starlingx
/
integ
Code Issues Proposed changes

StarlingX open source release updates 

Signed-off-by: Dean Troyer <dtroyer@gmail.com>
This commit is contained in:
Dean Troyer 2018-05-30 16:17:22 -07:00
parent 1a32385367
commit 3cd12006bb
1498 changed files with 181275 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CONTRIBUTORS.wrs Normal file
View File

@ -0,0 +1,7 @@
The following contributors from Wind River have developed the seed code in this
repository. We look forward to community collaboration and contributions for
additional features, enhancements and refactoring.
Contributors:
=============
Wind River Titanium Cloud Team

202
LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

5
README.rst Normal file
View File

@ -0,0 +1,5 @@
=========
stx-integ
=========
StarlingX Integration

22
base/base-files/base-files/issue Normal file
View File

@ -0,0 +1,22 @@

Release xxxPLATFORM_RELEASExxx \n \l
------------------------------------------------------------------------
W A R N I N G *** W A R N I N G *** W A R N I N G *** W A R N I N G ***
------------------------------------------------------------------------
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system including all related equipment, network devices
(specifically including Internet access), are provided only for authorized use.
All computer systems may be monitored for all lawful purposes, including to
ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
procedures, survivability and operational security. Monitoring includes active
attacks by authorized personnel and their entities to test or verify the
security of the system. During monitoring, information may be examined,
recorded, copied and used for authorized purposes. All information including
personal information, placed on or sent over this system may be monitored. Uses
of this system, authorized or unauthorized, constitutes consent to monitoring
of this system. Unauthorized use may subject you to criminal prosecution.
Evidence of any such unauthorized use collected during monitoring may be used
for administrative, criminal or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.

21
base/base-files/base-files/issue.net Normal file
View File

@ -0,0 +1,21 @@
Release xxxPLATFORM_RELEASExxx
------------------------------------------------------------------------
W A R N I N G *** W A R N I N G *** W A R N I N G *** W A R N I N G ***
------------------------------------------------------------------------
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system including all related equipment, network devices
(specifically including Internet access), are provided only for authorized use.
All computer systems may be monitored for all lawful purposes, including to
ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
procedures, survivability and operational security. Monitoring includes active
attacks by authorized personnel and their entities to test or verify the
security of the system. During monitoring, information may be examined,
recorded, copied and used for authorized purposes. All information including
personal information, placed on or sent over this system may be monitored. Uses
of this system, authorized or unauthorized, constitutes consent to monitoring
of this system. Unauthorized use may subject you to criminal prosecution.
Evidence of any such unauthorized use collected during monitoring may be used
for administrative, criminal or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.

5
base/base-files/base-files/motd Normal file
View File

@ -0,0 +1,5 @@

WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored if unauthorized usage is suspected.

21
base/base-files/base-files/nsswitch.conf Normal file
View File

@ -0,0 +1,21 @@
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
sudoers: files

2
base/centos-release/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
COPY_LIST="files/*"
TIS_PATCH_VER=2

25
base/centos-release/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch Normal file
View File

@ -0,0 +1,25 @@
From d5890a17f5b07a9d17665c2b4138bb244ab6c680 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:58:59 -0400
Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch
---
SPECS/centos-release.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
index be95b1b..91dad61 100644
--- a/SPECS/centos-release.spec
+++ b/SPECS/centos-release.spec
@@ -13,7 +13,7 @@
Name: centos-release
Version: %{base_release_version}
-Release: %{centos_rel}%{?dist}
+Release: %{centos_rel}.el7.centos%{?_tis_dist}.%{tis_patch_ver}
Summary: %{product_family} release file
Group: System Environment/Base
License: GPLv2
--
1.9.1

2
base/centos-release/centos/meta_patches/PATCH_ORDER Normal file
View File

@ -0,0 +1,2 @@
centos-release-include-TiS-changes.patch
0001-Update-package-versioning-for-TIS-format.patch

38
base/centos-release/centos/meta_patches/centos-release-include-TiS-changes.patch Normal file
View File

@ -0,0 +1,38 @@
From 4905ace48eb3feae48a02d2bd61e3778f8062532 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:58:59 -0400
Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch
---
SPECS/centos-release.spec | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
index af82c8b..be95b1b 100644
--- a/SPECS/centos-release.spec
+++ b/SPECS/centos-release.spec
@@ -25,6 +25,8 @@ Provides: system-release(releasever) = %{base_release_version}
Source0: centos-release-%{base_release_version}-%{centos_rel}.tar.gz
Source1: 85-display-manager.preset
Source2: 90-default.preset
+Source3: issue
+Source4: issue.net
%description
%{product_family} release files
@@ -118,6 +120,12 @@ mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-preset/
install -m 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/systemd/system-preset/
install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/systemd/system-preset/
+# Overwrite default issue files with cgcs related files.
+install -m 0644 %{SOURCE3} %{buildroot}/etc/issue
+install -m 0644 %{SOURCE4} %{buildroot}/etc/issue.net
+sed -i -e "s/xxxPLATFORM_RELEASExxx/%{platform_release}/g" \
+ %{buildroot}/etc/issue \
+ %{buildroot}/etc/issue.net
%clean
rm -rf %{buildroot}
--
1.9.1

1
base/centos-release/centos/srpm_path Normal file
View File

@ -0,0 +1 @@
mirror:Source/centos-release-7-4.1708.el7.centos.src.rpm

22
base/centos-release/files/issue Normal file
View File

@ -0,0 +1,22 @@

Release xxxPLATFORM_RELEASExxx \n \l
------------------------------------------------------------------------
W A R N I N G *** W A R N I N G *** W A R N I N G *** W A R N I N G ***
------------------------------------------------------------------------
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system including all related equipment, network devices
(specifically including Internet access), are provided only for authorized use.
All computer systems may be monitored for all lawful purposes, including to
ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
procedures, survivability and operational security. Monitoring includes active
attacks by authorized personnel and their entities to test or verify the
security of the system. During monitoring, information may be examined,
recorded, copied and used for authorized purposes. All information including
personal information, placed on or sent over this system may be monitored. Uses
of this system, authorized or unauthorized, constitutes consent to monitoring
of this system. Unauthorized use may subject you to criminal prosecution.
Evidence of any such unauthorized use collected during monitoring may be used
for administrative, criminal or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.

21
base/centos-release/files/issue.net Normal file
View File

@ -0,0 +1,21 @@
Release xxxPLATFORM_RELEASExxx
------------------------------------------------------------------------
W A R N I N G *** W A R N I N G *** W A R N I N G *** W A R N I N G ***
------------------------------------------------------------------------
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system including all related equipment, network devices
(specifically including Internet access), are provided only for authorized use.
All computer systems may be monitored for all lawful purposes, including to
ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
procedures, survivability and operational security. Monitoring includes active
attacks by authorized personnel and their entities to test or verify the
security of the system. During monitoring, information may be examined,
recorded, copied and used for authorized purposes. All information including
personal information, placed on or sent over this system may be monitored. Uses
of this system, authorized or unauthorized, constitutes consent to monitoring
of this system. Unauthorized use may subject you to criminal prosecution.
Evidence of any such unauthorized use collected during monitoring may be used
for administrative, criminal or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.

2
base/expect-lite/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
COPY_LIST="$CGCS_BASE/downloads/expect-lite_4.9.0.tar.gz"
TIS_PATCH_VER=1

28
base/expect-lite/centos/expect-lite.spec Normal file
View File

@ -0,0 +1,28 @@
Summary: expect-lite
Name: expect-lite
Version: 4.9.0
Release: 0%{?_tis_dist}.%{tis_patch_ver}
License: BSD
Group: devel
Packager: Wind River <info@windriver.com>
URL: http://expect-lite.sourceforge.net/
Requires: expect
Source0: %{name}_%{version}.tar.gz
%description
Expect based command line automation tool
%prep
%setup -n %{name}.proj
%install
mkdir -p $RPM_BUILD_ROOT/usr/local/bin
echo $PWD
install -m 755 expect-lite $RPM_BUILD_ROOT/usr/local/bin/expect-lite
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
/usr/local/bin/expect-lite

2
base/lshell/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
COPY_LIST="files/*"
TIS_PATCH_VER=4

25
base/lshell/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch Normal file
View File

@ -0,0 +1,25 @@
From 30a087a13a78b77537a969db2a30b531246b0bd7 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 26 Sep 2016 17:39:58 -0400
Subject: [PATCH] Update package versioning for TIS format
---
SPECS/lshell.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/lshell.spec b/SPECS/lshell.spec
index 0fd4d17..e5f1317 100644
--- a/SPECS/lshell.spec
+++ b/SPECS/lshell.spec
@@ -2,7 +2,7 @@
Name: lshell
Version: 0.9.16
-Release: 6%{?dist}
+Release: 5.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: A Python-based limited shell
License: GPLv3+
--
1.8.3.1

3
base/lshell/centos/meta_patches/PATCH_ORDER Normal file
View File

@ -0,0 +1,3 @@
spec-include-TiS-changes.patch
spec-update-lshell-conf-allowed-list.patch
0001-Update-package-versioning-for-TIS-format.patch

87
base/lshell/centos/meta_patches/spec-include-TiS-changes.patch Normal file
View File

@ -0,0 +1,87 @@
lshell.spec: to include Titanium Cloud changes
To include the Titanium Cloud specific changes from:
wr-cgcs/layers/cgcs/recipes-base/lshell/files
diff -u b/SPECS/lshell.spec b/SPECS/lshell.spec
--- b/SPECS/lshell.spec
+++ b/SPECS/lshell.spec
@@ -1,3 +1,5 @@
+%define WRSROOT_P cBglipPpsKwBQ
+
Name: lshell
Version: 0.9.16
Release: 5%{?dist}
@@ -6,6 +8,15 @@
License: GPLv3+
URL: https://github.com/ghantoos/lshell
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+Source1: cgcs_cli
+Source2: lshell.conf
+Source3: wrs.sudo
+Source4: lshell_env_setup
+Patch1: lshell_cgcs.patch
+Patch2: lshell-source-support.patch
+Patch3: lshell-prompt-change-support.patch
+Patch4: lshell-newline-escape-character-support.patch
+Patch5: lshell-shell-escape-check.patch
BuildArch: noarch
BuildRequires: python2-devel
@@ -20,6 +31,11 @@
%setup -q
#Fix permission
chmod -x CHANGES
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
%build
%{__python2} setup.py build
@@ -27,10 +43,25 @@
%install
%{__python2} setup.py install -O1 --skip-build --root=%{buildroot}
# Doc files at the wrong place
-rm %{buildroot}%{_defaultdocdir}/lshell/{CHANGES,COPYING,README}
+rm -f %{buildroot}%{_defaultdocdir}/lshell/{CHANGES,COPYING,README}
+mkdir -p ${RPM_BUILD_ROOT}/usr/local/bin
+install -m 755 ${RPM_SOURCE_DIR}/cgcs_cli ${RPM_BUILD_ROOT}/usr/local/bin/cgcs_cli
+install -m 755 ${RPM_SOURCE_DIR}/lshell_env_setup ${RPM_BUILD_ROOT}/usr/local/bin/lshell_env_setup
+install -d ${RPM_BUILD_ROOT}/etc
+install -m 644 ${RPM_SOURCE_DIR}/lshell.conf ${RPM_BUILD_ROOT}/etc/lshell.conf
+install -d ${RPM_BUILD_ROOT}/etc/sudoers.d
+cp ${RPM_SOURCE_DIR}/wrs.sudo wrs.sudo
+echo 'Defaults passprompt="Password: "' >> wrs.sudo
+install -m 440 wrs.sudo ${RPM_BUILD_ROOT}/etc/sudoers.d/wrs
%pre
getent group lshell >/dev/null || groupadd -r lshell
+getent group wrs >/dev/null || groupadd -r wrs
+getent group wrs_protected >/dev/null || groupadd -f -g 345 wrs_protected
+getent passwd wrsroot > /dev/null || \
+useradd -m -g wrs -G root,wrs_protected \
+ -d /home/wrsroot -p %{WRSROOT_P} \
+ -s /bin/sh wrsroot 2> /dev/null || :
%post
grep -q '^%{_bindir}/%{name}$' %{_sysconfdir}/shells || \
@@ -42,13 +73,13 @@
fi
%files
-%doc CHANGES COPYING README
-%{_mandir}/man*/*.*
%{_bindir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%config(noreplace) %{_sysconfdir}/sudoers.d/wrs
%{python_sitelib}/lshell/
%{python_sitelib}/%{name}*.egg-info
+/usr/local/bin/cgcs_cli
+/usr/local/bin/lshell_env_setup
%changelog
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.16-5

15
base/lshell/centos/meta_patches/spec-update-lshell-conf-allowed-list.patch Normal file
View File

@ -0,0 +1,15 @@
---
lshell.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/SPECS/lshell.spec
+++ b/SPECS/lshell.spec
@@ -2,7 +2,7 @@
Name: lshell
Version: 0.9.16
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: A Python-based limited shell
License: GPLv3+

1
base/lshell/centos/srpm_path Normal file
View File

@ -0,0 +1 @@
mirror:Source/lshell-0.9.16-5.el7.src.rpm

2
base/lshell/files/cgcs_cli Executable file
View File

@ -0,0 +1,2 @@
#!/bin/sh
/usr/bin/lshell

53
base/lshell/files/lshell-newline-escape-character-support.patch Normal file
View File

