diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 255e868..b838721 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,19 @@ setools-3.3.8.tar.bz2 setools-3.3.8-f1e5b20.tar.bz2 /4.1.0.tar.gz /4.1.1.tar.gz +/4.2.0-beta.tar.gz +/4.2.0-rc.tar.gz +/4.2.0.tar.gz +/4.2.1.tar.gz +/4.2.2.tar.gz +/4.3.0.tar.gz +/05e90ee.tar.gz +/16c0696.tar.gz +/4.4.0.tar.gz +/4.4.1.tar.gz +/4.4.2.tar.gz +/4.4.3.tar.gz +/4.4.4.tar.gz +/4.5.0.tar.gz +/4.5.1.tar.gz +/4.6.0.tar.gz diff --git a/0001-Do-not-use-Werror-during-build.patch b/0001-Do-not-use-Werror-during-build.patch deleted file mode 100644 index ff4523c..0000000 --- a/0001-Do-not-use-Werror-during-build.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 617c3ae83c1c72ead627a57e1529724c62df807f Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH 1/2] Do not use -Werror during build -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There are new warnings when setools are built with gcc 7 therefore we -want to suppress -Werror for now - -Fixes: -libqpol/policy_extend.c: In function ‘policy_extend’: -libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~ -libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~~~~~~~ -In file included from /usr/include/stdio.h:939:0, - from /usr/include/sepol/policydb/policydb.h:53, - from libqpol/policy_extend.c:29: -/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 - return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - __bos (__s), __fmt, __va_arg_pack ()); - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -error: command 'gcc' failed with exit status 1 ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index 2ca44c9..9319bf6 100644 ---- a/setup.py -+++ b/setup.py -@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol', - 'libqpol/policy_scan.c', - 'libqpol/xen_query.c'], - include_dirs=include_dirs, -- extra_compile_args=['-Werror', '-Wextra', -+ extra_compile_args=['-Wextra', - '-Waggregate-return', - '-Wfloat-equal', - '-Wformat', '-Wformat=2', --- -2.9.3 - diff --git a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch deleted file mode 100644 index a5d982a..0000000 --- a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and - setools.DomainTransitionAnalysis - -dta and infoflow modules require networkx which brings lot of dependencies. -These dependencies are not necessary for setools module itself as it's -used in policycoreutils. - -Therefore it's better to use setools.infoflow.InfoFlowAnalysis and -setools.dta.DomainTransitionAnalysis and let the package containing -sedta and seinfoflow to require python3-networkx ---- - sedta | 3 ++- - seinfoflow | 3 ++- - setools/__init__.py | 4 ++-- - setoolsgui/apol/dta.py | 2 +- - setoolsgui/apol/infoflow.py | 2 +- - tests/dta.py | 3 ++- - tests/infoflow.py | 3 ++- - 7 files changed, 12 insertions(+), 8 deletions(-) - -diff --git a/sedta b/sedta -index 1c76ebb..255ad49 100755 ---- a/sedta -+++ b/sedta -@@ -23,6 +23,7 @@ import argparse - import logging - - import setools -+import setools.dta - - - def print_transition(trans): -@@ -111,7 +112,7 @@ else: - - try: - p = setools.SELinuxPolicy(args.policy) -- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) -+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) - - if args.shortest_path or args.all_paths: - if args.shortest_path: -diff --git a/seinfoflow b/seinfoflow -index b287921..d53bdef 100755 ---- a/seinfoflow -+++ b/seinfoflow -@@ -19,6 +19,7 @@ - - from __future__ import print_function - import setools -+import setools.infoflow - import argparse - import sys - import logging -@@ -79,7 +80,7 @@ else: - try: - p = setools.SELinuxPolicy(args.policy) - m = setools.PermissionMap(args.map) -- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) -+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) - - if args.shortest_path or args.all_paths: - if args.shortest_path: -diff --git a/setools/__init__.py b/setools/__init__.py -index a84c846..a53c5a7 100644 ---- a/setools/__init__.py -+++ b/setools/__init__.py -@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery - from .devicetreeconquery import DevicetreeconQuery - - # Information Flow Analysis --from .infoflow import InfoFlowAnalysis -+# from .infoflow import InfoFlowAnalysis - from .permmap import PermissionMap - - # Domain Transition Analysis --from .dta import DomainTransitionAnalysis -+# from .dta import DomainTransitionAnalysis - - # Policy difference - from .diff import PolicyDifference -diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 0aaf13f..5b1ea20 100644 ---- a/setoolsgui/apol/dta.py -+++ b/setoolsgui/apol/dta.py -@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread - from PyQt5.QtGui import QPalette, QTextCursor - from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem --from setools import DomainTransitionAnalysis -+from setools.dta import DomainTransitionAnalysis - - from ..logtosignal import LogHandlerToSignal - from .analysistab import AnalysisTab -diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 1ae16de..fdf8f7b 100644 ---- a/setoolsgui/apol/infoflow.py -+++ b/setoolsgui/apol/infoflow.py -@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread - from PyQt5.QtGui import QPalette, QTextCursor - from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem --from setools import InfoFlowAnalysis -+from setools.infoflow import InfoFlowAnalysis - from setools.exception import UnmappedClass, UnmappedPermission - - from ..logtosignal import LogHandlerToSignal -diff --git a/tests/dta.py b/tests/dta.py -index 32b9271..2bdd052 100644 ---- a/tests/dta.py -+++ b/tests/dta.py -@@ -17,7 +17,8 @@ - # - import unittest - --from setools import SELinuxPolicy, DomainTransitionAnalysis -+from setools import SELinuxPolicy -+from setools.dta import DomainTransitionAnalysis - from setools import TERuletype as TERT - from setools.policyrep.exception import InvalidType - from setools.policyrep.typeattr import Type -diff --git a/tests/infoflow.py b/tests/infoflow.py -index 7751dda..a21c683 100644 ---- a/tests/infoflow.py -+++ b/tests/infoflow.py -@@ -17,7 +17,8 @@ - # - import unittest - --from setools import SELinuxPolicy, InfoFlowAnalysis -+from setools import SELinuxPolicy -+from setools.infoflow import InfoFlowAnalysis - from setools import TERuletype as TERT - from setools.permmap import PermissionMap - from setools.policyrep.exception import InvalidType --- -2.9.3 - diff --git a/0003-bswap_-macros-are-defined-in-byteswap.h.patch b/0003-bswap_-macros-are-defined-in-byteswap.h.patch deleted file mode 100644 index f5445a9..0000000 --- a/0003-bswap_-macros-are-defined-in-byteswap.h.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 10 Aug 2017 08:23:47 +0200 -Subject: [PATCH] bswap_* macros are defined in byteswap.h - -Fixes ImportError on s390x: -/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32 ---- - libqpol/policy.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/libqpol/policy.c b/libqpol/policy.c -index ae3acb5..e412be0 100644 ---- a/libqpol/policy.c -+++ b/libqpol/policy.c -@@ -28,6 +28,7 @@ - - #include "qpol_internal.h" - #include -+#include - #include - #include - #include --- -2.13.3 - diff --git a/0004-Add-support-for-SCTP-protocol.patch b/0004-Add-support-for-SCTP-protocol.patch deleted file mode 100644 index 4223a46..0000000 --- a/0004-Add-support-for-SCTP-protocol.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 16 Apr 2018 20:46:20 +0200 -Subject: [PATCH] Add support for SCTP protocol - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333 - -Signed-off-by: Vit Mojzis ---- - libqpol/include/qpol/linux_types.h | 1 + - libqpol/policy_define.c | 5 +++++ - setools/perm_map | 30 ++++++++++++++++++++++++++++++ - setools/policyrep/netcontext.py | 5 +++++ - 4 files changed, 41 insertions(+) - -diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h -index c3c056b..0985162 100644 ---- a/libqpol/include/qpol/linux_types.h -+++ b/libqpol/include/qpol/linux_types.h -@@ -12,6 +12,7 @@ typedef uint16_t __u16; - #define s6_addr32 __u6_addr32 - - #define IPPROTO_DCCP 33 -+#define IPPROTO_SCTP 132 - #endif - - #endif -diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c -index dcc69fc..1e623a3 100644 ---- a/libqpol/policy_define.c -+++ b/libqpol/policy_define.c -@@ -44,6 +44,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high) - protocol = IPPROTO_UDP; - } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { - protocol = IPPROTO_DCCP; -+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { -+ protocol = IPPROTO_SCTP; - } else { - yyerror2("unrecognized protocol %s", id); - goto bad; -diff --git a/setools/perm_map b/setools/perm_map -index 0a9f91c..25fae09 100644 ---- a/setools/perm_map -+++ b/setools/perm_map -@@ -385,6 +385,8 @@ class node 11 - udp_send w 10 - dccp_recv r 10 - dccp_send w 10 -+ sctp_recv r 10 -+ sctp_send w 10 - enforce_dest n 1 - sendto w 10 - recvfrom r 10 -@@ -699,6 +701,32 @@ class dccp_socket 24 - relabelto w 10 - listen r 1 - -+class sctp_socket 24 -+ node_bind n 1 -+ name_connect w 10 -+ append w 10 -+ bind w 1 -+ connect w 1 -+ create w 1 -+ write w 10 -+ relabelfrom r 10 -+ ioctl n 1 -+ name_bind n 1 -+ sendto w 10 -+ recv_msg