From 725d3a69e00336162a6f2e265371ba16f079d006 Mon Sep 17 00:00:00 2001
From: DistroBaker <osci-list@redhat.com>
Date: Mon, 5 Apr 2021 01:40:17 +0000
Subject: [PATCH] Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/fapolicyd.git#183a7e15ec6b1052a7ea3c3036840c7578e6776b
---
 .gitignore                     |  3 ++
 fapolicyd-magic-override.patch | 40 --------------------------
 fapolicyd-uthash-bundle.patch  | 39 ++++++++++++++++++++++++++
 fapolicyd.spec                 | 51 ++++++++++++++++++++++++++++------
 selinux.patch                  | 15 ----------
 sources                        |  5 ++--
 6 files changed, 87 insertions(+), 66 deletions(-)
 delete mode 100644 fapolicyd-magic-override.patch
 create mode 100644 fapolicyd-uthash-bundle.patch
 delete mode 100644 selinux.patch

diff --git a/.gitignore b/.gitignore
index 713198b..a3c9c6e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,6 @@
 /fapolicyd-selinux-0.3.tar.gz
 /fapolicyd-1.0.1.tar.gz
 /fapolicyd-1.0.2.tar.gz
+/fapolicyd-selinux-0.4.tar.gz
+/uthash-2.3.0.tar.gz
+/fapolicyd-1.0.3.tar.gz
diff --git a/fapolicyd-magic-override.patch b/fapolicyd-magic-override.patch
deleted file mode 100644
index 33c58f6..0000000
--- a/fapolicyd-magic-override.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff -up ./init/fapolicyd-magic.magic-override ./init/fapolicyd-magic
---- ./init/fapolicyd-magic.magic-override	2020-11-16 20:16:10.764346043 +0100
-+++ ./init/fapolicyd-magic	2020-11-16 20:18:30.354528379 +0100
-@@ -1,9 +1,17 @@
- 0	string/w	#!\ /usr/bin/bash	Bourne-Again shell script text executable
- !:mime	text/x-shellscript
- 
-+0  search/1/w  #!\ /usr/bin/env\ bash  Bourne-Again shell script text executable
-+!:strength + 15
-+!:mime text/x-shellscript
-+
- 0	string/w	#!\ /usr/bin/sh		Shell script text executable
- !:mime	text/x-shellscript
- 
-+0   search/1/w  #!\ /usr/bin/env\ bash  Bourne-Again shell script text executable
-+!:strength + 15
-+!:mime text/x-shellscript
-+
- 0	string/wt	#!\ /bin/rc		Plan 9 shell script text executable
- !:mime	text/x-plan9-shellscript
- 
-@@ -47,10 +55,18 @@
- !:strength + 15
- !:mime text/x-python
- 
-+0   search/1/w  #!\ /usr/bin/env\ python3   Python script text executable
-+!:strength + 15
-+!:mime text/x-python
-+
- 0	search/1/wt	#!\ /usr/bin/python2	Python script text executable
- !:strength + 15
- !:mime text/x-python
- 
-+0  search/1/w  #!\ /usr/bin/env\ python2   Python script text executable
-+!:strength + 15
-+!:mime text/x-python
-+
- 0	search/1/wt	#!\ /usr/bin/python	Python script text executable
- !:strength + 15
- !:mime text/x-python
diff --git a/fapolicyd-uthash-bundle.patch b/fapolicyd-uthash-bundle.patch
new file mode 100644
index 0000000..c482992
--- /dev/null
+++ b/fapolicyd-uthash-bundle.patch
@@ -0,0 +1,39 @@
+diff -up ./configure.ac.uthash ./configure.ac
+--- ./configure.ac.uthash	2021-03-25 22:12:48.164450403 +0100
++++ ./configure.ac	2021-03-25 22:13:01.067282788 +0100
+@@ -67,10 +67,6 @@ AC_CHECK_HEADER(sys/fanotify.h, , [AC_MS
+ ["Couldn't find sys/fanotify.h...your kernel might not be new enough"] )])
+ AC_CHECK_FUNCS(fexecve, [], [])
+ 
+-AC_CHECK_HEADER(uthash.h, , [AC_MSG_ERROR(
+-["Couldn't find uthash.h...uthash-devel is missing"] )])
+-
+-
+ echo .
+ echo Checking for required libraries
+ AC_CHECK_LIB(udev, udev_device_get_devnode, , [AC_MSG_ERROR([libudev not found])], -ludev)
+diff -up ./src/library/rpm-backend.c.uthash ./src/library/rpm-backend.c
+--- ./src/library/rpm-backend.c.uthash	2021-01-05 16:27:53.000000000 +0100
++++ ./src/library/rpm-backend.c	2021-03-25 22:12:33.212644641 +0100
+@@ -32,7 +32,7 @@
+ #include <rpm/rpmdb.h>
+ #include <fnmatch.h>
+ 
+-#include <uthash.h>
++#include "uthash.h"
+ 
+ #include "message.h"
+ 
+diff -up ./src/Makefile.am.uthash ./src/Makefile.am
+--- ./src/Makefile.am.uthash	2021-01-05 16:27:53.000000000 +0100
++++ ./src/Makefile.am	2021-03-25 22:12:33.212644641 +0100
+@@ -5,6 +5,9 @@ AM_CPPFLAGS = \
+ 	-I${top_srcdir} \
+ 	-I${top_srcdir}/src/library
+ 
++AM_CPPFLAGS += \
++	-I${top_srcdir}/uthash-2.3.0/include
++
+ sbin_PROGRAMS = fapolicyd fapolicyd-cli
+ lib_LTLIBRARIES= libfapolicyd.la
+ 
diff --git a/fapolicyd.spec b/fapolicyd.spec
index bc53ed8..109bb16 100644
--- a/fapolicyd.spec
+++ b/fapolicyd.spec
@@ -1,22 +1,28 @@
 %global selinuxtype targeted
 %global moduletype contrib
-%define semodule_version 0.3
+%define semodule_version 0.4
 
