folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Build Break Fix: Rollback selinux checkins. (#204) 

* Revert "Add missing %libsepolver definition in secilc.spec (#192)"

This reverts commit 9cff088bec.

* Revert "Add SELinux packages to Mariner. (#100)"

This reverts commit b2d918efac.
This commit is contained in:
jslobodzian 2020-10-13 19:37:01 -07:00 committed by GitHub
parent 110619ae47
commit 791c4b9e19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
45 changed files with 143 additions and 23293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
View File

File diff suppressed because one or more lines are too long

5
SPECS/checkpolicy/checkpolicy.signatures.json
View File

@ -1,5 +0,0 @@
{
"Signatures": {
"checkpolicy-2.9.tar.gz": "a946c32b284532447857e4c48830f8816867c61220c8c08bdd32e6f691335f8e"
}
}

936
SPECS/checkpolicy/checkpolicy.spec
View File

@ -1,936 +0,0 @@
%define libselinuxver 2.9-1
%define libsepolver 2.9-1
Summary: SELinux policy compiler
Name: checkpolicy
Version: 2.9
Release: 3%{?dist}
License: GPLv2
Vendor: Microsoft Corporation
Distribution: Mariner
Url: https://github.com/SELinuxProject/selinux
Source0: %{url}/releases/download/20190315/%{name}-%{version}.tar.gz
BuildRequires: gcc
BuildRequires: bison
BuildRequires: flex
BuildRequires: flex-devel
BuildRequires: libsepol-devel >= %{libsepolver}
BuildRequires: libselinux-devel >= %{libselinuxver}
%description
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
This package contains checkpolicy, the SELinux policy compiler.
Only required for building policies.
%prep
%autosetup -p 1 -n checkpolicy-%{version}
%build
%set_build_flags
make clean
make LIBDIR="%{_libdir}"
cd test
make LIBDIR="%{_libdir}"
%install
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
%files
%license COPYING
%{_bindir}/checkpolicy
%{_bindir}/checkmodule
%{_mandir}/man8/checkpolicy.8.gz
%{_mandir}/man8/checkmodule.8.gz
%{_mandir}/ru/man8/checkpolicy.8.gz
%{_mandir}/ru/man8/checkmodule.8.gz
%{_bindir}/sedismod
%{_bindir}/sedispol
%changelog
* Wed Aug 19 2020 Daniel Burgener <Daniel.Burgener@microsoft.com> 2.9-3
- Initial CBL-Mariner import from Fedora 31 (license: MIT)
- License verified
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
- SELinux userspace 2.9-rc2 release
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
- SELinux userspace 2.9-rc1 release
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
- Check the result value of hashtable_search
- Destroy the class datum if it fails to initialize
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
- SELinux userspace 2.8 release
* Tue May 15 2018 Petr Lautrbach <plautrba@workstation> - 2.8-0.rc3.1
- SELinux userspace 2.8-rc3 release candidate
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
- SELinux userspace 2.8-rc1 release candidate
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-7
- Add support for the SCTP portcon keyword
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-6
- build: follow standard semantics for DESTDIR and PREFIX
* Thu Feb 22 2018 Florian Weimer <fweimer@redhat.com> - 2.7-5
- Use LDFLAGS from redhat-rpm-config
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-3
- Rebuild with libsepol-2.7-3 and libselinux-2.7-6
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-2
- Rebuilt with libsepol-2.7-2
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
- Update to upstream release 2017-08-04
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1
- Update to upstream release 2016-10-14
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-8
- Add types associated to a role in the current scope when parsing
* Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-7
- Extend checkpolicy pathname matching
- Rebuilt with libsepol-2.5-9
* Mon Jun 27 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-6
- Fix typos in sedispol
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
- Set flex as default lexer
- Fix checkmodule output message
* Wed May 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
- Rebuilt with libsepol-2.5-6
* Fri Apr 29 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
- Build policy on systems not supporting DCCP protocol
- Fail if module name different than output base filename
* Fri Apr 08 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-2
- Add support for portcon dccp protocol
* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
- Update to upstream release 2016-02-23
* Sun Feb 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.1.rc1
- Update to upstream rc1 release 2016-01-07
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-1.1
- Update to 2.4 release
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> - 2.3-3
- fix license handling
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
- Update to upstream
* Add Android support for building dispol.
* Report source file and line information for neverallow failures.
* Prevent incompatible option combinations for checkmodule.
* Drop -lselinux from LDLIBS for test programs; not used.
* Add debug feature to display constraints/validatetrans from Richard Haines.
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
- Update to upstream
* Fix hyphen usage in man pages from Laurent Bigonville.
* handle-unknown / -U required argument fix from Laurent Bigonville.
* Support overriding Makefile PATH and LIBDIR from Laurent Bigonville.
* Support space and : in filenames from Dan Walsh.
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.12-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jul 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-4
- Fix a segmentation fault if the --handle-unknown option was set without
arguments.
- Thanks to Alexandre Rebert and his team at Carnegie Mellon University
for detecting this crash.
* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-3
- ":" should be allowed for file trans names
* Tue Mar 12 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-2
- Space should be allowed for file trans names
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
- Update to upstream
* Fix errors found by coverity
* implement default type policy syntax
* Free allocated memory when clean up / exit.
* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.11-3
- Update to latest patches from eparis/Upstream
- checkpolicy: libsepol: implement default type policy syntax
-
- We currently have a mechanism in which the default user, role, and range
- can be picked up from the source or the target object. This implements
- the same thing for types. The kernel will override this with type
- transition rules and similar. This is just the default if nothing
- specific is given.
* Wed Sep 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-2
- Rebuild with fixed libsepol
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
- Update to upstream
* fd leak reading policy
* check return code on ebitmap_set_bit
* Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
- Rebuild to grab latest libsepol
* Tue Jul 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3
- Rebuild to grab latest libsepol
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
- Update to upstream
* sepolgen: We need to support files that have a + in them
* Android/MacOS X build support
* Mon Apr 23 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-4
- Rebuild to get latest libsepol which fixes the file_name transition problems
* Tue Apr 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-3
- Recompile with libsepol that has support for ptrace_child
* Tue Apr 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2
- Allow checkpolicy to use + in a file name
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
- Update to upstream
* implement new default labeling behaviors for usr, role, range
* Fix dead links to www.nsa.gov/selinux
* Mon Jan 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
- Fix man page to link to www.nsa.giv/research/selinux
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
-Update to upstream
* add ignoredirs config for genhomedircon
* Fallback_user_level can be NULL if you are not using MLS
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
- default_rules should be optional
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
- Rebuild with latest libsepol
* Tue Dec 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1
- Upgrade to upstream
* dis* fixed signed vs unsigned errors
* dismod: fix unused parameter errors
* test: Makefile: include -W and -Werror
* allow ~ in filename transition rules
- Allow policy to specify the source of target for generating the default user,role
- or mls label for a new target.
* Mon Nov 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
- Allow ~ in a filename
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
- Upgrade to upstream
* Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"
* drop libsepol dynamic link in checkpolicy
* Tue Sep 20 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
- Fix checkpolicy to ignore '"' in filename trans rules
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
-Update to upstream
* Separate tunable from boolean during compile.
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-0
-Update to upstream
* checkpolicy: fix spacing in output message
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-0
* add missing ; to attribute_role_def
*Redo filename/filesystem syntax to support filename trans
* Wed Aug 3 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-0
-Update to upstream
* .gitignore changes
* dispol output of role trans
* man page update: build a module with an older policy version
* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.1-0
-Update to upstream
* Minor updates to filename trans rule output in dis{mod,pol}
* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.0-1
-Update to upstream
* Mon May 23 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1
-Update to upstream
* Wrap file names in filename transitions with quotes by Steve Lawrence.
* Allow filesystem names to start with a digit by James Carter.
* Add support for using the last path compnent in type transitions by Eric
* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.24-2
* Fixes for new role_transition class field by Eric Paris.
* Fri Apr 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.24-2
- Add "-" as a file type
* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.24-1
-Update to upstream
* Add new class field in role_transition by Harry Ciao.
* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-5
- Fix type_transition to allow all files
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-4
- Patches from Eric Paris
We just use random numbers to make menu selections. Use #defines and
names that make some sense instead.
This patch adds support for using the last path component as part of the
information in making labeling decisions for new objects. A example
rule looks like so:
type_transition unconfined_t etc_t:file system_conf_t eric;
This rule says if unconfined_t creates a file in a directory labeled
etc_t and the last path component is "eric" (no globbing, no matching
magic, just exact strcmp) it should be labeled system_conf_t.
The kernel and policy representation does not have support for such
rules in conditionals, and thus policy explicitly notes that fact if
such a rule is added to a conditional.
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.23-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 12 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-2
- Add James Carters Patch
*This patch is needed because some filesystem names (such as 9p) start
with a digit.
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1
- Latest update from NSA
* Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
* Wed Dec 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-2
- Rebuild to make sure it will build in Fedora
* Wed Jun 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
- Latest update from NSA
* Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
- Allow policy version to be one number
* Mon May 3 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.21-2
- Fix checkmodule man page and usage statements
* Sun Nov 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.21-1
- Latest update from NSA
* Add support for building Xen policies from Paul Nuzzi.
* Add long options to checkpolicy and checkmodule by Guido
Trentalancia <guido@trentalancia.com>
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.19-1
- Latest update from NSA
* Fix alias field in module format, caused by boundary format change
from Caleb Case.
* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1
- Latest update from NSA
* Properly escape regex symbols in the lexer from Stephen Smalley.
* Add bounds support from KaiGai Kohei.
* Tue Oct 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-4
* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-3
- Rebuild with new libsepol
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.16-2
- fix license tag
* Wed May 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-1
- Latest update from NSA
* Update checkpolicy for user and role mapping support from Joshua Brindle.
* Fri May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1
- Latest update from NSA
* Fix for policy module versions that look like IPv4 addresses from Jim Carter.
Resolves bug 444451.
* Fri May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
- Allow modules with 4 sections or more
* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1
- Latest update from NSA
* Add permissive domain support from Eric Paris.
* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.13-1
- Latest update from NSA
* Split out non-grammar parts of policy_parse.yacc into
policy_define.c and policy_define.h from Todd C. Miller.
* Initialize struct policy_file before using it, from Todd C. Miller.
* Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller.
* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.10-1
- Latest update from NSA
* Use yyerror2() where appropriate from Todd C. Miller.
- Build against latest libsepol
* Fri Feb 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.9-2
- Start shipping sedismod and sedispol
* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1
- Latest update from NSA
* Update dispol for libsepol avtab changes from Stephen Smalley.
* Fri Jan 25 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.8-1
- Latest update from NSA
* Deprecate role dominance in parser.
* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.7-2
- Update to use libsepol-static library
* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.7-1
- Latest update from NSA
* Added support for policy capabilities from Todd Miller.
* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-1
- Latest update from NSA
* Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source".
* Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter.
* Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.4-1
* Merged handle unknown policydb flag support from Eric Paris.
Adds new command line options -U {allow, reject, deny} for selecting
the flag when a base module or kernel policy is built.
* Tue Aug 28 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 2.0.3-3
- Rebuild for selinux ppc32 issue.
* Mon Jun 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2
- Rebuild with the latest libsepol
* Sun Jun 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1
- Latest update from NSA
* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
* Thu Apr 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.2-1
- Latest update from NSA
* Merged checkmodule man page fix from Dan Walsh.
* Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-3
- Rebuild with new libsepol
* Wed Mar 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2
- Rebuild with new libsepol
* Mon Nov 20 2006 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
- Latest update from NSA
* Merged patch to allow dots in class identifiers from Caleb Case.
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1
- Latest update from NSA
* Merged patch to use new libsepol error codes by Karl MacMillan.
* Updated version for stable branch.
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-2
- Rebuild for new libraries
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-1
- Latest update from NSA
* Collapse user identifiers and identifiers together.
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.32-1
- Latest update from NSA
* Updated version for release.
* Thu Sep 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.12-1
- Latest update from NSA
* Merged user and range_transition support for modules from
Darrel Goeddel
* Wed Sep 6 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.11-1
- Latest update from NSA
* merged range_transition enhancements and user module format
changes from Darrel Goeddel
* Merged symtab datum patch from Karl MacMillan.
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.30.9-1.1
- rebuild
* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.8-1
- Latest upgrade from NSA
* Lindent.
* Merged patch to remove TE rule conflict checking from the parser
from Joshua Brindle. This can only be done properly by the
expander.
* Merged patch to make checkpolicy/checkmodule handling of
duplicate/conflicting TE rules the same as the expander
from Joshua Brindle.
* Merged optionals in base take 2 patch set from Joshua Brindle.
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.5-1
- Latest upgrade from NSA
* Merged compiler cleanup patch from Karl MacMillan.
* Merged fix warnings patch from Karl MacMillan.
* Wed Apr 5 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.4-1
- Latest upgrade from NSA
* Changed require_class to reject permissions that have not been
declared if building a base module.
* Tue Mar 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.3-1
- Latest upgrade from NSA
* Fixed checkmodule to call link_modules prior to expand_module
to handle optionals.
* Fixed require_class to avoid shadowing permissions already defined
in an inherited common definition.
* Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.1-2
- Rebuild with new libsepol
* Thu Mar 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.1-1
- Latest upgrade from NSA
* Moved processing of role and user require statements to 2nd pass.
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.30-1
- Latest upgrade from NSA
* Updated version for release.
* Fixed bug in role dominance (define_role_dom).
* Fri Feb 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.29.4-1
- Latest upgrade from NSA
* Added a check for failure to declare each sensitivity in
a level definition.
* Changed to clone level data for aliased sensitivities to
avoid double free upon sens_destroy. Bug reported by Kevin
Carr of Tresys Technology.
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.29.2-1
- Latest upgrade from NSA
* Merged optionals in base patch from Joshua Brindle.
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.29.1-1.2
- Need to build againi
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.29.1-1.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> 1.29.1-1
- Latest upgrade from NSA
* Merged sepol_av_to_string patch from Joshua Brindle.
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.28-5.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.28-5
- Rebuild to get latest libsepol
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.28-5
- Rebuild to get latest libsepol
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.28-4
- Rebuild to get latest libsepol
* Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.28-3
- Rebuild to get latest libsepol
* Fri Dec 16 2005 Dan Walsh <dwalsh@redhat.com> 1.28-2
- Rebuild to get latest libsepol
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Fri Dec 9 2005 Dan Walsh <dwalsh@redhat.com> 1.28-1
- Latest upgrade from NSA
* Sun Dec 4 2005 Dan Walsh <dwalsh@redhat.com> 1.27.20-1
- Latest upgrade from NSA
* Merged checkmodule man page from Dan Walsh, and edited it.
* Thu Dec 1 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
- Latest upgrade from NSA
* Added error checking of all ebitmap_set_bit calls for out of
memory conditions.
* Merged removal of compatibility handling of netlink classes
(requirement that policies with newer versions include the
netlink class definitions, remapping of fine-grained netlink
classes in newer source policies to single netlink class when
generating older policies) from George Coker.
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.17-7
- Rebuild to get latest libsepol
* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.27.17-1
- Latest upgrade from NSA
* Merged dismod fix from Joshua Brindle.
* Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.27.16-1
- Latest upgrade from NSA
* Removed obsolete cond_check_type_rules() function and call and
cond_optimize_lists() call from checkpolicy.c; these are handled
during parsing and expansion now.
* Updated calls to expand_module for interface change.
* Changed checkmodule to verify that expand_module succeeds
when building base modules.
* Merged module compiler fixes from Joshua Brindle.
* Removed direct calls to hierarchy_check_constraints() and
check_assertions() from checkpolicy since they are now called
internally by expand_module().
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.27.11-1
- Latest upgrade from NSA
* Updated for changes to sepol policydb_index_others interface.
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.27.10-1
- Latest upgrade from NSA
* Updated for changes to sepol expand_module and link_modules interfaces.
* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-2
- Rebuild to get latest libsepol
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-1
- Latest upgrade from NSA
* Merged support for require blocks inside conditionals from
Joshua Brindle (Tresys).
* Wed Oct 12 2005 Karsten Hopp <karsten@redhat.de> 1.27.8-2
- add buildrequirement for libselinux-devel for dispol
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.27.8-1
- Latest upgrade from NSA
* Updated for changes to libsepol.
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-2
- Rebuild to get latest libsepol
* Thu Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
- Latest upgrade from NSA
* Merged several bug fixes from Joshua Brindle (Tresys).
* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.27.6-1
- Latest upgrade from NSA
* Merged MLS in modules patch from Joshua Brindle (Tresys).
* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-2
- Rebuild to get latest libsepol
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-1
- Latest upgrade from NSA
* Merged error handling improvement in checkmodule from Karl MacMillan (Tresys).
* Tue Sep 27 2005 Dan Walsh <dwalsh@redhat.com> 1.27.4-1
- Latest upgrade from NSA
* Merged bugfix for dup role transition error messages from
Karl MacMillan (Tresys).
* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.27.3-1
- Latest upgrade from NSA
* Merged policyver/modulever patches from Joshua Brindle (Tresys).
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.27.2-2
- Rebuild to get latest libsepol
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.27.2-1
- Latest upgrade from NSA
* Fixed parse_categories handling of undefined category.
* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.27.1-2
- Rebuild to get latest libsepol
* Sat Sep 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.1-1
- Latest upgrade from NSA
* Merged bug fix for role dominance handling from Darrel Goeddel (TCS).
* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
- Rebuild to get latest libsepol
* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-1
- Latest upgrade from NSA
* Updated version for release.
- Rebuild to get latest libsepol
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.25.12-3
- Rebuild to get latest libsepol
* Mon Aug 29 2005 Dan Walsh <dwalsh@redhat.com> 1.25.12-2
- Rebuild to get latest libsepol
* Mon Aug 22 2005 Dan Walsh <dwalsh@redhat.com> 1.25.12-1
- Update to NSA Release
* Fixed handling of validatetrans constraint expressions.
Bug reported by Dan Walsh for checkpolicy -M.
* Mon Aug 22 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-2
- Fix mls crash
* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-1
- Update to NSA Release
* Merged use-after-free fix from Serge Hallyn (IBM).
Bug found by Coverity.
* Sun Aug 14 2005 Dan Walsh <dwalsh@redhat.com> 1.25.10-1
- Update to NSA Release
* Fixed further memory leaks found by valgrind.
* Changed checkpolicy to destroy the policydbs prior to exit
to allow leak detection.
* Fixed several memory leaks found by valgrind.
* Sun Aug 14 2005 Dan Walsh <dwalsh@redhat.com> 1.25.8-3
- Rebuild to get latest libsepol changes
* Sat Aug 13 2005 Dan Walsh <dwalsh@redhat.com> 1.25.8-2
- Rebuild to get latest libsepol changes
* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.25.8-1
- Update to NSA Release
* Updated checkpolicy and dispol for the new avtab format.
Converted users of ebitmaps to new inline operators.
Note: The binary policy format version has been incremented to
version 20 as a result of these changes. To build a policy
for a kernel that does not yet include these changes, use
the -c 19 option to checkpolicy.
* Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys).
* Merged patch to fix dismod compilation from Joshua Brindle (Tresys).
* Wed Aug 10 2005 Dan Walsh <dwalsh@redhat.com> 1.25.5-1
- Update to NSA Release
* Fixed call to hierarchy checking code to pass the right policydb.
* Merged patch to update dismod for the relocation of the
module read/write code from libsemanage to libsepol, and
to enable build of test subdirectory from Jason Tang (Tresys).
* Thu Jul 28 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
- Update to NSA Release
* Merged hierarchy check fix from Joshua Brindle (Tresys).
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-1
- Update to NSA Release
* Merged loadable module support from Tresys Technology.
* Merged patch to prohibit the use of * and ~ in type sets
(other than in neverallow statements) and in role sets
from Joshua Brindle (Tresys).
* Updated version for release.
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23-4-1
- Update to NSA Release
* Merged cleanup patch from Dan Walsh.
* Thu May 19 2005 Dan Walsh <dwalsh@redhat.com> 1.23-3-1
- Update to NSA Release
* Added sepol_ prefix to Flask types to avoid namespace
collision with libselinux.
* Sat May 7 2005 Dan Walsh <dwalsh@redhat.com> 1.23-2-1
- Update to NSA Release
* Merged identifier fix from Joshua Brindle (Tresys).
* Thu Apr 14 2005 Dan Walsh <dwalsh@redhat.com> 1.23,1-1
* Merged hierarchical type/role patch from Tresys Technology.
* Merged MLS fixes from Darrel Goeddel of TCS.
* Thu Mar 10 2005 Dan Walsh <dwalsh@redhat.com> 1.22-1
- Update to NSA Release
* Tue Mar 1 2005 Dan Walsh <dwalsh@redhat.com> 1.21.4-2
- Rebuild for FC4
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.21.4-1
* Merged define_user() cleanup patch from Darrel Goeddel (TCS).
* Moved genpolusers utility to libsepol.
* Merged range_transition support from Darrel Goeddel (TCS).
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.2-1
- Latest from NSA
* Changed relabel Makefile target to use restorecon.
* Mon Feb 7 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-1
- Latest from NSA
* Merged enhanced MLS support from Darrel Goeddel (TCS).
* Fri Jan 7 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-1
- Update for version increase at NSA
* Mon Dec 20 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
- Latest from NSA
* Merged typeattribute statement patch from Darrel Goeddel of TCS.
* Changed genpolusers to handle multiple user config files.
* Merged nodecon ordering patch from Chad Hanson of TCS.
* Thu Nov 11 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-1
- Latest from NSA
* Merged nodecon ordering patch from Chad Hanson of TCS.
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-1
- Latest from NSA
* MLS build fix.
* Sat Sep 4 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-1
- Latest from NSA
* Fixed Makefile dependencies (Chris PeBenito).
* Sat Sep 4 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
- Latest from NSA
* Fixed Makefile dependencies (Chris PeBenito).
* Sat Sep 4 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-1
- Latest from NSA
* Merged fix for role dominance ordering issue from Chad Hanson of TCS.
* Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
- Latest from NSA
* Thu Aug 26 2004 Dan Walsh <dwalsh@redhat.com> 1.16.3-1
- Fix NSA package to not include y.tab files.
* Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.16.2-1
- Latest from NSA
- Allow port ranges to overlap
* Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.16.1-1
- Latest from NSA
* Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.6-1
- Latest from NSA
* Fri Aug 13 2004 Dan Walsh <dwalsh@redhat.com> 1.15.5-1
- Latest from NSA
* Wed Aug 11 2004 Dan Walsh <dwalsh@redhat.com> 1.15.4-1
- Latest from NSA
* Sat Aug 7 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
- Latest from NSA
* Wed Aug 4 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
- Latest from NSA
* Sat Jul 31 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
- Latest from NSA
* Tue Jul 27 2004 Dan Walsh <dwalsh@redhat.com> 1.14.2-1
- Latest from NSA
* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
- Latest from NSA
* Fri Jun 18 2004 Dan Walsh <dwalsh@redhat.com> 1.12.2-1
- Latest from NSA
* Thu Jun 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12.1-1
- Update to latest from NSA
* Wed Jun 16 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
- Update to latest from NSA
* Wed Jun 16 2004 Dan Walsh <dwalsh@redhat.com> 1.10-5
- Add nlclass patch
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Jun 4 2004 Dan Walsh <dwalsh@redhat.com> 1.10-3
- Add BuildRequires flex
* Thu Apr 8 2004 Dan Walsh <dwalsh@redhat.com> 1.10-2
- Add BuildRequires byacc
* Thu Apr 8 2004 Dan Walsh <dwalsh@redhat.com> 1.10-1
- Upgrade to the latest from NSA
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.8-1
- Upgrade to the latest from NSA
* Tue Feb 24 2004 Dan Walsh <dwalsh@redhat.com> 1.6-1
- Upgrade to the latest from NSA
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Tue Jan 20 2004 Dan Walsh <dwalsh@redhat.com> 1.4-6
- Add typealias patch
* Tue Jan 20 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
- Update excludetypes with negset-final patch
* Wed Jan 14 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4
- Add excludetypes patch
* Wed Jan 14 2004 Dan Walsh <dwalsh@redhat.com> 1.4-3
- Add Colin Walter's lineno patch
* Wed Jan 7 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Remove check for roles transition
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
- upgrade to 1.4
* Wed Oct 1 2003 Dan Walsh <dwalsh@redhat.com> 1.2-1
- upgrade to 1.2
* Thu Aug 28 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2
- upgrade to 1.1
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version

5
SPECS/coreutils/coreutils.spec
View File

@ -1,7 +1,7 @@
Summary: Basic system utilities
Name: coreutils
Version: 8.30
Release: 6%{?dist}
Release: 5%{?dist}
License: GPLv3
URL: http://www.gnu.org/software/coreutils
Group: System Environment/Base
@ -13,7 +13,6 @@ Source1: serial-console.sh
Patch0: http://www.linuxfromscratch.org/patches/downloads/coreutils/coreutils-8.30-i18n-1.patch
Patch1: http://www.linuxfromscratch.org/patches/downloads/coreutils/coreutils-8.10-uname-1.patch
Requires: gmp
BuildRequires: selinux-headers
Provides: sh-utils
Conflicts: toybox
%description
@ -85,8 +84,6 @@ sudo -u nobody -s /bin/bash -c "PATH=$PATH make -k check"
%defattr(-,root,root)
%changelog
* Fri Aug 28 2020 Daniel Burgener <daburgen@microsoft.com> 8.30-6
- Enable SELinux support
* Mon Jun 15 2020 Andrew Phelps <anphel@microsoft.com> 8.30-5
- Add patch for uname processor type
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 8.30-4

10
SPECS/cronie/cronie.spec
View File

@ -1,7 +1,7 @@
Summary: Cron Daemon
Name: cronie
Version: 1.5.2
Release: 4%{?dist}
Release: 3%{?dist}
License: GPLv2+ and MIT and BSD and ISC
URL: https://github.com/cronie-crond/cronie
Source0: https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz
@ -31,7 +31,6 @@ sed -i 's/^\s*auth\s*include\s*password-auth$/auth include system-auth/
--sysconfdir=/etc \
--localstatedir=/var\
--with-pam \
--with-selinux \
--enable-anacron \
--enable-pie \
--enable-relro
@ -121,10 +120,9 @@ make %{?_smp_mflags} check
%ghost %attr(0600,root,root) %{_localstatedir}/spool/anacron/cron.weekly
%changelog
* Fri Sep 04 2020 Daniel Burgener <daburgen@microsoft.com> - 1.5.2-4
- Enable SELinux support
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.5.2-3
- Added %%license line automatically
* Sat May 09 00:21:34 PST 2020 Nick Samson <nisamson@microsoft.com> - 1.5.2-3
- Added %%license line automatically
* Tue Apr 28 2020 Emre Girgin <mrgirgin@microsoft.com> 1.5.2-2
- Renaming Linux-PAM to pam
* Wed Mar 18 2020 Nicolas Ontiveros <niontive@microsoft.com> 1.5.2-1

13
SPECS/dbus/dbus.spec
View File

@ -1,7 +1,7 @@
Summary: DBus for systemd
Name: dbus
Version: 1.13.6
Release: 4%{?dist}
Release: 3%{?dist}
License: GPLv2+ or AFL
URL: http://www.freedesktop.org/wiki/Software/dbus
Group: Applications/File
@ -12,7 +12,6 @@ Distribution: Mariner
BuildRequires: expat-devel
BuildRequires: systemd-devel
BuildRequires: xz-devel
BuildRequires: libselinux-devel
Requires: expat
Requires: systemd
Requires: xz
@ -33,8 +32,7 @@ It contains the libraries and header files to create applications
--sysconfdir=%{_sysconfdir} \
--localstatedir=%{_var} \
--docdir=%{_datadir}/doc/dbus-1.11.12 \
--enable-libaudit=no \
--enable-selinux=yes \
--enable-libaudit=no --enable-selinux=no \
--with-console-auth-dir=/run/console
make %{?_smp_mflags}
@ -76,10 +74,9 @@ make %{?_smp_mflags} check
%{_libdir}/*.so
%changelog
* Fri Sep 04 2020 Daniel Burgener <daburgen@microsoft.com> - 1.13.6-4
- Enable SELinux support
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.13.6-3
- Added %%license line automatically
* Sat May 09 00:21:00 PST 2020 Nick Samson <nisamson@microsoft.com> - 1.13.6-3
- Added %%license line automatically
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.13.6-2
- Initial CBL-Mariner import from Photon (license: Apache2).
* Mon Sep 10 2018 Ajay Kaher <akaher@vmware.com> 1.13.6-1

13
SPECS/groff/groff.spec
View File

@ -1,7 +1,7 @@
Summary: Programs for processing and formatting text
Name: groff
Version: 1.22.3
Release: 6%{?dist}
Release: 5%{?dist}
License: GPLv3+
URL: http://www.gnu.org/software/groff
Group: Applications/Text
@ -25,40 +25,29 @@ Requires: perl-File-HomeDir
%description
The Groff package contains programs for processing
and formatting text.
%prep
%setup -q
%build
PAGE=letter ./configure \
--prefix=%{_prefix} \
--with-grofferdir=%{_datadir}/%{name}/%{version}/groffer
make
%install
install -vdm 755 %{_defaultdocdir}/%{name}-1.22/pdf
make DESTDIR=%{buildroot} install
rm -rf %{buildroot}%{_infodir}
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%license LICENSES
%{_bindir}/*
%{_libdir}/groff/*
%{_libdir}/X11/app-defaults/GXditview
%{_libdir}/X11/app-defaults/GXditview-color
%{_defaultdocdir}/%{name}-%{version}/*
%{_datarootdir}/%{name}/*
%{_mandir}/*/*
%changelog
* Mon Oct 05 2020 Daniel Burgener <daburgen@microsoft.com> 1.22.3-6
- Add installed but unpackaged files to %files list
- Clean up formatting
* Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 1.22.3-5
- Nopatch CVE-2000-0803.nopatch
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.22.3-4

3
SPECS/libselinux/libselinux.spec
View File

@ -11,8 +11,7 @@ Source0: https://github.com/SELinuxProject/selinux/releases/download/2019
Vendor: Microsoft Corporation
Distribution: Mariner
BuildRequires: libsepol-devel
BuildRequires: pcre-devel
BuildRequires: swig
BuildRequires: pcre-devel, swig
BuildRequires: python2-devel
BuildRequires: python3-devel
Requires: pcre-libs

66
SPECS/libsemanage/0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
View File

@ -1,66 +0,0 @@
From dc105dcb5e34e256bcbcf547fea590cfcee06933 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 7 Nov 2018 18:17:34 +0100
Subject: [PATCH] libsemanage: Fix RESOURCE_LEAK and USE_AFTER_FREE coverity
scan defects
---
libsemanage/src/direct_api.c | 21 ++++++++-------------
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index c58961be..8e4d116d 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1028,7 +1028,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
fp = NULL;
- ret = 0;
+ return 0;
cleanup:
if (fp != NULL) fclose(fp);
@@ -2177,7 +2177,6 @@ cleanup:
semanage_module_info_destroy(sh, modinfo);
free(modinfo);
- if (fp != NULL) fclose(fp);
return status;
}
@@ -2342,16 +2341,6 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
free(tmp);
tmp = NULL;
- if (fclose(fp) != 0) {
- ERR(sh,
- "Unable to close %s module lang ext file.",
- (*modinfo)->name);
- status = -1;
- goto cleanup;
- }
-
- fp = NULL;
-
/* lookup enabled/disabled status */
ret = semanage_module_get_path(sh,
*modinfo,
@@ -2395,7 +2384,13 @@ cleanup:
free(modinfos);
}
- if (fp != NULL) fclose(fp);
+ if (fp != NULL && fclose(fp) != 0) {
+ ERR(sh,
+ "Unable to close %s module lang ext file.",
+ (*modinfo)->name);
+ status = -1;
+ }
+
return status;
}
--
2.23.0.rc1

6
SPECS/libsemanage/libsemanage.signatures.json
View File

@ -1,6 +0,0 @@
{
"Signatures": {
"libsemanage-2.9.tar.gz": "2576349d344492e73b468059767268dec1dabd8c35f3c7222c3ec2448737bc1c",
"semanage.conf": "68d403bca3d7bd2e90d00cf44622dc0598817197994812e06367df0c239b1204"
}
}

1464
SPECS/libsemanage/libsemanage.spec
View File

File diff suppressed because it is too large Load Diff

57
SPECS/libsemanage/semanage.conf
View File

@ -1,57 +0,0 @@
# Authors: Jason Tang <jtang@tresys.com>
#
# Copyright (C) 2004-2005 Tresys Technology, LLC
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# Specify how libsemanage will interact with a SELinux policy manager.
# The four options are:
#
# "source" - libsemanage manipulates a source SELinux policy
# "direct" - libsemanage will write directly to a module store.
# /foo/bar - Write by way of a policy management server, whose
# named socket is at /foo/bar. The path must begin
# with a '/'.
# foo.com:4242 - Establish a TCP connection to a remote policy
# management server at foo.com. If there is a colon
# then the remainder is interpreted as a port number;
# otherwise default to port 4242.
module-store = direct
# When generating the final linked and expanded policy, by default
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
# given in <sepol/policydb.h>. Change this setting if a different
# version is necessary.
#policy-version = 19
# expand-check check neverallow rules when executing all semanage
# commands. There might be a penalty in execution time if this
# option is enabled.
expand-check=0
# usepasswd check tells semanage to scan all pass word records for home directories
# and setup the labeling correctly. If this is turned off, SELinux will label /home
# correctly only. You will need to use semanage fcontext command.
# For example, if you had home dirs in /althome directory you would have to execute
# semanage fcontext -a -e /home /althome
usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root
[sefcontext_compile]
path = /usr/sbin/sefcontext_compile
args = -r $@
[end]

6
SPECS/mcstrans/mcstrans.signatures.json
View File

@ -1,6 +0,0 @@
{
"Signatures": {
"mcstrans-2.9.tar.gz": "7eddce6ffefc9a26340f2720ba9afd7d041a31569844842d0199bfe27c5efb19",
"secolor.conf.8": "9f86a0b630281205ef5830339fa580f592b34524a3a11da670c01ccbed55f3f8"
}
}

293
SPECS/mcstrans/mcstrans.spec
View File

@ -1,293 +0,0 @@
Summary: SELinux Translation Daemon
Name: mcstrans
Version: 2.9
Release: 3%{?dist}
License: GPLv2+
Url: https://github.com/SELinuxProject/selinux
Vendor: Microsoft Corporation
Distribution: Mariner
Source0: %{url}/releases/download/20190315/%{name}-%{version}.tar.gz
Source1: secolor.conf.8
BuildRequires: gcc
BuildRequires: libselinux-devel >= %{version}
BuildRequires: libcap-devel
BuildRequires: pcre-devel
BuildRequires: libsepol-devel
BuildRequires: systemd
Requires: pcre
%{?systemd_requires}
Provides: setransd
Provides: libsetrans
Obsoletes: libsetrans
%description
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
mcstrans provides an translation daemon to translate SELinux categories
from internal representations to user defined representation.
%prep
%autosetup -p 1 -n mcstrans-%{version}
%build
%set_build_flags
make LIBDIR="%{_libdir}" %{?_smp_mflags}
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}/%{_libdir}
mkdir -p %{buildroot}%{_usr}/share/mcstrans
mkdir -p %{buildroot}%{_sysconfdir}/selinux/mls/setrans.d
make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" SBINDIR="%{_sbindir}" SYSTEMDDIR="/lib/systemd" install
rm -f %{buildroot}%{_libdir}/*.a
cp -r share/* %{buildroot}%{_usr}/share/mcstrans/
# Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
install -m644 %{SOURCE1} %{buildroot}%{_mandir}/man8/
%post
%systemd_post mcstrans.service
%preun
%systemd_preun mcstrans.service
%postun
%systemd_postun mcstrans.service
%files
%license COPYING
%{_mandir}/man8/mcs.8.gz
%{_mandir}/man8/mcstransd.8.gz
%{_mandir}/man8/setrans.conf.8.gz
%{_mandir}/ru/man8/mcs.8.gz
%{_mandir}/ru/man8/mcstransd.8.gz
%{_mandir}/ru/man8/setrans.conf.8.gz
%{_mandir}/man8/secolor.conf.8.gz
%{_sbindir}/mcstransd
%{_unitdir}/mcstrans.service
%dir %{_sysconfdir}/selinux/mls/setrans.d
%dir %{_usr}/share/mcstrans
%defattr(0644,root,root,0755)
%dir %{_usr}/share/mcstrans/util
%dir %{_usr}/share/mcstrans/examples
%{_usr}/share/mcstrans/examples/*
%defattr(0755,root,root,0755)
%{_usr}/share/mcstrans/util/*
%changelog
* Thu Aug 27 2020 Daniel Burgener <daburgen@microsoft.com> - 2.9-3
- Initial CBL-Mariner import from Fedora 31 (license: MIT)
- License verified
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Mar 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
- SELinux userspace 2.9-rc2 release
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 30 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
- Update to mcstrans-2.9-rc1
* Tue Oct 2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
- Update to mcstrans-2.8
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Mar 19 2014 Karsten Hopp |karsten@redhat.com> - 0.3.4-4
- fix changelog order so that it builds with a recent rpm
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-3
- Make mcstrans PIE and fully relro
- Resolves: #983268
* Tue Oct 15 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-2
- Add RELRO support for long running services
* Thu Sep 12 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-1
- Update to latest version/applying patches
- Move binary to /usr/sbin rather then /sbin
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.3-7
- Add secolor.conf.5 man page
- Make mcstransd watch for content being written to /run/setrans for files names containing translations.
-- This will allow apps like libvirt to write content nameing randomly selected MCS labels
- Fix memory leak in mcstransd
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.3.3-4
- Rebuild against PCRE 8.30
* Thu Feb 2 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-3
- Fix the systemd service file
* Wed Feb 1 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-2
- Update to upstream
- Write pid file
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 5 2011 Ted X Toth <txtoth@gmail.com> - 0.3.2-0
- Add constraints
- Add setrans.conf man page
- Fix mixed raw and translated range bug
- Moved todo comments to TODO file
* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 0.3.1-4
- Add mcstransd man page
* Thu Sep 17 2009 Miroslav Grepl <mgrepl@redhat.com> 0.3.1-3
- Fix init script
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 5 2009 Joe Nall <joe@nall.com> 0.3.1-1
- Rewrite translations to allow individual word/category mapping
- Eamon Walsh's color mapping changes
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.2.11-2
- fix license tag
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 0.2.11-1
- More fixes from Jim Meyering
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.10-1
- More error checking on failed strdup
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.9-1
- Start mcstrans before netlabel
* Mon Apr 14 2008 Dan Walsh <dwalsh@redhat.com> 0.2.8-1
- Fix error handling
* Tue Feb 12 2008 Dan Walsh <dwalsh@redhat.com> 0.2.7-2
- Rebuild for gcc 4.3
* Tue Oct 30 2007 Steve Conklin <sconklin@redhat.com> - 0.2.7-1
- Folded current patches into tarball
* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-3
- Fixed a compile problem with max_categories
* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-2
- Fixed some init script errors
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 0.2.6-1
- Check for max_categories and error out
* Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 0.2.5-1
- Fix case where s0=""
* Mon Feb 26 2007 Dan Walsh <dwalsh@redhat.com> 0.2.4-1
- Translate range if fully specified correctly
* Mon Feb 12 2007 Dan Walsh <dwalsh@redhat.com> 0.2.3-1
- Additional fix to handle ssh root/sysadm_r/s0:c1,c2
Resolves: #224637
* Mon Feb 5 2007 Dan Walsh <dwalsh@redhat.com> 0.2.1-1
- Rewrite to handle MLS properly
Resolves: #225355
* Mon Jan 29 2007 Dan Walsh <dwalsh@redhat.com> 0.1.10-2
- Cleanup memory when complete
* Mon Dec 4 2006 Dan Walsh <dwalsh@redhat.com> 0.1.10-1
- Fix Memory Leak
Resolves: #218173
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 0.1.9-1
- Add -pie
- Fix compiler warnings
- Fix Memory Leak
Resolves: #218173
* Wed Sep 13 2006 Peter Jones <pjones@redhat.com> - 0.1.8-3
- Fix subsys locking in init script
* Wed Aug 23 2006 Dan Walsh <dwalsh@redhat.com> 0.1.8-1
- Only allow one version to run
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - sh: line 0: fg: no job control
- rebuild
* Mon Jun 19 2006 Dan Walsh <dwalsh@redhat.com> 0.1.7-1
- Apply sgrubb patch to only call getpeercon on translations
* Tue Jun 6 2006 Dan Walsh <dwalsh@redhat.com> 0.1.6-1
- Exit gracefully when selinux is not enabled
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.5-1
- Fix sighup handling
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.4-1
- Add patch from sgrubb
- Fix 64 bit size problems
- Increase the open file limit
- Make sure maximum size is not exceeded
* Fri May 12 2006 Dan Walsh <dwalsh@redhat.com> 0.1.3-1
- Move initscripts to /etc/rc.d/init.d
* Thu May 11 2006 Dan Walsh <dwalsh@redhat.com> 0.1.2-1
- Drop Privs
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 0.1.1-1
- Initial Version
- This daemon reuses the code from libsetrans

180
SPECS/mcstrans/secolor.conf.8
View File

@ -1,180 +0,0 @@
.TH "secolor.conf" "8" "08 April 2011" "SELinux API documentation"
.SH "NAME"
secolor.conf \- The SELinux color configuration file
.
.SH "DESCRIPTION"
The
.I /etc/selinux/{SELINUXTYPE}/secolor.conf
configuation file controls the color to be associated to the context components associated to the
.I raw
context passed by
.BR selinux_raw_context_to_color "(3),"
when context related information is to be displayed in color by an SELinux-aware application.
.sp
.BR selinux_raw_context_to_color "(3)"
obtains this color information from the active policy
.B secolor.conf
file as returned by
.BR selinux_colors_path "(3)."
.
.SH "FILE FORMAT"
The file format is as follows:
.RS
.B color
.I color_name
.BI "= #"color_mask
.br
[...]
.sp
.I context_component string
.B =
.I fg_color_name bg_color_name
.br
[...]
.sp
.RE
Where:
.br
.B color
.RS
The color keyword. Each color entry is on a new line.
.RE
.I color_name
.RS
A single word name for the color (e.g. red).
.RE
.I color_mask
.RS
A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #000000 and white being #ffffff.
.RE
.I context_component
.RS
The context component name that must be one of the following:
.br
.RS
user, role, type or range
.RE
Each
.IR context_component " " string " ..."
entry is on a new line.
.RE
.I string
.RS
This is the
.I context_component
string that will be matched with the
.I raw
context component passed by
.BR selinux_raw_context_to_color "(3)."
.br
A wildcard '*' may be used to match any undefined string for the user, role and type
.I context_component
entries only.
.RE
.I fg_color_name
.RS
The color_name string that will be used as the foreground color.
A
.I color_mask
may also be used.
.RE
.I bg_color_name
.RS
The color_name string that will be used as the background color.
A
.I color_mask
may also be used.
.RE
.
.SH "EXAMPLES"
Example 1 entries are:
.RS
color black = #000000
.br
color green = #008000
.br
color yellow = #ffff00
.br
color blue = #0000ff
.br
color white = #ffffff
.br
color red = #ff0000
.br
color orange = #ffa500
.br
color tan = #D2B48C
.sp
user * = black white
.br
role * = white black
.br
type * = tan orange
.br
range s0\-s0:c0.c1023 = black green
.br
range s1\-s1:c0.c1023 = white green
.br
range s3\-s3:c0.c1023 = black tan
.br
range s5\-s5:c0.c1023 = white blue
.br
range s7\-s7:c0.c1023 = black red
.br
range s9\-s9:c0.c1023 = black orange
.br
range s15:c0.c1023 = black yellow
.RE
.sp
Example 2 entries are:
.RS
color black = #000000
.br
color green = #008000
.br
color yellow = #ffff00
.br
color blue = #0000ff
.br
color white = #ffffff
.br
color red = #ff0000
.br
color orange = #ffa500
.br
color tan = #d2b48c
.sp
user unconfined_u = #ff0000 green
.br
role unconfined_r = red #ffffff
.br
type unconfined_t = red orange
.br
user user_u = black green
.br
role user_r = white black
.br
type user_t = tan red
.br
user xguest_u = black yellow
.br
role xguest_r = black red
.br
type xguest_t = black green
.br
user sysadm_u = white black
.br
range s0:c0.c1023 = black white
.br
user * = black white
.br
role * = black white
.br
type * = black white
.RE
.
.SH "SEE ALSO"
.BR mcstransd "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)"

6
SPECS/openssh/openssh.spec
View File

@ -1,7 +1,7 @@
Summary: Free version of the SSH connectivity tools
Name: openssh
Version: 8.0p1
Release: 9%{?dist}
Release: 8%{?dist}
License: BSD
URL: https://www.openssh.com/
Group: System Environment/Security
@ -19,7 +19,6 @@ BuildRequires: krb5-devel
BuildRequires: e2fsprogs-devel
BuildRequires: systemd
BuildRequires: groff
BuildRequires: libselinux-devel
Requires: openssh-clients = %{version}-%{release}
Requires: openssh-server = %{version}-%{release}
@ -57,7 +56,6 @@ tar xf %{SOURCE1} --no-same-owner
--with-md5-passwords \
--with-privsep-path=/var/lib/sshd \
--with-pam \
--with-selinux \
--with-maintype=man \
--enable-strip=no \
--with-kerberos5=/usr
@ -173,8 +171,6 @@ rm -rf %{buildroot}/*
%{_mandir}/man8/ssh-pkcs11-helper.8.gz
%changelog
* Tue Sep 22 2020 Daniel Burgener <daburgen@microsoft.com> 8.0p1-9
- Add SELinux support
* Wed Sep 02 2020 Jim Perrin <jim.perrin@microsoft.com> 8.0p1-8
- Add wants=sshd-keygen.service to sshd.service for easier service starting
* Thu Jun 04 2020 Chris Co <chrco@microsoft.com> 8.0p1-7

6
SPECS/pam/pam.spec
View File

@ -1,7 +1,7 @@
Summary: Linux Pluggable Authentication Modules
Name: pam
Version: 1.3.1
Release: 5%{?dist}
Release: 4%{?dist}
License: BSD and GPLv2+
URL: http://www.linux-pam.org/
Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
@ -9,7 +9,6 @@ Group: System Environment/Security
Vendor: Microsoft Corporation
Distribution: Mariner
BuildRequires: cracklib-devel
BuildRequires: libselinux-devel
Requires: cracklib
%description
The Linux PAM package contains Pluggable Authentication Modules used to
@ -41,7 +40,6 @@ for developing applications that use pam.
--libdir=%{_libdir} \
--sysconfdir=/etc \
--enable-securedir=/usr/lib/security \
--enable-selinux \
--docdir=%{_docdir}/%{name}-%{version}
make %{?_smp_mflags}
@ -95,8 +93,6 @@ rm -rf %{buildroot}/*
%{_docdir}/%{name}-%{version}/*
%changelog
* Fri Aug 28 2020 Daniel Burgener <daburgen@microsoft.com> 1.3.1-5
- Add SELinux support
* Fri Jun 12 2020 Chris Co <chrco@microsoft.com> 1.3.1-4
- Set default PATH in /etc/environment
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.3.1-3

14
SPECS/policycoreutils/policycoreutils.signatures.json
View File

@ -1,14 +0,0 @@
{
"Signatures": {
"policycoreutils-2.9.tar.gz": "c53c344f28007b3c0742bd958751e9b5d2385898adeb8aec6281ae57342f0f7b",
"restorecond-2.9.tar.gz": "cbf9820583e641ee0462fa7bc89e6024676af281e025703e17b2d019b1a25a4f",
"selinux-python-2.9.tar.gz": "3650b5393b0d1790cac66db00e34f059aa91c23cfe3c2559676594e295d75fde",
"semodule-utils-2.9.tar.gz": "8083679ee634570f6e9a18632f2c2862b9134fa308b689b2e1952a369ae5d907",
"selinux-autorelabel": "817911a36413e8cb13fd5107ed94314d3f49962befd00acd9e86038acfa31e73",
"selinux-autorelabel-generator.sh": "ec37c4ed3d2168d367d2bb07c44ea16df052e123908e83010d84aaa1bda1cede",
"selinux-autorelabel-mark.service": "c7707e97067ae344b99a9b59845a4c7335c9ff4e470723bf2a213a6757877707",
"selinux-autorelabel.service": "106ff381e311119d389fd6f9421330a408d3406fab0b990690c73739b02377ac",
"selinux-autorelabel.target": "c340133060c163caf9e22f0624306bd528768e89b3d5faf7285f23d2bada9485",
"python-po.tgz": "14ad596fd3e8010e7fde0b6d5d3df4907627bce77069d969d9b9e821a983162e"
}
}

5343
SPECS/policycoreutils/policycoreutils.spec
View File

File diff suppressed because it is too large Load Diff

73
SPECS/policycoreutils/selinux-autorelabel
View File

@ -1,73 +0,0 @@
#!/bin/bash
#
# Do automatic relabelling
#
# . /etc/init.d/functions
# If the user has this (or similar) UEFI boot order:
#
# Windows | grub | Linux
#
# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
# would cause the system to boot into Windows again, if the autorelabel was run.
#
# This function restores the UEFI boot order, so the user will boot into the
# previously set (and expected) partition.
efi_set_boot_next() {
# NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
# succeed even on system which is not EFI-enabled...
if ! efibootmgr > /dev/null 2>&1; then
return
fi
# NOTE: It it possible that some other services might be setting the
# 'BootNext' item for any reasons, and we shouldn't override it if so.
if ! efibootmgr | grep --quiet -e 'BootNext'; then
CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
fi
}
relabel_selinux() {
# if /sbin/init is not labeled correctly this process is running in the
# wrong context, so a reboot will be required after relabel
AUTORELABEL=
. /etc/selinux/config
echo "0" > /sys/fs/selinux/enforce
[ -x /bin/plymouth ] && plymouth --quit
if [ "$AUTORELABEL" = "0" ]; then
echo
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
echo $"*** problems. Dropping you to a shell; the system will reboot"
echo $"*** when you leave the shell."
sulogin
else
echo
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
echo $"*** Relabeling could take a very long time, depending on file"
echo $"*** system size and speed of hard drives."
FORCE=`cat /.autorelabel`
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
/sbin/fixfiles $FORCE restore
fi
rm -f /.autorelabel
/usr/lib/dracut/dracut-initramfs-restore
efi_set_boot_next
if [ -x /usr/bin/grub2-editenv ]; then
grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
fi
sync
systemctl --force reboot
}
# Check to see if a full relabel is needed
if [ "$READONLY" != "yes" ]; then
restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
relabel_selinux
fi

29
SPECS/policycoreutils/selinux-autorelabel-generator.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
# This systemd.generator(7) detects if SELinux is running and if the
# user requested an autorelabel, and if so sets the default target to
# selinux-autorelabel.target, which will cause the filesystem to be
# relabelled and then the system will reboot again and boot into the
# real default target.
PATH=/usr/sbin:$PATH
unitdir=/usr/lib/systemd/system
# If invoked with no arguments (for testing) write to /tmp.
earlydir="/tmp"
if [ -n "$2" ]; then
earlydir="$2"
fi
set_target ()
{
ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
}
if selinuxenabled; then
if test -f /.autorelabel; then
set_target
elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
set_target
fi
fi

18
SPECS/policycoreutils/selinux-autorelabel-mark.service
View File

@ -1,18 +0,0 @@
[Unit]
Description=Mark the need to relabel after reboot
DefaultDependencies=no
Requires=local-fs.target
Conflicts=shutdown.target
After=local-fs.target
Before=sysinit.target shutdown.target
ConditionSecurity=!selinux
ConditionPathIsDirectory=/etc/selinux
ConditionPathExists=!/.autorelabel
[Service]
ExecStart=-/bin/touch /.autorelabel
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=sysinit.target

14
SPECS/policycoreutils/selinux-autorelabel.service
View File

@ -1,14 +0,0 @@
[Unit]
Description=Relabel all filesystems
DefaultDependencies=no
Conflicts=shutdown.target
After=sysinit.target
Before=shutdown.target
ConditionSecurity=selinux
[Service]
ExecStart=/usr/libexec/selinux/selinux-autorelabel
Type=oneshot
TimeoutSec=0
RemainAfterExit=yes
StandardInput=tty

7
SPECS/policycoreutils/selinux-autorelabel.target
View File

@ -1,7 +0,0 @@
[Unit]
Description=Relabel all filesystems and reboot
DefaultDependencies=no
Requires=sysinit.target selinux-autorelabel.service
Conflicts=shutdown.target
After=sysinit.target selinux-autorelabel.service
ConditionSecurity=selinux

6
SPECS/python2/python2.spec
View File

@ -3,7 +3,7 @@
Summary: A high-level scripting language
Name: python2
Version: 2.7.18
Release: 4%{?dist}
Release: 3%{?dist}
License: PSF
URL: http://www.python.org/
Group: System Environment/Programming
@ -49,6 +49,7 @@ Requires: sqlite-libs
Requires: expat >= 2.1.0
Requires: libffi >= 3.0.13
Requires: ncurses
Requires: coreutils
Requires: gdbm
Requires: bzip2-libs
%global __requires_exclude ^(/usr/bin/python|python\\(abi\\) = 2\\.7)$
@ -240,9 +241,6 @@ make test
%{_libdir}/python2.7/test/*
%changelog
* Mon Sep 14 2020 Daniel Burgener <daburgen@microsoft.com> 2.7.18-4
- Remove coreutils dependency to remove circular dependency with libselinux
* Thu Sep 10 2020 Thomas Crain <thcrain@microsoft.com> - 2.7.18-3
- Ignore CVE-2017-17522 because it is widely agreed upon to not be a security vulnerability
- Ignore CVE-2013-1753 because NVD erroneously lists this version as being vulnerable

5
SPECS/python3/python3.spec
View File

@ -3,7 +3,7 @@
Summary: A high-level scripting language
Name: python3
Version: 3.7.7
Release: 3%{?dist}
Release: 2%{?dist}
License: PSF
URL: http://www.python.org/
Group: System Environment/Programming
@ -47,6 +47,7 @@ code. It is incompatible with Python 2.x releases.
%package libs
Summary: The libraries for python runtime
Group: Applications/System
Requires: coreutils
Requires: expat >= 2.1.0
Requires: libffi >= 3.0.13
Requires: ncurses
@ -264,8 +265,6 @@ rm -rf %{buildroot}/*
%{_libdir}/python3.7/test/*
%changelog
* Fri Sep 04 2020 Daniel Burgener <daburgen@microsoft.com> 3.7.7-3
- Remove coreutils dependency to remove circular dependency with libselinux
* Mon Jul 06 2020 Henry Beberman <henry.beberman@microsoft.com> 3.7.7-2
- Add BuildRequires for iana-etc and tzdata for check section.
* Wed Jun 10 2020 Paul Monson <paulmon@microsoft.com> 3.7.7-1

8
SPECS/rpm/rpm.spec
View File

@ -4,7 +4,7 @@
Summary: Package manager
Name: rpm
Version: 4.14.2
Release: 11%{?dist}
Release: 10%{?dist}
License: GPLv2+ and LGPLv2+ and BSD
URL: https://rpm.org
Group: Applications/System
@ -31,7 +31,6 @@ BuildRequires: file-devel
BuildRequires: python2-devel
BuildRequires: python3-devel
BuildRequires: lua-devel
BuildRequires: libselinux-devel
%description
RPM package manager
@ -122,8 +121,7 @@ sed -i 's/extra_link_args/library_dirs/g' python/setup.py.in
--with-cap \
--with-lua \
--disable-silent-rules \
--with-external-db \
--with-selinux
--with-external-db
make %{?_smp_mflags}
pushd python
@ -271,8 +269,6 @@ rm -rf %{buildroot}
%{python3_sitelib}/*
%changelog
* Fri Aug 28 2020 Daniel Burgener <daburgen@microsoft.com> - 4.14.2-11
- Add SELinux support
* Thu Jun 11 2020 Henry Beberman <henry.beberman@microsoft.com> - 4.14.2-10
- Add a vendor definition so rpm will search /usr/lib/rpm/<vendor> for macros.
* Tue Jun 09 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.14.2-9

30
SPECS/secilc/0001-Allow-setting-arguments-to-xmlto-via-environmental-v.patch
View File

@ -1,30 +0,0 @@
From 170281f8d756f561b2ffe612e0076b6bfff5f482 Mon Sep 17 00:00:00 2001
From: Daniel Burgener <Daniel.Burgener@microsoft.com>
Date: Fri, 28 Aug 2020 13:32:31 +0000
Subject: [PATCH] Allow setting arguments to xmlto via environmental variable.
This will allow us to control xmlto behavior from the spec file
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 1664009..6b9c6f6 100644
--- a/Makefile
+++ b/Makefile
@@ -33,10 +33,10 @@ $(SECIL2CONF): $(SECIL2CONF_OBJS)
man: $(SECILC_MANPAGE) $(SECIL2CONF_MANPAGE)
$(SECILC_MANPAGE): $(SECILC_MANPAGE).xml
- $(XMLTO) man $(SECILC_MANPAGE).xml
+ $(XMLTO) $(XMLARGS) man $(SECILC_MANPAGE).xml
$(SECIL2CONF_MANPAGE): $(SECIL2CONF_MANPAGE).xml
- $(XMLTO) man $(SECIL2CONF_MANPAGE).xml
+ $(XMLTO) $(XMLARGS) man $(SECIL2CONF_MANPAGE).xml
install: all man
-mkdir -p $(DESTDIR)$(BINDIR)
--
2.17.1

6
SPECS/secilc/secilc.signatures.json
View File

@ -1,6 +0,0 @@
{
"Signatures": {
"secilc-2.9.tar.gz": "73a1806e33a669e23545da2d35d0e5038714721f6bf71974eaa533b3ebde61b2",
"0001-Allow-setting-arguments-to-xmlto-via-environmental-v.patch": "d41c968fd09b25fcdf341ffde2a3153982bb2fe329480048e58b9a39342a9962"
}
}

152
SPECS/secilc/secilc.spec
View File

@ -1,152 +0,0 @@
Summary: The SELinux CIL Compiler
Name: secilc
Version: 2.9
Release: 4%{?dist}
License: BSD
Vendor: Microsoft Corporation
Distribution: Mariner
URL: https://github.com/SELinuxProject/selinux
Source0: %{url}/releases/download/20190315/%{name}-%{version}.tar.gz
Patch0001: 0001-Allow-setting-arguments-to-xmlto-via-environmental-v.patch
%global libsepolver %{version}-1
BuildRequires: flex
BuildRequires: gcc
BuildRequires: libsepol-devel >= %{libsepolver}
BuildRequires: xmlto
%description
The SELinux CIL Compiler is a compiler that converts the CIL language as
described on the CIL design wiki into a kernel binary policy file.
Please see the CIL Design Wiki at:
http://github.com/SELinuxProject/cil/wiki/
for more information about the goals and features on the CIL language.
%prep
%autosetup -p 1 -n secilc-%{version}
%build
%set_build_flags
# xmlto wants to access a network resource for validation, so skip it
make %{?_smp_mflags} LIBSEPOL_STATIC=%{_libdir}/libsepol.a XMLARGS="--skip-validation"
%install
make %{?_smp_mflags} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
%files
%license COPYING
%{_bindir}/secilc
%{_bindir}/secil2conf
%{_mandir}/man8/secilc.8.gz
%{_mandir}/man8/secil2conf.8.gz
%changelog
* Fri Oct 09 2020 Thomas Crain <thcrain@microsoft.com> - 2.9-4
- Add missing %libsepolver definition
* Thu Aug 27 2020 Daniel Burgener <daburgen@microsoft.com> - 2.9-3
- Initial CBL-Mariner import from Fedora 31 (license: MIT)
- License verified
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Mar 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
- SELinux userspace 2.9-rc2 release
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
- SELinux userspace 2.9-rc1 release
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri May 25 2018 Petr Lautrbach <plautrba@workstation> - 2.8-1
- SELinux userspace 2.8 release
* Tue May 15 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc3.1
- SELinux userspace 2.8-rc3 release candidate
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
- SELinux userspace 2.8-rc1 release candidate
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
- build: follow standard semantics for DESTDIR and PREFIX
- Describe multiple-decls in secilc.8.xml
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-3
- Rebuild with libsepol-2.7-3
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-2
- Fixed bad reference in roleattribute
- cil: Add ability to redeclare types[attributes]
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
- Update to upstream release 2017-08-04
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1
- Update to upstream release 2016-10-14
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Oct 04 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-6
- Rebuilt with libsepol-2.5-10
* Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-5
- Rebuilt with libsepol-2.5-9
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
- Rebuilt with libsepol-2.5-7
* Wed May 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
- Rebuilt with libsepol-2.5-6
* Fri Apr 08 2016 - 2.5-2
- Add documentation and test rule for portcon dccp protocol
* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
- Update to upstream release 2016-02-23
* Sun Feb 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.1.rc1
- Update to upstream rc1 release 2016-01-07
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Sep 01 2015 Marcin Juszkiewicz <mjuszkiewicz@redhat.com> - 2.4-6
- tell make where libsepol.a is to fix FTBFS on non-x86 64-bit archs - rhbz#1249522
* Wed Jul 29 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-5
- secilc-doc do not need the base package
- Fedora package review https://bugzilla.redhat.com/show_bug.cgi?id=1245270
* Thu Jul 23 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-4
- add license file
* Wed Jul 22 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-3
- remove unnecessary dependencies
- don't build libsepol
* Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-2
- make secilc-doc package noarch
* Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-1
- initial build based on libsepol-2.4 sources

22
SPECS/selinux-policy/Makefile.devel
View File

@ -1,22 +0,0 @@
# installation paths
SHAREDIR := /usr/share/selinux
AWK ?= gawk
NAME ?= $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config))
ifeq ($(MLSENABLED),)
MLSENABLED := 1
endif
ifeq ($(MLSENABLED),1)
NTYPE = mcs
endif
ifeq ($(NAME),mls)
NTYPE = mls
endif
TYPE ?= $(NTYPE)
HEADERDIR := $(SHAREDIR)/devel/include
include $(HEADERDIR)/Makefile

6
SPECS/selinux-policy/selinux-policy.signatures.json
View File

@ -1,6 +0,0 @@
{
"Signatures": {
"refpolicy-2.20200818.tar.bz2": "1488f9b94060de28addbcb29fb8437ee0d75cba15e11280dd9dfa3e09986f57b",
"Makefile.devel": "cd065e896d7eb11e238a05b9102359ea370ec75b27785a81935c985899ed2df6"
}
}

14037
SPECS/selinux-policy/selinux-policy.spec
View File

File diff suppressed because it is too large Load Diff

5
SPECS/setools/setools.signatures.json
View File

@ -1,5 +0,0 @@
{
"Signatures": {
"setools-4.2.2.tar.bz2": "210bd0fa6ce6fa8a39b91dc46e406aa2482bc58108947430b8ac7c996eec263a"
}
}

182
SPECS/setools/setools.spec
View File

@ -1,182 +0,0 @@
%global selinux_ver 2.9-1
%global __python3 /usr/bin/python3
%define python3_sitearch %(python3 -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1))")
Name: setools
Version: 4.2.2
Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
Summary: Policy analysis tools for SELinux
# binaries are GPL and libraries are LGPL. See COPYING.
License: GPLv2 and LGPLv2+
URL: https://github.com/SELinuxProject/setools
Vendor: Microsoft Corporation
Distribution: Mariner
Source0: https://github.com/SELinuxProject/setools/releases/download/%{version}/%{name}-%{version}.tar.bz2
BuildRequires: flex
BuildRequires: bison
BuildRequires: glibc-devel
BuildRequires: gcc
BuildRequires: git
BuildRequires: libsepol-devel >= 2.9-1
BuildRequires: qt5-qtbase-devel
BuildRequires: swig
BuildRequires: python3-Cython
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-xml
BuildRequires: libselinux-devel
%description
SETools is a collection of graphical tools, command-line tools, and
Python modules designed to facilitate SELinux policy analysis.
%package console
Summary: Policy analysis command-line tools for SELinux
License: GPLv2
Requires: setools-python3 = %{version}-%{release}
Requires: libselinux >= %{selinux_ver}
%description console
SETools is a collection of graphical tools, command-line tools, and
libraries designed to facilitate SELinux policy analysis.
This package includes the following console tools:
sediff Compare two policies to find differences.
seinfo List policy components.
sesearch Search rules (allow, type_transition, etc.)
%package python3
Summary: Policy analysis tools for SELinux
Obsoletes: setools-libs < 4.0.0
Recommends: libselinux-python3
Requires: python3-setuptools
%description python3
SETools is a collection of graphical tools, command-line tools, and
Python 3 modules designed to facilitate SELinux policy analysis.
%prep
%setup -n %{name}
%build
%{__python3} setup.py build_ext
%{__python3} setup.py build
%install
%{__python3} setup.py install --prefix=%{_prefix} --root=%{buildroot}
# Remove unpackaged files. These are tools for which the dependencies
# are not yet available on mariner (python3-networkx)
rm -rf %{buildroot}/%{_bindir}/sedta
rm -rf %{buildroot}/%{_bindir}/seinfoflow
rm -rf %{buildroot}/%{_mandir}/man1/sedta*
rm -rf %{buildroot}/%{_mandir}/man1/seinfoflow*
rm -rf %{buildroot}/%{_bindir}/apol
rm -rf %{buildroot}/%{python3_sitearch}/setoolsgui
rm -rf %{buildroot}/%{_mandir}/man1/apol*
%files console
%license COPYING COPYING.GPL COPYING.LGPL
%{_bindir}/sediff
%{_bindir}/seinfo
%{_bindir}/sesearch
%{_mandir}/man1/sediff*
%{_mandir}/man1/seinfo*
%{_mandir}/man1/sesearch*
%files python3
%license COPYING COPYING.GPL COPYING.LGPL
%{python3_sitearch}/setools
%{python3_sitearch}/setools-*
%changelog
* Tue Sep 01 2020 Daniel Burgener <daburgen@microsoft.com> 4.2.2-2
- Initial CBL-Mariner import from Fedora 31 (license: MIT)
- License verified
* Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1
- SETools 4.2.2 release
* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
- Use %set_build_flags instead of %optflags
* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
- SETools 4.2.1 release (#1581761, #1595582)
* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
- Update source to SETools 4.2.0 release
* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
- Update upstream source to 4.2.0-rc
* Wed Sep 19 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.2.beta
- Require userspace release 2.8
- setools-gui requires python3-setools
- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
- Drop python2 subpackage (4.2.0 no longer supports python2)
* Wed Aug 29 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-13
- Add Requires for python[23]-setuptools - no longer required (just recommended)
by python[23] (#1623371)
* Wed Aug 22 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-12.1
- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 4.1.1-10
- Rebuilt for Python 3.7
* Thu Jun 14 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-9
- Move gui python files to -gui subpackage
* Thu Apr 26 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-8
- Add support for SCTP protocol (#1568333)
* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Sep 04 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-5
- setools-python2 requires python2-enum34
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-4
- Add Provides for the old name without %%_isa
* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-3
- Python 2 binary package renamed to python2-setools
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
- Python 3 binary package renamed to python3-setools
* Thu Aug 10 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-2
- bswap_* macros are defined in byteswap.h
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-1
- New upstream release
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon May 22 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-3
- setools-python{,3} packages should have a weak dependency on libselinux-python{,3}
(#1447747)
* Thu Feb 23 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-2
- Move python networkx dependency to -gui and -console-analyses
- Ship sedta and seinfoflow in setools-console-analyses
* Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-1
- New upstream release.

18
SPECS/shadow-utils/shadow-utils.spec
View File

@ -1,7 +1,7 @@
Summary: Programs for handling passwords in a secure way
Name: shadow-utils
Version: 4.6
Release: 9%{?dist}
Release: 8%{?dist}
URL: https://github.com/shadow-maint/shadow/
License: BSD
Group: Applications/System
@ -25,8 +25,6 @@ BuildRequires: cracklib-devel
Requires: cracklib
BuildRequires: pam-devel
Requires: pam
BuildRequires: libselinux-devel
BuildRequires: libsemanage-devel
%description
The Shadow package contains programs for handling passwords
@ -44,11 +42,8 @@ sed -i 's@DICTPATH.*@DICTPATH\t/usr/share/cracklib/pw_dict@' \
etc/login.defs
%build
%configure --sysconfdir=/etc \
--with-libpam \
--with-libcrack \
--with-selinux \
--with-group-name-max-length=32
%configure --sysconfdir=/etc --with-libpam \
--with-libcrack --with-group-name-max-length=32
make %{?_smp_mflags}
%install
@ -146,10 +141,9 @@ make %{?_smp_mflags} check
%config(noreplace) %{_sysconfdir}/pam.d/*
%changelog
* Fri Aug 28 2020 Daniel Burgener <daburgen@microsoft.com> 4.6-9
- Add SELinux support
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 4.6-8
- Added %%license line automatically
* Sat May 09 00:20:53 PST 2020 Nick Samson <nisamson@microsoft.com> - 4.6-8
- Added %%license line automatically
* Tue Apr 28 2020 Emre Girgin <mrgirgin@microsoft.com> 4.6-7
- Renaming Linux-PAM to pam
* Mon Apr 14 2020 Emre Girgin <mrgirgin@microsoft.com> 4.6-6

5
SPECS/systemd/systemd-bootstrap.spec
View File

@ -1,7 +1,7 @@
Summary: Bootstrap version of systemd. Workaround for systemd circular dependency.
Name: systemd-bootstrap
Version: 239
Release: 30%{?dist}
Release: 29%{?dist}
License: LGPLv2+ and GPLv2+ and MIT
URL: https://www.freedesktop.org/wiki/Software/systemd/
Group: System Environment/Security
@ -58,6 +58,7 @@ BuildRequires: docbook-dtd-xml
BuildRequires: glib-devel
BuildRequires: meson
BuildRequires: gettext
BuildRequires: shadow-utils
BuildRequires: libgcrypt-devel
%description
@ -255,8 +256,6 @@ rm -rf %{buildroot}/*
%{_mandir}/man3/*
%changelog
* Fri Aug 28 2020 Daniel Burgener <daburgen@microsoft.com> 239-30
- Remove build dependency on shadow-utils to break circular dependency
* Tue Aug 11 2020 Mateusz Malisz <mamalisz@microsoft.com> 239-29
- Reduce kptr_restrict to 1
* Tue Jun 09 2020 Nicolas Ontiveros <niontive@microsoft.com> 239-28

8
SPECS/systemd/systemd.spec
View File

@ -1,7 +1,7 @@
Summary: Systemd-239
Name: systemd
Version: 239
Release: 32%{?dist}
Release: 31%{?dist}
License: LGPLv2+ and GPLv2+ and MIT
URL: https://www.freedesktop.org/wiki/Software/systemd/
Group: System Environment/Security
@ -59,9 +59,9 @@ BuildRequires: docbook-dtd-xml
BuildRequires: glib-devel
BuildRequires: meson
BuildRequires: gettext
BuildRequires: shadow-utils
BuildRequires: libgcrypt-devel
BuildRequires: cryptsetup-devel
BuildRequires: libselinux-devel
%description
Systemd is an init replacement with better process control and security
@ -137,7 +137,6 @@ meson --prefix %{_prefix} \
-Ddbussystemservicedir=%{_prefix}/share/dbus-1/system-services \
-Dsysvinit-path=/etc/rc.d/init.d \
-Drc-local=/etc/rc.d/rc.local \
-Dselinux=true \
$PWD build &&
cd build &&
%ninja_build
@ -272,9 +271,6 @@ rm -rf %{buildroot}/*
%files lang -f %{name}.lang
%changelog
* Fri Aug 28 2020 Daniel Burgener <daburgen@microsoft.com> 239-32
- Enable SELinux support
- Remove unused BuildRequires shadow-utils
* Mon Aug 24 2020 Leandro Pereira <leperei@microsoft.com> 239-31
- Use time.windows.com as the default NTP server in timesyncd.
* Tue Aug 11 2020 Mateusz Malisz <mamalisz@microsoft.com> 239-30

13
SPECS/util-linux/util-linux.spec
View File

@ -1,7 +1,7 @@
Summary: Utilities for file systems, consoles, partitions, and messages
Name: util-linux
Version: 2.32.1
Release: 4%{?dist}
Release: 3%{?dist}
URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/about/
License: GPLv2+
Group: Applications/System
@ -12,7 +12,6 @@ BuildRequires: ncurses-devel
%if %{with_check}
BuildRequires: ncurses-term
%endif
BuildRequires: libselinux-devel
Requires: %{name}-libs = %{version}-%{release}
Conflicts: toybox
%description
@ -52,8 +51,7 @@ autoreconf -fi
--disable-silent-rules \
--disable-static \
--disable-use-tty-group \
--without-python \
--with-selinux
--without-python
make %{?_smp_mflags}
%install
@ -103,10 +101,9 @@ rm -rf %{buildroot}/lib/systemd/system
%{_mandir}/man3/*
%changelog
* Fri Sep 04 2020 Daniel Burgener <daburgen@microsoft.com> 2.32.1-4
- Enable SELinux support
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.32.1-3
- Added %%license line automatically
* Sat May 09 00:20:52 PST 2020 Nick Samson <nisamson@microsoft.com>
- Added %%license line automatically
* Tue Apr 14 2020 Emre Girgin <mrgirgin@microsoft.com> 2.32.1-2
- Rename ncurses-terminfo to ncurses-term.
* Tue Mar 17 2020 Andrew Phelps <anphel@microsoft.com> 2.32.1-1

70
cgmanifest.json
View File

@ -430,16 +430,6 @@
}
}
},
{
"component": {
"type": "other",
"other": {
"name": "checkpolicy",
"version": "2.9",
"downloadUrl": "https://github.com/SELinuxProject/selinux/releases/download/20190315/checkpolicy-2.9.tar.gz"
}
}
},
{
"component": {
"type": "other",
@ -2471,16 +2461,6 @@
}
}
},
{
"component": {
"type": "other",
"other": {
"name": "libsemanage",
"version": "2.9",
"downloadUrl": "https://github.com/SELinuxProject/selinux/releases/download/20190315/libsemanage-2.9.tar.gz"
}
}
},
{
"component": {
"type": "other",
@ -2951,16 +2931,6 @@
}
}
},
{
"component": {
"type": "other",
"other": {
"name": "mcstrans",
"version": "2.9",
"downloadUrl": "https://github.com/SELinuxProject/selinux/releases/download/20190315/mcstrans-2.9.tar.gz"
}
}
},
{
"component": {
"type": "other",
@ -3851,16 +3821,6 @@
}
}
},
{
"component": {
"type": "other",
"other": {
"name": "policycoreutils",
"version": "2.9",
"downloadUrl": "https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz"
}
}
},
{
"component": {
"type": "other",
@ -5111,16 +5071,6 @@
}
}
},
{
"component": {
"type": "other",
"other": {
"name": "secilc",
"version": "2.9",
"downloadUrl": "https://github.com/SELinuxProject/selinux/releases/download/20190315/secilc-2.9.tar.gz"
}
}
},
{
"component": {
"type": "other",
@ -5131,26 +5081,6 @@
}
}
},
{
"component": {
"type": "other",
"other": {
"name": "selinux-policy",
"version": "2.20200818",
"downloadUrl": "https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20200818/refpolicy-2.20200818.tar.bz2"
}
}
},
{
"component": {
"type": "other",
"other": {
"name": "setools",
"version": "4.2.2",
"downloadUrl": "https://github.com/SELinuxProject/setools/releases/download/4.2.2/setools-4.2.2.tar.bz2"
}
}
},
{
"component": {
"type": "other",

22
toolkit/resources/manifests/package/pkggen_core_aarch64.txt
View File

@ -35,8 +35,8 @@ ncurses-libs-6.2-4.cm1.aarch64.rpm
ncurses-term-6.2-4.cm1.aarch64.rpm
readline-7.0-4.cm1.aarch64.rpm
readline-devel-7.0-4.cm1.aarch64.rpm
coreutils-8.30-6.cm1.aarch64.rpm
coreutils-lang-8.30-6.cm1.aarch64.rpm
coreutils-8.30-5.cm1.aarch64.rpm
coreutils-lang-8.30-5.cm1.aarch64.rpm
bash-4.4.18-5.cm1.aarch64.rpm
bash-devel-4.4.18-5.cm1.aarch64.rpm
bash-lang-4.4.18-5.cm1.aarch64.rpm
@ -60,9 +60,9 @@ gzip-1.9-4.cm1.aarch64.rpm
make-4.2.1-4.cm1.aarch64.rpm
mariner-release-1.0-9.cm1.noarch.rpm
patch-2.7.6-7.cm1.aarch64.rpm
util-linux-2.32.1-4.cm1.aarch64.rpm
util-linux-devel-2.32.1-4.cm1.aarch64.rpm
util-linux-libs-2.32.1-4.cm1.aarch64.rpm
util-linux-2.32.1-3.cm1.aarch64.rpm
util-linux-devel-2.32.1-3.cm1.aarch64.rpm
util-linux-libs-2.32.1-3.cm1.aarch64.rpm
tar-1.32-2.cm1.aarch64.rpm
xz-5.2.4-3.cm1.aarch64.rpm
xz-devel-5.2.4-3.cm1.aarch64.rpm
@ -116,12 +116,12 @@ libcap-devel-2.26-2.cm1.aarch64.rpm
libdb-5.3.28-4.cm1.aarch64.rpm
libdb-devel-5.3.28-4.cm1.aarch64.rpm
libdb-docs-5.3.28-4.cm1.aarch64.rpm
rpm-4.14.2-11.cm1.aarch64.rpm
rpm-build-4.14.2-11.cm1.aarch64.rpm
rpm-build-libs-4.14.2-11.cm1.aarch64.rpm
rpm-devel-4.14.2-11.cm1.aarch64.rpm
rpm-lang-4.14.2-11.cm1.aarch64.rpm
rpm-libs-4.14.2-11.cm1.aarch64.rpm
rpm-4.14.2-10.cm1.aarch64.rpm
rpm-build-4.14.2-10.cm1.aarch64.rpm
rpm-build-libs-4.14.2-10.cm1.aarch64.rpm
rpm-devel-4.14.2-10.cm1.aarch64.rpm
rpm-lang-4.14.2-10.cm1.aarch64.rpm
rpm-libs-4.14.2-10.cm1.aarch64.rpm
cpio-2.13-2.cm1.aarch64.rpm
cpio-lang-2.13-2.cm1.aarch64.rpm
e2fsprogs-libs-1.44.6-3.cm1.aarch64.rpm

22
toolkit/resources/manifests/package/pkggen_core_x86_64.txt
View File

@ -35,8 +35,8 @@ ncurses-libs-6.2-4.cm1.x86_64.rpm
ncurses-term-6.2-4.cm1.x86_64.rpm
readline-7.0-4.cm1.x86_64.rpm
readline-devel-7.0-4.cm1.x86_64.rpm
coreutils-8.30-6.cm1.x86_64.rpm
coreutils-lang-8.30-6.cm1.x86_64.rpm
coreutils-8.30-5.cm1.x86_64.rpm
coreutils-lang-8.30-5.cm1.x86_64.rpm
bash-4.4.18-5.cm1.x86_64.rpm
bash-devel-4.4.18-5.cm1.x86_64.rpm
bash-lang-4.4.18-5.cm1.x86_64.rpm
@ -60,9 +60,9 @@ gzip-1.9-4.cm1.x86_64.rpm
make-4.2.1-4.cm1.x86_64.rpm
mariner-release-1.0-9.cm1.noarch.rpm
patch-2.7.6-7.cm1.x86_64.rpm
util-linux-2.32.1-4.cm1.x86_64.rpm
util-linux-devel-2.32.1-4.cm1.x86_64.rpm
util-linux-libs-2.32.1-4.cm1.x86_64.rpm
util-linux-2.32.1-3.cm1.x86_64.rpm
util-linux-devel-2.32.1-3.cm1.x86_64.rpm
util-linux-libs-2.32.1-3.cm1.x86_64.rpm
tar-1.32-2.cm1.x86_64.rpm
xz-5.2.4-3.cm1.x86_64.rpm
xz-devel-5.2.4-3.cm1.x86_64.rpm
@ -116,12 +116,12 @@ libcap-devel-2.26-2.cm1.x86_64.rpm
libdb-5.3.28-4.cm1.x86_64.rpm
libdb-devel-5.3.28-4.cm1.x86_64.rpm
libdb-docs-5.3.28-4.cm1.x86_64.rpm
rpm-4.14.2-11.cm1.x86_64.rpm
rpm-build-4.14.2-11.cm1.x86_64.rpm
rpm-build-libs-4.14.2-11.cm1.x86_64.rpm
rpm-devel-4.14.2-11.cm1.x86_64.rpm
rpm-lang-4.14.2-11.cm1.x86_64.rpm
rpm-libs-4.14.2-11.cm1.x86_64.rpm
rpm-4.14.2-10.cm1.x86_64.rpm
rpm-build-4.14.2-10.cm1.x86_64.rpm
rpm-build-libs-4.14.2-10.cm1.x86_64.rpm
rpm-devel-4.14.2-10.cm1.x86_64.rpm
rpm-lang-4.14.2-10.cm1.x86_64.rpm
rpm-libs-4.14.2-10.cm1.x86_64.rpm
cpio-2.13-2.cm1.x86_64.rpm
cpio-lang-2.13-2.cm1.x86_64.rpm
e2fsprogs-libs-1.44.6-3.cm1.x86_64.rpm

97
toolkit/resources/manifests/package/toolchain_aarch64.txt
View File

@ -2,8 +2,6 @@ alsa-lib-1.2.2-1.cm1.aarch64.rpm
alsa-lib-debuginfo-1.2.2-1.cm1.aarch64.rpm
alsa-lib-devel-1.2.2-1.cm1.aarch64.rpm
asciidoc-8.6.10-4.cm1.noarch.rpm
audit-3.0-4.cm1.aarch64.rpm
audit-libs-3.0-4.cm1.aarch64.rpm
autoconf-2.69-9.cm1.noarch.rpm
automake-1.16.1-3.cm1.noarch.rpm
bash-4.4.18-5.cm1.aarch64.rpm
@ -29,9 +27,9 @@ check-0.12.0-4.cm1.aarch64.rpm
check-debuginfo-0.12.0-4.cm1.aarch64.rpm
cmake-3.17.3-2.cm1.aarch64.rpm
cmake-debuginfo-3.17.3-2.cm1.aarch64.rpm
coreutils-8.30-6.cm1.aarch64.rpm
coreutils-debuginfo-8.30-6.cm1.aarch64.rpm
coreutils-lang-8.30-6.cm1.aarch64.rpm
coreutils-8.30-5.cm1.aarch64.rpm
coreutils-debuginfo-8.30-5.cm1.aarch64.rpm
coreutils-lang-8.30-5.cm1.aarch64.rpm
cpio-2.13-2.cm1.aarch64.rpm
cpio-debuginfo-2.13-2.cm1.aarch64.rpm
cpio-lang-2.13-2.cm1.aarch64.rpm
@ -124,7 +122,6 @@ gmp-debuginfo-6.1.2-5.cm1.aarch64.rpm
gmp-devel-6.1.2-5.cm1.aarch64.rpm
gnupg2-2.2.20-3.cm1.aarch64.rpm
gnupg2-debuginfo-2.2.20-3.cm1.aarch64.rpm
golang-1.13.15-1.cm1.aarch64.rpm
gperf-3.1-3.cm1.aarch64.rpm
gperf-debuginfo-3.1-3.cm1.aarch64.rpm
gpgme-1.13.1-5.cm1.aarch64.rpm
@ -133,7 +130,6 @@ gpgme-devel-1.13.1-5.cm1.aarch64.rpm
grep-3.1-3.cm1.aarch64.rpm
grep-debuginfo-3.1-3.cm1.aarch64.rpm
grep-lang-3.1-3.cm1.aarch64.rpm
groff-1.22.3-6.cm1.aarch64.rpm
gtest-1.8.1-5.cm1.aarch64.rpm
gtest-debuginfo-1.8.1-5.cm1.aarch64.rpm
gtest-devel-1.8.1-5.cm1.aarch64.rpm
@ -168,10 +164,6 @@ libassuan-debuginfo-2.5.1-3.cm1.aarch64.rpm
libcap-2.26-2.cm1.aarch64.rpm
libcap-debuginfo-2.26-2.cm1.aarch64.rpm
libcap-devel-2.26-2.cm1.aarch64.rpm
libcap-ng-0.7.9-2.cm1.aarch64.rpm
python2-libcap-ng-0.7.9-2.cm1.aarch64.rpm
python3-libcap-ng-0.7.9-2.cm1.aarch64.rpm
libcap-ng-devel-0.7.9-2.cm1.aarch64.rpm
libdb-5.3.28-4.cm1.aarch64.rpm
libdb-debuginfo-5.3.28-4.cm1.aarch64.rpm
libdb-devel-5.3.28-4.cm1.aarch64.rpm
@ -197,8 +189,6 @@ libltdl-2.4.6-5.cm1.aarch64.rpm
libltdl-devel-2.4.6-5.cm1.aarch64.rpm
libmpc-1.1.0-5.cm1.aarch64.rpm
libmpc-debuginfo-1.1.0-5.cm1.aarch64.rpm
libnsl2-1.2.0-4.cm1.aarch64.rpm
libnsl2-devel-1.2.0-4.cm1.aarch64.rpm
libpipeline-1.5.0-3.cm1.aarch64.rpm
libpipeline-debuginfo-1.5.0-3.cm1.aarch64.rpm
libpipeline-devel-1.5.0-3.cm1.aarch64.rpm
@ -211,9 +201,6 @@ libselinux-devel-2.9-3.cm1.aarch64.rpm
libselinux-python-2.9-3.cm1.aarch64.rpm
libselinux-python3-2.9-3.cm1.aarch64.rpm
libselinux-utils-2.9-3.cm1.aarch64.rpm
libsemanage-2.9-4.cm1.aarch64.rpm
libsemanage-devel-2.9-4.cm1.aarch64.rpm
libsemanage-python3-2.9-4.cm1.aarch64.rpm
libsepol-2.9-5.cm1.aarch64.rpm
libsepol-debuginfo-2.9-5.cm1.aarch64.rpm
libsepol-devel-2.9-5.cm1.aarch64.rpm
@ -231,8 +218,6 @@ libtasn1-debuginfo-4.14-2.cm1.aarch64.rpm
libtasn1-devel-4.14-2.cm1.aarch64.rpm
libtool-2.4.6-5.cm1.aarch64.rpm
libtool-debuginfo-2.4.6-5.cm1.aarch64.rpm
libtirpc-1.1.4-4.cm1.aarch64.rpm
libtirpc-devel-1.1.4-4.cm1.aarch64.rpm
libxml2-2.9.10-2.cm1.aarch64.rpm
libxml2-debuginfo-2.9.10-2.cm1.aarch64.rpm
libxml2-devel-2.9.10-2.cm1.aarch64.rpm
@ -284,7 +269,6 @@ openjdk8-doc-1.8.0.181-8.cm1.aarch64.rpm
openjdk8-sample-1.8.0.181-8.cm1.aarch64.rpm
openjdk8-src-1.8.0.181-8.cm1.aarch64.rpm
openjre8-1.8.0.181-8.cm1.aarch64.rpm
openldap-2.4.50-1.cm1.aarch64.rpm
openssl-1.1.1g-6.cm1.aarch64.rpm
openssl-debuginfo-1.1.1g-6.cm1.aarch64.rpm
openssl-devel-1.1.1g-6.cm1.aarch64.rpm
@ -296,10 +280,10 @@ p11-kit-debuginfo-0.23.16.1-2.cm1.aarch64.rpm
p11-kit-devel-0.23.16.1-2.cm1.aarch64.rpm
p11-kit-server-0.23.16.1-2.cm1.aarch64.rpm
p11-kit-trust-0.23.16.1-2.cm1.aarch64.rpm
pam-1.3.1-5.cm1.aarch64.rpm
pam-debuginfo-1.3.1-5.cm1.aarch64.rpm
pam-devel-1.3.1-5.cm1.aarch64.rpm
pam-lang-1.3.1-5.cm1.aarch64.rpm
pam-1.3.1-4.cm1.aarch64.rpm
pam-debuginfo-1.3.1-4.cm1.aarch64.rpm
pam-devel-1.3.1-4.cm1.aarch64.rpm
pam-lang-1.3.1-4.cm1.aarch64.rpm
patch-2.7.6-7.cm1.aarch64.rpm
patch-debuginfo-2.7.6-7.cm1.aarch64.rpm
pcre-8.42-4.cm1.aarch64.rpm
@ -332,57 +316,52 @@ procps-ng-3.3.15-3.cm1.aarch64.rpm
procps-ng-debuginfo-3.3.15-3.cm1.aarch64.rpm
procps-ng-devel-3.3.15-3.cm1.aarch64.rpm
procps-ng-lang-3.3.15-3.cm1.aarch64.rpm
python2-2.7.18-4.cm1.aarch64.rpm
python2-debuginfo-2.7.18-4.cm1.aarch64.rpm
python2-devel-2.7.18-4.cm1.aarch64.rpm
python2-libs-2.7.18-4.cm1.aarch64.rpm
python2-test-2.7.18-4.cm1.aarch64.rpm
python2-tools-2.7.18-4.cm1.aarch64.rpm
python3-audit-3.0-4.cm1.aarch64.rpm
python2-2.7.18-3.cm1.aarch64.rpm
python2-debuginfo-2.7.18-3.cm1.aarch64.rpm
python2-devel-2.7.18-3.cm1.aarch64.rpm
python2-libs-2.7.18-3.cm1.aarch64.rpm
python2-test-2.7.18-3.cm1.aarch64.rpm
python2-tools-2.7.18-3.cm1.aarch64.rpm
python3-cracklib-2.9.7-2.cm1.aarch64.rpm
python3-gpg-1.13.1-5.cm1.aarch64.rpm
python3-libxml2-2.9.10-2.cm1.aarch64.rpm
python3-pwquality-1.4.2-4.cm1.aarch64.rpm
python3-rpm-4.14.2-11.cm1.aarch64.rpm
python-curses-2.7.18-4.cm1.aarch64.rpm
python3-rpm-4.14.2-10.cm1.aarch64.rpm
python-curses-2.7.18-3.cm1.aarch64.rpm
python-gpg-1.13.1-5.cm1.aarch64.rpm
python-rpm-4.14.2-11.cm1.aarch64.rpm
python-rpm-4.14.2-10.cm1.aarch64.rpm
python-setuptools-40.2.0-5.cm1.noarch.rpm
python-xml-2.7.18-4.cm1.aarch64.rpm
python-xml-2.7.18-3.cm1.aarch64.rpm
readline-7.0-4.cm1.aarch64.rpm
readline-debuginfo-7.0-4.cm1.aarch64.rpm
readline-devel-7.0-4.cm1.aarch64.rpm
rpcsvc-proto-1.4-3.cm1.aarch64.rpm
rpcsvc-proto-devel-1.4-3.cm1.aarch64.rpm
rpm-4.14.2-11.cm1.aarch64.rpm
rpm-build-4.14.2-11.cm1.aarch64.rpm
rpm-build-libs-4.14.2-11.cm1.aarch64.rpm
rpm-debuginfo-4.14.2-11.cm1.aarch64.rpm
rpm-devel-4.14.2-11.cm1.aarch64.rpm
rpm-lang-4.14.2-11.cm1.aarch64.rpm
rpm-libs-4.14.2-11.cm1.aarch64.rpm
rpm-4.14.2-10.cm1.aarch64.rpm
rpm-build-4.14.2-10.cm1.aarch64.rpm
rpm-build-libs-4.14.2-10.cm1.aarch64.rpm
rpm-debuginfo-4.14.2-10.cm1.aarch64.rpm
rpm-devel-4.14.2-10.cm1.aarch64.rpm
rpm-lang-4.14.2-10.cm1.aarch64.rpm
rpm-libs-4.14.2-10.cm1.aarch64.rpm
sed-4.5-3.cm1.aarch64.rpm
sed-debuginfo-4.5-3.cm1.aarch64.rpm
sed-lang-4.5-3.cm1.aarch64.rpm
shadow-utils-4.6-9.cm1.aarch64.rpm
shadow-utils-debuginfo-4.6-9.cm1.aarch64.rpm
shadow-utils-4.6-8.cm1.aarch64.rpm
shadow-utils-debuginfo-4.6-8.cm1.aarch64.rpm
sqlite-3.32.3-1.cm1.aarch64.rpm
sqlite-debuginfo-3.32.3-1.cm1.aarch64.rpm
sqlite-devel-3.32.3-1.cm1.aarch64.rpm
sqlite-libs-3.32.3-1.cm1.aarch64.rpm
swig-3.0.12-4.cm1.aarch64.rpm
swig-debuginfo-3.0.12-4.cm1.aarch64.rpm
systemd-239-32.cm1.aarch64.rpm
systemd-bootstrap-239-30.cm1.aarch64.rpm
systemd-bootstrap-debuginfo-239-30.cm1.aarch64.rpm
systemd-bootstrap-devel-239-30.cm1.aarch64.rpm
systemd-debuginfo-239-32.cm1.aarch64.rpm
systemd-devel-239-32.cm1.aarch64.rpm
systemd-lang-239-32.cm1.aarch64.rpm
systemd-239-31.cm1.aarch64.rpm
systemd-bootstrap-239-29.cm1.aarch64.rpm
systemd-bootstrap-debuginfo-239-29.cm1.aarch64.rpm
systemd-bootstrap-devel-239-29.cm1.aarch64.rpm
systemd-debuginfo-239-31.cm1.aarch64.rpm
systemd-devel-239-31.cm1.aarch64.rpm
systemd-lang-239-31.cm1.aarch64.rpm
tar-1.32-2.cm1.aarch64.rpm
tar-debuginfo-1.32-2.cm1.aarch64.rpm
tcp_wrappers-7.6-9.cm1.aarch64.rpm
tcp_wrappers-devel-7.6-9.cm1.aarch64.rpm
tdnf-2.1.0-4.cm1.aarch64.rpm
tdnf-cli-libs-2.1.0-4.cm1.aarch64.rpm
tdnf-debuginfo-2.1.0-4.cm1.aarch64.rpm
@ -393,11 +372,11 @@ texinfo-6.5-7.cm1.aarch64.rpm
texinfo-debuginfo-6.5-7.cm1.aarch64.rpm
unzip-6.0-16.cm1.aarch64.rpm
unzip-debuginfo-6.0-16.cm1.aarch64.rpm
util-linux-2.32.1-4.cm1.aarch64.rpm
util-linux-debuginfo-2.32.1-4.cm1.aarch64.rpm
util-linux-devel-2.32.1-4.cm1.aarch64.rpm
util-linux-lang-2.32.1-4.cm1.aarch64.rpm
util-linux-libs-2.32.1-4.cm1.aarch64.rpm
util-linux-2.32.1-3.cm1.aarch64.rpm
util-linux-debuginfo-2.32.1-3.cm1.aarch64.rpm
util-linux-devel-2.32.1-3.cm1.aarch64.rpm
util-linux-lang-2.32.1-3.cm1.aarch64.rpm
util-linux-libs-2.32.1-3.cm1.aarch64.rpm
veritysetup-2.3.3-2.cm1.aarch64.rpm
wget-1.20.3-2.cm1.aarch64.rpm
wget-debuginfo-1.20.3-2.cm1.aarch64.rpm

96
toolkit/resources/manifests/package/toolchain_x86_64.txt
View File

@ -2,8 +2,6 @@ alsa-lib-1.2.2-1.cm1.x86_64.rpm
alsa-lib-debuginfo-1.2.2-1.cm1.x86_64.rpm
alsa-lib-devel-1.2.2-1.cm1.x86_64.rpm
asciidoc-8.6.10-4.cm1.noarch.rpm
audit-3.0-4.cm1.x86_64.rpm
audit-libs-3.0-4.cm1.x86_64.rpm
autoconf-2.69-9.cm1.noarch.rpm
automake-1.16.1-3.cm1.noarch.rpm
bash-4.4.18-5.cm1.x86_64.rpm
@ -29,9 +27,9 @@ check-0.12.0-4.cm1.x86_64.rpm
check-debuginfo-0.12.0-4.cm1.x86_64.rpm
cmake-3.17.3-2.cm1.x86_64.rpm
cmake-debuginfo-3.17.3-2.cm1.x86_64.rpm
coreutils-8.30-6.cm1.x86_64.rpm
coreutils-debuginfo-8.30-6.cm1.x86_64.rpm
coreutils-lang-8.30-6.cm1.x86_64.rpm
coreutils-8.30-5.cm1.x86_64.rpm
coreutils-debuginfo-8.30-5.cm1.x86_64.rpm
coreutils-lang-8.30-5.cm1.x86_64.rpm
cpio-2.13-2.cm1.x86_64.rpm
cpio-debuginfo-2.13-2.cm1.x86_64.rpm
cpio-lang-2.13-2.cm1.x86_64.rpm
@ -124,7 +122,6 @@ gmp-debuginfo-6.1.2-5.cm1.x86_64.rpm
gmp-devel-6.1.2-5.cm1.x86_64.rpm
gnupg2-2.2.20-3.cm1.x86_64.rpm
gnupg2-debuginfo-2.2.20-3.cm1.x86_64.rpm
golang-1.13.15-1.cm1.x86_64.rpm
gperf-3.1-3.cm1.x86_64.rpm
gperf-debuginfo-3.1-3.cm1.x86_64.rpm
gpgme-1.13.1-5.cm1.x86_64.rpm
@ -133,7 +130,6 @@ gpgme-devel-1.13.1-5.cm1.x86_64.rpm
grep-3.1-3.cm1.x86_64.rpm
grep-debuginfo-3.1-3.cm1.x86_64.rpm
grep-lang-3.1-3.cm1.x86_64.rpm
groff-1.22.3-6.cm1.x86_64.rpm
gtest-1.8.1-5.cm1.x86_64.rpm
gtest-debuginfo-1.8.1-5.cm1.x86_64.rpm
gtest-devel-1.8.1-5.cm1.x86_64.rpm
@ -168,10 +164,6 @@ libassuan-debuginfo-2.5.1-3.cm1.x86_64.rpm
libcap-2.26-2.cm1.x86_64.rpm
libcap-debuginfo-2.26-2.cm1.x86_64.rpm
libcap-devel-2.26-2.cm1.x86_64.rpm
libcap-ng-0.7.9-2.cm1.x86_64.rpm
python2-libcap-ng-0.7.9-2.cm1.x86_64.rpm
python3-libcap-ng-0.7.9-2.cm1.x86_64.rpm
libcap-ng-devel-0.7.9-2.cm1.x86_64.rpm
libdb-5.3.28-4.cm1.x86_64.rpm
libdb-debuginfo-5.3.28-4.cm1.x86_64.rpm
libdb-devel-5.3.28-4.cm1.x86_64.rpm
@ -197,8 +189,6 @@ libltdl-2.4.6-5.cm1.x86_64.rpm
libltdl-devel-2.4.6-5.cm1.x86_64.rpm
libmpc-1.1.0-5.cm1.x86_64.rpm
libmpc-debuginfo-1.1.0-5.cm1.x86_64.rpm
libnsl2-1.2.0-4.cm1.x86_64.rpm
libnsl2-devel-1.2.0-4.cm1.x86_64.rpm
libpipeline-1.5.0-3.cm1.x86_64.rpm
libpipeline-debuginfo-1.5.0-3.cm1.x86_64.rpm
libpipeline-devel-1.5.0-3.cm1.x86_64.rpm
@ -211,9 +201,6 @@ libselinux-devel-2.9-3.cm1.x86_64.rpm
libselinux-python-2.9-3.cm1.x86_64.rpm
libselinux-python3-2.9-3.cm1.x86_64.rpm
libselinux-utils-2.9-3.cm1.x86_64.rpm
libsemanage-2.9-4.cm1.x86_64.rpm
libsemanage-devel-2.9-4.cm1.x86_64.rpm
libsemanage-python3-2.9-4.cm1.x86_64.rpm
libsepol-2.9-5.cm1.x86_64.rpm
libsepol-debuginfo-2.9-5.cm1.x86_64.rpm
libsepol-devel-2.9-5.cm1.x86_64.rpm
@ -231,8 +218,6 @@ libtasn1-debuginfo-4.14-2.cm1.x86_64.rpm
libtasn1-devel-4.14-2.cm1.x86_64.rpm
libtool-2.4.6-5.cm1.x86_64.rpm
libtool-debuginfo-2.4.6-5.cm1.x86_64.rpm
libtirpc-1.1.4-4.cm1.x86_64.rpm
libtirpc-devel-1.1.4-4.cm1.x86_64.rpm
libxml2-2.9.10-2.cm1.x86_64.rpm
libxml2-debuginfo-2.9.10-2.cm1.x86_64.rpm
libxml2-devel-2.9.10-2.cm1.x86_64.rpm
@ -284,7 +269,6 @@ openjdk8-doc-1.8.0.212-10.cm1.x86_64.rpm
openjdk8-sample-1.8.0.212-10.cm1.x86_64.rpm
openjdk8-src-1.8.0.212-10.cm1.x86_64.rpm
openjre8-1.8.0.212-10.cm1.x86_64.rpm
openldap-2.4.50-1.cm1.x86_64.rpm
openssl-1.1.1g-6.cm1.x86_64.rpm
openssl-debuginfo-1.1.1g-6.cm1.x86_64.rpm
openssl-devel-1.1.1g-6.cm1.x86_64.rpm
@ -296,10 +280,10 @@ p11-kit-debuginfo-0.23.16.1-2.cm1.x86_64.rpm
p11-kit-devel-0.23.16.1-2.cm1.x86_64.rpm
p11-kit-server-0.23.16.1-2.cm1.x86_64.rpm
p11-kit-trust-0.23.16.1-2.cm1.x86_64.rpm
pam-1.3.1-5.cm1.x86_64.rpm
pam-debuginfo-1.3.1-5.cm1.x86_64.rpm
pam-devel-1.3.1-5.cm1.x86_64.rpm
pam-lang-1.3.1-5.cm1.x86_64.rpm
pam-1.3.1-4.cm1.x86_64.rpm
pam-debuginfo-1.3.1-4.cm1.x86_64.rpm
pam-devel-1.3.1-4.cm1.x86_64.rpm
pam-lang-1.3.1-4.cm1.x86_64.rpm
patch-2.7.6-7.cm1.x86_64.rpm
patch-debuginfo-2.7.6-7.cm1.x86_64.rpm
pcre-8.42-4.cm1.x86_64.rpm
@ -332,56 +316,52 @@ procps-ng-3.3.15-3.cm1.x86_64.rpm
procps-ng-debuginfo-3.3.15-3.cm1.x86_64.rpm
procps-ng-devel-3.3.15-3.cm1.x86_64.rpm
procps-ng-lang-3.3.15-3.cm1.x86_64.rpm
python2-2.7.18-4.cm1.x86_64.rpm
python2-debuginfo-2.7.18-4.cm1.x86_64.rpm
python2-devel-2.7.18-4.cm1.x86_64.rpm
python2-libs-2.7.18-4.cm1.x86_64.rpm
python2-test-2.7.18-4.cm1.x86_64.rpm
python2-tools-2.7.18-4.cm1.x86_64.rpm
python3-audit-3.0-4.cm1.x86_64.rpm
python2-2.7.18-3.cm1.x86_64.rpm
python2-debuginfo-2.7.18-3.cm1.x86_64.rpm
python2-devel-2.7.18-3.cm1.x86_64.rpm
python2-libs-2.7.18-3.cm1.x86_64.rpm
python2-test-2.7.18-3.cm1.x86_64.rpm
python2-tools-2.7.18-3.cm1.x86_64.rpm
python3-cracklib-2.9.7-2.cm1.x86_64.rpm
python3-gpg-1.13.1-5.cm1.x86_64.rpm
python3-libxml2-2.9.10-2.cm1.x86_64.rpm
python3-pwquality-1.4.2-4.cm1.x86_64.rpm
python3-rpm-4.14.2-11.cm1.x86_64.rpm
python3-rpm-4.14.2-10.cm1.x86_64.rpm
python-curses-2.7.18-3.cm1.x86_64.rpm
python-gpg-1.13.1-5.cm1.x86_64.rpm
python-rpm-4.14.2-11.cm1.x86_64.rpm
python-rpm-4.14.2-10.cm1.x86_64.rpm
python-setuptools-40.2.0-5.cm1.noarch.rpm
python-xml-2.7.18-4.cm1.x86_64.rpm
python-xml-2.7.18-3.cm1.x86_64.rpm
readline-7.0-4.cm1.x86_64.rpm
readline-debuginfo-7.0-4.cm1.x86_64.rpm
readline-devel-7.0-4.cm1.x86_64.rpm
rpcsvc-proto-1.4-3.cm1.x86_64.rpm
rpcsvc-proto-devel-1.4-3.cm1.x86_64.rpm
rpm-4.14.2-11.cm1.x86_64.rpm
rpm-build-4.14.2-11.cm1.x86_64.rpm
rpm-build-libs-4.14.2-11.cm1.x86_64.rpm
rpm-debuginfo-4.14.2-11.cm1.x86_64.rpm
rpm-devel-4.14.2-11.cm1.x86_64.rpm
rpm-lang-4.14.2-11.cm1.x86_64.rpm
rpm-libs-4.14.2-11.cm1.x86_64.rpm
rpm-4.14.2-10.cm1.x86_64.rpm
rpm-build-4.14.2-10.cm1.x86_64.rpm
rpm-build-libs-4.14.2-10.cm1.x86_64.rpm
rpm-debuginfo-4.14.2-10.cm1.x86_64.rpm
rpm-devel-4.14.2-10.cm1.x86_64.rpm
rpm-lang-4.14.2-10.cm1.x86_64.rpm
rpm-libs-4.14.2-10.cm1.x86_64.rpm
sed-4.5-3.cm1.x86_64.rpm
sed-debuginfo-4.5-3.cm1.x86_64.rpm
sed-lang-4.5-3.cm1.x86_64.rpm
shadow-utils-4.6-9.cm1.x86_64.rpm
shadow-utils-debuginfo-4.6-9.cm1.x86_64.rpm
shadow-utils-4.6-8.cm1.x86_64.rpm
shadow-utils-debuginfo-4.6-8.cm1.x86_64.rpm
sqlite-3.32.3-1.cm1.x86_64.rpm
sqlite-debuginfo-3.32.3-1.cm1.x86_64.rpm
sqlite-devel-3.32.3-1.cm1.x86_64.rpm
sqlite-libs-3.32.3-1.cm1.x86_64.rpm
swig-3.0.12-4.cm1.x86_64.rpm
swig-debuginfo-3.0.12-4.cm1.x86_64.rpm
systemd-239-32.cm1.x86_64.rpm
systemd-bootstrap-239-30.cm1.x86_64.rpm
systemd-bootstrap-debuginfo-239-30.cm1.x86_64.rpm
systemd-bootstrap-devel-239-30.cm1.x86_64.rpm
systemd-debuginfo-239-32.cm1.x86_64.rpm
systemd-devel-239-32.cm1.x86_64.rpm
systemd-lang-239-32.cm1.x86_64.rpm
systemd-239-31.cm1.x86_64.rpm
systemd-bootstrap-239-29.cm1.x86_64.rpm
systemd-bootstrap-debuginfo-239-29.cm1.x86_64.rpm
systemd-bootstrap-devel-239-29.cm1.x86_64.rpm
systemd-debuginfo-239-31.cm1.x86_64.rpm
systemd-devel-239-31.cm1.x86_64.rpm
systemd-lang-239-31.cm1.x86_64.rpm
tar-1.32-2.cm1.x86_64.rpm
tar-debuginfo-1.32-2.cm1.x86_64.rpm
tcp_wrappers-7.6-9.cm1.x86_64.rpm
tcp_wrappers-devel-7.6-9.cm1.x86_64.rpm
tdnf-2.1.0-4.cm1.x86_64.rpm
tdnf-cli-libs-2.1.0-4.cm1.x86_64.rpm
tdnf-debuginfo-2.1.0-4.cm1.x86_64.rpm
@ -392,11 +372,11 @@ texinfo-6.5-7.cm1.x86_64.rpm
texinfo-debuginfo-6.5-7.cm1.x86_64.rpm
unzip-6.0-16.cm1.x86_64.rpm
unzip-debuginfo-6.0-16.cm1.x86_64.rpm
util-linux-2.32.1-4.cm1.x86_64.rpm
util-linux-debuginfo-2.32.1-4.cm1.x86_64.rpm
util-linux-devel-2.32.1-4.cm1.x86_64.rpm
util-linux-lang-2.32.1-4.cm1.x86_64.rpm
util-linux-libs-2.32.1-4.cm1.x86_64.rpm
util-linux-2.32.1-3.cm1.x86_64.rpm
util-linux-debuginfo-2.32.1-3.cm1.x86_64.rpm
util-linux-devel-2.32.1-3.cm1.x86_64.rpm
util-linux-lang-2.32.1-3.cm1.x86_64.rpm
util-linux-libs-2.32.1-3.cm1.x86_64.rpm
veritysetup-2.3.3-2.cm1.x86_64.rpm
wget-1.20.3-2.cm1.x86_64.rpm
wget-debuginfo-1.20.3-2.cm1.x86_64.rpm

55
toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
View File

@ -234,6 +234,7 @@ build_rpm_in_chroot_no_install m4
build_rpm_in_chroot_no_install libdb
build_rpm_in_chroot_no_install libcap
build_rpm_in_chroot_no_install popt
build_rpm_in_chroot_no_install util-linux
build_rpm_in_chroot_no_install findutils
build_rpm_in_chroot_no_install tar
build_rpm_in_chroot_no_install gawk
@ -315,6 +316,7 @@ chroot_and_install_rpms python2
build_rpm_in_chroot_no_install lua
chroot_and_install_rpms lua
build_rpm_in_chroot_no_install rpm
build_rpm_in_chroot_no_install cpio
# Build tdnf-2.1.0
@ -363,6 +365,10 @@ build_rpm_in_chroot_no_install libxslt
chroot_and_install_rpms pam
build_rpm_in_chroot_no_install docbook-style-xsl
# shadow-utils needs the pam.d sources in the root of SOURCES_DIR
cp $SPECROOT/shadow-utils/pam.d/* $CHROOT_SOURCES_DIR
build_rpm_in_chroot_no_install shadow-utils
# gtest needs cmake
chroot_and_install_rpms cmake
build_rpm_in_chroot_no_install gtest
@ -443,18 +449,14 @@ build_rpm_in_chroot_no_install libsepol
chroot_and_install_rpms libsepol
build_rpm_in_chroot_no_install libselinux
# util-linux, rpm, libsemanage and shadow-utils require libselinux
chroot_and_install_rpms libselinux
build_rpm_in_chroot_no_install util-linux
build_rpm_in_chroot_no_install rpm
# systemd-bootstrap requires libcap, xz, kbd, kmod, util-linux, meson
# systemd-bootstrap requires libcap, xz, kbd, kmod, util-linux, meson, shadow-utils
chroot_and_install_rpms libcap
chroot_and_install_rpms xz
chroot_and_install_rpms kbd
chroot_and_install_rpms kmod
chroot_and_install_rpms util-linux
chroot_and_install_rpms meson
chroot_and_install_rpms shadow-utils
build_rpm_in_chroot_no_install systemd-bootstrap
build_rpm_in_chroot_no_install libaio
@ -481,47 +483,6 @@ chroot_and_install_rpms gperf
chroot_and_install_rpms cryptsetup
build_rpm_in_chroot_no_install systemd
build_rpm_in_chroot_no_install golang-1.13
build_rpm_in_chroot_no_install groff
# libtiprc needs krb5
chroot_and_install_rpms krb5
build_rpm_in_chroot_no_install libtirpc
build_rpm_in_chroot_no_install rpcsvc-proto
# libnsl2 needs libtirpc and rpcsvc-proto
chroot_and_install_rpms libtirpc
chroot_and_install_rpms rpcsvc-proto
build_rpm_in_chroot_no_install libnsl2
# tcp_wrappers needs libnsl2
chroot_and_install_rpms libnsl2
build_rpm_in_chroot_no_install tcp_wrappers
# openldap needs groff
chroot_and_install_rpms groff
build_rpm_in_chroot_no_install openldap
build_rpm_in_chroot_no_install libcap-ng
# audit needs systemd, golang, openldap, tcp_wrappers and libcap-ng
chroot_and_install_rpms systemd
chroot_and_install_rpms golang
chroot_and_install_rpms openldap
chroot_and_install_rpms tcp_wrappers
chroot_and_install_rpms libcap-ng
build_rpm_in_chroot_no_install audit
# libsemanage requires libaudit
chroot_and_install_rpms audit
build_rpm_in_chroot_no_install libsemanage
# shadow-utils requires libsemanage
chroot_and_install_rpms libsemanage
# shadow-utils needs the pam.d sources in the root of SOURCES_DIR
cp $SPECROOT/shadow-utils/pam.d/* $CHROOT_SOURCES_DIR
build_rpm_in_chroot_no_install shadow-utils
# p11-kit needs libtasn1
chroot_and_install_rpms libtasn1
build_rpm_in_chroot_no_install p11-kit