From 54cf04a0fa4ccae73ae4c29888b436fb1d47dcf5 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@fedoraproject.org>
Date: Tue, 19 Jan 2010 19:39:44 +0000
Subject: [PATCH] Added SELinux subpackage

---
 389-admin.spec | 82 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 79 insertions(+), 3 deletions(-)

diff --git a/389-admin.spec b/389-admin.spec
index 1629d04..81d77ab 100644
--- a/389-admin.spec
+++ b/389-admin.spec
@@ -1,13 +1,15 @@
 %global pkgname   dirsrv
 # for a pre-release, define the prerel field - comment out for official release
-%global prerel .a3
+%global prerel .a4
 # also need the relprefix field for a pre-release - also comment out for official release
 %global relprefix 0.
 
+%global selinux_variants mls targeted
+
 Summary:          389 Administration Server (admin)
 Name:             389-admin
 Version:          1.1.10
-Release:          %{?relprefix}3%{?prerel}%{?dist}
+Release:          %{?relprefix}4%{?prerel}%{?dist}
 License:          GPLv2 and ASL 2.0
 URL:              http://port389.org/
 Group:            System Environment/Daemons
@@ -27,6 +29,12 @@ BuildRequires:    apr-devel
 BuildRequires:    mod_nss
 BuildRequires:    389-adminutil-devel
 
+# The following are needed to build the SELinux policy
+BuildRequires:    checkpolicy
+BuildRequires:    selinux-policy-devel
+BuildRequires:    /usr/share/selinux/devel/Makefile
+BuildRequires:    389-ds-base-selinux-devel
+
 Requires:         389-ds-base
 Requires:         mod_nss
 # the following are needed for some of our scripts
@@ -49,12 +57,22 @@ for 389 Directory Server.  It provides some management web apps that can
 be used through a web browser.  It provides the authentication, access control,
 and CGI utilities used by the console.
 
+%package          selinux
+Summary:          SELinux policy for 389 Administration Server
+Group:            System Environment/Daemons
+Requires:         selinux-policy
+Requires:         %{name} = %{version}-%{release}
+Requires:         389-ds-base-selinux
+
+%description      selinux
+SELinux policy for the 389 Adminstration Server package.
+
 %prep
 %setup -q -n %{name}-%{version}%{?prerel}
 %patch1
 
 %build
-%configure --disable-rpath
+%configure --disable-rpath --with-selinux
 
 # Generate symbolic info for debuggers
 export XCFLAGS=$RPM_OPT_FLAGS
@@ -65,6 +83,18 @@ export USE_64=1
 
 make %{?_smp_mflags}
 
+# Build the SELinux policy module for each variant
+cd selinux-built
+cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.if .
+cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.te .
+for selinuxvariant in %{selinux_variants}
+do
+  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+  mv %{pkgname}-admin.pp %{pkgname}-admin.pp.${selinuxvariant}
+  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+done
+cd -
+
 %install
 rm -rf $RPM_BUILD_ROOT 
 
@@ -80,6 +110,16 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.la
 
+# Install the SELinux policy
+cd selinux-built
+for selinuxvariant in %{selinux_variants}
+do
+  install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+  install -p -m 644 %{pkgname}-admin.pp.${selinuxvariant} \
+    %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp
+done
+cd -
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -143,6 +183,34 @@ if %{pkgname}admin_exists then
     os.execute('/sbin/service %{pkgname}-admin start >/dev/null 2>&1')
 end
 
+%post selinux
+if [ "$1" -le "1" ] ; then # First install
+for selinuxvariant in %{selinux_variants}
+do
+  semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp 2>/dev/null || :
+done
+fixfiles -R %{name} restore || :
+/sbin/service %{pkgname}-admin condrestart > /dev/null 2>&1 || :
+fi
+
+%preun selinux
+if [ "$1" -lt "1" ]; then # Final removal
+for selinuxvariant in %{selinux_variants}
+do
+  semodule -s ${selinuxvariant} -r %{pkgname}-admin 2>/dev/null || :
+done
+fixfiles -R %{name} restore || :
+/sbin/service %{pkgname}-admin condrestart > /dev/null 2>&1 || :
+fi
+
+%postun selinux
+if [ "$1" -ge "1" ]; then # Upgrade
+for selinuxvariant in %{selinux_variants}
+do
+  semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp 2>/dev/null || :
+done
+fi
+
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
@@ -156,7 +224,15 @@ end
 %{_libdir}/%{pkgname}
 %{_mandir}/man8/*
 
+%files selinux
+%defattr(-,root,root,-)
+%{_datadir}/selinux/*/%{pkgname}-admin.pp
+
 %changelog
+* Mon Jan 18 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.10.a4-0.4
+- the 1.1.10.a4 release
+- added SELinux subpackage
+
 * Thu Jan 14 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.10.a3-0.3
 - the 1.1.10.a3 release
 - make sure we can find ICU genrb on all platforms