On Fri, 2010-04-23 at 07:15 -0400, Alan Rouse wrote:
I'm trying to get selinux working in a different linux distribution where the directory structure differs from the fedora / redhat pattern. I'm attempting to use the fedora selinux src rpm as a starting point, but of course lots of files are being labelled incorrectly due to the directory differences. I can identify the incorrectly labelled files and I know how to get them labelled correctly. But I need to be able to make a new source rpm based on the fedora selinux src rpm, including the necessary changes, so I can distribute and maintain the policy over time.
I can execute "rpmbuild -bp SPECS/selinux-policy.spec" to generate the fedora patched policy source in the BUILD directory. Then I can make my changes there. But I need to be able to regenerate the src rpm including those changes. And I need to be able to maintain this over time as the reference policy evolves, by dropping in a new reference policy tgz and regenerating the patch files. Surely there's a better way than "vi policy-F12.patch"!
I presume there are tools / scripts / instructions to help with this. Can someone point me in the right direction?
Typically you'd make a copy of the serefpolicy-x.y.z directory under the BUILD directory, modify that copy, generate a diff, and add that to the .spec file as a further patch on top of the existing ones (not as a replacement for them). Then use rpmbuild to regenerate the .src.rpm with your modifications.
A quick google search found this: http://bradthemad.org/tech/notes/patching_rpms.php
But fundamentally it isn't any different than creating a src rpm in the first place.
Ideally you'd upstream your changes to the refpolicy, although you may need to regenerate your patches relative to it then.
You can wrap your entries with an ifdef(`distro_xxx', `...') and build with DISTRO=xxx to enable them so that they are only applied for that distro.