1 |
commit: 91f459e33251d00871cae5d14c305aace2f905ae |
2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Sep 11 11:27:17 2019 +0000 |
4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 11 16:21:00 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91f459e3 |
7 |
|
8 |
sys-process/vixie-cron: Drop old |
9 |
|
10 |
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> |
11 |
|
12 |
.../vixie-cron/files/vixie-cron-4.1-selinux-1.diff | 144 --------------------- |
13 |
sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild | 126 ------------------ |
14 |
2 files changed, 270 deletions(-) |
15 |
|
16 |
diff --git a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff b/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff |
17 |
deleted file mode 100644 |
18 |
index ec2493e8c3c..00000000000 |
19 |
--- a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff |
20 |
+++ /dev/null |
21 |
@@ -1,144 +0,0 @@ |
22 |
-diff -purN vixie-cron-4.1.orig/Makefile vixie-cron-4.1/Makefile |
23 |
---- vixie-cron-4.1.orig/Makefile 2004-08-27 14:09:33.000000000 -0400 |
24 |
-+++ vixie-cron-4.1/Makefile 2008-08-25 15:17:20.062720415 -0400 |
25 |
-@@ -68,7 +68,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(DEBUGGING |
26 |
- #<<want to use a nonstandard CC?>> |
27 |
- CC = gcc -Wall -Wno-unused -Wno-comment |
28 |
- #<<manifest defines>> |
29 |
--DEFS = |
30 |
-+DEFS = -s -DWITH_SELINUX |
31 |
-+LIBS += -lselinux |
32 |
- #(SGI IRIX systems need this) |
33 |
- #DEFS = -D_BSD_SIGNALS -Dconst= |
34 |
- #<<the name of the BSD-like install program>> |
35 |
-diff -purN vixie-cron-4.1.orig/database.c vixie-cron-4.1/database.c |
36 |
---- vixie-cron-4.1.orig/database.c 2004-08-27 14:09:34.000000000 -0400 |
37 |
-+++ vixie-cron-4.1/database.c 2008-08-27 08:19:37.948930858 -0400 |
38 |
-@@ -28,6 +28,16 @@ static char rcsid[] = "# $Id$ |
39 |
- |
40 |
- #include "cron.h" |
41 |
- |
42 |
-+#ifdef WITH_SELINUX |
43 |
-+#include <selinux/selinux.h> |
44 |
-+#include <selinux/flask.h> |
45 |
-+#include <selinux/av_permissions.h> |
46 |
-+#include <selinux/get_context_list.h> |
47 |
-+#define SYSUSERNAME "system_u" |
48 |
-+#else |
49 |
-+#define SYSUSERNAME "*system*" |
50 |
-+#endif |
51 |
-+ |
52 |
- #define TMAX(a,b) ((a)>(b)?(a):(b)) |
53 |
- |
54 |
- static void process_crontab(const char *, const char *, |
55 |
-@@ -183,7 +193,7 @@ process_crontab(const char *uname, const |
56 |
- if (fname == NULL) { |
57 |
- /* must be set to something for logging purposes. |
58 |
- */ |
59 |
-- fname = "*system*"; |
60 |
-+ fname = SYSUSERNAME; |
61 |
- } else if ((pw = getpwnam(uname)) == NULL) { |
62 |
- /* file doesn't have a user in passwd file. |
63 |
- */ |
64 |
-@@ -245,6 +255,56 @@ process_crontab(const char *uname, const |
65 |
- free_user(u); |
66 |
- log_it(fname, getpid(), "RELOAD", tabname); |
67 |
- } |
68 |
