rpms/at
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- update to the new version of at

Browse Source 
- adapt patches for new version
- change our pam config to source
- start using new upstream test instead of our nonfunctinal
- upstream changed nofork option -n to foreground option -f
This commit is contained in:
Marcela Mašláňová 2009-12-03 12:34:21 +00:00
parent f4170d0c53
commit ec83003b9d
15 changed files with 392 additions and 600 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -4,3 +4,5 @@ atd.init
atd.sysconf atd.sysconf
test.pl test.pl
at_3.1.11.orig.tar.gz at_3.1.11.orig.tar.gz
at_3.1.12.orig.tar.gz
pam_atd

20
at-3.1.10-shell.patch
View File

@ -1,20 +0,0 @@
--- at-3.1.10/at.c.shell 2006-09-12 11:25:31.000000000 +0200
+++ at-3.1.10/at.c 2006-09-12 12:25:43.000000000 +0200
@@ -460,6 +460,8 @@
fprintf(fp, " || {\n\t echo 'Execution directory "
"inaccessible' >&2\n\t exit 1\n}\n");
+ fprintf(fp, "${SHELL:-/bin/sh} << `(dd if=/dev/urandom count=200 bs=1 2>/dev/null|LC_ALL=C tr -d -c '[:alnum:]')`\n\n");
+
istty = isatty(fileno(stdin));
if (istty) {
fprintf(stderr, "at> ");
@@ -1037,7 +1039,7 @@
It also alows a warning diagnostic to be printed. Because of the
possible variance, we always output the diagnostic. */
- fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
+// fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
writefile(timer, queue);
break;

92
at-3.1.11-dont_fork.patch
View File

@ -1,92 +0,0 @@
diff -up at-3.1.11/atd.8.in.dont_fork at-3.1.11/atd.8.in
--- at-3.1.11/atd.8.in.dont_fork 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/atd.8.in 2009-10-01 13:03:18.799878107 +0200
@@ -1,4 +1,4 @@
-.TH ATD 8 "Mar 1997" local "Linux Programmer's Manual"
+.TH ATD 8 "Sep 2009" at-3.1.11 "Linux Programmer's Manual"
.SH NAME
atd \- run jobs queued for later execution
.SH SYNOPSIS
@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi
.IR batch_interval ]
.RB [ -d ]
.RB [ -s ]
+.RB [ -n ]
.SH DESCRIPTION
.B atd
runs jobs queued by
@@ -45,6 +46,9 @@ A script invoking
is installed as
.B @prefix@/sbin/atrun
for backward compatibility.
++.TP 8
++.B -n
++Don't fork option.
.SH WARNING
.B atd
won't work if its spool directory is mounted via NFS even if
diff -up at-3.1.11/atd.c.dont_fork at-3.1.11/atd.c
--- at-3.1.11/atd.c.dont_fork 2009-10-01 13:03:18.000000000 +0200
+++ at-3.1.11/atd.c 2009-10-01 13:04:55.289631298 +0200
@@ -729,7 +729,7 @@ main(int argc, char *argv[])
run_as_daemon = 1;
batch_interval = BATCH_INTERVAL_DEFAULT;
- while ((c = getopt(argc, argv, "sdl:b:")) != EOF) {
+ while ((c = getopt(argc, argv, "sdl:b:n")) != EOF) {
switch (c) {
case 'l':
if (sscanf(optarg, "%lf", &load_avg) != 1)
@@ -744,7 +744,10 @@ main(int argc, char *argv[])
break;
case 'd':
daemon_debug++;
- break;
+ /* go through another option*/
+ case 'n':
+ daemon_nofork++;
+ break;
case 's':
run_as_daemon = 0;
diff -up at-3.1.11/daemon.c.dont_fork at-3.1.11/daemon.c
--- at-3.1.11/daemon.c.dont_fork 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/daemon.c 2009-10-01 13:03:18.800878165 +0200
@@ -48,7 +48,8 @@
#include "daemon.h"
#include "privs.h"
-int daemon_debug;
+int daemon_debug = 0;
+int daemon_nofork = 0;
static int
lock_fd(int fd)
@@ -117,15 +118,18 @@ daemon_setup()
(open("/dev/null", O_RDWR) != 2)) {
perr("Error redirecting I/O");
}
+ }
+ if (daemon_nofork) pid = getpid();
+ else {
pid = fork();
if (pid == -1) {
perr("Cannot fork");
} else if (pid != 0) {
exit(0);
}
+ (void) setsid();
}
old_umask = umask(S_IWGRP | S_IWOTH);
- (void) setsid();
PRIV_START
diff -up at-3.1.11/daemon.h.dont_fork at-3.1.11/daemon.h
--- at-3.1.11/daemon.h.dont_fork 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/daemon.h 2009-10-01 13:03:18.801877593 +0200
@@ -14,3 +14,4 @@ __attribute__((noreturn))
perr (const char *fmt, ...);
extern int daemon_debug;
+extern int daemon_nofork;

48
at-3.1.11-log.patch
View File

@ -1,48 +0,0 @@
diff -up at-3.1.11/at.c.log at-3.1.11/at.c
diff -up at-3.1.11/atd.c.log at-3.1.11/atd.c
--- at-3.1.11/atd.c.log 2009-10-01 13:05:17.000000000 +0200
+++ at-3.1.11/atd.c 2009-10-01 13:25:48.437638709 +0200
@@ -83,6 +83,10 @@
#include "getloadavg.h"
#endif
+#ifndef LOG_ATD
+#define LOG_ATD LOG_DAEMON
+#endif
+
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
@@ -195,6 +199,19 @@ myfork()
#define fork myfork
#endif
+#undef ATD_MAIL_PROGRAM
+#undef ATD_MAIL_NAME
+#if defined(SENDMAIL)
+#define ATD_MAIL_PROGRAM SENDMAIL
+#define ATD_MAIL_NAME "sendmail"
+#elif defined(MAILC)
+#define ATD_MAIL_PROGRAM MAILC
+#define ATD_MAIL_NAME "mail"
+#elif defined(MAILX)
+#define ATD_MAIL_PROGRAM MAILX
+#define ATD_MAIL_NAME "mailx"
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -718,11 +735,7 @@ main(int argc, char *argv[])
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
-#ifndef LOG_CRON
-#define LOG_CRON LOG_DAEMON
-#endif
-
- openlog("atd", LOG_PID, LOG_CRON);
+ openlog("atd", LOG_PID, LOG_ATD);
opterr = 0;
errno = 0;

86
at-3.1.11-nitpicks.patch
View File

@ -1,86 +0,0 @@
diff -up at-3.1.11/at.1.in.typo at-3.1.11/at.1.in
--- at-3.1.11/at.1.in.typo 2009-08-14 12:49:05.000000000 -0400
+++ at-3.1.11/at.1.in 2009-09-29 13:11:37.869869479 -0400
@@ -89,7 +89,9 @@ or giving a date of the form
or
.B MM/DD/YY
or
-.B DD.MM.YY.
+.B DD.MM.YY
+or
+.B YYYY-MM-DD.
The specification of a date
.I must
follow the specification of the time of day.
@@ -119,7 +121,7 @@ and to run a job at 1am tomorrow, you wo
.B at 1am tomorrow.
.PP
The exact definition of the time specification can be found in
-.IR @prefix@/share/doc/at/timespec .
+.IR @prefix@/share/doc/at-@VERSION@/timespec .
.PP
For both
.BR at " and " batch ,
diff -up at-3.1.11/atd.c.typo at-3.1.11/atd.c
--- at-3.1.11/atd.c.typo 2009-09-29 13:02:17.068860987 -0400
+++ at-3.1.11/atd.c 2009-09-29 13:02:17.099881137 -0400
@@ -276,6 +276,8 @@ run_file(const char *filename, uid_t uid
free(newname);
return;
}
+ (void) setsid(); //own session for process
+
/* Let's see who we mail to. Hopefully, we can read it from
* the command file; if not, send it to the owner, or, failing that,
* to root.
@@ -497,7 +499,7 @@ run_file(const char *filename, uid_t uid
#if defined(SENDMAIL)
execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
#else
-#error "No mail command specified."
+ perr("No mail command specified.");
#endif
perr("Exec failed for mail command");
@@ -606,6 +608,7 @@ run_loop()
* Let's remove the lockfile and reschedule.
*/
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
+ lock_name[sizeof(lock_name)-1] = '\0';
lock_name[0] = '=';
unlink(lock_name);
next_job = now;
@@ -640,6 +643,7 @@ run_loop()
run_batch++;
if (strcmp(batch_name, dirent->d_name) > 0) {
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
+ batch_name[sizeof(batch_name)-1] = '\0';
batch_uid = buf.st_uid;
batch_gid = buf.st_gid;
batch_queue = queue;
diff -up at-3.1.11/configure.ac.aaa at-3.1.11/configure.ac
--- at-3.1.11/configure.ac.aaa 2009-08-14 12:49:05.000000000 -0400
+++ at-3.1.11/configure.ac 2009-09-29 13:35:59.230866054 -0400
@@ -5,7 +5,7 @@ AC_CONFIG_SRCDIR(at.c)
AC_PREFIX_DEFAULT(/usr)
AC_CONFIG_HEADER(config.h)
-AC_PREREQ([2.64])
+AC_PREREQ([2.63])
VERSION=AC_PACKAGE_VERSION
if test "X$CFLAGS" = "X"; then
diff -up at-3.1.11/atd.c.seg at-3.1.11/atd.c
--- at-3.1.11/atd.c.seg 2009-08-14 12:49:05.000000000 -0400
+++ at-3.1.11/atd.c 2009-09-29 12:15:55.200864618 -0400
@@ -435,6 +435,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir("/");
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)

17
at-3.1.11-opt_V.patch
View File

@ -1,17 +0,0 @@
diff -up at-3.1.11/at.c.opt_V at-3.1.11/at.c
--- at-3.1.11/at.c.opt_V 2009-09-29 12:42:16.000000000 -0400
+++ at-3.1.11/at.c 2009-09-29 12:46:43.998865749 -0400
@@ -857,10 +857,9 @@ main(int argc, char **argv)
*/
if (disp_version) {
- fprintf(stderr, "at version " VERSION "\n"
- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n"
- "or contact the maintainers (at@packages.debian.org).\n");
- exit(EXIT_SUCCESS);
+ fprintf(stderr, "at version " VERSION "\n");
+ if (argc == 2)
+ exit(EXIT_SUCCESS);
}
/* select our program

