- Fix post install script for SELinux: when moving temporary file

to final destination, remove temporary file security context (boo#1235443). OBS-URL: https://build.opensuse.org/package/show/network:cluster/conman?expand=0&rev=47
2025-01-09 12:16:44 +00:00 · 2025-01-09 12:16:44 +00:00 · 388e334495
commit 388e334495
8 changed files with 531 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+<services>
+  <service name="download_files" mode="localonly">
+    <param name="enforceupstream">yes</param>
+  </service>
+</services>
--- a/conman-0.3.1.tar.gz
+++ b/conman-0.3.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd47d3d9a72579b470dd73d85cd3fec606fa5659c728ff3c1c57e970f4da72a2
+size 169716
--- a/conman-suse-fix-expect-scripts.patch
+++ b/conman-suse-fix-expect-scripts.patch
@ -0,0 +1,22 @@
+Index: conman-0.2.7/scripts/exec/ssh.exp
+===================================================================
+--- conman-0.2.7.orig/scripts/exec/ssh.exp
+++ conman-0.2.7/scripts/exec/ssh.exp
+@@ -166,7 +166,7 @@ expect {
+     }
+     exp_continue -continue_timer
+   }
+-  -re "^$user@.* password: \$" {
+  -re "^.assword: \$" {
+     if {$authenticated == 0} {
+       send "$pswd\r"
+       incr authenticated
+@@ -176,7 +176,7 @@ expect {
+       exit 1
+     }
+   }
+-  -re "(:|#|%|\\\$) \$" {
+  -re "(:|#|%|>|\\\$) \$" {
+     ;
+   }
+   -re "\[^\r]*\r+\n" {
--- a/conman.changes
+++ b/conman.changes
@ -0,0 +1,208 @@
+-------------------------------------------------------------------
+Thu Jan  9 10:20:35 UTC 2025 - Egbert Eich <eich@suse.com>
+
+- Fix post install script for SELinux: when moving temporary file
+  to final destination, remove temporary file security context
+  (boo#1235443).
+
+-------------------------------------------------------------------
+Mon Feb 26 11:02:44 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Use %autosetup macro. Allows to eliminate the usage of deprecated
+  PatchN.
+
+-------------------------------------------------------------------
+Mon Dec 12 13:33:27 UTC 2022 - Antoine Ginies <aginies@suse.com>
+
+- update to version 0.3.1:
+  * Fixed username/password use in libipmiconsole.conf. (e59f5e4)
+  * Added more console logfile conversion specifiers. (96ede96, 5a189f6)
+  * Added conmen '-T' cmdline opt to specify terminal emulator. (a11c6f4)
+  * Added rpm source file verification. (f86c123)
+  * Revamped autotools config. (547db3c)
+  * Added configure opts for systemd/sysvinit. (3e303e6)
+  * Added configure runstatedir support. (bb415e0)
+  * Fixed installation directory variable substitution. (7642609)
+  * Removed autotools-generated files from version control. (44168a4)
+  * general move of files from /usr/lib/conman to /usr/share/conman
+
+-------------------------------------------------------------------
+Fri Oct 15 16:11:42 UTC 2021 - Egbert Eich <eich@suse.com>
+
+- Typo fix to sysuser file. 
+
+-------------------------------------------------------------------
+Thu Sep 30 08:41:44 UTC 2021 - Egbert Eich <eich@suse.com>
+
+- Utilize sysuser infrastructure to set user/group conman.
+
+-------------------------------------------------------------------
+Wed Jun 12 14:18:23 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+  shortcut the build queues by allowing usage of systemd-mini
+
+-------------------------------------------------------------------
+Tue Sep 25 07:40:26 UTC 2018 - eich@suse.com
+
+- Update to conman-0.3.0 (2018-09-15): (jsc#SLE-8514)
+  * Fixed slow connects to Unix socket consoles triggered from
+    inotify. (#28,#29).
+  * Obsoletes: Reset-delay-for-unixsock-connect-from-inotify.patch
+
+-------------------------------------------------------------------
+Sat Sep 22 13:30:56 UTC 2018 - eich@suse.com
+
+- Add Requires(post): %fillup_prereq sed.
