pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/dirmngr Update to release 0.90.
details: https://anonhg.NetBSD.org/pkgsrc/rev/9d99af90d4e5
branches: trunk
changeset: 486857:9d99af90d4e5
user: shannonjr <shannonjr%pkgsrc.org@localhost>
date: Tue Jan 04 13:40:38 2005 +0000
description:
Update to release 0.90.
Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internaly by gpgsm
(from gnupg 1.9) or when running as a system daemon through the
dirmngr-client tool.
Whats new in this release
=========================
* New option --daemon to start dirmngr as a system daemon. This
switches to the use of different directories and also does
CRL signing certificate validation on its own.
* New tool dirmngr-client.
* New options: --ldap-wrapper-program, --http-wrapper-program,
--disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
--ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
--ignore-http-dp.
* Uses an external ldap wrapper to cope with timeouts and general
LDAP problems.
* SIGHUP may be used to reread the configuration and to flush the
certificate cache.
* An authorithyKeyIdentifier in a CRL is now handled correctly.
diffstat:
security/dirmngr/Makefile | 41 +++++++-
security/dirmngr/PLIST | 9 +-
security/dirmngr/distinfo | 10 +-
security/dirmngr/files/dirmngr | 72 +++++++++++++++
security/dirmngr/files/runDirmngr.c | 172 ++++++++++++++++++++++++++++++++++++
security/dirmngr/patches/patch-aa | 44 +++------
security/dirmngr/patches/patch-ab | 14 --
security/dirmngr/patches/patch-ac | 13 --
8 files changed, 309 insertions(+), 66 deletions(-)
diffs (truncated from 433 to 300 lines):
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/Makefile
--- a/security/dirmngr/Makefile Tue Jan 04 13:38:50 2005 +0000
+++ b/security/dirmngr/Makefile Tue Jan 04 13:40:38 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2004/11/05 22:12:17 jmmv Exp $
+# $NetBSD: Makefile,v 1.4 2005/01/04 13:40:38 shannonjr Exp $
#
-DISTNAME= dirmngr-0.5.6
-PKGREVISION= 2
+DISTNAME= dirmngr-0.9.0
+#PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/
@@ -10,15 +10,50 @@
HOMEPAGE= http://www.gnupg.org/aegypten2
COMMENT= X509 certificate and CRL downloader
+DIRMNGR_USER?= dirmngr
+DIRMNGR_GROUP?= dirmngr
+PKG_GROUPS= ${DIRMNGR_GROUP}
+PKG_USERS= ${DIRMNGR_USER}:${DIRMNGR_GROUP}::pseudo\\ user:${VARBASE}/dirmngr:
+
GNU_CONFIGURE= yes
USE_BUILDLINK3= yes
USE_GNU_TOOLS+= awk
+USE_PKGINSTALL= yes
USE_PKGLOCALEDIR= yes
+CONFIGURE_ARGS+= --localstatedir="${VARBASE}"
+CONFIGURE_ARGS+= --sharedstatedir="${VARBASE}"
CONFIGURE_ENV+= BUILDLINK_PREFIX_openldap=${BUILDLINK_PREFIX.openldap}
+SUBST_FILES+= VARBASE=${VARBASE}
+SUBST_FILES+= PREFIX=${PREFIX}
+SUBST_FILES+= SYSCONFDIR=${SYSCONFDIR}
+SUBST_FILES+= DIRMNGR_USER=${DIRMNGR_USER}
+SUBST_FILES+= DIRMNGR_PATH=${DIRMNGR_PATH}
+
+pre-build:
+ ${CP} ${FILESDIR}/runDirmngr.c ${WRKDIR}/runDirmngr.c
+
+post-build:
+ cd ${WRKDIR} && \
+ ${SETENV} ${BUILDENV} ${CC} ${CFLAGS} -DDIRMNGR_USER='"${DIRMNGR_USER}"' -DDIRMNGR_PATH='"${PREFIX}/bin/dirmngr"' -o runDirmngr runDirmngr.c
+
+pre-install:
+ ${INSTALL_DATA_DIR} ${VARBASE}/dirmngr/cache
+ ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr
+ ${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/dirmngr/trusted-certs
+ ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr/extra-certs
+ ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${VARBASE}/dirmngr
+ ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${PREFIX}/libdata/dirmngr
+
+post-install:
+ @${SED} ${FILES_SUBST_SED} ${FILESDIR}/dirmngr > ${WRKDIR}/dirmngr
+ ${INSTALL_SCRIPT} ${WRKDIR}/dirmngr ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/dirmngr
+ ${INSTALL_PROGRAM} ${WRKDIR}/runDirmngr ${PREFIX}/sbin
+
INFO_FILES= dirmngr.info
+.include "../../devel/pth/buildlink3.mk"
.include "../../converters/libiconv/buildlink3.mk"
.include "../../databases/openldap/buildlink3.mk"
.include "../../devel/gettext-lib/buildlink3.mk"
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/PLIST
--- a/security/dirmngr/PLIST Tue Jan 04 13:38:50 2005 +0000
+++ b/security/dirmngr/PLIST Tue Jan 04 13:40:38 2005 +0000
@@ -1,3 +1,10 @@
-@comment $NetBSD: PLIST,v 1.2 2004/11/05 22:12:17 jmmv Exp $
+@comment $NetBSD: PLIST,v 1.3 2005/01/04 13:40:38 shannonjr Exp $
bin/dirmngr
+bin/dirmngr-client
+libexec/dirmngr_ldap
+sbin/runDirmngr
+share/examples/rc.d/dirmngr
${PKGLOCALEDIR}/locale/de/LC_MESSAGES/dirmngr.mo
+@exec ${MKDIR} %D/libdata/dirmngr/extra-certs
+@dirrm libdata/dirmngr/extra-certs
+@dirrm libdata/dirmngr
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/distinfo
--- a/security/dirmngr/distinfo Tue Jan 04 13:38:50 2005 +0000
+++ b/security/dirmngr/distinfo Tue Jan 04 13:40:38 2005 +0000
@@ -1,7 +1,5 @@
-$NetBSD: distinfo,v 1.3 2004/11/05 22:12:17 jmmv Exp $
+$NetBSD: distinfo,v 1.4 2005/01/04 13:40:38 shannonjr Exp $
-SHA1 (dirmngr-0.5.6.tar.gz) = 584ee44d60b9385fcf0d0afa08f801fd05eba968
-Size (dirmngr-0.5.6.tar.gz) = 516196 bytes
-SHA1 (patch-aa) = 02dd8cf8224650a61d07b8353761fe51a70f5d47
-SHA1 (patch-ab) = 84b9266877b312aed33bd99fb1e509c92a73045b
-SHA1 (patch-ac) = ce9fd0eb7c095ff1494a00dd7606a039bb83928f
+SHA1 (dirmngr-0.9.0.tar.gz) = 46dc0704abb5320465c9176d0dcc5eeafc0880fe
+Size (dirmngr-0.9.0.tar.gz) = 568366 bytes
+SHA1 (patch-aa) = f3b4c18afa24ba7838876e46c0084502c7656f4b
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/files/dirmngr
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dirmngr/files/dirmngr Tue Jan 04 13:40:38 2005 +0000
@@ -0,0 +1,72 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: dirmngr,v 1.1 2005/01/04 13:40:38 shannonjr Exp $
+#
+# PROVIDE: dirmngr
+# REQUIRE: DAEMON
+#
+
+if [ -f @PKG_SYSCONFDIR@/rc.subr ]; then
+ . @PKG_SYSCONFDIR@/rc.subr
+fi
+
+name="dirmngr"
+rcvar="${name}"
+dirmngr_user="dirmngr"
+dirmngr_group="dirmngr"
+dirmngr_flags="--daemon"
+dirmngr_command="@PREFIX@/sbin/runDirmngr"
+start_precmd="dirmngr_precmd"
+start_cmd="dirmngr_start"
+start_postcmd="dirmngr_postcmd"
+stop_cmd="dirmngr_stop"
+required_dirs="@PKG_SYSCONFDIR@/dirmngr"
+required_files="@PKG_SYSCONFDIR@/dirmngr/ldapservers.conf"
+
+dirmngr_precmd()
+{
+ mkdir -p @VARBASE@/run/dirmngr
+ chgrp dirmngr @VARBASE@/run/dirmngr
+ chmod 775 @VARBASE@/run/dirmngr
+ mkdir -p /tmp/dirmngr
+ chgrp dirmngr /tmp/dirmngr
+ chmod 755 /tmp/dirmngr
+}
+
+dirmngr_start()
+{
+ for _f in $required_dirs; do
+ if [ ! -d "${_f}/." ]; then
+ warn "${_f} is not a directory."
