Merge branch '1.0' into thcrain/ever-given
This commit is contained in:
commit
eae5b4006f
|
@ -18,6 +18,10 @@ version_release_matching_groups = [
|
|||
"SPECS-SIGNED/grub2-efi-binary-signed-x64/grub2-efi-binary-signed-x64.spec",
|
||||
"SPECS-SIGNED/grub2-efi-binary-signed-aarch64/grub2-efi-binary-signed-aarch64.spec",
|
||||
"SPECS/grub2/grub2.spec"
|
||||
]),
|
||||
frozenset([
|
||||
"SPECS/ca-certificates/ca-certificates.spec",
|
||||
"SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec"
|
||||
])
|
||||
]
|
||||
|
||||
|
|
|
@ -0,0 +1,94 @@
|
|||
# Copyright (c) Microsoft Corporation.
|
||||
# Licensed under the MIT License.
|
||||
#
|
||||
# Workflow to automatedly verify the quickstart instructions
|
||||
|
||||
name: Verify Quickstart 1.0
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: "0 15 * * *"
|
||||
|
||||
jobs:
|
||||
get_input-srpms:
|
||||
runs-on: ubuntu-18.04
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2.3.2
|
||||
with:
|
||||
ref: '1.0-stable'
|
||||
|
||||
- name: Set up Go 1.13
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.13
|
||||
id: go
|
||||
|
||||
- name: Install Remaining Prerequisites
|
||||
run: |
|
||||
# Golang and docker are already installed on the agent
|
||||
sudo apt-get update
|
||||
sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
|
||||
|
||||
- name: Download SRPMS
|
||||
run: |
|
||||
pushd toolkit
|
||||
sudo make go-tools REBUILD_TOOLS=y
|
||||
sudo make input-srpms DOWNLOAD_SRPMS=y
|
||||
popd
|
||||
|
||||
iso_quickstart:
|
||||
runs-on: ubuntu-18.04
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2.3.2
|
||||
with:
|
||||
ref: '1.0-stable'
|
||||
|
||||
- name: Set up Go 1.13
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.13
|
||||
id: go
|
||||
|
||||
- name: Install Remaining Prerequisites
|
||||
run: |
|
||||
# Golang and docker are already installed on the agent
|
||||
sudo apt-get update
|
||||
sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
|
||||
|
||||
- name: ISO Quick Start
|
||||
run: |
|
||||
pushd toolkit
|
||||
sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n
|
||||
popd
|
||||
|
||||
vhdx_quickstart:
|
||||
runs-on: ubuntu-18.04
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2.3.2
|
||||
with:
|
||||
ref: '1.0-stable'
|
||||
|
||||
- name: Set up Go 1.13
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.13
|
||||
id: go
|
||||
|
||||
- name: Install Remaining Prerequisites
|
||||
run: |
|
||||
# Golang and docker are already installed on the agent
|
||||
sudo apt-get update
|
||||
sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
|
||||
|
||||
- name: VHDX Quick Start
|
||||
run: |
|
||||
pushd toolkit
|
||||
sudo make image REBUILD_TOOLS=y REBUILD_PACKAGES=n
|
||||
popd
|
|
@ -0,0 +1,18 @@
|
|||
name: Trigger release build after the release PR is merged.
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [ 1.0 ]
|
||||
types: [ closed ]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ (github.event_name == 'pull_request') && (github.event.pull_request.merged == 'true') && startsWith(github.event.pull_request.title, 'Automated Mariner Release') }}
|
||||
steps:
|
||||
- name: Azure Pipelines Action
|
||||
uses: Azure/pipelines@v1
|
||||
with:
|
||||
azure-devops-project-url: 'https://dev.azure.com/mariner-org/mariner'
|
||||
azure-pipeline-name: 'AutoRelease2-PushTagAndBuild'
|
||||
azure-devops-token: '${{ secrets.MARINER_BOT_BUILDER_PAT }}'
|
|
@ -22,24 +22,28 @@ ignore_list=" \
|
|||
moby-buildx \
|
||||
moby-containerd \
|
||||
openjdk8 \
|
||||
python-markupsafe \
|
||||
python-nocasedict \
|
||||
python-pywbem \
|
||||
python-repoze-lru \
|
||||
python-requests \
|
||||
python-sphinxcontrib-websupport \
|
||||
python-yamlloader \
|
||||
python-zope-interface \
|
||||
qt5-rpm-macros \
|
||||
runc \
|
||||
grub2-efi-binary-signed-aarch64 \
|
||||
grub2-efi-binary-signed-x64 \
|
||||
kernel-signed-aarch64 \
|
||||
kernel-signed-x64"
|
||||
kernel-signed-x64 \
|
||||
verity-read-only-root"
|
||||
|
||||
rm -f bad_registrations.txt
|
||||
rm -rf ./cgmanifest_test_dir/
|
||||
|
||||
[[ -n "$@" ]] || echo "No specs passed to validate"
|
||||
[[ $# -eq 0 ]] && echo "No specs passed to validate"
|
||||
|
||||
for spec in $@
|
||||
for spec in "$@"
|
||||
do
|
||||
echo Checking "$spec"
|
||||
|
||||
|
@ -62,11 +66,11 @@ do
|
|||
version=$(rpmspec --srpm --define "with_check 0" --qf "%{VERSION}" -q $spec 2>/dev/null )
|
||||
|
||||
# Some source files have been renamed, look for a comment and also try that (while manually substituting the name/version)
|
||||
source0alt=$(grep "^#[[:blank:]]*Source0:" $spec | awk '{print $NF}' | sed "s/%{name}/$name/g" | sed "s/%{version}/$version/g" )
|
||||
source0alt=$(grep "^#[[:blank:]]*Source0:" $spec | awk '{print $NF}' | sed "s/%\?%{name}/$name/g" | sed "s/%\?%{version}/$version/g" )
|
||||
# Some packages define a %url as well
|
||||
# Use ' ' as delimiter to avoid conflict with URL characters
|
||||
specurl=$(rpmspec --srpm --define "with_check 0" --qf "%{URL}" -q $spec 2>/dev/null )
|
||||
[[ -z specurl ]] || source0alt=$(echo $source0alt | sed "s %{url} $specurl g" )
|
||||
[[ -z $specurl ]] || source0alt=$(echo $source0alt | sed "s %\?%{url} $specurl g" )
|
||||
|
||||
# Pull the current registration from the cgmanifest file. Every registration should have a url, so if we don't find one
|
||||
# that implies the registration is missing.
|
||||
|
@ -84,7 +88,7 @@ do
|
|||
else
|
||||
# Try a few times to download the source listed in the manifest
|
||||
mkdir -p ./cgmanifest_test_dir
|
||||
for i in {1..10}
|
||||
for _ in {1..10}
|
||||
do
|
||||
wget --quiet -P ./cgmanifest_test_dir $manifesturl && touch ./cgmanifest_test_dir/WORKED && break
|
||||
sleep 30
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
# CBL-Mariner
|
||||
|
||||
| Release Branch | Status |
|
||||
| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 1.0 | [![1.0 Status](https://github.com/microsoft/CBL-Mariner/workflows/Verify%20Quickstart%201.0/badge.svg)](https://github.com/microsoft/CBL-Mariner/actions?query=workflow%3A%22Verify+Quickstart+1.0%22) |
|
||||
|
||||
CBL-Mariner is an internal Linux distribution for Microsoft’s cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and will enhance Microsoft’s ability to stay current on Linux updates. This initiative is part of Microsoft’s increasing investment in a wide range of Linux technologies, such as [SONiC](https://azure.microsoft.com/en-us/blog/sonic-the-networking-switch-software-that-powers-the-microsoft-global-cloud/), [Azure Sphere OS](https://docs.microsoft.com/en-us/azure-sphere/product-overview/what-is-azure-sphere) and [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/about). CBL-Mariner is being shared publicly as part of Microsoft’s commitment to Open Source and to contribute back to the Linux community. CBL-Mariner does not change our approach or commitment to any existing third-party Linux distribution offerings.
|
||||
|
||||
CBL-Mariner has been engineered with the notion that a small common core set of packages can address the universal needs of first party cloud and edge services while allowing individual teams to layer additional packages on top of the common core to produce images for their workloads. This is made possible by a simple build system that enables:
|
||||
|
|
|
@ -2,12 +2,11 @@
|
|||
Summary: Signed GRand Unified Bootloader for aarch64 systems
|
||||
Name: grub2-efi-binary-signed-aarch64
|
||||
Version: 2.02
|
||||
Release: 24%{?dist}
|
||||
URL: https://www.gnu.org/software/grub
|
||||
Release: 26%{?dist}
|
||||
License: GPLv3+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
URL: https://www.gnu.org/software/grub
|
||||
# This package's "version" and "release" must reflect the unsigned version that
|
||||
# was signed.
|
||||
# An important consequence is that when making a change to this package, the
|
||||
|
@ -22,10 +21,8 @@ Distribution: Mariner
|
|||
# 4. Build this spec
|
||||
Source0: grub2-efi-unsigned-%{version}-%{release}.aarch64.rpm
|
||||
Source1: grubaa64.efi
|
||||
|
||||
ExclusiveArch: aarch64
|
||||
|
||||
Conflicts: grub2-efi-binary
|
||||
ExclusiveArch: aarch64
|
||||
|
||||
%description
|
||||
This package contains the GRUB EFI image signed for secure boot. The package is
|
||||
|
@ -43,5 +40,11 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/grubaa64.efi
|
|||
/boot/efi/EFI/BOOT/grubaa64.efi
|
||||
|
||||
%changelog
|
||||
* Wed Dec 23 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.02-26
|
||||
- Updating release to be aligned with the unsigned bits.
|
||||
|
||||
* Tue Nov 03 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.02-25
|
||||
- Updating release to be aligned with the unsigned bits.
|
||||
|
||||
* Thu Aug 13 2020 Chris Co <chrco@microsoft.com> 2.02-24
|
||||
- Original version for CBL-Mariner.
|
|
@ -2,12 +2,11 @@
|
|||
Summary: Signed GRand Unified Bootloader for x86_64 systems
|
||||
Name: grub2-efi-binary-signed-x64
|
||||
Version: 2.02
|
||||
Release: 24%{?dist}
|
||||
URL: https://www.gnu.org/software/grub
|
||||
Release: 26%{?dist}
|
||||
License: GPLv3+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
URL: https://www.gnu.org/software/grub
|
||||
# This package's "version" and "release" must reflect the unsigned version that
|
||||
# was signed.
|
||||
# An important consequence is that when making a change to this package, the
|
||||
|
@ -22,10 +21,8 @@ Distribution: Mariner
|
|||
# 4. Build this spec
|
||||
Source0: grub2-efi-unsigned-%{version}-%{release}.x86_64.rpm
|
||||
Source1: grubx64.efi
|
||||
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
Conflicts: grub2-efi-binary
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
%description
|
||||
This package contains the GRUB EFI image signed for secure boot. The package is
|
||||
|
@ -43,5 +40,11 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/grubx64.efi
|
|||
/boot/efi/EFI/BOOT/grubx64.efi
|
||||
|
||||
%changelog
|
||||
* Wed Dec 23 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.02-26
|
||||
- Updating release to be aligned with the unsigned bits.
|
||||
|
||||
* Tue Nov 03 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.02-25
|
||||
- Updating release to be aligned with the unsigned bits.
|
||||
|
||||
* Thu Aug 13 2020 Chris Co <chrco@microsoft.com> 2.02-24
|
||||
- Original version for CBL-Mariner.
|
|
@ -1,14 +1,14 @@
|
|||
%global debug_package %{nil}
|
||||
%define uname_r %{version}-%{release}
|
||||
Summary: Signed Linux Kernel for aarch64 systems
|
||||
Name: kernel-signed-aarch64
|
||||
Version: 5.4.51
|
||||
Release: 12%{?dist}
|
||||
Version: 5.4.91
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
Group: System Environment/Kernel
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
Group: System Environment/Kernel
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
# This package's "version" and "release" must reflect the unsigned version that
|
||||
# was signed.
|
||||
# An important consequence is that when making a change to this package, the
|
||||
|
@ -23,18 +23,13 @@ Distribution: Mariner
|
|||
# 4. Build this spec
|
||||
Source0: kernel-%{version}-%{release}.aarch64.rpm
|
||||
Source1: vmlinuz-%{version}-%{release}
|
||||
|
||||
ExclusiveArch: aarch64
|
||||
|
||||
BuildRequires: cpio
|
||||
Requires: filesystem
|
||||
Requires: kmod
|
||||
Requires(post): coreutils
|
||||
Requires(postun): coreutils
|
||||
|
||||
Conflicts: kernel
|
||||
|
||||
%define uname_r %{version}-%{release}
|
||||
ExclusiveArch: aarch64
|
||||
|
||||
%description
|
||||
This package contains the Linux kernel package with kernel signed with the production key
|
||||
|
@ -81,35 +76,96 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
|||
|
||||
%files
|
||||
/boot/*
|
||||
/boot/.vmlinuz-%{uname_r}.hmac
|
||||
/lib/modules/%{uname_r}/*
|
||||
/lib/modules/%{uname_r}/.vmlinuz.hmac
|
||||
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
||||
|
||||
%changelog
|
||||
* Mon Jan 11 2021 Thomas Crain <thcrain@microsoft.com> - 5.4.51-12
|
||||
* Tue Feb 23 2021 Chris Co <chrco@microsoft.com> - 5.4.91-6
|
||||
- Update to match kernel spec 5.4.91-6
|
||||
|
||||
* Tue Feb 16 2021 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.91-5
|
||||
- Update to kernel release 5.4.91-5.
|
||||
|
||||
* Tue Feb 09 2021 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.91-4
|
||||
- Update to kernel release 5.4.91-4
|
||||
|
||||
* Thu Jan 28 2021 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.91-3
|
||||
- Add hmac files for FIPS
|
||||
|
||||
* Wed Jan 27 2021 Daniel McIlvaney <damcilva@microsoft.com> - 5.4.91-2
|
||||
- Update release number to match kernel spec
|
||||
* Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-11
|
||||
- Update release number
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
|
||||
|
||||
* Wed Jan 20 2021 Chris Co <chrco@microsoft.com> - 5.4.91-1
|
||||
- Update source to 5.4.91
|
||||
|
||||
* Tue Jan 12 2021 Rachel Menge <rachelmenge@microsoft.com> - 5.4.83-4
|
||||
- Update release number to match kernel spec
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-9
|
||||
|
||||
* Sat Jan 09 2021 Andrew Phelps <anphel@microsoft.com> - 5.4.83-3
|
||||
- Update to kernel release 5.4.83-3
|
||||
|
||||
* Mon Dec 28 2020 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.83-2
|
||||
- Update to kernel release 5.4.83-2
|
||||
|
||||
* Tue Dec 15 2020 Henry Beberman <henry.beberman@microsoft.com> - 5.4.83-1
|
||||
- Update source to 5.4.83
|
||||
|
||||
* Fri Dec 04 2020 Chris Co <chrco@microsoft.com> - 5.4.81-1
|
||||
- Update source to 5.4.81
|
||||
|
||||
* Wed Nov 25 2020 Chris Co <chrco@microsoft.com> - 5.4.72-5
|
||||
- Update release number to match kernel spec
|
||||
|
||||
* Mon Nov 23 2020 Chris Co <chrco@microsoft.com> - 5.4.72-4
|
||||
- Update release number to match kernel spec
|
||||
|
||||
* Mon Nov 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.72-3
|
||||
- Update release number
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-8
|
||||
|
||||
* Tue Nov 10 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.72-2
|
||||
- Update release number
|
||||
|
||||
* Mon Oct 26 2020 Chris Co <chrco@microsoft.com> - 5.4.72-1
|
||||
- Update source to 5.4.72
|
||||
- Lint spec
|
||||
|
||||
* Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.51-11
|
||||
- Update release number
|
||||
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> - 5.4.51-10
|
||||
- Update release number to match kernel spec
|
||||
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> - 5.4.51-9
|
||||
- Update release number
|
||||
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> - 5.4.51-8
|
||||
- Update postun script to deal with removal in case of another installed kernel.
|
||||
* Fri Sep 25 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-7
|
||||
|
||||
* Fri Sep 25 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.51-7
|
||||
- Update release number
|
||||
* Wed Sep 23 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-6
|
||||
|
||||
* Wed Sep 23 2020 Daniel McIlvaney <damcilva@microsoft.com> - 5.4.51-6
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-5
|
||||
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> - 5.4.51-5
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> 5.4.51-4
|
||||
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> - 5.4.51-4
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> 5.4.51-3
|
||||
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> - 5.4.51-3
|
||||
- Add missing requires
|
||||
* Tue Sep 01 2020 Chris Co <chrco@microsoft.com> 5.4.51-2
|
||||
|
||||
* Tue Sep 01 2020 Chris Co <chrco@microsoft.com> - 5.4.51-2
|
||||
- Update release number
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> 5.4.51-1
|
||||
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> - 5.4.51-1
|
||||
- Update source to 5.4.51
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> 5.4.42-12
|
||||
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> - 5.4.42-12
|
||||
- Update release number
|
||||
* Tue Aug 18 2020 Chris Co <chrco@microsoft.com> 5.4.42-11
|
||||
|
||||
* Tue Aug 18 2020 Chris Co <chrco@microsoft.com> - 5.4.42-11
|
||||
- Original version for CBL-Mariner.
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
%global debug_package %{nil}
|
||||
%define uname_r %{version}-%{release}
|
||||
Summary: Signed Linux Kernel for x86_64 systems
|
||||
Name: kernel-signed-x64
|
||||
Version: 5.4.51
|
||||
Release: 12%{?dist}
|
||||
Version: 5.4.91
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
Group: System Environment/Kernel
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
Group: System Environment/Kernel
|
||||
URL: https://github.com/microsoft/WSL2-Linux-Kernel
|
||||
# This package's "version" and "release" must reflect the unsigned version that
|
||||
# was signed.
|
||||
# An important consequence is that when making a change to this package, the
|
||||
|
@ -23,18 +23,13 @@ Distribution: Mariner
|
|||
# 4. Build this spec
|
||||
Source0: kernel-%{version}-%{release}.x86_64.rpm
|
||||
Source1: vmlinuz-%{version}-%{release}
|
||||
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
BuildRequires: cpio
|
||||
Requires: filesystem
|
||||
Requires: kmod
|
||||
Requires(post): coreutils
|
||||
Requires(postun): coreutils
|
||||
|
||||
Conflicts: kernel
|
||||
|
||||
%define uname_r %{version}-%{release}
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
%description
|
||||
This package contains the Linux kernel package with kernel signed with the production key
|
||||
|
@ -81,35 +76,96 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
|
|||
|
||||
%files
|
||||
/boot/*
|
||||
/boot/.vmlinuz-%{uname_r}.hmac
|
||||
/lib/modules/%{uname_r}/*
|
||||
/lib/modules/%{uname_r}/.vmlinuz.hmac
|
||||
%config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
|
||||
|
||||
%changelog
|
||||
* Mon Jan 11 2021 Thomas Crain <thcrain@microsoft.com> - 5.4.51-12
|
||||
* Tue Feb 23 2021 Chris Co <chrco@microsoft.com> - 5.4.91-6
|
||||
- Update to match kernel spec 5.4.91-6
|
||||
|
||||
* Tue Feb 16 2021 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.91-5
|
||||
- Update to kernel release 5.4.91-5.
|
||||
|
||||
* Tue Feb 09 2021 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.91-4
|
||||
- Update to kernel release 5.4.91-4.
|
||||
|
||||
* Thu Jan 28 2021 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.91-3
|
||||
- Add hmac files for FIPS
|
||||
|
||||
* Wed Jan 27 2021 Daniel McIlvaney <damcilva@microsoft.com> - 5.4.91-2
|
||||
- Update release number to match kernel spec
|
||||
* Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-11
|
||||
- Update release number
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-10
|
||||
|
||||
* Wed Jan 20 2021 Chris Co <chrco@microsoft.com> - 5.4.91-1
|
||||
- Update source to 5.4.91
|
||||
|
||||
* Tue Jan 12 2021 Rachel Menge <rachelmenge@microsoft.com> - 5.4.83-4
|
||||
- Update release number to match kernel spec
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> 5.4.51-9
|
||||
|
||||
* Sat Jan 09 2021 Andrew Phelps <anphel@microsoft.com> - 5.4.83-3
|
||||
- Update to kernel release 5.4.83-3
|
||||
|
||||
* Mon Dec 28 2020 Nicolas Ontiveros <niontive@microsoft.com> - 5.4.83-2
|
||||
- Update to kernel release 5.4.83-2
|
||||
|
||||
* Tue Dec 15 2020 Henry Beberman <henry.beberman@microsoft.com> - 5.4.83-1
|
||||
- Update source to 5.4.83
|
||||
|
||||
* Fri Dec 04 2020 Chris Co <chrco@microsoft.com> - 5.4.81-1
|
||||
- Update source to 5.4.81
|
||||
|
||||
* Wed Nov 25 2020 Chris Co <chrco@microsoft.com> - 5.4.72-5
|
||||
- Update release number to match kernel spec
|
||||
|
||||
* Mon Nov 23 2020 Chris Co <chrco@microsoft.com> - 5.4.72-4
|
||||
- Update release number to match kernel spec
|
||||
|
||||
* Mon Nov 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.72-3
|
||||
- Update release number
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> 5.4.51-8
|
||||
|
||||
* Tue Nov 10 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.72-2
|
||||
- Update release number
|
||||
|
||||
* Mon Oct 26 2020 Chris Co <chrco@microsoft.com> - 5.4.72-1
|
||||
- Update source to 5.4.72
|
||||
- Lint spec
|
||||
|
||||
* Fri Oct 16 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.51-11
|
||||
- Update release number
|
||||
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> - 5.4.51-10
|
||||
- Update release number to match kernel spec
|
||||
|
||||
* Fri Oct 02 2020 Chris Co <chrco@microsoft.com> - 5.4.51-9
|
||||
- Update release number
|
||||
|
||||
* Wed Sep 30 2020 Emre Girgin <mrgirgin@microsoft.com> - 5.4.51-8
|
||||
- Update postun script to deal with removal in case of another installed kernel.
|
||||
* Fri Sep 25 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> 5.4.51-7
|
||||
|
||||
* Fri Sep 25 2020 Suresh Babu Chalamalasetty <schalam@microsoft.com> - 5.4.51-7
|
||||
- Update release number
|
||||
* Wed Sep 23 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-6
|
||||
|
||||
* Wed Sep 23 2020 Daniel McIlvaney <damcilva@microsoft.com> - 5.4.51-6
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> 5.4.51-5
|
||||
|
||||
* Thu Sep 03 2020 Daniel McIlvaney <damcilva@microsoft.com> - 5.4.51-5
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> 5.4.51-4
|
||||
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> - 5.4.51-4
|
||||
- Update release number
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> 5.4.51-3
|
||||
|
||||
* Thu Sep 03 2020 Chris Co <chrco@microsoft.com> - 5.4.51-3
|
||||
- Add missing requires
|
||||
* Tue Sep 01 2020 Chris Co <chrco@microsoft.com> 5.4.51-2
|
||||
|
||||
* Tue Sep 01 2020 Chris Co <chrco@microsoft.com> - 5.4.51-2
|
||||
- Update release number
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> 5.4.51-1
|
||||
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> - 5.4.51-1
|
||||
- Update source to 5.4.51
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> 5.4.42-12
|
||||
|
||||
* Wed Aug 19 2020 Chris Co <chrco@microsoft.com> - 5.4.42-12
|
||||
- Update release number
|
||||
* Tue Aug 18 2020 Chris Co <chrco@microsoft.com> 5.4.42-11
|
||||
|
||||
* Tue Aug 18 2020 Chris Co <chrco@microsoft.com> - 5.4.42-11
|
||||
- Original version for CBL-Mariner.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Mobile broadband modem manager
|
||||
Name: ModemManager
|
||||
Version: 1.10.4
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
@ -10,6 +10,9 @@ URL: https://www.freedesktop.org/wiki/Software/ModemManager/
|
|||
Source0: https://www.freedesktop.org/software/%{name}/%{name}-%{version}.tar.xz
|
||||
BuildRequires: gobject-introspection-devel
|
||||
BuildRequires: libqmi-devel
|
||||
%if %{with_check}
|
||||
BuildRequires: dbus-glib
|
||||
%endif
|
||||
Requires: glib
|
||||
Requires: gobject-introspection
|
||||
Requires: libqmi
|
||||
|
@ -75,6 +78,10 @@ make %{?_smp_mflags} check
|
|||
%{_libdir}/libmm-glib.la
|
||||
|
||||
%changelog
|
||||
* Fri Mar 26 2021 Thomas Crain <thcrain@microsoft.com> - 1.10.4-4
|
||||
- Merge the following releases from 1.0 to dev branch
|
||||
- anphel@microsoft.com, 1.10.4-3: Add dbus BuildRequires to fix check tests.
|
||||
|
||||
* Fri Dec 11 2020 Joe Schmitt <joschmit@microsoft.com> - 1.10.4-3
|
||||
- Provide ModemManager-glib and ModemManager-glib-devel.
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"WALinuxAgent-2.2.38.tar.gz": "05f5246250db1ce748588f7a8bf0ad00d94c29d27837e3ce44db119b9462e7c8"
|
||||
"WALinuxAgent-2.2.52.tar.gz": "46f692edaa93f094eef6c0dc8d95f3ece5a7176e98ac6f3bce741da74946cd28"
|
||||
}
|
||||
}
|
|
@ -1,36 +1,33 @@
|
|||
Name: WALinuxAgent
|
||||
Summary: The Windows Azure Linux Agent
|
||||
Version: 2.2.38
|
||||
Release: 3%{?dist}
|
||||
Name: WALinuxAgent
|
||||
Version: 2.2.52
|
||||
Release: 2%{?dist}
|
||||
License: ASL 2.0
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System/Daemons
|
||||
Url: https://github.com/Azure/WALinuxAgent
|
||||
URL: https://github.com/Azure/WALinuxAgent
|
||||
#Source0: https://github.com/Azure/WALinuxAgent/archive/v%{version}.tar.gz
|
||||
Source0: https://github.com/Azure/WALinuxAgent/archive/%{name}-%{version}.tar.gz
|
||||
Patch0: add-distro.patch
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
BuildRequires: python2
|
||||
BuildRequires: python2-libs
|
||||
BuildRequires: python-distro
|
||||
BuildRequires: python-setuptools
|
||||
BuildRequires: python-xml
|
||||
BuildRequires: python2
|
||||
BuildRequires: python2-libs
|
||||
BuildRequires: systemd
|
||||
BuildRequires: python-distro
|
||||
Requires: python2
|
||||
Requires: python2-libs
|
||||
Requires: python-xml
|
||||
Requires: python-pyasn1
|
||||
Requires: /bin/grep
|
||||
Requires: /bin/sed
|
||||
Requires: iptables
|
||||
Requires: openssh
|
||||
Requires: openssl
|
||||
Requires: util-linux
|
||||
Requires: /bin/sed
|
||||
Requires: /bin/grep
|
||||
Requires: python-pyasn1
|
||||
Requires: python-xml
|
||||
Requires: python2
|
||||
Requires: python2-libs
|
||||
Requires: sudo
|
||||
Requires: iptables
|
||||
Requires: systemd
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Requires: util-linux
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
|
@ -39,7 +36,7 @@ VMs in the Windows Azure cloud. This package should be installed on Linux disk
|
|||
images that are built to run in the Windows Azure environment.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
|
||||
%pre -p /bin/sh
|
||||
|
@ -51,10 +48,8 @@ python2 setup.py build -b py2
|
|||
python2 -tt setup.py build -b py2 install --prefix=%{_prefix} --lnx-distro='mariner' --root=%{buildroot} --force
|
||||
mkdir -p %{buildroot}/%{_localstatedir}/log
|
||||
mkdir -p -m 0700 %{buildroot}/%{_sharedstatedir}/waagent
|
||||
mkdir -p %{buildroot}/%{_localstatedir}/opt/waagent/log
|
||||
mkdir -p %{buildroot}/%{_localstatedir}/log/
|
||||
touch %{buildroot}/%{_localstatedir}/opt/waagent/log/waagent.log
|
||||
ln -sfv /opt/waagent/log/waagent.log %{buildroot}%{_localstatedir}/log/waagent.log
|
||||
mkdir -p %{buildroot}/%{_localstatedir}/log
|
||||
touch %{buildroot}/%{_localstatedir}/log/waagent.log
|
||||
|
||||
%check
|
||||
python2 setup.py check && python2 setup.py test
|
||||
|
@ -68,52 +63,73 @@ python2 setup.py check && python2 setup.py test
|
|||
%postun
|
||||
%systemd_postun_with_restart waagent.service
|
||||
|
||||
|
||||
%files
|
||||
/usr/lib/systemd/system/*
|
||||
%{_lib}/systemd/system/*
|
||||
%defattr(0644,root,root,0755)
|
||||
%license LICENSE.txt
|
||||
%doc Changelog
|
||||
%attr(0755,root,root) %{_bindir}/waagent
|
||||
%attr(0755,root,root) %{_bindir}/waagent2.0
|
||||
%attr(0755,root,root) %{_sbindir}/waagent
|
||||
%attr(0755,root,root) %{_sbindir}/waagent2.0
|
||||
%config %{_sysconfdir}/waagent.conf
|
||||
%dir %{_localstatedir}/opt/waagent/log
|
||||
%{_localstatedir}/log/waagent.log
|
||||
%ghost %{_localstatedir}/opt/waagent/log/waagent.log
|
||||
%ghost %{_localstatedir}/log/waagent.log
|
||||
%dir %attr(0700, root, root) %{_sharedstatedir}/waagent
|
||||
/usr/lib/python2.7/site-packages/*
|
||||
%{_lib}/python2.7/site-packages/*
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:21:22 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.2.38-3
|
||||
* Mon Jan 25 2021 Henry Beberman <henry.beberman@microsoft.com> 2.2.52-2
|
||||
- Remove log symlink and use /var/log/waagent.log directly
|
||||
|
||||
* Tue Dec 08 2020 Henry Li <lihl@microsoft.com> - 2.2.52-1
|
||||
- Upgrade to version 2.2.52
|
||||
- Update add-distro.patch
|
||||
|
||||
* Tue Dec 01 2020 Nicolas Ontiveros <niontive@microsoft.com> - 2.2.38-4
|
||||
- Move "waagent" and "waagent2.0" from bindir to sbindir
|
||||
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 2.2.38-3
|
||||
- Added %%license line automatically
|
||||
|
||||
* Thu Apr 09 2020 Nicolas Ontiveros <niontive@microsoft.com> 2.2.38-2
|
||||
- Remove toybox and only use util-linux for requires.
|
||||
|
||||
* Fri Mar 13 2020 Paul Monson <paulmon@microsoft.com> 2.2.38-1
|
||||
- Update to version 2.2.38. Source0 URL fixed. License verified.
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.2.35-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
|
||||
* Tue Feb 12 2019 Tapas Kundu <tkundu@vmware.com> 2.2.35-1
|
||||
- Update to 2.2.35
|
||||
|
||||
* Tue Oct 23 2018 Anish Swaminathan <anishs@vmware.com> 2.2.22-1
|
||||
- Update to 2.2.22
|
||||
|
||||
* Thu Dec 28 2017 Divya Thaluru <dthaluru@vmware.com> 2.2.14-3
|
||||
- Fixed the log file directory structure
|
||||
|
||||
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 2.2.14-2
|
||||
- Requires /bin/grep, /bin/sed and util-linux or toybox
|
||||
|
||||
* Thu Jul 13 2017 Anish Swaminathan <anishs@vmware.com> 2.2.14-1
|
||||
- Update to 2.2.14
|
||||
|
||||
* Thu Jun 01 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.0.18-4
|
||||
- Use python2 explicitly to build
|
||||
|
||||
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.0.18-3
|
||||
- GA - Bump release of all rpms
|
||||
|
||||
* Tue May 10 2016 Anish Swaminathan <anishs@vmware.com> 2.0.18-2
|
||||
- Edit post scripts
|
||||
|
||||
* Thu Apr 28 2016 Anish Swaminathan <anishs@vmware.com> 2.0.18-1
|
||||
- Update to 2.0.18
|
||||
|
||||
* Thu Jan 28 2016 Anish Swaminathan <anishs@vmware.com> 2.0.14-3
|
||||
- Removed redundant requires
|
||||
|
||||
* Thu Aug 6 2015 Anish Swaminathan <anishs@vmware.com>
|
||||
- Added sha1sum
|
||||
|
||||
* Fri Mar 13 2015 - mbassiouny@vmware.com
|
||||
- Initial packaging
|
||||
|
|
|
@ -1,27 +1,26 @@
|
|||
--- a/azurelinuxagent/common/osutil/factory.py 2019-02-12 18:32:02.014403649 +0530
|
||||
+++ b/azurelinuxagent/common/osutil/factory.py 2019-02-12 18:33:10.586401816 +0530
|
||||
@@ -21,6 +21,7 @@ from azurelinuxagent.common.version impo
|
||||
from .default import DefaultOSUtil
|
||||
--- a/azurelinuxagent/common/osutil/factory.py 2020-09-29 11:31:13.000000000 -0700
|
||||
+++ b/azurelinuxagent/common/osutil/factory.py 2020-12-08 14:54:58.878191794 -0800
|
||||
@@ -24,6 +24,7 @@
|
||||
from .arch import ArchUtil
|
||||
from .bigip import BigIpOSUtil
|
||||
from .clearlinux import ClearLinuxUtil
|
||||
+from .mariner import MarinerOSUtil
|
||||
from .coreos import CoreOSUtil
|
||||
from .debian import DebianOSUtil
|
||||
from .freebsd import FreeBSDOSUtil
|
||||
@@ -49,6 +50,10 @@ def get_osutil(distro_name=DISTRO_NAME,
|
||||
from .debian import DebianOSBaseUtil, DebianOSModernUtil
|
||||
from .default import DefaultOSUtil
|
||||
@@ -57,6 +58,9 @@
|
||||
|
||||
if "Clear Linux" in distro_full_name:
|
||||
return ClearLinuxUtil()
|
||||
|
||||
+
|
||||
+ if distro_name == "mariner":
|
||||
+ return MarinerOSUtil()
|
||||
+
|
||||
+
|
||||
|
||||
if distro_name == "ubuntu":
|
||||
if Version(distro_version) in [Version("12.04"), Version("12.10")]:
|
||||
return Ubuntu12OSUtil()
|
||||
--- a/azurelinuxagent/common/osutil/mariner.py 2019-02-12 18:42:54.290386210 +0530
|
||||
+++ b/azurelinuxagent/common/osutil/mariner.py 2019-02-12 18:34:43.254399338 +0530
|
||||
@@ -0,0 +1,88 @@
|
||||
--- a/azurelinuxagent/common/osutil/mariner.py 2020-12-08 22:14:27.843117432 -0800
|
||||
+++ b/azurelinuxagent/common/osutil/mariner.py 2020-12-08 22:52:05.926318033 -0800
|
||||
@@ -0,0 +1,89 @@
|
||||
+#
|
||||
+# Copyright 2017 Microsoft Corporation
|
||||
+#
|
||||
|
@ -37,7 +36,7 @@
|
|||
+# See the License for the specific language governing permissions and
|
||||
+# limitations under the License.
|
||||
+#
|
||||
+# Requires Python 2.4+ and Openssl 1.0+
|
||||
+# Requires Python 2.4 and Openssl 1.0
|
||||
+#
|
||||
+
|
||||
+import os
|
||||
|
@ -61,6 +60,7 @@
|
|||
+ def __init__(self):
|
||||
+ super(MarinerOSUtil, self).__init__()
|
||||
+ self.agent_conf_file_path = '/etc/waagent.conf'
|
||||
+ self.jit_enabled = True
|
||||
+
|
||||
+ def is_dhcp_enabled(self):
|
||||
+ return True
|
||||
|
@ -110,19 +110,21 @@
|
|||
+ except IOError as e:
|
||||
+ raise OSUtilError("Failed to delete root password:{0}".format(e))
|
||||
+ pass
|
||||
--- a/azurelinuxagent/common/version.py 2019-02-12 18:34:57.642398953 +0530
|
||||
+++ b/azurelinuxagent/common/version.py 2019-02-12 18:35:33.638397991 +0530
|
||||
@@ -100,6 +100,8 @@ def get_distro():
|
||||
\ No newline at end of file
|
||||
--- a/azurelinuxagent/common/version.py 2020-09-29 11:31:13.000000000 -0700
|
||||
+++ b/azurelinuxagent/common/version.py 2020-12-08 14:58:51.840248635 -0800
|
||||
@@ -100,6 +100,9 @@
|
||||
|
||||
if os.path.exists("/etc/euleros-release"):
|
||||
osinfo[0] = "euleros"
|
||||
+
|
||||
+ if os.path.exists("/etc/mariner-release"):
|
||||
+ osinfo[0] = "mariner"
|
||||
|
||||
# The platform.py lib has issue with detecting BIG-IP linux distribution.
|
||||
# Merge the following patch provided by F5.
|
||||
--- a/config/mariner/waagent.conf 2019-02-12 18:42:31.402386821 +0530
|
||||
+++ b/config/mariner/waagent.conf 2019-02-12 18:39:32.082391616 +0530
|
||||
--- a/config/mariner/waagent.conf 2020-12-08 22:15:55.038466254 -0800
|
||||
+++ b/config/mariner/waagent.conf 2020-12-08 15:06:48.272503589 -0800
|
||||
@@ -0,0 +1,80 @@
|
||||
+# Microsoft Azure Linux Agent Configuration
|
||||
+#
|
||||
|
@ -204,33 +206,33 @@
|
|||
+# handling until inVMArtifactsProfile.OnHold is false.
|
||||
+# Default is disabled
|
||||
+# EnableOverProvisioning=n
|
||||
--- a/init/mariner/waagent.service 2019-02-12 18:42:08.370387437 +0530
|
||||
+++ b/init/mariner/waagent.service 2019-02-12 18:40:31.090390038 +0530
|
||||
--- a/init/mariner/waagent.service 2020-12-08 22:16:40.614123434 -0800
|
||||
+++ b/init/mariner/waagent.service 2020-12-08 15:06:44.940529116 -0800
|
||||
@@ -0,0 +1,16 @@
|
||||
+[Unit]
|
||||
+Description=Azure Linux Agent
|
||||
+Wants=systemd-networkd-wait-online.service sshd.service sshd-keygen.service
|
||||
+After=systemd-networkd-wait-online.service cloud-init.service
|
||||
+
|
||||
+ConditionFileIsExecutable=/usr/bin/waagent
|
||||
+ConditionFileIsExecutable=/usr/sbin/waagent
|
||||
+ConditionPathExists=/etc/waagent.conf
|
||||
+
|
||||
+[Service]
|
||||
+Type=simple
|
||||
+ExecStart=/usr/bin/python -u /usr/bin/waagent -daemon
|
||||
+ExecStart=/usr/bin/python -u /usr/sbin/waagent -daemon
|
||||
+Restart=always
|
||||
+RestartSec=5
|
||||
+
|
||||
+[Install]
|
||||
+WantedBy=multi-user.target
|
||||
--- a/setup.py 2019-02-12 18:40:46.066389638 +0530
|
||||
+++ b/setup.py 2019-02-12 18:41:47.910387984 +0530
|
||||
@@ -113,6 +113,12 @@ def get_data_files(name, version, fullna
|
||||
--- a/setup.py 2020-09-29 11:31:13.000000000 -0700
|
||||
+++ b/setup.py 2020-12-08 15:04:44.289458366 -0800
|
||||
@@ -116,6 +116,12 @@
|
||||
src=["config/clearlinux/waagent.conf"])
|
||||
set_systemd_files(data_files, dest='/usr/lib/systemd/system',
|
||||
src=["init/clearlinux/waagent.service"])
|
||||
+ elif name == 'mariner':
|
||||
+ set_bin_files(data_files, dest="/usr/bin")
|
||||
+ set_bin_files(data_files)
|
||||
+ set_conf_files(data_files, dest="/etc",
|
||||
+ src=["config/mariner/waagent.conf"])
|
||||
+ set_systemd_files(data_files, dest='/usr/lib/systemd/system',
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Access control list utilities
|
||||
Name: acl
|
||||
Version: 2.2.53
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Source0: https://download-mirror.savannah.gnu.org/releases/acl/%{name}-%{version}.tar.gz
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
|
@ -56,6 +56,12 @@ chmod 0755 %{buildroot}%{_libdir}/libacl.so.*.*.*
|
|||
%find_lang %{name}
|
||||
|
||||
%check
|
||||
# Skip following four tests which fail due to lack of ACL support in tools like cp from coreutils
|
||||
# As noted in coreutils build log: "configure: WARNING: GNU coreutils will be built without ACL support."
|
||||
sed -e 's|test/cp.test||' -i test/Makemodule.am Makefile.in Makefile
|
||||
sed -e 's|test/root/permissions.test||' -i test/Makemodule.am Makefile.in Makefile
|
||||
sed -e 's|test/root/setfacl.test||' -i test/Makemodule.am Makefile.in Makefile
|
||||
sed -e 's|test/misc.test||' -i test/Makemodule.am Makefile.in Makefile
|
||||
if ./setfacl -m u:`id -u`:rwx .; then
|
||||
make %{?_smp_mflags} check
|
||||
else
|
||||
|
@ -91,6 +97,8 @@ fi
|
|||
%{_libdir}/libacl.so.*
|
||||
|
||||
%changelog
|
||||
* Tue Jan 26 2021 Andrew Phelps <anphel@microsoft.com> 2.2.53-5
|
||||
- Fix check tests.
|
||||
* Tue Apr 14 2020 Henry Beberman <henry.beberman@microsoft.com> 2.2.53-4
|
||||
- Update files to include license
|
||||
* Fri Mar 03 2020 Jon Slobodzian <joslobo@microsoft.com> 2.2.53-3
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"ansible-2.9.9.tar.gz": "e83d84ae8bf131c0499d8a4c0e1144bf969454c43086e61cca3c224227df29d1"
|
||||
"ansible-2.9.12.tar.gz": "7e95ddf719190b068fafc7d7c7877c218054cc5da4f6d9d794faf7bc66dab774"
|
||||
}
|
||||
}
|
|
@ -1,27 +1,22 @@
|
|||
%{!?python2_sitelib: %global python2_sitelib %(python2 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
|
||||
|
||||
Summary: Configuration-management, application deployment, cloud provisioning system
|
||||
Name: ansible
|
||||
Version: 2.9.9
|
||||
Version: 2.9.12
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
URL: https://www.ansible.com
|
||||
Group: Development/Libraries
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Development/Libraries
|
||||
URL: https://www.ansible.com
|
||||
Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz
|
||||
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python-setuptools
|
||||
BuildRequires: python2
|
||||
BuildRequires: python2-libs
|
||||
BuildRequires: python-setuptools
|
||||
|
||||
Requires: python2
|
||||
Requires: python2-libs
|
||||
# Required for %check
|
||||
Requires: python2-devel
|
||||
Requires: python2-libs
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
Ansible is a radically simple IT automation system. It handles configuration-management, application deployment, cloud provisioning, ad-hoc task-execution, and multinode orchestration - including trivializing things like zero downtime rolling updates with load balancers.
|
||||
|
@ -33,9 +28,8 @@ Ansible is a radically simple IT automation system. It handles configuration-man
|
|||
python2 setup.py build
|
||||
|
||||
%install
|
||||
%{__rm} -rf %{buildroot}
|
||||
python2 setup.py install -O1 --skip-build \
|
||||
--root "%{buildroot}"
|
||||
--root %{buildroot}
|
||||
|
||||
%check
|
||||
python2 setup.py test
|
||||
|
@ -47,23 +41,35 @@ python2 setup.py test
|
|||
%{python2_sitelib}/*
|
||||
|
||||
%changelog
|
||||
* Wed Dec 30 2020 Nicolas Ontiveros <niontive@microsoft.com> - 2.9.12-1
|
||||
- Upgrade to version 2.9.12, which resolves CVE-2020-10744
|
||||
|
||||
* Tue Jun 02 2020 Nicolas Ontiveros <niontive@microsoft.com> 2.9.9-1
|
||||
- Upgrade to version 2.9.9, which resolves CVE-2020-1733 and CVE-2020-1738.
|
||||
* Sat May 09 00:21:43 PST 2020 Nick Samson <nisamson@microsoft.com> 2.9.5-2
|
||||
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.9.5-2
|
||||
- Added %%license line automatically
|
||||
|
||||
* Wed Mar 18 2020 Emre Girgin <mrgirgin@microsoft.com> 2.9.5-1
|
||||
- Version update to 2.9.5. License verified.
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.7.6-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
|
||||
* Tue Jan 22 2019 Anish Swaminathan <anishs@vmware.com> 2.7.6-1
|
||||
- Version update to 2.7.6, fix CVE-2018-16876
|
||||
|
||||
* Mon Sep 17 2018 Ankit Jain <ankitja@vmware.com> 2.6.4-1
|
||||
- Version update to 2.6.4
|
||||
|
||||
* Thu Oct 12 2017 Anish Swaminathan <anishs@vmware.com> 2.4.0.0-1
|
||||
- Version update to 2.4.0.0
|
||||
|
||||
* Thu Jun 01 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.2.2.0-2
|
||||
- Use python2 explicitly
|
||||
|
||||
* Thu Apr 6 2017 Alexey Makhalov <amakhalov@vmware.com> 2.2.2.0-1
|
||||
- Version update
|
||||
|
||||
* Wed Sep 21 2016 Xiaolin Li <xiaolinl@vmware.com> 2.1.1.0-1
|
||||
- Initial build. First version
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: The Apache Portable Runtime
|
||||
Name: apr
|
||||
Version: 1.6.5
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: Apache License 2.0
|
||||
URL: https://apr.apache.org/
|
||||
Group: System Environment/Libraries
|
||||
|
@ -10,6 +10,12 @@ Distribution: Mariner
|
|||
Source0: http://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.gz
|
||||
%define sha1 %{name}=ebf4f15fa5003b1490550e260f5a57dc8a2ff0ac
|
||||
%define aprver 1
|
||||
|
||||
%if %{with_check}
|
||||
# test_serv_by_name test requires /etc/services file from iana-etc package
|
||||
BuildRequires: iana-etc
|
||||
%endif
|
||||
|
||||
%description
|
||||
The Apache Portable Runtime.
|
||||
%package devel
|
||||
|
@ -57,9 +63,10 @@ make %{?_smp_mflags} check
|
|||
%{_libdir}/pkgconfig
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:20:50 PST 2020 Nick Samson <nisamson@microsoft.com> - 1.6.5-3
|
||||
* Mon Dec 07 2020 Andrew Phelps <anphel@microsoft.com> 1.6.5-4
|
||||
- Fix check tests.
