Update to release 0.90.

Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internaly by gpgsm
(from gnupg 1.9) or when running as a system daemon through the
dirmngr-client tool.

Whats new in this release
=========================

 * New option --daemon to start dirmngr as a system daemon.  This
   switches to the use of different directories and also does
   CRL signing certificate validation on its own.
 * New tool dirmngr-client.
 * New options: --ldap-wrapper-program, --http-wrapper-program,
   --disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
   --ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
   --ignore-http-dp.
 * Uses an external ldap wrapper to cope with timeouts and general
   LDAP problems.
 * SIGHUP may be used to reread the configuration and to flush the
   certificate cache.
 * An authorithyKeyIdentifier in a CRL is now handled correctly.

8 files changed, 309 insertions, 66 deletions

diff --git a/security/dirmngr/Makefile b/security/dirmngr/Makefile
index d37287ed3d3..3d286d1174c 100644
--- a/security/dirmngr/Makefile
+++ b/security/dirmngr/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.3 2004/11/05 22:12:17 jmmv Exp $
+# $NetBSD: Makefile,v 1.4 2005/01/04 13:40:38 shannonjr Exp $
 #
 
-DISTNAME=		dirmngr-0.5.6
-PKGREVISION=		2
+DISTNAME=		dirmngr-0.9.0
+#PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/
 
@@ -10,15 +10,50 @@ MAINTAINER=		shannonjr@NetBSD.org
 HOMEPAGE=		http://www.gnupg.org/aegypten2
 COMMENT=		X509 certificate and CRL downloader
 
+DIRMNGR_USER?=		dirmngr
+DIRMNGR_GROUP?=		dirmngr
+PKG_GROUPS=		${DIRMNGR_GROUP}
+PKG_USERS=		${DIRMNGR_USER}:${DIRMNGR_GROUP}::pseudo\\ user:${VARBASE}/dirmngr:
+
 GNU_CONFIGURE=		yes
 USE_BUILDLINK3=		yes
 USE_GNU_TOOLS+=		awk
+USE_PKGINSTALL=		yes
 USE_PKGLOCALEDIR=	yes
 
+CONFIGURE_ARGS+=	--localstatedir="${VARBASE}"
+CONFIGURE_ARGS+=	--sharedstatedir="${VARBASE}"
 CONFIGURE_ENV+=		BUILDLINK_PREFIX_openldap=${BUILDLINK_PREFIX.openldap}
 
+SUBST_FILES+=		VARBASE=${VARBASE}
+SUBST_FILES+=		PREFIX=${PREFIX}
+SUBST_FILES+=		SYSCONFDIR=${SYSCONFDIR}
+SUBST_FILES+=		DIRMNGR_USER=${DIRMNGR_USER}
+SUBST_FILES+=		DIRMNGR_PATH=${DIRMNGR_PATH}
+
+pre-build:
+	${CP} ${FILESDIR}/runDirmngr.c ${WRKDIR}/runDirmngr.c
+
+post-build:
+	cd ${WRKDIR} && \
+	${SETENV} ${BUILDENV} ${CC} ${CFLAGS} -DDIRMNGR_USER='"${DIRMNGR_USER}"' -DDIRMNGR_PATH='"${PREFIX}/bin/dirmngr"' -o runDirmngr runDirmngr.c
+
+pre-install:
+	${INSTALL_DATA_DIR} ${VARBASE}/dirmngr/cache
+	${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr
+	${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/dirmngr/trusted-certs
+	${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr/extra-certs
+	${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${VARBASE}/dirmngr
+	${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${PREFIX}/libdata/dirmngr
+
+post-install:
+	@${SED} ${FILES_SUBST_SED} ${FILESDIR}/dirmngr > ${WRKDIR}/dirmngr
+	${INSTALL_SCRIPT} ${WRKDIR}/dirmngr ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/dirmngr
+	${INSTALL_PROGRAM} ${WRKDIR}/runDirmngr ${PREFIX}/sbin
+
 INFO_FILES=		dirmngr.info
 