+
+-------------------------------------------------------------------
+Thu Aug 23 10:01:18 UTC 2018 - eich@suse.com
+
+- Update to version 0.2.9:
+  - Allowed IPMI defaults to be overridden via libipmiconsole.conf. (#27)
+  - Updated recognized strings for IPMI workaround-flags (FATE#326641).
+
+-------------------------------------------------------------------
+Thu Aug 23 09:48:06 UTC 2018 - eich@suse.com
+
+- Replace
+  If-connect-fails-let-other-side-accept-connection-and-come-back.patch
+  by:
+  Reset-delay-for-unixsock-connect-from-inotify.patch:
+  Upstream chose to fix bsc#1101647 slightly differently.
+
+-------------------------------------------------------------------
+Wed Jul 18 13:08:03 UTC 2018 - eich@suse.com
+
+- If-connect-fails-let-other-side-accept-connection-and-come-back.patch:
+  Make sure conmand connects to a newly created UNIX socket with
+  minimal delay. The implementation uses inotify, however this triggers
+  when the other side bind()s to the socket, however a connection is
+  not possible until the other side calls listen().
+  Thus if the connection fails, reset the poll() timeout to return to
+  connect() as soon as possible (bsc#1101647).
+- Support %license in a backward compatible way.
+
+-------------------------------------------------------------------
+Thu Mar  8 20:14:50 UTC 2018 - eich@suse.com
+
+- Do not look for the ttyS* group - it should be dialout
+  always (boo#1084571).
+- Fix shebang - remove /usr/bin/env.
+
+-------------------------------------------------------------------
+Fri Feb 16 13:15:00 UTC 2018 - eich@suse.com
+
+- Add the conman user to the group of the ttyS* devices
+  (boo#1081217).
+- Only update config file for new user once, save backup
+  copy.
+
+-------------------------------------------------------------------
+Wed Jan 10 19:27:27 UTC 2018 - eich@suse.com
+
+- Fix conman for non-root user:
+  * create rundir
+  * create logdir
+  * set user/group only when set to non-root
+  * fix rundir and logdir in config file on update (boo#1081217).
+
+-------------------------------------------------------------------
+Thu Nov 23 13:54:08 UTC 2017 - rbrown@suse.com
+
+- Replace references to /var/adm/fillup-templates with new 
+  %_fillupdir macro (boo#1069468)
+
+-------------------------------------------------------------------
+Mon Oct  9 06:39:12 UTC 2017 - eich@suse.com
+
+- Set usr/group for conman to root/root on SLE12 for backward
+  compatibility.
+
+-------------------------------------------------------------------
+Fri Oct  6 13:59:27 UTC 2017 - eich@suse.com
+
+- Updated to version 0.2.8:
+  * Changed project homepage to <https://dun.github.io/conman/>. (#21)
+  * Changed conman.conf default loopback setting to ON.
+  * Changed rpm spec file from sysvinit to systemd.
+  * Added 'server nofile' config directive to increase NOFILE limit. (#17)
+  * Added '-P' cmdline opt to daemon for specifying pidfile. (#20)
+  * Added test console device to aid in development and testing.
+  * Fixed telnet option negotiation loop. (#9)
+  * Fixed arbitrary limit on number of IPMI SOL consoles. (#15)
+  * Fixed 4-character limit on timezones. (#16)
+  * Fixed 1-second delay when connecting the client to a console.
+  * Fixed UDS console reconnect delay to use exponential timeout.
+  * Fixed UDS console reconnect delay to require min connect time before reset.
+  * Fixed UDS console resource leak of pathname during config processing.
+  * Fixed all gcc, clang, and Coverity Scan warnings.
+  * Improved scalability of daemon.
+  (FATE#324170).
+
+-------------------------------------------------------------------
+Mon Aug 14 13:42:48 UTC 2017 - eich@suse.com
+
+- Enable tcpwrappers on all platforms by default.
+- Fix systemd-specific conditionals in spec file.
+- Remove Provides: group/user(): these are only
+  used by conman, there is no intention to provide
+  them to other packages.
