From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 54E2D158041 for ; Sun, 5 Sep 2021 16:00:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 32950E086F; Sun, 5 Sep 2021 16:00:22 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0F5ADE086F for ; Sun, 5 Sep 2021 16:00:22 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 75C99340B63 for ; Sun, 5 Sep 2021 16:00:20 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D9E39EC for ; Sun, 5 Sep 2021 16:00:16 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1630855814.5f7c94e010a7d68ddd59a21221788b38e369faa8.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: gentoo/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: gentoo/README gentoo/STATE X-VCS-Directories: gentoo/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 5f7c94e010a7d68ddd59a21221788b38e369faa8 X-VCS-Branch: master Date: Sun, 5 Sep 2021 16:00:16 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: f01326bf-89e7-4789-b362-ab05a8d623f4 X-Archives-Hash: 247d98e6b43d49acded106da05f52976 commit: 5f7c94e010a7d68ddd59a21221788b38e369faa8 Author: Jason Zaman gentoo org> AuthorDate: Sun Sep 5 15:21:44 2021 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Sep 5 15:30:14 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5f7c94e0 Merge upstream Signed-off-by: Jason Zaman gentoo.org> gentoo/README | 64 +++++++++++++++++++++++++++++++++++++++++++++++++---------- gentoo/STATE | 2 +- 2 files changed, 54 insertions(+), 12 deletions(-) diff --git a/gentoo/README b/gentoo/README index e0f294bf..54dbcc6a 100644 --- a/gentoo/README +++ b/gentoo/README @@ -1,19 +1,61 @@ Gentoo refpolicy repository =========================== -Our upstream is Tresys' refpolicy project, available at -https://github.com/TresysTechnology/refpolicy.git. To properly keep track of the upstream -activity as well as merge its changes, a set of documents, files and scripts are -provided to ease the management of our repository. +Our upstream is SELinuxProject's refpolicy project, available at: +https://github.com/SELinuxProject/refpolicy/. To properly keep track of the +upstream activity as well as merge its changes, a set of documents, files and +scripts are provided to ease the management of our repository. -STATE ------ +Environment Variables +--------------------- -The STATE file contains the commit id's of upstream up to which point our +The scripts in this directory expect several envvars defining locations to repos. +For example, set in .bashrc: + +export GENTOOX86="/var/db/repos/gentoo" +export HARDENEDREFPOL="${HOME}/code/gentoo/hardened-refpolicy" +export REFPOLGIT="${HOME}/code/gentoo/refpolicy" +export REFPOLRELEASE="${HOME}/code/gentoo/refpolicy-release/refpolicy" + + +gentoo/STATE +------------ + +The STATE file contains the commit id of upstream up to which point our repository is synchronized/merged. -release-prepare.sh ------------------- +Merging upstream +---------------- + +To merge changes from upstream, first have both repos checked out and up to date. +Format patches from upstream repo: + + refpolicy $ git fetch origin + refpolicy $ rm -f ./0*.patch # cleanup any previous patches + refpolicy $ git format-patch $(cat ${HARDENEDREFPOL}/gentoo/STATE)..origin/HEAD + +Apply all the patches to our repo: + + hardened-refpolicy $ git am ${REFPOLGIT}/0*.patch --signoff + +If there are merge conflicts, patch fuzzy-apply is usually somewhat successful: + + $ patch -p1 -F99 -l --no-backup-if-mismatch < <(git am --show-current-patch=diff) + +Or resolve conflicts manually. Then, as always, make sure everything is sane, +then continue until all patches are applied: $ git am --continue + +Make sure to test thoroughly and push to github so the Github Actions CI will +test all config combinations and flag any deprecations. + +Finally, make sure the STATE file is updated: + + $ git -C ${REFPOLGIT} rev-parse origin/HEAD > gentoo/STATE + $ git add gentoo/STATE + $ git commit -m "Merge upstream" -s + +gentoo/release-prepare.sh +------------------------- -The release-prepare.sh script handles the creation of a new policy release, from -creating the new ebuilds, patchbundle to tagging the repository. +The release-prepare.sh script handles the creation of a new Gentoo policy +release, from creating the new ebuilds & patchbundle to tagging the repository. diff --git a/gentoo/STATE b/gentoo/STATE index 76659b77..7e9c4893 100644 --- a/gentoo/STATE +++ b/gentoo/STATE @@ -1 +1 @@ -main 4aa1562208b576906ecb469175bfa11e791fdbe6 +e45d2fd1efb20380b2bf21a52623bf008d742e46