Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/selinux-policy.git#e94a380d324949b0fc1f903c7b11c1e44e5fe442
This commit is contained in:
parent
cafbcb567e
commit
14735eb5eb
54
README.md
54
README.md
@ -1,17 +1,16 @@
|
||||
## Purpose
|
||||
|
||||
SELinux Fedora Policy is a large patch off the mainline. The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.
|
||||
SELinux Fedora Policy is a fork of the [SElinux reference policy](https://github.com/SELinuxProject/refpolicy/). The [fedora-selinux/selinux-policy](https://github.com/selinux-policy/selinux-policy.git) repo makes Fedora packaging simpler and more transparent for packagers, upstream developers, and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, and for communication with upstream and the community. It reflects the upstream repository structure to make submitting patches to upstream easy.
|
||||
|
||||
## Structure
|
||||
|
||||
### github
|
||||
On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.
|
||||
### GitHub
|
||||
On GitHub, we have one repository containing the policy sources.
|
||||
|
||||
$ cd selinux-policy
|
||||
$ git remote -v
|
||||
origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
|
||||
|
||||
|
||||
$ git branch -r
|
||||
origin/HEAD -> origin/master
|
||||
origin/f27
|
||||
@ -19,49 +18,32 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib )
|
||||
origin/master
|
||||
origin/rawhide
|
||||
|
||||
$ cd selinux-policy-contrib
|
||||
$ git remote -v
|
||||
origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
|
||||
|
||||
$ git branch -r
|
||||
origin/HEAD -> origin/master
|
||||
origin/f27
|
||||
origin/f28
|
||||
origin/master
|
||||
origin/rawhide
|
||||
|
||||
Note: _master_ branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the _rawhide github branches in both selinux-policy and selinux-policy-contrib repositories.
|
||||
Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_.
|
||||
|
||||
### dist-git
|
||||
Package sources in dist-git are generally composed from a _selinux-policy and _selinux-policy-contrib repository snapshots tarballs and from other config files.
|
||||
Package sources in dist-git are composed from _selinux-policy_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files.
|
||||
|
||||
## Build process
|
||||
|
||||
1. clone [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository
|
||||
1. Clone the [fedora-selinux/selinux-policy](https://github.com/fedora-selinux/selinux-policy) repository.
|
||||
|
||||
$ cd ~/devel/github
|
||||
$ git clone git@github.com:fedora-selinux/selinux-policy.git
|
||||
$ cd selinux-policy
|
||||
$ cd ~/devel/github
|
||||
$ git clone git@github.com:fedora-selinux/selinux-policy.git
|
||||
$ cd selinux-policy
|
||||
|
||||
2. clone [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository
|
||||
2. Create, backport, cherry-pick needed changes to a particular branch and push them.
|
||||
|
||||
$ cd ~/devel/github
|
||||
$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
|
||||
$ cd selinux-policy-contrib
|
||||
3. Clone the **selinux-policy** dist-git repository.
|
||||
|
||||
3. create, backport, cherry-pick needed changes to a particular branch and push them
|
||||
$ cd ~/devel/dist-git
|
||||
$ fedpkg clone selinux-policy
|
||||
$ cd selinux-policy
|
||||
|
||||
4. clone **selinux-policy** dist-git repository
|
||||
|
||||
$ cd ~/devel/dist-git
|
||||
$ fedpkg clone selinux-policy
|
||||
$ cd selinux-policy
|
||||
|
||||
4. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories
|
||||
4. Download the latest snaphot from the selinux-policy github repository.
|
||||
|
||||
$ ./make-rhat-patches.sh
|
||||
|
||||
5. add changes to the dist-git repository, bump release, create a changelog entry, commit and push
|
||||
6. build the package
|
||||
5. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push.
|
||||
6. Build the package.
|
||||
|
||||
$ fedpkg build
|
||||
$ fedpkg build
|
||||
|
@ -7,8 +7,6 @@ DOCKER_FEDORA_VERSION=master
|
||||
DISTGIT_BRANCH=master
|
||||
REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
|
||||
REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
|
||||
REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-https://github.com/fedora-selinux/selinux-policy-contrib}
|
||||
REPO_SELINUX_POLICY_CONTRIB_BRANCH=${REPO_SELINUX_POLICY_CONTRIB_BRANCH:-$FEDORA_VERSION}
|
||||
REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
|
||||
REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git}
|
||||
|
||||
@ -25,8 +23,6 @@ pushd $POLICYSOURCES > /dev/null
|
||||
|
||||
git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \
|
||||
-b $REPO_SELINUX_POLICY_BRANCH
|
||||
git clone --depth=1 -q $REPO_SELINUX_POLICY_CONTRIB selinux-policy-contrib \
|
||||
-b $REPO_SELINUX_POLICY_CONTRIB_BRANCH
|
||||
git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux
|
||||
git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander
|
||||
|
||||
@ -37,13 +33,6 @@ BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
|
||||
git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
|
||||
popd > /dev/null
|
||||
|
||||
pushd selinux-policy-contrib > /dev/null
|
||||
# prepare policy patches against upstream commits matching the last upstream merge
|
||||
CONTRIB_HEAD_ID=$(git rev-parse HEAD)
|
||||
CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
|
||||
git archive --prefix=selinux-policy-contrib-$CONTRIB_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-contrib-$CONTRIB_SHORT_HEAD_ID.tar.gz
|
||||
popd > /dev/null
|
||||
|
||||
pushd container-selinux > /dev/null
|
||||
# Actual container-selinux files are in master branch
|
||||
#git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q
|
||||
@ -53,7 +42,6 @@ popd > /dev/null
|
||||
pushd $DISTGIT_PATH > /dev/null
|
||||
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
|
||||
wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null
|
||||
wget -O selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}.tar.gz &> /dev/null
|
||||
fi
|
||||
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
||||
cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
|
||||
@ -63,14 +51,11 @@ popd > /dev/null
|
||||
popd > /dev/null
|
||||
rm -rf $POLICYSOURCES
|
||||
|
||||
# Update commit ids in selinux-policy.spec file
|
||||
sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.spec
|
||||
sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
|
||||
# Update commit id in selinux-policy.spec file
|
||||
sed -i "s/%global commit [^ ]*$/%global commit $BASE_HEAD_ID/" selinux-policy.spec
|
||||
|
||||
# Update sources
|
||||
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
|
||||
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
|
||||
|
||||
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
|
||||
echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:"
|
||||
echo "commit0 " ${BASE_HEAD_ID}
|
||||
echo "commit1 " ${CONTRIB_HEAD_ID}
|
||||
echo -e "\nSELinux policy tarball and container-selinux.tgz with container policy files have been created."
