diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-firewall/nufw/files |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-firewall/nufw/files')
-rw-r--r-- | net-firewall/nufw/files/nuauth-conf.d | 2 | ||||
-rw-r--r-- | net-firewall/nufw/files/nuauth-init.d | 27 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch | 103 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-2.2.22-var-run.patch | 45 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-conf.d | 2 | ||||
-rw-r--r-- | net-firewall/nufw/files/nufw-init.d | 17 |
6 files changed, 196 insertions, 0 deletions
diff --git a/net-firewall/nufw/files/nuauth-conf.d b/net-firewall/nufw/files/nuauth-conf.d new file mode 100644 index 000000000000..1ac750cf49fd --- /dev/null +++ b/net-firewall/nufw/files/nuauth-conf.d @@ -0,0 +1,2 @@ +# configuration file for /etc/init.d/nuauth +NUAUTH_OPTIONS="" diff --git a/net-firewall/nufw/files/nuauth-init.d b/net-firewall/nufw/files/nuauth-init.d new file mode 100644 index 000000000000..db9c10b8a0d5 --- /dev/null +++ b/net-firewall/nufw/files/nuauth-init.d @@ -0,0 +1,27 @@ +#!/sbin/openrc-run + +depend() { + before net +} + +checkconfig() { + if [ ! -e /etc/nufw/nuauth.conf ]; then + eerror "You need a /etc/nufw/nuauth.conf file to run nuauth" + eerror "There is sample file in /usr/share/doc/nufw-version/" + return 1 + fi +} + +start() { + checkpath -d /run/nuauth + checkconfig || return 1 + ebegin "Starting nuauth" + start-stop-daemon --start --quiet --exec /usr/sbin/nuauth -- -D ${NUAUTH_OPTIONS} + eend $? +} + +stop() { + ebegin "Stopping nuauth" + start-stop-daemon --stop --quiet --pidfile /run/nuauth/nuauth.pid + eend $? +} diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch new file mode 100644 index 000000000000..e75d2b3fd61d --- /dev/null +++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch @@ -0,0 +1,103 @@ +From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev <alon.barlev@gmail.com> +Date: Sat, 4 Mar 2017 01:00:40 +0200 +Subject: [PATCH] ssl: drop call of deprecated + gnutls_certificate_type_set_priority() + +CTYPE-X.509 is the default value. Closes: #624077 + +Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> +--- + src/clients/lib/libnuclient.c | 15 ++------------- + src/nufw/tls.c | 14 -------------- + 2 files changed, 2 insertions(+), 27 deletions(-) + +diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c +index 917e75a..6e78c96 100644 +--- a/src/clients/lib/libnuclient.c ++++ b/src/clients/lib/libnuclient.c +@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; + # define DH_BITS 1024 + #endif + +-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; +- +- + void nu_exit_clean(nuauth_session_t * session) + { + if (session->ct) { +@@ -270,7 +267,7 @@ int check_key_perms(const char* filename) + return 1; + } + +-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st) ++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st) + { + printf("TLS error: server requests certificate, none configured\n"); + return 0; +@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session, + SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR); + return 0; + } +- gnutls_certificate_client_set_retrieve_function(session->cred, ++ gnutls_certificate_set_retrieve_function(session->cred, + &_cb_request_cert); + } + +@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session) + return 0; + } + +- ret = +- gnutls_certificate_type_set_priority(session->tls, +- cert_type_priority); +- if (ret < 0) { +- return 0; +- } + return 