| 1 |
commit: 91f459e33251d00871cae5d14c305aace2f905ae |
| 2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Sep 11 11:27:17 2019 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Sep 11 16:21:00 2019 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91f459e3 |
| 7 |
|
| 8 |
sys-process/vixie-cron: Drop old |
| 9 |
|
| 10 |
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> |
| 11 |
|
| 12 |
.../vixie-cron/files/vixie-cron-4.1-selinux-1.diff | 144 --------------------- |
| 13 |
sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild | 126 ------------------ |
| 14 |
2 files changed, 270 deletions(-) |
| 15 |
|
| 16 |
diff --git a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff b/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff |
| 17 |
deleted file mode 100644 |
| 18 |
index ec2493e8c3c..00000000000 |
| 19 |
--- a/sys-process/vixie-cron/files/vixie-cron-4.1-selinux-1.diff |
| 20 |
+++ /dev/null |
| 21 |
@@ -1,144 +0,0 @@ |
| 22 |
-diff -purN vixie-cron-4.1.orig/Makefile vixie-cron-4.1/Makefile |
| 23 |
---- vixie-cron-4.1.orig/Makefile 2004-08-27 14:09:33.000000000 -0400 |
| 24 |
-+++ vixie-cron-4.1/Makefile 2008-08-25 15:17:20.062720415 -0400 |
| 25 |
-@@ -68,7 +68,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(DEBUGGING |
| 26 |
- #<<want to use a nonstandard CC?>> |
| 27 |
- CC = gcc -Wall -Wno-unused -Wno-comment |
| 28 |
- #<<manifest defines>> |
| 29 |
--DEFS = |
| 30 |
-+DEFS = -s -DWITH_SELINUX |
| 31 |
-+LIBS += -lselinux |
| 32 |
- #(SGI IRIX systems need this) |
| 33 |
- #DEFS = -D_BSD_SIGNALS -Dconst= |
| 34 |
- #<<the name of the BSD-like install program>> |
| 35 |
-diff -purN vixie-cron-4.1.orig/database.c vixie-cron-4.1/database.c |
| 36 |
---- vixie-cron-4.1.orig/database.c 2004-08-27 14:09:34.000000000 -0400 |
| 37 |
-+++ vixie-cron-4.1/database.c 2008-08-27 08:19:37.948930858 -0400 |
| 38 |
-@@ -28,6 +28,16 @@ static char rcsid[] = "# $Id$ |
| 39 |
- |
| 40 |
- #include "cron.h" |
| 41 |
- |
| 42 |
-+#ifdef WITH_SELINUX |
| 43 |
-+#include <selinux/selinux.h> |
| 44 |
-+#include <selinux/flask.h> |
| 45 |
-+#include <selinux/av_permissions.h> |
| 46 |
-+#include <selinux/get_context_list.h> |
| 47 |
-+#define SYSUSERNAME "system_u" |
| 48 |
-+#else |
| 49 |
-+#define SYSUSERNAME "*system*" |
| 50 |
-+#endif |
| 51 |
-+ |
| 52 |
- #define TMAX(a,b) ((a)>(b)?(a):(b)) |
| 53 |
- |
| 54 |
- static void process_crontab(const char *, const char *, |
| 55 |
-@@ -183,7 +193,7 @@ process_crontab(const char *uname, const |
| 56 |
- if (fname == NULL) { |
| 57 |
- /* must be set to something for logging purposes. |
| 58 |
- */ |
| 59 |
-- fname = "*system*"; |
| 60 |
-+ fname = SYSUSERNAME; |
| 61 |
- } else if ((pw = getpwnam(uname)) == NULL) { |
| 62 |
- /* file doesn't have a user in passwd file. |
| 63 |
- */ |
| 64 |
-@@ -245,6 +255,56 @@ process_crontab(const char *uname, const |
| 65 |
- free_user(u); |
| 66 |
- log_it(fname, getpid(), "RELOAD", tabname); |
| 67 |
- } |
| 68 |
-+#ifdef WITH_SELINUX |
