From 8ee3e4d75799cb1129c962d2b0360474076b3c68 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 23 Dec 2022 17:12:44 +0100 Subject: [PATCH] libsemanage-3.5-0.rc1.1 - SELinux userspace 3.5-rc1 release --- .gitignore | 1 + ...ys-write-kernel-policy-when-check_ex.patch | 60 ------------------- ...emanage-Allow-user-to-set-SYSCONFDIR.patch | 40 ------------- ...ocs-provide-a-top-level-LICENSE-file.patch | 26 -------- ...ve-dependency-on-the-Python-module-d.patch | 31 ---------- libsemanage.spec | 21 ++++--- sources | 2 +- 7 files changed, 12 insertions(+), 169 deletions(-) delete mode 100644 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch delete mode 100644 0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch delete mode 100644 0003-docs-provide-a-top-level-LICENSE-file.patch delete mode 100644 0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch diff --git a/.gitignore b/.gitignore index 0d0583e..c0804ef 100644 --- a/.gitignore +++ b/.gitignore @@ -156,3 +156,4 @@ libsemanage-2.0.45.tgz /libsemanage-3.4-rc2.tar.gz /libsemanage-3.4-rc3.tar.gz /libsemanage-3.4.tar.gz +/libsemanage-3.5-rc1.tar.gz diff --git a/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch b/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch deleted file mode 100644 index 620ead4..0000000 --- a/0001-libsemanage-always-write-kernel-policy-when-check_ex.patch +++ /dev/null @@ -1,60 +0,0 @@ -From bdbe52be1bfbcc8a4614731f791d08ab8fb82ca2 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 8 Jun 2022 19:09:53 +0200 -Subject: [PATCH] libsemanage: always write kernel policy when - check_ext_changes is specified -Content-type: text/plain - -For the use case of rebuilding the policy after package updates, we need -the check_ext_changes operation to always do at least the do_write_kernel -step, because the various semanage dbs may have also changed content -relative to the current binary policy. As this step is itself relatively -fast, we can do it unconditionally. - -Fixes: 286a679fadc4 ("libsemanage: optionally rebuild policy when modules are changed externally") -Signed-off-by: Ondrej Mosnacek -Acked-by: Nicolas Iooss ---- - libsemanage/include/semanage/handle.h | 2 +- - libsemanage/src/direct_api.c | 8 +++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h -index 0157be4fbc46..4cf30815d803 100644 ---- a/libsemanage/include/semanage/handle.h -+++ b/libsemanage/include/semanage/handle.h -@@ -67,7 +67,7 @@ extern void semanage_set_reload(semanage_handle_t * handle, int do_reload); - extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); - - /* set whether to rebuild the policy on commit when potential changes -- * to module files since last rebuild are detected, -+ * to store files since last rebuild are detected, - * 1 for yes (default), 0 for no */ - extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); - -diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c -index 7206483a3ebb..7aa081abb3b7 100644 ---- a/libsemanage/src/direct_api.c -+++ b/libsemanage/src/direct_api.c -@@ -1437,13 +1437,15 @@ static int semanage_direct_commit(semanage_handle_t * sh) - * Determine what else needs to be done. - * We need to write the kernel policy if we are rebuilding - * or if any other policy component that lives in the kernel -- * policy has been modified. -+ * policy has been modified. We also want to force it when -+ * check_ext_changes was specified as the various dbases may have -+ * changes as well. - * We need to install the policy files if any of the managed files - * that live under /etc/selinux (kernel policy, seusers, file contexts) - * will be modified. - */ -- do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified | -- ibendports_modified | -+ do_write_kernel = do_rebuild | sh->check_ext_changes | -+ ports_modified | ibpkeys_modified | ibendports_modified | - bools->dtable->is_modified(bools->dbase) | - ifaces->dtable->is_modified(ifaces->dbase) | - nodes->dtable->is_modified(nodes->dbase) | --- -2.38.1 - diff --git a/0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch b/0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch deleted file mode 100644 index d163443..0000000 --- a/0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 01b5ef48dcc37ff06c5515b90d9da5b02dce820d Mon Sep 17 00:00:00 2001 -From: Matt Sheets -Date: Thu, 22 Sep 2022 11:02:55 -0700 -Subject: [PATCH] libsemanage: Allow user to set SYSCONFDIR -Content-type: text/plain - -This change will allow a user to set the location of their -sysconfdir, defaulted to /etc, if they are installing into -nonstandard locations. - -Signed-off-by: Matt Sheets -Reviewed-by: Daniel Burgener ---- - libsemanage/src/Makefile | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile -index 71c2a1d2513f..01df0181df1e 100644 ---- a/libsemanage/src/Makefile -+++ b/libsemanage/src/Makefile -@@ -11,6 +11,7 @@ PKG_CONFIG ?= pkg-config - PREFIX ?= /usr - LIBDIR ?= $(PREFIX)/lib - INCLUDEDIR ?= $(PREFIX)/include -+SYSCONFDIR ?= /etc - PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) - PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) - PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))") -@@ -19,7 +20,7 @@ RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + - RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') - RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]') - --DEFAULT_SEMANAGE_CONF_LOCATION=/etc/selinux/semanage.conf -+DEFAULT_SEMANAGE_CONF_LOCATION=$(SYSCONFDIR)/selinux/semanage.conf - - ifeq ($(DEBUG),1) - export CFLAGS ?= -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror --- -2.38.1 - diff --git a/0003-docs-provide-a-top-level-LICENSE-file.patch b/0003-docs-provide-a-top-level-LICENSE-file.patch deleted file mode 100644 index 6fb3204..0000000 --- a/0003-docs-provide-a-top-level-LICENSE-file.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a0a216ff7d86004ddc36d516377f0a6ffe88076c Mon Sep 17 00:00:00 2001 -From: Paul Moore -Date: Fri, 30 Sep 2022 17:44:12 -0400 -Subject: [PATCH] docs: provide a top level LICENSE file -Content-type: text/plain - -Provide a top level LICENSE file explaining how multiple the SELinux -userspace is released under multiple different licenses. Also ensure -that all the different license files share a consistent file name, -LICENSE, to make it easier for people to identify the license files. - -This is to help meet the OpenSSF Best Practices requirements. - -Signed-off-by: Paul Moore ---- - libsemanage/{COPYING => LICENSE} | 0 - 1 file changed, 0 insertions(+), 0 deletions(-) - rename libsemanage/{COPYING => LICENSE} (100%) - -diff --git a/libsemanage/COPYING b/libsemanage/LICENSE -similarity index 100% -rename from libsemanage/COPYING -rename to libsemanage/LICENSE --- -2.38.1 - diff --git a/0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch b/0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch deleted file mode 100644 index 70b3337..0000000 --- a/0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 33e56c9b2e302ef96f848f741423231df0a9998d Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Fri, 28 Oct 2022 16:13:51 -0400 -Subject: [PATCH] libsemanage: Remove dependency on the Python module distutils -Content-type: text/plain - -The distutils package is deprecated and scheduled to be removed in -Python 3.12. Use the sysconfig module instead. - -Signed-off-by: James Carter -Acked-by: Petr Lautrbach ---- - libsemanage/src/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile -index 01df0181df1e..589e4a706bfd 100644 ---- a/libsemanage/src/Makefile -+++ b/libsemanage/src/Makefile -@@ -14,7 +14,7 @@ INCLUDEDIR ?= $(PREFIX)/include - SYSCONFDIR ?= /etc - PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX)) - PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX)) --PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))") -+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))") - PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])') - RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]') - RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]') --- -2.38.1 - diff --git a/libsemanage.spec b/libsemanage.spec index 9d8302f..5be9738 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -1,19 +1,15 @@ -%define libsepolver 3.4-4 -%define libselinuxver 3.4-6 +%define libsepolver 3.5-0 +%define libselinuxver 3.5-0 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 3.4 -Release: 6%{?dist} +Version: 3.5 +Release: 0.rc1.1%{?dist} License: LGPL-2.1-or-later -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/libsemanage-3.4.tar.gz -# fedora-selinux/selinux: git format-patch -N 3.4 -- libsemanage +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5-rc1/libsemanage-3.5-rc1.tar.gz +# fedora-selinux/selinux: git format-patch -N 3.5-rc1 -- libsemanage # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start -Patch0001: 0001-libsemanage-always-write-kernel-policy-when-check_ex.patch -Patch0002: 0002-libsemanage-Allow-user-to-set-SYSCONFDIR.patch -Patch0003: 0003-docs-provide-a-top-level-LICENSE-file.patch -Patch0004: 0004-libsemanage-Remove-dependency-on-the-Python-module-d.patch # Patch list end URL: https://github.com/SELinuxProject/selinux/wiki Source1: semanage.conf @@ -79,7 +75,7 @@ The libsemanage-python3 package contains the python 3 bindings for developing SELinux management applications. %prep -%autosetup -n libsemanage-%{version} -p 2 +%autosetup -p 2 -n libsemanage-%{version}-rc1 %build @@ -158,6 +154,9 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf %{_libexecdir}/selinux/semanage_migrate_store %changelog +* Fri Dec 23 2022 Petr Lautrbach - 3.5-0.rc1.1 +- SELinux userspace 3.5-rc1 release + * Mon Nov 21 2022 Petr Lautrbach - 3.4-6 - Rebase on upstream f56a72ac9e86 diff --git a/sources b/sources index 57839a9..94b6277 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libsemanage-3.4.tar.gz) = 831dc789545bb9a0b009bdb4f7fe52f6197ad8325946640f886a960d08e40b8a69eccd5a70cce51466bb5cb7f742feb78d19a9ec63383fbd03aa451508677e73 +SHA512 (libsemanage-3.5-rc1.tar.gz) = fae484b36f75702f71c97d7ea1004a5588b838ef6ddee67d06316daa18c898a5bd6ad8094c7d7b8f2b2af331dd586a945a339460cafab3a3900b4cf30fdbe1de