Name: ly Version: 1.3.1 Release: 1%{?dist} Summary: A lightweight TUI display manager for Linux and BSD License: WTFPL URL: https://github.com/fairyglade/ly Source0: https://github.com/fairyglade/ly/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: zig >= 0.15.0 BuildRequires: pam-devel BuildRequires: libxcb-devel BuildRequires: systemd-rpm-macros BuildRequires: gcc BuildRequires: make Requires: pam Requires: libxcb Requires: xorg-x11-server-Xorg Requires: xorg-x11-xauth Requires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # SELinux subpackage %if 0%{?fedora} || 0%{?rhel} >= 8 %global with_selinux 1 %endif %if 0%{?with_selinux} %global selinuxtype targeted %global moduletype contrib %global modulename ly BuildRequires: selinux-policy-devel Requires: selinux-policy-%{selinuxtype} Requires(post): selinux-policy-%{selinuxtype} Requires(post): policycoreutils Requires(post): libselinux-utils Requires(postun): policycoreutils %endif %description Ly is a lightweight TUI (ncurses-like) display manager for Linux and BSD, designed with portability in mind. It provides a terminal-based login interface with support for X11 and Wayland desktop environments and window managers. %if 0%{?with_selinux} %package selinux Summary: SELinux policy module for ly display manager BuildArch: noarch Requires: %{name} = %{version}-%{release} Requires: selinux-policy-%{selinuxtype} Requires(post): selinux-policy-%{selinuxtype} BuildRequires: selinux-policy-devel %description selinux This package contains the SELinux policy module for the ly display manager. It provides the necessary security contexts and rules for ly to function properly with SELinux enabled. %endif %prep %autosetup -n %{name}-%{version} %build # Build ly with zig zig build -Doptimize=ReleaseSafe -Dinit_system=systemd %if 0%{?with_selinux} # Build SELinux policy mkdir selinux cd selinux cat > %{modulename}.te << 'EOF' policy_module(ly, 1.0.0) ######################################## # # Declarations # type ly_t; type ly_exec_t; init_daemon_domain(ly_t, ly_exec_t) type ly_var_run_t; files_pid_file(ly_var_run_t) type ly_var_log_t; logging_log_file(ly_var_log_t) type ly_etc_t; files_config_file(ly_etc_t) ######################################## # # ly local policy # allow ly_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid sys_admin sys_resource sys_tty_config }; allow ly_t self:process { setrlimit setsched signal_perms }; allow ly_t self:fifo_file rw_fifo_file_perms; allow ly_t self:unix_stream_socket create_stream_socket_perms; allow ly_t self:unix_dgram_socket create_socket_perms; # PAM authentication auth_use_pam(ly_t) auth_domtrans_chk_passwd(ly_t) auth_read_passwd_file(ly_t) auth_manage_faillog(ly_t) # User session management userdom_read_user_home_content_files(ly_t) userdom_manage_user_home_dirs(ly_t) userdom_home_filetrans_user_home_dir(ly_t) userdom_user_home_dir_filetrans_user_home_content(ly_t, { dir file }) # Console/TTY access term_use_console(ly_t) term_setattr_console(ly_t) term_use_unallocated_ttys(ly_t) term_setattr_unallocated_ttys(ly_t) # Log files allow ly_t ly_var_log_t:file { create_file_perms append_file_perms }; allow ly_t ly_var_log_t:dir manage_dir_perms; logging_log_filetrans(ly_t, ly_var_log_t, file) # PID files allow ly_t ly_var_run_t:file manage_file_perms; allow ly_t ly_var_run_t:dir manage_dir_perms; files_pid_filetrans(ly_t, ly_var_run_t, file) # Config files allow ly_t ly_etc_t:file read_file_perms; allow ly_t ly_etc_t:dir list_dir_perms; files_read_etc_files(ly_t) # X11 support xserver_read_xdm_pid(ly_t) xserver_signal_xdm(ly_t) xserver_domtrans_xdm(ly_t) xserver_stream_connect_xdm(ly_t) xserver_use_user_fonts(ly_t) # System