summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKacper Kowalik <xarthisius@gentoo.org>2010-06-17 20:08:04 +0000
committerKacper Kowalik <xarthisius@gentoo.org>2010-06-17 20:08:04 +0000
commitaed07613aaccf0cd543d86c263aa5e3bae2b63bb (patch)
tree38d378badfa560b1ebb2a52f10961f98fe5a8689 /sys-cluster
parentMigrating away from deprecated postgres virtuals (diff)
downloadgentoo-2-aed07613aaccf0cd543d86c263aa5e3bae2b63bb.tar.gz
gentoo-2-aed07613aaccf0cd543d86c263aa5e3bae2b63bb.tar.bz2
gentoo-2-aed07613aaccf0cd543d86c263aa5e3bae2b63bb.zip
Updating ebuild and gnutls patch. Fixes bug 293835, 293866, 298333. Thanks Giampaolo Tomassoni for patch
(Portage version: 2.1.8.3/cvs/Linux x86_64)
Diffstat (limited to 'sys-cluster')
-rw-r--r--sys-cluster/csync2/ChangeLog11
-rw-r--r--sys-cluster/csync2/csync2-1.34-r1.ebuild96
-rw-r--r--sys-cluster/csync2/files/csync2-1.34-gnutls.patch279
3 files changed, 384 insertions, 2 deletions
diff --git a/sys-cluster/csync2/ChangeLog b/sys-cluster/csync2/ChangeLog
index b405db38a6b4..ae46cc6f5f72 100644
--- a/sys-cluster/csync2/ChangeLog
+++ b/sys-cluster/csync2/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-cluster/csync2
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/csync2/ChangeLog,v 1.27 2009/11/15 13:38:29 xmerlin Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/csync2/ChangeLog,v 1.28 2010/06/17 20:08:04 xarthisius Exp $
+
+*csync2-1.34-r1 (17 Jun 2010)
+
+ 17 Jun 2010; Kacper Kowalik <xarthisius@gentoo.org>
+ +csync2-1.34-r1.ebuild, +files/csync2-1.34-gnutls.patch:
+ Updating ebuild and gnutls patch. Fixes bug 293835, 293866, 298333. Thanks
+ Giampaolo Tomassoni for patch
15 Nov 2009; Christian Zoffoli <xmerlin@gentoo.org> csync2-1.34.ebuild:
Fixed compilation with gnutls-2.xx, thanks to Giampaolo Tomassoni
diff --git a/sys-cluster/csync2/csync2-1.34-r1.ebuild b/sys-cluster/csync2/csync2-1.34-r1.ebuild
new file mode 100644
index 000000000000..838137324215
--- /dev/null
+++ b/sys-cluster/csync2/csync2-1.34-r1.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/csync2/csync2-1.34-r1.ebuild,v 1.1 2010/06/17 20:08:04 xarthisius Exp $
+
+EAPI=2
+
+inherit autotools eutils
+
+DESCRIPTION="Cluster synchronization tool."
+HOMEPAGE="http://oss.linbit.com/csync2/"
+SRC_URI="http://oss.linbit.com/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="ssl"
+
+RDEPEND=">=net-libs/librsync-0.9.5
+ =dev-db/sqlite-2.8*
+ >=net-libs/gnutls-2.7.3"
+DEPEND="${RDEPEND}
+ dev-util/pkgconfig"
+
+SLOT="0"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-gnutls.patch #274213
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --localstatedir=/var \
+ --sysconfdir=/etc/csync2 \
+ $(use_enable ssl gnutls)
+}
+
+src_install() {
+ emake DESTDIR="${D}" \
+ localstatedir=/var \
+ sysconfdir=/etc/csync2 \
+ install || die "install problem"
+
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}"/${PN}.xinetd ${PN} || die
+
+ dodir /var/lib/csync2/ || die
+ keepdir /var/lib/csync2/
+
+ dodoc AUTHORS ChangeLog INSTALL NEWS README TODO csync2_locheck.sh || die
+}
+
+pkg_postinst() {
+ echo
+ einfo "After you setup your conf file, edit the xinetd"
+ einfo "entry in /etc/xinetd.d/${PN} to enable, then"