| 69 |
-+ if (is_selinux_enabled()) { |
| 70 |
-+ security_context_t file_context=NULL; |
| 71 |
-+ security_context_t user_context=NULL; |
| 72 |
-+ struct av_decision avd; |
| 73 |
-+ int retval=0; |
| 74 |
-+ char *seuser=NULL; |
| 75 |
-+ char *level=NULL; |
| 76 |
-+ |
| 77 |
-+ if (fgetfilecon(crontab_fd, &file_context) < OK) { |
| 78 |
-+ log_it(fname, getpid(), "getfilecon FAILED", tabname); |
| 79 |
-+ goto next_crontab; |
| 80 |
-+ } |
| 81 |
-+ |
| 82 |
-+ /* |
| 83 |
-+ * Since crontab files are not directly executed, |
| 84 |
-+ * crond must ensure that the crontab file has |
| 85 |
-+ * a context that is appropriate for the context of |
| 86 |
-+ * the user cron job. It performs an entrypoint |
| 87 |
-+ * permission check for this purpose. |
| 88 |
-+ */ |
| 89 |
-+ if (getseuserbyname(fname, &seuser, &level) < 0) { |
| 90 |
-+ log_it(fname, getpid(), "NO SEUSER", tabname); |
| 91 |
-+ goto next_crontab; |
| 92 |
-+ } |
| 93 |
-+ |
| 94 |
-+ if (get_default_context_with_level(seuser, level, NULL, &user_context) < 0) { |
| 95 |
-+ log_it(fname, getpid(), "NO CONTEXT", tabname); |
| 96 |
-+ freecon(file_context); |
| 97 |
-+ free(seuser); |
| 98 |
-+ free(level); |
| 99 |
-+ goto next_crontab; |
| 100 |
-+ } |
| 101 |
-+ |
| 102 |
-+ retval = security_compute_av(user_context, |
| 103 |
-+ file_context, |
| 104 |
-+ SECCLASS_FILE, |
| 105 |
-+ FILE__ENTRYPOINT, |
| 106 |
-+ &avd); |
| 107 |
-+ freecon(user_context); |
| 108 |
-+ freecon(file_context); |
| 109 |
-+ free(seuser); |
| 110 |
-+ free(level); |
| 111 |
-+ |
| 112 |
-+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { |
| 113 |
-+ log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname); |
| 114 |
-+ goto next_crontab; |
| 115 |
-+ } |
| 116 |
-+ } |
| 117 |
-+#endif |
| 118 |
- u = load_user(crontab_fd, pw, fname); |
| 119 |
- if (u != NULL) { |
| 120 |
- u->mtime = statbuf->st_mtime; |
| 121 |
-diff -purN vixie-cron-4.1.orig/do_command.c vixie-cron-4.1/do_command.c |
| 122 |
---- vixie-cron-4.1.orig/do_command.c 2004-08-27 14:09:34.000000000 -0400 |
| 123 |
-+++ vixie-cron-4.1/do_command.c 2008-08-25 15:43:43.289174371 -0400 |
| 124 |
-@@ -25,6 +25,11 @@ static char rcsid[] = "# $Id$ |
| 125 |
- |
| 126 |
- #include "cron.h" |
| 127 |
- |
| 128 |
-+#ifdef WITH_SELINUX |
| 129 |
-+#include <selinux/selinux.h> |
| 130 |
-+#include <selinux/get_context_list.h> |
| 131 |
-+#endif |
| 132 |
-+ |
| 133 |
- static void child_process(entry *, user *); |
| 134 |
- static int safe_p(const char *, const char *); |
| 135 |
- |
| 136 |
-@@ -265,6 +270,29 @@ child_process(entry *e, user *u) { |
| 137 |
- _exit(OK_EXIT); |
| 138 |
- } |
| 139 |
- # endif /*DEBUGGING*/ |
| 140 |
-+#ifdef WITH_SELINUX |
| 141 |
-+ if (is_selinux_enabled()) { |
| 142 |
-+ char *seuser=NULL; |
| 143 |
-+ char *level=NULL; |
| 144 |
-+ security_context_t scontext; |
| 145 |
-+ |
| 146 |
-+ if (getseuserbyname(u->name, &seuser, &level) < 0) { |
| 147 |
