rpms/cyphesis/devel cyphesis-0.5.8-init.patch, NONE, 1.1 cyphesis-0.5.8-postgresinit.patch, NONE, 1.1 cyphesis.fc, NONE, 1.1 cyphesis.if, NONE, 1.1 cyphesis.spec, NONE, 1.1 cyphesis.te, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
Michael Thomas (wart)
fedora-extras-commits at redhat.com
Thu Aug 31 15:28:29 UTC 2006
Author: wart
Update of /cvs/extras/rpms/cyphesis/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8803/devel
Modified Files:
.cvsignore sources
Added Files:
cyphesis-0.5.8-init.patch cyphesis-0.5.8-postgresinit.patch
cyphesis.fc cyphesis.if cyphesis.spec cyphesis.te
Log Message:
auto-import cyphesis-0.5.9-2 on branch devel from cyphesis-0.5.9-2.src.rpm
cyphesis-0.5.8-init.patch:
--- NEW FILE cyphesis-0.5.8-init.patch ---
--- cyphesis.init.orig 2006-07-31 19:10:56.000000000 -0700
+++ cyphesis.init 2006-08-10 17:17:00.000000000 -0700
@@ -23,6 +23,12 @@
start() {
# Start the daemon.
+ if selinuxenabled ; then
+ /usr/sbin/semanage port -a -t cyphesis_port_t -p tcp 6767 &>/dev/null || :
+ /usr/sbin/semanage port -a -t cyphesis_port_t -p tcp 6769 &>/dev/null || :
+ /usr/sbin/semanage port -a -t cyphesis_port_t -p udp 32771 &>/dev/null || :
+ fi
+
# Make sure postgres superuser exists
if ! su $POSTGRESUSER -c true >/dev/null 2>&1; then
echo
@@ -96,8 +102,24 @@
else
echo_failure
echo
+ return $RETVAL
fi
echo
+
+ if [ "$POPULATE_WORLD" == "1" ] ; then
+ echo -n $"Populating cyphesis world: "
+
+ # Populate the world with game data
+ su $CYPHESISUSER -c "/usr/bin/cyclient" >/dev/null 2>&1
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ]; then
+ echo_success
+ else
+ echo_failure
+ fi
+ echo
+ fi
+
return $RETVAL
}
@@ -107,7 +129,13 @@
killproc cyphesis
RETVAL=$?
echo
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/cyphesis
+ if [ $RETVAL -eq 0 ] ; then
+ rm -f /var/lock/subsys/cyphesis
+ /usr/sbin/semanage port -d -t cyphesis_port_t -p tcp 6767 &>/dev/null || :
+ /usr/sbin/semanage port -d -t cyphesis_port_t -p tcp 6769 &>/dev/null || :
+ /usr/sbin/semanage port -d -t cyphesis_port_t -p udp 32771 &>/dev/null || :
+ fi
+
return $RETVAL
}
cyphesis-0.5.8-postgresinit.patch:
--- NEW FILE cyphesis-0.5.8-postgresinit.patch ---
--- cyphesis.init.orig 2006-07-31 19:10:56.000000000 -0700
+++ cyphesis.init 2006-08-10 15:45:57.000000000 -0700
@@ -45,7 +45,7 @@
# Make sure the user has a postgres account
if ! su $CYPHESISUSER -c "psql -c \"\" template1" >/dev/null 2>&1; then
echo -n $"Creating PostgreSQL account: "
- su $POSTGRESUSER -c "createuser -A -d $CYPHESISUSER" >/dev/null 2>&1
+ su $POSTGRESUSER -c "createuser -S -R -d $CYPHESISUSER" >/dev/null 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo_success
--- NEW FILE cyphesis.fc ---
# cyphesis executable will have:
# label: system_u:object_r:cyphesis_exec_t
# MLS sensitivity: s0
# MCS categories: <none>
/usr/bin/cyphesis -- gen_context(system_u:object_r:cyphesis_exec_t,s0)
--- NEW FILE cyphesis.if ---
## <summary>policy for cyphesis</summary>
########################################
## <summary>
## Execute a domain transition to run cyphesis.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`cyphesis_domtrans',`
gen_require(`
type cyphesis_t, cyphesis_exec_t;
')
domain_auto_trans($1,cyphesis_exec_t,cyphesis_t)
allow $1 cyphesis_t:fd use;
allow cyphesis_t $1:fd use;
allow cyphesis_t $1:fifo_file rw_file_perms;
allow cyphesis_t $1:process sigchld;
')
--- NEW FILE cyphesis.spec ---
%define selinux_variants mls strict targeted
%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
Name: cyphesis
Version: 0.5.9
Release: 2%{?dist}
Summary: WorldForge game server
Group: System Environment/Libraries
License: GPL
URL: http://www.worldforge.org
