Merge branch 'master' into epel7
This commit is contained in:
commit
538de792f0
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,4 @@
|
|||||||
/cjdns-v17.3.tar.gz
|
/cjdns-v17.3.tar.gz
|
||||||
/cjdns-v17.4.tar.gz
|
/cjdns-v17.4.tar.gz
|
||||||
|
/cjdns-v18.tar.gz
|
||||||
|
/*.src.rpm
|
||||||
|
@ -38,3 +38,63 @@ can speed this up dramatically with:
|
|||||||
systemctl enable cjdns-resume
|
systemctl enable cjdns-resume
|
||||||
|
|
||||||
The resume service restarts cjdns when the system wakes up from sleep.
|
The resume service restarts cjdns when the system wakes up from sleep.
|
||||||
|
|
||||||
|
For rhel6, use ```start cjdns``` instead of systemctl - ditto for restart
|
||||||
|
and stop.
|
||||||
|
|
||||||
|
##Security
|
||||||
|
|
||||||
|
By default, Fedora Workstation will treat the tun device created by cjdroute as
|
||||||
|
"public", with SSH being the only incoming port allowed. There is no
|
||||||
|
additional exposure with cjdns and the default Fedora firewall. If you have
|
||||||
|
modified the firewall config beyond opening additional incoming ports, be sure
|
||||||
|
that the cjdns tun is treated as public - because anyone in the world can
|
||||||
|
attempt to connect to you through it. Sometimes, people configure their
|
||||||
|
firewall to treat all tun devices as "VPN", and therefore somewhat more
|
||||||
|
trusted. This would be a mistake with cjdns. It is a VPN, for sure, but one
|
||||||
|
anyone in the world can join.
|
||||||
|
|
||||||
|
Public keys for cjdns are based on Elliptic Curves. There is a known quantum
|
||||||
|
algorithm that could be used to crack them if quantum computers with sufficient
|
||||||
|
qubits are ever built. The solution when that happens is larger keys - which
|
||||||
|
are more cumbersome.
|
||||||
|
|
||||||
|
The Distributed Hash Table algorithm is a core component of cjdns - which is
|
||||||
|
vulnerable to a Denial of Service attack known as "Sybil". This attack can
|
||||||
|
block specific updates to the DHT - to prevent your node from joining a mesh,
|
||||||
|
for instance.
|
||||||
|
|
||||||
|
On the positive side, you can safely use telnet to cjdns IPs and the http
|
||||||
|
protocol is automatically encrypted (but you need a secure DNS or raw ip to be
|
||||||
|
sure you are talking to the right node). Many other protocols are
|
||||||
|
automatically encrypted while using cjdns. In general, connecting to a raw
|
||||||
|
cjdns IP is functionally equivalent to SSL/TLS with both client and server
|
||||||
|
authentication.
|
||||||
|
|
||||||
|
Since the cjdroute core routing code parses network packets from untrusted
|
||||||
|
sources, it is a security risk and is heavily sandboxed. It runs as the cjdns
|
||||||
|
user in a chroot jail in an empty directory, with RLIMIT_NPROC set to 1 to
|
||||||
|
disable forking. Seccomp is used to limit available system calls to only those
|
||||||
|
actually needed. Installing the cjdns-selinux package installs a targeted
|
||||||
|
selinux policy that also restricts what the privileged process can access.
|
||||||
|
|
||||||
|
##Routing security
|
||||||
|
|
||||||
|
If cjdns is not running, cjdns packets will get routed in plaintext
|
||||||
|
to your default gateway by default. An attacker could then play
|
||||||
|
man-in-the-middle. If your default gateway is running cjdns, this
|
||||||
|
could even happen accidentally.
|
||||||
|
|
||||||
|
This can be blocked by restricting ```fc00::/8``` to the interface
|
||||||
|
used by cjdroute in the firewall.
