On Sat, May 12, 2018 at 8:53 AM Matěj Cepl <mcepl@xxxxxxx> wrote: > Hi, > I am changing jobs (Red Hat -> SUSE; R&D, but not a security > related job), and although I will be switching my workstation to > OpenSUSE, I would love to keep SELinux working. Which meant I had > to dig into the current situation of SELinux and it is … not > good. So, I started to repackage all SELinux packages 2.7 for > OpenSUSE in my home build area > https://build.opensuse.org/project/show/home:mcepl:SELinux > . So,far I have packaged successfully packages for libselinux, > libselinux-bindings, checkpolicy, libsemanage, libsepol, and > python-semanage. Mostly I use original OpenSUSE packages for 2.6, > but if needed I seek inspiration in Fedora packages. > Unfortunately, I have trouble to package policycoreutils. First > of all, I don’t understand what’s the difference between two > upstream tarballs for it: > https://github.com/SELinuxProject/selinux/archive/policycoreutils > -2.7.tar.gz > (linked from https://github.com/SELinuxProject/selinux/releases) > and > https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/fil > es/releases/20170804/policycoreutils-2.7.tar.gz > (linked from > https://github.com/SELinuxProject/selinux/wiki/Releases). What’s > the point of confusing users with two different tarballs of the > same name? > Second, I don’t understand the behavior of the installation > scripts. Looking at https://is.gd/MivaE1 , why in the world that > installation scripts tons of stuff which is not part of > policycoreutils? Could anybody help me to get through this > obstacle, please? As the SELinux stack maintainer in Mageia, I've been through the same song and dance, and I can answer your questions. For your first question about the tarballs: The SELinux userspace is a monorepo, so the git tag archives actually contain all the content at seemingly random checkpoints. As a consequence of this, the upstream project has to create the tarballs themselves of the components and upload them. You _must_ use the the tarball from the Releases page, rather than the archive ones. This leads directly into the confusion for the second question. Please don't use the GitHub archive URLs as they lead to weird things like this. -- 真実はいつも一つ!/ Always, there's only one truth!