4 changed files with 239 additions and 18 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v0.1.8.tar.gz
+SOURCES/v0.2.6.tar.gz
--- a/.udica.metadata
+++ b/.udica.metadata
@ -1 +1 @@
-61be1852f6b9d4ada461dec80dfc58989017b376 SOURCES/v0.1.8.tar.gz
+c14134162d47822f6659ecfc955a498171e9d08d SOURCES/v0.2.6.tar.gz
--- a/SOURCES/0001-Make-sure-each-section-of-the-inspect-exists-before-.patch
+++ b/SOURCES/0001-Make-sure-each-section-of-the-inspect-exists-before-.patch
@ -0,0 +1,133 @@
 From dd05dbe742384dd22f4a63889c56cb75e4e2f571 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Tue, 9 Nov 2021 18:04:39 +0100
 Subject: [PATCH] Make sure each section of the inspect exists before accessing
 Fixes: https://github.com/containers/udica/issues/105,
       https://github.com/containers/udica/issues/103
 Inspired by:
 https://github.com/WellIDKRealy/udica/commit/0c56d98b8c58a8a4ceb89b04d700c834c13778fd
 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 ---
 udica/parse.py | 62 ++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 48 insertions(+), 14 deletions(-)
 diff --git a/udica/parse.py b/udica/parse.py
 index 0797095..59b3dc5 100644
 --- a/udica/parse.py
 +++ b/udica/parse.py
@@ -29,6 +29,24 @@ ENGINE_DOCKER = "docker"
 ENGINE_ALL = [ENGINE_PODMAN, ENGINE_CRIO, ENGINE_DOCKER]
 +# Decorator for verifying that getting value from "data" won't
 +# result in Key error or Type error
 +# e.g. in data[0]["HostConfig"]["Devices"]
 +# missing "HostConfig" key in data[0] produces KeyError and
 +# data[0]["HostConfig"] == none produces TypeError
 +def getter_decorator(function):
 +    # Verify that each element in path exists and return the corresponding value,
 +    # otherwise return [] -- can be safely processed by iterators
 +    def wrapper(self, data, *args):
 +        try:
 +            value = function(self, data, *args)
 +            return value if value else []
 +        except (KeyError, TypeError):
 +            return []
 +
 +    return wrapper
 +
 +
 def json_is_podman_or_docker_format(json_rep):
     """Check if the inspected file is in a format from docker or podman.
@@ -91,19 +109,22 @@ class EngineHelper(abc.ABC):
     def get_caps(self, data, opts):
         if opts["Caps"]:
 -            if opts["Caps"] == "None":
 +            if opts["Caps"] in ["None", "none"]:
                 return []
             return opts["Caps"].split(",")
         return []
 class PodmanDockerHelper(EngineHelper):
 +    @getter_decorator
     def get_devices(self, data):
         return data[0]["HostConfig"]["Devices"]
 +    @getter_decorator
     def get_mounts(self, data):
         return data[0]["Mounts"]
 +    @getter_decorator
     def get_ports(self, data):
         ports = []
         for key, value in data[0]["NetworkSettings"]["Ports"].items():
@@ -120,8 +141,13 @@ class PodmanHelper(PodmanDockerHelper):
     def __init__(self):
         super().__init__(ENGINE_PODMAN)
 +    @getter_decorator
     def get_caps(self, data, opts):
 -        if not opts["Caps"]:
 +        if opts["Caps"]:
 +            return (
 +                opts["Caps"].split(",") if opts["Caps"] not in ["None", "none"] else []
 +            )
 +        else:
             return data[0]["EffectiveCaps"]
         return []
@@ -138,18 +164,25 @@ class DockerHelper(PodmanDockerHelper):
     def adjust_json_from_docker(self, json_rep):
         """If the json comes from a docker call, we need to adjust it to make use
         of it."""
