From 43a125fc5cba00c1e398fbb4d3deebb7fc421d91 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sat, 8 Dec 2007 18:15:14 +0000 Subject: [PATCH 01/26] - new upstream version --- .cvsignore | 1 + amtu-1.0.2-memsep-random.patch | 32 ----- amtu-1.0.4-cleanup.patch | 76 ---------- amtu-autoconf.patch | 120 ---------------- amtu-ia64.patch | 245 --------------------------------- amtu-memsep.patch | 68 --------- amtu.spec | 5 +- sources | 2 +- 8 files changed, 6 insertions(+), 543 deletions(-) delete mode 100644 amtu-1.0.2-memsep-random.patch delete mode 100644 amtu-1.0.4-cleanup.patch delete mode 100644 amtu-autoconf.patch delete mode 100644 amtu-ia64.patch delete mode 100644 amtu-memsep.patch diff --git a/.cvsignore b/.cvsignore index d5f97a4..c548825 100644 --- a/.cvsignore +++ b/.cvsignore @@ -5,3 +5,4 @@ amtu-1.0.2.tar.gz amtu-1.0.3.tar.gz amtu-1.0.4.tar.gz amtu-1.0.5-1.tar.gz +amtu-1.0.6.tar.gz diff --git a/amtu-1.0.2-memsep-random.patch b/amtu-1.0.2-memsep-random.patch deleted file mode 100644 index 029c5eb..0000000 --- a/amtu-1.0.2-memsep-random.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- amtu-1.0.2/src/memsep.c.orig 2005-12-01 23:11:44.000000000 -0500 -+++ amtu-1.0.2/src/memsep.c 2005-12-01 22:58:17.000000000 -0500 -@@ -56,6 +56,7 @@ - #include "config.h" - #include - #include -+#include - #include - #include - #include -@@ -91,15 +92,14 @@ void sig_handler(int sig) - /* range start <= j < end, aligned to sizeof(int) */ - /* */ - /************************************************************************/ -+#if __LP64__ -+#define RANDNUM ((uint64_t)random() << 32 | random()) -+#else -+#define RANDNUM random() -+#endif - int *get_pointer_in_range(int *start, int *end) - { -- int *j; -- double n_ints; -- -- n_ints = (end - start)/sizeof(int); -- -- j = start + (int) (n_ints * rand()/(RAND_MAX + 1.0)); -- return j; -+ return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start + 1))); - } - - /************************************************************************/ diff --git a/amtu-1.0.4-cleanup.patch b/amtu-1.0.4-cleanup.patch deleted file mode 100644 index cf7a059..0000000 --- a/amtu-1.0.4-cleanup.patch +++ /dev/null @@ -1,76 +0,0 @@ -diff -urp amtu-1.0.4.orig/src/iodisktest.c amtu-1.0.4/src/iodisktest.c ---- amtu-1.0.4.orig/src/iodisktest.c 2007-01-09 15:41:48.000000000 -0500 -+++ amtu-1.0.4/src/iodisktest.c 2007-01-09 16:32:38.000000000 -0500 -@@ -74,6 +74,7 @@ - #define MAXLINE 500 - #define MAXINDEX 100 - #define MAXMEMSIZE 10485670 -+#define BDEVNAME_SIZE 32 - - // Structure to track info about partitions - typedef struct { -@@ -279,7 +280,7 @@ int iodisktest(int argc, char *argv[]) - FILE *fname; - FILE *fs; - FILE *fs1; -- char token[10]; -+ char token[BDEVNAME_SIZE]; - char line[MAXLINE]; - int num = 32; - int num_of_rands = 0; -diff -urp amtu-1.0.4.orig/src/networkio.c amtu-1.0.4/src/networkio.c ---- amtu-1.0.4.orig/src/networkio.c 2007-01-09 15:41:48.000000000 -0500 -+++ amtu-1.0.4/src/networkio.c 2007-01-09 17:26:28.000000000 -0500 -@@ -208,6 +208,10 @@ int get_interfaces() - - ifr = ifc.ifc_req; - numifs = ifc.ifc_len/sizeof (struct ifreq); -+ if (numifs > MAX_INTERFACES) { -+ printf("Too many interfaces, only testing the first %d\n", MAX_INTERFACES); -+ numifs = MAX_INTERFACES; -+ } - if (debug) - printf("SIOCGIFCONF has %d interfaces in list:\n", numifs); - -@@ -231,6 +235,7 @@ int get_interfaces() - memset(&ifr_sub, '\0', sizeof(struct ifreq)); - strncpy(ifr_sub.ifr_name, ifr->ifr_name, - sizeof(ifr_sub.ifr_name)); -+ ifr_sub.ifr_name[sizeof(ifr_sub.ifr_name)-1] = 0; - if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifr_sub) < 0) { - fprintf(stderr, "SIOCGIFFLAGS failed for %s.\n", - ifr->ifr_name); -@@ -287,7 +292,7 @@ int get_interfaces() - } - - np->ifindex = ifr_sub.ifr_ifindex; -- np->ifname = (char *)malloc(sizeof(ifr->ifr_name)); -+ np->ifname = strdup(ifr->ifr_name); - if (np->ifname == NULL) - { - fprintf(stderr, "get_interfaces: malloc failed\n"); -@@ -302,8 +307,6 @@ int get_interfaces() - return -1; - } - -- strncpy(np->ifname, ifr->ifr_name, sizeof(ifr->ifr_name)); -- - if (ioctl(sock, SIOCGIFHWADDR, &ifr_sub) < 0) { - fprintf(stderr, "SIOCGIFHWADDR failed for %s.\n", - ifr_sub.ifr_name); -@@ -403,7 +406,6 @@ int networkio(int argc, char *argv[]) - */ - bzero(packetbuf, sizeof(packetbuf)); - bzero(&from, sizeof(from)); -- len = sizeof(from); - rsock_fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_LOOP)); - - memset(&rcv_info, 0, sizeof(rcv_info)); -@@ -449,6 +451,7 @@ int networkio(int argc, char *argv[]) - */ - count = 0; - do { -+ len = sizeof(from); - cc = recvfrom(rsock_fd, packetbuf, sizeof(packetbuf), - MSG_DONTWAIT, (struct sockaddr *)&from, &len); - diff --git a/amtu-autoconf.patch b/amtu-autoconf.patch deleted file mode 100644 index 2b0694b..0000000 --- a/amtu-autoconf.patch +++ /dev/null @@ -1,120 +0,0 @@ -diff -urp amtu-1.0.orig/configure.in amtu-1.0/configure.in ---- amtu-1.0.orig/configure.in 2005-06-08 16:50:00.155816448 -0400 -+++ amtu-1.0/configure.in 2005-06-08 16:51:12.515816056 -0400 -@@ -1,9 +1,18 @@ --AC_INIT(src/amtu.c) -+AC_REVISION($Revision: 1.3 $)dnl - # AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE. - # We aren't using the latest version so we'll keep using it - #AC_CANONICAL_TARGET -+AC_INIT(src/amtu.c) -+AC_PREREQ(2.12)dnl -+AC_CONFIG_AUX_DIR(config) -+AC_CONFIG_SRCDIR(src/amtu.c) -+AM_CONFIG_HEADER(config.h) -+ -+VERSION=1.0 -+echo Configuring amtu $VERSION -+ - AC_CANONICAL_SYSTEM --AM_INIT_AUTOMAKE(amtu, 1.0) -+AM_INIT_AUTOMAKE(amtu, $VERSION) - AC_PROG_CC - case "$target" in - i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);; -@@ -15,6 +24,4 @@ ia64-*) AC_DEFINE(HAVE_IA64,1,NULL);; - esac - AC_CHECK_LIB(laus, laus_open) - AC_CHECK_LIB(audit, audit_open) --AC_OUTPUT(Makefile \ --src/Makefile \ --doc/Makefile) -+AC_OUTPUT(Makefile src/Makefile doc/Makefile) -diff -urp amtu-1.0.orig/src/amtu.c amtu-1.0/src/amtu.c ---- amtu-1.0.orig/src/amtu.c 2005-03-17 13:46:39.000000000 -0500 -+++ amtu-1.0/src/amtu.c 2005-06-08 16:51:42.051325976 -0400 -@@ -36,6 +36,7 @@ - // - //---------------------------------------------------------------------- - -+#include "config.h" - #include - #include - #include -diff -urp amtu-1.0.orig/src/amtu-i86.c amtu-1.0/src/amtu-i86.c ---- amtu-1.0.orig/src/amtu-i86.c 2005-03-17 13:48:38.000000000 -0500 -+++ amtu-1.0/src/amtu-i86.c 2005-06-08 16:51:12.521815144 -0400 -@@ -29,6 +29,7 @@ - // using libaudit instead of liblaus - //---------------------------------------------------------------------- - -+#include "config.h" - #include - #include - #include -diff -urp amtu-1.0.orig/src/amtu-ppc.c amtu-1.0/src/amtu-ppc.c ---- amtu-1.0.orig/src/amtu-ppc.c 2005-03-17 13:48:57.000000000 -0500 -+++ amtu-1.0/src/amtu-ppc.c 2005-06-08 16:51:12.522814992 -0400 -@@ -28,6 +28,7 @@ - // using libaudit instead of liblaus - //---------------------------------------------------------------------- - -+#include "config.h" - #include - #include - #include -diff -urp amtu-1.0.orig/src/amtu-s390.c amtu-1.0/src/amtu-s390.c ---- amtu-1.0.orig/src/amtu-s390.c 2005-03-17 13:49:16.000000000 -0500 -+++ amtu-1.0/src/amtu-s390.c 2005-06-08 16:51:12.523814840 -0400 -@@ -29,6 +29,7 @@ - // using libaudit instead of liblaus - //---------------------------------------------------------------------- - -+#include "config.h" - #include - #include - #include -diff -urp amtu-1.0.orig/src/iodisktest.c amtu-1.0/src/iodisktest.c ---- amtu-1.0.orig/src/iodisktest.c 2005-03-17 13:49:29.000000000 -0500 -+++ amtu-1.0/src/iodisktest.c 2005-06-08 16:52:28.261300992 -0400 -@@ -53,6 +53,7 @@ - //03/15/05 D.Velarde Added AUDIT_LOG statements to be used if we're - // using libaudit instead of liblaus - //---------------------------------------------------------------------- -+#include "config.h" - #include - #include - #include -diff -urp amtu-1.0.orig/src/memory.c amtu-1.0/src/memory.c ---- amtu-1.0.orig/src/memory.c 2005-03-17 13:49:41.000000000 -0500 -+++ amtu-1.0/src/memory.c 2005-06-08 16:52:48.022296864 -0400 -@@ -46,6 +46,7 @@ - // using libaudit instead of liblaus - // - //---------------------------------------------------------------------- -+#include "config.h" - #include - #include - #include -diff -urp amtu-1.0.orig/src/memsep.c amtu-1.0/src/memsep.c ---- amtu-1.0.orig/src/memsep.c 2005-03-17 17:27:49.000000000 -0500 -+++ amtu-1.0/src/memsep.c 2005-06-08 16:53:01.955178744 -0400 -@@ -52,6 +52,7 @@ - // don't switch to user nobody if running on RHEL4 - // - //---------------------------------------------------------------------- -+#include "config.h" - #include - #include - #include -diff -urp amtu-1.0.orig/src/networkio.c amtu-1.0/src/networkio.c ---- amtu-1.0.orig/src/networkio.c 2005-03-17 13:50:08.000000000 -0500 -+++ amtu-1.0/src/networkio.c 2005-06-08 16:53:21.894147560 -0400 -@@ -28,6 +28,7 @@ - // - // ----------------------------------------------------------------- - -+#include "config.h" - #include - #include - #include diff --git a/amtu-ia64.patch b/amtu-ia64.patch deleted file mode 100644 index 0d5319a..0000000 --- a/amtu-ia64.patch +++ /dev/null @@ -1,245 +0,0 @@ -diff -urN amtu-1.0.orig/config.h.in amtu-0.2/config.h.in ---- amtu-1.0.orig/config.h.in 2005-05-27 17:15:17.048941192 -0400 -+++ amtu-1.0/config.h.in 2005-05-27 17:16:12.582498808 -0400 -@@ -15,3 +15,5 @@ - /* NULL */ - #undef HAVE_S390 - -+/* NULL */ -+#undef HAVE_IA64 -diff -urN amtu-1.0.orig/configure.in amtu-0.2/configure.in ---- amtu-1.0.orig/configure.in 2005-05-27 17:15:17.048941192 -0400 -+++ amtu-1.0/configure.in 2005-05-27 17:15:37.431842520 -0400 -@@ -20,6 +20,7 @@ - powerpc64-*) AC_DEFINE(HAVE_PPC64,1,NULL);; - x86_64-*) AC_DEFINE(HAVE_X86_64,1,NULL);; - s390-* | s390x-*) AC_DEFINE(HAVE_S390,1,NULL);; -+ia64-*) AC_DEFINE(HAVE_IA64,1,NULL);; - esac - AC_CHECK_LIB(laus, laus_open) - AC_CHECK_LIB(audit, audit_open) -diff -urN amtu-1.0.orig/configure.in.orig amtu-0.2/configure.in.orig ---- amtu-1.0.orig/configure.in.orig 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0/configure.in.orig 2005-05-27 17:11:50.436351080 -0400 -@@ -0,0 +1,26 @@ -+AC_REVISION($Revision: 1.3 $)dnl -+# AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE. -+# We aren't using the latest version so we'll keep using it -+#AC_CANONICAL_TARGET -+AC_INIT(src/amtu.c) -+AC_PREREQ(2.12)dnl -+AC_CONFIG_AUX_DIR(config) -+AC_CONFIG_SRCDIR(src/amtu.c) -+AM_CONFIG_HEADER(config.h) -+ -+VERSION=0.2 -+echo Configuring amtu $VERSION -+ -+AC_CANONICAL_SYSTEM -+AM_INIT_AUTOMAKE(amtu, $VERSION) -+AC_PROG_CC -+case "$target" in -+i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);; -+powerpc-*) AC_DEFINE(HAVE_PPC,1,NULL);; -+powerpc64-*) AC_DEFINE(HAVE_PPC64,1,NULL);; -+x86_64-*) AC_DEFINE(HAVE_X86_64,1,NULL);; -+s390-* | s390x-*) AC_DEFINE(HAVE_S390,1,NULL);; -+esac -+AC_CHECK_LIB(laus, laus_open) -+AC_CHECK_LIB(audit, audit_open) -+AC_OUTPUT(Makefile src/Makefile doc/Makefile) -diff -urN amtu-1.0.orig/src/amtu-ia64.c amtu-0.2/src/amtu-ia64.c ---- amtu-1.0.orig/src/amtu-ia64.c 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0/src/amtu-ia64.c 2005-05-27 17:15:37.432842368 -0400 -@@ -0,0 +1,182 @@ -+//---------------------------------------------------------------------- -+// -+// Module Name: amtu-ia64.c -+// -+// Include File: none -+// -+// Description: Code for Abstract Machine Test i386 Privilege test. -+// -+// Notes: This module performs the machine specific privilege tests -+// to ensure that the underlying hardware is still enforcing -+// the appropriate control mechanisms. -+// ----------------------------------------------------------------- -+// LANGUAGE: C -+// -+// (C) Copyright International Businesses Machine Corp. 2003 -+// Licensed under the Common Public License v. 1.0 -+// ----------------------------------------------------------------- -+// -+// Change Activity: -+// DATE PGMR COMMENTS -+// -------- --------- ---------------------- -+// 2/05/03 J.Young Add new X86-64 instructions -+// 7/20/03 EJR Added prolog, comments -+// 8/19/03 EJR Version # on CPL + comment stanzas for functions -+// 8/25/03 K.Simon Added NO_TAG to AUDIT_LOG -+// 8/26/03 K.Simon Added printf to display test name -+// 10/17/03 K.Simon Removed NO_TAG -+// 7/15/04 mra Converted file to be ia64 specific -+// 5/27/05 S. Grubb Update to use libaudit -+//---------------------------------------------------------------------- -+ -+#include "config.h" -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "amtu.h" -+ -+#if defined(HAVE_IA64) -+#ifdef HAVE_LIBLAUS -+#define AUDIT_LOG LAUS_LOG -+#endif -+ -+/************************************************************************/ -+/* */ -+/* FUNCTION: catchfault */ -+/* */ -+/* PURPOSE: Signal handler to catch the segmentation violation which is */ -+/* expected when trying to execute privileged instructions */ -+/* without privilege. */ -+/* */ -+/************************************************************************/ -+void catchfault(int sig) -+{ -+ if (debug) { -+ printf("caught the fault %d\n", sig); -+ } -+ exit(0); -+} -+ -+ -+/************************************************************************/ -+/* */ -+/* FUNCTION: amtu_priv */ -+/* */ -+/* PURPOSE: Execute privileged instructions to ensure that they cannot */ -+/* legitimately be run in user mode. */ -+/* */ -+/************************************************************************/ -+int amtu_priv(int argc, char *argv[]) -+{ -+ struct sigaction sig; -+ pid_t pid, wpid; -+ int stat; -+ -+ printf("Executing Supervisor Mode Instructions Test...\n"); -+ -+ /* Set up signal handler */ -+ sig.sa_handler = catchfault; -+ sig.sa_flags = 0; -+ sigemptyset(&sig.sa_mask); -+ sigaction(SIGSEGV, &sig, NULL); -+ sigaction(SIGILL, &sig, NULL); -+ sigaction(SIGIOT, &sig, NULL); -+ sigaction(SIGIO, &sig, NULL); -+ sigaction(SIGINT, &sig, NULL); -+ sigaction(SIGABRT, &sig, NULL); -+ sigaction(SIGTERM, &sig, NULL); -+ sigaction(SIGQUIT, &sig, NULL); -+ sigaction(SIGBUS, &sig, NULL); -+ -+ /* Each assembly directive should seg fault since they are */ -+ /* privileged instructions. */ -+ -+ -+ /*---------------------------------------------------------*/ -+ /* Test One */ -+ /*---------------------------------------------------------*/ -+ -+ pid = fork(); -+ if (pid == 0) { -+ if (debug) { -+ printf("RSM test: "); -+ } -+ asm volatile ("RSM 1"); -+ exit(-1); -+ } else if (pid == -1) { -+ /* error condition */ -+ fprintf(stderr, "Privilege Separation Test FAILED (RSM)!\n"); -+ AUDIT_LOG(("amtu failed privilege separation on RSM")) -+ exit(-1); -+ } -+ /* parent */ -+ wpid = wait(&stat); -+ if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) { -+ fprintf(stderr, "Privilege Separation Test FAILED on RSM!\n"); -+ AUDIT_LOG(("amtu failed privilege separation on RSM")) -+ return(-1); -+ } -+ -+ -+ /*---------------------------------------------------------*/ -+ /* Test Two */ -+ /*---------------------------------------------------------*/ -+ -+ pid = fork(); -+ if (pid == 0) { -+ if (debug) { -+ printf("SSM test: "); -+ } -+ asm volatile ("SSM 0"); -+ exit(-1); -+ } else if (pid == -1) { -+ /* error condition */ -+ fprintf(stderr, "Privilege Separation Test FAILED (SSM)!\n"); -+ AUDIT_LOG(("amtu failed privilege separation on SSM")) -+ exit(-1); -+ } -+ /* parent */ -+ wpid = wait(&stat); -+ if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) { -+ fprintf(stderr, "Privilege Separation Test FAILED on SSM!\n"); -+ AUDIT_LOG(("amtu failed privilege separation on SSM")) -+ return(-1); -+ } -+ -+ /*---------------------------------------------------------*/ -+ /* Test Three */ -+ /*---------------------------------------------------------*/ -+ -+ pid = fork(); -+ if (pid == 0) { -+ if (debug) { -+ printf("RFI test: "); -+ } -+ asm volatile ("RFI"); -+ exit(-1); -+ } else if (pid == -1) { -+ /* error condition */ -+ fprintf(stderr, "Privilege Separation Test FAILED (RFI)!\n"); -+ AUDIT_LOG(("amtu failed privilege separation on RFI")) -+ exit(-1); -+ } -+ /* parent */ -+ wpid = wait(&stat); -+ if (!(WIFEXITED(stat) && (WEXITSTATUS(stat) == 0))) { -+ fprintf(stderr, "Privilege Separation Test FAILED on RFI!\n"); -+ AUDIT_LOG(("amtu failed privilege separation on RFI")) -+ return(-1); -+ } -+ -+ AUDIT_LOG(("amtu - Privileged Instruction Test succeeded")) -+ printf("Privileged Instruction Test SUCCESS!\n"); -+ return(0); -+} -+#endif -diff -urN amtu-1.0.orig/src/Makefile.am amtu-0.2/src/Makefile.am ---- amtu-1.0.orig/src/Makefile.am 2005-05-27 17:15:17.056939976 -0400 -+++ amtu-1.0/src/Makefile.am 2005-05-27 17:15:37.432842368 -0400 -@@ -1,3 +1,3 @@ --AM_CPPFLAGS = -Wall -+AM_CPPFLAGS = -Wall -W -Wfloat-equal -Wundef - bin_PROGRAMS = amtu --amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu.c memory.c memsep.c iodisktest.c networkio.c -+amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu-ia64.c amtu.c memory.c memsep.c iodisktest.c networkio.c diff --git a/amtu-memsep.patch b/amtu-memsep.patch deleted file mode 100644 index 03e485d..0000000 --- a/amtu-memsep.patch +++ /dev/null @@ -1,68 +0,0 @@ ---- amtu/src/memsep.c.orig 2004-08-18 11:18:42.000000000 -0400 -+++ amtu/src/memsep.c 2004-08-18 11:19:18.000000000 -0400 -@@ -165,8 +165,6 @@ - /************************************************************************/ - int memsep(int argc, char *argv[]) - { -- struct passwd *pwd; -- uid_t id; - FILE *fp; - char line[200]; - char flags[10]; -@@ -175,29 +173,6 @@ - - printf("Executing Memory Separation Test...\n"); - -- // First, get the UID of the unprivileged user nobody. -- pwd = getpwnam("nobody"); -- -- if (pwd == NULL) { // Error -- fprintf(stderr, "Could not obtain info for user nobody"); -- LAUS_LOG(("amtu memory separation test: could not" -- " obtain info for user nobody")) -- return -1; -- } -- else { -- id = pwd->pw_uid; -- } -- -- // Now set the effective UID to the unprivileged user nobody. -- if (debug) { -- fprintf(stderr, "Setting effective UID of user nobody to:" -- " %d\n", id); -- } -- seteuid(id); -- if (debug) { -- fprintf(stderr, "Effective UID is now: %d\n", geteuid()); -- } -- - // Check that reading and writing to memory addresses is not allowed. - fp = fopen("/proc/self/maps", "r"); - if (fp == NULL) { -@@ -258,25 +233,6 @@ - last_end = end; - } - -- // Reset the UID to root. -- pwd = getpwnam("root"); -- -- if (pwd == NULL) { // Error -- fprintf(stderr, "Could not reset UID to root"); -- LAUS_LOG(("amtu memory separation test: could not" -- " reset UID to root")) -- return -1; -- } -- else { -- id = pwd->pw_uid; -- } -- -- seteuid(id); -- if (debug) { -- fprintf(stderr, "Reset Effective UID to root: %d\n", -- geteuid()); -- } -- - fprintf(stderr, "Memory Separation Test SUCCESS!\n"); - LAUS_LOG(("amtu - Memory Separation Test succeeded")) - return 0; - diff --git a/amtu.spec b/amtu.spec index 34e4086..36bf1f5 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,6 +1,6 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu -Version: 1.0.5 +Version: 1.0.6 Release: 1%{?dist} License: Common Public License Group: System Environment/Base @@ -61,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Sat Dec 08 2007 Steve Grubb 1.0.6-1 +- new upstream version + * Thu Mar 08 2007 Steve Grubb 1.0.5-1 - new upstream version diff --git a/sources b/sources index 11eaabe..94fc11b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -17cebff95aa836e96a26e156dc00f0d4 amtu-1.0.5-1.tar.gz +9c65ae295bb875bb4aa8786e17a2f1e7 amtu-1.0.6.tar.gz From eaf244a092f5c08f2934aa27a6b1e00546e195dc Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sat, 8 Dec 2007 18:17:08 +0000 Subject: [PATCH 02/26] Source file adjustment --- amtu.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 36bf1f5..26fabe7 100644 --- a/amtu.spec +++ b/amtu.spec @@ -5,7 +5,7 @@ Release: 1%{?dist} License: Common Public License Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ -Source0: %{name}-%{version}-1.tar.gz +Source0: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake From dec8645e72e02588a790c7b9ba650d7809a3809b Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Tue, 19 Feb 2008 23:45:06 +0000 Subject: [PATCH 03/26] - Autorebuild for GCC 4.3 --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 26fabe7..92c5121 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.6 -Release: 1%{?dist} +Release: 2%{?dist} License: Common Public License Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -61,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Tue Feb 19 2008 Fedora Release Engineering - 1.0.6-2 +- Autorebuild for GCC 4.3 + * Sat Dec 08 2007 Steve Grubb 1.0.6-1 - new upstream version From 114cd2ef3b58a1574a066018fc583d8e02596675 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Mon, 14 Jul 2008 17:56:19 +0000 Subject: [PATCH 04/26] fix license tag --- amtu.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/amtu.spec b/amtu.spec index 92c5121..fe16853 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,8 +1,8 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.6 -Release: 2%{?dist} -License: Common Public License +Release: 3%{?dist} +License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz @@ -61,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Mon Jul 14 2008 Tom "spot" Callaway - 1.0.6-3 +- fix license tag + * Tue Feb 19 2008 Fedora Release Engineering - 1.0.6-2 - Autorebuild for GCC 4.3 From 946e29c76e37099553db1f2df1254b019faa8f48 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Tue, 24 Feb 2009 01:01:27 +0000 Subject: [PATCH 05/26] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index fe16853..81caf27 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.6 -Release: 3%{?dist} +Release: 4%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -61,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Mon Feb 23 2009 Fedora Release Engineering - 1.0.