Drop SELinux subpackage

All SELinux policy needed by FreeIPA server is now part of the global
system SELinux policy which makes the subpackage redundant and slowing
down the installation. This patch drops it.

https://fedorahosted.org/freeipa/ticket/3683
https://fedorahosted.org/freeipa/ticket/3684

1 files changed, 7 insertions, 72 deletions

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 4a38e8785..caff0626b 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -19,7 +19,6 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 %if ! %{ONLY_CLIENT}
 BuildRequires:  389-ds-base-devel >= 1.3.0
 BuildRequires:  svrcore-devel
-BuildRequires:  /usr/share/selinux/devel/Makefile
 BuildRequires:  policycoreutils >= %{POLICYCOREUTILSVER}
 BuildRequires:  systemd-units
 %if 0%{?fedora} >= 18
@@ -90,7 +89,6 @@ Group: System Environment/Base
 Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
-Requires: %{name}-server-selinux = %{version}-%{release}
 Requires: 389-ds-base >= 1.3.0.5
 Requires: openldap-clients > 2.4.35-4
 %if 0%{?fedora} == 18
@@ -149,6 +147,10 @@ Requires: tar
 Requires(pre): certmonger >= 0.65
 Requires(pre): 389-ds-base >= 1.3.0.5
 
+# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
+# entire SELinux policy is stored in the system policy
+Obsoletes: freeipa-server-selinux < 3.3.0
+
 # We have a soft-requires on bind. It is an optional part of
 # IPA but if it is configured we need a way to require versions
 # that work for us.
@@ -178,22 +180,6 @@ to install this package (in other words, most people should NOT install
 this package).
 
 
-%package server-selinux
-Summary: SELinux rules for freeipa-server daemons
-Group: System Environment/Base
-Requires(post): %{name}-server = %{version}-%{release}
-Requires(postun): %{name}-server = %{version}-%{release}
-Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
-
-Obsoletes: ipa-server-selinux >= 1.0
-
-%description server-selinux
-IPA is an integrated solution to provide centrally managed Identity (machine,
-user, virtual machines, groups, authentication credentials), Policy
-(configuration settings, access control information) and Audit (events,
-logs, analysis thereof). This package provides SELinux rules for the
-daemons included in freeipa-server
-
 %package server-trust-ad
 Summary: Virtual package to install packages required for Active Directory trusts
 Group: System Environment/Base
@@ -328,9 +314,6 @@ cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localst
 
 %if ! %{ONLY_CLIENT}
 make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all
-cd selinux
-# This isn't multi-process make capable yet
-make all
 %else
 make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client
 %endif  # ! %{ONLY_CLIENT}
@@ -348,9 +331,6 @@ export SUPPORTED_PLATFORM=fedora16
 rm -f ipapython/services.py
 %if ! %{ONLY_CLIENT}
 make install DESTDIR=%{buildroot}
-cd selinux
-make install DESTDIR=%{buildroot}
-cd ..
 %else
 make client-install DESTDIR=%{buildroot}
 %endif  # ! %{ONLY_CLIENT}
@@ -497,48 +477,6 @@ if [ -e /usr/sbin/ipa_kpasswd ]; then
 # END
 fi
 
-%pre server-selinux
-if [ -s /etc/selinux/config ]; then
-       . %{_sysconfdir}/selinux/config
-       FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
-       if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
-               cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
-       fi
-fi
-
-%post server-selinux
-semodule -s targeted -i /usr/share/selinux/targeted/ipa_httpd.pp /usr/share/selinux/targeted/ipa_dogtag.pp
-. %{_sysconfdir}/selinux/config
-FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
-selinuxenabled
-if [ $? == 0  -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
-       fixfiles -C ${FILE_CONTEXT}.%{name} restore
-       rm -f ${FILE_CONTEXT}.%name
-fi
-
-%preun server-selinux
-if [ $1 = 0 ]; then
-if [ -s /etc/selinux/config ]; then
-       . %{_sysconfdir}/selinux/config
-       FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
-       if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
-               cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
-       fi
-fi
-fi
-
-%postun server-selinux
-if [ $1 = 0 ]; then
-semodule -s targeted -r ipa_httpd ipa_dogtag
-. %{_sysconfdir}/selinux/config
-FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
-selinuxenabled
-if [ $? == 0  -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
-       fixfiles -C ${FILE_CONTEXT}.%{name} restore
-       rm -f ${FILE_CONTEXT}.%name
-fi
-fi
-
 %postun server-trust-ad
 if [ "$1" -ge "1" ]; then
 	if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then
@@ -771,12 +709,6 @@ fi
 %{_mandir}/man1/ipa-backup.1.gz
 %{_mandir}/man1/ipa-restore.1.gz
 
-%files server-selinux
-%defattr(-,root,root,-)
-%doc COPYING README Contributors.txt
-%{_usr}/share/selinux/targeted/ipa_httpd.pp
-%{_usr}/share/selinux/targeted/ipa_dogtag.pp
-
 %files server-trust-ad
 %{_sbindir}/ipa-adtrust-install
 %attr(755,root,root) %{plugin_dir}/libipa_extdom_extop.so
@@ -848,6 +780,9 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Thu Jun 13 2013 Martin Kosek <mkosek@redhat.com> - 3.2.99-1
+- Drop freeipa-server-selinux subpackage
+
 * Fri May 10 2013 Martin Kosek <mkosek@redhat.com> - 3.1.99-13
 - Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON behavior for
   socket based connections (#960222)