2023-04-13 18:33:58 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
DISTGIT_PATH=$(pwd)
|
|
|
|
|
2023-09-29 12:50:40 +00:00
|
|
|
RHEL_BASE_VERSION=rhel8.10-base
|
|
|
|
RHEL_CONTRIB_VERSION=rhel8.10-contrib
|
2023-04-13 18:33:58 +00:00
|
|
|
DOCKER_RHEL_VERSION=master
|
|
|
|
DISTGIT_BRANCH=c8s
|
|
|
|
REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-git@gitlab.cee.redhat.com:SELinux/selinux-policy.git}
|
|
|
|
REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$RHEL_BASE_VERSION}
|
|
|
|
REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-git@gitlab.cee.redhat.com:SELinux/selinux-policy.git}
|
|
|
|
REPO_SELINUX_POLICY_CONTRIB_BRANCH=${REPO_SELINUX_POLICY_CONTRIB_BRANCH:-$RHEL_CONTRIB_VERSION}
|
|
|
|
REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-git@github.com:projectatomic/container-selinux.git}
|
|
|
|
REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-git@gitlab.cee.redhat.com:SELinux/macro-expander.git}
|
|
|
|
|
|
|
|
# When -l is specified, we use locally created tarballs and don't download them from github
|
|
|
|
DOWNLOAD_DEFAULT_GITHUB_TARBALLS=1
|
|
|
|
if [ "$1" == "-l" ]; then
|
|
|
|
DOWNLOAD_DEFAULT_GITHUB_TARBALLS=0
|
|
|
|
fi
|
|
|
|
|
|
|
|
git checkout $DISTGIT_BRANCH -q
|
|
|
|
|
|
|
|
POLICYSOURCES=`mktemp -d policysources.XXXXXX`
|
|
|
|
pushd $POLICYSOURCES > /dev/null
|
|
|
|
|
|
|
|
git clone -q $REPO_SELINUX_POLICY selinux-policy
|
|
|
|
git clone -q $REPO_SELINUX_POLICY_CONTRIB selinux-policy-contrib
|
|
|
|
git clone -q $REPO_CONTAINER_SELINUX container-selinux
|
|
|
|
git clone -q $REPO_MACRO_EXPANDER macro-expander
|
|
|
|
|
|
|
|
pushd selinux-policy > /dev/null
|
|
|
|
# prepare policy patches against upstream commits matching the last upstream merge
|
|
|
|
git checkout $REPO_SELINUX_POLICY_BRANCH
|
|
|
|
BASE_HEAD_ID=$(git rev-parse HEAD)
|
|
|
|
BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
|
|
|
|
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
|
|
|
|
git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
|
|
|
|
fi
|
|
|
|
popd > /dev/null
|
|
|
|
|
|
|
|
pushd selinux-policy-contrib > /dev/null
|
|
|
|
# prepare policy patches against upstream commits matching the last upstream merge
|
|
|
|
git checkout $REPO_SELINUX_POLICY_CONTRIB_BRANCH
|
|
|
|
CONTRIB_HEAD_ID=$(git rev-parse HEAD)
|
|
|
|
CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
|
|
|
|
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
|
|
|
|
git archive --prefix=selinux-policy-contrib-$CONTRIB_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-contrib-$CONTRIB_SHORT_HEAD_ID.tar.gz
|
|
|
|
fi
|
|
|
|
popd > /dev/null
|
|
|
|
|
|
|
|
pushd container-selinux > /dev/null
|
|
|
|
# Actual container-selinux files are in master branch
|
|
|
|
#git checkout -b ${DOCKER_RHEL_VERSION} -t origin/${DOCKER_RHEL_VERSION} -q
|
|
|
|
tar -czf container-selinux.tgz container.if container.te container.fc
|
|
|
|
popd > /dev/null
|
|
|
|
|
|
|
|
pushd $DISTGIT_PATH > /dev/null
|
|
|
|
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
|
|
|
cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
|
|
|
|
popd > /dev/null
|
|
|
|
|
|
|
|
popd > /dev/null
|
|
|
|
rm -rf $POLICYSOURCES
|
|
|
|
|
|
|
|
# Update commit ids in selinux-policy.spec file
|
|
|
|
sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.spec
|
|
|
|
sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
|
|
|
|
|
|
|
|
# Update sources
|
|
|
|
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
|
|
|
|
|
|
|
|
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
|
|
|
|
echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:"
|
|
|
|
echo "commit0 " ${BASE_HEAD_ID}
|
|
|
|
echo "commit1 " ${CONTRIB_HEAD_ID}
|