[rpms/haveged] epel8: Update to 1.9.24 — disable command mode in long-running service

[Jirka Hladky <jhladky@redhat.com>]

            A new commit has been pushed.

            Repo   : rpms/haveged
            Branch : epel8
            Commit : 994172bf4c8e97ca4f5eb945b5082e6e0295aad0
            Author : Jirka Hladky <jhladky@redhat.com>
            Date   : 2026-06-19T16:24:32+02:00
            Stats  : +25/-30 in 4 file(s)
            URL    : https://src.fedoraproject.org/rpms/haveged/c/994172bf4c8e97ca4f5eb945b5082e6e0295aad0?branch=epel8

            Log:
            Update to 1.9.24 — disable command mode in long-running service

- New upstream --no-command flag disables command socket and semaphore
- Remove SELinux policy module (no longer needed)
- Remove policycoreutils dependency
- Enables PrivateNetwork=true in systemd service

---
diff --git a/.gitignore b/.gitignore
index e768c53..9846512 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,18 @@
 /haveged-1.2.tar.gz
 /haveged-1.3.tar.gz
 /haveged-1.4.tar.gz
+/haveged.service
 /haveged-1.5.tar.gz
 /haveged-1.7.tar.gz
 /haveged-1.8.tar.gz
 /haveged-1.9.1.tar.gz
+/haveged.spec
 /haveged-1.9.6.tar.gz
+/haveged-1.9.7-alpha.tar.gz
+/haveged-1.9.7.tar.gz
+/haveged-1.9.8a.tar.gz
+/haveged-1.9.8b.tar.gz
+/haveged-1.9.8c.tar.gz
 /haveged-1.9.8.tar.gz
 /haveged-1.9.9.tar.gz
 /haveged-v1.9.10.tar.gz
@@ -14,4 +21,11 @@
 /haveged-1.9.12.tar.gz
 /haveged-1.9.13.tar.gz
 /haveged-1.9.14.tar.gz
+/haveged-1.9.15.tar.gz
+/haveged-1.9.16.tar.gz
+/haveged-1.9.17.tar.gz
+/haveged-1.9.18.tar.gz
+/haveged-1.9.21.tar.gz
+/haveged-1.9.22.tar.gz
 /haveged-1.9.23.tar.gz
+/haveged-1.9.24.tar.gz

diff --git a/haveged-semaphore.te b/haveged-semaphore.te
deleted file mode 100644
index c4233c3..0000000
--- a/haveged-semaphore.te
+++ /dev/null
@@ -1,11 +0,0 @@
-module haveged-semaphore 1.0;
-
-require {
-    type entropyd_t;
-    type tmpfs_t;
-    class file { create open read write getattr setattr unlink link rename lock map };
-    class dir { write add_name remove_name search getattr };
-}
-
-allow entropyd_t tmpfs_t:file { create open read write getattr setattr unlink link rename lock map };
-allow entropyd_t tmpfs_t:dir { write add_name remove_name search getattr };

diff --git a/haveged.spec b/haveged.spec
index c0d7dd3..1766e17 100644
--- a/haveged.spec
+++ b/haveged.spec
@@ -1,20 +1,18 @@
 %define dracutlibdir lib/dracut
 Summary:        A Linux entropy source using the HAVEGE algorithm
 Name:           haveged
-Version:        1.9.23
-Release:        3%{?dist}
+Version:        1.9.24
+Release:        1%{?dist}
 License:        GPLv3+
 URL:            https://github.com/jirka-h/haveged
 Source0:        https://github.com/jirka-h/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-Source1:        haveged-semaphore.te
-Requires(post):   systemd policycoreutils
+Requires(post):   systemd
 Requires(preun):  systemd
-Requires(postun): systemd policycoreutils
+Requires(postun): systemd
 
 BuildRequires:  gcc
 BuildRequires:  automake coreutils glibc-common systemd-units
 BuildRequires:  make
-BuildRequires:  checkpolicy selinux-policy-devel
 Enhances:       apache2 gpg2 openssl openvpn php5 smtp_daemon systemd
 
 %description
@@ -51,10 +49,6 @@ Headers and shared object symbolic links for the HAVEGE algorithm
 #make %{?_smp_mflags}
 make
 
-# Build SELinux policy module
-cp %{SOURCE1} .
-make -f /usr/share/selinux/devel/Makefile haveged-semaphore.pp
-
 %check
 make check
 
@@ -79,15 +73,11 @@ install -Dpm 0644 contrib/Fedora/90-haveged.rules %{buildroot}%{_udevrulesdir}/9
 # We don't ship .la files.
 rm -rf %{buildroot}%{_libdir}/libhavege.*a
 
-# Install SELinux policy module
-install -Dpm 0644 haveged-semaphore.pp %{buildroot}%{_datadir}/selinux/packages/haveged-semaphore.pp
-
 mkdir -p %{buildroot}%{_defaultdocdir}/%{name}
 cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot}%{_defaultdocdir}/%{name}
 
 %post
 /sbin/ldconfig
-semodule -i %{_datadir}/selinux/packages/haveged-semaphore.pp 2>/dev/null || :
 %systemd_post %{name}.service %{name}-switch-root.service
 
 %preun
@@ -96,9 +86,6 @@ semodule -i %{_datadir}/selinux/packages/haveged-semaphore.pp 2>/dev/null || :
 %postun
 %systemd_postun_with_restart %{name}.service %{name}-switch-root.service
 /sbin/ldconfig
-if [ $1 -eq 0 ]; then
-    semodule -r haveged-semaphore 2>/dev/null || :
-fi
 
 %files
 %{_mandir}/man8/haveged.8*
@@ -109,7 +96,6 @@ fi
 %{_udevrulesdir}/*-%{name}.rules
 %dir %{_prefix}/%{dracutlibdir}/modules.d/98%{name}
 %{_prefix}/%{dracutlibdir}/modules.d/98%{name}/*
-%{_datadir}/selinux/packages/haveged-semaphore.pp
 
 %files devel
 %{_mandir}/man3/libhavege.3*
@@ -120,6 +106,12 @@ fi
 
 
 %changelog
+* Fri Jun 19 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.24-1
+- Update to 1.9.24
+- Disable command mode in long-running service (--no-command flag)
+- Enable PrivateNetwork=true in systemd service
+- Remove SELinux policy module (no longer needed without command mode)
+
 * Fri Jun 19 2026 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.23-3
 - Fix rpminspect.yaml: use annocheck failure_severity instead of inspections toggle
   (annocheck is a security inspection and cannot be disabled via inspections section)

diff --git a/sources b/sources
index 8d59ebd..1f74352 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (haveged-1.9.23.tar.gz) = 69fe3e024ac213d2cbbbc36e716cc0822929e0a18aabb0802e2cc9818381073fef034b247c3e2b458b6ca3d9bc4c01b86b1954dff2767752ea2b0551958efb61
+SHA512 (haveged-1.9.24.tar.gz) = d79b361658b726aa8c78ed3d82fe95758d96b19edd1970dd0f7b18ead264d84a42dcbefb94c40d00358a05b1194d7e19b41ad910a5b66e1be29656bb17910a1b