rpms / nrpe

Clone
Source Code
GIT

#2 Drop EL 6 support and fix EL9 build
Merged 2 years ago by ondrejj. Opened 2 years ago by xavierb.
rpms/ xavierb/nrpe rawhide  into  rawhide

file modified
+25 -79 
@@ -11,9 +11,9 @@ 
 

  Name: nrpe
 

  Version: 4.0.3
 

  %if 0%{?fromgit}
 

- Release: 9%{?fromgit:.%{commdate}git%{shortcommit}}%{?dist}
 

+ Release: 10%{?fromgit:.%{commdate}git%{shortcommit}}%{?dist}
 

  %else
 

- Release: 9%{?dist}
 

+ Release: 10%{?dist}
 

  %endif
 

  Summary: Host/service/network monitoring agent for Nagios
 

  
@@ -27,7 +27,6 @@ 
 

  Source1: nrpe.sysconfig
 

  Source2: nrpe-tmpfiles.conf
 

  Source3: nrpe.README.SELinux.rst
 

- Source4: nrpe_epel6.te
 

  Source5: nrpe_epel7.te
 

  Source6: nrpe_epel.fc
 

  Source7: nrpe.service.epel
 
@@ -41,9 +40,7 @@ 
 

  BuildRequires: gcc
 

  BuildRequires: openssl, openssl-devel
 

  BuildRequires: checkpolicy, selinux-policy-devel
 

- %if 0%{?fedora} > 17 || 0%{?rhel} > 6
 

  BuildRequires: systemd-units
 

- %endif
 

  

  %if 0%{?fedora} < 28 && 0%{?rhel} < 8
 

  BuildRequires: tcp_wrappers-devel
 
@@ -51,16 +48,9 @@ 
 

  

  Requires(pre): %{_sbindir}/useradd, %{_sbindir}/usermod
 

  

- %if 0%{?el6}
 

- Requires(preun): /sbin/service, /sbin/chkconfig
 

- Requires(post): /sbin/chkconfig, /sbin/service
 

- Requires(postun): /sbin/service
 

- Requires: initscripts
 

- %else
 

  Requires(post): systemd
 

  Requires(preun): systemd
 

  Requires(postun): systemd
 

- %endif
 

  

  # owns /etc/nagios
 

  Requires: nagios-common
 
@@ -69,7 +59,7 @@ 
 

  %description
 

  Nrpe is a system daemon that will execute various Nagios plugins
 

  locally on behalf of a remote (monitoring) host that uses the
 

- check_nrpe plugin.  Various plugins that can be executed by the
 

+ check_nrpe plugin. Various plugins that can be executed by the
 

  daemon are available at:
 

  http://sourceforge.net/projects/nagiosplug
 

  
@@ -83,7 +73,7 @@ 
 

  %description -n nagios-plugins-nrpe
 

  Nrpe is a system daemon that will execute various Nagios plugins
 

  locally on behalf of a remote (monitoring) host that uses the
 

- check_nrpe plugin.  Various plugins that can be executed by the
 

+ check_nrpe plugin. Various plugins that can be executed by the
 

  daemon are available at:
 

  http://sourceforge.net/projects/nagiosplug
 

  
@@ -123,7 +113,7 @@ 
 

      --localstatedir=%{_localstatedir}/run/ \
 

      --enable-command-args
 

  

- %if 0%{?fedora} > 35
 

+ %if 0%{?fedora} > 35 || 0%{?rhel} > 8
 

  # do not use get_dh2048 on openssl3
 

  sed -i "s/#define USE_SSL_DH 1/#undef USE_SSL_DH/" include/config.h
 

  %endif
 
@@ -134,26 +124,16 @@ 
 

  ## SELinux configs
 

  mkdir selinux
 

  install -pm 644 %{SOURCE3} README.SELinux.rst
 

- %if 0%{?rhel} < 7
 

- cp -p %{SOURCE4} selinux/%{name}_epel.te
 

- %else
 

  cp -p %{SOURCE5} selinux/%{name}_epel.te
 

- %endif
 

  cp -p %{SOURCE6} selinux/%{name}_epel.fc
 

  touch selinux/%{name}_epel.if
 

  make -f %{_datadir}/selinux/devel/Makefile
 

  %endif
 

  

  %install
 

- rm -rf %{buildroot}
 

- %if 0%{?el6}%{?el7}
 

- ## If we are EL6 we want the old style sysV init script
 

- %if 0%{?el6}
 

- install -D -p -m 0755 startup/default-init %{buildroot}/%{_initrddir}/nrpe
 

- %else
 

+ %if 0%{?el7}
 

  ## If we are EL7 we want the home crafted systemd service due to problems
 

  install -D -m 0644 -p %{SOURCE7} %{buildroot}%{_unitdir}/%{name}.service
 

- %endif
 

  %else
 

  ## If we are Fedora we want the upstream systemd service file
 

  install -D -m 0644 -p startup/default-service %{buildroot}%{_unitdir}/%{name}.service
 
@@ -164,10 +144,8 @@ 
 

  install -D -p -m 0644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
 

  install -d %{buildroot}%{_sysconfdir}/nrpe.d
 

  install -d %{buildroot}%{_localstatedir}/run/%{name}
 

- %if 0%{?fedora} > 14 || 0%{?rhel} > 6
 

  install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf
 

- %endif
 

- %if 0%{?rhel} >5
 

+ %if 0%{?rhel} > 5
 

  # Selinux configs
 

  install -p -m 644 -D %{name}_epel.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/%{name}_epel.pp
 

  %endif
 
@@ -179,93 +157,56 @@ 
 

  getent group nagios >/dev/null && %{_sbindir}/usermod -a -G nagios %{name} || :
 

  

  %preun
 

- %if 0%{?el6}
 

- if [ $1 = 0 ]; then
 

-     /sbin/service %{name} stop > /dev/null 2>&1 || :
 

-     /sbin/chkconfig --del %{name} || :
 

- fi
 

- %else
 

  %systemd_preun nrpe.service
 

- %endif
 

  

  %post
 

- %if 0%{?el6}
 

- /sbin/chkconfig --add %{name} || :
 

- %else
 

  %systemd_post nrpe.service
 

- %endif
 

  

  %postun
 

- %if 0%{?el6}
 

- if [ "$1" -ge "1" ]; then
 

-     /sbin/service %{name} condrestart > /dev/null 2>&1 || :
 

- fi
 

- %else
 

  %systemd_postun_with_restart nrpe.service
 

- %endif
 

  

- %if 0%{?rhel} >5
 

+ %if 0%{?rhel} > 5
 

  %post selinux
 

- %if 0%{?el6}
 

- if [ "$1" -le "1" ]; then # Fist install
 

-    semodule -i %{_datadir}/selinux/packages/%{name}/%{name}_epel.pp 2>/dev/null || :
 

-    fixfiles -R %{name} restore || :
 

-    /sbin/service %{name} condrestart > /dev/null 2>&1  || :
 

- fi
 

- %else
 

- if [ "$1" -le "1" ]; then # Fist install
 

+ if [ "$1" -le "1" ]; then # First install
 

     semodule -i %{_datadir}/selinux/packages/%{name}/%{name}_epel.pp 2>/dev/null || :
 

     fixfiles -R %{name} restore || :
 

     %systemd_postun_with_restart %{name}.service
 

  fi
 

  %endif
 

- %endif
 

  

- %if 0%{?rhel} >5
 

+ %if 0%{?rhel} > 5
 

  %preun selinux
 

- %if 0%{?el6}
 

- if [ "$1" -lt "1" ]; then # Final removal
 

-     semodule -r %{name}_epel 2>/dev/null || :
 

-     fixfiles -R %{name} restore || :
 

-     /sbin/service %{name} condrestart > /dev/null 2>&1 || :
 

- fi
 

- %else
 

  if [ "$1" -lt "1" ]; then # Final removal
 

      semodule -r %{name}_epel 2>/dev/null || :
 

      fixfiles -R %{name} restore || :
 

      %systemd_postun_with_restart %{name}.service
 

  fi
 

  %endif
 

- %endif
 

  

- %if 0%{?rhel} >5
 

+ %if 0%{?rhel} > 5
 

  %postun selinux
 

  if [ "$1" -ge "1" ]; then # Upgrade
 

      # Replaces the module if it is already loaded
 

      semodule -i %{_datadir}/selinux/packages/%{name}/%{name}_epel.pp 2>/dev/null || :
 

-      # no need to restart the daemon
 

+     # no need to restart the daemon
 

  fi
 

- %endif    

+ %endif
 

  

  %files
 

- %if 0%{?el6}
 

- %{_initrddir}/nrpe
 

- %else
 

  %{_unitdir}/%{name}.service
 

- %endif
 

  %{_sbindir}/nrpe
 

  %dir %{_sysconfdir}/nrpe.d
 

  %config(noreplace) %{_sysconfdir}/nagios/nrpe.cfg
 

  %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
 

- %if 0%{?fedora} > 14 || 0%{?rhel} > 6
 

  %config(noreplace) %{_tmpfilesdir}/%{name}.conf
 

- %endif
 

- %doc CHANGELOG.md LICENSE.md LEGAL README.md README.SSL.md SECURITY.md docs/NRPE.pdf
 

+ %license LICENSE.md
 

+ %doc CHANGELOG.md LEGAL README.md README.SSL.md SECURITY.md docs/NRPE.pdf
 

  %dir %attr(775, %{name}, %{name}) %{_localstatedir}/run/%{name}
 

  

