rpms/cjdns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial import (#1268716)

Browse Source
This commit is contained in:
Stuart D. Gathman 2016-03-22 11:40:36 -04:00
parent 3c7c213fe1
commit 2f8dfd1c5e
13 changed files with 1279 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -0,0 +1 @@
/cjdns-v17.3.tar.gz

40
cjdns.README_Fedora.md Normal file
View File

@ -0,0 +1,40 @@
# cjdns
[Upstream](README.md)
#### *Networking Reinvented*
Cjdns implements an encrypted IPv6 network using public-key cryptography for
address allocation and a distributed hash table for routing. This provides
near-zero-configuration networking, and prevents many of the security and
scalability issues that plague existing networks.
## Startup
The key part of cjdns is the cjdroute background daemon. To start cjdroute:
systemctl start cjdns
This will generate `/etc/cjdroute.conf` pre-populated with random keys and
passwords. At first startup, cjdroute looks for neighboring cjdns peers
on all active network interfaces using a layer 2 (e.g. ethernet) protocol.
This is exactly what you want if you are on a wifi mesh. If you only have a
conventional "clearnet" ISP, see the [upstream](README.md) README for
instructions on adding peers using the UDP protocol. (Search for "Find a
friend".)
After adding peers to `/etc/cjdroute.conf`, restart cjdroute with:
systemctl restart cjdns
To have cjdroute start whenever you boot, use
systemctl enable cjdns
If you are on a laptop and suspend or hibernate it, cjdroute will take a few
minutes to make coffee and figure out what just happened when it wakes up. You
can speed this up dramatically with:
systemctl enable cjdns-resume
The resume service restarts cjdns when the system wakes up from sleep.

27
cjdns.cap3.patch Normal file
View File

@ -0,0 +1,27 @@
diff -up ./util/Setuid_linux.c.cap3 ./util/Setuid_linux.c
--- ./util/Setuid_linux.c.cap3 2016-01-31 22:04:56.591743457 -0500
+++ ./util/Setuid_linux.c 2016-01-31 22:05:42.699060985 -0500
@@ -50,9 +50,9 @@ static inline int capGet(cap_user_header
void Setuid_preSetuid(struct Allocator* alloc, struct Except* eh)
{
cap_user_header_t hdr = Allocator_calloc(alloc, sizeof(*hdr), 1);
- cap_user_data_t data = Allocator_calloc(alloc, sizeof(*data), 1);
+ cap_user_data_t data = Allocator_calloc(alloc, sizeof(*data), 2);
- hdr->version = _LINUX_CAPABILITY_VERSION;
+ hdr->version = _LINUX_CAPABILITY_VERSION_3;
hdr->pid = 0;
if (capGet(hdr, data)) {
Except_throw(eh, "Error getting capabilities: [errno:%d (%s)]", errno, strerror(errno));
@@ -73,9 +73,9 @@ void Setuid_preSetuid(struct Allocator*
void Setuid_postSetuid(struct Allocator* alloc, struct Except* eh)
{
cap_user_header_t hdr = Allocator_calloc(alloc, sizeof(*hdr), 1);
- cap_user_data_t data = Allocator_calloc(alloc, sizeof(*data), 1);
+ cap_user_data_t data = Allocator_calloc(alloc, sizeof(*data), 2);
- hdr->version = _LINUX_CAPABILITY_VERSION;
+ hdr->version = _LINUX_CAPABILITY_VERSION_3;
hdr->pid = 0;
if (capGet(hdr, data)) {
Except_throw(eh, "Error getting capabilities (post-setuid): [errno:%d (%s)]",

57
cjdns.dyn.patch Normal file
View File

@ -0,0 +1,57 @@
diff -up ./node_build/make.js.dyn ./node_build/make.js
--- ./node_build/make.js.dyn 2015-11-02 17:59:41.000000000 -0500
+++ ./node_build/make.js 2015-11-04 19:57:49.961155943 -0500
@@ -238,41 +238,9 @@ Builder.configure({
}).nThen(function (waitFor) {
- builder.config.libs.push(dependencyDir + '/cnacl/jsbuild/libnacl.a');
- builder.config.includeDirs.push(dependencyDir + '/cnacl/jsbuild/include/');
-
- Fs.exists(dependencyDir + '/cnacl/jsbuild/libnacl.a', waitFor(function (exists) {
- if (exists) { return; }
-
- console.log("Build NaCl");
- var cwd = process.cwd();
- process.chdir(dependencyDir + '/cnacl/');
-
- var NaCl = require(process.cwd() + '/node_build/make.js');
- NaCl.build(function (args, callback) {
- if (builder.config.systemName !== 'win32') {
- args.unshift('-fPIC');
- }
-
- args.unshift(builder.config.optimizeLevel, '-fomit-frame-pointer');
-
- if (CFLAGS) {
- [].push.apply(args, CFLAGS.split(' '));
- }
-
- if (!builder.config.crossCompiling) {
- if (NO_MARCH_FLAG.indexOf(process.arch) < -1) {
- builder.config.cflags.push('-march=native');
- }
- }
-
- builder.cc(args, callback);
- },
- builder.config,
- waitFor(function () {
- process.chdir(cwd);
- }));
- }));
+ builder.config.libs.push('-lnacl');
+ builder.config.libs.push('-lstdc++');
+ builder.config.includeDirs.push('/usr/include/nacl/');
}).nThen(function (waitFor) {
@@ -411,7 +379,7 @@ Builder.configure({
builder.buildExecutable('crypto/random/randombytes.c');
builder.lintFiles(function (fileName, file, callback) {
- if (/dependencies/.test(fileName)) {
+ if (/(dependencies|\/usr\/include)/.test(fileName)) {
callback('', false);
return;
}

