From 0a7ef6802015bb5bd9253c55bb8be293270fd9539e245c46e39b85dfd516cf11 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Wed, 23 Mar 2011 17:27:05 +0000 Subject: [PATCH 1/6] - register via bonjour by default OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=9 --- ...al-host-name-instead-of-qsRegName-via.diff | 31 +++++++++++++++++++ mumble.changes | 5 +++ mumble.spec | 2 ++ 3 files changed, 38 insertions(+) create mode 100644 0001-register-the-local-host-name-instead-of-qsRegName-via.diff diff --git a/0001-register-the-local-host-name-instead-of-qsRegName-via.diff b/0001-register-the-local-host-name-instead-of-qsRegName-via.diff new file mode 100644 index 0000000..19f489a --- /dev/null +++ b/0001-register-the-local-host-name-instead-of-qsRegName-via.diff @@ -0,0 +1,31 @@ +From e05c7781954601d81da1770235d99e5f25b85393 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Wed, 23 Mar 2011 18:23:47 +0100 +Subject: [PATCH mumble] register the local host name instead of qsRegName via bonjour + +no qsRegName means not registering via bonjour. Setting qsRegName +causes a warning wrt public registration. So just use the local host +name instead. +--- + src/murmur/Server.cpp | 5 +++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp +index d173e9e..b52d576 100644 +--- a/src/murmur/Server.cpp ++++ b/src/murmur/Server.cpp +@@ -467,8 +467,9 @@ void Server::setLiveConf(const QString &key, const QString &value) { + void Server::initBonjour() { + bsRegistration = new BonjourServer(); + if (bsRegistration->bsrRegister) { +- log("Announcing server via bonjour"); +- bsRegistration->bsrRegister->registerService(BonjourRecord(qsRegName, "_mumble._tcp", ""), ++ QString name = QHostInfo::localHostName(); ++ log(QString("Announcing %1 via bonjour").arg(name)); ++ bsRegistration->bsrRegister->registerService(BonjourRecord(name, "_mumble._tcp", ""), + usPort); + } + } +-- +1.7.3.4 + diff --git a/mumble.changes b/mumble.changes index 6d2ffd8..f583ba6 100644 --- a/mumble.changes +++ b/mumble.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 23 17:26:38 UTC 2011 - lnussel@suse.de + +- register via bonjour by default + ------------------------------------------------------------------- Tue Mar 8 16:07:54 UTC 2011 - lnussel@suse.de diff --git a/mumble.spec b/mumble.spec index 9e392bc..aa1fa42 100644 --- a/mumble.spec +++ b/mumble.spec @@ -81,6 +81,7 @@ Source2: mumble-server.init Patch0: 0001-fix-build-error-with-capability.h.diff Patch1: 0001-fix-user-switching.diff Patch2: 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff +Patch3: 0001-register-the-local-host-name-instead-of-qsRegName-via.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff @@ -146,6 +147,7 @@ won't be audible to other players. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 # %patch50 -p1 %if 0%{?suse_version} && 0%{?suse_version} < 1020 From 5502ef270bcb09927dec9497dda208b53cefcc86fa76fc90f3ffeaea8ad79316 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 24 Mar 2011 12:21:14 +0000 Subject: [PATCH 2/6] convert to branch OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=10 --- ...e-is-empty-don-t-pass-an-empty-string.diff | 28 +++++++++++++++++ ...al-host-name-instead-of-qsRegName-via.diff | 31 ------------------- mumble.spec | 2 +- 3 files changed, 29 insertions(+), 32 deletions(-) create mode 100644 0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff delete mode 100644 0001-register-the-local-host-name-instead-of-qsRegName-via.diff diff --git a/0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff b/0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff new file mode 100644 index 0000000..583fc62 --- /dev/null +++ b/0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff @@ -0,0 +1,28 @@ +From d2a97b874e55ad156781a2762ff32ae9566de495 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Thu, 24 Mar 2011 09:04:53 +0100 +Subject: [PATCH mumble] if service name is empty don't pass an empty string + +DNSServiceRegister uses the local host name if the name is NULL but does nothing if it's empty +--- + src/bonjour/bonjourserviceregister.cpp | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/bonjour/bonjourserviceregister.cpp b/src/bonjour/bonjourserviceregister.cpp +index a818d8c..5f82779 100644 +--- a/src/bonjour/bonjourserviceregister.cpp ++++ b/src/bonjour/bonjourserviceregister.cpp +@@ -53,7 +53,9 @@ void BonjourServiceRegister::registerService(const BonjourRecord &record, quint1 + } + #endif + +- DNSServiceErrorType err = DNSServiceRegister(&dnssref, 0, 0, record.serviceName.toUtf8().constData(), ++ DNSServiceErrorType err = DNSServiceRegister(&dnssref, 0, 0, ++ record.serviceName.isEmpty() ? 0 ++ : record.serviceName.toUtf8().constData(), + record.registeredType.toUtf8().constData(), + record.replyDomain.isEmpty() ? 0 + : record.replyDomain.toUtf8().constData(), 0, +-- +1.7.3.4 + diff --git a/0001-register-the-local-host-name-instead-of-qsRegName-via.diff b/0001-register-the-local-host-name-instead-of-qsRegName-via.diff deleted file mode 100644 index 19f489a..0000000 --- a/0001-register-the-local-host-name-instead-of-qsRegName-via.diff +++ /dev/null @@ -1,31 +0,0 @@ -From e05c7781954601d81da1770235d99e5f25b85393 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Wed, 23 Mar 2011 18:23:47 +0100 -Subject: [PATCH mumble] register the local host name instead of qsRegName via bonjour - -no qsRegName means not registering via bonjour. Setting qsRegName -causes a warning wrt public registration. So just use the local host -name instead. ---- - src/murmur/Server.cpp | 5 +++-- - 1 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp -index d173e9e..b52d576 100644 ---- a/src/murmur/Server.cpp -+++ b/src/murmur/Server.cpp -@@ -467,8 +467,9 @@ void Server::setLiveConf(const QString &key, const QString &value) { - void Server::initBonjour() { - bsRegistration = new BonjourServer(); - if (bsRegistration->bsrRegister) { -- log("Announcing server via bonjour"); -- bsRegistration->bsrRegister->registerService(BonjourRecord(qsRegName, "_mumble._tcp", ""), -+ QString name = QHostInfo::localHostName(); -+ log(QString("Announcing %1 via bonjour").arg(name)); -+ bsRegistration->bsrRegister->registerService(BonjourRecord(name, "_mumble._tcp", ""), - usPort); - } - } --- -1.7.3.4 - diff --git a/mumble.spec b/mumble.spec index aa1fa42..a593b2c 100644 --- a/mumble.spec +++ b/mumble.spec @@ -81,7 +81,7 @@ Source2: mumble-server.init Patch0: 0001-fix-build-error-with-capability.h.diff Patch1: 0001-fix-user-switching.diff Patch2: 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff -Patch3: 0001-register-the-local-host-name-instead-of-qsRegName-via.diff +Patch3: 0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff From d530b51fc557e631e55d010a4603a58171d4135a1ada1d96b5b1582757b446c7 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 24 Mar 2011 12:22:30 +0000 Subject: [PATCH 3/6] change baserev OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=11 --- mumble.spec | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/mumble.spec b/mumble.spec index a593b2c..275c7c6 100644 --- a/mumble.spec +++ b/mumble.spec @@ -1,3 +1,20 @@ +# +# spec file for package mumble +# +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + # norootforbuild %if 0%{?suse_version} > 1100 @@ -26,7 +43,7 @@ %bcond_with system_celt %bcond_without system_speex -Name: mumble%{?snapshot:-unstable} +Name: mumble BuildRequires: protobuf-devel %if %{with bonjour} %if 0%{?suse_version} @@ -49,21 +66,21 @@ BuildRequires: speex-devel %endif BuildRequires: boost-devel gcc-c++ %if 0%{?suse_version} -BuildRequires: libqt4-devel pkg-config update-desktop-files alsa-devel +BuildRequires: alsa-devel libqt4-devel pkg-config update-desktop-files %if 0%{?suse_version} > 1020 -BuildRequires: libopenssl-devel +BuildRequires: libopenssl-devel %else -BuildRequires: openssl-devel +BuildRequires: openssl-devel %endif %endif %if 