powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity

augeas package update 

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64bebuilder0 2018-06-02 12:30:21 +02:00
parent d6d5f6e299
commit a32ec2198c
17 changed files with 4236 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
SOURCES/0001-Syslog-restored-Augeas-1.1.0-tree-compatibility-for-.patch Normal file
View File

@ -0,0 +1,100 @@
From 706266780350ba61d36ec387dc18e9f4764ed872 Mon Sep 17 00:00:00 2001
From: Yanis Guenane <yguenane@gmail.com>
Date: Sun, 8 Sep 2013 09:30:17 -0400
Subject: [PATCH] Syslog: restored Augeas 1.1.0 tree compatibility for UDP
hosts

UDP host entries don't require the { "protocol" = "@" } node, it's only
used for TCP hosts.
---
lenses/syslog.aug | 10 +++++++---
lenses/tests/test_rsyslog.aug | 1 -
lenses/tests/test_syslog.aug | 7 +++----
3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/lenses/syslog.aug b/lenses/syslog.aug
index f8b99c40..17c0f903 100644
--- a/lenses/syslog.aug
+++ b/lenses/syslog.aug
@@ -66,6 +66,10 @@ module Syslog =
Deletes a semicolon and default to it
*)
let semicolon = sep_tab_opt . Util.del_str ";" . sep_tab_opt
+ (* Variable: at
+ Deletes a at and default to it
+ *)
+ let at = Util.del_str "@"
(* Variable: dot
Deletes a dot and default to it
*)
@@ -105,10 +109,10 @@ module Syslog =
let comparison = /(!|[<=>]+|![<=>]+)/

(* Variable: protocol
- @ means UDP
+ @ means UDP (removed, no protocol node is used for compatibility with 1.1.0)
@@ means TCP
*)
- let protocol = /@{1,2}/
+ let protocol = /@@/

(* Variable: token
alphanum or "*"
@@ -185,7 +189,7 @@ module Syslog =
(* View: loghost
a loghost is an @ sign followed by the hostname and a possible port
*)
- let loghost = [label "protocol" . store protocol] . [ label "hostname" . store loghost_r ] .
+ let loghost = ([label "protocol" . store protocol] | at) . [ label "hostname" . store loghost_r ] .
(colon . [ label "port" . store /[0-9]+/ ] )?

(* View: users
diff --git a/lenses/tests/test_rsyslog.aug b/lenses/tests/test_rsyslog.aug
index e696139c..46b24c3c 100644
--- a/lenses/tests/test_rsyslog.aug
+++ b/lenses/tests/test_rsyslog.aug
@@ -86,7 +86,6 @@ test Rsyslog.lns get conf =
{ "level" = "*" }
}
{ "action"
- { "protocol" = "@" }
{ "hostname" = "2.7.4.1" }
}
}
diff --git a/lenses/tests/test_syslog.aug b/lenses/tests/test_syslog.aug
index 2ad1c165..329d121e 100644
--- a/lenses/tests/test_syslog.aug
+++ b/lenses/tests/test_syslog.aug
@@ -91,11 +91,11 @@ daemon.info /var/log/cvsupd.log
}
{ "entry"
{ "selector" { "facility" = "*" } { "level" = "*" } }
- { "action" { "protocol" = "@" } { "hostname" = "syslog.far.away" } }
+ { "action" { "hostname" = "syslog.far.away" } }
}
{ "entry"
{ "selector" { "facility" = "*" } { "level" = "*" } }
- { "action" { "protocol" = "@" } { "hostname" = "syslog.far.away" } { "port" = "123" } }
+ { "action" { "hostname" = "syslog.far.away" } { "port" = "123" } }
}
{ "entry"
{ "selector" { "facility" = "*" } { "level" = "*" } }
@@ -107,7 +107,7 @@ daemon.info /var/log/cvsupd.log
}
{ "entry"
{ "selector" { "facility" = "*" } { "level" = "*" } }
- { "action" { "protocol" = "@" } { "hostname" = "[2001::1]" } { "port" = "514" } }
+ { "action" { "hostname" = "[2001::1]" } { "port" = "514" } }
}
{ "entry"
{ "selector" { "facility" = "*" } { "level" = "*" } }
@@ -260,7 +260,6 @@ daemon.info /var/log/cvsupd.log
(* changing file to remote host *)
test Syslog.lns put "*.* /var\n" after
rm "/entry/action/file" ;
- set "/entry/action/protocol" "@" ;
set "/entry/action/hostname" "far.far.away"
= "*.* @far.far.away\n"

--
2.13.6

85
SOURCES/0002-Revert-Use-Quote-module-in-dovecot.patch Normal file
View File

@ -0,0 +1,85 @@
From 2765da41b09cdfcf2f28653a484462ee7109116a Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Fri, 12 Jun 2015 09:32:56 +0100
Subject: [PATCH] Revert "Use Quote module in dovecot"

This reverts commit 735caf587959019d214a51a7c0cce57da9bb88f6 for
compatibility with Augeas 1.1.0.

Values will have quotes in them as they did in 1.1.0, not stripped out.

Conflicts:
lenses/dovecot.aug
---
lenses/dovecot.aug | 28 +++++-----------------------
lenses/tests/test_dovecot.aug | 2 +-
2 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/lenses/dovecot.aug b/lenses/dovecot.aug
index f7afc8f9..c6376e4b 100644
--- a/lenses/dovecot.aug
+++ b/lenses/dovecot.aug
@@ -56,6 +56,9 @@ let value = any . (Rx.space . any)*
(* View: command_start *)
let command_start = Util.del_str "!"

+(* View: block_args
+Map block arguments after block name and before "{" *)
+let block_args = Sep.space . store /([A-Za-z0-9\/\\_-]+|\"[A-Za-z0-9 ]*\")/

(******************************************************************
* Group: ENTRIES
@@ -79,28 +82,7 @@ let entry = [ indent . key keys. eq . (Sep.opt_space . store value)? . eol ]
Map commands started with "!". *)
let command = [ command_start . key commands . Sep.space . store Rx.fspath . eol ]

-(*
-View: dquote_spaces
- Make double quotes mandatory if value contains spaces,
- and optional if value doesn't contain spaces.
-
-Based off Quote.dquote_spaces
-
-Parameters:
- lns1:lens - the lens before
- lns2:lens - the lens after
-*)
-let dquote_spaces (lns1:lens) (lns2:lens) =
- (* bare has no spaces, and is optionally quoted *)
- let bare = Quote.do_dquote_opt (store /[^" \t\n]+/)
- (* quoted has at least one space, and must be quoted *)
- in let quoted = Quote.do_dquote (store /[^"\n]*[ \t]+[^"\n]*/)
- in [ lns1 . bare . lns2 ] | [ lns1 . quoted . lns2 ]
-
-let mailbox = indent
- . dquote_spaces
- (key /mailbox/ . Sep.space)
- (Build.block_newlines_spc entry comment . eol)
+let mailbox = [ indent . key /mailbox/ . block_args? . Build.block_newlines_spc (entry) comment . eol ]

let block_ldelim_newlines_re = /[ \t]+\{([ \t\n]*\n)?/

@@ -114,7 +96,7 @@ let block_newlines (entry:lens) (comment:lens) =
Map block enclosed in brackets recursively.
Block may be indented and have optional argument.
Block body may have entries, comments, empty lines, and nested blocks recursively. *)
-let rec block = [ indent . key block_names . (Sep.space . Quote.do_dquote_opt (store /[\/A-Za-z0-9_-]+/))? . block_newlines (entry|block|mailbox) comment . eol ]
+let rec block = [ indent . key block_names . block_args? . block_newlines (entry|block|mailbox) comment . eol ]


(******************************************************************
diff --git a/lenses/tests/test_dovecot.aug b/lenses/tests/test_dovecot.aug
index 33ea16f1..8e8c083b 100644
--- a/lenses/tests/test_dovecot.aug
+++ b/lenses/tests/test_dovecot.aug
@@ -536,7 +536,7 @@ test Dovecot.lns get mail_conf =
{ "hidden" = "no" }
{ "list" = "yes" }
{ "subscriptions" = "yes" }
- { "mailbox" = "Sent Messages"
+ { "mailbox" = "\"Sent Messages\""
{ "special_use" = "\Sent" }
}
}
--
2.13.6

142
SOURCES/0003-Revert-Jaas-add-several-improvements-to-cover-more-v.patch Normal file
View File

@ -0,0 +1,142 @@
From cd586dfa4ade4ea574aae0fa6ac034c07c77b25a Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Fri, 12 Jun 2015 09:47:48 +0100
Subject: [PATCH] Revert "Jaas: add several improvements to cover more valid
syntax"

This partially reverts commit d17f2fbc30a52edb3719fc6df4c24f01552dd203
for compatibility with Augeas 1.1.0.

Trailing semicolons remain part of the last value. Only support for
"naked" booleans has been kept from 1.4.0.

Conflicts:
NEWS
---
lenses/jaas.aug | 29 ++++++++++++-----------------
lenses/tests/test_jaas.aug | 21 ++++++++++-----------
2 files changed, 22 insertions(+), 28 deletions(-)

diff --git a/lenses/jaas.aug b/lenses/jaas.aug
index 4f06bad9..a13682e3 100644
--- a/lenses/jaas.aug
+++ b/lenses/jaas.aug
@@ -1,36 +1,31 @@
(* Module Jaas *)
-(* Original Author: Simon Vocella <voxsim@gmail.com> *)
-(* Updated by: Steve Shipway <steve@steveshipway.org> *)
-(* Changes: allow comments within Modules, allow optionless flags, *)
-(* allow options without linebreaks, allow naked true/false options *)
-(* Trailing ';' terminator should not be included in option value *)
-(* Note: requires latest Util.aug for multiline comments to work *)
+(* Author: Simon Vocella <voxsim@gmail.com> *)

module Jaas =

autoload xfm

let space_equal = del (/[ \t]*/ . "=" . /[ \t]*/) (" = ")
-let lbrace = del (/[ \t\n]*\{[ \t]*\n/) " {\n"
-let rbrace = del (/[ \t]*}[ \t]*;/) " };"
+let lbrace = del (/[ \t\n]*/ . "{") "{"
+let rbrace = del ("};") "};"
let word = /[A-Za-z0-9_.-]+/
-let wsnl = del (/[ \t\n]+/) ("\n")
-let endflag = del ( /[ \t]*;/ ) ( ";" )
+let wordonly = /[A-Za-z0-9_.-]+;/

let value_re =
let value_squote = /'[^\n']*'/
+ in let value_squote_2 = /'[^\n']*';/
in let value_dquote = /"[^\n"]*"/
- in let value_tf = /(true|false)/
- in value_squote | value_dquote | value_tf
+ in let value_dquote_2 = /"[^\n"]*";/
+ in let value_tf = /(true|false);/
+ in let value_tf_2 = /(true|false);/
+ in value_squote | value_squote_2 | value_dquote | value_dquote_2 | value_tf | value_tf_2

-let moduleOption = [ wsnl . key word . space_equal . (store value_re) ]
-let moduleSuffix = ( moduleOption | Util.eol . Util.comment_c_style | Util.comment_multiline )
-let flag = [ Util.del_ws_spc . label "flag" . (store word) . moduleSuffix* . endflag ]
-let loginModuleClass = [( Util.del_opt_ws "" . label "loginModuleClass" . (store word) . flag ) ]
+let moduleOption = [Util.del_opt_ws "" . key word . space_equal . (store value_re . Util.comment_or_eol)]
+let flag = [label "flag" . ((store word . Util.eol . moduleOption+) | (store wordonly . Util.eol))]
+let loginModuleClass = [Util.del_opt_ws "" . label "loginModuleClass" . (store word . Util.del_ws_spc) . flag]

let content = (Util.empty | Util.comment_c_style | Util.comment_multiline | loginModuleClass)*
let loginModule = [Util.del_opt_ws "" . label "login" . (store word . lbrace) . (content . rbrace)]
-
let lns = (Util.empty | Util.comment_c_style | Util.comment_multiline | loginModule)*
let filter = incl "/opt/shibboleth-idp/conf/login.config"
let xfm = transform lns filter
diff --git a/lenses/tests/test_jaas.aug b/lenses/tests/test_jaas.aug
index 5f2bfb13..d5ede698 100644
--- a/lenses/tests/test_jaas.aug
+++ b/lenses/tests/test_jaas.aug
@@ -54,7 +54,6 @@ ShibUserPassAuth {
serviceCredential = \"ldappassword\"
ssl = \"false\"
userField = \"uid\"
- // Example comment within definition
subtreeSearch = \"true\";
};

