rpms/at
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- update to the new version of at

Browse Source 
- adapt patches for new version
- change our pam config to source
- start using new upstream test instead of our nonfunctinal
- upstream changed nofork option -n to foreground option -f
This commit is contained in:
Marcela Mašláňová 2009-12-03 12:34:21 +00:00
parent f4170d0c53
commit ec83003b9d
15 changed files with 392 additions and 600 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -4,3 +4,5 @@ atd.init
atd.sysconf
test.pl
at_3.1.11.orig.tar.gz
at_3.1.12.orig.tar.gz
pam_atd

20
at-3.1.10-shell.patch
View File

@ -1,20 +0,0 @@
--- at-3.1.10/at.c.shell 2006-09-12 11:25:31.000000000 +0200
+++ at-3.1.10/at.c 2006-09-12 12:25:43.000000000 +0200
@@ -460,6 +460,8 @@
fprintf(fp, " || {\n\t echo 'Execution directory "
"inaccessible' >&2\n\t exit 1\n}\n");
+ fprintf(fp, "${SHELL:-/bin/sh} << `(dd if=/dev/urandom count=200 bs=1 2>/dev/null|LC_ALL=C tr -d -c '[:alnum:]')`\n\n");
+
istty = isatty(fileno(stdin));
if (istty) {
fprintf(stderr, "at> ");
@@ -1037,7 +1039,7 @@
It also alows a warning diagnostic to be printed. Because of the
possible variance, we always output the diagnostic. */
- fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
+// fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
writefile(timer, queue);
break;

92
at-3.1.11-dont_fork.patch
View File

@ -1,92 +0,0 @@
diff -up at-3.1.11/atd.8.in.dont_fork at-3.1.11/atd.8.in
--- at-3.1.11/atd.8.in.dont_fork 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/atd.8.in 2009-10-01 13:03:18.799878107 +0200
@@ -1,4 +1,4 @@
-.TH ATD 8 "Mar 1997" local "Linux Programmer's Manual"
+.TH ATD 8 "Sep 2009" at-3.1.11 "Linux Programmer's Manual"
.SH NAME
atd \- run jobs queued for later execution
.SH SYNOPSIS
@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi
.IR batch_interval ]
.RB [ -d ]
.RB [ -s ]
+.RB [ -n ]
.SH DESCRIPTION
.B atd
runs jobs queued by
@@ -45,6 +46,9 @@ A script invoking
is installed as
.B @prefix@/sbin/atrun
for backward compatibility.
++.TP 8
++.B -n
++Don't fork option.
.SH WARNING
.B atd
won't work if its spool directory is mounted via NFS even if
diff -up at-3.1.11/atd.c.dont_fork at-3.1.11/atd.c
--- at-3.1.11/atd.c.dont_fork 2009-10-01 13:03:18.000000000 +0200
+++ at-3.1.11/atd.c 2009-10-01 13:04:55.289631298 +0200
@@ -729,7 +729,7 @@ main(int argc, char *argv[])
run_as_daemon = 1;
batch_interval = BATCH_INTERVAL_DEFAULT;
- while ((c = getopt(argc, argv, "sdl:b:")) != EOF) {
+ while ((c = getopt(argc, argv, "sdl:b:n")) != EOF) {
switch (c) {
case 'l':
if (sscanf(optarg, "%lf", &load_avg) != 1)
@@ -744,7 +744,10 @@ main(int argc, char *argv[])
break;
case 'd':
daemon_debug++;
- break;
+ /* go through another option*/
+ case 'n':
+ daemon_nofork++;
+ break;
case 's':
run_as_daemon = 0;
diff -up at-3.1.11/daemon.c.dont_fork at-3.1.11/daemon.c
--- at-3.1.11/daemon.c.dont_fork 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/daemon.c 2009-10-01 13:03:18.800878165 +0200
@@ -48,7 +48,8 @@
#include "daemon.h"
#include "privs.h"
-int daemon_debug;
+int daemon_debug = 0;
+int daemon_nofork = 0;
static int
lock_fd(int fd)
@@ -117,15 +118,18 @@ daemon_setup()
(open("/dev/null", O_RDWR) != 2)) {
perr("Error redirecting I/O");
}
+ }
+ if (daemon_nofork) pid = getpid();
+ else {
pid = fork();
if (pid == -1) {
perr("Cannot fork");
} else if (pid != 0) {
exit(0);
}
+ (void) setsid();
}
old_umask = umask(S_IWGRP | S_IWOTH);
- (void) setsid();
PRIV_START
diff -up at-3.1.11/daemon.h.dont_fork at-3.1.11/daemon.h
--- at-3.1.11/daemon.h.dont_fork 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/daemon.h 2009-10-01 13:03:18.801877593 +0200
@@ -14,3 +14,4 @@ __attribute__((noreturn))
perr (const char *fmt, ...);
extern int daemon_debug;
+extern int daemon_nofork;

