Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

.gitignore

@@ -3,3 +3,12 @@ setools-3.3.8.tar.bz2
 setools-3.3.8-f1e5b20.tar.bz2
 /4.1.0.tar.gz
 /4.1.1.tar.gz
+/4.2.0-beta.tar.gz
+/4.2.0-rc.tar.gz
+/4.2.0.tar.gz
+/4.2.1.tar.gz
+/4.2.2.tar.gz
+/4.3.0.tar.gz
+/05e90ee.tar.gz
+/16c0696.tar.gz
+/4.4.0.tar.gz

0001-Do-not-use-Werror-during-build.patch

@@ -1,49 +0,0 @@
-From 617c3ae83c1c72ead627a57e1529724c62df807f Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 23 Feb 2017 08:17:07 +0100
-Subject: [PATCH 1/2] Do not use -Werror during build
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There are new warnings when setools are built with gcc 7 therefore we
-want to suppress -Werror for now
-
-Fixes:
-libqpol/policy_extend.c: In function ‘policy_extend’:
-libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
-    snprintf(buff, 9, "@ttr%04zd", i + 1);
-                           ^~~~~
-libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
-    snprintf(buff, 9, "@ttr%04zd", i + 1);
-                      ^~~~~~~~~~~
-In file included from /usr/include/stdio.h:939:0,
-                 from /usr/include/sepol/policydb/policydb.h:53,
-                 from libqpol/policy_extend.c:29:
-/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9
-   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
-          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-        __bos (__s), __fmt, __va_arg_pack ());
-        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-cc1: all warnings being treated as errors
-error: command 'gcc' failed with exit status 1
----
- setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/setup.py b/setup.py
-index 2ca44c9..9319bf6 100644
---- a/setup.py
-+++ b/setup.py
-@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
-                           'libqpol/policy_scan.c',
-                           'libqpol/xen_query.c'],
-                          include_dirs=include_dirs,
--                         extra_compile_args=['-Werror', '-Wextra',
-+                         extra_compile_args=['-Wextra',
-                                              '-Waggregate-return',
-                                              '-Wfloat-equal',
-                                              '-Wformat', '-Wformat=2',
--- 
-2.9.3
-

0001-Make-seinfo-output-predictable.patch

@@ -0,0 +1,90 @@
+From 8ed316d6bfb65e5e9b57f3761ea8490022ab3a05 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 18 Nov 2021 13:59:08 +0100
+Subject: [PATCH] Make seinfo output predictable
+
+There are few places where frozenset is used. Given that frozenset is an unordered
+collection the output generated from this is unpredictable.
+
+The following command outputs are fixed using sorted() on frozensets:
+
+    seinfo --constrain
+    seinfo --common
+    seinfo -c -x
+    seinfo -r -x
+    seinfo -u -x
+
+Fixes: https://github.com/SELinuxProject/setools/issues/65
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ setools/policyrep/constraint.pxi | 2 +-
+ setools/policyrep/objclass.pxi   | 4 ++--
+ setools/policyrep/role.pxi       | 2 +-
+ setools/policyrep/user.pxi       | 2 +-
+ 4 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi
+index 01c63d87425b..0b4c5b9bcf6a 100644
+--- a/setools/policyrep/constraint.pxi
++++ b/setools/policyrep/constraint.pxi
+@@ -72,7 +72,7 @@ cdef class Constraint(BaseConstraint):
+ 
+     def statement(self):
+         if len(self.perms) > 1:
+-            perms = "{{ {0} }}".format(' '.join(self.perms))
++            perms = "{{ {0} }}".format(' '.join(sorted(self.perms)))
+         else:
+             # convert to list since sets cannot be indexed
+             perms = list(self.perms)[0]
+diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi
+index b7ec7b7de5c3..8ed2be5a9bed 100644
+--- a/setools/policyrep/objclass.pxi
++++ b/setools/policyrep/objclass.pxi
+@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol):
+         return other in self.perms
+ 
+     def statement(self):
+-        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms))
++        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms)))
+ 
+ 
+ cdef class ObjClass(PolicySymbol):
+@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol):
+ 
+         # a class that inherits may not have additional permissions
+         if len(self.perms) > 0:
+-            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms))
++            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms)))
+ 
+         return stmt
+ 
+diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi
+index 9a0dd39f27d9..3af8a3f72a1f 100644
+--- a/setools/policyrep/role.pxi
++++ b/setools/policyrep/role.pxi
+@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol):
+         if count == 1:
+             stmt += " types {0}".format(types[0])
+         else:
+-            stmt += " types {{ {0} }}".format(' '.join(types))
++            stmt += " types {{ {0} }}".format(' '.join(sorted(types)))
+ 
+         stmt += ";"
+         return stmt
+diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi
+index 9c82aa92eb72..e37af2939820 100644
+--- a/setools/policyrep/user.pxi
++++ b/setools/policyrep/user.pxi
+@@ -81,7 +81,7 @@ cdef class User(PolicySymbol):
+         if count == 1:
+             stmt += roles[0]
+         else:
+-            stmt += "{{ {0} }}".format(' '.join(roles))
++            stmt += "{{ {0} }}".format(' '.join(sorted(roles)))
+ 
+         if self._level:
+             stmt += " level {0.mls_level} range {0.mls_range};".format(self)
+-- 
+2.33.1
+

