rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Adapt specfile, make-rhat-patches, and README to contrib merge

Browse Source 
The "rawhide" branch of selinux-policy and selinux-policy-contrib is
about to be merged together. Update dist-git for this, so that the next
build can be performed with the new repo structure.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
This commit is contained in:
Ondrej Mosnacek 2020-09-26 12:08:38 +02:00
parent aebc05fc19
commit 54876665ae
3 changed files with 21 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@ -5,13 +5,12 @@ SELinux Fedora Policy is a fork of the [SElinux reference policy](https://github
## Structure ## Structure
### GitHub ### GitHub
On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib) for dist-git repository. On GitHub, we have one repository containing the policy sources.
$ cd selinux-policy $ cd selinux-policy
$ git remote -v $ git remote -v
origin git@github.com:fedora-selinux/selinux-policy.git (fetch) origin git@github.com:fedora-selinux/selinux-policy.git (fetch)
$ git branch -r $ git branch -r
origin/HEAD -> origin/master origin/HEAD -> origin/master
origin/f27 origin/f27
@ -19,21 +18,10 @@ On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib)
origin/master origin/master
origin/rawhide origin/rawhide
$ cd selinux-policy-contrib Note: As opposed to dist-git, the Rawhide content resides in the _rawhide_ branch rather than _master_.
$ git remote -v
origin git@github.com:fedora-selinux/selinux-policy-contrib.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
Note: As opposed to dist-git, the Rawhide content in both selinux-policy and selinux-policy-contrib repositories resides in _rawhide_ branches rather than _master_.
### dist-git ### dist-git
Package sources in dist-git are composed from _selinux-policy_, _selinux-policy-contrib_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files. Package sources in dist-git are composed from _selinux-policy_, and _macro-expander_ repository snapshot tarballs, _container-selinux_ policy files snapshot, and from other config files.
## Build process ## Build process
@ -43,25 +31,19 @@ Package sources in dist-git are composed from _selinux-policy_, _selinux-policy-
$ git clone git@github.com:fedora-selinux/selinux-policy.git $ git clone git@github.com:fedora-selinux/selinux-policy.git
$ cd selinux-policy $ cd selinux-policy
2. Clone the [fedora-selinux/selinux-policy-contrib](https://github.com/fedora-selinux/selinux-policy-contrib) repository. 2. Create, backport, cherry-pick needed changes to a particular branch and push them.
$ cd ~/devel/github 3. Clone the **selinux-policy** dist-git repository.
$ git clone git@github.com:fedora-selinux/selinux-policy-contrib.git
$ cd selinux-policy-contrib
3. Create, backport, cherry-pick needed changes to a particular branch and push them.
4. Clone the **selinux-policy** dist-git repository.
$ cd ~/devel/dist-git $ cd ~/devel/dist-git
$ fedpkg clone selinux-policy $ fedpkg clone selinux-policy
$ cd selinux-policy $ cd selinux-policy
5. Download the latest snaphots from selinux-policy and selinux-policy-contrib github repositories. 4. Download the latest snaphot from the selinux-policy github repository.
$ ./make-rhat-patches.sh $ ./make-rhat-patches.sh
6. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push. 5. Add changes to the dist-git repository, bump release, create a changelog entry, commit and push.
7. Build the package. 6. Build the package.
$ fedpkg build $ fedpkg build

