tests: ausearch needs --input-logs in order not to read from stdin

- Add a screen reader label to the icon
- seapplet: avoid ValueError when parsing sealert.conf
- doc: Document performance related changes
- Decrease setroubleshootd priority and limit RAM utilization to 1GB
- Use setup from setuptools
- Use `pip install` instead of `setup.py install`

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -209,3 +209,10 @@ setroubleshoot-2.2.93.tar.gz
 /setroubleshoot-3.3.22.tar.gz
 /setroubleshoot-3.3.23.tar.gz
 /setroubleshoot-3.3.24.tar.gz
+/setroubleshoot-3.3.25.tar.gz
+/setroubleshoot-3.3.26.tar.gz
+/framework-3.3.27.tar.gz
+/setroubleshoot-3.3.28.tar.gz
+/setroubleshoot-3.3.29.tar.gz
+/setroubleshoot-3.3.30.tar.gz
+/setroubleshoot-3.3.31.tar.gz

0001-util.py-Improve-doctest-tests.patch

@@ -0,0 +1,95 @@
+From def9fd0c22e43e437f867eb1f4bafc7c4a68898b Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 18 Jan 2022 11:59:40 +0100
+Subject: [PATCH] util.py: Improve doctest tests
+
+Usage:
+    # python3 -m doctest -v src/setroubleshoot/util.py
+---
+ src/setroubleshoot/util.py | 32 +++++++++++++++++---------------
+ 1 file changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
+index 02c4f752e690..de10c7319138 100755
+--- a/src/setroubleshoot/util.py
++++ b/src/setroubleshoot/util.py
+@@ -321,7 +321,7 @@ def default_date_text(date):
+ 
+ def get_standard_directories():
+     """
+->>> get_standard_directories()
++>>> get_standard_directories() # doctest: +ELLIPSIS
+ [...'/bin'...]
+     """
+     lst = []
+@@ -347,8 +347,8 @@ def get_rpm_nvr_from_header(hdr):
+ 
+ def get_package_nvr_by_name(name):
+     """
+->>> get_package_nvr_by_name("coreutils")
+-'coreutils-8.30-3+b1:amd64'
++>>> get_package_nvr_by_name("coreutils")[0:9]
++'coreutils'
+     """
+     if name is None:
+         return None
+@@ -369,8 +369,8 @@ def get_package_nvr_by_name(name):
+ 
+ def get_package_nvr_by_file_path(name):
+     """
+->>> get_package_nvr_by_file_path("/bin/ls")
+-'coreutils-8.30-3+b1:amd64'
++>>> get_package_nvr_by_file_path("/bin/ls")[0:9]
++'coreutils'
+     """
+     if name is None:
+         return None
+@@ -424,11 +424,11 @@ Finds an SELinux module which defines given SELinux type
+ 
+ ##### usage
+ 
+->>> get_rpm_nvr_by_type("sshd_t")
+-'selinux-policy-...
++>>> get_rpm_nvr_by_type("sshd_t")[0:14]
++'selinux-policy'
+ 
+->>> get_rpm_nvr_by_type("mysqld_log_t")
+-'mysql-selinux-...
++>>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
++'mysql-selinux'
+ 
+     """
+ 
+@@ -511,14 +511,14 @@ Finds an SELinux module which defines given SELinux context
+ 
+ ##### usage
+ 
+->>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
+-'selinux-policy-...
++>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")[0:14]
++'selinux-policy'
+ 
+->>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
+-'mysql-selinux-...
++>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")[0:13]
++'mysql-selinux'
+ 
+->>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
+-'selinux-policy-...
++>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)[0:14]
++'selinux-policy'
+ 
+     """
+     if use_dbus:
+@@ -542,6 +542,8 @@ def get_rpm_source_package(name):
+     >>> get_rpm_source_package("selinux-policy-targeted")
+     'selinux-policy'
+ 
++    >>> get_rpm_source_package("selinux-policy-targeted-35.8-1.fc35.noarch")
++    'selinux-policy'
+     """
+     if name is None:
+         return None
+-- 
+2.34.1
+

