This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via eee6bb52534a63a9af166857a087afaf60a98a6d (commit) via 8dce07fcc91d3e7fb30e10500c2df314c3d93000 (commit) via f0a80f0d080077f922f7e9847b52dc194378b6c9 (commit) via 6b7e3f4f0159e3ccb16f77bb7e17cb49ef09a8fe (commit) via b9a6b19e5f1cb302c407ee5202d5ed205d027e07 (commit) via 2d922811ccaee8ddf021ed16ac4637030d0aef08 (commit) via 2777fcb0e4b6a726d27c54615369ddc94b0ec778 (commit) via 5f157e9dde2cf9bb435f7dd4f015ff2fa9346095 (commit) via 81cbd283244759b9bc019b0d1b520fe3a1f6d211 (commit) via a35376e587393d526a3de4ece885a6a6d4916da5 (commit) via 229d01e27091264c44a2e1db8898fd2b306fa442 (commit) via 83dc82d564b65b62ca5bc5bab43af557a24fadbc (commit) via 3002f9ae1b61e4f4802bc1aa4089ae7a2cec6751 (commit) via 72e67668bc7120366912d3b5c74503c0460f2e84 (commit) via 92409c7bd1a04ba3221ec7a803353e902c89fdc0 (commit) via b7b53e02d9078b0d73961108c93f661cfa56fc6a (commit) via 4752018936993068a7a1b0b0e193fe14db085707 (commit) via 6ed30ec4f20c41b0d694f0d2272dc4462c542e3d (commit) from c6fb66f9566951124ccd66f1592f87c3ec60ca85 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit eee6bb52534a63a9af166857a087afaf60a98a6d Merge: 8dce07f b9a6b19 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Nov 7 14:12:55 2010 +0100
Merge branch 'selinux' into next
commit 8dce07fcc91d3e7fb30e10500c2df314c3d93000 Merge: f0a80f0 6b7e3f4 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 23:14:47 2010 +0100
Merge remote branch 'stevee/netplugd' into netplugd
commit f0a80f0d080077f922f7e9847b52dc194378b6c9 Merge: 92409c7 c6fb66f Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 23:14:33 2010 +0100
Merge branch 'next' into netplugd
commit 6b7e3f4f0159e3ccb16f77bb7e17cb49ef09a8fe Author: Schantl Stefan Stevee@ipfire.org Date: Sat Nov 6 22:22:25 2010 +0100
netplugd: Add upstart jobfile.
Refers to #87.
commit b9a6b19e5f1cb302c407ee5202d5ed205d027e07 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 21:54:45 2010 +0100
python: Enable support for selinux.
commit 2d922811ccaee8ddf021ed16ac4637030d0aef08 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 21:27:52 2010 +0100
tar: Enable support for selinux.
commit 2777fcb0e4b6a726d27c54615369ddc94b0ec778 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 21:07:45 2010 +0100
glibc: Enable support for selinux.
commit 5f157e9dde2cf9bb435f7dd4f015ff2fa9346095 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 20:23:22 2010 +0100
shadow: Enable support for selinux.
commit 81cbd283244759b9bc019b0d1b520fe3a1f6d211 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 20:15:51 2010 +0100
passwd: Enable support for selinux.
commit a35376e587393d526a3de4ece885a6a6d4916da5 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 20:10:42 2010 +0100
coreutils: Enable support for selinux.
commit 229d01e27091264c44a2e1db8898fd2b306fa442 Merge: 83dc82d 3002f9a Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 19:42:28 2010 +0100
Merge remote branch 'stevee/selinux' into selinux
commit 83dc82d564b65b62ca5bc5bab43af557a24fadbc Merge: 6ed30ec 1e2914a Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 19:42:22 2010 +0100
Merge branch 'next' into selinux
commit 3002f9ae1b61e4f4802bc1aa4089ae7a2cec6751 Author: Schantl Stefan Stevee@ipfire.org Date: Sat Nov 6 19:15:08 2010 +0100
libsemanage: New package.
commit 72e67668bc7120366912d3b5c74503c0460f2e84 Author: Schantl Stefan Stevee@ipfire.org Date: Sat Nov 6 19:14:49 2010 +0100
libselinux: New package.
commit 92409c7bd1a04ba3221ec7a803353e902c89fdc0 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Nov 6 18:43:28 2010 +0100
netplug: New package.
