[DSE-Dev] refpolicy for wheezy

Thu Jun 7 09:37:06 UTC 2012

Le Tue, 5 Jun 2012 23:57:05 +0200,
Mika Pflüger <debian at mikapflueger.de> a écrit :

> Hi,

Hey!

> 
> I think our original plan to get 20120215 into wheezy is not viable
> anymore at this point of the release cycle. But I think there are
> nevertheless some things that we should get into wheezy:
>  * Many people will want to adjust their selinux policy, possibly by
>    modifying the source, so #660328 (refpolicy: Vcs-* fields are
>    pointing to outdated git repository) [BTS] should be solved. This
>    requires that we publish a git repository somewhere and point to
> it.
>  * It would be helpful to get the package with the splitted patches
> into wheezy. This will help fixing bugs which will be reported once
>    people start testing wheezy with selinux on production or similar
>    environments (I think some administrators currently running squeeze
>    with selinux will start testing wheezy selinux in
>    (pre-)production environments during the next months - at least I
>    plan to do so).

I agree that it's now to late for such big changes, splitting up the
patches will definitely help for fixing bugs later.

> 
> As most of the work of splitting the patch is already done, I could
> prepare a 2:2.20110726-4 version of the package. I would include the
> following changes (mostly already done by Laurent or myself):
>   * debian/control:
>     - Bump Standards-Version to 3.9.2
>   * Add debian/gbp.conf file
>   * Switch to dpkg-source 3.0 (quilt) format
>     - Split out existing patches
>   * Switch to team maintenance 
>   * Update Vcs-* fields (Closes: #660328)

Seems fine to me.

> 
> The binary package produced should be identical (modulo changelog etc.
> of course), I will carefully check the resulting contents against the
> contents of the current package to be sure no new bugs are introduced.
> If you think this will be useful, I can prepare this version until end
> of the week. Note however that two things need to be done by somebody
> else: 
> 1. As I have no alioth account somebody else needs to update the
> selinux git on alitoh [ALIOTH] so that pointing to it in
> debian/control is useful. I could provide a URL to clone from.

You could request an alioth account if you want and I think I would be
able to add you to the team.

> 2. Somebody needs to volunteer to review and eventually upload (or
> not) the package.

I already looked at this a bit and had a few comments (most likely,
changes that IMHO belong to another patch), but unfortunately I had no
time to fix that.

> Of course, the resulting package would contain some warts like the
> 154-line "Legacy patch I could not make sense of" and the obvious wart
> that it is not the latest upstream version, but I think it would be
> better than what is currently in wheezy.

The last version of the policy still FTBFS for me (some assertion
failure in checkpolicy), we would need to fix this first in order to get
the last version.

I still have to big hope that we could reduce the delta with upstream
as much as possible to reduce the maintenance on our side.

But all these things will be for wheezy+1 I guess.

Thanks for the work of everybody involved here, and let's continue the
good work for wheezy+1.

Cheers

Laurent Bigonville