0002-Look-for-modules-in-usr-share-selinux-packages.patch

@@ -0,0 +1,54 @@
+From 93a63babd44e8fc7652b4e6c3c078133f234310f Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 18 Jan 2022 15:59:09 +0100
+Subject: [PATCH] Look for modules in /usr/share/selinux/packages
+
+Not all packages shipping SELinux modules own their directory in
+/var/lib/selinux/... Some of them own just .pp.bz2 file in
+/usr/share/selinux/packages. Lets look there when we try to detect the
+right component for the report.
+---
+ src/setroubleshoot/util.py | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
+index de10c7319138..1405bb84c342 100755
+--- a/src/setroubleshoot/util.py
++++ b/src/setroubleshoot/util.py
+@@ -430,6 +430,9 @@ Finds an SELinux module which defines given SELinux type
+ >>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
+ 'mysql-selinux'
+ 
++>>> get_rpm_nvr_by_type("spc_t")[0:17]
++'container-selinux'
++
+     """
+ 
+     if module_type_cache is None:
+@@ -439,7 +442,22 @@ Finds an SELinux module which defines given SELinux type
+ 
+     path = module_type_cache.get(selinux_type, None)
+ 
+-    return get_package_nvr_by_file_path(path)
++    if path is None:
++        return None
++
++    package = get_package_nvr_by_file_path(path)
++
++    if package is None:
++        module_name = path.split('/')[-1]
++        path = '/usr/share/selinux/packages/' + module_name + '.pp'
++        package = get_package_nvr_by_file_path(path)
++        if package is None:
++            path += '.bz2'
++            package = get_package_nvr_by_file_path(path)
++
++    return package
++
++
+ 
+ # check if given string represents an integer
+ def __str_is_int(str):
+-- 
+2.34.1
+

0003-Always-use-rpm-source-package-for-reporting.patch

@@ -0,0 +1,37 @@
+From 2dbf243d535c3b8dca5fa3b4e360ca8c6959f68d Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 18 Jan 2022 12:01:03 +0100
+Subject: [PATCH] Always use rpm source package for reporting
+
+Originally when a module wasn't owned by any package policy_rpm, e.g.
+selinux-policy-targeted..., was used. In Red Hat bugzilla there's no
+component selinux-policy-targeted therefore we need to use source
+package name when reporting a problem.
+
+Fixes:
+fatal: RPC failed at server.  There is no component named 'selinux-policy-targeted-35.8-1.fc35.noarch' in the 'Fedora' product.
+---
+ src/setroubleshoot/browser.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/setroubleshoot/browser.py b/src/setroubleshoot/browser.py
+index 3203f75e0c17..48015834fe57 100644
+--- a/src/setroubleshoot/browser.py
++++ b/src/setroubleshoot/browser.py
+@@ -1002,9 +1002,10 @@ class BugReport:
+         text_buf = self.error_submit_text.get_buffer()
+         content = text_buf.get_text(text_buf.get_start_iter(),
+                                     text_buf.get_end_iter(), False)
+-        local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm)
+-        if local_policy_package is None:
+-            local_policy_package = self.alert.environment.policy_rpm
++        local_policy_rpm = self.alert.environment.local_policy_rpm
++        if not local_policy_rpm:
++            local_policy_rpm = self.alert.environment.policy_rpm
++        local_policy_package = get_rpm_source_package(local_policy_rpm)
+         signature = report.createAlertSignature(str(local_policy_package),
+                                                 "setroubleshoot",
+                                                 self.alert.get_hash(),
+-- 
+2.34.1
+

README.translations

@@ -1,29 +1,47 @@
 Setroubleshoot translations currently live in the following locations:
 
-- https://fedora.zanata.org/project/view/setroubleshoot
+- https://translate.fedoraproject.org/projects/setroubleshoot/
-  - contains translations for both stable (RHEL) and master (Fedora) branches
+  - contains translations for both stable (rhel8) and main (Fedora) branches
   - maintains large number of languages (several of which do not actually contain any translated strings)
   - updated by community and partially by RH localization effort
 
-- setroubleshoot source repositories (https://pagure.io/setroubleshoot and https://github.com/fedora-selinux/setroubleshoot)
+- setroubleshoot source repositories
-  - is kept up-to-date with fedora.zanata
+  - https://gitlab.com/setroubleshoot
+    - used for development
+    - separate repos for plugins and framework
+  - https://pagure.io/setroubleshoot and https://github.com/fedora-selinux/setroubleshoot
+    - no longer updated
+    - plugins and framework in the same repo
 
-How to update source files on fedora.zanata:
+How to update source files on weblate:
-  $ git clone git@github.com:fedora-selinux/setroubleshoot.git
+  # install dependencies
-  $ cd setroubleshoot/framework
+  $ sudo dnf install automake autoconf inittool gettext glib2-devel dbus-devel libnotify-devel gtk3-devel audit-libs-devel
-    # Update Makefile
+  $ git clone git@gitlab.com:setroubleshoot/framework.git
+  $ git clone git@gitlab.com:setroubleshoot/plugins.git
+  $ cd framework
+  # Update Makefile
   $ ./autogen.sh
-    # generate new potfile
+  # generate new potfile
   $ cd po
   $ make setroubleshoot.pot
-    # Repeat the process for plugins
+  # https://translate.fedoraproject.org/projects/setroubleshoot/setroubleshoot/en/
-    # Push potfiles to zanata
+  # Files -> Upload translations
-  $ zanata-cli push --push-type source
+  # Repeat the process for plugins
+  # https://translate.fedoraproject.org/projects/setroubleshoot/plugins/en/
+  # Files -> Upload translations
+  # or use weblate command line tool:
+  $ wlc --key <API key> --url https://translate.fedoraproject.org/api/ upload --input framework/po/setroubleshoot.pot setroubleshoot/setroubleshoot/en
+  $ wlc --key <API key> --url https://translate.fedoraproject.org/api/ upload --input plugins/po/setroubleshoot.pot setroubleshoot/plugins/en/
 
-How to pull new translations from zanata
+How to pull new translations from weblate
-  $ git clone git@github.com:fedora-selinux/setroubleshoot.git
+  $ git clone git@gitlab.com:setroubleshoot/framework.git
-  $ cd setroubleshoot
+  $ git clone git@gitlab.com:setroubleshoot/plugins.git
-    # Make sure "zanata.xml" file pointing to corresponding translations branch is present
+  # https://translate.fedoraproject.org/projects/setroubleshoot/setroubleshoot
-    # Optionally update source files on zanata
+  # Files -> Download translation files as ZIP file
-    # Pull new translations from zanata
+  # https://translate.fedoraproject.org/projects/setroubleshoot/plugins/
-  $ zanata-cli -e pull --pull-type trans
+  # Files -> Download translation files as ZIP file
+  $ unzip setroubleshoot-setroubleshoot.zip
+  $ cp setroubleshoot/setroubleshoot/framework/po/*.po /framework/po
+  $ unzip setroubleshoot-plugins.zip
+  $ cp setroubleshoot/plugins/plugins/po/*.po /plugins/po
+  # wlc doesn't support batch download yet https://github.com/WeblateOrg/wlc/issues/17

plans/tests.fmf

@@ -0,0 +1,6 @@
+summary: Tier 1 setroubleshoot test plan
+discover:
+    how: fmf
+execute:
+    how: tmt
+

setroubleshoot-po.patch

@@ -1,26 +0,0 @@
-diff -up setroubleshoot-3.2.14/po/bn_IN.po~ setroubleshoot-3.2.14/po/bn_IN.po
---- setroubleshoot-3.2.14/po/bn_IN.po~	2013-11-20 10:01:40.717181224 -0500
-+++ setroubleshoot-3.2.14/po/bn_IN.po	2013-11-20 10:02:47.154195170 -0500
-@@ -165,9 +165,7 @@ msgstr "উৎসের পà§<C3A0>রকà§<C3A0>à
- 
- #: ../src/browser.py:269
- msgid "Attempted Access"
--msgstr ""
--"\n"
--"বà§<C3A0>যবহারের পà§<C3A0>রয়াস\n"
-+msgstr "বà§<C3A0>যবহারের পà§<C3A0>রয়াস"
- 
- #: ../src/browser.py:269
- msgid "On this"
-@@ -222,9 +220,8 @@ msgstr ""
- msgid ""
- "Report\n"
- "Bug"
--msgstr ""
--"বাগ সমà§<C3A0>পরà§<C3A0>কে\n"
--"সূচিত করà§<C3A0>ন\n"
-+msgstr "বাগ সমà§<C3A0>পরà§<C3A0>কে\n"
-+"সূচিত করà§<C3A0>ন"
- 
- #: ../src/browser.py:543
- #, python-format

setroubleshoot.init

@@ -1,195 +0,0 @@
-#!/bin/bash
-#
-# setroubleshoot       This starts and stops setroubleshoot daemon
-#
-# chkconfig: 345 13 87
-# description: This starts the SELinux Troubleshooting Daemon
-#
-# processname: /usr/sbin/setroubleshootd
-# config: /etc/setroubleshoot/setroubleshoot.cfg
-# pidfile: /var/run/setroubleshoot.pid
-#
-
-### BEGIN INIT INFO
-# Provides: lsb-setroubleshootd
-# Required-Start: $local_fs $syslog $network $named $messagebus
-# Required-Stop: $local_fs $syslog $network $named $messagebus
-# Default-Start:  3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: start and stop SELinux Troubleshooting Daemon
-# Description: controls operation of the SELinux Troubleshooting Daemon
-#	(setroubleshootd) which listens for SELinux AVC denial messages
-#	analyzes it and provides a friendly interpretation.
-### END INIT INFO
-
-# Return values according to LSB for all commands but status:
-# 0	success
-# 1	generic or unspecified error (current practice)
-# 2	invalid or excess argument(s)
-# 3	unimplemented feature (for example, "reload")
-# 4	user had insufficient privilege
-# 5	program is not installed
-# 6	program is not configured
-# 7	program is not running
-
-# Command argument
-# start		start the service
-# stop		stop the service
-# restart	stop and restart the service if the service is already running, otherwise start the service
-# try-restart	restart the service if the service is already running
-# reload	cause the configuration of the service to be reloaded without actually stopping and restarting the service
-# force-reload	cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running
-# status	print the current status of the service
-
-# start, stop, restart, force-reload, and status actions must be supported
-# reload and the try-restart actions are optional.
-# the init script.
-
-PATH=/sbin:/bin:/usr/bin:/usr/sbin
-
-# Source function library.
-. /etc/init.d/functions
-
-RETVAL=0
-prog="setroubleshootd"
-
-usage(){
-    echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb [test][verbose]}"
-}
-
-command=$1
-shift
-
-[ $command ] || (usage; exit 3)
-
-# look for extra options
-while [ $# -gt 0 ]; do
-    arg=$1
-    case "$arg" in
-	test)
-	    EXTRAOPTIONS="$EXTRAOPTIONS -c audit.text_protocol_socket_path=/tmp/audispd_events"
-	    ;;
-	verbose)
-	    EXTRAOPTIONS="$EXTRAOPTIONS -V"
-	    ;;
-	*)
-	    echo "unknown arg $arg"
-    esac
-    shift
-done
-
-rhstatus(){
-    status $prog
-    RETVAL=$?
-    return $RETVAL
-}
-
-# Allow status as non-root and also if SELinux is disabled
-if [ "$command" = status ]; then
-	rhstatus
-	RETVAL=$?
-	exit $RETVAL
-fi
-
-# Silently exit is SELinux is not enabled
-[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1
-
-# Check that we are root ... so non-root users stop here
-if test `id -u` != 0; then
-	echo "You must be root"
-	exit 4
-fi
-
-start(){
-    echo -n $"Starting $prog: "
-    unset HOME MAIL USER USERNAME
-    daemon $prog "$EXTRAOPTIONS"
-    RETVAL=$?
-    echo
-    if test $RETVAL = 0 ; then
-        touch /var/lock/subsys/$prog
-    fi
-    if test $RETVAL = 3 ; then
-	echo -n $"Cannot start $prog: SELinux not enabled"
-    fi
-    return $RETVAL
-}
-
-stop(){
-    echo -n $"Stopping $prog: "
-    killproc $prog
-    RETVAL=$?
-    echo
-    rm -f /var/lock/subsys/$prog
-    return $RETVAL
-}
-
-reload(){
-    echo -n $"Reloading configuration: "	
-    killproc $prog -HUP
-    RETVAL=$?
-    echo
-    return $RETVAL
-}
-
-restart(){
-    stop
-    start
-    RETVAL=$?
-    return $RETVAL
-}
-
-condrestart(){
-    [ -e /var/lock/subsys/$prog ] && restart
-    RETVAL=0
-    return $RETVAL
-}
-
-cleardb(){
-    running=0
-    [ -e /var/lock/subsys/$prog ] && running=1
-    [ $running == 1 ] && stop
-    echo $"Clearing database"
-    rm -f /var/lib/setroubleshoot/database.xml
-    rm -f /var/lib/setroubleshoot/audit_listener_database.xml
-    [ $running == 1 ] && start
-    RETVAL=0
-    return $RETVAL
-}
-
-# See how we were called.
-case "$command" in
-    start)
-	start
-	RETVAL=$?
-	;;
-    stop)
-	stop
-	RETVAL=$?
-	;;
-    status)
-	rhstatus
-	RETVAL=$?
-	;;
-    restart)
-	restart
-	RETVAL=$?
-	;;
-    force-reload|reload)
-	reload
-	RETVAL=$?
-	;;
-    try-restart|condrestart)
-	condrestart
-	RETVAL=$?
-	;;
-    cleardb)
-	cleardb
-	RETVAL=$?
-	;;
-    *)
-	usage
-	RETVAL=3
-esac
-
-exit $RETVAL