0003-bswap_-macros-are-defined-in-byteswap.h.patch

@@ -1,26 +0,0 @@
-From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Thu, 10 Aug 2017 08:23:47 +0200
-Subject: [PATCH] bswap_* macros are defined in byteswap.h
-
-Fixes ImportError on s390x:
-/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
----
- libqpol/policy.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/libqpol/policy.c b/libqpol/policy.c
-index ae3acb5..e412be0 100644
---- a/libqpol/policy.c
-+++ b/libqpol/policy.c
-@@ -28,6 +28,7 @@
- 
- #include "qpol_internal.h"
- #include <assert.h>
-+#include <byteswap.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <limits.h>
--- 
-2.13.3
-

1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch

@@ -1,7 +1,7 @@
-From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 23 Feb 2017 08:17:07 +0100
-Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and
+From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 26 Apr 2019 15:27:25 +0200
+Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and
  setools.DomainTransitionAnalysis
 
 dta and infoflow modules require networkx which brings lot of dependencies.
@@ -12,28 +12,32 @@ Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
 setools.dta.DomainTransitionAnalysis and let the package containing
 sedta and seinfoflow to require python3-networkx
 ---
- sedta                       | 3 ++-
- seinfoflow                  | 3 ++-
- setools/__init__.py         | 4 ++--
+ sedta                       | 5 +++--
+ seinfoflow                  | 4 ++--
+ setools/__init__.py         | 4 ----
  setoolsgui/apol/dta.py      | 2 +-
  setoolsgui/apol/infoflow.py | 2 +-
- tests/dta.py                | 3 ++-
- tests/infoflow.py           | 3 ++-
- 7 files changed, 12 insertions(+), 8 deletions(-)
+ tests/dta.py                | 2 +-
+ tests/infoflow.py           | 2 +-
+ 7 files changed, 9 insertions(+), 12 deletions(-)
 
 diff --git a/sedta b/sedta
-index 1c76ebb..255ad49 100755
+index 57070098fe10..51890ea8ea73 100755
 --- a/sedta
 +++ b/sedta
-@@ -23,6 +23,7 @@ import argparse
- import logging
+@@ -23,9 +23,10 @@ import logging
+ import signal
  
  import setools
 +import setools.dta
  
  
- def print_transition(trans):
-@@ -111,7 +112,7 @@ else:
+-def print_transition(trans: setools.DomainTransition) -> None:
++def print_transition(trans: setools.dta.DomainTransition) -> None:
+     if trans.transition:
+         print("Domain transition rule(s):")
+         for t in trans.transition:
+@@ -114,7 +115,7 @@ else:
  
  try:
      p = setools.SELinuxPolicy(args.policy)
@@ -43,98 +47,96 @@ index 1c76ebb..255ad49 100755
      if args.shortest_path or args.all_paths:
          if args.shortest_path:
 diff --git a/seinfoflow b/seinfoflow
-index b287921..d53bdef 100755
+index 0ddcfdc7c1fb..8321718b2640 100755
 --- a/seinfoflow
 +++ b/seinfoflow
-@@ -19,6 +19,7 @@
+@@ -17,7 +17,7 @@
+ # along with SETools.  If not, see <http://www.gnu.org/licenses/>.
+ #
  