178
at-3.1.11-selinux.patch
View File

@ -1,178 +0,0 @@
diff -up at-3.1.11/atd.c.selinux at-3.1.11/atd.c
--- at-3.1.11/atd.c.selinux 2009-10-05 12:56:24.573344967 +0200
+++ at-3.1.11/atd.c 2009-10-05 13:01:55.991338568 +0200
@@ -74,6 +74,14 @@
#include <syslog.h>
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled=0;
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif
+
/* Local headers */
#include "privs.h"
@@ -204,6 +212,68 @@ myfork()
#define ATD_MAIL_NAME "mailx"
#endif
+#ifdef WITH_SELINUX
+static int set_selinux_context(const char *name, const char *filename) {
+ security_context_t user_context=NULL;
+ security_context_t file_context=NULL;
+ struct av_decision avd;
+ int retval=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (getseuserbyname(name, &seuser, &level) == 0) {
+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce()==1) {
+ perr("execle: couldn't get security context for user %s\n", name);
+ } else {
+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
+ return -1;
+ }
+ }
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
+ perr("fgetfilecon FAILED %s", filename);
+
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ if (security_getenforce()==1) {
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
+ } else {
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
+ }
+ }
+ if (setexeccon(user_context) < 0) {
+ if (security_getenforce()==1) {
+ perr("Could not set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ } else {
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
+ }
+ }
+ err:
+ freecon(user_context);
+ return 0;
+}
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -454,6 +524,13 @@ run_file(const char *filename, uid_t uid
chdir("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled > 0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
+
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
#ifdef WITH_PAM
@@ -535,10 +612,24 @@ run_file(const char *filename, uid_t uid
chdir ("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
+
execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL);
perr("Exec failed for mail command");
exit(-1);
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0)
+ if (setexeccon(NULL) < 0)
+ if (security_getenforce()==1)
+ perr("Could not reset exec context for user %s\n", pentry->pw_name);
+#endif
+
PRIV_END
}
else if ( mail_pid == -1 ) {
@@ -754,6 +845,10 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
+#ifdef WITH_SELINUX
+ selinux_enabled=is_selinux_enabled();
+#endif
+
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
diff -up at-3.1.11/config.h.in.selinux at-3.1.11/config.h.in
--- at-3.1.11/config.h.in.selinux 2009-10-05 12:56:24.573344967 +0200
+++ at-3.1.11/config.h.in 2009-10-05 12:56:24.590350404 +0200
@@ -77,6 +77,9 @@
/* Define if you are building with_pam */
#undef WITH_PAM
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.11/configure.ac.selinux at-3.1.11/configure.ac
--- at-3.1.11/configure.ac.selinux 2009-10-05 12:56:24.574344835 +0200
+++ at-3.1.11/configure.ac 2009-10-05 12:56:24.591350062 +0200
@@ -308,5 +308,13 @@ AC_DEFINE(WITH_PAM),
AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
AC_SUBST(PAMLIB)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch)
AC_OUTPUT
diff -up at-3.1.11/Makefile.in.selinux at-3.1.11/Makefile.in
--- at-3.1.11/Makefile.in.selinux 2009-10-05 12:56:24.509607000 +0200
+++ at-3.1.11/Makefile.in 2009-10-05 12:56:24.592345179 +0200
@@ -39,6 +39,7 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
+SELINUXLIB = @SELINUXLIB@
CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o

29
at-3.1.11-makefile.patch → at-3.1.12-makefile.patch
View File

@ -1,16 +1,7 @@
diff -up at-3.1.11/Makefile.in.make at-3.1.11/Makefile.in diff -up at-3.1.12/Makefile.in.make at-3.1.12/Makefile.in
--- at-3.1.11/Makefile.in.make 2009-08-14 18:49:05.000000000 +0200 --- at-3.1.12/Makefile.in.make 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.11/Makefile.in 2009-10-02 10:36:24.104162973 +0200 +++ at-3.1.12/Makefile.in 2009-12-03 13:23:08.794258910 +0100
@@ -50,6 +51,8 @@ HEADERS = at.h panic.h parsetime.h perm @@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc
OTHERS = parsetime.l parsetime.y
+TEST_VERBOSE = 0
+
DOCS = Problems Copyright README ChangeLog timespec
MISC = COPYING Makefile.in configure acconfig.h install-sh \
@@ -65,13 +68,13 @@ LIST = Filelist Filelist.asc
all: at atd atrun all: at atd atrun
at: $(ATOBJECTS) at: $(ATOBJECTS)
@ -26,7 +17,7 @@ diff -up at-3.1.11/Makefile.in.make at-3.1.11/Makefile.in
y.tab.c y.tab.h: parsetime.y y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y $(YACC) -d parsetime.y
@@ -83,38 +86,42 @@ atrun: atrun.in @@ -83,38 +83,42 @@ atrun: atrun.in
configure configure
.c.o: .c.o:
@ -90,13 +81,3 @@ diff -up at-3.1.11/Makefile.in.make at-3.1.11/Makefile.in
rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
$(IROOT)$(mandir)/cat1/atq.1* $(IROOT)$(mandir)/cat1/atq.1*
rm -f $(IROOT)$(mandir)/cat1/atd.8* rm -f $(IROOT)$(mandir)/cat1/atd.8*
@@ -148,6 +155,9 @@ Filelist.asc: Filelist
parsetest: lex.yy.c y.tab.c
$(CC) -o parsetest $(CFLAGS) $(DEFS) -DTEST_PARSER -DNEED_YYWRAP lex.yy.c y.tab.c
+test: parsetest
+ PERL_DL_NONLAZY=1 perl -e 'use Test::Harness qw(&runtests $$verbose); $$verbose=$(TEST_VERBOSE); runtests @ARGV;' test.pl
+
.depend: $(CSRCS)
gcc $(CFLAGS) $(DEFS) -MM $(CSRCS) > .depend

