!20 22.03-LTS-Next: fixes the problem when setroubleshoot is installed, or updated

Merge pull request !20 from Hugel/22.03-LTS-Next

Fix-config-file-to-deny-noraml-user-to-stop-Setroubleshootd.patch

@@ -0,0 +1,33 @@
+From bf6d97e7f14bdefb7e9e889ae29e29b0d8484a16 Mon Sep 17 00:00:00 2001
+From: openEuler Buildteam <buildteam@openeuler.org>
+Date: Tue, 15 Dec 2020 14:14:57 +0800
+Subject: [PATCH] Fix config file to deny noraml user to stop Setroubleshootd.
+
+---
+ org.fedoraproject.Setroubleshootd.conf | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/org.fedoraproject.Setroubleshootd.conf b/org.fedoraproject.Setroubleshootd.conf
+index 65a0daa..fe0e2f4 100644
+--- a/org.fedoraproject.Setroubleshootd.conf
++++ b/org.fedoraproject.Setroubleshootd.conf
+@@ -9,12 +9,15 @@
+ 	</policy>
+ 	<policy user="root">
+ 		<allow send_destination="org.fedoraproject.Setroubleshootd"/>
++		<allow send_destination="org.fedoraproject.Setroubleshootd"
++		       send_interface="org.fedoraproject.SetroubleshootdIface"
++		       send_member="finish"/>
+ 	</policy>
+ 	<policy context="default">
+ 		<allow send_destination="org.fedoraproject.Setroubleshootd"
+ 		       send_interface="org.fedoraproject.SetroubleshootdIface"
+ 		       send_member="start"/>
+-		<allow send_destination="org.fedoraproject.Setroubleshootd"
++		<deny  send_destination="org.fedoraproject.Setroubleshootd"
+ 		       send_interface="org.fedoraproject.SetroubleshootdIface"
+ 		       send_member="finish"/>
+ 		<allow send_destination="org.fedoraproject.Setroubleshootd"
+-- 
+1.8.3.1
+

setroubleshoot.spec

@@ -1,6 +1,6 @@
 Name: setroubleshoot
-Version: 3.3.20
+Version: 3.3.24
-Release: 2
+Release: 3
 Summary: SELinux Trouble Shooting Tool
 License: GPLv2+
 URL: https://pagure.io/setroubleshoot
@@ -8,6 +8,10 @@ URL: https://pagure.io/setroubleshoot
 Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
 Source1: %{name}.tmpfiles
 
+Patch1: backport-0001-framework-Update-translations.patch
+
+Patch9000: Fix-config-file-to-deny-noraml-user-to-stop-Setroubleshootd.patch
+
 BuildRequires: gcc libcap-ng-devel intltool gettext python3 python3-devel git
 BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel audit-libs-devel libselinux-devel polkit-devel
 BuildRequires: python3-libselinux python3-pydbus python3-gobject gtk3-devel xdg-utils
@@ -26,7 +30,7 @@ SELinux Trouble Shooting Tool
 Summary: SELinux troubleshoot server
 
 Requires: %{name}-plugins >= 3.3.8
-Requires: audit >= 3
+Requires: audit >= 2.8.5
 Requires: python3-audit
 Requires: python3-libxml2
 Requires: python3-rpm
@@ -37,7 +41,7 @@ BuildRequires: python3-devel
 Requires: python3-slip python3-systemd
 Requires: python3-gobject >= 3.11
 Requires: dbus
-Requires: python3-dbus
+Requires: python3-dbus python3-pydbus
 Requires: polkit
 Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
 
@@ -80,19 +84,20 @@ install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
 
 %post
 dbus-send --system /com/redhat/setroubleshootd com.redhat.SEtroubleshootdIface.restart string:'rpm install' >/dev/null 2>&1 || :
-%systemd_post auditd.service
+/sbin/service auditd reload >/dev/null 2>&1 || :
 
 %postun
-%systemd_postun_with_restart auditd.service
+/sbin/service auditd reload >/dev/null 2>&1 || :
 
 %pre server
 getent passwd setroubleshoot >/dev/null || useradd -r -U -s /sbin/nologin -d %{_localstatedir}/lib/%{name} setroubleshoot
 
 %post server
-%systemd_post auditd.service
+/sbin/service auditd reload >/dev/null 2>&1 || :
 
 %postun server
-%systemd_postun_with_restart auditd.service
+/sbin/service auditd reload >/dev/null 2>&1 || :
+
 %triggerun server -- %{name}-server < 3.2.24-4
 chown -R setroubleshoot:setroubleshoot %{_localstatedir}/lib/%{name}
 
@@ -127,14 +132,16 @@ chown -R setroubleshoot:setroubleshoot %{_localstatedir}/lib/%{name}
 %exclude %{python3_sitelib}/%{name}/__pycache__/gui_utils.cpython*
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/SetroubleshootFixit.py
-%{_datadir}/%{name}/updater.py
+%{_datadir}/%{name}/SetroubleshootPrivileged.py
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootPrivileged.conf
 %attr(0700,setroubleshoot,setroubleshoot) %dir %{_localstatedir}/lib/%{name}
 %ghost %attr(0600,setroubleshoot,setroubleshoot) %{_localstatedir}/lib/%{name}/setroubleshoot_database.xml
 %ghost %attr(0644,setroubleshoot,setroubleshoot) %{_localstatedir}/lib/%{name}/email_alert_recipients
 %config /etc/audit/plugins.d/sedispatch.conf
 %{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
+%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
 %{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
 %{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
@@ -153,6 +160,21 @@ chown -R setroubleshoot:setroubleshoot %{_localstatedir}/lib/%{name}
 %{_mandir}/man1/seapplet.1.gz
 
 %changelog
+* Mon Dec 27 2021 Hugel <gengqihu1@huawei.com> - 3.3.24-3
+- Fix the problem when setroubleshoot is installed, or updated.
+
+* Tue Mar 16 2021 yixiangzhike <zhangxingliang3@huawei.com> - 3.3.24-2
+- add "Requires: python3-pydbus" for subpackage setroubleshoot-server
+
+* Fri Jan 22 2021 yixiangzhike <zhangxingliang3@huawei.com> - 3.3.24-1
+- update to 3.3.24
+
+* Tue Dec 15 2020 panxiaohe <panxiaohe@huawei.com> - 3.3.20-4
+- Fix config file to deny noraml user to stop Setroubleshootd.
+
+* Thu Aug 20 2020 wangchen <wangchen137@huawei.com> - 3.3.20-3
+- fix the failure of building for audit downgrade
+
 * Thu Oct 10 2019 openEuler Buildteam <buildteam@openeuler.org> - 3.3.20-2
 - add COPYING to license directory
 

setroubleshoot.yaml

@@ -0,0 +1,4 @@
+version_control: git
+src_repo: "https://pagure.io/setroubleshoot.git"
+tag_prefix: "^setroubleshoot-"
+seperator: