diff options
Diffstat (limited to 'meta/recipes-extended/procps')
5 files changed, 228 insertions, 117 deletions
diff --git a/meta/recipes-extended/procps/procps/0001-w.c-correct-musl-builds.patch b/meta/recipes-extended/procps/procps/0001-w.c-correct-musl-builds.patch new file mode 100644 index 0000000000..c92ad28e4f --- /dev/null +++ b/meta/recipes-extended/procps/procps/0001-w.c-correct-musl-builds.patch @@ -0,0 +1,44 @@ +From 22f8d25567b8d64bdbab0fb0b4915b4362561d9b Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 24 Feb 2021 21:14:31 +0000 +Subject: [PATCH] w.c: correct musl builds + +No need to redefine UT_ stuff to something that does not exist. + +UT_ is already provided in musl but via utmp.h header, so include +it always. + +Upstream-Status: Submitted [https://gitlab.com/procps-ng/procps/-/merge_requests/126] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + w.c | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git a/w.c b/w.c +index 9d07ac9..d10639b 100644 +--- a/w.c ++++ b/w.c +@@ -57,9 +57,8 @@ + #include <unistd.h> + #ifdef HAVE_UTMPX_H + # include <utmpx.h> +-#else +-# include <utmp.h> + #endif ++#include <utmp.h> + #include <arpa/inet.h> + + static int ignoreuser = 0; /* for '-u' */ +@@ -72,12 +71,6 @@ typedef struct utmpx utmp_t; + typedef struct utmp utmp_t; + #endif + +-#if !defined(UT_HOSTSIZE) || defined(__UT_HOSTSIZE) +-# define UT_HOSTSIZE __UT_HOSTSIZE +-# define UT_LINESIZE __UT_LINESIZE +-# define UT_NAMESIZE __UT_NAMESIZE +-#endif +- + #ifdef W_SHOWFROM + # define FROM_STRING "on" + #else diff --git a/meta/recipes-extended/procps/procps/0002-proc-escape.c-add-missing-include.patch b/meta/recipes-extended/procps/procps/0002-proc-escape.c-add-missing-include.patch new file mode 100644 index 0000000000..5fa1ac9d78 --- /dev/null +++ b/meta/recipes-extended/procps/procps/0002-proc-escape.c-add-missing-include.patch @@ -0,0 +1,23 @@ +From 4f964821398dff7ab21fec63da15e1e00b2e9277 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Wed, 24 Feb 2021 21:16:14 +0000 +Subject: [PATCH] proc/escape.c: add missing include + +Upstream-Status: Submitted [https://gitlab.com/procps-ng/procps/-/merge_requests/126] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +--- + proc/escape.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/proc/escape.c b/proc/escape.c +index 2e8fb7d..e1f4612 100644 +--- a/proc/escape.c ++++ b/proc/escape.c +@@ -21,6 +21,7 @@ + #include <sys/types.h> + #include <string.h> + #include <limits.h> ++#include <langinfo.h> + #include "procps.h" + #include "escape.h" + #include "readproc.h" diff --git a/meta/recipes-extended/procps/procps/sysctl.conf b/meta/recipes-extended/procps/procps/sysctl.conf index 34e7488bf7..253f3701bd 100644 --- a/meta/recipes-extended/procps/procps/sysctl.conf +++ b/meta/recipes-extended/procps/procps/sysctl.conf @@ -1,64 +1,67 @@ -# This configuration file is taken from Debian. +# This configuration taken from procps v3.3.15 +# Commented out kernel/pid_max=10000 line # # /etc/sysctl.conf - Configuration file for setting system variables # See sysctl.conf (5) for information. -# -#kernel.domainname = example.com +# you can have the CD-ROM close when you use it, and open +# when you are done. +#dev.cdrom.autoeject = 1 +#dev.cdrom.autoclose = 1 -# Uncomment the following to stop low-level messages on console -#kernel.printk = 4 4 1 7 +# protection from