41
cjdns.el6.patch Normal file
View File

@ -0,0 +1,41 @@
diff -up ./contrib/selinux/cjdns.te.el6 ./contrib/selinux/cjdns.te
--- ./contrib/selinux/cjdns.te.el6 2016-02-25 20:26:20.635992411 -0500
+++ ./contrib/selinux/cjdns.te 2016-02-25 20:28:05.804135692 -0500
@@ -5,9 +5,7 @@ require {
type tun_tap_device_t;
type node_t;
type port_t;
- type unreserved_port_t;
type tmp_t;
- type passwd_file_t;
type net_conf_t;
}
@@ -20,15 +18,12 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
allow cjdns_t cjdns_exec_t:file { execute_no_trans execmod };
allow cjdns_t self:capability { net_admin net_raw setuid setgid sys_chroot };
allow cjdns_t self:process { signal getcap setrlimit setcap };
-# translate username to uid
-allow cjdns_t passwd_file_t:file { read getattr open };
# translate host names
allow cjdns_t net_conf_t:file { read getattr open };
# allow network access
allow cjdns_t node_t:udp_socket node_bind;
allow cjdns_t port_t:udp_socket name_bind;
-allow cjdns_t unreserved_port_t:udp_socket name_bind;
allow cjdns_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
allow cjdns_t self:packet_socket { bind create ioctl read write };
allow cjdns_t self:tun_socket create;
diff -up ./node_build/FindPython2.js.el6 ./node_build/FindPython2.js
--- ./node_build/FindPython2.js.el6 2016-01-27 03:07:49.000000000 -0500
+++ ./node_build/FindPython2.js 2016-02-25 20:26:20.636992421 -0500
@@ -21,7 +21,7 @@ var PYTHONS = ["python", "python2", "pyt
var SCRIPT = [
'import sys;',
'print(sys.version_info);',
- 'exit(sys.version_info[0] != 2 or sys.version_info[1] < 7);'
+ 'exit(sys.version_info[0] != 2 or sys.version_info[1] < 6);'
].join('\n');
var find = module.exports.find = function (tempFile, callback) {

21
cjdns.genconf.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up ./client/cjdroute2.c.genconf ./client/cjdroute2.c
--- ./client/cjdroute2.c.genconf 2016-01-19 15:19:10.084151612 -0500
+++ ./client/cjdroute2.c 2016-01-19 15:21:18.035546520 -0500
@@ -323,7 +323,7 @@ static int genconf(struct Random* rand,
" // and ETHInterface will be unable to hot-add new interfaces\n"
" // Use { \"setuser\": 0 } to disable.\n"
" // Default: enabled with keepNetAdmin\n"
- " { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n"
+ " { \"setuser\": \"cjdns\", \"keepNetAdmin\": 1 },\n"
"\n"
" // Chroot changes the filesystem root directory which cjdns sees, blocking it\n"
" // from accessing files outside of the chroot sandbox, if the user does not\n"
@@ -335,7 +335,7 @@ static int genconf(struct Random* rand,
}
else {
printf(" // Default: enabled (using \"/var/run\")\n"
- " { \"chroot\": \"/var/run/\" },\n");
+ " { \"chroot\": \"/var/empty/cjdns\" },\n");
}
printf("\n"
" // Nofiles is a deprecated security feature which prevents cjdns from opening\n"