-+ fprintf(stderr, "getseuserbyname: Could not determine seuser for user %s\n", u->name); |
| 148 |
-+ _exit(ERROR_EXIT); |
| 149 |
-+ } |
| 150 |
-+ if (get_default_context_with_level(seuser, level, NULL, &scontext) < 0) { |
| 151 |
-+ fprintf(stderr, "get_default_context_with_level: could not get security context for user %s, seuser %s\n", u->name, seuser); |
| 152 |
-+ _exit(ERROR_EXIT); |
| 153 |
-+ } |
| 154 |
-+ if (setexeccon(scontext) < 0) { |
| 155 |
-+ fprintf(stderr, "setexeccon: Could not set exec context to %s for user %s\n", scontext, u->name); |
| 156 |
-+ _exit(ERROR_EXIT); |
| 157 |
-+ } |
| 158 |
-+ free(seuser); |
| 159 |
-+ free(level); |
| 160 |
-+ freecon(scontext); |
| 161 |
-+ } |
| 162 |
-+#endif |
| 163 |
- execle(shell, shell, "-c", e->cmd, (char *)0, e->envp); |
| 164 |
- fprintf(stderr, "execl: couldn't exec `%s'\n", shell); |
| 165 |
- perror("execl"); |
| 166 |
|
| 167 |
diff --git a/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild b/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild |
| 168 |
deleted file mode 100644 |
| 169 |
index 09604bb3074..00000000000 |
| 170 |
--- a/sys-process/vixie-cron/vixie-cron-4.1-r14.ebuild |
| 171 |
+++ /dev/null |
| 172 |
@@ -1,126 +0,0 @@ |
| 173 |
-# Copyright 1999-2018 Gentoo Foundation |
| 174 |
-# Distributed under the terms of the GNU General Public License v2 |
| 175 |
- |
| 176 |
-EAPI=0 |
| 177 |
- |
| 178 |
-inherit cron toolchain-funcs pam eutils flag-o-matic user systemd |
| 179 |
- |
| 180 |
-# no useful homepage, bug #65898 |
| 181 |
-HOMEPAGE="ftp://ftp.isc.org/isc/cron/" |
| 182 |
-DESCRIPTION="Paul Vixie's cron daemon, a fully featured crond implementation" |
| 183 |
- |
| 184 |
-SELINUX_PATCH="${P}-selinux-1.diff" |
| 185 |
-GENTOO_PATCH_REV="r4" |
| 186 |
- |
| 187 |
-SRC_URI="mirror://gentoo/${P}.tar.bz2 |
| 188 |
- mirror://gentoo/${P}-gentoo-${GENTOO_PATCH_REV}.patch.bz2" |
| 189 |
- |
| 190 |
-LICENSE="ISC BSD-2 BSD" |
| 191 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd" |
| 192 |
-IUSE="selinux pam debug" |
| 193 |
- |
| 194 |
-DEPEND="selinux? ( sys-libs/libselinux ) |
| 195 |
- pam? ( virtual/pam )" |
| 196 |
- |
| 197 |
-RDEPEND="selinux? ( sys-libs/libselinux ) |
| 198 |
- pam? ( virtual/pam )" |
| 199 |
- |
| 200 |
-#vixie-cron supports /etc/crontab |
| 201 |
-CRON_SYSTEM_CRONTAB="yes" |
| 202 |
- |
| 203 |
-pkg_setup() { |
| 204 |
- enewgroup crontab |
| 205 |
-} |
| 206 |
- |
| 207 |
-src_unpack() { |
| 208 |
- unpack ${A} |
| 209 |
- cd "${S}" |
| 210 |
- |
| 211 |
- epatch "${WORKDIR}"/${P}-gentoo-${GENTOO_PATCH_REV}.patch |
| 212 |
- epatch "${FILESDIR}"/crontab.5.diff |
| 213 |
- epatch "${FILESDIR}"/${P}-commandline.patch |
| 214 |
- epatch "${FILESDIR}"/${P}-basename.diff |
| 215 |
- epatch "${FILESDIR}"/${P}-setuid_check.patch |
| 216 |
- epatch "${FILESDIR}"/${P}-hardlink.patch |
| 217 |
- epatch "${FILESDIR}"/${P}-crontabrace.patch |
| 218 |
- use pam && epatch "${FILESDIR}"/${P}-pam.patch |
| 219 |
- use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH} |
| 220 |
-} |
| 221 |
- |
| 222 |
-src_compile() { |
| 223 |
- use debug && append-flags -DDEBUGGING |
| 224 |
- |
| 225 |
- sed -i -e "s:gcc \(-Wall.*\):$(tc-getCC) \1 ${CFLAGS}:" \ |
| 226 |
- -e "s:^\(LDFLAGS[ \t]\+=\).*:\1 ${LDFLAGS}:" Makefile \ |
| 227 |
- || die "sed Makefile failed" |
| 228 |
- |
| 229 |
- emake || die "emake failed" |
| 230 |
-} |
| 231 |
- |
| 232 |
-src_install() { |
| 233 |
- docrondir -m 1730 -o root -g crontab |
| 234 |
- docron |
| 235 |
- docrontab -m 2755 -o root -g crontab |
| 236 |
- |
| 237 |
- # /etc stuff |
| 238 |
- insinto /etc |
| 239 |
- newins "${FILESDIR}"/crontab-3.0.1-r4 crontab |
| 240 |
- newins "${FILESDIR}"/${P}-cron.deny cron.deny |
| 241 |
- |
| 242 |
- keepdir /etc/cron.d |
| 243 |
- newpamd "${FILESDIR}"/pamd.compatible cron |
| 244 |
- newinitd "${FILESDIR}"/vixie-cron.rc7 vixie-cron |
| 245 |
- |
| 246 |
- # doc stuff |
| 247 |
- doman crontab.1 crontab.5 cron.8 |
| 248 |
- dodoc "${FILESDIR}"/crontab |
| 249 |
- dodoc CHANGES CONVERSION FEATURES MAIL README THANKS |
| 250 |
- |
| 251 |
- systemd_dounit "${FILESDIR}/${PN}.service" |
| 252 |
-} |
| 253 |
- |
| 254 |
-pkg_preinst() { |
| 255 |
- has_version "<${CATEGORY}/${PN}-4.1-r10" |
| 256 |
- fix_spool_dir_perms=$? |
| 257 |
-} |
| 258 |
- |
| 259 |
-pkg_postinst() { |
| 260 |
- if [[ -f ${ROOT}/etc/init.d/vcron ]] |
| 261 |
- then |
| 262 |
- ewarn "Please run:" |
| 263 |
- ewarn "rc-update del vcron" |
| 264 |
- ewarn "rc-update add vixie-cron default" |
| 265 |
- fi |
| 266 |
- |
| 267 |
- # bug 71326 |
| 268 |
- if [[ -u ${ROOT}/etc/pam.d/cron ]] ; then |
| 269 |
- echo |
| 270 |
- ewarn "Warning: previous ebuilds didn't reset permissions prior" |
| 271 |
- ewarn "to installing crontab, resulting in /etc/pam.d/cron being" |
| 272 |
- ewarn "installed with the SUID and executable bits set." |
| 273 |
- ewarn |
| 274 |
- ewarn "Run the following as root to set the proper permissions:" |
| 275 |
- ewarn " chmod 0644 /etc/pam.d/cron" |
| 276 |
- echo |
| 277 |
- fi |
| 278 |
- |
| 279 |
- # bug 164466 |
| 280 |
- if [[ $fix_spool_dir_perms = 0 ]] ; then |
| 281 |
- echo |
| 282 |
- ewarn "Previous ebuilds didn't correctly set permissions on" |
| 283 |
- ewarn "the crontabs spool directory. Proper permissions are" |
| 284 |
- ewarn "now being set on ${ROOT}var/spool/cron/crontabs/" |
| 285 |
- ewarn "Look at this directory if you have a specific configuration" |
| 286 |
- ewarn "that needs special ownerships or permissions." |
| 287 |
- echo |
| 288 |
- chmod 1730 "${ROOT}/var/spool/cron/crontabs" || die "chmod failed" |
| 289 |
- chgrp -R crontab "${ROOT}/var/spool/cron/crontabs" || die "chgrp failed" |
| 290 |
- cd "${ROOT}/var/spool/cron/crontabs/" |
| 291 |
- for cronfile in * ; do |
| 292 |
- [[ ! -f $cronfile ]] || chown "$cronfile:crontab" "$cronfile" \ |
| 293 |
- || ewarn "chown failed on $cronfile, you probably have an orphan file." |
| 294 |
- done |
| 295 |
- fi |
| 296 |
- |
| 297 |
- cron_pkg_postinst |
| 298 |
-} |
Archives