From a0824523105996829fa750f26a74bce6be3fbae0 Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Tue, 28 Feb 2012 17:46:59 -0800 Subject: Enhanced compose scripts to download patches Added platform-dependent patches for SELinux component Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17) --- pki/patches/pki-core-selinux-f16.patch | 23 ++++ pki/patches/pki-core-selinux-f17.patch | 35 ++++++ pki/scripts/build_dogtag_pki | 2 +- pki/scripts/compose_dogtag_pki_theme_packages | 18 ++- pki/scripts/compose_functions | 155 +++++++++++++++++++------- pki/scripts/compose_ipa_pki_theme_packages | 18 ++- pki/scripts/compose_pki_console_packages | 18 ++- pki/scripts/compose_pki_core_packages | 18 ++- pki/scripts/compose_pki_migrate_packages | 18 ++- pki/scripts/compose_pki_ra_packages | 18 ++- pki/scripts/compose_pki_tps_packages | 18 ++- pki/specs/pki-core.spec | 23 +++- 12 files changed, 310 insertions(+), 54 deletions(-) create mode 100644 pki/patches/pki-core-selinux-f16.patch create mode 100644 pki/patches/pki-core-selinux-f17.patch diff --git a/pki/patches/pki-core-selinux-f16.patch b/pki/patches/pki-core-selinux-f16.patch new file mode 100644 index 000000000..6866033dc --- /dev/null +++ b/pki/patches/pki-core-selinux-f16.patch @@ -0,0 +1,23 @@ +diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if +index 0709176..9a35184 100644 +--- a/pki/base/selinux/src/pki.if ++++ b/pki/base/selinux/src/pki.if +@@ -193,7 +193,7 @@ template(`pki_ca_template',` + corenet_tcp_connect_ldap_port($1_t) + + # tomcat connects to ephemeral ports on shutdown +- corenet_tcp_connect_all_unreserved_ports($1_t) ++ corenet_tcp_connect_all_ephemeral_ports($1_t) + + optional_policy(` + #This is broken in selinux-policy we need java_exec defined, Will add to policy +diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te +index 7f6e657..dab02d4 100644 +--- a/pki/base/selinux/src/pki.te ++++ b/pki/base/selinux/src/pki.te +@@ -1,4 +1,4 @@ +-policy_module(pki,10.0.2) ++policy_module(pki,10.0.3) + + attribute pki_ca_config; + attribute pki_ca_executable; diff --git a/pki/patches/pki-core-selinux-f17.patch b/pki/patches/pki-core-selinux-f17.patch new file mode 100644 index 000000000..465c95fe2 --- /dev/null +++ b/pki/patches/pki-core-selinux-f17.patch @@ -0,0 +1,35 @@ +diff --git a/pki/base/selinux/src/pki.if b/pki/base/selinux/src/pki.if +index 0709176..20dfc17 100644 +--- a/pki/base/selinux/src/pki.if ++++ b/pki/base/selinux/src/pki.if +@@ -206,6 +206,20 @@ template(`pki_ca_template',` + optional_policy(` + unconfined_domain($1_script_t) + ') ++ ++ # tomcat6 init scripts do runuser and touch lockfile ++ allow $1_t self:capability { setuid chown setgid fowner audit_write dac_override }; ++ allow $1_t self:netlink_audit_socket { nlmsg_relay create read write }; ++ consoletype_exec($1_t) ++ fs_read_hugetlbfs_files($1_t) ++ hostname_exec($1_t) ++ kernel_read_kernel_sysctls($1_t) ++ ++ # java (mislabeled as lib_t?) calls build_classpath ++ libs_exec_lib_files($1_t) ++ ++ selinux_get_enforce_mode($1_t) ++ + ') + + ######################################## +diff --git a/pki/base/selinux/src/pki.te b/pki/base/selinux/src/pki.te +index 7f6e657..dab02d4 100644 +--- a/pki/base/selinux/src/pki.te ++++ b/pki/base/selinux/src/pki.te +@@ -1,4 +1,4 @@ +-policy_module(pki,10.0.2) ++policy_module(pki,10.0.3) + + attribute pki_ca_config; + attribute pki_ca_executable; diff --git a/pki/scripts/build_dogtag_pki b/pki/scripts/build_dogtag_pki index 7e0de05fc..f2c171fbb 100755 --- a/pki/scripts/build_dogtag_pki +++ b/pki/scripts/build_dogtag_pki @@ -169,7 +169,7 @@ ${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_COMMON_THEME} ${PKI_CA_THEME} ${ # Compose and install 'pki-core' packages cd ${PKI_PWD} -${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_CORE_PACKAGES} rpms +${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_CORE_PACKAGES} hybrid_rpms