253
cjdns.man.patch Normal file
View File

@ -0,0 +1,253 @@
diff -up ./contrib/doc/cjdns-online.md.man ./contrib/doc/cjdns-online.md
--- ./contrib/doc/cjdns-online.md.man 2016-03-08 18:57:49.297123587 -0500
+++ ./contrib/doc/cjdns-online.md 2016-03-08 18:56:28.344871576 -0500
@@ -0,0 +1,33 @@
+cjdns-online(1) -- check whether cjdns tunnel devices are available
+=============================================
+
+## SYNOPSIS
+
+`cjdns-online` [<options>...]
+
+## DESCRIPTION
+
+Cjdns-online waits for cjdns to make its tunnel device available so
+that services that listen on the cjdns IP can start. If you have
+configured services to listen on the cjdns IP, then you can use:
+
+ systemctl enable cjdns-wait-online
+
+to wait until this IP is available before starting network services.
+This will increase your boot time somewhat, but is needed to launch
+thttpd at boot, for example.
+
+##OPTIONS
+
+ * `-t`, `--timeout` <timeout_value>:
+ time to wait in seconds, default 30
+
+ * `-x`, `--exit`:
+ Exit immediately if cjdns is not online
+
+ * `-q`, `--quiet`:
+ Don't print anything
+
+ * `-s`, `--wait-for-startup`:
+ Wait for full startup instead of just tun dev. This is not implemented.
+
diff -up ./contrib/doc/cjdroute.md.man ./contrib/doc/cjdroute.md
--- ./contrib/doc/cjdroute.md.man 2016-03-08 18:47:02.960143140 -0500
+++ ./contrib/doc/cjdroute.md 2016-03-08 18:47:02.960143140 -0500
@@ -0,0 +1,76 @@
+cjdroute(1) -- Cjdns packet switch
+=============================================
+
+## SYNOPSIS
+
+`/usr/sbin/cjdroute` [<options>...]
+
+## DESCRIPTION
+
+Cjdns implements an encrypted IPv6 network using public-key cryptography for
+address allocation and a distributed hash table for routing. This provides
+near-zero-configuration networking, and prevents many of the security and
+scalability issues that plague existing networks.
+
+cjdroute runs in the background and either decrypts packets addressed to
+this node, or sends them on to the next node in the route.
+
+##OPTIONS
+
+ * `--help`:
+ Print usage summary.
+
+ * `--genconf` [--no-eth]:
+ Generate a configuration file, write it to stdout.
+ If --no-eth is specified then ethernet beaconing will be disabled.
+
+ * `--bench`:
+ Run some cryptography performance benchmarks.
+
+ * `--version`:
+ Print cjdroute version and the protocol version which this node speaks.
+
+ * `--cleanconf` < conf:
+ Print a clean (valid json) version of the config.
+
+ * `--nobg`
+ Never fork to the background no matter the config.
+
+##USAGE
+
+To get the router up and running:
+
+ * Step 1:
+ Generate a new configuration file if one doesn't already exist.
+
+ cjdroute --genconf > /etc/cjdroute.conf
+
+ You can also simply:
+
+ systemctl start cjdns
+
+ which will tell cjdroute to generate a new config if needed.
+
+ * Step 2:
+ Find somebody to connect to.
+ Check out the IRC channel or http://hyperboria.net/
+ for information about how to meet new people and make connect to them.
+ Read more here: https://github.com/cjdelisle/cjdns/#2-find-a-friend
+
+ By default, cjdroute will find any cjdns nodes on your local LAN
+ without any configuration.
+
+ * Step 3:
+ Add that somebody's node to your cjdroute.conf file.
+ https://github.com/cjdelisle/cjdns/#3-connect-your-node-to-your-friends-node
+
+ * Step 4:
+ Fire it up!
+
+ systemctl start cjdns
+
+ Or if you had already started cjdns:
+
+ systemctl restart cjdns
+
+For more information about other functions and non-standard setups, see README.md
diff -up ./contrib/doc/makekeys.md.man ./contrib/doc/makekeys.md
--- ./contrib/doc/makekeys.md.man 2016-03-08 18:47:02.960143140 -0500
+++ ./contrib/doc/makekeys.md 2016-03-08 18:47:02.960143140 -0500
@@ -0,0 +1,18 @@
+makekeys(1) -- write cjdns keys generated via libnacl to stdout
+=============================================
+
+## SYNOPSIS
+
+`makekeys`
+
+## DESCRIPTION
+
+Generates cjdns private keys and writes them to stdout forever with
+corresponding IP6 address and public key. Sample:
+
+ 9b5520e11b4e1aac4e54cf8382ca219b6942f75519dbe7cc71fc6c4bb636a2db fca1:43dc:9e20:68dc:df3f:6bf1:fbf9:37ab x70u0x6sfh0yuushlq7wvcdxj8rgb8lvss9t6f42zp60ftq71cm0.k
+ 579db68cfdeaeda1ff7f365c73e620bedb0f68cb443a0cd7ef6bae16d0e1e12e fc68:b272:3aa3:cb4a:a686:dab0:7df5:2fb5 fmurp2qrb0yqmcjmbjtuhuxuf6v3rgmdn9hgsfh47k20h68y2lz0.k
+
+## SEE ALSO
+
+publictoip6(1)
diff -up ./contrib/doc/privatetopublic.md.man ./contrib/doc/privatetopublic.md
--- ./contrib/doc/privatetopublic.md.man 2016-03-08 18:47:02.961143168 -0500
+++ ./contrib/doc/privatetopublic.md 2016-03-08 22:34:30.532757463 -0500
@@ -0,0 +1,25 @@
+privatetopublic(8) -- convert cjdns private keys to public keys and IP6
+=============================================
+
+## SYNOPSIS
+
+`/usr/libexec/cjdns/privatetopublic`
+
+## DESCRIPTION
+
+As private keys are very sensitive, /usr/libexec/cjdns/privatetopublic reads
+them from stdin. If your shell, terminal, or other program keeps history,
+please avoid `echo 'key' | /usr/libexec/cjdns/privatetopublic`, or similar
+constructs. A heredoc is suitable for use in scripts, and will avoid
+unwanted revealing of the key in process lists, like so:
+
+ /usr/libexec/cjdns/privatetopublic <<EOF
+ key
+ EOF
+
+Key should be in hex form, maximum 64 characters. Extra characters will be
+silently ignored.
+
+## SEE ALSO
+
+publictoip6(1)
diff -up ./contrib/doc/publictoip6.md.man ./contrib/doc/publictoip6.md
--- ./contrib/doc/publictoip6.md.man 2016-03-08 18:47:02.961143168 -0500
+++ ./contrib/doc/publictoip6.md 2016-03-08 18:47:02.961143168 -0500
@@ -0,0 +1,14 @@
+publictoip6(1) -- write random bytes generated via libnacl to stdout
+=============================================
+
+## SYNOPSIS
+
+`publictoip6` <public key>
+
+## DESCRIPTION
+Get a cjdns IPv6 address from a public key and write to stdout.
+The key should be in Base32 and end in '.k'.
+
+## SEE ALSO
+
+randombytes(1)
diff -up ./contrib/doc/randombytes.md.man ./contrib/doc/randombytes.md
--- ./contrib/doc/randombytes.md.man 2016-03-08 18:47:02.961143168 -0500
+++ ./contrib/doc/randombytes.md 2016-03-08 18:47:02.961143168 -0500
@@ -0,0 +1,16 @@
+randombytes(1) -- write random bytes generated via libnacl to stdout
+=============================================
+
+## SYNOPSIS
+
+`randombytes`
+
+## DESCRIPTION
+
+Writes random bytes to stdout forever using the cryptographically secure
+random generator in libnacl. In practice, the output is piped
+to a program like dd(1) or base64(1).
+
+## SEE ALSO
+
+makekeys(1)
diff -up ./contrib/doc/sybilsim.md.man ./contrib/doc/sybilsim.md
--- ./contrib/doc/sybilsim.md.man 2016-03-08 18:47:02.962143196 -0500
+++ ./contrib/doc/sybilsim.md 2016-03-08 18:47:02.962143196 -0500
@@ -0,0 +1,43 @@
+sybilsim(8) -- Cjdns packet switch
+=============================================
+
+## SYNOPSIS
+
+`/usr/libexec/cjdns/sybilsim < config.json`
+
+## DESCRIPTION
+
+Sybilsim reads a list of nodes and peers from stdin and simulates the
+corresponding mesh without any actual networking using the same code
+as cjdroute. This is useful for testing and optimizing cjdroute.
+Every node must have a valid cjdns private key. The makekeys(1) utility can be
+useful for scripts that generate the config.
+
+##USAGE
+
+Example config:
+
+ {
+ "nodes": {
+ "alice": {
+ "privateKey":
+ "5e2295679394e5e1db67c238abbc10292ad9b127904394c52cc5fff39383e920",
+ "peers": []
+ },
+ "bob": {
+ "privateKey":
+ "6569bf3f0d168faa6dfb2912f8ee5ee9b938319e97618fdf06caed73b1aad1cc",
+ "peers": [ "alice" ]
+ }
+ }
+ }
+
+Example use:
+
+ makekeys | head -20 >keys.txt
+ node /usr/libexec/cjdns/tools/lib/makesim.js keys.txt |
+ /usr/libexec/cjdns/sybilsim
+
+## SEE ALSO
+
+makekeys(1), cjdroute(1)

50
cjdns.nprocs.patch Normal file
View File

@ -0,0 +1,50 @@
diff -up ./util/Security.c.nprocs ./util/Security.c
--- ./util/Security.c.nprocs 2016-01-27 03:07:49.000000000 -0500
+++ ./util/Security.c 2016-02-22 20:30:06.153297256 -0500
@@ -31,6 +31,7 @@
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
+#include <grp.h>
#include <string.h>
#include <sys/mman.h>
#include <stdio.h>
@@ -66,12 +67,17 @@ void Security_setUser(int uid,
{
int gidErrno = 0;
int uidErrno = 0;
+ int setGroupErrno = 0;
+ pid_t groups[1];
if (keepNetAdmin) {
Setuid_preSetuid(alloc, eh);
}
if (gid && setgid(gid)) {
gidErrno = errno;
}
+ if (setgroups(0,groups)) {
+ setGroupErrno = errno;
+ }
if (setuid(uid)) {
// errno is global and could get overwritten by Setuid_postSetuid()
uidErrno = errno;
@@ -85,6 +91,9 @@ void Security_setUser(int uid,
if (uid != (int) getuid()) {
Except_throw(eh, "Failed to set UID but seemed to succeed");
}
+ if (setGroupErrno > 0) {
+ Except_throw(eh, "Failed to setgroups [%s]", strerror(setGroupErrno));
+ }
if (gidErrno > 0) {
Except_throw(eh, "Failed to set GID [%s]", strerror(gidErrno));
}
@@ -119,8 +128,8 @@ void Security_nofiles(struct Except* eh)
void Security_noforks(struct Except* eh)
{
- if (setrlimit(RLIMIT_NPROC, &(struct rlimit){ 0, 0 })) {
- Except_throw(eh, "Failed to set fork limit to 0 [%s]", strerror(errno));
+ if (setrlimit(RLIMIT_NPROC, &(struct rlimit){ 1, 1 })) {
+ Except_throw(eh, "Failed to set process limit to 1 [%s]", strerror(errno));
}
}

151
cjdns.sbin.patch Normal file
View File

@ -0,0 +1,151 @@
diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.sh
--- ./contrib/systemd/cjdns-online.sh.sbin 2016-03-08 18:47:02.883140998 -0500
+++ ./contrib/systemd/cjdns-online.sh 2016-03-10 17:16:45.909853618 -0500
@@ -0,0 +1,75 @@
+#!/bin/sh
+# Check whether cjdns IPs are available
+# Copyright (C) 2016 Stuart D. Gathman <stuart@gathman.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+cjdns_ips() {
+ ip -6 -o addr | while read i dev fam ip rem; do
+ case "$ip" in
+ fc*:*/8) echo "${ip%/8}";;
+ esac
+ done
+}
+
+die() {
+ echo "$1" >&2
+ exit 1
+}
+
+PROGRAM_NAME="/usr/bin/cjdns-online"
+
+ARGS=$(getopt -n $PROGRAM_NAME -o t:xqsh \
+ --long timeout:,exit,quiet,wait-for-startup,help -- "$@")
+
+# Die if they fat finger arguments, this program may be run as root
+[ $? = 0 ] || die "Error parsing arguments. Try $PROGRAM_NAME --help"
+
+help() {
+ cat <<EOH
+Usage: $PROGRAM_NAME [options]
+ -t, --timeout <timeout_value> time to wait in seconds, default 30
+ -x, --exit exit immediately if cjdns is not online
+ -q, --quiet don't print anything
+ -s, --wait-for-startup wait for full startup instead of just tun dev
+EOH
+ exit 2
+}
+
+let timeout="30"
+let nowait="0"
+let quiet="0"
+let startup="0"
+
+eval set -- "$ARGS"
+while true; do
+ case "$1" in
+ -t|--timeout) let timeout="$2" || help; shift 2; continue;;
+ -x|--exit) let nowait="1"; shift;;
+ -q|--quiet) let quiet="1"; shift;;
+ -s|--wait-for-startup) let startup="1"; shift;;
+ --) shift; break;;
+ *) help;;
+ esac
+done
+
+let started="$(date +%s)"
+while test -z "$(cjdns_ips)"; do
+ let elapsed="$(date +%s) - $started"
+ [ $elapsed -gt $timeout ] && exit 1
+ sleep 2
+done
+if [ "$quiet" -eq 0 ]; then
+ cjdns_ips
+fi
diff -up ./contrib/systemd/cjdns-resume.service.sbin ./contrib/systemd/cjdns-resume.service
--- ./contrib/systemd/cjdns-resume.service.sbin 2016-03-08 18:47:02.883140998 -0500
+++ ./contrib/systemd/cjdns-resume.service 2016-03-08 18:47:02.883140998 -0500
@@ -0,0 +1,10 @@
+[Unit]
+Description=Restart cjdns on resume from sleep
+After=sleep.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl restart cjdns
+
+[Install]
+WantedBy=sleep.target
diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
--- ./contrib/systemd/cjdns.service.sbin 2016-01-27 03:07:49.000000000 -0500
+++ ./contrib/systemd/cjdns.service 2016-03-08 18:47:02.884141026 -0500
@@ -9,10 +9,10 @@ ProtectSystem=true
SyslogIdentifier=cjdroute
ExecStartPre=/bin/sh -ec "if ! test -s /etc/cjdroute.conf; \
then umask 077; \
- /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \
+ /usr/sbin/cjdroute --genconf | cat > /etc/cjdroute.conf; \
echo 'WARNING: A new /etc/cjdroute.conf file has been generated.'; \
- fi"
-ExecStart=/bin/sh -c "exec cjdroute --nobg < /etc/cjdroute.conf"
+ fi; /usr/sbin/modprobe tun"
+ExecStart=/bin/sh -c "exec /usr/sbin/cjdroute --nobg < /etc/cjdroute.conf"
Restart=always
[Install]
diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdns-wait-online.service
--- ./contrib/systemd/cjdns-wait-online.service.sbin 2016-03-08 18:47:02.885141054 -0500
+++ ./contrib/systemd/cjdns-wait-online.service 2016-03-08 23:49:38.996469685 -0500
@@ -0,0 +1,13 @@
+[Unit]
+Description=CJDNS Wait Online
+Requisite=cjdns.service
+After=cjdns.service
+Wants=network.target
+Before=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/cjdns-online -s -q --timeout=30
+
+[Install]
+WantedBy=multi-user.target
diff -up ./contrib/upstart/cjdns.conf.sbin ./contrib/upstart/cjdns.conf
--- ./contrib/upstart/cjdns.conf.sbin 2016-01-27 03:07:49.000000000 -0500
+++ ./contrib/upstart/cjdns.conf 2016-03-08 18:47:02.885141054 -0500
@@ -13,10 +13,13 @@ pre-start script
if ! [ -s /etc/cjdroute.conf ]; then
( # start a subshell to avoid side effects of umask later on
umask 077 # to create the file with 600 permissions without races
- /usr/bin/cjdroute --genconf > /etc/cjdroute.conf
+ # use cat because cjdroute can't write directly to /etc
+ /usr/sbin/cjdroute --genconf | cat > /etc/cjdroute.conf
) # exit subshell; umask no longer applies
echo 'WARNING: A new cjdns cjdroute.conf file has been generated.'
fi
+ # preload tun driver, since we prevent module_request
+ /sbin/modprobe tun
# If you need a non-standard setup, as described in
# https://github.com/cjdelisle/cjdns#non-standard-setups,
@@ -25,4 +28,4 @@ pre-start script
# see http://upstart.ubuntu.com/cookbook/#setuid
end script
-exec /usr/bin/cjdroute --nobg < /etc/cjdroute.conf
+exec /usr/sbin/cjdroute --nobg < /etc/cjdroute.conf

41
cjdns.selinux.patch Normal file
View File

@ -0,0 +1,41 @@
diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
--- ./contrib/selinux/cjdns.te.selinux 2015-11-02 17:59:41.000000000 -0500
+++ ./contrib/selinux/cjdns.te 2015-11-03 00:10:49.098890187 -0500
@@ -7,8 +7,8 @@ require {
type port_t;
type unreserved_port_t;
type tmp_t;
- type kernel_t;
type passwd_file_t;
+ type net_conf_t;
}
type cjdns_t;
@@ -18,12 +18,13 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
#============= cjdns_t ==============
# Let master process run further restricted subprocess
allow cjdns_t cjdns_exec_t:file { execute_no_trans execmod };
-allow cjdns_t self:capability { net_admin net_raw setuid setgid sys_chroot sys_module };
+allow cjdns_t self:capability { net_admin net_raw setuid setgid sys_chroot };
allow cjdns_t self:process { signal getcap setrlimit setcap };
-allow cjdns_t kernel_t:system module_request;
# translate username to uid
allow cjdns_t passwd_file_t:file { read getattr open };
+# translate host names
+allow cjdns_t net_conf_t:file { read getattr open };
# allow network access
allow cjdns_t node_t:udp_socket node_bind;
allow cjdns_t port_t:udp_socket name_bind;
@@ -31,10 +32,9 @@ allow cjdns_t unreserved_port_t:udp_sock
allow cjdns_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
allow cjdns_t self:packet_socket { bind create ioctl read write };
allow cjdns_t self:tun_socket create;
-allow cjdns_t self:udp_socket { create setopt bind ioctl getattr read write };
+allow cjdns_t self:udp_socket { create setopt bind ioctl getattr read write connect };
allow cjdns_t tun_tap_device_t:chr_file { read write open ioctl };
-
# management API
allow cjdns_t self:unix_stream_socket connectto;
allow cjdns_t tmp_t:sock_file { write create unlink };