@ -0,0 +1,53 @@
---
lshell/shellcmd.py | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
--- a/lshell/shellcmd.py
+++ b/lshell/shellcmd.py
@@ -74,6 +74,7 @@ class ShellCmd(cmd.Cmd, object):
self.promptbase = getuser()
self.prompt = '%s:~$ ' % self.promptbase
+ self.prompt2 = '> ' # PS2 prompt
self.intro = self.conf['intro']
@@ -670,6 +671,12 @@ class ShellCmd(cmd.Cmd, object):
self.stdout.write("%s\n" % self.intro)
if self.conf['login_script']:
self.loginCmdParse(self.conf['login_script'])
+
+ # for long commands, a user may escape the new line
+ # by giving a bash like '\' character at the end of
+ # the line. cmdloop() needs to recognize that and
+ # create an appended line before sending it to onecmd()
+ partial_line = ""
stop = None
while not stop:
if self.cmdqueue:
@@ -691,7 +698,24 @@ class ShellCmd(cmd.Cmd, object):
line = 'EOF'
else:
line = line[:-1] # chop \n
- line = self.precmd(line)
+
+ if len(line) > 1 and line.startswith('\\'):
+ # implying previous partial line
+ line = line[:1].replace('\\', '', 1)
+ if partial_line:
+ line = partial_line + line
+ if line.endswith('\\'):
+ # continuation character. First partial line.
+ # We shall expect the command to continue in
+ # a new line. Change to bash like PS2 prompt to
+ # indicate this continuation to the user
+ partial_line = line.strip('\\')
+ self.prompt = self.prompt2 # switching to PS2
+ continue
+ partial_line = ""
+
+ self.updateprompt(os.getcwd())
+ line = self.precmd(line)
stop = self.onecmd(line)
stop = self.postcmd(stop, line)
self.postloop()

139
base/lshell/files/lshell-prompt-change-support.patch Normal file
View File

@ -0,0 +1,139 @@
---
lshell/shellcmd.py | 77 ++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 71 insertions(+), 6 deletions(-)
--- a/lshell/shellcmd.py
+++ b/lshell/shellcmd.py
@@ -28,6 +28,7 @@ import readline
import glob
import subprocess
+from time import gmtime, strftime
from utils import get_aliases
@@ -50,6 +51,9 @@ class ShellCmd(cmd.Cmd, object):
else:
self.stderr = stderr
+ # create a devnull device
+ self.devnull = open(os.devnull, 'w')
+
self.args = args
self.conf = userconf
self.log = self.conf['logpath']
@@ -145,13 +149,63 @@ class ShellCmd(cmd.Cmd, object):
self.g_cmd, self.g_arg, self.g_line = ['', '', '']
return object.__getattribute__(self, attr)
+ def check_prompt(self, var, value):
+ """ check if user is attempting to
+ modify shell prompt and if so then
+ update the prompt
+ """
+ if 'PS' in var:
+ if 'PS1' in var:
+ # update prompt
+ self.promptbase = self.setprompt(
+ {'prompt' : value.strip('\n').strip('\r')})
+ self.updateprompt(os.getcwd())
+ else:
+ self.log.critical("*** forbidden %s prompt change requested. "
+ "Only PS1 changes permissible" % var)
+
+
def setprompt(self, conf):
""" set prompt used by the shell
"""
if conf.has_key('prompt'):
promptbase = conf['prompt']
- promptbase = promptbase.replace('%u', getuser())
- promptbase = promptbase.replace('%h', os.uname()[1].split('.')[0])
+ # Recognize shell name control command
+ promptbase = re.sub(r'\\s', 'lshell',
+ promptbase)
+ # Recognize username control command
+ promptbase = re.sub(r'\\u|%u', getuser(),
+ promptbase)
+ # Recognize hostname control command
+ promptbase = re.sub(r'\\h|%h', os.uname()[1].split('.')[0],
+ promptbase)
+ # Recognize full hostname control command
+ promptbase = re.sub(r'\\H', os.uname()[1],
+ promptbase)
+ # Recognize time control commands
+ promptbase = re.sub(r'\\t', strftime("%H:%M:%S", gmtime()),
+ promptbase)
+ promptbase = re.sub(r'\\T', strftime("%I:%M:%S", gmtime()),
+ promptbase)
+ promptbase = re.sub(r'\\A', strftime("%H:%M", gmtime()),
+ promptbase)
+ promptbase = re.sub(r'\\@', strftime("%I:%M:%S%p", gmtime()),
+ promptbase)
+ promptbase = re.sub(r'\\d', strftime("%a %b %d", gmtime()),
+ promptbase)
+ ########################################################
+ # The following control commands are not supported: #
+ # v - the shell version #
+ # V - the shell release version #
+ # w - Complete path of current working directory #
+ # W - the basename of the current working directory #
+ # ! - the history number of this command #
+ # # - the command number of this command #
+ # $? - status of the last command #
+ # $() - any command executions #
+ ########################################################
+ promptbase = re.sub(r'\\v|\\V|\\w|\\W|\\!|\\#|\\\$\?|\\\$\(.*\)|\\\$', '',
+ promptbase)
else:
promptbase = getuser()
@@ -199,7 +253,7 @@ class ShellCmd(cmd.Cmd, object):
def export(self):
""" export environment variables """
# if command contains at least 1 space
- if self.g_line.count(' '):
+ if self.g_line.count(' '):
env = self.g_line.split(" ", 1)[1]
# if it conatins the equal sign, consider only the first one
if env.count('='):
@@ -216,6 +270,10 @@ class ShellCmd(cmd.Cmd, object):
cin, cout = os.popen2('`which echo` %s' % value)
value = cout.readlines()[0]
+ # check if new exported environment
+ # is a prompt change command
+ self.check_prompt(var, value)
+
os.environ.update({var: value.rstrip()})
def source(self):
@@ -485,11 +543,14 @@ class ShellCmd(cmd.Cmd, object):
p = subprocess.Popen( "`which echo` %s" % item,
shell=True,
stdin=subprocess.PIPE,
- stdout=subprocess.PIPE )
+ stdout=subprocess.PIPE,
+ stderr = self.devnull )
(cin, cout) = (p.stdin, p.stdout)
except ImportError:
- cin, cout = os.popen2('`which echo` %s' % item)
- item = cout.readlines()[0].split(' ')[0].strip()
+ cin, cout = os.popen2('`which echo` %s 2>/dev/null' % item)
+ shellresponse = cout.readlines()
+ if shellresponse:
+ item = shellresponse[0].split(' ')[0].strip()
item = os.path.expandvars(item)
tomatch = os.path.realpath(item)
if os.path.isdir(tomatch) and tomatch[-1] != '/': tomatch += '/'
@@ -559,6 +620,10 @@ class ShellCmd(cmd.Cmd, object):
if len(env) is not 2:
continue
newenv.update(dict([env]))
+ # check if the new environment includes
+ # any Shell prompt change commands
+ self.check_prompt(env[0], env[1])
+
os.environ.update(newenv)
def loginCmdParse(self, script):

121
base/lshell/files/lshell-shell-escape-check.patch Normal file
View File

@ -0,0 +1,121 @@
---
lshell/shellcmd.py | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 77 insertions(+), 3 deletions(-)
--- a/lshell/shellcmd.py
+++ b/lshell/shellcmd.py
@@ -30,7 +30,7 @@ import subprocess
from time import gmtime, strftime
from utils import get_aliases
-
+from distutils.spawn import find_executable
class ShellCmd(cmd.Cmd, object):
""" Main lshell CLI class
@@ -337,6 +337,44 @@ class ShellCmd(cmd.Cmd, object):
# strip all spaces/tabs
line = " ".join(line.split())
+ # Expand all variables
+ line = os.path.expandvars(line)
+
+ # *** AWK HOOK *** #
+ # Before we begin, check if user is trying
+ # to pass an awk script to the awk interpreter
+ # and disallow that option.
+ #
+ # Also disallow inline vars in awk since an attacker
+ # may use that to scramble a forbidden cmd
+ # such as the following shell escape:
+ # (awk -v X=ba -v Y=ash 'BEGIN { system("/bin/"X Y) }'
+ #
+ # In an ideal world we should parse the awk script
+ # and inline vars for forbidden paths and commands
+ # but that will require some gnarly regexes (esp for
+ # the inline vars). Deferring this as TODO
+ if re.match(r'\s*awk.*-f\s*[\w/~]+', line):
+ return self.warn_count('awk script option', oline, strict, ssh)
+ if re.match(r'\s*awk.*-v\s*\w+=', line):
+ return self.warn_count('awk inline variable option', oline, strict, ssh)
+
+
+ # process all quoted text seperately
+ # This logic is kept crudely simple on purpose.
+ # At most we might match the same stanza twice
+ # (for e.g. "'a'", 'a') but the converse would
+ # require detecting single quotation stanzas
+ # nested within double quotes and vice versa
+ relist = re.findall(r'[^=]\"(.+)\"',line)
+ relist2 = re.findall(r'[^=]\'(.+)\'',line)
+ relist = relist + relist2
+ for item in relist:
+ if self.check_secure(item, strict = strict):
+ return 1
+ if self.check_path(item, strict = strict):
+ return 1
+
# ignore quoted text
line = re.sub(r'\"(.+?)\"', '', line)
line = re.sub(r'\'(.+?)\'', '', line)
@@ -438,7 +476,8 @@ class ShellCmd(cmd.Cmd, object):
new_cmd_line = 'export ' + oline
self.g_line = new_cmd_line
self.check_secure(new_cmd_line, strict = strict)
- else:
+ # filter out macros, text or constructs that got picked up as commands
+ elif command.islower() and find_executable(command):
return self.warn_count('command', oline, strict, ssh, command)
return 0
@@ -499,6 +538,7 @@ class ShellCmd(cmd.Cmd, object):
%(self.conf['warning_counter']))
self.stderr.write('This incident has been reported.\n')
+
def check_path(self, line, completion=None, ssh=None, strict=None):
""" Check if a path is entered in the line. If so, it checks if user \
are allowed to see this path. If user is not allowed, it calls \
@@ -594,7 +634,41 @@ class ShellCmd(cmd.Cmd, object):
detect the new environment and then use that to update the \
environ of the lshell process.
"""
- pipe = subprocess.Popen("%s; env -0" % script,
+ try:
+ script_path = os.path.expanduser(script.\
+ strip("source").split()[0])
+ script_path = os.path.expandvars(script_path)
+ with open (script_path) as fd:
+ content = fd.readlines()
+ content = [line.strip('\n') for line in content]
+
+ # Although rare in a normal cases, an attacker
+ # may attempt to bypass line validation by
+ # scrambling commands via line continuations
+ partial_line = ""
+ for i,line in enumerate(content):
+ if line.startswith('#'):
+ continue
+ if len(line) > 1 and line.startswith('\\'):
+ # implying previous partial line
+ content[i] = line[:1].replace('\\', '', 1)
+ if partial_line:
+ content[i] = partial_line + line
+ if line.endswith('\\'):
+ # continuation character. First partial line.
+ # We shall expect the command to continue in
+ # a new line.
+ partial_line = content[i].strip('\\')
+ continue
+ partial_line = ""
+ if self.check_secure(content[i]):
+ return
+ if self.check_path(content[i]):
+ return
+ except:
+ pass
+
+ pipe = subprocess.Popen("%s; env -0" % script,
bufsize=1,
stdout=subprocess.PIPE,
shell=True)