 Summary: Application Whitelisting Daemon
 Name: fapolicyd
-Version: 1.0.2
-Release: 2%{?dist}
+Version: 1.0.3
+Release: 1%{?dist}
 License: GPLv3+
 URL: http://people.redhat.com/sgrubb/fapolicyd
 Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
 Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/releases/download/v%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz
+# we bundle uthash for rhel9
+Source2: https://github.com/troydhanson/uthash/archive/refs/tags/v2.3.0.tar.gz#/uthash-2.3.0.tar.gz
 BuildRequires: gcc
 BuildRequires: kernel-headers
 BuildRequires: autoconf automake make gcc libtool
 BuildRequires: systemd-devel libgcrypt-devel rpm-devel file-devel file
 BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel
 BuildRequires: python3-devel
+
+%if 0%{?rhel} == 0
 BuildRequires: uthash-devel
+%endif
+
 Requires: %{name}-plugin
 Recommends: %{name}-selinux
 Requires(pre): shadow-utils
@@ -24,8 +30,7 @@ Requires(post): systemd-units
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 
-Patch1: fapolicyd-magic-override.patch
-Patch2: selinux.patch
+Patch1: fapolicyd-uthash-bundle.patch
 
 %description
 Fapolicyd (File Access Policy Daemon) implements application whitelisting
@@ -65,17 +70,18 @@ Don't use dnf and rpm plugin together.
 # selinux
 %setup -q -D -T -a 1
 
-%patch1 -p1 -b .magic-override
-%patch2 -p1 -b .selinux
+%if 0%{?rhel} != 0
+# uthash
+%setup -q -D -T -a 2
+%patch1 -p1 -b .uthash
+%endif
 
 sed -i "s/%python2_path%/`readlink -f %{__python2} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.*
 sed -i "s/%python3_path%/`readlink -f %{__python3} | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.*
 sed -i "s/%ld_so_path%/`find /usr/lib64/ -type f -name 'ld-2\.*.so' | sed 's/\//\\\\\//g'`/g" init/%{name}.rules.*
 