- from __future__ import print_function
- import setools
+-import setools
 +import setools.infoflow
  import argparse
  import sys
  import logging
-@@ -79,7 +80,7 @@ else:
+@@ -102,7 +102,7 @@ elif args.booleans is not None:
  try:
      p = setools.SELinuxPolicy(args.policy)
      m = setools.PermissionMap(args.map)
--    g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
-+    g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
+-    g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
++    g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
+                                  booleans=booleans)
  
      if args.shortest_path or args.all_paths:
-         if args.shortest_path:
 diff --git a/setools/__init__.py b/setools/__init__.py
-index a84c846..a53c5a7 100644
+index d72d343e7e79..642485b9018d 100644
 --- a/setools/__init__.py
 +++ b/setools/__init__.py
-@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
+@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
  from .devicetreeconquery import DevicetreeconQuery
  
  # Information Flow Analysis
 -from .infoflow import InfoFlowAnalysis
-+# from .infoflow import InfoFlowAnalysis
- from .permmap import PermissionMap
- 
- # Domain Transition Analysis
--from .dta import DomainTransitionAnalysis
-+# from .dta import DomainTransitionAnalysis
+ from .permmap import PermissionMap, RuleWeight, Mapping
  
+-# Domain Transition Analysis
+-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
+-
  # Policy difference
  from .diff import PolicyDifference
+ 
 diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
-index 0aaf13f..5b1ea20 100644
+index 62dbf04d9a5e..0ea000e790f0 100644
 --- a/setoolsgui/apol/dta.py
 +++ b/setoolsgui/apol/dta.py
-@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
  from PyQt5.QtGui import QPalette, QTextCursor
  from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
-                             QTreeWidgetItem
+     QTreeWidgetItem
 -from setools import DomainTransitionAnalysis
 +from setools.dta import DomainTransitionAnalysis
  
  from ..logtosignal import LogHandlerToSignal
- from .analysistab import AnalysisTab
+ from .analysistab import AnalysisSection, AnalysisTab
 diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
-index 1ae16de..fdf8f7b 100644
+index 28009aa2329c..92d350bf727c 100644
 --- a/setoolsgui/apol/infoflow.py
 +++ b/setoolsgui/apol/infoflow.py
-@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
  from PyQt5.QtGui import QPalette, QTextCursor
  from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
-                             QTreeWidgetItem
+     QTreeWidgetItem
 -from setools import InfoFlowAnalysis
 +from setools.infoflow import InfoFlowAnalysis
  from setools.exception import UnmappedClass, UnmappedPermission
  
  from ..logtosignal import LogHandlerToSignal
 diff --git a/tests/dta.py b/tests/dta.py
-index 32b9271..2bdd052 100644
+index a0cc9381469c..177e6fb0b961 100644
 --- a/tests/dta.py
 +++ b/tests/dta.py
-@@ -17,7 +17,8 @@
- #
+@@ -18,7 +18,7 @@
+ import os
  import unittest
  
--from setools import SELinuxPolicy, DomainTransitionAnalysis
-+from setools import SELinuxPolicy
+-from setools import DomainTransitionAnalysis
 +from setools.dta import DomainTransitionAnalysis
  from setools import TERuletype as TERT
- from setools.policyrep.exception import InvalidType
- from setools.policyrep.typeattr import Type
+ from setools.exception import InvalidType
+ from setools.policyrep import Type
 diff --git a/tests/infoflow.py b/tests/infoflow.py
-index 7751dda..a21c683 100644
+index aa0e44a7e4f8..fca2848aeca5 100644
 --- a/tests/infoflow.py
 +++ b/tests/infoflow.py
-@@ -17,7 +17,8 @@
- #
+@@ -18,7 +18,7 @@
+ import os
  import unittest
  
--from setools import SELinuxPolicy, InfoFlowAnalysis
-+from setools import SELinuxPolicy
+-from setools import InfoFlowAnalysis
 +from setools.infoflow import InfoFlowAnalysis
  from setools import TERuletype as TERT
+ from setools.exception import InvalidType
  from setools.permmap import PermissionMap
- from setools.policyrep.exception import InvalidType
 -- 
-2.9.3
+2.30.0
 

