Merge branch 'master' into 1026-add_313_ci

.github/rpm-matrix.json

@@ -1,11 +1,20 @@
 {
   "props": [
+    {
+      "platform": "fedora",
+      "dist": "fc42",
+      "spec": "fapolicy-analyzer.spec",
+      "image": "registry.fedoraproject.org/fedora:42",
+      "chroot": "fedora-rawhide-x86_64",
+      "version": "42",
+      "prerelease": true
+    },
     {
       "platform": "fedora",
       "dist": "fc41",
       "spec": "fapolicy-analyzer.spec",
       "image": "registry.fedoraproject.org/fedora:41",
-      "chroot": "fedora-rawhide-x86_64",
+      "chroot": "fedora-41-x86_64",
       "version": "41",
       "prerelease": true
     },

.github/workflows/common.yml

@@ -15,7 +15,7 @@ jobs:
     name: License header check
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Check for required headers
         run: |
           ! grep -R -L --exclude-dir=vendor \

.github/workflows/coverity.yml

@@ -9,7 +9,7 @@ jobs:
   coverity:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: vapier/coverity-scan-action@v1
         with:
           command: --no-command --fs-capture-search fapolicy_analyzer

.github/workflows/pages.yml

@@ -59,7 +59,7 @@ jobs:
         working-directory: doc/site
 
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v2
+        uses: actions/upload-pages-artifact@v3
         with:
           path: ./doc/site/public
 

.github/workflows/pdf.yml

@@ -14,7 +14,7 @@ jobs:
           sudo apt update
           sudo apt install git pandoc texlive-latex-recommended texlive-latex-extra
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
           fetch-depth: 0

.github/workflows/python.yml

@@ -14,7 +14,7 @@ jobs:
   ruff:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: chartboost/ruff-action@v1
         with:
           src: fapolicy_analyzer
@@ -26,7 +26,7 @@ jobs:
       matrix:
         python-version: [ "3.9", "3.10", "3.11", "3.12", "3.13" ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install requirements
         run: |
           sudo apt-get update

.github/workflows/release.yml

@@ -15,7 +15,7 @@ jobs:
         sudo apt update
         sudo apt install -y git
 
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         ref: ${{ github.ref }}
         fetch-depth: 0

.github/workflows/rpm.yml

@@ -21,7 +21,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
       is-copr-enabled: ${{ steps.is-copr-enabled.outputs.defined }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
 
@@ -45,7 +45,7 @@ jobs:
       - name: Install deps
         run: dnf install -y git make python3
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
           fetch-depth: 0
@@ -83,7 +83,7 @@ jobs:
           mv fapolicy-analyzer-${spec_version}.tar.gz fapolicy-analyzer-${patched_version}.tar.gz
 
       - name: Upload
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: source0
           path: |
@@ -102,15 +102,13 @@ jobs:
         run: |
           dnf install -y git dnf5-plugins dnf-plugins-core cargo2rpm
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
           fetch-depth: 0
 
       - name: Adjust spec
         run: |
-          # disable dev-tools crate
-          sed -i '/tools/d' Cargo.toml
           # generate build deps with cargo2rpm
           cargo2rpm -p Cargo.toml buildrequires | while read line; do
             grep -n "BuildRequires:" fapolicy-analyzer.spec | head -n1 | cut -d: -f1 | xargs -I{} sed -i "{}iBuildRequires: $line" fapolicy-analyzer.spec
@@ -126,7 +124,7 @@ jobs:
           scripts/srpm/vendor-rs.sh
 
       - name: Upload tarball
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: crates0
           path: |
@@ -152,7 +150,7 @@ jobs:
       - name: Install Git
         run: dnf install -y git
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
           fetch-depth: 0
@@ -214,14 +212,14 @@ jobs:
           make -f .copr/Makefile dnf OS_ID=${{ matrix.props.platform }}
 
       - name: Fetch Source0 tarball
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: source0
           path: /tmp/rpmbuild/SOURCES/
 
       - name: Fetch Crates0 tarball
         if: startsWith(matrix.props.dist, 'el')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: crates0
           path: /tmp/rpmbuild/SOURCES/
@@ -259,16 +257,16 @@ jobs:
           mv /tmp/rpmbuild/SOURCES/vendor-rs-${version}.tar.gz /tmp/archives/
 
       - name: Upload Tarballs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: tarball-artifacts
+          name: tarball-artifacts-${{ matrix.props.dist }} 
           path: |
             /tmp/archives/*.tar.gz
 
       - name: Upload SRPMs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: srpm-artifacts
+          name: srpm-artifacts-${{ matrix.props.dist }} 
           path: |
             /tmp/archives/*.src.rpm
 
@@ -291,9 +289,9 @@ jobs:
           dnf install -y copr-cli
 
       - name: Download srpm artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: srpm-artifacts
+          name: srpm-artifacts-${{ matrix.props.dist }} 
           path: /tmp/
 
       - name: Checksum artifacts
@@ -325,21 +323,21 @@ jobs:
     strategy:
       matrix: ${{ fromJson(needs.config.outputs.matrix )}}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
 
       - name: Download srpm artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: srpm-artifacts
+          name: srpm-artifacts-${{ matrix.props.dist }} 
           path: /tmp/src/
 
       - name: Download tarball artifacts
         if: startsWith(matrix.props.dist, 'el')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: tarball-artifacts
+          name: tarball-artifacts-${{ matrix.props.dist }} 
           path: /tmp/src/
 
       - name: Checksum artifacts
@@ -382,9 +380,9 @@ jobs:
           ls | grep -v -e debug -e log | xargs mv -t /tmp/archives
 
       - name: Upload RPMs
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: rpm-artifacts
+          name: rpm-artifacts-${{ matrix.props.dist }} 
           path: |
             /tmp/archives/*.x86_64.rpm
 
@@ -397,14 +395,14 @@ jobs:
       matrix: ${{ fromJson(needs.config.outputs.matrix )}}
     continue-on-error: ${{ matrix.props.prerelease }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
 
       - name: Download rpm artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: rpm-artifacts
+          name: rpm-artifacts-${{ matrix.props.dist }} 
           path: /tmp/src/
 
       - name: Checksum artifacts
@@ -431,12 +429,12 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
 
       - name: Download artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: /tmp/archives/
 

.github/workflows/rust.yml

@@ -15,7 +15,7 @@ jobs:
     name: Rustfmt
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@v1
         with:
           components: rustfmt
@@ -32,7 +32,7 @@ jobs:
     name: Check
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install package dependencies
         run: |
           sudo apt-get update
@@ -48,7 +48,7 @@ jobs:
     name: Clippy
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Install package dependencies
         run: |
@@ -101,7 +101,7 @@ jobs:
     name: Test Suite
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install package dependencies
         run: |
           sudo apt-get update

.github/workflows/tools.yml

@@ -16,8 +16,8 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-20.04
-    # 28 has glibc-2.27, compatible >= el8, fc, ubuntu 18.04
-    container: fedora:28
+    # 29 has glibc-2.28, compatible >= el8, fc, ubuntu 20.04
+    container: fedora:29
     steps:
       - name: Install build deps
         run: |
@@ -29,7 +29,7 @@ jobs:
         with:
           toolchain: 1.71.1
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
           fetch-depth: 0
@@ -44,11 +44,10 @@ jobs:
         run: |
           mkdir /tmp/tools
           mv target/release/tdb /tmp/tools/tdb
-          mv target/release/rulec /tmp/tools/rulec
           mv target/release/faprofiler /tmp/tools/faprofiler
 
       - name: Archive Tools
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: fapolicy-analyzer-tools
           path: /tmp/tools/*

CHANGELOG.md

@@ -8,6 +8,23 @@ Release notes
 
 <!-- towncrier release notes start -->
 
+## [v1.4.0](https://github.com/ctc-oss/fapolicy-analyzer/releases/tag/v1.4.0) - 2024-07-28
+
+
+### Added
+
+- Added fapolicyd package filter config parser and analyzer. ([#1012](https://github.com/ctc-oss/fapolicy-analyzer/pull/1012))
+- Added fapolicyd package filter config editor GUI. ([#1014](https://github.com/ctc-oss/fapolicy-analyzer/pull/1014))
+
+### Fixed
+
+- Address new Py 3.13 eval() parameter list while still supporting RHEL9 Py 3.9 ([#1022](https://github.com/ctc-oss/fapolicy-analyzer/pull/1022))
+
+### Packaging
+
+- Supporting Fedora 41, 40, 39, dropped support for 38. ([#1016](https://github.com/ctc-oss/fapolicy-analyzer/pull/1016))
+
+
 ## [v1.3.0](https://github.com/ctc-oss/fapolicy-analyzer/releases/tag/v1.3.0) - 2024-02-11