[gogoc/el6] Add EPEL 6 support
Juan Orti
jorti at fedoraproject.org
Mon Feb 24 14:00:53 UTC 2014
commit e5e56c23faa5fec2c87aacd12a2338fd8ff724eb
Author: Juan Orti Alcaine <j.orti.alcaine at gmail.com>
Date: Mon Feb 24 15:01:27 2014 +0100
Add EPEL 6 support
gogoc-init.d | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++
gogoc-sysconfig | 2 +
gogoc-tmpfiles.conf | 1 -
gogoc.fc | 2 -
gogoc.if | 33 --------------
gogoc.service | 26 -----------
gogoc.spec | 62 ++++++++++++++------------
gogoc.te | 27 ++++++-----
8 files changed, 169 insertions(+), 103 deletions(-)
---
diff --git a/gogoc-init.d b/gogoc-init.d
new file mode 100644
index 0000000..b5b819c
--- /dev/null
+++ b/gogoc-init.d
@@ -0,0 +1,119 @@
+#!/bin/sh
+#
+# gogoc IPv6 TSP client for gogo6
+#
+# chkconfig: 2345 95 5
+# description: TSP is a control protocol used to establish and maintain \
+# static tunnels. The gogoCLIENT is used on the host computer \
+# to connect to a tunnel broker using the TSP protocol and to \
+# get the information for its IPv6 tunnel. When it receives the \
+# information for the tunnel, the gogoCLIENT creates the static \
+# tunnel on its operating system. You can setup a dynamic tunnel \
+# anonymously, but if you want a static prefix you need an \
+# account in Freenet6 \
+# http://gogonet.gogo6.com/page/freenet6-account
+
+### BEGIN INIT INFO
+# Provides: gogoc
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: IPv6 TSP client for gogo6
+# Description: TSP is a control protocol used to establish and maintain \
+# static tunnels. The gogoCLIENT is used on the host computer \
+# to connect to a tunnel broker using the TSP protocol and to \
+# get the information for its IPv6 tunnel. When it receives the \
+# information for the tunnel, the gogoCLIENT creates the static \
+# tunnel on its operating system. You can setup a dynamic tunnel \
+# anonymously, but if you want a static prefix you need an \
+# account in Freenet6 \
+# http://gogonet.gogo6.com/page/freenet6-account
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="/usr/bin/gogoc"
+prog="gogoc"
+config="/etc/gogoc/gogoc.conf"
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ [ -f $config ] || exit 6
+ echo -n $"Starting $prog: "
+ daemon nohup $exec -f $config $GOGOC_OPTS >/dev/null 2>&1 &
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc $exec -HUP
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ restart
+}
+
+force_reload() {
+ restart
+}
+
+rh_status() {
+ status $prog
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+ start)
+ rh_status_q && exit 0
+ $1
+ ;;
+ stop)
+ rh_status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ rh_status_q || exit 7
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ rh_status
+ ;;
+ condrestart|try-restart)
+ rh_status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
diff --git a/gogoc-sysconfig b/gogoc-sysconfig
new file mode 100644
index 0000000..a268dfc
--- /dev/null
+++ b/gogoc-sysconfig
@@ -0,0 +1,2 @@
+# To accept the server keys automatically, uncomment the next line
+#GOGOC_OPTS="-y"
diff --git a/gogoc.fc b/gogoc.fc
index f6427df..b2a63ba 100644
--- a/gogoc.fc
+++ b/gogoc.fc
@@ -1,7 +1,5 @@
/usr/bin/gogoc -- gen_context(system_u:object_r:gogoc_exec_t,s0)
-/usr/lib/systemd/system/gogoc.service -- gen_context(system_u:object_r:gogoc_unit_file_t,s0)
-
/var/lib/gogoc(/.*)? gen_context(system_u:object_r:gogoc_var_lib_t,s0)
/var/log/gogoc(/.*)? gen_context(system_u:object_r:gogoc_log_t,s0)
diff --git a/gogoc.if b/gogoc.if
index fcdc1cb..f4ef5b7 100644
--- a/gogoc.if
+++ b/gogoc.if
@@ -233,30 +233,6 @@ interface(`gogoc_read_pid_files',`
read_files_pattern($1, gogoc_var_run_t, gogoc_var_run_t)
')
-########################################
-## <summary>
-## Execute gogoc server in the gogoc domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`gogoc_systemctl',`
- gen_require(`
- type gogoc_t;
- type gogoc_unit_file_t;
- ')
-
- systemd_exec_systemctl($1)
- systemd_read_fifo_file_password_run($1)
- allow $1 gogoc_unit_file_t:file read_file_perms;
- allow $1 gogoc_unit_file_t:service manage_service_perms;
-
- ps_process_pattern($1, gogoc_t)
-')
-
########################################
## <summary>
@@ -282,7 +258,6 @@ interface(`gogoc_admin',`
type gogoc_tmp_t;
type gogoc_var_lib_t;
type gogoc_var_run_t;
- type gogoc_unit_file_t;
')
allow $1 gogoc_t:process { ptrace signal_perms };
@@ -299,12 +274,4 @@ interface(`gogoc_admin',`
files_search_pids($1)
admin_pattern($1, gogoc_var_run_t)
-
- gogoc_systemctl($1)
- admin_pattern($1, gogoc_unit_file_t)
- allow $1 gogoc_unit_file_t:service all_service_perms;
- optional_policy(`
- systemd_passwd_agent_exec($1)
- systemd_read_fifo_file_passwd_run($1)
- ')
')
diff --git a/gogoc.spec b/gogoc.spec
index 80ac303..b94a146 100644
--- a/gogoc.spec
+++ b/gogoc.spec
@@ -1,4 +1,3 @@
-%global _hardened_build 1
%global distver 1_2-RELEASE
%global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null)
%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls targeted || echo %{selinux_types})
@@ -14,11 +13,11 @@ Group: System Environment/Daemons
License: BSD and GPLv2
URL: http://gogonet.gogo6.com/page/freenet6-services
Source0: http://content.gogo6.com/%{name}-%{distver}.tar.gz
-Source1: %{name}.service
-Source2: %{name}-tmpfiles.conf
Source3: %{name}.fc
Source4: %{name}.if
Source5: %{name}.te
+Source6: %{name}-init.d
+Source7: %{name}-sysconfig
Patch1: %{name}-1.2-dirpath.patch
Patch2: %{name}-1.2-gcc_4.6_compile_fix.patch
Patch3: %{name}-1.2-gogoc_conf_5.patch
@@ -33,7 +32,6 @@ Patch9: %{name}-1.2-change_tmp_file.patch
Patch10: %{name}-1.2-use_iproute.patch
BuildRequires: openssl-devel
-BuildRequires: systemd
BuildRequires: checkpolicy
BuildRequires: selinux-policy-devel
BuildRequires: /usr/share/selinux/devel/policyhelp
@@ -44,12 +42,13 @@ Requires: iproute
%if "%{_selinux_policy_version}" != ""
Requires: selinux-policy >= %{_selinux_policy_version}
%endif
-Requires(post): systemd
+Requires(post): chkconfig
Requires(post): /usr/sbin/semodule
Requires(post): /sbin/fixfiles
Requires(post): policycoreutils-python
-Requires(preun): systemd
-Requires(postun): systemd
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
Requires(postun): /usr/sbin/semodule
Requires(postun): policycoreutils-python
@@ -77,9 +76,9 @@ mkdir SELinux
cp -p %{SOURCE3} %{SOURCE4} %{SOURCE5} SELinux
%build
-CFLAGS="%{optflags}"; export CFLAGS
-CXXFLAGS="%{optflags}"; export CXXFLAGS
-LDFLAGS="%{__global_ldflags}"; export LDFLAGS
