SHA256
1
0
forked from pool/nqptp

Accepting request 1198918 from network:time

OBS-URL: https://build.opensuse.org/request/show/1198918
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nqptp?expand=0&rev=2
This commit is contained in:
Ana Guerrero 2024-09-05 13:47:36 +00:00 committed by Git OBS Bridge
commit 0593cbc476
8 changed files with 148 additions and 6 deletions

View File

@ -0,0 +1,23 @@
From 050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7 Mon Sep 17 00:00:00 2001
From: Hs_Yeah <bYeahq@gmail.com>
Date: Tue, 19 Sep 2023 03:12:47 +0800
Subject: [PATCH] Added AmbientCapabilities to nqptp.service.in
Added AmbientCapabilities=CAP_NET_BIND_SERVICE
so that the systemd service can be used without the capability set on the built nqptp binary.
---
nqptp.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/nqptp.service.in b/nqptp.service.in
index 6f1eb0c..53e6a2e 100644
--- a/nqptp.service.in
+++ b/nqptp.service.in
@@ -8,6 +8,7 @@ Before=shairport-sync.service
ExecStart=@prefix@/bin/nqptp
User=nqptp
Group=nqptp
+AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,68 @@
From b5321a88d21b854aaa461dc0f6c226d650309b91 Mon Sep 17 00:00:00 2001
From: Mike Brady <4265913+mikebrady@users.noreply.github.com>
Date: Tue, 19 Sep 2023 11:08:27 +0100
Subject: [PATCH] Improve some of the error messages. Remove the setcap command
from Makefile.am, since we are now using an AmbientCapabilities setting in
the systemd service file.
---
Makefile.am | 5 +++--
configure.ac | 2 +-
nqptp-utilities.c | 14 +++++---------
nqptp.c | 2 +-
4 files changed, 10 insertions(+), 13 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 78f36d7..d2b3992 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,8 +19,9 @@ endif
install-exec-hook:
if BUILD_FOR_LINUX
-# NQPTP runs as user/group nqptp/nqptp on Linux and uses setcap to access ports 319 and 320
- setcap 'cap_net_bind_service=+ep' $(bindir)/nqptp
+# Note: NQPTP runs as user/group nqptp/nqptp on Linux.
+# Access is given via AmbientCapabilities in the service file.
+# If you want to run it from the command line, e.g. for debugging, run it as root user.
# no installer for System V
if INSTALL_SYSTEMD_STARTUP
getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
diff --git a/nqptp-utilities.c b/nqptp-utilities.c
index 9d6a95d..9964b22 100644
--- a/nqptp-utilities.c
+++ b/nqptp-utilities.c
@@ -105,15 +105,11 @@ void open_sockets_at_port(const char *node, uint16_t port,
}
freeaddrinfo(info);
if (sockets_opened == 0) {
- if (port < 1024)
- die("unable to listen on port %d. The error is: \"%s\". NQPTP must run as root to access "
- "this port. Or is another PTP daemon -- possibly another instance on NQPTP -- running "
- "already?",
- port, strerror(errno));
- else
- die("unable to listen on port %d. The error is: \"%s\". "
- "Is another instance on NQPTP running already?",
- port, strerror(errno));
+ if (errno == EACCES) {
+ die("nqptp does not have permission to access port %u. It must (a) [Linux only] have been given CAP_NET_BIND_SERVICE capabilities using e.g. setcap or systemd's AmbientCapabilities, or (b) run as root.", port);
+ } else {
+ die("nqptp is unable to listen on port %u. The error is: %d, \"%s\".", port, errno, strerror(errno));
+ }
}
}
diff --git a/nqptp.c b/nqptp.c
index e5f2988..a1a3c76 100644
--- a/nqptp.c
+++ b/nqptp.c
@@ -198,7 +198,7 @@ int main(int argc, char **argv) {
mode_t oldumask = umask(0);
shm_fd = shm_open(NQPTP_INTERFACE_NAME, O_RDWR | O_CREAT, 0644);
if (shm_fd == -1) {
- die("cannot open shared memory \"%s\".", NQPTP_INTERFACE_NAME);
+ die("nqptp cannot open the shared memory \"%s\" for writing. Is another copy of nqptp (e.g. an nqptp daemon) running already?", NQPTP_INTERFACE_NAME);
}
(void)umask(oldumask);

View File

@ -0,0 +1,13 @@
Index: nqptp-1.2.4/Makefile.am
===================================================================
--- nqptp-1.2.4.orig/Makefile.am
+++ nqptp-1.2.4/Makefile.am
@@ -24,8 +24,6 @@ if BUILD_FOR_LINUX
# If you want to run it from the command line, e.g. for debugging, run it as root user.
# no installer for System V
if INSTALL_SYSTEMD_STARTUP
- getent group nqptp &>/dev/null || groupadd -r nqptp &>/dev/null
- getent passwd nqptp &> /dev/null || useradd -r -M -g nqptp -s /usr/sbin/nologin nqptp &>/dev/null
[ -e $(DESTDIR)$(libdir)/systemd/system ] || mkdir -p $(DESTDIR)$(libdir)/systemd/system
# don't replace a service file if it already exists...
[ -e $(DESTDIR)$(libdir)/systemd/system/nqptp.service ] || cp nqptp.service $(DESTDIR)$(libdir)/systemd/system

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fab700572961ca81addb405e8bd4bd57c47259f91e7e8e0f5f82240c38c63ce5
size 36566

3
nqptp-1.2.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1df1d5edd5b713010d6495b3abca4c1cf4ad8fa6029df0abeb9e4de8e0eb707a
size 36885

3
nqptp-user.conf Normal file
View File

@ -0,0 +1,3 @@
# Type Name ID GECOS [HOME]
g nqptp - -
u nqptp - "nqptp daemon" / /sbin/nologin

View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Tue Sep 3 09:06:57 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- Backports from 1.2.5-dev
- Add backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
Remove setcap call.
- Add backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
Set capability in the systemd unit instead.
- Add disable-user-group-generation.patch
Disable user/group generation in the Makefile.
Let systemd-sysusers handle this instead.
- Update to 1.2.4
- Further changes are introduced to make the communication path between NQPTP
and Shairport Sync resistant to outside interference. These changes have
necessitated changing the SMI interface. The SMI interface is now at
version 10, and Shairport Sync must also be updated to be compatible with
it.
- Update to 1.2.3
- Fix CVE-2023-43771: nqptp: NULL pointer dereference caused by invalid
control port message (boo#1213060)
-------------------------------------------------------------------
Mon Jun 26 09:48:09 UTC 2023 - Martin Pluskal <mpluskal@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package nqptp
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,16 +17,24 @@
Name: nqptp
Version: 1.2.1
Version: 1.2.4
Release: 0
Summary: Not Quite PTP
License: GPL-2.0-only
URL: https://github.com/mikebrady/nqptp
Source0: https://github.com/mikebrady/%{name}/archive/%{version}/%{name}-%{version}.tar.gz
Source1: nqptp-user.conf
# Backported from 1.2.5-dev:
Patch0: backport-050a8c2de9f3e1f4859abf9b36d2f18afd4c34d7.patch
# Backported from 1.2.5-dev:
Patch1: backport-b5321a88d21b854aaa461dc0f6c226d650309b91.patch
Patch2: disable-user-group-generation.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
%{?systemd_ordering}
%sysusers_requires
%description
nqptp is a daemon that monitors timing data from any PTP clocks up to 64 it
@ -37,18 +45,20 @@ It is a companion application to Shairport Sync and provides timing information
for AirPlay 2 operation.
%prep
%autosetup
%autosetup -p1
%build
autoreconf -i -f
%configure --with-systemd-startup
%make_build
%sysusers_generate_pre %{SOURCE1} nqptp nqptp-user.conf
%install
%make_install
mkdir -p %{buildroot}%{_unitdir}
mv %{buildroot}%{_libdir}/systemd/system/%{name}.service \
%{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/nqptp.conf
%pre
%service_add_pre %{name}.service
@ -67,5 +77,6 @@ mv %{buildroot}%{_libdir}/systemd/system/%{name}.service \
%doc README.md RELEASE_NOTES.md
%{_bindir}/%{name}
%{_unitdir}/%{name}.service
%{_sysusersdir}/nqptp.conf
%changelog