Enable gating on tests

https://docs.fedoraproject.org/en-US/ci/gating/

.gitignore

@@ -96,3 +96,12 @@ checkpolicy-2.0.22.tgz
 /checkpolicy-2.5.tar.gz
 /checkpolicy-2.6.tar.gz
 /checkpolicy-2.7.tar.gz
+/checkpolicy-2.8-rc1.tar.gz
+/checkpolicy-2.8-rc3.tar.gz
+/checkpolicy-2.8.tar.gz
+/checkpolicy-2.9-rc1.tar.gz
+/checkpolicy-2.9-rc2.tar.gz
+/checkpolicy-2.9.tar.gz
+/checkpolicy-3.0-rc1.tar.gz
+/checkpolicy-3.0.tar.gz
+/checkpolicy-3.1.tar.gz

0001-libsepol-checkpolicy-optimize-storage-of-filename-tr.patch

@@ -0,0 +1,129 @@
+From 42ae834a7428c57f7b2a9f448adf4cf991fa3487 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Fri, 31 Jul 2020 13:10:34 +0200
+Subject: [PATCH] libsepol,checkpolicy: optimize storage of filename
+ transitions
+
+In preparation to support a new policy format with a more optimal
+representation of filename transition rules, this patch applies an
+equivalent change from kernel commit c3a276111ea2 ("selinux: optimize
+storage of filename transitions").
+
+See the kernel commit's description [1] for the rationale behind this
+representation. This change doesn't bring any measurable difference of
+policy build performance (semodule -B) on Fedora.
+
+[1] https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/commit/?id=c3a276111ea2572399281988b3129683e2a6b60b
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ checkpolicy/policy_define.c | 49 ++++++++++---------------------------
+ checkpolicy/test/dispol.c   | 20 ++++++++++-----
+ 2 files changed, 27 insertions(+), 42 deletions(-)
+
+diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
+index c6733fa469c5..395f62284e3c 100644
+--- a/checkpolicy/policy_define.c
++++ b/checkpolicy/policy_define.c
+@@ -3303,8 +3303,6 @@ int define_filename_trans(void)
+ 	ebitmap_t e_stypes, e_ttypes;
+ 	ebitmap_t e_tclasses;
+ 	ebitmap_node_t *snode, *tnode, *cnode;
+-	filename_trans_t *ft;
+-	filename_trans_datum_t *ftdatum;
+ 	filename_trans_rule_t *ftr;
+ 	type_datum_t *typdatum;
+ 	uint32_t otype;
+@@ -3388,40 +3386,19 @@ int define_filename_trans(void)
+ 	ebitmap_for_each_positive_bit(&e_tclasses, cnode, c) {
+ 		ebitmap_for_each_positive_bit(&e_stypes, snode, s) {
+ 			ebitmap_for_each_positive_bit(&e_ttypes, tnode, t) {
+-				ft = calloc(1, sizeof(*ft));
+-				if (!ft) {
+-					yyerror("out of memory");
+-					goto bad;
+-				}
+-				ft->stype = s+1;
+-				ft->ttype = t+1;
+-				ft->tclass = c+1;
+-				ft->name = strdup(name);
+-				if (!ft->name) {
