Co-authored-by: Harrison Carter hcarter@thegoodpenguin.co.uk Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk --- .../0001-tools-fix-cheri-provenance.patch | 32 ++ ..._endpoint_linux-fix-cheri-provenance.patch | 28 ++ recipes-protocols/net-snmp/files/init | 67 +++ recipes-protocols/net-snmp/files/snmpd.conf | 422 ++++++++++++++++++ .../net-snmp/files/snmptrapd.conf | 18 + ...ath.m4-keep-consistent-between-32bit.patch | 38 ++ .../0001-config_os_headers-Error-Fix.patch | 35 ++ ...1-get_pid_from_inode-Include-limit.h.patch | 27 ++ ....c-Don-t-check-for-return-from-EVP_M.patch | 34 ++ ...004-configure-fix-incorrect-variable.patch | 28 ++ .../CVE-2022-44792-CVE-2022-44793.patch | 116 +++++ .../net-snmp-morello/fix-libtool-finish.patch | 34 ++ ....7.2-fix-engineBoots-value-on-SIGHUP.patch | 44 ++ ...add-knob-whether-nlist.h-are-checked.patch | 36 ++ .../net-snmp-fix-for-disable-des.patch | 30 ++ ...ting-add-the-output-format-for-ptest.patch | 35 ++ .../reproducibility-have-printcap.patch | 30 ++ .../net-snmp/net-snmp-morello/run-ptest | 5 + .../net-snmp/net-snmp-morello/snmpd.service | 14 + .../net-snmp-morello/snmptrapd.service | 14 + .../net-snmp/net-snmp-morello_5.9.3.bb | 322 +++++++++++++ 21 files changed, 1409 insertions(+) create mode 100644 recipes-protocols/net-snmp/cheri-patches/0001-tools-fix-cheri-provenance.patch create mode 100644 recipes-protocols/net-snmp/cheri-patches/0002-udp_endpoint_linux-fix-cheri-provenance.patch create mode 100755 recipes-protocols/net-snmp/files/init create mode 100644 recipes-protocols/net-snmp/files/snmpd.conf create mode 100644 recipes-protocols/net-snmp/files/snmptrapd.conf create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/0001-config_os_headers-Error-Fix.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/0001-get_pid_from_inode-Include-limit.h.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/0004-configure-fix-incorrect-variable.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/CVE-2022-44792-CVE-2022-44793.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/fix-libtool-finish.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/net-snmp-add-knob-whether-nlist.h-are-checked.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/net-snmp-fix-for-disable-des.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/net-snmp-testing-add-the-output-format-for-ptest.patch create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/reproducibility-have-printcap.patch create mode 100755 recipes-protocols/net-snmp/net-snmp-morello/run-ptest create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/snmpd.service create mode 100644 recipes-protocols/net-snmp/net-snmp-morello/snmptrapd.service create mode 100644 recipes-protocols/net-snmp/net-snmp-morello_5.9.3.bb
diff --git a/recipes-protocols/net-snmp/cheri-patches/0001-tools-fix-cheri-provenance.patch b/recipes-protocols/net-snmp/cheri-patches/0001-tools-fix-cheri-provenance.patch new file mode 100644 index 0000000..011c058 --- /dev/null +++ b/recipes-protocols/net-snmp/cheri-patches/0001-tools-fix-cheri-provenance.patch @@ -0,0 +1,32 @@ +From af83d85774efe2d4114430fc178e8835346dcfea Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Mon, 10 Jul 2023 12:59:45 +0100 +Subject: [PATCH] tools: fix cheri provenance + +Replace the cast size_t with uintptr_t, it is safe to do +so as this macro is used only with pointers. + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + include/net-snmp/library/tools.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/net-snmp/library/tools.h b/include/net-snmp/library/tools.h +index 2b69d63..ed9cda7 100644 +--- a/include/net-snmp/library/tools.h ++++ b/include/net-snmp/library/tools.h +@@ -88,9 +88,9 @@ extern "C" { + */ + #if defined(__GNUC__) + #define NETSNMP_REMOVE_CONST(t, e) \ +- (__extension__ ({ const t tmp = (e); (t)(size_t)tmp; })) ++ (__extension__ ({ const t tmp = (e); (t)(uintptr_t)tmp; })) + #else +-#define NETSNMP_REMOVE_CONST(t, e) ((t)(size_t)(e)) ++#define NETSNMP_REMOVE_CONST(t, e) ((t)(uintptr_t)(e)) + #endif + + +-- +2.34.1 + diff --git a/recipes-protocols/net-snmp/cheri-patches/0002-udp_endpoint_linux-fix-cheri-provenance.patch b/recipes-protocols/net-snmp/cheri-patches/0002-udp_endpoint_linux-fix-cheri-provenance.patch new file mode 100644 index 0000000..a6e89c2 --- /dev/null +++ b/recipes-protocols/net-snmp/cheri-patches/0002-udp_endpoint_linux-fix-cheri-provenance.patch @@ -0,0 +1,28 @@ +From 16d13618f3ae71394be8247a5de2aadace40a31b Mon Sep 17 00:00:00 2001 +From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +Date: Mon, 10 Jul 2023 13:30:38 +0100 +Subject: [PATCH 2/2] udp_endpoint_linux: fix cheri provenance + +Cast the size to uintptr_t. + +Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk +--- + agent/mibgroup/udp-mib/data_access/udp_endpoint_linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agent/mibgroup/udp-mib/data_access/udp_endpoint_linux.c b/agent/mibgroup/udp-mib/data_access/udp_endpoint_linux.c +index f0c92d8..c6f6e9f 100644 +--- a/agent/mibgroup/udp-mib/data_access/udp_endpoint_linux.c ++++ b/agent/mibgroup/udp-mib/data_access/udp_endpoint_linux.c +@@ -303,7 +303,7 @@ _load6(netsnmp_container *container, u_int load_flags) + memset(&lpi, 0x0, sizeof(lpi)); + lpi.mem_size = sizeof(netsnmp_udp_endpoint_entry); + lpi.process = _process_line_udp_ep; +- lpi.user_context = (void*)CONTAINER_SIZE(container); ++ lpi.user_context = (void*)(uintptr_t)CONTAINER_SIZE(container); + + container = netsnmp_file_text_parse(fp, container, PM_USER_FUNCTION, + 0, &lpi); +-- +2.34.1 + diff --git a/recipes-protocols/net-snmp/files/init b/recipes-protocols/net-snmp/files/init new file mode 100755 index 0000000..046c624 --- /dev/null +++ b/recipes-protocols/net-snmp/files/init @@ -0,0 +1,67 @@ +#! /bin/sh +# /etc/init.d/snmpd: start snmp daemon. + +. /etc/init.d/functions + +# Defaults +PURECAP_DIR=%PURECAP_DIR% +export MIBDIRS=${PURECAP_DIR}/usr/share/snmp/mibs +SNMPDRUN=yes +SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid' +TRAPDRUN=no +TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' +PIDFILE=/var/run/snmpd.pid +SPIDFILE=/var/run/snmptrapd.pid + +# Reads config file if exists (will override defaults above) +[ -r /etc/default/snmpd ] && . /etc/default/snmpd + +[ "$SNMPDRUN" = "yes" ] && { test -x ${PURECAP_DIR}/usr/sbin/snmpd || exit 0; } +[ "$TRAPDRUN" = "yes" ] && { test -x ${PURECAP_DIR}/usr/sbin/snmptrapd || exit 0; } + +case "$1" in + start) + echo -n "Starting network management