48
at-3.1.11-log.patch
View File

@ -1,48 +0,0 @@
diff -up at-3.1.11/at.c.log at-3.1.11/at.c
diff -up at-3.1.11/atd.c.log at-3.1.11/atd.c
--- at-3.1.11/atd.c.log 2009-10-01 13:05:17.000000000 +0200
+++ at-3.1.11/atd.c 2009-10-01 13:25:48.437638709 +0200
@@ -83,6 +83,10 @@
#include "getloadavg.h"
#endif
+#ifndef LOG_ATD
+#define LOG_ATD LOG_DAEMON
+#endif
+
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
@@ -195,6 +199,19 @@ myfork()
#define fork myfork
#endif
+#undef ATD_MAIL_PROGRAM
+#undef ATD_MAIL_NAME
+#if defined(SENDMAIL)
+#define ATD_MAIL_PROGRAM SENDMAIL
+#define ATD_MAIL_NAME "sendmail"
+#elif defined(MAILC)
+#define ATD_MAIL_PROGRAM MAILC
+#define ATD_MAIL_NAME "mail"
+#elif defined(MAILX)
+#define ATD_MAIL_PROGRAM MAILX
+#define ATD_MAIL_NAME "mailx"
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -718,11 +735,7 @@ main(int argc, char *argv[])
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
-#ifndef LOG_CRON
-#define LOG_CRON LOG_DAEMON
-#endif
-
- openlog("atd", LOG_PID, LOG_CRON);
+ openlog("atd", LOG_PID, LOG_ATD);
opterr = 0;
errno = 0;

86
at-3.1.11-nitpicks.patch
View File

@ -1,86 +0,0 @@
diff -up at-3.1.11/at.1.in.typo at-3.1.11/at.1.in
--- at-3.1.11/at.1.in.typo 2009-08-14 12:49:05.000000000 -0400
+++ at-3.1.11/at.1.in 2009-09-29 13:11:37.869869479 -0400
@@ -89,7 +89,9 @@ or giving a date of the form
or
.B MM/DD/YY
or
-.B DD.MM.YY.
+.B DD.MM.YY
+or
+.B YYYY-MM-DD.
The specification of a date
.I must
follow the specification of the time of day.
@@ -119,7 +121,7 @@ and to run a job at 1am tomorrow, you wo
.B at 1am tomorrow.
.PP
The exact definition of the time specification can be found in
-.IR @prefix@/share/doc/at/timespec .
+.IR @prefix@/share/doc/at-@VERSION@/timespec .
.PP
For both
.BR at " and " batch ,
diff -up at-3.1.11/atd.c.typo at-3.1.11/atd.c
--- at-3.1.11/atd.c.typo 2009-09-29 13:02:17.068860987 -0400
+++ at-3.1.11/atd.c 2009-09-29 13:02:17.099881137 -0400
@@ -276,6 +276,8 @@ run_file(const char *filename, uid_t uid
free(newname);
return;
}
+ (void) setsid(); //own session for process
+
/* Let's see who we mail to. Hopefully, we can read it from
* the command file; if not, send it to the owner, or, failing that,
* to root.
@@ -497,7 +499,7 @@ run_file(const char *filename, uid_t uid
#if defined(SENDMAIL)
execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
#else
-#error "No mail command specified."
+ perr("No mail command specified.");
#endif
perr("Exec failed for mail command");
@@ -606,6 +608,7 @@ run_loop()
* Let's remove the lockfile and reschedule.
*/
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
+ lock_name[sizeof(lock_name)-1] = '\0';
lock_name[0] = '=';
unlink(lock_name);
next_job = now;
@@ -640,6 +643,7 @@ run_loop()
run_batch++;
if (strcmp(batch_name, dirent->d_name) > 0) {
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
+ batch_name[sizeof(batch_name)-1] = '\0';
batch_uid = buf.st_uid;
batch_gid = buf.st_gid;
batch_queue = queue;
diff -up at-3.1.11/configure.ac.aaa at-3.1.11/configure.ac
--- at-3.1.11/configure.ac.aaa 2009-08-14 12:49:05.000000000 -0400
+++ at-3.1.11/configure.ac 2009-09-29 13:35:59.230866054 -0400
@@ -5,7 +5,7 @@ AC_CONFIG_SRCDIR(at.c)
AC_PREFIX_DEFAULT(/usr)
AC_CONFIG_HEADER(config.h)
-AC_PREREQ([2.64])
+AC_PREREQ([2.63])
VERSION=AC_PACKAGE_VERSION
if test "X$CFLAGS" = "X"; then
diff -up at-3.1.11/atd.c.seg at-3.1.11/atd.c
--- at-3.1.11/atd.c.seg 2009-08-14 12:49:05.000000000 -0400
+++ at-3.1.11/atd.c 2009-09-29 12:15:55.200864618 -0400
@@ -435,6 +435,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir("/");
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)

17
at-3.1.11-opt_V.patch
View File

@ -1,17 +0,0 @@
diff -up at-3.1.11/at.c.opt_V at-3.1.11/at.c
--- at-3.1.11/at.c.opt_V 2009-09-29 12:42:16.000000000 -0400
+++ at-3.1.11/at.c 2009-09-29 12:46:43.998865749 -0400
@@ -857,10 +857,9 @@ main(int argc, char **argv)
*/
if (disp_version) {
- fprintf(stderr, "at version " VERSION "\n"
- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n"
- "or contact the maintainers (at@packages.debian.org).\n");
- exit(EXIT_SUCCESS);
+ fprintf(stderr, "at version " VERSION "\n");
+ if (argc == 2)
+ exit(EXIT_SUCCESS);
}
/* select our program

