diff options
Diffstat (limited to 'utils')
21 files changed, 735 insertions, 32 deletions
diff --git a/utils/audit/Makefile b/utils/audit/Makefile new file mode 100644 index 000000000..e920366f4 --- /dev/null +++ b/utils/audit/Makefile @@ -0,0 +1,144 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=audit +PKG_VERSION:=2.8.5 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://people.redhat.com/sgrubb/audit +PKG_HASH:=0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7 + +PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com> +PKG_LICENSE:=GPL-2.0-or-later +PKG_LICENSE_FILES:=COPYING +PKG_CPE_ID:=cpe:/a:linux_audit_project:linux_audit + +PKG_FIXUP:=autoreconf + +PKG_USE_MIPS16:=0 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk + +define Package/audit/Default + TITLE:=Audit Daemon + URL:=http://people.redhat.com/sgrubb/audit/ +endef + +define Package/audit/Default/description + The audit package contains the user space utilities for + storing and searching the audit records generated by + the audit subsystem in the Linux 2.6 kernel +endef + +define Package/libauparse +$(call Package/audit/Default) + SECTION:=libs + CATEGORY:=Libraries + TITLE+= (parsing shared library) + DEPENDS:= +libaudit +endef + +define Package/libauparse/description +$(call Package/audit/Default/description) + This package contains the audit parsing shared library. +endef + +define Package/audit-utils +$(call Package/audit/Default) + SECTION:=utils + CATEGORY:=Utilities + TITLE+= (utilities) + DEPENDS:= +libaudit +libauparse +endef + +define Package/audit-utils/description +$(call Package/audit/Default/description) + This package contains the audit utilities. +endef + +define Package/audit +$(call Package/audit/Default) + SECTION:=utils + CATEGORY:=Utilities + TITLE+= (daemon) + DEPENDS:= +libaudit +libauparse +audit-utils +libev +endef + +define Package/audit/description +$(call Package/audit/Default/description) + This package contains the audit daemon. +endef + +CONFIGURE_VARS += \ + LDFLAGS_FOR_BUILD="$(HOST_LDFLAGS)" \ + CPPFLAGS_FOR_BUILD="$(HOST_CPPFLAGS)" \ + CFLAGS_FOR_BUILD="$(HOST_CFLAGS)" \ + CC_FOR_BUILD="$(HOSTCC)" + +CONFIGURE_ARGS += \ + --without-libcap-ng \ + --disable-systemd \ + --without-python \ + --without-python3 \ + --disable-zos-remote + +ifeq ($(ARCH),aarch64) +CONFIGURE_ARGS += --with-aarch64 +else ifeq ($(ARCH),arm) +CONFIGURE_ARGS += --with-arm +endif + +# We can't use the default, as the default passes $(MAKE_ARGS), which +# overrides CC, CFLAGS, etc. and defeats the *_FOR_BUILD definitions +# passed in CONFIGURE_VARS +define Build/Compile + $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) +endef + +define Build/Install + $(call Build/Install/Default,install) + $(SED) 's%^dispatcher *=.*%dispatcher = /usr/sbin/audispd%' $(PKG_INSTALL_DIR)/etc/audit/auditd.conf +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/ +endef + +define Package/libauparse/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libauparse.so.* $(1)/usr/lib/ +endef + +define Package/audit-utils/install + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) \ + $(PKG_INSTALL_DIR)/usr/sbin/{augenrules,audispd,audisp-remote,auditctl,autrace,aureport,ausearch} \ + $(1)/usr/sbin/ +endef + +define Package/audit/install + $(INSTALL_DIR) $(1)/etc/audit + $(CP) $(PKG_INSTALL_DIR)/etc/audit/* $(1)/etc/audit/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/audit.init $(1)/etc/init.d/audit + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/auditd $(1)/usr/sbin/ +endef + +$(eval $(call HostBuild)) +$(eval $(call BuildPackage,libauparse)) +$(eval $(call BuildPackage,audit-utils)) +$(eval $(call BuildPackage,audit)) diff --git a/utils/audit/files/audit.init b/utils/audit/files/audit.init new file mode 100644 