From e059da1de0459265e94854d66b5c86855c2864d7 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <michich@fedoraproject.org>
Date: Jul 08 2010 15:42:39 +0000
Subject: - Build without SELinux only on RHEL 5.

Thu Jul 08 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-6
- Moved away from fedora-usermgmt in favor of plain shadow-utils.
Sun Jun 13 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-5
- Mark UDP port 8765 as icecc_scheduler_port_t.
Sat Jun 12 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-4
- Require /usr/sbin/semanage for scriptlets. (BZ#581272)
Sat Jun 12 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-3
- Fix incorrect handling of SELinux in the scriptlets.
- Avoid recursive rpm invocation (fixfiles -R).
- Fixes: BZ#581272
Thu Mar 25 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-2
- SELinux policy fix (current selinux-policy assigns port 8765 to LIRC).
Thu Mar 25 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-1
- Upstream release 0.9.5.
- new command 'icerun': serialize possibly resource-intensive tasks
- minor bugfixes
- Refreshed icecream-rename-scheduler.patch.

---

diff --git a/.cvsignore b/.cvsignore
index 428e1b1..a24aadd 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,2 +1,2 @@
-icecc-0.9.4.tar.bz2
+icecc-0.9.5.tar.bz2
 icecream-manpages.tar.bz2
diff --git a/icecream-rename-scheduler.patch b/icecream-rename-scheduler.patch
index ddbc455..9ed72dc 100644
--- a/icecream-rename-scheduler.patch
+++ b/icecream-rename-scheduler.patch
@@ -1,6 +1,7 @@
-diff -Nurp icecc-0.9.2.orig/doc/man-scheduler.1.docbook icecc-0.9.2/doc/man-scheduler.1.docbook
---- icecc-0.9.2.orig/doc/man-scheduler.1.docbook	2009-02-07 19:07:02.000000000 +0100
-+++ icecc-0.9.2/doc/man-scheduler.1.docbook	2009-02-07 19:07:30.000000000 +0100
+Index: icecc-0.9.5/doc/man-scheduler.1.docbook
+===================================================================
+--- icecc-0.9.5.orig/doc/man-scheduler.1.docbook
++++ icecc-0.9.5/doc/man-scheduler.1.docbook
 @@ -23,13 +23,13 @@
  </refmeta>
  
@@ -26,9 +27,10 @@ diff -Nurp icecc-0.9.2.orig/doc/man-scheduler.1.docbook icecc-0.9.2/doc/man-sche
  </refsect1>
  
  <refsect1>
-diff -Nurp icecc-0.9.2.orig/services/Makefile.am icecc-0.9.2/services/Makefile.am
---- icecc-0.9.2.orig/services/Makefile.am	2009-02-07 19:07:02.000000000 +0100
-+++ icecc-0.9.2/services/Makefile.am	2009-02-07 19:07:30.000000000 +0100
+Index: icecc-0.9.5/services/Makefile.am
+===================================================================
+--- icecc-0.9.5.orig/services/Makefile.am
++++ icecc-0.9.5/services/Makefile.am
 @@ -11,9 +11,9 @@ ice_HEADERS = job.h comm.h
  noinst_HEADERS = bench.h exitcode.h getifaddrs.h logging.h tempfile.h platform.h
  icedir = $(includedir)/icecc
@@ -42,10 +44,17 @@ diff -Nurp icecc-0.9.2.orig/services/Makefile.am icecc-0.9.2/services/Makefile.a
  