+CFLAGS="%{optflags} -fPIE"; export CFLAGS
+CXXFLAGS="%{optflags} -fPIE"; export CXXFLAGS
+LDFLAGS="-Wl,-z,relro -pie -z now"; export LDFLAGS
make -j1 all
cd SELinux
for selinuxvariant in %{selinux_variants}
@@ -96,18 +95,17 @@ make installdir=%{buildroot}%{_prefix} install
install -d %{buildroot}%{_datadir} \
%{buildroot}%{_sysconfdir}/sysconfig \
%{buildroot}%{_sysconfdir}/%{name}/template \
- %{buildroot}%{_unitdir} \
- %{buildroot}%{_sharedstatedir}/%{name} \
+ %{buildroot}%{_initddir} \
+ %{buildroot}%{_localstatedir}/lib/%{name} \
%{buildroot}%{_localstatedir}/run/%{name} \
%{buildroot}%{_localstatedir}/log/%{name}
-# Systemd unit file
-install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}
+install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
# Copy the Linux shell script to where it's needed
cp -p %{buildroot}%{_datadir}/%{name}/template/linux.sh %{buildroot}%{_sysconfdir}/%{name}/template/linux.sh
# Ghost files
-touch %{buildroot}%{_sharedstatedir}/%{name}/gogockeys.pub
-touch %{buildroot}%{_sharedstatedir}/%{name}/tsp-last-server.txt
-touch %{buildroot}%{_sharedstatedir}/%{name}/tsp-broker-list.txt
+touch %{buildroot}%{_localstatedir}/lib/%{name}/gogockeys.pub
+touch %{buildroot}%{_localstatedir}/lib/%{name}/tsp-last-server.txt
+touch %{buildroot}%{_localstatedir}/lib/%{name}/tsp-broker-list.txt
touch %{buildroot}%{_localstatedir}/run/%{name}/%{name}-rtadvd.conf
touch %{buildroot}%{_localstatedir}/run/%{name}/%{name}-tmp.log
# Remove unneeded files
@@ -115,9 +113,7 @@ rm -f %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.sample
rm -rf %{buildroot}%{_datadir}/%{name}
# The config file can contain passwords, protect it
chmod 0640 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
-# Tmpfiles
-mkdir -p %{buildroot}%{_tmpfilesdir}
-install -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+install -m 0755 %{SOURCE6} %{buildroot}%{_initddir}/%{name}
# SELinux policy
cd SELinux
for selinuxvariant in %{selinux_variants}
@@ -130,7 +126,7 @@ cd -
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
%post
-%systemd_post %{name}.service
+/sbin/chkconfig --add %{name}
# Remove old SELinux file context
semanage fcontext -d -t radvd_etc_t '%{_localstatedir}/run/%{name}/%{name}-rtadvd.conf' 2>/dev/null || :
@@ -147,10 +143,15 @@ semanage port -a -t gogoc_port_t -p udp 3653 >/dev/null 2>&1 || :
/sbin/fixfiles -R %{name} restore || :
%preun
-%systemd_preun %{name}.service
+if [ $1 -eq 0 ] ; then
+ /sbin/service %{name} stop >/dev/null 2>&1 || :
+ /sbin/chkconfig --del %{name}
+fi
%postun
-%systemd_postun_with_restart %{name}.service
+if [ "$1" -ge "1" ] ; then
+ /sbin/service %{name} condrestart >/dev/null 2>&1 || :
+fi
# Remove SELinux policy
if [ $1 -eq 0 ] ; then
@@ -168,20 +169,23 @@ fi
%{_mandir}/man5/%{name}.conf.5.gz
%{_mandir}/man8/%{name}.8.gz
%config(noreplace) %{_sysconfdir}/%{name}
-%{_tmpfilesdir}/%{name}.conf
-%dir %{_sharedstatedir}/%{name}
-%ghost %{_sharedstatedir}/%{name}/tsp-last-server.txt
-%ghost %{_sharedstatedir}/%{name}/gogockeys.pub
-%ghost %{_sharedstatedir}/%{name}/tsp-broker-list.txt
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%dir %{_localstatedir}/lib/%{name}
+%ghost %{_localstatedir}/lib/%{name}/tsp-last-server.txt
+%ghost %{_localstatedir}/lib/%{name}/gogockeys.pub
