[packit] 2.215.0 upstream release

Upstream tag: v2.215.0 Upstream commit: 730f696f
2023-05-22 15:48:19 +00:00 · 2023-05-22 15:48:19 +00:00 · 280f3257e5
commit 280f3257e5
parent e5568c55a3
5 changed files with 146 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -209,3 +209,4 @@
 /v2.211.0.tar.gz
 /v2.211.1.tar.gz
 /v2.213.0.tar.gz
+/v2.215.0.tar.gz
--- a/.packit.yaml
+++ b/.packit.yaml
@ -0,0 +1,86 @@
+---
+# See the documentation for more information:
+# https://packit.dev/docs/configuration/
+
+# Build targets can be found at:
+# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/
+
+specfile_path: rpm/container-selinux.spec
+upstream_tag_template: v{version}
+
+jobs:
+  - &copr
+    job: copr_build
+    # Run on every PR
+    trigger: pull_request
+    owner: rhcontainerbot
+    project: packit-builds
+    enable_net: true
+    # x86_64 is assumed by default
+    # container-selinux is noarch so we only need to test on one arch
+    targets: &pr_copr_targets
+      - fedora-rawhide
+      - fedora-38
+      - fedora-37
+      - centos-stream-9
+      - centos-stream-8
+    srpm_build_deps:
+      - make
+      - rpkg
+    actions:
+      fix-spec-file:
+        - bash .packit.sh
+
+  - <<: *copr
+    # Run on commit to main branch
+    trigger: commit
+    branch: main
+    project: podman-next
+    targets:
+      - fedora-rawhide-aarch64
+      - fedora-rawhide-ppc64le
+      - fedora-rawhide-s390x
+      - fedora-rawhide-x86_64
+      - fedora-38-aarch64
+      - fedora-38-ppc64le
+      - fedora-38-s390x
+      - fedora-38-x86_64
+      - fedora-37-aarch64
+      - fedora-37-ppc64le
+      - fedora-37-s390x
+      - fedora-37-x86_64
+      - centos-stream+epel-next-9-aarch64
+      - centos-stream+epel-next-9-ppc64le
+      - centos-stream+epel-next-9-s390x
+      - centos-stream+epel-next-9-x86_64
+
+  # All tests specified in the `/plans/` subdir
+  # FIXME: uncomment e2e tests after disk space issues resolved on testing farm
+  #- job: tests
+  #  trigger: pull_request
+  #  targets: *test_targets
+  #  identifier: podman_e2e_test
+  #  tmt_plan: "/plans/podman_e2e_test"
+
+  - job: tests
+    trigger: pull_request
+    # arch assumed to be x86_64 by default.
+    targets: *pr_copr_targets
+    identifier: podman_system_test
+    tmt_plan: "/plans/podman_system_test"
+
+  - job: propose_downstream
+    trigger: release
+    update_release: false
+    dist_git_branches:
+      - fedora-all
+
+  - job: koji_build
+    trigger: commit
+    dist_git_branches:
+      - fedora-all
+
+  - job: bodhi_update
+    trigger: commit
+    dist_git_branches:
+      - fedora-branched # rawhide updates are created automatically
--- a/README.packit
+++ b/README.packit
@ -0,0 +1,3 @@
+This repository is maintained by packit.
+https://packit.dev/
+The file was generated using packit 0.75.0.post16+g33d32c7.
--- a/container-selinux.spec
+++ b/container-selinux.spec
@ -1,6 +1,6 @@
-%global debug_package   %{nil}
+%global debug_package %{nil}

-# container-selinux
+# container-selinux upstream
 %global git0 https://github.com/containers/container-selinux

 # container-selinux stuff (prefix with ds_ for version/release etc.)
@ -14,9 +14,40 @@
 # Format must contain '$x' somewhere to do anything useful
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;

+# copr_username is only set on copr environments, not on others like koji
+%if "%{?copr_username}" != "rhcontainerbot"
+%bcond_with copr
+%else
+%bcond_without copr
+%endif
+
+# RHEL 8 doesn't allow watch and systemd_chat_resolved
+%if 0%{?rhel} == 8
+%bcond_without no_watch
+%bcond_without no_systemd_chat_resolved
+%else
+%bcond_with no_watch
+%bcond_with no_systemd_chat_resolved
+%endif
+
+# https://github.com/containers/container-selinux/issues/203
+%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9
+%bcond_without no_user_namespace
+%else
+%bcond_with no_user_namespace
+%endif
+
 Name: container-selinux
+# Set different Epochs for copr and koji
+%if %{with copr}
+Epoch: 101
+%else
 Epoch: 2
-Version: 2.213.0
+%endif
+# Keep Version in upstream specfile at 0. It will be automatically set
+# to the correct value by Packit for copr and koji builds.
+# IGNORE this comment if you're looking at it in dist-git.
+Version: 2.215.0
 Release: %autorelease
 License: GPL-2.0-only
 URL: %{git0}
@ -45,9 +76,22 @@ Conflicts: k3s-selinux <= 0.4-1
 SELinux policy modules for use with container runtimes.

 %prep
-%autosetup -Sgit %{name}-%{built_tag_strip}
-# https://github.com/containers/container-selinux/issues/203
-%if 0%{?fedora} <= 37
+%autosetup -Sgit %{name}-%{version}
+
+sed -i 's/^man: install-policy/man:/' Makefile
+sed -i 's/^install: man/install:/' Makefile
+
+%if %{with no_watch}
+sed -i 's/watch watch_reads//' container.if
+sed -i 's/watch watch_reads//' container.te
+sed -i '/sysfs_t:dir watch/d' container.te
+%endif
+
+%if %{with no_systemd_chat_resolved}
+sed -i '/^systemd_chat_resolved/d' container.te
+%endif
+
+%if %{with no_user_namespace}
 sed -i '/user_namespace/d' container.te
 %endif

@ -57,16 +101,7 @@ make
 %install
 # install policy modules
 %_format MODULES $x.pp.bz2
-install -d %{buildroot}%{_datadir}/selinux/packages
-install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
-install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
-install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
-install -d %{buildroot}/%{_datadir}/containers/selinux
-install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
-install -d %{buildroot}%{_datadir}/udica/templates
-install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates
-
-%check
+%{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user

 %pre
 %selinux_relabel_pre -s %{selinuxtype}
@ -82,7 +117,7 @@ fi
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
 %selinux_modules_install -s %{selinuxtype} $MODULES
 . %{_sysconfdir}/selinux/config
-sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
+sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :

 %postun
@ -103,8 +138,9 @@ fi
 %{_datadir}/containers/selinux/contexts
 %dir %{_datadir}/udica/templates/
 %{_datadir}/udica/templates/*
-# Currently shipped in selinux-policy-doc
-#%%{_datadir}/man/man8/container_selinux.8.gz
+%{_mandir}/man8/container_selinux.8.gz
+%{_sysconfdir}/selinux/targeted/contexts/users/*
+%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames}

 %triggerpostun -- container-selinux < 2:2.162.1-3
 if %{_sbindir}/selinuxenabled ; then
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (v2.213.0.tar.gz) = 5973b104b99dbadf8d935f241c70a570efc27a1858c035fc343f4ed6a234cd083da1e5a6281e04902bc8fe5997f2bfefe58d698c9225a82353a0f3d57b30933b
+SHA512 (v2.215.0.tar.gz) = b6a756169bb0c9da8332d4913471cc72fb82c3cd7d8b919dd8a8b7527d2375773bcf553bc5e53ba7ee3f01539334864348b081eeae4362611355d454c869e7d9