December 2012 - openSUSE Commits - openSUSE Mailing Lists

commit usbredir for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package usbredir for openSUSE:Factory checked in at 2012-12-28 22:50:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/usbredir (Old) and /work/SRC/openSUSE:Factory/.usbredir.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "usbredir", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/usbredir/usbredir.changes 2012-12-05 14:10:07.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.usbredir.new/usbredir.changes 2012-12-28 22:50:32.000000000 +0100 @@ -1,0 +2,24 @@ +Sun Dec 23 11:28:14 UTC 2012 - zaitor(a)opensuse.org + +- Update to version 0.6: + + usbredirproto: + - add support for bulk packets with 32 bits length + - add support for buffered bulk input + + usbredirparser: + - add support for bulk packets with 32 bits length + - add support for buffered bulk input + + usbredirhost: + - add support for bulk packets with 32 bits length + - queue multiple transfers for interrupt receiving + - add support for buffered bulk input + - only apply mult to max-packet-size for isoc high speed + endpoints + - add a do-not-reset device blacklist, populate it with + 1210:001c +- Changes from version 0.5.3: + + usbredirparser: + - add support for bulk packets longer then 65535 bytes + + usbredirhost: + - add support for bulk packets longer then 65535 bytes + +------------------------------------------------------------------- Old: ---- usbredir-0.5.2.tar.bz2 New: ---- usbredir-0.6.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ usbredir.spec ++++++ --- /var/tmp/diff_new_pack.huvApw/_old 2012-12-28 22:50:33.000000000 +0100 +++ /var/tmp/diff_new_pack.huvApw/_new 2012-12-28 22:50:33.000000000 +0100 @@ -18,7 +18,7 @@ Name: usbredir -Version: 0.5.2 +Version: 0.6 Release: 0 Summary: A protocol for redirection USB traffic License: GPL-2.0+ and LGPL-2.1+ ++++++ usbredir-0.5.2.tar.bz2 -> usbredir-0.6.tar.bz2 ++++++ ++++ 2354 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit u-boot for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package u-boot for openSUSE:Factory checked in at 2012-12-28 22:50:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/u-boot (Old) and /work/SRC/openSUSE:Factory/.u-boot.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "u-boot", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/u-boot/u-boot-highbank.changes 2012-10-24 10:24:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.u-boot.new/u-boot-highbank.changes 2012-12-28 22:50:22.000000000 +0100 @@ -1,0 +2,13 @@ +Wed Oct 24 22:33:13 UTC 2012 - agraf(a)suse.com + +- add sdhc-1.patch, sdhc-2.patch, sdhc-3.patch: + * backport upstream sdhc fixes + +------------------------------------------------------------------- +Wed Oct 24 01:37:36 CEST 2012 - agraf(a)suse.de + +- update to 2012.10: + - refresh patches 0006-ARMV7-hardfp-build-fix.patch, mlo-ext2.patch, + loadaddr-defaults.patch, mx53loco-bootscr.patch + +------------------------------------------------------------------- u-boot-mx53loco.changes: same change u-boot-omap4panda.changes: same change u-boot-origen.changes: same change u-boot-u8500href.changes: same change u-boot.changes: same change Old: ---- u-boot-2012.04.01.tar.bz2 New: ---- sdhc-1.patch sdhc-2.patch sdhc-3.patch u-boot-2012.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ u-boot-highbank.spec ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -22,7 +22,7 @@ %define origen_spl 0 Name: u-boot-highbank -Version: 2012.04.01 +Version: 2012.10 Release: 0 Summary: The u-boot firmware for the highbank arm platform License: GPL-2.0 @@ -37,6 +37,9 @@ Patch4: beagle-bootscr.patch Patch5: mx53loco-bootscr.patch Patch6: exynos-ext2.patch +Patch7: sdhc-1.patch +Patch8: sdhc-2.patch +Patch9: sdhc-3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: u-boot-loader Conflicts: otherproviders(u-boot-loader) @@ -69,6 +72,9 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build make %{?jobs:-j %jobs} CFLAGS="$RPM_OPT_FLAGS" highbank_config ++++++ u-boot-mx53loco.spec ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -22,7 +22,7 @@ %define origen_spl 0 Name: u-boot-mx53loco -Version: 2012.04.01 +Version: 2012.10 Release: 0 Summary: The u-boot firmware for the mx53loco arm platform License: GPL-2.0 @@ -37,6 +37,9 @@ Patch4: beagle-bootscr.patch Patch5: mx53loco-bootscr.patch Patch6: exynos-ext2.patch +Patch7: sdhc-1.patch +Patch8: sdhc-2.patch +Patch9: sdhc-3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: u-boot-loader Conflicts: otherproviders(u-boot-loader) @@ -69,6 +72,9 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build make %{?jobs:-j %jobs} CFLAGS="$RPM_OPT_FLAGS" mx53loco_config ++++++ u-boot-omap4panda.spec ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -22,7 +22,7 @@ %define origen_spl 0 Name: u-boot-omap4panda -Version: 2012.04.01 +Version: 2012.10 Release: 0 Summary: The u-boot firmware for the omap4panda arm platform License: GPL-2.0 @@ -37,6 +37,9 @@ Patch4: beagle-bootscr.patch Patch5: mx53loco-bootscr.patch Patch6: exynos-ext2.patch +Patch7: sdhc-1.patch +Patch8: sdhc-2.patch +Patch9: sdhc-3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: u-boot-loader Conflicts: otherproviders(u-boot-loader) @@ -69,6 +72,9 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build make %{?jobs:-j %jobs} CFLAGS="$RPM_OPT_FLAGS" omap4_panda_config ++++++ u-boot-origen.spec ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -22,7 +22,7 @@ %define origen_spl 1 Name: u-boot-origen -Version: 2012.04.01 +Version: 2012.10 Release: 0 Summary: The u-boot firmware for the origen arm platform License: GPL-2.0 @@ -37,6 +37,9 @@ Patch4: beagle-bootscr.patch Patch5: mx53loco-bootscr.patch Patch6: exynos-ext2.patch +Patch7: sdhc-1.patch +Patch8: sdhc-2.patch +Patch9: sdhc-3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: u-boot-loader Conflicts: otherproviders(u-boot-loader) @@ -69,6 +72,9 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build make %{?jobs:-j %jobs} CFLAGS="$RPM_OPT_FLAGS" origen_config ++++++ u-boot-u8500href.spec ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -22,7 +22,7 @@ %define origen_spl 0 Name: u-boot-u8500href -Version: 2012.04.01 +Version: 2012.10 Release: 0 Summary: The u-boot firmware for the u8500href arm platform License: GPL-2.0 @@ -37,6 +37,9 @@ Patch4: beagle-bootscr.patch Patch5: mx53loco-bootscr.patch Patch6: exynos-ext2.patch +Patch7: sdhc-1.patch +Patch8: sdhc-2.patch +Patch9: sdhc-3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: u-boot-loader Conflicts: otherproviders(u-boot-loader) @@ -69,6 +72,9 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build make %{?jobs:-j %jobs} CFLAGS="$RPM_OPT_FLAGS" u8500_href_config ++++++ u-boot.spec ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -19,7 +19,7 @@ Name: u-boot -Version: 2012.04.01 +Version: 2012.10 Release: 0 Summary: Tools for the u-boot Firmware License: GPL-2.0 ++++++ 0006-ARMV7-hardfp-build-fix.patch ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -1,7 +1,7 @@ -Index: u-boot-2010.09/arch/arm/cpu/armv7/config.mk +Index: u-boot-2012.10/arch/arm/cpu/armv7/config.mk =================================================================== ---- u-boot-2010.09.orig/arch/arm/cpu/armv7/config.mk 2011-02-17 18:43:19.828905882 +0530 -+++ u-boot-2010.09/arch/arm/cpu/armv7/config.mk 2011-02-17 18:43:33.356906110 +0530 +--- u-boot-2012.10.orig/arch/arm/cpu/armv7/config.mk ++++ u-boot-2012.10/arch/arm/cpu/armv7/config.mk @@ -20,7 +20,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, # MA 02111-1307 USA @@ -9,5 +9,5 @@ -PLATFORM_RELFLAGS += -fno-common -ffixed-r8 -msoft-float +PLATFORM_RELFLAGS += -fno-common -ffixed-r8 - # Make ARMv5 to allow more compilers to work, even though its v7a. - PLATFORM_CPPFLAGS += -march=armv5 + # If armv7-a is not supported by GCC fall-back to armv5, which is + # supported by more tool-chains ++++++ loadaddr-defaults.patch ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -11,11 +11,11 @@ Signed-off-by: Alexander Graf <agraf(a)suse.de> -diff --git a/include/configs/omap3_beagle.h b/include/configs/omap3_beagle.h -index 0c46d5b..c4df587 100644 ---- a/include/configs/omap3_beagle.h -+++ b/include/configs/omap3_beagle.h -@@ -218,6 +218,8 @@ +Index: u-boot-2012.10/include/configs/omap3_beagle.h +=================================================================== +--- u-boot-2012.10.orig/include/configs/omap3_beagle.h ++++ u-boot-2012.10/include/configs/omap3_beagle.h +@@ -220,6 +220,8 @@ #define CONFIG_EXTRA_ENV_SETTINGS \ "loadaddr=0x80200000\0" \ "rdaddr=0x81000000\0" \ @@ -24,16 +24,16 @@ "usbtty=cdc_acm\0" \ "bootfile=uImage.beagle\0" \ "console=ttyO2,115200n8\0" \ -diff --git a/include/configs/omap4_common.h b/include/configs/omap4_common.h -index 00578fe..bc802f4 100644 ---- a/include/configs/omap4_common.h -+++ b/include/configs/omap4_common.h -@@ -150,6 +150,8 @@ +Index: u-boot-2012.10/include/configs/omap4_common.h +=================================================================== +--- u-boot-2012.10.orig/include/configs/omap4_common.h ++++ u-boot-2012.10/include/configs/omap4_common.h +@@ -145,6 +145,8 @@ #define CONFIG_EXTRA_ENV_SETTINGS \ "loadaddr=0x82000000\0" \ + "kerneladdr=0x80000000\0" \ + "ramdiskaddr=0x82000000\0" \ "console=ttyO2,115200n8\0" \ + "fdt_high=0xffffffff\0" \ "usbtty=cdc_acm\0" \ - "vram=16M\0" \ ++++++ mlo-ext2.patch ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -1,11 +1,11 @@ -diff --git a/arch/arm/cpu/armv7/omap-common/spl_mmc.c b/arch/arm/cpu/armv7/omap-common/spl_mmc.c -index 6f5b43e..f369e47 100644 ---- a/arch/arm/cpu/armv7/omap-common/spl_mmc.c -+++ b/arch/arm/cpu/armv7/omap-common/spl_mmc.c -@@ -83,6 +83,53 @@ end: - } +Index: u-boot-2012.10/drivers/mmc/spl_mmc.c +=================================================================== +--- u-boot-2012.10.orig/drivers/mmc/spl_mmc.c ++++ u-boot-2012.10/drivers/mmc/spl_mmc.c +@@ -67,6 +67,53 @@ end: } + #ifdef CONFIG_SPL_FAT_SUPPORT +static void mmc_load_image_ext2(struct mmc *mmc) +{ + s32 err; @@ -16,34 +16,34 @@ + header = (struct image_header *)(CONFIG_SYS_TEXT_BASE - + sizeof(struct image_header)); + -+ err = ext2fs_set_blk_dev(&mmc->block_dev, ++ err = ext4fs_set_blk_dev(&mmc->block_dev, + CONFIG_SYS_MMC_SD_FAT_BOOT_PARTITION); + if (!err) { -+ printf("spl: ext2fs register err - %d\n", err); ++ printf("spl: ext4fs register err - %d\n", err); + hang(); + } + -+ err = ext2fs_mount(0); ++ err = ext4fs_mount(0); + if (!err) { -+ printf("spl: ext2fs mount err - %d\n", err); ++ printf("spl: ext4fs mount err - %d\n", err); + hang(); + } + + + payloadname = "u-boot.bin"; + -+ filelen = err = ext2fs_open(payloadname); ++ filelen = err = ext4fs_open(payloadname); + if (err < 0) { + goto end; + } -+ err = ext2fs_read((u8 *)header, sizeof(struct image_header)); ++ err = ext4fs_read((u8 *)header, sizeof(struct image_header)); + if (err <= 0) { + goto end; + } + + spl_parse_image_header(header); + -+ err = ext2fs_read((u8 *)spl_image.load_addr, filelen); ++ err = ext4fs_read((u8 *)spl_image.load_addr, filelen); + +end: + if (err <= 0) { @@ -56,32 +56,30 @@ static void mmc_load_image_fat(struct mmc *mmc) { s32 err; -@@ -136,12 +183,14 @@ void spl_mmc_load_image(void) +@@ -121,13 +168,15 @@ void spl_mmc_load_image(void) hang(); } - boot_mode = omap_boot_mode(); + boot_mode = spl_boot_mode(); + boot_mode = MMCSD_MODE_FAT; if (boot_mode == MMCSD_MODE_RAW) { debug("boot mode - RAW\n"); mmc_load_image_raw(mmc); + #ifdef CONFIG_SPL_FAT_SUPPORT } else if (boot_mode == MMCSD_MODE_FAT) { debug("boot mode - FAT\n"); - mmc_load_image_fat(mmc); +// mmc_load_image_fat(mmc); + mmc_load_image_ext2(mmc); + #endif } else { puts("spl: wrong MMC boot mode\n"); - hang(); -diff --git a/fs/ext2/ext2fs.c b/fs/ext2/ext2fs.c -index f621741..f38697c 100644 ---- a/fs/ext2/ext2fs.c -+++ b/fs/ext2/ext2fs.c -@@ -25,9 +25,47 @@ - - #include <common.h> - #include <ext2fs.h> --#include <malloc.h> - #include <asm/byteorder.h> +Index: u-boot-2012.10/fs/ext4/dev.c +=================================================================== +--- u-boot-2012.10.orig/fs/ext4/dev.c ++++ u-boot-2012.10/fs/ext4/dev.c +@@ -41,6 +41,45 @@ + #include <ext4fs.h> + #include <ext_common.h> +#ifndef CONFIG_SPL_BUILD + @@ -122,14 +120,14 @@ +#endif + + - extern int ext2fs_devread (int sector, int byte_offset, int byte_len, - char *buf); + unsigned long part_offset; -diff --git a/include/configs/omap3_beagle.h