Changes - j0ke.net Open Build Service

Changes of Revision 30

[-] [+]	Changed	csync2.spec
@@ -69,6 +69,7 @@ %prep %setup +%patch0 #patch1 #patch2 @@ -76,7 +77,6 @@ %{?suse_update_config:%{suse_update_config}} autoreconf -fi -%patch0 %build export CFLAGS="$RPM_OPT_FLAGS -I/usr/kerberos/include" @@ -122,8 +122,10 @@ mv ${DB} ${DB}.rpmsave # migrate sqlite2 databases to sqlite3 if [ -x %{_sbindir}/csync2-sqlite2 ] && [ -x %{_bindir}/sqlite3 ] ; then - %{_sbindir}/csync2-sqlite2 ${DB}.rpmsave .dump \| %{_bindir}/sqlite3 ${DB} + %{_sbindir}/csync2-sqlite2 ${DB}.rpmsave .dump \| %{_bindir}/sqlite3 ${DB}3 fi + elif [ ! -f ${DB}3 ] ; then + mv ${DB} ${DB}3 fi done fi
[-] [+]	Added	csync2-1.34-gnutls.patch ^
@@ -0,0 +1,279 @@ +Fixes build with >=net-libs/gnutls-2.7.1 + +http://bugs.gentoo.org/show_bug.cgi?id=274213 + +--- conn.c ++++ conn.c +@@ -32,7 +32,7 @@ + + #ifdef HAVE_LIBGNUTLS_OPENSSL + # include <gnutls/gnutls.h> +-# include <gnutls/openssl.h> ++# include <gnutls/x509.h> + #endif + + int conn_fd_in = -1; +@@ -42,9 +42,8 @@ + #ifdef HAVE_LIBGNUTLS_OPENSSL + int csync_conn_usessl = 0; + +-SSL_METHOD conn_ssl_meth; +-SSL_CTX conn_ssl_ctx; +-SSL conn_ssl; ++static gnutls_session_t conn_tls_session; ++static gnutls_certificate_credentials_t conn_x509_cred; + #endif + + int conn_open(const char peername) +@@ -112,41 +111,104 @@ + + #ifdef HAVE_LIBGNUTLS_OPENSSL + +-char ssl_keyfile = ETCDIR "/csync2_ssl_key.pem"; +-char ssl_certfile = ETCDIR "/csync2_ssl_cert.pem"; ++static void ssl_log(int level, const char* msg) ++{ csync_debug(level, "%s", msg); } ++ ++static const char ssl_keyfile = ETCDIR "/csync2_ssl_key.pem"; ++static const char ssl_certfile = ETCDIR "/csync2_ssl_cert.pem"; + + int conn_activate_ssl(int server_role) + { +- static int sslinit = 0; ++ gnutls_alert_description_t alrt; ++ int err; + + if (csync_conn_usessl) + return 0; + +- if (!sslinit) { +- SSL_load_error_strings(); +- SSL_library_init(); +- sslinit=1; ++ gnutls_global_init(); ++ gnutls_global_set_log_function(ssl_log); ++ gnutls_global_set_log_level(10); ++ ++ gnutls_certificate_allocate_credentials(&conn_x509_cred); ++ ++ err = gnutls_certificate_set_x509_key_file(conn_x509_cred, ssl_certfile, ssl_keyfile, GNUTLS_X509_FMT_PEM); ++ if(err != GNUTLS_E_SUCCESS) { ++ gnutls_certificate_free_credentials(conn_x509_cred); ++ gnutls_global_deinit(); ++ ++ csync_fatal( ++ "SSL: failed to use key file %s and/or certificate file %s: %s (%s)\n", ++ ssl_keyfile, ++ ssl_certfile, ++ gnutls_strerror(err), ++ gnutls_strerror_name(err) ++ ); + } + +- conn_ssl_meth = (server_role ? SSLv23_server_method : SSLv23_client_method)(); +- conn_ssl_ctx = SSL_CTX_new(conn_ssl_meth); +- +- if (SSL_CTX_use_PrivateKey_file(conn_ssl_ctx, ssl_keyfile, SSL_FILETYPE_PEM) <= 0) +- csync_fatal("SSL: failed to use key file %s.\n", ssl_keyfile); +- +- if (SSL_CTX_use_certificate_file(conn_ssl_ctx, ssl_certfile, SSL_FILETYPE_PEM) <= 0) +- csync_fatal("SSL: failed to use certificate file %s.\n", ssl_certfile); ++ if(server_role) { ++ gnutls_certificate_free_cas(conn_x509_cred); + +- if (! (conn_ssl = SSL_new(conn_ssl_ctx)) ) +- csync_fatal("Creating a new SSL handle failed.\n"); +- +- gnutls_certificate_server_set_request(conn_ssl->gnutls_state, GNUTLS_CERT_REQUIRE); ++ if(gnutls_certificate_set_x509_trust_file(conn_x509_cred, ssl_certfile, GNUTLS_X509_FMT_PEM) < 1) { ++ gnutls_certificate_free_credentials(conn_x509_cred); ++ gnutls_global_deinit(); ++ ++ csync_fatal( ++ "SSL: failed to use certificate file %s as CA.