106
base/lshell/files/lshell-source-support.patch Normal file
View File

@ -0,0 +1,106 @@
---
lshell/shellcmd.py | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 64 insertions(+), 1 deletion(-)
--- a/lshell/shellcmd.py
+++ b/lshell/shellcmd.py
@@ -26,6 +26,7 @@ import re
import signal
import readline
import glob
+import subprocess
from utils import get_aliases
@@ -128,6 +129,9 @@ class ShellCmd(cmd.Cmd, object):
# builtin export function
elif self.g_cmd == 'export':
self.export()
+ # builtin source function
+ elif self.g_cmd == 'source':
+ self.source()
# case 'cd' is in an alias e.g. {'toto':'cd /var/tmp'}
elif self.g_line[0:2] == 'cd':
self.g_cmd = self.g_line.split()[0]
@@ -214,6 +218,14 @@ class ShellCmd(cmd.Cmd, object):
os.environ.update({var: value.rstrip()})
+ def source(self):
+ """ implementation of the "source" command
+ """
+ # ensure if command contains at least 1 space
+ if self.g_line.count(' '):
+ source_script = self.g_line
+ self.sourceShell(source_script)
+
def cd(self):
""" implementation of the "cd" command
"""
@@ -515,6 +527,57 @@ class ShellCmd(cmd.Cmd, object):
else:
self.prompt = '%s:%s$ ' % (self.promptbase, path)
+ def sourceShell(self, script):
+ """Source the shell script and call env when done in order to \
+ detect the new environment and then use that to update the \
+ environ of the lshell process.
+ """
+ pipe = subprocess.Popen("%s; env -0" % script,
+ bufsize=1,
+ stdout=subprocess.PIPE,
+ shell=True)
+
+ iterator = iter(pipe.stdout.readline, b'')
+ outputlist = list(iterator)
+ output = ''
+ for i, line in enumerate(outputlist):
+ if i == (len(outputlist) -1):
+ output = line
+ else:
+ sys.stdout.write(line)
+
+ # output may pick up some echos at the end of script and merge
+ # with the first line in env. Test for this and echo those to stdout
+ envList = output.split('\0')
+ firstenv = re.findall('^\S+=\S+$', envList[0], re.MULTILINE)
+ if firstenv:
+ print envList[0].strip(firstenv[0])
+ envList[0] = firstenv[0]
+ newenv = {}
+ for line in envList:
+ env = line.split("=", 1)
+ if len(env) is not 2:
+ continue
+ newenv.update(dict([env]))
+ os.environ.update(newenv)
+
+ def loginCmdParse(self, script):
+ """Parse the login command specified in login_script. \
+ If login_script or a sub script sources a bash config \
+ then call shell_source()
+ """
+ # if multiple commands are chained together, execute
+ # them individually. We will not support conditional
+ # chaining (&& or ||) since that would required the
+ # additional complexity of checking the retcode of
+ # the previous command
+ cmds = script.split(";")
+ for cmd in cmds:
+ if "source" in cmd:
+ self.sourceShell(cmd)
+ else:
+ os.system(cmd)
+
def cmdloop(self, intro=None):
"""Repeatedly issue a prompt, accept input, parse an initial prefix \
off the received input, and dispatch to action methods, passing them \
@@ -541,7 +604,7 @@ class ShellCmd(cmd.Cmd, object):
if self.intro and isinstance(self.intro, str):
self.stdout.write("%s\n" % self.intro)
if self.conf['login_script']:
- os.system(self.conf['login_script'])
+ self.loginCmdParse(self.conf['login_script'])
stop = None
while not stop:
if self.cmdqueue:

94
base/lshell/files/lshell.conf Normal file
View File

@ -0,0 +1,94 @@
# lshell.py configuration file
#
# $Id: lshell.conf,v 1.27 2010-10-18 19:05:17 ghantoos Exp $
[global]
## log directory (default /var/log/lshell/ )
logpath : /var/log/lshell/
## set log level to 0, 1, 2, 3 or 4 (0: no logs, 1: least verbose,
## 4: log all commands)
loglevel : 2
## configure log file name (default is %u i.e. username.log)
#logfilename : %y%m%d-%u
#logfilename : syslog
## in case you are using syslog, you can choose your logname
#syslogname : myapp
[default]
## a list of the allowed commands or 'all' to allow all commands in user's PATH
allowed : ['source','vim','awk','cut','grep','cat','env','export', 'read', 'pwd','ls','echo','cd','ll','less','cp','scp','sftp','mv','rm','nova','system','neutron','cinder','glance','ceilometer','heat','keystone','passwd','openstack']
## a list of forbidden character or commands -- deny vim, as it allows to escape lshell
#forbidden : [';', '&', '|','`','>','<', '$(', '${']
forbidden : [';', '&', '>','<', '$(']
## a list of allowed command to use with sudo(8)
#sudo_commands : ['ls', 'more']
## number of warnings when user enters a forbidden value before getting
## exited from lshell, set to -1 to disable.
warning_counter : 2
## command aliases list (similar to bashs alias directive)
aliases : {'ll':'ls -l', 'vim':'rvim'}
## introduction text to print (when entering lshell)
#intro : "== My personal intro ==\nWelcome to lshell\nType '?' or 'help' to get the list of allowed commands"
## configure your promt using %u or %h (default: username)
prompt : "%u@%h"
## set sort prompt current directory update (default: 0)
#prompt_short : 0
## a value in seconds for the session timer
timer : 900
## list of path to restrict the user "geographicaly"
#path : ['/home/bla/','/etc']
## set the home folder of your user. If not specified the home_path is set to
## the $HOME environment variable
#home_path : '/home/bla/'
## update the environment variable $PATH of the user
#env_path : ':/usr/local/bin:/usr/sbin'
## a list of path; all executable files inside these path will be allowed
#allowed_cmd_path: ['/home/bla/bin','/home/bla/stuff/libexec']
## add environment variables
#env_vars : {'foo':1, 'bar':'helloworld'}
env_vars : {'OPENRC_TEMPLATE':'/etc/nova/ldap_openrc_template'}
## allow or forbid the use of scp (set to 1 or 0)
#scp : 1
## forbid scp upload
#scp_upload : 0
## forbid scp download
#scp_download : 0
## allow of forbid the use of sftp (set to 1 or 0)
#sftp : 1
## list of command allowed to execute over ssh (e.g. rsync, rdiff-backup, etc.)
#overssh : ['ls', 'rsync']
## logging strictness. If set to 1, any unknown command is considered as
## forbidden, and user's warning counter is decreased. If set to 0, command is
## considered as unknown, and user is only warned (i.e. *** unknown synthax)
strict : 0
## force files sent through scp to a specific directory
#scpforce : '/home/bla/uploads/'
## history file maximum size
history_size : 100
## set history file name (default is /home/%u/.lhistory)
#history_file : "/home/%u/.lshell_history"
## define the script to run at user login
login_script : "source /usr/local/bin/lshell_env_setup --mute; install -m 0500 /usr/local/bin/lshell_env_setup ~/"

54
base/lshell/files/lshell_cgcs.patch Normal file
View File

@ -0,0 +1,54 @@
Index: lshell-0.9.16/setup.py
===================================================================
--- lshell-0.9.16.orig/setup.py
+++ lshell-0.9.16/setup.py
@@ -40,10 +40,7 @@ choose a list of allowed commands for ev
scripts = ['bin/lshell'],
package_dir = {'lshell':'lshell'},
packages = ['lshell'],
- data_files = [('/etc', ['etc/lshell.conf']),
- ('/etc/logrotate.d', ['etc/logrotate.d/lshell']),
- ('share/doc/lshell',['README', 'COPYING', 'CHANGES']),
- ('share/man/man1/', ['man/lshell.1']) ],
+ data_files = [],
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Console'
Index: lshell-0.9.16/lshell/shellcmd.py
===================================================================
--- lshell-0.9.16.orig/lshell/shellcmd.py
+++ lshell-0.9.16/lshell/shellcmd.py
@@ -199,7 +199,7 @@ class ShellCmd(cmd.Cmd, object):
env = self.g_line.split(" ", 1)[1]
# if it conatins the equal sign, consider only the first one
if env.count('='):
- var, value = env.split(' ')[0].split('=')[0:2]
+ var, value = env.split('=', 1)
# expand values, if variable is surcharged by other variables
try:
import subprocess
@@ -212,7 +212,7 @@ class ShellCmd(cmd.Cmd, object):
cin, cout = os.popen2('`which echo` %s' % value)
value = cout.readlines()[0]
- os.environ.update({var: value})
+ os.environ.update({var: value.rstrip()})
def cd(self):
""" implementation of the "cd" command
@@ -361,7 +361,14 @@ class ShellCmd(cmd.Cmd, object):
# for all other commands check in allowed list
if command not in self.conf['allowed'] and command:
- return self.warn_count('command', oline, strict, ssh, command)
+ export_pattern = re.compile('^[a-zA-Z0-9\-\_]*=')
+ if export_pattern.match(oline):
+ self.g_cmd = 'export'
+ new_cmd_line = 'export ' + oline
+ self.g_line = new_cmd_line
+ self.check_secure(new_cmd_line, strict = strict)
+ else:
+ return self.warn_count('command', oline, strict, ssh, command)
return 0
def warn_count(self, messagetype, line=None, strict=None, ssh=None, command=None):

100
base/lshell/files/lshell_env_setup Executable file
View File

@ -0,0 +1,100 @@
#!/bin/bash
MAX_OPENRC_LEN=100
read -p "Pre-store Keystone user credentials for this session? (y/N): " confirm
confirm=${confirm,,}
if [ "$confirm" == "y" ] || [ "$confirm" = "yes" ]; then
if [ -z "$OPENRC_TEMPLATE" ] || [ ! -f `echo $OPENRC_TEMPLATE` ]; then
read -p "env[OPENRC_TEMPLATE] not set.
Hints will not be available for certain options. Continue anyways? (Y/n): " confirm
confirm=${confirm,,}
([ "$confirm" == "n" ] || [ "$confirm" == "no" ]) && exit 0
else
# Check if we are to run Muted
[ "$1" = "--mute" ] && MUTE=1
# Load default values for System URL, Region and Keystone URL
defEnv=( $(cat $OPENRC_TEMPLATE) )
defEnvLen=${#defEnv[@]}
[ "$defEnvLen" -gt "$MAX_OPENRC_LEN" ] && \
defEnvLen="$MAX_OPENRC_LEN"
for (( i=0; i<$defEnvLen; i++));
do
if [[ ${defEnv[$i]} =~ OS_AUTH_URL=(.*)$ ]]; then
def_os_auth_url=${BASH_REMATCH[1]}
elif [[ ${defEnv[$i]} =~ OS_REGION_NAME=(.*)$ ]]; then
def_os_region_name=${BASH_REMATCH[1]}
elif [[ ${defEnv[$i]} =~ OS_PROJECT_NAME=(.*)$ ]]; then
def_os_project_name=${BASH_REMATCH[1]}
elif [[ ${defEnv[$i]} =~ OS_USER_DOMAIN_NAME=(.*)$ ]]; then
def_os_user_domain_name=${BASH_REMATCH[1]}
elif [[ ${defEnv[$i]} =~ OS_PROJECT_DOMAIN_NAME=(.*)$ ]]; then
def_os_project_domain_name=${BASH_REMATCH[1]}
fi
done
fi
read -p "Enter Keystone username [$USER]: " os_user
[ -z "$os_user" ] && os_user="$USER"
read -p "Enter Keystone user domain name: " os_user_domain_name
[ -z "$os_user_domain_name" ] && os_user_domain_name="$def_os_user_domain_name"
read -p "Enter Project name: " os_project_name
[ -z "$os_project_name" ] && os_project_name="$def_os_project_name"
read -p "Enter Project domain name: " os_project_domain_name
[ -z "$os_project_domain_name" ] && os_project_domain_name="$def_os_project_domain_name"
read -s -p "Enter Keystone password: " os_pass
[ -z "$os_pass" ] && \
echo -n "Invalid password entry. Aborting!" && exit 1
# if we are not in mute mode then ask for these
# from user as input
if [ -z "$MUTE" ]; then
if [ -z "$def_os_region_name" ]; then
read -p "\n\nEnter Keystone Region Name: " os_region
else
read -p "Enter Keystone Region Name [$def_os_region_name]: " os_region
[ -z "$os_region" ] && os_region="$def_os_region_name"
fi
if [ -z "$def_os_auth_url" ]; then
read -p "Enter Keystone Authentication URL: " os_auth_url
else
read -p "Enter Keystone Authentication URL [$def_os_auth_url]: " os_auth_url
[ -z "$os_auth_url" ] && os_auth_url="$def_os_auth_url"
fi
else
# In MUTE mode
os_region="$def_os_region_name"
echo ""; echo ""
echo "Using default Openstack Region Name: $os_region"
os_auth_url="$def_os_auth_url"
echo "Using default Openstack Authentication URL: $os_auth_url"
echo "To set these to non-default, run \"source ~/$(basename $BASH_SOURCE)\" in your shell"
fi
# set user environment which will be valid for
# the duration of this session
# Since lshell is running for internal clients
# move OS ENDPOINT TYPE to internalURL
export OS_ENDPOINT_TYPE="internalURL"
export CINDER_ENDPOINT_TYPE="internalURL"
export OS_INTERFACE="internal"
export OS_USERNAME="$os_user"
export OS_PASSWORD="$os_pass"
export OS_PROJECT_NAME="$os_project_name"
export OS_USER_DOMAIN_NAME="$os_user_domain_name"
export OS_PROJECT_DOMAIN_NAME="$os_project_domain_name"
export OS_AUTH_URL="$os_auth_url"
export OS_IDENTITY_API_VERSION=3
export OS_REGION_NAME="$os_region"
# modify PS1 prompt
newprompt="[\u@\h \W($os_user)]\$ "
export PS1="$newprompt"
echo ""
echo "Keystone credentials preloaded!"
fi

11
base/lshell/files/wrs.sudo Normal file
View File

@ -0,0 +1,11 @@
##
## User privilege specification
##
wrsroot ALL=(ALL) ALL
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_controller
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_region
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_subcloud
wrsroot ALL=(root) NOPASSWD: /usr/bin/config_management
wrsroot ALL=(root) NOPASSWD: /usr/local/sbin/collect
Defaults lecture=never, secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin

202
base/namespace-utils/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

2
base/namespace-utils/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
SRC_DIR="namespace-utils"
TIS_PATCH_VER=0