1003-Require-networkx-on-package-level.patch

@@ -0,0 +1,24 @@
+From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 2 Apr 2020 16:06:14 +0200
+Subject: [PATCH 2/2] Require networkx on package level
+
+It allows us to ship python3-setools without dependency on python3-networkx
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index c593b786cc61..0551811e3fd1 100644
+--- a/setup.py
++++ b/setup.py
+@@ -163,5 +163,5 @@ setup(name='setools',
+       # setup also requires libsepol and libselinux
+       # C libraries and headers to compile.
+       setup_requires=['setuptools', 'Cython>=0.27'],
+-      install_requires=['setuptools', 'networkx>=2.0']
++      install_requires=['setuptools']
+       )
+-- 
+2.30.0
+

gating.yaml

@@ -0,0 +1,16 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+

rpminspect.yaml

@@ -0,0 +1,3 @@
+emptyrpm:
+    expected_empty:
+        - setools

setools.spec

@@ -1,41 +1,33 @@
-# sitelib for noarch packages, sitearch for others (remove the unneeded one)
-%{!?__python2: %global __python2 %__python}
-%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
-%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
-
-# % global setools_pre_ver beta.1.8e09d95
-# % global gitver f1e5b20
-
-%global sepol_ver 2.7-1
-%global selinux_ver 2.7-1
+%global sepol_ver 3.4-1
+%global selinux_ver 3.4-1
 
 Name:           setools
-Version:        4.1.1
-Release:        2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
+Version:        4.4.0
+Release:        9%{?dist}
 Summary:        Policy analysis tools for SELinux
 
 License:        GPLv2
-URL:            https://github.com/TresysTechnology/setools/wiki
-Source0:        https://github.com/TresysTechnology/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
+URL:            https://github.com/SELinuxProject/setools/wiki
+Source0:        https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz
 Source1:        setools.pam
 Source2:        apol.desktop
-Patch1:         0001-Do-not-use-Werror-during-build.patch
-Patch2:         0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
-Patch3:         0003-bswap_-macros-are-defined-in-byteswap.h.patch
-
+Patch0001:      0001-Make-seinfo-output-predictable.patch
+Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+Patch1003:      1003-Require-networkx-on-package-level.patch
 Obsoletes:      setools < 4.0.0, setools-devel < 4.0.0
 BuildRequires:  flex,  bison
-BuildRequires:  glibc-devel, gcc, git
+BuildRequires:  glibc-devel, gcc, git-core
 BuildRequires:  libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
 BuildRequires:  qt5-qtbase-devel
 BuildRequires:  swig
-BuildRequires:  python2-devel
-BuildRequires:  python2-setuptools
+BuildRequires:  python3-Cython
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
+BuildRequires:  libselinux-devel
 
-# BuildArch:      
-Requires:       %{name}-python3 = %{version}-%{release}
+Requires:       %{name}-console = %{version}-%{release}
+Requires:       %{name}-console-analyses = %{version}-%{release}
+Requires:       %{name}-gui = %{version}-%{release}
 
 %description
 SETools is a collection of graphical tools, command-line tools, and
@@ -43,9 +35,8 @@ Python modules designed to facilitate SELinux policy analysis.
 
 %package     console
 Summary:     Policy analysis command-line tools for SELinux
-Group:       System Environment/Base
 License:     GPLv2
-Requires:    setools-python3 = %{version}-%{release}
+Requires:    python3-setools = %{version}-%{release}
 Requires:    libselinux >= %{selinux_ver}
 
 %description console
@@ -61,9 +52,8 @@ This package includes the following console tools:
 
 %package     console-analyses
 Summary:     Policy analysis command-line tools for SELinux
-Group:       System Environment/Base
 License:     GPLv2
-Requires:    setools-python3 = %{version}-%{release}
+Requires:    python3-setools = %{version}-%{release}
 Requires:    libselinux >= %{selinux_ver}
 Requires:    python3-networkx
 
@@ -77,26 +67,20 @@ This package includes the following console tools:
   seinfoflow   Perform information flow analyses.
 
 
-%package     python
+%package     -n python3-setools
 Summary:     Policy analysis tools for SELinux  
-Recommends:  libselinux-python
+Obsoletes:   setools-libs < 4.0.0
+%{?python_provide:%python_provide python3-setools}
+Requires:    python3-setuptools
 
-%description python
-SETools is a collection of graphical tools, command-line tools, and
-Python 2 modules designed to facilitate SELinux policy analysis.
-
-%package     python3
-Summary:     Policy analysis tools for SELinux  
-Obsoletes:   setools-libs < 4.0.0, setools-libs-tcl
-Recommends:  libselinux-python3
-
-%description python3
+%description -n python3-setools
 SETools is a collection of graphical tools, command-line tools, and
 Python 3 modules designed to facilitate SELinux policy analysis.
 