mv ${PKI_PACKAGES_DIR} ${PKI_CORE_PACKAGES_DIR} cd ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR} mkdir -p ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR}/${COMBINED} diff --git a/pki/scripts/compose_dogtag_pki_theme_packages b/pki/scripts/compose_dogtag_pki_theme_packages index 7a236d774..4eefe240d 100755 --- a/pki/scripts/compose_dogtag_pki_theme_packages +++ b/pki/scripts/compose_dogtag_pki_theme_packages @@ -101,8 +101,22 @@ rm -f ${DOGTAG_PKI_THEME_SRPMS_DIR}/${DOGTAG_PKI_THEME}-${DOGTAG_PKI_THEME_VERS cp -p ${PKI_SPECS_FILE} ${DOGTAG_PKI_THEME_SPECS_DIR} -if [ ${USE_PATCH_FILES} -eq 1 ] ; then - Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${DOGTAG_PKI_THEME_SOURCES_DIR} +## +## If specified, copy all Patches from the spec file URL to SOURCES +## + +if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then + Fetch_Patch_Files ${PKI_SPECS_FILE} ${DOGTAG_PKI_THEME_SOURCES_DIR} +fi + + +## +## Copy the specified Source Tarball from the spec file URL to SOURCES, or +## Generate a fresh Source Tarball from the local source +## + +if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then + Fetch_Source_Tarball ${PKI_SPECS_FILE} ${DOGTAG_PKI_THEME_SOURCES_DIR} else ## ## Always start with a new 'dogtag-pki' staging directory diff --git a/pki/scripts/compose_functions b/pki/scripts/compose_functions index ac03bc32a..22c128df1 100644 --- a/pki/scripts/compose_functions +++ b/pki/scripts/compose_functions @@ -49,9 +49,6 @@ export PKI_BASE_DIR PKI_DOGTAG_DIR="${PKI_DIR}/dogtag" export PKI_DOGTAG_DIR -PKI_PATCHES_DIR="${PKI_DIR}/patches" -export PKI_PATCHES_DIR - PKI_FILE_LIST="CMakeLists.txt COPYING CPackConfig.cmake ConfigureChecks.cmake DefineOptions.cmake README cmake_uninstall.cmake.in config.h.cmake" export PKI_FILE_LIST @@ -74,40 +71,127 @@ Usage() printf "\n" printf "Usage: $0 \n\n" printf " where is one of the following:\n\n" - printf " srpm - produces tarball, spec, and SRPM\n" + printf " srpm - copies a spec file from local source,\n" + printf " generates a tarball from local source, " + printf "and\n" + printf " produces an SRPM\n" + printf " [suitable for use by 'mock']\n\n" + printf " rpms - copies a spec file from local source,\n" + printf " generates a tarball from local source, " + printf "and\n" + printf " produces an SRPM and one or more RPMS\n" + printf " ${MESSAGE}\n\n" + printf " hybrid_srpm - copies a spec file from local source,\n" + printf " generates a tarball from local source,\n" + printf " fetches patches from the spec's URL, " + printf "and\n" + printf " produces an SRPM\n" printf " [suitable for use by 'mock']\n\n" - printf " rpms - produces tarball, spec, SRPM, and\n" - printf " RPMS(S)\n" + printf " hybrid_rpms - copies a spec file from local source,\n" + printf " generates a tarball from local source,\n" + printf " fetches all patches from the spec's URL," + printf " and\n" + printf " produces an SRPM and one or more RPMS\n" printf " ${MESSAGE}\n\n" - printf " patched_srpm - copies tarball, patches, and spec\n" - printf " to produce an SRPM\n" + printf " patched_srpm - copies a spec file from local source,\n" + printf " fetches a tarball from the spec's URL,\n" + printf " fetches all patches from the spec's URL," + printf " and\n" + printf " produces an SRPM\n" printf " [suitable for use by 'mock']\n\n" - printf " patched_rpms - copies tarball, patches, and spec\n" - printf " to produce an SRPM and RPM(s)\n" + printf " patched_rpms - copies a spec file from local source,\n" + printf " fetches a tarball from the spec's URL,\n" + printf " fetches all patches from the spec's URL," + printf " and\n" + printf " produces an SRPM and one or more RPMS\n" printf " ${MESSAGE}\n\n" } ## -## Copy Specified Source Tarball and Patches to SOURCES +## Copy Specified Patches to SOURCES ## -Retrieve_Source_Tarball_and_Patches() +Fetch_Patch_Files() { - if [ $# -ne 3 ] ; then + if [ $# -ne 2 ] ; then Usage exit 255 fi SPECFILE=$1 - PATCHES_DIR=$2 - TARGET_DIR=$3 + TARGET_DIR=$2 if [ ! -f ${SPECFILE} ] ; then printf "ERROR: '${SPECFILE}' is missing!