From 1bf18c7b286439808d1c7317a7716a83cd36ed33bbb367036d2aeff69652de8e Mon Sep 17 00:00:00 2001 From: Johannes Segitz Date: Thu, 18 Apr 2024 13:51:47 +0000 Subject: [PATCH] Accepting request 1168868 from home:cahu:security:SELinux:policytest2 - Fix build for 15.4 and 15.5: - Minimum required python version is 3.11, so building only for python311 - Remove dependency for networkx: 0001-Make-networkx-optional-again-Fixes-125.patch - Update to version 4.5.0: - User Visible Changes * Add graphical results for information flow analysis and domain transition analysis, available in apol, sedta, and seinfoflow. * Add tooltips, What's This?, and detail popups in apol to help cross-referencing query and analysis results along with context-sensitive help. - Under The Hood Changes * Rework apol to fully generate the UI programmatically. * Update apol to PyQt6 * Replace deprecated uses of pkg_resources and distutils. * Begin adding unit tests for apol UI. - Updated Dependencies SETools now higher minimum versions of the following dependencies: * Python 3.10 * NetworkX 2.6 * PyQt6 * Cython 0.29.14 - New Dependencies * pygraphviz (for seinfoflow, sedta, apol) OBS-URL: https://build.opensuse.org/request/show/1168868 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/setools?expand=0&rev=101 --- ...ke-networkx-optional-again-Fixes-125.patch | 84 +++++++++++++++++++ setools-4.4.4.tar.bz2 | 3 - setools-4.5.0.tar.bz2 | 3 + setools.changes | 31 +++++++ setools.spec | 42 +++++----- 5 files changed, 139 insertions(+), 24 deletions(-) create mode 100644 0001-Make-networkx-optional-again-Fixes-125.patch delete mode 100644 setools-4.4.4.tar.bz2 create mode 100644 setools-4.5.0.tar.bz2 diff --git a/0001-Make-networkx-optional-again-Fixes-125.patch b/0001-Make-networkx-optional-again-Fixes-125.patch new file mode 100644 index 0000000..3fbdfcf --- /dev/null +++ b/0001-Make-networkx-optional-again-Fixes-125.patch @@ -0,0 +1,84 @@ +From b1ec8b7b2abe77e996f8272881f1d0887d09a4d5 Mon Sep 17 00:00:00 2001 +From: Cathy Hu +Date: Thu, 18 Apr 2024 14:31:46 +0200 +Subject: [PATCH] Make networkx optional again (Fixes #125) + +The 5.6.0 update contains a refactoring, which makes the networkx dependency +necessary again for other commands, such as sesearch and seinfo. +This leads to issues when packaging for distributions that do not provide networkx +and want to use setools in a minimal fashion. + +Signed-off-by: Cathy Hu +--- + setools/__init__.py | 13 ++++++++----- + setools/dta.py | 8 ++------ + setools/infoflow.py | 8 ++------ + 3 files changed, 12 insertions(+), 17 deletions(-) + +diff --git a/setools/__init__.py b/setools/__init__.py +index 1efd2cc..2cc5e47 100644 +--- a/setools/__init__.py ++++ b/setools/__init__.py +@@ -76,13 +76,16 @@ from .pirqconquery import PirqconQuery + from .pcideviceconquery import PcideviceconQuery + from .devicetreeconquery import DevicetreeconQuery + +-# Information Flow Analysis +-from .infoflow import * ++# Information Flow and Domain Transition Analysis ++try: ++ import networkx ++except ImportError: ++ logging.getLogger(__name__).debug("NetworkX failed to import, disabling infoflow and dta.") ++else: ++ from .infoflow import * ++ from .dta import * + from .permmap import PermissionMap, RuleWeight, Mapping + +-# Domain Transition Analysis +-from .dta import * +- + # Policy difference + from .diff import PolicyDifference + +diff --git a/setools/dta.py b/setools/dta.py +index 5ce50f4..554c545 100644 +--- a/setools/dta.py ++++ b/setools/dta.py +@@ -13,12 +13,8 @@ from dataclasses import dataclass, InitVar + import typing + import warnings + +-try: +- import networkx as nx +- from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound +- +-except ImportError as iex: +- logging.getLogger(__name__).debug(f"{iex.name} failed to import.") ++import networkx as nx ++from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound + + from . import exception + from .descriptors import CriteriaDescriptor, EdgeAttrDict, EdgeAttrList +diff --git a/setools/infoflow.py b/setools/infoflow.py +index 0d48bbe..0086f4c 100644 +--- a/setools/infoflow.py ++++ b/setools/infoflow.py +@@ -11,12 +11,8 @@ from dataclasses import dataclass, InitVar + import typing + import warnings + +-try: +- import networkx as nx +- from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound +- +-except ImportError as iex: +- logging.getLogger(__name__).debug(f"{iex.name} failed to import.") ++import networkx as nx ++from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound + + from . import exception + from .descriptors import CriteriaDescriptor, EdgeAttrIntMax, EdgeAttrList +-- +2.44.0 + diff --git a/setools-4.4.4.tar.bz2 b/setools-4.4.4.tar.bz2 deleted file mode 100644 index d31f8a9..0000000 --- a/setools-4.4.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3c5fa76a674fe3f6890d900df59b9d142e4b63c9ffbde653904f90ed6e666ef9 -size 262867 diff --git a/setools-4.5.0.tar.bz2 b/setools-4.5.0.tar.bz2 new file mode 100644 index 0000000..a54514e --- /dev/null +++ b/setools-4.5.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:68469ae9bd114b42bba4cb41795577ca1e4f50e3e4234817f13ff1a8bbd9ce77 +size 265097 diff --git a/setools.changes b/setools.changes index 49b93bd..2d60572 100644 --- a/setools.changes +++ b/setools.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Thu Apr 18 13:21:48 UTC 2024 - Cathy Hu + +- Fix build for 15.4 and 15.5: + - Minimum required python version is 3.11, so building only for python311 + - Remove dependency for networkx: 0001-Make-networkx-optional-again-Fixes-125.patch + +------------------------------------------------------------------- +Thu Mar 21 14:06:13 UTC 2024 - Filippo Bonazzi + +- Update to version 4.5.0: + - User Visible Changes + * Add graphical results for information flow analysis and domain + transition analysis, available in apol, sedta, and seinfoflow. + * Add tooltips, What's This?, and detail popups in apol to help + cross-referencing query and analysis results along with + context-sensitive help. + - Under The Hood Changes + * Rework apol to fully generate the UI programmatically. + * Update apol to PyQt6 + * Replace deprecated uses of pkg_resources and distutils. + * Begin adding unit tests for apol UI. + - Updated Dependencies + SETools now higher minimum versions of the following dependencies: + * Python 3.10 + * NetworkX 2.6 + * PyQt6 + * Cython 0.29.14 + - New Dependencies + * pygraphviz (for seinfoflow, sedta, apol) + ------------------------------------------------------------------- Mon Dec 11 08:09:10 UTC 2023 - Johannes Segitz diff --git a/setools.spec b/setools.spec index 23b69f6..57bd09e 100644 --- a/setools.spec +++ b/setools.spec @@ -1,7 +1,7 @@ # # spec file for package setools # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,17 +16,11 @@ # -# As soon as python38 is introduced as flavor, we need this: -%{?!python3_primary_provider:%define python3_primary_provider %{lua: \ -l,c = posix.readlink("/usr/bin/python3") \ -flavor = l:gsub("%.", ""):sub(0,-1) \ -print(rpm.expand("%{?" .. flavor .. "_prefix}%{!?" .. flavor .. "_prefix:python3}")) \ -}} -# Skip every flavor except for the primary_provider +%define python3_primary_provider python311 %define pythons %python3_primary_provider Name: setools -Version: 4.4.4 +Version: 4.5.0 Release: 0 URL: https://github.com/SELinuxProject/setools Summary: Policy analysis tools for SELinux @@ -34,13 +28,15 @@ License: GPL-2.0-only Group: System/Management Source: https://github.com/SELinuxProject/setools/releases/download/%{version}/%{name}-%{version}.tar.bz2 Source2: README.SUSE +# can be removed again when this is fixed upstream: https://github.com/SELinuxProject/setools/issues/125 +Patch0: 0001-Make-networkx-optional-again-Fixes-125.patch +BuildRequires: %{python_module Cython >= 0.29.14} +BuildRequires: %{python_module devel >= 3.10} +BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: libselinux-devel BuildRequires: libsepol-devel BuildRequires: python-rpm-macros -BuildRequires: python3-Cython -BuildRequires: python3-devel >= 3.4 -BuildRequires: python3-setuptools Requires: setools-console = %{version}-%{release} Requires: setools-gui = %{version}-%{release} @@ -73,8 +69,12 @@ This package includes the following console tools: Summary: Python bindings for SELinux policy analysis License: LGPL-2.0-only Group: Development/Languages/Python -Requires: python3 >= 3.4 -Requires: python3-setuptools +Requires: %{python3_primary_provider} >= 3.10 +Requires: %{python3_primary_provider}-setuptools +# require python-networkx on tumbleweed +%if 0%{?suse_version} > 1600 +Requires: %{python3_primary_provider}-networkx +%endif Obsoletes: python-setools < %{version}-%{release} Provides: python-setools = %{version}-%{release} %if "%{python3_primary_provider}" != "python3" @@ -90,9 +90,9 @@ libraries designed to facilitate SELinux policy analysis. Summary: Policy analysis graphical tools for SELinux License: GPL-2.0-only Group: System/Base -Requires: python3-networkx -Requires: python3-qt5 -Requires: python3-setools = %{version} +Requires: %{python3_primary_provider}-PyQt6 +Requires: %{python3_primary_provider}-pygraphviz +Requires: %{python3_primary_provider}-setools = %{version} %description gui SETools is a collection of graphical tools, command-line tools, and @@ -112,12 +112,12 @@ This package includes the following graphical tools: %install %python_install install -m 644 -D %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE -%fdupes -s %{buildroot}%{python3_sitearch} +%fdupes -s %{buildroot}%{python_sitearch} %files -n %{python3_primary_provider}-setools %defattr(-,root,root,-) -%{python3_sitearch}/setools -%{python3_sitearch}/setools-%{version}*-info +%{python_sitearch}/setools +%{python_sitearch}/setools-%{version}*-info %dir %{_docdir}/%{name}/ %{_docdir}/%{name}/* @@ -144,7 +144,7 @@ install -m 644 -D %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE %files gui %defattr(-,root,root,-) -%{python3_sitearch}/setoolsgui +%{python_sitearch}/setoolsgui %{_bindir}/apol %{_mandir}/man1/apol.1.gz