From b960758c5e7f9672cf8db727911df6a23cefec5f Mon Sep 17 00:00:00 2001
From: Robert Oschwald <roos@symentis.com>
Date: Wed, 11 Sep 2013 13:46:12 +0200
Subject: [PATCH 1/2]  - enhanced rpm SPEC file   - use system cache dir   -
 load Apache mod_rewrite module conditionally

---
 packaging/Fedora/build.sh                    |  1 +
 packaging/Fedora/webacula-5.5.2-apache.patch | 14 ++++++++++++++
 packaging/Fedora/webacula-5.5.2-path.patch   | 16 ++++++++++++++++
 packaging/Fedora/webacula.spec               | 16 ++++++++++++++--
 4 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 packaging/Fedora/webacula-5.5.2-apache.patch
 create mode 100644 packaging/Fedora/webacula-5.5.2-path.patch

diff --git a/packaging/Fedora/build.sh b/packaging/Fedora/build.sh
index 82a3f7be..cfee3499 100755
--- a/packaging/Fedora/build.sh
+++ b/packaging/Fedora/build.sh
@@ -86,6 +86,7 @@ rm -f -r "${RPM_TMP}/webacula-${VERSION}"
 echo -e "\ncopy files...\n"
 cd ${ROOT_DIR}
 cp -p -f "${SRC_DIR}/packaging/Fedora/webacula.spec" "${RPM_SPECS}/"
+cp -p -f "${SRC_DIR}/packaging/Fedora/*.patch "${RPM_SOURCES}/"
 
 echo -e "\n"
 
diff --git a/packaging/Fedora/webacula-5.5.2-apache.patch b/packaging/Fedora/webacula-5.5.2-apache.patch
new file mode 100644
index 00000000..33da2f01
--- /dev/null
+++ b/packaging/Fedora/webacula-5.5.2-apache.patch
@@ -0,0 +1,14 @@
+diff -up install/apache/webacula.conf.org install/apache/webacula.conf
+--- install/apache/webacula.conf.org	2013-09-11 09:53:14.431232615 +0200
++++ install/apache/webacula.conf	2013-09-11 09:53:40.686979709 +0200
+@@ -5,7 +5,9 @@
+ # Allows only localhost by default
+ #
+ 
+-LoadModule rewrite_module modules/mod_rewrite.so
++<IfModule !rewrite_module>
++  LoadModule rewrite_module modules/mod_rewrite.so
++</IfModule>
+ 
+ # AccessFileName .htaccess
+ # RewriteLog "/var/log/httpd/mod_rewrite.log"
diff --git a/packaging/Fedora/webacula-5.5.2-path.patch b/packaging/Fedora/webacula-5.5.2-path.patch
new file mode 100644
index 00000000..7b93aba3
--- /dev/null
+++ b/packaging/Fedora/webacula-5.5.2-path.patch
@@ -0,0 +1,16 @@
+diff -up html/index.php.org html/index.php
+--- html/index.php.org	2013-09-10 18:13:02.000000000 +0200
++++ html/index.php	2013-09-10 19:08:07.864302577 +0200
+@@ -19,10 +19,10 @@
+  */
+ 
+ define('WEBACULA_VERSION', '5.5.2' . ', build 2011.11.01');
+-define('BACULA_VERSION', 12); // Bacula Catalog version
++define('BACULA_VERSION', 14); // Bacula Catalog version
+ 
+ define('ROOT_DIR', dirname(dirname(__FILE__)) );
+-define('CACHE_DIR',  ROOT_DIR.'/data/cache' );
++define('CACHE_DIR', '/var/cache/webacula' );
+ 
+ defined('APPLICATION_ENV')
+     || define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production'));
diff --git a/packaging/Fedora/webacula.spec b/packaging/Fedora/webacula.spec
index 14d6ed48..6ab872f9 100644
--- a/packaging/Fedora/webacula.spec
+++ b/packaging/Fedora/webacula.spec
@@ -1,6 +1,6 @@
 Name:          webacula
 Version:       5.5.2
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Web interface of a Bacula backup system
 Summary(ru):   Веб интерфейс для Bacula backup system
 
@@ -10,6 +10,9 @@ URL:        http://webacula.sourceforge.net/
 Source0:    http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+Patch1:     webacula-5.5.2-path.patch
+Patch2:     webacula-5.5.2-apache.patch
+
 BuildArch:  noarch
 
 Requires: webserver
@@ -44,6 +47,8 @@ Webacula - Web Bacula - веб интерфейс для Bacula backup system.
 
 %prep
 %setup -q
+%patch1 -p0 -b .cache
+%patch2 -p0 -b .apache
 
 
 
@@ -63,6 +68,8 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}/languages
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}/library
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}/install
 
+mkdir -p %{buildroot}%{_localstatedir}/cache/%{name}
+
 cp ./application/config.ini  $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/config.ini
 rm -f ./application/config.ini
 ln -s %{_sysconfdir}/%{name}/config.ini  $RPM_BUILD_ROOT%{_datadir}/%{name}/application/config.ini 
@@ -101,10 +108,15 @@ rm -rf $RPM_BUILD_ROOT
 %lang(it) %{_datadir}/%{name}/languages/it
 %lang(pt) %{_datadir}/%{name}/languages/pt
 %lang(ru) %{_datadir}/%{name}/languages/ru
+%dir %attr(750, apache, apache) %{_localstatedir}/cache/%{name}
 
 
 
 %changelog
+* Tue Sep 10 2013 Robert Oschwald <robertoschwald@gmail.com> 5.5.2-2
+- Use systems cache dir
+- Load rewrite module conditionally if not loaded already
+
 * Sat Oct 29 2011 Yuri Timofeev <tim4dev@gmail.com> 5.5.2-1
 - Version 5.5.2
 
@@ -151,4 +163,4 @@ rm -rf $RPM_BUILD_ROOT
 - Fix #526855 "Review Request"
 
 * Thu Oct 08 2009 Yuri Timofeev <tim4dev@gmail.com> 3.3-1
-- Initial Spec file creation for Fedora
+- Initial Spec file creation for Fedora
\ No newline at end of file

From 05a9143a617b3a86ca75d457a12c07a2e8577bd3 Mon Sep 17 00:00:00 2001
From: Robert Oschwald <roos@symentis.com>
Date: Wed, 11 Sep 2013 13:46:30 +0200
Subject: [PATCH 2/2]  - added SELinux sample policy file and README

---
 install/SELinux/README.txt           | 20 ++++++++++++++++++++
 install/SELinux/webacula_bconsole.te | 24 ++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 install/SELinux/README.txt
 create mode 100644 install/SELinux/webacula_bconsole.te

diff --git a/install/SELinux/README.txt b/install/SELinux/README.txt
new file mode 100644
index 00000000..7a6da87c
--- /dev/null
+++ b/install/SELinux/README.txt
@@ -0,0 +1,20 @@
+# webacula_bconsole.te SELinux Policy file
+
+To integrate webacula into a SELinux enabled system (Fedora, RHEL, CentOS; SL),
+you need to compile and install a SELinux policy for webacula which allows the 
+bconsole calls from apache httpd server.
+
+INSTALLATION:
+
+1. Install required packages:
+ yum install selinux-policy-devel
+ 
+2. Compile the policy source file into a policy package file:
+ make -f /usr/share/selinux/devel/Makefile
+
+3. Activate policy package:
+semodule -i webacula_bconsole.pp 
+
+4. Cleanup
+make -f /usr/share/selinux/devel/Makefile clean
+
diff --git a/install/SELinux/webacula_bconsole.te b/install/SELinux/webacula_bconsole.te
new file mode 100644
index 00000000..8ae4bb33
--- /dev/null
+++ b/install/SELinux/webacula_bconsole.te
@@ -0,0 +1,24 @@
+# SELinux Policy Package source file for webacula
+# As webacula calls bconsole, we need a Policy to allow it.
+
+# prerequisites: Installed selinux-policy-devel rpm package
+# compile to pp file with command:
+# make -f /usr/share/selinux/devel/Makefile && semodule -i webacula_bconsole.pp 
+
+module webacula_bconsole 1.0;
+
+require {
+	type postgresql_port_t;
+	type httpd_t;
+	type hplip_port_t;
+	class tcp_socket name_connect;
+}
+
+#============= httpd_t ==============
+
+#!!!! This avc can be allowed using the boolean 'httpd_can_network_connect'
+allow httpd_t hplip_port_t:tcp_socket name_connect;
+
+#!!!! This avc can be allowed using one of the these booleans:
+#     httpd_can_network_connect, httpd_can_network_connect_db
+allow httpd_t postgresql_port_t:tcp_socket name_connect;