From 61e6b5d03992bb72deb00f6ee518fc122fee59ef Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 12 Sep 2018 09:58:03 +0200 Subject: Cynagora: Replace cynara with cynagora MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Shift from the permission database cynara to cynagora permission database with a compatibility library. The cache size required by dbus-cynara is updated because that size is now a count of bytes, not a count of entries. Bug-AGL: SPEC-2844 Change-Id: I9a81de6e3b8bcb94adc0bb05c63183c2eda3f310 Signed-off-by: José Bollo --- .../cynagora/cynagora-cynara-compat_2.0.bb | 30 +++ .../recipes-security/cynagora/cynagora/run-ptest | 4 + .../recipes-security/cynagora/cynagora_2.0.bb | 38 ++++ .../cynara/cynara/0001-Add-fallthrough-tags.patch | 57 ----- .../0001-fix-fallthrough-in-cmdlineparser.patch | 35 --- ...uires-include-functional-for-std-function.patch | 36 ---- ...void-warning-when-compiling-without-smack.patch | 43 ---- .../cynara/cynara/0004-Fix-mode-of-sockets.patch | 42 ---- .../cynara/cynara/0005-Allow-to-tune-sockets.patch | 237 --------------------- ...0006-Install-socket-activation-by-default.patch | 78 ------- .../cynara-db-migration-abort-on-errors.patch | 29 --- .../recipes-security/cynara/cynara/run-ptest | 4 - .../recipes-security/cynara/cynara_0.14.10.bb | 157 -------------- 13 files changed, 72 insertions(+), 718 deletions(-) create mode 100644 meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.0.bb create mode 100755 meta-security/recipes-security/cynagora/cynagora/run-ptest create mode 100644 meta-security/recipes-security/cynagora/cynagora_2.0.bb delete mode 100644 meta-security/recipes-security/cynara/cynara/0001-Add-fallthrough-tags.patch delete mode 100644 meta-security/recipes-security/cynara/cynara/0001-fix-fallthrough-in-cmdlineparser.patch delete mode 100644 meta-security/recipes-security/cynara/cynara/0002-gcc-7-requires-include-functional-for-std-function.patch delete mode 100644 meta-security/recipes-security/cynara/cynara/0003-Avoid-warning-when-compiling-without-smack.patch delete mode 100644 meta-security/recipes-security/cynara/cynara/0004-Fix-mode-of-sockets.patch delete mode 100644 meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch delete mode 100644 meta-security/recipes-security/cynara/cynara/0006-Install-socket-activation-by-default.patch delete mode 100644 meta-security/recipes-security/cynara/cynara/cynara-db-migration-abort-on-errors.patch delete mode 100755 meta-security/recipes-security/cynara/cynara/run-ptest delete mode 100644 meta-security/recipes-security/cynara/cynara_0.14.10.bb (limited to 'meta-security/recipes-security') diff --git a/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.0.bb b/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.0.bb new file mode 100644 index 000000000..fa5cdbadc --- /dev/null +++ b/meta-security/recipes-security/cynagora/cynagora-cynara-compat_2.0.bb @@ -0,0 +1,30 @@ +DESCRIPTION = "Cynara service with client libraries" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://Apache-2.0;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagora;protocol=https;branch=${AGL_BRANCH}" +SRCREV = "6c88efcb7b1361ba6389753e520e26fc556b7d79" +PV = "2.0+git${SRCPV}" + +S = "${WORKDIR}/git" + +inherit cmake + +PROVIDES = "cynara" +RPROVIDES_${PN} = "cynara" +DEPENDS = "libcap" +RDEPENDS_${PN} = "cynagora" + +EXTRA_OECMAKE += " \ + -DWITH_SYSTEMD=OFF \ + -DWITH_CYNARA_COMPAT=ON \ + -DDIRECT_CYNARA_COMPAT=ON \ +" + +do_install_append() { + # remove cynagora stuff + rm $(find ${D} -name '*cynagora*') + # remove stupid test + rm -r ${D}${bindir} +} + diff --git a/meta-security/recipes-security/cynagora/cynagora/run-ptest b/meta-security/recipes-security/cynagora/cynagora/run-ptest new file mode 100755 index 000000000..f95f0725b --- /dev/null +++ b/meta-security/recipes-security/cynagora/cynagora/run-ptest @@ -0,0 +1,4 @@ +#!/bin/sh + +# test access to cynagora server +cynagora-admin list > /dev/null diff --git a/meta-security/recipes-security/cynagora/cynagora_2.0.bb b/meta-security/recipes-security/cynagora/cynagora_2.0.bb new file mode 100644 index 000000000..77af839d8 --- /dev/null +++ b/meta-security/recipes-security/cynagora/cynagora_2.0.bb @@ -0,0 +1,38 @@ +DESCRIPTION = "Cynara service with client libraries" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://Apache-2.0;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/cynagora;protocol=https;branch=${AGL_BRANCH}" +SRCREV = "6c88efcb7b1361ba6389753e520e26fc556b7d79" +PV = "2.0+git${SRCPV}" + +S = "${WORKDIR}/git" + +DEPENDS = "systemd libcap" + +inherit cmake + +EXTRA_OECMAKE += " \ + -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir} \ + -DWITH_SYSTEMD=ON \ + -DWITH_CYNARA_COMPAT=OFF \ +" + +inherit useradd +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "-r cynagora" +USERADD_PARAM_${PN} = "\ +--system --home ${localstatedir}/lib/empty \ +--no-create-home --shell /bin/false \ +--gid cynagora cynagora \ +" + +FILES_${PN} += "${systemd_system_unitdir}" + +PACKAGES =+ "${PN}-tools" +FILES_${PN}-tools += "${bindir}/cynagora-admin ${bindir}/cynagora-agent" +RDEPENDS_${PN}_append_agl-devel = " ${PN}-tools" + +inherit ptest +SRC_URI_append = " file://run-ptest" +RDEPENDS_${PN}-ptest_append = " ${PN}-tools" diff --git a/meta-security/recipes-security/cynara/cynara/0001-Add-fallthrough-tags.patch b/meta-security/recipes-security/cynara/cynara/0001-Add-fallthrough-tags.patch deleted file mode 100644 index e1d0cfac9..000000000 --- a/meta-security/recipes-security/cynara/cynara/0001-Add-fallthrough-tags.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 8bf90bf3e7a821dbd3b7029d87aa592eec6f1754 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Thu, 25 Jan 2018 12:00:18 +0100 -Subject: [PATCH] Add fallthrough tags -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -GCC 7 emits a warning when the tag /*@fallthrough@*/ -doesn't appear in a switch case when a case continue -to the next after some processing. - -Change-Id: I420e3788a4c0a6d910a1214964c5480bbd12708c -Signed-off-by: José Bollo - ---- - src/admin/api/admin-api.cpp | 1 + - src/client-async/logic/Logic.cpp | 1 + - src/common/sockets/SocketClient.cpp | 1 + - 3 files changed, 3 insertions(+) - -diff --git a/src/admin/api/admin-api.cpp b/src/admin/api/admin-api.cpp -index c638f41..aafa45e 100644 ---- a/src/admin/api/admin-api.cpp -+++ b/src/admin/api/admin-api.cpp -@@ -146,6 +146,7 @@ int cynara_admin_set_policies(struct cynara_admin *p_cynara_admin, - case CYNARA_ADMIN_BUCKET: - if (!isStringValid(policy->result_extra)) - return CYNARA_API_INVALID_PARAM; -+ /*@fallthrough@*/ - default: - { - std::string extraStr = policy->result_extra ? policy->result_extra : ""; -diff --git a/src/client-async/logic/Logic.cpp b/src/client-async/logic/Logic.cpp -index 5ae0251..c1d6c33 100644 ---- a/src/client-async/logic/Logic.cpp -+++ b/src/client-async/logic/Logic.cpp -@@ -233,6 +233,7 @@ bool Logic::processOut(void) { - case Socket::SendStatus::ALL_DATA_SENT: - onStatusChange(m_socketClient.getSockFd(), - cynara_async_status::CYNARA_STATUS_FOR_READ); -+ /*@fallthrough@*/ - case Socket::SendStatus::PARTIAL_DATA_SENT: - return true; - default: -diff --git a/src/common/sockets/SocketClient.cpp b/src/common/sockets/SocketClient.cpp -index b1ca4f7..f4394e5 100644 ---- a/src/common/sockets/SocketClient.cpp -+++ b/src/common/sockets/SocketClient.cpp -@@ -45,6 +45,7 @@ bool SocketClient::connect(void) { - LOGW("Error connecting to Cynara. Service not available."); - return false; - } -+ /*@fallthrough@*/ - default: - return true; - } diff --git a/meta-security/recipes-security/cynara/cynara/0001-fix-fallthrough-in-cmdlineparser.patch b/meta-security/recipes-security/cynara/cynara/0001-fix-fallthrough-in-cmdlineparser.patch deleted file mode 100644 index 40e11ce5d..000000000 --- a/meta-security/recipes-security/cynara/cynara/0001-fix-fallthrough-in-cmdlineparser.patch +++ /dev/null @@ -1,35 +0,0 @@ -From ca28ec4a0781a1ab9ec5f015387436beb51adfc3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan-Simon=20M=C3=B6ller?