Merge branch 'master' into epel7
This commit is contained in:
commit
4e807cc425
1
.gitignore
vendored
1
.gitignore
vendored
@ -15,3 +15,4 @@
|
||||
/python-cjdns-0.1.tar.gz
|
||||
/cjdns-v20.5.tar.gz
|
||||
/cjdns-v20.6.tar.gz
|
||||
/cjdns-v20.7.tar.gz
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
|
||||
--- ./test/Main_fuzz_test.c.fuzz 2019-05-08 19:31:34.995364838 -0400
|
||||
+++ ./test/Main_fuzz_test.c 2019-05-08 19:31:51.955608910 -0400
|
||||
@@ -59,8 +59,8 @@ static Iface_DEFUN incomingTun(struct Me
|
||||
--- ./test/Main_fuzz_test.c.fuzz 2020-04-09 14:01:51.000000000 -0400
|
||||
+++ ./test/Main_fuzz_test.c 2020-04-14 17:17:24.101260879 -0400
|
||||
@@ -60,8 +60,8 @@ static Iface_DEFUN incomingTun(struct Me
|
||||
static void notLinkedYet(struct Context* ctx)
|
||||
{
|
||||
uint64_t now = Time_currentTimeMilliseconds(ctx->base);
|
||||
@ -12,3 +12,35 @@ diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c
|
||||
}
|
||||
}
|
||||
|
||||
diff -up ./util/test/Seccomp_test.c.fuzz ./util/test/Seccomp_test.c
|
||||
--- ./util/test/Seccomp_test.c.fuzz 2020-04-15 20:21:02.563170274 -0400
|
||||
+++ ./util/test/Seccomp_test.c 2020-04-15 22:32:21.633653339 -0400
|
||||
@@ -61,6 +61,10 @@ static void timeout(void* vNULL)
|
||||
{
|
||||
Assert_true(!"timed out");
|
||||
}
|
||||
+static void timeout2(void* vNULL)
|
||||
+{
|
||||
+ Assert_true(!"time out 2");
|
||||
+}
|
||||
|
||||
static int child(char* pipeName, struct Allocator* alloc, struct Log* logger)
|
||||
{
|
||||
@@ -70,7 +74,7 @@ static int child(char* pipeName, struct
|
||||
pipe->logger = logger;
|
||||
pipe->userData = alloc;
|
||||
|
||||
- Timeout_setTimeout(timeout, eb, 2000, eb, alloc);
|
||||
+ Timeout_setTimeout(timeout, eb, 8000, eb, alloc);
|
||||
EventBase_beginLoop(eb);
|
||||
|
||||
return 0;
|
||||
@@ -120,7 +124,7 @@ int main(int argc, char** argv)
|
||||
|
||||
Assert_true(!Process_spawn(path, args, eb, alloc, NULL));
|
||||
|
||||
- Timeout_setTimeout(timeout, NULL, 2000, eb, alloc);
|
||||
+ Timeout_setTimeout(timeout2, NULL, 160000, eb, alloc);
|
||||
|
||||
EventBase_beginLoop(eb);
|
||||
return 0;
|
||||
|
@ -1,16 +1,16 @@
|
||||
diff -up ./client/cjdroute2.c.genconf ./client/cjdroute2.c
|
||||
--- ./client/cjdroute2.c.genconf 2019-05-02 04:02:32.000000000 -0400
|
||||
+++ ./client/cjdroute2.c 2019-05-08 12:14:53.146838389 -0400
|
||||
@@ -336,7 +336,7 @@ static int genconf(struct Random* rand,
|
||||
" // and ETHInterface will be unable to hot-add new interfaces\n"
|
||||
" // Use { \"setuser\": 0 } to disable.\n"
|
||||
" // Default: enabled with keepNetAdmin\n"
|
||||
- " { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n"
|
||||
+ " { \"setuser\": \"cjdns\", \"keepNetAdmin\": 1 },\n"
|
||||
"\n"
|
||||
--- ./client/cjdroute2.c.genconf 2020-06-23 08:37:44.000000000 -0400
|
||||
+++ ./client/cjdroute2.c 2020-07-01 13:48:09.041257042 -0400
|
||||
@@ -359,7 +359,7 @@ static int genconf(struct Allocator* all
|
||||
if (Defined(android) || Defined(darwin)) {
|
||||
printf(" { \"setuser\": 0 },\n");
|
||||
} else {
|
||||
- printf(" { \"setuser\": \"nobody\", \"keepNetAdmin\": 1 },\n");
|
||||
+ printf(" { \"setuser\": \"cjdns\", \"keepNetAdmin\": 1 },\n");
|
||||
}
|
||||
printf("\n"
|
||||
" // Chroot changes the filesystem root directory which cjdns sees, blocking it\n"
|
||||
" // from accessing files outside of the chroot sandbox, if the user does not\n"
|
||||
@@ -348,7 +348,7 @@ static int genconf(struct Random* rand,
|
||||
@@ -372,7 +372,7 @@ static int genconf(struct Allocator* all
|
||||
}
|
||||
else {
|
||||
printf(" // Default: enabled (using \"/var/run\")\n"
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
|
||||
--- ./contrib/selinux/cjdns.te.selinux 2019-05-02 04:02:32.000000000 -0400
|
||||
+++ ./contrib/selinux/cjdns.te 2019-08-15 22:23:18.807845457 -0400
|
||||
--- ./contrib/selinux/cjdns.te.selinux 2020-06-23 08:37:44.000000000 -0400
|
||||
+++ ./contrib/selinux/cjdns.te 2020-07-01 19:34:24.473531348 -0400
|
||||
@@ -7,8 +7,9 @@ require {
|
||||
type port_t;
|