103
at-3.1.12-nitpicks.patch Normal file
View File

@ -0,0 +1,103 @@
diff -up at-3.1.12/at.1.in.nit at-3.1.12/at.1.in
--- at-3.1.12/at.1.in.nit 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/at.1.in 2009-12-03 10:32:19.018261655 +0100
@@ -121,7 +121,7 @@ and to run a job at 1am tomorrow, you wo
.B at 1am tomorrow.
.PP
The exact definition of the time specification can be found in
-.IR @prefix@/share/doc/at/timespec .
+.IR @prefix@/share/doc/at-@VERSION@/timespec .
.PP
For both
.BR at " and " batch ,
diff -up at-3.1.12/atd.c.nit at-3.1.12/atd.c
--- at-3.1.12/atd.c.nit 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/atd.c 2009-12-03 10:33:12.494259601 +0100
@@ -83,6 +83,9 @@
#include "getloadavg.h"
#endif
+#ifndef LOG_ATD
+#define LOG_ATD LOG_DAEMON
+#endif
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
@@ -194,6 +197,18 @@ myfork()
#define fork myfork
#endif
+#undef ATD_MAIL_PROGRAM
+#undef ATD_MAIL_NAME
+#if defined(SENDMAIL)
+#define ATD_MAIL_PROGRAM SENDMAIL
+#define ATD_MAIL_NAME "sendmail"
+#elif defined(MAILC)
+#define ATD_MAIL_PROGRAM MAILC
+#define ATD_MAIL_NAME "mail"
+#elif defined(MAILX)
+#define ATD_MAIL_PROGRAM MAILX
+#define ATD_MAIL_NAME "mailx"
+#endif
static void
run_file(const char *filename, uid_t uid, gid_t gid)
@@ -276,6 +291,9 @@ run_file(const char *filename, uid_t uid
free(newname);
return;
}
+
+ (void) setsid(); //own session for process
+
/* Let's see who we mail to. Hopefully, we can read it from
* the command file; if not, send it to the owner, or, failing that,
* to root.
@@ -435,6 +453,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir("/");
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
@@ -503,6 +524,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir ("/");
#if defined(SENDMAIL)
@@ -617,6 +641,7 @@ run_loop()
* Let's remove the lockfile and reschedule.
*/
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
+ lock_name[sizeof(lock_name)-1] = '\0';
lock_name[0] = '=';
unlink(lock_name);
next_job = now;
@@ -651,6 +676,7 @@ run_loop()
run_batch++;
if (strcmp(batch_name, dirent->d_name) > 0) {
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
+ batch_name[sizeof(batch_name)-1] = '\0';
batch_uid = buf.st_uid;
batch_gid = buf.st_gid;
batch_queue = queue;
@@ -725,11 +751,7 @@ main(int argc, char *argv[])
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
-#ifndef LOG_CRON
-#define LOG_CRON LOG_DAEMON
-#endif
-
- openlog("atd", LOG_PID, LOG_CRON);
+ openlog("atd", LOG_PID, LOG_ATD);
opterr = 0;
errno = 0;

17
at-3.1.12-opt_V.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up at-3.1.12/at.c.opt_V at-3.1.12/at.c
--- at-3.1.12/at.c.opt_V 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/at.c 2009-12-02 13:20:29.770215516 +0100
@@ -853,10 +853,9 @@ main(int argc, char **argv)
*/
if (disp_version) {
- fprintf(stderr, "at version " VERSION "\n"
- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n"
- "or contact the maintainers (at@packages.debian.org).\n");
- exit(EXIT_SUCCESS);
+ fprintf(stderr, "at version " VERSION "\n");
+ if (argc == 2)
+ exit(EXIT_SUCCESS);
}
/* select our program

