Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#e94a380d324949b0fc1f903c7b11c1e44e5fe442
2020-12-01 19:27:05 +00:00 · 2020-12-01 19:27:05 +00:00 · 14735eb5eb
parent cafbcb567e
commit 14735eb5eb
4 changed files with 41 additions and 78 deletions
--- a/README.md
+++ b/README.md
@ -1,17 +1,16 @@
 ## Purpose
-SELinux Fedora Policy is a large patch off the mainline. The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.
+SELinux Fedora Policy is a fork of the [SElinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
 ## Structure
-### github
+### GitHub
-On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.
+On GitHub, we have one repository containing the policy sources.
    $ cd selinux-policy
    $ git remote -v
    origin	git@github.com:fedora-selinux/selinux-policy.git (fetch)
    $ git branch -r
    origin/HEAD -> origin/master
    origin/f27
@ -19,49 +18,32 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib )
    origin/master
    origin/rawhide
-    $ cd selinux-policy-contrib
+Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_.
    $ git remote -v
    origin	git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
    $ git branch -r
    origin/HEAD -> origin/master
    origin/f27
    origin/f28
    origin/master
    origin/rawhide
 Note: _master_ branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.
 ### dist-git
-Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.
+Package sources in dist-git are composed from _selinux-policy_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files.
 ## Build process
-1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
+1. Clone the [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository.
-		$ cd ~/devel/github
+        $ cd ~/devel/github
-		$ git clone git@github.com:fedora-selinux/selinux-policy.git
+        $ git clone git@github.com:fedora-selinux/selinux-policy.git
-		$ cd selinux-policy
+        $ cd selinux-policy
-2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
+2. Create, backport, cherry-pick needed changes to a particular branch and push them.
-		$ cd ~/devel/github
+3. Clone the **selinux-policy** dist-git repository.
 		$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
 		$ cd selinux-policy-contrib
-3. create, backport, cherry-pick needed changes to a particular branch and push them
+        $ cd ~/devel/dist-git
        $ fedpkg clone selinux-policy
        $ cd selinux-policy
-4. clone **selinux-policy** dist-git repository
+4. Download the latest snaphot from the selinux-policy github repository.
 		$ cd ~/devel/dist-git
 		$ fedpkg clone selinux-policy
 		$ cd selinux-policy
 4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
        $ ./make-rhat-patches.sh
-5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
+5. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push.
-6. build the package
+6. Build the package.
-         $ fedpkg build
+        $ fedpkg build
--- a/make-rhat-patches.sh
+++ b/make-rhat-patches.sh
@ -7,8 +7,6 @@ DOCKER_FEDORA_VERSION=master
 DISTGIT_BRANCH=master
 REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
 REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
 REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-https://github.com/fedora-selinux/selinux-policy-contrib}
 REPO_SELINUX_POLICY_CONTRIB_BRANCH=${REPO_SELINUX_POLICY_CONTRIB_BRANCH:-$FEDORA_VERSION}
 REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
 REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git}
@ -25,8 +23,6 @@ pushd $POLICYSOURCES > /dev/null
 git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \
    -b $REPO_SELINUX_POLICY_BRANCH
 git clone --depth=1 -q $REPO_SELINUX_POLICY_CONTRIB selinux-policy-contrib \
    -b $REPO_SELINUX_POLICY_CONTRIB_BRANCH
 git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux
 git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander
@ -37,13 +33,6 @@ BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
 git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
 popd > /dev/null
 pushd selinux-policy-contrib > /dev/null
 # prepare policy patches against upstream commits matching the last upstream merge
 CONTRIB_HEAD_ID=$(git rev-parse HEAD)
 CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
 git archive --prefix=selinux-policy-contrib-$CONTRIB_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-contrib-$CONTRIB_SHORT_HEAD_ID.tar.gz
 popd > /dev/null
 pushd container-selinux > /dev/null
 # Actual container-selinux files are in master branch
 #git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q
@ -53,7 +42,6 @@ popd > /dev/null
 pushd $DISTGIT_PATH > /dev/null
 if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
    wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null
    wget -O selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}.tar.gz &> /dev/null
 fi
 cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
 cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
@ -63,14 +51,11 @@ popd > /dev/null
 popd > /dev/null
 rm -rf $POLICYSOURCES
-# Update commit ids in selinux-policy.spec file
+# Update commit id in selinux-policy.spec file
-sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.spec
+sed -i "s/%global commit [^ ]*$/%global commit $BASE_HEAD_ID/" selinux-policy.spec
 sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
 # Update sources
-sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
+sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
-echo -e "\nSELinux policy tarballs  and container.tgz with container policy files have been created."
