.gitignore

@@ -1 +1,31 @@
-SOURCES/oddjob-0.34.7.tar.gz
+oddjob-0.29.1-1.tar.gz
+oddjob-0.30.tar.gz
+oddjob-0.30.1.tar.gz
+/oddjob-0.31.tar.gz
+/oddjob-0.31.1.tar.gz
+/oddjob-0.31.2.tar.gz
+/oddjob-0.31.2.tar.gz.sig
+/oddjob-0.31.3.tar.gz
+/oddjob-0.31.3.tar.gz.sig
+/oddjob-0.31.4.tar.gz
+/oddjob-0.31.4.tar.gz.sig
+/oddjob-0.31.5.tar.gz
+/oddjob-0.31.5.tar.gz.sig
+/oddjob-0.32.tar.gz
+/oddjob-0.32.tar.gz.sig
+/oddjob-0.33.tar.gz
+/oddjob-0.33.tar.gz.sig
+/oddjob-0.34.tar.gz
+/oddjob-0.34.tar.gz.sig
+/oddjob-0.34.1.tar.gz
+/oddjob-0.34.1.tar.gz.sig
+/oddjob-0.34.2.tar.gz
+/oddjob-0.34.2.tar.gz.sig
+/oddjob-0.34.3.tar.gz
+/oddjob-0.34.3.tar.gz.sig
+/oddjob-0.34.4.tar.gz
+/oddjob-0.34.4.tar.gz.sig
+/oddjob-0.34.6.tar.gz
+/oddjob-0.34.6.tar.gz.sig
+/oddjob-0.34.7.tar.gz
+/oddjob-0.34.7.tar.gz.asc

.oddjob.metadata

@@ -1 +0,0 @@
-c11f0783a66f88dce215772e9ec4fd673654e975 SOURCES/oddjob-0.34.7.tar.gz

SOURCES/oddjob-0.34.7.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAl/XmV4ACgkQRxniuKu/
-Yhr6sQ/+OMveTOdOkByG1g4T7qS91pNBTPNaGrhOrIAMTeYjLU+F8xfChGR2y6z4
-7V1tArCJjjT5f1wFJw+r5p5kH1m5rv5ymwpZSMLiDMdrEBz6uIj7TDhrTsweOIFl
-RiBDJfMzpXa3uZOxNt/CHsaMpLJ+1/FbVLKbNDKyQqGSPGmbyNcJYN2fr5ms4j3U
-GxGUDTUV9KSPmmlA/wVke8G+OXNdSPm/Xe7n8zhspVI33vJeQpQTe3zPjji/ozn2
-N7K8LOwMKn2G6xP0fvR3DaTBnM2NR29Sw2avQGsL0F4t847mFWlo8oC7JTZ6Uv78
-bi+HrGAVNIA7iVTwMh2gODkLKnW7Z+sSMn7Dke4eV+Ra3RfKXIEydq3LJ+vyDrgR
-NpX3egGz2FdnIvmGv4D28YqrpA1LInKSJXXZzAICdZ9+rAZCKINXDBjuAN5AQBZj
-jbrZNYd6tUqnbv0JwU4MxVD6FHkU82XAn7wOX+xr48X5hT9nMc9hdBYxM+imDAjV
-9SzHydiR75HOEly0i5LObNM8OomwSdkjFC2bZy4pMCt/bxrwWy7OpOSGPAteB6t2
-iVcieSyaufbQCu12jS55UUlAfnq3u4O/ouG2CLyVob5f20nwkPvACujiioBnqyX1
-hpAEjQ3WRwY+tsrtPQUC25BzUZ0iKeso/PqkJudukHDsIUK4f5E=
-=VwN3
------END PGP SIGNATURE-----

gating.yaml

@@ -0,0 +1,8 @@
+# recipients: abokovoy, frenaud, kaleem, ftrivino
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}

oddjob.spec

@@ -22,15 +22,14 @@
 
 Name: oddjob
 Version: 0.34.7
-Release: 3%{?dist}
+Release: 7%{?dist}
 Source0: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz
 Source1: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz.asc
 Patch0: oddjob-cve-2020-10737-reversal-option.patch
 Patch1: oddjob-override-mask-fix.patch
-
 Summary: A D-Bus service which runs odd jobs on behalf of client applications
 License: BSD
-Group: System Environment/Daemons
+BuildRequires: make
 BuildRequires:  gcc
 BuildRequires: dbus-devel >= 0.22, dbus-x11, libselinux-devel, libxml2-devel
 BuildRequires: pam-devel, pkgconfig
@@ -73,7 +72,6 @@ oddjob is a D-Bus service which performs particular tasks for clients which
 connect to it and issue requests using the system-wide message bus.
 
 %package mkhomedir
-Group: System Environment/Daemons
 Summary: An oddjob helper which creates and populates home directories
 Requires: %{name} = %{version}-%{release}
 Requires(post): %{dbus_send}, grep, sed, psmisc
@@ -84,7 +82,6 @@ pam_oddjob_mkhomedir module to create a home directory for a user
 at login-time.
 
 %package sample
-Group: System Environment/Daemons
 Summary: A sample oddjob service.
 Requires: %{name} = %{version}-%{release}
 
@@ -193,7 +190,7 @@ touch -r src/oddjob-mkhomedir.conf.in	$RPM_BUILD_ROOT/%{_sysconfdir}/dbus-1/syst
 
 %post
 if test $1 -eq 1 ; then
-	killall -HUP dbus-daemon 2>&1 > /dev/null
+	killall -HUP dbus-daemon  >/dev/null 2>&1
 fi
 %if %{systemd}
 %systemd_post oddjobd.service
@@ -208,7 +205,7 @@ fi
 %endif
 %if %{sysvinit}
 if [ $1 -gt 0 ] ; then
-	/sbin/service oddjobd condrestart 2>&1 > /dev/null || :
+	/sbin/service oddjobd condrestart >/dev/null 2>&1 || :
 fi
 %endif
 exit 0
@@ -219,7 +216,7 @@ exit 0
 %endif
 %if %{sysvinit}
 if [ $1 -eq 0 ] ; then
-	/sbin/service oddjobd stop > /dev/null 2>&1
+	/sbin/service oddjobd stop >/dev/null 2>&1
 	/sbin/chkconfig --del oddjobd
 fi
 %endif
@@ -246,7 +243,7 @@ if grep -q %{_libdir}/%{name}/mkhomedir $cfg ; then
 	sed -i 's^%{_libdir}/%{name}/mkhomedir^%{_libexecdir}/%{name}/mkhomedir^g' $cfg
 fi
 if test $1 -eq 1 ; then
-	killall -HUP dbus-daemon 2>&1 > /dev/null
+	killall -HUP dbus-daemon >/dev/null 2>&1
 fi
 if [ -f /var/lock/subsys/oddjobd ] ; then
 	%{dbus_send} --system --dest=com.redhat.oddjob /com/redhat/oddjob com.redhat.oddjob.reload
@@ -254,37 +251,51 @@ fi
 exit 0
 
 %changelog
-* Fri Dec 09 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-3
+* Fri Dec 09 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-7
 - Always set the home directory permissions according to HOME_MODE
-- Resolves: rhbz#2135793
+- Resolves: rhbz#2149988
 
-* Wed Aug 17 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-2
+* Thu Aug 18 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-6
 - Add a non-default option to revert behavior for CVE-2020-10737 fix
-- Resolved: rhbz#2050079
+- Resolved: rhbz#2119265
 
-* Mon Dec 14 18:38:43 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-1
-- Upstream release 0.34.7
-- Force LC_ALL=C.UTF-8 in oddjobd systemd service environment
-- Resolves: rhbz#1907481 - oddjob locale issue
-- Resolves: rhbz#1907541 - rebase oddjob to 0.34.7
+* Mon Feb 07 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-5
+- Fix stdin redirection in RPM scripts
+  Resolves: rhbz#2041585
 
-* Thu Oct 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-4
-- Rebuild against RHEL 8.4.0
-  Resolves: rhbz#1886433
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.34.7-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Thu Oct 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-3
-- Support HOME_MODE from /etc/login.defs
-  Resolves: rhbz#1886433
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.34.7-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Fri May 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-2
-- Add gating tests using idm:DL1 module stream and upstream tests
-  Resolves: rhbz#1682457
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Fri May 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.5-1
-- Upstream release 0.34.5
-- Resolves: rhbz#1833289 - Rebase oddjob to 0.34.5
-- Resolves: rhbz#1833052 - CVE-2020-10737 
-  oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack
+* Mon Dec 14 22:09:29 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-1
+- upstream release 0.34.7
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu May  7 2020 Nalin Dahyabhai <nalin@redhat.com> - 0.34.6-1
+- update license on src/buffer.h
+- change /var/run -> /run in systemd service file (Orion Poplawski)
+
+* Thu May  7 2020 Nalin Dahyabhai <nalin@redhat.com> - 0.34.5-1
+- apply patch from Matthias Gerstner of the SUSE security team to fix a
+  possible race condition in the mkhomedir helper (CVE-2020-10737)
+- only process SELinux contexts if SELinux is not disabled (Alexander Bokovoy)
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.4-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.4-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.34.4-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
 * Tue Dec  4 2018 Nalin Dahyabhai <nalin@redhat.com> - 0.34.4-7
 - Drop Python 2 build-time dependency, which hasn't been used since we turned

sources

@@ -0,0 +1,2 @@
+SHA512 (oddjob-0.34.7.tar.gz) = df98f3d2ce18de5d2db6d638995c01c80aec51f7ad979b879b2e8d8f7d6c2e464cbff3c70ed9b528399337f8fba31744f955ca17fdad1d4e9193fb0f10ea391a
+SHA512 (oddjob-0.34.7.tar.gz.asc) = b1ff3b3c73de4023f49015fa27b1be35d9c04a785aedfc3fca495af52a4820ed4d8d14b19dd36f05512d212c3f4c20e8c56940abd0de8edc5fd851ff1e054cc5

tests/.fmf/version

@@ -0,0 +1 @@
+1

tests/provision.fmf

@@ -0,0 +1,5 @@
+---
+ 
+standard-inventory-qcow2:
+  qemu:
+    m: 2G

tests/tests.yml

@@ -0,0 +1,18 @@
+---
+- hosts: localhost
+  tags: [ always ]
+  tasks:
+  - set_fact:
+      our_required_packages:
+      - wget            # upstream-testsuite-execution-and-rebuild-test needs wget command
+      - yum-utils       # upstream-testsuite-execution-and-rebuild-test needs yum-builddep command
+      - rpm-build       # upstream-testsuite-execution-and-rebuild-test needs rpmbuild command
+
+- hosts: localhost
+  tags:
+  - classic
+  roles:
+  - role: standard-test-beakerlib
+    tests:
+    - upstream-testsuite-execution-and-rebuild-test
+    required_packages: "{{ our_required_packages }}"

tests/upstream-testsuite-execution-and-rebuild-test/Makefile

@@ -0,0 +1,72 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test
+#   Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
+#   Author: Ales Marecek <amarecek@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Based on sudo rebuild test
+
+export TEST=/CoreOS/certmonger/Sanity/upstream-testsuite-execution-and-rebuild-test
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Rob Crittenden <rcritten@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution." >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        30m" >> $(METADATA)
+	@echo "RunFor:          sudo" >> $(METADATA)
+	@echo "Requires:        sudo" >> $(METADATA)
+	@echo "Requires:        sed" >> $(METADATA)
+	@echo "Requires:        grep" >> $(METADATA)
+	@echo "Requires:        rpm-build" >> $(METADATA)
+	@echo "Requires:        yum-utils" >> $(METADATA)
+	@echo "Requires:        make" >> $(METADATA)
+	@echo "Requires:        libcap-devel" >> $(METADATA)
+	@echo "Requires:        audit-libs-devel" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+
+	rhts-lint $(METADATA)

tests/upstream-testsuite-execution-and-rebuild-test/PURPOSE

@@ -0,0 +1,3 @@
+PURPOSE of /CoreOS/certmonger/Sanity/upstream-testsuite-execution-and-rebuild-test
+Description: This test rebuild certmonger source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
+Author: Rob Crittenden <rcritten@redhat.com>

tests/upstream-testsuite-execution-and-rebuild-test/runtest.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test
+#   Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution.
+#   Author: Ales Marecek <amarecek@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Based on sudo rebuild test
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh || exit 1
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="oddjob"
+_SPEC_DIR="$(rpm --eval=%_specdir)"
+_BUILD_DIR="$(rpm --eval=%_builddir)"
+_LOG_REBUILD_F="${PACKAGE}-rebuild.log"
+_LOG_TESTSUITE_F="${PACKAGE}-testsuite.log"
+
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+	# Source package is needed for code inspection
+	rlFetchSrcForInstalled "${PACKAGE}" || yumdownloader --source "${PACKAGE}"
+    rlRun "find . -size 0 -delete" 0 "Remove empty src.rpm-s"
+	rlRun "yum-builddep -y --nogpgcheck ${PACKAGE}-*.src.rpm" 0 "Installing build dependencies"
+	[ -d ${_BUILD_DIR} ] && rlRun "rm -rf ${_BUILD_DIR}/*" 0 "Cleaning build directory"
+	rlRun "rpm -ivh ${PACKAGE}-*.src.rpm" 0 "Installing source rpm"
+    rlPhaseEnd
+
+    rlPhaseStartTest
+	rlRun "QA_RPATHS=0x0002 rpmbuild -ba ${_SPEC_DIR}/${PACKAGE}.spec" 0 "Test: Rebuild of source '${PACKAGE}' package"
+	rlGetPhaseState
+	if [ $? -eq 0 ]; then
+		cd ${_BUILD_DIR}/${PACKAGE}-*
+		rlRun -s "make check" 0 "Test: Upstream testsuite"
+		cd ${TmpDir}
+		while read -r I; do
+		    if [[ "$I" =~ $(echo '([^:]+): .+ tests run, .+ errors, (.*)% success rate') ]]; then
+		        [[ "${BASH_REMATCH[2]}" == "100" ]]
+		        rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $?
+		    elif [[ "$I" =~ $(echo "([^:]+): .+ tests passed; (.+)/.+ tests failed") ]]; then
+		        [[ "${BASH_REMATCH[2]}" == "0" ]]
+		        rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $?
+		    fi
+		done < $rlRun_LOG
+		rm -f $rlRun_LOG
+	else
+		rlFail "Skipping testsuite part because rebuild part failed."
+	fi
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd