Enhanced compose scripts to download patches

Added platform-dependent patches for SELinux component
Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)

12 files changed, 310 insertions, 54 deletions

diff --git a/pki/patches/pki-core-selinux-f16.patch b/pki/patches/pki-core-selinux-f16.patch
new file mode 100644
index 000000000..6866033dc
--- /dev/null
+++ b/pki/patches/pki-core-selinux-f16.patch
@@ -0,0 +1,23 @@
+diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
+index 0709176..9a35184 100644
+--- a/pki/base/selinux/src/pki.if
++++ b/pki/base/selinux/src/pki.if
+@@ -193,7 +193,7 @@ template(`pki_ca_template',`
+         corenet_tcp_connect_ldap_port($1_t)
+
+         # tomcat connects to ephemeral ports on shutdown
+-        corenet_tcp_connect_all_unreserved_ports($1_t)
++        corenet_tcp_connect_all_ephemeral_ports($1_t)
+
+         optional_policy(`
+             #This is broken in selinux-policy we need java_exec defined, Will add to policy
+diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
+index 7f6e657..dab02d4 100644
+--- a/pki/base/selinux/src/pki.te
++++ b/pki/base/selinux/src/pki.te
+@@ -1,4 +1,4 @@
+-policy_module(pki,10.0.2)
++policy_module(pki,10.0.3)
+
+ attribute pki_ca_config;
+ attribute pki_ca_executable;
diff --git a/pki/patches/pki-core-selinux-f17.patch b/pki/patches/pki-core-selinux-f17.patch
new file mode 100644
index 000000000..465c95fe2
--- /dev/null
+++ b/pki/patches/pki-core-selinux-f17.patch
@@ -0,0 +1,35 @@
+diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if
+index 0709176..20dfc17 100644
+--- a/pki/base/selinux/src/pki.if
++++ b/pki/base/selinux/src/pki.if
+@@ -206,6 +206,20 @@ template(`pki_ca_template',`
+         optional_policy(`
+             unconfined_domain($1_script_t)
+         ')
++
++        # tomcat6 init scripts do runuser and touch lockfile
++        allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override };
++        allow $1_t self:netlink_audit_socket { nlmsg_relay create read write };
++        consoletype_exec($1_t)
++        fs_read_hugetlbfs_files($1_t)
++        hostname_exec($1_t)
++        kernel_read_kernel_sysctls($1_t)
++
++        # java (mislabeled as lib_t?) calls build_classpath
++        libs_exec_lib_files($1_t)
++
++        selinux_get_enforce_mode($1_t)
++
+ ')
+ 
+ ########################################
+diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te
+index 7f6e657..dab02d4 100644
+--- a/pki/base/selinux/src/pki.te
++++ b/pki/base/selinux/src/pki.te
+@@ -1,4 +1,4 @@
+-policy_module(pki,10.0.2)
++policy_module(pki,10.0.3)
+ 
+ attribute pki_ca_config;
+ attribute pki_ca_executable;
diff --git a/pki/scripts/build_dogtag_pki b/pki/scripts/build_dogtag_pki
index 7e0de05fc..f2c171fbb 100755
--- a/pki/scripts/build_dogtag_pki
+++ b/pki/scripts/build_dogtag_pki
@@ -169,7 +169,7 @@ ${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_COMMON_THEME} ${PKI_CA_THEME} ${
 