setroubleshoot.spec

@@ -3,24 +3,28 @@
 
 Summary: Helps troubleshoot SELinux problems
 Name: setroubleshoot
-Version: 3.3.24
+Version: 3.3.31
 Release: 1%{?dist}
-License: GPLv2+
+License: GPL-2.0-or-later
-URL: https://pagure.io/setroubleshoot
+URL: https://gitlab.com/setroubleshoot/setroubleshoot
-Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
+Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz
 Source1: %{name}.tmpfiles
-# git format-patch -N setroubleshoot-3.3.24 -- framework
+Source2: %{name}.sysusers
+# git format-patch -N 3.3.30
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
-Patch0001: 0001-framework-Update-translations.patch
 BuildRequires: gcc
+BuildRequires: make
 BuildRequires: libcap-ng-devel
-BuildRequires: intltool gettext python3 python3-devel
+BuildRequires: intltool gettext python3 python3-devel python3-setuptools python3-pip
-BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel audit-libs-devel libselinux-devel polkit-devel
+BuildRequires: desktop-file-utils dbus-glib-devel libnotify-devel libselinux-devel polkit-devel
-BuildRequires: python3-libselinux python3-pydbus python3-gobject gtk3-devel
+BuildRequires: audit-libs-devel >= 3.0.1
+BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel
+# for the _tmpfilesdir macro
+BuildRequires: systemd-rpm-macros
 Requires: %{name}-server = %{version}-%{release}
 Requires: gtk3, libnotify
 Requires: libreport-gtk >= 2.2.1-2, python3-libreport
-Requires: python3-gobject, python3-pydbus
+Requires: python3-gobject, python3-dasbus
 Requires(post): desktop-file-utils
 Requires(post): dbus
 Requires(postun): desktop-file-utils
@@ -36,7 +40,6 @@ Requires: xdg-utils
 %global pkgvardatadir %{_localstatedir}/lib/%{name}
 %global pkgconfigdir  %{_sysconfdir}/%{name}
 %global pkgdatabase   %{pkgvardatadir}/setroubleshoot_database.xml
-%global username      setroubleshoot
 
 %description
 setroubleshoot GUI. Application that allows you to view setroubleshoot-server
@@ -50,7 +53,7 @@ to user preference. The same tools can be run on existing log files.
 %{pkgguidir}
 %config(noreplace) %{_sysconfdir}/xdg/autostart/*
 %{_datadir}/applications/*.desktop
-%{_datadir}/appdata/*.appdata.xml
+%{_metainfodir}/*.appdata.xml
 %{_datadir}/dbus-1/services/sealert.service
 %{_datadir}/icons/hicolor/*/*/*
 %dir %attr(0755,root,root) %{pkgpythondir}
@@ -62,11 +65,11 @@ to user preference. The same tools can be run on existing log files.
 
