|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
#!/bin/bash
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
DISTGIT_PATH=$(pwd)
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
FEDORA_VERSION=rawhide
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
b040fbf |
DOCKER_FEDORA_VERSION=master
|
|
![](https://seccdn.libravatar.org/avatar/f5f39686c696f412e8ed564241807306fff38278b276da30a2d3c41583d69f2a?s=16&d=retro) |
c7dfdd4 |
DISTGIT_BRANCH=f37
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
735de04 |
REPO_SELINUX_POLICY=${REPO_SELINUX_POLICY:-https://github.com/fedora-selinux/selinux-policy}
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
REPO_SELINUX_POLICY_BRANCH=${REPO_SELINUX_POLICY_BRANCH:-$FEDORA_VERSION}
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
735de04 |
REPO_CONTAINER_SELINUX=${REPO_CONTAINER_SELINUX:-https://github.com/containers/container-selinux}
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
b9e53a5 |
REPO_MACRO_EXPANDER=${REPO_MACRO_EXPANDER:-https://github.com/fedora-selinux/macro-expander.git}
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
# When -l is specified, we use locally created tarballs and don't download them from github
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
DOWNLOAD_DEFAULT_GITHUB_TARBALLS=1
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
if [ "$1" == "-l" ]; then
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
DOWNLOAD_DEFAULT_GITHUB_TARBALLS=0
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
fi
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
git checkout $DISTGIT_BRANCH -q
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
d9d5631 |
POLICYSOURCES=`mktemp -d --tmpdir policysources.XXXXXX`
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
pushd $POLICYSOURCES > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
e042be0 |
git clone --depth=1 -q $REPO_SELINUX_POLICY selinux-policy \
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
e042be0 |
-b $REPO_SELINUX_POLICY_BRANCH
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
e042be0 |
git clone --depth=1 -q $REPO_CONTAINER_SELINUX container-selinux
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
e042be0 |
git clone --depth=1 -q $REPO_MACRO_EXPANDER macro-expander
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
pushd selinux-policy > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/a2cc8783a9727b89b4e4f4d85b9c74f5ebb768d0ee0302876f2c9a58b9377de8?s=16&d=retro) |
856e200 |
# prepare policy patches against upstream commits matching the last upstream merge
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
51dc83b |
BASE_HEAD_ID=$(git rev-parse HEAD)
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
51dc83b |
BASE_SHORT_HEAD_ID=$(c=${BASE_HEAD_ID}; echo ${c:0:7})
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
git archive --prefix=selinux-policy-$BASE_HEAD_ID/ --format tgz HEAD > $DISTGIT_PATH/selinux-policy-$BASE_SHORT_HEAD_ID.tar.gz
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
47948f5 |
popd > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
47948f5 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
ab3db24 |
pushd container-selinux > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
ab3db24 |
# Actual container-selinux files are in master branch
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
d932255 |
#git checkout -b ${DOCKER_FEDORA_VERSION} -t origin/${DOCKER_FEDORA_VERSION} -q
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
ab3db24 |
tar -czf container-selinux.tgz container.if container.te container.fc
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
popd > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
pushd $DISTGIT_PATH > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
if [ $DOWNLOAD_DEFAULT_GITHUB_TARBALLS == 1 ]; then
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
5e55c3a |
wget -O selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz https://github.com/fedora-selinux/selinux-policy/archive/${BASE_HEAD_ID}.tar.gz &> /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
fi
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
ab3db24 |
cp $POLICYSOURCES/container-selinux/container-selinux.tgz .
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
b9e53a5 |
cp $POLICYSOURCES/macro-expander/macro-expander.sh ./macro-expander
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
8e8fb9c |
chmod +x ./macro-expander
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
popd > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
popd > /dev/null
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
rm -rf $POLICYSOURCES
|
|
![](https://seccdn.libravatar.org/avatar/8f569d3e2afbd4b7398c9345b55bc19618a80520008ea4896d95981831a9089f?s=16&d=retro) |
03d22f2 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
# Update commit id in selinux-policy.spec file
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
sed -i "s/%global commit [^ ]*$/%global commit $BASE_HEAD_ID/" selinux-policy.spec
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
# Update sources
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
sha512sum --tag selinux-policy-${BASE_SHORT_HEAD_ID}.tar.gz container-selinux.tgz macro-expander > sources
|
|
![](https://seccdn.libravatar.org/avatar/08de75d2caa4e82592ba986a401825467ec6e4be80fcf68dea3b4d1800f20554?s=16&d=retro) |
b719841 |
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
echo -e "\nSELinux policy tarball and container-selinux.tgz with container policy files have been created."
|
|
![](https://seccdn.libravatar.org/avatar/4d04624359573e2b0c7cbadd0b29ed348b7bc9ee5235bfc3107aa0e4f4f2ae72?s=16&d=retro) |
5487666 |
echo "Commit id of selinux-policy in spec file was changed to ${BASE_HEAD_ID}"
|