diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 4d9f8d7..f334ce1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,19 @@ at_3.1.10.tar.gz -atd.init -atd.sysconf test.pl at_3.1.11.orig.tar.gz at_3.1.12.orig.tar.gz -pam_atd /at_3.1.13.orig.tar.gz +/at_3.1.14.orig.tar.gz +/at_3.1.16.orig.tar.gz +/at_3.1.18.orig.tar.gz +/at_3.1.20.orig.tar.gz +/at_3.1.23.orig.tar.gz +/at_3.1.23.orig.tar.gz.asc +/at_3.2.1.orig.tar.gz +/at_3.2.1.orig.tar.gz.asc +/at_3.2.2.orig.tar.gz +/at_3.2.2.orig.tar.gz.asc +/at_3.2.4.orig.tar.gz +/at_3.2.4.orig.tar.gz.asc +/at_3.2.5.orig.tar.gz +/at_3.2.5.orig.tar.gz.sig diff --git a/56atd b/56atd deleted file mode 100644 index 86989e1..0000000 --- a/56atd +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# - -. "${PM_FUNCTIONS}" - -case "$1" in - hibernate|suspend) - ;; - thaw|resume) - if [ -f /etc/init.d/atd ]; then - /etc/init.d/atd restart - else - systemctl try-restart atd.service - fi - ;; - *) exit $NA - ;; -esac diff --git a/at-3.1.11-pam.patch b/at-3.1.11-pam.patch deleted file mode 100644 index 87a115c..0000000 --- a/at-3.1.11-pam.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- at-3.1.10/pam_atd.pam 2007-07-03 13:29:24.000000000 +0200 -+++ at-3.1.10/pam_atd 2007-07-03 13:29:24.000000000 +0200 -@@ -0,0 +1,9 @@ -+# The PAM configuration file for the at daemon -+# -+# -+auth required pam_env.so -+auth include password-auth -+account required pam_access.so -+account include password-auth -+session required pam_loginuid.so -+session include password-auth diff --git a/at-3.1.12-fix.patch b/at-3.1.12-fix.patch deleted file mode 100644 index 28d118d..0000000 --- a/at-3.1.12-fix.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -up at-3.1.12/atd.c.fix at-3.1.12/atd.c ---- at-3.1.12/atd.c.fix 2010-01-18 14:22:19.364913059 +0100 -+++ at-3.1.12/atd.c 2010-01-18 14:20:17.867912485 +0100 -@@ -458,11 +458,9 @@ run_file(const char *filename, uid_t uid - size = buf.st_size; - - #ifdef WITH_PAM -- PRIV_START -- PAM_HANDLING; -+ PAM_HANDLING; - closelog(); - openlog("atd", LOG_PID, LOG_ATD); -- PRIV_END - #endif - - close(STDIN_FILENO); -@@ -484,7 +482,6 @@ run_file(const char *filename, uid_t uid - if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) - nenvp = pam_envp; - #endif -- PRIV_END - /* Set up things for the child; we want standard input from the - * input file, and standard output and error sent to our output file. - */ -@@ -505,8 +502,6 @@ run_file(const char *filename, uid_t uid - if (chdir(ATJOB_DIR) < 0) - perr("Cannot chdir to " ATJOB_DIR); - -- PRIV_START -- - nice((tolower((int) queue) - 'a' + 1) * 2); - - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -531,6 +526,17 @@ run_file(const char *filename, uid_t uid - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -+ -+//add for fedora -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) -+ if (setexeccon(NULL) < 0) -+ if (security_getenforce()==1) -+ perr("Could not resset exec context for user %s\n", pentry->pw_name); -+ -+#endif -+//end -+//add for fedora - #ifdef WITH_PAM - if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) - { -@@ -553,7 +559,7 @@ run_file(const char *filename, uid_t uid - return with an ECHILD error. - */ - waitpid(pid, (int *) NULL, 0); -- -+/* - #ifdef WITH_PAM - PRIV_START - pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); -@@ -561,7 +567,7 @@ run_file(const char *filename, uid_t uid - pam_end(pamh, retcode); - PRIV_END - #endif -- -+*/ - /* Send mail. Unlink the output file after opening it, so it - * doesn't hang around after the run. - */ diff --git a/at-3.1.12-makefile.patch b/at-3.1.12-makefile.patch deleted file mode 100644 index 871166b..0000000 --- a/at-3.1.12-makefile.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -up at-3.1.12/Makefile.in.make at-3.1.12/Makefile.in ---- at-3.1.12/Makefile.in.make 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/Makefile.in 2009-12-03 13:23:08.794258910 +0100 -@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc - all: at atd atrun - - at: $(ATOBJECTS) -- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) - rm -f $(CLONES) - $(LN_S) -f at atq - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y -@@ -83,38 +83,42 @@ atrun: atrun.in - configure - - .c.o: -- $(CC) -c $(CFLAGS) $(DEFS) $*.c -+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c - - install: all -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(bindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(docdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d -+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) -+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) -+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) - touch $(IROOT)$(LFILE) - chmod 600 $(IROOT)$(LFILE) - chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) -- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 -s at $(IROOT)$(bindir) -+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ -+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd -+ $(INSTALL) -m 4755 at $(IROOT)$(bindir) - $(LN_S) -f at $(IROOT)$(bindir)/atq - $(LN_S) -f at $(IROOT)$(bindir)/atrm -- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) -- $(INSTALL) -g root -o root -m 755 -s atd $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ -+ $(INSTALL) -m 755 batch $(IROOT)$(bindir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) -+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) -+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ - cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 -- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ -+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ - sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman -- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 -+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 - rm -f tmpman -- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/ -+ $(INSTALL) -m 644 at_allow.5 $(IROOT)$(man5dir)/ - cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5 -- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) -+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) - rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ - $(IROOT)$(mandir)/cat1/atq.1* - rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/at-3.1.12-nitpicks.patch b/at-3.1.12-nitpicks.patch deleted file mode 100644 index 845c707..0000000 --- a/at-3.1.12-nitpicks.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff -up at-3.1.12/at.1.in.nit at-3.1.12/at.1.in ---- at-3.1.12/at.1.in.nit 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/at.1.in 2010-01-18 14:43:58.287163082 +0100 -@@ -121,7 +121,7 @@ and to run a job at 1am tomorrow, you wo - .B at 1am tomorrow. - .PP - The exact definition of the time specification can be found in --.IR @prefix@/share/doc/at/timespec . -+.IR @prefix@/share/doc/at-@VERSION@/timespec . - .PP - For both - .BR at " and " batch , -@@ -216,7 +216,7 @@ queue for - .BR batch . - Queues with higher letters run with increased niceness. The special - queue "=" is reserved for jobs which are currently running. --.P -+ - If a job is submitted to a queue designated with an uppercase letter, the - job is treated as if it were submitted to batch at the time of the job. - Once the time is reached, the batch processing rules with respect to load -@@ -253,7 +253,7 @@ is an alias for - .TP - .B \-v - Shows the time the job will be executed before reading the job. --.P -+ - Times displayed will be in the format "Thu Feb 20 14:50:00 1997". - .TP - .B -diff -up at-3.1.12/atd.c.nit at-3.1.12/atd.c ---- at-3.1.12/atd.c.nit 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/atd.c 2010-01-18 14:42:58.024161433 +0100 -@@ -83,6 +83,9 @@ - #include "getloadavg.h" - #endif - -+#ifndef LOG_ATD -+#define LOG_ATD LOG_DAEMON -+#endif - /* Macros */ - - #define BATCH_INTERVAL_DEFAULT 60 -@@ -194,6 +197,18 @@ myfork() - - #define fork myfork - #endif -+#undef ATD_MAIL_PROGRAM -+#undef ATD_MAIL_NAME -+#if defined(SENDMAIL) -+#define ATD_MAIL_PROGRAM SENDMAIL -+#define ATD_MAIL_NAME "sendmail" -+#elif defined(MAILC) -+#define ATD_MAIL_PROGRAM MAILC -+#define ATD_MAIL_NAME "mail" -+#elif defined(MAILX) -+#define ATD_MAIL_PROGRAM MAILX -+#define ATD_MAIL_NAME "mailx" -+#endif - - static void - run_file(const char *filename, uid_t uid, gid_t gid) -@@ -276,6 +291,9 @@ run_file(const char *filename, uid_t uid - free(newname); - return; - } -+ -+ (void) setsid(); //own session for process -+ - /* Let's see who we mail to. Hopefully, we can read it from - * the command file; if not, send it to the owner, or, failing that, - * to root. -@@ -435,6 +453,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir("/"); - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) -@@ -503,6 +524,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir ("/"); - - #if defined(SENDMAIL) -@@ -617,6 +641,7 @@ run_loop() - * Let's remove the lockfile and reschedule. - */ - strncpy(lock_name, dirent->d_name, sizeof(lock_name)); -+ lock_name[sizeof(lock_name)-1] = '\0'; - lock_name[0] = '='; - unlink(lock_name); - next_job = now; -@@ -651,6 +676,7 @@ run_loop() - run_batch++; - if (strcmp(batch_name, dirent->d_name) > 0) { - strncpy(batch_name, dirent->d_name, sizeof(batch_name)); -+ batch_name[sizeof(batch_name)-1] = '\0'; - batch_uid = buf.st_uid; - batch_gid = buf.st_gid; - batch_queue = queue; -@@ -725,11 +751,7 @@ main(int argc, char *argv[]) - - RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) - --#ifndef LOG_CRON --#define LOG_CRON LOG_DAEMON --#endif -- -- openlog("atd", LOG_PID, LOG_CRON); -+ openlog("atd", LOG_PID, LOG_ATD); - - opterr = 0; - errno = 0; diff --git a/at-3.1.12-nowrap.patch b/at-3.1.12-nowrap.patch deleted file mode 100644 index f18167b..0000000 --- a/at-3.1.12-nowrap.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -up at-3.1.12/at.c.nowrap at-3.1.12/at.c ---- at-3.1.12/at.c.nowrap 2010-02-18 14:39:50.125518422 +0100 -+++ at-3.1.12/at.c 2010-02-22 13:20:03.817150406 +0100 -@@ -308,10 +308,13 @@ writefile(time_t runtimer, char queue) - if (*ap == ' ') - *ap = '0'; - -- if (stat(atfile, &statbuf) != 0) -+ /*if (stat(atfile, &statbuf) != 0) { - if (errno != ENOENT) - perr("Cannot access " ATJOB_DIR); -- -+ } else { -+ perr("atjob file already exists; bailing"); -+ } -+ */ - /* Create the file. The x bit is only going to be set after it has - * been completely written out, to make sure it is not executed in the - * meantime. To make sure they do not get deleted, turn off their r diff --git a/at-3.1.12-opt_V.patch b/at-3.1.12-opt_V.patch deleted file mode 100644 index d25148d..0000000 --- a/at-3.1.12-opt_V.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up at-3.1.12/at.c.opt_V at-3.1.12/at.c ---- at-3.1.12/at.c.opt_V 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/at.c 2009-12-02 13:20:29.770215516 +0100 -@@ -853,10 +853,9 @@ main(int argc, char **argv) - */ - - if (disp_version) { -- fprintf(stderr, "at version " VERSION "\n" -- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n" -- "or contact the maintainers (at@packages.debian.org).\n"); -- exit(EXIT_SUCCESS); -+ fprintf(stderr, "at version " VERSION "\n"); -+ if (argc == 2) -+ exit(EXIT_SUCCESS); - } - - /* select our program diff --git a/at-3.1.12-pam.patch b/at-3.1.12-pam.patch deleted file mode 100644 index 3030ce5..0000000 --- a/at-3.1.12-pam.patch +++ /dev/null @@ -1,430 +0,0 @@ -diff -up at-3.1.12/at.c.pam at-3.1.12/at.c ---- at-3.1.12/at.c.pam 2010-03-15 09:57:27.043438000 +0100 -+++ at-3.1.12/at.c 2010-03-15 09:58:12.426689166 +0100 -@@ -141,18 +141,13 @@ sigc(int signo) - /* If the user presses ^C, remove the spool file and exit - */ - if (fcreated) { -- /* - PRIV_START -- -+ /* - We need the unprivileged uid here since the file is owned by the real - (not effective) uid. - */ -- setregid(real_gid, effective_gid); -- unlink(atfile); -- setregid(effective_gid, real_gid); -- /* -+ unlink(atfile); - PRIV_END -- */ - } - exit(EXIT_FAILURE); - } -@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue) - * bit. Yes, this is a kluge. - */ - cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); -- seteuid(real_uid); -+ if ((seteuid(effective_uid)) < 0) -+ perr("Error in seteuid: %s", errno); - if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) - perr("Cannot create atjob file %.500s", atfile); -- seteuid(effective_uid); - - if ((fd2 = dup(fd)) < 0) - perr("Error in dup() of job file"); - -- /* - if (fchown(fd2, real_uid, real_gid) != 0) -- perr("Cannot give away file"); -- */ -+ perr("Cannot give real_uid and real_gid the file"); - - PRIV_END - -- /* We no longer need suid root; now we just need to be able to write -- * to the directory, if necessary. -- */ -- -- REDUCE_PRIV(daemon_uid, daemon_gid) - /* We've successfully created the file; let's set the flag so it - * gets removed in case of an interrupt or error. - */ -@@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int - We need the unprivileged uid here since the file is owned by the real - (not effective) uid. - */ -- setregid(real_gid, effective_gid); -+ PRIV_START - - if (queue == '=') { - fprintf(stderr, "Warning: deleting running job\n"); -@@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int - perr("Cannot unlink %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -+ PRIV_END - -- setregid(effective_gid, real_gid); - done = 1; - - break; -@@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int - FILE *fp; - int ch; - -- setregid(real_gid, effective_gid); -+ PRIV_START - fp = fopen(dirent->d_name, "r"); - - if (fp) { -@@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int - perr("Cannot open %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -- setregid(effective_gid, real_gid); -+ PRIV_END - } - break; - -diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c ---- at-3.1.12/atd.c.pam 2010-03-15 09:57:27.047513895 +0100 -+++ at-3.1.12/atd.c 2010-03-15 09:57:27.053437466 +0100 -@@ -111,7 +111,7 @@ static int run_as_daemon = 0; - - static volatile sig_atomic_t term_signal = 0; - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - #include - - static pam_handle_t *pamh = NULL; -@@ -120,15 +120,7 @@ static const struct pam_conv conv = { - NULL - }; - --#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ -- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -- pam_end(pamh, retcode); exit(1); \ -- } --#define PAM_END { retcode = pam_close_session(pamh,0); \ -- pam_end(pamh,retcode); } -- --#endif /* HAVE_PAM */ -+#endif /* WITH_PAM */ - - /* Signal handlers */ - RETSIGTYPE -@@ -234,7 +226,7 @@ run_file(const char *filename, uid_t uid - char queue; - char fmt[64]; - unsigned long jobno; --#ifdef HAVE_PAM -+#ifdef WITH_PAM - int retcode; - #endif - -@@ -395,16 +387,11 @@ run_file(const char *filename, uid_t uid - fstat(fd_out, &buf); - size = buf.st_size; - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - PRIV_START -- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); -- PAM_FAIL_CHECK; -- retcode = pam_acct_mgmt(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_open_session(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); -- PAM_FAIL_CHECK; -+ PAM_HANDLING; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); - PRIV_END - #endif - -@@ -419,7 +406,15 @@ run_file(const char *filename, uid_t uid - else if (pid == 0) { - char *nul = NULL; - char **nenvp = &nul; -+ char **pam_envp=0L; - -+ PRIV_START -+#ifdef WITH_PAM -+ pam_envp = pam_getenvlist(pamh); -+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) -+ nenvp = pam_envp; -+#endif -+ PRIV_END - /* Set up things for the child; we want standard input from the - * input file, and standard output and error sent to our output file. - */ -@@ -460,7 +455,16 @@ run_file(const char *filename, uid_t uid - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -- -+#ifdef WITH_PAM -+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) -+ { -+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) -+ free(*nenvp); -+ free( pam_envp ); -+ nenvp = &nul; -+ pam_envp=0L; -+ } -+#endif - PRIV_END - } - /* We're the parent. Let's wait. -@@ -474,7 +478,7 @@ run_file(const char *filename, uid_t uid - */ - waitpid(pid, (int *) NULL, 0); - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - PRIV_START - pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); - retcode = pam_close_session(pamh, PAM_SILENT); -@@ -503,6 +507,14 @@ run_file(const char *filename, uid_t uid - if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO) - close(fd_in); - -+#ifdef WITH_PAM -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh, PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif -+ - unlink(filename); - - /* The job is now finished. We can delete its input file. -@@ -511,8 +523,19 @@ run_file(const char *filename, uid_t uid - unlink(newname); - free(newname); - -+#ifdef ATD_MAIL_PROGRAM - if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { -+ int mail_pid = -1; -+#ifdef WITH_PAM -+ PAM_HANDLING; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif -+ -+ mail_pid = fork(); - -+ if ( mail_pid == 0 ) -+ { - PRIV_START - - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -537,7 +560,23 @@ run_file(const char *filename, uid_t uid - perr("Exec failed for mail command"); - - PRIV_END -+ } -+ else if ( mail_pid == -1 ) { -+ perr("fork of mailer failed"); -+ } -+ else { -+ /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); -+ } -+#ifdef WITH_PAM -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh, PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif - } -+#endif - exit(EXIT_SUCCESS); - } - -diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in ---- at-3.1.12/config.h.in.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/config.h.in 2010-03-15 09:57:27.054437183 +0100 -@@ -68,8 +68,8 @@ - /* Define to 1 if you have the header file. */ - #undef HAVE_NLIST_H - --/* Define to 1 for PAM support */ --#undef HAVE_PAM -+/* Define if you are building with_pam */ -+#undef WITH_PAM - - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac ---- at-3.1.12/configure.ac.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/configure.ac 2010-03-15 09:57:27.055443883 +0100 -@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG - AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) - AC_CHECK_HEADERS(security/pam_appl.h, [ - PAMLIB="-lpam" -- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support]) -+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support]) - ]) - - dnl Checking for programs -@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username, - ) - AC_SUBST(DAEMON_USERNAME) - -+AC_ARG_WITH(pam, -+[ --with-pam Define to enable pam support ], -+AC_DEFINE(WITH_PAM), -+) -+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') -+AC_SUBST(PAMLIB) -+ - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], -diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c ---- at-3.1.12/perm.c.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/perm.c 2010-03-15 09:57:27.055443883 +0100 -@@ -51,6 +51,14 @@ - #define PRIV_END while(0) - #endif - -+#ifdef WITH_PAM -+#include -+static pam_handle_t *pamh = NULL; -+static const struct pam_conv conv = { -+ NULL -+}; -+#endif -+ - /* Structures and unions */ - - -@@ -108,18 +116,51 @@ user_in_file(const char *path, const cha - int - check_permission() - { -- uid_t uid = geteuid(); -+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); - struct passwd *pentry; - int allow = 0, deny = 1; - -- if (uid == 0) -+ int retcode = 0; -+ if (euid == 0) - return 1; - -- if ((pentry = getpwuid(uid)) == NULL) { -+ if ((pentry = getpwuid(euid)) == NULL) { - perror("Cannot access user database"); - exit(EXIT_FAILURE); - } - -+#ifdef WITH_PAM -+/* -+ * We must check if the atd daemon userid will be allowed to gain the job owner user's -+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. -+ */ -+ if (setreuid(daemon_uid, daemon_uid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setregid(daemon_gid, daemon_gid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+ -+ pam_close_session(pamh,PAM_SILENT); -+ -+ PAM_HANDLING; -+ -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh,PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ -+ if (setregid(gid,egid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setreuid(uid,euid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+#endif -+ - allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); - if (allow==0 || allow==1) - return allow; -diff -up at-3.1.12/privs.h.pam at-3.1.12/privs.h ---- at-3.1.12/privs.h.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/privs.h 2010-03-15 09:57:27.060442603 +0100 -@@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da - #error "Cannot implement user ID swapping without setreuid or setresuid" - #endif - #endif -+ -+#ifdef WITH_PAM -+/* PAM failed after session was open. */ -+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ -+ pam_close_session(pamh,PAM_SILENT); -+ -+/* syslog will be logging error messages */ -+#ifdef HAVE_UNISTD_H -+#include -+#endif -+ -+/* PAM fail even before opening the session */ -+#define PAM_FAIL_CHECK \ -+ do { if (retcode != PAM_SUCCESS) { \ -+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \ -+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ if (pamh) \ -+ pam_end(pamh, retcode); \ -+ if (setregid(getgid(),getegid()) != 0) { \ -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ if (setreuid(getuid(),geteuid()) != 0) { \ -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ exit(1); \ -+ } \ -+ } while (0) \ -+ -+/* PAM - check after every operation whether they passed */ -+#define PAM_HANDLING \ -+ do { pamh = NULL; \ -+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_open_session(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \ -+ PAM_SESSION_FAIL; \ -+ PAM_FAIL_CHECK; \ -+ } while (0) -+ -+/* OLD FAIL_CHECK ONLY FOR perm.c -+ * define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -+ * fprintf(stderr,"\nPAM failure %s\n",pam_strerror(pamh, retcode)); \ -+ * syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ * if (pamh) \ -+ * pam_end(pamh, retcode); \ -+ * exit(1); \ -+ * } -+ */ -+ -+#endif -+ diff --git a/at-3.1.12-selinux.patch b/at-3.1.12-selinux.patch deleted file mode 100644 index 8290bc1..0000000 --- a/at-3.1.12-selinux.patch +++ /dev/null @@ -1,152 +0,0 @@ -diff -up at-3.1.12/config.h.in.selinux at-3.1.12/config.h.in ---- at-3.1.12/config.h.in.selinux 2009-12-02 16:32:19.469228959 +0100 -+++ at-3.1.12/config.h.in 2009-12-02 16:32:57.706966488 +0100 -@@ -71,6 +71,9 @@ - /* Define if you are building with_pam */ - #undef WITH_PAM - -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX -+ - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC - -diff -up at-3.1.12/configure.ac.selinux at-3.1.12/configure.ac ---- at-3.1.12/configure.ac.selinux 2009-12-02 16:31:15.323246019 +0100 -+++ at-3.1.12/configure.ac 2009-12-02 16:32:01.425966844 +0100 -@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname, - ) - AC_SUBST(DAEMON_GROUPNAME) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch) - AC_OUTPUT -diff -up at-3.1.12/Makefile.in.selinux at-3.1.12/Makefile.in ---- at-3.1.12/Makefile.in.selinux 2009-12-02 16:30:11.923216529 +0100 -+++ at-3.1.12/Makefile.in 2009-12-02 16:30:57.949215706 +0100 -@@ -39,6 +39,7 @@ LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - INSTALL = @INSTALL@ - PAMLIB = @PAMLIB@ -+SELINUXLIB = @SELINUXLIB@ - - CLONES = atq atrm - ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o -diff -up at-3.1.12/atd.c.selinux at-3.1.12/atd.c ---- at-3.1.12/atd.c.selinux 2009-12-03 13:03:57.182284669 +0100 -+++ at-3.1.12/atd.c 2009-12-03 13:07:20.542272874 +0100 -@@ -83,6 +83,14 @@ - #include "getloadavg.h" - #endif - -+#ifdef WITH_SELINUX -+#include -+#include -+int selinux_enabled=0; -+#include -+#include -+#endif -+ - #ifndef LOG_ATD - #define LOG_ATD LOG_DAEMON - #endif -@@ -202,6 +210,68 @@ myfork() - #define ATD_MAIL_NAME "mailx" - #endif - -+#ifdef WITH_SELINUX -+static int set_selinux_context(const char *name, const char *filename) { -+ security_context_t user_context=NULL; -+ security_context_t file_context=NULL; -+ struct av_decision avd; -+ int retval=-1; -+ char *seuser=NULL; -+ char *level=NULL; -+ -+ if (getseuserbyname(name, &seuser, &level) == 0) { -+ retval=get_default_context_with_level(seuser, level, NULL, &user_context); -+ free(seuser); -+ free(level); -+ if (retval) { -+ if (security_getenforce()==1) { -+ perr("execle: couldn't get security context for user %s\n", name); -+ } else { -+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); -+ return -1; -+ } -+ } -+ } -+ -+ /* -+ * Since crontab files are not directly executed, -+ * crond must ensure that the crontab file has -+ * a context that is appropriate for the context of -+ * the user cron job. It performs an entrypoint -+ * permission check for this purpose. -+ */ -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) -+ perr("fgetfilecon FAILED %s", filename); -+ -+ retval = security_compute_av(user_context, -+ file_context, -+ SECCLASS_FILE, -+ FILE__ENTRYPOINT, -+ &avd); -+ freecon(file_context); -+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { -+ if (security_getenforce()==1) { -+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); -+ } else { -+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; -+ } -+ } -+ if (setexeccon(user_context) < 0) { -+ if (security_getenforce()==1) { -+ perr("Could not set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ } else { -+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); -+ } -+ } -+ err: -+ freecon(user_context); -+ return 0; -+} -+#endif -+ - static void - run_file(const char *filename, uid_t uid, gid_t gid) - { -@@ -452,6 +522,12 @@ run_file(const char *filename, uid_t uid - perr("Cannot reset signal handler to default"); - - chdir("/"); -+#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } -+#endif - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -@@ -774,6 +850,10 @@ main(int argc, char *argv[]) - struct passwd *pwe; - struct group *ge; - -+#ifdef WITH_SELINUX -+ selinux_enabled=is_selinux_enabled(); -+#endif -+ - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ diff --git a/at-3.1.12-shell.patch b/at-3.1.12-shell.patch deleted file mode 100644 index 617b8f9..0000000 --- a/at-3.1.12-shell.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff -up at-3.1.12/at.c.shell at-3.1.12/at.c ---- at-3.1.12/at.c.shell 2009-12-02 13:25:12.706989310 +0100 -+++ at-3.1.12/at.c 2009-12-02 13:26:01.991966200 +0100 -@@ -62,11 +62,8 @@ - #include - #include - --#ifdef TM_IN_SYS_TIME - #include --#else - #include --#endif - - #ifdef HAVE_UNISTD_H - #include -@@ -244,6 +241,12 @@ writefile(time_t runtimer, char queue) - int kill_errno; - int rc; - int mailsize = 128; -+ struct timeval tv; -+ struct timezone tz; -+ long int i; -+ -+ gettimeofday(&tv, &tz); -+ srandom(getpid()+tv.tv_usec); - - /* Install the signal handler for SIGINT; terminate after removing the - * spool file if necessary -@@ -461,6 +464,9 @@ writefile(time_t runtimer, char queue) - fprintf(fp, " || {\n\t echo 'Execution directory " - "inaccessible' >&2\n\t exit 1\n}\n"); - -+ i = random(); -+ fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i); -+ - istty = isatty(fileno(stdin)); - if (istty) { - fprintf(stderr, "at> "); -@@ -477,6 +483,7 @@ writefile(time_t runtimer, char queue) - fprintf(stderr, "\n"); - } - fprintf(fp, "\n"); -+ fprintf(fp, "marcinDELIMITER%08lx\n", i); - if (ferror(fp)) - panic("Output error"); - -@@ -926,7 +933,7 @@ main(int argc, char **argv) - It also alows a warning diagnostic to be printed. Because of the - possible variance, we always output the diagnostic. */ - -- fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); -+ //fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); - - writefile(timer, queue); - break; diff --git a/at-3.1.13-help.patch b/at-3.1.13-help.patch deleted file mode 100644 index 8014526..0000000 --- a/at-3.1.13-help.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up at-3.1.13/at.c.add at-3.1.13/at.c -diff -up at-3.1.13/panic.c.add at-3.1.13/panic.c ---- at-3.1.13/panic.c.add 2012-01-27 13:54:46.216466452 +0100 -+++ at-3.1.13/panic.c 2012-01-27 13:57:35.123747498 +0100 -@@ -92,8 +92,8 @@ usage(void) - { - /* Print usage and exit. - */ -- fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mlbv] timespec ...\n" -- " at [-V] [-q x] [-f file] [-mlbv] -t time\n" -+ fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mMlbv] timespec ...\n" -+ " at [-V] [-q x] [-f file] [-mMlbv] -t time\n" - " at -c job ...\n" - " atq [-V] [-q x]\n" - " at [ -rd ] job ...\n" diff --git a/at-3.1.13-makefile.patch b/at-3.1.13-makefile.patch deleted file mode 100644 index e429719..0000000 --- a/at-3.1.13-makefile.patch +++ /dev/null @@ -1,82 +0,0 @@ -diff -up at-3.1.13/Makefile.in.make at-3.1.13/Makefile.in ---- at-3.1.13/Makefile.in.make 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/Makefile.in 2011-07-29 08:06:28.317600053 +0200 -@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc - all: at atd atrun - - at: $(ATOBJECTS) -- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) - rm -f $(CLONES) - $(LN_S) -f at atq - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y -@@ -83,38 +83,41 @@ atrun: atrun.in - configure - - .c.o: -- $(CC) -c $(CFLAGS) $(DEFS) $*.c -+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c - - install: all -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(bindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(docdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/ -+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) -+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) -+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) - touch $(IROOT)$(LFILE) - chmod 600 $(IROOT)$(LFILE) - chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) -- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir) -+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ -+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd -+ $(INSTALL) -m 4755 at $(IROOT)$(bindir) - $(LN_S) -f at $(IROOT)$(bindir)/atq - $(LN_S) -f at $(IROOT)$(bindir)/atrm -- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) -- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ -+ $(INSTALL) -m 755 batch $(IROOT)$(bindir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) -+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) -+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ - cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 -- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ -+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ - sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman -- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 -+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 - rm -f tmpman -- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/ -+ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/ - cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 -- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) -+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) - rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ - $(IROOT)$(mandir)/cat1/atq.1* - rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/at-3.1.13-nitpicks.patch b/at-3.1.13-nitpicks.patch deleted file mode 100644 index 3582593..0000000 --- a/at-3.1.13-nitpicks.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff -up at-3.1.13/at.1.in.nit at-3.1.13/at.1.in ---- at-3.1.13/at.1.in.nit 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/at.1.in 2011-07-28 13:04:41.398174737 +0200 -@@ -126,7 +126,7 @@ and to run a job at 1am tomorrow, you wo - .B at 1am tomorrow. - .PP - The definition of the time specification can be found in --.IR @prefix@/share/doc/at/timespec . -+.IR @prefix@/share/doc/at-@VERSION@/timespec . - .PP - For both - .BR at " and " batch , -@@ -204,7 +204,7 @@ queue for - .BR batch . - Queues with higher letters run with increased niceness. The special - queue "=" is reserved for jobs which are currently running. --.P -+ - If a job is submitted to a queue designated with an uppercase letter, the - job is treated as if it were submitted to batch at the time of the job. - Once the time is reached, the batch processing rules with respect to load -@@ -248,7 +248,7 @@ is an alias for - .TP - .B \-v - Shows the time the job will be executed before reading the job. --.P -+ - Times displayed will be in the format "Thu Feb 20 14:50:00 1997". - .TP - .B -diff -up at-3.1.13/atd.c.nit at-3.1.13/atd.c ---- at-3.1.13/atd.c.nit 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/atd.c 2011-07-28 13:01:31.577967025 +0200 -@@ -83,6 +83,9 @@ - #include "getloadavg.h" - #endif - -+#ifndef LOG_ATD -+#define LOG_ATD LOG_DAEMON -+#endif - /* Macros */ - - #define BATCH_INTERVAL_DEFAULT 60 -@@ -194,6 +197,18 @@ myfork() - - #define fork myfork - #endif -+#undef ATD_MAIL_PROGRAM -+#undef ATD_MAIL_NAME -+#if defined(SENDMAIL) -+#define ATD_MAIL_PROGRAM SENDMAIL -+#define ATD_MAIL_NAME "sendmail" -+#elif defined(MAILC) -+#define ATD_MAIL_PROGRAM MAILC -+#define ATD_MAIL_NAME "mail" -+#elif defined(MAILX) -+#define ATD_MAIL_PROGRAM MAILX -+#define ATD_MAIL_NAME "mailx" -+#endif - - static void - run_file(const char *filename, uid_t uid, gid_t gid) -@@ -271,6 +286,9 @@ run_file(const char *filename, uid_t uid - free(newname); - return; - } -+ -+ (void) setsid(); //own session for process -+ - /* Let's see who we mail to. Hopefully, we can read it from - * the command file; if not, send it to the owner, or, failing that, - * to root. -@@ -433,6 +451,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir("/"); - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) -@@ -501,6 +522,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir ("/"); - - #if defined(SENDMAIL) -@@ -615,6 +639,7 @@ run_loop() - * Let's remove the lockfile and reschedule. - */ - strncpy(lock_name, dirent->d_name, sizeof(lock_name)); -+ lock_name[sizeof(lock_name)-1] = '\0'; - lock_name[0] = '='; - unlink(lock_name); - next_job = now; -@@ -649,6 +674,7 @@ run_loop() - run_batch++; - if (strcmp(batch_name, dirent->d_name) > 0) { - strncpy(batch_name, dirent->d_name, sizeof(batch_name)); -+ batch_name[sizeof(batch_name)-1] = '\0'; - batch_uid = buf.st_uid; - batch_gid = buf.st_gid; - batch_queue = queue; -@@ -723,11 +749,7 @@ main(int argc, char *argv[]) - - RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) - --#ifndef LOG_CRON --#define LOG_CRON LOG_DAEMON --#endif -- -- openlog("atd", LOG_PID, LOG_CRON); -+ openlog("atd", LOG_PID, LOG_ATD); - - opterr = 0; - errno = 0; diff --git a/at-3.1.13-selinux.patch b/at-3.1.13-selinux.patch deleted file mode 100644 index 255fe2b..0000000 --- a/at-3.1.13-selinux.patch +++ /dev/null @@ -1,165 +0,0 @@ -diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c ---- at-3.1.13/atd.c.selinux 2012-11-01 15:11:21.368772308 +0100 -+++ at-3.1.13/atd.c 2012-11-01 15:13:16.809162818 +0100 -@@ -83,6 +83,14 @@ - #include "getloadavg.h" - #endif - -+#ifdef WITH_SELINUX -+#include -+#include -+int selinux_enabled=0; -+#include -+#include -+#endif -+ - #ifndef LOG_ATD - #define LOG_ATD LOG_DAEMON - #endif -@@ -202,6 +210,68 @@ myfork() - #define ATD_MAIL_NAME "mailx" - #endif - -+#ifdef WITH_SELINUX -+static int set_selinux_context(const char *name, const char *filename) { -+ security_context_t user_context=NULL; -+ security_context_t file_context=NULL; -+ struct av_decision avd; -+ int retval=-1; -+ char *seuser=NULL; -+ char *level=NULL; -+ -+ if (getseuserbyname(name, &seuser, &level) == 0) { -+ retval=get_default_context_with_level(seuser, level, NULL, &user_context); -+ free(seuser); -+ free(level); -+ if (retval) { -+ if (security_getenforce()==1) { -+ perr("execle: couldn't get security context for user %s\n", name); -+ } else { -+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); -+ return -1; -+ } -+ } -+ } -+ -+ /* -+ * Since crontab files are not directly executed, -+ * crond must ensure that the crontab file has -+ * a context that is appropriate for the context of -+ * the user cron job. It performs an entrypoint -+ * permission check for this purpose. -+ */ -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) -+ perr("fgetfilecon FAILED %s", filename); -+ -+ retval = security_compute_av(user_context, -+ file_context, -+ SECCLASS_FILE, -+ FILE__ENTRYPOINT, -+ &avd); -+ freecon(file_context); -+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { -+ if (security_getenforce()==1) { -+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); -+ } else { -+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; -+ } -+ } -+ if (setexeccon(user_context) < 0) { -+ if (security_getenforce()==1) { -+ perr("Could not set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ } else { -+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); -+ } -+ } -+ err: -+ freecon(user_context); -+ return 0; -+} -+#endif -+ - static void - run_file(const char *filename, uid_t uid, gid_t gid) - { -@@ -446,9 +516,23 @@ run_file(const char *filename, uid_t uid - perr("Cannot reset signal handler to default"); - - chdir("/"); -- -+#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } -+#endif - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -+//add for fedora -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) -+ if (setexeccon(NULL) < 0) -+ if (security_getenforce()==1) -+ perr("Could not resset exec context for user %s\n", pentry->pw_name); -+#endif -+//end -+//add for fedora - #ifdef WITH_PAM - if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) - { -@@ -751,6 +835,10 @@ main(int argc, char *argv[]) - struct passwd *pwe; - struct group *ge; - -+#ifdef WITH_SELINUX -+ selinux_enabled=is_selinux_enabled(); -+#endif -+ - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ -diff -up at-3.1.13/config.h.in.selinux at-3.1.13/config.h.in ---- at-3.1.13/config.h.in.selinux 2012-11-01 15:11:21.368772308 +0100 -+++ at-3.1.13/config.h.in 2012-11-01 15:11:21.371772392 +0100 -@@ -71,6 +71,9 @@ - /* Define if you are building with_pam */ - #undef WITH_PAM - -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX -+ - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC - -diff -up at-3.1.13/configure.ac.selinux at-3.1.13/configure.ac ---- at-3.1.13/configure.ac.selinux 2012-11-01 15:11:21.369772335 +0100 -+++ at-3.1.13/configure.ac 2012-11-01 15:11:21.372772420 +0100 -@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname, - ) - AC_SUBST(DAEMON_GROUPNAME) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch) - AC_OUTPUT -diff -up at-3.1.13/Makefile.in.selinux at-3.1.13/Makefile.in ---- at-3.1.13/Makefile.in.selinux 2012-11-01 15:11:21.361772115 +0100 -+++ at-3.1.13/Makefile.in 2012-11-01 15:11:21.372772420 +0100 -@@ -39,6 +39,8 @@ LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - INSTALL = @INSTALL@ - PAMLIB = @PAMLIB@ -+SELINUXLIB = @SELINUXLIB@ -+ - - CLONES = atq atrm - ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o diff --git a/at-3.1.13-usePOSIXtimers.patch b/at-3.1.13-usePOSIXtimers.patch deleted file mode 100644 index 018bae2..0000000 --- a/at-3.1.13-usePOSIXtimers.