+%ghost %{_localstatedir}/lib/%{name}/tsp-broker-list.txt
%dir %{_localstatedir}/run/%{name}
%ghost %{_localstatedir}/run/%{name}/%{name}-rtadvd.conf
%ghost %{_localstatedir}/run/%{name}/%{name}-tmp.log
%dir %{_localstatedir}/log/%{name}
%{_bindir}/%{name}
-%{_unitdir}/%{name}.service
+%{_initddir}/%{name}
%{_datadir}/selinux/*/%{name}.pp
%changelog
+* Fri Feb 21 2014 Juan Orti Alcaine <jorti at fedoraproject.org> - 1.2-37
+- Add EPEL support
+
* Mon Feb 17 2014 Juan Orti Alcaine <jorti at fedoraproject.org> - 1.2-36
- Use iproute tools to configure tunnel. Bug #1063272
diff --git a/gogoc.te b/gogoc.te
index 2a4006b..df27579 100644
--- a/gogoc.te
+++ b/gogoc.te
@@ -1,4 +1,4 @@
-policy_module(gogoc, 1.0.5)
+policy_module(gogoc, 1.0.7)
########################################
#
@@ -24,9 +24,6 @@ files_pid_file(gogoc_var_run_t)
type gogoc_conf_t;
files_config_file(gogoc_conf_t)
-type gogoc_unit_file_t;
-systemd_unit_file(gogoc_unit_file_t)
-
type gogoc_port_t;
corenet_port(gogoc_port_t)
@@ -34,18 +31,18 @@ corenet_port(gogoc_port_t)
#
# gogoc local policy
#
-create_files_pattern(gogoc_t, gogoc_log_t, gogoc_log_t)
-allow gogoc_t gogoc_log_t:file { append_file_perms read_file_perms setattr_file_perms };
+manage_files_pattern(gogoc_t, gogoc_log_t, gogoc_log_t)
manage_files_pattern(gogoc_t, gogoc_var_lib_t, gogoc_var_lib_t)
manage_files_pattern(gogoc_t, gogoc_var_run_t, gogoc_var_run_t)
read_files_pattern(gogoc_t, gogoc_conf_t, gogoc_conf_t)
manage_files_pattern(gogoc_t, gogoc_tmp_t, gogoc_tmp_t)
files_tmp_filetrans(gogoc_t, gogoc_tmp_t, { dir file })
-allow gogoc_t self:capability { net_admin net_raw kill };
+allow gogoc_t self:capability { net_admin net_raw kill sys_module};
allow gogoc_t self:tun_socket create_socket_perms;
allow gogoc_t self:rawip_socket create_socket_perms;
allow gogoc_t self:netlink_route_socket nlmsg_write;
+allow gogoc_t self:process signal;
allow gogoc_t gogoc_port_t:tcp_socket name_connect;
allow gogoc_t gogoc_port_t:udp_socket rw_socket_perms;
@@ -59,18 +56,24 @@ auth_use_nsswitch(gogoc_t)
logging_send_syslog_msg(gogoc_t)
dev_read_urand(gogoc_t)
dev_read_rand(gogoc_t)
+dev_search_sysfs(gogoc_t)
+dev_getattr_sysfs_dirs(gogoc_t)
+dev_read_sysfs(gogoc_t)
corecmd_exec_shell(gogoc_t)
corecmd_exec_bin(gogoc_t)
sysnet_exec_ifconfig(gogoc_t)
fs_getattr_tmpfs(gogoc_t)
+fs_getattr_all_fs(gogoc_t)
+miscfiles_read_localization(gogoc_t)
optional_policy(`
gen_require(`
- type radvd_exec_t, radvd_t, radvd_etc_t;
+ type radvd_exec_t, radvd_t, radvd_etc_t, radvd_var_run_t;
')
- domtrans_pattern(gogoc_t, radvd_exec_t, radvd_t) # Execute radvd in its own domain
- rw_files_pattern(radvd_t, gogoc_var_run_t, gogoc_var_run_t) # For radvd to write temp file and read config
- radvd_read_pid_files(gogoc_t) # For gogoc to read the pid file of radvd
- allow gogoc_t radvd_t:process signal; # Kill radvd
+ domtrans_pattern(gogoc_t, radvd_exec_t, radvd_t)
+ rw_files_pattern(radvd_t, gogoc_var_run_t, gogoc_var_run_t)
+ read_files_pattern(gogoc_t, radvd_var_run_t, radvd_var_run_t)
+ rw_files_pattern(radvd_t, gogoc_log_t, gogoc_log_t)
+ allow gogoc_t radvd_t:process signal;
allow radvd_t gogoc_t:udp_socket rw_socket_perms;
')
More information about the scm-commits
mailing list