.fixtures.yml

@@ -1,6 +1,5 @@
+---
 fixtures:
   repositories:
     stdlib: https://github.com/puppetlabs/puppetlabs-stdlib.git
-    selinux_core:
-      repo: https://github.com/puppetlabs/puppetlabs-selinux_core.git
-      puppet_version: ">= 6.0.0"
+    selinux_core: https://github.com/puppetlabs/puppetlabs-selinux_core.git

.github/CONTRIBUTING.md

@@ -124,7 +124,7 @@ If you have Ruby 2.x or want a specific version of Puppet,
 you must set an environment variable such as:
 
 ```sh
-export PUPPET_VERSION="~> 5.5.6"
+export PUPPET_GEM_VERSION="~> 6.1.0"
 ```
 
 You can install all needed gems for spec tests into the modules directory by
@@ -232,17 +232,16 @@ simple tests against it after applying the module. You can run this
 with:
 
 ```sh
-BEAKER_setfile=debian10-x64 bundle exec rake beaker
+BEAKER_setfile=debian11-64 bundle exec rake beaker
 ```
 
 You can replace the string `debian10` with any common operating system.
 The following strings are known to work:
 
-* ubuntu1604
 * ubuntu1804
 * ubuntu2004
-* debian9
 * debian10
+* debian11
 * centos7
 * centos8
 

.github/workflows/ci.yml

@@ -6,57 +6,11 @@ name: CI
 
 on: pull_request
 
-jobs:
-  setup_matrix:
-    name: 'Setup Test Matrix'
-    runs-on: ubuntu-latest
-    timeout-minutes: 40
-    outputs:
-      puppet_unit_test_matrix: ${{ steps.get-outputs.outputs.puppet_unit_test_matrix }}
-      github_action_test_matrix: ${{ steps.get-outputs.outputs.github_action_test_matrix }}
-    env:
-      BUNDLE_WITHOUT: development:system_tests:release
-    steps:
-      - uses: actions/checkout@v2
-      - name: Setup ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.0'
-          bundler-cache: true
-      - name: Run static validations
-        run: bundle exec rake validate lint check
-      - name: Run rake rubocop
-        run: bundle exec rake rubocop
-      - name: Setup Test Matrix
-        id: get-outputs
-        run: bundle exec metadata2gha --use-fqdn --pidfile-workaround false
-
-  unit:
-    needs: setup_matrix
-    runs-on: ubuntu-latest
-    timeout-minutes: 40
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{fromJson(needs.setup_matrix.outputs.puppet_unit_test_matrix)}}
-    env:
-      BUNDLE_WITHOUT: development:system_tests:release
-      PUPPET_VERSION: "~> ${{ matrix.puppet }}.0"
-    name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }})
-    steps:
-      - uses: actions/checkout@v2
-      - name: Setup ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          bundler-cache: true
-      - name: Run tests
-        run: bundle exec rake parallel_spec
+concurrency:
+  group: ${{ github.ref_name }}
+  cancel-in-progress: true
 
-  tests:
-    needs:
-      - unit
-    runs-on: ubuntu-latest
-    name: Test suite
-    steps:
-      - run: echo Test suite completed
+jobs:
+  puppet:
+    name: Puppet
+    uses: voxpupuli/gha-puppet/.github/workflows/basic.yml@v1

.github/workflows/release.yml

@@ -9,26 +9,14 @@ on:
     tags:
       - '*'
 
-env:
-  BUNDLE_WITHOUT: development:test:system_tests
-
 jobs:
-  deploy:
-    name: 'deploy to forge'
-    runs-on: ubuntu-latest
-    if: github.repository_owner == 'voxpupuli'
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '2.7'
-          bundler-cache: true
-      - name: Build and Deploy
-        env:
-          # Configure secrets here:
-          #  https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
-          BLACKSMITH_FORGE_USERNAME: '${{ secrets.PUPPET_FORGE_USERNAME }}'
-          BLACKSMITH_FORGE_API_KEY: '${{ secrets.PUPPET_FORGE_API_KEY }}'
-        run: bundle exec rake module:push
+  release:
+    name: Release
+    uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v1
+    with:
+      allowed_owner: 'voxpupuli'
+    secrets:
+      # Configure secrets here:
+      #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
+      username: ${{ secrets.PUPPET_FORGE_USERNAME }}
+      api_key: ${{ secrets.PUPPET_FORGE_API_KEY }}

.gitignore

@@ -1,23 +1,23 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-pkg/
-Gemfile.lock
-Gemfile.local
-vendor/
-.vendor/
-spec/fixtures/manifests/
-spec/fixtures/modules/
-.vagrant/
-.bundle/
-.ruby-version
-coverage/
-log/
-.idea/
-.dependencies/
-.librarian/
-Puppetfile.lock
+/pkg/
+/Gemfile.lock
+/Gemfile.local
+/vendor/
+/.vendor/
+/spec/fixtures/manifests/
+/spec/fixtures/modules/
+/.vagrant/
+/.bundle/
+/.ruby-version
+/coverage/
+/log/
+/.idea/
+/.dependencies/
+/.librarian/
+/Puppetfile.lock
 *.iml
 .*.sw?
-.yardoc/
-Guardfile
+/.yardoc/
+/Guardfile

.msync.yml

@@ -2,4 +2,4 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-modulesync_config_version: '4.2.0'
+modulesync_config_version: '6.0.0'

.pmtignore

@@ -1,38 +1,37 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-docs/
-pkg/
-Gemfile
-Gemfile.lock
-Gemfile.local
-vendor/
-.vendor/
-spec/
-Rakefile
-.vagrant/
-.bundle/
-.ruby-version
-coverage/
-log/
-.idea/
-.dependencies/
-.github/
-.librarian/
-Puppetfile.lock
+/docs/
+/pkg/
+/Gemfile
+/Gemfile.lock
+/Gemfile.local
+/vendor/
+/.vendor/
+/spec/
+/Rakefile
+/.vagrant/
+/.bundle/
+/.ruby-version
+/coverage/
+/log/
+/.idea/
+/.dependencies/
+/.github/
+/.librarian/
+/Puppetfile.lock
 *.iml
-.editorconfig
-.fixtures.yml
-.gitignore
-.msync.yml
-.overcommit.yml
-.pmtignore
-.rspec
-.rspec_parallel
-.rubocop.yml
-.sync.yml
+/.editorconfig
+/.fixtures.yml
+/.gitignore
+/.msync.yml
+/.overcommit.yml
+/.pmtignore
+/.rspec
+/.rspec_parallel
+/.rubocop.yml
+/.sync.yml
 .*.sw?
-.yardoc/
-.yardopts
-Dockerfile
-.puppet-lint.rc
+/.yardoc/
+/.yardopts
+/Dockerfile

.puppet-lint.rc

@@ -1 +1,2 @@
+--fail-on-warnings
 --no-anchor_resource-check

.rubocop.yml

@@ -1,4 +1,6 @@
 ---
+inherit_from: .rubocop_todo.yml
+
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 

.rubocop_todo.yml

@@ -0,0 +1,38 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2023-06-29 07:44:45 UTC using RuboCop version 1.22.3.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Lint/AmbiguousOperatorPrecedence:
+  Exclude:
+    - 'lib/puppet/provider/selinux_login/semanage.rb'
+
+# Offense count: 2
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: enums
+Lint/ConstantDefinitionInBlock:
+  Exclude:
+    - 'lib/puppet/provider/selinux_login/semanage.rb'
+    - 'lib/puppet/provider/selinux_port/semanage.rb'
+
+# Offense count: 1
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 6
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/ExpandPathArguments:
+  Exclude:
+    - 'lib/puppet/provider/selinux_login/semanage.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/IfUnlessModifier:
+  Exclude:
+    - 'lib/puppet/provider/selinux_login/semanage.rb'

.sync.yml

@@ -1,10 +1,9 @@
 ---
-.pmtignore:
-  paths:
-    - .puppet-lint.rc
 spec/spec_helper.rb:
   mock_with: ':mocha'
-Gemfile:
-  optional:
-    ':test':
-      - gem: puppet-lint-param-docs
+.puppet-lint.rc:
+  disabled_lint_checks:
+    - anchor_resource
+  enabled_lint_checks:
+    - parameter_documentation
+    - parameter_types

CHANGELOG.md

@@ -4,6 +4,29 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v4.0.0](https://github.com/voxpupuli/puppet-selinux/tree/v4.0.0) (2023-06-29)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v3.4.1...v4.0.0)
+
+**Breaking changes:**
+
+- puppetlabs/stdlib: Require 9.x [\#370](https://github.com/voxpupuli/puppet-selinux/pull/370) ([bastelfreak](https://github.com/bastelfreak))
+- Drop EoL RHEL 6 support [\#368](https://github.com/voxpupuli/puppet-selinux/pull/368) ([bastelfreak](https://github.com/bastelfreak))
+- Drop Puppet 6 support [\#365](https://github.com/voxpupuli/puppet-selinux/pull/365) ([bastelfreak](https://github.com/bastelfreak))
+- Drop Puppet 5 support [\#361](https://github.com/voxpupuli/puppet-selinux/pull/361) ([ekohl](https://github.com/ekohl))
+
+**Implemented enhancements:**
+
+- Add puppet 8 support [\#369](https://github.com/voxpupuli/puppet-selinux/pull/369) ([bastelfreak](https://github.com/bastelfreak))
+- Add param for selinux::fcontext::equivalence elements [\#360](https://github.com/voxpupuli/puppet-selinux/pull/360) ([jcpunk](https://github.com/jcpunk))
+- Add Debian 11 support by moving the policy packages definition [\#359](https://github.com/voxpupuli/puppet-selinux/pull/359) ([jcpunk](https://github.com/jcpunk))
+- add support for selinux login [\#356](https://github.com/voxpupuli/puppet-selinux/pull/356) ([bshelton](https://github.com/bshelton))
+- Simplify loading of selinux sandbox tooling [\#354](https://github.com/voxpupuli/puppet-selinux/pull/354) ([jcpunk](https://github.com/jcpunk))
+
+**Fixed bugs:**
+
+- Wrap some more commands in "if selinux is enabled" [\#363](https://github.com/voxpupuli/puppet-selinux/pull/363) ([jcpunk](https://github.com/jcpunk))
+
 ## [v3.4.1](https://github.com/voxpupuli/puppet-selinux/tree/v3.4.1) (2021-08-26)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v3.4.0...v3.4.1)
@@ -527,7 +550,7 @@ These should not affect the functionality of the module.
 - Whitespace lint fixes [\#63](https://github.com/voxpupuli/puppet-selinux/pull/63) ([mld](https://github.com/mld))
 - Implements SELinux type checking and ensuring. [\#62](https://github.com/voxpupuli/puppet-selinux/pull/62) ([ElvenSpellmaker](https://github.com/ElvenSpellmaker))
 - added hiera support [\#49](https://github.com/voxpupuli/puppet-selinux/pull/49) ([dacron](https://github.com/dacron))
-- Make port exec statement unique for protocol [\#37](https://github.com/voxpupuli/puppet-selinux/pull/37) ([dlevene1](https://github.com/dlevene1))
+- Make port exec statement unique for protocol [\#37](https://github.com/voxpupuli/puppet-selinux/pull/37) ([DLV111](https://github.com/DLV111))
 
 ## [v0.2.6](https://github.com/voxpupuli/puppet-selinux/tree/v0.2.6) (2015-10-20)
 

Dockerfile

@@ -8,7 +8,7 @@ WORKDIR /opt/puppet
 # https://github.com/puppetlabs/puppet/blob/06ad255754a38f22fb3a22c7c4f1e2ce453d01cb/lib/puppet/provider/service/runit.rb#L39
 RUN mkdir -p /etc/sv
 
-ARG PUPPET_VERSION="~> 6.0"
+ARG PUPPET_GEM_VERSION="~> 6.0"
 ARG PARALLEL_TEST_PROCESSORS=4
 
 # Cache gems