diff --git a/icecream.spec b/icecream.spec index 5f43c1f..18ef4a0 100644 --- a/icecream.spec +++ b/icecream.spec @@ -11,7 +11,7 @@ Name: icecream Version: 0.9.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Distributed compiler Group: Development/Tools @@ -148,7 +148,32 @@ done /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux %endif + +%define saveFileContext() \ +if [ -s /etc/selinux/config ]; then \ + . %{_sysconfdir}/selinux/config; \ + FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ + if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \ + cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \ + fi \ +fi; + +%define relabel() \ +. %{_sysconfdir}/selinux/config; \ +FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ +selinuxenabled; \ +if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \ + fixfiles -C ${FILE_CONTEXT}.%{name} restore; \ + rm -f ${FILE_CONTEXT}.%name; \ +fi; + %pre +%if %{with selinux} +for selinuxvariant in %{selinux_variants}; do + %saveFileContext ${selinuxvariant} +done +%endif + # https://fedoraproject.org/wiki/PackageUserRegistry %__fe_groupadd 44 -r icecream &>/dev/null || : %__fe_useradd 44 -r -s /sbin/nologin -d %{_localstatedir}/cache/icecream -M \ @@ -161,16 +186,17 @@ done for selinuxvariant in %{selinux_variants}; do semodule -s ${selinuxvariant} -i \ %{_datadir}/selinux/${selinuxvariant}/icecream.pp 2>/dev/null ||: + semanage port -a -S ${selinuxvariant} -t iceccd_port_t -p tcp 10245 2>/dev/null ||: + semanage port -a -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||: + #semanage port -a -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||: + #semanage port -a -S ${selinuxvariant} -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||: + %relabel ${selinuxvariant} done -fixfiles -R %{name} restore ||: restorecon -R %{_localstatedir}/cache/icecream 2>/dev/null ||: restorecon %{_localstatedir}/log/iceccd 2>/dev/null ||: -semanage port -a -t iceccd_port_t -p tcp 10245 2>/dev/null ||: -#semanage port -a -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||: -semanage port -a -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||: -#semanage port -a -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||: %endif # fi + /sbin/chkconfig --add iceccd /sbin/chkconfig --add icecc-scheduler exit 0 @@ -184,12 +210,12 @@ if [ "$1" -eq 0 ]; then # Final removal # rm -rf %{_localstatedir}/cache/icecream %if %{with selinux} - semanage port -d -t iceccd_port_t -p tcp 10245 2>/dev/null ||: - semanage port -d -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||: - semanage port -d -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||: - semanage port -d -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||: for selinuxvariant in %{selinux_variants}; do - semodule -s ${selinuxvariant} -r icecream 2>/dev/null ||: + %saveFileContext ${selinuxvariant} + semanage port -d -S ${selinuxvariant} -t iceccd_port_t -p tcp 10245 2>/dev/null ||: + semanage port -d -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||: + semanage port -d -S ${selinuxvariant} -t icecc_scheduler_port_t -p tcp 8766 2>/dev/null ||: + semanage port -d -S ${selinuxvariant} -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||: done %endif @@ -202,6 +228,14 @@ if [ "$1" -ge 1 ]; then # Upgrade /sbin/service iceccd condrestart > /dev/null 2>&1 /sbin/service icecc-scheduler condrestart > /dev/null 2>&1 fi +%if %{with selinux} +if [ "$1" -eq 0 ]; then # Final removal + for selinuxvariant in %{selinux_variants}; do + semodule -s ${selinuxvariant} -r icecream 2>/dev/null ||: + %relabel ${selinuxvariant} + done +fi +%endif exit 0 %clean @@ -238,6 +272,11 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/icecc.pc %changelog +* Sat Jun 12 2010 Michal Schmidt 0.9.5-3 +- Fix incorrect handling of SELinux in the scriptlets. +- Avoid recursive rpm invocation (fixfiles -R). +- Fixes: BZ#581272 + * Thu Mar 25 2010 Michal Schmidt 0.9.5-2 - SELinux policy fix (current selinux-policy assigns port 8765 to LIRC).