simo pushed to gssproxy (f21). "New upstream realease (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Mar 26 14:12:21 UTC 2015
>From f3633351a6c00d8d44445b406bfc24b65173ccc0 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo at redhat.com>
Date: Tue, 24 Mar 2015 14:38:07 -0400
Subject: New upstream realease
Added optional support for running GSS-Proxy as an unprivileged user
Uses new /etc/gss/mech.d configuration directory for gss mechanisms
Kernel related fixes
General bug fixing, many minor errors or incorrect behaviours have been corrected
- drop all patches, they are all included upstream
diff --git a/.gitignore b/.gitignore
index c56af64..cb558af 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@
/gssproxy-0.2.3.tar.gz
/gssproxy-0.3.0.tar.gz
/gssproxy-0.3.1.tar.gz
+/gssproxy-0.4.0.tar.gz
diff --git a/gssproxy-0.3.1-deadlock_fix.patch b/gssproxy-0.3.1-deadlock_fix.patch
deleted file mode 100644
index c6e7661..0000000
--- a/gssproxy-0.3.1-deadlock_fix.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From f39b471f34b381784a1bd1906bf8335ac2c7ef5e Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo at redhat.com>
-Date: Tue, 11 Mar 2014 18:16:32 -0400
-Subject: [PATCH] Properly cleanup mutex on failure.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If the call to create socket fails we leave a dangling lock and the client
-enters into a deadlock on the next call.
-
-Fixes: https://fedorahosted.org/gss-proxy/ticket/121
-
-Signed-off-by: Simo Sorce <simo at redhat.com>
-Reviewed-by: Günther Deschner <gdeschner at redhat.com>
----
- proxy/src/client/gpm_common.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
-index 74296da..4651194 100644
---- a/proxy/src/client/gpm_common.c
-+++ b/proxy/src/client/gpm_common.c
-@@ -153,6 +153,9 @@ static int gpm_grab_sock(struct gpm_ctx *gpmctx)
- ret = gpm_open_socket(gpmctx);
- }
-
-+ if (ret) {
-+ pthread_mutex_unlock(&gpmctx->lock);
-+ }
- return ret;
- }
-
---
-1.8.5.3
-
diff --git a/gssproxy-0.3.1-flags_handling.patch b/gssproxy-0.3.1-flags_handling.patch
deleted file mode 100644
index 5daeedb..0000000
--- a/gssproxy-0.3.1-flags_handling.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 8b147c9196d9068d0fc5e5a8919b84e8cbb97ef4 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo at redhat.com>
-Date: Fri, 6 Dec 2013 17:51:14 -0500
-Subject: [PATCH] Fix config token parsing.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves: https://fedorahosted.org/gss-proxy/ticket/112
-
-Signed-off-by: Simo Sorce <simo at redhat.com>
-Reviewed-by: Günther Deschner <gdeschner at redhat.com>
----
- proxy/src/gp_config.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
-index 2fc4a6f..ee96975 100644
---- a/proxy/src/gp_config.c
-+++ b/proxy/src/gp_config.c
-@@ -153,7 +153,6 @@ static int parse_flags(const char *value, uint32_t *storage)
- return ENOMEM;
- }
-
-- token = strtok_r(str, ", ", &handle);
- for (token = strtok_r(str, ", ", &handle);
- token != NULL;
- token = strtok_r(NULL, ", ", &handle)) {
---
-1.8.3.1
-
diff --git a/gssproxy-0.3.1-gssi_inquire_context.patch b/gssproxy-0.3.1-gssi_inquire_context.patch
deleted file mode 100644
index 475441c..0000000
--- a/gssproxy-0.3.1-gssi_inquire_context.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From c17f20b949d2e80e596ce21ecd944db80aaa80b1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gdeschner at redhat.com>
-Date: Wed, 29 Jan 2014 17:59:03 +0100
-Subject: [PATCH] Fix potential segfault in gssi_inquire_context().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Günther Deschner <gdeschner at redhat.com>
-Reviewed-by: Simo Sorce <simo at redhat.com>
----
- proxy/src/mechglue/gpp_context.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c
-index 6010724..bb16a93 100644
---- a/proxy/src/mechglue/gpp_context.c
-+++ b/proxy/src/mechglue/gpp_context.c
-@@ -223,7 +223,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
- maj = gss_inquire_context(&min,
- ctx_handle->local,
- s_name ? &s_name->local : NULL,
-- s_name ? &t_name->local : NULL,
-+ t_name ? &t_name->local : NULL,
- lifetime_rec,
- &mech_oid,
- ctx_flags,
-@@ -233,7 +233,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
- maj = gpm_inquire_context(&min,
- ctx_handle->remote,
- s_name ? &s_name->remote : NULL,
-- s_name ? &t_name->remote : NULL,
-+ t_name ? &t_name->remote : NULL,
- lifetime_rec,
- &mech_oid,
- ctx_flags,
---
-1.8.5.3
-
diff --git a/gssproxy-0.3.1-nfsd_startup.patch b/gssproxy-0.3.1-nfsd_startup.patch
deleted file mode 100644
index ebd4530..0000000
--- a/gssproxy-0.3.1-nfsd_startup.patch
+++ /dev/null
@@ -1,240 +0,0 @@
-From 58a39677c961c72b052eae0b9d94b992254d6e10 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo at redhat.com>
-Date: Fri, 3 Jan 2014 16:45:35 -0500
-Subject: [PATCH 1/2] Add utility functions to read()/write() safely
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Automatically handle short reads due to singals interrupting the process.
