1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add SELinux checks from distribution-specific spec file, missed in

Browse Source 
previous.

Convert some shell bits to standard 2-space indent, 80 columns, etc.
This commit is contained in:
Jonathan Perkin 2010-06-01 10:24:38 +01:00
parent 9c960ecff1
commit 99b5ca1f20
1 changed files with 87 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
support-files/mysql.spec.sh
View File

@ -415,8 +415,9 @@ mkdir debug
-e 's/ -ip / /' \ -e 's/ -ip / /' \
-e 's/^ //' \ -e 's/^ //' \
-e 's/ $//'` -e 's/ $//'`
# XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included before # XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included
# XXX: install_layout so we can't just set it based on INSTALL_LAYOUT=RPM # XXX: before install_layout so we can't just set it based on
# XXX: INSTALL_LAYOUT=RPM
${CMAKE} ../%{src_dir} -DBUILD_CONFIG=mysql_release -DINSTALL_LAYOUT=RPM \ ${CMAKE} ../%{src_dir} -DBUILD_CONFIG=mysql_release -DINSTALL_LAYOUT=RPM \
-DCMAKE_BUILD_TYPE=Debug \ -DCMAKE_BUILD_TYPE=Debug \
-DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \ -DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \
@ -429,8 +430,9 @@ mkdir debug
mkdir release mkdir release
( (
cd release cd release
# XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included before # XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included
# XXX: install_layout so we can't just set it based on INSTALL_LAYOUT=RPM # XXX: before install_layout so we can't just set it based on
# XXX: INSTALL_LAYOUT=RPM
${CMAKE} ../%{src_dir} -DBUILD_CONFIG=mysql_release -DINSTALL_LAYOUT=RPM \ ${CMAKE} ../%{src_dir} -DBUILD_CONFIG=mysql_release -DINSTALL_LAYOUT=RPM \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \ -DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \ -DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \
@ -487,8 +489,10 @@ install -d $RBR%{_sbindir}
mv -v $RBR/%{_libdir}/*.a $RBR/%{_libdir}/mysql/ mv -v $RBR/%{_libdir}/*.a $RBR/%{_libdir}/mysql/
# Install logrotate and autostart # Install logrotate and autostart
install -m 644 $MBD/release/support-files/mysql-log-rotate $RBR%{_sysconfdir}/logrotate.d/mysql install -m 644 $MBD/release/support-files/mysql-log-rotate \
install -m 755 $MBD/release/support-files/mysql.server $RBR%{_sysconfdir}/init.d/mysql $RBR%{_sysconfdir}/logrotate.d/mysql
install -m 755 $MBD/release/support-files/mysql.server \
$RBR%{_sysconfdir}/init.d/mysql
# Create a symlink "rcmysql", pointing to the init.script. SuSE users # Create a symlink "rcmysql", pointing to the init.script. SuSE users
# will appreciate that, as all services usually offer this. # will appreciate that, as all services usually offer this.
@ -506,7 +510,8 @@ install -m 600 $MBD/%{src_dir}/support-files/RHEL4-SElinux/mysql.{fc,te} \
# Even though this is a shared library, put it under /usr/lib*/mysql, so it # Even though this is a shared library, put it under /usr/lib*/mysql, so it
# doesn't conflict with possible shared lib by the same name in /usr/lib*. See # doesn't conflict with possible shared lib by the same name in /usr/lib*. See
# `mysql_config --variable=pkglibdir` and mysqld_safe for how this is used. # `mysql_config --variable=pkglibdir` and mysqld_safe for how this is used.
install -m 644 "%{malloc_lib_source}" "$RBR%{_libdir}/mysql/%{malloc_lib_target}" install -m 644 "%{malloc_lib_source}" \
"$RBR%{_libdir}/mysql/%{malloc_lib_target}"
%endif %endif
# Remove man pages we explicitly do not want to package, avoids 'unpackaged # Remove man pages we explicitly do not want to package, avoids 'unpackaged
@ -530,15 +535,19 @@ if [ $? -eq 0 -a -n "$installed" ]; then
myvendor='%{mysql_vendor}' myvendor='%{mysql_vendor}'
myversion='%{mysql_version}' myversion='%{mysql_version}'
old_family=`echo $version | sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'` old_family=`echo $version \
new_family=`echo $myversion | sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'` | sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'`
new_family=`echo $myversion \
| sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'`
[ -z "$vendor" ] && vendor='<unknown>' [ -z "$vendor" ] && vendor='<unknown>'
[ -z "$old_family" ] && old_family="<unrecognized version $version>" [ -z "$old_family" ] && old_family="<unrecognized version $version>"
[ -z "$new_family" ] && new_family="<bad package specification: version $myversion>" [ -z "$new_family" ] && new_family="<bad package specification: version $myversion>"
error_text= error_text=
if [ "$vendor" != "$myoldvendor" -a "$vendor" != "$myvendor_2" -a "$vendor" != "$myvendor" ]; then if [ "$vendor" != "$myoldvendor" \
-a "$vendor" != "$myvendor_2" \
-a "$vendor" != "$myvendor" ]; then