  pkgconfigdir = $(libdir)/pkgconfig
  pkgconfig_DATA = icecc.pc
-diff -Nurp icecc-0.9.2.orig/services/Makefile.in icecc-0.9.2/services/Makefile.in
---- icecc-0.9.2.orig/services/Makefile.in	2008-11-02 14:14:47.000000000 +0100
-+++ icecc-0.9.2/services/Makefile.in	2009-02-07 19:07:36.000000000 +0100
-@@ -35,7 +35,7 @@ PRE_UNINSTALL = :
+Index: icecc-0.9.5/services/Makefile.in
+===================================================================
+--- icecc-0.9.5.orig/services/Makefile.in
++++ icecc-0.9.5/services/Makefile.in
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.11 from Makefile.am.
++# Makefile.in generated by automake 1.11.1 from Makefile.am.
+ # @configure_input@
+ 
+ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+@@ -37,7 +37,7 @@ PRE_UNINSTALL = :
  POST_UNINSTALL = :
  build_triplet = @build@
  host_triplet = @host@
@@ -54,9 +63,9 @@ diff -Nurp icecc-0.9.2.orig/services/Makefile.in icecc-0.9.2/services/Makefile.i
  subdir = services
  DIST_COMMON = $(ice_HEADERS) $(noinst_HEADERS) $(srcdir)/Makefile.am \
  	$(srcdir)/Makefile.in $(srcdir)/icecc.pc.in
-@@ -66,9 +66,9 @@ libicecc_la_LINK = $(LIBTOOL) --tag=CXX 
+@@ -82,9 +82,9 @@ libicecc_la_LINK = $(LIBTOOL) --tag=CXX 
+ 	$(LIBTOOLFLAGS) --mode=link $(CXXLD) $(libicecc_la_CXXFLAGS) \
  	$(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
- sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
  PROGRAMS = $(sbin_PROGRAMS)
 -am_scheduler_OBJECTS = scheduler.$(OBJEXT)
 -scheduler_OBJECTS = $(am_scheduler_OBJECTS)
@@ -67,7 +76,7 @@ diff -Nurp icecc-0.9.2.orig/services/Makefile.in icecc-0.9.2/services/Makefile.i
  DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
  depcomp = $(SHELL) $(top_srcdir)/depcomp
  am__depfiles_maybe = depfiles
-@@ -90,8 +90,8 @@ CXXLD = $(CXX)
+@@ -107,8 +107,8 @@ CXXLD = $(CXX)
  CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
  	--mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \
  	$(LDFLAGS) -o $@
@@ -75,10 +84,10 @@ diff -Nurp icecc-0.9.2.orig/services/Makefile.in icecc-0.9.2/services/Makefile.i
 -DIST_SOURCES = $(libicecc_la_SOURCES) $(scheduler_SOURCES)
 +SOURCES = $(libicecc_la_SOURCES) $(icecc_scheduler_SOURCES)
 +DIST_SOURCES = $(libicecc_la_SOURCES) $(icecc_scheduler_SOURCES)
- pkgconfigDATA_INSTALL = $(INSTALL_DATA)
  DATA = $(pkgconfig_DATA)
- iceHEADERS_INSTALL = $(INSTALL_HEADER)
-@@ -226,8 +226,8 @@ libicecc_la_CXXFLAGS = -fPIC -DPIC
+ HEADERS = $(ice_HEADERS) $(noinst_HEADERS)
+ ETAGS = etags
+@@ -241,8 +242,8 @@ libicecc_la_CXXFLAGS = -fPIC -DPIC
  ice_HEADERS = job.h comm.h
  noinst_HEADERS = bench.h exitcode.h getifaddrs.h logging.h tempfile.h platform.h
  icedir = $(includedir)/icecc
@@ -89,14 +98,14 @@ diff -Nurp icecc-0.9.2.orig/services/Makefile.in icecc-0.9.2/services/Makefile.i
  pkgconfigdir = $(libdir)/pkgconfig
  pkgconfig_DATA = icecc.pc
  all: all-am
-@@ -322,9 +322,9 @@ clean-sbinPROGRAMS:
- 	  echo " rm -f $$p $$f"; \
- 	  rm -f $$p $$f ; \
- 	done
+@@ -357,9 +358,9 @@ clean-sbinPROGRAMS:
+ 	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ 	echo " rm -f" $$list; \
+ 	rm -f $$list
 -scheduler$(EXEEXT): $(scheduler_OBJECTS) $(scheduler_DEPENDENCIES) 
 -	@rm -f scheduler$(EXEEXT)
 -	$(CXXLINK) $(scheduler_OBJECTS) $(scheduler_LDADD) $(LIBS)
-+icecc-scheduler$(EXEEXT): $(icecc_scheduler_OBJECTS) $(icecc_scheduler_DEPENDENCIES) 
++icecc-scheduler$(EXEEXT): $(icecc_scheduler_OBJECTS) $(icecc_scheduler_DEPENDENCIES)
 +	@rm -f icecc-scheduler$(EXEEXT)
 +	$(CXXLINK) $(icecc_scheduler_OBJECTS) $(icecc_scheduler_LDADD) $(LIBS)
  
