powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

at package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 7 years ago
parent
ae0873724e
commit
77fa6e3b56
30 changed files with 2159 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      SOURCES/at-3.1.10-filter-environment.patch
  2. 15
      SOURCES/at-3.1.12-fix_no_export.patch
  3. 19
      SOURCES/at-3.1.12-nowrap.patch
  4. 17
      SOURCES/at-3.1.12-opt_V.patch
  5. 55
      SOURCES/at-3.1.12-shell.patch
  6. 126
      SOURCES/at-3.1.13-aborted-jobs.patch
  7. 42
      SOURCES/at-3.1.13-clear-nonjobs.patch
  8. 22
      SOURCES/at-3.1.13-document-n.patch
  9. 26
      SOURCES/at-3.1.13-fclose-error.patch
  10. 15
      SOURCES/at-3.1.13-help.patch
  11. 62
      SOURCES/at-3.1.13-mailwithhostname.patch
  12. 82
      SOURCES/at-3.1.13-makefile.patch
  13. 121
      SOURCES/at-3.1.13-nitpicks.patch
  14. 426
      SOURCES/at-3.1.13-pam.patch
  15. 165
      SOURCES/at-3.1.13-selinux.patch
  16. 119
      SOURCES/at-3.1.13-usePOSIXtimers.patch
  17. 24
      SOURCES/at-3.1.13-utc-dst.patch
  18. 111
      SOURCES/atd.init
  19. 9
      SOURCES/atd.sysconf
  20. 11
      SOURCES/atd.systemd
  21. 218
      SOURCES/atlas-aarch64port.patch
  22. 17
      SOURCES/atlas-affinity.patch
  23. 50
      SOURCES/atlas-fedora-arm.patch
  24. 14
      SOURCES/atlas-genparse.patch
  25. 16
      SOURCES/atlas-melf.patch
  26. 23
      SOURCES/atlas-s390port.patch
  27. 40
      SOURCES/atlas-shared_libraries.patch
  28. 12
      SOURCES/atlas-throttling.patch
  29. 9
      SOURCES/pam_atd
  30. 267
      SPECS/at.spec

26
SOURCES/at-3.1.10-filter-environment.patch
Unescape View File

@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
diff -up at-3.1.10/at.c.filter-environment at-3.1.10/at.c
--- at-3.1.10/at.c.filter-environment 2014-10-02 10:21:01.684890331 +0200
+++ at-3.1.10/at.c 2014-10-02 10:21:40.678770635 +0200
@@ -388,6 +388,22 @@ writefile(time_t runtimer, char queue)
int export = 1;
char *eqp;
+ /* Only accept alphanumerics and underscore in variable names.
+ * Also require the name to not start with a digit.
+ * Some shells don't like other variable names.
+ */
+ {
+ char *p = *atenv;
+ if (isdigit(*p))
+ export = 0;
+ for (; *p != '=' && *p != '\0'; ++p) {
+ if (!isalnum(*p) && *p != '_') {
+ export = 0;
+ break;
+ }
+ }
+ }
+
eqp = strchr(*atenv, '=');
if (ap == NULL)
eqp = *atenv;

15
SOURCES/at-3.1.12-fix_no_export.patch
Unescape View File

@ -0,0 +1,15 @@ @@ -0,0 +1,15 @@
diff -up at-3.1.12/at.c.noexport at-3.1.12/at.c
--- at-3.1.12/at.c.noexport 2011-06-10 14:21:04.000000000 +0200
+++ at-3.1.12/at.c 2011-06-10 14:22:54.247712577 +0200
@@ -391,8 +391,9 @@ writefile(time_t runtimer, char queue)
unsigned int i;
for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) {
export = export
- && (strncmp(*atenv, no_export[i],
- (size_t) (eqp - *atenv)) != 0);
+ && ((((size_t) (eqp - *atenv)) != strlen(no_export[i]))
+ ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0)
+ );
}
eqp++;
}

19
SOURCES/at-3.1.12-nowrap.patch
Unescape View File

@ -0,0 +1,19 @@ @@ -0,0 +1,19 @@
diff -up at-3.1.12/at.c.nowrap at-3.1.12/at.c
--- at-3.1.12/at.c.nowrap 2010-02-18 14:39:50.125518422 +0100
+++ at-3.1.12/at.c 2010-02-22 13:20:03.817150406 +0100
@@ -308,10 +308,13 @@ writefile(time_t runtimer, char queue)
if (*ap == ' ')
*ap = '0';
- if (stat(atfile, &statbuf) != 0)
+ /*if (stat(atfile, &statbuf) != 0) {
if (errno != ENOENT)
perr("Cannot access " ATJOB_DIR);
-
+ } else {
+ perr("atjob file already exists; bailing");
+ }
+ */
/* Create the file. The x bit is only going to be set after it has
* been completely written out, to make sure it is not executed in the
* meantime. To make sure they do not get deleted, turn off their r

17
SOURCES/at-3.1.12-opt_V.patch
Unescape View File

@ -0,0 +1,17 @@ @@ -0,0 +1,17 @@
diff -up at-3.1.12/at.c.opt_V at-3.1.12/at.c
--- at-3.1.12/at.c.opt_V 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/at.c 2009-12-02 13:20:29.770215516 +0100
@@ -853,10 +853,9 @@ main(int argc, char **argv)
*/
if (disp_version) {
- fprintf(stderr, "at version " VERSION "\n"
- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n"
- "or contact the maintainers (at@packages.debian.org).\n");
- exit(EXIT_SUCCESS);
+ fprintf(stderr, "at version " VERSION "\n");
+ if (argc == 2)
+ exit(EXIT_SUCCESS);
}
/* select our program

55
SOURCES/at-3.1.12-shell.patch
Unescape View File

@ -0,0 +1,55 @@ @@ -0,0 +1,55 @@
diff -up at-3.1.12/at.c.shell at-3.1.12/at.c
--- at-3.1.12/at.c.shell 2009-12-02 13:25:12.706989310 +0100
+++ at-3.1.12/at.c 2009-12-02 13:26:01.991966200 +0100
@@ -62,11 +62,8 @@
#include <stdlib.h>
#include <string.h>
-#ifdef TM_IN_SYS_TIME
#include <sys/time.h>
-#else
#include <time.h>
-#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
@@ -244,6 +241,12 @@ writefile(time_t runtimer, char queue)
int kill_errno;
int rc;
int mailsize = 128;
+ struct timeval tv;
+ struct timezone tz;
+ long int i;
+
+ gettimeofday(&tv, &tz);
+ srandom(getpid()+tv.tv_usec);
/* Install the signal handler for SIGINT; terminate after removing the
* spool file if necessary
@@ -461,6 +464,9 @@ writefile(time_t runtimer, char queue)
fprintf(fp, " || {\n\t echo 'Execution directory "
"inaccessible' >&2\n\t exit 1\n}\n");
+ i = random();
+ fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i);
+
istty = isatty(fileno(stdin));
if (istty) {
fprintf(stderr, "at> ");
@@ -477,6 +483,7 @@ writefile(time_t runtimer, char queue)
fprintf(stderr, "<EOT>\n");
}
fprintf(fp, "\n");
+ fprintf(fp, "marcinDELIMITER%08lx\n", i);
if (ferror(fp))
panic("Output error");
@@ -926,7 +933,7 @@ main(int argc, char **argv)
It also alows a warning diagnostic to be printed. Because of the
possible variance, we always output the diagnostic. */
- fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
+ //fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
writefile(timer, queue);
break;