+ einfo "start xinetd: /etc/init.d/xinetd start"
+ echo
+ einfo "To add ${PN} to your services file just run"
+ einfo "this command after you install:"
+ echo
+ einfo "emerge --config =${PF}"
+ echo
+ einfo "Now you can find csync2.cfg under /etc/${PN}"
+ einfo "Please move you old config to the right location"
+ echo
+}
+
+pkg_config() {
+ einfo "Updating ${ROOT}/etc/services"
+ { grep -v ^${PN} "${ROOT}"/etc/services;
+ echo "csync2 30865/tcp"
+ } > "${ROOT}"/etc/services.new
+ mv -f "${ROOT}"/etc/services.new "${ROOT}"/etc/services
+
+ if [ ! -f "${ROOT}"/etc/${PN}/csync2_ssl_key.pem ]; then
+ einfo "Creating default certificate in ${ROOT}/etc/${PN}"
+
+ openssl genrsa -out "${ROOT}"/etc/${PN}/csync2_ssl_key.pem 1024 &> /dev/null
+
+ yes '' | \
+ openssl req -new \
+ -key "${ROOT}"/etc/${PN}/csync2_ssl_key.pem \
+ -out "${ROOT}"/etc/${PN}/csync2_ssl_cert.csr \
+ &> "${ROOT}"/dev/null
+
+ openssl x509 -req -days 600 \
+ -in "${ROOT}"/etc/${PN}/csync2_ssl_cert.csr \
+ -signkey "${ROOT}"/etc/${PN}/csync2_ssl_key.pem \
+ -out "${ROOT}"/etc/${PN}/csync2_ssl_cert.pem \
+ &> "${ROOT}"/dev/null
+
+ rm "${ROOT}"/etc/${PN}/csync2_ssl_cert.csr
+ chmod 400 "${ROOT}"/etc/${PN}/csync2_ssl_key.pem "${ROOT}"/etc/${PN}/csync2_ssl_cert.pem
+ fi
+}
diff --git a/sys-cluster/csync2/files/csync2-1.34-gnutls.patch b/sys-cluster/csync2/files/csync2-1.34-gnutls.patch
new file mode 100644
index 000000000000..64af5229be74
--- /dev/null
+++ b/sys-cluster/csync2/files/csync2-1.34-gnutls.patch
@@ -0,0 +1,279 @@
+Fixes build with >=net-libs/gnutls-2.7.1
+
+http://bugs.gentoo.org/show_bug.cgi?id=274213
+
+--- conn.c
++++ conn.c
+@@ -32,7 +32,7 @@
+
+ #ifdef HAVE_LIBGNUTLS_OPENSSL
+ # include <gnutls/gnutls.h>
+-# include <gnutls/openssl.h>
++# include <gnutls/x509.h>
+ #endif
+
+ int conn_fd_in = -1;
+@@ -42,9 +42,8 @@
+ #ifdef HAVE_LIBGNUTLS_OPENSSL
+ int csync_conn_usessl = 0;
+
+-SSL_METHOD *conn_ssl_meth;
+-SSL_CTX *conn_ssl_ctx;
+-SSL *conn_ssl;
++static gnutls_session_t conn_tls_session;
++static gnutls_certificate_credentials_t conn_x509_cred;
+ #endif
+
+ int conn_open(const char *peername)
+@@ -112,41 +111,104 @@
+
+ #ifdef HAVE_LIBGNUTLS_OPENSSL
+
+-char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem";
+-char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem";
++static void ssl_log(int level, const char* msg)
++{ csync_debug(level, "%s", msg); }
++
++static const char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem";
++static const char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem";
+
+ int conn_activate_ssl(int server_role)
+ {
+- static int sslinit = 0;
++ gnutls_alert_description_t alrt;
++ int err;
+
+ if (csync_conn_usessl)
+ return 0;
+
+- if (!sslinit) {
+- SSL_load_error_strings();
+- SSL_library_init();
+- sslinit=1;
++ gnutls_global_init();
++ gnutls_global_set_log_function(ssl_log);
++ gnutls_global_set_log_level(10);
++
++ gnutls_certificate_allocate_credentials(&conn_x509_cred);
++
++ err = gnutls_certificate_set_x509_key_file(conn_x509_cred, ssl_certfile, ssl_keyfile, GNUTLS_X509_FMT_PEM);
++ if(err != GNUTLS_E_SUCCESS) {
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++
++ csync_fatal(
++ "SSL: failed to use key file %s and/or certificate file %s: %s (%s)\n",
