diff --git a/icecream.spec b/icecream.spec index 6693768..81ec931 100644 --- a/icecream.spec +++ b/icecream.spec @@ -1,6 +1,19 @@ +%bcond_without doc + +%if 0%{?fedora} +%bcond_without fedora +%bcond_without selinux +%else +%bcond_with fedora +# I'd need to modify the policy a bit to make it work on RHEL, +# so default to off when not building for Fedora. +%bcond_with selinux +%endif + + Name: icecream Version: 0.8.0 -Release: 8.20080117svn%{?dist} +Release: 10.20080117svn%{?dist} Summary: Distributed compiler Group: Development/Tools @@ -24,12 +37,15 @@ Source7: initscript-scheduler Patch0: icecream-make-it-cool.patch.bz2 Patch1: icecream-rename-scheduler.patch Patch2: icecream-cleanup-conffile.patch +Patch3: icecream-compile-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: automake autoconf libtool symlinks # To build manpages from KDE-style Docbook sources: -BuildRequires: kdelibs3 kdelibs3-devel +%{?with_doc:BuildRequires: %{!?el5:kdelibs3 kdelibs3-devel} %{?el5:kdelibs kdelibs-devel}} + +%if %{with selinux} # For SELinux protection: BuildRequires: checkpolicy selinux-policy-devel hardlink %define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp) @@ -37,8 +53,8 @@ BuildRequires: checkpolicy selinux-policy-devel hardlink Requires: selinux-policy >= %{selinux_policyver} %endif %define selinux_variants mls strict targeted +%endif -%bcond_without fedora BuildRequires: fedora-usermgmt-devel %{?FE_USERADD_REQ} Requires(post): chkconfig policycoreutils @@ -72,6 +88,7 @@ This package contains development files for %{name}. %patch0 -p1 %patch1 -p0 %patch2 -p0 +%patch3 -p1 make -f Makefile.cvs sed -e 's|@LIBDIR@|%{_libdir}|g' %{SOURCE1} > icecream.sh sed -e 's|@LIBDIR@|%{_libdir}|g' %{SOURCE2} > icecream.csh @@ -83,6 +100,8 @@ cp -p %{SOURCE6} %{SOURCE7} fedora %build %configure --disable-static --enable-shared make %{?_smp_mflags} + +%if %{with doc} pushd doc for i in man-*.docbook; do meinproc --stylesheet %{_datadir}/apps/ksgmltools2/customization/kde-man.xsl $i @@ -91,6 +110,9 @@ for i in man-*.docbook; do mv manpage.troff $manfile done popd +%endif + +%if %{with selinux} pushd SELinux for selinuxvariant in %{selinux_variants}; do make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile @@ -98,6 +120,7 @@ for selinuxvariant in %{selinux_variants}; do make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile clean done popd +%endif %install rm -rf %{buildroot} @@ -114,12 +137,14 @@ done # relativize the symlinks symlinks -cs %{buildroot}/%{_libdir}/icecc/bin +%if %{with doc} # install manpages mkdir -p %{buildroot}/%{_mandir}/man{1,7,8} mv doc/scheduler.1 doc/icecc-scheduler.1 for i in doc/*.1 doc/*.7; do install -m 644 $i %{buildroot}/%{_mandir}/man${i##*.} done +%endif # install config file and initscripts install -D -m 644 suse/sysconfig.icecream %{buildroot}/%{_sysconfdir}/sysconfig/icecream @@ -132,6 +157,7 @@ install -p -m 644 icecream.sh icecream.csh %{buildroot}/%{_sysconfdir}/profile.d # create default working dir mkdir -p %{buildroot}/%{_localstatedir}/cache/icecream +%if %{with selinux} for selinuxvariant in %{selinux_variants}; do install -d %{buildroot}/%{_datadir}/selinux/${selinuxvariant} install -p -m 644 -D SELinux/icecream.pp.