import CS fapolicyd-1.4.5-1.2.el10

2026-05-19 15:07:06 -04:00
13 changed files with 1011 additions and 693 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
-SOURCES/fapolicyd-1.3.2.tar.gz
+fapolicyd-1.4.5.tar.gz
-SOURCES/fapolicyd-selinux-0.6.tar.gz
+fapolicyd-selinux-1.1.tar.gz
 uthash-2.3.0.tar.gz
--- a/SOURCES/fapolicyd-dnf-plugin.patch
+++ b/SOURCES/fapolicyd-dnf-plugin.patch
@ -1,34 +0,0 @@
 diff -up ./dnf/fapolicyd-dnf-plugin.py.fix ./dnf/fapolicyd-dnf-plugin.py
 --- ./dnf/fapolicyd-dnf-plugin.py.fix	2023-06-20 13:21:21.098192421 +0200
 +++ ./dnf/fapolicyd-dnf-plugin.py	2023-06-20 13:21:46.287412300 +0200
@@ -8,29 +8,10 @@ import sys
 class Fapolicyd(dnf.Plugin):
     name = "fapolicyd"
 -    pipe = "/run/fapolicyd/fapolicyd.fifo"
     file = None
     def __init__(self, base, cli):
         pass
     def transaction(self):
 -
 -        if not os.path.exists(self.pipe):
 -            sys.stderr.write("Pipe does not exist (" + self.pipe + ")\n")
 -            sys.stderr.write("Perhaps fapolicy-plugin does not have enough permissions\n")
 -            sys.stderr.write("or fapolicyd is not running...\n")
 -            return
 -
 -        if not stat.S_ISFIFO(os.stat(self.pipe).st_mode):
 -            sys.stderr.write(self.pipe + ": is not a pipe!\n")
 -            return
 -
 -        try:
 -            self.file = open(self.pipe, "w")
 -        except PermissionError:
 -            sys.stderr.write("fapolicy-plugin does not have write permission: " + self.pipe + "\n")
 -            return
 -
 -        self.file.write("1\n")
 -        self.file.close()
 +        pass
--- a/SOURCES/fapolicyd-leaks.patch
+++ b/SOURCES/fapolicyd-leaks.patch
@ -1,78 +0,0 @@
 From 248219377a034d7da9238e7424c97558395700e3 Mon Sep 17 00:00:00 2001
 From: Radovan Sroka <rsroka@redhat.com>
 Date: Tue, 18 Jul 2023 17:05:11 +0200
 Subject: [PATCH] Fix multiple leaks
 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 ---
 src/library/filter.c |  3 +++
 src/library/policy.c | 13 +++++++++++--
 src/library/rules.c  |  3 ---
 3 files changed, 14 insertions(+), 5 deletions(-)
 diff --git a/src/library/filter.c b/src/library/filter.c
 index d5d8cca..eb378ca 100644
 --- a/src/library/filter.c
 +++ b/src/library/filter.c
@@ -472,9 +472,12 @@ int filter_load_file(void)
 			msg(LOG_ERR, "filter_load_file: paring error line: %ld, \"%s\"", line_number, line);
 			filter_destroy_obj(filter);
 			free(line);
 +			line = NULL;
 			goto bad;
 		}
 +	}
 +	if (line) {
 		free(line);
 		line = NULL;
 	}
 diff --git a/src/library/policy.c b/src/library/policy.c
 index 7fe1210..31ff6e2 100644
 --- a/src/library/policy.c
 +++ b/src/library/policy.c
@@ -23,6 +23,7 @@
  *   Radovan Sroka <rsroka@redhat.com>
  */
 +#include "attr-sets.h"
 #include "config.h"
 #include <stdbool.h>
 #include <stdio.h>
@@ -273,12 +274,20 @@ int load_rules(const conf_t *_config)
 		return 1;
 	FILE * f = open_file();
 -	if (f == NULL)
 +	if (f == NULL) {
 +		destroy_attr_sets();
 		return 1;
 +	}
 	int res = _load_rules(_config, f);
 	fclose(f);
 -	return res;
 +
 +	if (res) {
 +		destroy_attr_sets();
 +		return 1;
 +	}
 +
 +	return 0;
 }
 void destroy_rules(void)
 diff --git a/src/library/rules.c b/src/library/rules.c
 index 5ffa40e..4a8b098 100644
 --- a/src/library/rules.c
 +++ b/src/library/rules.c
@@ -65,9 +65,6 @@ int rules_create(llist *l)
 	l->cur = NULL;
 	l->cnt = 0;
 -	if (init_attr_sets())
 -		return 1;
 -
 	return  0;
 }
--- a/SOURCES/fapolicyd-librpm-workaround.patch
+++ b/SOURCES/fapolicyd-librpm-workaround.patch
@ -1,93 +0,0 @@
 diff -up ./src/daemon/fapolicyd.c.librpm-workaround ./src/daemon/fapolicyd.c
 --- ./src/daemon/fapolicyd.c.librpm-workaround	2023-07-10 11:19:19.507044648 +0200
 +++ ./src/daemon/fapolicyd.c	2023-07-10 11:19:19.509044621 +0200
@@ -572,7 +572,7 @@ int main(int argc, const char *argv[])
 		capng_clear(CAPNG_SELECT_BOTH);
 		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
 			CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, CAP_SYS_PTRACE,
 -			CAP_SYS_NICE, CAP_SYS_RESOURCE, CAP_AUDIT_WRITE, -1);
 +			CAP_SYS_NICE, CAP_SYS_RESOURCE, CAP_AUDIT_WRITE, CAP_CHOWN, -1);
 		if (capng_change_id(config.uid, config.gid,
 							CAPNG_DROP_SUPP_GRP)) {
 			msg(LOG_ERR, "Cannot change to uid %d", config.uid);
 diff -up ./src/library/rpm-backend.c.librpm-workaround ./src/library/rpm-backend.c
 --- ./src/library/rpm-backend.c.librpm-workaround	2023-06-15 16:45:14.000000000 +0200
 +++ ./src/library/rpm-backend.c	2023-07-10 11:22:07.066794595 +0200
@@ -32,7 +32,12 @@
 #include <rpm/rpmdb.h>
 #include <rpm/rpmpgp.h>
 #include <fnmatch.h>
 +#include <glob.h>
 +#include <pwd.h>
 +#include <grp.h>
 +#include <fcntl.h>
 +#include <unistd.h>
 #include <uthash.h>
 #include "message.h"
@@ -59,6 +64,50 @@ backend rpm_backend =
 static rpmts ts = NULL;
 static rpmdbMatchIterator mi = NULL;
 +static void fix_files(void)
 +{
 +	glob_t glob_result;
 +	const char *pattern = "/var/lib/rpm/__*";
 +
 +	struct passwd * usr = getpwnam("fapolicyd");
 +	if (usr == NULL) {
 +		return;
 +	}
 +
 +	struct group * grp = getgrnam("fapolicyd");
 +	if (grp == NULL) {
 +		return;
 +	}
 +
 +	int return_value = glob(pattern, 0, NULL, &glob_result);
 +	if (return_value != 0) {
 +		return;
 +	}
 +
 +	for (int i = 0; i < glob_result.gl_pathc; ++i) {
 +
 +		int fd = open(glob_result.gl_pathv[i], O_NOFOLLOW);
 +
 +		if (fd == -1)
 +			continue;
 +
 +		struct stat file_stat;
 +		if (fstat(fd, &file_stat) != 0) {
 +			continue;
 +		}
 +
 +		if (file_stat.st_uid == usr->pw_uid &&
 +			file_stat.st_gid == grp->gr_gid) {
 +
 +			fchown(fd, 0, 0);
 +		}
 +
 +		close(fd);
 +	}
 +
 +	globfree(&glob_result);
 +}
 +
 static int init_rpm(void)
 {
 	return rpmReadConfigFiles ((const char *)NULL, (const char *)NULL);
@@ -201,8 +250,13 @@ static int rpm_load_list(const conf_t *c
 		return rc;
 	}
 +	int fixed = 0;
 	// Loop across the rpm database
 	while (get_next_package_rpm()) {
 +		if (!fixed) {
 +			fixed = 1;
 +			fix_files();
 +		}
 		// Loop across the packages
 		while (get_next_file_rpm()) {
 			// We do not want directories or symlinks in the
--- a/SOURCES/fapolicyd-selinux-links.patch
+++ b/SOURCES/fapolicyd-selinux-links.patch
@ -1,23 +0,0 @@
 From 05780f9accae504440ffed0548bd3e4144cfb70e Mon Sep 17 00:00:00 2001
 From: Radovan Sroka <rsroka@redhat.com>
 Date: Wed, 19 Jul 2023 16:00:13 +0200
 Subject: [PATCH] Allow links
 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 ---
 fapolicyd.te | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/fapolicyd-selinux-0.6/fapolicyd.te b/fapolicyd-selinux-0.6/fapolicyd.te
 index daf31bd..5d6f9aa 100644
 --- a/fapolicyd-selinux-0.6/fapolicyd.te
 +++ b/fapolicyd-selinux-0.6/fapolicyd.te
@@ -53,6 +53,8 @@ ifdef(`fs_watch_all_fs',`
     files_watch_sb_all_mountpoints(fapolicyd_t)
 ')
 +allow fapolicyd_t file_type : lnk_file { getattr read };
 +
 manage_files_pattern(fapolicyd_t, fapolicyd_log_t, fapolicyd_log_t)
 logging_log_filetrans(fapolicyd_t, fapolicyd_log_t, file)
--- a/SOURCES/selinux.patch
+++ b/SOURCES/selinux.patch
@ -1,13 +0,0 @@
 diff -up ./fapolicyd-selinux-0.6/fapolicyd.te.fix ./fapolicyd-selinux-0.6/fapolicyd.te
 --- ./fapolicyd-selinux-0.6/fapolicyd.te.fix	2023-06-15 17:11:47.964646794 +0200
 +++ ./fapolicyd-selinux-0.6/fapolicyd.te	2023-06-15 17:13:10.426477653 +0200
@@ -50,6 +50,9 @@ ifdef(`watch_mount_dirs_pattern',`
 ifdef(`fs_watch_all_fs',`
     fs_watch_all_fs(fapolicyd_t)
 +')
 +
 +ifdef(`files_watch_sb_all_mountpoints',`
     files_watch_sb_all_mountpoints(fapolicyd_t)
 ')
--- a/SPECS/fapolicyd.spec
+++ b/SPECS/fapolicyd.spec
@ -1,450 +0,0 @@
 %global selinuxtype targeted
 %global moduletype contrib
 %define semodule_version 0.6
 Summary: Application Whitelisting Daemon
 Name: fapolicyd
 Version: 1.3.2
 Release: 1%{?dist}
 License: GPLv3+
 URL: http://people.redhat.com/sgrubb/fapolicyd
 Source0: https://people.redhat.com/sgrubb/fapolicyd/%{name}-%{version}.tar.gz
 Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/releases/download/v%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz
 BuildRequires: gcc
 BuildRequires: kernel-headers
 BuildRequires: autoconf automake make gcc libtool
 BuildRequires: systemd-devel openssl-devel rpm-devel file-devel file
 BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel
 BuildRequires: python3-devel
 BuildRequires: python2-devel
 BuildRequires: uthash-devel
 Requires: rpm-plugin-fapolicyd >= 4.14.3-12
 Recommends: %{name}-selinux
 Requires(pre): shadow-utils
 Requires(post): systemd-units
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 # we are making the dnf-plugin completelly dummy because of
 # https://bugzilla.redhat.com/show_bug.cgi?id=1929163
 # we require the rpm-plugin from now on and the dnf-plugin still needs to be part of
 # the fapolicyd package because it provides safe upgrade path
 Patch1: fapolicyd-dnf-plugin.patch
 Patch2: selinux.patch
 Patch3: fapolicyd-selinux-links.patch
 Patch4: fapolicyd-leaks.patch
 Patch5: fapolicyd-librpm-workaround.patch
 %description
 Fapolicyd (File Access Policy Daemon) implements application whitelisting
 to decide file access rights. Applications that are known via a reputation
 source are allowed access while unknown applications are not. The daemon
 makes use of the kernel's fanotify interface to determine file access rights.
 %package        selinux
 Summary:        Fapolicyd selinux
 Group:          Applications/System
 Requires:       %{name} = %{version}-%{release}
 BuildRequires:  selinux-policy
 BuildRequires:  selinux-policy-devel
 BuildArch: noarch
 %{?selinux_requires}
 %description    selinux
 The %{name}-selinux package contains selinux policy for the %{name} daemon.
