[Fedora-directory-commits] setuputil/installer/unix Makefile, 1.2, 1.3
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/setuputil/installer/unix
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30205/installer/unix
Modified Files:
Makefile
Log Message:
[175900] Setup Util build (RPM); Comment#12
Preparation for the RPM build.
Since rpm/pkg build needs to use shared version of LDAP C SDK libraries, NSPR
and NSS libraries need to be dynamically linked to setup and uninstall.
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/setuputil/installer/unix/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Makefile 28 Jan 2006 02:33:20 -0000 1.2
+++ Makefile 21 Jun 2006 18:44:27 -0000 1.3
@@ -156,13 +156,15 @@
@echo
$(CXX) $(NONSHARED) $(MODULE_CFLAGS) \
-o $(BINDEST)/setup \
- $(INSTOBJS) $(OBJS) $(LIBINSTALL) $(EXTRA_LIBS) $(CURSES) $(LDAPLINK)
+ $(INSTOBJS) $(OBJS) $(LIBINSTALL) $(EXTRA_LIBS) $(CURSES) \
+ $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK)
$(BINDEST)/uninstall: $(OBJS) $(UNINSTOBJS) $(LIBINSTALL)
@echo
$(CXX) $(NONSHARED) $(MODULE_CFLAGS) \
-o $(BINDEST)/uninstall \
- $(UNINSTOBJS) $(OBJS) $(LIBINSTALL) $(LDAPLINK) $(EXTRA_LIBS) $(CURSES)
+ $(UNINSTOBJS) $(OBJS) $(LIBINSTALL) $(LDAPLINK) $(EXTRA_LIBS) \
+ $(CURSES) $(SECURITYLINK) $(NSPRLINK)
#$(BINDEST)/download.bin: $(OBJS) $(DNLDOBJS) $(LIBINSTALL) $(LIBNET)
# @echo
17 years, 3 months
[Fedora-directory-commits] setuputil components.mk,1.3,1.4
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/setuputil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30205
Modified Files:
components.mk
Log Message:
[175900] Setup Util build (RPM); Comment#12
Preparation for the RPM build.
Since rpm/pkg build needs to use shared version of LDAP C SDK libraries, NSPR
and NSS libraries need to be dynamically linked to setup and uninstall.
Index: components.mk
===================================================================
RCS file: /cvs/dirsec/setuputil/components.mk,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- components.mk 19 Jun 2006 16:53:13 -0000 1.3
+++ components.mk 21 Jun 2006 18:44:26 -0000 1.4
@@ -59,12 +59,23 @@
endif
endif
NSPR_LIBNAMES += nspr4
-ifdef NSPR_SOURCE_ROOT
- NSPR_LIBPATH = $(NSPR_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib
+ifdef NSPR_INCLUDE_DIR
+ NSPR_INCDIR = $(NSPR_INCLUDE_DIR)
+else
+ ifdef NSPR_SOURCE_ROOT
NSPR_INCDIR = $(NSPR_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/include
+ else
+ NSPR_INCDIR = $(NSPR_BUILD_DIR)/include
+ endif
+endif
+ifdef NSPR_LIB_DIR
+ NSPR_LIBPATH = $(NSPR_LIB_DIR)
else
+ ifdef NSPR_SOURCE_ROOT
+ NSPR_LIBPATH = $(NSPR_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib
+ else
NSPR_LIBPATH = $(NSPR_BUILD_DIR)/lib
- NSPR_INCDIR = $(NSPR_BUILD_DIR)/include
+ endif
endif
NSPR_INCLUDE = -I$(NSPR_INCDIR)
NSPR_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(NSPR_LIBPATH)/lib,$(NSPR_LIBNAMES)))
@@ -88,7 +99,11 @@
NSPR_SOLIBS = $(addsuffix .$(DLL_SUFFIX), $(addprefix $(LIB_PREFIX), $(NSPR_LIBNAMES)))
NSPROBJNAME = $(addsuffix .a, $(addprefix $(LIB_PREFIX), $(NSPR_LIBNAMES))
LIBNSPR = $(addprefix $(NSPR_LIBPATH)/, $(NSPR_SOLIBS))
- NSPRLINK = -L$(NSPR_LIBPATH) $(addprefix -l, $(NSPR_LIBNAMES))
+ ifdef NSPR_LIB_DIR # we are using the system NSPR (shared lib)
+ NSPRLINK = -L$(NSPR_LIBPATH) $(addprefix -l, $(NSPR_LIBNAMES))
+ else
+ NSPRLINK =
+ endif
endif
### DBM #############################
@@ -117,18 +132,27 @@
### DBM END #############################
### SECURITY #############################
-ifdef SECURITY_SOURCE_ROOT
- SECURITY_LIBPATH = $(SECURITY_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib
- SECURITY_BINPATH = $(SECURITY_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/bin
+ifdef NSS_INCLUDE_DIR
+ SECURITY_INCDIR = $(NSS_INCLUDE_DIR)
+else
+ ifdef SECURITY_SOURCE_ROOT
SECURITY_INCDIR = $(SECURITY_SOURCE_ROOT)/dist/public/nss
+ else
+ SECURITY_INCDIR = $(SECURITY_BUILD_DIR)/include
+ endif
+endif
+
+ifdef NSS_LIB_DIR
+ SECURITY_LIBPATH = $(NSS_LIB_DIR)
else
+ ifdef SECURITY_SOURCE_ROOT
+ SECURITY_LIBPATH = $(SECURITY_SOURCE_ROOT)/dist/$(MOZ_OBJDIR_NAME)/lib
+ else
SECURITY_LIBPATH = $(SECURITY_BUILD_DIR)/lib
- SECURITY_BINPATH = $(SECURITY_BUILD_DIR)/bin
- SECURITY_INCDIR = $(SECURITY_BUILD_DIR)/include
+ endif
endif
SECURITY_INCLUDE = -I$(SECURITY_INCDIR)
# add crlutil and ocspclnt when we support CRL and OCSP cert checking in DS
-SECURITY_BINNAMES = certutil derdump pp pk12util ssltap modutil shlibsign
SECURITY_LIBNAMES = ssl3 nss3 softokn3
# these libs have a corresponding .chk file
SECURITY_NEED_CHK = softokn3
@@ -149,9 +173,6 @@
endif
endif # USE_64
-SECURITY_TOOLS = $(addsuffix $(EXE_SUFFIX),$(SECURITY_BINNAMES))
-SECURITY_TOOLS_FULLPATH = $(addprefix $(SECURITY_BINPATH)/, $(SECURITY_TOOLS))
-
SECURITY_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_LIBNAMES.pkg)))
SECURITY_LIBS_TO_PKG += $(addsuffix .chk,$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_NEED_CHK)))
LIBS_TO_PKG += $(SECURITY_LIBS_TO_PKG)
@@ -170,15 +191,16 @@
else
SECURITYOBJNAME = $(addsuffix .$(DLL_SUFFIX), $(addprefix $(LIB_PREFIX), $(SECURITY_LIBNAMES)))
LIBSECURITY = $(addprefix $(SECURITY_LIBPATH)/, $(SECURITYOBJNAME))
- SECURITYLINK = -L$(SECURITY_LIBPATH) $(addprefix -l, $(SECURITY_LIBNAMES))
+ ifdef NSPR_LIB_DIR # we are using the system NSPR (shared lib)
+ SECURITYLINK = -L$(SECURITY_LIBPATH) $(addprefix -l, $(SECURITY_LIBNAMES))
+ else
+ SECURITYLINK =
+ endif
endif
# we need to package the root cert file in the alias directory
PACKAGE_SRC_DEST += $(SECURITY_LIBPATH)/$(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) alias
-# need to package the sec tools in shared/bin
-BINS_TO_PKG_SHARED += $(SECURITY_TOOLS_FULLPATH)
-
### SECURITY END #############################
### SVRCORE #############################
17 years, 3 months
[Fedora-directory-commits] dsbuild/meta/ds Makefile,1.5,1.6
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/meta/ds
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20699/meta/ds
Modified Files:
Makefile
Log Message:
added admservconsole
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/meta/ds/Makefile,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Makefile 24 Feb 2006 17:37:59 -0000 1.5
+++ Makefile 21 Jun 2006 15:18:34 -0000 1.6
@@ -15,7 +15,7 @@
LIBDEPS = ds/mozilla ds/icu ds/adminutil ds/setuputil ds/mod_nss ds/mod_admserv ds/mod_restartd
ifndef NOJAVA
-LIBDEPS += ds/console
+LIBDEPS += ds/console ds/admservconsole
endif
LIBDEPS += ds/onlinehelp ds/adminserver
17 years, 3 months
[Fedora-directory-commits] dsbuild/ds/admservconsole Makefile, NONE, 1.1 checksums, NONE, 1.1
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/admservconsole
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20699/ds/admservconsole
Added Files:
Makefile checksums
Log Message:
added admservconsole
--- NEW FILE Makefile ---
include ../../objdirname.mk
GARNAME = fedora-admservconsole
GARVERSION = 1.1
CATEGORIES = ds
PATCHFILES =
ifdef USE_CVS
CVSMODULES=admservconsole
else
DISTFILES = $(GARNAME)-$(GARVERSION).tar.gz
endif
LIBDEPS =
DESCRIPTION = admservconsole
#CONFIGURE_SCRIPTS = $(WORKSRC)/configure
BUILD_SCRIPTS = custom
#INSTALL_SCRIPTS = $(WORKSRC)/Makefile
INSTALL_SCRIPTS = custom
IMPORTS=-Dconsole.location=$(ABS_GARDIR)/$(CATEGORIES)/console/work/built/release/package
ifdef USE_CVS
post-extract: extract-cvs
endif
configure-custom:
$(MAKECOOKIE)
build-custom:
cd $(WORKSRC) && ant $(IMPORTS)
$(MAKECOOKIE)
install-custom:
$(MAKECOOKIE)
include ../../gar.conf.mk
include ../category.mk
--- NEW FILE checksums ---
7ac4d67dc915a533aed476395cc086bd download/fedora-admservconsole-1.1.tar.gz
17 years, 3 months
[Fedora-directory-commits] dsbuild/ds/adminserver Makefile,1.4,1.5
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/dsbuild/ds/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20699/ds/adminserver
Modified Files:
Makefile
Log Message:
added admservconsole
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/dsbuild/ds/adminserver/Makefile,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Makefile 8 Apr 2006 19:26:50 -0000 1.4
+++ Makefile 21 Jun 2006 15:18:33 -0000 1.5
@@ -32,7 +32,8 @@
MOD_NSS_BINPATH=$(ABS_GARDIR)/$(CATEGORIES)/mod_nss/work/mod_nss-1.0.2
ifndef NOJAVA
-BUILD_ARGS += CONSOLE_SOURCE_DIR=$(ABS_GARDIR)/$(CATEGORIES)/console/work
+BUILD_ARGS += CONSOLE_SOURCE_DIR=$(ABS_GARDIR)/$(CATEGORIES)/console/work \
+ ADMSERVCONSOLE_SOURCE_DIR=$(ABS_GARDIR)/$(CATEGORIES)/admservconsole/work
endif # NOJAVA
ifneq ($(DEBUG), full)
17 years, 3 months
[Fedora-directory-commits] mod_nss TODO,1.2,1.3
by Doctor Conrad
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17830
Modified Files:
TODO
Log Message:
mod_proxy support has been around for a while.
We want SNI support as soon as NSS allows it.
Index: TODO
===================================================================
RCS file: /cvs/dirsec/mod_nss/TODO,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TODO 31 May 2005 14:32:42 -0000 1.2
+++ TODO 21 Jun 2006 14:42:06 -0000 1.3
@@ -1,3 +1,5 @@
-- Support for mod_proxy
- Offer to automatically generate a self-signed cert using gencert during
install?
+- Should gencert create a database with an empty password or continue
+ to create a protected on?
+- Once NSS fully supports the SNI TLS extension, add that.
17 years, 3 months
[Fedora-directory-commits] mod_nss nss_engine_init.c,1.19,1.20
by Doctor Conrad
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17633
Modified Files:
nss_engine_init.c
Log Message:
196070
Fix some warnings related to not checking the return value of
getcwd and chdir.
Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- nss_engine_init.c 20 Jun 2006 20:25:20 -0000 1.19
+++ nss_engine_init.c 21 Jun 2006 14:25:51 -0000 1.20
@@ -208,11 +208,23 @@
/* We need to be in the same directory as libnssckbi.so to load the
* root certificates properly.
