rpms/crossfire/devel crossfire.spec,1.2,1.3

Michael Thomas (wart) fedora-extras-commits at redhat.com
Thu Aug 31 15:15:29 UTC 2006 

Author: wart

Update of /cvs/extras/rpms/crossfire/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7444

Modified Files:
	crossfire.spec 
Log Message:
Add selinux support, add patch from upstream




Index: crossfire.spec
===================================================================
RCS file: /cvs/extras/rpms/crossfire/devel/crossfire.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- crossfire.spec	9 Jul 2006 21:14:18 -0000	1.2
+++ crossfire.spec	31 Aug 2006 15:15:29 -0000	1.3
@@ -1,6 +1,9 @@
+%define selinux_variants mls strict targeted
+%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp) 
+
 Name: crossfire
 Version: 1.9.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Server for hosting crossfire games
 Group: Amusements/Games
 License: GPL
@@ -10,16 +13,19 @@
 Source2: crossfire.init
 Source3: crossfire.sysconfig
 Source4: crossfire.logrotate
+Source5: crossfire.te
+Source6: crossfire.fc
+Source7: crossfire.if
+Patch0:  crossfire-1.9.1-autoconf.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires:       crossfire-maps
-# BuildRequires necessary for the map editor
-BuildRequires:  python-devel
-%if "%fedora" <= "4"
-BuildRequires:  xorg-x11-devel
-%else
+BuildRequires:  checkpolicy selinux-policy-devel hardlink
 BuildRequires:  libXt-devel
 BuildRequires:  libXext-devel
 BuildRequires:  libXaw-devel
+BuildRequires:  python-devel
+%if "%{selinux_policyver}" != ""
+Requires:       selinux-policy >= %{selinux_policyver}
 %endif
 
 Requires(post): /sbin/chkconfig
@@ -27,8 +33,6 @@
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 Requires(postun): /sbin/service
-Requires(pre):   fedora-usermgmt
-Requires(postun): fedora-usermgmt
 
 %description
 Crossfire is a highly graphical role-playing adventure game with
@@ -72,9 +76,23 @@
 Image files that can be used with the crossfire clients so that they
 don't have to be downloaded from the server.
 
+%package selinux
+Summary: SELinux policy files for crossfire
+Group: Amusements/Games
+Requires: %{name} = %{version}-%{release}
+Requires(post):         /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles
+Requires(preun):        /sbin/service /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles /usr/sbin/setsebool
+Requires(postun):       /usr/sbin/semodule
+%description selinux
+selinux policy files for the Crossfire game server
+
 %prep
 %setup -q
 %setup -q -a 1
+%patch0 -p0
+mkdir SELinux
+cp  %{SOURCE5} %{SOURCE6} %{SOURCE7} SELinux
+
 mv arch/ lib/
 
 %{__sed} -i 's#\r##' utils/player_dl.pl.in
@@ -84,18 +102,27 @@
 # This is fixed in CVS, but didn't make it into the 1.9.1 release.
 %{__sed} -i 's#    (void) open ("/", O_RDONLY);#    (void) open ("/var/log/crossfire/crossfire.log", O_RDONLY);#' server/daemon.c
 
+# Change the location of the tmp directory
+%{__sed} -i "s@^#define TMPDIR \"/tmp\"@#define TMPDIR \"%{_var}/games/%{name}/tmp\"@" include/config.h
+
 %build
 # Change the localstatedir so that the variable data files are
 # put in /var/games/crossfire instead of /var/crossfire.  This is
 # in agreement with the FHS.
 %configure --localstatedir=%{_var}/games --disable-static
 
-# Yes, we do really need to run configure a second time.  The first time
-# won't enable crossedit due to a bootstrap bug:
-# http://sourceforge.net/tracker/index.php?func=detail&aid=1518321&group_id=13833&atid=113833
-%configure --localstatedir=%{_var}/games --disable-static
 make %{?_smp_mflags}
 