@@ -64,8 +63,9 @@ NetAccountAuth {
};

com.sun.security.jgss.krb5.initiate {
- // Test of omitted linebreaks and naked boolean
- com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true;
+ // Test of naked boolean
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=true;
};"

test Jaas.lns get conf =
@@ -90,6 +90,7 @@ test Jaas.lns get conf =
{ }
{ "login" = "ShibUserPassAuth"
{ }
+ { }
{ "#comment" = "Example LDAP authentication" }
{ "#comment" = "See: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass" }
{ "#mcomment"
@@ -116,29 +117,27 @@ test Jaas.lns get conf =
{ "serviceCredential" = "\"ldappassword\"" }
{ "ssl" = "\"false\"" }
{ "userField" = "\"uid\"" }
- { "#comment" = "Example comment within definition" }
- { "subtreeSearch" = "\"true\"" }
+ { "subtreeSearch" = "\"true\";" }
}
}
- { }
}
{ }
{ }
{ "login" = "NetAccountAuth"
+ { }
{ "#comment" = "Test of optionless flag" }
{ "loginModuleClass" = "nz.ac.auckland.jaas.Krb5LoginModule"
- { "flag" = "required" }
+ { "flag" = "required;" }
}
- { }
}
{ }
{ }
{ "login" = "com.sun.security.jgss.krb5.initiate"
- { "#comment" = "Test of omitted linebreaks and naked boolean" }
+ { }
+ { "#comment" = "Test of naked boolean" }
{ "loginModuleClass" = "com.sun.security.auth.module.Krb5LoginModule"
{ "flag" = "required"
- { "useTicketCache" = "true" }
+ { "useTicketCache" = "true;" }
}
}
- { }
}
--
2.13.6

50
SOURCES/0004-UpdateDB-autoload-etc-updatedb.conf-with-Simplevars.patch Normal file
View File

@ -0,0 +1,50 @@
From 898ea6cd04163b38aa59b0c3d9df23cf1837d425 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Fri, 12 Jun 2015 10:46:57 +0100
Subject: [PATCH] UpdateDB: autoload /etc/updatedb.conf with Simplevars

updatedb.conf was loaded with Simplevars in Augeas 1.1.0, so continue
for compatibility. Use aug_transform, augtool --transform etc. to use
the newer, different, UpdateDB lens.
---
lenses/simplevars.aug | 1 +
lenses/updatedb.aug | 8 --------
2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/lenses/simplevars.aug b/lenses/simplevars.aug
index ad9795f0..ff0602cc 100644
--- a/lenses/simplevars.aug
+++ b/lenses/simplevars.aug
@@ -41,6 +41,7 @@ let lns = (Util.empty | Util.comment | entry)*
(* Variable: filter *)
let filter = incl "/etc/kernel-img.conf"
. incl "/etc/kerneloops.conf"
+ . incl "/etc/updatedb.conf"
. incl "/etc/wgetrc"
. incl "/etc/zabbix/*.conf"
. incl "/etc/audit/auditd.conf"
diff --git a/lenses/updatedb.aug b/lenses/updatedb.aug
index 40cd26fb..c7309b16 100644
--- a/lenses/updatedb.aug
+++ b/lenses/updatedb.aug
@@ -22,8 +22,6 @@ About: Examples

module UpdateDB =

-autoload xfm
-
(* View: list
A list entry *)
let list =
@@ -41,9 +39,3 @@ let bool = [ key "PRUNE_BIND_MOUNTS" . Sep.space_equal
(* View: lns
The <UpdateDB> lens *)
let lns = (Util.empty|Util.comment|list|bool)*
-
-(* Variable: filter
- The filter *)
-let filter = incl "/etc/updatedb.conf"
-
-let xfm = transform lns filter
--
2.13.6

137
SOURCES/0005-Revert-Dnsmasq-add-structure-to-address-and-server-o.patch Normal file
View File

@ -0,0 +1,137 @@
From 94b0373abfcb4a6474ee9bb7866fe28f9bbe876d Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Fri, 12 Jun 2015 10:48:58 +0100
Subject: [PATCH] Revert "Dnsmasq: add structure to 'address' and 'server'
options"

This reverts commit 3e20740056bd548f714cd50e4adc6b76a249ddfc for tree
compatibility with Augeas 1.1.0. address and server options will be
unstructured.

Conflicts:
NEWS
---
lenses/dnsmasq.aug | 34 +++++++++----------------------
lenses/tests/test_dnsmasq.aug | 47 -------------------------------------------
2 files changed, 9 insertions(+), 72 deletions(-)

diff --git a/lenses/dnsmasq.aug b/lenses/dnsmasq.aug
index f7ef9070..e19aab83 100644
--- a/lenses/dnsmasq.aug
+++ b/lenses/dnsmasq.aug
@@ -17,42 +17,26 @@ module Dnsmasq =
* USEFUL PRIMITIVES
*************************************************************************)

-let eol = Util.eol
-let spc = Util.del_ws_spc
-let comment = Util.comment
-let empty = Util.empty
+let eol = Util.eol
+let spc = Util.del_ws_spc
+let comment = Util.comment
+let empty = Util.empty

-let sep_eq = Sep.equal
-let sto_to_eol = store /([^ \t\n].*[^ \t\n]|[^ \t\n])/
-
-let slash = Util.del_str "/"
-let sto_no_slash = store /([^\/ \t\n]+)/
-let domains = slash . [ label "domain" . sto_no_slash . slash ]+
+let sep_eq = del /=/ "="
+let sto_to_eol = store /([^ \t\n].*[^ \t\n]|[^ \t\n])/

(************************************************************************
- * SIMPLE ENTRIES
+ * ENTRIES
*************************************************************************)

-let entry_re = Rx.word - /(address|server)/
+let entry_re = /[A-Za-z0-9._-]+/
let entry = [ key entry_re . (sep_eq . sto_to_eol)? . eol ]

(************************************************************************
- * STRUCTURED ENTRIES
- *************************************************************************)
-
-let address = [ key "address" . sep_eq . domains . sto_no_slash . eol ]
-
-let server =
- let port = [ Build.xchgs "#" "port" . store Rx.integer ]
- in let source = [ Build.xchgs "@" "source" . store /[^#\/ \t\n]+/ . port? ]
- in let srv_spec = store /(#|([^#@\/ \t\n]+))/ . port? . source?
- in [ key "server" . sep_eq . domains? . srv_spec? . eol ]
-
-(************************************************************************
* LENS
*************************************************************************)

-let lns = (comment|empty|address|server|entry) *
+let lns = (comment|empty|entry) *

let filter = incl "/etc/dnsmasq.conf"
. incl "/etc/dnsmasq.d/*"
diff --git a/lenses/tests/test_dnsmasq.aug b/lenses/tests/test_dnsmasq.aug
index c6a63d96..0abfa6bd 100644
--- a/lenses/tests/test_dnsmasq.aug
+++ b/lenses/tests/test_dnsmasq.aug
@@ -6,16 +6,6 @@ let conf = "# Configuration file for dnsmasq.

conf-dir=/etc/dnsmasq.d
selfmx
-
-address=/foo.com/bar.net/10.1.2.3
-
-server=10.4.5.6#1234
-server=/bar.com/foo.net/10.7.8.9
-server=/foo.org/bar.org/10.3.2.1@eth0#5678
-server=/baz.org/#
-server=/baz.net/#@eth1
-server=10.6.5.4#1234@eth0#5678
-server=/qux.com/qux.net/
"

test Dnsmasq.lns get conf =
@@ -25,40 +15,3 @@ test Dnsmasq.lns get conf =
{}
{ "conf-dir" = "/etc/dnsmasq.d" }
{ "selfmx" }
- {}
- { "address" = "10.1.2.3"
- { "domain" = "foo.com" }
- { "domain" = "bar.net" }
- }
- {}
- { "server" = "10.4.5.6"
- { "port" = "1234" }
- }
- { "server" = "10.7.8.9"
- { "domain" = "bar.com" }
- { "domain" = "foo.net" }
- }
- { "server" = "10.3.2.1"
- { "domain" = "foo.org" }
- { "domain" = "bar.org" }
- { "source" = "eth0"
- { "port" = "5678" }
- }
- }
- { "server" = "#"
- { "domain" = "baz.org" }
- }
- { "server" = "#"
- { "domain" = "baz.net" }
- { "source" = "eth1" }
- }
- { "server" = "10.6.5.4"
- { "port" = "1234" }
- { "source" = "eth0"
- { "port" = "5678" }
- }
- }
- { "server"
- { "domain" = "qux.com" }
- { "domain" = "qux.net" }
- }
--
2.13.6

489
SOURCES/0006-Sshd-revert-Sshd-module-to-1.1.0-compatible-add-Sshd.patch Normal file
View File

@ -0,0 +1,489 @@
From 1c936bb38d39b238001364e1a7ee5479bdfff053 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Fri, 12 Jun 2015 11:01:57 +0100
Subject: [PATCH] Sshd: revert Sshd module to 1.1.0-compatible, add Sshd_140

In order to keep the default sshd config lens compatible with 1.1.0,
the lens from 1.4.0 has been kept in the Sshd_140 module and is not
loaded by default. Use aug_transform, augtool --transform etc. to use
it instead of Sshd.
---
lenses/sshd.aug | 52 ++++++---------
lenses/sshd_140.aug | 141 +++++++++++++++++++++++++++++++++++++++++
lenses/tests/test_sshd.aug | 56 ----------------
lenses/tests/test_sshd_140.aug | 136 +++++++++++++++++++++++++++++++++++++++
tests/Makefile.am | 1 +
5 files changed, 298 insertions(+), 88 deletions(-)
create mode 100644 lenses/sshd_140.aug
create mode 100644 lenses/tests/test_sshd_140.aug

diff --git a/lenses/sshd.aug b/lenses/sshd.aug
index 55f6c4f7..785102ec 100644
--- a/lenses/sshd.aug
+++ b/lenses/sshd.aug
@@ -70,55 +70,41 @@ module Sshd =

let sep = Util.del_ws_spc

- let indent = del /[ \t]*/ " "
-
let key_re = /[A-Za-z0-9]+/
- - /MACs|Match|AcceptEnv|Subsystem|Ciphers|KexAlgorithms|(Allow|Deny)(Groups|Users)/i
+ - /MACs|Match|AcceptEnv|Subsystem|(Allow|Deny)(Groups|Users)/

let comment = Util.comment
- let comment_noindent = Util.comment_noindent
let empty = Util.empty

- let array_entry (kw:regexp) (sq:string) =
+ let array_entry (k:string) =
let value = store /[^ \t\n]+/ in
- [ key kw . [ sep . seq sq . value]* . eol ]
+ [ key k . [ sep . seq k . value]* . eol ]

let other_entry =
let value = store /[^ \t\n]+([ \t]+[^ \t\n]+)*/ in
[ key key_re . sep . value . eol ]

- let accept_env = array_entry /AcceptEnv/i "AcceptEnv"
+ let accept_env = array_entry "AcceptEnv"

