On Sat, May 12, 2018 at 8:53 AM Matěj Cepl <mcepl(a)cepl.eu> wrote:
Hi,
I am changing jobs (Red Hat -> SUSE; R&D, but not a security
related job), and although I will be switching my workstation to
OpenSUSE, I would love to keep SELinux working. Which meant I had
to dig into the current situation of SELinux and it is … not
good. So, I started to repackage all SELinux packages 2.7 for
OpenSUSE in my home build area
https://build.opensuse.org/project/show/home:mcepl:SELinux
. So,far I have packaged successfully packages for libselinux,
libselinux-bindings, checkpolicy, libsemanage, libsepol, and
python-semanage. Mostly I use original OpenSUSE packages for 2.6,
but if needed I seek inspiration in Fedora packages.
Unfortunately, I have trouble to package policycoreutils. First
of all, I don’t understand what’s the difference between two
upstream tarballs for it:
https://github.com/SELinuxProject/selinux/archive/policycoreutils
-2.7.tar.gz
(linked from
https://github.com/SELinuxProject/selinux/releases)
and
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/fil
es/releases/20170804/policycoreutils-2.7.tar.gz
(linked from
https://github.com/SELinuxProject/selinux/wiki/Releases). What’s
the point of confusing users with two different tarballs of the
same name?
Second, I don’t understand the behavior of the installation
scripts. Looking at
https://is.gd/MivaE1 , why in the world that
installation scripts tons of stuff which is not part of
policycoreutils? Could anybody help me to get through this
obstacle, please?
As the SELinux stack maintainer in Mageia, I've been through the same song
and dance, and I can answer your questions.
For your first question about the tarballs: The SELinux userspace is a
monorepo, so the git tag archives actually contain all the content at
seemingly random checkpoints. As a consequence of this, the upstream
project has to create the tarballs themselves of the components and upload
them. You _must_ use the the tarball from the Releases page, rather than
the archive ones. This leads directly into the confusion for the second
question. Please don't use the GitHub archive URLs as they lead to weird
things like this.
--
真実はいつも一つ!/ Always, there's only one truth!