178
at-3.1.11-selinux.patch
View File

@ -1,178 +0,0 @@
diff -up at-3.1.11/atd.c.selinux at-3.1.11/atd.c
--- at-3.1.11/atd.c.selinux 2009-10-05 12:56:24.573344967 +0200
+++ at-3.1.11/atd.c 2009-10-05 13:01:55.991338568 +0200
@@ -74,6 +74,14 @@
#include <syslog.h>
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled=0;
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif
+
/* Local headers */
#include "privs.h"
@@ -204,6 +212,68 @@ myfork()
#define ATD_MAIL_NAME "mailx"
#endif
+#ifdef WITH_SELINUX
+static int set_selinux_context(const char *name, const char *filename) {
+ security_context_t user_context=NULL;
+ security_context_t file_context=NULL;
+ struct av_decision avd;
+ int retval=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (getseuserbyname(name, &seuser, &level) == 0) {
+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce()==1) {
+ perr("execle: couldn't get security context for user %s\n", name);
+ } else {
+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
+ return -1;
+ }
+ }
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
+ perr("fgetfilecon FAILED %s", filename);
+
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ if (security_getenforce()==1) {
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
+ } else {
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
+ }
+ }
+ if (setexeccon(user_context) < 0) {
+ if (security_getenforce()==1) {
+ perr("Could not set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ } else {
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
+ }
+ }
+ err:
+ freecon(user_context);
+ return 0;
+}
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -454,6 +524,13 @@ run_file(const char *filename, uid_t uid
chdir("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled > 0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
+
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
#ifdef WITH_PAM
@@ -535,10 +612,24 @@ run_file(const char *filename, uid_t uid
chdir ("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
+
execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL);
perr("Exec failed for mail command");
exit(-1);
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0)
+ if (setexeccon(NULL) < 0)
+ if (security_getenforce()==1)
+ perr("Could not reset exec context for user %s\n", pentry->pw_name);
+#endif
+
PRIV_END
}
else if ( mail_pid == -1 ) {
@@ -754,6 +845,10 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
+#ifdef WITH_SELINUX
+ selinux_enabled=is_selinux_enabled();
+#endif
+
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
diff -up at-3.1.11/config.h.in.selinux at-3.1.11/config.h.in
--- at-3.1.11/config.h.in.selinux 2009-10-05 12:56:24.573344967 +0200
+++ at-3.1.11/config.h.in 2009-10-05 12:56:24.590350404 +0200
@@ -77,6 +77,9 @@
/* Define if you are building with_pam */
#undef WITH_PAM
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.11/configure.ac.selinux at-3.1.11/configure.ac
--- at-3.1.11/configure.ac.selinux 2009-10-05 12:56:24.574344835 +0200
+++ at-3.1.11/configure.ac 2009-10-05 12:56:24.591350062 +0200
@@ -308,5 +308,13 @@ AC_DEFINE(WITH_PAM),
AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
AC_SUBST(PAMLIB)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch)
AC_OUTPUT
diff -up at-3.1.11/Makefile.in.selinux at-3.1.11/Makefile.in
--- at-3.1.11/Makefile.in.selinux 2009-10-05 12:56:24.509607000 +0200
+++ at-3.1.11/Makefile.in 2009-10-05 12:56:24.592345179 +0200
@@ -39,6 +39,7 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
+SELINUXLIB = @SELINUXLIB@
CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o

29
at-3.1.11-makefile.patch → at-3.1.12-makefile.patch
View File

@ -1,16 +1,7 @@
diff -up at-3.1.11/Makefile.in.make at-3.1.11/Makefile.in
--- at-3.1.11/Makefile.in.make 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/Makefile.in 2009-10-02 10:36:24.104162973 +0200
@@ -50,6 +51,8 @@ HEADERS = at.h panic.h parsetime.h perm
OTHERS = parsetime.l parsetime.y
+TEST_VERBOSE = 0
+
DOCS = Problems Copyright README ChangeLog timespec
MISC = COPYING Makefile.in configure acconfig.h install-sh \
@@ -65,13 +68,13 @@ LIST = Filelist Filelist.asc
diff -up at-3.1.12/Makefile.in.make at-3.1.12/Makefile.in
--- at-3.1.12/Makefile.in.make 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/Makefile.in 2009-12-03 13:23:08.794258910 +0100
@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc
all: at atd atrun
at: $(ATOBJECTS)
@ -26,7 +17,7 @@ diff -up at-3.1.11/Makefile.in.make at-3.1.11/Makefile.in
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
@@ -83,38 +86,42 @@ atrun: atrun.in
@@ -83,38 +83,42 @@ atrun: atrun.in
configure
.c.o:
@ -90,13 +81,3 @@ diff -up at-3.1.11/Makefile.in.make at-3.1.11/Makefile.in
rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
$(IROOT)$(mandir)/cat1/atq.1*
rm -f $(IROOT)$(mandir)/cat1/atd.8*
@@ -148,6 +155,9 @@ Filelist.asc: Filelist
parsetest: lex.yy.c y.tab.c
$(CC) -o parsetest $(CFLAGS) $(DEFS) -DTEST_PARSER -DNEED_YYWRAP lex.yy.c y.tab.c
+test: parsetest
+ PERL_DL_NONLAZY=1 perl -e 'use Test::Harness qw(&runtests $$verbose); $$verbose=$(TEST_VERBOSE); runtests @ARGV;' test.pl
+
.depend: $(CSRCS)
gcc $(CFLAGS) $(DEFS) -MM $(CSRCS) > .depend

