commit b41a74e0dfdf0217301ba2f0239df3d4bad87dbf Author: MSVSphere Packaging Team Date: Fri Oct 25 19:31:47 2024 +0300 import tang-14-10.el10 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ac3ac3c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tang-14.tar.xz diff --git a/.tang.metadata b/.tang.metadata new file mode 100644 index 0000000..5e7831b --- /dev/null +++ b/.tang.metadata @@ -0,0 +1 @@ +81a09f024fcb0e8b53bb867b2679ebab14555791 SOURCES/tang-14.tar.xz diff --git a/SOURCES/0001-Add-support-for-building-with-llhttp-instead-of-http.patch b/SOURCES/0001-Add-support-for-building-with-llhttp-instead-of-http.patch new file mode 100644 index 0000000..7eae85e --- /dev/null +++ b/SOURCES/0001-Add-support-for-building-with-llhttp-instead-of-http.patch @@ -0,0 +1,238 @@ +From 6aebfd5499039b58b88eb15eba1aa719c117cfd4 Mon Sep 17 00:00:00 2001 +From: Sergio Correia +Date: Tue, 9 Jan 2024 08:56:59 +0000 +Subject: [PATCH] Add support for building with llhttp instead of http-parser + +As http-parser has been unmaintained for a while [1], let's add +support for its natural replacement, llhttp. + +However, as llhttp does not seem to be packaged in distros like +Debian [2], we will keep supporting building with http-parser for +time being, preferring llhttp, if it is present. + +[1] https://github.com/nodejs/http-parser/issues/522 +[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977716 +--- + .github/workflows/install-dependencies | 2 +- + meson.build | 17 ++++++++++--- + src/http.c | 10 ++++---- + src/http.h | 35 +++++++++++++++++++++++--- + src/tangd.c | 16 ++++++------ + 5 files changed, 58 insertions(+), 22 deletions(-) + +diff --git a/.github/workflows/install-dependencies b/.github/workflows/install-dependencies +index 96852a8..a9bbab0 100755 +--- a/.github/workflows/install-dependencies ++++ b/.github/workflows/install-dependencies +@@ -13,7 +13,7 @@ debian:*|ubuntu:*) + echo 'max_parallel_downloads=10' >> /etc/dnf/dnf.conf + dnf -y clean all + dnf -y --setopt=deltarpm=0 update +- dnf -y install gcc meson pkgconfig libjose-devel jose http-parser-devel \ ++ dnf -y install gcc meson pkgconfig libjose-devel jose llhttp-devel \ + systemd gcovr curl socat iproute + ;; + +diff --git a/meson.build b/meson.build +index fd46cef..33c8aff 100644 +--- a/meson.build ++++ b/meson.build +@@ -55,13 +55,22 @@ add_project_arguments('-DVERSION="'+meson.project_version() + '"', language : 'c + jose = dependency('jose', version: '>=8') + a2x = find_program('a2x', required: false) + compiler = meson.get_compiler('c') +-if not compiler.has_header('http_parser.h',args : '-I/usr/local/include') +- error('http-parser devel files not found.') ++ ++http_lib = [] ++if compiler.has_header('llhttp.h', args: '-I/usr/local/include') ++ http_lib = 'llhttp' ++ add_project_arguments('-DUSE_LLHTTP', language: 'c') ++else ++ if not compiler.has_header('http_parser.h', args: '-I/usr/local/include') ++ error('neither llhttp nor http-parser devel files found.') ++ endif ++ http_lib = 'http_parser' + endif ++ + if host_machine.system() == 'freebsd' +- http_parser = compiler.find_library('http_parser',dirs : '/usr/local/lib') ++ http_parser = compiler.find_library(http_lib, dirs : '/usr/local/lib') + else +- http_parser = compiler.find_library('http_parser') ++ http_parser = compiler.find_library(http_lib) + endif + + licenses = ['COPYING'] +diff --git a/src/http.c b/src/http.c +index e9af37b..17b613f 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -36,7 +36,7 @@ HTTP_METHOD_MAP(XX) + }; + + static int +-on_url(http_parser *parser, const char *at, size_t length) ++on_url(http_parser_t *parser, const char *at, size_t length) + { + struct http_state *state = parser->data; + +@@ -51,7 +51,7 @@ on_url(http_parser *parser, const char *at, size_t length) + } + + static int +-on_body(http_parser *parser, const char *at, size_t length) ++on_body(http_parser_t *parser, const char *at, size_t length) + { + struct http_state *state = parser->data; + +@@ -66,7 +66,7 @@ on_body(http_parser *parser, const char *at, size_t length) + } + + static int +-on_message_complete(http_parser *parser) ++on_message_complete(http_parser_t *parser) + { + struct http_state *state = parser->data; + const char *addr = NULL; +@@ -132,7 +132,7 @@ egress: + return 0; + } + +-const http_parser_settings http_settings = { ++const http_settings_t http_settings = { + .on_url = on_url, + .on_body = on_body, + .on_message_complete = on_message_complete, +@@ -140,7 +140,7 @@ const http_parser_settings http_settings = { + + int + http_reply(const char *file, int line, +- enum http_status code, const char *fmt, ...) ++ http_status_t code, const char *fmt, ...) + { + const char *msg = NULL; + va_list ap; +diff --git a/src/http.h b/src/http.h +index 8660a4f..2e35686 100644 +--- a/src/http.h ++++ b/src/http.h +@@ -19,12 +19,39 @@ + + #pragma once + +-#include + #include + #include + ++#ifdef USE_LLHTTP ++#include ++ ++typedef llhttp_method_t http_method_t; ++typedef llhttp_status_t http_status_t; ++typedef llhttp_settings_t http_settings_t; ++typedef llhttp_t http_parser_t; ++#define tang_http_parser_init(parser, settings) llhttp_init(parser, HTTP_REQUEST, settings) ++#define tang_http_parser_execute(parser, settings, req, rcvd) llhttp_execute(parser, req, rcvd) ++#define tang_http_parser_errno(parser) parser.error ++#define tang_http_errno_description(parser, errno) llhttp_get_error_reason(parser) ++ ++#else ++/* Legacy http-parser. */ ++#include ++ ++typedef enum http_method http_method_t; ++typedef enum http_status http_status_t; ++typedef http_parser_settings http_settings_t; ++typedef struct http_parser http_parser_t; ++ ++#define tang_http_parser_init(parser, settings) http_parser_init(parser, HTTP_REQUEST) ++#define tang_http_parser_execute(parser, settings, req, rcvd) http_parser_execute(parser, settings, req, rcvd) ++#define tang_http_parser_errno(parser) parser.http_errno ++#define tang_http_errno_description(parser, errno) http_errno_description(errno) ++ ++#endif /* USE_LLHTTP */ ++ + struct http_dispatch { +- int (*func)(enum http_method method, const char *path, ++ int (*func)(http_method_t method, const char *path, + const char *body, regmatch_t matches[], void *misc); + uint64_t methods; + size_t nmatches; +@@ -43,11 +70,11 @@ struct http_state { + void *misc; + }; + +-extern const http_parser_settings http_settings; ++extern const http_settings_t http_settings; + + int __attribute__ ((format(printf, 4, 5))) + http_reply(const char *file, int line, +- enum http_status code, const char *fmt, ...); ++ http_status_t code, const char *fmt, ...); + + #define http_reply(code, ...) \ + http_reply(__FILE__, __LINE__, code, __VA_ARGS__) +diff --git a/src/tangd.c b/src/tangd.c +index 1e3a6a3..7f197f6 100644 +--- a/src/tangd.c ++++ b/src/tangd.c +@@ -64,7 +64,7 @@ str_cleanup(char **str) + } + + static int +-adv(enum http_method method, const char *path, const char *body, ++adv(http_method_t method, const char *path, const char *body, + regmatch_t matches[], void *misc) + { + __attribute__((cleanup(str_cleanup))) char *adv = NULL; +@@ -101,7 +101,7 @@ adv(enum http_method method, const char *path, const char *body, + } + + static int +-rec(enum http_method method, const char *path, const char *body, ++rec(http_method_t method, const char *path, const char *body, + regmatch_t matches[], void *misc) + { + __attribute__((cleanup(str_cleanup))) char *enc = NULL; +@@ -197,13 +197,14 @@ static int + process_request(const char *jwkdir, int in_fileno) + { + struct http_state state = { .dispatch = dispatch, .misc = (char*)jwkdir }; +- struct http_parser parser = { .data = &state }; ++ http_parser_t