dist-git conversion

.cvsignore

@@ -1 +0,0 @@
-setroubleshoot-1.9.5.tar.gz

.gitignore

@@ -0,0 +1 @@
+setroubleshoot-1.10.6.tar.gz

Makefile

@@ -1,6 +0,0 @@
-# Makefile for source rpm: setroubleshoot
-# $Id$
-NAME := setroubleshoot
-SPECFILE = $(firstword $(wildcard *.spec))
-
-include ../common/Makefile.common

setroubleshoot-autogen.patch

@@ -1,90 +0,0 @@
-diff -r -u setroubleshoot-1.9.4/src/config.py setroubleshoot-1.9.4.good/src/config.py
---- setroubleshoot-1.9.4/src/config.py	2007-03-19 14:56:59.000000000 -0400
-+++ setroubleshoot-1.9.4.good/src/config.py	2007-05-07 14:25:12.438028000 -0400
-@@ -32,7 +32,7 @@
- 
- _cfg = None
- 
--CFG_FILE = os.path.join('/usr/local/etc/setroubleshoot', "%s.cfg" % 'setroubleshoot')
-+CFG_FILE = os.path.join('/etc/setroubleshoot', "%s.cfg" % 'setroubleshoot')
- 
- LOG_CATEGORIES = ['rpc','xml','cfg','alert','sig','plugin','avc',
- 	          'email','gui', 'gui_data', 'program','database','server','dbus',
-@@ -41,7 +41,7 @@
- defaults = {
- 'general' : {
-     'pid_file' : {
--        'value'       : '/usr/local/var/run/setroubleshootd.pid',
-+        'value'       : '/var/run/setroubleshootd.pid',
-         'description' : '',
-         'readOnly'    : False,
-     },
-@@ -65,12 +65,12 @@
-         'readOnly'    : True,
-     },
-     'data_dir' : {
--        'value'       : '/usr/local/share/setroubleshoot',
-+        'value'       : '/usr/share/setroubleshoot',
-         'description' : '',
-         'readOnly'    : True,
-     },
-     'config_dir' : {
--        'value'       : '/usr/local/etc/setroubleshoot',
-+        'value'       : '/etc/setroubleshoot',
-         'description' : '',
-         'readOnly'    : True,
-     },
-@@ -93,7 +93,7 @@
- },
- 'alert' : {
-     'status_icon' : {
--        'value'       : os.path.join('/usr/local/share/setroubleshoot/gui','setroubleshoot_icon.png'),
-+        'value'       : os.path.join('/usr/share/setroubleshoot/gui','setroubleshoot_icon.png'),
-         'description' : '',
-         'readOnly'    : True,
-     },
-@@ -104,7 +104,7 @@
- },
- 'plugins' : {
-     'plugin_dir' : {
--        'value'       : '/usr/local/share/setroubleshoot/plugins',
-+        'value'       : '/usr/share/setroubleshoot/plugins',
-         'description' : '',
-     },
- },
-@@ -127,7 +127,7 @@
- },
- 'database' : {
-     'database_dir' : {
--        'value'       : '/usr/local/var/lib/setroubleshoot',
-+        'value'       : '/var/lib/setroubleshoot',
-         'description' : '',
-     },
-     'filename' : {
-@@ -141,7 +141,7 @@
-         'description' : '',
-     },
-     'path' : {
--        'value'       : os.path.join('/usr/local/var/run/setroubleshoot','setroubleshoot_server'),
-+        'value'       : os.path.join('/var/run/setroubleshoot','setroubleshoot_server'),
-         'description' : '',
-         'readOnly'    : False,
-     },
-@@ -203,7 +203,7 @@
- The list of available categories is: [%s]''' % ', '.join(LOG_CATEGORIES),
-     },
-     'filename' : {
--        'value'       : '/usr/local/var/log/setroubleshoot/setroubleshootd.log',
-+        'value'       : '/var/log/setroubleshoot/setroubleshootd.log',
-         'description' : '',
-     },
-     'filemode' : {
-@@ -301,7 +301,7 @@
-         'description' : 'The Subject: email header',
-     },
-     'recipients_filepath' : {
--        'value'       : os.path.join('/usr/local/var/lib/setroubleshoot', 'email_alert_recipients'),
-+        'value'       : os.path.join('/var/lib/setroubleshoot', 'email_alert_recipients'),
-         'description' : 'Path name of file with email recipients. One address per line, optionally followed by enable flag. Comment character is #. '
-     },
- },

