[DSE-Dev] Packaging policycoreutils for OpenSUSE

Neal Gompa ngompa13 at gmail.com
Sat May 12 16:45:35 BST 2018


On Sat, May 12, 2018 at 8:53 AM Matěj Cepl <mcepl at cepl.eu> wrote:

> Hi,

> I am changing jobs (Red Hat -> SUSE; R&D, but not a security
> related job), and although I will be switching my workstation to
> OpenSUSE, I would love to keep SELinux working. Which meant I had
> to dig into the current situation of SELinux and it is … not
> good. So, I started to repackage all SELinux packages 2.7 for
> OpenSUSE in my home build area
> https://build.opensuse.org/project/show/home:mcepl:SELinux
> . So,far I have packaged successfully packages for libselinux,
> libselinux-bindings, checkpolicy, libsemanage, libsepol, and
> python-semanage. Mostly I use original OpenSUSE packages for 2.6,
> but if needed I seek inspiration in Fedora packages.

> Unfortunately, I have trouble to package policycoreutils. First
> of all, I don’t understand what’s the difference between two
> upstream tarballs for it:
> https://github.com/SELinuxProject/selinux/archive/policycoreutils
> -2.7.tar.gz
> (linked from https://github.com/SELinuxProject/selinux/releases)
> and
> https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/fil
> es/releases/20170804/policycoreutils-2.7.tar.gz
> (linked from
> https://github.com/SELinuxProject/selinux/wiki/Releases). What’s
> the point of confusing users with two different tarballs of the
> same name?

> Second, I don’t understand the behavior of the installation
> scripts. Looking at https://is.gd/MivaE1 , why in the world that
> installation scripts tons of stuff which is not part of
> policycoreutils? Could anybody help me to get through this
> obstacle, please?


As the SELinux stack maintainer in Mageia, I've been through the same song
and dance, and I can answer your questions.

For your first question about the tarballs: The SELinux userspace is a
monorepo, so the git tag archives actually contain all the content at
seemingly random checkpoints. As a consequence of this, the upstream
project has to create the tarballs themselves of the components and upload
them. You _must_ use the the tarball from the Releases page, rather than
the archive ones. This leads directly into the confusion for the second
question. Please don't use the GitHub archive URLs as they lead to weird
things like this.


-- 
真実はいつも一つ!/ Always, there's only one truth!



More information about the SELinux-devel mailing list