  %files -n nagios-plugins-nrpe
 

  %{_libdir}/nagios/plugins/check_nrpe
 

- %doc CHANGELOG.md LICENSE.md LEGAL README.md
 

+ %license LICENSE.md
 

+ %doc CHANGELOG.md LEGAL README.md
 

  

  %if 0%{?rhel} > 5
 

  %files selinux
 
@@ -274,6 +215,11 @@ 
 

  %endif
 

  

  %changelog
 

+ * Wed Dec 08 2021 Xavier Bachelot <xavier@bachelot.org> - 4.0.3-10
 

+ - Drop EL6 support
 

+ - Fix EL9 build
 

+ - Use %%license
 

+ 

  * Thu Nov 11 2021 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 4.0.3-9
 

  - Don't use get_dh on Fedora 36 - OpenSSL 3. (bz#2021958)
 

  - Remove unknown --with-init-dir configure parameter.
 
@@ -313,8 +259,8 @@ 
 

  * Sun Apr  5 2020 Martin Jackson <mhjacks@swbell.net> - 4.0.2-2
 

  - New upstream version
 

  - Update patch for indlude_dir
 

- - Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion 

- - Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection 

+ - Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion
 

+ - Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection
 

  

  * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.1-10
 

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
@@ -365,7 +311,7 @@ 
 

  - Forgot to up the release.
 

  

  * Fri Jul 21 2017 Stephen Smoogen <smooge@fedoraproject.org> - 3.2.0-3
 

- - Clean out nrpe.fc as that breaks silently 

+ - Clean out nrpe.fc as that breaks silently
 

  

  * Wed Jul 19 2017 Stephen Smoogen <smooge@fedoraproject.org> - 3.2.0-3
 

  - Remove git from release name

file removed
-29 
@@ -1,29 +0,0 @@ 
 

- # this file was contributed by David Galloway. Thank you.
 

- module nrpe_epel 1.0;
 

- 

- require {
 

-         type fsadm_exec_t;
 

-         type hostname_exec_t;
 

-         type hwdata_t;
 

-         type nrpe_t;
 

-         type scsi_generic_device_t;
 

-         type tmp_t;
 

-         class capability { sys_admin sys_rawio };
 

-         class chr_file { ioctl open read write };
 

-         class dir { add_name remove_name search write };
 

-         class file { create execute getattr open read unlink write };
 

-         class unix_dgram_socket sendto;
 

- }
 

- 

- #============= nrpe_t ==============
 

- 

- allow nrpe_t fsadm_exec_t:file { execute getattr open read };
 

- allow nrpe_t hostname_exec_t:file execute;
 

- allow nrpe_t hwdata_t:dir search;
 

- allow nrpe_t hwdata_t:file { getattr open read };
 

- allow nrpe_t scsi_generic_device_t:chr_file { ioctl open read write };
 

- allow nrpe_t self:capability { sys_admin sys_rawio };
 

- allow nrpe_t self:unix_dgram_socket sendto;
 

- allow nrpe_t tmp_t:dir { add_name remove_name write };
 

- allow nrpe_t tmp_t:file unlink;
 

- allow nrpe_t tmp_t:file { create open write };

Hi Jan,

Here's a bit of help toward getting nrpe in EL9.

I'm still unsure about the SELinux stuff that is conditionally built for EL. Maybe that needs to be capped to EL8 and older only ?

Regards,
Xavier

rebased onto d35d0d8
2 years ago

rebased onto 6527bf3
2 years ago

1 new commit added

  • Bump release and add changelog entry
2 years ago

Pull-Request has been merged by ondrejj
2 years ago

Thank you for a good job. I appreciate your cleanup and typo fixes.
Requesting a new branch.
If you wish to help me to maintain this package, let me know.

Btw, is your test build working? This dh2048 change from Fedora was never tested on an stable system, required to build only for Fedora 36+. Curious, that centos9 should be based on Fedora 34 and this change is from Fedora 36. :-)

You may add me to the package if you wish. My FAS is xavierb.

I have no idea if the test build works or not. Currently, there are unsatisfied dependencies.
nagios-plugins-nrpe depends on nagios-plugins and nrpe depends on nagios-common (nagios sub-package). I've filed bugs accordingly.
About openssl/openssl3, I guess RedHat prefers to depend on the later and cherrypicked it from F36.

Commit grants have been added to your account. Feel free to build nrpe when request-branch will be done.

Thanks. I'd wish all PRs and branch requests goes as smoothly as this one :-)
Metadata
None
No Tags
Changes Summary 2
+25 -79
file changed
nrpe.spec
-29
file removed
nrpe_epel6.te
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.