rpms/icecream/F-8 icecream.csh.in, NONE, 1.1 icecream.fc, NONE, 1.1 icecream.if, NONE, 1.1 icecream.sh.in, NONE, 1.1 icecream.te, NONE, 1.1 initscript-iceccd, NONE, 1.1 initscript-scheduler, NONE, 1.1 icecream.spec, 1.1, 1.2 icecream-add-initscripts.patch, 1.1, NONE

[Michal Schmidt (michich)]

Author: michich

Update of /cvs/pkgs/rpms/icecream/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20245

Modified Files:
	icecream.spec 
Added Files:
	icecream.csh.in icecream.fc icecream.if icecream.sh.in 
	icecream.te initscript-iceccd initscript-scheduler 
Removed Files:
	icecream-add-initscripts.patch 
Log Message:
* Tue Nov 27 2007 Michal Schmidt <mschmidt at redhat.com> - 0.8.0-5.20071101svn
- SELinux: Allow iceccd to contact the scheduler via UDP.
- Don't add icecream to PATH in the profile scripts if ccache is installed
  to avoid recursive invocations (bz #377761).

* Tue Nov 20 2007 Michal Schmidt <mschmidt at redhat.com> - 0.8.0-4.20071101svn
- Add a SELinux policy for iceccd
- Initscripts as sources instead of patches in the .spec file
- Don't touch /var/log/iceccd in the initscript. Let iceccd create it.

* Mon Nov 12 2007 Michal Schmidt <mschmidt at redhat.com> - 0.8.0-3.20071101svn
- Add icecc to $PATH using scripts in profile.d




--- NEW FILE icecream.csh.in ---
# If icecream and ccache are installed, we must not put both in PATH
# to prevent recursive invocations.
# Note: ccache.csh (if present) will be sourced before icecream.csh

if ( "$path" !~ *@LIBDIR@/icecc/bin* && "$path" !~ *@LIBDIR@/ccache* ) then
	set path = ( @LIBDIR@/icecc/bin "$path" )
endif


--- NEW FILE icecream.fc ---
# myapp executable will have:
# label: system_u:object_r:myapp_exec_t
# MLS sensitivity: s0
# MCS categories: <none>

/usr/sbin/iceccd			--	gen_context(system_u:object_r:iceccd_exec_t,s0)
/usr/lib(64)?/icecc/icecc-create-env	--	gen_context(system_u:object_r:iceccd_helper_exec_t,s0)
/var/cache/icecream(/.*)?			gen_context(system_u:object_r:iceccd_cache_t,s0)
/var/log/iceccd				--	gen_context(system_u:object_r:iceccd_log_t,s0)
#/var/log/icecc-scheduler		--	gen_context(system_u:object_r:icecc_scheduler_log_t,s0)


--- NEW FILE icecream.if ---
## <summary>Icecream distributed compiler daemon</summary>


--- NEW FILE icecream.sh.in ---
# If icecream and ccache are installed, we must not put both in PATH
# to prevent recursive invocations.
# Note: ccache.sh (if present) will be sourced before icecream.sh

if ! echo "$PATH" | /bin/grep -q "@LIBDIR@/icecc/bin\|@LIBDIR@/ccache"
then
	PATH="@LIBDIR@/icecc/bin:$PATH"
fi


--- NEW FILE icecream.te ---

policy_module(icecream,0.0.35)

########################################
#
# Declarations
#

type iceccd_t;
type iceccd_exec_t;
init_daemon_domain(iceccd_t, iceccd_exec_t)

type iceccd_var_run_t;
files_pid_file(iceccd_var_run_t)

type iceccd_log_t;
logging_log_file(iceccd_log_t)

type iceccd_cache_t;
files_type(iceccd_cache_t)

type iceccd_tmp_t;
files_tmp_file(iceccd_tmp_t)

type iceccd_helper_t;
type iceccd_helper_exec_t;
domain_type(iceccd_helper_t)
domain_entry_file(iceccd_helper_t, iceccd_helper_exec_t)
role system_r types iceccd_helper_t;