References #87.
commit b7b53e02d9078b0d73961108c93f661cfa56fc6a Author: Schantl Stefan Stevee@ipfire.org Date: Sat Nov 6 19:14:33 2010 +0100
libsepol: New package.
commit 4752018936993068a7a1b0b0e193fe14db085707 Author: Schantl Stefan Stevee@ipfire.org Date: Sat Nov 6 19:13:58 2010 +0100
ustr: New package.
commit 6ed30ec4f20c41b0d694f0d2272dc4462c542e3d Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 5 23:39:36 2010 +0100
kernel: Enable support for SELinux.
-----------------------------------------------------------------------
Summary of changes: pkgs/core/coreutils/coreutils.nm | 4 +- pkgs/core/glibc/glibc.nm | 6 +- pkgs/core/kernel/config | 17 ++- pkgs/core/kernel/kernel.nm | 2 +- pkgs/core/libselinux/libselinux.nm | 94 +++++++++ .../libselinux/patches/libselinux-ipfire.patch | 12 ++ .../libaio.nm => libsemanage/libsemanage.nm} | 47 +++-- .../libsemanage/patches/libsemanage-rhat.patch | 24 +++ pkgs/core/libsemanage/semanage.conf | 48 +++++ .../libcap-ng.nm => libsepol/libsepol.nm} | 32 ++-- pkgs/core/{pptp/pptp.nm => netplug/netplug.nm} | 34 ++-- .../{lldpd/lldpd.init => netplug/netplugd.init} | 4 +- .../patches/netplug-1.2.9.1-execshield.patch | 203 ++++++++++++++++++++ pkgs/core/passwd/passwd.nm | 13 +- pkgs/core/python/python.nm | 6 +- pkgs/core/shadow/shadow.nm | 6 +- pkgs/core/tar/tar.nm | 4 +- pkgs/core/{libssh2/libssh2.nm => ustr/ustr.nm} | 42 +++-- 18 files changed, 504 insertions(+), 94 deletions(-) create mode 100644 pkgs/core/libselinux/libselinux.nm create mode 100644 pkgs/core/libselinux/patches/libselinux-ipfire.patch copy pkgs/core/{libaio/libaio.nm => libsemanage/libsemanage.nm} (63%) create mode 100644 pkgs/core/libsemanage/patches/libsemanage-rhat.patch create mode 100644 pkgs/core/libsemanage/semanage.conf copy pkgs/core/{libcap-ng/libcap-ng.nm => libsepol/libsepol.nm} (77%) copy pkgs/core/{pptp/pptp.nm => netplug/netplug.nm} (72%) copy pkgs/core/{lldpd/lldpd.init => netplug/netplugd.init} (56%) create mode 100644 pkgs/core/netplug/patches/netplug-1.2.9.1-execshield.patch copy pkgs/core/{libssh2/libssh2.nm => ustr/ustr.nm} (74%)
Difference in files: diff --git a/pkgs/core/coreutils/coreutils.nm b/pkgs/core/coreutils/coreutils.nm index 6b82169..b4972ee 100644 --- a/pkgs/core/coreutils/coreutils.nm +++ b/pkgs/core/coreutils/coreutils.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = coreutils PKG_VER = 8.5 -PKG_REL = 1 +PKG_REL = 2
PKG_MAINTAINER = PKG_GROUP = System/Base @@ -40,7 +40,7 @@ define PKG_DESCRIPTION endef
PKG_BUILD_DEPS+= autoconf automake libacl-devel libattr-devel libcap \ - ncurses-devel e2fsprogs pam-devel + ncurses-devel e2fsprogs pam-devel libselinux-devel
PKG_TARBALL = $(THISAPP).tar.gz
diff --git a/pkgs/core/glibc/glibc.nm b/pkgs/core/glibc/glibc.nm index 4bbaacd..3d0e561 100644 --- a/pkgs/core/glibc/glibc.nm +++ b/pkgs/core/glibc/glibc.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = glibc PKG_VER = 2.12.1 -PKG_REL = 2 +PKG_REL = 3
PKG_MAINTAINER = Michael Tremer michael.tremer@ipfire.org PKG_GROUP = System/Base @@ -34,6 +34,8 @@ PKG_URL = http://sources.redhat.com/glibc/ PKG_LICENSE = GPLv2+ LGPLv2+ PKG_SUMMARY = The GNU libc libraries.