the SYN flood attack +net/ipv4/tcp_syncookies=1 -##############################################################3 -# Functions previously found in netbase -# +# see the evil packets in your log files +net/ipv4/conf/all/log_martians=1 -# Uncomment the next two lines to enable Spoof protection (reverse-path filter) -# Turn on Source Address Verification in all interfaces to -# prevent some spoofing attacks -net.ipv4.conf.default.rp_filter=1 -net.ipv4.conf.all.rp_filter=1 +# makes you vulnerable or not :-) +net/ipv4/conf/all/accept_redirects=0 +net/ipv4/conf/all/accept_source_route=0 +net/ipv4/icmp_echo_ignore_broadcasts =1 -# Uncomment the next line to enable TCP/IP SYN cookies -#net.ipv4.tcp_syncookies=1 +# needed for routing, including masquerading or NAT +#net/ipv4/ip_forward=1 -# Uncomment the next line to enable packet forwarding for IPv4 -#net.ipv4.ip_forward=1 +# sets the port range used for outgoing connections +#net.ipv4.ip_local_port_range = 32768 61000 -# Uncomment the next line to enable packet forwarding for IPv6 -#net.ipv6.conf.all.forwarding=1 +# Broken routers and obsolete firewalls will corrupt the window scaling +# and ECN. Set these values to 0 to disable window scaling and ECN. +# This may, rarely, cause some performance loss when running high-speed +# TCP/IP over huge distances or running TCP/IP over connections with high +# packet loss and modern routers. This sure beats dropped connections. +#net.ipv4.tcp_ecn = 0 +# Swapping too much or not enough? Disks spinning up when you'd +# rather they didn't? Tweak these. +#vm.vfs_cache_pressure = 100 +#vm.laptop_mode = 0 +#vm.swappiness = 60 -################################################################### -# Additional settings - these settings can improve the network -# security of the host and prevent against some network attacks -# including spoofing attacks and man in the middle attacks through -# redirection. Some network environments, however, require that these -# settings are disabled so review and enable them as needed. -# -# Ignore ICMP broadcasts -#net.ipv4.icmp_echo_ignore_broadcasts = 1 -# -# Ignore bogus ICMP errors -#net.ipv4.icmp_ignore_bogus_error_responses = 1 -# -# Do not accept ICMP redirects (prevent MITM attacks) -#net.ipv4.conf.all.accept_redirects = 0 -#net.ipv6.conf.all.accept_redirects = 0 -# _or_ -# Accept ICMP redirects only for gateways listed in our default -# gateway list (enabled by default) -# net.ipv4.conf.all.secure_redirects = 1 -# -# Do not send ICMP redirects (we are not a router) -#net.ipv4.conf.all.send_redirects = 0 -# -# Do not accept IP source route packets (we are not a router) -#net.ipv4.conf.all.accept_source_route = 0 -#net.ipv6.conf.all.accept_source_route = 0 -# -# Log Martian Packets -#net.ipv4.conf.all.log_martians = 1 -# +#kernel.printk_ratelimit_burst = 10 +#kernel.printk_ratelimit = 5 +#kernel.panic_on_oops = 0 + +# Reboot 600 seconds after a panic +#kernel.panic = 600 + +# enable SysRq key (note: console security issues) +#kernel.sysrq = 1 + +# Change name of core file to start with the command name +# so you get things like: emacs.core mozilla-bin.core X.core +#kernel.core_pattern = %e.core + +# NIS/YP domain (not always equal to DNS domain) +#kernel.domainname = example.com +#kernel.hostname = darkstar + +# This limits PID values to 4 digits, which allows tools like ps +# to save screen space. +#kernel/pid_max=10000 -#kernel.shmmax = 141762560 +# Protects against creating or following links under certain conditions +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks = 1 +#fs.protected_symlinks = 1 diff --git a/meta/recipes-extended/procps/procps_3.3.11.bb b/meta/recipes-extended/procps/procps_3.3.11.bb deleted file mode 100644 index c6dccc6774..0000000000 --- a/meta/recipes-extended/procps/procps_3.3.11.bb +++ /dev/null @@ -1,66 +0,0 @@ -SUMMARY = "System and process monitoring utilities" -DESCRIPTION = "Procps contains a set of system utilities that provide system information about processes using \ -the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill, and skill." -HOMEPAGE = "https://gitorious.org/procps" -SECTION = "base" -LICENSE = "GPLv2+ & LGPLv2+" -LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ - " - -DEPENDS = "ncurses" - -inherit autotools gettext pkgconfig update-alternatives - -SRC_URI = "http://downloads.sourceforge.net/project/procps-ng/Production/procps-ng-${PV}.tar.xz \ - file://sysctl.conf \ - " - -SRC_URI[md5sum] = "6cc5b94c1c5b8cbc89ad345a7b522f74" -SRC_URI[sha256sum] = "e9493169a2d2adc0bc045538707310c8e877b385e4e296143b62607d2bb044ed" - -S = "${WORKDIR}/procps-ng-${PV}" - -EXTRA_OECONF = "--enable-skill --disable-modern-top" - -CPPFLAGS += "-I${S}" - -do_install_append () { - install -d ${D}${base_bindir} - [ "${bindir}" != "${base_bindir}" ] && for i in ${base_bindir_progs}; do mv ${D}${bindir}/$i ${D}${base_bindir}/$i; done - install -d ${D}${base_sbindir} - [ "${sbindir}" != "${base_sbindir}" ] && for i in ${base_sbindir_progs}; do mv ${D}${sbindir}/$i ${D}${base_sbindir}/$i; done - if [ "${base_sbindir}" != "${sbindir}" ]; then - rmdir ${D}${sbindir} - fi - - install -d ${D}${sysconfdir} - install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/sysctl.conf - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${sysconfdir}/sysctl.d - ln -sf ../sysctl.conf ${D}${sysconfdir}/sysctl.d/99-sysctl.conf - fi -} - -CONFFILES_${PN} = "${sysconfdir}/sysctl.conf" - -bindir_progs = "free pkill pmap pgrep pwdx skill snice top uptime" -base_bindir_progs += "kill pidof ps watch" -base_sbindir_progs += "sysctl" - -ALTERNATIVE_PRIORITY = "200" - -ALTERNATIVE_${PN} = "${bindir_progs} ${base_bindir_progs} ${base_sbindir_progs}" - -ALTERNATIVE_${PN}-doc = "kill.1 uptime.1" -ALTERNATIVE_LINK_NAME[kill.1] = "${mandir}/man1/kill.1" -ALTERNATIVE_LINK_NAME[uptime.1] = "${mandir}/man1/uptime.1" - -python __anonymous() { - for prog in d.getVar('base_bindir_progs', True).split(): - d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_bindir', True), prog)) - - for prog in d.getVar('base_sbindir_progs', True).split(): - d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir', True), prog)) -} - diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb new file mode 100644 index 0000000000..59ad89d326 --- /dev/null +++ b/meta/recipes-extended/procps/procps_3.3.17.bb @@ -0,0 +1,107 @@ +SUMMARY = "System and process monitoring utilities" +DESCRIPTION = "Procps contains a set of system utilities that provide system information about processes using \ +the /proc filesystem. The package includes the programs ps, top, vmstat, w, kill, and skill." +HOMEPAGE = "https://gitlab.com/procps-ng/procps" +SECTION = "base" +LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \ + " + +DEPENDS = "ncurses" + +inherit