 
 %package     gui
 Summary:     Policy analysis graphical tools for SELinux
+Requires:    python3-setools = %{version}-%{release}
 Requires:    python3-qt5
 Requires:    python3-networkx
 
@@ -106,78 +90,200 @@ Python modules designed to facilitate SELinux policy analysis.
 
 
 %prep
-%autosetup -p 1 -S git
-
-cp -a ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
+%autosetup -p 1 -S git -n setools-%{version}
 
 
 %build
-# Remove CFLAGS=... for noarch packages (unneeded)
-CFLAGS="%{optflags}" %{__python3} setup.py build
-
-pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
-# Remove CFLAGS=... for noarch packages (unneeded)
-CFLAGS="%{optflags}" %{__python2} setup.py build
-popd
+%py3_build
 
 
 %install
-rm -rf %{buildroot}
-pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
-%{__python2} setup.py install --root %{buildroot}
-popd
-
-rm -rf %{buildroot}%{_bindir}
-%{__python3} setup.py install --root %{buildroot}
+%py3_install
 
 %check
 %if %{?_with_check:1}%{!?_with_check:0}
 %{__python3} setup.py test
-
-pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
-%{__python2} setup.py test
-popd
 %endif
 
 
 %files
-%defattr(-,root,root,-)
 
 %files console
+%{_bindir}/sechecker
 %{_bindir}/sediff
 %{_bindir}/seinfo
 %{_bindir}/sesearch
+%{_mandir}/man1/sechecker*
 %{_mandir}/man1/sediff*
 %{_mandir}/man1/seinfo*
 %{_mandir}/man1/sesearch*
+%{_mandir}/ru/man1/sediff*
+%{_mandir}/ru/man1/seinfo*
+%{_mandir}/ru/man1/sesearch*
 
 %files console-analyses
 %{_bindir}/sedta
 %{_bindir}/seinfoflow
 %{_mandir}/man1/sedta*
 %{_mandir}/man1/seinfoflow*
+%{_mandir}/ru/man1/sedta*
+%{_mandir}/ru/man1/seinfoflow*
 
-%files python
-# %doc AUTHORS ChangeLog KNOWN-BUGS NEWS README
+%files -n python3-setools
 %license COPYING COPYING.GPL COPYING.LGPL
-# For noarch packages: sitelib
-# %{python2_sitelib}/*
-# For arch-specific packages: sitearch
-%{python2_sitearch}/*
-
-%files python3
-%license COPYING COPYING.GPL COPYING.LGPL
-# %doc AUTHORS ChangeLog KNOWN-BUGS NEWS README
-# For noarch packages: sitelib
-# %{python3_sitelib}/*
-# For arch-specific packages: sitearch
-%{python3_sitearch}/*
+%{python3_sitearch}/setools
+%{python3_sitearch}/setools-*
 
 %files gui
 %{_bindir}/apol
+%{python3_sitearch}/setoolsgui
 %{_mandir}/man1/apol*
+%{_mandir}/ru/man1/apol*
 
