Accepting request 235383 from network

- Cleanup with spec-cleaner - Remove conditions about init files as we do not build for < 12.1 anyway. - Update the README.SUSE file to describe more the listen option. - Add socket service for vsftpd to avoid the need for xinetd here. - Add comment about listen variables for xinetd configuration. Fixes bnc#872221. - Add default configuration as arg to xinetd started vsftpd. - Updated patch: * vsftpd-2.0.4-xinetd.diff OBS-URL: https://build.opensuse.org/request/show/235383 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vsftpd?expand=0&rev=43
2014-05-27 10:03:19 +00:00 · 2014-05-27 10:03:19 +00:00 · fa0b1f8c7e
commit fa0b1f8c7e
parent 68185af8ed 210c375786
7 changed files with 101 additions and 198 deletions
--- a/README.SUSE
+++ b/README.SUSE
@ -4,4 +4,9 @@ compatibility, default /etc/vsftpd.conf in SUSE contains
 listen=NO
 listen_ipv6=YES

-so no changes for xinetd (/etc/xinetd.d/vsftp) are needed by default.
+if you plan to use xinetd (/etc/xinetd.d/vsftp) you don't need to change
+anything by default, but if you have ipv6 available you have to set
+listen_ipv6=NO too in order for xinetd to work.
+Alternatively you can also use systemd socket service that listens on
+port 21 and starts the server like xinetd would. This service does
+not require you to change ANY variable in the /etc/vsftpd.conf.
--- a/vsftpd-2.0.4-xinetd.diff
+++ b/vsftpd-2.0.4-xinetd.diff
@ -1,6 +1,7 @@
--- xinetd.d/vsftpd.orig
-+++ xinetd.d/vsftpd
-@@ -1,18 +1,23 @@
+diff -urN vsftpd-3.0.2.old/xinetd.d/vsftpd vsftpd-3.0.2/xinetd.d/vsftpd
+--- vsftpd-3.0.2.old/xinetd.d/vsftpd	2014-05-26 14:38:40.717042497 +0200
+++ vsftpd-3.0.2/xinetd.d/vsftpd	2014-05-26 14:41:23.753049249 +0200
+@@ -1,18 +1,26 @@
 -# default: on
 +# default: off
 # description:
@ -10,6 +11,9 @@
 +#
 +# NOTE: This file contains the configuration for xinetd to start vsftpd.
 +#       the configuration file for vsftp itself is in /etc/vsftpd.conf
+#
+# NOTE: Remember to set both listen and listen_ipv6 to NO in /etc/vsftpd.conf
+#       in order to have working xinetd connection.
 +#
 service ftp
 {
@ -24,7 +28,7 @@
 -        nice                    = 10
 -        disable                 = no
 +        server                  = /usr/sbin/vsftpd
-+#        server_args             =
+        server_args             = /etc/vsftpd.conf
 +#        log_on_success          += DURATION USERID
 +#        log_on_failure          += USERID
 +#        nice                    = 10
--- a/vsftpd.changes
+++ b/vsftpd.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Mon May 26 13:13:44 UTC 2014 - tchvatal@suse.com
+
+- Cleanup with spec-cleaner
+- Remove conditions about init files as we do not build for < 12.1
+  anyway.
+- Update the README.SUSE file to describe more the listen option.
+
+-------------------------------------------------------------------
+Mon May 26 12:52:56 UTC 2014 - tchvatal@suse.com
+
+- Add socket service for vsftpd to avoid the need for xinetd here.
+
+-------------------------------------------------------------------
+Mon May 26 12:42:21 UTC 2014 - tchvatal@suse.com
+
+- Add comment about listen variables for xinetd configuration.
+  Fixes bnc#872221.
+- Add default configuration as arg to xinetd started vsftpd.
+- Updated patch:
+  * vsftpd-2.0.4-xinetd.diff
+
 -------------------------------------------------------------------
 Thu Apr 10 12:56:03 UTC 2014 - tchvatal@suse.com

--- a/vsftpd.init
+++ b/vsftpd.init
@ -1,107 +0,0 @@
-#! /bin/sh
-# Copyright (c) 1995-2005 SUSE Linux GmbH, Nuernberg, Germany.
-# All rights reserved.
-#
-# Author: Mads Martin Joergensen
-#
-# /etc/init.d/vsftpd
-#   and its symbolic link
-# /usr/sbin/rcvsftpd
-#
-#    This program is free software; you can redistribute it and/or modify 
-#    it under the terms of the GNU General Public License as published by 
-#    the Free Software Foundation; either version 2 of the License, or 
-#    (at your option) any later version. 
-# 
-#    This program is distributed in the hope that it will be useful, 
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of 
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
-#    GNU General Public License for more details. 
-# 
-#    You should have received a copy of the GNU General Public License 
-#    along with this program; if not, write to the Free Software 
-#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-### BEGIN INIT INFO
-# Provides:          ftpd
-# Required-Start:    $local_fs $remote_fs $syslog network-remotefs
-# Required-Stop:     $local_fs $remote_fs $syslog network-remotefs
-# Default-Start:     3 5
-# Default-Stop:      0 1 2 6
-# Description:		 very secure ftp daemon
-# Short-Description: very secure ftp daemon
-### END INIT INFO
-# Note on runlevels:
-# 0 - halt/poweroff 			6 - reboot
-# 1 - single user			2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode)  5 - multiuser w/ network and X11 (xdm)
-# 
-# Note on script names:
-# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
-# A registry has been set up to manage the init script namespace.
-# http://www.lanana.org/
-# Please use the names already registered or register one or use a
-# vendor prefix.
-
-VSFTPD_BIN=/usr/sbin/vsftpd
-test -x $VSFTPD_BIN || { echo "$VSFTPD_BIN not installed"; 
-	if [ "$1" = "stop" ]; then exit 0;
-	else exit 5; fi; }
-
-. /etc/rc.status
-
-rc_reset
-
-case "$1" in
-    start)
-	echo -n "Starting vsftpd "
-	/sbin/startproc -l /var/log/rcvsftp.log $VSFTPD_BIN
-	rc_status -v
-	;;
-    stop)
-	echo -n "Shutting down vsftpd "
-	/sbin/killproc -TERM $VSFTPD_BIN
-	rc_status -v
-	;;
-    try-restart|condrestart)
-	## Do a restart only if the service was active before.
-	## Note: try-restart is now part of LSB (as of 1.9).
-	## RH has a similar command named condrestart.
-	if test "$1" = "condrestart"; then
-		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
-	fi
-	$0 status
-	if test $? = 0; then
-		$0 restart
-	else
-		rc_reset	# Not running is not a failure.
-	fi
-
-	rc_status
-	;;
-    restart)
-	$0 stop
-	$0 start
-	rc_status
-	;;
-    force-reload)
-	echo -n "Reload service vsftpd "
-	/sbin/killproc -HUP $VSFTPD_BIN
-	rc_status -v
-	;;
-    reload)
-	echo -n "Reload service vsftpd "
-	/sbin/killproc -HUP $VSFTPD_BIN
-	rc_status -v
-	;;
-    status)
-	echo -n "Checking for service vsftpd "
-	/sbin/checkproc $VSFTPD_BIN
-	rc_status -v
-	;;
-    *)
-	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
-	exit 1
-	;;
-esac
-rc_exit
--- a/vsftpd.socket
+++ b/vsftpd.socket
@ -0,0 +1,9 @@
+[Unit]
+Conflicts=vsftpd.service
+
+[Socket]
+ListenStream=21
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
--- a/vsftpd.spec
+++ b/vsftpd.spec
@ -16,19 +16,7 @@
 #


-%global with_sysvinit 0
-%if 0%{?suse_version} < 1310
-%global with_sysvinit 1
-%endif
-
 Name:           vsftpd
-BuildRequires:  gpg-offline
-BuildRequires:  libcap-devel
-BuildRequires:  openssl-devel
-BuildRequires:  pam-devel
-%if 0%{?suse_version} > 1140
-BuildRequires:  systemd
-%endif
 Version:        3.0.2
 Release:        0
 Summary:        Very Secure FTP Daemon - Written from Scratch
@ -36,14 +24,15 @@ License:        SUSE-GPL-2.0-with-openssl-exception
 Group:          Productivity/Networking/Ftp/Servers
 Url:            https://security.appspot.com/vsftpd.html
 Source0:        https://security.appspot.com/downloads/%{name}-%{version}.tar.gz
-Source1:        %name.pam
-Source2:        %name.logrotate
-Source3:        %name.init
+Source1:        %{name}.pam
+Source2:        %{name}.logrotate
 Source4:        README.SUSE
-Source5:        %name.xml
-Source6:        %name.firewall
+Source5:        %{name}.xml
+Source6:        %{name}.firewall
 Source7:        vsftpd.service
-Source9:        %name.keyring
+Source8:        vsftpd@.service
+Source9:        %{name}.keyring
+Source10:       vsftpd.socket
 Source1000:     https://security.appspot.com/downloads/%{name}-%{version}.tar.gz.asc
 Patch1:         vsftpd-2.0.4-lib64.diff
 Patch3:         vsftpd-2.0.4-xinetd.diff
@ -67,11 +56,16 @@ Patch15:        vsftpd-enable-dev-log-sendto.patch
 Patch16:        vsftpd-root-squashed-chroot.patch
 #PATCH-FIX-UPSTREAM: bnc#870122
 Patch17:        vsftpd-enable-gettimeofday-sec.patch
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Provides:       ftp-server
-Requires(pre):  %insserv_prereq /usr/sbin/useradd
-%{?systemd_requires}
+BuildRequires:  gpg-offline
+BuildRequires:  libcap-devel
+BuildRequires:  openssl-devel
+BuildRequires:  pam-devel
+BuildRequires:  systemd
 Requires:       logrotate
+Requires(pre):  %{_sbindir}/useradd
+Provides:       ftp-server
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+%{?systemd_requires}

 %description
 Vsftpd is an FTP server, or daemon. The "vs" stands for Very Secure.
@ -88,7 +82,7 @@ tests.
 %gpg_verify %{S:1000}
 %setup -q
 %patch1
-%patch3
+%patch3 -p1
 %patch4
 %patch5
 %patch6
@ -105,90 +99,58 @@ tests.
 %patch17 -p1

 %build
-%define seccomp_opts %{nil}
-%if 0%{?suse_version} > 1030
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
-%endif
 rm -f dummyinc/sys/capability.h
-make CFLAGS="$RPM_OPT_FLAGS -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \
+make CFLAGS="%{optflags} -DOPENSSL_NO_SSL_INTERN -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -fstack-protector --param=ssp-buffer-size=4 %{seccomp_opts}" \
     LDFLAGS="-fPIE -pie -Wl,-z,relro -Wl,-z,now" LINK=

