Sync from SUSE:SLFO:Main setools revision 4187695d4e042c9ba340c8596f3f83cd

This commit is contained in:
Adrian Schröter 2024-05-04 00:35:06 +02:00
commit 8845214ec4
6 changed files with 530 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

2
README.SUSE Normal file
View File

@ -0,0 +1,2 @@
Additional functionality for these tools can be gained by installing python3-networkx. This pulls in many dependencies and is
not needed for most people, therefor it's not required or recommended due to the size of the required dependencies

7
_service Normal file
View File

@ -0,0 +1,7 @@
<services>
<service name="download_files" mode="manual">
<param name="changesgenerate">enable</param>
</service>
<service name="format_spec_file" mode="manual">
</service>
</services>

BIN
setools-4.4.3.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

344
setools.changes Normal file
View File

@ -0,0 +1,344 @@
-------------------------------------------------------------------
Tue Aug 1 10:27:36 UTC 2023 - Filippo Bonazzi <filippo.bonazzi@suse.com>
- Update to version 4.4.3:
* Fix compilation with Cython 3.0.0.
* Improve man pages.
* Remove neverallow options in sediff.
* Add -r option to seinfoflow to get flows into the source type.
* Reject a rule with no permissions as invalid policy.
-------------------------------------------------------------------
Fri Jul 14 04:58:38 UTC 2023 - Shung-Hsi Yu <shung-hsi.yu@suse.com>
- Add python3-setuptools as a runtime requirement of python3-setools
(boo#1213305)
-------------------------------------------------------------------
Wed Apr 26 11:17:30 UTC 2023 - Filippo Bonazzi <filippo.bonazzi@suse.com>
- Update to version 4.4.2:
* Make NetworkX optional. sedta and seinfoflow tools, along with the
equivalent analyses in apol require NetworkX.
* Remove neverallow options in sesearch and apol. These are not usable
since they are removed in the final binary policy.
- Drop make_networkx_optional.patch, now merged upstream
-------------------------------------------------------------------
Mon Feb 6 16:08:00 UTC 2023 - Filippo Bonazzi <filippo.bonazzi@suse.com>
- Update to version 4.4.1:
* Replace deprecated NetworkX function use in information flow and domain
transition analysis. This function was removed in NetworkX 3.0.
* Fix bug in apol copy and cut functions when copying from a tree view.
* Fix bug with extended permission set construction when a range includes
0x0.
* Add sesearch -Sp option for permission subset match.
* Fix error in man page description for sesearch -ep option.
* Improve output stability in constraint, common, class, role, and user
queries.
* Updated permission map.
* Fix bug in sechecker parsing of multiline values.
* Other code cleanups not visible to users.
-------------------------------------------------------------------
Fri Sep 2 09:24:56 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Added README.SUSE and drop recommend for python3-networkx altogether
(bsc#1202676)
-------------------------------------------------------------------
Tue Feb 22 09:13:19 UTC 2022 - Shung-Hsi Yu <shung-hsi.yu@suse.com>
- Add make_networkx_optional.patch to cut down installation requirements
- Change python3-networkx from require into recommend
-------------------------------------------------------------------
Tue Jun 8 11:10:02 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix dependency of python3-setools: require python3, not python
(which is python2).
-------------------------------------------------------------------
Tue Mar 9 09:24:10 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to the version 4.4.0:
* Added support for old Boolean name substitution in seinfo and sesearch.
* Added sechecker tool which is a configuration file driven analysis tool.
-------------------------------------------------------------------
Tue Nov 3 17:56:44 UTC 2020 - Benjamin Greiner <code@bnavigator.de>
- Stay on a single python3 flavor even if there are more than one
gh#openSUSE/python-rpm-macros#73
-------------------------------------------------------------------
Wed Oct 21 07:29:51 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Cleanup BuildRequires
- Fix setools-gui dependencies, we are using python-qt5 and not
tcl/tk
-------------------------------------------------------------------
Wed Jul 29 18:16:13 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- python3-setools needs python3-networkx
-------------------------------------------------------------------