 %prep
 %setup -q
 # selinux
 %setup -q -D -T -a 1
 %patch -P 1 -p1 -b .dnf-plugin
 %patch -P 2 -p1 -b .selinux
 %patch -P 3 -p1 -b .selinux-links
 %patch -P 4 -p1 -b .leaks
 %patch -P 5 -p1 -b .librpm-workaround
 # generate rules for python
 sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules
 sed -i "s|%python3_path%|`readlink -f %{__python3}`|g" rules.d/*.rules
 interpret=`readelf -e /usr/bin/bash \
                   | grep Requesting \
                   | sed 's/.$//' \
                   | rev | cut -d" " -f1 \
                   | rev`
 sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules
 %build
 cp INSTALL INSTALL.tmp
 ./autogen.sh
 %configure \
    --with-audit \
    --with-rpm \
    --disable-shared
 %make_build
 # selinux
 pushd %{name}-selinux-%{semodule_version}
 make
 popd
 %check
 make check
 # Selinux
 %pre selinux
 %selinux_relabel_pre -s %{selinuxtype}
 %install
 %make_install
 mkdir -p %{buildroot}/%{python3_sitelib}/dnf-plugins/
 install -p -m 644 dnf/%{name}-dnf-plugin.py %{buildroot}/%{python3_sitelib}/dnf-plugins/
 install -p -m 644 -D init/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{name}.conf
 mkdir -p %{buildroot}/%{_localstatedir}/lib/%{name}
 mkdir -p %{buildroot}/run/%{name}
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}/trust.d
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}/rules.d
 # get list of file names between known-libs and restrictive from sample-rules/README-rules
 cat %{buildroot}/%{_datadir}/%{name}/sample-rules/README-rules \
  | grep -A 100 'known-libs' \
  | grep -B 100 'restrictive' \
  | grep '^[0-9]' > %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
 chmod 644 %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
 # selinux
 install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 install -m 0644 %{name}-selinux-%{semodule_version}/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
 install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
 #cleanup
 find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete
 %define manage_default_rules   default_changed=0 \
  # check changed fapolicyd.rules \
  if [ -e %{_sysconfdir}/%{name}/%{name}.rules ]; then \
    diff %{_sysconfdir}/%{name}/%{name}.rules %{_datadir}/%{name}/%{name}.rules.known-libs >/dev/null 2>&1 || { \
      default_changed=1; \
      #echo "change detected in fapolicyd.rules"; \
      } \
  fi \
  if [ -e %{_sysconfdir}/%{name}/rules.d ]; then \
    default_ruleset='' \
    # get listing of default rule files in known-libs \
    [ -e %{_datadir}/%{name}/default-ruleset.known-libs ] && default_ruleset=`cat %{_datadir}/%{name}/default-ruleset.known-libs` \
    # check for removed or added files \
    default_count=`echo "$default_ruleset" | wc -l` \
    current_count=`ls -1 %{_sysconfdir}/%{name}/rules.d/*.rules | wc -l` \
    [ $default_count -eq $current_count ] || { \
      default_changed=1; \
      #echo "change detected in number of rule files d:$default_count vs c:$current_count"; \
      } \
    for file in %{_sysconfdir}/%{name}/rules.d/*.rules; do \
      if echo "$default_ruleset" | grep -q "`basename $file`"; then \
        # compare content of the rule files \
        diff $file %{_datadir}/%{name}/sample-rules/`basename $file` >/dev/null 2>&1 || { \
          default_changed=1; \
          #echo "change detected in `basename $file`"; \
          } \
      else \
        # added file detected \
        default_changed=1 \
        #echo "change detected in added rules file `basename $file`"; \
      fi \
    done \
  fi \
  # remove files if no change against default rules detected \
  [ $default_changed -eq 0 ] && rm -rf %{_sysconfdir}/%{name}/%{name}.rules %{_sysconfdir}/%{name}/rules.d/* || : \
 %pre
 getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -c "Application Whitelisting Daemon" %{name}
 if [ $1 -eq 2 ]; then
 # detect changed default rules in case of upgrade
 %manage_default_rules
 fi
 %post
 # if no pre-existing rule file
 if [ ! -e %{_sysconfdir}/%{name}/%{name}.rules ] ; then
 files=`ls %{_sysconfdir}/%{name}/rules.d/ 2>/dev/null | wc -w`
 # Only if no pre-existing component rules
 if [ "$files" -eq 0 ] ; then
  ## Install the known libs policy
  for rulesfile in `cat %{_datadir}/%{name}/default-ruleset.known-libs`; do
    cp %{_datadir}/%{name}/sample-rules/$rulesfile  %{_sysconfdir}/%{name}/rules.d/
  done
  chgrp %{name} %{_sysconfdir}/%{name}/rules.d/*
  if [ -x /usr/sbin/restorecon ] ; then
   # restore correct label
   /usr/sbin/restorecon -F %{_sysconfdir}/%{name}/rules.d/*
  fi
  fagenrules >/dev/null
 fi
 fi
 %systemd_post %{name}.service
 %preun
 %systemd_preun %{name}.service
 if [ $1 -eq 0 ]; then
 # detect changed default rules in case of uninstall
 %manage_default_rules
 else
  [ -e %{_sysconfdir}/%{name}/%{name}.rules ] && rm -rf %{_sysconfdir}/%{name}/rules.d/* || :
 fi
 %postun
 %systemd_postun_with_restart %{name}.service
 %files
 %doc README.md
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %attr(755,root,%{name}) %dir %{_datadir}/%{name}
 %attr(755,root,%{name}) %dir %{_datadir}/%{name}/sample-rules
 %attr(644,root,%{name}) %{_datadir}/%{name}/default-ruleset.known-libs
 %attr(644,root,%{name}) %{_datadir}/%{name}/sample-rules/*
 %attr(644,root,%{name}) %{_datadir}/%{name}/fapolicyd-magic.mgc
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/trust.d
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/rules.d
 %attr(644,root,root) %{_sysconfdir}/bash_completion.d/*
 %ghost %verify(not md5 size mtime) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/rules.d/*
 %ghost %verify(not md5 size mtime) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.rules
 %ghost %verify(not md5 size mtime) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/compiled.rules
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}-filter.conf
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.trust
 %attr(644,root,root) %{_unitdir}/%{name}.service
 %attr(644,root,root) %{_tmpfilesdir}/%{name}.conf
 %attr(755,root,root) %{_sbindir}/%{name}
 %attr(755,root,root) %{_sbindir}/%{name}-cli
 %attr(755,root,root) %{_sbindir}/fagenrules
 %attr(644,root,root) %{_mandir}/man8/*
 %attr(644,root,root) %{_mandir}/man5/*
 %ghost %attr(440,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/log/%{name}-access.log
 %attr(770,root,%{name}) %dir %{_localstatedir}/lib/%{name}
 %attr(770,root,%{name}) %dir /run/%{name}
 %ghost %attr(660,root,%{name}) /run/%{name}/%{name}.fifo
 %ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/data.mdb
 %ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/lock.mdb
 %{python3_sitelib}/dnf-plugins/%{name}-dnf-plugin.py
 %{python3_sitelib}/dnf-plugins/__pycache__/%{name}-dnf-plugin.*.pyc
 # selinux
 %files selinux
 %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
 %{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
 %post selinux
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %selinux_relabel_post -s %{selinuxtype}
 %postun selinux
 if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} %{name}
 fi
 %posttrans selinux
 %selinux_relabel_post -s %{selinuxtype}
 %changelog
 * Wed Jul 19 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.2-1
 RHEL 8.9.0 ERRATUM
 - Rebase fapolicyd to the latest stable version
 Resolves: RHEL-519
 - RFE: send rule number to fanotify so it gets audited
 Resolves: RHEL-628
 - Default q_size doesn't match manpage's one
 Resolves: RHEL-629
 - fapolicyd can leak FDs and never answer request, causing target process to hang forever
 Resolves: RHEL-632
 - fapolicyd needs to make sure the FD limit is never reached
 Resolves: RHEL-631
 - fapolicyd still allows execution of a program after "untrusting" it
 Resolves: RHEL-630
 - Fix broken backwards compatibility backend numbers
 Resolves: RHEL-731
 - fapolicyd can create RPM DB files /var/lib/rpm/__db.xxx with bad ownership causing AVCs to occur
 Resolves: RHEL-829
 - SELinux prevents the fapolicyd from reading symlink (cert_t)
 Resolves: RHEL-820
 * Mon Jan 30 2023 Radovan Sroka <rsroka@redhat.com> - 1.1.3-12
 RHEL 8.8.0 ERRATUM
 - statically linked app can execute untrusted app
 Resolves: rhbz#2088349
 - Starting manually fapolicyd while the service is already running breaks the system
 Resolves: rhbz#2103352
 - Cannot execute /usr/libexec/grepconf.sh when falcon-sensor is enabled
 Resolves: rhbz#2087040
 - fapolicyd: Introduce filtering of rpmdb
 Resolves: rhbz#2165645
 * Fri Aug 05 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-8
 RHEL 8.7.0 ERRATUM
 - rebase fapolicyd to the latest stable vesion
 Resolves: rhbz#2100087
 - fapolicyd does not correctly handle SIGHUP
 Resolves: rhbz#2070639
 - fapolicyd often breaks package updates
 Resolves: rhbz#2111243
 - drop libgcrypt in favour of openssl
 Resolves: rhbz#2111935
 - fapolicyd.rules doesn't advertise that using a username/groupname instead of uid/gid also works
 Resolves: rhbz#2103914
 - fapolicyd gets way too easily killed by OOM killer
 Resolves: rhbz#2100089
 - compiled.rules file ownership and mode
 Resolves: rhbz#2066653
 - Faulty handling of static applications
 Resolves: rhbz#2084497
 - Introduce ppid rule attribute
 Resolves: rhbz#2102563
 - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path [rhel-8.7.0]
 Resolves: rhbz#2069121
 - Fapolicyd denies access to /usr/lib64/ld-2.28.so [rhel-8.7.0]
 Resolves: rhbz#2068105
 * Wed Feb 16 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-1
 RHEL 8.6.0 ERRATUM
 - rebase to 1.1
 Resolves: rhbz#1939379
 - introduce rules.d feature
 Resolves: rhbz#2054741
 - remove pretrans scriptlet
 Resolves: rhbz#2051485
 * Mon Dec 13 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.4-2
 RHEL 8.6.0 ERRATUM
 - rebase to 1.0.4
 - added rpm_sha256_only option
 - added trust.d directory
 - allow file names with whitespace in trust files
 - use full paths in trust files
 Resolves: rhbz#1939379
 - fix libc.so getting identified as application/x-executable
 Resolves: rhbz#1989272
 - fix fapolicyd-dnf-plugin reporting as '<invalid>'
 Resolves: rhbz#1997414
 - fix selinux DSP module definition in spec file
 Resolves: rhbz#2014445
 * Thu Aug 19 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-7
 - fapolicyd abnormally exits by executing sosreport
 - fixed multiple problems with unlink()
 - fapolicyd breaks system upgrade, leaving system in dead state - complete fix
 Resolves: rhbz#1943251
 * Tue Feb 16 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-3
 RHEL 8.4.0 ERRATUM
 - rebase to 1.0.2
 - strong dependency on rpm/rpm-plugin-fapolicyd
 - installed dnf-plugin is dummy and we are not using it anymore
 - enabled integrity setting
 Resolves: rhbz#1887451
 - added make check
 - Adding DISA STIG during OS installation causes 'ipa-server-install' to fail
 - fixed java detection
 Resolves: rhbz#1895435
 - dnf update fails when fapolicyd is enabled
 Resolves: rhbz#1876975
 - fapolicyd breaks system upgrade, leaving system in dead state - complete fix
 Resolves: rhbz#1896875
 * Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-3
 RHEL 8.3 ERRATUM
 - fixed manpage fapolicyd-conf
 Resolves: rhbz#1817413
 * Mon May 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-2
 RHEL 8.3 ERRATUM
 - rebase to v1.0
 - installed multiple policies to /usr/share/fapolicyd
  - known-libs (default)
  - restrictive
 - installed fapolicyd.trust file
 - enhanced fapolicyd-cli
 Resolves: rhbz#1817413
 - introduced fapolicyd-selinux that provides SELinux policy module
 Resolves: rhbz#1714529
 * Tue Mar 03 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-4
 RHEL 8.2 ERRATUM
 - fixed possible heap buffer overflow in elf parser
 Resolves: rhbz#1807912
 * Tue Feb 11 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.1-3
 RHEL 8.2 ERRATUM
 - fixed build time python interpreter detection (spec)
 - added python2-devel as a BuildRequires (spec)
 - allow running bash scripts in home directories
 Resolves: rhbz#1801872
 * Wed Nov 20 2019 Radovan Sroka <rsroka@redhat.com> - 0.9.1-2
 RHEL 8.2 ERRATUM
 - rebase to v0.9.1
 - updated default configuration with new syntax
 - removed daemon mounts configuration
 Resolves: rhbz#1759895
 - default fapolicyd policy prevents Ansible from running
 - added ansible rule to default ruleset
 Resolves: rhbz#1746464
 - suspicious logs on service start
 Resolves: rhbz#1747494
 - fapolicyd blocks dracut from generating initramfs
 - added dracut rule to default configuration
 Resolves: rhbz#1757736
 - fapolicyd fails to identify perl interpreter
 Resolves: rhbz#1765039
 * Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-3
 - added missing manpage for fapolicyd-cli
 Resolves: rhbz#1708015
 * Mon Jul 22 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-2
 - Convert hashes to lowercase like sha256sum outputs
 - Stop littering STDOUT output for dnf plugin in fapolicyd
 Resolves: rhbz#1721496
 * Tue Jun 18 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-1
 - new upstream release
 Resolves: rhbz#1673323
 * Mon May 06 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.9-1
 - New upstream release
 - imported from fedora30
  resolves: rhbz#1673323
 * Wed Mar 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-2
 - backport some patches to resolve dac_override for fapolicyd
 * Mon Mar 11 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-1
 - New upstream release
 - Added new DNF plugin that can update the trust database when rpms are installed
 - Added support for FAN_OPEN_EXEC_PERM
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Oct 03 2018 Steve Grubb <sgrubb@redhat.com> 0.8.7-1
 - New upstream bugfix release
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Thu Jun 07 2018 Steve Grubb <sgrubb@redhat.com> 0.8.6-1
 - New upstream feature release
 * Fri May 18 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-2
 - Add dist tag (#1579362)
 * Fri Feb 16 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-1
 - New release
--- a/bachradsusi.gpg
+++ b/bachradsusi.gpg
@ -0,0 +1,438 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno
 qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A
 vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3
 K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU
 lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw
 CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K
 AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et
 3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi
 kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX
 TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW
 Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB
 tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6JAjgEEwECACIF
 Ak97JQcCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGOorUuYLENzy1MP
 /2c4fH8eXWbqoot/vLE+hJ14k0leYOQhVSo4lNlxRlbKNd5MQSX/QjkQgJNECbB3
 LM0KxE/zwVOZ+umvmxLxNskOxjubE6NzoF7Sm9ydoqjwzenIpR9BVtg71mfjBOoL
 PNrst7tHRE5btSnnnOS9ddt/y9JOIvQpkjtBTI2TfVcp2b4Domg7i4qU/hJ7hu45
 5oAi6rPPkr0pcGiDKTqi46l7+9orsj9Mxs1XTmrTMMB/eV6PCU7Fo4WJNXS8SXd3
 sEVxXvpyYjUTTnDuewjT1q8NL7anrsckS16WYSVGKzRhqtP1Vudt1F/D5cWKVqQp
 vQl/XW/uQS2IsgEWsbRmIAEZIUOy4TnuF494C/A+1BbJBdUr4Nl9zPH2bjrJeqYk
 TsvGQr1icgO4pUg5oC456htkqCxCuPRqqrGDAZBx54TldgPwvCo31+aPQJlOlWvI
 uWD/depp0De3oTK9FDnHh3swE0vyn4Ht96+vM+KNnDYgJ1FEaw1efYePFACobvEB
 o2ZpLbnDyqAT4MzfHpHSbwzUOk52ZOnkl/KrUIOxhXtf4dxRS6J70Rzb+HWS3rY/
 LgaMO5Q0BJfbvknguKmE8dO8jx0pTlVER9ujqp+bVPXmFMha1j8vyGhJ3eLJZaRL
 k3jgfRjiUUb4lNp+hXpvBwIYeFWl5kFVKg2aPywgnnFWiEYEExECAAYFAlBq4WgA
 CgkQ4J/vJdlkhKxmjQCfevlawFaGTx58nDFN+4j/2U6uaGcAn2g1sZcTUrEEYHdL
 byAyw1GNLksOiF4EEBEIAAYFAk99mCMACgkQ/2iSBAM3HxDivAD+Lu8U54iGgL5+
 h9KpeV+ZlHgIpj4cD+BVL85L6AQ3GP0A/1TwZ1tS6Ag3ut2G6AL2wewR3v9Mgu68
 E0M5esz5of4oiQEcBBMBAgAGBQJPh9ZuAAoJEBliWhMliBCHMSUH/30V/E930OTT
 oWeq+QKkTJuMF0lrA5NaAy+xWtrynMKoiAuM0KFNGPfrPehkoxR4D+MKXH+xh0j2
 bHl6fXOHJCKZLhCtsC/o8j7kkjIJjixBlwYMul21rxecke7Zt4XpxHARJx4208Lk
 ztpzOd7ZnDP6KYav3itpxK8Eyj4g8N2omoTQ2Dcd+sCa0jgRkyskpPxdt0fK0D04
