Compare commits
2 Commits
18832780cd
...
7ae316c9a1
| Author | SHA1 | Date |
|---|---|---|
 Dustin
|
7ae316c9a1 | |
|
Dustin
|
f82eb54e02 |
|
|
@ -1,2 +1,7 @@
|
|||
BUILD/
|
||||
BUILDROOT/
|
||||
repo/
|
||||
tmp/
|
||||
*.pp
|
||||
*.rpm
|
||||
*.tar.xz
|
||||
|
|
|
|||
85
Makefile
85
Makefile
|
|
@ -1,5 +1,84 @@
|
|||
NAME ?= targetd
|
||||
NAME ?= targeted
|
||||
REPO ?= repo
|
||||
|
||||
.PHONY: all
|
||||
all:
|
||||
RPMBUILDFLAGS = \
|
||||
-D "_topdir ${PWD}" \
|
||||
-D "_srcrpmdir ${PWD}" \
|
||||
-D "_sourcedir ${PWD}" \
|
||||
-D "_specdir ${PWD}" \
|
||||
-D "_rpmdir ${PWD}"
|
||||
|
||||
ARCH = noarch
|
||||
VERSION = $(shell rpm -q --qf '%{VERSION}' --specfile dch-selinux.spec)
|
||||
RELEASE = $(shell rpm -q --qf '%{RELEASE}' --specfile dch-selinux.spec)
|
||||
TAR = dch-selinux-$(VERSION).tar.xz
|
||||
SPEC = dch-selinux.spec
|
||||
RPM = dch-selinux-$(VERSION)-$(RELEASE).$(ARCH).rpm
|
||||
SRPM = dch-selinux-$(VERSION)-$(RELEASE).src.rpm
|
||||
|
||||
GITEA_URL = https://git.pyrocufflink.net
|
||||
GITEA_ORG = infra
|
||||
|
||||
define buildpp
|
||||
$(MAKE) NAME=$(NAME) -f /usr/share/selinux/devel/Makefile
|
||||
endef
|
||||
|
||||
.PHONY: \
|
||||
clean \
|
||||
default \
|
||||
dist \
|
||||
mockbuild \
|
||||
pp \
|
||||
publish \
|
||||
repo \
|
||||
rpm \
|
||||
srpm
|
||||
|
||||
default: pp
|
||||
|
||||
dch-samba.pp: dch-samba.fc dch-samba.if dch-samba.te
|
||||
$(call buildpp)
|
||||
|
||||
$(TAR): \
|
||||
$(wildcard *.fc) \
|
||||
$(wildcard *.if) \
|
||||
$(wildcard *.te)
|
||||
tar -cJf $@ --transform 's/^/dch-selinux-$(VERSION)\//' $^
|
||||
|
||||
$(RPM): $(SPEC) $(TAR)
|
||||
rpmbuild $(RPMBUILDFLAGS) -bb -v $<
|
||||
mv $(ARCH)/$@ $@
|
||||
rmdir $(ARCH)
|
||||
|
||||
$(SRPM): $(SPEC) $(TAR)
|
||||
rpmbuild $(RPMBUILDFLAGS) -bs -v $<
|
||||
|
||||
dist: $(TAR)
|
||||
|
||||
clean:
|
||||
rm -f *.pp *.rpm *.srpm *.tar.xz
|
||||
rm -rf BUILD BUILDROOT
|
||||
rm -rf repo
|
||||
rm -rf tmp
|
||||
|
||||
mockbuild: $(SRPM)
|
||||
ifeq ($(MOCKTARGET),)
|
||||
$(error MOCKTARGET is required, e.g. make MOCKTARGET=fedora-37-x86_64 mockbuild)
|
||||
endif
|
||||
mock -r '$(MOCKTARGET)' $(SRPM)
|
||||
cp -a /var/lib/mock/$(MOCKTARGET)/result/*.noarch.rpm .
