Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#e94a380d324949b0fc1f903c7b11c1e44e5fe442
This commit is contained in:
parent
cafbcb567e
commit
14735eb5eb
54
README.md
54
README.md
@ -1,17 +1,16 @@
|
|||||||
## Purpose
|
## Purpose
|
||||||
|
|
||||||
SELinux Fedora Policy is a large patch off the mainline. The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.
|
SELinux Fedora Policy is a fork of the [SElinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
|
||||||
|
|
||||||
## Structure
|
## Structure
|
||||||
|
|
||||||
### github
|
### GitHub
|
||||||
On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.
|
On GitHub, we have one repository containing the policy sources.
|
||||||
|
|
||||||
$ cd selinux-policy
|
$ cd selinux-policy
|
||||||
$ git remote -v
|
$ git remote -v
|
||||||
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
|
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
|
||||||
|
|
||||||
|
|
||||||
$ git branch -r
|
$ git branch -r
|
||||||
origin/HEAD -> origin/master
|
origin/HEAD -> origin/master
|
||||||
origin/f27
|
origin/f27
|
||||||
@ -19,49 +18,32 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib )
|
|||||||
origin/master
|
origin/master
|
||||||
origin/rawhide
|
origin/rawhide
|
||||||
|
|
||||||
$ cd selinux-policy-contrib
|
Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_.
|
||||||
$ git remote -v
|
|
||||||
origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
|
|
||||||
|
|
||||||
$ git branch -r
|
|
||||||
origin/HEAD -> origin/master
|
|
||||||
origin/f27
|
|
||||||
origin/f28
|
|
||||||
origin/master
|
|
||||||
origin/rawhide
|
|
||||||
|
|
||||||
Note: _master_ branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.
|
|
||||||
|
|
||||||
### dist-git
|
### dist-git
|
||||||
Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.
|
Package sources in dist-git are composed from _selinux-policy_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files.
|
||||||
|
|
||||||
## Build process
|
## Build process
|
||||||
|
|
||||||
1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
|
1. Clone the [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository.
|
||||||
|
|
||||||
$ cd ~/devel/github
|
$ cd ~/devel/github
|
||||||
$ git clone git@github.com:fedora-selinux/selinux-policy.git
|
$ git clone git@github.com:fedora-selinux/selinux-policy.git
|
||||||
$ cd selinux-policy
|
$ cd selinux-policy
|
||||||
|
|
||||||
2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
|
2. Create, backport, cherry-pick needed changes to a particular branch and push them.
|
||||||
|
|
||||||
$ cd ~/devel/github
|
3. Clone the **selinux-policy** dist-git repository.
|
||||||
$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
|
|
||||||
$ cd selinux-policy-contrib
|
|
||||||
|
|
||||||
3. create, backport, cherry-pick needed changes to a particular branch and push them
|
$ cd ~/devel/dist-git
|
||||||
|
$ fedpkg clone selinux-policy
|
||||||
|
$ cd selinux-policy
|
||||||
|
|
||||||
4. clone **selinux-policy** dist-git repository
|
4. Download the latest snaphot from the selinux-policy github repository.
|
||||||
|
|
||||||
$ cd ~/devel/dist-git
|
|
||||||
$ fedpkg clone selinux-policy
|
|
||||||
$ cd selinux-policy
|
|
||||||
|
|
||||||
4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
|
|
||||||
|
|
||||||
$ ./make-rhat-patches.sh
|
$ ./make-rhat-patches.sh
|
||||||
|
|
||||||
5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
|
5. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push.
|
||||||
6. build the package
|
6. Build the package.
|
||||||
|
|
||||||
$ fedpkg build
|
$ fedpkg build
|
||||||
|
@ -7,8 +7,6 @@ DOCKER_FEDORA_VERSION=master
|
|||||||
DISTGIT_BRANCH=master
|
DISTGIT_BRANCH=master
|
||||||
REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
|
REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
|
||||||
REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
|
REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
|
||||||
REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-https://github.com/fedora-selinux/selinux-policy-contrib}
|
|
||||||
REPO_SELINUX_POLICY_CONTRIB_BRANCH=${REPO_SELINUX_POLICY_CONTRIB_BRANCH:-$FEDORA_VERSION}
|
|
||||||
REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
|
REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
|
||||||
REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git}
|
REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git}
|
||||||
|
|
||||||
@ -25,8 +23,6 @@ pushd $POLICYSOURCES > /dev/null
|
|||||||
|
|
||||||
git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \
|
git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \
|
||||||
-b $REPO_SELINUX_POLICY_BRANCH
|
-b $REPO_SELINUX_POLICY_BRANCH
|
||||||
git clone --depth=1 -q $REPO_SELINUX_POLICY_CONTRIB selinux-policy-contrib \
|
|
||||||
-b $REPO_SELINUX_POLICY_CONTRIB_BRANCH
|
|
||||||
git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux
|
git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux
|
||||||
git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander
|
git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander
|
||||||
|
|
||||||
@ -37,13 +33,6 @@ BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
|
|||||||
git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
|
git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
|
||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
|
|
||||||
pushd selinux-policy-contrib > /dev/null
|
|
||||||
# prepare policy patches against upstream commits matching the last upstream merge
|
|
||||||
CONTRIB_HEAD_ID=$(git rev-parse HEAD)
|
|
||||||
CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
|
|
||||||
git archive --prefix=selinux-policy-contrib-$CONTRIB_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-contrib-$CONTRIB_SHORT_HEAD_ID.tar.gz
|
|
||||||
popd > /dev/null
|
|
||||||
|
|
||||||
pushd container-selinux > /dev/null
|
pushd container-selinux > /dev/null
|
||||||
# Actual container-selinux files are in master branch
|
# Actual container-selinux files are in master branch
|
||||||
#git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q
|
#git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q
|
||||||
@ -53,7 +42,6 @@ popd > /dev/null
|
|||||||
pushd $DISTGIT_PATH > /dev/null
|
pushd $DISTGIT_PATH > /dev/null
|
||||||
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
|
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
|
||||||
wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null
|
wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null
|
||||||
wget -O selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}.tar.gz &> /dev/null
|
|
||||||
fi
|
fi
|
||||||
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
||||||
cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
|
cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
|
||||||
@ -63,14 +51,11 @@ popd > /dev/null
|
|||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
rm -rf $POLICYSOURCES
|
rm -rf $POLICYSOURCES
|
||||||
|
|
||||||
# Update commit ids in selinux-policy.spec file
|
# Update commit id in selinux-policy.spec file
|
||||||
sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.spec
|
sed -i "s/%global commit [^ ]*$/%global commit $BASE_HEAD_ID/" selinux-policy.spec
|
||||||
sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
|
|
||||||
|
|
||||||
# Update sources
|
# Update sources
|
||||||
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
|
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
|
||||||
|
|
||||||
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
|
echo -e "\nSELinux policy tarball and container-selinux.tgz with container policy files have been created."
