From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Aug 30 13:30:02 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E287916A41A for ; Thu, 30 Aug 2007 13:30:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BFB6813C46E for ; Thu, 30 Aug 2007 13:30:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7UDU1m7035639 for ; Thu, 30 Aug 2007 13:30:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7UDU13U035638; Thu, 30 Aug 2007 13:30:01 GMT (envelope-from gnats) Resent-Date: Thu, 30 Aug 2007 13:30:01 GMT Resent-Message-Id: <200708301330.l7UDU13U035638@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Edwin Groothuis Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 00C3816A41A for ; Thu, 30 Aug 2007 13:26:12 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: from mail5out.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) by mx1.freebsd.org (Postfix) with ESMTP id 78CD613C47E for ; Thu, 30 Aug 2007 13:26:11 +0000 (UTC) (envelope-from edwin@mavetju.org) Received: by mail5out.barnet.com.au (Postfix, from userid 1001) id CFFD72219D1E; Thu, 30 Aug 2007 23:25:50 +1000 (EST) Received: from mail5auth.barnet.com.au (mail5.barnet.com.au [202.83.178.78]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail5.barnet.com.au (Postfix) with ESMTP id 8273221B2A68 for ; Thu, 30 Aug 2007 23:25:50 +1000 (EST) Received: from k7.mavetju (k7.mavetju.org [10.251.1.18]) by mail5auth.barnet.com.au (Postfix) with ESMTP id 0A4292219D04 for ; Thu, 30 Aug 2007 23:25:50 +1000 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id 8D2D936E; Thu, 30 Aug 2007 23:25:52 +1000 (EST) Message-Id: <20070830132552.8D2D936E@k7.mavetju> Date: Thu, 30 Aug 2007 23:25:52 +1000 (EST) From: Edwin Groothuis To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/115944: [patch] net/citrix_ica - add support for non-standard root certificates X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Edwin Groothuis List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2007 13:30:02 -0000 >Number: 115944 >Category: ports >Synopsis: [patch] net/citrix_ica - add support for non-standard root certificates >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Aug 30 13:30:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Edwin Groothuis >Release: FreeBSD 6.2-RELEASE-p4 i386 >Organization: - >Environment: System: FreeBSD k7.mavetju 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386 >Description: Our Citrix server is using an Equinox signed certifate. Citrix doesn't support this root certificate by default. When installing this certificate into the keystore, the installed package will not deinstall cleanly. When reinstalling it, it complains that /usr/local/ICAclient already exist (because it didn't deinstall cleanly) This patch gives the possibility to install extra certificates by setting the variable ICA_CERTS in /etc/make.conf. >How-To-Repeat: >Fix: ? work Index: Makefile =================================================================== RCS file: /home/pcvs/ports/net/citrix_ica/Makefile,v retrieving revision 1.49 diff -u -r1.49 Makefile --- Makefile 23 Aug 2007 04:00:01 -0000 1.49 +++ Makefile 30 Aug 2007 13:18:46 -0000 @@ -26,6 +27,14 @@ CDIR= ${PREFIX}/ICAClient BINDIR= ${PREFIX}/bin +CERTDIR= ${CDIR}/keystore/cacerts + +PLIST_SUB= MOZILLA_HOME=${MOZILLA_HOME} +.if defined(ICA_CERTS) +PLIST_SUB+= HAVE_ICA_CERTS="" ICA_CERTS="${ICA_CERTS}" CERTDIR="${CERTDIR}" +.else +PLIST_SUB+= HAVE_ICA_CERTS="@comment " +.endif NSCP= ${LOCALBASE}/libexec/netscape \ ${LOCALBASE}/libexec/netscape-linux \ @@ -35,8 +44,6 @@ ${LOCALBASE}/lib/netscape-linux \ ${MOZILLA_HOME} -PLIST_SUB= MOZILLA_HOME=${MOZILLA_HOME} - .include .if exists(${PREFIX}/bin/kde-config) @@ -60,6 +67,18 @@ @${FALSE} .endif +.if defined(ICA_CERTS) +pre-fetch: +.for f in ${ICA_CERTS} + @echo "Checking ${f}" +.if !exists(${DISTDIR}/${f}) + @echo "Cert ${f} not found." + @exit 1 +.endif +.endfor +.endif + + do-install: @if (test -d "${CDIR}") ; \ then \ @@ -80,4 +99,10 @@ ${INSTALL_SCRIPT} ${WRKSRC}/wfica.x ${PREFIX}/bin/wfica # XXX: This is missing a "${BRANDELF} -t Linux ". +.if defined(ICA_CERTS) +.for f in ${ICA_CERTS} + ${INSTALL_DATA} ${DISTDIR}/${f} ${CERTDIR} +.endfor +.endif + .include Index: pkg-descr =================================================================== RCS file: /home/pcvs/ports/net/citrix_ica/pkg-descr,v retrieving revision 1.4 diff -u -r1.4 pkg-descr --- pkg-descr 17 Jun 2006 09:58:51 -0000 1.4 +++ pkg-descr 30 Aug 2007 13:18:46 -0000 @@ -10,4 +10,15 @@ are powerful management and configuration tools and faster, more flexible printing. + +If your Citrix server does not have one of the supplied root-certificates, +you can copy the certificate to /usr/ports/distfiles and add the +following line to your /etc/make.conf: + + ICA_CERTS=mycert.crt + +It will then automatically be installed and removed with the normal +FreeBSD package tools. + + WWW: http://www.citrix.com/English/ps2/products/product.asp?contentID=186 Index: pkg-plist =================================================================== RCS file: /home/pcvs/ports/net/citrix_ica/pkg-plist,v retrieving revision 1.11 diff -u -r1.11 pkg-plist --- pkg-plist 20 Mar 2007 18:42:24 -0000 1.11 +++ pkg-plist 30 Aug 2007 13:18:46 -0000 @@ -98,6 +98,7 @@ ICAClient/keystore/cacerts/GTECTGlobalRoot.crt ICAClient/keystore/cacerts/Pcs3ss_v4.crt ICAClient/keystore/cacerts/SecureServer.crt +%%HAVE_ICA_CERTS%%@unexec for f in %%ICA_CERTS%%; do rm %%CERTDIR%%/${f}; done ICAClient/libctxssl.so ICAClient/nls/en/UTF-8/Wfcmgr ICAClient/nls/en/UTF-8/Wfica >Release-Note: >Audit-Trail: >Unformatted: