basebuilder_pel7x64builder0
6 years ago
3 changed files with 219 additions and 0 deletions
@ -0,0 +1,101 @@
@@ -0,0 +1,101 @@
|
||||
From 826d887e8c76654e16dab2249b6035b748bdfeeb Mon Sep 17 00:00:00 2001 |
||||
From: Christian Kellner <christian@kellner.me> |
||||
Date: Wed, 6 Jun 2018 20:12:26 +0200 |
||||
Subject: [PATCH] test: integration: py2 compatibility |
||||
|
||||
The integration test was designed to run with python3, but we it |
||||
can be made to work with python2 quite easily so do that. |
||||
--- |
||||
tests/test-integration | 3 +++ |
||||
1 file changed, 3 insertions(+) |
||||
|
||||
diff --git a/tests/test-integration b/tests/test-integration |
||||
index 40c917d..f24900a 100755 |
||||
--- a/tests/test-integration |
||||
+++ b/tests/test-integration |
||||
@@ -1,4 +1,5 @@ |
||||
#!/usr/bin/python3 |
||||
+# -*- coding: utf-8 -*- |
||||
# |
||||
# bolt integration test suite |
||||
# |
||||
@@ -19,6 +20,8 @@ |
||||
# Authors: |
||||
# Christian J. Kellner <christian@kellner.me> |
||||
|
||||
+from __future__ import print_function |
||||
+ |
||||
import binascii |
||||
import os |
||||
import shutil |
||||
-- |
||||
2.17.1 |
||||
|
||||
From d8e8920806a9d1afa691e4d5e7f16c67806d110c Mon Sep 17 00:00:00 2001 |
||||
From: Christian Kellner <christian@kellner.me> |
||||
Date: Wed, 6 Jun 2018 20:20:02 +0200 |
||||
Subject: [PATCH] test: integration: import configparser globally |
||||
|
||||
Instead of importing it twice locally in two functions, import it |
||||
globally; do so in the checked block because it is not installed |
||||
by default and thus might be missing. |
||||
--- |
||||
tests/test-integration | 4 ++-- |
||||
1 file changed, 2 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/tests/test-integration b/tests/test-integration |
||||
index f24900a..d2fd7df 100755 |
||||
--- a/tests/test-integration |
||||
+++ b/tests/test-integration |
||||
@@ -45,6 +45,8 @@ try: |
||||
|
||||
import dbus |
||||
import dbusmock |
||||
+ |
||||
+ import configparser |
||||
except ImportError as e: |
||||
sys.stderr.write('Skipping integration test due to missing depdendencies: %s\n' % str(e)) |
||||
sys.exit(1) |
||||
@@ -924,7 +926,6 @@ class BoltTest(dbusmock.DBusTestCase): |
||||
self.polkitd = None |
||||
|
||||
def user_config(self, **kwargs): |
||||
- import configparser |
||||
cfg = configparser.ConfigParser() |
||||
cfg.optionxform = lambda option: option |
||||
|
||||
@@ -1017,7 +1018,6 @@ class BoltTest(dbusmock.DBusTestCase): |
||||
return x[0] |
||||
|
||||
def store_device(self, dev, policy='auto', key=None): |
||||
- import configparser |
||||
df = configparser.ConfigParser() |
||||
df.optionxform = lambda option: option |
||||
|
||||
-- |
||||
2.17.1 |
||||
|
||||
From 4ada3a5ce4aa4cfe7e3f0a066c2b9be7281f8930 Mon Sep 17 00:00:00 2001 |
||||
From: Christian Kellner <christian@kellner.me> |
||||
Date: Wed, 6 Jun 2018 20:34:56 +0200 |
||||
Subject: [PATCH] test: integration: use default python |
||||
|
||||
Instead of explicitly specifying the python version, use the |
||||
default, i.e. /usr/bin/python |
||||
--- |
||||
tests/test-integration | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/tests/test-integration b/tests/test-integration |
||||
index d2fd7df..66fb89f 100755 |
||||
--- a/tests/test-integration |
||||
+++ b/tests/test-integration |
||||
@@ -1,4 +1,4 @@ |
||||
-#!/usr/bin/python3 |
||||
+#!/usr/bin/python |
||||
# -*- coding: utf-8 -*- |
||||
# |
||||
# bolt integration test suite |
||||
-- |
||||
2.17.1 |
||||
|
||||
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
From e962b3260a8baa104b2fc914e8e8974c7b70fcd4 Mon Sep 17 00:00:00 2001 |
||||
From: Christian Kellner <christian@kellner.me> |
||||
Date: Fri, 29 Jun 2018 14:03:29 +0300 |
||||
Subject: [PATCH] data: tighten sandbox by restricting capabilities |
||||
|
||||
We only need CAP_NET_ADMIN capability for the udev netlink socket |
||||