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.6.5-3
|
||||
- Added %%license line automatically
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.6.5-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
* Tue Sep 18 2018 Ankit Jain <ankitja@vmware.com> 1.6.5-1
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"aspnetcore-runtime-3.1.5-linux-x64.tar.gz": "bf202e612374eecf089b08db2085f36e54c09d6e93db0ff4244580ee47b9c61f"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
%define debug_package %{nil}
|
||||
Summary: Microsoft aspnetcore runtime
|
||||
Name: aspnetcore-runtime-3.1
|
||||
Version: 3.1.5
|
||||
Release: 1%{?dist}
|
||||
License: ASL 2.0
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Development/Tools
|
||||
URL: https://github.com/dotnet/aspnetcore
|
||||
Source0: https://download.visualstudio.microsoft.com/download/pr/6827d794-a218-4352-b3b3-a19ec773c975/e3e53bc2f20df220a29c6e09f74d8a00/aspnetcore-runtime-3.1.5-linux-x64.tar.gz
|
||||
Requires: dotnet-runtime-3.1
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
%description
|
||||
ASP.NET Core is an open-source and cross-platform framework for building
|
||||
modern cloud based internet connected applications, such as web apps,
|
||||
IoT apps and mobile backends
|
||||
|
||||
%prep
|
||||
%setup -qc -T -a 0 dotnet-runtime-%{version}
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}%{_libdir}/dotnet/shared
|
||||
cp -r shared/Microsoft.AspNetCore.App %{buildroot}%{_libdir}/dotnet/shared
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%license LICENSE.txt ThirdPartyNotices.txt
|
||||
%defattr(-,root,root,0755)
|
||||
%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App
|
||||
|
||||
%changelog
|
||||
* Thu Nov 12 2020 Henry Beberman <henry.beberman@microsoft.com> - 3.1.5-1
|
||||
- Add aspnetcore-runtime spec.
|
||||
- License verified
|
||||
- Original version for CBL-Mariner
|
|
@ -0,0 +1,15 @@
|
|||
diff -up at-3.1.14/at.c.export at-3.1.14/at.c
|
||||
--- at-3.1.14/at.c.export 2013-10-07 14:53:59.980521240 +0200
|
||||
+++ at-3.1.14/at.c 2013-10-07 14:54:35.722560527 +0200
|
||||
@@ -388,8 +388,9 @@ writefile(time_t runtimer, char queue)
|
||||
unsigned int i;
|
||||
for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) {
|
||||
export = export
|
||||
- && (strncmp(*atenv, no_export[i],
|
||||
- (size_t) (eqp - *atenv)) != 0);
|
||||
+ && ((((size_t) (eqp - *atenv)) != strlen(no_export[i]))
|
||||
+ ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0)
|
||||
+ );
|
||||
}
|
||||
eqp++;
|
||||
}
|
|
@ -0,0 +1,62 @@
|
|||
diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c
|
||||
--- at-3.1.14/atd.c.mail 2013-12-04 11:39:44.556239282 +0100
|
||||
+++ at-3.1.14/atd.c 2013-12-04 11:40:50.544234246 +0100
|
||||
@@ -100,6 +100,10 @@ int selinux_enabled=0;
|
||||
#define BATCH_INTERVAL_DEFAULT 60
|
||||
#define CHECK_INTERVAL 3600
|
||||
|
||||
+#ifndef MAXHOSTNAMELEN
|
||||
+#define MAXHOSTNAMELEN 64
|
||||
+#endif
|
||||
+
|
||||
/* Global variables */
|
||||
|
||||
uid_t real_uid, effective_uid;
|
||||
@@ -117,6 +121,7 @@ static time_t last_chg;
|
||||
static int nothing_to_do;
|
||||
unsigned int batch_interval;
|
||||
static int run_as_daemon = 0;
|
||||
+static int mail_with_hostname = 0;
|
||||
|
||||
static volatile sig_atomic_t term_signal = 0;
|
||||
|
||||
@@ -298,6 +303,7 @@ run_file(const char *filename, uid_t uid
|
||||
char fmt[64];
|
||||
unsigned long jobno;
|
||||
int rc;
|
||||
+ char hostbuf[MAXHOSTNAMELEN];
|
||||
#ifdef WITH_PAM
|
||||
int retcode;
|
||||
#endif
|
||||
@@ -452,6 +458,11 @@ run_file(const char *filename, uid_t uid
|
||||
|
||||
write_string(fd_out, "Subject: Output from your job ");
|
||||
write_string(fd_out, jobbuf);
|
||||
+ if (mail_with_hostname > 0) {
|
||||
+ gethostname(hostbuf, MAXHOSTNAMELEN-1);
|
||||
+ write_string(fd_out, " ");
|
||||
+ write_string(fd_out, hostbuf);
|
||||
+ }
|
||||
write_string(fd_out, "\nTo: ");
|
||||
write_string(fd_out, mailname);
|
||||
write_string(fd_out, "\n\n");
|
||||
@@ -843,7 +854,7 @@ main(int argc, char *argv[])
|
||||
run_as_daemon = 1;
|
||||
batch_interval = BATCH_INTERVAL_DEFAULT;
|
||||
|
||||
- while ((c = getopt(argc, argv, "sdl:b:f")) != EOF) {
|
||||
+ while ((c = getopt(argc, argv, "sdnl:b:f")) != EOF) {
|
||||
switch (c) {
|
||||
case 'l':
|
||||
if (sscanf(optarg, "%lf", &load_avg) != 1)
|
||||
@@ -865,6 +876,10 @@ main(int argc, char *argv[])
|
||||
daemon_foreground++;
|
||||
break;
|
||||
|
||||
+ case 'n':
|
||||
+ mail_with_hostname=1;
|
||||
+ break;
|
||||
+
|
||||
case 's':
|
||||
run_as_daemon = 0;
|
||||
break;
|
|
@ -0,0 +1,17 @@
|
|||
diff -up at-3.1.14/at.c.opt at-3.1.14/at.c
|
||||
--- at-3.1.14/at.c.opt 2013-09-26 16:54:29.920476315 +0200
|
||||
+++ at-3.1.14/at.c 2013-09-26 16:55:06.301562646 +0200
|
||||
@@ -842,10 +842,9 @@ main(int argc, char **argv)
|
||||
*/
|
||||
|
||||
if (disp_version) {
|
||||
- fprintf(stderr, "at version " VERSION "\n"
|
||||
- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n"
|
||||
- "or contact the maintainers (at@packages.debian.org).\n");
|
||||
- exit(EXIT_SUCCESS);
|
||||
+ fprintf(stderr, "at version " VERSION "\n");
|
||||
+ if (argc == 2)
|
||||
+ exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
/* select our program
|
|
@ -0,0 +1,111 @@
|
|||
diff -up at-3.1.14/atd.c.timers at-3.1.14/atd.c
|
||||
--- at-3.1.14/atd.c.timers 2013-12-02 11:03:01.250080057 +0100
|
||||
+++ at-3.1.14/atd.c 2013-12-02 11:06:15.560243498 +0100
|
||||
@@ -831,6 +831,54 @@ run_loop()
|
||||
return next_job;
|
||||
}
|
||||
|
||||
+#ifdef HAVE_TIMER_CREATE
|
||||
+timer_t timer;
|
||||
+struct itimerspec timeout;
|
||||
+
|
||||
+void timer_setup()
|
||||
+{
|
||||
+ struct sigevent sev;
|
||||
+
|
||||
+ sev.sigev_notify = SIGEV_SIGNAL;
|
||||
+ sev.sigev_signo = SIGHUP;
|
||||
+ sev.sigev_value.sival_ptr = &timer;
|
||||
+
|
||||
+ memset(&timeout, 0, sizeof(timeout));
|
||||
+
|
||||
+ if (timer_create(CLOCK_REALTIME, &sev, &timer) < 0)
|
||||
+ pabort("unable to create timer");
|
||||
+}
|
||||
+
|
||||
+time_t atd_gettime()
|
||||
+{
|
||||
+ struct timespec curtime;
|
||||
+
|
||||
+ clock_gettime(CLOCK_REALTIME, &curtime);
|
||||
+
|
||||
+ return curtime.tv_sec;
|
||||
+}
|
||||
+
|
||||
+void atd_setalarm(time_t next)
|
||||
+{
|
||||
+ timeout.it_value.tv_sec = next;
|
||||
+ timer_settime(timer, TIMER_ABSTIME, &timeout, NULL);
|
||||
+ pause();
|
||||
+}
|
||||
+#else
|
||||
+void timer_setup()
|
||||
+{
|
||||
+}
|
||||
+
|
||||
+time_t atd_gettime()
|
||||
+{
|
||||
+ return time(NULL);
|
||||
+}
|
||||
+
|
||||
+void atd_setalarm(time_t next)
|
||||
+{
|
||||
+ sleep(next - atd_gettime());
|
||||
+}
|
||||
+#endif
|
||||
/* Global functions */
|
||||
|
||||
int
|
||||
@@ -936,7 +984,7 @@ main(int argc, char *argv[])
|
||||
sigaction(SIGCHLD, &act, NULL);
|
||||
|
||||
if (!run_as_daemon) {
|
||||
- now = time(NULL);
|
||||
+ now = atd_gettime();
|
||||
run_loop();
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
@@ -959,13 +1007,14 @@ main(int argc, char *argv[])
|
||||
act.sa_handler = set_term;
|
||||
sigaction(SIGINT, &act, NULL);
|
||||
|
||||
+ timer_setup();
|
||||
daemon_setup();
|
||||
|
||||
do {
|
||||
- now = time(NULL);
|
||||
+ now = atd_gettime();
|
||||
next_invocation = run_loop();
|
||||
if (next_invocation > now) {
|
||||
- sleep(next_invocation - now);
|
||||
+ atd_setalarm(next_invocation);
|
||||
}
|
||||
} while (!term_signal);
|
||||
daemon_cleanup();
|
||||
diff -up at-3.1.14/config.h.in.timers at-3.1.14/config.h.in
|
||||
--- at-3.1.14/config.h.in.timers 2013-12-02 11:00:27.000000000 +0100
|
||||
+++ at-3.1.14/config.h.in 2013-12-02 11:02:06.521033976 +0100
|
||||
@@ -38,6 +38,9 @@
|
||||
/* Define to 1 if you have the `getloadavg' function. */
|
||||
#undef HAVE_GETLOADAVG
|
||||
|
||||
+/* Define to 1 if you have the `timer_create' function. */
|
||||
+#undef HAVE_TIMER_CREATE
|
||||
+
|
||||
/* Define to 1 if you have the <getopt.h> header file. */
|
||||
#undef HAVE_GETOPT_H
|
||||
|
||||
diff -up at-3.1.14/configure.ac.timers at-3.1.14/configure.ac
|
||||
--- at-3.1.14/configure.ac.timers 2013-12-02 11:00:27.000000000 +0100
|
||||
+++ at-3.1.14/configure.ac 2013-12-02 11:02:45.217066560 +0100
|
||||
@@ -254,6 +254,10 @@ AC_CHECK_LIB(selinux, is_selinux_enabled
|
||||
AC_SUBST(SELINUXLIB)
|
||||
AC_SUBST(WITH_SELINUX)
|
||||
|
||||
+dnl check for POSIX timer functions
|
||||
+AC_SEARCH_LIBS([timer_create],[rt])
|
||||
+AC_CHECK_FUNCS([timer_create])
|
||||
+
|
||||
AC_MSG_CHECKING(groupname to run under)
|
||||
AC_ARG_WITH(daemon_groupname,
|
||||
[ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
|
|
@ -0,0 +1,42 @@
|
|||
diff -up at-3.1.16/atd.c.clear-nonjobs at-3.1.16/atd.c
|
||||
--- at-3.1.16/atd.c.clear-nonjobs 2014-12-11 10:32:24.000000000 +0100
|
||||
+++ at-3.1.16/atd.c 2015-09-09 11:40:22.544679351 +0200
|
||||
@@ -414,10 +414,22 @@ run_file(const char *filename, uid_t uid
|
||||
sprintf(fmt, "#!/bin/sh\n# atrun uid=%%d gid=%%d\n# mail %%%ds %%d",
|
||||
mailsize );
|
||||
|
||||
+ /* Unlink the file unless there was an error reading it (perhaps
|
||||
+ * temporary).
|
||||
+ * If the file has a bogus format there is no reason in trying
|
||||
+ * to run it again and again.
|
||||
+ */
|
||||
if (fscanf(stream, fmt,
|
||||
- &nuid, &ngid, mailname, &send_mail) != 4)
|
||||
- pabort("File %.500s is in wrong format - aborting",
|
||||
- filename);
|
||||
+ &nuid, &ngid, mailname, &send_mail) != 4) {
|
||||
+ if (ferror(stream))
|
||||
+ perr("Error reading the job file");
|
||||
+
|
||||
+ unlink(filename);
|
||||
+ pabort("File %.500s is in wrong format - aborting",
|
||||
+ filename);
|
||||
+ }
|
||||
+
|
||||
+ unlink(filename);
|
||||
|
||||
if (mailname[0] == '-')
|
||||
pabort("illegal mail name %.300s in job %8lu (%.300s)", mailname,
|
||||
@@ -427,12 +439,6 @@ run_file(const char *filename, uid_t uid
|
||||
pabort("Job %8lu (%.500s) - userid %d does not match file uid %d",
|
||||
jobno, filename, nuid, uid);
|
||||
|
||||
- /* We are now committed to executing this script. Unlink the
|
||||
- * original.
|
||||
- */
|
||||
-
|
||||
- unlink(filename);
|
||||
-
|
||||
fclose(stream);
|
||||
if (chdir(ATSPOOL_DIR) < 0)
|
||||
perr("Cannot chdir to " ATSPOOL_DIR);
|
|
@ -0,0 +1,26 @@
|
|||
diff -up at-3.1.16/at.c.fclose at-3.1.16/at.c
|
||||
--- at-3.1.16/at.c.fclose 2014-11-06 16:11:28.000000000 +0100
|
||||
+++ at-3.1.16/at.c 2014-11-24 15:30:12.704502966 +0100
|
||||
@@ -209,7 +209,11 @@ nextjob()
|
||||
jobno = (1 + jobno) % 0xfffff; /* 2^20 jobs enough? */
|
||||
fprintf(fid, "%05lx\n", jobno);
|
||||
|
||||
- fclose(fid);
|
||||
+ if (ferror(fid))
|
||||
+ jobno = EOF;
|
||||
+
|
||||
+ if (fclose(fid) != 0)
|
||||
+ jobno = EOF;
|
||||
return jobno;
|
||||
}
|
||||
|
||||
@@ -494,7 +498,8 @@ writefile(time_t runtimer, char queue)
|
||||
if (ferror(stdin))
|
||||
panic("Input error");
|
||||
|
||||
- fclose(fp);
|
||||
+ if (fclose(fp) != 0)
|
||||
+ panic("Output error");
|
||||
|
||||
/* Set the x bit so that we're ready to start executing
|
||||
*/
|
|
@ -0,0 +1,82 @@
|
|||
diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in
|
||||
--- at-3.1.18/Makefile.in.make 2015-12-06 16:45:10.000000000 +0100
|
||||
+++ at-3.1.18/Makefile.in 2016-03-23 12:38:15.652898579 +0100
|
||||
@@ -68,13 +68,13 @@ LIST = Filelist Filelist.asc
|
||||
all: at atd atd.service atrun
|
||||
|
||||
at: $(ATOBJECTS)
|
||||
- $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
|
||||
+ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
|
||||
rm -f $(CLONES)
|
||||
$(LN_S) -f at atq
|
||||
$(LN_S) -f at atrm
|
||||
|
||||
atd: $(RUNOBJECTS)
|
||||
- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
|
||||
+ $(CC) $(LDFLAGS) -pie -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
|
||||
|
||||
y.tab.c y.tab.h: parsetime.y
|
||||
$(YACC) -d parsetime.y
|
||||
@@ -89,38 +89,41 @@ atrun: atrun.in
|
||||
configure
|
||||
|
||||
.c.o:
|
||||
- $(CC) -c $(CFLAGS) $(DEFS) $*.c
|
||||
+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c
|
||||
|
||||
install: all
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir)
|
||||
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
|
||||
- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(bindir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(docdir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/
|
||||
+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
|
||||
+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
|
||||
+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
|
||||
touch $(IROOT)$(LFILE)
|
||||
chmod 600 $(IROOT)$(LFILE)
|
||||
chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE)
|
||||
- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/
|
||||
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir)
|
||||
+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/
|
||||
+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd
|
||||
+ $(INSTALL) -m 4755 at $(IROOT)$(bindir)
|
||||
$(LN_S) -f at $(IROOT)$(bindir)/atq
|
||||
$(LN_S) -f at $(IROOT)$(bindir)/atrm
|
||||
- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir)
|
||||
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir)
|
||||
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir)
|
||||
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir)
|
||||
- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir)
|
||||
- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir)
|
||||
- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/
|
||||
+ $(INSTALL) -m 755 batch $(IROOT)$(bindir)
|
||||
+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir)
|
||||
+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir)
|
||||
+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir)
|
||||
+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir)
|
||||
+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir)
|
||||
+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/
|
||||
cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1
|
||||
- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/
|
||||
+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/
|
||||
sed "s,\$${exec_prefix},$(exec_prefix),g" <atrun.8>tmpman
|
||||
- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
|
||||
+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
|
||||
rm -f tmpman
|
||||
- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/
|
||||
+ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/
|
||||
cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5
|
||||
- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir)
|
||||
+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir)
|
||||
rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
|
||||
$(IROOT)$(mandir)/cat1/atq.1*
|
||||
rm -f $(IROOT)$(mandir)/cat1/atd.8*
|
|
@ -0,0 +1,80 @@
|
|||
diff -up at-3.1.18/atd.c.nit at-3.1.18/atd.c
|
||||
--- at-3.1.18/atd.c.nit 2016-03-23 12:46:49.222277787 +0100
|
||||
+++ at-3.1.18/atd.c 2016-03-23 12:47:50.521639804 +0100
|
||||
@@ -196,6 +196,18 @@ myfork()
|
||||
|
||||
#define fork myfork
|
||||
#endif
|
||||
+#undef ATD_MAIL_PROGRAM
|
||||
+#undef ATD_MAIL_NAME
|
||||
+#if defined(SENDMAIL)
|
||||
+#define ATD_MAIL_PROGRAM SENDMAIL
|
||||
+#define ATD_MAIL_NAME "sendmail"
|
||||
+#elif defined(MAILC)
|
||||
+#define ATD_MAIL_PROGRAM MAILC
|
||||
+#define ATD_MAIL_NAME "mail"
|
||||
+#elif defined(MAILX)
|
||||
+#define ATD_MAIL_PROGRAM MAILX
|
||||
+#define ATD_MAIL_NAME "mailx"
|
||||
+#endif
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
static int
|
||||
@@ -339,6 +351,9 @@ run_file(const char *filename, uid_t uid
|
||||
free(newname);
|
||||
return;
|
||||
}
|
||||
+
|
||||
+ (void) setsid(); /* own session for process */
|
||||
+
|
||||
/* Let's see who we mail to. Hopefully, we can read it from
|
||||
* the command file; if not, send it to the owner, or, failing that,
|
||||
* to root.
|
||||
@@ -507,6 +522,9 @@ run_file(const char *filename, uid_t uid
|
||||
if (setuid(uid) < 0)
|
||||
perr("Cannot set user id");
|
||||
|
||||
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
|
||||
+ perr("Cannot reset signal handler to default");
|
||||
+
|
||||
chdir("/");
|
||||
|
||||
execle("/bin/sh", "sh", (char *) NULL, nenvp);
|
||||
@@ -572,6 +590,9 @@ run_file(const char *filename, uid_t uid
|
||||
if (setuid(uid) < 0)
|
||||
perr("Cannot set user id");
|
||||
|
||||
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
|
||||
+ perr("Cannot reset signal handler to default");
|
||||
+
|
||||
chdir ("/");
|
||||
|
||||
#if defined(SENDMAIL)
|
||||
@@ -699,6 +720,7 @@ run_loop()
|
||||
* Let's remove the lockfile and reschedule.
|
||||
*/
|
||||
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
|
||||
+ lock_name[sizeof(lock_name)-1] = '\0';
|
||||
lock_name[0] = '=';
|
||||
unlink(lock_name);
|
||||
next_job = now;
|
||||
@@ -733,6 +755,7 @@ run_loop()
|
||||
run_batch++;
|
||||
if (strcmp(batch_name, dirent->d_name) > 0) {
|
||||
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
|
||||
+ batch_name[sizeof(batch_name)-1] = '\0';
|
||||
batch_uid = buf.st_uid;
|
||||
batch_gid = buf.st_gid;
|
||||
batch_queue = queue;
|
||||
diff -up at-3.1.18/at.1.in.nit at-3.1.18/at.1.in
|
||||
--- at-3.1.18/at.1.in.nit 2015-12-06 16:45:10.000000000 +0100
|
||||
+++ at-3.1.18/at.1.in 2016-03-23 12:46:49.226277876 +0100
|
||||
@@ -210,7 +210,7 @@ queue for
|
||||
.BR batch .
|
||||
Queues with higher letters run with increased niceness. The special
|
||||
queue "=" is reserved for jobs which are currently running.
|
||||
-.P
|
||||
+
|
||||
If a job is submitted to a queue designated with an uppercase letter, the
|
||||
job is treated as if it were submitted to batch at the time of the job.
|
||||
Once the time is reached, the batch processing rules with respect to load
|
|
@ -0,0 +1,43 @@
|
|||
diff -up at-3.1.18/atd.c.noabort at-3.1.18/atd.c
|
||||
--- at-3.1.18/atd.c.noabort 2016-03-23 12:49:15.147520116 +0100
|
||||
+++ at-3.1.18/atd.c 2016-03-23 12:49:15.148520138 +0100
|
||||
@@ -349,9 +349,12 @@ run_file(const char *filename, uid_t uid
|
||||
*/
|
||||
|
||||
pid = fork();
|
||||
- if (pid == -1)
|
||||
- perr("Cannot fork");
|
||||
-
|
||||
+ if (pid == -1) {
|
||||
+ lerr("Cannot fork for job execution");
|
||||
+ free(mailname);
|
||||
+ free(newname);
|
||||
+ return;
|
||||
+ }
|
||||
else if (pid != 0) {
|
||||
free(mailname);
|
||||
free(newname);
|
||||
@@ -669,15 +672,19 @@ run_loop()
|
||||
* up.
|
||||
*/
|
||||
|
||||
- if (stat(".", &buf) == -1)
|
||||
- perr("Cannot stat " ATJOB_DIR);
|
||||
+ if (stat(".", &buf) == -1) {
|
||||
+ lerr("Cannot stat " ATJOB_DIR);
|
||||
+ return next_job;
|
||||
+ }
|
||||
|
||||
if (nothing_to_do && buf.st_mtime <= last_chg)
|
||||
return next_job;
|
||||
last_chg = buf.st_mtime;
|
||||
|
||||
- if ((spool = opendir(".")) == NULL)
|
||||
- perr("Cannot read " ATJOB_DIR);
|
||||
+ if ((spool = opendir(".")) == NULL) {
|
||||
+ lerr("Cannot read " ATJOB_DIR);
|
||||
+ return next_job;
|
||||
+ }
|
||||
|
||||
run_batch = 0;
|
||||
nothing_to_do = 1;
|
|
@ -0,0 +1,24 @@
|
|||
diff -up at-3.1.18/parsetime.y.dst at-3.1.18/parsetime.y
|
||||
--- at-3.1.18/parsetime.y.dst 2015-12-06 16:45:10.000000000 +0100
|
||||
+++ at-3.1.18/parsetime.y 2015-07-01 13:53:14.088881926 +0200
|
||||
@@ -476,8 +476,8 @@ parsetime(time_t currtime, int argc, cha
|
||||
exectm = *localtime(&currtime);
|
||||
currtime -= exectm.tm_sec;
|
||||
exectm.tm_sec = 0;
|
||||
- exectm.tm_isdst = -1;
|
||||
memcpy(&currtm,&exectm,sizeof(currtm));
|
||||
+ exectm.tm_isdst = -1;
|
||||
time_only = 0;
|
||||
yearspec = 0;
|
||||
|
||||
@@ -503,8 +503,8 @@ parsetime(time_t currtime, int argc, cha
|
||||
return 0;
|
||||
if (isgmt) {
|
||||
exectime -= timezone;
|
||||
- if (currtm.tm_isdst && !exectm.tm_isdst)
|
||||
- exectime -= 3600;
|
||||
+ if (exectm.tm_isdst)
|
||||
+ exectime += 3600;
|
||||
}
|
||||
if (exectime < currtime)
|
||||
panic("refusing to create job destined in the past");
|
|
@ -0,0 +1,22 @@
|
|||
diff -up at-3.1.20/atd.c.aborted at-3.1.20/atd.c
|
||||
--- at-3.1.20/atd.c.aborted 2017-09-14 15:31:47.971486148 +0200
|
||||
+++ at-3.1.20/atd.c 2017-09-14 15:43:53.506567281 +0200
|
||||
@@ -731,12 +731,17 @@ run_loop()
|
||||
/* Is the file already locked?
|
||||
*/
|
||||
if (buf.st_nlink > 1) {
|
||||
+ if (run_time < buf.st_mtime)
|
||||
+ run_time = buf.st_mtime;
|
||||
if (run_time + CHECK_INTERVAL <= now) {
|
||||
-
|
||||
/* Something went wrong the last time this was executed.
|
||||
* Let's remove the lockfile and reschedule.
|
||||
+ * We also change the timestamp to avoid rerunning the job more
|
||||
+ * than once every CHECK_INTERVAL.
|
||||
*/
|
||||
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
|
||||
+ if (utime(lock_name, 0) < 0)
|
||||
+ syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name);
|
||||
lock_name[sizeof(lock_name)-1] = '\0';
|
||||
lock_name[0] = '=';
|
||||
unlink(lock_name);
|
|
@ -0,0 +1,108 @@
|
|||
diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c
|
||||
--- at-3.1.20/atd.c.lock-locks 2016-07-01 10:41:50.640867692 +0200
|
||||
+++ at-3.1.20/atd.c 2016-07-01 10:42:32.345844967 +0200
|
||||
@@ -74,6 +74,9 @@
|
||||
#include <syslog.h>
|
||||
#endif
|
||||
|
||||
+#include <sys/file.h>
|
||||
+#include <utime.h>
|
||||
+
|
||||
/* Local headers */
|
||||
|
||||
#include "privs.h"
|
||||
@@ -288,7 +291,7 @@ run_file(const char *filename, uid_t uid
|
||||
* mail to the user.
|
||||
*/
|
||||
pid_t pid;
|
||||
- int fd_out, fd_in;
|
||||
+ int fd_out, fd_in, fd_std;
|
||||
char jobbuf[9];
|
||||
char *mailname = NULL;
|
||||
int mailsize = 128;
|
||||
@@ -410,6 +413,10 @@ run_file(const char *filename, uid_t uid
|
||||
|
||||
fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC);
|
||||
|
||||
+ if (flock(fd_in, LOCK_EX | LOCK_NB) != 0)
|
||||
+ perr("Somebody already locked the job %8lu (%.500s) - "
|
||||
+ "aborting", jobno, filename);
|
||||
+
|
||||
/*
|
||||
* If the spool directory is mounted via NFS `atd' isn't able to
|
||||
* read from the job file and will bump out here. The file is
|
||||
@@ -553,10 +560,7 @@ run_file(const char *filename, uid_t uid
|
||||
PRIV_END
|
||||
}
|
||||
/* We're the parent. Let's wait.
|
||||
- */
|
||||
- close(fd_in);
|
||||
-
|
||||
- /* We inherited the master's SIGCHLD handler, which does a
|
||||
+ We inherited the master's SIGCHLD handler, which does a
|
||||
non-blocking waitpid. So this blocking one will eventually
|
||||
return with an ECHILD error.
|
||||
*/
|
||||
@@ -573,14 +577,14 @@ run_file(const char *filename, uid_t uid
|
||||
/* some sendmail implementations are confused if stdout, stderr are
|
||||
* not available, so let them point to /dev/null
|
||||
*/
|
||||
- if ((fd_in = open("/dev/null", O_WRONLY)) < 0)
|
||||
+ if ((fd_std = open("/dev/null", O_WRONLY)) < 0)
|
||||
perr("Could not open /dev/null.");
|
||||
- if (dup2(fd_in, STDOUT_FILENO) < 0)
|
||||
+ if (dup2(fd_std, STDOUT_FILENO) < 0)
|
||||
perr("Could not use /dev/null as standard output.");
|
||||
- if (dup2(fd_in, STDERR_FILENO) < 0)
|
||||
+ if (dup2(fd_std, STDERR_FILENO) < 0)
|
||||
perr("Could not use /dev/null as standard error.");
|
||||
- if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO)
|
||||
- close(fd_in);
|
||||
+ if (fd_std != STDOUT_FILENO && fd_std != STDERR_FILENO)
|
||||
+ close(fd_std);
|
||||
|
||||
if (unlink(filename) == -1)
|
||||
syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s",
|
||||
@@ -588,7 +592,12 @@ run_file(const char *filename, uid_t uid
|
||||
|
||||
/* The job is now finished. We can delete its input file.
|
||||
*/
|
||||
- chdir(ATJOB_DIR);
|
||||
+ if (chdir(ATJOB_DIR) != 0)
|
||||
+ perr("Somebody removed %s directory from under us.", ATJOB_DIR);
|
||||
+
|
||||
+ /* This also removes the flock */
|
||||
+ (void)close(fd_in);
|
||||
+
|
||||
unlink(newname);
|
||||
free(newname);
|
||||
|
||||
@@ -723,16 +732,18 @@ run_loop()
|
||||
|
||||
/* Skip lock files */
|
||||
if (queue == '=') {
|
||||
- /* FIXME: calhariz */
|
||||
- /* I think the following code is broken, but commenting
|
||||
- may haven unknow side effects. Make a release and see
|
||||
- in the wild how it works. For more information see:
|
||||
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818508/*
|
||||
-
|
||||
- /* if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { */
|
||||
- /* /\* Remove stale lockfile FIXME: lock the lockfile, if you fail, it's still in use. *\/ */
|
||||
- /* unlink(dirent->d_name); */
|
||||
- /* } */
|
||||
+ if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) {
|
||||
+ int fd;
|
||||
+
|
||||
+ fd = open(dirent->d_name, O_RDONLY);
|
||||
+ if (fd != -1) {
|
||||
+ if (flock(fd, LOCK_EX | LOCK_NB) == 0) {
|
||||
+ unlink(dirent->d_name);
|
||||
+ syslog(LOG_NOTICE, "removing stale lock file %s\n", dirent->d_name);
|
||||
+ }
|
||||
+ (void)close(fd);
|
||||
+ }
|
||||
+ }
|
||||
continue;
|
||||
}
|
||||
/* Skip any other file types which may have been invented in
|
|
@ -0,0 +1,14 @@
|
|||
diff -up at-3.1.20/atd.c.log-jobs at-3.1.20/atd.c
|
||||
--- at-3.1.20/atd.c.log-jobs 2018-05-23 15:09:35.158362293 +0200
|
||||
+++ at-3.1.20/atd.c 2018-05-23 15:18:39.153965582 +0200
|
||||
@@ -376,6 +376,10 @@ run_file(const char *filename, uid_t uid
|
||||
pabort("Userid %lu not found - aborting job %8lu (%.500s)",
|
||||
(unsigned long) uid, jobno, filename);
|
||||
}
|
||||
+
|
||||
+ syslog(LOG_INFO, "Starting job %lu (%.500s) for user '%s' (%lu)",
|
||||
+ jobno, filename, pentry->pw_name, (unsigned long) uid);
|
||||
+
|
||||
PRIV_START
|
||||
|
||||
stream = fopen(filename, "r");
|
|
@ -0,0 +1,436 @@
|
|||
diff -up at-3.1.20/at.c.pam at-3.1.20/at.c
|
||||
--- at-3.1.20/at.c.pam 2016-06-28 22:18:00.000000000 +0200
|
||||
+++ at-3.1.20/at.c 2016-07-01 09:44:22.251683924 +0200
|
||||
@@ -144,18 +144,13 @@ sigc(int signo)
|
||||
/* If the user presses ^C, remove the spool file and exit
|
||||
*/
|
||||
if (fcreated) {
|
||||
- /*
|
||||
PRIV_START
|
||||
-
|
||||
+ /*
|
||||
We need the unprivileged uid here since the file is owned by the real
|
||||
(not effective) uid.
|
||||
*/
|
||||
- setregid(real_gid, effective_gid);
|
||||
- unlink(atfile);
|
||||
- setregid(effective_gid, real_gid);
|
||||
- /*
|
||||
+ unlink(atfile);
|
||||
PRIV_END
|
||||
- */
|
||||
}
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
@@ -315,26 +310,19 @@ writefile(time_t runtimer, char queue)
|
||||
* bit. Yes, this is a kluge.
|
||||
*/
|
||||
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
|
||||
- seteuid(real_uid);
|
||||
+ if ((seteuid(effective_uid)) < 0)
|
||||
+ perr("Error in seteuid: %s", errno);
|
||||
if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1)
|
||||
perr("Cannot create atjob file %.500s", atfile);
|
||||
- seteuid(effective_uid);
|
||||
|
||||
if ((fd2 = dup(fd)) < 0)
|
||||
perr("Error in dup() of job file");
|
||||
|
||||
- /*
|
||||
if (fchown(fd2, real_uid, real_gid) != 0)
|
||||
- perr("Cannot give away file");
|
||||
- */
|
||||
+ perr("Cannot give real_uid and real_gid the file");
|
||||
|
||||
PRIV_END
|
||||
|
||||
- /* We no longer need suid root; now we just need to be able to write
|
||||
- * to the directory, if necessary.
|
||||
- */
|
||||
-
|
||||
- REDUCE_PRIV(daemon_uid, daemon_gid)
|
||||
/* We've successfully created the file; let's set the flag so it
|
||||
* gets removed in case of an interrupt or error.
|
||||
*/
|
||||
@@ -673,7 +661,7 @@ process_jobs(int argc, char **argv, int
|
||||
We need the unprivileged uid here since the file is owned by the real
|
||||
(not effective) uid.
|
||||
*/
|
||||
- setregid(real_gid, effective_gid);
|
||||
+ PRIV_START
|
||||
|
||||
if (queue == '=') {
|
||||
fprintf(stderr, "Warning: deleting running job\n");
|
||||
@@ -682,8 +670,8 @@ process_jobs(int argc, char **argv, int
|
||||
perr("Cannot unlink %.500s", dirent->d_name);
|
||||
rc = EXIT_FAILURE;
|
||||
}
|
||||
+ PRIV_END
|
||||
|
||||
- setregid(effective_gid, real_gid);
|
||||
done = 1;
|
||||
|
||||
break;
|
||||
@@ -693,7 +681,7 @@ process_jobs(int argc, char **argv, int
|
||||
FILE *fp;
|
||||
int ch;
|
||||
|
||||
- setregid(real_gid, effective_gid);
|
||||
+ PRIV_START
|
||||
fp = fopen(dirent->d_name, "r");
|
||||
|
||||
if (fp) {
|
||||
@@ -706,7 +694,7 @@ process_jobs(int argc, char **argv, int
|
||||
perr("Cannot open %.500s", dirent->d_name);
|
||||
rc = EXIT_FAILURE;
|
||||
}
|
||||
- setregid(effective_gid, real_gid);
|
||||
+ PRIV_END
|
||||
}
|
||||
break;
|
||||
|
||||
diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c
|
||||
--- at-3.1.20/atd.c.pam 2016-06-28 22:14:39.000000000 +0200
|
||||
+++ at-3.1.20/atd.c 2016-07-01 09:44:22.251683924 +0200
|
||||
@@ -91,6 +91,10 @@ int selinux_enabled = 0;
|
||||
|
||||
/* Macros */
|
||||
|
||||
+#ifndef LOG_ATD
|
||||
+#define LOG_ATD LOG_DAEMON
|
||||
+#endif
|
||||
+
|
||||
#define BATCH_INTERVAL_DEFAULT 60
|
||||
#define CHECK_INTERVAL 3600
|
||||
|
||||
@@ -114,7 +118,7 @@ static int run_as_daemon = 0;
|
||||
|
||||
static volatile sig_atomic_t term_signal = 0;
|
||||
|
||||
-#ifdef HAVE_PAM
|
||||
+#ifdef WITH_PAM
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
static pam_handle_t *pamh = NULL;
|
||||
@@ -123,15 +127,7 @@ static const struct pam_conv conv = {
|
||||
NULL
|
||||
};
|
||||
|
||||
-#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
|
||||
- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
|
||||
- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
|
||||
- pam_end(pamh, retcode); exit(1); \
|
||||
- }
|
||||
-#define PAM_END { retcode = pam_close_session(pamh,0); \
|
||||
- pam_end(pamh,retcode); }
|
||||
-
|
||||
-#endif /* HAVE_PAM */
|
||||
+#endif /* WITH_PAM */
|
||||
|
||||
/* Signal handlers */
|
||||
RETSIGTYPE
|
||||
@@ -292,7 +288,7 @@ run_file(const char *filename, uid_t uid
|
||||
char fmt[64];
|
||||
unsigned long jobno;
|
||||
int rc;
|
||||
-#ifdef HAVE_PAM
|
||||
+#ifdef WITH_PAM
|
||||
int retcode;
|
||||
#endif
|
||||
|
||||
@@ -449,17 +445,11 @@ run_file(const char *filename, uid_t uid
|
||||
fstat(fd_out, &buf);
|
||||
size = buf.st_size;
|
||||
|
||||
-#ifdef HAVE_PAM
|
||||
- PRIV_START
|
||||
- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
|
||||
- PAM_FAIL_CHECK;
|
||||
- retcode = pam_acct_mgmt(pamh, PAM_SILENT);
|
||||
- PAM_FAIL_CHECK;
|
||||
- retcode = pam_open_session(pamh, PAM_SILENT);
|
||||
- PAM_FAIL_CHECK;
|
||||
- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
|
||||
- PAM_FAIL_CHECK;
|
||||
- PRIV_END
|
||||
+#ifdef WITH_PAM
|
||||
+ AT_START_PAM;
|
||||
+ AT_OPEN_PAM_SESSION;
|
||||
+ closelog();
|
||||
+ openlog("atd", LOG_PID, LOG_ATD);
|
||||
#endif
|
||||
|
||||
close(STDIN_FILENO);
|
||||
@@ -473,7 +463,14 @@ run_file(const char *filename, uid_t uid
|
||||
else if (pid == 0) {
|
||||
char *nul = NULL;
|
||||
char **nenvp = &nul;
|
||||
+ char **pam_envp=0L;
|
||||
|
||||
+ PRIV_START
|
||||
+#ifdef WITH_PAM
|
||||
+ pam_envp = pam_getenvlist(pamh);
|
||||
+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
|
||||
+ nenvp = pam_envp;
|
||||
+#endif
|
||||
/* Set up things for the child; we want standard input from the
|
||||
* input file, and standard output and error sent to our output file.
|
||||
*/
|
||||
@@ -492,8 +489,6 @@ run_file(const char *filename, uid_t uid
|
||||
close(fd_in);
|
||||
close(fd_out);
|
||||
|
||||
- PRIV_START
|
||||
-
|
||||
nice((tolower((int) queue) - 'a' + 1) * 2);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
@@ -514,9 +509,9 @@ run_file(const char *filename, uid_t uid
|
||||
|
||||
chdir("/");
|
||||
|
||||
- if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
|
||||
- perr("Exec failed for /bin/sh");
|
||||
-
|
||||
+ execle("/bin/sh", "sh", (char *) NULL, nenvp);
|
||||
+ perr("Exec failed for /bin/sh");
|
||||
+ /* perr exits, the PRIV_END is just for nice form */
|
||||
PRIV_END
|
||||
}
|
||||
/* We're the parent. Let's wait.
|
||||
@@ -529,14 +524,6 @@ run_file(const char *filename, uid_t uid
|
||||
*/
|
||||
waitpid(pid, (int *) NULL, 0);
|
||||
|
||||
-#ifdef HAVE_PAM
|
||||
- PRIV_START
|
||||
- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
|
||||
- retcode = pam_close_session(pamh, PAM_SILENT);
|
||||
- pam_end(pamh, retcode);
|
||||
- PRIV_END
|
||||
-#endif
|
||||
-
|
||||
/* Send mail. Unlink the output file after opening it, so it
|
||||
* doesn't hang around after the run.
|
||||
*/
|
||||
@@ -567,8 +554,13 @@ run_file(const char *filename, uid_t uid
|
||||
unlink(newname);
|
||||
free(newname);
|
||||
|
||||
+#ifdef ATD_MAIL_PROGRAM
|
||||
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
|
||||
+ int mail_pid = -1;
|
||||
|
||||
+ mail_pid = fork();
|
||||
+
|
||||
+ if ( mail_pid == 0 ) {
|
||||
PRIV_START
|
||||
|
||||
if (initgroups(pentry->pw_name, pentry->pw_gid))
|
||||
@@ -590,7 +582,20 @@ run_file(const char *filename, uid_t uid
|
||||
perr("Exec failed for mail command");
|
||||
|
||||
PRIV_END
|
||||
+ }
|
||||
+ else if ( mail_pid == -1 ) {
|
||||
+ syslog(LOG_ERR, "fork of mailer failed: %m");
|
||||
+ }
|
||||
+ /* Parent */
|
||||
+ waitpid(mail_pid, (int *) NULL, 0);
|
||||
}
|
||||
+
|
||||
+#ifdef WITH_PAM
|
||||
+ AT_CLOSE_PAM;
|
||||
+ closelog();
|
||||
+ openlog("atd", LOG_PID, LOG_ATD);
|
||||
+#endif
|
||||
+#endif
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
diff -up at-3.1.20/config.h.in.pam at-3.1.20/config.h.in
|
||||
--- at-3.1.20/config.h.in.pam 2015-12-18 21:29:24.000000000 +0100
|
||||
+++ at-3.1.20/config.h.in 2016-07-01 09:44:22.251683924 +0200
|
||||
@@ -68,8 +68,8 @@
|
||||
/* Define to 1 if you have the <nlist.h> header file. */
|
||||
#undef HAVE_NLIST_H
|
||||
|
||||
-/* Define to 1 for PAM support */
|
||||
-#undef HAVE_PAM
|
||||
+/* Define if you are building with_pam */
|
||||
+#undef WITH_PAM
|
||||
|
||||
/* Define to 1 if you have the `pstat_getdynamic' function. */
|
||||
#undef HAVE_PSTAT_GETDYNAMIC
|
||||
diff -up at-3.1.20/configure.ac.pam at-3.1.20/configure.ac
|
||||
--- at-3.1.20/configure.ac.pam 2016-06-28 22:55:52.000000000 +0200
|
||||
+++ at-3.1.20/configure.ac 2016-07-01 09:45:23.268092527 +0200
|
||||
@@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG
|
||||
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
|
||||
AC_CHECK_HEADERS(security/pam_appl.h, [
|
||||
PAMLIB="-lpam"
|
||||
- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])
|
||||
+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support])
|
||||
])
|
||||
|
||||
dnl Checking for programs
|
||||
@@ -239,6 +239,13 @@ AC_ARG_WITH(daemon_username,
|
||||
)
|
||||
AC_SUBST(DAEMON_USERNAME)
|
||||
|
||||
+AC_ARG_WITH(pam,
|
||||
+[ --with-pam Define to enable pam support ],
|
||||
+AC_DEFINE(WITH_PAM),
|
||||
+)
|
||||
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
|
||||
+AC_SUBST(PAMLIB)
|
||||
+
|
||||
AC_ARG_WITH(selinux,
|
||||
[ --with-selinux Define to run with selinux (default=check)],
|
||||
[],
|
||||
diff -up at-3.1.20/Makefile.in.pam at-3.1.20/Makefile.in
|
||||
--- at-3.1.20/Makefile.in.pam 2016-07-01 09:44:22.250683901 +0200
|
||||
+++ at-3.1.20/Makefile.in 2016-07-01 09:44:22.252683947 +0200
|
||||
@@ -68,7 +68,7 @@ LIST = Filelist Filelist.asc
|
||||
all: at atd atd.service atrun
|
||||
|
||||
at: $(ATOBJECTS)
|
||||
- $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
|
||||
+ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) $(PAMLIB)
|
||||
rm -f $(CLONES)
|
||||
$(LN_S) -f at atq
|
||||
$(LN_S) -f at atrm
|
||||
diff -up at-3.1.20/perm.c.pam at-3.1.20/perm.c
|
||||
--- at-3.1.20/perm.c.pam 2015-08-22 00:09:22.000000000 +0200
|
||||
+++ at-3.1.20/perm.c 2016-07-01 09:44:22.252683947 +0200
|
||||
@@ -51,6 +51,14 @@
|
||||
#define PRIV_END while(0)
|
||||
#endif
|
||||
|
||||
+#ifdef WITH_PAM
|
||||
+#include <security/pam_appl.h>
|
||||
+static pam_handle_t *pamh = NULL;
|
||||
+static const struct pam_conv conv = {
|
||||
+ NULL
|
||||
+};
|
||||
+#endif
|
||||
+
|
||||
/* Structures and unions */
|
||||
|
||||
|
||||
@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha
|
||||
int
|
||||
check_permission()
|
||||
{
|
||||
- uid_t uid = geteuid();
|
||||
+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
|
||||
struct passwd *pentry;
|
||||
int allow = 0, deny = 1;
|
||||
|
||||
- if (uid == 0)
|
||||
+ int retcode = 0;
|
||||
+ if (euid == 0)
|
||||
return 1;
|
||||
|
||||
- if ((pentry = getpwuid(uid)) == NULL) {
|
||||
+ if ((pentry = getpwuid(euid)) == NULL) {
|
||||
perror("Cannot access user database");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
+#ifdef WITH_PAM
|
||||
+/*
|
||||
+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
|
||||
+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
|
||||
+ */
|
||||
+ if (setreuid(daemon_uid, daemon_uid) != 0) {
|
||||
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (setregid(daemon_gid, daemon_gid) != 0) {
|
||||
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ AT_START_PAM;
|
||||
+ AT_CLOSE_PAM;
|
||||
+ if (setregid(gid,egid) != 0) {
|
||||
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (setreuid(uid,euid) != 0) {
|
||||
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
|
||||
if (allow==0 || allow==1)
|
||||
return allow;
|
||||
diff -up at-3.1.20/privs.h.pam at-3.1.20/privs.h
|
||||
--- at-3.1.20/privs.h.pam 2015-08-22 00:09:22.000000000 +0200
|
||||
+++ at-3.1.20/privs.h 2016-07-01 09:44:22.252683947 +0200
|
||||
@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da
|
||||
#error "Cannot implement user ID swapping without setreuid or setresuid"
|
||||
#endif
|
||||
#endif
|
||||
+
|
||||
+#ifdef WITH_PAM
|
||||
+/* PAM failed after session was open. */
|
||||
+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \
|
||||
+ pam_close_session(pamh,PAM_SILENT);
|
||||
+
|
||||
+/* syslog will be logging error messages */
|
||||
+#ifdef HAVE_UNISTD_H
|
||||
+#include <syslog.h>
|
||||
+#endif
|
||||
+
|
||||
+/* PAM fail even before opening the session */
|
||||
+#define PAM_FAIL_CHECK \
|
||||
+ do { if (retcode != PAM_SUCCESS) { \
|
||||
+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \
|
||||
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
|
||||
+ if (pamh) \
|
||||
+ pam_end(pamh, retcode); \
|
||||
+ if (setregid(getgid(),getegid()) != 0) { \
|
||||
+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \
|
||||
+ exit(1); \
|
||||
+ } \
|
||||
+ if (setreuid(getuid(),geteuid()) != 0) { \
|
||||
+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \
|
||||
+ exit(1); \
|
||||
+ } \
|
||||
+ exit(1); \
|
||||
+ } \
|
||||
+ } while (0) \
|
||||
+
|
||||
+static int pam_session_opened = 0; //global for open session
|
||||
+
|
||||
+#define AT_START_PAM { \
|
||||
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+}
|
||||
+
|
||||
+#define AT_OPEN_PAM_SESSION { \
|
||||
+ retcode = pam_open_session(pamh, PAM_SILENT); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ if (retcode == PAM_SUCCESS) \
|
||||
+ pam_session_opened = 1; \
|
||||
+}
|
||||
+
|
||||
+#define AT_CLOSE_PAM { \
|
||||
+ if (pam_session_opened != 0) { \
|
||||
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); \
|
||||
+ pam_close_session(pamh, PAM_SILENT); \
|
||||
+ } \
|
||||
+ pam_end(pamh, PAM_SUCCESS); \
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
+
|
|
@ -0,0 +1,47 @@
|
|||
diff -up at-3.1.20/at.c.shell at-3.1.20/at.c
|
||||
--- at-3.1.20/at.c.shell 2016-07-01 09:47:13.392684445 +0200
|
||||
+++ at-3.1.20/at.c 2016-07-01 09:48:47.679931959 +0200
|
||||
@@ -62,11 +62,8 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
-#ifdef TM_IN_SYS_TIME
|
||||
#include <sys/time.h>
|
||||
-#else
|
||||
#include <time.h>
|
||||
-#endif
|
||||
|
||||
#ifdef HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
@@ -239,6 +236,12 @@ writefile(time_t runtimer, char queue)
|
||||
int kill_errno;
|
||||
int rc;
|
||||
int mailsize = 128;
|
||||
+ struct timeval tv;
|
||||
+ struct timezone tz;
|
||||
+ long int i;
|
||||
+
|
||||
+ gettimeofday(&tv, &tz);
|
||||
+ srandom(getpid()+tv.tv_usec);
|
||||
|
||||
/* Install the signal handler for SIGINT; terminate after removing the
|
||||
* spool file if necessary
|
||||
@@ -465,6 +468,9 @@ writefile(time_t runtimer, char queue)
|
||||
fprintf(fp, " || {\n\t echo 'Execution directory "
|
||||
"inaccessible' >&2\n\t exit 1\n}\n");
|
||||
|
||||
+ i = random();
|
||||
+ fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i);
|
||||
+
|
||||
istty = isatty(fileno(stdin));
|
||||
if (istty) {
|
||||
fprintf(stderr, "at> ");
|
||||
@@ -480,7 +486,7 @@ writefile(time_t runtimer, char queue)
|
||||
if (istty) {
|
||||
fprintf(stderr, "<EOT>\n");
|
||||
}
|
||||
- fprintf(fp, "\n");
|
||||
+ fprintf(fp, "marcinDELIMITER%08lx\n", i);
|
||||
if (ferror(fp))
|
||||
panic("Output error");
|
||||
fflush(fp);
|
|
@ -0,0 +1,22 @@
|
|||
diff -up at-3.1.23/atd.8.in.document-n at-3.1.23/atd.8.in
|
||||
--- at-3.1.23/atd.8.in.document-n 2018-08-27 14:49:09.824182482 +0200
|
||||
+++ at-3.1.23/atd.8.in 2018-08-27 14:50:34.625518639 +0200
|
||||
@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi
|
||||
.IR batch_interval ]
|
||||
.RB [ \-d ]
|
||||
.RB [ \-f ]
|
||||
+.RB [ \-n ]
|
||||
.RB [ \-s ]
|
||||
.SH DESCRIPTION
|
||||
.B atd
|
||||
@@ -44,6 +45,10 @@ in the foreground.