++ ssl_keyfile,
++ ssl_certfile,
++ gnutls_strerror(err),
++ gnutls_strerror_name(err)
++ );
+ }
+
+- conn_ssl_meth = (server_role ? SSLv23_server_method : SSLv23_client_method)();
+- conn_ssl_ctx = SSL_CTX_new(conn_ssl_meth);
+-
+- if (SSL_CTX_use_PrivateKey_file(conn_ssl_ctx, ssl_keyfile, SSL_FILETYPE_PEM) <= 0)
+- csync_fatal("SSL: failed to use key file %s.\n", ssl_keyfile);
+-
+- if (SSL_CTX_use_certificate_file(conn_ssl_ctx, ssl_certfile, SSL_FILETYPE_PEM) <= 0)
+- csync_fatal("SSL: failed to use certificate file %s.\n", ssl_certfile);
++ if(server_role) {
++ gnutls_certificate_free_cas(conn_x509_cred);
+
+- if (! (conn_ssl = SSL_new(conn_ssl_ctx)) )
+- csync_fatal("Creating a new SSL handle failed.\n");
+-
+- gnutls_certificate_server_set_request(conn_ssl->gnutls_state, GNUTLS_CERT_REQUIRE);
++ if(gnutls_certificate_set_x509_trust_file(conn_x509_cred, ssl_certfile, GNUTLS_X509_FMT_PEM) < 1) {
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++
++ csync_fatal(
++ "SSL: failed to use certificate file %s as CA.\n",
++ ssl_certfile
++ );
++ }
++ } else
++ gnutls_certificate_free_ca_names(conn_x509_cred);
+
+- SSL_set_rfd(conn_ssl, conn_fd_in);
+- SSL_set_wfd(conn_ssl, conn_fd_out);
++ gnutls_init(&conn_tls_session, (server_role ? GNUTLS_SERVER : GNUTLS_CLIENT));
++ gnutls_priority_set_direct(conn_tls_session, "PERFORMANCE", NULL);
++ gnutls_credentials_set(conn_tls_session, GNUTLS_CRD_CERTIFICATE, conn_x509_cred);
++
++ if(server_role) {
++ gnutls_certificate_send_x509_rdn_sequence(conn_tls_session, 0);
++ gnutls_certificate_server_set_request(conn_tls_session, GNUTLS_CERT_REQUIRE);
++ }
+
+- if ( (server_role ? SSL_accept : SSL_connect)(conn_ssl) < 1 )
+- csync_fatal("Establishing SSL connection failed.\n");
++ gnutls_transport_set_ptr2(
++ conn_tls_session,
++ (gnutls_transport_ptr_t)conn_fd_in,
++ (gnutls_transport_ptr_t)conn_fd_out
++ );
++
++ err = gnutls_handshake(conn_tls_session);
++ switch(err) {
++ case GNUTLS_E_SUCCESS:
++ break;
++
++ case GNUTLS_E_WARNING_ALERT_RECEIVED:
++ alrt = gnutls_alert_get(conn_tls_session);
++ fprintf(
++ csync_debug_out,
++ "SSL: warning alert received from peer: %d (%s).\n",
++ alrt, gnutls_alert_get_name(alrt)
++ );
++ break;
++
++ case GNUTLS_E_FATAL_ALERT_RECEIVED:
++ alrt = gnutls_alert_get(conn_tls_session);
++ fprintf(
++ csync_debug_out,
++ "SSL: fatal alert received from peer: %d (%s).\n",
++ alrt, gnutls_alert_get_name(alrt)
++ );
++
++ default:
++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
++ gnutls_deinit(conn_tls_session);
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++
++ csync_fatal(
++ "SSL: handshake failed: %s (%s)\n",
++ gnutls_strerror(err),
++ gnutls_strerror_name(err)
++ );
++ }
+
+ csync_conn_usessl = 1;
+
+@@ -155,15 +217,15 @@
+
+ int conn_check_peer_cert(const char *peername, int callfatal)
+ {
+- const X509 *peercert;
++ const gnutls_datum_t *peercerts;
++ unsigned npeercerts;
+ int i, cert_is_ok = -1;
+
+ if (!csync_conn_usessl)
+ return 1;
+
+- peercert = SSL_get_peer_certificate(conn_ssl);
+-
+- if (!peercert || peercert->size <= 0) {
++ peercerts = gnutls_certificate_get_peers(conn_tls_session, &npeercerts);
