[rinetd] fix #955320 - use hardened build
Jan Kaluža
jkaluza at fedoraproject.org
Tue Apr 23 10:18:50 UTC 2013
commit 55a1e7ec5f6969f5c5a86ccae33daf26d2dba1bd
Author: Jan Kaluza <hanzz.k at gmail.com>
Date: Tue Apr 23 12:18:44 2013 +0200
fix #955320 - use hardened build
- move to systemd
rinetd-0.62-ldflags.patch | 13 ++++++++++
rinetd.service | 8 ++++++
rinetd.spec | 54 +++++++++++++++++++++++++++++++-------------
3 files changed, 59 insertions(+), 16 deletions(-)
---
diff --git a/rinetd-0.62-ldflags.patch b/rinetd-0.62-ldflags.patch
new file mode 100644
index 0000000..402fb20
--- /dev/null
+++ b/rinetd-0.62-ldflags.patch
@@ -0,0 +1,13 @@
+diff --git a/Makefile b/Makefile
+index d598b18..97a37e2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,7 +1,7 @@
+ CFLAGS=-DLINUX -g
+
+ rinetd: rinetd.o match.o
+- gcc rinetd.o match.o -o rinetd
++ gcc $(LDFLAGS) rinetd.o match.o -o rinetd
+
+ install: rinetd
+ install -m 700 rinetd /usr/sbin
diff --git a/rinetd.service b/rinetd.service
new file mode 100644
index 0000000..4da213d
--- /dev/null
+++ b/rinetd.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=ritned daemon
+
+[Service]
+Type=forking
+PIDFile=/var/run/rinetd.pid
+ExecStart=/usr/sbin/rinetd
+ExecReload=/bin/kill -HUP $MAINPID
diff --git a/rinetd.spec b/rinetd.spec
index 0b7dd2e..7a24919 100644
--- a/rinetd.spec
+++ b/rinetd.spec
@@ -1,17 +1,23 @@
+%global _hardened_build 1
+
Summary: TCP redirection server
Name: rinetd
Version: 0.62
-Release: 13%{?dist}
+Release: 14%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://www.boutell.com/rinetd
Source0: http://www.boutell.com/rinetd/http/rinetd.tar.gz
Source1: rinetd.conf
-Source2: rinetd.init
+Source2: rinetd.service
Source3: rinetd.logrotate
+Patch0: rinetd-0.62-ldflags.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-PreReq: /sbin/chkconfig
-PreReq: /sbin/service
+BuildRequires: systemd
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+Requires(post): systemd-sysv
%description
rinetd is a daemon which redirects TCP connections from one IP address
@@ -20,9 +26,10 @@ access services behind a firewall.
%prep
%setup -q -n %{name}
+%patch0 -p1 -b .ldflags
%build
-make CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags}
+make CFLAGS="-DLINUX -g $RPM_OPT_FLAGS" LDFLAGS="${LDFLAGS:-%__global_ldflags}" %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
@@ -35,26 +42,37 @@ install -p -m 0644 rinetd.8 $RPM_BUILD_ROOT%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}
-install -p -m 0755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/rinetd
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/rinetd
+install -p -m 644 $RPM_SOURCE_DIR/rinetd.service \
+ $RPM_BUILD_ROOT%{_unitdir}/rinetd.service
+
%clean
rm -rf $RPM_BUILD_ROOT
%post
-/sbin/chkconfig --add rinetd
+%systemd_post rinetd.service
%preun
-if [ "$1" -eq 0 ]; then
- /sbin/service rinetd stop > /dev/null 2>&1 ||:
- /sbin/chkconfig --del rinetd
-fi
-
+%systemd_preun rinetd.service
+
%postun
-if [ "$1" -ge 1 ]; then
- /sbin/service rinetd condrestart > /dev/null 2>&1 ||:
-fi
+%systemd_postun_with_restart rinetd.service
+
+%triggerun -- rinetd < 0.62-14
+# Save the current service runlevel info
+# User must manually run systemd-sysv-convert --apply rinetd
+# to migrate them to systemd targets
+/usr/bin/systemd-sysv-convert --save rinetd >/dev/null 2>&1 ||:
+
+# If the package is allowed to autostart:
+/bin/systemctl --no-reload enable rinetd.service >/dev/null 2>&1 ||:
+
+# Run these because the SysV package being removed won't do them
+/sbin/chkconfig --del rinetd >/dev/null 2>&1 || :
+/bin/systemctl try-restart rinetd.service >/dev/null 2>&1 || :
%files
%defattr(-, root, root)
@@ -62,10 +80,14 @@ fi
%{_sbindir}/*
%{_mandir}/man8/*
%config(noreplace) %{_sysconfdir}/rinetd.conf
-%config %{_sysconfdir}/rc.d/init.d/rinetd
%config(noreplace) %{_sysconfdir}/logrotate.d/rinetd
+%{_unitdir}/*.service
%changelog
+* Tue Apr 23 2013 Jan Kaluza <jkaluza at redhat.com> - 0.62-14
+- fix #955320 - use hardened build
+- move to systemd
+
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.62-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
More information about the scm-commits
mailing list