index 000000000..4a9f53884 --- /dev/null +++ b/utils/audit/files/audit.init @@ -0,0 +1,16 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2014 OpenWrt.org + +START=11 + +USE_PROCD=1 +PROG=/usr/sbin/auditd + +start_service() { + mkdir -p /var/log/audit + procd_open_instance + procd_set_param command "$PROG" -n + procd_set_param respawn + procd_close_instance + test -f /etc/audit/rules.d/audit.rules && /usr/sbin/auditctl -R /etc/audit/rules.d/audit.rules +} diff --git a/utils/audit/patches/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch b/utils/audit/patches/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch new file mode 100644 index 000000000..ac292c57d --- /dev/null +++ b/utils/audit/patches/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch @@ -0,0 +1,133 @@ +From c39a071e7c021f6ff3554aca2758e97b47a9777c Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Tue, 26 Feb 2019 18:33:33 -0500 +Subject: [PATCH] Add substitue functions for strndupa & rawmemchr + +(cherry picked from commit d579a08bb1cde71f939c13ac6b2261052ae9f77e) +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> +--- + auparse/auparse.c | 12 +++++++++++- + auparse/interpret.c | 9 ++++++++- + configure.ac | 14 +++++++++++++- + src/ausearch-lol.c | 12 +++++++++++- + 4 files changed, 43 insertions(+), 4 deletions(-) + +diff --git a/auparse/auparse.c b/auparse/auparse.c +index 650db02..2e1c737 100644 +--- a/auparse/auparse.c ++++ b/auparse/auparse.c +@@ -1,5 +1,5 @@ + /* auparse.c -- +- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina. ++ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina. + * All Rights Reserved. + * + * This library is free software; you can redistribute it and/or +@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e) + return 0; + } + ++#ifndef HAVE_STRNDUPA ++static inline char *strndupa(const char *old, size_t n) ++{ ++ size_t len = strnlen(old, n); ++ char *tmp = alloca(len + 1); ++ tmp[len] = 0; ++ return memcpy(tmp, old, len); ++} ++#endif ++ + /* Returns 0 on success and 1 on error */ + static int extract_timestamp(const char *b, au_event_t *e) + { +diff --git a/auparse/interpret.c b/auparse/interpret.c +index 51c4a5e..67b7b77 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -853,6 +853,13 @@ err_out: + return print_escaped(id->val); + } + ++// rawmemchr is faster. Let's use it if we have it. ++#ifdef HAVE_RAWMEMCHR ++#define STRCHR rawmemchr ++#else ++#define STRCHR strchr ++#endif ++ + static const char *print_proctitle(const char *val) + { + char *out = (char *)print_escaped(val); +@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val) + // Proctitle has arguments separated by NUL bytes + // We need to write over the NUL bytes with a space + // so that we can see the arguments +- while ((ptr = rawmemchr(ptr, '\0'))) { ++ while ((ptr = STRCHR(ptr, '\0'))) { + if (ptr >= end) + break; + *ptr = ' '; +diff --git a/configure.ac b/configure.ac +index 6e345f1..6f3007e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,7 +1,7 @@ + dnl + define([AC_INIT_NOTICE], + [### Generated automatically using autoconf version] AC_ACVERSION [ +-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com> ++### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com> + ### + ### Permission is hereby granted, free of charge, to any person obtaining a + ### copy of this software and associated documentation files (the "Software"), +@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote + AC_CHECK_FUNCS([posix_fallocate]) + dnl; signalfd is needed for libev + AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ]) ++dnl; check if rawmemchr is available ++AC_CHECK_FUNCS([rawmemchr]) ++dnl; check if strndupa is available ++AC_LINK_IFELSE( ++ [AC_LANG_SOURCE( ++ [[ ++ #define _GNU_SOURCE ++ #include <string.h> ++ int main() { (void) strndupa("test", 10); return 0; }]])], ++ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])], ++ [] ++) + + ALLWARNS="" + ALLDEBUG="-g" +diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c +index 5d17a72..758c33e 100644 +--- a/src/ausearch-lol.c ++++ b/src/ausearch-lol.c +@@ -1,6 +1,6 @@ + /* + * ausearch-lol.c - linked list of linked lists library +-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina. ++* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina. + * All Rights Reserved. + * + * This software may be freely redistributed and/or modified under the +@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2) + return 0; + } + ++#ifndef HAVE_STRNDUPA ++static inline char *strndupa(const char *old, size_t n) ++{ ++ size_t len = strnlen(old, n); ++ char *tmp = alloca(len + 1); ++ tmp[len] = 0; ++ return memcpy(tmp, old, len); ++} ++#endif ++ + /* + * This function will look at the line and pick out pieces of it. + */ +-- +2.21.0 + diff --git a/utils/audit/patches/0002-fix-gcc-10.patch b/utils/audit/patches/0002-fix-gcc-10.patch new file mode 100644 index 000000000..5986cf0e4 --- /dev/null +++ b/utils/audit/patches/0002-fix-gcc-10.patch @@ -0,0 +1,26 @@ +From 017e6c6ab95df55f34e339d2139def83e5dada1f Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Fri, 10 Jan 2020 21:13:50 -0500 +Subject: [PATCH 01/30] Header definitions need to be external when building + with -fno-common (which is default in GCC 10) - Tony Jones + +--- + src/ausearch-common.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ausearch-common.h b/src/ausearch-common.h +index 6669203..3040547 100644 +--- a/src/ausearch-common.h ++++ b/src/ausearch-common.h +@@ -50,7 +50,7 @@ extern pid_t event_pid; + extern int event_exact_match; + extern uid_t event_uid, event_euid, event_loginuid; + extern const char *event_tuid, *event_teuid, *event_tauid; +-slist *event_node_list; ++extern slist *event_node_list; + extern const char *event_comm; + extern const char *event_filename; + extern const char *event_hostname; +-- +2.26.2 + diff --git a/utils/cache-domains/Makefile b/utils/cache-domains/Makefile index 649cb7d92..7c27f1bd3 100644 --- a/utils/cache-domains/Makefile +++ b/utils/cache-domains/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cache-domains -PKG_VERSION:=2.1.0 +PKG_VERSION:=2.2.0 PKG_RELEASE:=1 PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com> @@ -46,10 +46,20 @@ define Package/cache-domains-mbedtls TITLE += (mbedtls) DEPENDS += +libustream-mbedtls VARIANT:=mbedtls - DEFAULT_VARIANT:=1 endef Package/cache-domains-mbedtls/description = $(Package/cache-domains/description/default) Package/cache-domains-mbedtls/install = $(Package/cache-domains/install/default) +define Package/cache-domains-wolfssl + $(Package/cache-domains/default) + TITLE += (wolfssl) + DEPENDS += +libustream-wolfssl + VARIANT:=wolfssl + DEFAULT_VARIANT:=1 +endef +Package/cache-domains-wolfssl/description = $(Package/cache-domains/description/default) +Package/cache-domains-wolfssl/install = $(Package/cache-domains/install/default) + $(eval $(call BuildPackage,cache-domains-openssl)) $(eval $(call BuildPackage,cache-domains-mbedtls)) +$(eval $(call BuildPackage,cache-domains-wolfssl)) diff --git a/utils/cache-domains/README.md b/utils/cache-domains/README.md index 3031db1a8..ae525fc86 100644 --- a/utils/cache-domains/README.md +++ b/utils/cache-domains/README.md @@ -3,7 +3,7 @@ hotplug script to dynamically configure the local DNS (dnsmasq) to redirect game content servers to a LAN cache. Definitive list dynamically obtained from https://github.com/uklans/cache-domains. ## Configuration -Configuration file follows the same [syntax as the upsteam file](https://github.com/uklans/cache-domains/blob/master/scripts/config.example.json). The