Make packaging more transparent
- add make-rhat-patches.sh script which creates policycoreutils-rhat.patch and sepolgen-rhat.patch patches
- use source files from https://github.com/SELinuxProject/selinux/wiki/Releases
- extract sources to selinux/ directory and build them there
Create -rhat patches from
c83f4d17e7
This commit is contained in:
Petr Lautrbach
parent
648c87fea3
commit
9d99a57696
2
.gitignore
vendored
2
.gitignore
vendored
@ -231,3 +231,5 @@ policycoreutils-2.0.83.tgz
|
||||
/sepolgen-1.1.1.tgz
|
||||
/sepolgen-1.1.2.tgz
|
||||
/policycoreutils-2.1.6.tgz
|
||||
/policycoreutils-2.3.tar.gz
|
||||
/sepolgen-1.2.1.tar.gz
|
||||
|
||||
40
make-rhat-patches.sh
Executable file
40
make-rhat-patches.sh
Executable file
@ -0,0 +1,40 @@
|
||||
#!/bin/bash
|
||||
|
||||
POLICYCOREUTILS_VERSION=2.3
|
||||
SEPOLGEN_VERSION=1.2.1
|
||||
BRANCH=master
|
||||
|
||||
REBASEDIR=`mktemp -d rebase.XXXXXX`
|
||||
pushd $REBASEDIR
|
||||
|
||||
git clone git@github.com:fedora-selinux/selinux.git
|
||||
pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd
|
||||
|
||||
# prepare policycoreutils-rhat.patch
|
||||
tar xfz ../policycoreutils-$POLICYCOREUTILS_VERSION.tar.gz
|
||||
pushd policycoreutils-$POLICYCOREUTILS_VERSION
|
||||
|
||||
git init; git add .; git commit -m "init"
|
||||
cp -r ../selinux/policycoreutils/* .
|
||||
git add -A .
|
||||
|
||||
git diff --cached --src-prefix=a/policycoreutils-$POLICYCOREUTILS_VERSION/ --dst-prefix=b/policycoreutils-$POLICYCOREUTILS_VERSION/ > ../../policycoreutils-rhat.patch
|
||||
|
||||
popd
|
||||
|
||||
#prepare sepolgen-rhat.patch
|
||||
tar xfz ../sepolgen-$SEPOLGEN_VERSION.tar.gz
|
||||
pushd sepolgen-$SEPOLGEN_VERSION
|
||||
|
||||
git init; git add .; git commit -m "init"
|
||||
cp -r ../selinux/sepolgen/* .
|
||||
git add -A .
|
||||
|
||||
git diff --cached --src-prefix=a/sepolgen-$SEPOLGEN_VERSION/ --dst-prefix=b/sepolgen-$SEPOLGEN_VERSION/ > ../../sepolgen-rhat.patch
|
||||
|
||||
popd
|
||||
|
||||
popd
|
||||
# echo rm -rf $REBASEDIR
|
||||
|
||||
echo policycoreutils-rhat.patch and sepolgen-rhat.patch created against https://github.com/fedora-selinux/selinux/commit/$COMMIT
|
||||
File diff suppressed because it is too large
Load Diff
@ -10,16 +10,17 @@ Version: 2.3
|
||||
Release: 14%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
Source: git://oss.tresys.com/git/selinux/policycoreutils-%{version}.tgz
|
||||
Source1:git://oss.tresys.com/git/selinux/sepolgen-%{sepolgenver}.tgz
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/policycoreutils-%{version}.tar.gz
|
||||
Source1:https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/sepolgen-%{sepolgenver}.tar.gz
|
||||
URL: http://www.selinuxproject.org
|
||||
Source2: policycoreutils_man_ru2.tar.bz2
|
||||
Source3: system-config-selinux.png
|
||||
Source4: sepolicy-icons.tgz
|
||||
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: 0001-Fix-setfiles-to-work-correctly-if-r-option-is-define.patch
|
||||
Patch2: 0002-audit2allow-improvements.patch
|
||||
Patch1: sepolgen-rhat.patch
|
||||
Patch2: 0001-Fix-setfiles-to-work-correctly-if-r-option-is-define.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Conflicts: filesystem < 3
|
||||
Provides: /sbin/fixfiles
|
||||
@ -48,16 +49,20 @@ load_policy to load policies, setfiles to label filesystems, newrole
|
||||
to switch roles.