35
base/namespace-utils/centos/namespace-utils.spec Normal file
View File

@ -0,0 +1,35 @@
%define _CC gcc
Summary: namespace utils
Name: namespace-utils
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: %{name}-%{version}.tar.gz
%description
Titanium Cloud namespace utilities
%prep
%setup -q
%build
%{_CC} -o bashns bashns.c
%install
rm -rf ${RPM_BUILD_ROOT}
install -d -m 755 ${RPM_BUILD_ROOT}%{_sbindir}
install -m 500 bashns ${RPM_BUILD_ROOT}%{_sbindir}
install -m 500 umount-in-namespace ${RPM_BUILD_ROOT}%{_sbindir}
%clean
rm -rf ${RPM_BUILD_ROOT}
%files
%license LICENSE
%defattr(-,root,root,-)
%{_sbindir}/umount-in-namespace
%{_sbindir}/bashns

202
base/namespace-utils/namespace-utils/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

59
base/namespace-utils/namespace-utils/bashns.c Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright (c) 2015 Wind River Systems, Inc.
*
* SPDX-License-Identifier: Apache-2.0
*
*/
#define _GNU_SOURCE
#include <sched.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
void usage(char *name)
{
printf("usage: %s <pid>\n", name);
}
int main(int argc, char **argv) {
if (argc < 2) {
printf("usage: %s <pid>\n", argv[0]);
return -1;
}
int pid = atoi(argv[1]);
printf("trying to open filesystem namespace of pid %d\n", pid);
char buf[100];
sprintf(buf, "/proc/%d/ns/mnt", pid);
printf("trying to open %s\n", buf);
int fd = open(buf, O_RDWR);
if (fd < 1) {
perror("unable to open file");
return -1;
}
printf("got fd, trying to set namespace\n");
int rc = setns(fd, 0);
if (rc < 0) {
perror("unable to set namespace");
return -1;
}
printf("entered namespace successfully, trying to exec bash\n");
rc = execvp("bash", 0);
if (rc < 0) {
perror("unable to exec bash");
return -1;
}
}

25
base/namespace-utils/namespace-utils/umount-in-namespace Normal file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#
# Copyright (c) 2015 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
MNT=$1
SELF_NS=$(ls -l /proc/self/ns/mnt 2>/dev/null| sed -r 's/.*\[(.*)\]/\1/')
ls -l /proc/*/ns/mnt 2>/dev/null| sed -r 's/.*\[(.*)\]/\1/' | sort -u | while read ns
do
if [ "$ns" = "$SELF_NS" ]
then
continue
fi
ls -l /proc/*/ns/mnt 2>/dev/null | grep $ns |grep '/proc/[0-9]*/' | sed -r 's#.*/proc/([0-9]*)/ns.*#\1#' | while read pid
do
echo "umount -n -l $MNT" | /usr/sbin/bashns $pid
done
done

2
base/nss-pam-ldapd/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
COPY_LIST="files/*"
TIS_PATCH_VER=4

25
base/nss-pam-ldapd/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch Normal file
View File

@ -0,0 +1,25 @@
From 2fb3bb85ad9c2627f8e7f11a64d6dd2f967fb230 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 26 Sep 2016 17:40:10 -0400
Subject: [PATCH] Update package versioning for TIS format
---
SPECS/nss-pam-ldapd.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index 72aa77f..e04eb55 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -39,7 +39,7 @@
Name: nss-pam-ldapd
Version: 0.8.13
-Release: 8%{?dist}
+Release: 8.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: An nsswitch module which uses directory servers
Group: System Environment/Base
License: LGPLv2+
--
1.8.3.1

4
base/nss-pam-ldapd/centos/meta_patches/PATCH_ORDER Normal file
View File

@ -0,0 +1,4 @@
spec-TiS-changes.patch
spec-bind-nslcd-to-rootDN.patch
remove-custom-nslcd-conf-file.patch
0001-Update-package-versioning-for-TIS-format.patch

34
base/nss-pam-ldapd/centos/meta_patches/remove-custom-nslcd-conf-file.patch Normal file
View File

@ -0,0 +1,34 @@
From a34da1b06ffa8684fdeb89f373921c61a9ac5fbc Mon Sep 17 00:00:00 2001
From: Saju Oommen <saju.oommen@windriver.com>
Date: Mon, 15 Jan 2018 14:19:08 -0500
Subject: [PATCH 1/1] remove-custom-nslcd-conf-file
---
SPECS/nss-pam-ldapd.spec | 4 ----
1 file changed, 4 deletions(-)
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index 4390a16..107b4ea 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -49,7 +49,6 @@ Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.s
Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
-Source5: nslcd.conf
Patch1: nss-pam-ldapd-0.8.12-validname.patch
Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch
@@ -167,9 +166,6 @@ mkdir -p -m 0755 $RPM_BUILD_ROOT/etc/tmpfiles.d
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/tmpfiles.d/%{name}.conf
%endif
-# WRS
-install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
-
%clean
rm -rf $RPM_BUILD_ROOT
--
1.8.3.1

45
base/nss-pam-ldapd/centos/meta_patches/spec-TiS-changes.patch Normal file
View File

@ -0,0 +1,45 @@
nss-pam-ldapd: include Titanium Cloud changes
New nss-pam-ldapd uses default ldap group ID, so we set
gid in nslcd.conf to ldap.
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index 72aa77f..20fe844 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -49,6 +49,7 @@ Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.s
Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
+Source5: nslcd.conf
Patch1: nss-pam-ldapd-0.8.12-validname.patch
Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch
@@ -166,6 +167,9 @@ mkdir -p -m 0755 $RPM_BUILD_ROOT/etc/tmpfiles.d
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/tmpfiles.d/%{name}.conf
%endif
+# WRS
+install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -249,12 +253,13 @@ if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
grep -E '^host[[:blank:]]' $source |\
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target
fi
+ # WRS: we don't want to change our custom base in nslcd.conf
# Base doesn't require any special logic.
- if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
+ # if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default base and replace it.
- sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
- grep -E '^base[[:blank:]]' $source >> $target
- fi
+ # sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
+ # grep -E '^base[[:blank:]]' $source >> $target
+ # fi
# Pull in these settings, if they're set, directly.
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
grep -E '^(tls_)' $source 2> /dev/null >> $target

27
base/nss-pam-ldapd/centos/meta_patches/spec-bind-nslcd-to-rootDN.patch Normal file
View File

@ -0,0 +1,27 @@
From cc70f1c5fb9c2f632a48968cf5eac2cb20210d1e Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Thu, 13 Apr 2017 11:43:59 -0400
Subject: [PATCH] specify rootDN as bindDN in nslcd to prevent writes over
anonymous binds.
---
SPECS/nss-pam-ldapd.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index 9c0dc91..4390a16 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -261,7 +261,8 @@ if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
# grep -E '^base[[:blank:]]' $source >> $target
# fi
# Pull in these settings, if they're set, directly.
- grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
+ # WRS: we don't want change our custom binddn and bindpw in nslcd.conf
+ grep -E '^(port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
grep -E '^(tls_)' $source 2> /dev/null >> $target
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target
fi
--
1.8.3.1

1
base/nss-pam-ldapd/centos/srpm_path Normal file
View File

@ -0,0 +1 @@
mirror:Source/nss-pam-ldapd-0.8.13-8.el7.src.rpm

14
base/nss-pam-ldapd/files/login Normal file
View File

@ -0,0 +1,14 @@
auth sufficient pam_unix.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_ldap.so
account required pam_permit.so
session required pam_unix.so
session optional pam_ldap.so
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so try_first_pass
password required pam_deny.so

109
base/nss-pam-ldapd/files/nslcd.init Executable file
View File

@ -0,0 +1,109 @@
#! /bin/sh
# /etc/init.d/nslcd script for starting and stopping nslcd
# Copyright (C) 2006 West Consulting
# Copyright (C) 2006, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA
### BEGIN INIT INFO
# Provides: nslcd
# Required-Start: $remote_fs $syslog $time
# Required-Stop: $remote_fs $syslog
# Should-Start: $named $network slapd
# Should-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: LDAP connection daemon
# Description: nslcd is a LDAP connection daemon that is used to
# do LDAP queries for the NSS and PAM modules.
### END INIT INFO
PATH=/bin:/usr/bin:/sbin:/usr/sbin
NSLCD_NAME=nslcd
NSLCD_BIN=/usr/sbin/$NSLCD_NAME
NSLCD_DESC="LDAP connection daemon"
NSLCD_CFG=/etc/nslcd.conf
NSLCD_STATEDIR=/var/run/nslcd
NSLCD_PIDFILE=$NSLCD_STATEDIR/nslcd.pid
[ -x "$NSLCD_BIN" ] || exit 0
[ -f "$NSLCD_CFG" ] || exit 0
. /lib/lsb/init-functions
# read defaults
[ -f /etc/default/$NSLCD_NAME ] && . /etc/default/$NSLCD_NAME
case "$1" in
start)
# set up state directory
[ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
chown nslcd:nslcd "$NSLCD_STATEDIR" )
# start nslcd
log_begin_msg "Starting $NSLCD_DESC" "$NSLCD_NAME"
# THIS IS ONLY TEMPORARY
create-cracklib-dict /usr/share/cracklib/cracklib-small > /dev/null 2>&1
start-stop-daemon --start --oknodo \
--pidfile $NSLCD_PIDFILE \
--startas $NSLCD_BIN
log_end_msg $?
;;
stop)
# stop nslcd
log_begin_msg "Stopping $NSLCD_DESC" "$NSLCD_NAME"
start-stop-daemon --stop --oknodo \
--pidfile $NSLCD_PIDFILE \
--name "$NSLCD_NAME"
log_end_msg $?
[ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
;;
restart|force-reload)
[ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
chown nslcd:nslcd "$NSLCD_STATEDIR" )
log_begin_msg "Restarting $NSLCD_DESC" "$NSLCD_NAME"
start-stop-daemon --stop --quiet --retry 10 \
--pidfile $NSLCD_PIDFILE \
--name "$NSLCD_NAME"
[ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
start-stop-daemon --start \
--pidfile $NSLCD_PIDFILE \
--startas $NSLCD_BIN
log_end_msg $?
;;
status)
if [ -f "$NSLCD_PIDFILE" ]
then
if $NSLCD_BIN --check
then
log_success_msg "$NSLCD_NAME running (pid `cat $NSLCD_PIDFILE`)"
exit 0
else
log_success_msg "$NSLCD_NAME stopped"
exit 1
fi
else
log_success_msg "$NSLCD_NAME stopped"
exit 3
fi
;;
*)
log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0

2
base/setup/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
COPY_LIST="files/*"
TIS_PATCH_VER=13

25
base/setup/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch Normal file
View File

@ -0,0 +1,25 @@
From 412fc338e588c92ee0be3bf1b1af0040fac9f500 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 26 Sep 2016 17:40:54 -0400
Subject: [PATCH] Update package versioning for TIS format
---
SPECS/setup.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 223bfd5..89a4d2f 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@
Summary: A set of system configuration and setup files
Name: setup
Version: 2.8.71
-Release: 9%{?dist}
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
--
1.8.3.1

14
base/setup/centos/meta_patches/PATCH_ORDER Normal file
View File

@ -0,0 +1,14 @@
spec-include-TiS-changes.patch
spec-include-tis-uid-gid.patch
spec-set-custom-prompt.patch
updating-gids-and-uids-to-support-upgrade-from-wrl.patch
spec-passwd-remove-unused-default-users-and-groups.patch
spec-include-snmpd-fm-user-group.patch
security-make-exports-and-fstab-only-root-accessible.patch
spec-remove-unused-default-groups.patch
0001-Update-package-versioning-for-TIS-format.patch
spec-add-TMOUT-variable.patch
spec-include-add-fm-user-to-snmpd-group.patch
spec-add-magnum-uid-gid.patch
spec-add-ironic-uid-gid.patch
spec-add-murano-uid-gid.patch

28
base/setup/centos/meta_patches/security-make-exports-and-fstab-only-root-accessible.patch Normal file
View File

@ -0,0 +1,28 @@
From 2f6906e33b91dc28c7b48ce5604501ce09cfaed6 Mon Sep 17 00:00:00 2001
Message-Id: <2f6906e33b91dc28c7b48ce5604501ce09cfaed6.1468352966.git.Jim.Somerville@windriver.com>
From: Jim Somerville <Jim.Somerville@windriver.com>
Date: Tue, 12 Jul 2016 15:43:47 -0400
Subject: [PATCH 1/1] security make exports and fstab only root accessible
Apply a chmod of 600 to the two files.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
---
SPECS/setup.spec | 1 +
1 file changed, 1 insertion(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index d40113f..6c18614 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -65,6 +65,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
+chmod 0600 %{buildroot}/etc/{exports,fstab}
install -m 644 %{SOURCE1} %{buildroot}/etc/
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
--
1.8.3.1

40
base/setup/centos/meta_patches/spec-add-TMOUT-variable.patch Normal file
View File

@ -0,0 +1,40 @@
From 13bee9ed7d91fae3d66f91d4e4aa139ca3d05f66 Mon Sep 17 00:00:00 2001
From: David Balme <david.balme@windriver.com>
Date: Thu, 13 Oct 2016 08:40:27 -0400
Subject: [PATCH 1/1] add TMOUT variable
---
SPECS/setup.spec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 89a4d2f..1f5c96a 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -8,6 +8,7 @@ URL: https://fedorahosted.org/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
Source1: motd
Source2: prompt.sh
+Source3: custom.sh
BuildArch: noarch
BuildRequires: bash tcsh perl
#require system release for saner dependency order
@@ -70,6 +71,7 @@ touch %{buildroot}/etc/subgid
chmod 0600 %{buildroot}/etc/{exports,fstab}
install -m 644 %{SOURCE1} %{buildroot}/etc/
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
+install -m 644 %{SOURCE3} %{buildroot}/etc/profile.d/custom.sh
# remove unpackaged files from the buildroot
rm -f %{buildroot}/etc/Makefile
@@ -125,6 +127,7 @@ end
%config(noreplace) /etc/motd
%dir /etc/profile.d
/etc/profile.d/prompt.sh
+/etc/profile.d/custom.sh
%config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
--
1.8.3.1

