On Mon, 2007-01-08 at 15:49 -0500, Daniel J Walsh wrote: > Richard Fearn wrote: > > Hello, > > > > Due to an SELinux bug I reported in August, I've been tyring to > > understand the selinux-policy packages to see how they're built. I > > understand the principle of taking the upstream refpolicy, modifying > > it and building the Fedora-specific packages. However, I'm struggling > > to see where the refpolicy is coming from. > > > > For example, as I write this, the latest FC6 selinux-policy package > > pushed to the repositories is 2.4.6-1. According to the "sources" file > > in CVS, this package is built using serefpolicy-2.4.6.tgz. If I get > > serefpolicy-2.4.6.tgz from the lookaside repository then the VERSION > > file in it says 20061018. However, the contents of > > serefpolicy-2.4.6.tgz differ a great deal from the "official" 20061018 > > version of the reference policy from Tresys. > > > > I could understand it if the Fedora selinux-policy packages were > > directly based on the 20061018 version of the refpolicy from Tresys, > > but there seems to be an intermediate stage of development that > > produces the serefpolicy-2.x.x.tgz files in the lookaside repository. > > > > My question is: is there a CVS repository somewhere for a "Fedora > > reference policy", that is used to build all these serefpolicy files? > > > The numbering is being done by me. I am just taking CVS dumps off of > tresys policy and applying patches. When I update to the latest policy > from Tresys. I build my own policy tarball off of the current cvs/svn > version and apply my patch. Treysys at some later time releases a > version with the date you have. So it is difficult to match up my > release with what tresys is releasing. Hmmm...possibly you could save the svn revision number from their svn tree, either as a file in the tarball or as part of the package version or release number, so that one could easily find the specific svn revision it matches? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
