[packit] 2.224.0 upstream release

Upstream tag: v2.224.0
Upstream commit: 31e9f0bd

.gitignore

@@ -191,3 +191,31 @@
 /v2.190.1.tar.gz
 /v2.191.0.tar.gz
 /v2.193.0.tar.gz
+/v2.195.0.tar.gz
+/v2.195.1.tar.gz
+/v2.197.0.tar.gz
+/v2.198.0.tar.gz
+/v2.199.0.tar.gz
+/v2.200.0.tar.gz
+/v2.201.0.tar.gz
+/v2.202.0.tar.gz
+/v2.203.0.tar.gz
+/v2.204.0.tar.gz
+/v2.205.0.tar.gz
+/v2.206.0.tar.gz
+/v2.208.0.tar.gz
+/v2.209.0.tar.gz
+/v2.210.0.tar.gz
+/v2.211.0.tar.gz
+/v2.211.1.tar.gz
+/v2.213.0.tar.gz
+/v2.215.0.tar.gz
+/v2.216.0.tar.gz
+/v2.217.0.tar.gz
+/v2.218.0.tar.gz
+/v2.219.0.tar.gz
+/v2.221.tar.gz
+/v2.221.0.tar.gz
+/v2.221.1.tar.gz
+/v2.222.0.tar.gz
+/v2.224.0.tar.gz

.packit.yaml

@@ -0,0 +1,101 @@
+---
+# See the documentation for more information:
+# https://packit.dev/docs/configuration/
+
+specfile_path: rpm/container-selinux.spec
+upstream_tag_template: v{version}
+
+srpm_build_deps:
+  - make
+
+jobs:
+  - job: copr_build
+    trigger: pull_request
+    notifications:
+      failure_comment:
+        message: "Ephemeral COPR build failed. @containers/packit-build please check."
+    enable_net: true
+    # container-selinux is noarch so we only need to test on one arch
+    targets:
+      - fedora-all
+      - fedora-eln
+      - epel-9
+      - epel-8
+
+  # Run on commit to main branch
+  # Build targets managed in copr settings
+  - job: copr_build
+    trigger: commit
+    notifications:
+      failure_comment:
+        message: "podman-next COPR build failed. @containers/packit-build please check."
+    branch: main
+    owner: rhcontainerbot
+    project: podman-next
+    enable_net: true
+
+  # All tests specified in the `/plans/` subdir
+  # Podman e2e tests for Fedora and CentOS Stream
+  - job: tests
+    trigger: pull_request
+    notifications:
+      failure_comment:
+        message: "podman e2e tests failed. @containers/packit-build please check."
+    targets: &pr_test_targets
+      - fedora-all
+      - epel-9
+      - epel-8
+    identifier: podman_e2e_test
+    tmt_plan: "/plans/podman_e2e_test"
+
+  # Podman system tests for Fedora and CentOS Stream
+  - job: tests
+    trigger: pull_request
+    notifications:
+      failure_comment:
+        message: "podman system tests failed. @containers/packit-build please check."
+    targets: *pr_test_targets
+    identifier: podman_system_test
+    tmt_plan: "/plans/podman_system_test"
+
+  # Podman e2e tests for RHEL
+  - job: tests
+    trigger: pull_request
+    use_internal_tf: true
+    notifications:
+      failure_comment:
+        message: "podman e2e tests failed on RHEL. @containers/packit-build please check."
+    targets: &pr_test_targets_rhel
+      epel-9-x86_64:
+        distros: [RHEL-9.2.0-Nightly]
+      epel-8-x86_64:
+        distros: [RHEL-8.10.0-Nightly]
+    identifier: podman_e2e_test_internal
+    tmt_plan: "/plans/podman_e2e_test"
+
+  # Podman system tests for RHEL
+  - job: tests
+    trigger: pull_request
+    use_internal_tf: true
+    notifications:
+      failure_comment:
+        message: "podman system tests failed on RHEL. @containers/packit-build please check."
+    targets: *pr_test_targets_rhel
+    identifier: podman_system_test_internal
+    tmt_plan: "/plans/podman_system_test"
+
+  - job: propose_downstream
+    trigger: release
+    update_release: false
+    dist_git_branches:
+      - fedora-all
+
+  - job: koji_build
+    trigger: commit
+    dist_git_branches:
+      - fedora-all
+
+  - job: bodhi_update
+    trigger: commit
+    dist_git_branches:
+      - fedora-branched # rawhide updates are created automatically

README.packit

@@ -0,0 +1,3 @@
+This repository is maintained by packit.
+https://packit.dev/
+The file was generated using packit 0.83.0.post1.dev4+g46d87465.

container-selinux.spec

@@ -1,11 +1,4 @@
-%global debug_package   %{nil}
-
-# container-selinux
-%global git0 https://github.com/containers/container-selinux
-
-%global built_tag v2.193.0
-%global built_tag_strip %(b=%{built_tag}; echo ${b:1})
-%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"})
+%global debug_package %{nil}
 
 # container-selinux stuff (prefix with ds_ for version/release etc.)
 # Some bits borrowed from the openstack-selinux package
@@ -18,15 +11,34 @@
 # Format must contain '$x' somewhere to do anything useful
 %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done;
 
-# Hooked up to autobuilder, please check with @lsm5 before updating
+# RHEL 8 doesn't allow watch and systemd_chat_resolved
+%if %{defined rhel} && 0%{?rhel} == 8
+%define no_watch 1
+%define no_systemd_chat_resolved 1
+%global _selinux_policy_version 3.14.3-80.el8
+%endif
+
+# https://github.com/containers/container-selinux/issues/203
+%if %{!defined fedora} && %{!defined rhel} || %{defined fedora} && 0%{?fedora} <= 37 || %{defined rhel} && 0%{?rhel} <= 9
+%define no_user_namespace 1
+%endif
+
 Name: container-selinux
+# Set different Epochs for copr and koji
+%if %{defined copr_username}
+Epoch: 102
+%else
 Epoch: 2
-Version: %{gen_version}
+%endif
+# Keep Version in upstream specfile at 0. It will be automatically set
+# to the correct value by Packit for copr and koji builds.
+# IGNORE this comment if you're looking at it in dist-git.
+Version: 2.224.0
 Release: %autorelease
-License: GPLv2
-URL: %{git0}
+License: GPL-2.0-only
+URL: https://github.com/containers/%{name}
 Summary: SELinux policies for container runtimes
-Source0: %{git0}/archive/v%{built_tag_strip}.tar.gz
+Source0: %{url}/archive/v%{version}.tar.gz
 BuildArch: noarch
 BuildRequires: make
 BuildRequires: git-core
@@ -50,7 +62,24 @@ Conflicts: k3s-selinux <= 0.4-1
 SELinux policy modules for use with container runtimes.
 
 %prep
-%autosetup -Sgit %{name}-%{built_tag_strip}
+%autosetup -Sgit %{name}-%{version}
+
+sed -i 's/^man: install-policy/man:/' Makefile
+sed -i 's/^install: man/install:/' Makefile
+
+%if %{defined no_watch}
+sed -i 's/watch watch_reads//' container.if
+sed -i 's/watch watch_reads//' container.te
+sed -i '/sysfs_t:dir watch/d' container.te
+%endif
+
+%if %{defined no_systemd_chat_resolved}
+sed -i '/^systemd_chat_resolved/d' container.te
+%endif
+
+%if %{defined no_user_namespace}
+sed -i '/user_namespace/d' container.te
+%endif
 
 %build
 make
@@ -58,16 +87,10 @@ make
 %install
 # install policy modules
 %_format MODULES $x.pp.bz2
-install -d %{buildroot}%{_datadir}/selinux/packages
-install -d -p %{buildroot}%{_datadir}/selinux/devel/include/services
-install -p -m 644 container.if %{buildroot}%{_datadir}/selinux/devel/include/services
-install -m 0644 $MODULES %{buildroot}%{_datadir}/selinux/packages
-install -d %{buildroot}/%{_datadir}/containers/selinux
-install -m 644 container_contexts %{buildroot}/%{_datadir}/containers/selinux/contexts
-install -d %{buildroot}%{_datadir}/udica/templates
-install -m 0644 udica-templates/*.cil %{buildroot}%{_datadir}/udica/templates
+%{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user
 
-%check
+# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120
+rm %{buildroot}%{_mandir}/man8/container_selinux.8
 
 %pre
 %selinux_relabel_pre -s %{selinuxtype}
@@ -83,7 +106,7 @@ fi
 %{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null
 %selinux_modules_install -s %{selinuxtype} $MODULES
 . %{_sysconfdir}/selinux/config
-sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types 
+sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types
 matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || :
 
 %postun
@@ -104,8 +127,10 @@ fi
 %{_datadir}/containers/selinux/contexts
 %dir %{_datadir}/udica/templates/
 %{_datadir}/udica/templates/*
-# Currently shipped in selinux-policy-doc
-#%%{_datadir}/man/man8/container_selinux.8.gz
+# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120
+#%%{_mandir}/man8/container_selinux.8.gz
+%{_sysconfdir}/selinux/targeted/contexts/users/*
+%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames}
 
 %triggerpostun -- container-selinux < 2:2.162.1-3
 if %{_sbindir}/selinuxenabled ; then

sources

@@ -1 +1 @@
-SHA512 (v2.193.0.tar.gz) = b245fdd45e8de8701fd387f431fb48ba9c590efa0b5d804413059f8fb6672261fcb6bc3648d54fc30188038711f42239e0687259eb8dd33d17d75c7c24910d4a
+SHA512 (v2.224.0.tar.gz) = ab838c379aae99347c5d49ef84513c5fa1cd03faf1ab6b1dd4b6c571875c7c9df389abfb41ce0e2c2a57e14d11c47cbac85e2a6ad8004c2db6087849d91282aa