Name: jailkit
Version: 2.5
Release: 3%{?dist}
Summary: Utilities to limit user accounts to specific files using chroot()

Group: System Environment/Base
License: LGPLv2+
URL: http://olivier.sessink.nl/jailkit/
Source0: http://olivier.sessink.nl/jailkit/jailkit-%{version}.tar.bz2
# fedora init and sysconfig files,
Patch0: jailkit-fedora.patch
# don't modify /etc/shells in Makefile
Patch1: jailkit-makefile.patch
# missing /dev/null from device list
Patch2: jailkit-jk_init.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires: python
Requires(postun): initscripts

%description
Jailkit is a set of utilities to limit user accounts to specific
files using chroot() and or specific commands. Setting up a chroot
shell, a shell limited to some specific command, or a daemon
inside a chroot jail is a lot easier and can be automated using
these utilities.

Jailkit is used in network security appliances from several well
known manufacturers, internet servers from several large enterprise
organisations, servers from internet service providers, as well as
many smaller companies and private users that need to secure cvs,
sftp, shell or daemon processes.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1

%build
%configure
%{__make} %{?_smp_mflags}

%install
%{__rm} -fr %{buildroot}
%{__make} install DESTDIR="%{buildroot}" \
	iniprefix="%{_sysconfdir}/%{name}" \
	prefix="%{_prefix}"
%{__install} -Dp -m0755 extra/fedora/%{name}.init %{buildroot}%{_sysconfdir}/init.d/%{name}
%{__install} -Dp -m0644 extra/fedora/%{name}.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/%{name}

%post
/sbin/chkconfig --add %{name}
if [ ! -f %{_sysconfdir}/shells ] ; then
    echo "%{_sbindir}/jk_chrootsh" > %{_sysconfdir}/shells
else
    grep -q "^%{_sbindir}/jk_chrootsh$" %{_sysconfdir}/shells || echo "%{_sbindir}/jk_chrootsh" >> %{_sysconfdir}/shells
fi

%preun
if [ $1 = 0 ] ; then
    /sbin/service %{name} stop >/dev/null 2>&1
    /sbin/chkconfig --del %{name}
fi

%postun
if [ "$1" = 0 ] ; then
    if [ -f %{_sysconfdir}/shells ] ; then
        TmpFile=`/bin/mktemp %{_tmppath}/.jk_chrootshrpmXXXXXX`
        grep -v '^%{_sbindir}/jk_chrootsh$' %{_sysconfdir}/shells > $TmpFile
        cp -f $TmpFile %{_sysconfdir}/shells
        rm -f $TmpFile
    fi
fi

%clean
%{__rm} -rf %{buildroot}

%files
%defattr(-, root, root, 0755)
%doc %{_mandir}/man8/*
%doc README.txt
%doc COPYRIGHT
%config(noreplace) %{_sysconfdir}/%{name}/
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%{_sysconfdir}/init.d/%{name}
%{_sbindir}/*
%{_bindir}/*
%{_datadir}/%{name}/

%changelog
* Wed Jan 15 2009 Dale Bewley <dale@bewley.net> - 2.5-3
- Add missing /dev/null to jk_init.ini device list
- Fix /etc/shells manipulation

* Wed Jan 14 2009 Dale Bewley <dale@bewley.net> - 2.5-1
- Revise spec from DAG for Fedora
- Update to release 2.5.

* Tue Sep 12 2006 Dag Wieers <dag@wieers.com> - 2.1-1 - 4260+/thias
- Updated to release 2.1.

* Sun Mar 19 2006 Dag Wieers <dag@wieers.com> - 2.0-1
- Updated to release 2.0.

* Fri May 20 2005 Dag Wieers <dag@wieers.com> - 1.3-1
- Initial package. (using DAR)