pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/dirmngr Update to release 0.90.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9d99af90d4e5
branches:  trunk
changeset: 486857:9d99af90d4e5
user:      shannonjr <shannonjr%pkgsrc.org@localhost>
date:      Tue Jan 04 13:40:38 2005 +0000

description:
Update to release 0.90.

Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internaly by gpgsm
(from gnupg 1.9) or when running as a system daemon through the
dirmngr-client tool.

Whats new in this release
=========================

 * New option --daemon to start dirmngr as a system daemon.  This
   switches to the use of different directories and also does
   CRL signing certificate validation on its own.
 * New tool dirmngr-client.
 * New options: --ldap-wrapper-program, --http-wrapper-program,
   --disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
   --ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
   --ignore-http-dp.
 * Uses an external ldap wrapper to cope with timeouts and general
   LDAP problems.
 * SIGHUP may be used to reread the configuration and to flush the
   certificate cache.
 * An authorithyKeyIdentifier in a CRL is now handled correctly.

diffstat:

 security/dirmngr/Makefile           |   41 +++++++-
 security/dirmngr/PLIST              |    9 +-
 security/dirmngr/distinfo           |   10 +-
 security/dirmngr/files/dirmngr      |   72 +++++++++++++++
 security/dirmngr/files/runDirmngr.c |  172 ++++++++++++++++++++++++++++++++++++
 security/dirmngr/patches/patch-aa   |   44 +++------
 security/dirmngr/patches/patch-ab   |   14 --
 security/dirmngr/patches/patch-ac   |   13 --
 8 files changed, 309 insertions(+), 66 deletions(-)

diffs (truncated from 433 to 300 lines):

diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/Makefile
--- a/security/dirmngr/Makefile Tue Jan 04 13:38:50 2005 +0000
+++ b/security/dirmngr/Makefile Tue Jan 04 13:40:38 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2004/11/05 22:12:17 jmmv Exp $
+# $NetBSD: Makefile,v 1.4 2005/01/04 13:40:38 shannonjr Exp $
 #
 
-DISTNAME=              dirmngr-0.5.6
-PKGREVISION=           2
+DISTNAME=              dirmngr-0.9.0
+#PKGREVISION=          1
 CATEGORIES=            security
 MASTER_SITES=          ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/
 
@@ -10,15 +10,50 @@
 HOMEPAGE=              http://www.gnupg.org/aegypten2
 COMMENT=               X509 certificate and CRL downloader
 
+DIRMNGR_USER?=         dirmngr
+DIRMNGR_GROUP?=                dirmngr
+PKG_GROUPS=            ${DIRMNGR_GROUP}
+PKG_USERS=             ${DIRMNGR_USER}:${DIRMNGR_GROUP}::pseudo\\ user:${VARBASE}/dirmngr:
+
 GNU_CONFIGURE=         yes
 USE_BUILDLINK3=                yes
 USE_GNU_TOOLS+=                awk
+USE_PKGINSTALL=                yes
 USE_PKGLOCALEDIR=      yes
 
+CONFIGURE_ARGS+=       --localstatedir="${VARBASE}"
+CONFIGURE_ARGS+=       --sharedstatedir="${VARBASE}"
 CONFIGURE_ENV+=                BUILDLINK_PREFIX_openldap=${BUILDLINK_PREFIX.openldap}
 
+SUBST_FILES+=          VARBASE=${VARBASE}
+SUBST_FILES+=          PREFIX=${PREFIX}
+SUBST_FILES+=          SYSCONFDIR=${SYSCONFDIR}
+SUBST_FILES+=          DIRMNGR_USER=${DIRMNGR_USER}
+SUBST_FILES+=          DIRMNGR_PATH=${DIRMNGR_PATH}
+
+pre-build:
+       ${CP} ${FILESDIR}/runDirmngr.c ${WRKDIR}/runDirmngr.c
+
+post-build:
+       cd ${WRKDIR} && \
+       ${SETENV} ${BUILDENV} ${CC} ${CFLAGS} -DDIRMNGR_USER='"${DIRMNGR_USER}"' -DDIRMNGR_PATH='"${PREFIX}/bin/dirmngr"' -o runDirmngr runDirmngr.c
+
+pre-install:
+       ${INSTALL_DATA_DIR} ${VARBASE}/dirmngr/cache
+       ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr
+       ${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/dirmngr/trusted-certs
+       ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr/extra-certs
+       ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${VARBASE}/dirmngr
+       ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${PREFIX}/libdata/dirmngr
+
+post-install:
+       @${SED} ${FILES_SUBST_SED} ${FILESDIR}/dirmngr > ${WRKDIR}/dirmngr
+       ${INSTALL_SCRIPT} ${WRKDIR}/dirmngr ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/dirmngr
+       ${INSTALL_PROGRAM} ${WRKDIR}/runDirmngr ${PREFIX}/sbin
+
 INFO_FILES=            dirmngr.info
 
+.include "../../devel/pth/buildlink3.mk"
 .include "../../converters/libiconv/buildlink3.mk"
 .include "../../databases/openldap/buildlink3.mk"
 .include "../../devel/gettext-lib/buildlink3.mk"
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/PLIST
--- a/security/dirmngr/PLIST    Tue Jan 04 13:38:50 2005 +0000
+++ b/security/dirmngr/PLIST    Tue Jan 04 13:40:38 2005 +0000
@@ -1,3 +1,10 @@
-@comment $NetBSD: PLIST,v 1.2 2004/11/05 22:12:17 jmmv Exp $
+@comment $NetBSD: PLIST,v 1.3 2005/01/04 13:40:38 shannonjr Exp $
 bin/dirmngr
+bin/dirmngr-client
+libexec/dirmngr_ldap
+sbin/runDirmngr
+share/examples/rc.d/dirmngr
 ${PKGLOCALEDIR}/locale/de/LC_MESSAGES/dirmngr.mo
+@exec ${MKDIR} %D/libdata/dirmngr/extra-certs
+@dirrm libdata/dirmngr/extra-certs
+@dirrm libdata/dirmngr
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/distinfo
--- a/security/dirmngr/distinfo Tue Jan 04 13:38:50 2005 +0000
+++ b/security/dirmngr/distinfo Tue Jan 04 13:40:38 2005 +0000
@@ -1,7 +1,5 @@
-$NetBSD: distinfo,v 1.3 2004/11/05 22:12:17 jmmv Exp $
+$NetBSD: distinfo,v 1.4 2005/01/04 13:40:38 shannonjr Exp $
 
-SHA1 (dirmngr-0.5.6.tar.gz) = 584ee44d60b9385fcf0d0afa08f801fd05eba968
-Size (dirmngr-0.5.6.tar.gz) = 516196 bytes
-SHA1 (patch-aa) = 02dd8cf8224650a61d07b8353761fe51a70f5d47
-SHA1 (patch-ab) = 84b9266877b312aed33bd99fb1e509c92a73045b
-SHA1 (patch-ac) = ce9fd0eb7c095ff1494a00dd7606a039bb83928f
+SHA1 (dirmngr-0.9.0.tar.gz) = 46dc0704abb5320465c9176d0dcc5eeafc0880fe
+Size (dirmngr-0.9.0.tar.gz) = 568366 bytes
+SHA1 (patch-aa) = f3b4c18afa24ba7838876e46c0084502c7656f4b
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/files/dirmngr
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dirmngr/files/dirmngr    Tue Jan 04 13:40:38 2005 +0000
@@ -0,0 +1,72 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: dirmngr,v 1.1 2005/01/04 13:40:38 shannonjr Exp $
+#
+# PROVIDE: dirmngr
+# REQUIRE: DAEMON
+#
+
+if [ -f @PKG_SYSCONFDIR@/rc.subr ]; then
+       . @PKG_SYSCONFDIR@/rc.subr
+fi
+
+name="dirmngr"
+rcvar="${name}"
+dirmngr_user="dirmngr"
+dirmngr_group="dirmngr"
+dirmngr_flags="--daemon"
+dirmngr_command="@PREFIX@/sbin/runDirmngr"
+start_precmd="dirmngr_precmd"
+start_cmd="dirmngr_start"
+start_postcmd="dirmngr_postcmd"
+stop_cmd="dirmngr_stop"
+required_dirs="@PKG_SYSCONFDIR@/dirmngr"
+required_files="@PKG_SYSCONFDIR@/dirmngr/ldapservers.conf"
+
+dirmngr_precmd()
+{
+       mkdir -p @VARBASE@/run/dirmngr
+       chgrp dirmngr @VARBASE@/run/dirmngr
+       chmod 775 @VARBASE@/run/dirmngr
+       mkdir -p /tmp/dirmngr
+       chgrp dirmngr /tmp/dirmngr
+       chmod 755 /tmp/dirmngr
+}
+
+dirmngr_start()
+{
+       for _f in $required_dirs; do
+               if [ ! -d "${_f}/." ]; then
+                       warn "${_f} is not a directory."
+                       if [ -z $rc_force ]; then
+                               return 1
+                       fi
+               fi
+       done
+       for _f in $required_files; do
+               if [ ! -r "${_f}" ]; then
+                       warn "${_f} is not readable."
+                       if [ -z $rc_force ]; then
+                               return 1
+                       fi
+               fi
+       done
+       eval `${dirmngr_command} ${rc_flags}`
+}
+
+dirmngr_postcmd()
+{
+       echo ${DIRMNGR_INFO} >/tmp/dirmngr/dirmngr.info
+       chmod 644 /tmp/dirmngr/dirmngr.info
+       dirmngr_pid=`cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info`
+}
+
+dirmngr_stop()
+{
+       if [ -f /tmp/dirmngr/dirmngr.info ] ; then
+               kill `cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info`
+       fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff -r 8c824324fb94 -r 9d99af90d4e5 security/dirmngr/files/runDirmngr.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/dirmngr/files/runDirmngr.c       Tue Jan 04 13:40:38 2005 +0000
@@ -0,0 +1,172 @@
+/*
+   Spawns dirmngr with UID and GID with a specific UID and GID.
+   The path for dirmngr is specified by the compiled-in definition
+   DIRMNGR_USER, normally passed as a compiler argument:
+   
+     `-D DIRMNGR_USER=DEFINITION'
+     
+   The UID and GID are the uid and gid for user DIRMNGR_USER.
+   DIRMNGR_USER is normally defined through a compiler argument
+   also.
+*/
+
+
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <syslog.h>
+
+#define MAX_ARGS 40
+#ifndef         TRUE
+#define         TRUE                            1
+#endif                          /* TRUE */
+
+#ifndef         FALSE
+#define         FALSE                           0
+#endif                          /* FALSE */
+
+
+void error_sys(char *str)
+
+{
+    /* Output error message to syslog */
+    char msg[1024];
+    snprintf(msg, sizeof(msg), "runDirmngr : %s : %s", str, strerror(errno));
+    syslog(LOG_ALERT, msg);
+
+}
+
+
+int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
+{
+    /* Obtain UID and GID from passwd entry identified by name */
+    struct passwd *pw_entry;
+    char msg[100];
+
+    if ((pw_entry = getpwnam(name)) == NULL)
+    {
+        snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
+        error_sys(msg);
+        return FALSE;
+    }
+    else
+    {
+        *pw_uid = pw_entry->pw_uid;
+        *pw_gid = pw_entry->pw_gid;
+        return TRUE;
+
+    }
+}
+
+
+
+
+int main (int argc, char **argv )
+
+{
+
+    pid_t pid;
+    uid_t UID;
+    gid_t GID;
+    pid_t pidwait;
+    int waitstat;
+
+    /* Sanity check */
+    if (argc > MAX_ARGS)
+    {
+        error_sys("arg buffer too small");
+        exit(-1);
+    }
+/*
+    if (getpid() != 0)
+    {
+        error_sys("must be called by root");
+        exit(-1);
+    }
+*/
+
+    /* fork child that will become dirmngr */
+    if ((pid = fork()) < 0)
+
+        error_sys("fork error");
+
+    else
+
+    {
+
+        if (pid == 0)
+
+        {
+
+            /* We're the child */
+
+            if (!obtainUIDandGID(DIRMNGR_USER, &UID, &GID))
+                exit(-1);
+
+            /* Drop privileges immediately */
+            if (setgid(GID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setgid fails
+                */
+                error_sys ("setgid failed");
+                exit (-1);
+            }
+
+            if (setuid(UID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setuid fails
+                */



Home | Main Index | Thread Index | Old Index