 # Compose and install 'pki-core' packages
 cd ${PKI_PWD}
-${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_CORE_PACKAGES} rpms
+${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_CORE_PACKAGES} hybrid_rpms
 mv ${PKI_PACKAGES_DIR} ${PKI_CORE_PACKAGES_DIR}
 cd ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR}
 mkdir -p ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR}/${COMBINED}
diff --git a/pki/scripts/compose_dogtag_pki_theme_packages b/pki/scripts/compose_dogtag_pki_theme_packages
index 7a236d774..4eefe240d 100755
--- a/pki/scripts/compose_dogtag_pki_theme_packages
+++ b/pki/scripts/compose_dogtag_pki_theme_packages
@@ -101,8 +101,22 @@ rm -f  ${DOGTAG_PKI_THEME_SRPMS_DIR}/${DOGTAG_PKI_THEME}-${DOGTAG_PKI_THEME_VERS
 cp -p ${PKI_SPECS_FILE} ${DOGTAG_PKI_THEME_SPECS_DIR}
 
 
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
-	Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${DOGTAG_PKI_THEME_SOURCES_DIR}
+##
+## If specified, copy all Patches from the spec file URL to SOURCES
+##
+
+if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then
+	Fetch_Patch_Files ${PKI_SPECS_FILE} ${DOGTAG_PKI_THEME_SOURCES_DIR}
+fi
+
+
+##
+## Copy the specified Source Tarball from the spec file URL to SOURCES, or
+## Generate a fresh Source Tarball from the local source
+##
+
+if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then
+	Fetch_Source_Tarball ${PKI_SPECS_FILE} ${DOGTAG_PKI_THEME_SOURCES_DIR}
 else
 	##
 	## Always start with a new 'dogtag-pki' staging directory
diff --git a/pki/scripts/compose_functions b/pki/scripts/compose_functions
index ac03bc32a..22c128df1 100644
--- a/pki/scripts/compose_functions
+++ b/pki/scripts/compose_functions
@@ -49,9 +49,6 @@ export PKI_BASE_DIR
 PKI_DOGTAG_DIR="${PKI_DIR}/dogtag"
 export PKI_DOGTAG_DIR
 
-PKI_PATCHES_DIR="${PKI_DIR}/patches"
-export PKI_PATCHES_DIR
-
 PKI_FILE_LIST="CMakeLists.txt COPYING CPackConfig.cmake ConfigureChecks.cmake DefineOptions.cmake README cmake_uninstall.cmake.in config.h.cmake"
 export PKI_FILE_LIST
 
@@ -74,40 +71,127 @@ Usage()
 	printf "\n"
 	printf "Usage:  $0 <target>\n\n"
 	printf "        where <target> is one of the following:\n\n"
-	printf "            srpm         - produces tarball, spec, and SRPM\n"
+	printf "            srpm         - copies a spec file from local source,\n"
+	printf "                           generates a tarball from local source, "
+	printf "and\n"
+	printf "                           produces an SRPM\n"
+	printf "                           [suitable for use by 'mock']\n\n"
+	printf "            rpms         - copies a spec file from local source,\n"
+	printf "                           generates a tarball from local source, "
+	printf "and\n"
+	printf "                           produces an SRPM and one or more RPMS\n"
+	printf "                           ${MESSAGE}\n\n"
+	printf "            hybrid_srpm  - copies a spec file from local source,\n"
+	printf "                           generates a tarball from local source,\n"
+	printf "                           fetches patches from the spec's URL, "
+	printf "and\n"
+	printf "                           produces an SRPM\n"
 	printf "                           [suitable for use by 'mock']\n\n"
-	printf "            rpms         - produces tarball, spec, SRPM, and\n"
-	printf "                           RPMS(S)\n"
+	printf "            hybrid_rpms  - copies a spec file from local source,\n"
+	printf "                           generates a tarball from local source,\n"
+	printf "                           fetches all patches from the spec's URL,"
+	printf " and\n"
+	printf "                           produces an SRPM and one or more RPMS\n"
 	printf "                           ${MESSAGE}\n\n"
-	printf "            patched_srpm - copies tarball, patches, and spec\n"
-	printf "                           to produce an SRPM\n"
+	printf "            patched_srpm - copies a spec file from local source,\n"
+	printf "                           fetches a tarball from the spec's URL,\n"
+	printf "                           fetches all patches from the spec's URL,"
+	printf " and\n"
+	printf "                           produces an SRPM\n"
 	printf "                           [suitable for use by 'mock']\n\n"
-	printf "            patched_rpms - copies tarball, patches, and spec\n"
-	printf "                           to produce an SRPM and RPM(s)\n"
+	printf "            patched_rpms - copies a spec file from local source,\n"
+	printf "                           fetches a tarball from the spec's URL,\n"
+	printf "                           fetches all patches from the spec's URL,"
+	printf " and\n"
+	printf "                           produces an SRPM and one or more RPMS\n"
 	printf "                           ${MESSAGE}\n\n"
 }
 
