Building a modified selinux source rpm
On Fri, Apr 23, 2010 at 07:15:47AM -0400, Alan Rouse wrote:
> I'm trying to get selinux working in a different linux distribution where
> the directory structure differs from the fedora / redhat pattern. I'm
> attempting to use the fedora selinux src rpm as a starting point, but of
> course lots of files are being labelled incorrectly due to the directory
> differences. I can identify the incorrectly labelled files and I know how
> to get them labelled correctly. But I need to be able to make a new source
> rpm based on the fedora selinux src rpm, including the necessary changes, so
> I can distribute and maintain the policy over time.
> I can execute "rpmbuild -bp SPECS/selinux-policy.spec" to generate the
> fedora patched policy source in the BUILD directory. Then I can make my
> changes there. But I need to be able to regenerate the src rpm including
> those changes. And I need to be able to maintain this over time as the
> reference policy evolves, by dropping in a new reference policy tgz and
> regenerating the patch files. Surely there's a better way than "vi
I also maintain my own policy which you can find here: git clone git://18.104.22.168/refpolicy.git.
The repository has 3 branches: master, fedora and refpolicy.
basically i merge changes in from refpolicy and fedora.
merging refpolicy changes is (usually) as easy as:
git checkout refpolicy
git pull http://oss.tresys.com/git/refpolicy.git master
git checkout master
git merge -s recursive -X theirs refpolicy
That merges refpolicy into master and prefers refpolicy changes. The problem is that it does not resolve conflicts very nice.
Often i have to fix those later
As for merging Fedora changes i have a script that fetches the lastest policy source rpm, then preps it.
I basically copy its content to the fedora branch commit it and use the diff (vs. previous commit) to manually merge changes in to master.
In the master branch i created a dir called redhat with redhat specific modifications and the spec file.
When i build a new source rpm this is what i do:
git archive --format=tar --prefix=refpolicy-3.7.19/ refpolicy | gzip >/home/dgrift/rpmbuild/SOURCES/refpolicy-3.7.19.tar.gz
git diff refpolicy master > /home/dgrift/rpmbuild/SOURCES/refpolicy-3.7.19.patch
cp redhat/selinux-policy.spec /home/dgrift/rpmbuild/SPECS/
rpmbuild -ba /home/dgrift/rpmbuild/SPECS/selinux-policy.spec
All in all usually a daily task which , with merging differences usually takes an hour or more.
> I presume there are tools / scripts / instructions to help with this. Can
> someone point me in the right direction?
> My PGP public key:
> selinux mailing list
selinux mailing list