- let allow_groups = array_entry /AllowGroups/i "AllowGroups"
- let allow_users = array_entry /AllowUsers/i "AllowUsers"
- let deny_groups = array_entry /DenyGroups/i "DenyGroups"
- let deny_users = array_entry /DenyUsers/i "DenyUsers"
+ let allow_groups = array_entry "AllowGroups"
+ let allow_users = array_entry "AllowUsers"
+ let deny_groups = array_entry "DenyGroups"
+ let deny_users = array_entry "DenyUsers"

let subsystemvalue =
let value = store (/[^ \t\n](.*[^ \t\n])?/) in
[ key /[A-Za-z0-9\-]+/ . sep . value . eol ]

let subsystem =
- [ key /Subsystem/i . sep . subsystemvalue ]
+ [ key "Subsystem" . sep . subsystemvalue ]

- let list (kw:regexp) (sq:string) =
- let value = store /[^, \t\n]+/ in
- [ key kw . sep .
- [ seq sq . value ] .
- ([ seq sq . Util.del_str "," . value])* .
+ let macs =
+ let mac_value = store /[^, \t\n]+/ in
+ [ key "MACs" . sep .
+ [ seq "macs" . mac_value ] .
+ ([ seq "macs" . Util.del_str "," . mac_value])* .
eol ]

- let macs = list /MACs/i "MACs"
-
- let ciphers = list /Ciphers/i "Ciphers"
-
- let kexalgorithms = list /KexAlgorithms/i "KexAlgorithms"
-
- let entry = accept_env | allow_groups | allow_users
- | deny_groups | subsystem | deny_users
- | macs | ciphers | kexalgorithms
- | other_entry
-
let condition_entry =
let value = store /[^ \t\n]+/ in
[ sep . key /[A-Za-z0-9]+/ . sep . value ]
@@ -126,15 +112,17 @@ module Sshd =
let match_cond =
[ label "Condition" . condition_entry+ . eol ]

- let match_entry = indent . (entry | comment_noindent)
- | empty
+ let match_entry =
+ ( comment | empty | (Util.indent . other_entry) )

let match =
- [ key /Match/i . match_cond
+ [ key "Match" . match_cond
. [ label "Settings" . match_entry+ ]
]

- let lns = (entry | comment | empty)* . match*
+ let lns = (comment | empty | accept_env | allow_groups | allow_users
+ | deny_groups | subsystem | deny_users | macs
+ | other_entry ) * . match*

let xfm = transform lns (incl "/etc/ssh/sshd_config")

diff --git a/lenses/sshd_140.aug b/lenses/sshd_140.aug
new file mode 100644
index 00000000..8a7f176f
--- /dev/null
+++ b/lenses/sshd_140.aug
@@ -0,0 +1,141 @@
+(*
+Module: Sshd_140
+ Parses /etc/ssh/sshd_config
+
+ This module is compatible with Augeas 1.4.0, but is not loaded by default.
+
+Author: David Lutterkort lutter@redhat.com
+ Dominique Dumont dominique.dumont@hp.com
+
+About: Reference
+ sshd_config man page.
+ See http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
+
+About: License
+ This file is licensed under the LGPL v2+.
+
+About: Lens Usage
+ Sample usage of this lens in augtool:
+
+ * Get your current setup
+ > print /files/etc/ssh/sshd_config
+ ...
+
+ * Set X11Forwarding to "no"
+ > set /files/etc/ssh/sshd_config/X11Forwarding "no"
+
+ More advanced usage:
+
+ * Set a Match section
+ > set /files/etc/ssh/sshd_config/Match[1]/Condition/User "foo"
+ > set /files/etc/ssh/sshd_config/Match[1]/Settings/X11Forwarding "yes"
+
+ Saving your file:
+
+ > save
+
+
+About: CAVEATS
+
+ In sshd_config, Match blocks must be located at the end of the file.
+ This means that any new "global" parameters (i.e. outside of a Match
+ block) must be written before the first Match block. By default,
+ Augeas will write new parameters at the end of the file.
+
+ I.e. if you have a Match section and no ChrootDirectory parameter,
+ this command:
+
+ > set /files/etc/ssh/sshd_config/ChrootDirectory "foo"
+
+ will be stored in a new node after the Match section and Augeas will
+ refuse to save sshd_config file.
+
+ To create a new parameter as the right place, you must first create
+ a new Augeas node before the Match section:
+
+ > ins ChrootDirectory before /files/etc/ssh/sshd_config/Match
+
+ Then, you can set the parameter
+
+ > set /files/etc/ssh/sshd_config/ChrootDirectory "foo"
+
+
+About: Configuration files
+ This lens applies to /etc/ssh/sshd_config
+
+*)
+
+module Sshd_140 =
+ let eol = del /[ \t]*\n/ "\n"
+
+ let sep = Util.del_ws_spc
+
+ let indent = del /[ \t]*/ " "
+
+ let key_re = /[A-Za-z0-9]+/
+ - /MACs|Match|AcceptEnv|Subsystem|Ciphers|KexAlgorithms|(Allow|Deny)(Groups|Users)/i
+
+ let comment = Util.comment
+ let comment_noindent = Util.comment_noindent
+ let empty = Util.empty
+
+ let array_entry (kw:regexp) (sq:string) =
+ let value = store /[^ \t\n]+/ in
+ [ key kw . [ sep . seq sq . value]* . eol ]
+
+ let other_entry =
+ let value = store /[^ \t\n]+([ \t]+[^ \t\n]+)*/ in
+ [ key key_re . sep . value . eol ]
+
+ let accept_env = array_entry /AcceptEnv/i "AcceptEnv"
+
+ let allow_groups = array_entry /AllowGroups/i "AllowGroups"
+ let allow_users = array_entry /AllowUsers/i "AllowUsers"
+ let deny_groups = array_entry /DenyGroups/i "DenyGroups"
+ let deny_users = array_entry /DenyUsers/i "DenyUsers"
+
+ let subsystemvalue =
+ let value = store (/[^ \t\n](.*[^ \t\n])?/) in
+ [ key /[A-Za-z0-9\-]+/ . sep . value . eol ]
+
+ let subsystem =
+ [ key /Subsystem/i . sep . subsystemvalue ]
+
+ let list (kw:regexp) (sq:string) =
+ let value = store /[^, \t\n]+/ in
+ [ key kw . sep .
+ [ seq sq . value ] .
+ ([ seq sq . Util.del_str "," . value])* .
+ eol ]
+
+ let macs = list /MACs/i "MACs"
+
+ let ciphers = list /Ciphers/i "Ciphers"
+
+ let kexalgorithms = list /KexAlgorithms/i "KexAlgorithms"
+
+ let entry = accept_env | allow_groups | allow_users
+ | deny_groups | subsystem | deny_users
+ | macs | ciphers | kexalgorithms
+ | other_entry
+
+ let condition_entry =
+ let value = store /[^ \t\n]+/ in
+ [ sep . key /[A-Za-z0-9]+/ . sep . value ]
+
+ let match_cond =
+ [ label "Condition" . condition_entry+ . eol ]
+
+ let match_entry = indent . (entry | comment_noindent)
+ | empty
+
+ let match =
+ [ key /Match/i . match_cond
+ . [ label "Settings" . match_entry+ ]
+ ]
+
+ let lns = (entry | comment | empty)* . match*
+
+(* Local Variables: *)
+(* mode: caml *)
+(* End: *)
diff --git a/lenses/tests/test_sshd.aug b/lenses/tests/test_sshd.aug
index 5954e16f..788a12f0 100644
--- a/lenses/tests/test_sshd.aug
+++ b/lenses/tests/test_sshd.aug
@@ -1,4 +1,3 @@
-(* Module: Test_sshd *)
module Test_sshd =

let accept_env = "Protocol 2
@@ -75,61 +74,6 @@ Match User sarko Group pres.*
Match User bush Group pres.* Host white.house.*
Banner /etc/welcome.txt\n"

-(* Test: Sshd.lns
- Indent when adding to a Match group *)
- test Sshd.lns put match_blocks after
- set "Match[1]/Settings/PermitRootLogin" "yes";
- set "Match[1]/Settings/#comment" "a comment" =
-"X11Forwarding yes
-Match User sarko Group pres.*
- Banner /etc/bienvenue.txt
- X11Forwarding no
- PermitRootLogin yes
- # a comment
-Match User bush Group pres.* Host white.house.*
-Banner /etc/welcome.txt\n"
-
-
-(* Test: Sshd.lns
- Parse Ciphers and KexAlgorithms as lists (GH issue #69) *)
-test Sshd.lns get "Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
-KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1\n" =
- { "Ciphers"
- { "1" = "aes256-gcm@openssh.com" }
- { "2" = "aes128-gcm@openssh.com" }
- { "3" = "aes256-ctr" }
- { "4" = "aes128-ctr" }
- }
- { "KexAlgorithms"
- { "1" = "diffie-hellman-group-exchange-sha256" }
- { "2" = "diffie-hellman-group14-sha1" }
- { "3" = "diffie-hellman-group-exchange-sha1" }
- }
-
-(* Test: Sshd.lns
- Keys are case-insensitive *)
-test Sshd.lns get "ciPheRs aes256-gcm@openssh.com,aes128-ctr
-maTcH User foo
- x11forwarding no\n" =
- { "ciPheRs"
- { "1" = "aes256-gcm@openssh.com" }
- { "2" = "aes128-ctr" }
- }
- { "maTcH"
- { "Condition"
- { "User" = "foo" }
- }
- { "Settings"
- { "x11forwarding" = "no" }
- }
- }
-
-(* Test: Sshd.lns
- Allow AllowGroups in Match groups (GH issue #75) *)
-test Sshd.lns get "Match User foo
-AllowGroups users\n" =
- { "Match" { "Condition" { "User" = "foo" } }
- { "Settings" { "AllowGroups" { "1" = "users" } } } }