parser; + struct stat st = {}; + char req[4096] = {}; + size_t rcvd = 0; + int r = 0; + +- http_parser_init(&parser, HTTP_REQUEST); ++ tang_http_parser_init(&parser, &http_settings); ++ parser.data = &state; + + if (stat(jwkdir, &st) != 0) { + fprintf(stderr, "Error calling stat() on path: %s: %m\n", jwkdir); +@@ -224,17 +225,16 @@ process_request(const char *jwkdir, int in_fileno) + + rcvd += r; + +- r = http_parser_execute(&parser, &http_settings, req, rcvd); +- if (parser.http_errno != 0) { ++ r = tang_http_parser_execute(&parser, &http_settings, req, rcvd); ++ if (tang_http_parser_errno(parser) != 0) { + fprintf(stderr, "HTTP Parsing Error: %s\n", +- http_errno_description(parser.http_errno)); ++ tang_http_errno_description(&parser, tang_http_parser_errno(parser))); + return EXIT_SUCCESS; + } + + memmove(req, &req[r], rcvd - r); + rcvd -= r; + } +- + return EXIT_SUCCESS; + } + +-- +2.41.0 + diff --git a/SOURCES/0002-Fix-issue-introduced-in-http-parser-llhttp-conversio.patch b/SOURCES/0002-Fix-issue-introduced-in-http-parser-llhttp-conversio.patch new file mode 100644 index 0000000..4583d92 --- /dev/null +++ b/SOURCES/0002-Fix-issue-introduced-in-http-parser-llhttp-conversio.patch @@ -0,0 +1,111 @@ +From 960b2036a97baded1b61b405e4fa99380f807ff9 Mon Sep 17 00:00:00 2001 +From: Sergio Correia +Date: Mon, 12 Feb 2024 13:07:45 +0000 +Subject: [PATCH 2/2] Fix issue introduced in http-parser -> llhttp conversion + +http_parser_execute() returns the number of parsed bytes, while +llhttp_execute() returns an error code. + +Signed-off-by: Sergio Correia +--- + src/http.h | 6 ++---- + src/tangd.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 48 insertions(+), 6 deletions(-) + +diff --git a/src/http.h b/src/http.h +index 2e35686..8d9de51 100644 +--- a/src/http.h ++++ b/src/http.h +@@ -30,10 +30,9 @@ typedef llhttp_status_t http_status_t; + typedef llhttp_settings_t http_settings_t; + typedef llhttp_t http_parser_t; + #define tang_http_parser_init(parser, settings) llhttp_init(parser, HTTP_REQUEST, settings) +-#define tang_http_parser_execute(parser, settings, req, rcvd) llhttp_execute(parser, req, rcvd) + #define tang_http_parser_errno(parser) parser.error + #define tang_http_errno_description(parser, errno) llhttp_get_error_reason(parser) +- ++#define tang_http_parser_resume(parser) llhttp_resume(parser) + #else + /* Legacy http-parser. */ + #include +@@ -44,10 +43,9 @@ typedef http_parser_settings http_settings_t; + typedef struct http_parser http_parser_t; + + #define tang_http_parser_init(parser, settings) http_parser_init(parser, HTTP_REQUEST) +-#define tang_http_parser_execute(parser, settings, req, rcvd) http_parser_execute(parser, settings, req, rcvd) + #define tang_http_parser_errno(parser) parser.http_errno + #define tang_http_errno_description(parser, errno) http_errno_description(errno) +- ++#define tang_http_parser_resume(parser) http_parser_pause(parser, 0) + #endif /* USE_LLHTTP */ + + struct http_dispatch { +diff --git a/src/tangd.c b/src/tangd.c +index 7f197f6..ab7f0cf 100644 +--- a/src/tangd.c ++++ b/src/tangd.c +@@ -193,6 +193,44 @@ static struct http_dispatch dispatch[] = { + + #define DEFAULT_PORT 9090 + ++static size_t ++tang_http_parser_execute(http_parser_t *parser, const char* data, size_t len) ++{ ++#ifdef USE_LLHTTP ++ llhttp_errno_t error; ++ size_t parsed_len; ++ ++ /* ++ * Unlike http_parser, which returns the number of parsed ++ * bytes in the _execute() call, llhttp returns an error ++ * code. ++ */ ++ ++ if (data == NULL || len == 0) { ++ error = llhttp_finish(parser); ++ } else { ++ error = llhttp_execute(parser, data, len); ++ } ++ ++ parsed_len = len; ++ /* ++ * Adjust number of parsed bytes in case of error. ++ */ ++ if (error != HPE_OK) { ++ parsed_len = llhttp_get_error_pos(parser) - data; ++ ++ /* This isn't a real pause, just