Date: Thu, 30 Aug 2007 23:25:52 +1000 (EST) From: Edwin Groothuis <edwin@mavetju.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/115944: [patch] net/citrix_ica - add support for non-standard root certificates Message-ID: <20070830132552.8D2D936E@k7.mavetju> Resent-Message-ID: <200708301330.l7UDU13U035638@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 115944
>Category: ports
>Synopsis: [patch] net/citrix_ica - add support for non-standard root certificates
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 30 13:30:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Edwin Groothuis
>Release: FreeBSD 6.2-RELEASE-p4 i386
>Organization:
-
>Environment:
System: FreeBSD k7.mavetju 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
Our Citrix server is using an Equinox signed certifate. Citrix
doesn't support this root certificate by default. When installing
this certificate into the keystore, the installed package will not
deinstall cleanly. When reinstalling it, it complains that
/usr/local/ICAclient already exist (because it didn't deinstall
cleanly)
This patch gives the possibility to install extra certificates by
setting the variable ICA_CERTS in /etc/make.conf.
>How-To-Repeat:
>Fix:
? work
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/net/citrix_ica/Makefile,v
retrieving revision 1.49
diff -u -r1.49 Makefile
--- Makefile 23 Aug 2007 04:00:01 -0000 1.49
+++ Makefile 30 Aug 2007 13:18:46 -0000
@@ -26,6 +27,14 @@
CDIR= ${PREFIX}/ICAClient
BINDIR= ${PREFIX}/bin
+CERTDIR= ${CDIR}/keystore/cacerts
+
+PLIST_SUB= MOZILLA_HOME=${MOZILLA_HOME}
+.if defined(ICA_CERTS)
+PLIST_SUB+= HAVE_ICA_CERTS="" ICA_CERTS="${ICA_CERTS}" CERTDIR="${CERTDIR}"
+.else
+PLIST_SUB+= HAVE_ICA_CERTS="@comment "
+.endif
NSCP= ${LOCALBASE}/libexec/netscape \
${LOCALBASE}/libexec/netscape-linux \
@@ -35,8 +44,6 @@
${LOCALBASE}/lib/netscape-linux \
${MOZILLA_HOME}
-PLIST_SUB= MOZILLA_HOME=${MOZILLA_HOME}
-
.include <bsd.port.pre.mk>
.if exists(${PREFIX}/bin/kde-config)
@@ -60,6 +67,18 @@
@${FALSE}
.endif
+.if defined(ICA_CERTS)
+pre-fetch:
+.for f in ${ICA_CERTS}
+ @echo "Checking ${f}"
+.if !exists(${DISTDIR}/${f})
+ @echo "Cert ${f} not found."
+ @exit 1
+.endif
+.endfor
+.endif
+
+
do-install:
@if (test -d "${CDIR}") ; \
then \
@@ -80,4 +99,10 @@
${INSTALL_SCRIPT} ${WRKSRC}/wfica.x ${PREFIX}/bin/wfica
# XXX: This is missing a "${BRANDELF} -t Linux <executables>".
+.if defined(ICA_CERTS)
+.for f in ${ICA_CERTS}
+ ${INSTALL_DATA} ${DISTDIR}/${f} ${CERTDIR}
+.endfor
+.endif
+
.include <bsd.port.post.mk>
Index: pkg-descr
===================================================================
RCS file: /home/pcvs/ports/net/citrix_ica/pkg-descr,v
retrieving revision 1.4
diff -u -r1.4 pkg-descr
--- pkg-descr 17 Jun 2006 09:58:51 -0000 1.4
+++ pkg-descr 30 Aug 2007 13:18:46 -0000
@@ -10,4 +10,15 @@
are powerful management and configuration tools and faster, more
flexible printing.
+
+If your Citrix server does not have one of the supplied root-certificates,
+you can copy the certificate to /usr/ports/distfiles and add the
+following line to your /etc/make.conf:
+
+ ICA_CERTS=mycert.crt
+
+It will then automatically be installed and removed with the normal
+FreeBSD package tools.
+
+
WWW: http://www.citrix.com/English/ps2/products/product.asp?contentID=186
Index: pkg-plist
===================================================================
RCS file: /home/pcvs/ports/net/citrix_ica/pkg-plist,v
retrieving revision 1.11
diff -u -r1.11 pkg-plist
--- pkg-plist 20 Mar 2007 18:42:24 -0000 1.11
+++ pkg-plist 30 Aug 2007 13:18:46 -0000
@@ -98,6 +98,7 @@
ICAClient/keystore/cacerts/GTECTGlobalRoot.crt
ICAClient/keystore/cacerts/Pcs3ss_v4.crt
ICAClient/keystore/cacerts/SecureServer.crt
+%%HAVE_ICA_CERTS%%@unexec for f in %%ICA_CERTS%%; do rm %%CERTDIR%%/${f}; done
ICAClient/libctxssl.so
ICAClient/nls/en/UTF-8/Wfcmgr
ICAClient/nls/en/UTF-8/Wfica
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070830132552.8D2D936E>