# the cache contains foreign compilers and libraries
# the whole point of icecream is to run them...
type iceccd_untrusted_t;
domain_type(iceccd_untrusted_t);
domain_entry_file(iceccd_untrusted_t, iceccd_cache_t)
role system_r types iceccd_untrusted_t;

# XXX: something like this:
# network_port(iceccd, tcp,10245,s0)
#type iceccd_client_packet_t;
#type iceccd_server_packet_t;
# XXX: portcon only works in base policy module
#portcon tcp 10245 gen_context(system_u:object_r:iceccd_port_t, s0)

type iceccd_port_t;
type icecc_scheduler_port_t;
corenet_port(iceccd_port_t);
corenet_port(icecc_scheduler_port_t);

########################################
#
# Icecream local policy
#

allow iceccd_t self:process { signal_perms setsched setrlimit };
allow iceccd_t self:netlink_route_socket r_netlink_socket_perms;
allow iceccd_t self:tcp_socket create_stream_socket_perms;
allow iceccd_t self:udp_socket create_socket_perms;
allow iceccd_t iceccd_port_t:tcp_socket name_bind;
allow iceccd_t icecc_scheduler_port_t:tcp_socket { send_msg recv_msg name_connect };
allow iceccd_t icecc_scheduler_port_t:udp_socket { send_msg recv_msg };
allow iceccd_t self:fifo_file { read write ioctl getattr };
# why exactly?:
allow iceccd_t self:capability { chown dac_override fsetid kill };
allow iceccd_t self:capability { setgid setuid };
allow iceccd_t self:capability { sys_chroot };

allow iceccd_t iceccd_untrusted_t:process { siginh rlimitinh noatsecure };

allow iceccd_helper_t iceccd_t:process { sigchld };
allow iceccd_helper_t iceccd_log_t:file { append };
allow iceccd_helper_t self:fifo_file { read write ioctl getattr };
# needs investigating:
allow iceccd_helper_t iceccd_tmp_t:file { execute };

allow iceccd_untrusted_t iceccd_t:process { sigchld };
allow iceccd_untrusted_t iceccd_t:fifo_file { write };
allow iceccd_untrusted_t iceccd_t:unix_stream_socket { read write getattr };
allow iceccd_untrusted_t self:fifo_file { read write getattr };
allow iceccd_untrusted_t iceccd_cache_t:dir { search getattr write add_name remove_name };
allow iceccd_untrusted_t iceccd_cache_t:file { execute_no_trans write unlink create };

corenet_all_recvfrom_unlabeled(iceccd_t)
corenet_all_recvfrom_netlabel(iceccd_t)
corenet_tcp_sendrecv_all_if(iceccd_t)
corenet_udp_sendrecv_all_if(iceccd_t)
corenet_tcp_sendrecv_all_nodes(iceccd_t)
corenet_udp_sendrecv_all_nodes(iceccd_t)
# corenet_tcp_sendrecv_all_ports(iceccd_t)
# corenet_udp_sendrecv_all_ports(iceccd_t)
corenet_tcp_bind_all_nodes(iceccd_t)

manage_files_pattern(iceccd_t,iceccd_log_t,iceccd_log_t)
logging_log_filetrans(iceccd_t, iceccd_log_t, file)

manage_files_pattern(iceccd_t,iceccd_var_run_t,iceccd_var_run_t)
files_pid_filetrans(iceccd_t, iceccd_var_run_t, file)

# iceccd attempt to rmdir & mkdir /var/cache/icecream
# XXX: I should fix it instead.
files_dontaudit_write_var_dirs(iceccd_t)

manage_dirs_pattern(iceccd_t, iceccd_cache_t, iceccd_cache_t)
manage_files_pattern(iceccd_t, iceccd_cache_t, iceccd_cache_t)

manage_dirs_pattern(iceccd_helper_t, iceccd_cache_t, iceccd_cache_t)
manage_files_pattern(iceccd_helper_t, iceccd_cache_t, iceccd_cache_t)

libs_use_ld_so(iceccd_t)
libs_use_shared_libs(iceccd_t)