 %changelog
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 4.4.0-8
+- Rebuilt for Python 3.11
+
+* Mon Jun 13 2022 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-7
+- Update required userspace versions to 3.4
+- Drop unnecessary Recommends
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.4.0-6
+- Rebuilt for Python 3.11
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Nov 19 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-4
+- Make seinfo output predictable
+  https://github.com/SELinuxProject/setools/issues/65
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 4.4.0-2
+- Rebuilt for Python 3.10
+
+* Mon Mar  8 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-1
+- SETools 4.4.0 release
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-0.3.20210121git16c0696
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
+- Rebuild with SELinux userspace 3.2-rc1
+- Update to 16c0696
+
+* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
+- Fix imports in /usr/bin/sedta
+
+* Tue Nov  3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
+- Update to 05e90ee
+- Add /usr/bin/sechecker
+- Adapt to new libsepol filename transition structures
+- Rebuild with libsepol.so.2
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-3
+- rebuild with SELinux userspace 3.1 release
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 4.3.0-2
+- Rebuilt for Python 3.9
+
+* Thu Apr  2 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-1
+- SETools 4.3.0 release
+- Revised sediff method for TE rules. This drastically reduced memory and run time.
+- Added infiniband context support to seinfo, sediff, and apol.
+- Added apol configuration for location of Qt assistant.
+- Fixed sediff issue where properties header would display when not requested.
+- Fixed sediff issue with type_transition file name comparison.
+- Fixed permission map socket sendto information flow direction.
+- Added methods to TypeAttribute class to make it a complete Python collection.
+- Genfscon now will look up classes rather than using fixed values which
+    were dropped from libsepol.
+
+* Mon Mar 23 2020 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-5
+- setools requires -console, -console-analyses and -gui packages (#1794314)
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-3
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-2
+- Rebuilt for Python 3.8
+
+* Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1}
+- SETools 4.2.2 release
+
+* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
+- Use %set_build_flags instead of %optflags
+
+* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
+- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
+
+* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
+- SETools 4.2.1 release (#1581761, #1595582)
+
+* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
+- Update source to SETools 4.2.0 release
+
+* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
+- Update upstream source to 4.2.0-rc
+
+* Wed Sep 19 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.2.beta
+- Require userspace release 2.8
+- setools-gui requires python3-setools
+- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
+- Drop python2 subpackage (4.2.0 no longer supports python2)
+
+* Wed Aug 29 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-13
+- Add Requires for python[23]-setuptools - no longer required (just recommended)
+  by python[23] (#1623371)
+
+* Wed Aug 22 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-12.1
+- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 4.1.1-10
+- Rebuilt for Python 3.7
+
+* Thu Jun 14 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-9
+- Move gui python files to -gui subpackage
+
+* Thu Apr 26 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-8
+- Add support for SCTP protocol (#1568333)
+
+* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Sep 04 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-5
+- setools-python2 requires python2-enum34
+
+* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-4
+- Add Provides for the old name without %%_isa
+
+* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-3
+- Python 2 binary package renamed to python2-setools
+  See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
+- Python 3 binary package renamed to python3-setools
+
 * Thu Aug 10 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-2
 - bswap_* macros are defined in byteswap.h
 

sources

@@ -1 +1 @@
-SHA512 (4.1.1.tar.gz) = 2e55a3b07e2f94d7c84054f31d266567b9acc708fe2b0e16ac3ea24e8301c712bcf564ff915a6135a1a6ba6822682bb3a6530dae20161a832fb7048364acbd04
+SHA512 (4.4.0.tar.gz) = 4033ce54213e47e3afd1bdb03b99b0ee3d977f085310d746b34dcfcfe48ac3a562ae0aa2f730d629a298b56dbf295ad219669d13f82578521866b465f8c976e8

tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile

@@ -0,0 +1,63 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
+#   Description: Make sure setools requires setools-console and setools-gui
+#   Author: Vit Mojzis <vmojzis@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2020 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Vit Mojzis <vmojzis@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Make sure setools requires setools-console and setools-gui" >> $(METADATA)
+	@echo "Type:            Regression" >> $(METADATA)
+	@echo "TestTime:        5m" >> $(METADATA)
+	@echo "RunFor:          setools" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2+" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Bug:             1820078" >> $(METADATA)
+	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA)
+
+	rhts-lint $(METADATA)

tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools
+#   Description: Make sure setools requires setools-console and setools-gui
+#   Author: Vit Mojzis <vmojzis@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2020 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh || exit 1
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="setools"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console"
+        OUTPUT_FILE=`mktemp`
+    rlPhaseEnd
+
+    rlPhaseStartTest "bz#1820078"
+        rlRun "dnf -y install ${PACKAGE}" 0
+        rlAssertRpm "${PACKAGE}-gui"
+        rlAssertRpm "${PACKAGE}-console"
+        # make sure that setools-* packages do not require setools
+        rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1
+        rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1
+        if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rm -f ${OUTPUT_FILE}
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd

tests/Sanity/sedta/Makefile

@@ -0,0 +1,63 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/setools/Sanity/sedta
+#   Description: Does sedta work as expected? Does it support all features?
+#   Author: Milos Malik <mmalik@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2019 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/CoreOS/setools/Sanity/sedta
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Does sedta work as expected? Does it support all features?" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        1h" >> $(METADATA)
+	@echo "RunFor:          setools" >> $(METADATA)
+	@echo "Requires:        policycoreutils setools-console-analyses" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2+" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Releases:        -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA)
+
+	rhts-lint $(METADATA)
+

tests/Sanity/sedta/PURPOSE

@@ -0,0 +1,3 @@
+PURPOSE of /CoreOS/setools/Sanity/sedta
+Description: Does sedta work as expected? Does it support all features?
+Author: Milos Malik <mmalik@redhat.com>

