[ovs-dev,Debian-non-root,1/4] Debian: require libcap-ng library for building packages
diff mbox

Message ID 1444095524-11357-1-git-send-email-azhou@nicira.com
State Superseded
Headers show

Commit Message

Andy Zhou Oct. 6, 2015, 1:38 a.m. UTC
libcap-ng is going to be required to build Debian packages. Daemons
will run as the ovs user and group, instead of root, to improve
security.

Signed-off-by: Andy Zhou <azhou@nicira.com>
---
 debian/control | 1 +
 debian/rules   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

Comments

Ansis Atteka Oct. 6, 2015, 5:32 p.m. UTC | #1
On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou <azhou@nicira.com> wrote:
> libcap-ng is going to be required to build Debian packages. Daemons
> will run as the ovs user and group, instead of root, to improve
> security.
>
> Signed-off-by: Andy Zhou <azhou@nicira.com>

I would also update ./debian/control file corresponding sections.
Basically it would allow "apt-get build-dep" command to work properly.




> ---
>  debian/control | 1 +
>  debian/rules   | 2 +-
>  2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/debian/control b/debian/control
> index 49d6f5f..3eac644 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -9,6 +9,7 @@ Build-Depends: graphviz,
>                 bzip2,
>                 debhelper (>= 8),
>                 dh-autoreconf,
> +               libcap-ng-dev,
>                 libssl-dev,
>                 libtool,
>                 openssl,
> diff --git a/debian/rules b/debian/rules
> index d8e90c7..91621d3 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -30,7 +30,7 @@ override_dh_autoreconf:
>         dh_autoreconf $(DH_AS_NEEDED)
>
>  override_dh_auto_configure:
> -       dh_auto_configure -- --enable-ssl $(DATAPATH_CONFIGURE_OPTS)
> +       dh_auto_configure -- --enable-ssl --enable-libcapng=yes $(DATAPATH_CONFIGURE_OPTS)
>
>  override_dh_auto_test:
>  ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
> --
> 1.9.1
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
Ansis Atteka Oct. 6, 2015, 6:37 p.m. UTC | #2
On Tue, Oct 6, 2015 at 10:32 AM, Ansis Atteka <aatteka@nicira.com> wrote:
> On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou <azhou@nicira.com> wrote:
>> libcap-ng is going to be required to build Debian packages. Daemons
>> will run as the ovs user and group, instead of root, to improve
>> security.
>>
>> Signed-off-by: Andy Zhou <azhou@nicira.com>
>
> I would also update ./debian/control file corresponding sections.
> Basically it would allow "apt-get build-dep" command to work properly.
Disregard, this comment because I overlooked your patch.

Acked-by: Ansis Atteka <aatteka@nicira.com>
>
>
>
>
>> ---
>>  debian/control | 1 +
>>  debian/rules   | 2 +-
>>  2 files changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/debian/control b/debian/control
>> index 49d6f5f..3eac644 100644
>> --- a/debian/control
>> +++ b/debian/control
>> @@ -9,6 +9,7 @@ Build-Depends: graphviz,
>>                 bzip2,
>>                 debhelper (>= 8),
>>                 dh-autoreconf,
>> +               libcap-ng-dev,
>>                 libssl-dev,
>>                 libtool,
>>                 openssl,
>> diff --git a/debian/rules b/debian/rules
>> index d8e90c7..91621d3 100755
>> --- a/debian/rules
>> +++ b/debian/rules
>> @@ -30,7 +30,7 @@ override_dh_autoreconf:
>>         dh_autoreconf $(DH_AS_NEEDED)
>>
>>  override_dh_auto_configure:
>> -       dh_auto_configure -- --enable-ssl $(DATAPATH_CONFIGURE_OPTS)
>> +       dh_auto_configure -- --enable-ssl --enable-libcapng=yes $(DATAPATH_CONFIGURE_OPTS)
>>
>>  override_dh_auto_test:
>>  ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
>> --
>> 1.9.1
>>
>> _______________________________________________
>> dev mailing list
>> dev@openvswitch.org
>> http://openvswitch.org/mailman/listinfo/dev
Andy Zhou Oct. 6, 2015, 6:45 p.m. UTC | #3
On Tue, Oct 6, 2015 at 11:37 AM, Ansis Atteka <aatteka@nicira.com> wrote:
> On Tue, Oct 6, 2015 at 10:32 AM, Ansis Atteka <aatteka@nicira.com> wrote:
>> On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou <azhou@nicira.com> wrote:
>>> libcap-ng is going to be required to build Debian packages. Daemons
>>> will run as the ovs user and group, instead of root, to improve
>>> security.
>>>
>>> Signed-off-by: Andy Zhou <azhou@nicira.com>
>>
>> I would also update ./debian/control file corresponding sections.
>> Basically it would allow "apt-get build-dep" command to work properly.
> Disregard, this comment because I overlooked your patch.
>
> Acked-by: Ansis Atteka <aatteka@nicira.com>
Thanks Ansis for the review. I will wait for comments on rest of the
patches before applying it.
>>
>>
>>
>>
>>> ---
>>>  debian/control | 1 +
>>>  debian/rules   | 2 +-
>>>  2 files changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/debian/control b/debian/control
>>> index 49d6f5f..3eac644 100644
>>> --- a/debian/control
>>> +++ b/debian/control
>>> @@ -9,6 +9,7 @@ Build-Depends: graphviz,
>>>                 bzip2,
>>>                 debhelper (>= 8),
>>>                 dh-autoreconf,
>>> +               libcap-ng-dev,
>>>                 libssl-dev,
>>>                 libtool,
>>>                 openssl,
>>> diff --git a/debian/rules b/debian/rules
>>> index d8e90c7..91621d3 100755
>>> --- a/debian/rules
>>> +++ b/debian/rules
>>> @@ -30,7 +30,7 @@ override_dh_autoreconf:
>>>         dh_autoreconf $(DH_AS_NEEDED)
>>>
>>>  override_dh_auto_configure:
>>> -       dh_auto_configure -- --enable-ssl $(DATAPATH_CONFIGURE_OPTS)
>>> +       dh_auto_configure -- --enable-ssl --enable-libcapng=yes $(DATAPATH_CONFIGURE_OPTS)
>>>
>>>  override_dh_auto_test:
>>>  ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
>>> --
>>> 1.9.1
>>>
>>> _______________________________________________
>>> dev mailing list
>>> dev@openvswitch.org
>>> http://openvswitch.org/mailman/listinfo/dev

Patch
diff mbox

diff --git a/debian/control b/debian/control
index 49d6f5f..3eac644 100644
--- a/debian/control
+++ b/debian/control
@@ -9,6 +9,7 @@  Build-Depends: graphviz,
                bzip2,
                debhelper (>= 8),
                dh-autoreconf,
+               libcap-ng-dev,
                libssl-dev,
                libtool,
                openssl,
diff --git a/debian/rules b/debian/rules
index d8e90c7..91621d3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -30,7 +30,7 @@  override_dh_autoreconf:
 	dh_autoreconf $(DH_AS_NEEDED)
 
 override_dh_auto_configure:
-	dh_auto_configure -- --enable-ssl $(DATAPATH_CONFIGURE_OPTS)
+	dh_auto_configure -- --enable-ssl --enable-libcapng=yes $(DATAPATH_CONFIGURE_OPTS)
 
 override_dh_auto_test:
 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))