+PKG_BUILD_DEPS+= autoconf automake gettext libselinux-devel texinfo + PKG_PACKAGES += $(PKG_NAME_REAL)-devel
define PKG_DESCRIPTION @@ -226,7 +228,7 @@ define STAGE_BUILD --disable-profile \ --enable-add-ons \ --enable-kernel=$(OPTIMIZED_KERNEL) \ - --without-selinux \ + --with-selinux \ --disable-werror \ --enable-bind-now \ --enable-stackguard-randomization \ diff --git a/pkgs/core/kernel/config b/pkgs/core/kernel/config index e3bbd99..b0fee45 100644 --- a/pkgs/core/kernel/config +++ b/pkgs/core/kernel/config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.35.4 -# Sat Sep 18 18:55:00 2010 +# Fri Nov 5 20:40:34 2010 # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -620,7 +620,7 @@ CONFIG_IPV6_MROUTE=y CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y CONFIG_IPV6_PIMSM_V2=y # CONFIG_NETLABEL is not set -# CONFIG_NETWORK_SECMARK is not set +CONFIG_NETWORK_SECMARK=y CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y @@ -635,6 +635,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NF_CONNTRACK=m CONFIG_NF_CT_ACCT=y CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CT_PROTO_DCCP=m @@ -665,6 +666,7 @@ CONFIG_NETFILTER_XT_CONNMARK=m # CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_CT=m CONFIG_NETFILTER_XT_TARGET_DSCP=m CONFIG_NETFILTER_XT_TARGET_HL=m @@ -677,6 +679,7 @@ CONFIG_NETFILTER_XT_TARGET_RATEEST=m CONFIG_NETFILTER_XT_TARGET_TEE=m CONFIG_NETFILTER_XT_TARGET_TPROXY=m CONFIG_NETFILTER_XT_TARGET_TRACE=m +CONFIG_NETFILTER_XT_TARGET_SECMARK=m CONFIG_NETFILTER_XT_TARGET_TCPMSS=m CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
@@ -3837,7 +3840,15 @@ CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y # CONFIG_SECURITY_PATH is not set CONFIG_INTEL_TXT=y -# CONFIG_SECURITY_SELINUX is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 +CONFIG_SECURITY_SELINUX_DISABLE=y +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set # CONFIG_SECURITY_TOMOYO is not set # CONFIG_IMA is not set # CONFIG_DEFAULT_SECURITY_SELINUX is not set diff --git a/pkgs/core/kernel/kernel.nm b/pkgs/core/kernel/kernel.nm index be7887b..b615986 100644 --- a/pkgs/core/kernel/kernel.nm +++ b/pkgs/core/kernel/kernel.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = linux PKG_VER = 2.6.35.4 -PKG_REL = 1 +PKG_REL = 2
PKG_MAINTAINER = Michael Tremer michael.tremer@ipfire.org PKG_GROUP = System/Kernels diff --git a/pkgs/core/libselinux/libselinux.nm b/pkgs/core/libselinux/libselinux.nm new file mode 100644 index 0000000..03e418d --- /dev/null +++ b/pkgs/core/libselinux/libselinux.nm @@ -0,0 +1,94 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = libselinux +PKG_VER = 2.0.96 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Libraries +PKG_URL = http://www.selinuxproject.org +PKG_LICENSE = Public Domain +PKG_SUMMARY = SELinux library and simple utilities. + +PKG_BUILD_DEPS+= libsepol-devel python-devel swig + +define PKG_DESCRIPTION + libselinux provides an API for SELinux applications to get and set \ + process and file security contexts and to obtain security policy \ + decisions. +endef + +PKG_TARBALL = $(THISAPP).tgz + +PKG_PACKAGES += $(PKG_NAME_REAL)-devel $(PKG_NAME_REAL)-utils python-selinux + +# Package information for libselinux-utils +PKG_SUMMARY-$(PKG_NAME_REAL)-utils = SELinux libselinux utilies. +PKG_DESCRIPTION-$(PKG_NAME_REAL)-utils = The libselinux-utils package contains the utilities. + +define PKG_FILES-$(PKG_NAME_REAL)-utils + /usr/sbin/* + /usr/share/man/man5/* + /usr/share/man/man8/* +endef + +# Package information for python-selinux +PKG_SUMMARY-python-selinux = SELinux python bindings. +PKG_DESCRIPTION-selinux = SELinux python bindings for libselinux. + +define PKG_FILES-python-selinux + /usr/lib/python* +endef + +define STAGE_BUILD + cd $(DIR_APP) && make clean + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" swigify + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" all + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" pywrap +endef + +define STAGE_INSTALL_CMDS + cd $(DIR_APP) && make install-pywrap DESTDIR=$(BUILDROOT) + + # Remove unwanted binaries + rm -f $(BUILDROOT)/usr/sbin/compute_* + rm -f $(BUILDROOT)/usr/sbin/deftype + rm -f $(BUILDROOT)/usr/sbin/execcon + rm -f $(BUILDROOT)/usr/sbin/getenforcemode + rm -f $(BUILDROOT)/usr/sbin/getfilecon + rm -f $(BUILDROOT)/usr/sbin/getpidcon + rm -f $(BUILDROOT)/usr/sbin/mkdircon + rm -f $(BUILDROOT)/usr/sbin/policyvers + rm -f $(BUILDROOT)/usr/sbin/setfilecon + rm -f $(BUILDROOT)/usr/sbin/selinuxconfig + rm -f $(BUILDROOT)/usr/sbin/selinuxdisable + rm -f $(BUILDROOT)/usr/sbin/getseuser + rm -f $(BUILDROOT)/usr/sbin/selinux_check_securetty_context + + # Move binaries from /sbin to /usr/sbin + mv $(BUILDROOT)/sbin/* $(BUILDROOT)/usr/sbin +endef diff --git a/pkgs/core/libselinux/patches/libselinux-ipfire.patch b/pkgs/core/libselinux/patches/libselinux-ipfire.patch new file mode 100644 index 0000000..29e0eef --- /dev/null +++ b/pkgs/core/libselinux/patches/libselinux-ipfire.patch @@ -0,0 +1,12 @@ +diff -Nur a/src/Makefile b/src/Makefile +--- a/src/Makefile 2010-11-06 13:49:19.000000000 +0100 ++++ b/src/Makefile 2010-06-16 14:03:39.000000000 +0200 +@@ -95,7 +95,7 @@ + $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< + + $(AUDIT2WHYSO): audit2why.lo +- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@ ++ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -lsepol -L$(LIBDIR) -Wl,-soname,$@ + + %.o: %.c policy.h + $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< diff --git a/pkgs/core/libsemanage/libsemanage.nm b/pkgs/core/libsemanage/libsemanage.nm new file mode 100644 index 0000000..c3438e9 --- /dev/null +++ b/pkgs/core/libsemanage/libsemanage.nm @@ -0,0 +1,69 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = libsemanage +PKG_VER = 2.0.45 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Libraries +PKG_URL = http://www.selinuxproject.org +PKG_LICENSE = LGPLv2+ +PKG_SUMMARY = SELinux binary policy manipulation library. + +PKG_BUILD_DEPS+= bison flex libselinux-devel libsepol-devel \ + python-devel swig ustr-devel + +define PKG_DESCRIPTION + libsemanage provides an API for the manipulation of SELinux \ + binary policies. +endef + +PKG_TARBALL = $(THISAPP).tgz + +PKG_PACKAGES += $(PKG_NAME_REAL)-devel python-selinux-manage + +# Package information for python-selinux-manage +PKG_SUMMARY-python-selinux-manage = SELinux manage python bindings. +PKG_DESCRIPTION-selinux-manage = SELinux python bindings for libsemanage. + +define PKG_FILES-python-selinux-manage + /usr/lib/python* +endef + +define STAGE_BUILD + cd $(DIR_APP) && make clean + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" swigify + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" all + cd $(DIR_APP) && make CC=gcc LIBDIR="/usr/lib" CFLAGS="-g $(CFLAGS)" pywrap +endef + +define STAGE_INSTALL_CMDS + cd $(DIR_APP) && make install-pywrap DESTDIR=$(BUILDROOT) + + # Install our config file + cp -vf $(DIR_SOURCE)/semanage.conf $(BUILDROOT)/etc/selinux/semanage.conf +endef diff --git a/pkgs/core/libsemanage/patches/libsemanage-rhat.patch b/pkgs/core/libsemanage/patches/libsemanage-rhat.patch new file mode 100644 index 0000000..a1f53c5 --- /dev/null +++ b/pkgs/core/libsemanage/patches/libsemanage-rhat.patch @@ -0,0 +1,24 @@ +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.44/src/genhomedircon.c +--- nsalibsemanage/src/genhomedircon.c 2009-09-17 08:59:43.000000000 -0400 ++++ libsemanage-2.0.44/src/genhomedircon.c 2010-02-24 14:57:23.000000000 -0500 +@@ -310,6 +310,10 @@ + } + if (strcmp(pwbuf->pw_dir, "/") == 0) + continue; ++ if (strcmp(pwbuf->pw_dir, "/root") == 0) { ++ continue; ++ } ++ + if (semanage_str_count(pwbuf->pw_dir, '/') <= 1) + continue; + if (!(path = strdup(pwbuf->pw_dir))) { +@@ -803,6 +807,9 @@ + * /root */ + continue; + } ++ if (strcmp(pwent->pw_dir, "/root") == 0) { ++ continue; ++ } + if (push_user_entry(&head, name, seuname, + prefix, pwent->pw_dir) != STATUS_SUCCESS) { + *errors = STATUS_ERR; diff --git a/pkgs/core/libsemanage/semanage.conf b/pkgs/core/libsemanage/semanage.conf new file mode 100644 index 0000000..d2f9c59 --- /dev/null +++ b/pkgs/core/libsemanage/semanage.conf @@ -0,0 +1,48 @@ +# Authors: Jason Tang jtang@tresys.com +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in <sepol/policydb.h>. Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=False diff --git a/pkgs/core/libsepol/libsepol.nm b/pkgs/core/libsepol/libsepol.nm new file mode 100644 index 0000000..d27fd7b --- /dev/null +++ b/pkgs/core/libsepol/libsepol.nm @@ -0,0 +1,57 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = libsepol +PKG_VER = 2.0.41 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Libraries +PKG_URL = http://www.selinuxproject.org +PKG_LICENSE = LGPLv2+ +PKG_SUMMARY = SELinux binary policy manipulation library. + +PKG_PACKAGES += $(PKG_NAME_REAL)-devel + +define PKG_DESCRIPTION + libsepol provides an API for the manipulation of SELinux binary \ + policies. +endef + +PKG_TARBALL = $(THISAPP).tgz + +define STAGE_BUILD + cd $(DIR_APP) && make clean + cd $(DIR_APP) && make CFLAGS="$(CFLAGS)" $(PARALELLISMFLAGS) +endef + +define STAGE_INSTALL_CMDS + # Remove binaries + rm -rf $(BUILDROOT)/usr/bin + + # Remove manpages from binaries + rm -rf $(BUILDROOT)/usr/share/man/man8 +endef diff --git a/pkgs/core/netplug/netplug.nm b/pkgs/core/netplug/netplug.nm new file mode 100644 index 0000000..e1bc02c --- /dev/null +++ b/pkgs/core/netplug/netplug.nm @@ -0,0 +1,59 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = netplug +PKG_VER = 1.2.9.1 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = Networking/Tools +PKG_URL = http://www.red-bean.com/~bos/ +PKG_LICENSE = GPLv2 +PKG_SUMMARY = A daemon that manages network interfaces in response to \ + network cables being plugged in and out. + +define PKG_DESCRIPTION + Netplug is a Linux daemon that manages network interfaces in response \ + to network cables being plugged in and out. If you're familiar with \ + Windows XP, which just does the Right Thing when you plug an ethernet \ + cable into a laptop, netplug will need no further explanation. +endef + +PKG_TARBALL = $(THISAPP).tar.bz2 + +define STAGE_PREPARE_CMDS + # Remove debugging flags from CFLAGS. + cd $(DIR_APP) && sed -i Makefile \ + -e "s/-ggdb3 -O3//g" +endef + +define STAGE_BUILD + cd $(DIR_APP) && make CC="gcc" +endef + +define STAGE_INSTALL_CMDS + rm -rfv $(BUILDROOT)/etc/rc.d +endef diff --git a/pkgs/core/netplug/netplugd.init b/pkgs/core/netplug/netplugd.init new file mode 100644 index 0000000..3f9fef4 --- /dev/null +++ b/pkgs/core/netplug/netplugd.init @@ -0,0 +1,8 @@ +description "Starts the netplug daemon" +author "IPFire Team" + +start on started network +stop on stopping network + +exec /sbin/netplugd -F +respawn diff --git a/pkgs/core/netplug/patches/netplug-1.2.9.1-execshield.patch b/pkgs/core/netplug/patches/netplug-1.2.9.1-execshield.patch new file mode 100644 index 0000000..b9809f1 --- /dev/null +++ b/pkgs/core/netplug/patches/netplug-1.2.9.1-execshield.patch @@ -0,0 +1,203 @@ +diff -up netplug-1.2.9.1/if_info.c.execshield netplug-1.2.9.1/if_info.c +--- netplug-1.2.9.1/if_info.c.execshield 2008-12-23 00:36:23.000000000 +0100 ++++ netplug-1.2.9.1/if_info.c 2009-09-09 10:02:12.000000000 +0200 +@@ -95,15 +95,16 @@ flags_str(char *buf, unsigned int fl) + return buf; + } + +-void +-for_each_iface(int (*func)(struct if_info *)) ++struct if_info * ++for_each_iface(int (*func)(struct if_info *, long), long param) + { + for(int i = 0; i < INFOHASHSZ; i++) { + for(struct if_info *info = if_info[i]; info != NULL; info = info->next) { +- if ((*func)(info)) +- return; ++ if ((*func)(info, param)) ++ return info; + } + } ++ return NULL; + } + + /* Reevaluate the state machine based on the current state and flag settings */ +@@ -285,22 +286,20 @@ ifsm_flagchange(struct if_info *info, un + } + + /* handle a script termination and update the state accordingly */ ++int find_pid(struct if_info *i, long param) { ++ if (i->worker == param) { ++ return 1; ++ } ++ return 0; ++} ++ + void ifsm_scriptdone(pid_t pid, int exitstatus) + { + int exitok = WIFEXITED(exitstatus) && WEXITSTATUS(exitstatus) == 0; + struct if_info *info; + assert(WIFEXITED(exitstatus) || WIFSIGNALED(exitstatus)); + +- int find_pid(struct if_info *i) { +- if (i->worker == pid) { +- info = i; +- return 1; +- } +- return 0; +- } +- +- info = NULL; +- for_each_iface(find_pid); ++ info = for_each_iface(find_pid, pid); + + if (info == NULL) { + do_log(LOG_INFO, "Unexpected child %d exited with status %d", +diff -up netplug-1.2.9.1/main.c.execshield netplug-1.2.9.1/main.c +--- netplug-1.2.9.1/main.c.execshield 2008-12-23 00:36:23.000000000 +0100 ++++ netplug-1.2.9.1/main.c 2009-09-09 10:02:12.000000000 +0200 +@@ -161,11 +161,28 @@ child_handler(int sig, siginfo_t *info, + ce.pid = info->si_pid; + ret = waitpid(info->si_pid, &ce.status, 0); + if (ret == info->si_pid) +- write(child_handler_pipe[1], &ce, sizeof(ce)); ++ (void)write(child_handler_pipe[1], &ce, sizeof(ce)); + } + + /* Poll the existing interface state, so we can catch any state + changes for which we may not have neen a netlink message. */ ++static int pollflags(struct if_info *info, long param) { ++ struct ifreq ifr; ++ ++ if (!if_match(info->name)) ++ return 0; ++ ++ memcpy(ifr.ifr_name, info->name, sizeof(ifr.ifr_name)); ++ if (ioctl(param, SIOCGIFFLAGS, &ifr) < 0) ++ do_log(LOG_ERR, "%s: can't get flags: %m", info->name); ++ else { ++ ifsm_flagchange(info, ifr.ifr_flags); ++ ifsm_flagpoll(info); ++ } ++ ++ return 0; ++} ++ + static void + poll_interfaces(void) + { +@@ -180,24 +197,13 @@ poll_interfaces(void) + close_on_exec(sockfd); + } + +- int pollflags(struct if_info *info) { +- struct ifreq ifr; +- +- if (!if_match(info->name)) +- return 0; +- +- memcpy(ifr.ifr_name, info->name, sizeof(ifr.ifr_name)); +- if (ioctl(sockfd, SIOCGIFFLAGS, &ifr) < 0) +- do_log(LOG_ERR, "%s: can't get flags: %m", info->name); +- else { +- ifsm_flagchange(info, ifr.ifr_flags); +- ifsm_flagpoll(info); +- } +- +- return 0; +- } ++ for_each_iface(pollflags, sockfd); ++} + +- for_each_iface(pollflags); ++static int poll_flags(struct if_info *i, long param) { ++ if (if_match(i->name)) ++ ifsm_flagpoll(i); ++ return 0; + } + + int debug = 0; +@@ -331,17 +337,11 @@ main(int argc, char *argv[]) + { child_handler_pipe[0], POLLIN, 0 }, + }; + +- { +- /* Run over each of the interfaces we know and care about, and +- make sure the state machine has done the appropriate thing +- for their current state. */ +- int poll_flags(struct if_info *i) { +- if (if_match(i->name)) +- ifsm_flagpoll(i); +- return 0; +- } +- for_each_iface(poll_flags); +- } ++ /* Run over each of the interfaces we know and care about, and ++ make sure the state machine has done the appropriate thing ++ for their current state. */ ++ for_each_iface(poll_flags, 0); ++ + + for(;;) { + int ret; +diff -up netplug-1.2.9.1/Makefile.execshield netplug-1.2.9.1/Makefile +--- netplug-1.2.9.1/Makefile.execshield 2008-12-23 00:41:38.000000000 +0100 ++++ netplug-1.2.9.1/Makefile 2009-09-09 10:02:12.000000000 +0200 +@@ -4,15 +4,15 @@ DESTDIR ?= + + prefix ?= + bindir ?= $(prefix)/sbin +-etcdir ?= $(prefix)/etc/netplug ++etcdir ?= $(prefix)/etc/netplug.d + initdir ?= $(prefix)/etc/rc.d/init.d + scriptdir ?