Gentoo Archives: gentoo-commits

From: "Michał Górny" <mgorny@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-process/vixie-cron/files/, sys-process/vixie-cron/
Date: Wed, 11 Sep 2019 16:21:41
Message-Id: 1568218860.91f459e33251d00871cae5d14c305aace2f905ae.mgorny@gentoo
commit:     91f459e33251d00871cae5d14c305aace2f905ae
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 11 11:27:17 2019 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Wed Sep 11 16:21:00 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91f459e3

sys-process/vixie-cron: Drop old

Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 .../vixie-cron/files/vixie-cron-4.1-selinux-1.diff | 144 ---------------------
 sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild   | 126 ------------------
 2 files changed, 270 deletions(-)

diff --git a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff b/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff
deleted file mode 100644
index ec2493e8c3c..00000000000
--- a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff
+++ /dev/null
@@ -1,144 +0,0 @@
-diff -purN vixie-cron-4.1.orig/Makefile vixie-cron-4.1/Makefile
---- vixie-cron-4.1.orig/Makefile	2004-08-27 14:09:33.000000000 -0400
-+++ vixie-cron-4.1/Makefile	2008-08-25 15:17:20.062720415 -0400
-@@ -68,7 +68,8 @@ LINTFLAGS	=	-hbxa $(INCLUDE) $(DEBUGGING
- #<<want to use a nonstandard CC?>>
- CC		=	gcc -Wall -Wno-unused -Wno-comment
- #<<manifest defines>>
--DEFS		=
-+DEFS		= -s -DWITH_SELINUX
-+LIBS		+= 	-lselinux
- #(SGI IRIX systems need this)
- #DEFS		=	-D_BSD_SIGNALS -Dconst=
- #<<the name of the BSD-like install program>>
-diff -purN vixie-cron-4.1.orig/database.c vixie-cron-4.1/database.c
---- vixie-cron-4.1.orig/database.c	2004-08-27 14:09:34.000000000 -0400
-+++ vixie-cron-4.1/database.c	2008-08-27 08:19:37.948930858 -0400
-@@ -28,6 +28,16 @@ static char rcsid[] = "# $Id$
- 
- #include "cron.h"
- 
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#include <selinux/flask.h>
-+#include <selinux/av_permissions.h>
-+#include <selinux/get_context_list.h>
-+#define SYSUSERNAME "system_u"
-+#else
-+#define SYSUSERNAME "*system*"
-+#endif
-+
- #define TMAX(a,b) ((a)>(b)?(a):(b))
- 
- static	void		process_crontab(const char *, const char *,
-@@ -183,7 +193,7 @@ process_crontab(const char *uname, const
- 	if (fname == NULL) {
- 		/* must be set to something for logging purposes.
- 		 */
--		fname = "*system*";
-+		fname = SYSUSERNAME;
- 	} else if ((pw = getpwnam(uname)) == NULL) {
- 		/* file doesn't have a user in passwd file.
- 		 */
-@@ -245,6 +255,56 @@ process_crontab(const char *uname, const
- 		free_user(u);
- 		log_it(fname, getpid(), "RELOAD", tabname);
- 	}
-+#ifdef WITH_SELINUX
-+	if (is_selinux_enabled())	{
-+	  security_context_t file_context=NULL;
-+	  security_context_t user_context=NULL;
-+	  struct av_decision avd;
-+	  int retval=0;
-+	  char *seuser=NULL;
-+	  char *level=NULL;
-+
