Use asan in packit

Signed-off-by: Radovan Sroka <[email protected]>

.packit.yaml

@@ -4,19 +4,34 @@ upstream_package_name: fapolicyd
 downstream_package_name: fapolicyd
 upstream_tag_template: v{version}
 
-actions:
-    post-upstream-clone:
-      - bash -c "sed -i 's/#ELN //' fapolicyd.spec"
-      - bash -c "curl -L -o $(grep Source1 fapolicyd.spec | cut -d ' ' -f 2 | sed -r \"s/%\{name\}/$(grep 'Name:' fapolicyd.spec | cut -f 2 -d ' ')/g;s/%\{semodule_version\}/$(grep '%define semodule_version' fapolicyd.spec | cut -f 3 -d ' ')/g\" | sed -r 's|(.*)#/(.*)|\2 \1|')"
-      - bash -c "curl -L -o $(grep Source2 fapolicyd.spec | cut -d ' ' -f 2 | sed -r 's|(.*)#/(.*)|\2 \1|')"
-
 jobs:
   - job: copr_build
     trigger: pull_request
+    identifier: build-normal
+    actions:
+      post-upstream-clone:
+        - bash -c "sed -i 's/#ELN //' fapolicyd.spec"
+        - bash -c "curl -L -o $(grep Source1 fapolicyd.spec | cut -d ' ' -f 2 | sed -r \"s/%\{name\}/$(grep 'Name:' fapolicyd.spec | cut -f 2 -d ' ')/g;s/%\{semodule_version\}/$(grep '%define semodule_version' fapolicyd.spec | cut -f 3 -d ' ')/g\" | sed -r 's|(.*)#/(.*)|\2 \1|')"
+        - bash -c "curl -L -o $(grep Source2 fapolicyd.spec | cut -d ' ' -f 2 | sed -r 's|(.*)#/(.*)|\2 \1|')"
     targets:
       - fedora-all
       - epel-9
       - epel-8
+
+  - job: copr_build
+    trigger: pull_request
+    identifier: build-asan
+    actions:
+      post-upstream-clone:
+        - bash -c "sed -i 's/#ASAN //' fapolicyd.spec"
+        - bash -c "sed -i 's/#ELN //' fapolicyd.spec"
+        - bash -c "curl -L -o $(grep Source1 fapolicyd.spec | cut -d ' ' -f 2 | sed -r \"s/%\{name\}/$(grep 'Name:' fapolicyd.spec | cut -f 2 -d ' ')/g;s/%\{semodule_version\}/$(grep '%define semodule_version' fapolicyd.spec | cut -f 3 -d ' ')/g\" | sed -r 's|(.*)#/(.*)|\2 \1|')"
+        - bash -c "curl -L -o $(grep Source2 fapolicyd.spec | cut -d ' ' -f 2 | sed -r 's|(.*)#/(.*)|\2 \1|')"
+    targets:
+      - fedora-all
+      - epel-9
+      - epel-8
+
   - job: tests
     trigger: pull_request
     targets:

fapolicyd.spec

@@ -1,83 +1,114 @@
+#ASAN %global asan_build 1
+#ELN %global eln_build 1
+
 Summary: Application Whitelisting Daemon
 Name: fapolicyd
 Version: 1.3.3
 Release: 1%{?dist}
 License: GPL-3.0-or-later
 URL: http://people.redhat.com/sgrubb/fapolicyd
 Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
-#ELN %global selinuxtype targeted
-#ELN %global moduletype contrib
-#ELN %define semodule_version master
-#ELN Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/archive/refs/heads/%{semodule_version}.tar.gz#/%{name}-selinux-%{semodule_version}.tar.gz
-#ELN # we bundle uthash for rhel9
-#ELN Source2: https://github.com/troydhanson/uthash/archive/refs/tags/v2.3.0.tar.gz#/uthash-2.3.0.tar.gz
+
+%if %{defined eln_build}
+%global selinuxtype targeted
+%global moduletype contrib
+%define semodule_version master
+Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/archive/refs/heads/%{semodule_version}.tar.gz#/%{name}-selinux-%{semodule_version}.tar.gz
+%endif
+
+%if 0%{?rhel} != 0
+# we bundle uthash for rhel9
+Source2: https://github.com/troydhanson/uthash/archive/refs/tags/v2.3.0.tar.gz#/uthash-2.3.0.tar.gz
+%endif
+
+
 BuildRequires: gcc
 BuildRequires: kernel-headers
 BuildRequires: autoconf automake make gcc libtool
 BuildRequires: systemd systemd-devel openssl-devel rpm-devel file-devel file
 BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel
 BuildRequires: python3-devel
+
 #ELN %if 0%{?rhel} == 0
 BuildRequires: uthash-devel
 #ELN %endif
-#ELN Recommends: %{name}-selinux
+
+%if %{defined asan_build}
+BuildRequires: libasan
+%endif
+
+%if %{defined eln_build}
+Recommends: %{name}-selinux
+%endif
+
 Requires(pre): shadow-utils
 Requires(post): systemd-units
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 
-#ELN Patch1: fapolicyd-uthash-bundle.patch
-#ELN Patch2: fapolicyd-selinux-var-run.patch
+%if 0%{?rhel} != 0
+Patch1: fapolicyd-uthash-bundle.patch
+%endif
+
+%if %{defined eln_build}
+Patch2: fapolicyd-selinux-var-run.patch
+%endif
 
 %description
 Fapolicyd (File Access Policy Daemon) implements application whitelisting
 to decide file access rights. Applications that are known via a reputation
 source are allowed access while unknown applications are not. The daemon
 makes use of the kernel's fanotify interface to determine file access rights.
 
