From 14735eb5eb5cdab9d12c526f23b1c6024c7eb79f Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Tue, 1 Dec 2020 19:27:05 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#e94a380d324949b0fc1f903c7b11c1e44e5fe442 --- README.md | 54 +++++++++++++++----------------------------- make-rhat-patches.sh | 25 ++++---------------- selinux-policy.spec | 35 +++++++++++++--------------- sources | 5 ++-- 4 files changed, 41 insertions(+), 78 deletions(-) diff --git a/README.md b/README.md index e6f13c68..00d22337 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,16 @@ ## Purpose -SELinux Fedora Policy is a large patch off the mainline. The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy. +SELinux Fedora Policy is a fork of the [SElinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy. ## Structure -### github -On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository. +### GitHub +On GitHub, we have one repository containing the policy sources. $ cd selinux-policy $ git remote -v origin git@github.com:fedora-selinux/selinux-policy.git (fetch) - $ git branch -r origin/HEAD -> origin/master origin/f27 @@ -19,49 +18,32 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) origin/master origin/rawhide - $ cd selinux-policy-contrib - $ git remote -v - origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch) - - $ git branch -r - origin/HEAD -> origin/master - origin/f27 - origin/f28 - origin/master - origin/rawhide - -Note: _master_ branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories. +Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_. ### dist-git -Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files. +Package sources in dist-git are composed from _selinux-policy_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files. ## Build process -1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository +1. Clone the [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository. - $ cd ~/devel/github - $ git clone git@github.com:fedora-selinux/selinux-policy.git - $ cd selinux-policy + $ cd ~/devel/github + $ git clone git@github.com:fedora-selinux/selinux-policy.git + $ cd selinux-policy -2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository +2. Create, backport, cherry-pick needed changes to a particular branch and push them. - $ cd ~/devel/github - $ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git - $ cd selinux-policy-contrib +3. Clone the **selinux-policy** dist-git repository. -3. create, backport, cherry-pick needed changes to a particular branch and push them + $ cd ~/devel/dist-git + $ fedpkg clone selinux-policy + $ cd selinux-policy -4. clone **selinux-policy** dist-git repository - - $ cd ~/devel/dist-git - $ fedpkg clone selinux-policy - $ cd selinux-policy - -4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories +4. Download the latest snaphot from the selinux-policy github repository. $ ./make-rhat-patches.sh -5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push -6. build the package +5. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push. +6. Build the package. - $ fedpkg build + $ fedpkg build diff --git a/make-rhat-patches.sh b/make-rhat-patches.sh index 870915a0..ca08bf0a 100755 --- a/make-rhat-patches.sh +++ b/make-rhat-patches.sh @@ -7,8 +7,6 @@ DOCKER_FEDORA_VERSION=master DISTGIT_BRANCH=master REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy} REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION} -REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-https://github.com/fedora-selinux/selinux-policy-contrib} -REPO_SELINUX_POLICY_CONTRIB_BRANCH=${REPO_SELINUX_POLICY_CONTRIB_BRANCH:-$FEDORA_VERSION} REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux} REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git} @@ -25,8 +23,6 @@ pushd $POLICYSOURCES > /dev/null git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \ -b $REPO_SELINUX_POLICY_BRANCH -git clone --depth=1 -q $REPO_SELINUX_POLICY_CONTRIB selinux-policy-contrib \ - -b $REPO_SELINUX_POLICY_CONTRIB_BRANCH git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander @@ -37,13 +33,6 @@ BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7}) git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz popd > /dev/null -pushd selinux-policy-contrib > /dev/null -# prepare policy patches against upstream commits matching the last upstream merge -CONTRIB_HEAD_ID=$(git rev-parse HEAD) -CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7}) -git archive --prefix=selinux-policy-contrib-$CONTRIB_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-contrib-$CONTRIB_SHORT_HEAD_ID.tar.gz -popd > /dev/null - pushd container-selinux > /dev/null # Actual container-selinux files are in master branch #git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q @@ -53,7 +42,6 @@ popd > /dev/null pushd $DISTGIT_PATH > /dev/null if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null - wget -O selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}.tar.gz &> /dev/null fi cp $POLICYSOURCES/container-selinux/container-selinux.tgz . cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander @@ -63,14 +51,11 @@ popd > /dev/null popd > /dev/null rm -rf $POLICYSOURCES -# Update commit ids in selinux-policy.spec file -sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.spec -sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec +# Update commit id in selinux-policy.spec file +sed -i "s/%global commit [^ ]*$/%global commit $BASE_HEAD_ID/" selinux-policy.spec # Update sources -sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources +sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources -echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created." -echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:" -echo "commit0 " ${BASE_HEAD_ID} -echo "commit1 " ${CONTRIB_HEAD_ID} +echo -e "\nSELinux policy tarball and container-selinux.tgz with container policy files have been created." +echo "Commit id of selinux-policy in spec file was changed to ${BASE_HEAD_ID}" diff --git a/selinux-policy.spec b/selinux-policy.spec index 4d909956..f5a50b6b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,12 +1,7 @@ -# github repo with selinux-policy base sources -%global git0 https://github.com/fedora-selinux/selinux-policy -%global commit0 f1505fca7063b21b5f2ef90f904032c5cc023a22 -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) - -# github repo with selinux-policy contrib sources -%global git1 https://github.com/fedora-selinux/selinux-policy-contrib -%global commit1 dad9c7670560b550c3837a3bd2237a94c3e54814 -%global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) +# github repo with selinux-policy sources +%global giturl https://github.com/fedora-selinux/selinux-policy +%global commit d4ba4f91dd7b02b09059163fe7fe112a2293ee25 +%global shortcommit %(c=%{commit}; echo ${c:0:7}) %define distro redhat %define polyinstatiate n @@ -29,10 +24,9 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.7 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2+ -Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz +Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: modules-targeted-base.conf Source31: modules-targeted-contrib.conf Source2: booleans-targeted.conf @@ -68,7 +62,7 @@ Source35: container-selinux.tgz # Provide rpm macros for packages installing SELinux modules Source102: rpm.macros -Url: %{git0} +Url: %{giturl} BuildArch: noarch BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} @@ -399,12 +393,8 @@ end %build %prep -%setup -n %{name}-contrib-%{commit1} -q -b 29 -tar -xf %{SOURCE35} -contrib_path=`pwd` -%setup -n %{name}-%{commit0} -q -refpolicy_path=`pwd` -cp $contrib_path/* $refpolicy_path/policy/modules/contrib +%setup -n %{name}-%{commit} -q +tar -C policy/modules/contrib -xf %{SOURCE35} mkdir selinux_config for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do @@ -807,6 +797,13 @@ exit 0 %endif %changelog +* Thu Nov 26 2020 Zdenek Pytela - 3.14.7-10 +- Allow Xephyr connect to 6000/tcp port and open user ptys +- Allow kexec manage generic tmp files +- Update targetd nfs & lvm +- Add interface rpc_manage_exports +- Merge selinux-policy and selinux-policy-contrib repos + * Tue Nov 24 2020 Zdenek Pytela - 3.14.7-9 - Allow varnish map its private tmp files - Allow dovecot bind to smtp ports diff --git a/sources b/sources index f94225bb..214801ff 100644 --- a/sources +++ b/sources @@ -1,4 +1,3 @@ -SHA512 (selinux-policy-f1505fc.tar.gz) = 5831821766fbb6ae0c86d81b1f8d0ff1590f7fb26309e3a0ced33cb6348d61808dbf65ef78a2f91df951593bbd39397d8601307a5e530d606924f1d2c72f6cd8 -SHA512 (selinux-policy-contrib-dad9c76.tar.gz) = 072136b1064f903f74d2ca42ba1753f8b3aea29c634644abc9a0fae700d3d642ec764d39608dc1f10542cb954d5cc838eafe6ecfb5e974c78d979fa8a93e962d -SHA512 (container-selinux.tgz) = 6dffeaaaea1c87052a1f8481d93ddca98899b63167f7c0a4960572431b08d3e34dff7b5cfb4dc6c62bac6d4ae30b964e0d410dcc6d1476d73cf048080ddd56e6 +SHA512 (selinux-policy-d4ba4f9.tar.gz) = 7a2c585103daff6b23d3a0e060efa91da63b3cdbeddcecfa69f15b10d70ee63fe9b8b21e092f25991e7dac2991ba72fa3ca61cd31ea14717cb79156c012dbc2f +SHA512 (container-selinux.tgz) = 9e8cccc4932513daf58fbe3fa1acff6fbb9537e30651af0bfa40b6e368e02f1330a551eb70c4f432a959830ab78099879d4ad4b5936be41d6513769ce1cd8156 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4