rpms/crossfire/devel crossfire.spec,1.2,1.3
Michael Thomas (wart)
fedora-extras-commits at redhat.com
Thu Aug 31 15:15:29 UTC 2006
Author: wart
Update of /cvs/extras/rpms/crossfire/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7444
Modified Files:
crossfire.spec
Log Message:
Add selinux support, add patch from upstream
Index: crossfire.spec
===================================================================
RCS file: /cvs/extras/rpms/crossfire/devel/crossfire.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- crossfire.spec 9 Jul 2006 21:14:18 -0000 1.2
+++ crossfire.spec 31 Aug 2006 15:15:29 -0000 1.3
@@ -1,6 +1,9 @@
+%define selinux_variants mls strict targeted
+%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
+
Name: crossfire
Version: 1.9.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Server for hosting crossfire games
Group: Amusements/Games
License: GPL
@@ -10,16 +13,19 @@
Source2: crossfire.init
Source3: crossfire.sysconfig
Source4: crossfire.logrotate
+Source5: crossfire.te
+Source6: crossfire.fc
+Source7: crossfire.if
+Patch0: crossfire-1.9.1-autoconf.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: crossfire-maps
-# BuildRequires necessary for the map editor
-BuildRequires: python-devel
-%if "%fedora" <= "4"
-BuildRequires: xorg-x11-devel
-%else
+BuildRequires: checkpolicy selinux-policy-devel hardlink
BuildRequires: libXt-devel
BuildRequires: libXext-devel
BuildRequires: libXaw-devel
+BuildRequires: python-devel
+%if "%{selinux_policyver}" != ""
+Requires: selinux-policy >= %{selinux_policyver}
%endif
Requires(post): /sbin/chkconfig
@@ -27,8 +33,6 @@
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
Requires(postun): /sbin/service
-Requires(pre): fedora-usermgmt
-Requires(postun): fedora-usermgmt
%description
Crossfire is a highly graphical role-playing adventure game with
@@ -72,9 +76,23 @@
Image files that can be used with the crossfire clients so that they
don't have to be downloaded from the server.
+%package selinux
+Summary: SELinux policy files for crossfire
+Group: Amusements/Games
+Requires: %{name} = %{version}-%{release}
+Requires(post): /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles
+Requires(preun): /sbin/service /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles /usr/sbin/setsebool
+Requires(postun): /usr/sbin/semodule
+%description selinux
+selinux policy files for the Crossfire game server
+
%prep
%setup -q
%setup -q -a 1
+%patch0 -p0
+mkdir SELinux
+cp %{SOURCE5} %{SOURCE6} %{SOURCE7} SELinux
+
mv arch/ lib/
%{__sed} -i 's#\r##' utils/player_dl.pl.in
@@ -84,18 +102,27 @@
# This is fixed in CVS, but didn't make it into the 1.9.1 release.
%{__sed} -i 's# (void) open ("/", O_RDONLY);# (void) open ("/var/log/crossfire/crossfire.log", O_RDONLY);#' server/daemon.c
+# Change the location of the tmp directory
+%{__sed} -i "s@^#define TMPDIR \"/tmp\"@#define TMPDIR \"%{_var}/games/%{name}/tmp\"@" include/config.h
+
%build
# Change the localstatedir so that the variable data files are
# put in /var/games/crossfire instead of /var/crossfire. This is
# in agreement with the FHS.
%configure --localstatedir=%{_var}/games --disable-static
-# Yes, we do really need to run configure a second time. The first time
-# won't enable crossedit due to a bootstrap bug:
-# http://sourceforge.net/tracker/index.php?func=detail&aid=1518321&group_id=13833&atid=113833
-%configure --localstatedir=%{_var}/games --disable-static
make %{?_smp_mflags}
+# Build the selinux policy file
+pushd SELinux
+for variant in %{selinux_variants}
+do
+ make NAME=${variant} -f %{_datadir}/selinux/devel/Makefile
+ mv %{name}.pp %{name}.pp.${variant}
+ make NAME=${variant} -f %{_datadir}/selinux/devel/Makefile clean
+done
+popd
+
# This will create a tarball of the images for the client.
cd lib && adm/collect_images.pl -archive
@@ -152,28 +179,78 @@
install -p -D -m 644 %{SOURCE4} \
$RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
+mkdir $RPM_BUILD_ROOT%{_var}/games/%{name}/tmp
+
+# Install selinux policies
+pushd SELinux
+for variant in %{selinux_variants}
+do
+ install -d %{buildroot}%{_datadir}/selinux/${variant}
+ install -p -m 644 %{name}.pp.${variant} \
+ %{buildroot}%{_datadir}/selinux/${variant}/%{name}.pp
+done
+popd
+# Hardlink identical policy module packages together
+/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
+
+
%pre
user_uid=`id -u crossfire 2>/dev/null`
if [ x"$user_uid" = x ] ; then
- %{_sbindir}/fedora-useradd 27 -r -s /sbin/nologin \
- -d %{_datadir}/%{name} -M -c 'Crossfire Server' \
+ useradd -r -s /sbin/nologin -d %{_datadir}/%{name} -M \
+ -c 'Crossfire Server' \
crossfire >/dev/null || :
fi
%post
/sbin/chkconfig --add crossfire
+%post selinux
+# Install SELinux policy modules
+for selinuxvariant in %{selinux_variants}
+do
+ /usr/sbin/semodule -s ${selinuxvariant} -i \
+ %{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
+done
+/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 13327 || :
+/sbin/fixfiles -R %{name} restore || :
+/sbin/service %{name} condrestart > /dev/null 2>&1 || :
+
%preun
-if [ "$1" = "0" ]; then
+if [ "$1" -le "0" ]; then
/sbin/service crossfire stop > /dev/null 2>&1
/sbin/chkconfig --del crossfire
fi
+%preun selinux
+if [ "$1" -lt "1" ] ; then
+ # Disable the policy and restart the daemon
+ /usr/sbin/setsebool %{name}_disable_trans 1
+ /sbin/service %{name} condrestart > /dev/null 2>&1 || :
+ # Unload the module
+ /usr/sbin/semanage port -d -t %{name}_port_t -p tcp 13327 || :
+ for variant in %{selinux_variants} ; do
+ /usr/sbin/semodule -s ${variant} -r %{name} &> /dev/null || :
+ done
+ # Set the context back
+ /sbin/fixfiles -R %{name} restore || :
+fi
+
%postun
if [ "$1" -ge "1" ]; then
- /sbin/service crossfire restart >/dev/null 2>&1
+ /sbin/service crossfire condrestart >/dev/null 2>&1
fi
+%postun selinux
+if [ "$1" -ge "1" ] ; then
+ # Replace the module if it is already loaded. semodule -u also
+ # checks the module version
+ for variant in %{selinux_variants} ; do
+ /usr/sbin/semodule -u %{_datadir}/selinux/${variant}/%{name}.pp || :
+ done
+fi
+
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -223,8 +300,18 @@
%defattr(-,root,root,-)
%{_datadir}/%{name}/%{name}-client
+%files selinux
+%defattr(-,root,root,-)
+%doc SELinux/*.??
+%{_datadir}/selinux/*/%{name}.pp
+
%changelog
+* Tue Jul 11 2006 Wart <wart at kobold.org> 1.9.1-2
+- Added upstream patch to fix configure bug.
+- Added selinux security policy
+- Don't use /tmp for the map file cache
+
* Thu Jul 6 2006 Wart <wart at kobold.org> 1.9.1-1
- Update to 1.9.1
More information about the fedora-extras-commits
mailing list