112
at-3.1.11-pam2.patch → at-3.1.12-pam.patch
View File

@ -1,7 +1,7 @@
diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
--- at-3.1.11/at.c.pam2 2009-10-13 16:47:23.277378517 +0200 --- at-3.1.12/at.c.pam 2009-12-03 10:34:52.714284767 +0100
+++ at-3.1.11/at.c 2009-10-13 16:47:23.321377936 +0200 +++ at-3.1.12/at.c 2009-12-03 10:36:38.736257590 +0100
@@ -315,26 +315,19 @@ writefile(time_t runtimer, char queue) @@ -318,26 +318,19 @@ writefile(time_t runtimer, char queue)
* bit. Yes, this is a kluge. * bit. Yes, this is a kluge.
*/ */
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
@ -31,16 +31,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
/* We've successfully created the file; let's set the flag so it /* We've successfully created the file; let's set the flag so it
* gets removed in case of an interrupt or error. * gets removed in case of an interrupt or error.
*/ */
@@ -493,7 +486,7 @@ writefile(time_t runtimer, char queue) @@ -661,7 +654,7 @@ process_jobs(int argc, char **argv, int
*/
if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
- perr("Cannot give away file");
+ perr("Cannot change the mode of the file");
close(fd2);
@@ -658,7 +651,7 @@ process_jobs(int argc, char **argv, int
We need the unprivileged uid here since the file is owned by the real We need the unprivileged uid here since the file is owned by the real
(not effective) uid. (not effective) uid.
*/ */
@ -49,7 +40,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
if (queue == '=') { if (queue == '=') {
fprintf(stderr, "Warning: deleting running job\n"); fprintf(stderr, "Warning: deleting running job\n");
@@ -667,8 +660,8 @@ process_jobs(int argc, char **argv, int @@ -670,8 +663,8 @@ process_jobs(int argc, char **argv, int
perr("Cannot unlink %.500s", dirent->d_name); perr("Cannot unlink %.500s", dirent->d_name);
rc = EXIT_FAILURE; rc = EXIT_FAILURE;
} }
@ -59,7 +50,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
done = 1; done = 1;
break; break;
@@ -678,7 +671,7 @@ process_jobs(int argc, char **argv, int @@ -681,7 +674,7 @@ process_jobs(int argc, char **argv, int
FILE *fp; FILE *fp;
int ch; int ch;
@ -68,7 +59,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
fp = fopen(dirent->d_name, "r"); fp = fopen(dirent->d_name, "r");
if (fp) { if (fp) {
@@ -691,7 +684,7 @@ process_jobs(int argc, char **argv, int @@ -694,7 +687,7 @@ process_jobs(int argc, char **argv, int
perr("Cannot open %.500s", dirent->d_name); perr("Cannot open %.500s", dirent->d_name);
rc = EXIT_FAILURE; rc = EXIT_FAILURE;
} }
@ -77,10 +68,10 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
} }
break; break;
diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c
--- at-3.1.11/atd.c.pam2 2009-10-13 16:47:23.297368464 +0200 --- at-3.1.12/atd.c.pam 2009-12-03 10:36:45.265284508 +0100
+++ at-3.1.11/atd.c 2009-10-13 16:48:21.696629698 +0200 +++ at-3.1.12/atd.c 2009-12-03 10:38:52.276261175 +0100
@@ -112,7 +112,7 @@ static int run_as_daemon = 0; @@ -111,7 +111,7 @@ static int run_as_daemon = 0;
static volatile sig_atomic_t term_signal = 0; static volatile sig_atomic_t term_signal = 0;
@ -89,7 +80,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
#include <security/pam_appl.h> #include <security/pam_appl.h>
static pam_handle_t *pamh = NULL; static pam_handle_t *pamh = NULL;
@@ -121,15 +121,7 @@ static const struct pam_conv conv = { @@ -120,15 +120,7 @@ static const struct pam_conv conv = {
NULL NULL
}; };
@ -106,7 +97,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
/* Signal handlers */ /* Signal handlers */
RETSIGTYPE RETSIGTYPE
@@ -236,7 +228,7 @@ run_file(const char *filename, uid_t uid @@ -234,7 +226,7 @@ run_file(const char *filename, uid_t uid
char queue; char queue;
char fmt[64]; char fmt[64];
unsigned long jobno; unsigned long jobno;
@ -115,7 +106,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
int retcode; int retcode;
#endif #endif
@@ -396,16 +388,11 @@ run_file(const char *filename, uid_t uid @@ -395,16 +387,11 @@ run_file(const char *filename, uid_t uid
fstat(fd_out, &buf); fstat(fd_out, &buf);
size = buf.st_size; size = buf.st_size;
@ -136,7 +127,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
PRIV_END PRIV_END
#endif #endif
@@ -420,7 +407,15 @@ run_file(const char *filename, uid_t uid @@ -419,7 +406,15 @@ run_file(const char *filename, uid_t uid
else if (pid == 0) { else if (pid == 0) {
char *nul = NULL; char *nul = NULL;
char **nenvp = &nul; char **nenvp = &nul;
@ -152,7 +143,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
/* Set up things for the child; we want standard input from the /* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file. * input file, and standard output and error sent to our output file.
*/ */
@@ -461,7 +456,16 @@ run_file(const char *filename, uid_t uid @@ -460,7 +455,16 @@ run_file(const char *filename, uid_t uid
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh"); perr("Exec failed for /bin/sh");
@ -170,7 +161,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
PRIV_END PRIV_END
} }
/* We're the parent. Let's wait. /* We're the parent. Let's wait.
@@ -475,7 +479,7 @@ run_file(const char *filename, uid_t uid @@ -474,7 +478,7 @@ run_file(const char *filename, uid_t uid
*/ */
waitpid(pid, (int *) NULL, 0); waitpid(pid, (int *) NULL, 0);
@ -179,9 +170,9 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
PRIV_START PRIV_START
pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
retcode = pam_close_session(pamh, PAM_SILENT); retcode = pam_close_session(pamh, PAM_SILENT);
@@ -490,6 +494,13 @@ run_file(const char *filename, uid_t uid @@ -503,6 +507,14 @@ run_file(const char *filename, uid_t uid
if (open(filename, O_RDONLY) != STDIN_FILENO) if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO)