 XW7b1LZkxwzwrAGSpjAZVzpKBXANcSmUQDAaIhGvYSKoiwVe2eaE5lUmvAaJQaTr
 Ud/LCIwFofTLSaBRX8fEOe+UwvW36VtynPyETyROeTMp//Cm5e2CQVPoDv79soyi
 E/oUW9DFDhCJARwEEwECAAYFAk+Oe6EACgkQlGXZM5TcxIlIRwf/VjfbN3eVf648
 vXvDctsXfucl37i6Yue2COJiGYuZOrN7wYxVvH2to8P3V53YV9OqDpJl2NXUro1V
 iUjFHuIKp23VbtyBAYsrLeTMmHLjnXlaUPSr6JUDHUQhCF34BTk17e9y7tXlEshF
 YVyPlGum7JhyarHB2rRdjQk8kyTqmQ4yHjw/nP/HlvVxdgb+mTmudTPVBafOT1R9
 MJ/SN2x4bclT4cQ0hjNEy/TsFzVduQj8yNOMFG9r6p1Vb+u1wn3BTANIh55R9aDh
 3JFFIV/jBTkxukxR5iyGQiR53nl0e0qnQFxpfhFGclh0RktjrHZ3DBAzcuYXp540
 Vu9aq9QuPIkCHAQQAQIABgUCT4bdRgAKCRDCPZG7HYJE34FtEACfqPwWSItk1lNX
 E0HOM1YuHXFfMGURF1AotskJatwtjGy9oDUQkjfsPROnWjgH9s0xD2UmlTrjJfWi
 BdH0kTLiExVUOmvnM9VFMRhYxQZMwiHecm4FZ5IWUz4e05oGCkHFbMswXEoEG+qq
 btOfLNpX67yy/JM6We+8PiXV/c2vaErpH5S8YChb5wD9lEWNM2aPBOUmbzONM1/f
 EFd8AF6fUVYN7htuyG1n5zTv+oowmO2c0terJRGmMgVuLugIEnKKhaQ+H1K6bdZJ
 7mX4xxx5izEyYeYhi9DhBHSwCLhWR+Yilqkc5U0nrF+3Z+Cb9THHppi071OIQ7pX
 rGsQSpDzGRXCw0nKEBm0Li13re8cOoHMlPD0RHWZEIRZGSYX1YKBtVuv4kpSq8GN
 85lZSDKGRNtbJBS7Qj4vyOlOrBO1eyyd4lepQCe2Ri3gU97rek52tOM+fAIibz7V
 b4a0qbbphrz6PVMbDGiBxM92+YpdDyZGyL7wJ4g6DhRRcEUQahlZ1n7y+YQ60ETs
 zt7+kD08Zi2BoJpiMHsFfoas2pot7VePFxGutwvq0p+OHSVlwkLgOaORPHumLA8u
 J3BGlJTHsErUB2EEgdc/Tv1vsZzEI3Zi+hqw1gcbke21Ii8aDfshbeKW9hYJAhnW
 m8VdF3n80UX5Eg56iybrLCjEyiAEYYkCHAQQAQIABgUCT7yYRAAKCRBOBfZjp6Qb
 nnyTD/4gVbq8H5ka7fVdSAnX65/kFn5xkqGzbpCkjcqe/5uI2CvdYtjeQ4K6sm7I
 5RLoyu/EE/JPbCRHiucsEak42WAZSRte/Wn2yTQpIb0mQ0wXJvuM+Hx7DSx2R12P
 9rIZ4mGo/rEtdG7Y9Vog9M/XGx7w5IqSw2DF2yiYQJXsOzHjphfYB8JfoqjW/73k
 n4E2IRJtCuWhfiJZJ+GEGceSBIredH3o01ThtbAeh/gzPRF3FU1361zyA1sXtmGe
 qwnhNL1spHRlpub3cvAXQ8RSYrNdiFZB5zohNt+iL+qzVWaUJo+vYZal1Co5/roI
 HN5nJef8kp1ngaYKvf1hIVvsdQsilVQIXKFWMd47aU6W8gPr1W2+U4yw+q+OXari
 eo7gpH7/OvMSe/3wOhGVD8KJrMwAVnr3M4wo2CM6zlwxPGdltQI+IxDD8NTGTmNT
 rRARYRQaFQyqd1SrVt4sSkeoegrpOG4oWXya/v4SeXHD4vt8vvvX3A4szB73a355
 IfbyRXDER3EfFfW5c+BnR3bxhfATTE6T0AKz1Gq30Xm2ycTGYCAZ2yBKewaegTpx
 3O/E6APTXUnVWTIPQay8T4iVUiLFs7W1UFMY/RvmIvKKFIQWcm5O0L+27PJK+YSx
 Uoo1Ivt1pclTuetbRbN8VnR3K9Pp5uZ4KLz6ZkffmJg2sOSu74kCHAQSAQgABgUC
 WWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0nr47rA12X6dJ6+KIBE+XB
 QxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVdzvUa1m2yeNCFHOTjln6Q
 GjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaqZt38I2u0Pi+/qHDt0kLy
 RSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk2HUerg8VCAyQrxYtZtHc
 coyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROFm257MiH6gvG/V8CTrJfz
 lpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erxe+biBauFErYQPw3bg6xL
 1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZRHwRUPGRN07SbbEO1lDk5
 uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4V9d4uVDX3SsktOLMvtWg
 nL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zjq5eqotVq90HMBO9kqcjC
 YsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBprk5DSjD7F0/wnQPoq8PY
 HIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ8fvo6B91COe9jTF/H/i3
 A7NjR4kCHAQTAQgABgUCUQZ8hwAKCRDZsFd72T6Y/MoUD/9xxmXbPL2Zto6qECXs
 Q1GFuydiYlURxDsVUiuc1tSgEoDb8XcXl37l/IKX1QmcpvHMPzeT0g8sNwIXSnL6
 BNCnFcfrd0tEz8uBPxVnzMiGwaHP1kB6Vs6sNV31+CJcTz8BHHbOdXZnhHqXSb02
 SonqAYeWVSlE08Ejvq0HIWRn6NIGdGqv6icBExryJjS3ZChRFpvgAJwsVO5f6BKH
 oZnEn79uQR4XPHwuxRbm4hf6iYEbOhE7Hod6kTzS9vYIhyuTFTz5Kz/YxlMoZX/j
 TIYsX0nZ3r+Tshur8iUXJhKvvXVlGyrGO2HXfEuIpJqEx4/qM9jUNP0EE7aPzZ6f
 BP7Xq49Dx9lnZuSQ1jeXxEEpO+AND2xmnjCHr3EfgYZrrhCSxMQhvJh7wypkzu30
 D41BHPOPSotmM7WLceHWmYui0Wuq9X2hom5jq11XwACEtmNiP/odXjF0ovfK0d8l
 j/kivgrXAZdN/ONJapVSLkRMS71S6eln+urR9HfswEfM7IPt0cRwN1oNIhXmK14+
 XBWvvwvalfuxG2UfxD8K0JXMwARlpGlV8lXpuzDV8EcrvLipKpqiQWaJer64kaQb
 8qHEtT6+JNoGkymohrfeVagxKmPzDWR4v1a9lgZwY1FTRHNVPM0P8LWlN9q0CrYc
 poBwkhTMV1YJ1OBSrkM9IM2vsokCMwQTAQgAHRYhBGMZHOlBgwmGicq4237xN+yT
 Ww6vBQJjLRkzAAoJEH7xN+yTWw6vZSYP/36Bt4QhRtIh6HPWbHraFSl4omnuISu6
 lTHsqhik81nbIUiLZ5e/KN6ONSgD2jfMVQOLiPTQFOoxVZvOjaHmHvMuF7BCbr90
 Afh1qXW9txuPbVkhtC6hqIMn87b8UHEnt1l5MiafQnPHhoociqaqwfls/iu0nJGu
 Jf5eVMXpdeWRk+ckGkqP+tXp/0G933jibSdYqwG1Tsw9D98xnGV3a/+zIqRtJflp
 HPEjHPT6rVKAZxk7gkYSSsv6ONBwZHqwe9W1I+U4t6OPkGo5kNbMPBORB6/7B2Qo
 LHx3+KYZs1j6glI+F/8IX2+JSFs07saMnsDhE7w5FzmwWV2JcUt42RSf8DVub438
 jgA/Ht5yPROEJ87de78aD/t/gPq/Gm3bnUz1BW0jxBidjqg1qPOMYjC7n4dH8X0N
 cRfX6tWOdSXmDBbPg/vQi6CEIhsGVisKlnrgYi1wDZExU6UVMnBNvllUu9PXye+7
 51cIbrb+fwAWiwmu+AsL0qsjxZYo+9ozOLh9wLUhxOY5MZM82alN/mlUGzEiXN3R
 i7D3rDrNFHdI4LGGLbO2hjPYrG4hdNHS+6WbU6qYcpBEhrqBtnUjoVqIKP2boBLR
 ara7hHqVO120s8kgGtf/AoYpggD0H4qqUy4EFNjVdcL5T08w6ldQIYo7CEa1iHFt
 ML4bsPcJh8lciQIzBBIBCAAdFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAmMsvIwA
 CgkQVeRaWujKfIqNXA//fjCpyIPPd6RnJhagWH8XCp5NB4cCT+LqAIR5yZfz1QE8
 Qbzpoobz9ysgXZ5XjLp/lbVffGyg986j0wUtSW1+g3kJcYXBUKjSWoBwwmZgyZky
 95U+uklY8CdPjSeuzr2I5X/LogHNH1378d9aEmQXBfX1uW5g4Aqgnl0OOgkCVzgs
 FFOO2o1j6svrrDVG52/mwXhNRm0yYK/hFB8T3PO2IvMQGDGJLHl6N5Kl7P2jtkyF
 Isi4AEzJeop/2GJYXQ+VkUTSNRKQj8oOS5qe9/0RkF9uqeamoc81n2But8MZN2fv
 R7ug2EuG2LHp9/pwu5ekohXmY8EtMbVbU7TYKgduK0FMBaK36jXN4Bapakfxr1z5
 pwdDjN4QiqUefBQlG1CJ6fGrqbdAupzRRDqN974rs5HafnbxioYRYjoo4H0zC8XN
 UwgmA2wrwIIY/cyNCSnUuT8yVAnroPiFgmMoL8RM7C5pHQYh0u3fXPfvNBswjXmR
 pJ6mhTqG6SS4qIaPhqoZqA1iyA6+Ua3YLBDT5wqvuqNMnfLtLUvMuridmlj97cRc
 srQIr022NdpafDQVAiVhZO0CRyFd/++XT35iiDoiv20+LewC0VVza466AE1fkAme
 rKlurlET8U/+U0JB6IP77ErjMgCzotV8e1DJkp/M37nMeNzazAb//ovsdkNM6P6J
 AjMEEwEIAB0WIQRFaBEoRJtl+IDGF5c6hKlGtLpirgUCYy3RvAAKCRA6hKlGtLpi
 rvhHD/99Lvgf+CjbhwC87CoKX84MyAyBlYACCSuySQBnEsVigz8sCVyTYDx52h1h
 /SEj7XfTylAfIl1CjUedH4w3hk+7IN4scmhf5eeEMvQd8q+Q/hWQcXIUpwgKOcVD
 NbUgYcbakJAPtilK1CeQvDdBD+aYoMsJTsII/f7FJzwjPM1XGf5EoODUC8BtQf/W
 KAVoESwwAUwN6Y5XeYSwMqu1s7IHs3yNYLV8C6A7EQPVaVVlORqI+33rKyqAhK5X
 ErNvAREQPYJMfRnQlIW7alSORwdG0JBgVLgV+jvoFo4a1AQImHDDtKxs2X5BCVG1
 I687uYDBy5Assl/VxRMIUpx5+zWvXyDZX/6nlL7AMokTlyosgP4iiifBS+5KMhan
 phMgnDXYIJE10V46Bdw2tjd7wMKey6BcKgfbZSvU5z+SuVnQXCyl3/blRML54I5o
 EomXPg6lgVxSb6BBnaJXzx4JKgLer5uom1OGsLgPMqEHRoO3bucr2xFdtq1Zegw4
 9S3qDhQ3bn8pg9JlYwmAAhBd3Xy5cPv01mV6ompOQ38SlMCJzcAGASdMw5scaxUl
 7MloV2Nl32HIzPjK47bF7aVOFX7Tz+rEFLmJCchqmUSdxi42rJyHKVRqiAlNfZ9S
 9FeaEfU+vBxOHsLNqVO7ErvrTafT5fjphZqvUTqZGCUiJUjPnYkCMwQTAQgAHRYh
 BOJeJUyO5NMDVUv1r+xwGh2klMXrBQJjL1NOAAoJEOxwGh2klMXrYaIP/ifHM9eU
 UT6JD0m6Oa3P3T161NhOvNqr71LDSztClsWo3XX0+ZK3wpjoC6vKqgx0Cc8OL1S2
 GqwCaxb5JqWpsoqR3NW6bTqTTUGREj/e0JHDeBzv57OEUTe4ea7qzqjhCX6iyzHa
 qDP9fiAogMQ7uT2oCghDV5yo4JUrG5brw8GkMLEvRSs2BEv7xFAySRaGwNj+oziZ
 VzL7sBzp1bCr5cwNZVYxoo3VAv6FUcExp1TydxzPVB8/VvxOa4zrht+hFTn6mjUi
 NHBc7DYECgh4jlDR6TnAdvpg0FsujTXiN6A0obOUl9jGz2uFmdY+2ojlVtzqKXoP
 +PDz8o2zMrRoQYkni9VyIc536E4OFIhfO6CrThMjJjPNn22Tq+fzRYkWTrlJom9b
 nOldQ1BdUXQt2QNigdzqjhZTIgF5OEOTERh80dvwIbZ+7vN00BOsuncR5GUBQerU
 F6+SksVRAaOg2lyoDdxUQ+Z28RU8R/n7VjMV8ctFkQvHHLBqKkpET8LRh0C/jSNh
 gB8zLPc3Oa4wTf2xZWO58S18esbYMr74vRYrsACbmwxH5Tz+L6Br70Fmcz608+IQ
 ESKW3657gemZgFud3AGokzKG5AuWykSinydiZbK8MRGLsdfPUojaVIgXFqnWKtkH
 At9gkD8YbqGYzuVwBnljBNRdTUMk0ClgV6pjuQINBFom2R0BEAC9k1Ky6AIe9sPP
 xrgsrXRe0dyYcoHufzeU3jFssl3+S4cRuvYCzdZfRfdjfHa4n+CxTaOd7xkefwJg
 GpaR9KJbu8dqHm61GIiS5ZbMCRU8FAW6ohVeDqEwFrPAzZjtO41OTpeXCrPu5H5A
 Tg/kDnabzlD2H8JWAqr0DYRRhFtJUihXUey9zK03wSjUi5E1+YHUC/fOpbS+msNN
 945CeQNBN4Ljap9Q183Fkh0Wm4Q8C0OS1WN8a0XtqSALRCGAZ+EV6UrmQVP9PCC4
 /J0hoKQPv2bfpBAsrUGAO3Fnsw7804i2TY7O3JA8gGDYX6fwOVJMUXdD7FX7LM2P
 pESqAdPrjqmPqHT8cPfq27GYgqHv3N4hP9Rjt9wxmHYFbJT0YCHw2ZMiAO/VcvvN
 miGr590ZFiQEb1MJN1r+h5UDE1CtF6nTieirSXi9oMilHlo2NY5nAItv/T9PKk4X
 +kaH3UoicMxrkT34tACGwxi4VIRYWL+ZquxE+bwXqAvbGJ0p3XbyREURCaO96J/2
 w951EvZErpFRQu4zzClmoMiNbwkQ8QdesSaqjMirlHyFI8T9BZrXbPazdVNUwfyR
 LFil1q/kgXjXeJDoje73UiyGhqhlVOlEbunGzCwEBzrtQdPTDeFQr476/4pe0v4u
 gdNYkL/gY8Izodn47d1XH68AuRSrzwARAQABiQI2BBgBCgAgFiEE6FPBhIsBhc9C
 hk3zY6itS5gsQ3MFAlom2R0CGyAACgkQY6itS5gsQ3PQSA/8CZGTxQDbD2oLkGb6
 tyECIs5A1RsfwJ9aj0R/HuEO39ki8yM88fwi8F5AfzNcmYwp0rxyYDDYM0itObSv
 A9WBB8YFZ2PKT1YHrwTzWbne+spmQYDRdFt+0Kx0JLvgv7SYvQ1jNdCazixH1SAM
 9O+Tn5oFybVHjRavWsQYHp1CvXY5kOHOEDHhz37pGwFvyVyFdSYS5PWT0+0XU/g6
 Uq2HeFCurhUGuDXJ6WA6Ipvmu0vbi8GpyeiWCRoG76sqbBfQ7dd0oDMUHitewWGq
 LP1Kioke9hu5p9CbkjYwGZjJWZEV6WHxOmICfFcBRPeIJyO8Kfa/vVBfQZj9fhqs
 3sHSfAGIdKIB3tX0qKhMRdu/QoM14YQ1yK80JTUUOcrKLDt6QJinF1UQ/OcYQqGB
