forked from containers/container-selinux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Packit: add jobs for downstream Fedora package builds
Get rid of `container-selinux.spec.rpkg` in favour of `rpm/container-selinux.spec` which gets synced with fedora dist-git on every upstream release. The version in the new spec file is set to `0` by default and gets updated by packit automatically on every packit task. For local manual rpm builds using the spec, the helper script in the `rpm/` subdir will update the Version field with the latest version found in the upstream repo. Packit will automatically create a PR on fedora dist-git on every new upstream release. A sample PR will look like: https://src.fedoraproject.org/rpms/container-selinux/pull-request/10# A dry run for this can be triggered using: `$ packit propose-downstream --local-content` To run this command locally, you would need to have your packit user-configuration-file set. Ref: https://packit.dev/docs/configuration/#user-configuration-file along with a fedora api key created at: https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs. Fixes: containers#231 Co-authored-by: František Lachman <[email protected]> Signed-off-by: Lokesh Mandvekar <[email protected]>
- Loading branch information
1 parent
ae2ada1
commit ce9da64
Showing
4 changed files
with
74 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,8 @@ | ||
# For automatic rebuilds in COPR | ||
|
||
# The following tag is to get correct syntax highlighting for this file in vim text editor | ||
# vim: syntax=spec | ||
|
||
%global debug_package %{nil} | ||
|
||
# container-selinux upstream | ||
%global git0 https://github.com/containers/container-selinux | ||
|
||
# container-selinux stuff (prefix with ds_ for version/release etc.) | ||
# Some bits borrowed from the openstack-selinux package | ||
%global selinuxtype targeted | ||
|
@@ -16,15 +14,29 @@ | |
# Format must contain '$x' somewhere to do anything useful | ||
%global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; | ||
|
||
Name: {{{ git_dir_name }}} | ||
# copr_username is only set on copr environments, not on others like koji | ||
%if "%{?copr_username}" != "rhcontainerbot" | ||
%bcond_with copr | ||
%else | ||
%bcond_without copr | ||
%endif | ||
|
||
Name: container-selinux | ||
# Set different Epochs for copr and koji | ||
%if %{with copr} | ||
Epoch: 101 | ||
Version: {{{ git_dir_version }}} | ||
Release: 1%{?dist} | ||
License: GPLv2 | ||
URL: https://github.com/containers/container-selinux | ||
%else | ||
Epoch: 2 | ||
%endif | ||
# Keep Version in upstream specfile at 0. It will be automatically set | ||
# to the correct value by Packit for copr and koji builds. | ||
# IGNORE this comment if you're looking at it in dist-git. | ||
Version: 0 | ||
Release: %autorelease | ||
License: GPL-2.0-only | ||
URL: %{git0} | ||
Summary: SELinux policies for container runtimes | ||
VCS: {{{ git_dir_vcs }}} | ||
Source: {{{ git_dir_pack }}} | ||
Source0: %{git0}/archive/v%{version}.tar.gz | ||
BuildArch: noarch | ||
BuildRequires: make | ||
BuildRequires: git-core | ||
|
@@ -48,24 +60,26 @@ Conflicts: k3s-selinux <= 0.4-1 | |
SELinux policy modules for use with container runtimes. | ||
|
||
%prep | ||
{{{ git_dir_setup_macro }}} | ||
%autosetup -Sgit %{name}-%{version} | ||
|
||
# Remove some lines for RHEL 8 build | ||
%if ! 0%{?fedora} && 0%{?rhel} <= 8 | ||
sed -i 's/watch watch_reads//' container.if | ||
sed -i '/sysfs_t:dir watch/d' container.te | ||
sed -i '/systemd_chat_resolved/d' container.te | ||
sed -i '/^systemd_chat_resolved/d' container.te | ||
%endif | ||
|
||
sed -i 's/man: install-policy/man:/' Makefile | ||
sed -i 's/install: man/install:/' Makefile | ||
sed -i 's/^man: install-policy/man:/' Makefile | ||
sed -i 's/^install: man/install:/' Makefile | ||
|
||
# https://github.com/containers/container-selinux/issues/203 | ||
%if 0%{?fedora} <= 37 || 0%{?rhel} <= 9 | ||
sed -i '/user_namespace/d' container.te | ||
%endif | ||
|
||
%build | ||
|
||
|
||
make | ||
|
||
%install | ||
|
@@ -106,17 +120,22 @@ fi | |
%files | ||
%doc README.md | ||
%{_datadir}/selinux/* | ||
%{_mandir}/man8/* | ||
%dir %{_datadir}/containers/selinux | ||
%{_datadir}/containers/selinux/contexts | ||
%dir %{_datadir}/udica/templates/ | ||
%{_datadir}/udica/templates/* | ||
%{_mandir}/man8/container_selinux.8.gz | ||
|
||
%triggerpostun -- container-selinux < 2:2.162.1-3 | ||
if %{_sbindir}/selinuxenabled ; then | ||
echo "Fixing Rootless SELinux labels in homedir" | ||
%{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay* 2> /dev/null | ||
fi | ||
|
||
%if 0%{?centos} <= 8 | ||
* Mon May 01 2023 RH Container Bot <[email protected]> | ||
- Dummy changelog for CentOS Stream 8 | ||
%else | ||
%changelog | ||
{{{ git_dir_changelog }}} | ||
%autochangelog | ||
%endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/usr/bin/env bash | ||
|
||
# This script will update the Version field in the spec which is set to 0 by | ||
# default. Useful for local manual rpm builds where the Version needs to be set | ||
# correctly. | ||
|
||
SPEC_FILE=$(pwd)/container-selinux.spec | ||
LATEST_TAG=$(git tag --sort=creatordate | tail -1) | ||
LATEST_VERSION=$(echo $LATEST_TAG | sed -e 's/^v//') | ||
|
||
sed -i "s/^Version:.*/Version: $LATEST_VERSION/" $SPEC_FILE |