+.include "../../devel/pth/buildlink3.mk"
 .include "../../converters/libiconv/buildlink3.mk"
 .include "../../databases/openldap/buildlink3.mk"
 .include "../../devel/gettext-lib/buildlink3.mk"
diff --git a/security/dirmngr/PLIST b/security/dirmngr/PLIST
index 2fc142f63bf..e31cc857f80 100644
--- a/security/dirmngr/PLIST
+++ b/security/dirmngr/PLIST
@@ -1,3 +1,10 @@
-@comment $NetBSD: PLIST,v 1.2 2004/11/05 22:12:17 jmmv Exp $
+@comment $NetBSD: PLIST,v 1.3 2005/01/04 13:40:38 shannonjr Exp $
 bin/dirmngr
+bin/dirmngr-client
+libexec/dirmngr_ldap
+sbin/runDirmngr
+share/examples/rc.d/dirmngr
 ${PKGLOCALEDIR}/locale/de/LC_MESSAGES/dirmngr.mo
+@exec ${MKDIR} %D/libdata/dirmngr/extra-certs
+@dirrm libdata/dirmngr/extra-certs
+@dirrm libdata/dirmngr
diff --git a/security/dirmngr/distinfo b/security/dirmngr/distinfo
index 9dc40625427..899a7249b1c 100644
--- a/security/dirmngr/distinfo
+++ b/security/dirmngr/distinfo
@@ -1,7 +1,5 @@
-$NetBSD: distinfo,v 1.3 2004/11/05 22:12:17 jmmv Exp $
+$NetBSD: distinfo,v 1.4 2005/01/04 13:40:38 shannonjr Exp $
 