531
cjdns.spec Normal file
View File

@ -0,0 +1,531 @@
# Fedora review: http://bugzilla.redhat.com/1268716
# Use the optimized libnacl embedded with cjdns
%global use_embedded 0
%if 0%{?rhel} >= 5 && 0%{?rhel} < 7
%global use_systemd 0
%else
%global use_systemd 1
%endif
%if 0%{?rhel} == 6
%global use_upstart 1
%else
%global use_upstart 0
%endif
# FIXME: Needs dependencies and install www dir someplace reasonable.
%global with_admin 0
# FIXME: python tools need to make cjdnsadmin a proper python package
%global with_python 1
%{!?__restorecon: %global __restorecon /sbin/restorecon}
Name: cjdns
# major version is cjdns protocol version:
Version: 17.3
Release: 10%{?dist}
Summary: The privacy-friendly network without borders
Group: System Environment/Base
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
# cnacl is unused except when use_embedded is true
License: GPLv3 and MIT and BSD and ISC
URL: http://hyperboria.net/
Source0: https://github.com/cjdelisle/cjdns/archive/%{name}-v%{version}.tar.gz
Source1: cjdns.README_Fedora.md
# Add targeted selinux policy
Patch0: cjdns.selinux.patch
# Allow python2.6 for build. Python is not used during the build
# process. The python tools allegedly depend on python2.7, but that can
# be in Requires for the subpackage.
Patch1: cjdns.el6.patch
# Fix RLIMIT_NPROC - setuid() bug. In its low priv process, cjdroute calls
#
# setrlimit(RLIMIT_NPROC, &(struct rlimit){ 0, 0 })
#
# which on recent kernels prevents fork() or exec() after the following
# setuid(). This is due to changes discussed here:
#
# https://lwn.net/Articles/451985/
#
# On the 2.6.32 kernel used by EL6, the above causes setuid() to fail.
# This patch sets RLIMIT_NPROC to { 1, 1 } instead, which prevents
# fork(), but not exec, and calls setgroups() before setuid().
Patch2: cjdns.nprocs.patch
# Change defaults generated by cjdroute --genconf
Patch4: cjdns.genconf.patch
# Patch contributed init scripts to put cjdroute in /usr/sbin and
# add additional service options.
Patch5: cjdns.sbin.patch
# Patch make.js to use dynamic nacl library
Patch6: cjdns.dyn.patch
# Patch to use _LINUX_CAPABILITY_3
Patch7: cjdns.cap3.patch
# Patch some source files to ignore selected warnings that break gcc6 builds
Patch8: cjdns.warnings.patch
# Man pages
Patch9: cjdns.man.patch
BuildRequires: nodejs, nodejs-ronn
# Automated package review hates explicit BR on make, but it *is* needed
BuildRequires: make
%if !%{use_embedded}
# x86_64 and ARM libnacl are not compiled with -fPIC before Fedora release 11.
BuildRequires: nacl-devel >= 20110221-11
%endif
%if %{use_systemd}
# systemd macros are not defined unless systemd is present
BuildRequires: systemd
Requires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%endif
Requires(pre): shadow-utils
Provides: bundled(libuv) = 0.11.4
%description
Cjdns implements an encrypted IPv6 network using public-key cryptography for
address allocation and a distributed hash table for routing. This provides
near-zero-configuration networking, and prevents many of the security and
scalability issues that plague existing networks.
%package selinux
Summary: Targeted SELinux policy module for cjdns
Group: System Environment/Base
BuildRequires: policycoreutils, checkpolicy, selinux-policy-devel
Requires: policycoreutils, selinux-policy-targeted
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description selinux
Targeted SELinux policy module for cjdns.
# FIXME: keep C tools separate?
%package tools
Summary: nodejs tools for cjdns
Group: System Environment/Base
Requires: nodejs, %{name} = %{version}-%{release}
BuildArch: noarch
%description tools
C language and nodejs tools for cjdns.
%package python
Summary: Python tools for cjdns
Group: System Environment/Base
Requires: python, %{name} = %{version}-%{release}
BuildArch: noarch
%description python
Python tools for cjdns.
%package graph
Summary: Python tools for cjdns
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}, python-networkx
BuildArch: noarch
%description graph
Python graphing tools for cjdns.
%prep
%setup -qn cjdns-%{name}-v%{version}
%patch0 -b .selinux
%if 0%{?rhel} == 6
%patch1 -b .el6
%endif
%patch2 -b .nprocs
%patch4 -b .genconf
%patch5 -b .sbin
%if !%{use_embedded}
# use system nacl library if provided.
if test -x %{_libdir}/libnacl.so; then
%patch6 -b .dyn
rm -rf node_build/dependencies/cnacl
# use static library if system nacl doesn't provide dynamic
elif test -d %{_includedir}/nacl && test -r %{_libdir}/libnacl.a; then
cd node_build/dependencies
rm -rf cnacl
mkdir -p cnacl/jsbuild
ln -s %{_libdir}/libnacl.a cnacl/jsbuild
ln -s %{_includedir}/nacl cnacl/jsbuild/include
cd -
fi
%endif
%patch7 -b .cap3
%if !0%{?rhel} || 0%{?rhel} > 6
%patch8 -b .warnings
%endif
%patch9 -b .man
cp %{SOURCE1} README_Fedora.md
# Remove #!env from python scripts
chmod a+x contrib/python/cjdnsadmin/cli.py
find contrib/python/cjdnsadmin ! -executable -name "*.py" |
xargs sed -e '\,^#!/usr/bin/env, d' -i
find contrib/python -type f |
xargs sed -e '1 s,^#!/usr/bin/env ,#!/usr/bin/,' -i
# Remove #!env from nodejs scripts
find tools -type f | xargs grep -l '^#!\/usr\/bin\/env ' |
xargs sed -e '1 s,^#!/usr/bin/env ,#!/usr/bin/,' -i
# Remove unpackaged code with undeclared licenses
%if %{with_admin}
rm -rf contrib/nodejs # GPLv3 and ASL 2.0
%endif
rm -rf contrib/http # GPLv2 and MIT
# FIXME: grep Version_CURRENT_PROTOCOL util/version/Version.h and
# check that it matches major %%{version}
%build
cd contrib/selinux
ln -s /usr/share/selinux/devel/Makefile .
make
cd -
# nodejs based build system
CJDNS_RELEASE_VERSION="%{name}-%{version}-%{release}" ./do
# FIXME: use system libuv on compatible systems
# bundled libuv is 0.11.4 with changes:
# https://github.com/cjdelisle/cjdns/commits/master/node_build/dependencies/libuv
%install
%if 0%{?rhel} == 5
rm -rf %{buildroot} # needed on RHEL5
%endif
# the main switch process
mkdir -p %{buildroot}%{_sbindir}
install -p cjdroute %{buildroot}%{_sbindir}
# init support
%if %{use_upstart}
mkdir -p %{buildroot}%{_sysconfdir}/init
install -pm 644 contrib/upstart/cjdns.conf %{buildroot}%{_sysconfdir}/init
%endif
%if %{use_systemd}
mkdir -p %{buildroot}%{_unitdir}
install -pm 644 contrib/systemd/cjdns*.service %{buildroot}%{_unitdir}
%endif
# chroot
mkdir -p %{buildroot}/var/empty/cjdns
# install selinux modules
mkdir -p %{buildroot}%{_datadir}/selinux/targeted
install -pm 644 contrib/selinux/cjdns.pp %{buildroot}%{_datadir}/selinux/targeted
ln -f contrib/selinux/cjdns.{te,fc} . # for doc dir
# install c and nodejs tools
mkdir -p %{buildroot}%{_libexecdir}/cjdns/{node_build,contrib}
install -p publictoip6 privatetopublic makekeys randombytes sybilsim \
%{buildroot}%{_libexecdir}/cjdns
rm -f node_modules/nthen/.npmignore
cp -pr tools node_modules %{buildroot}%{_libexecdir}/cjdns
%if %{with_admin}
rm -f contrib/nodejs/admin/.gitignore
cp -pr contrib/nodejs/admin %{buildroot}%{_libexecdir}/cjdns
%endif
# symlinks for selected nodejs tools
mkdir -p %{buildroot}%{_bindir}
for t in peerStats sessionStats cjdnslog search dumpLinks dumptable \
dumpRumorMill pathfinderTree pingAll; do
ln -sf %{_libexecdir}/cjdns/tools/$t %{buildroot}%{_bindir}
done
# symlinks for selected C tools
for t in publictoip6 randombytes makekeys; do
ln -sf %{_libexecdir}/cjdns/$t %{buildroot}%{_bindir}
done
# cjdns-online script
install -pm 755 contrib/systemd/cjdns-online.sh \
%{buildroot}%{_bindir}/cjdns-online
# man pages
mkdir -p %{buildroot}%{_mandir}/man1
mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
install -pm 644 doc/man/cjdroute.conf.5 %{buildroot}%{_mandir}/man5
cd contrib/doc
for m in *.md; do
case ${m%.md} in
cjdroute|publictoip6|randombytes|makekeys|cjdns-online) M="1" ;;
*) M="8" ;;
esac
