diff --git a/vbox-fpie.diff b/vbox-fpie.diff new file mode 100644 index 0000000..8c8ac64 --- /dev/null +++ b/vbox-fpie.diff @@ -0,0 +1,20 @@ +Index: VirtualBox-4.1.8_OSE/Config.kmk +=================================================================== +--- VirtualBox-4.1.8_OSE.orig/Config.kmk ++++ VirtualBox-4.1.8_OSE/Config.kmk +@@ -3368,10 +3368,13 @@ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.darwi + ifeq ($(KBUILD_TARGET),linux) + # not necessary except USE_LIB_PCAP is defined in SUPR3HardenedMain.cpp + # TEMPLATE_VBOXR3HARDENEDEXE_LIBS += cap ++ TEMPLATE_VBOXR3HARDENEDEXE_CXXFLAGS.linux = $(TEMPLATE_VBOXR3EXE_CXXFLAGS.linux) -fPIE ++ TEMPLATE_VBOXR3HARDENEDEXE_CFLAGS.linux = $(TEMPLATE_VBOXR3EXE_CFLAGS.linux) -fPIE ++ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.linux = $(TEMPLATE_VBOXR3EXE_LDFLAGS.linux) -pie + endif + ifn1of ($(KBUILD_TARGET), win os2) +- TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS = $(filter-out '$(VBOX_GCC_RPATH_OPT)%,$(TEMPLATE_VBOXR3EXE_LDFLAGS)) +- TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.linux = $(filter-out $(VBOX_GCC_ORIGIN_OPT),$(TEMPLATE_VBOXR3EXE_LDFLAGS.linux)) ++ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS = $(filter-out '$(VBOX_GCC_RPATH_OPT)%,$(TEMPLATE_VBOXR3EXE_LDFLAGS)) -pie ++ TEMPLATE_VBOXR3HARDENEDEXE_LDFLAGS.linux = $(filter-out $(VBOX_GCC_ORIGIN_OPT),$(TEMPLATE_VBOXR3EXE_LDFLAGS.linux)) -pie + endif + + # diff --git a/vbox-vboxdrv-init-script.diff b/vbox-vboxdrv-init-script.diff index da3de5c..2675c50 100644 --- a/vbox-vboxdrv-init-script.diff +++ b/vbox-vboxdrv-init-script.diff @@ -2,15 +2,6 @@ Index: src/VBox/Installer/linux/vboxdrv.sh.in =================================================================== --- src/VBox/Installer/linux/vboxdrv.sh.in.orig +++ src/VBox/Installer/linux/vboxdrv.sh.in -@@ -3,7 +3,7 @@ - # Linux kernel module init script - - # --# Copyright (C) 2006-2010 Oracle Corporation -+# Copyright (C) 2007-2010 Oracle Corporation - # - # This file is part of VirtualBox Open Source Edition (OSE), as - # available from http://www.virtualbox.org. This file is free software; @@ -19,11 +19,12 @@ # ### BEGIN INIT INFO @@ -27,15 +18,6 @@ Index: src/VBox/Installer/linux/vboxdrv.sh.in ### END INIT INFO PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH -@@ -58,7 +59,7 @@ fi - - # silently exit if the package was uninstalled but not purged, - # applies to Debian packages only --[ -z "$DEBIAN" -o -x $VBOXMANAGE -a -x $BUILDVBOXDRV ] || exit 0 -+[ -z "$DEBIAN" -o -x $VBOXMANAGE -a -x $BUILDVBOXDRV ] || exit 1 - - if [ -n "$NOLSB" ]; then - if [ -f /etc/redhat-release ]; then @@ -195,13 +196,6 @@ start() fi fi diff --git a/vbox-vboxweb-init-script.diff b/vbox-vboxweb-init-script.diff new file mode 100644 index 0000000..bf81a84 --- /dev/null +++ b/vbox-vboxweb-init-script.diff @@ -0,0 +1,22 @@ +Index: VirtualBox-4.1.8_OSE/src/VBox/Installer/linux/vboxweb-service.sh.in +=================================================================== +--- VirtualBox-4.1.8_OSE.orig/src/VBox/Installer/linux/vboxweb-service.sh.in ++++ VirtualBox-4.1.8_OSE/src/VBox/Installer/linux/vboxweb-service.sh.in +@@ -20,7 +20,7 @@ + # Provides: vboxweb-service + # Required-Start: vboxdrv + # Required-Stop: vboxdrv +-# Default-Start: 2 3 4 5 ++# Default-Start: 2 3 5 + # Default-Stop: 0 1 6 + # Description: VirtualBox web service API + ### END INIT INFO +@@ -50,7 +50,7 @@ if [ -f /etc/redhat-release ]; then + PIDFILE="/var/lock/subsys/vboxweb-service" + elif [ -f /etc/SuSE-release ]; then + system=suse +- PIDFILE="/var/lock/subsys/vboxweb-service" ++ PIDFILE="/var/run/vboxweb-service" + elif [ -f /etc/debian_version ]; then + system=debian + PIDFILE="/var/run/vboxweb-service" diff --git a/vbox-visibility.diff b/vbox-visibility.diff new file mode 100644 index 0000000..d439155 --- /dev/null +++ b/vbox-visibility.diff @@ -0,0 +1,39 @@ +Index: VirtualBox-4.1.8_OSE/src/VBox/Main/webservice/Makefile.kmk +=================================================================== +--- VirtualBox-4.1.8_OSE.orig/src/VBox/Main/webservice/Makefile.kmk ++++ VirtualBox-4.1.8_OSE/src/VBox/Main/webservice/Makefile.kmk +@@ -194,7 +194,8 @@ ifdef VBOX_GSOAP_INSTALLED + # vboxsoap - Library used by both the programs (save build time). + # + LIBRARIES += vboxsoap +- vboxsoap_TEMPLATE = VBOXR3EXE ++ vboxsoap_TEMPLATE = VBOXVISIBILITY ++ + ifdef VBOX_USE_VCC80 + vboxsoap_CXXFLAGS.win += -bigobj + endif +@@ -410,7 +411,7 @@ $$(VBOX_JWSSRC_JAR): $$(VBOX_JWS_JAR) | + # webtest - webservice sample client in C++ + # + PROGRAMS += webtest +- webtest_TEMPLATE = VBOXR3EXE ++ webtest_TEMPLATE = VBOXVISIBILITY + ifdef VBOX_USE_VCC80 + webtest_CXXFLAGS.win += -bigobj + endif +Index: VirtualBox-4.1.8_OSE/Config.kmk +=================================================================== +--- VirtualBox-4.1.8_OSE.orig/Config.kmk ++++ VirtualBox-4.1.8_OSE/Config.kmk +@@ -3211,6 +3211,11 @@ TEMPLATE_VBOXR3EXE_CXXFLAGS.kprofile = + endif + endif + ++#enable visibility ++TEMPLATE_VBOXVISIBILITY = ommit -fvisibility=hidden flag ++TEMPLATE_VBOXVISIBILITY_EXTENDS = VBOXR3EXE ++TEMPLATE_VBOXVISIBILITY_CXXFLAGS = $(filter-out $(VBOX_GCC_fvisibility-hidden),$(TEMPLATE_VBOXR3EXE_CXXFLAGS)) ++ + # + # Template for building R3 shared objects / DLLs. + # This is mostly identical to the VBOXR3EXE template. (Avoid PIC if possible!) diff --git a/virtualbox.changes b/virtualbox.changes index d746446..088da09 100644 --- a/virtualbox.changes +++ b/virtualbox.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Sun Mar 18 08:18:34 UTC 2012 - mseben@gmail.com + +- use pie/fPIE for setuid binaries (vbox-fpie.diff) (bnc#743143) +- clean up virtualbox-60-vboxdrv.rules and use fillup_only for vbox sysconfig file +- added vbox-vboxweb-init-script.diff to use proper pid file and runlevels in vboxweb initscript + +------------------------------------------------------------------- +Wed Mar 14 20:45:06 UTC 2012 - mseben@gmail.com + +- enabled websrv feature, this feature is now provided by new subpackage virtualbox-websrv +- added vbox-visibility.diff to fix websrv build (ommit -fvisibility=hidden gcc flag for gsoap related builds) + ------------------------------------------------------------------- Thu Mar 8 15:16:01 UTC 2012 - idonmez@suse.com diff --git a/virtualbox.spec b/virtualbox.spec index 298eac0..81322bf 100644 --- a/virtualbox.spec +++ b/virtualbox.spec @@ -29,6 +29,11 @@ BuildRequires: hal-devel %if %suse_version >= 1210 BuildRequires: glibc-devel-static %endif +#gsoap and java needed for building webservice +BuildRequires: gsoap-devel +BuildRequires: libgsoap-devel +BuildRequires: java-1_6_0-openjdk-devel +# BuildRequires: LibVNCServer-devel BuildRequires: SDL-devel BuildRequires: bin86 @@ -99,9 +104,10 @@ Source12: %{name}-vboxes Source13: %{name}-sysconfig.vbox Source98: %{name}-%{version}-rpmlintrc Source99: %{name}-patch-source.sh -#rework init script +#rework init scripts to fit suse needs Patch1: vbox-vboxdrv-init-script.diff Patch2: vbox-vboxadd-init-script.diff +Patch3: vbox-vboxweb-init-script.diff #fix return values which trigger post build checks and coused build error - should goes to upstream Patch4: vbox-ret-in-nonvoid-fnc.diff #fix/enable config (rpath, docs, VNC) @@ -113,6 +119,8 @@ Patch5: vbox-config.diff Patch6: vbox-smc-napa.diff #fix build of