diff options
| -rw-r--r-- | security/dirmngr/Makefile | 41 | ||||
| -rw-r--r-- | security/dirmngr/PLIST | 9 | ||||
| -rw-r--r-- | security/dirmngr/distinfo | 10 | ||||
| -rw-r--r-- | security/dirmngr/files/dirmngr | 72 | ||||
| -rw-r--r-- | security/dirmngr/files/runDirmngr.c | 172 | ||||
| -rw-r--r-- | security/dirmngr/patches/patch-aa | 44 | ||||
| -rw-r--r-- | security/dirmngr/patches/patch-ab | 14 | ||||
| -rw-r--r-- | security/dirmngr/patches/patch-ac | 13 |
8 files changed, 309 insertions, 66 deletions
diff --git a/security/dirmngr/Makefile b/security/dirmngr/Makefile index d37287ed3d3..3d286d1174c 100644 --- a/security/dirmngr/Makefile +++ b/security/dirmngr/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.3 2004/11/05 22:12:17 jmmv Exp $ +# $NetBSD: Makefile,v 1.4 2005/01/04 13:40:38 shannonjr Exp $ # -DISTNAME= dirmngr-0.5.6 -PKGREVISION= 2 +DISTNAME= dirmngr-0.9.0 +#PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/alpha/dirmngr/ @@ -10,15 +10,50 @@ MAINTAINER= shannonjr@NetBSD.org HOMEPAGE= http://www.gnupg.org/aegypten2 COMMENT= X509 certificate and CRL downloader +DIRMNGR_USER?= dirmngr +DIRMNGR_GROUP?= dirmngr +PKG_GROUPS= ${DIRMNGR_GROUP} +PKG_USERS= ${DIRMNGR_USER}:${DIRMNGR_GROUP}::pseudo\\ user:${VARBASE}/dirmngr: + GNU_CONFIGURE= yes USE_BUILDLINK3= yes USE_GNU_TOOLS+= awk +USE_PKGINSTALL= yes USE_PKGLOCALEDIR= yes +CONFIGURE_ARGS+= --localstatedir="${VARBASE}" +CONFIGURE_ARGS+= --sharedstatedir="${VARBASE}" CONFIGURE_ENV+= BUILDLINK_PREFIX_openldap=${BUILDLINK_PREFIX.openldap} +SUBST_FILES+= VARBASE=${VARBASE} +SUBST_FILES+= PREFIX=${PREFIX} +SUBST_FILES+= SYSCONFDIR=${SYSCONFDIR} +SUBST_FILES+= DIRMNGR_USER=${DIRMNGR_USER} +SUBST_FILES+= DIRMNGR_PATH=${DIRMNGR_PATH} + +pre-build: + ${CP} ${FILESDIR}/runDirmngr.c ${WRKDIR}/runDirmngr.c + +post-build: + cd ${WRKDIR} && \ + ${SETENV} ${BUILDENV} ${CC} ${CFLAGS} -DDIRMNGR_USER='"${DIRMNGR_USER}"' -DDIRMNGR_PATH='"${PREFIX}/bin/dirmngr"' -o runDirmngr runDirmngr.c + +pre-install: + ${INSTALL_DATA_DIR} ${VARBASE}/dirmngr/cache + ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr + ${INSTALL_DATA_DIR} ${PKG_SYSCONFDIR}/dirmngr/trusted-certs + ${INSTALL_DATA_DIR} ${PREFIX}/libdata/dirmngr/extra-certs + ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${VARBASE}/dirmngr + ${CHOWN} -R ${DIRMNGR_USER}:${DIRMNGR_GROUP} ${PREFIX}/libdata/dirmngr + +post-install: + @${SED} ${FILES_SUBST_SED} ${FILESDIR}/dirmngr > ${WRKDIR}/dirmngr + ${INSTALL_SCRIPT} ${WRKDIR}/dirmngr ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/dirmngr + ${INSTALL_PROGRAM} ${WRKDIR}/runDirmngr ${PREFIX}/sbin + INFO_FILES= dirmngr.info +.include "../../devel/pth/buildlink3.mk" .include "../../converters/libiconv/buildlink3.mk" .include "../../databases/openldap/buildlink3.mk" .include "../../devel/gettext-lib/buildlink3.mk" diff --git a/security/dirmngr/PLIST b/security/dirmngr/PLIST index 2fc142f63bf..e31cc857f80 100644 --- a/security/dirmngr/PLIST +++ b/security/dirmngr/PLIST @@ -1,3 +1,10 @@ -@comment $NetBSD: PLIST,v 1.2 2004/11/05 22:12:17 jmmv Exp $ +@comment $NetBSD: PLIST,v 1.3 2005/01/04 13:40:38 shannonjr Exp $ bin/dirmngr +bin/dirmngr-client +libexec/dirmngr_ldap +sbin/runDirmngr +share/examples/rc.d/dirmngr ${PKGLOCALEDIR}/locale/de/LC_MESSAGES/dirmngr.mo +@exec ${MKDIR} %D/libdata/dirmngr/extra-certs +@dirrm libdata/dirmngr/extra-certs +@dirrm libdata/dirmngr diff --git a/security/dirmngr/distinfo b/security/dirmngr/distinfo index 9dc40625427..899a7249b1c 100644 --- a/security/dirmngr/distinfo +++ b/security/dirmngr/distinfo @@ -1,7 +1,5 @@ -$NetBSD: distinfo,v 1.3 2004/11/05 22:12:17 jmmv Exp $ +$NetBSD: distinfo,v 1.4 2005/01/04 13:40:38 shannonjr Exp $ -SHA1 (dirmngr-0.5.6.tar.gz) = 584ee44d60b9385fcf0d0afa08f801fd05eba968 -Size (dirmngr-0.5.6.tar.gz) = 516196 bytes -SHA1 (patch-aa) = 02dd8cf8224650a61d07b8353761fe51a70f5d47 -SHA1 (patch-ab) = 84b9266877b312aed33bd99fb1e509c92a73045b -SHA1 (patch-ac) = ce9fd0eb7c095ff1494a00dd7606a039bb83928f +SHA1 (dirmngr-0.9.0.tar.gz) = 46dc0704abb5320465c9176d0dcc5eeafc0880fe +Size (dirmngr-0.9.0.tar.gz) = 568366 bytes +SHA1 (patch-aa) = f3b4c18afa24ba7838876e46c0084502c7656f4b diff --git a/security/dirmngr/files/dirmngr b/security/dirmngr/files/dirmngr new file mode 100644 index 00000000000..7724f8daa5c --- /dev/null +++ b/security/dirmngr/files/dirmngr @@ -0,0 +1,72 @@ +#!@RCD_SCRIPTS_SHELL@ +# +# $NetBSD: dirmngr,v 1.1 2005/01/04 13:40:38 shannonjr Exp $ +# +# PROVIDE: dirmngr +# REQUIRE: DAEMON +# + +if [ -f @PKG_SYSCONFDIR@/rc.subr ]; then + . @PKG_SYSCONFDIR@/rc.subr +fi + +name="dirmngr" +rcvar="${name}" +dirmngr_user="dirmngr" +dirmngr_group="dirmngr" +dirmngr_flags="--daemon" +dirmngr_command="@PREFIX@/sbin/runDirmngr" +start_precmd="dirmngr_precmd" +start_cmd="dirmngr_start" +start_postcmd="dirmngr_postcmd" +stop_cmd="dirmngr_stop" +required_dirs="@PKG_SYSCONFDIR@/dirmngr" +required_files="@PKG_SYSCONFDIR@/dirmngr/ldapservers.conf" + +dirmngr_precmd() +{ + mkdir -p @VARBASE@/run/dirmngr + chgrp dirmngr @VARBASE@/run/dirmngr + chmod 775 @VARBASE@/run/dirmngr + mkdir -p /tmp/dirmngr + chgrp dirmngr /tmp/dirmngr + chmod 755 /tmp/dirmngr +} + +dirmngr_start() +{ + for _f in $required_dirs; do + if [ ! -d "${_f}/." ]; then + warn "${_f} is not a directory." + if [ -z $rc_force ]; then + return 1 + fi + fi + done + for _f in $required_files; do + if [ ! -r "${_f}" ]; then + warn "${_f} is not readable." + if [ -z $rc_force ]; then + return 1 + fi + fi + done + eval `${dirmngr_command} ${rc_flags}` +} + +dirmngr_postcmd() +{ + echo ${DIRMNGR_INFO} >/tmp/dirmngr/dirmngr.info + chmod 644 /tmp/dirmngr/dirmngr.info + dirmngr_pid=`cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info` +} + +dirmngr_stop() +{ + if [ -f /tmp/dirmngr/dirmngr.info ] ; then + kill `cut -f 2 -d ':' /tmp/dirmngr/dirmngr.info` + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/security/dirmngr/files/runDirmngr.c b/security/dirmngr/files/runDirmngr.c new file mode 100644 index 00000000000..6c4f21ed8f9 --- /dev/null +++ b/security/dirmngr/files/runDirmngr.c @@ -0,0 +1,172 @@ +/* + Spawns dirmngr with UID and GID with a specific UID and GID. + The path for dirmngr is specified by the compiled-in definition + DIRMNGR_USER, normally passed as a compiler argument: + + `-D DIRMNGR_USER=DEFINITION' + + The UID and GID are the uid and gid for user DIRMNGR_USER. + DIRMNGR_USER is normally defined through a compiler argument + also. +*/ + + +#include <unistd.h> +#include <string.h> +#include <stdio.h> +#include <errno.h> +#include <stdlib.h> +#include <sys/wait.h> +#include <pwd.h> +#include <syslog.h> + +#define MAX_ARGS 40 +#ifndef TRUE +#define TRUE 1 +#endif /* TRUE */ + +#ifndef FALSE +#define FALSE 0 +#endif /* FALSE */ + + +void error_sys(char *str) + +{ + /* Output error message to syslog */ + char msg[1024]; + snprintf(msg, sizeof(msg), "runDirmngr : %s : %s", str, strerror(errno)); + syslog(LOG_ALERT, msg); + +} + + +int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid) +{ + /* Obtain UID and GID from passwd entry identified by name */ + struct passwd *pw_entry; + char msg[100]; + + if ((pw_entry = getpwnam(name)) == NULL) + { + snprintf(msg, sizeof(msg), "failed to get password entry for %s", name); + error_sys(msg); + return FALSE; + } + else + { + *pw_uid = pw_entry->pw_uid; + *pw_gid = pw_entry->pw_gid; + return TRUE; + + } +} + + + + +int main (int argc, char **argv ) + +{ + + pid_t pid; + uid_t UID; + gid_t GID; + pid_t pidwait; + int waitstat; + + /* Sanity check */ + if (argc > MAX_ARGS) + { + error_sys("arg buffer too small"); + exit(-1); + } +/* + if (getpid() != 0) + { + error_sys("must be called by root"); + exit(-1); + } +*/ + + /* fork child that will become dirmngr */ + if ((pid = fork()) < 0) + + error_sys("fork error"); + + else + + { + + if (pid == 0) + + { + + /* We're the child */ + + if (!obtainUIDandGID(DIRMNGR_USER, &UID, &GID)) + exit(-1); + + /* Drop privileges immediately */ + if (setgid(GID) < 0) + { + /* It is VERY important to check return + value and not continue if setgid fails + */ + error_sys ("setgid failed"); + exit (-1); + } + + if (setuid(UID) < 0) + { + /* It is VERY important to check return + value and not continue if setuid fails + */ + error_sys ("setuid failed"); + exit (-1); + } + + /* Build calling argv */ + char *args[MAX_ARGS]; + unsigned int i; + args[0] = DIRMNGR_PATH; + for (i=1;i<argc;i++) + { + args[i] = argv[i]; + } + args[i++] = NULL; + + /* Finally transform self into dirmngr */ + if (execvp(DIRMNGR_PATH, args) < 0) + error_sys("execve error"); + else + ; /* avoid if-then ambiguity */ + } + + else + + { + /* We're the parent + Wait for child to terminate + */ + pidwait = waitpid(pid, &waitstat, 0); + switch (pidwait) { + case 0: exit(0); + case -1: + perror(strerror(errno)); + exit(-1); + default: + if (WIFEXITED(waitstat)) { + exit(WEXITSTATUS(waitstat)); + } + else + { + exit(-1); + } + } + + } + + } + +} diff --git a/security/dirmngr/patches/patch-aa b/security/dirmngr/patches/patch-aa index 00e556bc5be..28bb9070439 