 
 ##
-## Copy Specified Source Tarball and Patches to SOURCES
+## Copy Specified Patches to SOURCES
 ##
-Retrieve_Source_Tarball_and_Patches()
+Fetch_Patch_Files()
 {
-	if [ $# -ne 3 ] ; then
+	if [ $# -ne 2 ] ; then
 		Usage
 		exit 255
 	fi
 
 	SPECFILE=$1
-	PATCHES_DIR=$2
-	TARGET_DIR=$3
+	TARGET_DIR=$2
 
 	if [ ! -f ${SPECFILE} ] ; then
 		printf "ERROR:  '${SPECFILE}' is missing!\n\n"
 		Usage
 		exit 255
-	elif [ ! -d ${PATCHES_DIR} ] ; then
-		printf "ERROR:  '${PATCHES_DIR}' does NOT exist!\n\n"
+	elif [ ! -d ${TARGET_DIR} ] ; then
+		printf "ERROR:  '${TARGET_DIR}' does NOT exist!\n\n"
+		Usage
+		exit 255
+	fi
+
+	component_name_marker="Name"
+	component_version_marker="Version"
+	component_source_marker="Source"
+	component_patch_marker="Patch"
+
+	component_name=""
+	component_version=""
+	component_source=""
+	component_url=""
+	component_patch=""
+
+	exec < ${SPECFILE}
+	while read line; do
+		entry=`echo $line | cut -d: -f 1`
+		if [ "${entry:0:4}" = "${component_name_marker}" ] ; then
+			component_name=`echo $line | cut -d' ' -f 2`
+		elif [ "${entry:0:7}" = "${component_version_marker}" ] ; then
+			component_version=`echo $line | cut -d' ' -f 2`
+		elif [ "${entry:0:6}" = "${component_source_marker}" ] ; then
+			value=`echo $line | cut -d' ' -f 2`
+			component_source=`echo $value | sed -e "s/\%{name}/${component_name}/g" -e "s/\%{version}/${component_version}/g"`
+			component_url=`dirname ${component_source}`
+		elif [ "${entry:0:5}" = "${component_patch_marker}" ] ; then
+            if [ ${component_url} != "" ] ; then
+				value=`echo $line | cut -d' ' -f 2`
+				component_patch=${component_url}"/"`echo $value | sed -e "s/\%{name}/${component_name}/g" -e "s/\%{version}/${component_version}/g"`
+				wget -q -O ${TARGET_DIR}/`basename ${component_patch}` ${component_patch}
+				if [ $? -ne 0 ] ; then
+					printf "ERROR:  Failed to download '${component_patch}'!\n\n"
+					Usage
+					exit 255
+				elif [ ! -f ${TARGET_DIR}/`basename ${component_patch}` ] ; then
+					printf "ERROR:  Failed to save '${TARGET_DIR}/`basename ${component_patch}`'!\n\n"
+					Usage
+					exit 255
+				fi
+			else
+				printf "ERROR:  '${component_source_marker}' MUST be specified PRIOR to '${component_patch_marker}'!\n\n"
+				Usage
+				exit 255
+			fi
+		fi
+	done
+}
+
+
+##
+## Copy Specified Source Tarball to SOURCES
+##
+Fetch_Source_Tarball()
+{
+	if [ $# -ne 2 ] ; then
+		Usage
+		exit 255
+	fi
+
+	SPECFILE=$1
+	TARGET_DIR=$2
+
+	if [ ! -f ${SPECFILE} ] ; then
+		printf "ERROR:  '${SPECFILE}' is missing!\n\n"
 		Usage
 		exit 255
 	elif [ ! -d ${TARGET_DIR} ] ; then
@@ -119,12 +203,10 @@ Retrieve_Source_Tarball_and_Patches()
 	component_name_marker="Name"
 	component_version_marker="Version"
 	component_tarball_marker="Source"
-	component_patch_marker="Patch"
 
