[DSE-Dev] refpolicy for wheezy

Mika Pflüger debian at mikapflueger.de
Tue Jun 5 21:57:05 UTC 2012


Hi,

I think our original plan to get 20120215 into wheezy is not viable
anymore at this point of the release cycle. But I think there are
nevertheless some things that we should get into wheezy:
 * Many people will want to adjust their selinux policy, possibly by
   modifying the source, so #660328 (refpolicy: Vcs-* fields are
   pointing to outdated git repository) [BTS] should be solved. This
   requires that we publish a git repository somewhere and point to it.
 * It would be helpful to get the package with the splitted patches into
   wheezy. This will help fixing bugs which will be reported once
   people start testing wheezy with selinux on production or similar
   environments (I think some administrators currently running squeeze
   with selinux will start testing wheezy selinux in
   (pre-)production environments during the next months - at least I
   plan to do so).

As most of the work of splitting the patch is already done, I could
prepare a 2:2.20110726-4 version of the package. I would include the
following changes (mostly already done by Laurent or myself):
  * debian/control:
    - Bump Standards-Version to 3.9.2
  * Add debian/gbp.conf file
  * Switch to dpkg-source 3.0 (quilt) format
    - Split out existing patches
  * Switch to team maintenance 
  * Update Vcs-* fields (Closes: #660328)

The binary package produced should be identical (modulo changelog etc.
of course), I will carefully check the resulting contents against the
contents of the current package to be sure no new bugs are introduced.
If you think this will be useful, I can prepare this version until end
of the week. Note however that two things need to be done by somebody
else: 
1. As I have no alioth account somebody else needs to update the
selinux git on alitoh [ALIOTH] so that pointing to it in debian/control
is useful. I could provide a URL to clone from.
2. Somebody needs to volunteer to review and eventually upload (or
not) the package.

Of course, the resulting package would contain some warts like the
154-line "Legacy patch I could not make sense of" and the obvious wart
that it is not the latest upstream version, but I think it would be
better than what is currently in wheezy.

Please tell me if you think this approach is useful (maybe one of you
already works on packaging the latest upstream so my suggestion is moot
- I would love to hear that!).

Cheers,

Mika


[BTS] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660328
[ALIOTH] http://anonscm.debian.org/gitweb/?p=selinux/selinux.git

-- 
Own your own computer. Don't use Windows 7. <http://windows7sins.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20120605/465e002c/attachment.pgp>


More information about the SELinux-devel mailing list