Commit removes big SELinux policy patches against tresys refpolicy.

We're quite diverted from upstream policy. This change will use tarballs from github projects: https://github.com/fedora-selinux/selinux-policy https://github.com/fedora-selinux/selinux-policy-contrib
2017-12-24 14:31:11 +01:00 · 2017-12-24 14:31:11 +01:00 · 51dc83b2d4
commit 51dc83b2d4
parent b9923641ff
7 changed files with 39 additions and 187452 deletions
--- a/.gitignore
+++ b/.gitignore
@ -232,3 +232,6 @@ serefpolicy*
 /serefpolicy-3.9.11.tgz
 /serefpolicy-3.9.12.tgz
 /serefpolicy-3.9.13.tgz
+/selinux-policy-9ae373e.tar.gz
+/selinux-policy-contrib-e269450.tar.gz
+/container-selinux.tgz
--- a/container-selinux.tgz
+++ b/container-selinux.tgz
--- a/make-rhat-patches.sh
+++ b/make-rhat-patches.sh
@ -17,12 +17,16 @@ git clone git@github.com:projectatomic/container-selinux.git -q

 pushd selinux-policy > /dev/null
 # prepare policy patches against upstream commits matching the last upstream merge
-git rev-parse --verify origin/${FEDORA_VERSION}; git diff --ignore-submodules eb4512f6eb13792c76ff8d3e6f2df3a7155db577 origin/${FEDORA_VERSION} > policy-${FEDORA_VERSION}-base.patch
+git checkout $FEDORA_VERSION
+BASE_HEAD_ID=$(git rev-parse HEAD)
+BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
 popd > /dev/null

 pushd selinux-policy-contrib > /dev/null
 # prepare policy patches against upstream commits matching the last upstream merge
-git rev-parse --verify origin/${FEDORA_VERSION}; git diff 64302b790bf2b39d93610e1452c8361d56966ae0 origin/${FEDORA_VERSION} > policy-${FEDORA_VERSION}-contrib.patch
+git checkout $FEDORA_VERSION
+CONTRIB_HEAD_ID=$(git rev-parse HEAD)
+CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
 popd > /dev/null

 pushd container-selinux > /dev/null
@ -32,12 +36,15 @@ tar -czf container-selinux.tgz container.if container.te container.fc
 popd > /dev/null

 pushd $DISTGIT_PATH > /dev/null
-cp $POLICYSOURCES/selinux-policy/policy-${FEDORA_VERSION}-base.patch .
-cp $POLICYSOURCES/selinux-policy-contrib/policy-${FEDORA_VERSION}-contrib.patch .
+wget -nc https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}/selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz &> /dev/null
+wget -nc https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}/selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz &> /dev/null
 cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
 popd > /dev/null

 popd > /dev/null
 rm -rf $POLICYSOURCES

-echo "policy-rawhide-{contrib,base}.patches and container.tgz with container policy files have been created."
+echo -e "\nSELinux policy tarballs  and container.tgz with container policy files have been created."
+echo "Replace commit ids of selinux-policy and selinux-policy-contrib in spec file to:"
+echo "commit0 " ${BASE_HEAD_ID}
+echo "commit1 " ${CONTRIB_HEAD_ID}
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -1,3 +1,13 @@
+# github repo with selinux-policy base sources
+%global git0 https://github.com/fedora-selinux/selinux-policy
+%global commit0 9ae373e703d5137d061c103292950b7ccbb2bb81
+%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
+
+# github repo with selinux-policy contrib sources
+%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
+%global commit1 e269450a92136e7c47b6b21800908c183ca5accf
+%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
+
 %define distro redhat
 %define polyinstatiate n
 %define monolithic n
@ -18,17 +28,12 @@
 %define CHECKPOLICYVER 2.7-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.13.1
-Release: 310%{?dist}
+Version: 3.14.1
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
-Source: serefpolicy-%{version}.tgz
-# Use the following command to create patch from https://github.com/fedora-selinux/selinux-policy
-# git diff eb4512f6eb13792c76ff8d3e6f2df3a7155db577 rawhide > policy-rawhide-base.patch
-# Use the following command to create patch from https://github.com/fedora-selinux/selinux-policy-contrib
-# git diff 64302b790bf2b39d93610e1452c8361d56966ae0 rawhide > policy-rawhide-contrib.patch
-patch: policy-rawhide-base.patch
-patch1: policy-rawhide-contrib.patch
+Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
+Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
 Source1: modules-targeted-base.conf
 Source31: modules-targeted-contrib.conf
 Source2: booleans-targeted.conf
@ -52,7 +57,6 @@ Source25: users-minimum
 Source26: file_contexts.subs_dist
 Source27: selinux-policy.conf
 Source28: permissivedomains.cil
-Source29: serefpolicy-contrib-%{version}.tgz
 Source30: booleans.subs_dist

 Source35: container-selinux.tgz
@ -64,7 +68,7 @@ Source35: container-selinux.tgz
 # Provide rpm macros for packages installing SELinux modules
 Source102: rpm.macros

-Url: http://github.com/TresysTechnology/refpolicy/wiki
+Url: %{git0-base}
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
 BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 
@ -342,12 +346,10 @@ mkdir -p %{buildroot}/%{_libexecdir}/selinux/ \
 %build

 %prep 
-%setup -n serefpolicy-contrib-%{version} -q -b 29
-%patch1 -p1
+%setup -n %{name}-contrib-%{commit1} -q -b 29
 tar -xf %{SOURCE35}
 contrib_path=`pwd`
-%setup -n serefpolicy-%{version} -q
-%patch -p1
+%setup -n %{name}-%{commit0} -q
 refpolicy_path=`pwd`
 cp $contrib_path/* $refpolicy_path/policy/modules/contrib

@ -717,6 +719,9 @@ exit 0
 %endif

 %changelog
+* Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.14.1-1
+- Removed big SELinux policy patches against tresys refpolicy and use tarballs from fedora-selinux github organisation
+
 * Mon Jan 08 2018 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-310
 - Use python3 package in BuildRequires to ensure python version 3 will be used for compiling SELinux policy

--- a/5
+++ b/5
@ -1,2 +1,3 @@
-1bb912aac01d40317e10a39de0ae4284  serefpolicy-3.13.1.tgz
-a868f7b2fc1adaa2fa6c075d75d82f3c  serefpolicy-contrib-3.13.1.tgz
+SHA512 (selinux-policy-9ae373e.tar.gz) = af3704eb387714bc614bb458014db27dc614b50be759cc492c222dc331a2e2bd275aebbcc08203f18b906c8a51683510b095db5cda4747acbf4fe177cfb754eb
+SHA512 (selinux-policy-contrib-e269450.tar.gz) = 83c09111759d175de5a7b55d0fc505e82c106e9cf57c6520eaf7b19ded89ef34ddfa955b7e80dabb84ff8d6e5914c91297ea72b662c0f95fed913bafb33bcc4f
+SHA512 (container-selinux.tgz) = 6ad5d674b87d5cdaa33baef8f9f39d2498ab15af969e793f3de62a51de80d42b3945dd1ecbdbbac5a98e359c4999c2412113c69b996be56e5781f8a63ab06795