-SHA1 (dirmngr-0.5.6.tar.gz) = 584ee44d60b9385fcf0d0afa08f801fd05eba968
-Size (dirmngr-0.5.6.tar.gz) = 516196 bytes
-SHA1 (patch-aa) = 02dd8cf8224650a61d07b8353761fe51a70f5d47
-SHA1 (patch-ab) = 84b9266877b312aed33bd99fb1e509c92a73045b
-SHA1 (patch-ac) = ce9fd0eb7c095ff1494a00dd7606a039bb83928f
+SHA1 (dirmngr-0.9.0.tar.gz) = 46dc0704abb5320465c9176d0dcc5eeafc0880fe
+Size (dirmngr-0.9.0.tar.gz) = 568366 bytes
+SHA1 (patch-aa) = f3b4c18afa24ba7838876e46c0084502c7656f4b
diff --git a/security/dirmngr/files/dirmngr b/security/dirmngr/files/dirmngr
new file mode 100644
index 00000000000..7724f8daa5c
--- /dev/null
+++ b/security/dirmngr/files/dirmngr
@@ -0,0 +1,72 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: dirmngr,v 1.1 2005/01/04 13:40:38 shannonjr Exp $
+#
+# PROVIDE: dirmngr
+# REQUIRE: DAEMON
+#
+
+if [ -f @PKG_SYSCONFDIR@/rc.subr ]; then
+	. @PKG_SYSCONFDIR@/rc.subr
+fi
+
+name="dirmngr"
+rcvar="${name}"
+dirmngr_user="dirmngr"
+dirmngr_group="dirmngr"
+dirmngr_flags="--daemon"
+dirmngr_command="@PREFIX@/sbin/runDirmngr"
+start_precmd="dirmngr_precmd"
+start_cmd="dirmngr_start"
+start_postcmd="dirmngr_postcmd"
+stop_cmd="dirmngr_stop"
+required_dirs="@PKG_SYSCONFDIR@/dirmngr"
+required_files="@PKG_SYSCONFDIR@/dirmngr/ldapservers.conf"
+
+dirmngr_precmd()
+{
+	mkdir -p @VARBASE@/run/dirmngr
+	chgrp dirmngr @VARBASE@/run/dirmngr
+	chmod 775 @VARBASE@/run/dirmngr
+	mkdir -p /tmp/dirmngr
+	chgrp dirmngr /tmp/dirmngr
+	chmod 755 /tmp/dirmngr
+}
+
+dirmngr_start()
+{
+       for _f in $required_dirs; do
+		if [ ! -d "${_f}/." ]; then
+			warn "${_f} is not a directory."
+			if [ -z $rc_force ]; then
+				return 1
+			fi
+		fi
+	done
+	for _f in $required_files; do
+		if [ ! -r "${_f}" ]; then
+			warn "${_f} is not readable."
+			if [ -z $rc_force ]; then
+				return 1
+			fi
+		fi
+	done
+	eval `${dirmngr_command} ${rc_flags}`
+}
+
+dirmngr_postcmd()
+{
+	echo ${DIRMNGR_INFO} >/tmp/dirmngr/dirmngr.info
+	chmod 644 /tmp/dirmngr/dirmngr.info
+	dirmngr_pid=`cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info`
+}
+
+dirmngr_stop()
+{
+	if [ -f /tmp/dirmngr/dirmngr.info ] ; then
+		kill `cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info`
+	fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/dirmngr/files/runDirmngr.c b/security/dirmngr/files/runDirmngr.c
new file mode 100644
index 00000000000..6c4f21ed8f9
--- /dev/null
+++ b/security/dirmngr/files/runDirmngr.c
@@ -0,0 +1,172 @@
+/*
+   Spawns dirmngr with UID and GID with a specific UID and GID.
+   The path for dirmngr is specified by the compiled-in definition
+   DIRMNGR_USER, normally passed as a compiler argument:
+   
+     `-D DIRMNGR_USER=DEFINITION'
+     
+   The UID and GID are the uid and gid for user DIRMNGR_USER.
+   DIRMNGR_USER is normally defined through a compiler argument
+   also.
+*/
+
+
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <syslog.h>
+
+#define MAX_ARGS 40
+#ifndef         TRUE
+#define         TRUE                            1
+#endif                          /* TRUE */
+
+#ifndef         FALSE
+#define         FALSE                           0
+#endif                          /* FALSE */
+
+
+void error_sys(char *str)
+
+{
+    /* Output error message to syslog */
+    char msg[1024];
+    snprintf(msg, sizeof(msg), "runDirmngr : %s : %s", str, strerror(errno));
+    syslog(LOG_ALERT, msg);
+
+}
+
+
+int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
+{
+    /* Obtain UID and GID from passwd entry identified by name */
+    struct passwd *pw_entry;
+    char msg[100];
+
+    if ((pw_entry = getpwnam(name)) == NULL)
+    {
+        snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
+        error_sys(msg);
+        return FALSE;
+    }
+    else
+    {
+        *pw_uid = pw_entry->pw_uid;
+        *pw_gid = pw_entry->pw_gid;
+        return TRUE;
+
+    }
+}
+
+
+
+
+int main (int argc, char **argv )
+
+{
+
+    pid_t pid;
+    uid_t UID;
+    gid_t GID;
+    pid_t pidwait;
+    int waitstat;
+
+    /* Sanity check */
+    if (argc > MAX_ARGS)
+    {
+        error_sys("arg buffer too small");
+        exit(-1);
+    }
+/*
+    if (getpid() != 0)
+    {
+        error_sys("must be called by root");
+        exit(-1);
+    }
+*/
+
+    /* fork child that will become dirmngr */
+    if ((pid = fork()) < 0)
+
+        error_sys("fork error");
+
+    else
+
+    {
+
+        if (pid == 0)
+
+        {
+
+            /* We're the child */
+
+            if (!obtainUIDandGID(DIRMNGR_USER, &UID, &GID))
+                exit(-1);
+
+            /* Drop privileges immediately */
+            if (setgid(GID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setgid fails
+                */
+                error_sys ("setgid failed");
+                exit (-1);
+            }
+
+            if (setuid(UID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setuid fails
+                */
+                error_sys ("setuid failed");
+                exit (-1);
+            }
+
+            /* Build calling argv */
+            char *args[MAX_ARGS];
+            unsigned int i;
+            args[0] = DIRMNGR_PATH;
+            for (i=1;i<argc;i++)
+            {
+                args[i] = argv[i];
+            }
+            args[i++] = NULL;
+
+            /* Finally transform self into dirmngr */
+            if (execvp(DIRMNGR_PATH, args) < 0)
+                error_sys("execve error");
+            else
+                ; /* avoid if-then ambiguity */
+        }
+
+        else
+
+        {
+            /* We're the parent
+               Wait for child to terminate 
+            */
+            pidwait = waitpid(pid, &waitstat, 0);
+            switch (pidwait) {
+            case 0: exit(0);
+            case -1:
+                perror(strerror(errno));
+                exit(-1);
+            default:
+                if (WIFEXITED(waitstat)) {
+                    exit(WEXITSTATUS(waitstat));
+                }
+                else
+                {
+                    exit(-1);
+                }
+            }
+
+        }
+
+    }
+
+}
diff --git a/security/dirmngr/patches/patch-aa b/security/dirmngr/patches/patch-aa
index 00e556bc5be..28bb9070439 100644
--- a/security/dirmngr/patches/patch-aa
+++ b/security/dirmngr/patches/patch-aa
@@ -1,31 +1,17 @@
-$NetBSD: patch-aa,v 1.2 2004/11/05 22:12:17 jmmv Exp $
+$NetBSD: patch-aa,v 1.3 2005/01/04 13:40:38 shannonjr Exp $
 
