Commit removes big SELinux policy patches against tresys refpolicy.
We're quite diverted from upstream policy. This change will use tarballs from github projects: https://github.com/fedora-selinux/selinux-policy https://github.com/fedora-selinux/selinux-policy-contrib
This commit is contained in:
Lukas Vrabec
parent
b9923641ff
commit
51dc83b2d4
|
|
@ -232,3 +232,6 @@ serefpolicy*
|
|||
/serefpolicy-3.9.11.tgz
|
||||
/serefpolicy-3.9.12.tgz
|
||||
/serefpolicy-3.9.13.tgz
|
||||
/selinux-policy-9ae373e.tar.gz
|
||||
/selinux-policy-contrib-e269450.tar.gz
|
||||
/container-selinux.tgz
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -17,12 +17,16 @@ git clone git@github.com:projectatomic/container-selinux.git -q
|
|||
|
||||
pushd selinux-policy > /dev/null
|
||||
# prepare policy patches against upstream commits matching the last upstream merge
|
||||
git rev-parse --verify origin/${FEDORA_VERSION}; git diff --ignore-submodules eb4512f6eb13792c76ff8d3e6f2df3a7155db577 origin/${FEDORA_VERSION} > policy-${FEDORA_VERSION}-base.patch
|
||||
git checkout $FEDORA_VERSION
|
||||
BASE_HEAD_ID=$(git rev-parse HEAD)
|
||||
BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
|
||||
popd > /dev/null
|
||||
|
||||
pushd selinux-policy-contrib > /dev/null
|
||||
# prepare policy patches against upstream commits matching the last upstream merge
|
||||
git rev-parse --verify origin/${FEDORA_VERSION}; git diff 64302b790bf2b39d93610e1452c8361d56966ae0 origin/${FEDORA_VERSION} > policy-${FEDORA_VERSION}-contrib.patch
|
||||
git checkout $FEDORA_VERSION
|
||||
CONTRIB_HEAD_ID=$(git rev-parse HEAD)
|
||||
CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
|
||||
popd > /dev/null
|
||||
|
||||
pushd container-selinux > /dev/null
|
||||
|
|
@ -32,12 +36,15 @@ tar -czf container-selinux.tgz container.if container.te container.fc
|
|||
popd > /dev/null
|
||||
|
||||
pushd $DISTGIT_PATH > /dev/null
|
||||
cp $POLICYSOURCES/selinux-policy/policy-${FEDORA_VERSION}-base.patch .
|
||||
cp $POLICYSOURCES/selinux-policy-contrib/policy-${FEDORA_VERSION}-contrib.patch .
|
||||
wget -nc https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}/selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz &> /dev/null
|
||||
wget -nc https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}/selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz &> /dev/null
|
||||
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
||||
popd > /dev/null
|
||||
|
||||
popd > /dev/null
|
||||
rm -rf $POLICYSOURCES
|
||||
|
||||
echo "policy-rawhide-{contrib,base}.patches and container.tgz with container policy files have been created."