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff -ur -x configure at-3.1.13.orig/atd.c at-3.1.13/atd.c ---- at-3.1.13.orig/atd.c 2011-11-16 11:30:22.424764253 -0500 -+++ at-3.1.13/atd.c 2011-11-16 16:41:12.102831656 -0500 -@@ -815,6 +815,54 @@ - return next_job; - } - -+#ifdef HAVE_CLOCK_GETTIME -+timer_t timer; -+struct itimerspec timeout; -+ -+void timer_setup() -+{ -+ struct sigevent sev; -+ -+ sev.sigev_notify = SIGEV_SIGNAL; -+ sev.sigev_signo = SIGHUP; -+ sev.sigev_value.sival_ptr = &timer; -+ -+ memset(&timeout, 0, sizeof(timeout)); -+ -+ if (timer_create(CLOCK_REALTIME, &sev, &timer) < 0) -+ pabort("unable to create timer"); -+} -+ -+time_t atd_gettime() -+{ -+ struct timespec curtime; -+ -+ clock_gettime(CLOCK_REALTIME, &curtime); -+ -+ return curtime.tv_sec; -+} -+ -+void atd_setalarm(time_t next) -+{ -+ timeout.it_value.tv_sec = next; -+ timer_settime(timer, TIMER_ABSTIME, &timeout, NULL); -+ pause(); -+} -+#else -+void timer_setup() -+{ -+} -+ -+time_t atd_gettime() -+{ -+ return time(NULL); -+} -+ -+void atd_setalarm(time_t next) -+{ -+ sleep(next - atd_gettime()); -+} -+#endif - /* Global functions */ - - int -@@ -835,7 +883,6 @@ - struct sigaction act; - struct passwd *pwe; - struct group *ge; -- - #ifdef WITH_SELINUX - selinux_enabled=is_selinux_enabled(); - #endif -@@ -912,7 +959,7 @@ - sigaction(SIGCHLD, &act, NULL); - - if (!run_as_daemon) { -- now = time(NULL); -+ now = atd_gettime(); - run_loop(); - exit(EXIT_SUCCESS); - } -@@ -935,13 +982,15 @@ - act.sa_handler = set_term; - sigaction(SIGINT, &act, NULL); - -+ timer_setup(); -+ - daemon_setup(); - - do { -- now = time(NULL); -+ now = atd_gettime(); - next_invocation = run_loop(); - if (next_invocation > now) { -- sleep(next_invocation - now); -+ atd_setalarm(next_invocation); - } - } while (!term_signal); - daemon_cleanup(); -diff -ur -x configure at-3.1.13.orig/config.h.in at-3.1.13/config.h.in ---- at-3.1.13.orig/config.h.in 2011-11-16 11:30:22.424764253 -0500 -+++ at-3.1.13/config.h.in 2011-11-16 16:32:44.485426754 -0500 -@@ -38,6 +38,9 @@ - /* Define to 1 if you have the `getloadavg' function. */ - #undef HAVE_GETLOADAVG - -+/* Define to 1 if you have the `clock_gettime' function. */ -+#undef HAVE_TIMER_CREATE -+ - /* Define to 1 if you have the header file. */ - #undef HAVE_GETOPT_H - -diff -ur -x configure at-3.1.13.orig/configure.ac at-3.1.13/configure.ac ---- at-3.1.13.orig/configure.ac 2011-11-16 11:30:22.425764254 -0500 -+++ at-3.1.13/configure.ac 2011-11-16 16:31:29.791561747 -0500 -@@ -274,5 +274,9 @@ - AC_SUBST(SELINUXLIB) - AC_SUBST(WITH_SELINUX) - -+dnl check for POSIX timer functions -+AC_SEARCH_LIBS([timer_create],[rt]) -+AC_CHECK_FUNCS([timer_create]) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch) - AC_OUTPUT diff --git a/at-3.1.12-fix_no_export.patch b/at-3.1.14-fix_no_export.patch similarity index 50% rename from at-3.1.12-fix_no_export.patch rename to at-3.1.14-fix_no_export.patch index 60e093a..096eed7 100644 --- a/at-3.1.12-fix_no_export.patch +++ b/at-3.1.14-fix_no_export.patch @@ -1,13 +1,13 @@ -diff -up at-3.1.12/at.c.noexport at-3.1.12/at.c ---- at-3.1.12/at.c.noexport 2011-06-10 14:21:04.000000000 +0200 -+++ at-3.1.12/at.c 2011-06-10 14:22:54.247712577 +0200 -@@ -391,8 +391,9 @@ writefile(time_t runtimer, char queue) +diff -up at-3.1.14/at.c.export at-3.1.14/at.c +--- at-3.1.14/at.c.export 2013-10-07 14:53:59.980521240 +0200 ++++ at-3.1.14/at.c 2013-10-07 14:54:35.722560527 +0200 +@@ -388,8 +388,9 @@ writefile(time_t runtimer, char queue) unsigned int i; for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) { export = export - && (strncmp(*atenv, no_export[i], - (size_t) (eqp - *atenv)) != 0); -+ && ((((size_t) (eqp - *atenv)) != strlen(no_export[i])) ++ && ((((size_t) (eqp - *atenv)) != strlen(no_export[i])) + ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0) + ); } diff --git a/at-3.1.14-opt_V.patch b/at-3.1.14-opt_V.patch new file mode 100644 index 0000000..c9c2106 --- /dev/null +++ b/at-3.1.14-opt_V.patch @@ -0,0 +1,17 @@ +diff -up at-3.1.14/at.c.opt at-3.1.14/at.c +--- at-3.1.14/at.c.opt 2013-09-26 16:54:29.920476315 +0200 ++++ at-3.1.14/at.c 2013-09-26 16:55:06.301562646 +0200 +@@ -842,10 +842,9 @@ main(int argc, char **argv) + */ + + if (disp_version) { +- fprintf(stderr, "at version " VERSION "\n" +- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n" +- "or contact the maintainers (at@packages.debian.org).\n"); +- exit(EXIT_SUCCESS); ++ fprintf(stderr, "at version " VERSION "\n"); ++ if (argc == 2) ++ exit(EXIT_SUCCESS); + } + + /* select our program diff --git a/at-3.1.16-clear-nonjobs.patch b/at-3.1.16-clear-nonjobs.patch new file mode 100644 index 0000000..05fc2c2 --- /dev/null +++ b/at-3.1.16-clear-nonjobs.patch @@ -0,0 +1,42 @@ +diff -up at-3.1.16/atd.c.clear-nonjobs at-3.1.16/atd.c +--- at-3.1.16/atd.c.clear-nonjobs 2014-12-11 10:32:24.000000000 +0100 ++++ at-3.1.16/atd.c 2015-09-09 11:40:22.544679351 +0200 +@@ -414,10 +414,22 @@ run_file(const char *filename, uid_t uid + sprintf(fmt, "#!/bin/sh\n# atrun uid=%%d gid=%%d\n# mail %%%ds %%d", + mailsize ); + ++ /* Unlink the file unless there was an error reading it (perhaps ++ * temporary). ++ * If the file has a bogus format there is no reason in trying ++ * to run it again and again. ++ */ + if (fscanf(stream, fmt, +- &nuid, &ngid, mailname, &send_mail) != 4) +- pabort("File %.500s is in wrong format - aborting", +- filename); ++ &nuid, &ngid, mailname, &send_mail) != 4) { ++ if (ferror(stream)) ++ perr("Error reading the job file"); ++ ++ unlink(filename); ++ pabort("File %.500s is in wrong format - aborting", ++ filename); ++ } ++ ++ unlink(filename); + + if (mailname[0] == '-') + pabort("illegal mail name %.300s in job %8lu (%.300s)", mailname, +@@ -427,12 +439,6 @@ run_file(const char *filename, uid_t uid + pabort("Job %8lu (%.500s) - userid %d does not match file uid %d", + jobno, filename, nuid, uid); + +- /* We are now committed to executing this script. Unlink the +- * original. +- */ +- +- unlink(filename); +- + fclose(stream); + if (chdir(ATSPOOL_DIR) < 0) + perr("Cannot chdir to " ATSPOOL_DIR); diff --git a/at-3.1.16-fclose-error.patch b/at-3.1.16-fclose-error.patch new file mode 100644 index 0000000..5006d68 --- /dev/null +++ b/at-3.1.16-fclose-error.patch @@ -0,0 +1,26 @@ +diff -up at-3.1.16/at.c.fclose at-3.1.16/at.c +--- at-3.1.16/at.c.fclose 2014-11-06 16:11:28.000000000 +0100 ++++ at-3.1.16/at.c 2014-11-24 15:30:12.704502966 +0100 +@@ -209,7 +209,11 @@ nextjob() + jobno = (1 + jobno) % 0xfffff; /* 2^20 jobs enough? */ + fprintf(fid, "%05lx\n", jobno); + +- fclose(fid); ++ if (ferror(fid)) ++ jobno = EOF; ++ ++ if (fclose(fid) != 0) ++ jobno = EOF; + return jobno; + } + +@@ -494,7 +498,8 @@ writefile(time_t runtimer, char queue) + if (ferror(stdin)) + panic("Input error"); + +- fclose(fp); ++ if (fclose(fp) != 0) ++ panic("Output error"); + + /* Set the x bit so that we're ready to start executing + */ diff --git a/at-3.1.20-log-jobs.patch b/at-3.1.20-log-jobs.patch new file mode 100644 index 0000000..44cc7d3 --- /dev/null +++ b/at-3.1.20-log-jobs.patch @@ -0,0 +1,14 @@ +diff -up at-3.1.20/atd.c.log-jobs at-3.1.20/atd.c +--- at-3.1.20/atd.c.log-jobs 2018-05-23 15:09:35.158362293 +0200 ++++ at-3.1.20/atd.c 2018-05-23 15:18:39.153965582 +0200 +@@ -376,6 +376,10 @@ run_file(const char *filename, uid_t uid + pabort("Userid %lu not found - aborting job %8lu (%.500s)", + (unsigned long) uid, jobno, filename); + } ++ ++ syslog(LOG_INFO, "Starting job %lu (%.500s) for user '%s' (%lu)", ++ jobno, filename, pentry->pw_name, (unsigned long) uid); ++ + PRIV_START + + stream = fopen(filename, "r"); diff --git a/at-3.1.23-document-n.patch b/at-3.1.23-document-n.patch new file mode 100644 index 0000000..39e77e4 --- /dev/null +++ b/at-3.1.23-document-n.patch @@ -0,0 +1,23 @@ +diff -up at-3.1.23/atd.8.in.document-n at-3.1.23/atd.8.in +--- at-3.1.23/atd.8.in.document-n 2018-08-27 14:49:09.824182482 +0200 ++++ at-3.1.23/atd.8.in 2018-08-27 14:50:34.625518639 +0200 +@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi + .IR batch_interval ] + .RB [ \-d ] + .RB [ \-f ] ++.RB [ \-n ] + .RB [ \-s ] + .SH DESCRIPTION + .B atd +@@ -44,6 +45,11 @@ in the foreground. + Process the at/batch queue only once. + This is primarily of use for compatibility with old versions of + .BR at ; ++.TP ++.B \-n ++Append the hostname of the system to the subject of the e-mails sent by ++.BR atd . ++.TP 8 + .B "atd \-s" + is equivalent to the old + .B atrun diff --git a/at-3.2.2-lock-locks.patch b/at-3.2.2-lock-locks.patch new file mode 100644 index 0000000..5b97d34 --- /dev/null +++ b/at-3.2.2-lock-locks.patch @@ -0,0 +1,108 @@ +diff -ur b/atd.c a/atd.c +--- b/atd.c 2021-04-25 03:31:30.000000000 +0200 ++++ a/atd.c 2021-05-21 13:00:45.135020670 +0200 +@@ -74,6 +74,9 @@ + #include + #endif + ++#include ++#include ++ + /* Local headers */ + + #include "privs.h" +@@ -275,7 +278,7 @@ + * mail to the user. + */ + pid_t pid; +- int fd_out, fd_in; ++ int fd_out, fd_in, fd_std; + char jobbuf[9]; + char *mailname = NULL; + size_t mailsize = 128; +@@ -390,6 +393,10 @@ + + fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); + ++ if (flock(fd_in, LOCK_EX | LOCK_NB) != 0) ++ perr("Somebody already locked the job %8lu (%.500s) - " ++ "aborting", jobno, filename); ++ + /* + * If the spool directory is mounted via NFS `atd' isn't able to + * read from the job file and will bump out here. The file is +@@ -520,10 +527,7 @@ + PRIV_END + } + /* We're the parent. Let's wait. +- */ +- close(fd_in); +- +- /* We inherited the master's SIGCHLD handler, which does a ++ We inherited the master's SIGCHLD handler, which does a + non-blocking waitpid. So this blocking one will eventually + return with an ECHILD error. + */ +@@ -548,14 +552,14 @@ + /* some sendmail implementations are confused if stdout, stderr are + * not available, so let them point to /dev/null + */ +- if ((fd_in = open("/dev/null", O_WRONLY)) < 0) ++ if ((fd_std = open("/dev/null", O_WRONLY)) < 0) + perr("Could not open /dev/null."); +- if (dup2(fd_in, STDOUT_FILENO) < 0) ++ if (dup2(fd_std, STDOUT_FILENO) < 0) + perr("Could not use /dev/null as standard output."); +- if (dup2(fd_in, STDERR_FILENO) < 0) ++ if (dup2(fd_std, STDERR_FILENO) < 0) + perr("Could not use /dev/null as standard error."); +- if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO) +- close(fd_in); ++ if (fd_std != STDOUT_FILENO && fd_std != STDERR_FILENO) ++ close(fd_std); + + if (unlink(filename) == -1) + syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s", +@@ -563,7 +567,12 @@ + + /* The job is now finished. We can delete its input file. + */ +- chdir(ATJOB_DIR); ++ if (chdir(ATJOB_DIR) != 0) ++ perr("Somebody removed %s directory from under us.", ATJOB_DIR); ++ ++ /* This also removes the flock */ ++ (void)close(fd_in); ++ + unlink(newname); + free(newname); + +@@ -673,16 +682,18 @@ + + /* Skip lock files */ + if (queue == '=') { +- /* FIXME: calhariz */ +- /* I think the following code is broken, but commenting it +- may cause unknow side effects. Make a release and see +- in the wild how it works. For more information see: +- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818508 */ +- +- /* if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { */ +- /* /\* Remove stale lockfile FIXME: lock the lockfile, if you fail, it's still in use. *\/ */ +- /* unlink(dirent->d_name); */ +- /* } */ ++ if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { ++ int fd; ++ ++ fd = open(dirent->d_name, O_RDONLY); ++ if (fd != -1) { ++ if (flock(fd, LOCK_EX | LOCK_NB) == 0) { ++ unlink(dirent->d_name); ++ syslog(LOG_NOTICE, "removing stale lock file %s\n", dirent->d_name); ++ } ++ (void)close(fd); ++ } ++ } + continue; + } + /* Skip any other file types which may have been invented in diff --git a/at-3.2.2-shell.patch b/at-3.2.2-shell.patch new file mode 100644 index 0000000..9e383b8 --- /dev/null +++ b/at-3.2.2-shell.patch @@ -0,0 +1,48 @@ +diff -ur b/at.c a/at.c +--- b/at.c 2021-04-25 03:31:30.000000000 +0200 ++++ a/at.c 2021-05-21 12:51:48.123335137 +0200 +@@ -62,11 +62,8 @@ + #include + #include + +-#ifdef TM_IN_SYS_TIME + #include +-#else + #include +-#endif + + #ifdef HAVE_UNISTD_H + #include +@@ -245,6 +242,12 @@ + int kill_errno; + int rc; + int mailsize = 128; ++ struct timeval tv; ++ struct timezone tz; ++ long int i; ++ ++ gettimeofday(&tv, &tz); ++ srandom(getpid()+tv.tv_usec); + + /* Install the signal handler for SIGINT; terminate after removing the + * spool file if necessary +@@ -492,6 +495,9 @@ + fprintf(fp, " || {\n\t echo 'Execution directory " + "inaccessible' >&2\n\t exit 1\n}\n"); + ++ i = random(); ++ fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i); ++ + istty = isatty(fileno(stdin)); + if (istty) { + runtime = localtime(&runtimer); +@@ -512,7 +518,7 @@ + if (istty) { + fprintf(stderr, "\n"); + } +- fprintf(fp, "\n"); ++ fprintf(fp, "\nmarcinDELIMITER%08lx\n", i); + if (ferror(fp)) + panic("Output error"); + fflush(fp); +Only in a: .vscode diff --git a/at-3.2.5-aborted-jobs.patch b/at-3.2.5-aborted-jobs.patch new file mode 100644 index 0000000..568ef4b --- /dev/null +++ b/at-3.2.5-aborted-jobs.patch @@ -0,0 +1,22 @@ +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 15:55:28.745663105 +0100 ++++ a/atd.c 2022-02-22 16:07:26.416578085 +0100 +@@ -722,12 +722,18 @@ + /* Is the file already locked? + */ + if (buf.st_nlink > 1) { ++ if (run_time < buf.st_mtime) ++ run_time = buf.st_mtime; + if (run_time + CHECK_INTERVAL <= now) { + + /* Something went wrong the last time this was executed. + * Let's remove the lockfile and reschedule. ++ * We also change the timestamp to avoid rerunning the job more ++ * than once every CHECK_INTERVAL. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ if (utime(lock_name, 0) < 0) ++ syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name); + lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; + unlink(lock_name); diff --git a/at-3.2.5-address-sast.patch b/at-3.2.5-address-sast.patch new file mode 100644 index 0000000..ecf981c --- /dev/null +++ b/at-3.2.5-address-sast.patch @@ -0,0 +1,57 @@ +From 43e8b5b5dd72bb9a80679dec8c15a24f00888a53 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= +Date: Wed, 26 Jun 2024 16:59:31 +0200 +Subject: [PATCH] Address issues from static analyzer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- Tweak types in run_file() to prevent overflow +- Initialize all members of of struct tm in posix_time_parse(). + +The static analyzer findings: https://issues.redhat.com/browse/RHEL-44999 + +Signed-off-by: Jan Staněk +--- + atd.c | 4 ++-- + posixtm.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/atd.c b/atd.c +index 64fdd83..3908de3 100644 +--- a/atd.c ++++ b/atd.c +@@ -279,7 +279,7 @@ run_file(const char *filename, uid_t uid, gid_t gid) + int fd_out, fd_in; + char jobbuf[9]; + char *mailname = NULL; +- int mailsize = 128; ++ size_t mailsize = 128; + char *newname; + FILE *stream; + int send_mail = 0; +@@ -292,7 +292,7 @@ run_file(const char *filename, uid_t uid, gid_t gid) + char queue; + char fmt[64]; + unsigned long jobno; +- int rc; ++ long rc; + #ifdef HAVE_PAM + int retcode; + #endif +diff --git a/posixtm.c b/posixtm.c +index cf4ec09..06b22fa 100644 +--- a/posixtm.c ++++ b/posixtm.c +@@ -188,7 +188,7 @@ posix_time_parse (struct tm *tm, const char *s, unsigned int syntax_bits) + bool + posixtime (time_t *p, const char *s, unsigned int syntax_bits) + { +- struct tm tm0; ++ struct tm tm0 = {0}; + struct tm tm1; + struct tm const *tm; + time_t t; +-- +GitLab + diff --git a/at-3.1.13-mailwithhostname.patch b/at-3.2.5-mailwithhostname.patch similarity index 67% rename from at-3.1.13-mailwithhostname.patch rename to at-3.2.5-mailwithhostname.patch index a3e5933..a601db4 100644 --- a/at-3.1.13-mailwithhostname.patch +++ b/at-3.2.5-mailwithhostname.patch @@ -1,7 +1,7 @@ -diff -up at-3.1.13/atd.c.hostname at-3.1.13/atd.c ---- at-3.1.13/atd.c.hostname 2012-01-12 18:19:36.000000000 +0100 -+++ at-3.1.13/atd.c 2012-01-12 18:52:34.000000000 +0100 -@@ -99,6 +99,10 @@ int selinux_enabled=0; +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 15:21:06.649147600 +0100 ++++ a/atd.c 2022-02-22 15:49:13.640184845 +0100 +@@ -98,6 +98,10 @@ #define BATCH_INTERVAL_DEFAULT 60 #define CHECK_INTERVAL 3600 @@ -12,35 +12,35 @@ diff -up at-3.1.13/atd.c.hostname at-3.1.13/atd.c /* Global variables */ uid_t real_uid, effective_uid; -@@ -116,6 +120,7 @@ static time_t last_chg; - static int nothing_to_do; +@@ -115,6 +119,7 @@ + static int nothing_to_do = 0; unsigned int batch_interval; static int run_as_daemon = 0; +static int mail_with_hostname = 0; + static int hupped = 0; static volatile sig_atomic_t term_signal = 0; - -@@ -297,6 +302,7 @@ run_file(const char *filename, uid_t uid +@@ -301,6 +306,7 @@ char fmt[64]; unsigned long jobno; - int rc; + long rc; + char hostbuf[MAXHOSTNAMELEN]; #ifdef WITH_PAM int retcode; #endif -@@ -451,6 +457,11 @@ run_file(const char *filename, uid_t uid +@@ -455,6 +461,11 @@ write_string(fd_out, "Subject: Output from your job "); write_string(fd_out, jobbuf); + if (mail_with_hostname > 0) { -+ gethostname(hostbuf, MAXHOSTNAMELEN-1); ++ gethostname(hostbuf, MAXHOSTNAMELEN-1); + write_string(fd_out, " "); + write_string(fd_out, hostbuf); + } write_string(fd_out, "\nTo: "); write_string(fd_out, mailname); write_string(fd_out, "\n\n"); -@@ -910,7 +921,7 @@ main(int argc, char *argv[]) +@@ -905,7 +916,7 @@ run_as_daemon = 1; batch_interval = BATCH_INTERVAL_DEFAULT; @@ -49,7 +49,7 @@ diff -up at-3.1.13/atd.c.hostname at-3.1.13/atd.c switch (c) { case 'l': if (sscanf(optarg, "%lf", &load_avg) != 1) -@@ -932,6 +943,10 @@ main(int argc, char *argv[]) +@@ -927,6 +938,10 @@ daemon_foreground++; break; diff --git a/at-3.2.5-make.patch b/at-3.2.5-make.patch new file mode 100644 index 0000000..e8ebcc2 --- /dev/null +++ b/at-3.2.5-make.patch @@ -0,0 +1,86 @@ +diff -ur b/Makefile.in a/Makefile.in +--- b/Makefile.in 2022-02-05 11:00:57.000000000 +0100 ++++ a/Makefile.in 2022-03-08 16:05:28.088069816 +0100 +@@ -76,13 +76,13 @@ + all: at atd atd.service atrun + + at: $(ATOBJECTS) +- $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm + + atd: $(RUNOBJECTS) +- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) ++ $(CC) $(LDFLAGS) -pie -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) + + y.tab.c y.tab.h: parsetime.y + $(YACC) -d parsetime.y +@@ -99,40 +99,43 @@ + configure + + .c.o: +- $(CC) -c $(CFLAGS) $(DEFS) $*.c ++ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c + + install: all +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(etcdir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(bindir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(atdatadir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(docdir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(atdocdir) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(DESTDIR)$(ATSPOOL_DIR) $(DESTDIR)$(ATJOB_DIR) +- chmod 1770 $(DESTDIR)$(ATSPOOL_DIR) $(DESTDIR)$(ATJOB_DIR) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(etcdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(atdatadir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(docdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(atdocdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(etcdir)/pam.d/ ++ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(DESTDIR)$(ATSPOOL_DIR) ++ chmod 700 $(DESTDIR)$(ATJOB_DIR) $(DESTDIR)$(ATSPOOL_DIR) ++ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(DESTDIR)$(ATJOB_DIR) $(DESTDIR)$(ATSPOOL_DIR) + touch $(DESTDIR)$(LFILE) + chmod 600 $(DESTDIR)$(LFILE) + chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(DESTDIR)$(LFILE) +- test -f $(DESTDIR)$(etcdir)/at.allow || test -f $(DESTDIR)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(DESTDIR)$(etcdir)/ +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(DESTDIR)$(bindir) ++ test -f $(DESTDIR)$(etcdir)/at.allow || test -f $(DESTDIR)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(DESTDIR)$(etcdir)/ ++ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(DESTDIR)$(etcdir)/pam.d/atd ++ $(INSTALL) -m 4755 at $(DESTDIR)$(bindir) + $(LN_S) -f at $(DESTDIR)$(bindir)/atq + $(LN_S) -f at $(DESTDIR)$(bindir)/atrm +- $(INSTALL) -g root -o root -m 755 batch $(DESTDIR)$(bindir) +- $(INSTALL) -g root -o root -m 755 batch-job $(DESTDIR)$(atdatadir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man1dir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man5dir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man8dir) +- $(INSTALL) -g root -o root -m 755 atd $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atrun $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 644 at.1 $(DESTDIR)$(man1dir)/ ++ $(INSTALL) -m 755 batch $(DESTDIR)$(bindir) ++ $(INSTALL) -m 755 batch-job $(DESTDIR)$(atdatadir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man5dir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man8dir) ++ $(INSTALL) -m 755 atd $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 755 atrun $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 644 at.1 $(DESTDIR)$(man1dir)/ + cd $(DESTDIR)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 +- $(INSTALL) -g root -o root -m 644 atd.8 $(DESTDIR)$(man8dir)/ ++ $(INSTALL) -m 644 atd.8 $(DESTDIR)$(man8dir)/ + sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman +- $(INSTALL) -g root -o root -m 644 tmpman $(DESTDIR)$(man8dir)/atrun.8 ++ $(INSTALL) -m 644 tmpman $(DESTDIR)$(man8dir)/atrun.8 + rm -f tmpman +- $(INSTALL) -g root -o root -m 644 at.allow.5 $(DESTDIR)$(man5dir)/ ++ $(INSTALL) -m 644 at.allow.5 $(DESTDIR)$(man5dir)/ + cd $(DESTDIR)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 +- $(INSTALL) -g root -o root -m 644 $(DOCS) $(DESTDIR)$(atdocdir) ++ $(INSTALL) -m 644 $(DOCS) $(DESTDIR)$(atdocdir) + rm -f $(DESTDIR)$(mandir)/cat1/at.1* $(DESTDIR)$(mandir)/cat1/batch.1* \ + $(DESTDIR)$(mandir)/cat1/atq.1* + rm -f $(DESTDIR)$(mandir)/cat1/atd.8* diff --git a/at-3.2.5-nitpicks.patch b/at-3.2.5-nitpicks.patch new file mode 100644 index 0000000..3765552 --- /dev/null +++ b/at-3.2.5-nitpicks.patch @@ -0,0 +1,80 @@ +diff -ur b/at.1.in a/at.1.in +--- b/at.1.in 2022-01-29 17:42:19.000000000 +0100 ++++ a/at.1.in 2022-02-22 15:19:47.598996428 +0100 +@@ -226,7 +226,7 @@ + .BR batch . + Queues with higher letters run with increased niceness. The special + queue "=" is reserved for jobs which are currently running. +-.P ++ + If a job is submitted to a queue designated with an uppercase letter, the + job is treated as if it were submitted to batch at the time of the job. + Once the time is reached, the batch processing rules with respect to load +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 15:14:02.736336912 +0100 ++++ a/atd.c 2022-02-22 15:19:02.163909540 +0100 +@@ -197,6 +197,18 @@ + + #define fork myfork + #endif ++#undef ATD_MAIL_PROGRAM ++#undef ATD_MAIL_NAME ++#if defined(SENDMAIL) ++#define ATD_MAIL_PROGRAM SENDMAIL ++#define ATD_MAIL_NAME "sendmail" ++#elif defined(MAILC) ++#define ATD_MAIL_PROGRAM MAILC ++#define ATD_MAIL_NAME "mail" ++#elif defined(MAILX) ++#define ATD_MAIL_PROGRAM MAILX ++#define ATD_MAIL_NAME "mailx" ++#endif + + #ifdef WITH_SELINUX + static int +@@ -340,6 +352,9 @@ + free(newname); + return; + } ++ ++ (void) setsid(); /* own session for process */ ++ + /* Let's see who we mail to. Hopefully, we can read it from + * the command file; if not, send it to the owner, or, failing that, + * to root. +@@ -508,6 +523,9 @@ + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir("/"); + + execle("/bin/sh", "sh", (char *) NULL, nenvp); +@@ -573,6 +591,9 @@ + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir ("/"); + + #if defined(SENDMAIL) +@@ -707,6 +728,7 @@ + * Let's remove the lockfile and reschedule. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; + unlink(lock_name); + next_job = now; +@@ -741,6 +763,7 @@ + run_batch++; + if (strcmp(batch_name, dirent->d_name) > 0) { + strncpy(batch_name, dirent->d_name, sizeof(batch_name)); ++ batch_name[sizeof(batch_name)-1] = '\0'; + batch_uid = buf.st_uid; + batch_gid = buf.st_gid; + batch_queue = queue; diff --git a/at-3.2.5-noabort.patch b/at-3.2.5-noabort.patch new file mode 100644 index 0000000..2d72301 --- /dev/null +++ b/at-3.2.5-noabort.patch @@ -0,0 +1,44 @@ +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 16:09:15.683717386 +0100 ++++ a/atd.c 2022-02-22 16:12:48.992989327 +0100 +@@ -344,9 +344,12 @@ + */ + + pid = fork(); +- if (pid == -1) +- perr("Cannot fork"); +- ++ if (pid == -1) { ++ lerr("Cannot fork for job execution"); ++ free(mailname); ++ free(newname); ++ return; ++ } + else if (pid != 0) { + free(mailname); + free(newname); +@@ -659,16 +662,20 @@ + * up. + */ + +- if (stat(".", &buf) == -1) +- perr("Cannot stat " ATJOB_DIR); ++ if (stat(".", &buf) == -1) { ++ lerr("Cannot stat " ATJOB_DIR); ++ return next_job; ++ } + + if (nothing_to_do && buf.st_mtime == last_chg) + return next_job; + last_chg = buf.st_mtime; + + hupped = 0; +- if ((spool = opendir(".")) == NULL) +- perr("Cannot read " ATJOB_DIR); ++ if ((spool = opendir(".")) == NULL) { ++ lerr("Cannot read " ATJOB_DIR); ++ return next_job; ++ } + + run_batch = 0; + nothing_to_do = 1; diff --git a/at-3.1.13-pam.patch b/at-3.2.5-pam.patch similarity index 72% rename from at-3.1.13-pam.patch rename to at-3.2.5-pam.patch index 0bb3116..eba2f84 100644 --- a/at-3.1.13-pam.patch +++ b/at-3.2.5-pam.patch @@ -1,7 +1,7 @@ -diff -up at-3.1.13/at.c.pam at-3.1.13/at.c ---- at-3.1.13/at.c.pam 2012-04-19 16:50:57.491000001 +0200 -+++ at-3.1.13/at.c 2012-04-19 16:50:57.505000001 +0200 -@@ -141,18 +141,13 @@ sigc(int signo) +diff -ur b/at.c a/at.c +--- b/at.c 2022-01-29 17:42:19.000000000 +0100 ++++ a/at.c 2022-02-23 18:42:45.941757090 +0100 +@@ -155,18 +155,12 @@ /* If the user presses ^C, remove the spool file and exit */ if (fcreated) { @@ -16,20 +16,19 @@ diff -up at-3.1.13/at.c.pam at-3.1.13/at.c - unlink(atfile); - setregid(effective_gid, real_gid); - /* -+ unlink(atfile); PRIV_END - */ } exit(EXIT_FAILURE); } -@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue) +@@ -326,26 +320,19 @@ * bit. Yes, this is a kluge. */ cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); - seteuid(real_uid); + if ((seteuid(effective_uid)) < 0) + perr("Error in seteuid: %s", errno); - if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) + if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY | O_SYNC, S_IRUSR)) == -1) perr("Cannot create atjob file %.500s", atfile); - seteuid(effective_uid); @@ -52,7 +51,7 @@ diff -up at-3.1.13/at.c.pam at-3.1.13/at.c /* We've successfully created the file; let's set the flag so it * gets removed in case of an interrupt or error. */ -@@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int +@@ -733,7 +720,7 @@ We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ @@ -61,7 +60,7 @@ diff -up at-3.1.13/at.c.pam at-3.1.13/at.c if (queue == '=') { fprintf(stderr, "Warning: deleting running job\n"); -@@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int +@@ -742,8 +729,8 @@ perr("Cannot unlink %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -71,7 +70,7 @@ diff -up at-3.1.13/at.c.pam at-3.1.13/at.c done = 1; break; -@@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int +@@ -753,7 +740,7 @@ FILE *fp; int ch; @@ -80,7 +79,7 @@ diff -up at-3.1.13/at.c.pam at-3.1.13/at.c fp = fopen(dirent->d_name, "r"); if (fp) { -@@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int +@@ -768,7 +755,7 @@ perr("Cannot open %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -89,10 +88,21 @@ diff -up at-3.1.13/at.c.pam at-3.1.13/at.c } break; -diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c ---- at-3.1.13/atd.c.pam 2012-04-19 16:50:57.498000001 +0200 -+++ at-3.1.13/atd.c 2012-04-19 16:52:37.209000138 +0200 -@@ -111,7 +111,7 @@ static int run_as_daemon = 0; +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-01-29 17:42:19.000000000 +0100 ++++ a/atd.c 2022-02-23 18:50:53.743511813 +0100 +@@ -91,6 +91,10 @@ + + /* Macros */ + ++#ifndef LOG_ATD ++#define LOG_ATD LOG_DAEMON ++#endif ++ + #define BATCH_INTERVAL_DEFAULT 60 + #define CHECK_INTERVAL 3600 + +@@ -115,7 +119,7 @@ static volatile sig_atomic_t term_signal = 0; @@ -101,7 +111,7 @@ diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c #include static pam_handle_t *pamh = NULL; -@@ -120,15 +120,7 @@ static const struct pam_conv conv = { +@@ -124,15 +128,7 @@ NULL }; @@ -118,16 +128,16 @@ diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c /* Signal handlers */ RETSIGTYPE -@@ -235,7 +227,7 @@ run_file(const char *filename, uid_t uid +@@ -293,7 +289,7 @@ char fmt[64]; unsigned long jobno; - int rc; + long rc; -#ifdef HAVE_PAM +#ifdef WITH_PAM int retcode; #endif -@@ -395,17 +387,11 @@ run_file(const char *filename, uid_t uid +@@ -450,17 +446,11 @@ fstat(fd_out, &buf); size = buf.st_size; @@ -150,12 +160,12 @@ diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c #endif close(STDIN_FILENO); -@@ -419,7 +405,14 @@ run_file(const char *filename, uid_t uid - else if (pid == 0) { +@@ -475,6 +465,14 @@ char *nul = NULL; char **nenvp = &nul; -+ char **pam_envp=0L; ++ char **pam_envp=0L; ++ + PRIV_START +#ifdef WITH_PAM + pam_envp = pam_getenvlist(pamh); @@ -165,34 +175,28 @@ diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. */ -@@ -438,8 +431,6 @@ run_file(const char *filename, uid_t uid +@@ -493,7 +491,6 @@ close(fd_in); close(fd_out); - PRIV_START -- - nice((tolower((int) queue) - 'a' + 