# for ldd
libs_exec_ld_so(iceccd_t)

files_read_etc_files(iceccd_t)
miscfiles_read_localization(iceccd_t)
kernel_read_system_state(iceccd_t)
sysnet_read_config(iceccd_t)
#files_read_usr_files(iceccd_t)

files_read_etc_files(iceccd_helper_t)
libs_use_ld_so(iceccd_helper_t)
libs_use_shared_libs(iceccd_helper_t)
miscfiles_read_localization(iceccd_helper_t)
corecmd_exec_bin(iceccd_helper_t)
corecmd_exec_shell(iceccd_helper_t)
dev_read_urand(iceccd_helper_t)
kernel_read_system_state(iceccd_helper_t)
files_read_usr_files(iceccd_helper_t)
libs_exec_ld_so(iceccd_helper_t)
libs_exec_lib_files(iceccd_helper_t)
nscd_socket_use(iceccd_helper_t)

# XXX: iceccd wants this every second. why?
fs_getattr_all_fs(iceccd_t)

corecmd_exec_bin(iceccd_t)
corecmd_read_bin_symlinks(iceccd_t)

# XXX: could iceccd be modified to not need this?
corecmd_exec_shell(iceccd_t)

# for mktemp
#dev_read_urand(iceccd_t)
files_getattr_tmp_dirs(iceccd_t)
files_search_tmp(iceccd_t)

manage_dirs_pattern(iceccd_t, iceccd_tmp_t, iceccd_tmp_t)
manage_files_pattern(iceccd_t, iceccd_tmp_t, iceccd_tmp_t)
files_tmp_filetrans(iceccd_t, iceccd_tmp_t, file)

manage_dirs_pattern(iceccd_helper_t, iceccd_tmp_t, iceccd_tmp_t)
manage_files_pattern(iceccd_helper_t, iceccd_tmp_t, iceccd_tmp_t)
files_tmp_filetrans(iceccd_helper_t, iceccd_tmp_t, file)
files_tmp_filetrans(iceccd_helper_t, iceccd_tmp_t, dir)

domain_auto_transition_pattern(iceccd_t, iceccd_helper_exec_t, iceccd_helper_t)
domain_auto_transition_pattern(iceccd_t, iceccd_cache_t, iceccd_untrusted_t)

userdom_dontaudit_getattr_sysadm_home_dirs(iceccd_t)
#userdom_dontaudit_getattr_sysadm_home_dirs(iceccd_helper_t)
userdom_dontaudit_search_sysadm_home_dirs(iceccd_helper_t)
#userdom_getattr_sysadm_home_dirs(iceccd_t)

#allow myapp_t myapp_log_t:file ra_file_perms;

#allow myapp_t myapp_tmp_t:file manage_file_perms;


--- NEW FILE initscript-iceccd ---
#!/bin/sh
#
# iceccd:   Distributed compiler daemon
#
# chkconfig: - 98 02
# description:  This is a daemon for speeding up builds by \
#		distributing compile jobs to several computers on a network.
#

### BEGIN INIT INFO
# Provides: iceccd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network $named
# Short-Description: Start/stop Icecream distributed compiler
# Description: Start / stop the Icecream distributed compiler daemon
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

exec=/usr/sbin/iceccd
service=iceccd
config=/etc/sysconfig/icecream

[ -e $config ] && . $config

lockfile=/var/lock/subsys/iceccd

start() {
	[ -x $exec ] || exit 5
	[ -f $config ] || exit 6
	echo -n $"Starting distributed compiler daemon: "
	params=""
	if [ -n "$ICECREAM_NETNAME" ] ; then
		params="$params -n $ICECREAM_NETNAME"
	fi
	if [ -n "$ICECREAM_LOG_FILE" ] ; then
		params="$params -l $ICECREAM_LOG_FILE"
	fi
	if [ -n "$ICECREAM_NICE_LEVEL" ] ; then
		params="$params --nice $ICECREAM_NICE_LEVEL"
	fi
	if [ -n "$ICECREAM_SCHEDULER_HOST" ] ; then
		params="$params -s $ICECREAM_SCHEDULER_HOST"
	fi
	if [ "$ICECREAM_ALLOW_REMOTE" = "no" 2> /dev/null ] ; then
		params="$params --no-remote"
	fi
	if [ -n "$ICECREAM_MAX_JOBS" ] ; then
		if [ "$ICECREAM_MAX_JOBS" -eq 0 2> /dev/null ] ; then
			params="$params -m 1"
			params="$params --no-remote"
		else
			params="$params -m $ICECREAM_MAX_JOBS"
		fi
	fi
	params="$params -b \"$ICECREAM_BASEDIR\""
	daemon --check $service $exec -d -u icecream $params
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch $lockfile
	return $RETVAL
}

