Name:           fedora-ima
Version:        0.1
Release:        1%{?dist}
Summary:        IMA policies and configuration files

License: GPL-2.0-only
Source1: COPYING
Source2: 98-dracut-integrity.conf
Source100: policy-01-appraise-exectuables-and-lib-signatures
Source101: policy-02-keylime-remote-attestation
Source200: policy_list

BuildArch: noarch
Requires: ima-evm-utils
Requires: rpm-plugin-ima
Requires: keyutils
Requires: dracut >= 059-12

%description
This package contains IMA sample policies and enable the dracut integrity
module to make it easier to load IMA keys and policies.

%autosetup

%build
if [ ! -e COPYING ]; then
   cp %{SOURCE1} .
fi

%install
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/dracut.conf.d
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/dracut.conf.d/98-integrity.conf

mkdir -p -m755 $RPM_BUILD_ROOT%{_datadir}/ima/policies
for i in $(cat %{SOURCE200}); do
  install -m 644 %{_sourcedir}/policy-$i $RPM_BUILD_ROOT%{_datadir}/ima/policies/$i
done

%posttrans
# rebuilt the initrd to include the integrity module when this package is first
# installed
if [ ! -f /run/ostree-booted ] && [ $1 == 1 ]; then
  if ! lsinitrd --mod | grep -q integirty; then
    echo "Rebuilding the initramfs of kernel-$(uname -r) to include the integrity module"
    dracut -f
  fi
  :
fi

%files
%{_datadir}/ima/policies
%{_sysconfdir}/dracut.conf.d/98-integrity.conf
%license COPYING

%changelog
* Tue Sep 12 2023 Coiby Xu <coxu@redhat.com>
- initialization