[csync2] Get csync2 building on f16+
Angus Salkeld
asalkeld at fedoraproject.org
Wed Sep 21 01:18:48 UTC 2011
commit 1d5063c8905606c8d7bf0b9a688f864e16ef1c75
Author: Angus Salkeld <asalkeld at redhat.com>
Date: Fri Sep 16 14:24:22 2011 +1000
Get csync2 building on f16+
(with no gnutils-openssl wrapper lib)
Signed-off-by: Angus Salkeld <asalkeld at redhat.com>
0001-Fix-gnutls-configure.ac-section.patch | 38 ++
0001-don-t-hardcode-autofoo-version.patch | 28 ++
0001-use-native-gnutls-drop-openssl-wrappers.patch | 379 ++++++++++++++++++++
csync2.spec | 14 +-
4 files changed, 456 insertions(+), 3 deletions(-)
---
diff --git a/0001-Fix-gnutls-configure.ac-section.patch b/0001-Fix-gnutls-configure.ac-section.patch
new file mode 100644
index 0000000..c043c67
--- /dev/null
+++ b/0001-Fix-gnutls-configure.ac-section.patch
@@ -0,0 +1,38 @@
+From 2aab308d94b6416d8ba5bc18c095f4a38a3a43c8 Mon Sep 17 00:00:00 2001
+From: Angus Salkeld <asalkeld at redhat.com>
+Date: Fri, 16 Sep 2011 14:17:16 +1000
+Subject: [PATCH] Fix gnutls configure.ac section
+
+Signed-off-by: Angus Salkeld <asalkeld at redhat.com>
+---
+ configure.ac | 12 +++++++++---
+ 1 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 92b38c7..4d86e6f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -58,11 +58,17 @@ AC_ARG_ENABLE([gnutls],
+ if test "$enable_gnutls" != no
+ then
+ # Check for gnuTLS.
+- AM_PATH_LIBGNUTLS(1.0.0, , [ AC_MSG_ERROR([[gnutls not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]]) ])
++ ##AM_PATH_LIBGNUTLS(1.0.0, , [ AC_MSG_ERROR([[gnutls not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]]) ])
++ PKG_PROG_PKG_CONFIG
++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 1.0.0], [
++ AC_DEFINE([USE_GNUTLS], 1, [Define to 1 when using GNU TLS library])
++ gnutls_version_code=`$PKG_CONFIG --modversion gnutls | $AWK -F. '{ printf "0x%02X%02X%02X\n",$1,$2,$3 }'`
++ AC_DEFINE_UNQUOTED([LFTP_LIBGNUTLS_VERSION_CODE], $gnutls_version_code, [Define to libgnutls version, e.g. 0x010203 for 1.2.3])
++ ])
+
+ ## This is a bloody hack for fedora core
+- CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
+- LIBS="$LIBS $LIBGNUTLS_LIBS -ltasn1"
++ #CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
++ #LIBS="$LIBS $LIBGNUTLS_LIBS -ltasn1"
+ fi
+ AM_CONDITIONAL([HAVE_LIBGNUTLS], [test "$enable_gnutls" != no ])
+
+--
+1.7.6
+
diff --git a/0001-don-t-hardcode-autofoo-version.patch b/0001-don-t-hardcode-autofoo-version.patch
new file mode 100644
index 0000000..091a44f
--- /dev/null
+++ b/0001-don-t-hardcode-autofoo-version.patch
@@ -0,0 +1,28 @@
+From 4d42070172000a7c97b7bb31906b425c709318b3 Mon Sep 17 00:00:00 2001
+From: Lars Ellenberg <lars at linbit.com>
+Date: Mon, 26 Jul 2010 13:44:08 +0000
+Subject: [PATCH] don't hardcode autofoo version
+
+---
+ autogen.sh | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/autogen.sh b/autogen.sh
+index df9e797..cafdb21 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -18,9 +18,9 @@
+ # along with this program; if not, write to the Free Software
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+-aclocal-1.7
++aclocal
+ autoheader
+-automake-1.7 --add-missing --copy
++automake --add-missing --copy
