Accepting request 1168880 from security:SELinux

OBS-URL: https://build.opensuse.org/request/show/1168880 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/setools?expand=0&rev=48
2024-04-19 17:13:14 +00:00 · 2024-04-19 17:13:14 +00:00 · 1c05bb0a4c
commit 1c05bb0a4c
parent 59a6b51bc9 1bf18c7b28
5 changed files with 139 additions and 24 deletions
--- a/0001-Make-networkx-optional-again-Fixes-125.patch
+++ b/0001-Make-networkx-optional-again-Fixes-125.patch
@ -0,0 +1,84 @@
+From b1ec8b7b2abe77e996f8272881f1d0887d09a4d5 Mon Sep 17 00:00:00 2001
+From: Cathy Hu <cathy.hu@suse.com>
+Date: Thu, 18 Apr 2024 14:31:46 +0200
+Subject: [PATCH] Make networkx optional again (Fixes #125)
+
+The 5.6.0 update contains a refactoring, which makes the networkx dependency
+necessary again for other commands, such as sesearch and seinfo.
+This leads to issues when packaging for distributions that do not provide networkx
+and want to use setools in a minimal fashion.
+
+Signed-off-by: Cathy Hu <cathy.hu@suse.com>
+---
+ setools/__init__.py | 13 ++++++++-----
+ setools/dta.py      |  8 ++------
+ setools/infoflow.py |  8 ++------
+ 3 files changed, 12 insertions(+), 17 deletions(-)
+
+diff --git a/setools/__init__.py b/setools/__init__.py
+index 1efd2cc..2cc5e47 100644
+--- a/setools/__init__.py
+++ b/setools/__init__.py
+@@ -76,13 +76,16 @@ from .pirqconquery import PirqconQuery
+ from .pcideviceconquery import PcideviceconQuery
+ from .devicetreeconquery import DevicetreeconQuery
+ 
+-# Information Flow Analysis
+-from .infoflow import *
+# Information Flow and Domain Transition Analysis
+try:
+    import networkx
+except ImportError:
+    logging.getLogger(__name__).debug("NetworkX failed to import, disabling infoflow and dta.")
+else:
+    from .infoflow import *
+    from .dta import *
+ from .permmap import PermissionMap, RuleWeight, Mapping
+ 
+-# Domain Transition Analysis
+-from .dta import *
+-
+ # Policy difference
+ from .diff import PolicyDifference
+ 
+diff --git a/setools/dta.py b/setools/dta.py
+index 5ce50f4..554c545 100644
+--- a/setools/dta.py
+++ b/setools/dta.py
+@@ -13,12 +13,8 @@ from dataclasses import dataclass, InitVar
+ import typing
+ import warnings
+ 
+-try:
+-    import networkx as nx
+-    from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
+-
+-except ImportError as iex:
+-    logging.getLogger(__name__).debug(f"{iex.name} failed to import.")
+import networkx as nx
+from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
+ 
+ from . import exception
+ from .descriptors import CriteriaDescriptor, EdgeAttrDict, EdgeAttrList
+diff --git a/setools/infoflow.py b/setools/infoflow.py
+index 0d48bbe..0086f4c 100644
+--- a/setools/infoflow.py
+++ b/setools/infoflow.py
+@@ -11,12 +11,8 @@ from dataclasses import dataclass, InitVar
+ import typing
+ import warnings
+ 
+-try:
+-    import networkx as nx
+-    from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
+-
+-except ImportError as iex:
+-    logging.getLogger(__name__).debug(f"{iex.name} failed to import.")
+import networkx as nx
+from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
+ 
+ from . import exception
+ from .descriptors import CriteriaDescriptor, EdgeAttrIntMax, EdgeAttrList
+-- 
+2.44.0
+
--- a/setools-4.4.4.tar.bz2
+++ b/setools-4.4.4.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3c5fa76a674fe3f6890d900df59b9d142e4b63c9ffbde653904f90ed6e666ef9
-size 262867
--- a/setools-4.5.0.tar.bz2
+++ b/setools-4.5.0.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68469ae9bd114b42bba4cb41795577ca1e4f50e3e4234817f13ff1a8bbd9ce77
+size 265097
--- a/setools.changes
+++ b/setools.changes
@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Thu Apr 18 13:21:48 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Fix build for 15.4 and 15.5:
+  - Minimum required python version is 3.11, so building only for python311 
+  - Remove dependency for networkx: 0001-Make-networkx-optional-again-Fixes-125.patch 
+
+-------------------------------------------------------------------
+Thu Mar 21 14:06:13 UTC 2024 - Filippo Bonazzi <filippo.bonazzi@suse.com>
+
+- Update to version 4.5.0:
+  - User Visible Changes
+    * Add graphical results for information flow analysis and domain
+      transition analysis, available in apol, sedta, and seinfoflow.
+    * Add tooltips, What's This?, and detail popups in apol to help
+      cross-referencing query and analysis results along with
+      context-sensitive help.
+  - Under The Hood Changes
+    * Rework apol to fully generate the UI programmatically.
+    * Update apol to PyQt6
+    * Replace deprecated uses of pkg_resources and distutils.
+    * Begin adding unit tests for apol UI.
+  - Updated Dependencies
+    SETools now higher minimum versions of the following dependencies:
+    * Python 3.10
+    * NetworkX 2.6
+    * PyQt6
+    * Cython 0.29.14
+  - New Dependencies
+    * pygraphviz (for seinfoflow, sedta, apol)
+
 -------------------------------------------------------------------
 Mon Dec 11 08:09:10 UTC 2023 - Johannes Segitz <jsegitz@suse.com>

--- a/setools.spec
+++ b/setools.spec
@ -1,7 +1,7 @@
 #
 # spec file for package setools
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,17 +16,11 @@
 #


-# As soon as python38 is introduced as flavor, we need this:
-%{?!python3_primary_provider:%define python3_primary_provider %{lua: \
-l,c = posix.readlink("/usr/bin/python3") \
-flavor = l:gsub("%.", ""):sub(0,-1) \
-print(rpm.expand("%{?" .. flavor .. "_prefix}%{!?" .. flavor .. "_prefix:python3}")) \
-}}
-# Skip every flavor except for the primary_provider
+%define python3_primary_provider python311
 %define pythons %python3_primary_provider

 Name:           setools
-Version:        4.4.4
+Version:        4.5.0
 Release:        0
 URL:            https://github.com/SELinuxProject/setools
 Summary:        Policy analysis tools for SELinux
@ -34,13 +28,15 @@ License:        GPL-2.0-only
 Group:          System/Management
 Source:         https://github.com/SELinuxProject/setools/releases/download/%{version}/%{name}-%{version}.tar.bz2
 Source2:        README.SUSE
+# can be removed again when this is fixed upstream: https://github.com/SELinuxProject/setools/issues/125
+Patch0:         0001-Make-networkx-optional-again-Fixes-125.patch
+BuildRequires:  %{python_module Cython >= 0.29.14}
+BuildRequires:  %{python_module devel >= 3.10}
+BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  libselinux-devel
 BuildRequires:  libsepol-devel
 BuildRequires:  python-rpm-macros
-BuildRequires:  python3-Cython
-BuildRequires:  python3-devel >= 3.4
-BuildRequires:  python3-setuptools
 Requires:       setools-console = %{version}-%{release}
 Requires:       setools-gui = %{version}-%{release}

@ -73,8 +69,12 @@ This package includes the following console tools:
 Summary:        Python bindings for SELinux policy analysis
 License:        LGPL-2.0-only
 Group:          Development/Languages/Python
-Requires:       python3 >= 3.4
-Requires:       python3-setuptools
+Requires:       %{python3_primary_provider} >= 3.10
+Requires:       %{python3_primary_provider}-setuptools
+# require python-networkx on tumbleweed
+%if 0%{?suse_version} > 1600
+Requires:       %{python3_primary_provider}-networkx
+%endif
 Obsoletes:      python-setools < %{version}-%{release}
 Provides:       python-setools = %{version}-%{release}
 %if "%{python3_primary_provider}" != "python3"
@ -90,9 +90,9 @@ libraries designed to facilitate SELinux policy analysis.
 Summary:        Policy analysis graphical tools for SELinux
 License:        GPL-2.0-only
 Group:          System/Base
-Requires:       python3-networkx
-Requires:       python3-qt5
-Requires:       python3-setools = %{version}
+Requires:       %{python3_primary_provider}-PyQt6
+Requires:       %{python3_primary_provider}-pygraphviz
+Requires:       %{python3_primary_provider}-setools = %{version}

 %description gui
 SETools is a collection of graphical tools, command-line tools, and
@ -112,12 +112,12 @@ This package includes the following graphical tools:
 %install
 %python_install
 install -m 644 -D %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE
-%fdupes -s %{buildroot}%{python3_sitearch}
+%fdupes -s %{buildroot}%{python_sitearch}

 %files -n %{python3_primary_provider}-setools
 %defattr(-,root,root,-)
-%{python3_sitearch}/setools
-%{python3_sitearch}/setools-%{version}*-info
+%{python_sitearch}/setools
+%{python_sitearch}/setools-%{version}*-info
 %dir %{_docdir}/%{name}/
 %{_docdir}/%{name}/*

@ -144,7 +144,7 @@ install -m 644 -D %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE

 %files gui
 %defattr(-,root,root,-)
-%{python3_sitearch}/setoolsgui
+%{python_sitearch}/setoolsgui
 %{_bindir}/apol
 %{_mandir}/man1/apol.1.gz