stop() {
	echo -n $"Stopping distributed compiler daemon: "

	killproc $service
	RETVAL=$?
	echo
	if [ $RETVAL -eq 0 ]; then
		rm -f $lockfile
	fi
	return $RETVAL
}

restart() {
	stop
	start
}

reload() {
	restart
}

force_reload() {
	restart
}

rh_status() {
	status $service
}

rh_status_q() {
	rh_status > /dev/null 2>&1
}

# See how we were called.
case "$1" in
	start)
		rh_status_q && exit 0
		start
		;;
	stop)
		rh_status_q || exit 0
		stop
		;;
	status)
		rh_status
		;;
	restart)
		restart
		;;
	reload)
		rh_status_q || exit 7
		reload
		;;
	force-reload)
		force_reload
		;;
	condrestart|try-restart)
		rh_status_q || exit 0
		restart
		;;
	*)
		echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
		exit 2
esac
exit $?


--- NEW FILE initscript-scheduler ---
#!/bin/sh
#
# icecc-scheduler:   Distributed compiler scheduler
#
# chkconfig: - 98 02
# description:  This is a daemon which schedules compilation jobs to \
#		networked machines running iceccd.
#

### BEGIN INIT INFO
# Provides: icecc-scheduler
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Short-Description: Start/stop Icecream scheduler
# Description: Start / stop the scheduler for Icecream distributed compilers
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

exec=/usr/sbin/icecc-scheduler
service=icecc-scheduler
config=/etc/sysconfig/icecream

[ -e $config ] && . $config

lockfile=/var/lock/subsys/icecc-scheduler

start() {
	[ -x $exec ] || exit 5
	[ -f $config ] || exit 6
	echo -n $"Starting distributed compiler scheduler: "
	params=""
	if [ -n "$ICECREAM_NETNAME" ] ; then
		params="$params -n $ICECREAM_NETNAME"
	fi
	logfile=${ICECREAM_SCHEDULER_LOG_FILE:-/var/log/icecc-scheduler}
	params="$params -l $logfile"
#	touch "$logfile"
#	chown icecream:icecream $logfile
	daemon --user icecream --check $service $exec -d $params
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch $lockfile
	return $RETVAL
}

stop() {
	echo -n $"Stopping distributed compiler scheduler: "

	killproc $service
	RETVAL=$?
	echo
	if [ $RETVAL -eq 0 ]; then
		rm -f $lockfile
	fi
	return $RETVAL
}

restart() {
	stop
	start
}

reload() {
	restart
}

force_reload() {
	restart
}

rh_status() {
	status $service
}

rh_status_q() {
	rh_status > /dev/null 2>&1
}

# See how we were called.
case "$1" in
	start)
		rh_status_q && exit 0
		start
		;;
	stop)
		rh_status_q || exit 0
		stop
		;;
	status)
		rh_status
		;;
	restart)
		restart
		;;
	reload)
		rh_status_q || exit 7
		reload
		;;
	force-reload)
		force_reload
		;;
	condrestart|try-restart)
		rh_status_q || exit 0
		restart
		;;
	*)
		echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
		exit 2
esac
exit $?