0%{?fedora_version} -BuildRequires: qt4-devel pkgconfig libXevie-devel openssl-devel alsa-lib-devel +BuildRequires: alsa-lib-devel libXevie-devel openssl-devel pkgconfig qt4-devel %endif %if %{with ice} BuildRequires: ice-devel %endif %if 0%{?mandriva_version} -BuildRequires: qt4-devel qt4-linguist pkgconfig openssl-devel libxevie-devel alsa-lib-devel -alsa-plugins +BuildRequires: -alsa-plugins alsa-lib-devel libxevie-devel openssl-devel pkgconfig qt4-devel qt4-linguist BuildRequires: libxi-devel %endif %if %{with pulseaudio} @@ -96,7 +113,7 @@ Requires: libqt4 > 4.3.1-23 %endif # 10.3 %if 0%{?suse_version} == 1100 # the version shipped on 11.0 is insufficient -Requires: libspeex > 1.1.99.3 +Requires: libspeex > 1.1.99.3 %endif # 11.0 %endif # suse_version %if 0%{?fedora_version} @@ -127,13 +144,14 @@ characters, and has echo cancellation so the sound from your loudspeakers won't be audible to other players. %package server +License: BSD3c Summary: Voice Communication Server for Gamers Group: Productivity/Multimedia/Sound/Utilities Requires: qt-sql-sqlite PreReq: /usr/sbin/useradd %if 0%{?snapshot:1} -Conflicts: mumble-server < %version -Provides: mumble-server = %version +Conflicts: mumble-server < %version +Provides: mumble-server = %version %endif %description server @@ -169,6 +187,7 @@ done sed -i -e '/QT_REQUIRE_VERSION/d' src/mumble/main.cpp src/mumble11x/main.cpp %endif # + %build %if 0%{?fedora_version} ln -s /usr/bin/qmake-qt4 qmake @@ -341,6 +360,7 @@ cat >> %buildroot/etc/tmpfiles.d/mumble-server.conf </dev/null || \ %endif %config /etc/tmpfiles.d/mumble-server.conf %endif +%changelog From f73cd23d926a13038f25e11938933e15f1410ee81285416eeac39e00654f34fd Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 24 Mar 2011 12:23:48 +0000 Subject: [PATCH 4/6] - fix bonjour registration OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=12 --- mumble.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mumble.changes b/mumble.changes index f583ba6..28bd633 100644 --- a/mumble.changes +++ b/mumble.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Wed Mar 23 17:26:38 UTC 2011 - lnussel@suse.de -- register via bonjour by default +- fix bonjour registration ------------------------------------------------------------------- Tue Mar 8 16:07:54 UTC 2011 - lnussel@suse.de From e2822388d8c42da621551726b3805278e4d5de8df6e5e1b34b252073f55d4278 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 24 Mar 2011 13:43:17 +0000 Subject: [PATCH 5/6] - add apparmor profile OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=13 --- 0001-remove-CAP_NET_ADMIN.diff | 26 ++++++++++++++++++ mumble.changes | 5 ++++ mumble.spec | 11 ++++++++ murmur.apparmor | 48 ++++++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+) create mode 100644 0001-remove-CAP_NET_ADMIN.diff create mode 100644 murmur.apparmor diff --git a/0001-remove-CAP_NET_ADMIN.diff b/0001-remove-CAP_NET_ADMIN.diff new file mode 100644 index 0000000..42fcb4c --- /dev/null +++ b/0001-remove-CAP_NET_ADMIN.diff @@ -0,0 +1,26 @@ +From 6b365d33f10a9c4376bed058330d243c514b94a1 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Thu, 24 Mar 2011 14:29:35 +0100 +Subject: [PATCH mumble] remove CAP_NET_ADMIN + +QoS settings do not need CAP_NET_ADMIN anymore +--- + src/murmur/UnixMurmur.cpp | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/murmur/UnixMurmur.cpp b/src/murmur/UnixMurmur.cpp +index 9becf63..9e1c81c 100644 +--- a/src/murmur/UnixMurmur.cpp ++++ b/src/murmur/UnixMurmur.cpp +@@ -288,7 +288,7 @@ void UnixMurmur::initialcap() { + + void UnixMurmur::finalcap() { + #ifdef Q_OS_LINUX +- cap_value_t caps[] = {CAP_NET_ADMIN, CAP_SYS_RESOURCE}; ++ cap_value_t caps[] = {CAP_SYS_RESOURCE}; + struct rlimit r; + + if (! bRoot) +-- +1.7.3.4 + diff --git a/mumble.changes b/mumble.changes index 28bd633..fbc967e 100644 --- a/mumble.changes +++ b/mumble.