+
+-------------------------------------------------------------------
+Sat Jun  3 01:50:39 UTC 2017 - jjolly@suse.com
+
+- conman service configured to start as conman:conman user
+
+-------------------------------------------------------------------
+Fri Jun  2 23:01:00 UTC 2017 - jjolly@suse.com
+
+- conman-suse-fix-expect-scripts.patch:
+  Fixed ssh expect script for SUSE-specific output.
+
+-------------------------------------------------------------------
+Mon May  8 10:51:34 UTC 2017 - eich@suse.com
+
+- conman.conf: make differences between openSUSE and SLES explicit.
+
+-------------------------------------------------------------------
+Sat Feb 18 15:53:36 UTC 2017 - jengelh@inai.de
+
+- Replace unnecessary %__ macro indirections
+
+-------------------------------------------------------------------
+Wed Feb 15 17:48:57 UTC 2017 - eich@suse.com
+
+- Cleaned up spec file: add generic defines to the top.
+
+-------------------------------------------------------------------
+Tue Jan 17 13:53:52 UTC 2017 - eich@suse.com
+
+- Removed stray file.
+- Conditionalized support for freeipmi to distro version.
+- Set use of tcpwrappers to 'off' by default.
+- Fixed build for pre-systemd versions.
+
+-------------------------------------------------------------------
+Wed Jan  4 16:41:33 UTC 2017 - eich@suse.com
+
+- Removed %clean section.
+
+-------------------------------------------------------------------
+Mon Nov 21 11:42:38 UTC 2016 - eich@suse.com
+
+- List directories under /lib explicitely to avoid conflicts
+  with directories for debuginfo.
+
+-------------------------------------------------------------------
+Mon Nov 14 15:07:19 UTC 2016 - pmladek@suse.com
+
+- Call %fillup_only without -d parameter. Otherwise, it installed
+  the file into /etc/sysconfig/%{2}/conman because none subdir was
+  not defined.
+
+-------------------------------------------------------------------
+Mon Nov  7 12:31:49 UTC 2016 - eich@suse.com
+
+- Initial packaging of conman v 0.2.7.
+
--- a/conman.service.in
+++ b/conman.service.in
@ -0,0 +1,12 @@
+[Unit]
+Description=ConMan Console Management Daemon
+After=network.target
+
+[Service]
+Type=forking
+User=@conman_u@
+Group=@conman_g@
+ExecStart=/usr/sbin/conmand -c /etc/conman.conf
+
+[Install]
+WantedBy=multi-user.target
--- a/conman.spec
+++ b/conman.spec
@ -0,0 +1,257 @@
+#
+# spec file for package conman
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+#
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+  %define _fillupdir /var/adm/fillup-templates
+%endif
+
+%if 0%{?suse_version} > 1140
+%define have_systemd 1
+ %ifarch x86_64
+  %define have_freeipmi 1
+ %endif
+%endif
+
+%if 0%{?have_systemd}
+ %if 0%{?sle_version} >= 150000 || 0%{?is_opensuse}
+  %define conmandir conman/
+  %define conman_g %name
+  %define conman_u %name
+  %define have_sysuser 1
+ %else
+  %define conman_g root
+  %define conman_u root
+ %endif
+%else
+ %define conman_g root
+ %define conman_u daemon
+%endif
+
+Name:           conman
+Version:        0.3.1
+Release:        0
+
+Summary:        The Console Manager
+License:        GPL-3.0-or-later
+Group:          System/Console
+URL:            http://dun.github.io/conman/
+