|
||||
|
||||
publish: $(RPM)
|
||||
ifeq ($(GITEA_USERNAME),)
|
||||
$(error GITEA_USERNAME and GITEA_PASSWORD are required)
|
||||
endif
|
||||
curl -f \
|
||||
'$(GITEA_URL)/api/packages/$(GITEA_ORG)/rpm/upload' \
|
||||
-u '$(GITEA_USERNAME):$(GITEA_PASSWORD)' \
|
||||
-T $<
|
||||
|
||||
rpm: $(RPM)
|
||||
|
||||
srpm: $(SRPM)
|
||||
|
||||
pp: dch-samba.pp
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
// vim: set sw=4 ts=4 sts=4 et :
|
||||
|
||||
pipeline {
|
||||
agent {
|
||||
kubernetes {
|
||||
yamlFile 'ci/podTemplate.yaml'
|
||||
defaultContainer 'build'
|
||||
}
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('Build') {
|
||||
steps {
|
||||
sh 'make rpm'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Publish') {
|
||||
steps {
|
||||
withCredentials([usernamePassword(
|
||||
credentialsId: 'jenkins-packages',
|
||||
usernameVariable: 'GITEA_USERNAME',
|
||||
passwordVariable: 'GITEA_PASSWORD',
|
||||
)]) {
|
||||
sh 'make publish'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
post {
|
||||
success {
|
||||
archiveArtifacts '*.rpm'
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
spec:
|
||||
containers:
|
||||
- name: build
|
||||
image: git.pyrocufflink.net/containerimages/build/selinux:main
|
||||
imagePullPolicy: Always
|
||||
securityPolicy:
|
||||
runAsNonRoot: true
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
%global selinux_variants mls targeted
|
||||
|
||||
Name: dch-selinux
|
||||
Version: 1.0.0
|
||||
Release: 1%{?dist}
|
||||
Summary: Dustin's custom SELinux policy modules
|
||||
|
||||
License: GPLv2+
|
||||
URL: https://git.pyrocufflink.net/dustin/dch-selinux
|
||||
Source0: %{name}-%{version}.tar.xz
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: checkpolicy
|
||||
BuildRequires: hardlink
|
||||
BuildRequires: selinux-policy-devel
|
||||
|
||||
Requires: selinux-policy >= %{_selinux_policy_version}
|
||||
|
||||
Requires(post): policycoreutils, selinux-policy-base
|
||||
Requires(postun): policycoreutils
|
||||
|
||||
%description
|
||||
This is a collection of SELinux policy modules that fix or augment the default
|
||||
SELinux policy for Fedora/RHEL.
|
||||
|
||||
|
||||
%prep
|
||||
%setup
|
||||
|
||||
%build
|
||||
for v in %{selinux_variants}; do
|
||||
make NAME=$v -f %{_datarootdir}/selinux/devel/Makefile
|
||||
mv dch-samba.pp dch-samba.pp.$v
|
||||
make NAME=$v -f %{_datarootdir}/selinux/devel/Makefile clean
|
||||
done
|
||||
|
||||
%install
|
||||
for v in %{selinux_variants}; do
|
||||
install -d %{buildroot}%{_datadir}/selinux/$v
|
||||
install -p -m 644 dch-samba.pp.$v \
|
||||
%{buildroot}%{_datadir}/selinux/$v/dch-samba.pp
|
||||
done
|
||||
hardlink -cv %{buildroot}%{_datadir}/selinux
|
||||
|
||||
|
||||
%post
|
||||
for v in %{selinux_variants}; do
|
||||
/usr/sbin/semodule -s $v \
|
||||
-i %{_datadir}/selinux/$v/dch-samba.pp >&- 2>&- || :
|
||||
done
|
||||
|
||||
|
||||
%postun
|
||||
for v in %{selinux_variants}; do
|
||||
/usr/sbin/semodule -s $v -r dch-samba.pp >&- 2>&- || :
|
||||
done
|
||||
|
||||
|
||||
%files
|
||||
%{_datadir}/selinux/*/*.pp
|
||||
|
||||
%changelog
|
||||
* Mon Dec 19 2022 Dustin C. Hatch <dustin@hatch.name> 1.0.0-1
|
||||
- New spec for dch-selinux
|
||||
Loading…
Reference in New Issue