commit 7a3c6aa6746bbaa18aee59bfd61dcda389ff44c2 Author: CentOS Sources Date: Tue Mar 28 09:27:16 2023 +0000 import setools-4.4.1-1.el9 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62dc7e6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/4.4.1.tar.gz diff --git a/.setools.metadata b/.setools.metadata new file mode 100644 index 0000000..3c74635 --- /dev/null +++ b/.setools.metadata @@ -0,0 +1 @@ +4a6c9cdfd2bfa1b4822951a6d3ffa67fbaefd827 SOURCES/4.4.1.tar.gz diff --git a/SOURCES/0001-Make-NetworkX-optional.patch b/SOURCES/0001-Make-NetworkX-optional.patch new file mode 100644 index 0000000..c573d45 --- /dev/null +++ b/SOURCES/0001-Make-NetworkX-optional.patch @@ -0,0 +1,91 @@ +From 716a1d9e1db6701c0b310dd7e10dc4a10656da0f Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Tue, 14 Dec 2021 14:24:20 -0500 +Subject: [PATCH] Make NetworkX optional. +Content-type: text/plain + +The CLI tools get installed to most distros, but sedta and seinfoflow are +not typically used or separated into a different package. This will allow +seinfo, sesearch, and sediff to function if NetworkX is missing, since they +don't require it. + +Signed-off-by: Chris PeBenito +--- + setools/dta.py | 18 ++++++++++++++---- + setools/infoflow.py | 17 +++++++++++++---- + 2 files changed, 27 insertions(+), 8 deletions(-) + +diff --git a/setools/dta.py b/setools/dta.py +index ce5a36463684..ded88ff4f615 100644 +--- a/setools/dta.py ++++ b/setools/dta.py +@@ -10,8 +10,11 @@ from collections import defaultdict + from contextlib import suppress + from typing import DefaultDict, Iterable, List, NamedTuple, Optional, Union + +-import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++try: ++ import networkx as nx ++ from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++except ImportError: ++ logging.getLogger(__name__).debug("NetworkX failed to import.") + + from .descriptors import EdgeAttrDict, EdgeAttrList + from .policyrep import AnyTERule, SELinuxPolicy, TERuletype, Type +@@ -73,8 +76,15 @@ class DomainTransitionAnalysis: + self.reverse = reverse + self.rebuildgraph = True + self.rebuildsubgraph = True +- self.G = nx.DiGraph() +- self.subG = self.G.copy() ++ ++ try: ++ self.G = nx.DiGraph() ++ self.subG = self.G.copy() ++ except NameError: ++ self.log.critical("NetworkX is not available. This is " ++ "requried for Domain Transition Analysis.") ++ self.log.critical("This is typically in the python3-networkx package.") ++ raise + + @property + def reverse(self) -> bool: +diff --git a/setools/infoflow.py b/setools/infoflow.py +index 0ef240a9993f..4b94a0c2d6dd 100644 +--- a/setools/infoflow.py ++++ b/setools/infoflow.py +@@ -7,8 +7,11 @@ import logging + from contextlib import suppress + from typing import cast, Iterable, List, Mapping, Optional, Union + +-import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++try: ++ import networkx as nx ++ from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++except ImportError: ++ logging.getLogger(__name__).debug("NetworkX failed to import.") + + from .descriptors import EdgeAttrIntMax, EdgeAttrList + from .permmap import PermissionMap +@@ -54,8 +57,14 @@ class InfoFlowAnalysis: + self.rebuildgraph = True + self.rebuildsubgraph = True + +- self.G = nx.DiGraph() +- self.subG = self.G.copy() ++ try: ++ self.G = nx.DiGraph() ++ self.subG = self.G.copy() ++ except NameError: ++ self.log.critical("NetworkX is not available. This is " ++ "requried for Information Flow Analysis.") ++ self.log.critical("This is typically in the python3-networkx package.") ++ raise + + @property + def min_weight(self) -> int: +-- +2.39.1 + diff --git a/SOURCES/1003-Require-networkx-on-package-level.patch b/SOURCES/1003-Require-networkx-on-package-level.patch new file mode 100644 index 0000000..99eb500 --- /dev/null +++ b/SOURCES/1003-Require-networkx-on-package-level.patch @@ -0,0 +1,24 @@ +From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 2 Apr 2020 16:06:14 +0200 +Subject: [PATCH 2/2] Require networkx on package level + +It allows us to ship python3-setools without dependency on python3-networkx +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index c593b786cc61..0551811e3fd1 100644 +--- a/setup.py ++++ b/setup.py +@@ -163,5 +163,5 @@ setup(name='setools', + # setup also requires libsepol and libselinux + # C libraries and headers to compile. + setup_requires=['setuptools', 'Cython>=0.27'], +- install_requires=['setuptools', 'networkx>=2.0'] ++ install_requires=['setuptools'] + ) +-- +2.30.0 + diff --git a/SOURCES/apol.desktop b/SOURCES/apol.desktop new file mode 100644 index 0000000..727733a --- /dev/null +++ b/SOURCES/apol.desktop @@ -0,0 +1,11 @@ +[Desktop Entry] +Name=SELinux Policy Analysis +GenericName=SELinux Policy Analysis