From 8e462d10686e715addbe037fa5552207dbbb5b84 Mon Sep 17 00:00:00 2001 From: sgrubb Date: Fri, 30 May 2014 16:29:34 -0400 Subject: [PATCH] AMTU was needed for Common Criteria testing. No PP has needed it in about 5 years. Upstream for the package is also dead. --- .gitignore | 10 --- amtu-1.0.8-doc.patch | 117 ------------------------- amtu-1.0.8-memsep.patch | 12 --- amtu-1.0.8-net-device.patch | 159 --------------------------------- amtu.spec | 170 ------------------------------------ dead.package | 1 + sources | 1 - 7 files changed, 1 insertion(+), 469 deletions(-) delete mode 100644 .gitignore delete mode 100644 amtu-1.0.8-doc.patch delete mode 100644 amtu-1.0.8-memsep.patch delete mode 100644 amtu-1.0.8-net-device.patch delete mode 100644 amtu.spec create mode 100644 dead.package delete mode 100644 sources diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 9ec1f57..0000000 --- a/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -amtu-0.1.tar.gz -amtu-1.0.tar.gz -amtu-1.0.1.tar.gz -amtu-1.0.2.tar.gz -amtu-1.0.3.tar.gz -amtu-1.0.4.tar.gz -amtu-1.0.5-1.tar.gz -amtu-1.0.6.tar.gz -amtu-1.0.7.tar.gz -amtu-1.0.8.tar.gz diff --git a/amtu-1.0.8-doc.patch b/amtu-1.0.8-doc.patch deleted file mode 100644 index b6fb6ac..0000000 --- a/amtu-1.0.8-doc.patch +++ /dev/null @@ -1,117 +0,0 @@ -diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt ---- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 -@@ -0,0 +1,105 @@ -+ABSTRACT MACHINE TEST UTILITY HOWTO -+ -+ -+OVERVIEW -+ -+Abstract Machine Test Utility (AMTU) is an administrative utility to check -+whether the underlying protection mechanism of the hardware are still being -+enforced. This is a requirement of the Controlled Access Protection Profile -+(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. -+AMTU executes the following tests: -+ -+* Memory -+ -+Randomly writes to areas of memory and then reading the memory back to -+ensure the values written remain unchanged. -+ -+* Memory Separation -+ -+Ensures that user space programs cannot read and write to areas of memory -+utilized by the likes of Video RAM, kernel code, etc. -+ -+* I/O Controller - Network -+ -+Verifies random data transmitted is also the data received for each configured -+network device. Only ethernet and token ring devices that are configured and -+up are checked. Async devices are not checked. -+ -+* I/O Controller - Disk -+ -+Verifies that information written to disks remains unchanged. Only SCSI and IDE -+controllers associated with mounted filesystems are checked. -+ -+* Supervisor Mode Instructions -+ -+Ensures that the enforcement of the property that privileged instructions -+should only be in supervisor mode is still in effect. The set privileged -+instructions tested to confirm this is architecture dependant. -+ -+ -+ -+TESTED VERSIONS -+ -+AMTU has been tested on the following: -+ -+* RHEL4 and 5 -+* SuSE SLES 8 -+* pSeries (32-bit and 64-bit) -+* iSeries (64-bit) -+* zSeries (31-bit) -+* xSeries (32-bit) -+ -+ -+ -+INSTALLING AMTU -+ -+VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES -+ -+Before installing AMTU, verify that your system meets the following -+requirements and prerequisites: -+ -+* The system is running in the Common Criteria evaluated configuration. -+ -+ -+COMPILING AND INSTALLING AMTU -+ -+Untar the AMTU source tarball. Then issue the following commands: -+ ./bootstrap -+ ./configure -+ make -+ make install -+ -+Only the last step must be run as root. During the ./configure stage -+you may opt to change various options including default install directory. -+ -+When compiling AMTU as a 64-bit application on a PPC64 architecture (with the -+exception of Squadron pSeries), specify -+ -+ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc -+ -+where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. -+ -+To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, -+ -+ ./configure CC="gcc -m64" -+ -+ -+ -+RUNNING AMTU -+ -+AMTU installs to /usr/bin/amtu by default. You can add optional command line -+arguments (see the AMTU man page (amtu.8) for more details). -+ -+ -+ -+INTERPRETING RESULTS -+ -+AMTU issues the following return codes when executed: -+ -+ * -1 - Program abort error -+ * 0 - Successful program completion -+ -+If the error is repeatable, you can re-run amtu with the -d option to get -+more information about the failure. The success or failure of AMTU is logged -+in the audit log files (see auditd.8). -+ -diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am ---- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 -+++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 -@@ -1,3 +1,3 @@ - CONFIG_CLEAN_FILES = *.rej *.orig --EXTRA_DIST = $(man_MANS) -+EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt - man_MANS = amtu.8 diff --git a/amtu-1.0.8-memsep.patch b/amtu-1.0.8-memsep.patch deleted file mode 100644 index 679f08c..0000000 --- a/amtu-1.0.8-memsep.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urp amtu-1.0.8.orig/src/memsep.c amtu-1.0.8/src/memsep.c ---- amtu-1.0.8.orig/src/memsep.c 2010-01-18 10:56:48.000000000 -0500 -+++ amtu-1.0.8/src/memsep.c 2010-01-18 11:42:23.000000000 -0500 -@@ -102,7 +102,7 @@ void sig_handler(int sig) - #endif - int *get_pointer_in_range(int *start, int *end) - { -- return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start + 1))); -+ return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start))); - } - - /************************************************************************/ diff --git a/amtu-1.0.8-net-device.patch b/amtu-1.0.8-net-device.patch deleted file mode 100644 index 21d69e5..0000000 --- a/amtu-1.0.8-net-device.patch +++ /dev/null @@ -1,159 +0,0 @@ -From aa004563d3951086283f896342ec4b3b96fb8785 Mon Sep 17 00:00:00 2001 -From: Jan Stancek -Date: Wed, 24 Aug 2011 11:54:30 +0200 -Subject: [PATCH] networkio: check ifc type and carrier in /sys - -With biosdevname changes it's no longer valid to check -interface type just by name of interface. - -This patch will get interface hardware type and carrier from -/sys/class/net. As in previous implementation, only ethernet -and token ring can be used, and carrier must be present. - -Difference is, that now all devices, that match this criteria, -will get tested, e.g. bridge or tap devices too. - -Patch aims to resolve these bugs: -Bug 689823 - [AMTU] "Failed to get list of network interfaces to test." -https://bugzilla.redhat.com/show_bug.cgi?id=689823 - -Bug 723049 - [RHEL6.0] AMTU Running network tests on interfaces that -have no link -https://bugzilla.redhat.com/show_bug.cgi?id=723049 - -Before: -[root@dell-pem710 amtu-1.0.8]# ./src/amtu -dn -Executing Network I/O Tests... -Failed to get list of network interfaces to test. - -After: -[root@dell-pem710 amtu-1.0.8]# ./src/amtu -dn -Executing Network I/O Tests... -if: lo, type: 772, carrier: 1 -if: em1, type: 1, carrier: 1 -if: em2, type: 1, carrier: 1 -if: em3, type: 1, carrier: -1 -if: em4, type: 1, carrier: -1 -if: lo, type: 772, carrier: 1 -if: em1, type: 1, carrier: 1 -if: lo, type: 772, carrier: 1 -if: em1, type: 1, carrier: 1 -if: em1, type: 1, carrier: 1 -if: em2, type: 1, carrier: 1 -if: em2, type: 1, carrier: 1 - -Interface list to test: - em1 - em2 - -Signed-off-by: Jan Stancek ---- - src/networkio.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++--- - 1 files changed, 73 insertions(+), 5 deletions(-) - -diff --git a/src/networkio.c b/src/networkio.c -index bfa69e8..54f99c3 100644 ---- a/src/networkio.c -+++ b/src/networkio.c -@@ -41,6 +41,9 @@ - #include - #include - #include -+#include -+#include -+#include - #include - #include - #include "amtu.h" -@@ -143,7 +146,51 @@ int send_packet(struct interface_info *iff) - close(ssock_fd); - return 0; - } -- -+ -+int sysfs_present(const char *path) -+{ -+ struct stat st; -+ return stat(path, &st); -+} -+ -+int get_sysfs_value(const char *sysfs_path) -+{ -+ FILE *f; -+ int value = -1; -+ -+ f = fopen(sysfs_path, "r"); -+ if (f) { -+ fscanf(f, "%d", &value); -+ fclose(f); -+ } -+ -+ return value; -+} -+ -+int get_interface_type(const char *if_name) -+{ -+ char sysfs_if_type[PATH_MAX]; -+ int type = -1; -+ -+ if (snprintf(sysfs_if_type, PATH_MAX, -+ "/sys/class/net/%s/type", if_name) > 0) { -+ type = get_sysfs_value(sysfs_if_type); -+ } -+ return type; -+} -+ -+int get_interface_carrier(const char *if_name) -+{ -+ char sysfs_if_carrier[PATH_MAX]; -+ int carrier = 0; -+ -+ if (snprintf(sysfs_if_carrier, PATH_MAX, -+ "/sys/class/net/%s/carrier", if_name) > 0) { -+ carrier = get_sysfs_value(sysfs_if_carrier); -+ } -+ return carrier; -+} -+ - /****************************************************************/ - /* */ - /* FUNCTION: get_interfaces */ -@@ -174,10 +221,31 @@ int get_interfaces() - struct interface_info *np; - int found = 0; - -- /* only testing ethernet and tokenring */ -- if ((strncmp(ifa->ifa_name, "eth", 3) != 0) && -- (strncmp(ifa->ifa_name, "tr", 2) != 0)) -- continue; -+ if (sysfs_present("/sys/class/net") == 0) { -+ int if_type = -1; -+ int if_carrier = 0; -+ -+ if_type = get_interface_type(ifa->ifa_name); -+ if_carrier = get_interface_carrier(ifa->ifa_name); -+ -+ if (debug) -+ printf("if: %7s, type: %4d, carrier: %3d\n", -+ ifa->ifa_name, if_type, if_carrier); -+ -+ /* only testing ethernet and tokenring */ -+ if (if_type != ARPHRD_ETHER && -+ if_type != ARPHRD_IEEE802_TR) -+ continue; -+ -+ /* only testing if carrier present */ -+ if (if_carrier != 1) -+ continue; -+ } else { -+ /* with no sysfs, just fall back to old way */ -+ if ((strncmp(ifa->ifa_name, "eth", 3) != 0) && -+ (strncmp(ifa->ifa_name, "tr", 2) != 0)) -+ continue; -+ } - - /* check family */ - if (ifa->ifa_addr->sa_family != AF_INET && --- -1.7.1 - diff --git a/amtu.spec b/amtu.spec deleted file mode 100644 index e94c47a..0000000 --- a/amtu.spec +++ /dev/null @@ -1,170 +0,0 @@ -Summary: Abstract Machine Test Utility (AMTU) -Name: amtu -Version: 1.0.8 -Release: 14%{?dist} -License: CPL -Group: System Environment/Base -URL: http://sourceforge.net/projects/amtueal/ -Source0: %{name}-%{version}.tar.gz -Patch1: amtu-1.0.8-doc.patch -Patch2: amtu-1.0.8-memsep.patch -Patch3: amtu-1.0.8-net-device.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: audit-libs-devel >= 1.1.2 -BuildRequires: automake -ExclusiveArch: i386 i686 x86_64 ppc ppc64 s390 s390x ia64 - -%description -Abstract Machine Test Utility (AMTU) is an administrative utility to check -whether the underlying protection mechanism of the hardware are still being -enforced. This is a requirement of the Controlled Access Protection Profile -FPT_AMT.1, see -http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf - -%prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 - -%build -touch ChangeLog -touch NEWS -touch AUTHORS -autoreconf -fv --install -%configure -make %{?_smp_mflags} - -%install -rm -rf $RPM_BUILD_ROOT -make "DESTDIR=${RPM_BUILD_ROOT}" "bindir=%{_sbindir}" install - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root, -) -%doc doc/AMTUHowTo.txt LICENSE -%attr(0750,root,root) %{_sbindir}/amtu -%attr(0644,root,root) %{_mandir}/man8/* - -%changelog -* Sat Aug 03 2013 Fedora Release Engineering - 1.0.8-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Wed Feb 13 2013 Fedora Release Engineering - 1.0.8-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Wed Jul 18 2012 Fedora Release Engineering - 1.0.8-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Mon May 14 2012 Steve Grubb - 1.0.8-11 -- Handle new network device naming scheme (#682337) - -* Mon May 14 2012 Steve Grubb - 1.0.8-10 -- Remove init script (#754358) - -* Thu Jan 12 2012 Fedora Release Engineering - 1.0.8-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Mon Feb 07 2011 Fedora Release Engineering - 1.0.8-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Tue Feb 16 2010 Steve Grubb - 1.0.8-7 -- Move amtu to /usr/sbin - -* Mon Jan 18 2010 Steve Grubb - 1.0.8-6 -- Fix off by one in memory separation test - -* Fri Sep 11 2009 Steve Grubb - 1.0.8-5 -- Corrected config file test (#522708) -- Made init script more LSB compatible (#522789) - -* Fri Aug 28 2009 Steve Grubb - 1.0.8-4 -- Add ExclusiveArch for platforms having memory separation tests - -* Fri Aug 21 2009 Tomas Mraz - 1.0.8-3 -- rebuilt with new audit - -* Wed Aug 19 2009 Steve Grubb 1.0.8-2 -- rebuild for new audit-libs - -* Sun Jul 26 2009 Steve Grubb 1.0.8-1 -- new upstream version -- Add init script for bootup system check - -* Fri Jul 24 2009 Fedora Release Engineering - 1.0.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Wed Jul 01 2009 Steve Grubb 1.0.7-1 -- new upstream version - -* Mon Feb 23 2009 Fedora Release Engineering - 1.0.6-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Mon Jul 14 2008 Tom "spot" Callaway - 1.0.6-3 -- fix license tag - -* Tue Feb 19 2008 Fedora Release Engineering - 1.0.6-2 -- Autorebuild for GCC 4.3 - -* Sat Dec 08 2007 Steve Grubb 1.0.6-1 -- new upstream version - -* Thu Mar 08 2007 Steve Grubb 1.0.5-1 -- new upstream version - -* Fri Feb 16 2007 Steve Grubb 1.0.4-6 -- change buildroot - -* Thu Feb 8 2007 Steve Grubb 1.0.4-5 -- specfile updates - -* Tue Jan 9 2007 Steve Grubb 1.0.4-4 -- patch fixing network and disk tests - -* Wed Jul 12 2006 Jesse Keating - 1.0.4-3.1 -- rebuild - -* Mon Jun 12 2006 Jesse Keating - 1.0.4-3 -- Fix missing BR on automake - -* Fri Feb 10 2006 Jesse Keating - 1.0.4-2.2 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - 1.0.4-2.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Tue Jan 3 2006 Jesse Keating 1.0.4-2 -- rebuilt - -* Fri Dec 9 2005 Steve Grubb 1.0.4-1 -- New upstream version updated for new audit messages -* Mon Dec 5 2005 Steve Grubb 1.0.2-2 -- Fix "clean" section of spec file (bz 172942) -- Add memsep-random patch (bz 174767) -* Thu Jul 14 2005 Steve Grubb 1.0.2-1 -- New upstream version. -* Tue Jul 12 2005 Steve Grubb 1.0.1-1 -- New version fixes bug where audit system was disable at end of test. -* Wed Jun 8 2005 Steve Grubb 1.0-2 -- add a few more include "config.h" -* Fri May 27 2005 Steve Grubb 1.0-1 -- New upstream version from IBM -- Drop memsep patch -- Rework specfile -* Thu Sep 2 2004 root 0.1-7RHEL -- integrate memsep patch from Matt Anderson at HP -* Mon Aug 16 2004 root 0.1-6RHEL -- Integrate ia64 patches from HP's Matt Anderson, enabling use on ia64 -* Tue Jun 29 2004 root 0.1-4RHEL -- fix /usr/bin/amtu modes for real this time -* Tue Jun 29 2004 root 0.1-4RHEL -- set execute bits on /usr/bin/amtu -* Fri May 28 2004 ccb 0.1-3RHEL -- fixed owners and permissions in "files" -* Wed May 26 2004 ccb 0.1-2RHEL -- move docs to a version-qualified directory name -* Sat May 1 2004 root -- Initial build. - diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..b18e62c --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +AMTU was needed for Common Criteria testing. No PP has needed it in about 5 years. Upstream for the package is also dead. diff --git a/sources b/sources deleted file mode 100644 index c2f8d81..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -755b517a3a1cc4092435c349d9b99312 amtu-1.0.8.tar.gz