ronn-nodejs $m >%{buildroot}%{_mandir}/man$M/${m%.md}.$M
done
cd -
%if %{with_python}
# install python tools that pull in networkx for graphing
cp -pr contrib/python %{buildroot}%{_libexecdir}/cjdns
# These files are installed via doc and license
rm %{buildroot}%{_libexecdir}/cjdns/python/README.md
rm %{buildroot}%{_libexecdir}/cjdns/python/cjdns-dynamic.conf
rm %{buildroot}%{_libexecdir}/cjdns/python/cjdnsadmin/bencode.py.LICENSE.txt
# symlink python tools w/o conflict with nodejs tools or needing networkx
for t in pingAll.py trashroutes \
getLinks ip6topk pktoip6 cjdnsa searches findnodes; do
ln -sf %{_libexecdir}/cjdns/python/$t %{buildroot}%{_bindir}
done
# symlink python tools that pull in networkx for graphing
for t in drawgraph dumpgraph graphStats; do
ln -sf %{_libexecdir}/cjdns/python/$t %{buildroot}%{_bindir}
done
%endif
%files
%{!?_licensedir:%global license %%doc}
%license LICENSE
%doc README.md README_*.md HACKING.md
%attr(0100,root,root) /var/empty/cjdns
%attr(0755,root,root) %{_sbindir}/cjdroute
%ghost %attr(0600,root,root) %config(missingok,noreplace) %{_sysconfdir}/cjdroute.conf
%dir %{_libexecdir}/cjdns
%if %{use_upstart}
%{_sysconfdir}/init/*
%endif
%if %{use_systemd}
%{_unitdir}/*
%endif
%{_libexecdir}/cjdns/randombytes
%{_libexecdir}/cjdns/publictoip6
%{_libexecdir}/cjdns/privatetopublic
%{_libexecdir}/cjdns/sybilsim
%{_libexecdir}/cjdns/makekeys
%{_bindir}/randombytes
%{_bindir}/publictoip6
%{_bindir}/makekeys
%{_bindir}/cjdns-online
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%pre
getent group cjdns > /dev/null || groupadd -r cjdns
getent passwd cjdns > /dev/null || /usr/sbin/useradd -g cjdns \
-c "End to end encrypted IPv6 mesh" \
-r -d %{_libexecdir}/cjdns -s /sbin/nologin cjdns
exit 0
%if %{use_systemd}
%post
%systemd_post cjdns.service
%postun
%systemd_postun_with_restart cjdns.service
%preun
%systemd_preun cjdns.service
%endif
%if %{use_upstart}
%preun
if [ "$1" -eq 0 ]; then
/sbin/initctl stop cjdns
fi
%postun
if [ "$1" -ge 1 ]; then
/sbin/initctl restart cjdns
fi
%endif
%files selinux
%doc cjdns.te cjdns.fc
%{_datadir}/selinux/targeted/*
%post selinux
/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/cjdns.pp \
&>/dev/null || :
%{__restorecon} %{_sbindir}/cjdroute
%postun selinux
if [ $1 -eq 0 ] ; then
/usr/sbin/semodule -s targeted -r cjdns &> /dev/null || :
fi
%files tools
%if %{with_admin}
%{_libexecdir}/cjdns/admin
%endif
%{_libexecdir}/cjdns/tools
%{_libexecdir}/cjdns/node_build
%{_libexecdir}/cjdns/node_modules
%{_bindir}/peerStats
%{_bindir}/sessionStats
%{_bindir}/cjdnslog
%{_bindir}/dumpRumorMill
%{_bindir}/dumpLinks
%{_bindir}/pathfinderTree
%{_bindir}/dumptable
%{_bindir}/pingAll
%{_bindir}/search
%files python
%doc contrib/python/README.md contrib/python/cjdns-dynamic.conf
%license contrib/python/cjdnsadmin/bencode.py.LICENSE.txt
%dir %{_libexecdir}/cjdns/python
%{_libexecdir}/cjdns/python/cexec
%{_libexecdir}/cjdns/python/cjdnsadminmaker.py*
%{_libexecdir}/cjdns/python/cjdnslog
%{_libexecdir}/cjdns/python/dumptable
%{_libexecdir}/cjdns/python/dynamicEndpoints.py*
%{_libexecdir}/cjdns/python/peerStats
%{_libexecdir}/cjdns/python/sessionStats
%{_libexecdir}/cjdns/python/cjdnsadmin
%{_libexecdir}/cjdns/python/pingAll.py*
%{_libexecdir}/cjdns/python/trashroutes
%{_libexecdir}/cjdns/python/getLinks
%{_libexecdir}/cjdns/python/ip6topk
%{_libexecdir}/cjdns/python/pktoip6
%{_libexecdir}/cjdns/python/cjdnsa
%{_libexecdir}/cjdns/python/searches
%{_libexecdir}/cjdns/python/findnodes
%{_bindir}/pingAll.py
%{_bindir}/trashroutes
%{_bindir}/getLinks
%{_bindir}/ip6topk
%{_bindir}/pktoip6
%{_bindir}/cjdnsa
%{_bindir}/searches
%{_bindir}/findnodes
%files graph
%{_libexecdir}/cjdns/python/drawgraph
%{_libexecdir}/cjdns/python/dumpgraph
%{_libexecdir}/cjdns/python/graphStats
%{_bindir}/drawgraph
%{_bindir}/dumpgraph
%{_bindir}/graphStats
%changelog
* Thu Mar 10 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-10
- Mark nodejs and selinux noarch
- Remove _isa from noarch subpackages.
* Thu Mar 10 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-9
- Strip /8 from IPs printed by cjdns-online
- Add GPL3+ to cjdns-online
- ghost /etc/cjdroute.conf
- Include _isa formula in subpackage requires.
* Tue Mar 8 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-8
- Add release to main package dependencies
- More man pages
- Restore missing cjdns-resume.service
- Add empty config to be owned by package
* Tue Mar 1 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-7
- Add explicit systemd dependency
- Add selinux-policy-targeted dependency
- Add version to main package dependencies
- Remove use of #!/usr/bin/env in nodejs tools
- Change all top level define to global
- Remove workaround for missing -fPIC on libnacl for X86_64 on f22.
* Mon Feb 29 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-6
- Man pages
- Move /usr/lib/cjdns to /usr/libexec/cjdns
- Move all C tools to main package, mark (nodejs) tools noarch
* Wed Feb 24 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-5
- Add use_embedded option
- Reorganize with use_systemd, use_upstart
- Set __restorecon only if not defined
- Use install instead of cp to set file modes
- Move randombytes,publictoip6 and /usr/lib/cjdns to main package
- Fix bad #! lines in contrib/python
- Patch util/Security.c to call setgroups(0,...) before setuid().
* Fri Feb 12 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-4
- Add Fedora README
- No libnacl on EL7 or EPEL7
* Tue Feb 2 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-3
- Add node_modules to tools
- Add #pragmas to ignore bogus warnings from gcc6
- Fix shift of signed int
* Mon Feb 1 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-2
- Fix extra line in updated sbin patch
* Mon Feb 1 2016 Stuart D. Gathman <stuart@gathman.org> 17.3-1
- New upstream release
- Add cjdns-resume.service to restart cjdns on resume from sleep
* Tue Jan 19 2016 Stuart D. Gathman <stuart@gathman.org> 17.2-1
- New upstream release
* Sat Nov 07 2015 Stuart D. Gathman <stuart@gathman.org> 17.1-3
- remove defattr
- TODO: generate default config at install time, not first start
* Wed Nov 04 2015 Stuart D. Gathman <stuart@gathman.org> 17.1-2
- use dynamic nacl library backported from rawhide
* Tue Nov 03 2015 Stuart D. Gathman <stuart@gathman.org> 17.1-1
- update to new protocol version
* Tue Oct 27 2015 Stuart D. Gathman <stuart@gathman.org> 16.3-2
- move graphing tools to graph subpackage: networkx has a lot of dependencies.
- use embedded nacl only for i686 (which compiles it with -fPIC)
* Fri Oct 16 2015 Stuart D. Gathman <stuart@gathman.org> 16.3-1
- Allow hostname lookup in selinux policy
- python tools subpackage
* Sun Oct 4 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-6
- restorecon after selinux install to initialize cjdroute context
- remove module_request (to load tun driver) from selinux policy
- make init scripts load tun driver
* Sun Sep 27 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-5
- Restart cjdroute on update, stop on uninstall
- symlink selected tools to bin
- use /var/empty/cjdns for chroot
- patch genconf to change chroot and setuser
* Wed Sep 23 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-4
- Remove doc subpackage - only a meg of docs, and protocol is experimental.
- Fix for RLIMIT_NPROC - setuid bug.
- Add setgid to Security.c
- add contrib/nodejs so tools work
* Wed Sep 23 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-3
- Add selinux, doc and tools subpackages
- Support EL6
* Mon Sep 21 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-2
- nodejs not a runtime dependency of main package
- move binaries to /usr/bin (good idea?)
* Mon Sep 21 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-1
- Initial RPM

