commit a2337eed30c5a5593ab74a3272c4b4c471094f3155f90cbed92cf42ae401a64b Author: Johannes Kastl Date: Sat Sep 21 18:17:57 2024 +0000 update to 1.6.stable.1 OBS-URL: https://build.opensuse.org/package/show/devel:microos/k3s-selinux?expand=0&rev=11 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..26cf856 --- /dev/null +++ b/_service @@ -0,0 +1,18 @@ + + + https://github.com/k3s-io/k3s-selinux + git + .git + v1.6.stable.1 + @PARENT_TAG@ + enable + v(.*) + *stable* + + + + + *.tar + gz + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..8762034 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/k3s-io/k3s-selinux + 48b687df7714d042a925e499c3b770d77858f37e \ No newline at end of file diff --git a/k3s-selinux-1.5.stable.1.tar.gz b/k3s-selinux-1.5.stable.1.tar.gz new file mode 100644 index 0000000..82f5c2b --- /dev/null +++ b/k3s-selinux-1.5.stable.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0b6dd4d156dd01fa2f1b7ef34c680016ae7567a808696fce341eaff1ba78bc51 +size 14192 diff --git a/k3s-selinux-1.6.stable.1.tar.gz b/k3s-selinux-1.6.stable.1.tar.gz new file mode 100644 index 0000000..7f6e45f --- /dev/null +++ b/k3s-selinux-1.6.stable.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:363bde72b0524b0fbad046f670aac9d1c0e67f63dbc581d3ae9abc3c75eed1de +size 14140 diff --git a/k3s-selinux.changes b/k3s-selinux.changes new file mode 100644 index 0000000..2c91851 --- /dev/null +++ b/k3s-selinux.changes @@ -0,0 +1,99 @@ +------------------------------------------------------------------- +Sat Sep 21 18:13:26 UTC 2024 - opensuse_buildservice@ojkastl.de + +- Update to version 1.6.stable.1: + * Fix upload repo script for all distros (#70) + * Add docker volume to the rest of drone steps (#69) + * Fix dapper commands in drone (#68) + * Fix CI (#67) + * Remove maximum version limit for container-selinux for slemicro + (#66) + +------------------------------------------------------------------- +Wed Feb 07 07:13:38 UTC 2024 - opensuse_buildservice@ojkastl.de + +- Update to version 1.5.stable.1: + * Fix /opt/bin/k3s context in all distros (#59) + * Adding changes for k3s when installing to /opt to match rke2 + behaviour (#58) + * ci: configure Dependabot version updates (#55) + * build: Align drone base images Align the base images used in + drone with the images used across the ecosystem. + +------------------------------------------------------------------- +Tue Jun 13 11:08:04 UTC 2023 - kastl@b1-systems.de + +- Update to version 1.4.stable.1: + * Remove filetranspattern for snapshot directory (#51) + +------------------------------------------------------------------- +Wed May 31 04:47:53 UTC 2023 - Johannes Kastl + +- update to 1.3.stable.1: + * Update container-selinux in el8 (#48) + * Update the container-selinux requirement (#46) + * Fix el9 policy to resolve the conflict with newer + container-selinux version (#45) + * Remove max container-selinux version check in el9 (#44) + * Fix docker image for centos9 and build requirements (#43) + * Add el9 (#42) + - Add cento9 policy and update container-selinux epoch version + - Add el9 to drone + * more fixes to the upload rpms (#40) + * fix coreos policy repo (#39) + * Fix upload rpms for coreos (#38) + * Fix policies to work with the container-selinux > 2.189.0 (#37) + - Add slemicro and fedora coreos policies + - Add maximum version requirement for centos8 policy + - fix microos policy to work with the new container-selinux + - Add drone support for slemicro and fedora coreos + +------------------------------------------------------------------- +Wed Sep 07 12:38:10 UTC 2022 - kastl@b1-systems.de + +- Update to version 1.2.stable.2: + * Bump pip/setuptools version; switch to https for git clone + * Use SHA256 to sign packages instead of default SHA1 + +------------------------------------------------------------------- +Wed Mar 16 17:40:02 UTC 2022 - kastl@b1-systems.de + +- Update to version 1.1.stable.1: + * fix centos 7 +- remove file k3s.if as it is now included in a release + +------------------------------------------------------------------- +Wed Mar 16 17:39:11 UTC 2022 - kastl@b1-systems.de + +- Update to version 1.0.stable.1: + * centos 8 vault: side-step eol problems (#28) + * k3s-root: reduced executable privileges (#26) + +------------------------------------------------------------------- +Wed Jan 26 11:52:45 UTC 2022 - Richard Brown + +- Add missing spec license/copyright + +------------------------------------------------------------------- +Sun Jan 9 15:18:33 UTC 2022 - Johannes Kastl + +- add k3s.if as source file, as it is empty in v0.5.stable.1 + - this was cherry-picked from the latest commit: + https://github.com/k3s-io/k3s-selinux/commit/7b982cf500e20c0adbad8a83cc27c43a79218aca + +------------------------------------------------------------------- +Sun Jan 09 07:16:00 UTC 2022 - kastl@b1-systems.de + +- create new package at version 0.5.stable.1 +- Update to version 0.5.latest.1: + * mention rpm signing keys in the readme + * fix for over-broad container_runtime_exec_t (#25) + * el8: keep on truckin (#24) + * drone: publish sle artifacts (#22) + * support sles 15 with sle micro packages (#21) + * [migrate k3s-io] drone tweaks + * Make k3s-selinux conflict with rke2-selinux + * Build independent el7 and el8 RPMs for k3s-selinux + * Modify build script to put the source RPM where we expect, as well as generate the source RPM + * Initial k3s-selinux el7_8 work + diff --git a/k3s-selinux.spec b/k3s-selinux.spec new file mode 100644 index 0000000..30a1455 --- /dev/null +++ b/k3s-selinux.spec @@ -0,0 +1,101 @@ +# +# spec file for package k3s-selinux +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define k3s_relabel_files() \ + mkdir -p /var/lib/cni; \ + mkdir -p /var/lib/kubelet/pods; \ + mkdir -p /var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots; \ + mkdir -p /var/lib/rancher/k3s/data; \ + mkdir -p /var/run/flannel; \ + mkdir -p /var/run/k3s; \ + restorecon -R -i /etc/systemd/system/k3s.service; \ + restorecon -R -i /usr/lib/systemd/system/k3s.service; \ + restorecon -R /var/lib/cni; \ + restorecon -R /var/lib/kubelet; \ + restorecon -R /var/lib/rancher; \ + restorecon -R /var/run/k3s; \ + restorecon -R /var/run/flannel + +%define selinux_policyver 20210716-3.1 +%define container_policyver 2.164.2-1.1 + +Name: k3s-selinux +Version: 1.6.stable.1 +Release: 0 +Summary: SELinux policy module for k3s + +Group: System Environment/Base +License: Apache-2.0 +URL: http://k3s.io/k3s-selinux +Source: %{name}-%{version}.tar.gz + +BuildArch: noarch +BuildRequires: container-selinux >= %{container_policyver} +BuildRequires: git +BuildRequires: selinux-policy >= %{selinux_policyver} +BuildRequires: selinux-policy-devel >= %{selinux_policyver} + +Requires: policycoreutils +Requires: selinux-tools +Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils, container-selinux >= %{container_policyver} +Requires(postun): policycoreutils + +Provides: %{name} = %{version}-%{release} +Obsoletes: k3s-selinux <= 0.5 +Conflicts: rke2-selinux + +%description +This package installs and sets up the SELinux policy security module for k3s. + +%prep +%setup -q + +%build +cd policy/microos +make -f /usr/share/selinux/devel/Makefile k3s.pp + +%install +install -d %{buildroot}%{_datadir}/selinux/packages +install -m 644 policy/microos/k3s.pp %{buildroot}%{_datadir}/selinux/packages +install -d %{buildroot}%{_datadir}/selinux/devel/include/contrib +install -m 644 policy/microos/k3s.if %{buildroot}%{_datadir}/selinux/devel/include/contrib/ +install -d %{buildroot}/etc/selinux/targeted/contexts/users/ + +%pre +%selinux_relabel_pre + +%post +%selinux_modules_install %{_datadir}/selinux/packages/k3s.pp +if /usr/sbin/selinuxenabled ; then + /usr/sbin/load_policy + %k3s_relabel_files +fi; + +%postun +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall k3s +fi; + +%posttrans +%selinux_relabel_post + +%files +%attr(0600,root,root) %{_datadir}/selinux/packages/k3s.pp +%{_datadir}/selinux/devel/include/contrib/k3s.if + +%changelog