--- rpms/e-smith-base/sme9/e-smith-base.spec 2013/02/02 14:59:33 1.3 +++ rpms/e-smith-base/sme9/e-smith-base.spec 2017/11/15 15:36:55 1.105 @@ -1,18 +1,44 @@ -# $Id: e-smith-base.spec,v 1.2 2013/01/31 17:55:53 vip-ire Exp $ +# $Id: e-smith-base.spec,v 1.104 2017/11/15 11:50:46 jpp Exp $ Summary: e-smith server and gateway - base module %define name e-smith-base Name: %{name} -%define version 5.4.0 -%define release 3 +%define version 5.6.0 +%define release 33 Version: %{version} Release: %{release}%{?dist} License: GPL Group: Networking/Daemons Source: %{name}-%{version}.tar.xz -Patch0: e-smith-base-5.4.0-runlevel_4.patch +Patch1: e-smith-base-5.6.0-console.patch +Patch2: e-smith-base-5.6.0_added_verification_of_pptp_clients_against_dhcp.patch +Patch3: e-smith-base-5.6.0_console_verification_dhcp_vs_pptp.patch +Patch4: e-smith-base-5.6.0_remove_10runparts_for_anacron_compatibility.patch +Patch5: e-smith-base-5.6.0-mdevent.patch +Patch6: e-smith-base-5.6.0-pppoe_after_post_upgrade.patch +Patch7: e-smith-base-5.6.0-symlink_udev-post.patch +Patch8: e-smith-base-5.6.0-detect_conf_change_single_nic.patch +Patch9: e-smith-base-5.6.0-service_runlevel_4.patch +Patch10: e-smith-base-5.6.0-ensure_apache_alias_www.patch +Patch11: e-smith-base-5.6.0-specify_dhcpd_configuration_file.patch +Patch12: e-smith-base-5.6.0-default_to_no_on_quit_console_app.patch +Patch13: e-smith-base-5.6.0-only_reset_access_for_private_server.patch +Patch14: e-smith-base-5.6.0-only_fire_ip_change_on_wan.patch +Patch15: e-smith-base-5.6.0-dummy_nic.patch +Patch16: e-smith-base-5.6.0-disable_selinux.patch +Patch17: e-smith-base-5.6.0_sha256_cert.patch +Patch18: e-smith-base-5.6.0-update_mime_types.patch +Patch19: e-smith-base-5.6.0-ssl_update.patch +Patch20: e-smith-base-5.6.0-reload_ssl_when_renew_cert.patch +Patch21: e-smith-base-5.6.0-display_http_server_manager.patch +Patch22: e-smith-base-5.6.0-add_forward_column.patch +Patch23: e-smith-base-5.6.0-allow_32bits_mask.patch +Patch24: e-smith-base-5.6.0-ip_route_syntax.patch +Patch25: e-smith-base-5.8.0-expand_route_bond0.patch + BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot -Requires: mod_auth_external +BuildArch: noarch +Requires: pwauth Requires: e-smith-lib >= 2.2.0-2 Requires: server-manager-images, server-manager Requires: e-smith-formmagick >= 1.4.0-12 @@ -25,7 +51,6 @@ Requires: perl(Data::UUID) Requires: perl(Net::IPv4Addr) Requires: /usr/sbin/irqbalance Requires: /usr/sbin/cpuspeed -Requires: /sbin/microcode_ctl Requires: /usr/sbin/smartd Requires: dbus Requires: hal @@ -37,7 +62,10 @@ Requires: e-smith-bootloader Requires: mdadm Requires: pv Requires: pam_abl -Requires: nss_pam_ldapd +Requires: diald +Requires: /usr/bin/passwd +Requires: nss-pam-ldapd +Obsoletes: nss_ldap < 254 Requires: cpu >= 1.4.3 Obsoletes: rlinetd, e-smith-mod_ssl Obsoletes: e-smith-serial-console @@ -47,9 +75,6 @@ Obsoletes: perl-Data-UUID BuildRequires: perl, perl(Test::Inline) >= 0.12 BuildRequires: e-smith-devtools >= 1.13.1-03 BuildRequires: gettext -%ifarch i386 -Requires: apmd -%endif %define dbfiles accounts configuration domains hosts networks AutoReqProv: no @@ -58,7 +83,301 @@ AutoReqProv: no e-smith server and gateway software - base module. %changelog -* Sat Feb 2 2013 Daniel Berteaud 5.4.0-3.sme +* Wed Nov 15 2017 Jean-Philipe Pialasse 5.6.0-33.sme +- revert previous change, wrong package + +* Wed Nov 15 2017 Jean-Philipe Pialasse 5.6.0-32.sme +- added post transaction rule for ntp [SME: 10454] +- backport of SME10 [SME: 10190] +- thank you to Stefano Zamboni for this work + +* Thu May 4 2017 Daniel Berteaud 5.6.0-31.sme +- Backport from sme10: Expand route-bond0 when nic bonding is enabled + [SME: 10270] + +* Thu Feb 9 2017 Daniel Berteaud 5.6.0-30.sme +- Use ip route syntax to define routes to local network [SME: 9905] + +* Tue Sep 13 2016 Daniel Berteaud 5.6.0-29.sme +- Allow /32 masks on the external interface, in which case we don't + check if the gateway is on the correct network) [SME: 9765] + +* Sun Jan 31 2016 Daniel Berteaud 5.6.0-28.sme +- Add a column to display forwarding address [SME: 9174] + +* Sun Jan 31 2016 Daniel Berteaud 5.6.0-27.sme +- Correctly display http URL to the server-manager in the console [SME: 9163] + +* Sun Jan 17 2016 Daniel Berteaud 5.6.0-26.sme +- Fire ssl-update event when default cert is renewed [SME: 2257] + +* Sun Jan 17 2016 Daniel Berteaud 5.6.0-25.sme +- Expand /home/e-smith/ssl.pem/pem during ssl-update [SME: 9152] + +* Tue Sep 30 2015 Daniel Berteaud 5.6.0-24.sme +- Update /etc/mime.types templates [SME: 9078] + +* Mon Aug 24 2015 Charlie Brady 5.6.0-23.sme +- Use sha256 algorithm for signature of SSL cert. [SME: 8615] + +* Thu Jun 25 2015 Daniel Berteaud 5.6.0-22.sme +- Fix including /etc/selinux directory [SME: 8954] + +* Thu Jun 25 2015 Daniel Berteaud 5.6.0-21.sme +- Add templates for /etc/selinux/config [SME: 8954] + +* Thu Jun 11 2015 Daniel Berteaud 5.6.0-20.sme +- Add dummy NIC support as InternalInterface [SME: 7200] + +* Tue Mar 31 2015 Daniel Berteaud 5.6.0-19.sme +- Only fire the ip-change event when IP is assigned to WAN nic + (Code by Charlie Brady and John Crisp) [SME: 8896] + +* Tue Mar 31 2015 Daniel Berteaud 5.6.0-18.sme +- Only reset service access when switching to or from private server mode + (Code by Charlie Brady) [SME: 8879] + +* Sun Jan 11 2015 Stephane de Labrusse 5.6.0-17.sme +- When quiting the console app with unsaved changes set the default selected +- answer to NO Hsing-Foo Wang [SME: 8616] + +* Tue Jan 6 2015 Stephane de Labrusse 5.6.0-16.sme +- Added a comment to specify the real configuration file of dhcpd [SME: 8386] + +* Sat Jan 3 2015 Stephane de Labrusse 5.6.0-15.sme +- Modified the patch of daniel e-smith-base-5.6.0-ensure_apache_alias_www.patch +- Ensure www group exists and that apache is an alias of www [SME: 8549] + +* Sun Nov 2 2014 Daniel Berteaud 5.6.0-13.sme +- Ensure www group exists and that apache is an alias of www [SME: 8549] + +* Sun Nov 2 2014 Daniel Berteaud 5.6.0-12.sme +- Check were running runlevel 4, not 7 in service wrapper [SME: 8637] + +* Sun Sep 21 2014 Daniel Berteaud 5.6.0-11.sme +- Correctly update NIC configuration on single NIC systems [SME: 8561] + +* Wed Sep 10 2014 Daniel Berteaud 5.6.0-10.sme +- Symlink udev-post service in rc7 [SME: 8542] + +* Fri Jul 25 2014 Daniel Berteaud 5.6.0-9.sme +- Fix PPPoE after a post-upgrade [SME: 8493] + +* Thu Jul 3 2014 Ian Wells 5.6.0-8.sme +- Remove dependency on microcode_ctl [SME: 8468] + +* Sun May 11 2014 stephane de Labrusse 5.6.0-7.sme +- Prevent emailing about the normal, weekly, checks of RAID arrays, by Mark Casey +- [SME: 7748] + +* Tue May 06 2014 stephane de Labrusse 5.6.0-6.sme +- remove /etc/e-smith/templates/etc/crontab/10runparts for anacron compatibility +- [SME: 8364] + +* Wed Apr 23 2014 stephane de Labrusse 5.6.0-5.sme +- Add a verification in the console of number of pptp clients against ip allowed in dhcpd +- [SME: 8312] + +* Sun Apr 6 2014 stephane de Labrusse 5.6.0-4.sme +- Add a verification in remoteaccess panel of number of pptp clients against ip allowed in dhcpd +- [SME: 8312] + +* Sat Apr 5 2014 Ian Wells 5.6.0-3.sme +- Ensure console is run with taint checking [SME: 8311] +- Non-functional perl::Critic changes. + +* Sun Mar 23 2014 Ian Wells 5.6.0-2.sme +- Roll new stream to really remove obsolete images [SME: 7962] + +* Sun Mar 23 2014 Ian Wells 5.6.0-1.sme +- Roll new stream to remove obsolete images [SME: 7962] + +* Thu Mar 20 2014 Ian Wells 5.4.0-62.sme +- Move console backup to e-smith-backup [SME: 3324] + +* Sun Mar 16 2014 Ian Wells 5.4.0-61.sme +- Remove support.pl from e-smith-base and move to smeserver-support [SME: 8264] + +* Sat Mar 15 2014 Ian Wells 5.4.0-60.sme +- Console restore should reboot [SME: 8259] + +* Sat Mar 8 2014 Ian Wells 5.4.0-59.sme +- Boostrap console should only offer restore if no password set [SME: 8259] + +* Thu Mar 6 2014 Ian Wells 5.4.0-58.sme +- Add restore backup as a console item for freshly installed servers [SME: 8259] +- Non-code changes to perform_restore.pm + +* Sun Feb 16 2014 Ian Wells 5.4.0-57.sme +- Refer to removable media not CDROM in console restore [SME: 8214] + +* Tue Jan 28 2014 Ian Wells 5.4.0-56.sme +- Remove insecure SSL ciphers [SME: 8138] + +* Sun Dec 15 2013 Daniel Berteaud 5.4.0-55.sme +- Restart rsyslog in logrotate event [SME: 8065] + +* Sun Dec 15 2013 Daniel Berteaud 5.4.0-54.sme +- Set smb ServerName if unset (patch from Ian Wells) [SME: 8030] + +* Mon Dec 9 2013 Daniel Berteaud 5.4.0-53.sme +- Don't reload init in bootstrap-console-save and console-save [SME: 8050] + +* Mon Dec 9 2013 Daniel Berteaud 5.4.0-52.sme +- Re-add missing templates metadata for bond0 [SME: 7990] + +* Sat Nov 30 2013 Daniel Berteaud 5.4.0-51.sme +- Load the bonding module if NIC bonding is enabled [SME: 7996] + +* Sat Nov 30 2013 Daniel Berteaud 5.4.0-50.sme +- Define the udev-post service in the DB [SME: 7992] + +* Sat Nov 30 2013 Daniel Berteaud 5.4.0-49.sme +- Remove the "swap interface" feature [SME: 7993] + +* Sat Nov 30 2013 Daniel Berteaud 5.4.0-48.sme +- Do not hardcode NIC names to eth0 and eth1 [SME: 7990] +- Remove obsolete VLAN code [SME: 7994] + +* Sat Nov 30 2013 Daniel Berteaud 5.4.0-47.sme +- Remove HWAddress prop from interfaces [SME: 7991] + +* Thu Nov 14 2013 Chris Burnat 5.4.0-46.sme +- Fix add_new_disk_to_raid1 (codes by Charlie Brady - patch by Terje Edseth) + [SME: 7960] + +* Wed Oct 30 2013 Charlie Brady 5.4.0-45.sme +- Fix parsing issues with "manage RAID" menu option in the console. + [SME: 7953] + +* Mon Sep 30 2013 John H. Bennett III 5.4.0-44.sme +- Patch to correct issue with not being able to access a password protected + ibay [SME: 7794] + +* Sun Jul 7 2013 Ian Wells 5.4.0-43.sme +- Improve text in console backup for success and failure [SME: 7770] + +* Fri Jul 5 2013 Ian Wells 5.4.0-42.sme +- Console USB Backup, allow user setting of compression level [SME: 7745] + Compression level of the console backup is now -6 by default + +* Fri Jul 5 2013 Ian Wells 5.4.0-41.sme +- Update ServerName (Samba netbios name) when SystemName is updated [SME: 7746] + +* Fri Jul 5 2013 Ian Wells 5.4.0-40.sme +- Remove old System Name from the Hosts DB, by Charlie Brady [SME: 7747] + +* Sun Jun 23 2013 Daniel Berteaud 5.4.0-39.sme +- Fix group creation when LDAP auth is enabled [SME: 7672] + +* Sat Jun 8 2013 Daniel Berteaud 5.4.0-38.sme +- Disable IPv6 on a default install (patch by Shad Lords) [SME: 7531] + +* Sat Jun 8 2013 Daniel Berteaud 5.4.0-37.sme +- Continue escaping control chars in rsyslog, just replace LF with space [SME: 7662] + +* Fri Jun 7 2013 Daniel Berteaud 5.4.0-36.sme +- Don't escape control characters in rsyslog [SME: 7662] + +* Thu Jun 6 2013 Daniel Berteaud 5.4.0-35.sme +- Use UTF-8 in the console [SME: 7591] + +* Sun May 19 2013 Ian Wells 5.4.0-34.sme +- Remove redundant parts of init-accounts [SME: 3550] + +* Sat May 18 2013 chris burnat 5.4.0-33.sme +- Add_template_to_ssl.pem, codes by JP Pialasse [SME: 7601] + +* Tue May 07 2013 Ian Wells 5.4.0-32.sme +- Require diald [SME: 7279] + +* Mon May 06 2013 Ian Wells 5.4.0-31.sme +- Removal of rc.e-smith now functionality is in e-smith-service [SME: 7267] + +* Sun May 05 2013 Ian Wells 5.4.0-30.sme +- Revert last change. [SME: 7227] + +* Sat May 04 2013 Ian Wells 5.4.0-29.sme +- Suppress template text from /etc/inittab [SME: 7227] + +* Mon Apr 22 2013 Ian Wells 5.4.0-28.sme +- Replacement of rc.e-smith by moving code into e-smith-service [SME: 7267] + +* Mon Apr 21 2013 chris burnat 5.4.0-27.sme +- Fix the way '.' works in bash [SME: 7532] + +* Fri Mar 22 2013 Daniel Berteaud 5.4.0-26.sme +- rename /etc/ldap.conf to /etc/pam_ldap.conf (and same for .secret) [SME: 7289] + +* Sat Mar 16 2013 Ian Wells 5.4.0-25.sme +- Always define InternalInterface NICBonding [SME: 7498] + +* Sat Mar 16 2013 Terry Fage 5.4.0-24.sme +- In the console refer to removable media instead of USB disk [SME: 7414] + +* Sat Mar 16 2013 Shad L. Lords 5.4.0-23.sme +- Fix a few more syslog => rsyslog items [SME: 7221] + +* Sat Mar 16 2013 Shad L. Lords 5.4.0-22.sme +- Remove modprobe stuff [SME: 7261] + +* Sat Mar 16 2013 Shad L. Lords 5.4.0-21.sme +- Don't be as agressive on rate limiting [SME: 7470] + +* Sat Mar 16 2013 Daniel Berteaud 5.4.0-20.sme +- Change syslog templates to rsyslog [SME: 7221] + +* Fri Mar 15 2013 Ian Wells 5.4.0-19.sme +- Ensure existing_hwaddr is always initialized [SME: 7471] + +* Thu Mar 14 2013 Ian Wells 5.4.0-18.sme +- Change System Name from mitel-networks-server to sme-server [SME: 7485] + +* Sat Mar 9 2013 Shad L. Lords 5.4.0-17.sme +- Fix user www