tests/Sanity/sedta/runtest.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/setools/Sanity/sedta
+#   Description: Does sedta work as expected? Does it support all features?
+#   Author: Milos Malik <mmalik@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2019 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh || exit 1
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="setools"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm ${PACKAGE}-console-analyses
+        OUTPUT_FILE=`mktemp`
+        rlRun "semodule -i testpolicy.cil"
+        rlRun "semodule -l | grep testpolicy"
+    rlPhaseEnd
+
+    rlPhaseStartTest "invalid values"
+        rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1
+        rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
+        rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1
+        rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
+        rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1
+        rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}"
+        rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1
+        rlRun "grep -i 'must be positive' ${OUTPUT_FILE}"
+        rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}"
+    rlPhaseEnd
+
+    rlPhaseStartTest "valid values"
+        # transitivity
+        rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
+        rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
+        rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
+        # reflexivity
+        rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
+        rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
+        rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
+        # path is longer than limit
+        rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
+        # non-existent relation
+        rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
+        # non-existent relation
+        rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}"
+        rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "semodule -r testpolicy"
+        rlRun "semodule -l | grep testpolicy" 1
+        rm -f ${OUTPUT_FILE}
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd
+

tests/Sanity/sedta/testpolicy.cil

@@ -0,0 +1,21 @@
+( type xyz_t )
+
+( type first_t )
+( type first_exec_t )
+( type second_t )
+( type second_exec_t )
+( type third_t )
+( type third_exec_t )
+
+( typetransition first_t second_exec_t process second_t )
+( typetransition second_t third_exec_t process third_t )
+
+( allow first_t second_exec_t ( file ( getattr open read execute )))
+( allow first_t second_t ( process ( transition )))
+( allow second_t third_exec_t ( file ( getattr open read execute )))
+( allow second_t third_t ( process ( transition )))
+
+( allow first_t first_exec_t ( file ( entrypoint )))
+( allow second_t second_exec_t ( file ( entrypoint )))
+( allow third_t third_exec_t ( file ( entrypoint )))
+

tests/Sanity/seinfo-consistent-output/Makefile

@@ -0,0 +1,64 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of Sanity/seinfo-consistent-output
+#   Description: Check whether different 2 or more runs of same seinfo commands produce same output
+#   Author: Petr Lautrbach <plautrba@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2021 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=Sanity/seinfo-consistent-output
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Check whether different 2 or more runs of same seinfo commands produce same output" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        5m" >> $(METADATA)
+	@echo "RunFor:          setools" >> $(METADATA)
+	@echo "Requires:        setools-console" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2+" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Bug:             2019962" >> $(METADATA)
+	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
+
+	rhts-lint $(METADATA)

tests/Sanity/seinfo-consistent-output/PURPOSE

@@ -0,0 +1,3 @@
+PURPOSE of Sanity/seinfo-consistent-output
+Description: Check whether different 2 or more runs of same seinfo commands produce same output
+Author: Petr Lautrbach <plautrba@redhat.com>

tests/Sanity/seinfo-consistent-output/runtest.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of Sanity/seinfo-consistent-output
+#   Description: Check whether different 2 or more runs of same seinfo commands produce same output
+#   Author: Petr Lautrbach <plautrba@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2021 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh || exit 1
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="setools-console"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+    rlPhaseEnd
+
+    commands=(
+        "seinfo --all -x"
+        "seinfo --constrain"
+        "seinfo --common"
+        "seinfo -c -x"
+        "seinfo -r -x"
+        "seinfo -u -x"
+    )
+
+    for c in "${commands[@]}"; do
+
+        rlPhaseStartTest "$c"
+            rlRun "$c > 1.out"
+            rlRun "$c > 2.out"
+            rlRun "cmp 1.out 2.out" 0
+        rlPhaseEnd
+    done
+
+    rlPhaseStartCleanup
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd

tests/tests.yml

@@ -0,0 +1,22 @@
+---
+# Test to run in classic context
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    repositories:
+    - repo: "https://src.fedoraproject.org/tests/selinux.git"
+      dest: "selinux"
+      fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy"
+
+# Test to run in classic context
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    tests:
+      - Sanity/sedta
+      - Regression/The-setools-package-doesn-t-install-any-tools
+      - Sanity/seinfo-consistent-output