++ if(peercerts == NULL || npeercerts == 0) {
+ if (callfatal)
+ csync_fatal("Peer did not provide an SSL X509 cetrificate.\n");
+ csync_debug(1, "Peer did not provide an SSL X509 cetrificate.\n");
+@@ -171,11 +233,11 @@
+ }
+
+ {
+- char certdata[peercert->size*2 + 1];
++ char certdata[2*peercerts[0].size + 1];
+
+- for (i=0; i<peercert->size; i++)
+- sprintf(certdata+i*2, "%02X", peercert->data[i]);
+- certdata[peercert->size*2] = 0;
++ for (i=0; i<peercerts[0].size; i++)
++ sprintf(&certdata[2*i], "%02X", peercerts[0].data[i]);
++ certdata[2*i] = 0;
+
+ SQL_BEGIN("Checking peer x509 certificate.",
+ "SELECT certdata FROM x509_cert WHERE peername = '%s'",
+@@ -222,7 +284,12 @@
+ if ( !conn_clisok ) return -1;
+
+ #ifdef HAVE_LIBGNUTLS_OPENSSL
+- if ( csync_conn_usessl ) SSL_free(conn_ssl);
++ if ( csync_conn_usessl ) {
++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
++ gnutls_deinit(conn_tls_session);
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++ }
+ #endif
+
+ if ( conn_fd_in != conn_fd_out) close(conn_fd_in);
+@@ -239,7 +306,7 @@
+ {
+ #ifdef HAVE_LIBGNUTLS_OPENSSL
+ if (csync_conn_usessl)
+- return SSL_read(conn_ssl, buf, count);
++ return gnutls_record_recv(conn_tls_session, buf, count);
+ else
+ #endif
+ return read(conn_fd_in, buf, count);
+@@ -251,7 +318,7 @@
+
+ #ifdef HAVE_LIBGNUTLS_OPENSSL
+ if (csync_conn_usessl)
+- return SSL_write(conn_ssl, buf, count);
++ return gnutls_record_send(conn_tls_session, buf, count);
+ else
+ #endif
+ {
+--- configure.ac
++++ configure.ac
+@@ -17,11 +17,10 @@
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ # Process this file with autoconf to produce a configure script.
+-AC_INIT(csync2, 1.34, clifford@clifford.at)
++AC_INIT([csync2], [1.34], clifford@clifford.at)
+ AM_INIT_AUTOMAKE
+
+ AC_CONFIG_SRCDIR(csync2.c)
+-AM_CONFIG_HEADER(config.h)
+
+ # Use /etc and /var instead of $prefix/...
+ test "$localstatedir" = '${prefix}/var' && localstatedir=/var
+@@ -32,6 +31,7 @@
+ AC_PROG_INSTALL
+ AC_PROG_YACC
+ AM_PROG_LEX
++PKG_PROG_PKG_CONFIG
+
+ # Check for librsync.
+ AC_ARG_WITH([librsync-source],
+@@ -58,19 +58,10 @@
+
+ if test "$enable_gnutls" != no
+ then
+-
+- # Check for gnuTLS.
+- AM_PATH_LIBGNUTLS(1.0.0, , [ AC_MSG_ERROR([[gnutls not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]]) ])
+-
+- # This is a bloody hack for fedora core
+- CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
+- LIBS="$LIBS $LIBGNUTLS_LIBS -ltasn1"
+-
+- # Check gnuTLS SSL compatibility lib.
+- AC_CHECK_LIB([gnutls-openssl], [SSL_new], , [AC_MSG_ERROR([[gnutls-openssl not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]])])
+-
++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls] , [AC_DEFINE(HAVE_LIBGNUTLS_OPENSSL, 1, [Define to 1 if GnuTLS is available])])
+ fi
+
++AM_CONFIG_HEADER([config.h])
+ AC_CONFIG_FILES([Makefile])
+ AC_OUTPUT
+
+--- Makefile.am
++++ Makefile.am
+@@ -24,6 +24,8 @@
+ csync2_SOURCES = action.c cfgfile_parser.y cfgfile_scanner.l check.c \
+ checktxt.c csync2.c daemon.c db.c error.c getrealfn.c \
+ groups.c rsync.c update.c urlencode.c conn.c prefixsubst.c
++csync2_LDADD = @LIBGNUTLS_LIBS@
++csync2_CFLAGS = @LIBGNUTLS_CFLAGS@
+
+ AM_YFLAGS = -d
+ BUILT_SOURCES = cfgfile_parser.h