|
||||||
|
|
||||||
|
## Advanced config
|
||||||
|
|
||||||
|
You may install a network service that depends on cjdns, for instance you might
|
||||||
|
install thttpd to serve up
|
||||||
|
[nodeinfo.json](https://docs.meshwith.me/en/cjdns/nodeinfo.json.html). If
|
||||||
|
thttpd is configured to listen only on your cjdns IP, then it will not start
|
||||||
|
until cjdns is up and running. Add ```After=cjdns-wait-online.service``` to
|
||||||
|
```thttpd.service``` to hold off starting the service until cjdns has the
|
||||||
|
tunnel up and ready.
|
||||||
|
|
||||||
|
@ -1,13 +1,16 @@
|
|||||||
diff -up ./node_build/make.js.dyn ./node_build/make.js
|
diff -up ./node_build/make.js.dyn ./node_build/make.js
|
||||||
--- ./node_build/make.js.dyn 2016-01-27 03:07:49.000000000 -0500
|
--- ./node_build/make.js.dyn 2016-10-11 17:39:44.000000000 -0400
|
||||||
+++ ./node_build/make.js 2016-04-18 16:17:04.052719207 -0400
|
+++ ./node_build/make.js 2016-10-14 22:08:23.018241766 -0400
|
||||||
@@ -250,41 +250,9 @@ Builder.configure({
|
@@ -252,44 +252,9 @@ Builder.configure({
|
||||||
|
|
||||||
}).nThen(function (waitFor) {
|
}).nThen(function (waitFor) {
|
||||||
|
|
||||||
- builder.config.libs.push(dependencyDir + '/cnacl/jsbuild/libnacl.a');
|
- builder.config.libs.push(dependencyDir + '/cnacl/jsbuild/libnacl.a');
|
||||||
- builder.config.includeDirs.push(dependencyDir + '/cnacl/jsbuild/include/');
|
- builder.config.includeDirs.push(dependencyDir + '/cnacl/jsbuild/include/');
|
||||||
-
|
-
|
||||||
|
- // needed for Sign.c which pulls in crypto_int32.h
|
||||||
|
- builder.config.includeDirs.push(dependencyDir + '/cnacl/jsbuild/include_internal/');
|
||||||
|
-
|
||||||
- Fs.exists(dependencyDir + '/cnacl/jsbuild/libnacl.a', waitFor(function (exists) {
|
- Fs.exists(dependencyDir + '/cnacl/jsbuild/libnacl.a', waitFor(function (exists) {
|
||||||
- if (exists) { return; }
|
- if (exists) { return; }
|
||||||
-
|
-
|
||||||
@ -46,7 +49,7 @@ diff -up ./node_build/make.js.dyn ./node_build/make.js
|
|||||||
|
|
||||||
}).nThen(function (waitFor) {
|
}).nThen(function (waitFor) {
|
||||||
|
|
||||||
@@ -423,7 +391,7 @@ Builder.configure({
|
@@ -430,7 +395,7 @@ Builder.configure({
|
||||||
builder.buildExecutable('crypto/random/randombytes.c');
|
builder.buildExecutable('crypto/random/randombytes.c');
|
||||||
|
|
||||||
builder.lintFiles(function (fileName, file, callback) {
|
builder.lintFiles(function (fileName, file, callback) {
|
||||||
|
@ -1,6 +1,23 @@
|
|||||||
|
diff -up ./contrib/systemd/cjdns-loadmodules.service.sbin ./contrib/systemd/cjdns-loadmodules.service
|
||||||
|
--- ./contrib/systemd/cjdns-loadmodules.service.sbin 2016-08-15 13:39:48.892573194 -0400
|
||||||
|
+++ ./contrib/systemd/cjdns-loadmodules.service 2016-08-15 13:47:24.336772295 -0400
|
||||||
|
@@ -0,0 +1,13 @@
|
||||||
|
+[Unit]
|
||||||
|
+Description=Load cjdns kernel modules
|
||||||
|
+# Load kernel modules needed by cjdns so that it doesn't need the privilege
|
||||||
|
+Before=cjdns.service
|
||||||
|
+# Do not try to load modules in containers like openvz
|
||||||
|
+ConditionVirtualization=!container
|
||||||
|
+
|
||||||
|
+[Service]
|
||||||
|
+Type=oneshot
|
||||||
|