-
-Signed-off-by: Simo Sorce <simo at redhat.com>
-Reviewed-by: Günther Deschner <gdeschner at redhat.com>
----
- proxy/src/gp_common.h | 2 ++
- proxy/src/gp_util.c | 39 +++++++++++++++++++++++++++++++++++++++
- 2 files changed, 41 insertions(+)
-
-diff --git a/proxy/src/gp_common.h b/proxy/src/gp_common.h
-index f2b8c3e..3a1b7be 100644
---- a/proxy/src/gp_common.h
-+++ b/proxy/src/gp_common.h
-@@ -69,6 +69,8 @@ bool gp_same(const char *a, const char *b);
- bool gp_boolean_is_true(const char *s);
- char *gp_getenv(const char *name);
-
-+ssize_t gp_safe_read(int fd, void *buf, size_t count);
-+ssize_t gp_safe_write(int fd, const void *buf, size_t count);
- /* NOTE: read the note in gp_util.c before using gp_strerror() */
- char *gp_strerror(int errnum);
-
-diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c
-index 4fbac4e..34f3024 100644
---- a/proxy/src/gp_util.c
-+++ b/proxy/src/gp_util.c
-@@ -29,6 +29,7 @@
- #include <stdlib.h>
- #include <stdio.h>
- #include <errno.h>
-+#include <unistd.h>
-
- bool gp_same(const char *a, const char *b)
- {
-@@ -125,3 +126,41 @@ char *gp_strerror(int errnum)
- errno = saved_errno;
- return buf;
- }
-+
-+ssize_t gp_safe_read(int fd, void *buf, size_t count)
-+{
-+ char *b = (char *)buf;
-+ ssize_t len = 0;
-+ ssize_t ret;
-+
-+ do {
-+ ret = read(fd, &b[len], count - len);
-+ if (ret == -1) {
-+ if (errno == EINTR) continue;
-+ return ret;
-+ }
-+ if (ret == 0) break; /* EOF */
-+ len += ret;
-+ } while (count > len);
-+
-+ return len;
-+}
-+
-+ssize_t gp_safe_write(int fd, const void *buf, size_t count)
-+{
-+ const char *b = (const char *)buf;
-+ ssize_t len = 0;
-+ ssize_t ret;
-+
-+ do {
-+ ret = write(fd, &b[len], count - len);
-+ if (ret == -1) {
-+ if (errno == EINTR) continue;
-+ return ret;
-+ }
-+ if (ret == 0) break; /* EOF */
-+ len += ret;
-+ } while (count > len);
-+
-+ return len;
-+}
---
-1.8.4.2
-
-
-From bd8ffcf67be8fdbe14bc49a65a8eafe904119d88 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo at redhat.com>
-Date: Fri, 3 Jan 2014 12:10:36 -0500
-Subject: [PATCH 2/2] Block parent process until child is initialized.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This way the init system will not proceed starting dependencies until gssproxy
-is actually ready to serve requests.
-In particular this is used to make sure the nfsd proc file has been touched
-before the nfsd server is started.