+ autoconf
+
+ if [ "$1" = clean ]; then
+--
+1.7.6
+
diff --git a/0001-use-native-gnutls-drop-openssl-wrappers.patch b/0001-use-native-gnutls-drop-openssl-wrappers.patch
new file mode 100644
index 0000000..27f27ae
--- /dev/null
+++ b/0001-use-native-gnutls-drop-openssl-wrappers.patch
@@ -0,0 +1,379 @@
+From 06080de2f6ca3930eb5a9b11a7fbf3b5df8e6bcb Mon Sep 17 00:00:00 2001
+From: Lars Ellenberg <lars at linbit.com>
+Date: Tue, 27 Jul 2010 14:01:23 +0000
+Subject: [PATCH] use native gnutls, drop openssl wrappers
+
+see also e.g. http://bugs.gentoo.org/show_bug.cgi?id=274213
+---
+ configure.ac | 12 +---
+ conn.c | 157 ++++++++++++++++++++++++++++++++++++++++----------------
+ csync2.c | 2 +-
+ csync2.h | 2 +-
+ csync2.spec | 2 +-
+ daemon.c | 2 +-
+ debian/control | 2 +-
+ update.c | 2 +-
+ 8 files changed, 121 insertions(+), 60 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 6ec6136..92b38c7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -52,25 +52,19 @@ AC_ARG_WITH([libsqlite-source],
+ AM_CONDITIONAL([PRIVATE_LIBSQLITE], [test -n "$libsqlite_source_file"])
+
+ AC_ARG_ENABLE([gnutls],
+- [AC_HELP_STRING([--disable-gnutls],
+- [enable/disable GNU TLS support (default is enabled)])],
++ [AS_HELP_STRING([--disable-gnutls],[enable/disable GNU TLS support (default is enabled)])],
+ [], [ enable_gnutls=yes ])
+
+ if test "$enable_gnutls" != no
+ then
+-
+ # Check for gnuTLS.
+ AM_PATH_LIBGNUTLS(1.0.0, , [ AC_MSG_ERROR([[gnutls not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]]) ])
+
+- # This is a bloody hack for fedora core
++ ## This is a bloody hack for fedora core
+ CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
+ LIBS="$LIBS $LIBGNUTLS_LIBS -ltasn1"
+-
+- # Check gnuTLS SSL compatibility lib.
+- AC_CHECK_LIB([gnutls-openssl], [SSL_new], , [AC_MSG_ERROR([[gnutls-openssl not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]])])
+-
+ fi
++AM_CONDITIONAL([HAVE_LIBGNUTLS], [test "$enable_gnutls" != no ])
+
+ AC_CONFIG_FILES([Makefile])
+ AC_OUTPUT
+-
+diff --git a/conn.c b/conn.c
+index 6f8dfdc..90bd36d 100644
+--- a/conn.c
++++ b/conn.c
+@@ -30,21 +30,20 @@
+ #include <netdb.h>
+ #include <errno.h>
+
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ # include <gnutls/gnutls.h>
+-# include <gnutls/openssl.h>
++# include <gnutls/x509.h>
+ #endif
+
+ int conn_fd_in = -1;
+ int conn_fd_out = -1;
+ int conn_clisok = 0;
+
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ int csync_conn_usessl = 0;
+
+-SSL_METHOD *conn_ssl_meth;
+-SSL_CTX *conn_ssl_ctx;
+-SSL *conn_ssl;
++static gnutls_session_t conn_tls_session;
++static gnutls_certificate_credentials_t conn_x509_cred;
+ #endif
+
+ int conn_open(const char *peername)
+@@ -83,7 +82,7 @@ int conn_open(const char *peername)
+
+ conn_fd_out = conn_fd_in;
+ conn_clisok = 1;
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ csync_conn_usessl = 0;
+ #endif
+
+@@ -97,7 +96,7 @@ int conn_set(int infd, int outfd)
+ conn_fd_in = infd;
+ conn_fd_out = outfd;
+ conn_clisok = 1;
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ csync_conn_usessl = 0;
+ #endif
+
+@@ -110,43 +109,106 @@ int conn_set(int infd, int outfd)
+ }
+
+
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+
