Add openrc service

- ./init -> ./extra (there's more than just init stuff here)
- systemd unit -> extra/systemd
- new ./extra/openrc/{init,conf}.d/fapolicy
- exclude operc files from RPM build

Makefile.am

@@ -1,5 +1,5 @@
 
-SUBDIRS = src init doc rules.d
+SUBDIRS = src extra doc rules.d
 EXTRA_DIST = ChangeLog AUTHORS NEWS README.md INSTALL fapolicyd.spec dnf/fapolicyd-dnf-plugin.py autogen.sh
 
 clean-generic:

configure.ac

@@ -95,7 +95,6 @@ use_ebuild=$withval,use_ebuild=no)
 
 if test x$use_ebuild = xyes ; then
     AC_DEFINE(USE_EBUILD,1,[Define if you want to use the ebuild database as trust source.])
-    AC_CHECK_LIB(md, MD5Final, , [AC_MSG_ERROR([libmd is missing])], -lmd)
 fi
 AM_CONDITIONAL(WITH_EBUILD, test x$use_ebuild = xyes)
 
@@ -127,7 +126,7 @@ AC_CHECK_LIB(lmdb, mdb_env_create, , [AC_MSG_ERROR([liblmdb not found])], -llmdb
 
 LD_SO_PATH
 
-AC_CONFIG_FILES([Makefile src/Makefile src/tests/Makefile init/Makefile doc/Makefile rules.d/Makefile])
+AC_CONFIG_FILES([Makefile src/Makefile src/tests/Makefile extra/Makefile doc/Makefile rules.d/Makefile])
 AC_OUTPUT
 
 echo .

extra/Makefile.am

@@ -0,0 +1,38 @@
+EXTRA_DIST = \
+	data/fapolicyd-filter.conf \
+	data/fapolicyd.conf \
+	data/fapolicyd.trust \
+	openrc/conf.d/fapolicyd \
+	openrc/init.d/fapolicyd \
+	systemd/fapolicyd.service \
+	fapolicyd-tmpfiles.conf \
+	fapolicyd-magic \
+	fapolicyd.bash_completion \
+	fagenrules
+
+fapolicyddir = $(sysconfdir)/fapolicyd
+
+dist_fapolicyd_DATA = \
+	data/fapolicyd.conf \
+	data/fapolicyd-filter.conf \
+	data/fapolicyd.trust
+
+systemdservicedir = $(systemdsystemunitdir)
+dist_systemdservice_DATA = systemd/fapolicyd.service
+
+openrcinitdir = $(sysconfdir)/init.d
+dist_openrcinit_DATA = openrc/init.d/fapolicyd
+openrcconfdir = $(sysconfdir)/conf.d
+dist_openrcconf_DATA = openrc/conf.d/fapolicyd
+
+sbin_SCRIPTS = fagenrules
+
+completiondir = $(sysconfdir)/bash_completion.d/
+dist_completion_DATA = fapolicyd.bash_completion
+
+MAGIC = fapolicyd-magic.mgc
+pkgdata_DATA = ${MAGIC}
+CLEANFILES = ${MAGIC}
+
+${MAGIC}: $(EXTRA_DIST)
+	file -C -m ${top_srcdir}/extra/fapolicyd-magic

init/fapolicyd-magic → extra/fapolicyd-magic

@@ -13,7 +13,7 @@
 0	string/wt	#!\ /bin/rc		Plan 9 shell script text executable
 !:mime	text/x-plan9-shellscript
 
-0	string/wb	#!\ /usr/bin/ocamlrun	Ocaml byte-compiled executable 
+0	string/wb	#!\ /usr/bin/ocamlrun	Ocaml byte-compiled executable
 !:mime	application/x-bytecode.ocaml
 
 0	string/wt	#!\ /usr/bin/lua	Lua script text executable

extra/openrc/conf.d/fapolicyd

@@ -0,0 +1 @@
+fapolicyd_opts="--permissive --debug"

extra/openrc/init.d/fapolicyd

@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+
+name=$RC_SVCNAME
+cfgfile="/etc/$RC_SVCNAME/$RC_SVCNAME.conf"
+command="/usr/sbin/fapolicyd"
+command_args="${fapolicyd_opts}"
+command_user="fapolicyd"
+pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
+
+# Depend on local disks being mounted
+depend() {
+	need localmount
+}
+
+# Before starting the service update the rulesfile in /etc/fapolicyd
+# from the fragments in /etc/fapolicyd/rules.d
+start_pre() {
+	/usr/sbin/fagenrules
+}

fapolicyd.spec

@@ -50,7 +50,7 @@ makes use of the kernel's fanotify interface to determine file access rights.
 #ELN %endif
 #ELN BuildArch: noarch
 #ELN %{?selinux_requires}
-#ELN 
+#ELN
 #ELN %description    selinux
 #ELN The %{name}-selinux package contains selinux policy for the %{name} daemon.
 
@@ -92,14 +92,14 @@ sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules
 #ELN pushd %{name}-selinux-%{semodule_version}
 #ELN make
 #ELN popd
-#ELN 
+#ELN
 #ELN # selinux
 #ELN %pre selinux
 #ELN %selinux_relabel_pre -s %{selinuxtype}
 
 %install
 %make_install
-install -p -m 644 -D init/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{name}.conf
+install -p -m 644 -D extra/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{name}.conf
 mkdir -p %{buildroot}/%{_localstatedir}/lib/%{name}
 mkdir -p %{buildroot}/run/%{name}
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}/trust.d
@@ -207,6 +207,8 @@ fi
 %attr(644,root,%{name}) %{_datadir}/%{name}/default-ruleset.known-libs
 %attr(644,root,%{name}) %{_datadir}/%{name}/sample-rules/*
 %attr(644,root,%{name}) %{_datadir}/%{name}/fapolicyd-magic.mgc
+%exclude %{_sysconfdir}/init.d/%{name}
+%exclude %{_sysconfdir}/conf.d/%{name}
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/trust.d
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/rules.d
@@ -235,16 +237,16 @@ fi
 #ELN %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 #ELN %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
 #ELN %{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
-#ELN 
+#ELN
 #ELN %post selinux
 #ELN %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 #ELN %selinux_relabel_post -s %{selinuxtype}
-#ELN 
+#ELN
 #ELN %postun selinux
 #ELN if [ $1 -eq 0 ]; then
 #ELN     %selinux_modules_uninstall -s %{selinuxtype} %{name}
 #ELN fi
-#ELN 
+#ELN
 #ELN %posttrans selinux
 #ELN %selinux_relabel_post -s %{selinuxtype}