|
||||
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
|
||||
echo "Replace commit ids of selinux-policy and selinux-policy-contrib in spec file to:"
|
||||
echo "commit0 " ${BASE_HEAD_ID}
|
||||
echo "commit1 " ${CONTRIB_HEAD_ID}
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
125648
policy-rawhide-contrib.patch
125648
policy-rawhide-contrib.patch
File diff suppressed because it is too large
Load Diff
|
|
@ -1,3 +1,13 @@
|
|||
# github repo with selinux-policy base sources
|
||||
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||
%global commit0 9ae373e703d5137d061c103292950b7ccbb2bb81
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# github repo with selinux-policy contrib sources
|
||||
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
%global commit1 e269450a92136e7c47b6b21800908c183ca5accf
|
||||
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||
|
||||
%define distro redhat
|
||||
%define polyinstatiate n
|
||||
%define monolithic n
|
||||
|
|
@ -18,18 +28,13 @@
|
|||
%define CHECKPOLICYVER 2.7-1
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.13.1
|
||||
Release: 310%{?dist}
|
||||
Version: 3.14.1
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
# Use the following command to create patch from https://github.com/fedora-selinux/selinux-policy
|
||||
# git diff eb4512f6eb13792c76ff8d3e6f2df3a7155db577 rawhide > policy-rawhide-base.patch
|
||||
# Use the following command to create patch from https://github.com/fedora-selinux/selinux-policy-contrib
|
||||
# git diff 64302b790bf2b39d93610e1452c8361d56966ae0 rawhide > policy-rawhide-contrib.patch
|
||||
patch: policy-rawhide-base.patch
|
||||
patch1: policy-rawhide-contrib.patch
|
||||
Source1: modules-targeted-base.conf
|
||||
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||
Source1: modules-targeted-base.conf
|
||||
Source31: modules-targeted-contrib.conf
|
||||
Source2: booleans-targeted.conf
|
||||
Source3: Makefile.devel
|
||||
|
|
@ -52,7 +57,6 @@ Source25: users-minimum
|
|||
Source26: file_contexts.subs_dist
|
||||
Source27: selinux-policy.conf
|
||||
Source28: permissivedomains.cil
|
||||
Source29: serefpolicy-contrib-%{version}.tgz
|
||||
Source30: booleans.subs_dist
|
||||
|
||||
Source35: container-selinux.tgz
|
||||
|
|
@ -64,7 +68,7 @@ Source35: container-selinux.tgz
|
|||
# Provide rpm macros for packages installing SELinux modules
|
||||
Source102: rpm.macros
|
||||
|
||||
Url: http://github.com/TresysTechnology/refpolicy/wiki
|
||||
Url: %{git0-base}
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildArch: noarch
|
||||
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
|
||||
|
|
@ -342,12 +346,10 @@ mkdir -p %{buildroot}/%{_libexecdir}/selinux/ \
|
|||
%build
|
||||
|
||||
%prep
|
||||
%setup -n serefpolicy-contrib-%{version} -q -b 29
|
||||
%patch1 -p1
|
||||
%setup -n %{name}-contrib-%{commit1} -q -b 29
|
||||
tar -xf %{SOURCE35}
|
||||
contrib_path=`pwd`
|
||||
%setup -n serefpolicy-%{version} -q
|
||||
%patch -p1
|
||||
%setup -n %{name}-%{commit0} -q
|
||||
refpolicy_path=`pwd`
|
||||
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
|
||||
|
||||
|
|
@ -717,6 +719,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-1
|
||||
- Removed big SELinux policy patches against tresys refpolicy and use tarballs from fedora-selinux github organisation
|
||||
|
||||
* Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-310
|
||||
- Use python3 package in BuildRequires to ensure python version 3 will be used for compiling SELinux policy
|
||||
|
||||
|
|
|
|||
5
sources
5
sources
|
|
@ -1,2 +1,3 @@
|
|||
1bb912aac01d40317e10a39de0ae4284 serefpolicy-3.13.1.tgz
|
||||
a868f7b2fc1adaa2fa6c075d75d82f3c serefpolicy-contrib-3.13.1.tgz
|
||||
SHA512 (selinux-policy-9ae373e.tar.gz) = af3704eb387714bc614bb458014db27dc614b50be759cc492c222dc331a2e2bd275aebbcc08203f18b906c8a51683510b095db5cda4747acbf4fe177cfb754eb
|
||||
SHA512 (selinux-policy-contrib-e269450.tar.gz) = 83c09111759d175de5a7b55d0fc505e82c106e9cf57c6520eaf7b19ded89ef34ddfa955b7e80dabb84ff8d6e5914c91297ea72b662c0f95fed913bafb33bcc4f
|
||||
SHA512 (container-selinux.tgz) = 6ad5d674b87d5cdaa33baef8f9f39d2498ab15af969e793f3de62a51de80d42b3945dd1ecbdbbac5a98e359c4999c2412113c69b996be56e5781f8a63ab06795
|
||||
|
|
|
|||
Loading…
Reference in New Issue