 -
 -        if not isinstance(json_rep[0]["NetworkSettings"]["Ports"], dict):
 -            raise Exception(
 -                "Error parsing docker engine inspection JSON structure, try to specify container engine using '--container-engine' parameter"
 -            )
 -
 -        for item in json_rep[0]["Mounts"]:
 -            item["source"] = item["Source"]
 -            if item["Mode"] == "rw":
 -                item["options"] = "rw"
 -            if item["Mode"] == "ro":
 -                item["options"] = "ro"
 +        try:
 +            if not isinstance(json_rep[0]["NetworkSettings"]["Ports"], dict):
 +                raise Exception(
 +                    "Error parsing docker engine inspection JSON structure, try to specify container engine using '--container-engine' parameter"
 +                )
 +        except (KeyError, TypeError):
 +            # "Ports" not specified in given json file
 +            pass
 +
 +        try:
 +            for item in json_rep[0]["Mounts"]:
 +                item["source"] = item["Source"]
 +                if item["Mode"] == "rw":
 +                    item["options"] = "rw"
 +                if item["Mode"] == "ro":
 +                    item["options"] = "ro"
 +        except (KeyError, TypeError):
 +            # "Mounts" not specified in given json file
 +            pass
 class CrioHelper(EngineHelper):
@@ -161,6 +194,7 @@ class CrioHelper(EngineHelper):
         # bind mounting device on the container
         return []
 +    @getter_decorator
     def get_mounts(self, data):
         return data["status"]["mounts"]
 -- 
 2.30.2
--- a/SPECS/udica.spec
+++ b/SPECS/udica.spec
@ -1,8 +1,9 @@
 Summary: A tool for generating SELinux security policies for containers
 Name: udica
-Version: 0.1.8
+Version: 0.2.6
-Release: 1%{?dist}
+Release: 30%{?dist}
 Source0: https://github.com/containers/udica/archive/v%{version}.tar.gz
 Patch0: 0001-Make-sure-each-section-of-the-inspect-exists-before-.patch
 License: GPLv3+
 BuildArch: noarch
 Url: https://github.com/containers/udica
@ -13,13 +14,15 @@ Requires: python3 python3-libsemanage python3-libselinux
 BuildRequires: python2 python2-devel python2-setuptools
 Requires: python2 libsemanage-python libselinux-python
 %endif
 # container-selinux provides policy templates
 Requires: container-selinux >= 2.168.0-2
 %description
 Tool for generating SELinux security profiles for containers based on
 inspection of container JSON file.
 %prep
-%setup -q
+%autosetup -p 1
 %build
 %if 0%{?fedora} || 0%{?rhel} > 7
@ -29,8 +32,6 @@ inspection of container JSON file.
 %endif
 %install
 install --directory %%{buildroot}%{_datadir}/udica/templates
 %if 0%{?fedora} || 0%{?rhel} > 7
 %{__python3} setup.py install --single-version-externally-managed --root=%{buildroot}
 %else
@ -45,9 +46,7 @@ install -m 0644 udica/man/man8/udica.8 %{buildroot}%{_mandir}/man8/udica.8
 %{_bindir}/udica
 %dir %{_datadir}/udica
 %dir %{_datadir}/udica/ansible
 %dir %{_datadir}/udica/templates
 %{_datadir}/udica/ansible/*
 %{_datadir}/udica/templates/*
 %if 0%{?fedora} || 0%{?rhel} > 7
 %license LICENSE
@ -60,20 +59,109 @@ install -m 0644 udica/man/man8/udica.8 %{buildroot}%{_mandir}/man8/udica.8
 %endif
 %changelog
-* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.1.8-1
+* Fri Jan 27 2023 Vit Mojzis <vmojzis@redhat.com> - 0.2.6-30
- Rebuilt for MSVSphere 8.8
+- Bump release to preserve upgrade path (#2160401)
 * Wed Dec 01 2021 Vit Mojzis <vmojzis@redhat.com> - 0.2.6-4
 - Make sure each section of the inspect exists before accessing (#2027656)
 * Tue Sep 21 2021 Vit Mojzis <vmojzis@redhat.com> - 0.2.6-3
 - Require container-selinux shipping policy templates (#2000051)
 * Fri Sep 17 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.6-2
 - use RHEL-9 product version for gating
 - Related: #2000051
 * Thu Sep 16 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.6-1
 - update to https://github.com/containers/udica/releases/tag/v0.2.6
 - Related: #2000051