= $(prefix)/etc/netplug.d + mandir ?= $(prefix)/usr/share/man + + install_opts := + +-CFLAGS += -Wall -Werror -std=gnu99 -DNP_ETC_DIR='"$(etcdir)"' \ +- -DNP_SCRIPT_DIR='"$(scriptdir)"' -ggdb3 -O3 -DNP_VERSION='"$(version)"' ++CFLAGS += -std=gnu99 -DNP_ETC_DIR='"$(etcdir)"' \ ++ -DNP_SCRIPT_DIR='"$(scriptdir)"' -DNP_VERSION='"$(version)"' + + netplugd: config.o netlink.o lib.o if_info.o main.o + $(CC) $(LDFLAGS) -o $@ $^ +@@ -30,10 +30,12 @@ install: + install $(install_opts) -m 755 scripts/rc.netplugd $(DESTDIR)/$(initdir)/netplugd + install $(install_opts) -m 444 man/man8/netplugd.8 $(DESTDIR)/$(mandir)/man8 + +-hg_root := $(shell hg root) ++#hg_root := $(shell hg root) ++hg_root := $(shell) + tar_root := netplug-$(version) + tar_file := $(hg_root)/$(tar_root).tar.bz2 +-files := $(shell hg manifest) ++#files := $(shell hg manifest) ++files := $(shell) + + tarball: $(tar_file) + +diff -up netplug-1.2.9.1/man/man8/netplugd.8.execshield netplug-1.2.9.1/man/man8/netplugd.8 +--- netplug-1.2.9.1/man/man8/netplugd.8.execshield 2008-12-23 00:36:23.000000000 +0100 ++++ netplug-1.2.9.1/man/man8/netplugd.8 2009-09-09 10:07:33.000000000 +0200 +@@ -134,7 +134,7 @@ to run in the foreground, this option is + ." + .Sh FILES + .Bl -tag -width Ds +-.It Pa /etc/netplug/netplugd.conf ++.It Pa /etc/netplug.d/netplugd.conf + Default config file to read, if none is specified on the command line. + The config file format is one pattern per line, with white space, + empty lines, and comments starting with a +diff -up netplug-1.2.9.1/netplug.h.execshield netplug-1.2.9.1/netplug.h +--- netplug-1.2.9.1/netplug.h.execshield 2008-12-23 00:36:23.000000000 +0100 ++++ netplug-1.2.9.1/netplug.h 2009-09-09 10:02:12.000000000 +0200 +@@ -83,7 +83,7 @@ struct if_info *if_info_update_interface + struct rtattr *attrs[]); + int if_info_save_interface(struct nlmsghdr *hdr, void *arg); + void parse_rtattrs(struct rtattr *tb[], int max, struct rtattr *rta, int len); +-void for_each_iface(int (*func)(struct if_info *)); ++struct if_info *for_each_iface(int (*func)(struct if_info *, long), long param); + + void ifsm_flagpoll(struct if_info *info); + void ifsm_flagchange(struct if_info *info, unsigned int newflags); diff --git a/pkgs/core/passwd/passwd.nm b/pkgs/core/passwd/passwd.nm index 4bb782d..a6a2919 100644 --- a/pkgs/core/passwd/passwd.nm +++ b/pkgs/core/passwd/passwd.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = passwd PKG_VER = 0.76 -PKG_REL = 0 +PKG_REL = 1
PKG_MAINTAINER = PKG_GROUP = System/Base @@ -34,7 +34,8 @@ PKG_URL = http://fedorahosted.org/passwd PKG_LICENSE = BSD PKG_SUMMARY = An utility for setting or changing passwords using PAM.
-PKG_DEPS += glib2 libuser pam +PKG_BUILD_DEPS+= audit-devel glib2-devel libuser-devel pam-devel pkg-config \ + libselinux-devel
define PKG_DESCRIPTION This package contains a system utility (passwd) which sets \ @@ -44,16 +45,12 @@ endef
PKG_TARBALL = $(THISAPP).tar.bz2
-############################################################################### -# Installation Details -############################################################################### - define STAGE_BUILD cd $(DIR_APP) && \ ./configure \ --prefix=/usr \ - --without-selinux \ - --without-audit \ + --with-selinux \ + --with-audit \ --disable-static
cd $(DIR_APP) && make DEBUG= RPM_OPT_FLAGS="$(CFLAGS)" $(PARALLELISMFLAGS) diff --git a/pkgs/core/python/python.nm b/pkgs/core/python/python.nm index a6875c8..c8374e5 100644 --- a/pkgs/core/python/python.nm +++ b/pkgs/core/python/python.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = Python PKG_VER = 2.7 -PKG_REL = 1 +PKG_REL = 2
PKG_MAINTAINER = PKG_GROUP = Development/Languages @@ -35,8 +35,8 @@ PKG_LICENSE = Python PKG_SUMMARY = An interpreted, interactive, object-oriented programming language.