= -Date: Fri, 19 Oct 2018 08:09:28 +0000 -Subject: [PATCH] fix fallthrough in cmdlineparser -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Jan-Simon Möller - ---- - src/service/main/CmdlineParser.cpp | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/service/main/CmdlineParser.cpp b/src/service/main/CmdlineParser.cpp -index ca56e39..e07ea52 100644 ---- a/src/service/main/CmdlineParser.cpp -+++ b/src/service/main/CmdlineParser.cpp -@@ -112,13 +112,16 @@ struct CmdLineOptions handleCmdlineOptions(int argc, char * const *argv) { - case ':': // Missing argument - ret.m_error = true; - ret.m_exit = true; -+ /*@fallthrough@*/ - switch (optopt) { - case CmdlineOpt::Mask: - case CmdlineOpt::User: - case CmdlineOpt::Group: - printMissingArgument(execName, argv[optind - 1]); - return ret; -+ /*@fallthrough@*/ - } -+ /*@fallthrough@*/ - //intentional fall to Unknown option - case '?': // Unknown option - default: diff --git a/meta-security/recipes-security/cynara/cynara/0002-gcc-7-requires-include-functional-for-std-function.patch b/meta-security/recipes-security/cynara/cynara/0002-gcc-7-requires-include-functional-for-std-function.patch deleted file mode 100644 index b8dbfac4d..000000000 --- a/meta-security/recipes-security/cynara/cynara/0002-gcc-7-requires-include-functional-for-std-function.patch +++ /dev/null @@ -1,36 +0,0 @@ -From e2d8414b0d1c6c59baf1bb73e856e93aaabaf955 Mon Sep 17 00:00:00 2001 -From: Changhyeok Bae -Date: Sun, 17 Dec 2017 15:28:28 +0000 -Subject: [PATCH] gcc-7 requires include for std::function - -Signed-off-by: Changhyeok Bae - ---- - src/common/types/PolicyBucket.h | 1 + - src/cyad/AdminPolicyParser.h | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/src/common/types/PolicyBucket.h b/src/common/types/PolicyBucket.h -index 029d3dd..1bceeca 100644 ---- a/src/common/types/PolicyBucket.h -+++ b/src/common/types/PolicyBucket.h -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - - #include - #include -diff --git a/src/cyad/AdminPolicyParser.h b/src/cyad/AdminPolicyParser.h -index 53dde23..f38c194 100644 ---- a/src/cyad/AdminPolicyParser.h -+++ b/src/cyad/AdminPolicyParser.h -@@ -25,6 +25,7 @@ - - #include - #include -+#include - - #include - diff --git a/meta-security/recipes-security/cynara/cynara/0003-Avoid-warning-when-compiling-without-smack.patch b/meta-security/recipes-security/cynara/cynara/0003-Avoid-warning-when-compiling-without-smack.patch deleted file mode 100644 index 1b105a00c..000000000 --- a/meta-security/recipes-security/cynara/cynara/0003-Avoid-warning-when-compiling-without-smack.patch +++ /dev/null @@ -1,43 +0,0 @@ -From fdcf2a68a4bfec588b1c6c969caa0be20961b807 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Thu, 25 Jan 2018 11:38:16 +0100 -Subject: [PATCH] Avoid warning when compiling without smack -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When DB_FILES_SMACK_LABEL is not defined, cmake complains -with the following message: - -> -- Checking for modules '' -> Please specify at least one package name on the command line. - -Change-Id: Ie837cae81114d096f951ec0ee4ada4173fb60190 -Signed-off-by: José Bollo - ---- - src/admin/CMakeLists.txt | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/admin/CMakeLists.txt b/src/admin/CMakeLists.txt -index e4f354a..38b8669 100644 ---- a/src/admin/CMakeLists.txt -+++ b/src/admin/CMakeLists.txt -@@ -23,12 +23,12 @@ IF (DB_FILES_SMACK_LABEL) - SET(SMACK "smack") - SET(LIBSMACK "libsmack") - ADD_DEFINITIONS("-DDB_FILES_SMACK_LABEL=\"${DB_FILES_SMACK_LABEL}\"") --ENDIF (DB_FILES_SMACK_LABEL) - --PKG_CHECK_MODULES(CYNARA_ADMIN_API_DEP -- REQUIRED -- ${LIBSMACK} -- ) -+ PKG_CHECK_MODULES(CYNARA_ADMIN_API_DEP -+ REQUIRED -+ ${LIBSMACK} -+ ) -+ENDIF (DB_FILES_SMACK_LABEL) - - SET(CYNARA_LIB_CYNARA_ADMIN_PATH ${CYNARA_PATH}/admin) - diff --git a/meta-security/recipes-security/cynara/cynara/0004-Fix-mode-of-sockets.patch b/meta-security/recipes-security/cynara/cynara/0004-Fix-mode-of-sockets.patch deleted file mode 100644 index f19cdfb50..000000000 --- a/meta-security/recipes-security/cynara/cynara/0004-Fix-mode-of-sockets.