(* Local Variables: *)
(* mode: caml *)
diff --git a/lenses/tests/test_sshd_140.aug b/lenses/tests/test_sshd_140.aug
new file mode 100644
index 00000000..056c53f9
--- /dev/null
+++ b/lenses/tests/test_sshd_140.aug
@@ -0,0 +1,136 @@
+(* Module: Test_sshd_140 *)
+module Test_sshd_140 =
+
+ let accept_env = "Protocol 2
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL\n"
+
+ test Sshd_140.lns get accept_env =
+ { "Protocol" = "2" }
+ { "AcceptEnv"
+ { "1" = "LC_PAPER" }
+ { "2" = "LC_NAME" }
+ { "3" = "LC_ADDRESS" }
+ { "4" = "LC_TELEPHONE" }
+ { "5" = "LC_MEASUREMENT" } }
+ { "AcceptEnv"
+ { "6" = "LC_IDENTIFICATION" }
+ { "7" = "LC_ALL" } }
+
+
+ test Sshd_140.lns get "HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key\n" =
+ { "HostKey" = "/etc/ssh/ssh_host_rsa_key" }
+ { "HostKey" = "/etc/ssh/ssh_host_dsa_key" }
+
+
+ test Sshd_140.lns put accept_env after
+ rm "AcceptEnv";
+ rm "AcceptEnv";
+ set "Protocol" "1.5";
+ set "X11Forwarding" "yes"
+ = "Protocol 1.5\nX11Forwarding yes\n"
+
+ test Sshd_140.lns get "AuthorizedKeysFile %h/.ssh/authorized_keys\n" =
+ { "AuthorizedKeysFile" = "%h/.ssh/authorized_keys" }
+
+ test Sshd_140.lns get "Subsystem sftp /usr/lib/openssh/sftp-server\n" =
+ { "Subsystem"
+ { "sftp" = "/usr/lib/openssh/sftp-server" } }
+
+ test Sshd_140.lns get "Subsystem sftp-test /usr/lib/openssh/sftp-server\n" =
+ { "Subsystem"
+ { "sftp-test" = "/usr/lib/openssh/sftp-server" } }
+
+
+
+ let match_blocks = "X11Forwarding yes
+Match User sarko Group pres.*
+ Banner /etc/bienvenue.txt
+ X11Forwarding no
+Match User bush Group pres.* Host white.house.*
+Banner /etc/welcome.txt
+"
+ test Sshd_140.lns get match_blocks =
+ { "X11Forwarding" = "yes"}
+ { "Match"
+ { "Condition" { "User" = "sarko" }
+ { "Group" = "pres.*" } }
+ { "Settings" { "Banner" = "/etc/bienvenue.txt" }
+ { "X11Forwarding" = "no" } } }
+ { "Match"
+ { "Condition" { "User" = "bush" }
+ { "Group" = "pres.*" }
+ { "Host" = "white.house.*" } }
+ { "Settings" { "Banner" = "/etc/welcome.txt" } } }
+
+ test Sshd_140.lns put match_blocks after
+ insb "Subsystem" "/Match[1]";
+ set "/Subsystem/sftp" "/usr/libexec/openssh/sftp-server"
+ = "X11Forwarding yes
+Subsystem sftp /usr/libexec/openssh/sftp-server
+Match User sarko Group pres.*
+ Banner /etc/bienvenue.txt
+ X11Forwarding no
+Match User bush Group pres.* Host white.house.*
+Banner /etc/welcome.txt\n"
+
+(* Test: Sshd_140.lns
+ Indent when adding to a Match group *)
+ test Sshd_140.lns put match_blocks after
+ set "Match[1]/Settings/PermitRootLogin" "yes";
+ set "Match[1]/Settings/#comment" "a comment" =
+"X11Forwarding yes
+Match User sarko Group pres.*
+ Banner /etc/bienvenue.txt
+ X11Forwarding no
+ PermitRootLogin yes
+ # a comment
+Match User bush Group pres.* Host white.house.*
+Banner /etc/welcome.txt\n"
+
+
+(* Test: Sshd_140.lns
+ Parse Ciphers and KexAlgorithms as lists (GH issue #69) *)
+test Sshd_140.lns get "Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
+KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1\n" =
+ { "Ciphers"
+ { "1" = "aes256-gcm@openssh.com" }
+ { "2" = "aes128-gcm@openssh.com" }
+ { "3" = "aes256-ctr" }
+ { "4" = "aes128-ctr" }
+ }
+ { "KexAlgorithms"
+ { "1" = "diffie-hellman-group-exchange-sha256" }
+ { "2" = "diffie-hellman-group14-sha1" }
+ { "3" = "diffie-hellman-group-exchange-sha1" }
+ }
+
+(* Test: Sshd_140.lns
+ Keys are case-insensitive *)
+test Sshd_140.lns get "ciPheRs aes256-gcm@openssh.com,aes128-ctr
+maTcH User foo
+ x11forwarding no\n" =
+ { "ciPheRs"
+ { "1" = "aes256-gcm@openssh.com" }
+ { "2" = "aes128-ctr" }
+ }
+ { "maTcH"
+ { "Condition"
+ { "User" = "foo" }
+ }
+ { "Settings"
+ { "x11forwarding" = "no" }
+ }
+ }
+
+(* Test: Sshd_140.lns
+ Allow AllowGroups in Match groups (GH issue #75) *)
+test Sshd_140.lns get "Match User foo
+AllowGroups users\n" =
+ { "Match" { "Condition" { "User" = "foo" } }
+ { "Settings" { "AllowGroups" { "1" = "users" } } } }
+
+(* Local Variables: *)
+(* mode: caml *)
+(* End: *)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b4563540..387ac7d2 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -189,6 +189,7 @@ lens_tests = \
lens-squid.sh \
lens-ssh.sh \
lens-sshd.sh \
+ lens-sshd_140.sh \
lens-sssd.sh \
lens-stunnel.sh \
lens-subversion.sh \
--
2.13.6

1749
SOURCES/0007-Dhcpd-revert-Dhcpd-module-to-1.1.0-compatible-add-Dh.patch Normal file
View File

File diff suppressed because it is too large Load Diff

417
SOURCES/0008-Slapd-revert-Slapd-module-to-1.1.0-compatible-add-Sl.patch Normal file
View File

@ -0,0 +1,417 @@
From faf60bc7b1cb727482a17de9a2483998763978c0 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Fri, 12 Jun 2015 11:14:32 +0100
Subject: [PATCH] Slapd: revert Slapd module to 1.1.0-compatible, add Slapd_140

In order to keep the default sshd config lens compatible with 1.1.0,
the lens from 1.4.0 has been kept in the Slapd_140 module and is not
loaded by default. Use aug_transform, augtool --transform etc. to use
it instead of Slapd.
---
lenses/slapd.aug | 18 ++---
lenses/slapd_140.aug | 158 ++++++++++++++++++++++++++++++++++++++++
lenses/tests/test_slapd.aug | 55 ++++----------
lenses/tests/test_slapd_140.aug | 94 ++++++++++++++++++++++++
tests/Makefile.am | 1 +
5 files changed, 273 insertions(+), 53 deletions(-)
create mode 100644 lenses/slapd_140.aug
create mode 100644 lenses/tests/test_slapd_140.aug

diff --git a/lenses/slapd.aug b/lenses/slapd.aug
index e1195655..afe074b1 100644
--- a/lenses/slapd.aug
+++ b/lenses/slapd.aug
@@ -18,6 +18,7 @@ let sep = del /[ \t\n]+/ " "

let sto_to_eol = store /([^ \t\n].*[^ \t\n]|[^ \t\n])/
let sto_to_spc = store /[^\\# \t\n]+/
+let sto_to_by = store (/[^\\# \t\n]+/ - "by")

let comment = Util.comment
let empty = Util.empty
@@ -27,14 +28,12 @@ let empty = Util.empty
*************************************************************************)

let access_re = "access to"
-let control_re = "stop" | "continue" | "break"
-let what = [ spc . label "access"
- . store (/[^\\# \t\n]+/ - ("by" | control_re)) ]
+let who = [ spc . label "who" . sto_to_spc ]
+let what = [ spc . label "what" . sto_to_spc ]

(* TODO: parse the control field, see man slapd.access (5) *)
-let control = [ spc . label "control" . store control_re ]
-let by = [ sep . key "by" . spc . sto_to_spc
- . what? . control? ]
+let control = [ spc . label "control" . sto_to_by ]
+let by = [ sep . key "by". who . what. control? ]

let access = [ key access_re . spc. sto_to_spc . by+ . eol ]

@@ -134,21 +133,18 @@ let database_re = "suffix"
| "restrict"
| "rootdn"
| "rootpw"
+ | "suffix"
| "subordinate"
| "syncrepl rid"
| "updatedn"
| "updateref"
| database_hdb

-let database_entry =
- let val = Quote.double_opt
- in Build.key_value_line database_re Sep.space val
-
let database = [ key "database"
. spc
. sto_to_eol
. eol
- . (comment|empty|database_entry|access)* ]
+ . (comment|empty|Build.key_ws_value database_re|access)* ]

