On Fri, Apr 23, 2010 at 07:15:47AM -0400, Alan Rouse wrote: > I'm trying to get selinux working in a different linux distribution where > the directory structure differs from the fedora / redhat pattern. I'm > attempting to use the fedora selinux src rpm as a starting point, but of > course lots of files are being labelled incorrectly due to the directory > differences. I can identify the incorrectly labelled files and I know how > to get them labelled correctly. But I need to be able to make a new source > rpm based on the fedora selinux src rpm, including the necessary changes, so > I can distribute and maintain the policy over time. > > I can execute "rpmbuild -bp SPECS/selinux-policy.spec" to generate the > fedora patched policy source in the BUILD directory. Then I can make my > changes there. But I need to be able to regenerate the src rpm including > those changes. And I need to be able to maintain this over time as the > reference policy evolves, by dropping in a new reference policy tgz and > regenerating the patch files. Surely there's a better way than "vi > policy-F12.patch"! I also maintain my own policy which you can find here: git clone git://217.19.27.98/refpolicy.git. The repository has 3 branches: master, fedora and refpolicy. basically i merge changes in from refpolicy and fedora. merging refpolicy changes is (usually) as easy as: git checkout refpolicy git pull http://oss.tresys.com/git/refpolicy.git master git checkout master git merge -s recursive -X theirs refpolicy That merges refpolicy into master and prefers refpolicy changes. The problem is that it does not resolve conflicts very nice. Often i have to fix those later As for merging Fedora changes i have a script that fetches the lastest policy source rpm, then preps it. I basically copy its content to the fedora branch commit it and use the diff (vs. previous commit) to manually merge changes in to master. In the master branch i created a dir called redhat with redhat specific modifications and the spec file. When i build a new source rpm this is what i do: git archive --format=tar --prefix=refpolicy-3.7.19/ refpolicy | gzip >/home/dgrift/rpmbuild/SOURCES/refpolicy-3.7.19.tar.gz git diff refpolicy master > /home/dgrift/rpmbuild/SOURCES/refpolicy-3.7.19.patch cp redhat/selinux-policy.spec /home/dgrift/rpmbuild/SPECS/ rpmbuild -ba /home/dgrift/rpmbuild/SPECS/selinux-policy.spec All in all usually a daily task which , with merging differences usually takes an hour or more. > > I presume there are tools / scripts / instructions to help with this. Can > someone point me in the right direction? > > Thanks! > -- > My PGP public key: > http://rouses.net/public_key/alan.asc > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
pgpDUlbJbNNkw.pgp
Description: PGP signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