\n\n" Usage exit 255 - elif [ ! -d ${PATCHES_DIR} ] ; then - printf "ERROR: '${PATCHES_DIR}' does NOT exist!\n\n" + elif [ ! -d ${TARGET_DIR} ] ; then + printf "ERROR: '${TARGET_DIR}' does NOT exist!\n\n" + Usage + exit 255 + fi + + component_name_marker="Name" + component_version_marker="Version" + component_source_marker="Source" + component_patch_marker="Patch" + + component_name="" + component_version="" + component_source="" + component_url="" + component_patch="" + + exec < ${SPECFILE} + while read line; do + entry=`echo $line | cut -d: -f 1` + if [ "${entry:0:4}" = "${component_name_marker}" ] ; then + component_name=`echo $line | cut -d' ' -f 2` + elif [ "${entry:0:7}" = "${component_version_marker}" ] ; then + component_version=`echo $line | cut -d' ' -f 2` + elif [ "${entry:0:6}" = "${component_source_marker}" ] ; then + value=`echo $line | cut -d' ' -f 2` + component_source=`echo $value | sed -e "s/\%{name}/${component_name}/g" -e "s/\%{version}/${component_version}/g"` + component_url=`dirname ${component_source}` + elif [ "${entry:0:5}" = "${component_patch_marker}" ] ; then + if [ ${component_url} != "" ] ; then + value=`echo $line | cut -d' ' -f 2` + component_patch=${component_url}"/"`echo $value | sed -e "s/\%{name}/${component_name}/g" -e "s/\%{version}/${component_version}/g"` + wget -q -O ${TARGET_DIR}/`basename ${component_patch}` ${component_patch} + if [ $? -ne 0 ] ; then + printf "ERROR: Failed to download '${component_patch}'!\n\n" + Usage + exit 255 + elif [ ! -f ${TARGET_DIR}/`basename ${component_patch}` ] ; then + printf "ERROR: Failed to save '${TARGET_DIR}/`basename ${component_patch}`'!\n\n" + Usage + exit 255 + fi + else + printf "ERROR: '${component_source_marker}' MUST be specified PRIOR to '${component_patch_marker}'!\n\n" + Usage + exit 255 + fi + fi + done +} + + +## +## Copy Specified Source Tarball to SOURCES +## +Fetch_Source_Tarball() +{ + if [ $# -ne 2 ] ; then + Usage + exit 255 + fi + + SPECFILE=$1 + TARGET_DIR=$2 + + if [ ! -f ${SPECFILE} ] ; then + printf "ERROR: '${SPECFILE}' is missing!\n\n" Usage exit 255 elif [ ! -d ${TARGET_DIR} ] ; then @@ -119,12 +203,10 @@ Retrieve_Source_Tarball_and_Patches() component_name_marker="Name" component_version_marker="Version" component_tarball_marker="Source" - component_patch_marker="Patch" component_name="" component_version="" component_tarball="" - component_patch="" exec < ${SPECFILE} while read line; do @@ -146,21 +228,6 @@ Retrieve_Source_Tarball_and_Patches() Usage exit 255 fi - elif [ "${entry:0:5}" = "${component_patch_marker}" ] ; then - value=`echo $line | cut -d' ' -f 2` - component_patch=`echo $value | sed -e "s/\%{name}/${component_name}/g" -e "s/\%{version}/${component_version}/g"` - if [ -f ${PATCHES_DIR}/${component_patch} ] ; then - cp -p ${PATCHES_DIR}/${component_patch} ${TARGET_DIR} - if [ ! -f ${TARGET_DIR}/${component_patch} ] ; then - printf "ERROR: Failed to copy '${component_patch}'!\n\n" - Usage - exit 255 - fi - else - printf "ERROR: Failed to find '${component_patch}'!\n\n" - Usage - exit 255 - fi fi done } @@ -177,16 +244,28 @@ fi if [ $1 = "srpm" ] ; then RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -bs" - USE_PATCH_FILES=0 + FETCH_SOURCE_TARBALL=0 + FETCH_PATCH_FILES=0 +elif [ $1 = "hybrid_srpm" ] ; then + RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -bs" + FETCH_SOURCE_TARBALL=0 + FETCH_PATCH_FILES=1 elif [ $1 = "patched_srpm" ] ; then RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -bs" - USE_PATCH_FILES=1 + FETCH_SOURCE_TARBALL=1 + FETCH_PATCH_FILES=1 elif [ $1 = "rpms" ] ; then RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -ba" - USE_PATCH_FILES=0 + FETCH_SOURCE_TARBALL=0 + FETCH_PATCH_FILES=0 +elif [ $1 = "hybrid_rpms" ] ; then + RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -ba" + FETCH_SOURCE_TARBALL=0 + FETCH_PATCH_FILES=1 elif [ $1 = "patched_rpms" ] ; then RPMBUILD_CMD="rpmbuild --define \"_topdir \`pwd\`\" -ba" - USE_PATCH_FILES=1 + FETCH_SOURCE_TARBALL=1 + FETCH_PATCH_FILES=1 else Usage exit 255 diff --git a/pki/scripts/compose_ipa_pki_theme_packages b/pki/scripts/compose_ipa_pki_theme_packages index e52cb7931..f2ef9042b 100755 --- a/pki/scripts/compose_ipa_pki_theme_packages +++ b/pki/scripts/compose_ipa_pki_theme_packages @@ -101,8 +101,22 @@ rm -f ${IPA_PKI_THEME_SRPMS_DIR}/${IPA_PKI_THEME}-${IPA_PKI_THEME_VERSION}*.rpm cp -p ${PKI_SPECS_FILE} ${IPA_PKI_THEME_SPECS_DIR} -if [ ${USE_PATCH_FILES} -eq 1 ] ; then - Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${IPA_PKI_THEME_SOURCES_DIR} +## +## If specified, copy all Patches from the spec file URL to SOURCES +## + +if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then + Fetch_Patch_Files ${PKI_SPECS_FILE} ${IPA_PKI_THEME_SOURCES_DIR} +fi + + +## +## Copy the specified Source Tarball from the spec file URL to SOURCES, or +## Generate a fresh Source Tarball from the local source +## + +if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then + Fetch_Source_Tarball ${PKI_SPECS_FILE} ${IPA_PKI_THEME_SOURCES_DIR} else ## ## Always start with a new 'ipa-pki' staging directory diff --git a/pki/scripts/compose_pki_console_packages b/pki/scripts/compose_pki_console_packages index 14f907036..a163525c3 100755 --- a/pki/scripts/compose_pki_console_packages +++ b/pki/scripts/compose_pki_console_packages @@ -100,8 +100,22 @@ rm -f ${PKI_CONSOLE_SRPMS_DIR}/${PKI_CONSOLE}-${PKI_CONSOLE_VERSION}*.rpm cp -p ${PKI_SPECS_FILE} ${PKI_CONSOLE_SPECS_DIR} -if [ ${USE_PATCH_FILES} -eq 1 ] ; then - Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_CONSOLE_SOURCES_DIR} +## +## If specified, copy all Patches from the spec file URL to SOURCES +## + +if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then + Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_CONSOLE_SOURCES_DIR} +fi + + +## +## Copy the specified Source Tarball from the spec file URL to SOURCES, or +## Generate a fresh Source Tarball from the local source +## + +if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then + Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_CONSOLE_SOURCES_DIR} else ## ## Always start with a new 'pki-console' staging directory diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages index 2af796054..f45c691ce 100755 --- a/pki/scripts/compose_pki_core_packages +++ b/pki/scripts/compose_pki_core_packages @@ -100,8 +100,22 @@ rm -f ${PKI_CORE_SRPMS_DIR}/${PKI_CORE}-${PKI_CORE_VERSION}*.rpm cp -p ${PKI_SPECS_FILE} ${PKI_CORE_SPECS_DIR} -if [ ${USE_PATCH_FILES} -eq 1 ] ; then - Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_CORE_SOURCES_DIR} +## +## If specified, copy all Patches from the spec file URL to SOURCES +## + +if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then + Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_CORE_SOURCES_DIR} +fi + + +## +## Copy the specified Source Tarball from the spec file URL to SOURCES, or +## Generate a fresh Source Tarball from the local source +## + +if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then + Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_CORE_SOURCES_DIR} else ## ## Always start with a new 'pki-core' staging directory diff --git a/pki/scripts/compose_pki_migrate_packages b/pki/scripts/compose_pki_migrate_packages index a5d3e26d7..39789f897 100755 --- a/pki/scripts/compose_pki_migrate_packages +++ b/pki/scripts/compose_pki_migrate_packages @@ -100,8 +100,22 @@ rm -f ${PKI_MIGRATE_SRPMS_DIR}/${PKI_MIGRATE}-${PKI_MIGRATE_VERSION}*.rpm cp -p ${PKI_SPECS_FILE} ${PKI_MIGRATE_SPECS_DIR} -if [ ${USE_PATCH_FILES} -eq 1 ] ; then - Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_MIGRATE_SOURCES_DIR} +## +## If specified, copy all Patches from the spec file URL to SOURCES +## + +if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then + Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_MIGRATE_SOURCES_DIR} +fi + + +## +## Copy the specified Source Tarball from the spec file URL to SOURCES, or +## Generate a fresh Source Tarball from the local source +## + +if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then + Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_MIGRATE_SOURCES_DIR} else ## ## Always start with a new 'pki-migrate' staging directory diff --git a/pki/scripts/compose_pki_ra_packages b/pki/scripts/compose_pki_ra_packages index 5e7626f88..b5ff90f03 100755 --- a/pki/scripts/compose_pki_ra_packages +++ b/pki/scripts/compose_pki_ra_packages @@ -100,8 +100,22 @@ rm -f ${PKI_RA_SRPMS_DIR}/${PKI_RA}-${PKI_RA_VERSION}*.rpm cp -p ${PKI_SPECS_FILE} ${PKI_RA_SPECS_DIR} -if [ ${USE_PATCH_FILES} -eq 1 ] ; then - Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_RA_SOURCES_DIR} +## +## If specified, copy all Patches from the spec file URL to SOURCES +## + +if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then + Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_RA_SOURCES_DIR} +fi + + +## +## Copy the specified Source Tarball from the spec file URL to SOURCES, or +## Generate a fresh Source Tarball from the local source +## + +if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then + Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_RA_SOURCES_DIR} else ## ## Always start with a new 'pki-ra' staging directory diff --git a/pki/scripts/compose_pki_tps_packages b/pki/scripts/compose_pki_tps_packages index c84f94d13..eb7738641 100755 --- a/pki/scripts/compose_pki_tps_packages +++ b/pki/scripts/compose_pki_tps_packages @@ -100,8 +100,22 @@ rm -f ${PKI_TPS_SRPMS_DIR}/${PKI_TPS}-${PKI_TPS_VERSION}*.rpm cp -p ${PKI_SPECS_FILE} ${PKI_TPS_SPECS_DIR} -if [ ${USE_PATCH_FILES} -eq 1 ] ; then - Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_TPS_SOURCES_DIR} +## +## If specified, copy all Patches from the spec file URL to SOURCES +## + +if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then + Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_TPS_SOURCES_DIR} +fi + + +## +## Copy the specified Source Tarball from the spec file URL to SOURCES, or +## Generate a fresh Source Tarball from the local source +## + +if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then + Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_TPS_SOURCES_DIR} else ## ## Always start with a new 'pki-tps' staging directory diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec index e5fead454..086f3829a 100644 --- a/pki/specs/pki-core.spec +++ b/pki/specs/pki-core.spec @@ -7,7 +7,7 @@ Name: pki-core Version: 10.0.0 -Release: %{?relprefix}3%{?prerel}%{?dist} +Release: %{?relprefix}5%{?prerel}%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -64,6 +64,14 @@ BuildRequires: tomcatjss >= 2.0.0 Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz +%if 0%{?fedora} >= 17 +Patch0: %{name}-selinux-f17.patch +%else +%if 0%{?fedora} >= 16 +Patch0: %{name}-selinux-f16.patch +%endif +%endif + %if 0%{?rhel} ExcludeArch: ppc ppc64 s390 s390x %endif @@ -651,6 +659,13 @@ This package is a part of the PKI Core used by the Certificate System. %setup -q -n %{name}-%{version}%{?prerel} +%if 0%{?fedora} >= 17 +%patch0 -p2 -b .p0 +%else +%if 0%{?fedora} >= 16 +%patch0 -p2 -b .p0 +%endif +%endif %clean %{__rm} -rf %{buildroot} @@ -1218,6 +1233,12 @@ fi %changelog +* Tue Feb 28 2012 Ade Lee 10.0.0-0.5.a1 +- 'pki-selinux' +- Added platform-dependent patches for SELinux component +- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) +- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17) + * Wed Feb 23 2012 Endi S. Dewata 10.0.0-0.4.a1 - Added dependency on Apache Commons Codec. -- cgit