+-char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem";
+-char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem";
++static void ssl_log(int level, const char* msg)
++{ csync_debug(level, "%s", msg); }
++
++static const char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem";
++static const char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem";
+
+ int conn_activate_ssl(int server_role)
+ {
+- static int sslinit = 0;
++ gnutls_alert_description_t alrt;
++ int err;
+
+ if (csync_conn_usessl)
+ return 0;
+
+- if (!sslinit) {
+- SSL_load_error_strings();
+- SSL_library_init();
+- sslinit=1;
+- }
++ gnutls_global_init();
++ gnutls_global_set_log_function(ssl_log);
++ gnutls_global_set_log_level(10);
++
++ gnutls_certificate_allocate_credentials(&conn_x509_cred);
+
+- conn_ssl_meth = (server_role ? SSLv23_server_method : SSLv23_client_method)();
+- conn_ssl_ctx = SSL_CTX_new(conn_ssl_meth);
++ err = gnutls_certificate_set_x509_key_file(conn_x509_cred, ssl_certfile, ssl_keyfile, GNUTLS_X509_FMT_PEM);
++ if(err != GNUTLS_E_SUCCESS) {
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++
++ csync_fatal(
++ "SSL: failed to use key file %s and/or certificate file %s: %s (%s)\n",
++ ssl_keyfile,
++ ssl_certfile,
++ gnutls_strerror(err),
++ gnutls_strerror_name(err)
++ );
++ }
+
+- if (SSL_CTX_use_PrivateKey_file(conn_ssl_ctx, ssl_keyfile, SSL_FILETYPE_PEM) <= 0)
+- csync_fatal("SSL: failed to use key file %s.\n", ssl_keyfile);
++ if(server_role) {
++ gnutls_certificate_free_cas(conn_x509_cred);
+
+- if (SSL_CTX_use_certificate_file(conn_ssl_ctx, ssl_certfile, SSL_FILETYPE_PEM) <= 0)
+- csync_fatal("SSL: failed to use certificate file %s.\n", ssl_certfile);
++ if(gnutls_certificate_set_x509_trust_file(conn_x509_cred, ssl_certfile, GNUTLS_X509_FMT_PEM) < 1) {
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
+
+- if (! (conn_ssl = SSL_new(conn_ssl_ctx)) )
+- csync_fatal("Creating a new SSL handle failed.\n");
++ csync_fatal(
++ "SSL: failed to use certificate file %s as CA.\n",
++ ssl_certfile
++ );
++ }
++ } else
++ gnutls_certificate_free_ca_names(conn_x509_cred);
+
+- gnutls_certificate_server_set_request(conn_ssl->gnutls_state, GNUTLS_CERT_REQUIRE);
++ gnutls_init(&conn_tls_session, (server_role ? GNUTLS_SERVER : GNUTLS_CLIENT));
++ gnutls_priority_set_direct(conn_tls_session, "PERFORMANCE", NULL);
++ gnutls_credentials_set(conn_tls_session, GNUTLS_CRD_CERTIFICATE, conn_x509_cred);
+
+- SSL_set_rfd(conn_ssl, conn_fd_in);
+- SSL_set_wfd(conn_ssl, conn_fd_out);
++ if(server_role) {
++ gnutls_certificate_send_x509_rdn_sequence(conn_tls_session, 0);
++ gnutls_certificate_server_set_request(conn_tls_session, GNUTLS_CERT_REQUIRE);
++ }
+
+- if ( (server_role ? SSL_accept : SSL_connect)(conn_ssl) < 1 )
+- csync_fatal("Establishing SSL connection failed.\n");
++ gnutls_transport_set_ptr2(
++ conn_tls_session,
++ (gnutls_transport_ptr_t)conn_fd_in,
++ (gnutls_transport_ptr_t)conn_fd_out
++ );
++
++ err = gnutls_handshake(conn_tls_session);
++ switch(err) {
++ case GNUTLS_E_SUCCESS:
++ break;
++
++ case GNUTLS_E_WARNING_ALERT_RECEIVED:
++ alrt = gnutls_alert_get(conn_tls_session);
++ fprintf(
