From d441a4c4c448c925e0a8e2de39260cfa677cd148 Mon Sep 17 00:00:00 2001 From: Richard Allen Megginson Date: Jan 25 2010 17:26:01 +0000 Subject: this is the 1.2.6.a1 release - this is the first release that contains support for subtree rename and full SELinux enforcement --- diff --git a/.cvsignore b/.cvsignore index c38c601..d13a7c1 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -389-ds-base-1.2.5.tar.bz2 +389-ds-base-1.2.6.a1.tar.bz2 diff --git a/389-ds-base-git-local.sh b/389-ds-base-git-local.sh index 1104dab..32e8acc 100644 --- a/389-ds-base-git-local.sh +++ b/389-ds-base-git-local.sh @@ -2,7 +2,7 @@ DATE=`date +%Y%m%d` # use a real tag name here -VERSION=1.2.5 +VERSION=1.2.6.a1 PKGNAME=389-ds-base TAG=${TAG:-$PKGNAME-$VERSION} #SRCNAME=$PKGNAME-$VERSION-$DATE diff --git a/389-ds-base-git.sh b/389-ds-base-git.sh index e73e12e..9426795 100644 --- a/389-ds-base-git.sh +++ b/389-ds-base-git.sh @@ -2,7 +2,7 @@ DATE=`date +%Y%m%d` # use a real tag name here -VERSION=1.2.5 +VERSION=1.2.6.a1 PKGNAME=389-ds-base TAG=${TAG:-$PKGNAME-$VERSION} URL="http://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" diff --git a/389-ds-base.spec b/389-ds-base.spec index 482ecd3..c8a7ac0 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -1,13 +1,15 @@ %global pkgname dirsrv # for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release -###### %global prerel +%global prerel .a1 # also need the relprefix field for a pre-release e.g. .0 - also comment out for official release -###### %global relprefix +%global relprefix 0. + +%global selinux_variants strict targeted Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 1.2.5 +Version: 1.2.6 Release: %{?relprefix}1%{?prerel}%{?dist} License: GPLv2 with exceptions URL: http://port389.org/ @@ -34,7 +36,10 @@ BuildRequires: bzip2-devel BuildRequires: zlib-devel BuildRequires: openssl-devel BuildRequires: tcp_wrappers -BuildRequires: libselinux-devel +# The following are needed to build the SELinux policy +BuildRequires: checkpolicy +BuildRequires: selinux-policy-devel +BuildRequires: /usr/share/selinux/devel/Makefile # the following is for the pam passthru auth plug-in BuildRequires: pam-devel @@ -85,12 +90,28 @@ Obsoletes: fedora-ds-base-devel < 1.2.1-1 %description devel Development Libraries and headers for the 389 Directory Server base package. +%package selinux +Summary: SELinux policy for 389 Directory Server +Group: System Environment/Daemons +Requires: selinux-policy >= 2.4.6-203 +Requires: %{name} = %{version}-%{release} + +%description selinux +SELinux policy for the 389 Directory Server base package. + +%package selinux-devel +Summary: Development interface for 389 Directory Server base SELinux policy +Group: Development/Libraries + +%description selinux-devel +SELinux policy interface for the 389 Directory Server base package. + %prep %setup -q -n %{name}-%{version}%{?prerel} cp %{SOURCE2} README.devel %build -%configure --enable-autobind +%configure --enable-autobind --with-selinux # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS @@ -101,6 +122,16 @@ export USE_64=1 make %{?_smp_mflags} +# Build the SELinux policy module for each variant +cd selinux-built +for selinuxvariant in %{selinux_variants} +do + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile + mv %{pkgname}.pp %{pkgname}.pp.${selinuxvariant} + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean +done +cd - + %install rm -rf $RPM_BUILD_ROOT @@ -123,6 +154,24 @@ install -p -m 644 ldap/servers/plugins/replication/winsync-plugin.h $RPM_BUILD_R # make sure perl scripts have a proper shebang sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl +# Install the SELinux policy +cd selinux-built +for selinuxvariant in %{selinux_variants} +do + install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} + install -p -m 644 %{pkgname}.pp.${selinuxvariant} \ + %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{pkgname}.pp +done +cd - + +# Install the SELinux policy interface +cd selinux-built +install -d %{buildroot}%{_datadir}/%{pkgname}-selinux +install -p -m 644 %{pkgname}.if %{buildroot}%{_datadir}/%{pkgname}-selinux/%{pkgname}.if +install -p -m 644 %{pkgname}.te %{buildroot}%{_datadir}/%{pkgname}-selinux/%{pkgname}.te +install -p -m 644 %{pkgname}.fc %{buildroot}%{_datadir}/%{pkgname}-selinux/%{pkgname}.fc +cd - + %clean rm -rf $RPM_BUILD_ROOT @@ -233,6 +282,36 @@ if %{pkgname}_exists then os.execute('/sbin/service %{pkgname} start >/dev/null 2>&1') end +%post selinux +if [ "$1" -le "1" ] ; then # First install +for selinuxvariant in %{selinux_variants} +do + semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}.pp 2>/dev/null || : +done +fixfiles -R %{name} restore || : +/sbin/service %{pkgname} condrestart > /dev/null 2>&1 || : +/sbin/service %{pkgname}-snmp condrestart > /dev/null 2>&1 || : +fi + +%preun selinux +if [ "$1" -lt "1" ]; then # Final removal +for selinuxvariant in %{selinux_variants} +do + semodule -s ${selinuxvariant} -r %{pkgname} 2>/dev/null || : +done +fixfiles -R %{name} restore || : +/sbin/service %{pkgname} condrestart > /dev/null 2>&1 || : +/sbin/service %{pkgname}-snmp condrestart > /dev/null 2>&1 || : +fi + +%postun selinux +if [ "$1" -ge "1" ]; then # Upgrade +for selinuxvariant in %{selinux_variants} +do + semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}.pp 2>/dev/null || : +done +fi + %files %defattr(-,root,root,-) @@ -268,7 +347,19 @@ end %{_includedir}/%{pkgname} %{_libdir}/%{pkgname}/*.so +%files selinux +%defattr(-,root,root,-) +%{_datadir}/selinux/*/%{pkgname}.pp + +%files selinux-devel +%defattr(-,root,root,-) +%{_datadir}/%{pkgname}-selinux + %changelog +* Fri Jan 15 2010 Nathan Kinder - 1.2.6-0.1.a1 +- 1.2.6.a1 release +- Added SELinux policy and subpackages + * Tue Jan 12 2010 Rich Megginson - 1.2.5-1 - 1.2.5 final release diff --git a/sources b/sources index 809be8e..8dbd3db 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b6831fd96d28aade765dc8894ce68e45 389-ds-base-1.2.5.tar.bz2 +aa9299aa66b09f89ed80dd0cfeebde55 389-ds-base-1.2.6.a1.tar.bz2