r 10 -+ send_msg w 10 -+ getattr r 7 -+ setattr w 7 -+ accept r 1 -+ getopt r 1 -+ read r 10 -+ setopt w 1 -+ shutdown w 1 -+ recvfrom r 10 -+ lock n 1 -+ relabelto w 10 -+ listen r 1 -+ - class netlink_firewall_socket 24 - nlmsg_write w 10 - nlmsg_read r 10 -@@ -984,6 +1012,8 @@ class netif 10 - udp_send w 10 - dccp_recv r 10 - dccp_send w 10 -+ sctp_recv r 10 -+ sctp_send w 10 - - class packet_socket 22 - append w 10 -diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py -index c7076d2..2d890f3 100644 ---- a/setools/policyrep/netcontext.py -+++ b/setools/policyrep/netcontext.py -@@ -38,6 +38,10 @@ try: - IPPROTO_DCCP = getprotobyname("dccp") - except socket.error: - IPPROTO_DCCP = 33 -+try: -+ IPPROTO_SCTP = getprotobyname("sctp") -+except socket.error: -+ IPPROTO_SCTP = 132 - - - def netifcon_factory(policy, name): -@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum): - tcp = IPPROTO_TCP - udp = IPPROTO_UDP - dccp = IPPROTO_DCCP -+ sctp = IPPROTO_SCTP - - - class Portcon(NetContext): --- -2.14.3 - diff --git a/156.patch b/156.patch new file mode 100644 index 0000000..ea56fc1 --- /dev/null +++ b/156.patch @@ -0,0 +1,43 @@ +From 39f7c88251925463c38f5000f6178fe70b484f44 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Tue, 8 Apr 2025 11:22:47 +0200 +Subject: [PATCH] Remove redundant runtime requirement on setuptools +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The dependency was dropped in 99a1cf3b50cd8bf502b5070293c4d1bf792d1566 + +Add a build time dependency for setup.py build_ext on Python 3.12+ +which no longer contains distutils. + +Signed-off-by: Miro Hrončok +--- + pyproject.toml | 2 +- + tox.ini | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/pyproject.toml b/pyproject.toml +index f7815a15..28ae121a 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -39,7 +39,7 @@ classifiers = ["Development Status :: 5 - Production/Stable", + + requires-python=">=3.10" + # also requires libsepol.so and libselinux.so. +-dependencies = ["setuptools"] ++dependencies = [] + + optional-dependencies.analysis = ["networkx>=2.6", + "pygraphviz"] +diff --git a/tox.ini b/tox.ini +index 8fa6954f..b2a21d6b 100644 +--- a/tox.ini ++++ b/tox.ini +@@ -56,5 +56,6 @@ deps = networkx>=2.6 + pygraphviz + pytest-qt + pytest-xvfb ++ setuptools;python_version>="3.12" + commands_pre = {envpython} setup.py build_ext -i + commands = {envpython} -m pytest tests diff --git a/157.patch b/157.patch new file mode 100644 index 0000000..24b6820 --- /dev/null +++ b/157.patch @@ -0,0 +1,42 @@ +From a33a2e394435316f3822e89ac9c2a9aabab17252 Mon Sep 17 00:00:00 2001 +From: Pranav Lawate +Date: Tue, 30 Sep 2025 22:29:10 +0530 +Subject: [PATCH] Fix seinfo argument parsing when policy path follows query + options + +Signed-off-by: Pranav Lawate +--- + seinfo | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/seinfo b/seinfo +index 99180c36..d04ec320 100755 +--- a/seinfo ++++ b/seinfo +@@ -12,6 +12,7 @@ import logging + import signal + import ipaddress + import warnings ++from pathlib import Path + from typing import Callable, List, Tuple + + +@@ -102,6 +103,18 @@ xen.add_argument("--devicetreecon", help="Print all devicetreecon statements.", + + args = parser.parse_args() + ++# Fix argument misparsing: when policy is None and a query option is a string, ++# check if the string is actually a policy file that is incorrectly consumed by the query option ++if not args.policy: ++ # Check all query options defined in the queries argument group ++ for action in queries._group_actions: ++ value = getattr(args, action.dest, None) ++ if isinstance(value, str) and Path(value).exists(): ++ # This query argument consumed the policy path - fix it ++ args.policy = value ++ setattr(args, action.dest, True) ++ break ++ + if args.debug: + logging.basicConfig(level=logging.DEBUG, + format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..af6eb32 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,16 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + diff --git a/plans/selinux.fmf b/plans/selinux.fmf new file mode 100644 index 0000000..b20003c --- /dev/null +++ b/plans/selinux.fmf @@ -0,0 +1,7 @@ +summary: selinux tests - Tier 1 | policycoreutils | checkpolicy +discover: + how: fmf + url: https://src.fedoraproject.org/tests/selinux + filter: "tier: 1 | component: policycoreutils | component: checkpolicy" +execute: + how: tmt diff --git a/plans/tests.fmf b/plans/tests.fmf new file mode 100644 index 0000000..1caffcc --- /dev/null +++ b/plans/tests.fmf @@ -0,0 +1,5 @@ +summary: setools test plan +discover: + how: fmf +execute: + how: tmt diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..6bcfaca --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,3 @@ +emptyrpm: + expected_empty: + - setools diff --git a/setools.spec b/setools.spec index e354f60..e43d04a 100644 --- a/setools.spec +++ b/setools.spec @@ -1,42 +1,34 @@ -# sitelib for noarch packages, sitearch for others (remove the unneeded one) -%{!?