From owner-svn-ports-head@FreeBSD.ORG Wed Jul 31 13:59:07 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5D1E2820; Wed, 31 Jul 2013 13:59:07 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3B1B623B3; Wed, 31 Jul 2013 13:59:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6VDx6aL077050; Wed, 31 Jul 2013 13:59:06 GMT (envelope-from hrs@svn.freebsd.org) Received: (from hrs@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6VDx5dB077041; Wed, 31 Jul 2013 13:59:05 GMT (envelope-from hrs@svn.freebsd.org) Message-Id: <201307311359.r6VDx5dB077041@svn.freebsd.org> From: Hiroki Sato Date: Wed, 31 Jul 2013 13:59:05 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r324052 - in head/security/trousers: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2013 13:59:07 -0000 Author: hrs Date: Wed Jul 31 13:59:04 2013 New Revision: 324052 URL: http://svnweb.freebsd.org/changeset/ports/324052 Log: - Unbreak clang build. - Remove PORTEXAMPLES. pkg-plist was broken due to it[*]. - Add extra patches for EMULATOR option. - Create /var/run/{tpm,ima} in rc.d/tcsd script. Spotted by: antoine [*] Added: head/security/trousers/files/extra-patch-src-tcs-Makefile.am (contents, props changed) head/security/trousers/files/extra-patch-src-tcsd-Makefile.am (contents, props changed) head/security/trousers/files/extra-patch-src-tddl-Makefile.am (contents, props changed) Modified: head/security/trousers/Makefile head/security/trousers/files/patch-src-tcs-ps-ps_utils.c head/security/trousers/files/patch-src-tcsd-svrside.c head/security/trousers/files/tcsd.in head/security/trousers/pkg-plist Modified: head/security/trousers/Makefile ============================================================================== --- head/security/trousers/Makefile Wed Jul 31 13:30:18 2013 (r324051) +++ head/security/trousers/Makefile Wed Jul 31 13:59:04 2013 (r324052) @@ -3,6 +3,7 @@ PORTNAME= trousers PORTVERSION= 0.3.10 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} @@ -15,7 +16,6 @@ LICENSE_FILE= ${WRKSRC}/LICENSE LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept USES= gmake iconv pkgconfig -USE_GCC= any USE_OPENSSL= YES USE_LDCONFIG= YES USE_AUTOTOOLS= autoconf automake libtool @@ -25,14 +25,12 @@ GNU_CONFIGURE= YES CONFIGURE_ARGS= --with-gui=none --enable-static \ --localstatedir=${PREFIX}/var \ --with-tssuser=${USERS} --with-tssgroup=${GROUPS} -MAKE_JOBS_SAFE= YES SUB_FILES= pkg-message SUB_LIST= USERS=${USERS} GROUPS=${GROUPS} USERS= _tss GROUPS= _tss -PORTEXAMPLES= tcsd.conf -OPTIONS_DEFINE= EMULATOR EXAMPLES DEBUG +OPTIONS_DEFINE= EMULATOR DEBUG EMULATOR_DESC= Build for use with the tpm-emulator .include "Makefile.man" @@ -62,29 +60,12 @@ run-autotools: run-autotools-autoreconf run-autotools-autoreconf: @cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOTOOLS_ENV} ${AUTORECONF} -i -.if ${PORT_OPTIONS:MEXAMPLES} -post-install: install-examples -.endif - -install-examples: - @${MKDIR} ${EXAMPLESDIR} - ${INSTALL_DATA} -o ${USERS} -g ${GROUPS} -m 0600 \ - ${WRKSRC}/dist/tcsd.conf ${EXAMPLESDIR}/tcsd.conf - post-install: + ${INSTALL_DATA} -o ${USERS} -g ${GROUPS} -m 0600 \ + ${WRKSRC}/dist/tcsd.conf ${PREFIX}/etc/tcsd.conf.dist @[ -f ${PREFIX}/etc/tcsd.conf ] || \ - ${INSTALL_DATA} ${EXAMPLESDIR}/tcsd.conf ${PREFIX}/etc/tcsd.conf - @${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 /var/run/tpm - @${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 /var/run/ima - @${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 ${PREFIX}/var/lib/tpm + ${INSTALL_DATA} -o ${USERS} -g ${GROUPS} -m 0600 \ + ${WRKSRC}/dist/tcsd.conf ${PREFIX}/etc/tcsd.conf @${CAT} ${PKGMESSAGE} -add-plist-post: - @(${ECHO_CMD} "@cwd /"; \ - ${ECHO_CMD} "@unexec ${RMDIR} var/run/tpm 2>/dev/null || true"; \ - ${ECHO_CMD} "@exec ${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 var/run/tpm"; \ - ${ECHO_CMD} "@unexec ${RMDIR} var/run/ima 2>/dev/null || true"; \ - ${ECHO_CMD} "@exec ${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 var/run/ima"; \ - ) >> ${TMPPLIST} - .include Added: head/security/trousers/files/extra-patch-src-tcs-Makefile.am ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/trousers/files/extra-patch-src-tcs-Makefile.am Wed Jul 31 13:59:04 2013 (r324052) @@ -0,0 +1,11 @@ +--- src/tcs/Makefile.am.orig 2013-07-27 04:22:06.000000000 +0900 ++++ src/tcs/Makefile.am 2013-07-27 04:22:21.000000000 +0900 +@@ -1,7 +1,7 @@ + noinst_LIBRARIES=libtcs.a + + CFLAGS+=-I${top_srcdir}/src/include +-libtcs_a_LIBADD=${top_builddir}/src/tddl/libtddl.a ++libtcs_a_LIBADD=${LOCALBASE}/lib/libtddl.a + libtcs_a_CFLAGS=-DAPPID=\"TCSD\ TCS\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -fPIE -DPIE + + libtcs_a_SOURCES=log.c \ Added: head/security/trousers/files/extra-patch-src-tcsd-Makefile.am ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/trousers/files/extra-patch-src-tcsd-Makefile.am Wed Jul 31 13:59:04 2013 (r324052) @@ -0,0 +1,11 @@ +--- src/tcsd/Makefile.am.orig 2013-07-27 04:22:53.000000000 +0900 ++++ src/tcsd/Makefile.am 2013-07-27 04:24:06.000000000 +0900 +@@ -1,7 +1,7 @@ + sbin_PROGRAMS=tcsd + + tcsd_CFLAGS=-DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include -fPIE -DPIE +-tcsd_LDADD=${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@ ++tcsd_LDADD=${LOCALBASE}/lib/libtcs.a ${LOCALBASE}/lib/libtddl.a ${PTHREAD_LIB} @CRYPTOLIB@ + tcsd_LDFLAGS=-pie -Wl,-z,relro -Wl,-z,now + + tcsd_SOURCES=svrside.c tcsd_conf.c tcsd_threads.c platform.c Added: head/security/trousers/files/extra-patch-src-tddl-Makefile.am ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/trousers/files/extra-patch-src-tddl-Makefile.am Wed Jul 31 13:59:04 2013 (r324052) @@ -0,0 +1,8 @@ +--- src/tddl/Makefile.am.orig 2013-07-27 04:24:29.000000000 +0900 ++++ src/tddl/Makefile.am 2013-07-27 04:24:42.000000000 +0900 +@@ -1,4 +1,4 @@ +-lib_LIBRARIES=libtddl.a ++lib_LIBRARIES= + + libtddl_a_SOURCES=tddl.c + libtddl_a_CFLAGS=-DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include -fPIE -DPIE Modified: head/security/trousers/files/patch-src-tcs-ps-ps_utils.c ============================================================================== --- head/security/trousers/files/patch-src-tcs-ps-ps_utils.c Wed Jul 31 13:30:18 2013 (r324051) +++ head/security/trousers/files/patch-src-tcs-ps-ps_utils.c Wed Jul 31 13:59:04 2013 (r324052) @@ -1,5 +1,5 @@ ---- src/tcs/ps/ps_utils.c.orig 2010-07-01 00:15:00.000000000 +0900 -+++ src/tcs/ps/ps_utils.c 2010-10-24 21:04:04.832556427 +0900 +--- src/tcs/ps/ps_utils.c.orig 2012-09-20 02:24:48.000000000 +0900 ++++ src/tcs/ps/ps_utils.c 2013-07-31 22:18:59.000000000 +0900 @@ -16,10 +16,18 @@ #if defined(HAVE_BYTEORDER_H) #include @@ -19,28 +19,27 @@ #else #define LE_16(x) (x) #define LE_32(x) (x) -@@ -39,6 +47,24 @@ - #include "tcs_utils.h" - #include "tcslog.h" - -+#ifndef LE_16 -+static UINT16 htole16(UINT16 x) -+{ -+ BYTE *b = &x; -+ return (UINT16) (b[0] + (b[1] << 8)); -+} -+#define LE_16 htole16 -+#endif -+ -+#ifndef LE_32 -+static UINT32 htole32(UINT32 x) -+{ -+ BYTE *b = &x; -+ return (UINT32) (b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24)); -+} -+#define LE_32 htole32 -+#endif -+ +@@ -42,11 +50,7 @@ struct key_disk_cache *key_disk_cache_head = NULL; +-#ifdef SOLARIS + TSS_RESULT +-#else +-inline TSS_RESULT +-#endif + read_data(int fd, void *data, UINT32 size) + { + int rc; +@@ -64,11 +68,7 @@ + } + + +-#ifdef SOLARIS + TSS_RESULT +-#else +-inline TSS_RESULT +-#endif + write_data(int fd, void *data, UINT32 size) + { + int rc; Modified: head/security/trousers/files/patch-src-tcsd-svrside.c ============================================================================== --- head/security/trousers/files/patch-src-tcsd-svrside.c Wed Jul 31 13:30:18 2013 (r324051) +++ head/security/trousers/files/patch-src-tcsd-svrside.c Wed Jul 31 13:59:04 2013 (r324052) @@ -1,37 +1,17 @@ --- src/tcsd/svrside.c.orig 2012-09-25 23:23:01.000000000 +0900 -+++ src/tcsd/svrside.c 2013-07-27 04:04:45.000000000 +0900 -@@ -20,7 +20,6 @@ - #include - #include - #include --#include - #if (defined (__OpenBSD__) || defined (__FreeBSD__)) - #include - #endif -@@ -72,6 +71,32 @@ ++++ src/tcsd/svrside.c 2013-07-31 22:12:08.000000000 +0900 +@@ -66,12 +66,19 @@ + close(sd); + } + +-void ++static void + tcsd_signal_hup(int signal) + { hup = 1; } -+void -+tcsd_signal_int(int signal) -+{ -+ switch (signal) { -+ case SIGINT: -+ LogInfo("Caught SIGINT. Cleaning up and exiting."); -+ break; -+ case SIGHUP: -+ LogInfo("Caught SIGHUP. Cleaning up and exiting."); -+ break; -+ default: -+ LogError("Caught signal %d (which I didn't register for!)." -+ " Ignoring.", signal); -+ break; -+ } -+ tcsd_shutdown(); -+ exit(signal); -+} -+ -+void ++static void +tcsd_signal_chld(int signal) +{ + @@ -41,7 +21,7 @@ static TSS_RESULT signals_init(void) { -@@ -80,6 +105,14 @@ +@@ -80,6 +87,14 @@ struct sigaction sa; sigemptyset(&sigmask); @@ -56,31 +36,23 @@ if ((rc = sigaddset(&sigmask, SIGTERM))) { LogError("sigaddset: %s", strerror(errno)); return TCSERR(TSS_E_INTERNAL_ERROR); -@@ -94,25 +127,30 @@ +@@ -102,12 +117,24 @@ return TCSERR(TSS_E_INTERNAL_ERROR); } -- sa.sa_flags = 0; -- sigemptyset(&sa.sa_mask); -- sa.sa_handler = tcsd_signal_term; -- if ((rc = sigaction(SIGTERM, &sa, NULL))) { -- LogError("signal SIGTERM not registered: %s", strerror(errno)); -+ tcsd_sa_int.sa_handler = tcsd_signal_int; -+ tcsd_sa_chld.sa_handler = tcsd_signal_chld; -+ tcsd_sa_chld.sa_flags = SA_RESTART; -+ -+ if ((rc = sigaction(SIGINT, &tcsd_sa_int, NULL))) { ++ if ((rc = sigaction(SIGINT, &sa, NULL))) { + LogError("signal SIGINT not registered: %s", strerror(errno)); - return TCSERR(TSS_E_INTERNAL_ERROR); - } - -- sa.sa_handler = tcsd_signal_hup; -- if ((rc = sigaction(SIGHUP, &sa, NULL))) { -+ if ((rc = sigaction(SIGHUP, &tcsd_sa_int, NULL))) { ++ return TCSERR(TSS_E_INTERNAL_ERROR); ++ } ++ + sa.sa_handler = tcsd_signal_hup; + if ((rc = sigaction(SIGHUP, &sa, NULL))) { LogError("signal SIGHUP not registered: %s", strerror(errno)); return TCSERR(TSS_E_INTERNAL_ERROR); } ++ sa.sa_flags = SA_RESTART; ++ sa.sa_handler = tcsd_signal_chld; + if ((rc = sigaction(SIGCHLD, &tcsd_sa_chld, NULL))) { + LogError("signal SIGCHLD not registered: %s", strerror(errno)); + return TCSERR(TSS_E_INTERNAL_ERROR); @@ -89,53 +61,22 @@ return TSS_SUCCESS; } --static TSS_RESULT --tcsd_startup(void) -+TSS_RESULT -+tcsd_startup() - { - TSS_RESULT result; - -@@ -186,7 +224,6 @@ - return TSS_SUCCESS; - } - -- - void - usage(void) - { -@@ -199,19 +236,6 @@ - fprintf(stderr, "\n"); - } - --static TSS_RESULT --reload_config(void) --{ -- TSS_RESULT result; -- hup = 0; -- -- // FIXME: reload the config - work in progress -- result = TSS_SUCCESS; -- -- return result; --} -- -- - int - main(int argc, char **argv) - { -@@ -220,7 +244,6 @@ - int newsd, c, option_index = 0; - unsigned client_len; - char *hostname = NULL; -- struct passwd *pwd; - struct hostent *client_hostent = NULL; - struct option long_options[] = { - {"help", 0, NULL, 'h'}, -@@ -256,6 +279,14 @@ +@@ -256,6 +283,26 @@ if ((result = tcsd_startup())) return (int)result; ++ pwd = getpwnam(TSS_USER_NAME); ++ if (pwd == NULL) { ++ if (errno == 0) { ++ LogError("User \"%s\" not found, please add this user" ++ " manually.", TSS_USER_NAME); ++ } else { ++ LogError("getpwnam(%s): %s", TSS_USER_NAME, strerror(errno)); ++ } ++ return TCSERR(TSS_E_INTERNAL_ERROR); ++ } ++ setuid(pwd->pw_uid); ++ + if (getenv("TCSD_FOREGROUND") == NULL) { + if (daemon(0, 0) == -1) { + perror("daemon"); @@ -147,7 +88,7 @@ sd = socket(AF_INET, SOCK_STREAM, 0); if (sd < 0) { LogError("Failed socket: %s", strerror(errno)); -@@ -279,51 +310,20 @@ +@@ -279,33 +326,12 @@ LogError("Failed bind: %s", strerror(errno)); return -1; } @@ -181,41 +122,3 @@ LogInfo("%s: TCSD up and running.", PACKAGE_STRING); do { newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len); -+ LogDebug("accepted socket %i", newsd); - if (newsd < 0) { -- if (errno == EINTR) { -- if (term) -- break; -- else if (hup) { -- if (reload_config() != TSS_SUCCESS) -- LogError("Failed reloading config"); -- } -- continue; -- } else { -- LogError("Failed accept: %s", strerror(errno)); -- continue; -- } -+ LogError("Failed accept: %s", strerror(errno)); -+ break; - } -- LogDebug("accepted socket %i", newsd); - - if ((client_hostent = gethostbyaddr((char *) &client_addr.sin_addr, - sizeof(client_addr.sin_addr), -@@ -343,13 +343,9 @@ - - tcsd_thread_create(newsd, hostname); - hostname = NULL; -- if (hup) { -- if (reload_config() != TSS_SUCCESS) -- LogError("Failed reloading config"); -- } -- } while (term ==0); -+ } while (1); - -- /* To close correctly, we must receive a SIGTERM */ -- tcsd_shutdown(); -+ /* To close correctly, we must recieve a SIGHUP */ -+ return -1; - return 0; - } Modified: head/security/trousers/files/tcsd.in ============================================================================== --- head/security/trousers/files/tcsd.in Wed Jul 31 13:30:18 2013 (r324051) +++ head/security/trousers/files/tcsd.in Wed Jul 31 13:59:04 2013 (r324052) @@ -18,8 +18,19 @@ name=tcsd rcvar=tcsd_enable command="%%PREFIX%%/sbin/${name}" +start_precmd="tcsd_precmd" required_files="%%PREFIX%%/etc/${name}.conf" +tcsd_precmd() +{ + /usr/bin/install -d -m 0700 -o %%USERS%% -g %%GROUPS%% \ + /var/run/tpm /var/run/ima %%PREFIX%%/var/lib/tpm + /usr/sbin/chown %%USERS%%:%%GROUPS%% \ + %%PREFIX%%/etc/tcsd.conf + /bin/chmod 0600 \ + %%PREFIX%%/etc/tcsd.conf +} + load_rc_config $name : tcsd_enable=${tcsd_enable-"NO"} Modified: head/security/trousers/pkg-plist ============================================================================== --- head/security/trousers/pkg-plist Wed Jul 31 13:30:18 2013 (r324051) +++ head/security/trousers/pkg-plist Wed Jul 31 13:59:04 2013 (r324052) @@ -1,6 +1,4 @@ @comment $FreeBSD$ -@unexec cmp -s %D/etc/tcsd.conf %D/%%EXAMPLESDIR%%/tcsd.conf && rm -f %D/etc/tcsd.conf || true -@exec [ -f %D/etc/tcsd.conf ] || cp -p %B/%f %D/etc/tcsd.conf include/trousers/trousers.h include/trousers/tss.h include/tss/compat11b.h @@ -32,6 +30,9 @@ lib/libtspi.la lib/libtspi.so lib/libtspi.so.3 sbin/tcsd +@unexec cmp -s %D/etc/tcsd.conf %D/etc/tcsd.conf.dist && rm -f %D/etc/tcsd.conf || true +etc/tcsd.conf.dist +@exec [ -f %D/etc/tcsd.conf ] || cp -p %D/etc/tcsd.conf.dist %D/etc/tcsd.conf @dirrmtry var/lib/tpm @dirrmtry var/lib @dirrmtry var