Source0: http://dl.sourceforge.net/worldforge/%{name}-%{version}.tar.gz
Source1: cyphesis.te
Source2: cyphesis.if
Source3: cyphesis.fc
Patch0: cyphesis-0.5.8-postgresinit.patch
Patch1: cyphesis-0.5.8-init.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: python-devel libgcrypt-devel pkgconfig atlascpp-devel
BuildRequires: varconf-devel libsigc++20-devel mercator-devel skstream-devel
BuildRequires: postgresql-devel readline-devel avahi-devel
%if "%{?fedora}" == "5"
BuildRequires: checkpolicy selinux-policy >= 2.2.40 m4 hardlink
%else
BuildRequires: checkpolicy selinux-policy-devel hardlink
%endif
%if "%{selinux_policyver}" != ""
Requires: selinux-policy >= %{selinux_policyver}
%endif
Requires: postgresql-server
Requires(post): /sbin/chkconfig
Requires(post): /sbin/service
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
Requires(postun): /sbin/service
%description
Cyphesis is a WorldForge server suitable running small games. It is also
designed by be used as an AI subsystem in a network of distributed servers. It
includes a terrain engine based on the Mercator library, a persistence system
based on PostgreSQL, and an AI engine using goal trees implemented in Python.
It is the server used in most current WorldForge games.
%package selinux
Summary: SELinux policy files for the WorldForge game server
Group: Amusements/Games
Requires: %{name} = %{version}-%{release}
Requires(post): /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles
Requires(preun): /sbin/service /usr/sbin/semodule /usr/sbin/semanage /sbin/fixfiles /usr/sbin/setsebool
Requires(postun): /usr/sbin/semodule
%description selinux
SELinux policy files for the WorldForge game server
%prep
%setup -q
# It seems that the behavior of the postgres command 'createuser'
# became more interactive in FC6. We need to update the
# command line arguments to make it shut up.
%if 0%{?fedora} >= 6
%patch0
%endif
%patch1
chmod a-x rulesets/basic/world/objects/*/*.py
chmod a-x rulesets/basic/mind/dictlist.py
mkdir SELinux
cp %{SOURCE1} %{SOURCE2} %{SOURCE3} SELinux/
# Use a /etc/sysconfig/cyphesis variable to determine if
# we should load the world data into the cyphesis server
# via cyclient or not. This should allow us to use a single
# init.d script for both starting cyphesis and populating the world.
echo "POPULATE_WORLD=1" >> cyphesis.sysconfig
%build
%configure
make %{?_smp_mflags}
# Build the selinux policy file
pushd SELinux
for variant in %{selinux_variants}
do
make NAME=${variant} -f %{_datadir}/selinux/devel/Makefile
mv %{name}.pp %{name}.pp.${variant}
make NAME=${variant} -f %{_datadir}/selinux/devel/Makefile clean
done
popd
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
install -d %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{name}.init %{buildroot}%{_sysconfdir}/init.d/%{name}
install -d %{buildroot}%{_sysconfdir}/sysconfig
install -m 644 %{name}.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/%{name}
# Install selinux policies
pushd SELinux
for variant in %{selinux_variants}
do
install -d %{buildroot}%{_datadir}/selinux/${variant}
install -p -m 644 %{name}.pp.${variant} \
%{buildroot}%{_datadir}/selinux/${variant}/%{name}.pp
done
popd
# Hardlink identical policy module packages together
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
%check
make check
%pre
user_uid=`id -u cyphesis 2>/dev/null`
if [ x"$user_uid" = x ] ; then
useradd -r -d %{_datadir}/%{name} -M -c 'Cyphesis Game Server' \
cyphesis >/dev/null || :
fi
%post
/sbin/chkconfig --add cyphesis
%post selinux
# Install SELinux policy modules
for selinuxvariant in %{selinux_variants}
do
/usr/sbin/semodule -s ${selinuxvariant} -i \