setroubleshoot.init

@@ -9,22 +9,49 @@
 # config: /etc/setroubleshoot/setroubleshoot.cfg
 # pidfile: /var/run/setroubleshoot.pid
 #
+
+### BEGIN INIT INFO
+# Provides: lsb-setroubleshootd
+# Required-Start: $local_fs $syslog $network $named
+# Required-Stop: $local_fs $syslog $network $named
+# Default-Start:  3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start and stop SELinux Troubleshooting Daemon
+# Description: controls operation of the SELinux Troubleshooting Daemon
+#	(setroubleshootd) which listens for SELinux AVC denial messages
+#	analyzes it and provides a friendly interpretation.
+### END INIT INFO
+
 # Return values according to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
+# 0	success
+# 1	generic or unspecified error (current practice)
+# 2	invalid or excess argument(s)
+# 3	unimplemented feature (for example, "reload")
+# 4	user had insufficient privilege
+# 5	program is not installed
+# 6	program is not configured
+# 7	program is not running
+
+# Command argument
+# start		start the service
+# stop		stop the service
+# restart	stop and restart the service if the service is already running, otherwise start the service
+# try-restart	restart the service if the service is already running
+# reload	cause the configuration of the service to be reloaded without actually stopping and restarting the service
+# force-reload	cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running
+# status	print the current status of the service
+
+# start, stop, restart, force-reload, and status actions must be supported
+# reload and the try-restart actions are optional.
+# the init script.
+
+
 
 PATH=/sbin:/bin:/usr/bin:/usr/sbin
 
 # Source function library.
 . /etc/init.d/functions
 
-
 # Silently exit is SELinux is not enabled
 [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1
 
@@ -44,6 +71,9 @@ start(){
     if test $RETVAL = 0 ; then
         touch /var/lock/subsys/$prog
     fi
+    if test $RETVAL = 3 ; then
+	echo -n $"Cannot start $prog: SELinux not enabled"
+    fi
     return $RETVAL
 }
 
@@ -99,17 +129,17 @@ case "$1" in
     restart)
 	restart
 	;;
-    reload)
+    force-reload|reload)
 	reload
 	;;
-    condrestart)
+    try-restart|condrestart)
 	condrestart
 	;;
     cleardb)
 	cleardb
 	;;
     *)
-	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|cleardb}"
+	echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb}"
 	RETVAL=3
 esac
 

setroubleshoot.spec

@@ -1,37 +1,45 @@
 Summary: Helps troubleshoot SELinux problems
 Name: setroubleshoot
-Version: 1.9.4
-Release: 2%{?dist}
-License: GPL
+Version: 1.10.6
+Release: 1%{?dist}
+License: GPLv2+
 Group: Applications/System
-URL: http://www.redhat.com/ 
+URL: https://hosted.fedoraproject.org/projects/setroubleshoot
 Source0: %{name}-%{version}.tar.gz
 Source1: setroubleshoot.init
 Source2: setroubleshoot.logrotate
-Patch0: setroubleshoot-autogen.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
 BuildRequires: perl-XML-Parser
 Requires: %{name}-server = %{version}-%{release} 
+Requires: %{name}-plugins
 Requires: pygtk2 >= 2.9.2
 Requires: gnome-python2, gnome-python2-canvas 
-Requires: usermode, rhpl
 BuildRequires: desktop-file-utils
 Requires: gnome-python2-gtkhtml2
+Requires: dbus
+Requires: dbus-python
+Requires: libxml2-python
 Requires(post):   /usr/bin/update-desktop-database
+Requires(post):   dbus
 Requires(postun): /usr/bin/update-desktop-database
+Requires(postun): dbus
 Requires: notify-python
+%{?fc7:Requires: selinux-policy-base >= 2.6.4-45 }
+%{?fc8:Requires: selinux-policy-base >= 3.0.7-10 }
 
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 
 %define pkgpythondir  %{python_sitelib}/%{name}
 %define pkgdocdir     %{_datadir}/doc/%{name}-%{version}
+%define pkgguidir     %{_datadir}/%{name}/gui
 %define pkgdatadir    %{_datadir}/%{name}
 %define pkglibexecdir %{_prefix}/libexec/%{name}
 %define pkgvardatadir %{_localstatedir}/lib/%{name}
 %define pkgrundir     %{_localstatedir}/run/%{name}
 %define pkgconfigdir  %{_sysconfdir}/%{name}
 %define pkglogdir     %{_localstatedir}/log/%{name}
+%define pkgdatabase   %{pkgvardatadir}/audit_listener_database.xml
 
 %description
 setroubleshoot gui. Application that allows you to view setroubleshoot-server 
@@ -42,18 +50,21 @@ about the problem and help track its resolution. Alerts can be configured
 to user preference. The same tools can be run on existing log files.
 
