forked from pool/nqptp
Accepting request 1198918 from network:time
OBS-URL: https://build.opensuse.org/request/show/1198918 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nqptp?expand=0&rev=2
This commit is contained in:
commit
0593cbc476
23
backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
Normal file
23
backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
From 050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hs_Yeah <bYeahq@gmail.com>
|
||||||
|
Date: Tue, 19 Sep 2023 03:12:47 +0800
|
||||||
|
Subject: [PATCH] Added AmbientCapabilities to nqptp.service.in
|
||||||
|
|
||||||
|
Added AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
so that the systemd service can be used without the capability set on the built nqptp binary.
|
||||||
|
---
|
||||||
|
nqptp.service.in | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/nqptp.service.in b/nqptp.service.in
|
||||||
|
index 6f1eb0c..53e6a2e 100644
|
||||||
|
--- a/nqptp.service.in
|
||||||
|
+++ b/nqptp.service.in
|
||||||
|
@@ -8,6 +8,7 @@ Before=shairport-sync.service
|
||||||
|
ExecStart=@prefix@/bin/nqptp
|
||||||
|
User=nqptp
|
||||||
|
Group=nqptp
|
||||||
|
+AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
68
backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
Normal file
68
backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
From b5321a88d21b854aaa461dc0f6c226d650309b91 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mike Brady <4265913+mikebrady@users.noreply.github.com>
|
||||||
|
Date: Tue, 19 Sep 2023 11:08:27 +0100
|
||||||
|
Subject: [PATCH] Improve some of the error messages. Remove the setcap command
|
||||||
|
from Makefile.am, since we are now using an AmbientCapabilities setting in
|
||||||
|
the systemd service file.
|
||||||
|
|
||||||
|
---
|
||||||
|
Makefile.am | 5 +++--
|
||||||
|
configure.ac | 2 +-
|
||||||
|
nqptp-utilities.c | 14 +++++---------
|
||||||
|
nqptp.c | 2 +-
|
||||||
|
4 files changed, 10 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 78f36d7..d2b3992 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -19,8 +19,9 @@ endif
|
||||||
|
|
||||||
|
install-exec-hook:
|
||||||
|
if BUILD_FOR_LINUX
|
||||||
|
-# NQPTP runs as user/group nqptp/nqptp on Linux and uses setcap to access ports 319 and 320
|
||||||
|
- setcap 'cap_net_bind_service=+ep' $(bindir)/nqptp
|
||||||
|
+# Note: NQPTP runs as user/group nqptp/nqptp on Linux.
|
||||||
|
+# Access is given via AmbientCapabilities in the service file.
|
||||||
|
+# If you want to run it from the command line, e.g. for debugging, run it as root user.
|
||||||
|
# no installer for System V
|
||||||
|
if INSTALL_SYSTEMD_STARTUP
|
||||||
|
getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
|
||||||
|
diff --git a/nqptp-utilities.c b/nqptp-utilities.c
|
||||||
|
index 9d6a95d..9964b22 100644
|
||||||
|
--- a/nqptp-utilities.c
|
||||||
|
+++ b/nqptp-utilities.c
|
||||||
|
@@ -105,15 +105,11 @@ void open_sockets_at_port(const char *node, uint16_t port,
|
||||||
|
}
|
||||||
|
freeaddrinfo(info);
|
||||||
|
if (sockets_opened == 0) {
|
||||||
|
- if (port < 1024)
|
||||||
|
- die("unable to listen on port %d. The error is: \"%s\". NQPTP must run as root to access "
|
||||||
|
- "this port. Or is another PTP daemon -- possibly another instance on NQPTP -- running "
|
||||||
|
- "already?",
|
||||||
|
- port, strerror(errno));
|
||||||
|
- else
|
||||||
|
- die("unable to listen on port %d. The error is: \"%s\". "
|
||||||
|
- "Is another instance on NQPTP running already?",
|
||||||
|
- port, strerror(errno));
|
||||||
|
+ if (errno == EACCES) {
|
||||||
|
+ die("nqptp does not have permission to access port %u. It must (a) [Linux only] have been given CAP_NET_BIND_SERVICE capabilities using e.g. setcap or systemd's AmbientCapabilities, or (b) run as root.", port);
|
||||||
|
+ } else {
|
||||||
|
+ die("nqptp is unable to listen on port %u. The error is: %d, \"%s\".", port, errno, strerror(errno));
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/nqptp.c b/nqptp.c
|
||||||
|
index e5f2988..a1a3c76 100644
|
||||||
|
--- a/nqptp.c
|
||||||
|
+++ b/nqptp.c
|
||||||
|
@@ -198,7 +198,7 @@ int main(int argc, char **argv) {
|
||||||
|
mode_t oldumask = umask(0);
|
||||||
|
shm_fd = shm_open(NQPTP_INTERFACE_NAME, O_RDWR | O_CREAT, 0644);
|
||||||
|
if (shm_fd == -1) {
|
||||||
|
- die("cannot open shared memory \"%s\".", NQPTP_INTERFACE_NAME);
|
||||||
|
+ die("nqptp cannot open the shared memory \"%s\" for writing. Is another copy of nqptp (e.g. an nqptp daemon) running already?", NQPTP_INTERFACE_NAME);
|
||||||
|
}
|
||||||
|
(void)umask(oldumask);
|
||||||
|
|
13
disable-user-group-generation.patch
Normal file
13
disable-user-group-generation.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Index: nqptp-1.2.4/Makefile.am
|
||||||
|
===================================================================
|
||||||
|
--- nqptp-1.2.4.orig/Makefile.am
|
||||||
|
+++ nqptp-1.2.4/Makefile.am
|
||||||
|
@@ -24,8 +24,6 @@ if BUILD_FOR_LINUX
|
||||||
|
# If you want to run it from the command line, e.g. for debugging, run it as root user.
|
||||||
|
# no installer for System V
|
||||||
|
if INSTALL_SYSTEMD_STARTUP
|
||||||
|
- getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
|
||||||
|
- getent passwd nqptp &> /dev/null || useradd -r -M -g nqptp -s /usr/sbin/nologin nqptp &>/dev/null
|
||||||
|
[ -e $(DESTDIR)$(libdir)/systemd/system ] || mkdir -p $(DESTDIR)$(libdir)/systemd/system
|
||||||
|
# don't replace a service file if it already exists...
|
||||||
|
[ -e $(DESTDIR)$(libdir)/systemd/system/nqptp.service ] || cp nqptp.service $(DESTDIR)$(libdir)/systemd/system
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:fab700572961ca81addb405e8bd4bd57c47259f91e7e8e0f5f82240c38c63ce5
|
|
||||||
size 36566
|
|
3
nqptp-1.2.4.tar.gz
Normal file
3
nqptp-1.2.4.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:1df1d5edd5b713010d6495b3abca4c1cf4ad8fa6029df0abeb9e4de8e0eb707a
|
||||||
|
size 36885
|
3
nqptp-user.conf
Normal file
3
nqptp-user.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Type Name ID GECOS [HOME]
|
||||||
|
g nqptp - -
|
||||||
|
u nqptp - "nqptp daemon" / /sbin/nologin
|
@ -1,3 +1,27 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Sep 3 09:06:57 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
|
||||||
|
|
||||||
|
- Backports from 1.2.5-dev
|
||||||
|
- Add backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
|
||||||
|
Remove setcap call.
|
||||||
|
- Add backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
|
||||||
|
Set capability in the systemd unit instead.
|
||||||
|
|
||||||
|
- Add disable-user-group-generation.patch
|
||||||
|
Disable user/group generation in the Makefile.
|
||||||
|
Let systemd-sysusers handle this instead.