+Requires:       expect
+Requires:       logrotate
+
+BuildRequires:  tcpd-devel
+%if 0%{?have_freeipmi}
+BuildRequires:  freeipmi-devel
+%endif
+Source0:        https://github.com/dun/conman/archive/%{name}-%{version}.tar.gz
+Source1:        %{name}.service.in
+%if 0%{?have_systemd}
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  pkgconfig(systemd)
+%{?have_sysuser:BuildRequires:  sysuser-tools}
+%{?systemd_requires}
+Requires(pre):  shadow
+Requires(post): %fillup_prereq sed
+Requires(postun): coreutils
+%endif
+
+Patch1:         conman-suse-fix-expect-scripts.patch
+
+# 8/15/14 karl.w.schulz@intel.com - include prereq
+%if 0%{?sles_version} || 0%{?suse_version}
+PreReq:         %{fillup_prereq}
+%endif
+
+%description
+ConMan is a serial console management program designed to support a large
+number of console devices and simultaneous users.  It supports:
+  - local serial devices
+  - remote terminal servers (via the telnet protocol)
+  - IPMI Serial-Over-LAN (via FreeIPMI)
+  - Unix domain sockets
+  - external processes (eg, using Expect for telnet/ssh/ipmi-sol connections)
+
+Its features include:
+  - logging (and optionally timestamping) console device output to file
+  - connecting to consoles in monitor (R/O) or interactive (R/W) mode
+  - allowing clients to share or steal console write privileges
+  - broadcasting client output to multiple consoles
+
+%prep
+%autosetup -p1 -n %{name}-%{name}-%{version}
+
+%build
+./bootstrap
+%configure --with-tcp-wrappers \
+%if 0%{?have_freeipmi}
+           --with-freeipmi \
+%endif
+
+make %{?_smp_mflags}
+
+%install
+%make_install
+
+%if 0%{?have_systemd}
+mkdir -p %{buildroot}%{_unitdir}
+sed -e "s/@conman_u@/%conman_u/" -e "s/@conman_g@/%conman_g/" <%{SOURCE1} >%{buildroot}%{_unitdir}/%{name}.service
+chmod 0644 %{buildroot}%{_unitdir}/%{name}.service
+rm -rf %{buildroot}%{_sysconfdir}/init.d
+ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcconman
+%else
+awk "/END INIT INFO/ { print \"# Default-Start:  3 5\"; } {print;}" \
+    %{buildroot}%_sysconfdir/init.d/conman > %{buildroot}%_sysconfdir/init.d/conman.tmp
+mv %{buildroot}%_sysconfdir/init.d/conman.tmp %{buildroot}%_sysconfdir/init.d/conman
+ln -s %{_sysconfdir}/init.d/conman %{buildroot}%{_sbindir}/rcconman
+chmod u+x %{buildroot}%{_sysconfdir}/init.d/conman
+%endif
+mkdir -p %{buildroot}%{_fillupdir}
+mv etc/conman.sysconfig \
+    %{buildroot}%{_fillupdir}/sysconfig.conman
+for i in $(find %{buildroot}/usr/share/conman) ; do
+  if [ -f $i -a -x $i ]; then
+     if ! head -1 $i | grep "^#!"; then
+	 echo "#!/usr/bin/expect -f" > /tmp/$(basename $i)
+	 cat $i >> /tmp/$(basename $i)
+         mv /tmp/$(basename $i) $i
+	 chmod 0755 $i
+     fi
+  fi
+done
+sed -i -e '1 s@#!.*/bin/env perl@#!%{_bindir}/perl@' \
+    %{buildroot}%{_bindir}/conmen
+
+%if 0%{?conmandir:1}
+mkdir -p %{buildroot}%{_tmpfilesdir}
+cat >> %{buildroot}%{_tmpfilesdir}/%{name}.conf <<EOF
+d %_localstatedir%_rundir/%{name} 0755 %{conman_u} %{conman_g} -
+EOF
+mkdir -p %{buildroot}%{_localstatedir}/log/%{?conmandir}
+%endif
+if ! grep "^SERVER" %{buildroot}/etc/conman.conf > /dev/null; then
+    cat <<EOF >> %{buildroot}/etc/conman.conf
+SERVER keepalive=ON
