Auto sync2gitlab import of setools-4.3.0-3.el8.src.rpm

.gitignore

@@ -0,0 +1 @@
+/4.3.0.tar.gz

0001-Support-old-boolean-names-in-policy-queries.patch

@@ -0,0 +1,94 @@
+From 97bd46865e12246c00517d1e07aabca530a305ac Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Wed, 17 Jun 2020 13:34:19 +0200
+Subject: [PATCH] Support old boolean names in policy queries
+
+Translate old boolean names based on /etc/selinux/*/booleans.subs_dist
+file. The translation is only attempted when "policy" was not specified
+to avoid influencing queries of policies from other systems.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ seinfo                        |  6 +++++-
+ sesearch                      |  7 ++++++-
+ setools/policyrep/selinux.pxd |  1 +
+ setools/policyrep/util.pxi    | 22 ++++++++++++++++++++++
+ 4 files changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/seinfo b/seinfo
+index d2caf7c..bc33e12 100755
+--- a/seinfo
++++ b/seinfo
+@@ -125,7 +125,11 @@ try:
+     if args.boolquery or args.all:
+         q = setools.BoolQuery(p)
+         if isinstance(args.boolquery, str):
+-            q.name = args.boolquery
++            if args.policy:
++                q.name = args.boolquery
++            else:
++                # try to find substitutions for old boolean names
++                q.name = setools.policyrep.lookup_boolean_name_sub(args.boolquery)
+ 
+         components.append(("Booleans", q, lambda x: x.statement()))
+ 
+diff --git a/sesearch b/sesearch
+index c4b1d38..733f3d3 100755
+--- a/sesearch
++++ b/sesearch
+@@ -189,7 +189,12 @@ try:
+             if args.boolean_regex:
+                 q.boolean = args.boolean
+             else:
+-                q.boolean = args.boolean.split(",")
++                if args.policy:
++                    q.boolean = args.boolean.split(",")
++                else:
++                    # try to find substitutions for old boolean names
++                    q.boolean = map(setools.policyrep.lookup_boolean_name_sub,
++                                    args.boolean.split(","))
+ 
+         for r in sorted(q.results()):
+             print(r)
+diff --git a/setools/policyrep/selinux.pxd b/setools/policyrep/selinux.pxd
+index a2e8af0..1686831 100644
+--- a/setools/policyrep/selinux.pxd
++++ b/setools/policyrep/selinux.pxd
+@@ -24,3 +24,4 @@ cdef extern from "<selinux/selinux.h>":
+     bint selinuxfs_exists()
+     const char* selinux_current_policy_path()
+     const char* selinux_binary_policy_path()
++    char* selinux_boolean_sub(const char *boolean_name);
+diff --git a/setools/policyrep/util.pxi b/setools/policyrep/util.pxi
+index 40f21a7..abc7be8 100644
+--- a/setools/policyrep/util.pxi
++++ b/setools/policyrep/util.pxi
+@@ -230,3 +230,25 @@ cdef flatten_list(input_list):
+             ret.append(i)
+ 
+     return ret
++
++
++def lookup_boolean_name_sub(name):
++    """
++    Read the /etc/selinux/TYPE/booleans.subs_dist file looking
++    for a record with 'name'.
++    Return the translated name if a corresponding substitution exists,
++    otherwise return the original name.
++    """
++    cdef:
++        char *_name = selinux.selinux_boolean_sub(name)
++        str new_name = name
++
++    if _name == NULL:
++        raise MemoryError
++    # cast "char *" to "str" and free
++    try:
++        new_name = _name
++    finally:
++        free(_name)
++
++    return new_name
+-- 
+2.25.4
+

0002-Make-seinfo-output-predictable.patch

@@ -0,0 +1,90 @@
+From 4e6f6c95cfe7ca4a3a9d9e0dbd6e23e4bac2449c Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 18 Nov 2021 13:59:08 +0100
+Subject: [PATCH] Make seinfo output predictable
+
+There are few places where frozenset is used. Given that frozenset is an unordered
+collection the output generated from this is unpredictable.
+
+The following command outputs are fixed using sorted() on frozensets:
+
+    seinfo --constrain
+    seinfo --common
+    seinfo -c -x
+    seinfo -r -x
+    seinfo -u -x
+
+Fixes: https://github.com/SELinuxProject/setools/issues/65
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ setools/policyrep/constraint.pxi | 2 +-
+ setools/policyrep/objclass.pxi   | 4 ++--
+ setools/policyrep/role.pxi       | 2 +-
+ setools/policyrep/user.pxi       | 2 +-
+ 4 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi
+index d5221a1..77c3e2e 100644
+--- a/setools/policyrep/constraint.pxi
++++ b/setools/policyrep/constraint.pxi
+@@ -66,7 +66,7 @@ cdef class Constraint(BaseConstraint):
+ 
+     def statement(self):
+         if len(self.perms) > 1:
+-            perms = "{{ {0} }}".format(' '.join(self.perms))
++            perms = "{{ {0} }}".format(' '.join(sorted(self.perms)))
+         else:
+             # convert to list since sets cannot be indexed
+             perms = list(self.perms)[0]
+diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi
+index b7ec7b7..8ed2be5 100644
+--- a/setools/policyrep/objclass.pxi
++++ b/setools/policyrep/objclass.pxi
+@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol):
+         return other in self.perms
+ 
+     def statement(self):
+-        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms))
++        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms)))
+ 
+ 
+ cdef class ObjClass(PolicySymbol):
+@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol):
+ 
+         # a class that inherits may not have additional permissions
+         if len(self.perms) > 0:
+-            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms))
++            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms)))
+ 
+         return stmt
+ 
+diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi
+index 9a0dd39..3af8a3f 100644
+--- a/setools/policyrep/role.pxi
++++ b/setools/policyrep/role.pxi
+@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol):
+         if count == 1:
+             stmt += " types {0}".format(types[0])
+         else:
+-            stmt += " types {{ {0} }}".format(' '.join(types))
++            stmt += " types {{ {0} }}".format(' '.join(sorted(types)))
+ 
+         stmt += ";"
+         return stmt
+diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi
+index 9c82aa9..e37af29 100644
+--- a/setools/policyrep/user.pxi
++++ b/setools/policyrep/user.pxi
+@@ -81,7 +81,7 @@ cdef class User(PolicySymbol):
+         if count == 1:
+             stmt += roles[0]
+         else:
+-            stmt += "{{ {0} }}".format(' '.join(roles))
++            stmt += "{{ {0} }}".format(' '.join(sorted(roles)))
+ 
+         if self._level:
+             stmt += " level {0.mls_level} range {0.mls_range};".format(self)
+-- 
+2.30.2
+

1001-Do-not-use-Werror-during-build.patch

@@ -0,0 +1,49 @@
+From 8d98b324fabcad6b09f9c734f79e6da9f9e85786 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 23 Feb 2017 08:17:07 +0100
+Subject: [PATCH] Do not use -Werror during build
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There are new warnings when setools are built with gcc 7 therefore we
+want to suppress -Werror for now
+
+Fixes:
+libqpol/policy_extend.c: In function ‘policy_extend’:
+libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
+    snprintf(buff, 9, "@ttr%04zd", i + 1);
+                           ^~~~~
+libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
+    snprintf(buff, 9, "@ttr%04zd", i + 1);
+                      ^~~~~~~~~~~
+In file included from /usr/include/stdio.h:939:0,
+                 from /usr/include/sepol/policydb/policydb.h:53,
+                 from libqpol/policy_extend.c:29:
+/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9
+   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
+          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+        __bos (__s), __fmt, __va_arg_pack ());
+        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+error: command 'gcc' failed with exit status 1
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 457c830..4dcb301 100644
+--- a/setup.py
++++ b/setup.py
+@@ -106,7 +106,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
+                          libraries=['selinux', 'sepol'],
+                          library_dirs=lib_dirs,
+                          define_macros=macros,
+-                         extra_compile_args=['-Werror', '-Wextra',
++                         extra_compile_args=['-Wextra',
+                                              '-Waggregate-return',
+                                              '-Wfloat-equal',
+                                              '-Wformat', '-Wformat=2',
+-- 
+2.25.1
+

1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch

@@ -0,0 +1,139 @@
+From 52f5f911c4ae481530a57b6a0dd42067406a9d36 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 26 Apr 2019 15:27:25 +0200
+Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
+ setools.DomainTransitionAnalysis
+
+dta and infoflow modules require networkx which brings lot of dependencies.
+These dependencies are not necessary for setools module itself as it's
+used in policycoreutils.
+
+Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
+setools.dta.DomainTransitionAnalysis and let the package containing
+sedta and seinfoflow to require python3-networkx
+---
+ sedta                       | 4 ++--
+ seinfoflow                  | 4 ++--
+ setools/__init__.py         | 4 ----
+ setoolsgui/apol/dta.py      | 2 +-
+ setoolsgui/apol/infoflow.py | 2 +-
+ tests/dta.py                | 2 +-
+ tests/infoflow.py           | 2 +-
+ 7 files changed, 8 insertions(+), 12 deletions(-)
+
+diff --git a/sedta b/sedta
+index 60861ca..41e38a2 100755
+--- a/sedta
++++ b/sedta
+@@ -22,7 +22,7 @@ import argparse
+ import logging
+ import signal
+ 
+-import setools
++import setools.dta
+ 
+ 
+ def print_transition(trans):
+@@ -114,7 +114,7 @@ else:
+ 
+ try:
+     p = setools.SELinuxPolicy(args.policy)
+-    g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
++    g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+ 
+     if args.shortest_path or args.all_paths:
+         if args.shortest_path:
+diff --git a/seinfoflow b/seinfoflow
+index f10c39d..fee749a 100755
+--- a/seinfoflow
++++ b/seinfoflow
+@@ -17,7 +17,7 @@
+ # along with SETools.  If not, see <http://www.gnu.org/licenses/>.
+ #
+ 
+-import setools
++import setools.infoflow
+ import argparse
+ import sys
+ import logging
+@@ -101,7 +101,7 @@ elif args.booleans is not None:
+ try:
+     p = setools.SELinuxPolicy(args.policy)
+     m = setools.PermissionMap(args.map)
+-    g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
++    g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
+                                  booleans=booleans)
+ 
+     if args.shortest_path or args.all_paths:
+diff --git a/setools/__init__.py b/setools/__init__.py
+index 26fa5aa..b7e51c4 100644
+--- a/setools/__init__.py
++++ b/setools/__init__.py
+@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery
+ from .devicetreeconquery import DevicetreeconQuery
+ 
+ # Information Flow Analysis
+-from .infoflow import InfoFlowAnalysis
+ from .permmap import PermissionMap
+ 
+-# Domain Transition Analysis
+-from .dta import DomainTransitionAnalysis
+-
+ # Policy difference
+ from .diff import PolicyDifference
+ 
+diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
+index 4608b9d..2cde44c 100644
+--- a/setoolsgui/apol/dta.py
++++ b/setoolsgui/apol/dta.py
+@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+     QTreeWidgetItem
+-from setools import DomainTransitionAnalysis
++from setools.dta import DomainTransitionAnalysis
+ 
+ from ..logtosignal import LogHandlerToSignal
+ from .analysistab import AnalysisTab
+diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
+index 7bca299..7fee277 100644
+--- a/setoolsgui/apol/infoflow.py
++++ b/setoolsgui/apol/infoflow.py
+@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+     QTreeWidgetItem
+-from setools import InfoFlowAnalysis
++from setools.infoflow import InfoFlowAnalysis
+ from setools.exception import UnmappedClass, UnmappedPermission
+ 
+ from ..logtosignal import LogHandlerToSignal
+diff --git a/tests/dta.py b/tests/dta.py
+index a0cc938..177e6fb 100644
+--- a/tests/dta.py
++++ b/tests/dta.py
+@@ -18,7 +18,7 @@
+ import os
+ import unittest
+ 
+-from setools import DomainTransitionAnalysis
++from setools.dta import DomainTransitionAnalysis
+ from setools import TERuletype as TERT
+ from setools.exception import InvalidType
+ from setools.policyrep import Type
+diff --git a/tests/infoflow.py b/tests/infoflow.py
+index aa0e44a..fca2848 100644
+--- a/tests/infoflow.py
++++ b/tests/infoflow.py
+@@ -18,7 +18,7 @@
+ import os
+ import unittest
+ 
+-from setools import InfoFlowAnalysis
++from setools.infoflow import InfoFlowAnalysis
+ from setools import TERuletype as TERT
+ from setools.exception import InvalidType
+ from setools.permmap import PermissionMap
+-- 
+2.25.1
+

1003-Require-networkx-on-package-level.patch

@@ -0,0 +1,24 @@
+From 67067b6df7139cc38cf33d3cb2c66434cf4e89e4 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 2 Apr 2020 16:06:14 +0200
+Subject: [PATCH] Require networkx on package level
+
+It allows us to ship python3-setools without dependency on python3-networkx
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 4dcb301..9333e0c 100644
+--- a/setup.py
++++ b/setup.py
+@@ -170,5 +170,5 @@ setup(name='setools',
+       # setup also requires libsepol and libselinux
+       # C libraries and headers to compile.
+       setup_requires=['setuptools', 'Cython>=0.27'],
+-      install_requires=['setuptools', 'networkx>=2.0']
++      install_requires=['setuptools']
+       )
+-- 
+2.25.1
+

1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch

@@ -0,0 +1,93 @@
+From d249ea3316fcfaa203055d2b1f2c52423216e7e7 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 30 Jul 2019 17:13:44 +0200
+Subject: [PATCH] Do not use NoteNotFound as it's not implemented in networkx-1
+
+---
+ setools/dta.py      | 8 ++++----
+ setools/infoflow.py | 8 ++++----
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/setools/dta.py b/setools/dta.py
+index 3239d2d..e15d8b8 100644
+--- a/setools/dta.py
++++ b/setools/dta.py
+@@ -24,7 +24,7 @@ from collections import defaultdict, namedtuple
+ from contextlib import suppress
+ 
+ import networkx as nx
+-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
++from networkx.exception import NetworkXError, NetworkXNoPath
+ 
+ from .descriptors import EdgeAttrDict, EdgeAttrList
+ from .policyrep import TERuletype
+@@ -111,7 +111,7 @@ class DomainTransitionAnalysis:
+ 
+         self.log.info("Generating one domain transition path from {0} to {1}...".format(s, t))
+ 
+-        with suppress(NetworkXNoPath, NodeNotFound):
++        with suppress(NetworkXNoPath):
+             # NodeNotFound: the type is valid but not in graph, e.g. excluded
+             # NetworkXNoPath: no paths or the target type is
+             # not in the graph
+@@ -146,7 +146,7 @@ class DomainTransitionAnalysis:
+         self.log.info("Generating all domain transition paths from {0} to {1}, max length {2}...".
+                       format(s, t, maxlen))
+ 
+-        with suppress(NetworkXNoPath, NodeNotFound):
++        with suppress(NetworkXNoPath):
+             # NodeNotFound: the type is valid but not in graph, e.g. excluded
+             # NetworkXNoPath: no paths or the target type is
+             # not in the graph
+@@ -177,7 +177,7 @@ class DomainTransitionAnalysis:
+         self.log.info("Generating all shortest domain transition paths from {0} to {1}...".
+                       format(s, t))
+ 
+-        with suppress(NetworkXNoPath, NodeNotFound):
++        with suppress(NetworkXNoPath):
+             # NodeNotFound: the type is valid but not in graph, e.g. excluded
+             # NetworkXNoPath: no paths or the target type is
+             # not in the graph
+diff --git a/setools/infoflow.py b/setools/infoflow.py
+index 579e064..89e5c8e 100644
+--- a/setools/infoflow.py
++++ b/setools/infoflow.py
+@@ -21,7 +21,7 @@ import logging
+ from contextlib import suppress
+ 
+ import networkx as nx
+-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
++from networkx.exception import NetworkXError, NetworkXNoPath
+ 
+ from .descriptors import EdgeAttrIntMax, EdgeAttrList
+ from .exception import RuleNotConditional
+@@ -124,7 +124,7 @@ class InfoFlowAnalysis:
+         self.log.info("Generating one shortest information flow path from {0} to {1}...".
+                       format(s, t))
+ 
+-        with suppress(NetworkXNoPath, NodeNotFound):
++        with suppress(NetworkXNoPath):
+             # NodeNotFound: the type is valid but not in graph, e.g.
+             # excluded or disconnected due to min weight
+             # NetworkXNoPath: no paths or the target type is
+@@ -163,7 +163,7 @@ class InfoFlowAnalysis:
+         self.log.info("Generating all information flow paths from {0} to {1}, max length {2}...".
+                       format(s, t, maxlen))
+ 
+-        with suppress(NetworkXNoPath, NodeNotFound):
++        with suppress(NetworkXNoPath):
+             # NodeNotFound: the type is valid but not in graph, e.g.
+             # excluded or disconnected due to min weight
+             # NetworkXNoPath: no paths or the target type is
+@@ -197,7 +197,7 @@ class InfoFlowAnalysis:
+         self.log.info("Generating all shortest information flow paths from {0} to {1}...".
+                       format(s, t))
+ 
+-        with suppress(NetworkXNoPath, NodeNotFound):
++        with suppress(NetworkXNoPath):
+             # NodeNotFound: the type is valid but not in graph, e.g.
+             # excluded or disconnected due to min weight
+             # NetworkXNoPath: no paths or the target type is
+-- 
+2.25.1
+

EMPTY

@@ -1 +0,0 @@
- 

apol.desktop

@@ -0,0 +1,11 @@
+[Desktop Entry]
+Name=SELinux Policy Analysis
+GenericName=SELinux Policy Analysis Tool 
+Comment=This tool can examine, search, and relate policy components and policy rules 
+Icon=apol
+Exec=/usr/bin/apol
+Type=Application
+Terminal=false
+Categories=System;
+X-Desktop-File-Install-Version=0.2
+StartupNotify=true

setools.pam

@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		include		config-util
+account		include		config-util
+session		include		config-util

setools.spec

@@ -0,0 +1,275 @@
+# % global setools_pre_ver rc
+# % global gitver f1e5b20
+
+%global sepol_ver 2.9-1
+%global selinux_ver 2.9-1
+
+%bcond_without     networkx
+
+Name:           setools
+Version:        4.3.0
+Release:        3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
+Summary:        Policy analysis tools for SELinux
+
+License:        GPLv2
+URL:            https://github.com/SELinuxProject/setools/wiki
+Source0:        https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
+Source1:        setools.pam
+Source2:        apol.desktop
+Patch0001:      0001-Support-old-boolean-names-in-policy-queries.patch
+Patch0002:      0002-Make-seinfo-output-predictable.patch
+Patch1001:      1001-Do-not-use-Werror-during-build.patch
+Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+Patch1003:      1003-Require-networkx-on-package-level.patch
+Patch1004:      1004-Do-not-use-NoteNotFound-as-it-s-not-implemented-in-n.patch
+
+Obsoletes:      setools < 4.0.0, setools-devel < 4.0.0
+BuildRequires:  flex,  bison
+BuildRequires:  glibc-devel, gcc, git
+BuildRequires:  libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
+BuildRequires:  qt5-qtbase-devel
+BuildRequires:  swig
+BuildRequires:  python3-Cython
+BuildRequires:  python3-devel
+BuildRequires:  python3-setuptools
+BuildRequires:  libselinux-devel
+
+# BuildArch:      
+Requires:       %{name}-console = %{version}-%{release}
+%if %{with networkx}
+Requires:       %{name}-console-analyses = %{version}-%{release}
+Requires:       %{name}-gui = %{version}-%{release}
+%endif
+
+%description
+SETools is a collection of graphical tools, command-line tools, and
+Python modules designed to facilitate SELinux policy analysis.
+
+%package     console
+Summary:     Policy analysis command-line tools for SELinux
+License:     GPLv2
+Requires:    python3-setools = %{version}-%{release}
+Requires:    libselinux >= %{selinux_ver}
+
+%description console
+SETools is a collection of graphical tools, command-line tools, and
+libraries designed to facilitate SELinux policy analysis.
+
+This package includes the following console tools:
+
+  sediff       Compare two policies to find differences.
+  seinfo       List policy components.
+  sesearch     Search rules (allow, type_transition, etc.)
+
+
+%if %{with networkx}
+%package     console-analyses
+Summary:     Policy analysis command-line tools for SELinux
+License:     GPLv2
+Requires:    python3-setools = %{version}-%{release}
+Requires:    libselinux >= %{selinux_ver}
+Requires:    python3-networkx
+
+%description console-analyses
+SETools is a collection of graphical tools, command-line tools, and
+libraries designed to facilitate SELinux policy analysis.
+
+This package includes the following console tools:
+
+  sedta        Perform domain transition analyses.
+  seinfoflow   Perform information flow analyses.
+%endif
+
+
+%package     -n python3-setools
+Summary:     Policy analysis tools for SELinux  
+Obsoletes:   setools-libs < 4.0.0, setools-libs-tcl
+Recommends:  libselinux-python3
+# Remove before F30
+Provides: %{name}-python3 = %{version}-%{release}
+Provides: %{name}-python3%{?_isa} = %{version}-%{release}
+Obsoletes: %{name}-python3 < %{version}-%{release}
+%if 0%{?rhel} && 0%{?rhel} >= 8
+Requires:    platform-python-setuptools
+%else
+Requires:    python3-setuptools
+%endif
+
+%description -n python3-setools
+SETools is a collection of graphical tools, command-line tools, and
+Python 3 modules designed to facilitate SELinux policy analysis.
+
+
+%if %{with networkx}
+%package     gui
+Summary:     Policy analysis graphical tools for SELinux
+Requires:    python3-setools = %{version}-%{release}
+Requires:    python3-qt5
+Requires:    python3-networkx
+
+%description gui
+SETools is a collection of graphical tools, command-line tools, and
+Python modules designed to facilitate SELinux policy analysis.
+%endif
+
+
+%prep
+%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
+
+
+%build
+# Remove CFLAGS=... for noarch packages (unneeded)
+%set_build_flags
+%{__python3} setup.py build
+
+
+%install
+%{__python3} setup.py install --root %{buildroot}
+
+%if %{without networkx}
+rm -f %{buildroot}%{_bindir}/sedta %{buildroot}%{_bindir}/seinfoflow \
+  %{buildroot}%{_mandir}*/man1/sedta* %{buildroot}%{_mandir}*/man1/sedinfoflow* \
+rm -rf %{buildroot}%{_bindir}/apol %{buildroot}%{python3_sitearch}/setoolsgui \
+  %{buildroot}%{_mandir}*/man1/apol*
+%endif
+
+%check
+%if %{?_with_check:1}%{!?_with_check:0}
+%{__python3} setup.py test
+%endif
+
+
+%files
+
+%files console
+%{_bindir}/sediff
+%{_bindir}/seinfo
+%{_bindir}/sesearch
+%{_mandir}/man1/sediff*
+%{_mandir}/man1/seinfo*
+%{_mandir}/man1/sesearch*
+%{_mandir}/ru/man1/sediff*
+%{_mandir}/ru/man1/seinfo*
+%{_mandir}/ru/man1/sesearch*
+
+%if %{with networkx}
+%files console-analyses
+%{_bindir}/sedta
+%{_bindir}/seinfoflow
+%{_mandir}/man1/sedta*
+%{_mandir}/man1/seinfoflow*
+%{_mandir}/ru/man1/sedta*
+%{_mandir}/ru/man1/seinfoflow*
+%endif
+
+%files -n python3-setools
+%license COPYING COPYING.GPL COPYING.LGPL
+%{python3_sitearch}/setools
+%{python3_sitearch}/setools-*
+
+%if %{with networkx}
+%files gui
+%{_bindir}/apol
+%{python3_sitearch}/setoolsgui
+%{_mandir}/man1/apol*
+%{_mandir}/ru/man1/apol*
+%endif
+
+%changelog
+* Tue Nov 30 2021 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-3}
+- Make seinfo output predictable (#2019961)
+
+* Tue Jun 30 2020 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-2
+- Support old boolean names in policy queries (#1595572, #1581848)
+
+* Fri Apr 03 2020 Vit Mojzis <vmojzis@redhat.com> - 4.3.0-1
+- SETools 4.3.0 release (#1820079)
+- Revised sediff method for TE rules. This drastically reduced memory and run time.
+- Added infiniband context support to seinfo, sediff, and apol.
+- Added apol configuration for location of Qt assistant.
+- Fixed sediff issue where properties header would display when not requested.
+- Fixed sediff issue with type_transition file name comparison.
+- Fixed permission map socket sendto information flow direction.
+- Added methods to TypeAttribute class to make it a complete Python collection.
+- Genfscon now will look up classes rather than using fixed values which
+  were dropped from libsepol.
+- setools requires -console, -console-analyses and -gui packages (#1820078)
+
+* Sat Nov 30 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-2
+- Build setools-console-analyses and setools-gui (#1731519)
+
+* Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1
+- SETools 4.2.2 release
+
+* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
+- Use %set_build_flags instead of %optflags
+
+* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
+- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
+
+* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
+- SETools 4.2.1 release (#1581761, #1595582)
+
+* Fri Nov 16 2018 Lumír Balhar <lbalhar@redhat.com> - 4.2.0-2
+- Require platform-python-setuptools instead of python3-setuptools
+- Resolves: rhbz#1650548
+
+* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 4.2.0-1
+- SETools 4.2.0 release
+
+* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
+- Update upstream source to 4.2.0-rc
+
+* Wed Aug 22 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-11
+- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9
+
+* Thu Jun 14 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-10
+- Move gui python files to -gui subpackage
+- Do not build gui and console-analyses by default
+
+* Wed Jun  6 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-9
+- Don't build the Python 2 subpackage (#1567362)
+
+* Thu Apr 26 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-8
+- Add support for SCTP protocol (#1568333)
+
+* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Sep 04 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-5
+- setools-python2 requires python2-enum34
+
+* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-4
+- Add Provides for the old name without %%_isa
+
+* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-3
+- Python 2 binary package renamed to python2-setools
+  See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
+- Python 3 binary package renamed to python3-setools
+
+* Thu Aug 10 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-2
+- bswap_* macros are defined in byteswap.h
+
+* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-1
+- New upstream release
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon May 22 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-3
+- setools-python{,3} packages should have a weak dependency on libselinux-python{,3}
+  (#1447747)
+
+* Thu Feb 23 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-2
+- Move python networkx dependency to -gui and -console-analyses
+- Ship sedta and seinfoflow in setools-console-analyses
+
+* Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-1
+- New upstream release.

sources

@@ -0,0 +1 @@
+SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a