Python and dev package on openSUSE 11.3 Patch8: vbox-python-detection.diff +#fix build: we have to ommit gcc flag -fvisibility=hidden for soap related sources +Patch9: vbox-visibility.diff #PATCH-FIX-OPENSUSE implement messagebox (VBoxPermissionMessage app), which is displayed, when user #try to start VirtualBox and is not memeber of vboxusers group Patch99: vbox-permissions_warning.diff @@ -123,6 +131,8 @@ Patch101: vbox-default-os-type.diff Patch102: kernel-3.3.patch #disable update in vbox gui Patch103: vbox-disable-updates.diff +#use pie/fPIE for setuid binaries (bnc#743143) +Patch104: vbox-fpie.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: pwdutils permissions Requires: %{name}-host-kmp = %version @@ -156,6 +166,15 @@ PreReq: permissions %description qt Qt GUI part for %{name}. ######################################### +%package websrv +Summary: WebService GUI part for %{name} +Group: System/Emulators/PC +Requires: %{name} = %{version} +Provides: %{name}-gui = %{version} + +%description websrv +websrv GUI part for %{name}. +######################################### %package host-KMP Summary: Host kernel module for VirtualBox Group: System/Emulators/PC @@ -227,15 +246,18 @@ Development file for %{name} %setup -q -n VirtualBox-%{version}_OSE %patch1 %patch2 +%patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch8 -p1 +%patch9 -p1 %patch99 -p1 %patch100 %patch101 %patch102 -p1 %patch103 +%patch104 -p1 #copy user manual %__cp %{S:1} ./UserManual.pdf @@ -249,7 +271,8 @@ rm -rf src/libs/{libpng-*,libxml2-*,libxslt-*,zlib-*,boost-*} --disable-kmods \ --disable-java \ --disable-docs \ - --nofatal + --nofatal \ + --enable-webservice # configure actually warns we should source env.sh (which seems like it could influence the build...) source env.sh @@ -258,7 +281,7 @@ source env.sh # VBOX_PATH_PACKAGE_DOCS set propper path for link to pdf in .desktop file # VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST= just disable some functionality in gui echo "build basic parts" -/usr/bin/kmk %{?_smp_mflags} VBOX_GCC_WERR= KBUILD_VERBOSE=2 VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST= TOOL_YASM_AS=yasm VBOX_PATH_PACKAGE_DOCS=/usr/share/doc/packages/virtualbox all +/usr/bin/kmk %{?_smp_mfalgs} VBOX_JAVA_HOME=/usr/%{_lib}/jvm/java-1.6.0-openjdk-1.6.0/ VBOX_GCC_WERR= KBUILD_VERBOSE=2 VBOX_WITH_REGISTRATION_REQUEST= VBOX_WITH_UPDATE_REQUEST= TOOL_YASM_AS=yasm VBOX_PATH_PACKAGE_DOCS=/usr/share/doc/packages/virtualbox all # # build kernel modules for guest and host (check novel-kmp package as example) # host modules : vboxdrv,vboxnetflt,vboxnetadp @@ -419,65 +442,67 @@ echo "entering virtualbox(-qt) install section" pushd out/linux.*/release/bin %__install -m 755 VBoxManage %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxHeadless %{buildroot}%{_vbox_instdir} -%__install -m 755 VBoxSDL %{buildroot}%{_vbox_instdir} +%__install -m 755 VBoxSDL %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxTunctl %{buildroot}%{_vbox_instdir} # create links to vbox tools in PATH - they could be usefull for controlling vbox from command line %__ln_s %{_vbox_instdir}/VBoxManage %{buildroot}%{_bindir}/VBoxManage %__ln_s %{_vbox_instdir}/VBoxHeadless \ - %{buildroot}%{_bindir}/VBoxHeadless + %{buildroot}%{_bindir}/VBoxHeadless %__ln_s %{_vbox_instdir}/VBoxSDL %{buildroot}%{_bindir}/VBoxSDL %__ln_s %{_vbox_instdir}/VBoxTunctl %{buildroot}%{_bindir}/VBoxTunctl -%__install -m 755 VBoxSVC %{buildroot}%{_vbox_instdir} +%__install -m 755 VBoxSVC %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxXPCOMIPCD %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxExtPackHelperApp %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxTestOGL %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxPermissionMessage \ - %{buildroot}%{_vbox_instdir} + %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxNetDHCP %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxNetAdpCtl %{buildroot}%{_vbox_instdir} -%__install -m 755 VBoxBFE %{buildroot}%{_vbox_instdir} +%__install -m 755 VBoxBFE %{buildroot}%{_vbox_instdir} %__install -m 755 VirtualBox %{buildroot}%{_vbox_instdir} %__install -m 755 VBoxEFI*.fd %{buildroot}%{_vbox_instdir} -%__install -m 755 VBoxSysInfo.sh %{buildroot}%{_vbox_instdir} -%__install -m 755 *.so %{buildroot}%{_vbox_instdir} -%__install -m 644 V*.gc %{buildroot}%{_vbox_instdir} -%__install -m 644 *.r0 %{buildroot}%{_vbox_instdir} +%__install -m 755 VBoxSysInfo.sh %{buildroot}%{_vbox_instdir} +%__install -m 755 *.so %{buildroot}%{_vbox_instdir} +%__install -m 644 V*.gc %{buildroot}%{_vbox_instdir} +%__install -m 644 *.r0 %{buildroot}%{_vbox_instdir} %__install -m 644 components/* %{buildroot}%{_vbox_instdir}/components/ # install languages -%__install -m 644 nls/* %{buildroot}%{_datadir}/virtualbox/nls/ +%__install -m 644 nls/* %{buildroot}%{_datadir}/virtualbox/nls/ popd -# the build process tells us the desktop file is missing a semicolon...(repackage?) -#%__sed 's/^MimeType.*[^;]$/&;/' out/linux.*/release/bin/virtualbox.desktop > %{_tmppath}/virtualbox.desktop -#%__sed 's/Icon=VBox/Icon=VBox.png/' out/linux.*/release/bin/virtualbox.desktop > %{_tmppath}/virtualbox.desktop # install desktop file -#%__install -m 644 %{_tmppath}/virtualbox.desktop %{buildroot}%{_datadir}/applications/%{name}.desktop %__install -m 644 out/linux.*/release/bin/virtualbox.desktop %{buildroot}%{_datadir}/applications/%{name}.desktop %suse_update_desktop_file %{buildroot}%{_datadir}/applications/%{name}.desktop 'System Emulator' # create a menu entry %__install -m 644 out/linux.*/release/bin/VBox.png \ - %{buildroot}%{_datadir}/pixmaps/virtualbox.png + %{buildroot}%{_datadir}/pixmaps/virtualbox.png # install udev rule for host (virtualbox) %__install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/udev/rules.d/60-vboxdrv.rules # install config with session shutdown defs %__install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/default/virtualbox #install wrapper script -%__install -m 644 %{S:9} %{buildroot}%{_bindir}/VirtualBox +%__install -m 644 %{S:9} %{buildroot}%{_bindir}/VirtualBox # modify and install the vboxdrv init script # TODO: some of this stuff breaks the fillup macros below? %__sed -i "s|%NOLSB%|yes|g;s|%DEBIAN%||g;s|%PACKAGE%|virtualbox|g" src/VBox/Installer/linux/vboxdrv.sh.in %__install -m 744 src/VBox/Installer/linux/vboxdrv.sh.in \ - %{buildroot}%{_sysconfdir}/init.d/vboxdrv + %{buildroot}%{_sysconfdir}/init.d/vboxdrv %__ln_s %{_sysconfdir}/init.d/vboxdrv \ - %{buildroot}%{_sbindir}/rcvboxdrv + %{buildroot}%{_sbindir}/rcvboxdrv # Init script to start virtual boxes during boot -%__install -m 755 %{S:12} %{buildroot}%{_sysconfdir}/init.d/vboxes +%__install -m 755 %{S:12} %{buildroot}%{_sysconfdir}/init.d/vboxes %__ln_s %{_sysconfdir}/init.d/vboxes \ - %{buildroot}%{_sbindir}/rcvboxes -%__install -d -m 755 %{buildroot}%{_var}/adm/fillup-templates -install -m 700 %{S:13} %{buildroot}%{_var}/adm/fillup-templates/sysconfig.vbox + %{buildroot}%{_sbindir}/rcvboxes +# sysconfig file intended for vboxes script +%__install -d -m 755 %{buildroot}%{_var}/adm/fillup-templates +install -m 700 %{S:13} %{buildroot}%{_var}/adm/fillup-templates/sysconfig.vbox + +# config file for vboxdrv script and vboxweb +%__install -d -m 755 %{buildroot}%{_sysconfdir}/vbox +echo -e "#settings for vboxwebsrn\nVBOXWEB_USER=root" > \ + %{buildroot}%{_sysconfdir}/vbox/vbox.cfg ###################################################### echo "entrering python-virtualbox install section" @@ -503,6 +528,21 @@ popd %__cp out/linux.*/release/bin/sdk/bindings/VirtualBox.xidl %{buildroot}%{_vbox_instdir}/sdk/bindings +###################################################### +echo "entering virtualbox-websrv install section" +###################################################### +pushd out/linux.*/release/bin +%__install -m 755 vboxwebsrv %{buildroot}%{_vbox_instdir} +%__install -m 755 webtest %{buildroot}%{_vbox_instdir} +popd + +%__sed -i "s|%NOLSB%|yes|g;s|%DEBIAN%||g;s|%PACKAGE%|virtualbox|g" \ + src/VBox/Installer/linux/vboxweb-service.sh.in +%__install -m 744 src/VBox/Installer/linux/vboxweb-service.sh.in \ + %{buildroot}%{_sysconfdir}/init.d/vboxweb-service +%__ln_s %{_sysconfdir}/init.d/vboxweb-service \ + %{buildroot}%{_sbindir}/rcvboxweb-service +# ###################################################### # run fdupes ###################################################### @@ -511,14 +551,26 @@ popd #also some translation files are duplicated %fdupes %{buildroot}/%{_datadir}/virtualbox/nls +# +# +###################################################### +# scriptlets - pre +###################################################### + %pre echo "creating group vboxusers..." groupadd -r vboxusers 2>/dev/null || : +####################################################### +# scriptlets - post +####################################################### + %post /sbin/ldconfig +#skip the fill up part and enable vboxdrv by default %fillup_and_insserv -f -y vboxdrv -%fillup_only -an vboxes +#setup our sysconfig file /etc/sysconfig/vbox +%fillup_only -an vbox %if %suse_version >= 1140 %set_permissions %{_vbox_instdir}/VBoxNetDHCP %set_permissions %{_vbox_instdir}/VBoxNetAdpCtl @@ -551,6 +603,12 @@ groupadd -r vboxusers 2>/dev/null || : %post guest-tools %fillup_and_insserv -f -y vboxadd +%post websrv +%fillup_and_insserv -f -y vboxweb-service +####################################################### +# scriptlets preun +####################################################### + %preun %stop_on_removal vboxdrv exit 0 @@ -559,6 +617,14 @@ exit 0 %stop_on_removal vboxadd exit 0 +%preun websrv +%stop_on_removal vboxweb-service +exit 0 + +####################################################### +# scriptlets postun +####################################################### + %postun /sbin/ldconfig %restart_on_update vboxdrv @@ -568,6 +634,12 @@ exit 0 %restart_on_update vboxadd %insserv_cleanup +%postun websrv +%restart_on_update vboxweb-service +%insserv_cleanup +# +####################################################### + %clean [ -d "%{buildroot}" -a "%{buildroot}" != "" ] && %__rm -rf "%{buildroot}" @@ -610,7 +682,6 @@ exit 0 %{_vbox_instdir}/VBoxSVC %{_vbox_instdir}/VBoxTunctl %{_vbox_instdir}/VBoxXPCOMIPCD -#added for 4.0.0 %{_vbox_instdir}/VBoxExtPackHelperApp %{_vbox_instdir}/DBGCPlugInDiggers.so %{_vbox_instdir}/VBoxAuth.so @@ -624,6 +695,8 @@ exit 0 %config %{_sysconfdir}/default/virtualbox %config(noreplace) %{_sysconfdir}/udev/rules.d/60-vboxdrv.rules %config %{_sysconfdir}/init.d/vboxdrv +%dir %{_sysconfdir}/vbox +%config %{_sysconfdir}/vbox/vbox.cfg %{_sysconfdir}/init.d/vboxes %{_var}/adm/fillup-templates/sysconfig.vbox %{_sbindir}/rcvboxes @@ -707,4 +780,11 @@ exit 0 %{_vbox_instdir}/sdk/bindings/auth #%{_vbox_instdir}/sdk/bindings/glue/java +%files websrv +%defattr(-,root, root) +%{_vbox_instdir}/vboxwebsrv +%{_vbox_instdir}/webtest +%{_sysconfdir}/init.d/vboxweb-service +%{_sbindir}/rcvboxweb-service + %changelog