 	component_name=""
 	component_version=""
 	component_tarball=""
-	component_patch=""
 
 	exec < ${SPECFILE}
 	while read line; do
@@ -146,21 +228,6 @@ Retrieve_Source_Tarball_and_Patches()
 				Usage
 				exit 255
 			fi
-		elif [ "${entry:0:5}" = "${component_patch_marker}" ] ; then
-			value=`echo $line | cut -d' ' -f 2`
-			component_patch=`echo $value | sed -e "s/\%{name}/${component_name}/g" -e "s/\%{version}/${component_version}/g"`
-			if [ -f ${PATCHES_DIR}/${component_patch} ] ; then
-				cp -p ${PATCHES_DIR}/${component_patch} ${TARGET_DIR}
-				if [ ! -f ${TARGET_DIR}/${component_patch} ] ; then
-					printf "ERROR:  Failed to copy '${component_patch}'!\n\n"
-					Usage
-					exit 255
-				fi
-			else
-				printf "ERROR:  Failed to find '${component_patch}'!\n\n"
-				Usage
-				exit 255
-			fi
 		fi
 	done
 }
@@ -177,16 +244,28 @@ fi
 
 if	[ $1 = "srpm" ] ; then
 	RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -bs"
-	USE_PATCH_FILES=0
+	FETCH_SOURCE_TARBALL=0
+	FETCH_PATCH_FILES=0
+elif [ $1 = "hybrid_srpm" ] ; then
+	RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -bs"
+	FETCH_SOURCE_TARBALL=0
+	FETCH_PATCH_FILES=1
 elif [ $1 = "patched_srpm" ] ; then
 	RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -bs"
-	USE_PATCH_FILES=1
+	FETCH_SOURCE_TARBALL=1
+	FETCH_PATCH_FILES=1
 elif [ $1 = "rpms" ] ; then
 	RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -ba"
-	USE_PATCH_FILES=0
+	FETCH_SOURCE_TARBALL=0
+	FETCH_PATCH_FILES=0
+elif [ $1 = "hybrid_rpms" ] ; then
+	RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -ba"
+	FETCH_SOURCE_TARBALL=0
+	FETCH_PATCH_FILES=1
 elif [ $1 = "patched_rpms" ] ; then
 	RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -ba"
-	USE_PATCH_FILES=1
+	FETCH_SOURCE_TARBALL=1
+	FETCH_PATCH_FILES=1
 else
 	Usage
 	exit 255
diff --git a/pki/scripts/compose_ipa_pki_theme_packages b/pki/scripts/compose_ipa_pki_theme_packages
index e52cb7931..f2ef9042b 100755
--- a/pki/scripts/compose_ipa_pki_theme_packages
+++ b/pki/scripts/compose_ipa_pki_theme_packages
@@ -101,8 +101,22 @@ rm -f  ${IPA_PKI_THEME_SRPMS_DIR}/${IPA_PKI_THEME}-${IPA_PKI_THEME_VERSION}*.rpm
 cp -p ${PKI_SPECS_FILE} ${IPA_PKI_THEME_SPECS_DIR}
 