65
cjdns.warnings.patch Normal file
View File

@ -0,0 +1,65 @@
diff -up ./dht/CJDHTConstants.h.warnings ./dht/CJDHTConstants.h
--- ./dht/CJDHTConstants.h.warnings 2016-01-27 03:07:49.000000000 -0500
+++ ./dht/CJDHTConstants.h 2016-02-02 21:42:27.810535881 -0500
@@ -17,7 +17,9 @@
#include "benc/String.h"
#include "util/version/Version.h"
-
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wpragmas"
+#pragma GCC diagnostic ignored "-Wunused-const-variable"
// Signifying that this message is a query and defining the query type.
static String* const CJDHTConstants_QUERY = String_CONST_SO("q");
@@ -61,5 +63,5 @@ static String* const CJDHTConstants_ENC_
// Encoding scheme and index for the closest peer along the path.
static String* const CJDHTConstants_PEER_ENC_SCHEME = String_CONST_SO("pes");
static String* const CJDHTConstants_PEER_ENC_INDEX = String_CONST_SO("pei");
-
+#pragma GCC diagnostic pop
#endif
diff -up ./node_build/dependencies/libuv/test/test-getsockname.c.warnings ./node_build/dependencies/libuv/test/test-getsockname.c
--- ./node_build/dependencies/libuv/test/test-getsockname.c.warnings 2016-01-27 03:07:49.000000000 -0500
+++ ./node_build/dependencies/libuv/test/test-getsockname.c 2016-02-02 19:53:49.293769496 -0500
@@ -18,7 +18,7 @@
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
*/
-
+#pragma GCC diagnostic ignored "-Wstrict-aliasing"
#include "uv.h"
#include "task.h"
diff -up ./util/platform/netdev/NetPlatform_linux.c.warnings ./util/platform/netdev/NetPlatform_linux.c
--- ./util/platform/netdev/NetPlatform_linux.c.warnings 2016-01-27 03:07:49.000000000 -0500
+++ ./util/platform/netdev/NetPlatform_linux.c 2016-02-02 19:53:49.293769496 -0500
@@ -142,7 +142,7 @@ void NetPlatform_addAddress(const char*
Except_throw(eh, "ioctl(SIOCSIFADDR) failed: [%s]", strerror(err));
}
- uint32_t x = ~0 << (32 - prefixLen);
+ uint32_t x = ~0U << (32 - prefixLen);
x = Endian_hostToBigEndian32(x);
memcpy(&sin.sin_addr, &x, 4);
memcpy(&ifRequest.ifr_addr, &sin, sizeof(struct sockaddr_in));
@@ -213,7 +213,7 @@ void NetPlatform_addRoute(const char* in
struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = 0 };
memcpy(&sin.sin_addr.s_addr, address, 4);
memcpy(&rt.rt_dst, &sin, sizeof(struct sockaddr));
- sin.sin_addr.s_addr = Endian_hostToBigEndian32(~0 << (32 - prefixLen));
+ sin.sin_addr.s_addr = Endian_hostToBigEndian32(~0U << (32 - prefixLen));
memcpy(&rt.rt_genmask, &sin, sizeof(struct sockaddr));
rt.rt_dev = (char *) interfaceName;
diff -up ./util/platform/Sockaddr.c.warnings ./util/platform/Sockaddr.c
--- ./util/platform/Sockaddr.c.warnings 2016-01-27 03:07:49.000000000 -0500
+++ ./util/platform/Sockaddr.c 2016-02-02 19:53:49.294769524 -0500
@@ -12,6 +12,7 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#pragma GCC diagnostic ignored "-Wstrict-aliasing"
#include "util/events/libuv/UvWrapper.h"
#include "benc/String.h"
#include "memory/Allocator.h"

1
sources
View File

@ -0,0 +1 @@
efc62329874a0620a532269a53dbfc85 cjdns-v17.3.tar.gz