-
-Resolves: https://fedorahosted.org/gss-proxy/ticket/114
-
-Signed-off-by: Simo Sorce <simo at redhat.com>
-Reviewed-by: Günther Deschner <gdeschner at redhat.com>
----
- proxy/src/gp_init.c | 42 +++++++++++++++++++++++++++++++++++++++---
- proxy/src/gp_proxy.h | 3 ++-
- proxy/src/gssproxy.c | 11 +++++++++--
- 3 files changed, 50 insertions(+), 6 deletions(-)
-
-diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c
-index 830ae16..6207a78 100644
---- a/proxy/src/gp_init.c
-+++ b/proxy/src/gp_init.c
-@@ -37,12 +37,22 @@
- #include <stdio.h>
- #include "gp_proxy.h"
-
--void init_server(bool daemonize)
-+void init_server(bool daemonize, int *wait_fd)
- {
- pid_t pid, sid;
- int ret;
-
-+ *wait_fd = -1;
-+
- if (daemonize) {
-+ int pipefd[2];
-+ char buf[1];
-+
-+ /* create parent-child pipe */
-+ ret = pipe(pipefd);
-+ if (ret == -1) {
-+ exit(EXIT_FAILURE);
-+ }
-
- pid = fork();
- if (pid == -1) {
-@@ -50,10 +60,22 @@ void init_server(bool daemonize)
- exit(EXIT_FAILURE);
- }
- if (pid != 0) {
-- /* ok kill the parent */
-- exit(EXIT_SUCCESS);
-+ /* wait for child to signal it is ready */
-+ close(pipefd[1]);
-+ ret = gp_safe_read(pipefd[0], buf, 1);
-+ if (ret == 1) {
-+ /* child signaled all ok */
-+ exit(EXIT_SUCCESS);
-+ } else {
-+ /* lost child, something went wrong */
-+ exit(EXIT_FAILURE);
-+ }
- }
-
-+ /* child */
-+ close(pipefd[0]);
-+ *wait_fd = pipefd[1];
-+
- sid = setsid();
- if (sid == -1) {
- /* setsid error ? abort */
-@@ -78,6 +100,20 @@ void init_server(bool daemonize)
- gp_logging_init();
- }
-
-+void init_done(int wait_fd)
-+{
-+ char buf = 0;
-+ int ret;
-+
-+ if (wait_fd != -1) {
-+ ret = gp_safe_write(wait_fd, &buf, 1);
-+ if (ret != 1) {
-+ exit(EXIT_FAILURE);
-+ }
-+ close(wait_fd);
-+ }
-+}
-+
- void fini_server(void)
- {
- closelog();
-diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
-index 733fec5..79bebb8 100644
---- a/proxy/src/gp_proxy.h
-+++ b/proxy/src/gp_proxy.h
-@@ -106,7 +106,8 @@ struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc);
- void free_config(struct gp_config **config);
-
- /* from gp_init.c */
--void init_server(bool daemonize);
-+void init_server(bool daemonize, int *wait_fd);
-+void init_done(int wait_fd);
- void fini_server(void);
- verto_ctx *init_event_loop(void);
- void init_proc_nfsd(struct gp_config *cfg);
-diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c
-index 1bf0a0b..80430d6 100644
---- a/proxy/src/gssproxy.c
-+++ b/proxy/src/gssproxy.c
-@@ -42,6 +42,7 @@ int main(int argc, const char *argv[])
- int vflags;
- struct gssproxy_ctx *gpctx;
- struct gp_sock_ctx *sock_ctx;
-+ int wait_fd;
- int ret;
- int i;
-
-@@ -97,7 +98,7 @@ int main(int argc, const char *argv[])
- exit(EXIT_FAILURE);
- }
-
-- init_server(gpctx->config->daemonize);
-+ init_server(gpctx->config->daemonize, &wait_fd);
-
- write_pid();
-
-@@ -139,9 +140,15 @@ int main(int argc, const char *argv[])
- }
- }
-
-- /* special call to tell the Linux kernel gss-proxy is available */
-+ /* We need to tell nfsd that GSS-Proxy is available before it starts,
-+ * as nfsd needs to know GSS-Proxy is in use before the first time it
-+ * needs to call accept_sec_context. */
- init_proc_nfsd(gpctx->config);
-
-+ /* Now it is safe to tell the init system that we're done starting up,
-+ * so it can continue with dependencies and start nfsd */
-+ init_done(wait_fd);
-+
- ret = gp_workers_init(gpctx);
- if (ret) {
- exit(EXIT_FAILURE);
---
-1.8.4.2
-
diff --git a/gssproxy.spec b/gssproxy.spec