26
base/setup/centos/meta_patches/spec-add-ironic-uid-gid.patch Normal file
View File

@ -0,0 +1,26 @@
commit f944ef677dc090e91b790ac54064d61d071edb5c
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
Date: Mon Sep 25 12:20:43 2017 -0400
Add ironic-uid-gid.patch to SPECS
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 2ec3541..55dd30b 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -28,6 +28,7 @@ Patch9: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch
+Patch13: add-ironic-uid-gid.patch
%description
The setup package contains a set of important system configuration and
@@ -48,6 +49,7 @@ setup files, such as passwd, group, and profile.
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
./shadowconvert.sh

32
base/setup/centos/meta_patches/spec-add-magnum-uid-gid.patch Normal file
View File

@ -0,0 +1,32 @@
From 11086bd4422e8f24a0b070eb16e53b08f4561c61 Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Thu, 3 Aug 2017 16:18:34 -0400
Subject: [PATCH 1/1] meta add magnum uid and gid
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 9ee24ca..2ec3541 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -27,6 +27,7 @@ Patch8: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch
+Patch12: add-magnum-uid-gid.patch
%description
The setup package contains a set of important system configuration and
@@ -46,6 +47,7 @@ setup files, such as passwd, group, and profile.
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
./shadowconvert.sh
--
1.8.3.1

32
base/setup/centos/meta_patches/spec-add-murano-uid-gid.patch Normal file
View File

@ -0,0 +1,32 @@
From bb774f39b779de4e31007fc70bead641820ae74f Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Mon, 8 Jan 2018 12:28:08 -0500
Subject: [PATCH 1/1] meta add murano uid and gid
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 55dd30b..b652b3c 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -29,6 +29,7 @@ Patch10: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch
Patch13: add-ironic-uid-gid.patch
+Patch14: add-murano-uid-gid.patch
%description
The setup package contains a set of important system configuration and
@@ -50,6 +51,7 @@ setup files, such as passwd, group, and profile.
%patch11 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
./shadowconvert.sh
--
1.8.3.1

35
base/setup/centos/meta_patches/spec-include-TiS-changes.patch Normal file
View File

@ -0,0 +1,35 @@
setup.spec: to include Titanium Cloud specific changes
To include files under cgcs/recipes-base/setup/files/*
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 9174b5a..efc52ca 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -6,6 +6,7 @@ License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
+Source1: motd
BuildArch: noarch
BuildRequires: bash tcsh perl
#require system release for saner dependency order
@@ -55,6 +56,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
+install -m 644 %{SOURCE1} %{buildroot}/etc/
# remove unpackaged files from the buildroot
rm -f %{buildroot}/etc/Makefile
@@ -107,6 +109,7 @@ end
%attr(0600,root,root) %config(noreplace,missingok) /etc/securetty
%config(noreplace) /etc/csh.login
%config(noreplace) /etc/csh.cshrc
+%config(noreplace) /etc/motd
%dir /etc/profile.d
%config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
--
1.8.3.1

22
base/setup/centos/meta_patches/spec-include-add-fm-user-to-snmpd-group.patch Normal file
View File

@ -0,0 +1,22 @@
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -26,6 +26,7 @@ Patch6: updating-gids-and-uids-to-suppor
Patch8: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch
+Patch11: add-fm-user-to-snmpd-group.patch
%description
The setup package contains a set of important system configuration and
@@ -44,6 +45,7 @@ setup files, such as passwd, group, and
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
./shadowconvert.sh

41
base/setup/centos/meta_patches/spec-include-snmpd-fm-user-group.patch Normal file
View File

@ -0,0 +1,41 @@
From 35ebbf2ca7e5e412f55cdaa875845728d203b34d Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Fri, 12 Aug 2016 17:35:28 -0400
Subject: [PATCH] meta patch for snmpd-user-group.patch
---
SPECS/setup.spec | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 89ff683..d40113f 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@
Summary: A set of system configuration and setup files
Name: setup
Version: 2.8.71
-Release: 7%{?dist}
+Release: 8%{?dist}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
@@ -23,6 +23,7 @@ Patch5: setup-2.8.71-fullpath.patch
Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch8: passwd-remove-unused-default-users-and-groups.patch
+Patch9: snmpd-fm-user-group.patch
%description
The setup package contains a set of important system configuration and
@@ -39,6 +40,7 @@ setup files, such as passwd, group, and profile.
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
./shadowconvert.sh
--
1.8.3.1

1078
base/setup/centos/meta_patches/spec-include-tis-uid-gid.patch Normal file
View File

File diff suppressed because it is too large Load Diff

33
base/setup/centos/meta_patches/spec-passwd-remove-unused-default-users-and-groups.patch Normal file
View File

@ -0,0 +1,33 @@
From f882ce44d7e8574e9affc5e6471265029f9724ca Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Thu, 21 Jul 2016 11:47:55 -0400
Subject: [PATCH] spec: add patch to remove unused users and groups
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 3debacf..89ff683 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -22,6 +22,7 @@ Patch4: setup-2.8.71-filesystems.patch
Patch5: setup-2.8.71-fullpath.patch
Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
+Patch8: passwd-remove-unused-default-users-and-groups.patch
%description
The setup package contains a set of important system configuration and
@@ -37,6 +38,7 @@ setup files, such as passwd, group, and profile.
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
./shadowconvert.sh
--
1.8.3.1

42
base/setup/centos/meta_patches/spec-remove-unused-default-groups.patch Normal file
View File

@ -0,0 +1,42 @@
From e882a5dfad4ad41a256ea3867e1a4c4a08df9a98 Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Fri, 19 Aug 2016 09:28:43 -0400
Subject: [PATCH] spec: add patch to remove unused groups
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
---
SPECS/setup.spec | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 6c18614..223bfd5 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@
Summary: A set of system configuration and setup files
Name: setup
Version: 2.8.71
-Release: 8%{?dist}
+Release: 9%{?dist}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
@@ -24,6 +24,7 @@ Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch8: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch
+Patch10: remove-unused-default-groups.patch
%description
The setup package contains a set of important system configuration and
@@ -41,6 +42,7 @@ setup files, such as passwd, group, and profile.
%patch7 -p1
%patch8 -p1
%patch9 -p1
+%patch10 -p1
./shadowconvert.sh
--
1.8.3.1

42
base/setup/centos/meta_patches/spec-set-custom-prompt.patch Normal file
View File

@ -0,0 +1,42 @@
setup.spec: add custom shell login prompt
A user can be set to use "sh" (which points to bash) as login prompt.
This makes the login shell to enter "POSIX" mode which will only
read/executes file /etc/profle and files in /etc/profiled.d. So create
custom login prompt in /etc/profiles.d
---
SPECS/setup.spec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 3f74b90..184670f 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -7,6 +7,7 @@ Group: System Environment/Base
URL: https://fedorahosted.org/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
Source1: motd
+Source2: prompt.sh
BuildArch: noarch
BuildRequires: bash tcsh perl
#require system release for saner dependency order
@@ -59,6 +60,7 @@ touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
install -m 644 %{SOURCE1} %{buildroot}/etc/
+install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
# remove unpackaged files from the buildroot
rm -f %{buildroot}/etc/Makefile
@@ -113,6 +115,7 @@ end
%config(noreplace) /etc/csh.cshrc
%config(noreplace) /etc/motd
%dir /etc/profile.d
+/etc/profile.d/prompt.sh
%config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
--
1.8.3.1

32
base/setup/centos/meta_patches/updating-gids-and-uids-to-support-upgrade-from-wrl.patch Normal file
View File

@ -0,0 +1,32 @@
From b4a83aefe522dc1674c4979436398661f3ae4572 Mon Sep 17 00:00:00 2001
From: Bart Wensley <barton.wensley@windriver.com>
Date: Mon, 27 Jun 2016 12:28:36 -0400
Subject: [PATCH 1/1] updating-gids-and-uids-to-support-upgrade-from-wrl.patch
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 184670f..3debacf 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -21,6 +21,7 @@ Patch3: setup-2.8.71-uidgidchanges.patch
Patch4: setup-2.8.71-filesystems.patch
Patch5: setup-2.8.71-fullpath.patch
Patch6: tis-uid-gid.patch
+Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
%description
The setup package contains a set of important system configuration and
@@ -35,6 +36,7 @@ setup files, such as passwd, group, and profile.
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
./shadowconvert.sh
--
1.8.3.1

15
base/setup/centos/patches/add-fm-user-to-snmpd-group.patch Normal file
View File

@ -0,0 +1,15 @@
---
group | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/group
+++ b/group
@@ -21,7 +21,7 @@ neutron:x:164:neutron
cinder:x:165:cinder
ceilometer:x:166:ceilometer
sysinv:x:168:sysinv
-snmpd:x:169:snmpd
+snmpd:x:169:snmpd,fm
heat:x:187:heat
nfv:x:172:nfv
fm:x:195:fm

24
base/setup/centos/patches/add-ironic-uid-gid.patch Normal file
View File

@ -0,0 +1,24 @@
commit 51c505c59a1512c011fcda01d0583a2ddc6f3337
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
Date: Mon Sep 25 11:39:29 2017 -0400
add ironic group and passwd
diff --git a/group b/group
index 7d0244f..9979b99 100644
--- a/group
+++ b/group
@@ -27,3 +27,4 @@ nfv:x:172:nfv
fm:x:195:fm
libvirt:x:991:nova
magnum:x:1870:magnum
+ironic:x:1874:ironic
diff --git a/passwd b/passwd
index fce82e7..fb49ea3 100644
--- a/passwd
+++ b/passwd
@@ -17,3 +17,4 @@ postgres:x:120:120:PostgreSQL Server:/var/lib/pgsql:/bin/sh
snmpd:x:169:169:net-snmp:/usr/share/snmp:/sbin/nologin
fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
magnum:x:1870:1870:OpenStack Magnum Daemons:/var/lib/magnum:/sbin/nologin
+ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin

31
base/setup/centos/patches/add-magnum-uid-gid.patch Normal file
View File

@ -0,0 +1,31 @@
From b7fa16379bf880fb0fe5d36cd2dac9182176d433 Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Thu, 3 Aug 2017 16:11:37 -0400
Subject: [PATCH 1/1] Added magnum uid/gid to the group and passwd files
---
group | 1 +
passwd | 1 +
2 files changed, 2 insertions(+)
diff --git a/group b/group
index 8924954..7d0244f 100644
--- a/group
+++ b/group
@@ -26,3 +26,4 @@ heat:x:187:heat
nfv:x:172:nfv
fm:x:195:fm
libvirt:x:991:nova
+magnum:x:1870:magnum
diff --git a/passwd b/passwd
index 2fb16ee..fce82e7 100644
--- a/passwd
+++ b/passwd
@@ -16,3 +16,4 @@ nfv:x:172:172:nfvi:/var/lib/nfv:/sbin/nologin
postgres:x:120:120:PostgreSQL Server:/var/lib/pgsql:/bin/sh
snmpd:x:169:169:net-snmp:/usr/share/snmp:/sbin/nologin
fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
+magnum:x:1870:1870:OpenStack Magnum Daemons:/var/lib/magnum:/sbin/nologin
--
1.8.3.1

31
base/setup/centos/patches/add-murano-uid-gid.patch Normal file
View File

@ -0,0 +1,31 @@
From daeb87a5c097ad17ccbb90c6f15b9042bb991b7a Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Mon, 8 Jan 2018 12:25:06 -0500
Subject: [PATCH 1/1] Added murano uid/gid to the group and passwd files
---
group | 1 +
passwd | 1 +
2 files changed, 2 insertions(+)
diff --git a/group b/group
index 9979b99..22fa91d 100644
--- a/group
+++ b/group
@@ -28,3 +28,4 @@ fm:x:195:fm
libvirt:x:991:nova
magnum:x:1870:magnum
ironic:x:1874:ironic
+murano:x:105:murano
diff --git a/passwd b/passwd
index fb49ea3..dfb96b7 100644
--- a/passwd
+++ b/passwd
@@ -18,3 +18,4 @@ snmpd:x:169:169:net-snmp:/usr/share/snmp:/sbin/nologin
fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
magnum:x:1870:1870:OpenStack Magnum Daemons:/var/lib/magnum:/sbin/nologin
ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin
+murano:x:105:105:OpenStack Murano Daemons:/home/murano:/sbin/nologin
--
1.8.3.1

66
base/setup/centos/patches/passwd-remove-unused-default-users-and-groups.patch Normal file
View File