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 233fb8a93343c3c9c04914e1148ef5ab87a808a1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Thu, 25 Jan 2018 12:52:39 +0100 -Subject: [PATCH] Fix mode of sockets -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Setting execution bit on the socket serves nothing. - -Change-Id: I2ca1ea8e0c369ee5517878e92073ace0e50f9f10 -Signed-off-by: José Bollo - ---- - systemd/cynara-admin.socket | 2 +- - systemd/cynara.socket | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket -index 2d1aea4..ed38386 100644 ---- a/systemd/cynara-admin.socket -+++ b/systemd/cynara-admin.socket -@@ -1,6 +1,6 @@ - [Socket] - ListenStream=/run/cynara/cynara-admin.socket --SocketMode=0700 -+SocketMode=0600 - SmackLabelIPIn=@ - SmackLabelIPOut=@ - -diff --git a/systemd/cynara.socket b/systemd/cynara.socket -index 9f2a870..fad2745 100644 ---- a/systemd/cynara.socket -+++ b/systemd/cynara.socket -@@ -1,6 +1,6 @@ - [Socket] - ListenStream=/run/cynara/cynara.socket --SocketMode=0777 -+SocketMode=0666 - SmackLabelIPIn=* - SmackLabelIPOut=@ - diff --git a/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch b/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch deleted file mode 100644 index e954c7f21..000000000 --- a/meta-security/recipes-security/cynara/cynara/0005-Allow-to-tune-sockets.patch +++ /dev/null @@ -1,237 +0,0 @@ -From ebde8e9fdba7bc1c8152f7e45c551030a36ece82 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Thu, 25 Jan 2018 13:47:37 +0100 -Subject: [PATCH] Allow to tune sockets -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Allow to change the directory of sockets -through a true integration of SOCKET_DIR - -Allow to override the socket's group of - - /run/cynara/cynara-agent.socket - - /run/cynara/cynara-monitor-get.socket - -through the newly defined variable CYNARA_ADMIN_SOCKET_GROUP - -Change-Id: I7d58854c328e948e3d6d7fa3fc00569fd08f8aef -Signed-off-by: José Bollo - ---- - systemd/CMakeLists.txt | 19 +++++++++++++++---- - systemd/cynara-admin.socket | 14 -------------- - systemd/cynara-admin.socket.in | 14 ++++++++++++++ - systemd/cynara-agent.socket | 15 --------------- - systemd/cynara-agent.socket.in | 15 +++++++++++++++ - systemd/cynara-monitor-get.socket | 15 --------------- - systemd/cynara-monitor-get.socket.in | 15 +++++++++++++++ - systemd/cynara.socket | 14 -------------- - systemd/cynara.socket.in | 14 ++++++++++++++ - 9 files changed, 73 insertions(+), 62 deletions(-) - delete mode 100644 systemd/cynara-admin.socket - create mode 100644 systemd/cynara-admin.socket.in - delete mode 100644 systemd/cynara-agent.socket - create mode 100644 systemd/cynara-agent.socket.in - delete mode 100644 systemd/cynara-monitor-get.socket - create mode 100644 systemd/cynara-monitor-get.socket.in - delete mode 100644 systemd/cynara.socket - create mode 100644 systemd/cynara.socket.in - -diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt -index 20accf0..1b75c12 100644 ---- a/systemd/CMakeLists.txt -+++ b/systemd/CMakeLists.txt -@@ -16,13 +16,24 @@ - # @author Lukasz Wojciechowski - # - -+SET(CYNARA_ADMIN_SOCKET_GROUP -+ "security_fw" -+ CACHE STRING -+ "Group to apply on administrative sockets") -+ -+ -+CONFIGURE_FILE(cynara.socket.in cynara.socket @ONLY) -+CONFIGURE_FILE(cynara-admin.socket.in cynara-admin.socket @ONLY) -+CONFIGURE_FILE(cynara-agent.socket.in cynara-agent.socket @ONLY) -+CONFIGURE_FILE(cynara-monitor-get.socket.in cynara-monitor-get.socket @ONLY) -+ - INSTALL(FILES - ${CMAKE_SOURCE_DIR}/systemd/cynara.service - ${CMAKE_SOURCE_DIR}/systemd/cynara.target -- ${CMAKE_SOURCE_DIR}/systemd/cynara.socket -- ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket -- ${CMAKE_SOURCE_DIR}/systemd/cynara-agent.socket -- ${CMAKE_SOURCE_DIR}/systemd/cynara-monitor-get.socket -+ ${CMAKE_BINARY_DIR}/systemd/cynara.socket -+ ${CMAKE_BINARY_DIR}/systemd/cynara-admin.socket -+ ${CMAKE_BINARY_DIR}/systemd/cynara-agent.socket -+ ${CMAKE_BINARY_DIR}/systemd/cynara-monitor-get.socket - DESTINATION - ${SYSTEMD_UNIT_DIR} - ) -diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket -deleted file mode 100644 -index ed38386..0000000 ---- a/systemd/cynara-admin.socket -+++ /dev/null -@@ -1,14 +0,0 @@ --[Socket] --ListenStream=/run/cynara/cynara-admin.socket --SocketMode=0600 --SmackLabelIPIn=@ --SmackLabelIPOut=@ -- --Service=cynara.service -- --[Unit] --Wants=cynara.target --Before=cynara.target -- --[Install] --WantedBy=sockets.target -diff --git a/systemd/cynara-admin.socket.in b/systemd/cynara-admin.socket.in -new file mode 100644 -index 0000000..2364c3e ---- /dev/null -+++ b/systemd/cynara-admin.socket.in -@@ -0,0 +1,14 @@ -+[Socket] -+ListenStream=@SOCKET_DIR@/cynara-admin.socket -+SocketMode=0600 -+SmackLabelIPIn=@ -+SmackLabelIPOut=@ -+ -+Service=cynara.service -+ -+[Unit] -+Wants=cynara.target -+Before=cynara.target -+ -+[Install] -+WantedBy=sockets.target -diff --git a/systemd/cynara-agent.socket b/systemd/cynara-agent.socket -deleted file mode 100644 -index 5a677e0..0000000 ---- a/systemd/cynara-agent.socket -+++ /dev/null -@@ -1,15 +0,0 @@ --[Socket] --ListenStream=/run/cynara/cynara-agent.socket --SocketGroup=security_fw --SocketMode=0060 --SmackLabelIPIn=* --SmackLabelIPOut=@ -- --Service=cynara.service -- --[Unit] --Wants=cynara.target --Before=cynara.target -- --[Install] --WantedBy=sockets.target -diff --git a/systemd/cynara-agent.socket.in b/systemd/cynara-agent.socket.in -new file mode 100644 -index 0000000..4f86c9d ---- /dev/null -+++ b/systemd/cynara-agent.socket.in -@@ -0,0 +1,15 @@ -+[Socket] -+ListenStream=@SOCKET_DIR@/cynara-agent.socket -+SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ -+SocketMode=0060 -+SmackLabelIPIn=* -+SmackLabelIPOut=@ -+ -+Service=cynara.service -+ -+[Unit] -+Wants=cynara.target -+Before=cynara.target -+ -+[Install] -+WantedBy=sockets.target -diff --git a/systemd/cynara-monitor-get.socket b/systemd/cynara-monitor-get.socket -deleted file mode 100644 -index a50feeb..0000000 ---- a/systemd/cynara-monitor-get.socket -+++ /dev/null -@@ -1,15 +0,0 @@ --[Socket] --ListenStream=/run/cynara/cynara-monitor-get.socket --SocketGroup=security_fw --SocketMode=0060 --SmackLabelIPIn=@ --SmackLabelIPOut=@ -- --Service=cynara.service -- --[Unit] --Wants=cynara.target --Before=cynara.target -- --[Install] --WantedBy=sockets.target -diff --git a/systemd/cynara-monitor-get.socket.in b/systemd/cynara-monitor-get.socket.in -new file mode 100644 -index 0000000..b88dbf7 ---- /dev/null -+++ b/systemd/cynara-monitor-get.socket.in -@@ -0,0 +1,15 @@ -+[Socket] -+ListenStream=@SOCKET_DIR@/cynara-monitor-get.socket -+SocketGroup=@CYNARA_ADMIN_SOCKET_GROUP@ -+SocketMode=0060 -+SmackLabelIPIn=@ -+SmackLabelIPOut=@ -+ -+Service=cynara.service -+ -+[Unit] -+Wants=cynara.target -+Before=cynara.target -+ -+[Install] -+WantedBy=sockets.target -diff --git a/systemd/cynara.socket b/systemd/cynara.socket -deleted file mode 100644 -index fad2745..0000000 ---- a/systemd/cynara.socket -+++ /dev/null -@@ -1,14 +0,0 @@ --[Socket] --ListenStream=/run/cynara/cynara.socket --SocketMode=0666 --SmackLabelIPIn=* --SmackLabelIPOut=@ -- --Service=cynara.service -- --[Unit] --Wants=cynara.target --Before=cynara.target -- --[Install] --WantedBy=sockets.target -diff --git a/systemd/cynara.socket.in