services:" + if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf -a ! -f "$PIDFILE" ]; then + start-stop-daemon -o --start --quiet --name snmpd --pidfile "$PIDFILE" \ + --exec ${PURECAP_DIR}/usr/sbin/snmpd -- $SNMPDOPTS + echo -n " snmpd" + fi + if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf -a ! -f "$SPIDFILE" ]; then + start-stop-daemon -o --start --quiet --name snmptrapd --pidfile "$SPIDFILE" \ + --exec ${PURECAP_DIR}/usr/sbin/snmptrapd -- $TRAPDOPTS + echo -n " snmptrapd" + fi + echo "." + + test ! -x /sbin/restorecon || /sbin/restorecon -FR /var/lib/net-snmp + ;; + stop) + echo -n "Stopping network management services:" + if [ -f "$PIDFILE" ] ; then + start-stop-daemon -o --stop --quiet --pidfile $PIDFILE --name snmpd + fi + echo -n " snmpd" + if [ -f "$SPIDFILE" ] ; then + start-stop-daemon -o --stop --quiet --pidfile $SPIDFILE --name snmptrapd + rm -rf $SPIDFILE + fi + echo -n " snmptrapd" + echo "." + ;; + status) + status ${PURECAP_DIR}/usr/sbin/snmpd; + exit $? + ;; + restart|reload|force-reload) + $0 stop + # Allow the daemons time to exit completely. + sleep 2 + $0 start + ;; + *) + echo "Usage: /etc/init.d/snmpd {start|stop|status|restart|reload|force-reload}" + exit 1 +esac + +exit 0 diff --git a/recipes-protocols/net-snmp/files/snmpd.conf b/recipes-protocols/net-snmp/files/snmpd.conf new file mode 100644 index 0000000..728171c --- /dev/null +++ b/recipes-protocols/net-snmp/files/snmpd.conf @@ -0,0 +1,422 @@ +############################################################################### +# +# EXAMPLE.conf: +# An example configuration file for configuring the ucd-snmp snmpd agent. +# +############################################################################### +# +# This file is intended to only be an example. If, however, you want +# to use it, it should be placed in /etc/snmp/snmpd.conf. +# When the snmpd agent starts up, this is where it will look for it. +# +# You might be interested in generating your own snmpd.conf file using +# the "snmpconf" program (perl script) instead. It's a nice menu +# based interface to writing well commented configuration files. Try it! +# +# Note: This file is automatically generated from EXAMPLE.conf.def. +# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run +# configure & make, and then make sure you read the EXAMPLE.conf file +# instead, as it will tailor itself to your configuration. + +# All lines beginning with a '#' are comments and are intended for you +# to read. All other lines are configuration commands for the agent. + +# +# PLEASE: read the snmpd.conf(5) manual page as well! +# + + +############################################################################### +# Access Control +############################################################################### + +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY +# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. + +# By far, the most common question I get about the agent is "why won't +# it work?", when really it should be "how do I configure the agent to +# allow me to access it?" +# +# By default, the agent responds to the "public" community for read +# only access, if run out of the box without any configuration file in +# place. The following examples show you other ways of configuring +# the agent so that you can change the community names, and give +# yourself write access as well. +# +# The following lines change the access permissions of the agent so +# that the COMMUNITY string provides read-only access to your entire +# NETWORK (EG: 10.10.10.0/24), and read/write access to only the +# localhost (127.0.0.1, not its real ipaddress). +# +# For more information, read the FAQ as well as the snmpd.conf(5) +# manual page. + +#### +# First, map the community name (COMMUNITY) into a security name +# (local and mynetwork, depending on where the request is coming +# from): + +# sec.name source community +com2sec paranoid default public +#com2sec readonly default public +#com2sec readwrite default private + +#### +# Second, map the security names into group names: + +# sec.model sec.name +group MyROSystem v1 paranoid +group MyROSystem v2c paranoid +group MyROSystem usm paranoid +group MyROGroup v1 readonly +group MyROGroup v2c readonly +group MyROGroup usm readonly +group MyRWGroup v1 readwrite +group MyRWGroup v2c readwrite +group MyRWGroup usm readwrite + +#### +# Third, create a view for us to let the groups have rights to: + +# incl/excl subtree mask +view all included .1 80 +view system included .iso.org.dod.internet.mgmt.mib-2.system + +#### +# Finally, grant the 2 groups access to the 1 view with different +# write permissions: + +# context sec.model sec.level match read write notif +access MyROSystem "" any noauth exact system none none +access MyROGroup "" any noauth exact all none none +access MyRWGroup "" any noauth exact all all none + +# ----------------------------------------------------------------------------- + + +############################################################################### +# System contact information +# + +# It is also possible to set the sysContact and sysLocation system +# variables through the snmpd.conf file. **PLEASE NOTE** that setting +# the value of these objects here makes these objects READ-ONLY +# (regardless of any access control settings). Any attempt to set the +# value of an object whose value is given here will fail with an error +# status of notWritable. + +syslocation Unknown (configure /etc/snmp/snmpd.local.conf) +syscontact Root root@localhost (configure /etc/snmp/snmpd.local.conf) + +# Example output of snmpwalk: +# % snmpwalk -v 1 -c public localhost system +# system.sysDescr.0 = "SunOS name sun4c" +# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 +# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 +# system.sysContact.0 = "Me me@somewhere.org" +# system.sysName.0 = "name" +# system.sysLocation.0 = "Right here, right now." +# system.sysServices.0 = 72 + + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Process checks. +# +# The following are examples of how to use the agent to check for +# processes running on the host. The syntax looks something like: +# +# proc NAME [MAX=0] [MIN=0] +# +# NAME: the name of the process to check for. It must match +# exactly (ie, http will not find httpd processes). +# MAX: the maximum number allowed to be running. Defaults to 0. +# MIN: the minimum number to be running. Defaults to 0. + +# +# Examples: +# + +# Make sure mountd is running +#proc mountd + +# Make sure there are no more than 4 ntalkds running, but 0 is ok too. +#proc ntalkd 4 + +# Make sure at least one sendmail, but less than or equal to 10 are running. +#proc sendmail 10 1 + +# A snmpwalk of the prTable would look something like this: +# +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 +# +# Note that the errorFlag for mountd is set to 1 because one is not +# running (in this case an rpc.mountd is, but thats not good enough), +# and the ErrMessage tells you what's wrong. The configuration +# imposed in the snmpd.conf file is also shown. +# +# Special Case: When the min and max numbers are both 0, it assumes +# you want a max of infinity and a min of 1. +# + + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Executables/scripts +# + +# +# You can also have programs run by the agent that return a single +# line of output and an exit code. Here are two examples. +# +# exec NAME PROGRAM [ARGS ...] +# +# NAME: A generic name. +# PROGRAM: The program to run. Include the path! +# ARGS: optional arguments to be passed to the program + +# a simple hello world +#exec echotest /bin/echo hello world + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +#exec shelltest /bin/sh /tmp/shtest + +# Then, +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 + +# Note that the second line of the /tmp/shtest shell script is cut +# off. Also note that the exit status of 35 was returned. + +# ----------------------------------------------------------------------------- + + +############################################################################### +# disk checks +# + +# The agent can check the amount of available disk space, and make +# sure it is above a set limit. + +# disk PATH [MIN=DEFDISKMINIMUMSPACE] +# +# PATH: mount path to the disk in question. +# MIN: Disks with space below this value will have the Mib's errorFlag set. +# Default value = DEFDISKMINIMUMSPACE. + +# Check the / partition and make sure it contains at least 10 megs. + +#disk / 10000 + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# load average checks +# + +# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE] +# +# 1MAX: If the 1 minute load average is above this limit at query +# time, the errorFlag will be set. +# 5MAX: Similar, but for 5 min average. +# 15MAX: Similar, but for 15 min average. + +# Check for loads: +#load 12 14 14 + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Extensible sections. +# + +# This alleviates the multiple line output problem found in the +# previous executable mib by placing each mib in its own mib table: + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50 +# enterprises.ucdavis.50.1.1 = 1 +# enterprises.ucdavis.50.2.1 = "shelltest" +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.50.100.1 = 35 +# enterprises.ucdavis.50.101.1 = "hello world." +# enterprises.ucdavis.50.101.2 = "hi there." +# enterprises.ucdavis.50.102.1 = 0 + +# Now the Output has grown to two lines, and we can see the 'hi +# there.' output as the second line from our shell script. +# +# Note that you must alter the mib.txt file to be correct if you want +# the .50.* outputs above to change to reasonable text descriptions. + +# Other ideas: +# +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Pass through control. +# + +# Usage: +# pass MIBOID EXEC-COMMAND +# +# This will pass total control of the mib underneath the MIBOID +# portion of the mib to the EXEC-COMMAND. +# +# Note: You'll have to change the path of the passtest script to your +# source directory or install it in the given location. +# +# Example: (see the script for details) +# (commented out here since it requires that you place the +# script in the right location. (its not installed by default)) + +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/passtest + +# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255 +# enterprises.ucdavis.255.1 = "life the universe and everything" +# enterprises.ucdavis.255.2.1 = 42 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 +# enterprises.ucdavis.255.5 = 42 +# enterprises.ucdavis.255.6 = Gauge: 42 +# +# % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5 +# enterprises.ucdavis.255.5 = 42 +# +# % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string" +# enterprises.ucdavis.255.1 = "New string" +# + +# For specific usage information, see the man/snmpd.conf.5 manual page +# as well as the local/passtest script used in the above example. + +############################################################################### +# Subagent control +# + +# The agent can support subagents using a number of extension mechanisms. +# From the 4.2.1 release, AgentX support is being compiled in by default. +# However, this is still experimental code, so should not be used on +# critical production systems. +# Please see the file README.agentx for more details. +# +# If having read, marked, learnt and inwardly digested this information, +# you decide that you do wish to make use of this mechanism, simply +# uncomment the following directive. +# +# master agentx +# +# I repeat - this is *NOT* regarded as suitable for front-line production +# systems, though it is probably stable enough for day-to-day use. +# Probably. +# +# No refunds will be given. + +############################################################################### +# Further Information +# +# See the snmpd.conf manual page, and the output of "snmpd -H". +# MUCH more can be done with the snmpd.conf than is shown as an +# example here. diff --git a/recipes-protocols/net-snmp/files/snmptrapd.conf b/recipes-protocols/net-snmp/files/snmptrapd.conf new file mode 100644 index 0000000..8d2e437 --- /dev/null +++ b/recipes-protocols/net-snmp/files/snmptrapd.conf @@ -0,0 +1,18 @@ +############################################################################### +# +# EXAMPLE.conf: +# An example configuration file for configuring the ucd-snmp snmptrapd agent. +# +############################################################################### +# +# This file is intended to only be an example. If, however, you want +# to use it, it should be placed in /etc/snmp/snmptrapd.conf. +# When the snmptrapd agent starts up, this is where it will look for it. +# +# All lines beginning with a '#' are comments and are intended for you +# to read. All other lines are configuration commands for the agent. + +# +# PLEASE: read the snmptrapd.conf(5) manual page as well! +# + diff --git