a way to stop parsing early. */ ++ if (error == HPE_PAUSED_UPGRADE) { ++ llhttp_resume_after_upgrade(parser); ++ } ++ } ++ ++ return parsed_len; ++#else ++ return http_parser_execute(parser, &http_settings, data, len); ++#endif ++} ++ + static int + process_request(const char *jwkdir, int in_fileno) + { +@@ -225,8 +263,14 @@ process_request(const char *jwkdir, int in_fileno) + + rcvd += r; + +- r = tang_http_parser_execute(&parser, &http_settings, req, rcvd); +- if (tang_http_parser_errno(parser) != 0) { ++ r = tang_http_parser_execute(&parser, req, rcvd); ++ switch (tang_http_parser_errno(parser)) { ++ case HPE_OK: ++ break; ++ case HPE_PAUSED: ++ tang_http_parser_resume(&parser); ++ break; ++ default: + fprintf(stderr, "HTTP Parsing Error: %s\n", + tang_http_errno_description(&parser, tang_http_parser_errno(parser))); + return EXIT_SUCCESS; +-- +2.43.0 + diff --git a/SOURCES/tang.sysusers b/SOURCES/tang.sysusers new file mode 100644 index 0000000..98e12f5 --- /dev/null +++ b/SOURCES/tang.sysusers @@ -0,0 +1 @@ +u tang - "Tang Network Presence Daemon user" /var/cache/tang - diff --git a/SPECS/tang.spec b/SPECS/tang.spec new file mode 100644 index 0000000..bd77cd6 --- /dev/null +++ b/SPECS/tang.spec @@ -0,0 +1,268 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 10; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +Name: tang +Version: 14 +Release: %autorelease +Summary: Network Presence Binding Daemon + +License: GPL-3.0-or-later +URL: https://github.com/latchset/%{name} +Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz +Source1: tang.sysusers +Patch: 0001-Add-support-for-building-with-llhttp-instead-of-http.patch +Patch: 0002-Fix-issue-introduced-in-http-parser-llhttp-conversio.patch + +BuildRequires: gcc +BuildRequires: meson +BuildRequires: git-core +BuildRequires: jose >= 8 +BuildRequires: libjose-devel >= 8 +BuildRequires: libjose-zlib-devel >= 8 +BuildRequires: libjose-openssl-devel >= 8 + +BuildRequires: llhttp-devel +BuildRequires: systemd-devel +BuildRequires: pkgconfig + +BuildRequires: systemd +BuildRequires: systemd-rpm-macros +BuildRequires: curl + +BuildRequires: asciidoc +BuildRequires: coreutils +BuildRequires: grep +BuildRequires: socat +BuildRequires: sed +BuildRequires: iproute + +%{?systemd_ordering} +Requires: coreutils +Requires: jose >= 8 +Requires: llhttp +Requires: grep +Requires: sed + +Requires(pre): shadow-utils + +%description +Tang is a small daemon for binding data to the presence of a third party. + +%prep +%autosetup -S git + +%build +%meson +%meson_build + +%install +%meson_install +install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/tang.conf +%{__mkdir_p} $RPM_BUILD_ROOT/%{_localstatedir}/db/%{name} + +%check +%meson_test \ +%ifarch riscv64 + --timeout-multiplier 10 \ +%endif + %{nil} + +%pre +%sysusers_create_compat %{SOURCE1} +exit 0 + +%post +%systemd_post %{name}d.socket + +# Let's make sure any existing keys are readable only +# by the owner/group. +if [ -d /var/db/tang ]; then + for k in /var/db/tang/*.jwk; do + test -e "${k}" || continue + chmod 0440 -- "${k}" + done + for k in /var/db/tang/.*.jwk; do + test -e "${k}" || continue + chmod 0440 -- "${k}" + done + chown tang:tang -R /var/db/tang +fi + +%preun +%systemd_preun %{name}d.socket + +%postun +%systemd_postun_with_restart %{name}d.socket + +%files +%license COPYING +%attr(0700, %{name}, %{name}) %{_localstatedir}/db/%{name} +%{_unitdir}/%{name}d@.service +%{_unitdir}/%{name}d.socket +%{_libexecdir}/%{name}d-keygen +%{_libexecdir}/%{name}d-rotate-keys +%{_libexecdir}/%{name}d +%{_mandir}/man8/tang.8* +%{_bindir}/%{name}-show-keys +%{_mandir}/man1/tang-show-keys.1* +%{_mandir}/man1/tangd-rotate-keys.1.