__python2: %global __python2 %__python} -%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} -%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} - -# % global setools_pre_ver beta.1.8e09d95 -# % global gitver f1e5b20 - -%global sepol_ver 2.7-1 -%global selinux_ver 2.7-1 +%global sepol_ver 3.9 +%global selinux_ver 3.9 Name: setools -Version: 4.1.1 -Release: 8%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.6.0 +Release: 4%{?dist} Summary: Policy analysis tools for SELinux -License: GPLv2 -URL: https://github.com/TresysTechnology/setools/wiki -Source0: https://github.com/TresysTechnology/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +License: GPL-2.0-only AND LGPL-2.1-only +URL: https://github.com/SELinuxProject/setools/wiki +Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch1: 0001-Do-not-use-Werror-during-build.patch -Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch -Patch3: 0003-bswap_-macros-are-defined-in-byteswap.h.patch -Patch4: 0004-Add-support-for-SCTP-protocol.patch + +# Remove redundant runtime requirement on setuptools +Patch: https://github.com/SELinuxProject/setools/pull/156.patch +# Fix seinfo argument parsing when policy path follows query +Patch: https://github.com/SELinuxProject/setools/pull/157.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison -BuildRequires: glibc-devel, gcc, git +BuildRequires: glibc-devel, gcc, git-core BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} -BuildRequires: qt5-qtbase-devel BuildRequires: swig -BuildRequires: python2-devel -BuildRequires: python2-setuptools +BuildRequires: python3-Cython BuildRequires: python3-devel -BuildRequires: python3-setuptools +BuildRequires: libselinux-devel -# BuildArch: -Requires: python3-%{name} = %{version}-%{release} +Requires: %{name}-console = %{version}-%{release} +Requires: %{name}-console-analyses = %{version}-%{release} +Requires: %{name}-gui = %{version}-%{release} %description SETools is a collection of graphical tools, command-line tools, and @@ -44,7 +36,7 @@ Python modules designed to facilitate SELinux policy analysis. %package console Summary: Policy analysis command-line tools for SELinux -License: GPLv2 +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} Requires: libselinux >= %{selinux_ver} @@ -61,7 +53,7 @@ This package includes the following console tools: %package console-analyses Summary: Policy analysis command-line tools for SELinux -License: GPLv2 +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} Requires: libselinux >= %{selinux_ver} Requires: python3-networkx @@ -76,29 +68,10 @@ This package includes the following console tools: seinfoflow Perform information flow analyses. -%package -n python2-setools -Summary: Policy analysis tools for SELinux -Recommends: python2-libselinux -%{?python_provide:%python_provide python2-setools} -# Remove before F30 -Provides: %{name}-python = %{version}-%{release} -Provides: %{name}-python%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-python < %{version}-%{release} -Requires: python2-enum34 - -%description -n python2-setools -SETools is a collection of graphical tools, command-line tools, and -Python 2 modules designed to facilitate SELinux policy analysis. - %package -n python3-setools -Summary: Policy analysis tools for SELinux -Obsoletes: setools-libs < 4.0.0, setools-libs-tcl -Recommends: libselinux-python3 -%{?python_provide:%python_provide python2-setools} -# Remove before F30 -Provides: %{name}-python3 = %{version}-%{release} -Provides: %{name}-python3%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-python3 < %{version}-%{release} +Summary: Policy analysis tools for SELinux +License: LGPL-2.1-only +Obsoletes: setools-libs < 4.0.0 %description -n python3-setools SETools is a collection of graphical tools, command-line tools, and @@ -107,7 +80,9 @@ Python 3 modules designed to facilitate SELinux policy analysis. %package gui Summary: Policy analysis graphical tools for SELinux -Requires: python3-qt5 +License: GPL-2.0-only +Requires: python3-setools = %{version}-%{release} +Requires: python3-pyqt6 python3-pyqt6-sip Requires: python3-networkx %description gui @@ -116,77 +91,270 @@ Python