(************************************************************************
* LENS
diff --git a/lenses/slapd_140.aug b/lenses/slapd_140.aug
new file mode 100644
index 00000000..8d1cd074
--- /dev/null
+++ b/lenses/slapd_140.aug
@@ -0,0 +1,158 @@
+(* Slapd module for Augeas
+ This module is compatible with Augeas 1.4.0, but is not loaded by default.
+
+ Author: Free Ekanayaka <free@64studio.com>
+
+ Reference: man slapd.conf(5), man slapd.access (5)
+
+*)
+
+module Slapd_140 =
+
+(************************************************************************
+ * USEFUL PRIMITIVES
+ *************************************************************************)
+
+let eol = Util.eol
+let spc = Util.del_ws_spc
+let sep = del /[ \t\n]+/ " "
+
+let sto_to_eol = store /([^ \t\n].*[^ \t\n]|[^ \t\n])/
+let sto_to_spc = store /[^\\# \t\n]+/
+
+let comment = Util.comment
+let empty = Util.empty
+
+(************************************************************************
+ * ACCESS TO
+ *************************************************************************)
+
+let access_re = "access to"
+let control_re = "stop" | "continue" | "break"
+let what = [ spc . label "access"
+ . store (/[^\\# \t\n]+/ - ("by" | control_re)) ]
+
+(* TODO: parse the control field, see man slapd.access (5) *)
+let control = [ spc . label "control" . store control_re ]
+let by = [ sep . key "by" . spc . sto_to_spc
+ . what? . control? ]
+
+let access = [ key access_re . spc. sto_to_spc . by+ . eol ]
+
+(************************************************************************
+ * GLOBAL
+ *************************************************************************)
+
+(* TODO: parse special field separately, see man slapd.conf (5) *)
+let global_re = "allow"
+ | "argsfile"
+ | "attributeoptions"
+ | "attributetype"
+ | "authz-policy"
+ | "ldap"
+ | "dn"
+ | "concurrency"
+ | "cron_max_pending"
+ | "conn_max_pending_auth"
+ | "defaultsearchbase"
+ | "disallow"
+ | "ditcontentrule"
+ | "gentlehup"
+ | "idletimeout"
+ | "include"
+ | "index_substr_if_minlen"
+ | "index_substr_if_maxlen"
+ | "index_substr_any_len"
+ | "index_substr_any_step"
+ | "localSSF"
+ | "loglevel"
+ | "moduleload"
+ | "modulepath"
+ | "objectclass"
+ | "objectidentifier"
+ | "password-hash"
+ | "password-crypt-salt-format"
+ | "pidfile"
+ | "referral"
+ | "replica-argsfile"
+ | "replica-pidfile"
+ | "replicationinterval"
+ | "require"
+ | "reverse-lookup"
+ | "rootDSE"
+ | "sasl-host "
+ | "sasl-realm"
+ | "sasl-secprops"
+ | "schemadn"
+ | "security"
+ | "sizelimit"
+ | "sockbuf_max_incoming "
+ | "sockbuf_max_incoming_auth"
+ | "threads"
+ | "timelimit time"
+ | "tool-threads"
+ | "TLSCipherSuite"
+ | "TLSCACertificateFile"
+ | "TLSCACertificatePath"
+ | "TLSCertificateFile"
+ | "TLSCertificateKeyFile"
+ | "TLSDHParamFile"
+ | "TLSRandFile"
+ | "TLSVerifyClient"
+ | "TLSCRLCheck"
+ | "backend"
+
+let global = Build.key_ws_value global_re
+
+(************************************************************************
+ * DATABASE
+ *************************************************************************)
+
+(* TODO: support all types of database backend *)
+let database_hdb = "cachesize"
+ | "cachefree"
+ | "checkpoint"
+ | "dbconfig"
+ | "dbnosync"
+ | "directory"
+ | "dirtyread"
+ | "idlcachesize"
+ | "index"
+ | "linearindex"
+ | "lockdetect"
+ | "mode"
+ | "searchstack"
+ | "shm_key"
+
+let database_re = "suffix"
+ | "lastmod"
+ | "limits"
+ | "maxderefdepth"
+ | "overlay"
+ | "readonly"
+ | "replica uri"
+ | "replogfile"
+ | "restrict"
+ | "rootdn"
+ | "rootpw"
+ | "subordinate"
+ | "syncrepl rid"
+ | "updatedn"
+ | "updateref"
+ | database_hdb
+
+let database_entry =
+ let val = Quote.double_opt
+ in Build.key_value_line database_re Sep.space val
+
+let database = [ key "database"
+ . spc
+ . sto_to_eol
+ . eol
+ . (comment|empty|database_entry|access)* ]
+
+(************************************************************************
+ * LENS
+ *************************************************************************)
+
+let lns = (comment|empty|global|access)* . (database)*
diff --git a/lenses/tests/test_slapd.aug b/lenses/tests/test_slapd.aug
index a4bbb4e9..e477342a 100644
--- a/lenses/tests/test_slapd.aug
+++ b/lenses/tests/test_slapd.aug
@@ -48,47 +48,18 @@ test Slapd.lns get conf =
{ "database" = "hdb"
{}
{ "#comment" = "The base of your directory in database #1" }
- { "suffix" = "dc=nodomain" }
+ { "suffix" = "\"dc=nodomain\"" }
{}
{ "access to" = "attrs=userPassword,shadowLastChange"
- { "by" = "dn=\"cn=admin,dc=nodomain\""
- { "access" = "write" } }
- { "by" = "anonymous"
- { "access" = "auth" } }
- { "by" = "self"
- { "access" = "write" } }
- { "by" = "*"
- { "access" = "none" } } } }
-
-(* Test: Slapd.lns
- Full access test with who/access/control *)
-test Slapd.lns get "access to dn.subtree=\"dc=example,dc=com\"
- by self write stop\n" =
- { "access to" = "dn.subtree=\"dc=example,dc=com\""
- { "by" = "self"
- { "access" = "write" }
- { "control" = "stop" } } }
-
-(* Test: Slapd.lns
- access test with who *)
-test Slapd.lns get "access to dn.subtree=\"dc=example,dc=com\"
- by self\n" =
- { "access to" = "dn.subtree=\"dc=example,dc=com\""
- { "by" = "self" } }
-
-(* Test: Slapd.lns
- access test with who/access *)
-test Slapd.lns get "access to dn.subtree=\"dc=example,dc=com\"
- by self write\n" =
- { "access to" = "dn.subtree=\"dc=example,dc=com\""
- { "by" = "self"
- { "access" = "write" } } }
-
-(* Test: Slapd.lns
- access test with who/control *)
-test Slapd.lns get "access to dn.subtree=\"dc=example,dc=com\"
- by self stop\n" =
- { "access to" = "dn.subtree=\"dc=example,dc=com\""
- { "by" = "self"
- { "control" = "stop" } } }
-
+ { "by"
+ { "who" = "dn=\"cn=admin,dc=nodomain\"" }
+ { "what" = "write" } }
+ { "by"
+ { "who" = "anonymous" }
+ { "what" = "auth" } }
+ { "by"
+ { "who" = "self" }
+ { "what" = "write" } }
+ { "by"
+ { "who" = "*" }
+ { "what" = "none" } } } }
diff --git a/lenses/tests/test_slapd_140.aug b/lenses/tests/test_slapd_140.aug
new file mode 100644
index 00000000..0118f030
--- /dev/null
+++ b/lenses/tests/test_slapd_140.aug
@@ -0,0 +1,94 @@
+module Test_slapd_140 =
+
+let conf = "# This is the main slapd configuration file. See slapd.conf(5) for more
+# info on the configuration options.
+
+#######################################################################
+# Global Directives:
+
+# Features to permit
+#allow bind_v2
+
+# Schema and objectClass definitions
+include /etc/ldap/schema/core.schema
+
+#######################################################################
+# Specific Directives for database #1, of type hdb:
+# Database specific directives apply to this databasse until another
+# 'database' directive occurs
+database hdb
+
+# The base of your directory in database #1
+suffix \"dc=nodomain\"
+
+access to attrs=userPassword,shadowLastChange
+ by dn=\"cn=admin,dc=nodomain\" write
+ by anonymous auth
+ by self write
+ by * none
+"
+
+test Slapd_140.lns get conf =
+ { "#comment" = "This is the main slapd configuration file. See slapd.conf(5) for more" }
+ { "#comment" = "info on the configuration options." }
+ {}
+ { "#comment" = "######################################################################" }
+ { "#comment" = "Global Directives:"}
+ {}
+ { "#comment" = "Features to permit" }
+ { "#comment" = "allow bind_v2" }
+ {}
+ { "#comment" = "Schema and objectClass definitions" }
+ { "include" = "/etc/ldap/schema/core.schema" }
+ {}
+ { "#comment" = "######################################################################" }
+ { "#comment" = "Specific Directives for database #1, of type hdb:" }
+ { "#comment" = "Database specific directives apply to this databasse until another" }
+ { "#comment" = "'database' directive occurs" }
+ { "database" = "hdb"
+ {}
+ { "#comment" = "The base of your directory in database #1" }
+ { "suffix" = "dc=nodomain" }
+ {}
+ { "access to" = "attrs=userPassword,shadowLastChange"
+ { "by" = "dn=\"cn=admin,dc=nodomain\""
+ { "access" = "write" } }
+ { "by" = "anonymous"
+ { "access" = "auth" } }
+ { "by" = "self"
+ { "access" = "write" } }
+ { "by" = "*"
+ { "access" = "none" } } } }
+
+(* Test: Slapd_140.lns
+ Full access test with who/access/control *)
+test Slapd_140.lns get "access to dn.subtree=\"dc=example,dc=com\"
+ by self write stop\n" =
+ { "access to" = "dn.subtree=\"dc=example,dc=com\""
+ { "by" = "self"
+ { "access" = "write" }
+ { "control" = "stop" } } }
+
+(* Test: Slapd_140.lns
+ access test with who *)
+test Slapd_140.lns get "access to dn.subtree=\"dc=example,dc=com\"
+ by self\n" =
+ { "access to" = "dn.subtree=\"dc=example,dc=com\""
+ { "by" = "self" } }
+
+(* Test: Slapd_140.lns
+ access test with who/access *)
+test Slapd_140.lns get "access to dn.subtree=\"dc=example,dc=com\"
+ by self write\n" =
+ { "access to" = "dn.subtree=\"dc=example,dc=com\""
+ { "by" = "self"
+ { "access" = "write" } } }
+
+(* Test: Slapd_140.lns
+ access test with who/control *)
+test Slapd_140.lns get "access to dn.subtree=\"dc=example,dc=com\"
+ by self stop\n" =
+ { "access to" = "dn.subtree=\"dc=example,dc=com\""
+ { "by" = "self"
+ { "control" = "stop" } } }
+
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 315cac9c..65d8993e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -182,6 +182,7 @@ lens_tests = \
lens-simplevars.sh \
lens-sip_conf.sh \
lens-slapd.sh \
+ lens-slapd_140.sh \
lens-smbusers.sh \
lens-solaris_system.sh \
lens-soma.sh \
--
2.13.6

257
SOURCES/0009-Rhsm-new-lens-to-parse-subscription-manager-s-rhsm.c.patch Normal file
View File

@ -0,0 +1,257 @@
From a90c028eae871422588037ea1a21aff080f77fd2 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Fri, 3 Jul 2015 12:05:30 +0100
Subject: [PATCH] Rhsm: new lens to parse subscription-manager's rhsm.conf

(cherry picked from commit abdb9fbc4e8c0975f51a62e34ee2e22ed2d5c39f)

Conflicts:
NEWS
---
doc/naturaldocs/conf/lenses/Menu.txt | 2 +
lenses/rhsm.aug | 42 ++++++++++
lenses/tests/test_rhsm.aug | 151 +++++++++++++++++++++++++++++++++++
tests/Makefile.am | 1 +
4 files changed, 196 insertions(+)
create mode 100644 lenses/rhsm.aug
create mode 100644 lenses/tests/test_rhsm.aug

diff --git a/doc/naturaldocs/conf/lenses/Menu.txt b/doc/naturaldocs/conf/lenses/Menu.txt
index c245446b..e74cd13a 100644
--- a/doc/naturaldocs/conf/lenses/Menu.txt
+++ b/doc/naturaldocs/conf/lenses/Menu.txt
@@ -151,6 +151,7 @@ Group: Specific Modules {
File: Redis (redis.aug)
File: Reprepro_Uploaders (reprepro_uploaders.aug)
File: Resolv (resolv.aug)
+ File: Rhsm (rhsm.aug)
File: Rmt (rmt.aug)
File: Rsyslog (rsyslog.aug)
File: Schroot (schroot.aug)
@@ -261,6 +262,7 @@ Group: Tests and Examples {
File: Test_Rabbitmq (tests/test_rabbitmq.aug)
File: Test_Redis (tests/test_redis.aug)
File: Test_Reprepro_Uploaders (tests/test_reprepro_uploaders.aug)
+ File: Test_Rhsm (tests/test_rhsm.aug)
File: Test_Rmt (tests/test_rmt.aug)
File: Test_Rsyslog (tests/test_rsyslog.aug)
File: Test_Simplelines (tests/test_simplelines.aug)
diff --git a/lenses/rhsm.aug b/lenses/rhsm.aug
new file mode 100644
index 00000000..56cc82ea
--- /dev/null
+++ b/lenses/rhsm.aug
@@ -0,0 +1,42 @@
+(*
+Module: Rhsm
+ Parses subscription-manager config files
+
+Author: Dominic Cleal <dcleal@redhat.com>
+
+About: Reference
+ This lens tries to keep as close as possible to rhsm.conf(5) and
+ Python's SafeConfigParser. All settings must be in sections without
+ indentation. Semicolons and hashes are permitted for comments.
+
+About: License
+ This file is licenced under the LGPL v2+, like the rest of Augeas.
+
+About: Lens Usage
+ To be documented
+
+About: Configuration files
+ This lens applies to:
+ /etc/rhsm/rhsm.conf
+
+ See <filter>.
+*)
+
+module Rhsm =
+ autoload xfm
+
+(* Semicolons and hashes are permitted for comments *)
+let comment = IniFile.comment IniFile.comment_re "#"
+(* Equals and colons are permitted for separators *)
+let sep = IniFile.sep IniFile.sep_re IniFile.sep_default
+
+(* All settings must be in sections without indentation *)
+let entry = IniFile.entry_multiline IniFile.entry_re sep comment
+let title = IniFile.title IniFile.record_re
+let record = IniFile.record title entry
+
+let lns = IniFile.lns record comment
+
+let filter = incl "/etc/rhsm/rhsm.conf"
+
+let xfm = transform lns filter
diff --git a/lenses/tests/test_rhsm.aug b/lenses/tests/test_rhsm.aug
new file mode 100644
index 00000000..219a5be7
--- /dev/null
+++ b/lenses/tests/test_rhsm.aug
@@ -0,0 +1,151 @@
+(*
+Module: Test_Rhsm
+ Provides unit tests and examples for the <Rhsm> lens.
+*)
+
+module Test_rhsm =
+
+ (* Variable: conf
+ A full rhsm.conf *)
+ let conf = "# Red Hat Subscription Manager Configuration File:
+
+# Unified Entitlement Platform Configuration
+[server]
+# Server hostname:
+hostname = subscription.rhn.redhat.com
+
+# Server prefix:
+prefix = /subscription
+
+# Server port:
+port = 443
+
+# Set to 1 to disable certificate validation:
+insecure = 0
+
+# Set the depth of certs which should be checked
+# when validating a certificate
+ssl_verify_depth = 3
+
+# an http proxy server to use
+proxy_hostname =
+
+# port for http proxy server
+proxy_port =
+
+# user name for authenticating to an http proxy, if needed
+proxy_user =
+
+# password for basic http proxy auth, if needed
+proxy_password =
+
+[rhsm]
+# Content base URL:
+baseurl= https://cdn.redhat.com
+
+# Server CA certificate location:
+ca_cert_dir = /etc/rhsm/ca/
+
+# Default CA cert to use when generating yum repo configs:
+repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem
+
+# Where the certificates should be stored
+productCertDir = /etc/pki/product
+entitlementCertDir = /etc/pki/entitlement
+consumerCertDir = /etc/pki/consumer
+
+# Manage generation of yum repositories for subscribed content:
+manage_repos = 1
+
+# Refresh repo files with server overrides on every yum command
+full_refresh_on_yum = 0
+
+# If set to zero, the client will not report the package profile to
+# the subscription management service.
+report_package_profile = 1
+
+# The directory to search for subscription manager plugins
+pluginDir = /usr/share/rhsm-plugins
+
+# The directory to search for plugin configuration files
+pluginConfDir = /etc/rhsm/pluginconf.d
+
+[rhsmcertd]
+# Interval to run cert check (in minutes):
+certCheckInterval = 240
+# Interval to run auto-attach (in minutes):
+autoAttachInterval = 1440
+"
+
+ test Rhsm.lns get conf =
+ { "#comment" = "Red Hat Subscription Manager Configuration File:" }
+ { }
+ { "#comment" = "Unified Entitlement Platform Configuration" }
+ { "server"
+ { "#comment" = "Server hostname:" }
+ { "hostname" = "subscription.rhn.redhat.com" }
+ { }
+ { "#comment" = "Server prefix:" }
+ { "prefix" = "/subscription" }
+ { }
+ { "#comment" = "Server port:" }
+ { "port" = "443" }
+ { }
+ { "#comment" = "Set to 1 to disable certificate validation:" }
+ { "insecure" = "0" }
+ { }
+ { "#comment" = "Set the depth of certs which should be checked" }
+ { "#comment" = "when validating a certificate" }
+ { "ssl_verify_depth" = "3" }
+ { }
+ { "#comment" = "an http proxy server to use" }
+ { "proxy_hostname" }
+ { }
+ { "#comment" = "port for http proxy server" }
+ { "proxy_port" }
+ { }
+ { "#comment" = "user name for authenticating to an http proxy, if needed" }
+ { "proxy_user" }
+ { }
+ { "#comment" = "password for basic http proxy auth, if needed" }
+ { "proxy_password" }
+ { }
+ }
+ { "rhsm"
+ { "#comment" = "Content base URL:" }
+ { "baseurl" = "https://cdn.redhat.com" }
+ { }
+ { "#comment" = "Server CA certificate location:" }
+ { "ca_cert_dir" = "/etc/rhsm/ca/" }
+ { }
+ { "#comment" = "Default CA cert to use when generating yum repo configs:" }
+ { "repo_ca_cert" = "%(ca_cert_dir)sredhat-uep.pem" }
+ { }
+ { "#comment" = "Where the certificates should be stored" }
+ { "productCertDir" = "/etc/pki/product" }
+ { "entitlementCertDir" = "/etc/pki/entitlement" }
+ { "consumerCertDir" = "/etc/pki/consumer" }
+ { }
+ { "#comment" = "Manage generation of yum repositories for subscribed content:" }
+ { "manage_repos" = "1" }
+ { }
+ { "#comment" = "Refresh repo files with server overrides on every yum command" }
+ { "full_refresh_on_yum" = "0" }
+ { }
+ { "#comment" = "If set to zero, the client will not report the package profile to" }
+ { "#comment" = "the subscription management service." }
+ { "report_package_profile" = "1" }
+ { }
+ { "#comment" = "The directory to search for subscription manager plugins" }
+ { "pluginDir" = "/usr/share/rhsm-plugins" }
+ { }
+ { "#comment" = "The directory to search for plugin configuration files" }
+ { "pluginConfDir" = "/etc/rhsm/pluginconf.d" }
+ { }
+ }
+ { "rhsmcertd"
+ { "#comment" = "Interval to run cert check (in minutes):" }
+ { "certCheckInterval" = "240" }
+ { "#comment" = "Interval to run auto-attach (in minutes):" }
+ { "autoAttachInterval" = "1440" }
+ }
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 65d8993e..4d2b2605 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -167,6 +167,7 @@ lens_tests = \
lens-redis.sh \
lens-reprepro_uploaders.sh \
lens-resolv.sh \
+ lens-rhsm.sh \
lens-rmt.sh \
lens-rsyncd.sh \
lens-rsyslog.sh \
--
2.13.6