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Mar 24 13:43:05 UTC 2011 - lnussel@suse.de + +- add apparmor profile + ------------------------------------------------------------------- Wed Mar 23 17:26:38 UTC 2011 - lnussel@suse.de diff --git a/mumble.spec b/mumble.spec index 275c7c6..69c72ed 100644 --- a/mumble.spec +++ b/mumble.spec @@ -95,10 +95,12 @@ Source: http://downloads.sourceforge.net/project/mumble/Mumble/%{version Source1: http://downloads.sourceforge.net/project/mumble/Mumble/%{version}/mumble-%{version}.tar.gz.sig %endif Source2: mumble-server.init +Source3: murmur.apparmor Patch0: 0001-fix-build-error-with-capability.h.diff Patch1: 0001-fix-user-switching.diff Patch2: 0001-open-log-file-early-so-log-dir-can-be-root-owned.diff Patch3: 0001-if-service-name-is-empty-don-t-pass-an-empty-string.diff +Patch4: 0001-remove-CAP_NET_ADMIN.diff Patch50: mumble-1.2.2-buildcompare.diff # hack, no clue about glx so no idea to fix this properly Patch99: mumble-1.1.4-sle10glx.diff @@ -166,6 +168,7 @@ won't be audible to other players. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 # %patch50 -p1 %if 0%{?suse_version} && 0%{?suse_version} < 1020 @@ -312,6 +315,11 @@ install -D -m 0755 release/mumble11x %{buildroot}%{_bindir}/mumble11x # server install -D -m 0755 release/murmurd "%{buildroot}%{_sbindir}/murmurd" install -D -m 0755 %{SOURCE2} %{buildroot}/etc/init.d/mumble-server +install -D -m 0755 %{SOURCE3} %{buildroot}/etc/apparmor.d/usr.sbin.murmurd +install -d -m 0755 %{buildroot}%{_bindir} +# can be launched as user too but apparmor profile doesn't make +# sense in that case. So use link to avoid the profile. +ln -s %{_sbindir}/murmurd %{buildroot}%{_bindir}/murmurd ln -s /etc/init.d/mumble-server %{buildroot}%{_sbindir}/rcmumble-server install -D -m 0644 scripts/murmur.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/mumble-server.conf install -D -m 0644 scripts/murmur.ini %{buildroot}%{_sysconfdir}/mumble-server.ini @@ -406,8 +414,11 @@ getent passwd mumble-server >/dev/null || \ %config %{_sysconfdir}/dbus-1/system.d/mumble-server.conf %config(noreplace) %{_sysconfdir}/mumble-server.ini /etc/init.d/mumble-server +%dir /etc/apparmor.d +/etc/apparmor.d/usr.sbin.murmurd %{_sbindir}/rcmumble-server %{_sbindir}/murmurd +%{_bindir}/murmurd %{_bindir}/murmur-user-wrapper %{_mandir}/man1/murmurd.* %{_mandir}/man1/murmur-user-wrapper.* diff --git a/murmur.apparmor b/murmur.apparmor new file mode 100644 index 0000000..aa9ac1e --- /dev/null +++ b/murmur.apparmor @@ -0,0 +1,48 @@ +# Last Modified: Thu Mar 24 13:33:08 2011 +#include + +/usr/sbin/murmurd { + #include + #include + #include + + /etc/ssl/certs/** r, + deny /usr/share/ssl/ r, + deny /usr/share/ssl/** r, + +# FIXME: mumble has weird capability handling. None of the first four should be +# needed if the code is adjusted + capability dac_override, + capability setgid, + capability setuid, + capability chown, + +# needed for real time scheduling of the mixer threads + capability sys_resource, +# not needed anymore +# capability net_admin, + + network inet stream, + + /etc/mumble-server.ini rk, + /usr/bin/lsb_release cx, + /var/lib/mumble-server/ rwk, + /var/lib/mumble-server/** rwk, + /var/log/mumble-server/murmur.log w, + /var/run/mumble-server/mumble-server.pid w, + + profile /usr/bin/lsb_release { + #include + #include + + /bin/bash r, + /proc/meminfo r, + /usr/bin/getopt rix, + /usr/bin/head rix, + /bin/grep rix, + /bin/sed rix, + /usr/bin/cut rix, + /usr/bin/lsb_release r, + /etc/SuSE-release r, + } +} From e4ae84d1266ce3c2eb74195ddca8f84e2d1cea6365b0aedbf572b635d4648d8e Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Thu, 24 Mar 2011 13:52:56 +0000 Subject: [PATCH 6/6] fix apparmor profile OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=14 --- murmur.apparmor | 1 + 1 file changed, 1 insertion(+) diff --git a/murmur.apparmor b/murmur.apparmor index aa9ac1e..a23d7a6 100644 --- a/murmur.apparmor +++ b/murmur.apparmor @@ -5,6 +5,7 @@ #include #include #include + #include /etc/ssl/certs/** r, deny /usr/share/ssl/ r,