Add RPM spec

.gitignore

@@ -1,2 +1,7 @@
+BUILD/
+BUILDROOT/
+repo/
 tmp/
 *.pp
+*.rpm
+*.tar.xz

Makefile

@@ -1,5 +1,83 @@
-NAME ?= targetd
+NAME ?= targeted
+REPO ?= repo
 
-.PHONY: all
+RPMBUILDFLAGS = \
-all:
+	-D "_topdir ${PWD}" \
+	-D "_srcrpmdir ${PWD}" \
+	-D "_sourcedir ${PWD}" \
+	-D "_specdir ${PWD}" \
+	-D "_rpmdir ${PWD}"
+
+ARCH = noarch
+VERSION = $(shell rpm -q --qf '%{VERSION}' --specfile dch-selinux.spec)
+RELEASE = $(shell rpm -q --qf '%{RELEASE}' --specfile dch-selinux.spec)
+TAR = dch-selinux-$(VERSION).tar.xz
+SPEC = dch-selinux.spec
+RPM = dch-selinux-$(VERSION)-$(RELEASE).$(ARCH).rpm
+SRPM = dch-selinux-$(VERSION)-$(RELEASE).src.rpm
+
+define buildpp
 	$(MAKE) NAME=$(NAME) -f /usr/share/selinux/devel/Makefile
+endef
+
+.PHONY: \
+	clean \
+	default \
+	dist \
+	mockbuild \
+	pp \
+	publish \
+	repo \
+	rpm \
+	srpm
+
+default: pp
+
+dch-samba.pp: dch-samba.fc dch-samba.if dch-samba.te
+	$(call buildpp)
+
+$(TAR): \
+		$(wildcard *.fc) \
+		$(wildcard *.if) \
+		$(wildcard *.te)
+	tar -cJf $@ --transform 's/^/dch-selinux-$(VERSION)\//' $^
+
+$(RPM): $(SPEC) $(TAR)
+	rpmbuild $(RPMBUILDFLAGS) -bb -v $<
+	mv $(ARCH)/$@ $@
+	rmdir $(ARCH)
+
+$(SRPM): $(SPEC) $(TAR)
+	rpmbuild $(RPMBUILDFLAGS) -bs -v $<
+
+dist: $(TAR)
+
+clean:
+	rm -f *.pp *.rpm *.srpm *.tar.xz
+	rm -rf BUILD BUILDROOT
+	rm -rf repo
+	rm -rf tmp
+
+mockbuild: $(SRPM)
+ifeq ($(MOCKTARGET),)
+	$(error MOCKTARGET is required, e.g. make MOCKTARGET=fedora-37-x86_64 mockbuild)
+endif
+	mock -r '$(MOCKTARGET)' $(SRPM)
+	cp -a /var/lib/mock/$(MOCKTARGET)/result/*.noarch.rpm .
+
+publish: repo
+ifeq ($(PUBLISH_HOST),)
+	$(error PUBLISH_HOST and PUBLISH_PATH are required)
+endif
+	rsync -rtiO --delete $(REPO)/ $(PUBLISH_HOST):$(PUBLISH_PATH)
+
+repo:
+	mkdir -p '$(REPO)'
+	cp *.rpm '$(REPO)'/
+	createrepo '$(REPO)'
+
+rpm: $(RPM)
+
+srpm: $(SRPM)
+
+pp: dch-samba.pp

dch-selinux.spec

@@ -0,0 +1,65 @@
+%global selinux_variants mls targeted
+
+Name:           dch-selinux
+Version:        1.0.0
+Release:        1%{?dist}
+Summary:        Dustin's custom SELinux policy modules
+
+License:        GPLv2+
+URL:            https://git.pyrocufflink.net/dustin/dch-selinux
+Source0:        %{name}-%{version}.tar.xz
+
+BuildArch:      noarch
+
+BuildRequires:  checkpolicy
+BuildRequires:  hardlink
+BuildRequires:  selinux-policy-devel
+
+Requires:       selinux-policy >= %{_selinux_policy_version}
+
+Requires(post):   policycoreutils, selinux-policy-base
+Requires(postun): policycoreutils
+
+%description
+This is a collection of SELinux policy modules that fix or augment the default
+SELinux policy for Fedora/RHEL.
+
+
+%prep
+%setup
+
+%build
+for v in %{selinux_variants}; do
+    make NAME=$v -f %{_datarootdir}/selinux/devel/Makefile
+    mv dch-samba.pp dch-samba.pp.$v
+    make NAME=$v -f %{_datarootdir}/selinux/devel/Makefile clean
+done
+
+%install
+for v in %{selinux_variants}; do
+    install -d %{buildroot}%{_datadir}/selinux/$v
+    install -p -m 644 dch-samba.pp.$v \
+        %{buildroot}%{_datadir}/selinux/$v/dch-samba.pp
+done
+hardlink -cv %{buildroot}%{_datadir}/selinux
+
+
+%post
+for v in %{selinux_variants}; do
+    /usr/sbin/semodule -s $v \
+        -i %{_datadir}/selinux/$v/dch-samba.pp >&- 2>&- || :
+done
+
+
+%postun
+for v in %{selinux_variants}; do
+    /usr/sbin/semodule -s $v -r dch-samba.pp >&- 2>&- || :
+done
+
+
+%files
+%{_datadir}/selinux/*/*.pp
+
+%changelog
+* Mon Dec 19 2022 Dustin C. Hatch <dustin@hatch.name> 1.0.0-1
+- New spec for dch-selinux