+# Build the selinux policy file
+pushd SELinux
+for variant in %{selinux_variants}
+do
+    make NAME=${variant} -f %{_datadir}/selinux/devel/Makefile
+    mv %{name}.pp %{name}.pp.${variant}
+    make NAME=${variant} -f %{_datadir}/selinux/devel/Makefile clean
+done
+popd
+
 # This will create a tarball of the images for the client.
 cd lib && adm/collect_images.pl -archive
 
@@ -152,28 +179,78 @@
 install -p -D -m 644 %{SOURCE4} \
     $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
 
+mkdir $RPM_BUILD_ROOT%{_var}/games/%{name}/tmp
+
+# Install selinux policies
+pushd SELinux
+for variant in %{selinux_variants}
+do
+    install -d %{buildroot}%{_datadir}/selinux/${variant}
+    install -p -m 644 %{name}.pp.${variant} \
+           %{buildroot}%{_datadir}/selinux/${variant}/%{name}.pp
+done
+popd
+# Hardlink identical policy module packages together
+/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
+
+
 %pre
 user_uid=`id -u crossfire 2>/dev/null`
 if [ x"$user_uid" = x ] ; then
-    %{_sbindir}/fedora-useradd  27 -r -s /sbin/nologin \
-            -d %{_datadir}/%{name} -M -c 'Crossfire Server' \
+    useradd -r -s /sbin/nologin -d %{_datadir}/%{name} -M \
+            -c 'Crossfire Server' \
             crossfire >/dev/null || :
 fi
 
 %post
 /sbin/chkconfig --add crossfire
 
+%post selinux
+# Install SELinux policy modules
+for selinuxvariant in %{selinux_variants}
+do
+  /usr/sbin/semodule -s ${selinuxvariant} -i \
+    %{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
+done
+/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 13327 || :
+/sbin/fixfiles -R %{name} restore || :
+/sbin/service %{name} condrestart > /dev/null 2>&1 || :
+
 %preun
-if [ "$1" = "0" ]; then
+if [ "$1" -le "0" ]; then
     /sbin/service crossfire stop > /dev/null 2>&1
     /sbin/chkconfig --del crossfire
 fi
 
+%preun selinux
+if [ "$1" -lt "1" ] ; then
+    # Disable the policy and restart the daemon
+    /usr/sbin/setsebool %{name}_disable_trans 1
+    /sbin/service %{name} condrestart > /dev/null 2>&1 || :
+    # Unload the module
+    /usr/sbin/semanage port -d -t %{name}_port_t -p tcp 13327 || :
+    for variant in %{selinux_variants} ; do
+        /usr/sbin/semodule -s ${variant} -r %{name} &> /dev/null || :
+    done
+    # Set the context back
+    /sbin/fixfiles -R %{name} restore || :
+fi
+
 %postun
 if [ "$1" -ge "1" ]; then
-    /sbin/service crossfire restart >/dev/null 2>&1
+    /sbin/service crossfire condrestart >/dev/null 2>&1
 fi
 
+%postun selinux
+if [ "$1" -ge "1" ] ; then
+    # Replace the module if it is already loaded. semodule -u also
+    # checks the module version
+    for variant in %{selinux_variants} ; do
+        /usr/sbin/semodule -u %{_datadir}/selinux/${variant}/%{name}.pp || :
+    done
+fi
+
+
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -223,8 +300,18 @@
 %defattr(-,root,root,-)
 %{_datadir}/%{name}/%{name}-client
 
+%files selinux
+%defattr(-,root,root,-)
+%doc SELinux/*.??
+%{_datadir}/selinux/*/%{name}.pp
+
 
 %changelog
+* Tue Jul 11 2006 Wart <wart at kobold.org> 1.9.1-2
+- Added upstream patch to fix configure bug.
+- Added selinux security policy
+- Don't use /tmp for the map file cache
+
 * Thu Jul 6 2006 Wart <wart at kobold.org> 1.9.1-1
 - Update to 1.9.1

More information about the fedora-extras-commits mailing list