126
SOURCES/at-3.1.13-aborted-jobs.patch
Unescape View File

@ -0,0 +1,126 @@ @@ -0,0 +1,126 @@
diff -up at-3.1.13/atd.c.aborted at-3.1.13/atd.c
--- at-3.1.13/atd.c.aborted 2016-04-22 13:30:58.563029540 +0200
+++ at-3.1.13/atd.c 2017-09-14 16:00:38.109011916 +0200
@@ -74,6 +74,9 @@
#include <syslog.h>
#endif
+#include <sys/file.h>
+#include <utime.h>
+
/* Local headers */
#include "privs.h"
@@ -285,7 +288,7 @@ run_file(const char *filename, uid_t uid
* mail to the user.
*/
pid_t pid;
- int fd_out, fd_in;
+ int fd_out, fd_in, fd_std;
char jobbuf[9];
char *mailname = NULL;
int mailsize = 128;
@@ -404,6 +407,10 @@ run_file(const char *filename, uid_t uid
fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC);
+ if (flock(fd_in, LOCK_EX | LOCK_NB) != 0)
+ perr("Somebody already locked the job %8lu (%.500s) - "
+ "aborting", jobno, filename);
+
/*
* If the spool directory is mounted via NFS `atd' isn't able to
* read from the job file and will bump out here. The file is
@@ -563,10 +570,7 @@ run_file(const char *filename, uid_t uid
PRIV_END
}
/* We're the parent. Let's wait.
- */
- close(fd_in);
-
- /* We inherited the master's SIGCHLD handler, which does a
+ We inherited the master's SIGCHLD handler, which does a
non-blocking waitpid. So this blocking one will eventually
return with an ECHILD error.
*/
@@ -583,14 +587,14 @@ run_file(const char *filename, uid_t uid
/* some sendmail implementations are confused if stdout, stderr are
* not available, so let them point to /dev/null
*/
- if ((fd_in = open("/dev/null", O_WRONLY)) < 0)
+ if ((fd_std = open("/dev/null", O_WRONLY)) < 0)
perr("Could not open /dev/null.");
- if (dup2(fd_in, STDOUT_FILENO) < 0)
+ if (dup2(fd_std, STDOUT_FILENO) < 0)
perr("Could not use /dev/null as standard output.");
- if (dup2(fd_in, STDERR_FILENO) < 0)
+ if (dup2(fd_std, STDERR_FILENO) < 0)
perr("Could not use /dev/null as standard error.");
- if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO)
- close(fd_in);
+ if (fd_std != STDOUT_FILENO && fd_std != STDERR_FILENO)
+ close(fd_std);
if (unlink(filename) == -1)
syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s",
@@ -598,7 +602,12 @@ run_file(const char *filename, uid_t uid
/* The job is now finished. We can delete its input file.
*/
- chdir(ATJOB_DIR);
+ if (chdir(ATJOB_DIR) != 0)
+ perr("Somebody removed %s directory from under us.", ATJOB_DIR);
+
+ /* This also removes the flock */
+ (void)close(fd_in);
+
unlink(newname);
free(newname);
@@ -642,7 +651,7 @@ run_file(const char *filename, uid_t uid
PRIV_END
}
else if ( mail_pid == -1 ) {
- perr("fork of mailer failed");
+ syslog(LOG_ERR, "fork of mailer failed: %m");
}
else {
/* Parent */
@@ -738,8 +747,16 @@ run_loop()
/* Skip lock files */
if (queue == '=') {
if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) {
- /* Remove stale lockfile FIXME: lock the lockfile, if you fail, it's still in use. */
- unlink(dirent->d_name);
+ int fd;
+
+ fd = open(dirent->d_name, O_RDONLY);
+ if (fd != -1) {
+ if (flock(fd, LOCK_EX | LOCK_NB) == 0) {
+ unlink(dirent->d_name);
+ syslog(LOG_NOTICE, "removing stale lock file %s\n", dirent->d_name);
+ }
+ (void)close(fd);
+ }
}
continue;
}
@@ -752,12 +769,17 @@ run_loop()
/* Is the file already locked?
*/
if (buf.st_nlink > 1) {
+ if (run_time < buf.st_mtime)
+ run_time = buf.st_mtime;
if (run_time + CHECK_INTERVAL <= now) {
-
/* Something went wrong the last time this was executed.
* Let's remove the lockfile and reschedule.
+ * We also change the timestamp to avoid rerunning the job more
+ * than once every CHECK_INTERVAL.
*/
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
+ if (utime(lock_name, 0) < 0)
+ syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name);
lock_name[sizeof(lock_name)-1] = '\0';
lock_name[0] = '=';
unlink(lock_name);

42
SOURCES/at-3.1.13-clear-nonjobs.patch
Unescape View File

@ -0,0 +1,42 @@ @@ -0,0 +1,42 @@
diff -up at-3.1.13/atd.c.clear-nonjobs at-3.1.13/atd.c
--- at-3.1.13/atd.c.clear-nonjobs 2016-04-20 17:15:00.579327865 +0200
+++ at-3.1.13/atd.c 2016-04-20 17:18:06.215376744 +0200
@@ -414,10 +414,22 @@ run_file(const char *filename, uid_t uid
sprintf(fmt, "#!/bin/sh\n# atrun uid=%%d gid=%%d\n# mail %%%ds %%d",
mailsize );
+ /* Unlink the file unless there was an error reading it (perhaps
+ * temporary).
+ * If the file has a bogus format there is no reason in trying
+ * to run it again and again.
+ */
if (fscanf(stream, fmt,
- &nuid, &ngid, mailname, &send_mail) != 4)
- pabort("File %.500s is in wrong format - aborting",
- filename);
+ &nuid, &ngid, mailname, &send_mail) != 4) {
+ if (ferror(stream))
+ perr("Error reading the job file");
+
+ unlink(filename);
+ pabort("File %.500s is in wrong format - aborting",
+ filename);
+ }
+
+ unlink(filename);
if (mailname[0] == '-')
pabort("illegal mail name %.300s in job %8lu (%.300s)", mailname,
@@ -427,12 +439,6 @@ run_file(const char *filename, uid_t uid
pabort("Job %8lu (%.500s) - userid %d does not match file uid %d",
jobno, filename, nuid, uid);
- /* We are now committed to executing this script. Unlink the
- * original.
- */
-
- unlink(filename);
-
fclose(stream);
if (chdir(ATSPOOL_DIR) < 0)
perr("Cannot chdir to " ATSPOOL_DIR);

22
SOURCES/at-3.1.13-document-n.patch
Unescape View File

@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
diff -up at-3.1.13/atd.8.in.document-n at-3.1.13/atd.8.in
--- at-3.1.13/atd.8.in.document-n 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/atd.8.in 2017-09-14 15:06:08.082433012 +0200
@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi
.IR batch_interval ]
.RB [ -d ]
.RB [ -f ]
+.RB [ -n ]
.RB [ -s ]
.SH DESCRIPTION
.B atd
@@ -40,6 +41,10 @@ Run
.BR atd
in the foreground.
.TP 8
+.B -n
+Append the hostname of the system to the subject of the e-mails sent by
+.BR atd .
+.TP 8
.B -s
Process the at/batch queue only once.
This is primarily of use for compatibility with old versions of

26
SOURCES/at-3.1.13-fclose-error.patch
Unescape View File

@ -0,0 +1,26 @@ @@ -0,0 +1,26 @@
diff -up at-3.1.13/at.c.fclose at-3.1.13/at.c
--- at-3.1.13/at.c.fclose 2016-04-20 17:15:00.584327893 +0200
+++ at-3.1.13/at.c 2016-04-20 17:15:50.453609665 +0200
@@ -209,7 +209,11 @@ nextjob()
jobno = (1 + jobno) % 0xfffff; /* 2^20 jobs enough? */
fprintf(fid, "%05lx\n", jobno);
- fclose(fid);
+ if (ferror(fid))
+ jobno = EOF;
+
+ if (fclose(fid) != 0)
+ jobno = EOF;
return jobno;
}
@@ -498,7 +502,8 @@ writefile(time_t runtimer, char queue)
if (ferror(stdin))
panic("Input error");
- fclose(fp);
+ if (fclose(fp) != 0)
+ panic("Output error");
/* Set the x bit so that we're ready to start executing
*/

15
SOURCES/at-3.1.13-help.patch
Unescape View File

@ -0,0 +1,15 @@ @@ -0,0 +1,15 @@
diff -up at-3.1.13/at.c.add at-3.1.13/at.c
diff -up at-3.1.13/panic.c.add at-3.1.13/panic.c
--- at-3.1.13/panic.c.add 2012-01-27 13:54:46.216466452 +0100
+++ at-3.1.13/panic.c 2012-01-27 13:57:35.123747498 +0100
@@ -92,8 +92,8 @@ usage(void)
{
/* Print usage and exit.
*/
- fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mlbv] timespec ...\n"
- " at [-V] [-q x] [-f file] [-mlbv] -t time\n"
+ fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mMlbv] timespec ...\n"
+ " at [-V] [-q x] [-f file] [-mMlbv] -t time\n"
" at -c job ...\n"
" atq [-V] [-q x]\n"
" at [ -rd ] job ...\n"

62
SOURCES/at-3.1.13-mailwithhostname.patch
Unescape View File

@ -0,0 +1,62 @@ @@ -0,0 +1,62 @@
diff -up at-3.1.13/atd.c.hostname at-3.1.13/atd.c
--- at-3.1.13/atd.c.hostname 2012-01-12 18:19:36.000000000 +0100
+++ at-3.1.13/atd.c 2012-01-12 18:52:34.000000000 +0100
@@ -99,6 +99,10 @@ int selinux_enabled=0;
#define BATCH_INTERVAL_DEFAULT 60
#define CHECK_INTERVAL 3600
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
/* Global variables */
uid_t real_uid, effective_uid;
@@ -116,6 +120,7 @@ static time_t last_chg;
static int nothing_to_do;
unsigned int batch_interval;
static int run_as_daemon = 0;
+static int mail_with_hostname = 0;
static volatile sig_atomic_t term_signal = 0;
@@ -297,6 +302,7 @@ run_file(const char *filename, uid_t uid
char fmt[64];
unsigned long jobno;
int rc;
+ char hostbuf[MAXHOSTNAMELEN];
#ifdef WITH_PAM
int retcode;
#endif
@@ -451,6 +457,11 @@ run_file(const char *filename, uid_t uid
write_string(fd_out, "Subject: Output from your job ");
write_string(fd_out, jobbuf);
+ if (mail_with_hostname > 0) {
+ gethostname(hostbuf, MAXHOSTNAMELEN-1);
+ write_string(fd_out, " ");
+ write_string(fd_out, hostbuf);
+ }
write_string(fd_out, "\nTo: ");
write_string(fd_out, mailname);
write_string(fd_out, "\n\n");
@@ -910,7 +921,7 @@ main(int argc, char *argv[])
run_as_daemon = 1;
batch_interval = BATCH_INTERVAL_DEFAULT;
- while ((c = getopt(argc, argv, "sdl:b:f")) != EOF) {
+ while ((c = getopt(argc, argv, "sdnl:b:f")) != EOF) {
switch (c) {
case 'l':
if (sscanf(optarg, "%lf", &load_avg) != 1)
@@ -932,6 +943,10 @@ main(int argc, char *argv[])
daemon_foreground++;
break;
+ case 'n':
+ mail_with_hostname=1;
+ break;
+
case 's':
run_as_daemon = 0;
break;