|
||||||
echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:"
|
echo "Commit id of selinux-policy in spec file was changed to ${BASE_HEAD_ID}"
|
||||||
echo "commit0 " ${BASE_HEAD_ID}
|
|
||||||
echo "commit1 " ${CONTRIB_HEAD_ID}
|
|
||||||
|
@ -1,12 +1,7 @@
|
|||||||
# github repo with selinux-policy base sources
|
# github repo with selinux-policy sources
|
||||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit0 f1505fca7063b21b5f2ef90f904032c5cc023a22
|
%global commit d4ba4f91dd7b02b09059163fe7fe112a2293ee25
|
||||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
# github repo with selinux-policy contrib sources
|
|
||||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
|
||||||
%global commit1 dad9c7670560b550c3837a3bd2237a94c3e54814
|
|
||||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
%define polyinstatiate n
|
%define polyinstatiate n
|
||||||
@ -29,10 +24,9 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.14.7
|
Version: 3.14.7
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
|
||||||
Source1: modules-targeted-base.conf
|
Source1: modules-targeted-base.conf
|
||||||
Source31: modules-targeted-contrib.conf
|
Source31: modules-targeted-contrib.conf
|
||||||
Source2: booleans-targeted.conf
|
Source2: booleans-targeted.conf
|
||||||
@ -68,7 +62,7 @@ Source35: container-selinux.tgz
|
|||||||
# Provide rpm macros for packages installing SELinux modules
|
# Provide rpm macros for packages installing SELinux modules
|
||||||
Source102: rpm.macros
|
Source102: rpm.macros
|
||||||
|
|
||||||
Url: %{git0}
|
Url: %{giturl}
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
|
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
|
||||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
||||||
@ -399,12 +393,8 @@ end
|
|||||||
%build
|
%build
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -n %{name}-contrib-%{commit1} -q -b 29
|
%setup -n %{name}-%{commit} -q
|
||||||
tar -xf %{SOURCE35}
|
tar -C policy/modules/contrib -xf %{SOURCE35}
|
||||||
contrib_path=`pwd`
|
|
||||||
%setup -n %{name}-%{commit0} -q
|
|
||||||
refpolicy_path=`pwd`
|
|
||||||
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
|
|
||||||
|
|
||||||
mkdir selinux_config
|
mkdir selinux_config
|
||||||
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
|
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
|
||||||
@ -807,6 +797,13 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-10
|
||||||
|
- Allow Xephyr connect to 6000/tcp port and open user ptys
|
||||||
|
- Allow kexec manage generic tmp files
|
||||||
|
- Update targetd nfs & lvm
|
||||||
|
- Add interface rpc_manage_exports
|
||||||
|
- Merge selinux-policy and selinux-policy-contrib repos
|
||||||
|
|
||||||
* Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9
|
* Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9
|
||||||
- Allow varnish map its private tmp files
|
- Allow varnish map its private tmp files
|
||||||
- Allow dovecot bind to smtp ports
|
- Allow dovecot bind to smtp ports
|
||||||
|
5
sources
5
sources
@ -1,4 +1,3 @@
|
|||||||
SHA512 (selinux-policy-f1505fc.tar.gz) = 5831821766fbb6ae0c86d81b1f8d0ff1590f7fb26309e3a0ced33cb6348d61808dbf65ef78a2f91df951593bbd39397d8601307a5e530d606924f1d2c72f6cd8
|
SHA512 (selinux-policy-d4ba4f9.tar.gz) = 7a2c585103daff6b23d3a0e060efa91da63b3cdbeddcecfa69f15b10d70ee63fe9b8b21e092f25991e7dac2991ba72fa3ca61cd31ea14717cb79156c012dbc2f
|
||||||
SHA512 (selinux-policy-contrib-dad9c76.tar.gz) = 072136b1064f903f74d2ca42ba1753f8b3aea29c634644abc9a0fae700d3d642ec764d39608dc1f10542cb954d5cc838eafe6ecfb5e974c78d979fa8a93e962d
|
SHA512 (container-selinux.tgz) = 9e8cccc4932513daf58fbe3fa1acff6fbb9537e30651af0bfa40b6e368e02f1330a551eb70c4f432a959830ab78099879d4ad4b5936be41d6513769ce1cd8156
|
||||||
SHA512 (container-selinux.tgz) = 6dffeaaaea1c87052a1f8481d93ddca98899b63167f7c0a4960572431b08d3e34dff7b5cfb4dc6c62bac6d4ae30b964e0d410dcc6d1476d73cf048080ddd56e6
|
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
|
Loading…
Reference in New Issue
Block a user