|
||||
Process the at/batch queue only once.
|
||||
This is primarily of use for compatibility with old versions of
|
||||
.BR at ;
|
||||
+.B \-n
|
||||
+Append the hostname of the system to the subject of the e-mails sent by
|
||||
+.BR atd .
|
||||
+.TP 8
|
||||
.B "atd \-s"
|
||||
is equivalent to the old
|
||||
.B atrun
|
|
@ -0,0 +1,486 @@
|
|||
diff -urN at-3.1.13/config.guess at-3.1.13-aarch64/config.guess
|
||||
--- at-3.1.13/config.guess 2011-06-25 07:43:14.000000000 -0500
|
||||
+++ at-3.1.13-aarch64/config.guess 2013-03-07 19:22:31.804824167 -0600
|
||||
@@ -2,9 +2,9 @@
|
||||
# Attempt to guess a canonical system name.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
-# 2011 Free Software Foundation, Inc.
|
||||
+# 2011, 2012 Free Software Foundation, Inc.
|
||||
|
||||
-timestamp='2011-05-11'
|
||||
+timestamp='2012-09-25'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
@@ -17,9 +17,7 @@
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
-# along with this program; if not, write to the Free Software
|
||||
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
-# 02110-1301, USA.
|
||||
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
@@ -57,8 +55,8 @@
|
||||
|
||||
Originally written by Per Bothner.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
|
||||
-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
|
||||
-Software Foundation, Inc.
|
||||
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
|
||||
+Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
@@ -145,7 +143,7 @@
|
||||
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
*:NetBSD:*:*)
|
||||
# NetBSD (nbsd) targets should (where applicable) match one or
|
||||
- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
+ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
|
||||
# switched to ELF, *-*-netbsd* would select the old
|
||||
# object file format. This provides both forward
|
||||
@@ -202,6 +200,10 @@
|
||||
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
|
||||
echo "${machine}-${os}${release}"
|
||||
exit ;;
|
||||
+ *:Bitrig:*:*)
|
||||
+ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
|
||||
+ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
|
||||
+ exit ;;
|
||||
*:OpenBSD:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
|
||||
@@ -304,7 +306,7 @@
|
||||
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
|
||||
echo arm-acorn-riscix${UNAME_RELEASE}
|
||||
exit ;;
|
||||
- arm:riscos:*:*|arm:RISCOS:*:*)
|
||||
+ arm*:riscos:*:*|arm*:RISCOS:*:*)
|
||||
echo arm-unknown-riscos
|
||||
exit ;;
|
||||
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
|
||||
@@ -792,21 +794,26 @@
|
||||
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:FreeBSD:*:*)
|
||||
- case ${UNAME_MACHINE} in
|
||||
- pc98)
|
||||
- echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
+ case ${UNAME_PROCESSOR} in
|
||||
amd64)
|
||||
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
*)
|
||||
- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
+ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
esac
|
||||
exit ;;
|
||||
i*:CYGWIN*:*)
|
||||
echo ${UNAME_MACHINE}-pc-cygwin
|
||||
exit ;;
|
||||
+ *:MINGW64*:*)
|
||||
+ echo ${UNAME_MACHINE}-pc-mingw64
|
||||
+ exit ;;
|
||||
*:MINGW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw32
|
||||
exit ;;
|
||||
+ i*:MSYS*:*)
|
||||
+ echo ${UNAME_MACHINE}-pc-msys
|
||||
+ exit ;;
|
||||
i*:windows32*:*)
|
||||
# uname -m includes "-pc" on this system.
|
||||
echo ${UNAME_MACHINE}-mingw32
|
||||
@@ -861,6 +868,13 @@
|
||||
i*86:Minix:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-minix
|
||||
exit ;;
|
||||
+ aarch64:Linux:*:*)
|
||||
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
+ exit ;;
|
||||
+ aarch64_be:Linux:*:*)
|
||||
+ UNAME_MACHINE=aarch64_be
|
||||
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
+ exit ;;
|
||||
alpha:Linux:*:*)
|
||||
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
|
||||
EV5) UNAME_MACHINE=alphaev5 ;;
|
||||
@@ -895,13 +909,16 @@
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
cris:Linux:*:*)
|
||||
- echo cris-axis-linux-gnu
|
||||
+ echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
exit ;;
|
||||
crisv32:Linux:*:*)
|
||||
- echo crisv32-axis-linux-gnu
|
||||
+ echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
exit ;;
|
||||
frv:Linux:*:*)
|
||||
- echo frv-unknown-linux-gnu
|
||||
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
+ exit ;;
|
||||
+ hexagon:Linux:*:*)
|
||||
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
i*86:Linux:*:*)
|
||||
LIBC=gnu
|
||||
@@ -943,7 +960,7 @@
|
||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
|
||||
;;
|
||||
or32:Linux:*:*)
|
||||
- echo or32-unknown-linux-gnu
|
||||
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
padre:Linux:*:*)
|
||||
echo sparc-unknown-linux-gnu
|
||||
@@ -978,13 +995,13 @@
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
tile*:Linux:*:*)
|
||||
- echo ${UNAME_MACHINE}-tilera-linux-gnu
|
||||
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
vax:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-dec-linux-gnu
|
||||
exit ;;
|
||||
x86_64:Linux:*:*)
|
||||
- echo x86_64-unknown-linux-gnu
|
||||
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
xtensa*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
@@ -1191,6 +1208,9 @@
|
||||
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
|
||||
echo i586-pc-haiku
|
||||
exit ;;
|
||||
+ x86_64:Haiku:*:*)
|
||||
+ echo x86_64-unknown-haiku
|
||||
+ exit ;;
|
||||
SX-4:SUPER-UX:*:*)
|
||||
echo sx4-nec-superux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
@@ -1246,7 +1266,7 @@
|
||||
NEO-?:NONSTOP_KERNEL:*:*)
|
||||
echo neo-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
- NSE-?:NONSTOP_KERNEL:*:*)
|
||||
+ NSE-*:NONSTOP_KERNEL:*:*)
|
||||
echo nse-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
NSR-?:NONSTOP_KERNEL:*:*)
|
||||
@@ -1315,11 +1335,11 @@
|
||||
i*86:AROS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-aros
|
||||
exit ;;
|
||||
+ x86_64:VMkernel:*:*)
|
||||
+ echo ${UNAME_MACHINE}-unknown-esx
|
||||
+ exit ;;
|
||||
esac
|
||||
|
||||
-#echo '(No uname command or uname output not recognized.)' 1>&2
|
||||
-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
|
||||
-
|
||||
eval $set_cc_for_build
|
||||
cat >$dummy.c <<EOF
|
||||
#ifdef _SEQUENT_
|
||||
diff -urN at-3.1.13/config.sub at-3.1.13-aarch64/config.sub
|
||||
--- at-3.1.13/config.sub 2011-06-25 07:43:14.000000000 -0500
|
||||
+++ at-3.1.13-aarch64/config.sub 2013-03-07 19:22:31.833820844 -0600
|
||||
@@ -2,9 +2,9 @@
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
-# 2011 Free Software Foundation, Inc.
|
||||
+# 2011, 2012 Free Software Foundation, Inc.
|
||||
|
||||
-timestamp='2011-03-23'
|
||||
+timestamp='2012-10-10'
|
||||
|
||||
# This file is (in principle) common to ALL GNU software.
|
||||
# The presence of a machine in this file suggests that SOME GNU software
|
||||
@@ -21,9 +21,7 @@
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
-# along with this program; if not, write to the Free Software
|
||||
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
-# 02110-1301, USA.
|
||||
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
@@ -76,8 +74,8 @@
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
|
||||
-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
|
||||
-Software Foundation, Inc.
|
||||
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
|
||||
+Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
@@ -125,13 +123,17 @@
|
||||
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
|
||||
case $maybe_os in
|
||||
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
|
||||
- linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
|
||||
+ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
|
||||
knetbsd*-gnu* | netbsd*-gnu* | \
|
||||
kopensolaris*-gnu* | \
|
||||
storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
os=-$maybe_os
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
|
||||
;;
|
||||
+ android-linux)
|
||||
+ os=-linux-android
|
||||
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
|
||||
+ ;;
|
||||
*)
|
||||
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
|
||||
if [ $basic_machine != $1 ]
|
||||
@@ -154,7 +156,7 @@
|
||||
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
|
||||
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
|
||||
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
|
||||
- -apple | -axis | -knuth | -cray | -microblaze)
|
||||
+ -apple | -axis | -knuth | -cray | -microblaze*)
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
@@ -223,6 +225,12 @@
|
||||
-isc*)
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
+ -lynx*178)
|
||||
+ os=-lynxos178
|
||||
+ ;;
|
||||
+ -lynx*5)
|
||||
+ os=-lynxos5
|
||||
+ ;;
|
||||
-lynx*)
|
||||
os=-lynxos
|
||||
;;
|
||||
@@ -247,20 +255,25 @@
|
||||
# Some are omitted here because they have special meanings below.
|
||||
1750a | 580 \
|
||||
| a29k \
|
||||
+ | aarch64 | aarch64_be \
|
||||
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
|
||||
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
|
||||
| am33_2.0 \
|
||||
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
|
||||
+ | be32 | be64 \
|
||||
| bfin \
|
||||
| c4x | clipper \
|
||||
| d10v | d30v | dlx | dsp16xx \
|
||||
+ | epiphany \
|
||||
| fido | fr30 | frv \
|
||||
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
|
||||
+ | hexagon \
|
||||
| i370 | i860 | i960 | ia64 \
|
||||
| ip2k | iq2000 \
|
||||
+ | le32 | le64 \
|
||||
| lm32 \
|
||||
| m32c | m32r | m32rle | m68000 | m68k | m88k \
|
||||
- | maxq | mb | microblaze | mcore | mep | metag \
|
||||
+ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \
|
||||
| mips | mipsbe | mipseb | mipsel | mipsle \
|
||||
| mips16 \
|
||||
| mips64 | mips64el \
|
||||
@@ -291,7 +304,7 @@
|
||||
| pdp10 | pdp11 | pj | pjl \
|
||||
| powerpc | powerpc64 | powerpc64le | powerpcle \
|
||||
| pyramid \
|
||||
- | rx \
|
||||
+ | rl78 | rx \
|
||||
| score \
|
||||
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
|
||||
| sh64 | sh64le \
|
||||
@@ -300,7 +313,7 @@
|
||||
| spu \
|
||||
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
|
||||
| ubicom32 \
|
||||
- | v850 | v850e \
|
||||
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
|
||||
| we32k \
|
||||
| x86 | xc16x | xstormy16 | xtensa \
|
||||
| z8k | z80)
|
||||
@@ -315,8 +328,7 @@
|
||||
c6x)
|
||||
basic_machine=tic6x-unknown
|
||||
;;
|
||||
- m6811 | m68hc11 | m6812 | m68hc12 | picochip)
|
||||
- # Motorola 68HC11/12.
|
||||
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-none
|
||||
;;
|
||||
@@ -329,7 +341,10 @@
|
||||
strongarm | thumb | xscale)
|
||||
basic_machine=arm-unknown
|
||||
;;
|
||||
-
|
||||
+ xgate)
|
||||
+ basic_machine=$basic_machine-unknown
|
||||
+ os=-none
|
||||
+ ;;
|
||||
xscaleeb)
|
||||
basic_machine=armeb-unknown
|
||||
;;
|
||||
@@ -352,11 +367,13 @@
|
||||
# Recognize the basic CPU types with company name.
|
||||
580-* \
|
||||
| a29k-* \
|
||||
+ | aarch64-* | aarch64_be-* \
|
||||
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
|
||||
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
|
||||
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
|
||||
| avr-* | avr32-* \
|
||||
+ | be32-* | be64-* \
|
||||
| bfin-* | bs2000-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* \
|
||||
| clipper-* | craynv-* | cydra-* \
|
||||
@@ -365,12 +382,15 @@
|
||||
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
|
||||
| h8300-* | h8500-* \
|
||||
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
|
||||
+ | hexagon-* \
|
||||
| i*86-* | i860-* | i960-* | ia64-* \
|
||||
| ip2k-* | iq2000-* \
|
||||
+ | le32-* | le64-* \
|
||||
| lm32-* \
|
||||
| m32c-* | m32r-* | m32rle-* \
|
||||
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
|
||||
- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
|
||||
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
|
||||
+ | microblaze-* | microblazeel-* \
|
||||
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
|
||||
| mips16-* \
|
||||
| mips64-* | mips64el-* \
|
||||
@@ -400,7 +420,7 @@
|
||||
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
|
||||
| pyramid-* \
|
||||
- | romp-* | rs6000-* | rx-* \
|
||||
+ | rl78-* | romp-* | rs6000-* | rx-* \
|
||||
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
|
||||
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
|
||||
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
|
||||
@@ -408,10 +428,11 @@
|
||||
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
|
||||
| tahoe-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
|
||||
- | tile-* | tilegx-* \
|
||||
+ | tile*-* \
|
||||
| tron-* \
|
||||
| ubicom32-* \
|
||||
- | v850-* | v850e-* | vax-* \
|
||||
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
|
||||
+ | vax-* \
|
||||
| we32k-* \
|
||||
| x86-* | x86_64-* | xc16x-* | xps100-* \
|
||||
| xstormy16-* | xtensa*-* \
|
||||
@@ -711,7 +732,6 @@
|
||||
i370-ibm* | ibm*)
|
||||
basic_machine=i370-ibm
|
||||
;;
|
||||
-# I'm not sure what "Sysv32" means. Should this be sysv3.2?
|
||||
i*86v32)
|
||||
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
|
||||
os=-sysv32
|
||||
@@ -769,9 +789,13 @@
|
||||
basic_machine=ns32k-utek
|
||||
os=-sysv
|
||||
;;
|
||||
- microblaze)
|
||||
+ microblaze*)
|
||||
basic_machine=microblaze-xilinx
|
||||
;;
|
||||
+ mingw64)
|
||||
+ basic_machine=x86_64-pc
|
||||
+ os=-mingw64
|
||||
+ ;;
|
||||
mingw32)
|
||||
basic_machine=i386-pc
|
||||
os=-mingw32
|
||||
@@ -808,10 +832,18 @@
|
||||
ms1-*)
|
||||
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
|
||||
;;
|
||||
+ msys)
|
||||
+ basic_machine=i386-pc
|
||||
+ os=-msys
|
||||
+ ;;
|
||||
mvs)
|
||||
basic_machine=i370-ibm
|
||||
os=-mvs
|
||||
;;
|
||||
+ nacl)
|
||||
+ basic_machine=le32-unknown
|
||||
+ os=-nacl
|
||||
+ ;;
|
||||
ncr3000)
|
||||
basic_machine=i486-ncr
|
||||
os=-sysv4
|
||||
@@ -1120,13 +1152,8 @@
|
||||
basic_machine=t90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
- # This must be matched before tile*.
|
||||
- tilegx*)
|
||||
- basic_machine=tilegx-unknown
|
||||
- os=-linux-gnu
|
||||
- ;;
|
||||
tile*)
|
||||
- basic_machine=tile-unknown
|
||||
+ basic_machine=$basic_machine-unknown
|
||||
os=-linux-gnu
|
||||
;;
|
||||
tx39)
|
||||
@@ -1330,15 +1357,15 @@
|
||||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
|
||||
- | -openbsd* | -solidbsd* \
|
||||
+ | -bitrig* | -openbsd* | -solidbsd* \
|
||||
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
||||
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
|
||||
| -chorusos* | -chorusrdb* | -cegcc* \
|
||||
- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
- | -mingw32* | -linux-gnu* | -linux-android* \
|
||||
- | -linux-newlib* | -linux-uclibc* \
|
||||
+ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
+ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
|
||||
+ | -linux-newlib* | -linux-musl* | -linux-uclibc* \
|
||||
| -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||
@@ -1521,6 +1548,9 @@
|
||||
c4x-* | tic4x-*)
|
||||
os=-coff
|
||||
;;
|
||||
+ hexagon-*)
|
||||
+ os=-elf
|
||||
+ ;;
|
||||
tic54x-*)
|
||||
os=-coff
|
||||
;;
|
||||
@@ -1548,9 +1578,6 @@
|
||||
;;
|
||||
m68000-sun)
|
||||
os=-sunos3
|
||||
- # This also exists in the configure program, but was not the
|
||||
- # default.
|
||||
- # os=-sunos4
|
||||
;;
|
||||
m68*-cisco)
|
||||
os=-aout
|
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"at_3.1.23.orig.tar.gz": "97450aa954aaa8a70218cc8e61a33df9fee9f86527e9f861de302fb7a3c81710",
|
||||
"atd.sysconf": "6d93ffd140d05b26f86f3c24ca0a8ad3e674f5e5dea5b2b31540128eeba3b287",
|
||||
"atd.systemd": "da0da49ca99a8e86b7b24ea7b7a61bb852b04e875009162662e98f6714a41c06",
|
||||
"pam_atd": "33e3d5ae213ba007258f08cb72554efd2457d6d696803b3eece1dbe9582a5017"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,810 @@
|
|||
%bcond_without pam
|
||||
Summary: Job spooling tools
|
||||
Name: at
|
||||
Version: 3.1.23
|
||||
Release: 6%{?dist}
|
||||
# http://packages.debian.org/changelogs/pool/main/a/at/current/copyright
|
||||
# + install-sh is MIT license with changes under Public Domain
|
||||
License: GPLv3+ AND GPLv2+ AND ISC AND MIT AND Public Domain
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://ftp.debian.org/debian/pool/main/a/at
|
||||
Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz
|
||||
# git upstream source git://git.debian.org/git/collab-maint/at.git
|
||||
Source1: pam_atd
|
||||
Source3: atd.sysconf
|
||||
Source5: atd.systemd
|
||||
Patch0: at-aarch64.patch
|
||||
Patch1: at-3.1.18-make.patch
|
||||
Patch2: at-3.1.20-pam.patch
|
||||
Patch4: at-3.1.14-opt_V.patch
|
||||
Patch5: at-3.1.20-shell.patch
|
||||
Patch6: at-3.1.18-nitpicks.patch
|
||||
Patch8: at-3.1.14-fix_no_export.patch
|
||||
Patch9: at-3.1.14-mailwithhostname.patch
|
||||
Patch10: at-3.1.14-usePOSIXtimers.patch
|
||||
Patch12: at-3.1.20-aborted-jobs.patch
|
||||
Patch13: at-3.1.18-noabort.patch
|
||||
Patch14: at-3.1.16-fclose-error.patch
|
||||
Patch15: at-3.1.16-clear-nonjobs.patch
|
||||
Patch16: at-3.1.18-utc-dst.patch
|
||||
Patch17: at-3.1.20-lock-locks.patch
|
||||
Patch18: at-3.1.23-document-n.patch
|
||||
Patch19: at-3.1.20-log-jobs.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: bison
|
||||
BuildRequires: flex
|
||||
BuildRequires: flex-devel
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libselinux-devel >= 1.27.9
|
||||
BuildRequires: perl
|
||||
Requires(post): systemd
|
||||
Requires(postun): systemd
|
||||
Requires(preun): systemd
|
||||
Conflicts: crontabs <= 1.5
|
||||
# at-sysvinit subpackage dropped
|
||||
Obsoletes: at-sysvinit < 3.1.16-1
|
||||
%if %{with pam}
|
||||
BuildRequires: pam-devel
|
||||
%endif
|
||||
|
||||
%description
|
||||
At and batch read commands from standard input or from a specified
|
||||
file. At allows you to specify that a command will be run at a
|
||||
particular time. Batch will execute commands when the system load
|
||||
levels drop to a particular level. Both commands use user's shell.
|
||||
|
||||
You should install the at package if you need a utility for
|
||||
time-oriented job control. Note: If it is a recurring job that will
|
||||
need to be repeated at the same time every day/week, etc. you should
|
||||
use crontab instead.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
cp %{SOURCE1} .
|
||||
%patch0 -p1 -b .arm
|
||||
%patch1 -p1 -b .make
|
||||
%patch2 -p1 -b .pam
|
||||
%patch4 -p1 -b .opt_V
|
||||
%patch5 -p1 -b .shell
|
||||
%patch6 -p1 -b .nit
|
||||
%patch8 -p1 -b .export
|
||||
%patch9 -p1 -b .mail
|
||||
%patch10 -p1 -b .posix
|
||||
%patch12 -p1 -b .aborted
|
||||
%patch13 -p1 -b .noabort
|
||||
%patch14 -p1 -b .fclose
|
||||
%patch15 -p1 -b .clear-nojobs
|
||||
%patch16 -p1 -b .dst
|
||||
%patch17 -p1 -b .lock-locks
|
||||
%patch18 -p1 -b .document-n
|
||||
%patch19 -p1 -b .log-jobs
|
||||
|
||||
%build
|
||||
# patch9 touches configure.in
|
||||
autoconf
|
||||
# uselles files
|
||||
rm -f lex.yy.* y.tab.*
|
||||
%configure --with-atspool=%{_localstatedir}/spool/at/spool \
|
||||
--with-jobdir=%{_localstatedir}/spool/at \
|
||||
--with-daemon_username=root \
|
||||
--with-daemon_groupname=root \
|
||||
--with-selinux \
|
||||
%if %{with pam}
|
||||
--with-pam
|
||||
%endif
|
||||
|
||||
make
|
||||
|
||||
%install
|
||||
make install \
|
||||
DAEMON_USERNAME=`id -nu`\
|
||||
DAEMON_GROUPNAME=`id -ng` \
|
||||
DESTDIR=%{buildroot}\
|
||||
sbindir=%{buildroot}%{_prefix}/sbin\
|
||||
bindir=%{buildroot}%{_bindir}\
|
||||
prefix=%{buildroot}%{_prefix}\
|
||||
exec_prefix=%{buildroot}%{_prefix}\
|
||||
docdir=%{buildroot}%{_prefix}/doc\
|
||||
mandir=%{buildroot}%{_mandir}\
|
||||
etcdir=%{buildroot}%{_sysconfdir} \
|
||||
ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \
|
||||
ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \
|
||||
INSTALL_ROOT_USER=`id -nu` \
|
||||
INSTALL_ROOT_GROUP=`id -nu`;
|
||||
|
||||
echo > %{buildroot}%{_sysconfdir}/at.deny
|
||||
mkdir docs
|
||||
cp %{buildroot}/%{_prefix}/doc/at/* docs/
|
||||
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
|
||||
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd
|
||||
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
|
||||
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/atd
|
||||
|
||||
# install systemd initscript
|
||||
mkdir -p %{buildroot}/%{_unitdir}/
|
||||
install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/atd.service
|
||||
|
||||
# remove unpackaged files from the buildroot
|
||||
rm -r %{buildroot}%{_prefix}/doc
|
||||
|
||||
%check
|
||||
make test
|
||||
|
||||
%post
|
||||
touch %{_localstatedir}/spool/at/.SEQ
|
||||
chmod 600 %{_localstatedir}/spool/at/.SEQ
|
||||
chown root:root %{_localstatedir}/spool/at/.SEQ
|
||||
%systemd_post atd.service
|
||||
|
||||
%preun
|
||||
%systemd_preun atd.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart atd.service
|
||||
|
||||
%triggerun -- at < 3.1.12-6
|
||||
# Save the current service runlevel info
|
||||
# User must manually run systemd-sysv-convert --apply atd
|
||||
# to migrate them to systemd targets
|
||||
%{_bindir}/systemd-sysv-convert --save atd
|
||||
|
||||
# The package is allowed to autostart:
|
||||
/bin/systemctl enable atd.service >/dev/null 2>&1
|
||||
|
||||
/sbin/chkconfig --del atd >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart atd.service >/dev/null 2>&1 || :
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
|
||||
%files
|
||||
%license Copyright COPYING
|
||||
%doc README timespec ChangeLog
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd
|
||||
%attr(0700,root,root) %dir %{_localstatedir}/spool/at
|
||||
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ
|
||||
%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd
|
||||
%{_sbindir}/atrun
|
||||
%attr(0755,root,root) %{_sbindir}/atd
|
||||
%{_mandir}/man*/*
|
||||
%{_bindir}/batch
|
||||
%{_bindir}/atrm
|
||||
%{_bindir}/atq
|
||||
%attr(4755,root,root) %{_bindir}/at
|
||||
%attr(0644,root,root) /%{_unitdir}/atd.service
|
||||
|
||||
%changelog
|
||||
* Mon Nov 30 2020 Nicolas Ontiveros <niontive@microsoft.com> - 3.1.23-6
|
||||
- Initial CBL-Mariner import from Fedora 33 (license: MIT).
|
||||
- Use flex-devel in BR
|
||||
- Use perl in BR
|
||||
- Remove smtp from BR
|
||||
- Use systemd in requires
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.23-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.23-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.23-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.23-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Aug 27 2018 Tomáš Mráz <tmraz@redhat.com> - 3.1.23-1
|
||||
- new upstream release
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.20-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed May 23 2018 Tomáš Mráz <tmraz@redhat.com> - 3.1.20-11
|
||||
- log the jobs being run
|
||||
|
||||
* Sun Feb 25 2018 Florian Weimer <fweimer@redhat.com> - 3.1.20-10
|
||||
- Drop "BuildRequires: fileutils /etc/init.d"
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.20-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Sep 14 2017 Tomáš Mráz <tmraz@redhat.com> - 3.1.20-8
|
||||
- improve the wrong_format patch, also rename it to correct name
|
||||
|
||||
* Thu Sep 14 2017 Tomáš Mráz <tmraz@redhat.com> - 3.1.20-7
|
||||
- the ownership of the spool directory should be root as at is configured
|
||||
with daemon username root
|
||||
- document the -n option
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.20-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.20-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Tue Mar 28 2017 Tomáš Mráz <tmraz@redhat.com> - 3.1.20-4
|
||||
- fix the POSIX timers support (#1436523)
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.20-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Feb 2 2017 Tomáš Mráz <tmraz@redhat.com> - 3.1.20-2
|
||||
- properly include the license files
|
||||
|
||||
* Fri Jul 1 2016 Tomáš Mráz <tmraz@redhat.com> - 3.1.20-1
|
||||
- new upstream release
|
||||
- properly lock the lock files to be able to safely remove
|
||||
stale ones
|
||||
|
||||
* Mon May 23 2016 Tomáš Mráz <tmraz@redhat.com> - 3.1.18-2
|
||||
- SIGPIPE should not be ignored in atd (#1338039)
|
||||
|
||||
* Wed Mar 23 2016 Tomáš Mráz <tmraz@redhat.com> - 3.1.18-1
|
||||
- new upstream release
|
||||
- correct the DST correction when using UTC time specification (#1320322)
|
||||
|
||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.16-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Wed Sep 9 2015 Tomáš Mráz <tmraz@redhat.com> - 3.1.16-7
|
||||
- clear non-job files from at dir
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.16-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Fri Nov 28 2014 Tomáš Mráz <tmraz@redhat.com> - 3.1.16-5
|
||||
- superfluous patch dropped
|
||||
|
||||
* Mon Nov 24 2014 Tomáš Mráz <tmraz@redhat.com> - 3.1.16-4
|
||||
- test for write error on fclose (#1166882)
|
||||
|
||||
* Thu Nov 6 2014 Tomáš Mráz <tmraz@redhat.com> - 3.1.16-3
|
||||
- make atd less abort prone
|
||||
|
||||
* Fri Oct 10 2014 Tomáš Mráz <tmraz@redhat.com> - 3.1.16-2
|
||||
- add proper Obsoletes for the sysvinit subpackage
|
||||
|
||||
* Thu Oct 2 2014 Tomáš Mráz <tmraz@redhat.com> - 3.1.16-1
|
||||
- new upstream release fixing regression from security fix in bash
|
||||
- drop sysvinit subpackage
|
||||
|
||||
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.14-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.14-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Tue Mar 25 2014 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.14-3
|
||||
- 1079304 remove part of patch, which is not needed anymore
|
||||
|
||||
* Tue Jan 28 2014 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.14-2
|
||||
- remove parallel build -> it fails on secondary arches 1058686
|
||||
|
||||
* Mon Dec 2 2013 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.14-1
|
||||
- new release 3.1.14
|
||||
- all Fedora specifics backported
|
||||
- 718422 File a0000f0149b7f3 is in wrong format - aborting
|
||||
- 925041 Does not support aarch64 in f19 and rawhide
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Mon Feb 11 2013 Peter Robinson <pbrobinson@fedoraproject.org> 3.1.13-12
|
||||
- Fix patch to fix FTBFS with gcc 4.8
|
||||
|
||||
* Wed Nov 14 2012 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-11
|
||||
- fix license field again
|
||||
|
||||
* Thu Nov 1 2012 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-10
|
||||
- fix license field
|
||||
- fix systemd macros in scriptlets part of the specfile
|
||||
- fix selinux patch to apply without fuzz=2
|
||||
|
||||
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Tue Apr 17 2012 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-8
|
||||
- at-3.1.13-mailwithhostname.patch in email mention also hostname address
|
||||
- at-3.1.13-usePOSIXtimers.patch use POSIX timers, so we won't need
|
||||
pm-utils hack anymore
|
||||
- at-3.1.13-help.patch update usage
|
||||
- systemd-user-sessions.service is used in unit file, so the atd should be
|
||||
started after almost all services are up and running
|
||||
- 812682 pam support work with new systemd defaults
|
||||
|
||||
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Mon Nov 14 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-5
|
||||
- 754156 fix typo in script
|
||||
|
||||
* Mon Nov 14 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-5
|
||||
- fix incorrect option in test in 56atd
|
||||
|
||||
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-4
|
||||
- Rebuilt for glibc bug#747377
|
||||
|
||||
* Sun Sep 4 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-3
|
||||
- 729742 fix 56atd script for systemd
|
||||
|
||||
* Mon Aug 15 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-2
|
||||
- rebuilt with new rpm
|
||||
- Related: rhbz#728707
|
||||
|
||||
* Fri Jul 29 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-1
|
||||
- update to 3.1.13
|
||||
- rewrite patches to be applicable
|
||||
|
||||
* Thu Jul 21 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-11
|
||||
- fix permission of init.d/atd
|
||||
|
||||
* Wed Jul 20 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-10
|
||||
- create sysvinit script 714642 (inspired by cronie)
|
||||
- clean specfile, consistent macros, tab/spaces
|
||||
|
||||
* Tue Jul 19 2011 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-9
|
||||
- re-add missing export SHELL 674426
|
||||
- remove sysvinit scripts 714642
|
||||
- clean specfile (use bcond, remove defattr)
|
||||
|
||||
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.12-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Tue Dec 7 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-7
|
||||
- fix typo in systemd configuration
|
||||
- fix permissions of config files
|
||||
|
||||
* Tue Nov 30 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-6
|
||||
- 617320 systemd init script replacement
|
||||
|
||||
* Mon Mar 15 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-5
|
||||
- 568222 interrupted 'at' job creates empty job for non-root
|
||||
|
||||
* Mon Mar 1 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-4
|
||||
- 568779 atd is alway runnig after suspend/resume
|
||||
|
||||
* Fri Feb 12 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-3
|
||||
- prevent arbitrary destruction of at jobs (based on 564243)
|
||||
|
||||
* Mon Jan 18 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-2
|
||||
- polish pam in atd again
|
||||
|
||||
* Thu Dec 3 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-1
|
||||
- update to the new version of at
|
||||
- adapt patches for new version
|
||||
- change our pam config to source
|
||||
- start using new upstream test instead of our nonfunctinal
|
||||
- upstream changed nofork option -n to foreground option -f
|
||||
|
||||
* Tue Oct 13 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.11-1
|
||||
- 528582 add noreplace option into files section
|
||||
- rewrite pam2 patch - check return value, use "better" macro, etc.
|
||||
- new version of at
|
||||
|
||||
* Wed Sep 16 2009 Tomas Mraz <tmraz@redhat.com> 3.1.10-37
|
||||
- improve the PAM configuration, use password-auth common stack
|
||||
|
||||
* Tue Aug 18 2009 Adam Jackson <ajax@redhat.com> 3.1.10-36
|
||||
- Remove Requires: pm-utils-filesystem, dead package
|
||||
|
||||
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.10-35
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Mon Jul 20 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-34
|
||||
- require pm-utils-filesystem instead of pm-utils which should help
|
||||
minimal installation.
|
||||
|
||||
* Mon Jun 1 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-33
|
||||
- clean cvs, check patches
|
||||
|
||||
* Wed Mar 18 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-32
|
||||
- add the forgotten add delimiter thanks to Cong Ma
|
||||
|
||||
* Thu Feb 26 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-31
|
||||
- preun script is sometimes failing. Add apostrofs around zero.
|
||||
|
||||
* Thu Feb 26 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-30
|
||||
- 435765 and 486844 in some cases could be used bash for at commands
|
||||
even if user sets different default shell. Also bash4.0 fix Here Documents
|
||||
which breaks previous patch at-3.1.10-shell.patch.
|
||||
|
||||
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.10-29
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Thu Feb 19 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-28
|
||||
- 486227 add hyphen date into manual page.
|
||||
|
||||
* Wed Dec 3 2008 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-27
|
||||
- 464393 add script into pm-utils, because daemon wasn't taking all jobs
|
||||
after suspend/hibernate
|
||||
|
||||
* Fri Oct 24 2008 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-26
|
||||
- update init script according to SysVInitScript
|
||||
|
||||
* Tue Sep 16 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-25
|
||||
- thanks dwalsh for selinux patch, which fix #460873
|
||||
|
||||
* Fri Jul 18 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-24
|
||||
- 446004 hope adding || into scriptlets fix removing old package after upgrade
|
||||
- fixes for fuzz=0
|
||||
|
||||
* Tue Mar 25 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-23
|
||||
- 436952 use local instead of posix output date/time format.
|
||||
|
||||
* Thu Feb 28 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-22
|
||||
- #435250 mixed OPTS and OPTIONS variable in sysconfig
|
||||
|
||||
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.1.10-21
|
||||
- Autorebuild for GCC 4.3
|
||||
|
||||
* Tue Jan 8 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-20
|
||||
- used PIE instead of pie (with pie wasn't build on 64b successful)
|
||||
- rewrite PAM fail check
|
||||
- fix checking of settings setuid(s)
|
||||
|
||||
* Mon Dec 3 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-19
|
||||
- another problem with permission
|
||||
|
||||
* Tue Oct 30 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-18
|
||||
- Bug 398981: change on correct permissions
|
||||
|
||||
* Fri Oct 05 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-17
|
||||
- Bug 250147: add optional support for gnome-keyring to passwd pam stack
|
||||
|
||||
* Wed Aug 22 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-16
|
||||
- macro with_pam instead of have_pam
|
||||
- license tag is gplv2+ because of license in source files
|
||||
|
||||
* Wed Jul 11 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-15
|
||||
- rewrite init script
|
||||
- add own session - setsid
|
||||
- Resolves: rhbz#247091
|
||||
|
||||
* Mon Jul 9 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-14
|
||||
- feature: add configuration file
|
||||
- fix -V option
|
||||
- fix init script
|
||||
|
||||
* Tue Jul 3 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-13
|
||||
- Resolves: rhbz#243064
|
||||
|
||||
* Tue Jul 3 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-12
|
||||
- crashing atd
|
||||
- work only for root, still broken some functions
|
||||
- Resolves: rhbz#243064
|
||||
|
||||
* Tue Mar 27 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-11
|
||||
- mistake in pam_atd
|
||||
- rhbz#234120
|
||||
|
||||
* Mon Mar 05 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-10
|
||||
- rhbz#224597
|
||||
|
||||
* Sat Mar 03 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-9
|
||||
- review
|
||||
|
||||
* Tue Feb 20 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-8
|
||||
- review
|
||||
- rhbz#225288
|
||||
|
||||
* Tue Jan 30 2007 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-7
|
||||
- no debug file - useless
|
||||
- new pam configuration
|
||||
- rhbz#224597
|
||||
|
||||
* Fri Oct 27 2006 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-6
|
||||
- fix daylight-saving again
|
||||
- fix #214759 - problem with seteuid
|
||||
|
||||
* Wed Oct 25 2006 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-5
|
||||
- daylight-saving
|
||||
|
||||
* Tue Oct 24 2006 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-3
|
||||
- new version from upstream 3.1.10
|
||||
|
||||
* Wed Aug 23 2006 Marcela Maslanova <mmaslano@redhat.com> - 3.1.8-82.fc6
|
||||
- #176486 don't fork option added (patch from Enrico Scholz)
|
||||
|
||||
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 3.1.8-81.2
|
||||
- rebuild
|
||||
|
||||
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 3.1.8-81.1
|
||||
- bump again for double-long bug on ppc(64)
|
||||
|
||||
* Tue Feb 07 2006 Jason Vas Dias <jvdias@redhat.com> - 3.1.8-81
|
||||
- rebuild for new gcc, glibc, glibc-kernheaders
|
||||
- workaround new refusal of /usr/bin/install to chown
|
||||
|
||||
* Sun Dec 18 2005 Jason Vas Dias<jvdias@redhat.com> - 3.1.8-80.2
|
||||
- rebuild for new flex
|
||||
|
||||
* Fri Dec 16 2005 Jesse Keating <jkeating@redhat.com>
|
||||
- rebuilt for new gcj
|
||||
|
||||
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> - 3.1.8-80
|
||||
- Add seuserbyname support
|
||||
|
||||
* Fri Sep 30 2005 Tomas Mraz <tmraz@redhat.com> - 3.1.8-79
|
||||
- use include instead of pam_stack in pam config
|
||||
|
||||
* Fri Jun 03 2005 Jason Vas Dias <jvdias@redhat.com> 3.1.8-78
|
||||
- fix bug 159220: add pam_loginuid to pam session stack in /etc/pam.d/atd
|
||||
- fix bug 102341: add '-r' synonym for '-d' / atrm for POSIX / SuS conformance
|
||||
|
||||
* Fri Apr 08 2005 Jason Vas Dias <jvdias@redhat.com> 3.1.8-77
|
||||
- always call pam_setcred(pamh, PAM_DELETE_CRED) before session
|
||||
- close
|
||||
|
||||
* Tue Apr 05 2005 Jason Vas Dias <jvdias@redhat.com> 3.1.8-70
|
||||
- always call pam_close_session on PAM_FAIL or pam_end
|
||||
|
||||
* Tue Mar 08 2005 Jason Vas Dias <jvdias@redhat.com> 3.1.8-68
|
||||
- Put PAM authentication check in 'check_permissions()', so
|
||||
- user can know when using at(1) if PAM permission is denied.
|
||||
|
||||
* Tue Mar 08 2005 Jason Vas Dias <jvdias@redhat.com> 3.1.8-67
|
||||
- better fix for bug 150131: change DAEMON_USERNAME and
|
||||
- DAEMON_GROUPNAME to 'root' .
|
||||
|
||||
* Mon Mar 07 2005 Jason Vas Dias <jvdias@redhat.com> 3.1.8-66
|
||||
- fix bug 150131: atd should not relinquish root privilege if
|
||||
- doing su(1) equivalent with PAM .
|
||||
|
||||
* Tue Jan 25 2005 Jason Vas Dias <jvdias@redhat.com> 3.1.8-64
|
||||
- bugs 5160/146132: add PAM authentication control to atd
|
||||
|
||||
* Tue Oct 05 2004 Jason Vas Dias <jvdias@redhat.com> 3.1.8-60
|
||||
- fix bug 131510: no_export env. var. blacklisting should not
|
||||
- remove 'SHELL' when only 'SHELLOPTS' is blacklisted.
|
||||
- at(1) man-page should not say 'commands are run with /bin/sh'
|
||||
- and should explain usage of SHELL environement variable and
|
||||
- details of blacklisted variables.
|
||||
|
||||
* Tue Sep 28 2004 Rik van Riel <riel@redhat.com> 3.1.8-58
|
||||
- fix typo in man page, bug 112303
|
||||
- (regenerated at-3.1.8-man-timespec-path.patch with fix)
|
||||
|
||||
* Tue Aug 03 2004 Jason Vas Dias <jvdias@redhat.com>
|
||||
- fixed bug 125634 - made usage() agree with manpage
|
||||
|
||||
* Thu Jul 29 2004 Jason Vas Dias <jvdias@redhat.com>
|
||||
- Added POSIX.2 -t option for RFE 127485
|
||||
|
||||
* Thu Jul 29 2004 Jason Vas Dias <jvdias@redhat.com>
|
||||
- Had to disable the 'make test' for the build BEFORE
|
||||
- any changes were made (building on FC2 - perl issue?)
|
||||
- test.pl generates these 'errors' for what looks like
|
||||
- valid output to me:
|
||||
- $ ./test.pl 2>&1 | egrep -v '(^ok$)|(time_only)'
|
||||
- 1..3656
|
||||
- not ok
|
||||
- 'Monday - 1 month': 'Fri Jul 2 18:29:00 2004' =? 'Sat Jul 3 18:29:00 2004'
|
||||
- not ok
|
||||
- 'Monday - 10 months': 'Thu Oct 2 18:29:00 2003' =? 'Fri Oct 3 18:29:00 2003'
|
||||
- not ok
|
||||
- 'next week - 1 month': 'Mon Jul 5 18:29:00 2004' =? 'Tue Jul 6 18:29:00 2004'
|
||||
- not ok
|
||||
- 'next week - 10 months': 'Sun Oct 5 18:29:00 2003' =? 'Mon Oct 6 18:29:00 2003'
|
||||
- will investigate and fix for next release.
|
||||
|
||||
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Wed May 12 2004 Thomas Woerner <twoerner@redhat.com> - 3.1.8-54
|
||||
- fixed pie patch: at is pie, now
|
||||
- added build requires for libselinux-devel
|
||||
|
||||
* Tue May 4 2004 Dan Walsh <dwalsh@redhat.com> - 3.1.8-53
|
||||
- Add fileentrypoint check
|
||||
|
||||
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> - 3.1.8-52
|
||||
- Fix SELinux patch
|
||||
|
||||
* Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com>
|
||||
- Use ':' instead of '.' as separator for chown.
|
||||
|
||||
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - 3.1.8-50
|
||||
- rebuilt
|
||||
|
||||
* Tue Dec 9 2003 Jens Petersen <petersen@redhat.com> - 3.1.8-49
|
||||
- replace at-3.1.8-SHELL-91233.patch by at-3.1.8-SHELL-111386.patch which
|
||||
now executes $SHELL directly in the at shell script after all the variables
|
||||
have been setup with /bin/sh (#91233) [suggested by Göran Uddeborg]
|
||||
- this changelog is now in utf-8
|
||||
|
||||
* Fri Nov 7 2003 Jens Petersen <petersen@redhat.com> - 3.1.8-48
|
||||
- add at-3.1.8-pie.patch to build atd as pie (#108415) [Ulrich Drepper]
|
||||
|
||||
* Fri Oct 31 2003 Dan Walsh <dwalsh@redhat.com> - 3.1.8-47.sel
|
||||
|
||||
* Fri Jun 20 2003 Jens Petersen <petersen@redhat.com> - 3.1.8-46
|
||||
- add at-3.1.8-atrun.8-typo-97697.patch to fix typo in atrun.8 (#97697)
|
||||
- update at.1 description of shell behaviour (#91233)
|
||||
|
||||
* Tue Jun 17 2003 Jens Petersen <petersen@redhat.com> - 3.1.8-45
|
||||
- make the job shell default to SHELL instead of "/bin/sh" (#91233)
|
||||
|
||||
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> - 3.1.8-44
|
||||
- rebuilt
|
||||
|
||||
* Tue Jun 3 2003 Jens Petersen <petersen@redhat.com> - 3.1.8-43
|
||||
- Replace redundant at-3.1.7-paths.patch by at-3.1.8-man-timespec-path.patch
|
||||
to fix timespec path
|
||||
|
||||
* Tue Jun 3 2003 Jens Petersen <petersen@redhat.com> - 3.1.8-41
|
||||
- update source to at_3.1.8-11 from debian upstream
|
||||
- update source url
|
||||
- at-debian.patch no longer needed
|
||||
- at-3.1.7-paths.patch: the patch to "at.1.in" no longer needed
|
||||
- replace at-3.1.8-lexer.patch with at-3.1.8-11-lexer-parser.diff
|
||||
- at-3.1.8-dst.patch no longer needed
|
||||
- at-3.1.8-lsbdoc.patch no longer needed
|
||||
- at-3.1.8-o_excl.patch no longer needed
|
||||
- bump release number
|
||||
- at-3.1.8-test.patch: move out test.pl to a separate source file
|
||||
- apply at-3.1.8-test-fix.patch to it and drop patch
|
||||
- at-3.1.8-shell.patch: drop (#22216,#91233)
|
||||
- run "make test" after building
|
||||
- add "--without check" rpmbuild option
|
||||
- fix autoconf comment to point to right patch
|
||||
- use _sysconfdir, _sbindir, _bindir, and _localstatedir
|
||||
|
||||
* Wed Jan 22 2003 Tim Powers <timp@redhat.com> 3.1.8-33
|
||||
- rebuilt
|
||||
|
||||
* Wed Nov 27 2002 Tim Powers <timp@redhat.com> 3.1.8-32
|
||||
- remove unpackaged files from the buildroot
|
||||
|
||||
* Thu Jul 25 2002 Bill Huang <bhuang@redhat.com>
|
||||
- Fixed delaying job execution and missing starting jobs..(bug#69595)
|
||||
(Thanks Bujor D Silaghi <bujor@cs.umd.edu> for his patch.)
|
||||
|
||||
* Fri Jul 19 2002 Bill Huang <bhuang@redhat.com>
|
||||
- Fixed cleaning atq and multiple atd daemon.(bug#67414)
|
||||
(Thanks Bujor D Silaghi <bujor@cs.umd.edu> for his patch.)
|
||||
|
||||
* Fri Jul 19 2002 Bill Huang <bhuang@redhat.com>
|
||||
- Fixed error message output in atd.c
|
||||
|
||||
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
||||
- automated rebuild
|
||||
|
||||
* Mon May 27 2002 Bill Huang <bhuang@redhat.com>
|
||||
- Rebuild for Milan
|
||||
|
||||
* Thu May 23 2002 Tim Powers <timp@redhat.com>
|
||||
- automated rebuild
|
||||
|
||||
* Fri Feb 1 2002 Bernhard Rosenkraenzer <bero@redhat.com> 3.1.8-25
|
||||
- Require smtpdaemon rather than sendmail - postfix works just as well.
|
||||
|
||||
* Thu Jan 31 2002 Bill Nottingham <notting@redhat.com> 3.1.8-24
|
||||
- rebuild in new env.
|
||||
|
||||
* Thu Jan 17 2002 Trond Eivind Glomsrød <teg@redhat.com> 3.1.8-23
|
||||
- s/Copyright/License/
|
||||
|
||||
* Mon Jan 14 2002 Adrian Havill <havill@redhat.com> 3.1.8-21
|
||||
- fix man page (#51253)
|
||||
- fix env prop problem (#49491)
|
||||
- .SEQ should not be executable (#52626)
|
||||
- beefed up file creation perms against symlink exploits (O_EXCL)
|
||||
|
||||
* Thu Aug 2 2001 Crutcher Dunnavant <crutcher@redhat.com> 3.1.8-20
|
||||
- updated patch update, still bug #46546
|
||||
|
||||
* Wed Jul 18 2001 Crutcher Dunnavant <crutcher@redhat.com>
|
||||
- applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to
|
||||
- address bug #46546
|
||||
|
||||
* Mon Jun 25 2001 Crutcher Dunnavant <crutcher@redhat.com>
|
||||
- changed atd.init to start at 95, stop at 5, closing #15915
|
||||
- applied mailto:wp@supermedia.pl's environment patch
|
||||
|
||||
* Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com>
|
||||
- Bump release + rebuild.
|
||||
|
||||
* Wed Apr 4 2001 Crutcher Dunnavant <crutcher@redhat.com>
|
||||
- much love to David Kilzer <ddkilzer@lubricants-oil.com>
|
||||
- who nailed UTC, Leap year, DST, and some other edge cases down
|
||||
- he also wrote a test harness in perl
|
||||
- bug #28448
|
||||
|
||||
* Fri Feb 2 2001 Trond Eivind Glomsrød <teg@redhat.com>
|
||||
- i18nize initscript
|
||||
|
||||
* Tue Dec 12 2000 Bill Nottingham <notting@redhat.com>
|
||||
- fix documentation of which shell commands will be run with (#22216)
|
||||
|
||||
* Wed Aug 23 2000 Crutcher Dunnavant <crutcher@redhat.com>
|
||||
- Well, we will likely never really close the UTC issues,
|
||||
- because of 1) fractional timezones, and 2) daylight savigns time.
|
||||
- but there is a slight tweak to the handling of dst in the UTC patch.
|
||||
|
||||
* Wed Aug 23 2000 Crutcher Dunnavant <crutcher@redhat.com>
|
||||
- fixed bug #15685
|
||||
- which had at miscaluclating UTC times.
|
||||
|
||||
* Sat Jul 15 2000 Bill Nottingham <notting@redhat.com>
|
||||
- move initscript back
|
||||
|
||||
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
|
||||
- automatic rebuild
|
||||
|
||||
* Thu Jul 6 2000 Bill Nottingham <notting@redhat.com>
|
||||
- prereq /etc/init.d
|
||||
|
||||
* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- fix syntax error in init script
|
||||
|
||||
* Tue Jun 27 2000 Preston Brown <pbrown@redhat.com>
|
||||
- don't prereq, only require initscripts
|
||||
|
||||
* Mon Jun 26 2000 Preston Brown <pbrown@redhat.com>
|
||||
- move init script
|
||||
- add condrestart directive
|
||||
- fix post/preun/postun scripts
|
||||
- prereq initscripts >= 5.20
|
||||
|
||||
* Sat Jun 17 2000 Bill Nottingham <notting@redhat.com>
|
||||
- fix verify of /var/spool/at/.SEQ (#12262)
|
||||
|
||||
* Mon Jun 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- fix status checking and syntax error in init script
|
||||
|
||||
* Fri Jun 9 2000 Bill Nottingham <notting@redhat.com>
|
||||
- fix for long usernames (#11321)
|
||||
- add some bugfixes from debian
|
||||
|
||||
* Mon May 8 2000 Bernhard Rosenkraenzer <bero@redhat.com>
|
||||
- 3.1.8
|
||||
|
||||
* Wed Mar 1 2000 Bill Nottingham <notting@redhat.com>
|
||||
- fix a couple of more typos, null-terminate some strings
|
||||
|
||||
* Thu Feb 10 2000 Bill Nottingham <notting@redhat.com>
|
||||
- fix many-years-old typo in atd.c
|
||||
|
||||
* Thu Feb 3 2000 Bill Nottingham <notting@redhat.com>
|
||||
- handle compressed man pages
|
||||
|
||||
* Mon Aug 16 1999 Bill Nottingham <notting@redhat.com>
|
||||
- initscript munging, build as non-root user
|
||||
|
||||
* Sun Jun 13 1999 Jeff Johnson <jbj@redhat.com>
|
||||
- correct perms for /var/spool/at after defattr.
|
||||
|
||||
* Mon May 24 1999 Jeff Johnson <jbj@redhat.com>
|
||||
- reset SIGCHLD before exec (#3016).
|
||||
|
||||
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
|
||||
- auto rebuild in the new build environment (release 8)
|
||||
|
||||
* Thu Mar 18 1999 Cristian Gafton <gafton@redhat.com>
|
||||
- fix handling the 12:00 time
|
||||
|
||||
* Wed Jan 13 1999 Bill Nottingham <notting@redhat.com>
|
||||
- configure fix for arm
|
||||
|
||||
* Wed Jan 06 1999 Cristian Gafton <gafton@redhat.com>
|
||||
- build for glibc 2.1
|
||||
|
||||
* Tue May 05 1998 Prospector System <bugs@redhat.com>
|
||||
- translations modified for de, fr, tr
|
||||
|
||||
* Wed Apr 22 1998 Michael K. Johnson <johnsonm@redhat.com>
|
||||
- enhanced initscript
|
||||
|
||||
* Sun Nov 09 1997 Michael K. Johnson <johnsonm@redhat.com>
|
||||
- learned to spell
|
||||
|
||||
* Wed Oct 22 1997 Michael K. Johnson <johnsonm@redhat.com>
|
||||
- updated to at version 3.1.7
|
||||
- updated lock and sequence file handling with ghost
|
||||
- Use chkconfig and atd, now conflicts with old crontabs packages
|
||||
|
||||
* Thu Jun 19 1997 Erik Troan <ewt@redhat.com>
|
||||
- built against glibc
|
|
@ -0,0 +1,9 @@
|
|||
# specify additional command line arguments for atd
|
||||
#
|
||||
# -l Specifies a limiting load factor, over which batch jobs should not be run, instead of the compile-time
|
||||
# choice of 0.8. For an SMP system with n CPUs, you will probably want to set this higher than n-1.
|
||||
#
|
||||
# -b Specifiy the minimum interval in seconds between the start of two batch jobs (60 default).
|
||||
|
||||
#example:
|
||||
#OPTS="-l 4 -b 120"
|
|
@ -0,0 +1,13 @@
|
|||
[Unit]
|
||||
Description=Deferred execution scheduler
|
||||
Documentation=man:atd(8)
|
||||
After=syslog.target systemd-user-sessions.service
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/sysconfig/atd
|
||||
ExecStart=/usr/sbin/atd -f $OPTS
|
||||
IgnoreSIGPIPE=no
|
||||
KillMode=process
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,9 @@
|
|||
# The PAM configuration file for the at daemon
|
||||
#
|
||||
#
|
||||
auth required pam_env.so
|
||||
auth include password-auth
|
||||
account required pam_access.so
|
||||
account include password-auth
|
||||
session required pam_loginuid.so
|
||||
session include password-auth
|
|
@ -1,10 +1,12 @@
|
|||
%define debug_package %{nil}
|
||||
|
||||
Summary: Auditd plugin that forwards audit events to OMS Agent for Linux
|
||||
Name: auoms
|
||||
Version: 2.2.5
|
||||
Release: 2%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Applications/System
|
||||
URL: https://github.com/microsoft/OMS-Auditd-Plugin
|
||||
#Source0: https://github.com/microsoft/OMS-Auditd-Plugin/archive/v2.2.5-0.tar.gz
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
@ -15,30 +17,28 @@ Source2: msgpack-c-cpp-2.0.0.zip
|
|||
#Source3: https://github.com/Tencent/rapidjson/archive/v1.0.2.tar.gz
|
||||
Source3: rapidjson-1.0.2.tar.gz
|
||||
Patch0: auoms.patch
|
||||
Group: Applications/System
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
BuildRequires: unzip
|
||||
BuildRequires: cmake
|
||||
BuildRequires: wget
|
||||
BuildRequires: sudo
|
||||
BuildRequires: grep
|
||||
BuildRequires: sed
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: bash
|
||||
BuildRequires: bash-devel
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: cmake
|
||||
BuildRequires: grep
|
||||
BuildRequires: python2
|
||||
BuildRequires: python2-devel
|
||||
|
||||
BuildRequires: sed
|
||||
BuildRequires: sudo
|
||||
BuildRequires: unzip
|
||||
BuildRequires: wget
|
||||
Requires: audit
|
||||
Requires: sudo
|
||||
Requires: bash
|
||||
Requires: sed
|
||||
Requires: chkconfig
|
||||
Requires: glibc
|
||||
Requires: initscripts
|
||||
Requires: libstdc++
|
||||
Requires: perl
|
||||
Requires: glibc
|
||||
Requires: procps-ng
|
||||
Requires: sed
|
||||
Requires: sudo
|
||||
|
||||
%description
|
||||
OMS Audit data collection daemon
|
||||
|
@ -53,8 +53,8 @@ cp %{SOURCE3} ./
|
|||
%build
|
||||
grep AUOMS_BUILDVERSION auoms.version | head -n 4 | cut -d'=' -f2 | tr '\n' '.' | sed 's/.$//' | sed 's/^/#define AUOMS_VERSION "/' > auoms_version.h
|
||||
sed -i 's/$/"/' auoms_version.h
|
||||
cp -R /usr/include/boost /usr/local/include/boost
|
||||
mv /usr/include/boost /usr/include/boost148
|
||||
cp -R %{_includedir}/boost /usr/local/include/boost
|
||||
mv %{_includedir}/boost /usr/include/boost148
|
||||
cd build
|
||||
./configure --enable-ulinux && make clean && make
|
||||
|
||||
|
@ -65,11 +65,11 @@ install -vdm 755 %{buildroot}%{_sysconfdir}/opt/microsoft/auoms/outconf.d
|
|||
install -vdm 755 %{buildroot}%{_sysconfdir}/opt/microsoft/auoms/rules.d
|
||||
install -vdm 755 %{buildroot}/opt/microsoft/auoms
|
||||
install -vdm 755 %{buildroot}/opt/microsoft/auoms/bin
|
||||
install -vdm 755 %{buildroot}/usr/share/selinux/packages/auoms
|
||||
install -vdm 750 %{buildroot}/var/opt/microsoft/auoms/data
|
||||
install -vdm 750 %{buildroot}/var/opt/microsoft/auoms/data/outputs
|
||||
install -vdm 755 %{buildroot}%{_datadir}/selinux/packages/auoms
|
||||
install -vdm 750 %{buildroot}%{_var}/opt/microsoft/auoms/data
|
||||
install -vdm 750 %{buildroot}%{_var}/opt/microsoft/auoms/data/outputs
|
||||
|
||||
install -m 644 intermediate/selinux/* %{buildroot}/usr/share/selinux/packages/auoms
|
||||
install -m 644 intermediate/selinux/* %{buildroot}%{_datadir}/selinux/packages/auoms
|
||||
install -m 555 installer/auoms.init %{buildroot}%{_sysconfdir}/init.d/auoms
|
||||
install -m 644 installer/conf/auoms.conf %{buildroot}%{_sysconfdir}/opt/microsoft/auoms
|
||||
install -m 644 installer/conf/auomscollect.conf %{buildroot}%{_sysconfdir}/opt/microsoft/auoms
|
||||
|
@ -82,25 +82,25 @@ install -m 755 intermediate/builddir/release/bin/auoms %{buildroot}/opt
|
|||
install -m 755 intermediate/builddir/release/bin/auomsctl %{buildroot}/opt/microsoft/auoms/bin
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%pre
|
||||
#!/bin/sh
|
||||
|
||||
if [ $1 -gt 1 ] ; then
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf ]; then
|
||||
if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf ]; then
|
||||
echo "Pre: found etc/audisp/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf.auomssave ]; then
|
||||
rm /etc/audisp/plugins.d/auoms.conf.auomssave
|
||||
if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave ]; then
|
||||
rm %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
cp -p /etc/audisp/plugins.d/auoms.conf /etc/audisp/plugins.d/auoms.conf.auomssave
|
||||
cp -p %{_sysconfdir}/audisp/plugins.d/auoms.conf %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf ]; then
|
||||
if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf ]; then
|
||||
echo "Pre: found etc/audit/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf.auomssave ]; then
|
||||
rm /etc/audit/plugins.d/auoms.conf.auomssave
|
||||
if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave ]; then
|
||||
rm %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
cp -p /etc/audit/plugins.d/auoms.conf /etc/audit/plugins.d/auoms.conf.auomssave
|
||||
cp -p %{_sysconfdir}/audit/plugins.d/auoms.conf %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -117,24 +117,24 @@ fi
|
|||
SERVICEDIR=/opt/microsoft/auoms
|
||||
|
||||
if [ $1 -gt 1 ] ; then
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf.auomssave ]; then
|
||||
echo "Post: found /etc/audisp/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audisp/plugins.d/auoms.conf ]; then
|
||||
rm /etc/audisp/plugins.d/auoms.conf
|
||||
if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave ]; then
|
||||
echo "Post: found %{_sysconfdir}/audisp/plugins.d/auoms.conf"
|
||||
if [ -e %{_sysconfdir}/audisp/plugins.d/auoms.conf ]; then
|
||||
rm %{_sysconfdir}/audisp/plugins.d/auoms.conf
|
||||
fi
|
||||
cp -p /etc/audisp/plugins.d/auoms.conf.auomssave /etc/audisp/plugins.d/auoms.conf
|
||||
cp -p %{_sysconfdir}/audisp/plugins.d/auoms.conf.auomssave %{_sysconfdir}/audisp/plugins.d/auoms.conf
|
||||
fi
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf.auomssave ]; then
|
||||
echo "Post: found /etc/audit/plugins.d/auoms.conf"
|
||||
if [ -e /etc/audit/plugins.d/auoms.conf ]; then
|
||||
rm /etc/audit/plugins.d/auoms.conf
|
||||
if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave ]; then
|
||||
echo "Post: found %{_sysconfdir}/audit/plugins.d/auoms.conf"
|
||||
if [ -e %{_sysconfdir}/audit/plugins.d/auoms.conf ]; then
|
||||
rm %{_sysconfdir}/audit/plugins.d/auoms.conf
|
||||
fi
|
||||
cp -p /etc/audit/plugins.d/auoms.conf.auomssave /etc/audit/plugins.d/auoms.conf
|
||||
cp -p %{_sysconfdir}/audit/plugins.d/auoms.conf.auomssave %{_sysconfdir}/audit/plugins.d/auoms.conf
|
||||
fi
|
||||
echo "Post: executing upgrade"
|
||||
/opt/microsoft/auoms/bin/auomsctl upgrade
|
||||
fi
|
||||
for dir in /usr/lib/systemd/system /lib/systemd/system; do
|
||||
for dir in %{_lib}/systemd/system /lib/systemd/system; do
|
||||
if [ -e $dir ]; then
|
||||
install -m 644 ${SERVICEDIR}/auoms.service $dir
|
||||
systemctl enable auoms.service
|
||||
|
@ -142,20 +142,20 @@ for dir in /usr/lib/systemd/system /lib/systemd/system; do
|
|||
fi
|
||||
done
|
||||
sudo /opt/microsoft/auoms/bin/auomsctl enable
|
||||
rm -f /etc/audisp/plugins.d/auoms.conf.*
|
||||
rm -f /etc/audit/plugins.d/auoms.conf.*
|
||||
rm -f %{_sysconfdir}/audisp/plugins.d/auoms.conf.*
|
||||
rm -f %{_sysconfdir}/audit/plugins.d/auoms.conf.*
|
||||
|
||||
%postun
|
||||
#!/bin/sh
|
||||
|
||||
if [ $1 -eq 0 ]; then
|
||||
rm -f /etc/audisp/plugins.d/auoms.conf*
|
||||
rm -f /etc/audit/plugins.d/auoms.conf*
|
||||
rm -f %{_sysconfdir}/audisp/plugins.d/auoms.conf*
|
||||
rm -f %{_sysconfdir}/audit/plugins.d/auoms.conf*
|
||||
|
||||
rm -rf -v /etc/opt/microsoft/auoms
|
||||
rm -rf -v /var/opt/microsoft/auoms
|
||||
rm -rf -v %{_sysconfdir}/opt/microsoft/auoms
|
||||
rm -rf -v %{_var}/opt/microsoft/auoms
|
||||
fi
|
||||
for dir in /usr/lib/systemd/system /lib/systemd/system; do
|
||||
for dir in %{_lib}/systemd/system /lib/systemd/system; do
|
||||
if [ -e ${dir}/auoms.service ]; then
|
||||
systemctl disable auoms.service
|
||||
rm -f ${dir}/auoms.service
|
||||
|
@ -165,8 +165,8 @@ done
|
|||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
/usr/share/selinux/packages/auoms
|
||||
/usr/share/selinux/packages/auoms/*
|
||||
%{_datadir}/selinux/packages/auoms
|
||||
%{_datadir}/selinux/packages/auoms/*
|
||||
%{_sysconfdir}/init.d/auoms
|
||||
%{_sysconfdir}/opt/microsoft/auoms
|
||||
%{_sysconfdir}/opt/microsoft/auoms/auoms.conf
|
||||
|
@ -182,12 +182,21 @@ done
|
|||
/opt/microsoft/auoms/bin/auomscollect
|
||||
/opt/microsoft/auoms/bin/auoms
|
||||
/opt/microsoft/auoms/bin/auomsctl
|
||||
/var/opt/microsoft/auoms
|
||||
/var/opt/microsoft/auoms/data
|
||||
/var/opt/microsoft/auoms/data/outputs
|
||||
%{_var}/opt/microsoft/auoms
|
||||
%{_var}/opt/microsoft/auoms/data
|
||||
%{_var}/opt/microsoft/auoms/data/outputs
|
||||
|
||||
%changelog
|
||||
* Wed Nov 11 2020 Daniel McIlvaney <damcilva@microsoft.com> - 2.2.5-4
|
||||
- Add dependnecy on chkconfig to avoid ownership conflict with /etc/init.d directory
|
||||
- Add dependency on procps-ng so auomsctl can use pgrep
|
||||
- Add dependnecy on initscripts so auomsctl can use /usr/sbin/service
|
||||
|
||||
* Wed Nov 11 2020 Daniel McIlvaney <damcilva@microsoft.com> - 2.2.5-3
|
||||
- Clean up spec file with feedback from linter
|
||||
|
||||
* Sat Oct 24 2020 Andrew Phelps <anphel@microsoft.com> 2.2.5-2
|
||||
- Fix setup macro
|
||||
|
||||
* Thu Oct 22 2020 Andrew Phelps <anphel@microsoft.com> 2.2.5-1
|
||||
- Initial CBL-Mariner version.
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
Summary: The package automatically configure source code
|
||||
Name: autoconf
|
||||
Version: 2.69
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: GPLv2
|
||||
URL: http://www.gnu.org/software/autoconf
|
||||
Group: System Environment/Base
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: http://ftp.gnu.org/gnu/autoconf/%{name}-%{version}.tar.xz
|
||||
%define sha1 autoconf=e891c3193029775e83e0534ac0ee0c4c711f6d23
|
||||
Patch0: autoconf-make-check.patch
|
||||
|
||||
BuildRequires: perl
|
||||
|
@ -20,19 +19,23 @@ BuildArch: noarch
|
|||
%description
|
||||
The package contains programs for producing shell scripts that can
|
||||
automatically configure source code.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
%configure \
|
||||
--disable-silent-rules
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
rm -rf %{buildroot}%{_infodir}
|
||||
|
||||
%check
|
||||
make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-500"
|
||||
# Skip test 38 due to expected regex issue using perl 5.30 and autoconf
|
||||
make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-37 39-500"
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
|
@ -40,7 +43,12 @@ make -k check %{?_smp_mflags} TESTSUITEFLAGS="1-500"
|
|||
%{_bindir}/*
|
||||
%{_mandir}/*/*
|
||||
%{_datarootdir}/autoconf/*
|
||||
|
||||
%changelog
|
||||
* Fri Mar 26 2021 Thomas Crain <thcrain@microsoft.com> - 2.69-11
|
||||
- Merge the following releases from 1.0 to dev branch
|
||||
- anphel@microsoft.com, 2.69-10: Fix check tests
|
||||
|
||||
* Mon Oct 12 2020 Joe Schmitt <joschmit@microsoft.com> 2.69-10
|
||||
- Use new perl package names.
|
||||
* Sat May 09 00:21:00 PST 2020 Nick Samson <nisamson@microsoft.com> 2.69-9
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: A GNU tool for automatically configuring source code
|
||||
Name: autoconf213
|
||||
Version: 2.13
|
||||
Release: 46%{?dist}
|
||||
Release: 47%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://www.gnu.org/software/autoconf/
|
||||
Source: ftp://prep.ai.mit.edu/pub/gnu/autoconf/autoconf-%{version}.tar.gz
|
||||
|
@ -55,6 +55,12 @@ rm ${RPM_BUILD_ROOT}/%{_bindir}/autoscan-%{version}
|
|||
rm -f ${RPM_BUILD_ROOT}%{_infodir}/standards*
|
||||
|
||||
%check
|
||||
# Skip AC_FUNC_GETLOADAVG which fails to find /dev/kmem due to CONFIG_DEVKMEM not being set
|
||||
sed -i 's/AC_DEFUN(AC_FUNC_GETLOADAVG,/AU_DEFUN(AC_FUNC_GETLOADAVG,/g' ./acspecific.m4
|
||||
# Skip Fortan 77 (F77) tests which are not supported with our version of gcc
|
||||
sed -i 's/AC_DEFUN(AC_PROG_F77,/AU_DEFUN(AC_PROG_F77,/g' ./acspecific.m4
|
||||
sed -i 's/AC_DEFUN(AC_PROG_F77_WORKS,/AU_DEFUN(AC_PROG_F77_WORKS,/g' ./acspecific.m4
|
||||
sed -i 's/AC_DEFUN(AC_F77_LIBRARY_LDFLAGS,/AU_DEFUN(AC_F77_LIBRARY_LDFLAGS,/g' ./acspecific.m4
|
||||
make check
|
||||
|
||||
%post
|
||||
|
@ -76,9 +82,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_datadir}/autoconf-%{version}/
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:21:40 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.13-46
|
||||
* Mon Dec 07 2020 Andrew Phelps <anphel@microsoft.com> 2.13-47
|
||||
- Fix check tests.
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.13-46
|
||||
- Added %%license line automatically
|
||||
|
||||
* Wed Apr 15 2020 Nicolas Ontiveros <niontive@microsoft.com> 2.13-45
|
||||
- Initial CBL-Mariner import from Fedora 32 (license: MIT).
|
||||
- License verified.
|
||||
|
|
|
@ -1,32 +1,37 @@
|
|||
Summary: Bourne-Again SHell
|
||||
Name: bash
|
||||
Version: 4.4.18
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv3
|
||||
URL: http://www.gnu.org/software/bash/
|
||||
Group: System Environment/Base
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: http://ftp.gnu.org/gnu/bash/%{name}-%{version}.tar.gz
|
||||
%define sha1 bash=6cf9b3c23930ba8a721fee177d1558e5b7cb6104
|
||||
Group: System Environment/Base
|
||||
URL: https://www.gnu.org/software/bash/
|
||||
Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.gz
|
||||
Source1: bash_completion
|
||||
Patch0: bash-4.4.patch
|
||||
Provides: /bin/sh
|
||||
Provides: /bin/bash
|
||||
Provides: /usr/bin/sh
|
||||
Provides: /usr/bin/bash
|
||||
# CVE-2019-18276 has a negligible security impact,
|
||||
# since we don't ship bash with suid.
|
||||
# Backporting the patch is non-trivial, as well.
|
||||
Patch1: CVE-2019-18276.nopatch
|
||||
BuildRequires: readline
|
||||
Requires: readline
|
||||
Requires(post): /bin/grep
|
||||
Requires(post): /bin/cp
|
||||
Requires(post): /bin/grep
|
||||
Requires(postun): /bin/grep
|
||||
Requires(postun): /bin/mv
|
||||
Provides: /bin/sh
|
||||
Provides: /bin/bash
|
||||
Provides: %{_bindir}/sh
|
||||
Provides: %{_bindir}/bash
|
||||
|
||||
%description
|
||||
The package contains the Bourne-Again SHell
|
||||
|
||||
%package devel
|
||||
Summary: Header and development files for bash
|
||||
Requires: %{name} = %{version}
|
||||
|
||||
%description devel
|
||||
It contains the libraries and header files to create applications
|
||||
|
||||
|
@ -34,12 +39,13 @@ It contains the libraries and header files to create applications
|
|||
Summary: Additional language files for bash
|
||||
Group: System Environment/Base
|
||||
Requires: bash >= 4.4
|
||||
|
||||
%description lang
|
||||
These are the additional language files of bash.
|
||||
|
||||
%prep
|
||||
%setup -q -n bash-4.4.18
|
||||
%patch0 -p1
|
||||
%autosetup -p 1
|
||||
|
||||
%build
|
||||
%configure \
|
||||
"CFLAGS=-fPIC %{build_cflags}" \
|
||||
|
@ -48,21 +54,22 @@ These are the additional language files of bash.
|
|||
--without-bash-malloc \
|
||||
--with-installed-readline
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
ln -s bash %{buildroot}/bin/sh
|
||||
install -vdm 755 %{buildroot}/etc
|
||||
install -vdm 755 %{buildroot}/etc/profile.d
|
||||
install -vdm 755 %{buildroot}/etc/skel
|
||||
install -vdm 755 %{buildroot}/usr/share/bash-completion
|
||||
install -m 0644 %{SOURCE1} %{buildroot}/usr/share/bash-completion
|
||||
rm %{buildroot}/usr/lib/bash/Makefile.inc
|
||||
install -vdm 755 %{buildroot}%{_sysconfdir}
|
||||
install -vdm 755 %{buildroot}%{_sysconfdir}/profile.d
|
||||
install -vdm 755 %{buildroot}%{_sysconfdir}/skel
|
||||
install -vdm 755 %{buildroot}%{_datadir}/bash-completion
|
||||
install -m 0644 %{SOURCE1} %{buildroot}%{_datadir}/bash-completion
|
||||
rm %{buildroot}%{_lib}/bash/Makefile.inc
|
||||
|
||||
# Create dircolors
|
||||
cat > %{buildroot}/etc/profile.d/dircolors.sh << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/profile.d/dircolors.sh << "EOF"
|
||||
# Setup for /bin/ls and /bin/grep to support color, the alias is in /etc/bashrc.
|
||||
if [ -f "/etc/dircolors" ] ; then
|
||||
eval $(dircolors -b /etc/dircolors)
|
||||
if [ -f "%{_sysconfdir}/dircolors" ] ; then
|
||||
eval $(dircolors -b %{_sysconfdir}/dircolors)
|
||||
|
||||
if [ -f "$HOME/.dircolors" ] ; then
|
||||
eval $(dircolors -b $HOME/.dircolors)
|
||||
|
@ -75,27 +82,27 @@ if [ $? -eq 0 ]; then
|
|||
fi
|
||||
EOF
|
||||
|
||||
cat > %{buildroot}/etc/profile.d/extrapaths.sh << "EOF"
|
||||
if [ -d /usr/local/lib/pkgconfig ] ; then
|
||||
pathappend /usr/local/lib/pkgconfig PKG_CONFIG_PATH
|
||||
cat > %{buildroot}%{_sysconfdir}/profile.d/extrapaths.sh << "EOF"
|
||||
if [ -d %{_prefix}/local/lib/pkgconfig ] ; then
|
||||
pathappend %{_prefix}/local/lib/pkgconfig PKG_CONFIG_PATH
|
||||
fi
|
||||
if [ -d /usr/local/bin ]; then
|
||||
pathprepend /usr/local/bin
|
||||
if [ -d %{_prefix}/local/bin ]; then
|
||||
pathprepend %{_prefix}/local/bin
|
||||
fi
|
||||
if [ -d /usr/local/sbin -a $EUID -eq 0 ]; then
|
||||
pathprepend /usr/local/sbin
|
||||
if [ -d %{_prefix}/local/sbin -a $EUID -eq 0 ]; then
|
||||
pathprepend %{_prefix}/local/sbin
|
||||
fi
|
||||
EOF
|
||||
|
||||
cat > %{buildroot}/etc/profile.d/readline.sh << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/profile.d/readline.sh << "EOF"
|
||||
# Setup the INPUTRC environment variable.
|
||||
if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ] ; then
|
||||
INPUTRC=/etc/inputrc
|
||||
INPUTRC=%{_sysconfdir}/inputrc
|
||||
fi
|
||||
export INPUTRC
|
||||
EOF
|
||||
|
||||
cat > %{buildroot}/etc/profile.d/umask.sh << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/profile.d/umask.sh << "EOF"
|
||||
# By default, the umask should be set.
|
||||
if [ "$(id -gn)" = "$(id -un)" -a $EUID -gt 99 ] ; then
|
||||
umask 002
|
||||
|
@ -104,7 +111,7 @@ else
|
|||
fi
|
||||
EOF
|
||||
|
||||
cat > %{buildroot}/etc/profile.d/i18n.sh << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/profile.d/i18n.sh << "EOF"
|
||||
# Begin /etc/profile.d/i18n.sh
|
||||
|
||||
unset LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES \
|
||||
|
@ -112,8 +119,8 @@ unset LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES \
|
|||
|
||||
if [ -n "$XDG_CONFIG_HOME" ] && [ -r "$XDG_CONFIG_HOME/locale.conf" ]; then
|
||||
. "$XDG_CONFIG_HOME/locale.conf"
|
||||
elif [ -r /etc/locale.conf ]; then
|
||||
. /etc/locale.conf
|
||||
elif [ -r %{_sysconfdir}/locale.conf ]; then
|
||||
. %{_sysconfdir}/locale.conf
|
||||
fi
|
||||
|
||||
export LANG="${LANG:-C}"
|
||||
|
@ -134,21 +141,21 @@ export LANG="${LANG:-C}"
|
|||
EOF
|
||||
|
||||
# bash completion
|
||||
cat > %{buildroot}/etc/profile.d/bash_completion.sh << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/profile.d/bash_completion.sh << "EOF"
|
||||
# check for interactive bash and only bash
|
||||
if [ -n "$BASH_VERSION" -a -n "$PS1" ]; then
|
||||
|
||||
# enable bash completion in interactive shells
|
||||
if ! shopt -oq posix; then
|
||||
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||||
. /usr/share/bash-completion/bash_completion
|
||||
if [ -f %{_datadir}/bash-completion/bash_completion ]; then
|
||||
. %{_datadir}/bash-completion/bash_completion
|
||||
fi
|
||||
fi
|
||||
|
||||
fi
|
||||
EOF
|
||||
|
||||
cat > %{buildroot}/etc/bash.bashrc << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/bash.bashrc << "EOF"
|
||||
# Begin /etc/bash.bashrc
|
||||
# Written for Beyond Linux From Scratch
|
||||
# by James Robertson <jameswrobertson@earthlink.net>
|
||||
|
@ -187,13 +194,13 @@ fi
|
|||
unset RED GREEN NORMAL
|
||||
|
||||
if test -n "$SSH_CONNECTION" -a -z "$PROFILEREAD"; then
|
||||
. /etc/profile > /dev/null 2>&1
|
||||
. %{_sysconfdir}/profile > /dev/null 2>&1
|
||||
fi
|
||||
# End /etc/bash.bashrc
|
||||
EOF
|
||||
|
||||
|
||||
cat > %{buildroot}/etc/skel/.bash_profile << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/skel/.bash_profile << "EOF"
|
||||
# Begin ~/.bash_profile
|
||||
# Written for Beyond Linux From Scratch
|
||||
# by James Robertson <jameswrobertson@earthlink.net>
|
||||
|
@ -221,7 +228,7 @@ fi
|
|||
# End ~/.bash_profile
|
||||
EOF
|
||||
|
||||
cat > %{buildroot}/etc/skel/.bashrc << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/skel/.bashrc << "EOF"
|
||||
# Begin ~/.bashrc
|
||||
# Written for Beyond Linux From Scratch
|
||||
# by James Robertson <jameswrobertson@earthlink.net>
|
||||
|
@ -233,14 +240,14 @@ cat > %{buildroot}/etc/skel/.bashrc << "EOF"
|
|||
# programs are in /etc/profile. System wide aliases and functions are
|
||||
# in /etc/bashrc.
|
||||
|
||||
if [ -f "/etc/bash.bashrc" ] ; then
|
||||
source /etc/bash.bashrc
|
||||
if [ -f "%{_sysconfdir}/bash.bashrc" ] ; then
|
||||
source %{_sysconfdir}/bash.bashrc
|
||||
fi
|
||||
|
||||
# End ~/.bashrc
|
||||
EOF
|
||||
|
||||
cat > %{buildroot}/etc/skel/.bash_logout << "EOF"
|
||||
cat > %{buildroot}%{_sysconfdir}/skel/.bash_logout << "EOF"
|
||||
# Begin ~/.bash_logout
|
||||
# Written for Beyond Linux From Scratch
|
||||
# by James Robertson <jameswrobertson@earthlink.net>
|
||||
|
@ -250,7 +257,7 @@ cat > %{buildroot}/etc/skel/.bash_logout << "EOF"
|
|||
# End ~/.bash_logout
|
||||
EOF
|
||||
|
||||
dircolors -p > %{buildroot}/etc/dircolors
|
||||
dircolors -p > %{buildroot}%{_sysconfdir}/dircolors
|
||||
%find_lang %{name}
|
||||
rm -rf %{buildroot}/%{_infodir}
|
||||
|
||||
|
@ -260,22 +267,22 @@ make NON_ROOT_USERNAME=nobody %{?_smp_mflags} check
|
|||
%post
|
||||
if [ $1 -eq 1 ] ; then
|
||||
if [ ! -f "/root/.bash_logout" ] ; then
|
||||
cp /etc/skel/.bash_logout /root/.bash_logout
|
||||
cp %{_sysconfdir}/skel/.bash_logout /root/.bash_logout
|
||||
fi
|
||||
if [ ! -f /etc/shells ]; then
|
||||
echo "/bin/sh" >> /etc/shells
|
||||
echo "/bin/bash" >> /etc/shells
|
||||
echo "%{_bindir}/sh" >> /etc/shells
|
||||
echo "%{_bindir}/bash" >> /etc/shells
|
||||
if [ ! -f %{_sysconfdir}/shells ]; then
|
||||
echo "/bin/sh" >> %{_sysconfdir}/shells
|
||||
echo "/bin/bash" >> %{_sysconfdir}/shells
|
||||
echo "%{_bindir}/sh" >> %{_sysconfdir}/shells
|
||||
echo "%{_bindir}/bash" >> %{_sysconfdir}/shells
|
||||
else
|
||||
grep -q '^/bin/sh$' /etc/shells || \
|
||||
echo "/bin/sh" >> /etc/shells
|
||||
grep -q '^/bin/bash$' /etc/shells || \
|
||||
echo "/bin/bash" >> /etc/shells
|
||||
grep -q '^%{_bindir}/sh$' /etc/shells || \
|
||||
echo "%{_bindir}/sh" >> /etc/shells
|
||||
grep -q '^%{_bindir}/bash$' /etc/shells || \
|
||||
echo "%{_bindir}/bash" >> /etc/shells
|
||||
grep -q '^/bin/sh$' %{_sysconfdir}/shells || \
|
||||
echo "/bin/sh" >> %{_sysconfdir}/shells
|
||||
grep -q '^/bin/bash$' %{_sysconfdir}/shells || \
|
||||
echo "/bin/bash" >> %{_sysconfdir}/shells
|
||||
grep -q '^%{_bindir}/sh$' %{_sysconfdir}/shells || \
|
||||
echo "%{_bindir}/sh" >> %{_sysconfdir}/shells
|
||||
grep -q '^%{_bindir}/bash$' %{_sysconfdir}/shells || \
|
||||
echo "%{_bindir}/bash" >> %{_sysconfdir}/shells
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -285,24 +292,24 @@ if [ $1 -eq 0 ] ; then
|
|||
rm -f /root/.bash_logout
|
||||
fi
|
||||
if [ ! -x /bin/sh ]; then
|
||||
grep -v '^/bin/sh$' /etc/shells | \
|
||||
grep -v '^/bin/sh$' > /etc/shells.rpm && \
|
||||
mv /etc/shells.rpm /etc/shells
|
||||
grep -v '^/bin/sh$' %{_sysconfdir}/shells | \
|
||||
grep -v '^/bin/sh$' > %{_sysconfdir}/shells.rpm && \
|
||||
mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells
|
||||
fi
|
||||
if [ ! -x /bin/bash ]; then
|
||||
grep -v '^/bin/bash$' /etc/shells | \
|
||||
grep -v '^/bin/bash$' > /etc/shells.rpm && \
|
||||
mv /etc/shells.rpm /etc/shells
|
||||
grep -v '^/bin/bash$' %{_sysconfdir}/shells | \
|
||||
grep -v '^/bin/bash$' > %{_sysconfdir}/shells.rpm && \
|
||||
mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells
|
||||
fi
|
||||
if [ ! -x %{_bindir}/sh ]; then
|
||||
grep -v '^%{_bindir}/sh$' /etc/shells | \
|
||||
grep -v '^%{_bindir}/sh$' > /etc/shells.rpm && \
|
||||
mv /etc/shells.rpm /etc/shells
|
||||
grep -v '^%{_bindir}/sh$' %{_sysconfdir}/shells | \
|
||||
grep -v '^%{_bindir}/sh$' > %{_sysconfdir}/shells.rpm && \
|
||||
mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells
|
||||
fi
|
||||
if [ ! -x %{_bindir}/bash ]; then
|
||||
grep -v '^%{_bindir}/bash$' /etc/shells | \
|
||||
grep -v '^%{_bindir}/bash$' > /etc/shells.rpm && \
|
||||
mv /etc/shells.rpm /etc/shells
|
||||
grep -v '^%{_bindir}/bash$' %{_sysconfdir}/shells | \
|
||||
grep -v '^%{_bindir}/bash$' > %{_sysconfdir}/shells.rpm && \
|
||||
mv %{_sysconfdir}/shells.rpm %{_sysconfdir}/shells
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -315,7 +322,7 @@ fi
|
|||
%{_defaultdocdir}/%{name}-%{version}/*
|
||||
%{_defaultdocdir}/%{name}/*
|
||||
%{_mandir}/*/*
|
||||
/usr/share/bash-completion/
|
||||
%{_datadir}/bash-completion/
|
||||
|
||||
%files devel
|
||||
%{_includedir}/%{name}/*
|
||||
|
@ -325,54 +332,81 @@ fi
|
|||
%defattr(-,root,root)
|
||||
|
||||
%changelog
|
||||
* Fri Jul 31 2020 Leandro Pereira <leperei@microsoft.com> 4.4.18-5
|
||||
* Thu Oct 22 2020 Thomas Crain <thcrain@microsoft.com> - 4.4.18-6
|
||||
- Nopatch CVE-2019-18276
|
||||
|
||||
* Fri Jul 31 2020 Leandro Pereira <leperei@microsoft.com> - 4.4.18-5
|
||||
- Don't stomp on CFLAGS.
|
||||
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 4.4.18-4
|
||||
- Added %%license line automatically
|
||||
* Thu Feb 27 2020 Henry Beberman <hebeberm@microsoft.com> 4.4.18-3
|
||||
|
||||
* Thu Feb 27 2020 Henry Beberman <hebeberm@microsoft.com> - 4.4.18-3
|
||||
- Explicitly provide /usr/bin/sh and /usr/bin/bash
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 4.4.18-2
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 4.4.18-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
* Mon Sep 24 2018 Sujay G <gsujay@vmware.com> 4.4.18-1
|
||||
|
||||
* Mon Sep 24 2018 Sujay G <gsujay@vmware.com> - 4.4.18-1
|
||||
- Bump bash version to 4.4.18
|
||||
* Fri Jan 26 2018 Alexey Makhalov <amakhalov@vmware.com> 4.4.12-3
|
||||
|
||||
* Fri Jan 26 2018 Alexey Makhalov <amakhalov@vmware.com> - 4.4.12-3
|
||||
- Run bash_completion only for bash interactive shell
|
||||
* Mon Dec 11 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.4.12-2
|
||||
|
||||
* Mon Dec 11 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 4.4.12-2
|
||||
- conditionally apply grep color alias
|
||||
* Mon Nov 13 2017 Xiaolin Li <xiaolinl@vmware.com> 4.4.12-1
|
||||
|
||||
* Mon Nov 13 2017 Xiaolin Li <xiaolinl@vmware.com> - 4.4.12-1
|
||||
- Upstream patch level 12 applied
|
||||
* Mon Oct 02 2017 Kumar Kaushik <kaushikk@vmware.com> 4.4-6
|
||||
|
||||
* Mon Oct 02 2017 Kumar Kaushik <kaushikk@vmware.com> - 4.4-6
|
||||
- Adding security fix for CVE-2017-5932.
|
||||
* Thu Jun 8 2017 Bo Gan <ganb@vmware.com> 4.4-5
|
||||
|
||||
* Thu Jun 8 2017 Bo Gan <ganb@vmware.com> - 4.4-5
|
||||
- Fix dependency again
|
||||
|
||||
* Wed Jun 7 2017 Divya Thaluru <dthaluru@vmware.com> 4.4-4
|
||||
- Added /usr/bin/sh and /bin/sh entries in /etc/shells
|
||||
* Sun Jun 4 2017 Bo Gan <ganb@vmware.com> 4.4-3
|
||||
|
||||
* Sun Jun 4 2017 Bo Gan <ganb@vmware.com> - 4.4-3
|
||||
- Fix dependency
|
||||
* Thu Feb 2 2017 Divya Thaluru <dthaluru@vmware.com> 4.4-2
|
||||
|
||||
* Thu Feb 2 2017 Divya Thaluru <dthaluru@vmware.com> - 4.4-2
|
||||
- Modified bash entry in /etc/shells
|
||||
* Fri Jan 13 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.4-1
|
||||
|
||||
* Fri Jan 13 2017 Dheeraj Shetty <dheerajs@vmware.com> - 4.4-1
|
||||
- Upgraded version to 4.4
|
||||
* Tue Jan 10 2017 Divya Thaluru <dthaluru@vmware.com> 4.3.30-7
|
||||
|
||||
* Tue Jan 10 2017 Divya Thaluru <dthaluru@vmware.com> - 4.3.30-7
|
||||
- Added bash entry to /etc/shells
|
||||
* Wed Nov 16 2016 Alexey Makhalov <amakhalov@vmware.com> 4.3.30-6
|
||||
|
||||
* Wed Nov 16 2016 Alexey Makhalov <amakhalov@vmware.com> - 4.3.30-6
|
||||
- Add readline requirements
|
||||
* Fri Aug 19 2016 Alexey Makhalov <amakhalov@vmware.com> 4.3.30-5
|
||||
|
||||
* Fri Aug 19 2016 Alexey Makhalov <amakhalov@vmware.com> - 4.3.30-5
|
||||
- Enable bash completion support
|
||||
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.3.30-4
|
||||
|
||||
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 4.3.30-4
|
||||
- GA - Bump release of all rpms
|
||||
|
||||
* Tue May 3 2016 Divya Thaluru <dthaluru@vmware.com> 4.3.30-3
|
||||
- Fixing spec file to handle rpm upgrade scenario correctly
|
||||
* Thu Mar 10 2016 Divya Thaluru <dthaluru@vmware.com> 4.3.30-2
|
||||
|
||||
* Thu Mar 10 2016 Divya Thaluru <dthaluru@vmware.com> - 4.3.30-2
|
||||
- Adding compile options to load bash.bashrc file and
|
||||
loading source file during non-inetractive non-login shell
|
||||
* Tue Jan 12 2016 Xiaolin Li <xiaolinl@vmware.com> 4.3.30-1
|
||||
|
||||
* Tue Jan 12 2016 Xiaolin Li <xiaolinl@vmware.com> - 4.3.30-1
|
||||
- Updated to version 4.3.30
|
||||
* Wed Aug 05 2015 Kumar Kaushik <kaushikk@vmware.com> 4.3-4
|
||||
|
||||
* Wed Aug 05 2015 Kumar Kaushik <kaushikk@vmware.com> - 4.3-4
|
||||
- Adding post unstall section.
|
||||
* Wed Jul 22 2015 Alexey Makhalov <amakhalov@vmware.com> 4.3-3
|
||||
|
||||
* Wed Jul 22 2015 Alexey Makhalov <amakhalov@vmware.com> - 4.3-3
|
||||
- Fix segfault in save_bash_input.
|
||||
* Tue Jun 30 2015 Alexey Makhalov <amakhalov@vmware.com> 4.3-2
|
||||
|
||||
* Tue Jun 30 2015 Alexey Makhalov <amakhalov@vmware.com> - 4.3-2
|
||||
- /etc/profile.d permission fix. Pack /etc files into rpm
|
||||
* Wed Oct 22 2014 Divya Thaluru <dthaluru@vmware.com> 4.3-1
|
||||
|
||||
* Wed Oct 22 2014 Divya Thaluru <dthaluru@vmware.com> - 4.3-1
|
||||
- Initial version
|
||||
|
|
|
@ -1,30 +1,37 @@
|
|||
Summary: precision numeric processing language
|
||||
Name: bc
|
||||
Version: 1.07.1
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
URL: https://ftp.gnu.org/gnu/bc/
|
||||
URL: https://www.gnu.org/software/bc/
|
||||
Group: System Environment/base
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: https://ftp.gnu.org/gnu/bc/%{name}-%{version}.tar.gz
|
||||
%define sha1 bc=b4475c6d66590a5911d30f9747361db47231640a
|
||||
|
||||
BuildRequires: ed
|
||||
|
||||
%description
|
||||
The Bc package contains an arbitrary precision numeric processing language.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
%configure \
|
||||
--disable-silent-rules
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install
|
||||
install -vdm 755 %{buildroot}/%{_mandir}
|
||||
rm -rf %{buildroot}%{_infodir}
|
||||
|
||||
%check
|
||||
make %{?_smp_mflags} timetest
|
||||
pushd Test
|
||||
export OTHERBC=%{buildroot}%{_bindir}/bc
|
||||
./timetest
|
||||
popd
|
||||
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
|
@ -37,10 +44,12 @@ make %{?_smp_mflags} timetest
|
|||
%license COPYING
|
||||
%{_bindir}/*
|
||||
%{_mandir}/*/*
|
||||
%changelog
|
||||
* Sat May 09 00:21:27 PST 2020 Nick Samson <nisamson@microsoft.com> - 1.07.1-3
|
||||
- Added %%license line automatically
|
||||
|
||||
%changelog
|
||||
* Fri Jan 22 2021 Andrew Phelps <anphel@microsoft.com> 1.07.1-4
|
||||
- Fix check test. Remove sha1. Change URL to GNU bc homepage.
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.07.1-3
|
||||
- Added %%license line automatically
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.07.1-2
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
* Mon Oct 1 2018 Sujay G <gsujay@vmware.com> 1.07.1-1
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
--- a/bfd/elfcode.h
|
||||
+++ b/bfd/elfcode.h
|
||||
@@ -755,7 +755,8 @@
|
||||
/* A further sanity check. */
|
||||
if (i_ehdrp->e_shnum != 0)
|
||||
{
|
||||
- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
|
||||
+ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
|
||||
+ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
|
||||
{
|
||||
/* PR 2257:
|
||||
We used to just goto got_wrong_format_error here
|
|
@ -0,0 +1,17 @@
|
|||
--- a/libiberty/simple-object-elf.c
|
||||
+++ b/libiberty/simple-object-elf.c
|
||||
@@ -548,6 +548,14 @@
|
||||
XDELETE (eor);
|
||||
return NULL;
|
||||
}
|
||||
+
|
||||
+ if (!eor->shstrndx)
|
||||
+ {
|
||||
+ *errmsg = "invalid ELF shstrndx == 0";
|
||||
+ *err = 0;
|
||||
+ XDELETE (eor);
|
||||
+ return NULL;
|
||||
+ }
|
||||
|
||||
return (void *) eor;
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
--- a/binutils/readelf.c
|
||||
+++ b/binutils/readelf.c
|
||||
@@ -13213,7 +13213,7 @@
|
||||
}
|
||||
|
||||
rloc = start + rp->r_offset;
|
||||
- if ((rloc + reloc_size) > end || (rloc < start))
|
||||
+ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
|
||||
{
|
||||
warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
|
||||
(unsigned long) rp->r_offset,
|
|
@ -0,0 +1,72 @@
|
|||
--- a/bfd/dwarf2.c
|
||||
+++ b/bfd/dwarf2.c
|
||||
@@ -2803,13 +2803,13 @@
|
||||
}
|
||||
|
||||
static bfd_boolean
|
||||
-find_abstract_instance (struct comp_unit * unit,
|
||||
- bfd_byte * orig_info_ptr,
|
||||
- struct attribute * attr_ptr,
|
||||
- const char ** pname,
|
||||
- bfd_boolean * is_linkage,
|
||||
- char ** filename_ptr,
|
||||
- int * linenumber_ptr)
|
||||
+find_abstract_instance (struct comp_unit *unit,
|
||||
+ struct attribute *attr_ptr,
|
||||
+ unsigned int recur_count,
|
||||
+ const char **pname,
|
||||
+ bfd_boolean *is_linkage,
|
||||
+ char **filename_ptr,
|
||||
+ int *linenumber_ptr)
|
||||
{
|
||||
bfd *abfd = unit->abfd;
|
||||
bfd_byte *info_ptr;
|
||||
@@ -2820,6 +2820,14 @@
|
||||
struct attribute attr;
|
||||
const char *name = NULL;
|
||||
|
||||
+ if (recur_count == 100)
|
||||
+ {
|
||||
+ _bfd_error_handler
|
||||
+ (_("DWARF error: abstract instance recursion detected"));
|
||||
+ bfd_set_error (bfd_error_bad_value);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
/* DW_FORM_ref_addr can reference an entry in a different CU. It
|
||||
is an offset from the .debug_info section, not the current CU. */
|
||||
if (attr_ptr->form == DW_FORM_ref_addr)
|
||||
@@ -2939,15 +2947,6 @@
|
||||
info_ptr, info_ptr_end);
|
||||
if (info_ptr == NULL)
|
||||
break;
|
||||
- /* It doesn't ever make sense for DW_AT_specification to
|
||||
- refer to the same DIE. Stop simple recursion. */
|
||||
- if (info_ptr == orig_info_ptr)
|
||||
- {
|
||||
- _bfd_error_handler
|
||||
- (_("DWARF error: abstract instance recursion detected"));
|
||||
- bfd_set_error (bfd_error_bad_value);
|
||||
- return FALSE;
|
||||
- }
|
||||
switch (attr.name)
|
||||
{
|
||||
case DW_AT_name:
|
||||
@@ -2961,7 +2960,7 @@
|
||||
}
|
||||
break;
|
||||
case DW_AT_specification:
|
||||
- if (!find_abstract_instance (unit, info_ptr, &attr,
|
||||
+ if (!find_abstract_instance (unit, &attr, recur_count + 1,
|
||||
&name, is_linkage,
|
||||
filename_ptr, linenumber_ptr))
|
||||
return FALSE;
|
||||
@@ -3175,7 +3174,7 @@
|
||||
|
||||
case DW_AT_abstract_origin:
|
||||
case DW_AT_specification:
|
||||
- if (!find_abstract_instance (unit, info_ptr, &attr,
|
||||
+ if (!find_abstract_instance (unit, &attr, 0,
|
||||
&func->name,
|
||||
&func->is_linkage,
|
||||
&func->file,
|
|
@ -0,0 +1,20 @@
|
|||
--- a/bfd/dwarf2.c
|
||||
+++ b/bfd/dwarf2.c
|
||||
@@ -4426,7 +4425,16 @@
|
||||
for (total_size = 0;
|
||||
msec;
|
||||
msec = find_debug_info (debug_bfd, debug_sections, msec))
|
||||
- total_size += msec->size;
|
||||
+ {
|
||||
+ /* Catch PR25070 testcase overflowing size calculation here. */
|
||||
+ if (total_size + msec->size < total_size
|
||||
+ || total_size + msec->size < msec->size)
|
||||
+ {
|
||||
+ bfd_set_error (bfd_error_no_memory);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+ total_size += msec->size;
|
||||
+ }
|
||||
|
||||
stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
|
||||
if (stash->info_ptr_memory == NULL)
|
|
@ -1,2 +0,0 @@
|
|||
CVE-2019-9070 addresses a bug in GNU libiberty. GNU libiberty is now part of
|
||||
gcc. This bug was fixed in the gcc upstream.
|
|
@ -0,0 +1,110 @@
|
|||
--- a/libiberty/cp-demangle.c
|
||||
+++ b/libiberty/cp-demangle.c
|
||||
@@ -861,7 +861,7 @@
|
||||
int
|
||||
cplus_demangle_fill_name (struct demangle_component *p, const char *s, int len)
|
||||
{
|
||||
- if (p == NULL || s == NULL || len == 0)
|
||||
+ if (p == NULL || s == NULL || len <= 0)
|
||||
return 0;
|
||||
p->d_printing = 0;
|
||||
p->type = DEMANGLE_COMPONENT_NAME;
|
||||
@@ -4055,7 +4055,7 @@
|
||||
are larger than the actual numbers encountered. */
|
||||
|
||||
static void
|
||||
-d_count_templates_scopes (int *num_templates, int *num_scopes,
|
||||
+d_count_templates_scopes (struct d_print_info *dpi,
|
||||
const struct demangle_component *dc)
|
||||
{
|
||||
if (dc == NULL)
|
||||
@@ -4075,13 +4075,13 @@
|
||||
break;
|
||||
|
||||
case DEMANGLE_COMPONENT_TEMPLATE:
|
||||
- (*num_templates)++;
|
||||
+ dpi->num_copy_templates++;
|
||||
goto recurse_left_right;
|
||||
|
||||
case DEMANGLE_COMPONENT_REFERENCE:
|
||||
case DEMANGLE_COMPONENT_RVALUE_REFERENCE:
|
||||
if (d_left (dc)->type == DEMANGLE_COMPONENT_TEMPLATE_PARAM)
|
||||
- (*num_scopes)++;
|
||||
+ dpi->num_saved_scopes++;
|
||||
goto recurse_left_right;
|
||||
|
||||
case DEMANGLE_COMPONENT_QUAL_NAME:
|
||||
@@ -4146,42 +4146,42 @@
|
||||
case DEMANGLE_COMPONENT_TAGGED_NAME:
|
||||
case DEMANGLE_COMPONENT_CLONE:
|
||||
recurse_left_right:
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- d_left (dc));
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- d_right (dc));
|
||||
+ /* PR 89394 - Check for too much recursion. */
|
||||
+ if (dpi->recursion > DEMANGLE_RECURSION_LIMIT)
|
||||
+ /* FIXME: There ought to be a way to report to the
|
||||
+ user that the recursion limit has been reached. */
|
||||
+ return;
|
||||
+
|
||||
+ ++ dpi->recursion;
|
||||
+ d_count_templates_scopes (dpi, d_left (dc));
|
||||
+ d_count_templates_scopes (dpi, d_right (dc));
|
||||
+ -- dpi->recursion;
|
||||
break;
|
||||
|
||||
case DEMANGLE_COMPONENT_CTOR:
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- dc->u.s_ctor.name);
|
||||
+ d_count_templates_scopes (dpi, dc->u.s_ctor.name);
|
||||
break;
|
||||
|
||||
case DEMANGLE_COMPONENT_DTOR:
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- dc->u.s_dtor.name);
|
||||
+ d_count_templates_scopes (dpi, dc->u.s_dtor.name);
|
||||
break;
|
||||
|
||||
case DEMANGLE_COMPONENT_EXTENDED_OPERATOR:
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- dc->u.s_extended_operator.name);
|
||||
+ d_count_templates_scopes (dpi, dc->u.s_extended_operator.name);
|
||||
break;
|
||||
|
||||
case DEMANGLE_COMPONENT_FIXED_TYPE:
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- dc->u.s_fixed.length);
|
||||
+ d_count_templates_scopes (dpi, dc->u.s_fixed.length);
|
||||
break;
|
||||
|
||||
case DEMANGLE_COMPONENT_GLOBAL_CONSTRUCTORS:
|
||||
case DEMANGLE_COMPONENT_GLOBAL_DESTRUCTORS:
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- d_left (dc));
|
||||
+ d_count_templates_scopes (dpi, d_left (dc));
|
||||
break;
|
||||
|
||||
case DEMANGLE_COMPONENT_LAMBDA:
|
||||
case DEMANGLE_COMPONENT_DEFAULT_ARG:
|
||||
- d_count_templates_scopes (num_templates, num_scopes,
|
||||
- dc->u.s_unary_num.sub);
|
||||
+ d_count_templates_scopes (dpi, dc->u.s_unary_num.sub);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -4216,8 +4216,12 @@
|
||||
dpi->next_copy_template = 0;
|
||||
dpi->num_copy_templates = 0;
|
||||
|
||||
- d_count_templates_scopes (&dpi->num_copy_templates,
|
||||
- &dpi->num_saved_scopes, dc);
|
||||
+ d_count_templates_scopes (dpi, dc);
|
||||
+ /* If we did not reach the recursion limit, then reset the
|
||||
+ current recursion value back to 0, so that we can print
|
||||
+ the templates. */
|
||||
+ if (dpi->recursion < DEMANGLE_RECURSION_LIMIT)
|
||||
+ dpi->recursion = 0;
|
||||
dpi->num_copy_templates *= dpi->num_saved_scopes;
|
||||
|
||||
dpi->current_template = NULL;
|
|
@ -0,0 +1,13 @@
|
|||
--- a/binutils/objdump.c
|
||||
+++ b/binutils/objdump.c
|
||||
@@ -3178,7 +3178,9 @@
|
||||
static void
|
||||
dump_bfd_private_header (bfd *abfd)
|
||||
{
|
||||
- bfd_print_private_bfd_data (abfd, stdout);
|
||||
+ if (!bfd_print_private_bfd_data (abfd, stdout))
|
||||
+ non_fatal (_("warning: private headers incomplete: %s"),
|
||||
+ bfd_errmsg (bfd_get_error ()));
|
||||
}
|
||||
|
||||
static void
|
|
@ -0,0 +1,33 @@
|
|||
--- a/bfd/pei-x86_64.c
|
||||
+++ b/bfd/pei-x86_64.c
|
||||
@@ -541,7 +541,7 @@
|
||||
/* virt_size might be zero for objects. */
|
||||
if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
|
||||
{
|
||||
- stop = (datasize / onaline) * onaline;
|
||||
+ stop = datasize;
|
||||
virt_size_is_zero = TRUE;
|
||||
}
|
||||
else if (datasize < stop)
|
||||
@@ -551,8 +551,8 @@
|
||||
_("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
|
||||
pdata_section->name, (unsigned long) datasize,
|
||||
(unsigned long) stop);
|
||||
- /* Be sure not to read passed datasize. */
|
||||
- stop = datasize / onaline;
|
||||
+ /* Be sure not to read past datasize. */
|
||||
+ stop = datasize;
|
||||
}
|
||||
|
||||
/* Display functions table. */
|
||||
@@ -724,8 +724,7 @@
|
||||
altent += imagebase;
|
||||
|
||||
if (altent >= pdata_vma
|
||||
- && (altent + PDATA_ROW_SIZE <= pdata_vma
|
||||
- + pei_section_data (abfd, pdata_section)->virt_size))
|
||||
+ && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
|
||||
{
|
||||
pex64_get_runtime_function
|
||||
(abfd, &arf, &pdata[altent - pdata_vma]);
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From f2a3559d54602cecfec6d90f792be4a70ad918ab Mon Sep 17 00:00:00 2001
|
||||
From: Nick Clifton <nickc@redhat.com>
|
||||
Date: Fri, 3 Jan 2020 16:17:53 +0000
|
||||
Subject: [PATCH] Fix potential illegal memory access when parsing a corrupt
|
||||
PEF format file.
|
||||
|
||||
PR 25307
|
||||
(bfd_pef_parse_function_stubs): Correct the test that ensures that
|
||||
there is enough data remaining in the code buffer before
|
||||
attempting to read a function stub.
|
||||
---
|
||||
bfd/pef.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bfd/pef.c b/bfd/pef.c
|
||||
index 726b8d7493..574d9bcb5d 100644
|
||||
--- a/bfd/pef.c
|
||||
+++ b/bfd/pef.c
|
||||
@@ -806,7 +806,7 @@ bfd_pef_parse_function_stubs (bfd *abfd,
|
||||
codepos += 4;
|
||||
}
|
||||
|
||||
- if ((codepos + 4) > codelen)
|
||||
+ if ((codepos + 24) > codelen)
|
||||
break;
|
||||
|
||||
ret = bfd_pef_parse_function_stub (abfd, codebuf + codepos, 24, &sym_index);
|
||||
--
|
||||
2.25.1
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From 8c5e259235a4e4546910245b170de1e29a711034 Mon Sep 17 00:00:00 2001
|
||||
From: Alan Modra <amodra@gmail.com>
|
||||
Date: Sun, 29 Dec 2019 12:56:29 +1030
|
||||
Subject: [PATCH] Usage of unitialized heap in tic4x_print_cond
|
||||
|
||||
PR 25319
|
||||
* tic4x-dis.c (tic4x_print_cond): Init all of condtable.
|
||||
---
|
||||
opcodes/tic4x-dis.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/opcodes/tic4x-dis.c b/opcodes/tic4x-dis.c
|
||||
index d9f95c9410..01cfa1e060 100644
|
||||
--- a/opcodes/tic4x-dis.c
|
||||
+++ b/opcodes/tic4x-dis.c
|
||||
@@ -277,7 +277,7 @@ tic4x_print_cond (struct disassemble_info *info, unsigned int cond)
|
||||
|
||||
if (condtable == NULL)
|
||||
{
|
||||
- condtable = xmalloc (sizeof (tic4x_cond_t *) * 32);
|
||||
+ condtable = xcalloc (sizeof (tic4x_cond_t *), 32);
|
||||
for (i = 0; i < tic4x_num_conds; i++)
|
||||
condtable[tic4x_conds[i].cond] = (tic4x_cond_t *)(tic4x_conds + i);
|
||||
}
|
||||
--
|
||||
2.25.1
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From 2c5b6e1a1c406cbe06e2d6f77861764ebd01b9ce Mon Sep 17 00:00:00 2001
|
||||
From: Alan Modra <amodra@gmail.com>
|
||||
Date: Mon, 30 Dec 2019 09:19:25 +1030
|
||||
Subject: [PATCH] Re: Usage of unitialized heap in tic4x_print_cond
|
||||
|
||||
PR 25319
|
||||
* tic4x-dis.c (tic4x_print_cond): Correct order of xcalloc args.
|
||||
---
|
||||
opcodes/tic4x-dis.c | 2 +-
|
||||
1 files changed, 1 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/opcodes/tic4x-dis.c b/opcodes/tic4x-dis.c
|
||||
index 01cfa1e060..e058fdc9f8 100644
|
||||
--- a/opcodes/tic4x-dis.c
|
||||
+++ b/opcodes/tic4x-dis.c
|
||||
@@ -277,7 +277,7 @@ tic4x_print_cond (struct disassemble_info *info, unsigned int cond)
|
||||
|
||||
if (condtable == NULL)
|
||||
{
|
||||
- condtable = xcalloc (sizeof (tic4x_cond_t *), 32);
|
||||
+ condtable = xcalloc (32, sizeof (tic4x_cond_t *));
|
||||
for (i = 0; i < tic4x_num_conds; i++)
|
||||
condtable[tic4x_conds[i].cond] = (tic4x_cond_t *)(tic4x_conds + i);
|
||||
}
|
||||
--
|
||||
2.25.1
|
||||
|
|
@ -0,0 +1,203 @@
|
|||
From 7a0fb7be96e0ce79e1ae429bc1ba913e5244d537 Mon Sep 17 00:00:00 2001
|
||||
From: Nick Clifton <nickc@redhat.com>
|
||||
Date: Fri, 3 Jan 2020 14:41:02 +0000
|
||||
Subject: [PATCH] Fix potential illegal memory access failures in the BFD
|
||||
library by ensuring that the return value from bfd_malloc() is checked before
|
||||
it is used.
|
||||
|
||||
PR 25308
|
||||
* elf-properties.c (_bfd_elf_convert_gnu_properties): Check the
|
||||
return value from bfd_malloc.
|
||||
* elf32-arm.c (bfd_elf32_arm_vfp11_fix_veneer_locations): Likewise.
|
||||
(bfd_elf32_arm_stm32l4xx_fix_veneer_locations): Likewise.
|
||||
(elf32_arm_filter_cmse_symbols): Likewise.
|
||||
(elf32_arm_write_section): Likewise.
|
||||
* mach-o.c (bfd_mach_o_core_fetch_environment): Likewise.
|
||||
(bfd_mach_o_follow_dsym): Likewise.
|
||||
* pef.c (bfd_pef_print_loader_section): Likewise.
|
||||
(bfd_pef_scan_start_address): Likewise.
|
||||
(bfd_pef_parse_function_stubs): Likewise.
|
||||
(bfd_pef_parse_symbols): Likewise.
|
||||
---
|
||||
bfd/elf-properties.c | 2 ++
|
||||
bfd/elf32-arm.c | 11 ++++++-----
|
||||
bfd/mach-o.c | 7 +++++++
|
||||
bfd/pef.c | 11 +++++++++++
|
||||
4 files changed, 26 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/bfd/elf-properties.c b/bfd/elf-properties.c
|
||||
index a42abc44dd..76ddad6037 100644
|
||||
--- a/bfd/elf-properties.c
|
||||
+++ b/bfd/elf-properties.c
|
||||
@@ -703,6 +703,8 @@ _bfd_elf_convert_gnu_properties (bfd *ibfd, asection *isec,
|
||||
if (size > bfd_get_section_size (isec))
|
||||
{
|
||||
contents = (bfd_byte *) bfd_malloc (size);
|
||||
+ if (contents == NULL)
|
||||
+ return FALSE;
|
||||
free (*ptr);
|
||||
*ptr = contents;
|
||||
}
|
||||
diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
|
||||
index ae8a269426..2bf355a331 100644
|
||||
--- a/bfd/elf32-arm.c
|
||||
+++ b/bfd/elf32-arm.c
|
||||
@@ -7148,7 +7148,6 @@ find_arm_glue (struct bfd_link_info *link_info,
|
||||
|
||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name)
|
||||
+ strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1);
|
||||
-
|
||||
BFD_ASSERT (tmp_name);
|
||||
|
||||
sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name);
|
||||
@@ -7323,7 +7322,6 @@ record_arm_to_thumb_glue (struct bfd_link_info * link_info,
|
||||
|
||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name)
|
||||
+ strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1);
|
||||
-
|
||||
BFD_ASSERT (tmp_name);
|
||||
|
||||
sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name);
|
||||
@@ -7401,7 +7399,6 @@ record_arm_bx_glue (struct bfd_link_info * link_info, int reg)
|
||||
/* Add symbol for veneer. */
|
||||
tmp_name = (char *)
|
||||
bfd_malloc ((bfd_size_type) strlen (ARM_BX_GLUE_ENTRY_NAME) + 1);
|
||||
-
|
||||
BFD_ASSERT (tmp_name);
|
||||
|
||||
sprintf (tmp_name, ARM_BX_GLUE_ENTRY_NAME, reg);
|
||||
@@ -7493,7 +7490,6 @@ record_vfp11_erratum_veneer (struct bfd_link_info *link_info,
|
||||
|
||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||
(VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||
-
|
||||
BFD_ASSERT (tmp_name);
|
||||
|
||||
sprintf (tmp_name, VFP11_ERRATUM_VENEER_ENTRY_NAME,
|
||||
@@ -7613,7 +7609,6 @@ record_stm32l4xx_erratum_veneer (struct bfd_link_info *link_info,
|
||||
|
||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||
(STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||
-
|
||||
BFD_ASSERT (tmp_name);
|
||||
|
||||
sprintf (tmp_name, STM32L4XX_ERRATUM_VENEER_ENTRY_NAME,
|
||||
@@ -8644,6 +8639,7 @@ bfd_elf32_arm_vfp11_fix_veneer_locations (bfd *abfd,
|
||||
|
||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||
(VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||
+ BFD_ASSERT (tmp_name);
|
||||
|
||||
for (sec = abfd->sections; sec != NULL; sec = sec->next)
|
||||
{
|
||||
@@ -8731,6 +8727,7 @@ bfd_elf32_arm_stm32l4xx_fix_veneer_locations (bfd *abfd,
|
||||
|
||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||
(STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||
+ BFD_ASSERT (tmp_name);
|
||||
|
||||
for (sec = abfd->sections; sec != NULL; sec = sec->next)
|
||||
{
|
||||
@@ -18505,6 +18502,8 @@ elf32_arm_filter_cmse_symbols (bfd *abfd ATTRIBUTE_UNUSED,
|
||||
|
||||
maxnamelen = 128;
|
||||
cmse_name = (char *) bfd_malloc (maxnamelen);
|
||||
+ BFD_ASSERT (cmse_name);
|
||||
+
|
||||
for (src_count = 0; src_count < symcount; src_count++)
|
||||
{
|
||||
struct elf32_arm_link_hash_entry *cmse_hash;
|
||||
@@ -19700,6 +19699,8 @@ elf32_arm_write_section (bfd *output_bfd,
|
||||
unsigned int in_index, out_index;
|
||||
bfd_vma add_to_offsets = 0;
|
||||
|
||||
+ if (edited_contents == NULL)
|
||||
+ return FALSE;
|
||||
for (in_index = 0, out_index = 0; in_index * 8 < input_size || edit_node;)
|
||||
{
|
||||
if (edit_node)
|
||||
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
|
||||
index b494a77690..3b6fbb5788 100644
|
||||
--- a/bfd/mach-o.c
|
||||
+++ b/bfd/mach-o.c
|
||||
@@ -5752,6 +5752,8 @@ bfd_mach_o_core_fetch_environment (bfd *abfd,
|
||||
unsigned char *buf = bfd_malloc (1024);
|
||||
unsigned long size = 1024;
|
||||
|
||||
+ if (buf == NULL)
|
||||
+ return -1;
|
||||
for (;;)
|
||||
{
|
||||
bfd_size_type nread = 0;
|
||||
@@ -5797,6 +5799,8 @@ bfd_mach_o_core_fetch_environment (bfd *abfd,
|
||||
bottom = seg->fileoff + seg->filesize - offset;
|
||||
top = seg->fileoff + seg->filesize - 4;
|
||||
*rbuf = bfd_malloc (top - bottom);
|
||||
+ if (*rbuf == NULL)
|
||||
+ return -1;
|
||||
*rlen = top - bottom;
|
||||
|
||||
memcpy (*rbuf, buf + size - *rlen, *rlen);
|
||||
@@ -5941,6 +5945,9 @@ bfd_mach_o_follow_dsym (bfd *abfd)
|
||||
dsym_filename = (char *)bfd_malloc (strlen (base_bfd->filename)
|
||||
+ strlen (dsym_subdir) + 1
|
||||
+ strlen (base_basename) + 1);
|
||||
+ if (dsym_filename == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
sprintf (dsym_filename, "%s%s/%s",
|
||||
base_bfd->filename, dsym_subdir, base_basename);
|
||||
|
||||
diff --git a/bfd/pef.c b/bfd/pef.c
|
||||
index d88fed7138..726b8d7493 100644
|
||||
--- a/bfd/pef.c
|
||||
+++ b/bfd/pef.c
|
||||
@@ -447,6 +447,8 @@ bfd_pef_print_loader_section (bfd *abfd, FILE *file)
|
||||
|
||||
loaderlen = loadersec->size;
|
||||
loaderbuf = bfd_malloc (loaderlen);
|
||||
+ if (loaderbuf == NULL)
|
||||
+ return -1;
|
||||
|
||||
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0
|
||||
|| bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen
|
||||
@@ -478,6 +480,9 @@ bfd_pef_scan_start_address (bfd *abfd)
|
||||
|
||||
loaderlen = loadersec->size;
|
||||
loaderbuf = bfd_malloc (loaderlen);
|
||||
+ if (loaderbuf == NULL)
|
||||
+ goto end;
|
||||
+
|
||||
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
|
||||
goto error;
|
||||
if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
|
||||
@@ -753,6 +758,8 @@ bfd_pef_parse_function_stubs (bfd *abfd,
|
||||
(header.imported_library_count * sizeof (bfd_pef_imported_library));
|
||||
imports = bfd_malloc
|
||||
(header.total_imported_symbol_count * sizeof (bfd_pef_imported_symbol));
|
||||
+ if (libraries == NULL || imports == NULL)
|
||||
+ goto error;
|
||||
|
||||
if (loaderlen < (56 + (header.imported_library_count * 24)))
|
||||
goto error;
|
||||
@@ -897,6 +904,8 @@ bfd_pef_parse_symbols (bfd *abfd, asymbol **csym)
|
||||
{
|
||||
codelen = codesec->size;
|
||||
codebuf = bfd_malloc (codelen);
|
||||
+ if (codebuf == NULL)
|
||||
+ goto end;
|
||||
if (bfd_seek (abfd, codesec->filepos, SEEK_SET) < 0)
|
||||
goto end;
|
||||
if (bfd_bread ((void *) codebuf, codelen, abfd) != codelen)
|
||||
@@ -908,6 +917,8 @@ bfd_pef_parse_symbols (bfd *abfd, asymbol **csym)
|
||||
{
|
||||
loaderlen = loadersec->size;
|
||||
loaderbuf = bfd_malloc (loaderlen);
|
||||
+ if (loaderbuf == NULL)
|
||||
+ goto end;
|
||||
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
|
||||
goto end;
|
||||
if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
|
||||
--
|
||||
2.25.1
|
||||
|
|
@ -1,16 +1,36 @@
|
|||
Summary: Contains a linker, an assembler, and other tools
|
||||
Name: binutils
|
||||
Version: 2.32
|
||||
Release: 3%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: GPLv2+
|
||||
URL: http://www.gnu.org/software/binutils
|
||||
Group: System Environment/Base
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: http://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
|
||||
Group: System Environment/Base
|
||||
URL: https://www.gnu.org/software/binutils
|
||||
Source0: https://ftp.gnu.org/gnu/binutils/%{name}-%{version}.tar.xz
|
||||
Patch0: CVE-2019-9070.nopatch
|
||||
Patch1: CVE-2019-9075.patch
|
||||
Patch2: CVE-2019-9077.patch
|
||||
Patch3: CVE-2019-12972.patch
|
||||
Patch4: CVE-2019-14250.patch
|
||||
Patch5: CVE-2019-14444.patch
|
||||
Patch6: CVE-2019-9071.patch
|
||||
# Binutils commmunity does not consider this a bug
|
||||
Patch7: CVE-2019-9072.nopatch
|
||||
Patch8: CVE-2019-9073.patch
|
||||
Patch9: CVE-2019-9074.patch
|
||||
# Binutils community does not consider this a bug
|
||||
Patch10: CVE-2019-9076.nopatch
|
||||
Patch11: CVE-2019-17450.patch
|
||||
Patch12: CVE-2019-17451.patch
|
||||
Patch13: CVE-2020-35493.patch
|
||||
Patch14: CVE-2020-35494-helper.patch
|
||||
Patch15: CVE-2020-35494.patch
|
||||
Patch16: CVE-2020-35495.patch
|
||||
# Fix is included in CVE-2020-35495.patch.
|
||||
Patch17: CVE-2020-35496.nopatch
|
||||
# Fix is included in CVE-2020-35495.patch.
|
||||
Patch18: CVE-2020-35507.nopatch
|
||||
|
||||
%description
|
||||
The Binutils package contains a linker, an assembler,
|
||||
|
@ -25,9 +45,7 @@ It contains the libraries and header files to create applications
|
|||
for handling compiled objects.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
%configure \
|
||||
|
@ -43,7 +61,7 @@ make %{?_smp_mflags} tooldir=%{_prefix}
|
|||
|
||||
%install
|
||||
make %{?_smp_mflags} DESTDIR=%{buildroot} tooldir=%{_prefix} install
|
||||
find %{buildroot} -name '*.la' -delete
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
rm -rf %{buildroot}/%{_infodir}
|
||||
%find_lang %{name} --all-name
|
||||
|
||||
|
@ -53,6 +71,7 @@ make %{?_smp_mflags} check
|
|||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%files -f %{name}.lang
|
||||
%defattr(-,root,root)
|
||||
%license COPYING
|
||||
|
@ -111,7 +130,28 @@ make %{?_smp_mflags} check
|
|||
%{_libdir}/libopcodes.so
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:21:17 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.32-3
|
||||
* Mon Jan 11 2021 Emre Girgin <mrgirgin@microsoft.com> - 2.32-5
|
||||
- Update URL and Source0 to use https.
|
||||
- Fix CVE-2020-35493.
|
||||
- Fix CVE-2020-35494.
|
||||
- Fix CVE-2020-35495.
|
||||
- Fix CVE-2020-35496.
|
||||
- Fix CVE-2020-35507.
|
||||
|
||||
* Thu Oct 22 2020 Nicolas Ontiveros <niontive@microsoft.com> 2.32-4
|
||||
- Use autosetup
|
||||
- Fix CVE-2019-12972.
|
||||
- Fix CVE-2019-14250.
|
||||
- Fix CVE-2019-14444.
|
||||
- Fix CVE-2019-9071.
|
||||
- No patch CVE-2019-9072.
|
||||
- Fix CVE-2019-9073.
|
||||
- Fix CVE-2019-9074.
|
||||
- No patch CVE-2019-9076.
|
||||
- Fix CVE-2019-17450.
|
||||
- Fix CVE-2019-17451.
|
||||
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.32-3
|
||||
- Added %%license line automatically
|
||||
|
||||
* Wed May 06 2020 Nicolas Ontiveros <niontive@microsoft.com> 2.32-2
|
||||
|
@ -119,61 +159,87 @@ make %{?_smp_mflags} check
|
|||
- Fix CVE-2019-9075.
|
||||
- Fix CVE-2019-9070.
|
||||
- Remove sha1 macro.
|
||||
|
||||
* Thu Feb 06 2020 Andrew Phelps <anphel@microsoft.com> 2.32-1
|
||||
- Update to version 2.32
|
||||
|
||||
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2.31.1-5
|
||||
- Initial CBL-Mariner import from Photon (license: Apache2).
|
||||
|
||||
* Thu Mar 14 2019 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.31.1-4
|
||||
- Fix CVE-2019-9075 and CVE-2019-9077
|
||||
|
||||
* Tue Jan 22 2019 Anish Swaminathan <anishs@vmware.com> 2.31.1-3
|
||||
- fix CVE-2018-1000876
|
||||
|
||||
* Tue Jan 08 2019 Alexey Makhalov <amakhalov@vmware.com> 2.31.1-2
|
||||
- Fix CVE-2018-17358, CVE-2018-17359 and CVE-2018-17360
|
||||
|
||||
* Fri Sep 21 2018 Keerthana K <keerthanak@vmware.com> 2.31.1-1
|
||||
- Update to version 2.31.1
|
||||
|
||||
* Wed Aug 1 2018 Keerthana K <keerthanak@vmware.com> 2.31-1
|
||||
- Update to version 2.31.
|
||||
|
||||
* Thu Jun 7 2018 Keerthana K <keerthanak@vmware.com> 2.30-4
|
||||
- Fix CVE-2018-10373
|
||||
|
||||
* Mon Mar 19 2018 Alexey Makhalov <amakhalov@vmware.com> 2.30-3
|
||||
- Add libiberty to the -devel package
|
||||
|
||||
* Wed Feb 28 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-2
|
||||
- Fix CVE-2018-6543.
|
||||
|
||||
* Mon Jan 29 2018 Xiaolin Li <xiaolinl@vmware.com> 2.30-1
|
||||
- Update to version 2.30
|
||||
|
||||
* Mon Dec 18 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-5
|
||||
- Fix CVEs CVE-2017-17121, CVE-2017-17122, CVE-2017-17123,
|
||||
- CVE-2017-17124, CVE-2017-17125
|
||||
|
||||
* Mon Dec 4 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-4
|
||||
- Fix CVEs CVE-2017-16826, CVE-2017-16827, CVE-2017-16828, CVE-2017-16829,
|
||||
- CVE-2017-16830, CVE-2017-16831, CVE-2017-16832
|
||||
|
||||
* Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> 2.29.1-3
|
||||
- Aarch64 support
|
||||
- Parallel build
|
||||
|
||||
* Thu Oct 12 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-2
|
||||
- Add patch to fix CVE-2017-15020
|
||||
|
||||
* Mon Oct 2 2017 Anish Swaminathan <anishs@vmware.com> 2.29.1-1
|
||||
- Version update to 2.29.1, fix CVEs CVE-2017-12799, CVE-2017-14729,CVE-2017-14745
|
||||
|
||||
* Fri Aug 11 2017 Anish Swaminathan <anishs@vmware.com> 2.29-3
|
||||
- Apply patches for CVE-2017-12448,CVE-2017-12449,CVE-2017-12450,CVE-2017-12451,
|
||||
- CVE-2017-12452,CVE-2017-12453,CVE-2017-12454,CVE-2017-12455,CVE-2017-12456,
|
||||
- CVE-2017-12457,CVE-2017-12458,CVE-2017-12459
|
||||
|
||||
* Tue Aug 8 2017 Rongrong Qiu <rqiu@vmware.com> 2.29-2
|
||||
- fix for make check for bug 1900247
|
||||
|
||||
* Wed Aug 2 2017 Alexey Makhalov <amakhalov@vmware.com> 2.29-1
|
||||
- Version update
|
||||
|
||||
* Tue May 16 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.28-2
|
||||
- Patch for CVE-2017-8421
|
||||
|
||||
* Thu Apr 06 2017 Anish Swaminathan <anishs@vmware.com> 2.28-1
|
||||
- Upgraded to version 2.28
|
||||
- Apply patch for CVE-2017-6969
|
||||
|
||||
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.25.1-2
|
||||
- GA - Bump release of all rpms
|
||||
|
||||
* Tue Jan 12 2016 Xiaolin Li <xiaolinl@vmware.com> 2.25.1-1
|
||||
- Updated to version 2.25.1
|
||||
|
||||
* Tue Nov 10 2015 Xiaolin Li <xiaolinl@vmware.com> 2.25-2
|
||||
- Handled locale files with macro find_lang
|
||||
|
||||
* Mon Apr 6 2015 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.25-1
|
||||
- Updated to 2.25
|
||||
|
||||
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 2.24-1
|
||||
- Initial build. First version
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"blobfuse-1.3.6.tar.gz": "c2682385039d129201e0d63c0861adf8dd34663ffa7a939d72529548a4451677"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,53 @@
|
|||
Summary: FUSE adapter - Azure Storage Blobs
|
||||
Name: blobfuse
|
||||
Version: 1.3.6
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Applications/Tools
|
||||
URL: https://github.com/Azure/azure-storage-fuse/
|
||||
Source0: https://github.com/Azure/azure-storage-fuse/archive/%{name}-%{version}.tar.gz
|
||||
BuildRequires: boost
|
||||
BuildRequires: boost-devel
|
||||
BuildRequires: boost-static
|
||||
BuildRequires: cmake
|
||||
BuildRequires: curl-devel
|
||||
BuildRequires: curl-libs
|
||||
BuildRequires: fuse-devel
|
||||
BuildRequires: gnutls
|
||||
BuildRequires: gnutls-devel
|
||||
BuildRequires: golang
|
||||
BuildRequires: libgcrypt-devel
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: util-linux-devel
|
||||
BuildRequires: util-linux-libs
|
||||
Requires: fuse
|
||||
|
||||
%description
|
||||
FUSE adapter - Azure Storage Blobs
|
||||
|
||||
%prep
|
||||
%autosetup -n azure-storage-fuse-blobfuse-%{version}
|
||||
|
||||
%build
|
||||
./build.sh
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}%{_bindir}
|
||||
install -p -m 755 build/blobfuse %{buildroot}%{_bindir}/
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%license LICENSE
|
||||
%{_bindir}/blobfuse
|
||||
|
||||
%changelog
|
||||
* Tue Feb 02 2021 Henry Beberman <henry.beberman@microsoft.com> 1.3.6-1
|
||||
- Add blobfuse spec
|
||||
- License verified
|
||||
- Original version for CBL-Mariner
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"bmon-4.0.tar.gz": "d5e503ff6b116c681ebf4d10e238604dde836dceb9c0008eb92416a96c87ca40"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
Summary: Monitoring and debugging tool to capture networking related statistics
|
||||
Name: bmon
|
||||
Version: 4.0
|
||||
Release: 1%{?dist}
|
||||
License: BSD-2-Clause AND MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Applications/System
|
||||
URL: https://github.com/tgraf/bmon
|
||||
Source0: https://github.com/tgraf/bmon/archive/%{name}-%{version}.tar.gz
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libconfuse-devel
|
||||
BuildRequires: libnl3-devel
|
||||
BuildRequires: make
|
||||
BuildRequires: ncurses-devel
|
||||
Requires: libconfuse
|
||||
Requires: libnl3
|
||||
Requires: ncurses
|
||||
|
||||
%description
|
||||
bmon is a monitoring and debugging tool to capture networking related
|
||||
statistics and prepare them visually in a human friendly way. It features
|
||||
various output methods including an interactive curses user interface and
|
||||
a programmable text output for scripting.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
%configure
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
%files
|
||||
%license LICENSE.BSD LICENSE.MIT
|
||||
%{_bindir}/bmon
|
||||
%{_docdir}/bmon/examples/bmon.conf
|
||||
%{_mandir}/man8/bmon.8.gz
|
||||
|
||||
%changelog
|
||||
* Mon Feb 08 2021 Henry Beberman <henry.beberman@microsoft.com> 4.0-1
|
||||
- Add bmon spec
|
||||
- License verified
|
||||
- Original version for CBL-Mariner
|
|
@ -4,4 +4,4 @@
|
|||
"gbc-0.11.0.3-aarch64": "2fa232b3ceb79ff2e002ad06f8da93bd59f81599102f95258b4dadb84d6b847d",
|
||||
"gbc-0.11.0.3-x86_64": "c64f9db841b8cccad4c8ec0bd724e52d28b51a15af145fe40223cd92d7356d71"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"bpftrace-0.11.4.tar.gz": "5b9c7509887e4337841e3188eabcc7247bc2c1cc312c983cbb8b77e341d20242"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
Summary: Berkeley Packet Filter Tracing Language
|
||||
Name: bpftrace
|
||||
Version: 0.11.4
|
||||
Release: 1%{?dist}
|
||||
License: ASL 2.0
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Applications/System
|
||||
URL: https://github.com/iovisor/bpftrace
|
||||
Source0: https://github.com/iovisor/%{name}/%{name}-%{version}.tar.gz
|
||||
BuildRequires: bcc-devel
|
||||
BuildRequires: binutils-devel
|
||||
BuildRequires: bison
|
||||
BuildRequires: clang-devel
|
||||
BuildRequires: cmake
|
||||
BuildRequires: elfutils-libelf-devel
|
||||
BuildRequires: flex
|
||||
BuildRequires: gcc
|
||||
BuildRequires: git
|
||||
BuildRequires: llvm-devel >= 8.0.1-5
|
||||
BuildRequires: make
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
BuildRequires: zlib-devel
|
||||
Requires: bcc
|
||||
Requires: binutils
|
||||
Requires: clang
|
||||
Requires: glibc
|
||||
Requires: libgcc
|
||||
Requires: libstdc++
|
||||
Requires: llvm >= 8.0.1-5
|
||||
|
||||
%description
|
||||
bpftrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter (eBPF)
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
mkdir build; cd build; cmake -DCMAKE_BUILD_TYPE=Release -DOFFLINE_BUILDS=true ..
|
||||
make bpftrace
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}%{_bindir}/
|
||||
mkdir -p %{buildroot}%{_datadir}/bpftrace/tools/doc
|
||||
install -p -m 755 build/src/bpftrace %{buildroot}%{_bindir}/
|
||||
install -p -m 755 tools/*.bt %{buildroot}%{_datadir}/bpftrace/tools
|
||||
install -p -m 644 tools/*.txt %{buildroot}%{_datadir}/bpftrace/tools/doc
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README.md CONTRIBUTING-TOOLS.md
|
||||
%{_bindir}/bpftrace
|
||||
%{_datadir}/bpftrace/tools
|
||||
|
||||
%changelog
|
||||
* Wed Feb 03 2021 Henry Beberman <henry.beberman@microsoft.com> - 0.11.4-1
|
||||
- Add bpftrace spec.
|
||||
- License verified
|
||||
- Original version for CBL-Mariner
|
File diff suppressed because it is too large
Load Diff
|
@ -1,20 +1,17 @@
|
|||
%define python3_sitearch %(python3 -c "from distutils.sysconfig import get_python_lib; import sys; sys.stdout.write(get_python_lib(1))")
|
||||
%define python3_version 3.7
|
||||
%define python3_version_nodots 37
|
||||
|
||||
Summary: Lossless compression algorithm
|
||||
Name: brotli
|
||||
Version: 1.0.7
|
||||
Release: 8%{?dist}
|
||||
Summary: Lossless compression algorithm
|
||||
Group: Applications/File
|
||||
|
||||
Release: 9%{?dist}
|
||||
License: MIT
|
||||
URL: https://github.com/google/brotli
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
%define sha1 %{name}-%{version}=ee64a380152aa20fbc1098fe3799104884c570c1
|
||||
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: Applications/File
|
||||
URL: https://github.com/google/brotli
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Patch0: CVE-2020-8927.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
|
@ -30,8 +27,8 @@ to the best currently available general-purpose compression methods.
|
|||
It is similar in speed with deflate but offers more dense compression.
|
||||
|
||||
%package -n python3-%{name}
|
||||
Summary: Lossless compression algorithm (python 3)
|
||||
%{?python_provide:%python_provide python3-%{name}}
|
||||
Summary: Lossless compression algorithm (python 3)
|
||||
|
||||
%description -n python3-%{name}
|
||||
Brotli is a generic-purpose lossless compression algorithm that compresses
|
||||
|
@ -41,7 +38,6 @@ to the best currently available general-purpose compression methods.
|
|||
It is similar in speed with deflate but offers more dense compression.
|
||||
This package installs a Python 3 module.
|
||||
|
||||
|
||||
%package devel
|
||||
Summary: Lossless compression algorithm (development files)
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
@ -55,7 +51,8 @@ It is similar in speed with deflate but offers more dense compression.