 CXaRk1OKGFuuij16QudnX56+aYbNPltf7cLs1O7aodQcRxmMSgxSE/2ckthPYBsX
 PWuDMYZCb3e6JMWsdnCI7iPpoPFAJmId7SWJebXZxntoX6YwZ7Tx58/QMLEqxMfE
 ExQTAFg8/owvxCG12KaharLr4GpLx0aU39QEJenG1LqGLwiQh9Vxsejw+MkebZJE
 6zhs7XBpenrd5c9OFOtb/Goxwal/6UXz7a62jZ7wDNpJw9xOfC3/eX/56+6dLVef
 RFj/LOIu9reM4boTiY2dmGj1QC25Ag0EWibSSgEQAMhQB2Q329FSozPk7V6dYBO+
 jDBMr1jHWvNMCR/2DkwXfDAKK3haSWSqr51/wua9skFRezQvc9PhgvOIJi1jsxRf
 xNoM82a2OpYJdj16FG5RVQ/ApojiywNvp1YPJbmq4DfXSuUA6q+OephsFLrx2cPY
 nyDQaI6mrqTBecET4cdQTZK0nKKUPj3U2bI96zTBIYK8Kr7GMKXm8R1eV8bktwHT
 HyDjI7hN5EjZViYqZYDQ3jt2vC1Aj6XpFw5K7Sv6f0l91zyjfcu6Llsfo8xtRhAl
 lub8EBuO6ljJ5uWqDgjqTOkDXcIAUkhUCg8ztweR15zgJQQ/On0XDcHLtyi7zuQd
 xNaKYKkD3oROTqce+YbNN3qnP4bV0qa0JLlTOrE/0/zmif7Q1zYOidcmMgGeF6Gp
 pGQkkxY4gSKet8kD8h4AZXGlpFu4e9sue1ENDRmgWaqSzIWudMRZ3z0/s9EGNNiW
 60nwJ1NBoySeQEmnwMzAHXneRM9pRGQ1S3/CKttq/0eWEH3Y/Td9xi4DNvTXcvgJ
 uUUwoclWP2PCPg3zE+EQ1q/Kt2oYrT8NcemM9EO8btNzJ/Y1wSDLFAFNikHwYjTM
 86jWoeGhSM3fD9HJjfqoB41gDKvNIVlhQavhe6df4+AoCo/mGosLYAPFaHHdkmqn
 eT0Y0BnTRIS9yLcO8CBVABEBAAGJBGwEGAEIACAWIQToU8GEiwGFz0KGTfNjqK1L
 mCxDcwUCWibSSgIbAgJACRBjqK1LmCxDc8F0IAQZAQgAHRYhBNalthyaVTQWgpLb
 Z74iCR4+9iJ1BQJaJtJKAAoJEL4iCR4+9iJ1D2AP/1VMC8KOmzPYyiFY+1xHu2rv
 siB0f80GH1jXwDSM/IKvsH1axCD0hMV5sSi52epCov37czSlR3MpQjo0xK32wJB9
 26AgbzJYZO48qulDUXUhPWJ9bxiyIcxI/3KEspY1RMoWv8AfYA/qSma1cSdT4IMo
 SGJzPh3RyrUpeFP5QT02oGa5TuSQPiJwy/b9u+RVOi1SSqzHMJdKzZehGays65Pd
 jC8Xtf4ipdYRBr6mIyUISOB+FBkY2MttFzNDUBdDrOepyjStQLZ1vUXnYKIiSRHX
 o3XTW/W8fh72o26zeDbQcALywQMZqnwtrZluzKHZxF07whKmXvw9pUHXX6hbJDvm
 GVMxnB/F6grPNi/V+Bv75sKOdImgnJBUp1Jz7288SPbNQwrqFKV2ZD3f0PFmolFj
 Cz/Oc+UUk+swfnsT3pV6LClTThsOH8WlKJYxZLneX75HuVx4CmT+qv6GlFQuixjc
 H0LtsbbSjAx7J2LRNVtfI+2DfMcIi8KJxe69MAKGqqxDyDPSWeFrs0MHmyD6/6m+
 GTovgUT5jOZbR6GVKelW054bmby0zQevWnRieANVeFoFsnwclJnqKIRzQiGod1p1
 b8HhSCw4nOeOQSifaOf3zcnFhYyByDMOtl3/AqGoLp/61u3Bk9h+BP4VPR3RUWzc
 ggjmxJM0MrLzjaSXSedjzuQQAIq9g35FGpnaB8d/EjufED1TVSOkvNK/qJ+dD4Xz
 f5RvnbprofMnzfEyy8jJ1Vqc3QZQU3IDQt/Un2ZywX0OboKGAIn/gyfwdkpnxJ0j
 JoxRBuMplNpfNBw+oe0nFuozO9idFozKM+SWoE051/jvGHp1FqEPLnAAGeSbWB0L
 RlAsnMjc5u6+SKHeFGRKYg7U0sO7ZKbVIT4ZmRnsQLDakHwbAgfcIakh9Whj0Ou5
 r78Cs+DcM3XAdtZ04d81jV5TsveR8/Cn473c6dvPIfnA2P4uClTCaCDv+jXG2f9a
 FIuJhYCO+TdYs7qjAsXWngJUebRFiHbfSuYDw92/eqLdKD1Hoff4MnW5YOtDpp6E
 sdCDuINeRtUtnidw2vIPezX+xdmycXIq9Fb+GvKrIDsKu0VO8HObVviLa/RE11ds
 EHYlrarj4mqzS2MhvmU79Bazg9rDDB4WVs502n3uJaf6Sod/+ke1c3ff7AUPox2n
 pjH/bVmkZJsOq5EqcvlH3m2FZUHSFWS/yTR1rPuJoHBMHVc4OPlTuSqT3qmKL2vb
 vD1l3D4zHZs1paRLddYXiaex4qPU/0YpP61XU070MmFGYE8Z43TbMPHu/6LYBpw9
 p5Vj3VZwn2edNl4LGx+05hIABzM23I7JoQ44uPoTbohmYXF/DUGJ6h2LYdp81AVC
 lSFWuQINBE97JQcBEACpbBqvDl8J65jEhPjOWczcDVB+WfG7GBHB7T6RxSNFIahy
 mDqzx73zZD6n4NnZogPDPopYdRJ56u5AfF0bDZlgebl8+VEgPHGoay74Gf6k0B+c
 pEkp5PaWQHHEqXINotVg29hTsf1u0sb+yjgcc+9WHw3MtpChsgk8Rc5N8Xvr1FJc
 L+xynSvUCcLIwfgvLHYPPBYGIRpvz4ek/zgHvaGftDfnyMwrMbgi8kadrSb7PQgc
 eWeTL7CQN1B88TPJFqKt/QxMdXaPy+Cr3P4XVy5V3/QEVFUizrtCCqJgxHMAeCP5
 QxwYEWmA2zxUzGA/t/QUDFbccKt2BdpdKBFtHLliE+yn9FHw98JayjhAJxxeCkrp
 MED9N2aGHI1q44sbmeLKQ8EuIbCamfq7fqLXgkEy8jgivv2J9YfXejjjEobGLkss
 Jlxaq9JeQgFEVl6f0jJ0PgkYPd11RxTcVLy4RB417cxc9LHcoKdAtcgBTcZXPPYO
 L+eM9S7rTvFTna9IdF4bbnJFNjHDMhb/9XomxxBsekpTUXEm2DGoTpO2W/jwWcZY
 LVrdhikkkF8b88EdWk94fUTcFA90I+Ch0YbS8XGM/WIklrMGa0JpA4OQW5oMhKDn
 gqAcV7gxRYt6ylBPVh94/AIMz++wmfqBxETFP8HMgTVEApLBLjwru9B/4lRStwAR
 AQABiQIfBBgBAgAJBQJPeyUHAhsMAAoJEGOorUuYLENzegsQAL6NuhGuzQf2GELc
 O5J8/BW2yF9sxHWDLrw0Pntq8D35kgGfZLB52tN3DI4NwL0vE931bXC7ovi4kHPS
 sazv+WPUckYfJ7qskWVD1yDtHsADduwudJpAflfZ4VIvMJqJ7FUw5Fy9ennw/Idp
 H7LC+ubn6XT6Kh9oKvVmp+BQEOsdisjVw848Thik+gS08WvAjK9m+g7++FFwKy08
 5iXuuqZpvi94eU1QPvzxzzRZz6M4gQaz+pCq/5yf6I+Hu8G+5nq2foFN+G7FRkx7
 KJmJ3SAEsG3M23V9MKWON49ZbhTe5xW+1at/TKKoNGzNIYs07jApR2/E4J57yMWj
 zsAqg77hTDRiV0jhHl0DJw3RHFi3z+SrK+6ie6mrq8WEPj62q9qdM8dFs+y5X3UT
 x0nxly7GjOxxhi+Nt83PAG2wVFpqmhVLuyPnruvxzyrVFc8Dvx46DiKCzt4PPK/Y
 +jnVIQ7Jr2Jm2ZCpzZZT5QNJuDp46mKHlNBkvSy3q3+pM6cM8vKSuCFd9+dw3dX/
 GptLebMrPOvLVDl4Bm9hSmG7rLpJy8U8Ns8pYSS1zaxHM8KqMaPuS/Zlx1SRIj/E
 afefnHd5fIlmsH9C2O5fb18SFjmD14FCLcVTG7bwh3ZfbGo9sOJSShPxppPW2OoT
 jwfANmj1cSg/VFr1d4HAEc83jFgumQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa
 /Fvc4T49tqxcc/sY4uVlGo6oSi4fQcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6L
 yYFmX2U9VRTcyITdmJs8itkEaDwq8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1Gx
 uV44Ihlh6v2YyqSzDG/rZur771hke8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYq
 OeQhxGIxDOHo7QhzTG+SlX+uQq6mzACKygVJJl33toaUwVAX5R02a0u67A5wC0wh
 AoLSHInc3P7ayivWV/iESAz+gMIkuvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQSc
 qA8F0x4OChCixbZGZn6Mr0u8+01VCEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20L
 GHSbjJLcnqLLFx3LDpI5dAxo5K2kFvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpU
 maPnMTiD5yvnFzEihM5L9DuaWqSK3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMt
 aKWf0HkAsCP0BLJcS9Oc1/0I0+gC4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+
 gi34CxWMl2Q34OSqtS37mzzBu+UZxffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoy
 eG4J2ox9JRANZXLh/i7mNwARAQABtCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNo
 QHJlZGhhdC5jb20+iQJXBBMBCABBFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZ
 jyYCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUX
 nPGeAA//ScQ3kJMqI6FRULXo0aF7CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXR
 BSjstWkmOXP/UqkN7bNeXH/S3D3GCJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kW
 vuBuLvUdm23cntv49gAzj+ElDqCxtT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK
 9Dt8tHriQyI410qFRMbi3QxU+iTJ79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4
 knt9E6zhegUWN6zErl2HY8FBM2P9eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1R
 UUl1V9WFEaMiLg/Z2rmbD8LX9YtfYlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsq
 I/2XS3BTLPyjuqAYnXxrk+T/Cydcg4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46V
 SDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCk
 Dczs1rxd/o8Wfjo1vwRHW84jZrCP3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwl
 V103RpRUK4JidwHsmYDVk6pgeUH69hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7
 hBj2l+pV/uzeA0akL2dkgfJc9pAf6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPJgEQ
 AMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0P1/I7SfcJU9D3wX8c4vm
 xkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9XQEuU9OtJsZn1ZJ+Ynh6i
 5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64G2u8Xtxr5yqlQJEUThV6
 280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3QhlWhHVjJlJ5hCLiktwF
 DyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJMoADqBThf4B69BxjJ7Yg
 7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO17w1qScrOPRj6G1IXP1R
 5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvCJvPctDE6EV2vaiRy5N1f
 QjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQlDdeHRRd1q03TKAg/byP
 auAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XTxMOjB34SzqPRWzmLPLF6
 YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd7w+/qUYbfKwO9eJOWzuU
 WajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQpABEBAAGJAjwEGAEIACYW
 IQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJA8JnAAAKCRC8OQXyNRec
 8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB56Cu7ElIpr74sk0R98Ia
 1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKThz33waTru9IfLhCrRSNd0
 ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzYeikqVUYzS143cSzMEwtv
 PSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3q5OlpYxxw+X62vslZ2OM
 iKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKhC/BcWpEYSjfPpVua2oKb
 ccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDyBGOAxBeiOaOnZ8vLBzy7
 2HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62FG3I4zK985GtrXAHEzN/F
 fd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutYzVE8lF+uqcduPuq/rTcU
 BuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1xpPueDBTzvoGDQRqc2eoX
 pJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr6RFgWdD008PsGxUevIDg
 MAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBiTakEP7kCDQRjWY9xARAA
 rEkjlUH4hoSQAkVJCWWk+nF+daAP5IszrGEQH7TyOVwXbRZndSPFSUqKU2kEgHbM
 m+wFYoZe95h9tjDh2sLCs338pVu5Chhz3dNseTF7/rbckw2rCU+JbalEiwck7tKL
 qobvbh77jnrbQnkrZNc+nMeHHLrYyc5gHW6cSn4UlU42MKmTlSeOG4Ly9wXhgaKC
 heIXNX3U/D682Tffl7Gopcm7pPZF92dwY4nIpCxU2ATimkSyulbhzk2CjZ1JYUJ1
 LHctMHm9F0LEGtc1GxDShzVZP8dOWpDs9BBwZDLXxCzC4rvZ+z5BJCDFbuNTKZQ5
 JEoW2sM8yP1LLZGXz44hsab1aPrvB3vcdS5ETP6bqT5267ZiotdhUifU/pTV5ze4
 7wNuaZenQtGd9olyh2dAqOk2DQrcBQFA0gRp55b4U62hLTYXxT+7jEbSVAxeXDPR
 qPvqh/4kVn86llYjV6dAoASN1wWz423QH3u4ZK+S6g8HZ0HrY2+NBYgqthb6H/X6
 FiF5VcHWstkk967g4Xt0PgN/rlCtpXh4WK9sScX/CFdOURsHlb78ZN2LexaYaVBq
 QuqvfHaAPJaIElXqMheZ8aYrO6Df4yzJ+6eTs3s4PqM6EMir5waFonx5Gh50X4xL
 9p7IVqgNPhQsU8Z5U5hGYbmUH766GtENv4CI1upFA1cAEQEAAYkCPAQYAQgAJhYh
 BLhoKEd2TfYN9S2ZLLw5BfI1F5zxBQJjWY9xAhsgBQkDwmcAAAoJELw5BfI1F5zx
 4cMP+wbjKu2xCr63oyn+lo7NqMDLBYl4zHunYTZhG/egDakVWp5Ikj5/k3i+hVSY
 fUyUhqQ/b/H096ropB7GA6EzS44GS+hLMdQOJOmEbjvAP/9dJDX2FQnYZzaA2f/e
 Ikgaw283oOLnmYz0x7YAW/oxlnPn+7Sg7DGGqqn3nKofDUUrowfX0tQGwkGmJJqQ
 gOH/ZfU4t51UCKzF6hWRbberBI8ezp24vYngA2kGef1fCUC+EIFhoYcdHHCtC1Ti
 KmOUaeB9ZMiVXkP60fmCLKObwcKTyYpAFPqM05xgsMPFaXN+fQ7YVAGpCdthk53N
 5Go+QqehwLoJk77CHZxIWJIf43p3UiuH1FsuXF7OdExzIhUSiUum6MoCI8BpVwn9
 uSKfXKLOdGDR6IJI8jqdC9LYoXqxZtDhpcqD70hFWJwJzZg+U2SvxZyhOqwtKXtD
 TDtee3yGzPacSAJD7mFURc/DRi62UBMiFcqO1YW/5LgC4yjtzo7MTQPkaGbQLduH
 IlCKa8pHWPqaLFdMawwqNrTNHWXCD4XxijJYwdAue3NUG/utekNm82mqnbbWw/AX
 URIzefQsbyqiNYMztudJ9hAS8yCdkfb9SKVIvWYPQ77tHltOZF7K/NzOGeJaJr8l
 vqZCfXpWmOduTpWaD2kIvU2Kx7gB4jXdMa2ai9N+/Hdr3lLouQINBGNZj8YBEADg
 Y6HOawiThxQVI+0uvAAU9yisew1SSVO6mAsQtZM7s7BpLA3RGPj3UGojZIeejA+k
 fq7A+PVLBhz/kSBTtw9/s3o4rlqNzz7SLaix6XKWCpHOBs84n3/LF6u9KMMVk9vT
 sjKz8iDF9mBR2bmCfLvEk0HDiMyApv5SbOsZMB8k5PWyK8HYPyMI5umEaOsaC3tA
 eihO3nzAxEf3oZl53J1pIw+ecdrQLbWbH0aqKngfCddD8Q0oMr/Iwly3W49+5eqJ
 oelR9/dut/dg0a3Nn1wIGYRzC62CCsF5IZwKdyPh7nilEUFpA5Vlz+HfIFch2LfR
 F3Q/GZD8fKzKxhjDIdgyaWSTsMbityKxX2G/pcjshyMsZT7I3Hx7SwQfFro58s2D
 FsFLEZgBhJv+nW/HckeedaveXmXdHKjtsa8+rvGADti4wohOl+N5tbpYW3/zR3AY
 qlh47hG0ikUJ8Tusnu865j3Z5mE+KqS68ypRVBMRrdJl2lGPDCnXGhl2720VPNMC
 /jB2Mgm/L1mvQM1jPfdC3KgokDAH5NMzKvav6A71aLSUJli3UdkGHkX5d5urs3k3
 WmCt7XeTb30MBvNzBcSYTbw2UGIRE8G0CFc3wtiWWiQKPeFXYhn0+COCoW/EXpIC
 VaAuMPMgcsldM13bKGyGo3NngsNEdopNFfr0KKW5XwARAQABiQRyBBgBCAAmFiEE
 uGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj8YCGwIFCQPCZwACQAkQvDkF8jUXnPHB
 dCAEGQEIAB0WIQQb4sD/CJSWIxAv0lZGlYgcJUUI0QUCY1mPxgAKCRBGlYgcJUUI
 0ZkHD/9TlRvAaZETf+pv4/IceeL3KHwj5lrC/gojXxN0AjhAXljLSRCu0EyICxZy
 3158h4k0vwjdv8699yHEN97PdF84m81mqxOz+juKBRHFK/EwAAgOdSlzGnUYgNkm
 mCROFWtjeneNWaFdEnq9MItx1OascPeyxnWMjq7LLYMSESP4tgUV5KdlaVAXR6q/
 833u27/NodkDcNH2UK+IyT+Kt/uCOoIIL4ttxo/PvZTphzV8n6s0sJJE3/BrRxgv
 CTkVU6zosyJsyau8/vayQYGPuBuEQVs4Tr+vZ42izbkHgElcZv9oYjJsxaqZqqMz
 fWPte7m6Pl/pvtmlhPmpZ+ej7y8SRysBV+3aHNXaE1J3sIOmYxighlgZapSjHl/A
 9N/KXdoLAjIZtBAOQ2ZFyRz/c2+VUqJgwiwdxoaFaYn2eUM+HSTbZfdGXBS/yyZL
 YsM+L4M2aizQvDIRXzy8vG0vpHQEvPlXL0Gg0gyk0fox0OsAP5CfXmHC/AvYOHM8
 y81X2QqDf33Au1RIgog4cLqq2wpXEARWbAj0BAMIeJoCDCu9Mz2juK1ui2wr8AZ0
 42PCUgZK6CdUI18AsvApUhPsNunF7ZOc5mFMuaEGjjWJvrTG3qyrCY73ySBiGXWo
 92ZB7FXu2MzgujPBEigByqeF6IV2x0EBHw/VrcxXq6Slgmik6G0SD/48l5mGCxM0
 Wr91raB9zQlwDbtD3PCbjA6DtkMrRyAq+81g75N6uiztGPCVw9n1HoGOSjN1hAhe
 SgQQlcXbDLpzfdPFowDEHclFFfUODCIOuF+FgmxlAz5Exr9JkJdozBFqRZ4iF/tf
 E5sHB0rzeUcY3J6VjTsjULjE4GSg5trsOc8GHUnFn9wwwkf9nR/Mr1RYcX0GkTcy
 iUskw+AoRz6svOfAWIDJY450wgD0MHZK08IfUUsYTGecoXcvWf/hITtv/Af5MpQA
 wuGEDltVDeu9EAu65SZlMkkMuQD1h3KOQjUJ6nY4a4M2CQ51ggs/c+vsemxsuYlG
 vSuhrfXt6HGD3dhsOEeyEvIcjjpP1Ku5mqrPhqXFli1swfohhYGGVO+fM7G3l7wF
 kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
 5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
 IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
 1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
 TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfpkCDQRnKRF7ARAAo5H9/6cStbyjWFeb
 G6qDn6pT+4v1rlbRZo0rYwWkDmEAjOZMRC9SJipTCdQeNFlv6HEiiCvl3bmZIqrZ
 +zvLI6U1+2dH7k06xNqIFLTV0zbr+tUkOwspg5nr59KsuNP01WBS0ELzunO/zHj+
 BOEdPg1KvB0IQFtqAwaAfuny67YvTr9O7Yz07ZCfTxPtHf6FJ80FPeRa0LoZYnW4
 UmSGtm1f59VD9+qe4yhRtNanamXUKjf8BTw0rQwjoJhVT5Mg0Z6hW6fhFrD57Lgd
 8fBi5ZHHUlR4z1+nqGCUoHlHjc0JVyK8j8fofKafow/79ITaOqBzv+P3psY9ecBg
 7wGaOHrqzRzRxAfKYRO2IaFHRGnsEE8FnwSEL00uPVxpiiTavrLJFEjku9GmP3OY
 3rbwIPXbw1m9mZG1yAVbSEEf58WSWeoBp0O6qrwAdIbdgUX4BkQ8bX5MtUjXp5tm
 0StmjQiZ7O91cg0VuWtrfj/I4E3xtloNzhtG2QLI4s7iAL1orhClxEuZRO9alUCS
 cnRvhmw2Dh6sB6i56evcZdUFwxMXOByxfWr0fxX4QlR8jYqMPj7UMNj2PccTBOQX
 umIW2cdGEeni9vrE9cLfZRSNCwPWAXWtr1zQW54Jx5DjCGHobQk53Z7kE+MZVAje
 gOaT0u50cljBNfJootuln4+gbGMAEQEAAbQlUGV0ciBMYXV0cmJhY2ggPGxhdXRy
 YmFjaEByZWRoYXQuY29tPokCVwQTAQgAQRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+
 BQJnKRF7AhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEPtM
 aFtdwcE+doMQAI5mnNA8aH0dfeOZnz/NrMwY6H7jK/+lYatCx05e1TfK+zz9feRK
 sxgP3Pjj0p9igo3jIdPcN5/YnlmVEeplDmSiKOOdendviy+sA8sukMo07Q+m1pYW
 NzFtyiZd+c44mp9I1l7h6rktIY9XDedrlAkNog1VlUet9eNpmgXt2OmJNDmYftWc
 KIpyw/ZLaubjRcAmxwsn7I6dWnT66Ffg9H8trcRlWipVWP8imO0EIpwC8RbhuNgk
 xjt/cVf3CEpzokF4n0k3nqYmt90NNtGc0kG5QAlTvlUuHpNWzuzvdAPtMy3KEaXI
 fu3IEZeIKCxSgWXTm7zRKUn0F6jKAsLXhK/WOA1Aa7NdAUwMxrEndfNoqBrusaLD
 lpzWU7USv2YT+Pf3aQ7u1szg2J8V5eqRP+E8wwe54RNCgQrcDgUq5abyncsvull3
 GqJvzvZC7/Q3Th/g5Wc+dRaGBz0O9FBuRPQwjrnB932xW1fDf17cScpVKAvV/jwn
 tpWXf7nSv2M0o9fihnTBl4d2c2EBKtTdp5W0IpeRl5uLad3AYoouP6RoZ+/Id/Zg
 NeaQKH/ZlCxk5S9GLzYhm665ysOYRkh7NfoThRtvAqAeDcTKWGDG1nQok2KKOSyq
 S81PT2AlMz7A26R0vsH/9lQ1uZFIhIGbxZXlGERZwXd1s+lgfWTbB5K+iQIzBBAB
 CAAdFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmcpGAUACgkQvDkF8jUXnPFdGQ/+
 L7uA7EMB+Yh0urhZuOltZSNtge6b+UbLZTd8DRsf044e+Z0NJWdQ2saLBptGhIcn
 as4Qd0gS+QkWB7lMrJ31uux15ZBjFsGtyqK+VoH8JIPvV8Mr5XojqA+UYUpXP6ns
 ILrdkUvNzpeA51IxYuVMWcut8SUVYzjD11YG1P8LFzydsImaYe7se+RE85F3/2Po
 kZNe0d0Gh36uyfJSND80XrrxLpROgabQgHNG0drL/DHjdoa3F0V5EUoG7NBwUrmB
 RlWKYCLUFfW+8mQn6RVK8JIV9WaHrzi/KAZLonZb5dCjO0e+Ol16pyUofLA8SN7B
 aqjens8ho297GtE3darkXmj5p3p4YPur/D+oZCNIH+BYMsht46VtE3v6V10P8KA2
 6MgNo5qME1Q0kC1DUYi68cPeDgrQBMWa+nF+m9i2aGeAyi3qDhZu03JLhOYAhv45
 OVRawm9vFqyKiBRANVogTRr+ch4zywaapwfVLQ+xiwVLqlT5n/iIzWCQ0hA15eKZ
 gJV0kTXL4OWKBeJqSNnnLVm4AhZ2OpKHMsjE7BEopvCe9JZWFIrjtQ9TrriByOx0
 3anWkmm7b4lZ1HKDOI/Cxyz8BZvYizo7hSOdGjLrFBTD/Wk0swvpzB4NKh5I6N7k
 gppXMTaWp36+KmQx66JzaZjepGl1VMNFdgiP6Sw6pO+5Ag0EZykRewEQAK4EY+06
 GeuX4wLlUqAMWCnbFELuhBZGWFLEIvP6WJS1WOvee45RVcpVfYMp3AqymiNRahAl
 RMtSQ9YtXSdlBPkhtNcoV/hqjcNywMdbsy+Rs27pRk/DJVC0yVL4ABrSSlwhfNa4
 6X4ZvPr8GGDvjAUhK6NXQ7WrZJxYR9/U0nqRGtGuPBLhFey1H60n5axP8+2f9pFC
 NbDJ13HbrhVju+RUeE8Gq5WJI5dea5SfYnXFERsT/zO+pw7ZaaSDmWKR1a88P6Bk
 DD7e63ZIaAa849M/Dz+OgzNEgbyRjvgbO0OEIrS2x61lGoW7F9prEgzj97NIiBu6
 qpNCYJefkpfPENrk+wmOUthJfh6E7uphlliQams6dqXAc3Z+xBN9jFf74RpzVmIP
 K/MFNr0EcUMFgURpBtaTrk4dGMh++v5i4qKxxwJHf4RsGCDsgH9ZZDemKz5q8uFN
 TI1kbTnsKNt+d7L45U+3/mRm4l22g8eu+AvD6R4GfKjsyzEFCyGK7TmVYj0Y+EGR
 9+YbRQ1GahXqtrR/aLC09LSyxQTqYfKU8KusnoceEbBOigEZUNPybpzibwHl1VEV
 9crR5eT8MPHgs8xdpjQ7gRuPi12fvc83unpUsNIHSCxZqXoilGsz2+zpX2si3PxB
 tK/tTo6ZFRLijhHs250Y1agp4MyXYq91A2VTABEBAAGJAjwEGAEIACYWIQRo0hgj
 NCoTaDrrPk77TGhbXcHBPgUCZykRewIbDAUJA8JnAAAKCRD7TGhbXcHBPozGD/0Y
 fkktGwGq2vPZUI/Fscv+VnEqVt94dBnS0/6GyYvhI7Tf81v+72URlQeX8TUQox9B
 8d3Aru5b2+iSkPcvH70PbY8jt/yTwHtSlFzf6+YPIl+oyTz7DoiILSjrO51ntl8g
 KmIb8Q9W74xV6VFIJ4m8rH04MKFpIlzUDq660JYQIGtOUFugSfg7aLVU/0j4WKKE
 KfAfg93wYTKKd+JgRFy4FZPriem7HvlUSi2VKffdrrUF/PX35X74iKdPQoEADZi8
 KkMZULDtyQ6ZOu2hiDpArjo5hDadKM314Z65VnM11hjiEhmTF3IyGBllb0qBIk0L
 nBVHuMYmiqBNJEbaqHLqIju8/RvFlYV+AMISeA7B68knbJcao13ogtDpuJ4hpgCj
 j2B1n0NWMcju0gteu1sfsIaQbWHevH2vgl5LJDCNtUJN/NoWB2Uov27wEvsongwY
 3du40TnM+5ejwf4r8D3wX+JpVCAhfr3Oc0knw14nRqFPAe1E7DNURJ8xfEV9iPRA
 swo6qoh7IIxNETUG1rywRExNt6tHsojx0Wb0I0IB7CnWRK9F6oNRp0S4kVgp+Jeh
 a9NGXFK2hn8qBD/rpUPsj/OdkiBN+C7Ai07rCNez+IKdnUfXkOJqLCOyeUwC9WPl
 uFPB9RnnghYM4xhMWf8XvSLOOk/vgPxiqR5ANLObsbkCDQRnKRLhARAAuh+b2Oxj
 9q+RRZ+pkDVf/M6P01yDmDhwtYHzi/LW8PFHC6iQlzMReyv1R5n3uCEpAZ++mdUe
 Cgo2TmFnYdpmxEgdaMIW98uqe4fuHhoXU2Mh4eiN7jyJvXQCsijCDYzifoj03HY7
 nTVjw4+BSSu9kA3/vEqU9A5YjG01MmVSMaIaTrqZqsnypK6r2exJa7YVRYwRqpLY
 C5ksikDVK9ftdfhjnsnYGS4pYyfMNSHY1KBMpHjT7wEkM+KZ2WRpjTZZ7nP9u4Lf
 fJMKgcclRgf+13CeSaJfVIhjJlxGVLkloE8XJbOeh2vkK257e9BenEFgQnyLCpGJ
 8YNsnsJVhxU1aA62dT7jmnOVMBhnGoNhMyzzfvUw0REz2VbpZBkiwZRfZ9MWUBsy
 bneH8NwzZMQQLCc/yo/jnPrmDS+tgl4CXGzBtpxPUZSMuY4tHZZ2vBb0zcfhY7P1
 CrHuylXLFzkOO/XRP3w1F8I1UqJCjdTKjdjCDF/VWtedHee1iEsSHxPGH8fHp4Qp
 rBDDwZ4NnfilYNHMDWm6U1bzhX2ynqcGArQSd1Ny/oL7JzE1qoH/nNrwVvOSSNWF
 UTXFXeLy+SOXJdFJpGP+/wV+gYfyczoUP6vmCdK1Hs15WQvKzyP/nmLS5uLilfxV
 KrxZDI6SNrS4f/XkHcGnYByFKUhq5gVN0ZcAEQEAAYkEcgQYAQgAJhYhBGjSGCM0
 KhNoOus+TvtMaFtdwcE+BQJnKRLhAhsCBQkDwmcAAkAJEPtMaFtdwcE+wXQgBBkB
 CAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmcpEuEACgkQzcroySfGvjExiQ//
 TKQ2Ci+sqNSVIcwg/k0Go1i4cA7lhKNdYRBCaIThB9jMqNg2zgPzgELBcaVJL8xw
 0E2x2ZvBejM4X+eTrmkdufcxHR8B/zBF8oPlD2pgs/zZmZEO1gq4Cdab7yIoVNNr
 foCZShxOCPR2wIixcYZtt5f7Z3zSXqkjIec6sTOedT75ZXrpQbvINeUkvOJfMCOi
 ailauvDfv8k5iJUVbP+Dx1vOc88bvewVJcbLID4HIRr/PS+k1D10zGbnF71TnxGZ
 r7anMZCSFCHJ5WV+BSwHHKtxRy+bJ1x9ML45Jcr1anTXeaHIeSKNzFBigJQSgHv0
 euegkD3Rmw+IcxNb4l536selaNR0UAwx1DC1qpjBtnE9/pXdTEsZQxq9kMrj0d+f
 VKFjOKADVIpkx7o0dZ1jmbUmdjQVyGDgHE+Emgdd726/2ftWriW2uPeUC6YZiqbt
 vBnCnwF+aV6P1nrE0BWJchLyBjDCe5Y2oXBAYF6xwpDPfMPr4oscqzPV4TWVULBi
 brtRWgSxmvinIGFx9T9wQCVfX254dqBaAEhRMImoT/YP+6evRZKqQODRhI44OG7u
 V71IVAJ8BHEBN8hxvQM3WPs1fhwMBFCyGfr/x/U4/c78R9JhxkU9VwmMbLGQP7VP
 1QgfiHqZpHMk8ZUmQn6KLeurzWcnwPFkwgFPZED8OQOMXxAAio3DhWr5KDd3mICH
 ALNY0A2ipb/JH6LSHxu0S3MLa/bF6PbqRY1+fKMT/cFVxln99rNUrX+hDRbc7qbh
 KkxvGmcnXnkcTHah9bfUghEanlKkBr1g1ik3zgEnpO/x3+X39Ov+ge92MDawV0nq
 k9R/9tS+ZD/ph72Q9kx3ZfVNSL0eWxjuwBzFW0Zwh5TAX4raSmyQCmAXi05O3YmN
 iq4arSUg5oAOMRZ+d96DsrAS4Sdtlx6/CuKTBzEaGPQLQ9wJNB0Vmd/eQWTP99KY
 cAdIwj5BJ5P0Z7+xhsVjQOntn4otnP6vN6RuDtYrS6M7TCN/ZeKCvN/G0nRac4D+
 IJX3CYYtYXgaoDuoetUWtc7O5PzHRETaBt/46ob2lzf6cT5QyVujTfz+i0rGEc63
 pvXK8mV+K7BFY/DHpdEhl1pDw2YYLbBmUthQWdsL6/TVvpMe/wZadvJ/by3AeRzQ
 eusUucuSo9UNN7Yj8u3dRhxNgsSiU96A/SFlAoB5s3Onh5K4WEVCBu/INjdi+r2B
 LJePSnA3I7VkRE9Haf1D28jtBzm3Xbft2rs3lO18FcCqw6kd7Ih3e0tZ8uUG9UDv
 qTDHTUHLAWvwrq38gKKAu2RMaU06A5kR87RcQiizxOwBIwiHuUWMU4/Hyx6fXsOD
 hEs0O6AFDarNDZGee2amKTAyZpG5Ag0EZykTxQEQAOwGV1boBD3vDLsoAT62nGxb
 SqXiBsObxnpWbNifOzM9BUGPOIpHsSH32PZGG/+LNjNdECfyyP1RysH5OT7j92Q8
 vgRQoG3X985gbOjYyZc0xvAkTSvWxOiy5CuF3X8sJ3NSerQDXwjP9qVqLVj/3FB8
 nka1HFS7KzC3Zo/kzCoxeZ3/hV3PTWIjcoJvtBSCKPZyOJxnRqWfi5BNJo3S2SR1
 mxV967zawXiZ8MeeBl6rLhOfCBtz9g+bqrXZYoenuMn5Js2mcH0haYeMSV3UWIC4
 kinzr1EJxs+L1/hVCVBNiiDc6DXcFXoz9ZVc9kjpZTOMoZVDkRkyOeen+5Sya9wK
 4teLmDLME4+pgeHCS/Wa4KrYyEWe7NpG1VTkSJnRS+fyYGTWtwEiuwT6J9U0t1d5
 hbxhM7YAhlnOEnNVmqa3Bq3yqJs9G/7gicZ7CIJ9JBHKTJzOnKfpGhxBSOgOoCOa
 WW6uVCzDqfrYPmCUIKQmanB441xJFGuHVPMLBjVjswoMKGkK3gM6KMRCDYQ53u6s
 FK+Jcl8HobBSezVIUKpKVX3IW9d506cE0FhSW/NvWJv0FIMVloyC2BpOjSWVgEwX
 tk/m3SKPsgCAcCqzi7xlloR8+E9C2xci9cdGG5faghgSjaP6j0qDww/slRPQJc5A
 DIeukkOYTCiSiDwQtblJABEBAAGJAjMEGAEIACcWIQRo0hgjNCoTaDrrPk77TGhb
 XcHBPgUCZykTxQMbIAQFCQPCZwAAADcWD/4qJRLn7TcMtRMF43Yn+dX+O13YrxBC
 T4n1QVmiPsGrUca4Vg1J+trV6IMsGrhktpiaV0qeL/km0h02m4gEDZKDyWWXdeWh
 EXFaTVy9yCpSXUWJl5gSXTSwxrqBWyWLlLLk4UT9l9sk5mMdy0JA8unobV4M/eXQ
 ggR11DL3ji7aO0hsqxyxXkJcawWjVGW5KL1EaoDKIJ/CwxOI5ipFueMIRQjQvw9A
 o/w2fq11qVXY9zknk6pFkp/RDHLes+wVHDtebZfJ9xV7Mb1mf/k03dT56GaA/U3E
 XvJ2FdgWR+zf+YMEa9MPDHYo2UNEvk9mOk247M8s+OeexdlkPgyKW5A8mtYuY/dR
 j8W6C4pLcMWa+d/vIUpm5Guw0F5q0AWk9/FbBe9HLztEevvRnuHXmfTZeto/nCAi
 Yg4pCj6p3JoN5CLebR8YtWm9AJBbX1kgVvqSU2VgwYIFsxBEz8Wu2h7z/eSCSeIg
 ARFbTlJ6cBrRkXCVyhbv0LPWWUfAUqiEtdGxrA4Xx/jKrI02JjRdW/bZkXjSka8K
 +cDlpcr9ixBWW5LkWsOdiL8jExfTGw25FA7Wd1HiHnBv36Mu/zb+0/I63d+fLq93
 e3lmmVx9qQF8p5Okf4ojY9YoIHVkLS7t9AgFjm/ucmpEGbXxyPk2Cr3l+b5R41x3
 dBW9kxiuWpZN3Q==
 =iuRK
 -----END PGP PUBLIC KEY BLOCK-----
--- a/fapolicyd-1.4.5.tar.gz.asc
+++ b/fapolicyd-1.4.5.tar.gz.asc
@ -0,0 +1,18 @@
 -----BEGIN PGP SIGNATURE-----
 wsG7BAABCgBvBYJpxNfQCRD7TGhbXcHBPkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
 cy5zZXF1b2lhLXBncC5vcmeSbYk39v6AWRXAJKi7QqR50/F2a+qLBgekvRhg9+T5
 DRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+AAD3LxAAjhRIu2JBEKFSWIFGJKqkS885
 yL7JGlDDWXIXAOS8QY4+doKhTpd3wI50ETRZO1N7+mBMQG0dG0VoakIQsbJKIlFX
 9ifBmTfvnBGhD8YTI+pUQLAVLat8TFSBbxL3/awEaUZ+JXEoSlnDbzV9jOLVeNZb
 d5Cc4RNXcchH42EwgPBeTY7OUXrXKeSpDeZPRSzu57bLsog9PigVeH7QoLew0KEC
 iQFbTc13giT/kMjh7Fc1KB3kPblbDBVC2xYPaGd/JwowFNde1ZCcrGa8Dccff/BE
 MEWzHZTMUm4TN4EDHdzqmJhUZ88U8awPHy9j0YmZZ1Z3nAsEJ8WwyMOFSt60WVHx
 8EJ/SvBG69v0U3MlMqlAEsXZwKun4s/YED9Fw/Sywy9Iy2q3mVajMzlWC8xWYO8V
 0NBPA6Ecz/Misk9MYnrEt63H2eysW3io7SYgTDopk79TIar7MUiB4r4JWg3rTnfg
 2IvGpjOaJ+pi7hkZ2HF1hwXrQaf/RYQxLUolOVxkbs7yg603VbIQDbt/9iCei+U1
 1qefKKabJkwMBjSlBOILfiAcxrOF6D6/8lN+ScAQUMDlYqbAUMJ2xqQgNGOGW965
 3olB693tlI/xVem3hjUnLS+HYXLlq4R5pTfvm+offYhe7myqkvfQ8XOhgptINZPy
 AI40vsRDjx8gRxOqaR4=
 =Vv69
 -----END PGP SIGNATURE-----
--- a/fapolicyd-selinux-1.1.tar.gz.asc
+++ b/fapolicyd-selinux-1.1.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmlmAo4ACgkQzcroySfG
 vjGK4w//eaZET4l52F5pZWq6R59X1pC4/9vqD82hFTwum96fznDjJsqApOUzJcvX
 b1u+EkkFkvGsvNZVzCTnaCnJmh2EceerlOy9KwwtLFXCMQWe3ZX4fQLiUt70CGfE
 dsbr58+pd5BoaZcXwTuHoh66q2RPqxI7sA9zeVYuAUsqa63mM3YGNfkUp57klT1Z
 Mbvw9TIoO/oXuahHtEucWCmQDtNKGz3QBrBOxSeL3eGGduFKDnya4GWh7c/QYpJO
 /2Sbzx04JD7jJJ2DuqySy2JV+MNitwjvbjc3ffDBNpvuqqzEjkMRbSSRZyWJcgAa
 GWF4zx0DOMltOrWJ05qxcXwqRqoVWNXRe1wH32c7wp/l/zstQ6v1+R2HsNXyLMR9
 kbvAPpTXjRtKGmUY9Gq1vibpC943U2PjQlENS/yCJlSK5dKx7KPwmHn5rEwoSsJr
 DUzik3+NIraiqF3os4c5D/Fc8Of8/U4X/G3P+sfQma8BAYSu+D09rdEFX+XOea5f
 0XKoFF7uDZ6iBmPw7f/JoSDOJk25bDf+QGbQsk/h/ao5AUVy0BXsy6+Uof2+7Qr0
 bDY8nE8hmgo5A9ssdnnXTg71i4g1+/berFpGv3soW9FTeBsLmhJeNo+lzSUj9KUE
 uKoiDaaZSNMJfvCJpJqjz0hNjIfnbXAnVNs/QgXvBbjnRatKqcI=
 =HP8O
 -----END PGP SIGNATURE-----
--- a/fapolicyd.spec
+++ b/fapolicyd.spec
@ -0,0 +1,532 @@
 %global selinuxtype targeted
 %global moduletype distributed
 %define semodule_version 1.1
 Summary: Application Whitelisting Daemon
 Name: fapolicyd
 Version: 1.4.5
 Release: 1.2%{?dist}
 License: GPL-3.0-or-later
 URL: https://github.com/linux-application-whitelisting/fapolicyd
 Source0: https://github.com/linux-application-whitelisting/fapolicyd/releases/download/v%{version}/fapolicyd-%{version}.tar.gz
 Source1: https://github.com/linux-application-whitelisting/%{name}-selinux/releases/download/v%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz
 Source2: https://github.com/bachradsusi.gpg
 Source3: fapolicyd.sysusers
 Source10: https://github.com/linux-application-whitelisting/fapolicyd/releases/download/v%{version}/fapolicyd-%{version}.tar.gz.asc
 Source11: https://github.com/linux-application-whitelisting/%{name}-selinux/releases/download/v%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz.asc
 # we bundle uthash for eln
 Source20: https://github.com/troydhanson/uthash/archive/refs/tags/v2.3.0.tar.gz#/uthash-2.3.0.tar.gz
 # https://github.com/linux-application-whitelisting/fapolicyd
 # $ git format-patch -N v1.4.5
 # https://github.com/linux-application-whitelisting/fapolicyd-selinux
 # $ git format-patch -N --start-number 100 --src-prefix=a/fapolicyd-selinux-1.1/ --dst-prefix=b/fapolicyd-selinux-1.1/ v1.1
 # $ for j in [0-9]*.patch; do printf "Patch: %s\n" $j; done
 # Patch list start
 # Patch list end
 BuildRequires: gcc
 BuildRequires: kernel-headers
 BuildRequires: autoconf automake make gcc libtool
 BuildRequires: systemd systemd-devel openssl-devel rpm-devel file-devel file
 BuildRequires: libcap-ng-devel libseccomp-devel lmdb-devel
 BuildRequires: python3-devel
 %if 0%{?fedora} || 0%{?rhel} > 10
 BuildRequires: gpgverify
 %else
 BuildRequires: gnupg
 %endif
 %if 0%{?rhel} == 0
 BuildRequires: uthash-devel
 %endif
 Requires: rpm-plugin-fapolicyd
 Recommends: %{name}-selinux
 Requires(pre): shadow-utils
 Requires(post): systemd-units
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 %description
 Fapolicyd (File Access Policy Daemon) implements application whitelisting
 to decide file access rights. Applications that are known via a reputation
 source are allowed access while unknown applications are not. The daemon
 makes use of the kernel's fanotify interface to determine file access rights.
 %package        selinux
 Summary:        Fapolicyd selinux
 Group:          Applications/System
 Requires:       %{name} = %{version}-%{release}
 Requires:       selinux-policy-%{selinuxtype}
 Requires(post): selinux-policy-%{selinuxtype}
 BuildRequires:  selinux-policy-devel
 BuildArch: noarch
 %{?selinux_requires}
 %description    selinux
 The %{name}-selinux package contains selinux policy for the %{name} daemon.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE10}' --data='%{SOURCE0}'
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE11}' --data='%{SOURCE1}'
 %setup -q
 # selinux
 %autosetup -D -T -a 1 -p 1
 %if 0%{?rhel} != 0
 %setup -q -D -T -b 20
 %endif
 # generate rules for python
 sed -i "s|%python2_path%|`readlink -f %{__python2}`|g" rules.d/*.rules
 sed -i "s|%python3_path%|`readlink -f %{__python3}`|g" rules.d/*.rules
 # Detect run time linker directly from bash
 interpret=`readelf -e /usr/bin/bash \
    | grep Requesting \
    | sed 's/.$//' \
    | rev | cut -d" " -f1 \
    | rev`
 sed -i "s|%ld_so_path%|`realpath $interpret`|g" rules.d/*.rules
 %build
 cp INSTALL INSTALL.tmp
 # necessary for updating CFLAGS below
 %set_build_flags
 %if 0%{?rhel} != 0
 export CFLAGS="$CFLAGS -I%{_builddir}/uthash-2.3.0/include"
 %endif
 ./autogen.sh
 %configure \
    --with-audit \
    --with-rpm \
    --disable-shared
 %make_build
 # selinux
 pushd %{name}-selinux-%{semodule_version}
 make
 popd
 %check
 make check
 # selinux
 %pre selinux
 %selinux_relabel_pre -s %{selinuxtype}
 %install
 %make_install
 install -p -m 644 -D init/%{name}-tmpfiles.conf %{buildroot}/%{_tmpfilesdir}/%{name}.conf
 install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
 mkdir -p %{buildroot}/%{_localstatedir}/lib/%{name}
 mkdir -p %{buildroot}/run/%{name}
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}/trust.d
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}/rules.d
 # get list of file names between known-libs and restrictive from sample-rules/README-rules
 cat %{buildroot}/%{_datadir}/%{name}/sample-rules/README-rules \
  | grep -A 100 'known-libs' \
  | grep -B 100 'restrictive' \
  | grep '^[0-9]' > %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
 chmod 644 %{buildroot}/%{_datadir}/%{name}/default-ruleset.known-libs
 # selinux
 install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 install -m 0644 %{name}-selinux-%{semodule_version}/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 install -m 0644 %{name}-selinux-%{semodule_version}/%{name}-hardening.cil %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
 install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{name}.if
 #cleanup
 find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete
 %pre
 getent passwd %{name} >/dev/null || useradd -r -M -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -c "Application Whitelisting Daemon" %{name}
 %post
 # if no pre-existing rule file
 if [ ! -e %{_sysconfdir}/%{name}/%{name}.rules ] ; then
 files=`ls %{_sysconfdir}/%{name}/rules.d/ 2>/dev/null | wc -w`
 # Only if no pre-existing component rules
 if [ "$files" -eq 0 ] ; then
  ## Install the known libs policy
  for rulesfile in `cat %{_datadir}/%{name}/default-ruleset.known-libs`; do
    cp %{_datadir}/%{name}/sample-rules/$rulesfile  %{_sysconfdir}/%{name}/rules.d/
  done
  chgrp %{name} %{_sysconfdir}/%{name}/rules.d/*
  if [ -x /usr/sbin/restorecon ] ; then
   # restore correct label
   /usr/sbin/restorecon -F %{_sysconfdir}/%{name}/rules.d/*
  fi
  fagenrules >/dev/null
 fi
 fi
 %systemd_post %{name}.service
 %preun
 %systemd_preun %{name}.service
 %postun
 %systemd_postun_with_restart %{name}.service
 %files
 %doc README.md
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %attr(755,root,root) %dir %{_datadir}/%{name}
 %attr(755,root,root) %dir %{_datadir}/%{name}/sample-rules
 %attr(644,root,root) %{_datadir}/%{name}/default-ruleset.known-libs
 %attr(644,root,root) %{_datadir}/%{name}/sample-rules/*
 %attr(644,root,root) %{_datadir}/%{name}/fapolicyd-magic.mgc
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/trust.d
 %attr(750,root,%{name}) %dir %{_sysconfdir}/%{name}/rules.d
 %attr(644,root,root) %{_sysconfdir}/bash_completion.d/*
 %ghost %{_sysconfdir}/%{name}/rules.d/*
 %ghost %{_sysconfdir}/%{name}/%{name}.rules
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}-filter.conf
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.trust
 %ghost %attr(644,root,%{name}) %{_sysconfdir}/%{name}/compiled.rules
 %attr(644,root,root) %{_unitdir}/%{name}.service
 %attr(644,root,root) %{_tmpfilesdir}/%{name}.conf
 %attr(644,root,root) %{_sysusersdir}/%{name}.conf
 %attr(755,root,root) %{_bindir}/%{name}-rpm-loader
 %attr(755,root,root) %{_sbindir}/%{name}
 %attr(755,root,root) %{_sbindir}/%{name}-cli
 %attr(755,root,root) %{_sbindir}/fagenrules
 %attr(644,root,root) %{_mandir}/man8/*
 %attr(644,root,root) %{_mandir}/man5/*
 %ghost %attr(440,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/log/%{name}-access.log
 %attr(770,root,%{name}) %dir %{_localstatedir}/lib/%{name}
 %attr(770,root,%{name}) %dir /run/%{name}
 %ghost %attr(660,root,%{name}) /run/%{name}/%{name}.fifo
 %ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/data.mdb
 %ghost %attr(660,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/lib/%{name}/lock.mdb
 %files selinux
 %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %{_datadir}/selinux/packages/%{selinuxtype}/%{name}-hardening.cil
 %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
 %{_datadir}/selinux/devel
 %post selinux
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 %{_datadir}/selinux/packages/%{selinuxtype}/%{name}-hardening.cil
 %selinux_relabel_post -s %{selinuxtype}
 %postun selinux
 if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} %{name}-hardening %{name}
 fi
 %posttrans selinux
 %selinux_relabel_post -s %{selinuxtype}
 %changelog
 * Mon Mar 30 2026 Petr Lautrbach <lautrbach@redhat.com> - 1.4.5-1.2
 - fapolicyd-1.4.5
  https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.5
 * Thu Mar 19 2026 Petr Lautrbach <lautrbach@redhat.com> - 1.4.4-1
 - fapolicyd-1.4.4
  https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.4
 * Fri Feb 06 2026 Petr Lautrbach <lautrbach@redhat.com> - 1.4.3-3
 - Fix 32-bit ELF dynamic section parsing
 * Tue Jan 27 2026 Petr Lautrbach <lautrbach@redhat.com> - 1.4.3-2
 - Fix binary path of rpm-loader
 - Map file with MAP_SHARED instead of MAP_PRIVATE
 - Fix segfault when interrupting fapolicyd startup
 * Tue Jan 13 2026 Petr Lautrbach <lautrbach@redhat.com> - 1.4.3-1
 - fapolicyd-1.4.3
  https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.3
  https://github.com/linux-application-whitelisting/fapolicyd-selinux/releases/tag/v1.1
 * Wed Nov 26 2025 Petr Lautrbach <lautrbach@redhat.com> - 1.4.2-1
 - fapolicyd-1.4.2
  https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4.2
 * Fri Nov 07 2025 Petr Lautrbach <lautrbach@redhat.com> - 1.4.1-2
 - Install SELinux policy hardening module
 * Fri Oct 31 2025 Petr Lautrbach <lautrbach@redhat.com> - 1.4.1-1
 - Fix deadlock on reconfigure
 - On reconfigure, update the trust list and reload the rpm filter
 * Thu Oct 30 2025 Petr Lautrbach <lautrbach@redhat.com> - 1.4-1
 - fapolicyd-1.4 and fapolicyd-selinux-1.0
  https://github.com/linux-application-whitelisting/fapolicyd/releases/tag/v1.4
 * Thu Oct 16 2025 Petr Lautrbach <lautrbach@redhat.com> - 1.3.7-1
 - fapolicyd-1.3.7 and fapolicyd-selinux-0.9
 * Wed Aug 20 2025 Petr Lautrbach <lautrbach@redhat.com> - 1.3.3-107
 - Fix owner:group of /etc/fapolicyd on boot
 * Mon Aug 18 2025 Petr Lautrbach <lautrbach@redhat.com> - 1.3.3-106
 - Add /var/lib/fapolicyd to tmpfiles
 Resolves: RHEL-104873
 - Allow fapolicyd to connect to systemd-machined
 Resolves: RHEL-77071
 * Wed May 28 2025 Radovan Sroka <rsroka@redhat.com> - 1.3.3-105
 RHEL 10.1 ERRATUM
 - RPMDB crashes with SIGBUS when updating the RPMDB repeatedly
 Resolves: RHEL-94540
 - File /run/fapolicyd differs from RPM expectations
 Resolves: RHEL-94536
 - fapolicyd.service badly instructs how to start after nss-user-lookup.target
 Resolves: RHEL-94538
 - fapolicy rule containing 'pattern=normal' produces error
 Resolves: RHEL-94537
 - "fapolicyd-cli --file add" crashes when processing sockets
 Resolves: RHEL-105425
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.3.3-102
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.3.3-101
 - Bump release for June 2024 mass rebuild
 * Tue May 14 2024 Radovan Sroka <rsroka@redhat.com> - 1.3.3-100
 RHEL 10.0.0 ERRATUM
 - rebase to fapolicy-1.3.3 and fapolicyd-selinux-0.7
 Resolves: RHEL-36287
 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Mon Jul 10 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.3-1
 - rebase to fapolicyd v1.3.2
 * Thu Jun 15 2023 Radovan Sroka <rsroka@redhat.com> - 1.3.1-2
 - rebase to fapolicyd v1.3.1 and selinux v0.6
 * Tue Jun 13 2023 Radovan Sroka <rsroka@redhat.com> - 1.2-6
 - migrated to SPDX license
 * Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 1.2-5
 - Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
 * Fri Feb 10 2023 Radovan Sroka <rsroka@redhat.com> - 1.2-1
 - rebase to v1.2
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Fri Dec 02 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.7-3
 - rebuild for eln
 * Mon Nov 28 2022 Florian Weimer <fweimer@redhat.com> - 1.1.7-2
 - Avoid implicit declaration of rpmFreeCrypto
 * Mon Nov 28 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.7.1
 - rebase fapolicyd to v1.1.7 and fapolicyd-selinux to v0.5
 * Thu Sep 29 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.5.2
 - rebase to 1.1.5
 * Wed Aug 31 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.4-4
 - fix bash completition definition in spec
 Resolves: rhbz#2123065
 * Tue Aug 30 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.4-3
 - rebuild with correct openssl and systemd dependency
 * Thu Aug 18 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.4-1
 - rebase to 1.1.4
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Wed Jun 22 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.3-1
 - rebase to 1.1.3
 - removal of dnf plugin
 * Wed Jun 15 2022 Python Maint <python-maint@redhat.com> - 1.1.2-2
 - Rebuilt for Python 3.11
 * Wed May 25 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.2-1
 - rebase to v1.1.2
 - fixed CVE-2022-1117
 Resolves: rhbz#2089692
 * Wed Mar 30 2022 Radovan Sroka <rsroka@redhat.com> - 1.1.1-2
 - rebase to v1.1.1
 * Tue Feb 15 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-2
 - old fapolicyd.rules needs to be ghost file
 * Sun Jan 23 2022 Radovan Sroka <rsroka@redhat.com> - 1.1-1
 - rebase to v1.1
 - added rules.d folder
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Fri Dec 24 2021 Björn Esser <besser82@fedoraproject.org> - 1.0.4-2
 - Rebuild(uthash)
 * Fri Dec 10 2021 Radovan Sroka <rsoka@redhat.com> - 1.0.4-1
 - rebase to 1.0.4
 - enable trust.d folder
 * Wed Sep 01 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-4
 - selinux: use watch perm correctly
 * Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.0.3-2
 - Rebuilt for Python 3.10
 * Thu Apr 01 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.3-1
 - rebase to 1.0.3
 - sync fedora with rhel
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.0.2-3
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Wed Jan 06 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.2-1
 - rebase to 1.0.2
 - enabled make check
 - dnf-plugin is now required subpackage
 * Mon Nov 16 2020 Radovan Sroka <rsroka@redhat.com> - 1.0.1-1
 - rebase to 1.0.1
 - introduced uthash dependency
 - SELinux prevents the fapolicyd process from writing to /run/dbus/system_bus_socket
 Resolves: rhbz#1874491
 - SELinux prevents the fapolicyd process from writing to /var/lib/rpm directory
 Resolves: rhbz#1876538
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-3
 - backported few cosmetic small patches from upstream master
 - rebase selinux tarbal to v0.3
 - file context pattern for /run/fapolicyd.pid is missing
 Resolves: rhbz#1834674
 * Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.0-2
 - Rebuilt for Python 3.9
 * Mon May 25 2020 Radovan Sroka <rsroka@redhat.com> - 1.0-1
 - rebase fapolicyd to 1.0
 - allowed sys_ptrace for user namespace
 * Mon Mar 23 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.4-1
 - rebase fapolicyd to 0.9.4
 - polished the pattern detection engine
 - rpm backend now drops most of the files in /usr/share/ to dramatically reduce
  memory consumption and improve startup speed
 - the commandline utility can now delete the lmdb trust database and manage
  the file trust source
 * Mon Feb 24 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.3-1
 - rebase fapolicyd to 0.9.3
 - dramatically improved startup time
 - fapolicyd-cli has picked up --list and --ftype commands to help debug/write policy
 - file type identification has been improved
 - trust database statistics have been added to the reports
 * Tue Feb 04 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.2-2
 - Label all fifo_file as fapolicyd_var_run_t in /var/run.
 - Allow fapolicyd_t domain to create fifo files labeled as
  fapolicyd_var_run_t
 * Fri Jan 31 2020 Radovan Sroka <rsroka@redhat.com> - 0.9.2-1
 - rebase fapolicyd to 0.9.2
 - allows watched mount points to be specified by file system types
 - ELF file detection was improved
 - the rules have been rewritten to express the policy based on subject
  object trust for better performance and reliability
 - exceptions for dracut and ansible were added to the rules to avoid problems
  under normal system use
 - adds an admin defined trust database (fapolicyd.trust)
 - setting boost, queue, user, and group on the daemon
  command line are deprecated
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Tue Nov 05 2019 Marek Tamaskovic <mtamasko@redhat.com> - 0.9-3
 - Updated fapolicyd-selinux subpackage to v0.2
  Selinux subpackage is recommended for fapolicyd.
 * Mon Oct 07 2019 Radovan Sroka <rsroka@redhat.com> - 0.9-2
 - Added fapolicyd-selinux subpackage
 * Mon Oct 07 2019 Radovan Sroka <rsroka@redhat.com> - 0.9-1
 - rebase to v0.9
 * Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.8.10-2
 - Rebuilt for Python 3.8.0rc1 (#1748018)
 * Wed Aug 28 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.10-1
 - rebase to 0.8.10
 - generate python paths dynamically
 * Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.8.9-5
 - Rebuilt for Python 3.8
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.9-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Mon Jun 10 22:13:18 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.8.9-3
 - Rebuild for RPM 4.15
 * Mon Jun 10 15:42:01 CET 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.8.9-2
 - Rebuild for RPM 4.15
 * Mon May 06 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.9-1
 - New upstream release
 * Wed Mar 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-2
 - backport some patches to resolve dac_override for fapolicyd
 * Mon Mar 11 2019 Radovan Sroka <rsroka@redhat.com> - 0.8.8-1
 - New upstream release
 - Added new DNF plugin that can update the trust database when rpms are installed
 - Added support for FAN_OPEN_EXEC_PERM
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Oct 03 2018 Steve Grubb <sgrubb@redhat.com> 0.8.7-1
 - New upstream bugfix release
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.6-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Thu Jun 07 2018 Steve Grubb <sgrubb@redhat.com> 0.8.6-1
 - New upstream feature release
 * Fri May 18 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-2
 - Add dist tag (#1579362)
 * Fri Feb 16 2018 Steve Grubb <sgrubb@redhat.com> 0.8.5-1
 - New release
--- a/fapolicyd.sysusers
+++ b/fapolicyd.sysusers
@ -0,0 +1 @@
 u fapolicyd - "Application Whitelisting Daemon" /var/lib/fapolicyd
--- a/3
+++ b/3
@ -0,0 +1,3 @@
 SHA512 (fapolicyd-1.4.5.tar.gz) = 8211ff92947f378aba2882b0fe6b20d72973295f9d10d0d83e18edf6aafa504ac51f49e84506951d0df228524383ca339a1e861bfd00315a3469d6d7d825f109
 SHA512 (fapolicyd-selinux-1.1.tar.gz) = 64a7068f8f0a730363e546921ac2eec66a8195d027bacd53f9bf837f55c82d3a667563eb553c6111bc7dfbd90693029577ccefc99dca3d7fe9b7ae5bb61d19bd
 SHA512 (uthash-2.3.0.tar.gz) = 3b01f1074790fb242900411cb16eb82c1a9afcf58e3196a0f4611d9d7ef94690ad38c0a500e7783d3efa20328aa8d6ab14f246be63b3b3d385502ba2b6b2a294
		`@ -0,0 +1 @@`
							`u fapolicyd - "Application Whitelisting Daemon" /var/lib/fapolicyd`