Accepting request 1305296 from network

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1305296
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tayga?expand=0&rev=6

harden-services.patch

@@ -0,0 +1,65 @@
+Index: tayga-0.9.5/tayga.service
+===================================================================
+--- tayga-0.9.5.orig/tayga.service
++++ tayga-0.9.5/tayga.service
+@@ -1,11 +1,24 @@
+ [Unit]
+ Description=Simple, no-fuss NAT64
+-After=network.target
++After=syslog.target network.target firewall.target
+ 
+ [Service]
+ Type=simple
+-PrivateTmp=true
++ExecStartPre=/usr/sbin/tayga_setup_tun
+ ExecStart=/usr/sbin/tayga -d --config /etc/tayga.conf
++ExecStopPost=/usr/sbin/tayga_destroy_tun
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++PrivateTmp=true
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions
+ 
+ [Install]
+ WantedBy=multi-user.target
+Index: tayga-0.9.5/tayga@.service
+===================================================================
+--- tayga-0.9.5.orig/tayga@.service
++++ tayga-0.9.5/tayga@.service
+@@ -1,6 +1,6 @@
+ [Unit]
+-Description=Simple, no-fuss NAT64
+-After=network.target
++Description=Simple, no-fuss NAT64 instance %i
++After=syslog.target network.target firewall.target
+ 
+ [Service]
+ # To set up an extra tayga service instance, create a new tayga config in
+@@ -9,8 +9,19 @@ After=network.target
+ # systemctl enable tayga@instancename.service
+ 
+ Type=simple
+-PrivateTmp=true
+ ExecStart=/usr/sbin/tayga -d --config /etc/tayga/%i.conf
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++PrivateTmp=true
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions
+ 
+ [Install]
+ WantedBy=multi-user.target

tayga-0.9.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2b1f7927a9d2dcff9095aff3c271924b052ccfd2faca9588b277431a44f0009c
-size 86022

tayga-0.9.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d44cc1158f60623d1bcd245f811957a162092c8f5e725489438de12e5500ae49
+size 143392

tayga-obey-cflags.diff

@@ -1,13 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 3d2a6c9..fe7cd17 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -5,7 +5,7 @@ AC_CONFIG_HEADERS(config.h)
- 
- AC_PROG_CC
- 
--CFLAGS='-g -Wall'
-+CFLAGS+=' -g -Wall'
- 
- tayga_conf_path=${sysconfdir}/tayga.conf
- 

tayga.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Sun Aug 10 02:20:15 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- force newer gcc to fix build on 15.x
+
+-------------------------------------------------------------------
+Sun Aug 10 02:17:09 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- disable 32bit architectures
+
+-------------------------------------------------------------------
+Sun Aug 10 02:15:03 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- drop our own copy of tayga.service and apply our hardening to the
+  upstream unit files
+  - adds harden-services.patch
+
+-------------------------------------------------------------------
+Sun Aug 10 01:58:47 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 0.9.5
+  Upstream moved to https://github.com/apalrd/tayga
+  https://github.com/apalrd/tayga/releases/tag/0.9.5
+  https://github.com/apalrd/tayga/releases/tag/0.9.4
+- drop patches
+  tayga-obey-cflags.diff
+  tayga-fix-gcc14.patch
+
+-------------------------------------------------------------------
+Sat Nov  2 20:31:20 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Add patch:
+  * tayga-fix-gcc14.patch
+
 -------------------------------------------------------------------
 Mon Feb 26 11:17:23 UTC 2024 - pgajdos@suse.com
 

tayga.service

@@ -1,23 +0,0 @@
-[Unit]
-Description=Simple, no-fuss NAT64 for Linux
-After=syslog.target network.target firewall.target
-
-[Service]
-# added automatically, for details please see
-# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
-ProtectSystem=full
-ProtectHome=true
-ProtectHostname=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-RestrictRealtime=true
-# end of automatic additions 
-Type=forking
-ExecStartPre=/usr/sbin/tayga_setup_tun
-ExecStart=/usr/sbin/tayga
-ExecStopPost=/usr/sbin/tayga_destroy_tun
-
-[Install]
-WantedBy=multi-user.target

tayga.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package tayga
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,20 +16,23 @@
 #
 
 
+%if 0%{?suse_version} == 1500
+%global force_gcc_version 14
+%endif
+
 Name:           tayga
-Version:        0.9.2
+Version:        0.9.5
 Release:        0
 Summary:        Out-of-kernel stateless NAT64 implementation
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Other
 URL:            http://www.litech.org/tayga/
-Source0:        http://www.litech.org/tayga/%{name}-%{version}.tar.bz2
+Source0:        https://github.com/apalrd/tayga/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        tayga_setup_tun
 Source2:        tayga_destroy_tun
-Source3:        tayga.service
-Patch0:         tayga-obey-cflags.diff
-BuildRequires:  autoconf
-BuildRequires:  automake
+Patch:          harden-services.patch
+ExcludeArch:    %{arm} %{i586}
+BuildRequires:  gcc%{?force_gcc_version}
 
 %description
 TAYGA is an out-of-kernel stateless NAT64 implementation for Linux that uses
@@ -42,16 +45,18 @@ dedicated NAT64 hardware would be overkill.
 sed -i 's|%{_localstatedir}/db/tayga|%{_localstatedir}/lib/tayga|g' tayga.conf.example
 
 %build
-autoreconf -fiv
-%configure
-%make_build
+%make_build CFLAGS="%{optflags}" V=1 RELEASE=1 CC="gcc%{?force_gcc_version:-%{force_gcc_version}}"
 
 %install
-%make_install
-mv %{buildroot}%{_sysconfdir}/tayga.conf{.example,}
+#make_install
 install -d %{buildroot}%{_var}/lib/tayga
-install -m 0755 %{SOURCE1} %{SOURCE2} %{buildroot}%{_sbindir}
-install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/tayga.service
+install -d %{buildroot}%{_sysconfdir}/tayga
+
+install -D -m 0644 tayga.conf.example %{buildroot}%{_sysconfdir}/tayga.conf
+install -D -m 0755 -t %{buildroot}%{_sbindir} tayga %{SOURCE1} %{SOURCE2}
+install -D -m 0644 -t %{buildroot}%{_unitdir}/ tayga.service tayga@.service
+install -D -m 0644 -t %{buildroot}%{_mandir}/man5/ *.5
+install -D -m 0644 -t %{buildroot}%{_mandir}/man8/ *.8
 ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rctayga
 
 %pre
@@ -67,10 +72,12 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rctayga
 %service_del_postun tayga.service
 
 %files
-%license COPYING
-%doc README
+%license LICENSE
+%doc README.md
+%doc *.sh
 %config(noreplace) %{_sysconfdir}/tayga.conf
-%dir %{_var}/lib/tayga
+%dir %{_sysconfdir}/tayga/
+%dir %{_var}/lib/tayga/
 %{_sbindir}/tayga
 %{_sbindir}/rctayga
 %{_sbindir}/tayga_setup_tun
@@ -78,5 +85,6 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rctayga
 %{_mandir}/man5/tayga.conf.5%{?ext_man}
 %{_mandir}/man8/tayga.8%{?ext_man}
 %{_unitdir}/tayga.service
+%{_unitdir}/tayga@.service
 
 %changelog