automatic import of frr

8 files changed, 925 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..d8a4f72 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/frr-10.1.tar.gz
diff --git a/frr-sysusers.conf b/frr-sysusers.conf
new file mode 100644
index 0000000..9632955
--- /dev/null
+++ b/frr-sysusers.conf
@@ -0,0 +1,4 @@
+#Type Name   ID     GECOS                        Home directory  Shell
+g     frrvty -
+u     frr    -      "FRRouting routing suite"    /var/run/frr    /sbin/nologin
+m     frr    frrvty
diff --git a/frr-tmpfiles.conf b/frr-tmpfiles.conf
new file mode 100644
index 0000000..c1613b2
--- /dev/null
+++ b/frr-tmpfiles.conf
@@ -0,0 +1 @@
+d /run/frr 0755 frr frr -
diff --git a/frr.fc b/frr.fc
new file mode 100644
index 0000000..3724f47
--- /dev/null
+++ b/frr.fc
@@ -0,0 +1,29 @@
+/usr/libexec/frr/(.*)?              gen_context(system_u:object_r:frr_exec_t,s0)
+
+/usr/lib/systemd/system/frr.*   gen_context(system_u:object_r:frr_unit_file_t,s0)
+
+/etc/frr(/.*)?                  gen_context(system_u:object_r:frr_conf_t,s0)
+
+/var/log/frr(/.*)?              gen_context(system_u:object_r:frr_log_t,s0)
+/var/tmp/frr(/.*)?              gen_context(system_u:object_r:frr_tmp_t,s0)
+
+/run/lock/subsys/bfdd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/bgpd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/eigrpd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/fabricd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/isisd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/nhrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ospf6d     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ospfd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pbrd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pimd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ripd       --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/ripngd     --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/staticd    --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/zebra      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/vrrpd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+/run/lock/subsys/pathd      --  gen_context(system_u:object_r:frr_lock_t,s0)
+
+/run/frr(/.*)?              gen_context(system_u:object_r:frr_var_run_t,s0)
+
+/usr/bin/vtysh              --  gen_context(system_u:object_r:frr_exec_t,s0)
diff --git a/frr.if b/frr.if
new file mode 100644
index 0000000..b68899a
--- /dev/null
+++ b/frr.if
@@ -0,0 +1,214 @@
+## <summary>policy for frr</summary>
+
+########################################
+## <summary>
+##	Execute frr_exec_t in the frr domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`frr_domtrans',`
+	gen_require(`
+		type frr_t, frr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, frr_exec_t, frr_t)
+')
+
+######################################
+## <summary>
+##	Execute frr in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`frr_exec',`
+	gen_require(`
+		type frr_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, frr_exec_t)
+')
+
+########################################
+## <summary>
+##	Read frr's log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`frr_read_log',`
+	gen_require(`
+		type frr_log_t;
+	')
+
+	read_files_pattern($1, frr_log_t, frr_log_t)
+	optional_policy(`
+		logging_search_logs($1)
+	')
+')
+
+########################################
+## <summary>
+##	Append to frr log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`frr_append_log',`
+	gen_require(`
+		type frr_log_t;
+	')
+
+	append_files_pattern($1, frr_log_t, frr_log_t)
+	optional_policy(`
+		logging_search_logs($1)
+	')
+')
+
+########################################
+## <summary>
+##	Manage frr log files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`frr_manage_log',`
+	gen_require(`
+		type frr_log_t;
+	')
+
+	manage_dirs_pattern($1, frr_log_t, frr_log_t)
+	manage_files_pattern($1, frr_log_t, frr_log_t)
+	manage_lnk_files_pattern($1, frr_log_t, frr_log_t)
+	optional_policy(`
+		logging_search_logs($1)
+	')
+')
+
+########################################
+## <summary>
+##	Read frr PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`frr_read_pid_files',`
+	gen_require(`
+		type frr_var_run_t;
+	')
+
+	files_search_pids($1)
+	read_files_pattern($1, frr_var_run_t, frr_var_run_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an frr environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`frr_admin',`
+	gen_require(`
+		type frr_t;
+		type frr_log_t;
+		type frr_var_run_t;
+	')
+
+	allow $1 frr_t:process { signal_perms };
+	ps_process_pattern($1, frr_t)
+
+	tunable_policy(`deny_ptrace',`',`
+		allow $1 frr_t:process ptrace;
+	')
+
+	admin_pattern($1, frr_log_t)
+
+	files_search_pids($1)
+	admin_pattern($1, frr_var_run_t)
+	optional_policy(`
+		logging_search_logs($1)
+	')
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')
+
+########################################
+#
+# Interface compatibility blocks
+#
+# The following definitions ensure compatibility with distribution policy
+# versions that do not contain given interfaces (epel, or older Fedora
+# releases).
+# Each block tests for existence of given interface and defines it if needed.
+#
+
+######################################
+## <summary>
+##	Watch ifconfig_var_run_t directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ifndef(`sysnet_watch_ifconfig_run_dirs',`
+	interface(`sysnet_watch_ifconfig_run_dirs',`
+		gen_require(`
+			type ifconfig_var_run_t;
+		')
+
+		watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+	')
+')
+
+########################################
+## <summary>
+##	Read ifconfig_var_run_t files and link files
+## </summary>
+## <param name="domain">
+##	<summary>
+##      Domain allowed access.
+##	</summary>
+## </param>
+#
+ifndef(`sysnet_read_ifconfig_run_files',`
+	interface(`sysnet_read_ifconfig_run_files',`
+		gen_require(`
+			type ifconfig_var_run_t;
+		')
+
+		list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+		read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+		read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+	')
+')
diff --git a/frr.spec b/frr.spec
new file mode 100644
index 0000000..afc93ac
--- /dev/null
+++ b/frr.spec
@@ -0,0 +1,550 @@
+%global frr_libdir %{_libexecdir}/frr
+
+%global _hardened_build 1
+%global selinuxtype targeted
+%define _legacy_common_support 1
+
+%bcond grpc 0
+%bcond selinux 0
+
+Name:           frr
+Version:        10.1
+Release:        1%{?dist}
+Summary:        Routing daemon
+License:        GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later  OR ISC) AND MIT
+URL:            http://www.frrouting.org
+Source0:        https://github.com/FRRouting/frr/archive/refs/tags/%{name}-%{version}.tar.gz
+Source1:        %{name}-tmpfiles.conf
+Source2:        %{name}-sysusers.conf
+#Decentralized SELinux policy
+Source3:        frr.fc
+Source4:        frr.te
+Source5:        frr.if
+
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  bison >= 2.7
+BuildRequires:  c-ares-devel
+BuildRequires:  flex
+BuildRequires:  gcc
+BuildRequires:  gcc-c++
+BuildRequires:  git-core
+BuildRequires:  groff
+%if %{with grpc}
+BuildRequires:  grpc-devel
+BuildRequires:  grpc-plugins
+%endif
+BuildRequires:  json-c-devel
+BuildRequires:  libcap-devel
+BuildRequires:  libtool
+BuildRequires:  libyang-devel >= 2.0.0
+BuildRequires:  make
+BuildRequires:  ncurses
+BuildRequires:  ncurses-devel
+BuildRequires:  net-snmp-devel
+BuildRequires:  pam-devel
+BuildRequires:  patch
+BuildRequires:  perl-XML-LibXML
+BuildRequires:  perl-generators
+BuildRequires:  python3-devel
+BuildRequires:  python3-pytest
+BuildRequires:  python3-sphinx
+BuildRequires:  readline-devel
+BuildRequires:  systemd-devel
+BuildRequires:  systemd
+BuildRequires:  texinfo
+BuildRequires:  protobuf-c-devel
+BuildRequires:  librtr-devel
+
+Requires:       ncurses
+Requires:       net-snmp
+Requires(post): hostname
+%{?sysusers_requires_compat}
+Requires(post): systemd
+Requires(postun): systemd
+Requires(preun): systemd
+
+%if 0%{?with_selinux}
+Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
+%endif
+
+Obsoletes:      quagga < 1.2.4-17
+Provides:       routingdaemon = %{version}-%{release}
+
+%description
+FRRouting is free software that manages TCP/IP based routing protocols. It takes
+a multi-server and multi-threaded approach to resolve the current complexity
+of the Internet.