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + * Mon Jul 14 2008 Tom "spot" Callaway - 1.0.6-3 - fix license tag From 2d21657a74252cc71de215a403616b277f13db0e Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Wed, 1 Jul 2009 15:50:01 +0000 Subject: [PATCH 06/26] - new upstream version --- .cvsignore | 1 + amtu-1.0.7-makefile.patch | 78 +++++++++++++++++++++++++++++++++++++++ amtu.spec | 28 +++++--------- sources | 2 +- 4 files changed, 89 insertions(+), 20 deletions(-) create mode 100644 amtu-1.0.7-makefile.patch diff --git a/.cvsignore b/.cvsignore index c548825..86c5c41 100644 --- a/.cvsignore +++ b/.cvsignore @@ -6,3 +6,4 @@ amtu-1.0.3.tar.gz amtu-1.0.4.tar.gz amtu-1.0.5-1.tar.gz amtu-1.0.6.tar.gz +amtu-1.0.7.tar.gz diff --git a/amtu-1.0.7-makefile.patch b/amtu-1.0.7-makefile.patch new file mode 100644 index 0000000..ee865e7 --- /dev/null +++ b/amtu-1.0.7-makefile.patch @@ -0,0 +1,78 @@ +diff -ur amtu-1.0.7.orig/configure.in amtu-1.0.7/configure.in +--- amtu-1.0.7.orig/configure.in 2009-07-01 10:29:09.000000000 -0400 ++++ amtu-1.0.7/configure.in 2009-07-01 11:05:07.000000000 -0400 +@@ -1,19 +1,14 @@ +-AC_REVISION($Revision: 1.2 $)dnl +-# AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE. +-# We aren't using the latest version so we'll keep using it +-#AC_CANONICAL_TARGET +-AC_INIT(src/amtu.c) ++AC_REVISION($Revision: 1.3 $)dnl ++AC_INIT(amtu,1.0.7) + AC_PREREQ(2.12)dnl +-AC_CONFIG_AUX_DIR(config) +-AC_CONFIG_SRCDIR(src/amtu.c) + AM_CONFIG_HEADER(config.h) + +-VERSION=1.0.6 +-echo Configuring amtu $VERSION +- +-AC_CANONICAL_SYSTEM +-AM_INIT_AUTOMAKE(amtu, $VERSION) ++AC_CANONICAL_TARGET ++AM_INIT_AUTOMAKE + AC_PROG_CC ++AC_PROG_INSTALL ++AC_PROG_AWK ++ + case "$target" in + i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);; + powerpc-*) AC_DEFINE(HAVE_PPC,1,NULL);; +@@ -25,3 +20,15 @@ + AC_CHECK_LIB(laus, laus_open) + AC_CHECK_LIB(audit, audit_open) + AC_OUTPUT(Makefile src/Makefile doc/Makefile) ++ ++echo . ++echo " ++ ++ amtu: $VERSION ++ Target: $target ++ Installation prefix: $prefix ++ Compiler: $CC ++ Compiler flags: ++`echo $CFLAGS | fmt -w 50 | sed 's,^, ,'` ++" ++ +diff -ur amtu-1.0.7.orig/doc/Makefile.am amtu-1.0.7/doc/Makefile.am +--- amtu-1.0.7.orig/doc/Makefile.am 2009-07-01 10:29:09.000000000 -0400 ++++ amtu-1.0.7/doc/Makefile.am 2009-07-01 10:56:52.000000000 -0400 +@@ -1 +1,3 @@ ++CONFIG_CLEAN_FILES = *.rej *.orig ++EXTRA_DIST = $(man_MANS) + man_MANS = amtu.8 +diff -ur amtu-1.0.7.orig/Makefile.am amtu-1.0.7/Makefile.am +--- amtu-1.0.7.orig/Makefile.am 2009-07-01 10:29:09.000000000 -0400 ++++ amtu-1.0.7/Makefile.am 2009-07-01 10:36:48.000000000 -0400 +@@ -1 +1,8 @@ + SUBDIRS = src doc ++EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README ++CONFIG_CLEAN_FILES = debug*.list config/* ++ ++clean-generic: ++ rm -rf autom4te*.cache ++ rm -f *.rej *.orig ++ +diff -ur amtu-1.0.7.orig/src/Makefile.am amtu-1.0.7/src/Makefile.am +--- amtu-1.0.7.orig/src/Makefile.am 2009-07-01 10:29:09.000000000 -0400 ++++ amtu-1.0.7/src/Makefile.am 2009-07-01 10:55:44.000000000 -0400 +@@ -1,3 +1,8 @@ +-AM_CPPFLAGS = -Wall -W -Wfloat-equal -Wundef ++CLEANFILES = $(BUILT_SOURCES) ++CONFIG_CLEAN_FILES = *.loT *.rej *.orig ++AM_CFLAGS = -Wall -W -Wfloat-equal -Wundef ++INCLUDES = -I. -I${top_srcdir} ++noinst_HEADERS = amtu.h + bin_PROGRAMS = amtu + amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu-ia64.c amtu.c memory.c memsep.c iodisktest.c networkio.c ++amtu_DEPENDENCIES = $(amtu_SOURCES) ${top_srcdir}/config.h diff --git a/amtu.spec b/amtu.spec index 81caf27..0b91287 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,11 +1,12 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu -Version: 1.0.6 -Release: 4%{?dist} +Version: 1.0.7 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz +Patch1: amtu-1.0.7-makefile.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake @@ -22,19 +23,9 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %prep %setup -q +%patch1 -p1 %build -# Determine appropriate compiler -CC="gcc" -%ifarch ppc64 ppc64iseries ppc64pseries - CC="/usr/bin/ppc64-redhat-linux-gcc" -%endif -# Determine appropriate compiler flags -CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -pipe" -%ifarch x86_64 - CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -pipe -m64" -%endif -export CC CFLAGS # next 3 items is to quieten autoreconf touch ChangeLog touch NEWS @@ -45,22 +36,21 @@ make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/%{_bindir} -install -m 0750 src/amtu $RPM_BUILD_ROOT/%{_bindir} - -mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8/ -install -m 644 doc/amtu.8 $RPM_BUILD_ROOT/%{_mandir}/man8/amtu.8 +make "DESTDIR=${RPM_BUILD_ROOT}" install %clean rm -rf $RPM_BUILD_ROOT %files -%defattr(-,root,root) +%defattr(-,root,root, -) %doc doc/AMTUHowTo.txt COPYING %attr(0750,root,root) %{_bindir}/amtu %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Wed Jul 01 2009 Steve Grubb 1.0.7-1 +- new upstream version + * Mon Feb 23 2009 Fedora Release Engineering - 1.0.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild diff --git a/sources b/sources index 94fc11b..462d897 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9c65ae295bb875bb4aa8786e17a2f1e7 amtu-1.0.6.tar.gz +8858a47c667ffc4af840d72d8ced6605 amtu-1.0.7.tar.gz From 66d85bbc03594e91c4379d98c6261680d3a88cb5 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Fri, 24 Jul 2009 16:51:34 +0000 Subject: [PATCH 07/26] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 0b91287..e162494 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.7 -Release: 1%{?dist} +Release: 2%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Fri Jul 24 2009 Fedora Release Engineering - 1.0.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + * Wed Jul 01 2009 Steve Grubb 1.0.7-1 - new upstream version From f09b3d32e522d8e3bcdbdc75d47840ad370efa6e Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sun, 26 Jul 2009 13:27:12 +0000 Subject: [PATCH 08/26] - new upstream version - Add init script for bootup system check --- .cvsignore | 1 + amtu-1.0.7-makefile.patch | 78 ----------- amtu-1.0.8-init.patch | 267 ++++++++++++++++++++++++++++++++++++++ amtu.spec | 33 +++-- sources | 2 +- 5 files changed, 290 insertions(+), 91 deletions(-) delete mode 100644 amtu-1.0.7-makefile.patch create mode 100644 amtu-1.0.8-init.patch diff --git a/.cvsignore b/.cvsignore index 86c5c41..9ec1f57 100644 --- a/.cvsignore +++ b/.cvsignore @@ -7,3 +7,4 @@ amtu-1.0.4.tar.gz amtu-1.0.5-1.tar.gz amtu-1.0.6.tar.gz amtu-1.0.7.tar.gz +amtu-1.0.8.tar.gz diff --git a/amtu-1.0.7-makefile.patch b/amtu-1.0.7-makefile.patch deleted file mode 100644 index ee865e7..0000000 --- a/amtu-1.0.7-makefile.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff -ur amtu-1.0.7.orig/configure.in amtu-1.0.7/configure.in ---- amtu-1.0.7.orig/configure.in 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/configure.in 2009-07-01 11:05:07.000000000 -0400 -@@ -1,19 +1,14 @@ --AC_REVISION($Revision: 1.2 $)dnl --# AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE. --# We aren't using the latest version so we'll keep using it --#AC_CANONICAL_TARGET --AC_INIT(src/amtu.c) -+AC_REVISION($Revision: 1.3 $)dnl -+AC_INIT(amtu,1.0.7) - AC_PREREQ(2.12)dnl --AC_CONFIG_AUX_DIR(config) --AC_CONFIG_SRCDIR(src/amtu.c) - AM_CONFIG_HEADER(config.h) - --VERSION=1.0.6 --echo Configuring amtu $VERSION -- --AC_CANONICAL_SYSTEM --AM_INIT_AUTOMAKE(amtu, $VERSION) -+AC_CANONICAL_TARGET -+AM_INIT_AUTOMAKE - AC_PROG_CC -+AC_PROG_INSTALL -+AC_PROG_AWK -+ - case "$target" in - i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);; - powerpc-*) AC_DEFINE(HAVE_PPC,1,NULL);; -@@ -25,3 +20,15 @@ - AC_CHECK_LIB(laus, laus_open) - AC_CHECK_LIB(audit, audit_open) - AC_OUTPUT(Makefile src/Makefile doc/Makefile) -+ -+echo . -+echo " -+ -+ amtu: $VERSION -+ Target: $target -+ Installation prefix: $prefix -+ Compiler: $CC -+ Compiler flags: -+`echo $CFLAGS | fmt -w 50 | sed 's,^, ,'` -+" -+ -diff -ur amtu-1.0.7.orig/doc/Makefile.am amtu-1.0.7/doc/Makefile.am ---- amtu-1.0.7.orig/doc/Makefile.am 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/doc/Makefile.am 2009-07-01 10:56:52.000000000 -0400 -@@ -1 +1,3 @@ -+CONFIG_CLEAN_FILES = *.rej *.orig -+EXTRA_DIST = $(man_MANS) - man_MANS = amtu.8 -diff -ur amtu-1.0.7.orig/Makefile.am amtu-1.0.7/Makefile.am ---- amtu-1.0.7.orig/Makefile.am 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/Makefile.am 2009-07-01 10:36:48.000000000 -0400 -@@ -1 +1,8 @@ - SUBDIRS = src doc -+EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README -+CONFIG_CLEAN_FILES = debug*.list config/* -+ -+clean-generic: -+ rm -rf autom4te*.cache -+ rm -f *.rej *.orig -+ -diff -ur amtu-1.0.7.orig/src/Makefile.am amtu-1.0.7/src/Makefile.am ---- amtu-1.0.7.orig/src/Makefile.am 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/src/Makefile.am 2009-07-01 10:55:44.000000000 -0400 -@@ -1,3 +1,8 @@ --AM_CPPFLAGS = -Wall -W -Wfloat-equal -Wundef -+CLEANFILES = $(BUILT_SOURCES) -+CONFIG_CLEAN_FILES = *.loT *.rej *.orig -+AM_CFLAGS = -Wall -W -Wfloat-equal -Wundef -+INCLUDES = -I. -I${top_srcdir} -+noinst_HEADERS = amtu.h - bin_PROGRAMS = amtu - amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu-ia64.c amtu.c memory.c memsep.c iodisktest.c networkio.c -+amtu_DEPENDENCIES = $(amtu_SOURCES) ${top_srcdir}/config.h diff --git a/amtu-1.0.8-init.patch b/amtu-1.0.8-init.patch new file mode 100644 index 0000000..7f2687b --- /dev/null +++ b/amtu-1.0.8-init.patch @@ -0,0 +1,267 @@ +diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in +--- amtu-1.0.8.orig/configure.in 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/configure.in 2009-07-06 10:11:15.000000000 -0400 +@@ -19,7 +19,7 @@ + esac + AC_CHECK_LIB(laus, laus_open) + AC_CHECK_LIB(audit, audit_open) +-AC_OUTPUT(Makefile src/Makefile doc/Makefile) ++AC_OUTPUT(Makefile src/Makefile init/Makefile doc/Makefile) + + echo . + echo " +diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt +--- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 +@@ -0,0 +1,105 @@ ++ABSTRACT MACHINE TEST UTILITY HOWTO ++ ++ ++OVERVIEW ++ ++Abstract Machine Test Utility (AMTU) is an administrative utility to check ++whether the underlying protection mechanism of the hardware are still being ++enforced. This is a requirement of the Controlled Access Protection Profile ++(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. ++AMTU executes the following tests: ++ ++* Memory ++ ++Randomly writes to areas of memory and then reading the memory back to ++ensure the values written remain unchanged. ++ ++* Memory Separation ++ ++Ensures that user space programs cannot read and write to areas of memory ++utilized by the likes of Video RAM, kernel code, etc. ++ ++* I/O Controller - Network ++ ++Verifies random data transmitted is also the data received for each configured ++network device. Only ethernet and token ring devices that are configured and ++up are checked. Async devices are not checked. ++ ++* I/O Controller - Disk ++ ++Verifies that information written to disks remains unchanged. Only SCSI and IDE ++controllers associated with mounted filesystems are checked. ++ ++* Supervisor Mode Instructions ++ ++Ensures that the enforcement of the property that privileged instructions ++should only be in supervisor mode is still in effect. The set privileged ++instructions tested to confirm this is architecture dependant. ++ ++ ++ ++TESTED VERSIONS ++ ++AMTU has been tested on the following: ++ ++* RHEL4 and 5 ++* SuSE SLES 8 ++* pSeries (32-bit and 64-bit) ++* iSeries (64-bit) ++* zSeries (31-bit) ++* xSeries (32-bit) ++ ++ ++ ++INSTALLING AMTU ++ ++VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES ++ ++Before installing AMTU, verify that your system meets the following ++requirements and prerequisites: ++ ++* The system is running in the Common Criteria evaluated configuration. ++ ++ ++COMPILING AND INSTALLING AMTU ++ ++Untar the AMTU source tarball. Then issue the following commands: ++ ./bootstrap ++ ./configure ++ make ++ make install ++ ++Only the last step must be run as root. During the ./configure stage ++you may opt to change various options including default install directory. ++ ++When compiling AMTU as a 64-bit application on a PPC64 architecture (with the ++exception of Squadron pSeries), specify ++ ++ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc ++ ++where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. ++ ++To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, ++ ++ ./configure CC="gcc -m64" ++ ++ ++ ++RUNNING AMTU ++ ++AMTU installs to /usr/bin/amtu by default. You can add optional command line ++arguments (see the AMTU man page (amtu.8) for more details). ++ ++ ++ ++INTERPRETING RESULTS ++ ++AMTU issues the following return codes when executed: ++ ++ * -1 - Program abort error ++ * 0 - Successful program completion ++ ++If the error is repeatable, you can re-run amtu with the -d option to get ++more information about the failure. The success or failure of AMTU is logged ++in the audit log files (see auditd.8). ++ +diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am +--- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 +@@ -1,3 +1,3 @@ + CONFIG_CLEAN_FILES = *.rej *.orig +-EXTRA_DIST = $(man_MANS) ++EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt + man_MANS = amtu.8 +diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init +--- amtu-1.0.8.orig/init/amtu.init 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/amtu.init 2009-07-06 10:17:43.000000000 -0400 +@@ -0,0 +1,90 @@ ++#!