Date: Tue, 22 Mar 2011 18:06:26 -0700 From: Craig Leres <leres@ee.lbl.gov> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/155876: [PATCH] security/shibboleth2-sp: do not clobber/remove customizable files; rc.d script fixes Message-ID: <4D894792.9040705@ee.lbl.gov> Resent-Message-ID: <201103230110.p2N1A1uv010883@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 155876 >Category: ports >Synopsis: [PATCH] security/shibboleth2-sp: do not clobber/remove >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 23 01:10:00 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Craig Leres >Release: FreeBSD 7.2-RELEASE i386 >Organization: Lawrence Berkeley National Laboratory >Environment: FreeBSD lns.lbl.gov 7.2-RELEASE FreeBSD 7.2-RELEASE #5: Wed May 5 13:33:30 PDT 2010 leres@fun.ee.lbl.gov:/usr/src/7.2-RELEASE/sys/i386/compile/LBLSMP i386 >Description: On package installation, the shibboleth2-sp port clobbers configurable files. On un-installation, it removes them. Also, there are a number of problems with the rc.d script. It does not obey the shibboleth_sp_flags, shibboleth_sp_program or shibboleth_sp_pidfile rc.conf options. And the backgrounding (&) of shibd is not needed. >How-To-Repeat: >Fix: The attached patch always installs the .dist versions of config files and only installs the non-dist versions when they do not already exist. When the package is deleted, the non-dist versions are not removed if they have been changed. This allows the package to be uninstalled and reinstalled without trashing the config. The is also a patch for the rc.d script to honor rc.conf shibboleth_sp_* settings. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2JR5EACgkQWxlAhAje3Ju14QCfR5JNNPjA9p5i9r7qiGZrSaPg CwsAnijXP2/83SmFSSsgymsbFbStre7r =YfDh -----END PGP SIGNATURE----- --------------040500090704010309070004 Content-Type: text/plain; name="patch-Makefile" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch-Makefile" --- Makefile.orig 2010-12-04 00:49:02.000000000 -0800 +++ Makefile 2011-03-22 17:49:47.000000000 -0700 @@ -2,12 +2,12 @@ # Date created: 17 Sept2008 # Whom: Janos Mohacsi <janos.mohacsi@bsd.hu> # -# $FreeBSD: ports/security/shibboleth2-sp/Makefile,v 1.8 2010/12/04 07:33:31 ade Exp $ +# $FreeBSD$ # PORTNAME= shibboleth-sp PORTVERSION= 2.3.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security www MASTER_SITES= http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/${PORTVERSION}/ @@ -53,4 +53,31 @@ ${RM} ${WRKSRC}/aclocal.m4 @cd ${WRKSRC} && ${AUTORECONF} -fvi +SHIB_DISTFILES= \ + etc/shibboleth/accessError.html \ + etc/shibboleth/attribute-map.xml \ + etc/shibboleth/attribute-policy.xml \ + etc/shibboleth/bindingTemplate.html \ + etc/shibboleth/console.logger \ + etc/shibboleth/discoveryTemplate.html \ + etc/shibboleth/example-metadata.xml \ + etc/shibboleth/globalLogout.html \ + etc/shibboleth/localLogout.html \ + etc/shibboleth/metadataError.html \ + etc/shibboleth/native.logger \ + etc/shibboleth/partialLogout.html \ + etc/shibboleth/postTemplate.html \ + etc/shibboleth/sessionError.html \ + etc/shibboleth/shibboleth2.xml \ + etc/shibboleth/shibd.logger \ + etc/shibboleth/sslError.html \ + etc/shibboleth/syslog.logger + +post-install: + @for fn in ${SHIB_DISTFILES}; do \ + if [ ! -f ${PREFIX}/$${fn} ]; then \ + ${CP} -p ${PREFIX}/$${fn}.dist ${PREFIX}/$${fn} ; \ + fi \ + done + .include <bsd.port.post.mk> --------------040500090704010309070004 Content-Type: text/plain; name="patch-files-shibboleth-sp.in" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch-files-shibboleth-sp.in" --- files/shibboleth-sp.in.orig 2010-03-27 04:27:29.000000000 -0700 +++ files/shibboleth-sp.in 2011-03-22 17:28:11.000000000 -0700 @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: ports/security/shibboleth2-sp/files/shibboleth-sp.in,v 1.3 2010/03/27 00:14:48 dougb Exp $ +# $FreeBSD$ # # PROVIDE: shibboleth_sp # REQUIRE: DAEMON @@ -11,10 +11,10 @@ name="shibboleth_sp" rcvar=${name}_enable -[ -z "$shibboleth_sp_enable" ] && shibboleth_sp_enable="NO" -pidfile="/var/run/${name}.pid" -command="%%PREFIX%%/sbin/shibd" -start_cmd="${command} -f -p ${pidfile} &" - load_rc_config $name + +command=${shibboleth_sp_program:-%%PREFIX%%/sbin/shibd} +pidfile="${shibboleth_sp_pidfile:-/var/run/${name}.pid}" +command_args="-f -p ${pidfile}" + run_rc_command "$1" --------------040500090704010309070004 Content-Type: text/plain; name="patch-pkg-plist" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch-pkg-plist" --- pkg-plist.orig 2010-01-26 04:25:20.000000000 -0800 +++ pkg-plist 2011-03-22 17:46:56.000000000 -0700 @@ -1,37 +1,37 @@ bin/mdquery bin/resolvertest etc/shibboleth/metagen.sh -etc/shibboleth/native.logger +@unexec if cmp -s %D/etc/shibboleth/native.logger.dist %D/etc/shibboleth/native.logger; then rm -f %D/etc/shibboleth/native.logger; fi etc/shibboleth/native.logger.dist -etc/shibboleth/shibd.logger +@unexec if cmp -s %D/etc/shibboleth/shibd.logger.dist %D/etc/shibboleth/shibd.logger; then rm -f %D/etc/shibboleth/shibd.logger; fi etc/shibboleth/shibd.logger.dist -etc/shibboleth/shibboleth2.xml +@unexec if cmp -s %D/etc/shibboleth/shibboleth2.xml.dist %D/etc/shibboleth/shibboleth2.xml; then rm -f %D/etc/shibboleth/shibboleth2.xml; fi etc/shibboleth/shibboleth2.xml.dist -etc/shibboleth/attribute-map.xml +@unexec if cmp -s %D/etc/shibboleth/attribute-map.xml.dist %D/etc/shibboleth/attribute-map.xml; then rm -f %D/etc/shibboleth/attribute-map.xml; fi etc/shibboleth/attribute-map.xml.dist -etc/shibboleth/attribute-policy.xml +@unexec if cmp -s %D/etc/shibboleth/attribute-policy.xml.dist %D/etc/shibboleth/attribute-policy.xml; then rm -f %D/etc/shibboleth/attribute-policy.xml; fi etc/shibboleth/attribute-policy.xml.dist -etc/shibboleth/example-metadata.xml +@unexec if cmp -s %D/etc/shibboleth/example-metadata.xml.dist %D/etc/shibboleth/example-metadata.xml; then rm -f %D/etc/shibboleth/example-metadata.xml; fi etc/shibboleth/example-metadata.xml.dist -etc/shibboleth/console.logger +@unexec if cmp -s %D/etc/shibboleth/console.logger.dist %D/etc/shibboleth/console.logger; then rm -f %D/etc/shibboleth/console.logger; fi etc/shibboleth/console.logger.dist -etc/shibboleth/syslog.logger +@unexec if cmp -s %D/etc/shibboleth/syslog.logger.dist %D/etc/shibboleth/syslog.logger; then rm -f %D/etc/shibboleth/syslog.logger; fi etc/shibboleth/syslog.logger.dist -etc/shibboleth/accessError.html +@unexec if cmp -s %D/etc/shibboleth/accessError.html.dist %D/etc/shibboleth/accessError.html; then rm -f %D/etc/shibboleth/accessError.html; fi etc/shibboleth/accessError.html.dist -etc/shibboleth/sessionError.html +@unexec if cmp -s %D/etc/shibboleth/sessionError.html.dist %D/etc/shibboleth/sessionError.html; then rm -f %D/etc/shibboleth/sessionError.html; fi etc/shibboleth/sessionError.html.dist -etc/shibboleth/metadataError.html +@unexec if cmp -s %D/etc/shibboleth/metadataError.html.dist %D/etc/shibboleth/metadataError.html; then rm -f %D/etc/shibboleth/metadataError.html; fi etc/shibboleth/metadataError.html.dist -etc/shibboleth/bindingTemplate.html +@unexec if cmp -s %D/etc/shibboleth/bindingTemplate.html.dist %D/etc/shibboleth/bindingTemplate.html; then rm -f %D/etc/shibboleth/bindingTemplate.html; fi etc/shibboleth/bindingTemplate.html.dist -etc/shibboleth/discoveryTemplate.html +@unexec if cmp -s %D/etc/shibboleth/discoveryTemplate.html.dist %D/etc/shibboleth/discoveryTemplate.html; then rm -f %D/etc/shibboleth/discoveryTemplate.html; fi etc/shibboleth/discoveryTemplate.html.dist -etc/shibboleth/localLogout.html +@unexec if cmp -s %D/etc/shibboleth/localLogout.html.dist %D/etc/shibboleth/localLogout.html; then rm -f %D/etc/shibboleth/localLogout.html; fi etc/shibboleth/localLogout.html.dist -etc/shibboleth/globalLogout.html +@unexec if cmp -s %D/etc/shibboleth/globalLogout.html.dist %D/etc/shibboleth/globalLogout.html; then rm -f %D/etc/shibboleth/globalLogout.html; fi etc/shibboleth/globalLogout.html.dist -etc/shibboleth/sslError.html +@unexec if cmp -s %D/etc/shibboleth/sslError.html.dist %D/etc/shibboleth/sslError.html; then rm -f %D/etc/shibboleth/sslError.html; fi etc/shibboleth/sslError.html.dist etc/shibboleth/shibd-redhat etc/shibboleth/shibd-debian @@ -44,9 +44,9 @@ etc/shibboleth/upgrade.xsl etc/shibboleth/sp-key.pem etc/shibboleth/sp-cert.pem -etc/shibboleth/postTemplate.html +@unexec if cmp -s %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; then rm -f %D/etc/shibboleth/postTemplate.html; fi etc/shibboleth/postTemplate.html.dist -etc/shibboleth/partialLogout.html +@unexec if cmp -s %D/etc/shibboleth/partialLogout.html.dist %D/etc/shibboleth/partialLogout.html; then rm -f %D/etc/shibboleth/partialLogout.html; fi etc/shibboleth/partialLogout.html.dist include/shibsp/attribute/filtering/AttributeFilter.h include/shibsp/attribute/filtering/BasicFilteringContext.h --------------040500090704010309070004 Content-Type: application/octet-stream; name="patch-Makefile.sig" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="patch-Makefile.sig" iEYEABECAAYFAk2JR5EACgkQWxlAhAje3JsLWwCeIsbeLNVVS8H/rwTdiRehenz25e0An3v5 GcvyqPlm3PaMZ4ruQJ7eY/x6 --------------040500090704010309070004 Content-Type: application/octet-stream; name="patch-files-shibboleth-sp.in.sig" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="patch-files-shibboleth-sp.in.sig" iEYEABECAAYFAk2JR5EACgkQWxlAhAje3JvFlwCfWSGkIv5fBWMei9GDYIt3edfQZZ8An0Ok 2+OH58jpvfub+J1LnmP3xiDX --------------040500090704010309070004 Content-Type: application/octet-stream; name="patch-pkg-plist.sig" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="patch-pkg-plist.sig" iEYEABECAAYFAk2JR5EACgkQWxlAhAje3JvN7gCfT8QBXyIQtAYoHcusj6eNWTd4so4AoJM1 7KZ7Q0emov/42jI8g0yUEUm9 --------------040500090704010309070004-- >Release-Note: >Audit-Trail: >Unformatted: This is a multi-part message in MIME format. --------------040500090704010309070004 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 customizable files; rc.d script fixes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D894792.9040705>