Changeset 1807


Ignore:
Timestamp:
Apr 16, 2011, 7:59:42 PM (12 years ago)
Author:
achernya
Message:
Necessary changes to build the Scripts RPMs on Fedora 15:

 * Stop scriptsifying 389-ds-base, as it appears to have Mitch's patch
 * Update krb5.spec.patch for krb5-1.9
 * Update the krb5-kuserok-scripts.patch to work with krb5-1.9 (code
   review requested)
 * Update httpd.spec.patch to apply properly to Fedora's newly
   cleaned-up httpd.spec
 * Bump zephyr to version 3.0.1
 
Location:
branches/fc15-dev/server
Files:
1 deleted
6 edited

Legend:

Unmodified
Added
Removed
  • branches/fc15-dev/server/common/patches/krb5-kuserok-scripts.patch

    r1693 r1807  
    11# scripts.mit.edu krb5 kuserok patch
    22# Copyright (C) 2006  Tim Abbott <tabbott@mit.edu>
     3#               2011  Alexander Chernyakhovsky <achernya@mit.edu>
    34#
    45# This program is free software; you can redistribute it and/or
     
    1819# See /COPYRIGHT in this repository for more information.
    1920#
    20 --- krb5-1.6.3/src/lib/krb5/os/kuserok.c.old    2009-04-08 06:17:06.000000000 -0400
    21 +++ krb5-1.6.3/src/lib/krb5/os/kuserok.c        2009-04-08 06:17:18.000000000 -0400
    22 @@ -31,6 +31,7 @@
    23  #if !defined(_WIN32)           /* Not yet for Windows */
     21--- krb5-1.9/src/lib/krb5/os/kuserok.c.old      2011-04-16 19:09:58.000000000 -0400
     22+++ krb5-1.9/src/lib/krb5/os/kuserok.c  2011-04-16 19:34:23.000000000 -0400
     23@@ -32,6 +32,7 @@
     24 #if !defined(_WIN32)            /* Not yet for Windows */
    2425 #include <stdio.h>
    2526 #include <pwd.h>
     
    2829 #if defined(_AIX) && defined(_IBMR2)
    2930 #include <sys/access.h>
    30 @@ -71,7 +72,6 @@
    31  {
     31@@ -100,6 +101,7 @@
    3232     struct stat sbuf;
    33      struct passwd *pwd;
    34 -    char pbuf[MAXPATHLEN];
    35      krb5_boolean isok = FALSE;
    36      FILE *fp;
    37      char kuser[MAX_USERNAME];
    38 @@ -79,71 +79,35 @@
    39      char linebuf[BUFSIZ];
    40      char *newline;
    41      int gobble;
     33     struct passwd pwx, *pwd;
     34     FILE *fp = NULL;
    4235+    int pid, status;
    4336 
    44      /* no account => no access */
    45      char pwbuf[BUFSIZ];
    46      struct passwd pwx;
     37     if (profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS,
     38                             KRB5_CONF_K5LOGIN_AUTHORITATIVE, NULL, TRUE,
     39@@ -110,41 +112,27 @@
    4740     if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
    48         return(FALSE);
    49 -    (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
    50 -    pbuf[sizeof(pbuf) - 1] = '\0';
    51 -    (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf));
     41         goto cleanup;
     42 
     43-    if (get_k5login_filename(context, luser, pwd->pw_dir, &filename) != 0)
     44-        goto cleanup;
    5245-
    53 -    if (access(pbuf, F_OK)) {   /* not accessible */
    54 -       /*
    55 -        * if he's trying to log in as himself, and there is no .k5login file,
    56 -        * let him.  To find out, call
    57 -        * krb5_aname_to_localname to convert the principal to a name
    58 -        * which we can string compare.
    59 -        */
    60 -       if (!(krb5_aname_to_localname(context, principal,
    61 -                                     sizeof(kuser), kuser))
    62 -           && (strcmp(kuser, luser) == 0)) {
    63 -           return(TRUE);
    64 -       }
     46-    if (access(filename, F_OK) != 0) {
     47-        result = PASS;
     48-        goto cleanup;
    6549-    }
    66      if (krb5_unparse_name(context, principal, &princname))
    67         return(FALSE);                  /* no hope of matching */
     50-
     51     if (krb5_unparse_name(context, principal, &princname) != 0)
     52         goto cleanup;
    6853 
    69 -    /* open ~/.k5login */
    70 -    if ((fp = fopen(pbuf, "r")) == NULL) {
    71 -       free(princname);
    72 -       return(FALSE);
    73 -    }
     54-    fp = fopen(filename, "r");
     55-    if (fp == NULL)
     56+    if ((pid = fork()) == -1)
     57         goto cleanup;
    7458-    set_cloexec_file(fp);
    75 -    /*
    76 -     * For security reasons, the .k5login file must be owned either by
    77 -     * the user himself, or by root.  Otherwise, don't grant access.
    78 -     */
    79 -    if (fstat(fileno(fp), &sbuf)) {
    80 -       fclose(fp);
    81 -       free(princname);
    82 -       return(FALSE);
    83 +    if ((pid = fork()) == -1) {
    84 +       free(princname);
    85 +       return(FALSE);
     59-
     60-    /* For security reasons, the .k5login file must be owned either by
     61-     * the user or by root. */
     62-    if (fstat(fileno(fp), &sbuf))
     63-        goto cleanup;
     64-    if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid))
     65-        goto cleanup;
     66-
     67-    /* Check each line. */
     68-    while (result != ACCEPT && (fgets(linebuf, sizeof(linebuf), fp) != NULL)) {
     69-        newline = strrchr(linebuf, '\n');
     70-        if (newline != NULL)
     71-            *newline = '\0';
     72-        if (strcmp(linebuf, princname) == 0)
     73-            result = ACCEPT;
     74-        /* Clean up the rest of the line if necessary. */
     75-        if (newline == NULL)
     76-            while (((gobble = getc(fp)) != EOF) && gobble != '\n');
     77+   
     78+    if (pid == 0) {
     79+        char *args[4];
     80+#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
     81+        args[0] = ADMOF_PATH;
     82+        args[1] = (char *) luser;
     83+        args[2] = princname;
     84+        args[3] = NULL;
     85+        execv(ADMOF_PATH, args);
     86+        exit(1);
    8687     }
    87 -    if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) {
    88 -       fclose(fp);
    89 -       free(princname);
    90 -       return(FALSE);
    91 +    if (pid == 0) {
    92 +       char *args[4];
    93 +#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
    94 +       args[0] = ADMOF_PATH;
    95 +       args[1] = (char *) luser;
    96 +       args[2] = princname;
    97 +       args[3] = NULL;
    98 +       execv(ADMOF_PATH, args);
    99 +       exit(1);
    100      }
    101 -
    102 -    /* check each line */
    103 -    while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
    104 -       /* null-terminate the input string */
    105 -       linebuf[BUFSIZ-1] = '\0';
    106 -       newline = NULL;
    107 -       /* nuke the newline if it exists */
    108 -       if ((newline = strchr(linebuf, '\n')))
    109 -           *newline = '\0';
    110 -       if (!strcmp(linebuf, princname)) {
    111 -           isok = TRUE;
    112 -           continue;
    113 -       }
    114 -       /* clean up the rest of the line if necessary */
    115 -       if (!newline)
    116 -           while (((gobble = getc(fp)) != EOF) && gobble != '\n');
     88 
    11789+    if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) {
    118 +       isok=TRUE;
    119      }
     90+        result = ACCEPT;
     91+    }
    12092+   
     93 cleanup:
    12194     free(princname);
    122 -    fclose(fp);
    123      return(isok);
    124  }
    125  
     95     free(filename);
  • branches/fc15-dev/server/fedora/Makefile

    r1804 r1807  
    1919# See /COPYRIGHT in this repository for more information.
    2020
    21 upstream_yum    = krb5 krb5.i686 httpd openssh 389-ds-base
     21upstream_yum    = krb5 krb5.i686 httpd openssh
    2222hackage         = MonadCatchIO-mtl-0.3.0.1 cgi-3001.1.8.1 unix-handle-0.0.0
    2323upstream_hackage = ghc-MonadCatchIO-mtl ghc-cgi ghc-unix-handle
     
    4545heartbeat_url   = "http://kojipkgs.fedoraproject.org/packages/heartbeat/3.0.0/0.5.0daab7da36a8.hg.fc12/src/heartbeat-3.0.0-0.5.0daab7da36a8.hg.fc12.src.rpm"
    4646pacemaker_url   = "http://kojipkgs.fedoraproject.org/packages/pacemaker/1.0.5/5.fc12/src/pacemaker-1.0.5-5.fc12.src.rpm"
    47 zephyr_url      = "http://zephyr.1ts.org/export/HEAD/distribution/zephyr-3.0.tar.gz"
     47zephyr_url      = "http://zephyr.1ts.org/export/HEAD/distribution/zephyr-3.0.1.tar.gz"
    4848
    4949PKG             = $(patsubst %.i686,%,$@)
  • branches/fc15-dev/server/fedora/specs/httpd.spec.patch

    r1738 r1807  
    11--- httpd.spec.orig     2010-10-27 08:26:15.000000000 -0400
    22+++ httpd.spec  2010-11-18 18:20:43.000000000 -0500
    3 @@ -7,7 +7,7 @@
     3@@ -8,7 +8,7 @@
    44 Summary: Apache HTTP Server
    55 Name: httpd
    66 Version: 2.2.17
    7 -Release: 1%{?dist}.1
    8 +Release: 1%{?dist}.1.scripts.%{scriptsversion}
     7-Release: 10%{?dist}.1
     8+Release: 10%{?dist}.1.scripts.%{scriptsversion}
    99 URL: http://httpd.apache.org/
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1111 Source1: index.html
    12 @@ -55,6 +55,14 @@
    13  Conflicts: pcre < 4.0
    14  Requires: httpd-tools = %{version}-%{release}, apr-util-ldap
     12@@ -54,6 +54,14 @@
     13 Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
     14 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap, systemd-units
    1515 
    1616+Provides: scripts-httpd
     
