From cd8c01206e0e141020b57b886e11bd30b9e82ac9 Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@fedoraproject.org>
Date: Fri, 28 Nov 2008 09:46:49 +0000
Subject: [PATCH] - removed all obsolete chroot related stuff - label control
 certs after generation correctly

---
 .cvsignore                   |  1 -
 sources                      |  1 -
 unbound-1.1.0-log_open.patch | 23 -----------------------
 unbound.init                 |  2 ++
 unbound.spec                 | 27 ++++++---------------------
 5 files changed, 8 insertions(+), 46 deletions(-)
 delete mode 100644 unbound-1.1.0-log_open.patch

diff --git a/.cvsignore b/.cvsignore
index ff63a74..6f452a2 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,2 +1 @@
-unbound-1.1.0.tar.gz
 unbound-1.1.1.tar.gz
diff --git a/sources b/sources
index 0aed98d..8dae7e0 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-f1c8110ed62e3aa0423e24b6c0f3a9c4  unbound-1.1.0.tar.gz
 43586f18b4d917887c92a35ff460c923  unbound-1.1.1.tar.gz
diff --git a/unbound-1.1.0-log_open.patch b/unbound-1.1.0-log_open.patch
deleted file mode 100644
index be8f9af..0000000
--- a/unbound-1.1.0-log_open.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -up unbound-1.1.0/daemon/daemon.c.log_open unbound-1.1.0/daemon/daemon.c
---- unbound-1.1.0/daemon/daemon.c.log_open	2008-11-19 15:36:53.000000000 +0100
-+++ unbound-1.1.0/daemon/daemon.c	2008-11-19 15:37:34.000000000 +0100
-@@ -417,7 +417,6 @@ daemon_fork(struct daemon* daemon)
- 	signal_handling_playback(daemon->workers[0]);
- 
- 	/* Start resolver service on main thread. */
--	log_info("start of service (%s).", PACKAGE_STRING);
- 	worker_work(daemon->workers[0]);
- 	log_info("service stopped (%s).", PACKAGE_STRING);
- 
-diff -up unbound-1.1.0/daemon/unbound.c.log_open unbound-1.1.0/daemon/unbound.c
---- unbound-1.1.0/daemon/unbound.c.log_open	2008-11-19 15:38:49.000000000 +0100
-+++ unbound-1.1.0/daemon/unbound.c	2008-11-19 15:39:11.000000000 +0100
-@@ -392,6 +392,8 @@ perform_setup(struct daemon* daemon, str
- 	(void)daemon;
- #endif
- 
-+	log_info("start of service (%s).", PACKAGE_STRING);
-+
- 	/* box into the chroot */
- #ifdef HAVE_CHROOT
- 	if(cfg->chrootdir && cfg->chrootdir[0]) {
diff --git a/unbound.init b/unbound.init
index a1e513d..3df6048 100644
--- a/unbound.init
+++ b/unbound.init
@@ -38,6 +38,8 @@ start() {
     then
 	echo -n $"Generating unbound control key and certificate: "
 	/usr/sbin/unbound-control-setup -d /etc/unbound/ > /dev/null 2> /dev/null
+	[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled && \
+	    [ -x /sbin/restorecon ] && /sbin/restorecon /etc/unbound/*
 	echo
     fi
 
diff --git a/unbound.spec b/unbound.spec
index f6bdd5b..3667960 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -1,9 +1,7 @@
-%define rootdir %{_localstatedir}/lib/%{name}
-
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.1.1
-Release: 0%{?dist}
+Release: 2%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -66,7 +64,6 @@ Contains libraries used by the unbound server and client applications
 %build
 %configure  --with-ldns= --with-libevent --with-pthreads --with-ssl \
             --disable-rpath --enable-debug --disable-static \
-            --with-run-dir=%{rootdir} \
             --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \
             --with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid
 %{__make} CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" QUIET=no %{?_smp_mflags}
@@ -74,7 +71,6 @@ Contains libraries used by the unbound server and client applications
 %install
 rm -rf %{buildroot}
 %{__make} DESTDIR=%{buildroot} install
-install -d 0755 %{buildroot}%{rootdir}
 install -d 0755 %{buildroot}%{_initrddir}
 install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound
 install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound
@@ -101,8 +97,6 @@ rm -rf ${RPM_BUILD_ROOT}
 %attr(0755,root,root) %{_initrddir}/%{name}
 %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
-# the chroot env
-%attr(0755,root,root) %dir %{rootdir}
 %{_sbindir}/*
 %{_mandir}/*/*
 
@@ -125,26 +119,13 @@ rm -rf ${RPM_BUILD_ROOT}
 %pre
 getent group unbound >/dev/null || groupadd -r unbound
 getent passwd unbound >/dev/null || \
-useradd -r -g unbound -d %{rootdir} -s /sbin/nologin \
+useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
 -c "Unbound DNS resolver" unbound
 exit 0
 
 %post 
 /sbin/chkconfig --add %{name}
 
-# if our config lives in /var/lib/unbound, move it to /etc/unbound/unbound.conf
-if [ -f %{_localstatedir}/lib/%{name}/unbound.conf ]; then
-     rm -f %{_sysconfdir}/unbound.conf.rpmnew
-     mv  %{_sysconfdir}/unbound.conf  %{_sysconfdir}/unbound.conf.rpmnew
-     mv %{_localstatedir}/lib/%{name}/unbound.conf %{_sysconfdir}/unbound.conf
-     if [ -L %{_sysconfdir}/unbound.conf ]; then
-          rm -f %{_sysconfdir}/unbound.conf
-     fi
-fi
-# Remove old chroot stuff - not using rootdir in purpose in case it changes
-rm -rf %{_localstatedir}/lib/%{name}/dev %{_localstatedir}/lib/%{name}/etc \
-       %{_localstatedir}/lib/%{name}/var
-
 %post libs -p /sbin/ldconfig
 
 
@@ -162,6 +143,10 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2
+- removed all obsolete chroot related stuff
+- label control certs after generation correctly
+
 * Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1
 - Updated to unbound 1.1.1 which fixes a crasher and
   addresses nlnetlabs bug #219