Tool +Comment=This tool can examine, search, and relate policy components and policy rules +Icon=apol +Exec=/usr/bin/apol +Type=Application +Terminal=false +Categories=System; +X-Desktop-File-Install-Version=0.2 +StartupNotify=true diff --git a/SOURCES/setools.pam b/SOURCES/setools.pam new file mode 100644 index 0000000..c7d67e3 --- /dev/null +++ b/SOURCES/setools.pam @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include config-util +account include config-util +session include config-util diff --git a/SPECS/setools.spec b/SPECS/setools.spec new file mode 100644 index 0000000..5b1c660 --- /dev/null +++ b/SPECS/setools.spec @@ -0,0 +1,304 @@ +%global sepol_ver 3.4-1 +%global selinux_ver 3.4-1 + +Name: setools +Version: 4.4.1 +Release: 1%{?dist} +Summary: Policy analysis tools for SELinux + +License: GPL-2.0-only and LGPL-2.1-only +URL: https://github.com/SELinuxProject/setools/wiki +Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz +Source1: setools.pam +Source2: apol.desktop +Patch0001: 0001-Make-NetworkX-optional.patch +Patch1003: 1003-Require-networkx-on-package-level.patch +Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 +BuildRequires: flex, bison +BuildRequires: glibc-devel, gcc, git-core +BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} +BuildRequires: qt5-qtbase-devel +BuildRequires: swig +BuildRequires: python3-Cython +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: libselinux-devel + +Requires: %{name}-console = %{version}-%{release} +Requires: %{name}-console-analyses = %{version}-%{release} +Requires: %{name}-gui = %{version}-%{release} + +%description +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. + +%package console +Summary: Policy analysis command-line tools for SELinux +License: GPL-2.0-only +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} + +%description console +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sediff Compare two policies to find differences. + seinfo List policy components. + sesearch Search rules (allow, type_transition, etc.) + + +%package console-analyses +Summary: Policy analysis command-line tools for SELinux +License: GPL-2.0-only +Requires: python3-setools = %{version}-%{release} +Requires: libselinux >= %{selinux_ver} +Requires: python3-networkx + +%description console-analyses +SETools is a collection of graphical tools, command-line tools, and +libraries designed to facilitate SELinux policy analysis. + +This package includes the following console tools: + + sedta Perform domain transition analyses. + seinfoflow Perform information flow analyses. + + +%package -n python3-setools +Summary: Policy analysis tools for SELinux +License: LGPL-2.1-only +Obsoletes: setools-libs < 4.0.0 +%{?python_provide:%python_provide python3-setools} +Requires: python3-setuptools + +%description -n python3-setools +SETools is a collection of graphical tools, command-line tools, and +Python 3 modules designed to facilitate SELinux policy analysis. + + +%package gui +Summary: Policy analysis graphical tools for SELinux +License: GPL-2.0-only +Requires: python3-setools = %{version}-%{release} +Requires: python3-qt5 +Requires: python3-networkx + +%description gui +SETools is a collection of graphical tools, command-line tools, and +Python modules designed to facilitate SELinux policy analysis. + + +%prep +%autosetup -p 1 -S git -n setools-%{version} + + +%build +%py3_build + + +%install +%py3_install + +%check +%if %{?_with_check:1}%{!?_with_check:0} +%{__python3} setup.py test +%endif + + +%files + +%files console +%license COPYING.GPL +%{_bindir}/sechecker +%{_bindir}/sediff +%{_bindir}/seinfo +%{_bindir}/sesearch +%{_mandir}/man1/sechecker* +%{_mandir}/man1/sediff* +%{_mandir}/man1/seinfo* +%{_mandir}/man1/sesearch* +%{_mandir}/ru/man1/sediff* +%{_mandir}/ru/man1/seinfo* +%{_mandir}/ru/man1/sesearch* + +%files console-analyses +%license COPYING.GPL +%{_bindir}/sedta +%{_bindir}/seinfoflow +%{_mandir}/man1/sedta* +%{_mandir}/man1/seinfoflow* +%{_mandir}/ru/man1/sedta* +%{_mandir}/ru/man1/seinfoflow* + +%files -n python3-setools +%license COPYING COPYING.LGPL +%{python3_sitearch}/setools +%{python3_sitearch}/setools-* + +%files gui +%license COPYING.GPL +%{_bindir}/apol +%{python3_sitearch}/setoolsgui +%{_mandir}/man1/apol* +%{_mandir}/ru/man1/apol* + +%changelog +* Mon Feb 6 2023 Petr Lautrbach - 4.4.1-1 +- SETools 4.4.1 release + +* Fri Jun 10 2022 Petr Lautrbach - 4.4.0-5 +- Update required userspace versions to 3.4 +- Drop unnecessary Recommends + +* Fri Nov 19 2021 Petr Lautrbach - 4.4.0-4 +- Make seinfo output predictable + https://github.com/SELinuxProject/setools/issues/65 + +* Tue Aug 10 2021 Mohan Boddu - 4.4.0-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 