Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tayga for openSUSE:Factory checked in at 2023-10-25 18:04:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tayga (Old) and /work/SRC/openSUSE:Factory/.tayga.new.24901 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tayga" Wed Oct 25 18:04:18 2023 rev:3 rq:1120195 version:0.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/tayga/tayga.changes 2021-11-27 00:52:24.114578840 +0100 +++ /work/SRC/openSUSE:Factory/.tayga.new.24901/tayga.changes 2023-10-25 18:04:56.966734587 +0200 @@ -1,0 +2,14 @@ +Mon Oct 23 06:54:19 UTC 2023 - Georg Pfuetzenreuter <georg.pfuetzenreu...@suse.com> + +- Add tayga_destroy_tun to delete the tunnel interface when the + service is stopped + +------------------------------------------------------------------- +Mon Oct 23 06:25:09 UTC 2023 - Georg Pfuetzenreuter <georg.pfuetzenreu...@suse.com> + +- Drop PrivateDevices and ProtectClock hardening options to repair + startup failure while accessing /dev/net/tun +- Add conditional to tayga_setup_tun to facilitate operation on + systems without iptables + +------------------------------------------------------------------- New: ---- tayga_destroy_tun ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tayga.spec ++++++ --- /var/tmp/diff_new_pack.CE44yh/_old 2023-10-25 18:04:57.550754229 +0200 +++ /var/tmp/diff_new_pack.CE44yh/_new 2023-10-25 18:04:57.550754229 +0200 @@ -1,7 +1,7 @@ # # spec file for package tayga # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,8 @@ URL: http://www.litech.org/tayga/ Source0: http://www.litech.org/tayga/%{name}-%{version}.tar.bz2 Source1: tayga_setup_tun -Source2: tayga.service +Source2: tayga_destroy_tun +Source3: tayga.service Patch0: tayga-obey-cflags.diff BuildRequires: autoconf BuildRequires: automake @@ -44,14 +45,14 @@ %build autoreconf -fiv %configure -make %{?_smp_mflags} +%make_build %install %make_install mv %{buildroot}%{_sysconfdir}/tayga.conf{.example,} install -d %{buildroot}%{_var}/lib/tayga -install -m 0755 %{SOURCE1} %{buildroot}%{_sbindir} -install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/tayga.service +install -m 0755 %{SOURCE1} %{SOURCE2} %{buildroot}%{_sbindir} +install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/tayga.service ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rctayga %pre @@ -74,6 +75,7 @@ %{_sbindir}/tayga %{_sbindir}/rctayga %{_sbindir}/tayga_setup_tun +%{_sbindir}/tayga_destroy_tun %{_mandir}/man5/tayga.conf.5%{?ext_man} %{_mandir}/man8/tayga.8%{?ext_man} %{_unitdir}/tayga.service ++++++ tayga.service ++++++ --- /var/tmp/diff_new_pack.CE44yh/_old 2023-10-25 18:04:57.594755708 +0200 +++ /var/tmp/diff_new_pack.CE44yh/_new 2023-10-25 18:04:57.598755843 +0200 @@ -7,9 +7,7 @@ # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full ProtectHome=true -PrivateDevices=true ProtectHostname=true -ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true @@ -19,6 +17,7 @@ Type=forking ExecStartPre=/usr/sbin/tayga_setup_tun ExecStart=/usr/sbin/tayga +ExecStopPost=/usr/sbin/tayga_destroy_tun [Install] WantedBy=multi-user.target ++++++ tayga_destroy_tun ++++++ #!/bin/bash CFG="/etc/tayga.conf" IF="$(sed -n 's|[[:blank:]]*tun-device[[:blank:]]\+\([0-9a-zA-Z/]\+\)[[:blank:]]*|\1|p' ${CFG} | sed 's|#.*||')" ip link del ${IF} ++++++ tayga_setup_tun ++++++ --- /var/tmp/diff_new_pack.CE44yh/_old 2023-10-25 18:04:57.630756920 +0200 +++ /var/tmp/diff_new_pack.CE44yh/_new 2023-10-25 18:04:57.634757054 +0200 @@ -5,7 +5,6 @@ IP4="$( sed -n 's|[[:blank:]]*ipv4-addr[[:blank:]]\+\([0-9.]\+\)[[:blank:]]*|\1|p' ${CFG} | sed 's|#.*||')" IP6="$( sed -n 's|[[:blank:]]*ipv6-addr[[:blank:]]\+\([0-9:a-fA-F]\+\)[[:blank:]]*|\1|p' ${CFG} | sed 's|#.*||')" IF="$( sed -n 's|[[:blank:]]*tun-device[[:blank:]]\+\([0-9a-zA-Z/]\+\)[[:blank:]]*|\1|p' ${CFG} | sed 's|#.*||')" -OUT="$(ip r | sed -n 's|default.*dev[[:blank:]]\([0-9a-zA-Z/]\+\)|\1|p')" tayga --mktun --config ${CFG} ip link set ${IF} up @@ -15,9 +14,15 @@ ip route add ${IP6_SET} dev ${IF} # our IPv6 # Setup NAT -iptables -t nat -I POSTROUTING -s ${IP4_SET} -o ${OUT} -j MASQUERADE -iptables -I FORWARD -i ${OUT} -o ${IF} -m state --state RELATED,ESTABLISHED -j ACCEPT -iptables -I FORWARD -i ${IF} -o ${OUT} -j ACCEPT -ip6tables -I FORWARD -s ${IP6_SET} -j ACCEPT -ip6tables -I INPUT -s ${IP6_SET} -j ACCEPT +if type iptables ip6tables &>/dev/null +then + OUT="$(ip r | sed -n 's|default.*dev[[:blank:]]\([0-9a-zA-Z/]\+\)|\1|p')" + iptables -t nat -I POSTROUTING -s ${IP4_SET} -o ${OUT} -j MASQUERADE + iptables -I FORWARD -i ${OUT} -o ${IF} -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -I FORWARD -i ${IF} -o ${OUT} -j ACCEPT + ip6tables -I FORWARD -s ${IP6_SET} -j ACCEPT + ip6tables -I INPUT -s ${IP6_SET} -j ACCEPT +else + echo 'Unable to locate iptables, Tayga will not operate unless you install the necessary rules in your firewall.' +fi
