summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas K. Huettel <dilfridge@gentoo.org>2016-03-11 16:13:14 +0100
committerAndreas K. Huettel <dilfridge@gentoo.org>2016-03-11 16:13:40 +0100
commite5ceb69b8a381f210ba5a1c77968b3d3bf2da4c2 (patch)
tree51be36c49b8d08d2b1b6df6d775c693c46933eb8 /app-backup
parentsys-block/partitionmanager: version bump (diff)
downloadgentoo-e5ceb69b8a381f210ba5a1c77968b3d3bf2da4c2.tar.gz
gentoo-e5ceb69b8a381f210ba5a1c77968b3d3bf2da4c2.tar.bz2
gentoo-e5ceb69b8a381f210ba5a1c77968b3d3bf2da4c2.zip
app-backup/tsm: Add pax-marking for hardened, bug 559504
Package-Manager: portage-2.2.27
Diffstat (limited to 'app-backup')
-rw-r--r--app-backup/tsm/tsm-7.1.3.1-r1.ebuild244
1 files changed, 244 insertions, 0 deletions
diff --git a/app-backup/tsm/tsm-7.1.3.1-r1.ebuild b/app-backup/tsm/tsm-7.1.3.1-r1.ebuild
new file mode 100644
index 000000000000..11f4d568e321
--- /dev/null
+++ b/app-backup/tsm/tsm-7.1.3.1-r1.ebuild
@@ -0,0 +1,244 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit versionator multilib eutils readme.gentoo rpm systemd user pax-utils
+
+DESCRIPTION="Tivoli Storage Manager (TSM) Backup/Archive (B/A) Client and API"
+HOMEPAGE="http://www.tivoli.com/"
+
+MY_PV_MAJOR=$(get_major_version)
+MY_PV_MINOR=$(get_version_component_range 2)
+MY_PV_TINY=$(get_version_component_range 3)
+MY_PV_PATCH=$(get_version_component_range 4)
+
+MY_PV_NODOTS="${MY_PV_MAJOR}${MY_PV_MINOR}${MY_PV_TINY}"
+MY_PVR_ALLDOTS=${PV}
+
+if [[ ${MY_PV_PATCH} == 0 ]]; then
+ MY_RELEASE_PATH=maintenance
+else
+ MY_RELEASE_PATH=patches
+fi
+BASE_URI="ftp://ftp.software.ibm.com/storage/tivoli-storage-management/"
+BASE_URI+="${MY_RELEASE_PATH}/client/v${MY_PV_MAJOR}r${MY_PV_MINOR}/"
+BASE_URI+="Linux/LinuxX86/BA/v${MY_PV_NODOTS}/"
+SRC_TAR="${MY_PVR_ALLDOTS}-TIV-TSMBAC-LinuxX86.tar"
+SRC_URI="${BASE_URI}${SRC_TAR}"
+
+RESTRICT="strip" # Breaks libPiIMG.so and libPiSNAP.so
+LICENSE="Apache-1.1 Apache-2.0 JDOM BSD-2 CC-PD Boost-1.0 MIT CPL-1.0 HPND Exolab
+ dom4j EPL-1.0 FTL icu unicode IBM Info-ZIP LGPL-2 LGPL-2.1 openafs-krb5-a
+ ZLIB MPL-1.0 MPL-1.1 NPL-1.1 openssl OPENLDAP RSA public-domain W3C
+ || ( BSD GPL-2+ ) gSOAP libpng tsm"
+
+SLOT="0"
+KEYWORDS="~amd64 -*"
+IUSE="acl java +tsm_cit +tsm_hw"
+QA_PREBUILT="*"
+
+# not available (yet?)
+#MY_LANGS="cs:CS_CZ de:DE_DE es:ES_ES fr:FR_FR hu:HU_HU it:IT_IT
+# ja:JA_JP ko:KO_KR pl:PL_PL pt:PT_BR ru:RU_RU zh:ZH_CN zh_TW:ZH_TW"
+MY_LANG_PV="${MY_PVR_ALLDOTS}-"
+for lang in ${MY_LANGS}; do
+ IUSE="${IUSE} linguas_${lang%:*}"
+ SRC_URI="${SRC_URI} linguas_${lang%:*}? ( \
+${BASE_URI}TIVsm-msg.${lang#*:}.x86_64.rpm -> \
+${MY_LANG_PV}TIVsm-msg.${lang#*:}.x86_64.rpm )"
+done
+unset lang
+
+DEPEND=""
+RDEPEND="
+ dev-libs/expat
+ dev-libs/libxml2
+ =sys-fs/fuse-2*
+ acl? ( sys-apps/acl )
+ java? ( virtual/jre:1.7 )
+"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+ enewgroup tsm
+ DOC_CONTENTS="
+ Note that you have to be either root or member of the group tsm to
+ be able to use the Tivoli Storage Manager client."
+}
+
+src_unpack() {
+ local rpm rpms lang
+ unpack ${SRC_TAR}
+
+ for rpm in *.rpm; do
+ case ${rpm} in
+ TIVsm-APIcit.*|TIVsm-BAcit.*)
+ use tsm_cit && rpms="${rpms} ./${rpm}"
+ ;;
+ TIVsm-BAhdw.*)
+ use tsm_hw && rpms="${rpms} ./${rpm}"
+ ;;
+ TIVsm-JBB.*|*-filepath-*)
+ # "journal based backup" for all filesystems
+ # requires a kernel module.
+ # "Linux Filepath source code" available
+ # by request from vendor
+ ;;
+ *)
+ rpms="${rpms} ./${rpm}"
+ ;;
+ esac
+ done
+ for rpm in ${A}; do
+ case ${rpm} in
+ *.rpm)
+ rpms="${rpms} ${rpm}"
+ ;;
+ esac
+ done
+
+ rpm_unpack ${rpms}
+
+ # Avoid strange error messages caused by read-only files
+ chmod -R u+w "${S}" || die
+}
+
+src_prepare() {
+ # Avoid unnecessary dependency on ksh
+ sed -i 's:^#!/usr/bin/ksh:#!/bin/bash:' \
+ opt/tivoli/tsm/client/ba/bin/dsmj || die
+}
+
+src_install() {
+ cp -a opt "${D}" || die
+ cp -a usr "${D}" || die
+
+ # The RPM files contain postinstall scripts which can be extracted
+ # e.g. using https://bugs.gentoo.org/attachment.cgi?id=234663 .
+ # Below we try to mimic the behaviour of these scripts.
+ # We don't deal with SELinux compliance (yet), though.
+ local RPM_INSTALL_PREFIX CLIENTDIR i
+ RPM_INSTALL_PREFIX=/opt
+ CLIENTDIR=$RPM_INSTALL_PREFIX/tivoli/tsm/client
+
+ # We don't bother setting timestamps to build dates.
+ # But we should delete the corresponding files.
+ rm -f "${D}"$CLIENTDIR/api/bin*/.buildDate || die
+ rm -f "${D}"$CLIENTDIR/ba/bin*/.buildDate || die
+ rm -f "${D}"$CLIENTDIR/lang/.buildDate || die
+
+ # Create links for messages; this is spread over several postin scripts.
+ for i in $(cd "${D}"${CLIENTDIR}/lang; ls -1d ??_??); do
+ dosym ../../lang/${i} $CLIENTDIR/ba/bin/${i}
+ dosym ../../lang/${i} $CLIENTDIR/api/bin64/${i}
+ done
+
+ # Mimic TIVsm-API64 postinstall script
+ for i in libgpfs.so libdmapi.so; do
+ dosym ../..$CLIENTDIR/api/bin64/${i} /usr/lib64/${i}
+ done
+
+ # The TIVsm-BA postinstall script only does messages and ancient upgrades
+
+ # The gscrypt64 postinstall script only deals with s390[x] SELinux
+ # and the symlink for the iccs library which we handle in the loop below.
+
+ # Move stuff from /usr/local to /opt, #452332
+ mv "${D}"/usr/local/ibm "${D}"/opt/ || die
+ rmdir "${D}"/usr/local || die
+
+ # Mimic gskssl64 postinstall script
+ for i in sys p11 km ssl drld kicc ldap cms acmeidup valn dbfl iccs; do
+ dosym ../../opt/ibm/gsk8_64/lib64/libgsk8${i}_64.so \
+ /usr/lib64/libgsk8${i}_64.so
+ done
+ for i in capicmd ver; do
+ dosym ../../opt/ibm/gsk8_64/bin/gsk8${i}_64 /usr/bin/gsk${i}_64
+ done
+
+ # Done with the postinstall scripts as the RPMs contain them.
+ # Now on to some more Gentoo-specific installation.
+
+ [[ -d "${D}usr/lib" ]] && die "Using 32bit lib dir in 64bit only system"
+
+ # Avoid "QA Notice: Found an absolute symlink in a library directory"
+ local target
+ find "${D}"usr/lib* -lname '/*' | while read i; do
+ target=$(readlink "${i}")
+ rm -v "${i}" || die
+ dosym "../..${target}" "${i#${D}}"
+ done
+
+ # Install symlinks for sonames of libraries, bug #416503
+ dosym libvixMntapi.so.1.1.0 $CLIENTDIR/ba/bin/libvixMntapi.so.1
+ dosym libvixDiskLibVim.so.5.5.0 $CLIENTDIR/ba/bin/libvixDiskLibVim.so.5
+ dosym libvixDiskLib.so.5.5.0 $CLIENTDIR/ba/bin/libvixDiskLib.so.5
+
+ fowners :tsm /opt/tivoli/tsm/client/ba/bin/dsmtca
+ fperms 4710 /opt/tivoli/tsm/client/ba/bin/dsmtca
+
+ keepdir /var/log/tsm
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/tsm.logrotate" tsm
+
+ keepdir /etc/tivoli
+
+ cp -a "${S}/opt/tivoli/tsm/client/ba/bin/dsm.sys.smp" "${D}/etc/tivoli/dsm.sys" || die
+ echo ' PasswordDir "/etc/tivoli/"' >> ${D}/etc/tivoli/dsm.sys
+ echo ' PasswordAccess generate' >> ${D}/etc/tivoli/dsm.sys
+
+ # Added the hostname to be more friendly, the admin will need to edit this file anyway
+ echo ' NodeName' `hostname` >> ${D}/etc/tivoli/dsm.sys
+ echo ' ErrorLogName "/var/log/tsm/dsmerror.log"' >> ${D}/etc/tivoli/dsm.sys
+ echo ' SchedLogName "/var/log/tsm/dsmsched.log"' >> ${D}/etc/tivoli/dsm.sys
+ dosym ../../../../../../etc/tivoli/dsm.sys /opt/tivoli/tsm/client/ba/bin/dsm.sys
+
+ cp -a "${S}/opt/tivoli/tsm/client/ba/bin/dsm.opt.smp" "${D}/etc/tivoli/dsm.opt"
+ dosym ../../../../../../etc/tivoli/dsm.opt /opt/tivoli/tsm/client/ba/bin/dsm.opt
+
+ # Setup the env
+ dodir /etc/env.d
+ ENV_FILE="${D}/etc/env.d/80tivoli"
+ echo 'DSM_CONFIG="/etc/tivoli/dsm.opt"' >> ${ENV_FILE}
+ echo 'DSM_DIR="/opt/tivoli/tsm/client/ba/bin"' >> ${ENV_FILE}
+ echo 'DSM_LOG="/var/log/tsm"' >> ${ENV_FILE}
+ echo 'ROOTPATH="/opt/tivoli/tsm/client/ba/bin"' >> ${ENV_FILE}
+
+ newconfd "${FILESDIR}/dsmc.conf.d" dsmc
+ newinitd "${FILESDIR}/dsmc.init.d" dsmc
+ newinitd "${FILESDIR}/dsmcad.init.d-r1" dsmcad
+
+ # Need this for hardened, otherwise a cryptic "connection to server lost" message appears
+ pax-mark -m "${D}/opt/tivoli/tsm/client/ba/bin/dsmc"
+
+ systemd_dounit "${FILESDIR}/dsmc.service"
+ systemd_dounit "${FILESDIR}/dsmcad.service"
+
+ readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+ local i dirs
+ for i in /var/log/tsm/dsm{error,sched,j,webcl}.log; do
+ if [[ ! -e $i ]]; then
+ touch $i || die
+ chown :tsm $i || die
+ chmod 0660 $i || die
+ fi
+ done
+
+ # Bug #375041: the log directory itself should not be world writable.
+ # Have to do this in postinst due to bug #141619
+ chown root:tsm /var/log/tsm || die
+ chmod 0750 /var/log/tsm || die
+
+ # Bug 508052: directories used to be too restrictive, have to widen perms.
+ dirs=( /opt/tivoli $(find /opt/tivoli/tsm -type d) )
+ chown root:root "${dirs[@]}" || die
+ chmod 0755 "${dirs[@]}" || die
+
+ readme.gentoo_print_elog
+}