diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-03-09 22:56:17 -0400 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-03-09 22:56:17 -0400 |
commit | ffc22c69eb3376d0e7576f2be2e79e6a94375398 (patch) | |
tree | 23ee96981811674262a3e27a06a4c07652932613 /packaging/freebsd | |
parent | 02ef7e000ee2ed085135905c7fecf2a342ae7fc5 (diff) |
More FreeBSD packaging work: removing gnutls patches -- not needed for monkeysphere; updating maintainer scripts.
Diffstat (limited to 'packaging/freebsd')
4 files changed, 42 insertions, 169 deletions
diff --git a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff deleted file mode 100644 index 2450bc3..0000000 --- a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff +++ /dev/null @@ -1,144 +0,0 @@ ---- ./lib/opencdk/opencdk.h.orig 2008-06-30 16:45:51.000000000 -0400 -+++ ./lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400 -@@ -214,7 +214,11 @@ - enum cdk_s2k_type_t { - CDK_S2K_SIMPLE = 0, - CDK_S2K_SALTED = 1, -- CDK_S2K_ITERSALTED = 3 -+ CDK_S2K_ITERSALTED = 3, -+ CDK_S2K_GNU_EXT = 101 -+ /* GNU S2K extensions: refer to DETAILS from GnuPG: -+ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG -+ */ - }; - - ---- ./lib/opencdk/read-packet.c.orig 2008-06-30 16:45:51.000000000 -0400 -+++ ./lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400 -@@ -78,10 +78,35 @@ - } - - --static int -+/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */ -+static cdk_error_t - read_s2k (cdk_stream_t inp, cdk_s2k_t s2k) - { -- return CDK_Not_Implemented; -+ size_t nread; -+ -+ s2k->mode = cdk_stream_getc (inp); -+ s2k->hash_algo = cdk_stream_getc (inp); -+ if (s2k->mode == CDK_S2K_SIMPLE) -+ return 0; -+ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) -+ { -+ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) -+ return CDK_Inv_Packet; -+ if (nread != DIM (s2k->salt)) -+ return CDK_Inv_Packet; -+ -+ if (s2k->mode == CDK_S2K_ITERSALTED) -+ s2k->count = cdk_stream_getc (inp); -+ } -+ else if (s2k->mode == CDK_S2K_GNU_EXT) -+ { -+ /* GNU extensions to the S2K : read DETAILS from gnupg */ -+ return 0; -+ } -+ else -+ return CDK_Not_Implemented; -+ -+ return 0; - } - - -@@ -194,6 +219,7 @@ - static cdk_error_t - read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske) - { -+ cdk_error_t ret; - cdk_s2k_t s2k; - size_t minlen; - size_t nread, nleft; -@@ -213,7 +239,9 @@ - return CDK_Out_Of_Core; - - ske->cipher_algo = cdk_stream_getc (inp); -- s2k->mode = cdk_stream_getc (inp); -+ ret = read_s2k(inp, s2k); -+ if (ret != 0) -+ return ret; - switch (s2k->mode) - { - case CDK_S2K_SIMPLE : minlen = 0; break; -@@ -225,18 +253,6 @@ - return CDK_Inv_Packet; - } - -- s2k->hash_algo = cdk_stream_getc (inp); -- if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) -- { -- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) -- return CDK_Inv_Packet; -- if (nread != DIM (s2k->salt)) -- return CDK_Inv_Packet; -- -- if (s2k->mode == CDK_S2K_ITERSALTED) -- s2k->count = cdk_stream_getc (inp); -- } -- - ske->seskeylen = pktlen - 4 - minlen; - /* We check if there is an encrypted session key and if it fits into - the buffer. The maximal key length is 256-bit. */ -@@ -421,14 +437,19 @@ - rc = read_s2k (inp, sk->protect.s2k); - if (rc) - return rc; -- sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); -- if (!sk->protect.ivlen) -- return CDK_Inv_Packet; -- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); -- if (rc) -- return rc; -- if (nread != sk->protect.ivlen) -- return CDK_Inv_Packet; -+ /* refer to --export-secret-subkeys in gpg(1) */ -+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) -+ sk->protect.ivlen = 0; -+ else { -+ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); -+ if (!sk->protect.ivlen) -+ return CDK_Inv_Packet; -+ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); -+ if (rc) -+ return rc; -+ if (nread != sk->protect.ivlen) -+ return CDK_Inv_Packet; -+ } - } - else - sk->protect.algo = sk->s2k_usage; -@@ -476,6 +497,22 @@ - return CDK_Out_Of_Core; - if (stream_read (inp, sk->encdata, sk->enclen, &nread)) - return CDK_Inv_Packet; -+ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */ -+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) { -+ unsigned char gnumode; -+ if ((sk->enclen < strlen("GNU") + 1) || -+ (0 != memcmp("GNU", sk->encdata, strlen("GNU")))) -+ return CDK_Inv_Packet; -+ gnumode = sk->encdata[strlen("GNU")]; -+ /* we only handle gnu-dummy (mode 1). -+ mode 2 should refer to external smart cards. -+ */ -+ if (gnumode != 1) -+ return CDK_Inv_Packet; -+ /* gnu-dummy should have no more data */ -+ if (sk->enclen != strlen("GNU") + 1) -+ return CDK_Inv_Packet; -+ } - nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); - if (!nskey) - return CDK_Inv_Algo; diff --git a/packaging/freebsd/security/monkeysphere/pkg-deinstall b/packaging/freebsd/security/monkeysphere/pkg-deinstall index 3000878..3e69eab 100755 --- a/packaging/freebsd/security/monkeysphere/pkg-deinstall +++ b/packaging/freebsd/security/monkeysphere/pkg-deinstall @@ -4,9 +4,9 @@ # monkeysphere's debian/monkeysphere.postrm) # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -# Copyright 2008 +# Copyright 2008,2009 -# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FIXME: is /var/monkeysphere the right place for this stuff on # FreeBSD? VARLIB="/var/monkeysphere" diff --git a/packaging/freebsd/security/monkeysphere/pkg-install b/packaging/freebsd/security/monkeysphere/pkg-install index 70d37b5..435c69a 100755 --- a/packaging/freebsd/security/monkeysphere/pkg-install +++ b/packaging/freebsd/security/monkeysphere/pkg-install @@ -5,9 +5,9 @@ # debian/monkeysphere.postinst) # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -# Copyright 2008 +# Copyright 2008,2009 -# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FIXME: is /var/monkeysphere the right place for this stuff on # FreeBSD? # PostgreSQL puts its data in /usr/local/pgsql/data @@ -57,16 +57,8 @@ POST-INSTALL) fi fi - ## set up the cache directories, and link them to the config files: + ## set up the monkeysphere authentication cache directory: - install -d -o root -g monkeysphere -m 750 "$VARLIB"/gnupg-host - ln -sf "$ETCDIR"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf - - install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication - ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf - - install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys - - monkeysphere-server diagnostics + monkeysphere-authentication setup ;; esac diff --git a/packaging/freebsd/security/monkeysphere/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist index 9d9d40a..b52f998 100644 --- a/packaging/freebsd/security/monkeysphere/pkg-plist +++ b/packaging/freebsd/security/monkeysphere/pkg-plist @@ -1,24 +1,49 @@ -sbin/monkeysphere-server +sbin/monkeysphere-host +sbin/monkeysphere-authentication share/doc/monkeysphere/TODO share/doc/monkeysphere/MonkeySpec share/doc/monkeysphere/getting-started-user.mdwn share/doc/monkeysphere/getting-started-admin.mdwn bin/openpgp2ssh -bin/monkeysphere-ssh-proxycommand +bin/pem2openpgp bin/monkeysphere +share/monkeysphere/mh +share/monkeysphere/mh/publish_key +share/monkeysphere/mh/import_key +share/monkeysphere/mh/set_expire +share/monkeysphere/mh/diagnostics +share/monkeysphere/mh/add_hostname +share/monkeysphere/mh/add_revoker +share/monkeysphere/mh/revoke_hostname +share/monkeysphere/mh/revoke_key +share/monkeysphere/keytrans +share/monkeysphere/defaultenv +share/monkeysphere/VERSION +share/monkeysphere/transitions +share/monkeysphere/transitions/0.23 +share/monkeysphere/transitions/README.txt +share/monkeysphere/ma +share/monkeysphere/ma/list_certifiers +share/monkeysphere/ma/add_certifier +share/monkeysphere/ma/update_users +share/monkeysphere/ma/setup +share/monkeysphere/ma/remove_certifier +share/monkeysphere/ma/diagnostics share/monkeysphere/common +share/monkeysphere/m +share/monkeysphere/m/gen_subkey +share/monkeysphere/m/ssh_proxycommand +share/monkeysphere/m/subkey_to_ssh_agent +share/monkeysphere/m/import_subkey @unexec if cmp -s %D/etc/monkeysphere/monkeysphere.conf.sample %D/etc/monkeysphere/monkeysphere.conf; then rm -f %D/etc/monkeysphere/monkeysphere.conf; fi etc/monkeysphere/monkeysphere.conf.sample @exec if [ ! -f %D/etc/monkeysphere/monkeysphere.conf ] ; then cp -p %D/%F %B/monkeysphere.conf; fi -@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi -etc/monkeysphere/monkeysphere-server.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi -@unexec if cmp -s %D/etc/monkeysphere/gnupg-host.conf.sample %D/etc/monkeysphere/gnupg-host.conf; then rm -f %D/etc/monkeysphere/gnupg-host.conf; fi -etc/monkeysphere/gnupg-host.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/gnupg-host.conf ] ; then cp -p %D/%F %B/gnupg-host.conf; fi -@unexec if cmp -s %D/etc/monkeysphere/gnupg-authentication.conf.sample %D/etc/monkeysphere/gnupg-authentication.conf; then rm -f %D/etc/monkeysphere/gnupg-authentication.conf; fi -etc/monkeysphere/gnupg-authentication.conf.sample -@exec if [ ! -f %D/etc/monkeysphere/gnupg-authentication.conf ] ; then cp -p %D/%F %B/gnupg-authentication.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-host.conf.sample %D/etc/monkeysphere/monkeysphere-host.conf; then rm -f %D/etc/monkeysphere/monkeysphere-host.conf; fi +etc/monkeysphere/monkeysphere-host.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-host.conf ] ; then cp -p %D/%F %B/monkeysphere-host.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-authentication.conf.sample %D/etc/monkeysphere/monkeysphere-authentication.conf; then rm -f %D/etc/monkeysphere/monkeysphere-authentication.conf; fi +etc/monkeysphere/monkeysphere-authentication.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-authentication.conf ] ; then cp -p %D/%F %B/monkeysphere-authentication.conf; fi @dirrm share/doc/monkeysphere @dirrm share/monkeysphere @dirrm etc/monkeysphere |