basebuilder_pel7x64builder0
6 years ago
3 changed files with 219 additions and 0 deletions
@ -0,0 +1,101 @@ |
|||||||
|
From 826d887e8c76654e16dab2249b6035b748bdfeeb Mon Sep 17 00:00:00 2001 |
||||||
|
From: Christian Kellner <christian@kellner.me> |
||||||
|
Date: Wed, 6 Jun 2018 20:12:26 +0200 |
||||||
|
Subject: [PATCH] test: integration: py2 compatibility |
||||||
|
|
||||||
|
The integration test was designed to run with python3, but we it |
||||||
|
can be made to work with python2 quite easily so do that. |
||||||
|
--- |
||||||
|
tests/test-integration | 3 +++ |
||||||
|
1 file changed, 3 insertions(+) |
||||||
|
|
||||||
|
diff --git a/tests/test-integration b/tests/test-integration |
||||||
|
index 40c917d..f24900a 100755 |
||||||
|
--- a/tests/test-integration |
||||||
|
+++ b/tests/test-integration |
||||||
|
@@ -1,4 +1,5 @@ |
||||||
|
#!/usr/bin/python3 |
||||||
|
+# -*- coding: utf-8 -*- |
||||||
|
# |
||||||
|
# bolt integration test suite |
||||||
|
# |
||||||
|
@@ -19,6 +20,8 @@ |
||||||
|
# Authors: |
||||||
|
# Christian J. Kellner <christian@kellner.me> |
||||||
|
|
||||||
|
+from __future__ import print_function |
||||||
|
+ |
||||||
|
import binascii |
||||||
|
import os |
||||||
|
import shutil |
||||||
|
-- |
||||||
|
2.17.1 |
||||||
|
|
||||||
|
From d8e8920806a9d1afa691e4d5e7f16c67806d110c Mon Sep 17 00:00:00 2001 |
||||||
|
From: Christian Kellner <christian@kellner.me> |
||||||
|
Date: Wed, 6 Jun 2018 20:20:02 +0200 |
||||||
|
Subject: [PATCH] test: integration: import configparser globally |
||||||
|
|
||||||
|
Instead of importing it twice locally in two functions, import it |
||||||
|
globally; do so in the checked block because it is not installed |
||||||
|
by default and thus might be missing. |
||||||
|
--- |
||||||
|
tests/test-integration | 4 ++-- |
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/tests/test-integration b/tests/test-integration |
||||||
|
index f24900a..d2fd7df 100755 |
||||||
|
--- a/tests/test-integration |
||||||
|
+++ b/tests/test-integration |
||||||
|
@@ -45,6 +45,8 @@ try: |
||||||
|
|
||||||
|
import dbus |
||||||
|
import dbusmock |
||||||
|
+ |
||||||
|
+ import configparser |
||||||
|
except ImportError as e: |
||||||
|
sys.stderr.write('Skipping integration test due to missing depdendencies: %s\n' % str(e)) |
||||||
|
sys.exit(1) |
||||||
|
@@ -924,7 +926,6 @@ class BoltTest(dbusmock.DBusTestCase): |
||||||
|
self.polkitd = None |
||||||
|
|
||||||
|
def user_config(self, **kwargs): |
||||||
|
- import configparser |
||||||
|
cfg = configparser.ConfigParser() |
||||||
|
cfg.optionxform = lambda option: option |
||||||
|
|
||||||
|
@@ -1017,7 +1018,6 @@ class BoltTest(dbusmock.DBusTestCase): |
||||||
|
return x[0] |
||||||
|
|
||||||
|
def store_device(self, dev, policy='auto', key=None): |
||||||
|
- import configparser |
||||||
|
df = configparser.ConfigParser() |
||||||
|
df.optionxform = lambda option: option |
||||||
|
|
||||||
|
-- |
||||||
|
2.17.1 |
||||||
|
|
||||||
|
From 4ada3a5ce4aa4cfe7e3f0a066c2b9be7281f8930 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Christian Kellner <christian@kellner.me> |
||||||
|
Date: Wed, 6 Jun 2018 20:34:56 +0200 |
||||||
|
Subject: [PATCH] test: integration: use default python |
||||||
|
|
||||||
|
Instead of explicitly specifying the python version, use the |
||||||
|
default, i.e. /usr/bin/python |
||||||
|
--- |
||||||
|
tests/test-integration | 2 +- |
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/tests/test-integration b/tests/test-integration |
||||||
|
index d2fd7df..66fb89f 100755 |
||||||
|
--- a/tests/test-integration |
||||||
|
+++ b/tests/test-integration |
||||||
|
@@ -1,4 +1,4 @@ |
||||||
|
-#!/usr/bin/python3 |
||||||
|
+#!/usr/bin/python |
||||||
|
# -*- coding: utf-8 -*- |
||||||
|
# |
||||||
|
# bolt integration test suite |
||||||
|
-- |
||||||
|
2.17.1 |
||||||
|
|
@ -0,0 +1,26 @@ |
|||||||
|
From e962b3260a8baa104b2fc914e8e8974c7b70fcd4 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Christian Kellner <christian@kellner.me> |
||||||
|
Date: Fri, 29 Jun 2018 14:03:29 +0300 |
||||||
|
Subject: [PATCH] data: tighten sandbox by restricting capabilities |
||||||
|
|
||||||
|
We only need CAP_NET_ADMIN capability for the udev netlink socket |
||||||
|
manipulations. All other capabilities can be dropped, reducing |
