From f8e6a6385b37abcebbd983c8faa1889807b288ba Mon Sep 17 00:00:00 2001
From: DistroBaker <osci-list@redhat.com>
Date: Tue, 24 Nov 2020 11:28:16 +0000
Subject: [PATCH] Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/policycoreutils.git#c808ccc35cfb563b66b618147b399451acc7747c
---
 ...-add-a-note-that-runtime-disable-is-.patch | 29 +++++++++++
 ...olicy-allow-to-override-manpage-date.patch | 51 +++++++++++++++++++
 gating.yaml                                   | 16 ++++++
 policycoreutils.spec                          | 15 ++++--
 4 files changed, 106 insertions(+), 5 deletions(-)
 create mode 100644 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
 create mode 100644 0025-python-sepolicy-allow-to-override-manpage-date.patch
 create mode 100644 gating.yaml

diff --git a/0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch b/0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
new file mode 100644
index 0000000..339cb4a
--- /dev/null
+++ b/0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
@@ -0,0 +1,29 @@
+From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Wed, 11 Nov 2020 17:23:40 +0100
+Subject: [PATCH] selinux_config(5): add a note that runtime disable is
+ deprecated
+
+...and refer to selinux(8), which explains it further.
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ policycoreutils/man/man5/selinux_config.5 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
+index 1ffade150128..58b42a0e234d 100644
+--- a/policycoreutils/man/man5/selinux_config.5
++++ b/policycoreutils/man/man5/selinux_config.5
+@@ -48,7 +48,7 @@ SELinux security policy is enforced.
+ .IP \fIpermissive\fR 4
+ SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
+ .IP \fIdisabled\fR
+-SELinux is disabled and no policy is loaded.
++No SELinux policy is loaded.  This option was used to disable SELinux completely, which is now deprecated.  Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
+ .RE
+ .sp
+ The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
+-- 
+2.29.2
+
diff --git a/0025-python-sepolicy-allow-to-override-manpage-date.patch b/0025-python-sepolicy-allow-to-override-manpage-date.patch
new file mode 100644
index 0000000..c205e6a
--- /dev/null
+++ b/0025-python-sepolicy-allow-to-override-manpage-date.patch
@@ -0,0 +1,51 @@
+From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
+From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
+Date: Fri, 30 Oct 2020 22:53:09 +0100
+Subject: [PATCH] python/sepolicy: allow to override manpage date
+
+in order to make builds reproducible.
+See https://reproducible-builds.org/ for why this is good
+and https://reproducible-builds.org/specs/source-date-epoch/
+for the definition of this variable.
+
+This patch was done while working on reproducible builds for openSUSE.
+
+Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
+---
+ python/sepolicy/sepolicy/manpage.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 6a3e08fca58c..c013c0d48502 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -39,6 +39,8 @@ typealias_types = {
+ equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
+ 
+ equiv_dirs = ["/var"]
++man_date = time.strftime("%y-%m-%d", time.gmtime(
++        int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
+ modules_dict = None
+ 
+ 
+@@ -546,7 +548,7 @@ class ManPage:
+ 
+     def _typealias(self,typealias):
+         self.fd.write('.TH  "%(typealias)s_selinux"  "8"  "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
+-                 % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
++                 % {'typealias':typealias, 'date': man_date})
+         self.fd.write(r"""
+ .SH "NAME"
+ %(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
+@@ -565,7 +567,7 @@ man page for more details.
+ 
+     def _header(self):
+         self.fd.write('.TH  "%(domainname)s_selinux"  "8"  "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
+-                      % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
++                      % {'domainname': self.domainname, 'date': man_date})
+         self.fd.write(r"""
+ .SH "NAME"
+ %(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
+-- 
+2.29.2
+
diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..af6eb32
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,16 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
diff --git a/policycoreutils.spec b/policycoreutils.spec
index e734c79..6ce0202 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,8 +1,7 @@
 %global libauditver     3.0
-%global libsepolver     3.1-4
-%global libsemanagever  3.1-4
-%global libselinuxver   3.1-4
-%global sepolgenver     3.1-4
+%global libsepolver     3.1-5
+%global libsemanagever  3.1-5
+%global libselinuxver   3.1-5
 
 %global generatorsdir %{_prefix}/lib/systemd/system-generators
 
@@ -12,7 +11,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 3.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
@@ -61,6 +60,8 @@ Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
 Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
 Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
 Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
+Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
+Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
 # Patch list end
 
 Obsoletes: policycoreutils < 2.0.61-2
@@ -538,6 +539,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
+- python/sepolicy: allow to override manpage date
+- selinux_config(5): add a note that runtime disable is deprecated
+
 * Mon Nov  9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
 - Require latest setools