@ -0,0 +1,66 @@
From 737295c6ad990e8e248fef6b378198c3326b90ba Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Thu, 11 Aug 2016 18:24:25 -0400
Subject: [PATCH] passwd: remove unused default users and groups
A customer request to remove unused users and groups. These are default
users/groups on centos which have no bearing on a Titanium Cloud cluster.
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
---
group | 8 --------
passwd | 8 --------
2 files changed, 16 deletions(-)
diff --git a/group b/group
index c21e2de..87a03c1 100644
--- a/group
+++ b/group
@@ -1,11 +1,7 @@
root::0:
-bin::1:
-daemon::2:
sys::3:
-adm::4:
tty::5:
disk::6:
-lp::7:
mem::8:
kmem::9:
wheel::10:
@@ -14,12 +10,8 @@ mail::12:
man::15:
dialout::18:
floppy::19:
-games::20:
tape::30:
-video::39:
-ftp::50:
lock::54:
-audio::63:
nobody::99:
users::100:
postgres:x:120:
diff --git a/passwd b/passwd
index 548435f..46a3d52 100644
--- a/passwd
+++ b/passwd
@@ -1,15 +1,7 @@
root:*:0:0:root:/root:/bin/bash
-bin:*:1:1:bin:/bin:/sbin/nologin
-daemon:*:2:2:daemon:/sbin:/sbin/nologin
-adm:*:3:4:adm:/var/adm:/sbin/nologin
-lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
-mail:*:8:12:mail:/var/spool/mail:/sbin/nologin
-operator:*:11:0:operator:/root:/sbin/nologin
-games:*:12:100:games:/usr/games:/sbin/nologin
-ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:*:99:99:Nobody:/:/sbin/nologin
rabbitmq:x:121:121::/var/lib/rabbitmq:/bin/sh
nova:x:994:162::/var/lib/nova:/bin/false
--
1.8.3.1

35
base/setup/centos/patches/remove-unused-default-groups.patch Normal file
View File

@ -0,0 +1,35 @@
From d79451c9a047313fb8da27007ea9d99435e05ff2 Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Fri, 19 Aug 2016 09:21:44 -0400
Subject: [PATCH] CGTS-4685: setup: remove unused default groups
A customer request to remove unused users and groups. These are default
users/groups on centos which have no bearing on a Titanium Cloud cluster.
Two additional groups are removed: mem, man
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
---
group | 2 --
1 file changed, 2 deletions(-)
diff --git a/group b/group
index 8794dde..0b93beb 100644
--- a/group
+++ b/group
@@ -2,12 +2,10 @@ root::0:
sys::3:
tty::5:
disk::6:
-mem::8:
kmem::9:
wheel::10:
cdrom::11:
mail::12:
-man::15:
dialout::18:
floppy::19:
tape::30:
--
1.8.3.1

61
base/setup/centos/patches/snmpd-fm-user-group.patch Normal file
View File

@ -0,0 +1,61 @@
From 725f6245c1a45973731eb853e9e1b0d388295f92 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Fri, 12 Aug 2016 17:40:31 -0400
Subject: [PATCH] US84147: Security: NON-OPENSTACK Processes: External services
must run as non-root
Add new snmpd and fm users/groups so that those services may be run as
non-root.
---
group | 2 ++
passwd | 2 ++
uidgid | 3 +++
3 files changed, 7 insertions(+)
diff --git a/group b/group
index 87a03c1..8794dde 100644
--- a/group
+++ b/group
@@ -23,6 +23,8 @@ neutron:x:164:neutron
cinder:x:165:cinder
ceilometer:x:166:ceilometer
sysinv:x:168:sysinv
+snmpd:x:169:snmpd
heat:x:187:heat
nfv:x:172:nfv
+fm:x:195:fm
libvirt:x:991:nova
diff --git a/passwd b/passwd
index 46a3d52..2fb16ee 100644
--- a/passwd
+++ b/passwd
@@ -14,3 +14,5 @@ heat:x:992:187::/home/heat:/bin/sh
ceilometer:x:991:166::/home/ceilometer:/bin/sh
nfv:x:172:172:nfvi:/var/lib/nfv:/sbin/nologin
postgres:x:120:120:PostgreSQL Server:/var/lib/pgsql:/bin/sh
+snmpd:x:169:169:net-snmp:/usr/share/snmp:/sbin/nologin
+fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
diff --git a/uidgid b/uidgid
index c6bbd4b..f779665 100644
--- a/uidgid
+++ b/uidgid
@@ -134,6 +134,8 @@ quantum 164 164 /var/lib/quantum /sbin/nologin openstack-quantum
cinder 165 165 /var/lib/cinder /sbin/nologin openstack-cinder
ceilometer 166 166 /var/lib/ceilometer /sbin/nologin openstack-ceilometer
ceph 167 167 /var/lib/ceph /sbin/nologin ceph-common
+sysinv 168 168 /var/lib/sysinv /sbin/nologin sysinv
+snmpd 169 169 /usr/share/snmp /sbin/nologin net-snmp
avahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahi
pulse 171 171 /var/run/pulse /sbin/nologin pulseaudio
rtkit 172 172 /proc /sbin/nologin rtkit
@@ -163,6 +165,7 @@ systemd-network 192 192 / /sbin/nologin systemd
systemd-resolve 193 193 / /sbin/nologin systemd
gnats ? ? ? ? gnats, gnats-db
listar ? ? ? ? listar
+fm 195 195 /var/lib/fm /sbin/nologin fm-mgr
nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils
# Note: nfsnobody is 4294967294 on 64-bit platforms (-2)
--
1.8.3.1

50
base/setup/centos/patches/tis-uid-gid.patch Normal file
View File

@ -0,0 +1,50 @@
From fcfa685f89f2dbabf8b73e64cb0941098269856e Mon Sep 17 00:00:00 2001
From: Don Penney <dpenney@yow-dpenney-lx.corp.ad.wrs.com>
Date: Mon, 25 Apr 2016 13:06:49 -0400
Subject: [PATCH 1/1] WRS: Patch5: tis-uid-gid.patch
---
group | 11 +++++++++++
passwd | 10 ++++++++++
2 files changed, 21 insertions(+)
diff --git a/group b/group
index be01f5c..3a0560d 100644
--- a/group
+++ b/group
@@ -22,3 +22,14 @@ lock::54:
audio::63:
nobody::99:
users::100:
+rabbitmq:x:121:
+glance:x:161:glance
+nova:x:162:nova
+keystone:x:163:keystone
+neutron:x:164:neutron
+cinder:x:165:cinder
+ceilometer:x:166:ceilometer
+sysinv:x:168:sysinv
+heat:x:187:heat
+nfv:x:172:nfv
+libvirt:x:991:nova
diff --git a/passwd b/passwd
index 6c6a8eb..3f28c4e 100644
--- a/passwd
+++ b/passwd
@@ -11,3 +11,13 @@ operator:*:11:0:operator:/root:/sbin/nologin
games:*:12:100:games:/usr/games:/sbin/nologin
ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:*:99:99:Nobody:/:/sbin/nologin
+rabbitmq:x:121:121::/var/lib/rabbitmq:/bin/sh
+nova:x:994:992::/var/lib/nova:/bin/false
+keystone:x:993:991::/home/keystone:/bin/sh
+glance:x:161:161:OpenStack Glance Daemons:/opt/cgcs/glance:/sbin/nologin
+cinder:x:165:165:OpenStack Cinder Daemons:/var/lib/cinder:/sbin/nologin
+sysinv:x:168:168:sysinv Daemons:/var/lib/sysinv:/sbin/nologin
+neutron:x:164:164:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
+heat:x:992:990::/home/heat:/bin/sh
+ceilometer:x:991:989::/home/ceilometer:/bin/sh
+nfv:x:172:172:nfvi:/var/lib/nfv:/sbin/nologin
--
1.8.3.1

47
base/setup/centos/patches/updating-gids-and-uids-to-support-upgrade-from-wrl.patch Normal file
View File

@ -0,0 +1,47 @@
From c254a8d2bfdcd4509f84b34ca0d92068a2b28618 Mon Sep 17 00:00:00 2001
From: Bart Wensley <barton.wensley@windriver.com>
Date: Wed, 29 Jun 2016 08:15:32 -0400
Subject: [PATCH 1/1] updating gids and uids to support upgrade from wrl
---
group | 1 +
passwd | 9 +++++----
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/group b/group
index 3a0560d..c21e2de 100644
--- a/group
+++ b/group
@@ -22,6 +22,7 @@ lock::54:
audio::63:
nobody::99:
users::100:
+postgres:x:120:
rabbitmq:x:121:
glance:x:161:glance
nova:x:162:nova
diff --git a/passwd b/passwd
index 3f28c4e..548435f 100644
--- a/passwd
+++ b/passwd
@@ -12,12 +12,13 @@ games:*:12:100:games:/usr/games:/sbin/nologin
ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:*:99:99:Nobody:/:/sbin/nologin
rabbitmq:x:121:121::/var/lib/rabbitmq:/bin/sh
-nova:x:994:992::/var/lib/nova:/bin/false
-keystone:x:993:991::/home/keystone:/bin/sh
+nova:x:994:162::/var/lib/nova:/bin/false
+keystone:x:993:163::/home/keystone:/bin/sh
glance:x:161:161:OpenStack Glance Daemons:/opt/cgcs/glance:/sbin/nologin
cinder:x:165:165:OpenStack Cinder Daemons:/var/lib/cinder:/sbin/nologin
sysinv:x:168:168:sysinv Daemons:/var/lib/sysinv:/sbin/nologin
neutron:x:164:164:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
-heat:x:992:990::/home/heat:/bin/sh
-ceilometer:x:991:989::/home/ceilometer:/bin/sh
+heat:x:992:187::/home/heat:/bin/sh
+ceilometer:x:991:166::/home/ceilometer:/bin/sh
nfv:x:172:172:nfvi:/var/lib/nfv:/sbin/nologin
+postgres:x:120:120:PostgreSQL Server:/var/lib/pgsql:/bin/sh
--
1.8.3.1

1
base/setup/centos/srpm_path Normal file
View File

@ -0,0 +1 @@
mirror:Source/setup-2.8.71-7.el7.src.rpm

1
base/setup/files/custom.sh Normal file
View File

@ -0,0 +1 @@
export TMOUT=900

5
base/setup/files/motd Normal file
View File

@ -0,0 +1,5 @@

WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored if unauthorized usage is suspected.

66
base/setup/files/nsswitch.conf Normal file
View File

@ -0,0 +1,66 @@
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
initgroups: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: nisplus sss
publickey: nisplus
automount: files nisplus
aliases: files nisplus
sudoers: files

4
base/setup/files/prompt.sh Normal file
View File

@ -0,0 +1,4 @@
if [ "$PS1" ]; then
PS1='\h:\w\$ '
fi
export PS1

13
base/tis-extensions/PKG-INFO Normal file
View File

@ -0,0 +1,13 @@
Metadata-Version: 1.1
Name: tis-extensions
Version: 1.0
Summary: TIS Extensions to thirdparty pkgs
Home-page:
Author: Windriver
Author-email: info@windriver.com
License: Apache-2.0
Description: TIS Extensions to thirdparty pkgs
Platform: UNKNOWN

2
base/tis-extensions/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
SRC_DIR="files"
TIS_PATCH_VER=2

69
base/tis-extensions/centos/tis-extensions.spec Normal file
View File

@ -0,0 +1,69 @@
#
# The tis-extensions group of packages is intended to allow us to
# add files to "extend" thirdparty packages, such as by packaging
# custom systemd files into /etc/systemd to override the originals
# without modifying or rebuilding the thirdparty package.
#
Name: tis-extensions
Version: 1.0
Summary: TIS Extensions to thirdparty pkgs
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: %{name}-%{version}.tar.gz
%define debug_package %{nil}
Requires: systemd
%description
TIS Extensions to thirdparty pkgs
%package -n %{name}-controller
Summary: TIS Extensions to thirdparty pkg on controller
Group: base
%description -n %{name}-controller
TIS Extensions to thirdparty pkgs on controller
%define local_etc_systemd %{_sysconfdir}/systemd/system/
%define local_etc_coredump %{_sysconfdir}/systemd/coredump.conf.d
%define local_etc_initd %{_sysconfdir}/init.d
%define local_etc_sysctl %{_sysconfdir}/sysctl.d
%define local_etc_modload %{_sysconfdir}/modules-load.d
%prep
%setup
%build
%install
install -d -m 755 %{buildroot}%{local_etc_initd}
install -p -D -m 555 target %{buildroot}%{local_etc_initd}/target
install -d -m 755 %{buildroot}%{local_etc_systemd}
install -p -D -m 444 target.service %{buildroot}%{local_etc_systemd}/target.service
install -d -m 755 %{buildroot}%{local_etc_sysctl}
install -p -D -m 644 coredump-sysctl.conf %{buildroot}%{local_etc_sysctl}/50-coredump.conf
install -d -m 755 %{buildroot}%{local_etc_coredump}
install -p -D -m 644 coredump.conf %{buildroot}%{local_etc_coredump}/coredump.conf
install -d -m 755 %{buildroot}%{local_etc_modload}
install -p -D -m 644 modules-load-vfio.conf %{buildroot}%{local_etc_modload}/vfio.conf
%files
%defattr(-,root,root,-)
%{local_etc_sysctl}/50-coredump.conf
%{local_etc_coredump}/coredump.conf
%{local_etc_modload}/vfio.conf
%doc LICENSE
%files -n %{name}-controller
%defattr(-,root,root,-)
%{local_etc_initd}/target
%{local_etc_systemd}/target.service

