forked from pool/nqptp
Accepting request 1198918 from network:time
OBS-URL: https://build.opensuse.org/request/show/1198918 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nqptp?expand=0&rev=2
This commit is contained in:
commit
0593cbc476
23
backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
Normal file
23
backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From 050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7 Mon Sep 17 00:00:00 2001
|
||||
From: Hs_Yeah <bYeahq@gmail.com>
|
||||
Date: Tue, 19 Sep 2023 03:12:47 +0800
|
||||
Subject: [PATCH] Added AmbientCapabilities to nqptp.service.in
|
||||
|
||||
Added AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
so that the systemd service can be used without the capability set on the built nqptp binary.
|
||||
---
|
||||
nqptp.service.in | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/nqptp.service.in b/nqptp.service.in
|
||||
index 6f1eb0c..53e6a2e 100644
|
||||
--- a/nqptp.service.in
|
||||
+++ b/nqptp.service.in
|
||||
@@ -8,6 +8,7 @@ Before=shairport-sync.service
|
||||
ExecStart=@prefix@/bin/nqptp
|
||||
User=nqptp
|
||||
Group=nqptp
|
||||
+AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
68
backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
Normal file
68
backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From b5321a88d21b854aaa461dc0f6c226d650309b91 Mon Sep 17 00:00:00 2001
|
||||
From: Mike Brady <4265913+mikebrady@users.noreply.github.com>
|
||||
Date: Tue, 19 Sep 2023 11:08:27 +0100
|
||||
Subject: [PATCH] Improve some of the error messages. Remove the setcap command
|
||||
from Makefile.am, since we are now using an AmbientCapabilities setting in
|
||||
the systemd service file.
|
||||
|
||||
---
|
||||
Makefile.am | 5 +++--
|
||||
configure.ac | 2 +-
|
||||
nqptp-utilities.c | 14 +++++---------
|
||||
nqptp.c | 2 +-
|
||||
4 files changed, 10 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 78f36d7..d2b3992 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -19,8 +19,9 @@ endif
|
||||
|
||||
install-exec-hook:
|
||||
if BUILD_FOR_LINUX
|
||||
-# NQPTP runs as user/group nqptp/nqptp on Linux and uses setcap to access ports 319 and 320
|
||||
- setcap 'cap_net_bind_service=+ep' $(bindir)/nqptp
|
||||
+# Note: NQPTP runs as user/group nqptp/nqptp on Linux.
|
||||
+# Access is given via AmbientCapabilities in the service file.
|
||||
+# If you want to run it from the command line, e.g. for debugging, run it as root user.
|
||||
# no installer for System V
|
||||
if INSTALL_SYSTEMD_STARTUP
|
||||
getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
|
||||
diff --git a/nqptp-utilities.c b/nqptp-utilities.c
|
||||
index 9d6a95d..9964b22 100644
|
||||
--- a/nqptp-utilities.c
|
||||
+++ b/nqptp-utilities.c
|
||||
@@ -105,15 +105,11 @@ void open_sockets_at_port(const char *node, uint16_t port,
|
||||
}
|
||||
freeaddrinfo(info);
|
||||
if (sockets_opened == 0) {
|
||||
- if (port < 1024)
|
||||
- die("unable to listen on port %d. The error is: \"%s\". NQPTP must run as root to access "
|
||||
- "this port. Or is another PTP daemon -- possibly another instance on NQPTP -- running "
|
||||
- "already?",
|
||||
- port, strerror(errno));
|
||||
- else
|
||||
- die("unable to listen on port %d. The error is: \"%s\". "
|
||||
- "Is another instance on NQPTP running already?",
|
||||
- port, strerror(errno));
|
||||
+ if (errno == EACCES) {
|
||||
+ die("nqptp does not have permission to access port %u. It must (a) [Linux only] have been given CAP_NET_BIND_SERVICE capabilities using e.g. setcap or systemd's AmbientCapabilities, or (b) run as root.", port);
|
||||
+ } else {
|
||||
+ die("nqptp is unable to listen on port %u. The error is: %d, \"%s\".", port, errno, strerror(errno));
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/nqptp.c b/nqptp.c
|
||||
index e5f2988..a1a3c76 100644
|
||||
--- a/nqptp.c
|
||||
+++ b/nqptp.c
|
||||
@@ -198,7 +198,7 @@ int main(int argc, char **argv) {
|
||||
mode_t oldumask = umask(0);
|
||||
shm_fd = shm_open(NQPTP_INTERFACE_NAME, O_RDWR | O_CREAT, 0644);
|
||||
if (shm_fd == -1) {
|
||||
- die("cannot open shared memory \"%s\".", NQPTP_INTERFACE_NAME);
|
||||
+ die("nqptp cannot open the shared memory \"%s\" for writing. Is another copy of nqptp (e.g. an nqptp daemon) running already?", NQPTP_INTERFACE_NAME);
|
||||
}
|
||||
(void)umask(oldumask);
|
||||
|
13
disable-user-group-generation.patch
Normal file
13
disable-user-group-generation.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: nqptp-1.2.4/Makefile.am
|
||||
===================================================================
|
||||
--- nqptp-1.2.4.orig/Makefile.am
|
||||
+++ nqptp-1.2.4/Makefile.am
|
||||
@@ -24,8 +24,6 @@ if BUILD_FOR_LINUX
|
||||
# If you want to run it from the command line, e.g. for debugging, run it as root user.
|
||||
# no installer for System V
|
||||
if INSTALL_SYSTEMD_STARTUP
|
||||
- getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
|
||||
- getent passwd nqptp &> /dev/null || useradd -r -M -g nqptp -s /usr/sbin/nologin nqptp &>/dev/null
|
||||
[ -e $(DESTDIR)$(libdir)/systemd/system ] || mkdir -p $(DESTDIR)$(libdir)/systemd/system
|
||||
# don't replace a service file if it already exists...
|
||||
[ -e $(DESTDIR)$(libdir)/systemd/system/nqptp.service ] || cp nqptp.service $(DESTDIR)$(libdir)/systemd/system
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:fab700572961ca81addb405e8bd4bd57c47259f91e7e8e0f5f82240c38c63ce5
|
||||
size 36566
|
3
nqptp-1.2.4.tar.gz
Normal file
3
nqptp-1.2.4.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1df1d5edd5b713010d6495b3abca4c1cf4ad8fa6029df0abeb9e4de8e0eb707a
|
||||
size 36885
|
3
nqptp-user.conf
Normal file
3
nqptp-user.conf
Normal file
@ -0,0 +1,3 @@
|
||||
# Type Name ID GECOS [HOME]
|
||||
g nqptp - -
|
||||
u nqptp - "nqptp daemon" / /sbin/nologin
|
@ -1,3 +1,27 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 3 09:06:57 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
|
||||
|
||||
- Backports from 1.2.5-dev
|
||||
- Add backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
|
||||
Remove setcap call.
|
||||
- Add backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
|
||||
Set capability in the systemd unit instead.
|
||||
|
||||
- Add disable-user-group-generation.patch
|
||||
Disable user/group generation in the Makefile.
|
||||
Let systemd-sysusers handle this instead.
|
||||
|
||||
- Update to 1.2.4
|
||||
- Further changes are introduced to make the communication path between NQPTP
|
||||
and Shairport Sync resistant to outside interference. These changes have
|
||||
necessitated changing the SMI interface. The SMI interface is now at
|
||||
version 10, and Shairport Sync must also be updated to be compatible with
|
||||
it.
|
||||
|
||||
- Update to 1.2.3
|
||||
- Fix CVE-2023-43771: nqptp: NULL pointer dereference caused by invalid
|
||||
control port message (boo#1213060)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 26 09:48:09 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
|
||||
|
||||
|
17
nqptp.spec
17
nqptp.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package nqptp
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,16 +17,24 @@
|
||||
|
||||
|
||||
Name: nqptp
|
||||
Version: 1.2.1
|
||||
Version: 1.2.4
|
||||
Release: 0
|
||||
Summary: Not Quite PTP
|
||||
License: GPL-2.0-only
|
||||
URL: https://github.com/mikebrady/nqptp
|
||||
Source0: https://github.com/mikebrady/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: nqptp-user.conf
|
||||
# Backported from 1.2.5-dev:
|
||||
Patch0: backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
|
||||
# Backported from 1.2.5-dev:
|
||||
Patch1: backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
|
||||
Patch2: disable-user-group-generation.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: sysuser-tools
|
||||
%{?systemd_ordering}
|
||||
%sysusers_requires
|
||||
|
||||
%description
|
||||
nqptp is a daemon that monitors timing data from any PTP clocks – up to 64 – it
|
||||
@ -37,18 +45,20 @@ It is a companion application to Shairport Sync and provides timing information
|
||||
for AirPlay 2 operation.
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
autoreconf -i -f
|
||||
%configure --with-systemd-startup
|
||||
%make_build
|
||||
%sysusers_generate_pre %{SOURCE1} nqptp nqptp-user.conf
|
||||
|
||||
%install
|
||||
%make_install
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
mv %{buildroot}%{_libdir}/systemd/system/%{name}.service \
|
||||
%{buildroot}%{_unitdir}/%{name}.service
|
||||
install -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/nqptp.conf
|
||||
|
||||
%pre
|
||||
%service_add_pre %{name}.service
|
||||
@ -67,5 +77,6 @@ mv %{buildroot}%{_libdir}/systemd/system/%{name}.service \
|
||||
%doc README.md RELEASE_NOTES.md
|
||||
%{_bindir}/%{name}
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_sysusersdir}/nqptp.conf
|
||||
|
||||
%changelog
|
||||
|
Loading…
Reference in New Issue
Block a user