1) * 2); - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -458,7 +449,16 @@ run_file(const char *filename, uid_t uid + nice((tolower((int) queue) - 'a') * 2); - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); +@@ -515,9 +512,9 @@ + + chdir("/"); + +- if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) +- perr("Exec failed for /bin/sh"); - -+#ifdef WITH_PAM -+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) -+ { -+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) -+ free(*nenvp); -+ free( pam_envp ); -+ nenvp = &nul; -+ pam_envp=0L; -+ } -+#endif ++ execle("/bin/sh", "sh", (char *) NULL, nenvp); ++ perr("Exec failed for /bin/sh"); ++ /* perr exits, the PRIV_END is just for nice form */ PRIV_END } /* We're the parent. Let's wait. -@@ -471,14 +471,6 @@ run_file(const char *filename, uid_t uid +@@ -530,14 +527,6 @@ */ waitpid(pid, (int *) NULL, 0); @@ -207,53 +211,45 @@ diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ -@@ -509,8 +501,20 @@ run_file(const char *filename, uid_t uid +@@ -568,8 +557,13 @@ unlink(newname); free(newname); +#ifdef ATD_MAIL_PROGRAM if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { + int mail_pid = -1; -+#ifdef WITH_PAM -+ AT_START_PAM; -+ AT_OPEN_PAM_SESSION; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif -+ -+ mail_pid = fork(); -+ if ( mail_pid == 0 ) -+ { ++ mail_pid = fork(); ++ ++ if ( mail_pid == 0 ) { PRIV_START if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -535,7 +539,21 @@ run_file(const char *filename, uid_t uid +@@ -591,7 +585,20 @@ perr("Exec failed for mail command"); PRIV_END -+ } -+ else if ( mail_pid == -1 ) { -+ perr("fork of mailer failed"); -+ } -+ else { -+ /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); -+ } -+#ifdef WITH_PAM -+ AT_CLOSE_PAM; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif ++ } ++ else if ( mail_pid == -1 ) { ++ syslog(LOG_ERR, "fork of mailer failed: %m"); ++ } ++ /* Parent */ ++ waitpid(mail_pid, (int *) NULL, 0); } ++ ++#ifdef WITH_PAM ++ AT_CLOSE_PAM; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif +#endif exit(EXIT_SUCCESS); } -diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in ---- at-3.1.13/config.h.in.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/config.h.in 2012-04-19 16:50:57.506000001 +0200 -@@ -68,8 +68,8 @@ +diff -ur b/config.h.in a/config.h.in +--- b/config.h.in 2022-01-29 17:42:19.000000000 +0100 ++++ a/config.h.in 2022-02-23 18:51:31.467570176 +0100 +@@ -74,8 +74,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NLIST_H @@ -264,10 +260,10 @@ diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in /* Define to 1 if you have the `pstat_getdynamic' function. */ #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac ---- at-3.1.13/configure.ac.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/configure.ac 2012-04-19 16:50:57.506000001 +0200 -@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG +diff -ur b/configure.ac a/configure.ac +--- b/configure.ac 2022-01-29 17:42:19.000000000 +0100 ++++ a/configure.ac 2022-02-23 18:53:08.516720324 +0100 +@@ -97,7 +97,7 @@ AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_HEADERS(security/pam_appl.h, [ PAMLIB="-lpam" @@ -276,7 +272,7 @@ diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac ]) dnl Checking for programs -@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username, +@@ -260,6 +260,13 @@ ) AC_SUBST(DAEMON_USERNAME) @@ -287,12 +283,24 @@ diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac +AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') +AC_SUBST(PAMLIB) + - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], -diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c ---- at-3.1.13/perm.c.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/perm.c 2012-04-19 16:53:09.192001742 +0200 + AC_ARG_WITH(selinux, + [ --with-selinux Define to run with selinux (default=check)], + [], +diff -ur b/Makefile.in a/Makefile.in +--- b/Makefile.in 2022-02-23 18:33:26.999892289 +0100 ++++ a/Makefile.in 2022-02-23 18:53:28.600751396 +0100 +@@ -76,7 +76,7 @@ + all: at atd atd.service atrun + + at: $(ATOBJECTS) +- $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) $(PAMLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm +diff -ur b/perm.c a/perm.c +--- b/perm.c 2022-01-29 17:42:19.000000000 +0100 ++++ a/perm.c 2022-02-23 18:56:21.401018761 +0100 @@ -51,6 +51,14 @@ #define PRIV_END while(0) #endif @@ -308,7 +316,7 @@ diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c /* Structures and unions */ -@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha +@@ -108,18 +116,45 @@ int check_permission() { @@ -357,10 +365,10 @@ diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); if (allow==0 || allow==1) return allow; -diff -up at-3.1.13/privs.h.pam at-3.1.13/privs.h ---- at-3.1.13/privs.h.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/privs.h 2012-04-19 16:53:46.296016675 +0200 -@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da +diff -ur b/privs.h a/privs.h +--- b/privs.h 2022-01-29 17:42:19.000000000 +0100 ++++ a/privs.h 2022-02-23 18:58:20.920203690 +0100 +@@ -144,3 +144,62 @@ #error "Cannot implement user ID swapping without setreuid or setresuid" #endif #endif @@ -423,4 +431,3 @@ diff -up at-3.1.13/privs.h.pam at-3.1.13/privs.h +} + +#endif -+ diff --git a/at-3.2.5-past-date.patch b/at-3.2.5-past-date.patch new file mode 100644 index 0000000..6344c40 --- /dev/null +++ b/at-3.2.5-past-date.patch @@ -0,0 +1,33 @@ +From 6c131df8c85cb2761faf551f8f9db179e216fc09 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Wed, 25 Jun 2025 14:35:31 +0200 +Subject: [PATCH] Reject past dates when using -t option + +-t option was missing validation to reject past dates, unlike the +regular time parsing. + +Add the same past date validation used by parsetime() to the posixtime() +code path to ensure consistent behavior when parsing time. +--- + at.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/at.c b/at.c +index 8d0feaa..3fb0582 100644 +--- a/at.c ++++ b/at.c +@@ -951,6 +951,11 @@ main(int argc, char **argv) + fprintf(stderr, "invalid date format: %s\n", optarg); + exit(EXIT_FAILURE); + } ++ /* Check if the parsed time is in the past */ ++ if (timer < time(NULL)) { ++ fprintf(stderr, "at: refusing to create job destined in the past\n"); ++ exit(EXIT_FAILURE); ++ } + break; + + case 'o': +-- +2.49.0 + diff --git a/at-aarch64.patch b/at-aarch64.patch new file mode 100644 index 0000000..7f8a449 --- /dev/null +++ b/at-aarch64.patch @@ -0,0 +1,486 @@ +diff -urN at-3.1.13/config.guess at-3.1.13-aarch64/config.guess +--- at-3.1.13/config.guess 2011-06-25 07:43:14.000000000 -0500 ++++ at-3.1.13-aarch64/config.guess 2013-03-07 19:22:31.804824167 -0600 +@@ -2,9 +2,9 @@ + # Attempt to guess a canonical system name. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, + # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +-# 2011 Free Software Foundation, Inc. ++# 2011, 2012 Free Software Foundation, Inc. + +-timestamp='2011-05-11' ++timestamp='2012-09-25' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +@@ -17,9 +17,7 @@ + # General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see . + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -57,8 +55,8 @@ + + Originally written by Per Bothner. + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -145,7 +143,7 @@ + case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or +- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward +@@ -202,6 +200,10 @@ + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; ++ *:Bitrig:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} ++ exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} +@@ -304,7 +306,7 @@ + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; +- arm:riscos:*:*|arm:RISCOS:*:*) ++ arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) +@@ -792,21 +794,26 @@ + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) +- case ${UNAME_MACHINE} in +- pc98) +- echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ UNAME_PROCESSOR=`/usr/bin/uname -p` ++ case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) +- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; ++ *:MINGW64*:*) ++ echo ${UNAME_MACHINE}-pc-mingw64 ++ exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; ++ i*:MSYS*:*) ++ echo ${UNAME_MACHINE}-pc-msys ++ exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 +@@ -861,6 +868,13 @@ + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; ++ aarch64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ aarch64_be:Linux:*:*) ++ UNAME_MACHINE=aarch64_be ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +@@ -895,13 +909,16 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) +- echo cris-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) +- echo crisv32-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + frv:Linux:*:*) +- echo frv-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ hexagon:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu +@@ -943,7 +960,7 @@ + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) +- echo or32-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu +@@ -978,13 +995,13 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + tile*:Linux:*:*) +- echo ${UNAME_MACHINE}-tilera-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) +- echo x86_64-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +@@ -1191,6 +1208,9 @@ + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; ++ x86_64:Haiku:*:*) ++ echo x86_64-unknown-haiku ++ exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; +@@ -1246,7 +1266,7 @@ + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; +- NSE-?:NONSTOP_KERNEL:*:*) ++ NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) +@@ -1315,11 +1335,11 @@ + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; ++ x86_64:VMkernel:*:*) ++ echo ${UNAME_MACHINE}-unknown-esx ++ exit ;; + esac + +-#echo '(No uname command or uname output not recognized.)' 1>&2 +-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 +- + eval $set_cc_for_build + cat >$dummy.c <. + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -76,8 +74,8 @@ + GNU config.sub ($timestamp) + + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -125,13 +123,17 @@ + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ +- linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ ++ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; ++ android-linux) ++ os=-linux-android ++ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ++ ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] +@@ -154,7 +156,7 @@ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ +- -apple | -axis | -knuth | -cray | -microblaze) ++ -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; +@@ -223,6 +225,12 @@ + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; ++ -lynx*178) ++ os=-lynxos178 ++ ;; ++ -lynx*5) ++ os=-lynxos5 ++ ;; + -lynx*) + os=-lynxos + ;; +@@ -247,20 +255,25 @@ + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ ++ | be32 | be64 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ ++ | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ ++ | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ ++ | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ +- | maxq | mb | microblaze | mcore | mep | metag \ ++ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ +@@ -291,7 +304,7 @@ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ +- | rx \ ++ | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ +@@ -300,7 +313,7 @@ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ +- | v850 | v850e \ ++ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) +@@ -315,8 +328,7 @@ + c6x) + basic_machine=tic6x-unknown + ;; +- m6811 | m68hc11 | m6812 | m68hc12 | picochip) +- # Motorola 68HC11/12. ++ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; +@@ -329,7 +341,10 @@ + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; +- ++ xgate) ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; + xscaleeb) + basic_machine=armeb-unknown + ;; +@@ -352,11 +367,13 @@ + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ ++ | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ ++ | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | clipper-* | craynv-* | cydra-* \ +@@ -365,12 +382,15 @@ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ ++ | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ ++ | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ +- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ ++ | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ +@@ -400,7 +420,7 @@ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ +- | romp-* | rs6000-* | rx-* \ ++ | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ +@@ -408,10 +428,11 @@ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ +- | tile-* | tilegx-* \ ++ | tile*-* \ + | tron-* \ + | ubicom32-* \ +- | v850-* | v850e-* | vax-* \ ++ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ ++ | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ +@@ -711,7 +732,6 @@ + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +-# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 +@@ -769,9 +789,13 @@ + basic_machine=ns32k-utek + os=-sysv + ;; +- microblaze) ++ microblaze*) + basic_machine=microblaze-xilinx + ;; ++ mingw64) ++ basic_machine=x86_64-pc ++ os=-mingw64 ++ ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 +@@ -808,10 +832,18 @@ + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; ++ msys) ++ basic_machine=i386-pc ++ os=-msys ++ ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; ++ nacl) ++ basic_machine=le32-unknown ++ os=-nacl ++ ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 +@@ -1120,13 +1152,8 @@ + basic_machine=t90-cray + os=-unicos + ;; +- # This must be matched before tile*. +- tilegx*) +- basic_machine=tilegx-unknown +- os=-linux-gnu +- ;; + tile*) +- basic_machine=tile-unknown ++ basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) +@@ -1330,15 +1357,15 @@ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ +- | -openbsd* | -solidbsd* \ ++ | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ +- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ +- | -mingw32* | -linux-gnu* | -linux-android* \ +- | -linux-newlib* | -linux-uclibc* \ ++ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ ++ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ ++ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ +@@ -1521,6 +1548,9 @@ + c4x-* | tic4x-*) + os=-coff + ;; ++ hexagon-*) ++ os=-elf ++ ;; + tic54x-*) + os=-coff + ;; +@@ -1548,9 +1578,6 @@ + ;; + m68000-sun) + os=-sunos3 +- # This also exists in the configure program, but was not the +- # default. +- # os=-sunos4 + ;; + m68*-cisco) + os=-aout diff --git a/at-tmpfiles.conf b/at-tmpfiles.conf new file mode 100644 index 0000000..8eec9a7 --- /dev/null +++ b/at-tmpfiles.conf @@ -0,0 +1,6 @@ +# at - Tmpfiles configuration for at daemon +# Create /var/spool/at directory structure for the at daemon + +d /var/spool/at 0700 root root - - +d /var/spool/at/spool 0700 root root - - +f /var/spool/at/.SEQ 0600 root root - - diff --git a/at.spec b/at.spec index e1a2a3a..60d9fd4 100644 --- a/at.spec +++ b/at.spec @@ -1,39 +1,45 @@ %bcond_without pam -Summary: Job spooling tools -Name: at -Version: 3.1.13 -Release: 12%{dist} +Summary: Job spooling tools +Name: at +Version: 3.2.5 +Release: 20%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain -License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain -Group: System Environment/Daemons -URL: http://ftp.debian.org/debian/pool/main/a/at +License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC +URL: http://ftp.debian.org/debian/pool/main/a/at -Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz +Source: http://software.calhariz.com/at/at_%{version}.orig.tar.gz # git upstream source git://git.debian.org/git/collab-maint/at.git -Source1: pam_atd -Source2: atd.init -Source3: atd.sysconf -Source5: atd.systemd +Source1: pam_atd +Source2: at-tmpfiles.conf +Source3: atd.sysconf +Source5: atd.systemd -Patch1: at-3.1.13-makefile.patch -Patch2: at-3.1.12-opt_V.patch -Patch3: at-3.1.12-shell.patch -Patch4: at-3.1.13-nitpicks.patch -Patch5: at-3.1.13-pam.patch -Patch6: at-3.1.13-selinux.patch -Patch7: at-3.1.12-nowrap.patch -Patch8: at-3.1.12-fix_no_export.patch -Patch9: at-3.1.13-mailwithhostname.patch -Patch10: at-3.1.13-usePOSIXtimers.patch -Patch11: at-3.1.13-help.patch +Patch: at-3.2.5-address-sast.patch +Patch: at-aarch64.patch +Patch: at-3.2.5-make.patch +Patch: at-3.2.5-pam.patch +Patch: at-3.1.14-opt_V.patch +Patch: at-3.2.2-shell.patch +Patch: at-3.2.5-nitpicks.patch +Patch: at-3.1.14-fix_no_export.patch +Patch: at-3.2.5-mailwithhostname.patch +Patch: at-3.2.5-aborted-jobs.patch +Patch: at-3.2.5-noabort.patch +Patch: at-3.1.16-fclose-error.patch +Patch: at-3.1.16-clear-nonjobs.patch +Patch: at-3.2.2-lock-locks.patch +Patch: at-3.1.23-document-n.patch +Patch: at-3.1.20-log-jobs.patch +Patch: at-3.2.5-past-date.patch -BuildRequires: fileutils /etc/init.d +BuildRequires: gcc BuildRequires: flex flex-static bison autoconf BuildRequires: libselinux-devel >= 1.27.9 BuildRequires: perl(Test::Harness) BuildRequires: perl(Test::More) +BuildRequires: systemd-rpm-macros %if %{with pam} BuildRequires: pam-devel @@ -41,11 +47,15 @@ BuildRequires: pam-devel Conflicts: crontabs <= 1.5 # No, I'm not kidding BuildRequires: smtpdaemon +BuildRequires: make Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units +# at-sysvinit subpackage dropped +Obsoletes: at-sysvinit < 3.1.16-1 + %description At and batch read commands from standard input or from a specified file. At allows you to specify that a command will be run at a @@ -57,74 +67,49 @@ time-oriented job control. Note: If it is a recurring job that will need to be repeated at the same time every day/week, etc. you should use crontab instead. -%package sysvinit -Summary: SysV init script for at -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} -Requires(post): /sbin/chkconfig - -%description sysvinit -SysV style init script for at. It needs to be installed only if systemd -is not used as the system init process. - %prep -%setup -q +%autosetup -N cp %{SOURCE1} . -%patch1 -p1 -b .make -%patch2 -p1 -b .opt_V -%patch3 -p1 -b .shell -%patch4 -p1 -b .nit -%patch5 -p1 -b .pam -%patch6 -p1 -b .selinux -%patch7 -p1 -b .nowrap -%patch8 -p1 -b .export -%patch9 -p1 -b .mail -%patch10 -p1 -b .posix -%patch11 -p1 -b .help +%autopatch -p1 %build -# patch9 touches configure.in -autoconf # uselles files rm -f lex.yy.* y.tab.* -%configure --with-atspool=%{_localstatedir}/spool/at/spool \ - --with-jobdir=%{_localstatedir}/spool/at \ - --with-daemon_username=root \ - --with-daemon_groupname=root \ - --with-selinux \ -%if %{with pam} - --with-pam -%endif -make %{?_smp_mflags} V=1 +%configure --with-atspool=%{_localstatedir}/spool/at/spool \ + --with-jobdir=%{_localstatedir}/spool/at \ + --with-daemon_username=root \ + --with-daemon_groupname=root \ + --with-selinux \ + %{?with_pam:--with-pam} + +make %install make install \ - DAEMON_USERNAME=`id -nu`\ - DAEMON_GROUPNAME=`id -ng` \ - DESTDIR=%{buildroot}\ - sbindir=%{buildroot}%{_prefix}/sbin\ - bindir=%{buildroot}%{_bindir}\ - prefix=%{buildroot}%{_prefix}\ - exec_prefix=%{buildroot}%{_prefix}\ - docdir=%{buildroot}/usr/doc\ - mandir=%{buildroot}%{_mandir}\ - etcdir=%{buildroot}%{_sysconfdir} \ - ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \ - ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \ - INSTALL_ROOT_USER=`id -nu` \ - INSTALL_ROOT_GROUP=`id -nu`; + DAEMON_USERNAME=`id -nu` \ + DAEMON_GROUPNAME=`id -ng` \ + DESTDIR=%{buildroot} \ + sbindir=%{_bindir} \ + bindir=%{_bindir} \ + datadir=%{_datadir} \ + prefix=%{_prefix} \ + exec_prefix=%{_prefix} \ + docdir=%{_prefix}/doc \ + mandir=%{_mandir} \ + etcdir=%{_sysconfdir} \ + ATJOB_DIR=%{_localstatedir}/spool/at \ + ATSPOOL_DIR=%{_localstatedir}/spool/at/spool \ + INSTALL_ROOT_USER=`id -nu` \ + INSTALL_ROOT_GROUP=`id -nu`; echo > %{buildroot}%{_sysconfdir}/at.deny mkdir docs -cp %{buildroot}/%{_prefix}/doc/at/* docs/ +cp %{buildroot}%{_prefix}/doc/at/* docs/ mkdir -p %{buildroot}%{_sysconfdir}/pam.d install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd -mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d -install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/atd - mkdir -p %{buildroot}/etc/sysconfig install -m 644 %{SOURCE3} %{buildroot}/etc/sysconfig/atd @@ -132,18 +117,24 @@ install -m 644 %{SOURCE3} %{buildroot}/etc/sysconfig/atd mkdir -p %{buildroot}/%{_unitdir}/ install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/atd.service +# install tmpfiles configuration +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/at.conf + # remove unpackaged files from the buildroot rm -r %{buildroot}%{_prefix}/doc +# Remove .SEQ file created by make install - tmpfiles will create it +rm -f %{buildroot}%{_localstatedir}/spool/at/.SEQ %check make test %post -touch %{_localstatedir}/spool/at/.SEQ -chmod 600 %{_localstatedir}/spool/at/.SEQ -chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %systemd_post atd.service +# Create directories and files using tmpfiles +%tmpfiles_create at.conf + %preun %systemd_preun atd.service @@ -163,30 +154,225 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ /bin/systemctl try-restart atd.service >/dev/null 2>&1 || : /bin/systemctl daemon-reload >/dev/null 2>&1 || : -%triggerpostun -n at-sysvinit -- at < 3.1.12-9 -/sbin/chkconfig --add atd >/dev/null 2>&1 || : - %files -%doc docs/* -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd -%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at -%attr(0600,daemon,daemon) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ -%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at/spool -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd -%{_sbindir}/atrun -%attr(0755,root,root) %{_sbindir}/atd +%license Copyright COPYING +%doc README timespec ChangeLog +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd +%attr(0700,root,root) %dir %{_localstatedir}/spool/at +%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool +%{_tmpfilesdir}/at.conf +%{_bindir}/atrun +%attr(0755,root,root) %{_bindir}/atd %{_mandir}/man*/* %{_bindir}/batch %{_bindir}/atrm %{_bindir}/atq -%attr(4755,root,root) %{_bindir}/at -%attr(0644,root,root) /%{_unitdir}/atd.service - -%files sysvinit -%attr(0755,root,root) %{_initrddir}/atd +%attr(4755,root,root) %{_bindir}/at +%{_datadir}/at/ +%attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Jan 16 2026 Fedora Release Engineering - 3.2.5-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild + +* Thu Sep 18 2025 Ondřej Pohořelský - 3.2.5-19 +- Add /var/spool/at and /var/spool/at/spool directories into %%files section +- Resolves: rhbz#2396330 + +* Wed Aug 27 2025 Ondřej Pohořelský - 3.2.5-18 +- Use systemd-tmpfiles for /var/spool/at directories + +* Wed Jul 23 2025 Fedora Release Engineering - 3.2.5-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Wed Jun 25 2025 Ondřej Pohořelský - 3.2.5-16 +- Fix past date handling with -t option + +* Mon May 05 2025 Ondřej Pohořelský - 3.2.5-15 +- Claim ownership of /usr/share/at +- Resolves: rhbz#2283298 + +* Mon Jan 27 2025 Ondřej Pohořelský - 3.2.5-14 +- Unify bin and sbin directories +- Resolves: rhbz#2339910 + +* Thu Jan 16 2025 Fedora Release Engineering - 3.2.5-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Thu Aug 8 2024 Ales Nezbeda - 3.2.5-12 +- Backport fixes from upstream PR +- https://salsa.debian.org/debian/at/-/merge_requests/34 + +* Wed Jul 17 2024 Fedora Release Engineering - 3.2.5-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu May 02 2024 Ondřej Pohořelský - 3.2.5-10 +- Corrected document-n patch +- Resolves: rhbz#2276918 + +* Mon Jan 22 2024 Fedora Release Engineering - 3.2.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 3.2.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 3.2.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jun 26 2023 Ondřej Pohořelský - 3.2.5-6 +- Convert licenses to SPDX format +- Dropped MIT and Public Domain license as they are not present in upstream sources + +* Wed Jan 18 2023 Fedora Release Engineering - 3.2.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 3.2.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Mar 31 2022 Jan Staněk - 3.2.5-3 +- Add preceding newline to delimiter in at-3.2.2-shell.patch + +* Tue Mar 08 2022 Ondřej Pohořelský - 3.2.5-2 +- Add mising directory and batch-job script into at-3.2.5-make.patch +- Defined datadir in %%install section and listed batch-job in %%files section + +* Tue Mar 01 2022 Ondřej Pohořelský - 3.2.5-1 +- Update to new upstream release +- Removed at-3.1.14-usePOSIXtimers.patch and at-3.2.23-coverity-fix.patch, because + upstream implemented them +- Defined folder paths without %%{buildroot} in order to make them work with latest + Makefile changes +- Resolves: rhbz#2048132 + +* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 3.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri May 21 2021 Ondřej Pohořelský - 3.2.2-1 +- Update to new upstream release + +* Fri Apr 16 2021 Jan Staněk - 3.1.23-8 +- Patch issues found by coverity (rhbz#1938678) + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.1.23-7 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Jan 26 2021 Fedora Release Engineering - 3.1.23-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.23-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 3.1.23-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 3.1.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 3.1.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Aug 27 2018 Tomáš Mráz - 3.1.23-1 +- new upstream release + +* Thu Jul 12 2018 Fedora Release Engineering - 3.1.20-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed May 23 2018 Tomáš Mráz - 3.1.20-11 +- log the jobs being run + +* Sun Feb 25 2018 Florian Weimer - 3.1.20-10 +- Drop "BuildRequires: fileutils /etc/init.d" + +* Wed Feb 07 2018 Fedora Release Engineering - 3.1.20-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Sep 14 2017 Tomáš Mráz - 3.1.20-8 +- improve the wrong_format patch, also rename it to correct name + +* Thu Sep 14 2017 Tomáš Mráz - 3.1.20-7 +- the ownership of the spool directory should be root as at is configured + with daemon username root +- document the -n option + +* Wed Aug 02 2017 Fedora Release Engineering - 3.1.20-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.1.20-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Mar 28 2017 Tomáš Mráz - 3.1.20-4 +- fix the POSIX timers support (#1436523) + +* Fri Feb 10 2017 Fedora Release Engineering - 3.1.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 2 2017 Tomáš Mráz - 3.1.20-2 +- properly include the license files + +* Fri Jul 1 2016 Tomáš Mráz - 3.1.20-1 +- new upstream release +- properly lock the lock files to be able to safely remove + stale ones + +* Mon May 23 2016 Tomáš Mráz - 3.1.18-2 +- SIGPIPE should not be ignored in atd (#1338039) + +* Wed Mar 23 2016 Tomáš Mráz - 3.1.18-1 +- new upstream release +- correct the DST correction when using UTC time specification (#1320322) + +* Wed Feb 03 2016 Fedora Release Engineering - 3.1.16-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Sep 9 2015 Tomáš Mráz - 3.1.16-7 +- clear non-job files from at dir + +* Wed Jun 17 2015 Fedora Release Engineering - 3.1.16-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Nov 28 2014 Tomáš Mráz - 3.1.16-5 +- superfluous patch dropped + +* Mon Nov 24 2014 Tomáš Mráz - 3.1.16-4 +- test for write error on fclose (#1166882) + +* Thu Nov 6 2014 Tomáš Mráz - 3.1.16-3 +- make atd less abort prone + +* Fri Oct 10 2014 Tomáš Mráz - 3.1.16-2 +- add proper Obsoletes for the sysvinit subpackage + +* Thu Oct 2 2014 Tomáš Mráz - 3.1.16-1 +- new upstream release fixing regression from security fix in bash +- drop sysvinit subpackage + +* Fri Aug 15 2014 Fedora Release Engineering - 3.1.14-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 3.1.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Mar 25 2014 Marcela Mašláňová - 3.1.14-3 +- 1079304 remove part of patch, which is not needed anymore + +* Tue Jan 28 2014 Marcela Mašláňová - 3.1.14-2 +- remove parallel build -> it fails on secondary arches 1058686 + +* Mon Dec 2 2013 Marcela Mašláňová - 3.1.14-1 +- new release 3.1.14 +- all Fedora specifics backported +- 718422 File a0000f0149b7f3 is in wrong format - aborting +- 925041 Does not support aarch64 in f19 and rawhide + +* Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Mon Feb 11 2013 Peter Robinson 3.1.13-12 - Fix patch to fix FTBFS with gcc 4.8 @@ -214,7 +400,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Nov 14 2011 Marcela Mašláňová - 3.1.13-5 -- 754156 fix typo in script +- 754156 fix typo in script * Mon Nov 14 2011 Marcela Mašláňová - 3.1.13-5 - fix incorrect option in test in 56atd @@ -222,7 +408,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Wed Oct 26 2011 Fedora Release Engineering - 3.1.13-4 - Rebuilt for glibc bug#747377 -* Wed Sep 4 2011 Marcela Mašláňová - 3.1.13-3 +* Sun Sep 4 2011 Marcela Mašláňová - 3.1.13-3 - 729742 fix 56atd script for systemd * Mon Aug 15 2011 Marcela Mašláňová - 3.1.13-2 @@ -256,7 +442,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - 617320 systemd init script replacement * Mon Mar 15 2010 Marcela Mašláňová - 3.1.12-5 -- 568222 interrupted 'at' job creates empty job for non-root +- 568222 interrupted 'at' job creates empty job for non-root * Mon Mar 1 2010 Marcela Mašláňová - 3.1.12-4 - 568779 atd is alway runnig after suspend/resume @@ -313,8 +499,8 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - 486227 add hyphen date into manual page. * Wed Dec 3 2008 Marcela Mašláňová - 3.1.10-27 -- 464393 add script into pm-utils, because daemon wasn't taking all jobs - after suspend/hibernate +- 464393 add script into pm-utils, because daemon wasn't taking all jobs + after suspend/hibernate * Fri Oct 24 2008 Marcela Mašláňová - 3.1.10-26 - update init script according to SysVInitScript @@ -343,7 +529,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Mon Dec 3 2007 Marcela Maslanova - 3.1.10-19 - another problem with permission -* Fri Oct 30 2007 Marcela Maslanova - 3.1.10-18 +* Tue Oct 30 2007 Marcela Maslanova - 3.1.10-18 - Bug 398981: change on correct permissions * Fri Oct 05 2007 Marcela Maslanova - 3.1.10-17 @@ -353,12 +539,12 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - macro with_pam instead of have_pam - license tag is gplv2+ because of license in source files -* Tue Jul 11 2007 Marcela Maslanova - 3.1.10-15 +* Wed Jul 11 2007 Marcela Maslanova - 3.1.10-15 - rewrite init script - add own session - setsid - Resolves: rhbz#247091 -* Tue Jul 9 2007 Marcela Maslanova - 3.1.10-14 +* Mon Jul 9 2007 Marcela Maslanova - 3.1.10-14 - feature: add configuration file - fix -V option - fix init script @@ -375,13 +561,13 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - mistake in pam_atd - rhbz#234120 -* Tue Mar 05 2007 Marcela Maslanova - 3.1.10-10 +* Mon Mar 05 2007 Marcela Maslanova - 3.1.10-10 - rhbz#224597 -* Mon Mar 03 2007 Marcela Maslanova - 3.1.10-9 +* Sat Mar 03 2007 Marcela Maslanova - 3.1.10-9 - review -* Wed Feb 20 2007 Marcela Maslanova - 3.1.10-8 +* Tue Feb 20 2007 Marcela Maslanova - 3.1.10-8 - review - rhbz#225288 @@ -390,8 +576,8 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - new pam configuration - rhbz#224597 -* Tue Oct 27 2006 Marcela Maslanova - 3.1.10-6 -- fix daylight-saving again +* Fri Oct 27 2006 Marcela Maslanova - 3.1.10-6 +- fix daylight-saving again - fix #214759 - problem with seteuid * Wed Oct 25 2006 Marcela Maslanova - 3.1.10-5 @@ -400,7 +586,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Tue Oct 24 2006 Marcela Maslanova - 3.1.10-3 - new version from upstream 3.1.10 -* Thu Aug 23 2006 Marcela Maslanova - 3.1.8-82.fc6 +* Wed Aug 23 2006 Marcela Maslanova - 3.1.8-82.fc6 - #176486 don't fork option added (patch from Enrico Scholz) * Wed Jul 12 2006 Jesse Keating - 3.1.8-81.2 @@ -413,7 +599,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - rebuild for new gcc, glibc, glibc-kernheaders - workaround new refusal of /usr/bin/install to chown -* Fri Dec 18 2005 Jason Vas Dias - 3.1.8-80.2 +* Sun Dec 18 2005 Jason Vas Dias - 3.1.8-80.2 - rebuild for new flex * Fri Dec 16 2005 Jesse Keating @@ -426,11 +612,11 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - use include instead of pam_stack in pam config * Fri Jun 03 2005 Jason Vas Dias 3.1.8-78 -- fix bug 159220: add pam_loginuid to pam session stack in /etc/pam.d/atd +- fix bug 159220: add pam_loginuid to pam session stack in /etc/pam.d/atd - fix bug 102341: add '-r' synonym for '-d' / atrm for POSIX / SuS conformance * Fri Apr 08 2005 Jason Vas Dias 3.1.8-77 -- always call pam_setcred(pamh, PAM_DELETE_CRED) before session +- always call pam_setcred(pamh, PAM_DELETE_CRED) before session - close * Tue Apr 05 2005 Jason Vas Dias 3.1.8-70 @@ -441,7 +627,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - user can know when using at(1) if PAM permission is denied. * Tue Mar 08 2005 Jason Vas Dias 3.1.8-67 -- better fix for bug 150131: change DAEMON_USERNAME and +- better fix for bug 150131: change DAEMON_USERNAME and - DAEMON_GROUPNAME to 'root' . * Mon Mar 07 2005 Jason Vas Dias 3.1.8-66 @@ -459,7 +645,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - details of blacklisted variables. * Tue Sep 28 2004 Rik van Riel 3.1.8-58 -- fix typo in man page, bug 112303 +- fix typo in man page, bug 112303 - (regenerated at-3.1.8-man-timespec-path.patch with fix) * Tue Aug 03 2004 Jason Vas Dias @@ -553,7 +739,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Wed Nov 27 2002 Tim Powers 3.1.8-32 - remove unpackaged files from the buildroot -* Tue Jul 25 2002 Bill Huang +* Thu Jul 25 2002 Bill Huang - Fixed delaying job execution and missing starting jobs..(bug#69595) (Thanks Bujor D Silaghi for his patch.) @@ -591,8 +777,8 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Thu Aug 2 2001 Crutcher Dunnavant 3.1.8-20 - updated patch update, still bug #46546 -* Mon Jul 18 2001 Crutcher Dunnavant -- applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to +* Wed Jul 18 2001 Crutcher Dunnavant +- applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to - address bug #46546 * Mon Jun 25 2001 Crutcher Dunnavant @@ -611,7 +797,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Fri Feb 2 2001 Trond Eivind Glomsrød - i18nize initscript -* Wed Dec 12 2000 Bill Nottingham +* Tue Dec 12 2000 Bill Nottingham - fix documentation of which shell commands will be run with (#22216) * Wed Aug 23 2000 Crutcher Dunnavant @@ -675,7 +861,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Mon May 24 1999 Jeff Johnson - reset SIGCHLD before exec (#3016). -* Sun Mar 21 1999 Cristian Gafton +* Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 8) * Thu Mar 18 1999 Cristian Gafton diff --git a/atd.init b/atd.init deleted file mode 100755 index 2f3fd20..0000000 --- a/atd.init +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh -# -# atd Starts/stop the "at" daemon -# -# chkconfig: 345 95 5 -# description: Runs commands scheduled by the "at" command at the time \ -# specified when "at" was run, and runs batch commands when the load \ -# average is low enough. - -### BEGIN INIT INFO -# Provides: atd at batch -# Required-Start: $local_fs -# Required-Stop: $local_fs -# Default-Start: 345 -# Default-Stop: 95 -# Short-Description: Starts/stop the "at" daemon -# Description: Runs commands scheduled by the "at" command at the time -# specified when "at" was run, and runs batch commands when the load -# average is low enough. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec=/usr/sbin/atd -prog="atd" -config=/etc/sysconfig/atd - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting $prog: " - daemon $exec $OPTS && success || failure - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - if [ -n "`pidfileofproc $exec`" ] ; then - killproc $exec - RETVAL=3 - else - failure $"Stopping $prog" - fi - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status $prog -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/atd.systemd b/atd.systemd index 7bdf82c..962b0d0 100644 --- a/atd.systemd +++ b/atd.systemd @@ -1,10 +1,13 @@ [Unit] -Description=Job spooling tools +Description=Deferred execution scheduler +Documentation=man:atd(8) After=syslog.target systemd-user-sessions.service [Service] EnvironmentFile=/etc/sysconfig/atd ExecStart=/usr/sbin/atd -f $OPTS +IgnoreSIGPIPE=no +KillMode=process [Install] WantedBy=multi-user.target diff --git a/pam_atd b/pam_atd new file mode 100644 index 0000000..1fd529e --- /dev/null +++ b/pam_atd @@ -0,0 +1,9 @@ +# The PAM configuration file for the at daemon +# +# +auth required pam_env.so +auth include password-auth +account required pam_access.so +account include password-auth +session required pam_loginuid.so +session include password-auth diff --git a/plans/ci.fmf b/plans/ci.fmf new file mode 100644 index 0000000..c1627f9 --- /dev/null +++ b/plans/ci.fmf @@ -0,0 +1,5 @@ +summary: Basic smoke test +discover: + how: fmf +execute: + how: tmt diff --git a/sources b/sources index 9877be7..9e44a81 100644 --- a/sources +++ b/sources @@ -1,4 +1,2 @@ -b117781fd68e393443b2a8e478c7c22f atd.init -ac1471fe22f63f666dc7d31173f47ea0 atd.sysconf -000d2f30379d2bf8af09f51416e863ec pam_atd -1da61af6c29e323abaaf13ee1a8dad79 at_3.1.13.orig.tar.gz +SHA512 (at_3.2.5.orig.tar.gz) = 542e8948bbdc1d06934070cbfe242688b541ef6342c6b0351255f8b9d7a3ed915a9304b5cf5442dfc15845b3d2b926ebecbfc5bccd204519d0a2775b27f8139c +SHA512 (at_3.2.5.orig.tar.gz.sig) = 5a38cb7da5b85233ede79e7b90aec7705250e315c5b4bcccb9c1c9a6453a9cc5c79c840023a44ac5d087137596c2b4b98971e233ea1fbbaa0c82833e53dcd8ac diff --git a/tests/initscript/Makefile b/tests/initscript/Makefile new file mode 100644 index 0000000..9b15af0 --- /dev/null +++ b/tests/initscript/Makefile @@ -0,0 +1,61 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/at/Sanity/initscript +# Description: Initscript sanity +# Author: Radek Biba +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/at/Sanity/initscript +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +$(METADATA): Makefile + @echo "Owner: Radek Biba " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Initscript sanity" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "Releases: -RHEL3 -RHEL4 -RHELServer5 -RHELClient5 -RedHatEnterpriseLinux3 -RedHatEnterpriseLinux4 -RedHatEnterpriseLinuxClient5 -RedHatEnterpriseLinuxServer5" >> $(METADATA) + @echo "RunFor: at" >> $(METADATA) + @echo "Requires: at" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/initscript/PURPOSE b/tests/initscript/PURPOSE new file mode 100644 index 0000000..7845ec7 --- /dev/null +++ b/tests/initscript/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/at/Sanity/initscript +Description: Initscript sanity +Author: Radek Biba diff --git a/tests/initscript/main.fmf b/tests/initscript/main.fmf new file mode 100644 index 0000000..275b067 --- /dev/null +++ b/tests/initscript/main.fmf @@ -0,0 +1,12 @@ +summary: Initscript sanity +description: '' +contact: Radek Biba +component: + - at +test: ./runtest.sh +framework: beakerlib +recommend: + - at +duration: 5m +extra-summary: /CoreOS/at/Sanity/initscript +extra-task: /CoreOS/at/Sanity/initscript diff --git a/tests/initscript/runtest.sh b/tests/initscript/runtest.sh new file mode 100755 index 0000000..67ecc2d --- /dev/null +++ b/tests/initscript/runtest.sh @@ -0,0 +1,87 @@ +#!/bin/bash +# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/at/Sanity/initscript +# Description: Initscript sanity +# Author: Radek Biba +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="at" +SERVICE="atd" + +rlJournalStart + rlPhaseStartSetup "Prepare" + rlServiceStop $SERVICE + rlPhaseEnd + if rlIsRHEL "<7"; then + rlPhaseStartTest "Mandatory actions" + for ACTION in "start" "stop" "restart" "force-reload" "status" ; do + rlRun "grep -i \"usage.*$ACTION\" /etc/init.d/$SERVICE" + done + rlPhaseEnd + fi + rlPhaseStartTest "Start" + rlRun "service $SERVICE start" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE start" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE restart" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE force-reload" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE try-restart" 0 + rlRun "service $SERVICE status" 0 + rlPhaseEnd + rlPhaseStartTest "Stop" + rlRun "service $SERVICE stop" 0 + rlRun "service $SERVICE status" 3 + rlRun "service $SERVICE stop" 0 + rlRun "service $SERVICE status" 3 + rlRun "service $SERVICE try-restart" 0 + rlRun "service $SERVICE status" 3 + rlPhaseEnd + rlPhaseStartTest "Dead service" + rlRun "touch /var/lock/subsys/$SERVICE" + rlRun "service $SERVICE status" $( + if rlIsRHEL "<7"; then + echo 2; + else + echo 3; + fi + ) + rlRun "service $SERVICE start" 0 + rlRun "service $SERVICE status" 0 + rlPhaseEnd + rlPhaseStartTest "Invalid arguments" + rlRun "service $SERVICE" 2 + rlRun "service $SERVICE fubar" 2 + rlPhaseEnd + + rlPhaseStartCleanup "Restore" + rlServiceRestore $SERVICE + rlPhaseEnd +rlJournalPrintText +rlJournalEnd