Merge branch 'release/v0.6.1'

passbolt · Mar 16, 2021 · 408f59d · 408f59d
2 parents b80f219 + ea7c6f6
commit 408f59d
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased](https://github.com/passbolt/passbolt_install_scripts/compare/v0.6.0...HEAD)
 
+## [0.6.1](https://github.com/passbolt/passbolt_install_scripts/compare/v0.6.1..v0.6.0) - 2021-02-25
+
+This release contains a fix to solve gpg policies on selinux.
+
+### Changed
+- Selinux permissions to httpd to create socket files.
+
 ## [0.6.0](https://github.com/passbolt/passbolt_install_scripts/compare/v0.6.0..v0.5.2) - 2021-02-25
 
 This release of the install scripts deprecates the [ubuntu](https://help.passbolt.com/hosting/install/ce/ubuntu/ubuntu.html) and [debian](https://help.passbolt.com/hosting/install/ce/debian/debian.html) installation scripts in favour of the passbolt debian and ubuntu packages.

diff --git a/build_scripts.sh b/build_scripts.sh
@@ -110,14 +110,10 @@ while getopts "chd:" opt; do
       build "$OPTARG"
       ;;
     c)
-      compress debian 10
-      checksum debian 10
-      compress centos 7
-      checksum centos 7
-      compress centos 8
-      checksum centos 8
-      compress ubuntu 18.04
-      checksum ubuntu 18.04
+      compress centos7 7
+      checksum centos7 7
+      compress centos8 8
+      checksum centos8 8
       compress redhat EXPERIMENTAL
       ;;
     *)

diff --git a/lib/helpers/centos7/setup_selinux.sh b/lib/helpers/centos7/setup_selinux.sh
@@ -1,3 +1,27 @@
+clean_selinux_modules_files() {
+  rm /tmp/local.{te,mod,pp}
+}
+# Allow httpd to create gnupg socket file
+setup_gnupg_socket_policy() {
+  cat << EOF > /tmp/local.te
+module local 1.0;
+
+require {
+	type httpd_t;
+	type httpd_sys_rw_content_t;
+	class sock_file create;
+}
+
+#============= httpd_t ==============
+allow httpd_t httpd_sys_rw_content_t:sock_file create;
+EOF
+
+  checkmodule -M -m -o /tmp/local.mod /tmp/local.te
+  semodule_package -o /tmp/local.pp -m /tmp/local.mod
+  semodule -i /tmp/local.pp
+  clean_selinux_modules_files
+}
+
 setup_selinux() {
   local selinux_status
 
@@ -11,7 +35,7 @@ setup_selinux() {
       restorecon -R "$PASSBOLT_BASE_DIR"
       semanage fcontext -a -t httpd_sys_rw_content_t "$GNUPG_HOME(/.*)?"
       restorecon -R "$GNUPG_HOME"
+      setup_gnupg_socket_policy
     fi
   fi
 }
-