|
|||
This package installs the development files
|
||||
|
||||
%prep
|
||||
%setup
|
||||
%autosetup -p1
|
||||
|
||||
# fix permissions for -debuginfo
|
||||
# rpmlint will complain if I create an extra %%files section for
|
||||
# -debuginfo for this so we'll put it here instead
|
||||
|
@ -96,7 +93,6 @@ done
|
|||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
|
||||
%check
|
||||
cd build
|
||||
ctest -V
|
||||
|
@ -131,8 +127,12 @@ python3 setup.py test
|
|||
%{_mandir}/man3/encode.h.3brotli*
|
||||
%{_mandir}/man3/types.h.3brotli*
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Oct 30 2020 Thomas Crain <thcrain@microsoft.com> - 1.0.7-9
|
||||
- Patch CVE-2020-8927
|
||||
- Remove sha1 hash
|
||||
- Lint to Mariner style
|
||||
|
||||
* Tue Oct 20 2020 Andrew Phelps <anphel@microsoft.com> 1.0.7-8
|
||||
- Fix check test
|
||||
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
diff -up busybox-1.31.1/libbb/Kbuild.src.stime busybox-1.31.1/libbb/Kbuild.src
|
||||
--- busybox-1.31.1/libbb/Kbuild.src.stime 2019-11-13 17:08:22.808371597 -0500
|
||||
+++ busybox-1.31.1/libbb/Kbuild.src 2019-11-13 17:08:50.154882529 -0500
|
||||
@@ -198,3 +198,6 @@ lib-$(CONFIG_FEATURE_FIND_REGEX) += xreg
|
||||
|
||||
# Add the experimental logging functionality, only used by zcip
|
||||
lib-$(CONFIG_ZCIP) += logenv.o
|
||||
+
|
||||
+lib-$(CONFIG_DATE) += stime.o
|
||||
+lib-$(CONFIG_RDATE) += stime.o
|
||||
diff -up busybox-1.31.1/libbb/stime.c.stime busybox-1.31.1/libbb/stime.c
|
||||
--- busybox-1.31.1/libbb/stime.c.stime 2019-11-13 17:07:06.905723262 -0500
|
||||
+++ busybox-1.31.1/libbb/stime.c 2019-11-13 17:07:51.769924328 -0500
|
||||
@@ -0,0 +1,10 @@
|
||||
+#include <time.h>
|
||||
+#include <sys/time.h>
|
||||
+
|
||||
+int stime(const time_t *t) {
|
||||
+ struct timeval tv;
|
||||
+
|
||||
+ tv.tv_sec = *t;
|
||||
+ tv.tv_usec = 0;
|
||||
+ return settimeofday(&tv, NULL);
|
||||
+}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"busybox-1.32.0.tar.bz2": "c35d87f1d04b2b153d33c275c2632e40d388a88f19a9e71727e0bbbff51fe689",
|
||||
"busybox-petitboot.config": "28a4006863e0125bb564159c120067cb83b52ee0a829579cd399274cc78a10be",
|
||||
"busybox-static.config": "6f2f534548da57df8b1f5fd4dfe6ceece0f1b97bf7d0baa4c484ac9850cf8e37"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,610 @@
|
|||
Summary: Statically linked binary providing simplified versions of system commands
|
||||
Name: busybox
|
||||
Version: 1.32.0
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://busybox.net/
|
||||
Source: https://www.busybox.net/downloads/%{name}-%{version}.tar.bz2
|
||||
Source1: busybox-static.config
|
||||
Source2: busybox-petitboot.config
|
||||
Patch0: busybox-1.31.1-stime-fix.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: glibc-devel
|
||||
BuildRequires: libselinux-devel >= 1.27.7-2
|
||||
BuildRequires: libsepol-devel
|
||||
# libbb/hash_md5_sha.c
|
||||
# https://bugzilla.redhat.com/1024549
|
||||
Provides: bundled(md5-drepper2)
|
||||
# This package used to include a bundled copy of uClibc, but we now
|
||||
# use the system copy.
|
||||
%ifnarch aarch64
|
||||
BuildRequires: uclibc-devel
|
||||
%endif
|
||||
|
||||
%package petitboot
|
||||
Summary: Version of busybox configured for use with petitboot
|
||||
|
||||
%description
|
||||
Busybox is a single binary which includes versions of a large number
|
||||
of system commands, including a shell. This package can be very
|
||||
useful for recovering from certain types of system failures,
|
||||
particularly those involving broken shared libraries.
|
||||
|
||||
%description petitboot
|
||||
Busybox is a single binary which includes versions of a large number
|
||||
of system commands, including a shell. The version contained in this
|
||||
package is a minimal configuration intended for use with the Petitboot
|
||||
bootloader used on PlayStation 3. The busybox package provides a binary
|
||||
better suited to normal use.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .stime
|
||||
|
||||
%build
|
||||
# create static busybox - the executable is kept as busybox-static
|
||||
# We use uclibc instead of system glibc, uclibc is several times
|
||||
# smaller, this is important for static build.
|
||||
# uclibc can't be built on ppc64,s390,ia64, we set $arch to "" in this case
|
||||
arch=`uname -m | sed -e 's/i.86/i386/' -e 's/armv7l/arm/' -e 's/armv5tel/arm/' -e 's/aarch64//' -e 's/ppc64le//' -e 's/ppc64//' -e 's/powerpc64//' -e 's/ppc//' -e 's/ia64//' -e 's/s390.*//'`
|
||||
|
||||
cp %{SOURCE1} .config
|
||||
# set all new options to defaults
|
||||
yes "" | make oldconfig
|
||||
# gcc needs to be convinced to use neither system headers, nor libs,
|
||||
# nor startfiles (i.e. crtXXX.o files)
|
||||
# Also turn the stack protector off, otherwise the program segfaults.
|
||||
if test "$arch"; then \
|
||||
mv .config .config1 && \
|
||||
grep -v \
|
||||
-e ^CONFIG_FEATURE_HAVE_RPC \
|
||||
-e ^CONFIG_FEATURE_MOUNT_NFS \
|
||||
-e ^CONFIG_FEATURE_INETD_RPC \
|
||||
-e ^CONFIG_SELINUX \
|
||||
.config1 >.config && \
|
||||
yes "" | make oldconfig && \
|
||||
cat .config && \
|
||||
make V=1 \
|
||||
EXTRA_CFLAGS="-g -isystem %{_includedir}/uClibc -fno-stack-protector" \
|
||||
CFLAGS_busybox="-static -nostartfiles -L%{_libdir}/uClibc %{_libdir}/uClibc/crt1.o %{_libdir}/uClibc/crti.o %{_libdir}/uClibc/crtn.o"; \
|
||||
else \
|
||||
mv .config .config1 && \
|
||||
grep -v \
|
||||
-e ^CONFIG_FEATURE_HAVE_RPC \
|
||||
-e ^CONFIG_FEATURE_MOUNT_NFS \
|
||||
-e ^CONFIG_FEATURE_INETD_RPC \
|
||||
.config1 >.config && \
|
||||
echo "# CONFIG_FEATURE_HAVE_RPC is not set" >>.config && \
|
||||
echo "# CONFIG_FEATURE_MOUNT_NFS is not set" >>.config && \
|
||||
echo "# CONFIG_FEATURE_INETD_RPC is not set" >>.config && \
|
||||
yes "" | make oldconfig && \
|
||||
cat .config && \
|
||||
make V=1 CC="gcc %{optflags}"; \
|
||||
fi
|
||||
cp busybox_unstripped busybox.static
|
||||
cp docs/busybox.1 docs/busybox.static.1
|
||||
|
||||
# create busybox optimized for petitboot
|
||||
make clean
|
||||
# copy new configuration file
|
||||
cp %{SOURCE2} .config
|
||||
# set all new options to defaults
|
||||
yes "" | make oldconfig
|
||||
# -g is needed for generation of debuginfo.
|
||||
# (Don't want to use full-blown $RPM_OPT_FLAGS for this,
|
||||
# it makes binary much bigger: -O2 instead of -Os, many other options)
|
||||
if test "$arch"; then \
|
||||
cat .config && \
|
||||
make V=1 \
|
||||
EXTRA_CFLAGS="-g -isystem %{_includedir}/uClibc" \
|
||||
CFLAGS_busybox="-static -nostartfiles -L%{_libdir}/uClibc %{_libdir}/uClibc/crt1.o %{_libdir}/uClibc/crti.o %{_libdir}/uClibc/crtn.o"; \
|
||||
else \
|
||||
cat .config && \
|
||||
make V=1 CC="gcc %{optflags}"; \
|
||||
fi
|
||||
cp busybox_unstripped busybox.petitboot
|
||||
cp docs/busybox.1 docs/busybox.petitboot.1
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/sbin
|
||||
install -m 755 busybox.static %{buildroot}/sbin/busybox
|
||||
install -m 755 busybox.petitboot %{buildroot}/sbin/busybox.petitboot
|
||||
mkdir -p %{buildroot}/%{_mandir}/man1
|
||||
install -m 644 docs/busybox.static.1 %{buildroot}/%{_mandir}/man1/busybox.1
|
||||
install -m 644 docs/busybox.petitboot.1 %{buildroot}/%{_mandir}/man1/busybox.petitboot.1
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README
|
||||
/sbin/busybox
|
||||
%{_mandir}/man1/busybox.1.gz
|
||||
|
||||
%files petitboot
|
||||
%license LICENSE
|
||||
%doc README
|
||||
/sbin/busybox.petitboot
|
||||
%{_mandir}/man1/busybox.petitboot.1.gz
|
||||
|
||||
%changelog
|
||||
* Thu Oct 15 2020 Mateusz Malisz <mamalisz@microsoft.com> - 1.32.0-1
|
||||
- Initial CBL-Mariner import from Fedora 32 (license: MIT)
|
||||
- License Verified
|
||||
- Add -fno-stack-protector for x86 builds
|
||||
- Changed version from 1.31.1 to 1.32.0
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.31.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Nov 13 2019 Tom Callaway <spot@fedoraproject.org> - 1:1.31.1-1
|
||||
- update to 1.31.1 (fix FTBFS)
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.30.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Mon May 13 2019 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.30.1-2
|
||||
- Tweak .config files
|
||||
|
||||
* Mon May 13 2019 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.30.1-1
|
||||
- Update to 1.30.1
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.28.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.28.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu Apr 05 2018 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.28.3-1
|
||||
- Update to 1.28.3
|
||||
|
||||
* Mon Mar 26 2018 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.28.2-1
|
||||
- Update to 1.28.2
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.26.2-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.26.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.26.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Thu Mar 30 2017 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.26.2-1
|
||||
- Update to 1.26.2
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.22.1-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.22.1-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.22.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Tue Apr 14 2015 Michael Schwendt <mschwendt@fedoraproject.org> - 1:1.22.1-3
|
||||
- Provides: bundled(md5-drepper2) (rhbz #1024549)
|
||||
|
||||
* Thu Mar 05 2015 Dan Horák <dan[at]danny.cz> - 1:1.22.1-2
|
||||
- drop unneeded patch (#1182677)
|
||||
|
||||
* Tue Dec 16 2014 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.22.1-1
|
||||
- Update to 1.22.1
|
||||
|
||||
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.19.4-15
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.19.4-14
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Mon May 19 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1:1.19.4-13
|
||||
- uClibc not supported on aarch64
|
||||
|
||||
* Fri May 16 2014 Jaromir Capik <jcapik@redhat.com> - 1:1.19.4-12
|
||||
- Disabled uClibc on ppc64le
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.19.4-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Fri May 24 2013 Dan Horák <dan[at]danny.cz> - 1.19.4-10
|
||||
- disable uClib on s390(x)
|
||||
|
||||
* Wed May 15 2013 Karsten Hopp <karsten@redhat.com> 1.19.4-9
|
||||
- disable uClibc on ppc, too
|
||||
|
||||
* Wed May 15 2013 Karsten Hopp <karsten@redhat.com> 1.19.4-8
|
||||
- include sys/resource.h for RLIMIT_FSIZE (rhbz #961542) on PPC*
|
||||
|
||||
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.19.4-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||
|
||||
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.19.4-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Fri Jun 1 2012 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.19.4-5
|
||||
- Added bboconfig applet - useful for running testsuite
|
||||
|
||||
* Fri Apr 13 2012 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.19.4-4
|
||||
- Fixed breakage with newer kernel headers
|
||||
- Excluded Sun-RPC dependednt features not available in newer static glibc
|
||||
|
||||
* Mon Mar 12 2012 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.19.4-3
|
||||
- Tweaked spec file again to generate even more proper debuginfo package
|
||||
|
||||
* Wed Mar 7 2012 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.19.4-2
|
||||
- Tweaked spec file to generate proper debuginfo package
|
||||
|
||||
* Tue Feb 28 2012 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.19.4-1
|
||||
- update to 1.19.4
|
||||
|
||||
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.19.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Mon Oct 31 2011 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.19.3-1
|
||||
- update to 1.19.3
|
||||
|
||||
* Sat Aug 27 2011 Daniel Drake <dsd@laptop.org> - 1:1.18.2-6
|
||||
- Fix compilation against uClibc and Linux-3.0 headers
|
||||
|
||||
* Fri Aug 26 2011 Daniel Drake <dsd@laptop.org> - 1:1.18.2-5
|
||||
- Remove Linux 2.4 support from insmod/modprobe/etc.
|
||||
- Fixes build failures on ARM, where such ancient syscalls are not present
|
||||
|
||||
* Sat Jun 11 2011 Peter Robinson <pbrobinson@gmail.com> - 1:1.18.2-4
|
||||
- Add support for ARM
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.18.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Mon Feb 7 2011 Tom Callaway <spot@fedoraproject.org> - 1:1.18.2-2
|
||||
- apply fixes from upstream
|
||||
|
||||
* Mon Feb 7 2011 Tom Callaway <spot@fedoraproject.org> - 1:1.18.2-1
|
||||
- update to 1.18.2
|
||||
- use system uClibc
|
||||
|
||||
* Mon Oct 4 2010 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-10
|
||||
- add compatibility with man-db config file (#639461)
|
||||
|
||||
* Wed Sep 29 2010 jkeating - 1:1.15.1-9
|
||||
- Rebuilt for gcc bug 634757
|
||||
|
||||
* Fri Sep 17 2010 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-8
|
||||
- fix build system so that it works with make 3.82 too
|
||||
|
||||
* Wed May 5 2010 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-7
|
||||
- teach uclibc to use /etc/localtime
|
||||
|
||||
* Wed Feb 24 2010 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-6
|
||||
- tweak installed docs
|
||||
|
||||
* Wed Jan 27 2010 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-5
|
||||
- enable Fedora-specific uname -p behavior (#534081)
|
||||
|
||||
* Fri Nov 26 2009 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-4
|
||||
- make uclibc use 32-bit compat struct utmp (#541587)
|
||||
|
||||
* Fri Nov 10 2009 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-3
|
||||
- re-enable rpm applet (#534092)
|
||||
|
||||
* Fri Oct 2 2009 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-2
|
||||
- add manpage generation (#525658)
|
||||
|
||||
* Sun Sep 13 2009 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.15.1-1
|
||||
- Rebase to 1.15.1
|
||||
|
||||
* Fri Sep 11 2009 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.14.1-6
|
||||
- REALLY fix build on s390, ia64
|
||||
|
||||
* Fri Sep 11 2009 Denys Vlasenko <dvlasenk@redhat.com> - 1:1.14.1-5
|
||||
- fix build on s390, ia64
|
||||
|
||||
* Wed Sep 02 2009 Chris Lumens <clumens@redhat.com> 1.14.1-4
|
||||
- Remove busybox-anaconda (#514319).
|
||||
|
||||
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.14.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Fri Jun 12 2009 Ivana Varekova <varekova@redhat.com> - 1:1.14.1-2
|
||||
- add new options to readlink - patch created by Denys Valsenko
|
||||
|
||||
* Thu May 28 2009 Ivana Varekova <varekova@redhat.com> - 1:1.14.1-1
|
||||
- fix ppc problem
|
||||
- update to 1.14.1
|
||||
|
||||
* Sun May 24 2009 Milos Jakubicek <xjakub@fi.muni.cz> - 1:1.13.2-4
|
||||
- Fixing FTBFS on i586/x86_64/ppc, ppc64 still an issue:
|
||||
- Updated uClibc to 0.9.30.1, subsequently:
|
||||
- Removed uClibc-0.9.30 patch (merged upstream).
|
||||
- Added uClibc-0.9.30.1-getline.patch -- prevents conflicts with getline()
|
||||
from stdio.h
|
||||
- Temporarily disable C99 math to bypass ppc bug, see https://bugs.uclibc.org/show_bug.cgi?id=55
|
||||
|
||||
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.13.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Mon Feb 9 2009 Ivana Varekova <varekova@redhat.com> - 1:1.13.2-2
|
||||
- use uClibc instead of glibc for static build - thanks Denys Vlasenko
|
||||
|
||||
* Mon Jan 19 2009 Ivana Varekova <varekova@redhat.com> - 1:1.13.2-1
|
||||
- update to 1.13.2
|
||||
|
||||
* Tue Dec 2 2008 Ivana Varekova <varekova@redhat.com> - 1:1.12.1-2
|
||||
- enable selinux in static version of busybox (#462724)
|
||||
|
||||
* Mon Nov 10 2008 Ivana Varekova <varekova@redhat.com> - 1:1.12.1-1
|
||||
- update to 1.12.1
|
||||
|
||||
* Tue Aug 26 2008 Ivana Varekova <varekova@redhat.com> - 1:1.10.3-3
|
||||
- fix findfs problem - #455998
|
||||
|
||||
* Wed Jul 23 2008 Ivana Varekova <varekova@redhat.com> - 1:1.10.3-2
|
||||
- add findfs to static version of busybox
|
||||
(kexec-tools need it #455998)
|
||||
|
||||
* Tue Jun 10 2008 Ivana Varekova <varekova@redhat.com> - 1:1.10.3-1
|
||||
- update to 1.10.3
|
||||
|
||||
* Fri May 16 2008 Ivana Varekova <varekova@redhat.com> - 1:1.10.2-1
|
||||
- update to 1.10.2
|
||||
|
||||
* Thu May 9 2008 Ivana Varekova <varekova@redhat.com> - 1:1.10.1-1
|
||||
- update to 1.10.1
|
||||
|
||||
* Thu Feb 14 2008 Ivana Varekova <varekova@redhat.com> - 1:1.9.1-1
|
||||
- update to 1.9.1
|
||||
- fix a problem with netfilter.h - thanks dwmw2
|
||||
|
||||
* Fri Feb 8 2008 Ivana Varekova <varekova@redhat.com> - 1:1.9.0-2
|
||||
- fix hwclock on ia64 machines
|
||||
|
||||
* Mon Jan 7 2008 Ivana Varekova <varekova@redhat.com> - 1:1.9.0-1
|
||||
- update to 1.9.0
|
||||
|
||||
* Mon Dec 3 2007 Ivana Varekova <varekova@redhat.com> - 1:1.8.2-1
|
||||
- update to 1.8.2
|
||||
|
||||
* Wed Nov 21 2007 Ivana Varekova <varekova@redhat.com> - 1:1.8.1-1
|
||||
- update to 1.8.1
|
||||
|
||||
* Tue Nov 6 2007 Ivana Varekova <varekova@redhat.com> - 1:1.7.3-1
|
||||
- update to 1.7.3
|
||||
- remove --gc-sections from static build Makefile
|
||||
|
||||
* Thu Nov 1 2007 Ivana Varekova <varekova@redhat.com> - 1:1.7.2-4
|
||||
- fix 359371 - problem with grep output
|
||||
|
||||
* Wed Oct 31 2007 Ivana Varekova <varekova@redhat.com> - 1:1.7.2-3
|
||||
- fix another sed problem (forgotten fflush - #356111)
|
||||
|
||||
* Mon Oct 29 2007 Ivana Varekova <varekova@redhat.com> - 1:1.7.2-2
|
||||
- fix sed problem with output (#356111)
|
||||
|
||||
* Mon Oct 22 2007 Ivana Varekova <varekova@redhat.com> - 1:1.7.2-1
|
||||
- update to 1.7.2
|
||||
|
||||
* Tue Sep 4 2007 Ivana Varekova <varekova@redhat.com> - 1:1.6.1-2
|
||||
- spec file cleanup
|
||||
|
||||
* Mon Jul 23 2007 Ivana Varekova <varekova@redhat.com> - 1:1.6.1-1
|
||||
- update to 1.6.1
|
||||
|
||||
* Fri Jun 1 2007 Ivana Varekova <varekova@redhat.com> - 1:1.5.1-2
|
||||
- add msh shell
|
||||
|
||||
* Thu May 24 2007 Ivana Varekova <varekova@redhat.com> - 1:1.5.1-1
|
||||
- update to 1.5.1
|
||||
|
||||
* Sat Apr 7 2007 David Woodhouse <dwmw2@redhat.com> - 1:1.2.2-8
|
||||
- Add busybox-petitboot subpackage
|
||||
|
||||
* Mon Apr 2 2007 Ivana Varekova <varekova@redhat.com> - 1:1.2.2-7
|
||||
- Resolves: 234769
|
||||
busybox ls does not work without a tty
|
||||
|
||||
* Mon Feb 19 2007 Ivana Varekova <varekova@redhat.com> - 1:1.2.2-6
|
||||
- incorporate package review feedback
|
||||
|
||||
* Fri Feb 2 2007 Ivana Varekova <varekova@redhat.com> - 1:1.2.2-5
|
||||
- fix id_ps patch (thanks Chris MacGregor)
|
||||
|
||||
* Tue Jan 30 2007 Ivana Varekova <varekova@redhat.com> - 1:1.2.2-4
|
||||
- remove debuginfo
|
||||
|
||||
* Mon Jan 22 2007 Ivana Varekova <varekova@redhat.com> - 1:1.2.2-3
|
||||
- Resolves: 223620
|
||||
id output shows context twice
|
||||
- fix iptunnel x kernel-headers problem
|
||||
|
||||
* Mon Dec 10 2006 Ivana Varekova <varekova@redhat.com> - 1:1.2.2-2
|
||||
- enable ash
|
||||
|
||||
* Thu Nov 16 2006 Ivana Varekova <varekova@redhat.com> - 1:1.2.2-1
|
||||
- update to 1.2.2
|
||||
|
||||
* Mon Aug 28 2006 Ivana Varekova <varekova@redhat.com> - 1:1.2.0-3
|
||||
- fix #200470 - dmesg aborts
|
||||
backport dmesg upstream changes
|
||||
|
||||
* Mon Aug 28 2006 Ivana Varekova <varekova@redhat.com> - 1:1.2.0-2
|
||||
- fix #202891 - tar problem
|
||||
|
||||
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1:1.2.0-1.1
|
||||
- rebuild
|
||||
|
||||
* Tue Jul 4 2006 Ivana Varekova <varekova@redhat.com> - 1:1.2.0-1
|
||||
- update to 1.2.0
|
||||
|
||||
* Thu Jun 8 2006 Jeremy Katz <katzj@redhat.com> - 1:1.1.3-2
|
||||
- fix so that busybox.anaconda has sh
|
||||
|
||||
* Wed May 31 2006 Ivana Varekova <varekova@redhat.com> - 1:1.1.3-1
|
||||
- update to 1.1.3
|
||||
|
||||
* Mon May 29 2006 Ivana Varekova <varekova@redhat.com> - 1:1.1.2-3
|
||||
- fix Makefile typo (#193354)
|
||||
|
||||
* Fri May 5 2006 Ivana Varekova <varekova@redhat.com> - 1:1.1.2-1
|
||||
- update to 1.1.2
|
||||
|
||||
* Thu May 4 2006 Ivana Varekova <varekova@redhat.com> - 1:1.1.1-2
|
||||
- add -Z option to id command, rename ps command -Z option (#190534)
|
||||
|
||||
* Wed May 03 2006 Ivana Varekova <varekova@redhat.com> - 1:1.1.1-1
|
||||
- update to 1.1.1
|
||||
- fix CVE-2006-1058 - BusyBox passwd command
|
||||
fails to generate password with salt (#187386)
|
||||
- add -minimal-toc option
|
||||
- add RPM_OPT_FLAGS
|
||||
- remove asm/page.h used sysconf command to get PAGE_SIZE
|
||||
- add overfl patch to aviod Buffer warning
|
||||
|
||||
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1:1.01-2.2.1
|
||||
- bump again for double-long bug on ppc(64)
|
||||
|
||||
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1:1.01-2.2
|
||||
- rebuilt for new gcc4.1 snapshot and glibc changes
|
||||
|
||||
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Thu Oct 13 2005 Daniel Walsh <dwalsh@redhat.com> - 1.01-2
|
||||
- Add sepol for linking load_policy
|
||||
|
||||
* Thu Sep 1 2005 Ivana Varekova <varekova@redhat.com> - 1.01-1
|
||||
- update to 1.01
|
||||
|
||||
* Tue May 11 2005 Ivana Varekova <varekova@redhat.com> - 1.00-5
|
||||
- add debug files to debug_package
|
||||
|
||||
* Mon Mar 7 2005 Ivana Varekova <varekova@redhat.com> - 1.00-4
|
||||
- rebuilt
|
||||
|
||||
* Wed Jan 26 2005 Ivana Varekova <varekova@redhat.com> - 1.00-3
|
||||
- update to 1.00 - fix bug #145681
|
||||
- rebuild
|
||||
|
||||
* Thu Jan 13 2005 Jeremy Katz <katzj@redhat.com> - 1.00.rc1-6
|
||||
- enable ash as the shell in busybox-anaconda
|
||||
|
||||
* Sat Oct 2 2004 Bill Nottingham <notting@redhat.com> - 1.00.rc1-5
|
||||
- fix segfault in SELinux patch (#134404, #134406)
|
||||
|
||||
* Fri Sep 17 2004 Phil Knirsch <pknirsch@redhat.com> - 1.00.rc1-4
|
||||
- Fixed double free in freecon() call (#132809)
|
||||
|
||||
* Fri Sep 10 2004 Daniel Walsh <dwalsh@redhat.com> - 1.00.rc1-3
|
||||
- Add CONFIG_STATIC=y for static builds
|
||||
|
||||
* Wed Aug 25 2004 Jeremy Katz <katzj@redhat.com> - 1.00.rc1-2
|
||||
- rebuild
|
||||
|
||||
* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.00-pre10.1
|
||||
- Add BuildRequires libselinux-devel
|
||||
- Update to latest from upstream
|
||||
|
||||
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Tue May 11 2004 Karsten Hopp <karsten@redhat.de> 1.00.pre8-4
|
||||
- add mknod to busybox-anaconda
|
||||
|
||||
* Wed Apr 21 2004 Karsten Hopp <karsten@redhat.de> 1.00.pre8-3
|
||||
- fix LS_COLOR in anaconda patch
|
||||
|
||||
* Tue Mar 23 2004 Jeremy Katz <katzj@redhat.com> 1.00.pre8-2
|
||||
- add awk to busybox-anaconda
|
||||
|
||||
* Sat Mar 20 2004 Dan Walsh <dwalsh@redhat.com> 1.00-pre8.1
|
||||
- Update with latest patch.
|
||||
- Turn off LS_COLOR in static patch
|
||||
|
||||
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.00-pre5.2
|
||||
- Fix is_selinux_enabled calls
|
||||
|
||||
* Mon Dec 29 2003 Dan Walsh <dwalsh@redhat.com> 1.00-pre5.1
|
||||
-Latest update
|
||||
|
||||
* Wed Nov 26 2003 Dan Walsh <dwalsh@redhat.com> 1.00-pre3.2
|
||||
- Add insmod
|
||||
|
||||
* Mon Sep 15 2003 Dan Walsh <dwalsh@redhat.com> 1.00-pre3.1
|
||||
- Upgrade to pre3
|
||||
|
||||
* Thu Sep 11 2003 Dan Walsh <dwalsh@redhat.com> 1.00.2
|
||||
- Upgrade selinux support
|
||||
|
||||
* Wed Jul 23 2003 Dan Walsh <dwalsh@redhat.com> 1.00.1
|
||||
- Upgrade to 1.00 package
|
||||
|
||||
* Wed Jul 16 2003 Elliot Lee <sopwith@redhat.com> 0.60.5-10
|
||||
- Rebuild
|
||||
|
||||
* Mon Jul 14 2003 Jeremy Katz <katzj@redhat.com> 0.60.5-9
|
||||
- rebuild
|
||||
|
||||
* Mon Jul 14 2003 Jeremy Katz <katzj@redhat.com> 0.60.5-8
|
||||
- add dmesg to busybox-anaconda
|
||||
|
||||
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Mon Jan 13 2003 Jeremy Katz <katzj@redhat.com> 0.60.5-5
|
||||
- lost nolock for anaconda mount when rediffing, it returns (#81764)
|
||||
|
||||
* Mon Jan 6 2003 Dan Walsh <dwalsh@redhat.com> 0.60.5-4
|
||||
- Upstream developers wanted to eliminate the use of floats
|
||||
|
||||
* Thu Jan 3 2003 Dan Walsh <dwalsh@redhat.com> 0.60.5-3
|
||||
- Fix free to work on large memory machines.
|
||||
|
||||
* Sat Dec 28 2002 Jeremy Katz <katzj@redhat.com> 0.60.5-2
|
||||
- update Config.h for anaconda build to include more useful utils
|
||||
|
||||
* Thu Dec 19 2002 Dan Walsh <dwalsh@redhat.com> 0.60.5-1
|
||||
- update latest release
|
||||
|
||||
* Thu Dec 19 2002 Dan Walsh <dwalsh@redhat.com> 0.60.2-8
|
||||
- incorporate hammer changes
|
||||
|
||||
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
||||
- automated rebuild
|
||||
|
||||
* Thu May 23 2002 Tim Powers <timp@redhat.com>
|
||||
- automated rebuild
|
||||
|
||||
* Mon May 06 2002 Florian La Roche <Florian.LaRoche@redhat.de>
|
||||
- fix compilation on mainframe
|
||||
|
||||
* Tue Apr 2 2002 Jeremy Katz <katzj@redhat.com>
|
||||
- fix static busybox (#60701)
|
||||
|
||||
* Thu Feb 28 2002 Jeremy Katz <katzj@redhat.com>
|
||||
- don't include mknod in busybox.anaconda so we get collage mknod
|
||||
|
||||
* Fri Feb 22 2002 Jeremy Katz <katzj@redhat.com>
|
||||
- rebuild in new environment
|
||||
|
||||
* Wed Jan 30 2002 Jeremy Katz <katzj@redhat.com>
|
||||
- update to 0.60.2
|
||||
- include more pieces for the anaconda version so that collage can go away
|
||||
- make the mount in busybox.anaconda default to -onolock
|
||||
|
||||
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
|
||||
`- automated rebuild
|
||||
|
||||
* Mon Jul 9 2001 Tim Powers <timp@redhat.com>
|
||||
- don't obsolete sash
|
||||
- fix URL and spelling in desc. to satisfy rpmlint
|
||||
|
||||
* Thu Jul 05 2001 Florian La Roche <Florian.LaRoche@redhat.de>
|
||||
- add missing defattr for anaconda subpackage
|
||||
|
||||
* Thu Jun 28 2001 Erik Troan <ewt@redhat.com>
|
||||
- initial build for Red Hat
|
|
@ -13,8 +13,8 @@
|
|||
"ca-legacy": "de73a03a0cde4aff31ce3d5e27eecd03284a637c102e46b9e47d4369b5152ae0",
|
||||
"ca-legacy.8.txt": "4fef2b8fed41d21ae559803b06074ca61a3f46648f174832542e3223d16dabf4",
|
||||
"ca-legacy.conf": "400b96da374503fa6b6350a867347082d0c90e05ba4d02cc6b51b11229199c4d",
|
||||
"certdata.base.txt": "96c5bb3bee31293fcb3272fffaec4859acf20e8db2e1c565e2ba77cb32d9a33c",
|
||||
"certdata.microsoft.txt": "d647ba9622bd973b2a2cb5114825a8ff6016ba3a5499a6a7cccdc1d07af25fdb",
|
||||
"certdata.base.txt": "76c4cd1860b9a6f6ee9c2a0dcddcef46f65950b7ec12d2a7eeabeedca4e379f9",
|
||||
"certdata.microsoft.txt": "b5c76318f4ab8201ab895c4dea091efcd1e9470a59780dabc0c88c2875da7d51",
|
||||
"certdata.txt": "cc6408bd4be7fbfb8699bdb40ccb7f6de5780d681d87785ea362646e4dad5e8e",
|
||||
"certdata2pem.py": "0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0",
|
||||
"nssckbi.h": "9d916fe1586259d94632f186a736449e8344b8a18f7ac97253f13efc764d77ea",
|
||||
|
|
|
@ -5,15 +5,12 @@
|
|||
%define legacy_default_bundle ca-bundle.legacy.default.crt
|
||||
%define legacy_disable_bundle ca-bundle.legacy.disable.crt
|
||||
%define java_bundle java/cacerts
|
||||
|
||||
%define p11_format_mozilla_bundle ca-bundle.trust.mozilla.p11-kit
|
||||
%define legacy_default_mozilla_bundle ca-bundle.legacy.default.mozilla.crt
|
||||
%define legacy_disable_mozilla_bundle ca-bundle.legacy.disable.mozilla.crt
|
||||
|
||||
%define p11_format_base_bundle ca-bundle.trust.base.p11-kit
|
||||
%define legacy_default_base_bundle ca-bundle.legacy.default.base.crt
|
||||
%define legacy_disable_base_bundle ca-bundle.legacy.disable.base.crt
|
||||
|
||||
%define p11_format_microsoft_bundle ca-bundle.trust.microsoft.p11-kit
|
||||
%define legacy_default_microsoft_bundle ca-bundle.legacy.default.microsoft.crt
|
||||
%define legacy_disable_microsoft_bundle ca-bundle.legacy.disable.microsoft.crt
|
||||
|
@ -31,13 +28,13 @@
|
|||
# Arguments:
|
||||
# %1 - the source certdata.txt file;
|
||||
%define convert_certdata() \
|
||||
WORKDIR=$(basename %1.d) \
|
||||
WORKDIR=$(basename %{1}.d) \
|
||||
mkdir -p $WORKDIR/certs/legacy-default \
|
||||
mkdir $WORKDIR/certs/legacy-disable \
|
||||
mkdir $WORKDIR/java \
|
||||
pushd $WORKDIR/certs \
|
||||
pwd $WORKDIR \
|
||||
cp %1 certdata.txt \
|
||||
cp %{1} certdata.txt \
|
||||
python3 %{SOURCE4} >c2p.log 2>c2p.err \
|
||||
popd \
|
||||
%{SOURCE19} $WORKDIR %{SOURCE1} %{openssl_format_trust_bundle} %{legacy_default_bundle} %{legacy_disable_bundle} %{SOURCE3}
|
||||
|
@ -49,17 +46,16 @@ popd \
|
|||
# %3 - output legacy default bundle name;
|
||||
# %4 - output legacy disabled bundle name;
|
||||
%define install_bundles() \
|
||||
WORKDIR=$(basename %1.d) \
|
||||
install -p -m 644 $WORKDIR/%{openssl_format_trust_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%2 \
|
||||
install -p -m 644 $WORKDIR/%{legacy_default_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%3 \
|
||||
install -p -m 644 $WORKDIR/%{legacy_disable_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%4 \
|
||||
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%2 \
|
||||
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%3 \
|
||||
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%4
|
||||
WORKDIR=$(basename %{1}.d) \
|
||||
install -p -m 644 $WORKDIR/%{openssl_format_trust_bundle} %{buildroot}%{_datadir}/pki/ca-trust-source/%{2} \
|
||||
install -p -m 644 $WORKDIR/%{legacy_default_bundle} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{3} \
|
||||
install -p -m 644 $WORKDIR/%{legacy_disable_bundle} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{4} \
|
||||
touch -r %{SOURCE0} %{buildroot}%{_datadir}/pki/ca-trust-source/%{2} \
|
||||
touch -r %{SOURCE0} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{3} \
|
||||
touch -r %{SOURCE0} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{4}
|
||||
|
||||
Summary: Certificate Authority certificates
|
||||
Name: ca-certificates
|
||||
|
||||
# The files, certdata.txt and nssckbi.h, should be taken from a released version of NSS, as published
|
||||
# at https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
|
||||
#
|
||||
|
@ -73,13 +69,14 @@ Name: ca-certificates
|
|||
# http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
|
||||
# (but these files might have not yet been released).
|
||||
|
||||
# When updating, "Version" AND "Release" tags must be updated in the "prebuilt-ca-certificates" package as well.
|
||||
Version: 20200720
|
||||
Release: 9%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: https://hg.mozilla.org
|
||||
Group: System Environment/Security
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment/Security
|
||||
URL: https://hg.mozilla.org
|
||||
# Please always update both certdata.txt and nssckbi.h
|
||||
Source0: https://hg.mozilla.org/releases/mozilla-release/raw-file/712412cb974c0392afe31fd9ce974b26ae3993c3/security/nss/lib/ckfw/builtins/certdata.txt
|
||||
Source1: nssckbi.h
|
||||
|
@ -104,8 +101,6 @@ Source21: certdata.base.txt
|
|||
Source22: bundle2pem.sh
|
||||
Source23: certdata.microsoft.txt
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: /bin/ln
|
||||
BuildRequires: asciidoc
|
||||
BuildRequires: coreutils
|
||||
|
@ -116,14 +111,14 @@ BuildRequires: openssl
|
|||
BuildRequires: perl
|
||||
BuildRequires: python3
|
||||
|
||||
Requires: %{name}-shared = %{version}-%{release}
|
||||
Requires(post): %{name}-tools = %{version}-%{release}
|
||||
Requires(post): coreutils
|
||||
|
||||
Requires(postun): %{name}-tools = %{version}-%{release}
|
||||
|
||||
Requires: %{name}-shared = %{version}-%{release}
|
||||
Provides: ca-certificates-mozilla = %{version}-%{release}
|
||||
|
||||
Provides: ca-certificates-mozilla
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
The Public Key Inrastructure is used for many security issues in a
|
||||
|
@ -145,13 +140,11 @@ Group: System Environment/Security
|
|||
Summary: Basic set of trusted CAs required to authenticate the packages repository.
|
||||
Group: System Environment/Security
|
||||
|
||||
Requires: %{name}-shared = %{version}-%{release}
|
||||
Requires(post): %{name}-tools = %{version}-%{release}
|
||||
Requires(post): coreutils
|
||||
|
||||
Requires(postun): %{name}-tools = %{version}-%{release}
|
||||
|
||||
Requires: %{name}-shared = %{version}-%{release}
|
||||
|
||||
%description base
|
||||
%{summary}
|
||||
|
||||
|
@ -159,13 +152,11 @@ Requires: %{name}-shared = %{version}-%{release}
|
|||
Summary: A list of CAs trusted through the Microsoft Trusted Root Program.
|
||||
Group: System Environment/Security
|
||||
|
||||
Requires: %{name}-shared = %{version}-%{release}
|
||||
Requires(post): %{name}-tools = %{version}-%{release}
|
||||
Requires(post): coreutils
|
||||
|
||||
Requires(postun): %{name}-tools = %{version}-%{release}
|
||||
|
||||
Requires: %{name}-shared = %{version}-%{release}
|
||||
|
||||
%description microsoft
|
||||
%{summary}
|
||||
|
||||
|
@ -173,8 +164,8 @@ Requires: %{name}-shared = %{version}-%{release}
|
|||
Summary: Cert generation tools.
|
||||
Group: System Environment/Security
|
||||
|
||||
Requires: p11-kit-trust >= 0.23.10
|
||||
Requires: p11-kit >= 0.23.10
|
||||
Requires: p11-kit-trust >= 0.23.10
|
||||
|
||||
%description tools
|
||||
Set of scripts to generate certificates out of a certdata.txt file.
|
||||
|
@ -187,7 +178,7 @@ Requires: %{name}-shared = %{version}-%{release}
|
|||
|
||||
%description legacy
|
||||
Provides a legacy version of ca-bundle.crt in the format of "[hash].0 -> [hash].pem"
|
||||
pairs under /etc/pki/tls/certs.
|
||||
pairs under %{_sysconfdir}/pki/tls/certs.
|
||||
|
||||
%prep -q
|
||||
rm -rf %{name}
|
||||
|
@ -211,37 +202,36 @@ xsltproc --nonet -o %{name}/ca-legacy.8 /etc/asciidoc/docbook-xsl/manpage.xsl %{
|
|||
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{pkidir}/tls/certs
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{pkidir}/java
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/anchors
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blacklist
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/java
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/anchors
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/blacklist
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_bindir}
|
||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_mandir}/man8
|
||||
mkdir -p -m 755 %{buildroot}%{pkidir}/tls/certs
|
||||
mkdir -p -m 755 %{buildroot}%{pkidir}/java
|
||||
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/ssl
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/source
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/source/anchors
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/source/blacklist
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/pem
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/openssl
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/java
|
||||
mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/edk2
|
||||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-source
|
||||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-source/anchors
|
||||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-source/blacklist
|
||||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-legacy
|
||||
mkdir -p -m 755 %{buildroot}%{_bindir}
|
||||
mkdir -p -m 755 %{buildroot}%{_mandir}/man8
|
||||
|
||||
install -p -m 644 %{name}/update-ca-trust.8 $RPM_BUILD_ROOT%{_mandir}/man8
|
||||
install -p -m 644 %{name}/ca-legacy.8 $RPM_BUILD_ROOT%{_mandir}/man8
|
||||
install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/README
|
||||
install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{catrustdir}/README
|
||||
install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{catrustdir}/extracted/README
|
||||
install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{catrustdir}/extracted/java/README
|
||||
install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl/README
|
||||
install -p -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/README
|
||||
install -p -m 644 %{SOURCE17} $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/README
|
||||
install -p -m 644 %{SOURCE18} $RPM_BUILD_ROOT%{catrustdir}/source/README
|
||||
install -p -m 644 %{name}/update-ca-trust.8 %{buildroot}%{_mandir}/man8
|
||||
install -p -m 644 %{name}/ca-legacy.8 %{buildroot}%{_mandir}/man8
|
||||
install -p -m 644 %{SOURCE11} %{buildroot}%{_datadir}/pki/ca-trust-source/README
|
||||
install -p -m 644 %{SOURCE12} %{buildroot}%{catrustdir}/README
|
||||
install -p -m 644 %{SOURCE13} %{buildroot}%{catrustdir}/extracted/README
|
||||
install -p -m 644 %{SOURCE14} %{buildroot}%{catrustdir}/extracted/java/README
|
||||
install -p -m 644 %{SOURCE15} %{buildroot}%{catrustdir}/extracted/openssl/README
|
||||
install -p -m 644 %{SOURCE16} %{buildroot}%{catrustdir}/extracted/pem/README
|
||||
install -p -m 644 %{SOURCE17} %{buildroot}%{catrustdir}/extracted/edk2/README
|
||||
install -p -m 644 %{SOURCE18} %{buildroot}%{catrustdir}/source/README
|
||||
|
||||
install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{catrustdir}/ca-legacy.conf
|
||||
install -p -m 644 %{SOURCE5} %{buildroot}%{catrustdir}/ca-legacy.conf
|
||||
|
||||
# Mozilla certs
|
||||
%install_bundles %{SOURCE0} %{p11_format_mozilla_bundle} %{legacy_default_mozilla_bundle} %{legacy_disable_mozilla_bundle}
|
||||
|
@ -254,65 +244,64 @@ install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{catrustdir}/ca-legacy.conf
|
|||
|
||||
# TODO: consider to dynamically create the update-ca-trust script from within
|
||||
# this .spec file, in order to have the output file+directory names at once place only.
|
||||
install -p -m 755 %{SOURCE2} $RPM_BUILD_ROOT%{_bindir}/update-ca-trust
|
||||
install -p -m 755 %{SOURCE2} %{buildroot}%{_bindir}/update-ca-trust
|
||||
|
||||
install -p -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/ca-legacy
|
||||
install -p -m 755 %{SOURCE6} %{buildroot}%{_bindir}/ca-legacy
|
||||
|
||||
install -p -m 755 %{SOURCE22} $RPM_BUILD_ROOT%{_bindir}/bundle2pem.sh
|
||||
install -p -m 755 %{SOURCE22} %{buildroot}%{_bindir}/bundle2pem.sh
|
||||
|
||||
# touch ghosted files that will be extracted dynamically
|
||||
# Set chmod 444 to use identical permission
|
||||
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/tls-ca-bundle.pem
|
||||
chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/tls-ca-bundle.pem
|
||||
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/email-ca-bundle.pem
|
||||
chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/email-ca-bundle.pem
|
||||
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/objsign-ca-bundle.pem
|
||||
chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/objsign-ca-bundle.pem
|
||||
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle}
|
||||
chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle}
|
||||
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/%{java_bundle}
|
||||
chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/%{java_bundle}
|
||||
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/cacerts.bin
|
||||
chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/cacerts.bin
|
||||
touch $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
chmod 444 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
touch $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
chmod 444 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
touch %{buildroot}%{catrustdir}/extracted/pem/tls-ca-bundle.pem
|
||||
chmod 444 %{buildroot}%{catrustdir}/extracted/pem/tls-ca-bundle.pem
|
||||
touch %{buildroot}%{catrustdir}/extracted/pem/email-ca-bundle.pem
|
||||
chmod 444 %{buildroot}%{catrustdir}/extracted/pem/email-ca-bundle.pem
|
||||
touch %{buildroot}%{catrustdir}/extracted/pem/objsign-ca-bundle.pem
|
||||
chmod 444 %{buildroot}%{catrustdir}/extracted/pem/objsign-ca-bundle.pem
|
||||
touch %{buildroot}%{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle}
|
||||
chmod 444 %{buildroot}%{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle}
|
||||
touch %{buildroot}%{catrustdir}/extracted/%{java_bundle}
|
||||
chmod 444 %{buildroot}%{catrustdir}/extracted/%{java_bundle}
|
||||
touch %{buildroot}%{catrustdir}/extracted/edk2/cacerts.bin
|
||||
chmod 444 %{buildroot}%{catrustdir}/extracted/edk2/cacerts.bin
|
||||
touch %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
chmod 444 %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
touch %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
chmod 444 %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
|
||||
# /etc/ssl/certs symlink for 3rd-party tools
|
||||
ln -s ../pki/tls/certs \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/ssl/certs
|
||||
%{buildroot}%{_sysconfdir}/ssl/certs
|
||||
# legacy filenames
|
||||
ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
|
||||
$RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
|
||||
%{buildroot}%{pkidir}/tls/cert.pem
|
||||
ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
|
||||
$RPM_BUILD_ROOT%{pkidir}/tls/certs/%{classic_tls_bundle}
|
||||
%{buildroot}%{pkidir}/tls/certs/%{classic_tls_bundle}
|
||||
ln -s %{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle} \
|
||||
$RPM_BUILD_ROOT%{pkidir}/tls/certs/%{openssl_format_trust_bundle}
|
||||
%{buildroot}%{pkidir}/tls/certs/%{openssl_format_trust_bundle}
|
||||
ln -s %{catrustdir}/extracted/%{java_bundle} \
|
||||
$RPM_BUILD_ROOT%{pkidir}/%{java_bundle}
|
||||
%{buildroot}%{pkidir}/%{java_bundle}
|
||||
|
||||
%post
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_default_mozilla_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_disable_mozilla_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
%refresh_bundles
|
||||
%{refresh_bundles}
|
||||
|
||||
%post base
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_default_base_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_default_base_bundle}
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_disable_base_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_disable_base_bundle}
|
||||
%refresh_bundles
|
||||
%{refresh_bundles}
|
||||
|
||||
%post microsoft
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_default_microsoft_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_default_microsoft_bundle}
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_disable_microsoft_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_disable_microsoft_bundle}
|
||||
%refresh_bundles
|
||||
%{refresh_bundles}
|
||||
|
||||
%postun
|
||||
%refresh_bundles
|
||||
%{refresh_bundles}
|
||||
|
||||
%postun base
|
||||
%refresh_bundles
|
||||
|
||||
%{refresh_bundles}
|
||||
|
||||
%postun legacy
|
||||
# During build time it is unknown what files will get created by the
|
||||
|
@ -322,7 +311,7 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
|
|||
|
||||
# If the 'legacy' subpackage is installed, we need to always refresh the
|
||||
# single PEM-encoded certificates every time a certificate bundle gets modified.
|
||||
# The cert bundle gets modified whenever one of the packages from %{watched_pkgs}
|
||||
# The cert bundle gets modified whenever one of the packages from %%{watched_pkgs}
|
||||
# get installed, removed, or updated.
|
||||
%triggerin -n %{name}-legacy -- %{watched_pkgs}
|
||||
%{_bindir}/bundle2pem.sh %{pkidir}/tls/certs/%{classic_tls_bundle}
|
||||
|
@ -331,10 +320,11 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
|
|||
%{_bindir}/bundle2pem.sh %{pkidir}/tls/certs/%{classic_tls_bundle}
|
||||
|
||||
%postun microsoft
|
||||
%refresh_bundles
|
||||
%{refresh_bundles}
|
||||
|
||||
%clean
|
||||
|
||||
|
||||
%files
|
||||
# Mozilla certs bundle file with trust
|
||||
%{_datadir}/pki/ca-trust-source/%{p11_format_mozilla_bundle}
|
||||
|
@ -425,6 +415,13 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
|
|||
%{_bindir}/bundle2pem.sh
|
||||
|
||||
%changelog
|
||||
* Mon Feb 08 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-11
|
||||
- Removing the deprecated "Microsoft IT TLS CA 2" CA from the list of trusted anchors.
|
||||
- Added explicit version info for the "Provides".
|
||||
|
||||
* Tue Nov 10 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-10
|
||||
- Updating Microsoft trusted root CAs.
|
||||
|
||||
* Wed Oct 21 2020 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-9
|
||||
- Switching to the correct source for the Microsoft bundle.
|
||||
|
||||
|
|
|
@ -770,179 +770,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
|||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Microsoft IT TLS CA 2"
|
||||
#
|
||||
# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
|
||||
# Serial Number:0f:2c:10:c9:5b:06:c0:93:7f:b8:d4:49:f8:3e:85:69
|
||||
# Subject: CN=Microsoft IT TLS CA 2,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
|
||||
# Not Valid Before: Fri May 20 12:51:57 2016
|
||||
# Not Valid After : Mon May 20 12:51:57 2024
|
||||
# Fingerprint (SHA-256): 4E:10:7C:98:1B:42:AC:BE:41:C0:10:67:E1:6D:44:DB:64:81:4D:41:93:E5:72:31:7E:A0:4B:87:C7:9C:47:5F
|
||||
# Fingerprint (SHA1): 54:D9:D2:02:39:08:0C:32:31:6E:D9:FF:98:0A:48:98:8F:4A:DF:2D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Microsoft IT TLS CA 2"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\201\213\061\013\060\011\006\003\125\004\006\023\002\125\123
|
||||
\061\023\060\021\006\003\125\004\010\023\012\127\141\163\150\151
|
||||
\156\147\164\157\156\061\020\060\016\006\003\125\004\007\023\007
|
||||
\122\145\144\155\157\156\144\061\036\060\034\006\003\125\004\012
|
||||
\023\025\115\151\143\162\157\163\157\146\164\040\103\157\162\160
|
||||
\157\162\141\164\151\157\156\061\025\060\023\006\003\125\004\013
|
||||
\023\014\115\151\143\162\157\163\157\146\164\040\111\124\061\036
|
||||
\060\034\006\003\125\004\003\023\025\115\151\143\162\157\163\157
|
||||
\146\164\040\111\124\040\124\114\123\040\103\101\040\062
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061
|
||||
\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
|
||||
\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
|
||||
\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004
|
||||
\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142
|
||||
\145\162\124\162\165\163\164\040\122\157\157\164
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\017\054\020\311\133\006\300\223\177\270\324\111\370\076
|
||||
\205\151
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\005\264\060\202\004\234\240\003\002\001\002\002\020\017
|
||||
\054\020\311\133\006\300\223\177\270\324\111\370\076\205\151\060
|
||||
\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\132
|
||||
\061\013\060\011\006\003\125\004\006\023\002\111\105\061\022\060
|
||||
\020\006\003\125\004\012\023\011\102\141\154\164\151\155\157\162
|
||||
\145\061\023\060\021\006\003\125\004\013\023\012\103\171\142\145
|
||||
\162\124\162\165\163\164\061\042\060\040\006\003\125\004\003\023
|
||||
\031\102\141\154\164\151\155\157\162\145\040\103\171\142\145\162
|
||||
\124\162\165\163\164\040\122\157\157\164\060\036\027\015\061\066
|
||||
\060\065\062\060\061\062\065\061\065\067\132\027\015\062\064\060
|
||||
\065\062\060\061\062\065\061\065\067\132\060\201\213\061\013\060
|
||||
\011\006\003\125\004\006\023\002\125\123\061\023\060\021\006\003
|
||||
\125\004\010\023\012\127\141\163\150\151\156\147\164\157\156\061
|
||||
\020\060\016\006\003\125\004\007\023\007\122\145\144\155\157\156
|
||||
\144\061\036\060\034\006\003\125\004\012\023\025\115\151\143\162
|
||||
\157\163\157\146\164\040\103\157\162\160\157\162\141\164\151\157
|
||||
\156\061\025\060\023\006\003\125\004\013\023\014\115\151\143\162
|
||||
\157\163\157\146\164\040\111\124\061\036\060\034\006\003\125\004
|
||||
\003\023\025\115\151\143\162\157\163\157\146\164\040\111\124\040
|
||||
\124\114\123\040\103\101\040\062\060\202\002\042\060\015\006\011
|
||||
\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000
|
||||
\060\202\002\012\002\202\002\001\000\236\252\025\301\033\241\143
|
||||
\137\346\121\030\305\026\273\021\334\013\115\233\221\012\272\100
|
||||
\111\053\334\326\006\013\305\167\131\054\064\102\105\013\116\250
|
||||
\311\026\360\050\363\037\226\225\277\036\323\237\314\207\201\226
|
||||
\041\244\347\263\060\146\255\174\156\000\022\257\275\054\075\105
|
||||
\256\240\077\165\354\165\040\005\374\101\142\201\174\314\016\331
|
||||
\041\356\163\000\163\203\025\272\011\057\261\140\375\252\140\155
|
||||
\013\077\032\046\131\064\050\264\102\104\024\133\074\064\235\065
|
||||
\046\125\043\120\322\154\372\244\053\275\344\073\365\130\313\013
|
||||
\033\043\306\175\323\175\314\075\320\375\001\003\310\236\275\345
|
||||
\010\043\104\214\130\003\120\324\023\356\170\266\055\244\352\275
|
||||
\062\160\241\120\142\114\226\301\235\271\034\075\141\332\106\055
|
||||
\336\213\326\363\233\305\353\056\355\215\072\224\021\302\333\200
|
||||
\245\002\007\315\177\367\236\141\164\262\354\154\127\172\177\332
|
||||
\066\076\105\074\306\343\234\335\117\233\121\347\157\277\244\233
|
||||
\266\361\243\004\106\136\027\041\374\374\046\220\207\071\154\050
|
||||
\301\364\370\343\316\026\377\333\062\247\013\152\263\360\325\135
|
||||
\154\071\135\133\227\205\275\276\055\266\357\311\342\156\134\310
|
||||
\154\101\355\356\163\174\363\312\170\050\322\060\250\047\027\150
|
||||
\150\133\265\056\055\216\175\315\050\216\257\325\335\227\107\054
|
||||
\110\274\042\103\216\012\031\323\334\305\337\323\362\241\357\166
|
||||
\261\044\142\221\230\173\306\173\070\265\001\020\360\020\254\342
|
||||
\216\115\005\054\174\123\021\054\203\054\315\112\311\026\030\105
|
||||
\252\260\210\355\373\277\200\326\311\003\015\233\372\223\152\074
|
||||
\124\041\315\155\062\305\051\056\335\357\154\014\043\201\053\247
|
||||
\065\154\004\210\234\305\241\266\173\073\214\004\033\252\116\034
|
||||
\110\210\237\206\367\067\350\077\331\161\212\157\375\256\362\100
|
||||
\305\270\167\236\350\300\325\122\137\220\346\023\044\212\043\020
|
||||
\006\002\305\035\320\214\112\006\165\252\111\230\031\136\367\260
|
||||
\037\250\100\147\302\202\154\273\154\032\277\310\175\277\352\150
|
||||
\014\276\041\351\324\163\105\114\130\324\061\362\245\301\145\134
|
||||
\152\007\273\364\104\102\001\113\253\142\015\337\117\300\205\002
|
||||
\315\367\103\343\365\064\366\105\001\002\003\001\000\001\243\202
|
||||
\001\102\060\202\001\076\060\035\006\003\125\035\016\004\026\004
|
||||
\024\221\236\073\104\154\075\127\234\102\167\052\064\327\117\321
|
||||
\314\112\227\054\332\060\037\006\003\125\035\043\004\030\060\026
|
||||
\200\024\345\235\131\060\202\107\130\314\254\372\010\124\066\206
|
||||
\173\072\265\004\115\360\060\022\006\003\125\035\023\001\001\377
|
||||
\004\010\060\006\001\001\377\002\001\000\060\016\006\003\125\035
|
||||
\017\001\001\377\004\004\003\002\001\206\060\047\006\003\125\035
|
||||
\045\004\040\060\036\006\010\053\006\001\005\005\007\003\001\006
|
||||
\010\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005
|
||||
\007\003\011\060\064\006\010\053\006\001\005\005\007\001\001\004
|
||||
\050\060\046\060\044\006\010\053\006\001\005\005\007\060\001\206
|
||||
\030\150\164\164\160\072\057\057\157\143\163\160\056\144\151\147
|
||||
\151\143\145\162\164\056\143\157\155\060\072\006\003\125\035\037
|
||||
\004\063\060\061\060\057\240\055\240\053\206\051\150\164\164\160
|
||||
\072\057\057\143\162\154\063\056\144\151\147\151\143\145\162\164
|
||||
\056\143\157\155\057\117\155\156\151\162\157\157\164\062\060\062
|
||||
\065\056\143\162\154\060\075\006\003\125\035\040\004\066\060\064
|
||||
\060\062\006\004\125\035\040\000\060\052\060\050\006\010\053\006
|
||||
\001\005\005\007\002\001\026\034\150\164\164\160\163\072\057\057
|
||||
\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155
|
||||
\057\103\120\123\060\015\006\011\052\206\110\206\367\015\001\001
|
||||
\013\005\000\003\202\001\001\000\154\177\352\152\157\317\153\133
|
||||
\301\064\254\377\334\016\340\175\213\023\027\340\057\116\131\016
|
||||
\304\003\271\364\005\051\145\107\256\031\232\350\124\366\144\325
|
||||
\330\275\006\340\161\042\031\173\316\232\335\171\213\337\160\047
|
||||
\110\150\333\367\157\063\031\265\145\353\237\220\007\314\270\107
|
||||
\071\175\017\121\023\221\015\200\324\166\120\053\205\007\140\155
|
||||
\155\131\232\051\100\026\306\307\015\340\152\127\113\200\011\277
|
||||
\357\307\113\105\127\263\224\256\327\322\164\014\017\001\203\351
|
||||
\150\361\351\002\227\207\152\330\155\146\325\153\002\274\120\110
|
||||
\240\262\043\167\211\336\010\271\106\243\024\366\214\016\067\226
|
||||
\075\211\245\017\322\062\102\344\057\057\103\136\077\311\035\333
|
||||
\052\044\064\171\242\007\042\217\205\110\137\305\176\155\120\364
|
||||
\064\054\073\221\006\272\122\132\275\146\215\043\014\112\265\152
|
||||
\336\063\111\341\370\231\135\217\060\315\313\300\205\301\003\154
|
||||
\150\346\307\132\325\311\324\130\232\067\076\256\056\062\007\013
|
||||
\173\113\176\174\053\255\337\303\114\221\071\174\027\106\253\176
|
||||
\133\051\152\245\025\125\112\057
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
|
||||
# Trust for "Microsoft IT TLS CA 2"
|
||||
# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
|
||||
# Serial Number:0f:2c:10:c9:5b:06:c0:93:7f:b8:d4:49:f8:3e:85:69
|
||||
# Subject: CN=Microsoft IT TLS CA 2,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
|
||||
# Not Valid Before: Fri May 20 12:51:57 2016
|
||||
# Not Valid After : Mon May 20 12:51:57 2024
|
||||
# Fingerprint (SHA-256): 4E:10:7C:98:1B:42:AC:BE:41:C0:10:67:E1:6D:44:DB:64:81:4D:41:93:E5:72:31:7E:A0:4B:87:C7:9C:47:5F
|
||||
# Fingerprint (SHA1): 54:D9:D2:02:39:08:0C:32:31:6E:D9:FF:98:0A:48:98:8F:4A:DF:2D
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "Microsoft IT TLS CA 2"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\124\331\322\002\071\010\014\062\061\156\331\377\230\012\110\230
|
||||
\217\112\337\055
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\016\033\302\336\242\337\044\155\123\232\101\224\076\242\036\377
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061
|
||||
\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
|
||||
\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
|
||||
\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004
|
||||
\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142
|
||||
\145\162\124\162\165\163\164\040\122\157\157\164
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\017\054\020\311\133\006\300\223\177\270\324\111\370\076
|
||||
\205\151
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "Microsoft RSA TLS CA 01"
|
||||
#
|
||||
|
|
|
@ -10251,7 +10251,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
|||
\002\004\031\231\074\077
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
@ -31416,7 +31416,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
|||
\104\311\133
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
@ -31590,7 +31590,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
|||
\002\001\001
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
@ -32565,7 +32565,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
|||
\025\323\026\177\273\261
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
@ -41741,7 +41741,447 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
|||
\002\011\000\322\325\213\104\277\201\223\102
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
||||
#
|
||||
# Certificate "GlobalSign"
|
||||
#
|
||||
# Issuer: CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE
|
||||
# Serial Number:11:d2:bb:ba:33:6e:d4:bc:e6:24:68:c5:0d:84:1d:98:e8:43
|
||||
# Subject: CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE
|
||||
# Not Valid Before: Wed Mar 20 00:00:00 2019
|
||||
# Not Valid After : Tue Mar 20 00:00:00 2046
|
||||
# Fingerprint (SHA-256): CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58
|
||||
# Fingerprint (SHA1): 39:B4:6C:D5:FE:80:06:EB:E2:2F:4A:BB:08:33:A0:AF:DB:B9:DD:84
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "GlobalSign"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\106\061\013\060\011\006\003\125\004\006\023\002\102\105\061
|
||||
\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
|
||||
\123\151\147\156\040\156\166\055\163\141\061\034\060\032\006\003
|
||||
\125\004\003\023\023\107\154\157\142\141\154\123\151\147\156\040
|
||||
\122\157\157\164\040\105\064\066
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\106\061\013\060\011\006\003\125\004\006\023\002\102\105\061
|
||||
\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
|
||||
\123\151\147\156\040\156\166\055\163\141\061\034\060\032\006\003
|
||||
\125\004\003\023\023\107\154\157\142\141\154\123\151\147\156\040
|
||||
\122\157\157\164\040\105\064\066
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\022\021\322\273\272\063\156\324\274\346\044\150\305\015\204
|
||||
\035\230\350\103
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\002\013\060\202\001\221\240\003\002\001\002\002\022\021
|
||||
\322\273\272\063\156\324\274\346\044\150\305\015\204\035\230\350
|
||||
\103\060\012\006\010\052\206\110\316\075\004\003\003\060\106\061
|
||||
\013\060\011\006\003\125\004\006\023\002\102\105\061\031\060\027
|
||||
\006\003\125\004\012\023\020\107\154\157\142\141\154\123\151\147
|
||||
\156\040\156\166\055\163\141\061\034\060\032\006\003\125\004\003
|
||||
\023\023\107\154\157\142\141\154\123\151\147\156\040\122\157\157
|
||||
\164\040\105\064\066\060\036\027\015\061\071\060\063\062\060\060
|
||||
\060\060\060\060\060\132\027\015\064\066\060\063\062\060\060\060
|
||||
\060\060\060\060\132\060\106\061\013\060\011\006\003\125\004\006
|
||||
\023\002\102\105\061\031\060\027\006\003\125\004\012\023\020\107
|
||||
\154\157\142\141\154\123\151\147\156\040\156\166\055\163\141\061
|
||||
\034\060\032\006\003\125\004\003\023\023\107\154\157\142\141\154
|
||||
\123\151\147\156\040\122\157\157\164\040\105\064\066\060\166\060
|
||||
\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000
|
||||
\042\003\142\000\004\234\016\261\317\267\350\236\122\167\165\064
|
||||
\372\245\106\247\255\062\031\062\264\007\251\047\312\224\273\014
|
||||
\322\012\020\307\332\211\260\227\014\160\023\011\001\216\330\352
|
||||
\107\352\276\262\200\053\315\374\050\015\333\254\274\244\206\067
|
||||
\355\160\010\000\165\352\223\013\173\056\122\234\043\150\043\006
|
||||
\103\354\222\057\123\204\333\373\107\024\007\350\137\224\147\135
|
||||
\311\172\201\074\040\243\102\060\100\060\016\006\003\125\035\017
|
||||
\001\001\377\004\004\003\002\001\206\060\017\006\003\125\035\023
|
||||
\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
|
||||
\016\004\026\004\024\061\012\220\217\266\306\235\322\104\113\200
|
||||
\265\242\346\037\261\022\117\033\225\060\012\006\010\052\206\110
|
||||
\316\075\004\003\003\003\150\000\060\145\002\061\000\337\124\220
|
||||
\355\233\357\213\224\002\223\027\202\231\276\263\236\054\366\013
|
||||
\221\214\237\112\024\261\366\144\274\273\150\121\023\014\003\367
|
||||
\025\213\204\140\271\213\377\122\216\347\214\274\034\002\060\074
|
||||
\371\021\324\214\116\300\301\141\302\025\114\252\253\035\013\061
|
||||
\137\073\034\342\000\227\104\061\346\376\163\226\057\332\226\323
|
||||
\376\010\007\263\064\211\274\005\237\367\036\206\356\213\160
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
|
||||
# Trust for "GlobalSign"
|
||||
# Issuer: CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE
|
||||
# Serial Number:11:d2:bb:ba:33:6e:d4:bc:e6:24:68:c5:0d:84:1d:98:e8:43
|
||||
# Subject: CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE
|
||||
# Not Valid Before: Wed Mar 20 00:00:00 2019
|
||||
# Not Valid After : Tue Mar 20 00:00:00 2046
|
||||
# Fingerprint (SHA-256): CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58
|
||||
# Fingerprint (SHA1): 39:B4:6C:D5:FE:80:06:EB:E2:2F:4A:BB:08:33:A0:AF:DB:B9:DD:84
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "GlobalSign"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\071\264\154\325\376\200\006\353\342\057\112\273\010\063\240\257
|
||||
\333\271\335\204
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\265\270\146\355\336\010\203\343\311\342\001\064\006\254\121\157
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\106\061\013\060\011\006\003\125\004\006\023\002\102\105\061
|
||||
\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
|
||||
\123\151\147\156\040\156\166\055\163\141\061\034\060\032\006\003
|
||||
\125\004\003\023\023\107\154\157\142\141\154\123\151\147\156\040
|
||||
\122\157\157\164\040\105\064\066
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\022\021\322\273\272\063\156\324\274\346\044\150\305\015\204
|
||||
\035\230\350\103
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
||||
#
|
||||
# Certificate "GlobalSign"
|
||||
#
|
||||
# Issuer: CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE
|
||||
# Serial Number:11:d2:bb:b9:d7:23:18:9e:40:5f:0a:9d:2d:d0:df:25:67:d1
|
||||
# Subject: CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE
|
||||
# Not Valid Before: Wed Mar 20 00:00:00 2019
|
||||
# Not Valid After : Tue Mar 20 00:00:00 2046
|
||||
# Fingerprint (SHA-256): 4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9
|
||||
# Fingerprint (SHA1): 53:A2:B0:4B:CA:6B:D6:45:E6:39:8A:8E:C4:0D:D2:BF:77:C3:A2:90
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "GlobalSign"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\106\061\013\060\011\006\003\125\004\006\023\002\102\105\061
|
||||
\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
|
||||
\123\151\147\156\040\156\166\055\163\141\061\034\060\032\006\003
|
||||
\125\004\003\023\023\107\154\157\142\141\154\123\151\147\156\040
|
||||
\122\157\157\164\040\122\064\066
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\106\061\013\060\011\006\003\125\004\006\023\002\102\105\061
|
||||
\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
|
||||
\123\151\147\156\040\156\166\055\163\141\061\034\060\032\006\003
|
||||
\125\004\003\023\023\107\154\157\142\141\154\123\151\147\156\040
|
||||
\122\157\157\164\040\122\064\066
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\022\021\322\273\271\327\043\030\236\100\137\012\235\055\320
|
||||
\337\045\147\321
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\005\132\060\202\003\102\240\003\002\001\002\002\022\021
|
||||
\322\273\271\327\043\030\236\100\137\012\235\055\320\337\045\147
|
||||
\321\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000
|
||||
\060\106\061\013\060\011\006\003\125\004\006\023\002\102\105\061
|
||||
\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
|
||||
\123\151\147\156\040\156\166\055\163\141\061\034\060\032\006\003
|
||||
\125\004\003\023\023\107\154\157\142\141\154\123\151\147\156\040
|
||||
\122\157\157\164\040\122\064\066\060\036\027\015\061\071\060\063
|
||||
\062\060\060\060\060\060\060\060\132\027\015\064\066\060\063\062
|
||||
\060\060\060\060\060\060\060\132\060\106\061\013\060\011\006\003
|
||||
\125\004\006\023\002\102\105\061\031\060\027\006\003\125\004\012
|
||||
\023\020\107\154\157\142\141\154\123\151\147\156\040\156\166\055
|
||||
\163\141\061\034\060\032\006\003\125\004\003\023\023\107\154\157
|
||||
\142\141\154\123\151\147\156\040\122\157\157\164\040\122\064\066
|
||||
\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
|
||||
\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
|
||||
\000\254\254\164\062\350\263\145\345\272\355\103\046\035\246\211
|
||||
\015\105\272\051\210\262\244\035\143\335\323\301\054\011\127\211
|
||||
\071\241\125\351\147\064\167\014\156\344\125\035\122\045\322\023
|
||||
\153\136\341\035\251\267\175\211\062\137\015\236\237\054\172\143
|
||||
\140\100\037\246\260\266\170\217\231\124\226\010\130\256\344\006
|
||||
\274\142\005\002\026\277\257\250\043\003\266\224\017\274\156\154
|
||||
\302\313\325\246\273\014\351\366\301\002\373\041\336\146\335\027
|
||||
\253\164\102\357\360\164\057\045\364\352\153\125\133\220\333\235
|
||||
\337\136\207\012\100\373\255\031\153\373\367\312\140\210\336\332
|
||||
\301\217\326\256\325\177\324\074\203\356\327\026\114\203\105\063
|
||||
\153\047\320\206\320\034\055\153\363\253\175\361\205\251\365\050
|
||||
\322\255\357\363\204\113\034\207\374\023\243\072\162\242\132\021
|
||||
\053\326\047\161\047\355\201\055\155\146\201\222\207\264\033\130
|
||||
\172\314\077\012\372\106\117\115\170\134\370\053\110\343\004\204
|
||||
\313\135\366\264\152\263\145\374\102\236\121\046\043\040\313\075
|
||||
\024\371\201\355\145\026\000\117\032\144\227\146\010\317\214\173
|
||||
\343\053\300\235\371\024\362\033\361\126\152\026\277\054\205\205
|
||||
\315\170\070\232\353\102\152\002\064\030\203\027\116\224\126\370
|
||||
\266\202\265\363\226\335\075\363\276\177\040\167\076\173\031\043
|
||||
\153\054\324\162\163\103\127\175\340\370\327\151\117\027\066\004
|
||||
\371\300\220\140\067\105\336\346\014\330\164\215\256\234\242\155
|
||||
\164\135\102\276\006\365\331\144\156\002\020\254\211\260\114\073
|
||||
\007\115\100\176\044\305\212\230\202\171\216\244\247\202\040\215
|
||||
\043\372\047\161\311\337\306\101\164\240\115\366\221\026\334\106
|
||||
\214\137\051\143\061\131\161\014\330\157\302\266\062\175\373\346
|
||||
\135\123\246\176\025\374\273\165\174\135\354\370\366\027\034\354
|
||||
\307\153\031\313\363\173\360\053\007\245\331\154\171\124\166\154
|
||||
\235\034\246\156\016\351\171\014\250\043\152\243\337\033\060\061
|
||||
\237\261\124\173\376\152\313\146\252\334\145\320\242\236\112\232
|
||||
\007\041\153\201\217\333\304\131\372\336\042\300\004\234\343\252
|
||||
\133\066\223\350\075\275\172\241\235\013\166\261\013\307\235\375
|
||||
\317\230\250\006\302\370\052\243\241\203\240\267\045\162\245\002
|
||||
\343\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035
|
||||
\017\001\001\377\004\004\003\002\001\206\060\017\006\003\125\035
|
||||
\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
|
||||
\035\016\004\026\004\024\003\134\253\163\201\207\250\314\260\246
|
||||
\325\224\342\066\226\111\377\005\231\054\060\015\006\011\052\206
|
||||
\110\206\367\015\001\001\014\005\000\003\202\002\001\000\174\170
|
||||
\354\366\002\054\273\133\176\222\053\135\071\334\276\330\035\242
|
||||
\102\063\115\371\357\244\052\073\104\151\036\254\331\105\243\116
|
||||
\074\247\330\044\121\262\124\034\223\116\304\357\173\223\205\140
|
||||
\046\352\011\110\340\365\273\307\351\150\322\273\152\061\161\314
|
||||
\171\256\021\250\360\231\375\345\037\274\057\250\314\127\353\166
|
||||
\304\041\246\107\123\125\115\150\277\005\244\356\327\046\253\142
|
||||
\332\103\067\113\342\306\265\345\262\203\031\072\307\323\333\115
|
||||
\236\010\172\363\356\317\076\142\373\254\350\140\314\321\307\241
|
||||
\134\203\105\304\105\314\363\027\153\024\311\004\002\076\322\044
|
||||
\246\171\351\036\316\242\347\301\131\025\237\035\342\113\232\076
|
||||
\237\166\010\055\153\330\272\127\024\332\203\352\376\214\125\351
|
||||
\320\116\251\314\167\061\261\104\021\172\134\261\076\323\024\105
|
||||
\025\030\142\044\023\322\313\115\316\134\203\301\066\362\020\265
|
||||
\016\210\155\270\341\126\237\211\336\226\146\071\107\144\054\156
|
||||
\115\256\142\173\277\140\164\031\270\126\254\222\254\026\062\355
|
||||
\255\150\125\376\230\272\323\064\336\364\311\141\303\016\206\366
|
||||
\113\204\140\356\015\173\265\062\130\171\221\125\054\201\103\263
|
||||
\164\037\172\252\045\236\035\327\241\213\271\315\102\056\004\244
|
||||
\146\203\115\211\065\266\154\250\066\112\171\041\170\042\320\102
|
||||
\274\321\100\061\220\241\276\004\317\312\147\355\365\360\200\323
|
||||
\140\311\203\052\042\005\320\007\073\122\277\014\236\252\053\371
|
||||
\273\346\037\217\045\272\205\215\027\036\002\376\135\120\004\127
|
||||
\317\376\055\274\357\134\300\032\253\266\237\044\306\337\163\150
|
||||
\110\220\054\024\364\077\122\032\344\322\313\024\303\141\151\317
|
||||
\342\371\030\305\272\063\237\024\243\004\135\271\161\367\265\224
|
||||
\330\366\063\301\132\301\064\213\174\233\335\223\072\347\023\242
|
||||
\160\141\237\257\217\353\330\305\165\370\063\146\324\164\147\072
|
||||
\067\167\234\347\335\244\017\166\103\146\212\103\362\237\373\014
|
||||
\102\170\143\321\342\017\157\173\324\241\075\164\227\205\267\110
|
||||
\071\101\326\040\374\320\072\263\372\350\157\304\212\272\161\067
|
||||
\276\213\227\261\170\061\117\263\347\266\003\023\316\124\235\256
|
||||
\045\131\314\177\065\137\010\367\100\105\061\170\052\172
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
|
||||
# Trust for "GlobalSign"
|
||||
# Issuer: CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE
|
||||
# Serial Number:11:d2:bb:b9:d7:23:18:9e:40:5f:0a:9d:2d:d0:df:25:67:d1
|
||||
# Subject: CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE
|
||||
# Not Valid Before: Wed Mar 20 00:00:00 2019
|
||||
# Not Valid After : Tue Mar 20 00:00:00 2046
|
||||
# Fingerprint (SHA-256): 4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9
|
||||
# Fingerprint (SHA1): 53:A2:B0:4B:CA:6B:D6:45:E6:39:8A:8E:C4:0D:D2:BF:77:C3:A2:90
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "GlobalSign"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\123\242\260\113\312\153\326\105\346\071\212\216\304\015\322\277
|
||||
\167\303\242\220
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\304\024\060\344\372\146\103\224\052\152\033\044\137\031\320\357
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\106\061\013\060\011\006\003\125\004\006\023\002\102\105\061
|
||||
\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
|
||||
\123\151\147\156\040\156\166\055\163\141\061\034\060\032\006\003
|
||||
\125\004\003\023\023\107\154\157\142\141\154\123\151\147\156\040
|
||||
\122\157\157\164\040\122\064\066
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\022\021\322\273\271\327\043\030\236\100\137\012\235\055\320
|
||||
\337\045\147\321
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
||||
#
|
||||
# Certificate "GLOBALTRUST"
|
||||
#
|
||||
# Issuer: CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT
|
||||
# Serial Number:5a:4b:bd:5a:fb:4f:8a:5b:fa:65:e5
|
||||
# Subject: CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT
|
||||
# Not Valid Before: Mon Feb 10 00:00:00 2020
|
||||
# Not Valid After : Sun Jun 10 00:00:00 2040
|
||||
# Fingerprint (SHA-256): 9A:29:6A:51:82:D1:D4:51:A2:E3:7F:43:9B:74:DA:AF:A2:67:52:33:29:F9:0F:9A:0D:20:07:C3:34:E2:3C:9A
|
||||
# Fingerprint (SHA1): D0:67:C1:13:51:01:0C:AA:D0:C7:6A:65:37:31:16:26:4F:53:71:A2
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "GLOBALTRUST"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\115\061\013\060\011\006\003\125\004\006\023\002\101\124\061
|
||||
\043\060\041\006\003\125\004\012\023\032\145\055\143\157\155\155
|
||||
\145\162\143\145\040\155\157\156\151\164\157\162\151\156\147\040
|
||||
\107\155\142\110\061\031\060\027\006\003\125\004\003\023\020\107
|
||||
\114\117\102\101\114\124\122\125\123\124\040\062\060\062\060
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\115\061\013\060\011\006\003\125\004\006\023\002\101\124\061
|
||||
\043\060\041\006\003\125\004\012\023\032\145\055\143\157\155\155
|
||||
\145\162\143\145\040\155\157\156\151\164\157\162\151\156\147\040
|
||||
\107\155\142\110\061\031\060\027\006\003\125\004\003\023\020\107
|
||||
\114\117\102\101\114\124\122\125\123\124\040\062\060\062\060
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\013\132\113\275\132\373\117\212\133\372\145\345
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\005\202\060\202\003\152\240\003\002\001\002\002\013\132
|
||||
\113\275\132\373\117\212\133\372\145\345\060\015\006\011\052\206
|
||||
\110\206\367\015\001\001\013\005\000\060\115\061\013\060\011\006
|
||||
\003\125\004\006\023\002\101\124\061\043\060\041\006\003\125\004
|
||||
\012\023\032\145\055\143\157\155\155\145\162\143\145\040\155\157
|
||||
\156\151\164\157\162\151\156\147\040\107\155\142\110\061\031\060
|
||||
\027\006\003\125\004\003\023\020\107\114\117\102\101\114\124\122
|
||||
\125\123\124\040\062\060\062\060\060\036\027\015\062\060\060\062
|
||||
\061\060\060\060\060\060\060\060\132\027\015\064\060\060\066\061
|
||||
\060\060\060\060\060\060\060\132\060\115\061\013\060\011\006\003
|
||||
\125\004\006\023\002\101\124\061\043\060\041\006\003\125\004\012
|
||||
\023\032\145\055\143\157\155\155\145\162\143\145\040\155\157\156
|
||||
\151\164\157\162\151\156\147\040\107\155\142\110\061\031\060\027
|
||||
\006\003\125\004\003\023\020\107\114\117\102\101\114\124\122\125
|
||||
\123\124\040\062\060\062\060\060\202\002\042\060\015\006\011\052
|
||||
\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
|
||||
\202\002\012\002\202\002\001\000\256\056\126\255\033\034\357\366
|
||||
\225\217\240\167\033\053\323\143\217\204\115\105\242\017\237\133
|
||||
\105\253\131\173\121\064\371\354\213\212\170\305\335\153\257\275
|
||||
\304\337\223\105\036\277\221\070\013\256\016\026\347\101\163\370
|
||||
\333\273\321\270\121\340\313\203\073\163\070\156\167\212\017\131
|
||||
\143\046\315\247\052\316\124\373\270\342\300\174\107\316\140\174
|
||||
\077\262\163\362\300\031\266\212\222\207\065\015\220\050\242\344
|
||||
\025\004\143\076\272\257\356\174\136\314\246\213\120\262\070\367
|
||||
\101\143\312\316\377\151\217\150\016\225\066\345\314\271\214\011
|
||||
\312\113\335\061\220\226\310\314\037\375\126\226\064\333\216\034
|
||||
\352\054\276\205\056\143\335\252\251\225\323\375\051\225\023\360
|
||||
\310\230\223\331\055\026\107\220\021\203\242\072\042\242\050\127
|
||||
\242\353\376\300\214\050\240\246\175\347\052\102\073\202\200\143
|
||||
\245\143\037\031\314\174\262\146\250\302\323\155\067\157\342\176
|
||||
\006\121\331\105\204\037\022\316\044\122\144\205\013\110\200\116
|
||||
\207\261\042\042\060\252\353\256\276\340\002\340\100\350\260\102
|
||||
\200\003\121\252\264\176\252\104\327\103\141\363\242\153\026\211
|
||||
\111\244\243\244\053\212\002\304\170\364\150\212\301\344\172\066
|
||||
\261\157\033\226\033\167\111\215\324\311\006\162\217\317\123\343
|
||||
\334\027\205\040\112\334\230\047\323\221\046\053\107\036\151\007
|
||||
\257\336\242\344\344\324\153\013\263\136\174\324\044\200\107\051
|
||||
\151\073\156\350\254\375\100\353\330\355\161\161\053\362\350\130
|
||||
\035\353\101\227\042\305\037\324\071\320\047\217\207\343\030\364
|
||||
\340\251\106\015\365\164\072\202\056\320\156\054\221\243\061\134
|
||||
\073\106\352\173\004\020\126\136\200\035\365\245\145\350\202\374
|
||||
\342\007\214\142\105\365\040\336\106\160\206\241\274\223\323\036
|
||||
\164\246\154\260\054\367\003\014\210\014\313\324\162\123\206\274
|
||||
\140\106\363\230\152\302\361\277\103\371\160\040\167\312\067\101
|
||||
\171\125\122\143\215\133\022\237\305\150\304\210\235\254\362\060
|
||||
\253\267\243\061\227\147\255\217\027\017\154\307\163\355\044\224
|
||||
\153\310\203\232\320\232\067\111\004\253\261\026\310\154\111\111
|
||||
\055\253\241\320\214\222\362\101\112\171\041\045\333\143\327\266
|
||||
\234\247\176\102\151\373\072\143\002\003\001\000\001\243\143\060
|
||||
\141\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
|
||||
\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002
|
||||
\001\006\060\035\006\003\125\035\016\004\026\004\024\334\056\037
|
||||
\321\141\067\171\344\253\325\325\263\022\161\150\075\152\150\234
|
||||
\042\060\037\006\003\125\035\043\004\030\060\026\200\024\334\056
|
||||
\037\321\141\067\171\344\253\325\325\263\022\161\150\075\152\150
|
||||
\234\042\060\015\006\011\052\206\110\206\367\015\001\001\013\005
|
||||
\000\003\202\002\001\000\221\360\102\002\150\100\356\303\150\300
|
||||
\124\057\337\354\142\303\303\236\212\240\061\050\252\203\216\244
|
||||
\126\226\022\020\206\126\272\227\162\322\124\060\174\255\031\325
|
||||
\035\150\157\373\024\102\330\215\016\363\265\321\245\343\002\102
|
||||
\136\334\350\106\130\007\065\002\060\340\274\164\112\301\103\052
|
||||
\377\333\032\320\260\257\154\303\375\313\263\365\177\155\003\056
|
||||
\131\126\235\055\055\065\214\262\326\103\027\054\222\012\313\135
|
||||
\350\214\017\113\160\103\320\202\377\250\314\277\244\224\300\276
|
||||
\207\275\212\343\223\173\306\217\233\026\235\047\145\274\172\305
|
||||
\102\202\154\134\007\320\251\301\210\140\104\351\230\205\026\137
|
||||
\370\217\312\001\020\316\045\303\371\140\033\240\305\227\303\323
|
||||
\054\210\061\242\275\060\354\320\320\300\022\361\301\071\343\345
|
||||
\365\370\326\112\335\064\315\373\157\301\117\343\000\213\126\342
|
||||
\222\367\050\262\102\167\162\043\147\307\077\021\025\262\304\003
|
||||
\005\276\273\021\173\012\277\250\156\347\377\130\103\317\233\147
|
||||
\240\200\007\266\035\312\255\155\352\101\021\176\055\164\223\373
|
||||
\302\274\276\121\104\305\357\150\045\047\200\343\310\240\324\022
|
||||
\354\331\245\067\035\067\174\264\221\312\332\324\261\226\201\357
|
||||
\150\134\166\020\111\257\176\245\067\200\261\034\122\275\063\201
|
||||
\114\217\371\335\145\331\024\315\212\045\130\364\342\305\203\245
|
||||
\011\220\324\154\024\143\265\100\337\353\300\374\304\130\176\015
|
||||
\024\026\207\124\047\156\126\344\160\204\270\154\062\022\176\202
|
||||
\061\103\276\327\335\174\241\255\256\326\253\040\022\357\012\303
|
||||
\020\214\111\226\065\334\013\165\136\261\117\325\117\064\016\021
|
||||
\040\007\165\103\105\351\243\021\332\254\243\231\302\266\171\047
|
||||
\342\271\357\310\342\366\065\051\172\164\372\305\177\202\005\142
|
||||
\246\012\352\150\262\171\107\006\156\362\127\250\025\063\306\367
|
||||
\170\112\075\102\173\153\176\376\367\106\352\321\353\216\357\210
|
||||
\150\133\350\301\331\161\176\375\144\357\377\147\107\210\130\045
|
||||
\057\076\206\007\275\373\250\345\202\250\254\245\323\151\103\315
|
||||
\061\210\111\204\123\222\300\261\071\033\071\203\001\060\304\362
|
||||
\251\372\320\003\275\162\067\140\126\037\066\174\275\071\221\365
|
||||
\155\015\277\173\327\222
|
||||
END
|
||||
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
|
||||
CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
|
||||
|
||||
# Trust for "GLOBALTRUST"
|
||||
# Issuer: CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT
|
||||
# Serial Number:5a:4b:bd:5a:fb:4f:8a:5b:fa:65:e5
|
||||
# Subject: CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT
|
||||
# Not Valid Before: Mon Feb 10 00:00:00 2020
|
||||
# Not Valid After : Sun Jun 10 00:00:00 2040
|
||||
# Fingerprint (SHA-256): 9A:29:6A:51:82:D1:D4:51:A2:E3:7F:43:9B:74:DA:AF:A2:67:52:33:29:F9:0F:9A:0D:20:07:C3:34:E2:3C:9A
|
||||
# Fingerprint (SHA1): D0:67:C1:13:51:01:0C:AA:D0:C7:6A:65:37:31:16:26:4F:53:71:A2
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "GLOBALTRUST"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\320\147\301\023\121\001\014\252\320\307\152\145\067\061\026\046
|
||||
\117\123\161\242
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\212\307\157\313\155\343\314\242\361\174\203\372\016\170\327\350
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\115\061\013\060\011\006\003\125\004\006\023\002\101\124\061
|
||||
\043\060\041\006\003\125\004\012\023\032\145\055\143\157\155\155
|
||||
\145\162\143\145\040\155\157\156\151\164\157\162\151\156\147\040
|
||||
\107\155\142\110\061\031\060\027\006\003\125\004\003\023\020\107
|
||||
\114\117\102\101\114\124\122\125\123\124\040\062\060\062\060
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\013\132\113\275\132\373\117\212\133\372\145\345
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
--- a/src/cairo-ft-font.c
|
||||
+++ b/src/cairo-ft-font.c
|
||||
@@ -2393,7 +2393,11 @@
|
||||
done:
|
||||
free (coords);
|
||||
free (current_coords);
|
||||
+#if HAVE_FT_DONE_MM_VAR
|
||||
+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
|
||||
+#else
|
||||
free (ft_mm_var);
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
|
@ -1,13 +1,14 @@
|
|||
Summary: A 2D graphics library.
|
||||
Name: cairo
|
||||
Version: 1.16.0
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: LGPLv2 or MPLv1.1
|
||||
URL: https://cairographics.org
|
||||
Group: System Environment/Libraries
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Source0: https://cairographics.org/releases/%{name}-%{version}.tar.xz
|
||||
Patch0: CVE-2018-19876.patch
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: libpng-devel
|
||||
BuildRequires: libxml2-devel
|
||||
|
@ -58,7 +59,7 @@ Requires: fontconfig-devel
|
|||
It contains the libraries and header files to create applications
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
./configure \
|
||||
|
@ -106,6 +107,10 @@ find %{buildroot} -name '*.la' -delete
|
|||
%{_libdir}/pkgconfig/*.pc
|
||||
|
||||
%changelog
|
||||
* Fri Mar 26 2021 Thomas Crain <thcrain@microsoft.com> - 1.16.0-6
|
||||
- Merge the following releases from 1.0 to dev branch
|
||||
- niontive@microsoft.com, 1.16.0-5: Fix CVE-2018-19876
|
||||
|
||||
* Thu Feb 04 2021 Joe Schmitt <joschmit@microsoft.com> - 1.16.0-5
|
||||
- Import gobject support from Fedora 32 spec (license: MIT)
|
||||
- Update URLs to https
|
||||
|
|
|
@ -7,9 +7,9 @@
|
|||
"calamares-auto_it.ts": "16c666c68dfd16ecbf45e07312f435859a66f689faa6e751c08f15ef9cfd7a7e",
|
||||
"calamares-finished-1.1.0.tar.gz": "d2b0f03989c33521e3e3e1b24e2d2ad99e98b9f058097bf8c278520feac4f428",
|
||||
"calamares-license-1.1.0.tar.gz": "01f497ce6f6eeda2d9e9dc9c9ddd8c85e239d53bc6290904562045c9d3a79dcb",
|
||||
"calamares-partition-1.1.1.tar.gz": "8cd817807ef27cab31daacc5be0c5600eac34c9dc255a269d3f12368648fd42d",
|
||||
"calamares-partition-1.1.2.tar.gz": "b935fe4e76c993314910b5181a0c9596b335bfd14fc63e07f30075b7b4e27e8f",
|
||||
"calamares-users-1.1.0.tar.gz": "ae6cabb21bce0e62ad895f27c8cc5a1ee91375ff3ac4c2c01e250ac934c68cd6",
|
||||
"calamares-welcome-1.1.0.tar.gz": "4c504047d4bec3fc899e12cecccf134b66ff22a73d7eec718c8128db01a3113e",
|
||||
"calamares-welcome-1.1.1.tar.gz": "1ecb043cf8c01502a7fc38882241eb49cdd7b454ea1fda32783b4c3ce231fda7",
|
||||
"license.conf": "47b82c94103300158821d6f519da994656cc79dfb7456ed056da4c8b41be279e",
|
||||
"mariner-eula": "0ced44f6b796bc879424b4cb790d706e6b3e38e414ae8b7be3c146ddc7a00a5e",
|
||||
"mariner-logo.png": "feabd02d2540bb826af2bd895c30031725dc3c9179d6e05bd1a8b1504918a14c",
|
||||
|
|
|
@ -1,29 +1,25 @@
|
|||
# This package depends on automagic byte compilation
|
||||
# https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2
|
||||
%global _python_bytecompile_extra 1
|
||||
|
||||
Summary: Installer from a live CD/DVD/USB to disk
|
||||
# do not use QtWebEngine because it no longer works with QtWebEngine >= 5.11
|
||||
# (it now refuses to run as root unless "export QTWEBENGINE_DISABLE_SANDBOX=1")
|
||||
# https://github.com/calamares/calamares/issues/1051
|
||||
|
||||
Name: calamares
|
||||
Version: 3.2.11
|
||||
Release: 36%{?dist}
|
||||
Summary: Installer from a live CD/DVD/USB to disk
|
||||
Release: 37%{?dist}
|
||||
License: GPLv3+
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
||||
License: GPLv3+
|
||||
URL: https://calamares.io/
|
||||
# Source0..19 - source tarballs
|
||||
Source0: https://github.com/calamares/calamares/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
||||
# Source1..4 is an artifact from https://dev.azure.com/mariner-org/mariner/_git/calamares-installer-module
|
||||
Source1: calamares-users-1.1.0.tar.gz
|
||||
Source2: calamares-finished-1.1.0.tar.gz
|
||||
Source3: calamares-welcome-1.1.0.tar.gz
|
||||
Source4: calamares-partition-1.1.1.tar.gz
|
||||
Source3: calamares-welcome-1.1.1.tar.gz
|
||||
Source4: calamares-partition-1.1.2.tar.gz
|
||||
Source5: calamares-license-1.1.0.tar.gz
|
||||
|
||||
# Source20..39 - configuration files
|
||||
Source20: license.conf
|
||||
Source21: settings.conf
|
||||
|
@ -31,7 +27,6 @@ Source22: show.qml
|
|||
Source23: branding.desc
|
||||
Source24: users.conf
|
||||
Source25: stylesheet.qss
|
||||
|
||||
# Source40..100 - Assets
|
||||
Source40: mariner-logo.png
|
||||
# Run:
|
||||
|
@ -48,61 +43,48 @@ Source42: calamares-auto_de.ts
|
|||
Source43: calamares-auto_it.ts
|
||||
Source52: mariner-welcome.png
|
||||
Source53: mariner-eula
|
||||
|
||||
# adjust some default settings (default shipped .conf files)
|
||||
Patch0: calamares-3.2.11-default-settings.patch
|
||||
Patch1: use-single-job-for-progress-bar-value.patch
|
||||
Patch2: navigation-buttons-autodefault.patch
|
||||
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
# Macros
|
||||
BuildRequires: kf5-rpm-macros
|
||||
|
||||
# Fonts
|
||||
Requires: freefont
|
||||
|
||||
# Compilation tools
|
||||
BuildRequires: cmake
|
||||
BuildRequires: extra-cmake-modules
|
||||
BuildRequires: gcc
|
||||
BuildRequires: pkg-config
|
||||
|
||||
|
||||
# Other build-time tools
|
||||
BuildRequires: gettext
|
||||
|
||||
# Qt 5
|
||||
BuildRequires: qt5-linguist >= 5.10
|
||||
BuildRequires: qt5-qtbase-devel >= 5.10
|
||||
BuildRequires: qt5-qtdeclarative-devel >= 5.10
|
||||
BuildRequires: qt5-qtsvg-devel >= 5.10
|
||||
|
||||
# KF5
|
||||
BuildRequires: kf5-kconfig-devel
|
||||
BuildRequires: kf5-kcoreaddons-devel
|
||||
BuildRequires: kf5-ki18n-devel
|
||||
BuildRequires: kf5-kwidgetsaddons-devel
|
||||
|
||||
# Macros
|
||||
BuildRequires: kf5-rpm-macros
|
||||
# KPMCORE
|
||||
BuildRequires: kpmcore-devel >= 3.3
|
||||
BuildRequires: libatasmart-devel
|
||||
BuildRequires: util-linux-devel
|
||||
|
||||
# Python 3
|
||||
BuildRequires: python3-devel >= 3.3
|
||||
|
||||
# Other libraries
|
||||
BuildRequires: libgcrypt-devel
|
||||
BuildRequires: libpwquality-devel
|
||||
BuildRequires: parted
|
||||
BuildRequires: pkg-config
|
||||
# Python 3
|
||||
BuildRequires: python3-devel >= 3.3
|
||||
# Qt 5
|
||||
BuildRequires: qt5-linguist >= 5.10
|
||||
BuildRequires: qt5-qtbase-devel >= 5.10
|
||||
BuildRequires: qt5-qtdeclarative-devel >= 5.10
|
||||
BuildRequires: qt5-qtsvg-devel >= 5.10
|
||||
BuildRequires: util-linux-devel
|
||||
BuildRequires: yaml-cpp-devel >= 0.5.1
|
||||
|
||||
Requires: coreutils
|
||||
Requires: grub2
|
||||
Requires: efibootmgr
|
||||
Requires: systemd
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Requires: coreutils
|
||||
Requires: efibootmgr
|
||||
# Fonts
|
||||
Requires: freefont
|
||||
Requires: grub2
|
||||
Requires: systemd
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
%description
|
||||
Calamares is a distribution-independent installer framework, designed to install
|
||||
|
@ -118,7 +100,6 @@ Requires: %{name} = %{version}-%{release}
|
|||
%description libs
|
||||
%{summary}.
|
||||
|
||||
|
||||
%package devel
|
||||
Summary: Development files for %{name}
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
|
@ -157,7 +138,7 @@ rm -f src/modules/*/*.conf.default-settings
|
|||
%build
|
||||
mkdir -p %{_target_platform}
|
||||
pushd %{_target_platform}
|
||||
%{cmake_kf5} -DBUILD_TESTING:BOOL=OFF -DWITH_PYTHONQT:BOOL=OFF -DCMAKE_BUILD_TYPE:STRING="RelWithDebInfo" -DINSTALL_POLKIT:BOOL=OFF ..
|
||||
%cmake_kf5 -DBUILD_TESTING:BOOL=OFF -DWITH_PYTHONQT:BOOL=OFF -DCMAKE_BUILD_TYPE:STRING="RelWithDebInfo" -DINSTALL_POLKIT:BOOL=OFF ..
|
||||
popd
|
||||
|
||||
make %{?_smp_mflags} -C %{_target_platform}
|
||||
|
@ -200,7 +181,7 @@ install -p -m 644 %{SOURCE53} %{buildroot}%{_sysconfdir}/calamares/mariner-eula
|
|||
|
||||
%files -f calamares-python.lang
|
||||
%license LICENSE
|
||||
%doc LICENSE AUTHORS
|
||||
%doc AUTHORS
|
||||
%{_bindir}/calamares
|
||||
%dir %{_datadir}/calamares/
|
||||
%{_datadir}/calamares/settings.conf
|
||||
|
@ -234,6 +215,10 @@ install -p -m 644 %{SOURCE53} %{buildroot}%{_sysconfdir}/calamares/mariner-eula
|
|||
%{_libdir}/cmake/Calamares/
|
||||
|
||||
%changelog
|
||||
* Mon Jan 25 2021 Nicolas Ontiveros <niontive@microsoft.com> - 3.2.11-37
|
||||
- Add "dmroot" flag to encrypted partition
|
||||
- Hide verity root read only skus
|
||||
|
||||
* Fri Sep 04 2020 Nicolas Ontiveros <niontive@microsoft.com> 3.2.11-36
|
||||
- Add dictionary check for root encryption passphrase.