+ExecStart=/usr/sbin/modprobe tun
|
||||||
|
+
|
||||||
|
+[Install]
|
||||||
|
+WantedBy=multi-user.target
|
||||||
diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.sh
|
diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.sh
|
||||||
--- ./contrib/systemd/cjdns-online.sh.sbin 2016-06-23 22:49:23.703114380 -0400
|
--- ./contrib/systemd/cjdns-online.sh.sbin 2016-08-15 13:33:11.356021398 -0400
|
||||||
+++ ./contrib/systemd/cjdns-online.sh 2016-06-23 22:51:50.666731442 -0400
|
+++ ./contrib/systemd/cjdns-online.sh 2016-08-15 13:33:11.356021398 -0400
|
||||||
@@ -0,0 +1,90 @@
|
@@ -0,0 +1,90 @@
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+# Check whether cjdns IPs are available
|
+# Check whether cjdns IPs are available
|
||||||
@ -94,25 +111,34 @@ diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.s
|
|||||||
+fi
|
+fi
|
||||||
diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
|
diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
|
||||||
--- ./contrib/systemd/cjdns.service.sbin 2016-06-14 17:58:54.000000000 -0400
|
--- ./contrib/systemd/cjdns.service.sbin 2016-06-14 17:58:54.000000000 -0400
|
||||||
+++ ./contrib/systemd/cjdns.service 2016-06-23 22:49:23.703114380 -0400
|
+++ ./contrib/systemd/cjdns.service 2016-08-15 13:56:20.198792714 -0400
|
||||||
@@ -9,10 +9,11 @@ ProtectSystem=true
|
@@ -1,18 +1,20 @@
|
||||||
|
[Unit]
|
||||||
|
Description=cjdns: routing engine designed for security, scalability, speed and ease of use
|
||||||
|
Wants=network.target
|
||||||
|
-After=network.target
|
||||||
|
+After=network.target cjdns-loadmodules.service
|
||||||
|
+Requires=cjdns-loadmodules.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ProtectHome=true
|
||||||
|
ProtectSystem=true
|
||||||
SyslogIdentifier=cjdroute
|
SyslogIdentifier=cjdroute
|
||||||
|
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_AUDIT_CONTROL
|
||||||
ExecStartPre=/bin/sh -ec "if ! test -s /etc/cjdroute.conf; \
|
ExecStartPre=/bin/sh -ec "if ! test -s /etc/cjdroute.conf; \
|
||||||
then umask 077; \
|
then umask 077; \
|
||||||
- /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \
|
- /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \
|
||||||
+ /usr/sbin/cjdroute --genconf | cat > /etc/cjdroute.conf; \
|
+ /usr/sbin/cjdroute --genconf | cat > /etc/cjdroute.conf; \
|
||||||
echo 'WARNING: A new /etc/cjdroute.conf file has been generated.'; \
|
echo 'WARNING: A new /etc/cjdroute.conf file has been generated.'; \
|
||||||
- fi"
|
fi"
|
||||||
-ExecStart=/bin/sh -c "exec cjdroute --nobg < /etc/cjdroute.conf"
|
-ExecStart=/bin/sh -c "exec cjdroute --nobg < /etc/cjdroute.conf"
|
||||||
+ fi; case $(wc -c /proc/modules) in \
|
|
||||||
+ 0*) ;; *) /sbin/modprobe tun;; esac"
|
|
||||||
+ExecStart=/bin/sh -c "exec /usr/sbin/cjdroute --nobg < /etc/cjdroute.conf"
|
+ExecStart=/bin/sh -c "exec /usr/sbin/cjdroute --nobg < /etc/cjdroute.conf"
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdns-wait-online.service
|
diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdns-wait-online.service
|
||||||
--- ./contrib/systemd/cjdns-wait-online.service.sbin 2016-06-23 22:49:23.703114380 -0400
|
--- ./contrib/systemd/cjdns-wait-online.service.sbin 2016-08-15 13:33:11.356021398 -0400
