Skip to content
Lukas Vrabec edited this page Aug 24, 2018 · 5 revisions

Purpose

SELinux Fedora Policy is a large patch off the mainline. The fedora-selinux/selinux-policy makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.

Structure

github

On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.

$ cd selinux-policy
$ git remote -v
origin	[email protected]:fedora-selinux/selinux-policy.git (fetch)


$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

$ cd selinux-policy-contrib
$ git remote -v 
origin	[email protected]:fedora-selinux/selinux-policy-contrib.git (fetch)

$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide

Note: master branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the rawhide-base/rawhide-contrib github branches.

dist-git

Package sources in dist-git are composed from release tarballs, policy-$FEDORA_RELEASE-{contrib,base}.patch files files together with other configuration files.

$ git ls-tree --name-only HEAD
..
policy-f23-base.patch
policy-f23-contrib.patch
selinux-policy.spec
..

The most important are policy-$FEDORA_RELEASE-{contrib,base}.patch files which are generated from dist-git branches for given release by the specific way. You can see a comment in selinux-policy.spec file

# Use the following commands to create patches from https://github.com/fedora-selinux/selinux-policy
# git diff eb4512f6eb13792c76ff8d3e6f2df3a7155db577 f23-base > policy-f23-base.patch
# git diff 64302b790bf2b39d93610e1452c8361d56966ae0 f23-contrib > policy-f23-contrib.patch

The given commit numbers match Upstream Reference Policy commits against which we did an upstream merge and created release tarballs.

Build process

  1. clone fedora-selinux/selinux-policy repository

     $ cd ~/devel/github
     $ git clone [email protected]:fedora-selinux/selinux-policy.git
     $ cd selinux-policy
    
  2. create, backport, cherry-pick needed changes to a particular branch and push them

  3. generate patches for chosen branch(es)

     $ git diff eb4512f6eb13792c76ff8d3e6f2df3a7155db577 f23-base > policy-f23-base.patch
     $ git diff 64302b790bf2b39d93610e1452c8361d56966ae0 f23-contrib > policy-f23-contrib.patch
    
  4. clone selinux-policy dist-git repository

     $ cd ~/devel/dist-git
     $ fedpkg clone selinux-policy 
     $ cd selinux-policy
    
  5. recreate policy-$FEDORA_RELEASE-{contrib,base}.patch files

     $ cp ~/devel/github/selinux-policy/policy-$FEDORA_RELEASE-{contrib,base}.patch ~/devel/dist-git/selinux-policy
    
  6. add changes to the dist-git repository, bump release, create a changelog entry, commit and push

  7. build the package

     $ fedpkg build
    
Clone this wiki locally