PKG_BUILD_DEPS+= autoconf automake bzip2-devel db-devel expat-devel gdbm-devel \ - libffi-devel ncurses-devel openssl-devel pkg-config readline-devel sqlite-devel \ - tar zlib-devel + libffi-devel libselinux-devel ncurses-devel openssl-devel pkg-config \ + readline-devel sqlite-devel tar zlib-devel
define PKG_DESCRIPTION Python is an interpreted, interactive, object-oriented programming \ diff --git a/pkgs/core/shadow/shadow.nm b/pkgs/core/shadow/shadow.nm index 022e6b5..d7ec1ed 100644 --- a/pkgs/core/shadow/shadow.nm +++ b/pkgs/core/shadow/shadow.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = shadow PKG_VER = 4.1.4.2 -PKG_REL = 1 +PKG_REL = 2
PKG_MAINTAINER = PKG_GROUP = System/Base @@ -34,7 +34,7 @@ PKG_URL = ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/ PKG_LICENSE = GPLv2+ PKG_SUMMARY = Utilities to deal with user accounts.
-PKG_BUILD_DEPS+= libcap +PKG_BUILD_DEPS+= audit-devel libcap-devel libselinux-devel
define PKG_DESCRIPTION The shadow-utils package includes the necessary programs \ @@ -48,7 +48,7 @@ CONFIGURE_OPTIONS += \ --sysconfdir=/etc \ --enable-shadowgrp \ --with-sha-crypt \ - --without-selinux \ + --with-selinux \ --without-libcrack \ --without-libpam \ --disable-static diff --git a/pkgs/core/tar/tar.nm b/pkgs/core/tar/tar.nm index 2706ebe..853a223 100644 --- a/pkgs/core/tar/tar.nm +++ b/pkgs/core/tar/tar.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = tar PKG_VER = 1.23 -PKG_REL = 0 +PKG_REL = 1
PKG_MAINTAINER = PKG_GROUP = System/Packaging @@ -34,7 +34,7 @@ PKG_URL = http://www.gnu.org/software/tar/ PKG_LICENSE = GPLv3+ PKG_SUMMARY = A GNU file archiving program.
-PKG_BUILD_DEPS+= autoconf automake libacl-devel libattr-devel +PKG_BUILD_DEPS+= autoconf automake libacl-devel libattr-devel libselinux-devel
define PKG_DESCRIPTION The GNU tar program saves many files together in one archive \ diff --git a/pkgs/core/ustr/ustr.nm b/pkgs/core/ustr/ustr.nm new file mode 100644 index 0000000..2d0997b --- /dev/null +++ b/pkgs/core/ustr/ustr.nm @@ -0,0 +1,68 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = ustr +PKG_VER = 1.0.4 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Libraries +PKG_URL = http://www.and.org/ustr/ +PKG_LICENSE = MIT or LGPLv2+ or BSD +PKG_SUMMARY = String library, very low memory overhead, simple to import. + +PKG_PACKAGES += $(PKG_NAME_REAL)-devel + +define PKG_DESCRIPTION + Micro string library, with very low overhead. +endef + +PKG_TARBALL = $(THISAPP).tar.bz2 + +define PKG_FILES-$(PKG_NAME_REAL)-devel + /usr/bin + /usr/include + /usr/lib/pkgconfig + */lib/*.so +endef + + + +define STAGE_BUILD + cd $(DIR_APP) && make all-shared CFLAGS="$(CFLAGS)" $(PARALELLISMFLAGS) +endef + +define STAGE_TEST + cd $(DIR_APP) && make check +endef + +define STAGE_INSTALL_CMDS + rm -rf $(BUILDROOT)/usr/share + rm -rf $(BUILDROOT)/usr/lib/pkgconfig/*debug* + rm -rf $(BUILDROOT)/lib/*debug* + rm -rf $(BUILDROOT)/usr/lib/*debug* +endef +
hooks/post-receive -- IPFire 3.x development tree