bolt package creation
Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>master
basebuilder_pel7x64builder0
parent
231a4d50b2
commit
a5ce2b5d22
|
|
@ -0,0 +1,101 @@
|
|||
From 826d887e8c76654e16dab2249b6035b748bdfeeb Mon Sep 17 00:00:00 2001
|
||||
From: Christian Kellner <christian@kellner.me>
|
||||
Date: Wed, 6 Jun 2018 20:12:26 +0200
|
||||
Subject: [PATCH] test: integration: py2 compatibility
|
||||
|
||||
The integration test was designed to run with python3, but we it
|
||||
can be made to work with python2 quite easily so do that.
|
||||
---
|
||||
tests/test-integration | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/tests/test-integration b/tests/test-integration
|
||||
index 40c917d..f24900a 100755
|
||||
--- a/tests/test-integration
|
||||
+++ b/tests/test-integration
|
||||
@@ -1,4 +1,5 @@
|
||||
#!/usr/bin/python3
|
||||
+# -*- coding: utf-8 -*-
|
||||
#
|
||||
# bolt integration test suite
|
||||
#
|
||||
@@ -19,6 +20,8 @@
|
||||
# Authors:
|
||||
# Christian J. Kellner <christian@kellner.me>
|
||||
|
||||
+from __future__ import print_function
|
||||
+
|
||||
import binascii
|
||||
import os
|
||||
import shutil
|
||||
--
|
||||
2.17.1
|
||||
|
||||
From d8e8920806a9d1afa691e4d5e7f16c67806d110c Mon Sep 17 00:00:00 2001
|
||||
From: Christian Kellner <christian@kellner.me>
|
||||
Date: Wed, 6 Jun 2018 20:20:02 +0200
|
||||
Subject: [PATCH] test: integration: import configparser globally
|
||||
|
||||
Instead of importing it twice locally in two functions, import it
|
||||
globally; do so in the checked block because it is not installed
|
||||
by default and thus might be missing.
|
||||
---
|
||||
tests/test-integration | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/test-integration b/tests/test-integration
|
||||
index f24900a..d2fd7df 100755
|
||||
--- a/tests/test-integration
|
||||
+++ b/tests/test-integration
|
||||
@@ -45,6 +45,8 @@ try:
|
||||
|
||||
import dbus
|
||||
import dbusmock
|
||||
+
|
||||
+ import configparser
|
||||
except ImportError as e:
|
||||
sys.stderr.write('Skipping integration test due to missing depdendencies: %s\n' % str(e))
|
||||
sys.exit(1)
|
||||
@@ -924,7 +926,6 @@ class BoltTest(dbusmock.DBusTestCase):
|
||||
self.polkitd = None
|
||||
|
||||
def user_config(self, **kwargs):
|
||||
- import configparser
|
||||
cfg = configparser.ConfigParser()
|
||||
cfg.optionxform = lambda option: option
|
||||
|
||||
@@ -1017,7 +1018,6 @@ class BoltTest(dbusmock.DBusTestCase):
|
||||
return x[0]
|
||||
|
||||
def store_device(self, dev, policy='auto', key=None):
|
||||
- import configparser
|
||||
df = configparser.ConfigParser()
|
||||
df.optionxform = lambda option: option
|
||||
|
||||
--
|
||||
2.17.1
|
||||
|
||||
From 4ada3a5ce4aa4cfe7e3f0a066c2b9be7281f8930 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Kellner <christian@kellner.me>
|
||||
Date: Wed, 6 Jun 2018 20:34:56 +0200
|
||||
Subject: [PATCH] test: integration: use default python
|
||||
|
||||
Instead of explicitly specifying the python version, use the
|
||||
default, i.e. /usr/bin/python
|
||||
---
|
||||
tests/test-integration | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tests/test-integration b/tests/test-integration
|
||||
index d2fd7df..66fb89f 100755
|
||||
--- a/tests/test-integration
|
||||
+++ b/tests/test-integration
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/python3
|
||||
+#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# bolt integration test suite
|
||||
--
|
||||
2.17.1
|
||||
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
From e962b3260a8baa104b2fc914e8e8974c7b70fcd4 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Kellner <christian@kellner.me>
|
||||
Date: Fri, 29 Jun 2018 14:03:29 +0300
|
||||
Subject: [PATCH] data: tighten sandbox by restricting capabilities
|
||||
|
||||
We only need CAP_NET_ADMIN capability for the udev netlink socket
|
||||
manipulations. All other capabilities can be dropped, reducing
|
||||
the damage that can be done.
