rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Make packaging more transparent

Browse Source 
- add make-rhat-patches.sh script which creates policycoreutils-rhat.patch and sepolgen-rhat.patch patches
- use source files from https://github.com/SELinuxProject/selinux/wiki/Releases
- extract sources to selinux/ directory and build them there

Create -rhat patches from
c83f4d17e7
This commit is contained in:
Petr Lautrbach 2015-02-02 16:42:37 +01:00
parent 648c87fea3
commit 9d99a57696
6 changed files with 747 additions and 43734 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -231,3 +231,5 @@ policycoreutils-2.0.83.tgz
/sepolgen-1.1.1.tgz /sepolgen-1.1.1.tgz
/sepolgen-1.1.2.tgz /sepolgen-1.1.2.tgz
/policycoreutils-2.1.6.tgz /policycoreutils-2.1.6.tgz
/policycoreutils-2.3.tar.gz
/sepolgen-1.2.1.tar.gz

40
make-rhat-patches.sh Executable file
View File

@ -0,0 +1,40 @@
#!/bin/bash
POLICYCOREUTILS_VERSION=2.3
SEPOLGEN_VERSION=1.2.1
BRANCH=master
REBASEDIR=`mktemp -d rebase.XXXXXX`
pushd $REBASEDIR
git clone git@github.com:fedora-selinux/selinux.git
pushd selinux; git checkout $BRANCH; COMMIT=`git rev-parse --verify HEAD`; popd
# prepare policycoreutils-rhat.patch
tar xfz ../policycoreutils-$POLICYCOREUTILS_VERSION.tar.gz
pushd policycoreutils-$POLICYCOREUTILS_VERSION
git init; git add .; git commit -m "init"
cp -r ../selinux/policycoreutils/* .
git add -A .
git diff --cached --src-prefix=a/policycoreutils-$POLICYCOREUTILS_VERSION/ --dst-prefix=b/policycoreutils-$POLICYCOREUTILS_VERSION/ > ../../policycoreutils-rhat.patch
popd
#prepare sepolgen-rhat.patch
tar xfz ../sepolgen-$SEPOLGEN_VERSION.tar.gz
pushd sepolgen-$SEPOLGEN_VERSION
git init; git add .; git commit -m "init"
cp -r ../selinux/sepolgen/* .
git add -A .
git diff --cached --src-prefix=a/sepolgen-$SEPOLGEN_VERSION/ --dst-prefix=b/sepolgen-$SEPOLGEN_VERSION/ > ../../sepolgen-rhat.patch
popd
popd
# echo rm -rf $REBASEDIR
echo policycoreutils-rhat.patch and sepolgen-rhat.patch created against https://github.com/fedora-selinux/selinux/commit/$COMMIT

44367
policycoreutils-rhat.patch
View File

File diff suppressed because it is too large Load Diff

39
policycoreutils.spec
View File

@ -10,16 +10,17 @@ Version: 2.3
Release: 14%{?dist} Release: 14%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # https://github.com/SELinuxProject/selinux/wiki/Releases
Source: git://oss.tresys.com/git/selinux/policycoreutils-%{version}.tgz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/policycoreutils-%{version}.tar.gz
Source1:git://oss.tresys.com/git/selinux/sepolgen-%{sepolgenver}.tgz Source1:https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20140506/sepolgen-%{sepolgenver}.tar.gz
URL: http://www.selinuxproject.org URL: http://www.selinuxproject.org
Source2: policycoreutils_man_ru2.tar.bz2 Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
Patch: policycoreutils-rhat.patch Patch: policycoreutils-rhat.patch
Patch1: 0001-Fix-setfiles-to-work-correctly-if-r-option-is-define.patch Patch1: sepolgen-rhat.patch
Patch2: 0002-audit2allow-improvements.patch Patch2: 0001-Fix-setfiles-to-work-correctly-if-r-option-is-define.patch
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3 Conflicts: filesystem < 3
Provides: /sbin/fixfiles Provides: /sbin/fixfiles
@ -48,16 +49,20 @@ load_policy to load policies, setfiles to label filesystems, newrole
to switch roles. to switch roles.
%prep %prep
%setup -q -a 1 # create selinux/ directory and extract %{SOURCE0} there
%patch -p1 -b .rhat %setup -q -c -n selinux
%patch1 -p2 -b .setfiles %patch -p1 -b .policycoreutils-rhat
cp %{SOURCE3} gui/ pushd policycoreutils-%{version}/
tar xvf %{SOURCE4} %patch2 -p2 -b .setfiles
cd sepolgen-%{sepolgenver} popd
%patch2 -p2 -b .audit2allow cp %{SOURCE3} policycoreutils-%{version}/gui/
tar -xvf %{SOURCE4} -C policycoreutils-%{version}/
# extract {%SOURCE1} in selinux/ directory
%setup -T -D -a 1 -n selinux
%patch1 -p1 -b .sepolgen-rhat
%build %build
make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all
make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
%install %install
@ -69,8 +74,8 @@ mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8 mkdir -p %{buildroot}%{_mandir}/man8
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/ %{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
make LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
make PYTHON=python3 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install make -C policycoreutils-%{version} PYTHON=python3 LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
# Systemd # Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
@ -352,7 +357,7 @@ fi
%{_mandir}/ru/man1/secon.1* %{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/genhomedircon.8* %{_mandir}/man8/genhomedircon.8*
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license COPYING %license policycoreutils-%{version}/COPYING
%doc %{_usr}/share/doc/%{name} %doc %{_usr}/share/doc/%{name}
%package restorecond %package restorecond
@ -373,7 +378,7 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_mandir}/man8/restorecond.8* %{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8* %{_mandir}/ru/man8/restorecond.8*
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license COPYING %license policycoreutils-%{version}/COPYING
%post restorecond %post restorecond
%systemd_post restorecond.service %systemd_post restorecond.service

