diff --git a/krb5-1.7-selinux-label.patch b/krb5-1.7-selinux-label.patch index 9b328ad..ae44155 100644 --- a/krb5-1.7-selinux-label.patch +++ b/krb5-1.7-selinux-label.patch @@ -42,7 +42,7 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.7/src/aclocal.m4 KRB5_LIB_PARAMS KRB5_AC_INITFINI KRB5_AC_ENABLE_THREADS -@@ -1876,3 +1877,51 @@ AC_SUBST(PAM_LIBS) +@@ -1876,3 +1877,53 @@ AC_SUBST(PAM_LIBS) AC_SUBST(manlibexecdir) AC_CONFIG_FILES($1) ]) @@ -56,7 +56,7 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.7/src/aclocal.m4 +if test "$withselinux" != no ; then + AC_MSG_RESULT([checking for libselinux...]) + SELINUX_LIBS= -+ AC_CHECK_HEADERS(selinux/selinux.h) ++ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h) + if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then + if test "$withselinux" = auto ; then + AC_MSG_RESULT([Unable to locate selinux/selinux.h.]) @@ -68,11 +68,13 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.7/src/aclocal.m4 + + LIBS= + unset ac_cv_func_setfscreatecon -+ AC_CHECK_FUNCS(setfscreatecon) ++ AC_CHECK_FUNCS(setfscreatecon selabel_open) + if test "x$ac_cv_func_setfscreatecon" = xno ; then + AC_CHECK_LIB(selinux,setfscreatecon) ++ AC_CHECK_LIB(selinux,selabel_open) + unset ac_cv_func_setfscreatecon -+ AC_CHECK_FUNCS(setfscreatecon) ++ unset ac_cv_func_selabel_open ++ AC_CHECK_FUNCS(setfscreatecon selabel_open) + if test "x$ac_cv_func_setfscreatecon" = xyes ; then + SELINUX_LIBS="$LIBS" + else @@ -162,17 +164,20 @@ diff -up krb5-1.7/src/configure.in krb5-1.7/src/configure.in diff -up krb5-1.7/src/include/autoconf.h.in krb5-1.7/src/include/autoconf.h.in --- krb5-1.7/src/include/autoconf.h.in 2009-06-01 20:58:35.000000000 -0400 +++ krb5-1.7/src/include/autoconf.h.in 2009-06-04 13:47:20.000000000 -0400 -@@ -389,6 +389,9 @@ +@@ -389,6 +389,12 @@ /* Define to 1 if you have the `sched_yield' function. */ #undef HAVE_SCHED_YIELD ++/* Define to 1 if you have the header file. */ ++#undef HAVE_SELINUX_LABEL_H ++ +/* Define to 1 if you have the header file. */ +#undef HAVE_SELINUX_SELINUX_H + /* Define to 1 if you have the header file. */ #undef HAVE_SEMAPHORE_H -@@ -401,6 +404,9 @@ +@@ -401,6 +407,9 @@ /* Define to 1 if you have the `setegid' function. */ #undef HAVE_SETEGID @@ -182,7 +187,7 @@ diff -up krb5-1.7/src/include/autoconf.h.in krb5-1.7/src/include/autoconf.h.in /* Define to 1 if you have the `setenv' function. */ #undef HAVE_SETENV -@@ -768,6 +774,10 @@ +@@ -768,6 +777,10 @@ /* Define if the KDC should use a replay cache */ #undef USE_RCACHE @@ -536,7 +541,7 @@ diff -up krb5-1.7/src/util/support/Makefile.in krb5-1.7/src/util/support/Makefil diff -up /dev/null krb5-1.7/src/util/support/selinux.c --- /dev/null 2009-06-04 10:34:55.169007373 -0400 +++ krb5-1.7/src/util/support/selinux.c 2009-06-04 13:47:20.000000000 -0400 -@@ -0,0 +1,300 @@ +@@ -0,0 +1,314 @@ +/* + * Copyright 2007,2008,2009 Red Hat, Inc. All Rights Reserved. + * @@ -588,7 +593,9 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c +#include +#include +#include ++#ifdef HAVE_SELINUX_LABEL_H +#include ++#endif + +/* #define DEBUG 1 */ + @@ -607,8 +614,10 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c +push_fscreatecon(const char *pathname, mode_t mode) +{ + security_context_t previous, next; -+ struct selabel_handle *ctx; + const char *fullpath; ++#ifdef HAVE_SELINUX_LABEL_H ++ struct selabel_handle *ctx; ++#endif + + previous = NULL; + if (is_selinux_enabled()) { @@ -648,6 +657,7 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c + "\"%s\"(%05o).\n", fullpath, mode); + } +#endif ++#ifdef HAVE_SELINUX_LABEL_H + ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0); + if (ctx != NULL) { + if (selabel_lookup(ctx, &next, @@ -661,6 +671,15 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c + } + selabel_close(ctx); + } ++#else ++ if (matchpathcon(fullpath, mode, &next) != 0) { ++ free(genpath); ++ if (previous != NULL) { ++ freecon(previous); ++ } ++ return NULL; ++ } ++#endif + free(genpath); +#ifdef DEBUG + if (isatty(fileno(stderr))) { diff --git a/krb5.spec b/krb5.spec index e149d4b..36db0c0 100644 --- a/krb5.spec +++ b/krb5.spec @@ -85,7 +85,9 @@ URL: http://web.mit.edu/kerberos/www/ Group: System Environment/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf, bison, flex, gawk +%if 0%{?fedora} >= 12 BuildRequires: libcom_err-devel, libss-devel +%endif BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar BuildRequires: tetex-latex BuildRequires: keyutils-libs-devel @@ -107,7 +109,10 @@ practice of cleartext passwords. %package devel Summary: Development files needed to compile Kerberos 5 programs Group: Development/Libraries -Requires: %{name}-libs = %{version}-%{release}, libcom_err-devel +Requires: %{name}-libs = %{version}-%{release} +%if 0%{?fedora} >= 12 +Requires: libcom_err-devel +%endif Requires: keyutils-libs-devel, libselinux-devel %description devel @@ -210,7 +215,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog -* Tue Oct 13 2009 Nalin Dahyabhai - 1.7-9 +* Fri Oct 23 2009 Nalin Dahyabhai - 1.7-9 +- add some conditional logic to simplify building on older Fedora releases + +* Tue Oct 13 2009 Nalin Dahyabhai - don't forget the README * Mon Sep 14 2009 Nalin Dahyabhai - 1.7-8 @@ -1537,7 +1545,11 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`" CC="%{__cc}" \ CFLAGS="$CFLAGS" \ CPPFLAGS="$CPPFLAGS" \ +%if 0%{?fedora} >= 7 SS_LIB="-lss -ltinfo" \ +%else + SS_LIB="-lss -lncurses" \ +%endif --enable-shared \ --bindir=%{krb5prefix}/bin \ --mandir=%{krb5prefix}/man \