|
||||
Thanks to Richard Maciel Costa <rcosta@redhat.com> for hi help on
|
||||
this.
|
||||
---
|
||||
data/bolt.service.in | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/data/bolt.service.in b/data/bolt.service.in
|
||||
index 7cb1dae..5c33d43 100644
|
||||
--- a/data/bolt.service.in
|
||||
+++ b/data/bolt.service.in
|
||||
@@ -18,3 +18,4 @@ RestrictAddressFamilies=AF_NETLINK AF_UNIX
|
||||
RestrictRealtime=yes
|
||||
ReadWritePaths=@dbdir@
|
||||
SystemCallFilter=~@mount
|
||||
+CapabilityBoundingSet=CAP_NET_ADMIN
|
||||
--
|
||||
2.17.1
|
||||
|
||||
|
|
@ -0,0 +1,92 @@
|
|||
Name: bolt
|
||||
Version: 0.4
|
||||
Release: 3%{?dist}
|
||||
Summary: Thunderbolt device manager
|
||||
License: LGPLv2+
|
||||
URL: https://gitlab.freedesktop.org/bolt/bolt
|
||||
Source0: %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2
|
||||
Patch0: py2-compat.patch
|
||||
Patch1: restricting-capabilities.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: asciidoc
|
||||
BuildRequires: meson
|
||||
BuildRequires: libudev-devel
|
||||
BuildRequires: pkgconfig(gio-2.0)
|
||||
BuildRequires: pkgconfig(libudev)
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
BuildRequires: polkit-devel
|
||||
BuildRequires: systemd
|
||||
%{?systemd_requires}
|
||||
|
||||
# for the integration test (optional)
|
||||
%if 0%{?fedora}
|
||||
BuildRequires: pygobject3-devel
|
||||
BuildRequires: python3-dbus
|
||||
BuildRequires: python3-dbusmock
|
||||
BuildRequires: umockdev-devel
|
||||
%endif
|
||||
|
||||
%description
|
||||
bolt is a system daemon to manage thunderbolt 3 devices via a D-BUS
|
||||
API. Thunderbolt 3 features different security modes that require
|
||||
devices to be authorized before they can be used. The D-Bus API can be
|
||||
used to list devices, enroll them (authorize and store them in the
|
||||
local database) and forget them again (remove previously enrolled
|
||||
devices). It also emits signals if new devices are connected (or
|
||||
removed). During enrollment devices can be set to be automatically
|
||||
authorized as soon as they are connected. A command line tool, called
|
||||
boltctl, can be used to control the daemon and perform all the above
|
||||
mentioned tasks.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
%meson -Ddb-path=%{_localstatedir}/lib/boltd
|
||||
%meson_build
|
||||
|
||||
%check
|
||||
%meson_test
|
||||
|
||||
%install
|
||||
%meson_install
|
||||
install -m0755 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/boltd
|
||||
|
||||
|
||||
%post
|
||||
%systemd_post %{name}.service
|
||||
|
||||
%preun
|
||||
%systemd_preun %{name}.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart %{name}.service
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%doc README.md
|
||||
%{_bindir}/boltctl
|
||||
%{_libexecdir}/boltd
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_udevrulesdir}/*-%{name}.rules
|
||||
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.bolt.conf
|
||||
%{_datadir}/dbus-1/interfaces/org.freedesktop.bolt.xml
|
||||
%{_datadir}/polkit-1/actions/org.freedesktop.bolt.policy
|
||||
%{_datadir}/polkit-1/rules.d/org.freedesktop.bolt.rules
|
||||
%{_datadir}/dbus-1/system-services/org.freedesktop.bolt.service
|
||||
%{_mandir}/man1/boltctl.1*
|
||||
%{_mandir}/man8/boltd.8*
|
||||
%dir %{_localstatedir}/lib/boltd
|
||||
|
||||
%changelog
|
||||
* Wed Jul 18 2018 Christian Kellner <ckellner@redhat.com> - 0.4-3
|
||||
- Include patch to tighten sandbox by restricting capabilities
|
||||
- Resolves: #1559611
|
||||
|
||||
* Wed Jun 6 2018 Christian Kellner <ckellner@redhat.com> - 0.4-2
|
||||
- bolt 0.4 upstream release
|
||||
- Resolves: #1559611
|
||||
Loading…
Reference in New Issue