 * Fri Sep 03 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.5-2
 - New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995041)
 - Replace capability dictionary with str.lower()
 - Enable udica to generate policies with fifo class
 - Sort container inspect data before processing
 - Update templates to work properly with new cil parser
 - Related: #2000051
 * Wed Aug 25 2021 Vit Mojzis <vmojzis@redhat.com> - 0.2.5-1
 - New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995046)
 - Replace capability dictionary with str.lower()
 - Enable udica to generate policies with fifo class
 - Sort container inspect data before processing
 - Update templates to work properly with new cil parser
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.2.4-9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Mon Jun 14 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.4-8
 - remove %%check again and all related BRs
 * Mon Jun 14 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.4-7
 - remove black from BR
 * Mon Jun 14 2021 Jindrich Novy <jnovy@redhat.com> - 0.2.4-6
 - Add missing BR
 - Related: #1970747
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.2.4-5
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Tue Mar 16 2021 Vit Mojzis <vmojzis@redhat.com> - 0.2.4-4
 - Remove %%check section
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Sun Dec 13 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.4-2
 - Add %%check section to run basic tests during rpm build process
 * Wed Nov 25 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.4-1
 - New rebase https://github.com/containers/udica/releases/tag/v0.2.4
 * Thu Aug 13 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.3-1
 - New rebase https://github.com/containers/udica/releases/tag/v0.2.3
 * Mon Aug 03 2020 Lukas Vrabec <lvrabec@redhat.com> - 0.2.2-1
 - New rebase https://github.com/containers/udica/releases/tag/v0.2.2
 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.2.1-3
 - Rebuilt for Python 3.9
 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Fri Oct 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.2.1-1
 - New rebase https://github.com/containers/udica/releases/tag/v0.2.1
 * Wed Sep 25 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.2.0-1
 - New rebase https://github.com/containers/udica/releases/tag/v0.2.0
 * Wed Aug 28 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.9-1
 - Update tests test_basic.podman.cil, test_basic.docker.cil. Round 2
 - New rebase https://github.com/containers/udica/releases/tag/v0.1.9
 * Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.1.8-3
 - Rebuilt for Python 3.8
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Thu Jul 11 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.8-1
- Udica supports podman version 1.4.0+
+- New rebase https://github.com/containers/udica/releases/tag/v0.1.8
 Resolves: rhbz#1729115
-* Fri May 17 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.6-1
+* Wed Jun 12 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.7-1
- Update testsuite from upstream release
+- New rebase with upstream adding new param --ansible, to generate ansible playbook for deploying policies. https://github.com/containers/udica/releases/tag/v0.1.7
 Resolves: rhbz#1673643
-* Wed May 15 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.5-2
+* Thu May 16 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.6-1
- Bump release because of gating tests
+- New rebase with upstream adding new tests
 * Tue Apr 30 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.5-2
 - Add allow rules for container_runtime_t to base_container.cil, Podman version 1.2.0 requires new allow rules.
 * Fri Apr 19 2019 Lukas Vrabec <lvrabec@redhat.com> - 0.1.5-1
 - Create mock selinux and semanage module
 - Update testing section in README
`@ -1 +1 @@`
	`61be1852f6b9d4ada461dec80dfc58989017b376 SOURCES/v0.1.8.tar.gz`	`c14134162d47822f6659ecfc955a498171e9d08d SOURCES/v0.2.6.tar.gz`