key for each `cache_domain` member matches the name of one of the `.txt` files in the [upstream root directory](https://github.com/uklans/cache-domains/blob/master/), except for the `default` key which matches the all the unreferenced `.txt` files. The value of each `cache_domain` member maps to one of the keys of the `ips` members, Thus mapping a cached domain to a list of IP addresses/LAN cache server. +The configuration file (`/etc/cache-domains.json`) follows the same [syntax as the upsteam file](https://github.com/uklans/cache-domains/blob/master/scripts/config.example.json). The key for each `cache_domains` member matches the name of one of the `.txt` files in the [upstream root directory](https://github.com/uklans/cache-domains/blob/master/), except for the `default` key which matches the all the unreferenced `.txt` files. The value of each `cache_domains` member maps to one of the keys of the `ips` members, Thus mapping a cached domain to a list of IP addresses/LAN cache server. ```json { @@ -13,10 +13,10 @@ Configuration file follows the same [syntax as the upsteam file](https://github. "server3": "10.10.3.13" }, "cache_domains": { - "default": "server2", + "default": "server1", "blizzard": "server1", "origin": "server1", - "steam": "server1", + "steam": "server2", "wsus": "server3", "xboxlive": "server3" } @@ -27,4 +27,4 @@ Configuration file follows the same [syntax as the upsteam file](https://github. `/usr/bin/cache-domains configure` will configure the local DNS (dnsmasq) to redirect the configured cache domains. `/usr/bin/cache-domains cleanup` will cleanup redirection. The hotplug script calls `/usr/bin/cache-domains configure` when the WAN interface is brought up. ## Testing -With the above configuration set and the service running `nslookup swcdn.apple.com` would return `10.10.3.12` +After configuring with the above example configuration, running `nslookup lancache.steamcontent.com` would return `10.10.3.12` diff --git a/utils/cache-domains/files/cache-domains b/utils/cache-domains/files/cache-domains index fe451bebe..d7e4412fc 100644 --- a/utils/cache-domains/files/cache-domains +++ b/utils/cache-domains/files/cache-domains @@ -1,12 +1,26 @@ #!/bin/sh +. /lib/config/uci.sh + set -e -CACHE_DOMAINS_DIR="/var/cache-domains" CACHE_DOMAINS_SRC="https://api.github.com/repos/uklans/cache-domains/tarball/master" +CACHE_DOMAINS_DIR="/var/cache-domains" +CACHE_DOMAINS_HOSTS_DIR="${CACHE_DOMAINS_DIR}/scripts/output/dnsmasq" CONFIG_FILE="/etc/cache-domains.json" +uci_changes() { + local PACKAGE="$1" + local STATE="$2" + + CHANGES=$(/sbin/uci ${UCI_CONFIG_DIR:+-c ${UCI_CONFIG_DIR}} ${STATE:+-P ${STATE}} -q changes "${PACKAGE}" | wc -l) + return "${CHANGES}" +} + configure() { + local INITIAL_DIR + local I=0 + mkdir -p "${CACHE_DOMAINS_DIR}" rm -fr "${CACHE_DOMAINS_DIR:?}/"* @@ -16,30 +30,53 @@ configure() { exit 1 fi - INITIAL_DIR="$(pwd)" - cd "${CACHE_DOMAINS_DIR}/"*"/scripts/" + # move files out of versioned directory + mv "${CACHE_DOMAINS_DIR}/"*"/"* "${CACHE_DOMAINS_DIR}/" if [ ! -f "${CONFIG_FILE}" ]; then - cp "config.example.json" "${CONFIG_FILE}" + cp "${CACHE_DOMAINS_DIR}/scripts/config.example.json" "${CONFIG_FILE}" echo "Using example config file ${CONFIG_FILE}" fi + INITIAL_DIR="$(pwd)" + cd "${CACHE_DOMAINS_DIR}/scripts/" cp "${CONFIG_FILE}" "config.json" ./create-dnsmasq.sh - cp "./output/dnsmasq/"* "/var/dnsmasq.d/" - + rm "config.json" "${CACHE_DOMAINS_HOSTS_DIR}/lancache.conf" cd "${INITIAL_DIR}" - /etc/init.d/dnsmasq restart + while uci_get "dhcp" "@dnsmasq[${I}]" > /dev/null; do + if uci_changes "dhcp"; then + uci_remove_list "dhcp" "@dnsmasq[${I}]" "addnhosts" "${CACHE_DOMAINS_HOSTS_DIR}" + uci_add_list "dhcp" "@dnsmasq[${I}]" "addnhosts" "${CACHE_DOMAINS_HOSTS_DIR}" + uci_commit "dhcp" + else + echo "ERROR: Unexpected changes in the dhcp configuration, commit changes and try again" + exit 1 + fi + + I=$((${I} + 1)) + done + + /etc/init.d/dnsmasq "restart" } cleanup() { - # leave dnsmasq in a clean state - for FILE in "${CACHE_DOMAINS_DIR}/"*"/scripts/output/dnsmasq/"*; do - rm -f "/tmp/dnsmasq.d/$(basename "${FILE}")" + local I=0 + + while uci_get "dhcp" "@dnsmasq[${I}]" > /dev/null; do + if uci_changes "dhcp"; then + uci_remove_list "dhcp" "@dnsmasq[${I}]" "addnhosts" "${CACHE_DOMAINS_HOSTS_DIR}" + uci_commit "dhcp" + else + echo "ERROR: Unexpected changes in the dhcp configuration, commit changes and try again" + exit 1 + fi + + I=$((${I} + 1)) done - /etc/init.d/dnsmasq restart + /etc/init.d/dnsmasq "restart" } case ${1} in diff --git a/utils/docker-compose/Makefile b/utils/docker-compose/Makefile index 1bff69c0c..5f09b292a 100644 --- a/utils/docker-compose/Makefile +++ b/utils/docker-compose/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=docker-compose -PKG_VERSION:=1.26.2 +PKG_VERSION:=1.27.3 PKG_RELEASE:=1 PYPI_NAME:=docker-compose -PKG_HASH:=576b0f81d1a1325941b3ce3436efd51f28b9ecd85b10dd6daa7d51793e187b30 +PKG_HASH:=401838bb36e8b1e255fdf22fe6991508193c09d09f57dc923b66d3f2fa663133 PKG_MAINTAINER:=Javier Marcet <javier@marcet.info> PKG_LICENSE:=Apache-2.0 diff --git a/utils/prometheus/Makefile b/utils/prometheus/Makefile index c78a9c954..4f004228a 100644 --- a/utils/prometheus/Makefile +++ b/utils/prometheus/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=prometheus -PKG_VERSION:=2.20.1 -PKG_RELEASE:=1 +PKG_VERSION:=2.21.0 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/prometheus/prometheus/tar.gz/v${PKG_VERSION}? -PKG_HASH:=d8382b4847479ffe2a968827aa97b5d3167c57ff5a89766f2d4f8c9c9f97dce6 +PKG_HASH:=afafed1be631a53ada60e2b2f12cfdb51dcaee5e539fb65e9983f3276c99f5af PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE @@ -19,6 +19,13 @@ PKG_USE_MIPS16:=0 GO_PKG:=github.com/prometheus/prometheus/ GO_PKG_BUILD_PKG:=github.com/prometheus/prometheus/cmd/prometheus/ +GO_PKG_LDFLAGS_X:=\ + github.com/prometheus/common/version.Version=v$(PKG_VERSION) \ + github.com/prometheus/common/version.Revision=$(PKG_VERSION) \ + github.com/prometheus/common/version.Branch="release" \ + github.com/prometheus/common/version.BuildUser=openwrt \ + github.com/prometheus/common/version.BuildDate=$(SOURCE_DATE_EPOCH) + include $(INCLUDE_DIR)/package.mk include ../../lang/golang/golang-package.mk diff --git a/utils/prometheus/test.sh b/utils/prometheus/test.sh new file mode 100644 index 000000000..208945462 --- /dev/null +++ b/utils/prometheus/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +prometheus --version 2>&1 | grep "$2" diff --git a/utils/selinux-python/Makefile b/utils/selinux-python/Makefile new file mode 100644 index 000000000..da67210dc --- /dev/null +++ b/utils/selinux-python/Makefile @@ -0,0 +1,159 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=selinux-python +PKG_VERSION:=3.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 +PKG_HASH:=f4d0a1a030bc291a6af498b26e0676b745075dd289a8ba16cdec86c3ea8f2f02 + +PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com> +PKG_LICENSE:=GPL-2.0-only +PKG_LICENSE_FILES:=COPYING +PYTHON3_PKG_BUILD:=0 +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include ../../lang/python/python3-package.mk + +# +# common definitions +# + +define Package/selinux-python/Default + SECTION:=utils + DEPENDS:=+python3 +python3-libselinux + CATEGORY:=Utilities + URL:=http://selinuxproject.org/page/Main_Page +endef + +define Package/selinux-python/Default/description + A set of SELinux tools written in python that help with + managing a system with SELinux enabled. +endef + +MAKE_VARS = \ + PYTHON=$(HOST_PYTHON3_BIN) \ + PYTHONLIBDIR=$(PYTHON3_PKG_DIR) \ + $(PYTHON3_VARS) + +define Build/Compile + $(call Build/Compile/Default,all) +endef + +# +# selinux-audit2allow +# + +define Package/selinux-audit2allow +$(call Package/selinux-python/Default) + TITLE:=selinux-audit2allow + DEPENDS+=+python3-sepolgen +libselinux +libsepol +endef + +define Package/selinux-audit2allow/description +$(call Package/selinux-python/Default/description) + This package contains the audit2allow and audit2why tools. +endef + +define Package/selinux-audit2allow/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/audit2allow DESTDIR=$(1) install + rm -rf $(1)/usr/share/man +endef + +# +# selinux-chchat +# + +define Package/selinux-chcat +$(call Package/selinux-python/Default) + TITLE:=selinux-chcat +endef + +define Package/selinux-chcat/description +$(call Package/selinux-python/Default/description) + This package contains the chcat tool. +endef + +define Package/selinux-chcat/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/chcat DESTDIR=$(1) install + rm -rf $(1)/usr/share +endef + +# +# selinux-semanage +# + +define Package/selinux-semanage +$(call Package/selinux-python/Default) + TITLE:=selinux-semanage + DEPENDS+=+python3-sepolicy +python3-libsemanage +setools +endef + +define Package/selinux-semanage/description +$(call Package/selinux-python/Default/description) + This package contains the semanage tool. +endef + +define Package/selinux-semanage/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/semanage DESTDIR=$(1) install + rm -rf $(1)/usr/share +endef + +# +# python3-sepolgen +# + +define Package/python3-sepolgen +$(call Package/selinux-python/Default) + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + TITLE:=python3-sepolgen +endef + +define Package/python3-sepolgen/description +$(call Package/selinux-python/Default/description) + This package contains the sepolgen Python library. +endef + +define Package/python3-sepolgen/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolgen DESTDIR=$(1) install + $(INSTALL_DIR) $(1)/usr/share/sepolgen/ + $(INSTALL_DATA) $(1)/var/lib/sepolgen/perm_map $(1)/usr/share/sepolgen/perm_map + $(RM) -rf $(1)/var +endef + +# +# python3-sepolicy +# + +define Package/python3-sepolicy +$(call Package/selinux-python/Default) + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + TITLE:=python3-sepolicy +endef + +define Package/python3-sepolicy/description +$(call Package/selinux-python/Default/description) + This package contains the sepolicy Python library. +endef + +define Package/python3-sepolicy/install + $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR)/sepolicy DESTDIR=$(1) install + rm -rf $(1)/usr/share +endef + +$(eval $(call BuildPackage,selinux-audit2allow)) +$(eval $(call BuildPackage,selinux-chcat)) +$(eval $(call BuildPackage,selinux-semanage)) +$(eval $(call BuildPackage,python3-sepolgen)) +$(eval $(call BuildPackage,python3-sepolicy)) diff --git a/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch new file mode 100644 index 000000000..5b5426007 --- /dev/null +++ b/utils/selinux-python/patches/0001-sepolgen-adjust-data_dir.patch @@ -0,0 +1,26 @@ +From 4dfa91b1377b6dc57e66443ea1a08c6d79a3a6e2 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni <thomas.petazzoni@bootlin.com> +Date: Wed, 2 Oct 2019 12:04:24 +0200 +Subject: [PATCH] sepolgen: adjust data_dir() + +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> +--- + sepolgen/src/sepolgen/defaults.