---- configure.orig	2004-09-28 14:37:56.000000000 +0200
-+++ configure
-@@ -10934,7 +10934,7 @@ else
- fi;
- if test "x$with_ldap" = "xCHECK" ; then
-   with_ldap=NOTFOUND
--  search_incs="$kde_includes /usr/include /usr/local/include"
-+  search_incs="${BUILDLINK_PREFIX_openldap}/include"
+--- src/Makefile.in.orig	2004-12-17 03:35:04.000000000 -0700
++++ src/Makefile.in
+@@ -259,9 +259,9 @@ localedir = $(datadir)/locale
+ EXTRA_DIST = Manifest
+ AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" \
+ 	-DDIRMNGR_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \
+-	-DDIRMNGR_LIBEXECDIR="\"$(libexecdir)\"" \
+-	-DDIRMNGR_DATADIR="\"$(localstatedir)/lib/@PACKAGE@\"" \
+-	-DDIRMNGR_CACHEDIR="\"$(localstatedir)/cache/@PACKAGE@\""
++	-DDIRMNGR_LIBEXECDIR="\"$(libexecdir)/@PACKAGE@\"" \
++	-DDIRMNGR_DATADIR="\"$(prefix)/libdata/@PACKAGE@\"" \
++	-DDIRMNGR_CACHEDIR="\"$(localstatedir)/@PACKAGE@/cache\""
+ AM_CFLAGS = -I$(top_srcdir)/jnlib @LIBGCRYPT_CFLAGS@ @LIBASSUAN_CFLAGS@ \
+               @KSBA_CFLAGS@ @GPG_ERROR_CFLAGS@  $(PTH_CFLAGS)
  
- ldap_incdir=NO
- for i in $search_incs;
-@@ -10959,7 +10959,7 @@ done
-     for ext in la so sl a ; do
- 
- ldap_libdir=NO
--for i in /usr/lib /usr/local/lib;
-+for i in ${BUILDLINK_PREFIX_openldap}/lib
- do
-   for j in libldap.$ext;
-   do
-@@ -11290,7 +11290,7 @@ _ACEOF
- fi
- 
- 
--for ac_header in string.h
-+for ac_header in locale.h string.h
- do
- as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
- if eval "test \"\${$as_ac_Header+set}\" = set"; then
diff --git a/security/dirmngr/patches/patch-ab b/security/dirmngr/patches/patch-ab
deleted file mode 100644
index 9f3a58336e3..00000000000
--- a/security/dirmngr/patches/patch-ab
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-ab,v 1.1 2004/11/04 20:57:06 shannonjr Exp $
-
---- src/http.c.orig	2004-04-02 11:05:19.000000000 -0700
-+++ src/http.c
-@@ -456,8 +456,7 @@ send_request (http_t hd)
-   server = *hd->uri->host ? hd->uri->host : "localhost";
-   port = hd->uri->port ? hd->uri->port : 80;
- 
--  if ((hd->flags & HTTP_FLAG_TRY_PROXY)
--      && (http_proxy = getenv (HTTP_PROXY_ENV)))
-+  if (http_proxy = getenv (HTTP_PROXY_ENV))
-     {
-       parsed_uri_t uri;
- 
diff --git a/security/dirmngr/patches/patch-ac b/security/dirmngr/patches/patch-ac
deleted file mode 100644
index aed6e8ca293..00000000000
--- a/security/dirmngr/patches/patch-ac
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2004/11/05 22:12:17 jmmv Exp $
-
---- doc/dirmngr.info.orig	2004-09-28 14:38:38.000000000 +0200
-+++ doc/dirmngr.info
-@@ -3,7 +3,7 @@ dirmngr.texi.
- 
- INFO-DIR-SECTION GNU Utilities
- START-INFO-DIR-ENTRY
--* dirmngr: (gnupg). X.509 CRL and OCSP server.
-+* dirmngr: (dirmngr). X.509 CRL and OCSP server.
- END-INFO-DIR-ENTRY
-    This file documents the use of dirmngr.
-