diff options
Diffstat (limited to 'pki/dogtag/selinux')
-rwxr-xr-x | pki/dogtag/selinux/build_dogtag | 82 | ||||
-rw-r--r-- | pki/dogtag/selinux/pki-selinux.spec | 86 |
2 files changed, 168 insertions, 0 deletions
diff --git a/pki/dogtag/selinux/build_dogtag b/pki/dogtag/selinux/build_dogtag new file mode 100755 index 000000000..3bdc65efb --- /dev/null +++ b/pki/dogtag/selinux/build_dogtag @@ -0,0 +1,82 @@ +#!/bin/bash +# BEGIN COPYRIGHT BLOCK +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# (C) 2007 Red Hat, Inc. +# All rights reserved. +# END COPYRIGHT BLOCK + +# Always switch into the base directory of this +# shell script prior to executing it so that all +# of its output is written to this directory +cd `dirname $0` + +# Retrieve the directory name housing this component +PWD=`pwd` + +# Set Dogtag component-specific environment variables +DOGTAG_BUILD_SCRIPT=`basename $0` +export DOGTAG_BUILD_SCRIPT +DOGTAG_COMPONENT=`basename ${PWD}` +export DOGTAG_COMPONENT +DOGTAG_SPECFILE="pki-selinux.spec" +export DOGTAG_SPECFILE + +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="selinux" +export PKI_PRODUCT +PKI_VERSION="9.0.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + +# Invoke the shared Dogtag PKI build script +config-ext/build_dogtag_pki $@ + diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec new file mode 100644 index 000000000..a1d50a1ba --- /dev/null +++ b/pki/dogtag/selinux/pki-selinux.spec @@ -0,0 +1,86 @@ +Name: pki-selinux +Version: 9.0.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Selinux Policies +URL: https://pki.fedoraproject.org/ +License: GPLv2 +Group: System Environment/Base + +BuildArch: noarch + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: ant +BuildRequires: m4 +BuildRequires: make +BuildRequires: policycoreutils +BuildRequires: selinux-policy-devel + +Requires: policycoreutils +Requires: selinux-policy-targeted + +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz + +%description +Selinux policies for the Pubic Key Infrastructure (PKI) components. + +%prep + +%setup -q -n %{name}-%{version} + +%build +cd src +make + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}%{_datadir}/selinux/modules +cp -p src/pki.pp %{buildroot}%{_datadir}/selinux/modules + +%clean +rm -rf %{buildroot} + +%define saveFileContext() \ +if [ -s /etc/selinux/config ]; then \ + . %{_sysconfdir}/selinux/config; \ + FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ + if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \ + cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \ + fi \ +fi; + +%define relabel() \ +. %{_sysconfdir}/selinux/config; \ +FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ +selinuxenabled; \ +if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \ + fixfiles -C ${FILE_CONTEXT}.%{name} restore; \ + rm -f ${FILE_CONTEXT}.%name; \ +fi; + +%pre +%saveFileContext targeted + +%post +semodule -s targeted -i %{_datadir}/selinux/modules/pki.pp +%relabel targeted + +%preun +if [ $1 = 0 ]; then + %saveFileContext targeted +fi + +%postun +if [ $1 = 0 ]; then + semodule -s targeted -r pki + %relabel targeted +fi + +%files +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/selinux/modules/pki.pp + +%changelog +* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 +- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0. |