Skip to content

Commit

Permalink
Packit: add jobs for downstream Fedora package builds
Browse files Browse the repository at this point in the history
Get rid of `container-selinux.spec.rpkg` in favour of
`rpm/container-selinux.spec` which gets synced with fedora dist-git on every
upstream release. The version in the new spec file is set to `0` by
default and gets updated by packit automatically on every packit task.

For local manual rpm builds using the spec, the helper script in the
`rpm/` subdir will update the Version field with the latest version
found in the upstream repo.

Packit will automatically create a PR on fedora dist-git on every new
upstream release. A sample PR will look like:
https://src.fedoraproject.org/rpms/container-selinux/pull-request/10#

A dry run for this can be triggered using:
`$ packit propose-downstream --local-content`

To run this command locally, you would need to have your packit
user-configuration-file set.
Ref: https://packit.dev/docs/configuration/#user-configuration-file

along with a fedora api key created at:
https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs.

Fixes: #231

Co-authored-by: František Lachman <[email protected]>
Signed-off-by: Lokesh Mandvekar <[email protected]>
  • Loading branch information
lsm5 and lachmanfrantisek committed May 2, 2023
1 parent 53e7362 commit 9fdef25
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 27 deletions.
12 changes: 6 additions & 6 deletions .packit.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@

set -eo pipefail

# Set path to rpm spec file
SPEC_FILE=rpm/container-selinux.spec

# Get Version from HEAD
HEAD_VERSION=$(grep '^policy_module' container.te | sed 's/[^0-9.]//g')

Expand All @@ -15,13 +18,10 @@ git archive --prefix=container-selinux-$HEAD_VERSION/ -o container-selinux-$HEAD
# RPM Spec modifications

# Update Version in spec with Version from container.te
sed -i "s/^Version:.*/Version: $HEAD_VERSION/" container-selinux.spec
sed -i "s/^Version:.*/Version: $HEAD_VERSION/" $SPEC_FILE

# Update Release in spec with Packit's release envvar
sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" container-selinux.spec
sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" $SPEC_FILE

# Update Source tarball name in spec
sed -i "s/^Source:.*.tar.gz/Source: %{name}-$HEAD_VERSION.tar.gz/" container-selinux.spec

# Update setup macro to use the correct build dir
sed -i "s/^%setup.*/%autosetup -Sgit -n %{name}-$HEAD_VERSION/" container-selinux.spec
sed -i "s/^Source:.*.tar.gz/Source: %{name}-$HEAD_VERSION.tar.gz/" $SPEC_FILE
23 changes: 20 additions & 3 deletions .packit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@
# Build targets can be found at:
# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/

specfile_path: container-selinux.spec
specfile_path: rpm/container-selinux.spec
upstream_tag_template: v{version}

jobs:
- &copr
Expand All @@ -27,8 +28,8 @@ jobs:
- make
- rpkg
actions:
post-upstream-clone:
- rpkg spec --outdir ./
# post-upstream-clone:
# - rpkg spec --outdir ./
fix-spec-file:
- bash .packit.sh

Expand Down Expand Up @@ -69,3 +70,19 @@ jobs:
targets: *pr_copr_targets
identifier: podman_system_test
tmt_plan: "/plans/podman_system_test"

- job: propose_downstream
trigger: release
update_release: false
dist_git_branches:
- fedora-all

- job: koji_build
trigger: commit
dist_git_branches:
- fedora-all

- job: bodhi_update
trigger: commit
dist_git_branches:
- fedora-branched # rawhide updates are created automatically
55 changes: 37 additions & 18 deletions container-selinux.spec.rpkg → rpm/container-selinux.spec
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
# For automatic rebuilds in COPR

# The following tag is to get correct syntax highlighting for this file in vim text editor
# vim: syntax=spec

%global debug_package %{nil}

# container-selinux upstream
%global git0 https://github.com/containers/container-selinux

# container-selinux stuff (prefix with ds_ for version/release etc.)
# Some bits borrowed from the openstack-selinux package
%global selinuxtype targeted
Expand All @@ -16,15 +14,29 @@
# Format must contain '$x' somewhere to do anything useful
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;

Name: {{{ git_dir_name }}}
# copr_username is only set on copr environments, not on others like koji
%if "%{?copr_username}" != "rhcontainerbot"
%bcond_with copr
%else
%bcond_without copr
%endif

Name: container-selinux
# Set different Epochs for copr and koji
%if %{with copr}
Epoch: 101
Version: {{{ git_dir_version }}}
Release: 1%{?dist}
License: GPLv2
URL: https://github.com/containers/container-selinux
%else
Epoch: 2
%endif
# Keep Version in upstream specfile at 0. It will be automatically set
# to the correct value by Packit for copr and koji builds.
# IGNORE this comment if you're looking at it in dist-git.
Version: 0
Release: %autorelease
License: GPL-2.0-only
URL: %{git0}
Summary: SELinux policies for container runtimes
VCS: {{{ git_dir_vcs }}}
Source: {{{ git_dir_pack }}}
Source0: %{git0}/archive/v%{version}.tar.gz
BuildArch: noarch
BuildRequires: make
BuildRequires: git-core
Expand All @@ -48,24 +60,26 @@ Conflicts: k3s-selinux <= 0.4-1
SELinux policy modules for use with container runtimes.

%prep
{{{ git_dir_setup_macro }}}
%autosetup -Sgit %{name}-%{version}

# Remove some lines for RHEL 8 build
%if ! 0%{?fedora} && 0%{?rhel} <= 8
sed -i 's/watch watch_reads//' container.if
sed -i '/sysfs_t:dir watch/d' container.te
sed -i '/systemd_chat_resolved/d' container.te
sed -i '/^systemd_chat_resolved/d' container.te
%endif

sed -i 's/man: install-policy/man:/' Makefile
sed -i 's/install: man/install:/' Makefile
sed -i 's/^man: install-policy/man:/' Makefile
sed -i 's/^install: man/install:/' Makefile

# https://github.com/containers/container-selinux/issues/203
%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9
sed -i '/user_namespace/d' container.te
%endif

%build


make

%install
Expand Down Expand Up @@ -106,17 +120,22 @@ fi
%files
%doc README.md
%{_datadir}/selinux/*
%{_mandir}/man8/*
%dir %{_datadir}/containers/selinux
%{_datadir}/containers/selinux/contexts
%dir %{_datadir}/udica/templates/
%{_datadir}/udica/templates/*
%{_mandir}/man8/container_selinux.8.gz

%triggerpostun -- container-selinux < 2:2.162.1-3
if %{_sbindir}/selinuxenabled ; then
echo "Fixing Rootless SELinux labels in homedir"
%{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null
fi

%if 0%{?centos} <= 8
* Mon May 01 2023 RH Container Bot <[email protected]>
- Dummy changelog for CentOS Stream 8
%else
%changelog
{{{ git_dir_changelog }}}
%autochangelog
%endif
11 changes: 11 additions & 0 deletions rpm/update-spec-version.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/usr/bin/env bash

# This script will update the Version field in the spec which is set to 0 by
# default. Useful for local manual rpm builds where the Version needs to be set
# correctly.

SPEC_FILE=$(pwd)/container-selinux.spec
LATEST_TAG=$(git tag --sort=creatordate | tail -1)
LATEST_VERSION=$(echo $LATEST_TAG | sed -e 's/^v//')

sed -i "s/^Version:.*/Version: $LATEST_VERSION/" $SPEC_FILE

0 comments on commit 9fdef25

Please sign in to comment.