-+	  if (fgetfilecon(crontab_fd, &file_context) < OK) {
-+	    log_it(fname, getpid(), "getfilecon FAILED", tabname);
-+	    goto next_crontab;
-+	  }
-+
-+	  /*
-+	   * Since crontab files are not directly executed,
-+	   * crond must ensure that the crontab file has
-+	   * a context that is appropriate for the context of
-+	   * the user cron job.  It performs an entrypoint
-+	   * permission check for this purpose.
-+	   */
-+	  if (getseuserbyname(fname, &seuser, &level) < 0) {
-+	    log_it(fname, getpid(), "NO SEUSER", tabname);
-+	    goto next_crontab;
-+	  }
-+
-+	  if (get_default_context_with_level(seuser, level, NULL, &user_context) < 0) {
-+	    log_it(fname, getpid(), "NO CONTEXT", tabname);
-+	    freecon(file_context);
-+	    free(seuser);
-+	    free(level);
-+	    goto next_crontab;
-+	  }
-+
-+	  retval = security_compute_av(user_context,
-+				       file_context,
-+				       SECCLASS_FILE,
-+				       FILE__ENTRYPOINT,
-+				       &avd);
-+	  freecon(user_context);
-+	  freecon(file_context);
-+	  free(seuser);
-+	  free(level);
-+
-+	  if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
-+	    log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname);
-+	    goto next_crontab;
-+	  }
-+	}
-+#endif
- 	u = load_user(crontab_fd, pw, fname);
- 	if (u != NULL) {
- 		u->mtime = statbuf->st_mtime;
-diff -purN vixie-cron-4.1.orig/do_command.c vixie-cron-4.1/do_command.c
---- vixie-cron-4.1.orig/do_command.c	2004-08-27 14:09:34.000000000 -0400
-+++ vixie-cron-4.1/do_command.c	2008-08-25 15:43:43.289174371 -0400
-@@ -25,6 +25,11 @@ static char rcsid[] = "# $Id$
- 
- #include "cron.h"
- 
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#include <selinux/get_context_list.h>
-+#endif
-+
- static void		child_process(entry *, user *);
- static int		safe_p(const char *, const char *);
- 
-@@ -265,6 +270,29 @@ child_process(entry *e, user *u) {
- 				_exit(OK_EXIT);
- 			}
- # endif /*DEBUGGING*/
-+#ifdef WITH_SELINUX
-+			if (is_selinux_enabled()) {
-+			  char *seuser=NULL;
-+			  char *level=NULL;
-+			  security_context_t scontext;
-+
-+			  if (getseuserbyname(u->name, &seuser, &level) < 0) {
-+			    fprintf(stderr, "getseuserbyname: Could not determine seuser for user %s\n", u->name);
-+			    _exit(ERROR_EXIT);
-+			  }
-+			  if (get_default_context_with_level(seuser, level, NULL, &scontext) < 0) {
-+			    fprintf(stderr, "get_default_context_with_level: could not get security context for user %s, seuser %s\n", u->name, seuser); 
-+			    _exit(ERROR_EXIT);
-+			  }
-+			  if (setexeccon(scontext) < 0) {
-+			    fprintf(stderr, "setexeccon: Could not set exec context to %s for user %s\n", scontext, u->name);
-+			    _exit(ERROR_EXIT);
-+			  }
-+			  free(seuser);
-+			  free(level);
-+			  freecon(scontext);
-+			}
-+#endif
- 			execle(shell, shell, "-c", e->cmd, (char *)0, e->envp);
- 			fprintf(stderr, "execl: couldn't exec `%s'\n", shell);
- 			perror("execl");