+echo -e "\nSELinux policy tarball and container-selinux.tgz with container policy files have been created."
-echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:"
+echo "Commit id of selinux-policy in spec file was changed to ${BASE_HEAD_ID}"
 echo "commit0 " ${BASE_HEAD_ID}
 echo "commit1 " ${CONTRIB_HEAD_ID}
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,12 +1,7 @@
-# github repo with selinux-policy base sources
+# github repo with selinux-policy sources
-%global git0 https://github.com/fedora-selinux/selinux-policy
+%global giturl https://github.com/fedora-selinux/selinux-policy
-%global commit0 f1505fca7063b21b5f2ef90f904032c5cc023a22
+%global commit d4ba4f91dd7b02b09059163fe7fe112a2293ee25
-%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
 # github repo with selinux-policy contrib sources
 %global git1 https://github.com/fedora-selinux/selinux-policy-contrib
 %global commit1 dad9c7670560b550c3837a3bd2237a94c3e54814
 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
 %define distro redhat
 %define polyinstatiate n
@ -29,10 +24,9 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.14.7
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
-Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
+Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
 Source1: modules-targeted-base.conf
 Source31: modules-targeted-contrib.conf
 Source2: booleans-targeted.conf
@ -68,7 +62,7 @@ Source35: container-selinux.tgz
 # Provide rpm macros for packages installing SELinux modules
 Source102: rpm.macros
-Url: %{git0}
+Url: %{giturl}
 BuildArch: noarch
 BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@ -399,12 +393,8 @@ end
 %build
 %prep
-%setup -n %{name}-contrib-%{commit1} -q -b 29
+%setup -n %{name}-%{commit} -q
-tar -xf %{SOURCE35}
+tar -C policy/modules/contrib -xf %{SOURCE35}
 contrib_path=`pwd`
 %setup -n %{name}-%{commit0} -q
 refpolicy_path=`pwd`
 cp $contrib_path/* $refpolicy_path/policy/modules/contrib
 mkdir selinux_config
 for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
@ -807,6 +797,13 @@ exit 0
 %endif
 %changelog
 * Thu Nov 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-10
 - Allow Xephyr connect to 6000/tcp port and open user ptys
 - Allow kexec manage generic tmp files
 - Update targetd nfs & lvm
 - Add interface rpc_manage_exports
 - Merge selinux-policy and selinux-policy-contrib repos
 * Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9
 - Allow varnish map its private tmp files
 - Allow dovecot bind to smtp ports
--- a/5
+++ b/5
@ -1,4 +1,3 @@
-SHA512 (selinux-policy-f1505fc.tar.gz) = 5831821766fbb6ae0c86d81b1f8d0ff1590f7fb26309e3a0ced33cb6348d61808dbf65ef78a2f91df951593bbd39397d8601307a5e530d606924f1d2c72f6cd8
+SHA512 (selinux-policy-d4ba4f9.tar.gz) = 7a2c585103daff6b23d3a0e060efa91da63b3cdbeddcecfa69f15b10d70ee63fe9b8b21e092f25991e7dac2991ba72fa3ca61cd31ea14717cb79156c012dbc2f
-SHA512 (selinux-policy-contrib-dad9c76.tar.gz) = 072136b1064f903f74d2ca42ba1753f8b3aea29c634644abc9a0fae700d3d642ec764d39608dc1f10542cb954d5cc838eafe6ecfb5e974c78d979fa8a93e962d
+SHA512 (container-selinux.tgz) = 9e8cccc4932513daf58fbe3fa1acff6fbb9537e30651af0bfa40b6e368e02f1330a551eb70c4f432a959830ab78099879d4ad4b5936be41d6513769ce1cd8156
 SHA512 (container-selinux.tgz) = 6dffeaaaea1c87052a1f8481d93ddca98899b63167f7c0a4960572431b08d3e34dff7b5cfb4dc6c62bac6d4ae30b964e0d410dcc6d1476d73cf048080ddd56e6
 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4