commit: 5f7c94e010a7d68ddd59a21221788b38e369faa8 Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> AuthorDate: Sun Sep 5 15:21:44 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Sep 5 15:30:14 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5f7c94e0
Merge upstream Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> gentoo/README | 64 +++++++++++++++++++++++++++++++++++++++++++++++++---------- gentoo/STATE | 2 +- 2 files changed, 54 insertions(+), 12 deletions(-) diff --git a/gentoo/README b/gentoo/README index e0f294bf..54dbcc6a 100644 --- a/gentoo/README +++ b/gentoo/README @@ -1,19 +1,61 @@ Gentoo refpolicy repository =========================== -Our upstream is Tresys' refpolicy project, available at -https://github.com/TresysTechnology/refpolicy.git. To properly keep track of the upstream -activity as well as merge its changes, a set of documents, files and scripts are -provided to ease the management of our repository. +Our upstream is SELinuxProject's refpolicy project, available at: +https://github.com/SELinuxProject/refpolicy/. To properly keep track of the +upstream activity as well as merge its changes, a set of documents, files and +scripts are provided to ease the management of our repository. -STATE ------ +Environment Variables +--------------------- -The STATE file contains the commit id's of upstream up to which point our +The scripts in this directory expect several envvars defining locations to repos. +For example, set in .bashrc: + +export GENTOOX86="/var/db/repos/gentoo" +export HARDENEDREFPOL="${HOME}/code/gentoo/hardened-refpolicy" +export REFPOLGIT="${HOME}/code/gentoo/refpolicy" +export REFPOLRELEASE="${HOME}/code/gentoo/refpolicy-release/refpolicy" + + +gentoo/STATE +------------ + +The STATE file contains the commit id of upstream up to which point our repository is synchronized/merged. -release-prepare.sh ------------------- +Merging upstream +---------------- + +To merge changes from upstream, first have both repos checked out and up to date. +Format patches from upstream repo: + + refpolicy $ git fetch origin + refpolicy $ rm -f ./0*.patch # cleanup any previous patches + refpolicy $ git format-patch $(cat ${HARDENEDREFPOL}/gentoo/STATE)..origin/HEAD + +Apply all the patches to our repo: + + hardened-refpolicy $ git am ${REFPOLGIT}/0*.patch --signoff + +If there are merge conflicts, patch fuzzy-apply is usually somewhat successful: + + $ patch -p1 -F99 -l --no-backup-if-mismatch < <(git am --show-current-patch=diff) + +Or resolve conflicts manually. Then, as always, make sure everything is sane, +then continue until all patches are applied: $ git am --continue + +Make sure to test thoroughly and push to github so the Github Actions CI will +test all config combinations and flag any deprecations. + +Finally, make sure the STATE file is updated: + + $ git -C ${REFPOLGIT} rev-parse origin/HEAD > gentoo/STATE + $ git add gentoo/STATE + $ git commit -m "Merge upstream" -s + +gentoo/release-prepare.sh +------------------------- -The release-prepare.sh script handles the creation of a new policy release, from -creating the new ebuilds, patchbundle to tagging the repository. +The release-prepare.sh script handles the creation of a new Gentoo policy +release, from creating the new ebuilds & patchbundle to tagging the repository. diff --git a/gentoo/STATE b/gentoo/STATE index 76659b77..7e9c4893 100644 --- a/gentoo/STATE +++ b/gentoo/STATE @@ -1 +1 @@ -main 4aa1562208b576906ecb469175bfa11e791fdbe6 +e45d2fd1efb20380b2bf21a52623bf008d742e46