On 12/13/2012 02:47 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 12/13/2012 06:01 AM, Rob Crittenden wrote:
We don't currently include the ca_serialno file in our spec file. This
can generate an SELinux warning upon fresh install because we try to set
context on a non-existent file.
This creates an empty file on rpm install so the file can be owned by
the spec.
I also updated the selfsign serial number code to deal with an existing
but empty file.
rob
I couldn't reproduce the error, but I noticed you've left out the
percent sign in %attr:
It was reported against RHEL systems, so perhaps the SELinux (or rpm) in
Fedora suppresses this message.
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
[...]
@@ -660,6 +662,7 @@ fi
%attr(755,root,root) %{plugin_dir}/libipa_cldap.so
%attr(755,root,root) %{plugin_dir}/libipa_range_check.so
%dir %{_localstatedir}/lib/ipa
+attr(600,root,root) %config(noreplace)
%{_localstatedir}/lib/ipa/ca_serialno
RPM build errors:
File must begin with "/": attr(600,root,root)
D'oh. I had tested this in RHEL and cut-n-pasted the fix upstream. Fixed.
rob
On Fedora this doesn't hurt, ACK.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