*/
- getcwd(cwd, PATH_MAX);
- chdir(mc->pCertificateDatabase);
+ if (getcwd(cwd, PATH_MAX) == NULL) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Unable to determine current working directory");
+ nss_die();
+ }
+ if (chdir(mc->pCertificateDatabase) != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Unable to change directory to %s", mc->pCertificateDatabase);
+ nss_die();
+ }
/* Initialize NSS and open the certificate database read-only. */
rv = NSS_Initialize(mc->pCertificateDatabase, mc->pDBPrefix, mc->pDBPrefix, "secmod.db", NSS_INIT_READONLY);
- chdir(cwd);
+ if (chdir(cwd) != 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Unable to change directory to %s", cwd);
+ nss_die();
+ }
/* Assuming everything is ok so far, check the cert database password(s). */
if (sslenabled && (rv != SECSuccess)) {
17 years, 3 months
[Fedora-directory-commits] mod_nss gencert.in,1.2,1.3
by Doctor Conrad
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10587
Modified Files:
gencert.in
Log Message:
Remove some invalid comments
No need to set LD_LIBRARY_PATH
Fix location of certutil
Index: gencert.in
===================================================================
RCS file: /cvs/dirsec/mod_nss/gencert.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- gencert.in 20 Jun 2006 20:42:21 -0000 1.2
+++ gencert.in 20 Jun 2006 20:48:02 -0000 1.3
@@ -19,13 +19,8 @@
#
# gencert - generate new CA, server and user certificates for NSS testing.
#
-# Note that this script requires the Korn shell.
-NSSDIR=@nss_dir@
-NSPRDIR=@nspr_dir@
-
-export LD_LIBRARY_PATH=$NSPRDIR/lib:$NSSDIR/lib
-CERTUTIL=$NSSDIR/bin/certutil
+CERTUTIL=/usr/bin/certutil
# Note: In order for the client tests that ship with this module to work
# properly with this test certificate you need to ensure that the domain of
@@ -64,7 +59,7 @@
SERVER_CERTDN="CN=${FQDN}, O=example.com, C=US"
ALPHA_CERTDN="E=alpha@${FQDN}, CN=Frank Alpha, UID=alpha, OU=People, O=example.com, C=US"
-# size of the keys - this needs to be 512 for export servers
+# size of the keys
KEYSIZE=1024
# validity of the certs in months
17 years, 3 months
[Fedora-directory-commits] mod_nss gencert.in,1.1,1.2
by Doctor Conrad
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10532
Modified Files:
gencert.in
Log Message:
Drop dependency on ksh and use bash instead.
Improve hostname detection on Solaris by using the script
/usr/lib/mail/sh/check-hostname if it exists.
Index: gencert.in
===================================================================
RCS file: /cvs/dirsec/mod_nss/gencert.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- gencert.in 25 May 2005 21:01:13 -0000 1.1
+++ gencert.in 20 Jun 2006 20:42:21 -0000 1.2
@@ -1,4 +1,4 @@
-#!/bin/ksh
+#!/bin/bash
# Copyright 2001-2004 The Apache Software Foundation
#
@@ -35,6 +35,14 @@
getFQDN() {
max=0
maxhost=
+ OS=`uname -s`
+ if [ $OS == "SunOS" ]; then
+ if [ -x /usr/lib/mail/sh/check-hostname ]; then
+ maxhost=`/usr/lib/mail/sh/check-hostname | awk 'BEGIN { FS=" " } { if ($3 == "OK:") { print $7 } }'`
+ fi
+ echo $maxhost
+ return
+ fi
defhost=`hostname`
hosthost=`host $defhost | grep -v "not found" | awk '{print $1}'`
for host in $defhost $hosthost `hostname -f` `hostname -a` ; do
@@ -97,7 +105,7 @@
# 5 9 n -> Cert signing key
# y 10 y -> basic constraints: CA cert
# 5 6 7 9 n -> SSL, S/MIME, Object signing CA
-echo "5\n9\nn\ny\n10\ny\n5\n6\n7\n9\nn\n" | \
+echo -e "5\n9\nn\ny\n10\ny\n5\n6\n7\n9\nn\n" | \
$CERTUTIL -S -d $DEST -n cacert \
-s "$CA_CERTDN" \
-x \
@@ -119,7 +127,7 @@
let CERTSERIAL=CERTSERIAL+1
# 0 2 9 n -> Key usage: Key Encipherment, Digital Signature
# 0 9 n -> SSL Client
-echo "0\n2\n9\nn\n0\n9\nn\n" | \
+echo -e "0\n2\n9\nn\n0\n9\nn\n" | \
$CERTUTIL -S -d $DEST -n alpha \
-s "$ALPHA_CERTDN" \
-c cacert \
@@ -149,7 +157,7 @@
echo "Generating server certificate"
echo "#####################################################################"
let CERTSERIAL=CERTSERIAL+1
-echo "2\n9\nn\n1\n9\nn\n" | \
+echo -e "2\n9\nn\n1\n9\nn\n" | \
$CERTUTIL -C -d $DEST \
-c cacert \
-i $DEST/tmpcertreq \
17 years, 3 months