Picks from Fedora review (#737)

Porting back a few changes to release process made in the 0.6 branch
while working on #715

.copr/Makefile

@@ -22,20 +22,21 @@ clean:
 	rm -f vendor-py.tar.gz
 
 ifeq ($(OS_ID),rhel)
-dnf: dnf-common dnf-rpmdev
+dnf: dnf-common dnf-el
 else
-dnf: dnf-common
+dnf: dnf-common dnf-fc
 endif
 
 dnf-common:
 	dnf install -y git which openssl-devel dbus-devel python3-devel python3-pip python3-toml python3-beautifulsoup4 python3-requests python3-babel python3-markdown2 itstool
-	dnf install -y rust-packaging || true
-	dnf install -y rust-toolset || true
-	cargo install cargo-vendor-filterer
 
-dnf-rpmdev:
-	# only dependent for spectool in python-py
+dnf-fc:
+	dnf install -y rust-packaging
+
+dnf-el:
 	dnf install -y rpmdevtools
+	dnf install -y rust-toolset
+	cargo install cargo-vendor-filterer
 
 ifeq ($(OS_ID),rhel)
 # we only need to vendor rust and python on rhel
@@ -46,7 +47,6 @@ endif
 
 vendor-app:
 	git archive HEAD -o fapolicy-analyzer.tar.gz --prefix=fapolicy-analyzer/
-	cp fapolicy-analyzer.tar.gz /tmp/rpmbuild/SOURCES/
 
 vendor-py:
 	which spectool && spectool -gf -C /tmp/rpmbuild/SOURCES/ \$(spec) || true
@@ -56,11 +56,20 @@ vendor-rs:
 	./scripts/srpm/vendor-rs.sh
 	cp vendor-rs.tar.gz /tmp/rpmbuild/SOURCES/
 
+move-sources: prepfs
+	cp fapolicy-analyzer.tar.gz /tmp/rpmbuild/SOURCES/
+
 vendor-doc:
 	python3 help update
 	tar --exclude=es --exclude=*.py --exclude=.gitignore -cvzf vendor-docs.tar.gz help
 	cp vendor-docs.tar.gz /tmp/rpmbuild/SOURCES/
 
-srpm: identify prepfs dnf vendor
+build:
 	rpmbuild -bs -D "_topdir /tmp/rpmbuild" \$(spec)
+
+export:
+	mkdir -p \$(outdir)/
 	cp -v /tmp/rpmbuild/SRPMS/* \$(outdir)/
+
+# the copr entrypoint
+srpm: idenfity dnf vendor move-sources build export

.github/workflows/rpm.yml

@@ -25,8 +25,40 @@ jobs:
         run: |
           echo "::set-output name=matrix::$(cat .github/rpm-matrix.json | tr -d '\n' | tr -d ' ')"
 
+  source0:
+    name: Vendor Source0
+    runs-on: ubuntu-20.04
+    container: registry.fedoraproject.org/fedora:rawhide
+    steps:
+      - name: Install deps
+        run: dnf install -y git make
+
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+
+      - name: Mark as git safe
+        run: |
+          git config --global --add safe.directory $GITHUB_WORKSPACE
+
+      - name: Vendor
+        run: |
+          make -f .copr/Makefile vendor-app
+
+      - name: Upload
+        uses: actions/upload-artifact@v3
+        with:
+          name: source0
+          path: |
+            fapolicy-analyzer.tar.gz
+
+      - name: Checksum
+        run: |
+          sha256sum fapolicy-analyzer.tar.gz
+
   srpm:
-    needs: [ config ]
+    needs: [ config, source0 ]
     name: SRPM Build ${{ matrix.props.dist }}
     container: ${{ matrix.props.image }}
     runs-on: ubuntu-20.04
@@ -51,10 +83,6 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/v')
         run: echo ::set-output name=VERSION::$(echo $GITHUB_REF | cut -d/ -f3)
 
-      - name: Workspace is git safe directory
-        run: |
-          git config --global --add safe.directory $GITHUB_WORKSPACE
-
       - name: Ensure spec version matches tag
         if: startsWith(github.ref, 'refs/tags/v')
         run: |
@@ -91,28 +119,41 @@ jobs:
 
       - name: Install SRPM build dependencies
         run: |
-          make -f .copr/Makefile dnf
+          make -f .copr/Makefile dnf OS_ID=${{ matrix.props.platform }}
+
+      - name: Fetch Source0 tarball
+        uses: actions/download-artifact@v3
+        with:
+          name: source0
+          path: /tmp/rpmbuild/SOURCES/
+
+      - name: Mark as git safe
+        run: |
+          git config --global --add safe.directory $GITHUB_WORKSPACE
 
       - name: Build SRPM
         run: |
-          make -f .copr/Makefile srpm outdir=/tmp/archives spec=${{ matrix.props.spec }} OS_ID=${{ matrix.props.platform }}
+          make -f .copr/Makefile             \
+               vendor build export           \
+               outdir=/tmp/archives          \
+               spec=${{ matrix.props.spec }} \
+               OS_ID=${{ matrix.props.platform }}
 
-      - name: Export tarballs
+      - name: Export common tarballs
         run: |
           mkdir -p /tmp/archives
-          mv vendor-docs.tar.gz       /tmp/archives
-          mv fapolicy-analyzer.tar.gz /tmp/archives
+          mv vendor-docs.tar.gz /tmp/archives
         env:
           PLATFORM: ${{ matrix.props.dist }}
 
-      - name: Export Rust vendor tarball
+      - name: Export el tarballs
         if: startsWith(matrix.props.dist, 'el')
         run: |
           mv vendor-rs.tar.gz /tmp/archives/vendor-rs.tar.gz
         env:
           PLATFORM: ${{ matrix.props.dist }}
 
-      - name: Upload tarballs
+      - name: Upload SourceX
         uses: actions/upload-artifact@v3
         with:
           name: tarball-artifacts
@@ -128,7 +169,7 @@ jobs:
 
       - name: Checksum artifacts
         run: |
-          sha256sum /tmp/archives/*
+          sha256sum /tmp/archives/* || true
 
   copr:
     needs: [ config, srpm ]
@@ -271,7 +312,8 @@ jobs:
           prerelease: ${{ startsWith(github.ref, 'refs/tags/v0') || contains(github.ref, 'rc') }}
           draft: true
           files: |
-            ${{ matrix.props.spec }}
+            fapolicy-analyzer.spec
+            /tmp/archives/source0/*.tar.gz
             /tmp/archives/rpm-artifacts/*.rpm
             /tmp/archives/srpm-artifacts/*.src.rpm
             /tmp/archives/tarball-artifacts/*.tar.gz

data/fapolicy-analyzer.8

@@ -1,25 +1,27 @@
 .\" Manpage for fapolicy-analyzer.
-.TH man 8 "20 Dec 2022" "1.0" "nuseradd man page"
+.TH man 8 "16 Dec 2022" "1.0" "fapolicy-analyzer man page"
 .SH NAME
-fapolicy-analyzer \- Configuration and management of fapolicyd
+fapolicy-analyzer \- Configuration and log analysis for fapolicyd
 .SH SYNOPSIS
-This application consists of several GUI components that assist with the configuration and management of fapolicyd:
+Provides GTK+3 tools to assist with the configuration and management of fapolicyd.
 .P
-  1. Trust Administration
+There are four tools provided with the application:
+.P
+  1. Trust Administration - View and edit the fapolicyd trust database, including discrepancies between disk and trust.
 .br
-  2. Rule Administration
+  2. Rule Administration - Author fapolicyd rules in a graphical editor with syntax highlighting and linting.
 .br
-  3. Policy Profiling
+  3. Policy Profiling - Execute applications in passive mode, capturing the logging output for analysis.
 .br
-  4. Log Analysis
+  4. Log Analysis - View fapolicyd log data in graphical components that enable resolution of trust discrepancies.
 
 .SH DESCRIPTION
 File Access Policy Analyzer is a GUI tool to assist with the configuration and management of fapolicyd.
 
 .SH NOTES
-The configuration is located ~/.config/fapolicy-analyzer/config.toml.
+The application configuration is located ~/.config/fapolicy-analyzer/config.toml.
 .br
-The startup script will use polkit to escalate privileges if sudo is not used.
+The application entrypoint will use polkit to escalate privileges if sudo is not used.
 .br
 
 .SH OPTIONS
@@ -28,8 +30,8 @@ The startup script will use polkit to escalate privileges if sudo is not used.
 Enable verbose mode to increase logging output.
 
 .SH FILES
-.B ~/.config/fapolicy-analyzer/fapolicy-analyzer.toml
-- application configuration
+.B ~/.config/fapolicy-analyzer/config.toml
+- application configuration toml
 .P
 
 .SH SEE ALSO

fapolicy-analyzer.spec

@@ -4,7 +4,9 @@ Version:       1.0.0
 Release:       1%{?dist}
 License:       GPLv3+
 URL:           https://github.com/ctc-oss/fapolicy-analyzer
-Source0:       %{url}/releases/download/v%{version}/fapolicy-analyzer.tar.gz
+Source0:       %{url}/releases/download/v%{version}/%{name}.tar.gz
+
+# this tarball contains documentation used to generate help docs
 Source1:       %{url}/releases/download/v%{version}/vendor-docs.tar.gz
 
 BuildRequires: python3-devel
@@ -94,8 +96,10 @@ Requires:      python3-configargparse
 Requires:      python3-more-itertools
 Requires:      python3-rx
 Requires:      python3-importlib-metadata
+
 Requires:      gtk3
 Requires:      gtksourceview3
+Requires:      gnome-icon-theme
 
 # runtime required for rendering user guide
 Requires:      webkit2gtk3
@@ -137,8 +141,8 @@ echo %{module_version} > VERSION
 %{py3_install_wheel %{module}-%{module_version}*%{_arch}.whl}
 %{python3} help install --dest %{buildroot}/%{_datadir}/help
 install -D bin/%{name} %{buildroot}/%{_sbindir}/%{name}
-install -D data/fapolicy-analyzer.8 -t %{buildroot}/%{_mandir}/man8/
-desktop-file-install data/fapolicy-analyzer.desktop
+install -D data/%{name}.8 -t %{buildroot}/%{_mandir}/man8/
+desktop-file-install data/%{name}.desktop
 find locale -name %{name}.mo -exec cp --parents -rv {} %{buildroot}/%{_datadir} \;
 %find_lang %{name} --with-gnome
 
@@ -150,8 +154,8 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/%{name}.desktop
 %license LICENSE
 %{python3_sitearch}/%{module}
 %{python3_sitearch}/%{module}-%{module_version}*
-%attr(755,root,root) %{_sbindir}/fapolicy-analyzer
-%attr(644,root,root) %{_mandir}/man8/fapolicy-analyzer.8*
+%attr(755,root,root) %{_sbindir}/%{name}
+%attr(644,root,root) %{_mandir}/man8/%{name}.8*
 %attr(755,root,root) %{_datadir}/applications/%{name}.desktop
 
 %changelog

scripts/srpm/fapolicy-analyzer.spec

@@ -4,7 +4,7 @@ Version:       1.0.0
 Release:       1%{?dist}
 License:       GPLv3+
 URL:           https://github.com/ctc-oss/fapolicy-analyzer
-Source0:       %{url}/releases/download/v%{version}/fapolicy-analyzer.tar.gz
+Source0:       %{url}/releases/download/v%{version}/%{name}.tar.gz
 
 # this tarball contains bundled crates not available in Fedora
 # reference: https://bugzilla.redhat.com/show_bug.cgi?id=2124697#c5
@@ -234,25 +234,23 @@ python3 setup.py bdist_wheel
 %install
 %{py3_install_wheel %{module}-%{module_version}*%{_arch}.whl}
 %{python3} help install --dest %{buildroot}/%{_datadir}/help
-install bin/%{name} %{buildroot}/%{_sbindir}/%{name} -D
-install data/fapolicy-analyzer.8 %{buildroot}/%{_mandir}/man8/* -D
-desktop-file-install data/fapolicy-analyzer.desktop
+install -D bin/%{name} %{buildroot}/%{_sbindir}/%{name}
+install -D data/%{name}.8 -t %{buildroot}/%{_mandir}/man8/
+desktop-file-install data/%{name}.desktop
 find locale -name %{name}.mo -exec cp --parents -rv {} %{buildroot}/%{_datadir} \;
 %find_lang %{name} --with-gnome
 
-%post
-update-desktop-database
-
 %check
+desktop-file-validate %{buildroot}/%{_datadir}/applications/%{name}.desktop
 
 %files -n %{name} -f %{name}.lang
 %doc scripts/srpm/README
 %license LICENSE
 %{python3_sitearch}/%{module}
 %{python3_sitearch}/%{module}-%{module_version}*
-%attr(755,root,root) %{_sbindir}/fapolicy-analyzer
+%attr(755,root,root) %{_sbindir}/%{name}
+%attr(644,root,root) %{_mandir}/man8/%{name}.8*
 %attr(755,root,root) %{_datadir}/applications/%{name}.desktop
-%attr(644,root,root) %{_mandir}/man8/*
 
 %changelog
 * Fri Dec 16 2022 John Wass <jwass3@gmail.com> 1.0.0-1