From 845aec7c5de9a66a20afdc879be0de0f93a308a7 Mon Sep 17 00:00:00 2001
From: Richard Allen Megginson <rmeggins@fedoraproject.org>
Date: Jan 26 2010 02:19:01 +0000
Subject: this is the 1.1.11.a1 release - this is the first release that supports

    SELinux enforcement

---

diff --git a/.cvsignore b/.cvsignore
index 8f9b5c4..bf52f93 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-389-admin-1.1.10.tar.bz2
+389-admin-1.1.11.a1.tar.bz2
diff --git a/389-admin-git-local.sh b/389-admin-git-local.sh
index fc60ec7..a96a3e6 100755
--- a/389-admin-git-local.sh
+++ b/389-admin-git-local.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 DATE=`date +%Y%m%d`
-VERSION=1.1.10
+VERSION=1.1.11.a1
 PKGNAME=389-admin
 TAG=${TAG:-$PKGNAME-$VERSION}
 SRCNAME=${PKGNAME}-${VERSION}
diff --git a/389-admin-git.sh b/389-admin-git.sh
index 1786739..cd4c85f 100755
--- a/389-admin-git.sh
+++ b/389-admin-git.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 DATE=`date +%Y%m%d`
-VERSION=1.1.10
+VERSION=1.1.11.a1
 PKGNAME=389-admin
 #SRCNAME=$PKGNAME-$VERSION-$DATE
 SRCNAME=$PKGNAME-$VERSION
diff --git a/389-admin.spec b/389-admin.spec
index 7fb6226..6be5317 100644
--- a/389-admin.spec
+++ b/389-admin.spec
@@ -1,12 +1,14 @@
 %global pkgname   dirsrv
 # for a pre-release, define the prerel field - comment out for official release
-###%global prerel
-# also need the relprefix field for a pre-release - also comment out for official release
-###%global relprefix
+%global prerel .a1
+# also need the relprefix 0. field for a pre-release - also comment out for official release
+%global relprefix 0.
+
+%global selinux_variants mls targeted
 
 Summary:          389 Administration Server (admin)
 Name:             389-admin
-Version:          1.1.10
+Version:          1.1.11
 Release:          %{?relprefix}1%{?prerel}%{?dist}
 License:          GPLv2 and ASL 2.0
 URL:              http://port389.org/
@@ -27,6 +29,12 @@ BuildRequires:    apr-devel
 BuildRequires:    mod_nss
 BuildRequires:    389-adminutil-devel
 
+# The following are needed to build the SELinux policy
+BuildRequires:    checkpolicy
+BuildRequires:    selinux-policy-devel
+BuildRequires:    /usr/share/selinux/devel/Makefile
+BuildRequires:    389-ds-base-selinux-devel
+
 Requires:         389-ds-base
 Requires:         mod_nss
 # the following are needed for some of our scripts
@@ -49,12 +57,22 @@ for 389 Directory Server.  It provides some management web apps that can
 be used through a web browser.  It provides the authentication, access control,
 and CGI utilities used by the console.
 
+%package          selinux
+Summary:          SELinux policy for 389 Administration Server
+Group:            System Environment/Daemons
+Requires:         selinux-policy
+Requires:         %{name} = %{version}-%{release}
+Requires:         389-ds-base-selinux
+
+%description      selinux
+SELinux policy for the 389 Adminstration Server package.
+
 %prep
 %setup -q -n %{name}-%{version}%{?prerel}
 %patch1
 
 %build
-%configure --disable-rpath
+%configure --disable-rpath --with-selinux
 
 # Generate symbolic info for debuggers
 export XCFLAGS=$RPM_OPT_FLAGS
@@ -65,6 +83,18 @@ export USE_64=1
 
 make %{?_smp_mflags}
 
+# Build the SELinux policy module for each variant
+cd selinux-built
+cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.if .
+cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.te .
+for selinuxvariant in %{selinux_variants}
+do
+  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+  mv %{pkgname}-admin.pp %{pkgname}-admin.pp.${selinuxvariant}
+  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+done
+cd -
+
 %install
 rm -rf $RPM_BUILD_ROOT 
 
@@ -80,6 +110,16 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.la
 
+# Install the SELinux policy
+cd selinux-built
+for selinuxvariant in %{selinux_variants}
+do
+  install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+  install -p -m 644 %{pkgname}-admin.pp.${selinuxvariant} \
+    %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp
+done
+cd -
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -143,6 +183,34 @@ if %{pkgname}admin_exists then
     os.execute('/sbin/service %{pkgname}-admin start >/dev/null 2>&1')
 end
 
+%post selinux
+if [ "$1" -le "1" ] ; then # First install
+for selinuxvariant in %{selinux_variants}
+do
+  semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp 2>/dev/null || :
+done
+fixfiles -R %{name} restore || :
+/sbin/service %{pkgname}-admin condrestart > /dev/null 2>&1 || :
+fi
+
+%preun selinux
+if [ "$1" -lt "1" ]; then # Final removal
+for selinuxvariant in %{selinux_variants}
+do
+  semodule -s ${selinuxvariant} -r %{pkgname}-admin 2>/dev/null || :
+done
+fixfiles -R %{name} restore || :
+/sbin/service %{pkgname}-admin condrestart > /dev/null 2>&1 || :
+fi
+
+%postun selinux
+if [ "$1" -ge "1" ]; then # Upgrade
+for selinuxvariant in %{selinux_variants}
+do
+  semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp 2>/dev/null || :
+done
+fi
+
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
@@ -156,7 +224,15 @@ end
 %{_libdir}/%{pkgname}
 %{_mandir}/man8/*
 
+%files selinux
+%defattr(-,root,root,-)
+%{_datadir}/selinux/*/%{pkgname}-admin.pp
+
 %changelog
+* Thu Jan 21 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11.a1-0.1
+- the 1.1.11.a1 release
+- added SELinux subpackage
+
 * Wed Jan 20 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.10-1
 - the 1.1.10 release
 - allow server to run unconfined if not built with selinux support
diff --git a/sources b/sources
index 3bff33f..7dfa470 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-55f4b856e31916a7fa05afe5b15be9c4  389-admin-1.1.10.tar.bz2
+2d5c5e2058429086bbced744590aba7f  389-admin-1.1.11.a1.tar.bz2