-+#ifdef WITH_SELINUX |
69 |
-+ if (is_selinux_enabled()) { |
70 |
-+ security_context_t file_context=NULL; |
71 |
-+ security_context_t user_context=NULL; |
72 |
-+ struct av_decision avd; |
73 |
-+ int retval=0; |
74 |
-+ char *seuser=NULL; |
75 |
-+ char *level=NULL; |
76 |
-+ |
77 |
-+ if (fgetfilecon(crontab_fd, &file_context) < OK) { |
78 |
-+ log_it(fname, getpid(), "getfilecon FAILED", tabname); |
79 |
-+ goto next_crontab; |
80 |
-+ } |
81 |
-+ |
82 |
-+ /* |
83 |
-+ * Since crontab files are not directly executed, |
84 |
-+ * crond must ensure that the crontab file has |
85 |
-+ * a context that is appropriate for the context of |
86 |
-+ * the user cron job. It performs an entrypoint |
87 |
-+ * permission check for this purpose. |
88 |
-+ */ |
89 |
-+ if (getseuserbyname(fname, &seuser, &level) < 0) { |
90 |
-+ log_it(fname, getpid(), "NO SEUSER", tabname); |
91 |
-+ goto next_crontab; |
92 |
-+ } |
93 |
-+ |
94 |
-+ if (get_default_context_with_level(seuser, level, NULL, &user_context) < 0) { |
95 |
-+ log_it(fname, getpid(), "NO CONTEXT", tabname); |
96 |
-+ freecon(file_context); |
97 |
-+ free(seuser); |
98 |
-+ free(level); |
99 |
-+ goto next_crontab; |
100 |
-+ } |
101 |
-+ |
102 |
-+ retval = security_compute_av(user_context, |
103 |
-+ file_context, |
104 |
-+ SECCLASS_FILE, |
105 |
-+ FILE__ENTRYPOINT, |
106 |
-+ &avd); |
107 |
-+ freecon(user_context); |
108 |
-+ freecon(file_context); |
109 |
-+ free(seuser); |
110 |
-+ free(level); |
111 |
-+ |
112 |
-+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { |
113 |
-+ log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname); |
114 |
-+ goto next_crontab; |
115 |
-+ } |
116 |
-+ } |
117 |
-+#endif |
118 |
- u = load_user(crontab_fd, pw, fname); |
119 |
- if (u != NULL) { |
120 |
- u->mtime = statbuf->st_mtime; |
121 |
-diff -purN vixie-cron-4.1.orig/do_command.c vixie-cron-4.1/do_command.c |
122 |
---- vixie-cron-4.1.orig/do_command.c 2004-08-27 14:09:34.000000000 -0400 |
123 |
-+++ vixie-cron-4.1/do_command.c 2008-08-25 15:43:43.289174371 -0400 |
124 |
-@@ -25,6 +25,11 @@ static char rcsid[] = "# $Id$ |
125 |
- |
126 |
- #include "cron.h" |
127 |
- |
128 |
-+#ifdef WITH_SELINUX |
129 |
-+#include <selinux/selinux.h> |
130 |
-+#include <selinux/get_context_list.h> |
131 |
-+#endif |
132 |
-+ |
133 |
- static void child_process(entry *, user *); |
134 |
- static int safe_p(const char *, const char *); |
135 |
- |
136 |
-@@ -265,6 +270,29 @@ child_process(entry *e, user *u) { |
137 |
- _exit(OK_EXIT); |
138 |
- } |
139 |
- # endif /*DEBUGGING*/ |
140 |
-+#ifdef WITH_SELINUX |
141 |
-+ if (is_selinux_enabled()) { |
142 |
-+ char *seuser=NULL; |
143 |
-+ char *level=NULL; |
144 |
-+ security_context_t scontext; |
145 |
-+ |
146 |
-+ if (getseuserbyname(u->name, &seuser, &level) < 0) { |
147 |