%{_datadir}/selinux/${selinuxvariant}/%{name}.pp &> /dev/null || :
done
/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 6767 &> /dev/null || :
/usr/sbin/semanage port -a -t %{name}_port_t -p tcp 6769 &> /dev/null || :
/usr/sbin/semanage port -a -t %{name}_port_t -p udp 32771 &> /dev/null || :
/sbin/fixfiles -R %{name} restore || :
/sbin/service %{name} condrestart > /dev/null 2>&1 || :
%preun
if [ "$1" = "0" ]; then
/sbin/service cyphesis stop > /dev/null 2>&1
/sbin/chkconfig --del cyphesis
fi
%preun selinux
if [ "$1" -lt "1" ] ; then
# Disable the policy and restart the daemon
/usr/sbin/setsebool %{name}_disable_trans 1 &> /dev/null || :
/sbin/service %{name} condrestart > /dev/null 2>&1 || :
# Unload the module
/usr/sbin/semanage port -d -t %{name}_port_t -p tcp 6767 &> /dev/null || :
/usr/sbin/semanage port -d -t %{name}_port_t -p tcp 6769 &> /dev/null || :
/usr/sbin/semanage port -d -t %{name}_port_t -p udp 32771 &> /dev/null || :
for variant in %{selinux_variants} ; do
/usr/sbin/semodule -s ${variant} -r %{name} &> /dev/null || :
done
# Set the context back
/sbin/fixfiles -R %{name} restore || :
fi
%postun
if [ "$1" -ge "1" ]; then
/sbin/service cyphesis condrestart >/dev/null 2>&1
fi
%postun selinux
if [ "$1" -ge "1" ] ; then
# Replace the module if it is already loaded. semodule -u also
# checks the module version
for variant in %{selinux_variants} ; do
/usr/sbin/semodule -u %{_datadir}/selinux/${variant}/%{name}.pp || :
done
fi
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%doc AUTHORS ChangeLog COPYING README NEWS THANKS TODO
%{_bindir}/cy*
%{_mandir}/man1/*.1.gz
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/*
%{_sysconfdir}/init.d/%{name}
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%{_datadir}/%{name}
%files selinux
%defattr(-,root,root,-)
%doc SELinux/*.??
%{_datadir}/selinux/*/%{name}.pp
%changelog
* Mon Aug 28 2006 Wart <wart at kobold.org> 0.5.9-2
- Use more globs in %%files section
- Remove unused -devel subpackage declaration
* Sat Aug 26 2006 Wart <wart at kobold.org> 0.5.9-1
- Update to 0.5.9
* Sat Aug 5 2006 Wart <wart at kobold.org> 0.5.8-5
- Move semanage calls to the init script so that we can be sure they are
called if a system manager turns selinux on or off between installing
the package and starting it.
- Remove FC4 bits from the spec file
- unghost the .pyo files per the recent packaging committee decision
- Don't bother explicitly creating a group for the cyphesis user
* Thu Aug 3 2006 Wart <wart at kobold.org> 0.5.8-4
- Use find+sed in %%install instead of enumerating directories in %%files
- Remove the use of fedora-usermgmt. There's no need.
* Tue Aug 1 2006 Wart <wart at kobold.org> 0.5.8-3
- Clean up %%files
* Tue Aug 1 2006 Wart <wart at kobold.org> 0.5.8-2
- Fix -init patch that was missing some key changes.
* Tue Aug 1 2006 Wart <wart at kobold.org> 0.5.8-1
- Initial spec file for Fedora Extras
--- NEW FILE cyphesis.te ---
policy_module(cyphesis,1.0.0)
########################################
#
# Declarations
#
gen_require(`
type port_t;
type system_dbusd_var_run_t;
type urandom_device_t;
type krb5_conf_t;
attribute port_type;
')
type cyphesis_port_t, port_type;
type cyphesis_t;
type cyphesis_exec_t;
domain_type(cyphesis_t)
# To disable the transition to the protected domain (which
# effectively disables the policy), use:
# setsebool cyphesis_disable_trans 1
init_daemon_domain(cyphesis_t, cyphesis_exec_t)
# pid files
type cyphesis_var_run_t;
files_pid_file(cyphesis_var_run_t)
# log files
type cyphesis_var_log_t;
logging_log_file(cyphesis_var_log_t)
########################################
#
# cyphesis local policy
#
# Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules.