 %install
-mkdir -p $RPM_BUILD_ROOT/usr/share/empty
-cp %SOURCE4 .
-install -D -m 755 %name  $RPM_BUILD_ROOT/usr/sbin/%name
-install -D -m 600 %name.conf $RPM_BUILD_ROOT/etc/%name.conf
-install -D -m 600 xinetd.d/%name $RPM_BUILD_ROOT/etc/xinetd.d/%name
-install -D -m 644 $RPM_SOURCE_DIR/%name.pam $RPM_BUILD_ROOT/etc/pam.d/%name
-install -D -m 644 $RPM_SOURCE_DIR/%name.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%name
-install -D -m 644 %name.conf.5 $RPM_BUILD_ROOT/%_mandir/man5/%name.conf.5
-install -D -m 644 %name.8 $RPM_BUILD_ROOT/%_mandir/man8/%name.8
-%if %{with_sysvinit}
-install -D -m 755 %SOURCE3 $RPM_BUILD_ROOT/etc/init.d/%name
-ln -sf ../../etc/init.d/%name $RPM_BUILD_ROOT/%_prefix/sbin/rc%name
-%else
-ln -sf service $RPM_BUILD_ROOT/%{_prefix}/sbin/rc%{name}
-%endif
-install -d $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
-install -D -m 644 %SOURCE5 $RPM_BUILD_ROOT/%_datadir/omc/svcinfo.d/
-install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
-install -m 644 %{S:6} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
-%if 0%{?suse_version} > 1140
-install -D -m 0644 %SOURCE7 %{buildroot}/%{_unitdir}/%{name}.service
-%endif
+mkdir -p %{buildroot}%{_datadir}/empty
+cp %{SOURCE4} .
+install -D -m 755 %{name}  %{buildroot}%{_sbindir}/%{name}
+install -D -m 600 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
+install -D -m 600 xinetd.d/%{name} %{buildroot}%{_sysconfdir}/xinetd.d/%{name}
+install -D -m 644 $RPM_SOURCE_DIR/%{name}.pam %{buildroot}%{_sysconfdir}/pam.d/%{name}
+install -D -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+install -D -m 644 %{name}.conf.5 %{buildroot}/%{_mandir}/man5/%{name}.conf.5
+install -D -m 644 %{name}.8 %{buildroot}/%{_mandir}/man8/%{name}.8
+ln -sf service %{buildroot}/%{_sbindir}/rc%{name}
+install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/%{name}.service
+install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/%{name}@.service
+install -D -m 0644 %{SOURCE10} %{buildroot}/%{_unitdir}/%{name}.socket
+install -d %{buildroot}/%{_datadir}/omc/svcinfo.d/
+install -D -m 644 %{SOURCE5} %{buildroot}/%{_datadir}/omc/svcinfo.d/
+install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
+install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}

 %pre
-/usr/sbin/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d /var/lib/empty ftpsecure 2> /dev/null || :
-%if 0%{?suse_version} > 1140
+%{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
 %service_add_pre %{name}.service
-%endif

 %preun
-if [ -e /etc/init.d/%{name} ]; then
-%stop_on_removal %name
-fi
-
-%if 0%{?suse_version} > 1140
 %service_del_preun %{name}.service
-%endif

 %post
-%if %{with_sysvinit}
-%{fillup_and_insserv -f %{name}}
-%endif
-
-%if 0%{?suse_version} > 1140
 %service_add_post %{name}.service
-%endif

 %postun
-%if %{with_sysvinit}
-%insserv_cleanup
-%restart_on_update %name
-%endif
-
-%if 0%{?suse_version} > 1140
 %service_del_postun %{name}.service
-%endif

 %files
 %defattr(-,root,root)
-%if 0%{?suse_version} > 1140
 %{_unitdir}/%{name}.service
-%endif
-/usr/sbin/%name
-/usr/sbin/rc%name
-%if %{with_sysvinit}
-%config /etc/init.d/%name
-%endif
-%_datadir/omc/svcinfo.d/vsftpd.xml
-%dir /usr/share/empty
-%config(noreplace) /etc/xinetd.d/%name
-%config(noreplace) /etc/%name.conf
-%config /etc/pam.d/%name
-%config(noreplace) /etc/logrotate.d/%name
-%_mandir/man5/%name.conf.*
-%_mandir/man8/%name.*
+%{_unitdir}/%{name}.socket
+%{_unitdir}/%{name}@.service
+%{_sbindir}/%{name}
+%{_sbindir}/rc%{name}
+%{_datadir}/omc/svcinfo.d/vsftpd.xml
+%dir %{_datadir}/empty
+%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}.conf
+%config %{_sysconfdir}/pam.d/%{name}
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%{_mandir}/man5/%{name}.conf.*
+%{_mandir}/man8/%{name}.*
 %doc BUGS AUDIT Changelog LICENSE README README.security
 %doc REWARD SPEED TODO SECURITY TUNING SIZE FAQ EXAMPLE COPYING
 %doc README.SUSE
--- a/vsftpd@.service
+++ b/vsftpd@.service
@ -0,0 +1,8 @@
+[Unit]
+Description=Very Secure FTP Daemon
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf -obackground=NO -olisten=NO -olisten_ipv6=NO
+StandardInput=socket
+SuccessExitStatus=2