|
||||
echo "Commit id of selinux-policy in spec file was changed to ${BASE_HEAD_ID}"
|
||||
|
@ -1,12 +1,7 @@
|
||||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 f1505fca7063b21b5f2ef90f904032c5cc023a22
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 dad9c7670560b550c3837a3bd2237a94c3e54814
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
# github repo with selinux-policy sources
|
||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit d4ba4f91dd7b02b09059163fe7fe112a2293ee25
|
||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
%define polyinstatiate n
|
||||
@ -29,10 +24,9 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.14.7
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: GPLv2+
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||
Source1: modules-targeted-base.conf
|
||||
Source31: modules-targeted-contrib.conf
|
||||
Source2: booleans-targeted.conf
|
||||
@ -68,7 +62,7 @@ Source35: container-selinux.tgz
|
||||
# Provide rpm macros for packages installing SELinux modules
|
||||
Source102: rpm.macros
|
||||
|
||||
Url: %{git0}
|
||||
Url: %{giturl}
|
||||
BuildArch: noarch
|
||||
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
|
||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
||||
@ -399,12 +393,8 @@ end
|
||||
%build
|
||||
|
||||
%prep
|
||||
%setup -n %{name}-contrib-%{commit1} -q -b 29
|
||||
tar -xf %{SOURCE35}
|
||||
contrib_path=`pwd`
|
||||
%setup -n %{name}-%{commit0} -q
|
||||
refpolicy_path=`pwd`
|
||||
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
|
||||
%setup -n %{name}-%{commit} -q
|
||||
tar -C policy/modules/contrib -xf %{SOURCE35}
|
||||
|
||||
mkdir selinux_config
|
||||
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
|
||||
@ -807,6 +797,13 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Nov 26 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-10
|
||||
- Allow Xephyr connect to 6000/tcp port and open user ptys
|
||||
- Allow kexec manage generic tmp files
|
||||
- Update targetd nfs & lvm
|
||||
- Add interface rpc_manage_exports
|
||||
- Merge selinux-policy and selinux-policy-contrib repos
|
||||
|
||||
* Tue Nov 24 2020 Zdenek Pytela <zpytela@redhat.com> - 3.14.7-9
|
||||
- Allow varnish map its private tmp files
|
||||
- Allow dovecot bind to smtp ports
|
||||
|
5
sources
5
sources
@ -1,4 +1,3 @@
|
||||
SHA512 (selinux-policy-f1505fc.tar.gz) = 5831821766fbb6ae0c86d81b1f8d0ff1590f7fb26309e3a0ced33cb6348d61808dbf65ef78a2f91df951593bbd39397d8601307a5e530d606924f1d2c72f6cd8
|
||||
SHA512 (selinux-policy-contrib-dad9c76.tar.gz) = 072136b1064f903f74d2ca42ba1753f8b3aea29c634644abc9a0fae700d3d642ec764d39608dc1f10542cb954d5cc838eafe6ecfb5e974c78d979fa8a93e962d
|
||||
SHA512 (container-selinux.tgz) = 6dffeaaaea1c87052a1f8481d93ddca98899b63167f7c0a4960572431b08d3e34dff7b5cfb4dc6c62bac6d4ae30b964e0d410dcc6d1476d73cf048080ddd56e6
|
||||
SHA512 (selinux-policy-d4ba4f9.tar.gz) = 7a2c585103daff6b23d3a0e060efa91da63b3cdbeddcecfa69f15b10d70ee63fe9b8b21e092f25991e7dac2991ba72fa3ca61cd31ea14717cb79156c012dbc2f
|
||||
SHA512 (container-selinux.tgz) = 9e8cccc4932513daf58fbe3fa1acff6fbb9537e30651af0bfa40b6e368e02f1330a551eb70c4f432a959830ab78099879d4ad4b5936be41d6513769ce1cd8156
|
||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||
|
Loading…
Reference in New Issue
Block a user