4.4.0-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 8 2021 Petr Lautrbach - 4.4.0-1 +- SETools 4.4.0 release + +* Wed Jan 27 2021 Fedora Release Engineering - 4.4.0-0.3.20210121git16c0696 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 21 2021 Petr Lautrbach - 4.4.0-0.2.20210121git16c0696 +- Rebuild with SELinux userspace 3.2-rc1 +- Update to 16c0696 + +* Thu Dec 10 2020 Petr Lautrbach - 4.4.0-0.2.20201102git05e90ee +- Fix imports in /usr/bin/sedta + +* Tue Nov 3 2020 Petr Lautrbach - 4.4.0-0.1.20201102git05e90ee +- Update to 05e90ee +- Add /usr/bin/sechecker +- Adapt to new libsepol filename transition structures +- Rebuild with libsepol.so.2 + +* Sat Aug 01 2020 Fedora Release Engineering - 4.3.0-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 4.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 16 2020 Petr Lautrbach - 4.3.0-3 +- rebuild with SELinux userspace 3.1 release + +* Tue May 26 2020 Miro Hrončok - 4.3.0-2 +- Rebuilt for Python 3.9 + +* Thu Apr 2 2020 Petr Lautrbach - 4.3.0-1 +- SETools 4.3.0 release +- Revised sediff method for TE rules. This drastically reduced memory and run time. +- Added infiniband context support to seinfo, sediff, and apol. +- Added apol configuration for location of Qt assistant. +- Fixed sediff issue where properties header would display when not requested. +- Fixed sediff issue with type_transition file name comparison. +- Fixed permission map socket sendto information flow direction. +- Added methods to TypeAttribute class to make it a complete Python collection. +- Genfscon now will look up classes rather than using fixed values which + were dropped from libsepol. + +* Mon Mar 23 2020 Petr Lautrbach - 4.2.2-5 +- setools requires -console, -console-analyses and -gui packages (#1794314) + +* Thu Jan 30 2020 Fedora Release Engineering - 4.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Oct 03 2019 Miro Hrončok - 4.2.2-3 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Mon Aug 19 2019 Miro Hrončok - 4.2.2-2 +- Rebuilt for Python 3.8 + +* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1} +- SETools 4.2.2 release + +* Mon May 13 2019 Vit Mojzis - 4.2.1-3 +- Use %set_build_flags instead of %optflags + +* Mon May 06 2019 Vit Mojzis - 4.2.1-2 +- SELinuxPolicy: Create a map of aliases on policy load (#1672631) + +* Tue Mar 26 2019 Petr Lautrbach - 4.2.1-1 +- SETools 4.2.1 release (#1581761, #1595582) + +* Wed Nov 14 2018 Vit Mojzis - 4.2.0-1 +- Update source to SETools 4.2.0 release + +* Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc +- Update upstream source to 4.2.0-rc + +* Wed Sep 19 2018 Vit Mojzis - 4.2.0-0.2.beta +- Require userspace release 2.8 +- setools-gui requires python3-setools +- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) +- Drop python2 subpackage (4.2.0 no longer supports python2) + +* Wed Aug 29 2018 Vit Mojzis - 4.1.1-13 +- Add Requires for python[23]-setuptools - no longer required (just recommended) + by python[23] (#1623371) + +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12.1 +- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 + +* Sat Jul 14 2018 Fedora Release Engineering - 4.1.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 4.1.1-10 +- Rebuilt for Python 3.7 + +* Thu Jun 14 2018 Petr Lautrbach - 4.1.1-9 +- Move gui python files to -gui subpackage + +* Thu Apr 26 2018 Vit Mojzis - 4.1.1-8 +- Add support for SCTP protocol (#1568333) + +* Thu Apr 19 2018 Iryna Shcherbina - 4.1.1-7 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Fri Feb 09 2018 Fedora Release Engineering - 4.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Sep 04 2017 Petr Lautrbach - 4.1.1-5 +- setools-python2 requires python2-enum34 + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-4 +- Add Provides for the old name without %%_isa + +* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek - 4.1.1-3 +- Python 2 binary package renamed to python2-setools + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 +- Python 3 binary package renamed to python3-setools + +* Thu Aug 10 2017 Petr Lautrbach - 4.1.1-2 +- bswap_* macros are defined in byteswap.h + +* Mon Aug 07 2017 Petr Lautrbach - 4.1.1-1 +- New upstream release + +* Thu Aug 03 2017 Fedora Release Engineering - 4.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 4.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon May 22 2017 Petr Lautrbach - 4.1.0-3 +- setools-python{,3} packages should have a weak dependency on libselinux-python{,3} + (#1447747) + +* Thu Feb 23 2017 Petr Lautrbach - 4.1.0-2 +- Move python networkx dependency to -gui and -console-analyses +- Ship sedta and seinfoflow in setools-console-analyses + +* Wed Feb 15 2017 Petr Lautrbach - 4.1.0-1 +- New upstream release.