From 388e334495653e51a86159c5b485b1b8b7cba8d09f15065257aaecc2c806cdf5 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Thu, 9 Jan 2025 12:16:44 +0000 Subject: [PATCH] - Fix post install script for SELinux: when moving temporary file to final destination, remove temporary file security context (boo#1235443). OBS-URL: https://build.opensuse.org/package/show/network:cluster/conman?expand=0&rev=47 --- .gitattributes | 23 +++ .gitignore | 1 + _service | 5 + conman-0.3.1.tar.gz | 3 + conman-suse-fix-expect-scripts.patch | 22 +++ conman.changes | 208 ++++++++++++++++++++++ conman.service.in | 12 ++ conman.spec | 257 +++++++++++++++++++++++++++ 8 files changed, 531 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 conman-0.3.1.tar.gz create mode 100644 conman-suse-fix-expect-scripts.patch create mode 100644 conman.changes create mode 100644 conman.service.in create mode 100644 conman.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..5d571b0 --- /dev/null +++ b/_service @@ -0,0 +1,5 @@ + + + yes + + diff --git a/conman-0.3.1.tar.gz b/conman-0.3.1.tar.gz new file mode 100644 index 0000000..e2c52e8 --- /dev/null +++ b/conman-0.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd47d3d9a72579b470dd73d85cd3fec606fa5659c728ff3c1c57e970f4da72a2 +size 169716 diff --git a/conman-suse-fix-expect-scripts.patch b/conman-suse-fix-expect-scripts.patch new file mode 100644 index 0000000..dd2fbe3 --- /dev/null +++ b/conman-suse-fix-expect-scripts.patch @@ -0,0 +1,22 @@ +Index: conman-0.2.7/scripts/exec/ssh.exp +=================================================================== +--- conman-0.2.7.orig/scripts/exec/ssh.exp ++++ conman-0.2.7/scripts/exec/ssh.exp +@@ -166,7 +166,7 @@ expect { + } + exp_continue -continue_timer + } +- -re "^$user@.* password: \$" { ++ -re "^.assword: \$" { + if {$authenticated == 0} { + send "$pswd\r" + incr authenticated +@@ -176,7 +176,7 @@ expect { + exit 1 + } + } +- -re "(:|#|%|\\\$) \$" { ++ -re "(:|#|%|>|\\\$) \$" { + ; + } + -re "\[^\r]*\r+\n" { diff --git a/conman.changes b/conman.changes new file mode 100644 index 0000000..4009c9b --- /dev/null +++ b/conman.changes @@ -0,0 +1,208 @@ +------------------------------------------------------------------- +Thu Jan 9 10:20:35 UTC 2025 - Egbert Eich + +- Fix post install script for SELinux: when moving temporary file + to final destination, remove temporary file security context + (boo#1235443). + +------------------------------------------------------------------- +Mon Feb 26 11:02:44 UTC 2024 - Dominique Leuenberger + +- Use %autosetup macro. Allows to eliminate the usage of deprecated + PatchN. + +------------------------------------------------------------------- +Mon Dec 12 13:33:27 UTC 2022 - Antoine Ginies + +- update to version 0.3.1: + * Fixed username/password use in libipmiconsole.conf. (e59f5e4) + * Added more console logfile conversion specifiers. (96ede96, 5a189f6) + * Added conmen '-T' cmdline opt to specify terminal emulator. (a11c6f4) + * Added rpm source file verification. (f86c123) + * Revamped autotools config. (547db3c) + * Added configure opts for systemd/sysvinit. (3e303e6) + * Added configure runstatedir support. (bb415e0) + * Fixed installation directory variable substitution. (7642609) + * Removed autotools-generated files from version control. (44168a4) + * general move of files from /usr/lib/conman to /usr/share/conman + +------------------------------------------------------------------- +Fri Oct 15 16:11:42 UTC 2021 - Egbert Eich + +- Typo fix to sysuser file. + +------------------------------------------------------------------- +Thu Sep 30 08:41:44 UTC 2021 - Egbert Eich + +- Utilize sysuser infrastructure to set user/group conman. + +------------------------------------------------------------------- +Wed Jun 12 14:18:23 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +------------------------------------------------------------------- +Tue Sep 25 07:40:26 UTC 2018 - eich@suse.com + +- Update to conman-0.3.0 (2018-09-15): (jsc#SLE-8514) + * Fixed slow connects to Unix socket consoles triggered from + inotify. (#28,#29). + * Obsoletes: Reset-delay-for-unixsock-connect-from-inotify.patch + +------------------------------------------------------------------- +Sat Sep 22 13:30:56 UTC 2018 - eich@suse.com + +- Add Requires(post): %fillup_prereq sed. + +------------------------------------------------------------------- +Thu Aug 23 10:01:18 UTC 2018 - eich@suse.com + +- Update to version 0.2.9: + - Allowed IPMI defaults to be overridden via libipmiconsole.conf. (#27) + - Updated recognized strings for IPMI workaround-flags (FATE#326641). + +------------------------------------------------------------------- +Thu Aug 23 09:48:06 UTC 2018 - eich@suse.com + +- Replace + If-connect-fails-let-other-side-accept-connection-and-come-back.patch + by: + Reset-delay-for-unixsock-connect-from-inotify.patch: + Upstream chose to fix bsc#1101647 slightly differently. + +------------------------------------------------------------------- +Wed Jul 18 13:08:03 UTC 2018 - eich@suse.com + +- If-connect-fails-let-other-side-accept-connection-and-come-back.patch: + Make sure conmand connects to a newly created UNIX socket with + minimal delay. The implementation uses inotify, however this triggers + when the other side bind()s to the socket, however a connection is + not possible until the other side calls listen(). + Thus if the connection fails, reset the poll() timeout to return to + connect() as soon as possible (bsc#1101647). +- Support %license in a backward compatible way. + +------------------------------------------------------------------- +Thu Mar 8 20:14:50 UTC 2018 - eich@suse.com + +- Do not look for the ttyS* group - it should be dialout + always (boo#1084571). +- Fix shebang - remove /usr/bin/env. + +------------------------------------------------------------------- +Fri Feb 16 13:15:00 UTC 2018 - eich@suse.com + +- Add the conman user to the group of the ttyS* devices + (boo#1081217). +- Only update config file for new user once, save backup + copy. + +------------------------------------------------------------------- +Wed Jan 10 19:27:27 UTC 2018 - eich@suse.com + +- Fix conman for non-root user: + * create rundir + * create logdir + * set user/group only when set to non-root + * fix rundir and logdir in config file on update (boo#1081217). + +------------------------------------------------------------------- +Thu Nov 23 13:54:08 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Mon Oct 9 06:39:12 UTC 2017 - eich@suse.com + +- Set usr/group for conman to root/root on SLE12 for backward + compatibility. + +------------------------------------------------------------------- +Fri Oct 6 13:59:27 UTC 2017 - eich@suse.com + +- Updated to version 0.2.8: + * Changed project homepage to . (#21) + * Changed conman.conf default loopback setting to ON. + * Changed rpm spec file from sysvinit to systemd. + * Added 'server nofile' config directive to increase NOFILE limit. (#17) + * Added '-P' cmdline opt to daemon for specifying pidfile. (#20) + * Added test console device to aid in development and testing. + * Fixed telnet option negotiation loop. (#9) + * Fixed arbitrary limit on number of IPMI SOL consoles. (#15) + * Fixed 4-character limit on timezones. (#16) + * Fixed 1-second delay when connecting the client to a console. + * Fixed UDS console reconnect delay to use exponential timeout. + * Fixed UDS console reconnect delay to require min connect time before reset. + * Fixed UDS console resource leak of pathname during config processing. + * Fixed all gcc, clang, and Coverity Scan warnings. + * Improved scalability of daemon. + (FATE#324170). + +------------------------------------------------------------------- +Mon Aug 14 13:42:48 UTC 2017 - eich@suse.com + +- Enable tcpwrappers on all platforms by default. +- Fix systemd-specific conditionals in spec file. +- Remove Provides: group/user(): these are only + used by conman, there is no intention to provide + them to other packages. + +------------------------------------------------------------------- +Sat Jun 3 01:50:39 UTC 2017 - jjolly@suse.com + +- conman service configured to start as conman:conman user + +------------------------------------------------------------------- +Fri Jun 2 23:01:00 UTC 2017 - jjolly@suse.com + +- conman-suse-fix-expect-scripts.patch: + Fixed ssh expect script for