From Fedora Project Wiki
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
# dnf install module-build-service | # dnf install module-build-service | ||
</pre> | </pre> | ||
{{admon/tip|Currently it's necessary to use mock, mock-lvm and mock-scm version 1.3.4-1.fc26 and module-build-service seems to be missing a dependency on python2-pdc-client. | |||
<pre> | |||
#sudo dnf install --allowerasing -y python2-pdc-client https://kojipkgs.fedoraproject.org//packages/mock/1.3.4/1.fc26/noarch/mock-1.3.4-1.fc26.noarch.rpm https://kojipkgs.fedoraproject.org//packages/mock/1.3.4/1.fc26/noarch/mock-lvm-1.3.4-1.fc26.noarch.rpm https://kojipkgs.fedoraproject.org//packages/mock/1.3.4/1.fc26/noarch/mock-scm-1.3.4-1.fc26.noarch.rpm | |||
</pre> | |||
}} | |||
=== SELinux Developer Packages === | === SELinux Developer Packages === | ||
| Line 26: | Line 32: | ||
=== DNF (module support) === | === DNF (module support) === | ||
{{admon/warning|Since this changes the behavior of dnf, it may interfere with the module build. Please leave this step until after the module build (before installation).}} | |||
To install the module, ''DNF with module support'' has to be installed. It can be obtained from mhatina's [https://copr.fedorainfracloud.org/coprs/mhatina/DNF-Modules/ copr repository] | To install the module, ''DNF with module support'' has to be installed. It can be obtained from mhatina's [https://copr.fedorainfracloud.org/coprs/mhatina/DNF-Modules/ copr repository] | ||
<pre> | <pre> | ||
# dnf copr enable mhatina/ | # dnf copr enable mhatina/dnf-modularity-nightly | ||
# dnf update dnf | # dnf update dnf | ||
</pre> | </pre> | ||
| Line 54: | Line 61: | ||
# mbs-build local | # mbs-build local | ||
... [the build process may take some time to complete] ... | ... [the build process may take some time to complete] ... | ||
Resulting module repository can be found at /root/modulebuild/builds/module-memcached- | Resulting module repository can be found at /root/modulebuild/builds/module-memcached-master-<build-id> | ||
</pre> | </pre> | ||
| Line 61: | Line 68: | ||
To include new package into the module, it's source repository has to be provided and listed in the modulemd file (in this case memcached.yaml). Source repository for ''memcached-selinux'' is currently located at [https://pagure.io/memcached-selinux.git pagure]. For details on how to create custom SELinux policy rpm package, please visit [https://lvrabec-selinux.rhcloud.com/2015/07/07/how-to-create-selinux-product-policy/ lvrabec's blog]. | To include new package into the module, it's source repository has to be provided and listed in the modulemd file (in this case memcached.yaml). Source repository for ''memcached-selinux'' is currently located at [https://pagure.io/memcached-selinux.git pagure]. For details on how to create custom SELinux policy rpm package, please visit [https://lvrabec-selinux.rhcloud.com/2015/07/07/how-to-create-selinux-product-policy/ lvrabec's blog]. | ||
Use this [https://pagure.io/memcached | Use this [https://pagure.io/memcached pagure repository] containing memcached module source with all the adjustments needed to include the SELinux policy package, or follow the following steps to edit memcached module repository mentioned above. | ||
Add memcached selinux under components: | Add policycoreutils and memcached-selinux under components: | ||
<pre> | <pre> | ||
memcached-selinux: | memcached-selinux: | ||
| Line 70: | Line 77: | ||
ref: master | ref: master | ||
</pre> | </pre> | ||
And edit ''default'' profile: | And edit ''default'' install profile: | ||
<pre> | <pre> | ||
default: | default: | ||
| Line 80: | Line 87: | ||
Module build service needs to be configured to allow building packages form custom repositories. To do so, set RPMS_ALLOW_REPOSITORY and RPMS_ALLOW_CACHE to True in /etc/module-build-service/config.py file. | Module build service needs to be configured to allow building packages form custom repositories. To do so, set RPMS_ALLOW_REPOSITORY and RPMS_ALLOW_CACHE to True in /etc/module-build-service/config.py file. | ||
{{admon/tip|The following adjustment is currently necessary for module-build-service to accept pagure repositories: | |||
Edit “distgits” entry in “/usr/lib/python2.7/site-packages/module_build_service/config.py” as follows | |||
<pre> | |||
'distgits': { | |||
'type': dict, | |||
'default': { | |||
'git://pkgs.fedoraproject.org': | |||
('fedpkg clone --anonymous {}', | |||
'fedpkg --release module sources'), | |||
'https://pagure.io': | |||
('git clone https://pagure.io/{}.git', | |||
'echo "Cloned pagure repository."'), | |||
}, | |||
'desc': 'Mapping between dist-git and command to '}, | |||
</pre> | |||
}} | |||
Commit changes and re-build the module. | |||
<pre> | |||
# git add -u | |||
# git commit -m "Add SELinux policy package" | |||
# mbs-build local | |||
</pre> | |||
== Installation == | == Installation == | ||
{{admon/tip|DNF with modularity support is not necessary, albeit strongly recommended |If needed, individual packages contained within the module can be installed using dnf shipped with fedora.}} | |||
Module repository created by ''mbs-build local'' can be made visible to dnf by creating repository file in ''/etc/yum.repos.d/'' as follows. | Module repository created by ''mbs-build local'' can be made visible to dnf by creating repository file in ''/etc/yum.repos.d/'' as follows. | ||
| Line 89: | Line 125: | ||
[local] | [local] | ||
name = local | name = local | ||
baseurl = file:///root/modulebuild/builds/module-memcached- | baseurl = file:///root/modulebuild/builds/module-memcached-master-<module-id>/results/ | ||
enabled=1 | enabled=1 | ||
gpgcheck=0 | gpgcheck=0 | ||
| Line 96: | Line 132: | ||
# dnf module list | # dnf module list | ||
Name Stream Version Repo Installed Info | Name Stream Version Repo Installed Info | ||
memcached | memcached master 20170728100714 local High Performance, Distributed Memory Object Cache | ||
# dnf module info memcached | # dnf module info memcached | ||
...[memcached module info]... | ...[memcached module info]... | ||
# dnf module install/default | # dnf module install memcached:master/default | ||
</pre> | </pre> | ||
Latest revision as of 17:01, 14 December 2017
Development Warning
The SELinux Modularity prototype is under heavy development and all, or portions, of this page may be incorrect and/or incomplete.