103
at-3.1.12-nitpicks.patch Normal file
View File

@ -0,0 +1,103 @@
diff -up at-3.1.12/at.1.in.nit at-3.1.12/at.1.in
--- at-3.1.12/at.1.in.nit 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/at.1.in 2009-12-03 10:32:19.018261655 +0100
@@ -121,7 +121,7 @@ and to run a job at 1am tomorrow, you wo
.B at 1am tomorrow.
.PP
The exact definition of the time specification can be found in
-.IR @prefix@/share/doc/at/timespec .
+.IR @prefix@/share/doc/at-@VERSION@/timespec .
.PP
For both
.BR at " and " batch ,
diff -up at-3.1.12/atd.c.nit at-3.1.12/atd.c
--- at-3.1.12/atd.c.nit 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/atd.c 2009-12-03 10:33:12.494259601 +0100
@@ -83,6 +83,9 @@
#include "getloadavg.h"
#endif
+#ifndef LOG_ATD
+#define LOG_ATD LOG_DAEMON
+#endif
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
@@ -194,6 +197,18 @@ myfork()
#define fork myfork
#endif
+#undef ATD_MAIL_PROGRAM
+#undef ATD_MAIL_NAME
+#if defined(SENDMAIL)
+#define ATD_MAIL_PROGRAM SENDMAIL
+#define ATD_MAIL_NAME "sendmail"
+#elif defined(MAILC)
+#define ATD_MAIL_PROGRAM MAILC
+#define ATD_MAIL_NAME "mail"
+#elif defined(MAILX)
+#define ATD_MAIL_PROGRAM MAILX
+#define ATD_MAIL_NAME "mailx"
+#endif
static void
run_file(const char *filename, uid_t uid, gid_t gid)
@@ -276,6 +291,9 @@ run_file(const char *filename, uid_t uid
free(newname);
return;
}
+
+ (void) setsid(); //own session for process
+
/* Let's see who we mail to. Hopefully, we can read it from
* the command file; if not, send it to the owner, or, failing that,
* to root.
@@ -435,6 +453,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir("/");
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
@@ -503,6 +524,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
+ perr("Cannot reset signal handler to default");
+
chdir ("/");
#if defined(SENDMAIL)
@@ -617,6 +641,7 @@ run_loop()
* Let's remove the lockfile and reschedule.
*/
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
+ lock_name[sizeof(lock_name)-1] = '\0';
lock_name[0] = '=';
unlink(lock_name);
next_job = now;
@@ -651,6 +676,7 @@ run_loop()
run_batch++;
if (strcmp(batch_name, dirent->d_name) > 0) {
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
+ batch_name[sizeof(batch_name)-1] = '\0';
batch_uid = buf.st_uid;
batch_gid = buf.st_gid;
batch_queue = queue;
@@ -725,11 +751,7 @@ main(int argc, char *argv[])
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
-#ifndef LOG_CRON
-#define LOG_CRON LOG_DAEMON
-#endif
-
- openlog("atd", LOG_PID, LOG_CRON);
+ openlog("atd", LOG_PID, LOG_ATD);
opterr = 0;
errno = 0;

17
at-3.1.12-opt_V.patch Normal file
View File

@ -0,0 +1,17 @@
diff -up at-3.1.12/at.c.opt_V at-3.1.12/at.c
--- at-3.1.12/at.c.opt_V 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/at.c 2009-12-02 13:20:29.770215516 +0100
@@ -853,10 +853,9 @@ main(int argc, char **argv)
*/
if (disp_version) {
- fprintf(stderr, "at version " VERSION "\n"
- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n"
- "or contact the maintainers (at@packages.debian.org).\n");
- exit(EXIT_SUCCESS);
+ fprintf(stderr, "at version " VERSION "\n");
+ if (argc == 2)
+ exit(EXIT_SUCCESS);
}
/* select our program

