[rpms/haveged] epel10: Merge rawhide — add SELinux policy module

[Jirka Hladky <jhladky@redhat.com>]

A new commit has been pushed.

Repo   : rpms/haveged
Branch : epel10
Commit : f0b04c3ee9d9dec8be4ec1607ed7395045638cc7
Author : Jirka Hladky <jhladky@redhat.com>
Date   : 2026-06-19T04:26:16+02:00
Stats  : +34/-32 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/haveged/c/f0b04c3ee9d9dec8be4ec1607ed7395045638cc7?branch=epel10

Log:
Merge rawhide — add SELinux policy module

---
diff --git a/haveged-semaphore.te b/haveged-semaphore.te
new file mode 100644
index 0000000..c4233c3
--- /dev/null
+++ b/haveged-semaphore.te
@@ -0,0 +1,11 @@
+module haveged-semaphore 1.0;
+
+require {
+    type entropyd_t;
+    type tmpfs_t;
+    class file { create open read write getattr setattr unlink link rename lock map };
+    class dir { write add_name remove_name search getattr };
+}
+
+allow entropyd_t tmpfs_t:file { create open read write getattr setattr unlink link rename lock map };
+allow entropyd_t tmpfs_t:dir { write add_name remove_name search getattr };

diff --git a/haveged.spec b/haveged.spec
index 2054789..ccfb361 100644
--- a/haveged.spec
+++ b/haveged.spec
@@ -2,17 +2,19 @@
 Summary:        A Linux entropy source using the HAVEGE algorithm
 Name:           haveged
 Version:        1.9.23
-Release:        1%{?dist}
+Release:        2%{?dist}
 # Automatically converted from old format: GPLv3+ - review is highly recommended.
 License:        GPL-3.0-or-later
 URL:            https://github.com/jirka-h/haveged
 Source0:        https://github.com/jirka-h/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-Requires(post):   systemd
+Source1:        haveged-semaphore.te
+Requires(post):   systemd policycoreutils
 Requires(preun):  systemd
-Requires(postun): systemd
+Requires(postun): systemd policycoreutils
 
 BuildRequires:  gcc
 BuildRequires:  make automake coreutils glibc-common systemd-units
+BuildRequires:  checkpolicy selinux-policy-devel
 Enhances:       apache2 gpg2 openssl openvpn php5 smtp_daemon systemd
 
 %description
@@ -49,6 +51,10 @@ Headers and shared object symbolic links for the HAVEGE algorithm
 #make %{?_smp_mflags}
 make
 
+# Build SELinux policy module
+cp %{SOURCE1} .
+make -f /usr/share/selinux/devel/Makefile haveged-semaphore.pp
+
 %check
 make check
 
@@ -72,11 +78,15 @@ install -Dpm 0644 contrib/Fedora/90-haveged.rules %{buildroot}%{_udevrulesdir}/9
 # We don't ship .la files.
 rm -rf %{buildroot}%{_libdir}/libhavege.*a
 
+# Install SELinux policy module
+install -Dpm 0644 haveged-semaphore.pp %{buildroot}%{_datadir}/selinux/packages/haveged-semaphore.pp
+
 mkdir -p %{buildroot}%{_defaultdocdir}/%{name}
 cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot}%{_defaultdocdir}/%{name}
 
 %post
 /sbin/ldconfig
+semodule -i %{_datadir}/selinux/packages/haveged-semaphore.pp 2>/dev/null || :
 %systemd_post %{name}.service %{name}-switch-root.service
 
 %preun
@@ -85,6 +95,9 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot
 %postun
 %systemd_postun_with_restart %{name}.service %{name}-switch-root.service
 /sbin/ldconfig
+if [ $1 -eq 0 ]; then
+    semodule -r haveged-semaphore 2>/dev/null || :
+fi
 
 %files
 %{_mandir}/man8/haveged.8*
@@ -95,6 +108,7 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot
 %{_udevrulesdir}/*-%{name}.rules
 %dir %{_prefix}/%{dracutlibdir}/modules.d/98%{name}
 %{_prefix}/%{dracutlibdir}/modules.d/98%{name}/*
+%{_datadir}/selinux/packages/haveged-semaphore.pp
 
 %files devel
 %{_mandir}/man3/libhavege.3*
@@ -105,6 +119,10 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot
 
 
 %changelog
+* Thu Jun 18 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-2
+- Add SELinux policy module to allow semaphore creation in /dev/shm
+- Add rpminspect.yaml to waive pre-existing annocheck false positive
+
 * Thu Jun 18 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-1
 - Update to 1.9.23
 - Security: use O_EXCL with sem_open to prevent semaphore pre-planting attacks

diff --git a/haveged.spec b/haveged.spec
index 0d2f946..ccfb361 100644
--- a/haveged.spec
+++ b/haveged.spec
@@ -143,35 +143,8 @@ fi
 - Fix semaphore error handling (SEM_FAILED vs NULL)
 - Fix /dev/shm permissions (use 01777 with sticky bit)
 
-* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
-
-* Thu Jul 24 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Fri Jan 17 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Thu Jul 25 2024 Miroslav Suchý <msuchy@redhat.com> - 1.9.18-8
-- convert license to SPDX
-
-* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.18-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+* Mon Jun 16 2025 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.18-1
+- Initial build for EPEL 10
 
 * Sat Apr 09 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.18-1
 - Update to 1.9.18