 %build
-
 ./autogen.sh
-
 %configure \
     --with-audit \
     --with-rpm \
@@ -116,6 +122,28 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
 %pre
 getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -c "Application Whitelisting Daemon" %{name}
 
+%pretrans -p <lua>
+if posix.access("/run/fapolicyd.pid", "f") then
+  os.execute([[
+    c=/etc/fapolicyd/fapolicyd.rules
+    rule="allow perm=any uid=0 : all"
+
+    if test -e $c; then
+       if systemctl is-active fapolicyd &> /dev/null; then
+          tmp=`mktemp`
+          cat $c > $tmp
+          echo "$rule" > $c
+          cat $tmp >> $c
+          systemctl restart fapolicyd || true
+          sleep 10
+          cat $tmp > $c
+          rm -f $tmp
+        fi
+    fi
+    ]])
+end
+
+
 %post
 %systemd_post %{name}.service
 
@@ -157,6 +185,7 @@ getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{nam
 
 %post selinux
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+%selinux_relabel_post -s %{selinuxtype}
 
 %postun selinux
 if [ $1 -eq 0 ]; then
@@ -172,6 +201,10 @@ fi
 
 
 %changelog
+* Thu Apr 01 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-1
+- rebase to 1.0.3
+- sync fedora with rhel
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
diff --git a/selinux.patch b/selinux.patch
deleted file mode 100644
index 9f304fb..0000000
--- a/selinux.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -up ./fapolicyd-selinux-0.3/fapolicyd.te.selinux ./fapolicyd-selinux-0.3/fapolicyd.te
---- ./fapolicyd-selinux-0.3/fapolicyd.te.selinux	2020-11-16 20:26:57.777902314 +0100
-+++ ./fapolicyd-selinux-0.3/fapolicyd.te	2020-11-16 20:28:17.659857140 +0100
-@@ -64,7 +64,10 @@ files_read_all_files(fapolicyd_t)
- fs_getattr_xattr_fs(fapolicyd_t)
- 
- logging_send_syslog_msg(fapolicyd_t)
-+dbus_system_bus_client(fapolicyd_t)
- 
- optional_policy(`
--        rpm_read_db(fapolicyd_t)        
-+        rpm_read_db(fapolicyd_t)
-+        allow fapolicyd_t rpm_var_lib_t:file { create };
-+        allow fapolicyd_t rpm_var_lib_t:dir { add_name write };
- ')
diff --git a/sources b/sources
index 0e98135..12712b1 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,3 @@
-SHA512 (fapolicyd-1.0.2.tar.gz) = 02f9a1681a948eefd856ca7e09c8dd06c5c1f0004e5f1c6d1513f79c1cb5d6bd31fa118a147ef9244b2146a3da1f525a4a329a37c969ce175a221e05d198bd1a
-SHA512 (fapolicyd-selinux-0.3.tar.gz) = 29895ee587294a275b3dbc712f915466758a3aabf7a692ed410ff91ae5d7dea936c231cde6aca5adf4edb9d9160450b65317ca9d1d6e76d687066d17d18495cd
+SHA512 (fapolicyd-1.0.3.tar.gz) = 5ec48d6c3ab6312c3ad4cc23e04fe03c5288baee9ee796ae944a539b082176f9fe03ad04edb8442af194d224b888e81addc5f84d4c1a368618a2a590a17c16a1
+SHA512 (fapolicyd-selinux-0.4.tar.gz) = afc74b9c55c71bec2039d112e8e16abc510b58bf794bd665f3128a63daa45572a6f18d1c4de1f63e45a01f8696aacfbf54ed2a07485d581f25446b7fe92307a2
+SHA512 (uthash-2.3.0.tar.gz) = 3b01f1074790fb242900411cb16eb82c1a9afcf58e3196a0f4611d9d7ef94690ad38c0a500e7783d3efa20328aa8d6ab14f246be63b3b3d385502ba2b6b2a294