82
SOURCES/at-3.1.13-makefile.patch
Unescape View File

@ -0,0 +1,82 @@ @@ -0,0 +1,82 @@
diff -up at-3.1.13/Makefile.in.make at-3.1.13/Makefile.in
--- at-3.1.13/Makefile.in.make 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/Makefile.in 2011-07-29 08:06:28.317600053 +0200
@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc
all: at atd atrun
at: $(ATOBJECTS)
- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,now -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB)
rm -f $(CLONES)
$(LN_S) -f at atq
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB)
+ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,now -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
@@ -83,38 +83,41 @@ atrun: atrun.in
configure
.c.o:
- $(CC) -c $(CFLAGS) $(DEFS) $*.c
+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c
install: all
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir)
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir)
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir)
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir)
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(bindir)
+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir)
+ $(INSTALL) -m 755 -d $(IROOT)$(docdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/
+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
touch $(IROOT)$(LFILE)
chmod 600 $(IROOT)$(LFILE)
chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE)
- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir)
+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/
+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd
+ $(INSTALL) -m 4755 at $(IROOT)$(bindir)
$(LN_S) -f at $(IROOT)$(bindir)/atq
$(LN_S) -f at $(IROOT)$(bindir)/atrm
- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir)
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir)
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir)
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir)
- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/
+ $(INSTALL) -m 755 batch $(IROOT)$(bindir)
+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir)
+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir)
+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir)
+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir)
+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir)
+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/
cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1
- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/
+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/
sed "s,\$${exec_prefix},$(exec_prefix),g" <atrun.8>tmpman
- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
rm -f tmpman
- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/
+ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/
cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5
- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir)
+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir)
rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
$(IROOT)$(mandir)/cat1/atq.1*
rm -f $(IROOT)$(mandir)/cat1/atd.8*

121
SOURCES/at-3.1.13-nitpicks.patch
Unescape View File

@ -0,0 +1,121 @@ @@ -0,0 +1,121 @@
diff -up at-3.1.13/at.1.in.nit at-3.1.13/at.1.in
--- at-3.1.13/at.1.in.nit 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/at.1.in 2011-07-28 13:04:41.398174737 +0200
@@ -126,7 +126,7 @@ and to run a job at 1am tomorrow, you wo
.B at 1am tomorrow.
.PP
The definition of the time specification can be found in
-.IR @prefix@/share/doc/at/timespec .
+.IR @prefix@/share/doc/at-@VERSION@/timespec .
.PP
For both
.BR at " and " batch ,
@@ -204,7 +204,7 @@ queue for
.BR batch .
Queues with higher letters run with increased niceness. The special
queue "=" is reserved for jobs which are currently running.
-.P
+
If a job is submitted to a queue designated with an uppercase letter, the
job is treated as if it were submitted to batch at the time of the job.
Once the time is reached, the batch processing rules with respect to load
@@ -248,7 +248,7 @@ is an alias for
.TP
.B \-v
Shows the time the job will be executed before reading the job.
-.P
+
Times displayed will be in the format "Thu Feb 20 14:50:00 1997".
.TP
.B
diff -up at-3.1.13/atd.c.nit at-3.1.13/atd.c
--- at-3.1.13/atd.c.nit 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/atd.c 2011-07-28 13:01:31.577967025 +0200
@@ -83,6 +83,9 @@
#include "getloadavg.h"
#endif
+#ifndef LOG_ATD
+#define LOG_ATD LOG_DAEMON
+#endif
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
@@ -194,6 +197,18 @@ myfork()
#define fork myfork
#endif
+#undef ATD_MAIL_PROGRAM
+#undef ATD_MAIL_NAME
+#if defined(SENDMAIL)
+#define ATD_MAIL_PROGRAM SENDMAIL
+#define ATD_MAIL_NAME "sendmail"
+#elif defined(MAILC)
+#define ATD_MAIL_PROGRAM MAILC
+#define ATD_MAIL_NAME "mail"
+#elif defined(MAILX)
+#define ATD_MAIL_PROGRAM MAILX
+#define ATD_MAIL_NAME "mailx"
+#endif
static void
run_file(const char *filename, uid_t uid, gid_t gid)
@@ -271,6 +286,9 @@ run_file(const char *filename, uid_t uid
free(newname);
return;
}
+
+ (void) setsid(); //own session for process
+
/* Let's see who we mail to. Hopefully, we can read it from
* the command file; if not, send it to the owner, or, failing that,
* to root.
@@ -433,6 +451,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir("/");
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
@@ -501,6 +522,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir ("/");
#if defined(SENDMAIL)
@@ -615,6 +639,7 @@ run_loop()
* Let's remove the lockfile and reschedule.
*/
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
+ lock_name[sizeof(lock_name)-1] = '\0';
lock_name[0] = '=';
unlink(lock_name);
next_job = now;
@@ -649,6 +674,7 @@ run_loop()
run_batch++;
if (strcmp(batch_name, dirent->d_name) > 0) {
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
+ batch_name[sizeof(batch_name)-1] = '\0';
batch_uid = buf.st_uid;
batch_gid = buf.st_gid;
batch_queue = queue;
@@ -723,11 +749,7 @@ main(int argc, char *argv[])
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
-#ifndef LOG_CRON
-#define LOG_CRON LOG_DAEMON
-#endif
-
- openlog("atd", LOG_PID, LOG_CRON);
+ openlog("atd", LOG_PID, LOG_ATD);
opterr = 0;
errno = 0;

426
SOURCES/at-3.1.13-pam.patch
Unescape View File

@ -0,0 +1,426 @@ @@ -0,0 +1,426 @@
diff -up at-3.1.13/at.c.pam at-3.1.13/at.c
--- at-3.1.13/at.c.pam 2012-04-19 16:50:57.491000001 +0200
+++ at-3.1.13/at.c 2012-04-19 16:50:57.505000001 +0200
@@ -141,18 +141,13 @@ sigc(int signo)
/* If the user presses ^C, remove the spool file and exit
*/
if (fcreated) {
- /*
PRIV_START
-
+ /*
We need the unprivileged uid here since the file is owned by the real
(not effective) uid.
*/
- setregid(real_gid, effective_gid);
- unlink(atfile);
- setregid(effective_gid, real_gid);
- /*
+ unlink(atfile);
PRIV_END
- */
}
exit(EXIT_FAILURE);
}
@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue)
* bit. Yes, this is a kluge.
*/
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
- seteuid(real_uid);
+ if ((seteuid(effective_uid)) < 0)
+ perr("Error in seteuid: %s", errno);
if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1)
perr("Cannot create atjob file %.500s", atfile);
- seteuid(effective_uid);
if ((fd2 = dup(fd)) < 0)
perr("Error in dup() of job file");
- /*
if (fchown(fd2, real_uid, real_gid) != 0)
- perr("Cannot give away file");
- */
+ perr("Cannot give real_uid and real_gid the file");
PRIV_END
- /* We no longer need suid root; now we just need to be able to write
- * to the directory, if necessary.
- */
-
- REDUCE_PRIV(daemon_uid, daemon_gid)
/* We've successfully created the file; let's set the flag so it
* gets removed in case of an interrupt or error.
*/
@@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int
We need the unprivileged uid here since the file is owned by the real
(not effective) uid.
*/
- setregid(real_gid, effective_gid);
+ PRIV_START
if (queue == '=') {
fprintf(stderr, "Warning: deleting running job\n");
@@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int
perr("Cannot unlink %.500s", dirent->d_name);
rc = EXIT_FAILURE;
}
+ PRIV_END
- setregid(effective_gid, real_gid);
done = 1;
break;
@@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int
FILE *fp;
int ch;
- setregid(real_gid, effective_gid);
+ PRIV_START
fp = fopen(dirent->d_name, "r");
if (fp) {
@@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int
perr("Cannot open %.500s", dirent->d_name);
rc = EXIT_FAILURE;
}
- setregid(effective_gid, real_gid);
+ PRIV_END
}
break;
diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c
--- at-3.1.13/atd.c.pam 2012-04-19 16:50:57.498000001 +0200
+++ at-3.1.13/atd.c 2012-04-19 16:52:37.209000138 +0200
@@ -111,7 +111,7 @@ static int run_as_daemon = 0;
static volatile sig_atomic_t term_signal = 0;
-#ifdef HAVE_PAM
+#ifdef WITH_PAM
#include <security/pam_appl.h>
static pam_handle_t *pamh = NULL;
@@ -120,15 +120,7 @@ static const struct pam_conv conv = {
NULL
};
-#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
- pam_end(pamh, retcode); exit(1); \
- }
-#define PAM_END { retcode = pam_close_session(pamh,0); \
- pam_end(pamh,retcode); }
-
-#endif /* HAVE_PAM */
+#endif /* WITH_PAM */
/* Signal handlers */
RETSIGTYPE
@@ -235,7 +227,7 @@ run_file(const char *filename, uid_t uid
char fmt[64];
unsigned long jobno;
int rc;
-#ifdef HAVE_PAM
+#ifdef WITH_PAM
int retcode;
#endif
@@ -395,17 +387,11 @@ run_file(const char *filename, uid_t uid
fstat(fd_out, &buf);
size = buf.st_size;
-#ifdef HAVE_PAM
- PRIV_START
- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
- PAM_FAIL_CHECK;
- retcode = pam_acct_mgmt(pamh, PAM_SILENT);
- PAM_FAIL_CHECK;
- retcode = pam_open_session(pamh, PAM_SILENT);
- PAM_FAIL_CHECK;
- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
- PAM_FAIL_CHECK;
- PRIV_END
+#ifdef WITH_PAM
+ AT_START_PAM;
+ AT_OPEN_PAM_SESSION;
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
#endif
close(STDIN_FILENO);
@@ -419,7 +405,14 @@ run_file(const char *filename, uid_t uid
else if (pid == 0) {
char *nul = NULL;
char **nenvp = &nul;
+ char **pam_envp=0L;
+ PRIV_START
+#ifdef WITH_PAM
+ pam_envp = pam_getenvlist(pamh);
+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
+ nenvp = pam_envp;
+#endif
/* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file.
*/
@@ -438,8 +431,6 @@ run_file(const char *filename, uid_t uid
close(fd_in);
close(fd_out);
- PRIV_START
-
nice((tolower((int) queue) - 'a' + 1) * 2);
if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -458,7 +449,16 @@ run_file(const char *filename, uid_t uid
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
-
+#ifdef WITH_PAM
+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L))
+ {
+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++)
+ free(*nenvp);
+ free( pam_envp );
+ nenvp = &nul;
+ pam_envp=0L;
+ }
+#endif
PRIV_END
}
/* We're the parent. Let's wait.
@@ -471,14 +471,6 @@ run_file(const char *filename, uid_t uid
*/
waitpid(pid, (int *) NULL, 0);
-#ifdef HAVE_PAM
- PRIV_START
- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
- retcode = pam_close_session(pamh, PAM_SILENT);
- pam_end(pamh, retcode);
- PRIV_END
-#endif
-
/* Send mail. Unlink the output file after opening it, so it
* doesn't hang around after the run.
*/
@@ -509,8 +501,20 @@ run_file(const char *filename, uid_t uid
unlink(newname);
free(newname);
+#ifdef ATD_MAIL_PROGRAM
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
+ int mail_pid = -1;
+#ifdef WITH_PAM
+ AT_START_PAM;
+ AT_OPEN_PAM_SESSION;
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
+#endif
+
+ mail_pid = fork();
+ if ( mail_pid == 0 )
+ {
PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -535,7 +539,21 @@ run_file(const char *filename, uid_t uid
perr("Exec failed for mail command");
PRIV_END
+ }
+ else if ( mail_pid == -1 ) {
+ perr("fork of mailer failed");
+ }
+ else {
+ /* Parent */
+ waitpid(mail_pid, (int *) NULL, 0);
+ }
+#ifdef WITH_PAM
+ AT_CLOSE_PAM;
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
+#endif
}
+#endif
exit(EXIT_SUCCESS);
}
diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in
--- at-3.1.13/config.h.in.pam 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/config.h.in 2012-04-19 16:50:57.506000001 +0200
@@ -68,8 +68,8 @@
/* Define to 1 if you have the <nlist.h> header file. */
#undef HAVE_NLIST_H
-/* Define to 1 for PAM support */
-#undef HAVE_PAM
+/* Define if you are building with_pam */
+#undef WITH_PAM
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac
--- at-3.1.13/configure.ac.pam 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/configure.ac 2012-04-19 16:50:57.506000001 +0200
@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
AC_CHECK_HEADERS(security/pam_appl.h, [
PAMLIB="-lpam"
- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])
+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support])
])
dnl Checking for programs
@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username,
)
AC_SUBST(DAEMON_USERNAME)
+AC_ARG_WITH(pam,
+[ --with-pam Define to enable pam support ],
+AC_DEFINE(WITH_PAM),
+)
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB)
+
AC_MSG_CHECKING(groupname to run under)
AC_ARG_WITH(daemon_groupname,
[ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c
--- at-3.1.13/perm.c.pam 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/perm.c 2012-04-19 16:53:09.192001742 +0200
@@ -51,6 +51,14 @@
#define PRIV_END while(0)
#endif
+#ifdef WITH_PAM
+#include <security/pam_appl.h>
+static pam_handle_t *pamh = NULL;
+static const struct pam_conv conv = {
+ NULL
+};
+#endif
+
/* Structures and unions */
@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha
int
check_permission()
{
- uid_t uid = geteuid();
+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
struct passwd *pentry;
int allow = 0, deny = 1;
- if (uid == 0)
+ int retcode = 0;
+ if (euid == 0)
return 1;
- if ((pentry = getpwuid(uid)) == NULL) {
+ if ((pentry = getpwuid(euid)) == NULL) {
perror("Cannot access user database");
exit(EXIT_FAILURE);
}
+#ifdef WITH_PAM
+/*
+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
+ */
+ if (setreuid(daemon_uid, daemon_uid) != 0) {
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
+ exit(1);
+ }
+ if (setregid(daemon_gid, daemon_gid) != 0) {
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
+ exit(1);
+ }
+
+ AT_START_PAM;
+ AT_CLOSE_PAM;
+ if (setregid(gid,egid) != 0) {
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
+ exit(1);
+ }
+ if (setreuid(uid,euid) != 0) {
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
+ exit(1);
+ }
+#endif
+
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
if (allow==0 || allow==1)
return allow;
diff -up at-3.1.13/privs.h.pam at-3.1.13/privs.h
--- at-3.1.13/privs.h.pam 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/privs.h 2012-04-19 16:53:46.296016675 +0200
@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da
#error "Cannot implement user ID swapping without setreuid or setresuid"
#endif
#endif
+
+#ifdef WITH_PAM
+/* PAM failed after session was open. */
+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \
+ pam_close_session(pamh,PAM_SILENT);
+
+/* syslog will be logging error messages */
+#ifdef HAVE_UNISTD_H
+#include <syslog.h>
+#endif
+
+/* PAM fail even before opening the session */
+#define PAM_FAIL_CHECK \
+ do { if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ if (pamh) \
+ pam_end(pamh, retcode); \
+ if (setregid(getgid(),getegid()) != 0) { \
+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \
+ exit(1); \
+ } \
+ if (setreuid(getuid(),geteuid()) != 0) { \
+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \
+ exit(1); \
+ } \
+ exit(1); \
+ } \
+ } while (0) \
+
+static int pam_session_opened = 0; //global for open session
+
+#define AT_START_PAM { \
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \
+ PAM_FAIL_CHECK; \
+}
+
+#define AT_OPEN_PAM_SESSION { \
+ retcode = pam_open_session(pamh, PAM_SILENT); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \
+ PAM_FAIL_CHECK; \
+ if (retcode == PAM_SUCCESS) \
+ pam_session_opened = 1; \
+}
+
+#define AT_CLOSE_PAM { \
+ if (pam_session_opened != 0) { \
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); \
+ pam_close_session(pamh, PAM_SILENT); \
+ } \
+ pam_end(pamh, PAM_SUCCESS); \
+}
+
+#endif
+

165
SOURCES/at-3.1.13-selinux.patch
Unescape View File

@ -0,0 +1,165 @@ @@ -0,0 +1,165 @@
diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c
--- at-3.1.13/atd.c.selinux 2012-11-01 15:11:21.368772308 +0100
+++ at-3.1.13/atd.c 2012-11-01 15:13:16.809162818 +0100
@@ -83,6 +83,14 @@
#include "getloadavg.h"
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled=0;
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif
+
#ifndef LOG_ATD
#define LOG_ATD LOG_DAEMON
#endif
@@ -202,6 +210,68 @@ myfork()
#define ATD_MAIL_NAME "mailx"
#endif
+#ifdef WITH_SELINUX
+static int set_selinux_context(const char *name, const char *filename) {
+ security_context_t user_context=NULL;
+ security_context_t file_context=NULL;
+ struct av_decision avd;
+ int retval=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (getseuserbyname(name, &seuser, &level) == 0) {
+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce()==1) {
+ perr("execle: couldn't get security context for user %s\n", name);
+ } else {
+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
+ return -1;
+ }
+ }
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
+ perr("fgetfilecon FAILED %s", filename);
+
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ if (security_getenforce()==1) {
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
+ } else {
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
+ }
+ }
+ if (setexeccon(user_context) < 0) {
+ if (security_getenforce()==1) {
+ perr("Could not set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ } else {
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
+ }
+ }
+ err:
+ freecon(user_context);
+ return 0;
+}
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -446,9 +516,23 @@ run_file(const char *filename, uid_t uid
perr("Cannot reset signal handler to default");
chdir("/");
-
+#ifdef WITH_SELINUX
+ if (selinux_enabled > 0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
+//add for fedora
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0)
+ if (setexeccon(NULL) < 0)
+ if (security_getenforce()==1)
+ perr("Could not resset exec context for user %s\n", pentry->pw_name);
+#endif
+//end
+//add for fedora
#ifdef WITH_PAM
if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L))
{
@@ -751,6 +835,10 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
+#ifdef WITH_SELINUX
+ selinux_enabled=is_selinux_enabled();
+#endif
+
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
diff -up at-3.1.13/config.h.in.selinux at-3.1.13/config.h.in
--- at-3.1.13/config.h.in.selinux 2012-11-01 15:11:21.368772308 +0100
+++ at-3.1.13/config.h.in 2012-11-01 15:11:21.371772392 +0100
@@ -71,6 +71,9 @@
/* Define if you are building with_pam */
#undef WITH_PAM
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.13/configure.ac.selinux at-3.1.13/configure.ac
--- at-3.1.13/configure.ac.selinux 2012-11-01 15:11:21.369772335 +0100
+++ at-3.1.13/configure.ac 2012-11-01 15:11:21.372772420 +0100
@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname,
)
AC_SUBST(DAEMON_GROUPNAME)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch)
AC_OUTPUT
diff -up at-3.1.13/Makefile.in.selinux at-3.1.13/Makefile.in
--- at-3.1.13/Makefile.in.selinux 2012-11-01 15:11:21.361772115 +0100
+++ at-3.1.13/Makefile.in 2012-11-01 15:11:21.372772420 +0100
@@ -39,6 +39,8 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
+SELINUXLIB = @SELINUXLIB@
+
CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o