index 08c6c7e..3e9ed78 100644
--- a/gssproxy.spec
+++ b/gssproxy.spec
@@ -1,6 +1,6 @@
Name: gssproxy
-Version: 0.3.1
-Release: 4%{?dist}
+Version: 0.4.0
+Release: 1%{?dist}
Summary: GSSAPI Proxy
Group: System Environment/Libraries
@@ -9,11 +9,6 @@ URL: http://fedorahosted.org/gss-proxy
Source0: http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-Patch0: gssproxy-0.3.1-flags_handling.patch
-Patch1: gssproxy-0.3.1-nfsd_startup.patch
-Patch2: gssproxy-0.3.1-deadlock_fix.patch
-Patch3: gssproxy-0.3.1-gssi_inquire_context.patch
-
%global servicename gssproxy
%global pubconfpath %{_sysconfdir}/gssproxy
%global gpstatedir %{_localstatedir}/lib/gssproxy
@@ -22,7 +17,7 @@ Patch3: gssproxy-0.3.1-gssi_inquire_context.patch
### Dependencies ###
-Requires: krb5-libs >= 1.11.3-25
+Requires: krb5-libs >= 1.12.0
Requires: keyutils-libs
Requires: libverto-tevent
Requires(post): systemd-units
@@ -41,7 +36,7 @@ BuildRequires: docbook-style-xsl
BuildRequires: doxygen
BuildRequires: gettext-devel
BuildRequires: pkgconfig
-BuildRequires: krb5-devel >= 1.11.3-25
+BuildRequires: krb5-devel >= 1.12.0
BuildRequires: libselinux-devel
BuildRequires: keyutils-libs-devel
BuildRequires: libini_config-devel >= 1.0.0.1
@@ -57,16 +52,10 @@ A proxy for GSSAPI credential handling
%prep
%setup -q
-%patch0 -p2 -b .flags_handling
-%patch1 -p2 -b .nfsd_startup
-%patch2 -p2 -b .deadlock_fix
-%patch3 -p2 -b .gssi_inquire_context
-
-%build
autoreconf -f -i
%configure \
--with-pubconf-path=%{pubconfpath} \
- --with-init-dir=%{_initrddir} \
+ --with-initscript=systemd \
--disable-static \
--disable-rpath \
--with-gpp-default-behavior=REMOTE_FIRST
@@ -79,10 +68,9 @@ rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la
install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy
-install -d -m755 %{buildroot}%{_unitdir}
install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
-install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech
-install -m644 systemd/gssproxy.service %{buildroot}%{_unitdir}/gssproxy.service
+mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d
+install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf
%clean
rm -rf %{buildroot}
@@ -97,7 +85,7 @@ rm -rf %{buildroot}
%attr(755,root,root) %dir %{gpstatedir}
%attr(700,root,root) %dir %{gpstatedir}/clients
%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf
-%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech
+%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf
%{_libdir}/gssproxy/proxymech.so
%{_mandir}/man5/gssproxy.conf.5*
%{_mandir}/man8/gssproxy.8*
@@ -113,6 +101,14 @@ rm -rf %{buildroot}
%systemd_postun_with_restart gssproxy.service
%changelog
+* Tue Mar 24 2015 Simo Sorce <simo at redhat.com> 0.4.0-1
+- New upstream realease
+ Added optional support for running GSS-Proxy as an unprivileged user
+ Uses new /etc/gss/mech.d configuration directory for gss mechanisms
+ Kernel related fixes
+ General bug fixing, many minor errors or incorrect behaviours have been corrected
+- drop all patches, they are all included upstream
+
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
diff --git a/sources b/sources
index a395399..eb7258a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f455f4e483ecda8274d235942fa8e943 gssproxy-0.3.1.tar.gz
+56148136742a0a5c2a4ebbf060ba103f gssproxy-0.4.0.tar.gz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/gssproxy.git/commit/?h=f21&id=f3633351a6c00d8d44445b406bfc24b65173ccc0
More information about the scm-commits
mailing list