* +%{_sysusersdir}/tang.conf + +%changelog +## START: Generated by rpmautospec +* Tue Oct 15 2024 Sergio Correia - 14-10 +- Weaken systemd dependency + +* Mon Jun 24 2024 Troy Dawson - 14-9 +- Bump release for June 2024 mass rebuild + +* Mon Jun 10 2024 David Abdurachmanov - 14-8 +- riscv64: Give more time for tests to finish + +* Mon May 27 2024 koncpa - 14-7 +- Enable RHEL gating for tang + +* Mon Feb 12 2024 Sergio Correia - 14-6 +- Backport follow-up fix for llhttp conversion + +* Sat Jan 27 2024 Fedora Release Engineering - 14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 11 2024 Sergio Correia - 14.3 +- Use llhttp instead of http-parser + +* Sat Jul 22 2023 Fedora Release Engineering - 14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jun 14 2023 Sergio Arroutbi - 14-1 +- New upstream release - v14 + Resolves: rhbz#2180990 + +* Fri Feb 10 2023 Sergio Arroutbi - 13-1 +- New upstream release - v13 + +* Sat Jan 21 2023 Fedora Release Engineering - 11-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Dec 07 2022 Sergio Correia - 11-5 +- Report error details when json_load_file() fails + +* Wed Aug 17 2022 Sergio Arroutbi - 11-4 +- Adopt systemd-sysusers format + +* Sat Jul 23 2022 Fedora Release Engineering - 11-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Dec 14 2021 Sergio Correia - 11-1 +- New upstream release - v11. + Resolves: CVE-2021-4076 + +* Mon Oct 04 2021 Sergio Arroutbi - 10-5 +- Fix scriptlet from previous commit + +* Mon Oct 04 2021 Sergio Correia - 10-4 +- Keys are created with 0440 mode + Resolves rhbz#2008204 + +* Fri Jul 23 2021 Fedora Release Engineering - 10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu May 20 2021 Sergio Correia - 10-2 +- Fix issues reported by shellcheck and a possible NULL pointer + dereference reported by gcc static analyzer (3d770c6, 262d98f) + +* Wed May 05 2021 Sergio Correia - 10-1 +- New upstream release - v10. + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 8-3 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Feb 09 2021 Sergio Correia - 8-2 +- Remove extra patches as they are already included in v8 release + +* Mon Feb 08 2021 Sergio Correia - 8-1 +- New upstream release - v8. + +* Wed Jan 27 2021 Fedora Release Engineering - 7-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 1 2020 Sergio Correia - 7.8 +- Move build system to meson + Upstream commits (fed9020, 590de27) +- Move key handling to tang itself + Upstream commits (6090505, c71df1d, 7119454) + +* Wed Jul 29 2020 Fedora Release Engineering - 7-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Apr 15 2020 Igor Raits - 7-6 +- Rebuild for http-parser 2.9.4 + +* Tue Feb 25 2020 Sergio Correia - 7-5 +- Rebuilt after http-parser update + +* Fri Jan 31 2020 Fedora Release Engineering - 7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jul 27 2019 Fedora Release Engineering - 7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Feb 03 2019 Fedora Release Engineering - 7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Aug 10 2018 Nathaniel McCallum - 7-1 +- New upstream release +- Retire tang-nagios package (now separate upstream) + +* Sat Jul 14 2018 Fedora Release Engineering - 6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jun 14 2017 Nathaniel McCallum - 6-1 +- New upstream release + +* Wed Jun 14 2017 Nathaniel McCallum - 5-2 +- Fix incorrect dependencies + +* Wed Jun 14 2017 Nathaniel McCallum - 5-1 +- New upstream release + +* Sat Feb 11 2017 Fedora Release Engineering - 4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Nov 14 2016 Nathaniel McCallum - 4-2 +- Fix a race condition in one of the tests + +* Thu Nov 10 2016 Nathaniel McCallum - 4-1 +- New upstream release +- Add nagios subpackage + +* Wed Oct 26 2016 Nathaniel McCallum - 3-1 +- New upstream release + +* Wed Oct 19 2016 Nathaniel McCallum - 2-1 +- New upstream release + +* Tue Aug 23 2016 Nathaniel McCallum - 1-1 +- First release + +## END: Generated by rpmautospec