-
Notifications
You must be signed in to change notification settings - Fork 178
Packaging
SELinux Fedora Policy is a large patch off the mainline. The fedora-selinux/selinux-policy makes Fedora Policy packaging more simple and transparent for developers, upstream developers and users. It is used for applying downstream Fedora fixes, for communication about proposed/committed changes, for communication with upstream and the community. It reflects upstream repository structure to make submitting patches to upstream easy.
On GitHub, we have two repositories (selinux-policy and selinux-policy-contrib ) for dist-git repository.
$ cd selinux-policy
$ git remote -v
origin [email protected]:fedora-selinux/selinux-policy.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
$ cd selinux-policy-contrib
$ git remote -v
origin [email protected]:fedora-selinux/selinux-policy-contrib.git (fetch)
$ git branch -r
origin/HEAD -> origin/master
origin/f27
origin/f28
origin/master
origin/rawhide
Note: master branch on GitHub does not reflect master branch in dist-git. For this purpose, we created the rawhide-base/rawhide-contrib github branches.
Package sources in dist-git are composed from release tarballs, policy-$FEDORA_RELEASE-{contrib,base}.patch files files together with other configuration files.
$ git ls-tree --name-only HEAD
..
policy-f23-base.patch
policy-f23-contrib.patch
selinux-policy.spec
..
The most important are policy-$FEDORA_RELEASE-{contrib,base}.patch files which are generated from dist-git branches for given release by the specific way. You can see a comment in selinux-policy.spec file
# Use the following commands to create patches from https://github.com/fedora-selinux/selinux-policy
# git diff eb4512f6eb13792c76ff8d3e6f2df3a7155db577 f23-base > policy-f23-base.patch
# git diff 64302b790bf2b39d93610e1452c8361d56966ae0 f23-contrib > policy-f23-contrib.patch
The given commit numbers match Upstream Reference Policy commits against which we did an upstream merge and created release tarballs.
-
clone fedora-selinux/selinux-policy repository
$ cd ~/devel/github $ git clone [email protected]:fedora-selinux/selinux-policy.git $ cd selinux-policy
-
create, backport, cherry-pick needed changes to a particular branch and push them
-
generate patches for chosen branch(es)
$ git diff eb4512f6eb13792c76ff8d3e6f2df3a7155db577 f23-base > policy-f23-base.patch $ git diff 64302b790bf2b39d93610e1452c8361d56966ae0 f23-contrib > policy-f23-contrib.patch
-
clone selinux-policy dist-git repository
$ cd ~/devel/dist-git $ fedpkg clone selinux-policy $ cd selinux-policy
-
recreate policy-$FEDORA_RELEASE-{contrib,base}.patch files
$ cp ~/devel/github/selinux-policy/policy-$FEDORA_RELEASE-{contrib,base}.patch ~/devel/dist-git/selinux-policy
-
add changes to the dist-git repository, bump release, create a changelog entry, commit and push
-
build the package
$ fedpkg build