diff options
author | Martin Kosek <mkosek@redhat.com> | 2013-06-13 14:40:52 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-06-17 17:35:37 +0200 |
commit | ad6abdb576b2ebeb941eb99fd141bf78918143c1 (patch) | |
tree | c21d3ffddc79fb3b980f6353e46a7a637ef66378 /freeipa.spec.in | |
parent | 851b09183208ac90fc242dfcebff033de2757d5d (diff) | |
download | freeipa-ad6abdb576b2ebeb941eb99fd141bf78918143c1.tar.gz freeipa-ad6abdb576b2ebeb941eb99fd141bf78918143c1.tar.xz freeipa-ad6abdb576b2ebeb941eb99fd141bf78918143c1.zip |
Drop SELinux subpackage
All SELinux policy needed by FreeIPA server is now part of the global
system SELinux policy which makes the subpackage redundant and slowing
down the installation. This patch drops it.
https://fedorahosted.org/freeipa/ticket/3683
https://fedorahosted.org/freeipa/ticket/3684
Diffstat (limited to 'freeipa.spec.in')
-rw-r--r-- | freeipa.spec.in | 79 |
1 files changed, 7 insertions, 72 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 4a38e8785..caff0626b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -19,7 +19,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %if ! %{ONLY_CLIENT} BuildRequires: 389-ds-base-devel >= 1.3.0 BuildRequires: svrcore-devel -BuildRequires: /usr/share/selinux/devel/Makefile BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER} BuildRequires: systemd-units %if 0%{?fedora} >= 18 @@ -90,7 +89,6 @@ Group: System Environment/Base Requires: %{name}-python = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release} -Requires: %{name}-server-selinux = %{version}-%{release} Requires: 389-ds-base >= 1.3.0.5 Requires: openldap-clients > 2.4.35-4 %if 0%{?fedora} == 18 @@ -149,6 +147,10 @@ Requires: tar Requires(pre): certmonger >= 0.65 Requires(pre): 389-ds-base >= 1.3.0.5 +# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the +# entire SELinux policy is stored in the system policy +Obsoletes: freeipa-server-selinux < 3.3.0 + # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions # that work for us. @@ -178,22 +180,6 @@ to install this package (in other words, most people should NOT install this package). -%package server-selinux -Summary: SELinux rules for freeipa-server daemons -Group: System Environment/Base -Requires(post): %{name}-server = %{version}-%{release} -Requires(postun): %{name}-server = %{version}-%{release} -Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} - -Obsoletes: ipa-server-selinux >= 1.0 - -%description server-selinux -IPA is an integrated solution to provide centrally managed Identity (machine, -user, virtual machines, groups, authentication credentials), Policy -(configuration settings, access control information) and Audit (events, -logs, analysis thereof). This package provides SELinux rules for the -daemons included in freeipa-server - %package server-trust-ad Summary: Virtual package to install packages required for Active Directory trusts Group: System Environment/Base @@ -328,9 +314,6 @@ cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localst %if ! %{ONLY_CLIENT} make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all -cd selinux -# This isn't multi-process make capable yet -make all %else make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client %endif # ! %{ONLY_CLIENT} @@ -348,9 +331,6 @@ export SUPPORTED_PLATFORM=fedora16 rm -f ipapython/services.py %if ! %{ONLY_CLIENT} make install DESTDIR=%{buildroot} -cd selinux -make install DESTDIR=%{buildroot} -cd .. %else make client-install DESTDIR=%{buildroot} %endif # ! %{ONLY_CLIENT} @@ -497,48 +477,6 @@ if [ -e /usr/sbin/ipa_kpasswd ]; then # END fi -%pre server-selinux -if [ -s /etc/selinux/config ]; then - . %{_sysconfdir}/selinux/config - FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts - if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \ - cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name} - fi -fi - -%post server-selinux -semodule -s targeted -i /usr/share/selinux/targeted/ipa_httpd.pp /usr/share/selinux/targeted/ipa_dogtag.pp -. %{_sysconfdir}/selinux/config -FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts -selinuxenabled -if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then - fixfiles -C ${FILE_CONTEXT}.%{name} restore - rm -f ${FILE_CONTEXT}.%name -fi - -%preun server-selinux -if [ $1 = 0 ]; then -if [ -s /etc/selinux/config ]; then - . %{_sysconfdir}/selinux/config - FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts - if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \ - cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name} - fi -fi -fi - -%postun server-selinux -if [ $1 = 0 ]; then -semodule -s targeted -r ipa_httpd ipa_dogtag -. %{_sysconfdir}/selinux/config -FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts -selinuxenabled -if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then - fixfiles -C ${FILE_CONTEXT}.%{name} restore - rm -f ${FILE_CONTEXT}.%name -fi -fi - %postun server-trust-ad if [ "$1" -ge "1" ]; then if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then @@ -771,12 +709,6 @@ fi %{_mandir}/man1/ipa-backup.1.gz %{_mandir}/man1/ipa-restore.1.gz -%files server-selinux -%defattr(-,root,root,-) -%doc COPYING README Contributors.txt -%{_usr}/share/selinux/targeted/ipa_httpd.pp -%{_usr}/share/selinux/targeted/ipa_dogtag.pp - %files server-trust-ad %{_sbindir}/ipa-adtrust-install %attr(755,root,root) %{plugin_dir}/libipa_extdom_extop.so @@ -848,6 +780,9 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Thu Jun 13 2013 Martin Kosek <mkosek@redhat.com> - 3.2.99-1 +- Drop freeipa-server-selinux subpackage + * Fri May 10 2013 Martin Kosek <mkosek@redhat.com> - 3.1.99-13 - Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON behavior for socket based connections (#960222) |