mirror of
https://github.com/cjdelisle/cjdns
synced 2025-10-06 00:32:50 +02:00
217 lines
6.3 KiB
RPMSpec
217 lines
6.3 KiB
RPMSpec
%define commit0 00a90f0997e2863dd218d04f95e24401f2037a4c
|
|
%define shortcommit0 00a90f09
|
|
|
|
Name: cjdns
|
|
# major version is cjdns protocol version:
|
|
Version: 16.0
|
|
Release: 5%{?dist}
|
|
Summary: The privacy-friendly network without borders
|
|
Group: System Environment/Base
|
|
License: GPL3
|
|
URL: https://hyperboria.net/
|
|
Source0: https://github.com/cjdelisle/cjdns/archive/%{commit0}.tar.gz#/%{name}-%{shortcommit0}.tar.gz
|
|
# Add targeted selinux policy
|
|
Patch0: cjdns.selinux.patch
|
|
# Allow python2.6 for build. Python is not used during the build
|
|
# process. The python tools allegedly depend on python2.7, but that can
|
|
# be in Requires for the subpackage.
|
|
Patch1: cjdns.el6.patch
|
|
# Fix RLIMIT_NPROC - setuid() bug. In its low priv process, cjdroute calls
|
|
#
|
|
# setrlimit(RLIMIT_NPROC, &(struct rlimit){ 0, 0 })
|
|
#
|
|
# which on recent kernels prevents fork() or exec() after the following
|
|
# setuid(). This is due to changes discussed here:
|
|
#
|
|
# https://lwn.net/Articles/451985/
|
|
#
|
|
# On the 2.6.32 kernel used by EL6, the above causes setuid() to fail.
|
|
# This patch sets RLIMIT_NPROC to { 1, 1 } instead, which prevents
|
|
# fork(), but not exec.
|
|
Patch2: cjdns.nprocs.patch
|
|
# Add setgid to Security_setUser().
|
|
Patch3: cjdns.setgid.patch
|
|
# Change defaults generated by cjdroute --genconf
|
|
Patch4: cjdns.genconf.patch
|
|
# Patch contributed init scripts to put cjdroute in /usr/sbin
|
|
Patch5: cjdns.sbin.patch
|
|
|
|
# FIXME: selinux prevents cjdroute from writing to /etc/cjdroute.conf
|
|
# at first startup when run by the supplied init service scripts. This is
|
|
# probably correct. But the initial config needs to be generated another way.
|
|
|
|
# FIXME: getpwuid(uid) fails, because Security_admin has already done chroot.
|
|
|
|
BuildRequires: nodejs, make
|
|
#Requires:
|
|
Prereq: /usr/sbin/useradd
|
|
|
|
%description
|
|
Cjdns implements an encrypted IPv6 network using public-key cryptography for
|
|
address allocation and a distributed hash table for routing. This provides
|
|
near-zero-configuration networking, and prevents many of the security and
|
|
scalability issues that plague existing networks.
|
|
|
|
%package selinux
|
|
Summary: Targeted SELinux policy module for cjdns
|
|
Group: System Environment/Base
|
|
BuildRequires: policycoreutils, checkpolicy, selinux-policy-devel
|
|
Requires: policycoreutils, selinux-policy, %{name}
|
|
|
|
%description selinux
|
|
Targeted SELinux policy module for cjdns.
|
|
|
|
# FIXME: keep C tools separate?
|
|
%package tools
|
|
Summary: Command line tools for cjdns
|
|
Group: System Environment/Base
|
|
Requires: nodejs
|
|
|
|
%description tools
|
|
C language and nodejs tools for cjdns.
|
|
|
|
%prep
|
|
%setup -qn %{name}-%{commit0}
|
|
%patch0 -b .selinux
|
|
%if 0%{?rhel} == 6
|
|
%patch1 -b .el6
|
|
%patch2 -b .nprocs
|
|
%endif
|
|
%patch3 -b .setgid
|
|
%patch4 -b .genconf
|
|
%patch5 -b .sbin
|
|
|
|
# FIXME: grep Version_CURRENT_PROTOCOL util/version/Version.h and
|
|
# check that it matches major %{version}
|
|
|
|
%build
|
|
cd contrib/selinux
|
|
ln -s /usr/share/selinux/devel/Makefile .
|
|
make cjdns.pp
|
|
cd -
|
|
# nodejs based build system
|
|
./do
|
|
|
|
# FIXME: use system libuv on compatible systems
|
|
# bundled libuv is 0.11.4 with changes:
|
|
# https://github.com/cjdelisle/cjdns/commits/master/node_build/dependencies/libuv
|
|
|
|
%install
|
|
rm -rf $RPM_BUILD_ROOT
|
|
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
|
cp -p cjdroute $RPM_BUILD_ROOT%{_sbindir}
|
|
|
|
# init support
|
|
# FIXME: move cjdroute to /usr/sbin or /usr/lib/cjdns and patch init configs
|
|
%if 0%{?rhel} == 6
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/init
|
|
cp -p contrib/upstart/cjdns.conf $RPM_BUILD_ROOT/%{_sysconfdir}/init
|
|
%else
|
|
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
|
|
cp -p contrib/systemd/cjdns.service $RPM_BUILD_ROOT%{_unitdir}
|
|
%endif
|
|
|
|
# chroot
|
|
mkdir -p %{buildroot}/var/empty/cjdns
|
|
|
|
# install selinux modules
|
|
mkdir -p %{buildroot}%{_datadir}/selinux/targeted
|
|
cp -p contrib/selinux/cjdns.pp %{buildroot}%{_datadir}/selinux/targeted
|
|
ln contrib/selinux/cjdns.{te,fc} . # for doc dir
|
|
|
|
# install c and nodejs tools
|
|
mkdir -p %{buildroot}%{_prefix}/lib/cjdns/{node_build,contrib}
|
|
cp -p publictoip6 privatetopublic makekeys randombytes sybilsim \
|
|
$RPM_BUILD_ROOT%{_prefix}/lib/cjdns
|
|
cp -pr tools $RPM_BUILD_ROOT%{_prefix}/lib/cjdns
|
|
cp -p node_build/Semaphore.js $RPM_BUILD_ROOT%{_prefix}/lib/cjdns/node_build
|
|
cp -pr contrib/nodejs $RPM_BUILD_ROOT%{_prefix}/lib/cjdns/contrib
|
|
# symlinks for selected nodejs tools
|
|
mkdir -p %{buildroot}%{_bindir}
|
|
for t in peerStats sessionStats cjdnslog publictoip6; do
|
|
ln -sf %{_prefix}/lib/cjdns/tools/$t %{buildroot}%{_bindir}
|
|
done
|
|
|
|
%files
|
|
%{!?_licensedir:%global license %%doc}
|
|
%license LICENSE
|
|
%doc README.md README_RU.md HACKING.md
|
|
%attr(0100,root,root) /var/empty/cjdns
|
|
%{_sbindir}/cjdroute
|
|
%dir %{_prefix}/lib/cjdns
|
|
%if 0%{?rhel} == 6
|
|
/%{_sysconfdir}/init/*
|
|
%else
|
|
%{_unitdir}/*
|
|
%endif
|
|
|
|
%pre
|
|
getent passwd cjdns > /dev/null || /usr/sbin/useradd -c "" \
|
|
-r -d %{_prefix}/lib/cjdns -s /sbin/nologin %{name}
|
|
|
|
# FIXME: how do you get upstart on EL6 to reload the service?
|
|
%post
|
|
%if 0%{?rhel} != 6
|
|
%systemd_post cjdns.service
|
|
%endif
|
|
|
|
%preun
|
|
%if 0%{?rhel} == 6
|
|
if [ "$1" -eq 0 ]; then
|
|
/sbin/initctl stop cjdns
|
|
fi
|
|
%else
|
|
%systemd_preun cjdns.service
|
|
%endif
|
|
|
|
%postun
|
|
%if 0%{?rhel} == 6
|
|
if [ "$1" -ge 1 ]; then
|
|
/sbin/initctl restart cjdns
|
|
fi
|
|
%else
|
|
%systemd_postun_with_restart cjdns.service
|
|
%endif
|
|
|
|
%files selinux
|
|
%doc cjdns.te cjdns.fc
|
|
%{_datadir}/selinux/targeted/*
|
|
|
|
%post selinux
|
|
/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/cjdns.pp \
|
|
&>/dev/null || :
|
|
|
|
%postun selinux
|
|
if [ $1 -eq 0 ] ; then
|
|
/usr/sbin/semodule -s targeted -r cjdns &> /dev/null || :
|
|
fi
|
|
|
|
%files tools
|
|
%{_prefix}/lib/cjdns
|
|
%{_bindir}/*
|
|
|
|
%changelog
|
|
* Thu Sep 24 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-5
|
|
- Restart cjdroute on update, stop on uninstall
|
|
- symlink selected tools to bin
|
|
- use /var/empty/cjdns for chroot
|
|
- patch genconf to change chroot and setuser
|
|
- TODO: patch cjdroute to remove module request, handle externally
|
|
|
|
* Wed Sep 23 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-4
|
|
- Remove doc subpackage - only a meg of docs, and protocol is experimental.
|
|
- Fix for RLIMIT_NPROC - setuid bug.
|
|
- Add setgid to Security.c
|
|
- add contrib/nodejs so tools work
|
|
|
|
* Wed Sep 23 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-3
|
|
- Add selinux, doc and tools subpackages
|
|
- Support EL6
|
|
|
|
* Mon Sep 21 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-2
|
|
- nodejs not a runtime dependency of main package
|
|
- move binaries to /usr/bin (good idea?)
|
|
|
|
* Mon Sep 21 2015 Stuart D. Gathman <stuart@gathman.org> 16.0-1
|
|
- Initial RPM
|