b/systemd/cynara.socket.in -new file mode 100644 -index 0000000..ba76549 ---- /dev/null -+++ b/systemd/cynara.socket.in -@@ -0,0 +1,14 @@ -+[Socket] -+ListenStream=@SOCKET_DIR@/cynara.socket -+SocketMode=0666 -+SmackLabelIPIn=* -+SmackLabelIPOut=@ -+ -+Service=cynara.service -+ -+[Unit] -+Wants=cynara.target -+Before=cynara.target -+ -+[Install] -+WantedBy=sockets.target diff --git a/meta-security/recipes-security/cynara/cynara/0006-Install-socket-activation-by-default.patch b/meta-security/recipes-security/cynara/cynara/0006-Install-socket-activation-by-default.patch deleted file mode 100644 index 68864f1ed..000000000 --- a/meta-security/recipes-security/cynara/cynara/0006-Install-socket-activation-by-default.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 23f1a7cb34dd4ef88bac5a43057feaf7f50559aa Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Bollo?= -Date: Thu, 25 Jan 2018 14:09:23 +0100 -Subject: [PATCH] Install socket activation by default -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Change-Id: Ifd10c3800486689ed0ed6271df59760ccfbf6caf -Signed-off-by: José Bollo - ---- - packaging/cynara.spec | 5 ----- - systemd/CMakeLists.txt | 7 +++++++ - systemd/sockets.target.wants/cynara-admin.socket | 1 + - systemd/sockets.target.wants/cynara-agent.socket | 1 + - systemd/sockets.target.wants/cynara.socket | 1 + - 5 files changed, 10 insertions(+), 5 deletions(-) - create mode 120000 systemd/sockets.target.wants/cynara-admin.socket - create mode 120000 systemd/sockets.target.wants/cynara-agent.socket - create mode 120000 systemd/sockets.target.wants/cynara.socket - -diff --git a/packaging/cynara.spec b/packaging/cynara.spec -index d2e0b80..2c5b326 100644 ---- a/packaging/cynara.spec -+++ b/packaging/cynara.spec -@@ -72,12 +72,7 @@ make %{?jobs:-j%jobs} - rm -rf %{buildroot} - %make_install - --mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants - mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants --ln -s ../cynara.socket %{buildroot}%{_unitdir}/sockets.target.wants/cynara.socket --ln -s ../cynara-admin.socket %{buildroot}%{_unitdir}/sockets.target.wants/cynara-admin.socket --ln -s ../cynara-agent.socket %{buildroot}%{_unitdir}/sockets.target.wants/cynara-agent.socket --ln -s ../cynara-monitor-get.socket %{buildroot}%{_unitdir}/sockets.target.wants/cynara-monitor-get.socket - ln -s ../cynara.service %{buildroot}%{_unitdir}/multi-user.target.wants/cynara.service - - %post -diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt -index 1b75c12..9a2d70d 100644 ---- a/systemd/CMakeLists.txt -+++ b/systemd/CMakeLists.txt -@@ -38,3 +38,10 @@ INSTALL(FILES - ${SYSTEMD_UNIT_DIR} - ) - -+INSTALL(DIRECTORY -+ ${CMAKE_SOURCE_DIR}/systemd/sockets.target.wants -+ DESTINATION -+ ${SYSTEMD_UNIT_DIR} -+) -+ -+ -diff --git a/systemd/sockets.target.wants/cynara-admin.socket b/systemd/sockets.target.wants/cynara-admin.socket -new file mode 120000 -index 0000000..3d0b1ce ---- /dev/null -+++ b/systemd/sockets.target.wants/cynara-admin.socket -@@ -0,0 +1 @@ -+../cynara-admin.socket -\ No newline at end of file -diff --git a/systemd/sockets.target.wants/cynara-agent.socket b/systemd/sockets.target.wants/cynara-agent.socket -new file mode 120000 -index 0000000..22b37dd ---- /dev/null -+++ b/systemd/sockets.target.wants/cynara-agent.socket -@@ -0,0 +1 @@ -+../cynara-agent.socket -\ No newline at end of file -diff --git a/systemd/sockets.target.wants/cynara.socket b/systemd/sockets.target.wants/cynara.socket -new file mode 120000 -index 0000000..c0e5a5b ---- /dev/null -+++ b/systemd/sockets.target.wants/cynara.socket -@@ -0,0 +1 @@ -+../cynara.socket -\ No newline at end of file diff --git a/meta-security/recipes-security/cynara/cynara/cynara-db-migration-abort-on-errors.patch b/meta-security/recipes-security/cynara/cynara/cynara-db-migration-abort-on-errors.patch deleted file mode 100644 index c14418923..000000000 --- a/meta-security/recipes-security/cynara/cynara/cynara-db-migration-abort-on-errors.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 3605e9f8a3ea1252d1cf221398431e0d7a3ea34d Mon Sep 17 00:00:00 2001 -From: Patrick Ohly -Date: Mon, 23 Mar 2015 15:01:39 -0700 -Subject: [PATCH] cynara-db-migration.in: abort on errors - -"set -e" enables error checking for all commands invoked by the script. -Previously, errors were silently ignored. - -Upstream-status: Submitted [https://github.com/Samsung/cynara/pull/8] - -Signed-off-by: Patrick Ohly - ---- - migration/cynara-db-migration.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/migration/cynara-db-migration.in b/migration/cynara-db-migration.in -index 7b666d4..0682df6 100644 ---- a/migration/cynara-db-migration.in -+++ b/migration/cynara-db-migration.in -@@ -19,6 +19,8 @@ - # @brief Migration tool for Cynara's database - # - -+set -e -+ - ##### Constants (these must not be modified by shell) - - PATH=/bin:/usr/bin:/sbin:/usr/sbin diff --git a/meta-security/recipes-security/cynara/cynara/run-ptest b/meta-security/recipes-security/cynara/cynara/run-ptest deleted file mode 100755 index f8dd5d8b4..000000000 --- a/meta-security/recipes-security/cynara/cynara/run-ptest +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -cynara-tests | sed -e 's/^\[ *OK *\] \(\S*\)$/PASS: \1/' -e 's/^\[ *FAILED *\] \(\S*\)$/FAIL: \1/' -sh /usr/bin/cynara-db-migration-tests | sed -e 's/^Test .*(\([^)]*\)).*passed.*/PASS: \1/' -e 's/^Test .*(\([^)]*\)).*failed.*/FAIL: \1/' diff --git a/meta-security/recipes-security/cynara/cynara_0.14.10.bb b/meta-security/recipes-security/cynara/cynara_0.14.10.bb deleted file mode 100644 index 765c17bca..000000000 --- a/meta-security/recipes-security/cynara/cynara_0.14.10.bb +++ /dev/null @@ -1,157 +0,0 @@ -DESCRIPTION = "Cynara service with client libraries" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327;beginline=3" - -PV = "0.14.10+git${SRCPV}" -SRCREV = "be455dcaf1400bec0272a6ce90852b9147393a60" -SRC_URI = "git://github.com/Samsung/cynara.git" -S = "${WORKDIR}/git" - -SRC_URI += " \ - file://cynara-db-migration-abort-on-errors.patch \ - file://0001-Add-fallthrough-tags.patch \ - file://0002-gcc-7-requires-include-functional-for-std-function.patch \ - file://0003-Avoid-warning-when-compiling-without-smack.patch \ - file://0004-Fix-mode-of-sockets.patch \ - file://0005-Allow-to-tune-sockets.patch \ - file://0006-Install-socket-activation-by-default.patch \ - file://0001-fix-fallthrough-in-cmdlineparser.patch \ -" - -DEPENDS = " \ -systemd \ -" - -PACKAGECONFIG ??= "" -# Use debug mode to increase logging. Beware, also compiles with less optimization -# and thus has to disable FORTIFY_SOURCE below. -PACKAGECONFIG[debug] = "-DCMAKE_BUILD_TYPE=DEBUG,-DCMAKE_BUILD_TYPE=RELEASE,libunwind elfutils" - -inherit cmake - -EXTRA_OECMAKE += " \ - -DCMAKE_VERBOSE_MAKEFILE=ON \ - -DBUILD_WITH_SYSTEMD_DAEMON=ON \ - -DBUILD_WITH_SYSTEMD_JOURNAL=ON \ - -DSYSTEMD_UNIT_DIR=${systemd_system_unitdir} \ - -DSOCKET_DIR=/run/cynara \ - -DBUILD_COMMONS=ON \ - -DBUILD_SERVICE=ON \ - -DBUILD_DBUS=OFF \ - -DCYNARA_ADMIN_SOCKET_GROUP=cynara \ -" - -# Explicitly package empty directory. Otherwise Cynara prints warnings -# at runtime: -# cyad[198]: Couldn't scan for plugins in : -FILES_${PN}_append = " \ -${libdir}/cynara/plugin/service \ -${libdir}/cynara/plugin/client \ -" - -inherit useradd -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "-r cynara" -USERADD_PARAM_${PN} = "\ ---system --home ${localstatedir}/lib/empty \ ---no-create-home --shell /bin/false \ ---gid cynara cynara \ -" - -# Causes deadlock during booting, see workaround in postinst below. -#inherit systemd -#SYSTEMD_SERVICE_${PN} = "cynara.service" - -#do_install_append () { -# chmod a+rx ${D}/${sbindir}/cynara-db-migration -# -# install -d ${D}${sysconfdir}/cynara/ -# install -m 644 ${S}/conf/creds.conf ${D}/${sysconfdir}/cynara/creds.conf -# -# # No need to create empty directories except for those which -# # Cynara expects to find. -# # install -d ${D}${localstatedir}/cynara/ -# # install -d ${D}${prefix}/share/cynara/tests/empty_db -# install -d ${D}${libdir}/cynara/plugin/client -# install -d ${D}${libdir}/cynara/plugin/service -# -# # install db* ${D}${prefix}/share/cynara/tests/ -# -# install -d ${D}${systemd_system_unitdir}/sockets.target.wants -# ln -s ../cynara.socket ${D}${systemd_system_unitdir}/sockets.target.wants/cynara.socket -# ln -s ../cynara-admin.socket ${D}${systemd_system_unitdir}/sockets.target.wants/cynara-admin.socket -# ln -s ../cynara-agent.socket ${D}${systemd_system_unitdir}/sockets.target.wants/cynara-agent.socket -#} - -# We want the post-install logic to create and label /var/cynara, so -# it should not be in the package. -do_install_append () { - rmdir ${D}${localstatedir}/cynara -} - -FILES_${PN} += "${systemd_system_unitdir}" - -# Cynara itself has no dependency on Smack. Only its installation -# is Smack-aware in the sense that it sets Smack labels. Do not -# depend on smack userspace unless we really need Smack labels. -# -# The Tizen .spec file calls cynara-db-migration in a %pre section. -# That only works when cynara-db-migration is packaged separately -# (overly complex) and does not seem necessary: perhaps there is a -# time window where cynara might already get activated before -# the postinst completes, but that is a general problem. It gets -# avoided entirely when calling this script while building the -# rootfs. -DEPENDS_append_with-lsm-smack = " smack smack-native" -EXTRA_OECMAKE_append_with-lsm-smack = " -DDB_FILES_SMACK_LABEL=System" -CHSMACK_with-lsm-smack = "chsmack" -CHSMACK = "true" -pkg_postinst_ontarget_${PN} () { - mkdir -p $D${sysconfdir}/cynara - ${CHSMACK} -a System $D${sysconfdir}/cynara - - # Strip git patch level information, the version comparison code - # in cynara-db-migration only expect major.minor.patch version numbers. - VERSION=${@d.getVar('PV',d,1).split('+git')[0]} - if [ -d $D${localstatedir}/cynara ] ; then - # upgrade - echo "NOTE: updating cynara DB to version $VERSION" - $D${sbindir}/cynara-db-migration upgrade -f 0.0.0 -t $VERSION - else - # install - echo "NOTE: creating cynara DB for version $VERSION" - mkdir -p $D${localstatedir}/cynara - ${CHSMACK} -a System $D${localstatedir}/cynara - $D${sbindir}/cynara-db-migration install -t $VERSION - fi - - # Workaround for systemd.bbclass issue: it would call - # "systemctl start" without "--no-block", but because - # the service is not ready to run at the time when - # this scripts gets executed by run-postinsts.service, - # booting deadlocks. - echo "NOTE: enabling and starting cynara service" - systemctl enable cynara - systemctl start --no-block cynara -} - -# Testing depends on gmock and gtest. They can be found in meta-oe -# and are not necessarily available, so this feature is off by default. -# If gmock from meta-oe is used, then a workaround is needed to avoid -# a link error (libgmock.a calls pthread functions without libpthread -# being listed in the .pc file). -DEPENDS_append = "${@bb.utils.contains('PACKAGECONFIG', 'tests', ' gmock', '', d)}" -LDFLAGS_append = "${@bb.utils.contains('PACKAGECONFIG', 'tests', ' -lpthread', '', d)}" -SRC_URI_append = "${@bb.utils.contains('PACKAGECONFIG', 'tests', ' file://run-ptest', '', d)}" -PACKAGECONFIG[tests] = "-DBUILD_TESTS:BOOL=ON,-DBUILD_TESTS:BOOL=OFF,gmock gtest," - -# Will be empty if no tests were built. -inherit ptest -FILES_${PN}-ptest += "${bindir}/cynara-tests ${bindir}/cynara-db-migration-tests ${datadir}/cynara/tests" -do_install_ptest () { - if ${@bb.utils.contains('PACKAGECONFIG', 'tests', 'true', 'false', d)}; then - mkdir -p ${D}/${datadir}/cynara/tests - cp -r ${S}/test/db/* ${D}/${datadir}/cynara/tests - fi -} - -- cgit 1.2.3-korg