172
at-3.1.11-pam2.patch → at-3.1.12-pam.patch
View File

@ -1,7 +1,7 @@
diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
--- at-3.1.11/at.c.pam2 2009-10-13 16:47:23.277378517 +0200
+++ at-3.1.11/at.c 2009-10-13 16:47:23.321377936 +0200
@@ -315,26 +315,19 @@ writefile(time_t runtimer, char queue)
diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
--- at-3.1.12/at.c.pam 2009-12-03 10:34:52.714284767 +0100
+++ at-3.1.12/at.c 2009-12-03 10:36:38.736257590 +0100
@@ -318,26 +318,19 @@ writefile(time_t runtimer, char queue)
* bit. Yes, this is a kluge.
*/
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
@ -31,16 +31,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
/* We've successfully created the file; let's set the flag so it
* gets removed in case of an interrupt or error.
*/
@@ -493,7 +486,7 @@ writefile(time_t runtimer, char queue)
*/
if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
- perr("Cannot give away file");
+ perr("Cannot change the mode of the file");
close(fd2);
@@ -658,7 +651,7 @@ process_jobs(int argc, char **argv, int
@@ -661,7 +654,7 @@ process_jobs(int argc, char **argv, int
We need the unprivileged uid here since the file is owned by the real
(not effective) uid.
*/
@ -49,7 +40,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
if (queue == '=') {
fprintf(stderr, "Warning: deleting running job\n");
@@ -667,8 +660,8 @@ process_jobs(int argc, char **argv, int
@@ -670,8 +663,8 @@ process_jobs(int argc, char **argv, int
perr("Cannot unlink %.500s", dirent->d_name);
rc = EXIT_FAILURE;
}
@ -59,7 +50,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
done = 1;
break;
@@ -678,7 +671,7 @@ process_jobs(int argc, char **argv, int
@@ -681,7 +674,7 @@ process_jobs(int argc, char **argv, int
FILE *fp;
int ch;
@ -68,7 +59,7 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
fp = fopen(dirent->d_name, "r");
if (fp) {
@@ -691,7 +684,7 @@ process_jobs(int argc, char **argv, int
@@ -694,7 +687,7 @@ process_jobs(int argc, char **argv, int
perr("Cannot open %.500s", dirent->d_name);
rc = EXIT_FAILURE;
}
@ -77,10 +68,10 @@ diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c
}
break;
diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
--- at-3.1.11/atd.c.pam2 2009-10-13 16:47:23.297368464 +0200
+++ at-3.1.11/atd.c 2009-10-13 16:48:21.696629698 +0200
@@ -112,7 +112,7 @@ static int run_as_daemon = 0;
diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c
--- at-3.1.12/atd.c.pam 2009-12-03 10:36:45.265284508 +0100
+++ at-3.1.12/atd.c 2009-12-03 10:38:52.276261175 +0100
@@ -111,7 +111,7 @@ static int run_as_daemon = 0;
static volatile sig_atomic_t term_signal = 0;
@ -89,7 +80,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
#include <security/pam_appl.h>
static pam_handle_t *pamh = NULL;
@@ -121,15 +121,7 @@ static const struct pam_conv conv = {
@@ -120,15 +120,7 @@ static const struct pam_conv conv = {
NULL
};
@ -106,7 +97,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
/* Signal handlers */
RETSIGTYPE
@@ -236,7 +228,7 @@ run_file(const char *filename, uid_t uid
@@ -234,7 +226,7 @@ run_file(const char *filename, uid_t uid
char queue;
char fmt[64];
unsigned long jobno;
@ -115,7 +106,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
int retcode;
#endif
@@ -396,16 +388,11 @@ run_file(const char *filename, uid_t uid
@@ -395,16 +387,11 @@ run_file(const char *filename, uid_t uid
fstat(fd_out, &buf);
size = buf.st_size;
@ -136,7 +127,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
PRIV_END
#endif
@@ -420,7 +407,15 @@ run_file(const char *filename, uid_t uid
@@ -419,7 +406,15 @@ run_file(const char *filename, uid_t uid
else if (pid == 0) {
char *nul = NULL;
char **nenvp = &nul;
@ -152,7 +143,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
/* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file.
*/
@@ -461,7 +456,16 @@ run_file(const char *filename, uid_t uid
@@ -460,7 +455,16 @@ run_file(const char *filename, uid_t uid
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
@ -170,7 +161,7 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
PRIV_END
}
/* We're the parent. Let's wait.
@@ -475,7 +479,7 @@ run_file(const char *filename, uid_t uid
@@ -474,7 +478,7 @@ run_file(const char *filename, uid_t uid
*/
waitpid(pid, (int *) NULL, 0);
@ -179,9 +170,9 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
PRIV_START
pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
retcode = pam_close_session(pamh, PAM_SILENT);
@@ -490,6 +494,13 @@ run_file(const char *filename, uid_t uid
if (open(filename, O_RDONLY) != STDIN_FILENO)
perr("Open of jobfile failed");
@@ -503,6 +507,14 @@ run_file(const char *filename, uid_t uid
if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO)
close(fd_in);
+#ifdef WITH_PAM
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
@ -190,10 +181,11 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
+#endif
+
unlink(filename);
/* The job is now finished. We can delete its input file.
@@ -498,8 +509,19 @@ run_file(const char *filename, uid_t uid
@@ -511,8 +523,19 @@ run_file(const char *filename, uid_t uid
unlink(newname);
free(newname);
@ -205,26 +197,16 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
+#endif
+ mail_pid = fork();
+
+ mail_pid = fork();
+ if ( mail_pid == 0 )
+ {
PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -513,15 +535,28 @@ run_file(const char *filename, uid_t uid
chdir ("/");
-#if defined(SENDMAIL)
- execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
-#else
- perr("No mail command specified.");
-#endif
+ execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL);
@@ -537,7 +560,23 @@ run_file(const char *filename, uid_t uid
perr("Exec failed for mail command");
+ exit(-1);
PRIV_END
+ }
@ -247,10 +229,10 @@ diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c
exit(EXIT_SUCCESS);
}
diff -up at-3.1.11/config.h.in.pam2 at-3.1.11/config.h.in
--- at-3.1.11/config.h.in.pam2 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/config.h.in 2009-10-13 16:47:23.323393602 +0200
@@ -74,8 +74,8 @@
diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in
--- at-3.1.12/config.h.in.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/config.h.in 2009-12-03 10:34:36.373265254 +0100
@@ -68,8 +68,8 @@
/* Define to 1 if you have the <nlist.h> header file. */
#undef HAVE_NLIST_H
@ -261,9 +243,9 @@ diff -up at-3.1.11/config.h.in.pam2 at-3.1.11/config.h.in
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.11/configure.ac.pam2 at-3.1.11/configure.ac
--- at-3.1.11/configure.ac.pam2 2009-10-13 16:47:23.266377946 +0200
+++ at-3.1.11/configure.ac 2009-10-13 16:47:23.324393260 +0200
diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac
--- at-3.1.12/configure.ac.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/configure.ac 2009-12-03 10:34:36.373265254 +0100
@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
AC_CHECK_HEADERS(security/pam_appl.h, [
@ -273,9 +255,9 @@ diff -up at-3.1.11/configure.ac.pam2 at-3.1.11/configure.ac
])
dnl Checking for programs
@@ -301,5 +301,12 @@ AC_ARG_WITH(daemon_groupname,
@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username,
)
AC_SUBST(DAEMON_GROUPNAME)
AC_SUBST(DAEMON_USERNAME)
+AC_ARG_WITH(pam,
+[ --with-pam Define to enable pam support ],
@ -284,11 +266,12 @@ diff -up at-3.1.11/configure.ac.pam2 at-3.1.11/configure.ac
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch)
AC_OUTPUT
diff -up at-3.1.11/perm.c.pam2 at-3.1.11/perm.c
--- at-3.1.11/perm.c.pam2 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/perm.c 2009-10-13 16:47:23.325392918 +0200
AC_MSG_CHECKING(groupname to run under)
AC_ARG_WITH(daemon_groupname,
[ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c
--- at-3.1.12/perm.c.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/perm.c 2009-12-03 10:34:36.373265254 +0100
@@ -51,6 +51,14 @@
#define PRIV_END while(0)
#endif
@ -304,7 +287,7 @@ diff -up at-3.1.11/perm.c.pam2 at-3.1.11/perm.c
/* Structures and unions */
@@ -108,18 +116,53 @@ user_in_file(const char *path, const cha
@@ -108,18 +116,51 @@ user_in_file(const char *path, const cha
int
check_permission()
{
@ -354,17 +337,15 @@ diff -up at-3.1.11/perm.c.pam2 at-3.1.11/perm.c
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
+ exit(1);
+ }
+
+
+#endif
+
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
if (allow==0 || allow==1)
return allow;
diff -up at-3.1.11/privs.h.pam2 at-3.1.11/privs.h
--- at-3.1.11/privs.h.pam2 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/privs.h 2009-10-13 16:47:23.326393135 +0200
@@ -144,3 +144,60 @@ extern gid_t real_gid, effective_gid, da
diff -up at-3.1.12/privs.h.pam at-3.1.12/privs.h
--- at-3.1.12/privs.h.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/privs.h 2009-12-03 10:34:36.374266484 +0100
@@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da
#error "Cannot implement user ID swapping without setreuid or setresuid"
#endif
#endif
@ -372,7 +353,7 @@ diff -up at-3.1.11/privs.h.pam2 at-3.1.11/privs.h
+#ifdef WITH_PAM
+/* PAM failed after session was open. */
+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \
+ pam_close_session(pamh,PAM_SILENT);
+ pam_close_session(pamh,PAM_SILENT);
+
+/* syslog will be logging error messages */
+#ifdef HAVE_UNISTD_H
@ -381,38 +362,38 @@ diff -up at-3.1.11/privs.h.pam2 at-3.1.11/privs.h
+
+/* PAM fail even before opening the session */
+#define PAM_FAIL_CHECK \
+ do { if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ if (pamh) \
+ pam_end(pamh, retcode); \
+ if (setregid(getgid(),getegid()) != 0) { \
+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \
+ exit(1); \
+ } \
+ if (setreuid(getuid(),geteuid()) != 0) { \
+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \
+ exit(1); \
+ } \
+ exit(1); \
+ } \
+ } while (0) \
+ do { if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ if (pamh) \
+ pam_end(pamh, retcode); \
+ if (setregid(getgid(),getegid()) != 0) { \
+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \
+ exit(1); \
+ } \
+ if (setreuid(getuid(),geteuid()) != 0) { \
+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \
+ exit(1); \
+ } \
+ exit(1); \
+ } \
+ } while (0) \
+
+/* PAM - check after every operation whether they passed */
+#define PAM_HANDLING \
+ do { pamh = NULL; \
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_open_session(pamh, PAM_SILENT); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \
+ PAM_SESSION_FAIL; \
+ PAM_FAIL_CHECK; \
+ } while (0)
+ do { pamh = NULL; \
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_open_session(pamh, PAM_SILENT); \
+ PAM_FAIL_CHECK; \
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \
+ PAM_SESSION_FAIL; \
+ PAM_FAIL_CHECK; \
+ } while (0)
+
+/* OLD FAIL_CHECK ONLY FOR perm.c
+ * define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
@ -425,3 +406,4 @@ diff -up at-3.1.11/privs.h.pam2 at-3.1.11/privs.h
+ */
+
+#endif
+

