Bug 1028206 - Review Request: tayga - nat64 implementation for linux
Summary: Review Request: tayga - nat64 implementation for linux
Keywords:
Status: CLOSED DUPLICATE of bug 1263941
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-07 21:59 UTC by William Brown
Modified: 2015-09-17 06:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-17 06:47:28 UTC


Attachments (Terms of Use)

Description William Brown 2013-11-07 21:59:26 UTC
Spec URL: http://firstyear.id.au/media/tayga.spec
SRPM URL: http://firstyear.id.au/media/tayga-0.9.2-1.fc19.src.rpm
Description: Tayga is a NAT64 implementation for linux in userland. With the support of a DNS64 server (Such as bind) it allows the translation of ipv4 addresses into an ipv6 prefix. This allows a network to be ipv6 only, which still maintaining contact with the ipv4 internet.
Fedora Account System Username: firstyear

Comment 1 Michael S. 2014-01-06 22:27:11 UTC
Wouldn't it be better to have the selinux policy sent to selinux-policy package ?

I will take a look at the package, as the topic interest me.

Comment 2 Michael S. 2014-01-06 22:39:41 UTC
Ok, so looking at the policy, it is just the label of the tayga binary, and the ifup/ifdown stuff are highly depend on the state of initscript, so i think the binary should be separated from theses two part.

I think it would maybe be better to have it integrated with systemd somehow.

Comment 3 William Brown 2014-03-25 02:42:13 UTC
Sorry about the delay getting back to you.

Initially, the policy should be in this package, and once it's "stable" I'll send to to selinux-policy.

What do you mean separate the binary from ifup/ifdown? 

How do you suggest to integrate with systemd? I'm not sure that it supports network interfaces ... unless you mean to suggest that we run nat64 as a service over a network interface? (Given this doesn't create an interface with an IP that is certainly an option to make services such as tayga@.service).

Comment 4 Christopher Meng 2014-03-25 11:17:05 UTC
(In reply to William Brown from comment #3)
> Sorry about the delay getting back to you.
> 
> Initially, the policy should be in this package, and once it's "stable" I'll
> send to to selinux-policy.

You should open a new bug under selinux-policy and tell the maintainer that a new package will need some works.

If they deny to adopt, then it's time ship it in this package.
 
> How do you suggest to integrate with systemd? I'm not sure that it supports
> network interfaces ... unless you mean to suggest that we run nat64 as a
> service over a network interface? (Given this doesn't create an interface
> with an IP that is certainly an option to make services such as
> tayga@.service).

It should support it well.

%{_mandir}/man5/%{name}.conf.5.gz
%{_mandir}/man8/%{name}.8.gz

-->

%{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man8/%{name}.8*

Remove %defattr(-,root,root,0755)

Comment 5 William Brown 2014-03-27 00:42:43 UTC
I will take into account all these suggestions. Thinking about it, openvpn does something similar with @.service, so I will rewrite my scripts for this and will resubmit for review soon.

Comment 6 William Brown 2014-04-03 00:52:35 UTC
Rewritten, rewrote selinux policy and tested on my system. 

Both URLs have been updated.

Please review. I will have the SELinux policy reviewed on the SELinux mailing list.

Comment 8 William Brown 2014-04-07 01:10:21 UTC
Updated with reviewed SELinux policy.

Comment 9 Ingvar Hagelund 2015-09-08 08:34:42 UTC
Is this review request for tayga dead? William, are you still willing to wrap tayga? If not, I could have a look at it.

br,

Ingvar

Comment 10 William Brown 2015-09-16 04:28:30 UTC
I'm not interested in this any more. You may take it over, and I'm happy to advise however via email.

Comment 11 Ingvar Hagelund 2015-09-16 14:06:27 UTC
New src.rpm here: http://users.linpro.no/ingvar/tayga/tayga-0.9.2-1.fc22.src.rpm
Spec here: http://users.linpro.no/ingvar/tayga/tayga.spec

I wrote this from scratch, so it resembles William's package only by coincidence :-)

It seems like the selinux policy is now included upstream, so while making this package, I skipped selinux. I also skipped the automatic adding of network stuff. The binary itself sets up its own interface. Adding skeleton config for routing seems over-engineering to me.

Ingvar

Comment 12 Christopher Meng 2015-09-16 15:51:28 UTC
Please open a new bug and mark this one as DUPLICATE. Do not reuse existing bug.

Comment 13 Ingvar Hagelund 2015-09-17 06:47:28 UTC
Opening a new request #1263941, and closing this as duplicate.

*** This bug has been marked as a duplicate of bug 1263941 ***


Note You need to log in before you can comment on or make changes to this bug.