modules designed to facilitate SELinux policy analysis. %prep -%autosetup -p 1 -S git +%autosetup -p 1 -S git -n setools-%{version} -cp -a ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 + +%generate_buildrequires +%pyproject_buildrequires %build -# Remove CFLAGS=... for noarch packages (unneeded) -CFLAGS="%{optflags}" %{__python3} setup.py build - -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -# Remove CFLAGS=... for noarch packages (unneeded) -CFLAGS="%{optflags}" %{__python2} setup.py build -popd +%pyproject_wheel %install -rm -rf %{buildroot} -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -%{__python2} setup.py install --root %{buildroot} -popd - -rm -rf %{buildroot}%{_bindir} -%{__python3} setup.py install --root %{buildroot} +%pyproject_install %check %if %{?_with_check:1}%{!?_with_check:0} -%{__python3} setup.py test - -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -%{__python2} setup.py test -popd +# dnf install python3-pytest python3-pytest-qt +%pytest %endif %files %files console +%license COPYING.GPL +%{_bindir}/sechecker %{_bindir}/sediff %{_bindir}/seinfo %{_bindir}/sesearch +%{_mandir}/man1/sechecker* %{_mandir}/man1/sediff* %{_mandir}/man1/seinfo* %{_mandir}/man1/sesearch* +%{_mandir}/ru/man1/sediff* +%{_mandir}/ru/man1/seinfo* +%{_mandir}/ru/man1/sesearch* %files console-analyses +%license COPYING.GPL %{_bindir}/sedta %{_bindir}/seinfoflow %{_mandir}/man1/sedta* %{_mandir}/man1/seinfoflow* - -%files -n python2-setools -# %doc AUTHORS ChangeLog KNOWN-BUGS NEWS README -%license COPYING COPYING.GPL COPYING.LGPL -# For noarch packages: sitelib -# %{python2_sitelib}/* -# For arch-specific packages: sitearch -%{python2_sitearch}/* +%{_mandir}/ru/man1/sedta* +%{_mandir}/ru/man1/seinfoflow* %files -n python3-setools -%license COPYING COPYING.GPL COPYING.LGPL -# %doc AUTHORS ChangeLog KNOWN-BUGS NEWS README -# For noarch packages: sitelib -# %{python3_sitelib}/* -# For arch-specific packages: sitearch -%{python3_sitearch}/* +%license COPYING COPYING.LGPL +%{python3_sitearch}/setools +%{python3_sitearch}/setools-* %files gui +%license COPYING.GPL %{_bindir}/apol +%{python3_sitearch}/setoolsgui %{_mandir}/man1/apol* +%{_mandir}/ru/man1/apol* %changelog +* Mon Dec 01 2025 Veronika Syncakova - 4.6.0-4 +- Fix seinfo argument parsing when policy path follows query options + +* Thu Oct 02 2025 Miro Hrončok - 4.6.0-3 +- Drop redundant runtime requirement on python3-setuptools (redux) + +* Fri Sep 19 2025 Python Maint - 4.6.0-2 +- Rebuilt for Python 3.14.0rc3 bytecode + +* Tue Sep 09 2025 Petr Lautrbach - 4.6.0-1 +- SETools 4.6.0 + +* Fri Aug 15 2025 Python Maint - 4.5.1-11 +- Rebuilt for Python 3.14.0rc2 bytecode + +* Mon Aug 04 2025 Miro Hrončok - 4.5.1-10 +- Drop redundant runtime requirement on python3-setuptools (correction) + +* Fri Jul 25 2025 Fedora Release Engineering - 4.5.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Sat Jul 05 2025 Petr Lautrbach - 4.5.1-8 +- Rebuilt with SELinux userspace 3.9-rc2 release + +* Mon Jun 02 2025 Python Maint - 4.5.1-7 +- Rebuilt for Python 3.14 + +* Tue Apr 01 2025 Miro Hrončok - 4.5.1-6 +- Drop redundant runtime requirement on python3-setuptools, dropped in setools 4.5.1 + +* Sun Jan 19 2025 Fedora Release Engineering - 4.5.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Sat Jul 20 2024 Fedora Release Engineering - 4.5.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Fri Jun 07 2024 Python Maint - 4.5.1-3 +- Rebuilt for Python 3.13 + +* Thu May 02 2024 Petr Lautrbach - 4.5.1-2 +- Fix License tag + +* Thu May 02 2024 Petr Lautrbach - 4.5.1-1 +- SETools 4.5.1 + +* Thu Apr 18 2024 Petr Lautrbach - 4.5.0-1 +- SETools 4.5.0 + +* Sat Jan 27 2024 Fedora Release Engineering - 4.4.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Dec 11 2023 Petr Lautrbach - 4.4.4-1 +- SETools 4.4.4 release + +* Mon Aug 28 2023 Petr Lautrbach - 4.4.3-2 +- Use Qt 6 + +* Wed Aug 9 2023 Petr Lautrbach - 4.4.3-1 +- SETools 4.4.3 release + +* Wed Jul 26 2023 Petr Lautrbach - 4.4.2-4 +- Disable/remove neverallow options in sediff. +- Improve man pages +- seinfoflow: Add -r option to get flows into the source type. +- seinfoflow.1: Remove references to sepolgen permission map. +- AVRule/AVRuleXperm: Treat rules with no permissions as invalid policy. +- SELinuxPolicy: Add explicit cast for libspol message + +* Sat Jul 22 2023 Fedora Release Engineering - 4.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Jun 13 2023 Python Maint - 4.4.2-2 +- Rebuilt for Python 3.12 + +* Thu Apr 20 2023 Petr Lautrbach - 4.4.2-1 +- SETools 4.4.2 release + +* Mon Feb 6 2023 Petr Lautrbach - 4.4.1-1 +- SETools 4.4.1 release + +* Sat Jan 21 2023 Fedora Release Engineering - 4.4.