202
base/tis-extensions/files/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

4
base/tis-extensions/files/coredump-sysctl.conf Normal file
View File

@ -0,0 +1,4 @@
# send coredumps to the systemd coredump utility.
kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e
kernel.core_pipe_limit = 4
kernel.core_uses_pid = 1

8
base/tis-extensions/files/coredump.conf Normal file
View File

@ -0,0 +1,8 @@
[Coredump]
Storage=external
Compress=yes
#ProcessSizeMax=2G
#ExternalSizeMax=2G
#JournalSizeMax=767M
#MaxUse=
#KeepFree=

1
base/tis-extensions/files/modules-load-vfio.conf Normal file
View File

@ -0,0 +1 @@
vfio

290
base/tis-extensions/files/target Normal file
View File

@ -0,0 +1,290 @@
#!/bin/bash
#
# Filename: /etc/init.d/target
#
# Bring up/down iscsi LIO target
#
#########################################################################
#
#
# Copyright (c) 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
DESC="target"
STATUS_FILE="/var/run/lio-target.running"
CINDER_CONF_DIR="/opt/cgcs/cinder"
LIO_CONF_DIR="${CINDER_CONF_DIR}/iscsi-target"
LIO_CONF_FILE="${LIO_CONF_DIR}/saveconfig.json"
TGT_CONF_FILE="${CINDER_CONF_DIR}/data/tgt-initiators-15.12-upgrade.conf"
BASE_TARGET_DIR="/etc/target"
# Tools
TARGETCLI="/usr/bin/targetcli"
RTSTOOL="/usr/bin/cinder-rtstool"
SM_QUERY="/usr/bin/sm-query"
# This will log to /var/log/platform.log
NAME=$(basename $0)
function log () {
logger -p local1.info "${NAME}: $1"
}
# Determine whether we are running on the active controller.
# Return value: 0 - controller is active, 1 - not active.
is_active_controller () {
# service drbd-cgcs - should be active before iscsi one
local SERVICE="drbd-cgcs"
local ACTIVE=$(${SM_QUERY} service ${SERVICE} | \
grep enabled-active)
if [ -z "${ACTIVE}" ] ; then
return 1
else
return 0
fi
}
# This is a function that migrates 15.12 TGT Target configuration
# to the LIO Target configuration file. The function is called only
# once on the first "swact" to the LIO controller after
# Software Upgrade.
migrate_tgt () {
log "Migrating 15.12 TGT iSCSI Target to LIO"
# TGT configuration directory
TGT_CONF_DIR="/opt/cgcs/cinder/data/volumes"
# Start the LIO target and enable it for configuration
/usr/bin/targetctl restore
if [ $? -ne 0 ] ; then
log "ERROR: trying to start the LIO target"
return 1
fi
if [ ! -d ${TGT_CONF_DIR} ] ; then
# User does not have attached volumes
log "No volumes to migrate. Migration is done"
return 0
fi
if [ ! "$(ls -A ${TGT_CONF_DIR})" ] ; then
# Cinder volumes configuration is empty
log "No volumes to migrate. Migration is done"
return 0
fi
PORTAL_IP=""
if [ -e /etc/hosts ] ; then
PORTAL_IP=$(grep controller-cinder /etc/hosts | awk '{print $1}')
fi
# If no Portal IP is specified, use default IP address
if [ -z "${PORTAL_IP}" ] ; then
PORTAL_IP="0.0.0.0"
fi
for volume in `find ${TGT_CONF_DIR} -name "volume-*"`
do
TARGET_NAME=$(grep -n target ${volume} | awk '{ print $2}' | \
sed 's/>//')
DEVICE=$(grep -n backing-store ${volume} | awk '{print $3}')
USERID=$(grep -n incominguser ${volume} | awk '{print $3}')
PASSWORD=$(grep -n incominguser ${volume} | awk '{print $4}')
INITIATOR=$(grep -n ${TARGET_NAME} ${TGT_CONF_FILE} | \
awk '{ print $5 }')
if [ ! "${TARGET_NAME}" -a "${DEVICE}" -a "${USERID}" -a \
"${PASSWORD}" -a "${INITIATOR}" ] ; then
log "ERROR: volume ${TARGET_NAME} configuration is not complete"
continue
fi
# Add the volume to the LIO configuration
${RTSTOOL} create ${DEVICE} ${TARGET_NAME} ${USERID} ${PASSWORD} \
False -a${PORTAL_IP} -p3260 2>/dev/null
if [ $? -ne 0 ] ; then
log "ERROR: Target creation failed for volume ${TARGET_NAME}"
continue
fi
log "Created target ${TARGET_NAME}"
${RTSTOOL} add-initiator ${TARGET_NAME} ${USERID} ${PASSWORD} \
${INITIATOR} 2>/dev/null
if [ $? -ne 0 ] ; then
log "ERROR: Add Initiator ${INITIATOR} failed for ${TARGET_NAME}"
continue
fi
log "Added Initiator ${INITIATOR} for ${TARGET_NAME}"
# Create a lun mapping from 1 to 0. Why? Well 15.12 used tgt which
# uses lun 1 as the first volume, but lio uses lun 0. This mapping
# allows iscsi references created in the old tgt realm to continue
# to work.
${TARGETCLI} "/iscsi/${TARGET_NAME}/tpg1/acls/${INITIATOR} create 1 0"
if [ $? -ne 0 ] ; then
log "ERROR: lun 1 mapping failed: Initiator ${INITIATOR} Target ${TARGET_NAME}"
else
log "Added lun 1 mapping: Initiator ${INITIATOR} Target ${TARGET_NAME}"
fi
done
# Save and verify the new LIO configuration
${RTSTOOL} save 2> /dev/null
if [ $? -ne 0 ] ; then
log "ERROR: Cannot save LIO Target configuration"
return 1
fi
${RTSTOOL} verify 2> /dev/null
if [ $? -ne 0 ] ; then
log "ERROR: LIO Target verification failed"
return 1
fi
log "TGT to LIO migration is done"
return 0
}
start () {
echo -n "Starting ${DESC}..."
if ! is_active_controller ; then
echo "failed. Controller is not active."
exit 1
fi
if [ ! -L ${BASE_TARGET_DIR} ] ; then
rm -rf ${BASE_TARGET_DIR}
ln -s ${LIO_CONF_DIR} ${BASE_TARGET_DIR}
fi
if [ ! -d ${LIO_CONF_DIR} ] ; then
# Create LIO configuration directory
mkdir -p ${LIO_CONF_DIR} && log "Created ${LIO_CONF_DIR}"
# Create default LIO configuration file
${TARGETCLI} saveconfig ${LIO_CONF_FILE}
fi
if [ -e ${TGT_CONF_FILE} -a -s ${TGT_CONF_FILE} ] ; then
migrate_tgt
if [ $? -ne 0 ] ; then
echo "tgt migration failed."
exit 1
fi
mv -f ${TGT_CONF_FILE} ${TGT_CONF_FILE}.bak
else
/usr/bin/targetctl restore
if [ $? -ne 0 ] ; then
echo "failed."
exit 1
fi
fi
touch ${STATUS_FILE}
echo "done."
}
stop () {
echo -n "Stopping ${DESC}..."
if [ ! -f ${STATUS_FILE} ] ; then
echo "service has not been started"
exit 0
fi
/usr/bin/targetctl clear
RET=$?
if [ -f ${STATUS_FILE} ] ; then
rm -f ${STATUS_FILE}
fi
if [ ${RET} -ne 0 ] ; then
echo "failed."
exit 1
fi
echo -n
}
status()
{
if [ ! -f ${STATUS_FILE} ] ; then
echo "${DESC} has not been started"
exit 3
else
echo "${DESC} had been started"
fi
}
restart () {
stop
start
}
reload()
{
if [ ! -f ${STATUS_FILE} ] ; then
echo "${DESC} has not been started"
exit 1
fi
/usr/bin/targetctl restore
if [ $? -ne 0 ] ; then
echo "failed."
exit 1
fi
}
case "$1" in
start)
start
;;
status)
status
;;
stop|forcedstop)
stop
;;
reload|force-reload)
reload
;;
restart|try-restart)
restart
;;
*)
echo $"Usage: $0 {start|status|stop|forcedstop|restart|try-restart|reload|force-reload}"
exit 1
;;
esac
exit 0

14
base/tis-extensions/files/target.service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=iscsi LIO target service
After=config.service
[Service]
Type=oneshot
ExecStart=/etc/init.d/target
ExecStop=
ExecReload=
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

22
connectivity/dhcp/PKG-INFO Normal file
View File

@ -0,0 +1,22 @@
Metadata-Version: 1.1
Name: dhcp
Version: 4.2.5
Summary: Dynamic host configuration protocol software
Home-page:
Author:
Author-email:
License: ISC
Description:
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network.
To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon. The dhcp package provides
the ISC DHCP service and relay agent.
Platform: UNKNOWN

2
connectivity/dhcp/centos/build_srpm.data Normal file
View File

@ -0,0 +1,2 @@
COPY_LIST="$FILES_BASE/*"
TIS_PATCH_VER=8

41
connectivity/dhcp/centos/files/dhclient-dhcp6-wrs-install-uuid.patch Normal file
View File

@ -0,0 +1,41 @@
From 70d970536ec4312be28c7c39b20fe90199c495e0 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:26 -0400
Subject: [PATCH 6/7] WRS: Patch106: dhclient-dhcp6-wrs-install-uuid.patch
---
client/scripts/linux | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/client/scripts/linux b/client/scripts/linux
index ddf50e8..c4ab9a1 100755
--- a/client/scripts/linux
+++ b/client/scripts/linux
@@ -77,15 +77,22 @@ exit_with_hooks() {
exit $exit_status
}
+# Select wrs-install-uuid from ipv4 or ipv6
+if [ -n "$new_dhcp6_wrs_install_uuid" ]; then
+ wrs_install_uuid=$new_dhcp6_wrs_install_uuid
+else
+ wrs_install_uuid=$new_wrs_install_uuid
+fi
+
# Enforce wrs-install-uuid on management and infrastrucure interfaces
source /etc/platform/platform.conf
-if [ -n "$new_wrs_install_uuid" ]; then
+if [ -n "$wrs_install_uuid" ]; then
if [ "$nodetype" == "controller" ]; then
source /etc/build.info
file="/www/pages/feed/rel-$SW_VERSION/install_uuid"
INSTALL_UUID=$(cat "$file")
fi
- if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then
+ if [ "$INSTALL_UUID" != "$wrs_install_uuid" ]; then
exit 1
fi
elif [ "$interface" == "$management_interface" -o \
--
1.9.1

28
connectivity/dhcp/centos/files/dhclient-disable-NSUPDATE.patch Normal file
View File

@ -0,0 +1,28 @@
From 4b0c758337d28109ac49f69ac334b4bebf09a0af Mon Sep 17 00:00:00 2001
From: Hung Pham <hung.pham@windriver.com>
Date: Mon, 10 Jul 2017 13:15:39 -0400
Subject: [PATCH 1/1] dhclient-disable-NSUPDATE
---
includes/site.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/includes/site.h b/includes/site.h
index 8ff2834..f7dde00 100644
--- a/includes/site.h
+++ b/includes/site.h
@@ -115,7 +115,10 @@
/* Define this if you want DNS update functionality to be available. */
-#define NSUPDATE
+/* WRS: Comment out this define to disable the DDNS feature */
+/* TiS doesn't use DDNS, and enabling DDNS will cause dhclient to listen on */
+/* an extra port that may collide with MTCE */
+/* #define NSUPDATE */
/* Define this if you want the dhcpd.pid file to go somewhere other than
the default (which varies from system to system, but is usually either
--
1.8.3.1

32
connectivity/dhcp/centos/files/dhclient-enter-hooks Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
#
# /etc/dhclient-enter-hooks
#
# This file is sourced by /sbin/dhclient-script.
#
# Select wrs-install-uuid from ipv4 or ipv6
if [ -n "$new_dhcp6_wrs_install_uuid" ]; then
wrs_install_uuid=$new_dhcp6_wrs_install_uuid
else
wrs_install_uuid=$new_wrs_install_uuid
fi
# Enforce wrs-install-uuid on management and infrastrucure interfaces
source /etc/platform/platform.conf
if [ -n "$wrs_install_uuid" ]; then
if [ "$nodetype" == "controller" ]; then
source /etc/build.info
file="/www/pages/feed/rel-$SW_VERSION/install_uuid"
INSTALL_UUID=$(cat "$file")
fi
if [ "$INSTALL_UUID" != "$wrs_install_uuid" ]; then
exit_status=1
fi
elif [ "$interface" == "$management_interface" -o \
"$interface" == "$infrastructure_interface" ]; then
if [ "$nodetype" != "controller" -o \
-e "/etc/platform/.initial_config_complete" ]; then
exit_status=1
fi
fi

42
connectivity/dhcp/centos/files/dhclient-handle-wrs-install-uuid.patch Normal file
View File