 %files
+%{pkgguidir}
 %{_sysconfdir}/xdg/autostart/*
 %{_datadir}/applications/*.desktop
 %{_datadir}/dbus-1/services/sealert.service
 %{_datadir}/icons/hicolor
+%dir %attr(0755,root,root) %{pkgpythondir}
 %{pkgpythondir}/browser.py*
-%{pkgpythondir}/gui_utils.py*
 %{pkgpythondir}/email_dialog.py*
+%{pkgpythondir}/gui_utils.py*
 
 %post
 /usr/bin/update-desktop-database %{_datadir}/applications
 touch --no-create %{_datadir}/icons/hicolor || :
 %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || :
+dbus-send --system /com/redhat/setroubleshootd com.redhat.SEtroubleshootdIface.restart string:'rpm install' >/dev/null 2>&1 || :
 
 %postun
 /usr/bin/update-desktop-database %{_datadir}/applications
@@ -62,7 +73,6 @@ touch --no-create %{_datadir}/icons/hicolor || :
 
 %prep
 %setup -q
-%patch0 -p1 -b .autogen
 
 %build
 %configure
@@ -73,7 +83,8 @@ rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 %{__install} -D -m755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/%{name}
 %{__install} -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
-touch %{buildroot}%{pkgvardatadir}/audit_listener_database.xml
+desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop
+touch %{buildroot}%{pkgdatabase}
 touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
 %find_lang %{name}
 
@@ -81,9 +92,16 @@ touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
 Summary: SELinux troubleshoot server
 Group: Applications/System
 
+Requires: %{name}-plugins
 Requires: audit >= 1.2.6-3
 Requires: audit-libs-python >= 1.2.6-3
 Requires: libselinux >= 1.30.15-1
+Requires: pygobject2
+Requires: dbus-python
+Requires: libxml2-python
+Requires: libselinux-python
+Requires: audit-libs-python
+Requires: libuser
 
 BuildRequires: intltool gettext python
 
@@ -100,7 +118,10 @@ about the problem and help track its resolution. Alerts can be configured
 to user preference. The same tools can be run on existing log files.
 
 %post server
-[ -f %{pkgvardatadir}/database.xml ] && chmod 644 %{pkgvardatadir}/database.xml
+if [ -f %{pkgdatabase} ]; then
+    chown root:root %{pkgdatabase} >/dev/null 2>&1 || :
+    chmod 600 %{pkgdatabase} >/dev/null 2>&1 || :
+fi
 /sbin/chkconfig --add %{name}
 /sbin/service %{name} condrestart >/dev/null 2>&1 || :
 
@@ -122,10 +143,12 @@ rm -rf %{buildroot}
 %{_bindir}/*
 %{_sbindir}/*
 %dir %attr(0755,root,root) %{pkgconfigdir}
+%dir %attr(0755,root,root) %{pkgpythondir}
 %{pkgpythondir}/Plugin.py*
 %{pkgpythondir}/__init__.py*
 %{pkgpythondir}/access_control.py*
 %{pkgpythondir}/analyze.py*
+%{pkgpythondir}/audit_data.py*
 %{pkgpythondir}/avc_audit.py*
 %{pkgpythondir}/config.py*
 %{pkgpythondir}/email_alert.py*
@@ -141,17 +164,182 @@ rm -rf %{buildroot}
 %config %{pkgconfigdir}/%{name}.cfg
 %dir %{pkglogdir}
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%config %{_sysconfdir}/dbus-1/system.d/setroubleshootd.conf
 %dir %{pkgrundir}
 %dir %{pkgvardatadir}
-%ghost %attr(0644,root,root) %{pkgvardatadir}/audit_listener_database.xml
+%ghost %attr(0600,root,root) %{pkgdatabase}
 %ghost %attr(0644,root,root) %{pkgvardatadir}/email_alert_recipients
 %{_mandir}/man8/sealert.8.gz
-
-/etc/rc.d/init.d/%{name}
+%attr(0755,root,root) /etc/rc.d/init.d/%{name}
 