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Jul 23 2022 Fedora Release Engineering - 4.4.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jun 16 2022 Python Maint - 4.4.0-8 +- Rebuilt for Python 3.11 + +* Mon Jun 13 2022 Petr Lautrbach - 4.4.0-7 +- Update required userspace versions to 3.4 +- Drop unnecessary Recommends + +* Mon Jun 13 2022 Python Maint - 4.4.0-6 +- Rebuilt for Python 3.11 + +* Sat Jan 22 2022 Fedora Release Engineering - 4.4.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Nov 19 2021 Petr Lautrbach - 4.4.0-4 +- Make seinfo output predictable + https://github.com/SELinuxProject/setools/issues/65 + +* Fri Jul 23 2021 Fedora Release Engineering - 4.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 4.4.0-2 +- Rebuilt for Python 3.10 + +* Mon Mar 8 2021 Petr Lautrbach - 4.4.0-1 +- SETools 4.4.0 release + +* Wed Jan 27 2021 Fedora Release Engineering - 4.4.0-0.3.20210121git16c0696 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 21 2021 Petr Lautrbach - 4.4.0-0.2.20210121git16c0696 +- Rebuild with SELinux userspace 3.2-rc1 +- Update to 16c0696 + +* Thu Dec 10 2020 Petr Lautrbach - 4.4.0-0.2.20201102git05e90ee +- Fix imports in /usr/bin/sedta + +* Tue Nov 3 2020 Petr Lautrbach - 4.4.0-0.1.20201102git05e90ee +- Update to 05e90ee +- Add /usr/bin/sechecker +- Adapt to new libsepol filename transition structures +- Rebuild with libsepol.so.2 + +* Sat Aug 01 2020 Fedora Release Engineering - 4.3.0-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 4.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 16 2020 Petr Lautrbach - 4.3.0-3 +- rebuild with SELinux userspace 3.1 release + +* Tue May 26 2020 Miro Hrončok - 4.3.0-2 +- Rebuilt for Python 3.9 + +* Thu Apr 2 2020 Petr Lautrbach - 4.3.0-1 +- SETools 4.3.0 release +- Revised sediff method for TE rules. This drastically reduced memory and run time. +- Added infiniband context support to seinfo, sediff, and apol. +- Added apol configuration for location of Qt assistant. +- Fixed sediff issue where properties header would display when not requested. +- Fixed sediff issue with type_transition file name comparison. +- Fixed permission map socket sendto information flow direction. +- Added methods to TypeAttribute class to make it a complete Python collection. +- Genfscon now will look up classes rather than using fixed values which + were dropped from libsepol. + +* Mon Mar 23 2020 Petr Lautrbach - 4.2.2-5 +- setools requires -console, -console-analyses and -gui packages (#1794314) + +* Thu Jan 30 2020 Fedora Release Engineering - 4.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Oct 03 2019 Miro Hrončok - 4.2.2-3 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Mon Aug 19 2019 Miro Hrončok - 4.2.2-2 +- Rebuilt for Python 3.8 + +* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1} +- SETools 4.2.2 release + +* Mon May 13 2019 Vit Mojzis - 4.2.1-3 +- Use %set_build_flags instead of %optflags + +* Mon May 06 2019 Vit Mojzis - 4.2.1-2 +- SELinuxPolicy: Create a map of aliases on policy load (#1672631) + +* Tue Mar 26 2019 Petr Lautrbach - 4.2.1-1 +- SETools 4.2.1 release (#1581761, #1595582) + +* Wed Nov 14 2018 Vit Mojzis - 4.2.0-1 +- Update source to SETools 4.2.0 release + +* Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc +- Update upstream source to 4.2.0-rc + +* Wed Sep 19 2018 Vit Mojzis - 4.2.0-0.2.beta +- Require userspace release 2.8 +- setools-gui requires python3-setools +- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) +- Drop python2 subpackage (4.2.0 no longer supports python2) + +* Wed Aug 29 2018 Vit Mojzis - 4.1.1-13 +- Add Requires for python[23]-setuptools - no longer required (just recommended) + by python[23] (#1623371) + +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12.1 +- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 + +* Sat Jul 14 2018 Fedora Release Engineering - 4.1.