|
||||||
|
|
||||||
|
- Update to 1.2.4
|
||||||
|
- Further changes are introduced to make the communication path between NQPTP
|
||||||
|
and Shairport Sync resistant to outside interference. These changes have
|
||||||
|
necessitated changing the SMI interface. The SMI interface is now at
|
||||||
|
version 10, and Shairport Sync must also be updated to be compatible with
|
||||||
|
it.
|
||||||
|
|
||||||
|
- Update to 1.2.3
|
||||||
|
- Fix CVE-2023-43771: nqptp: NULL pointer dereference caused by invalid
|
||||||
|
control port message (boo#1213060)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 26 09:48:09 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
|
Mon Jun 26 09:48:09 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
|
||||||
|
|
||||||
|
17
nqptp.spec
17
nqptp.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package nqptp
|
# spec file for package nqptp
|
||||||
#
|
#
|
||||||
# Copyright (c) 2023 SUSE LLC
|
# Copyright (c) 2024 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,16 +17,24 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: nqptp
|
Name: nqptp
|
||||||
Version: 1.2.1
|
Version: 1.2.4
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Not Quite PTP
|
Summary: Not Quite PTP
|
||||||
License: GPL-2.0-only
|
License: GPL-2.0-only
|
||||||
URL: https://github.com/mikebrady/nqptp
|
URL: https://github.com/mikebrady/nqptp
|
||||||
Source0: https://github.com/mikebrady/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
|
Source0: https://github.com/mikebrady/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
|
||||||
|
Source1: nqptp-user.conf
|
||||||
|
# Backported from 1.2.5-dev:
|
||||||
|
Patch0: backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
|
||||||
|
# Backported from 1.2.5-dev:
|
||||||
|
Patch1: backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
|
||||||
|
Patch2: disable-user-group-generation.patch
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
|
BuildRequires: sysuser-tools
|
||||||
%{?systemd_ordering}
|
%{?systemd_ordering}
|
||||||
|
%sysusers_requires
|
||||||
|
|
||||||
%description
|
%description
|
||||||
nqptp is a daemon that monitors timing data from any PTP clocks – up to 64 – it
|
nqptp is a daemon that monitors timing data from any PTP clocks – up to 64 – it
|
||||||
@ -37,18 +45,20 @@ It is a companion application to Shairport Sync and provides timing information
|
|||||||
for AirPlay 2 operation.
|
for AirPlay 2 operation.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup
|
%autosetup -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -i -f
|
autoreconf -i -f
|
||||||
%configure --with-systemd-startup
|
%configure --with-systemd-startup
|
||||||
%make_build
|
%make_build
|
||||||
|
%sysusers_generate_pre %{SOURCE1} nqptp nqptp-user.conf
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%make_install
|
%make_install
|
||||||
mkdir -p %{buildroot}%{_unitdir}
|
mkdir -p %{buildroot}%{_unitdir}
|
||||||
mv %{buildroot}%{_libdir}/systemd/system/%{name}.service \
|
mv %{buildroot}%{_libdir}/systemd/system/%{name}.service \
|
||||||
%{buildroot}%{_unitdir}/%{name}.service
|
%{buildroot}%{_unitdir}/%{name}.service
|
||||||
|
install -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/nqptp.conf
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
%service_add_pre %{name}.service
|
%service_add_pre %{name}.service
|
||||||
@ -67,5 +77,6 @@ mv %{buildroot}%{_libdir}/systemd/system/%{name}.service \
|
|||||||
%doc README.md RELEASE_NOTES.md
|
%doc README.md RELEASE_NOTES.md
|
||||||
%{_bindir}/%{name}
|
%{_bindir}/%{name}
|
||||||
%{_unitdir}/%{name}.service
|
%{_unitdir}/%{name}.service
|
||||||
|
%{_sysusersdir}/nqptp.conf
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
Loading…
Reference in New Issue
Block a user