+
+FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,
+EIGRP and BFD.
+
+FRRouting is a fork of Quagga.
+
+%if 0%{?with_selinux}
+%package selinux
+Summary:  Selinux policy for FRR
+BuildArch:  noarch
+Requires:  selinux-policy-%{selinuxtype}
+Requires(post):  selinux-policy-%{selinuxtype}
+BuildRequires:  selinux-policy-devel
+%{?selinux_requires}
+
+%description selinux
+SELinux policy modules for FRR package
+
+%endif
+
+%prep
+%autosetup -S git
+#Selinux
+mkdir selinux
+cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} selinux
+# C++14 or later needed for abseil-cpp 20230125; string_view needs C++17:
+sed -r -i 's/(AX_CXX_COMPILE_STDCXX\(\[)11(\])/\117\2/' configure.ac
+
+%build
+autoreconf -ivf
+
+%configure \
+    --sbindir=%{frr_libdir} \
+    --sysconfdir=%{_sysconfdir}/frr \
+    --libdir=%{_libdir}/frr \
+    --libexecdir=%{_libexecdir}/frr \
+    --localstatedir=/run/frr \
+    --enable-multipath=64 \
+    --enable-vtysh=yes \
+    --disable-ospfclient \
+    --disable-ospfapi \
+    --enable-snmp=agentx \
+    --enable-user=frr \
+    --enable-group=frr \
+    --enable-vty-group=frrvty \
+    --enable-rtadv \
+    --disable-exampledir \
+    --enable-systemd=yes \
+    --enable-static=no \
+    --with-moduledir=%{_libdir}/frr/modules \
+    --with-yangmodelsdir=%{_datadir}/frr-yang/ \
+    --with-crypto=openssl \
+    --enable-fpm \
+    --enable-rpki \
+    %{?with_grpc:--enable-grpc}
+
+%make_build MAKEINFO="makeinfo --no-split" PYTHON=%{__python3}
+
+# Build info documentation
+%make_build -C doc info
+
+#SELinux policy
+%if 0%{?with_selinux}
+make -C selinux -f %{_datadir}/selinux/devel/Makefile %{name}.pp
+bzip2 -9 selinux/%{name}.pp
+%endif
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/{frr,rc.d/init.d,sysconfig,logrotate.d,pam.d,default} \
+         %{buildroot}%{_localstatedir}/log/frr %{buildroot}%{_infodir} \
+         %{buildroot}%{_unitdir}
+
+mkdir -p -m 0755 %{buildroot}%{_libdir}/frr
+mkdir -p %{buildroot}%{_tmpfilesdir}
+mkdir -p %{buildroot}%{_sysusersdir}
+
+%make_install
+
+# Remove this file, as it is uninstalled and causes errors when building on RH9
+rm -rf %{buildroot}%{_infodir}/dir
+
+install -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+install -p -m 644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}.conf
+install -p -m 644 tools/etc/frr/daemons %{buildroot}%{_sysconfdir}/frr/daemons
+install -p -m 644 tools/frr.service %{buildroot}%{_unitdir}/frr.service
+install -p -m 755 tools/frrinit.sh %{buildroot}%{frr_libdir}/frr
+install -p -m 755 tools/frrcommon.sh %{buildroot}%{frr_libdir}/frrcommon.sh
+install -p -m 755 tools/watchfrr.sh %{buildroot}%{frr_libdir}/watchfrr.sh
+
+install -p -m 644 redhat/frr.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/frr
+install -p -m 644 redhat/frr.pam %{buildroot}%{_sysconfdir}/pam.d/frr
+install -d -m 775 %{buildroot}/run/frr
+
+%if 0%{?with_selinux}
+install -D -m 644 selinux/%{name}.pp.bz2 \
+  %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+install -D -m 644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if
+%endif
+
+# Delete libtool archives
+find %{buildroot} -type f -name "*.la" -delete -print
+
+#Upstream does not maintain a stable API, these headers from -devel subpackage are no longer needed
+rm %{buildroot}%{_libdir}/frr/*.so
+rm -r %{buildroot}%{_includedir}/frr/
+
+%pre
+%sysusers_create_package %{name} %{SOURCE2}
+
+%post
+%systemd_post frr.service
+
+# Create dummy files if they don't exist so basic functions can be used.
+if [ ! -e %{_sysconfdir}/frr/frr.conf ]; then
+    echo "hostname `hostname`" > %{_sysconfdir}/frr/frr.conf
+    chown frr:frr %{_sysconfdir}/frr/frr.conf
+    chmod 640 %{_sysconfdir}/frr/frr.conf
+fi
+
+#still used by vtysh, this way no error is produced when using vtysh
+if [ ! -e %{_sysconfdir}/frr/vtysh.conf ]; then
+    touch %{_sysconfdir}/frr/vtysh.conf
+    chmod 640 %{_sysconfdir}/frr/vtysh.conf
+    chown frr:frrvty %{_sysconfdir}/frr/vtysh.conf
+fi
+
+%postun
+%systemd_postun_with_restart frr.service
+
+%preun
+%systemd_preun frr.service
+
+#SELinux
+%if 0%{?with_selinux}
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+%selinux_relabel_post -s %{selinuxtype}
+#/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
+if [ $1 == 2 ]; then
+    %{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
+    %{_sbindir}/restorecon -R /run/frr &> /dev/null
+fi
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall -s %{selinuxtype} %{name}
+    %selinux_relabel_post -s %{selinuxtype}
+fi
+
+%endif
+
+%check
+#this should be temporary, the grpc test is just badly designed
+rm tests/lib/*grpc*
+%make_build check PYTHON=%{__python3}
+
+%files
+%license COPYING
+%doc doc/mpls
+%dir %attr(750,frr,frr) %{_sysconfdir}/frr
+%dir %attr(755,frr,frr) %{_localstatedir}/log/frr
+%dir %attr(755,frr,frr) /run/frr
+%{_infodir}/*info*
+%{_mandir}/man1/frr.1*
+%{_mandir}/man1/vtysh.1*
+%{_mandir}/man8/frr-*.8*
+%{_mandir}/man8/mtracebis.8*
+%dir %{frr_libdir}/
+%{frr_libdir}/*
+%{_bindir}/mtracebis
+%{_bindir}/vtysh
+%dir %{_libdir}/frr
+%{_libdir}/frr/*.so.*
+%dir %{_libdir}/frr/modules
+%{_libdir}/frr/modules/*
+%config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/frr
+%config(noreplace) %attr(644,frr,frr) %{_sysconfdir}/frr/daemons
+%config(noreplace) %{_sysconfdir}/pam.d/frr
+%{_unitdir}/*.service
+%dir %{_datadir}/frr-yang
+%{_datadir}/frr-yang/*.yang
+%{_tmpfilesdir}/%{name}.conf
+%{_sysusersdir}/%{name}.conf
+
+%if 0%{?with_selinux}
+%files selinux
+%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.*
+%{_datadir}/selinux/devel/include/distributed/%{name}.if
+%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
+%endif
+
+%changelog
+* Mon Aug 12 2024 Michal Ruprich <mruprich@redhat.com> - 10.1-1
+- New version 10.1
+
+* Wed Jul 31 2024 Michal Ruprich <mruprich@redhat.com> - 10.0.1-1
+- New version 10.0.1
+
+* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Wed Apr 17 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-4
+- Moving yang modules to frr specific dir to avoid conflicts
+- Adding rpminspect.yaml
+
+* Sat Feb 24 2024 Paul Wouters <paul.wouters@aiven.io> - 9.1-3
+- Rebuild for libre2.so.11 bump
+
+* Sun Feb 04 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 9.1-2
+- Rebuilt for abseil-cpp-20240116.0
+
+* Thu Jan 25 2024 Michal Ruprich <mruprich@redhat.com> - 9.1-1
+- New version 9.1
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Oct 16 2023 Michal Ruprich <mruprich@redhat.com> - 9.0.1-1
+- New version 9.0.1
+
+* Fri Sep 01 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-4
+- Adding a couple of SELinux rules, includes fix for rhbz#2149299
+
+* Wed Aug 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.5.2-3
+- Rebuilt for abseil-cpp 20230802.0
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.5.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jun 30 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-1
+- New version 8.5.2
+- Fixing some rpmlint warnings
+
+* Mon Jun 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-4
+- Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces.
+
+* Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 8.5.1-3
+- Disable grpc in RHEL builds
+
+* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 8.5.1-2
+- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
+
+* Wed Apr 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-1
+- New version 8.5.1
+
+* Wed Apr 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.5-1
+- New version 8.5
+
+* Thu Mar 23 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-5
+- Rebuilding for new abseil-cpp version
+
+* Wed Mar 22 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-4
+- SPDX migration
+
+* Wed Mar 08 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.4.2-3
+- Build as C++17, required by abseil-cpp 20230125
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.4.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jan 12 2023 Michal Ruprich <mruprich@redhat.com> - 8.4.2-1
+- New version 8.4.2
+
+* Fri Nov 25 2022 Michal Ruprich <mruprich@redhat.com> - 8.4.1-1
+- New version 8.4.1
+- Fix for rhbz #2140705
+
+* Thu Nov 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.4-1
+- New version 8.4
+
+* Fri Sep 16 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-5
+- Adding SELinux rule to enable zebra to write to sysctl_net_t
+- Adding SELinux rule to enable bgpd to call name_connect to bgp_port_t
+
+* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
+- Fixing an error in post scriptlet
+
+* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
+- Resolves: #2124254 - frr can no longer update routes
+
+* Wed Sep 07 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2
+- Resolves: #2124253 - SELinux is preventing zebra from setattr access on the directory frr
+- Better handling FRR files during upgrade
+
+* Tue Sep 06 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-1
+- New version 8.3.1
+
+* Mon Aug 22 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-10
+- Rebuilding for new abseil-cpp and grpc updates
+
+* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-9
+- Adding vrrpd and pathd as daemons to the policy
+
+* Wed Aug 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-8
+- Finalizing SELinux policy
+
+* Tue Aug 02 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-7
+- Fixing wrong path for vtysh in frr.fc
+
+* Fri Jul 29 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 8.2.2-6
+- Rebuild with abseil-cpp-20211102.0-4.fc37 (RHBZ#2108658)
+
+* Wed Jul 27 2022 Michal Ruprich - 8.2.2-5
+- Packaging SELinux policy for FRR
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.2.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue May 17 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-3
+- Rebuild for grpc-1.46.1
+
+* Mon Apr 11 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-2
+- Fix for CVE-2022-16126
+
+* Tue Mar 15 2022 Michal Ruprich <mruprich@redhat.com> - 8.2.2-1
+- New version 8.2.2
+
+* Thu Mar 10 2022 Michal Ruprich <mruprich@redhat.com> - 8.2-2
+- Rebuild for abseil-cpp 20211102.0
+
+* Wed Mar 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.2-1
+- New version 8.2 (rhbz#2020439)
+- Resolves: #2011868 - systemctl frr reload does not stop daemons that are not enabled in /etc/frr/daemons
+
+* Tue Feb 01 2022 Michal Ruprich <mruprich@redhat.com> - 8.0.1-11
+- Rebuilding for FTBFS in Rawhide(rhbz#2045399)
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sat Jan 08 2022 Miro Hrončok <mhroncok@redhat.com> - 8.0.1-9
+- Rebuilt for libre2.so.9
+
+* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 8.0.1-8
+- Rebuilt for protobuf 3.19.0
+
+* Mon Oct 25 2021 Adrian Reber <adrian@lisas.de> - 8.0.1-7
+- Rebuilt for protobuf 3.18.1
+
+* Fri Oct 15 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-6
+- Obsoleting quagga so that it may be retired
+
+* Thu Oct 07 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-5
+- Rebuilding for grpc 1.41
+
+* Thu Sep 30 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-4
+- Rebuild for new version of libyang
+
+* Sat Sep 18 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 8.0.1-3
+- Rebuild for grpc 1.40
+
+* Thu Sep 16 2021 Sahana Prasad <sahana@redhat.com> - 8.0.1-2
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Sep 16 2021 Michal Ruprich <mruprich@redhat.com> - 8.0.1-1
+- New version 8.0.1
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 8.0-2
+- Rebuilt with OpenSSL 3.0.0
+
+* Wed Aug 11 2021 Michal Ruprich <mruprich@redhat.com> - 8.0-1
+- New version 8.0
+
+* Wed Aug 04 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 7.5.1-9
+- Rebuild for grpc 1.39
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jul 20 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
+- Resolves: #1983278 - ospfd crashes in route_node_delete with assertion fail
+
+* Sat Jul 10 2021 Björn Esser <besser82@fedoraproject.org> - 7.5.1-6
+- Rebuild for versioned symbols in json-c
+
+* Wed Jul 07 2021 Neal Gompa <ngompa@datto.com> - 7.5.1-5
+- Clean up the spec file for legibility and modern spec standards
+- Remove unneeded info scriptlets
+- Use systemd-sysusers for frr user and frrvty group
+- Use git-core instead of git for applying patches
+- Drop redundant build dependencies
+
+* Wed Jul 07 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-4
+- Rebuild for newer abseil-cpp
+
+* Tue May 11 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 7.5.1-3
+- Rebuild for grpc 1.37
+
+* Fri Apr 23 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-2
+- Fixing permissions on config files in /etc/frr
+- Enabling integrated configuration option for frr
+
+* Fri Mar 12 2021 Michal Ruprich <mruprich@redhat.com> - 7.5.1-1
+- New version 7.5.1
+- Enabling grpc, adding hostname for post scriptlet
+- Moving files to libexec due to selinux issues
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 7.5-4
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Feb 16 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-3
+- Fixing FTBS - icc options are confusing the new gcc
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 01 2021 Michal Ruprich <mruprich@redhat.com> - 7.5-1
+- New version 7.5
+
+* Mon Sep 21 2020 Michal Ruprich <mruprich@redhat.com> - 7.4-1
+- New version 7.4
+
+* Thu Aug 27 2020 Josef Řídký <jridky@redhat.com> - 7.3.1-4
+- Rebuilt for new net-snmp release
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jun 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3.1-1
+- New version 7.3.1
+- Fixes a couple of bugs(#1832259, #1835039, #1830815, #1830808, #1830806, #1830800, #1830798, #1814773)
+
+* Tue May 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-6
+- Removing texi2html, it is not available in Rawhide anymore
+
+* Mon May 18 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-5
+- Rebuild for new version of libyang
+
+* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-4
+- Rebuild (json-c)
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-3
+- Update json-c-0.14 patch with a solution from upstream
+
+* Mon Apr 13 2020 Björn Esser <besser82@fedoraproject.org> - 7.3-2
+- Add support for upcoming json-c 0.14.0
+
+* Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 7.3-1
+- New version 7.3
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 16 2019 Michal Ruprich <mruprich@redhat.com> - 7.2-1
+- New version 7.2
+
+* Tue Nov 12 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-5
+- Rebuilding for new version of libyang
+
+* Mon Oct 07 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-4
+- Adding noreplace to the /etc/frr/daemons file
+
+* Fri Sep 13 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-3
+- New way of finding python version during build
+- Replacing crypto of all routing daemons with openssl
+- Disabling EIGRP crypto because it is broken
+- Disabling crypto in FIPS mode
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jun 25 2019 Michal Ruprich <mruprich@redhat.com> - 7.1-1