1; + } + +@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session) + gnutls_deinit(session->tls); + gnutls_init(&session->tls, GNUTLS_CLIENT); + gnutls_set_default_priority(session->tls); +- gnutls_certificate_type_set_priority(session->tls, +- cert_type_priority); + session->need_set_cred = 1; + + /* close socket */ +diff --git a/src/nufw/tls.c b/src/nufw/tls.c +index e7223eb..2d46820 100644 +--- a/src/nufw/tls.c ++++ b/src/nufw/tls.c +@@ -506,8 +506,6 @@ void tls_connect() + gnutls_session *tls_session; + int tls_socket, ret; + #if USE_X509 +- const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 }; +- + tls.session = NULL; + + /* compute patch key_file */ +@@ -655,18 +653,6 @@ void tls_connect() + return; + } + #if USE_X509 +- ret = gnutls_certificate_type_set_priority(*(tls_session), +- cert_type_priority); +- if (ret < 0) { +- log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING, +- "TLS: gnutls_certificate_type_set_priority() failed: %s", +- gnutls_strerror(ret)); +- gnutls_certificate_free_credentials(tls.xcred); +- gnutls_deinit(*tls_session); +- free(tls_session); +- return; +- } +- + /* put the x509 credentials to the current session */ + ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE, + tls.xcred); +-- +2.10.2 + diff --git a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch new file mode 100644 index 000000000000..f6bcc95e0006 --- /dev/null +++ b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch @@ -0,0 +1,45 @@ +--- a/src/nuauth/auth_srv.h ++++ b/src/nuauth/auth_srv.h +@@ -162,7 +162,7 @@ + #ifdef S_SPLINT_S + # define NUAUTH_PID_FILE "/usr/local/var/run/nuauth/nuauth.pid" + #else +-# define NUAUTH_PID_FILE LOCAL_STATE_DIR "/run/nuauth/nuauth.pid" ++# define NUAUTH_PID_FILE "/run/nuauth/nuauth.pid" + #endif + + /* define the number of threads that will do user check */ +--- a/src/nuauth/command.c ++++ b/src/nuauth/command.c +@@ -26,7 +26,7 @@ + #include <sys/un.h> /* unix socket */ + #include <sys/stat.h> /* fchmod() */ + +-#define SOCKET_FILENAME LOCAL_STATE_DIR "/run/nuauth/nuauth-command.socket" ++#define SOCKET_FILENAME "/run/nuauth/nuauth-command.socket" + + const char* COMMAND_HELP = + "version: display nuauth version\n" +--- a/src/nufw/main.c ++++ b/src/nufw/main.c +@@ -54,7 +54,7 @@ + + /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined + * during compilation/installation) */ +-#define NUFW_PID_FILE LOCAL_STATE_DIR "/run/nufw.pid" ++#define NUFW_PID_FILE "/run/nufw.pid" + + /** + * Stop threads and then wait until threads exit. +--- a/src/nuauth/Makefile.am ++++ b/src/nuauth/Makefile.am +@@ -26,9 +26,6 @@ + + nuauth_LDADD = $(GLIB_LIBS) -lm -lgnutls -lsasl2 -lnufw -L$(top_builddir)/src/include/ + +-install-exec-local: +- install -d "$(DESTDIR)$(localstatedir)/run/nuauth/" +- + nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES) + @rm -f nuauth$(EXEEXT) + $(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD) diff --git a/net-firewall/nufw/files/nufw-conf.d b/net-firewall/nufw/files/nufw-conf.d new file mode 100644 index 000000000000..b2ea527744ec --- /dev/null +++ b/net-firewall/nufw/files/nufw-conf.d @@ -0,0 +1,2 @@ +# configuration file for /etc/init.d/nufw +NUFW_OPTIONS="-k /etc/nufw/nufw.key -c /etc/nufw/nufw.pem -d 127.0.0.1 -p 4129" diff --git a/net-firewall/nufw/files/nufw-init.d b/net-firewall/nufw/files/nufw-init.d new file mode 100644 index 000000000000..fd97dd408c7b --- /dev/null +++ b/net-firewall/nufw/files/nufw-init.d @@ -0,0 +1,17 @@ +#!/sbin/openrc-run + +depend() { + before net +} + +start() { + ebegin "Starting nufw" + start-stop-daemon --start --quiet --exec /usr/sbin/nufw -- -D ${NUFW_OPTIONS} + eend $? +} + +stop() { + ebegin "Stopping nufw" + start-stop-daemon --stop --quiet --pidfile /run/nufw.pid + eend $? +} |