\n", ++ ssl_certfile ++ ); ++ } ++ } else ++ gnutls_certificate_free_ca_names(conn_x509_cred); + +- SSL_set_rfd(conn_ssl, conn_fd_in); +- SSL_set_wfd(conn_ssl, conn_fd_out); ++ gnutls_init(&conn_tls_session, (server_role ? GNUTLS_SERVER : GNUTLS_CLIENT)); ++ gnutls_priority_set_direct(conn_tls_session, "PERFORMANCE", NULL); ++ gnutls_credentials_set(conn_tls_session, GNUTLS_CRD_CERTIFICATE, conn_x509_cred); ++ ++ if(server_role) { ++ gnutls_certificate_send_x509_rdn_sequence(conn_tls_session, 0); ++ gnutls_certificate_server_set_request(conn_tls_session, GNUTLS_CERT_REQUIRE); ++ } + +- if ( (server_role ? SSL_accept : SSL_connect)(conn_ssl) < 1 ) +- csync_fatal("Establishing SSL connection failed.\n"); ++ gnutls_transport_set_ptr2( ++ conn_tls_session, ++ (gnutls_transport_ptr_t)conn_fd_in, ++ (gnutls_transport_ptr_t)conn_fd_out ++ ); ++ ++ err = gnutls_handshake(conn_tls_session); ++ switch(err) { ++ case GNUTLS_E_SUCCESS: ++ break; ++ ++ case GNUTLS_E_WARNING_ALERT_RECEIVED: ++ alrt = gnutls_alert_get(conn_tls_session); ++ fprintf( ++ csync_debug_out, ++ "SSL: warning alert received from peer: %d (%s).\n", ++ alrt, gnutls_alert_get_name(alrt) ++ ); ++ break; ++ ++ case GNUTLS_E_FATAL_ALERT_RECEIVED: ++ alrt = gnutls_alert_get(conn_tls_session); ++ fprintf( ++ csync_debug_out, ++ "SSL: fatal alert received from peer: %d (%s).\n", ++ alrt, gnutls_alert_get_name(alrt) ++ ); ++ ++ default: ++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); ++ gnutls_deinit(conn_tls_session); ++ gnutls_certificate_free_credentials(conn_x509_cred); ++ gnutls_global_deinit(); ++ ++ csync_fatal( ++ "SSL: handshake failed: %s (%s)\n", ++ gnutls_strerror(err), ++ gnutls_strerror_name(err) ++ ); ++ } + + csync_conn_usessl = 1; + +@@ -155,15 +217,15 @@ + + int conn_check_peer_cert(const char peername, int callfatal) + { +- const X509 peercert; ++ const gnutls_datum_t peercerts; ++ unsigned npeercerts; + int i, cert_is_ok = -1; + + if (!csync_conn_usessl) + return 1; + +- peercert = SSL_get_peer_certificate(conn_ssl); +- +- if (!peercert \|\| peercert->size <= 0) { ++ peercerts = gnutls_certificate_get_peers(conn_tls_session, &npeercerts); ++ if(peercerts == NULL \|\| npeercerts == 0) { + if (callfatal) + csync_fatal("Peer did not provide an SSL X509 cetrificate.\n"); + csync_debug(1, "Peer did not provide an SSL X509 cetrificate.\n"); +@@ -171,11 +233,11 @@ + } + + { +- char certdata[peercert->size2 + 1]; ++ char certdata[2peercerts[0].size + 1]; + +- for (i=0; i<peercert->size; i++) +- sprintf(certdata+i2, "%02X", peercert->data[i]); +- certdata[peercert->size2] = 0; ++ for (i=0; i<peercerts[0].size; i++) ++ sprintf(&certdata[2i], "%02X", peercerts[0].data[i]); ++ certdata[2*i] = 0; + + SQL_BEGIN("Checking peer x509 certificate.", + "SELECT certdata FROM x509_cert WHERE peername = '%s'", +@@ -222,7 +284,12 @@ + if ( !conn_clisok ) return -1; + + #ifdef HAVE_LIBGNUTLS_OPENSSL +- if ( csync_conn_usessl ) SSL_free(conn_ssl); ++ if ( csync_conn_usessl ) { ++ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); ++ gnutls_deinit(conn_tls_session);
[-] [+]	Changed	csync2-1.34.99-gnutls.patch ^
@@ -9,15 +9,14 @@ conn_printf("SSL\n"); if ( read_conn_status(0, peername) ) { csync_debug(1, "SSL command failed.\n"); ---- config.h.in.orig 2010-07-27 20:02:37.974736774 +0200 -+++ config.h.in 2010-07-27 20:02:47.594734776 +0200 -@@ -9,6 +9,9 @@ - /* Define to 1 if you have the `sqlite3' library (-lsqlite3). / - #undef HAVE_LIBSQLITE3 - -+/ Define for gnutls / -+#undef HAVE_LIBGNUTTLS -+ - / Name of package */ - #undef PACKAGE - +--- configure.ac.orig 2010-07-28 22:09:01.548845860 +0200 ++++ configure.ac 2010-07-28 22:11:02.560504635 +0200 +@@ -79,7 +79,7 @@ + then + # Check for gnuTLS. + AM_PATH_LIBGNUTLS(1.0.0, , [ AC_MSG_ERROR([[gnutls not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]]) ]) +- ++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls] , [AC_DEFINE(HAVE_LIBGNUTLS, 1, [Define to 1 if GnuTLS is available])]) + ## This is a bloody hack for fedora core + CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS" + LIBS="$LIBS $LIBGNUTLS_LIBS -ltasn1"