 
 %prep
-%autosetup -p 2
+%autosetup -p 1
 
 %build
-autoreconf -f
+./autogen.sh
-%configure PYTHON=%{__python3} --enable-seappletlegacy=yes --with-auditpluginsdir=/etc/audit/plugins.d
+%configure PYTHON=%{__python3} --enable-seappletlegacy=no --with-auditpluginsdir=/etc/audit/plugins.d
 make
 
 %install
@@ -78,7 +81,8 @@ touch %{buildroot}%{pkgdatabase}
 touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
 rm -rf %{buildroot}/usr/share/doc/
 # create /run/setroubleshoot on boot
-install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
+install -p -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
+install -p -m644 -D %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/%{name}.conf
 
 
 %find_lang %{name}
@@ -87,7 +91,7 @@ install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
 Summary: SELinux troubleshoot server
 
 Requires: %{name}-plugins >= 3.3.10
-Requires: audit >= 3
+Requires: audit >= 3.0.1
 Requires: audit-libs-python3
 Requires: libxml2-python3
 Requires: rpm-python3
@@ -95,12 +99,12 @@ Requires: libselinux-python3  >= 2.1.5-1
 Requires: policycoreutils-python-utils
 BuildRequires: intltool gettext python3
 BuildRequires: python3-devel
-Requires: python3-slip-dbus systemd-python3 >= 206-1
+Requires: systemd-python3 >= 206-1
 Requires: python3-gobject-base >= 3.11
 Requires: dbus
-Requires: python3-dbus python3-pydbus
+Requires: python3-dbus python3-dasbus
 Requires: polkit
-Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
+Requires: initscripts-service
 
 %description server
 Provides tools to help diagnose SELinux problems. When AVC messages
@@ -109,7 +113,7 @@ about the problem and help track its resolution. Alerts can be configured
 to user preference. The same tools can be run on existing log files.
 
 %pre server
-getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
+%sysusers_create_compat %{SOURCE2}
 
 %post server
 /sbin/service auditd reload >/dev/null 2>&1 || :
@@ -117,9 +121,6 @@ getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgv
 %postun server
 /sbin/service auditd reload >/dev/null 2>&1 || :
 
-%triggerun server -- %{name}-server < 3.2.24-4
-chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
-
 %files server -f %{name}.lang
 %{_bindir}/sealert
 %{_sbindir}/sedispatch
@@ -172,34 +173,101 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootPrivileged.conf
 %attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir}
 %ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase}
-%ghost %attr(0644,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
+%ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
 %{_mandir}/man1/seapplet.1.gz
 %{_mandir}/man8/sealert.8.gz
 %{_mandir}/man8/sedispatch.8.gz
 %{_mandir}/man8/setroubleshootd.8.gz
 %config /etc/audit/plugins.d/sedispatch.conf
+%{_unitdir}/setroubleshootd.service
 %{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
 %{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
 %{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
 %{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
 %attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
+%attr(0644,root,root) %{_sysusersdir}/%{name}.conf
 %attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
 %doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
 