Index: icecream.spec
===================================================================
RCS file: /cvs/pkgs/rpms/icecream/F-8/icecream.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- icecream.spec	9 Nov 2007 07:08:05 -0000	1.1
+++ icecream.spec	27 Nov 2007 23:51:41 -0000	1.2
@@ -1,6 +1,6 @@
 Name:		icecream
 Version:	0.8.0
-Release:	2.20071101svn%{?dist}
+Release:	5.20071101svn%{?dist}
 Summary:	Distributed compiler
 
 Group:		Development/Tools
@@ -10,26 +10,39 @@
 # svn export -r 731514 svn://anonsvn.kde.org/home/kde/trunk/icecream icecream-0.8.0
 # tar -czvf icecream-0.8.0.tar.gz icecream-0.8.0
 Source0:	icecream-0.8.0.tar.gz
+Source1:	icecream.sh.in
+Source2:	icecream.csh.in
+Source3:	icecream.fc
+Source4:	icecream.te
+Source5:	icecream.if
+Source6:	initscript-iceccd
+Source7:	initscript-scheduler
 Patch0:		icecream-rename-scheduler.patch
-Patch1:		icecream-add-initscripts.patch
-Patch2:		icecream-cleanup-conffile.patch
+Patch1:		icecream-cleanup-conffile.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	automake autoconf libtool symlinks
 # To build manpages from KDE-style Docbook sources:
 BuildRequires:	kdelibs kdelibs-devel
+# For SELinux protection:
+BuildRequires:	checkpolicy selinux-policy-devel hardlink
+%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp) 
+%if "%{selinux_policyver}" != ""
+Requires:	selinux-policy >= %{selinux_policyver}
+%endif
+%define selinux_variants mls strict targeted 
 
 %bcond_without	fedora
 BuildRequires:	fedora-usermgmt-devel
 %{?FE_USERADD_REQ}
-Requires(post):		chkconfig
-Requires(preun):	chkconfig
-Requires(preun):	initscripts
-Requires(postun):	initscripts
+Requires(post):		chkconfig policycoreutils
+Requires(preun):	chkconfig initscripts policycoreutils 
+Requires(postun):	initscripts policycoreutils
 
 Provides:	group(icecream) = 44
 Provides:	user(icecream)  = 44
 
+
 # description copied from Debian icecc package
 %description
 Icecream is a distributed compile system. It allows parallel compiling by
@@ -52,8 +65,13 @@
 %setup -q
 %patch0 -p0
 %patch1 -p0
-%patch2 -p0
 make -f Makefile.cvs
+sed -e 's|@LIBDIR@|%{_libdir}|g' %{SOURCE1} > icecream.sh
+sed -e 's|@LIBDIR@|%{_libdir}|g' %{SOURCE2} > icecream.csh
+mkdir SELinux
+cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} SELinux
+mkdir fedora
+cp -p %{SOURCE6} %{SOURCE7} fedora
 
 %build
 %configure --disable-static --enable-shared
@@ -66,6 +84,13 @@
 	mv manpage.troff $manfile
 done
 popd
+pushd SELinux
+for selinuxvariant in %{selinux_variants}; do
+	make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile
+	mv icecream.pp icecream.pp.${selinuxvariant}
+	make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile clean
+done
+popd
 
 %install
 rm -rf %{buildroot}
@@ -94,33 +119,63 @@
 install -D -m 755 fedora/initscript-iceccd %{buildroot}/%{_sysconfdir}/rc.d/init.d/iceccd
 install -D -m 755 fedora/initscript-scheduler \
 	%{buildroot}/%{_sysconfdir}/rc.d/init.d/icecc-scheduler
+install -d -m 755 %{buildroot}/%{_sysconfdir}/profile.d
+install -p -m 644 icecream.sh icecream.csh %{buildroot}/%{_sysconfdir}/profile.d
 
 # create default working dir
 mkdir -p %{buildroot}/%{_localstatedir}/cache/icecream
 
+for selinuxvariant in %{selinux_variants}; do
+	install -d %{buildroot}/%{_datadir}/selinux/${selinuxvariant}
+	install -p -m 644 -D SELinux/icecream.pp.${selinuxvariant} \
+		 %{buildroot}/%{_datadir}/selinux/${selinuxvariant}/icecream.pp
+done
+# Hardlink identical policy module packages together
+/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
+
 %pre
 # https://fedoraproject.org/wiki/PackageUserRegistry
 %__fe_groupadd 44 -r icecream &>/dev/null || :
 %__fe_useradd  44 -r -s /sbin/nologin -d %{_localstatedir}/cache/icecream -M \
-	-c 'Icecream distributed compiler' -g icecream icecream &>/dev/null || :
+	-c 'Icecream distributed compiler' -g icecream icecream &>/dev/null ||:
 
