From be759f3dc4a52f0363a7a9caca18a07ebb8e7530 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Tue, 2 May 2023 14:33:16 -0400 Subject: [PATCH] Packit: add jobs for downstream Fedora package builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Get rid of `container-selinux.spec.rpkg` in favour of `rpm/container-selinux.spec` which gets synced with fedora dist-git on every upstream release. The version in the new spec file is set to `0` by default and gets updated by packit automatically on every packit task. For local manual rpm builds using the spec, the helper script in the `rpm/` subdir will update the Version field with the latest version found in the upstream repo. Packit will automatically create a PR on fedora dist-git on every new upstream release. A sample PR will look like: https://src.fedoraproject.org/rpms/container-selinux/pull-request/10# A dry run for this can be triggered using: `$ packit propose-downstream --local-content` To run this command locally, you would need to have your packit user-configuration-file set. Ref: https://packit.dev/docs/configuration/#user-configuration-file along with a fedora api key created at: https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs. Fixes: #231 Co-authored-by: FrantiĊĦek Lachman Signed-off-by: Lokesh Mandvekar --- .packit.sh | 12 ++-- .packit.yaml | 21 ++++++- .../container-selinux.spec | 55 +++++++++++++------ rpm/update-spec-version.sh | 11 ++++ 4 files changed, 72 insertions(+), 27 deletions(-) rename container-selinux.spec.rpkg => rpm/container-selinux.spec (76%) create mode 100644 rpm/update-spec-version.sh diff --git a/.packit.sh b/.packit.sh index 5899f5d..8bbe767 100644 --- a/.packit.sh +++ b/.packit.sh @@ -6,6 +6,9 @@ set -eo pipefail +# Set path to rpm spec file +SPEC_FILE=rpm/container-selinux.spec + # Get Version from HEAD HEAD_VERSION=$(grep '^policy_module' container.te | sed 's/[^0-9.]//g') @@ -15,13 +18,10 @@ git archive --prefix=container-selinux-$HEAD_VERSION/ -o container-selinux-$HEAD # RPM Spec modifications # Update Version in spec with Version from container.te -sed -i "s/^Version:.*/Version: $HEAD_VERSION/" container-selinux.spec +sed -i "s/^Version:.*/Version: $HEAD_VERSION/" $SPEC_FILE # Update Release in spec with Packit's release envvar -sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" container-selinux.spec +sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" $SPEC_FILE # Update Source tarball name in spec -sed -i "s/^Source:.*.tar.gz/Source: %{name}-$HEAD_VERSION.tar.gz/" container-selinux.spec - -# Update setup macro to use the correct build dir -sed -i "s/^%setup.*/%autosetup -Sgit -n %{name}-$HEAD_VERSION/" container-selinux.spec +sed -i "s/^Source:.*.tar.gz/Source: %{name}-$HEAD_VERSION.tar.gz/" $SPEC_FILE diff --git a/.packit.yaml b/.packit.yaml index 6e654b5..d49f936 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -5,7 +5,8 @@ # Build targets can be found at: # https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/ -specfile_path: container-selinux.spec +specfile_path: rpm/container-selinux.spec +upstream_tag_template: v{version} jobs: - &copr @@ -27,8 +28,6 @@ jobs: - make - rpkg actions: - post-upstream-clone: - - rpkg spec --outdir ./ fix-spec-file: - bash .packit.sh @@ -69,3 +68,19 @@ jobs: targets: *pr_copr_targets identifier: podman_system_test tmt_plan: "/plans/podman_system_test" + + - job: propose_downstream + trigger: release + update_release: false + dist_git_branches: + - fedora-all + + - job: koji_build + trigger: commit + dist_git_branches: + - fedora-all + + - job: bodhi_update + trigger: commit + dist_git_branches: + - fedora-branched # rawhide updates are created automatically