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py +index 6e800695..a61d1efd 100644 +--- a/sepolgen/src/sepolgen/defaults.py ++++ b/sepolgen/src/sepolgen/defaults.py +@@ -57,7 +57,7 @@ Various default settings, including file and directory locations. + """ + + def data_dir(): +- return "/var/lib/sepolgen" ++ return "/usr/share/sepolgen" + + def perm_map(): + return data_dir() + "/perm_map" +-- +2.21.0 + diff --git a/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch b/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch new file mode 100644 index 000000000..0ebc3e593 --- /dev/null +++ b/utils/selinux-python/patches/0002-sepolgen-don-t-hardcode-search-for-ausearch-in-sbin.patch @@ -0,0 +1,38 @@ +From a8a7f8fb5cfe95f28cd5f7ff4b4679ca122fe410 Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni <thomas.petazzoni@bootlin.com> +Date: Wed, 2 Oct 2019 13:38:18 +0200 +Subject: [PATCH] sepolgen: don't hardcode search for ausearch in /sbin + +ausearch may be installed in another location, just rely on PATH to +find ausearch. + +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> +--- + sepolgen/src/sepolgen/audit.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py +index 4adb851f..5eafa587 100644 +--- a/sepolgen/src/sepolgen/audit.py ++++ b/sepolgen/src/sepolgen/audit.py +@@ -41,7 +41,7 @@ def get_audit_boot_msgs(): + s = time.localtime(time.time() - off) + bootdate = time.strftime("%x", s) + boottime = time.strftime("%X", s) +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], ++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +@@ -56,7 +56,7 @@ def get_audit_msgs(): + string contain all of the audit messages returned by ausearch. + """ + import subprocess +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], ++ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"], + stdout=subprocess.PIPE).communicate()[0] + if util.PY3: + output = util.decode_input(output) +-- +2.21.0 + diff --git a/utils/semodule-utils/Makefile b/utils/semodule-utils/Makefile new file mode 100644 index 000000000..4e9fcda40 --- /dev/null +++ b/utils/semodule-utils/Makefile @@ -0,0 +1,49 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=semodule-utils +PKG_VERSION:=3.1 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 +PKG_HASH:=0cc37f9cec751d9c2abb5f2b228b060567e973cb47c19b53b8a4a7378baaa853 +PKG_INSTALL:=1 +HOST_BUILD_DEPENDS:=libsemanage/host + +PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> +PKG_LICENSE:=GPL-2.0-only +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk + +define Package/semodule-utils + SECTION:=utils + CATEGORY:=Utilities + DEPENDS:= +policycoreutils + TITLE:=SELinux policy utilities for dealing with modules + URL:=http://selinuxproject.org/page/Main_Page +endef + +define Package/semodule-utils/description + Semodule-utils is a collection of utilities for dealing with + policy modules. +endef + +HOST_MAKE_FLAGS += \ + PREFIX=$(STAGING_DIR_HOSTPKG) \ + SBINDIR=$(STAGING_DIR_HOSTPKG)/sbin \ + ETCDIR=$(STAGING_DIR_HOSTPKG)/etc + +define Package/semodule-utils/install + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ +endef + +$(eval $(call HostBuild)) +$(eval $(call BuildPackage,semodule-utils)) diff --git a/utils/setools/Makefile b/utils/setools/Makefile new file mode 100644 index 000000000..ba38e4f78 --- /dev/null +++ b/utils/setools/Makefile @@ -0,0 +1,41 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=setools +PKG_VERSION:=4.3.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=https://github.com/SELinuxProject/setools/releases/download/4.3.0 +PKG_HASH:=315df3ae0eb29b399123c5e3330480c5d1c0da038671c9fd62a439c49a6f9105 +PKG_BUILD_DIR:=$(BUILD_DIR)/setools + +HOST_PYTHON3_PACKAGE_BUILD_DEPENDS:=Cython # Cython>=0.27 + +PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> +PKG_LICENSE:=GPL-2.0-or-later LGPL-2.1-or-later +PKG_LICENSE_FILES:=COPYING COPYING.GPL COPYING.LGPL +PKG_CPE_ID:=cpe:/a:selinuxproject:setools + +include $(INCLUDE_DIR)/package.mk +include ../../lang/python/python3-package.mk + +define Package/setools + SECTION:=utils + CATEGORY:=Utilities + DEPENDS:=+python3 +python3-pkg-resources +python3-networkx +libselinux +libsepol + TITLE:=Policy analysis tools for SELinux + URL:=http://selinuxproject.org/page/Main_Page +endef + +define Package/setools/description + SETools is a collection of tools and libraries designed to facilitate + SELinux policy analysis. +endef + +$(eval $(call Py3Package,setools)) +$(eval $(call BuildPackage,setools)) diff --git a/utils/setools/patches/010-fewer-warnings.patch b/utils/setools/patches/010-fewer-warnings.patch new file mode 100644 index 000000000..d81a9c6e4 --- /dev/null +++ b/utils/setools/patches/010-fewer-warnings.patch @@ -0,0 +1,11 @@ +diff -u --recursive setools-vanilla/setup.py setools/setup.py +--- setools-vanilla/setup.py 2020-04-01 09:57:49.000000000 -0500 ++++ setools/setup.py 2020-08-12 21:44:41.265149504 -0500 +@@ -109,7 +109,6 @@ + extra_compile_args=['-Werror', '-Wextra', + '-Waggregate-return', + '-Wfloat-equal', +- '-Wformat', '-Wformat=2', + '-Winit-self', + '-Wmissing-format-attribute', + '-Wmissing-include-dirs', diff --git a/utils/stress-ng/Makefile b/utils/stress-ng/Makefile index 3220c32c4..033f0fd80 100644 --- a/utils/stress-ng/Makefile +++ b/utils/stress-ng/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stress-ng -PKG_VERSION:=0.11.18 -PKG_RELEASE:=2 +PKG_VERSION:=0.11.20 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://kernel.ubuntu.com/~cking/tarballs/stress-ng -PKG_HASH:=07c82a5c89538b5b696a79192faa70d0232352004c9e532946f7f3613d0adf23 +PKG_HASH:=145210ec692382e447579ec5c1651f89aa9cb4f6531bab9c0e54ded82c8ac338 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com> PKG_LICENSE:=GPL-2.0-only diff --git a/utils/syncthing/Makefile b/utils/syncthing/Makefile index 7d9520d49..05c56c4d7 100644 --- a/utils/syncthing/Makefile +++ b/utils/syncthing/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syncthing -PKG_VERSION:=1.6.1 +PKG_VERSION:=1.9.0 PKG_RELEASE:=2 PKG_SOURCE:=syncthing-source-v$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syncthing/syncthing/releases/download/v$(PKG_VERSION) -PKG_HASH:=f42518d453f7475022b5632420f21a6e0ab8d77f19c29b65ad582bc98e00a0a5 +PKG_HASH:=a4e3e5997b2c4c76512ed9b32a067b2a90e26c0d445f8c3c62af65d2b93d4d8b PKG_BUILD_DIR=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/$(PKG_NAME) @@ -40,7 +40,7 @@ define Package/syncthing DEPENDS:=$(GO_ARCH_DEPENDS) SECTION:=utils CATEGORY:=Utilities - USERID:=syncthing:syncthing + USERID:=syncthing=499:syncthing=499 endef define Package/syncthing/conffiles diff --git a/utils/syncthing/test.sh b/utils/syncthing/test.sh new file mode 100644 index 000000000..f582111ce --- /dev/null +++ b/utils/syncthing/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +syncthing --version | grep "$2" diff --git a/utils/xfsprogs/Makefile b/utils/xfsprogs/Makefile index c14960e5b..f57b14ae5 100644 --- a/utils/xfsprogs/Makefile +++ b/utils/xfsprogs/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=xfsprogs -PKG_VERSION:=5.5.0 -PKG_RELEASE:=2 +PKG_VERSION:=5.8.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/linux/utils/fs/xfs/xfsprogs -PKG_HASH:=cfbb0b136799c48cb79435facd0969c5a60a587a458e2d16f9752771027efbec +PKG_HASH:=8ef46ed9e6bb927f407f541dc4324857c908ddf1374265edc910d23724048c6b PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 diff --git a/utils/xfsprogs/patches/120-disable_assert.patch b/utils/xfsprogs/patches/120-disable_assert.patch index 237c83721..5bde4fbf9 100644 --- a/utils/xfsprogs/patches/120-disable_assert.patch +++ b/utils/xfsprogs/patches/120-disable_assert.patch @@ -1,6 +1,6 @@ --- a/libxfs/libxfs_priv.h +++ b/libxfs/libxfs_priv.h -@@ -85,9 +85,6 @@ struct iomap; +@@ -87,9 +87,6 @@ struct iomap; /* for all the support code that uses progname in error messages */ extern char *progname; |