+- New version 7.1
+
+* Wed Jun 19 2019 Michal Ruprich <mruprich@redhat.com> - 7.0-2
+- Initial build
diff --git a/frr.te b/frr.te
new file mode 100644
index 0000000..13ed9ac
--- /dev/null
+++ b/frr.te
@@ -0,0 +1,125 @@
+policy_module(frr, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type frr_t;
+type frr_exec_t;
+init_daemon_domain(frr_t, frr_exec_t)
+
+type frr_log_t;
+logging_log_file(frr_log_t)
+
+type frr_tmp_t;
+files_tmp_file(frr_tmp_t)
+
+type frr_lock_t;
+files_lock_file(frr_lock_t)
+
+type frr_conf_t;
+files_config_file(frr_conf_t)
+
+type frr_unit_file_t;
+systemd_unit_file(frr_unit_file_t)
+
+type frr_var_run_t;
+files_pid_file(frr_var_run_t)
+
+########################################
+#
+# frr local policy
+#
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
+allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
+allow frr_t self:packet_socket create_socket_perms;
+allow frr_t self:process { setcap setpgid };
+allow frr_t self:rawip_socket create_socket_perms;
+allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
+allow frr_t self:udp_socket create_socket_perms;
+allow frr_t self:unix_stream_socket connectto;
+
+allow frr_t frr_conf_t:dir list_dir_perms;
+manage_files_pattern(frr_t, frr_conf_t, frr_conf_t)
+read_lnk_files_pattern(frr_t, frr_conf_t, frr_conf_t)
+
+manage_dirs_pattern(frr_t, frr_log_t, frr_log_t)
+manage_files_pattern(frr_t, frr_log_t, frr_log_t)
+manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t)
+logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file })
+
+allow frr_t frr_tmp_t:file map;
+manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t)
+manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t)
+files_tmp_filetrans(frr_t, frr_tmp_t, { file dir })
+
+manage_files_pattern(frr_t, frr_lock_t, frr_lock_t)
+manage_lnk_files_pattern(frr_t, frr_lock_t, frr_lock_t)
+files_lock_filetrans(frr_t, frr_lock_t, { file lnk_file })
+
+manage_dirs_pattern(frr_t, frr_var_run_t, frr_var_run_t)
+manage_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
+manage_lnk_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
+manage_sock_files_pattern(frr_t, frr_var_run_t, frr_var_run_t)
+files_pid_filetrans(frr_t, frr_var_run_t, { dir file lnk_file })
+
+allow frr_t frr_exec_t:dir search_dir_perms;
+can_exec(frr_t, frr_exec_t)
+
+kernel_read_network_state(frr_t)
+kernel_rw_net_sysctls(frr_t)
+kernel_read_system_state(frr_t)
+kernel_request_load_module(frr_t)
+
+auth_use_nsswitch(frr_t)
+
+corecmd_exec_bin(frr_t)
+
+corenet_tcp_bind_appswitch_emp_port(frr_t)
+corenet_udp_bind_bfd_control_port(frr_t)
+corenet_udp_bind_bfd_echo_port(frr_t)
+corenet_udp_bind_bfd_multi_port(frr_t)
+corenet_tcp_bind_bgp_port(frr_t)
+corenet_tcp_connect_bgp_port(frr_t)
+corenet_tcp_bind_cmadmin_port(frr_t)
+corenet_udp_bind_cmadmin_port(frr_t)
+corenet_tcp_bind_firepower_port(frr_t)
+corenet_tcp_bind_generic_port(frr_t)
+corenet_tcp_bind_priority_e_com_port(frr_t)
+corenet_udp_bind_router_port(frr_t)
+corenet_tcp_bind_qpasa_agent_port(frr_t)
+corenet_tcp_bind_smntubootstrap_port(frr_t)
+corenet_tcp_bind_versa_tek_port(frr_t)
+corenet_tcp_bind_zebra_port(frr_t)
+
+domain_use_interactive_fds(frr_t)
+
+fs_read_nsfs_files(frr_t)
+
+sysnet_exec_ifconfig(frr_t)
+sysnet_read_ifconfig_run_files(frr_t)
+sysnet_watch_ifconfig_run_dirs(frr_t)
+
+ipsec_domtrans_mgmt(frr_t)
+
+userdom_read_admin_home_files(frr_t)
+
+optional_policy(`
+	logging_send_syslog_msg(frr_t)
+')
+
+optional_policy(`
+	modutils_exec_kmod(frr_t)
+	modutils_getattr_module_deps(frr_t)
+	modutils_read_module_config(frr_t)
+	modutils_read_module_deps_files(frr_t)
+')
+
+optional_policy(`
+	networkmanager_read_state(frr_t)
+')
+
+optional_policy(`
+	userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr")
+')
diff --git a/sources b/sources
new file mode 100644
index 0000000..5988aaf
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+6467984e7621f8b8604004839bf9a728  frr-10.1.tar.gz