diff --git a/icecream.spec b/icecream.spec
index e57470b..74c6d9c 100644
--- a/icecream.spec
+++ b/icecream.spec
@@ -1,23 +1,21 @@
-%if 0%{?fedora}
-%bcond_without	fedora
-%bcond_without	selinux
-%else
-%bcond_with	fedora
-# I'd need to modify the policy a bit to make it work on RHEL,
-# so default to off when not building for Fedora.
+%if 0%{?el5}
+# I'd need to modify the policy a bit to make it work on RHEL 5.
 %bcond_with	selinux
+%else
+%bcond_without	selinux
 %endif
 
-
 Name:		icecream
-Version:	0.9.4
-Release:	5%{?dist}
+Version:	0.9.5
+Release:	7%{?dist}
 Summary:	Distributed compiler
 
 Group:		Development/Tools
 License:	GPLv2+
 URL:		http://en.opensuse.org/Icecream
-Source0:	ftp://ftp.suse.com/pub/projects/icecream/icecc-%{version}.tar.bz2
+# tarball extracted from http://download.opensuse.org/repositories/home:/coolo/openSUSE_Factory/src/icecream-0.9.5-3.1.src.rpm:
+Source0:	icecc-%{version}.tar.bz2
+#Source0:	ftp://ftp.suse.com/pub/projects/icecream/icecc-%{version}.tar.bz2
 Source1:	icecream.sh.in
 Source2:	icecream.csh.in
 Source3:	icecream.fc
@@ -25,7 +23,7 @@ Source4:	icecream.te
 Source5:	icecream.if
 Source6:	initscript-iceccd
 Source7:	initscript-scheduler
-# manpages from http://ftp5.gwdg.de/pub/opensuse/repositories/home:/coolo/openSUSE_11.0/src/icecream-0.9.2-2.1.src.rpm
+# tarball extracted from http://download.opensuse.org/repositories/home:/coolo/openSUSE_Factory/src/icecream-0.9.5-3.1.src.rpm:
 Source8:	%{name}-manpages.tar.bz2
 Patch0:		%{name}-rename-scheduler.patch
 Patch1:		%{name}-cleanup-conffile.patch
@@ -35,9 +33,18 @@ BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	symlinks
 
+Requires(pre):		shadow-utils
+Requires(post):		chkconfig
+Requires(preun):	chkconfig initscripts
+Requires(postun):	initscripts
+
 %if %{with selinux}
 # For SELinux protection:
 BuildRequires:	checkpolicy selinux-policy-devel hardlink
+# semanage is in policycoreutils (EL-5) or policycoreutils-python (Fedora). File dep will work in both.
+Requires(post):		policycoreutils /usr/sbin/semanage
+Requires(preun):	policycoreutils /usr/sbin/semanage
+Requires(postun):	policycoreutils
 %define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp) 
 %if "%{selinux_policyver}" != ""
 Requires:	selinux-policy >= %{selinux_policyver}
@@ -45,15 +52,6 @@ Requires:	selinux-policy >= %{selinux_policyver}
 %define selinux_variants mls strict targeted 
 %endif
 
-BuildRequires:	fedora-usermgmt-devel
-%{?FE_USERADD_REQ}
-Requires(post):		chkconfig policycoreutils
-Requires(preun):	chkconfig initscripts policycoreutils 
-Requires(postun):	initscripts policycoreutils
-
-Provides:	group(icecream)	= 44
-Provides:	user(icecream)	= 44
-
 
 # description copied from Debian icecc package
 %description
@@ -146,11 +144,37 @@ done
 /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
 %endif
 
+
+%define saveFileContext() \
+if [ -s /etc/selinux/config ]; then \
+	. %{_sysconfdir}/selinux/config; \
+	FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
+	if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \
+		cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \
+	fi \
+fi;
+
+%define relabel() \
+. %{_sysconfdir}/selinux/config; \
+FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
+selinuxenabled; \
+if [ $? == 0  -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \
+	fixfiles -C ${FILE_CONTEXT}.%{name} restore; \
+	rm -f ${FILE_CONTEXT}.%name; \
+fi;
+
 %pre
-# https://fedoraproject.org/wiki/PackageUserRegistry
-%__fe_groupadd 44 -r icecream &>/dev/null || :
-%__fe_useradd  44 -r -s /sbin/nologin -d %{_localstatedir}/cache/icecream -M \
-	-c 'Icecream distributed compiler' -g icecream icecream &>/dev/null ||:
+%if %{with selinux}
+for selinuxvariant in %{selinux_variants}; do
+	%saveFileContext ${selinuxvariant}
+done
+%endif
+
+getent group icecream >/dev/null || groupadd -r icecream
+getent passwd icecream >/dev/null || \
+	useradd -r -g icecream -d %{_localstatedir}/cache/icecream \
+	-s /sbin/nologin -c "Icecream distributed compiler" icecream
+exit 0
 
 %post
 /sbin/ldconfig
@@ -159,16 +183,18 @@ done
 for selinuxvariant in %{selinux_variants}; do
 	semodule -s ${selinuxvariant} -i \
 		%{_datadir}/selinux/${selinuxvariant}/icecream.pp 2>/dev/null ||:
+	semanage port -a -S ${selinuxvariant} -t iceccd_port_t -p tcp 10245 2>/dev/null ||:
+	semanage port -a -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||:
+	# tcp 8765 is taken by LIRC. icecream.te knows it.
+	#semanage port -a -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||:
+	semanage port -a -S ${selinuxvariant} -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||:
+	%relabel ${selinuxvariant}
 done
-fixfiles -R %{name} restore ||:
 restorecon -R %{_localstatedir}/cache/icecream 2>/dev/null ||:
 restorecon %{_localstatedir}/log/iceccd 2>/dev/null ||:
-semanage port -a -t iceccd_port_t -p tcp 10245 2>/dev/null ||:
-semanage port -a -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||:
-semanage port -a -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||:
-semanage port -a -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||:
 %endif
 # fi
+
 /sbin/chkconfig --add iceccd
 /sbin/chkconfig --add icecc-scheduler
 exit 0
@@ -182,12 +208,12 @@ if [ "$1" -eq 0 ]; then # Final removal
 #	rm -rf %{_localstatedir}/cache/icecream
 
 %if %{with selinux}
-	semanage port -d -t iceccd_port_t -p tcp 10245 2>/dev/null ||:
-	semanage port -d -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||:
-	semanage port -d -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||:
-	semanage port -d -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||:
 	for selinuxvariant in %{selinux_variants}; do
-		semodule -s ${selinuxvariant} -r icecream 2>/dev/null ||:
+		%saveFileContext ${selinuxvariant}
+		semanage port -d -S ${selinuxvariant} -t iceccd_port_t -p tcp 10245 2>/dev/null ||:
+		semanage port -d -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||:
+		semanage port -d -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||:
+		semanage port -d -S ${selinuxvariant} -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||:
 	done
 %endif
 