manipulations. All other capabilities can be dropped, reducing |
||||
the damage that can be done. |
||||
Thanks to Richard Maciel Costa <rcosta@redhat.com> for hi help on |
||||
this. |
||||
--- |
||||
data/bolt.service.in | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/data/bolt.service.in b/data/bolt.service.in |
||||
index 7cb1dae..5c33d43 100644 |
||||
--- a/data/bolt.service.in |
||||
+++ b/data/bolt.service.in |
||||
@@ -18,3 +18,4 @@ RestrictAddressFamilies=AF_NETLINK AF_UNIX |
||||
RestrictRealtime=yes |
||||
ReadWritePaths=@dbdir@ |
||||
SystemCallFilter=~@mount |
||||
+CapabilityBoundingSet=CAP_NET_ADMIN |
||||
-- |
||||
2.17.1 |
||||
|
||||
@ -0,0 +1,92 @@
@@ -0,0 +1,92 @@
|
||||
Name: bolt |
||||
Version: 0.4 |
||||
Release: 3%{?dist} |
||||
Summary: Thunderbolt device manager |
||||
License: LGPLv2+ |
||||
URL: https://gitlab.freedesktop.org/bolt/bolt |
||||
Source0: %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2 |
||||
Patch0: py2-compat.patch |
||||
Patch1: restricting-capabilities.patch |
||||
|
||||
BuildRequires: gcc |
||||
BuildRequires: asciidoc |
||||
BuildRequires: meson |
||||
BuildRequires: libudev-devel |
||||
BuildRequires: pkgconfig(gio-2.0) |
||||
BuildRequires: pkgconfig(libudev) |
||||
BuildRequires: pkgconfig(systemd) |
||||
BuildRequires: pkgconfig(libsystemd) |
||||
BuildRequires: polkit-devel |
||||
BuildRequires: systemd |
||||
%{?systemd_requires} |
||||
|
||||
# for the integration test (optional) |
||||
%if 0%{?fedora} |
||||
BuildRequires: pygobject3-devel |
||||
BuildRequires: python3-dbus |
||||
BuildRequires: python3-dbusmock |
||||
BuildRequires: umockdev-devel |
||||
%endif |
||||
|
||||
%description |
||||
bolt is a system daemon to manage thunderbolt 3 devices via a D-BUS |
||||
API. Thunderbolt 3 features different security modes that require |
||||
devices to be authorized before they can be used. The D-Bus API can be |
||||
used to list devices, enroll them (authorize and store them in the |
||||
local database) and forget them again (remove previously enrolled |
||||
devices). It also emits signals if new devices are connected (or |
||||
removed). During enrollment devices can be set to be automatically |
||||
authorized as soon as they are connected. A command line tool, called |
||||
boltctl, can be used to control the daemon and perform all the above |
||||
mentioned tasks. |
||||
|
||||
%prep |
||||
%setup -q |
||||
%patch0 -p1 |
||||
%patch1 -p1 |
||||
|
||||
%build |
||||
%meson -Ddb-path=%{_localstatedir}/lib/boltd |
||||
%meson_build |
||||
|
||||
%check |
||||
%meson_test |
||||
|
||||
%install |
||||
%meson_install |
||||
install -m0755 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/boltd |
||||
|
||||
|
||||
%post |
||||
%systemd_post %{name}.service |
||||
|
||||
%preun |
||||
%systemd_preun %{name}.service |
||||
|
||||
%postun |
||||
%systemd_postun_with_restart %{name}.service |
||||
|
||||
%files |
||||
%license COPYING |
||||
%doc README.md |
||||
%{_bindir}/boltctl |
||||
%{_libexecdir}/boltd |
||||
%{_unitdir}/%{name}.service |
||||
%{_udevrulesdir}/*-%{name}.rules |
||||
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.bolt.conf |
||||
%{_datadir}/dbus-1/interfaces/org.freedesktop.bolt.xml |
||||
%{_datadir}/polkit-1/actions/org.freedesktop.bolt.policy |
||||
%{_datadir}/polkit-1/rules.d/org.freedesktop.bolt.rules |
||||
%{_datadir}/dbus-1/system-services/org.freedesktop.bolt.service |
||||
%{_mandir}/man1/boltctl.1* |
||||
%{_mandir}/man8/boltd.8* |
||||
%dir %{_localstatedir}/lib/boltd |
||||
|
||||
%changelog |
||||
* Wed Jul 18 2018 Christian Kellner <ckellner@redhat.com> - 0.4-3 |
||||
- Include patch to tighten sandbox by restricting capabilities |
||||
- Resolves: #1559611 |
||||
|
||||
* Wed Jun 6 2018 Christian Kellner <ckellner@redhat.com> - 0.4-2 |
||||
- bolt 0.4 upstream release |
||||
- Resolves: #1559611 |
||||
Loading…
Reference in new issue