) offers equivalent functionality, +for network namespaces: traffic is forwarded using a tap interface inside the +namespace, without the need to create further interfaces on the host, hence not +requiring any capabilities or privileges. + +%package selinux +Summary: SELinux support for passt and pasta +Requires: %{name} = %{version} +Requires(post): policycoreutils, %{name} +Requires(preun): policycoreutils, %{name} + +%description selinux +This package adds SELinux enforcement to passt(1) and pasta(1). + +%prep +%setup -q + +%build +export CFLAGS="%{optflags}" +%make_build + +%install +%make_install DESTDIR=%{buildroot} prefix=%{_prefix} +%ifarch x86_64 +ln -sr %{buildroot}%{_mandir}/man1/passt.1 %{buildroot}%{_mandir}/man1/passt.avx2.1 +ln -sr %{buildroot}%{_mandir}/man1/pasta.1 %{buildroot}%{_mandir}/man1/pasta.avx2.1 +%endif + +pushd contrib/selinux +make -f %{_datadir}/selinux/devel/Makefile +install -p -m 644 -D passt.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/passt.pp +install -p -m 644 -D pasta.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/pasta.pp +popd + +%post selinux +semodule -i %{_datadir}/selinux/packages/%{name}/passt.pp 2>/dev/null || : +semodule -i %{_datadir}/selinux/packages/%{name}/pasta.pp 2>/dev/null || : + +%preun selinux +semodule -r passt 2>/dev/null || : +semodule -r pasta 2>/dev/null || : + +%files +%license LICENSES/{AGPL-3.0-or-later.txt,BSD-3-Clause.txt} +%doc README.md +%{_bindir}/passt +%{_bindir}/pasta +%{_bindir}/qrap +%{_mandir}/man1/passt.1.* +%{_mandir}/man1/pasta.1.* +%{_mandir}/man1/qrap.1.* +%ifarch x86_64 +%{_bindir}/passt.avx2 +%{_mandir}/man1/passt.avx2.1.* +%{_bindir}/pasta.avx2 +%{_mandir}/man1/pasta.avx2.1.* +%endif + +%files selinux +%doc README.md +%{_datadir}/selinux/packages/%{name}/passt.pp +%{_datadir}/selinux/packages/%{name}/pasta.pp + +%changelog +* Mon Mar 28 2022 Stefano Brivio 0+git-8fd20ad99d24-0 +- Pro forma: example -- cgit v1.2.3