Commit Graph

1251 Commits

Author SHA1 Message Date
Fedora Release Engineering
3a5478fbe1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 22:42:19 +00:00
Miro Hrončok
ed5913bed9 Rebuilt for Python 3.7 2018-07-02 18:24:39 +02:00
Petr Lautrbach
c1291665a7 policycoreutils-2.8-3.fc29
- selinux-autorelabel: Use plymouth --quit rather then --hide-splash (#1592221)
- selinux-autorelabel: Increment boot_indeterminate grub environment variable (#1592221)
2018-06-18 11:23:27 +02:00
Hans de Goede
3bbe617cee selinux-autorelabel: Increment boot_indeterminate grub environment variable
For the new grub auto-hide feature:
https://fedoraproject.org/wiki/Changes/HiddenGrubMenu

Grub needs to know if the previous boot succeeded. This is tracked
through flags in the grub environment.

A selinux autorelabel is special, because it reboots the machine without
completing the boot in the normal manner.

grub checks the (new) boot_indeterminate grub environment variable to deal
with this. This is a variable containing a count of special boots since
the last successful normal boot. If this variable is 1 then it also treats
the previous boot as successful. The idea is that an autorelabel (or
offline updates) increments boot_indeterminate, so normally after a reboot
it will be 1 and the grub menu stays hidden. But if we end up in a selinux
autorelabel loop for some reason, then it will be bigger then 1 (*) and
the grub menu will be shown allowing the user to try and fix things.

*) grub itself will also increment it if it is 1 so that even if it gets
incremented only once, that still only makes 1 boot count as successful.

This commit makes the selinux-autorelabel script call:
grub2-editenv - incr boot_indeterminate
for proper integration with this new grub feature.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2018-06-18 11:03:49 +02:00
Hans de Goede
a16e7bc7bb selinux-autorelabel: Use plymouth --quit rather then --hide-splash
plymouth by defaults waits for 5 seconds before showing the splash so
that the splash simply gets skipped on real quick boots.

In my testing it seems that --hide-splash is a no-op when run before
the 5 seconds have passed and the splash is shown, causing the splash
to still be there during a relabel. Note this problem only shows when
*not* using disk-encryption.

Switching to plymouth --quit fixes this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2018-06-18 11:03:46 +02:00
Miro Hrončok
426ef33d7b Rebuilt for Python 3.7 2018-06-15 22:47:46 +02:00
Petr Lautrbach
e02a588654 policycoreutils-2.8-1
- SELinux userspace 2.8 release
2018-05-25 11:45:50 +02:00
Petr Lautrbach
dafef9cd56 policycoreutils-2.8-0.rc3.2
- selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
- selinux-autorelabel: synchronize cached writes before reboot (#1385272)
2018-05-22 07:55:28 +02:00
David Kaspar [Dee'Kej]
f5a2299168 selinux-autorelabel: synchronize cached writes before reboot
This should prevent boot loops when 'touch /.autorelabel' has been used.

  See: https://bugzilla.redhat.com/show_bug.cgi?id=1385272

Signed-off-by: David Kaspar [Dee'Kej] <dkaspar@redhat.com>
2018-05-18 13:55:09 +02:00
David Kaspar [Dee'Kej]
4af347c8e5 selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
This can be useful when user has this UEFI boot order e.g.:

                 Windows | grub | Linux

  And decides to boot into grub/Linux. In case the autorelabel service
  is being run after the boot into grub, then the reboot after the
  autorelabel is done will cause user to boot into Windows again...

  This change should make the behaviour more intuitive for the user.

Signed-off-by: David Kaspar [Dee'Kej] <dkaspar@redhat.com>
2018-05-18 13:53:03 +02:00
Petr Lautrbach
5da1961fa7 Add policycoreutils_man_ru2.tar.bz2 back to sources 2018-05-15 09:56:15 +02:00
Petr Lautrbach
b05095b2d3 SELinux userspace 2.8-rc3 release candidate 2018-05-15 09:51:02 +02:00
Petr Lautrbach
b1b5b44bff SELinux userspace 2.8-rc2 release candidate 2018-05-04 16:20:03 +02:00
Petr Lautrbach
6545ae2ada SELinux userspace 2.8-rc1 release candidate 2018-04-23 14:31:24 +02:00
Petr Lautrbach
1d2d2bc1ce Drop python2 sepolicy gui files from policycoreutils-gui
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1566618
2018-04-19 09:13:06 +02:00
Iryna Shcherbina
6035a0be1e Update Python 2 dependency declarations to new packaging standards 2018-04-19 09:12:05 +02:00
Petr Lautrbach
3581fc76d3 policycoreutils-2.7-18
- Move semodule_* utilities to policycoreutils package (#1562549)
2018-04-03 12:15:10 +02:00
Petr Lautrbach
a707f868c5 Move semodule_* utilities to policycoreutils package
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1562549
2018-04-03 12:12:50 +02:00
Petr Lautrbach
3b2c0121a0 policycoreutils-2.7-17
- semanage/seobject.py: Fix undefined store check (#1559174)
2018-03-22 13:10:25 +01:00
Petr Lautrbach
e7588169c3 Since python subpackages are noarch now, use provides without %_isa 2018-03-21 17:54:54 +01:00
Petr Lautrbach
389ac0b9c7 Require libsepol-2.7-6, libselinux-2.7-13, libsemanage-2.7-12 2018-03-21 16:53:03 +01:00
Petr Lautrbach
320398f39a policycoreutils-2.7-16
- Build python only subpackages as noarch
- Move semodule_package to policycoreutils-devel
2018-03-16 17:10:02 +01:00
Petr Lautrbach
ebb2c5bfea Build python only subpackages as noarch
policycoreutils-dbus.noarch.rpm
policycoreutils-gui.noarch.rpm
policycoreutils-python-utils.noarch.rpm
python3-policycoreutils.noarch.rpm
python2-policycoreutils.noarch.rpm
2018-03-16 17:05:10 +01:00
Petr Lautrbach
8f22730766 Move semodule_package to policycoreutils-devel
It's not a python utility and other semodule_* tools live there.
2018-03-16 17:03:10 +01:00
Petr Lautrbach
38ab1da754 policycoreutils-2.7-15
- sepolicy: Fix translated strings with parameters
- sepolicy: Support non-MLS policy
- sepolicy: Initialize policy.ports as a dict in generate.py
- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
- Minor update for bash completion
- semodule_package: fix semodule_unpackage man page
- gui/semanagePage: Close "edit" and "add" dialogues when successfull
- gui/fcontextPage: Set default object class in addDialog\
- sepolgen: fix typo in PolicyGenerator
- build: follow standard semantics for DESTDIR and PREFIX
2018-03-13 14:43:27 +01:00
Petr Lautrbach
3b55d7f197 policycoreutils-2.7-14
- Use Fedora RPM build flags

https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1548740
2018-02-26 10:48:36 +01:00
Petr Lautrbach
005a370f1c -gui requires gtk3 and python3-gobject at least 2018-02-20 12:44:11 +01:00
Petr Lautrbach
d3d971ba91 Fix mangling python shebangs
- use pathfix.py instead of sed
- clean up '*~' files

Fixes:
policycoreutils has broken dependencies in the rawhide tree:
On i386:
        python2-policycoreutils-2.7-11.fc28.i686 requires /usr/bin/python22
On armhfp:
        python2-policycoreutils-2.7-11.fc28.armv7hl requires /usr/bin/python22
2018-02-20 12:38:53 +01:00
Petr Lautrbach
2c47aaddd8 List gcc in BuildRequires
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
https://fedoraproject.org/wiki/Packaging:C_and_C%2B%2B#BuildRequires_and_Requires
2018-02-19 13:37:46 +01:00
Miro Hrončok
c6b051c966 python3: suffix -> prefix 2018-02-19 11:56:26 +01:00
Petr Lautrbach
b11cdd32ec Spec file cleanup
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/MRWOMRZ6KPCV25EFHJ2O67BCCP3L4Y6N/
2018-02-16 10:19:01 +01:00
Petr Lautrbach
1bb4ee0d45 policycoreutils-2.7-11.f28
- Rewrite selinux-polgengui to use Gtk3
- Drop python2 and gnome-python2 from gui Requires
2018-02-15 21:34:05 +01:00
Petr Lautrbach
b16a211432 Drop python2 and gnome-python2 from gui Requires
It should not be needed anymore
2018-02-15 21:29:23 +01:00
Petr Lautrbach
203045ec1e gui: Several python 3 related fixes from fedora-selinux/selinux
- gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
- gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
- python/sepolicy: Use list instead of map
- python/sepolicy: Do not use types.BooleanType
2018-02-15 21:29:23 +01:00
Petr Lautrbach
7ef4db2ba4 Use /usr/bin/python2 and other "avoid Python 2" improvements
https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build
2018-02-15 21:29:23 +01:00
Petr Lautrbach
c5c508337c Use shared repository for tests
https://fedoraproject.org/wiki/CI/Share_Test_Code
2018-02-14 17:32:57 +01:00
Fedora Release Engineering
f81f64ddb6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-09 05:31:13 +00:00
Petr Lautrbach
dfb5be5ac0 policycoreutils-2.7-9.fc28
- audit-libs-python was renamed to audit-libs-python2
- Use python2_sitearch and python2_sitelib macro
2018-01-31 10:51:43 +01:00
Petr Lautrbach
d6b46ca1c4 audit-libs-python was renamed to audit-libs-python2 2018-01-24 17:55:20 +01:00
Petr Lautrbach
1083f0e66f Use python2_sitearch and python2_sitelib macros
Fixes:
/usr/bin/python: can't open file '/usr/lib/rpm/python-macro-helper': [Errno 2] No such file or directory
2018-01-23 09:02:27 +01:00
Igor Gnatenko
846a16972b Remove obsolete scriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-01-18 22:00:01 +01:00
Petr Lautrbach
e7309b2ad3 tests: Run linux-system-roles.selinux tests
Use tests from https://github.com/linux-system-roles/selinux.git
to check if an update doesn't break some basic SELinux Ansible
modules.
2018-01-16 11:58:33 +01:00
Vit Mojzis
8fe4dec985 Add readme dealing with translations
- Clarify relation between individual repositories containing translations
- Explain how to use zanata interface on a few important use-cases
2018-01-12 09:51:29 +01:00
Petr Lautrbach
4b74ff6678 Add CI tests using the standard test interface
The playbook includes Tier1 level test cases that have been tested in
the following contexts and is passing reliably on Classic.
Test logs are stored in the Artifacts directory.

The following steps are used to execute the tests using the standard test interface:

Classic
    sudo ANSIBLE_INVENTORY=$(test -e inventory && echo inventory || echo /usr/share/ansible/inventory) TEST_SUBJECTS="" TEST_ARTIFACTS=$PWD/artifacts ansible-playbook --tags classic tests.yml

It's based on
https://src.fedoraproject.org/rpms/policycoreutils/pull-request/1 from Merlin Mathesius <merlinm@redhat.com>
2017-12-21 17:11:01 +01:00
Petr Lautrbach
3cd3d543c6 policycoreutils-2.7-7.fc28
- semanage: bring semanageRecords.set_reload back to seobject.py
(#1527745)
2017-12-20 10:31:18 +01:00
Petr Lautrbach
c33737fa2a Fix most of rpmlint warnings
Known issues:
policycoreutils.spec: W: invalid-url Source14: sepolicy-icons.tgz
The value should be a valid, public HTTP, HTTPS, or FTP URL.

policycoreutils.spec: W: invalid-url Source12:
policycoreutils_man_ru2.tar.bz2
The value should be a valid, public HTTP, HTTPS, or FTP URL.
2017-12-13 18:33:19 +01:00
Petr Lautrbach
24037d1412 policycoreutils-2.7-6.fc28
- semanage: make seobject.py backward compatible
- Own %{pythonX_sitelib}/site-packages/sepolicy directories (#1522942)
2017-12-13 18:15:36 +01:00
Petr Lautrbach
0931850ffa make seobject.py backward compatible
Fixes: $ system-config-selinux
  Traceback (most recent call last):
    File "/usr/share/system-config-selinux/system-config-selinux.py", line 196, in <module>
      app = childWindow()
    File "/usr/share/system-config-selinux/system-config-selinux.py", line 100, in __init__
      self.add_page(booleansPage.booleansPage(xml))
    File "/usr/share/system-config-selinux/booleansPage.py", line 142, in __init__
      self.load(self.filter)
    File "/usr/share/system-config-selinux/booleansPage.py", line 212, in load
      self.booleans = seobject.booleanRecords()
  TypeError: __init__() missing 1 required positional argument: 'args'
2017-12-13 18:12:30 +01:00
Petr Lautrbach
629a62a8a9 Own %{pythonX_sitelib}/site-packages/sepolicy directories
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1522942
2017-12-13 17:14:18 +01:00
Petr Lautrbach
bd497b9fd6 policycoreutils-2.7-5.fc28
- sepolicy: Fix sepolicy manpage
- semanage: Update Infiniband code to work on python3
- semanage: Fix export of ibendport entries
- semanage: Enforce noreload only if it's requested by -N option
2017-11-22 15:39:07 +01:00