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
Name: chrony
|
||||
Version: 3.5.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: An NTP client/server
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
@ -33,6 +33,12 @@ BuildRequires: libseccomp-devel
|
|||
BuildRequires: nettle-devel
|
||||
BuildRequires: systemd
|
||||
|
||||
%if %{with_check}
|
||||
BuildRequires: net-tools
|
||||
BuildRequires: tzdata
|
||||
BuildRequires: which
|
||||
%endif
|
||||
|
||||
Requires(pre): shadow-utils
|
||||
%{?systemd_requires}
|
||||
|
||||
|
@ -195,6 +201,9 @@ systemctl start chronyd.service
|
|||
%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony
|
||||
|
||||
%changelog
|
||||
* Fri Jan 15 2021 Andrew Phelps <anphel@microsoft.com> - 3.5.1-3
|
||||
- Add build requirements needed for check tests
|
||||
|
||||
* Thu Oct 01 2020 Thomas Crain <thcrain@microsoft.com> - 3.5.1-2
|
||||
- Remove chrony-wait service as a boot dependency
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"clamav-0.101.2.tar.gz": "0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634"
|
||||
"clamav-0.103.0.tar.gz": "32a9745277bfdda80e77ac9ca2f5990897418e9416880f3c31553ca673e80546"
|
||||
}
|
||||
}
|
|
@ -1,24 +1,26 @@
|
|||
%{!?python2_sitelib: %global python2_sitelib %(python2 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
|
||||
%{!?python3_sitelib: %global python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
|
||||
|
||||
Summary: Open source antivirus engine
|
||||
Name: clamav
|
||||
Version: 0.101.2
|
||||
Release: 4%{?dist}
|
||||
License: ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
|
||||
Version: 0.103.0
|
||||
Release: 2%{?dist}
|
||||
License: ASL 2.0 and BSD and bzip2-1.0.4 and GPLv2 and LGPLv2+ and MIT and Public Domain and UnRar
|
||||
Group: System Environment/Security
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment/Security
|
||||
URL: https://www.clamav.net
|
||||
Source0: %{url}/downloads/production/%{name}-%{version}.tar.gz
|
||||
|
||||
BuildRequires: libtool
|
||||
BuildRequires: zlib-devel
|
||||
# Workaround for coreutils missing requirement flex
|
||||
BuildRequires: flex-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: openssl-devel
|
||||
# Required to produce systemd files
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: zlib-devel
|
||||
Requires: openssl
|
||||
BuildRequires: openssl-devel
|
||||
Requires: zlib
|
||||
Requires: openssl
|
||||
|
||||
%description
|
||||
ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations
|
||||
|
@ -40,8 +42,11 @@ make install DESTDIR=%{buildroot}
|
|||
%check
|
||||
make %{?_smp_mflags} check
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
|
@ -59,18 +64,20 @@ make %{?_smp_mflags} check
|
|||
%{_mandir}/man5/*
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Fri Nov 06 2020 Ruying Chen <v-ruyche@microsoft.com> - 0.101.2-4
|
||||
- Systemd supports merged /usr. Update units file location and macro.
|
||||
|
||||
%changelog
|
||||
* Fri Apr 02 2021 Thomas Crain <thcrain@microsoft.com> - 0.103.0-2
|
||||
- Merge the following releases from dev to 1.0 spec
|
||||
- v-ruyche@microsoft.com, 0.101.2-4: Systemd supports merged /usr. Update units file location and macro.
|
||||
|
||||
* Tue Oct 27 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 0.103.0-1
|
||||
- Updating to 0.103.0 to fix: CVE-2019-12625, CVE-2019-15961.
|
||||
* Mon Oct 19 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 0.101.2-3
|
||||
- License verified.
|
||||
- Added %%license macro.
|
||||
- Switching to using the %%configure macro.
|
||||
- Extended package's summary and description.
|
||||
|
||||
* Wed Oct 02 2019 Mateusz Malisz <mamalisz@microsoft.com> 0.101.2-2
|
||||
- Fix vendor and distribution. Add systemd files to the list.
|
||||
|
||||
* Thu Jul 25 2019 Chad Zawistowski <chzawist@microsoft.com> 0.101.2-1
|
||||
- Initial CBL-Mariner import from Azure.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: C, C++, Objective C and Objective C++ front-end for the LLVM compiler.
|
||||
Name: clang
|
||||
Version: 8.0.1
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: NCSA
|
||||
URL: https://clang.llvm.org
|
||||
Source0: https://github.com/llvm/llvm-project/releases/download/llvmorg-%{version}/cfe-%{version}.src.tar.xz
|
||||
|
@ -44,6 +44,7 @@ mkdir -p build
|
|||
cd build
|
||||
cmake -DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DLLVM_ENABLE_RTTI=ON \
|
||||
-Wno-dev ..
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
@ -80,6 +81,8 @@ rm -rf %{buildroot}/*
|
|||
%{_includedir}/*
|
||||
|
||||
%changelog
|
||||
* Tue Feb 09 2021 Henry Beberman <henry.beberman@microsoft.com> 8.0.1-4
|
||||
- Enable RTTI (runtime type information) so other packages can depend on it.
|
||||
* Fri Jun 12 2020 Henry Beberman <henry.beberman@microsoft.com> 8.0.1-3
|
||||
- Temporarily disable generation of debug symbols.
|
||||
* Sat May 09 00:21:24 PST 2020 Nick Samson <nisamson@microsoft.com> - 8.0.1-2
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
From 9e9a317f48e2b84949607c9e2cb74af53868f701 Mon Sep 17 00:00:00 2001
|
||||
From: Dimitri John Ledkov <xnox@ubuntu.com>
|
||||
Date: Wed, 5 Feb 2020 00:33:05 +0000
|
||||
Subject: [PATCH] utils: use SystemRandom when generating random password.
|
||||
|
||||
As noticed by Seth Arnold, non-deterministic SystemRandom should be
|
||||
used when creating security sensitive random strings.
|
||||
|
||||
LP: #1860795
|
||||
---
|
||||
cloudinit/util.py | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cloudinit/util.py b/cloudinit/util.py
|
||||
index d99e82fa5..c02b3d9a5 100644
|
||||
--- a/cloudinit/util.py
|
||||
+++ b/cloudinit/util.py
|
||||
@@ -397,9 +397,10 @@ def translate_bool(val, addons=None):
|
||||
|
||||
|
||||
def rand_str(strlen=32, select_from=None):
|
||||
+ r = random.SystemRandom()
|
||||
if not select_from:
|
||||
select_from = string.ascii_letters + string.digits
|
||||
- return "".join([random.choice(select_from) for _x in range(0, strlen)])
|
||||
+ return "".join([r.choice(select_from) for _x in range(0, strlen)])
|
||||
|
||||
|
||||
def rand_dict_key(dictionary, postfix=None):
|
|
@ -0,0 +1,11 @@
|
|||
--- a/cloudinit/config/cc_set_passwords.py
|
||||
+++ b/cloudinit/config/cc_set_passwords.py
|
||||
@@ -220,7 +220,7 @@
|
||||
raise errors[-1]
|
||||
|
||||
|
||||
-def rand_user_password(pwlen=9):
|
||||
+def rand_user_password(pwlen=20):
|
||||
return util.rand_str(pwlen, select_from=PW_SET)
|
||||
|
||||
# vi: ts=4 expandtab
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Name: cloud-init
|
||||
Version: 19.1
|
||||
Release: 4%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Summary: Cloud instance init scripts
|
||||
Group: System Environment/Base
|
||||
License: GPLv3
|
||||
|
@ -14,14 +14,16 @@ Source1: cloud-mariner.cfg
|
|||
Source2: 99-disable-networking-config.cfg
|
||||
|
||||
Patch0: mariner-distro.patch
|
||||
Patch2: vca-admin-pwd.patch
|
||||
Patch3: mariner-hosts-template.patch
|
||||
Patch5: datasource-guestinfo.patch
|
||||
Patch6: systemd-service-changes.patch
|
||||
Patch7: makecheck.patch
|
||||
Patch8: systemd-resolved-config.patch
|
||||
Patch9: cloud-init-azureds.patch
|
||||
Patch10: ds-identity.patch
|
||||
Patch1: vca-admin-pwd.patch
|
||||
Patch2: mariner-hosts-template.patch
|
||||
Patch3: datasource-guestinfo.patch
|
||||
Patch4: systemd-service-changes.patch
|
||||
Patch5: makecheck.patch
|
||||
Patch6: systemd-resolved-config.patch
|
||||
Patch7: cloud-init-azureds.patch
|
||||
Patch8: ds-identity.patch
|
||||
Patch9: CVE-2020-8631.patch
|
||||
Patch10: CVE-2020-8632.patch
|
||||
|
||||
BuildRequires: python3
|
||||
BuildRequires: python3-libs
|
||||
|
@ -34,7 +36,12 @@ BuildRequires: python3-setuptools
|
|||
BuildRequires: python3-xml
|
||||
BuildRequires: python3-six
|
||||
# %if %{with_check}
|
||||
BuildRequires: dnf
|
||||
BuildRequires: python3-configobj
|
||||
BuildRequires: python3-pip
|
||||
BuildRequires: python3-requests
|
||||
BuildRequires: shadow-utils
|
||||
BuildRequires: sudo
|
||||
# %endif
|
||||
BuildRequires: python3-PyYAML
|
||||
BuildRequires: python3-urllib3
|
||||
|
@ -68,16 +75,7 @@ ssh keys and to let the user run various scripts.
|
|||
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch0 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%autosetup -p1 -n %{name}-%{version}
|
||||
|
||||
find systemd -name "cloud*.service*" | xargs sed -i s/StandardOutput=journal+console/StandardOutput=journal/g
|
||||
|
||||
|
@ -98,10 +96,16 @@ cp -p %{SOURCE1} %{buildroot}/%{_sysconfdir}/cloud/cloud.cfg
|
|||
cp -p %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/cloud/cloud.cfg.d/
|
||||
|
||||
%check
|
||||
easy_install_3=$(ls /usr/bin |grep easy_install |grep 3)
|
||||
ln -s /usr/bin/pip3 /usr/bin/pip
|
||||
$easy_install_3 tox
|
||||
tox -e py36
|
||||
pip3 install atomicwrites
|
||||
pip3 install attrs
|
||||
pip3 install httpretty
|
||||
pip3 install jsonpatch
|
||||
pip3 install more-itertools
|
||||
pip3 install mock
|
||||
pip3 install nose
|
||||
pip3 install unittest2
|
||||
useradd test -G root -m
|
||||
LANG=en_US.UTF-8 sudo -u test nosetests cloudinit
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
@ -146,6 +150,12 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%dir /var/lib/cloud
|
||||
|
||||
%changelog
|
||||
* Fri Jan 15 2021 Andrew Phelps <anphel@microsoft.com> 19.1-6
|
||||
- Fix check tests
|
||||
* Mon Oct 26 2020 Nicolas Ontiveros <niontive@microsoft.com> 19.1-5
|
||||
- Use autosetup
|
||||
- Fix CVE-2020-8631
|
||||
- Fix CVE-2020-8632
|
||||
* Mon Apr 13 2020 Emre Girgin <mrgirgin@microsoft.com> 19.1-4
|
||||
- Rename iproute2 to iproute.
|
||||
- License verified.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Container Network Interface (CNI) plugins
|
||||
Name: cni
|
||||
Version: 0.7.5
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: ASL 2.0
|
||||
# cni moved to https://github.com/containernetworking/cni/issues/667#issuecomment-491693752
|
||||
URL: https://github.com/containernetworking/plugins
|
||||
|
@ -39,9 +39,10 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
|
|||
%{_default_cni_plugins_dir}/*
|
||||
|
||||
%changelog
|
||||
* Sat May 09 00:21:27 PST 2020 Nick Samson <nisamson@microsoft.com> - 0.7.5-4
|
||||
* Thu Dec 10 2020 Andrew Phelps <anphel@microsoft.com> 0.7.5-5
|
||||
- Increment release to force republishing using golang 1.15.
|
||||
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 0.7.5-4
|
||||
- Added %%license line automatically
|
||||
|
||||
* Thu Apr 30 2020 Emre Girgin <mrgirgin@microsoft.com> 0.7.5-3
|
||||
- Renaming go to golang
|
||||
* Tue Mar 07 2020 Paul Monson <paulmon@microsoft.com> 0.7.5-3
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"conntrack-tools-1.4.5.tar.bz2": "36c6d99c7684851d4d72e75bd07ff3f0ff1baaf4b6f069eb7244990cd1a9a462",
|
||||
"conntrackd.conf": "ca04470185258ab6e5fb6448e9bfbb4b401d9a0407f02c698eb7e04c4ca7c7b2",
|
||||
"conntrackd.service": "c18f00e7b76df6dce5b7b46e1bb35e6c34f5d1fe329892c1f0327c2712282778"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,275 @@
|
|||
Summary: Manipulate netfilter connection tracking table and run High Availability
|
||||
Name: conntrack-tools
|
||||
Version: 1.4.5
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://conntrack-tools.netfilter.org/
|
||||
Source0: https://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
|
||||
Source1: conntrackd.service
|
||||
Source2: conntrackd.conf
|
||||
BuildRequires: bison
|
||||
BuildRequires: flex
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libmnl-devel >= 1.0.3
|
||||
BuildRequires: libnetfilter_conntrack-devel >= 1.0.7
|
||||
BuildRequires: libnetfilter_cthelper-devel >= 1.0.0
|
||||
BuildRequires: libnetfilter_cttimeout-devel >= 1.0.0
|
||||
BuildRequires: libnetfilter_queue-devel >= 1.0.2
|
||||
BuildRequires: libnfnetlink-devel >= 1.0.1
|
||||
BuildRequires: libtirpc-devel
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: systemd
|
||||
BuildRequires: systemd-devel
|
||||
Requires(post): systemd
|
||||
Requires(postun): systemd
|
||||
Requires(preun): systemd
|
||||
Provides: conntrack = 1.0-1
|
||||
Obsoletes: conntrack < 1.0-1
|
||||
|
||||
%description
|
||||
With conntrack-tools you can setup a High Availability cluster and
|
||||
synchronize conntrack state between multiple firewalls.
|
||||
|
||||
The conntrack-tools package contains two programs:
|
||||
- conntrack: the command line interface to interact with the connection
|
||||
tracking system.
|
||||
- conntrackd: the connection tracking userspace daemon that can be used to
|
||||
deploy highly available GNU/Linux firewalls and collect
|
||||
statistics of the firewall use.
|
||||
|
||||
conntrack is used to search, list, inspect and maintain the netfilter
|
||||
connection tracking subsystem of the Linux kernel.
|
||||
Using conntrack, you can dump a list of all (or a filtered selection of)
|
||||
currently tracked connections, delete connections from the state table,
|
||||
and even add new ones.
|
||||
In addition, you can also monitor connection tracking events, e.g.
|
||||
show an event message (one line) per newly established connection.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
%configure --disable-static --enable-systemd
|
||||
sed -i "s/DEFAULT_INCLUDES = -I./DEFAULT_INCLUDES = -I. -I\/usr\/include\/tirpc/" src/helpers/Makefile
|
||||
CFLAGS="${CFLAGS} -Wl,-z,lazy"
|
||||
CXXFLAGS="${CXXFLAGS} -Wl,-z,lazy"
|
||||
%make_build
|
||||
chmod 644 doc/sync/primary-backup.sh
|
||||
rm -f doc/sync/notrack/conntrackd.conf.orig doc/sync/alarm/conntrackd.conf.orig doc/helper/conntrackd.conf.orig
|
||||
|
||||
%install
|
||||
%make_install
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/conntrackd
|
||||
install -d -m 0755 %{buildroot}%{_unitdir}
|
||||
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
|
||||
install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%doc AUTHORS TODO doc
|
||||
%dir %{_sysconfdir}/conntrackd
|
||||
%config(noreplace) %{_sysconfdir}/conntrackd/conntrackd.conf
|
||||
%{_unitdir}/conntrackd.service
|
||||
%{_sbindir}/conntrack
|
||||
%{_sbindir}/conntrackd
|
||||
%{_sbindir}/nfct
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/man8/*
|
||||
%dir %{_libdir}/conntrack-tools
|
||||
%{_libdir}/conntrack-tools/*
|
||||
|
||||
%post
|
||||
%systemd_post conntrackd.service
|
||||
|
||||
%preun
|
||||
%systemd_preun conntrackd.service
|
||||
|
||||
%postun
|
||||
%systemd_postun conntrackd.service
|
||||
|
||||
%changelog
|
||||
* Tue Feb 02 2021 Henry Beberman <henry.beberman@microsoft.com> - 1.4.5-6
|
||||
- Initial CBL-Mariner import from Fedora 32 (license: MIT).
|
||||
- License verified.
|
||||
- Spec linted.
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.5-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.5-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.5-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Dec 14 2018 Paul Wouters <pwouters@redhat.com> - 1.4.5-2
|
||||
- Disable hardened build to really fix rhbz#1413408
|
||||
|
||||
* Mon Dec 10 2018 Paul Wouters <pwouters@redhat.com> - 1.4.5-1
|
||||
- Resolves: rhbz#1574091 conntrack-tools-1.4.5 is available
|
||||
- Resolves: rhbz#1413408 ct_helper_ftp not working
|
||||
(I've reduced the hardening to use -z,lazy)
|
||||
- Eanbled systemd support
|
||||
- Bumped required libnetfilter_conntrack-devel to 1.0.7
|
||||
- fixup harmless but broken mkdir in spec file
|
||||
- Don't override CPPFLAGS and LIBS, instead fixup src/helpers/Makefile
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu Apr 12 2018 Orion Poplawski <orion@nwra.com> - 1.4.4-7
|
||||
- Use libtirpc
|
||||
- Use %%license
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Wed Feb 22 2017 Paul Wouters <pwouters@redhat.com> - 1.4.4-3
|
||||
- Add upstream patches (free pktb after use, nat_tuple leak)
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Sep 22 2016 Paul Wouters <pwouters@redhat.com> - 1.4.4-1
|
||||
- Updated to 1.4.4 (rhbz#1370668)
|
||||
- Include new man5 pages
|
||||
|
||||
* Wed Apr 20 2016 Paul Wouters <pwouters@redhat.com> - 1.4.3-1
|
||||
- Resolves: rhbz#1261220 1.4.3 is available
|
||||
- Update source url
|
||||
- Remove incorporated patches
|
||||
|
||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Fri Aug 21 2015 Paul Wouters <pwouters@redhat.com> - 1.4.2-10
|
||||
- Resolves: 1255578 - conntrackd could neither be started nor be stopped
|
||||
|
||||
* Tue Aug 18 2015 Paul Wouters <pwouters@redhat.com> - 1.4.2-9
|
||||
- Resolves: rhbz#CVE-2015-6496, rhbz#1253757
|
||||
- Fold in upstream patches since 1.4.2 release up to git 900d7e8
|
||||
- Fold in upstream patch set of 2015-08-18 for coverity issues
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Mon Jan 12 2015 Paul Komkoff <i@stingr.net> - 1.4.2-7
|
||||
- bz#1181119 - wait for network to be on before starting conntrackd
|
||||
|
||||
* Sun Jan 11 2015 Paul Komkoff <i@stingr.net> - 1.4.2-6
|
||||
- bz#998105 - remove patch residues from doc
|
||||
|
||||
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Sat Dec 21 2013 Paul Komkoff <i@stingr.net> - 1.4.2-3
|
||||
- rebuilt
|
||||
|
||||
* Sat Sep 7 2013 Paul P. Komkoff Jr <i@stingr.net> - 1.4.2-2
|
||||
- bz#850067
|
||||
|
||||
* Sat Sep 7 2013 Paul P. Komkoff Jr <i@stingr.net> - 1.4.2-1
|
||||
- new upstream version
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Fri Feb 08 2013 Paul Komkoff <i@stingr.net> - 1.4.0-2
|
||||
- fix bz#909128
|
||||
|
||||
* Mon Nov 26 2012 Paul P. Komkoff Jr <i@stingr.net> - 1.4.0-1
|
||||
- new upstream version
|
||||
|
||||
* Tue Jul 24 2012 Paul P. Komkoff Jr <i@stingr.net> - 1.2.1
|
||||
- new upstream version
|
||||
|
||||
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Mon May 07 2012 Paul Wouters <pwouters@redhat.com> - 1.0.1-1
|
||||
- Updated to 1.0.1
|
||||
- Added daemon using systemd and configuration file
|
||||
- Removed legacy spec requirements
|
||||
- Patch for: parse.c:240:34: error: 'NULL' undeclared
|
||||
|
||||
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Thu May 5 2011 Paul P. Komkoff Jr <i@stingr.net> - 1.0.0
|
||||
- new upstream version
|
||||
|
||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.15-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Fri Nov 19 2010 Paul P. Komkoff Jr <i@stingr.net> - 0.9.15-1
|
||||
- new upstream version
|
||||
|
||||
* Thu Mar 25 2010 Paul P. Komkoff Jr <i@stingr.net> - 0.9.14-1
|
||||
- update, at last
|
||||
|
||||
* Tue Nov 10 2009 Paul P. Komkoff Jr <i@stingr.net> - 0.9.13-2
|
||||
- failed to properly commit the package :(
|
||||
|
||||
* Tue Oct 13 2009 Paul P. Komkoff Jr <i@stingr.net> - 0.9.13-1
|
||||
- new upstream version
|
||||
|
||||
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.12-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Sun May 24 2009 Paul P. Komkoff Jr <i@stingr.net> - 0.9.12-3
|
||||
- new upstream version
|
||||
|
||||
* Sun May 24 2009 Paul P. Komkoff Jr <i@stingr.net> - 0.9.12-2
|
||||
- versioning screwup
|
||||
|
||||
* Sun May 24 2009 Paul P. Komkoff Jr <i@stingr.net> - 0.9.12-1
|
||||
- new upstream version
|
||||
|
||||
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.9-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Tue Jan 13 2009 Paul P. Komkoff Jr <i@stingr.net> - 0.9.9-1
|
||||
- new upstream version
|
||||
|
||||
* Sun Oct 26 2008 Paul P. Komkoff Jr <i@stingr.net> - 0.9.8-1
|
||||
- new upstream version
|
||||
- remove rollup patch
|
||||
|
||||
* Wed Jul 16 2008 Paul P. Komkoff Jr <i@stingr.net> - 0.9.7-2
|
||||
- fix Patch0/%%patch.
|
||||
|
||||
* Wed Jul 16 2008 Paul P. Komkoff Jr <i@stingr.net> - 0.9.7-1
|
||||
- new upstream version
|
||||
|
||||
* Sat Feb 23 2008 Paul P. Komkoff Jr <i@stingr.net> - 0.9.6-0.1.svn7382
|
||||
- new version from svn
|
||||
|
||||
* Fri Feb 22 2008 Paul P. Komkoff Jr <i@stingr.net> - 0.9.5-5
|
||||
- fix the PATH_MAX-related compilation problem
|
||||
|
||||
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.9.5-4
|
||||
- Autorebuild for GCC 4.3
|
||||
|
||||
* Tue Oct 23 2007 Paul P. Komkoff Jr <i@stingr.net> - 0.9.5-3
|
||||
- review fixes
|
||||
|
||||
* Sun Oct 21 2007 Paul P. Komkoff Jr <i@stingr.net> - 0.9.5-2
|
||||
- review fixes
|
||||
|
||||
* Fri Oct 19 2007 Paul P. Komkoff Jr <i@stingr.net> - 0.9.5-1
|
||||
- new upstream version
|
||||
|
||||
* Sun Jul 22 2007 Paul P. Komkoff Jr <i@stingr.net> - 0.9.4-1
|
||||
- replace conntrack with conntrack-tools
|
|
@ -0,0 +1,419 @@
|
|||
|
||||
# See also: http://conntrack-tools.netfilter.org/support.html
|
||||
#
|
||||
# There are 3 different modes of running conntrackd: "alarm", "notrack" and "ftfw"
|
||||
#
|
||||
# The default package ships with a FTFW configuration, see /usr/share/doc/conntrackd*
|
||||
# for example configurations for other modes.
|
||||
|
||||
|
||||
#
|
||||
# Synchronizer settings
|
||||
#
|
||||
Sync {
|
||||
Mode FTFW {
|
||||
#
|
||||
# Size of the resend queue (in objects). This is the maximum
|
||||
# number of objects that can be stored waiting to be confirmed
|
||||
# via acknoledgment. If you keep this value low, the daemon
|
||||
# will have less chances to recover state-changes under message
|
||||
# omission. On the other hand, if you keep this value high,
|
||||
# the daemon will consume more memory to store dead objects.
|
||||
# Default is 131072 objects.
|
||||
#
|
||||
# ResendQueueSize 131072
|
||||
|
||||
#
|
||||
# This parameter allows you to set an initial fixed timeout
|
||||
# for the committed entries when this node goes from backup
|
||||
# to primary. This mechanism provides a way to purge entries
|
||||
# that were not recovered appropriately after the specified
|
||||
# fixed timeout. If you set a low value, TCP entries in
|
||||
# Established states with no traffic may hang. For example,
|
||||
# an SSH connection without KeepAlive enabled. If not set,
|
||||
# the daemon uses an approximate timeout value calculation
|
||||
# mechanism. By default, this option is not set.
|
||||
#
|
||||
# CommitTimeout 180
|
||||
|
||||
#
|
||||
# If the firewall replica goes from primary to backup,
|
||||
# the conntrackd -t command is invoked in the script.
|
||||
# This command schedules a flush of the table in N seconds.
|
||||
# This is useful to purge the connection tracking table of
|
||||
# zombie entries and avoid clashes with old entries if you
|
||||
# trigger several consecutive hand-overs. Default is 60 seconds.
|
||||
#
|
||||
# PurgeTimeout 60
|
||||
|
||||
# Set the acknowledgement window size. If you decrease this
|
||||
# value, the number of acknowlegdments increases. More
|
||||
# acknowledgments means more overhead as conntrackd has to
|
||||
# handle more control messages. On the other hand, if you
|
||||
# increase this value, the resend queue gets more populated.
|
||||
# This results in more overhead in the queue releasing.
|
||||
# The following value is based on some practical experiments
|
||||
# measuring the cycles spent by the acknowledgment handling
|
||||
# with oprofile. If not set, default window size is 300.
|
||||
#
|
||||
# ACKWindowSize 300
|
||||
|
||||
#
|
||||
# This clause allows you to disable the external cache. Thus,
|
||||
# the state entries are directly injected into the kernel
|
||||
# conntrack table. As a result, you save memory in user-space
|
||||
# but you consume slots in the kernel conntrack table for
|
||||
# backup state entries. Moreover, disabling the external cache
|
||||
# means more CPU consumption. You need a Linux kernel
|
||||
# >= 2.6.29 to use this feature. By default, this clause is
|
||||
# set off. If you are installing conntrackd for first time,
|
||||
# please read the user manual and I encourage you to consider
|
||||
# using the fail-over scripts instead of enabling this option!
|
||||
#
|
||||
# DisableExternalCache Off
|
||||
}
|
||||
|
||||
#
|
||||
# Multicast IP and interface where messages are
|
||||
# broadcasted (dedicated link). IMPORTANT: Make sure
|
||||
# that iptables accepts traffic for destination
|
||||
# 225.0.0.50, eg:
|
||||
#
|
||||
# iptables -I INPUT -d 225.0.0.50 -j ACCEPT
|
||||
# iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT
|
||||
#
|
||||
Multicast {
|
||||
#
|
||||
# Multicast address: The address that you use as destination
|
||||
# in the synchronization messages. You do not have to add
|
||||
# this IP to any of your existing interfaces. If any doubt,
|
||||
# do not modify this value.
|
||||
#
|
||||
IPv4_address 225.0.0.50
|
||||
|
||||
#
|
||||
# The multicast group that identifies the cluster. If any
|
||||
# doubt, do not modify this value.
|
||||
#
|
||||
Group 3780
|
||||
|
||||
#
|
||||
# IP address of the interface that you are going to use to
|
||||
# send the synchronization messages. Remember that you must
|
||||
# use a dedicated link for the synchronization messages.
|
||||
#
|
||||
IPv4_interface 192.168.100.100
|
||||
|
||||
#
|
||||
# The name of the interface that you are going to use to
|
||||
# send the synchronization messages.
|
||||
#
|
||||
Interface eth2
|
||||
|
||||
# The multicast sender uses a buffer to enqueue the packets
|
||||
# that are going to be transmitted. The default size of this
|
||||
# socket buffer is available at /proc/sys/net/core/wmem_default.
|
||||
# This value determines the chances to have an overrun in the
|
||||
# sender queue. The overrun results packet loss, thus, losing
|
||||
# state information that would have to be retransmitted. If you
|
||||
# notice some packet loss, you may want to increase the size
|
||||
# of the sender buffer. The default size is usually around
|
||||
# ~100 KBytes which is fairly small for busy firewalls.
|
||||
#
|
||||
SndSocketBuffer 1249280
|
||||
|
||||
# The multicast receiver uses a buffer to enqueue the packets
|
||||
# that the socket is pending to handle. The default size of this
|
||||
# socket buffer is available at /proc/sys/net/core/rmem_default.
|
||||
# This value determines the chances to have an overrun in the
|
||||
# receiver queue. The overrun results packet loss, thus, losing
|
||||
# state information that would have to be retransmitted. If you
|
||||
# notice some packet loss, you may want to increase the size of
|
||||
# the receiver buffer. The default size is usually around
|
||||
# ~100 KBytes which is fairly small for busy firewalls.
|
||||
#
|
||||
RcvSocketBuffer 1249280
|
||||
|
||||
#
|
||||
# Enable/Disable message checksumming. This is a good
|
||||
# property to achieve fault-tolerance. In case of doubt, do
|
||||
# not modify this value.
|
||||
#
|
||||
Checksum on
|
||||
}
|
||||
#
|
||||
# You can specify more than one dedicated link. Thus, if one dedicated
|
||||
# link fails, conntrackd can fail-over to another. Note that adding
|
||||
# more than one dedicated link does not mean that state-updates will
|
||||
# be sent to all of them. There is only one active dedicated link at
|
||||
# a given moment. The `Default' keyword indicates that this interface
|
||||
# will be selected as the initial dedicated link. You can have
|
||||
# up to 4 redundant dedicated links. Note: Use different multicast
|
||||
# groups for every redundant link.
|
||||
#
|
||||
# Multicast Default {
|
||||
# IPv4_address 225.0.0.51
|
||||
# Group 3781
|
||||
# IPv4_interface 192.168.100.101
|
||||
# Interface eth3
|
||||
# # SndSocketBuffer 1249280
|
||||
# # RcvSocketBuffer 1249280
|
||||
# Checksum on
|
||||
# }
|
||||
|
||||
#
|
||||
# You can use Unicast UDP instead of Multicast to propagate events.
|
||||
# Note that you cannot use unicast UDP and Multicast at the same
|
||||
# time, you can only select one.
|
||||
#
|
||||
# UDP {
|
||||
#
|
||||
# UDP address that this firewall uses to listen to events.
|
||||
#
|
||||
# IPv4_address 192.168.2.100
|
||||
#
|
||||
# or you may want to use an IPv6 address:
|
||||
#
|
||||
# IPv6_address fe80::215:58ff:fe28:5a27
|
||||
|
||||
#
|
||||
# Destination UDP address that receives events, ie. the other
|
||||
# firewall's dedicated link address.
|
||||
#
|
||||
# IPv4_Destination_Address 192.168.2.101
|
||||
#
|
||||
# or you may want to use an IPv6 address:
|
||||
#
|
||||
# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
|
||||
|
||||
#
|
||||
# UDP port used
|
||||
#
|
||||
# Port 3780
|
||||
|
||||
#
|
||||
# The name of the interface that you are going to use to
|
||||
# send the synchronization messages.
|
||||
#
|
||||
# Interface eth2
|
||||
|
||||
#
|
||||
# The sender socket buffer size
|
||||
#
|
||||
# SndSocketBuffer 1249280
|
||||
|
||||
#
|
||||
# The receiver socket buffer size
|
||||
#
|
||||
# RcvSocketBuffer 1249280
|
||||
|
||||
#
|
||||
# Enable/Disable message checksumming.
|
||||
#
|
||||
# Checksum on
|
||||
# }
|
||||
|
||||
#
|
||||
# Other unsorted options that are related to the synchronization.
|
||||
#
|
||||
# Options {
|
||||
#
|
||||
# TCP state-entries have window tracking disabled by default,
|
||||
# you can enable it with this option. As said, default is off.
|
||||
# This feature requires a Linux kernel >= 2.6.36.
|
||||
#
|
||||
# TCPWindowTracking Off
|
||||
# }
|
||||
}
|
||||
|
||||
#
|
||||
# General settings
|
||||
#
|
||||
General {
|
||||
#
|
||||
# Set the nice value of the daemon, this value goes from -20
|
||||
# (most favorable scheduling) to 19 (least favorable). Using a
|
||||
# very low value reduces the chances to lose state-change events.
|
||||
# Default is 0 but this example file sets it to most favourable
|
||||
# scheduling as this is generally a good idea. See man nice(1) for
|
||||
# more information.
|
||||
#
|
||||
Nice -20
|
||||
|
||||
#
|
||||
# Select a different scheduler for the daemon, you can select between
|
||||
# RR and FIFO and the process priority (minimum is 0, maximum is 99).
|
||||
# See man sched_setscheduler(2) for more information. Using a RT
|
||||
# scheduler reduces the chances to overrun the Netlink buffer.
|
||||
#
|
||||
# Scheduler {
|
||||
# Type FIFO
|
||||
# Priority 99
|
||||
# }
|
||||
|
||||
#
|
||||
# Number of buckets in the cache hashtable. The bigger it is,
|
||||
# the closer it gets to O(1) at the cost of consuming more memory.
|
||||
# Read some documents about tuning hashtables for further reference.
|
||||
#
|
||||
HashSize 32768
|
||||
|
||||
#
|
||||
# Maximum number of conntracks, it should be double of:
|
||||
# $ cat /proc/sys/net/netfilter/nf_conntrack_max
|
||||
# since the daemon may keep some dead entries cached for possible
|
||||
# retransmission during state synchronization.
|
||||
#
|
||||
HashLimit 131072
|
||||
|
||||
#
|
||||
# Logfile: on (/var/log/conntrackd.log), off, or a filename
|
||||
# Default: off
|
||||
#
|
||||
LogFile on
|
||||
|
||||
#
|
||||
# Syslog: on, off or a facility name (daemon (default) or local0..7)
|
||||
# Default: off
|
||||
#
|
||||
#Syslog on
|
||||
|
||||
#
|
||||
# Lockfile
|
||||
#
|
||||
LockFile /var/lock/conntrack.lock
|
||||
|
||||
#
|
||||
# Unix socket configuration
|
||||
#
|
||||
UNIX {
|
||||
Path /var/run/conntrackd.ctl
|
||||
Backlog 20
|
||||
}
|
||||
|
||||
#
|
||||
# Netlink event socket buffer size. If you do not specify this clause,
|
||||
# the default buffer size value in /proc/net/core/rmem_default is
|
||||
# used. This default value is usually around 100 Kbytes which is
|
||||
# fairly small for busy firewalls. This leads to event message dropping
|
||||
# and high CPU consumption. This example configuration file sets the
|
||||
# size to 2 MBytes to avoid this sort of problems.
|
||||
#
|
||||
NetlinkBufferSize 2097152
|
||||
|
||||
#
|
||||
# The daemon doubles the size of the netlink event socket buffer size
|
||||
# if it detects netlink event message dropping. This clause sets the
|
||||
# maximum buffer size growth that can be reached. This example file
|
||||
# sets the size to 8 MBytes.
|
||||
#
|
||||
NetlinkBufferSizeMaxGrowth 8388608
|
||||
|
||||
#
|
||||
# If the daemon detects that Netlink is dropping state-change events,
|
||||
# it automatically schedules a resynchronization against the Kernel
|
||||
# after 30 seconds (default value). Resynchronizations are expensive
|
||||
# in terms of CPU consumption since the daemon has to get the full
|
||||
# kernel state-table and purge state-entries that do not exist anymore.
|
||||
# Be careful of setting a very small value here. You have the following
|
||||
# choices: On (enabled, use default 30 seconds value), Off (disabled)
|
||||
# or Value (in seconds, to set a specific amount of time). If not
|
||||
# specified, the daemon assumes that this option is enabled.
|
||||
#
|
||||
# NetlinkOverrunResync On
|
||||
|
||||
#
|
||||
# If you want reliable event reporting over Netlink, set on this
|
||||
# option. If you set on this clause, it is a good idea to set off
|
||||
# NetlinkOverrunResync. This option is off by default and you need
|
||||
# a Linux kernel >= 2.6.31.
|
||||
#
|
||||
# NetlinkEventsReliable Off
|
||||
|
||||
#
|
||||
# By default, the daemon receives state updates following an
|
||||
# event-driven model. You can modify this behaviour by switching to
|
||||
# polling mode with the PollSecs clause. This clause tells conntrackd
|
||||
# to dump the states in the kernel every N seconds. With regards to
|
||||
# synchronization mode, the polling mode can only guarantee that
|
||||
# long-lifetime states are recovered. The main advantage of this method
|
||||
# is the reduction in the state replication at the cost of reducing the
|
||||
# chances of recovering connections.
|
||||
#
|
||||
# PollSecs 15
|
||||
|
||||
#
|
||||
# The daemon prioritizes the handling of state-change events coming
|
||||
# from the core. With this clause, you can set the maximum number of
|
||||
# state-change events (those coming from kernel-space) that the daemon
|
||||
# will handle after which it will handle other events coming from the
|
||||
# network or userspace. A low value improves interactivity (in terms of
|
||||
# real-time behaviour) at the cost of extra CPU consumption.
|
||||
# Default (if not set) is 100.
|
||||
#
|
||||
# EventIterationLimit 100
|
||||
|
||||
#
|
||||
# Event filtering: This clause allows you to filter certain traffic,
|
||||
# There are currently three filter-sets: Protocol, Address and
|
||||
# State. The filter is attached to an action that can be: Accept or
|
||||
# Ignore. Thus, you can define the event filtering policy of the
|
||||
# filter-sets in positive or negative logic depending on your needs.
|
||||
# You can select if conntrackd filters the event messages from
|
||||
# user-space or kernel-space. The kernel-space event filtering
|
||||
# saves some CPU cycles by avoiding the copy of the event message
|
||||
# from kernel-space to user-space. The kernel-space event filtering
|
||||
# is prefered, however, you require a Linux kernel >= 2.6.29 to
|
||||
# filter from kernel-space. If you want to select kernel-space
|
||||
# event filtering, use the keyword 'Kernelspace' instead of
|
||||
# 'Userspace'.
|
||||
#
|
||||
Filter From Userspace {
|
||||
#
|
||||
# Accept only certain protocols: You may want to replicate
|
||||
# the state of flows depending on their layer 4 protocol.
|
||||
#
|
||||
Protocol Accept {
|
||||
TCP
|
||||
SCTP
|
||||
DCCP
|
||||
# UDP
|
||||
# ICMP # This requires a Linux kernel >= 2.6.31
|
||||
# IPv6-ICMP # This requires a Linux kernel >= 2.6.31
|
||||
}
|
||||
|
||||
#
|
||||
# Ignore traffic for a certain set of IP's: Usually all the
|
||||
# IP assigned to the firewall since local traffic must be
|
||||
# ignored, only forwarded connections are worth to replicate.
|
||||
# Note that these values depends on the local IPs that are
|
||||
# assigned to the firewall.
|
||||
#
|
||||
Address Ignore {
|
||||
IPv4_address 127.0.0.1 # loopback
|
||||
IPv4_address 192.168.0.100 # virtual IP 1
|
||||
IPv4_address 192.168.1.100 # virtual IP 2
|
||||
IPv4_address 192.168.0.1
|
||||
IPv4_address 192.168.1.1
|
||||
IPv4_address 192.168.100.100 # dedicated link ip
|
||||
#
|
||||
# You can also specify networks in format IP/cidr.
|
||||
# IPv4_address 192.168.0.0/24
|
||||
#
|
||||
# You can also specify an IPv6 address
|
||||
# IPv6_address ::1
|
||||
}
|
||||
|
||||
#
|
||||
# Uncomment this line below if you want to filter by flow state.
|
||||
# This option introduces a trade-off in the replication: it
|
||||
# reduces CPU consumption at the cost of having lazy backup
|
||||
# firewall replicas. The existing TCP states are: SYN_SENT,
|
||||
# SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK,
|
||||
# TIME_WAIT, CLOSED, LISTEN.
|
||||
#
|
||||
# State Accept {
|
||||
# ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
|
||||
# }
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
[Unit]
|
||||
Description=connection tracking daemon for debugging and High Availablity
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
# rhbz#1255578 daemon will not start if lock file is left dangling
|
||||
ExecStartPre=/bin/rm -f /var/lock/conntrack.lock
|
||||
ExecStart=/usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,7 +1,7 @@
|
|||
Name: core-packages
|
||||
Summary: Metapackage with core sets of packages
|
||||
Version: 0.1
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
License: ASL 2.0
|
||||
Group: System Environment/Base
|
||||
URL: http://aka.ms/mariner
|
||||
|
@ -61,6 +61,7 @@ Requires: findutils
|
|||
Requires: grep
|
||||
Requires: gzip
|
||||
Requires: libtool
|
||||
Requires: lz4
|
||||
Requires: mariner-release
|
||||
Requires: mariner-repos
|
||||
Requires: mariner-rpm-macros
|
||||
|
@ -97,6 +98,8 @@ Requires: zlib
|
|||
%files container
|
||||
|
||||
%changelog
|
||||
* Tue Feb 16 2021 Henry Beberman <henry.beberman@microsoft.com> 0.1-21
|
||||
- Explicitly add lz4 to container subpackage for systemd dependency.
|
||||
* Wed Sep 02 2020 Mateusz Malisz <mamalisz@microsoft.com> 0.1-20
|
||||
- Add chrony package to the base-image.
|
||||
* Thu Jul 23 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 0.1-19
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue