preserve file signature when copying lighttpd config / init files

The lighttpd-config rpm was created to overwrite some configration
files from the stock lighttpd rpm.
However, the default behavior of the cp command does not
preserve extended attibutes. The result is that the IMA file
signatures were lost and the system generated IMA appraisal
failures when configured using the extended security profile.

This modification simply adds the required option to the
cp command to copy the extended attributes with the source files.

Closes-Bug: #1806433

Change-Id: I6811000b9bbd87004b371e8475359601f332a61a
Signed-off-by: Paul-Emile Element <Paul-Emile.Element@windriver.com>
This commit is contained in:
Paul-Emile Element 2018-12-03 16:09:08 -05:00
parent 2ae727788d
commit 082020ce89

View File

@ -43,11 +43,11 @@ chmod 02770 %{buildroot}%{_sysconfdir}/lighttpd
%post %post
if [ $1 -eq 1 ] ; then if [ $1 -eq 1 ] ; then
cp -f %{_datadir}/starlingx/lighttpd.conf %{_sysconfdir}/lighttpd/lighttpd.conf cp --preserve=xattr -f %{_datadir}/starlingx/lighttpd.conf %{_sysconfdir}/lighttpd/lighttpd.conf
chmod 640 %{_sysconfdir}/lighttpd/lighttpd.conf chmod 640 %{_sysconfdir}/lighttpd/lighttpd.conf
cp -f %{_datadir}/starlingx/lighttpd.init %{_sysconfdir}/rc.d/init.d/lighttpd cp --preserve=xattr -f %{_datadir}/starlingx/lighttpd.init %{_sysconfdir}/rc.d/init.d/lighttpd
chmod 755 %{_sysconfdir}/rc.d/init.d/lighttpd chmod 755 %{_sysconfdir}/rc.d/init.d/lighttpd
cp -f %{_datadir}/starlingx/lighttpd.logrotate %{_sysconfdir}/logrotate.d/lighttpd cp --preserve=xattr -f %{_datadir}/starlingx/lighttpd.logrotate %{_sysconfdir}/logrotate.d/lighttpd
chmod 644 %{_sysconfdir}/logrotate.d/lighttpd chmod 644 %{_sysconfdir}/logrotate.d/lighttpd
fi fi