@@ -200,6 +226,14 @@ if [ "$1" -ge 1 ]; then # Upgrade
 	/sbin/service iceccd condrestart > /dev/null 2>&1
 	/sbin/service icecc-scheduler condrestart > /dev/null 2>&1
 fi
+%if %{with selinux}
+if [ "$1" -eq 0 ]; then # Final removal
+	for selinuxvariant in %{selinux_variants}; do
+		semodule -s ${selinuxvariant} -r icecream 2>/dev/null ||:
+		%relabel ${selinuxvariant}
+	done
+fi
+%endif
 exit 0
 
 %clean
@@ -209,6 +243,7 @@ rm -rf %{buildroot}
 %defattr(-,root,root,-)
 %doc COPYING README NEWS TODO
 %{_bindir}/icecc
+%{_bindir}/icerun
 %dir %{_libdir}/icecc/
 %dir %{_libdir}/icecc/bin/
 %{_libdir}/icecc/bin/cc
@@ -235,6 +270,32 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/icecc.pc
 
 %changelog
+* Thu Jul 08 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-7
+- Build without SELinux only on RHEL 5.
+
+* Thu Jul 08 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-6
+- Moved away from fedora-usermgmt in favor of plain shadow-utils.
+
+* Sun Jun 13 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-5
+- Mark UDP port 8765 as icecc_scheduler_port_t.
+
+* Sat Jun 12 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-4
+- Require /usr/sbin/semanage for scriptlets. (BZ#581272)
+
+* Sat Jun 12 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-3
+- Fix incorrect handling of SELinux in the scriptlets.
+- Avoid recursive rpm invocation (fixfiles -R).
+- Fixes: BZ#581272
+
+* Thu Mar 25 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-2
+- SELinux policy fix (current selinux-policy assigns port 8765 to LIRC).
+
+* Thu Mar 25 2010 Michal Schmidt <mschmidt@redhat.com> 0.9.5-1
+- Upstream release 0.9.5.
+  - new command 'icerun': serialize possibly resource-intensive tasks
+  - minor bugfixes
+- Refreshed icecream-rename-scheduler.patch.
+
 * Mon Oct 12 2009 Michal Schmidt <mschmidt@redhat.com> 0.9.4-5
 - Fix failure to build native environment in SELinux enforcing mode.
 - 'cvs rm ...' unused patches.
diff --git a/icecream.te b/icecream.te
index 289b2fb..137eaa8 100644
--- a/icecream.te
+++ b/icecream.te
@@ -1,5 +1,5 @@
 
-policy_module(icecream,0.1.4)
+policy_module(icecream,0.1.5)
 
 ########################################
 #
@@ -107,6 +107,7 @@ corenet_udp_sendrecv_all_ports(iceccd_t)
 corenet_tcp_bind_generic_node(iceccd_t)
 allow iceccd_t iceccd_port_t:tcp_socket { name_bind };
 allow iceccd_t icecc_scheduler_port_t:tcp_socket { name_connect };
+corenet_tcp_connect_lirc_port(iceccd_t)
 
 corecmd_exec_bin(iceccd_t)
 corecmd_read_bin_symlinks(iceccd_t)
@@ -207,7 +208,9 @@ corenet_udp_sendrecv_all_ports(icecc_scheduler_t)
 corenet_tcp_bind_generic_node(icecc_scheduler_t)
 corenet_udp_bind_generic_node(icecc_scheduler_t)
 allow icecc_scheduler_t icecc_scheduler_port_t:tcp_socket { name_bind };
+corenet_tcp_bind_lirc_port(icecc_scheduler_t)
 allow icecc_scheduler_t icecc_scheduler_port_t:udp_socket { name_bind };
+corenet_udp_bind_lirc_port(icecc_scheduler_t)
 
 files_read_etc_files(icecc_scheduler_t)
 
diff --git a/sources b/sources
index cc9df79..c4662a7 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-b52192df5aa3713910fdf481dda4119e  icecc-0.9.4.tar.bz2
+9252d92faeee9fa3b40c6d26bb1ffe65  icecc-0.9.5.tar.bz2
 a3829775870d5b2b60b750a88ee835b7  icecream-manpages.tar.bz2