@ -0,0 +1,42 @@
From d6daacb050008d473b986f574434f9b8ae7139e4 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:23 -0400
Subject: [PATCH 5/7] WRS: Patch105: dhclient-handle-wrs-install-uuid.patch
---
client/scripts/linux | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/client/scripts/linux b/client/scripts/linux
index 59e764f..ddf50e8 100755
--- a/client/scripts/linux
+++ b/client/scripts/linux
@@ -77,6 +77,25 @@ exit_with_hooks() {
exit $exit_status
}
+# Enforce wrs-install-uuid on management and infrastrucure interfaces
+source /etc/platform/platform.conf
+if [ -n "$new_wrs_install_uuid" ]; then
+ if [ "$nodetype" == "controller" ]; then
+ source /etc/build.info
+ file="/www/pages/feed/rel-$SW_VERSION/install_uuid"
+ INSTALL_UUID=$(cat "$file")
+ fi
+ if [ "$INSTALL_UUID" != "$new_wrs_install_uuid" ]; then
+ exit 1
+ fi
+elif [ "$interface" == "$management_interface" -o \
+ "$interface" == "$infrastructure_interface" ]; then
+ if [ "$nodetype" != "controller" -o \
+ -e "/etc/platform/.initial_config_complete" ]; then
+ exit 1
+ fi
+fi
+
# Invoke the local dhcp client enter hooks, if they exist.
if [ -f /etc/dhclient-enter-hooks ]; then
exit_status=0
--
1.9.1

48
connectivity/dhcp/centos/files/dhclient-ipv6-bind-to-interface.patch Normal file
View File

@ -0,0 +1,48 @@
From f1df67309b435da1d9e02b77100a793ba0165f04 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:18 -0400
Subject: [PATCH 3/7] WRS: Patch103: dhclient-ipv6-bind-to-interface.patch
---
common/socket.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/common/socket.c b/common/socket.c
index f30c171..b236c4a 100644
--- a/common/socket.c
+++ b/common/socket.c
@@ -236,6 +236,15 @@ if_register_socket(struct interface_info *info, int family,
}
#endif
+#if defined(SO_BINDTODEVICE)
+ /* Bind this socket to this interface. */
+ if ((!do_multicast || !*do_multicast) && info->ifp &&
+ setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE,
+ (char *)(info -> ifp), sizeof(*(info -> ifp))) < 0) {
+ log_error("setsockopt: SO_BINDTODEVICE: %m");
+ }
+#endif
+
/* Bind the socket to this interface's IP address. */
if (bind(sock, (struct sockaddr *)&name, name_len) < 0) {
log_error("Can't bind to dhcp address: %m");
@@ -246,15 +255,6 @@ if_register_socket(struct interface_info *info, int family,
log_fatal("includes a bootp server.");
}
-#if defined(SO_BINDTODEVICE)
- /* Bind this socket to this interface. */
- if ((local_family != AF_INET6) && (info->ifp != NULL) &&
- setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE,
- (char *)(info -> ifp), sizeof(*(info -> ifp))) < 0) {
- log_fatal("setsockopt: SO_BINDTODEVICE: %m");
- }
-#endif
-
/* IP_BROADCAST_IF instructs the kernel which interface to send
* IP packets whose destination address is 255.255.255.255. These
* will be treated as subnet broadcasts on the interface identified
--
1.9.1

37
connectivity/dhcp/centos/files/dhclient-ipv6-conditionally-set-hostname.patch Normal file
View File

@ -0,0 +1,37 @@
From 04e5bef0d9bb0e1b3c8bbecccf11228ae809dfd2 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:21 -0400
Subject: [PATCH 4/7] WRS: Patch104:
dhclient-ipv6-conditionally-set-hostname.patch
---
client/scripts/linux | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/client/scripts/linux b/client/scripts/linux
index 14655f0..59e764f 100755
--- a/client/scripts/linux
+++ b/client/scripts/linux
@@ -254,6 +254,19 @@ if [ x$reason = xPREINIT6 ] ; then
exit_with_hooks 0
fi
+if [ x$reason = xBOUND6 ] || [ x$reason = xRENEW6 ] || \
+ [ x$reason = xREBIND6 ] || [ x$reason = xREBOOT6 ]; then
+ current_hostname=`hostname`
+ if [ x$current_hostname = x ] || \
+ [ x$current_hostname = "x(none)" ] || \
+ [ x$current_hostname = xlocalhost ] || \
+ [ x$current_hostname = x$old_fqdn_hostname ]; then
+ if [ x$new_fqdn_hostname != x$old_fqdn_hostname ]; then
+ hostname "$new_fqdn_hostname"
+ fi
+ fi
+fi
+
if [ x${old_ip6_prefix} != x ] || [ x${new_ip6_prefix} != x ] ; then
echo Prefix ${reason} old=${old_ip6_prefix} new=${new_ip6_prefix}
--
1.9.1

67
connectivity/dhcp/centos/files/dhclient-restrict-interfaces-to-command-line.patch Normal file
View File

@ -0,0 +1,67 @@
From 15b7057f9b9f2b232cf2f9f674c63140e903e379 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:15 -0400
Subject: [PATCH 2/7] WRS: Patch102:
dhclient-restrict-interfaces-to-command-line.patch
---
client/clparse.c | 8 ++++++--
client/dhclient.c | 3 +++
includes/dhcpd.h | 1 +
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/client/clparse.c b/client/clparse.c
index b609caf..3ae632a 100644
--- a/client/clparse.c
+++ b/client/clparse.c
@@ -943,8 +943,12 @@ void parse_interface_declaration (cfile, outer_config, name)
if (!client -> config)
make_client_config (client, outer_config);
- ip -> flags &= ~INTERFACE_AUTOMATIC;
- interfaces_requested = 1;
+ if (restrict_interfaces != ISC_TRUE) {
+ ip -> flags &= ~INTERFACE_AUTOMATIC;
+ interfaces_requested = 1;
+ } else {
+ log_info("%s not in command line interfaces; ignoring", ip->name);
+ }
token = next_token (&val, (unsigned *)0, cfile);
if (token != LBRACE) {
diff --git a/client/dhclient.c b/client/dhclient.c
index 0db4703..00b4240 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -71,6 +71,7 @@ isc_boolean_t no_pid_file = ISC_FALSE;
int dhcp_max_agent_option_packet_length = 0;
int interfaces_requested = 0;
+int restrict_interfaces = ISC_FALSE;
struct iaddr iaddr_broadcast = { 4, { 255, 255, 255, 255 } };
struct iaddr iaddr_any = { 4, { 0, 0, 0, 0 } };
@@ -240,6 +241,8 @@ main(int argc, char **argv) {
no_dhclient_pid = 1;
} else if (!strcmp(argv[i], "--no-pid")) {
no_pid_file = ISC_TRUE;
+ } else if (!strcmp(argv[i], "--restrict-interfaces")) {
+ restrict_interfaces = ISC_TRUE;
} else if (!strcmp(argv[i], "-cf")) {
if (++i == argc)
usage();
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 1d2bf2c..b1f16bf 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -2703,6 +2703,7 @@ extern const char *path_dhclient_db;
extern const char *path_dhclient_pid;
extern char *path_dhclient_script;
extern int interfaces_requested;
+extern int restrict_interfaces;
extern struct data_string default_duid;
extern int duid_type;
--
1.9.1

21
connectivity/dhcp/centos/files/dhclient.conf Normal file
View File

@ -0,0 +1,21 @@
# Default dhclient.conf file
#
option wrs-install-uuid code 224 = string;
option dhcp6.wrs-install-uuid code 224 = string;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
interface-mtu, fqdn, dhcp6.fqdn, wrs-install-uuid,
dhcp6.wrs-install-uuid, netbios-name-servers, netbios-scope,
dhcp6.domain-name-servers;
timeout 30;
#Changed for CGCS to improve Dead office recovery (DOR behavior)
# retry: every 30 seconds
retry 5;
# By default, use a hardware address based client-id for both IPv4 and IPv6.
# We change this via puppet to ensure that interfaces that share the same MAC
# are not using the same client-id value.
send dhcp6.client-id = concat(00:03:00, hardware);
send dhcp-client-identifier = concat(00:03:00, hardware);

63
connectivity/dhcp/centos/files/dhcp-handle-default-classless-static-route.patch Normal file
View File

@ -0,0 +1,63 @@
Index: 4.2.5-P1-r3/dhclient-exit-hooks
===================================================================
--- 4.2.5-P1-r3.orig/dhclient-exit-hooks
+++ 4.2.5-P1-r3/dhclient-exit-hooks
@@ -4,7 +4,7 @@
#
# This file is sourced by /sbin/dhclient-script.
#
-# dhcp option 121 is defined in RFC3442. The following is the link.
+# dhcp option 121 is defined in RFC3442. The following is the link.
# http://www.ietf.org/rfc/rfc3442.txt
#
# The code for this option is 121, and its minimum length is 5 bytes.
@@ -52,7 +52,7 @@ function add_routes() {
while [ $# -ne 0 ]; do
mask=$1
shift
-
+
# Parse the arguments into a CIDR net/mask string
if [ $mask -eq 32 ]; then
destination="-host $1.$2.$3.$4"
@@ -66,22 +66,31 @@ while [ $# -ne 0 ]; do
elif [ $mask -gt 8 ]; then
destination="-net $1.$2.0.0/$mask"
shift; shift
+ elif [ $mask -gt 0 ]; then
+ destination="-net $1.0.0.0/$mask"
+ shift
else
- destination="-net $1.0.0.0/$mask"
- shift
+ destination="default"
fi
-
+
# Read the gateway
gateway="$1.$2.$3.$4"
shift; shift; shift; shift
- # Add route into routing table
- route add $destination gw $gateway
-
- # Print it out if the route is added successfully
- if [ $? = 0 ]; then
- echo "Added route \"$destination gw $gateway\""
+ if [ $gateway != "0.0.0.0" ]; then
+ # Add route into routing table
+ route add $destination gw $gateway
+ if [ $? = 0 ]; then
+ echo "Added route \"$destination gw $gateway\""
+ fi
+ else
+ # Add onlink route into routing table
+ route add $destination $interface
+ if [ $? = 0 ]; then
+ echo "Added route \"$destination on $interface\""
+ fi
fi
+
done
}

28
connectivity/dhcp/centos/files/site.h Normal file
View File

@ -0,0 +1,28 @@
/*
* define config file location in ${S}/includes/site.h
* still need to take care of installation path (${sysconfdir}/dhcpd.conf)
*
* 7/22/2010 - qhe
*/
/* Define this if you want DNS update functionality to be available. */
/* Enabling the DNS update functionality results in the creation of
two UDP sockets with random high port numbers, but these numbers
appear to ignore the configured net.ipv4.ip_local_port_range values.
As a result, there's potential for collision with ports reserved
for platform services.
Given that this functionality is not being used, disable it from
the build. */
#undef NSUPDATE
/* Define this if you aren't debugging and you want to save memory
(potentially a _lot_ of memory) by allocating leases in chunks rather
than one at a time. */
#define COMPACT_LEASES
/* local */
#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf"
#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf"

42
connectivity/dhcp/centos/files/support-disable-nsupdate.patch Normal file
View File

@ -0,0 +1,42 @@
From 1a60b6e068a6f6289a48bd8281d116ed6a51f03e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:12 -0400
Subject: [PATCH 1/7] WRS: Patch101: support-disable-nsupdate.patch
---
server/dhcpd.c | 2 ++
server/failover.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/server/dhcpd.c b/server/dhcpd.c
index 67fec83..7523093 100644
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -504,8 +504,10 @@ main(int argc, char **argv) {
trace_srandom = trace_type_register ("random-seed", (void *)0,
trace_seed_input,
trace_seed_stop, MDL);
+#if defined (NSUPDATE)
trace_ddns_init();
#endif
+#endif
#if defined (PARANOIA)
/* get user and group info if those options were given */
diff --git a/server/failover.c b/server/failover.c
index 8944102..d26adfa 100644
--- a/server/failover.c
+++ b/server/failover.c
@@ -5232,7 +5232,9 @@ isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state,
*/
if (msg->binding_status == FTS_ACTIVE &&
(chaddr_changed || ident_changed)) {
+#if defined (NSUPDATE)
(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
+#endif
if (lease->scope != NULL)
binding_scope_dereference(&lease->scope, MDL);
--
1.9.1

27
connectivity/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch Normal file
View File

@ -0,0 +1,27 @@
From 80ec3fbb502373b48c54dc075d75b1d13894093e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: [PATCH 5/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/dhcp.spec
---
SPECS/dhcp.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index edc4113..29dfbcf 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -18,7 +18,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.5
-Release: 58%{?dist}
+Release: 58.el7.centos%{?_tis_dist}.%{tis_patch_ver}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
--
1.9.1

7
connectivity/dhcp/centos/meta_patches/PATCH_ORDER Normal file
View File

@ -0,0 +1,7 @@
spec-include-TiS-patches.patch
spec-dhcp-enter-hooks.patch
remove-unecessary-dhcp-exit-hooks-file.patch
dhclient-dhcp6-set-hostname.patch
0001-Update-package-versioning-for-TIS-format.patch
mark-dhclient.conf-as-config.patch
dhclient-disable-NSUPDATE.patch

Some files were not shown because too many files have changed in this diff Show More