diff --git a/docs/Done b/docs/Done deleted file mode 100644 index 61e384a..0000000 --- a/docs/Done +++ /dev/null @@ -1,49 +0,0 @@ -#List of first stab recipes done -# Legend: -# P=Port -# D=Depends -# w=not started yet -# d=initial port done -stx-config:d - config-gate.bb - controllerconfig.bb - puppet-manifests.bb - puppet-modules-wrs.bb - storageconfig - worker-utils.bb - workerconfig.bb - pm-qos-mgr.bb - sysinv.bb -TODO:stx-config:P+stx-openstack-helm:D+openstack-helm:D+openstack-helm-infra:D+kubernetes -TODO:stx-config:P+stx-platform-helm:D+helm:D+openstack-helm-infra:D+kubernetes -stx-fault:d - fm-doc.bb - fm-common.bb - fm-mgr.bb - fm-rest-api.bb - fm-api.bb - snmp-audittrail.bb - snmp-ext.bb - -stx-gui:d -stx-metal:d - inventory.bb - mtce-common.bb:common:daemon - mtce-compute.bb - mtce-control.bb - mtce-storage.bb -TODO:stx-metal:D+oslo-config-generator:D+post_run -TODO:stx-metal:P+installer/pxe-network-installer -TODO:stx-metal:P+kickstart -stx-ha:d - sm-common.bb - sm-db.bb - sm.bb - sm-api.bb - sm-client.bb - sm-tools.bb -stx-integ:w -stx-ansible-playbooks:w -stx-nfv:w -stx-update:w -stx-upstream:w diff --git a/docs/progress.txt b/docs/progress.txt new file mode 100644 index 0000000..e8f40eb --- /dev/null +++ b/docs/progress.txt @@ -0,0 +1,136 @@ +#List of first stab recipes done +# Legend: +# P=Port +# D=Depends +# w=not started yet +# d=initial port done +# r=replaced with yocto recipe +# W=with +# S=skipped dependency + +stx-config:d + config-gate.bb + controllerconfig.bb + puppet-manifests.bb + puppet-modules-wrs.bb + storageconfig + worker-utils.bb + workerconfig.bb + pm-qos-mgr.bb + sysinv.bb +TODO:stx-config:P+stx-openstack-helm:D+openstack-helm:D+openstack-helm-infra:D+kubernetes +TODO:stx-config:P+stx-platform-helm:D+helm:D+openstack-helm-infra:D+kubernetes + +stx-fault:d + fm-doc.bb + fm-common.bb + fm-mgr.bb + fm-rest-api.bb + fm-api.bb + snmp-audittrail.bb + snmp-ext.bb + +stx-gui:d + +stx-metal:d + inventory.bb + mtce-common.bb:common:daemon + mtce-compute.bb + mtce-control.bb + mtce-storage.bb +TODO:stx-metal:D+oslo-config-generator:D+post_run +TODO:stx-metal:P+installer/pxe-network-installer +TODO:stx-metal:P+kickstart + +stx-ha:d + sm-common.bb + sm-db.bb + sm.bb + sm-api.bb + sm-client.bb + sm-tools.bb + +stx-nfv:d + nfv-common.bb + nfv-plugins.bb + nfv-tools.bb + nfv-vim.bb + nfv-client.bb + mtce-guest.bb + nfv-api-proxy.bb + +stx-update:d + cgsc-patch.bb + enable-dev-patch.bb + patch-alarm.bb + tsconfig.bb + R+python-ansible:meta-iot-cloud +TODO:stx-update:P+patch-scripts + +stx-ansible-playbooks:d +TODO:stx-ansible-playbooks:r+ansible:W+python-ansible:meta-cloud-services +TODO:stx-ansible-playbooks:S+sshpass + +stx-upstream:w + R+python-barbicanclient:meta-cloud-services/meta-openstack + R+python-cinderclient:meta-cloud-services/meta-openstack + R+python-glanceclient:meta-cloud-services/meta-openstack + R+python-heatclient:meta-cloud-services/meta-openstack + R+python-horizon:meta-cloud-services/meta-openstack + R+python-keystoneauth1:meta-cloud-services/meta-openstack + R+python-keystoneclient:meta-cloud-services/meta-openstack + R+python-magnumclient:meta-cloud-services/meta-openstack + R+python-neutronclient:meta-cloud-services/meta-openstack + R+python-novaclient:meta-cloud-services/meta-openstack + R+python-openstackclient:meta-cloud-services/meta-openstack + R+python-openstacksdk:meta-cloud-services/meta-openstack + stx-ocf-scripts.bb + rabitmq-server-config.bb + +TODO:stx-upstream:P+python-gnocchiclient +TODO:stx-upstream:P+python-aodhclient +TODO:stx-upstream:P+python-ironicclient +TODO:stx-upstream:P+python-muranoclient +TODO:stx-upstream:P+openstack-ras +TODO:stx-upstream:P+openstack-helm +TODO:stx-upstream:P+distributedcloud +TODO:stx-upstream:P+distributedcloud-client +TODO:stx-upstream:P+python-pankoclient + +stx-integ/base:d + cgcs-users.bb + dhcp-config.bb + dnsmasq-config.bb + R+dpkg:W+start-stop-daemon + R+golang-dep:W+go-dep + haproxy-config.bb + initscripts-config.bb + R+libfdt:W+dtc-1.4.7 + lighttpd-config.bb + net-snmp-config.bb + openssh-config.bb + setup-config.bb + systemd-config.bb +TODO:stx-integ/base:P+rpm:apply patches as needed; disregard otherwise +TODO:stx-integ/base:Check app spec files for post run. Adopt as needed. + + +stx-integ/ceph:d + ceph-manager.bb + R+python-cephclient:meta-cloud-services/meta-openstack +TODO:stx-integ/ceph:P+stx required ceph and any related patches to thud:R+ceph:W+meta-virtualization + +stx-integ/config-files:d + audit-config.bb + docker-config.bb + io-scheduler.bb + iptables-config.bb + memcached-custom.bb + ntp-config.bb + pam-config.bb + rsync-config.bb + shadow-utils-config.bb + stx-integ-config-files.inc + sudo-config.bb + syslog-ng-config.bb + util-linux-config.bb diff --git a/patches/stx-integ/0001-cgcs-users-with-patch-ibsh-patches.patch b/patches/stx-integ/0001-cgcs-users-with-patch-ibsh-patches.patch new file mode 100644 index 0000000..5453ca3 --- /dev/null +++ b/patches/stx-integ/0001-cgcs-users-with-patch-ibsh-patches.patch @@ -0,0 +1,2191 @@ +From b62415943878891ce000b9e0b414354b60047876 Mon Sep 17 00:00:00 2001 +From: babak sarashki +Date: Tue, 2 Jul 2019 14:09:28 -0700 +Subject: [PATCH 1/2] cgcs-users with patch ibsh patches + +Applied ibsh-0.3e-cgcs.patch and copyright patch. +--- + base/cgcs-users/cgcs-users-1.0/BUGS | 19 + + base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS | 7 + + base/cgcs-users/cgcs-users-1.0/COPYING | 340 ++++++++++++++++++ + base/cgcs-users/cgcs-users-1.0/COPYRIGHT | 17 + + base/cgcs-users/cgcs-users-1.0/INSTALL | 23 ++ + base/cgcs-users/cgcs-users-1.0/Makefile | 56 +++ + base/cgcs-users/cgcs-users-1.0/README | 29 ++ + base/cgcs-users/cgcs-users-1.0/Release | 17 + + base/cgcs-users/cgcs-users-1.0/TODO | 10 + + base/cgcs-users/cgcs-users-1.0/VERSION | 1 + + base/cgcs-users/cgcs-users-1.0/antixploit.c | 131 +++++++ + base/cgcs-users/cgcs-users-1.0/command.c | 209 +++++++++++ + base/cgcs-users/cgcs-users-1.0/config.c | 179 +++++++++ + base/cgcs-users/cgcs-users-1.0/delbadfiles.c | 239 ++++++++++++ + .../cgcs-users-1.0/example.allowall.xtns | 28 ++ + .../cgcs-users-1.0/example.denyall.xtns | 2 + + base/cgcs-users/cgcs-users-1.0/execute.c | 159 ++++++++ + base/cgcs-users/cgcs-users-1.0/globals.cmds | 8 + + base/cgcs-users/cgcs-users-1.0/globals.xtns | 3 + + base/cgcs-users/cgcs-users-1.0/ibsh.h | 126 +++++++ + base/cgcs-users/cgcs-users-1.0/jail.c | 101 ++++++ + base/cgcs-users/cgcs-users-1.0/main.c | 239 ++++++++++++ + base/cgcs-users/cgcs-users-1.0/misc.c | 52 +++ + 23 files changed, 1995 insertions(+) + create mode 100644 base/cgcs-users/cgcs-users-1.0/BUGS + create mode 100644 base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS + create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYING + create mode 100644 base/cgcs-users/cgcs-users-1.0/COPYRIGHT + create mode 100644 base/cgcs-users/cgcs-users-1.0/INSTALL + create mode 100644 base/cgcs-users/cgcs-users-1.0/Makefile + create mode 100644 base/cgcs-users/cgcs-users-1.0/README + create mode 100644 base/cgcs-users/cgcs-users-1.0/Release + create mode 100644 base/cgcs-users/cgcs-users-1.0/TODO + create mode 100644 base/cgcs-users/cgcs-users-1.0/VERSION + create mode 100644 base/cgcs-users/cgcs-users-1.0/antixploit.c + create mode 100644 base/cgcs-users/cgcs-users-1.0/command.c + create mode 100644 base/cgcs-users/cgcs-users-1.0/config.c + create mode 100644 base/cgcs-users/cgcs-users-1.0/delbadfiles.c + create mode 100644 base/cgcs-users/cgcs-users-1.0/example.allowall.xtns + create mode 100644 base/cgcs-users/cgcs-users-1.0/example.denyall.xtns + create mode 100644 base/cgcs-users/cgcs-users-1.0/execute.c + create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.cmds + create mode 100644 base/cgcs-users/cgcs-users-1.0/globals.xtns + create mode 100644 base/cgcs-users/cgcs-users-1.0/ibsh.h + create mode 100644 base/cgcs-users/cgcs-users-1.0/jail.c + create mode 100644 base/cgcs-users/cgcs-users-1.0/main.c + create mode 100644 base/cgcs-users/cgcs-users-1.0/misc.c + +diff --git a/base/cgcs-users/cgcs-users-1.0/BUGS b/base/cgcs-users/cgcs-users-1.0/BUGS +new file mode 100644 +index 0000000..7dacaab +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/BUGS +@@ -0,0 +1,19 @@ ++** Open BUGS ** ++None, so far. ++ ++** Fixed BUGS ** ++- Input length checking on all inputs, string copies, etc. is fixed. ++- The myscanf function will no longer accept more then 80 chars at once, ++so ibsh hopefully wont crash on a too long input. ++- Added signal.h in the header file, the lack of it caused compilation ++problems on some systems. ++- Fixed the infinite loop in DelBadFiles. This function is temporarily ++taken out of the project ++- Removed the involvment of /bin/sh from system. Added path checking. ++- In jail root, not only ../ is not allowed, but .. too. ++- Fixed a bug, that happened on bsd, when the user pressed ^D. ++- Fixed a bug with opendir ++- Fixed a format string vulnerability in logprintbadfile(). Thanks to ++Kim Streich for the report. ++ ++2005.05.23 +diff --git a/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS +new file mode 100644 +index 0000000..35ca436 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/CONTRIBUTORS +@@ -0,0 +1,7 @@ ++CONTRIBUTORS TO PROJECT IBSH ++ ++Kim Streich ++ * bug finder, debugger, tester. ++ ++RazoR (Nikolay Alexandrov) ++ * bug finder, debugger, tester. +diff --git a/base/cgcs-users/cgcs-users-1.0/COPYING b/base/cgcs-users/cgcs-users-1.0/COPYING +new file mode 100644 +index 0000000..d60c31a +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/COPYING +@@ -0,0 +1,340 @@ ++ GNU GENERAL PUBLIC LICENSE ++ Version 2, June 1991 ++ ++ Copyright (C) 1989, 1991 Free Software Foundation, Inc. ++ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ Everyone is permitted to copy and distribute verbatim copies ++ of this license document, but changing it is not allowed. ++ ++ Preamble ++ ++ The licenses for most software are designed to take away your ++freedom to share and change it. By contrast, the GNU General Public ++License is intended to guarantee your freedom to share and change free ++software--to make sure the software is free for all its users. This ++General Public License applies to most of the Free Software ++Foundation's software and to any other program whose authors commit to ++using it. (Some other Free Software Foundation software is covered by ++the GNU Library General Public License instead.) You can apply it to ++your programs, too. ++ ++ When we speak of free software, we are referring to freedom, not ++price. Our General Public Licenses are designed to make sure that you ++have the freedom to distribute copies of free software (and charge for ++this service if you wish), that you receive source code or can get it ++if you want it, that you can change the software or use pieces of it ++in new free programs; and that you know you can do these things. ++ ++ To protect your rights, we need to make restrictions that forbid ++anyone to deny you these rights or to ask you to surrender the rights. ++These restrictions translate to certain responsibilities for you if you ++distribute copies of the software, or if you modify it. ++ ++ For example, if you distribute copies of such a program, whether ++gratis or for a fee, you must give the recipients all the rights that ++you have. You must make sure that they, too, receive or can get the ++source code. And you must show them these terms so they know their ++rights. ++ ++ We protect your rights with two steps: (1) copyright the software, and ++(2) offer you this license which gives you legal permission to copy, ++distribute and/or modify the software. ++ ++ Also, for each author's protection and ours, we want to make certain ++that everyone understands that there is no warranty for this free ++software. If the software is modified by someone else and passed on, we ++want its recipients to know that what they have is not the original, so ++that any problems introduced by others will not reflect on the original ++authors' reputations. ++ ++ Finally, any free program is threatened constantly by software ++patents. We wish to avoid the danger that redistributors of a free ++program will individually obtain patent licenses, in effect making the ++program proprietary. To prevent this, we have made it clear that any ++patent must be licensed for everyone's free use or not licensed at all. ++ ++ The precise terms and conditions for copying, distribution and ++modification follow. ++ ++ GNU GENERAL PUBLIC LICENSE ++ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION ++ ++ 0. This License applies to any program or other work which contains ++a notice placed by the copyright holder saying it may be distributed ++under the terms of this General Public License. The "Program", below, ++refers to any such program or work, and a "work based on the Program" ++means either the Program or any derivative work under copyright law: ++that is to say, a work containing the Program or a portion of it, ++either verbatim or with modifications and/or translated into another ++language. (Hereinafter, translation is included without limitation in ++the term "modification".) Each licensee is addressed as "you". ++ ++Activities other than copying, distribution and modification are not ++covered by this License; they are outside its scope. The act of ++running the Program is not restricted, and the output from the Program ++is covered only if its contents constitute a work based on the ++Program (independent of having been made by running the Program). ++Whether that is true depends on what the Program does. ++ ++ 1. You may copy and distribute verbatim copies of the Program's ++source code as you receive it, in any medium, provided that you ++conspicuously and appropriately publish on each copy an appropriate ++copyright notice and disclaimer of warranty; keep intact all the ++notices that refer to this License and to the absence of any warranty; ++and give any other recipients of the Program a copy of this License ++along with the Program. ++ ++You may charge a fee for the physical act of transferring a copy, and ++you may at your option offer warranty protection in exchange for a fee. ++ ++ 2. You may modify your copy or copies of the Program or any portion ++of it, thus forming a work based on the Program, and copy and ++distribute such modifications or work under the terms of Section 1 ++above, provided that you also meet all of these conditions: ++ ++ a) You must cause the modified files to carry prominent notices ++ stating that you changed the files and the date of any change. ++ ++ b) You must cause any work that you distribute or publish, that in ++ whole or in part contains or is derived from the Program or any ++ part thereof, to be licensed as a whole at no charge to all third ++ parties under the terms of this License. ++ ++ c) If the modified program normally reads commands interactively ++ when run, you must cause it, when started running for such ++ interactive use in the most ordinary way, to print or display an ++ announcement including an appropriate copyright notice and a ++ notice that there is no warranty (or else, saying that you provide ++ a warranty) and that users may redistribute the program under ++ these conditions, and telling the user how to view a copy of this ++ License. (Exception: if the Program itself is interactive but ++ does not normally print such an announcement, your work based on ++ the Program is not required to print an announcement.) ++ ++These requirements apply to the modified work as a whole. If ++identifiable sections of that work are not derived from the Program, ++and can be reasonably considered independent and separate works in ++themselves, then this License, and its terms, do not apply to those ++sections when you distribute them as separate works. But when you ++distribute the same sections as part of a whole which is a work based ++on the Program, the distribution of the whole must be on the terms of ++this License, whose permissions for other licensees extend to the ++entire whole, and thus to each and every part regardless of who wrote it. ++ ++Thus, it is not the intent of this section to claim rights or contest ++your rights to work written entirely by you; rather, the intent is to ++exercise the right to control the distribution of derivative or ++collective works based on the Program. ++ ++In addition, mere aggregation of another work not based on the Program ++with the Program (or with a work based on the Program) on a volume of ++a storage or distribution medium does not bring the other work under ++the scope of this License. ++ ++ 3. You may copy and distribute the Program (or a work based on it, ++under Section 2) in object code or executable form under the terms of ++Sections 1 and 2 above provided that you also do one of the following: ++ ++ a) Accompany it with the complete corresponding machine-readable ++ source code, which must be distributed under the terms of Sections ++ 1 and 2 above on a medium customarily used for software interchange; or, ++ ++ b) Accompany it with a written offer, valid for at least three ++ years, to give any third party, for a charge no more than your ++ cost of physically performing source distribution, a complete ++ machine-readable copy of the corresponding source code, to be ++ distributed under the terms of Sections 1 and 2 above on a medium ++ customarily used for software interchange; or, ++ ++ c) Accompany it with the information you received as to the offer ++ to distribute corresponding source code. (This alternative is ++ allowed only for noncommercial distribution and only if you ++ received the program in object code or executable form with such ++ an offer, in accord with Subsection b above.) ++ ++The source code for a work means the preferred form of the work for ++making modifications to it. For an executable work, complete source ++code means all the source code for all modules it contains, plus any ++associated interface definition files, plus the scripts used to ++control compilation and installation of the executable. However, as a ++special exception, the source code distributed need not include ++anything that is normally distributed (in either source or binary ++form) with the major components (compiler, kernel, and so on) of the ++operating system on which the executable runs, unless that component ++itself accompanies the executable. ++ ++If distribution of executable or object code is made by offering ++access to copy from a designated place, then offering equivalent ++access to copy the source code from the same place counts as ++distribution of the source code, even though third parties are not ++compelled to copy the source along with the object code. ++ ++ 4. You may not copy, modify, sublicense, or distribute the Program ++except as expressly provided under this License. Any attempt ++otherwise to copy, modify, sublicense or distribute the Program is ++void, and will automatically terminate your rights under this License. ++However, parties who have received copies, or rights, from you under ++this License will not have their licenses terminated so long as such ++parties remain in full compliance. ++ ++ 5. You are not required to accept this License, since you have not ++signed it. However, nothing else grants you permission to modify or ++distribute the Program or its derivative works. These actions are ++prohibited by law if you do not accept this License. Therefore, by ++modifying or distributing the Program (or any work based on the ++Program), you indicate your acceptance of this License to do so, and ++all its terms and conditions for copying, distributing or modifying ++the Program or works based on it. ++ ++ 6. Each time you redistribute the Program (or any work based on the ++Program), the recipient automatically receives a license from the ++original licensor to copy, distribute or modify the Program subject to ++these terms and conditions. You may not impose any further ++restrictions on the recipients' exercise of the rights granted herein. ++You are not responsible for enforcing compliance by third parties to ++this License. ++ ++ 7. If, as a consequence of a court judgment or allegation of patent ++infringement or for any other reason (not limited to patent issues), ++conditions are imposed on you (whether by court order, agreement or ++otherwise) that contradict the conditions of this License, they do not ++excuse you from the conditions of this License. If you cannot ++distribute so as to satisfy simultaneously your obligations under this ++License and any other pertinent obligations, then as a consequence you ++may not distribute the Program at all. For example, if a patent ++license would not permit royalty-free redistribution of the Program by ++all those who receive copies directly or indirectly through you, then ++the only way you could satisfy both it and this License would be to ++refrain entirely from distribution of the Program. ++ ++If any portion of this section is held invalid or unenforceable under ++any particular circumstance, the balance of the section is intended to ++apply and the section as a whole is intended to apply in other ++circumstances. ++ ++It is not the purpose of this section to induce you to infringe any ++patents or other property right claims or to contest validity of any ++such claims; this section has the sole purpose of protecting the ++integrity of the free software distribution system, which is ++implemented by public license practices. Many people have made ++generous contributions to the wide range of software distributed ++through that system in reliance on consistent application of that ++system; it is up to the author/donor to decide if he or she is willing ++to distribute software through any other system and a licensee cannot ++impose that choice. ++ ++This section is intended to make thoroughly clear what is believed to ++be a consequence of the rest of this License. ++ ++ 8. If the distribution and/or use of the Program is restricted in ++certain countries either by patents or by copyrighted interfaces, the ++original copyright holder who places the Program under this License ++may add an explicit geographical distribution limitation excluding ++those countries, so that distribution is permitted only in or among ++countries not thus excluded. In such case, this License incorporates ++the limitation as if written in the body of this License. ++ ++ 9. The Free Software Foundation may publish revised and/or new versions ++of the General Public License from time to time. Such new versions will ++be similar in spirit to the present version, but may differ in detail to ++address new problems or concerns. ++ ++Each version is given a distinguishing version number. If the Program ++specifies a version number of this License which applies to it and "any ++later version", you have the option of following the terms and conditions ++either of that version or of any later version published by the Free ++Software Foundation. If the Program does not specify a version number of ++this License, you may choose any version ever published by the Free Software ++Foundation. ++ ++ 10. If you wish to incorporate parts of the Program into other free ++programs whose distribution conditions are different, write to the author ++to ask for permission. For software which is copyrighted by the Free ++Software Foundation, write to the Free Software Foundation; we sometimes ++make exceptions for this. Our decision will be guided by the two goals ++of preserving the free status of all derivatives of our free software and ++of promoting the sharing and reuse of software generally. ++ ++ NO WARRANTY ++ ++ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY ++FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN ++OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES ++PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED ++OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ++MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS ++TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE ++PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, ++REPAIR OR CORRECTION. ++ ++ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING ++WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR ++REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, ++INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING ++OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED ++TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY ++YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER ++PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE ++POSSIBILITY OF SUCH DAMAGES. ++ ++ END OF TERMS AND CONDITIONS ++ ++ How to Apply These Terms to Your New Programs ++ ++ If you develop a new program, and you want it to be of the greatest ++possible use to the public, the best way to achieve this is to make it ++free software which everyone can redistribute and change under these terms. ++ ++ To do so, attach the following notices to the program. It is safest ++to attach them to the start of each source file to most effectively ++convey the exclusion of warranty; and each file should have at least ++the "copyright" line and a pointer to where the full notice is found. ++ ++ ++ Copyright (C) ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ ++ ++Also add information on how to contact you by electronic and paper mail. ++ ++If the program is interactive, make it output a short notice like this ++when it starts in an interactive mode: ++ ++ Gnomovision version 69, Copyright (C) year name of author ++ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. ++ This is free software, and you are welcome to redistribute it ++ under certain conditions; type `show c' for details. ++ ++The hypothetical commands `show w' and `show c' should show the appropriate ++parts of the General Public License. Of course, the commands you use may ++be called something other than `show w' and `show c'; they could even be ++mouse-clicks or menu items--whatever suits your program. ++ ++You should also get your employer (if you work as a programmer) or your ++school, if any, to sign a "copyright disclaimer" for the program, if ++necessary. Here is a sample; alter the names: ++ ++ Yoyodyne, Inc., hereby disclaims all copyright interest in the program ++ `Gnomovision' (which makes passes at compilers) written by James Hacker. ++ ++ , 1 April 1989 ++ Ty Coon, President of Vice ++ ++This General Public License does not permit incorporating your program into ++proprietary programs. If your program is a subroutine library, you may ++consider it more useful to permit linking proprietary applications with the ++library. If this is what you want to do, use the GNU Library General ++Public License instead of this License. +diff --git a/base/cgcs-users/cgcs-users-1.0/COPYRIGHT b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT +new file mode 100644 +index 0000000..7507d05 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/COPYRIGHT +@@ -0,0 +1,17 @@ ++This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++Copyright (C) 2005 Attila Nagyidai ++ ++This program is free software; you can redistribute it and/or ++modify it under the terms of the GNU General Public License ++as published by the Free Software Foundation; either version 2 ++of the License, or (at your option) any later version. ++ ++This program is distributed in the hope that it will be useful, ++but WITHOUT ANY WARRANTY; without even the implied warranty of ++MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++GNU General Public License for more details. ++ ++You should have received a copy of the GNU General Public License ++along with this program; if not, write to the Free Software ++Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ +diff --git a/base/cgcs-users/cgcs-users-1.0/INSTALL b/base/cgcs-users/cgcs-users-1.0/INSTALL +new file mode 100644 +index 0000000..42b1866 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/INSTALL +@@ -0,0 +1,23 @@ ++Installing ibsh is really easy, so no need for the usual sections ++in this document. There is no configure script either, so if ++something wrong, make will fail. ++ ++# make ibsh ++# make ibsh_install ++ ++Optionally: ++ ++# make clean ++ ++ ++To uninstall ibsh: ++ ++# make ibsh_uninstall ++ ++ ++Of course you will have to enable this shell by: ++# echo /bin/ibsh >> /etc/shells ++or however you like it. ++And make sure the permissions read 0755 ! ++ ++2005.03.24. +diff --git a/base/cgcs-users/cgcs-users-1.0/Makefile b/base/cgcs-users/cgcs-users-1.0/Makefile +new file mode 100644 +index 0000000..ed37d00 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/Makefile +@@ -0,0 +1,56 @@ ++# This is the makefile for ibsh 0.3e ++CC = gcc ++OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o ++ ++ibsh: ${OBJECTS} ibsh.h ++ ${CC} -o ibsh ${OBJECTS} ++ ++main.o: main.c ibsh.h ++ ${CC} -c main.c ++ ++command.o: command.c ibsh.h ++ ${CC} -c command.c ++ ++jail.o: jail.c ibsh.h ++ ${CC} -c jail.c ++ ++execute.o: execute.c ibsh.h ++ ${CC} -c execute.c ++ ++config.o: config.c ibsh.h ++ ${CC} -c config.c ++ ++misc.o: misc.c ibsh.h ++ ${CC} -c misc.c ++ ++antixploit.o: antixploit.c ibsh.h ++ ${CC} -c antixploit.c ++ ++delbadfiles.o: delbadfiles.c ibsh.h ++ ${CC} -c delbadfiles.c ++ ++ibsh_install: ++ cp ./ibsh /bin/ ++ mkdir /etc/ibsh ++ mkdir /etc/ibsh/cmds ++ mkdir /etc/ibsh/xtns ++ cp ./globals.cmds /etc/ibsh/ ++ cp ./globals.xtns /etc/ibsh/ ++ ++ibsh_uninstall: ++ rm -rf /etc/ibsh/globals.cmds ++ rm -rf /etc/ibsh/globals.xtns ++ rm -rf /etc/ibsh/cmds/*.* ++ rm -rf /etc/ibsh/xtns/*.* ++ rmdir /etc/ibsh/cmds ++ rmdir /etc/ibsh/xtns ++ rmdir /etc/ibsh ++ rm -rf /bin/ibsh ++ ++clean: ++ rm -rf ibsh ++ rm -rf *.o ++ ++ ++# 13:49 2005.04.06. ++ +diff --git a/base/cgcs-users/cgcs-users-1.0/README b/base/cgcs-users/cgcs-users-1.0/README +new file mode 100644 +index 0000000..2035e57 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/README +@@ -0,0 +1,29 @@ ++ Iron Bars SHell - a restricted interactive shell. ++ ++Overview ++ ++ For long i have been in the search of a decent restricted shell, but in vain. ++ The few i found, were really easy to hack, and there were quite a few docs ++ around on the web about hacking restricted shells with a menu interface. ++ For my definitions, a restricted shell must not only prevent the user to ++ escape her jail, but also not to access any files outside the jail. ++ The system administrator must have total control over the restricted shell. ++ These are the major features incorporated and realized by ibsh. ++ ++ ++Features ++ ++ Please read the changelog. ++ ++ ++Installation ++ ++ Read the INSTALL file. ++ ++ ++Contact ++ See Authors file. ++ ++ ++Attila Nagyidai ++2005.05.23. +diff --git a/base/cgcs-users/cgcs-users-1.0/Release b/base/cgcs-users/cgcs-users-1.0/Release +new file mode 100644 +index 0000000..e6cb9f3 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/Release +@@ -0,0 +1,17 @@ ++This release introduces minor bugfixes, and important new and renewed features. ++Erasing evil files in the home directory of the user is incorporated again, with ++many improvements. First of all: no file will be erased! Only the access to them ++will be blocked. The extension policy has changed, now ibsh blocks those extensions, ++that are NOT listed. This goes in sync with the usual method of operation of ibsh. ++The execute permission of files in the user space, will be removed. ++New customizing features were added: each user now can have her own commands and ++extensions file, created and maintained by the system administrator. Some users ++(employees) may require access to special programs. User configuration files allow ++this access only those, who need it, not for everybody. ++Ibsh now scans not only the extensions of files, but the content too! Whatever the permission ++for a certain file exists, if that contains source code, or is a linux binary, access ++will be blocked. ++The absolute path for the users is now limited to 255 characters. Longer, already ++existing filenames will be renamed. ++ ++06/04/2005 +diff --git a/base/cgcs-users/cgcs-users-1.0/TODO b/base/cgcs-users/cgcs-users-1.0/TODO +new file mode 100644 +index 0000000..9a8de60 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/TODO +@@ -0,0 +1,10 @@ ++TODO ++ ++ - tab completion. ++ - shell variables. ++ - some changes to the prompt, maybe variable prompt. ++ - history ++ - to be able to use corporate, or other large/complicated programs in a safe ++ working environment, yet be able to share files/work with others. ++ ++2005.05.23. +diff --git a/base/cgcs-users/cgcs-users-1.0/VERSION b/base/cgcs-users/cgcs-users-1.0/VERSION +new file mode 100644 +index 0000000..aaf9552 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/VERSION +@@ -0,0 +1 @@ ++IBSH v0.3e +diff --git a/base/cgcs-users/cgcs-users-1.0/antixploit.c b/base/cgcs-users/cgcs-users-1.0/antixploit.c +new file mode 100644 +index 0000000..79ac9e4 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/antixploit.c +@@ -0,0 +1,131 @@ ++/* ++ Created: 03.19.05 11:34:57 by Attila Nagyidai ++ ++ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ Co-Author: Witzy ++ Email: stazzz@altern.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++/* Header files */ ++#include "ibsh.h" ++ ++ ++void lshift( char *line ) ++{ ++ int i = 0; ++ ++ for (i=0; i (255 - 80 - 1) ) { ++ linesize = 255 - strlen(abspath) - 1; /* thats for the / */ ++ } ++ ++ while ( ((c = getchar()) != 10) && ( i < linesize ) ) { ++ //printf("%d", c); ++ if (c > 127) { ++ c = 0; ++ //ungetc(c, stdin); ++ //fflush(stdin); ++ break; ++ } ++ if ( c < 0 ) { ++ ungetc(c, stdin); ++ openlog("ibsh", LOG_PID, LOG_AUTH); ++ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); ++ closelog(); ++ exit(0); ++ } ++ chars[i] = c; ++ /* the user is not allowed to pass long lines of trash to ibsh */ ++ i++; ++ } ++ chars[i] = '\0'; ++ strncpy(vptr,chars,STRING_SIZE-1); ++ vptr[STRING_SIZE-1] = '\0'; ++} ++ ++ ++/* Checks, if the user command, is blacklisted, a hack attempt, */ ++/* or it is a real and allowed command. */ ++/* Technical Description: */ ++/* Variables: pointer for the strtok, temporary strings, counters, */ ++/* and an integer to check, how deep is the user in the jail. That is */ ++/* the level of subdirectories below jail root. It is set to -1, because */ ++/* there is always a / in the jailpath. So only subdir /'s are counted. */ ++/* Check if the command contains special characters, if yes, quit. */ ++/* If the user is in jailroot, a ../ is not appropriate! */ ++/* Count the slashes in the jailpath, so if the user uses way too many */ ++/* ../ 's, then we will know. Split the command to particles by the spaces. */ ++/* Count the dirups (../); if a token starts with a /, paste the homedir path */ ++/* right in front of it. Thats your root booby, not / !!!! */ ++/* Finally check the command against the COMMANDS_LIST. */ ++int CommandOK( const char *thecommand, const char *rootdir, ++const char *jailpath, char *newcommand ) ++{ ++ char *tok; ++ char temp1[STRING_SIZE], *temp2; ++ int i = 0, j = 0; ++ int subdirlevel = -1; /* jailpath always starts with a / */ ++ int dirupfound = 0; ++ int listed = 0; ++ ++ /* First, get the fancy stuff: */ ++ /* ../ out of the jailroot, too many ../ out of some */ ++ /* subdirectory in the jail, multiple commands, pipes. */ ++ bzero(newcommand,STRING_SIZE); ++ ++ if ( (strstr(thecommand, ";")) != NULL ) { ++ return 0; ++ } ++ if ( (strstr(thecommand, "|")) != NULL ) { ++ return 0; ++ } ++ if ( (strstr(thecommand, "&")) != NULL ) { ++ return 0; ++ } ++ if ( (strstr(thecommand, "&&")) != NULL ) { ++ return 0; ++ } ++ if ( (strstr(thecommand, "||")) != NULL ) { ++ return 0; ++ } ++ /* The user is in the jailroot. */ ++ if ( (strcmp(jailpath, "/")) == 0 ) { ++ /* Does the user wish to get out ? */ ++ if ( (strstr(thecommand, "..")) != NULL ) { ++ return 0; ++ } ++ } ++ /* The user is deeper, than the jailroot, and */ ++ /* this is a problem. How deep is he, how many */ ++ /* ../ do we allow ?? */ ++ else { ++ for (i = 0; i < strlen(jailpath); i++) { ++ if ( jailpath[i] == '/' ) { ++ subdirlevel++; ++ } ++ } ++ } ++ ++ /* Split the command */ ++ for (tok = strtok((void *) thecommand, " "); tok; tok = strtok(0, " ")) { ++ /* Separate parts of the command with a space */ ++ if ( (strlen(newcommand)) > 0 ) { ++ strncat(newcommand," ", STRING_SIZE-strlen(newcommand)-1); ++ } ++ ++ /* He wants to get to the real root, does he ? */ ++ /* In that case, add the jailroot to the left. */ ++ if ( tok[0] == '/' ) { ++ strncat(newcommand,rootdir,STRING_SIZE-strlen(newcommand)-1); ++ } ++ ++ /* how many ../ are here */ ++ /* if too many, that is more, then how deep */ ++ /* the user in the subdirs inside the jail is, */ ++ /* cancel the execution of the command. */ ++ if ( (strstr(tok, "../")) != NULL ) { ++ strncpy(temp1,tok,sizeof(temp1)-1); ++ temp1[sizeof(temp1)-1] = '\0'; ++ ++ while (1) { ++ temp2 = strstr(temp1, "../"); ++ if ( temp2 == NULL ) { ++ break; ++ } ++ LTrim3(temp2, temp1); ++ dirupfound++; ++ } ++ if ( dirupfound > subdirlevel ) { ++ return 0; ++ } ++ /* replace dirups with real path */ ++ for (i = 0; i < dirupfound; i++) { ++ PathMinusOne(jailpath, tok, subdirlevel,sizeof(tok)); ++ } ++ } ++ /* if command is not listed, return 0 */ ++ i = 0; ++ while ( ((strlen(commands[i])) > 0) && ( j == 0 ) ) { ++ if ( (strcmp(tok, commands[i])) == 0 ) { ++ listed = 1; ++ break; ++ } ++ i++; ++ } ++ j++; ++ strncat(newcommand,tok,STRING_SIZE-strlen(newcommand)-1); ++ ++} ++#ifdef DEBUG ++ printf("old: %s; new: %s; ok: %d\n", thecommand, newcommand, listed); ++#endif ++ return listed; ++} ++ ++ +diff --git a/base/cgcs-users/cgcs-users-1.0/config.c b/base/cgcs-users/cgcs-users-1.0/config.c +new file mode 100644 +index 0000000..8e2af23 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/config.c +@@ -0,0 +1,179 @@ ++/* ++ Created: 03.19.05 11:34:57 by Attila Nagyidai ++ ++ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved. ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ Co-Author: Witzy ++ Email: stazzz@altern.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++/* Header files */ ++#include "ibsh.h" ++ ++extern Strng commands[MAX_ITEMS]; ++extern Strng extensions[MAX_ITEMS]; ++ ++/* Shy's improved version of the original (and not well working) loadconfig. */ ++/* Reads both config files, and parses the contents into arrays. */ ++/* This one effectively dismisses every comment from the files. */ ++/* Technical Description: */ ++/* Variables: file pointer, counters, temporary string arrays. */ ++/* The method is the same for both files. First open the file, catch */ ++/* any errors. Read file 'til eof. Not read comments (starting with '#'), */ ++/* remove trailing newline character. Copy the finished item to the */ ++/* pass-by-address arguments. */ ++int LoadConfig( void ) ++{ ++ FILE *fp; ++ int i = 0; ++ char *file_user; ++ ++ Strng tmp[MAX_ITEMS]; ++ Strng tmp2[MAX_ITEMS]; ++ ++ /* COMMAND CONFIG !!!! */ ++ file_user = (char *)malloc(strlen(loggedin.uname) + strlen(COMMANDS_DIR) + strlen(".cmds") + 2); ++ ++ if(loggedin.uname != NULL) ++ sprintf(file_user, "%s/%s.cmds", COMMANDS_DIR, loggedin.uname); ++ else{ ++ free(file_user); ++ return -1; ++ } ++ ++ /* Open global config,if not present go out !!! */ ++ if((fp = fopen(COMMANDS_FILE,"r")) == NULL) { ++ OPENLOG; ++ syslog(LOG_ERR, "ibsh panic! Global commands file %s can not be read.", COMMANDS_FILE); ++ CLOSELOG; ++ exit(0); ++ } ++ ++ while (!feof(fp) && (id_name); ++#endif ++ if ( (lstat(list->d_name, &attr)) < 0 ) ++ continue; ++ ++ // rename long path names ++#ifdef DEBUG ++ printf("length: %d;\n", (strlen(basedir) + strlen(list->d_name) + 2) ); ++#endif ++ if ( (strlen(basedir) + strlen(list->d_name) + 2) > 255 ) { ++ snprintf(tmp, 255 - strlen(basedir) - 2, "%s", list->d_name); ++ rename(list->d_name, tmp); ++#ifdef DEBUG ++ printf("%s renamed to %s !\n", list->d_name, tmp); ++#endif ++ if ( (antixploit(basedir, tmp)) == 1 ) { ++ removeAllRights(list->d_name, &attr); ++ } ++ if (isExecutable(&attr)) { ++ makeUnexecutable(tmp, &attr); ++ } ++ continue; ++ } ++ ++ if ( S_ISDIR(attr.st_mode) ) { /* in the case of a directory */ ++ if ( ((strcmp(list->d_name, ".")) != 0) && ((strcmp(list->d_name, "..")) != 0) ) { ++#ifdef DEBUG ++ printf("recursive call for %s\n", list->d_name); ++#endif ++ DelBadFiles(list->d_name); /* recursively look for bad files in this directory */ ++ chdir (".."); ++ } ++ } else if ( S_ISLNK(attr.st_mode) ) { /* in the case of a symlink */ ++ if ( symlinkGoesOuttaJail(list->d_name) ) { ++#ifdef DEBUG ++ printf("symlinkoutofjail: %s\n", list->d_name); ++#endif ++ if (unlink(list->d_name) == 0) { ++ bzero (tmp, sizeof(tmp)); ++ snprintf (tmp, sizeof(tmp)-1, "Illegal symbolic link %s was erased. Contact the sysadmin for policy.