17 upstream release

Add a custom SELinux policy, shipped in a new osbuild-selinux sub- package, to allow setting labels unknown to the host.
2020-06-10 16:24:02 +02:00 · 2020-06-10 16:24:02 +02:00 · cee28ed091
commit cee28ed091
parent 7d9cc21846
3 changed files with 50 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -14,3 +14,4 @@
 /osbuild-14.tar.gz
 /osbuild-15.tar.gz
 /osbuild-16.tar.gz
 /osbuild-17.tar.gz
--- a/osbuild.spec
+++ b/osbuild.spec
@ -1,6 +1,7 @@
 %global         forgeurl https://github.com/osbuild/osbuild
 %global         selinuxtype targeted
-Version:        16
+Version:        17
 %forgemeta
@ -34,6 +35,7 @@ Requires:       systemd-container
 Requires:       tar
 Requires:       util-linux
 Requires:       python3-%{pypi_name} = %{version}-%{release}
 Requires:       (%{name}-selinux if selinux-policy-%{selinuxtype})
 # Turn off dependency generators for assemblers, runners and stages.
 # They run in a container, so there's no reason to generate dependencies
@ -63,6 +65,18 @@ Requires:       rpm-ostree
 Contains the necessary stages, assembler and source
 to build OSTree based images.
 %package        selinux
 Summary:        SELinux policies
 Requires:       %{name} = %{version}-%{release}
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
 %{?selinux_requires}
 %description    selinux
 Contains the necessary SELinux policies that allows
 osbuild to use labels unknown to the host inside the
 containers it uses to build OS artifacts.
 %prep
 %forgesetup
@ -70,6 +84,13 @@ to build OSTree based images.
 %py3_build
 make man
 # SELinux
 make -f /usr/share/selinux/devel/Makefile osbuild.pp
 bzip2 -9 osbuild.pp
 %pre
 %selinux_relabel_pre -s %{selinuxtype}
 %install
 %py3_install
@ -99,6 +120,10 @@ mkdir -p %{buildroot}%{_mandir}/man5
 install -p -m 0644 -t %{buildroot}%{_mandir}/man1/ docs/*.1
 install -p -m 0644 -t %{buildroot}%{_mandir}/man5/ docs/*.5
 # SELinux
 install -D -m 644 -t %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} %{name}.pp.bz2
 install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_selinux.8
 %check
 exit 0
 # We have some integration tests, but those require running a VM, so that would
@ -129,9 +154,30 @@ exit 0
 %{pkgdir}/stages/org.osbuild.ostree
 %{pkgdir}/stages/org.osbuild.rpm-ostree
 %files selinux
 %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %{_mandir}/man8/%{name}_selinux.8.*
 %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
 %post selinux
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %postun selinux
 if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} %{name}
 fi
 %posttrans selinux
 %selinux_relabel_post -s %{selinuxtype}
 %changelog
 * Wed Jun 10 2020 Christian Kellner <ckellner@redhat.com> - 17-1
 - new upstream relaese 17
 - Add custom SELinux policy that lets osbuild set labels inside
  the build root that are unknown to the host.
 * Thu Jun  4 2020 Christian Kellner <ckellner@redhat.com> - 16-1
- new upstream release 15
+- new upstream release 16
 - Drop sources-fix-break-when-secrets-is-None.patch included in
  the new upstream reelase.
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (osbuild-16.tar.gz) = 21041af1b617ef30ae7e6e27a986d094a13bcbc3a4d52d69272f24a88c49a0d4b5f57e4d54a7dd322053d607a2c859ff7586f0392d0e1efae163a9bfe6b5c065
+SHA512 (osbuild-17.tar.gz) = 63b7402e87665917d31a69e3a9c399dd22219b1f3bb1edec71a6c3d00eb996a4a297129ed33d46dad49c4d7d7f18e643166aace1de84e4741ecd929be0248021
`@ -1 +1 @@`
	`SHA512 (osbuild-16.tar.gz) = 21041af1b617ef30ae7e6e27a986d094a13bcbc3a4d52d69272f24a88c49a0d4b5f57e4d54a7dd322053d607a2c859ff7586f0392d0e1efae163a9bfe6b5c065`	`SHA512 (osbuild-17.tar.gz) = 63b7402e87665917d31a69e3a9c399dd22219b1f3bb1edec71a6c3d00eb996a4a297129ed33d46dad49c4d7d7f18e643166aace1de84e4741ecd929be0248021`