 %changelog
-* Mon May  7 2007 John Dennis <jdennis@redhat.com> - 1.9.4-2
-	- Resolves bug# 233760, fix autogen problem resulting in /usr/local prefix
+* Wed Sep 26 2007 John Dennis <jdennis@redhat.com> - 1.10.6-1
+	- make selinx-policy requires in spec file specific to dist tag
+
+* Mon Sep 24 2007 John Dennis <jdennis@redhat.com> - 1.10.5-1
+	- update code for command line log file scanning to work with
+	  new log file scanning code introduced for the browser.
+
+	- update Bulgarian translation (Doncho N. Gunchev (gunchev@gmail.com))
+
+	- update Polish translation (Piotr Drąg (raven@pmail.pl))
+
+	- Resolves bug #239893: sealert wakes up very often
+	  This was caused by the use of threads and pygtk's thread signal
+	  handling.  The only use of threads in sealert was for log file
+	  scanning so that the UI would remain responsive during a
+	  scan. Threads in sealert have now been completely
+	  removed. Instead the scanning work is performed in a gobject idle
+	  function called from the main loop. The idle function is written
+	  as a python generator function which allows for the function to
+	  perform a small amount of work, save it's execution state and
+	  return. The next time the idle function is called from the main
+	  loop it resumes execution from it's last state until it decides
+	  to yield control again. This way the long running scan/analysis
+	  can be performed in small successive units of work during the
+	  time the application is otherwise idle and it does not interfere
+	  with the rest of the GUI event processing. Everything now occurs
+	  in an event loop, think of it as the applications process/thread
+	  scheduler whose event handlers execute time slices.
+
+	- rewrote parts of the audit input pipeline to use generators
+	  instead of callbacks, thus permitting the logfile scanning code
+	  to yield control with more granularity. Also updated
+	  test_setroubleshootd and audisp_listen to use the new
+	  generator/yield logic.
+
+	- rewrote the dialog used for scanning log files, progress bar
+	  updates are now in the dialog, the scan can be terminated part
+	  way through, errors from the scan are reported in pop-up dialog,
+	  one can only dismiss the dialog with success if the scan had
+	  been successfully run to completion, otherwise the user is only
+	  left with the option to cancel.
+
+	- Relates bug #252035  bug #247469, setroubleshootd and sealert should
+	  exit if SELinux is disabled.
+
+	- add utility functions escape_html() and unescape_html()
+
+	- fix initial sort order in browser, track sort order in browser
+
+	- modify AVC.get_path() to only return a value if the 'path' field is
+	  set, formerly it also considered the fields 'name' & 'file' which were
+	  incorrect. get_path() now also looks to see if the string begins with a
+	  slash for a fully qualified path, if not it looks to see if its a 
+	  pseudo path such as 'pipe[12345]' or 'socket[12345]' and if so strips out
+	  the instance information inside the brackets and returns just the type of 
+	  the pseudo path. This is done because we do not want path information
+	  in the signature to be unique for each instance of the denial.
+
+	- modify the TimeStamp class to hide it's internal datetime member,
+	  remove the cmp() method, the internal __cmp__ will be automatically invoked.
+
+	- require selinux policy version in spec file to allow system dbus use
+	
+	- Resolves bug #256601: audit2allow generates incorrect syntax when comma "," in
+	  denied list
+
+	- update po i18n files
+
+	- Add support for pruning database by age and size
+
+
+* Sat Sep  8 2007 John Dennis <jdennis@redhat.com> - 1.10.4-1
+	- fix init script
+
+* Sat Sep  8 2007 John Dennis <jdennis@redhat.com> - 1.10.3-1
+	- modify avc_audit.py to use new audit_data.py implementation
+
+	- can listen for audit events on either /var/run/audit_events
+	  in bindary protocol mode or /var/run/audisp_events in
+	  text protocol mode
+
+* Thu Sep  6 2007 John Dennis <jdennis@redhat.com> - 1.10.2-1
+	- remove all copied code from test_setroubleshootd, now we import
+	  from setroubleshoot
+	
+	- export ClientConnectionHandler from rpc.py as a base class.
+	  Derive SetroubleshootdClientConnectionHandler and
+	  AuditClientConnectionHandler from ClientConnectionHandler.
+
+	- add audisp_listen as test program
+
+	- create setroubleshoot sym link in top devel directory pointing