\n", list->d_name); ++ logPrintBadfile (tmp); ++ } ++ } ++ } else if (hasSomeRwxRights(&attr)) { /* other cases (in particular a file), only if there are some rights on it */ ++#ifdef DEBUG ++ printf("%s has some rights\n", list->d_name); ++#endif ++ /* check the runnability of the file */ ++ if (isExecutable(&attr)) { ++#ifdef DEBUG ++ printf("%s executable\n", list->d_name); ++#endif ++ if (makeUnexecutable(list->d_name, &attr) == 0) { ++ bzero (tmp, sizeof(tmp)); ++ snprintf (tmp, sizeof(tmp)-1, "Executable file %s is not anymore. Contact the sysadmin for policy.\n", list->d_name); ++ logPrintBadfile (tmp); ++ } ++ } ++ ++ if ( (antixploit(basedir, list->d_name)) == 1 ) { ++ if (removeAllRights(list->d_name, &attr) == 0) { ++ bzero (tmp, sizeof(tmp)); ++ snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name); ++ logPrintBadfile (tmp); ++ continue; ++ } ++ } ++ ++ /* check if the file has a permitted extension */ ++ for (i = 0, allowed = 0; (strlen(extensions[i])) > 0 && !allowed; i++) { ++ if ( (strstr(list->d_name, extensions[i])) != NULL ) { ++#ifdef DEBUG ++ printf("filename: %s; extension: %s\n", list->d_name, extensions[i]); ++#endif ++ allowed = 1; ++ } ++ } /* for */ ++ if (!allowed) { /* if the file hasn't an allowed extension */ ++#ifdef DEBUG ++ printf("not allowed extension for %s\n", list->d_name); ++#endif ++ if (removeAllRights(list->d_name, &attr) == 0) { ++ bzero (tmp, sizeof(tmp)); ++ snprintf (tmp, sizeof(tmp)-1, "Illegal file %s got its rights dropped. Contact the sysadmin for policy.\n", list->d_name); ++ logPrintBadfile (tmp); ++ } ++ } ++ } /* else */ ++ ++ } /* while */ ++ ++ closedir( dp ); ++} ++ ++/* takes a symlink location, resolves it and returns : ++ 1 if the symlink points out of the jail ++ 0 else, meaning the symlink is ok ++*/ ++int symlinkGoesOuttaJail (const char * sl) ++{ ++ char fPnted[PATH_MAX]; ++ char rslvdPath[PATH_MAX]; /* size of PATH_MAX because of realpath() behavior */ ++ int i; ++ ++ i = readlink (sl, fPnted, PATH_MAX); ++ if ( i > 0 && i < PATH_MAX ) { ++ fPnted[i] = '\0'; ++ if (realpath (fPnted, rslvdPath) == rslvdPath) { ++ if ( strncmp (loggedin.udir, rslvdPath, strlen(loggedin.udir)) == 0 ) ++ return 0; ++ else ++ return 1; ++ } ++ } ++ return 1; /* if this line is reached, there was a problem with the processing of the symlink, ++ e.g. the path is too long, so we should consider that the symlink is bad, ++ and may be deleted by the calling function */ ++} ++ ++/* takes a stat structure, and returns ++ 1 if at least one of the user/group/other execution bits or suid/guid are set ++ 0 if no such bit is set at all ++ */ ++int isExecutable (struct stat * s) ++{ ++ if ( ((s->st_mode & S_IXUSR) == S_IXUSR) ++ | ((s->st_mode & S_IXGRP) == S_IXGRP) ++ | ((s->st_mode & S_IXOTH) == S_IXOTH) ++ | ((s->st_mode & S_ISUID) == S_ISUID) ++ | ((s->st_mode & S_ISGID) == S_ISGID) ) ++ return 1; ++ return 0; ++} ++ ++int hasSomeRwxRights (struct stat * s) ++{ ++ if ( ((s->st_mode & S_IRWXU) != 0) ++ | ((s->st_mode & S_IRWXG) != 0) ++ | ((s->st_mode & S_IRWXO) != 0) ) ++ return 1; ++ return 0; ++} ++ ++int makeUnexecutable (const char * filename, struct stat * s) ++{ ++ return chmod (filename, ++ s->st_mode & ~(S_IXUSR | S_IXGRP | S_IXOTH | S_ISUID | S_ISGID) ); ++} ++ ++int removeAllRights (const char * filename, struct stat * s) ++{ ++ return chmod (filename, ++ s->st_mode & ~(S_IRWXU | S_IRWXG | S_IRWXO | S_ISUID | S_ISGID) ); ++} ++ ++void logPrintBadfile (const char * msg) ++{ ++ OPENLOG; ++ syslog(LOG_WARNING, "%s", msg); ++ CLOSELOG; ++ // printf ("ibsh: %s\n", msg); ++} +diff --git a/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns +new file mode 100644 +index 0000000..d0963cd +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/example.allowall.xtns +@@ -0,0 +1,28 @@ ++# Add any extension the user may use. ++q ++w ++e ++r ++t ++y ++u ++i ++o ++p ++a ++s ++d ++f ++g ++h ++j ++k ++l ++z ++x ++c ++v ++b ++n ++m ++ +diff --git a/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns +new file mode 100644 +index 0000000..9dead3a +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/example.denyall.xtns +@@ -0,0 +1,2 @@ ++# Add any extension the user may use. ++ +diff --git a/base/cgcs-users/cgcs-users-1.0/execute.c b/base/cgcs-users/cgcs-users-1.0/execute.c +new file mode 100644 +index 0000000..2d80366 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/execute.c +@@ -0,0 +1,159 @@ ++/* ++ Created: 03.19.05 11:34:57 by Attila Nagyidai ++ ++ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ Co-Author: Witzy ++ Email: stazzz@altern.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++/* Header files */ ++#include "ibsh.h" ++ ++/* Counts the spaces in the command */ ++int nbspace(const char *command) ++{ ++int i=0; ++int nbspace=0; ++ ++while(command[i] != '\0'){ ++ if(command[i] == ' ') ++ nbspace++; ++ i++; ++} ++ ++return nbspace; ++} ++ ++/* Shy's improved and secured version of hhsystem, originally taken from */ ++/* the book: Linux Unix Systemprogramming by Helmut Herold. */ ++int hhsystem(const char *user_command) /*--- Version ohne Signalbehandlung ---*/ ++{ ++ pid_t pid; ++ int status; ++ int i=0; ++ int find = 0; ++ ++ char *field; ++ ++ char path[STRING_SIZE]; ++ ++ char *current_path; ++ char *fieldspath; ++ char *params[nbspace(user_command) + 1]; ++ ++ DIR *currentdir; ++ struct dirent *pdirent; ++ ++ if (user_command == NULL) ++ return(1); /* In Unix ist immer Kommandoprozessor vorhanden */ ++ ++ if ( (pid=fork()) < 0) ++ status = -1; ++ ++ else if (pid == 0) { ++ /* Split the command */ ++ field = strtok((char *)user_command," "); ++ while(field != NULL){ ++#ifdef DEBUG ++ printf("CHAMPS %s\n",field); ++#endif ++ params[i] = malloc(strlen(field) + 1); ++ bzero(params[i],strlen(field)+1); ++ strncpy(params[i],field,strlen(field)); ++ i++; ++ field = strtok(NULL," "); ++ ++ } ++ /* Put NULL at the end for execve */ ++ params[i] = NULL; ++ ++ /* Get PATH */ ++ current_path = getenv("PATH"); ++ ++#ifdef DEBUG ++ printf("PATH %s %s\n",current_path,loggedin.udir); ++#endif ++ ++ /* Parse the PATH if the command is in the home dir it's skip !! */ ++ fieldspath = strtok((char *)current_path,":"); ++ while((fieldspath != NULL) && find != 1){ ++#ifdef DEBUG ++ printf("FIELD PATH %s\n",fieldspath); ++#endif ++ if(!strstr(fieldspath,loggedin.udir)){ ++ if((currentdir = opendir(fieldspath)) != NULL){ ++ ++ while(((pdirent = readdir(currentdir)) != NULL) && find != 1){ ++ if(!strncmp(pdirent->d_name,params[0],sizeof(params[0]))){ ++#ifdef DEBUG ++ printf("TROUVE %s!!!!\n",pdirent->d_name); ++#endif ++ find = 1; ++ ++ } ++ } ++ } ++ closedir(currentdir); ++ } ++ if(find == 0) ++ fieldspath = strtok(NULL,":"); ++ ++ } ++ ++ /* Contruct the real command with the good path */ ++ if(find == 1 && ((strlen(fieldspath)+strlen(params[0])+1) < sizeof(path))){ ++ bzero(path,sizeof(path)); ++ snprintf(path,sizeof(path)-1,"%s/%s",fieldspath,params[0]); ++ path[sizeof(path)-1] = '\0'; ++ ++#ifdef DEBUG ++ printf("PATH FINAL %s %d ok!\n",path,strlen(path)); ++ printf("PARAMS[0] %s\n",params[0]); ++ printf("PARAMS[1] %s\n",params[1]); ++#endif ++ execve(path,params,environ); ++ } ++ /* The command is in the home dir :( bad for you guys !! */ ++ else{ ++ status = -1; ++ } ++ _exit(127); ++ ++ } else ++ while (waitpid(pid, &status, 0) < 0) ++ if (errno != EINTR) { ++ status = -1; ++ break; ++ } ++ ++ return(status); ++} +diff --git a/base/cgcs-users/cgcs-users-1.0/globals.cmds b/base/cgcs-users/cgcs-users-1.0/globals.cmds +new file mode 100644 +index 0000000..8c9b7a4 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/globals.cmds +@@ -0,0 +1,8 @@ ++# Add any commands the user may execute. Even shell commands. ++# You have to allow logout and/or exit, so the user can logout! ++# cd and pwd should also be allowed. Note: other shell builtin ++# commands are not yet implemented! ++cd ++pwd ++logout ++exit +diff --git a/base/cgcs-users/cgcs-users-1.0/globals.xtns b/base/cgcs-users/cgcs-users-1.0/globals.xtns +new file mode 100644 +index 0000000..71f86f8 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/globals.xtns +@@ -0,0 +1,3 @@ ++# Add any extension the user may use. ++.doc ++.txt +diff --git a/base/cgcs-users/cgcs-users-1.0/ibsh.h b/base/cgcs-users/cgcs-users-1.0/ibsh.h +new file mode 100644 +index 0000000..9d9d692 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/ibsh.h +@@ -0,0 +1,126 @@ ++/* ++ Created: 03.19.05 11:15:21 by Attila Nagyidai ++ ++ $Id: C\040Header.h,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++#ifndef _IBSH_H ++#define _IBSH_H ++ ++/* Insert Code here */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define PAM_SIZE 8 ++#define LINE_SIZE 80 ++#define STRING_SIZE 255 ++#define BUFFER_SIZE 4096 ++#define PATH_MAX 4096 ++#define MAX_ITEMS 50 ++#define COMMANDS_DIR "/etc/ibsh/cmds" ++#define COMMANDS_FILE "/etc/ibsh/globals.cmds" ++#define EXTENSIONS_DIR "/etc/ibsh/xtns" ++#define EXTENSIONS_FILE "/etc/ibsh/globals.xtns" ++ ++/* Antixploit */ ++#define C_CODE "#include" ++#define SHELL_CODE "#!/" ++#define PYTHON_CODE "import" ++#define ADA_CODE "package body" ++#define EIFFEL_CODE "feature --" ++#define LISP_CODE "(defun" ++#define ELF_CODE "ELF" ++ ++/* Logging */ ++#define OPENLOG openlog("ibsh", LOG_PID, LOG_AUTH) ++#define CLOSELOG closelog() ++ ++/* Typedefs, structs, globals */ ++typedef struct theuser { ++ char uname[STRING_SIZE]; ++ uid_t uid; ++ char udir[STRING_SIZE]; ++ struct passwd *record; ++} theuser; ++ ++typedef char Strng[STRING_SIZE]; ++ ++theuser loggedin; /* user info */ ++ ++//static Strng commands[MAX_ITEMS]; /* permitted commands */ ++Strng commands[MAX_ITEMS]; ++Strng extensions[MAX_ITEMS]; ++/*static Strng extensions[MAX_ITEMS]; permitted extensions */ ++char real_path[STRING_SIZE]; /* absolute path */ ++char jail_path[STRING_SIZE]; /* path inside the jail */ ++char user_command[STRING_SIZE]; /* whatever the user types */ ++char filtered_command[STRING_SIZE]; /* this one will be executed */ ++int exitcode; ++extern char **environ; ++ ++ ++int CommandOK( const char *thecommand, const char *rootdir, ++const char *jailpath, char *newcommand ); ++void LTrim3( const char *base, char *result ); ++void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath ); ++int LoadConfig( void ); ++void myscanf( char *vptr, char *abspath ); ++int hhsystem(const char *kdozeile); ++void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath); ++void log_attempt( const char *username ); ++int nbspace(const char *command); ++void lshift( char *line ); ++int antixploit( const char *abspath, char *token ); ++void logPrintBadfile (const char * msg); ++int removeAllRights (const char * filename, struct stat * s); ++int makeUnexecutable (const char * filename, struct stat * s); ++int hasSomeRwxRights (struct stat * s); ++int isExecutable (struct stat * s); ++int symlinkGoesOuttaJail (const char * sl); ++void DelBadFiles (const char *basedir); ++ ++ ++#endif /* _IBSH_H */ +diff --git a/base/cgcs-users/cgcs-users-1.0/jail.c b/base/cgcs-users/cgcs-users-1.0/jail.c +new file mode 100644 +index 0000000..ab3300a +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/jail.c +@@ -0,0 +1,101 @@ ++/* ++ Created: 03.19.05 11:34:57 by Attila Nagyidai ++ ++ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ Co-Author: Witzy ++ Email: stazzz@altern.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++/* Header files */ ++#include "ibsh.h" ++ ++ ++ ++/* Remove the path of the Jail root dir from the displayed paths! */ ++/* Return the jail path from the absolute path. */ ++/* Copy characters from absolute path to jail path, starting, where the */ ++/* jail root ends. */ ++void GetPositionInJail( const char *abspath, const char *rootdir, char *relpath ) ++{ ++ int i = 0; ++ int j = 0; ++ ++ bzero(relpath, strlen(relpath)); ++ for (i = strlen(rootdir); i < strlen(abspath); i++) { ++ relpath[j] = abspath[i]; ++ j++; ++ } ++ relpath[j] = '\0'; ++} ++ ++/* Take 3 characters from left off a string. */ ++/* It practically removes one ../ . */ ++void LTrim3( const char *base, char *result ) ++{ ++ int i = 0; ++ int j = 0; ++ ++ bzero(result, strlen(result)); ++ for (i = 3; i < strlen(base); i++) { ++ result[j] = base[i]; ++ j++; ++ } ++ result[j] = '\0'; ++} ++ ++/* Remove one subdirectory from the path in the argument. */ ++/* In case the user uses ../ 's in his command. */ ++/* Technical Description: */ ++/* Variables: string pointer for the strtok function, and an */ ++/* integer to stop the removing. */ ++/* Disassemble the path by the slashes. And glue the required parts */ ++/* together. Number of required parts = number of all parts - 1 . */ ++void PathMinusOne( const char *basepath, char *evalpath, int slashcount,size_t nevalpath ) ++{ ++ char *tok; ++ int j = 1; ++ ++ bzero(evalpath, strlen(evalpath)); ++ if ( slashcount == 1 ) { ++ strncpy(evalpath,"/",nevalpath-1); ++ evalpath[nevalpath-1] = '\0'; ++ } ++ else { ++ for (tok = strtok((void *) basepath, "/"); tok; tok = strtok(0, "/")) { ++ if ( j < slashcount ) { ++ strncat(evalpath,tok,nevalpath-strlen(evalpath)-1); ++ strncat(evalpath,"/",nevalpath-strlen(evalpath)-1); ++ } ++ j++; ++ } ++ } ++} +diff --git a/base/cgcs-users/cgcs-users-1.0/main.c b/base/cgcs-users/cgcs-users-1.0/main.c +new file mode 100644 +index 0000000..1d92899 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/main.c +@@ -0,0 +1,239 @@ ++/* ++ Created: 03.19.05 11:34:57 by Attila Nagyidai ++ ++ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved. ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ Co-Author: Witzy ++ Email: stazzz@altern.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++/* Header files */ ++#include "ibsh.h" ++#include "stdlib.h" ++ ++/* Main: */ ++/* Handle arguments, read config files, start command processing. */ ++/* IBSH doesnt use any command line arguments, but my text editor */ ++/* uses this code in all new c files to create. And i didnt have the */ ++/* heart to remove it. ;p */ ++/* Technical Description: */ ++/* Get the passwd entry for the user. The uid is easily aquired, since */ ++/* it is the real user id. After that, grab the passwd file entry upon */ ++/* the id, and copy the information to the loggedin struct. */ ++/* Add some signal handlers too. */ ++/* The infinite loop: */ ++/* Get the current directory, the full path. Compute the jailpath from that, */ ++/* that is the directories below the users homedir, which is the jail root. */ ++/* The jail ceiling if you like. Print some prompt to the user with the jailpath, */ ++/* and read stdin for incoming commands. Filter out the bad commands, typos, the */ ++/* not allowed commands. It the command is ok, execute it. If it is a shell builtin, */ ++/* use our builtin code, otherwise use execve. After execve, check if the user didnt */ ++/* use the last command to create some illegal content. If yes, erase that. Give the */ ++/* notice only afterwards. */ ++ ++void ALRMhandler(int sig) { ++ OPENLOG; ++ syslog(LOG_INFO, "CLI timeout, user %s has logged out.", loggedin.uname); ++ CLOSELOG; ++ exit(0); ++} ++ ++int main(int argc, char **argv) ++{ ++ char temp[STRING_SIZE], *buf; ++ struct stat info; ++ uid_t ruid, euid; ++ gid_t rgid, egid; ++ unsigned int tout_cli = 0; ++ ++ const char* tout = getenv("TMOUT"); ++ if (tout) ++ tout_cli = atoi(tout); ++ else ++ //default to 5 mins ++ tout_cli = 300; ++ ++ /* setuid protection */ ++ ruid = getuid(); ++ euid = geteuid(); ++ rgid = getgid(); ++ egid = getegid(); ++ if ( (ruid!=euid) || (ruid==0) || (euid==0) || (rgid!=egid) || (rgid==0) || (egid==0) ) { ++ OPENLOG; ++ syslog(LOG_ERR, "setuid/setgid violation!"); ++ CLOSELOG; ++ printf("ibsh: setuid/setgid violation!! exiting...\n"); ++#ifdef DEBUG ++ printf("ruid: %d;euid: %d;rgid: %d;egid: %d\n", ruid,euid,rgid,egid); ++#endif ++ exit(0); ++ } ++ ++ /* To Do: The code of your application goes here */ ++ /* First part: */ ++ /* Get essential information about the user who got this shell: */ ++ /* first the username, then the user id. Upon this, retrieve the */ ++ /* user's record in the passwd file. */ ++ bzero(&loggedin, sizeof(loggedin)); ++ loggedin.uid = getuid(); ++ loggedin.record = getpwuid(loggedin.uid); ++ if ( loggedin.record == NULL ) { ++ loggedin.record = getpwnam(loggedin.uname); ++ if ( loggedin.record == NULL ) { ++ openlog(loggedin.uname, LOG_PID, LOG_AUTH); ++ syslog(LOG_ERR, "Can not obtain user information"); ++ closelog(); ++ exit(0); ++ } ++ } ++ strncpy(loggedin.uname, loggedin.record->pw_name, PAM_SIZE); ++ strncpy(loggedin.udir, loggedin.record->pw_dir, STRING_SIZE); ++ ++ /* Second part: */ ++ /* Handle some signal catching. Read the configuration files. */ ++ signal( SIGINT, SIG_IGN ); ++ signal( SIGQUIT, SIG_IGN ); ++ signal( SIGTERM, SIG_IGN ); ++ signal( SIGTSTP, SIG_IGN ); ++ signal( SIGALRM, ALRMhandler ); ++ LoadConfig(); ++ ++ /* Command mode */ ++ if(argc == 3) { ++ if ( argv[1][1] == 'c' ) { ++ if ( CommandOK(argv[2], loggedin.udir, "/", filtered_command) == 1) { ++ exitcode = hhsystem(filtered_command); ++ OPENLOG; ++ syslog(LOG_INFO, "command %s ordered, command %s has been executed.", ++ argv[2], filtered_command); ++ CLOSELOG; ++ exit(exitcode); ++ } ++ exit(0); ++ } ++ else { ++ exit(0); ++ } ++ } ++ ++ OPENLOG; ++ syslog(LOG_INFO, "user %s has logged in.", loggedin.uname); ++ CLOSELOG; ++ ++ ++ DelBadFiles(loggedin.udir); ++ chdir (loggedin.udir); ++ ++ ++ /* Third part: */ ++ /* Start reading and processing the user issued commands. */ ++ /* Split the command by the spaces, filter out anything, */ ++ /* that would allow the user to access files outside the */ ++ /* jail. Filter out multiples and pipes as well. No program */ ++ /* will be allowed to run, unless it is mentioned in the */ ++ /* config files. Files that are created with an extension */ ++ /* that is listed in the other config file, must be deleted! */ ++ alarm(tout_cli); ++ for ( ; ; ) { ++ /* Where is he ? */ ++ getcwd(real_path, STRING_SIZE); ++ GetPositionInJail(real_path, loggedin.udir, jail_path); ++ if ( (strlen(jail_path)) == 0 ) { ++ strncpy(jail_path, "/", 2); ++ } ++ /* We don't want the user to know where he actually is. */ ++ /* This is the prompt! */ ++ printf("[%s]%% ", loggedin.uname); ++ /* scanf("%s", user_command); */ ++ myscanf(user_command, real_path); ++ alarm(tout_cli); ++ /* Command interpretation and execution. */ ++ if ( (CommandOK(user_command, loggedin.udir, jail_path, filtered_command)) == 0 ) { ++ log_attempt(loggedin.uname); /* v0.2a */ ++ continue; ++ } ++ /* If the user issued command starts with a shell builtin. */ ++ bzero(temp, strlen(temp)); ++ if ( (buf = strstr(filtered_command, "cd")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ LTrim3(filtered_command, temp); ++ if ( (strcmp(temp, real_path)) != 0 ) { ++ if ( (strcmp(temp, "..")) == 0 ) { ++ PathMinusOne(jail_path, temp, 1,sizeof(temp)); ++ } ++ if ( (strcmp(temp, "/")) == 0 ) { ++ strncpy(temp, loggedin.udir, LINE_SIZE); ++ } ++ exitcode = chdir(temp); ++ if ( exitcode == -1 ) { ++ printf("ibsh: cd: %s: No such file or directory\n", temp); ++ } ++ } ++ continue; ++ } ++ } ++ else if ( (buf = strstr(filtered_command, "pwd")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ printf("%s\n", jail_path); ++ continue; ++ } ++ } ++ else if ( (buf = strstr(filtered_command, "logout")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ OPENLOG; ++ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); ++ CLOSELOG; ++ break; ++ } ++ } ++ else if ( (buf = strstr(filtered_command, "exit")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ OPENLOG; ++ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); ++ CLOSELOG; ++ break; ++ } ++ } ++ else { ++ exitcode = hhsystem(filtered_command); ++ if ( exitcode < 0 ) { ++ printf("%s\n", strerror(errno)); ++ } ++ } ++ getcwd(real_path, STRING_SIZE); ++ DelBadFiles(loggedin.udir); ++ chdir (real_path); ++ } ++ return 0; ++} ++ +diff --git a/base/cgcs-users/cgcs-users-1.0/misc.c b/base/cgcs-users/cgcs-users-1.0/misc.c +new file mode 100644 +index 0000000..d73ddb8 +--- /dev/null ++++ b/base/cgcs-users/cgcs-users-1.0/misc.c +@@ -0,0 +1,52 @@ ++/* ++ Created: 03.19.05 11:34:57 by Attila Nagyidai ++ ++ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ Co-Author: Witzy ++ Email: stazzz@altern.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++/* Header files */ ++#include "ibsh.h" ++ ++/* If the command is not ok, there is a possible hack attempt. */ ++/* Can also be a typo, but we're not taking any chances. v0.2a */ ++void log_attempt( const char *username ) ++{ ++ char logmsg[STRING_SIZE]; ++ ++ snprintf(logmsg, 50, "Possible hack attempt by %s.", username); ++ ++ OPENLOG; ++ syslog(LOG_WARNING, "%s", logmsg); ++ CLOSELOG; ++} +-- +2.17.1 + diff --git a/patches/stx-integ/0002-Add-DESTDIR-CFLAGS-and-LDFLAGS.patch b/patches/stx-integ/0002-Add-DESTDIR-CFLAGS-and-LDFLAGS.patch new file mode 100644 index 0000000..f381111 --- /dev/null +++ b/patches/stx-integ/0002-Add-DESTDIR-CFLAGS-and-LDFLAGS.patch @@ -0,0 +1,132 @@ +From edd5d4208db67d560afd3b5873b6ffc17fd5d79f Mon Sep 17 00:00:00 2001 +From: babak sarashki +Date: Tue, 2 Jul 2019 14:29:52 -0700 +Subject: [PATCH 2/2] Add DESTDIR, CFLAGS and LDFLAGS. + +--- + base/cgcs-users/cgcs-users-1.0/Makefile | 115 ++++++++++++------------ + 1 file changed, 59 insertions(+), 56 deletions(-) + +diff --git a/base/cgcs-users/cgcs-users-1.0/Makefile b/base/cgcs-users/cgcs-users-1.0/Makefile +index ed37d00..205f653 100644 +--- a/base/cgcs-users/cgcs-users-1.0/Makefile ++++ b/base/cgcs-users/cgcs-users-1.0/Makefile +@@ -1,56 +1,59 @@ +-# This is the makefile for ibsh 0.3e +-CC = gcc +-OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o +- +-ibsh: ${OBJECTS} ibsh.h +- ${CC} -o ibsh ${OBJECTS} +- +-main.o: main.c ibsh.h +- ${CC} -c main.c +- +-command.o: command.c ibsh.h +- ${CC} -c command.c +- +-jail.o: jail.c ibsh.h +- ${CC} -c jail.c +- +-execute.o: execute.c ibsh.h +- ${CC} -c execute.c +- +-config.o: config.c ibsh.h +- ${CC} -c config.c +- +-misc.o: misc.c ibsh.h +- ${CC} -c misc.c +- +-antixploit.o: antixploit.c ibsh.h +- ${CC} -c antixploit.c +- +-delbadfiles.o: delbadfiles.c ibsh.h +- ${CC} -c delbadfiles.c +- +-ibsh_install: +- cp ./ibsh /bin/ +- mkdir /etc/ibsh +- mkdir /etc/ibsh/cmds +- mkdir /etc/ibsh/xtns +- cp ./globals.cmds /etc/ibsh/ +- cp ./globals.xtns /etc/ibsh/ +- +-ibsh_uninstall: +- rm -rf /etc/ibsh/globals.cmds +- rm -rf /etc/ibsh/globals.xtns +- rm -rf /etc/ibsh/cmds/*.* +- rm -rf /etc/ibsh/xtns/*.* +- rmdir /etc/ibsh/cmds +- rmdir /etc/ibsh/xtns +- rmdir /etc/ibsh +- rm -rf /bin/ibsh +- +-clean: +- rm -rf ibsh +- rm -rf *.o +- +- +-# 13:49 2005.04.06. +- ++# This is the makefile for ibsh 0.3e ++CC = gcc ++OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o ++ ++ibsh: ${OBJECTS} ibsh.h ++ ${CC} ${CFLAGS} ${LDFLAGS} -o ibsh ${OBJECTS} ++ ++main.o: main.c ibsh.h ++ ${CC} ${CFLAGS} -c main.c ++ ++command.o: command.c ibsh.h ++ ${CC} ${CFLAGS} -c command.c ++ ++jail.o: jail.c ibsh.h ++ ${CC} ${CFLAGS} -c jail.c ++ ++execute.o: execute.c ibsh.h ++ ${CC} ${CFLAGS} -c execute.c ++ ++config.o: config.c ibsh.h ++ ${CC} ${CFLAGS} -c config.c ++ ++misc.o: misc.c ibsh.h ++ ${CC} ${CFLAGS} -c misc.c ++ ++antixploit.o: antixploit.c ibsh.h ++ ${CC} ${CFLAGS} -c antixploit.c ++ ++delbadfiles.o: delbadfiles.c ibsh.h ++ ${CC} -c delbadfiles.c ++ ++ibsh_install: ++ install -d 0755 ${DESTDIR}/bin ++ install -d 0755 ${DESTDIR}/etc/cmds ++ install -d 0755 ${DESTDIR}/etc/xtns ++ cp ./ibsh ${DESTDIR}/bin/ ++ mkdir ${DESTDIR}/etc/ibsh ++ mkdir ${DESTDIR}/etc/ibsh/cmds ++ mkdir ${DESTDIR}/etc/ibsh/xtns ++ cp ./globals.cmds ${DESTDIR}/etc/ibsh/ ++ cp ./globals.xtns ${DESTDIR}/etc/ibsh/ ++ ++ibsh_uninstall: ++ rm -rf ${DESTDIR}/etc/ibsh/globals.cmds ++ rm -rf ${DESTDIR}/etc/ibsh/globals.xtns ++ rm -rf ${DESTDIR}/etc/ibsh/cmds/*.* ++ rm -rf ${DESTDIR}/etc/ibsh/xtns/*.* ++ rmdir ${DESTDIR}/etc/ibsh/cmds ++ rmdir ${DESTDIR}/etc/ibsh/xtns ++ rmdir ${DESTDIR}/etc/ibsh ++ rm -rf ${DESTDIR}/bin/ibsh ++ ++clean: ++ rm -rf ibsh ++ rm -rf *.o ++ ++ ++# 13:49 2005.04.06. ++ +-- +2.17.1 + diff --git a/recipes-core/packagegroups/packagegroup-stx-fault.bb b/recipes-core/packagegroups/packagegroup-stx-fault.bb index b17fe46..1794a04 100644 --- a/recipes-core/packagegroups/packagegroup-stx-fault.bb +++ b/recipes-core/packagegroups/packagegroup-stx-fault.bb @@ -1,4 +1,4 @@ -SUMMARY = "StarlingX/cgsc-root/stx/stx-config" +SUMMARY = "StarlingX/cgsc-root/stx/stx-fault" PR = "r0" # diff --git a/recipes-core/packagegroups/packagegroup-stx-ha.bb b/recipes-core/packagegroups/packagegroup-stx-ha.bb new file mode 100644 index 0000000..70c0bbc --- /dev/null +++ b/recipes-core/packagegroups/packagegroup-stx-ha.bb @@ -0,0 +1,24 @@ +SUMMARY = "StarlingX/cgsc-root/stx/stx-ha" +PR = "r0" + +# +# packages which content depend on MACHINE_FEATURES need to be MACHINE_ARCH +# +PACKAGE_ARCH = "${MACHINE_ARCH}" + + +inherit packagegroup + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + packagegroup-stx-ha\ + " + +RDEPENDS_packagegroup-stx-ha = " \ + sm-api \ + sm \ + sm-client \ + sm-common \ + sm-db \ + sm-tools \ + " diff --git a/recipes-core/packagegroups/packagegroup-stx-integ-cff.bb b/recipes-core/packagegroups/packagegroup-stx-integ-cff.bb new file mode 100644 index 0000000..52750e2 --- /dev/null +++ b/recipes-core/packagegroups/packagegroup-stx-integ-cff.bb @@ -0,0 +1,30 @@ +SUMMARY = "StarlingX/cgsc-root/stx/stx-integ/config-files" +PR = "r0" + +# +# packages which content depend on MACHINE_FEATURES need to be MACHINE_ARCH +# +PACKAGE_ARCH = "${MACHINE_ARCH}" + + +inherit packagegroup + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + packagegroup-stx-integ-cff \ + " + +RDEPENDS_packagegroup-stx-integ-cff = " \ + audit-config \ + docker-config \ + io-scheduler \ + iptables-config \ + memcached-custom \ + ntp-config \ + pam-config \ + rsync-config \ + shadow-utils-config \ + sudo-config \ + syslog-ng-config \ + util-linux-config \ + " diff --git a/recipes-core/packagegroups/packagegroup-stx-metal.bb b/recipes-core/packagegroups/packagegroup-stx-metal.bb index c165096..1c08240 100644 --- a/recipes-core/packagegroups/packagegroup-stx-metal.bb +++ b/recipes-core/packagegroups/packagegroup-stx-metal.bb @@ -1,4 +1,4 @@ -SUMMARY = "StarlingX/cgsc-root/stx/stx-config" +SUMMARY = "StarlingX/cgsc-root/stx/stx-metal" PR = "r0" # diff --git a/recipes-core/packagegroups/packagegroup-stx-nfv.bb b/recipes-core/packagegroups/packagegroup-stx-nfv.bb new file mode 100644 index 0000000..07147a3 --- /dev/null +++ b/recipes-core/packagegroups/packagegroup-stx-nfv.bb @@ -0,0 +1,25 @@ +SUMMARY = "StarlingX/cgsc-root/stx/stx-nfv" +PR = "r0" + +# +# packages which content depend on MACHINE_FEATURES need to be MACHINE_ARCH +# +PACKAGE_ARCH = "${MACHINE_ARCH}" + + +inherit packagegroup + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + packagegroup-stx-nfv \ + " + +RDEPENDS_packagegroup-stx-nfv = " \ + nfv-common \ + nfv-plugins \ + nfv-tools \ + nfv-vim \ + nfv-client \ + mtce-guest \ + nova-api-proxy \ + " diff --git a/recipes-core/packagegroups/packagegroup-stx-update.bb b/recipes-core/packagegroups/packagegroup-stx-update.bb new file mode 100644 index 0000000..5eb338f --- /dev/null +++ b/recipes-core/packagegroups/packagegroup-stx-update.bb @@ -0,0 +1,23 @@ +SUMMARY = "StarlingX/cgsc-root/stx/stx-update" +PR = "r0" + +# +# packages which content depend on MACHINE_FEATURES need to be MACHINE_ARCH +# +PACKAGE_ARCH = "${MACHINE_ARCH}" + + +inherit packagegroup + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + packagegroup-stx-update \ + " + +RDEPENDS_packagegroup-stx-update = " \ + cgcs-patch \ + enable-dev-patch \ + patch-alarm \ + tsconfig \ + python-requests-toolbelt \ + " diff --git a/recipes-core/packagegroups/packagegroup-stx-upstream.bb b/recipes-core/packagegroups/packagegroup-stx-upstream.bb new file mode 100644 index 0000000..3596089 --- /dev/null +++ b/recipes-core/packagegroups/packagegroup-stx-upstream.bb @@ -0,0 +1,41 @@ +SUMMARY = "StarlingX/cgsc-root/stx/stx-upstream" +PR = "r0" + +# +# packages which content depend on MACHINE_FEATURES need to be MACHINE_ARCH +# +PACKAGE_ARCH = "${MACHINE_ARCH}" + + +inherit packagegroup + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + packagegroup-stx-upstream \ + " + +# TODO: +# See docs/progress.txt file +# Here we are replacing packages with those already present in +# yocto layers. Validate that the packages meet the requirements. + +# TODO: +# See docs/progress.txt file +# Port required/missing packages. + +RDEPENDS_packagegroup-stx-upstream = " \ + python-barbicanclient \ + python-cinderclient \ + python-glanceclient \ + python-heatclient \ + python-horizon \ + python-keystoneauth1 \ + python-keystoneclient \ + python-magnumclient \ + python-neutronclient \ + python-novaclient \ + python-openstackclient \ + python-openstacksdk \ + stx-ocf-scripts \ + rabbitmq-server-config \ + " diff --git a/recipes-core/stx-ansible-playbooks/stx-ansible-playbooks.bb b/recipes-core/stx-ansible-playbooks/stx-ansible-playbooks.bb new file mode 100644 index 0000000..99d7de9 --- /dev/null +++ b/recipes-core/stx-ansible-playbooks/stx-ansible-playbooks.bb @@ -0,0 +1,43 @@ +DESCRIPTION = "stx-ansible-playbooks" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "c7390f63001219b5eb41a6e36f4f4643d0fc0208" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/ansible-playbooks.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +DEPENDS = " \ + python \ + python-netaddr \ + python-ptyprocess \ + python-pexpect \ + python-ansible \ + " + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/playbookconfig/playbookconfig + oe_runmake -e \ + DESTDIR=${D}/${sysconfdir}/ + mv ${D}/${sysconfdir}/playbooks ${D}/${sysconfdir}/ansible + chmod 644 ${D}/${sysconfdir}/ansible/ansible.cfg + chmod 644 ${D}/${sysconfdir}/ansible/hosts +} + +#pkg_postinst_ontarget_${PN} () { } + +# FILES_${PN}_append += " " diff --git a/recipes-core/stx-ansible-playbooks/stx-ansible-playbooks.inc b/recipes-core/stx-ansible-playbooks/stx-ansible-playbooks.inc new file mode 100644 index 0000000..2e7c2d6 --- /dev/null +++ b/recipes-core/stx-ansible-playbooks/stx-ansible-playbooks.inc @@ -0,0 +1,2 @@ +#inherit externalsrc +#EXTERNALSRC_pn-${PN}="${EXTERNALREPO}/stx-metal" diff --git a/recipes-core/stx-integ-ceph/ceph-manager.bb b/recipes-core/stx-integ-ceph/ceph-manager.bb new file mode 100644 index 0000000..15ac309 --- /dev/null +++ b/recipes-core/stx-integ-ceph/ceph-manager.bb @@ -0,0 +1,60 @@ +DESCRIPTION = "ceph-manager" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-ineg-ceph.inc +inherit setuptools + + +DEPENDS = " \ + python \ + python-pbr-native \ + " +RDEPENDS_${PN}_append = " bash" + +do_configure () { + cd ${S}/ceph/ceph-manager/ceph-manager/ + distutils_do_configure +} + +do_compile() { + cd ${S}/ceph/ceph-manager/ceph-manager/ + distutils_do_compile +} + +do_install () { + cd ${S}/ceph/ceph-manager/ceph-manager/ + distutils_do_install + + cd ${S}/ceph/ceph-manager/ + + install -d -m 755 ${D}/${sysconfdir}/init.d + install -p -D -m 700 scripts/init.d/ceph-manager ${D}/${sysconfdir}/init.d/ceph-manager + + install -d -m 755 ${D}/${bindir} + install -p -D -m 700 scripts/bin/ceph-manager ${D}//${bindir}/ceph-manager + + install -d -m 755 ${D}${sysconfdir}/logrotate.d + install -p -D -m 644 files/ceph-manager.logrotate ${D}/${sysconfdir}/logrotate.d/ceph-manager.logrotate + + install -d -m 755 ${D}/${systemd_system_unitdir} + install -m 644 -p -D files/${PN}.service ${D}/${systemd_system_unitdir}/${PN}.service + +} + +# pkg_postinst_ontarget_${PN} () { } + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + " diff --git a/recipes-core/stx-integ-ceph/stx-ineg-ceph.inc b/recipes-core/stx-integ-ceph/stx-ineg-ceph.inc new file mode 100644 index 0000000..d501898 --- /dev/null +++ b/recipes-core/stx-integ-ceph/stx-ineg-ceph.inc @@ -0,0 +1,2 @@ +inherit externalsrc +EXTERNALSRC_pn-${PN}="${EXTERNALREPO}/stx-integ" diff --git a/recipes-core/stx-integ-config-files/audit-config.bb b/recipes-core/stx-integ-config-files/audit-config.bb new file mode 100644 index 0000000..0facba7 --- /dev/null +++ b/recipes-core/stx-integ-config-files/audit-config.bb @@ -0,0 +1,38 @@ +DESCRIPTION = "audit-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/audit-config + install -d -m 0755 ${D}/${datadir}/starlingx/ + install -p -m 0644 files/syslog.conf ${D}/${datadir}/starlingx/syslog.conf +} + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + ${datadir} \ + "\ + diff --git a/recipes-core/stx-integ-config-files/docker-config.bb b/recipes-core/stx-integ-config-files/docker-config.bb new file mode 100644 index 0000000..365e148 --- /dev/null +++ b/recipes-core/stx-integ-config-files/docker-config.bb @@ -0,0 +1,34 @@ +DESCRIPTION = "docker-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/docker-config/files + oe_runmake -e DATADIR=${D}/${datadir} \ + SYSCONFDIR=${D}/${sysconfdir} install +} + +#FILES_${PN}_append += " ${systemd_system_unitdir} " diff --git a/recipes-core/stx-integ-config-files/io-scheduler.bb b/recipes-core/stx-integ-config-files/io-scheduler.bb new file mode 100644 index 0000000..70ca463 --- /dev/null +++ b/recipes-core/stx-integ-config-files/io-scheduler.bb @@ -0,0 +1,34 @@ +DESCRIPTION = "io-scheduler" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + install -d -m 0755 ${D}/${sysconfdir}/udev/rules.d + install -m644 ${S}/config-files/io-scheduler/centos/files/60-io-scheduler.rules \ + ${D}/${sysconfdir}/udev/rules.d/60-io-scheduler.rules +} + +#FILES_${PN}_append += " ${systemd_system_unitdir} " diff --git a/recipes-core/stx-integ-config-files/iptables-config.bb b/recipes-core/stx-integ-config-files/iptables-config.bb new file mode 100644 index 0000000..6486ae3 --- /dev/null +++ b/recipes-core/stx-integ-config-files/iptables-config.bb @@ -0,0 +1,40 @@ +DESCRIPTION = "iptables-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/iptables-config + install -d -m0755 ${D}/${sysconfdir}/sysconfig + install -d -m0755 ${D}/${datadir}/starlingx + + install -m600 files/iptables.rules ${D}/${datadir}/starlingx/iptables.rules + install -m600 files/ip6tables.rules ${D}/${datadir}/starlingx/ip6tables.rules + + install -m600 files/iptables.rules ${D}/${sysconfdir}/sysconfig/iptables.rules + install -m600 files/ip6tables.rules ${D}/${sysconfdir}/sysconfig/ip6tables.rules +} + +FILES_${PN}_append += " ${datadir} " diff --git a/recipes-core/stx-integ-config-files/memcached-custom.bb b/recipes-core/stx-integ-config-files/memcached-custom.bb new file mode 100644 index 0000000..8d9879c --- /dev/null +++ b/recipes-core/stx-integ-config-files/memcached-custom.bb @@ -0,0 +1,35 @@ +DESCRIPTION = "memcached-custom" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/memcached-custom + install -d -m0755 ${D}/${systemd_system_unitdir} + + install -m644 files/memcached.service ${D}/${systemd_system_unitdir}/ +} + +FILES_${PN}_append += " ${systemd_system_unitdir} " diff --git a/recipes-core/stx-integ-config-files/ntp-config.bb b/recipes-core/stx-integ-config-files/ntp-config.bb new file mode 100644 index 0000000..674b6ed --- /dev/null +++ b/recipes-core/stx-integ-config-files/ntp-config.bb @@ -0,0 +1,40 @@ +DESCRIPTION = "ntp-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/ntp-config + install -d -m0755 ${D}/${datadir}/starlingx + install -d -m0755 ${D}/${sysconfdir}/sysconfig + + install -m644 files/ntp.conf ${D}/${datadir}/starlingx/ntp.config + install -m644 files/ntpd.sysconfig ${D}/${datadir}/starlingx/ntpd.sysconfig + + install -m644 files/ntp.conf ${D}/${sysconfdir}/ntp.config + install -m644 files/ntpd.sysconfig ${D}/${sysconfdir}/sysconfig/ntpd +} + +FILES_${PN}_append += " ${datadir} " diff --git a/recipes-core/stx-integ-config-files/pam-config.bb b/recipes-core/stx-integ-config-files/pam-config.bb new file mode 100644 index 0000000..ac44c7d --- /dev/null +++ b/recipes-core/stx-integ-config-files/pam-config.bb @@ -0,0 +1,42 @@ +DESCRIPTION = "pam-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/pam-config/ + install -d -m0755 ${D}/${datadir}/starlingx + install -d -m0755 ${D}/${sysconfdir}/pam.d + + install -m 644 files/common-account ${D}/${sysconfdir}/pam.d/common-account + install -m 644 files/common-auth ${D}/${sysconfdir}/pam.d/common-auth + install -m 644 files/common-password ${D}/${sysconfdir}/pam.d/common-password + install -m 644 files/common-session ${D}/${sysconfdir}/pam.d/common-session + install -m 644 files/common-session-noninteractive ${D}${sysconfdir}/pam.d/common-session-noninteractive + install -m 644 files/system-auth.pamd ${D}/${datadir}/starlingx/stx.system-auth + install -m 644 files/system-auth.pamd ${D}/${sysconfdir}/pam.d/system-auth +} + +FILES_${PN}_append += " ${datadir} " diff --git a/recipes-core/stx-integ-config-files/rsync-config.bb b/recipes-core/stx-integ-config-files/rsync-config.bb new file mode 100644 index 0000000..ddaa7fe --- /dev/null +++ b/recipes-core/stx-integ-config-files/rsync-config.bb @@ -0,0 +1,37 @@ +DESCRIPTION = "rsync-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/rsync-config/ + install -d -m0755 ${D}/${datadir}/starlingx + install -d -m0755 ${D}/${sysconfdir}/ + + install -m 644 files/rsyncd.conf ${D}/${datadir}/starlingx/stx.rsyncd.conf + install -m 644 files/rsyncd.conf ${D}/${sysconfdir}/rsyncd.conf +} + +FILES_${PN}_append += " ${datadir} " diff --git a/recipes-core/stx-integ-config-files/shadow-utils-config.bb b/recipes-core/stx-integ-config-files/shadow-utils-config.bb new file mode 100644 index 0000000..aed8f75 --- /dev/null +++ b/recipes-core/stx-integ-config-files/shadow-utils-config.bb @@ -0,0 +1,43 @@ +DESCRIPTION = "shadow-utils-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/shadow-utils-config + install -d -m0755 ${D}/${datadir}/starlingx + install -d -m0755 ${D}/${sysconfdir}/init.d + install -d -m0755 ${D}/${systemd_system_unitdir} + + install -m644 files/login.defs ${D}/${datadir}/starlingx/login.defs + + install -m644 files/clear_shadow_locks.service ${D}/${systemd_system_unitdir}/ + install -m644 files/login.defs ${D}/${sysconfdir}/login.defs +} + +FILES_${PN}_append += " \ + ${datadir} \ + ${systemd_system_unitdir} \ + " diff --git a/recipes-core/stx-integ-config-files/stx-integ-config-files.inc b/recipes-core/stx-integ-config-files/stx-integ-config-files.inc new file mode 100644 index 0000000..35e3e9a --- /dev/null +++ b/recipes-core/stx-integ-config-files/stx-integ-config-files.inc @@ -0,0 +1,2 @@ +inherit externalsrc +EXTERNALSRC_pn-${PN}="${EXTERNALREPO}/stx-integ/" diff --git a/recipes-core/stx-integ-config-files/sudo-config.bb b/recipes-core/stx-integ-config-files/sudo-config.bb new file mode 100644 index 0000000..0166462 --- /dev/null +++ b/recipes-core/stx-integ-config-files/sudo-config.bb @@ -0,0 +1,50 @@ +DESCRIPTION = "sudo-config" +# +#TODO: +# Set the following in shadow file and add the user +# %define SYSADMIN_P 4SuW8cnXFyxsk +# useradd -m -g sys_protected -G root \ +# -d /home/sysadmin -p %{SYSADMIN_P} \ +# -s /bin/sh sysadmin 2> /dev/null || : +# +# TODO: +# the RPM spec installs sysadmin.sudo +# Source does not include sysadmin.sudo +# Use wrs.sudo for now to get passed +# +++++++ Replace with the correct file. + + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/sudo-config + install -d -m755 ${D}/${sysconfdir}/sudoers.d + +# install -m644 files/sysadmin.sudo ${D}/${sysconfdir}/sudoers.d/ + install -m644 files/wrs.sudo ${D}/${sysconfdir}/sudoers.d/sysadmin +} + +# FILES_${PN}_append += " ${datadir} " diff --git a/recipes-core/stx-integ-config-files/syslog-ng-config.bb b/recipes-core/stx-integ-config-files/syslog-ng-config.bb new file mode 100644 index 0000000..33b49de --- /dev/null +++ b/recipes-core/stx-integ-config-files/syslog-ng-config.bb @@ -0,0 +1,52 @@ +DESCRIPTION = "syslog-ng-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + + cd ${S}/config-files/syslog-ng-config + install -d -m755 ${D}/${datadir}/starlingx + install -d -m755 ${D}/${sysconfdir}/sysconfig/syslog-ng + install -d -m755 ${D}/${sysconfdir}/logrotate.d + install -d -m755 ${D}/${systemd_system_unitdir} + install -d -m755 ${D}/${sbindir} + + install -D -m644 files/syslog-ng.conf ${D}/${datadir}/starlingx/syslog-ng.conf + install -D -m644 files/syslog-ng.logrotate ${D}/${datadir}/starlingx/syslog-ng.logrotate + install -D -m644 files/remotelogging.conf ${D}/${sysconfdir}/syslog-ng/remotelogging.conf + install -D -m700 files/fm_event_syslogger ${D}/${sbindir}/fm_event_syslogger + install -D -m644 files/syslog-ng.service ${D}/${datadir}/starlingx/syslog-ng.service + + install -D -m644 files/syslog-ng.conf ${D}/${sysconfdir}/syslog-ng/syslog-ng.conf + install -D -m644 files/syslog-ng.logrotate ${D}/${sysconfdir}/logrotate.d/syslog + install -D -m644 files/syslog-ng.service ${D}/${systemd_system_unitdir}/syslog-ng.service + +} + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + ${datadir} \ + " diff --git a/recipes-core/stx-integ-config-files/util-linux-config.bb b/recipes-core/stx-integ-config-files/util-linux-config.bb new file mode 100644 index 0000000..3858fbb --- /dev/null +++ b/recipes-core/stx-integ-config-files/util-linux-config.bb @@ -0,0 +1,40 @@ +DESCRIPTION = "util-linux-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ-config-files.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/config-files/util-linux-config + install -d -m0755 ${D}/${datadir}/starlingx + install -d -m0755 ${D}/${sysconfdir}/pam.d + + install -m644 files/stx.su ${D}/${datadir}/starlingx/stx.su + install -m644 files/stx.login ${D}/${datadir}/starlingx/stx.login + + install -m644 files/stx.su ${D}/${sysconfdir}/pam.d/su + install -m644 files/stx.login ${D}/${sysconfdir}/pam.d/login +} + +FILES_${PN}_append += " ${datadir} " diff --git a/recipes-core/stx-integ/cgcs-users.bb b/recipes-core/stx-integ/cgcs-users.bb new file mode 100644 index 0000000..f346966 --- /dev/null +++ b/recipes-core/stx-integ/cgcs-users.bb @@ -0,0 +1,34 @@ +DESCRIPTION = "cgcs-users" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + cd ${S}/base/cgcs-users/cgcs-users-1.0 + oe_runmake -e ibsh +} + +do_install () { + cd ${S}/base/cgcs-users/cgcs-users-1.0 + oe_runmake -e DESTDIR=${D} ibsh_install +} + +# FILES_${PN}_append += " "ibsh diff --git a/recipes-core/stx-integ/dhcp-config.bb b/recipes-core/stx-integ/dhcp-config.bb new file mode 100644 index 0000000..0b5892b --- /dev/null +++ b/recipes-core/stx-integ/dhcp-config.bb @@ -0,0 +1,35 @@ +DESCRIPTION = "dhcp-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/dhcp-config + install -d -m 0755 ${D}/${sysconfdir}/dhcp + install -p -m 0755 files/dhclient-enter-hooks ${D}/${sysconfdir}/dhcp + install -p -m 0755 files/dhclient.conf ${D}/${sysconfdir}/dhcp +} + +# FILES_${PN}_append += " " diff --git a/recipes-core/stx-integ/dnsmasq-config.bb b/recipes-core/stx-integ/dnsmasq-config.bb new file mode 100644 index 0000000..3596b94 --- /dev/null +++ b/recipes-core/stx-integ/dnsmasq-config.bb @@ -0,0 +1,34 @@ +DESCRIPTION = "dnsmasq-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/dnsmasq-config + install -d -m 0755 ${D}/${sysconfdir}/init.d + install -p -m 0755 files/init ${D}/${sysconfdir}/init.d/dnsmasq +} + +# FILES_${PN}_append += " " diff --git a/recipes-core/stx-integ/haproxy-config.bb b/recipes-core/stx-integ/haproxy-config.bb new file mode 100644 index 0000000..4e92bdc --- /dev/null +++ b/recipes-core/stx-integ/haproxy-config.bb @@ -0,0 +1,38 @@ +DESCRIPTION = "haproxy-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/haproxy-config + install -d -m 0755 ${D}/${systemd_system_unitdir} + install -d -m 0755 ${D}/${sysconfdir}/haproxy/errors + install -d -m 0755 ${D}/${sysconfdir}/init.d + install -p -m 0755 files/503.http ${D}/${sysconfdir}/haproxy/errors + install -p -m 0644 files/haproxy.service ${D}/${systemd_system_unitdir} + install -p -m 0755 files/haproxy.sh ${D}/${sysconfdir}/init.d +} + +FILES_${PN}_append += " ${systemd_system_unitdir} " diff --git a/recipes-core/stx-integ/initscripts-config.bb b/recipes-core/stx-integ/initscripts-config.bb new file mode 100644 index 0000000..1b07a2e --- /dev/null +++ b/recipes-core/stx-integ/initscripts-config.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "initscripts-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/initscripts-config + install -d -m 0755 ${D}/${datadir}/starlingx/ + install -d -m 0755 ${D}/${sysconfdir}/sysconfig + install -d -m 0755 ${D}/${sysconfdir}/init.d + install -d -m 0755 ${D}/${systemd_system_unitdir} + + install -p -m 0644 files/sysctl.conf ${D}/${datadir}/starlingx/stx.sysctl.conf + install -p -m 0644 files/sysconfig-network.conf ${D}/${sysconfdir}/sysconfig/network + install -p -m 0755 files/mountnfs.sh ${D}/${sysconfdir}/init.d/mountnfs + install -p -m 0644 files/mountnfs.service ${D}/${systemd_system_unitdir}/mountnfs.service +} + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + ${datadir} \ + "\ + diff --git a/recipes-core/stx-integ/lighttpd-config.bb b/recipes-core/stx-integ/lighttpd-config.bb new file mode 100644 index 0000000..d18a99e --- /dev/null +++ b/recipes-core/stx-integ/lighttpd-config.bb @@ -0,0 +1,50 @@ +DESCRIPTION = "lighttpd-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/lighttpd-config + install -d -m 1777 ${D}/www/tmp + install -d ${D}/${sysconfdir}/lighttpd/ssl + install -d ${D}/www/pages/dav + install -d ${D}/${datadir}/starlingx + + install -m640 files/lighttpd.conf ${D}/${datadir}/starlingx/lighttpd.conf + install -m755 files/lighttpd.init ${D}/${datadir}/starlingx/lighttpd.init + install -m644 files/lighttpd-inc.conf ${D}/${sysconfdir}/lighttpd/lighttpd-inc.conf + install -m644 files/index.html.lighttpd ${D}/www/pages/index.html + + install -d ${D}/${sysconfdir}/logrotate.d + install -m644 files/lighttpd.logrotate ${D}/${datadir}/starlingx/lighttpd.logrotate + +} + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + ${datadir} \ + www \ + " + diff --git a/recipes-core/stx-integ/net-snmp-config.bb b/recipes-core/stx-integ/net-snmp-config.bb new file mode 100644 index 0000000..82759c4 --- /dev/null +++ b/recipes-core/stx-integ/net-snmp-config.bb @@ -0,0 +1,46 @@ +DESCRIPTION = "net-snmp-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/net-snmp-config + install -d ${D}/${datadir}/starlingx + install -d ${D}/${datadir}/snmp + install -d ${D}/${sysconfdir}/rc.d/init.d + install -d ${D}/${systemd_system_unitdir} + + install -m640 files/stx.snmpd.conf ${D}/${datadir}/starlingx/stx.snmpd.conf + install -m755 files/stx.snmpd ${D}/${sysconfdir}/rc.d/init.d/snmpd + install -m640 files/stx.snmp.conf ${D}/${datadir}/snmp/snmp.conf + install -m644 files/snmpd.service ${D}/${systemd_system_unitdir}/snpd.service + +} + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + ${datadir} \ + " + diff --git a/recipes-core/stx-integ/openssh-config.bb b/recipes-core/stx-integ/openssh-config.bb new file mode 100644 index 0000000..9410933 --- /dev/null +++ b/recipes-core/stx-integ/openssh-config.bb @@ -0,0 +1,44 @@ +DESCRIPTION = "openssh-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/openssh-config + install -d ${D}/${datadir}/starlingx + install -d ${D}/${systemd_system_unitdir} + + install -m640 files/sshd.pam ${D}/${datadir}/starlingx/sshd.pam + install -m640 files/sshd_config ${D}/${datadir}/starlingx/sshd_config + install -m640 files/ssh_config ${D}/${datadir}/starlingx/ssh_config + install -m644 files/sshd.service ${D}/${systemd_system_unitdir}/sshd.service + +} + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + ${datadir} \ + " + diff --git a/recipes-core/stx-integ/setup-config.bb b/recipes-core/stx-integ/setup-config.bb new file mode 100644 index 0000000..a3f2c90 --- /dev/null +++ b/recipes-core/stx-integ/setup-config.bb @@ -0,0 +1,42 @@ +DESCRIPTION = "setup-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/setup-config + install -d ${D}/${datadir}/starlingx + install -d ${D}/${sysconfdir}/profile.d + + install -m640 files/motd ${D}/${datadir}/starlingx/stx.motd + install -m640 files/prompt.sh ${D}/${sysconfdir}/profile.d/prompt.sh + install -m640 files/custom.sh ${D}/${sysconfdir}/profile.d/custom.sh + +} + +FILES_${PN}_append += " \ + ${datadir} \ + " + diff --git a/recipes-core/stx-integ/stx-integ.inc b/recipes-core/stx-integ/stx-integ.inc new file mode 100644 index 0000000..d501898 --- /dev/null +++ b/recipes-core/stx-integ/stx-integ.inc @@ -0,0 +1,2 @@ +inherit externalsrc +EXTERNALSRC_pn-${PN}="${EXTERNALREPO}/stx-integ" diff --git a/recipes-core/stx-integ/systemd-config.bb b/recipes-core/stx-integ/systemd-config.bb new file mode 100644 index 0000000..89bf110 --- /dev/null +++ b/recipes-core/stx-integ/systemd-config.bb @@ -0,0 +1,42 @@ +DESCRIPTION = "systemd-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-integ.inc + +RDEPENDS_${PN} += " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/base/systemd-config + install -d ${D}/${datadir}/starlingx + + install -m644 files/60-persistent-storage.rules ${D}/${datadir}/starlingx/60-persistent-storage.rules + install -m644 files/journald.conf ${D}/${datadir}/starlingx/journald.conf + install -m644 files/systemd.conf.tmpfiles.d ${D}/${datadir}/starlingx/ + install -m644 files/tmp.conf.tmpfiles.d ${D}/${datadir}/starlingx/ + install -m644 files/tmp.mount ${D}/${datadir}/starlingx/ + +} + +FILES_${PN}_append += " \ + ${datadir} \ + " diff --git a/recipes-core/stx-nfv/mtce-guest.bb b/recipes-core/stx-nfv/mtce-guest.bb new file mode 100644 index 0000000..b9e1488 --- /dev/null +++ b/recipes-core/stx-nfv/mtce-guest.bb @@ -0,0 +1,57 @@ +DESCRIPTION = "mtce-guest" + +# TODO: +# Really need to fix the package;s Makefile + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-nfv.inc + +DEPENDS = " \ + mtce-common \ + mtce \ + json-c \ + " + +RDEPENDS_${PN}_append = " bash" + +do_configure () { + : +} + +do_compile() { + cd ${S}/mtce-guest/src/ + oe_runmake -e VER=1 VER_MJR=1 INCLUDES=" -I. " \ + CPPFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}" build +} + +do_install () { + + cd ${S}/mtce-guest/src/ + make install DESTDIR=${D} PREFIX=${D}/usr/ \ + SYSCONFDIR=${D}/${sysconfdir} \ + LOCALBINDIR=${D}/${bindir} \ + UNITDIR=${D}/${systemd_system_unitdir} +} + +pkg_postinst_ontarget_${PN} () { + /bin/systemctl enable guestServer.service +} + +FILES_${PN}_append = " \ + systemd_system_unitdir} \ + ${libdir} \ + ${baselib} \ + run \ +" diff --git a/recipes-core/stx-nfv/nfv-client.bb b/recipes-core/stx-nfv/nfv-client.bb new file mode 100644 index 0000000..d8087f2 --- /dev/null +++ b/recipes-core/stx-nfv/nfv-client.bb @@ -0,0 +1,45 @@ +DESCRIPTION = "nfv-client" + + + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "cdd6c334d9d1d6c0f4de344fff8ef2af28c76e56" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + + + +SRC_URI = "git://opendev.org/starlingx/nfv.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-nfv.inc +inherit setuptools + + +do_configure () { + cd ${S}/nfv/nfv-client + distutils_do_configure +} + +do_compile() { + cd ${S}/nfv/nfv-client + distutils_do_compile +} + +do_install () { + cd ${S}/nfv/nfv-client + distutils_do_install + + install -d -m 755 ${D}/${sysconfdir}/bash_completion.d + install -m 444 scripts/sw-manager.completion ${D}/${sysconfdir}/bash_completion.d/sw-manager + +} + +#pkg_postinst_ontarget_${PN} () { + +# FILES_${PN}_append += " ${systemd_unitdir}/* " diff --git a/recipes-core/stx-nfv/nfv-common.bb b/recipes-core/stx-nfv/nfv-common.bb new file mode 100644 index 0000000..33e8c63 --- /dev/null +++ b/recipes-core/stx-nfv/nfv-common.bb @@ -0,0 +1,42 @@ +DESCRIPTION = "nfv-common" + + + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "cdd6c334d9d1d6c0f4de344fff8ef2af28c76e56" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + + + +SRC_URI = "git://opendev.org/starlingx/nfv.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-nfv.inc +inherit setuptools + + +do_configure () { + cd ${S}/nfv/nfv-common + distutils_do_configure +} + +do_compile() { + cd ${S}/nfv/nfv-common + distutils_do_compile +} + +do_install () { + cd ${S}/nfv/nfv-common + distutils_do_install + +} + +#pkg_postinst_ontarget_${PN} () { + +# FILES_${PN}_append += " ${systemd_unitdir}/* " diff --git a/recipes-core/stx-nfv/nfv-plugins.bb b/recipes-core/stx-nfv/nfv-plugins.bb new file mode 100644 index 0000000..6ffb5ca --- /dev/null +++ b/recipes-core/stx-nfv/nfv-plugins.bb @@ -0,0 +1,63 @@ +DESCRIPTION = "nfv-plugins" + + + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "cdd6c334d9d1d6c0f4de344fff8ef2af28c76e56" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + + + +SRC_URI = "git://opendev.org/starlingx/nfv.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-nfv.inc +inherit setuptools + + +do_configure () { + cd ${S}/nfv/nfv-plugins + distutils_do_configure +} + +do_compile() { + cd ${S}/nfv/nfv-plugins + distutils_do_compile +} + +do_install () { + cd ${S}/nfv/nfv-plugins + distutils_do_install + + install -d -m 755 ${D}/${sysconfdir}/nfv/ + install -d -m 755 ${D}/${sysconfdir}/nfv/nfv_plugins/ + install -d -m 755 ${D}/${sysconfdir}/nfv/nfv_plugins/alarm_handlers/ + + install -p -D -m 600 nfv_plugins/alarm_handlers/config.ini \ + ${D}/${sysconfdir}/nfv/nfv_plugins/alarm_handlers/config.ini + + install -d -m 755 ${D}/${sysconfdir}/nfv/nfv_plugins/event_log_handlers/ + + install -p -D -m 600 nfv_plugins/event_log_handlers/config.ini \ + ${D}/${sysconfdir}/nfv/nfv_plugins/event_log_handlers/config.ini + \ + install -d -m 755 ${D}/${sysconfdir}/nfv/nfv_plugins/nfvi_plugins/ + + install -p -D -m 600 nfv_plugins/nfvi_plugins/config.ini \ + ${D}/${sysconfdir}/nfv/nfv_plugins/nfvi_plugins/config.ini + + install -d -m 755 ${D}/ + install -p -D -m 644 scripts/nfvi-plugins.logrotate \ + ${D}/${sysconfdir}/logrotate.d/nfvi-plugins.logrotate + +} + +#pkg_postinst_ontarget_${PN} () { + +# FILES_${PN}_append += " ${systemd_unitdir}/* " diff --git a/recipes-core/stx/stx-nfv.bb b/recipes-core/stx-nfv/nfv-tools.bb similarity index 50% rename from recipes-core/stx/stx-nfv.bb rename to recipes-core/stx-nfv/nfv-tools.bb index 527cf24..cf4bf04 100644 --- a/recipes-core/stx/stx-nfv.bb +++ b/recipes-core/stx-nfv/nfv-tools.bb @@ -1,4 +1,4 @@ -DESCRIPTION = "stx-nfv" +DESCRIPTION = "nfv-tools" @@ -17,12 +17,26 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRC_URI = "git://opendev.org/starlingx/nfv.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" -#AUTOTOOLS_SCRIPT_PATH = "" -#DEPENDS = "" -#inherit autotools -#inherit pkgconfig -#inherit python-dir -#EXTRA_OECONF = "" -#do_configure_append () { } -#do_install_append() { } -#pkg_postinst_ontarget_${PN} () { } +require stx-nfv.inc +inherit setuptools + + +do_configure () { + cd ${S}/nfv/nfv-tools + distutils_do_configure +} + +do_compile() { + cd ${S}/nfv/nfv-tools + distutils_do_compile +} + +do_install () { + cd ${S}/nfv/nfv-tools + distutils_do_install + +} + +#pkg_postinst_ontarget_${PN} () { + +# FILES_${PN}_append += " ${systemd_unitdir}/* " diff --git a/recipes-core/stx-nfv/nfv-vim.bb b/recipes-core/stx-nfv/nfv-vim.bb new file mode 100644 index 0000000..e94c40b --- /dev/null +++ b/recipes-core/stx-nfv/nfv-vim.bb @@ -0,0 +1,50 @@ +DESCRIPTION = "nfv-vim" + + + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "cdd6c334d9d1d6c0f4de344fff8ef2af28c76e56" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + + + +SRC_URI = "git://opendev.org/starlingx/nfv.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-nfv.inc +inherit setuptools + + +do_configure () { + cd ${S}/nfv/nfv-vim + distutils_do_configure +} + +do_compile() { + cd ${S}/nfv/nfv-vim + distutils_do_compile +} + +do_install () { + cd ${S}/nfv/nfv-vim + distutils_do_install + install -d -m 755 ${D}/usr/lib/ocf/resource.d/nfv + install -p -D -m 755 scripts/vim ${D}/usr/lib/ocf/resource.d/nfv/vim + install -p -D -m 755 scripts/vim-api ${D}/usr/lib/ocf/resource.d/nfv/vim-api + install -p -D -m 755 scripts/vim-webserver ${D}/usr/lib/ocf/resource.d/nfv/vim-webserver + install -d -m 755 ${D}/${sysconfdir}/nfv/ + install -d -m 755 ${D}/${sysconfdir}/nfv/vim/ + install -p -D -m 600 nfv_vim/config.ini ${D}/${sysconfdir}/nfv/vim/config.ini + install -p -D -m 600 nfv_vim/debug.ini ${D}/${sysconfdir}/nfv/vim/debug.ini + +} + +#pkg_postinst_ontarget_${PN} () { + +# FILES_${PN}_append += " ${systemd_unitdir}/* " diff --git a/recipes-core/stx-nfv/nova-api-proxy.bb b/recipes-core/stx-nfv/nova-api-proxy.bb new file mode 100644 index 0000000..61896c7 --- /dev/null +++ b/recipes-core/stx-nfv/nova-api-proxy.bb @@ -0,0 +1,52 @@ +DESCRIPTION = "nfv-api-proxy" + + + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "cdd6c334d9d1d6c0f4de344fff8ef2af28c76e56" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + + + +SRC_URI = "git://opendev.org/starlingx/nfv.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-nfv.inc +inherit setuptools + + +do_configure () { + cd ${S}/nova-api-proxy/nova-api-proxy + distutils_do_configure +} + +do_compile() { + cd ${S}/nova-api-proxy/nova-api-proxy + distutils_do_compile +} + +do_install () { + cd ${S}/nova-api-proxy/nova-api-proxy + distutils_do_install + + install -d -m 755 ${D}/${systemd_system_unitdir} + install -p -D -m 644 nova_api_proxy/scripts/api-proxy.service ${D}/${systemd_system_unitdir}/api-proxy.service + install -d -m 755 ${D}/${sysconfdir}/rc.d/init.d + install -p -D -m 755 nova_api_proxy/scripts/api-proxy ${D}/${sysconfdir}/rc.d/init.d/api-proxy + + install -d -m 755 ${D}/${sysconfdir}/proxy + install -p -D -m 700 nova_api_proxy/nova-api-proxy.conf ${D}${sysconfdir}/proxy/nova-api-proxy.conf + install -p -D -m 700 nova_api_proxy/api-proxy-paste.ini ${D}${sysconfdir}/proxy/api-proxy-paste.ini + + +} + +#pkg_postinst_ontarget_${PN} () { } + +FILES_${PN}_append += " ${systemd_system_unitdir}/* " diff --git a/recipes-core/stx-nfv/stx-nfv.inc b/recipes-core/stx-nfv/stx-nfv.inc new file mode 100644 index 0000000..73bf1f1 --- /dev/null +++ b/recipes-core/stx-nfv/stx-nfv.inc @@ -0,0 +1,6 @@ +inherit externalsrc +EXTERNALSRC_pn-${PN}="${EXTERNALREPO}/stx-nfv" + +DEPENDS += " \ + " +RDEPENDS_${PN}_append = " " diff --git a/recipes-core/stx-update/cgcs-patch.bb b/recipes-core/stx-update/cgcs-patch.bb new file mode 100644 index 0000000..1c7f4c7 --- /dev/null +++ b/recipes-core/stx-update/cgcs-patch.bb @@ -0,0 +1,96 @@ +DESCRIPTION = "cgcs-patch" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-update.inc +inherit setuptools + + +DEPENDS = " \ + python \ + python-pbr-native \ + " +RDEPENDS_${PN}_append = " bash" + +do_configure () { + cd ${S}/cgcs-patch/cgcs-patch + distutils_do_configure +} + +do_compile() { + cd ${S}/cgcs-patch/cgcs-patch + distutils_do_compile +} + +do_install () { + cd ${S}/cgcs-patch/cgcs-patch + distutils_do_install + + cd ${S}/cgcs-patch/bin + + install -m 755 -d ${D}/${sbindir} + install -m 755 -d ${D}/${sysconfdir}/bash_completion.d + install -m 755 -d ${D}/${sysconfdir}/goenabled.d + install -m 755 -d ${D}/${sysconfdir}/init.d + install -m 755 -d ${D}/${sysconfdir}/logrotate.d + install -m 755 -d ${D}/${sysconfdir}/patching + install -m 700 -d ${D}/${sysconfdir}/patching/patch-scripts + install -m 755 -d ${D}/${sysconfdir}/pmon.d + install -m 755 -d ${D}/${systemd_system_unitdir} + + install -m 500 sw-patch-agent ${D}/${sbindir}/sw-patch-agent + install -m 500 sw-patch-controller-daemon ${D}/${sbindir}/sw-patch-controller-daemon + install -m 555 sw-patch ${D}/${sbindir}/sw-patch + install -m 555 rpm-audit ${D}/${sbindir}/rpm-audit + + install -m 500 sw-patch-controller-daemon-init.sh ${D}/${sysconfdir}/init.d/sw-patch-controller-daemon + install -m 500 sw-patch-agent-init.sh ${D}/${sysconfdir}/init.d/sw-patch-agent + + install -m 600 patching.conf ${D}/${sysconfdir}/patching/patching.conf + + install -m 644 policy.json ${D}/${sysconfdir}/patching/policy.json + + install -m 444 pmon-sw-patch-controller-daemon.conf ${D}/${sysconfdir}/pmon.d/sw-patch-controller-daemon.conf + install -m 444 pmon-sw-patch-agent.conf ${D}/${sysconfdir}/pmon.d/sw-patch-agent.conf + install -m 444 *.service ${D}/${systemd_system_unitdir} + install -m 444 sw-patch.completion ${D}/${sysconfdir}/bash_completion.d/sw-patch + install -m 400 patch-functions ${D}/${sysconfdir}/patching/patch-functions + + install -D -m 444 patch-tmpdirs.conf ${D}/${sysconfdir}/tempfiles.d/patch-tmpdirs.conf + + install -m 500 run-patch-scripts ${D}/${sbindir}/run-patch-scripts + install -m 500 sw-patch-controller-daemon-restart ${D}/${sbindir}/sw-patch-controller-daemon-restart + install -m 500 sw-patch-agent-restart ${D}/${sbindir}/sw-patch-agent-restart + + + install -m 500 run-patch-scripts ${D}/${sbindir}/run-patch-scripts + install -m 500 sw-patch-controller-daemon-restart ${D}/${sbindir}/sw-patch-controller-daemon-restart + install -m 500 sw-patch-agent-restart ${D}/${sbindir}/sw-patch-agent-restart + install -m 500 sw-patch-init.sh ${D}/${sysconfdir}/init.d/sw-patch + install -m 500 sw-patch-controller-init.sh ${D}/${sysconfdir}/init.d/sw-patch-controller + install -m 555 patch_check_goenabled.sh ${D}/${sysconfdir}/goenabled.d/patch_check_goenabled.sh + install -m 444 patching.logrotate ${D}/${sysconfdir}/logrotate.d/patching + + install -m 500 upgrade-start-pkg-extract ${D}/${sbindir}/upgrade-start-pkg-extract + +} + +pkg_postinst_ontarget_${PN} () { + /usr/bin/systemctl enable sw-patch-controller.service + /usr/bin/systemctl enable sw-patch-controller-daemon.service +} + +FILES_${PN}_append += " \ + ${systemd_system_unitdir} \ + " diff --git a/recipes-core/stx-update/enable-dev-patch.bb b/recipes-core/stx-update/enable-dev-patch.bb new file mode 100644 index 0000000..7eb6791 --- /dev/null +++ b/recipes-core/stx-update/enable-dev-patch.bb @@ -0,0 +1,37 @@ +DESCRIPTION = "enable-dev-patch" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-update.inc +inherit setuptools + + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/enable-dev-patch/ + install -m 755 -d ${D}/${sysconfdir}/pki/wrs + install -m 444 enable-dev-patch/dev_certificate_enable.bin ${D}/${sysconfdir}/pki/wrs + +} + +# pkg_postinst_ontarget_${PN} () { } + +FILES_${PN}_append += " " diff --git a/recipes-core/stx-update/patch-alarm.bb b/recipes-core/stx-update/patch-alarm.bb new file mode 100644 index 0000000..8fb4cde --- /dev/null +++ b/recipes-core/stx-update/patch-alarm.bb @@ -0,0 +1,53 @@ +DESCRIPTION = "patch-alarm" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-update.inc +inherit setuptools + + +DEPENDS = " \ + python \ + python-pbr-native \ + " +RDEPENDS_${PN}_append = " bash" + +do_configure () { + cd ${S}/patch-alarm/patch-alarm + distutils_do_configure +} + +do_compile() { + cd ${S}/patch-alarm/patch-alarm + distutils_do_compile +} + +do_install () { + cd ${S}/patch-alarm/patch-alarm + distutils_do_install + + cd ${S}/patch-alarm/ + + install -m 755 -d ${D}/${bindir} + install -m 755 -d ${D}/${sysconfdir}/init.d + + install -m 700 scripts/bin/patch-alarm-manager ${D}/${bindir}/ + install -m 700 scripts/bin/patch-alarm-manager ${D}/${sysconfdir}/init.d/ + + +} + +#pkg_postinst_ontarget_${PN} () { } + +#FILES_${PN}_append += " " diff --git a/recipes-core/stx-update/stx-update.inc b/recipes-core/stx-update/stx-update.inc new file mode 100644 index 0000000..ef11e02 --- /dev/null +++ b/recipes-core/stx-update/stx-update.inc @@ -0,0 +1,2 @@ +inherit externalsrc +EXTERNALSRC_pn-${PN}="${EXTERNALREPO}/stx-update" diff --git a/recipes-core/stx-update/tsconfig.bb b/recipes-core/stx-update/tsconfig.bb new file mode 100644 index 0000000..063a46b --- /dev/null +++ b/recipes-core/stx-update/tsconfig.bb @@ -0,0 +1,48 @@ +DESCRIPTION = "tsconfig" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-update.inc +inherit setuptools + + +DEPENDS = " \ + python \ + python-pbr-native \ + " +RDEPENDS_${PN}_append = " bash" + +do_configure () { + cd ${S}/tsconfig/tsconfig + distutils_do_configure +} + +do_compile() { + cd ${S}/tsconfig/tsconfig + distutils_do_compile +} + +do_install () { + cd ${S}/tsconfig/tsconfig + distutils_do_install + + + install -m 755 -d ${D}/${bindir} + install -m 500 scripts/tsconfig ${D}/${bindir}/ + +} + +# pkg_postinst_ontarget_${PN} () { } + +# FILES_${PN}_append += " " diff --git a/recipes-core/stx-upstream/rabbitmq-server-config.bb b/recipes-core/stx-upstream/rabbitmq-server-config.bb new file mode 100644 index 0000000..7317fbc --- /dev/null +++ b/recipes-core/stx-upstream/rabbitmq-server-config.bb @@ -0,0 +1,49 @@ +DESCRIPTION = "rabbitmq-server-config" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-upstream.inc + + +RDEPENDS_${PN}_append = " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/openstack/rabbitmq-server-config/files + + install -d ${D}/${libdir}/ocf/resource.d/rabbitmq + install -d ${D}/${systemd_system_unitdir}/ + install -d ${D}/${datadir}/starlingx + + install -m 0755 rabbitmq-server.ocf ${D}/${libdir}/ocf/resource.d/rabbitmq/stx.rabbitmq-server + install -m 0644 rabbitmq-server.service.example ${D}${systemd_system_unitdir}/rabbitmq-server.service + install -m 0644 rabbitmq-server.logrotate ${D}${datadir}/starlingx/stx.rabbitmq-server.logrotate + + +} + +#pkg_postinst_ontarget_${PN} () { } + +FILES_${PN}_append += " \ + ${libdir} \ + ${systemd_system_unitdir} \ + ${datadir} \ + " diff --git a/recipes-core/stx-upstream/stx-ocf-scripts.bb b/recipes-core/stx-upstream/stx-ocf-scripts.bb new file mode 100644 index 0000000..294a2f5 --- /dev/null +++ b/recipes-core/stx-upstream/stx-ocf-scripts.bb @@ -0,0 +1,42 @@ +DESCRIPTION = "stx-ocf-scripts" + +STABLE = "starlingx/master" +PROTOCOL = "https" +BRANCH = "master" +SRCREV = "70609a3d55e5b7d2be82667fc35792505f9013c4" +S = "${WORKDIR}/git" +PV = "19.05" + +LICENSE = "Apache-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://opendev.org/starlingx/config.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" + +require stx-upstream.inc + + +RDEPENDS_${PN}_append = " bash" + +do_configure () { + : +} + +do_compile() { + : +} + +do_install () { + cd ${S}/openstack/stx-ocf-scripts/src/ + + install -d ${D}/${libdir}/ocf/resource.d/openstack + install -p -D -m 0755 ocf/* ${D}/${libdir}/ocf/resource.d/openstack/ + + +} + +#pkg_postinst_ontarget_${PN} () { } + +FILES_${PN}_append += " \ + ${libdir} \ + " diff --git a/recipes-core/stx-upstream/stx-upstream.inc b/recipes-core/stx-upstream/stx-upstream.inc new file mode 100644 index 0000000..08a3656 --- /dev/null +++ b/recipes-core/stx-upstream/stx-upstream.inc @@ -0,0 +1,2 @@ +inherit externalsrc +EXTERNALSRC_pn-${PN}="${EXTERNALREPO}/stx-upstream" diff --git a/recipes-core/stx/stx-ansible-playbooks.bb b/recipes-core/stx/stx-ansible-playbooks.bb deleted file mode 100644 index 993569d..0000000 --- a/recipes-core/stx/stx-ansible-playbooks.bb +++ /dev/null @@ -1,28 +0,0 @@ -DESCRIPTION = "stx-ansible-playbook" - - - -STABLE = "starlingx/master" -PROTOCOL = "https" -BRANCH = "master" -SRCREV = "7a9bc2f330c10c0dc66bbe6d079a9e8a530c85b3" -S = "${WORKDIR}/git" -PV = "19.05" - -LICENSE = "Apache-2.0" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - - - -SRC_URI = "git://opendev.org/starlingx/ansible-playbooks.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" - -#AUTOTOOLS_SCRIPT_PATH = "" -#DEPENDS = "" -#inherit autotools -#inherit pkgconfig -#inherit python-dir -#EXTRA_OECONF = "" -#do_configure_append () { } -#do_install_append() { } -#pkg_postinst_ontarget_${PN} () { } diff --git a/recipes-core/stx/stx-update.bb b/recipes-core/stx/stx-update.bb deleted file mode 100644 index a2a8b16..0000000 --- a/recipes-core/stx/stx-update.bb +++ /dev/null @@ -1,28 +0,0 @@ -DESCRIPTION = "stx-update" - - - -STABLE = "starlingx/master" -PROTOCOL = "https" -BRANCH = "master" -SRCREV = "b655dcc9c99a217cf641ed313a5b36a7b2308637" -S = "${WORKDIR}/git" -PV = "19.05" - -LICENSE = "Apache-2.0" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - - - -SRC_URI = "git://opendev.org/starlingx/update.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH}" - -#AUTOTOOLS_SCRIPT_PATH = "" -#DEPENDS = "" -#inherit autotools -#inherit pkgconfig -#inherit python-dir -#EXTRA_OECONF = "" -#do_configure_append () { } -#do_install_append() { } -#pkg_postinst_ontarget_${PN} () { }