 
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
-	Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${IPA_PKI_THEME_SOURCES_DIR}
+##
+## If specified, copy all Patches from the spec file URL to SOURCES
+##
+
+if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then
+	Fetch_Patch_Files ${PKI_SPECS_FILE} ${IPA_PKI_THEME_SOURCES_DIR}
+fi
+
+
+##
+## Copy the specified Source Tarball from the spec file URL to SOURCES, or
+## Generate a fresh Source Tarball from the local source
+##
+
+if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then
+	Fetch_Source_Tarball ${PKI_SPECS_FILE} ${IPA_PKI_THEME_SOURCES_DIR}
 else
 	##
 	## Always start with a new 'ipa-pki' staging directory
diff --git a/pki/scripts/compose_pki_console_packages b/pki/scripts/compose_pki_console_packages
index 14f907036..a163525c3 100755
--- a/pki/scripts/compose_pki_console_packages
+++ b/pki/scripts/compose_pki_console_packages
@@ -100,8 +100,22 @@ rm -f  ${PKI_CONSOLE_SRPMS_DIR}/${PKI_CONSOLE}-${PKI_CONSOLE_VERSION}*.rpm
 cp -p ${PKI_SPECS_FILE} ${PKI_CONSOLE_SPECS_DIR}
 
 
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
-	Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_CONSOLE_SOURCES_DIR}
+##
+## If specified, copy all Patches from the spec file URL to SOURCES
+##
+
+if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then
+	Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_CONSOLE_SOURCES_DIR}
+fi
+
+
+##
+## Copy the specified Source Tarball from the spec file URL to SOURCES, or
+## Generate a fresh Source Tarball from the local source
+##
+
+if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then
+	Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_CONSOLE_SOURCES_DIR}
 else
 	##
 	## Always start with a new 'pki-console' staging directory
diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages
index 2af796054..f45c691ce 100755
--- a/pki/scripts/compose_pki_core_packages
+++ b/pki/scripts/compose_pki_core_packages
@@ -100,8 +100,22 @@ rm -f  ${PKI_CORE_SRPMS_DIR}/${PKI_CORE}-${PKI_CORE_VERSION}*.rpm
 cp -p ${PKI_SPECS_FILE} ${PKI_CORE_SPECS_DIR}
 
 
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
-	Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_CORE_SOURCES_DIR}
+##
+## If specified, copy all Patches from the spec file URL to SOURCES
+##
+
+if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then
+	Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_CORE_SOURCES_DIR}
+fi
+
+
+##
+## Copy the specified Source Tarball from the spec file URL to SOURCES, or
+## Generate a fresh Source Tarball from the local source
+##
+
+if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then
+	Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_CORE_SOURCES_DIR}
 else
 	##
 	## Always start with a new 'pki-core' staging directory
diff --git a/pki/scripts/compose_pki_migrate_packages b/pki/scripts/compose_pki_migrate_packages
index a5d3e26d7..39789f897 100755
--- a/pki/scripts/compose_pki_migrate_packages
+++ b/pki/scripts/compose_pki_migrate_packages
@@ -100,8 +100,22 @@ rm -f  ${PKI_MIGRATE_SRPMS_DIR}/${PKI_MIGRATE}-${PKI_MIGRATE_VERSION}*.rpm
 cp -p ${PKI_SPECS_FILE} ${PKI_MIGRATE_SPECS_DIR}
 
 
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
-	Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_MIGRATE_SOURCES_DIR}
+##
+## If specified, copy all Patches from the spec file URL to SOURCES
+##
+
+if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then
+	Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_MIGRATE_SOURCES_DIR}
+fi
+
+
+##
+## Copy the specified Source Tarball from the spec file URL to SOURCES, or
+## Generate a fresh Source Tarball from the local source
+##
+
+if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then
+	Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_MIGRATE_SOURCES_DIR}
 else
 	##
 	## Always start with a new 'pki-migrate' staging directory
diff --git a/pki/scripts/compose_pki_ra_packages b/pki/scripts/compose_pki_ra_packages
index 5e7626f88..b5ff90f03 100755
--- a/pki/scripts/compose_pki_ra_packages
+++ b/pki/scripts/compose_pki_ra_packages
@@ -100,8 +100,22 @@ rm -f  ${PKI_RA_SRPMS_DIR}/${PKI_RA}-${PKI_RA_VERSION}*.rpm
 cp -p ${PKI_SPECS_FILE} ${PKI_RA_SPECS_DIR}
 
