diff options
author | Kacper Kowalik <xarthisius@gentoo.org> | 2010-06-17 20:08:04 +0000 |
---|---|---|
committer | Kacper Kowalik <xarthisius@gentoo.org> | 2010-06-17 20:08:04 +0000 |
commit | aed07613aaccf0cd543d86c263aa5e3bae2b63bb (patch) | |
tree | 38d378badfa560b1ebb2a52f10961f98fe5a8689 /sys-cluster | |
parent | Migrating away from deprecated postgres virtuals (diff) | |
download | gentoo-2-aed07613aaccf0cd543d86c263aa5e3bae2b63bb.tar.gz gentoo-2-aed07613aaccf0cd543d86c263aa5e3bae2b63bb.tar.bz2 gentoo-2-aed07613aaccf0cd543d86c263aa5e3bae2b63bb.zip |
Updating ebuild and gnutls patch. Fixes bug 293835, 293866, 298333. Thanks Giampaolo Tomassoni for patch
(Portage version: 2.1.8.3/cvs/Linux x86_64)
Diffstat (limited to 'sys-cluster')
-rw-r--r-- | sys-cluster/csync2/ChangeLog | 11 | ||||
-rw-r--r-- | sys-cluster/csync2/csync2-1.34-r1.ebuild | 96 | ||||
-rw-r--r-- | sys-cluster/csync2/files/csync2-1.34-gnutls.patch | 279 |
3 files changed, 384 insertions, 2 deletions
diff --git a/sys-cluster/csync2/ChangeLog b/sys-cluster/csync2/ChangeLog index b405db38a6b4..ae46cc6f5f72 100644 --- a/sys-cluster/csync2/ChangeLog +++ b/sys-cluster/csync2/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-cluster/csync2 -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/csync2/ChangeLog,v 1.27 2009/11/15 13:38:29 xmerlin Exp $ +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/csync2/ChangeLog,v 1.28 2010/06/17 20:08:04 xarthisius Exp $ + +*csync2-1.34-r1 (17 Jun 2010) + + 17 Jun 2010; Kacper Kowalik <xarthisius@gentoo.org> + +csync2-1.34-r1.ebuild, +files/csync2-1.34-gnutls.patch: + Updating ebuild and gnutls patch. Fixes bug 293835, 293866, 298333. Thanks + Giampaolo Tomassoni for patch 15 Nov 2009; Christian Zoffoli <xmerlin@gentoo.org> csync2-1.34.ebuild: Fixed compilation with gnutls-2.xx, thanks to Giampaolo Tomassoni diff --git a/sys-cluster/csync2/csync2-1.34-r1.ebuild b/sys-cluster/csync2/csync2-1.34-r1.ebuild new file mode 100644 index 000000000000..838137324215 --- /dev/null +++ b/sys-cluster/csync2/csync2-1.34-r1.ebuild @@ -0,0 +1,96 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/csync2/csync2-1.34-r1.ebuild,v 1.1 2010/06/17 20:08:04 xarthisius Exp $ + +EAPI=2 + +inherit autotools eutils + +DESCRIPTION="Cluster synchronization tool." +HOMEPAGE="http://oss.linbit.com/csync2/" +SRC_URI="http://oss.linbit.com/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +KEYWORDS="~amd64 ~x86" + +IUSE="ssl" + +RDEPEND=">=net-libs/librsync-0.9.5 + =dev-db/sqlite-2.8* + >=net-libs/gnutls-2.7.3" +DEPEND="${RDEPEND} + dev-util/pkgconfig" + +SLOT="0" + +src_prepare() { + epatch "${FILESDIR}"/${P}-gnutls.patch #274213 + eautoreconf +} + +src_configure() { + econf \ + --localstatedir=/var \ + --sysconfdir=/etc/csync2 \ + $(use_enable ssl gnutls) +} + +src_install() { + emake DESTDIR="${D}" \ + localstatedir=/var \ + sysconfdir=/etc/csync2 \ + install || die "install problem" + + insinto /etc/xinetd.d + newins "${FILESDIR}"/${PN}.xinetd ${PN} || die + + dodir /var/lib/csync2/ || die + keepdir /var/lib/csync2/ + + dodoc AUTHORS ChangeLog INSTALL NEWS README TODO csync2_locheck.sh || die +} + +pkg_postinst() { + echo + einfo "After you setup your conf file, edit the xinetd" + einfo "entry in /etc/xinetd.d/${PN} to enable, then" + einfo "start xinetd: /etc/init.d/xinetd start" + echo + einfo "To add ${PN} to your services file just run" + einfo "this command after you install:" + echo + einfo "emerge --config =${PF}" + echo + einfo "Now you can find csync2.cfg under /etc/${PN}" + einfo "Please move you old config to the right location" + echo +} + +pkg_config() { + einfo "Updating ${ROOT}/etc/services" + { grep -v ^${PN} "${ROOT}"/etc/services; + echo "csync2 30865/tcp" + } > "${ROOT}"/etc/services.new + mv -f "${ROOT}"/etc/services.new "${ROOT}"/etc/services + + if [ ! -f "${ROOT}"/etc/${PN}/csync2_ssl_key.pem ]; then + einfo "Creating default certificate in ${ROOT}/etc/${PN}" + + openssl genrsa -out "${ROOT}"/etc/${PN}/csync2_ssl_key.pem 1024 &> /dev/null + + yes '' | \ + openssl req -new \ + -key "${ROOT}"/etc/${PN}/csync2_ssl_key.pem \ + -out "${ROOT}"/etc/${PN}/csync2_ssl_cert.csr \ + &> "${ROOT}"/dev/null + + openssl x509 -req -days 600 \ + -in "${ROOT}"/etc/${PN}/csync2_ssl_cert.csr \ + -signkey "${ROOT}"/etc/${PN}/csync2_ssl_key.pem \ + -out "${ROOT}"/etc/${PN}/csync2_ssl_cert.pem \ + &> "${ROOT}"/dev/null + + rm "${ROOT}"/etc/${PN}/csync2_ssl_cert.csr + chmod 400 "${ROOT}"/etc/${PN}/csync2_ssl_key.pem "${ROOT}"/etc/${PN}/csync2_ssl_cert.pem + fi +} diff --git a/sys-cluster/csync2/files/csync2-1.34-gnutls.patch b/sys-cluster/csync2/files/csync2-1.34-gnutls.patch new file mode 100644 index 000000000000..64af5229be74 --- /dev/null +++ b/sys-cluster/csync2/files/csync2-1.34-gnutls.patch @@ -0,0 +1,279 @@ +Fixes build with >=net-libs/gnutls-2.7.1 + +http://bugs.gentoo.org/show_bug.cgi?id=274213 + +--- conn.c ++++ conn.c +@@ -32,7 +32,7 @@ + + #ifdef HAVE_LIBGNUTLS_OPENSSL + # include <gnutls/gnutls.h> +-# include <gnutls/openssl.h> ++# include <gnutls/x509.h> + #endif + + int conn_fd_in = -1; +@@ -42,9 +42,8 @@ + #ifdef HAVE_LIBGNUTLS_OPENSSL + int csync_conn_usessl = 0; + +-SSL_METHOD *conn_ssl_meth; +-SSL_CTX *conn_ssl_ctx; +-SSL *conn_ssl; ++static gnutls_session_t conn_tls_session; ++static gnutls_certificate_credentials_t conn_x509_cred; + #endif + + int conn_open(const char *peername) +@@ -112,41 +111,104 @@ + + #ifdef HAVE_LIBGNUTLS_OPENSSL + +-char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem"; +-char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem"; ++static void ssl_log(int level, const char* msg) ++{ csync_debug(level, "%s", msg); } ++ ++static const char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem"; ++static const char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem"; + + int conn_activate_ssl(int server_role) + { +- static int sslinit = 0; ++ gnutls_alert_description_t alrt; ++ int err; + + if (csync_conn_usessl) + return 0; + +- if (!sslinit) { +- SSL_load_error_strings(); +- SSL_library_init(); +- sslinit=1; ++ gnutls_global_init(); ++ gnutls_global_set_log_function(ssl_log); ++ gnutls_global_set_log_level(10); ++ ++ gnutls_certificate_allocate_credentials(&conn_x509_cred); ++ ++ err = gnutls_certificate_set_x509_key_file(conn_x509_cred, ssl_certfile, ssl_keyfile, GNUTLS_X509_FMT_PEM); ++ if(err != GNUTLS_E_SUCCESS) { ++ gnutls_certificate_free_credentials(conn_x509_cred); ++ gnutls_global_deinit(); ++ ++ csync_fatal( ++ "SSL: failed to use key file %s and/or certificate file %s: %s (%s)\n", ++ ssl_keyfile, ++ ssl_certfile, ++ gnutls_strerror(err), ++ gnutls_strerror_name(err) ++ ); + } + +- conn_ssl_meth = (server_role ? SSLv23_server_method : SSLv23_client_method)(); +- conn_ssl_ctx = SSL_CTX_new(conn_ssl_meth); +- +- if (SSL_CTX_use_PrivateKey_file(conn_ssl_ctx, ssl_keyfile, SSL_FILETYPE_PEM) <= 0) +- csync_fatal("SSL: failed to use key file %s.