From 65d6b61c4318bead87ca2a416519d297f4ebcca8 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 9 Jul 2018 10:59:58 +0200
Subject: Sync with Fedora: - add "selinux" subpackage containing SELinux
 policy module

And make this F29+ only
---
 memcached.spec | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 80 insertions(+), 6 deletions(-)

(limited to 'memcached.spec')

diff --git a/memcached.spec b/memcached.spec
index cea6aba..fd43545 100644
--- a/memcached.spec
+++ b/memcached.spec
@@ -21,12 +21,23 @@
 
 %global with_sasl    1
 
+%if 0%{?fedora} >= 29
+%global with_selinux        1
+%else
+%global with_selinux        0
+%endif
+%global selinuxtype         targeted
+%global selinuxmoduletype   contrib
+%global selinuxmodulename   memcached
+%global selinuxmodulever    1.0
+%global selinuxmoduledir    %{selinuxmodulename}-selinux-%{selinuxmodulever}
+
 # disable testing as it is unreliable on build systems
 %global with_tests   %{?_with_tests:1}%{!?_with_tests:0}
 
 Name:           memcached
 Version:        1.5.8
-Release:        1%{?dist}
+Release:        2%{?dist}
 Epoch:          0
 Summary:        High Performance, Distributed Memory Object Cache
 
@@ -35,9 +46,11 @@ License:        BSD
 URL:            https://www.memcached.org/
 Source0:        https://www.memcached.org/files/%{name}-%{version}.tar.gz
 Source1:        memcached.sysconfig
+# SELinux policy sources: https://pagure.io/memcached-selinux/tree/master
+Source2:        https://pagure.io/memcached-selinux/raw/master/f/%{selinuxmoduledir}.tar.gz
 
 # custom init script
-Source2:        memcached.sysv
+Source4:        memcached.sysv
 # custom unit file
 Source3:        memcached.service
 
@@ -67,9 +80,22 @@ Requires(postun): /sbin/service
 %endif
 Requires(pre):  shadow-utils
 
-# as of 3.5.5-4 selinux has memcache included
-Obsoletes: memcached-selinux
 
+%if %{with_selinux}
+%package selinux
+Summary: Selinux policy module
+Group: System Environment/Base
+License: GPLv2
+BuildRequires: selinux-policy
+%{?selinux_requires}
+
+%description selinux
+Install memcached-selinux to ensure your system contains the latest SELinux policy
+optimised for use with this version of memcached.
+%else
+# as of 3.5.5-4 selinux has memcache included
+Obsoletes: memcached-selinux < 1.5.9
+%endif
 
 %description
 memcached is a high-performance, distributed memory object caching
@@ -88,7 +114,9 @@ access to the memcached binary include files.
 
 
 %prep
-%setup -q
+# Unpack memcached sources into memcached-X.X.X directory
+# and SELinux policy sources into memcached-selinux-X.X
+%setup -q -b 2
 %patch1 -p1 -b .unit
 
 
@@ -104,6 +132,12 @@ access to the memcached binary include files.
 sed -i 's/-Werror / /' Makefile
 make %{?_smp_mflags}
 
+%if %{with_selinux}
+pushd ../%{selinuxmoduledir}
+make
+popd
+%endif
+
 
 %check
 %if %{with_tests}
@@ -142,12 +176,23 @@ sed -e 's/^##safer##//g'  -i %{buildroot}%{_unitdir}/%{name}*service
 
 %else
 # Init script
-install -Dp -m0755 %{SOURCE2} %{buildroot}%{_initrddir}/memcached
+install -Dp -m0755 %{SOURCE4} %{buildroot}%{_initrddir}/memcached
 
 # pid directory
 mkdir -p %{buildroot}/%{_localstatedir}/run/memcached
 %endif
 
+%if %{with_selinux}
+# install SELinux policy module
+pushd ../%{selinuxmoduledir}
+install -d %{buildroot}%{_datadir}/selinux/packages
+install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{selinuxmoduletype}
+# Not installing memcached.if - interface file from selinux-policy-devel will be used
+# see. "Independant product policy" documentation for more details
+install -m 0644 %{selinuxmodulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
+popd
+%endif
+
 
 # Default configs
 %if 0%{?fedora} < 25 && 0%{?rhel} < 8
@@ -167,6 +212,23 @@ install -Dp -m0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
 %endif
 
 
+%if %{with_selinux}
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+# install selinux policy module with priority 200 to override the default policy
+%selinux_modules_install -s %{selinuxtype} -p 200 %{_datadir}/selinux/packages/%{selinuxmodulename}.pp.bz2 &> /dev/null
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{selinuxmodulename}
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype} &> /dev/null
+%endif
+
 %pre
 getent group %{groupname} >/dev/null || groupadd -r %{groupname}
 getent passwd %{username} >/dev/null || \
@@ -250,7 +312,19 @@ fi
 %{_includedir}/memcached/*
 
 
+%if %{with_selinux}
+%files selinux
+%defattr(-,root,root,0755)
+%attr(0644,root,root) %{_datadir}/selinux/packages/%{selinuxmodulename}.pp.bz2
+%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{selinuxmodulename}
+%license COPYING
+%endif
+
+
 %changelog
+* Tue Jun 05 2018 Vit Mojzis <vmojzis@redhat.com> - 0:1.5.8-2
+- add "selinux" subpackage containing SELinux policy module
+
 * Fri May 25 2018 Remi Collet <remi@remirepo.net> - 0:1.5.8-1
 - Update to 1.5.8
 - enable extstore feature on 32-bit
-- 
cgit