 
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
-	Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_RA_SOURCES_DIR}
+##
+## If specified, copy all Patches from the spec file URL to SOURCES
+##
+
+if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then
+	Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_RA_SOURCES_DIR}
+fi
+
+
+##
+## Copy the specified Source Tarball from the spec file URL to SOURCES, or
+## Generate a fresh Source Tarball from the local source
+##
+
+if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then
+	Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_RA_SOURCES_DIR}
 else
 	##
 	## Always start with a new 'pki-ra' staging directory
diff --git a/pki/scripts/compose_pki_tps_packages b/pki/scripts/compose_pki_tps_packages
index c84f94d13..eb7738641 100755
--- a/pki/scripts/compose_pki_tps_packages
+++ b/pki/scripts/compose_pki_tps_packages
@@ -100,8 +100,22 @@ rm -f  ${PKI_TPS_SRPMS_DIR}/${PKI_TPS}-${PKI_TPS_VERSION}*.rpm
 cp -p ${PKI_SPECS_FILE} ${PKI_TPS_SPECS_DIR}
 
 
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
-	Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_TPS_SOURCES_DIR}
+##
+## If specified, copy all Patches from the spec file URL to SOURCES
+##
+
+if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then
+	Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_TPS_SOURCES_DIR}
+fi
+
+
+##
+## Copy the specified Source Tarball from the spec file URL to SOURCES, or
+## Generate a fresh Source Tarball from the local source
+##
+
+if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then
+	Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_TPS_SOURCES_DIR}
 else
 	##
 	## Always start with a new 'pki-tps' staging directory
diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec
index e5fead454..086f3829a 100644
--- a/pki/specs/pki-core.spec
+++ b/pki/specs/pki-core.spec
@@ -7,7 +7,7 @@
 
 Name:             pki-core
 Version:          10.0.0
-Release:          %{?relprefix}3%{?prerel}%{?dist}
+Release:          %{?relprefix}5%{?prerel}%{?dist}
 Summary:          Certificate System - PKI Core Components
 URL:              http://pki.fedoraproject.org/
 License:          GPLv2
@@ -64,6 +64,14 @@ BuildRequires:    tomcatjss >= 2.0.0
 
 Source0:          http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz
 
+%if 0%{?fedora} >= 17
+Patch0:	          %{name}-selinux-f17.patch
+%else
+%if 0%{?fedora} >= 16
+Patch0:	          %{name}-selinux-f16.patch
+%endif
+%endif
+
 %if 0%{?rhel}
 ExcludeArch:      ppc ppc64 s390 s390x
 %endif
@@ -651,6 +659,13 @@ This package is a part of the PKI Core used by the Certificate System.
 
 %setup -q -n %{name}-%{version}%{?prerel}
 
+%if 0%{?fedora} >= 17
+%patch0 -p2 -b .p0
+%else
+%if 0%{?fedora} >= 16
+%patch0 -p2 -b .p0
+%endif
+%endif
 
 %clean
 %{__rm} -rf %{buildroot}
@@ -1218,6 +1233,12 @@ fi
 
 
 %changelog
+* Tue Feb 28 2012 Ade Lee <alee@redhat.com> 10.0.0-0.5.a1
+- 'pki-selinux'
+-      Added platform-dependent patches for SELinux component
+-      Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
+-      Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
+
 * Wed Feb 23 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.4.a1
 - Added dependency on Apache Commons Codec.