perr("Open of jobfile failed"); close(fd_in);
+#ifdef WITH_PAM +#ifdef WITH_PAM
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
@ -190,10 +181,11 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
+ closelog(); + closelog();
+ openlog("atd", LOG_PID, LOG_ATD); + openlog("atd", LOG_PID, LOG_ATD);
+#endif +#endif
+
unlink(filename); unlink(filename);
/* The job is now finished. We can delete its input file. /* The job is now finished. We can delete its input file.
@@ -498,8 +509,19 @@ run_file(const char *filename, uid_t uid @@ -511,8 +523,19 @@ run_file(const char *filename, uid_t uid
unlink(newname); unlink(newname);
free(newname); free(newname);
@ -205,26 +197,16 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
+ closelog(); + closelog();
+ openlog("atd", LOG_PID, LOG_ATD); + openlog("atd", LOG_PID, LOG_ATD);
+#endif +#endif
+ mail_pid = fork();
+ +
+ mail_pid = fork();
+ if ( mail_pid == 0 ) + if ( mail_pid == 0 )
+ { + {
PRIV_START PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid)) if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -513,15 +535,28 @@ run_file(const char *filename, uid_t uid @@ -537,7 +560,23 @@ run_file(const char *filename, uid_t uid
chdir ("/");
-#if defined(SENDMAIL)
- execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
-#else
- perr("No mail command specified.");
-#endif
+ execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL);
perr("Exec failed for mail command"); perr("Exec failed for mail command");
+ exit(-1);
PRIV_END PRIV_END
+ } + }
@ -247,10 +229,10 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }
diff -up at-3.1.11/config.h.in.pam2 at-3.1.11/config.h.in diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in
--- at-3.1.11/config.h.in.pam2 2009-08-14 18:49:05.000000000 +0200 --- at-3.1.12/config.h.in.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.11/config.h.in 2009-10-13 16:47:23.323393602 +0200 +++ at-3.1.12/config.h.in 2009-12-03 10:34:36.373265254 +0100
@@ -74,8 +74,8 @@ @@ -68,8 +68,8 @@
/* Define to 1 if you have the <nlist.h> header file. */ /* Define to 1 if you have the <nlist.h> header file. */
#undef HAVE_NLIST_H #undef HAVE_NLIST_H
@ -261,9 +243,9 @@ diff -up at-3.1.11/config.h.in.pam2 at-3.1.11/config.h.in
/* Define to 1 if you have the `pstat_getdynamic' function. */ /* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC #undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.11/configure.ac.pam2 at-3.1.11/configure.ac diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac
--- at-3.1.11/configure.ac.pam2 2009-10-13 16:47:23.266377946 +0200 --- at-3.1.12/configure.ac.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.11/configure.ac 2009-10-13 16:47:23.324393260 +0200 +++ at-3.1.12/configure.ac 2009-12-03 10:34:36.373265254 +0100
@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG @@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
AC_CHECK_HEADERS(security/pam_appl.h, [ AC_CHECK_HEADERS(security/pam_appl.h, [
@ -273,9 +255,9 @@ diff -up at-3.1.11/configure.ac.pam2 at-3.1.11/configure.ac
]) ])
dnl Checking for programs dnl Checking for programs
@@ -301,5 +301,12 @@ AC_ARG_WITH(daemon_groupname, @@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username,
) )
AC_SUBST(DAEMON_GROUPNAME) AC_SUBST(DAEMON_USERNAME)
+AC_ARG_WITH(pam, +AC_ARG_WITH(pam,
+[ --with-pam Define to enable pam support ], +[ --with-pam Define to enable pam support ],
@ -284,11 +266,12 @@ diff -up at-3.1.11/configure.ac.pam2 at-3.1.11/configure.ac
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') +AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB) +AC_SUBST(PAMLIB)
+ +
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch) AC_MSG_CHECKING(groupname to run under)
AC_OUTPUT AC_ARG_WITH(daemon_groupname,
diff -up at-3.1.11/perm.c.pam2 at-3.1.11/perm.c [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
--- at-3.1.11/perm.c.pam2 2009-08-14 18:49:05.000000000 +0200 diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c
+++ at-3.1.11/perm.c 2009-10-13 16:47:23.325392918 +0200 --- at-3.1.12/perm.c.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/perm.c 2009-12-03 10:34:36.373265254 +0100
@@ -51,6 +51,14 @@ @@ -51,6 +51,14 @@
#define PRIV_END while(0) #define PRIV_END while(0)
#endif #endif
@ -304,7 +287,7 @@ diff -up at-3.1.11/perm.c.pam2 at-3.1.11/perm.c
/* Structures and unions */ /* Structures and unions */
@@ -108,18 +116,53 @@ user_in_file(const char *path, const cha @@ -108,18 +116,51 @@ user_in_file(const char *path, const cha
int int
check_permission() check_permission()
{ {
@ -354,17 +337,15 @@ diff -up at-3.1.11/perm.c.pam2 at-3.1.11/perm.c
+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); + fprintf(stderr, "cannot set euid: %s", strerror(errno));
+ exit(1); + exit(1);
+ } + }
+
+
+#endif +#endif
+ +
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
if (allow==0 || allow==1) if (allow==0 || allow==1)
return allow; return allow;
diff -up at-3.1.11/privs.h.pam2 at-3.1.11/privs.h diff -up at-3.1.12/privs.h.pam at-3.1.12/privs.h
--- at-3.1.11/privs.h.pam2 2009-08-14 18:49:05.000000000 +0200 --- at-3.1.12/privs.h.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.11/privs.h 2009-10-13 16:47:23.326393135 +0200 +++ at-3.1.12/privs.h 2009-12-03 10:34:36.374266484 +0100
@@ -144,3 +144,60 @@ extern gid_t real_gid, effective_gid, da @@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da
#error "Cannot implement user ID swapping without setreuid or setresuid" #error "Cannot implement user ID swapping without setreuid or setresuid"
#endif #endif
#endif #endif
@ -425,3 +406,4 @@ diff -up at-3.1.11/privs.h.pam2 at-3.1.11/privs.h
+ */ + */
+ +
+#endif +#endif
+

152
at-3.1.12-selinux.patch Normal file
View File

@ -0,0 +1,152 @@
diff -up at-3.1.12/config.h.in.selinux at-3.1.12/config.h.in
--- at-3.1.12/config.h.in.selinux 2009-12-02 16:32:19.469228959 +0100
+++ at-3.1.12/config.h.in 2009-12-02 16:32:57.706966488 +0100
@@ -71,6 +71,9 @@
/* Define if you are building with_pam */
#undef WITH_PAM
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.12/configure.ac.selinux at-3.1.12/configure.ac
--- at-3.1.12/configure.ac.selinux 2009-12-02 16:31:15.323246019 +0100
+++ at-3.1.12/configure.ac 2009-12-02 16:32:01.425966844 +0100
@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname,
)
AC_SUBST(DAEMON_GROUPNAME)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch)
AC_OUTPUT
diff -up at-3.1.12/Makefile.in.selinux at-3.1.12/Makefile.in
--- at-3.1.12/Makefile.in.selinux 2009-12-02 16:30:11.923216529 +0100
+++ at-3.1.12/Makefile.in 2009-12-02 16:30:57.949215706 +0100
@@ -39,6 +39,7 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
+SELINUXLIB = @SELINUXLIB@
CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o
diff -up at-3.1.12/atd.c.selinux at-3.1.12/atd.c
--- at-3.1.12/atd.c.selinux 2009-12-03 13:03:57.182284669 +0100
+++ at-3.1.12/atd.c 2009-12-03 13:07:20.542272874 +0100
@@ -83,6 +83,14 @@
#include "getloadavg.h"
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled=0;
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif
+
#ifndef LOG_ATD
#define LOG_ATD LOG_DAEMON
#endif
@@ -202,6 +210,68 @@ myfork()
#define ATD_MAIL_NAME "mailx"
#endif
+#ifdef WITH_SELINUX
+static int set_selinux_context(const char *name, const char *filename) {
+ security_context_t user_context=NULL;
+ security_context_t file_context=NULL;
+ struct av_decision avd;
+ int retval=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (getseuserbyname(name, &seuser, &level) == 0) {
+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce()==1) {
+ perr("execle: couldn't get security context for user %s\n", name);
+ } else {
+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
+ return -1;
+ }
+ }
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
+ perr("fgetfilecon FAILED %s", filename);
+
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ if (security_getenforce()==1) {
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
+ } else {
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
+ }
+ }
+ if (setexeccon(user_context) < 0) {
+ if (security_getenforce()==1) {
+ perr("Could not set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ } else {
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
+ }
+ }
+ err:
+ freecon(user_context);
+ return 0;
+}
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -452,6 +522,12 @@ run_file(const char *filename, uid_t uid
perr("Cannot reset signal handler to default");
chdir("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled > 0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
@@ -774,6 +850,10 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
+#ifdef WITH_SELINUX
+ selinux_enabled=is_selinux_enabled();
+#endif
+
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/

14
at-3.1.11-shell.patch → at-3.1.12-shell.patch
View File

@ -1,6 +1,6 @@
diff -up at-3.1.11/at.c.shell at-3.1.11/at.c diff -up at-3.1.12/at.c.shell at-3.1.12/at.c
--- at-3.1.11/at.c.shell 2009-08-14 18:49:05.000000000 +0200 --- at-3.1.12/at.c.shell 2009-12-02 13:25:12.706989310 +0100
+++ at-3.1.11/at.c 2009-09-29 15:50:34.786919463 +0200 +++ at-3.1.12/at.c 2009-12-02 13:26:01.991966200 +0100
@@ -62,11 +62,8 @@ @@ -62,11 +62,8 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -13,7 +13,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
#ifdef HAVE_UNISTD_H #ifdef HAVE_UNISTD_H
#include <unistd.h> #include <unistd.h>
@@ -241,6 +238,12 @@ writefile(time_t runtimer, char queue) @@ -244,6 +241,12 @@ writefile(time_t runtimer, char queue)
int kill_errno; int kill_errno;
int rc; int rc;
int mailsize = 128; int mailsize = 128;
@ -26,7 +26,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
/* Install the signal handler for SIGINT; terminate after removing the /* Install the signal handler for SIGINT; terminate after removing the
* spool file if necessary * spool file if necessary
@@ -458,6 +461,9 @@ writefile(time_t runtimer, char queue) @@ -461,6 +464,9 @@ writefile(time_t runtimer, char queue)
fprintf(fp, " || {\n\t echo 'Execution directory " fprintf(fp, " || {\n\t echo 'Execution directory "
"inaccessible' >&2\n\t exit 1\n}\n"); "inaccessible' >&2\n\t exit 1\n}\n");
@ -36,7 +36,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
istty = isatty(fileno(stdin)); istty = isatty(fileno(stdin));
if (istty) { if (istty) {
fprintf(stderr, "at> "); fprintf(stderr, "at> ");
@@ -474,6 +480,7 @@ writefile(time_t runtimer, char queue) @@ -477,6 +483,7 @@ writefile(time_t runtimer, char queue)
fprintf(stderr, "<EOT>\n"); fprintf(stderr, "<EOT>\n");
} }
fprintf(fp, "\n"); fprintf(fp, "\n");
@ -44,7 +44,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
if (ferror(fp)) if (ferror(fp))
panic("Output error"); panic("Output error");
@@ -924,7 +931,7 @@ main(int argc, char **argv) @@ -926,7 +933,7 @@ main(int argc, char **argv)
It also alows a warning diagnostic to be printed. Because of the It also alows a warning diagnostic to be printed. Because of the
possible variance, we always output the diagnostic. */ possible variance, we always output the diagnostic. */