+SERVER logdir="/var/log/%{?conmandir}"
+SERVER logfile="/var/log/%{?conmandir}conman.log"
+SERVER loopback=ON
+SERVER pidfile="/var/run/%{?conmandir}conman.pid"
+SERVER tcpwrappers=ON
+SERVER timestamp=1h
+GLOBAL seropts="115200,8n1"
+GLOBAL log="console.%N"
+GLOBAL logopts="sanitize,timestamp"
+EOF
+fi
+%if 0%{?have_sysuser}
+%define user_home %_localstatedir%_rundir/%{?conmandir}
+%define user_descr Connection Manager service
+echo -en "u %conman_u - \"%user_descr\" %user_home\nm %conman_u dialout\n" > system-user-%{name}.conf
+%sysusers_generate_pre system-user-%{name}.conf %{name} system-user-%{name}.conf
+install -D -m 644 system-user-%{name}.conf %{buildroot}%{_sysusersdir}/system-user-%{name}.conf
+%endif
+
+%if 0%{?have_systemd}
+%pre %{?have_sysuser:-f %{name}.pre}
+%service_add_pre conman.service
+%endif
+
+%preun
+%if 0%{?have_systemd}
+%service_del_preun conman.service
+%else
+%{stop_on_removal conman}
+%endif
+
+%post
+%define migrated conman_user_migrated
+%fillup_only conman
+%if 0%{?have_systemd}
+%{?tmpfiles_create:%{tmpfiles_create %{_tmpfilesdir}/%{name}.conf}}
+%service_add_post conman.service
+[ -d %_localstatedir/lib/conman ] || mkdir %_localstatedir/lib/conman || :
+if [ $1 -eq 2 -a ! -e %_localstatedir/lib/conman/%migrated ]; then
+    tmpfile=$(mktemp /tmp/tmp-XXXX)
+    sed  -e "s@^\(server\)\|\(SERVER\) \+logdir=.*@SERVER logdir=\"/var/log/%{?conmandir}\"@" \
+	-e "s@^\(server\)\|\(SERVER\) \+logfile=.*@SERVER logfile=\"/var/log/%{?conmandir}conman.log\"@" \
+	-e "s@^\(server\)\|\(SERVER\) \+pidfile=.*@SERVER pidfile=\"/var/run/%{?conmandir}conman.pid\"@" \
+	< /etc/conman.conf > $tmpfile
+    if ! cmp /etc/conman.conf $tmpfile; then
+	mv /etc/conman.conf /etc/conman.conf.rpmsave
+	mv -Z $tmpfile /etc/conman.conf
+	chown %conman_u:%conman_g /etc/conman.conf
+	cat > %_localstatedir/adm/update-messages/%{name}-%{version}-%{release}-%{name}.txt <<EOF
+
+The conman configuration in %_sysconfdir/conman.conf has been updated to the new pid and log
+directory. Please check this file to make sure it is correct. The original version is available
+in /etc/conman.conf.rpmsave.
+EOF
+    else
+	rm $tmpfile
+    fi
+fi
+touch %_localstatedir/lib/conman/%migrated || :
+%endif
+
+%postun
+%if 0%{?have_systemd}
+[ $1 -eq 0 ] && rm -rf %_localstatedir/lib/conman
+%service_del_postun conman.service
+%else
+%{restart_on_update conman}
+%endif
+
+%if 0%{?sle_version} > 120200 || 0%{?suse_version} > 1320
+%define files_license %license
+%else
+%define files_license %doc
+%endif
+
+%files
+%defattr(-,root,root,-)
+%doc AUTHORS
+%doc DISCLAIMER*
+%doc FAQ
+%files_license COPYING
+%doc NEWS
+%doc README
+%doc PLATFORMS
+%doc README.md
+%doc THANKS
+%config(noreplace) %attr(-,%conman_u,%conman_g) %{_sysconfdir}/conman.conf
+%config(noreplace) %{_sysconfdir}/logrotate.d/conman
+%if 0%{?conmandir:1}
+%dir %attr(-,%conman_u,%conman_g) %{_localstatedir}/log/conman
+%{_tmpfilesdir}/%{name}.conf
+%endif
+%{_fillupdir}/sysconfig.conman
+%{_bindir}/*
+%{_sbindir}/*
+%{_prefix}/share/conman
+%if 0%{?have_systemd}
+%{_prefix}/lib/systemd/*
+%else
+%{_sysconfdir}/init.d/*
+%endif
+%{_mandir}/*/*
+%{?have_sysuser:%{_sysusersdir}/system-user-%{name}.conf}
+
+%changelog