/bin/sh ++# ++# amtu: Abstract Machine Tests ++# ++# chkconfig: - 96 99 ++# description: This service runs the abstract machine tests to check the \ ++# underlying security assumptions. It can be configured to ++# halt the machine in the event of failure. The program does ++# not stay resident, but rather runs once. ++# ++# processname: /sbin/amtu ++# config: /etc/sysconfig/amtu ++# ++# Return values according to LSB for all commands but status: ++# 0 - success ++# 1 - generic or unspecified error ++# 2 - invalid or excess argument(s) ++# 3 - unimplemented feature (e.g. "reload") ++# 4 - insufficient privilege ++# 5 - program is not installed ++# 6 - program is not configured ++# 7 - program is not running ++ ++PATH=/sbin:/bin:/usr/bin:/usr/sbin ++prog="amtu" ++ ++# Source function library. ++. /etc/rc.d/init.d/functions ++ ++# Allow anyone to run status ++if [ "$1" = "status" ] ; then ++ exit 0 ++fi ++ ++# Check that we are root ... so non-root users stop here ++test $EUID = 0 || exit 4 ++ ++# Check config ++test -f /etc/sysconfig/amtu && . /etc/sysconfig/amtu ++ ++RETVAL=0 ++ ++start() { ++ test -x /usr/bin/amtu || exit 5 ++ # Now check that the syconfig is found and has important things ++ # configured ++ test -f /etc/sysconfig/amtu || exit 6 ++ test x"$AMTU_HALT_ON_FAILURE" = "x" || exit 6 ++ test x"$HALT_COMMAND" = "x" || exit 6 ++ echo -n $"Starting $prog: " ++ daemon $prog "$EXTRAOPTIONS" ++ RETVAL=$? ++ if [ $RETVAL -ne 0 ] ; then ++ if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then ++ # Give audit daemon chance to write to disk ++ sleep 3 ++ logger "Amtu failed and halt on failure requested" ++ $HALT_COMMAND ++ fi ++ fi ++ return $RETVAL ++} ++ ++stop() { ++ /bin/true ++} ++ ++# See how we were called. ++case "$1" in ++ start) ++ start ++ ;; ++ stop) ++ stop ++ ;; ++ status) ++ ;; ++ restart) ++ stop ++ start ++ ;; ++ condrestart) ++ ;; ++ reload) ++ ;; ++ *) ++ echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}" ++ ;; ++esac ++exit $RETVAL +diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig +--- amtu-1.0.8.orig/init/amtu.sysconfig 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/amtu.sysconfig 2009-07-06 10:06:07.000000000 -0400 +@@ -0,0 +1,11 @@ ++# Add extra options here: ++EXTRAOPTIONS="" ++# ++# This option is used to determine if failing any amtu test should result in ++# the machine being unusable. The default is no, but it can be changed to ++# yes in case this is desired. ++AMTU_HALT_ON_FAILURE="no" ++# ++# Should halt on failure trigger and its set to yes, the following command ++# will be issued to stop the system: ++HALT_COMMAND="poweroff" +diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am +--- amtu-1.0.8.orig/init/Makefile.am 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/Makefile.am 2009-07-06 10:14:22.000000000 -0400 +@@ -0,0 +1,16 @@ ++ ++CONFIG_CLEAN_FILES = *.rej *.orig ++EXTRA_DIST = amtu.init amtu.sysconfig ++initdir=$(sysconfdir)/rc.d/init.d ++sysconfigdir=$(sysconfdir)/sysconfig ++ ++install-data-hook: ++ $(INSTALL_DATA) -D -m 640 ${srcdir}/amtu.sysconfig ${DESTDIR}${sysconfigdir}/amtu ++ ++install-exec-hook: ++ $(INSTALL_SCRIPT) -D -m 755 ${srcdir}/amtu.init ${DESTDIR}${initdir}/amtu ++ ++uninstall-hook: ++ rm ${DESTDIR}${sysconfigdir}/amtu ++ rm ${DESTDIR}${initdir}/amtu ++ +diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am +--- amtu-1.0.8.orig/Makefile.am 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/Makefile.am 2009-07-06 10:10:55.000000000 -0400 +@@ -1,4 +1,4 @@ +-SUBDIRS = src doc ++SUBDIRS = src init doc + EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README + CONFIG_CLEAN_FILES = debug*.list config/* + diff --git a/amtu.spec b/amtu.spec index e162494..7e79286 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,18 +1,16 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu -Version: 1.0.7 -Release: 2%{?dist} +Version: 1.0.8 +Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz -Patch1: amtu-1.0.7-makefile.patch +Patch1: amtu-1.0.8-init.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake -Requires: audit >= 1.1.2 - -# Red Hat AMTU SPEC file +Requires: chkconfig %description Abstract Machine Test Utility (AMTU) is an administrative utility to check @@ -26,11 +24,7 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %patch1 -p1 %build -# next 3 items is to quieten autoreconf -touch ChangeLog -touch NEWS -touch AUTHORS -autoreconf -fv --install +./bootstrap %configure make %{?_smp_mflags} @@ -41,13 +35,28 @@ make "DESTDIR=${RPM_BUILD_ROOT}" install %clean rm -rf $RPM_BUILD_ROOT +%post +/sbin/chkconfig --add amtu + +%preun +if [ $1 -eq 0 ]; then + /sbin/service amtu stop > /dev/null 2>&1 + /sbin/chkconfig --del amtu +fi + %files %defattr(-,root,root, -) -%doc doc/AMTUHowTo.txt COPYING +%doc doc/AMTUHowTo.txt LICENSE +%attr(755,root,root) /etc/rc.d/init.d/amtu +%config(noreplace) %attr(640,root,root) /etc/sysconfig/amtu %attr(0750,root,root) %{_bindir}/amtu %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Sun Jul 26 2009 Steve Grubb 1.0.8-1 +- new upstream version +- Add init script for bootup system check + * Fri Jul 24 2009 Fedora Release Engineering - 1.0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild diff --git a/sources b/sources index 462d897..c2f8d81 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8858a47c667ffc4af840d72d8ced6605 amtu-1.0.7.tar.gz +755b517a3a1cc4092435c349d9b99312 amtu-1.0.8.tar.gz From 8a39a5aa05449296777a42bb920f0397a2f380fe Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sun, 26 Jul 2009 16:30:10 +0000 Subject: [PATCH 09/26] - new upstream version - Add init script for bootup system check --- amtu.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 7e79286..7f818cd 100644 --- a/amtu.spec +++ b/amtu.spec @@ -24,7 +24,7 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %patch1 -p1 %build -./bootstrap +autoreconf -fv --install %configure make %{?_smp_mflags} From f4da75748da87fa0382d66d9cc773d78995000b8 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Sun, 26 Jul 2009 16:39:49 +0000 Subject: [PATCH 10/26] - new upstream version - Add init script for bootup system check --- amtu.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/amtu.spec b/amtu.spec index 7f818cd..565188c 100644 --- a/amtu.spec +++ b/amtu.spec @@ -24,6 +24,9 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %patch1 -p1 %build +touch ChangeLog +touch NEWS +touch AUTHORS autoreconf -fv --install %configure make %{?_smp_mflags} From 0a8661c83c189a46152effa28b59972443785f00 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Wed, 19 Aug 2009 17:30:20 +0000 Subject: [PATCH 11/26] - rebuild for new audit-libs --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 565188c..77edb41 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 1%{?dist} +Release: 2%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -56,6 +56,9 @@ fi %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Wed Aug 19 2009 Steve Grubb 1.0.8-2 +- rebuild for new audit-libs + * Sun Jul 26 2009 Steve Grubb 1.0.8-1 - new upstream version - Add init script for bootup system check From 0ccac1a162020c3db851f2de9dd11ae5f72f6718 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 21 Aug 2009 10:19:57 +0000 Subject: [PATCH 12/26] - rebuilt with new audit --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 77edb41..8f40fc3 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 2%{?dist} +Release: 3%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -56,6 +56,9 @@ fi %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Fri Aug 21 2009 Tomas Mraz - 1.0.8-3 +- rebuilt with new audit + * Wed Aug 19 2009 Steve Grubb 1.0.8-2 - rebuild for new audit-libs From 8fe7927d97520ddda10c3f25ac6813b7661d4aab Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Fri, 28 Aug 2009 20:05:10 +0000 Subject: [PATCH 13/26] - Add ExclusiveArch for platforms having memory separation tests --- amtu.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 8f40fc3..8afc36e 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 3%{?dist} +Release: 4%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -11,6 +11,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake Requires: chkconfig +ExclusiveArch: i386 i686 x86_64 ppc ppc64 s390 s390x ia64 %description Abstract Machine Test Utility (AMTU) is an administrative utility to check @@ -56,6 +57,9 @@ fi %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Fri Aug 28 2009 Steve Grubb - 1.0.8-4 +- Add ExclusiveArch for platforms having memory separation tests + * Fri Aug 21 2009 Tomas Mraz - 1.0.8-3 - rebuilt with new audit From 38ee4b19a3faafea27e0e5caf92a3a9749e488a5 Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Fri, 11 Sep 2009 17:48:10 +0000 Subject: [PATCH 14/26] - Corrected config file test (#522708) - Made init script more LSB compatible (#522789) --- amtu-1.0.8-doc.patch | 117 +++++++++++++++++++++++++++++++++ amtu-1.0.8-init.patch | 149 ++++-------------------------------------- amtu.spec | 10 ++- 3 files changed, 139 insertions(+), 137 deletions(-) create mode 100644 amtu-1.0.8-doc.patch diff --git a/amtu-1.0.8-doc.patch b/amtu-1.0.8-doc.patch new file mode 100644 index 0000000..b6fb6ac --- /dev/null +++ b/amtu-1.0.8-doc.patch @@ -0,0 +1,117 @@ +diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt +--- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 +@@ -0,0 +1,105 @@ ++ABSTRACT MACHINE TEST UTILITY HOWTO ++ ++ ++OVERVIEW ++ ++Abstract Machine Test Utility (AMTU) is an administrative utility to check ++whether the underlying protection mechanism of the hardware are still being ++enforced. This is a requirement of the Controlled Access Protection Profile ++(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. ++AMTU executes the following tests: ++ ++* Memory ++ ++Randomly writes to areas of memory and then reading