[Freeipa-devel] [PATCH] 1078 own ca_serialno
Rob Crittenden
rcritten at redhat.com
Thu Dec 13 13:47:03 UTC 2012
Petr Viktorin wrote:
> On 12/13/2012 06:01 AM, Rob Crittenden wrote:
>> We don't currently include the ca_serialno file in our spec file. This
>> can generate an SELinux warning upon fresh install because we try to set
>> context on a non-existent file.
>>
>> This creates an empty file on rpm install so the file can be owned by
>> the spec.
>>
>> I also updated the selfsign serial number code to deal with an existing
>> but empty file.
>>
>> rob
>>
>
> I couldn't reproduce the error, but I noticed you've left out the
> percent sign in %attr:
It was reported against RHEL systems, so perhaps the SELinux (or rpm) in
Fedora suppresses this message.
>> --- a/freeipa.spec.in
>> +++ b/freeipa.spec.in
> [...]
>> @@ -660,6 +662,7 @@ fi
>> %attr(755,root,root) %{plugin_dir}/libipa_cldap.so
>> %attr(755,root,root) %{plugin_dir}/libipa_range_check.so
>> %dir %{_localstatedir}/lib/ipa
>> +attr(600,root,root) %config(noreplace)
>> %{_localstatedir}/lib/ipa/ca_serialno
>
> RPM build errors:
> File must begin with "/": attr(600,root,root)
>
>
D'oh. I had tested this in RHEL and cut-n-pasted the fix upstream. Fixed.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1078-2-serialno.patch
Type: text/x-patch
Size: 2456 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121213/bd052305/attachment.bin>
More information about the Freeipa-devel
mailing list