# Note: /usr/share/selinux/devel/include/support/obj_perm_sets.spt contains
# the definitions of many permissions, such as 'rw_dir_perms'
# Some common macros (you might be able to remove some)
corecmd_dontaudit_search_sbin(cyphesis_t)
corecmd_search_bin(cyphesis_t)
corecmd_getattr_bin_files(cyphesis_t)
files_read_usr_files(cyphesis_t)
files_read_etc_files(cyphesis_t)
libs_use_ld_so(cyphesis_t)
libs_use_shared_libs(cyphesis_t)
miscfiles_read_localization(cyphesis_t)
## internal communication is often done using fifo and unix sockets.
allow cyphesis_t self:fifo_file { read write };
allow cyphesis_t self:unix_stream_socket create_stream_socket_perms;
# pid file
allow cyphesis_t cyphesis_var_run_t:file manage_file_perms;
allow cyphesis_t cyphesis_var_run_t:sock_file manage_file_perms;
allow cyphesis_t cyphesis_var_run_t:dir rw_dir_perms;
files_pid_filetrans(cyphesis_t,cyphesis_var_run_t, { file sock_file })
# log files
allow cyphesis_t cyphesis_var_log_t:file create_file_perms;
allow cyphesis_t cyphesis_var_log_t:sock_file create_file_perms;
allow cyphesis_t cyphesis_var_log_t:dir { rw_dir_perms setattr };
logging_log_filetrans(cyphesis_t,cyphesis_var_log_t,{ sock_file file dir })
logging_send_syslog_msg(cyphesis_t)
## Networking basics (adjust to your needs!)
sysnet_dns_name_resolve(cyphesis_t)
corenet_tcp_sendrecv_all_if(cyphesis_t)
corenet_tcp_sendrecv_all_nodes(cyphesis_t)
corenet_non_ipsec_sendrecv(cyphesis_t)
corenet_tcp_bind_all_nodes(cyphesis_t)
allow cyphesis_t self:tcp_socket { listen accept };
# The application expects cyphesis_port_t to be port 13327.
# The port is defined using semanage:
# semanage port -a -t cyphesis_port_t -p tcp 6767
# semanage port -a -t cyphesis_port_t -p tcp 6769
# semanage port -a -t cyphesis_port_t -p udp 32771
allow cyphesis_t cyphesis_port_t:tcp_socket { name_bind };
corenet_tcp_sendrecv_all_ports(cyphesis_t)
# ??
allow cyphesis_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
allow cyphesis_t self:unix_dgram_socket { connect create write };
# Init script handling
init_use_fds(cyphesis_t)
init_use_script_ptys(cyphesis_t)
domain_use_interactive_fds(cyphesis_t)
# Misc rules that are needed. I don't understand the meaning of some
# of these, and for others I don't yet understand why the game needs
# them
kernel_read_kernel_sysctls(cyphesis_t)
term_dontaudit_use_generic_ptys(cyphesis_t)
# cyphesis wants to talk to avahi via dbus
avahi_dbus_chat(avahi_t)
avahi_dbus_chat(cyphesis_t)
dbus_send_system_bus(cyphesis_t)
postgresql_stream_connect(cyphesis_t)
allow cyphesis_t system_dbusd_t:unix_stream_socket connectto;
allow cyphesis_t system_dbusd_var_run_t:dir search;
allow cyphesis_t system_dbusd_var_run_t:sock_file write;
allow cyphesis_t self:process { setsched signal };
files_manage_generic_tmp_files(cyphesis_t)
allow cyphesis_t tmp_t:sock_file create;
allow cyphesis_t urandom_device_t:chr_file { getattr ioctl read };
allow cyphesis_t krb5_conf_t:file { getattr read };
allow cyphesis_t proc_t:file { getattr read };
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/cyphesis/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore 31 Aug 2006 15:27:38 -0000 1.1
+++ .cvsignore 31 Aug 2006 15:28:29 -0000 1.2
@@ -0,0 +1 @@
+cyphesis-0.5.9.tar.gz
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/cyphesis/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 31 Aug 2006 15:27:38 -0000 1.1
+++ sources 31 Aug 2006 15:28:29 -0000 1.2
@@ -0,0 +1 @@
+afb0a55d508b85e6152c4169caa432ff cyphesis-0.5.9.tar.gz
More information about the fedora-extras-commits
mailing list