From b1d9b8b5e800d2a90f85fb1553a2e07094885120 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 28 Apr 2023 12:03:25 -0400 Subject: [PATCH] Packit: add jobs for downstream Fedora package builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Get rid of `container-selinux.spec.rpkg` in favour of `container-selinux.spec` which gets synced with fedora dist-git on every upstream release. Packit will automatically create a PR on fedora dist-git on every new upstream release. A sample PR will look like: https://src.fedoraproject.org/rpms/container-selinux/pull-request/10# A dry run for this can be triggered using: `$ packit propose-downstream --local-content` To run this command locally, you would need to have your packit user-configuration-file set. Ref: https://packit.dev/docs/configuration/#user-configuration-file along with a fedora api key created at: https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs. Fixes: #231 Co-authored-by: FrantiĊĦek Lachman Signed-off-by: Lokesh Mandvekar --- .packit.yaml | 21 +++++++- ...elinux.spec.rpkg => container-selinux.spec | 54 +++++++++---------- 2 files changed, 43 insertions(+), 32 deletions(-) rename container-selinux.spec.rpkg => container-selinux.spec (74%) diff --git a/.packit.yaml b/.packit.yaml index 6e654b5..7ed816b 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -6,6 +6,7 @@ # https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/ specfile_path: container-selinux.spec +upstream_tag_template: v{version} jobs: - &copr @@ -27,8 +28,8 @@ jobs: - make - rpkg actions: - post-upstream-clone: - - rpkg spec --outdir ./ + # post-upstream-clone: + # - rpkg spec --outdir ./ fix-spec-file: - bash .packit.sh @@ -69,3 +70,19 @@ jobs: targets: *pr_copr_targets identifier: podman_system_test tmt_plan: "/plans/podman_system_test" + + - job: propose_downstream + trigger: release + update_release: false + dist_git_branches: + - fedora-all + + - job: koji_build + trigger: commit + dist_git_branches: + - fedora-all + + - job: bodhi_update + trigger: commit + dist_git_branches: + - fedora-branched # rawhide updates are created automatically diff --git a/container-selinux.spec.rpkg b/container-selinux.spec similarity index 74% rename from container-selinux.spec.rpkg rename to container-selinux.spec index cab4663..6592a46 100644 --- a/container-selinux.spec.rpkg +++ b/container-selinux.spec @@ -1,9 +1,7 @@ -# For automatic rebuilds in COPR +%global debug_package %{nil} -# The following tag is to get correct syntax highlighting for this file in vim text editor -# vim: syntax=spec - -%global debug_package %{nil} +# container-selinux +%global git0 https://github.com/containers/container-selinux # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package @@ -16,15 +14,14 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -Name: {{{ git_dir_name }}} -Epoch: 101 -Version: {{{ git_dir_version }}} -Release: 1%{?dist} -License: GPLv2 -URL: https://github.com/containers/container-selinux +Name: container-selinux +Epoch: 2 +Version: 2.211.0 +Release: %autorelease +License: GPL-2.0-only +URL: %{git0} Summary: SELinux policies for container runtimes -VCS: {{{ git_dir_vcs }}} -Source: {{{ git_dir_pack }}} +Source0: %{git0}/archive/v%{version}.tar.gz BuildArch: noarch BuildRequires: make BuildRequires: git-core @@ -48,20 +45,9 @@ Conflicts: k3s-selinux <= 0.4-1 SELinux policy modules for use with container runtimes. %prep -{{{ git_dir_setup_macro }}} - -# Remove some lines for RHEL 8 build -%if ! 0%{?fedora} && 0%{?rhel} <= 8 -sed -i 's/watch watch_reads//' container.if -sed -i '/sysfs_t:dir watch/d' container.te -sed -i '/systemd_chat_resolved/d' container.te -%endif - -sed -i 's/man: install-policy/man:/' Makefile -sed -i 's/install: man/install:/' Makefile - +%autosetup -Sgit %{name}-%{built_tag_strip} # https://github.com/containers/container-selinux/issues/203 -%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9 +%if 0%{?fedora} <= 37 sed -i '/user_namespace/d' container.te %endif @@ -71,7 +57,14 @@ make %install # install policy modules %_format MODULES $x.pp.bz2 -%{__make} DATADIR=%{buildroot}%{_datadir} install install.udica-templates +install -d %{buildroot}%{_datadir}/selinux/packages +install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services +install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services +install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages +install -d %{buildroot}/%{_datadir}/containers/selinux +install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts +install -d %{buildroot}%{_datadir}/udica/templates +install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates %check @@ -89,7 +82,7 @@ fi %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null %selinux_modules_install -s %{selinuxtype} $MODULES . %{_sysconfdir}/selinux/config -sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types +sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun @@ -106,11 +99,12 @@ fi %files %doc README.md %{_datadir}/selinux/* -%{_mandir}/man8/* %dir %{_datadir}/containers/selinux %{_datadir}/containers/selinux/contexts %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* +# Currently shipped in selinux-policy-doc +#%%{_datadir}/man/man8/container_selinux.8.gz %triggerpostun -- container-selinux < 2:2.162.1-3 if %{_sbindir}/selinuxenabled ; then @@ -119,4 +113,4 @@ if %{_sbindir}/selinuxenabled ; then fi %changelog -{{{ git_dir_changelog }}} +%autochangelog