100644 --- a/security/dirmngr/patches/patch-aa +++ b/security/dirmngr/patches/patch-aa @@ -1,31 +1,17 @@ -$NetBSD: patch-aa,v 1.2 2004/11/05 22:12:17 jmmv Exp $ +$NetBSD: patch-aa,v 1.3 2005/01/04 13:40:38 shannonjr Exp $ ---- configure.orig 2004-09-28 14:37:56.000000000 +0200 -+++ configure -@@ -10934,7 +10934,7 @@ else - fi; - if test "x$with_ldap" = "xCHECK" ; then - with_ldap=NOTFOUND -- search_incs="$kde_includes /usr/include /usr/local/include" -+ search_incs="${BUILDLINK_PREFIX_openldap}/include" +--- src/Makefile.in.orig 2004-12-17 03:35:04.000000000 -0700 ++++ src/Makefile.in +@@ -259,9 +259,9 @@ localedir = $(datadir)/locale + EXTRA_DIST = Manifest + AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" \ + -DDIRMNGR_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \ +- -DDIRMNGR_LIBEXECDIR="\"$(libexecdir)\"" \ +- -DDIRMNGR_DATADIR="\"$(localstatedir)/lib/@PACKAGE@\"" \ +- -DDIRMNGR_CACHEDIR="\"$(localstatedir)/cache/@PACKAGE@\"" ++ -DDIRMNGR_LIBEXECDIR="\"$(libexecdir)/@PACKAGE@\"" \ ++ -DDIRMNGR_DATADIR="\"$(prefix)/libdata/@PACKAGE@\"" \ ++ -DDIRMNGR_CACHEDIR="\"$(localstatedir)/@PACKAGE@/cache\"" + AM_CFLAGS = -I$(top_srcdir)/jnlib @LIBGCRYPT_CFLAGS@ @LIBASSUAN_CFLAGS@ \ + @KSBA_CFLAGS@ @GPG_ERROR_CFLAGS@ $(PTH_CFLAGS) - ldap_incdir=NO - for i in $search_incs; -@@ -10959,7 +10959,7 @@ done - for ext in la so sl a ; do - - ldap_libdir=NO --for i in /usr/lib /usr/local/lib; -+for i in ${BUILDLINK_PREFIX_openldap}/lib - do - for j in libldap.$ext; - do -@@ -11290,7 +11290,7 @@ _ACEOF - fi - - --for ac_header in string.h -+for ac_header in locale.h string.h - do - as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` - if eval "test \"\${$as_ac_Header+set}\" = set"; then diff --git a/security/dirmngr/patches/patch-ab b/security/dirmngr/patches/patch-ab deleted file mode 100644 index 9f3a58336e3..00000000000 --- a/security/dirmngr/patches/patch-ab +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-ab,v 1.1 2004/11/04 20:57:06 shannonjr Exp $ - ---- src/http.c.orig 2004-04-02 11:05:19.000000000 -0700 -+++ src/http.c -@@ -456,8 +456,7 @@ send_request (http_t hd) - server = *hd->uri->host ? hd->uri->host : "localhost"; - port = hd->uri->port ? hd->uri->port : 80; - -- if ((hd->flags & HTTP_FLAG_TRY_PROXY) -- && (http_proxy = getenv (HTTP_PROXY_ENV))) -+ if (http_proxy = getenv (HTTP_PROXY_ENV)) - { - parsed_uri_t uri; - diff --git a/security/dirmngr/patches/patch-ac b/security/dirmngr/patches/patch-ac deleted file mode 100644 index aed6e8ca293..00000000000 --- a/security/dirmngr/patches/patch-ac +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ac,v 1.1 2004/11/05 22:12:17 jmmv Exp $ - ---- doc/dirmngr.info.orig 2004-09-28 14:38:38.000000000 +0200 -+++ doc/dirmngr.info -@@ -3,7 +3,7 @@ dirmngr.texi. - - INFO-DIR-SECTION GNU Utilities - START-INFO-DIR-ENTRY --* dirmngr: (gnupg). X.509 CRL and OCSP server. -+* dirmngr: (dirmngr). X.509 CRL and OCSP server. - END-INFO-DIR-ENTRY - This file documents the use of dirmngr. - |