CHANGELOG.md

@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v3.4.0](https://github.com/voxpupuli/puppet-selinux/tree/v3.4.0) (2021-05-26)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v3.3.1...v3.4.0)
+
+**Implemented enhancements:**
+
+- Resources that use 'semanage' should have an autorequires on the various packages [\#345](https://github.com/voxpupuli/puppet-selinux/issues/345)
+
+**Merged pull requests:**
+
+- Add package autorequires to native types [\#346](https://github.com/voxpupuli/puppet-selinux/pull/346) ([trevor-vaughan](https://github.com/trevor-vaughan))
+
 ## [v3.3.1](https://github.com/voxpupuli/puppet-selinux/tree/v3.3.1) (2021-05-18)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v3.3.0...v3.3.1)

lib/puppet/provider/selinux_port/semanage.rb

@@ -8,7 +8,7 @@
   # Determine the appropriate python command
   def self.python_command
     @python_command ||= nil
-    return @python_command unless @python_command.nil?
+    return @python_command if @python_command
 
     # Find the correct version of python on the system
     python_paths = [
@@ -18,24 +18,30 @@ def self.python_command
       'python2'
     ]
 
-    python_command = nil
+    valid_paths = []
+
     python_paths.each do |pypath|
       candidate = Puppet::Util.which(pypath)
 
       next unless candidate
+      valid_paths << candidate
+
       if Puppet::Util::Execution.execute("#{candidate} -c 'import semanage'", failonfail: false).exitstatus.zero?
-        python_command = candidate
+        @python_command = candidate
         break
       end
     end
 
-    @python_command = python_command
+    return @python_command if @python_command
 
-    @python_command
+    # Since this is used in 'instances', we have to shrug and hope for the
+    # best unless we want runs to fail until the system is 100% correct.
+    # So far, it does not appear to hurt anything in practice and preserves the
+    # behavior from previous releases that hard coded the path into the python
+    # script.
+    valid_paths.first
   end
 
-  confine false: python_command.nil?
-
   # current file path is lib/puppet/provider/selinux_port/semanage.rb
   # semanage_ports.py is lib/puppet_x/voxpupuli/selinux/semanage_ports.py
   PORTS_HELPER = File.expand_path('../../../../puppet_x/voxpupuli/selinux/semanage_ports.py', __FILE__)

lib/puppet/type/selinux_fcontext.rb

@@ -44,4 +44,15 @@
     desc 'The SELinux range'
     newvalues(%r{\w+})
   end
+
+  autorequire(:package) do
+    [
+      'policycoreutils',
+      'policycoreutils-python',
+      'policycoreutils-python-utils',
+      'python3-policycoreutils',
+      'selinux-policy-dev',
+      'selinux-policy-devel'
+    ]
+  end
 end

lib/puppet/type/selinux_fcontext_equivalence.rb

@@ -25,4 +25,15 @@
       end
     end
   end
+
+  autorequire(:package) do
+    [
+      'policycoreutils',
+      'policycoreutils-python',
+      'policycoreutils-python-utils',
+      'python3-policycoreutils',
+      'selinux-policy-dev',
+      'selinux-policy-devel'
+    ]
+  end
 end

lib/puppet/type/selinux_permissive.rb

@@ -12,4 +12,15 @@
     desc 'A read-only attribue indicating whether the type is locally customized'
     newvalues(true, false)
   end
+
+  autorequire(:package) do
+    [
+      'policycoreutils',
+      'policycoreutils-python',
+      'policycoreutils-python-utils',
+      'python3-policycoreutils',
+      'selinux-policy-dev',
+      'selinux-policy-devel'
+    ]
+  end
 end

lib/puppet/type/selinux_port.rb

@@ -49,4 +49,15 @@
       raise ArgumentError, ':source is a read-only property'
     end
   end
+
+  autorequire(:package) do
+    [
+      'policycoreutils',
+      'policycoreutils-python',
+      'policycoreutils-python-utils',
+      'python3-policycoreutils',
+      'selinux-policy-dev',
+      'selinux-policy-devel'
+    ]
+  end
 end

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppet-selinux",
-  "version": "3.3.1",
+  "version": "3.4.0",
   "author": "Vox Pupuli",
   "summary": "This class manages SELinux",
   "license": "Apache-2.0",