-+ fprintf(stderr, "getseuserbyname: Could not determine seuser for user %s\n", u->name); |
148 |
-+ _exit(ERROR_EXIT); |
149 |
-+ } |
150 |
-+ if (get_default_context_with_level(seuser, level, NULL, &scontext) < 0) { |
151 |
-+ fprintf(stderr, "get_default_context_with_level: could not get security context for user %s, seuser %s\n", u->name, seuser); |
152 |
-+ _exit(ERROR_EXIT); |
153 |
-+ } |
154 |
-+ if (setexeccon(scontext) < 0) { |
155 |
-+ fprintf(stderr, "setexeccon: Could not set exec context to %s for user %s\n", scontext, u->name); |
156 |
-+ _exit(ERROR_EXIT); |
157 |
-+ } |
158 |
-+ free(seuser); |
159 |
-+ free(level); |
160 |
-+ freecon(scontext); |
161 |
-+ } |
162 |
-+#endif |
163 |
- execle(shell, shell, "-c", e->cmd, (char *)0, e->envp); |
164 |
- fprintf(stderr, "execl: couldn't exec `%s'\n", shell); |
165 |
- perror("execl"); |
166 |
|
167 |
diff --git a/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild b/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild |
168 |
deleted file mode 100644 |
169 |
index 09604bb3074..00000000000 |
170 |
--- a/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild |
171 |
+++ /dev/null |
172 |
@@ -1,126 +0,0 @@ |
173 |
-# Copyright 1999-2018 Gentoo Foundation |
174 |
-# Distributed under the terms of the GNU General Public License v2 |
175 |
- |
176 |
-EAPI=0 |
177 |
- |
178 |
-inherit cron toolchain-funcs pam eutils flag-o-matic user systemd |
179 |
- |
180 |
-# no useful homepage, bug #65898 |
181 |
-HOMEPAGE="ftp://ftp.isc.org/isc/cron/" |
182 |
-DESCRIPTION="Paul Vixie's cron daemon, a fully featured crond implementation" |
183 |
- |
184 |
-SELINUX_PATCH="${P}-selinux-1.diff" |
185 |
-GENTOO_PATCH_REV="r4" |
186 |
- |
187 |
-SRC_URI="mirror://gentoo/${P}.tar.bz2 |
188 |
- mirror://gentoo/${P}-gentoo-${GENTOO_PATCH_REV}.patch.bz2" |
189 |
- |
190 |
-LICENSE="ISC BSD-2 BSD" |
191 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd" |
192 |
-IUSE="selinux pam debug" |
193 |
- |
194 |
-DEPEND="selinux? ( sys-libs/libselinux ) |
195 |
- pam? ( virtual/pam )" |
196 |
- |
197 |
-RDEPEND="selinux? ( sys-libs/libselinux ) |
198 |
- pam? ( virtual/pam )" |
199 |
- |
200 |
-#vixie-cron supports /etc/crontab |
201 |
-CRON_SYSTEM_CRONTAB="yes" |
202 |
- |
203 |
-pkg_setup() { |
204 |
- enewgroup crontab |
205 |
-} |
206 |
- |
207 |
-src_unpack() { |
208 |
- unpack ${A} |
209 |
- cd "${S}" |
210 |
- |
211 |
- epatch "${WORKDIR}"/${P}-gentoo-${GENTOO_PATCH_REV}.patch |
212 |
- epatch "${FILESDIR}"/crontab.5.diff |
213 |
- epatch "${FILESDIR}"/${P}-commandline.patch |
214 |
- epatch "${FILESDIR}"/${P}-basename.diff |
215 |
- epatch "${FILESDIR}"/${P}-setuid_check.patch |
216 |
- epatch "${FILESDIR}"/${P}-hardlink.patch |
217 |
- epatch "${FILESDIR}"/${P}-crontabrace.patch |
218 |
- use pam && epatch "${FILESDIR}"/${P}-pam.patch |
219 |
- use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH} |