29
0002-audit2allow-improvements.patch → sepolgen-rhat.patch
View File

@ -1,7 +1,7 @@
diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py diff --git a/sepolgen-1.2.1/src/sepolgen/access.py b/sepolgen-1.2.1/src/sepolgen/access.py
index cf13210..9154887 100644 index cf13210..9154887 100644
--- a/sepolgen/src/sepolgen/access.py --- a/sepolgen-1.2.1/src/sepolgen/access.py
+++ b/sepolgen/src/sepolgen/access.py +++ b/sepolgen-1.2.1/src/sepolgen/access.py
@@ -88,6 +88,8 @@ class AccessVector: @@ -88,6 +88,8 @@ class AccessVector:
self.audit_msgs = [] self.audit_msgs = []
self.type = audit2why.TERULE self.type = audit2why.TERULE
@ -43,10 +43,10 @@ index cf13210..9154887 100644
access.type = avc_type access.type = avc_type
cls[obj_class, avc_type] = access cls[obj_class, avc_type] = access
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py diff --git a/sepolgen-1.2.1/src/sepolgen/audit.py b/sepolgen-1.2.1/src/sepolgen/audit.py
index 56919be..57263d0 100644 index 56919be..57263d0 100644
--- a/sepolgen/src/sepolgen/audit.py --- a/sepolgen-1.2.1/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py +++ b/sepolgen-1.2.1/src/sepolgen/audit.py
@@ -169,6 +169,7 @@ class AVCMessage(AuditMessage): @@ -169,6 +169,7 @@ class AVCMessage(AuditMessage):
self.exe = "" self.exe = ""
self.path = "" self.path = ""
@ -164,10 +164,10 @@ index 56919be..57263d0 100644
return av_set return av_set
class AVCTypeFilter: class AVCTypeFilter:
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py diff --git a/sepolgen-1.2.1/src/sepolgen/policygen.py b/sepolgen-1.2.1/src/sepolgen/policygen.py
index 5f38577..39b0ce1 100644 index 5f38577..3b9e9f4 100644
--- a/sepolgen/src/sepolgen/policygen.py --- a/sepolgen-1.2.1/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py +++ b/sepolgen-1.2.1/src/sepolgen/policygen.py
@@ -81,8 +81,9 @@ class PolicyGenerator: @@ -81,8 +81,9 @@ class PolicyGenerator:
self.module = refpolicy.Module() self.module = refpolicy.Module()
@ -233,3 +233,12 @@ index 5f38577..39b0ce1 100644
if av.type == audit2why.ALLOW: if av.type == audit2why.ALLOW:
rule.comment += "\n#!!!! This avc is allowed in the current policy" rule.comment += "\n#!!!! This avc is allowed in the current policy"
if av.type == audit2why.DONTAUDIT: if av.type == audit2why.DONTAUDIT:
@@ -174,7 +215,7 @@ class PolicyGenerator:
if av.type == audit2why.CONSTRAINT:
rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access."
rule.comment += "\n#Constraint rule: "
- rule.comment += "\n\t" + av.data[0]
+ rule.comment += "\n#\t" + av.data[0]
for reason in av.data[1:]:
rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason

4
sources
View File

@ -1,3 +1,3 @@
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2 59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
e9134b52e6620c14cbce9234a6b67b20 sepolgen-1.2.1.tgz 9a5db20adfe2250f53833b277ac796ae policycoreutils-2.3.tar.gz
99b6d7ceb2b58d4cd88a8ec0e7c8631a policycoreutils-2.3.tgz ce662a83188bc3a9b40c15792fcaf2c8 sepolgen-1.2.1.tar.gz