 %post
 /sbin/ldconfig
+# if [ "$1" -le 1 ]; then # First install
+for selinuxvariant in %{selinux_variants}; do
+	semodule -s ${selinuxvariant} -i \
+		%{_datadir}/selinux/${selinuxvariant}/icecream.pp 2>/dev/null ||:
+done
+fixfiles -R %{name} restore ||:
+restorecon -R %{_localstatedir}/cache/icecream ||:
+restorecon %{_localstatedir}/log/iceccd ||:
+semanage port -a -t iceccd_port_t -p tcp 10245 2>/dev/null ||:
+semanage port -a -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||:
+semanage port -a -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||:
+# fi
 /sbin/chkconfig --add iceccd
 /sbin/chkconfig --add icecc-scheduler
+exit 0
 
 %preun
-if [ "$1" -eq 0 ] ; then
+if [ "$1" -eq 0 ]; then # Final removal
 	/sbin/service iceccd stop > /dev/null 2>&1
 	/sbin/service icecc-scheduler stop > /dev/null 2>&1
 	/sbin/chkconfig --del iceccd
 	/sbin/chkconfig --del icecc-scheduler
+#	rm -rf %{_localstatedir}/cache/icecream
+	semanage port -d -t iceccd_port_t -p tcp 10245 2>/dev/null ||:
+	semanage port -d -t icecc_scheduler_port_t -p tcp 8765 2>/dev/null ||:
+	semanage port -d -t icecc_scheduler_port_t -p udp 8765 2>/dev/null ||:
+	for selinuxvariant in %{selinux_variants}; do
+		semodule -s ${selinuxvariant} -r icecream 2>/dev/null ||:
+	done
 fi
 exit 0
 
 %postun
 /sbin/ldconfig
-if [ "$1" -ge 1 ]; then
+if [ "$1" -ge 1 ]; then # Upgrade
 	/sbin/service iceccd condrestart > /dev/null 2>&1
 	/sbin/service icecc-scheduler condrestart > /dev/null 2>&1
 fi
@@ -143,9 +198,11 @@
 %{_sbindir}/icecc-scheduler
 %{_mandir}/man*/*
 %config(noreplace) %{_sysconfdir}/sysconfig/icecream
+%config(noreplace) %{_sysconfdir}/profile.d/icecream.*sh
 %{_sysconfdir}/rc.d/init.d/iceccd
 %{_sysconfdir}/rc.d/init.d/icecc-scheduler
 %{_localstatedir}/cache/icecream
+%{_datadir}/selinux/*/icecream.pp
 
 %files devel
 %{_includedir}/icecc/*.h
@@ -153,6 +210,19 @@
 %{_libdir}/pkgconfig/icecc.pc
 
 %changelog
+* Tue Nov 27 2007 Michal Schmidt <mschmidt at redhat.com> - 0.8.0-5.20071101svn
+- SELinux: Allow iceccd to contact the scheduler via UDP.
+- Don't add icecream to PATH in the profile scripts if ccache is installed
+  to avoid recursive invocations (bz #377761).
+
+* Tue Nov 20 2007 Michal Schmidt <mschmidt at redhat.com> - 0.8.0-4.20071101svn
+- Add a SELinux policy for iceccd
+- Initscripts as sources instead of patches in the .spec file
+- Don't touch /var/log/iceccd in the initscript. Let iceccd create it.
+
+* Mon Nov 12 2007 Michal Schmidt <mschmidt at redhat.com> - 0.8.0-3.20071101svn
+- Add icecc to $PATH using scripts in profile.d
+
 * Tue Nov  6 2007 Michal Schmidt <mschmidt at redhat.com> - 0.8.0-2.20071101svn
 - Use the _datadir macro instead of hardcoded /usr/share
 


--- icecream-add-initscripts.patch DELETED ---