220 |
-} |
221 |
- |
222 |
-src_compile() { |
223 |
- use debug && append-flags -DDEBUGGING |
224 |
- |
225 |
- sed -i -e "s:gcc \(-Wall.*\):$(tc-getCC) \1 ${CFLAGS}:" \ |
226 |
- -e "s:^\(LDFLAGS[ \t]\+=\).*:\1 ${LDFLAGS}:" Makefile \ |
227 |
- || die "sed Makefile failed" |
228 |
- |
229 |
- emake || die "emake failed" |
230 |
-} |
231 |
- |
232 |
-src_install() { |
233 |
- docrondir -m 1730 -o root -g crontab |
234 |
- docron |
235 |
- docrontab -m 2755 -o root -g crontab |
236 |
- |
237 |
- # /etc stuff |
238 |
- insinto /etc |
239 |
- newins "${FILESDIR}"/crontab-3.0.1-r4 crontab |
240 |
- newins "${FILESDIR}"/${P}-cron.deny cron.deny |
241 |
- |
242 |
- keepdir /etc/cron.d |
243 |
- newpamd "${FILESDIR}"/pamd.compatible cron |
244 |
- newinitd "${FILESDIR}"/vixie-cron.rc7 vixie-cron |
245 |
- |
246 |
- # doc stuff |
247 |
- doman crontab.1 crontab.5 cron.8 |
248 |
- dodoc "${FILESDIR}"/crontab |
249 |
- dodoc CHANGES CONVERSION FEATURES MAIL README THANKS |
250 |
- |
251 |
- systemd_dounit "${FILESDIR}/${PN}.service" |
252 |
-} |
253 |
- |
254 |
-pkg_preinst() { |
255 |
- has_version "<${CATEGORY}/${PN}-4.1-r10" |
256 |
- fix_spool_dir_perms=$? |
257 |
-} |
258 |
- |
259 |
-pkg_postinst() { |
260 |
- if [[ -f ${ROOT}/etc/init.d/vcron ]] |
261 |
- then |
262 |
- ewarn "Please run:" |
263 |
- ewarn "rc-update del vcron" |
264 |
- ewarn "rc-update add vixie-cron default" |
265 |
- fi |
266 |
- |
267 |
- # bug 71326 |
268 |
- if [[ -u ${ROOT}/etc/pam.d/cron ]] ; then |
269 |
- echo |
270 |
- ewarn "Warning: previous ebuilds didn't reset permissions prior" |
271 |
- ewarn "to installing crontab, resulting in /etc/pam.d/cron being" |
272 |
- ewarn "installed with the SUID and executable bits set." |
273 |
- ewarn |
274 |
- ewarn "Run the following as root to set the proper permissions:" |
275 |
- ewarn " chmod 0644 /etc/pam.d/cron" |
276 |
- echo |
277 |
- fi |
278 |
- |
279 |
- # bug 164466 |
280 |
- if [[ $fix_spool_dir_perms = 0 ]] ; then |
281 |
- echo |
282 |
- ewarn "Previous ebuilds didn't correctly set permissions on" |
283 |
- ewarn "the crontabs spool directory. Proper permissions are" |
284 |
- ewarn "now being set on ${ROOT}var/spool/cron/crontabs/" |
285 |
- ewarn "Look at this directory if you have a specific configuration" |
286 |
- ewarn "that needs special ownerships or permissions." |
287 |
- echo |
288 |
- chmod 1730 "${ROOT}/var/spool/cron/crontabs" || die "chmod failed" |
289 |
- chgrp -R crontab "${ROOT}/var/spool/cron/crontabs" || die "chgrp failed" |
290 |
- cd "${ROOT}/var/spool/cron/crontabs/" |
291 |
- for cronfile in * ; do |
292 |
- [[ ! -f $cronfile ]] || chown "$cronfile:crontab" "$cronfile" \ |
293 |
- || ewarn "chown failed on $cronfile, you probably have an orphan file." |
294 |
- done |
295 |
- fi |
296 |
- |
297 |
- cron_pkg_postinst |
298 |
-} |