a/recipes-protocols/net-snmp/net-snmp-morello/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/recipes-protocols/net-snmp/net-snmp-morello/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch new file mode 100644 index 0000000..0eeddf7 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch @@ -0,0 +1,38 @@ +From 98c62e24fdd05d7e8bd8149840bad8eb0feb3fb1 Mon Sep 17 00:00:00 2001 +From: Mingli Yu mingli.yu@windriver.com +Date: Fri, 29 Jan 2021 08:49:15 +0000 +Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and + 64bit + +With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves +differently between 32bit and 64bit system as the openssl lib resides under +/build/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib64 +for 64bit system, but resides under [1] for 32bit system. + +So add the patch to fix the gap between 32bit and 64bit system. + +[1] /build/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib + +Upstream-Status: Inappropriate [configuration specific] + +Signed-off-by: Mingli Yu mingli.yu@windriver.com + +--- + m4/ac_add_search_path.m4 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4 +index 8e0a819..e9585bc 100644 +--- a/m4/ac_add_search_path.m4 ++++ b/m4/ac_add_search_path.m4 +@@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables + dnl + AC_DEFUN([AC_ADD_SEARCH_PATH],[ + if test "x$1" != x -a -d $1; then +- if test -d $1/lib; then +- LDFLAGS="-L$1/lib $LDFLAGS" ++ if test -d $1/${libdir:5}; then ++ LDFLAGS="-L$1/${libdir:5} $LDFLAGS" + fi + if test -d $1/include; then + CPPFLAGS="-I$1/include $CPPFLAGS" diff --git a/recipes-protocols/net-snmp/net-snmp-morello/0001-config_os_headers-Error-Fix.patch b/recipes-protocols/net-snmp/net-snmp-morello/0001-config_os_headers-Error-Fix.patch new file mode 100644 index 0000000..f8a52a6 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/0001-config_os_headers-Error-Fix.patch @@ -0,0 +1,35 @@ +From e86d5fd52f19b85da0b7cce660c6e65ec4c0f9bb Mon Sep 17 00:00:00 2001 +From: Li xin lixin.fnst@cn.fujitsu.com +Date: Fri, 21 Aug 2015 18:23:13 +0900 +Subject: [PATCH] config_os_headers: Error Fix + +ERROR: This autoconf log indicates errors, it looked at host include +and/or library paths while determining system capabilities. +cc1: warning: include location "/usr/local/include" is unsafe for cross-compilation [-Wpoison-system-directories] +conftest.c:168:17: fatal error: pkg.h: No such file or directory + #include <pkg.h> + ^ + +Upstream-Status: pending + +Signed-off-by: Li Xin lixin.fnst@cn.fujitsu.com + +--- + configure.d/config_os_headers | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers +index 01c3376..6edd85f 100644 +--- a/configure.d/config_os_headers ++++ b/configure.d/config_os_headers +@@ -395,8 +395,8 @@ then + unset ac_cv_header_pkg_h + netsnmp_save_CPPFLAGS="$CPPFLAGS" + netsnmp_save_LDFLAGS="$LDFLAGS" +- CPPFLAGS="$CPPFLAGS -I/usr/local/include" +- LDFLAGS="$LDFLAGS -L/usr/local/lib" ++ CPPFLAGS="$CPPFLAGS" ++ LDFLAGS="$LDFLAGS" + AC_CHECK_HEADERS(pkg.h, + NETSNMP_SEARCH_LIBS(pkg_init, pkg, + AC_DEFINE(HAVE_LIBPKG, 1, [define if you have BSD pkg-ng]))) diff --git a/recipes-protocols/net-snmp/net-snmp-morello/0001-get_pid_from_inode-Include-limit.h.patch b/recipes-protocols/net-snmp/net-snmp-morello/0001-get_pid_from_inode-Include-limit.h.patch new file mode 100644 index 0000000..a7881a8 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/0001-get_pid_from_inode-Include-limit.h.patch @@ -0,0 +1,27 @@ +From 8097734b27fd146f358a4edd0d1a0d28309bd9a4 Mon Sep 17 00:00:00 2001 +From: Khem Raj raj.khem@gmail.com +Date: Fri, 22 Jul 2016 18:34:39 +0000 +Subject: [PATCH] get_pid_from_inode: Include limit.h + +PATH_MAX and NAME_MAX are required by this file + +Upstream-Status: Pending + +Signed-off-by: Khem Raj raj.khem@gmail.com + +--- + agent/mibgroup/util_funcs/get_pid_from_inode.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c +index 5788e1d..ea380a6 100644 +--- a/agent/mibgroup/util_funcs/get_pid_from_inode.c ++++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c +@@ -6,6 +6,7 @@ + #include <net-snmp/output_api.h> + + #include <ctype.h> ++#include <limits.h> + #include <stdio.h> + #ifdef HAVE_STDLIB_H + #include <stdlib.h> diff --git a/recipes-protocols/net-snmp/net-snmp-morello/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/recipes-protocols/net-snmp/net-snmp-morello/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch new file mode 100644 index 0000000..af6334f --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch @@ -0,0 +1,34 @@ +From f4e1acd4f509dd26cf88da872bd5adcf884f4a5f Mon Sep 17 00:00:00 2001 +From: Khem Raj raj.khem@gmail.com +Date: Fri, 18 Sep 2015 00:28:45 -0400 +Subject: [PATCH] snmplib/keytools.c: Don't check for return from + + EVP_MD_CTX_init() + +EVP_MD_CTX_init() API returns void, it fixes errors with new compilers + +snmplib/keytools.c: In function 'generate_Ku': error: invalid use of void expression + +Signed-off-by: Khem Raj raj.khem@gmail.com +Signed-off-by: Ovidiu Panait ovidiu.panait@windriver.com + +--- + snmplib/keytools.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/snmplib/keytools.c b/snmplib/keytools.c +index 14a452a..fb1694b 100644 +--- a/snmplib/keytools.c ++++ b/snmplib/keytools.c +@@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, + ctx = EVP_MD_CTX_create(); + #else + ctx = malloc(sizeof(*ctx)); +- if (!EVP_MD_CTX_init(ctx)) { +- rval = SNMPERR_GENERR; +- goto generate_Ku_quit; +- } ++ EVP_MD_CTX_init(ctx); + #endif + if (!EVP_DigestInit(ctx, hashfn)) { + rval = SNMPERR_GENERR; diff --git a/recipes-protocols/net-snmp/net-snmp-morello/0004-configure-fix-incorrect-variable.patch b/recipes-protocols/net-snmp/net-snmp-morello/0004-configure-fix-incorrect-variable.patch new file mode 100644 index 0000000..6e22418 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/0004-configure-fix-incorrect-variable.patch @@ -0,0 +1,28 @@ +From 6d655ba677563ac9d62d4d8eee59fdb39d486c02 Mon Sep 17 00:00:00 2001 +From: Wenlin Kang wenlin.kang@windriver.com +Date: Wed, 24 May 2017 17:10:20 +0800 +Subject: [PATCH] configure: fix incorrect variable + +For cross compile platform, this variable will not be correct, so fix it. + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Wenlin Kang wenlin.kang@windriver.com + +--- + Makefile.