diff options
author | shannonjr <shannonjr@pkgsrc.org> | 2005-01-04 13:40:38 +0000 |
---|---|---|
committer | shannonjr <shannonjr@pkgsrc.org> | 2005-01-04 13:40:38 +0000 |
commit | 0fe467b5f1a52d652f72f8a38df6ec8cca330e68 (patch) | |
tree | 4ced6954e65444a27215d5c3866fa9e4dbb5e65a /security/dirmngr | |
parent | 7f869387a8e2abad804364d9865ad20a903eecac (diff) | |
download | pkgsrc-0fe467b5f1a52d652f72f8a38df6ec8cca330e68.tar.gz |
Update to release 0.90.
Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internaly by gpgsm
(from gnupg 1.9) or when running as a system daemon through the
dirmngr-client tool.
Whats new in this release
=========================
* New option --daemon to start dirmngr as a system daemon. This
switches to the use of different directories and also does
CRL signing certificate validation on its own.
* New tool dirmngr-client.
* New options: --ldap-wrapper-program, --http-wrapper-program,
--disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
--ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
--ignore-http-dp.
* Uses an external ldap wrapper to cope with timeouts and general
LDAP problems.
* SIGHUP may be used to reread the configuration and to flush the
certificate cache.
* An authorithyKeyIdentifier in a CRL is now handled correctly.
Diffstat (limited to 'security/dirmngr')
-rw-r--r-- | security/dirmngr/Makefile | 41 | ||||
-rw-r--r-- | security/dirmngr/PLIST | 9 | ||||
-rw-r--r-- | security/dirmngr/distinfo | 10 | ||||
-rw-r--r-- | security/dirmngr/files/dirmngr | 72 | ||||
-rw-r--r-- | security/dirmngr/files/runDirmngr.c | 172 | ||||
-rw-r--r-- | security/dirmngr/patches/patch-aa | 44 | ||||
-rw-r--r-- | security/dirmngr/patches/patch-ab | 14 | ||||
-rw-r--r-- | security/dirmngr/patches/patch-ac | 13 |
8 files changed, 309 insertions, 66 deletions
diff --git a/security/dirmngr/Makefile b/security/dirmngr/Makefile index d37287ed3d3..3d286d1174c 100644 --- a/security/dirmngr/Makefile +++ b/security/dirmngr/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2004/11/05 22:12:17 jmmv Exp $ +# $NetBSD: Makefile,v 1.4 2005/01/04 13:40:38 shannonjr Exp $ # -DISTNAME= dirmngr-0.5.6 -PKGREVISION= 2 +DISTNAME= dirmngr-0.9.0 +#PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/ @@ -10,15 +10,50 @@ MAINTAINER= shannonjr@NetBSD.org HOMEPAGE= http://www.gnupg.org/aegypten2 COMMENT= X509 certificate and CRL downloader +DIRMNGR_USER?= dirmngr +DIRMNGR_GROUP?= dirmngr +PKG_GROUPS= ${DIRMNGR_GROUP} +PKG_USERS= ${DIRMNGR_USER}:${DIRMNGR_GROUP}::pseudo\\ user:${VARBASE}/dirmngr: + GNU_CONFIGURE= yes USE_BUILDLINK3= yes USE_GNU_TOOLS+= awk +USE_PKGINSTALL= yes USE_PKGLOCALEDIR= yes +CONFIGURE_ARGS+= --localstatedir="${VARBASE}" +CONFIGURE_ARGS+= --sharedstatedir="${VARBASE}" CONFIGURE_ENV+= BUILDLINK_PREFIX_openldap=${BUILDLINK_PREFIX.openldap} +SUBST_FILES+= VARBASE=${VARBASE} +SUBST_FILES+= PREFIX=${PREFIX} +SUBST_FILES+= SYSCONFDIR=${SYSCONFDIR} +SUBST_FILES+= DIRMNGR_USER=${DIRMNGR_USER} +SUBST_FILES+= DIRMNGR_PATH=${DIRMNGR_PATH} + +pre-build: + ${CP} ${FILESDIR}/runDirmngr.c ${WRKDIR}/runDirmngr.c + +post-build: + cd ${WRKDIR} && \ + ${SETENV} ${BUILDENV} ${CC} ${CFLAGS} -DDIRMNGR_USER='"${DIRMNGR_USER}"' -DDIRMNGR_PATH='"${PREFIX}/bin/dirmngr"' -o runDirmngr runDirmngr.c + +pre-install: + ${INSTALL_DATA_DIR} ${VARBASE}/dirmngr/cache + ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr + ${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/dirmngr/trusted-certs + ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr/extra-certs + ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${VARBASE}/dirmngr + ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${PREFIX}/libdata/dirmngr + +post-install: + @${SED} ${FILES_SUBST_SED} ${FILESDIR}/dirmngr > ${WRKDIR}/dirmngr + ${INSTALL_SCRIPT} ${WRKDIR}/dirmngr ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/dirmngr + ${INSTALL_PROGRAM} ${WRKDIR}/runDirmngr ${PREFIX}/sbin + INFO_FILES= dirmngr.info +.include "../../devel/pth/buildlink3.mk" .include "../../converters/libiconv/buildlink3.mk" .include "../../databases/openldap/buildlink3.mk" .include "../../devel/gettext-lib/buildlink3.mk" diff --git a/security/dirmngr/PLIST b/security/dirmngr/PLIST index 2fc142f63bf..e31cc857f80 100644 --- a/security/dirmngr/PLIST +++ b/security/dirmngr/PLIST @@ -1,3 +1,10 @@ -@comment $NetBSD: PLIST,v 1.2 2004/11/05 22:12:17 jmmv Exp $ +@comment $NetBSD: PLIST,v 1.3 2005/01/04 13:40:38 shannonjr Exp $ bin/dirmngr +bin/dirmngr-client +libexec/dirmngr_ldap +sbin/runDirmngr +share/examples/rc.d/dirmngr ${PKGLOCALEDIR}/locale/de/LC_MESSAGES/dirmngr.mo +@exec ${MKDIR} %D/libdata/dirmngr/extra-certs +@dirrm libdata/dirmngr/extra-certs +@dirrm libdata/dirmngr diff --git a/security/dirmngr/distinfo b/security/dirmngr/distinfo index 9dc40625427..899a7249b1c 100644 --- a/security/dirmngr/distinfo +++ b/security/dirmngr/distinfo @@ -1,7 +1,5 @@ -$NetBSD: distinfo,v 1.3 2004/11/05 22:12:17 jmmv Exp $ +$NetBSD: distinfo,v 1.4 2005/01/04 13:40:38 shannonjr Exp $ -SHA1 (dirmngr-0.5.6.tar.gz) = 584ee44d60b9385fcf0d0afa08f801fd05eba968 -Size (dirmngr-0.5.6.tar.gz) = 516196 bytes -SHA1 (patch-aa) = 02dd8cf8224650a61d07b8353761fe51a70f5d47 -SHA1 (patch-ab) = 84b9266877b312aed33bd99fb1e509c92a73045b -SHA1 (patch-ac) = ce9fd0eb7c095ff1494a00dd7606a039bb83928f +SHA1 (dirmngr-0.9.0.tar.gz) = 46dc0704abb5320465c9176d0dcc5eeafc0880fe +Size (dirmngr-0.9.0.tar.gz) = 568366 bytes +SHA1 (patch-aa) = f3b4c18afa24ba7838876e46c0084502c7656f4b diff --git a/security/dirmngr/files/dirmngr b/security/dirmngr/files/dirmngr new file mode 100644 index 00000000000..7724f8daa5c --- /dev/null +++ b/security/dirmngr/files/dirmngr @@ -0,0 +1,72 @@ +#!@RCD_SCRIPTS_SHELL@ +# +# $NetBSD: dirmngr,v 1.1 2005/01/04 13:40:38 shannonjr Exp $ +# +# PROVIDE: dirmngr +# REQUIRE: DAEMON +# + +if [ -f @PKG_SYSCONFDIR@/rc.subr ]; then + . @PKG_SYSCONFDIR@/rc.subr +fi + +name="dirmngr" +rcvar="${name}" +dirmngr_user="dirmngr" +dirmngr_group="dirmngr" +dirmngr_flags="--daemon" +dirmngr_command="@PREFIX@/sbin/runDirmngr" +start_precmd="dirmngr_precmd" +start_cmd="dirmngr_start" +start_postcmd="dirmngr_postcmd" +stop_cmd="dirmngr_stop" +required_dirs="@PKG_SYSCONFDIR@/dirmngr" +required_files="@PKG_SYSCONFDIR@/dirmngr/ldapservers.conf" + +dirmngr_precmd() +{ + mkdir -p @VARBASE@/run/dirmngr + chgrp dirmngr @VARBASE@/run/dirmngr + chmod 775 @VARBASE@/run/dirmngr + mkdir -p /tmp/dirmngr + chgrp dirmngr /tmp/dirmngr + chmod 755 /tmp/dirmngr +} + +dirmngr_start() +{ + for _f in $required_dirs; do + if [ ! -d "${_f}/." ]; then + warn "${_f} is not a directory." + if [ -z $rc_force ]; then + return 1 + fi + fi + done + for _f in $required_files; do + if [ ! -r "${_f}" ]; then + warn "${_f} is not readable." + if [ -z $rc_force ]; then + return 1 + fi + fi + done + eval `${dirmngr_command} ${rc_flags}` +} + +dirmngr_postcmd() +{ + echo ${DIRMNGR_INFO} >/tmp/dirmngr/dirmngr.info + chmod 644 /tmp/dirmngr/dirmngr.info + dirmngr_pid=`cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info` +} + +dirmngr_stop() +{ + if [ -f /tmp/dirmngr/dirmngr.info ] ; then + kill `cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info` + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/security/dirmngr/files/runDirmngr.c b/security/dirmngr/files/runDirmngr.c new file mode 100644 index 00000000000..6c4f21ed8f9 --- /dev/null +++ b/security/dirmngr/files/runDirmngr.c @@ -0,0 +1,172 @@ +/* + Spawns dirmngr with UID and GID with a specific UID and GID. + The path for dirmngr is specified by the compiled-in definition + DIRMNGR_USER, normally passed as a compiler argument: + + `-D DIRMNGR_USER=DEFINITION' + + The UID and GID are the uid and gid for user DIRMNGR_USER. + DIRMNGR_USER is normally defined through a compiler argument + also. +*/ + + +#include <unistd.h> +#include <string.h> +#include <stdio.h> +#include <errno.h> +#include <stdlib.h> +#include <sys/wait.h> +#include <pwd.h> +#include <syslog.h> + +#define MAX_ARGS 40 +#ifndef TRUE +#define TRUE 1 +#endif /* TRUE */ + +#ifndef FALSE +#define FALSE 0 +#endif /* FALSE */ + + +void error_sys(char *str) + +{ + /* Output error message to syslog */ + char msg[1024]; + snprintf(msg, sizeof(msg), "runDirmngr : %s : %s", str, strerror(errno)); + syslog(LOG_ALERT, msg); + +} + + +int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid) +{ + /* Obtain UID and GID from passwd entry identified by name */ + struct passwd *pw_entry; + char msg[100]; + + if ((pw_entry = getpwnam(name)) == NULL) + { + snprintf(msg, sizeof(msg), "failed to get password entry for %s", name); + error_sys(msg); + return FALSE; + } + else + { + *pw_uid = pw_entry->pw_uid; + *pw_gid = pw_entry->pw_gid; + return TRUE; + + } +} + + + + +int main (int argc, char **argv ) + +{ + + pid_t pid; + uid_t UID; + gid_t GID; + pid_t pidwait; + int waitstat; + + /* Sanity check */ + if (argc > MAX_ARGS) + { + error_sys("arg buffer too small"); + exit(-1); + } +/* + if (getpid() != 0) + { + error_sys("must be called by root"); + exit(-1); + } +*/ + + /* fork child that will become dirmngr */ + if ((pid = fork()) < 0) + + error_sys("fork error"); + + else + + { + + if (pid == 0) + + { + + /* We're the child */ + + if (!obtainUIDandGID(DIRMNGR_USER, &UID, &GID)) + exit(-1); + + /* Drop privileges immediately */ + if (setgid(GID) < 0) + { + /* It is VERY important to check return + value and not continue if setgid fails + */ + error_sys ("setgid failed"); + exit (-1); + } + + if (setuid(UID) < 0) + { + /* It is VERY important to check return + value and not continue if setuid fails + */ + error_sys ("setuid failed"); + exit (-1); + } + + /* Build calling argv */ + char *args[MAX_ARGS]; + unsigned int i; + args[0] = DIRMNGR_PATH; + for (i=1;i<argc;i++) + { + args[i] = argv[i]; + } + args[i++] = NULL; + + /* Finally transform self into dirmngr */ + if (execvp(DIRMNGR_PATH, args) < 0) + error_sys("execve error"); + else + ; /* avoid if-then ambiguity */ + } + + else + + { + /* We're the parent + Wait for child to terminate + */ + pidwait = waitpid(pid, &waitstat, 0); + switch (pidwait) { + case 0: exit(0); + case -1: + perror(strerror(errno)); + exit(-1); + default: + if (WIFEXITED(waitstat)) { + exit(WEXITSTATUS(waitstat)); + } + else + { + exit(-1); + } + } + + } + + } + +} diff --git a/security/dirmngr/patches/patch-aa b/security/dirmngr/patches/patch-aa index 00e556bc5be..28bb9070439 100644 --- a/security/dirmngr/patches/patch-aa +++ b/security/dirmngr/patches/patch-aa @@ -1,31 +1,17 @@ -$NetBSD: patch-aa,v 1.2 2004/11/05 22:12:17 jmmv Exp $ +$NetBSD: patch-aa,v 1.3 2005/01/04 13:40:38 shannonjr Exp $ ---- configure.orig 2004-09-28 14:37:56.000000000 +0200 -+++ configure -@@ -10934,7 +10934,7 @@ else - fi; - if test "x$with_ldap" = "xCHECK" ; then - with_ldap=NOTFOUND -- search_incs="$kde_includes /usr/include /usr/local/include" -+ search_incs="${BUILDLINK_PREFIX_openldap}/include" +--- src/Makefile.in.orig 2004-12-17 03:35:04.000000000 -0700 ++++ src/Makefile.in +@@ -259,9 +259,9 @@ localedir = $(datadir)/locale + EXTRA_DIST = Manifest + AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" \ + -DDIRMNGR_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \ +- -DDIRMNGR_LIBEXECDIR="\"$(libexecdir)\"" \ +- -DDIRMNGR_DATADIR="\"$(localstatedir)/lib/@PACKAGE@\"" \ +- -DDIRMNGR_CACHEDIR="\"$(localstatedir)/cache/@PACKAGE@\"" ++ -DDIRMNGR_LIBEXECDIR="\"$(libexecdir)/@PACKAGE@\"" \ ++ -DDIRMNGR_DATADIR="\"$(prefix)/libdata/@PACKAGE@\"" \ ++ -DDIRMNGR_CACHEDIR="\"$(localstatedir)/@PACKAGE@/cache\"" + AM_CFLAGS = -I$(top_srcdir)/jnlib @LIBGCRYPT_CFLAGS@ @LIBASSUAN_CFLAGS@ \ + @KSBA_CFLAGS@ @GPG_ERROR_CFLAGS@ $(PTH_CFLAGS) - ldap_incdir=NO - for i in $search_incs; -@@ -10959,7 +10959,7 @@ done - for ext in la so sl a ; do - - ldap_libdir=NO --for i in /usr/lib /usr/local/lib; -+for i in ${BUILDLINK_PREFIX_openldap}/lib - do - for j in libldap.$ext; - do -@@ -11290,7 +11290,7 @@ _ACEOF - fi - - --for ac_header in string.h -+for ac_header in locale.h string.h - do - as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` - if eval "test \"\${$as_ac_Header+set}\" = set"; then diff --git a/security/dirmngr/patches/patch-ab b/security/dirmngr/patches/patch-ab deleted file mode 100644 index 9f3a58336e3..00000000000 --- a/security/dirmngr/patches/patch-ab +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-ab,v 1.1 2004/11/04 20:57:06 shannonjr Exp $ - ---- src/http.c.orig 2004-04-02 11:05:19.000000000 -0700 -+++ src/http.c -@@ -456,8 +456,7 @@ send_request (http_t hd) - server = *hd->uri->host ? hd->uri->host : "localhost"; - port = hd->uri->port ? hd->uri->port : 80; - -- if ((hd->flags & HTTP_FLAG_TRY_PROXY) -- && (http_proxy = getenv (HTTP_PROXY_ENV))) -+ if (http_proxy = getenv (HTTP_PROXY_ENV)) - { - parsed_uri_t uri; - diff --git a/security/dirmngr/patches/patch-ac b/security/dirmngr/patches/patch-ac deleted file mode 100644 index aed6e8ca293..00000000000 --- a/security/dirmngr/patches/patch-ac +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ac,v 1.1 2004/11/05 22:12:17 jmmv Exp $ - ---- doc/dirmngr.info.orig 2004-09-28 14:38:38.000000000 +0200 -+++ doc/dirmngr.info -@@ -3,7 +3,7 @@ dirmngr.texi. - - INFO-DIR-SECTION GNU Utilities - START-INFO-DIR-ENTRY --* dirmngr: (gnupg). X.509 CRL and OCSP server. -+* dirmngr: (dirmngr). X.509 CRL and OCSP server. - END-INFO-DIR-ENTRY - This file documents the use of dirmngr. - |