+-					yyerror("out of memory");
+-					goto bad;
+-				}
+-
+-				ftdatum = hashtab_search(policydbp->filename_trans,
+-							 (hashtab_key_t)ft);
+-				if (ftdatum) {
+-					yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
+-						 name,
+-						 policydbp->p_type_val_to_name[s],
+-						 policydbp->p_type_val_to_name[t],
+-						 policydbp->p_class_val_to_name[c]);
+-					goto bad;
+-				}
+-
+-				ftdatum = calloc(1, sizeof(*ftdatum));
+-				if (!ftdatum) {
+-					yyerror("out of memory");
+-					goto bad;
+-				}
+-				rc = hashtab_insert(policydbp->filename_trans,
+-						    (hashtab_key_t)ft,
+-						    ftdatum);
+-				if (rc) {
++				rc = policydb_filetrans_insert(
++					policydbp, s+1, t+1, c+1, name,
++					NULL, otype, NULL
++				);
++				if (rc != SEPOL_OK) {
++					if (rc == SEPOL_EEXIST) {
++						yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
++							name,
++							policydbp->p_type_val_to_name[s],
++							policydbp->p_type_val_to_name[t],
++							policydbp->p_class_val_to_name[c]);
++						goto bad;
++					}
+ 					yyerror("out of memory");
+ 					goto bad;
+ 				}
+diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
+index d72d9fb331cf..8785b7252824 100644
+--- a/checkpolicy/test/dispol.c
++++ b/checkpolicy/test/dispol.c
+@@ -335,17 +335,25 @@ static int filenametr_display(hashtab_key_t key,
+ 			      hashtab_datum_t datum,
+ 			      void *ptr)
+ {
+-	struct filename_trans *ft = (struct filename_trans *)key;
++	struct filename_trans_key *ft = (struct filename_trans_key *)key;
+ 	struct filename_trans_datum *ftdatum = datum;
+ 	struct filenametr_display_args *args = ptr;
+ 	policydb_t *p = args->p;
+ 	FILE *fp = args->fp;
++	ebitmap_node_t *node;
++	uint32_t bit;
++
++	do {
++		ebitmap_for_each_positive_bit(&ftdatum->stypes, node, bit) {
++			display_id(p, fp, SYM_TYPES, bit, "");
++			display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
++			display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
++			display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");
++			fprintf(fp, " %s\n", ft->name);
++		}
++		ftdatum = ftdatum->next;
++	} while (ftdatum);
+ 
+-	display_id(p, fp, SYM_TYPES, ft->stype - 1, "");
+-	display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
+-	display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
+-	display_id(p, fp, SYM_TYPES, ftdatum->otype - 1, "");
+-	fprintf(fp, " %s\n", ft->name);
+ 	return 0;
+ }
+ 
+-- 
+2.29.0
+

0002-libsepol-cil-fix-signed-overflow-caused-by-using-1-3.patch

@@ -0,0 +1,90 @@
+From 521e6a2f478a4c7a7c198c017d4d12e8667d89e7 Mon Sep 17 00:00:00 2001
+From: Nicolas Iooss <nicolas.iooss@m4x.org>
+Date: Sat, 3 Oct 2020 15:19:08 +0200
+Subject: [PATCH] libsepol/cil: fix signed overflow caused by using (1 << 31) -
+ 1
+
+When compiling SELinux userspace tools with -ftrapv (this option
+generates traps for signed overflow on addition, subtraction,
+multiplication operations, instead of silently wrapping around),
+semodule crashes when running the tests from
+scripts/ci/fedora-test-runner.sh in a Fedora 32 virtual machine:
+
+    [root@localhost selinux-testsuite]# make test
+    make -C policy load
+    make[1]: Entering directory '/root/selinux-testsuite/policy'
+    # Test for "expand-check = 0" in /etc/selinux/semanage.conf
+    # General policy build
+    make[2]: Entering directory '/root/selinux-testsuite/policy/test_policy'
+    Compiling targeted test_policy module
+    Creating targeted test_policy.pp policy package
+    rm tmp/test_policy.mod.fc
+    make[2]: Leaving directory '/root/selinux-testsuite/policy/test_policy'
+    # General policy load
+    domain_fd_use --> off
+    /usr/sbin/semodule -i test_policy/test_policy.pp test_mlsconstrain.cil test_overlay_defaultrange.cil test_add_levels.cil test_glblub.cil
+    make[1]: *** [Makefile:174: load] Aborted (core dumped)
+
+Using "coredumpctl gdb" leads to the following strack trace:
+
+    (gdb) bt
+    #0  0x00007f608fe4fa25 in raise () from /lib64/libc.so.6
+    #1  0x00007f608fe38895 in abort () from /lib64/libc.so.6
+    #2  0x00007f6090028aca in __addvsi3.cold () from /lib64/libsepol.so.1
+    #3  0x00007f6090096f59 in __avrule_xperm_setrangebits (low=30, high=30, xperms=0x8b9eea0)
+        at ../cil/src/cil_binary.c:1551
+    #4  0x00007f60900970dd in __cil_permx_bitmap_to_sepol_xperms_list (xperms=0xb650a30, xperms_list=0x7ffce2653b18)
+        at ../cil/src/cil_binary.c:1596
+    #5  0x00007f6090097286 in __cil_avrulex_ioctl_to_policydb (k=0xb8ec200 "@\023\214\022\006", datum=0xb650a30,
+        args=0x239a640) at ../cil/src/cil_binary.c:1649
+    #6  0x00007f609003f1e5 in hashtab_map (h=0x41f8710, apply=0x7f60900971da <__cil_avrulex_ioctl_to_policydb>,
+        args=0x239a640) at hashtab.c:234
+    #7  0x00007f609009ea19 in cil_binary_create_allocated_pdb (db=0x2394f10, policydb=0x239a640)
+        at ../cil/src/cil_binary.c:4969
+    #8  0x00007f609009d19d in cil_binary_create (db=0x2394f10, policydb=0x7ffce2653d30) at ../cil/src/cil_binary.c:4329
+    #9  0x00007f609008ec23 in cil_build_policydb_create_pdb (db=0x2394f10, sepol_db=0x7ffce2653d30)
+        at ../cil/src/cil.c:631
+    #10 0x00007f608fff4bf3 in semanage_direct_commit () from /lib64/libsemanage.so.1
+    #11 0x00007f608fff9fae in semanage_commit () from /lib64/libsemanage.so.1
+    #12 0x0000000000403e2b in main (argc=7, argv=0x7ffce2655058) at semodule.c:753
+
+    (gdb) f 3
+    #3  0x00007f6090096f59 in __avrule_xperm_setrangebits (low=30, high=30, xperms=0x8b9eea0)
+        at ../cil/src/cil_binary.c:1551
+    1551     xperms->perms[i] |= XPERM_SETBITS(h) - XPERM_SETBITS(low);
+
+A signed integer overflow therefore occurs in XPERM_SETBITS(h):
+
+    #define XPERM_SETBITS(x) ((1 << (x & 0x1f)) - 1)
+
+This macro is expanded with h=31, so "(1 << 31) - 1" is computed:
+
+* (1 << 31) = -0x80000000 is the lowest signed 32-bit integer value
+* (1 << 31) - 1 overflows the capacity of a signed 32-bit integer and
+  results in 0x7fffffff (which is unsigned)
+
+Using unsigned integers (with "1U") fixes the crash, as
+(1U << 31) = 0x80000000U has no overflowing issues.
+
+Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
+Acked-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ checkpolicy/policy_define.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
+index 395f62284e3c..bf6c3e68bef3 100644
+--- a/checkpolicy/policy_define.c
++++ b/checkpolicy/policy_define.c
+@@ -2147,7 +2147,7 @@ out:
+ /* index of the u32 containing the permission */
+ #define XPERM_IDX(x) (x >> 5)
+ /* set bits 0 through x-1 within the u32 */
+-#define XPERM_SETBITS(x) ((1 << (x & 0x1f)) - 1)
++#define XPERM_SETBITS(x) ((1U << (x & 0x1f)) - 1)
+ /* low value for this u32 */
+ #define XPERM_LOW(x) (x << 5)
+ /* high value for this u32 */
+-- 
+2.29.0
+