28
SOURCES/0010-Fix-sudoers-lens-recognize-match_group_by_gid.patch Normal file
View File

@ -0,0 +1,28 @@
From 9a65d8e4a428f05e392658fac498ea99d3b3405f Mon Sep 17 00:00:00 2001
From: Luigi Toscano <ltoscano@redhat.com>
Date: Thu, 24 Aug 2017 16:21:49 +0200
Subject: [PATCH] Fix sudoers lens: recognize "match_group_by_gid"

The option is now enabled by default in the default sudoers of
RHEL 7.4 (and probably soon CentOS 7).

Closes #482
---
lenses/sudoers.aug | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lenses/sudoers.aug b/lenses/sudoers.aug
index 7567772d..0437daae 100644
--- a/lenses/sudoers.aug
+++ b/lenses/sudoers.aug
@@ -307,7 +307,7 @@ let parameter_flag_kw = "always_set_home" | "authenticate" | "env_editor"
| "tty_tickets" | "visiblepw" | "closefrom_override"
| "closefrom_override" | "compress_io" | "fast_glob"
| "log_input" | "log_output" | "pwfeedback"
- | "umask_override" | "use_pty"
+ | "umask_override" | "use_pty" | "match_group_by_gid"

let parameter_flag = [ del_negate . negate_node?
. key parameter_flag_kw ]
--
2.13.6

161
SOURCES/0011-src-pathx.c-parse_name-correctly-handle-trailing-whi.patch Normal file
View File

@ -0,0 +1,161 @@
From d157f330acfe94a1f61bf766b485beb0e0dd7177 Mon Sep 17 00:00:00 2001
From: David Lutterkort <lutter@watzmann.net>
Date: Fri, 4 Aug 2017 17:13:52 -0700
Subject: [PATCH] * src/pathx.c (parse_name): correctly handle trailing
whitespace in names

When a name ended in whitespace, we incorrectly assumed it was always ok to
trim that whitespace. That is not true if that whitespace is escaped,
i.e. if the path expression is something like '/x\ '. In that case, the
name really needs to be literally 'x ', i.e., we can not trim that
whitespace.

The incorrect behavior led to turning '/x\ ' first into 'x\' and then,
because we assume that '\' is always followed by a character inside the
string, when we removed the escaping '\', we would read beyond the end of
the intermediate string result; if we were lucky, that would lead to a
crash, otherwise we'd continue with junk.

We now make sure that escaped whitespace at the end of a string does not
get stripped, avoiding all these headaches.

Fixes RHBZ https://bugzilla.redhat.com/show_bug.cgi?id=1475621
---
src/pathx.c | 27 +++++++++++++++++++------
tests/test-xpath.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 80 insertions(+), 6 deletions(-)

diff --git a/src/pathx.c b/src/pathx.c
index 8d8dbbbe..a726a032 100644
--- a/src/pathx.c
+++ b/src/pathx.c
@@ -1643,6 +1643,16 @@ int pathx_escape_name(const char *in, char **out) {
return 0;
}

+/* Return true if POS is preceded by an odd number of backslashes, i.e., if
+ * POS is escaped. Stop the search when we get to START */
+static bool backslash_escaped(const char *pos, const char *start) {
+ bool result=false;
+ while (pos-- > start && *pos == '\\') {
+ result = !result;
+ }
+ return result;
+}
+
/*
* NameNoWS ::= [^][|/\= \t\n] | \\.
* NameWS ::= [^][|/\=] | \\.
@@ -1652,11 +1662,14 @@ static char *parse_name(struct state *state) {
const char *s = state->pos;
char *result;

+ /* Advance state->pos until it points to the first character that is
+ * not part of a name. */
while (*state->pos != '\0' && strchr(name_follow, *state->pos) == NULL) {
- /* This is a hack: since we allow spaces in names, we need to avoid
- * gobbling up stuff that is in follow(Name), e.g. 'or' so that
- * things like [name1 or name2] still work.
- */
+ /* Since we allow spaces in names, we need to avoid gobbling up
+ * stuff that is in follow(Name), e.g. 'or' so that things like
+ * [name1 or name2] still work. In other words, we'll parse 'x frob
+ * y' as one name, but for 'x or y', we consider 'x' a name in its
+ * own right. */
if (STREQLEN(state->pos, " or ", strlen(" or ")) ||
STREQLEN(state->pos, " and ", strlen(" and ")))
break;
@@ -1671,10 +1684,12 @@ static char *parse_name(struct state *state) {
state->pos += 1;
}

- /* Strip trailing white space */
+ /* Strip trailing white space. Make sure we respect escaped whitespace
+ * and don't strip it as in "x\\ " */
if (state->pos > s) {
state->pos -= 1;
- while (isspace(*state->pos) && state->pos >= s)
+ while (isspace(*state->pos) && state->pos > s
+ && !backslash_escaped(state->pos, s))
state->pos -= 1;
state->pos += 1;
}
diff --git a/tests/test-xpath.c b/tests/test-xpath.c
index 335e7bf8..dbba29e0 100644
--- a/tests/test-xpath.c
+++ b/tests/test-xpath.c
@@ -331,6 +331,62 @@ static int test_wrong_regexp_flag(struct augeas *aug) {
return -1;
}

+static int test_trailing_ws_in_name(struct augeas *aug) {
+ int r;
+
+ printf("%-30s ... ", "trailing_ws_in_name");
+
+ /* We used to incorrectly lop escaped whitespace off the end of a
+ * name. Make sure that we really create a tree node with label 'x '
+ * with the below set, and look for it in a number of ways to ensure we
+ * are not lopping off trailing whitespace. */
+ r = aug_set(aug, "/ws\\ ", "1");
+ if (r < 0) {
+ fprintf(stderr, "failed to set '/ws ': %d\n", r);
+ goto fail;
+ }
+ /* We did not create a node with label 'ws' */
+ r = aug_get(aug, "/ws", NULL);
+ if (r != 0) {
+ fprintf(stderr, "created '/ws' instead: %d\n", r);
+ goto fail;
+ }
+
+ /* We did not create a node with label 'ws\t' (this also checks that we
+ * don't create something like 'ws\\' by dropping the last whitespace
+ * character. */
+ r = aug_get(aug, "/ws\\\t", NULL);
+ if (r != 0) {
+ fprintf(stderr, "found '/ws\\t': %d\n", r);
+ goto fail;
+ }
+
+ /* But we did create 'ws ' */
+ r = aug_get(aug, "/ws\\ ", NULL);
+ if (r != 1) {
+ fprintf(stderr, "could not find '/ws ': %d\n", r);
+ goto fail;
+ }
+
+ /* If the whitespace is preceded by an even number of '\\' chars,
+ * whitespace must be stripped */
+ r = aug_set(aug, "/nows\\\\ ", "1");
+ if (r < 0) {
+ fprintf(stderr, "set of '/nows' failed: %d\n", r);
+ goto fail;
+ }
+ r = aug_get(aug, "/nows\\\\", NULL);
+ if (r != 1) {
+ fprintf(stderr, "could not get '/nows\\'\n");
+ goto fail;
+ }
+ printf("PASS\n");
+ return 0;
+ fail:
+ printf("FAIL\n");
+ return -1;
+}
+
static int run_tests(struct test *tests, int argc, char **argv) {
char *lensdir;
struct augeas *aug = NULL;
@@ -374,6 +430,9 @@ static int run_tests(struct test *tests, int argc, char **argv) {

if (test_wrong_regexp_flag(aug) < 0)
result = EXIT_FAILURE;
+
+ if (test_trailing_ws_in_name(aug) < 0)
+ result = EXIT_FAILURE;
}
aug_close(aug);

--
2.13.6

27
SOURCES/0012-tests-test-save.c-testSaveNoPermission-skip-when-roo.patch Normal file
View File

@ -0,0 +1,27 @@
From f0e1dfad1c8a7c8193f2805c0919d6105344dc17 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Thu, 17 Dec 2015 10:40:45 +0000
Subject: [PATCH] * tests/test-save.c (testSaveNoPermission): skip when root