SUSE-specific output. + +------------------------------------------------------------------- +Mon May 8 10:51:34 UTC 2017 - eich@suse.com + +- conman.conf: make differences between openSUSE and SLES explicit. + +------------------------------------------------------------------- +Sat Feb 18 15:53:36 UTC 2017 - jengelh@inai.de + +- Replace unnecessary %__ macro indirections + +------------------------------------------------------------------- +Wed Feb 15 17:48:57 UTC 2017 - eich@suse.com + +- Cleaned up spec file: add generic defines to the top. + +------------------------------------------------------------------- +Tue Jan 17 13:53:52 UTC 2017 - eich@suse.com + +- Removed stray file. +- Conditionalized support for freeipmi to distro version. +- Set use of tcpwrappers to 'off' by default. +- Fixed build for pre-systemd versions. + +------------------------------------------------------------------- +Wed Jan 4 16:41:33 UTC 2017 - eich@suse.com + +- Removed %clean section. + +------------------------------------------------------------------- +Mon Nov 21 11:42:38 UTC 2016 - eich@suse.com + +- List directories under /lib explicitely to avoid conflicts + with directories for debuginfo. + +------------------------------------------------------------------- +Mon Nov 14 15:07:19 UTC 2016 - pmladek@suse.com + +- Call %fillup_only without -d parameter. Otherwise, it installed + the file into /etc/sysconfig/%{2}/conman because none subdir was + not defined. + +------------------------------------------------------------------- +Mon Nov 7 12:31:49 UTC 2016 - eich@suse.com + +- Initial packaging of conman v 0.2.7. + diff --git a/conman.service.in b/conman.service.in new file mode 100644 index 0000000..04635e3 --- /dev/null +++ b/conman.service.in @@ -0,0 +1,12 @@ +[Unit] +Description=ConMan Console Management Daemon +After=network.target + +[Service] +Type=forking +User=@conman_u@ +Group=@conman_g@ +ExecStart=/usr/sbin/conmand -c /etc/conman.conf + +[Install] +WantedBy=multi-user.target diff --git a/conman.spec b/conman.spec new file mode 100644 index 0000000..f1210d9 --- /dev/null +++ b/conman.spec @@ -0,0 +1,257 @@ +# +# spec file for package conman +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + +%if 0%{?suse_version} > 1140 +%define have_systemd 1 + %ifarch x86_64 + %define have_freeipmi 1 + %endif +%endif + +%if 0%{?have_systemd} + %if 0%{?sle_version} >= 150000 || 0%{?is_opensuse} + %define conmandir conman/ + %define conman_g %name + %define conman_u %name + %define have_sysuser 1 + %else + %define conman_g root + %define conman_u root + %endif +%else + %define conman_g root + %define conman_u daemon +%endif + +Name: conman +Version: 0.3.1 +Release: 0 + +Summary: The Console Manager +License: GPL-3.0-or-later +Group: System/Console +URL: http://dun.github.io/conman/ + +Requires: expect +Requires: logrotate + +BuildRequires: tcpd-devel +%if 0%{?have_freeipmi} +BuildRequires: freeipmi-devel +%endif +Source0: https://github.com/dun/conman/archive/%{name}-%{version}.tar.gz +Source1: %{name}.service.in +%if 0%{?have_systemd} +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(systemd) +%{?have_sysuser:BuildRequires: sysuser-tools} +%{?systemd_requires} +Requires(pre): shadow +Requires(post): %fillup_prereq sed +Requires(postun): coreutils +%endif + +Patch1: conman-suse-fix-expect-scripts.patch + +# 8/15/14 karl.w.schulz@intel.com - include prereq +%if 0%{?sles_version} || 0%{?suse_version} +PreReq: %{fillup_prereq} +%endif + +%description +ConMan is a serial console management program designed to support a large +number of console devices and simultaneous users. It supports: + - local serial devices + - remote terminal servers (via the telnet protocol) + - IPMI Serial-Over-LAN (via FreeIPMI) + - Unix domain sockets + - external processes (eg, using Expect for telnet/ssh/ipmi-sol connections) + +Its features include: + - logging (and optionally timestamping) console device output to file + - connecting to consoles in monitor (R/O) or interactive (R/W) mode + - allowing clients to share or steal console write privileges + - broadcasting client output to multiple consoles + +%prep +%autosetup -p1 -n %{name}-%{name}-%{version} + +%build +./bootstrap +%configure --with-tcp-wrappers \ +%if 0%{?have_freeipmi} + --with-freeipmi \ +%endif + +make %{?_smp_mflags} + +%install +%make_install + +%if 0%{?have_systemd} +mkdir -p %{buildroot}%{_unitdir} +sed -e "s/@conman_u@/%conman_u/" -e "s/@conman_g@/%conman_g/" <%{SOURCE1} >%{buildroot}%{_unitdir}/%{name}.service +chmod 0644 %{buildroot}%{_unitdir}/%{name}.service +rm -rf %{buildroot}%{_sysconfdir}/init.d +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcconman +%else +awk "/END INIT INFO/ { print \"# Default-Start: 3 5\"; } {print;}" \ + %{buildroot}%_sysconfdir/init.d/conman > %{buildroot}%_sysconfdir/init.d/conman.tmp +mv %{buildroot}%_sysconfdir/init.d/conman.tmp %{buildroot}%_sysconfdir/init.d/conman +ln -s %{_sysconfdir}/init.d/conman %{buildroot}%{_sbindir}/rcconman +chmod u+x %{buildroot}%{_sysconfdir}/init.d/conman +%endif +mkdir -p %{buildroot}%{_fillupdir} +mv etc/conman.sysconfig \ + %{buildroot}%{_fillupdir}/sysconfig.conman +for i in $(find %{buildroot}/usr/share/conman) ; do + if [ -f $i -a -x $i ]; then + if ! head -1 $i | grep "^#!"; then + echo "#!/usr/bin/expect -f" > /tmp/$(basename $i) + cat $i >> /tmp/$(basename $i) + mv /tmp/$(basename $i) $i + chmod 0755 $i + fi + fi +done +sed -i -e '1 s@#!.*/bin/env perl@#!%{_bindir}/perl@' \ + %{buildroot}%{_bindir}/conmen + +%if 0%{?conmandir:1} +mkdir -p %{buildroot}%{_tmpfilesdir} +cat >> %{buildroot}%{_tmpfilesdir}/%{name}.conf < /dev/null; then + cat <> %{buildroot}/etc/conman.conf +SERVER keepalive=ON +SERVER logdir="/var/log/%{?conmandir}" +SERVER logfile="/var/log/%{?conmandir}conman.log" +SERVER loopback=ON +SERVER pidfile="/var/run/%{?conmandir}conman.pid" +SERVER tcpwrappers=ON +SERVER timestamp=1h +GLOBAL seropts="115200,8n1" +GLOBAL log="console.%N" +GLOBAL logopts="sanitize,timestamp" +EOF +fi +%if 0%{?have_sysuser} +%define user_home %_localstatedir%_rundir/%{?conmandir} +%define user_descr Connection Manager service +echo -en "u %conman_u - \"%user_descr\" %user_home\nm %conman_u dialout\n" > system-user-%{name}.conf +%sysusers_generate_pre system-user-%{name}.conf %{name} system-user-%{name}.conf +install -D -m 644 system-user-%{name}.conf %{buildroot}%{_sysusersdir}/system-user-%{name}.conf +%endif + +%if 0%{?have_systemd} +%pre %{?have_sysuser:-f %{name}.pre} +%service_add_pre conman.service +%endif + +%preun +%if 0%{?have_systemd} +%service_del_preun conman.service +%else +%{stop_on_removal conman} +%endif + +%post +%define migrated conman_user_migrated +%fillup_only conman +%if 0%{?have_systemd} +%{?tmpfiles_create:%{tmpfiles_create %{_tmpfilesdir}/%{name}.conf}} +%service_add_post conman.service +[ -d %_localstatedir/lib/conman ] || mkdir %_localstatedir/lib/conman || : +if [ $1 -eq 2 -a ! -e %_localstatedir/lib/conman/%migrated ]; then + tmpfile=$(mktemp /tmp/tmp-XXXX) + sed -e "s@^\(server\)\|\(SERVER\) \+logdir=.*@SERVER logdir=\"/var/log/%{?conmandir}\"@" \ + -e "s@^\(server\)\|\(SERVER\) \+logfile=.*@SERVER logfile=\"/var/log/%{?conmandir}conman.log\"@" \ + -e "s@^\(server\)\|\(SERVER\) \+pidfile=.*@SERVER pidfile=\"/var/run/%{?conmandir}conman.pid\"@" \ + < /etc/conman.conf > $tmpfile + if ! cmp /etc/conman.conf $tmpfile; then + mv /etc/conman.conf /etc/conman.conf.rpmsave + mv -Z $tmpfile /etc/conman.conf + chown %conman_u:%conman_g /etc/conman.conf + cat > %_localstatedir/adm/update-messages/%{name}-%{version}-%{release}-%{name}.txt < 120200 || 0%{?suse_version} > 1320 +%define files_license %license +%else +%define files_license %doc +%endif + +%files +%defattr(-,root,root,-) +%doc AUTHORS +%doc DISCLAIMER* +%doc FAQ +%files_license COPYING +%doc NEWS +%doc README +%doc PLATFORMS +%doc README.md +%doc THANKS +%config(noreplace) %attr(-,%conman_u,%conman_g) %{_sysconfdir}/conman.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/conman +%if 0%{?conmandir:1} +%dir %attr(-,%conman_u,%conman_g) %{_localstatedir}/log/conman +%{_tmpfilesdir}/%{name}.conf +%endif +%{_fillupdir}/sysconfig.conman +%{_bindir}/* +%{_sbindir}/* +%{_prefix}/share/conman +%if 0%{?have_systemd} +%{_prefix}/lib/systemd/* +%else +%{_sysconfdir}/init.d/* +%endif +%{_mandir}/*/* +%{?have_sysuser:%{_sysusersdir}/system-user-%{name}.conf} + +%changelog