||||||
|
the damage that can be done. |
||||||
|
Thanks to Richard Maciel Costa <rcosta@redhat.com> for hi help on |
||||||
|
this. |
||||||
|
--- |
||||||
|
data/bolt.service.in | 1 + |
||||||
|
1 file changed, 1 insertion(+) |
||||||
|
|
||||||
|
diff --git a/data/bolt.service.in b/data/bolt.service.in |
||||||
|
index 7cb1dae..5c33d43 100644 |
||||||
|
--- a/data/bolt.service.in |
||||||
|
+++ b/data/bolt.service.in |
||||||
|
@@ -18,3 +18,4 @@ RestrictAddressFamilies=AF_NETLINK AF_UNIX |
||||||
|
RestrictRealtime=yes |
||||||
|
ReadWritePaths=@dbdir@ |
||||||
|
SystemCallFilter=~@mount |
||||||
|
+CapabilityBoundingSet=CAP_NET_ADMIN |
||||||
|
-- |
||||||
|
2.17.1 |
||||||
|
|
@ -0,0 +1,92 @@ |
|||||||
|
Name: bolt |
||||||
|
Version: 0.4 |
||||||
|
Release: 3%{?dist} |
||||||
|
Summary: Thunderbolt device manager |
||||||
|
License: LGPLv2+ |
||||||
|
URL: https://gitlab.freedesktop.org/bolt/bolt |
||||||
|
Source0: %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2 |
||||||
|
Patch0: py2-compat.patch |
||||||
|
Patch1: restricting-capabilities.patch |
||||||
|
|
||||||
|
BuildRequires: gcc |
||||||
|
BuildRequires: asciidoc |
||||||
|
BuildRequires: meson |
||||||
|
BuildRequires: libudev-devel |
||||||
|
BuildRequires: pkgconfig(gio-2.0) |
||||||
|
BuildRequires: pkgconfig(libudev) |
||||||
|
BuildRequires: pkgconfig(systemd) |
||||||
|
BuildRequires: pkgconfig(libsystemd) |
||||||
|
BuildRequires: polkit-devel |
||||||
|
BuildRequires: systemd |
||||||
|
%{?systemd_requires} |
||||||
|
|
||||||
|
# for the integration test (optional) |
||||||
|
%if 0%{?fedora} |
||||||
|
BuildRequires: pygobject3-devel |
||||||
|
BuildRequires: python3-dbus |
||||||
|
BuildRequires: python3-dbusmock |
||||||
|
BuildRequires: umockdev-devel |
||||||
|
%endif |
||||||
|
|
||||||
|
%description |
||||||
|
bolt is a system daemon to manage thunderbolt 3 devices via a D-BUS |
||||||
|
API. Thunderbolt 3 features different security modes that require |
||||||
|
devices to be authorized before they can be used. The D-Bus API can be |
||||||
|
used to list devices, enroll them (authorize and store them in the |
||||||
|
local database) and forget them again (remove previously enrolled |
||||||
|
devices). It also emits signals if new devices are connected (or |
||||||
|
removed). During enrollment devices can be set to be automatically |
||||||
|
authorized as soon as they are connected. A command line tool, called |
||||||
|
boltctl, can be used to control the daemon and perform all the above |
||||||
|
mentioned tasks. |
||||||
|
|
||||||
|
%prep |
||||||
|
%setup -q |
||||||
|
%patch0 -p1 |
||||||
|
%patch1 -p1 |
||||||
|
|
||||||
|
%build |
||||||
|
%meson -Ddb-path=%{_localstatedir}/lib/boltd |
||||||
|
%meson_build |
||||||
|
|
||||||
|
%check |
||||||
|
%meson_test |
||||||
|
|
||||||
|
%install |
||||||
|
%meson_install |
||||||
|
install -m0755 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/boltd |
||||||
|
|
||||||
|
|
||||||
|
%post |
||||||
|
%systemd_post %{name}.service |
||||||
|
|
||||||
|
%preun |
||||||
|
%systemd_preun %{name}.service |
||||||
|
|
||||||
|
%postun |
||||||
|
%systemd_postun_with_restart %{name}.service |
||||||
|
|
||||||
|
%files |
||||||
|
%license COPYING |
||||||
|
%doc README.md |
||||||
|
%{_bindir}/boltctl |
||||||
|
%{_libexecdir}/boltd |
||||||
|
%{_unitdir}/%{name}.service |
||||||
|
%{_udevrulesdir}/*-%{name}.rules |
||||||
|
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.bolt.conf |
||||||
|
%{_datadir}/dbus-1/interfaces/org.freedesktop.bolt.xml |
||||||
|
%{_datadir}/polkit-1/actions/org.freedesktop.bolt.policy |
||||||
|
%{_datadir}/polkit-1/rules.d/org.freedesktop.bolt.rules |
||||||
|
%{_datadir}/dbus-1/system-services/org.freedesktop.bolt.service |
||||||
|
%{_mandir}/man1/boltctl.1* |
||||||
|
%{_mandir}/man8/boltd.8* |
||||||
|
%dir %{_localstatedir}/lib/boltd |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Wed Jul 18 2018 Christian Kellner <ckellner@redhat.com> - 0.4-3 |
||||||
|
- Include patch to tighten sandbox by restricting capabilities |
||||||
|
- Resolves: #1559611 |
||||||
|
|
||||||
|
* Wed Jun 6 2018 Christian Kellner <ckellner@redhat.com> - 0.4-2 |
||||||
|
- bolt 0.4 upstream release |
||||||
|
- Resolves: #1559611 |
Loading…
Reference in new issue