On Fri, Jul 14, 2023 at 11:48 AM Daan De Meyer <daan.j.demeyer(a)gmail.com>
wrote:
> To get just the latest repository content, steps described by
Troy
should work. Additionally, most of the upstream work is done in Fedora and
anyway every new commit should go to Fedora first, RHEL content is mostly a
subset of Fedora, there are very few differences.
Yes, but the differences might be crucial so it'd be great if we could
look at the repository containing the actual policy used in centos as
well.
I did not oppose the arguments, just commented on the current state and
what was possible that time.
Anyway, the change eventually happened and there is the c9s branch in the
fedora-selinux/selinux-policy repository now.
Thanks everybody for your patience.
Cheers,
Daan
On Wed, 12 Jul 2023 at 16:16, Zdenek Pytela <zpytela(a)redhat.com> wrote:
>
>
>
> On Tue, Jul 11, 2023 at 10:37 PM Troy Dawson <tdawson(a)redhat.com> wrote:
>>
>> On Tue, Jul 11, 2023 at 12:50 PM Neal Gompa <ngompa13(a)gmail.com> wrote:
>>>
>>> On Tue, Jul 11, 2023 at 9:31 AM Troy Dawson <tdawson(a)redhat.com>
wrote:
>>> >
>>> > On Tue, Jul 11, 2023 at 4:28 AM Daan De Meyer <
daan.j.demeyer(a)gmail.com> wrote:
>>> >>
>>> >> Hi,
>>> >>
>>> >> It seems that the selinux-policy rpm is built from
>>> >> git@gitlab.cee.redhat.com:SELinux/selinux-policy.git which seems
to be
>>> >> a redhat internal repository. More specifically, if I try to
checkout
>>> >> the commit listed in the selinux-policy spec
>>> >> (
https://gitlab.com/redhat/centos-stream/rpms/selinux-policy/-/blob/c9s/se...
)
>>> >> in the fedora-selinux repository cloned from github, I get an
error
>>> >> saying that the commit does not exist. It would be great if the
>>> >> repository containing this commit was publicly available and open
for
>>> >> external contributors just like all the other packages in CentOS
>>> >> Stream. Is it possible to make this happen?
>>> >
>>> >
>>> > I'm not the selinux-policy maintainer, so I can't comment on
where
they work on the selinux-policy source code.
>>> >
>>> > But this is how I get the sources, if that is what you are
ultimately looking for.
>>> >
>>> > centpkg clone selinux-policy
>>> > cd selinux-policy
>>> > centpkg sources
>>> > or if you want to know where they really are
>>> > centpkg -v sources
>>> > This shows it to be coming from
>>> >
https://sources.stream.centos.org/sources/rpms/selinux-policy/selinux-pol...
>>> >
>>> > The sources information is found in the sources file
>>> >
https://gitlab.com/redhat/centos-stream/rpms/selinux-policy/-/blob/c9s/so...
>>> >
>>> > I know this isn't exactly what you asked for, but I hope it still
helps.
>>> >
>>>
>>> I think the idea is that having the Git repository in a public
>>> location would allow the CentOS Hyperscale SIG to contribute to the
>>> SELinux policy in a meaningful way.
>>
>>
>> Ah, ok. That makes sense.
>> As I said, I'm not the maintainer so I don't know why it's where it
is. So I'll step out of the conversation.
>
>
> Hi,
>
> I am one of the selinux-policy maintainers. Currently, repository for
Fedora is at
github.com and RHEL sources are in an internal repo. We have
already discussed moving centos stream sources to some of the public
repositories, but it did not happen. Currently we are discussing it again,
there are a few options how to do so.
>
> To get just the latest repository content, steps described by Troy
should work. Additionally, most of the upstream work is done in Fedora and
anyway every new commit should go to Fedora first, RHEL content is mostly a
subset of Fedora, there are very few differences.
>
> --
>
> Zdenek Pytela
> Security SELinux team
> _______________________________________________
> selinux mailing list -- selinux(a)lists.fedoraproject.org
> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
> Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue