From 99b3f5a5d345a0e4ca977e2136bfdbcf809a7103 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Thu, 14 Dec 2023 17:52:44 +0100
Subject: [PATCH] SELinux userspace 3.6 release

---
 .gitignore                                  |  1 +
 0007-sepolicy-port-to-dnf4-python-API.patch | 84 ---------------------
 policycoreutils.spec                        | 18 +++--
 sources                                     |  2 +-
 4 files changed, 12 insertions(+), 93 deletions(-)
 delete mode 100644 0007-sepolicy-port-to-dnf4-python-API.patch

diff --git a/.gitignore b/.gitignore
index 244b3fa..f168b35 100644
--- a/.gitignore
+++ b/.gitignore
@@ -354,3 +354,4 @@ policycoreutils-2.0.83.tgz
 /selinux-gui.zip
 /selinux-3.6-rc1.tar.gz
 /selinux-3.6-rc2.tar.gz
+/selinux-3.6.tar.gz
diff --git a/0007-sepolicy-port-to-dnf4-python-API.patch b/0007-sepolicy-port-to-dnf4-python-API.patch
deleted file mode 100644
index 7410ccd..0000000
--- a/0007-sepolicy-port-to-dnf4-python-API.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 4417766f66fb5a1d41503c2d1f0008823ae11269 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <lautrbach@redhat.com>
-Date: Sat, 29 Jul 2023 20:33:06 +0200
-Subject: [PATCH] sepolicy: port to dnf4 python API
-Content-type: text/plain
-
-yum module is not available since RHEL 7.
-
-Drop -systemd related code as it's obsoleted these days - only 2
-packages ship their .service in -systemd subpackage
-
-Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
----
- python/sepolicy/sepolicy/generate.py | 38 ++++++++++++----------------
- 1 file changed, 16 insertions(+), 22 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
-index 36a3ea1196b1..48602a736953 100644
---- a/python/sepolicy/sepolicy/generate.py
-+++ b/python/sepolicy/sepolicy/generate.py
-@@ -1264,13 +1264,20 @@ allow %s_t %s_t:%s_socket name_%s;
-         return fcfile
- 
-     def __extract_rpms(self):
--        import yum
--        yb = yum.YumBase()
--        yb.setCacheDir()
-+        import dnf
- 
--        for pkg in yb.rpmdb.searchProvides(self.program):
-+        base = dnf.Base()
-+        base.read_all_repos()
-+        base.fill_sack(load_system_repo=True)
-+
-+        query = base.sack.query()
-+
-+        pq = query.available()
-+        pq = pq.filter(file=self.program)
-+
-+        for pkg in pq:
-             self.rpms.append(pkg.name)
--            for fname in pkg.dirlist + pkg.filelist + pkg.ghostlist:
-+            for fname in pkg.files:
-                 for b in self.DEFAULT_DIRS:
-                     if b == "/etc":
-                         continue
-@@ -1279,9 +1286,10 @@ allow %s_t %s_t:%s_socket name_%s;
-                             self.add_file(fname)
-                         else:
-                             self.add_dir(fname)
--
--            for bpkg in yb.rpmdb.searchNames([pkg.base_package_name]):
--                for fname in bpkg.dirlist + bpkg.filelist + bpkg.ghostlist:
-+            sq = query.available()
-+            sq = sq.filter(provides=pkg.source_name)
-+            for bpkg in sq:
-+                for fname in bpkg.files:
-                     for b in self.DEFAULT_DIRS:
-                         if b == "/etc":
-                             continue
-@@ -1291,20 +1299,6 @@ allow %s_t %s_t:%s_socket name_%s;
-                             else:
-                                 self.add_dir(fname)
- 
--        # some packages have own systemd subpackage
--        # tor-systemd for example
--        binary_name = self.program.split("/")[-1]
--        for bpkg in yb.rpmdb.searchNames(["%s-systemd" % binary_name]):
--            for fname in bpkg.filelist + bpkg.ghostlist + bpkg.dirlist:
--                for b in self.DEFAULT_DIRS:
--                    if b == "/etc":
--                        continue
--                    if fname.startswith(b):
--                        if os.path.isfile(fname):
--                            self.add_file(fname)
--                        else:
--                            self.add_dir(fname)
--
-     def gen_writeable(self):
-         try:
-             self.__extract_rpms()
--- 
-2.41.0
-
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 49da384..d6c2e45 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,7 +1,7 @@
 %global libauditver     3.0
-%global libsepolver     3.6-0.rc2
-%global libsemanagever  3.6-0.rc2
-%global libselinuxver   3.6-0.rc2
+%global libsepolver     3.6-1
+%global libsemanagever  3.6-1
+%global libselinuxver   3.6-1
 
 %global generatorsdir %{_prefix}/lib/systemd/system-generators
 
@@ -11,10 +11,10 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 3.6
-Release: 0.rc2.1%{?dist}
+Release: 1%{?dist}
 License: GPL-2.0-or-later
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6-rc2/selinux-3.6-rc2.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/selinux-3.6.tar.gz
 URL:     https://github.com/SELinuxProject/selinux
 Source13: system-config-selinux.png
 Source14: sepolicy-icons.tgz
@@ -33,7 +33,7 @@ Source22: selinux-gui.zip
 # wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./
 Source23: selinux-sandbox.zip
 # https://github.com/fedora-selinux/selinux
-# $ git format-patch -N 3.6-rc2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
+# $ git format-patch -N 3.6 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
 # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
 # Patch list start
 Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
@@ -42,7 +42,6 @@ Patch0003: 0003-sepolicy-generate-Handle-more-reserved-port-types.patch
 Patch0004: 0004-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
 Patch0005: 0005-Use-SHA-2-instead-of-SHA-1.patch
 Patch0006: 0006-python-sepolicy-Fix-spec-file-dependencies.patch
-Patch0007: 0007-sepolicy-port-to-dnf4-python-API.patch
 # Patch list end
 
 Obsoletes: policycoreutils < 2.0.61-2
@@ -78,7 +77,7 @@ load_policy to load policies, setfiles to label filesystems, newrole
 to switch roles.
 
 %prep -p /usr/bin/bash
-%autosetup -p 1 -n selinux-%{version}-rc2
+%autosetup -p 1 -n selinux-%{version}
 
 cp %{SOURCE13} gui/
 tar -xvf %{SOURCE14} -C python/sepolicy/
@@ -420,6 +419,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
+- SELinux userspace 3.6 release
+
 * Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
 - SELinux userspace 3.6-rc2 release
 
diff --git a/sources b/sources
index c85d2c4..9d03d1f 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-SHA512 (selinux-3.6-rc2.tar.gz) = b42d07af30a49e2d3e3f99c6400a57e4f830100870dc992f6a3f4b3ab16d3cd8a7f2c08f818045a2b8f358548551d31c75b14247a540e67da62bedaaee979ee0
+SHA512 (selinux-3.6.tar.gz) = 15ba9c5901ec4dc1e9e24374ffe61216301335fb07c0d653692251a59f210628775852f22d7c5eb784a43b65c133fad983ba1e6159d72fd3fd16e87f9a335fb6
 SHA512 (selinux-policycoreutils.zip) = 0df9dc274e0d1a2e4e2467f95a18a5bf7b6de2428ac90a0a73d7f3bd766a897062af142ba3cf39cdb79565ba78af960bcd2e35865cc26e14bf2305321780c918
 SHA512 (selinux-python.zip) = 35d209f8bcff498f66465499fcc4cef0780781276a4ba060b2d1d56eed1dd72d253f6b0eae5f679d46cf426b967a7aadac909363513be5d483c95a31249eacdd
 SHA512 (selinux-sandbox.zip) = ecbc0c8280eb6c013b039a2e63ee5a361cd84807613962a012ac0a98092357e9809bea23c3c71bd8ae4745b1dd12a4fce43db5e1cab31614f386a2a8db88b733