\n", ssl_keyfile); +- +- if (SSL_CTX_use_certificate_file(conn_ssl_ctx, ssl_certfile, SSL_FILETYPE_PEM) <= 0) +- csync_fatal("SSL: failed to use certificate file %s.\n", ssl_certfile); ++ if(server_role) { ++ gnutls_certificate_free_cas(conn_x509_cred); + +- if (! (conn_ssl = SSL_new(conn_ssl_ctx)) ) +- csync_fatal("Creating a new SSL handle failed.\n"); +- +- gnutls_certificate_server_set_request(conn_ssl->gnutls_state, GNUTLS_CERT_REQUIRE); ++ if(gnutls_certificate_set_x509_trust_file(conn_x509_cred, ssl_certfile, GNUTLS_X509_FMT_PEM) < 1) { ++ gnutls_certificate_free_credentials(conn_x509_cred); ++ gnutls_global_deinit(); ++ ++ csync_fatal( ++ "SSL: failed to use certificate file %s as CA.\n", ++ ssl_certfile ++ ); ++ } ++ } else ++ gnutls_certificate_free_ca_names(conn_x509_cred); + +- SSL_set_rfd(conn_ssl, conn_fd_in); +- SSL_set_wfd(conn_ssl, conn_fd_out); ++ gnutls_init(&conn_tls_session, (server_role ? GNUTLS_SERVER : GNUTLS_CLIENT)); ++ gnutls_priority_set_direct(conn_tls_session, "PERFORMANCE", NULL); ++ gnutls_credentials_set(conn_tls_session, GNUTLS_CRD_CERTIFICATE, conn_x509_cred); ++ ++ if(server_role) { ++ gnutls_certificate_send_x509_rdn_sequence(conn_tls_session, 0); ++ gnutls_certificate_server_set_request(conn_tls_session, GNUTLS_CERT_REQUIRE); ++ } + +- if ( (server_role ? SSL_accept : SSL_connect)(conn_ssl) < 1 ) +- csync_fatal("Establishing SSL connection failed.\n"); ++ gnutls_transport_set_ptr2( ++ conn_tls_session, ++ (gnutls_transport_ptr_t)conn_fd_in, ++ (gnutls_transport_ptr_t)conn_fd_out ++ ); ++ ++ err = gnutls_handshake(conn_tls_session); ++ switch(err) { ++ case GNUTLS_E_SUCCESS: ++ break; ++ ++ case GNUTLS_E_WARNING_ALERT_RECEIVED: ++ alrt = gnutls_alert_get(conn_tls_session); ++ fprintf( ++ csync_debug_out, ++ "SSL: warning alert received from peer: %d (%s).\n", ++ alrt, gnutls_alert_get_name(alrt) ++ ); ++ break; ++ ++ case GNUTLS_E_FATAL_ALERT_RECEIVED: ++ alrt = gnutls_alert_get(conn_tls_session); ++ fprintf( ++ csync_debug_out, ++ "SSL: fatal alert received from peer: %d (%s).\n", ++ alrt, gnutls_alert_get_name(alrt) ++ ); ++ ++ default: ++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); ++ gnutls_deinit(conn_tls_session); ++ gnutls_certificate_free_credentials(conn_x509_cred); ++ gnutls_global_deinit(); ++ ++ csync_fatal( ++ "SSL: handshake failed: %s (%s)\n", ++ gnutls_strerror(err), ++ gnutls_strerror_name(err) ++ ); ++ } + + csync_conn_usessl = 1; + +@@ -155,15 +217,15 @@ + + int conn_check_peer_cert(const char *peername, int callfatal) + { +- const X509 *peercert; ++ const gnutls_datum_t *peercerts; ++ unsigned npeercerts; + int i, cert_is_ok = -1; + + if (!csync_conn_usessl) + return 1; + +- peercert = SSL_get_peer_certificate(conn_ssl); +- +- if (!peercert || peercert->size <= 0) { ++ peercerts = gnutls_certificate_get_peers(conn_tls_session, &npeercerts); ++ if(peercerts == NULL || npeercerts == 0) { + if (callfatal) + csync_fatal("Peer did not provide an SSL X509 cetrificate.\n"); + csync_debug(1, "Peer did not provide an SSL X509 cetrificate.\n"); +@@ -171,11 +233,11 @@ + } + + { +- char certdata[peercert->size*2 + 1]; ++ char certdata[2*peercerts[0].size + 1]; + +- for (i=0; i<peercert->size; i++) +- sprintf(certdata+i*2, "%02X", peercert->data[i]); +- certdata[peercert->size*2] = 0; ++ for (i=0; i<peercerts[0].size; i++) ++ sprintf(&certdata[2*i], "%02X", peercerts[0].data[i]); ++ certdata[2*i] = 0; + + SQL_BEGIN("Checking peer x509 certificate.", + "SELECT certdata FROM x509_cert WHERE peername = '%s'", +@@ -222,7 +284,12 @@ + if ( !conn_clisok ) return -1; + + #ifdef HAVE_LIBGNUTLS_OPENSSL +- if ( csync_conn_usessl ) SSL_free(conn_ssl); ++ if ( csync_conn_usessl ) { ++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); ++ gnutls_deinit(conn_tls_session); ++ gnutls_certificate_free_credentials(conn_x509_cred); ++ gnutls_global_deinit(); ++ } + #endif + + if ( conn_fd_in != conn_fd_out) close(conn_fd_in); +@@ -239,7 +306,7 @@ + { + #ifdef HAVE_LIBGNUTLS_OPENSSL + if (csync_conn_usessl) +- return SSL_read(conn_ssl, buf, count); ++ return gnutls_record_recv(conn_tls_session, buf, count); + else + #endif + return read(conn_fd_in, buf, count); +@@ -251,7 +318,7 @@ + + #ifdef HAVE_LIBGNUTLS_OPENSSL + if (csync_conn_usessl) +- return SSL_write(conn_ssl, buf, count); ++ return gnutls_record_send(conn_tls_session, buf, count); + else + #endif + { +--- configure.ac ++++ configure.ac +@@ -17,11 +17,10 @@ + # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + # Process this file with autoconf to produce a configure script. +-AC_INIT(csync2, 1.34, clifford@clifford.at) ++AC_INIT([csync2], [1.34], clifford@clifford.at) + AM_INIT_AUTOMAKE + + AC_CONFIG_SRCDIR(csync2.c) +-AM_CONFIG_HEADER(config.h) + + # Use /etc and /var instead of $prefix/... + test "$localstatedir" = '${prefix}/var' && localstatedir=/var +@@ -32,6 +31,7 @@ + AC_PROG_INSTALL + AC_PROG_YACC + AM_PROG_LEX ++PKG_PROG_PKG_CONFIG + + # Check for librsync. + AC_ARG_WITH([librsync-source], +@@ -58,19 +58,10 @@ + + if test "$enable_gnutls" != no + then +- +- # Check for gnuTLS. +- AM_PATH_LIBGNUTLS(1.0.0, , [ AC_MSG_ERROR([[gnutls not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]]) ]) +- +- # This is a bloody hack for fedora core +- CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS" +- LIBS="$LIBS $LIBGNUTLS_LIBS -ltasn1" +- +- # Check gnuTLS SSL compatibility lib. +- AC_CHECK_LIB([gnutls-openssl], [SSL_new], , [AC_MSG_ERROR([[gnutls-openssl not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]])]) +- ++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls] , [AC_DEFINE(HAVE_LIBGNUTLS_OPENSSL, 1, [Define to 1 if GnuTLS is available])]) + fi + ++AM_CONFIG_HEADER([config.h]) + AC_CONFIG_FILES([Makefile]) + AC_OUTPUT + +--- Makefile.am ++++ Makefile.am +@@ -24,6 +24,8 @@ + csync2_SOURCES = action.c cfgfile_parser.y cfgfile_scanner.l check.c \ + checktxt.c csync2.c daemon.c db.c error.c getrealfn.c \ + groups.c rsync.c update.c urlencode.c conn.c prefixsubst.c ++csync2_LDADD = @LIBGNUTLS_LIBS@ ++csync2_CFLAGS = @LIBGNUTLS_CFLAGS@ + + AM_YFLAGS = -d + BUILT_SOURCES = cfgfile_parser.h |