pool/nbd
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 627387 from home:luizluca:branches:network:utilities

Browse Source 
here we go again:

- Add firewalld service file
- Fix some rpmlint warnings:
  * 0001_fix_setgroup.patch (gh#NetworkBlockDevice/nbd#79)
  * Workaround macro-in-comment (rpmlint bug)

OBS-URL: https://build.opensuse.org/request/show/627387
OBS-URL: https://build.opensuse.org/package/show/network:utilities/nbd?expand=0&rev=58
This commit is contained in:
Martin Pluskal 2018-08-13 08:48:32 +00:00 committed by Git OBS Bridge
parent 8f8287197a
commit 3c69fdc662
4 changed files with 71 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001_fix_setgroup.patch Normal file
View File

@ -0,0 +1,30 @@
From 0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed Mon Sep 17 00:00:00 2001
From: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Date: Tue, 24 Jul 2018 15:59:39 -0300
Subject: [PATCH] server: clean supplementary groups when setuid
Upstream: merged
References: https://github.com/NetworkBlockDevice/nbd/commit/0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed
References: gh#NetworkBlockDevice/nbd#79
References: https://github.com/NetworkBlockDevice/nbd/pull/79
When nbd-server drops privileges, it was leaving supplementary
groups untouched. As nbd-server was normally dropping from root,
nbd-server kept membership to root supplementary groups.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
---
nbd-server.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/nbd-server.c b/nbd-server.c
index 1d1f4c8d..b0720ea1 100644
--- a/nbd-server.c
+++ b/nbd-server.c
@@ -3470,6 +3470,7 @@ void dousers(const gchar *const username, const gchar *const groupname) {
str = g_strdup_printf("Invalid user name: %s", username);
err(str);
}
+ setgroups(0, NULL);
if(setuid(pw->pw_uid)<0) {
err("Could not set UID: %m");
}

8
nbd.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Jul 24 19:31:37 UTC 2018 - luizluca@gmail.com
- Add firewalld service file
- Fix some rpmlint warnings:
* 0001_fix_setgroup.patch (gh#NetworkBlockDevice/nbd#79)
* Workaround macro-in-comment (rpmlint bug)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 9 14:47:47 UTC 2018 - mpluskal@suse.com Mon Jul 9 14:47:47 UTC 2018 - mpluskal@suse.com

6
nbd.firewalld Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NBD</short>
<description>The Network Block Device is a Linux-originated lightweight block access protocol that allows one to export a block device to a client.</description>
<port protocol="tcp" port="10809"/>
</service>

31
nbd.spec
View File

@ -16,6 +16,12 @@
# #
%if 0%{?suse_version} >= 1500
%define use_firewalld 1
%else
%define use_firewalld 0
%endif
Name: nbd Name: nbd
Version: 3.17 Version: 3.17
Release: 0 Release: 0
@ -28,6 +34,10 @@ Source1: %{name}-server.service
Source3: config.example Source3: config.example
Source4: nbd-server.sysconfig Source4: nbd-server.sysconfig
Source5: nbd-client.service Source5: nbd-client.service
#%%if %%{use_firewalld}
Source10: nbd.firewalld
#%%endif
Patch1: 0001_fix_setgroup.patch
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(glib-2.0) >= 2.26.0 BuildRequires: pkgconfig(glib-2.0) >= 2.26.0
@ -56,6 +66,7 @@ configure the nbd devices on the client side.
%prep %prep
%setup -q %setup -q
%patch1 -p1
%build %build
%configure %configure
@ -82,6 +93,11 @@ touch %{buildroot}%{_sysconfdir}/nbd-server/allow
install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/nbd-server/config.example install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/nbd-server/config.example
install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.%{name}-server install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.%{name}-server
# install firewall information file
%if %{use_firewalld}
install -D -m 644 %{SOURCE10} %{buildroot}%{_libexecdir}/firewalld/services/%{name}.xml
%endif
%post %post
export DISABLE_RESTART_ON_UPDATE=yes export DISABLE_RESTART_ON_UPDATE=yes
%service_add_post %{name}-server.service %service_add_post %{name}-server.service
@ -93,10 +109,12 @@ if test -e %{_sysconfdir}/nbd-server.conf; then
grep -vE '^(#|[[:blank:]]*$)' %{_sysconfdir}/nbd-server.conf | grep -vE '^(#|[[:blank:]]*$)' %{_sysconfdir}/nbd-server.conf |
while read port file opts; do while read port file opts; do
if test -z "$generic"; then if test -z "$generic"; then
echo > %{_sysconfdir}/nbd-server/config cat >%{_sysconfdir}/nbd-server/config <<-EOF
echo "[generic]" >> %{_sysconfdir}/nbd-server/config
echo " # No generic options yet" >> %{_sysconfdir}/nbd-server/config [generic]
echo >> %{_sysconfdir}/nbd-server/config # No generic options yet
EOF
generic=1 generic=1
fi fi
FN=${file%/*} FN=${file%/*}
@ -137,5 +155,10 @@ fi
%dir %{_libexecdir}/modules-load.d/ %dir %{_libexecdir}/modules-load.d/
%{_libexecdir}/modules-load.d/nbd.conf %{_libexecdir}/modules-load.d/nbd.conf
%{_fillupdir}/sysconfig.%{name}-server %{_fillupdir}/sysconfig.%{name}-server
%if %{use_firewalld}
%dir %{_libexecdir}/firewalld
%dir %{_libexecdir}/firewalld/services
%{_libexecdir}/firewalld/services/%{name}.xml
%endif
%changelog %changelog