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.in b/Makefile.in +index f1cbbf5..1545be3 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -173,7 +173,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt + # + # override LD_RUN_PATH to avoid dependencies on the build directory + perlmodules: perlmakefiles subdirs +- @(cd perl ; $(MAKE) LD_RUN_PATH="$(libdir):`$(PERL) -e 'use Config; print qq($$Config{archlibexp}/CORE);'`") ; \ ++ @(cd perl ; $(MAKE) LD_RUN_PATH="$(libdir):`$(PERL) -e 'use Config; print qq($$Config{installprivlib}/CORE);'`") ; \ + if test $$? != 0 ; then \ + exit 1 ; \ + fi diff --git a/recipes-protocols/net-snmp/net-snmp-morello/CVE-2022-44792-CVE-2022-44793.patch b/recipes-protocols/net-snmp/net-snmp-morello/CVE-2022-44792-CVE-2022-44793.patch new file mode 100644 index 0000000..ce7e342 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/CVE-2022-44792-CVE-2022-44793.patch @@ -0,0 +1,116 @@ +From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001 +From: Bill Fenner fenner@gmail.com +Date: Fri, 25 Nov 2022 08:41:24 -0800 +Subject: [PATCH ] snmp_agent: disallow SET with NULL varbind + +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199a...] +CVE: CVE-2022-44792 & CVE-2022-44793 +Signed-off-by: Hitendra Prajapati hprajapati@mvista.com +--- + agent/snmp_agent.c | 32 +++++++++++++++++++ + apps/snmpset.c | 1 + + .../default/T0142snmpv2csetnull_simple | 31 ++++++++++++++++++ + 3 files changed, 64 insertions(+) + create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 3376357..f51c252 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status) + return 1; + } + ++static int ++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp) ++{ ++ int i; ++ netsnmp_variable_list *v = NULL; ++ ++ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) { ++ if (v->type == ASN_NULL) { ++ /* ++ * Protect SET implementations that do not protect themselves ++ * against wrong type. ++ */ ++ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i)); ++ asp->index = i; ++ return SNMP_ERR_WRONGTYPE; ++ } ++ } ++ return SNMP_ERR_NOERROR; ++} ++ + int + handle_pdu(netsnmp_agent_session *asp) + { + int status, inclusives = 0; + netsnmp_variable_list *v = NULL; + ++#ifndef NETSNMP_NO_WRITE_SUPPORT ++ /* ++ * Check for ASN_NULL in SET request ++ */ ++ if (asp->pdu->command == SNMP_MSG_SET) { ++ status = check_set_pdu_for_null_varbind(asp); ++ if (status != SNMP_ERR_NOERROR) { ++ return status; ++ } ++ } ++#endif /* NETSNMP_NO_WRITE_SUPPORT */ ++ + /* + * for illegal requests, mark all nodes as ASN_NULL + */ +diff --git a/apps/snmpset.c b/apps/snmpset.c +index 50f33db..387a51d 100644 +--- a/apps/snmpset.c ++++ b/apps/snmpset.c +@@ -182,6 +182,7 @@ main(int argc, char *argv[]) + case 'x': + case 'd': + case 'b': ++ case 'n': /* undocumented */ + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case 'I': + case 'U': +diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple +new file mode 100644 +index 0000000..0f1b8f3 +--- /dev/null ++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple +@@ -0,0 +1,31 @@ ++#!/bin/sh ++ ++. ../support/simple_eval_tools.sh ++ ++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind ++ ++SKIPIF NETSNMP_DISABLE_SET_SUPPORT ++SKIPIF NETSNMP_NO_WRITE_SUPPORT ++SKIPIF NETSNMP_DISABLE_SNMPV2C ++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE ++ ++# ++# Begin test ++# ++ ++# standard V2C configuration: testcomunnity ++snmp_write_access='all' ++. ./Sv2cconfig ++STARTAGENT ++ ++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0" ++ ++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:" ++ ++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x" ++ ++CHECK "Reason: wrongType" ++ ++STOPAGENT ++ ++FINISHED +-- +2.25.1 + diff --git a/recipes-protocols/net-snmp/net-snmp-morello/fix-libtool-finish.patch b/recipes-protocols/net-snmp/net-snmp-morello/fix-libtool-finish.patch new file mode 100644 index 0000000..409c1e0 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/fix-libtool-finish.patch @@ -0,0 +1,34 @@ +From ab1d77c52e84746e75506a2870783806bc77f396 Mon Sep 17 00:00:00 2001 +From: "Roy.Li" rongqing.li@windriver.com +Date: Fri, 16 Jan 2015 14:14:01 +0800 +Subject: [PATCH] net-snmp: fix "libtool --finish" + +LIB_LDCONFIG_CMD failed since it is using a host dir $(libdir) +which is /usr/lib64 does not exist on host when compile 64bit +image. + +In fact, configuring dynamic linker run-time bindings is meaningless +at this step, If it is needed, Poky would write ldconfig scripts to +rpm-postinst for each recipe while do_package, in package.bbclass. + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Roy.Li rongqing.li@windriver.com + +--- + Makefile.top | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.top b/Makefile.top +index a962c54..1ba5607 100644 +--- a/Makefile.top ++++ b/Makefile.top +@@ -89,7 +89,7 @@ LIBREVISION = 0 + LIB_LD_CMD = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) @LD_NO_UNDEFINED@ -o + LIB_EXTENSION = la + LIB_VERSION = +-LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir) ++LIB_LDCONFIG_CMD = echo "do not ldconfig\n" + LINK = $(LIBTOOL) --mode=link $(LINKCC) + # RANLIB = @RANLIB@ + RANLIB = : diff --git a/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch new file mode 100644 index 0000000..35e93d6 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch @@ -0,0 +1,44 @@ +From 5ad4eab43c1ea63ff343bba64d576440e8783e75 Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin zhengrq.fnst@fujitsu.com +Date: Wed, 9 Jun 2021 15:47:30 +0900 +Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP + +Upstream-Status: Pending + +Signed-off-by: Marian Florea marian.florea@windriver.com +Signed-off-by: Li Zhou li.zhou@windriver.com +Signed-off-by: Ovidiu Panait ovidiu.panait@windriver.com + +--- + agent/snmpd.c | 1 + + snmplib/snmpv3.c | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/agent/snmpd.c b/agent/snmpd.c +index 90de12d..1ccc4db 100644 +--- a/agent/snmpd.c ++++ b/agent/snmpd.c +@@ -1169,6 +1169,7 @@ snmpd_reconfig(void) + snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n", + netsnmp_get_version()); + update_config(); ++ snmp_store(app_name); + send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3); + #ifdef HAVE_SIGPROCMASK + ret = sigprocmask(SIG_UNBLOCK, &set, NULL); +diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c +index 7b1746b..4a17e0d 100644 +--- a/snmplib/snmpv3.c ++++ b/snmplib/snmpv3.c +@@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg, + /* + * if our engineID has changed at all, the boots record must be set to 1 + */ +- if (engineIDLen != oldEngineIDLength || ++ if (oldEngineIDLength != (size_t)0 && (engineIDLen != oldEngineIDLength || + oldEngineID == NULL || c_engineID == NULL || +- memcmp(oldEngineID, c_engineID, engineIDLen) != 0) { ++ memcmp(oldEngineID, c_engineID, engineIDLen) != 0)) { + engineBoots = 1; + } + diff --git a/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-add-knob-whether-nlist.h-are-checked.patch new file mode 100644 index 0000000..c5a453a --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-add-knob-whether-nlist.h-are-checked.patch @@ -0,0 +1,36 @@ +From ad65b106d3cb3c6e595381be1c45a73c1ef6eb5e Mon Sep 17 00:00:00 2001 +From: Chong Lu Chong.Lu@windriver.com +Date: Thu, 28 May 2020 09:46:34 -0500 +Subject: [PATCH] net-snmp: add knob whether nlist.h are checked + +Previously, it still was checked when there was no nlish.h in sysroots directory. +Add knob to decide whether nlist.h are checked or not. + +Upstream-status: Pending + +Signed-off-by: Chong Lu Chong.Lu@windriver.com + +--- + configure.d/config_os_headers | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers +index b9c8c31..01c3376 100644 +--- a/configure.d/config_os_headers ++++ b/configure.d/config_os_headers +@@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h pthread.h regex.h ] dnl + [sys/timeb.h ]) + + # Library and Agent: ++if test "x$with_elf" != "xno"; then + AC_CHECK_HEADERS([nlist.h],,,[ + AC_INCLUDES_DEFAULT + [ +@@ -44,6 +45,7 @@ AC_INCLUDES_DEFAULT + #define LIBBSD_DISABLE_DEPRECATED 1 + #endif + ]]) ++fi + + # Library: + AC_CHECK_HEADERS([crt_externs.h ] dnl diff --git a/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-fix-for-disable-des.patch b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-fix-for-disable-des.patch new file mode 100644 index 0000000..c382c02 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-fix-for-disable-des.patch @@ -0,0 +1,30 @@ +From b1b9980853b1083f0c8b9f628f8b4c3a484d4f91 Mon Sep 17 00:00:00 2001 +From: Jackie Huang jackie.huang@windriver.com +Date: Thu, 22 Jun 2017 10:25:08 +0800 +Subject: [PATCH] net-snmp: fix for --disable-des + +Include des.h only if it's found in openssl so that +the --disable-des works correctly. + +Upstream-Status: Submitted [net-snmp-coders@lists.sourceforge.net] + +Signed-off-by: Jackie Huang jackie.huang@windriver.com + +--- + snmplib/scapi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/snmplib/scapi.c b/snmplib/scapi.c +index 54fdd5c..0f7e931 100644 +--- a/snmplib/scapi.c ++++ b/snmplib/scapi.c +@@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support); + #include <openssl/hmac.h> + #include <openssl/evp.h> + #include <openssl/rand.h> ++#ifdef HAVE_OPENSSL_DES_H + #include <openssl/des.h> ++#endif + #ifdef HAVE_AES + #include <openssl/aes.h> + #endif diff --git a/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-testing-add-the-output-format-for-ptest.patch b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-testing-add-the-output-format-for-ptest.patch new file mode 100644 index 0000000..09ca532 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/net-snmp-testing-add-the-output-format-for-ptest.patch @@ -0,0 +1,35 @@ +From 36a5656db7ea75dd15f35a6c1728937c6e2b901c Mon Sep 17 00:00:00 2001 +From: Jackie Huang jackie.huang@windriver.com +Date: Wed, 14 Jan 2015 15:10:06 +0800 +Subject: [PATCH] testing: add the output format for ptest + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Jackie Huang jackie.huang@windriver.com + +--- + testing/RUNTESTS | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/testing/RUNTESTS b/testing/RUNTESTS +index 6715831..a2b6fb8 100755 +--- a/testing/RUNTESTS ++++ b/testing/RUNTESTS +@@ -17,13 +17,17 @@ failed_count=0 + rm -f failed_tests + for i in "${srcdir}"/testing/fulltests/default/T*$1*; do + echo "RUNNING $i" ++ test_name=`basename $i` + ${srcdir}/testing/fulltests/support/simple_run $i + if [ $? = 0 ]; then ++ echo "PASS: $test_name" + success_count=`expr $success_count + 1` + else ++ echo "FAIL: $test_name" + failed_count=`expr $failed_count + 1` + echo "$i" >> failed_tests + fi ++ echo + done + + if [ -f failed_tests ]; then diff --git a/recipes-protocols/net-snmp/net-snmp-morello/reproducibility-have-printcap.patch b/recipes-protocols/net-snmp/net-snmp-morello/reproducibility-have-printcap.patch new file mode 100644 index 0000000..c0b51c5 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/reproducibility-have-printcap.patch @@ -0,0 +1,30 @@ +From b923cd38e2503b86aedf66b767fd7f51c9f25645 Mon Sep 17 00:00:00 2001 +From: "douglas.royds" douglas.royds@taitradio.com +Date: Wed, 21 Nov 2018 13:52:18 +1300 +Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for + +Reproducible build: Don't check for /etc/printcap on the build machine when +cross-compiling. Use AC_CHECK_FILE to set the cached variable +ac_cv_file__etc_printcap instead. When cross-compiling, this variable should be +set in the environment to "yes" or "no" as appropriate for the target platform. + +--- + configure.d/config_os_misc4 | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4 +index b6864d9..07ca922 100644 +--- a/configure.d/config_os_misc4 ++++ b/configure.d/config_os_misc4 +@@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then + [Path to the lpstat command]) + AC_DEFINE(HAVE_LPSTAT, 1, [Set if the lpstat command is available]) + fi +-if test -r /etc/printcap; then ++AC_CHECK_FILE([/etc/printcap], + AC_DEFINE(HAVE_PRINTCAP, 1, [Set if /etc/printcap exists]) +-fi ++) + + + # Check ps args diff --git a/recipes-protocols/net-snmp/net-snmp-morello/run-ptest b/recipes-protocols/net-snmp/net-snmp-morello/run-ptest new file mode 100755 index 0000000..76514c2 --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/run-ptest @@ -0,0 +1,5 @@ +#!