||||
type unreserved_port_t;
|
||||
@ -12,7 +12,7 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
|
||||
}
|
||||
|
||||
type cjdns_t;
|
||||
@@ -17,24 +18,26 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
|
||||
@@ -17,27 +18,29 @@ init_daemon_domain(cjdns_t,cjdns_exec_t)
|
||||
|
||||
#============= cjdns_t ==============
|
||||
# Let master process run further restricted subprocess
|
||||
@ -44,4 +44,8 @@ diff -up ./contrib/selinux/cjdns.te.selinux ./contrib/selinux/cjdns.te
|
||||
-
|
||||
# management API
|
||||
allow cjdns_t self:unix_stream_socket connectto;
|
||||
allow cjdns_t tmp_t:sock_file { write create unlink };
|
||||
-allow cjdns_t tmp_t:sock_file { write create unlink };
|
||||
+allow cjdns_t tmp_t:sock_file { write create unlink getattr };
|
||||
allow cjdns_t tmp_t:dir { write remove_name add_name };
|
||||
allow cjdns_t urandom_device_t:chr_file { read open };
|
||||
|
||||
|
48
cjdns.spec
48
cjdns.spec
@ -14,7 +14,11 @@
|
||||
%bcond_with libsodium
|
||||
# Option to disable SECCOMP: confusing backward logic
|
||||
# Needed to run on openvz and other container systems
|
||||
%ifarch armv7hl
|
||||
%bcond_with seccomp
|
||||
%else
|
||||
%bcond_without seccomp
|
||||
%endif
|
||||
# Option to use system libuv instead of bundled libuv-0.11.19
|
||||
%bcond_with libuv
|
||||
# When with_python3 is set, this replaces tools in bin and libexec
|
||||
@ -69,7 +73,7 @@
|
||||
%global makeman marked-man
|
||||
%else
|
||||
%global use_marked 0
|
||||
%global makeman ../../ronn
|
||||
%global makeman pandoc -s -tman
|
||||
%endif
|
||||
|
||||
# FIXME: Needs dependencies and install www dir someplace reasonable.
|
||||
@ -83,7 +87,7 @@
|
||||
|
||||
Name: cjdns
|
||||
# major version is cjdns protocol version:
|
||||
Version: 20.6
|
||||
Version: 20.7
|
||||
Release: 1%{?dist}
|
||||
Summary: The privacy-friendly network without borders
|
||||
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
||||
@ -114,10 +118,6 @@ Patch1: cjdns.el6.patch
|
||||
#
|
||||
# https://lwn.net/Articles/451985/
|
||||
#
|
||||
# On the 2.6.32 kernel used by EL6, the above causes setuid() to fail.
|
||||
# This patch sets RLIMIT_NPROC to { 1, 1 } instead, which prevents
|
||||
# fork(), but not exec, and calls setgroups() before setuid().
|
||||
Patch2: cjdns.nprocs.patch
|
||||
# Change defaults generated by cjdroute --genconf
|
||||
Patch4: cjdns.genconf.patch
|
||||
# Patch contributed init scripts to put cjdroute in /usr/sbin and
|
||||
@ -128,7 +128,7 @@ Patch6: cjdns.dyn.patch
|
||||
# Patch to use _LINUX_CAPABILITY_3 (cjdns < 18)
|
||||
#Patch7: cjdns.cap3.patch
|
||||
# Patch some source files to ignore selected warnings that break gcc6 builds
|
||||
Patch8: cjdns.warnings.patch
|
||||
#Patch8: cjdns.warnings.patch
|
||||
# Man pages
|
||||
Patch9: cjdns.man.patch
|
||||
# Patch some bugs in nodejs tools
|
||||
@ -152,18 +152,16 @@ Patch12: cjdns.sign.patch
|
||||
#Patch17: cjdns.s390x.patch
|
||||
# patch build to use system libuv
|
||||
Patch18: cjdns.libuv.patch
|
||||
Patch19: cjdns.fuzz.patch
|
||||
#Patch19: cjdns.fuzz.patch
|
||||
# patch to use /proc/sys/kernel/random/uuid instead of sysctl before 20.4
|
||||
Patch20: cjdns.sysctl.patch
|
||||
# Patch ronn to stop using deprecated util.puts and util.debug
|
||||
Patch21: cjdns.puts.patch
|
||||
# gcc-10 no longer allows duplicate globals
|
||||
Patch22: cjdns.gcc10.patch
|
||||
|
||||
%if %{use_marked}
|
||||
BuildRequires: nodejs, nodejs-marked
|
||||
%else
|
||||
BuildRequires: nodejs, nodejs-ronn
|
||||
BuildRequires: nodejs, pandoc
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel} == 6
|
||||
@ -205,6 +203,8 @@ Provides: bundled(nacl) = 20110221
|
||||
%endif
|
||||
# build system requires nodejs, unfortunately
|
||||
ExclusiveArch: %{nodejs_arches}
|
||||
# Seccomp_test is too slow on koji for this arch
|
||||
#ExcludeArch: armv7hl
|
||||
|
||||
%description
|
||||
Cjdns implements an encrypted IPv6 network using public-key cryptography for
|
||||
@ -296,7 +296,6 @@ Python peer graph tools for cjdns.