57
at.spec
View File

@ -1,4 +1,4 @@
%define major_ver 3.1.11 %define major_ver 3.1.12
%if %{?WITH_PAM:0}%{!?WITH_PAM:1} %if %{?WITH_PAM:0}%{!?WITH_PAM:1}
%define WITH_PAM 1 %define WITH_PAM 1
@ -11,20 +11,18 @@ License: GPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://ftp.debian.org/debian/pool/main/a/at URL: http://ftp.debian.org/debian/pool/main/a/at
Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{major_ver}.orig.tar.gz Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{major_ver}.orig.tar.gz
Source1: test.pl # git upstream source git://git.debian.org/git/collab-maint/at.git
Source1: pam_atd
Source2: atd.init Source2: atd.init
Source3: atd.sysconf Source3: atd.sysconf
Source4: 56atd Source4: 56atd
Patch1: at-3.1.11-makefile.patch Patch1: at-3.1.12-makefile.patch
Patch2: at-3.1.11-nitpicks.patch Patch2: at-3.1.12-opt_V.patch
Patch3: at-3.1.11-shell.patch Patch3: at-3.1.12-shell.patch
Patch4: at-3.1.11-opt_V.patch Patch4: at-3.1.12-nitpicks.patch
Patch5: at-3.1.11-dont_fork.patch Patch5: at-3.1.12-pam.patch
Patch6: at-3.1.11-log.patch Patch6: at-3.1.12-selinux.patch
Patch7: at-3.1.11-pam.patch
Patch8: at-3.1.11-pam2.patch
Patch9: at-3.1.11-selinux.patch
BuildRequires: fileutils chkconfig /etc/init.d BuildRequires: fileutils chkconfig /etc/init.d
BuildRequires: flex bison autoconf BuildRequires: flex bison autoconf
@ -51,17 +49,13 @@ use crontab instead.
%prep %prep
%setup -q %setup -q
cp %{SOURCE1} . cp %{SOURCE1} .
%patch1 -p1 -b .make %patch1 -p1 -b .make
%patch2 -p1 -b .typo %patch2 -p1 -b .opt_V
%patch3 -p1 -b .shell %patch3 -p1 -b .shell
%patch4 -p1 -b .opt_V %patch4 -p1 -b .nit
%patch5 -p1 -b .dont_fork %patch5 -p1 -b .pam
%patch6 -p1 -b .log %patch6 -p1 -b .selinux
%patch7 -p1 -b .pam
%patch8 -p1 -b .pam2
%patch9 -p1 -b .selinux
%build %build
# patch9 touches configure.in # patch9 touches configure.in
@ -79,15 +73,6 @@ rm -f lex.yy.* y.tab.*
make make
%check
# don't run "make test" by default
%{?_without_check: %define _without_check 1}
%{!?_without_check: %define _without_check 1}
%if ! %{_without_check}
LANG=C make test > /dev/null
%endif
%install %install
make install \ make install \
DAEMON_USERNAME=`id -nu`\ DAEMON_USERNAME=`id -nu`\
@ -109,13 +94,15 @@ echo > %{buildroot}%{_sysconfdir}/at.deny
mkdir docs mkdir docs
cp %{buildroot}/%{_prefix}/doc/at/* docs/ cp %{buildroot}/%{_prefix}/doc/at/* docs/
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
install -m 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd
mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/atd install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/atd
mv -f %{buildroot}/%{_mandir}/man5/at_allow.5 \ mv -f %{buildroot}/%{_mandir}/man5/at_allow.5 \
%{buildroot}/%{_mandir}/man5/at.allow.5 %{buildroot}/%{_mandir}/man5/at.allow.5
rm -f %{buildroot}/%{_mandir}/man5/at_deny.5 rm -f %{buildroot}/%{_mandir}/man5/at_deny.5
#ln -s at.allow.5 %{buildroot}/%{_mandir}/man5/at.deny.5
mkdir -p %{buildroot}/etc/sysconfig mkdir -p %{buildroot}/etc/sysconfig
install -m 755 %{SOURCE3} %{buildroot}/etc/sysconfig/atd install -m 755 %{SOURCE3} %{buildroot}/etc/sysconfig/atd
@ -126,6 +113,9 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libdir}/pm-utils/sleep.d/56atd
# remove unpackaged files from the buildroot # remove unpackaged files from the buildroot
rm -r %{buildroot}%{_prefix}/doc rm -r %{buildroot}%{_prefix}/doc
%check
make test
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}
@ -156,7 +146,7 @@ fi
%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at %attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at
%attr(0600,daemon,daemon) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ %attr(0600,daemon,daemon) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ
%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at/spool %attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at/spool
%attr(0640,root,daemon) %config(noreplace) /etc/pam.d/atd %attr(0640,root,daemon) %config(noreplace) %{_sysconfdir}/pam.d/atd
%{_sbindir}/atrun %{_sbindir}/atrun
%attr(0755,root,root) %{_sbindir}/atd %attr(0755,root,root) %{_sbindir}/atd
%{_mandir}/man*/* %{_mandir}/man*/*
@ -167,6 +157,13 @@ fi
%attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56atd %attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56atd
%changelog %changelog
* Thu Dec 3 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-1
- update to the new version of at
- adapt patches for new version
- change our pam config to source
- start using new upstream test instead of our nonfunctinal
- upstream changed nofork option -n to foreground option -f
* Tue Oct 13 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.11-1 * Tue Oct 13 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.11-1
- 528582 add noreplace option into files section - 528582 add noreplace option into files section
- rewrite pam2 patch - check return value, use "better" macro, etc. - rewrite pam2 patch - check return value, use "better" macro, etc.

5
sources
View File

@ -1,6 +1,5 @@
6e5857e23b3c32ea6995fb7f8989987e at_3.1.10.tar.gz
053188856f8d971c6239ed973cb85794 56atd 053188856f8d971c6239ed973cb85794 56atd
b117781fd68e393443b2a8e478c7c22f atd.init b117781fd68e393443b2a8e478c7c22f atd.init
ac1471fe22f63f666dc7d31173f47ea0 atd.sysconf ac1471fe22f63f666dc7d31173f47ea0 atd.sysconf
67aece5997fbe1f93072e0afd69e5280 test.pl 1e67991776148fb319fd77a2e599a765 at_3.1.12.orig.tar.gz
d5832d9b770f41db78020b92f80966d3 at_3.1.11.orig.tar.gz 000d2f30379d2bf8af09f51416e863ec pam_atd