/bin/sh + +workdir=$(dirname `realpath $0`) +cd ${workdir}/testing +./RUNTESTS diff --git a/recipes-protocols/net-snmp/net-snmp-morello/snmpd.service b/recipes-protocols/net-snmp/net-snmp-morello/snmpd.service new file mode 100644 index 0000000..79f67bd --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/snmpd.service @@ -0,0 +1,14 @@ +[Unit] +Description=Simple Network Management Protocol (SNMP) Daemon. +After=syslog.target network.target + +[Service] +Type=notify +Environment=PURECAP_DIR=%PURECAP_DIR% +Environment=OPTIONS="-Ls0-6d" +EnvironmentFile=-/etc/default/snmpd +ExecStart=${PURECAP_DIR}/usr/sbin/snmpd $OPTIONS -a -f +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/recipes-protocols/net-snmp/net-snmp-morello/snmptrapd.service b/recipes-protocols/net-snmp/net-snmp-morello/snmptrapd.service new file mode 100644 index 0000000..4daf94d --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello/snmptrapd.service @@ -0,0 +1,14 @@ +[Unit] +Description=Simple Network Management Protocol (SNMP) Trap Daemon. +After=syslog.target network.target + +[Service] +Type=notify +Environment=PURECAP_DIR=%PURECAP_DIR% +Environment=OPTIONS="-Lsd" +EnvironmentFile=-/etc/default/snmptrapd +ExecStart=${PURECAP_DIR}/usr/sbin/snmptrapd $OPTIONS -f +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/recipes-protocols/net-snmp/net-snmp-morello_5.9.3.bb b/recipes-protocols/net-snmp/net-snmp-morello_5.9.3.bb new file mode 100644 index 0000000..3f661fe --- /dev/null +++ b/recipes-protocols/net-snmp/net-snmp-morello_5.9.3.bb @@ -0,0 +1,322 @@ +inherit autotools-brokensep update-rc.d siteinfo systemd pkgconfig perlnative ptest purecap-sysroot + +MORELLO_SRC = "meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb" + +SUMMARY = "Various tools relating to the Simple Network Management Protocol" +HOMEPAGE = "http://www.net-snmp.org/" +SECTION = "net" +LICENSE = "BSD-3-Clause & MIT" + +LIC_FILES_CHKSUM = "file://COPYING;md5=9d100a395a38584f2ec18a8275261687" + +TOOLCHAIN = "${MORELLO_TOOLCHAIN}" +FILESEXTRAPATHS:prepend := "${THISDIR}/cheri-patches:" + +DEPENDS += "openssl-morello" +DEPENDS:append:class-target = " pciutils" + +SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ + file://init \ + file://snmpd.conf \ + file://snmptrapd.conf \ + file://snmpd.service \ + file://snmptrapd.service \ + file://net-snmp-add-knob-whether-nlist.h-are-checked.patch \ + file://fix-libtool-finish.patch \ + file://net-snmp-testing-add-the-output-format-for-ptest.patch \ + file://run-ptest \ + file://0001-config_os_headers-Error-Fix.patch \ + file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \ + file://0001-get_pid_from_inode-Include-limit.h.patch \ + file://0004-configure-fix-incorrect-variable.patch \ + file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \ + file://net-snmp-fix-for-disable-des.patch \ + file://reproducibility-have-printcap.patch \ + file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + file://CVE-2022-44792-CVE-2022-44793.patch \ + " + +SRC_URI += "\ + file://0001-tools-fix-cheri-provenance.patch \ + file://0002-udp_endpoint_linux-fix-cheri-provenance.patch \ + " + +SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" + +S = "${WORKDIR}/net-snmp-${PV}" + +BPPNNETSNMP = "net-snmp" + +SNMP_INSTALL_DIR = "snmp" + +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/" +UPSTREAM_CHECK_REGEX = "/net-snmp/(?P<pver>\d+(.\d+)+)/" + +EXTRA_OEMAKE = "OTHERLDFLAGS='${LDFLAGS}' HOST_CPPFLAGS='${BUILD_CPPFLAGS}'" + +PARALLEL_MAKE = "" +CCACHE = "" +CLEANBROKEN = "1" + +TARGET_CC_ARCH += "${LDFLAGS}" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} des smux" +PACKAGECONFIG[des] = "--enable-des, --disable-des" +# PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils" +PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" +# PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl" +PACKAGECONFIG[smux] = "" +PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd" + +EXTRA_OECONF = " \ + --enable-shared \ + --disable-manuals \ + --with-defaults \ + --with-install-prefix=${prefix} \ + --with-persistent-directory=${localstatedir}/lib/net-snmp \ + --with-endianness=${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', 'little', 'big', d)} \ + --with-mib-modules='${MIB_MODULES}' \ + --disable-embedded-perl \ + --with-perl-modules=no \ +" + +MIB_MODULES = "" +MIB_MODULES:append = " ${@bb.utils.filter('PACKAGECONFIG', 'smux', d)}" + +CACHED_CONFIGUREVARS = " \ + ac_cv_header_valgrind_valgrind_h=no \ + ac_cv_header_valgrind_memcheck_h=no \ + ac_cv_ETC_MNTTAB=/etc/mtab \ + lt_cv_shlibpath_overrides_runpath=yes \ + ac_cv_path_UNAMEPROG=${base_bindir}/uname \ + ac_cv_path_PSPROG=${base_bindir}/ps \ + ac_cv_file__etc_printcap=no \ + NETSNMP_CONFIGURE_OPTIONS= \ +" + +PERLPROG = "/usr/bin/env perl" + +PERLPROG:class-native = "${bindir_native}/env perl" +PERLPROG:append = "${@bb.utils.contains('PACKAGECONFIG', 'perl', ' -I${WORKDIR}', '', d)}" +export PERLPROG + +HAS_PERL = "0" + +PTEST_BUILD_HOST_FILES += "net-snmp-config gen-variables" + +do_configure:prepend() { + sed -i -e "s|I/usr/include|I${STAGING_DIR_TARGET}${includedir}|g" \ + "${S}"/configure \ + "${S}"/configure.d/config_os_libs2 + if [ "${HAS_PERL}" = "1" ]; then + # this may need to be changed when package perl has any change. + cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/Config.pm ${WORKDIR}/ + cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/*/Config_heavy.pl ${WORKDIR}/ + sed -e "s@libpth => '/usr/lib.*@libpth => '${STAGING_DIR_TARGET}/${libdir} ${STAGING_DIR_TARGET}/${base_libdir}',@g" \ + -e "s@privlibexp => '/usr@privlibexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@scriptdir => '/usr@scriptdir => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@sitearchexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@sitelibexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@vendorarchexp => '/usr@vendorarchexp => '${STAGING_DIR_TARGET}/usr@g" \ + -e "s@vendorlibexp => '/usr@vendorlibexp => '${STAGING_DIR_TARGET}/usr@g" \ + -i ${WORKDIR}/Config.pm + fi + +} + +do_configure:append() { + sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=${STAGING_DIR_TARGET}${includedir}@g" \ + -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L${STAGING_DIR_TARGET}${libdir}@g" \ + -e "s@^NSC_LDFLAGS="-L.* @NSC_LDFLAGS="-L${STAGING_DIR_TARGET}${libdir} @g" \ + -i ${B}/net-snmp-config +} + +do_install:append() { + install -d ${D}${sysconfdir}/${SNMP_INSTALL_DIR} + install -d ${D}${sysconfdir}/init.d + + install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/snmpd + install -m 644 ${WORKDIR}/snmpd.conf ${D}${sysconfdir}/${SNMP_INSTALL_DIR}/ + install -m 644 ${WORKDIR}/snmptrapd.conf ${D}${sysconfdir}/${SNMP_INSTALL_DIR}/ + + install -d ${D}${systemd_unitdir}/system + + install -m 0644 ${WORKDIR}/snmpd.service ${D}${systemd_unitdir}/system/snmpd.service + install -m 0644 ${WORKDIR}/snmptrapd.service ${D}${systemd_unitdir}/system/snmptrapd.service + + sed -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g" \ + -i ${D}${bindir}/net-snmp-create-v3-user + sed -e 's@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g' \ + -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*--sysroot=[^ "]*@@g' \ + -e 's@[^ ]*--with-libtool-sysroot=[^ "]*@@g' \ + -e 's@[^ ]*--with-install-prefix=[^ "]*@@g' \ + -e 's@[^ ]*PKG_CONFIG_PATH=[^ "]*@@g' \ + -e 's@[^ ]*PKG_CONFIG_LIBDIR=[^ "]*@@g' \ + -i ${D}${bindir}/net-snmp-config + + sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -i ${D}${libdir}/pkgconfig/netsnmp*.pc + + sed -e "s:%PURECAP_DIR%:${base_prefix}:g" -i ${D}${sysconfdir}/init.d/snmpd + sed -e "s:%PURECAP_DIR%:${base_prefix}:g" -i ${D}${systemd_unitdir}/system/snmpd.service + sed -e "s:%PURECAP_DIR%:${base_prefix}:g" -i ${D}${systemd_unitdir}/system/snmptrapd.service + + # ${STAGING_DIR_HOST} is empty for native builds, and the sed command below + # will result in errors if run for native. + if [ "${STAGING_DIR_HOST}" ]; then + sed -e 's@${STAGING_DIR_HOST}@@g' \ + -i ${D}${bindir}/net-snmp-config ${D}${libdir}/pkgconfig/netsnmp*.pc + fi + + sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=${base_prefix}${includedir}@g" \ + -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L${base_prefix}${libdir}@g" \ + -e "s@^NSC_LDFLAGS="-L.