34987882 Add required files for Oracle repos hosted on GitHub

CONTRIBUTING.md

@@ -1,5 +1,53 @@
-Contributors to all Oracle open-source projects are required to sign the Oracle Contributor Agreement(OCA).
+# Contributing to this repository
 
-Please refer to [Oracle Contributor Agreement page](http://www.oracle.com/technetwork/community/oca-486395.html)
+We welcome your contributions! There are multiple ways to contribute.
 
-Please contact [email protected] to discuss the details of contributing to the Image Packaging System.
+## Opening issues
+
+For bugs or enhancement requests, priority is given to those filed
+in Oracle's internal bug database.  Customers with Oracle Solaris support
+contracts should open a Service Request with Oracle Support to start
+this process.
+
+If you don't have an Oracle Solaris support contract, please file a GitHub
+issue to report bugs or enhancement requests, unless it's security related.
+When filing a bug remember that the better written the bug is,
+the more likely it is to be fixed. If you think you've found a security
+vulnerability, do not raise a GitHub issue and instead follow the instructions
+in our [security policy](./SECURITY.md).
+
+## Contributing code
+
+Before submitting code directly to this repo you will need to have signed the
+[Oracle Contributor Agreement][OCA] (OCA).
+
+Only contributions from committers that can be verified
+as having signed the OCA can be accepted.
+
+## Pull request process
+
+As the GitHub repo is a read-only mirror of a Oracle internal Mercurial repo,
+we cannot accept Github pull requests.  Instead, follow this modified process:
+
+1. Ensure there is an issue created to track and discuss the fix or enhancement
+   you intend to submit.
+2. Fork this repository.
+3. Create a branch in your fork to implement the changes. We recommend using
+   the issue number as part of your branch name, e.g. `1234-fixes`.
+   Changes should be in a single commit per issue or set of issues.
+4. Ensure that any documentation is updated with the changes that are required
+   by your change.
+5. Provide a pointer to the commit in your fork in the issue. Explain exactly
+   what your changes are meant to do and provide simple steps on how to validate.
+   your changes.
+6. We will assign the commit to an engineer for review, and if accepted,
+   to apply the changes to the Mercurial repo, from which it will be
+   propagated back out to this GitHub repo.
+
+## Code of conduct
+
+Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd
+like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC].
+
+[OCA]: https://oca.opensource.oracle.com
+[COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/

README.md

@@ -2,7 +2,7 @@
 
 ## Introduction
 
-The image packaging system (IPS) is a software delivery system with interaction with a network repository as its primary design goal. Other key ideas are: safe execution for zones and other installation contexts, use of ZFS for efficiency and rollback, preventing the introduction of incorrect or incomplete packages, and efficient use of bandwidth.
+The Image Packaging System (IPS) is a software delivery system with interaction with a network repository as its primary design goal. Other key ideas are: safe execution for zones and other installation contexts, use of ZFS for efficiency and rollback, preventing the introduction of incorrect or incomplete packages, and efficient use of bandwidth.
 
 ## Prerequisites
 
@@ -65,21 +65,41 @@ The above command generates IPS related packages and publishes them into package
 
 For more examples, please refer to List of References below or man page pkg(1) on Solaris operating system.
 
-## How to Contribute
+## Help
 
-Please refer to [CONTRIBUTING](https://github.com/oracle/solaris-ips/blob/master/CONTRIBUTING.md) for details.
+See <https://support.oracle.com/> for official Oracle Solaris support.
+
+Discussion forums are available at:
+- <https://community.oracle.com/mosc/categories/oracle_sun_technologies>
+- <https://community.oracle.com/tech/apps-infra/categories/13305-solaris>
+
+## Contributing
+
+Instead of submitting a pull request, please
+[follow our contribution guide](./CONTRIBUTING.md).
+
+## Security
+
+Please consult the [security guide](./SECURITY.md) for our
+security vulnerability reporting and disclosure process.
 
 ## License
 
+Copyright (c) 2010, 2023, Oracle and/or its affiliates.
+
 The Image Packaging System is primarily distributed under the terms of the CDDL (Common Development and Distribution License), with a few portions covered by BSD-style or MIT-style licenses.
 
-Refer to LICENSE-CDDL, LICENSE-CPIO (applies to src/modules/cpiofile.py), and LICENSE-MINISAT (applies to src/modules/solver/*) for details.
+Refer to [LICENSE.txt](./LICENSE.txt) (the CDDL),
+[LICENSE-CPIO](./LICENSE-CPIO) (applies to src/modules/cpiofile.py),
+and [LICENSE-MINISAT](./LICENSE-MINISAT) (applies to src/modules/solver/*)
+for details.
 
-## List of References
+## Documentation
 
-1. [Packaging and Delivering Software With the Image Packaging System in Oracle&copy; Solaris 11.3](https://docs.oracle.com/cd/E53394_01/html/E54820/)
+1. [Packaging and Delivering Software With the Image Packaging System in Oracle&reg; Solaris 11.4](https://docs.oracle.com/cd/E37838_01/html/E61051/index.html)
 
-2. [Introducing the Basics of Image Packaging System (IPS) on Oracle Solaris 11](http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-083-ips-basics-523756.html)
+2. [Introducing the Basics of Image Packaging System (IPS) on Oracle Solaris 11](https://www.oracle.com/technical-resources/articles/it-infrastructure/o11-083-ips-basics.html)
 
-3. [Oracle Solaris 11 Cheatsheet for Image Packaging System](http://www.oracle.com/technetwork/server-storage/solaris11/documentation/ips-one-liners-032011-337775.pdf)
+3. [Oracle Solaris 11 Cheatsheet for Image Packaging System](https://www.oracle.com/technetwork/server-storage/solaris11/documentation/ips-one-liners-032011-337775.pdf)
 
+4. [IPS Developer Documentation](./doc)

SECURITY.md

@@ -0,0 +1,38 @@
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[[email protected]][1] preferably with a proof of concept. Please review
+some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+[Oracle Critical Patch Update][3] program. Additional
+information, including past advisories, is available on our [security alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:[email protected]
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/

build_spec.yaml

@@ -0,0 +1,16 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+
+version: 0.1
+component: build
+timeoutInSeconds: 1000
+shell: bash
+
+steps:
+  - type: Command
+    name: "compress the repo"
+    command: |
+      tar -cvzf ${OCI_WORKSPACE_DIR}/repo.tgz ./
+outputArtifacts:
+  - name: artifact
+    type: BINARY
+    location: ${OCI_WORKSPACE_DIR}/repo.tgz

exception_lists/copyright

@@ -20,13 +20,15 @@
 #
 
 #
-# Copyright (c) 2009, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2009, 2023, Oracle and/or its affiliates.
 #
 
 syntax: glob
 
 .arclint
-src/man/*.txt
+CONTRIBUTING.md
+LICENSE.txt
+SECURITY.md
 src/pkg/external_deps.txt
 src/tests/bandit-baseline.json
 src/tests/ro_data/*