diff --git a/container-selinux.spec.rpkg b/rpm/container-selinux.spec similarity index 76% rename from container-selinux.spec.rpkg rename to rpm/container-selinux.spec index cab4663..a540400 100644 --- a/container-selinux.spec.rpkg +++ b/rpm/container-selinux.spec @@ -1,10 +1,8 @@ -# For automatic rebuilds in COPR - -# The following tag is to get correct syntax highlighting for this file in vim text editor -# vim: syntax=spec - %global debug_package %{nil} +# container-selinux upstream +%global git0 https://github.com/containers/container-selinux + # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package %global selinuxtype targeted @@ -16,15 +14,29 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -Name: {{{ git_dir_name }}} +# copr_username is only set on copr environments, not on others like koji +%if "%{?copr_username}" != "rhcontainerbot" +%bcond_with copr +%else +%bcond_without copr +%endif + +Name: container-selinux +# Set different Epochs for copr and koji +%if %{with copr} Epoch: 101 -Version: {{{ git_dir_version }}} -Release: 1%{?dist} -License: GPLv2 -URL: https://github.com/containers/container-selinux +%else +Epoch: 2 +%endif +# Keep Version in upstream specfile at 0. It will be automatically set +# to the correct value by Packit for copr and koji builds. +# IGNORE this comment if you're looking at it in dist-git. +Version: 0 +Release: %autorelease +License: GPL-2.0-only +URL: %{git0} Summary: SELinux policies for container runtimes -VCS: {{{ git_dir_vcs }}} -Source: {{{ git_dir_pack }}} +Source0: %{git0}/archive/v%{version}.tar.gz BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -48,17 +60,17 @@ Conflicts: k3s-selinux <= 0.4-1 SELinux policy modules for use with container runtimes. %prep -{{{ git_dir_setup_macro }}} +%autosetup -Sgit %{name}-%{version} # Remove some lines for RHEL 8 build %if ! 0%{?fedora} && 0%{?rhel} <= 8 sed -i 's/watch watch_reads//' container.if sed -i '/sysfs_t:dir watch/d' container.te -sed -i '/systemd_chat_resolved/d' container.te +sed -i '/^systemd_chat_resolved/d' container.te %endif -sed -i 's/man: install-policy/man:/' Makefile -sed -i 's/install: man/install:/' Makefile +sed -i 's/^man: install-policy/man:/' Makefile +sed -i 's/^install: man/install:/' Makefile # https://github.com/containers/container-selinux/issues/203 %if 0%{?fedora} <= 37 || 0%{?rhel} <= 9 @@ -66,6 +78,8 @@ sed -i '/user_namespace/d' container.te %endif %build + + make %install @@ -106,11 +120,11 @@ fi %files %doc README.md %{_datadir}/selinux/* -%{_mandir}/man8/* %dir %{_datadir}/containers/selinux %{_datadir}/containers/selinux/contexts %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* +%{_mandir}/man8/container_selinux.8.gz %triggerpostun -- container-selinux < 2:2.162.1-3 if %{_sbindir}/selinuxenabled ; then @@ -118,5 +132,10 @@ if %{_sbindir}/selinuxenabled ; then %{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null fi +%if 0%{?centos} <= 8 +* Mon May 01 2023 RH Container Bot +- Dummy changelog for CentOS Stream 8 +%else %changelog -{{{ git_dir_changelog }}} +%autochangelog +%endif diff --git a/rpm/update-spec-version.sh b/rpm/update-spec-version.sh new file mode 100644 index 0000000..ebf5a96 --- /dev/null +++ b/rpm/update-spec-version.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +# This script will update the Version field in the spec which is set to 0 by +# default. Useful for local manual rpm builds where the Version needs to be set +# correctly. + +SPEC_FILE=$(pwd)/container-selinux.spec +LATEST_TAG=$(git tag --sort=creatordate | tail -1) +LATEST_VERSION=$(echo $LATEST_TAG | sed -e 's/^v//') + +sed -i "s/^Version:.*/Version: $LATEST_VERSION/" $SPEC_FILE