creation in init-accounts [SME: 7319] + +* Wed Mar 6 2013 Shad L. Lords 5.4.0-16.sme +- Update package and path for pwauth [SME: 7319] +- Update init-accounts to set uid/gid correctly for pwauth + +* Thu Feb 28 2013 Shad L. Lords 5.4.0-15.sme +- Remove fragments in inittab that are no longer needed [SME: 7227] + +* Mon Feb 25 2013 Daniel Berteaud 5.4.0-14.sme +- Post-upgrades not fired after restore from console [SME: 7390] + +* Sat Feb 23 2013 Ian Wells 5.4.0-13.sme +- Remove microcode_ctl service as now udev-driven [SME: 7397] + +* Thu Feb 21 2013 Ian Wells 5.4.0-12.sme +- Increase memory limit for pppoe to 100Mb matching SME8 solution [SME: 7391] + +* Thu Feb 21 2013 Daniel Berteaud 5.4.0-11.sme +- Optimize user-modify-unix script and link it in bootstrap-ldap-save [SME: 7387] + +* Tue Feb 19 2013 Shad L. Lords 5.4.0-10.sme +- Add /usr/bin/passwd as a required package [SME: 7350] + +* Sat Feb 9 2013 Ian Wells 5.4.0-9.sme +- Update symlink to not conflict with /etc/init.d [SME: 7322] + +* Thu Feb 7 2013 Ian Wells 5.4.0-8.sme +- Add symbolic links from rsyslog to syslog to start the + the transition from syslog to rsyslog [SME: 7322] + +* Wed Feb 6 2013 Shad L. Lords 5.4.0-7.sme +- Remove apmd service and change package to noarch [SME: 7312] + +* Sun Feb 3 2013 Daniel Berteaud 5.4.0-6.sme +- Add a daemontools service to run signal-event local [SME: 7230] + +* Sat Feb 2 2013 Shad L. Lords 5.4.0-5.sme +- Obsolete nss_ldap so upgrades work [SME: 7273] + +* Sat Feb 2 2013 Shad L. Lords 5.4.0-4.sme +- Helps to spell requirements correctly + +* Sat Feb 2 2013 Shad L. Lords 5.4.0-3.sme - Change nss_ldap to nss-pam-ldapd [SME: 7272] * Thu Jan 31 2013 Daniel Berteaud 5.4.0-2.sme @@ -1493,11 +1812,33 @@ e-smith server and gateway software - ba %prep %setup -%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 %pre -/sbin/e-smith/create-system-user smelog 1002 \ - 'smelog log user' /var/log/smelog /bin/false /sbin/e-smith/create-system-user smelastsys 2999 \ 'sme last system user marker' /tmp /bin/false @@ -1505,12 +1846,6 @@ e-smith server and gateway software - ba %build -%if "%_build_arch" == "i386" -echo "enabled" > root/etc/e-smith/db/configuration/defaults/apmd/status -%else -echo "disabled" > root/etc/e-smith/db/configuration/defaults/apmd/status -%endif - LEXICONS=$(find root/etc/e-smith/web/{functions,panels/password/cgi-bin} \ -type f | grep -v CVS) @@ -1528,6 +1863,7 @@ perl createlinks %install rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/etc/selinux (cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) /sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ --file /etc/cron.daily/conf-mod_ssl 'attr(0544,root,root)' \ @@ -1578,6 +1914,9 @@ rm -rf $RPM_BUILD_ROOT --dir /var/service/ippp/log/supervise 'attr(0700,root,root)' \ --dir /var/log/ippp 'attr(2750,smelog,smelog)' \ --dir /etc/e-smith/skel/user/.ssh 'attr(0700,root,root)' \ + --file /var/service/local/run 'attr(0750,root,root)' \ + --file /etc/sysconfig/modules/dummy.modules 'attr(0755,root,root)' \ + --dir /etc/selinux 'attr(0755,root,root)' \ > %{name}-%{version}-%{release}-filelist mkdir -p $RPM_BUILD_ROOT/home/e-smith/db