Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/selinux-policy.git#e94a380d324949b0fc1f903c7b11c1e44e5fe442
This commit is contained in:
DistroBaker 2020-12-01 19:27:05 +00:00
parent cafbcb567e
commit 14735eb5eb
4 changed files with 41 additions and 78 deletions

View File

@ -1,17 +1,16 @@
## Purpose
SELinux Fedora Policy is a large patch off the mainline. The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.
SELinux Fedora Policy is a fork of the [SElinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
## Structure
### github
On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.
### GitHub
On GitHub, we have one repository containing the policy sources.
$ cd selinux-policy
$ git remote -v
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
@ -19,49 +18,32 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib )
origin/master
origin/rawhide
$ cd selinux-policy-contrib
$ git remote -v
origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
Note: _master_ branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.
Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_.
### dist-git
Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.
Package sources in dist-git are composed from _selinux-policy_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files.
## Build process
1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
1. Clone the [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository.
$ cd ~/devel/github
$ git clone git@github.com:fedora-selinux/selinux-policy.git
$ cd selinux-policy
$ cd ~/devel/github
$ git clone git@github.com:fedora-selinux/selinux-policy.git
$ cd selinux-policy
2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
2. Create, backport, cherry-pick needed changes to a particular branch and push them.
$ cd ~/devel/github
$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
$ cd selinux-policy-contrib
3. Clone the **selinux-policy** dist-git repository.
3. create, backport, cherry-pick needed changes to a particular branch and push them
$ cd ~/devel/dist-git
$ fedpkg clone selinux-policy
$ cd selinux-policy
4. clone **selinux-policy** dist-git repository
$ cd ~/devel/dist-git
$ fedpkg clone selinux-policy
$ cd selinux-policy
4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
4. Download the latest snaphot from the selinux-policy github repository.
$ ./make-rhat-patches.sh
5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
6. build the package
5. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push.
6. Build the package.
$ fedpkg build
$ fedpkg build

View File

@ -7,8 +7,6 @@ DOCKER_FEDORA_VERSION=master
DISTGIT_BRANCH=master
REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-https://github.com/fedora-selinux/selinux-policy-contrib}
REPO_SELINUX_POLICY_CONTRIB_BRANCH=${REPO_SELINUX_POLICY_CONTRIB_BRANCH:-$FEDORA_VERSION}
REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git}
@ -25,8 +23,6 @@ pushd $POLICYSOURCES > /dev/null
git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \
-b $REPO_SELINUX_POLICY_BRANCH
git clone --depth=1 -q $REPO_SELINUX_POLICY_CONTRIB selinux-policy-contrib \
-b $REPO_SELINUX_POLICY_CONTRIB_BRANCH
git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux
git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander
@ -37,13 +33,6 @@ BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
popd > /dev/null
pushd selinux-policy-contrib > /dev/null
# prepare policy patches against upstream commits matching the last upstream merge
CONTRIB_HEAD_ID=$(git rev-parse HEAD)
CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
git archive --prefix=selinux-policy-contrib-$CONTRIB_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-contrib-$CONTRIB_SHORT_HEAD_ID.tar.gz
popd > /dev/null
pushd container-selinux > /dev/null
# Actual container-selinux files are in master branch
#git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q
@ -53,7 +42,6 @@ popd > /dev/null
pushd $DISTGIT_PATH > /dev/null
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null
wget -O selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}.tar.gz &> /dev/null
fi
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
@ -63,14 +51,11 @@ popd > /dev/null
popd > /dev/null
rm -rf $POLICYSOURCES
# Update commit ids in selinux-policy.spec file
sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.spec
sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
# Update commit id in selinux-policy.spec file
sed -i "s/%global commit [^ ]*$/%global commit $BASE_HEAD_ID/" selinux-policy.spec
# Update sources
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:"
echo "commit0 " ${BASE_HEAD_ID}
echo "commit1 " ${CONTRIB_HEAD_ID}
echo -e "\nSELinux policy tarball and container-selinux.tgz with container policy files have been created."
echo "Commit id of selinux-policy in spec file was changed to ${BASE_HEAD_ID}"

View File

@ -1,12 +1,7 @@
# github repo with selinux-policy base sources
%global git0 https://github.com/fedora-selinux/selinux-policy
%global commit0 f1505fca7063b21b5f2ef90f904032c5cc023a22
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 dad9c7670560b550c3837a3bd2237a94c3e54814
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
# github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy
%global commit d4ba4f91dd7b02b09059163fe7fe112a2293ee25
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat
%define polyinstatiate n
@ -29,10 +24,9 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.14.7
Release: 9%{?dist}
Release: 10%{?dist}
License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: modules-targeted-base.conf
Source31: modules-targeted-contrib.conf
Source2: booleans-targeted.conf
@ -68,7 +62,7 @@ Source35: container-selinux.tgz
# Provide rpm macros for packages installing SELinux modules
Source102: rpm.macros
Url: %{git0}
Url: %{giturl}
BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@ -399,12 +393,8 @@ end
%build
%prep
%setup -n %{name}-contrib-%{commit1} -q -b 29
tar -xf %{SOURCE35}
contrib_path=`pwd`
%setup -n %{name}-%{commit0} -q
refpolicy_path=`pwd`
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
%setup -n %{name}-%{commit} -q
tar -C policy/modules/contrib -xf %{SOURCE35}
mkdir selinux_config
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
@ -807,6 +797,13 @@ exit 0
%endif
%changelog
* Thu Nov 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-10
- Allow Xephyr connect to 6000/tcp port and open user ptys
- Allow kexec manage generic tmp files
- Update targetd nfs & lvm
- Add interface rpc_manage_exports
- Merge selinux-policy and selinux-policy-contrib repos
* Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9
- Allow varnish map its private tmp files
- Allow dovecot bind to smtp ports

View File

@ -1,4 +1,3 @@
SHA512 (selinux-policy-f1505fc.tar.gz) = 5831821766fbb6ae0c86d81b1f8d0ff1590f7fb26309e3a0ced33cb6348d61808dbf65ef78a2f91df951593bbd39397d8601307a5e530d606924f1d2c72f6cd8
SHA512 (selinux-policy-contrib-dad9c76.tar.gz) = 072136b1064f903f74d2ca42ba1753f8b3aea29c634644abc9a0fae700d3d642ec764d39608dc1f10542cb954d5cc838eafe6ecfb5e974c78d979fa8a93e962d
SHA512 (container-selinux.tgz) = 6dffeaaaea1c87052a1f8481d93ddca98899b63167f7c0a4960572431b08d3e34dff7b5cfb4dc6c62bac6d4ae30b964e0d410dcc6d1476d73cf048080ddd56e6
SHA512 (selinux-policy-d4ba4f9.tar.gz) = 7a2c585103daff6b23d3a0e060efa91da63b3cdbeddcecfa69f15b10d70ee63fe9b8b21e092f25991e7dac2991ba72fa3ca61cd31ea14717cb79156c012dbc2f
SHA512 (container-selinux.tgz) = 9e8cccc4932513daf58fbe3fa1acff6fbb9537e30651af0bfa40b6e368e02f1330a551eb70c4f432a959830ab78099879d4ad4b5936be41d6513769ce1cd8156
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4