${selinuxvariant} \ @@ -139,6 +165,7 @@ for selinuxvariant in %{selinux_variants}; do done # Hardlink identical policy module packages together /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux +%endif %pre # https://fedoraproject.org/wiki/PackageUserRegistry @@ -149,6 +176,7 @@ done %post /sbin/ldconfig # if [ "$1" -le 1 ]; then # First install +%if %{with selinux} for selinuxvariant in %{selinux_variants}; do semodule -s ${selinuxvariant} -i \ %{_datadir}/selinux/${selinuxvariant}/icecream.pp 2>/dev/null ||: @@ -159,6 +187,7 @@ restorecon %{_localstatedir}/log/iceccd ||: semanage port -a -t iceccd_port_t -p tcp 10245 2>/dev/null ||: semanage port -a -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||: semanage port -a -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||: +%endif # fi /sbin/chkconfig --add iceccd /sbin/chkconfig --add icecc-scheduler @@ -171,12 +200,16 @@ if [ "$1" -eq 0 ]; then # Final removal /sbin/chkconfig --del iceccd /sbin/chkconfig --del icecc-scheduler # rm -rf %{_localstatedir}/cache/icecream + +%if %{with selinux} semanage port -d -t iceccd_port_t -p tcp 10245 2>/dev/null ||: semanage port -d -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||: semanage port -d -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||: for selinuxvariant in %{selinux_variants}; do semodule -s ${selinuxvariant} -r icecream 2>/dev/null ||: done +%endif + fi exit 0 @@ -203,13 +236,13 @@ rm -rf %{buildroot} %{_libdir}/libicecc.so.* %{_sbindir}/iceccd %{_sbindir}/icecc-scheduler -%{_mandir}/man*/* %config(noreplace) %{_sysconfdir}/sysconfig/icecream %config(noreplace) %{_sysconfdir}/profile.d/icecream.*sh %{_sysconfdir}/rc.d/init.d/iceccd %{_sysconfdir}/rc.d/init.d/icecc-scheduler %{_localstatedir}/cache/icecream -%{_datadir}/selinux/*/icecream.pp +%{?with_doc:%{_mandir}/man*/*} +%{?with_selinux:%{_datadir}/selinux/*/icecream.pp} %files devel %{_includedir}/icecc/*.h @@ -217,6 +250,14 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/icecc.pc %changelog +* Sun Feb 10 2008 Michal Schmidt - 0.8.0-10.20080117svn +- Compile fix (added missing #includes). +- Conditional building of SELinux policy and documentation. +- Fix build on RHEL5. + +* Tue Jan 29 2008 Michal Schmidt - 0.8.0-9.20080117svn +- SELinux policy fixes. + * Thu Jan 17 2008 Michal Schmidt - 0.8.0-8.20080117svn - Update to current icecream-make-it-cool branch. diff --git a/icecream.te b/icecream.te index 78c6474..9aff760 100644 --- a/icecream.te +++ b/icecream.te @@ -1,5 +1,5 @@ -policy_module(icecream,0.0.35) +policy_module(icecream,0.0.36) ######################################## # @@ -72,6 +72,8 @@ allow iceccd_helper_t iceccd_log_t:file { append }; allow iceccd_helper_t self:fifo_file { read write ioctl getattr }; # needs investigating: allow iceccd_helper_t iceccd_tmp_t:file { execute }; +# rly needed? +allow iceccd_helper_t iceccd_t:udp_socket { read write }; allow iceccd_untrusted_t iceccd_t:process { sigchld }; allow iceccd_untrusted_t iceccd_t:fifo_file { write }; @@ -96,10 +98,6 @@ logging_log_filetrans(iceccd_t, iceccd_log_t, file) manage_files_pattern(iceccd_t,iceccd_var_run_t,iceccd_var_run_t) files_pid_filetrans(iceccd_t, iceccd_var_run_t, file) -# iceccd attempt to rmdir & mkdir /var/cache/icecream -# XXX: I should fix it instead. -files_dontaudit_write_var_dirs(iceccd_t) - manage_dirs_pattern(iceccd_t, iceccd_cache_t, iceccd_cache_t) manage_files_pattern(iceccd_t, iceccd_cache_t, iceccd_cache_t) @@ -154,6 +152,10 @@ manage_files_pattern(iceccd_helper_t, iceccd_tmp_t, iceccd_tmp_t) files_tmp_filetrans(iceccd_helper_t, iceccd_tmp_t, file) files_tmp_filetrans(iceccd_helper_t, iceccd_tmp_t, dir) +# to re-create /var/cache/icecream +files_var_filetrans(iceccd_t, iceccd_cache_t, dir) + +# aka domain_auto_trans domain_auto_transition_pattern(iceccd_t, iceccd_helper_exec_t, iceccd_helper_t) domain_auto_transition_pattern(iceccd_t, iceccd_cache_t, iceccd_untrusted_t) @@ -162,6 +164,3 @@ userdom_dontaudit_getattr_sysadm_home_dirs(iceccd_t) userdom_dontaudit_search_sysadm_home_dirs(iceccd_helper_t) #userdom_getattr_sysadm_home_dirs(iceccd_t) -#allow myapp_t myapp_log_t:file ra_file_perms; - -#allow myapp_t myapp_tmp_t:file manage_file_perms;