diff options
Diffstat (limited to 'recipes-support')
18 files changed, 863 insertions, 0 deletions
diff --git a/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch new file mode 100644 index 0000000..4a8ae5f --- /dev/null +++ b/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch @@ -0,0 +1,34 @@ +ca-certificates is a package from Debian, but some host distros such as Fedora +have a leaner run-parts provided by cron which doesn't support --verbose or the + -- separator between arguments and paths. + +This solves errors such as + +| Running hooks in [...]/rootfs/etc/ca-certificates/update.d... +| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found +| [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found +| E: Not a directory: -- exited with code 127. + + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@intel.com> +Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> +--- + sbin/update-ca-certificates | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +Index: git/sbin/update-ca-certificates +=================================================================== +--- git.orig/sbin/update-ca-certificates ++++ git/sbin/update-ca-certificates +@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ] + then + + echo "Running hooks in $HOOKSDIR..." +- VERBOSE_ARG= +- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" +- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook ++ eval run-parts --test "$HOOKSDIR" | while read hook + do + ( cat "$ADDED" + cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." diff --git a/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch new file mode 100644 index 0000000..792b403 --- /dev/null +++ b/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch @@ -0,0 +1,46 @@ +Upstream-Status: Pending + +From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001 +From: Andreas Oberritter <obi@opendreambox.org> +Date: Tue, 19 Mar 2013 17:14:33 +0100 +Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT + +Signed-off-by: Andreas Oberritter <obi@opendreambox.org> +--- + sbin/update-ca-certificates | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +Index: git/sbin/update-ca-certificates +=================================================================== +--- git.orig/sbin/update-ca-certificates ++++ git/sbin/update-ca-certificates +@@ -24,12 +24,12 @@ + verbose=0 + fresh=0 + default=0 +-CERTSCONF=/etc/ca-certificates.conf +-CERTSDIR=/usr/share/ca-certificates +-LOCALCERTSDIR=/usr/local/share/ca-certificates ++CERTSCONF=$SYSROOT/etc/ca-certificates.conf ++CERTSDIR=$SYSROOT/usr/share/ca-certificates ++LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates + CERTBUNDLE=ca-certificates.crt +-ETCCERTSDIR=/etc/ssl/certs +-HOOKSDIR=/etc/ca-certificates/update.d ++ETCCERTSDIR=$SYSROOT/etc/ssl/certs ++HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d + + while [ $# -gt 0 ]; + do +@@ -92,9 +92,9 @@ add() { + PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ + -e 's/[()]/=/g' \ + -e 's/,/_/g').pem" +- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] ++ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ] + then +- ln -sf "$CERT" "$PEM" ++ ln -sf "${CERT##$SYSROOT}" "$PEM" + echo "+$PEM" >> "$ADDED" + fi + # Add trailing newline to certificate, if it is missing (#635570) diff --git a/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch b/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch new file mode 100644 index 0000000..f8b0791 --- /dev/null +++ b/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch @@ -0,0 +1,50 @@ +Upstream-Status: Pending + +update-ca-certificates: find SYSROOT relative to its own location + +This makes the script relocatable. + +Index: git/sbin/update-ca-certificates +=================================================================== +--- git.orig/sbin/update-ca-certificates ++++ git/sbin/update-ca-certificates +@@ -66,6 +66,39 @@ do + shift + done + ++if [ -z "$SYSROOT" ]; then ++ local_which () { ++ if [ $# -lt 1 ]; then ++ return 1 ++ fi ++ ++ ( ++ IFS=: ++ for entry in $PATH; do ++ if [ -x "$entry/$1" ]; then ++ echo "$entry/$1" ++ exit 0 ++ fi ++ done ++ exit 1 ++ ) ++ } ++ ++ case "$0" in ++ */*) ++ sbindir=$(cd ${0%/*} && pwd) ++ ;; ++ *) ++ sbindir=$(cd $(dirname $(local_which $0)) && pwd) ++ ;; ++ esac ++ prefix=${sbindir%/*} ++ SYSROOT=${prefix%/*} ++ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then ++ SYSROOT= ++ fi ++fi ++ + if [ ! -s "$CERTSCONF" ] + then + fresh=1 diff --git a/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/recipes-support/ca-certificates/ca-certificates/sbindir.patch new file mode 100644 index 0000000..a113fa8 --- /dev/null +++ b/recipes-support/ca-certificates/ca-certificates/sbindir.patch @@ -0,0 +1,20 @@ +Upstream-Status: Pending + +Let us alter the install destination of the script via SBINDIR + +--- ca-certificates-20130119.orig/sbin/Makefile ++++ ca-certificates-20130119/sbin/Makefile +@@ -3,9 +3,12 @@ + # + # + ++SBINDIR = /usr/sbin ++ + all: + + clean: + + install: +- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ ++ install -d $(DESTDIR)$(SBINDIR) ++ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ diff --git a/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch new file mode 100644 index 0000000..6e2171f --- /dev/null +++ b/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch @@ -0,0 +1,34 @@ +From 30378026d136efa779732e3f6664e2ecf461e458 Mon Sep 17 00:00:00 2001 +From: Patrick Ohly <patrick.ohly@intel.com> +Date: Thu, 17 Mar 2016 12:38:09 +0100 +Subject: [PATCH] update-ca-certificates: support Toybox + +"mktemp -t" is deprecated and does not work when using Toybox. Replace +with something that works also with Toybox. + +Upstream-Status: Pending + +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> +--- + sbin/update-ca-certificates | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates +index 79c41bb..ae9e3f1 100755 +--- a/sbin/update-ca-certificates ++++ b/sbin/update-ca-certificates +@@ -113,9 +113,9 @@ trap cleanup 0 + + # Helper files. (Some of them are not simple arrays because we spawn + # subshells later on.) +-TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" +-ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" +-REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" ++TEMPBUNDLE="$(mktemp -p${TMPDIR:-/tmp} "${CERTBUNDLE}.tmp.XXXXXX")" ++ADDED="$(mktemp -p${TMPDIR:-/tmp} "ca-certificates.tmp.XXXXXX")" ++REMOVED="$(mktemp -p${TMPDIR:-/tmp} "ca-certificates.tmp.XXXXXX")" + + # Adds a certificate to the list of trusted ones. This includes a symlink + # in /etc/ssl/certs to the certificate file and its inclusion into the +-- +2.1.4 diff --git a/recipes-support/ca-certificates/ca-certificates_20161130.bb b/recipes-support/ca-certificates/ca-certificates_20161130.bb new file mode 100644 index 0000000..e0b2e41 --- /dev/null +++ b/recipes-support/ca-certificates/ca-certificates_20161130.bb @@ -0,0 +1,82 @@ +SUMMARY = "Common CA certificates" +DESCRIPTION = "This package includes PEM files of CA certificates to allow \ +SSL-based applications to check for the authenticity of SSL connections. \ +This derived from Debian's CA Certificates." +HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" +SECTION = "misc" +LICENSE = "GPL-2.0+ & MPL-2.0" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=e7358b9541ccf3029e9705ed8de57968" + +# This is needed to ensure we can run the postinst at image creation time +DEPENDS = "ca-certificates-native" +DEPENDS_class-native = "openssl-native" +DEPENDS_class-nativesdk = "ca-certificates-native openssl-native" + +SRCREV = "61b70a1007dc269d56881a0d480fc841daacc77c" + +SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \ + file://0002-update-ca-certificates-use-SYSROOT.patch \ + file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ + file://update-ca-certificates-support-Toybox.patch \ + file://default-sysroot.patch \ + file://sbindir.patch" + +S = "${WORKDIR}/git" + +inherit allarch + +EXTRA_OEMAKE = "\ + 'CERTSDIR=${datadir}/ca-certificates' \ + 'SBINDIR=${sbindir}' \ +" + +do_compile_prepend() { + oe_runmake clean +} + +do_install () { + install -d ${D}${datadir}/ca-certificates \ + ${D}${sysconfdir}/ssl/certs \ + ${D}${sysconfdir}/ca-certificates/update.d + oe_runmake 'DESTDIR=${D}' install + + install -d ${D}${mandir}/man8 + install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/ + + install -d ${D}${sysconfdir} + { + echo "# Lines starting with # will be ignored" + echo "# Lines starting with ! will remove certificate on next update" + echo "#" + find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ + sed 's,^${D}${datadir}/ca-certificates/,,' + } >${D}${sysconfdir}/ca-certificates.conf +} + +do_install_append_class-target () { + sed -i -e 's,/etc/,${sysconfdir}/,' \ + -e 's,/usr/share/,${datadir}/,' \ + -e 's,/usr/local,${prefix}/local,' \ + ${D}${sbindir}/update-ca-certificates \ + ${D}${mandir}/man8/update-ca-certificates.8 +} + +pkg_postinst_${PN} () { + SYSROOT="$D" update-ca-certificates +} + +CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" + +# Postinsts don't seem to be run for nativesdk packages when populating SDKs. +CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" +do_install_append_class-nativesdk () { + SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates +} + +do_install_append_class-native () { + SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates +} + +RDEPENDS_${PN} += "openssl" + +BBCLASSEXTEND += "native nativesdk" diff --git a/recipes-support/multitech/libmts_0.3.bb b/recipes-support/multitech/libmts_0.5.bb index b599395..b599395 100644 --- a/recipes-support/multitech/libmts_0.3.bb +++ b/recipes-support/multitech/libmts_0.5.bb diff --git a/recipes-support/ntp/files/logtime.patch b/recipes-support/ntp/files/logtime.patch new file mode 100644 index 0000000..6b104ce --- /dev/null +++ b/recipes-support/ntp/files/logtime.patch @@ -0,0 +1,79 @@ + Create a test to log time since boot MONOTONIC_RAW or uptime + and the REALTIME clock (UTC) + Not real sure how the build should work. To build logtime + do bitbake -c devshell ntp + Then cd clockstuff, and to: + make logtime +============================================================== +diff -Naur old/clockstuff/logtime.c new/clockstuff/logtime.c +--- old/clockstuff/logtime.c 1969-12-31 18:00:00.000000000 -0600 ++++ new/clockstuff/logtime.c 2017-01-27 16:55:46.420307603 -0600 +@@ -0,0 +1,44 @@ ++#include <time.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <stdarg.h> ++#include <syslog.h> ++/* ++ * Generate a log messages 4 times per second ++ * to verify leap second. The CLOCK_MONOTONIC_RAW ++ * is the time since boot unaffected by adjustments. ++ * ++ * CLOCK_REALTIME is the UTC clock, which is affected ++ * by leap seconds. ++ * ++ * Program does not exit. ++ * ++ */ ++main() ++{ ++ openlog("CTST",0,LOG_LOCAL2); ++ while(1) { ++ struct timespec ts,unused,ep; ++ if (clock_gettime(CLOCK_MONOTONIC,&ts) == 0) { ++ ++ if(ts.tv_nsec < 750000000) ++ ts.tv_nsec += 250000000; ++ else { ++ ts.tv_nsec -= 750000000; ++ ts.tv_sec += 1; ++ } ++ clock_nanosleep(CLOCK_MONOTONIC,TIMER_ABSTIME,&ts,&unused); ++ clock_gettime(CLOCK_MONOTONIC_RAW,&ts); ++ ts.tv_nsec /= 1000000; ++ clock_gettime(CLOCK_REALTIME,&ep); ++ ep.tv_nsec /= 1000000; ++ syslog(LOG_NOTICE,"epoch: %lu.%3.3ld boot: %lu.%3.3ld", ++ ep.tv_sec,ep.tv_nsec, ++ ts.tv_sec,ts.tv_nsec); ++ ++ } ++ ++ ++ } ++ ++} +diff -Naur old/clockstuff/Makefile.am new/clockstuff/Makefile.am +--- old/clockstuff/Makefile.am 2017-01-27 16:50:58.929973639 -0600 ++++ new/clockstuff/Makefile.am 2017-01-27 16:53:22.625139584 -0600 +@@ -1,7 +1,7 @@ + #AUTOMAKE_OPTIONS = ../ansi2knr no-dependencies + AUTOMAKE_OPTIONS = +-noinst_PROGRAMS = @PROPDELAY@ @CHUTEST@ @CLKTEST@ +-EXTRA_PROGRAMS = propdelay chutest clktest ++noinst_PROGRAMS = @PROPDELAY@ @CHUTEST@ @CLKTEST@ @LOGTIME@ ++EXTRA_PROGRAMS = propdelay chutest clktest logtime + + INCLUDES = -I$(top_srcdir)/include + # We need -lm (and perhaps $(COMPAT) for propdelay, -lntp for {chu,clk}test +diff -Naur old/configure.ac new/configure.ac +--- old/configure.ac 2017-01-27 17:59:46.940532782 -0600 ++++ new/configure.ac 2017-01-27 17:55:26.626841232 -0600 +@@ -4115,6 +4115,7 @@ + AC_SUBST([PROPDELAY]) dnl Set to "propdelay" + AC_SUBST([CHUTEST]) dnl Set to "chutest" + AC_SUBST([CLKTEST]) dnl Set to "clktest" ++AC_SUBST([LOGTIME]) dnl Set to "logtime" + + AC_SUBST([MAKE_ADJTIMED]) + AC_MSG_CHECKING([if we want HP-UX adjtimed support]) diff --git a/recipes-support/ntp/files/ntp.conf.patch b/recipes-support/ntp/files/ntp.conf.patch new file mode 100644 index 0000000..bb1dcfe --- /dev/null +++ b/recipes-support/ntp/files/ntp.conf.patch @@ -0,0 +1,55 @@ +diff -Naur old/ntp.conf new/ntp.conf +--- old/ntp.conf 2017-02-02 19:09:54.524791189 -0600 ++++ new/ntp.conf 2017-02-02 19:06:41.744669788 -0600 +@@ -1,16 +1,47 @@ +-# This is the most basic ntp configuration file + # The driftfile must remain in a place specific to this + # machine - it records the machine specific clock error +-driftfile /etc/ntp.drift ++# Driftfile must be in a directory owned by ntp ++driftfile /var/lib/ntp/ntp.drift ++ ++# The following code is for evaluating the timeserver. ++# Remove the # to activate the statistics ++# statsdir must start in column 1 for the initscript to ++# create the directory, in case it is volatile. ++# ++# statistics loopstats ++# statistics peerstats ++# statsdir /var/log/ntpstats ++# filegen peerstats file peerstats type day link enable ++# filegen loopstats file loopstats type day link enable ++ ++# This is the US timeserver pool. You should use a pool ++# close to your location. ++#pool us.pool.ntp.org iburst ++ + # This should be a server that is close (in IP terms) + # to the machine. Add other servers as required. +-# Unless you un-comment the line below ntpd will sync +-# only against the local system clock. + # + # server time.server.example.com + # ++ ++restrict default kod nomodify notrap nopeer noquery ++restrict -6 default kod nomodify notrap nopeer noquery ++restrict 127.0.0.1 mask 255.255.255.0 ++restrict -6 ::1 ++ ++# GPS Serial data reference (NTP0) ++# This sets the GPS 50 milliseconds slower than the PPS. ++server 127.127.28.0 true ++fudge 127.127.28.0 time1 0.050 refid GPS ++ ++# GPS PPS reference (NTP2) ++server 127.127.28.2 prefer true ++fudge 127.127.28.2 time1 0.000 refid PPS ++ + # Using local hardware clock as fallback + # Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself ++# The stratum should be a high value so this does not get chosen ++# except in dire circumstances. + server 127.127.1.0 + fudge 127.127.1.0 stratum 14 + # Defining a default security setting diff --git a/recipes-support/ntp/files/ntpd-default b/recipes-support/ntp/files/ntpd-default new file mode 100644 index 0000000..ed7a6ec --- /dev/null +++ b/recipes-support/ntp/files/ntpd-default @@ -0,0 +1,35 @@ +ENABLED="yes" + +CONFIGFILE=/etc/ntp.conf + +# The GPSD_* parameters in this file are ignored +# if the uBlox GPS is not present. + +# Require a GPS lock/fix before starting NTP +# This is needed if we are not using NTP servers. +# NTP will not work with the GPS if the GPS is not +# locked before starting. +# See /etc/default/gpsd for the states required. +GPSD_REQUIRED=1 + +# Number of seconds between testing for a GPS +# lock prior to calling ntpd. +GPSD_WAIT_TIME=120 + +# Since the HW Clock could be off by a second or +# so, our GPS might get marked as a false ticker +# if we do not set the system clock to the GPS +# first. The current correct way to do this +# according to the ntp doc is ntpd -gq -c conffile +# which must be done before ntpd is started. +# conffile should exclude the local clock, so it is +# ignored while doing the initial sync. +# ntpd -gq apparently does not work with the GPS +# when tested with the clock more than one day off +# and no ntpd. The gps shared memory is never polled. +# +# If there is a uBlox GPS present, the time is +# read from the GPS to initialize the system time +# before NTP is started. +SET_SYSTEM_CLOCK=1 + diff --git a/recipes-support/ntp/files/ntpd-init.patch b/recipes-support/ntp/files/ntpd-init.patch new file mode 100644 index 0000000..2ef7e0b --- /dev/null +++ b/recipes-support/ntp/files/ntpd-init.patch @@ -0,0 +1,96 @@ +diff -Naur old/ntpd new/ntpd +--- old/ntpd 2017-02-06 09:21:52.607908299 -0600 ++++ new/ntpd 2017-02-06 09:22:52.417169090 -0600 +@@ -1,6 +1,8 @@ +-#! /bin/sh ++#! /bin/bash + # ++. /etc/default/ntpd + PATH=/sbin:/bin:/usr/bin:/usr/sbin ++GNSSRST=/sys/devices/platform/mts-io/gnss-reset + + # ntpd init.d script for ntpdc from ntp.isc.org + test -x /usr/sbin/ntpd -a -r /etc/ntp.conf || exit 0 +@@ -18,13 +20,29 @@ + } + } + startdaemon(){ +- # The -g option allows ntpd to step the time to correct it just +- # once. The daemon will exit if the clock drifts too much after +- # this. If ntpd seems to disappear after a while assume TICKADJ +- # above is set to a totally incorrect value. +- echo -n "Starting ntpd: " +- start-stop-daemon --start -x /usr/sbin/ntpd -- -u ntp:ntp -p /var/run/ntp.pid "$@" +- echo "done" ++ /usr/sbin/start-stop-daemon -N -20 --start -x /usr/sbin/ntpd --test -- -u ntp:ntp -p /var/run/ntp.pid "$@" \ ++ || return 1 ++ if [[ -x /usr/sbin/gpsd_ubx_settime ]] && ((GPSD_REQUIRED == 1)) && [[ -L /dev/gps0 ]] && [[ -f "${GNSSRST}" ]]; then ++ . /etc/default/gpsd ++ if ((SET_SYSTEM_CLOCK == 1)) && /usr/sbin/gpsd_ubx_settime ; then ++ # We just set the system time by the GPS. Should be within 2 seconds. ++ # Now that we are close to the correct system time, we ++ # use the ntpd one shot option to get to less than ++ # 250mS error so that we don't waste time adjusting the clock. ++ /usr/sbin/ntpd -gq ++ /usr/sbin/start-stop-daemon -N -20 --start -x /usr/sbin/ntpd -- -u ntp:ntp -p /var/run/ntp.pid "$@" ++ else ++ # Need a GPS fix before startint ntp. Try again later. ++ /usr/sbin/start-stop-daemon -b -n z1e9d3qb -N -20 --start -x /bin/bash -- -c "sleep $GPSD_WAIT_TIME;/etc/init.d/ntpd start" ++ fi ++ else ++ if ((SET_SYSTEM_CLOCK == 1)) ; then ++ # Sets the clock and exits. ++ ntpd -gq ++ shift ++ fi ++ /usr/sbin/start-stop-daemon -N -20 --start -x /usr/sbin/ntpd -- -u ntp:ntp -p /var/run/ntp.pid "$@" ++ fi + } + stopdaemon(){ + echo -n "Stopping ntpd: " +@@ -34,24 +52,38 @@ + + case "$1" in + start) +- settick +- startdaemon -g ++ if ! [[ $ENABLED =~ ^[yY][eE][sS]$ ]] ; then ++ exit 0 ++ fi ++ if [[ -n "$CONFIGFILE" ]] ; then ++ CONFIGOPT="-c ${CONFIGFILE}" ++ STATSDIR=$(grep "^statsdir" ${CONFIGFILE} | sed -r 's/[^[:space:]]+[[:space:]]//') ++ if ((${#STATSDIR} > 0)) && ! [[ -d ${STATSDIR} ]] ; then ++ echo Make ${STATSDIR} ++ mkdir -m 0755 -p ${STATSDIR} ++ fi ++ if [[ -d ${STATSDIR} ]] ; then ++ chown ntp:ntp ${STATSDIR} >/dev/null 2>&1 ++ fi ++ fi ++ settick ++ startdaemon -g $CONFIGOPT + ;; + stop) +- stopdaemon ++ stopdaemon + ;; + force-reload) +- stopdaemon +- settick ++ stopdaemon ++ settick + startdaemon -g + ;; + restart) +- # Don't reset the tick here ++ # Don't reset the tick here + stopdaemon + startdaemon -g + ;; + reload) +- # Must do this by hand, but don't do -g ++ # Must do this by hand, but don't do -g + stopdaemon + startdaemon + ;; diff --git a/recipes-support/ntp/ntp_4.2.6p5.bbappend b/recipes-support/ntp/ntp_4.2.6p5.bbappend new file mode 100644 index 0000000..8460fda --- /dev/null +++ b/recipes-support/ntp/ntp_4.2.6p5.bbappend @@ -0,0 +1,33 @@ +PR .= ".mlinux2" + +SRC_URI += " file://ntpd-init.patch;patchdir=.. \ + file://ntp.conf.patch;patchdir=.. \ + file://ntpd-default \ + file://logtime.patch \ + " +FILESEXTRAPATHS_prepend := "${THISDIR}/files" + +python do_patch_prepend () { + import os +} + +do_install_append() { + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/ntpd-default ${D}${sysconfdir}/default/ntpd.default + + drdir=${D}${localstatedir}/lib/ntp + install -d -m 0755 -p ${drdir} + drfile="${drdir}/ntp.drift" + touch ${drfile} + chmod 664 ${drfile} + chown -R ntp:ntp ${drdir} +} +pkg_postinst_${PN}_append() { + update-alternatives --install ${sysconfdir}/default/ntpd ntpd-defaults ${sysconfdir}/default/ntpd.default 10 +} + +pkg_postrm_${PN}_append() { + update-alternatives --remove ntpd-defaults ${sysconfdir}/default/ntpd.default +} +FILES_${PN} += "${sysconfdir}/default/ntpd.default ${localstatedir}/lib/*" +CONFFILES_${PN} += "${sysconfdir}/default/ntpd.default" diff --git a/recipes-support/pps-tools/pps-tools_git.bb b/recipes-support/pps-tools/pps-tools_git.bb new file mode 100644 index 0000000..ddcfe67 --- /dev/null +++ b/recipes-support/pps-tools/pps-tools_git.bb @@ -0,0 +1,17 @@ +SUMMARY = "User-space tools for LinuxPPS" +PRIORITY = "optional" + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" + +PV = "0.0.0+git${SRCPV}" +SRCREV = "0deb9c7e135e9380a6d09e9d2e938a146bb698c8" +SRC_URI = "git://github.com/ago/pps-tools.git" + +S = "${WORKDIR}/git" + +do_install() { + install -d ${D}${bindir} ${D}${includedir} \ + ${D}${includedir}/sys + oe_runmake 'DESTDIR=${D}' install +} diff --git a/recipes-support/strongswan/files/fix-funtion-parameter.patch b/recipes-support/strongswan/files/fix-funtion-parameter.patch new file mode 100644 index 0000000..da96983 --- /dev/null +++ b/recipes-support/strongswan/files/fix-funtion-parameter.patch @@ -0,0 +1,98 @@ +fix the function parameter + +Upstream-Status: pending + +Original openssl_diffie_hellman_create has three parameters, but +it is reassigned a function pointer which has one parameter, and +is called with one parameter, which will lead to segment fault +on PPC, Now we simply correct the number of parameters. + + #0 0x484d4aa0 in __GI_raise (sig=6) + at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 + #1 0x484d9930 in __GI_abort () at abort.c:91 + #2 0x10002064 in segv_handler (signal=11) at charon.c:224 + #3 <signal handler called> + #4 0x48d89630 in openssl_diffie_hellman_create (group=MODP_1024_BIT, g=..., + p=<error reading variable: Cannot access memory at address 0x0>) + at openssl_diffie_hellman.c:143 + #5 0x482c54f8 in create_dh (this=0x11ac6e68, group=MODP_1024_BIT) + at crypto/crypto_factory.c:358 + #6 0x48375884 in create_dh (this=<optimized out>, group=<optimized out>) + at sa/keymat.c:132 + #7 0x483843b8 in process_payloads (this=0x51400a78, message=<optimized + out>) + at sa/tasks/ike_init.c:200 + #8 0x483844d0 in process_r (this=0x51400a78, message=0x51500778) + at sa/tasks/ike_init.c:319 + #9 0x48374c9c in process_request (message=0x51500778, this=0x51400d20) + at sa/task_manager.c:870 + #10 process_message (this=0x51400d20, msg=0x51500778) at + sa/task_manager.c:925 + #11 0x4836c378 in process_message (this=0x514005f0, message=0x51500778) + at sa/ike_sa.c:1317 + #12 0x48362270 in execute (this=0x515008d0) + at processing/jobs/process_message_job.c:74 + +Signed-off-by: Roy.Li <rongqing.li@windriver.com> +--- + src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 8 +++++++- + src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h | 4 +++- + src/libstrongswan/plugins/openssl/openssl_plugin.c | 1 + + 3 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +index ff33824..bd21446 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c ++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +@@ -142,7 +142,7 @@ METHOD(diffie_hellman_t, destroy, void, + /* + * Described in header. + */ +-openssl_diffie_hellman_t *openssl_diffie_hellman_create( ++openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( + diffie_hellman_group_t group, chunk_t g, chunk_t p) + { + private_openssl_diffie_hellman_t *this; +@@ -197,5 +197,11 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( + + return &this->public; + } ++openssl_diffie_hellman_t *openssl_diffie_hellman_create( diffie_hellman_group_t group) ++{ ++ chunk_t g; ++ chunk_t p; ++ openssl_diffie_hellman_create_custom(group, g, p); ++} + + #endif /* OPENSSL_NO_DH */ +diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +index 53dc59c..eb69eaa 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h ++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +@@ -44,8 +44,10 @@ struct openssl_diffie_hellman_t { + * @param p custom prime, if MODP_CUSTOM + * @return openssl_diffie_hellman_t object, NULL if not supported + */ +-openssl_diffie_hellman_t *openssl_diffie_hellman_create( ++openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( + diffie_hellman_group_t group, chunk_t g, chunk_t p); ++openssl_diffie_hellman_t *openssl_diffie_hellman_create( ++ diffie_hellman_group_t group); + + #endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/ + +diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c +index ff25086..c76873d 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c ++++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c +@@ -388,6 +388,7 @@ METHOD(plugin_t, get_features, int, + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(DH, MODP_768_BIT), ++ PLUGIN_REGISTER(DH, openssl_diffie_hellman_create_custom), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), + #endif + #ifndef OPENSSL_NO_RSA +-- +1.8.3 + diff --git a/recipes-support/strongswan/files/install-strongswan-swanctl-service.patch b/recipes-support/strongswan/files/install-strongswan-swanctl-service.patch new file mode 100644 index 0000000..86baccf --- /dev/null +++ b/recipes-support/strongswan/files/install-strongswan-swanctl-service.patch @@ -0,0 +1,22 @@ +commit 44cbabd8a42bc2a436562ed33fb8c89fa6b75b6e +Author: Chris Patterson <pattersonc@ainfosec.com> +Date: Fri Dec 18 08:31:48 2015 -0500 + + strongswan-swanctl.service.in: match install used by strongswan.service + + Signed-off-by: Chris Patterson <pattersonc@ainfosec.com> + +Upstream-Status: Submitted +https://github.com/strongswan/strongswan/pull/25 + +diff --git a/init/systemd-swanctl/strongswan-swanctl.service.in b/init/systemd-swanctl/strongswan-swanctl.service.in +index 818d352..944101f 100644 +--- a/init/systemd-swanctl/strongswan-swanctl.service.in ++++ b/init/systemd-swanctl/strongswan-swanctl.service.in +@@ -7,3 +7,6 @@ Type=notify + ExecStart=@SBINDIR@/charon-systemd + ExecStartPost=@SBINDIR@/swanctl --load-all --noprompt + ExecReload=@SBINDIR@/swanctl --reload ++ ++[Install] ++WantedBy=multi-user.target diff --git a/recipes-support/strongswan/files/strongswan-5.0.0-5.1.2_reject_child_sa.patch b/recipes-support/strongswan/files/strongswan-5.0.0-5.1.2_reject_child_sa.patch new file mode 100644 index 0000000..ad3459e --- /dev/null +++ b/recipes-support/strongswan/files/strongswan-5.0.0-5.1.2_reject_child_sa.patch @@ -0,0 +1,36 @@ +From b980ba7757dcfedd756aa055b3271ea58cf85aa6 Mon Sep 17 00:00:00 2001 +From: Martin Willi <martin@revosec.ch> +Date: Thu, 20 Feb 2014 16:08:43 +0100 +Subject: [PATCH] ikev2: Reject CREATE_CHILD_SA exchange on unestablished + IKE_SAs + +Prevents a responder peer to trick us into established state by starting +IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH. + +Fixes CVE-2014-2338 for 5.x versions of strongSwan. +--- + src/libcharon/sa/ikev2/task_manager_v2.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c +index ac3be90..a5252ab 100644 +--- a/src/libcharon/sa/ikev2/task_manager_v2.c ++++ b/src/libcharon/sa/ikev2/task_manager_v2.c +@@ -780,6 +780,15 @@ static status_t process_request(private_ + case CREATE_CHILD_SA: + { /* FIXME: we should prevent this on mediation connections */ + bool notify_found = FALSE, ts_found = FALSE; ++ ++ if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || ++ this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING) ++ { ++ DBG1(DBG_IKE, "received CREATE_CHILD_SA request for " ++ "unestablished IKE_SA, rejected"); ++ return FAILED; ++ } ++ + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, &payload)) + { +-- +1.8.1.2 diff --git a/recipes-support/strongswan/files/support-newer-systemd.patch b/recipes-support/strongswan/files/support-newer-systemd.patch new file mode 100644 index 0000000..550cf67 --- /dev/null +++ b/recipes-support/strongswan/files/support-newer-systemd.patch @@ -0,0 +1,69 @@ +commit 82498129e0a91dfc3ed2c4ec3b2252f44655b83c +Author: Chris Patterson <pattersonc@ainfosec.com> +Date: Fri Dec 18 08:27:57 2015 -0500 + + configure: support systemd >= 209 + + libsystemd-journal and libsystemd-daemon are now just + part of libsystemd. + + Keep original systemd checks as a fallback. + + Updates charon-systemd/Makefile.am accordingly. + + Tested on: + - debian wheezy (systemd v44) + - ubuntu 15.10 (systemd v255). + + Signed-off-by: Chris Patterson <pattersonc@ainfosec.com> + +Upstream-Status: Submitted +https://github.com/strongswan/strongswan/pull/24 + +diff --git a/configure.ac b/configure.ac +index 3d71ce0..f6c0426 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -941,13 +941,17 @@ if test x$systemd = xtrue; then + AC_MSG_ERROR([not found (try --with-systemdsystemunitdir)]) + fi + +- PKG_CHECK_MODULES(systemd_daemon, [libsystemd-daemon]) +- AC_SUBST(systemd_daemon_CFLAGS) +- AC_SUBST(systemd_daemon_LIBS) +- +- PKG_CHECK_MODULES(systemd_journal, [libsystemd-journal]) +- AC_SUBST(systemd_journal_CFLAGS) +- AC_SUBST(systemd_journal_LIBS) ++ PKG_CHECK_MODULES(systemd, [libsystemd >= 209], ++ [AC_SUBST(systemd_CFLAGS) ++ AC_SUBST(systemd_LIBS)], ++ [PKG_CHECK_MODULES(systemd_daemon, [libsystemd-daemon]) ++ AC_SUBST(systemd_daemon_CFLAGS) ++ AC_SUBST(systemd_daemon_LIBS) ++ ++ PKG_CHECK_MODULES(systemd_journal, [libsystemd-journal]) ++ AC_SUBST(systemd_journal_CFLAGS) ++ AC_SUBST(systemd_journal_LIBS) ++ ]) + fi + + if test x$tss = xtrousers; then +diff --git a/src/charon-systemd/Makefile.am b/src/charon-systemd/Makefile.am +index 1b9ac15..ee85d43 100644 +--- a/src/charon-systemd/Makefile.am ++++ b/src/charon-systemd/Makefile.am +@@ -9,11 +9,11 @@ charon_systemd_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon \ +- $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \ ++ $(systemd_CFLAGS) $(systemd_daemon_CFLAGS) $(systemd_journal_CFLAGS) \ + -DPLUGINS=\""${charon_plugins}\"" + + charon_systemd_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ +- $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) ++ $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) diff --git a/recipes-support/strongswan/strongswan_5.3.2.bb b/recipes-support/strongswan/strongswan_5.3.2.bb new file mode 100644 index 0000000..9dc4878 --- /dev/null +++ b/recipes-support/strongswan/strongswan_5.3.2.bb @@ -0,0 +1,57 @@ +DESCRIPTION = "strongSwan is an OpenSource IPsec implementation for the \ +Linux operating system." +SUMMARY = "strongSwan is an OpenSource IPsec implementation" +HOMEPAGE = "http://www.strongswan.org" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +DEPENDS = "gmp openssl flex-native flex bison-native" + +SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + file://fix-funtion-parameter.patch \ + file://support-newer-systemd.patch \ + file://install-strongswan-swanctl-service.patch \ +" + +SRC_URI[md5sum] = "fab014be1477ef4ebf9a765e10f8802c" +SRC_URI[sha256sum] = "a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225" + +EXTRA_OECONF = " \ + --without-lib-prefix \ +" + +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" + + +PACKAGECONFIG ??= "charon curl gmp openssl stroke sqlite3 \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ldap', 'ldap', '', d)} \ +" +PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni," +PACKAGECONFIG[charon] = "--enable-charon,--disable-charon," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl," +PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp," +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap," +PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5," +PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl," +PACKAGECONFIG[scep] = "--enable-scepclient,--disable-scepclient," +PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4," +PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3," +PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke," +PACKAGECONFIG[swanctl] = "--enable-swanctl,--disable-swanctl,,libgcc" + +# requires swanctl +PACKAGECONFIG[systemd-charon] = "--enable-systemd,--disable-systemd,systemd," + +inherit autotools systemd pkgconfig + +RRECOMMENDS_${PN} = "kernel-module-ipsec" + +FILES_${PN} += "${libdir}/ipsec/lib*${SOLIBS} ${libdir}/ipsec/plugins/*.so" +FILES_${PN}-dbg += "${libdir}/ipsec/.debug ${libdir}/ipsec/plugins/.debug ${libexecdir}/ipsec/.debug" +FILES_${PN}-dev += "${libdir}/ipsec/lib*${SOLIBSDEV} ${libdir}/ipsec/*.la ${libdir}/ipsec/plugins/*.la" +FILES_${PN}-staticdev += "${libdir}/ipsec/*.a ${libdir}/ipsec/plugins/*.a" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}-swanctl.service', '${BPN}.service', d)}" |