---
tests/test-save.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/tests/test-save.c b/tests/test-save.c
index 4b6470f2..8775ba54 100644
--- a/tests/test-save.c
+++ b/tests/test-save.c
@@ -355,6 +355,11 @@ static void testPathEscaping(CuTest *tc) {
* used to lead to a SEGV
*/
static void testSaveNoPermission(CuTest *tc) {
+ if (getuid() == 0) {
+ puts("pending (testSaveNoPermission): can't test permissions under root account");
+ return;
+ }
+
int r;
char *path = NULL;
const char *v;
--
2.13.6

51
SOURCES/0013-Chrony-allow-signed-numbers.patch Normal file
View File

@ -0,0 +1,51 @@
From deae1ee7eafff09b983ba7b9bcb7e59df92a5cea Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 3 Jun 2015 17:31:07 +0200
Subject: [PATCH] Chrony: allow signed numbers

---
lenses/chrony.aug | 4 ++--
lenses/tests/test_chrony.aug | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lenses/chrony.aug b/lenses/chrony.aug
index 32575688..5e30ee1f 100644
--- a/lenses/chrony.aug
+++ b/lenses/chrony.aug
@@ -50,10 +50,10 @@ module Chrony =
let word = Rx.word

(* Variable: integer *)
- let integer = Rx.integer
+ let integer = Rx.relinteger

(* Variable: decimal *)
- let decimal = Rx.decimal
+ let decimal = Rx.reldecimal

(* Variable: ip *)
let ip = Rx.ip
diff --git a/lenses/tests/test_chrony.aug b/lenses/tests/test_chrony.aug
index c4b552eb..905ecee4 100644
--- a/lenses/tests/test_chrony.aug
+++ b/lenses/tests/test_chrony.aug
@@ -25,7 +25,7 @@ peer ntpc1.example.com
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
-makestep 10 3
+makestep 10 -1
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
local stratum 10
@@ -87,7 +87,7 @@ initstepslew 30 foo.bar.com baz.quz.com
{ "rtcsync" }
{ "makestep"
{ "threshold" = "10" }
- { "limit" = "3" }
+ { "limit" = "-1" }
}
{ "bindcmdaddress" = "127.0.0.1" }
{ "bindcmdaddress" = "::1" }
--
2.13.6

51
SOURCES/0014-Fix-430-support-Krb5-include-dir.patch Normal file
View File

@ -0,0 +1,51 @@
From 430f0210d36d3abf2bfbe2a336f8f8d260ccc81b Mon Sep 17 00:00:00 2001
From: "Jason A. Smith" <smithj4@bnl.gov>
Date: Fri, 23 Dec 2016 03:19:24 -0500
Subject: [PATCH] Fix #430 - support Krb5 include(dir)?

Updated the Krb5 lens to support the include(dir)? directives,
with test case.
---
lenses/krb5.aug | 9 +++++++--
lenses/tests/test_krb5.aug | 9 +++++++++
2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/lenses/krb5.aug b/lenses/krb5.aug
index 37778fd8..8936f3a0 100644
--- a/lenses/krb5.aug
+++ b/lenses/krb5.aug
@@ -151,8 +151,13 @@ let kdc =
let pam =
simple_section "pam" name_re

-let lns = (comment|empty)* .
+let includes = Build.key_value_line /include(dir)?/ Sep.space (store Rx.fspath)
+
+let lns = (comment|empty|includes)* .
(libdefaults|login|appdefaults|realms|domain_realm
|logging|capaths|dbdefaults|dbmodules|instance_mapping|kdc|pam)*

-let xfm = transform lns (incl "/etc/krb5.conf")
+let filter = (incl "/etc/krb5.conf.d/*.conf")
+ . (incl "/etc/krb5.conf")
+
+let xfm = transform lns filter
diff --git a/lenses/tests/test_krb5.aug b/lenses/tests/test_krb5.aug
index e17a659a..743bb375 100644
--- a/lenses/tests/test_krb5.aug
+++ b/lenses/tests/test_krb5.aug
@@ -1020,3 +1020,12 @@ default_ccache_name = KEYRING:persistent:%{uid}\n" =
{ "libdefaults"
{ }
{ "default_ccache_name" = "KEYRING:persistent:%{uid}" } }
+
+(* Include(dir) test *)
+let include_test = "include /etc/krb5.other_conf.d/other.conf
+includedir /etc/krb5.conf.d/
+"
+
+test Krb5.lns get include_test =
+ { "include" = "/etc/krb5.other_conf.d/other.conf" }
+ { "includedir" = "/etc/krb5.conf.d/" }
--
2.13.6

80
SOURCES/0015-Cgconfig-allow-fperm-dperm-in-admin-task.patch Normal file
View File

@ -0,0 +1,80 @@
From de01f104d6ee4b11122aa4a108fc6082d3061886 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 4 Sep 2017 18:45:05 +0200
Subject: [PATCH] Cgconfig: allow fperm & dperm in admin & task

These keys are used to control the permissions for files and
directories.
---
lenses/cgconfig.aug | 2 +-
lenses/tests/test_cgconfig.aug | 45 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/lenses/cgconfig.aug b/lenses/cgconfig.aug
index 6a5b8603..e766343d 100644
--- a/lenses/cgconfig.aug
+++ b/lenses/cgconfig.aug
@@ -30,7 +30,7 @@ module Cgconfig =
let name = /[^#= \n\t{}\/]+/
let cont_name = /(cpuacct|cpu|devices|ns|cpuset|memory|freezer|net_cls|blkio|hugetlb|perf_event)/
let role_name = /(admin|task)/
- let id_name = /(uid|gid)/
+ let id_name = /(uid|gid|fperm|dperm)/
let address = /[^#; \n\t{}]+/
let qaddress = address|/"[^#;"\n\t{}]+"/

diff --git a/lenses/tests/test_cgconfig.aug b/lenses/tests/test_cgconfig.aug
index 6cd0856d..84fd2ded 100644
--- a/lenses/tests/test_cgconfig.aug
+++ b/lenses/tests/test_cgconfig.aug
@@ -318,3 +318,48 @@ test Cgconfig.lns get group6 =
{ }
}

+let group7 ="
+group daemons/www {
+ perm {
+ task {
+ uid = root;
+ gid = root;
+ fperm = 770;
+ }
+ admin {
+ uid = root;
+ gid = root;
+ dperm = 777;
+ }
+ }
+}
+"
+
+test Cgconfig.lns get group7 =
+ { }
+ { "group" = "daemons/www"
+ { }
+ { "perm"
+ { }
+ { "task"
+ { }
+ { "uid" = "root" }
+ { }
+ { "gid" = "root" }
+ { }
+ { "fperm" = "770" }
+ { } }
+ { }
+ { "admin"
+ { }
+ { "uid" = "root" }
+ { }
+ { "gid" = "root" }
+ { }
+ { "dperm" = "777" }
+ { } }
+ { } }
+ { }
+ }
+ { }
+
--
2.13.6

54
SOURCES/0016-Grub-handle-top-level-boot-directive-494.patch Normal file
View File

@ -0,0 +1,54 @@
From 06b3a79ee2bfdb4ae3675232e82ae3d06bbba353 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Tue, 12 Sep 2017 10:58:46 +0200
Subject: [PATCH] Grub: handle top-level "boot" directive (#494)

Grub 1 effectively ignores commands in the configuration which work only
in the command line. The generated configuration by anaconda included
also a commented "boot=device" entry at the beginning: uncommenting that
does not make the configuration invalid, but makes the Grub lens not
able to parse it.

Since there is no harm in representing a configuration key that will be
effectively ignored, accept top-level "boot" entries as well.
---
lenses/grub.aug | 1 +
lenses/tests/test_grub.aug | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lenses/grub.aug b/lenses/grub.aug
index c52d16c6..9866f3f7 100644
--- a/lenses/grub.aug
+++ b/lenses/grub.aug
@@ -148,6 +148,7 @@ module Grub =
| kw_menu_arg "foreground"
| kw_menu_arg "background"
| kw_menu_arg "verbose"
+ | kw_menu_arg "boot" (* only for CLI, ignored in conf *)
| serial
| terminal
| password_arg
diff --git a/lenses/tests/test_grub.aug b/lenses/tests/test_grub.aug
index f022ef72..8a0d9f4a 100644
--- a/lenses/tests/test_grub.aug
+++ b/lenses/tests/test_grub.aug
@@ -8,7 +8,7 @@ module Test_grub =
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/vg00/lv00
# initrd /initrd-version.img
-#boot=/dev/sda
+boot=/dev/sda
device (hd0) HD(1,800,64000,9895c137-d4b2-4e3b-a93b-dc9ac4)
password --md5 $1$M9NLj$p2gs87vwNv48BUu.wAfVw0
default=0
@@ -53,7 +53,7 @@ title othermenu
{ "#comment" = "root (hd0,0)" }
{ "#comment" = "kernel /vmlinuz-version ro root=/dev/vg00/lv00" }
{ "#comment" = "initrd /initrd-version.img" }
- { "#comment" = "boot=/dev/sda" }
+ { "boot" = "/dev/sda" }
{ "device" = "(hd0)"
{ "file" = "HD(1,800,64000,9895c137-d4b2-4e3b-a93b-dc9ac4)" } }
{ "password" = "$1$M9NLj$p2gs87vwNv48BUu.wAfVw0"
--
2.13.6

358
SPECS/augeas.spec Normal file
View File

@ -0,0 +1,358 @@
Name: augeas
Version: 1.4.0
Release: 5%{?dist}
Summary: A library for changing configuration files

Group: System Environment/Libraries
License: LGPLv2+
URL: http://augeas.net/
Source0: http://download.augeas.net/%{name}-%{version}.tar.gz
Patch1: 0001-Syslog-restored-Augeas-1.1.0-tree-compatibility-for-.patch
Patch2: 0002-Revert-Use-Quote-module-in-dovecot.patch
Patch3: 0003-Revert-Jaas-add-several-improvements-to-cover-more-v.patch
Patch4: 0004-UpdateDB-autoload-etc-updatedb.conf-with-Simplevars.patch
Patch5: 0005-Revert-Dnsmasq-add-structure-to-address-and-server-o.patch
Patch6: 0006-Sshd-revert-Sshd-module-to-1.1.0-compatible-add-Sshd.patch
Patch7: 0007-Dhcpd-revert-Dhcpd-module-to-1.1.0-compatible-add-Dh.patch
Patch8: 0008-Slapd-revert-Slapd-module-to-1.1.0-compatible-add-Sl.patch
Patch9: 0009-Rhsm-new-lens-to-parse-subscription-manager-s-rhsm.c.patch
Patch10: 0010-Fix-sudoers-lens-recognize-match_group_by_gid.patch
Patch11: 0011-src-pathx.c-parse_name-correctly-handle-trailing-whi.patch
Patch12: 0012-tests-test-save.c-testSaveNoPermission-skip-when-roo.patch
Patch13: 0013-Chrony-allow-signed-numbers.patch
Patch14: 0014-Fix-430-support-Krb5-include-dir.patch
Patch15: 0015-Cgconfig-allow-fperm-dperm-in-admin-task.patch
Patch16: 0016-Grub-handle-top-level-boot-directive-494.patch

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires: readline-devel libselinux-devel libxml2-devel
BuildRequires: autoconf, automake
Requires: %{name}-libs = %{version}-%{release}

%description
A library for programmatically editing configuration files. Augeas parses
configuration files into a tree structure, which it exposes through its
public API. Changes made through the API are written back to the initially
read files.

The transformation works very hard to preserve comments and formatting
details. It is controlled by ``lens'' definitions that describe the file
format and the transformation into a tree.

This package attempts to be compatible with Augeas 1.1.0 as shipped in
EL7.0, where possible.

%package devel
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig

%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.


%package libs
Summary: Libraries for %{name}
Group: System Environment/Libraries

%description libs
The libraries for %{name}.


%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1

# Patches affect Makefile.am and configure.ac, so rerun autotools.
autoreconf
autoconf

%build
%configure --disable-static
make %{?_smp_mflags}

%check
# Disable test-preserve.sh SELinux testing. This fails when run under mock due
# to differing SELinux labelling.
export SKIP_TEST_PRESERVE_SELINUX=1

make %{?_smp_mflags} check || {
echo '===== tests/test-suite.log ====='
cat tests/test-suite.log
exit 1
}

%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT INSTALL="%{__install} -p"
find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'

# The tests/ subdirectory contains lenses used only for testing, and
# so it shouldn't be packaged.
rm -r $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/dist/tests

%clean
rm -rf $RPM_BUILD_ROOT

%post libs -p /sbin/ldconfig

%postun libs -p /sbin/ldconfig

%files
%defattr(-,root,root,-)
%{_bindir}/augtool
%{_bindir}/augparse
%{_bindir}/fadot
%doc %{_mandir}/man1/*
%{_datadir}/vim/vimfiles/syntax/augeas.vim
%{_datadir}/vim/vimfiles/ftdetect/augeas.vim

%files libs
%defattr(-,root,root,-)
# %{_datadir}/augeas and %{_datadir}/augeas/lenses are owned
# by filesystem.
%{_datadir}/augeas/lenses/dist
%{_libdir}/*.so.*
%doc AUTHORS COPYING NEWS

%files devel
%defattr(-,root,root,-)
%doc
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/augeas.pc

%changelog
* Wed Oct 04 2017 Pino Toscano <ptoscanoredhat.com> - 1.4.0-5
- Cgconfig: allow fperm & dperm in admin & task (RHBZ#1325741)
- Grub: handle top-level "boot" directive (RHBZ#1484261)

* Mon Sep 04 2017 Pino Toscano <ptoscanoredhat.com> - 1.4.0-4
- Fix CVE-2017-7555, improper handling of escaped strings (RHBZ#1481546)
- Skip testSaveNoPermission when running as root (RHBZ#1269817)
- Chrony: allow signed numbers (RHBZ#1302017)
- Krb5: support includedir (RHBZ#1406111)

* Tue Aug 29 2017 Luigi Toscano <ltoscano@redhat.com> - 1.4.0-3
Fix sudoers lens: recognize "match_group_by_gid" (RHBZ#1483888)

* Thu Jul 30 2015 Dominic Cleal <dcleal@redhat.com> - 1.4.0-2
- Rhsm: add to parse subscription-manager config (RHBZ#1141121)

* Fri Jun 12 2015 Dominic Cleal <dcleal@redhat.com> - 1.4.0-1
- Rebase to Augeas 1.4.0
- Revert some changes for better compatibility with 1.1.0-17:
* Dhcpd: keep 1.1.0 behaviour, add Dhcpd_140 for 1.4.0 features
* Dnsmasq: revert splitting of address/server options
* Dovecot: restore quotes within values
* Jaas: revert semicolon and line break changes
* Slapd: keep 1.1.0 behaviour, add Slapd_140 for 1.4.0 features
* Sshd: keep 1.1.0 behaviour, add Sshd_140 for 1.4.0 features
* Syslog: restore tree without protocol for UDP hosts
* UpdateDB: keep Simplevars to load config by default

* Thu Nov 27 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-17
- Device_map: parse all device.map files under /boot (RHBZ#1166582)

* Tue Sep 23 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-16
- Iptables: parse /etc/sysconfig/iptables.save (RHBZ#1144651)
- Lvm: parse /etc/lvm/lvm.conf (RHBZ#1145495)
- Shadow: add lens (RHBZ#1145249)

* Thu Sep 18 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-15
- Remove man/augtool.1 patches, always create .1 during build (RHBZ#1143954)

* Thu Sep 18 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-14
- Kdump: parse new options, EOL comments (RHBZ#1139298)
- Rsyslog: parse property filters and templates (RHBZ#1138402)
- Systemd: parse semicolons inside entry values (RHBZ#1139498)
- Systemd: parse environment variables where value is quoted (RHBZ#1138508)

* Thu Sep 04 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-13
- aug_save: return error when unlink fails (RHBZ#1091143)
- augtool: add aliases to autocomplete (RHBZ#1100076)
- augtool: remove unused dump-xml arg (RHBZ#1100106)
- Automounter: parse hostnames with hyphens (RHBZ#1075162)
- Cgconfig: parse other valid controllers (RHBZ#1112543)
- Chrony: add lens (RHBZ#1071947)
- docs: update man page with new commands (RHBZ#1100077)
- Exports: permit colons for IPv6 client addresses (RHBZ#1067030)
- Httpd: parse continued, quoted lines (RHBZ#1100551)
- Ldso: parse hwcap lines (RHBZ#1102629)
- NagiosCfg: parse nrpe.cfg with Nrpe (RHBZ#1102623)
- Rmt: add lens (RHBZ#1100549)
- Services: permit colons in service name (RHBZ#1121527)
- Shellvars: support arithmetic expansion (RHBZ#1100550)
- Syslog: parse TCP loghosts (RHBZ#1129386)
- Syslog: parse IPv6 loghost addresses (RHBZ#1129388)
- Systemd: parse /etc/sysconfig/*.systemd (RHBZ#1083022)
- Systemd: parse quoted environment vars (RHBZ#1100547)

* Tue Feb 25 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-12
- Add patch for Dovecot, mailbox and quote support (RHBZ#1064387)
- Add patch for Keepalived, virtual server fixes (RHBZ#1064388)
- Add patch for Krb5, parse braces in values (RHBZ#1066419)

* Thu Feb 20 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-11
- Add patch for Yum, split exclude lines (RHBZ#1067039)

* Tue Feb 18 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-10
- Add patch for IPRoute2, hex and hyphen protocols (RHBZ#1063961)
- Add patch for IPRoute2, slashes in protocols (RHBZ#1063968)

* Mon Feb 10 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-9
- Add patch for yum-cron.conf incl entry (RHBZ#1058409)
- Add patch for firewalld.conf incl entry (RHBZ#1058411)
- Add patch for Grub, foreground option (RHBZ#1059426)
- Add patch for Yum, spaces around equals (RHBZ#1062614)
- Add patch for Shellvars, case and same-line ;; (RHBZ#1056541)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.1.0-8
- Mass rebuild 2014-01-24

* Tue Jan 14 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-7
- Fix CVE-2013-6412, incorrect permissions under strict umask (RHBZ#1036081)

* Thu Jan 02 2014 Dominic Cleal <dcleal@redhat.com> - 1.1.0-6
- Add patch for Sysconfig module, empty comment lines (RHBZ#1043665)
- Add check section to run test suite
- Add patch for testPermsErrorReported test, when root (RHBZ#1043666)
- Add patch for Shellvars, multivariable exports (RHBZ#1043815)

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.1.0-5
- Mass rebuild 2013-12-27

* Tue Nov 19 2013 Dominic Cleal <dcleal@redhat.com> - 1.1.0-4
- Add patch for saving files with // in incl path (RHBZ#1031084)

* Tue Oct 22 2013 Dominic Cleal <dcleal@redhat.com> - 1.1.0-3
- Add patch for Grub module, setkey/lock support (RHBZ#1019485)

* Mon Aug 12 2013 Dominic Cleal <dcleal@redhat.com> - 1.1.0-2
- Fix source URL to download.augeas.net (RHBZ#996033)

* Wed Jun 19 2013 David Lutterkort <lutter@redhat.com> - 1.1.0-1
- Update to 1.1.0; remove all patches

* Tue Jun 18 2013 Richard W.M. Jones <rjones@redhat.com> - 1.0.0-4
- Fix /etc/sysconfig/network (RHBZ#904222).

* Wed Jun 5 2013 Richard W.M. Jones <rjones@redhat.com> - 1.0.0-3
- Don't package lenses in tests/ subdirectory.

* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Fri Jan 4 2013 David Lutterkort <lutter@redhat.com> - 1.0.0-1
- New version; remove all patches

* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Tue Jan 10 2012 David Lutterkort <lutter@redhat.com> - 0.10.0-3
- Add patches for bugs 247 and 248 (JSON lens)

* Sat Dec 3 2011 Richard W.M. Jones <rjones@redhat.com> - 0.10.0-2
- Add patch to resolve missing libxml2 requirement in augeas.pc.

* Fri Dec 2 2011 David Lutterkort <lutter@redhat.com> - 0.10.0-1
- New version

* Mon Jul 25 2011 David Lutterkort <lutter@redhat.com> - 0.9.0-1
- New version; removed patch pathx-whitespace-ea010d8

* Tue May 3 2011 David Lutterkort <lutter@redhat.com> - 0.8.1-2
- Add patch pathx-whitespace-ea010d8.patch to fix BZ 700608

* Fri Apr 15 2011 David Lutterkort <lutter@redhat.com> - 0.8.1-1
- New version

* Wed Feb 23 2011 David Lutterkort <lutter@redhat.com> - 0.8.0-1
- New version

* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Mon Nov 22 2010 Matthew Booth <mbooth@redhat.com> - 0.7.4-1
- Update to version 0.7.4

* Thu Nov 18 2010 Richard W.M. Jones <rjones@redhat.com> - 0.7.3-2
- Upstream patch proposed to fix GCC optimization bug (RHBZ#651992).

* Fri Aug 6 2010 David Lutterkort <lutter@redhat.com> - 0.7.3-1
- Remove upstream patches

* Tue Jun 29 2010 David Lutterkort <lutter@redhat.com> - 0.7.2-2
- Patches based on upstream fix for BZ 600141

* Tue Jun 22 2010 David Lutterkort <lutter@redhat.com> - 0.7.2-1
- Fix ownership of /usr/share/augeas. BZ 569393

* Wed Apr 21 2010 David Lutterkort <lutter@redhat.com> - 0.7.1-1
- New version

* Thu Jan 14 2010 David Lutterkort <lutter@redhat.com> - 0.7.0-1
- Remove patch vim-ftdetect-syntax.patch. It's upstream

* Tue Dec 15 2009 David Lutterkort <lutter@redhat.com> - 0.6.0-2
- Fix ftdetect file for vim

* Mon Nov 30 2009 David Lutterkort <lutter@redhat.com> - 0.6.0-1
- Install vim syntax files

* Mon Sep 14 2009 David Lutterkort <lutter@redhat.com> - 0.5.3-1
- Remove separate xorg.aug, included in upstream source

* Tue Aug 25 2009 Matthew Booth <mbooth@redhat.com> - 0.5.2-3
- Include new xorg lens from upstream

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Mon Jul 13 2009 David Lutterkort <lutter@redhat.com> - 0.5.2-1
- New version

* Fri Jun 5 2009 David Lutterkort <lutter@redhat.com> - 0.5.1-1
- Install fadot

* Fri Mar 27 2009 David Lutterkort <lutter@redhat.com> - 0.5.0-2
- fadot isn't being installed just yet

* Tue Mar 24 2009 David Lutterkort <lutter@redhat.com> - 0.5.0-1
- New program /usr/bin/fadot

* Mon Mar 9 2009 David Lutterkort <lutter@redhat.com> - 0.4.2-1
- New version

* Fri Feb 27 2009 David Lutterkort <lutter@redhat.com> - 0.4.1-1
- New version

* Fri Feb 6 2009 David Lutterkort <lutter@redhat.com> - 0.4.0-1
- New version

* Mon Jan 26 2009 David Lutterkort <lutter@redhat.com> - 0.3.6-1
- New version

* Tue Dec 23 2008 David Lutterkort <lutter@redhat.com> - 0.3.5-1
- New version

* Mon Feb 25 2008 David Lutterkort <dlutter@redhat.com> - 0.0.4-1
- Initial specfile