-#ELN %package        selinux
-#ELN Summary:        Fapolicyd selinux
-#ELN Group:          Applications/System
-#ELN Requires:       %{name} = %{version}-%{release}
-#ELN BuildRequires:  selinux-policy
-#ELN %if 0%{?rhel} < 9
-#ELN BuildRequires:  selinux-policy-devel >= 3.14.3-108
-#ELN %else
-#ELN %if 0%{?rhel} == 9
-#ELN BuildRequires:  selinux-policy-devel >= 38.1.2
-#ELN %else
-#ELN BuildRequires:  selinux-policy-devel >= 38.2
-#ELN %endif
-#ELN %endif
-#ELN BuildArch: noarch
-#ELN %{?selinux_requires}
-#ELN 
-#ELN %description    selinux
-#ELN The %{name}-selinux package contains selinux policy for the %{name} daemon.
+%if %{defined eln_build}
+%package        selinux
+Summary:        Fapolicyd selinux
+Group:          Applications/System
+Requires:       %{name} = %{version}-%{release}
+BuildRequires:  selinux-policy
+%if 0%{?rhel} < 9
+BuildRequires:  selinux-policy-devel >= 3.14.3-108
+%else
+%if 0%{?rhel} == 9
+BuildRequires:  selinux-policy-devel >= 38.1.2
+%else
+BuildRequires:  selinux-policy-devel >= 38.2
+%endif
+%endif
+BuildArch: noarch
+%{?selinux_requires}
+
+%description    selinux
+The %{name}-selinux package contains selinux policy for the %{name} daemon.
+
+%endif
 
 %prep
 %setup -q
 
-#ELN # selinux
-#ELN %setup -q -D -T -a 1
+%if %{defined eln_build}
+# selinux
+%setup -q -D -T -a 1
 
-#ELN %if 0%{?rhel} != 0
-#ELN # uthash
-#ELN %setup -q -D -T -a 2
-#ELN %patch -P1 -p1 -b .uthash
-#ELN %endif
+%if 0%{?rhel} != 0
+# uthash
+%setup -q -D -T -a 2
+%patch -P1 -p1 -b .uthash
+%endif
 
-#ELN %if 0%{?fedora} < 40
-#ELN %define selinux_var_run 1
-#ELN %endif
+%if 0%{?fedora} < 40
+%define selinux_var_run 1
+%endif
 
-#ELN %if 0%{?rhel} < 10
-#ELN %define selinux_var_run 1
-#ELN %endif
+%if 0%{?rhel} < 10
+%define selinux_var_run 1
+%endif
 
-#ELN %if %{defined selinux_var_run}
-#ELN %patch -P2 -R -p1 -b .selinux
-#ELN %endif
+%if %{defined selinux_var_run}
+%patch -P2 -R -p1 -b .selinux
+%endif
+
+%endif
 
 # generate rules for python
 sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules
@@ -94,21 +125,28 @@ sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules
 
 %build
 ./autogen.sh
-%configure \
-    --with-audit \
-#ELN    --with-rpm \
+configure_flags= --with-audit \
+    --with-rpm \
     --disable-shared
 
+%if %{defined asan_build}
+configure_flags="$configure_flags --with-asan"
+%endif
+
+%configure "$configure_flags"
+
 %make_build
 
-#ELN # selinux
-#ELN pushd %{name}-selinux-%{semodule_version}
-#ELN make
-#ELN popd
-#ELN 
-#ELN # selinux
-#ELN %pre selinux
-#ELN %selinux_relabel_pre -s %{selinuxtype}
+%if %{defined eln_build}
+# selinux
+pushd %{name}-selinux-%{semodule_version}
+make
+popd
+
+# selinux
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+%endif
 
 %install
 %make_install
@@ -124,11 +162,13 @@ cat %{buildroot}/%{_datadir}/%{name}/sample-rules/README-rules \
   | grep '^[0-9]' > %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
 chmod 644 %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
 
-#ELN # selinux
-#ELN install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
-#ELN install -m 0644 %{name}-selinux-%{semodule_version}/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
-#ELN install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
-#ELN install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
+%if %{defined eln_build}
+# selinux
+install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
+install -m 0644 %{name}-selinux-%{semodule_version}/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
+install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
+%endif
 
 #cleanup
 find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete
@@ -244,22 +284,25 @@ fi
 %ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/data.mdb
 %ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/lock.mdb
 
-#ELN %files selinux
-#ELN %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
-#ELN %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
-#ELN %{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
-#ELN 
-#ELN %post selinux
-#ELN %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
-#ELN %selinux_relabel_post -s %{selinuxtype}
-#ELN 
-#ELN %postun selinux
-#ELN if [ $1 -eq 0 ]; then
-#ELN     %selinux_modules_uninstall -s %{selinuxtype} %{name}
-#ELN fi
-#ELN 
-#ELN %posttrans selinux
-#ELN %selinux_relabel_post -s %{selinuxtype}
+%if %{defined eln_build}
+%files selinux
+%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
+%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+%selinux_relabel_post -s %{selinuxtype}
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+     %selinux_modules_uninstall -s %{selinuxtype} %{name}
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
+
+%endif
 
 %changelog
 * Mon Jul 10 2023 Steve Grubb <[email protected]> 1.3.3-1