|
||||||
+++ ./contrib/systemd/cjdns-wait-online.service 2016-06-23 22:49:23.703114380 -0400
|
+++ ./contrib/systemd/cjdns-wait-online.service 2016-08-15 13:33:11.356021398 -0400
|
||||||
@@ -0,0 +1,13 @@
|
@@ -0,0 +1,13 @@
|
||||||
+[Unit]
|
+[Unit]
|
||||||
+Description=CJDNS Wait Online
|
+Description=CJDNS Wait Online
|
||||||
@ -129,7 +155,7 @@ diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdn
|
|||||||
+WantedBy=multi-user.target
|
+WantedBy=multi-user.target
|
||||||
diff -up ./contrib/upstart/cjdns.conf.sbin ./contrib/upstart/cjdns.conf
|
diff -up ./contrib/upstart/cjdns.conf.sbin ./contrib/upstart/cjdns.conf
|
||||||
--- ./contrib/upstart/cjdns.conf.sbin 2016-06-14 17:58:54.000000000 -0400
|
--- ./contrib/upstart/cjdns.conf.sbin 2016-06-14 17:58:54.000000000 -0400
|
||||||
+++ ./contrib/upstart/cjdns.conf 2016-06-23 22:49:23.703114380 -0400
|
+++ ./contrib/upstart/cjdns.conf 2016-08-15 13:33:11.356021398 -0400
|
||||||
@@ -13,10 +13,16 @@ pre-start script
|
@@ -13,10 +13,16 @@ pre-start script
|
||||||
if ! [ -s /etc/cjdroute.conf ]; then
|
if ! [ -s /etc/cjdroute.conf ]; then
|
||||||
( # start a subshell to avoid side effects of umask later on
|
( # start a subshell to avoid side effects of umask later on
|
||||||
|
36
cjdns.sign.patch
Normal file
36
cjdns.sign.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
diff -up ./crypto/Sign.c.sign ./crypto/Sign.c
|
||||||
|
--- ./crypto/Sign.c.sign 2016-10-11 17:39:44.000000000 -0400
|
||||||
|
+++ ./crypto/Sign.c 2016-10-14 20:59:49.143754098 -0400
|
||||||
|
@@ -13,6 +13,7 @@
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#ifdef SUBNODE
|
||||||
|
#include "crypto/Sign.h"
|
||||||
|
|
||||||
|
#include "node_build/dependencies/cnacl/crypto_sign/ed25519/ref10/ge.h"
|
||||||
|
@@ -110,3 +111,6 @@ int Sign_publicSigningKeyToCurve25519(ui
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+#else
|
||||||
|
+#pragma GCC diagnostic ignored "-Wpedantic"
|
||||||
|
+#endif // SUBNODE
|
||||||
|
diff -up ./crypto/test/Sign_test.c.sign ./crypto/test/Sign_test.c
|
||||||
|
--- ./crypto/test/Sign_test.c.sign 2016-10-11 17:39:44.000000000 -0400
|
||||||
|
+++ ./crypto/test/Sign_test.c 2016-10-14 20:57:28.737064976 -0400
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
+#ifdef SUBNODE
|
||||||
|
struct Allocator* alloc = MallocAllocator_new(1048576);
|
||||||
|
struct Log* logger = FileWriterLog_new(stdout, alloc);
|
||||||
|
struct Random* rand = Random_new(alloc, logger, NULL);
|
||||||
|
@@ -42,5 +43,6 @@ int main()
|
||||||
|
Assert_true(!Sign_verifyMsg(&signingKeyPair[32], msg));
|
||||||
|
Assert_true(!Sign_publicSigningKeyToCurve25519(curve25519publicB, &signingKeyPair[32]));
|
||||||
|
Assert_true(!Bits_memcmp(curve25519publicB, curve25519public, 32));
|
||||||
|
+#endif // SUBNODE
|
||||||
|
return 0;
|
||||||
|
}
|
@ -1,13 +1,16 @@
|
|||||||
diff -up ./node_build/make.js.dyn ./node_build/make.js
|
diff -up ./node_build/make.js.sodium ./node_build/make.js
|
||||||
--- ./node_build/make.js.dyn 2015-11-02 17:59:41.000000000 -0500
|
--- ./node_build/make.js.sodium 2016-10-11 17:39:44.000000000 -0400
|
||||||
+++ ./node_build/make.js 2015-11-04 19:57:49.961155943 -0500
