On Fri, Jul 14, 2023 at 11:48 AM Daan De Meyer <daan.j.demeyer@xxxxxxxxx> wrote:
> To get just the latest repository content, steps described by Troy should work. Additionally, most of the upstream work is done in Fedora and anyway every new commit should go to Fedora first, RHEL content is mostly a subset of Fedora, there are very few differences.
Yes, but the differences might be crucial so it'd be great if we could
look at the repository containing the actual policy used in centos as
well.
I did not oppose the arguments, just commented on the current state and what was possible that time.
Anyway, the change eventually happened and there is the c9s branch in the fedora-selinux/selinux-policy repository now.
Thanks everybody for your patience.
Cheers,
Daan
On Wed, 12 Jul 2023 at 16:16, Zdenek Pytela <zpytela@xxxxxxxxxx> wrote:
>
>
>
> On Tue, Jul 11, 2023 at 10:37 PM Troy Dawson <tdawson@xxxxxxxxxx> wrote:
>>
>> On Tue, Jul 11, 2023 at 12:50 PM Neal Gompa <ngompa13@xxxxxxxxx> wrote:
>>>
>>> On Tue, Jul 11, 2023 at 9:31 AM Troy Dawson <tdawson@xxxxxxxxxx> wrote:
>>> >
>>> > On Tue, Jul 11, 2023 at 4:28 AM Daan De Meyer <daan.j.demeyer@xxxxxxxxx> wrote:
>>> >>
>>> >> Hi,
>>> >>
>>> >> It seems that the selinux-policy rpm is built from
>>> >> git@xxxxxxxxxxxxxxxxxxxxx:SELinux/selinux-policy.git which seems to be
>>> >> a redhat internal repository. More specifically, if I try to checkout
>>> >> the commit listed in the selinux-policy spec
>>> >> (https://gitlab.com/redhat/centos-stream/rpms/selinux-policy/-/blob/c9s/selinux-policy.spec#L3)
>>> >> in the fedora-selinux repository cloned from github, I get an error
>>> >> saying that the commit does not exist. It would be great if the
>>> >> repository containing this commit was publicly available and open for
>>> >> external contributors just like all the other packages in CentOS
>>> >> Stream. Is it possible to make this happen?
>>> >
>>> >
>>> > I'm not the selinux-policy maintainer, so I can't comment on where they work on the selinux-policy source code.
>>> >
>>> > But this is how I get the sources, if that is what you are ultimately looking for.
>>> >
>>> > centpkg clone selinux-policy
>>> > cd selinux-policy
>>> > centpkg sources
>>> > or if you want to know where they really are
>>> > centpkg -v sources
>>> > This shows it to be coming from
>>> > https://sources.stream.centos.org/sources/rpms/selinux-policy/selinux-policy-66a4b6e.tar.gz/sha512/797e746ccd271fe531a91b2639aed06447fb2720267dadba225989d81634b1fb7b2a4e78262612a41b6073f6e0eca358b8c274adc33630cd3f0db1390cd57767/selinux-policy-66a4b6e.tar.gz
>>> >
>>> > The sources information is found in the sources file
>>> > https://gitlab.com/redhat/centos-stream/rpms/selinux-policy/-/blob/c9s/sources
>>> >
>>> > I know this isn't exactly what you asked for, but I hope it still helps.
>>> >
>>>
>>> I think the idea is that having the Git repository in a public
>>> location would allow the CentOS Hyperscale SIG to contribute to the
>>> SELinux policy in a meaningful way.
>>
>>
>> Ah, ok. That makes sense.
>> As I said, I'm not the maintainer so I don't know why it's where it is. So I'll step out of the conversation.
>
>
> Hi,
>
> I am one of the selinux-policy maintainers. Currently, repository for Fedora is at github.com and RHEL sources are in an internal repo. We have already discussed moving centos stream sources to some of the public repositories, but it did not happen. Currently we are discussing it again, there are a few options how to do so.
>
> To get just the latest repository content, steps described by Troy should work. Additionally, most of the upstream work is done in Fedora and anyway every new commit should go to Fedora first, RHEL content is mostly a subset of Fedora, there are very few differences.
>
> --
>
> Zdenek Pytela
> Security SELinux team
> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
Zdenek Pytela
Security SELinux team
-- _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