* @NSC_LDFLAGS="-L${base_prefix}${libdir} @g" \ + -i ${D}${bindir}/net-snmp-config + + # oe_multilib_header net-snmp/net-snmp-config.h + + if [ "${HAS_PERL}" = "1" ]; then + find ${D}${libdir}/ -type f -name "perllocal.pod" | xargs rm -f + fi +} + +do_install:append() { + ${OBJDUMP} -D ${D}${libdir}/libnetsnmp.so > ${D}${PURECAP_DEBUGDIR}/libnetsnmp.so.dump + ${READELF} -a ${D}${libdir}/libnetsnmp.so > ${D}${PURECAP_DEBUGDIR}/libnetsnmp.so.readelf +} + +PTEST_PATH = "${libdir}/netsnmp/ptest" + +do_install_ptest() { + install -d ${D}${PTEST_PATH} + for i in ${S}/dist ${S}/include ${B}/include ${S}/mibs ${S}/configure \ + ${B}/net-snmp-config ${S}/testing; do + if [ -e "$i" ]; then + cp -R --no-dereference --preserve=mode,links -v "$i" ${D}${PTEST_PATH} + fi + done + echo `autoconf -V|awk '/autoconf/{print $NF}'` > ${D}${PTEST_PATH}/dist/autoconf-version + + rmdlist="${D}${PTEST_PATH}/dist/net-snmp-solaris-build" + for i in $rmdlist; do + if [ -d "$i" ]; then + rm -rf "$i" + fi + done +} + +SYSROOT_PREPROCESS_FUNCS += "net_snmp_sysroot_preprocess" +SNMP_DBGDIR = "${PURECAP_SYSROOT_DIR}/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}" + +net_snmp_sysroot_preprocess () { + if [ -e ${D}${bindir}/net-snmp-config ]; then + install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + install -m 755 ${D}${bindir}/net-snmp-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/ + sed -e "s@-I/usr/include@-I${STAGING_INCDIR}@g" \ + -e "s@^prefix=.*@prefix=${STAGING_DIR_HOST}${prefix}@g" \ + -e "s@^exec_prefix=.*@exec_prefix=${STAGING_EXECPREFIXDIR}@g" \ + -e "s@^includedir=.*@includedir=${STAGING_INCDIR}@g" \ + -e "s@^libdir=.*@libdir=${STAGING_LIBDIR}@g" \ + -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=${S}@g" \ + -e "s@-ffile-prefix-map=${SNMP_DBGDIR}@-ffile-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \ + -e "s@-fdebug-prefix-map=${SNMP_DBGDIR}@-fdebug-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \ + -e "s@-fdebug-prefix-map= -fdebug-prefix-map=@-fdebug-prefix-map=${STAGING_DIR_NATIVE}= \ + -fdebug-prefix-map=${STAGING_DIR_HOST}=@g" \ + -e "s@--sysroot=@--sysroot=${STAGING_DIR_HOST}@g" \ + -e "s@--with-libtool-sysroot=@--with-libtool-sysroot=${STAGING_DIR_HOST}@g" \ + -e "s@--with-install-prefix=@--with-install-prefix=${D}@g" \ + -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/net-snmp-config + fi +} + +PACKAGES += "${PN}-libs ${PN}-mibs ${PN}-server ${PN}-client \ + ${PN}-server-snmpd ${PN}-server-snmptrapd \ + ${PN}-lib-netsnmp ${PN}-lib-agent ${PN}-lib-helpers \ + ${PN}-lib-mibs ${PN}-lib-trapd" + +# perl module +PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'perl', '${PN}-perl-modules', '', d)}" + +ALLOW_EMPTY:${PN} = "1" +ALLOW_EMPTY:${PN}-server = "1" +ALLOW_EMPTY:${PN}-libs = "1" + +FILES:${PN}-perl-modules = "${libdir}/perl?/*" +RDEPENDS:${PN}-perl-modules = "perl" + +FILES:${PN}-libs = "" +FILES:${PN}-mibs = "${datadir}/snmp/mibs" +FILES:${PN}-server-snmpd = "${sbindir}/snmpd \ + ${sysconfdir}/${SNMP_INSTALL_DIR}/snmpd.conf \ + ${sysconfdir}/init.d \ + ${systemd_unitdir}/system/snmpd.service \ +" + +FILES:${PN}-server-snmptrapd = "${sbindir}/snmptrapd \ + ${sysconfdir}/${SNMP_INSTALL_DIR}/snmptrapd.conf \ + ${systemd_unitdir}/system/snmptrapd.service \ +" + +FILES:${PN}-lib-netsnmp = "${libdir}/libnetsnmp${SOLIBS}" +FILES:${PN}-lib-agent = "${libdir}/libnetsnmpagent${SOLIBS}" +FILES:${PN}-lib-helpers = "${libdir}/libnetsnmphelpers${SOLIBS}" +FILES:${PN}-lib-mibs = "${libdir}/libnetsnmpmibs${SOLIBS}" +FILES:${PN}-lib-trapd = "${libdir}/libnetsnmptrapd${SOLIBS}" + +FILES:${PN} = "${includedir} ${libdir}" +FILES:${PN}-client = "${bindir}/* ${datadir}/snmp/" +FILES:${PN}-dbg += "${libdir}/.debug/ ${sbindir}/.debug/ ${bindir}/.debug/" +FILES:${PN}-dev += "${bindir}/mib2c \ + ${bindir}/mib2c-update \ + ${bindir}/net-snmp-config \ + ${bindir}/net-snmp-create-v3-user \ +" + +CONFFILES:${PN}-server-snmpd = "${sysconfdir}/${SNMP_INSTALL_DIR}/snmpd.conf" +CONFFILES:${PN}-server-snmptrapd = "${sysconfdir}/${SNMP_INSTALL_DIR}/snmptrapd.conf" + +INITSCRIPT_PACKAGES = "${PN}-server-snmpd" +INITSCRIPT_NAME:${PN}-server-snmpd = "snmpd" +INITSCRIPT_PARAMS:${PN}-server-snmpd = "start 90 2 3 4 5 . stop 60 0 1 6 ." + +SYSTEMD_PACKAGES = "${PN}-server-snmpd \ + ${PN}-server-snmptrapd" + +SYSTEMD_SERVICE:${PN}-server-snmpd = "snmpd.service" +SYSTEMD_SERVICE:${PN}-server-snmptrapd = "snmptrapd.service" + +# RDEPENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'net-snmp-perl-modules', '', d)}" +# RDEPENDS:${PN} += "${PN}-client" +# RDEPENDS:${PN}-server-snmpd += "${PN}-mibs" +# RDEPENDS:${PN}-server-snmptrapd += "${PN}-server-snmpd ${PN}-lib-trapd" +# RDEPENDS:${PN}-server += "${PN}-server-snmpd ${PN}-server-snmptrapd" +# RDEPENDS:${PN}-client += "${PN}-mibs ${PN}-libs" +# RDEPENDS:${PN}-libs += "libpci \ +# ${PN}-lib-netsnmp \ +# ${PN}-lib-agent \ +# ${PN}-lib-helpers \ +# ${PN}-lib-mibs \ +# " + +RRECOMMENDS:${PN}-dbg = "${PN}-client (= ${EXTENDPKGV}) ${PN}-server (= ${EXTENDPKGV})" + +RPROVIDES:${PN}-server-snmpd += "net-snmp-server-snmpd-systemd" +RREPLACES:${PN}-server-snmpd += "net-snmp-server-snmpd-systemd" +RCONFLICTS:${PN}-server-snmpd += "net-snmp-server-snmpd-systemd" + +RPROVIDES:${PN}-server-snmptrapd += "net-snmp-server-snmptrapd-systemd" +RREPLACES:${PN}-server-snmptrapd += "net-snmp-server-snmptrapd-systemd" +RCONFLICTS:${PN}-server-snmptrapd += "net-snmp-server-snmptrapd-systemd" + +LEAD_SONAME = "libnetsnmp.so" + +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/net-snmp-config" + +SYSTEMD_AUTO_ENABLE:${PN} = "enable" + +SYSROOT_DIRS += "${bindir}" \ No newline at end of file