|
||||
%patch1 -b .el6
|
||||
%endif
|
||||
|
||||
%patch2 -b .nprocs
|
||||
%patch4 -b .genconf
|
||||
%patch5 -b .sbin
|
||||
|
||||
@ -330,7 +329,7 @@ fi
|
||||
%endif
|
||||
|
||||
%if !0%{?rhel} || 0%{?rhel} > 6
|
||||
%patch8 -b .warnings
|
||||
#patch8 -b .warnings
|
||||
%endif
|
||||
|
||||
%patch9 -b .man
|
||||
@ -344,13 +343,13 @@ fi
|
||||
rm -rf node_build/dependencies/libuv
|
||||
%else
|
||||
rm -rf node_build/dependencies/libuv/build/gyp # use system gyp
|
||||
%ifarch s390x
|
||||
%ifarch armv7hl
|
||||
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||
%else
|
||||
sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js
|
||||
%endif
|
||||
%endif
|
||||
%patch19 -p1 -b .fuzz
|
||||
#patch19 -p1 -b .fuzz
|
||||
#patch20 -p1 -b .sysctl
|
||||
#patch22 -b .gcc10
|
||||
|
||||
@ -407,9 +406,9 @@ rm node_build/dependencies/cnacl/node_build/plans/*_AVX_plan.json
|
||||
%endif
|
||||
|
||||
%if !%{use_marked}
|
||||
cp -r /usr/lib/node_modules/ronn node_modules
|
||||
%patch21 -p1 -b .puts
|
||||
ln -s node_modules/ronn/bin/ronn.js ronn
|
||||
for i in contrib/doc/*.md; do
|
||||
sed -i -e'1,1 s/^/% /' -e'1,1 s/--/|/' -e'2,2d' $i
|
||||
done
|
||||
%endif
|
||||
|
||||
# remove hidden files from node_modules/nthen
|
||||
@ -491,8 +490,6 @@ install -p publictoip6 privatetopublic mkpasswd makekeys randombytes sybilsim \
|
||||
%{buildroot}%{_libexecdir}/cjdns
|
||||
rm -f node_modules/nthen/.npmignore
|
||||
cp -pr tools node_modules %{buildroot}%{_libexecdir}/cjdns
|
||||
# but not local copy of ronn
|
||||
rm -rf %{buildroot}%{_libexecdir}/cjdns/node_modules/ronn
|
||||
|
||||
%if %{with_admin}
|
||||
rm -f contrib/nodejs/admin/.gitignore
|
||||
@ -770,6 +767,17 @@ fi
|
||||
%{_bindir}/graphStats
|
||||
|
||||
%changelog
|
||||
* Wed Jul 1 2020 Stuart Gathman <stuart@gathman.org> - 20.7-1
|
||||
- New upstream release
|
||||
- Use pandoc for manpages
|
||||
|
||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 20.6-3
|
||||
- Rebuilt for Python 3.9
|
||||
- disable patch for nodejs-ronn, now included in Fedora
|
||||
|
||||
* Wed Apr 29 2020 Stuart Gathman <stuart@gathman.org> - 20.6-2
|
||||
- Disable SECCOMP by default for armv7hl instead of excluding arch
|
||||
|
||||
* Mon Mar 16 2020 Stuart Gathman <stuart@gathman.org> - 20.6-1
|
||||
- New upstream release
|
||||
|
||||
|
1
sources
1
sources
@ -2,3 +2,4 @@ SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6
|
||||
SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256
|
||||
SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3
|
||||
SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332
|
||||
SHA512 (cjdns-v20.7.tar.gz) = db103e70e3d9f5e4958dcbeed51df358450f9489b6573f9b9eddc1839ee2051fe5180eede894b465e92915fabcb4cb64ce08a41c06450f14de75943879633f25
|
||||
|
Loading…
Reference in New Issue
Block a user