diff --git a/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild b/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild
deleted file mode 100644
index 09604bb3074..00000000000
--- a/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=0
-
-inherit cron toolchain-funcs pam eutils flag-o-matic user systemd
-
-# no useful homepage, bug #65898
-HOMEPAGE="ftp://ftp.isc.org/isc/cron/"
-DESCRIPTION="Paul Vixie's cron daemon, a fully featured crond implementation"
-
-SELINUX_PATCH="${P}-selinux-1.diff"
-GENTOO_PATCH_REV="r4"
-
-SRC_URI="mirror://gentoo/${P}.tar.bz2
-	mirror://gentoo/${P}-gentoo-${GENTOO_PATCH_REV}.patch.bz2"
-
-LICENSE="ISC BSD-2 BSD"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd"
-IUSE="selinux pam debug"
-
-DEPEND="selinux? ( sys-libs/libselinux )
-	pam? ( virtual/pam )"
-
-RDEPEND="selinux? ( sys-libs/libselinux )
-	 pam? ( virtual/pam )"
-
-#vixie-cron supports /etc/crontab
-CRON_SYSTEM_CRONTAB="yes"
-
-pkg_setup() {
-	enewgroup crontab
-}
-
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-
-	epatch "${WORKDIR}"/${P}-gentoo-${GENTOO_PATCH_REV}.patch
-	epatch "${FILESDIR}"/crontab.5.diff
-	epatch "${FILESDIR}"/${P}-commandline.patch
-	epatch "${FILESDIR}"/${P}-basename.diff
-	epatch "${FILESDIR}"/${P}-setuid_check.patch
-	epatch "${FILESDIR}"/${P}-hardlink.patch
-	epatch "${FILESDIR}"/${P}-crontabrace.patch
-	use pam && epatch "${FILESDIR}"/${P}-pam.patch
-	use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}
-}
-
-src_compile() {
-	use debug && append-flags -DDEBUGGING
-
-	sed -i -e "s:gcc \(-Wall.*\):$(tc-getCC) \1 ${CFLAGS}:" \
-		-e "s:^\(LDFLAGS[ \t]\+=\).*:\1 ${LDFLAGS}:" Makefile \
-		|| die "sed Makefile failed"
-
-	emake || die "emake failed"
-}
-
-src_install() {
-	docrondir -m 1730 -o root -g crontab
-	docron
-	docrontab -m 2755 -o root -g crontab
-
-	# /etc stuff
-	insinto /etc
-	newins  "${FILESDIR}"/crontab-3.0.1-r4 crontab
-	newins "${FILESDIR}"/${P}-cron.deny cron.deny
-
-	keepdir /etc/cron.d
-	newpamd "${FILESDIR}"/pamd.compatible cron
-	newinitd "${FILESDIR}"/vixie-cron.rc7 vixie-cron
-
-	# doc stuff
-	doman crontab.1 crontab.5 cron.8
-	dodoc "${FILESDIR}"/crontab
-	dodoc CHANGES CONVERSION FEATURES MAIL README THANKS
-
-	systemd_dounit "${FILESDIR}/${PN}.service"
-}
-
-pkg_preinst() {
-	has_version "<${CATEGORY}/${PN}-4.1-r10"
-	fix_spool_dir_perms=$?
-}
-
-pkg_postinst() {
-	if [[ -f ${ROOT}/etc/init.d/vcron ]]
-	then
-		ewarn "Please run:"
-		ewarn "rc-update del vcron"
-		ewarn "rc-update add vixie-cron default"
-	fi
-
-	# bug 71326
-	if [[ -u ${ROOT}/etc/pam.d/cron ]] ; then
-		echo
-		ewarn "Warning: previous ebuilds didn't reset permissions prior"
-		ewarn "to installing crontab, resulting in /etc/pam.d/cron being"
-		ewarn "installed with the SUID and executable bits set."
-		ewarn
-		ewarn "Run the following as root to set the proper permissions:"
-		ewarn "   chmod 0644 /etc/pam.d/cron"
-		echo
-	fi
-
-	# bug 164466
-	if [[ $fix_spool_dir_perms = 0 ]] ; then
-		echo
-		ewarn "Previous ebuilds didn't correctly set permissions on"
-		ewarn "the crontabs spool directory. Proper permissions are"
-		ewarn "now being set on ${ROOT}var/spool/cron/crontabs/"
-		ewarn "Look at this directory if you have a specific configuration"
-		ewarn "that needs special ownerships or permissions."
-		echo
-		chmod 1730 "${ROOT}/var/spool/cron/crontabs" || die "chmod failed"
-		chgrp -R crontab "${ROOT}/var/spool/cron/crontabs" || die "chgrp failed"
-		cd "${ROOT}/var/spool/cron/crontabs/"
-		for cronfile in * ; do
-			[[ ! -f $cronfile ]] || chown "$cronfile:crontab" "$cronfile" \
-		    || ewarn "chown failed on $cronfile, you probably have an orphan file."
-		done
-	fi
-
-	cron_pkg_postinst
-}