|
+++ ./node_build/make.js 2016-10-14 22:23:23.711086438 -0400
|
||||||
@@ -238,41 +238,9 @@ Builder.configure({
|
@@ -252,44 +252,8 @@ Builder.configure({
|
||||||
|
|
||||||
}).nThen(function (waitFor) {
|
}).nThen(function (waitFor) {
|
||||||
|
|
||||||
- builder.config.libs.push(dependencyDir + '/cnacl/jsbuild/libnacl.a');
|
- builder.config.libs.push(dependencyDir + '/cnacl/jsbuild/libnacl.a');
|
||||||
- builder.config.includeDirs.push(dependencyDir + '/cnacl/jsbuild/include/');
|
- builder.config.includeDirs.push(dependencyDir + '/cnacl/jsbuild/include/');
|
||||||
-
|
-
|
||||||
|
- // needed for Sign.c which pulls in crypto_int32.h
|
||||||
|
- builder.config.includeDirs.push(dependencyDir + '/cnacl/jsbuild/include_internal/');
|
||||||
|
-
|
||||||
- Fs.exists(dependencyDir + '/cnacl/jsbuild/libnacl.a', waitFor(function (exists) {
|
- Fs.exists(dependencyDir + '/cnacl/jsbuild/libnacl.a', waitFor(function (exists) {
|
||||||
- if (exists) { return; }
|
- if (exists) { return; }
|
||||||
-
|
-
|
||||||
@ -41,12 +44,11 @@ diff -up ./node_build/make.js.dyn ./node_build/make.js
|
|||||||
- }));
|
- }));
|
||||||
- }));
|
- }));
|
||||||
+ builder.config.libs.push('-lsodium');
|
+ builder.config.libs.push('-lsodium');
|
||||||
+ builder.config.libs.push('-lstdc++');
|
|
||||||
+ builder.config.includeDirs.push('/usr/include/sodium/');
|
+ builder.config.includeDirs.push('/usr/include/sodium/');
|
||||||
|
|
||||||
}).nThen(function (waitFor) {
|
}).nThen(function (waitFor) {
|
||||||
|
|
||||||
@@ -411,7 +379,7 @@ Builder.configure({
|
@@ -430,7 +394,7 @@ Builder.configure({
|
||||||
builder.buildExecutable('crypto/random/randombytes.c');
|
builder.buildExecutable('crypto/random/randombytes.c');
|
||||||
|
|
||||||
builder.lintFiles(function (fileName, file, callback) {
|
builder.lintFiles(function (fileName, file, callback) {
|
||||||
|
40
cjdns.spec
40
cjdns.spec
@ -4,7 +4,11 @@
|
|||||||
# Use the optimized libnacl embedded with cjdns
|
# Use the optimized libnacl embedded with cjdns
|
||||||
%global use_embedded 0
|
%global use_embedded 0
|
||||||
# Use libsodium instead of nacl
|
# Use libsodium instead of nacl
|
||||||
%global use_libsodium 0
|
%global use_libsodium 1
|
||||||
|
# Option to enable SUBNODE mode (WIP)
|
||||||
|
%bcond_with subnode
|
||||||
|
# Option to disable SECCOMP: confusing backward logic
|
||||||
|
%bcond_without seccomp
|
||||||
|
|
||||||
%if 0%{use_libsodium}
|
%if 0%{use_libsodium}
|
||||||
%global nacl_name libsodium
|
%global nacl_name libsodium
|
||||||
@ -38,8 +42,8 @@
|
|||||||
|
|
||||||
Name: cjdns
|
Name: cjdns
|
||||||
# major version is cjdns protocol version:
|
# major version is cjdns protocol version:
|
||||||
Version: 17.4
|
Version: 18
|
||||||
Release: 4%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: The privacy-friendly network without borders
|
Summary: The privacy-friendly network without borders
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
# cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
|
||||||
@ -84,6 +88,8 @@ Patch9: cjdns.man.patch
|
|||||||
Patch10: cjdns.tools.patch
|
Patch10: cjdns.tools.patch
|
||||||
# Alternate dynamic library patch to use libsodium
|
# Alternate dynamic library patch to use libsodium
|
||||||
Patch11: cjdns.sodium.patch
|
Patch11: cjdns.sodium.patch
|
||||||
|
# Disable WIP subnode code when SUBNODE not enabled
|
||||||
|
Patch12: cjdns.sign.patch
|
||||||
|
|
||||||
BuildRequires: nodejs, nodejs-ronn
|
BuildRequires: nodejs, nodejs-ronn
|
||||||
|
|
||||||
@ -104,6 +110,9 @@ Requires(postun): systemd
|
|||||||
%endif
|
%endif
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Provides: bundled(libuv) = 0.11.4
|
Provides: bundled(libuv) = 0.11.4
|
||||||
|
%if 0%{use_embedded}
|
||||||
|
Provides: bundled(nacl) = 20110221
|
||||||
|
%endif
|
||||||
# build system requires nodejs, unfortunately
|
# build system requires nodejs, unfortunately
|
||||||
ExclusiveArch: %{nodejs_arches}
|
ExclusiveArch: %{nodejs_arches}
|
||||||
|
|
||||||
@ -185,6 +194,7 @@ elif test -d %{_includedir}/nacl && test -r %{_libdir}/libnacl.a; then
|
|||||||
ln -s %{_includedir}/nacl cnacl/jsbuild/include
|
ln -s %{_includedir}/nacl cnacl/jsbuild/include
|
||||||
cd -
|
cd -
|
||||||
fi
|
fi
|
||||||
|
%patch12 -b .sign
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if !0%{?rhel} || 0%{?rhel} > 6
|
%if !0%{?rhel} || 0%{?rhel} > 6
|
||||||
@ -221,7 +231,12 @@ cd contrib/selinux
|
|||||||
ln -s /usr/share/selinux/devel/Makefile .
|
ln -s /usr/share/selinux/devel/Makefile .
|
||||||
make
|
make
|
||||||
cd -
|
cd -
|
||||||
|
|
||||||
# nodejs based build system
|
# nodejs based build system
|
||||||
|
|
||||||
|
%if !%{with seccomp}
|
||||||
|
export Seccomp_NO=1
|
||||||
|
%endif
|
||||||
CJDNS_RELEASE_VERSION="%{name}-%{version}-%{release}" ./do
|
CJDNS_RELEASE_VERSION="%{name}-%{version}-%{release}" ./do
|
||||||
|
|
||||||
# FIXME: use system libuv on compatible systems
|
# FIXME: use system libuv on compatible systems
|
||||||
@ -467,6 +482,25 @@ fi
|
|||||||
%{_bindir}/graphStats
|
%{_bindir}/graphStats
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 14 2016 Stuart D. Gathman <stuart@gathman.org> 18-3
|
||||||
|
- libstdc++ not needed with libsodium
|
||||||
|
|
||||||
|
* Fri Oct 14 2016 Stuart D. Gathman <stuart@gathman.org> 18-2
|
||||||
|
- Remove Sign.c which uses a private API and isn't needed until supernodes.
|
||||||
|
- Use libsodium by default: seems best performance of dynamic libraries
|
||||||
|
|
||||||
|
* Wed Oct 12 2016 Stuart D. Gathman <stuart@gathman.org> 18-1
|
||||||
|
- Update to 18 upstream release
|
||||||
|
|
||||||
|
* Mon Aug 15 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-7
|
||||||
|
- Move modprobe to cjdns-loadmodules.service
|
||||||
|
|
||||||
|
* Wed Aug 10 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-6
|
||||||
|
- Fix logic for %%bcond_without seccomp
|
||||||
|
|
||||||
|
* Wed Aug 10 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-5
|
||||||
|
- cjdns.service: add CapabilityBoundingSet
|
||||||
|
|
||||||
* Fri Jun 24 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-4
|
* Fri Jun 24 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-4
|
||||||
- cjdns-selinux: allow cjdroute to manipulate route table
|
- cjdns-selinux: allow cjdroute to manipulate route table
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user