b/include/configs/omap3_beagle.h -index ddeb414..0c46d5b 100644 ---- a/include/configs/omap3_beagle.h -+++ b/include/configs/omap3_beagle.h -@@ -256,7 +256,7 @@ + static block_dev_desc_t *ext4fs_block_dev_desc; +Index: u-boot-2012.10/include/configs/omap3_beagle.h +=================================================================== +--- u-boot-2012.10.orig/include/configs/omap3_beagle.h ++++ u-boot-2012.10/include/configs/omap3_beagle.h +@@ -258,7 +258,7 @@ "root=${nandroot} " \ "rootfstype=${nandrootfstype}\0" \ "bootenv=uEnv.txt\0" \ @@ -138,7 +136,7 @@ "importbootenv=echo Importing environment from mmc ...; " \ "env import -t $loadaddr $filesize\0" \ "ramargs=setenv bootargs console=${console} " \ -@@ -268,8 +268,8 @@ +@@ -270,8 +270,8 @@ "omapdss.def_disp=${defaultdisplay} " \ "root=${ramroot} " \ "rootfstype=${ramrootfstype}\0" \ @@ -149,11 +147,11 @@ "loaduimage=ext2load mmc ${mmcdev}:2 ${loadaddr} /boot/uImage\0" \ "mmcboot=echo Booting from mmc ...; " \ "run mmcargs; " \ -diff --git a/include/configs/omap4_common.h b/include/configs/omap4_common.h -index a989721..00578fe 100644 ---- a/include/configs/omap4_common.h -+++ b/include/configs/omap4_common.h -@@ -160,10 +160,10 @@ +Index: u-boot-2012.10/include/configs/omap4_common.h +=================================================================== +--- u-boot-2012.10.orig/include/configs/omap4_common.h ++++ u-boot-2012.10/include/configs/omap4_common.h +@@ -156,10 +156,10 @@ "vram=${vram} " \ "root=${mmcroot} " \ "rootfstype=${mmcrootfstype}\0" \ @@ -166,11 +164,11 @@ "mmcboot=echo Booting from mmc${mmcdev} ...; " \ "run mmcargs; " \ "bootm ${loadaddr}\0" \ -diff --git a/spl/Makefile b/spl/Makefile -index ea7d475..6abfd7e 100644 ---- a/spl/Makefile -+++ b/spl/Makefile -@@ -51,6 +51,7 @@ LIBS-$(CONFIG_SPL_SERIAL_SUPPORT) += drivers/serial/libserial.o +Index: u-boot-2012.10/spl/Makefile +=================================================================== +--- u-boot-2012.10.orig/spl/Makefile ++++ u-boot-2012.10/spl/Makefile +@@ -51,6 +51,7 @@ LIBS-$(CONFIG_SPL_SERIAL_SUPPORT) += dri LIBS-$(CONFIG_SPL_SPI_FLASH_SUPPORT) += drivers/mtd/spi/libspi_flash.o LIBS-$(CONFIG_SPL_SPI_SUPPORT) += drivers/spi/libspi.o LIBS-$(CONFIG_SPL_FAT_SUPPORT) += fs/fat/libfat.o @@ -178,3 +176,61 @@ LIBS-$(CONFIG_SPL_LIBGENERIC_SUPPORT) += lib/libgeneric.o LIBS-$(CONFIG_SPL_POWER_SUPPORT) += drivers/power/libpower.o LIBS-$(CONFIG_SPL_NAND_SUPPORT) += drivers/mtd/nand/libnand.o +Index: u-boot-2012.10/fs/ext4/ext4fs.c +=================================================================== +--- u-boot-2012.10.orig/fs/ext4/ext4fs.c ++++ u-boot-2012.10/fs/ext4/ext4fs.c +@@ -34,7 +34,6 @@ + */ + + #include <common.h> +-#include <malloc.h> + #include <ext_common.h> + #include <ext4fs.h> + #include <linux/stat.h> +@@ -905,6 +904,45 @@ void ext4fs_deinit(void) + fs->inode_bmaps = NULL; + } + ++#ifndef CONFIG_SPL_BUILD ++ ++#include <malloc.h> ++ ++#else ++ ++/* compat stuff */ ++ ++void *free_buf; ++void *topmost_entry; ++int topmost_size; ++char heap[10240]; ++ ++static inline void *malloc(int size) ++{ ++ void *r; ++ if (!free_buf) ++ free_buf = heap; ++ memset(free_buf, 0, size); ++ r = free_buf; ++ free_buf += size; ++ topmost_entry = r; ++ topmost_size = size; ++ return r; ++} ++ ++static inline void free(void *p) ++{ ++ if (p == topmost_entry) { ++ free_buf -= topmost_size; ++ topmost_entry = 0; ++ } else { ++ printf("leaked %d bytes\n", topmost_size); ++ } ++} ++ ++#endif ++ ++ + + free(fs->gdtable); + fs->gdtable = NULL; ++++++ mx53loco-bootscr.patch ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -2,20 +2,12 @@ =================================================================== --- u-boot-2012.04.01.orig/include/configs/mx53loco.h +++ u-boot-2012.04.01/include/configs/mx53loco.h -@@ -56,6 +56,7 @@ - #define CONFIG_CMD_MMC - #define CONFIG_GENERIC_MMC - #define CONFIG_CMD_FAT -+#define CONFIG_CMD_EXT2 - #define CONFIG_DOS_PARTITION - - /* Eth Configs */ @@ -106,6 +107,8 @@ #define CONFIG_EXTRA_ENV_SETTINGS \ "script=boot.scr\0" \ "uimage=uImage\0" \ + "kerneladdr=0x70800000\0" \ -+ "ramdiskaddr=0x72000000\0" \ ++ "ramdiskaddr=0x7e000000\0" \ "mmcdev=0\0" \ "mmcpart=2\0" \ "mmcroot=/dev/mmcblk0p3 rw\0" \ ++++++ sdhc-1.patch ++++++ From: Jaehoon Chung <jh80.chung(a)samsung.com> Date: Thu, 20 Sep 2012 20:31:54 +0000 (+0000) Subject: mmc: sdhci: increase the timeout value for data transfer X-Git-Url: http://git.denx.de/?p=u-boot.git;a=commitdiff_plain;h=5d48e4224791611498456… mmc: sdhci: increase the timeout value for data transfer Timeout value is tunable. When run read/write operation, sometime returned the timeout error. Because the timeout value is too short. So increased the enough timeout value. (This timeout value is used to prevent the infinite loop.) Signed-off-by: Jaehoon Chung <jh80.chung(a)samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park(a)samsung.com> Signed-off-by: Andy Fleming <afleming(a)freescale.com> --- diff --git a/drivers/mmc/sdhci.c b/drivers/mmc/sdhci.c index 2e3c408..9329874 100644 --- a/drivers/mmc/sdhci.c +++ b/drivers/mmc/sdhci.c @@ -83,7 +83,7 @@ static int sdhci_transfer_data(struct sdhci_host *host, struct mmc_data *data, { unsigned int stat, rdy, mask, timeout, block = 0; - timeout = 10000; + timeout = 1000000; rdy = SDHCI_INT_SPACE_AVAIL | SDHCI_INT_DATA_AVAIL; mask = SDHCI_DATA_AVAILABLE | SDHCI_SPACE_AVAILABLE; do { ++++++ sdhc-2.patch ++++++ From: Jaehoon Chung <jh80.chung(a)samsung.com> Date: Thu, 20 Sep 2012 20:31:55 +0000 (+0000) Subject: mmc: sdhci: add the DMA select for SDMA X-Git-Url: http://git.denx.de/?p=u-boot.git;a=commitdiff_plain;h=804c7f422169212e92530… mmc: sdhci: add the DMA select for SDMA In host-control register, DMA select bit field is present. BUt in sdhci.c, didn't select for DMA. if set CONFIG_MMC_SDMA, we need to set SDMA-select bit. Signed-off-by: Jaehoon Chung <jh80.chung(a)samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park(a)samsung.com> Signed-off-by: Andy Fleming <afleming(a)freescale.com> --- diff --git a/drivers/mmc/sdhci.c b/drivers/mmc/sdhci.c index 9329874..15b4686 100644 --- a/drivers/mmc/sdhci.c +++ b/drivers/mmc/sdhci.c @@ -82,6 +82,13 @@ static int sdhci_transfer_data(struct sdhci_host *host, struct mmc_data *data, unsigned int start_addr) { unsigned int stat, rdy, mask, timeout, block = 0; +#ifdef CONFIG_MMC_SDMA + unsigned char ctrl; + ctrl = sdhci_readl(host, SDHCI_HOST_CONTROL); + ctrl &= ~SDHCI_CTRL_DMA_MASK; + ctrl |= SDHCI_CTRL_SDMA; + sdhci_writel(host, ctrl, SDHCI_HOST_CONTROL); +#endif timeout = 1000000; rdy = SDHCI_INT_SPACE_AVAIL | SDHCI_INT_DATA_AVAIL; ++++++ sdhc-3.patch ++++++ From: Tushar Behera <tushar.behera(a)linaro.org> Date: Thu, 20 Sep 2012 20:31:57 +0000 (+0000) Subject: mmc: sdhci: Add a quirk to add delay during completion of sdhci_send_cmd X-Git-Url: http://git.denx.de/?p=u-boot.git;a=commitdiff_plain;h=13243f2eafc4292917178… mmc: sdhci: Add a quirk to add delay during completion of sdhci_send_cmd MMC host controller requires a delay between every sdhci_send_cmd() execution. In s5p_mmc driver (s5p_sdhci replaces this driver), a delay of 1000us was provided after every mmc_send_cmd() call. Adding a quirk in current sdhci driver to replicate the behaviour. Without this delay, MMC initialization on Origen board fails with following error messages. Timeout for status update! mmc fail to send stop cmd Signed-off-by: Tushar Behera <tushar.behera(a)linaro.org> Signed-off-by: Jaehoon Chung <jh80.chung(a)samsung.com> Signed-off-by: Andy Fleming <afleming(a)freescale.com> --- diff --git a/drivers/mmc/s5p_sdhci.c b/drivers/mmc/s5p_sdhci.c index b978236..dc49d37 100644 --- a/drivers/mmc/s5p_sdhci.c +++ b/drivers/mmc/s5p_sdhci.c @@ -83,7 +83,8 @@ int s5p_sdhci_init(u32 regbase, int index, int bus_width) host->ioaddr = (void *)regbase; host->quirks = SDHCI_QUIRK_NO_HISPD_BIT | SDHCI_QUIRK_BROKEN_VOLTAGE | - SDHCI_QUIRK_BROKEN_R1B | SDHCI_QUIRK_32BIT_DMA_ADDR; + SDHCI_QUIRK_BROKEN_R1B | SDHCI_QUIRK_32BIT_DMA_ADDR | + SDHCI_QUIRK_WAIT_SEND_CMD; host->voltages = MMC_VDD_32_33 | MMC_VDD_33_34 | MMC_VDD_165_195; host->version = sdhci_readw(host, SDHCI_HOST_VERSION); diff --git a/drivers/mmc/sdhci.c b/drivers/mmc/sdhci.c index 15b4686..7845f87 100644 --- a/drivers/mmc/sdhci.c +++ b/drivers/mmc/sdhci.c @@ -240,6 +240,9 @@ int sdhci_send_command(struct mmc *mmc, struct mmc_cmd *cmd, if (!ret && data) ret = sdhci_transfer_data(host, data, start_addr); + if (host->quirks & SDHCI_QUIRK_WAIT_SEND_CMD) + udelay(1000); + stat = sdhci_readl(host, SDHCI_INT_STATUS); sdhci_writel(host, SDHCI_INT_ALL_MASK, SDHCI_INT_STATUS); if (!ret) { diff --git a/include/sdhci.h b/include/sdhci.h index c0345ed..c44793d 100644 --- a/include/sdhci.h +++ b/include/sdhci.h @@ -224,6 +224,7 @@ #define SDHCI_QUIRK_NO_HISPD_BIT (1 << 3) #define SDHCI_QUIRK_BROKEN_VOLTAGE (1 << 4) #define SDHCI_QUIRK_NO_CD (1 << 5) +#define SDHCI_QUIRK_WAIT_SEND_CMD (1 << 6) /* to make gcc happy */ struct sdhci_host; ++++++ u-boot-2012.04.01.tar.bz2 -> u-boot-2012.10.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/u-boot/u-boot-2012.04.01.tar.bz2 /work/SRC/openSUSE:Factory/.u-boot.new/u-boot-2012.10.tar.bz2 differ: char 11, line 1 ++++++ u-boot.spec.in ++++++ --- /var/tmp/diff_new_pack.VqEw5e/_old 2012-12-28 22:50:24.000000000 +0100 +++ /var/tmp/diff_new_pack.VqEw5e/_new 2012-12-28 22:50:24.000000000 +0100 @@ -22,7 +22,7 @@ %define origen_spl ORIGEN_SPL Name: u-boot-BOARDNAME -Version: 2012.04.01 +Version: 2012.10 Release: 0 Summary: The u-boot firmware for the BOARDNAME arm platform License: GPL-2.0 @@ -37,6 +37,9 @@ Patch4: beagle-bootscr.patch Patch5: mx53loco-bootscr.patch Patch6: exynos-ext2.patch +Patch7: sdhc-1.patch +Patch8: sdhc-2.patch +Patch9: sdhc-3.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: u-boot-loader Conflicts: otherproviders(u-boot-loader) @@ -69,6 +72,9 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build make %{?jobs:-j %jobs} CFLAGS="$RPM_OPT_FLAGS" BOARDCONFIG -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit tomahawk for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package tomahawk for openSUSE:Factory checked in at 2012-12-28 22:50:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tomahawk (Old) and /work/SRC/openSUSE:Factory/.tomahawk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tomahawk", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/tomahawk/tomahawk.changes 2012-12-19 13:31:26.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.tomahawk.new/tomahawk.changes 2012-12-28 22:50:13.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Dec 18 21:44:30 UTC 2012 - dev(a)dominik-schmidt.de + +- when breakpad is disabled, also disable the crash reporter + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tomahawk.spec ++++++ --- /var/tmp/diff_new_pack.Y773Gx/_old 2012-12-28 22:50:13.000000000 +0100 +++ /var/tmp/diff_new_pack.Y773Gx/_new 2012-12-28 22:50:13.000000000 +0100 @@ -92,8 +92,9 @@ -DCMAKE_INSTALL_LIBEXECDIR=lib \ -DCMAKE_BUILD_TYPE=RelWithDebInfo \ -DCMAKE_VERBOSE_MAKEFILE=ON \ -%ifarch ppc ppc64 - -DWITH_BREAKPAD=NO \ +%ifarch %arm ppc ppc64 + -DWITH_CRASHREPORTER=OFF \ + -DWITH_BREAKPAD=OFF \ %endif -DBUILD_RELEASE=ON @@ -132,7 +133,7 @@ %doc LICENSE.txt README ChangeLog AUTHORS %{_bindir}/tomahawk -%ifnarch %arm +%ifnarch %arm ppc ppc64 %{_libexecdir}/tomahawk_crash_reporter %endif -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit swig for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package swig for openSUSE:Factory checked in at 2012-12-28 22:50:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/swig (Old) and /work/SRC/openSUSE:Factory/.swig.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "swig", Maintainer is "MMarek(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/swig/swig.changes 2012-12-21 10:36:05.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.swig.new/swig.changes 2012-12-28 22:50:01.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Dec 20 09:40:06 UTC 2012 - kkaempf(a)suse.com + +- Fix RHEL4 and 6 build + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ swig.spec ++++++ --- /var/tmp/diff_new_pack.zjcyQ6/_old 2012-12-28 22:50:02.000000000 +0100 +++ /var/tmp/diff_new_pack.zjcyQ6/_new 2012-12-28 22:50:02.000000000 +0100 @@ -48,11 +48,11 @@ %define docpath %{_docdir}/%{name}-%{version} BuildRequires: pkgconfig BuildRequires: ruby -%if (0%{?rhel_version} < 600) && (0%{?centos_version} < 600) +%if 0%{?rhel_version} < 600 && 0%{?centos_version} < 600 # not available on RHEL-6 BuildRequires: ruby-devel %endif -%if 0%{?rhel_version} + 0%{?centos_version} == 0 +%if 0%{?fedora} > 0 || 0%{?rhel_version} >= 600 ||0%{?centos_version} >= 600 BuildRequires: perl-devel %endif %endif -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit slrn for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package slrn for openSUSE:Factory checked in at 2012-12-28 22:49:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/slrn (Old) and /work/SRC/openSUSE:Factory/.slrn.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "slrn", Maintainer is "nadvornik(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/slrn/slrn.changes 2012-05-26 09:29:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.slrn.new/slrn.changes 2012-12-28 22:49:51.000000000 +0100 @@ -1,0 +2,11 @@ +Sat Dec 22 10:09:06 UTC 2012 - gber(a)opensuse.org + +- update to version 1.0.1 + - macros/mime.sl: Add an option to view all parts of a mime + multipart message + - src/art_misc.c: New config variable: "wrap_width", which sets the + width that will trigger wrapping + - doc/: Updated txt docs from slrn doc project's svn repos + - An issue with the wrap_width variable was fixed + +------------------------------------------------------------------- Old: ---- slrn-pre1.0.0-40.tar.gz New: ---- slrn-1.0.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ slrn.spec ++++++ --- /var/tmp/diff_new_pack.EFOy9A/_old 2012-12-28 22:49:52.000000000 +0100 +++ /var/tmp/diff_new_pack.EFOy9A/_new 2012-12-28 22:49:52.000000000 +0100 @@ -16,10 +16,8 @@ # -%define upstream_version pre1.0.0-40 - Name: slrn -Version: 1.0pre40 +Version: 1.0.1 Release: 0 Summary: Powerful, Threaded Newsreader License: GPL-2.0+ @@ -27,8 +25,8 @@ Url: http://www.slrn.org ## commented, cause previous files got deleted when new files are added ## hey, he call them snapshot versions -#Source: http://www.jedsoft.org/snapshots/slrn-%{upstream_version}.tar.gz -Source: slrn-%{upstream_version}.tar.gz +#Source: http://www.jedsoft.org/slrn/download/slrn-%{version}.tar.gz +Source: slrn-%{version}.tar.gz # PATCH-FIX-OPENSUSE slrn-do-not-strip-binaries.diff gber(a)opensuse.org -- Prevents binaris from being stripped Patch0: slrn-do-not-strip-binaries.patch # PATCH-FIX-UPSTREAM slrn-fix-libgnutls-extra-dependency.patch gber(a)opensuse.org -- Prevents unnecessary linking against libgnutls-extra @@ -56,7 +54,7 @@ %lang_package %prep -%setup -q -n %{name}-%{upstream_version} +%setup -q %patch0 -p1 %patch1 -p1 ++++++ slrn-pre1.0.0-40.tar.gz -> slrn-1.0.1.tar.gz ++++++ ++++ 5235 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit selinux-policy for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package selinux-policy for openSUSE:Factory checked in at 2012-12-28 22:49:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old) and /work/SRC/openSUSE:Factory/.selinux-policy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "selinux-policy", Maintainer is "VCizek(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes 2011-09-23 12:45:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes 2012-12-28 22:49:31.000000000 +0100 @@ -1,0 +2,31 @@ +Tue Dec 11 13:40:27 UTC 2012 - vcizek(a)suse.com + +- bump up policy version to 27, due to recent libsepol update +- dropped currently unused policy-rawhide.patch +- fix installing of file_contexts (this enables restorecond to run properly) +- Recommends: audit and setools + +------------------------------------------------------------------- +Mon Dec 10 15:47:13 UTC 2012 - meissner(a)suse.com + +- mark included files in source + +------------------------------------------------------------------- +Mon Oct 22 18:47:00 UTC 2012 - vcizek(a)suse.com + +- update to 2.20120725 +- added selinux-policy-run_sepolgen_during_build.patch +- renamed patch with SUSE-specific policy to selinux-policy-SUSE.patch +- dropped policygentool and OLPC stuff + +------------------------------------------------------------------- +Wed May 9 10:01:26 UTC 2012 - coolo(a)suse.com + +- patch license to be in spdx.org format + +------------------------------------------------------------------- +Fri May 21 16:05:49 CEST 2010 - prusnak(a)suse.cz + +- use policy created by Alan Rouse + +------------------------------------------------------------------- Old: ---- config refpolicy-2.20081210.tar.bz2 selinux-policy-build_conf.patch New: ---- Alan_Rouse-Policy_Development_Process.txt Alan_Rouse-openSUSE_with_SELinux.txt Makefile.devel booleans-minimum.conf booleans-mls.conf booleans-targeted.conf booleans.subs_dist config.tgz customizable_types file_contexts.subs_dist modules-minimum.conf modules-mls.conf modules-targeted.conf refpolicy-2.20120725.tar.bz2 securetty_types-minimum securetty_types-mls securetty_types-targeted selinux-policy-SUSE.patch selinux-policy-run_sepolgen_during_build.patch selinux-policy.conf selinux-policy.sysconfig setrans-minimum.conf setrans-mls.conf setrans-targeted.conf users-minimum users-mls users-targeted ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ selinux-policy.spec ++++++ --- /var/tmp/diff_new_pack.xgxPue/_old 2012-12-28 22:49:33.000000000 +0100 +++ /var/tmp/diff_new_pack.xgxPue/_new 2012-12-28 22:49:33.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package selinux-policy (Version 2.20081210) +# spec file for package selinux-policy # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,103 +15,507 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - +%define distro suse +%define polyinstatiate n +%define monolithic n +%if %{?BUILD_DOC:0}%{!?BUILD_DOC:1} +%define BUILD_DOC 0 +%endif +%if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1} +%define BUILD_TARGETED 1 +%endif +# minimum policy is currently disabled a may not even build +%if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1} +%define BUILD_MINIMUM 0 +%endif +%if %{?BUILD_MLS:0}%{!?BUILD_MLS:1} +%define BUILD_MLS 1 +%endif +%define POLICYVER 27 +%define libsepolver 2.0.20-1 +%define POLICYCOREUTILSVER 2.0.71-2 +%define CHECKPOLICYVER 2.0.16-3 + +Summary: SELinux policy configuration +License: GPL-2.0+ +Group: System/Management Name: selinux-policy -Version: 2.20081210 -Release: 4 -Url: http://oss.tresys.com/projects/refpolicy/ -License: GPLv2 -Group: System/Base -Summary: SELinux policies +Version: 2.20120725 +Release: 1%{?dist} Source: refpolicy-%{version}.tar.bz2 -Source1: config -Patch0: %{name}-build_conf.patch +Source1: modules-targeted.conf +Source2: booleans-targeted.conf +Source3: Makefile.devel +Source4: setrans-targeted.conf +Source5: modules-mls.conf +Source6: booleans-mls.conf +Source8: setrans-mls.conf +Source14: securetty_types-targeted +Source15: securetty_types-mls +Source16: modules-minimum.conf +Source17: booleans-minimum.conf +Source18: setrans-minimum.conf +Source19: securetty_types-minimum +Source20: customizable_types +Source21: config.tgz +Source22: users-mls +Source23: users-targeted +Source25: users-minimum +Source26: selinux-policy.sysconfig +Source27: selinux-policy.conf +Source28: file_contexts.subs_dist +Source30: booleans.subs_dist + +# the following two files are more like a packaging documentation +Source40: Alan_Rouse-openSUSE_with_SELinux.txt +Source41: Alan_Rouse-Policy_Development_Process.txt + +# PATCH-FEATURE-OPENSUSE SUSE specific policy from Alan Rouse +Patch1: selinux-policy-SUSE.patch +# PATCH-FEATURE-OPENSUSE check for errors in .if files +Patch3: selinux-policy-run_sepolgen_during_build.patch + +Url: http://oss.tresys.com/repos/refpolicy/ BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: checkpolicy libsepol-devel m4 policycoreutils python python-xml BuildArch: noarch -# default is refpolicy-standard (mentioned in config) -Requires: selinux-policy-refpolicy-standard +BuildRequires: %fillup_prereq +BuildRequires: %insserv_prereq +BuildRequires: bzip2 +BuildRequires: checkpolicy >= %{CHECKPOLICYVER} +BuildRequires: gawk +BuildRequires: m4 +BuildRequires: policycoreutils-python >= %{POLICYCOREUTILSVER} +BuildRequires: python +BuildRequires: python-xml +# we need selinuxenabled +Requires(post): selinux-tools +Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} +Requires(post): /usr/bin/bunzip2 /bin/mktemp /bin/awk +Requires: checkpolicy >= %{CHECKPOLICYVER} +Requires: m4 +Recommends: audit +Recommends: selinux-tools +Obsoletes: selinux-policy-devel <= %{version}-%{release} +Provides: selinux-policy-devel = %{version}-%{release} %description -SELinux policy +SELinux Base package -%package refpolicy-standard -License: GPLv2 -Group: System/Base -Summary: SELinux policy - Tresys Standard Refpolicy -Requires: selinux-policy - -%description refpolicy-standard -SELinux policy - based on reference policy from Tresys - standard - -%package refpolicy-mcs -License: GPLv2 -Group: System/Base -Summary: SELinux policy - Tresys MCS Refpolicy -Requires: selinux-policy - -%description refpolicy-mcs -SELinux policy - based on reference policy from Tresys - mcs - -%package refpolicy-mls -License: GPLv2 -Group: System/Base -Summary: SELinux policy - Tresys MLS Refpolicy -Requires: selinux-policy +%files +%defattr(-,root,root,-) +%dir %{_usr}/share/selinux +%dir %{_usr}/share/selinux/packages +%dir %{_sysconfdir}/selinux +%attr(0600,root,root) %ghost %config(noreplace) %{_sysconfdir}/selinux/config +%dir /usr/lib/tmpfiles.d +%{_usr}/lib/tmpfiles.d/selinux-policy.conf +%{_mandir}/man*/* +# policycoreutils owns these manpage directories, we only own the files within them +%{_mandir}/ru/*/* +%dir %{_usr}/share/selinux/devel +%dir %{_usr}/share/selinux/devel/include +%{_usr}/share/selinux/devel/include/* +%{_usr}/share/selinux/devel/Makefile +%{_usr}/share/selinux/devel/example.* +%{_usr}/share/selinux/devel/policy.* +%dir %{_localstatedir}/adm/fillup-templates +%dir %{_localstatedir}/adm/fillup-templates/sysconfig.%{name} + +%package doc +Summary: SELinux policy documentation +Group: System/Management +Requires(pre): selinux-policy = %{version}-%{release} +Requires: /usr/bin/xdg-open + +%description doc +SELinux policy documentation package + +%files doc +%defattr(-,root,root,-) +%doc %{_usr}/share/doc/%{name}-%{version} +%attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp + +#TODO: this doesn't work currently +#%%check +#/usr/bin/sepolgen-ifgen -v -d -i %{buildroot}%{_usr}/share/selinux/devel/include -o /dev/null + +%define makeCmds() \ +make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \ +make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \ +cp -f selinux_config/modules-%1.conf ./policy/modules.conf \ +cp -f selinux_config/booleans-%1.conf ./policy/booleans.conf \ +cp -f selinux_config/users-%1 ./policy/users \ + +%define installCmds() \ +make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \ +make validate UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 modules \ +make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install \ +make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install-appconfig \ +%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/logins \ +%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/policy \ +%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules \ +%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/contexts/files \ +touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \ +touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \ +rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/booleans \ +touch %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \ +touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \ +install -m0644 selinux_config/securetty_types-%1 %{buildroot}%{_sysconfdir}/selinux/%1/contexts/securetty_types \ +install -m0644 selinux_config/file_contexts.subs_dist %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files \ +install -m0644 selinux_config/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \ +install -m0644 selinux_config/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \ +touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/seusers \ +touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.local \ +touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/nodes.local \ +touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users_extra.local \ +touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users.local \ +cp %{SOURCE30} %{buildroot}%{_sysconfdir}/selinux/%1 \ +bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \ +rm -f %{buildroot}/%{_usr}/share/selinux/%1/base.pp \ +for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/`basename $i`; done \ +rm -f %{buildroot}/%{_usr}/share/selinux/%1/*pp* \ +/usr/sbin/semodule -s %1 -n -B -p %{buildroot}; \ +/usr/bin/sha512sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f 1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policy.sha512; \ +rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \ +rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern +%nil + +%define fileList() \ +%defattr(-,root,root) \ +%dir %{_sysconfdir}/selinux/%1 \ +#%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \ +%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \ +%ghost %{_sysconfdir}/selinux/%1/seusers \ +%dir %{_sysconfdir}/selinux/%1/logins \ +%dir %{_sysconfdir}/selinux/%1/modules \ +%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \ +%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \ +%attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \ +%dir %{_sysconfdir}/selinux/%1/modules/active/modules \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/policy.kern \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/commit_num \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/base.pp \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.homedirs \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.template \ +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/seusers.final \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/netfilter_contexts \ +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/users_extra \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/homedir_template \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/*.pp \ +%ghost %{_sysconfdir}/selinux/%1/modules/active/*.local \ +%ghost %{_sysconfdir}/selinux/%1/modules/active/seusers \ +%dir %{_sysconfdir}/selinux/%1/policy/ \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \ +%{_sysconfdir}/selinux/%1/.policy.sha512 \ +%dir %{_sysconfdir}/selinux/%1/contexts \ +%config %{_sysconfdir}/selinux/%1/contexts/customizable_types \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/securetty_types \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \ +%config %{_sysconfdir}/selinux/%1/contexts/x_contexts \ +%config %{_sysconfdir}/selinux/%1/contexts/default_contexts \ +%config %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \ +%config %{_sysconfdir}/selinux/%1/contexts/virtual_image_context \ +#%config %{_sysconfdir}/selinux/%1/contexts/lxc_contexts \ +%config %{_sysconfdir}/selinux/%1/contexts/sepgsql_contexts \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/failsafe_context \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/removable_context \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/userhelper_context \ +%dir %{_sysconfdir}/selinux/%1/contexts/files \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts \ +%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \ +%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \ +%{_sysconfdir}/selinux/%1/booleans.subs_dist \ +%config %{_sysconfdir}/selinux/%1/contexts/files/media \ +%dir %{_sysconfdir}/selinux/%1/contexts/users \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/sepgsql_contexts \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \ +%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/virtual_image_context + +%define relabel() \ +. %{_sysconfdir}/sysconfig/selinux-policy; \ +FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ +selinuxenabled; \ +if [ $? = 0 -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \ + fixfiles -C ${FILE_CONTEXT}.pre restore; \ + restorecon -R /root /var/log /var/run /var/lib 2> /dev/null; \ + rm -f ${FILE_CONTEXT}.pre; \ +fi; + +%define preInstall() \ +if [ $1 -ne 1 ] && [ -s %{_sysconfdir}/selinux/config ]; then \ + . %{_sysconfdir}/selinux/config; \ + FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ + if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \ + [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \ + fi; \ + touch /etc/selinux/%1/.rebuild; \ + if [ -e /etc/selinux/%1/.policy.sha512 ]; then \ + sha512=`sha512sum /etc/selinux/%1/modules/active/policy.kern | cut -d ' ' -f 1`; \ + checksha512=`cat /etc/selinux/%1/.policy.sha512`; \ + if [ "$sha512" == "$checksha512" ] ; then \ + rm /etc/selinux/%1/.rebuild; \ + fi; \ + fi; \ +fi; + +%define postInstall() \ +. %{_sysconfdir}/selinux/config; \ +if [ -e /etc/selinux/%2/.rebuild ]; then \ + rm /etc/selinux/%2/.rebuild; \ + /usr/sbin/semodule -B -n -s %2; \ +fi; \ +if [ "${SELINUXTYPE}" == "%2" ]; then \ + if selinuxenabled; then \ + load_policy; \ + else \ + # selinux isn't enabled \ + # (probably a first install of the policy) \ + # -> we can't load the policy \ + true; \ + fi; \ +fi; \ +if selinuxenabled; then \ + if [ %1 -eq 1 ]; then \ + /sbin/restorecon -R /root /var/log /var/run 2> /dev/null; \ + else \ + %relabel %2; \ + fi; \ +else \ + # run fixfiles on next boot \ + touch /.autorelabel \ +fi; \ -%description refpolicy-mls -SELinux policy - based on reference policy from Tresys - mls +%define modulesList() \ +awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules.lst \ + +%description +SELinux Reference Policy - modular. +Based off of reference policy: Checked out revision 2.20120725 %prep -%setup -q -c -n selinux-policy -T -tar xfj %{SOURCE0} && mv refpolicy refpolicy-standard -tar xfj %{SOURCE0} && mv refpolicy refpolicy-mcs -tar xfj %{SOURCE0} && mv refpolicy refpolicy-mls -%patch0 +%setup -n refpolicy -q +%patch1 -p1 +%patch3 -p1 +#%patch4 -p1 %build -for i in standard mcs mls; do - cd refpolicy-$i - make conf - make policy - cd .. -done %install -for i in standard mcs mls; do - cd refpolicy-$i - make DESTDIR=$RPM_BUILD_ROOT install - sed -i "s:^# edit $RPM_BUILD_ROOT:# edit :" $RPM_BUILD_ROOT%{_sysconfdir}/selinux/refpolicy-$i/contexts/files/file_contexts.homedirs - cd .. +mkdir selinux_config +for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE28};do + cp $i selinux_config done -install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/selinux/ +tar zxvf selinux_config/config.tgz +# Build targeted policy +%{__rm} -fR %{buildroot} +mkdir -p %{buildroot}%{_mandir} +cp -R man/* %{buildroot}%{_mandir} +mkdir -p %{buildroot}%{_sysconfdir}/selinux +mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/ +cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/ + +# Always create policy module package directories +mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls,minimum,modules}/ + +# Install devel +make clean +%if %{BUILD_TARGETED} +# Build targeted policy +%makeCmds targeted mcs n y allow +%installCmds targeted mcs n y allow +%endif + +%if %{BUILD_MINIMUM} +# Build minimum policy +%makeCmds minimum mcs n y allow +%installCmds minimum mcs n y allow +%modulesList minimum +%endif + +%if %{BUILD_MLS} +# Build mls policy +%makeCmds mls mls n y deny +%installCmds mls mls n y deny +%endif + +make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs +mkdir %{buildroot}%{_usr}/share/selinux/devel/ +mkdir %{buildroot}%{_usr}/share/selinux/packages/ +mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include +install -m 644 selinux_config/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile +install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/ +install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/ +echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp +chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp +rm -rf selinux_config + +# fillup sysconfig +mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates +cp %{SOURCE26} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name} %clean -rm -rf $RPM_BUILD_ROOT +#%%{__rm} -fR %{buildroot} -%files -%defattr(-,root,root) -%dir %{_sysconfdir}/selinux -%config %{_sysconfdir}/selinux/config +#TODO: add minimum to the policies list in /etc/selinux/config once the package is built +# minimum - Modification of targeted policy. Only selected processes are protected. +%post +if [ ! -s /etc/sysconfig/selinux-policy ]; then +# New install so we will default to targeted policy + %{fillup_only} + ln -sf /etc/sysconfig/selinux-policy /etc/selinux/config + restorecon /etc/selinux/config 2> /dev/null || : +else + %{fillup_only} + . /etc/sysconfig/selinux-policy + # if first time update booleans.local needs to be copied to sandbox + [ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/ + [ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers +fi +exit 0 + +%postun +if [ $1 = 0 ]; then + setenforce 0 2> /dev/null + if [ ! -s /etc/selinux/config ]; then + echo "SELINUX=disabled" > /etc/selinux/config + else + sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config + fi +fi +exit 0 + +%if %{BUILD_TARGETED} +%package targeted +Summary: SELinux targeted base policy +Group: System/Management +Provides: selinux-policy-base = %{version}-%{release} +Obsoletes: selinux-policy-targeted-sources < 2 +Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} +Requires(pre): coreutils +Requires(pre): selinux-policy = %{version}-%{release} +Requires: selinux-policy = %{version}-%{release} +Conflicts: audispd-plugins <= 1.7.7-1 +Obsoletes: mod_fcgid-selinux <= %{version}-%{release} +Conflicts: seedit + +%description targeted +SELinux Reference policy targeted base module. + +%pre targeted +%preInstall targeted + +%post targeted +%postInstall $1 targeted +exit 0 + +%triggerpostun targeted -- selinux-policy-targeted < 3.9.0 +restorecon -R -p /home +exit 0 + +%files targeted +%defattr(-,root,root,-) +%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u +%fileList targeted +%endif + +%if %{BUILD_MINIMUM} +%package minimum +Summary: SELinux minimum base policy +Group: System/Management +Provides: selinux-policy-base = %{version}-%{release} +Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER} +Requires(pre): coreutils +Requires(pre): selinux-policy = %{version}-%{release} +Requires: selinux-policy = %{version}-%{release} +Conflicts: seedit + +%description minimum +SELinux Reference policy minimum base module. + +%pre minimum +%preInstall minimum +if [ $1 -ne 1 ]; then + /usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ print $1 }' > /usr/share/selinux/minimum/instmodules.lst +fi + +%post minimum +allpackages=`cat /usr/share/selinux/minimum/modules.lst` +if [ $1 -eq 1 ]; then +packages="clock.pp execmem.pp unconfined.pp unconfineduser.pp application.pp userdomain.pp authlogin.pp logging.pp selinuxutil.pp init.pp systemd.pp sysnetwork.pp miscfiles.pp libraries.pp modutils.pp sysadm.pp locallogin.pp dbus.pp rpm.pp mount.pp fstools.pp usermanage.pp mta.pp" +for p in $allpackages; do + touch /etc/selinux/minimum/modules/active/modules/$p.disabled +done +for p in $packages; do + rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled +done +/usr/sbin/semanage -S minimum -i - << __eof +login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ +login -m -s unconfined_u -r s0-s0:c0.c1023 root +__eof +/sbin/restorecon -R /root /var/log /var/run 2> /dev/null +/usr/sbin/semodule -B -s minimum +else +instpackages=`cat /usr/share/selinux/minimum/instmodules.lst` +for p in $allpackages; do + touch /etc/selinux/minimum/modules/active/modules/$p.disabled +done +for p in $instpackages; do + rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled +done +/usr/sbin/semodule -B -s minimum +%relabel minimum +fi +exit 0 + +%files minimum +%defattr(-,root,root,-) +%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u +%fileList minimum +%dir %{_usr}/share/selinux/minimum +%{_usr}/share/selinux/minimum/modules.lst +%endif + +%if %{BUILD_MLS} +%package mls +Summary: SELinux mls base policy +Group: System/Management +Provides: selinux-policy-base = %{version}-%{release} +Obsoletes: selinux-policy-mls-sources < 2 +Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} +Requires: setransd +Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} +Requires(pre): coreutils +Requires(pre): selinux-policy = %{version}-%{release} +Requires: selinux-policy = %{version}-%{release} +Conflicts: seedit + +%description mls +SELinux Reference policy mls base module. + +%pre mls +%preInstall mls + +%post mls +%postInstall $1 mls +exit 0 + +%files mls +%defattr(-,root,root,-) +%config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u +%fileList mls -%files refpolicy-standard -%defattr(-,root,root) -%doc refpolicy-standard/{build.conf,Changelog,config,COPYING,doc,INSTALL,Makefile,man,policy,README,Rules.modular,Rules.monolithic,support,VERSION} -%dir %{_sysconfdir}/selinux/refpolicy-standard -%{_sysconfdir}/selinux/refpolicy-standard/* - -%files refpolicy-mcs -%defattr(-,root,root) -%doc refpolicy-mcs/{build.conf,Changelog,config,COPYING,doc,INSTALL,Makefile,man,policy,README,Rules.modular,Rules.monolithic,support,VERSION} -%dir %{_sysconfdir}/selinux/refpolicy-mcs -%{_sysconfdir}/selinux/refpolicy-mcs/* - -%files refpolicy-mls -%defattr(-,root,root) -%doc refpolicy-mls/{build.conf,Changelog,config,COPYING,doc,INSTALL,Makefile,man,policy,README,Rules.modular,Rules.monolithic,support,VERSION} -%dir %{_sysconfdir}/selinux/refpolicy-mls -%{_sysconfdir}/selinux/refpolicy-mls/* +%endif %changelog ++++++ Alan_Rouse-Policy_Development_Process.txt ++++++ Policy Development Process (At least, the way I do it!) 1. Build an openSUSE environment according to openSUSE_with_SELinux.txt 2. Create a git repository for policy source development 3. Boot that system to runlevel 3 and login as root (you should be in the /root home directory). * tar xzvf /usr/src/packages/SOURCES/serefpolicy-05042010-1.tgz * cd serefpolicy-05042010 * git init * git add . * git commit * git config --global user.name "<your name>" * git config --global user.email "<your email>" * git branch opensuse * git checkout opensuse * cp -R /usr/src/packages/BUILD/serefpolicy-05042010/. . * rm *.pp * git add . * git commit * git status <should be no outstanding commits> * git checkout master * git status <should be no outstanding commits> * git branch <should be master> * git diff fedora * git checkout opensuse * make sure there is no .git folder in /usr/src/packages/BUILD/serefpolicy-3.6.32 * if there is, delete it (and all its contents) * cp -R /usr/src/packages/BUILD/serefpolicy-3.6.32/. . * git add . * git commit * git status <should be in opensuse, with no outstanding commits> * cd .. * mv serefpolicy-05042010 git * tar czvf git-refpolicy-opensuse.tgz git * initial backup of git repository. Backup to a safe place. 4. Working with the policy source The most interesting part of the source code is under git/policy/modules. You will see seven folders under modules, including one named "suse" which was created for this project. Each of these folders contains a collection of m4 source files containing selinux policy source code. Each policy module has three source files: * <module>.te - Type enforcement rules (mainly, allow rules) * <module>.fc - File context declarations (for labeling the filesystem) * <module>.if - Interface definitions for access to the module from other modules Strategy: First, get the file labels right (.fc). I compared the labeling on openSUSE system with a Fedora 12 system, paying particular attention to the files that are located in different directories on the two systems. I would grep the .fc source files for the label found on FC 12, and make an entry applying that label to the file in its location on OpenSUSE. Wrap each OpenSUSE-specific entry in "ifdef('distro_suse','...')". For an example, see services/apm.fc Once the filesystem is labeled correctly, I iterated the following process identifying AVC's and seeking a proper solution to them: * rm /var/log/messages * rm /var/log/audit/audit.log * reboot login as root * grep avc /var/log/messages > avc.txt * audit2allow -i avc.txt -M <module> - I used "a2a" as the prefix for modules generated from audit2allow - Examine the resulting <module>.te and the corresponding AVC in avc.txt - Decide whether that access is appropriate, and remove from .te if not - Ignore the message instructing you to run "semodule -i <module>.pp" - We want to build and manage all the changes from source code * copy the .te to git/policy/src/suse/. Create a stub .if and .te (see existing stubs in the suse directory for examples. Do it exactly like the examples) * Note: you could either add the new module in the suse folder, or edit an existing .te file and add the allow rules (and "requires" declaration) to the existing file. If you add a new module, you also need to edit /usr/src/packages/SOURCES/modules-targeted.conf and add the new module *exactly* like the existing ones (including the associated comments.) * Now cd into the git folder and execute * git commit -a * git diff master opensuse > /usr/src/packages/SOURCES/policy-opensuse-11.3.patch * cd /usr/src/packages/SPECS * rpmbuild -ba selinux-policy.spec * When the build completes successfully, you'll have a SRPM and two new RPMS (not counting the .doc rpm) SRPMS/selinux-policy-05042010-1.src.rpm RPMS/noarch/selinux-policy-05042010-1.noarch.rpm RPMS/noarch/selinux-policy-targeted-050420100-1.noarch.rpm * Do this: cd /usr/src/packages/RPMS/noarch/ rpm -e selinux-policy-targeted rpm -i selinux-policy-targeted-05042010-1.noarch.rpm * When that finishes * rm /var/log/messages * rm /var/log/audit/audit.log * Reboot and repeat Note: Be careful that you do not accidentally create allow rules for the steps you are using in this development process, since those actions probably are not appropriate in a production environment. * To avoid that, try this process: * remove /var/log/messages and /var/log/audit/audit.log * boot to desktop * login and execute the processes you are trying to allow * reboot to runlevel 3 and login as root * do all your examination of AVC's, audit2allow etc in runlevel 3 as root * Periodically, at interesting milestones, tar up your git folder and back it up to a safe place. Copy your binary and source rpm's to the same place Making decisions about policy When an AVC tells you that a certain access was denied from a "scontext" (source context) to a "tcontext" (target context), there are several ways to resolve that situation. * Do nothing. It may be appropriate to deny that access. After all, the whole point of selinux is to deny things. * Add the "allow" rule generated by audit2allow. But before you do that, consider all the other options. * Change the target context (for example, relabel a file). * Change the source context (for example, add a domain transition, or relabel an executable file and possibly add a domain transition) It can be tempting to allow whatever audit2allow generates. But that may not be appropriate. For example, a user trying to execute a file labeled sbin_exec_t may be denied. audit2allow might suggest that you just allow that user to execute files labeled sbin_exec_t. But that means he can execute every file on the system which is labeled sbin_exec_t - - probably not what you want! Instead you might consider creating a new label, labeling only that executable, and granting the user the right to execute files of the new label. Good resource for learning more about selinux: [http://www.freetechbooks.com/the-selinux-notebook-the-foundations-t785.html http://www.freetechbooks.com/the-selinux-notebook-the-foundations-t785.html] In the opensuse branch, iterate the following until all desired label changes are made ------------------------------------------------------------------------ Identify files that are mislabled Find corresponding .fc file in policy/modules/<dir> and change label ------------------------------------------------------------------------ git commit git diff fedora > policy-opensuse.patch place patchfile in SOURCES dir and proceed to next step to build rpm Creating a selinux-policy-targeted RPM including the modules created by audit2allow: cd /usr/src/packages/SOURCES/ tar xzvf serefpolicy-3.6.32.tgz mv serefpolicy-3.6.32 serefpolicy-3.6.32.suse.a2a cd serefpolicy-3.6.32 serefpolicy-3.6.32.suse.a2a/policy/modules/ mkdir a2a cd a2a --copy all the .pp modules you created via audit2allow into the current directory Cd /usr/src/packages/SOURCES tar -czvf serefpolicy-3.6.32.suse.a2a.tgz serefpolicy-3.6.32.suse.a2a cd /usr/src/packages/SOURCES vi modules-targeted.conf -- for all the modules you copied into the a2a directory, add an entry at the end of this file. cd /usr/src/packages/SPECS -- edit selinux-policy.spec and change Version: to "3.6.32.suse.a2a" In the SPECS directory: rpmbuild -bb selinux-policy.spec -- your RPMs will be in /user/src/packages/RPMS/noarch/* -- You'll need to install these two: selinux-policy.3.6.32-suse.a2a-106.noarch.rpm selinux-policy-targeted-3.6.32.suse.a2a-106.noarch.rpm Note, the minimal and mls packages have not been modified to contain the a2a modules. These are the RPM versions which were installed in the above process: checkpolicy-2.0.21-16.4.i586.rpm eclipse-setools-3.3.5.1-1.2.i586.rpm findutils-4.4.2-9.2.i586.rpm libcap-ng0-0.6.3-3.3.i586.rpm libcap-ng-devel-0.6.3-3.3.i586.rpm libcap-ng-utils-0.6.3-3.3.i586.rpm libselinux1-2.0.91-32.3.i586.rpm libselinux-devel-2.0.91-32.3.i586.rpm libselinux-devel-static-2.0.91-32.3.i586.rpm libsemanage1-2.0.43-14.4.i586.rpm libsemanage-devel-2.0.43-14.4.i586.rpm libsemanage-devel-static-2.0.43-14.4.i586.rpm libsepol1-2.0.41-22.3.i586.rpm libsepol-devel-2.0.41-22.3.i586.rpm libsepol-devel-static-2.0.41-22.3.i586.rpm libuser-0.56.14-1.5.i586.rpm libuser-devel-0.56.14-1.5.i586.rpm libuser-python-0.56.14-1.5.i586.rpm libustr-1_0-1-1.0.4-16.2.i586.rpm libustr-devel-1.0.4-16.2.i586.rpm libustr-devel-static-1.0.4-16.2.i586.rpm mcstrans-0.3.1-8.2.i586.rpm policycoreutils-2.0.79-30.1.i586.rpm policycoreutils-gui-2.0.79-30.1.i586.rpm policycoreutils-newrole-2.0.79-30.1.i586.rpm policycoreutils-python-2.0.79-30.1.i586.rpm policycoreutils-sandbox-2.0.79-30.1.i586.rpm python-capng-0.6.3-3.3.i586.rpm python-selinux-2.0.91-40.3.i586.rpm python-semanage-2.0.43-14.4.i586.rpm python-setools-3.3.6-5.3.i586.rpm ruby-selinux-2.0.91-40.3.i586.rpm selinux-policy-3.6.32.suse.a2a-106.noarch.rpm selinux-policy-targeted-3.6.32.suse.a2a-106.noarch.rpm selinux-tools-2.0.91-32.3.i586.rpm setools-console-3.3.6-5.3.i586.rpm setools-devel-3.3.6-5.3.i586.rpm setools-gui-3.3.6-5.3.i586.rpm setools-java-3.3.6-5.3.i586.rpm setools-libs-3.3.6-5.3.i586.rpm setools-tcl-3.3.6-5.3.i586.rpm setroubleshoot-2.2.64-11.1.i586.rpm setroubleshoot-doc-2.2.64-11.1.i586.rpm setroubleshoot-server-2.2.64-11.1.i586.rpm usermode-1.103-2.5.i586.rpm usermode-gtk-1.103-2.5.i586.rpm ++++++ Alan_Rouse-openSUSE_with_SELinux.txt ++++++ openSUSE with SELinux ~~~~~~~~~~~~~~~~~~~~~ The following procedure describes a way to create a system from openSUSE 11.3 installation media, with SELinux enabled and enforcing, and to produce the necessary RPMs for creating other instances. Be careful not to skip steps. Ignore error message "libsemanage.dbase query: could not query record value ..." in several steps below. 1. Install a default openSUSE 11.3 system (with KDE) 2. Kickoff Launcher -> Computer -> Install/Remove Software * Search tab; enter "selinux" (select Name, Keywords, Summary checkboxes) and click Search button * Right mouse -> All in this List -> Install * Click Accept button * Accept the automatic changes (click Continue) 3. Install utilities required for this procedure * Open terminal * Login as root (su) * zypper install make m4 gcc patch git * usermod -s /sbin/nologin nobody 4. Build selinux policy from source * Get and install selinux-policy-05042010-1.src.rpm * cd /usr/src/packages/SPECS/ * rpmbuild -ba selinux-policy.spec * cd /usr/src/packages/RPMS/noarch * rpm -i selinux-policy-05042010-1.noarch.rpm * rpm -i selinux-policy-targeted-05042010-1.noarch.rpm -- OR, if you already have the two rpms built, just install them and skip the above steps 5. Edit /etc/selinux/config * set SELINUX=permissive * set SELINUXTYPE=targeted 6. Turn on SELinux in permissive mode from the grub boot line * vi /boot/grub/menu.lst * insert "3" for runlevel 3 after the kernel parameter, and at the end "security=selinux selinux=1 enforcing=0" * reboot and login to runlevel 3 7. Perform configurations required for selinux * semanage login -a -s sysadm_u root * semanage login -a -s user_u <unprivileged-user> * fixfiles -F relabel ... does not matter whether or not you ask it to clear out files from /tmp * vi /etc/init.d/boot * insert "restorecon -R /dev" as line 132 * pam-config -d --debug --apparmor * pam-config -a --debug --selinux * Now must fix su since pam-config incorrectly adds pam-selinux.so to su * cd /etc/pam.d/ * cp common-session common-session-su * vi common-session-su - and delete the two lines containing 'pam-selinux' * vi su - and change 'common-session' to 'common-session-su' * edit /boot/grub/menu.lst - remove the "3" so it will boot to desktop * rm /var/log/messages; rm /var/log/audit/audit.log 8. Reboot ++++++ Makefile.devel ++++++ # installation paths SHAREDIR := /usr/share/selinux AWK ?= gawk NAME ?= $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config)) ifeq ($(MLSENABLED),) MLSENABLED := 1 endif ifeq ($(MLSENABLED),1) NTYPE = mcs endif ifeq ($(NAME),mls) NTYPE = mls endif TYPE ?= $(NTYPE) HEADERDIR := $(SHAREDIR)/devel/include include $(HEADERDIR)/Makefile ++++++ booleans-minimum.conf ++++++ # Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # allow_execmem = false # Allow making a modified private filemapping executable (text relocation). # allow_execmod = false # Allow making the stack executable via mprotect.Also requires allow_execmem. # allow_execstack = true # Allow ftpd to read cifs directories. # allow_ftpd_use_cifs = false # Allow ftpd to read nfs directories. # allow_ftpd_use_nfs = false # Allow ftp servers to modify public filesused for public file transfer services. # allow_ftpd_anon_write = false # Allow gssd to read temp directory. # allow_gssd_read_tmp = true # Allow Apache to modify public filesused for public file transfer services. # allow_httpd_anon_write = false # Allow Apache to use mod_auth_pam module # allow_httpd_mod_auth_pam = false # Allow system to run with kerberos # allow_kerberos = true # Allow rsync to modify public filesused for public file transfer services. # allow_rsync_anon_write = false # Allow sasl to read shadow # allow_saslauthd_read_shadow = false # Allow samba to modify public filesused for public file transfer services. # allow_smbd_anon_write = false # Allow system to run with NIS # allow_ypbind = false # Allow zebra to write it own configuration files # allow_zebra_write_config = false # Enable extra rules in the cron domainto support fcron. # fcron_crond = false # Allow ftp to read and write files in the user home directories # ftp_home_dir = false # # allow httpd to connect to mysql/posgresql httpd_can_network_connect_db = false # # allow httpd to send dbus messages to avahi httpd_dbus_avahi = true # # allow httpd to network relay httpd_can_network_relay = false # Allow httpd to use built in scripting (usually php) # httpd_builtin_scripting = true # Allow http daemon to tcp connect # httpd_can_network_connect = false # Allow httpd cgi support # httpd_enable_cgi = true # Allow httpd to act as a FTP server bylistening on the ftp port. # httpd_enable_ftp_server = false # Allow httpd to read home directories # httpd_enable_homedirs = false # Run SSI execs in system CGI script domain. # httpd_ssi_exec = false # Allow http daemon to communicate with the TTY # httpd_tty_comm = false # Run CGI in the main httpd domain # httpd_unified = false # Allow BIND to write the master zone files.Generally this is used for dynamic DNS. # named_write_master_zones = false # Allow nfs to be exported read/write. # nfs_export_all_rw = true # Allow nfs to be exported read only # nfs_export_all_ro = true # Allow pppd to load kernel modules for certain modems # pppd_can_insmod = false # Allow reading of default_t files. # read_default_t = false # Allow samba to export user home directories. # samba_enable_home_dirs = false # Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports. # squid_connect_any = false # Support NFS home directories # use_nfs_home_dirs = true # Support SAMBA home directories # use_samba_home_dirs = false # Control users use of ping and traceroute # user_ping = false # allow host key based authentication # allow_ssh_keysign = false # Allow pppd to be run for a regular user # pppd_for_user = false # Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted # read_untrusted_content = false # Allow spamd to write to users homedirs # spamd_enable_home_dirs = false # Allow regular users direct mouse access # user_direct_mouse = false # Allow users to read system messages. # user_dmesg = false # Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY) # user_rw_noexattrfile = false # Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols. # user_tcp_server = false # Allow w to display everyone # user_ttyfile_stat = false # Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored. # write_untrusted_content = false # Allow all domains to talk to ttys # allow_daemons_use_tty = false # Allow login domains to polyinstatiate directories # allow_polyinstantiation = false # Allow all domains to dump core # allow_daemons_dump_core = true # Allow samba to act as the domain controller # samba_domain_controller = false # Allow samba to export user home directories. # samba_run_unconfined = false # Allows XServer to execute writable memory # allow_xserver_execmem = false # disallow guest accounts to execute files that they can create # allow_guest_exec_content = false allow_xguest_exec_content = false # Only allow browser to use the web # browser_confine_xguest=false # Allow postfix locat to write to mail spool # allow_postfix_local_write_mail_spool=false # Allow common users to read/write noexattrfile systems # user_rw_noexattrfile=true # Allow qemu to connect fully to the network # qemu_full_network=true # Allow nsplugin execmem/execstack for bad plugins # allow_nsplugin_execmem=true # Allow unconfined domain to transition to confined domain # allow_unconfined_nsplugin_transition=true # System uses init upstart program # init_upstart = true # Allow mount to mount any file/dir # allow_mount_anyfile = true ++++++ booleans-mls.conf ++++++ d# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # allow_execmem = false # Allow making a modified private filemapping executable (text relocation). # allow_execmod = false # Allow making the stack executable via mprotect.Also requires allow_execmem. # allow_execstack = false # Allow ftp servers to modify public filesused for public file transfer services. # allow_ftpd_anon_write = false # Allow gssd to read temp directory. # allow_gssd_read_tmp = false # Allow Apache to modify public filesused for public file transfer services. # allow_httpd_anon_write = false # Allow system to run with kerberos # allow_kerberos = true # Allow rsync to modify public filesused for public file transfer services. # allow_rsync_anon_write = false # Allow sasl to read shadow # allow_saslauthd_read_shadow = false # Allow samba to modify public filesused for public file transfer services. # allow_smbd_anon_write = false # Allow sysadm to ptrace all processes # allow_ptrace = false # Allow system to run with NIS # allow_ypbind = false # Enable extra rules in the cron domainto support fcron. # fcron_crond = false # Allow ftp to read and write files in the user home directories # ftp_home_dir = false # Allow ftpd to run directly without inetd # ftpd_is_daemon = true # Allow httpd to use built in scripting (usually php) # httpd_builtin_scripting = false # Allow http daemon to tcp connect # httpd_can_network_connect = false # Allow httpd cgi support # httpd_enable_cgi = false # Allow httpd to act as a FTP server bylistening on the ftp port. # httpd_enable_ftp_server = false # Allow httpd to read home directories # httpd_enable_homedirs = false # Run SSI execs in system CGI script domain. # httpd_ssi_exec = false # Allow http daemon to communicate with the TTY # httpd_tty_comm = false # Run CGI in the main httpd domain # httpd_unified = false # Allow BIND to write the master zone files.Generally this is used for dynamic DNS. # named_write_master_zones = false # Allow nfs to be exported read/write. # nfs_export_all_rw = false # Allow nfs to be exported read only # nfs_export_all_ro = false # Allow pppd to load kernel modules for certain modems # pppd_can_insmod = false # Allow reading of default_t files. # read_default_t = false # Allow ssh to run from inetd instead of as a daemon. # run_ssh_inetd = false # Allow samba to export user home directories. # samba_enable_home_dirs = false # Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports. # squid_connect_any = false # Allow ssh logins as sysadm_r:sysadm_t # ssh_sysadm_login = false # Configure stunnel to be a standalone daemon orinetd service. # stunnel_is_daemon = false # Support NFS home directories # use_nfs_home_dirs = false # Support SAMBA home directories # use_samba_home_dirs = false # Control users use of ping and traceroute # user_ping = true # Allow gpg executable stack # allow_gpg_execstack = false # allow host key based authentication # allow_ssh_keysign = false # Allow users to connect to mysql # allow_user_mysql_connect = false # Allow system cron jobs to relabel filesystemfor restoring file contexts. # cron_can_relabel = false # Allow pppd to be run for a regular user # pppd_for_user = false # Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted # read_untrusted_content = false # Allow user spamassassin clients to use the network. # spamassassin_can_network = false # Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc) # staff_read_sysadm_file = false # Allow regular users direct mouse access # user_direct_mouse = false # Allow users to read system messages. # user_dmesg = false # Allow users to control network interfaces(also needs USERCTL=true) # user_net_control = false # Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY) # user_rw_noexattrfile = false # Allow users to rw usb devices # user_rw_usb = false # Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols. # user_tcp_server = false # Allow w to display everyone # user_ttyfile_stat = false # Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored. # write_untrusted_content = false spamd_enable_home_dirs = false # Allow login domains to polyinstatiate directories # allow_polyinstantiation = true # Allow mount command to mounton any directory # allow_mounton_anydir = true # Allow unlabeled packets to flow # allow_unlabeled_packets = true # Allow samba to act as the domain controller # samba_domain_controller = false # Run the xserver as an object manager # xserver_object_manager = true # System uses init upstart program # init_upstart = true ++++++ booleans-targeted.conf ++++++ # Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # allow_execmem = true # Allow making a modified private filemapping executable (text relocation). # allow_execmod = false # Allow making the stack executable via mprotect.Also requires allow_execmem. # allow_execstack = true # Allow ftpd to read cifs directories. # allow_ftpd_use_cifs = false # Allow ftpd to read nfs directories. # allow_ftpd_use_nfs = false # Allow ftp servers to modify public filesused for public file transfer services. # allow_ftpd_anon_write = false # Allow gssd to read temp directory. # allow_gssd_read_tmp = true # Allow Apache to modify public filesused for public file transfer services. # allow_httpd_anon_write = false # Allow Apache to use mod_auth_pam module # allow_httpd_mod_auth_pam = false # Allow system to run with kerberos # allow_kerberos = true # Allow rsync to modify public filesused for public file transfer services. # allow_rsync_anon_write = false # Allow sasl to read shadow # allow_saslauthd_read_shadow = false # Allow samba to modify public filesused for public file transfer services. # allow_smbd_anon_write = false # Allow system to run with NIS # allow_ypbind = false # Allow zebra to write it own configuration files # allow_zebra_write_config = true # Enable extra rules in the cron domainto support fcron. # fcron_crond = false # Allow ftp to read and write files in the user home directories # ftp_home_dir = false # # allow httpd to connect to mysql/posgresql httpd_can_network_connect_db = false # # allow httpd to send dbus messages to avahi httpd_dbus_avahi = true # # allow httpd to network relay httpd_can_network_relay = false # Allow httpd to use built in scripting (usually php) # httpd_builtin_scripting = true # Allow http daemon to tcp connect # httpd_can_network_connect = false # Allow httpd cgi support # httpd_enable_cgi = true # Allow httpd to act as a FTP server bylistening on the ftp port. # httpd_enable_ftp_server = false # Allow httpd to read home directories # httpd_enable_homedirs = false # Run SSI execs in system CGI script domain. # httpd_ssi_exec = false # Allow http daemon to communicate with the TTY # httpd_tty_comm = true # Run CGI in the main httpd domain # httpd_unified = true # Allow BIND to write the master zone files.Generally this is used for dynamic DNS. # named_write_master_zones = false # Allow nfs to be exported read/write. # nfs_export_all_rw = true # Allow nfs to be exported read only # nfs_export_all_ro = true ## Allow openvpn to read home directories ## openvpn_enable_homedirs = true # Allow pppd to load kernel modules for certain modems # pppd_can_insmod = false # Allow samba to export user home directories. # samba_enable_home_dirs = false # Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports. # squid_connect_any = false # Support NFS home directories # use_nfs_home_dirs = true # Support SAMBA home directories # use_samba_home_dirs = false # Control users use of ping and traceroute # user_ping = true # allow host key based authentication # allow_ssh_keysign = false # Allow pppd to be run for a regular user # pppd_for_user = false # Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted # read_untrusted_content = true # Allow spamd to write to users homedirs # spamd_enable_home_dirs = true # Allow regular users direct mouse access # user_direct_mouse = false # Allow regular users direct dri access # user_direct_dri = true # Allow users to read system messages. # user_dmesg = true # Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY) # user_rw_noexattrfile = false # Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols. # user_tcp_server = true # Allow w to display everyone # user_ttyfile_stat = false # Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored. # write_untrusted_content = true # Allow all domains to talk to ttys # allow_daemons_use_tty = true # Allow login domains to polyinstatiate directories # allow_polyinstantiation = false # Allow all domains to dump core # allow_daemons_dump_core = true # Allow samba to act as the domain controller # samba_domain_controller = false # Allow samba to export user home directories. # samba_run_unconfined = false # Allows XServer to execute writable memory # allow_xserver_execmem = false # disallow guest accounts to execute files that they can create # allow_guest_exec_content = false allow_xguest_exec_content = false # Only allow browser to use the web # browser_confine_xguest=false # Allow postfix locat to write to mail spool # allow_postfix_local_write_mail_spool=true # Allow common users to read/write noexattrfile systems # user_rw_noexattrfile=true # Allow qemu to connect fully to the network # qemu_full_network=true # Allow nsplugin execmem/execstack for bad plugins # allow_nsplugin_execmem=true # Allow unconfined domain to transition to confined domain # allow_unconfined_nsplugin_transition=false # System uses init upstart program # init_upstart = true # Allow mount to mount any file/dir # allow_mount_anyfile = true # Allow confined domains to communicate with ncsd via shared memory # nscd_use_shm = true # Allow fenced domain to connect to the network using TCP. # fenced_can_network_connect=false # Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports. # privoxy_connect_any = true ++++++ booleans.subs_dist ++++++ allow_auditadm_exec_content auditadm_exec_content allow_console_login login_console_enabled allow_cvs_read_shadow cvs_read_shadow allow_daemons_dump_core daemons_dump_core allow_daemons_use_tcp_wrapper daemons_use_tcp_wrapper allow_daemons_use_tty daemons_use_tty allow_domain_fd_use domain_fd_use allow_execheap selinuxuser_execheap allow_execmod selinuxuser_execmod allow_execstack selinuxuser_execstack allow_ftpd_anon_write ftpd_anon_write allow_ftpd_full_access ftpd_full_access allow_ftpd_use_cifs ftpd_use_cifs allow_ftpd_use_nfs ftpd_use_nfs allow_gssd_read_tmp gssd_read_tmp allow_guest_exec_content guest_exec_content allow_httpd_anon_write httpd_anon_write allow_httpd_mod_auth_ntlm_winbind httpd_mod_auth_ntlm_winbind allow_httpd_mod_auth_pam httpd_mod_auth_pam allow_httpd_sys_script_anon_write httpd_sys_script_anon_write allow_kerberos kerberos_enabled allow_mplayer_execstack mplayer_execstack allow_mount_anyfile mount_anyfile allow_nfsd_anon_write nfsd_anon_write allow_polyinstantiation polyinstantiation_enabled allow_postfix_local_write_mail_spool postfix_local_write_mail_spool allow_rsync_anon_write rsync_anon_write allow_saslauthd_read_shadow saslauthd_read_shadow allow_secadm_exec_content secadm_exec_content allow_smbd_anon_write smbd_anon_write allow_ssh_keysign ssh_keysign allow_staff_exec_content staff_exec_content allow_sysadm_exec_content sysadm_exec_content allow_user_exec_content user_exec_content allow_user_mysql_connect selinuxuser_mysql_connect_enabled allow_user_postgresql_connect selinuxuser_postgresql_connect_enabled allow_write_xshm xserver_clients_write_xshm allow_xguest_exec_content xguest_exec_content allow_xserver_execmem xserver_execmem allow_ypbind nis_enabled allow_zebra_write_config zebra_write_config user_direct_dri selinuxuser_direct_dri_enabled user_ping selinuxuser_ping user_share_music selinuxuser_share_music ++++++ customizable_types ++++++ svirt_image_t virt_content_t httpd_user_htaccess_t httpd_user_script_exec_t httpd_user_content_ra_t httpd_user_content_rw_t httpd_user_content_t git_session_content_t ++++++ file_contexts.subs_dist ++++++ /run /var/run /run/lock /var/lock /var/run/lock /var/lock /lib64 /lib /usr/lib64 /usr/lib /usr/local /usr /usr/local/lib64 /usr/lib /usr/local/lib32 /usr/lib /etc/systemd/system /lib/systemd/system /var/lib/xguest/home /home ++++++ modules-minimum.conf ++++++ ++++ 2100 lines (skipped) ++++++ modules-mls.conf ++++++ ++++ 2024 lines (skipped) ++++++ modules-targeted.conf ++++++ ++++ 2214 lines (skipped) ++++++ refpolicy-2.20081210.tar.bz2 -> refpolicy-2.20120725.tar.bz2 ++++++ ++++ 376838 lines of diff (skipped) ++++++ securetty_types-minimum ++++++ sysadm_tty_device_t user_tty_device_t staff_tty_device_t ++++++ securetty_types-mls ++++++ sysadm_tty_device_t user_tty_device_t staff_tty_device_t auditadm_tty_device_t secureadm_tty_device_t ++++++ securetty_types-targeted ++++++ sysadm_tty_device_t user_tty_device_t staff_tty_device_t ++++++ selinux-policy-SUSE.patch ++++++ ++++ 1398 lines (skipped) ++++++ selinux-policy-run_sepolgen_during_build.patch ++++++ Index: refpolicy/Makefile =================================================================== --- refpolicy.orig/Makefile 2012-04-23 16:18:45.000000000 +0200 +++ refpolicy/Makefile 2012-12-03 15:27:59.608269542 +0100 @@ -61,6 +61,7 @@ SEMODULE ?= $(tc_usrsbindir)/semodule SEMOD_PKG ?= $(tc_usrbindir)/semodule_package SEMOD_LNK ?= $(tc_usrbindir)/semodule_link SEMOD_EXP ?= $(tc_usrbindir)/semodule_expand +SEPOLGEN ?= $(tc_usrbindir)/sepolgen-ifgen LOADPOLICY ?= $(tc_usrsbindir)/load_policy SETFILES ?= $(tc_sbindir)/setfiles XMLLINT ?= $(BINDIR)/xmllint Index: refpolicy/Rules.modular =================================================================== --- refpolicy.orig/Rules.modular 2012-03-30 14:48:20.000000000 +0200 +++ refpolicy/Rules.modular 2012-12-03 15:28:28.304149778 +0100 @@ -201,6 +201,7 @@ validate: $(base_pkg) $(mod_pkgs) @echo "Validating policy linking." $(verbose) $(SEMOD_LNK) -o $(tmpdir)/test.lnk $^ $(verbose) $(SEMOD_EXP) $(tmpdir)/test.lnk $(tmpdir)/policy.bin + $(verbose) $(SEPOLGEN) -p $(tmpdir)/policy.bin -i $(poldir) -o $(tmpdir)/output @echo "Success." ######################################## ++++++ selinux-policy.conf ++++++ z /sys/devices/system/cpu/online - - - Z /sys/class/net - - - ++++++ selinux-policy.sysconfig ++++++ # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted ++++++ setrans-minimum.conf ++++++ # # Multi-Category Security translation table for SELinux # # Uncomment the following to disable translation libary # disable=1 # # Objects can be categorized with 0-1023 categories defined by the admin. # Objects can be in more than one category at a time. # Categories are stored in the system as c0-c1023. Users can use this # table to translate the categories into a more meaningful output. # Examples: # s0:c0=CompanyConfidential # s0:c1=PatientRecord # s0:c2=Unclassified # s0:c3=TopSecret # s0:c1,c3=CompanyConfidentialRedHat s0=SystemLow s0-s0:c0.c1023=SystemLow-SystemHigh s0:c0.c1023=SystemHigh ++++++ setrans-mls.conf ++++++ # # Multi-Level Security translation table for SELinux # # Uncomment the following to disable translation libary # disable=1 # # Objects can be labeled with one of 16 levels and be categorized with 0-1023 # categories defined by the admin. # Objects can be in more than one category at a time. # Users can modify this table to translate the MLS labels for different purpose. # # Assumptions: using below MLS labels. # SystemLow # SystemHigh # Unclassified # Secret with compartments A and B. # # SystemLow and SystemHigh s0=SystemLow s15:c0.c1023=SystemHigh s0-s15:c0.c1023=SystemLow-SystemHigh # Unclassified level s1=Unclassified # Secret level with compartments s2=Secret s2:c0=A s2:c1=B # ranges for Unclassified s0-s1=SystemLow-Unclassified s1-s2=Unclassified-Secret s1-s15:c0.c1023=Unclassified-SystemHigh # ranges for Secret with compartments s0-s2=SystemLow-Secret s0-s2:c0=SystemLow-Secret:A s0-s2:c1=SystemLow-Secret:B s0-s2:c0,c1=SystemLow-Secret:AB s1-s2:c0=Unclassified-Secret:A s1-s2:c1=Unclassified-Secret:B s1-s2:c0,c1=Unclassified-Secret:AB s2-s2:c0=Secret-Secret:A s2-s2:c1=Secret-Secret:B s2-s2:c0,c1=Secret-Secret:AB s2-s15:c0.c1023=Secret-SystemHigh s2:c0-s2:c0,c1=Secret:A-Secret:AB s2:c0-s15:c0.c1023=Secret:A-SystemHigh s2:c1-s2:c0,c1=Secret:B-Secret:AB s2:c1-s15:c0.c1023=Secret:B-SystemHigh s2:c0,c1-s15:c0.c1023=Secret:AB-SystemHigh ++++++ setrans-targeted.conf ++++++ # # Multi-Category Security translation table for SELinux # # Uncomment the following to disable translation libary # disable=1 # # Objects can be categorized with 0-1023 categories defined by the admin. # Objects can be in more than one category at a time. # Categories are stored in the system as c0-c1023. Users can use this # table to translate the categories into a more meaningful output. # Examples: # s0:c0=CompanyConfidential # s0:c1=PatientRecord # s0:c2=Unclassified # s0:c3=TopSecret # s0:c1,c3=CompanyConfidentialRedHat s0=SystemLow s0-s0:c0.c1023=SystemLow-SystemHigh s0:c0.c1023=SystemHigh ++++++ users-minimum ++++++ ################################## # # Core User configuration. # # # gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories]) # # Note: Identities without a prefix wil not be listed # in the users_extra file used by genhomedircon. # # system_u is the user identity for system processes and objects. # There should be no corresponding Unix user identity for system, # and a user process should never be assigned the system user # identity. # gen_user(system_u,, system_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats) # # user_u is a generic user identity for Linux users who have no # SELinux user identity defined. The modified daemons will use # this user identity in the security context if there is no matching # SELinux user identity for a Linux user. If you do not want to # permit any access to such users, then remove this entry. # gen_user(user_u, user, user_r, s0, s0) gen_user(staff_u, user, staff_r system_r sysadm_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats) gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats) # # The following users correspond to Unix identities. # These identities are typically assigned as the user attribute # when login starts the user shell. Users with access to the sysadm_r # role should use the staff_r role instead of the user_r role when # not in the sysadm_r. # gen_user(root, user, unconfined_r sysadm_r staff_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) ++++++ users-mls ++++++ ################################## # # Core User configuration. # # # gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories]) # # Note: Identities without a prefix wil not be listed # in the users_extra file used by genhomedircon. # # system_u is the user identity for system processes and objects. # There should be no corresponding Unix user identity for system, # and a user process should never be assigned the system user # identity. # gen_user(system_u,, system_r, s0, s0 - mls_systemhigh, mcs_allcats) # # user_u is a generic user identity for Linux users who have no # SELinux user identity defined. The modified daemons will use # this user identity in the security context if there is no matching # SELinux user identity for a Linux user. If you do not want to # permit any access to such users, then remove this entry. # gen_user(user_u, user, user_r, s0, s0) gen_user(staff_u, user, staff_r system_r sysadm_r secadm_r auditadm_r, s0, s0 - mls_systemhigh, mcs_allcats) gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats) # # The following users correspond to Unix identities. # These identities are typically assigned as the user attribute # when login starts the user shell. Users with access to the sysadm_r # role should use the staff_r role instead of the user_r role when # not in the sysadm_r. # gen_user(root, user, sysadm_r staff_r secadm_r auditadm_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) ++++++ users-targeted ++++++ ################################## # # Core User configuration. # # # gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories]) # # Note: Identities without a prefix wil not be listed # in the users_extra file used by genhomedircon. # # system_u is the user identity for system processes and objects. # There should be no corresponding Unix user identity for system, # and a user process should never be assigned the system user # identity. # gen_user(system_u,, system_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats) # # user_u is a generic user identity for Linux users who have no # SELinux user identity defined. The modified daemons will use # this user identity in the security context if there is no matching # SELinux user identity for a Linux user. If you do not want to # permit any access to such users, then remove this entry. # gen_user(user_u, user, user_r, s0, s0) gen_user(staff_u, user, staff_r system_r sysadm_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats) gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats) # # The following users correspond to Unix identities. # These identities are typically assigned as the user attribute # when login starts the user shell. Users with access to the sysadm_r # role should use the staff_r role instead of the user_r role when # not in the sysadm_r. # gen_user(root, user, unconfined_r sysadm_r staff_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit sblim-cim-client2 for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package sblim-cim-client2 for openSUSE:Factory checked in at 2012-12-28 22:49:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sblim-cim-client2 (Old) and /work/SRC/openSUSE:Factory/.sblim-cim-client2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sblim-cim-client2", Maintainer is "VDziewiecki(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/sblim-cim-client2/sblim-cim-client2.changes 2012-09-23 21:13:49.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.sblim-cim-client2.new/sblim-cim-client2.changes 2012-12-28 22:49:15.000000000 +0100 @@ -1,0 +2,21 @@ +Sat Dec 15 15:44:07 UTC 2012 - kkaempf(a)suse.com + +- Update to Version 2.2.1 + New features + * A new internal API - WBEMConfiguation.getActiveConfigFullURL + - can be used to obtain the FQDN of the active conguration + file (#3576396) + * A new Java property - sblim.wbem.verifyJavaLangDoubleStrings + - can be used to make the client verify that strings representing + a Double will not hang the JRE when parsed (#3572993) + + Bugs fixed + 3584119 Update detailed release history HTML for 2.2.1 + 3592502 Enhance CIMDataType unit test + 3588558 An enhancement on Java CIM Client logging + 3557283 Print full response when get EOF from CIMOM + 3576396 Improve logging of config file name + 3572993 parseDouble("2.2250738585072012e-308") DoS vulnerability + 3567433 Add links to top of detailed release history HTML + +------------------------------------------------------------------- Old: ---- sblim-cim-client2-2.2.0-doc.zip sblim-cim-client2-2.2.0-src.zip New: ---- sblim-cim-client2-2.2.1-doc.zip sblim-cim-client2-2.2.1-src.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sblim-cim-client2.spec ++++++ --- /var/tmp/diff_new_pack.0v8JYZ/_old 2012-12-28 22:49:19.000000000 +0100 +++ /var/tmp/diff_new_pack.0v8JYZ/_new 2012-12-28 22:49:19.000000000 +0100 @@ -21,7 +21,7 @@ # ----------------------------------------------------------------------------- Name: sblim-cim-client2 -Version: 2.2.0 +Version: 2.2.1 Release: 0 Url: http://sblim.sourceforge.net/ Summary: Java CIM Client library @@ -32,7 +32,9 @@ Source1: http://downloads.sourceforge.net/project/sblim/%{name}/%{version}/%{name}-%… BuildArch: noarch BuildRequires: ant >= 1.6 +%if 0%{?suse_version} > 1010 BuildRequires: fdupes +%endif BuildRequires: java-devel BuildRequires: jpackage-utils >= 1.5.32 BuildRequires: unzip @@ -142,7 +144,9 @@ install -d $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} cp -pr %{archive_folder}/doc/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} +%if 0%{?suse_version} > 1010 %fdupes $RPM_BUILD_ROOT +%endif # ----------------------------------------------------------------------------- %files -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit rubygem-webyast-rake-tasks for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package rubygem-webyast-rake-tasks for openSUSE:Factory checked in at 2012-12-28 22:49:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-webyast-rake-tasks (Old) and /work/SRC/openSUSE:Factory/.rubygem-webyast-rake-tasks.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-webyast-rake-tasks", Maintainer is "schubi(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-webyast-rake-tasks/rubygem-webyast-rake-tasks.changes 2012-09-25 10:51:54.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-webyast-rake-tasks.new/rubygem-webyast-rake-tasks.changes 2012-12-28 22:49:07.000000000 +0100 @@ -1,0 +2,14 @@ +Wed Dec 19 08:35:16 UTC 2012 - lslezak(a)suse.cz + +- make the update script symlinks relative so they are valid also + in installation chroot (/mnt) (bnc#795045) +- 0.3.6 + +------------------------------------------------------------------- +Mon Dec 3 10:19:30 UTC 2012 - lslezak(a)suse.cz + +- added %restart_webyast, %restart_script_name and %create_restart_script + RPM macros for restarting Webyast using an update script +- 0.3.5 + +------------------------------------------------------------------- Old: ---- webyast-rake-tasks-0.3.4.gem New: ---- webyast-rake-tasks-0.3.6.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-webyast-rake-tasks.spec ++++++ --- /var/tmp/diff_new_pack.FWJxV8/_old 2012-12-28 22:49:13.000000000 +0100 +++ /var/tmp/diff_new_pack.FWJxV8/_new 2012-12-28 22:49:13.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package rubygem-webyast-rake-tasks (Version 0.3.4) +# spec file for package rubygem-webyast-rake-tasks # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -15,19 +15,18 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: rubygem-webyast-rake-tasks -Version: 0.3.4 +Version: 0.3.6 +Release: 0 Provides: rubygem-yast2-webservice-tasks = %{version} Obsoletes: rubygem-yast2-webservice-tasks < %{version} -Release: 0 # Nope, doesn't work. Gems are installed below /usr/lib{64} # BuildArch: noarch %define mod_name webyast-rake-tasks # -Group: Development/Languages/Ruby -License: LGPL-2.1 BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: rubygems_with_buildroot_patch @@ -42,8 +41,10 @@ Source2: macros.webyast-PolicyKit Source3: macros.webyast-polkit1 - Summary: Rake tasks shared by all WebYaST packages +License: LGPL-2.1 +Group: Development/Languages/Ruby + %description The original task package is renamed to package-local. The new task package includes the tasks git_check and syntax_check. ++++++ macros.webyast ++++++ --- /var/tmp/diff_new_pack.FWJxV8/_old 2012-12-28 22:49:13.000000000 +0100 +++ /var/tmp/diff_new_pack.FWJxV8/_new 2012-12-28 22:49:13.000000000 +0100 @@ -49,16 +49,7 @@ # update manifest.yml file # use assets.rake file directly (faster loading) -%webyast_update_assets \ - cd %{webyast_dir} \ - rake -f lib/tasks/assets.rake assets:join_manifests \ - if test -f "Gemfile" ; then \ - bundle update \ - fi - cd - - -# update manifest.yml file -# use assets.rake file directly (faster loading) +# (Usually not needed, replaced by update script functionality) %webyast_update_assets \ cd %{webyast_dir} \ rake -f lib/tasks/assets.rake assets:join_manifests \ @@ -84,10 +75,9 @@ rm -rf $TEST_DB_PATH \ cd $RPM_BUILD_ROOT/%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name} \ cp %{webyast_dir}/Gemfile.test Gemfile.test \ - echo 'gem "%{mod_name}", :path => "."' >> Gemfile.test \ - BUNDLE_GEMFILE=Gemfile.test bundle update \ BUNDLE_GEMFILE=Gemfile.test RAILS_ENV=test rake db:create \ BUNDLE_GEMFILE=Gemfile.test RAILS_ENV=test rake db:schema:load \ + echo 'gem "%{mod_name}", :path => "."' >> Gemfile.test \ BUNDLE_GEMFILE=Gemfile.test RAILS_ENV=test ADD_BUILD_PATH=1 rake test \ rm -rf $TEST_DB_PATH Gemfile.test Gemfile.test.lock log \ cd - @@ -96,7 +86,8 @@ %webyast_build_plugin_assets \ export RAILS_PARENT=%{webyast_dir} \ cd $RPM_BUILD_ROOT/%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name} \ - rake assets:precompile \ + BUNDLE_GEMFILE=Gemfile.assets rake assets:precompile \ + rm -f Gemfile.assets Gemfile.assets.lock \ rm -rf tmp \ mkdir -p $RPM_BUILD_ROOT/srv/www/webyast/public/assets \ mv public/assets/* $RPM_BUILD_ROOT/srv/www/webyast/public/assets \ @@ -105,6 +96,20 @@ rm -rf log \ cd - +# set the flag to restart webyast at the end of libzypp transaction via update script +%restart_webyast \ + touch /var/lib/webyast/restart + +# restart file name for files section +%restart_script_name \ + /var/adm/update-scripts/%name-%version-%release-update + +# create a restart script (symlink the base script) (for build section) +# make the symlink relative so it is valid even in chroot (/mnt) during initial installation +%create_restart_script \ + mkdir -p $RPM_BUILD_ROOT/var/adm/update-scripts \ + ln -s ../../../usr/sbin/update_webyast_service $RPM_BUILD_ROOT/var/adm/update-scripts/%name-%version-%release-update + %webyast_polkit \ %if 0%{?suse_version} == 0 || %suse_version > 1110 \ WEBYAST_POLKIT_DIR='polkit-1/actions' \ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit rubygem-sprockets for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package rubygem-sprockets for openSUSE:Factory checked in at 2012-12-28 22:48:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-sprockets (Old) and /work/SRC/openSUSE:Factory/.rubygem-sprockets.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-sprockets", Maintainer is "MRueckert(a)suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-sprockets/rubygem-sprockets.changes 2012-11-08 21:53:19.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-sprockets.new/rubygem-sprockets.changes 2012-12-28 22:49:05.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Dec 18 14:51:41 UTC 2012 - coolo(a)suse.com + +- updated to version 2.8.2 + * Fixed top level Sass constant references + * Fixed manifest logger when environment is disabled + +------------------------------------------------------------------- Old: ---- sprockets-2.8.1.gem New: ---- sprockets-2.8.2.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-sprockets.spec ++++++ --- /var/tmp/diff_new_pack.H18sMm/_old 2012-12-28 22:49:07.000000000 +0100 +++ /var/tmp/diff_new_pack.H18sMm/_new 2012-12-28 22:49:07.000000000 +0100 @@ -17,7 +17,7 @@ Name: rubygem-sprockets -Version: 2.8.1 +Version: 2.8.2 Release: 0 %define mod_name sprockets %define mod_full_name %{mod_name}-%{version} -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit rubygem-rhc for openSUSE:Factory
by root＠hilbert.suse.de 28 Dec '12

28 Dec '12

Hello community, here is the log from the commit of package rubygem-rhc for openSUSE:Factory checked in at 2012-12-28 22:48:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-rhc (Old) and /work/SRC/openSUSE:Factory/.rubygem-rhc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-rhc", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-rhc/rubygem-rhc.changes 2012-12-14 11:11:05.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-rhc.new/rubygem-rhc.changes 2012-12-28 22:48:32.000000000 +0100 @@ -1,0 +2,5 @@ +Wed Dec 19 06:29:51 UTC 2012 - coolo(a)suse.com + +- updated to version 1.2.7, no changelog + +------------------------------------------------------------------- Old: ---- rhc-1.1.11.gem New: ---- rhc-1.2.7.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-rhc.spec ++++++ --- /var/tmp/diff_new_pack.h2N189/_old 2012-12-28 22:48:33.000000000 +0100 +++ /var/tmp/diff_new_pack.h2N189/_new 2012-12-28 22:48:33.000000000 +0100 @@ -17,7 +17,7 @@ Name: rubygem-rhc -Version: 1.1.11 +Version: 1.2.7 Release: 0 %define mod_name rhc %define mod_full_name %{mod_name}-%{version} -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0