152
at-3.1.12-selinux.patch Normal file
View File

@ -0,0 +1,152 @@
diff -up at-3.1.12/config.h.in.selinux at-3.1.12/config.h.in
--- at-3.1.12/config.h.in.selinux 2009-12-02 16:32:19.469228959 +0100
+++ at-3.1.12/config.h.in 2009-12-02 16:32:57.706966488 +0100
@@ -71,6 +71,9 @@
/* Define if you are building with_pam */
#undef WITH_PAM
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.12/configure.ac.selinux at-3.1.12/configure.ac
--- at-3.1.12/configure.ac.selinux 2009-12-02 16:31:15.323246019 +0100
+++ at-3.1.12/configure.ac 2009-12-02 16:32:01.425966844 +0100
@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname,
)
AC_SUBST(DAEMON_GROUPNAME)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch)
AC_OUTPUT
diff -up at-3.1.12/Makefile.in.selinux at-3.1.12/Makefile.in
--- at-3.1.12/Makefile.in.selinux 2009-12-02 16:30:11.923216529 +0100
+++ at-3.1.12/Makefile.in 2009-12-02 16:30:57.949215706 +0100
@@ -39,6 +39,7 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
+SELINUXLIB = @SELINUXLIB@
CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o
diff -up at-3.1.12/atd.c.selinux at-3.1.12/atd.c
--- at-3.1.12/atd.c.selinux 2009-12-03 13:03:57.182284669 +0100
+++ at-3.1.12/atd.c 2009-12-03 13:07:20.542272874 +0100
@@ -83,6 +83,14 @@
#include "getloadavg.h"
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled=0;
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif
+
#ifndef LOG_ATD
#define LOG_ATD LOG_DAEMON
#endif
@@ -202,6 +210,68 @@ myfork()
#define ATD_MAIL_NAME "mailx"
#endif
+#ifdef WITH_SELINUX
+static int set_selinux_context(const char *name, const char *filename) {
+ security_context_t user_context=NULL;
+ security_context_t file_context=NULL;
+ struct av_decision avd;
+ int retval=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (getseuserbyname(name, &seuser, &level) == 0) {
+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce()==1) {
+ perr("execle: couldn't get security context for user %s\n", name);
+ } else {
+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
+ return -1;
+ }
+ }
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
+ perr("fgetfilecon FAILED %s", filename);
+
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ if (security_getenforce()==1) {
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
+ } else {
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
+ }
+ }
+ if (setexeccon(user_context) < 0) {
+ if (security_getenforce()==1) {
+ perr("Could not set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ } else {
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
+ }
+ }
+ err:
+ freecon(user_context);
+ return 0;
+}
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -452,6 +522,12 @@ run_file(const char *filename, uid_t uid
perr("Cannot reset signal handler to default");
chdir("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled > 0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
@@ -774,6 +850,10 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
+#ifdef WITH_SELINUX
+ selinux_enabled=is_selinux_enabled();
+#endif
+
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/

14
at-3.1.11-shell.patch → at-3.1.12-shell.patch
View File

@ -1,6 +1,6 @@
diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
--- at-3.1.11/at.c.shell 2009-08-14 18:49:05.000000000 +0200
+++ at-3.1.11/at.c 2009-09-29 15:50:34.786919463 +0200
diff -up at-3.1.12/at.c.shell at-3.1.12/at.c
--- at-3.1.12/at.c.shell 2009-12-02 13:25:12.706989310 +0100
+++ at-3.1.12/at.c 2009-12-02 13:26:01.991966200 +0100
@@ -62,11 +62,8 @@
#include <stdlib.h>
#include <string.h>
@ -13,7 +13,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
#ifdef HAVE_UNISTD_H
#include <unistd.h>
@@ -241,6 +238,12 @@ writefile(time_t runtimer, char queue)
@@ -244,6 +241,12 @@ writefile(time_t runtimer, char queue)
int kill_errno;
int rc;
int mailsize = 128;
@ -26,7 +26,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
/* Install the signal handler for SIGINT; terminate after removing the
* spool file if necessary
@@ -458,6 +461,9 @@ writefile(time_t runtimer, char queue)
@@ -461,6 +464,9 @@ writefile(time_t runtimer, char queue)
fprintf(fp, " || {\n\t echo 'Execution directory "
"inaccessible' >&2\n\t exit 1\n}\n");
@ -36,7 +36,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
istty = isatty(fileno(stdin));
if (istty) {
fprintf(stderr, "at> ");
@@ -474,6 +480,7 @@ writefile(time_t runtimer, char queue)
@@ -477,6 +483,7 @@ writefile(time_t runtimer, char queue)
fprintf(stderr, "<EOT>\n");
}
fprintf(fp, "\n");
@ -44,7 +44,7 @@ diff -up at-3.1.11/at.c.shell at-3.1.11/at.c
if (ferror(fp))
panic("Output error");
@@ -924,7 +931,7 @@ main(int argc, char **argv)
@@ -926,7 +933,7 @@ main(int argc, char **argv)
It also alows a warning diagnostic to be printed. Because of the
possible variance, we always output the diagnostic. */