119
SOURCES/at-3.1.13-usePOSIXtimers.patch
Unescape View File

@ -0,0 +1,119 @@ @@ -0,0 +1,119 @@
diff -ur -x configure at-3.1.13.orig/atd.c at-3.1.13/atd.c
--- at-3.1.13.orig/atd.c 2011-11-16 11:30:22.424764253 -0500
+++ at-3.1.13/atd.c 2011-11-16 16:41:12.102831656 -0500
@@ -815,6 +815,54 @@
return next_job;
}
+#ifdef HAVE_CLOCK_GETTIME
+timer_t timer;
+struct itimerspec timeout;
+
+void timer_setup()
+{
+ struct sigevent sev;
+
+ sev.sigev_notify = SIGEV_SIGNAL;
+ sev.sigev_signo = SIGHUP;
+ sev.sigev_value.sival_ptr = &timer;
+
+ memset(&timeout, 0, sizeof(timeout));
+
+ if (timer_create(CLOCK_REALTIME, &sev, &timer) < 0)
+ pabort("unable to create timer");
+}
+
+time_t atd_gettime()
+{
+ struct timespec curtime;
+
+ clock_gettime(CLOCK_REALTIME, &curtime);
+
+ return curtime.tv_sec;
+}
+
+void atd_setalarm(time_t next)
+{
+ timeout.it_value.tv_sec = next;
+ timer_settime(timer, TIMER_ABSTIME, &timeout, NULL);
+ pause();
+}
+#else
+void timer_setup()
+{
+}
+
+time_t atd_gettime()
+{
+ return time(NULL);
+}
+
+void atd_setalarm(time_t next)
+{
+ sleep(next - atd_gettime());
+}
+#endif
/* Global functions */
int
@@ -835,7 +883,6 @@
struct sigaction act;
struct passwd *pwe;
struct group *ge;
-
#ifdef WITH_SELINUX
selinux_enabled=is_selinux_enabled();
#endif
@@ -912,7 +959,7 @@
sigaction(SIGCHLD, &act, NULL);
if (!run_as_daemon) {
- now = time(NULL);
+ now = atd_gettime();
run_loop();
exit(EXIT_SUCCESS);
}
@@ -935,13 +982,15 @@
act.sa_handler = set_term;
sigaction(SIGINT, &act, NULL);
+ timer_setup();
+
daemon_setup();
do {
- now = time(NULL);
+ now = atd_gettime();
next_invocation = run_loop();
if (next_invocation > now) {
- sleep(next_invocation - now);
+ atd_setalarm(next_invocation);
}
} while (!term_signal);
daemon_cleanup();
diff -ur -x configure at-3.1.13.orig/config.h.in at-3.1.13/config.h.in
--- at-3.1.13.orig/config.h.in 2011-11-16 11:30:22.424764253 -0500
+++ at-3.1.13/config.h.in 2011-11-16 16:32:44.485426754 -0500
@@ -38,6 +38,9 @@
/* Define to 1 if you have the `getloadavg' function. */
#undef HAVE_GETLOADAVG
+/* Define to 1 if you have the `clock_gettime' function. */
+#undef HAVE_TIMER_CREATE
+
/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
diff -ur -x configure at-3.1.13.orig/configure.ac at-3.1.13/configure.ac
--- at-3.1.13.orig/configure.ac 2011-11-16 11:30:22.425764254 -0500
+++ at-3.1.13/configure.ac 2011-11-16 16:31:29.791561747 -0500
@@ -274,5 +274,9 @@
AC_SUBST(SELINUXLIB)
AC_SUBST(WITH_SELINUX)
+dnl check for POSIX timer functions
+AC_SEARCH_LIBS([timer_create],[rt])
+AC_CHECK_FUNCS([timer_create])
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch)
AC_OUTPUT

24
SOURCES/at-3.1.13-utc-dst.patch
Unescape View File

@ -0,0 +1,24 @@ @@ -0,0 +1,24 @@
diff -up at-3.1.13/parsetime.y.dst at-3.1.13/parsetime.y
--- at-3.1.13/parsetime.y.dst 2011-06-25 14:43:14.000000000 +0200
+++ at-3.1.13/parsetime.y 2016-04-20 17:23:24.140171655 +0200
@@ -476,8 +476,8 @@ parsetime(time_t currtime, int argc, cha
exectm = *localtime(&currtime);
currtime -= exectm.tm_sec;
exectm.tm_sec = 0;
- exectm.tm_isdst = -1;
memcpy(&currtm,&exectm,sizeof(currtm));
+ exectm.tm_isdst = -1;
time_only = 0;
yearspec = 0;
@@ -503,8 +503,8 @@ parsetime(time_t currtime, int argc, cha
return 0;
if (isgmt) {
exectime -= timezone;
- if (currtm.tm_isdst && !exectm.tm_isdst)
- exectime -= 3600;
+ if (exectm.tm_isdst)
+ exectime += 3600;
}
if (exectime < currtime)
panic("refusing to create job destined in the past");

111
SOURCES/atd.init
Unescape View File

@ -0,0 +1,111 @@ @@ -0,0 +1,111 @@
#!/bin/sh
#
# atd Starts/stop the "at" daemon
#
# chkconfig: 345 95 5
# description: Runs commands scheduled by the "at" command at the time \
# specified when "at" was run, and runs batch commands when the load \
# average is low enough.

### BEGIN INIT INFO
# Provides: atd at batch
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 345
# Default-Stop: 95
# Short-Description: Starts/stop the "at" daemon
# Description: Runs commands scheduled by the "at" command at the time
# specified when "at" was run, and runs batch commands when the load
# average is low enough.
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

exec=/usr/sbin/atd
prog="atd"
config=/etc/sysconfig/atd

[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog

lockfile=/var/lock/subsys/$prog

start() {
[ -x $exec ] || exit 5
[ -f $config ] || exit 6
echo -n $"Starting $prog: "
daemon $exec $OPTS && success || failure
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}

stop() {
echo -n $"Stopping $prog: "
if [ -n "`pidfileofproc $exec`" ] ; then
killproc $exec
RETVAL=3
else
failure $"Stopping $prog"
fi
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}

restart() {
stop
start
}

reload() {
restart
}

force_reload() {
restart
}

rh_status() {
# run checks to determine if the service is running or use generic status
status $prog
}

rh_status_q() {
rh_status >/dev/null 2>&1
}


case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?

9
SOURCES/atd.sysconf
Unescape View File

@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
# specify additional command line arguments for atd
#
# -l Specifies a limiting load factor, over which batch jobs should not be run, instead of the compile-time
# choice of 0.8. For an SMP system with n CPUs, you will probably want to set this higher than n-1.
#
# -b Specifiy the minimum interval in seconds between the start of two batch jobs (60 default).

#example:
#OPTS="-l 4 -b 120"

11
SOURCES/atd.systemd
Unescape View File

@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
[Unit]
Description=Job spooling tools
After=syslog.target systemd-user-sessions.service

[Service]
EnvironmentFile=/etc/sysconfig/atd
ExecStart=/usr/sbin/atd -f $OPTS
IgnoreSIGPIPE=no

[Install]
WantedBy=multi-user.target

218
SOURCES/atlas-aarch64port.patch
Unescape View File

@ -0,0 +1,218 @@ @@ -0,0 +1,218 @@
diff --git a/CONFIG/include/atlconf.h b/CONFIG/include/atlconf.h
index cdceda3..e6d71d3 100644
--- a/CONFIG/include/atlconf.h
+++ b/CONFIG/include/atlconf.h
@@ -16,9 +16,9 @@ enum OSTYPE {OSOther=0, OSLinux, OSSunOS, OSSunOS4, OSOSF1, OSIRIX, OSAIX,
((OS_) == OSWin64) )
enum ARCHFAM {AFOther=0, AFPPC, AFSPARC, AFALPHA, AFX86, AFIA64, AFMIPS,
- AFARM, AFS390};
+ AFARM, AFS390, AFAARCH64};
-#define NMACH 47
+#define NMACH 48
static char *machnam[NMACH] =
{"UNKNOWN", "POWER3", "POWER4", "POWER5", "PPCG4", "PPCG5",
"POWER6", "POWER7", "IBMz9", "IBMz10", "IBMz196",
@@ -28,7 +28,7 @@ static char *machnam[NMACH] =
"Efficeon", "K7", "HAMMER", "AMD64K10h", "AMDDOZER", "UNKNOWNx86",
"IA64Itan", "IA64Itan2",
"USI", "USII", "USIII", "USIV", "UST2", "UnknownUS",
- "MIPSR1xK", "MIPSICE9", "ARMv7"};
+ "MIPSR1xK", "MIPSICE9", "ARMv7", "AARCH64"};
enum MACHTYPE {MACHOther, IbmPwr3, IbmPwr4, IbmPwr5, PPCG4, PPCG5,
IbmPwr6, IbmPwr7,
IbmZ9, IbmZ10, IbmZ196, /* s390(x) in Linux */
@@ -41,7 +41,8 @@ enum MACHTYPE {MACHOther, IbmPwr3, IbmPwr4, IbmPwr5, PPCG4, PPCG5,
SunUSI, SunUSII, SunUSIII, SunUSIV, SunUST2, SunUSX,
MIPSR1xK, /* includes R10K, R12K, R14K, R16K */
MIPSICE9, /* SiCortex ICE9 -- like MIPS5K */
- ARMv7 /* includes Cortex A8, A9 */
+ ARMv7, /* includes Cortex A8, A9 */
+ AARCH64
};
#define MachIsX86(mach_) \
( (mach_) >= x86x87 && (mach_) <= x86X )
@@ -62,6 +63,8 @@ enum MACHTYPE {MACHOther, IbmPwr3, IbmPwr4, IbmPwr5, PPCG4, PPCG5,
( (mach_) == ARMv7 )
#define MachIsS390(mach_) \
( (mach_) >= IbmZ9 && (mach_) <= IbmZ196 )
+#define MachIsAARCH64(mach_) \
+ ( (mach_) == AARCH64 )
static char *f2c_namestr[5] = {"UNKNOWN","Add_", "Add__", "NoChange", "UpCase"};
@@ -83,13 +86,13 @@ enum ISAEXT
{ISA_None=0, ISA_VSX, ISA_AV, ISA_AVXMAC, ISA_AVXFMA4, ISA_AVX,
ISA_SSE3, ISA_SSE2, ISA_SSE1, ISA_3DNow, ISA_NEON};
-#define NASMD 9
+#define NASMD 10
enum ASMDIA
{ASM_None=0, gas_x86_32, gas_x86_64, gas_sparc, gas_ppc, gas_parisc,
- gas_mips, gas_arm, gas_s390};
+ gas_mips, gas_arm, gas_s390, gas_aarch64};
static char *ASMNAM[NASMD] =
{"", "GAS_x8632", "GAS_x8664", "GAS_SPARC", "GAS_PPC", "GAS_PARISC",
- "GAS_MIPS", "GAS_ARM", "GAS_S390"};
+ "GAS_MIPS", "GAS_ARM", "GAS_S390", "GAS_AARCH64"};
/*
* Used for archinfo probes (can pack in bitfield)
diff --git a/CONFIG/src/Makefile b/CONFIG/src/Makefile
index 8eb38f7..afad1bc 100644
--- a/CONFIG/src/Makefile
+++ b/CONFIG/src/Makefile
@@ -260,6 +260,11 @@ IRun_BINDP :
redir=config0.out
- cat config0.out
+IRun_GAS_AARCH64 :
+ $(CC) $(CCFLAGS) -o xprobe_gas_aarch64 $(SRCdir)/backend/probe_this_asm.c $(SRCdir)/backend/probe_gas_aarch64.S
+ $(MAKE) $(atlrun) atldir=$(mydir) exe=xprobe_gas_aarch64 args="$(args)" \
+ redir=config0.out
+ - cat config0.out
IRun_GAS_S390 :
$(CC) $(CCFLAGS) -o xprobe_gas_s390 $(SRCdir)/backend/probe_this_asm.c $(SRCdir)/backend/probe_gas_s390.S
$(MAKE) $(atlrun) atldir=$(mydir) exe=xprobe_gas_s390 args="$(args)" \
diff --git a/CONFIG/src/SpewMakeInc.c b/CONFIG/src/SpewMakeInc.c
index 65d68a1..f5eb467 100644
--- a/CONFIG/src/SpewMakeInc.c
+++ b/CONFIG/src/SpewMakeInc.c
@@ -391,6 +391,8 @@ char *GetPtrbitsFlag(enum OSTYPE OS, enum MACHTYPE arch, int ptrbits,
if (MachIsIA64(arch))
return(sp);
+ if (MachIsAARCH64(arch))
+ return(sp);
if (MachIsMIPS(arch))
return((ptrbits == 64) ? "-mabi=64" : "-mabi=n32");
if (MachIsS390(arch))
diff --git a/CONFIG/src/atlcomp.txt b/CONFIG/src/atlcomp.txt
index 5bf32d9..5e0c538 100644
--- a/CONFIG/src/atlcomp.txt
+++ b/CONFIG/src/atlcomp.txt
@@ -263,6 +263,17 @@ MACH=ARMv7 OS=ALL LVL=1000 COMPS=dmc,dkc
MACH=ARMv7 OS=ALL LVL=1000 COMPS=f77
'gfortran' '-mcpu=cortex-a8 -mfpu=vfpv3 -mfloat-abi=softfp -O'
#
+# AArch64 defaults
+#
+MACH=AARCH64 OS=ALL LVL=1000 COMPS=xcc
+ 'gcc' '-O2'
+MACH=AARCH64 OS=ALL LVL=1000 COMPS=smc,skc,gcc,icc
+ 'gcc' '-O2'
+MACH=AARCH64 OS=ALL LVL=1000 COMPS=dmc,dkc
+ 'gcc' '-O2'
+MACH=AARCH64 OS=ALL LVL=1000 COMPS=f77
+ 'gfortran' '-O'
+#
# Generic defaults
#
MACH=ALL OS=ALL LVL=5 COMPS=icc,smc,dmc,skc,dkc,xcc,gcc
diff --git a/CONFIG/src/atlconf_misc.c b/CONFIG/src/atlconf_misc.c
index b669e8e..f7af4a8 100644
--- a/CONFIG/src/atlconf_misc.c
+++ b/CONFIG/src/atlconf_misc.c
@@ -481,6 +481,7 @@ enum ARCHFAM ProbeArchFam(char *targ)
else if (strstr(res, "ia64")) fam = AFIA64;
else if (strstr(res, "mips")) fam = AFMIPS;
else if (strstr(res, "arm")) fam = AFARM;
+ else if (strstr(res, "aarch64")) fam = AFAARCH64;
else if (strstr(res, "s390")) fam = AFS390;
else if ( strstr(res, "i686") || strstr(res, "i586") ||
strstr(res, "i486") || strstr(res, "i386") ||
@@ -506,6 +507,7 @@ enum ARCHFAM ProbeArchFam(char *targ)
strstr(res, "x86_64") ) fam = AFX86;
else if (strstr(res, "mips")) fam = AFMIPS;
else if (strstr(res, "arm")) fam = AFARM;
+ else if (strstr(res, "aarch64")) fam = AFAARCH64;
else if (strstr(res, "s390")) fam = AFS390;
free(res);
}
diff --git a/CONFIG/src/backend/Make.ext b/CONFIG/src/backend/Make.ext
index 9f236f6..918a053 100644
--- a/CONFIG/src/backend/Make.ext
+++ b/CONFIG/src/backend/Make.ext
@@ -57,6 +57,8 @@ probe_gas_arm.S : $(basf)
$(extC) -b $(basf) -o probe_gas_arm.S rout=probe_gas_arm.S
probe_gas_s390.S : $(basf)
$(extC) -b $(basf) -o probe_gas_s390.S rout=probe_gas_s390.S
+probe_gas_aarch64.S : $(basf)
+ $(extC) -b $(basf) -o probe_gas_aarch64.S rout=probe_gas_aarch64.S
probe_AVXMAC.S : $(basf)
$(extC) -b $(basf) -o probe_AVXMAC.S rout=probe_AVXMAC.S
probe_AVXFMA4.S : $(basf)
diff --git a/CONFIG/src/backend/archinfo_linux.c b/CONFIG/src/backend/archinfo_linux.c
index d3d3fd8..4c419a3 100644
--- a/CONFIG/src/backend/archinfo_linux.c
+++ b/CONFIG/src/backend/archinfo_linux.c
@@ -248,6 +248,14 @@ enum MACHTYPE ProbeArch()
free(res);
}
break;
+ case AFAARCH64:
+ res = atlsys_1L(NULL, "fgrep 'Processor' /proc/cpuinfo", 0, 0);
+ if (res)
+ {
+ if (strstr(res, "AArch64")) mach = AARCH64;
+ free(res);
+ }
+ break;
default:
#if 0
if (!CmndOneLine(NULL, "fgrep 'cpu family' /proc/cpuinfo", res))
diff --git a/CONFIG/src/backend/probe_gas_aarch64.S b/CONFIG/src/backend/probe_gas_aarch64.S
new file mode 100644
index 0000000..d4c3d68
--- /dev/null
+++ b/CONFIG/src/backend/probe_gas_aarch64.S
@@ -0,0 +1,14 @@
+#define ATL_GAS_AARCH64
+#include "atlas_asm.h"
+#
+# Linux AArch64 assembler for:
+# int asm_probe(int i)
+# RETURNS: i*3
+#
+.text
+.globl ATL_asmdecor(asm_probe)
+.type ATL_asmdecor(asm_probe), %function
+ATL_asmdecor(asm_probe):
+ add w0, w0, w0, LSL #1
+ ret
+.size ATL_asmdecor(asm_probe),.-ATL_asmdecor(asm_probe)
diff --git a/CONFIG/src/probe_comp.c b/CONFIG/src/probe_comp.c
index 48f518d..3d5aa3b 100644
--- a/CONFIG/src/probe_comp.c
+++ b/CONFIG/src/probe_comp.c
@@ -578,7 +578,7 @@ char *GetPtrbitsFlag(enum OSTYPE OS, enum MACHTYPE arch, int ptrbits,
char *sp = "";
int i, j, k;
- if (MachIsIA64(arch))
+ if (MachIsIA64(arch) || MachIsAARCH64(arch))
return(sp);
if (MachIsMIPS(arch))
return((ptrbits == 64) ? "-mabi=64" : "-mabi=n32");
diff --git a/include/atlas_genparse.h b/include/atlas_genparse.h
index 1955687..909a38e 100644
--- a/include/atlas_genparse.h
+++ b/include/atlas_genparse.h
@@ -6,13 +6,13 @@
#include <assert.h>
#include <string.h>
#include <ctype.h>
-#define NASMD 9
+#define NASMD 10
enum ASMDIA
{ASM_None=0, gas_x86_32, gas_x86_64, gas_sparc, gas_ppc, gas_parisc,
- gas_mips, gas_arm, gas_s390};
+ gas_mips, gas_arm, gas_s390, gas_aarch64};
static char *ASMNAM[NASMD] =
{"", "GAS_x8632", "GAS_x8664", "GAS_SPARC", "GAS_PPC", "GAS_PARISC",
- "GAS_MIPS", "GAS_ARM", "GAS_S390"};
+ "GAS_MIPS", "GAS_ARM", "GAS_S390", "GAS_AARCH64"};
/*
* Basic data structure for forming queues with some minimal info
*/

17
SOURCES/atlas-affinity.patch
Unescape View File

@ -0,0 +1,17 @@ @@ -0,0 +1,17 @@
diff -up wrk/src/threads/ATL_thread_start.c.wrk wrk/src/threads/ATL_thread_start.c
--- wrk/src/threads/ATL_thread_start.c.wrk 2013-09-23 13:46:51.881085276 +0200
+++ wrk/src/threads/ATL_thread_start.c 2013-09-24 16:13:59.021065418 +0200
@@ -101,9 +101,10 @@ int ATL_thread_start(ATL_thread_t *thr,
ATL_assert(!pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED));
pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM); /* no chk, OK to fail */
#ifdef ATL_PAFF_SETAFFNP
- CPU_ZERO(&cpuset);
- CPU_SET(affID, &cpuset);
- ATL_assert(!pthread_attr_setaffinity_np(&attr, sizeof(cpuset), &cpuset));
+ //affinity crashes a machine with fewer processors than the builder
+ //CPU_ZERO(&cpuset);
+ //CPU_SET(affID, &cpuset);
+ //ATL_assert(!pthread_attr_setaffinity_np(&attr, sizeof(cpuset), &cpuset));
#elif defined(ATL_PAFF_SETPROCNP)
ATL_assert(!pthread_attr_setprocessor_np(&attr, (pthread_spu_t)affID,
PTHREAD_BIND_FORCED_NP));

50
SOURCES/atlas-fedora-arm.patch
Unescape View File

@ -0,0 +1,50 @@ @@ -0,0 +1,50 @@
--- CONFIG/include/atlconf.h 2011-05-14 13:33:24.000000000 -0400
+++ CONFIG/include/atlconf.h.new 2011-08-30 14:25:41.427136391 -0400
@@ -16,7 +16,7 @@
enum ARCHFAM {AFOther=0, AFPPC, AFSPARC, AFALPHA, AFX86, AFIA64, AFMIPS};
-#define NMACH 37
+#define NMACH 38
static char *machnam[NMACH] =
{"UNKNOWN", "POWER3", "POWER4", "POWER5", "PPCG4", "PPCG5",
"POWER6", "POWER7",
@@ -25,7 +25,7 @@
"Efficeon", "K7", "HAMMER", "AMD64K10h", "UNKNOWNx86",
"IA64Itan", "IA64Itan2",
"USI", "USII", "USIII", "USIV", "UST2", "UnknownUS",
- "MIPSR1xK", "MIPSICE9"};
+ "MIPSR1xK", "MIPSICE9", "ARM"};
enum MACHTYPE {MACHOther, IbmPwr3, IbmPwr4, IbmPwr5, PPCG4, PPCG5,
IbmPwr6, IbmPwr7,
IntP5, IntP5MMX, IntPPRO, IntPII, IntPIII, IntPM, IntCoreS,
@@ -34,7 +34,8 @@
IA64Itan, IA64Itan2,
SunUSI, SunUSII, SunUSIII, SunUSIV, SunUST2, SunUSX,
MIPSR1xK, /* includes R10K, R12K, R14K, R16K */
- MIPSICE9 /* SiCortex ICE9 -- like MIPS5K */
+ MIPSICE9, /* SiCortex ICE9 -- like MIPS5K */
+ ARM
};
#define MachIsX86(mach_) \
( (mach_) >= IntP5 && (mach_) <= x86X )
@@ -51,6 +52,8 @@
#endif
#define MachIsPPC(mach_) \
( (mach_) >= PPCG4 && (mach_) <= PPCG5 )
+#define MachIsARM(mach_) \
+ ( (mach_) == ARM )
static char *f2c_namestr[5] = {"UNKNOWN","Add_", "Add__", "NoChange", "UpCase"};
static char *f2c_intstr[5] =
--- CONFIG/src/probe_comp.c 2011-05-14 13:33:24.000000000 -0400
+++ CONFIG/src/probe_comp.c.new 2011-08-30 14:28:31.103015151 -0400
@@ -507,6 +507,8 @@
if (MachIsIA64(arch))
return(sp);
+ if (MachIsARM(arch))
+ return(sp);
if (MachIsMIPS(arch))
return((ptrbits == 64) ? "-mabi=64" : "-mabi=n32");
if (!CompIsGcc(comp))

14
SOURCES/atlas-genparse.patch
Unescape View File

@ -0,0 +1,14 @@ @@ -0,0 +1,14 @@
diff --git a/include/atlas_genparse.h b/include/atlas_genparse.h
index 909a38e..1e6d153 100644
--- a/include/atlas_genparse.h
+++ b/include/atlas_genparse.h
@@ -163,7 +163,8 @@ static int GetDoubleArr(char *str, int N, double *d)
if (!str)
break;
str++;
- assert(sscanf(str, "%le", d+i) == 1);
+ if (sscanf(str, "%le", d+i) != 1)
+ break;
i++;
}
return(i);

16
SOURCES/atlas-melf.patch
Unescape View File

@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@
diff --git a/CONFIG/src/SpewMakeInc.c b/CONFIG/src/SpewMakeInc.c
index eed259e..65d68a1 100644
--- a/CONFIG/src/SpewMakeInc.c
+++ b/CONFIG/src/SpewMakeInc.c
@@ -764,9 +764,9 @@ int main(int nargs, char **args)
else
{
if (ptrbits == 32)
- fprintf(fpout, " -melf_i386");
+ fprintf(fpout, " -Wl,-melf_i386");
else if (ptrbits == 64)
- fprintf(fpout, " -melf_x86_64");
+ fprintf(fpout, " -Wl,-melf_x86_64");
if (OS == OSFreeBSD)
fprintf(fpout, "_fbsd");
}

23
SOURCES/atlas-s390port.patch
Unescape View File

@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
---
CONFIG/src/backend/probe_gas_s390.S | 13 +++++++++
10 files changed, 108 insertions(+), 7 deletions(-)

Index: b/CONFIG/src/backend/probe_gas_s390.S
===================================================================
--- /dev/null
+++ b/CONFIG/src/backend/probe_gas_s390.S
@@ -0,0 +1,13 @@
+#define ATL_GAS_PPC
+#include "atlas_asm.h"
+/*
+ * Linux S390 assembler for:
+ * int asm_probe(int i)
+ * RETURNS: i*3
+ */
+.globl ATL_asmdecor(asm_probe)
+ATL_asmdecor(asm_probe):
+ lr r3,r2
+ ar r2,r3
+ ar r2,r3
+ br r14

40
SOURCES/atlas-shared_libraries.patch
Unescape View File

@ -0,0 +1,40 @@ @@ -0,0 +1,40 @@
From 3119c671c566761a79ac98405cb619892acde3e8 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Fri, 20 Sep 2013 09:26:58 +0200
Subject: [PATCH] atlas-shared_libraries

---
ATLAS/makes/Make.lib | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ATLAS/makes/Make.lib b/ATLAS/makes/Make.lib
index ab1eb9963d36678972a0a410905169aaa563dc64..27c6e316b442e09b0f46afac7940aaa11e25e45c 100644
--- a/ATLAS/makes/Make.lib
+++ b/ATLAS/makes/Make.lib
@@ -4,6 +4,8 @@ mySRCdir = $(SRCdir)/lib
#
# override with libatlas.so only when atlas is built to one lib
#
+so_ver_major=3
+so_ver = $(so_ver_major).10
DYNlibs = liblapack.so libf77blas.so libcblas.so libatlas.so
PTDYNlibs = liblapack.so libptf77blas.so libptcblas.so libatlas.so
CDYNlibs = liblapack.so libcblas.so libatlas.so
@@ -116,9 +118,12 @@ LDTRY:
-rpath-link $(LIBINSTdir) \
--whole-archive $(libas) --no-whole-archive $(LIBS)
GCCTRY:
- $(GOODGCC) -shared -o $(outso) \
- -Wl,"rpath-link $(LIBINSTdir)" \
+ $(GOODGCC) -shared -o $(outso).$(so_ver) \
+ \
+ -Wl,-soname,"$(outso).$(so_ver_major)" \
-Wl,--whole-archive $(libas) -Wl,--no-whole-archive $(LIBS)
+ ln -s $(outso).$(so_ver) $(outso).$(so_ver_major)
+ ln -s $(outso).$(so_ver) $(outso)
GCCTRY_norp:
$(GOODGCC) -shared -o $(outso) \
-Wl,--whole-archive $(libas) -Wl,--no-whole-archive $(LIBS)
--
1.8.3.1

12
SOURCES/atlas-throttling.patch
Unescape View File

@ -0,0 +1,12 @@ @@ -0,0 +1,12 @@
diff -up ATLAS/CONFIG/src/config.c.zaloha ATLAS/CONFIG/src/config.c
--- ATLAS/CONFIG/src/config.c.zaloha 2012-10-25 11:29:02.495425989 +0200
+++ ATLAS/CONFIG/src/config.c 2012-10-25 11:42:10.218216957 +0200
@@ -711,6 +711,8 @@ int ProbePtrbits(int verb, char *targarg
int ProbeCPUThrottle(int verb, char *targarg, enum OSTYPE OS, enum ASMDIA asmb)
{
+ return 0; /* impossible to turn off cpu throttling => ignore */
+ /* this undermines performance of compiled library */
int i, iret;
char *ln;
i = strlen(targarg) + 22 + 12;

9
SOURCES/pam_atd
Unescape View File

@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
# The PAM configuration file for the at daemon
#
#
auth required pam_env.so
auth include password-auth
account required pam_access.so
account include password-auth
session required pam_loginuid.so
session include password-auth

267
SPECS/at.spec
Unescape View File

@ -0,0 +1,267 @@ @@ -0,0 +1,267 @@
%bcond_without pam
%global _hardened_build 1

Summary: Job spooling tools
Name: at
Version: 3.1.13
Release: 23%{?dist}
# http://packages.debian.org/changelogs/pool/main/a/at/current/copyright
# + install-sh is MIT license with changes under Public Domain
License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain
Group: System Environment/Daemons
URL: http://ftp.debian.org/debian/pool/main/a/at

Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz
# git upstream source git://git.debian.org/git/collab-maint/at.git
Source1: pam_atd
Source2: atd.init
Source3: atd.sysconf
Source5: atd.systemd

Patch1: at-3.1.13-makefile.patch
Patch2: at-3.1.12-opt_V.patch
Patch3: at-3.1.12-shell.patch
Patch4: at-3.1.13-nitpicks.patch
Patch5: at-3.1.13-pam.patch
Patch6: at-3.1.13-selinux.patch
Patch7: at-3.1.12-nowrap.patch
Patch8: at-3.1.12-fix_no_export.patch
Patch9: at-3.1.13-mailwithhostname.patch
Patch10: at-3.1.13-usePOSIXtimers.patch
Patch11: at-3.1.13-help.patch
Patch12: at-3.1.10-filter-environment.patch
Patch13: at-3.1.13-fclose-error.patch
Patch14: at-3.1.13-clear-nonjobs.patch
Patch15: at-3.1.13-utc-dst.patch
Patch16: at-3.1.13-document-n.patch
Patch17: at-3.1.13-aborted-jobs.patch

BuildRequires: fileutils /etc/init.d
BuildRequires: flex flex-static bison autoconf
BuildRequires: libselinux-devel >= 1.27.9
BuildRequires: perl(Test::Harness)
BuildRequires: perl(Test::More)

%if %{with pam}
BuildRequires: pam-devel
%endif
Conflicts: crontabs <= 1.5
# No, I'm not kidding
BuildRequires: smtpdaemon

Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units

%description
At and batch read commands from standard input or from a specified
file. At allows you to specify that a command will be run at a
particular time. Batch will execute commands when the system load
levels drop to a particular level. Both commands use user's shell.

You should install the at package if you need a utility for
time-oriented job control. Note: If it is a recurring job that will
need to be repeated at the same time every day/week, etc. you should
use crontab instead.

%package sysvinit
Summary: SysV init script for at
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}
Requires(post): /sbin/chkconfig

%description sysvinit
SysV style init script for at. It needs to be installed only if systemd
is not used as the system init process.

%prep
%setup -q
cp %{SOURCE1} .
%patch1 -p1 -b .make
%patch2 -p1 -b .opt_V
%patch3 -p1 -b .shell
%patch4 -p1 -b .nit
%patch5 -p1 -b .pam
%patch6 -p1 -b .selinux
%patch7 -p1 -b .nowrap
%patch8 -p1 -b .export
%patch9 -p1 -b .mail
%patch10 -p1 -b .posix
%patch11 -p1 -b .help
%patch12 -p1 -b .filter-environment
%patch13 -p1 -b .fclose
%patch14 -p1 -b .clear-nonjobs
%patch15 -p1 -b .dst
%patch16 -p1 -b .document-n
%patch17 -p1 -b .aborted-jobs

%build
# patch9 touches configure.in
autoconf
# clean old pregenerated files
rm -f lex.yy.* y.tab.*
%configure --with-atspool=%{_localstatedir}/spool/at/spool \
--with-jobdir=%{_localstatedir}/spool/at \
--with-daemon_username=root \
--with-daemon_groupname=root \
--with-selinux \
%if %{with pam}
--with-pam
%endif

make

%install
make install \
DAEMON_USERNAME=`id -nu`\
DAEMON_GROUPNAME=`id -ng` \
DESTDIR=%{buildroot}\
sbindir=%{buildroot}%{_prefix}/sbin\
bindir=%{buildroot}%{_bindir}\
prefix=%{buildroot}%{_prefix}\
exec_prefix=%{buildroot}%{_prefix}\
docdir=%{buildroot}/usr/doc\
mandir=%{buildroot}%{_mandir}\
etcdir=%{buildroot}%{_sysconfdir} \
ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \
ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \
INSTALL_ROOT_USER=`id -nu` \
INSTALL_ROOT_GROUP=`id -nu`;

echo > %{buildroot}%{_sysconfdir}/at.deny
mkdir docs
cp %{buildroot}/%{_prefix}/doc/at/* docs/

mkdir -p %{buildroot}%{_sysconfdir}/pam.d
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd

mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/atd

mkdir -p %{buildroot}/etc/sysconfig
install -m 644 %{SOURCE3} %{buildroot}/etc/sysconfig/atd

# install systemd initscript
mkdir -p %{buildroot}/%{_unitdir}/
install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/atd.service

# remove unpackaged files from the buildroot
rm -r %{buildroot}%{_prefix}/doc

%check
make test

%post
touch %{_localstatedir}/spool/at/.SEQ
chmod 600 %{_localstatedir}/spool/at/.SEQ
chown root:root %{_localstatedir}/spool/at/.SEQ
%systemd_post atd.service

%preun
%systemd_preun atd.service

%postun
%systemd_postun_with_restart atd.service

%triggerun -- at < 3.1.12-6
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply atd
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save atd

# The package is allowed to autostart:
/bin/systemctl enable atd.service >/dev/null 2>&1

/sbin/chkconfig --del atd >/dev/null 2>&1 || :
/bin/systemctl try-restart atd.service >/dev/null 2>&1 || :
/bin/systemctl daemon-reload >/dev/null 2>&1 || :

%triggerpostun -n at-sysvinit -- at < 3.1.12-9
/sbin/chkconfig --add atd >/dev/null 2>&1 || :

%files
%doc docs/*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd
%attr(0700,root,root) %dir %{_localstatedir}/spool/at
%attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ
%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd
%{_sbindir}/atrun
%attr(0755,root,root) %{_sbindir}/atd
%{_mandir}/man*/*
%{_bindir}/batch
%{_bindir}/atrm
%{_bindir}/atq
%attr(4755,root,root) %{_bindir}/at
%attr(0644,root,root) /%{_unitdir}/atd.service

%files sysvinit
%attr(0755,root,root) %{_initrddir}/atd

%changelog
* Thu Sep 14 2017 Tomáš Mráz <tmraz@redhat.com> - 3.1.13-23
- fix the ownership of the spool directory (#1414228)
- document the -n option of atd (#739870)
- fix handling of the aborted jobs (due to possibly
temporary conditions) and avoid flooding the syslog

* Mon May 23 2016 Tomáš Mráz <tmraz@redhat.com> - 3.1.13-22
- SIGPIPE should not be ignored in atd (#1338039)

* Wed Apr 20 2016 Tomáš Mráz <tmraz@redhat.com> - 3.1.13-21
- correct the DST correction when using UTC time specification (#1328832)
- clear non-job files from at dir and test for write error on fclose
to fix bogus syslog messages

* Mon Jun 22 2015 Tomáš Mráz <tmraz@redhat.com> - 3.1.13-20
- build the package with hardening flags (PIE, full RELRO)

* Fri Oct 3 2014 Tomáš Mráz <tmraz@redhat.com> - 3.1.13-18
- filter environment variables not acceptable in bash input

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.1.13-17
- Mass rebuild 2014-01-24

* Thu Jan 09 2014 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-16
- the correct solution is remove smp_flags, they don't work properly on ppc with
the option mpower7
- Related: rhbz#1048745

* Mon Jan 06 2014 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-15
- remove old changelogs
- ppc fail to rebuild package
- Resolves: rhbz#1048745

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 3.1.13-14
- Mass rebuild 2013-12-27

* Thu Jul 11 2013 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-13
- rebuild with ? in dist
- Resolves: rhbz#983255

* Mon Feb 11 2013 Peter Robinson <pbrobinson@fedoraproject.org> 3.1.13-12
- Fix patch to fix FTBFS with gcc 4.8

* Wed Nov 14 2012 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-11
- fix license field again

* Thu Nov 1 2012 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-10
- fix license field
- fix systemd macros in scriptlets part of the specfile
- fix selinux patch to apply without fuzz=2

* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Tue Apr 17 2012 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.13-8
- at-3.1.13-mailwithhostname.patch in email mention also hostname address
- at-3.1.13-usePOSIXtimers.patch use POSIX timers, so we won't need
pm-utils hack anymore
- at-3.1.13-help.patch update usage
- systemd-user-sessions.service is used in unit file, so the atd should be
started after almost all services are up and running
- 812682 pam support work with new systemd defaults

* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
Write Preview
Loading…
Cancel
Save