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 4.1.1-10 +- Rebuilt for Python 3.7 + +* Thu Jun 14 2018 Petr Lautrbach - 4.1.1-9 +- Move gui python files to -gui subpackage + * Thu Apr 26 2018 Vit Mojzis - 4.1.1-8 - Add support for SCTP protocol (#1568333) diff --git a/sources b/sources index 7fde505..386b801 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.1.1.tar.gz) = 2e55a3b07e2f94d7c84054f31d266567b9acc708fe2b0e16ac3ea24e8301c712bcf564ff915a6135a1a6ba6822682bb3a6530dae20161a832fb7048364acbd04 +SHA512 (4.6.0.tar.gz) = 5b654f480f285717d15fa55f754fbd00cb030a0d8af8342d901e0514c4fdbacb7873e19420dab98540eaa481c687ff1e03423df893c0d1744eb4c53eb81afbf5 diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile b/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile new file mode 100644 index 0000000..a5e7a6b --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +# Description: Make sure setools requires setools-console and setools-gui +# Author: Vit Mojzis +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Vit Mojzis " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Make sure setools requires setools-console and setools-gui" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Bug: 1820078" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf b/tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf new file mode 100644 index 0000000..11ff640 --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf @@ -0,0 +1,11 @@ +summary: Make sure setools requires setools-console and setools-gui +contact: Vit Mojzis +component: + - setools +test: ./runtest.sh +framework: beakerlib +duration: 5m +link: + - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1820078 +extra-summary: /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +extra-task: /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh new file mode 100755 index 0000000..ad83754 --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools +# Description: Make sure setools requires setools-console and setools-gui +# Author: Vit Mojzis +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools" + +rlJournalStart + rlPhaseStartSetup + rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console" + OUTPUT_FILE=`mktemp` + rlPhaseEnd + + rlPhaseStartTest "bz#1820078" + rlRun "dnf -y install ${PACKAGE}" 0 + rlAssertRpm "${PACKAGE}-gui" + rlAssertRpm "${PACKAGE}-console" + # make sure that setools-* packages do not require setools + rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1 + rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1 + if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi + rlPhaseEnd + + rlPhaseStartCleanup + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/Sanity/sedta/Makefile b/tests/Sanity/sedta/Makefile new file mode 100644 index 0000000..e45b9de --- /dev/null +++ b/tests/Sanity/sedta/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/setools/Sanity/sedta +# Description: Does sedta work as expected? Does it support all features? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/setools/Sanity/sedta +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does sedta work as expected? Does it support all features?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 1h" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Requires: policycoreutils setools-console-analyses" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/Sanity/sedta/PURPOSE b/tests/Sanity/sedta/PURPOSE new file mode 100644 index 0000000..db04487 --- /dev/null +++ b/tests/Sanity/sedta/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/setools/Sanity/sedta +Description: Does sedta work as expected? Does it support all features? +Author: Milos Malik diff --git a/tests/Sanity/sedta/main.fmf b/tests/Sanity/sedta/main.fmf new file mode 100644 index 0000000..e0c2de1 --- /dev/null +++ b/tests/Sanity/sedta/main.fmf @@ -0,0 +1,30 @@ +summary: Does sedta work as expected? Does it support all features? +description: '' +contact: Milos Malik +component: + - setools +test: ./runtest.sh +framework: beakerlib +recommend: + - git + - policycoreutils + - setools-console-analyses +duration: 1h +enabled: true +tag: + - CI-Tier-1 + - NoRHEL4 + - NoRHEL5 + - NoRHEL6 + - NoRHEL7 + - TIPfail_Security + - f32friendly + - f33friendly + - targeted +adjust: + - enabled: false + when: distro == rhel-4, rhel-5, rhel-6, rhel-7 + continue: false +extra-nitrate: TC#0604139 +extra-summary: /CoreOS/setools/Sanity/sedta +extra-task: /CoreOS/setools/Sanity/sedta diff --git a/tests/Sanity/sedta/runtest.sh b/tests/Sanity/sedta/runtest.sh new file mode 100755 index 0000000..fa6372d --- /dev/null +++ b/tests/Sanity/sedta/runtest.sh @@ -0,0 +1,87 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/setools/Sanity/sedta +# Description: Does sedta work as expected? Does it support all features? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE}-console-analyses + OUTPUT_FILE=`mktemp` + rlRun "semodule -i testpolicy.cil" + rlRun "semodule -l | grep testpolicy" + rlPhaseEnd + + rlPhaseStartTest "invalid values" + rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}" + rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}" + rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}" + rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'must be positive' ${OUTPUT_FILE}" + rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}" + rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}" + rlPhaseEnd + + rlPhaseStartTest "valid values" + # transitivity + rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + # reflexivity + rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + # path is longer than limit + rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + # non-existent relation + rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + # non-existent relation + rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "semodule -r testpolicy" + rlRun "semodule -l | grep testpolicy" 1 + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/Sanity/sedta/testpolicy.cil b/tests/Sanity/sedta/testpolicy.cil new file mode 100644 index 0000000..cc39d72 --- /dev/null +++ b/tests/Sanity/sedta/testpolicy.cil @@ -0,0 +1,21 @@ +( type xyz_t ) + +( type first_t ) +( type first_exec_t ) +( type second_t ) +( type second_exec_t ) +( type third_t ) +( type third_exec_t ) + +( typetransition first_t second_exec_t process second_t ) +( typetransition second_t third_exec_t process third_t ) + +( allow first_t second_exec_t ( file ( getattr open read execute ))) +( allow first_t second_t ( process ( transition ))) +( allow second_t third_exec_t ( file ( getattr open read execute ))) +( allow second_t third_t ( process ( transition ))) + +( allow first_t first_exec_t ( file ( entrypoint ))) +( allow second_t second_exec_t ( file ( entrypoint ))) +( allow third_t third_exec_t ( file ( entrypoint ))) + diff --git a/tests/Sanity/seinfo-consistent-output/Makefile b/tests/Sanity/seinfo-consistent-output/Makefile new file mode 100644 index 0000000..e8bd655 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of Sanity/seinfo-consistent-output +# Description: Check whether different 2 or more runs of same seinfo commands produce same output +# Author: Petr Lautrbach +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2021 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=Sanity/seinfo-consistent-output +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Petr Lautrbach " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Check whether different 2 or more runs of same seinfo commands produce same output" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Requires: setools-console" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Bug: 2019962" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/Sanity/seinfo-consistent-output/PURPOSE b/tests/Sanity/seinfo-consistent-output/PURPOSE new file mode 100644 index 0000000..3202eb9 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of Sanity/seinfo-consistent-output +Description: Check whether different 2 or more runs of same seinfo commands produce same output +Author: Petr Lautrbach diff --git a/tests/Sanity/seinfo-consistent-output/main.fmf b/tests/Sanity/seinfo-consistent-output/main.fmf new file mode 100644 index 0000000..1c908d7 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/main.fmf @@ -0,0 +1,15 @@ +summary: Check whether different 2 or more runs of same seinfo commands produce same + output +description: '' +contact: Petr Lautrbach +component: + - setools +test: ./runtest.sh +framework: beakerlib +recommend: + - setools-console +duration: 5m +link: + - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2019962 +extra-summary: Sanity/seinfo-consistent-output +extra-task: Sanity/seinfo-consistent-output diff --git a/tests/Sanity/seinfo-consistent-output/runtest.sh b/tests/Sanity/seinfo-consistent-output/runtest.sh new file mode 100755 index 0000000..0ad39a7 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/runtest.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of Sanity/seinfo-consistent-output +# Description: Check whether different 2 or more runs of same seinfo commands produce same output +# Author: Petr Lautrbach +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2021 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools-console" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + commands=( + "seinfo --all -x" + "seinfo --constrain" + "seinfo --common" + "seinfo -c -x" + "seinfo -r -x" + "seinfo -u -x" + ) + + for c in "${commands[@]}"; do + + rlPhaseStartTest "$c" + rlRun "$c > 1.out" + rlRun "$c > 2.out" + rlRun "cmp 1.out 2.out" 0 + rlPhaseEnd + done + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd