SHA256
1
0
forked from pool/checkpolicy

Accepting request 1184291 from home:cahu:security:SELinux:userspace37

- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * checkpolicy: support CIDR notation for nodecon statements
    * checkpolicy: provide more descriptive error messages and improve error handling
  * Bugfixes:
    * checkpolicy: handle unprintable token
    * checkpolicy: avoid assigning garbage values
    * checkpolicy: free temporary bounds type
    * checkpolicy: perform contiguous check in host byte order
    * checkpolicy: include <ctype.h> for isprint(3)
  * oss-fuzz fixes:
    * checkpolicy: add libfuzz based fuzzer
    * checkpolicy: free complete role_allow_rule on error
    * checkpolicy: free identifiers on invalid typebounds
    * checkpolicy: return YYerror on invalid character
    * checkpolicy: clone level only once

OBS-URL: https://build.opensuse.org/request/show/1184291
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=65
This commit is contained in:
Cathy Hu 2024-07-02 09:43:44 +00:00 committed by Git OBS Bridge
commit 732ba6f16b
10 changed files with 556 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

3
checkpolicy-3.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1b346b3cdd4f8a78a157627bad64a3b3479c67b6a19d15e6d5c8694620eadbc1
size 70684

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAIACgkQRpWIHCVF
CNE7jw/8Dg9K9Ie2j/zXEAW7khQLjQe5skNoX4pOWO31AzRK675b0z8/Lx3UMU3I
q/CSKLSrcblgsJxbDkp4KB/YzUo2IaBuJp8IqXye5DEPqUNnkOmg6/7KytU1nmn6
lA7nUm2XgaBuTtC6zi2rdb2qR0Pobja2rLx4gIP4yp7HPiq1leUy5dYhHCF7NT6W
AzhafOipDMClBd/yMOKS1PSnDrm//xXyg36RxJNX7xtlhfeRlR+lYegRMutVEnJW
KKx1pXVcdZWU53enLc5UJBohkkzA738AnwhpqPSuL3SiHI55v7GYz6KrrRZs0tke
mrQTa7GW7R5IGddz3nzc/GGzSTz1VGiloFTsZvMDKJaZIe/x46ZtPTbu44/caGQI
3Oc0tDQbGHgweCbVe0jeWmZZi6sJvgDwQa66RmjIbOPUDv+5cXbQbwLEzCAMqpxe
RFbjA35LSahAWHGdzQoewwmec4REX7z1Amyz0XJhLbG2xFWsjIl3xom/YV+ZxYat
KWJ8IH1ygW7mPFQx9JUJN8HpiKThHwsVvMiCvEcuz5pS3kXhj6qrL4Rhxebq7W7R
UCVACKka9g4ukpaGH1MUty4h3Q9TfEehwn20oFa5b93FdYZF9LhKdN23H/0kUpi7
MeBbAXK6z8p8nFgSbrA7cQ6Nf0uBGJ8qeBRj6N9FdylbdN3VxW4=
=vakU
-----END PGP SIGNATURE-----

3
checkpolicy-3.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fd3e1925477d49946d1116938661af44c1f86f0d681466fd9f02eaa06002a07f
size 74992

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NdQACgkQRpWIHCVF
CNFu8A//aEuByelb5YAXlrIOe1OFlZ1xzATJjan6wQyoX22GQvcb50C00/FoSicH
UDxvJ1k+oam9VdBISBxssvnftzhohwJyNn/r5br7KlBUA16GQxokftdddfU4aC9e
mIdy6ZUja7VO3zWXDFDoZyL0IpbjgrftOG3EHxF+rMfeoznW9g1enCEb7oWqZXCL
5gLhyI05FmI7ySOxqBhvU9oAVgSrU32UFDbgXZkKu2lkOSUPtxhTIzS/8vtIsiNy
ihS5LGS1VpyPdG3EWSr44d4sR4z3UM4QitRizG4lQVHluJDxS4lpivZlVSXHm87M
T8FvMIo7pJ5NQhmRMBZw1895ganyaGSuzSa8b05xtVfzg2lVkYPrCw1rzrDoxetF
2tWTijYfxDyhkvniACjNpfscayUe00IuCCceaoqLqi/BpeSaqdGh04prfCpmwYhA
umVtYLJrjddi9KyrBlNIVad22TiuxjqFg9J0Up8J+4GleCFG/GNjSKFlaYazJJF0
Hz4MJwDUbdWfY9WReyFEfMEvr7nCKcFCuU5Dv3GGFgE2oPAh2KasRg04OU56DIZl
ih4Fr1+qwDAztT0dmui/5FO4RvkCd1CecnUyzLpmzSAPduBxur41+0ym8QQ+qAup
utO3hg07MI8MN8pBuekL3g+3EkeA5RI7EZu569Z99vBSdi3XPGs=
=QR49
-----END PGP SIGNATURE-----

BIN
checkpolicy-tests.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

289
checkpolicy.changes Normal file
View File

@ -0,0 +1,289 @@
-------------------------------------------------------------------
Mon Jul 1 07:45:50 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* checkpolicy: support CIDR notation for nodecon statements
* checkpolicy: provide more descriptive error messages and improve error handling
* Bugfixes:
* checkpolicy: handle unprintable token
* checkpolicy: avoid assigning garbage values
* checkpolicy: free temporary bounds type
* checkpolicy: perform contiguous check in host byte order
* checkpolicy: include <ctype.h> for isprint(3)
* oss-fuzz fixes:
* checkpolicy: add libfuzz based fuzzer
* checkpolicy: free complete role_allow_rule on error
* checkpolicy: free identifiers on invalid typebounds
* checkpolicy: return YYerror on invalid character
* checkpolicy: clone level only once
-------------------------------------------------------------------
Tue Dec 19 10:43:51 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* checkpolicy: Add the command line argument -N, --disable-neverallow
* dispol: add option to display users, drop duplicate option to display booleans,
show number of entries before listing them
* dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
* dispol: add options: --actions ACTIONS, --help
* dismod: add options: --actions ACTIONS, --help
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Fri Feb 24 07:32:08 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* error out if required permission would exceed limit
* Improve error message for type bounds
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:09:06 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* warn on bogus IP address or netmask in nodecon statement
* allow wildcard permissions in constraints
* mention class name on invalid permission
-------------------------------------------------------------------
Thu Nov 11 13:23:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* When reading a binary policy by checkpolicy, do not automatically change the version
to the max policy version supported by libsepol or, if specified, the value given
using the "-c" flag.
* Updated documentation
* Prints the reason why opening a source policy file failed
-------------------------------------------------------------------
Tue Mar 9 08:59:58 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* Fix a memleak and an integer overflow
-------------------------------------------------------------------
Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* checkpolicy treats invalid characters as an error - might break rare use
cases (intentionally)
* Drop extern_te_assert_t.patch, is upstream
-------------------------------------------------------------------
Tue Mar 3 12:19:40 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* add flag to enable policy optimization
* allow to write policy to stdout
* remove a redundant if-condition
-------------------------------------------------------------------
Wed Jan 15 14:25:45 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Add extern_te_assert_t.patch to mark te_assert_t as extern.
Prevents build failures on gcc10 (bsc#1160259)
-------------------------------------------------------------------
Wed Mar 20 14:58:08 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Add option to sort contexts when creating a binary policy
* Update manpage
* check the result value of hashtable_search
* destroy the class datum if it fails to initialize
* remove extraneous policy build noise
-------------------------------------------------------------------
Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS"
(RPM_LD_FLAGS is always empty).
-------------------------------------------------------------------
Wed Nov 7 16:26:24 UTC 2018 - jsegitz@suse.com
- Source URL was invalid (bsc#1115052)
-------------------------------------------------------------------
Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com
- Update to version 2.8 (bsc#1111732).
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- Dropped checkpolicy-build.patch, not necessary anymore
- Removed BuildRequires for byacc. It builds without and this blocks
building on SLE 15
-------------------------------------------------------------------
Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com
- checkpolicy-build.patch was added in the former change to fix build
failures
-------------------------------------------------------------------
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
- Rebase to 2.7.
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
-------------------------------------------------------------------
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* Add types associated to a role in the current scope when parsing
* Extend checkpolicy pathname matching
* Set flex as default lexer
* Fix checkmodule output message
* Fail if module name different than output base filename
* Add support for portcon dccp protocol
-------------------------------------------------------------------
Thu Jun 29 21:05:43 UTC 2017 - mpluskal@suse.com
- Use plain flex
-------------------------------------------------------------------
Thu Jul 21 13:02:06 UTC 2016 - jengelh@inai.de
- Trim/update description
-------------------------------------------------------------------
Thu Jul 14 14:18:26 UTC 2016 - jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
sle-changelog-checker happy: bsc#988977
-------------------------------------------------------------------
Fri Jul 8 16:22:15 UTC 2016 - i@marguerite.su
- update version 2.5
* Add neverallow support for ioctl extended permissions
* fix double free on name-based type transitions
* switch operations to extended perms
* policy_define.c: fix compiler warnings
* Remove uses of -Wno-return-type
* Fix -Wreturn-type issues
* dispol: display operations as ranges
* dispol: Extend to display operations
* Add support for ioctl command whitelisting
* Add option to write CIL policy
* Add device tree ocontext nodes to Xen policy
* Widen Xen IOMEM context entries
* Expand allowed character set in paths
* Fix precedence between number and filesystem tokens
* dispol/dismod fgets function warnings fix
- changes in 2.4
* Fix bugs found by hardened gcc flags
* Add missing semicolon in cond_else parser rule
* Clear errno before call to strtol(3)
* Global C++11 compatibility
* Allow libsepol C++ static library on device
-------------------------------------------------------------------
Sun May 18 00:18:53 UTC 2014 - crrodriguez@opensuse.org
- version 2.3
* Report source file and line information for neverallow failures.
* Prevent incompatible option combinations for checkmodule.
* Drop -lselinux from LDLIBS for test programs; not used.
* Add debug feature to display constraints/validatetrans from Richard Haines.
-------------------------------------------------------------------
Thu Oct 31 13:41:13 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Fix hyphen usage in man pages
* handle-unknown / -U required argument fix
* Support overriding Makefile PATH and LIBDIR
* Support space and : in filenames
- Remove checkpolicy-rhat.patch; fixed on upstream
-------------------------------------------------------------------
Thu Jun 27 14:29:19 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.12 release tarball
-------------------------------------------------------------------
Fri Mar 29 13:10:16 UTC 2013 - vcizek@suse.com
- update to 2.1.12
* Fix errors found by coverity
* implement default type policy syntax
* Free allocated memory when clean up / exit.
- changes in checkpolicy-rhat.patch:
* original hunk was merged upstream
* space should be allowed for file trans names
-------------------------------------------------------------------
Wed Jan 30 11:40:10 UTC 2013 - vcizek@suse.com
- update to 2.1.11
* fd leak reading policy
* check return code on ebitmap_set_bit
* sepolgen: We need to support files that have a + in them
* implement new default labeling behaviors for usr, role, range
-------------------------------------------------------------------
Wed Jul 25 11:24:54 UTC 2012 - meissner@suse.com
- updated to 2.1.8
- various fixes
-------------------------------------------------------------------
Sat Sep 17 22:52:07 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
-------------------------------------------------------------------
Thu Feb 25 14:51:44 UTC 2010 - prusnak@suse.cz
- updated to 2.0.21
* Add support for building Xen policies from Paul Nuzzi.
* Add long options to checkpolicy and checkmodule by Guido
Trentalancia <guido@trentalancia.com>
-------------------------------------------------------------------
Tue Jun 23 12:29:42 CEST 2009 - prusnak@suse.cz
- require libsepol-devel-static
-------------------------------------------------------------------
Wed May 27 13:52:37 CEST 2009 - prusnak@suse.cz
- updated to 2.0.19
* fix alias field in module format, caused by boundary format change
from Caleb Case
* properly escape regex symbols in the lexer from Stephen Smalley
* add bounds support from KaiGai Kohei
-------------------------------------------------------------------
Mon Oct 20 18:03:54 CEST 2008 - prusnak@suse.cz
- use flex-old for building (using flex does not build refpolicy)
-------------------------------------------------------------------
Tue Jul 15 17:56:14 CEST 2008 - prusnak@suse.cz
- initial version 2.0.16
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>

110
checkpolicy.keyring Normal file
View File

@ -0,0 +1,110 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f
QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq
8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk
e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m
zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk
uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V
CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k
Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK
3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC
4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ
xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB
tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG
FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7
CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G
CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx
tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ
79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9
eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf
YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc
g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ
6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP
3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6
9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf
6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7
DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu
Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI
zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x
2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML
rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw
xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e
Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm
YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ
MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ
YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC
w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec
8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj
EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5
4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90
XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU
5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3
+4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4
G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv
LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z
b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k
dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb
ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2
6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo
hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2
QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV
9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg
ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC
APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5
APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO
Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6
is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1
/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS
f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m
khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7
8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5
XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+
ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV
TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY
BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE
LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup
PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT
raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq
DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I
V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+
ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD
VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF
CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb
96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu
O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec
qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5
/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw
w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50
THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY
nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k
uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57
c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D
vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378
d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0
P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X
QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64
G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3
QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ
MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO
17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC
JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ
lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT
xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd
7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp
ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ
A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB
56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh
z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY
eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3
q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh
C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy
BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F
G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY
zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x
pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr
6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi
TakEPw==
=odM9
-----END PGP PUBLIC KEY BLOCK-----

92
checkpolicy.spec Normal file
View File

@ -0,0 +1,92 @@
#
# spec file for package checkpolicy
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define libsepol_ver 3.7
Name: checkpolicy
Version: 3.7
Release: 0
Summary: SELinux policy compiler
License: GPL-2.0-or-later
Group: Productivity/Security
URL: https://github.com/SELinuxProject/selinux
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
Source2: checkpolicy.keyring
Source3: checkpolicy-tests.tar.gz
BuildRequires: bison
BuildRequires: flex
BuildRequires: libselinux-devel
BuildRequires: libsepol-devel-static => %{libsepol_ver}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package devel
Summary: Development files for SELinux policy compiler
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
This package contains the development files, which are
necessary to develop your own software using checkpolicy.
%package -n python3-%{name}
Summary: Python bindings for SELinux policy compiler
Group: Development/Libraries/Python
Requires: %{name} = %{version}
%description -n python3-%{name}
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
This package contains the Python bindindgs, which are necessary
to use checkpolicy from Python.
%prep
%setup -q
%build
make clean
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
make -C test LIBDIR="%{_libdir}" CFLAGS="%{optflags}" %{?_smp_mflags}
%install
mkdir -p %{buildroot}/%{_bindir}
%make_install LIBDIR="%{_libdir}"
install test/dismod %{buildroot}/%{_bindir}/sedismod
install test/dispol %{buildroot}/%{_bindir}/sedispol
%files
%defattr(-,root,root)
%{_bindir}/checkpolicy
%{_bindir}/checkmodule
%{_bindir}/sedismod
%{_bindir}/sedispol
%{_mandir}/man8/check*.*%{ext_man}
%changelog