autotools gettext pkgconfig update-alternatives + +SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ + file://sysctl.conf \ + file://0001-w.c-correct-musl-builds.patch \ + file://0002-proc-escape.c-add-missing-include.patch \ + " +SRCREV = "19a508ea121c0c4ac6d0224575a036de745eaaf8" +# 4.x version is an API incompatible rewrite +# until procps consumers are transitioned to it we need to stick with 3.x +# https://gitlab.com/procps-ng/procps/-/issues/239 +UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>3(\.\d+)+)" + +S = "${WORKDIR}/git" + +# Upstream has a custom autogen.sh which invokes po/update-potfiles as they +# don't ship a po/POTFILES.in (which is silly). Without that file gettext +# doesn't believe po/ is a gettext directory and won't generate po/Makefile. +do_configure:prepend() { + ( cd ${S} && po/update-potfiles ) +} + +EXTRA_OECONF = "--enable-skill --disable-modern-top" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "--with-systemd,--without-systemd,systemd" + +do_install:append () { + install -d ${D}${base_bindir} + [ "${bindir}" != "${base_bindir}" ] && for i in ${base_bindir_progs}; do mv ${D}${bindir}/$i ${D}${base_bindir}/$i; done + install -d ${D}${base_sbindir} + [ "${sbindir}" != "${base_sbindir}" ] && for i in ${base_sbindir_progs}; do mv ${D}${sbindir}/$i ${D}${base_sbindir}/$i; done + if [ "${base_sbindir}" != "${sbindir}" ]; then + rmdir ${D}${sbindir} + fi + + install -d ${D}${sysconfdir} + install -m 0644 ${WORKDIR}/sysctl.conf ${D}${sysconfdir}/sysctl.conf + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${sysconfdir}/sysctl.d + ln -sf ../sysctl.conf ${D}${sysconfdir}/sysctl.d/99-sysctl.conf + fi +} + +CONFFILES:${PN} = "${sysconfdir}/sysctl.conf" + +bindir_progs = "free pkill pmap pgrep pwdx skill snice top uptime w" +base_bindir_progs += "kill pidof ps watch" +base_sbindir_progs += "sysctl" + +ALTERNATIVE_PRIORITY = "200" +ALTERNATIVE_PRIORITY[pidof] = "150" + +ALTERNATIVE:${PN} = "${bindir_progs} ${base_bindir_progs} ${base_sbindir_progs}" + +ALTERNATIVE:${PN}-doc = "kill.1 uptime.1" +ALTERNATIVE_LINK_NAME[kill.1] = "${mandir}/man1/kill.1" +ALTERNATIVE_LINK_NAME[uptime.1] = "${mandir}/man1/uptime.1" + +python __anonymous() { + for prog in d.getVar('base_bindir_progs').split(): + d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_bindir'), prog)) + + for prog in d.getVar('base_sbindir_progs').split(): + d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) +} + +# 'ps' isn't suitable for use as a security tool so whitelist this CVE. +# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3 +CVE_CHECK_IGNORE += "CVE-2018-1121" + +PROCPS_PACKAGES = "${PN}-lib \ + ${PN}-ps \ + ${PN}-sysctl" + +PACKAGE_BEFORE_PN = "${PROCPS_PACKAGES}" +RDEPENDS:${PN} += "${PROCPS_PACKAGES}" + +RDEPENDS:${PN}-ps += "${PN}-lib" +RDEPENDS:${PN}-sysctl += "${PN}-lib" + +FILES:${PN}-lib = "${libdir}" +FILES:${PN}-ps = "${base_bindir}/ps.${BPN}" +FILES:${PN}-sysctl = "${base_sbindir}/sysctl.${BPN} ${sysconfdir}/sysctl.conf ${sysconfdir}/sysctl.d" + +ALTERNATIVE:${PN}:remove = "ps" +ALTERNATIVE:${PN}:remove = "sysctl" + +ALTERNATIVE:${PN}-ps = "ps" +ALTERNATIVE_TARGET[ps] = "${base_bindir}/ps" +ALTERNATIVE_LINK_NAME[ps] = "${base_bindir}/ps" + +ALTERNATIVE:${PN}-sysctl = "sysctl" +ALTERNATIVE_TARGET[sysctl] = "${base_sbindir}/sysctl" +ALTERNATIVE_LINK_NAME[sysctl] = "${base_sbindir}/sysctl" |