25
make-rhat-patches.sh
View File

@ -7,8 +7,6 @@ DOCKER_FEDORA_VERSION=master
DISTGIT_BRANCH=master DISTGIT_BRANCH=master
REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy} REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION} REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
REPO_SELINUX_POLICY_CONTRIB=${REPO_SELINUX_POLICY_CONTRIB:-https://github.com/fedora-selinux/selinux-policy-contrib}
REPO_SELINUX_POLICY_CONTRIB_BRANCH=${REPO_SELINUX_POLICY_CONTRIB_BRANCH:-$FEDORA_VERSION}
REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux} REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git} REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git}
@ -25,8 +23,6 @@ pushd $POLICYSOURCES > /dev/null
git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \ git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \
-b $REPO_SELINUX_POLICY_BRANCH -b $REPO_SELINUX_POLICY_BRANCH
git clone --depth=1 -q $REPO_SELINUX_POLICY_CONTRIB selinux-policy-contrib \
-b $REPO_SELINUX_POLICY_CONTRIB_BRANCH
git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux
git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander
@ -37,13 +33,6 @@ BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
popd > /dev/null popd > /dev/null
pushd selinux-policy-contrib > /dev/null
# prepare policy patches against upstream commits matching the last upstream merge
CONTRIB_HEAD_ID=$(git rev-parse HEAD)
CONTRIB_SHORT_HEAD_ID=$(c=${CONTRIB_HEAD_ID}; echo ${c:0:7})
git archive --prefix=selinux-policy-contrib-$CONTRIB_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-contrib-$CONTRIB_SHORT_HEAD_ID.tar.gz
popd > /dev/null
pushd container-selinux > /dev/null pushd container-selinux > /dev/null
# Actual container-selinux files are in master branch # Actual container-selinux files are in master branch
#git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q #git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q
@ -53,7 +42,6 @@ popd > /dev/null
pushd $DISTGIT_PATH > /dev/null pushd $DISTGIT_PATH > /dev/null
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null
wget -O selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy-contrib/archive/${CONTRIB_HEAD_ID}.tar.gz &> /dev/null
fi fi
cp $POLICYSOURCES/container-selinux/container-selinux.tgz . cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
@ -63,14 +51,11 @@ popd > /dev/null
popd > /dev/null popd > /dev/null
rm -rf $POLICYSOURCES rm -rf $POLICYSOURCES
# Update commit ids in selinux-policy.spec file # Update commit id in selinux-policy.spec file
sed -i "s/%global commit0 [^ ]*$/%global commit0 $BASE_HEAD_ID/" selinux-policy.spec sed -i "s/%global commit [^ ]*$/%global commit $BASE_HEAD_ID/" selinux-policy.spec
sed -i "s/%global commit1 [^ ]*$/%global commit1 $CONTRIB_HEAD_ID/" selinux-policy.spec
# Update sources # Update sources
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz selinux-policy-contrib-${CONTRIB_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
echo -e "\nSELinux policy tarballs and container.tgz with container policy files have been created." echo -e "\nSELinux policy tarball and container-selinux.tgz with container policy files have been created."
echo "Commit ids of selinux-policy and selinux-policy-contrib in spec file were changed to:" echo "Commit id of selinux-policy in spec file was changed to ${BASE_HEAD_ID}"
echo "commit0 " ${BASE_HEAD_ID}
echo "commit1 " ${CONTRIB_HEAD_ID}

26
selinux-policy.spec
View File

@ -1,12 +1,7 @@
# github repo with selinux-policy base sources # github repo with selinux-policy sources
%global git0 https://github.com/fedora-selinux/selinux-policy %global giturl https://github.com/fedora-selinux/selinux-policy
%global commit0 f1505fca7063b21b5f2ef90f904032c5cc023a22 %global commit 6c91ffd68953945d6ccda57789f62985abdc9bd6
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit %(c=%{commit}; echo ${c:0:7})
# github repo with selinux-policy contrib sources
%global git1 https://github.com/fedora-selinux/selinux-policy-contrib
%global commit1 dad9c7670560b550c3837a3bd2237a94c3e54814
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
%define distro redhat %define distro redhat
%define polyinstatiate n %define polyinstatiate n
@ -31,8 +26,7 @@ Name: selinux-policy
Version: 3.14.7 Version: 3.14.7
Release: 9%{?dist} Release: 9%{?dist}
License: GPLv2+ License: GPLv2+
Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz
Source1: modules-targeted-base.conf Source1: modules-targeted-base.conf
Source31: modules-targeted-contrib.conf Source31: modules-targeted-contrib.conf
Source2: booleans-targeted.conf Source2: booleans-targeted.conf
@ -68,7 +62,7 @@ Source35: container-selinux.tgz
# Provide rpm macros for packages installing SELinux modules # Provide rpm macros for packages installing SELinux modules
Source102: rpm.macros Source102: rpm.macros
Url: %{git0} Url: %{giturl}
BuildArch: noarch BuildArch: noarch
BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@ -399,12 +393,8 @@ end
%build %build
%prep %prep
%setup -n %{name}-contrib-%{commit1} -q -b 29 %setup -n %{name}-%{commit} -q
tar -xf %{SOURCE35} tar -C policy/modules/contrib -xf %{SOURCE35}
contrib_path=`pwd`
%setup -n %{name}-%{commit0} -q
refpolicy_path=`pwd`
cp $contrib_path/* $refpolicy_path/policy/modules/contrib
mkdir selinux_config mkdir selinux_config
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do