+ if [ -z $rc_force ]; then
+ return 1
+ fi
+ fi
+ done
+ for _f in $required_files; do
+ if [ ! -r "${_f}" ]; then
+ warn "${_f} is not readable."
+ if [ -z $rc_force ]; then
+ return 1
+ fi
+ fi
+ done
+ eval `${dirmngr_command} ${rc_flags}`
+}
+
+dirmngr_postcmd()
+{
+ echo ${DIRMNGR_INFO} >/tmp/dirmngr/dirmngr.info
+ chmod 644 /tmp/dirmngr/dirmngr.info
+ dirmngr_pid=`cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info`
+}
+
+dirmngr_stop()
+{
+ if [ -f /tmp/dirmngr/dirmngr.info ] ; then
+ kill `cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info`
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/files/runDirmngr.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dirmngr/files/runDirmngr.c Tue Jan 04 13:40:38 2005 +0000
@@ -0,0 +1,172 @@
+/*
+ Spawns dirmngr with UID and GID with a specific UID and GID.
+ The path for dirmngr is specified by the compiled-in definition
+ DIRMNGR_USER, normally passed as a compiler argument:
+
+ `-D DIRMNGR_USER=DEFINITION'
+
+ The UID and GID are the uid and gid for user DIRMNGR_USER.
+ DIRMNGR_USER is normally defined through a compiler argument
+ also.
+*/
+
+
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <syslog.h>
+
+#define MAX_ARGS 40
+#ifndef TRUE
+#define TRUE 1
+#endif /* TRUE */
+
+#ifndef FALSE
+#define FALSE 0
+#endif /* FALSE */
+
+
+void error_sys(char *str)
+
+{
+ /* Output error message to syslog */
+ char msg[1024];
+ snprintf(msg, sizeof(msg), "runDirmngr : %s : %s", str, strerror(errno));
+ syslog(LOG_ALERT, msg);
+
+}
+
+
+int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
+{
+ /* Obtain UID and GID from passwd entry identified by name */
+ struct passwd *pw_entry;
+ char msg[100];
+
+ if ((pw_entry = getpwnam(name)) == NULL)
+ {
+ snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
+ error_sys(msg);
+ return FALSE;
+ }
+ else
+ {
+ *pw_uid = pw_entry->pw_uid;
+ *pw_gid = pw_entry->pw_gid;
+ return TRUE;
+
+ }
+}
+
+
+
+
+int main (int argc, char **argv )
+
+{
+
+ pid_t pid;
+ uid_t UID;
+ gid_t GID;
+ pid_t pidwait;
+ int waitstat;
+
+ /* Sanity check */
+ if (argc > MAX_ARGS)
+ {
+ error_sys("arg buffer too small");
+ exit(-1);
+ }
+/*
+ if (getpid() != 0)
+ {
+ error_sys("must be called by root");
+ exit(-1);
+ }
+*/
+
+ /* fork child that will become dirmngr */
+ if ((pid = fork()) < 0)
+
+ error_sys("fork error");
+
+ else
+
+ {
+
+ if (pid == 0)
+
+ {
+
+ /* We're the child */
+
+ if (!obtainUIDandGID(DIRMNGR_USER, &UID, &GID))
+ exit(-1);
+
+ /* Drop privileges immediately */
+ if (setgid(GID) < 0)
+ {
+ /* It is VERY important to check return
+ value and not continue if setgid fails
+ */
+ error_sys ("setgid failed");
+ exit (-1);
+ }
+
+ if (setuid(UID) < 0)
+ {
+ /* It is VERY important to check return
+ value and not continue if setuid fails
+ */
Home |
Main Index |
Thread Index |
Old Index