Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package setroubleshoot for openSUSE:Factory checked in at 2023-08-08 15:54:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/setroubleshoot (Old) and /work/SRC/openSUSE:Factory/.setroubleshoot.new.22712 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "setroubleshoot" Tue Aug 8 15:54:08 2023 rev:5 rq:1102659 version:3.3.31 Changes: -------- --- /work/SRC/openSUSE:Factory/setroubleshoot/setroubleshoot.changes 2022-12-12 17:42:23.106024275 +0100 +++ /work/SRC/openSUSE:Factory/.setroubleshoot.new.22712/setroubleshoot.changes 2023-08-08 15:54:09.848704076 +0200 @@ -1,0 +2,18 @@ +Wed Jun 7 13:16:23 UTC 2023 - Zdenek Kubala <[email protected]> + +- Add patch remove-pip-from-makefile.patch to temp fix build error + caused by invoking `-m pip install` within build process by + return to `setup.py install` - we do not allow network + connection in secure build mode in OBS + +------------------------------------------------------------------- +Tue Jan 24 10:43:16 UTC 2023 - Frederic Crozat <[email protected]> + +- Update to version 3.3.31: + * Add a screen reader label to the icon + * seapplet: avoid ValueError when parsing sealert.conf + * doc: Document performance related changes + * Decrease setroubleshootd priority and limit RAM utilization to 1GB +- Add python3-setuptools and python3-pip to BuildRequires. + +------------------------------------------------------------------- Old: ---- setroubleshoot-3.3.30.tar.gz New: ---- remove-pip-from-makefile.patch setroubleshoot-3.3.31.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ setroubleshoot.spec ++++++ --- /var/tmp/diff_new_pack.UL5FD6/_old 2023-08-08 15:54:10.584708682 +0200 +++ /var/tmp/diff_new_pack.UL5FD6/_new 2023-08-08 15:54:10.588708707 +0200 @@ -1,7 +1,7 @@ # # spec file for package setroubleshoot # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,36 +22,39 @@ Summary: Helps troubleshoot SELinux problems License: GPL-2.0-or-later Name: setroubleshoot -Version: 3.3.30 -Release: 2%{?dist} +Version: 3.3.31 +Release: 0 URL: https://gitlab.com/setroubleshoot/setroubleshoot Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz Source1: %{name}.tmpfiles Source2: %{name}.sysusers Source3: %{name}.logrotate Patch0: setroubleshoot-desktop.patch +Patch1: remove-pip-from-makefile.patch # git format-patch -N 3.3.30 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done BuildRequires: autoconf -BuildRequires: automake -BuildRequires: gcc -BuildRequires: gettext -BuildRequires: intltool -BuildRequires: libcap-ng-devel -BuildRequires: make -BuildRequires: python3 -BuildRequires: python3-devel BuildRequires: audit-devel >= 3.0.1 +BuildRequires: automake BuildRequires: dbus-1-glib-devel BuildRequires: desktop-file-utils +BuildRequires: gcc +BuildRequires: gettext BuildRequires: gtk2-devel BuildRequires: gtk3-devel +BuildRequires: intltool +BuildRequires: libcap-ng-devel BuildRequires: libnotify-devel BuildRequires: libselinux-devel +BuildRequires: make BuildRequires: polkit-devel +BuildRequires: python3 BuildRequires: python3-dasbus +BuildRequires: python3-devel BuildRequires: python3-gobject +BuildRequires: python3-pip BuildRequires: python3-selinux +BuildRequires: python3-setuptools # for the _tmpfilesdir macro BuildRequires: systemd-rpm-macros # for the sysusers @@ -66,8 +69,8 @@ #Requires: python3-libreport Requires(post): desktop-file-utils Requires(post): dbus-1 -Requires(postun): dbus-1 -Requires(postun): desktop-file-utils +Requires(postun):dbus-1 +Requires(postun):desktop-file-utils BuildRequires: xdg-utils Requires: xdg-utils @@ -144,7 +147,6 @@ %find_lang %{name} - %package doc Summary: Setroubleshoot documentation Group: Productivity/Security @@ -164,13 +166,13 @@ Requires: %{name}-plugins >= 3.3.10 Requires: audit >= 3.0.1 Requires: audit-libs-python3 -Requires: python3-selinux >= 2.1.5-1 -Requires: python3-libxml2 +Requires: policycoreutils-python-utils Requires: python3-dbus-python +Requires: python3-gobject >= 3.11 +Requires: python3-libxml2 Requires: python3-rpm +Requires: python3-selinux >= 2.1.5-1 Requires: python3-systemd >= 206-1 -Requires: python3-gobject >= 3.11 -Requires: policycoreutils-python-utils BuildRequires: gettext BuildRequires: intltool BuildRequires: python3 @@ -186,8 +188,8 @@ about the problem and help track its resolution. Alerts can be configured to user preference. The same tools can be run on existing log files. - %pre server -f %{name}-server.pre +%service_add_pre setroubleshootd.service %post server %if 0%{?suse_version} @@ -195,9 +197,14 @@ %else /sbin/service auditd reload >/dev/null 2>&1 || : %endif +%service_add_post setroubleshootd.service %postun server /sbin/service auditd reload >/dev/null 2>&1 || : +%service_del_postun setroubleshootd.service + +%preun server +%service_del_preun setroubleshootd.service %files server -f %{name}.lang %{_bindir}/sealert @@ -257,6 +264,7 @@ %attr(750,root,root) %dir %{_sysconfdir}/audit %attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d %attr(640,root,root)%config %{_sysconfdir}/audit/plugins.d/sedispatch.conf +%{_unitdir}/setroubleshootd.service %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}-server %{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service %{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service ++++++ remove-pip-from-makefile.patch ++++++ Index: setroubleshoot-3.3.31/src/Makefile.am =================================================================== --- setroubleshoot-3.3.31.orig/src/Makefile.am +++ setroubleshoot-3.3.31/src/Makefile.am @@ -110,8 +110,8 @@ python-build: $(PYTHON) setup.py build install-exec-hook: - $(PYTHON) -m pip install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` \ - `test -n "$(PREFIX)" && echo --prefix $(PREFIX)` . + $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` \ + `test -n "$(PREFIX)" && echo --prefix $(PREFIX)` uninstall-hook: - $(PYTHON) -m pip uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -y setroubleshoot + $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` ++++++ setroubleshoot-3.3.30.tar.gz -> setroubleshoot-3.3.31.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/Makefile.am new/setroubleshoot-3.3.31/Makefile.am --- old/setroubleshoot-3.3.30/Makefile.am 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/Makefile.am 2022-11-23 15:08:21.000000000 +0100 @@ -28,6 +28,9 @@ polkit_system_DATA = \ org.fedoraproject.setroubleshootfixit.policy +systemd_systemunitdir = $(prefix)/lib/systemd/system/ +systemd_systemunit_DATA = setroubleshootd.service + autostartdir = $(sysconfdir)/xdg/autostart autostart_DATA = sealertauto.desktop diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/NEWS new/setroubleshoot-3.3.31/NEWS --- old/setroubleshoot-3.3.30/NEWS 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/NEWS 2022-11-23 15:08:21.000000000 +0100 @@ -1,3 +1,10 @@ +setroubleshoot 3.3.31 2022-11-23 + - Add a screen reader label to the icon + - seapplet: avoid ValueError when parsing sealert.conf + - doc: Document performance related changes + - Decrease setroubleshootd priority and limit RAM utilization to 1GB + + setroubleshoot 3.3.30 2022-06-28 - Miscellaneous python and build system changes - Fix couple of typos diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/configure.ac new/setroubleshoot-3.3.31/configure.ac --- old/setroubleshoot-3.3.30/configure.ac 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/configure.ac 2022-11-23 15:08:21.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT([setroubleshoot], [3.3.30], +AC_INIT([setroubleshoot], [3.3.31], [http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=setroubleshoot]) AC_CONFIG_SRCDIR(src/setroubleshoot/__init__.py) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/doc/setroubleshootd.8 new/setroubleshoot-3.3.31/doc/setroubleshootd.8 --- old/setroubleshoot-3.3.30/doc/setroubleshootd.8 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/doc/setroubleshootd.8 2022-11-23 15:08:21.000000000 +0100 @@ -23,9 +23,14 @@ setroubleshootd is a system daemon which runs under setroubleshoot user and listens for audit events emitted from the kernel related to SELinux. When the setroubleshootd daemon sees an SELinux AVC denial it runs a series of analysis -plugins which examines the audit data related to the AVC. It records the +plugins which examine the audit data related to the AVC. It records the results of the analysis and signals any clients which have attached to the setroubleshootd daemon that a new alert has been seen. +.P +setroubleshootd is not persistent and only runs when there are new AVCs to be +analyzed. It is executed using setroubleshootd.service, which also limits its +priority and maximum RAM utilization to 1GB, in order to help with system +responsiveness in case of large amounts of AVCs. .SH "OPTIONS" .TP @@ -33,7 +38,7 @@ Do not fork the daemon .TP .B \-d \-\-debug -Do not exit after 10 seconds +Do not exit after 10 seconds of inactivity .TP .B \-h \-\-help Show this message diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/org.fedoraproject.Setroubleshootd.service new/setroubleshoot-3.3.31/org.fedoraproject.Setroubleshootd.service --- old/setroubleshoot-3.3.30/org.fedoraproject.Setroubleshootd.service 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/org.fedoraproject.Setroubleshootd.service 2022-11-23 15:08:21.000000000 +0100 @@ -1,4 +1,5 @@ [D-BUS Service] Name=org.fedoraproject.Setroubleshootd -Exec=/usr/sbin/setroubleshootd -f +SystemdService=setroubleshootd.service +Exec=/bin/false User=setroubleshoot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/setroubleshootd.service new/setroubleshoot-3.3.31/setroubleshootd.service --- old/setroubleshoot-3.3.30/setroubleshootd.service 1970-01-01 01:00:00.000000000 +0100 +++ new/setroubleshoot-3.3.31/setroubleshootd.service 2022-11-23 15:08:21.000000000 +0100 @@ -0,0 +1,10 @@ +[Unit] +Description=SETroubleshoot daemon for processing new SELinux denial logs + +[Service] +Type=dbus +BusName=org.fedoraproject.Setroubleshootd +ExecStart=/usr/sbin/setroubleshootd -f +User=setroubleshoot +LimitAS=1G +Nice=5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/src/Makefile.am new/setroubleshoot-3.3.31/src/Makefile.am --- old/setroubleshoot-3.3.30/src/Makefile.am 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/src/Makefile.am 2022-11-23 15:08:21.000000000 +0100 @@ -110,8 +110,8 @@ $(PYTHON) setup.py build install-exec-hook: - $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` \ - `test -n "$(PREFIX)" && echo --prefix $(PREFIX)` + $(PYTHON) -m pip install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` \ + `test -n "$(PREFIX)" && echo --prefix $(PREFIX)` . uninstall-hook: - $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` + $(PYTHON) -m pip uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -y setroubleshoot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/src/seapplet new/setroubleshoot-3.3.31/src/seapplet --- old/setroubleshoot-3.3.30/src/seapplet 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/src/seapplet 2022-11-23 15:08:21.000000000 +0100 @@ -44,12 +44,14 @@ return self.status_icon # Gtk.StatusIcon.new_from_file is deprecated but has no replacement + # Same applies to Gtk.StatusIcon.set_title import warnings warnings.filterwarnings("ignore", category=DeprecationWarning) self.status_icon = Gtk.StatusIcon.new_from_file( "/usr/share/icons/hicolor/scalable/apps/setroubleshoot_icon.svg" ) + self.status_icon.set_title("SELinux troubleshooter") self.status_icon.connect("activate", self.status_show) self.status_icon.set_visible(True) @@ -81,10 +83,13 @@ try: with open(GLib.get_user_config_dir() + "/sealert.conf", encoding='utf-8') as f: for line in f: - (key, value) = line.split('=') - if key == 'last': - last_id = value.rstrip() - break + try: + (key, value) = line.split('=') + if key == 'last': + last_id = value.rstrip() + break + except: + pass except OSError: pass diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/setroubleshoot-3.3.30/src/setup.py new/setroubleshoot-3.3.31/src/setup.py --- old/setroubleshoot-3.3.30/src/setup.py 2022-06-28 10:10:15.000000000 +0200 +++ new/setroubleshoot-3.3.31/src/setup.py 2022-11-23 15:08:21.000000000 +0100 @@ -1,11 +1,11 @@ #!/usr/bin/python3 # Author: Dan Walsh <[email protected]> -from distutils.core import setup +from setuptools import setup setup(name="setroubleshoot", - version="3.3.29", + version="3.3.31", description="Python SELinux Troubleshooter", author="Dan Walsh", author_email="[email protected]", url='https://gitlab.com/setroubleshoot/setroubleshoot/',