checkpolicy-fedora.patch

@@ -1,91 +0,0 @@
-diff --git checkpolicy-2.7/checkmodule.8 checkpolicy-2.7/checkmodule.8
-index ee95882..cf76591 100644
---- checkpolicy-2.7/checkmodule.8
-+++ checkpolicy-2.7/checkmodule.8
-@@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
- This manual page was copied from the checkpolicy man page 
- written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, 
- and edited by Dan Walsh <dwalsh@redhat.com>.
--The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
-+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
-diff --git checkpolicy-2.7/checkpolicy.8 checkpolicy-2.7/checkpolicy.8
-index 7b28696..1c8805d 100644
---- checkpolicy-2.7/checkpolicy.8
-+++ checkpolicy-2.7/checkpolicy.8
-@@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
- 
- .SH AUTHOR
- This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
--and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
--The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
-+and edited by Stephen Smalley <sds@tycho.nsa.gov>.
-+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
-diff --git checkpolicy-2.7/checkpolicy.c checkpolicy-2.7/checkpolicy.c
-index b75f2af..923b47c 100644
---- checkpolicy-2.7/checkpolicy.c
-+++ checkpolicy-2.7/checkpolicy.c
-@@ -1,6 +1,6 @@
- 
- /*
-- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
-+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
-  */
- 
- /*
-diff --git checkpolicy-2.7/policy_define.c checkpolicy-2.7/policy_define.c
-index f12ebdb..2c5db55 100644
---- checkpolicy-2.7/policy_define.c
-+++ checkpolicy-2.7/policy_define.c
-@@ -1,5 +1,5 @@
- /*
-- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
-+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
-  */
- 
- /*
-diff --git checkpolicy-2.7/policy_parse.y checkpolicy-2.7/policy_parse.y
-index 6b406c8..247bd4e 100644
---- checkpolicy-2.7/policy_parse.y
-+++ checkpolicy-2.7/policy_parse.y
-@@ -1,6 +1,6 @@
- 
- /*
-- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
-+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
-  */
- 
- /*
-diff --git checkpolicy-2.7/policy_scan.l checkpolicy-2.7/policy_scan.l
-index e6c4898..e93ccb6 100644
---- checkpolicy-2.7/policy_scan.l
-+++ checkpolicy-2.7/policy_scan.l
-@@ -1,6 +1,6 @@
- 
- /* 
-- * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 
-+ * Author : Stephen Smalley, <sds@tycho.nsa.gov>
-  */
- 
- /* Updated: David Caplan, <dac@tresys.com>
-diff --git checkpolicy-2.7/queue.c checkpolicy-2.7/queue.c
-index acc991c..82e6673 100644
---- checkpolicy-2.7/queue.c
-+++ checkpolicy-2.7/queue.c
-@@ -1,5 +1,5 @@
- 
--/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
-+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
- 
- /* FLASK */
- 
-diff --git checkpolicy-2.7/queue.h checkpolicy-2.7/queue.h
-index 655c94b..60c07fe 100644
---- checkpolicy-2.7/queue.h
-+++ checkpolicy-2.7/queue.h
-@@ -1,5 +1,5 @@
- 
--/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
-+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
- 
- /* FLASK */
- 

checkpolicy.spec

@@ -1,18 +1,20 @@
-%define libselinuxver 2.7-6
-%define libsepolver 2.7-3
+%define libselinuxver 3.1-4
+%define libsepolver 3.1-4
 
 Summary: SELinux policy compiler
 Name: checkpolicy
-Version: 2.7
+Version: 3.1
 Release: 4%{?dist}
 License: GPLv2
-Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/checkpolicy-2.7.tar.gz
-# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
-# run:
-# $ VERSION=2.7 ./make-fedora-selinux-patch.sh checkpolicy
-# HEAD https://github.com/fedora-selinux/selinux/commit/4247fad665261169b430895f0ab10f56eb33dd10
-Patch1: checkpolicy-fedora.patch
-Conflicts: selinux-policy-base < 3.13.1-138
+Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/checkpolicy-3.1.tar.gz
+# $ git clone https://github.com/fedora-selinux/selinux.git
+# $ cd selinux
+# $ git format-patch -N checkpolicy-3.1 -- checkpolicy
+# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
+# Patch list start
+Patch0001: 0001-libsepol-checkpolicy-optimize-storage-of-filename-tr.patch
+Patch0002: 0002-libsepol-cil-fix-signed-overflow-caused-by-using-1-3.patch
+# Patch list end
 BuildRequires: gcc
 BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel  >= %{libselinuxver} 
 
@@ -31,17 +33,19 @@ This package contains checkpolicy, the SELinux policy compiler.
 Only required for building policies. 
 
 %prep
-%autosetup -p 1 -n checkpolicy-%{version}
+%autosetup -p 2 -n checkpolicy-%{version}
 
 %build
-make clean
-make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" 
+
+%set_build_flags
+
+%make_build LIBDIR="%{_libdir}"
 cd test
-make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" 
+%make_build LIBDIR="%{_libdir}"
 
 %install
 mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
-make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
+%make_install LIBDIR="%{_libdir}"
 install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
 install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
 
@@ -52,10 +56,79 @@ install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
 %{_bindir}/checkmodule
 %{_mandir}/man8/checkpolicy.8.gz
 %{_mandir}/man8/checkmodule.8.gz
+%{_mandir}/ru/man8/checkpolicy.8.gz
+%{_mandir}/ru/man8/checkmodule.8.gz
 %{_bindir}/sedismod
 %{_bindir}/sedispol
 
 %changelog
+* Sun Nov  1 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-4
+- Fix signed overflow caused by using (1 << 31) - 1
+- Optimize storage of filename transitions
+- Rebuild with libsepol.so.2
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
+- SELinux userspace 3.1 release
+
+* Tue Jan 28 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-3
+- Fix -fno-common issues discovered by GCC 10
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Dec  6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
+- SELinux userspace 3.0 release
+
+* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
+- SELinux userspace 3.0-rc1 release candidate
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
+- SELinux userspace 2.9 release
+
+* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
+- SELinux userspace 2.9-rc2 release
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
+- SELinux userspace 2.9-rc1 release
+
+* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
+- Check the result value of hashtable_search
+- Destroy the class datum if it fails to initialize
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
+- SELinux userspace 2.8 release
+
+* Tue May 15 2018 Petr Lautrbach <plautrba@workstation> - 2.8-0.rc3.1
+- SELinux userspace 2.8-rc3 release candidate
+
+* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
+- SELinux userspace 2.8-rc1 release candidate
+
+* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-7
+- Add support for the SCTP portcon keyword
+
+* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-6
+- build: follow standard semantics for DESTDIR and PREFIX
+
+* Thu Feb 22 2018 Florian Weimer <fweimer@redhat.com> - 2.7-5
+- Use LDFLAGS from redhat-rpm-config
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 

gating.yaml

@@ -0,0 +1,16 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+

sources

@@ -1 +1 @@
-SHA512 (checkpolicy-2.7.tar.gz) = fba8a4132f90c98f8222de563dc15aac1b739d3a6207779b6a4715d2813e7553081351c54f42371a1b704a1f5038d40821b61213c4ad53eb705823975858cf7f
+SHA512 (checkpolicy-3.1.tar.gz) = 2276a5a0919286049d2ceba386ef5f6de523745b588bb81cb4fed5eced5fd0b8070249b7a3ae5a85e2abb9369a86318f727d4073aad14ab75c43750a46069168

tests/tests.yml

@@ -8,12 +8,7 @@
     repositories:
     - repo: "https://src.fedoraproject.org/tests/selinux.git"
       dest: "selinux"
-    tests:
-    - selinux/checkpolicy/checkmodule
-    - selinux/checkpolicy/checkpolicy
-    - selinux/checkpolicy/checkpolicy-docs
-    - selinux/checkpolicy/sedismod
-    - selinux/checkpolicy/sedispol
+      fmf_filter: "tier:1 | component:checkpolicy"
     required_packages:
     - checkpolicy              # Required by all tests
     - man                      # Required by checkpolicy-docs
@@ -27,6 +22,16 @@
     - policycoreutils          # Required by sedismod
     - psmisc                   # Required by sedismod
     - selinux-policy           # Required by sedispol
+    - e2fsprogs
+    - gcc
+    - git
+    - libselinux
+    - libselinux-utils
+    - libsemanage
+    - libsepol
+    - libsepol-devel
+    - policycoreutils-python-utils
+    - selinux-policy-devel
 
 # Tests for Container
 - hosts: localhost