error_text="$error_text error_text="$error_text
The current MySQL server package is provided by a different The current MySQL server package is provided by a different
vendor ($vendor) than $myoldvendor, $myvendor_2, or $myvendor. vendor ($vendor) than $myoldvendor, $myvendor_2, or $myvendor.
@ -619,8 +628,10 @@ fi
# exists. # exists.
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
groupadd -r %{mysqld_group} 2> /dev/null || true groupadd -r %{mysqld_group} 2> /dev/null || true
useradd -M -r -d $mysql_datadir -s /bin/bash -c "MySQL server" -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true useradd -M -r -d $mysql_datadir -s /bin/bash -c "MySQL server" \
# The user may already exist, make sure it has the proper group nevertheless (BUG#12823) -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true
# The user may already exist, make sure it has the proper group nevertheless
# (BUG#12823)
usermod -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true usermod -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
@ -649,18 +660,52 @@ chown -R %{mysqld_user}:%{mysqld_group} $mysql_datadir
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
chmod -R og-rw $mysql_datadir/mysql chmod -R og-rw $mysql_datadir/mysql
# ----------------------------------------------------------------------
# install SELinux files - but don't override existing ones
# ----------------------------------------------------------------------
SETARGETDIR=/etc/selinux/targeted/src/policy
SEDOMPROG=$SETARGETDIR/domains/program
SECONPROG=$SETARGETDIR/file_contexts/program
if [ -f /etc/redhat-release ] \
&& (grep -q "Red Hat Enterprise Linux .. release 4" /etc/redhat-release \
|| grep -q "CentOS release 4" /etc/redhat-release) ; then
echo
echo
echo 'Notes regarding SELinux on this platform:'
echo '========================================='
echo
echo 'The default policy might cause server startup to fail because it is'
echo 'not allowed to access critical files. In this case, please update'
echo 'your installation.'
echo
echo 'The default policy might also cause inavailability of SSL related'
echo 'features because the server is not allowed to access /dev/random'
echo 'and /dev/urandom. If this is a problem, please do the following:'
echo
echo ' 1) install selinux-policy-targeted-sources from your OS vendor'
echo ' 2) add the following two lines to '$SEDOMPROG/mysqld.te':'
echo ' allow mysqld_t random_device_t:chr_file read;'
echo ' allow mysqld_t urandom_device_t:chr_file read;'
echo ' 3) cd to '$SETARGETDIR' and issue the following command:'
echo ' make load'
echo
echo
fi
if [ -x sbin/restorecon ] ; then
sbin/restorecon -R var/lib/mysql
fi
# Restart in the same way that mysqld will be started normally. # Restart in the same way that mysqld will be started normally.
if [ -x %{_sysconfdir}/init.d/mysql ] ; then
%{_sysconfdir}/init.d/mysql start %{_sysconfdir}/init.d/mysql start
echo "Giving mysqld 2 seconds to start"
sleep 2
fi
# Allow mysqld_safe to start mysqld and print a message before we exit # Allow mysqld_safe to start mysqld and print a message before we exit
sleep 2 sleep 2
#echo "Thank you for installing the MySQL Community Server! For Production
#systems, we recommend MySQL Enterprise, which contains enterprise-ready
#software, intelligent advisory services, and full production support with
#scheduled service packs and more. Visit www.mysql.com/enterprise for more
#information."
%preun -n MySQL-server%{product_suffix} %preun -n MySQL-server%{product_suffix}
if [ $1 = 0 ] ; then if [ $1 = 0 ] ; then
# Stop MySQL before uninstalling it # Stop MySQL before uninstalling it
@ -684,7 +729,8 @@ fi
# Clean up the BuildRoot after build is done # Clean up the BuildRoot after build is done
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
%clean %clean
[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT; [ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] \
&& rm -rf $RPM_BUILD_ROOT;
############################################################################## ##############################################################################
# Files section # Files section
@ -865,6 +911,10 @@ fi
# merging BK trees) # merging BK trees)
############################################################################## ##############################################################################
%changelog %changelog
* Tue Jun 1 2010 Jonathan Perkin <jonathan.perkin@oracle.com>
- Implement SELinux checks from distribution-specific spec file.
* Wed May 12 2010 Jonathan Perkin <jonathan.perkin@oracle.com> * Wed May 12 2010 Jonathan Perkin <jonathan.perkin@oracle.com>
- Large number of changes to build using CMake - Large number of changes to build using CMake