57
at.spec
View File

@ -1,4 +1,4 @@
%define major_ver 3.1.11
%define major_ver 3.1.12
%if %{?WITH_PAM:0}%{!?WITH_PAM:1}
%define WITH_PAM 1
@ -11,20 +11,18 @@ License: GPLv2+
Group: System Environment/Daemons
URL: http://ftp.debian.org/debian/pool/main/a/at
Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{major_ver}.orig.tar.gz
Source1: test.pl
# git upstream source git://git.debian.org/git/collab-maint/at.git
Source1: pam_atd
Source2: atd.init
Source3: atd.sysconf
Source4: 56atd
Patch1: at-3.1.11-makefile.patch
Patch2: at-3.1.11-nitpicks.patch
Patch3: at-3.1.11-shell.patch
Patch4: at-3.1.11-opt_V.patch
Patch5: at-3.1.11-dont_fork.patch
Patch6: at-3.1.11-log.patch
Patch7: at-3.1.11-pam.patch
Patch8: at-3.1.11-pam2.patch
Patch9: at-3.1.11-selinux.patch
Patch1: at-3.1.12-makefile.patch
Patch2: at-3.1.12-opt_V.patch
Patch3: at-3.1.12-shell.patch
Patch4: at-3.1.12-nitpicks.patch
Patch5: at-3.1.12-pam.patch
Patch6: at-3.1.12-selinux.patch
BuildRequires: fileutils chkconfig /etc/init.d
BuildRequires: flex bison autoconf
@ -51,17 +49,13 @@ use crontab instead.
%prep
%setup -q
cp %{SOURCE1} .
%patch1 -p1 -b .make
%patch2 -p1 -b .typo
%patch2 -p1 -b .opt_V
%patch3 -p1 -b .shell
%patch4 -p1 -b .opt_V
%patch5 -p1 -b .dont_fork
%patch6 -p1 -b .log
%patch7 -p1 -b .pam
%patch8 -p1 -b .pam2
%patch9 -p1 -b .selinux
%patch4 -p1 -b .nit
%patch5 -p1 -b .pam
%patch6 -p1 -b .selinux
%build
# patch9 touches configure.in
@ -79,15 +73,6 @@ rm -f lex.yy.* y.tab.*
make
%check
# don't run "make test" by default
%{?_without_check: %define _without_check 1}
%{!?_without_check: %define _without_check 1}
%if ! %{_without_check}
LANG=C make test > /dev/null
%endif
%install
make install \
DAEMON_USERNAME=`id -nu`\
@ -109,13 +94,15 @@ echo > %{buildroot}%{_sysconfdir}/at.deny
mkdir docs
cp %{buildroot}/%{_prefix}/doc/at/* docs/
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
install -m 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd
mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/atd
mv -f %{buildroot}/%{_mandir}/man5/at_allow.5 \
%{buildroot}/%{_mandir}/man5/at.allow.5
rm -f %{buildroot}/%{_mandir}/man5/at_deny.5
#ln -s at.allow.5 %{buildroot}/%{_mandir}/man5/at.deny.5
mkdir -p %{buildroot}/etc/sysconfig
install -m 755 %{SOURCE3} %{buildroot}/etc/sysconfig/atd
@ -126,6 +113,9 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libdir}/pm-utils/sleep.d/56atd
# remove unpackaged files from the buildroot
rm -r %{buildroot}%{_prefix}/doc
%check
make test
%clean
rm -rf %{buildroot}
@ -156,7 +146,7 @@ fi
%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at
%attr(0600,daemon,daemon) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ
%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at/spool
%attr(0640,root,daemon) %config(noreplace) /etc/pam.d/atd
%attr(0640,root,daemon) %config(noreplace) %{_sysconfdir}/pam.d/atd
%{_sbindir}/atrun
%attr(0755,root,root) %{_sbindir}/atd
%{_mandir}/man*/*
@ -167,6 +157,13 @@ fi
%attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56atd
%changelog
* Thu Dec 3 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-1
- update to the new version of at
- adapt patches for new version
- change our pam config to source
- start using new upstream test instead of our nonfunctinal
- upstream changed nofork option -n to foreground option -f
* Tue Oct 13 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.11-1
- 528582 add noreplace option into files section
- rewrite pam2 patch - check return value, use "better" macro, etc.

5
sources
View File

@ -1,6 +1,5 @@
6e5857e23b3c32ea6995fb7f8989987e at_3.1.10.tar.gz
053188856f8d971c6239ed973cb85794 56atd
b117781fd68e393443b2a8e478c7c22f atd.init
ac1471fe22f63f666dc7d31173f47ea0 atd.sysconf
67aece5997fbe1f93072e0afd69e5280 test.pl
d5832d9b770f41db78020b92f80966d3 at_3.1.11.orig.tar.gz
1e67991776148fb319fd77a2e599a765 at_3.1.12.orig.tar.gz
000d2f30379d2bf8af09f51416e863ec pam_atd