+	  to src so import setroubleshoot.foo if PYTHONPATH=topdir
+
+	- add get_option, convert_cfg_type to config.py.in so that one
+	  can pass optional dict to override config file settings
+
+	- rewrite log_init() so it's easier for other programs to use it,
+	  fix the import logic concering log & config
+
+	- remove log code from test_setroubleshoot, now just does import
+	  from setroubleshoot.
+	
+	- test_setroubleshootd can now handle audit records in both text
+	  and binary formats, can be selected by command line arg. It can now
+	  either output to clients connecting on a socket or to stdout. Can
+	  now optionally exit after N socket client connections.
+
+	- remove non audit record lines from test data
+
+	- remove config_init() and log_init() from package __init__.py
+	  It was the wrong place to call them, now call them when the
+	  process initializes before the first setroubleshoot imports
+
+	- add parse_config_setting() and set_config() to config module
+	- setroubleshootd now accepts -c --config command line arg
+	- test_sectroubleshoot: add err defines & program_error exception
+	  add is_valid() tests to assure we read a valid audit record
+	  log the unrecognized line if not valid, clean up socket close()
+
+	- Relates Bug #247056, update initscript to LSB standards
+	  Note: LSB initscripts in Fedora is not yet a resolved issue,
+	  the changes implemented were to add an LSB block and support
+	  the new LSB try-restart and force-reload commands. However
+	  the new /lib/lsb/init-functions are NOT currently used as this
+	  is the unstable part.
+
+* Thu Aug 23 2007 John Dennis <jdennis@redhat.com> - 1.10.1-1
+	- add BuildRequires perl-XML-Parser
+
+* Thu Aug 23 2007 John Dennis <jdennis@redhat.com> - 1.10.0-1
+
+	- move all plugins and their translations to independent package
+	- wrap XML generation inside try/except
+	- correct how access list is obtained in avc_auparse.py
+	- add try/except around top level of AnalyzeThread.run so exceptions
+	  in the thread get reported and the analysis thread does not just die.
+	- also add try/except around LogfileThread.process_logfile
+	- add new function assure_file_ownership_permissions()
+	- server now forces it's database file permissions/ownership to be 0600 root:root
+	- rpm now forces the server's database file permissions/ownership to be 0600 root:root
+	- Resolves Bug #251545: Review Request: setroubleshoot-plugins - analysis plugins for setroubleshoot
+	- clean up some other rpmlint warnings in setroubleshoot.spec
+	- fix missing install of setroubleshoot icon and sym link to it
+	- Resolves Bug #251551, setroubleshoot shows up in in wrong desktop menu
+	  also run desktop-file-install in rpm install
+	- add /etc/dbus-1/system.d/setroubleshootd.conf dbus configuration file
+	- Resolves Bug #250979, Bug #250932 Missing dependencies
+	- Restore plugins/Makefile.am which got nuked somehow
+	- remove dus.dbus_bindings.bus_name_has_owner(), deprecated as of F7
+	- wrap rpm transactions in try/except
+
+* Tue Jun 12 2007 John Dennis <jdennis@redhat.com> - 1.9.7-1
+	- Resolves Bug# 241739, this bug is the lead bug for several bug reports,
+	  all consequences of the same problem, setroubleshootd/sealert when run
+	  in a non latin language environment because of incompatibilities in
+	  i18n encoding between components.
+
+* Wed May 30 2007 John Dennis <jdennis@redhat.com> - 1.9.6-1
+	- add avc_auparse.py, now has option to use audit parsing library instead of
+	  built-in audit parsing.
+	- fix bug in log file scanning and detail display update
+	- Resolves Bug# 238516, python pkg directory not owned
+
+* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 1.9.5-1
+	- Update translations
+	- Fix mislabeled file
 
 * Mon Mar 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.9.4-1
 	- Remove disable_trans boolean
@@ -695,7 +883,7 @@ it has already been seen
 	- fix allow_execmod plugin to report better data.
 
 * Mon Jun 26 2006 John Dennis <jdennis@redhat.com> - 0.3-1
-	- add missing /var/log directory %files section in spec file,
+	- add missing /var/log directory files section in spec file,
 	  and add logrotate script
 
 * Mon Jun 26 2006 John Dennis <jdennis@redhat.com> - 0.2-1

sources

@@ -1 +1 @@
-dcbe7f3db18ec3f30583897b562b5cb8  setroubleshoot-1.9.4.tar.gz
+3189248dedf6ff67a4a79ce61172b56b  setroubleshoot-1.10.6.tar.gz