operations corecmd_exec_bin(ly_t) corecmd_exec_shell(ly_t) domain_use_interactive_fds(ly_t) # File system fs_getattr_xattr_fs(ly_t) fs_search_auto_mountpoints(ly_t) # Miscellaneous miscfiles_read_localization(ly_t) init_read_utmp(ly_t) init_dontaudit_write_utmp(ly_t) # systemd integration init_stream_connect(ly_t) init_read_state(ly_t) # Allow ly to execute user sessions userdom_spec_domtrans_all_users(ly_t) userdom_signal_all_users(ly_t) # Wayland support optional_policy(` xdg_manage_all_cache(ly_t) xdg_manage_all_config(ly_t) ') # Allow transition to user domains ifdef(`init_systemd',` systemd_exec_systemctl(ly_t) systemd_read_logind_pids(ly_t) systemd_write_inherited_logind_sessions_pipes(ly_t) systemd_use_logind_fds(ly_t) ') EOF cat > %{modulename}.fc << 'EOF' /usr/bin/ly -- gen_context(system_u:object_r:ly_exec_t,s0) /etc/ly(/.*)? gen_context(system_u:object_r:ly_etc_t,s0) /var/log/ly\.log -- gen_context(system_u:object_r:ly_var_log_t,s0) /var/run/ly\.pid -- gen_context(system_u:object_r:ly_var_run_t,s0) EOF # Build the SELinux module make -f /usr/share/selinux/devel/Makefile %{modulename}.pp bzip2 -9 %{modulename}.pp cd .. %endif %install # Install ly binary and configuration DESTDIR=%{buildroot} zig build install -Doptimize=ReleaseSafe -Dinit_system=systemd --prefix /usr # Ensure directories exist mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_sysconfdir}/ly mkdir -p %{buildroot}%{_unitdir} mkdir -p %{buildroot}%{_sysconfdir}/pam.d mkdir -p %{buildroot}%{_datadir}/ly # Install systemd service file cat > %{buildroot}%{_unitdir}/ly@.service << 'EOF' [Unit] Description=Ly display manager on %I After=systemd-user-sessions.service plymouth-quit-wait.service After=getty@%i.service Before=getty@%i.service Conflicts=getty@%i.service [Service] Type=idle ExecStart=/usr/bin/ly StandardInput=tty TTYPath=/dev/%I TTYReset=yes TTYVHangup=yes [Install] WantedBy=graphical.target Alias=display-manager.service EOF # Install PAM configuration if not present from build if [ ! -f %{buildroot}%{_sysconfdir}/pam.d/ly ]; then cat > %{buildroot}%{_sysconfdir}/pam.d/ly << 'EOF' #%PAM-1.0 auth include system-auth auth optional pam_gnome_keyring.so account include system-auth password include system-auth session include system-auth session optional pam_gnome_keyring.so auto_start EOF fi %if 0%{?with_selinux} # Install SELinux policy module install -D -m 644 selinux/%{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 %endif %post %systemd_post ly@tty2.service %if 0%{?with_selinux} %post selinux # Install SELinux policy module %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 # Relabel files if /usr/sbin/selinuxenabled ; then /usr/sbin/fixfiles -R %{name} restore &> /dev/null || : /sbin/restorecon -R /usr/bin/ly /etc/ly /var/log/ly.log &> /dev/null || : fi %endif %preun %systemd_preun ly@tty2.service %postun %systemd_postun_with_restart ly@tty2.service %if 0%{?with_selinux} %postun selinux if [ $1 -eq 0 ]; then %selinux_modules_uninstall -s %{selinuxtype} %{modulename} if /usr/sbin/selinuxenabled ; then /sbin/restorecon -R /usr/bin/ly /etc/ly &> /dev/null || : fi fi %endif %files %license license.md %doc readme.md %{_bindir}/ly %config(noreplace) %{_sysconfdir}/ly/config.ini %config(noreplace) %{_sysconfdir}/pam.d/ly %{_unitdir}/ly@.service %dir %{_sysconfdir}/ly %dir %{_datadir}/ly %{_datadir}/ly/* %if 0%{?with_selinux} %files selinux %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2 %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %endif %changelog * Tue Feb 03 2026 Package Maintainer - 1.0.2-1 - Initial package for Fedora COPR - Added SELinux policy module - Configured for systemd integration