Commit removes big SELinux policy patches against tresys refpolicy.
We're quite diverted from upstream policy. This change will use tarballs from github projects: https://github.com/fedora-selinux/selinux-policy https://github.com/fedora-selinux/selinux-policy-contrib
This commit is contained in:
Lukas Vrabec
parent
b9923641ff
commit
51dc83b2d4
3
.gitignore
vendored
3
.gitignore
vendored
@ -232,3 +232,6 @@ serefpolicy*
|
|||||||
/serefpolicy-3.9.11.tgz
|
/serefpolicy-3.9.11.tgz
|
||||||
/serefpolicy-3.9.12.tgz
|
/serefpolicy-3.9.12.tgz
|
||||||
/serefpolicy-3.9.13.tgz
|
/serefpolicy-3.9.13.tgz
|
||||||
|
/selinux-policy-9ae373e.tar.gz
|
||||||
|
/selinux-policy-contrib-e269450.tar.gz
|
||||||
|
/container-selinux.tgz
|
||||||
|
|||||||
Binary file not shown.
@ -17,12 +17,16 @@ git clone git@github.com:projectatomic/container-selinux.git -q
|
|||||||
|
|
||||||
pushd selinux-policy > /dev/null
|
pushd selinux-policy > /dev/null
|
||||||
# prepare policy patches against upstream commits matching the last upstream merge
|
# prepare policy patches against upstream commits matching the last upstream merge
|
||||||
git rev-parse --verify origin/${FEDORA_VERSION}; git diff --ignore-submodules eb4512f6eb13792c76ff8d3e6f2df3a7155db577 origin/${FEDORA_VERSION} > policy-${FEDORA_VERSION}-base.patch
|
git checkout $FEDORA_VERSION
|
||||||
|
BASE_HEAD_ID=$(git rev-parse HEAD)
|
||||||
|
BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
|
||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
|
|
||||||
pushd selinux-policy-contrib > /dev/null
|
pushd selinux-policy-contrib > /dev/null
|
||||||
# prepare policy patches against upstream commits matching the last upstream merge
|
# prepare policy patches against upstream commits matching the last upstream merge
|
||||||
git rev-parse --verify origin/${FEDORA_VERSION}; git diff 64302b790bf2b39d93610e1452c8361d56966ae0 origin/${FEDORA_VERSION} > policy-${FEDORA_VERSION}-contrib.patch
|
git checkout $FEDORA_VERSION
|
||||||
|
CONTRIB_HEAD_ID=$(git rev-parse HEAD)
|
||||||
|
CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
|
||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
|
|
||||||
pushd container-selinux > /dev/null
|
pushd container-selinux > /dev/null
|
||||||
@ -32,12 +36,15 @@ tar -czf container-selinux.tgz container.if container.te container.fc
|
|||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
|
|
||||||
pushd $DISTGIT_PATH > /dev/null
|
pushd $DISTGIT_PATH > /dev/null
|
||||||
cp $POLICYSOURCES/selinux-policy/policy-${FEDORA_VERSION}-base.patch .
|
wget -nc https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}/selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz &> /dev/null
|
||||||
cp $POLICYSOURCES/selinux-policy-contrib/policy-${FEDORA_VERSION}-contrib.patch .
|
wget -nc https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}/selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz &> /dev/null
|
||||||
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
|
|
||||||
popd > /dev/null
|
popd > /dev/null
|
||||||
rm -rf $POLICYSOURCES
|
rm -rf $POLICYSOURCES
|
||||||
|
|
||||||
echo "policy-rawhide-{contrib,base}.patches and container.tgz with container policy files have been created."
|
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created."
|
||||||
|
echo "Replace commit ids of selinux-policy and selinux-policy-contrib in spec file to:"
|
||||||
|
echo "commit0 " ${BASE_HEAD_ID}
|
||||||
|
echo "commit1 " ${CONTRIB_HEAD_ID}
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
125648
policy-rawhide-contrib.patch
125648
policy-rawhide-contrib.patch
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,13 @@
|
|||||||
|
# github repo with selinux-policy base sources
|
||||||
|
%global git0 https://github.com/fedora-selinux/selinux-policy
|
||||||
|
%global commit0 9ae373e703d5137d061c103292950b7ccbb2bb81
|
||||||
|
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||||
|
|
||||||
|
# github repo with selinux-policy contrib sources
|
||||||
|
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
|
||||||
|
%global commit1 e269450a92136e7c47b6b21800908c183ca5accf
|
||||||
|
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
%define polyinstatiate n
|
%define polyinstatiate n
|
||||||
%define monolithic n
|
%define monolithic n
|
||||||
@ -18,17 +28,12 @@
|
|||||||
%define CHECKPOLICYVER 2.7-1
|
%define CHECKPOLICYVER 2.7-1
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.14.1
|
||||||
Release: 310%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||||
# Use the following command to create patch from https://github.com/fedora-selinux/selinux-policy
|
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
|
||||||
# git diff eb4512f6eb13792c76ff8d3e6f2df3a7155db577 rawhide > policy-rawhide-base.patch
|
|
||||||
# Use the following command to create patch from https://github.com/fedora-selinux/selinux-policy-contrib
|
|
||||||
# git diff 64302b790bf2b39d93610e1452c8361d56966ae0 rawhide > policy-rawhide-contrib.patch
|
|
||||||
patch: policy-rawhide-base.patch
|
|
||||||
patch1: policy-rawhide-contrib.patch
|
|
||||||
Source1: modules-targeted-base.conf
|
Source1: modules-targeted-base.conf
|
||||||
Source31: modules-targeted-contrib.conf
|
Source31: modules-targeted-contrib.conf
|
||||||
Source2: booleans-targeted.conf
|
Source2: booleans-targeted.conf
|
||||||
@ -52,7 +57,6 @@ Source25: users-minimum
|
|||||||
Source26: file_contexts.subs_dist
|
Source26: file_contexts.subs_dist
|
||||||
Source27: selinux-policy.conf
|
Source27: selinux-policy.conf
|
||||||
Source28: permissivedomains.cil
|
Source28: permissivedomains.cil
|
||||||
Source29: serefpolicy-contrib-%{version}.tgz
|
|
||||||
Source30: booleans.subs_dist
|
Source30: booleans.subs_dist
|
||||||
|
|
||||||
Source35: container-selinux.tgz
|
Source35: container-selinux.tgz
|
||||||
@ -64,7 +68,7 @@ Source35: container-selinux.tgz
|
|||||||
# Provide rpm macros for packages installing SELinux modules
|
# Provide rpm macros for packages installing SELinux modules
|
||||||
Source102: rpm.macros
|
Source102: rpm.macros
|
||||||
|
|
||||||
Url: http://github.com/TresysTechnology/refpolicy/wiki
|
Url: %{git0-base}
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
|
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
|
||||||
@ -342,12 +346,10 @@ mkdir -p %{buildroot}/%{_libexecdir}/selinux/ \
|
|||||||
%build
|
%build
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -n serefpolicy-contrib-%{version} -q -b 29
|
%setup -n %{name}-contrib-%{commit1} -q -b 29
|
||||||
%patch1 -p1
|
|
||||||
tar -xf %{SOURCE35}
|
tar -xf %{SOURCE35}
|
||||||
contrib_path=`pwd`
|
contrib_path=`pwd`
|
||||||
%setup -n serefpolicy-%{version} -q
|
%setup -n %{name}-%{commit0} -q
|
||||||
%patch -p1
|
|
||||||
refpolicy_path=`pwd`
|
refpolicy_path=`pwd`
|
||||||
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
|
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
|
||||||
|
|
||||||
@ -717,6 +719,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-1
|
||||||
|
- Removed big SELinux policy patches against tresys refpolicy and use tarballs from fedora-selinux github organisation
|
||||||
|
|
||||||
* Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-310
|
* Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-310
|
||||||
- Use python3 package in BuildRequires to ensure python version 3 will be used for compiling SELinux policy
|
- Use python3 package in BuildRequires to ensure python version 3 will be used for compiling SELinux policy
|
||||||
|
|
||||||
|
|||||||
5
sources
5
sources
@ -1,2 +1,3 @@
|
|||||||
1bb912aac01d40317e10a39de0ae4284 serefpolicy-3.13.1.tgz
|
SHA512 (selinux-policy-9ae373e.tar.gz) = af3704eb387714bc614bb458014db27dc614b50be759cc492c222dc331a2e2bd275aebbcc08203f18b906c8a51683510b095db5cda4747acbf4fe177cfb754eb
|
||||||
a868f7b2fc1adaa2fa6c075d75d82f3c serefpolicy-contrib-3.13.1.tgz
|
SHA512 (selinux-policy-contrib-e269450.tar.gz) = 83c09111759d175de5a7b55d0fc505e82c106e9cf57c6520eaf7b19ded89ef34ddfa955b7e80dabb84ff8d6e5914c91297ea72b662c0f95fed913bafb33bcc4f
|
||||||
|
SHA512 (container-selinux.tgz) = 6ad5d674b87d5cdaa33baef8f9f39d2498ab15af969e793f3de62a51de80d42b3945dd1ecbdbbac5a98e359c4999c2412113c69b996be56e5781f8a63ab06795
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user