|
||||
|
||||
%prep
|
||||
%setup -q -a 1
|
||||
%patch -p1 -b .rhat
|
||||
%patch1 -p2 -b .setfiles
|
||||
cp %{SOURCE3} gui/
|
||||
tar xvf %{SOURCE4}
|
||||
cd sepolgen-%{sepolgenver}
|
||||
%patch2 -p2 -b .audit2allow
|
||||
# create selinux/ directory and extract %{SOURCE0} there
|
||||
%setup -q -c -n selinux
|
||||
%patch -p1 -b .policycoreutils-rhat
|
||||
pushd policycoreutils-%{version}/
|
||||
%patch2 -p2 -b .setfiles
|
||||
popd
|
||||
cp %{SOURCE3} policycoreutils-%{version}/gui/
|
||||
tar -xvf %{SOURCE4} -C policycoreutils-%{version}/
|
||||
# extract {%SOURCE1} in selinux/ directory
|
||||
%setup -T -D -a 1 -n selinux
|
||||
%patch1 -p1 -b .sepolgen-rhat
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all
|
||||
make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all
|
||||
make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
|
||||
%install
|
||||
@ -69,8 +74,8 @@ mkdir -p %{buildroot}%{_mandir}/man5
|
||||
mkdir -p %{buildroot}%{_mandir}/man8
|
||||
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
|
||||
|
||||
make LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
|
||||
make PYTHON=python3 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
|
||||
make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
|
||||
make -C policycoreutils-%{version} PYTHON=python3 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
|
||||
|
||||
# Systemd
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
|
||||
@ -352,7 +357,7 @@ fi
|
||||
%{_mandir}/ru/man1/secon.1*
|
||||
%{_mandir}/man8/genhomedircon.8*
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%license policycoreutils-%{version}/COPYING
|
||||
%doc %{_usr}/share/doc/%{name}
|
||||
|
||||
%package restorecond
|
||||
@ -373,7 +378,7 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%{_mandir}/man8/restorecond.8*
|
||||
%{_mandir}/ru/man8/restorecond.8*
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%license policycoreutils-%{version}/COPYING
|
||||
|
||||
%post restorecond
|
||||
%systemd_post restorecond.service
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py
|
||||
diff --git a/sepolgen-1.2.1/src/sepolgen/access.py b/sepolgen-1.2.1/src/sepolgen/access.py
|
||||
index cf13210..9154887 100644
|
||||
--- a/sepolgen/src/sepolgen/access.py
|
||||
+++ b/sepolgen/src/sepolgen/access.py
|
||||
--- a/sepolgen-1.2.1/src/sepolgen/access.py
|
||||
+++ b/sepolgen-1.2.1/src/sepolgen/access.py
|
||||
@@ -88,6 +88,8 @@ class AccessVector:
|
||||
self.audit_msgs = []
|
||||
self.type = audit2why.TERULE
|
||||
@ -43,10 +43,10 @@ index cf13210..9154887 100644
|
||||
access.type = avc_type
|
||||
cls[obj_class, avc_type] = access
|
||||
|
||||
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
||||
diff --git a/sepolgen-1.2.1/src/sepolgen/audit.py b/sepolgen-1.2.1/src/sepolgen/audit.py
|
||||
index 56919be..57263d0 100644
|
||||
--- a/sepolgen/src/sepolgen/audit.py
|
||||
+++ b/sepolgen/src/sepolgen/audit.py
|
||||
--- a/sepolgen-1.2.1/src/sepolgen/audit.py
|
||||
+++ b/sepolgen-1.2.1/src/sepolgen/audit.py
|
||||
@@ -169,6 +169,7 @@ class AVCMessage(AuditMessage):
|
||||
self.exe = ""
|
||||
self.path = ""
|
||||
@ -164,10 +164,10 @@ index 56919be..57263d0 100644
|
||||
return av_set
|
||||
|
||||
class AVCTypeFilter:
|
||||
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
|
||||
index 5f38577..39b0ce1 100644
|
||||
--- a/sepolgen/src/sepolgen/policygen.py
|
||||
+++ b/sepolgen/src/sepolgen/policygen.py
|
||||
diff --git a/sepolgen-1.2.1/src/sepolgen/policygen.py b/sepolgen-1.2.1/src/sepolgen/policygen.py
|
||||
index 5f38577..3b9e9f4 100644
|
||||
--- a/sepolgen-1.2.1/src/sepolgen/policygen.py
|
||||
+++ b/sepolgen-1.2.1/src/sepolgen/policygen.py
|
||||
@@ -81,8 +81,9 @@ class PolicyGenerator:
|
||||
self.module = refpolicy.Module()
|
||||
|
||||
@ -233,3 +233,12 @@ index 5f38577..39b0ce1 100644
|
||||
if av.type == audit2why.ALLOW:
|
||||
rule.comment += "\n#!!!! This avc is allowed in the current policy"
|
||||
if av.type == audit2why.DONTAUDIT:
|
||||
@@ -174,7 +215,7 @@ class PolicyGenerator:
|
||||
if av.type == audit2why.CONSTRAINT:
|
||||
rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access."
|
||||
rule.comment += "\n#Constraint rule: "
|
||||
- rule.comment += "\n\t" + av.data[0]
|
||||
+ rule.comment += "\n#\t" + av.data[0]
|
||||
for reason in av.data[1:]:
|
||||
rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
|
||||
|
||||
4
sources
4
sources
@ -1,3 +1,3 @@
|
||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||
e9134b52e6620c14cbce9234a6b67b20 sepolgen-1.2.1.tgz
|
||||
99b6d7ceb2b58d4cd88a8ec0e7c8631a policycoreutils-2.3.tgz
|
||||
9a5db20adfe2250f53833b277ac796ae policycoreutils-2.3.tar.gz
|
||||
ce662a83188bc3a9b40c15792fcaf2c8 sepolgen-1.2.1.tar.gz
|
||||
|
||||
Loading…
Reference in New Issue
Block a user