rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

add some conditional logic to simplify building on older Fedora releases

Browse Source
This commit is contained in:
Nalin Dahyabhai 2009-10-23 20:29:53 +00:00
parent 0abe2288c5
commit c6f29fd1c4
2 changed files with 42 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
krb5-1.7-selinux-label.patch
View File

@ -42,7 +42,7 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.7/src/aclocal.m4
KRB5_LIB_PARAMS
KRB5_AC_INITFINI
KRB5_AC_ENABLE_THREADS
@@ -1876,3 +1877,51 @@ AC_SUBST(PAM_LIBS)
@@ -1876,3 +1877,53 @@ AC_SUBST(PAM_LIBS)
AC_SUBST(manlibexecdir)
AC_CONFIG_FILES($1)
])
@ -56,7 +56,7 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.7/src/aclocal.m4
+if test "$withselinux" != no ; then
+ AC_MSG_RESULT([checking for libselinux...])
+ SELINUX_LIBS=
+ AC_CHECK_HEADERS(selinux/selinux.h)
+ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h)
+ if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then
+ if test "$withselinux" = auto ; then
+ AC_MSG_RESULT([Unable to locate selinux/selinux.h.])
@ -68,11 +68,13 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.7/src/aclocal.m4
+
+ LIBS=
+ unset ac_cv_func_setfscreatecon
+ AC_CHECK_FUNCS(setfscreatecon)
+ AC_CHECK_FUNCS(setfscreatecon selabel_open)
+ if test "x$ac_cv_func_setfscreatecon" = xno ; then
+ AC_CHECK_LIB(selinux,setfscreatecon)
+ AC_CHECK_LIB(selinux,selabel_open)
+ unset ac_cv_func_setfscreatecon
+ AC_CHECK_FUNCS(setfscreatecon)
+ unset ac_cv_func_selabel_open
+ AC_CHECK_FUNCS(setfscreatecon selabel_open)
+ if test "x$ac_cv_func_setfscreatecon" = xyes ; then
+ SELINUX_LIBS="$LIBS"
+ else
@ -162,17 +164,20 @@ diff -up krb5-1.7/src/configure.in krb5-1.7/src/configure.in
diff -up krb5-1.7/src/include/autoconf.h.in krb5-1.7/src/include/autoconf.h.in
--- krb5-1.7/src/include/autoconf.h.in 2009-06-01 20:58:35.000000000 -0400
+++ krb5-1.7/src/include/autoconf.h.in 2009-06-04 13:47:20.000000000 -0400
@@ -389,6 +389,9 @@
@@ -389,6 +389,12 @@
/* Define to 1 if you have the `sched_yield' function. */
#undef HAVE_SCHED_YIELD
+/* Define to 1 if you have the <selinux/label.h> header file. */
+#undef HAVE_SELINUX_LABEL_H
+
+/* Define to 1 if you have the <selinux/selinux.h> header file. */
+#undef HAVE_SELINUX_SELINUX_H
+
/* Define to 1 if you have the <semaphore.h> header file. */
#undef HAVE_SEMAPHORE_H
@@ -401,6 +404,9 @@
@@ -401,6 +407,9 @@
/* Define to 1 if you have the `setegid' function. */
#undef HAVE_SETEGID
@ -182,7 +187,7 @@ diff -up krb5-1.7/src/include/autoconf.h.in krb5-1.7/src/include/autoconf.h.in
/* Define to 1 if you have the `setenv' function. */
#undef HAVE_SETENV
@@ -768,6 +774,10 @@
@@ -768,6 +777,10 @@
/* Define if the KDC should use a replay cache */
#undef USE_RCACHE
@ -536,7 +541,7 @@ diff -up krb5-1.7/src/util/support/Makefile.in krb5-1.7/src/util/support/Makefil
diff -up /dev/null krb5-1.7/src/util/support/selinux.c
--- /dev/null 2009-06-04 10:34:55.169007373 -0400
+++ krb5-1.7/src/util/support/selinux.c 2009-06-04 13:47:20.000000000 -0400
@@ -0,0 +1,300 @@
@@ -0,0 +1,314 @@
+/*
+ * Copyright 2007,2008,2009 Red Hat, Inc. All Rights Reserved.
+ *
@ -588,7 +593,9 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c
+#include <string.h>
+#include <unistd.h>
+#include <selinux/selinux.h>
+#ifdef HAVE_SELINUX_LABEL_H
+#include <selinux/label.h>
+#endif
+
+/* #define DEBUG 1 */
+
@ -607,8 +614,10 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c
+push_fscreatecon(const char *pathname, mode_t mode)
+{
+ security_context_t previous, next;
+ struct selabel_handle *ctx;
+ const char *fullpath;
+#ifdef HAVE_SELINUX_LABEL_H
+ struct selabel_handle *ctx;
+#endif
+
+ previous = NULL;
+ if (is_selinux_enabled()) {
@ -648,6 +657,7 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c
+ "\"%s\"(%05o).\n", fullpath, mode);
+ }
+#endif
+#ifdef HAVE_SELINUX_LABEL_H
+ ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (ctx != NULL) {
+ if (selabel_lookup(ctx, &next,
@ -661,6 +671,15 @@ diff -up /dev/null krb5-1.7/src/util/support/selinux.c
+ }
+ selabel_close(ctx);
+ }
+#else
+ if (matchpathcon(fullpath, mode, &next) != 0) {
+ free(genpath);
+ if (previous != NULL) {
+ freecon(previous);
+ }
+ return NULL;
+ }
+#endif
+ free(genpath);
+#ifdef DEBUG
+ if (isatty(fileno(stderr))) {

16
krb5.spec
View File

@ -85,7 +85,9 @@ URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, bison, flex, gawk
%if 0%{?fedora} >= 12
BuildRequires: libcom_err-devel, libss-devel
%endif
BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
BuildRequires: tetex-latex
BuildRequires: keyutils-libs-devel
@ -107,7 +109,10 @@ practice of cleartext passwords.
%package devel
Summary: Development files needed to compile Kerberos 5 programs
Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release}, libcom_err-devel
Requires: %{name}-libs = %{version}-%{release}
%if 0%{?fedora} >= 12
Requires: libcom_err-devel
%endif
Requires: keyutils-libs-devel, libselinux-devel
%description devel
@ -210,7 +215,10 @@ to obtain initial credentials from a KDC using a private key and a
certificate.
%changelog
* Tue Oct 13 2009 Nalin Dahyabhai <nalin@redhat.com> - 1.7-9
* Fri Oct 23 2009 Nalin Dahyabhai <nalin@redhat.com> - 1.7-9
- add some conditional logic to simplify building on older Fedora releases
* Tue Oct 13 2009 Nalin Dahyabhai <nalin@redhat.com>
- don't forget the README
* Mon Sep 14 2009 Nalin Dahyabhai <nalin@redhat.com> - 1.7-8
@ -1537,7 +1545,11 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
CC="%{__cc}" \
CFLAGS="$CFLAGS" \
CPPFLAGS="$CPPFLAGS" \
%if 0%{?fedora} >= 7
SS_LIB="-lss -ltinfo" \
%else
SS_LIB="-lss -lncurses" \
%endif
--enable-shared \
--bindir=%{krb5prefix}/bin \
--mandir=%{krb5prefix}/man \