From 74fe2ea5157aadf3e5358e530a7ff378ea6a28ee Mon Sep 17 00:00:00 2001
From: Stuart D. Gathman <stuart@gathman.org>
Date: Aug 10 2016 22:41:56 +0000
Subject: Merge branch 'master' into f23


---

diff --git a/cjdns.sbin.patch b/cjdns.sbin.patch
index fecb18c..21ed3dd 100644
--- a/cjdns.sbin.patch
+++ b/cjdns.sbin.patch
@@ -1,6 +1,6 @@
 diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.sh
---- ./contrib/systemd/cjdns-online.sh.sbin	2016-06-23 22:49:23.703114380 -0400
-+++ ./contrib/systemd/cjdns-online.sh	2016-06-23 22:51:50.666731442 -0400
+--- ./contrib/systemd/cjdns-online.sh.sbin	2016-08-05 17:32:04.937119714 -0400
++++ ./contrib/systemd/cjdns-online.sh	2016-08-05 17:32:04.937119714 -0400
 @@ -0,0 +1,90 @@
 +#!/bin/sh
 +#   Check whether cjdns IPs are available
@@ -94,9 +94,12 @@ diff -up ./contrib/systemd/cjdns-online.sh.sbin ./contrib/systemd/cjdns-online.s
 +fi
 diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
 --- ./contrib/systemd/cjdns.service.sbin	2016-06-14 17:58:54.000000000 -0400
-+++ ./contrib/systemd/cjdns.service	2016-06-23 22:49:23.703114380 -0400
-@@ -9,10 +9,11 @@ ProtectSystem=true
++++ ./contrib/systemd/cjdns.service	2016-08-05 17:33:09.595862599 -0400
+@@ -7,12 +7,14 @@ After=network.target
+ ProtectHome=true
+ ProtectSystem=true
  SyslogIdentifier=cjdroute
++CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_AUDIT_CONTROL
  ExecStartPre=/bin/sh -ec "if ! test -s /etc/cjdroute.conf; \
                  then umask 077; \
 -                /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \
@@ -111,8 +114,8 @@ diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
  
  [Install]
 diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdns-wait-online.service
---- ./contrib/systemd/cjdns-wait-online.service.sbin	2016-06-23 22:49:23.703114380 -0400
-+++ ./contrib/systemd/cjdns-wait-online.service	2016-06-23 22:49:23.703114380 -0400
+--- ./contrib/systemd/cjdns-wait-online.service.sbin	2016-08-05 17:32:04.937119714 -0400
++++ ./contrib/systemd/cjdns-wait-online.service	2016-08-05 17:32:04.937119714 -0400
 @@ -0,0 +1,13 @@
 +[Unit]
 +Description=CJDNS Wait Online
@@ -129,7 +132,7 @@ diff -up ./contrib/systemd/cjdns-wait-online.service.sbin ./contrib/systemd/cjdn
 +WantedBy=multi-user.target
 diff -up ./contrib/upstart/cjdns.conf.sbin ./contrib/upstart/cjdns.conf
 --- ./contrib/upstart/cjdns.conf.sbin	2016-06-14 17:58:54.000000000 -0400
-+++ ./contrib/upstart/cjdns.conf	2016-06-23 22:49:23.703114380 -0400
++++ ./contrib/upstart/cjdns.conf	2016-08-05 17:32:04.938119725 -0400
 @@ -13,10 +13,16 @@ pre-start script
      if ! [ -s /etc/cjdroute.conf ]; then
          ( # start a subshell to avoid side effects of umask later on
diff --git a/cjdns.spec b/cjdns.spec
index 168f04a..ca7073a 100644
--- a/cjdns.spec
+++ b/cjdns.spec
@@ -5,6 +5,8 @@
 %global use_embedded 0
 # Use libsodium instead of nacl (f22,f23)
 %global use_libsodium 1
+# Option to disable SECCOMP: confusing backward logic
+%bcond_without seccomp
 
 %if 0%{use_libsodium}
 %global nacl_name libsodium
@@ -39,7 +41,7 @@
 Name:           cjdns
 # major version is cjdns protocol version:
 Version:        17.4
-Release:        4%{?dist}
+Release:        6%{?dist}
 Summary:        The privacy-friendly network without borders
 Group:          System Environment/Base
 # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC
@@ -221,7 +223,12 @@ cd contrib/selinux
 ln -s /usr/share/selinux/devel/Makefile .
 make 
 cd -
+
 # nodejs based build system
+
+%if !%{with seccomp}
+export Seccomp_NO=1
+%endif
 CJDNS_RELEASE_VERSION="%{name}-%{version}-%{release}" ./do
 
 # FIXME: use system libuv on compatible systems
@@ -467,6 +474,12 @@ fi
 %{_bindir}/graphStats
 
 %changelog
+* Wed Aug 10 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-6
+- Fix logic for %%bcond_without seccomp
+
+* Wed Aug 10 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-5
+- cjdns.service: add CapabilityBoundingSet
+
 * Fri Jun 24 2016 Stuart D. Gathman <stuart@gathman.org> 17.4-4
 - cjdns-selinux: allow cjdroute to manipulate route table