-%package legacy
-Summary: SELinux troubleshoot legacy applet
-
-Requires: gtk2
-Requires: %{name} = %{version}-%{release}
-
-%description legacy
-SELinux troubleshoot legacy applet
-
-%files legacy
-%{_bindir}/seappletlegacy
-
 %changelog
+* Wed Nov 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.3.31-1
+- Add a screen reader label to the icon
+- seapplet: avoid ValueError when parsing sealert.conf
+- doc: Document performance related changes
+- Decrease setroubleshootd priority and limit RAM utilization to 1GB
+- Use setup from setuptools
+- Use `pip install` instead of `setup.py install`
+
+* Tue Jun 28 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.30-1
+ - Miscellaneous python and build system changes
+ - Fix couple of typos
+ - Drop Python2 support
+ - Use inspect.signature() instead of instead.getargspec()
+ - Update translations
+
+* Wed Mar 30 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.29-1
+- Introduce email.use_sendmail option
+- Update translations
+
+* Wed Feb 09 2022 Timothée Ravier <tim@siosm.fr> - 3.3.28-3
+- Install systemd-sysusers config
+- Remove Requires(pre) useradd & groupadd
+
+* Tue Feb  8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-2
+- Use %sysusers_create_compat instead of useradd
+- Set right ownership on /var/lib/setroubleshoot
+
+* Tue Feb  8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-1
+- Look for modules in /usr/share/selinux/packages
+- Always use rpm source package for reporting
+- Improve after_first email filter behavior
+
+* Wed Jan 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-2
+- Improve DSP module reporting
+- Require initscripts-service - /sbin/service
+
+* Thu Jan 13 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-1
+- sedispatch: check read_size
+- SafeConfigParser is deprecated and will be dropped
+- Fix typos in --help, man pages and developer's guide
+- Update translations
+
+* Tue Jul 27 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-5
+- Improve sedispatch performance
+- Improve Python 3.10 compatibility
+  https://pagure.io/setroubleshoot/issue/58
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.26-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jul  2 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-3
+- Fix file mode of email_alert_recipients
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 3.3.26-2
+- Rebuilt for Python 3.10
+
+* Thu Apr 15 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-1
+- Fix plugin exception reporting
+- Update translations
+- Stop SetroubleshootFixit after 10 seconds of inactivity
+- Do not use Python slip package
+
+* Wed Mar 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.25-1
+- Use Python dasbus instead of pydbus
+- Optimize get_rpm_nvr_by_type by adding a cache
+- Update translations
+
+* Tue Feb 02 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
+- sealert: exit on any connection close
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.24-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Jan 16 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-2
+- framework/util: optimize get_rpm_nvr_by_type by adding a cache
+- Stop building seappletlegacy
+
 * Tue Oct 13 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.24-1
  - Add 'fur' into shipped locales
  - Update translations

setroubleshoot.sysusers

@@ -0,0 +1 @@
+u setroubleshoot - "SELinux troubleshoot server" /var/lib/setroubleshoot

setroubleshoot.tmpfiles

@@ -1 +1,2 @@
 d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
+Z /var/lib/setroubleshoot - setroubleshoot setroubleshoot -

sources

@@ -1 +1 @@
-SHA512 (setroubleshoot-3.3.24.tar.gz) = ba96206fe135a719b685c825a69ebf7f9f6d99c6a24fb135763da9cee5ad14b1afdca5da1465374d327eb51ff830727a20b79ec51902e50f2e790661c63c0a0d
+SHA512 (setroubleshoot-3.3.31.tar.gz) = e3ab60a81c851e1a68b43e6e08b6901caa2c507318ccb24992d24cca785cd3fbbb9e3d94b51f214a42ee3aba200d6d92eefaf38b71251794489a51844913ed64

tests/Regression/Report-bugs-on-corresponding-components/main.fmf

@@ -0,0 +1,19 @@
+summary: Test for BZ#1811644 (Let setroubleshoot to report bugs on components)
+contact: Vit Mojzis <vmojzis@redhat.com>
+component:
+  - setroubleshoot
+test: ./runtest.sh
+framework: beakerlib
+recommend:
+  - setroubleshoot-server
+  - flatpak-selinux
+  - tpm2-abrmd-selinux
+  - container-selinux
+  - usbguard-selinux
+  - mysql-selinux
+  - fapolicyd-selinux
+duration: 5m
+link:
+  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1811644
+extra-summary: /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components
+extra-task: /CoreOS/setroubleshoot/Regression/Report-bugs-on-corresponding-components

tests/Regression/Report-bugs-on-corresponding-components/runtest.sh

@@ -26,7 +26,6 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 # Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 
 PACKAGE="setroubleshoot"

tests/Regression/no-plugin-exception-during-analyses/main.fmf

@@ -0,0 +1,15 @@
+summary: Does setroubleshoot report any 'Plugin Exception' during analyses?
+contact: Petr Lautrbach <plautrba@redhat.com>
+component:
+  - setroubleshoot
+test: ./runtest.sh
+framework: beakerlib
+recommend:
+  - setroubleshoot-server
+environment:
+    AVC_ERROR: +no_avc_check
+duration: 5m
+link:
+  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1784564
+extra-summary: /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses
+extra-task: /CoreOS/setroubleshoot/Regression/no-plugin-exception-during-analyses

tests/Regression/no-plugin-exception-during-analyses/runtest.sh

@@ -27,7 +27,6 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 # Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 
 PACKAGE="setroubleshoot"

tests/Regression/sealert-s-traceback-invalid-display/main.fmf

@@ -0,0 +1,13 @@
+summary: Test for traceback when using sealert -s with display set to invalid value
+contact: Vit Mojzis <vmojzis@redhat.com>
+component:
+  - setroubleshoot
+test: ./runtest.sh
+framework: beakerlib
+recommend:
+  - setroubleshoot
+duration: 5m
+link:
+  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1574434
+extra-summary: /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display
+extra-task: /CoreOS/setroubleshoot/Regression/sealert-s-traceback-invalid-display

tests/Regression/sealert-s-traceback-invalid-display/runtest.sh

@@ -26,7 +26,6 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 # Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 
 PACKAGE="setroubleshoot-server"

tests/Sanity/public_content/main.fmf

@@ -0,0 +1,24 @@
+summary: Does the plugin work as expected?
+description: |+
+    Does the plugin work as expected?
+
+    Default value of ANALYSIS_DELAY can be overriden.
+
+contact: Milos Malik <mmalik@redhat.com>
+component:
+  - setroubleshoot-plugins
+test: ./runtest.sh
+framework: beakerlib
+recommend:
+  - setroubleshoot-plugins
+  - setroubleshoot-server
+  - audit
+  - setools-console
+  - psmisc
+  - libselinux-utils
+  - rsyslog
+environment:
+    AVC_ERROR: +no_avc_check
+duration: 10m
+extra-summary: /CoreOS/setroubleshoot-plugins/Sanity/public_content
+extra-task: /CoreOS/setroubleshoot-plugins/Sanity/public_content

tests/Sanity/public_content/runtest.sh

@@ -27,7 +27,6 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 # Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 
 PACKAGE="setroubleshoot-plugins"
@@ -69,8 +68,8 @@ rlJournalStart
         rlRun "sleep ${ANALYSIS_DELAY}"
         rlRun "ps -efZ | grep setroubleshootd" 0,1
         rlRun "sealert -l '*' > ${AFTER}" 0-3
-        rlRun "ausearch -m avc -m selinux_err -i -ts recent | grep 'read.*ls.*test-dir.*:rsync_t:.*:samba_share_t:.*tclass=dir'"
+        rlRun "ausearch -m avc -m selinux_err -i -ts recent --input-logs | grep 'read.*ls.*test-dir.*:rsync_t:.*:samba_share_t:.*tclass=dir'"
-        rlRun "ausearch -m avc -m selinux_err -i -ts recent | grep 'read.*cat.*test-file.*:rsync_t:.*:samba_share_t:.*tclass=file'"
+        rlRun "ausearch -m avc -m selinux_err -i -ts recent --input-logs | grep 'read.*cat.*test-file.*:rsync_t:.*:samba_share_t:.*tclass=file'"
         rlRun "diff ${BEFORE} ${AFTER} | grep \"Plugin.*suggests\""
         rlRun "diff ${BEFORE} ${AFTER} | grep \"Plugin ${PLUGIN_NAME} .*suggests\""
         rlRun "diff /var/log/messages ./messages | grep -i -e 'setroubleshoot.*exception' -e 'no such file or directory'" 1

tests/tests.yml

@@ -1,19 +0,0 @@
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    tests:
-    - Regression/embedded-null-byte-in-audit-records
-    - Regression/no-plugin-exception-during-analyses
-    - Regression/sealert-s-traceback-invalid-display
-    - Regression/Report-bugs-on-corresponding-components
-    - Sanity/public_content
-    required_packages:
-    - setroubleshoot-server
-    - setroubleshoot-plugins
-    - audit
-    - setools-console
-    - psmisc
-    - libselinux-utils
-    - rsyslog