    2525 The Apache HTTP Server is a powerful, efficient, and extensible
    2626 web server.
    27 @@ -65,6 +73,7 @@
     27@@ -64,6 +72,7 @@
    2828 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    2929 Requires: apr-devel, apr-util-devel, pkgconfig
     
    3333 %description devel
    3434 The httpd-devel package contains the APXS binary and other files
    35 @@ -103,6 +112,7 @@
    36  Requires(post): openssl >= 0.9.7f-4, /bin/cat
     35@@ -102,6 +102,7 @@
     36 Requires(post): openssl, /bin/cat
    3737 Requires(pre): httpd
    38  Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn}
     38 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
    3939+Provides: scripts-mod_ssl
    4040 Obsoletes: stronghold-mod_ssl
    4141 
    4242 %description -n mod_ssl
    43 @@ -130,6 +140,13 @@
     43@@ -129,6 +139,13 @@
    4444 # Patch in vendor/release string
    4545 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     
    5555 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    5656 if test "x${vmmn}" != "x%{mmn}"; then
    57 @@ -177,10 +194,12 @@
     57@@ -176,10 +193,12 @@
    5858         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    5959        --enable-suexec --with-suexec \
  • branches/fc15-dev/server/fedora/specs/krb5.spec.patch

    r1795 r1807  
    11--- krb5.spec.orig      2011-03-25 17:29:24.000000000 -0400
    22+++ krb5.spec   2011-03-25 17:31:15.000000000 -0400
    3 @@ -10,7 +10,7 @@
     3@@ -6,7 +6,7 @@
    44 Summary: The Kerberos network authentication system
    55 Name: krb5
    6  Version: 1.7.1
    7 -Release: 18%{?dist}
    8 +Release: 18%{?dist}.scripts.%{scriptsversion}
     6 Version: 1.9
     7-Release: 6%{?dist}
     8+Release: 6%{?dist}.scripts.%{scriptsversion}
    99 # Maybe we should explode from the now-available-to-everybody tarball instead?
    10  # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
     10 # http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9-signed.tar
    1111 Source0: krb5-%{version}.tar.gz
    12 @@ -96,6 +96,8 @@
    13  Patch107: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt
    14  Patch108: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt
     12@@ -53,6 +53,8 @@
     13 Patch74: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt
     14 Patch75: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt
    1515 
    1616+Patch1000: krb5-kuserok-scripts.patch
     
    1919 URL: http://web.mit.edu/kerberos/www/
    2020 Group: System Environment/Libraries
    21 @@ -140,6 +142,7 @@
     21@@ -97,6 +99,7 @@
    2222 %package libs
    2323 Summary: The shared libraries used by Kerberos 5
     
    2727 %description libs
    2828 Kerberos is a network authentication system. The krb5-libs package
    29 @@ -1684,6 +1687,7 @@
    30  %patch106 -p1 -b .2011-001
    31  %patch107 -p1 -b .2011-002
    32  %patch108 -p1 -b .2011-003
     29@@ -192,6 +195,7 @@
     30 %patch73 -p1 -b .2011-001
     31 %patch74 -p1 -b .2011-002
     32 %patch75 -p1 -b .2011-003
    3333+%patch1000 -p1 -b .kuserok
    3434 gzip doc/*.ps
  • branches/fc15-dev/server/fedora/specs/scripts-base.spec

    r1761 r1807  
    3131Requires: httpdmods
    3232Requires: %{all_archs nss_nonlocal}
    33 Requires: scripts-389-ds
    3433%define debug_package %{nil}
    3534
  • branches/fc15-dev/server/fedora/specs/zephyr.spec

    r1693 r1807  
    11Name:           zephyr
    2 Version:        3.0
     2Version:        3.0.1
    33Release:        0.%{scriptsversion}%{?dist}
    44Summary:        Client programs for the Zephyr real-time messaging system
     
    139139
    140140%changelog
     141* Sat Apr 16 2011 Alexander Chernyakhovsky <achernya@mit.edu> 3.0.1-0
     142- Zephyr 3.0.1
     143
    141144* Sun Sep 19 2010 Anders Kaseorg <andersk@mit.edu> - 3.0-0
    142145- Decrease version below a hypothetical Fedora package.
Note: See TracChangeset for help on using the changeset viewer.