++ csync_debug_out,
++ "SSL: warning alert received from peer: %d (%s).\n",
++ alrt, gnutls_alert_get_name(alrt)
++ );
++ break;
++
++ case GNUTLS_E_FATAL_ALERT_RECEIVED:
++ alrt = gnutls_alert_get(conn_tls_session);
++ fprintf(
++ csync_debug_out,
++ "SSL: fatal alert received from peer: %d (%s).\n",
++ alrt, gnutls_alert_get_name(alrt)
++ );
++
++ default:
++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
++ gnutls_deinit(conn_tls_session);
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++
++ csync_fatal(
++ "SSL: handshake failed: %s (%s)\n",
++ gnutls_strerror(err),
++ gnutls_strerror_name(err)
++ );
++ }
+
+ csync_conn_usessl = 1;
+
+@@ -155,15 +217,15 @@ int conn_activate_ssl(int server_role)
+
+ int conn_check_peer_cert(const char *peername, int callfatal)
+ {
+- const X509 *peercert;
++ const gnutls_datum_t *peercerts;
++ unsigned npeercerts;
+ int i, cert_is_ok = -1;
+
+ if (!csync_conn_usessl)
+ return 1;
+
+- peercert = SSL_get_peer_certificate(conn_ssl);
+-
+- if (!peercert || peercert->size <= 0) {
++ peercerts = gnutls_certificate_get_peers(conn_tls_session, &npeercerts);
++ if(peercerts == NULL || npeercerts == 0) {
+ if (callfatal)
+ csync_fatal("Peer did not provide an SSL X509 cetrificate.\n");
+ csync_debug(1, "Peer did not provide an SSL X509 cetrificate.\n");
+@@ -171,11 +233,11 @@ int conn_check_peer_cert(const char *peername, int callfatal)
+ }
+
+ {
+- char certdata[peercert->size*2 + 1];
++ char certdata[2*peercerts[0].size + 1];
+
+- for (i=0; i<peercert->size; i++)
+- sprintf(certdata+i*2, "%02X", peercert->data[i]);
+- certdata[peercert->size*2] = 0;
++ for (i=0; i<peercerts[0].size; i++)
++ sprintf(&certdata[2*i], "%02X", peercerts[0].data[i]);
++ certdata[2*i] = 0;
+
+ SQL_BEGIN("Checking peer x509 certificate.",
+ "SELECT certdata FROM x509_cert WHERE peername = '%s'",
+@@ -215,14 +277,19 @@ int conn_check_peer_cert(const char *peername, int callfatal)
+ return 1;
+ }
+
+-#endif /* HAVE_LIBGNUTLS_OPENSSL */
++#endif /* HAVE_LIBGNUTLS */
+
+ int conn_close()
+ {
+ if ( !conn_clisok ) return -1;
+
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
+- if ( csync_conn_usessl ) SSL_free(conn_ssl);
++#ifdef HAVE_LIBGNUTLS
++ if ( csync_conn_usessl ) {
++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR);
++ gnutls_deinit(conn_tls_session);
++ gnutls_certificate_free_credentials(conn_x509_cred);
++ gnutls_global_deinit();
++ }
+ #endif
+
+ if ( conn_fd_in != conn_fd_out) close(conn_fd_in);
+@@ -237,9 +304,9 @@ int conn_close()
+
+ static inline int READ(void *buf, size_t count)
+ {
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ if (csync_conn_usessl)
+- return SSL_read(conn_ssl, buf, count);
++ return gnutls_record_recv(conn_tls_session, buf, count);
+ else
+ #endif
+ return read(conn_fd_in, buf, count);
+@@ -249,9 +316,9 @@ static inline int WRITE(const void *buf, size_t count)
+ {
+ static int n, total;
+
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ if (csync_conn_usessl)
+- return SSL_write(conn_ssl, buf, count);
++ return gnutls_record_send(conn_tls_session, buf, count);
+ else
+ #endif
+ {
+diff --git a/csync2.c b/csync2.c
+index 88fefa2..1f44311 100644
+--- a/csync2.c