Fri Apr 3 08:45:25 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to the upstream version 4.3.0:
* Revised sediff method for TE rules. This drastically reduced memory
and run time.
* Added infiniband context support to seinfo, sediff, and apol.
* Added apol configuration for location of Qt assistant.
* Fixed sediff issue where properties header would display when not
requested.
* Fixed sediff issue with type_transition file name comparison.
* Fixed permission map socket sendto information flow direction.
* Added methods to TypeAttribute class to make it a complete Python
collection.
* Genfscon now will look up classes rather than using fixed values
which were dropped from libsepol
- Dropped python3.8-compat.patch
-------------------------------------------------------------------
Thu Oct 31 12:02:30 CET 2019 - Matej Cepl <mcepl@suse.com>
- Add python3.8-compat.patch to allow build with Python 3.8
Still doesn't work though because of gh#SELinuxProject/setools#31
-------------------------------------------------------------------
Thu Oct 31 09:38:27 CET 2019 - Matej Cepl <mcepl@suse.com>
- Update to the upstream version 4.2.2:
- Remove source policy references from man pages, as loading
source policies is no longer supported.
- Fixed a performance regression in alias loading after alias
dereferencing fixes in 4.2.1.
-------------------------------------------------------------------
Tue Feb 5 08:01:41 UTC 2019 - jsegitz@suse.com
- Update to 4.2.1
* Set SIGPIPE handler for CLI tools.
* Fixed alias dereferencing in TypeQuery and type, category, and
sensitivity lookups.
* Fixed sediff bug for rendering modified nodecons.
* Fixed devicetreecon count output.
* Fixed policy target platform check.
* Fixed bug in creating permission set intersection in apol.
- Provide python-setools
-------------------------------------------------------------------
Fri Dec 7 15:10:14 UTC 2018 - jsegitz@suse.com
- Changed requires of console subpackage to python3-setools
-------------------------------------------------------------------
Wed Nov 21 14:17:32 UTC 2018 - jsegitz@suse.com
- Upgrade to 4.2.0
* Support for Python 2.7 was dropped
* Symbol names are now available as the name attribute (e.g. Boolean.name, Type.name, etc.)
* Move constraint expression to its own class.
* Made Conditional.evaluate() more useful and added BaseTERule.enabled() method to determine if a rule is enabled..
* Added support for SCTP portcons
* Updated permission maps
- Dropped warning.patch
- Single spec, limited to python3. Obsoletes python-setools, provides
python3-setools
-------------------------------------------------------------------
Mon Jun 11 08:14:26 UTC 2018 - jsegitz@suse.com
- Added warning.patch in former change to prevent warnings from
stopping the build
-------------------------------------------------------------------
Wed May 16 07:28:39 UTC 2018 - mcepl@suse.com
- Upgrade to 4.1.1
-------------------------------------------------------------------
Wed Dec 20 12:23:39 UTC 2017 - jsegitz@suse.com
- Update to version 4.0.1. SETools was reimplemented in Python.
- Doesn't build
* setools-libs
* setools-java
* setools-tcl
* setools-devel
anymore since the files are not povided anymore
- Dropped
* add-to-header-define_cond_filename_trans.patch
* implicit-fortify-decl.patch
* setools-3.3.5-javacflags.patch
* setools-3.3.5-nonvoid.patch
* setools-3.3.5-strcmp.patch
* setools-am121.patch
* setools-libsepol.patch
* setools-setup_py-prefix.patch
* setools-swig-2.0.7.patch
* setools-swig-2x.patch
* setools-tclass.patch
-------------------------------------------------------------------
Sat Sep 30 07:54:34 UTC 2017 - coolo@suse.com
- Move to minimum java target of 1.6, 1.5 is no longer supported
-------------------------------------------------------------------
Mon Jun 26 16:30:02 UTC 2017 - jsegitz@suse.com
- Added implicit-fortify-decl.patch to prevent warnings about implicit
declarations
-------------------------------------------------------------------
Thu Aug 25 15:42:18 UTC 2016 - jsegitz@novell.com
- Deleted setools-3.3.7-libselinux-2.3.patch, we have a
current libselinux now
-------------------------------------------------------------------
Mon Jul 18 10:41:14 UTC 2016 - jsegitz@novell.com
- Patch to work with current libsepol, libselinux
Added: setools-tclass.patch
-------------------------------------------------------------------
Mon Mar 23 02:32:05 UTC 2015 - p.drouand@gmail.com
- Update to version 3.3.8
* Fix bug preventing seaudit from starting
* Add python bindings for seinfo and sesearch
* seinfo exits with an error status
* Support for named file transition rules
* Add support for default types in sesearch
* Man page updates for seinfo, seaudit, and sediff
* Fix file type drop down list for open/close Apol query
* Fix compile errors on new parameter in libsepol role_set_expand().
- Update home project and download Urls
- Remove merged patches
* setools-python.patch
* 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
* 0006-Changes-to-support-named-file_trans-rules.patch
* 0007-Remove-unused-variables.patch
- Update setools-3.3.6-libsepol.patch > setools-libsepol.patch
- Remove redundant %clean section
-------------------------------------------------------------------
Mon May 26 20:47:23 CEST 2014 - ro@suse.de
- add patch: setools-3.3.7-libselinux-2.3.patch
fix build with libselinux-2.3
-------------------------------------------------------------------
Fri Oct 11 15:36:20 UTC 2013 - vcizek@suse.com
- don't fail if there are no never-allow rules in the policy
- remove dangling symlink /usr/bin/seaudit (bnc#812285)
* added 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
-------------------------------------------------------------------
Fri Sep 13 09:16:43 UTC 2013 - pgajdos@suse.com
- javapackages-tools in buildrequires
-------------------------------------------------------------------
Tue Mar 12 14:02:59 UTC 2013 - vcizek@suse.com
- added patches:
* 0006-Changes-to-support-named-file_trans-rules.patch
* 0007-Remove-unused-variables.patch
- these two add support for named file trans rules
* add-to-header-define_cond_filename_trans.patch
- add missing define_cond_filename_trans() declaration
-------------------------------------------------------------------
Thu Oct 25 11:20:26 UTC 2012 - coolo@suse.com
- add explicit buildrequire on libbz2-devel
-------------------------------------------------------------------
Tue Aug 28 15:35:33 UTC 2012 - idonmez@suse.com
- Add setools-3.3.6-libsepol.patch to fix compilation with new
libsepol
-------------------------------------------------------------------
Sun Aug 5 15:44:47 UTC 2012 - meissner@suse.com
- updated to version 3.3.7
- removed 2 upstream patches
-------------------------------------------------------------------
Tue Jul 3 09:13:03 UTC 2012 - coolo@suse.com
- add setools-am121.patch to fix build with automake 1.12.1
-------------------------------------------------------------------
Thu Jun 14 12:01:51 CEST 2012 - mls@suse.de
- fix build with swig-2.0.7 (untested, though)
-------------------------------------------------------------------
Mon Feb 13 10:56:00 UTC 2012 - coolo@suse.com
- patch license to follow spdx.org standard
-------------------------------------------------------------------
Wed Nov 23 09:26:22 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Thu May 26 09:30:05 UTC 2011 - idonmez@novell.com
- Add setools-swig-2x.patch: correctly detect swig 2.x
-------------------------------------------------------------------
Thu Feb 25 15:46:44 UTC 2010 - prusnak@suse.cz
- updated to 3.3.6
-------------------------------------------------------------------
Sat Sep 5 10:51:41 CEST 2009 - dmueller@suse.de
- remove libselinux requires, it does not exist and
autorequires will do the right thing anyway
-------------------------------------------------------------------
Wed Jul 15 13:32:35 CEST 2009 - prusnak@suse.cz
- disable Requires: usermode
-------------------------------------------------------------------
Tue Jun 23 12:30:53 CEST 2009 - prusnak@suse.cz
- require libsepol-devel-static
-------------------------------------------------------------------
Mon Oct 20 16:19:09 CEST 2008 - prusnak@suse.cz
- disable Python for now (weird glibc errors)
-------------------------------------------------------------------
Tue Sep 2 13:41:08 CEST 2008 - prusnak@suse.cz
- updated to 3.3.5
* Fixed errors in libapol's AV and TE rule rendering functions
where errno was not being set properly.
* Fixed error in apol_syn_avrule_render() where braces were
not being added around the target set when there is exactly one
target type and the keyword 'self'. Thanks to Ryan Kagin
for reporting this error.
* Added qpol_type_get_ispermissive(). SETools can now handle
version 23 policy.
-------------------------------------------------------------------
Thu Jul 17 11:46:28 CEST 2008 - prusnak@suse.cz
- initial version 3.3.4
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

151
setools.spec Normal file
View File

@ -0,0 +1,151 @@
#
# spec file for package setools
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# As soon as python38 is introduced as flavor, we need this:
%{?!python3_primary_provider:%define python3_primary_provider %{lua: \
l,c = posix.readlink("/usr/bin/python3") \
flavor = l:gsub("%.", ""):sub(0,-1) \
print(rpm.expand("%{?" .. flavor .. "_prefix}%{!?" .. flavor .. "_prefix:python3}")) \
}}
# Skip every flavor except for the primary_provider
%define pythons %python3_primary_provider
Name: setools
Version: 4.4.3
Release: 0
URL: https://github.com/SELinuxProject/setools
Summary: Policy analysis tools for SELinux
License: GPL-2.0-only
Group: System/Management
Source: https://github.com/SELinuxProject/setools/releases/download/%{version}/%{name}-%{version}.tar.bz2
Source2: README.SUSE
BuildRequires: fdupes
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel
BuildRequires: python-rpm-macros
BuildRequires: python3-Cython
BuildRequires: python3-devel >= 3.4
BuildRequires: python3-setuptools
Requires: setools-console = %{version}-%{release}
Requires: setools-gui = %{version}-%{release}
%description
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This meta-package depends upon the main packages necessary to run
SETools.
%package console
Summary: Policy analysis command-line tools for SELinux
License: GPL-2.0-only
Group: System/Base
Requires: python3-setools = %{version}
%description console
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes the following console tools:
seinfo Provide information about policies
sesearch Tool to query policies
sedta Domain transition analysis tool
seinfoflow Information flow analysis tool
sediff Semantic policy difference tool
%package -n %{python3_primary_provider}-setools
Summary: Python bindings for SELinux policy analysis
License: LGPL-2.0-only
Group: Development/Languages/Python
Requires: python3 >= 3.4
Requires: python3-setuptools
Obsoletes: python-setools < %{version}-%{release}
Provides: python-setools = %{version}-%{release}
%if "%{python3_primary_provider}" != "python3"
Obsoletes: python3-setools < %{version}-%{release}
Provides: python3-setools = %{version}-%{release}
%endif
%description -n %{python3_primary_provider}-setools
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
%package gui
Summary: Policy analysis graphical tools for SELinux
License: GPL-2.0-only
Group: System/Base
Requires: python3-networkx
Requires: python3-qt5
Requires: python3-setools = %{version}
%description gui
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes the following graphical tools:
apol policy analysis tool
%prep
%setup -q -n %{name}
%autopatch -p1
%build
%python_build
%install
%python_install
install -m 644 -D %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE
%fdupes -s %{buildroot}%{python3_sitearch}
%files -n %{python3_primary_provider}-setools
%defattr(-,root,root,-)
%{python3_sitearch}/setools
%{python3_sitearch}/setools-%{version}*-info
%dir %{_docdir}/%{name}/
%{_docdir}/%{name}/*
%files console
%defattr(-,root,root,-)
%{_bindir}/seinfo
%{_bindir}/sesearch
%{_bindir}/sedta
%{_bindir}/seinfoflow
%{_bindir}/sediff
%{_bindir}/sechecker
%{_mandir}/man1/sechecker.1.gz
%{_mandir}/man1/sedta.1.gz
%{_mandir}/man1/seinfoflow.1.gz
%{_mandir}/man1/sediff.1.gz
%{_mandir}/man1/seinfo.1.gz
%{_mandir}/man1/sesearch.1.gz
%{_mandir}/ru/man1/apol.1.gz
%{_mandir}/ru/man1/sediff.1.gz
%{_mandir}/ru/man1/sedta.1.gz
%{_mandir}/ru/man1/seinfo.1.gz
%{_mandir}/ru/man1/seinfoflow.1.gz
%{_mandir}/ru/man1/sesearch.1.gz
%files gui
%defattr(-,root,root,-)
%{python3_sitearch}/setoolsgui
%{_bindir}/apol
%{_mandir}/man1/apol.1.gz
%changelog