The SELinux Modularity prototype is under heavy development and all, or portions, of this page may be incorrect and/or incomplete.
Prerequisites
The SELinux Modularity prototype described here has the following dependencies.
Fedora 26
While it may be possible to duplicate the prototype described here on other versions of Fedora, Fedora 26 is strongly recommended. Help on installing Fedora can be found in the Fedora Installation Guide.
Fedora Module Developer Packages
In order to build Fedora Modules the module-build-service package must be installed. While the package may be available via the normal DNF installation mechanism, due to the rapid development of the Fedora Modularity mechanisms it is recommended that the latest package be obtained from Koji.
# dnf install module-build-service
Currently it's necessary to use mock, mock-lvm and mock-scm version 1.3.4-1.fc26 and module-build-service seems to be missing a dependency on python2-pdc-client.
#sudo dnf install --allowerasing -y python2-pdc-client https://kojipkgs.fedoraproject.org//packages/mock/1.3.4/1.fc26/noarch/mock-1.3.4-1.fc26.noarch.rpm https://kojipkgs.fedoraproject.org//packages/mock/1.3.4/1.fc26/noarch/mock-lvm-1.3.4-1.fc26.noarch.rpm https://kojipkgs.fedoraproject.org//packages/mock/1.3.4/1.fc26/noarch/mock-scm-1.3.4-1.fc26.noarch.rpm
SELinux Developer Packages
The following is only necessary for local testing of the selinux policy package since the policy build is otherwise done by the module-build-service.
# dnf install selinux-policy-devel rpm-build
DNF (module support)
Since this changes the behavior of dnf, it may interfere with the module build. Please leave this step until after the module build (before installation).
To install the module, DNF with module support has to be installed. It can be obtained from mhatina's copr repository
# dnf copr enable mhatina/dnf-modularity-nightly # dnf update dnf
Building the memcached Module
More information on building Fedora Modules
The Fedora Modularity project has more information on building modules on their website.
The Fedora Modularity project has more information on building modules on their website.
The memcached module source is currently maintained in the Fedora Project's module repository. The first step to building the memcached module is cloning the remote repository:
# git clone https://src.fedoraproject.org/git/modules/memcached.git Cloning into 'memcached'... remote: Counting objects: 93, done. remote: Compressing objects: 100% (86/86), done. remote: Total 93 (delta 38), reused 0 (delta 0) Unpacking objects: 100% (93/93), done.
Once the repository has been cloned, you can enter the local repository and build the memcached module with the mbs-build command:
# cd memcached # mbs-build local ... [the build process may take some time to complete] ... Resulting module repository can be found at /root/modulebuild/builds/module-memcached-master-<build-id>
Including SELinux policy package
To include new package into the module, it's source repository has to be provided and listed in the modulemd file (in this case memcached.yaml). Source repository for memcached-selinux is currently located at pagure. For details on how to create custom SELinux policy rpm package, please visit lvrabec's blog.
Use this pagure repository containing memcached module source with all the adjustments needed to include the SELinux policy package, or follow the following steps to edit memcached module repository mentioned above.
Add policycoreutils and memcached-selinux under components:
memcached-selinux:
rationale: SELinux policy package for memcached.
repository: https://pagure.io/memcached-selinux.git
ref: master
And edit default install profile:
default:
rpms:
- memcached
- memcached-selinux
Module build service needs to be configured to allow building packages form custom repositories. To do so, set RPMS_ALLOW_REPOSITORY and RPMS_ALLOW_CACHE to True in /etc/module-build-service/config.py file.
The following adjustment is currently necessary for module-build-service to accept pagure repositories:
Edit “distgits” entry in “/usr/lib/python2.7/site-packages/module_build_service/config.py” as follows
'distgits': {
'type': dict,
'default': {
'git://pkgs.fedoraproject.org':
('fedpkg clone --anonymous {}',
'fedpkg --release module sources'),
'https://pagure.io':
('git clone https://pagure.io/{}.git',
'echo "Cloned pagure repository."'),
},
'desc': 'Mapping between dist-git and command to '},
Commit changes and re-build the module.
# git add -u # git commit -m "Add SELinux policy package" # mbs-build local
Installation
DNF with modularity support is not necessary, albeit strongly recommended
If needed, individual packages contained within the module can be installed using dnf shipped with fedora.
If needed, individual packages contained within the module can be installed using dnf shipped with fedora.
Module repository created by mbs-build local can be made visible to dnf by creating repository file in /etc/yum.repos.d/ as follows.
# cat /etc/yum.repos.d/local.repo [local] name = local baseurl = file:///root/modulebuild/builds/module-memcached-master-<module-id>/results/ enabled=1 gpgcheck=0 modules=1 # dnf module list Name Stream Version Repo Installed Info memcached master 20170728100714 local High Performance, Distributed Memory Object Cache # dnf module info memcached ...[memcached module info]... # dnf module install memcached:master/default