Commit d7d81543 authored by Jonathan Perkin's avatar Jonathan Perkin

Add SELinux checks from distribution-specific spec file, missed in


Convert some shell bits to standard 2-space indent, 80 columns, etc.
parent 0cbff09b
......@@ -415,8 +415,9 @@ mkdir debug
-e 's/ -ip / /' \
-e 's/^ //' \
-e 's/ $//'`
# XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included before
# XXX: install_layout so we can't just set it based on INSTALL_LAYOUT=RPM
# XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included
# XXX: before install_layout so we can't just set it based on
${CMAKE} ../%{src_dir} -DBUILD_CONFIG=mysql_release -DINSTALL_LAYOUT=RPM \
-DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \
......@@ -429,8 +430,9 @@ mkdir debug
mkdir release
cd release
# XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included before
# XXX: install_layout so we can't just set it based on INSTALL_LAYOUT=RPM
# XXX: MYSQL_UNIX_ADDR should be in cmake/* but mysql_version is included
# XXX: before install_layout so we can't just set it based on
${CMAKE} ../%{src_dir} -DBUILD_CONFIG=mysql_release -DINSTALL_LAYOUT=RPM \
-DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \
......@@ -487,8 +489,10 @@ install -d $RBR%{_sbindir}
mv -v $RBR/%{_libdir}/*.a $RBR/%{_libdir}/mysql/
# Install logrotate and autostart
install -m 644 $MBD/release/support-files/mysql-log-rotate $RBR%{_sysconfdir}/logrotate.d/mysql
install -m 755 $MBD/release/support-files/mysql.server $RBR%{_sysconfdir}/init.d/mysql
install -m 644 $MBD/release/support-files/mysql-log-rotate \
install -m 755 $MBD/release/support-files/mysql.server \
# Create a symlink "rcmysql", pointing to the init.script. SuSE users
# will appreciate that, as all services usually offer this.
......@@ -506,7 +510,8 @@ install -m 600 $MBD/%{src_dir}/support-files/RHEL4-SElinux/mysql.{fc,te} \
# Even though this is a shared library, put it under /usr/lib*/mysql, so it
# doesn't conflict with possible shared lib by the same name in /usr/lib*. See
# `mysql_config --variable=pkglibdir` and mysqld_safe for how this is used.
install -m 644 "%{malloc_lib_source}" "$RBR%{_libdir}/mysql/%{malloc_lib_target}"
install -m 644 "%{malloc_lib_source}" \
# Remove man pages we explicitly do not want to package, avoids 'unpackaged
......@@ -530,15 +535,19 @@ if [ $? -eq 0 -a -n "$installed" ]; then
old_family=`echo $version | sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'`
new_family=`echo $myversion | sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'`
old_family=`echo $version \
| sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'`
new_family=`echo $myversion \
| sed -n -e 's,^\([1-9][0-9]*\.[0-9][0-9]*\)\..*$,\1,p'`
[ -z "$vendor" ] && vendor='<unknown>'
[ -z "$old_family" ] && old_family="<unrecognized version $version>"
[ -z "$new_family" ] && new_family="<bad package specification: version $myversion>"
if [ "$vendor" != "$myoldvendor" -a "$vendor" != "$myvendor_2" -a "$vendor" != "$myvendor" ]; then
if [ "$vendor" != "$myoldvendor" \
-a "$vendor" != "$myvendor_2" \
-a "$vendor" != "$myvendor" ]; then
The current MySQL server package is provided by a different
vendor ($vendor) than $myoldvendor, $myvendor_2, or $myvendor.
......@@ -619,8 +628,10 @@ fi
# exists.
# ----------------------------------------------------------------------
groupadd -r %{mysqld_group} 2> /dev/null || true
useradd -M -r -d $mysql_datadir -s /bin/bash -c "MySQL server" -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true
# The user may already exist, make sure it has the proper group nevertheless (BUG#12823)
useradd -M -r -d $mysql_datadir -s /bin/bash -c "MySQL server" \
-g %{mysqld_group} %{mysqld_user} 2> /dev/null || true
# The user may already exist, make sure it has the proper group nevertheless
# (BUG#12823)
usermod -g %{mysqld_group} %{mysqld_user} 2> /dev/null || true
# ----------------------------------------------------------------------
......@@ -649,18 +660,52 @@ chown -R %{mysqld_user}:%{mysqld_group} $mysql_datadir
# ----------------------------------------------------------------------
chmod -R og-rw $mysql_datadir/mysql
# ----------------------------------------------------------------------
# install SELinux files - but don't override existing ones
# ----------------------------------------------------------------------
if [ -f /etc/redhat-release ] \
&& (grep -q "Red Hat Enterprise Linux .. release 4" /etc/redhat-release \
|| grep -q "CentOS release 4" /etc/redhat-release) ; then
echo 'Notes regarding SELinux on this platform:'
echo '========================================='
echo 'The default policy might cause server startup to fail because it is'
echo 'not allowed to access critical files. In this case, please update'
echo 'your installation.'
echo 'The default policy might also cause inavailability of SSL related'
echo 'features because the server is not allowed to access /dev/random'
echo 'and /dev/urandom. If this is a problem, please do the following:'
echo ' 1) install selinux-policy-targeted-sources from your OS vendor'
echo ' 2) add the following two lines to '$SEDOMPROG/mysqld.te':'
echo ' allow mysqld_t random_device_t:chr_file read;'
echo ' allow mysqld_t urandom_device_t:chr_file read;'
echo ' 3) cd to '$SETARGETDIR' and issue the following command:'
echo ' make load'
if [ -x sbin/restorecon ] ; then
sbin/restorecon -R var/lib/mysql
# Restart in the same way that mysqld will be started normally.
%{_sysconfdir}/init.d/mysql start
if [ -x %{_sysconfdir}/init.d/mysql ] ; then
%{_sysconfdir}/init.d/mysql start
echo "Giving mysqld 2 seconds to start"
sleep 2
# Allow mysqld_safe to start mysqld and print a message before we exit
sleep 2
#echo "Thank you for installing the MySQL Community Server! For Production
#systems, we recommend MySQL Enterprise, which contains enterprise-ready
#software, intelligent advisory services, and full production support with
#scheduled service packs and more. Visit for more
%preun -n MySQL-server%{product_suffix}
if [ $1 = 0 ] ; then
# Stop MySQL before uninstalling it
......@@ -684,7 +729,8 @@ fi
# Clean up the BuildRoot after build is done
# ----------------------------------------------------------------------
[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT;
[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] \
&& rm -rf $RPM_BUILD_ROOT;
# Files section
......@@ -865,6 +911,10 @@ fi
# merging BK trees)
* Tue Jun 1 2010 Jonathan Perkin <>
- Implement SELinux checks from distribution-specific spec file.
* Wed May 12 2010 Jonathan Perkin <>
- Large number of changes to build using CMake
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment