.github/CONTRIBUTING.md

@@ -131,19 +131,29 @@ You can install all needed gems for spec tests into the modules directory by
 running:
 
 ```sh
-bundle install --path .vendor/ --without development system_tests release --jobs "$(nproc)"
+bundle config set --local path '.vendor/'
+bundle config set --local without 'development system_tests release'
+bundle install --jobs "$(nproc)"
 ```
 
 If you also want to run acceptance tests:
 
 ```sh
-bundle install --path .vendor/ --with system_tests --without development release --jobs "$(nproc)"
+bundle config set --local path '.vendor/'
+bundle config set --local without 'development release'
+bundle config set --local with 'system_tests'
+bundle install --jobs "$(nproc)"
 ```
 
 Our all in one solution if you don't know if you need to install or update gems:
 
 ```sh
-bundle install --path .vendor/ --with system_tests --without development release --jobs "$(nproc)"; bundle update; bundle clean
+bundle config set --local path '.vendor/'
+bundle config set --local without 'development release'
+bundle config set --local with 'system_tests'
+bundle install --jobs "$(nproc)"
+bundle update
+bundle clean
 ```
 
 As an alternative to the `--jobs "$(nproc)` parameter, you can set an
@@ -235,15 +245,23 @@ with:
 BEAKER_PUPPET_COLLECTION=puppet7 BEAKER_setfile=debian11-64 bundle exec rake beaker
 ```
 
+or
+
+```sh
+BEAKER_PUPPET_COLLECTION=none BEAKER_setfile=archlinux-64 bundle exec rake beaker
+```
+
+This latter example will use the distribution's own version of Puppet.
+
 You can replace the string `debian11` with any common operating system.
 The following strings are known to work:
 
 * ubuntu2004
 * ubuntu2204
 * debian11
-* centos7
-* centos8
+* debian12
 * centos9
+* archlinux
 * almalinux8
 * almalinux9
 * fedora36

.rspec → .github/labeler.yml

@@ -1,5 +1,6 @@
+---
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
---format documentation
---color
+skip-changelog:
+ - head-branch: ['^release-*', 'release']

.github/release.yml

@@ -0,0 +1,42 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+
+changelog:
+  exclude:
+    labels:
+      - duplicate
+      - invalid
+      - modulesync
+      - question
+      - skip-changelog
+      - wont-fix
+      - wontfix
+
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - backwards-incompatible
+
+    - title: New Features 🎉
+      labels:
+        - enhancement
+
+    - title: Bug Fixes 🐛
+      labels:
+        - bug
+
+    - title: Documentation Updates 📚
+      labels:
+        - documentation
+        - docs
+
+    - title: Dependency Updates ⬆️
+      labels:
+        - dependencies
+
+    - title: Other Changes
+      labels:
+        - "*"

.github/workflows/ci.yml

@@ -4,7 +4,12 @@
 
 name: CI
 
-on: pull_request
+on:
+  pull_request: {}
+  push:
+    branches:
+      - main
+      - master
 
 concurrency:
   group: ${{ github.ref_name }}
@@ -13,4 +18,4 @@ concurrency:
 jobs:
   puppet:
     name: Puppet
-    uses: voxpupuli/gha-puppet/.github/workflows/basic.yml@v1
+    uses: voxpupuli/gha-puppet/.github/workflows/basic.yml@v2

.github/workflows/labeler.yml

@@ -0,0 +1,17 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: "Pull Request Labeler"
+
+on:
+  pull_request_target: {}
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5

.github/workflows/release.yml

@@ -12,11 +12,18 @@ on:
 jobs:
   release:
     name: Release
-    uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v1
+    uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v2
     with:
       allowed_owner: 'voxpupuli'
     secrets:
       # Configure secrets here:
       #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
       username: ${{ secrets.PUPPET_FORGE_USERNAME }}
       api_key: ${{ secrets.PUPPET_FORGE_API_KEY }}
+
+  create-github-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create GitHub release
+        uses: voxpupuli/gha-create-a-github-release@v1

.gitignore

@@ -21,3 +21,5 @@
 .*.sw?
 /.yardoc/
 /Guardfile
+bolt-debug.log
+.rerun.json

.msync.yml

@@ -2,4 +2,4 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-modulesync_config_version: '7.0.0'
+modulesync_config_version: '9.1.0'

.overcommit.yml

@@ -43,10 +43,12 @@ PreCommit:
     enabled: true
     description: 'Runs rubocop on modified files only'
     command: ['bundle', 'exec', 'rubocop']
-  PuppetLint:
+  RakeTarget:
     enabled: true
-    description: 'Runs puppet-lint on modified files only'
-    command: ['bundle', 'exec', 'puppet-lint']
+    description: 'Runs lint on modified files only'
+    targets:
+      - 'lint'
+    command: ['bundle', 'exec', 'rake']
   YamlSyntax:
     enabled: true
   JsonSyntax:

.pmtignore

@@ -35,3 +35,4 @@
 /.yardoc/
 /.yardopts
 /Dockerfile
+/HISTORY.md

.puppet-lint.rc

@@ -1,2 +1,5 @@
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
 --fail-on-warnings
 --no-anchor_resource-check

.sync.yml

@@ -1,9 +1,12 @@
 ---
 spec/spec_helper.rb:
   mock_with: ':mocha'
+  facterdb_string_keys: true
 .puppet-lint.rc:
   disabled_lint_checks:
     - anchor_resource
   enabled_lint_checks:
     - parameter_documentation
     - parameter_types
+.github/workflows/ci.yml:
+  acceptance_tests: false

CHANGELOG.md

@@ -4,6 +4,28 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v5.0.0](https://github.com/voxpupuli/puppet-selinux/tree/v5.0.0) (2024-09-12)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v4.1.0...v5.0.0)
+
+**Breaking changes:**
+
+- Drop EoL Fedora 36 [\#398](https://github.com/voxpupuli/puppet-selinux/pull/398) ([bastelfreak](https://github.com/bastelfreak))
+- Drop EoL RedHat 7 support [\#397](https://github.com/voxpupuli/puppet-selinux/pull/397) ([bastelfreak](https://github.com/bastelfreak))
+- Drop EoL Fedora 30,31,32,33 support [\#396](https://github.com/voxpupuli/puppet-selinux/pull/396) ([bastelfreak](https://github.com/bastelfreak))
+- Drop EoL CentOS 7/8 [\#394](https://github.com/voxpupuli/puppet-selinux/pull/394) ([bastelfreak](https://github.com/bastelfreak))
+- Drop EoL Debian 10 support [\#393](https://github.com/voxpupuli/puppet-selinux/pull/393) ([bastelfreak](https://github.com/bastelfreak))
+
+**Implemented enhancements:**
+
+- Add Fedora 36/40 support [\#395](https://github.com/voxpupuli/puppet-selinux/pull/395) ([bastelfreak](https://github.com/bastelfreak))
+- use modern stdlib function [\#391](https://github.com/voxpupuli/puppet-selinux/pull/391) ([vchepkov](https://github.com/vchepkov))
+- selinux\_build\_module\_simple.sh: improve quoting [\#375](https://github.com/voxpupuli/puppet-selinux/pull/375) ([kenyon](https://github.com/kenyon))
+
+**Merged pull requests:**
+
+- Ensure examples compile [\#384](https://github.com/voxpupuli/puppet-selinux/pull/384) ([ekohl](https://github.com/ekohl))
+
 ## [v4.1.0](https://github.com/voxpupuli/puppet-selinux/tree/v4.1.0) (2023-10-31)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v4.0.0...v4.1.0)
@@ -224,7 +246,7 @@ These should not affect the functionality of the module.
 **Closed issues:**
 
 - Puppet change for each selinux module for every Puppet run [\#261](https://github.com/voxpupuli/puppet-selinux/issues/261)
-- Calls to $::selinux facts should use the $facts hash [\#258](https://github.com/voxpupuli/puppet-selinux/issues/258)
+- Calls to $selinux facts should use the $facts hash [\#258](https://github.com/voxpupuli/puppet-selinux/issues/258)
 
 **Merged pull requests:**
 
@@ -427,7 +449,7 @@ These should not affect the functionality of the module.
 **Merged pull requests:**
 
 - Release 0.7.1 [\#160](https://github.com/voxpupuli/puppet-selinux/pull/160) ([vinzent](https://github.com/vinzent))
-- Fix usage of non-existent $::selinux\_enabled fact [\#159](https://github.com/voxpupuli/puppet-selinux/pull/159) ([vinzent](https://github.com/vinzent))
+- Fix usage of non-existent $selinux\_enabled fact [\#159](https://github.com/voxpupuli/puppet-selinux/pull/159) ([vinzent](https://github.com/vinzent))
 - Default to undef for syncversion parameter in selinux::module  [\#158](https://github.com/voxpupuli/puppet-selinux/pull/158) ([vinzent](https://github.com/vinzent))
 - Remove mentions of Ruby requirements in README [\#156](https://github.com/voxpupuli/puppet-selinux/pull/156) ([juniorsysadmin](https://github.com/juniorsysadmin))
 

Gemfile

@@ -4,10 +4,10 @@
 source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
 group :test do
-  gem 'voxpupuli-test', '~> 7.0',   :require => false
+  gem 'voxpupuli-test', '~> 9.0',   :require => false
   gem 'coveralls',                  :require => false
   gem 'simplecov-console',          :require => false
-  gem 'puppet_metadata', '~> 3.0',  :require => false
+  gem 'puppet_metadata', '~> 4.0',  :require => false
 end
 
 group :development do
@@ -16,13 +16,11 @@ group :development do
 end
 
 group :system_tests do
-  gem 'voxpupuli-acceptance', '~> 2.0',  :require => false
+  gem 'voxpupuli-acceptance', '~> 3.0',  :require => false
 end
 
 group :release do
-  gem 'github_changelog_generator', '>= 1.16.1',  :require => false
-  gem 'voxpupuli-release', '~> 3.0',              :require => false
-  gem 'faraday-retry', '~> 2.1',                  :require => false
+  gem 'voxpupuli-release', '~> 3.0',  :require => false
 end
 
 gem 'rake', :require => false

examples/minimal.pp

@@ -12,5 +12,5 @@
 #
 
 class { 'selinux':
-  type => 'minimal',
+  type => 'minimum',
 }

files/selinux_build_module_simple.sh

@@ -4,13 +4,13 @@ module_dir="$2"
 
 set -e
 
-cd $module_dir
-test -d tmp || mkdir tmp
+cd "$module_dir"
+mkdir -p tmp
+
+checkmodule -M -m -o "tmp/${module_name}.mod" "${module_name}.te"
 
-checkmodule -M -m -o tmp/${module_name}.mod ${module_name}.te
-package_args="-o ${module_name}.pp -m tmp/${module_name}.mod"
 if [ -s "${module_name}.fc" ]; then
-    package_args="${package_args} --fc ${module_name}.fc"
+    semodule_package -o "${module_name}.pp" -m "tmp/${module_name}.mod" --fc "${module_name}.fc"
+else
+    semodule_package -o "${module_name}.pp" -m "tmp/${module_name}.mod"
 fi
-
-semodule_package ${package_args}

manifests/module.pp

@@ -136,7 +136,7 @@
       exec { "build-module-${title}":
         path    => '/bin:/usr/bin',
         cwd     => $module_dir,
-        command => "${build_command} || (rm -f ${module_file}.pp ${module_file}.loaded && exit 1)",
+        command => "${build_command} || (rm -f '${module_file}.pp' '${module_file}.loaded' && exit 1)",
         creates => "${module_file}.pp",
         notify  => Exec["install-module-${title}"],
       }
@@ -168,7 +168,7 @@
       exec { "install-module-${title}":
         path    => '/sbin:/usr/sbin:/bin:/usr/bin',
         cwd     => $module_dir,
-        command => "semodule -i ${module_file}.pp && touch ${module_file}.loaded",
+        command => "semodule -i '${module_file}.pp' && touch '${module_file}.loaded'",
         creates => "${module_file}.loaded",
         before  => Selmodule[$title],
       }

manifests/refpolicy_package.pp

@@ -11,6 +11,6 @@
 ) inherits selinux {
   assert_private()
   if $manage_package {
-    ensure_packages ($package_name)
+    stdlib::ensure_packages ($package_name)
   }
 }