++++ b/csync2.c
+@@ -482,7 +482,7 @@ int main(int argc, char ** argv)
+ para = cmd ? strtok(0, "\t \r\n") : 0;
+
+ if (cmd && !strcasecmp(cmd, "ssl")) {
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ conn_printf("OK (activating_ssl).\n");
+ conn_activate_ssl(1);
+
+diff --git a/csync2.h b/csync2.h
+index 1306023..3dbcbf0 100644
+--- a/csync2.h
++++ b/csync2.h
+@@ -328,7 +328,7 @@ extern int csync_dump_dir_fd;
+
+ extern int csync_compare_mode;
+
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ extern int csync_conn_usessl;
+ #endif
+
+diff --git a/csync2.spec b/csync2.spec
+index 17daad6..405bf50 100644
+--- a/csync2.spec
++++ b/csync2.spec
+@@ -23,7 +23,7 @@
+ # norootforbuild
+ # neededforbuild openssl openssl-devel
+
+-BuildRequires: sqlite-devel sqlite librsync openssl-devel librsync-devel
++BuildRequires: sqlite-devel sqlite librsync gnutls-devel librsync-devel
+
+ Name: csync2
+ License: GPL
+diff --git a/daemon.c b/daemon.c
+index a6357fa..59a8e2c 100644
+--- a/daemon.c
++++ b/daemon.c
+@@ -465,7 +465,7 @@ void csync_daemon_session()
+ cmd_error = "Identification failed!";
+ break;
+ }
+-#ifdef HAVE_LIBGNUTLS_OPENSSL
++#ifdef HAVE_LIBGNUTLS
+ if (!csync_conn_usessl) {
+ struct csync_nossl *t;
+ for (t = csync_nossl; t; t=t->next) {
+diff --git a/update.c b/update.c
+index 7c55113..f26f579 100644
+--- a/update.c
++++ b/update.c
+@@ -70,7 +70,7 @@ int connect_to_host(const char *peername)
+ if ( conn_open(peername) ) return -1;
+
+ if ( use_ssl ) {
+-#if HAVE_LIBGNUTLS_OPENSSL
++#if HAVE_LIBGNUTLS
+ conn_printf("SSL\n");
+ if ( read_conn_status(0, peername) ) {
+ csync_debug(1, "SSL command failed.\n");
+--
+1.7.6
+
diff --git a/csync2.spec b/csync2.spec
index 3957ba2..bea988f 100644
--- a/csync2.spec
+++ b/csync2.spec
@@ -1,7 +1,7 @@
Summary: Cluster synchronization tool
Name: csync2
Version: 1.34
-Release: 3%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: Applications/System
URL: http://oss.linbit.com/csync2/
@@ -10,6 +10,9 @@ Source0: http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz
Source1: csync2-README.quickstart
Patch0: csync2-fix-xinetd.patch
Patch1: csync2-1.34-cfg.patch
+Patch2: 0001-use-native-gnutls-drop-openssl-wrappers.patch
+Patch3: 0001-don-t-hardcode-autofoo-version.patch
+Patch4: 0001-Fix-gnutls-configure.ac-section.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -37,10 +40,14 @@ It is expedient for HA-clusters, HPC-clusters, COWs and server farms.
%setup -q
%patch0 -p1 -b .fix-xinetd
%patch1 -p1 -b .cfg
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
install -p -m 0644 %{SOURCE1} README.quickstart
%build
+./autogen.sh
%configure --sysconfdir=%{_sysconfdir}/csync2
make %{?_smp_mflags}
@@ -105,8 +112,9 @@ fi
%changelog
-* Fri Sep 16 2011 Luis Bazan <lbazan at bakertillypanama.com> - 1.34-6
-- rebuilt
+* Fri Sep 16 2011 Angus Salkeld <asalkeld at redhat.com> - 1.34-6
+- Cherry pick upstream commit that uses native gnutls and drops openssl wrapper
+- Fix the discovery of the gnutils package
* Wed Nov 28 2007 Matthias Saou <http://freshrpms.net/> 1.34-5
- Include cfg patch to include pointers to local doc and better defaults.
More information about the scm-commits
mailing list