the memory back to ++ensure the values written remain unchanged. ++ ++* Memory Separation ++ ++Ensures that user space programs cannot read and write to areas of memory ++utilized by the likes of Video RAM, kernel code, etc. ++ ++* I/O Controller - Network ++ ++Verifies random data transmitted is also the data received for each configured ++network device. Only ethernet and token ring devices that are configured and ++up are checked. Async devices are not checked. ++ ++* I/O Controller - Disk ++ ++Verifies that information written to disks remains unchanged. Only SCSI and IDE ++controllers associated with mounted filesystems are checked. ++ ++* Supervisor Mode Instructions ++ ++Ensures that the enforcement of the property that privileged instructions ++should only be in supervisor mode is still in effect. The set privileged ++instructions tested to confirm this is architecture dependant. ++ ++ ++ ++TESTED VERSIONS ++ ++AMTU has been tested on the following: ++ ++* RHEL4 and 5 ++* SuSE SLES 8 ++* pSeries (32-bit and 64-bit) ++* iSeries (64-bit) ++* zSeries (31-bit) ++* xSeries (32-bit) ++ ++ ++ ++INSTALLING AMTU ++ ++VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES ++ ++Before installing AMTU, verify that your system meets the following ++requirements and prerequisites: ++ ++* The system is running in the Common Criteria evaluated configuration. ++ ++ ++COMPILING AND INSTALLING AMTU ++ ++Untar the AMTU source tarball. Then issue the following commands: ++ ./bootstrap ++ ./configure ++ make ++ make install ++ ++Only the last step must be run as root. During the ./configure stage ++you may opt to change various options including default install directory. ++ ++When compiling AMTU as a 64-bit application on a PPC64 architecture (with the ++exception of Squadron pSeries), specify ++ ++ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc ++ ++where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. ++ ++To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, ++ ++ ./configure CC="gcc -m64" ++ ++ ++ ++RUNNING AMTU ++ ++AMTU installs to /usr/bin/amtu by default. You can add optional command line ++arguments (see the AMTU man page (amtu.8) for more details). ++ ++ ++ ++INTERPRETING RESULTS ++ ++AMTU issues the following return codes when executed: ++ ++ * -1 - Program abort error ++ * 0 - Successful program completion ++ ++If the error is repeatable, you can re-run amtu with the -d option to get ++more information about the failure. The success or failure of AMTU is logged ++in the audit log files (see auditd.8). ++ +diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am +--- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 +@@ -1,3 +1,3 @@ + CONFIG_CLEAN_FILES = *.rej *.orig +-EXTRA_DIST = $(man_MANS) ++EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt + man_MANS = amtu.8 diff --git a/amtu-1.0.8-init.patch b/amtu-1.0.8-init.patch index 7f2687b..2b3061b 100644 --- a/amtu-1.0.8-init.patch +++ b/amtu-1.0.8-init.patch @@ -1,6 +1,6 @@ diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in ---- amtu-1.0.8.orig/configure.in 2009-07-06 09:39:44.000000000 -0400 -+++ amtu-1.0.8/configure.in 2009-07-06 10:11:15.000000000 -0400 +--- amtu-1.0.8.orig/configure.in 2009-09-11 09:43:44.000000000 -0400 ++++ amtu-1.0.8/configure.in 2009-09-11 09:44:10.000000000 -0400 @@ -19,7 +19,7 @@ esac AC_CHECK_LIB(laus, laus_open) @@ -10,127 +10,10 @@ diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in echo . echo " -diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt ---- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 -@@ -0,0 +1,105 @@ -+ABSTRACT MACHINE TEST UTILITY HOWTO -+ -+ -+OVERVIEW -+ -+Abstract Machine Test Utility (AMTU) is an administrative utility to check -+whether the underlying protection mechanism of the hardware are still being -+enforced. This is a requirement of the Controlled Access Protection Profile -+(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. -+AMTU executes the following tests: -+ -+* Memory -+ -+Randomly writes to areas of memory and then reading the memory back to -+ensure the values written remain unchanged. -+ -+* Memory Separation -+ -+Ensures that user space programs cannot read and write to areas of memory -+utilized by the likes of Video RAM, kernel code, etc. -+ -+* I/O Controller - Network -+ -+Verifies random data transmitted is also the data received for each configured -+network device. Only ethernet and token ring devices that are configured and -+up are checked. Async devices are not checked. -+ -+* I/O Controller - Disk -+ -+Verifies that information written to disks remains unchanged. Only SCSI and IDE -+controllers associated with mounted filesystems are checked. -+ -+* Supervisor Mode Instructions -+ -+Ensures that the enforcement of the property that privileged instructions -+should only be in supervisor mode is still in effect. The set privileged -+instructions tested to confirm this is architecture dependant. -+ -+ -+ -+TESTED VERSIONS -+ -+AMTU has been tested on the following: -+ -+* RHEL4 and 5 -+* SuSE SLES 8 -+* pSeries (32-bit and 64-bit) -+* iSeries (64-bit) -+* zSeries (31-bit) -+* xSeries (32-bit) -+ -+ -+ -+INSTALLING AMTU -+ -+VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES -+ -+Before installing AMTU, verify that your system meets the following -+requirements and prerequisites: -+ -+* The system is running in the Common Criteria evaluated configuration. -+ -+ -+COMPILING AND INSTALLING AMTU -+ -+Untar the AMTU source tarball. Then issue the following commands: -+ ./bootstrap -+ ./configure -+ make -+ make install -+ -+Only the last step must be run as root. During the ./configure stage -+you may opt to change various options including default install directory. -+ -+When compiling AMTU as a 64-bit application on a PPC64 architecture (with the -+exception of Squadron pSeries), specify -+ -+ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc -+ -+where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. -+ -+To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, -+ -+ ./configure CC="gcc -m64" -+ -+ -+ -+RUNNING AMTU -+ -+AMTU installs to /usr/bin/amtu by default. You can add optional command line -+arguments (see the AMTU man page (amtu.8) for more details). -+ -+ -+ -+INTERPRETING RESULTS -+ -+AMTU issues the following return codes when executed: -+ -+ * -1 - Program abort error -+ * 0 - Successful program completion -+ -+If the error is repeatable, you can re-run amtu with the -d option to get -+more information about the failure. The success or failure of AMTU is logged -+in the audit log files (see auditd.8). -+ -diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am ---- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 -+++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 -@@ -1,3 +1,3 @@ - CONFIG_CLEAN_FILES = *.rej *.orig --EXTRA_DIST = $(man_MANS) -+EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt - man_MANS = amtu.8 diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init --- amtu-1.0.8.orig/init/amtu.init 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/amtu.init 2009-07-06 10:17:43.000000000 -0400 -@@ -0,0 +1,90 @@ ++++ amtu-1.0.8/init/amtu.init 2009-09-11 13:35:53.000000000 -0400 +@@ -0,0 +1,86 @@ +#!/bin/sh +# +# amtu: Abstract Machine Tests @@ -178,11 +61,12 @@ diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init + # Now check that the syconfig is found and has important things + # configured + test -f /etc/sysconfig/amtu || exit 6 -+ test x"$AMTU_HALT_ON_FAILURE" = "x" || exit 6 -+ test x"$HALT_COMMAND" = "x" || exit 6 ++ test x"$AMTU_HALT_ON_FAILURE" != "x" || exit 6 ++ test x"$HALT_COMMAND" != "x" || exit 6 + echo -n $"Starting $prog: " -+ daemon $prog "$EXTRAOPTIONS" ++ daemon $prog "$EXTRAOPTIONS" >/dev/null 2>&1 + RETVAL=$? ++ echo + if [ $RETVAL -ne 0 ] ; then + if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then + # Give audit daemon chance to write to disk @@ -206,24 +90,19 @@ diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init + stop) + stop + ;; -+ status) -+ ;; + restart) + stop + start + ;; -+ condrestart) -+ ;; -+ reload) -+ ;; + *) -+ echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}" ++ echo $"Usage: $0 {start|stop|restart}" ++ RETVAL=3 + ;; +esac +exit $RETVAL diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig --- amtu-1.0.8.orig/init/amtu.sysconfig 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/amtu.sysconfig 2009-07-06 10:06:07.000000000 -0400 ++++ amtu-1.0.8/init/amtu.sysconfig 2009-09-11 09:44:10.000000000 -0400 @@ -0,0 +1,11 @@ +# Add extra options here: +EXTRAOPTIONS="" @@ -238,7 +117,7 @@ diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig +HALT_COMMAND="poweroff" diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am --- amtu-1.0.8.orig/init/Makefile.am 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/Makefile.am 2009-07-06 10:14:22.000000000 -0400 ++++ amtu-1.0.8/init/Makefile.am 2009-09-11 09:44:10.000000000 -0400 @@ -0,0 +1,16 @@ + +CONFIG_CLEAN_FILES = *.rej *.orig @@ -257,8 +136,8 @@ diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am + rm ${DESTDIR}${initdir}/amtu + diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am ---- amtu-1.0.8.orig/Makefile.am 2009-07-06 09:39:44.000000000 -0400 -+++ amtu-1.0.8/Makefile.am 2009-07-06 10:10:55.000000000 -0400 +--- amtu-1.0.8.orig/Makefile.am 2009-09-11 09:43:44.000000000 -0400 ++++ amtu-1.0.8/Makefile.am 2009-09-11 09:44:10.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = src doc +SUBDIRS = src init doc diff --git a/amtu.spec b/amtu.spec index 8afc36e..cd9a3ef 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,12 +1,13 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 4%{?dist} +Release: 5%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz -Patch1: amtu-1.0.8-init.patch +Patch1: amtu-1.0.8-doc.patch +Patch2: amtu-1.0.8-init.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake @@ -23,6 +24,7 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %prep %setup -q %patch1 -p1 +%patch2 -p1 %build touch ChangeLog @@ -57,6 +59,10 @@ fi %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Fri Sep 11 2009 Steve Grubb - 1.0.8-5 +- Corrected config file test (#522708) +- Made init script more LSB compatible (#522789) + * Fri Aug 28 2009 Steve Grubb - 1.0.8-4 - Add ExclusiveArch for platforms having memory separation tests From 63aa42055817f37fcd12571be46347668252f0b5 Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Wed, 25 Nov 2009 22:39:39 +0000 Subject: [PATCH 15/26] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 16a7d80..23a793a 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ # Makefile for source rpm: amtu -# $Id: Makefile,v 1.1 2004/09/09 02:56:56 cvsdist Exp $ +# $Id: Makefile,v 1.2 2007/10/15 18:35:40 notting Exp $ NAME := amtu SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From 746312a33a983ff76b30db5430ffb0be43bda99f Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Mon, 18 Jan 2010 16:56:36 +0000 Subject: [PATCH 16/26] - Fix off by one in memory separation test --- amtu-1.0.8-memsep.patch | 12 ++++++++++++ amtu.spec | 7 ++++++- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 amtu-1.0.8-memsep.patch diff --git a/amtu-1.0.8-memsep.patch b/amtu-1.0.8-memsep.patch new file mode 100644 index 0000000..679f08c --- /dev/null +++ b/amtu-1.0.8-memsep.patch @@ -0,0 +1,12 @@ +diff -urp amtu-1.0.8.orig/src/memsep.c amtu-1.0.8/src/memsep.c +--- amtu-1.0.8.orig/src/memsep.c 2010-01-18 10:56:48.000000000 -0500 ++++ amtu-1.0.8/src/memsep.c 2010-01-18 11:42:23.000000000 -0500 +@@ -102,7 +102,7 @@ void sig_handler(int sig) + #endif + int *get_pointer_in_range(int *start, int *end) + { +- return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start + 1))); ++ return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start))); + } + + /************************************************************************/ diff --git a/amtu.spec b/amtu.spec index cd9a3ef..97defc9 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,13 +1,14 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 5%{?dist} +Release: 6%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz Patch1: amtu-1.0.8-doc.patch Patch2: amtu-1.0.8-init.patch +Patch3: amtu-1.0.8-memsep.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake @@ -25,6 +26,7 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build touch ChangeLog @@ -59,6 +61,9 @@ fi %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Mon Jan 18 2010 Steve Grubb - 1.0.8-6 +- Fix off by one in memory separation test + * Fri Sep 11 2009 Steve Grubb - 1.0.8-5 - Corrected config file test (#522708) - Made init script more LSB compatible (#522789) From 120a58d9532a5eceffcd98a34c9fb105f108a0da Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Tue, 16 Feb 2010 15:12:54 +0000 Subject: [PATCH 17/26] - Move amtu to /usr/sbin --- amtu-1.0.8-init.patch | 6 +++--- amtu.spec | 9 ++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/amtu-1.0.8-init.patch b/amtu-1.0.8-init.patch index 2b3061b..44563c4 100644 --- a/amtu-1.0.8-init.patch +++ b/amtu-1.0.8-init.patch @@ -24,7 +24,7 @@ diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init +# halt the machine in the event of failure. The program does +# not stay resident, but rather runs once. +# -+# processname: /sbin/amtu ++# processname: /usr/sbin/amtu +# config: /etc/sysconfig/amtu +# +# Return values according to LSB for all commands but status: @@ -37,7 +37,7 @@ diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init +# 6 - program is not configured +# 7 - program is not running + -+PATH=/sbin:/bin:/usr/bin:/usr/sbin ++PATH=/sbin:/bin:/usr/sbin:/usr/bin +prog="amtu" + +# Source function library. @@ -57,7 +57,7 @@ diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init +RETVAL=0 + +start() { -+ test -x /usr/bin/amtu || exit 5 ++ test -x /usr/sbin/amtu || exit 5 + # Now check that the syconfig is found and has important things + # configured + test -f /etc/sysconfig/amtu || exit 6 diff --git a/amtu.spec b/amtu.spec index 97defc9..d24ddf9 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 6%{?dist} +Release: 7%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -38,7 +38,7 @@ make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT -make "DESTDIR=${RPM_BUILD_ROOT}" install +make "DESTDIR=${RPM_BUILD_ROOT}" "bindir=%{_sbindir}" install %clean rm -rf $RPM_BUILD_ROOT @@ -57,10 +57,13 @@ fi %doc doc/AMTUHowTo.txt LICENSE %attr(755,root,root) /etc/rc.d/init.d/amtu %config(noreplace) %attr(640,root,root) /etc/sysconfig/amtu -%attr(0750,root,root) %{_bindir}/amtu +%attr(0750,root,root) %{_sbindir}/amtu %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Tue Feb 16 2010 Steve Grubb - 1.0.8-7 +- Move amtu to /usr/sbin + * Mon Jan 18 2010 Steve Grubb - 1.0.8-6 - Fix off by one in memory separation test From a5ef8e4570eb6881f83dd96f3bb7ac085eb76757 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 28 Jul 2010 09:51:00 +0000 Subject: [PATCH 18/26] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index 23a793a..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: amtu -# $Id: Makefile,v 1.2 2007/10/15 18:35:40 notting Exp $ -NAME := amtu -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From 6566a1411324f7a69ef93c4afa1b4d04a2a38e6d Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Mon, 7 Feb 2011 19:08:56 -0600 Subject: [PATCH 19/26] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index d24ddf9..5458a47 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 7%{?dist} +Release: 8%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -61,6 +61,9 @@ fi %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Mon Feb 07 2011 Fedora Release Engineering - 1.0.8-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Tue Feb 16 2010 Steve Grubb - 1.0.8-7 - Move amtu to /usr/sbin From 2d7bcb9fcca4c6b7d115886c5e64d13921668017 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 12 Jan 2012 15:15:02 -0600 Subject: [PATCH 20/26] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 5458a47..1f47b9f 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 8%{?dist} +Release: 9%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -61,6 +61,9 @@ fi %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Thu Jan 12 2012 Fedora Release Engineering - 1.0.8-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Mon Feb 07 2011 Fedora Release Engineering - 1.0.8-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild From 41f31a2eb2d21751b71a648763ec7bb75f066754 Mon Sep 17 00:00:00 2001 From: Steve Date: Mon, 14 May 2012 11:21:40 -0400 Subject: [PATCH 21/26] Remove init script --- amtu-1.0.8-init.patch | 146 ------------------------------------------ amtu.spec | 21 ++---- 2 files changed, 5 insertions(+), 162 deletions(-) delete mode 100644 amtu-1.0.8-init.patch diff --git a/amtu-1.0.8-init.patch b/amtu-1.0.8-init.patch deleted file mode 100644 index 44563c4..0000000 --- a/amtu-1.0.8-init.patch +++ /dev/null @@ -1,146 +0,0 @@ -diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in ---- amtu-1.0.8.orig/configure.in 2009-09-11 09:43:44.000000000 -0400 -+++ amtu-1.0.8/configure.in 2009-09-11 09:44:10.000000000 -0400 -@@ -19,7 +19,7 @@ - esac - AC_CHECK_LIB(laus, laus_open) - AC_CHECK_LIB(audit, audit_open) --AC_OUTPUT(Makefile src/Makefile doc/Makefile) -+AC_OUTPUT(Makefile src/Makefile init/Makefile doc/Makefile) - - echo . - echo " -diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init ---- amtu-1.0.8.orig/init/amtu.init 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/amtu.init 2009-09-11 13:35:53.000000000 -0400 -@@ -0,0 +1,86 @@ -+#!/bin/sh -+# -+# amtu: Abstract Machine Tests -+# -+# chkconfig: - 96 99 -+# description: This service runs the abstract machine tests to check the \ -+# underlying security assumptions. It can be configured to -+# halt the machine in the event of failure. The program does -+# not stay resident, but rather runs once. -+# -+# processname: /usr/sbin/amtu -+# config: /etc/sysconfig/amtu -+# -+# Return values according to LSB for all commands but status: -+# 0 - success -+# 1 - generic or unspecified error -+# 2 - invalid or excess argument(s) -+# 3 - unimplemented feature (e.g. "reload") -+# 4 - insufficient privilege -+# 5 - program is not installed -+# 6 - program is not configured -+# 7 - program is not running -+ -+PATH=/sbin:/bin:/usr/sbin:/usr/bin -+prog="amtu" -+ -+# Source function library. -+. /etc/rc.d/init.d/functions -+ -+# Allow anyone to run status -+if [ "$1" = "status" ] ; then -+ exit 0 -+fi -+ -+# Check that we are root ... so non-root users stop here -+test $EUID = 0 || exit 4 -+ -+# Check config -+test -f /etc/sysconfig/amtu && . /etc/sysconfig/amtu -+ -+RETVAL=0 -+ -+start() { -+ test -x /usr/sbin/amtu || exit 5 -+ # Now check that the syconfig is found and has important things -+ # configured -+ test -f /etc/sysconfig/amtu || exit 6 -+ test x"$AMTU_HALT_ON_FAILURE" != "x" || exit 6 -+ test x"$HALT_COMMAND" != "x" || exit 6 -+ echo -n $"Starting $prog: " -+ daemon $prog "$EXTRAOPTIONS" >/dev/null 2>&1 -+ RETVAL=$? -+ echo -+ if [ $RETVAL -ne 0 ] ; then -+ if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then -+ # Give audit daemon chance to write to disk -+ sleep 3 -+ logger "Amtu failed and halt on failure requested" -+ $HALT_COMMAND -+ fi -+ fi -+ return $RETVAL -+} -+ -+stop() { -+ /bin/true -+} -+ -+# See how we were called. -+case "$1" in -+ start) -+ start -+ ;; -+ stop) -+ stop -+ ;; -+ restart) -+ stop -+ start -+ ;; -+ *) -+ echo $"Usage: $0 {start|stop|restart}" -+ RETVAL=3 -+ ;; -+esac -+exit $RETVAL -diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig ---- amtu-1.0.8.orig/init/amtu.sysconfig 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/amtu.sysconfig 2009-09-11 09:44:10.000000000 -0400 -@@ -0,0 +1,11 @@ -+# Add extra options here: -+EXTRAOPTIONS="" -+# -+# This option is used to determine if failing any amtu test should result in -+# the machine being unusable. The default is no, but it can be changed to -+# yes in case this is desired. -+AMTU_HALT_ON_FAILURE="no" -+# -+# Should halt on failure trigger and its set to yes, the following command -+# will be issued to stop the system: -+HALT_COMMAND="poweroff" -diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am ---- amtu-1.0.8.orig/init/Makefile.am 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/Makefile.am 2009-09-11 09:44:10.000000000 -0400 -@@ -0,0 +1,16 @@ -+ -+CONFIG_CLEAN_FILES = *.rej *.orig -+EXTRA_DIST = amtu.init amtu.sysconfig -+initdir=$(sysconfdir)/rc.d/init.d -+sysconfigdir=$(sysconfdir)/sysconfig -+ -+install-data-hook: -+ $(INSTALL_DATA) -D -m 640 ${srcdir}/amtu.sysconfig ${DESTDIR}${sysconfigdir}/amtu -+ -+install-exec-hook: -+ $(INSTALL_SCRIPT) -D -m 755 ${srcdir}/amtu.init ${DESTDIR}${initdir}/amtu -+ -+uninstall-hook: -+ rm ${DESTDIR}${sysconfigdir}/amtu -+ rm ${DESTDIR}${initdir}/amtu -+ -diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am ---- amtu-1.0.8.orig/Makefile.am 2009-09-11 09:43:44.000000000 -0400 -+++ amtu-1.0.8/Makefile.am 2009-09-11 09:44:10.000000000 -0400 -@@ -1,4 +1,4 @@ --SUBDIRS = src doc -+SUBDIRS = src init doc - EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README - CONFIG_CLEAN_FILES = debug*.list config/* - diff --git a/amtu.spec b/amtu.spec index 1f47b9f..2c9197c 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,18 +1,16 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 9%{?dist} +Release: 10%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz Patch1: amtu-1.0.8-doc.patch -Patch2: amtu-1.0.8-init.patch -Patch3: amtu-1.0.8-memsep.patch +Patch2: amtu-1.0.8-memsep.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake -Requires: chkconfig ExclusiveArch: i386 i686 x86_64 ppc ppc64 s390 s390x ia64 %description @@ -26,7 +24,6 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %setup -q %patch1 -p1 %patch2 -p1 -%patch3 -p1 %build touch ChangeLog @@ -43,24 +40,16 @@ make "DESTDIR=${RPM_BUILD_ROOT}" "bindir=%{_sbindir}" install %clean rm -rf $RPM_BUILD_ROOT -%post -/sbin/chkconfig --add amtu - -%preun -if [ $1 -eq 0 ]; then - /sbin/service amtu stop > /dev/null 2>&1 - /sbin/chkconfig --del amtu -fi - %files %defattr(-,root,root, -) %doc doc/AMTUHowTo.txt LICENSE -%attr(755,root,root) /etc/rc.d/init.d/amtu -%config(noreplace) %attr(640,root,root) /etc/sysconfig/amtu %attr(0750,root,root) %{_sbindir}/amtu %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Mon May 14 2012 Steve Grubb - 1.0.8-10 +- Remove init script + * Thu Jan 12 2012 Fedora Release Engineering - 1.0.8-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild From ae9a3e12b12e77bb159813f5768b9cc7335e7ded Mon Sep 17 00:00:00 2001 From: Steve Date: Mon, 14 May 2012 11:38:08 -0400 Subject: [PATCH 22/26] Handle new network device naming scheme (#682337) --- amtu-1.0.8-net-device.patch | 159 ++++++++++++++++++++++++++++++++++++ amtu.spec | 9 +- 2 files changed, 166 insertions(+), 2 deletions(-) create mode 100644 amtu-1.0.8-net-device.patch diff --git a/amtu-1.0.8-net-device.patch b/amtu-1.0.8-net-device.patch new file mode 100644 index 0000000..21d69e5 --- /dev/null +++ b/amtu-1.0.8-net-device.patch @@ -0,0 +1,159 @@ +From aa004563d3951086283f896342ec4b3b96fb8785 Mon Sep 17 00:00:00 2001 +From: Jan Stancek +Date: Wed, 24 Aug 2011 11:54:30 +0200 +Subject: [PATCH] networkio: check ifc type and carrier in /sys + +With biosdevname changes it's no longer valid to check +interface type just by name of interface. + +This patch will get interface hardware type and carrier from +/sys/class/net. As in previous implementation, only ethernet +and token ring can be used, and carrier must be present. + +Difference is, that now all devices, that match this criteria, +will get tested, e.g. bridge or tap devices too. + +Patch aims to resolve these bugs: +Bug 689823 - [AMTU] "Failed to get list of network interfaces to test." +https://bugzilla.redhat.com/show_bug.cgi?id=689823 + +Bug 723049 - [RHEL6.0] AMTU Running network tests on interfaces that +have no link +https://bugzilla.redhat.com/show_bug.cgi?id=723049 + +Before: +[root@dell-pem710 amtu-1.0.8]# ./src/amtu -dn +Executing Network I/O Tests... +Failed to get list of network interfaces to test. + +After: +[root@dell-pem710 amtu-1.0.8]# ./src/amtu -dn +Executing Network I/O Tests... +if: lo, type: 772, carrier: 1 +if: em1, type: 1, carrier: 1 +if: em2, type: 1, carrier: 1 +if: em3, type: 1, carrier: -1 +if: em4, type: 1, carrier: -1 +if: lo, type: 772, carrier: 1 +if: em1, type: 1, carrier: 1 +if: lo, type: 772, carrier: 1 +if: em1, type: 1, carrier: 1 +if: em1, type: 1, carrier: 1 +if: em2, type: 1, carrier: 1 +if: em2, type: 1, carrier: 1 + +Interface list to test: + em1 + em2 + +Signed-off-by: Jan Stancek +--- + src/networkio.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 files changed, 73 insertions(+), 5 deletions(-) + +diff --git a/src/networkio.c b/src/networkio.c +index bfa69e8..54f99c3 100644 +--- a/src/networkio.c ++++ b/src/networkio.c +@@ -41,6 +41,9 @@ + #include + #include + #include ++#include ++#include ++#include + #include + #include + #include "amtu.h" +@@ -143,7 +146,51 @@ int send_packet(struct interface_info *iff) + close(ssock_fd); + return 0; + } +- ++ ++int sysfs_present(const char *path) ++{ ++ struct stat st; ++ return stat(path, &st); ++} ++ ++int get_sysfs_value(const char *sysfs_path) ++{ ++ FILE *f; ++ int value = -1; ++ ++ f = fopen(sysfs_path, "r"); ++ if (f) { ++ fscanf(f, "%d", &value); ++ fclose(f); ++ } ++ ++ return value; ++} ++ ++int get_interface_type(const char *if_name) ++{ ++ char sysfs_if_type[PATH_MAX]; ++ int type = -1; ++ ++ if (snprintf(sysfs_if_type, PATH_MAX, ++ "/sys/class/net/%s/type", if_name) > 0) { ++ type = get_sysfs_value(sysfs_if_type); ++ } ++ return type; ++} ++ ++int get_interface_carrier(const char *if_name) ++{ ++ char sysfs_if_carrier[PATH_MAX]; ++ int carrier = 0; ++ ++ if (snprintf(sysfs_if_carrier, PATH_MAX, ++ "/sys/class/net/%s/carrier", if_name) > 0) { ++ carrier = get_sysfs_value(sysfs_if_carrier); ++ } ++ return carrier; ++} ++ + /****************************************************************/ + /* */ + /* FUNCTION: get_interfaces */ +@@ -174,10 +221,31 @@ int get_interfaces() + struct interface_info *np; + int found = 0; + +- /* only testing ethernet and tokenring */ +- if ((strncmp(ifa->ifa_name, "eth", 3) != 0) && +- (strncmp(ifa->ifa_name, "tr", 2) != 0)) +- continue; ++ if (sysfs_present("/sys/class/net") == 0) { ++ int if_type = -1; ++ int if_carrier = 0; ++ ++ if_type = get_interface_type(ifa->ifa_name); ++ if_carrier = get_interface_carrier(ifa->ifa_name); ++ ++ if (debug) ++ printf("if: %7s, type: %4d, carrier: %3d\n", ++ ifa->ifa_name, if_type, if_carrier); ++ ++ /* only testing ethernet and tokenring */ ++ if (if_type != ARPHRD_ETHER && ++ if_type != ARPHRD_IEEE802_TR) ++ continue; ++ ++ /* only testing if carrier present */ ++ if (if_carrier != 1) ++ continue; ++ } else { ++ /* with no sysfs, just fall back to old way */ ++ if ((strncmp(ifa->ifa_name, "eth", 3) != 0) && ++ (strncmp(ifa->ifa_name, "tr", 2) != 0)) ++ continue; ++ } + + /* check family */ + if (ifa->ifa_addr->sa_family != AF_INET && +-- +1.7.1 + diff --git a/amtu.spec b/amtu.spec index 2c9197c..1e8e8e4 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,13 +1,14 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 10%{?dist} +Release: 11%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz Patch1: amtu-1.0.8-doc.patch Patch2: amtu-1.0.8-memsep.patch +Patch3: amtu-1.0.8-net-device.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake @@ -24,6 +25,7 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build touch ChangeLog @@ -47,8 +49,11 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Mon May 14 2012 Steve Grubb - 1.0.8-11 +- Handle new network device naming scheme (#682337) + * Mon May 14 2012 Steve Grubb - 1.0.8-10 -- Remove init script +- Remove init script (#754358) * Thu Jan 12 2012 Fedora Release Engineering - 1.0.8-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild From 34d69acd17be20d9a1635ec46343e72a3adbc59e Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 18 Jul 2012 10:59:13 -0500 Subject: [PATCH 23/26] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 1e8e8e4..60521d4 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 11%{?dist} +Release: 12%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -49,6 +49,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Wed Jul 18 2012 Fedora Release Engineering - 1.0.8-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + * Mon May 14 2012 Steve Grubb - 1.0.8-11 - Handle new network device naming scheme (#682337) From eab976ed4984610ff3a139ed3ada99285c884e08 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 13 Feb 2013 10:31:38 -0600 Subject: [PATCH 24/26] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index 60521d4..a0aae42 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 12%{?dist} +Release: 13%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -49,6 +49,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Wed Feb 13 2013 Fedora Release Engineering - 1.0.8-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + * Wed Jul 18 2012 Fedora Release Engineering - 1.0.8-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild From 8bc487138a38c63b89abe786136b48b791d06c2d Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 2 Aug 2013 19:45:42 -0500 Subject: [PATCH 25/26] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- amtu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/amtu.spec b/amtu.spec index a0aae42..e94c47a 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,7 +1,7 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu Version: 1.0.8 -Release: 13%{?dist} +Release: 14%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ @@ -49,6 +49,9 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Sat Aug 03 2013 Fedora Release Engineering - 1.0.8-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Wed Feb 13 2013 Fedora Release Engineering - 1.0.8-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From 8e462d10686e715addbe037fa5552207dbbb5b84 Mon Sep 17 00:00:00 2001 From: sgrubb Date: Fri, 30 May 2014 16:29:34 -0400 Subject: [PATCH 26/26] AMTU was needed for Common Criteria testing. No PP has needed it in about 5 years. Upstream for the package is also dead. --- .gitignore | 10 --- amtu-1.0.8-doc.patch | 117 ------------------------- amtu-1.0.8-memsep.patch | 12 --- amtu-1.0.8-net-device.patch | 159 --------------------------------- amtu.spec | 170 ------------------------------------ dead.package | 1 + sources | 1 - 7 files changed, 1 insertion(+), 469 deletions(-) delete mode 100644 .gitignore delete mode 100644 amtu-1.0.8-doc.patch delete mode 100644 amtu-1.0.8-memsep.patch delete mode 100644 amtu-1.0.8-net-device.patch delete mode 100644 amtu.spec create mode 100644 dead.package delete mode 100644 sources diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 9ec1f57..0000000 --- a/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -amtu-0.1.tar.gz -amtu-1.0.tar.gz -amtu-1.0.1.tar.gz -amtu-1.0.2.tar.gz -amtu-1.0.3.tar.gz -amtu-1.0.4.tar.gz -amtu-1.0.5-1.tar.gz -amtu-1.0.6.tar.gz -amtu-1.0.7.tar.gz -amtu-1.0.8.tar.gz diff --git a/amtu-1.0.8-doc.patch b/amtu-1.0.8-doc.patch deleted file mode 100644 index b6fb6ac..0000000 --- a/amtu-1.0.8-doc.patch +++ /dev/null @@ -1,117 +0,0 @@ -diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt ---- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 -@@ -0,0 +1,105 @@ -+ABSTRACT MACHINE TEST UTILITY HOWTO -+ -+ -+OVERVIEW -+ -+Abstract Machine Test Utility (AMTU) is an administrative utility to check -+whether the underlying protection mechanism of the hardware are still being -+enforced. This is a requirement of the Controlled Access Protection Profile -+(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. -+AMTU executes the following tests: -+ -+* Memory -+ -+Randomly writes to areas of memory and then reading the memory back to -+ensure the values written remain unchanged. -+ -+* Memory Separation -+ -+Ensures that user space programs cannot read and write to areas of memory -+utilized by the likes of Video RAM, kernel code, etc. -+ -+* I/O Controller - Network -+ -+Verifies random data transmitted is also the data received for each configured -+network device. Only ethernet and token ring devices that are configured and -+up are checked. Async devices are not checked. -+ -+* I/O Controller - Disk -+ -+Verifies that information written to disks remains unchanged. Only SCSI and IDE -+controllers associated with mounted filesystems are checked. -+ -+* Supervisor Mode Instructions -+ -+Ensures that the enforcement of the property that privileged instructions -+should only be in supervisor mode is still in effect. The set privileged -+instructions tested to confirm this is architecture dependant. -+ -+ -+ -+TESTED VERSIONS -+ -+AMTU has been tested on the following: -+ -+* RHEL4 and 5 -+* SuSE SLES 8 -+* pSeries (32-bit and 64-bit) -+* iSeries (64-bit) -+* zSeries (31-bit) -+* xSeries (32-bit) -+ -+ -+ -+INSTALLING AMTU -+ -+VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES -+ -+Before installing AMTU, verify that your system meets the following -+requirements and prerequisites: -+ -+* The system is running in the Common Criteria evaluated configuration. -+ -+ -+COMPILING AND INSTALLING AMTU -+ -+Untar the AMTU source tarball. Then issue the following commands: -+ ./bootstrap -+ ./configure -+ make -+ make install -+ -+Only the last step must be run as root. During the ./configure stage -+you may opt to change various options including default install directory. -+ -+When compiling AMTU as a 64-bit application on a PPC64 architecture (with the -+exception of Squadron pSeries), specify -+ -+ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc -+ -+where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. -+ -+To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, -+ -+ ./configure CC="gcc -m64" -+ -+ -+ -+RUNNING AMTU -+ -+AMTU installs to /usr/bin/amtu by default. You can add optional command line -+arguments (see the AMTU man page (amtu.8) for more details). -+ -+ -+ -+INTERPRETING RESULTS -+ -+AMTU issues the following return codes when executed: -+ -+ * -1 - Program abort error -+ * 0 - Successful program completion -+ -+If the error is repeatable, you can re-run amtu with the -d option to get -+more information about the failure. The success or failure of AMTU is logged -+in the audit log files (see auditd.8). -+ -diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am ---- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 -+++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 -@@ -1,3 +1,3 @@ - CONFIG_CLEAN_FILES = *.rej *.orig --EXTRA_DIST = $(man_MANS) -+EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt - man_MANS = amtu.8 diff --git a/amtu-1.0.8-memsep.patch b/amtu-1.0.8-memsep.patch deleted file mode 100644 index 679f08c..0000000 --- a/amtu-1.0.8-memsep.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urp amtu-1.0.8.orig/src/memsep.c amtu-1.0.8/src/memsep.c ---- amtu-1.0.8.orig/src/memsep.c 2010-01-18 10:56:48.000000000 -0500 -+++ amtu-1.0.8/src/memsep.c 2010-01-18 11:42:23.000000000 -0500 -@@ -102,7 +102,7 @@ void sig_handler(int sig) - #endif - int *get_pointer_in_range(int *start, int *end) - { -- return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start + 1))); -+ return (int *)((char *)start + (RANDNUM % ((char *)end - (char *)start))); - } - - /************************************************************************/ diff --git a/amtu-1.0.8-net-device.patch b/amtu-1.0.8-net-device.patch deleted file mode 100644 index 21d69e5..0000000 --- a/amtu-1.0.8-net-device.patch +++ /dev/null @@ -1,159 +0,0 @@ -From aa004563d3951086283f896342ec4b3b96fb8785 Mon Sep 17 00:00:00 2001 -From: Jan Stancek -Date: Wed, 24 Aug 2011 11:54:30 +0200 -Subject: [PATCH] networkio: check ifc type and carrier in /sys - -With biosdevname changes it's no longer valid to check -interface type just by name of interface. - -This patch will get interface hardware type and carrier from -/sys/class/net. As in previous implementation, only ethernet -and token ring can be used, and carrier must be present. - -Difference is, that now all devices, that match this criteria, -will get tested, e.g. bridge or tap devices too. - -Patch aims to resolve these bugs: -Bug 689823 - [AMTU] "Failed to get list of network interfaces to test." -https://bugzilla.redhat.com/show_bug.cgi?id=689823 - -Bug 723049 - [RHEL6.0] AMTU Running network tests on interfaces that -have no link -https://bugzilla.redhat.com/show_bug.cgi?id=723049 - -Before: -[root@dell-pem710 amtu-1.0.8]# ./src/amtu -dn -Executing Network I/O Tests... -Failed to get list of network interfaces to test. - -After: -[root@dell-pem710 amtu-1.0.8]# ./src/amtu -dn -Executing Network I/O Tests... -if: lo, type: 772, carrier: 1 -if: em1, type: 1, carrier: 1 -if: em2, type: 1, carrier: 1 -if: em3, type: 1, carrier: -1 -if: em4, type: 1, carrier: -1 -if: lo, type: 772, carrier: 1 -if: em1, type: 1, carrier: 1 -if: lo, type: 772, carrier: 1 -if: em1, type: 1, carrier: 1 -if: em1, type: 1, carrier: 1 -if: em2, type: 1, carrier: 1 -if: em2, type: 1, carrier: 1 - -Interface list to test: - em1 - em2 - -Signed-off-by: Jan Stancek ---- - src/networkio.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++--- - 1 files changed, 73 insertions(+), 5 deletions(-) - -diff --git a/src/networkio.c b/src/networkio.c -index bfa69e8..54f99c3 100644 ---- a/src/networkio.c -+++ b/src/networkio.c -@@ -41,6 +41,9 @@ - #include - #include - #include -+#include -+#include -+#include - #include - #include - #include "amtu.h" -@@ -143,7 +146,51 @@ int send_packet(struct interface_info *iff) - close(ssock_fd); - return 0; - } -- -+ -+int sysfs_present(const char *path) -+{ -+ struct stat st; -+ return stat(path, &st); -+} -+ -+int get_sysfs_value(const char *sysfs_path) -+{ -+ FILE *f; -+ int value = -1; -+ -+ f = fopen(sysfs_path, "r"); -+ if (f) { -+ fscanf(f, "%d", &value); -+ fclose(f); -+ } -+ -+ return value; -+} -+ -+int get_interface_type(const char *if_name) -+{ -+ char sysfs_if_type[PATH_MAX]; -+ int type = -1; -+ -+ if (snprintf(sysfs_if_type, PATH_MAX, -+ "/sys/class/net/%s/type", if_name) > 0) { -+ type = get_sysfs_value(sysfs_if_type); -+ } -+ return type; -+} -+ -+int get_interface_carrier(const char *if_name) -+{ -+ char sysfs_if_carrier[PATH_MAX]; -+ int carrier = 0; -+ -+ if (snprintf(sysfs_if_carrier, PATH_MAX, -+ "/sys/class/net/%s/carrier", if_name) > 0) { -+ carrier = get_sysfs_value(sysfs_if_carrier); -+ } -+ return carrier; -+} -+ - /****************************************************************/ - /* */ - /* FUNCTION: get_interfaces */ -@@ -174,10 +221,31 @@ int get_interfaces() - struct interface_info *np; - int found = 0; - -- /* only testing ethernet and tokenring */ -- if ((strncmp(ifa->ifa_name, "eth", 3) != 0) && -- (strncmp(ifa->ifa_name, "tr", 2) != 0)) -- continue; -+ if (sysfs_present("/sys/class/net") == 0) { -+ int if_type = -1; -+ int if_carrier = 0; -+ -+ if_type = get_interface_type(ifa->ifa_name); -+ if_carrier = get_interface_carrier(ifa->ifa_name); -+ -+ if (debug) -+ printf("if: %7s, type: %4d, carrier: %3d\n", -+ ifa->ifa_name, if_type, if_carrier); -+ -+ /* only testing ethernet and tokenring */ -+ if (if_type != ARPHRD_ETHER && -+ if_type != ARPHRD_IEEE802_TR) -+ continue; -+ -+ /* only testing if carrier present */ -+ if (if_carrier != 1) -+ continue; -+ } else { -+ /* with no sysfs, just fall back to old way */ -+ if ((strncmp(ifa->ifa_name, "eth", 3) != 0) && -+ (strncmp(ifa->ifa_name, "tr", 2) != 0)) -+ continue; -+ } - - /* check family */ - if (ifa->ifa_addr->sa_family != AF_INET && --- -1.7.1 - diff --git a/amtu.spec b/amtu.spec deleted file mode 100644 index e94c47a..0000000 --- a/amtu.spec +++ /dev/null @@ -1,170 +0,0 @@ -Summary: Abstract Machine Test Utility (AMTU) -Name: amtu -Version: 1.0.8 -Release: 14%{?dist} -License: CPL -Group: System Environment/Base -URL: http://sourceforge.net/projects/amtueal/ -Source0: %{name}-%{version}.tar.gz -Patch1: amtu-1.0.8-doc.patch -Patch2: amtu-1.0.8-memsep.patch -Patch3: amtu-1.0.8-net-device.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: audit-libs-devel >= 1.1.2 -BuildRequires: automake -ExclusiveArch: i386 i686 x86_64 ppc ppc64 s390 s390x ia64 - -%description -Abstract Machine Test Utility (AMTU) is an administrative utility to check -whether the underlying protection mechanism of the hardware are still being -enforced. This is a requirement of the Controlled Access Protection Profile -FPT_AMT.1, see -http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf - -%prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 - -%build -touch ChangeLog -touch NEWS -touch AUTHORS -autoreconf -fv --install -%configure -make %{?_smp_mflags} - -%install -rm -rf $RPM_BUILD_ROOT -make "DESTDIR=${RPM_BUILD_ROOT}" "bindir=%{_sbindir}" install - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root, -) -%doc doc/AMTUHowTo.txt LICENSE -%attr(0750,root,root) %{_sbindir}/amtu -%attr(0644,root,root) %{_mandir}/man8/* - -%changelog -* Sat Aug 03 2013 Fedora Release Engineering - 1.0.8-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Wed Feb 13 2013 Fedora Release Engineering - 1.0.8-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Wed Jul 18 2012 Fedora Release Engineering - 1.0.8-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Mon May 14 2012 Steve Grubb - 1.0.8-11 -- Handle new network device naming scheme (#682337) - -* Mon May 14 2012 Steve Grubb - 1.0.8-10 -- Remove init script (#754358) - -* Thu Jan 12 2012 Fedora Release Engineering - 1.0.8-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Mon Feb 07 2011 Fedora Release Engineering - 1.0.8-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Tue Feb 16 2010 Steve Grubb - 1.0.8-7 -- Move amtu to /usr/sbin - -* Mon Jan 18 2010 Steve Grubb - 1.0.8-6 -- Fix off by one in memory separation test - -* Fri Sep 11 2009 Steve Grubb - 1.0.8-5 -- Corrected config file test (#522708) -- Made init script more LSB compatible (#522789) - -* Fri Aug 28 2009 Steve Grubb - 1.0.8-4 -- Add ExclusiveArch for platforms having memory separation tests - -* Fri Aug 21 2009 Tomas Mraz - 1.0.8-3 -- rebuilt with new audit - -* Wed Aug 19 2009 Steve Grubb 1.0.8-2 -- rebuild for new audit-libs - -* Sun Jul 26 2009 Steve Grubb 1.0.8-1 -- new upstream version -- Add init script for bootup system check - -* Fri Jul 24 2009 Fedora Release Engineering - 1.0.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Wed Jul 01 2009 Steve Grubb 1.0.7-1 -- new upstream version - -* Mon Feb 23 2009 Fedora Release Engineering - 1.0.6-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Mon Jul 14 2008 Tom "spot" Callaway - 1.0.6-3 -- fix license tag - -* Tue Feb 19 2008 Fedora Release Engineering - 1.0.6-2 -- Autorebuild for GCC 4.3 - -* Sat Dec 08 2007 Steve Grubb 1.0.6-1 -- new upstream version - -* Thu Mar 08 2007 Steve Grubb 1.0.5-1 -- new upstream version - -* Fri Feb 16 2007 Steve Grubb 1.0.4-6 -- change buildroot - -* Thu Feb 8 2007 Steve Grubb 1.0.4-5 -- specfile updates - -* Tue Jan 9 2007 Steve Grubb 1.0.4-4 -- patch fixing network and disk tests - -* Wed Jul 12 2006 Jesse Keating - 1.0.4-3.1 -- rebuild - -* Mon Jun 12 2006 Jesse Keating - 1.0.4-3 -- Fix missing BR on automake - -* Fri Feb 10 2006 Jesse Keating - 1.0.4-2.2 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - 1.0.4-2.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Tue Jan 3 2006 Jesse Keating 1.0.4-2 -- rebuilt - -* Fri Dec 9 2005 Steve Grubb 1.0.4-1 -- New upstream version updated for new audit messages -* Mon Dec 5 2005 Steve Grubb 1.0.2-2 -- Fix "clean" section of spec file (bz 172942) -- Add memsep-random patch (bz 174767) -* Thu Jul 14 2005 Steve Grubb 1.0.2-1 -- New upstream version. -* Tue Jul 12 2005 Steve Grubb 1.0.1-1 -- New version fixes bug where audit system was disable at end of test. -* Wed Jun 8 2005 Steve Grubb 1.0-2 -- add a few more include "config.h" -* Fri May 27 2005 Steve Grubb 1.0-1 -- New upstream version from IBM -- Drop memsep patch -- Rework specfile -* Thu Sep 2 2004 root 0.1-7RHEL -- integrate memsep patch from Matt Anderson at HP -* Mon Aug 16 2004 root 0.1-6RHEL -- Integrate ia64 patches from HP's Matt Anderson, enabling use on ia64 -* Tue Jun 29 2004 root 0.1-4RHEL -- fix /usr/bin/amtu modes for real this time -* Tue Jun 29 2004 root 0.1-4RHEL -- set execute bits on /usr/bin/amtu -* Fri May 28 2004 ccb 0.1-3RHEL -- fixed owners and permissions in "files" -* Wed May 26 2004 ccb 0.1-2RHEL -- move docs to a version-qualified directory name -* Sat May 1 2004 root -- Initial build. - diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..b18e62c --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +AMTU was needed for Common Criteria testing. No PP has needed it in about 5 years. Upstream for the package is also dead. diff --git a/sources b/sources deleted file mode 100644 index c2f8d81..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -755b517a3a1cc4092435c349d9b99312 amtu-1.0.8.tar.gz