From 0f436caf99c51a1c7f26ae333c1215caf08bf092 Mon Sep 17 00:00:00 2001
From: zhanglu <zhanglu37@huawei.com>
Date: Wed, 15 Jan 2020 18:04:14 +0800
Subject: [PATCH] fix build fail for selinux-policy

---
 0001-Do-not-use-Werror-during-build.patch     |  49 ++++++
 ...e-setools.InfoFlowAnalysis-and-setoo.patch | 139 ++++++++++++++++++
 setools.spec                                  |   9 +-
 3 files changed, 196 insertions(+), 1 deletion(-)
 create mode 100644 0001-Do-not-use-Werror-during-build.patch
 create mode 100644 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch

diff --git a/0001-Do-not-use-Werror-during-build.patch b/0001-Do-not-use-Werror-during-build.patch
new file mode 100644
index 0000000..1f6371b
--- /dev/null
+++ b/0001-Do-not-use-Werror-during-build.patch
@@ -0,0 +1,49 @@
+From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 23 Feb 2017 08:17:07 +0100
+Subject: [PATCH 2/3] Do not use -Werror during build
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+ 
+There are new warnings when setools are built with gcc 7 therefore we
+want to suppress -Werror for now
+ 
+Fixes:
+libqpol/policy_extend.c: In function ‘policy_extend’:
+libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
+    snprintf(buff, 9, "@ttr%04zd", i + 1);
+                           ^~~~~
+libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
+    snprintf(buff, 9, "@ttr%04zd", i + 1);
+                      ^~~~~~~~~~~
+In file included from /usr/include/stdio.h:939:0,
+                 from /usr/include/sepol/policydb/policydb.h:53,
+                 from libqpol/policy_extend.c:29:
+/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9
+   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
+          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+        __bos (__s), __fmt, __va_arg_pack ());
+        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+error: command 'gcc' failed with exit status 1
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+ 
+diff --git a/setup.py b/setup.py
+index c94daf1..a7442ac 100644
+--- a/setup.py
++++ b/setup.py
+@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
+                          libraries=['selinux', 'sepol'],
+                          library_dirs=lib_dirs,
+                          define_macros=macros,
+-                         extra_compile_args=['-Werror', '-Wextra',
++                         extra_compile_args=['-Wextra',
+                                              '-Waggregate-return',
+                                              '-Wfloat-equal',
+                                              '-Wformat', '-Wformat=2',
+-- 
+2.17.2
+ 
diff --git a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
new file mode 100644
index 0000000..9120e46
--- /dev/null
+++ b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
@@ -0,0 +1,139 @@
+From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 26 Apr 2019 15:27:25 +0200
+Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and
+ setools.DomainTransitionAnalysis
+ 
+dta and infoflow modules require networkx which brings lot of dependencies.
+These dependencies are not necessary for setools module itself as it's
+used in policycoreutils.
+ 
+Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
+setools.dta.DomainTransitionAnalysis and let the package containing
+sedta and seinfoflow to require python3-networkx
+---
+ sedta                       | 4 ++--
+ seinfoflow                  | 4 ++--
+ setools/__init__.py         | 4 ----
+ setoolsgui/apol/dta.py      | 2 +-
+ setoolsgui/apol/infoflow.py | 2 +-
+ tests/dta.py                | 2 +-
+ tests/infoflow.py           | 2 +-
+ 7 files changed, 8 insertions(+), 12 deletions(-)
+ 
+diff --git a/sedta b/sedta
+index 60861ca..41e38a2 100755
+--- a/sedta
++++ b/sedta
+@@ -22,7 +22,7 @@ import argparse
+ import logging
+ import signal
+ 
+-import setools
++import setools.dta
+ 
+ 
+ def print_transition(trans):
+@@ -114,7 +114,7 @@ else:
+ 
+ try:
+     p = setools.SELinuxPolicy(args.policy)
+-    g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
++    g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+
+     if args.shortest_path or args.all_paths:
+         if args.shortest_path:
+diff --git a/seinfoflow b/seinfoflow
+index 97b14ba..e7f965d 100755
+--- a/seinfoflow
++++ b/seinfoflow
+@@ -17,7 +17,7 @@
+ # along with SETools.  If not, see <http://www.gnu.org/licenses/>.
+ #
+ 
+-import setools
++import setools.infoflow
+ import argparse
+ import sys
+ import logging
+@@ -81,7 +81,7 @@ else:
+ try:
+     p = setools.SELinuxPolicy(args.policy)
+     m = setools.PermissionMap(args.map)
+-    g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
++    g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
+ 
+     if args.shortest_path or args.all_paths:
+         if args.shortest_path:
+diff --git a/setools/__init__.py b/setools/__init__.py
+index 7b70f5e..5a5f7fe 100644
+--- a/setools/__init__.py
++++ b/setools/__init__.py
+@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery
+ from .devicetreeconquery import DevicetreeconQuery
+
+ # Information Flow Analysis
+-from .infoflow import InfoFlowAnalysis
+ from .permmap import PermissionMap
+ 
+-# Domain Transition Analysis
+-from .dta import DomainTransitionAnalysis
+-
+ # Policy difference
+ from .diff import PolicyDifference
+ 
+diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
+index 4608b9d..2cde44c 100644
+--- a/setoolsgui/apol/dta.py
++++ b/setoolsgui/apol/dta.py
+@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+     QTreeWidgetItem
+-from setools import DomainTransitionAnalysis
++from setools.dta import DomainTransitionAnalysis
+ 
+ from ..logtosignal import LogHandlerToSignal
+ from .analysistab import AnalysisTab
+diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
+index 7bca299..7fee277 100644
+--- a/setoolsgui/apol/infoflow.py
++++ b/setoolsgui/apol/infoflow.py
+@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+     QTreeWidgetItem
+-from setools import InfoFlowAnalysis
++from setools.infoflow import InfoFlowAnalysis
+ from setools.exception import UnmappedClass, UnmappedPermission
+ 
+ from ..logtosignal import LogHandlerToSignal
+diff --git a/tests/dta.py b/tests/dta.py
+index a0cc938..177e6fb 100644
+--- a/tests/dta.py
++++ b/tests/dta.py
+@@ -18,7 +18,7 @@
+ import os
+ import unittest
+
+-from setools import DomainTransitionAnalysis
++from setools.dta import DomainTransitionAnalysis
+ from setools import TERuletype as TERT
+ from setools.exception import InvalidType
+ from setools.policyrep import Type
+diff --git a/tests/infoflow.py b/tests/infoflow.py
+index aa0e44a..fca2848 100644
+--- a/tests/infoflow.py
++++ b/tests/infoflow.py
+@@ -18,7 +18,7 @@
+ import os
+ import unittest
+ 
+-from setools import InfoFlowAnalysis
++from setools.infoflow import InfoFlowAnalysis
+ from setools import TERuletype as TERT
+ from setools.exception import InvalidType
+ from setools.permmap import PermissionMap
+-- 
+2.17.2
+ 
diff --git a/setools.spec b/setools.spec
index bae8708..ed32f0e 100644
--- a/setools.spec
+++ b/setools.spec
@@ -3,11 +3,15 @@
 
 Name:                  setools
 Version:               4.2.2
-Release:               2
+Release:               3
 Summary:               Policy analysis tools for SELinux                 
 License:               GPLv2
 URL:                   https://github.com/SELinuxProject/setools/wiki
 Source0:               https://github.com/SELinuxProject/setools/archive/%{name}-%{version}.tar.gz                    
+
+Patch0001:             0001-Do-not-use-Werror-during-build.patch
+Patch0002:             0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+
 Obsoletes:             setools < 4.0.0, setools-devel < 4.0.0
 BuildRequires:         flex bison glibc-devel gcc git qt5-qtbase-devel swig
 BuildRequires:         libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
@@ -117,5 +121,8 @@ Python modules designed to facilitate SELinux policy analysis.
 %{_mandir}/man1/sesearch*
 
 %changelog
+* Wed Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.2.2-3
+- Fix build fail for selinux-policy
+
 * Thu Jan 9 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.2.2-2
 - update to 4.2.2