diff options
| -rw-r--r-- | net-nds/389-admin/389-admin-1.1.13.ebuild | 169 | ||||
| -rw-r--r-- | net-nds/389-admin/ChangeLog | 12 | ||||
| -rw-r--r-- | net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch | 29 | ||||
| -rw-r--r-- | net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch | 69 |
4 files changed, 277 insertions, 2 deletions
diff --git a/net-nds/389-admin/389-admin-1.1.13.ebuild b/net-nds/389-admin/389-admin-1.1.13.ebuild new file mode 100644 index 000000000000..c8b3c4affe0b --- /dev/null +++ b/net-nds/389-admin/389-admin-1.1.13.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/389-admin-1.1.13.ebuild,v 1.1 2011/01/11 22:30:13 lxnay Exp $ + +EAPI="2" + +WANT_AUTOMAKE="1.9" + +MY_PV=${PV/_rc/.rc} +MY_PV=${MY_PV/_a/.a} + +inherit eutils multilib autotools depend.apache + +DESCRIPTION="389 Directory Server (admin)" +HOMEPAGE="http://port389.org/" +SRC_URI="http://directory.fedoraproject.org/sources/${PN}-${MY_PV}.tar.bz2" + +LICENSE="GPL-2 Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug ipv6 selinux" + +# TODO snmp agent init script + +COMMON_DEPEND=">=app-admin/389-admin-console-1.1.0 + >=app-admin/389-ds-console-1.1.0 + app-misc/mime-types + dev-libs/389-adminutil + dev-libs/cyrus-sasl + dev-libs/icu + dev-libs/mozldap + dev-libs/nss[utils] + || ( <=dev-libs/nspr-4.8.3-r3[ipv6?] >=dev-libs/nspr-4.8.4 ) + dev-libs/svrcore + net-analyzer/net-snmp[ipv6?] + selinux? ( + sys-apps/checkpolicy + sys-apps/policycoreutils + sec-policy/selinux-base-policy + ) + >=sys-libs/db-4.2.52 + sys-libs/pam + sys-apps/tcp-wrappers[ipv6?] + www-apache/mod_nss + www-servers/apache:2[apache2_modules_actions,apache2_modules_alias,apache2_modules_auth_basic,apache2_modules_authz_default,apache2_modules_cgi,apache2_modules_mime_magic,apache2_modules_rewrite,apache2_modules_setenvif,suexec,threads]" +RDEPEND="${COMMON_DEPEND} www-client/lynx" +DEPEND="sys-apps/sed ${COMMON_DEPEND}" + +S="${WORKDIR}/${PN}-${MY_PV}" + +need_apache2_2 + +src_prepare() { + # as per 389 documentation, when 64bit, export USE_64 + use amd64 && export USE_64=1 + + epatch "${FILESDIR}/1.1.11_rc1/0001-gentoo-apache-names.patch" + epatch "${FILESDIR}/1.1.11_rc1/0003-find-mod_nss.m4.patch" + epatch "${FILESDIR}/1.1.11_rc1/0004-rpath-fix.configure.ac.patch" + # Configuration fixes + epatch "${FILESDIR}/${PN}-cfgstuff-1.patch" + + # 1.1.14 backports + epatch "${FILESDIR}/1.1.14_backports"/*.patch + + sed -e "s!SUBDIRS!# SUBDIRS!g" -i Makefile.am || die "sed failed" + # Setup default user/group, in this case it's dirsrv + sed -e "s!nobody!dirsrv!g" -i configure.ac || die "sed failed" + + eautoreconf +} + +src_configure() { + # stub autoconf triplet :( + local myconf="" + use debug && myconf="--enable-debug" + use selinux && myconf="${myconf} --with-selinux" + + econf \ + --enable-threading \ + --disable-rpath \ + --with-fhs \ + --with-apr-config \ + --with-apxs=${APXS} \ + --with-httpd=${APACHE_BIN} \ + ${myconf} || die "econf failed" +} + +src_install () { + + emake DESTDIR="${D}" install || die "emake failed" + keepdir /var/log/dirsrv/admin-serv + + # remove redhat style init script. + rm -rf "${D}"/etc/rc.d + rm -rf "${D}"/etc/default + + # install gentoo style init script. + newinitd "${FILESDIR}"/${PN}.initd ${PN} + newconfd "${FILESDIR}"/${PN}.confd ${PN} + + # remove redhat style wrapper scripts + # and install gentoo scripts. + rm -rf "${D}"/usr/sbin/*-ds-admin + dosbin "${FILESDIR}"/*-ds-admin || die "cannot install gentoo start/stop scripts" + + # In this version build systems for modules is delete :( + # manually install modules, not using apache-modules eclass + # because use bindled library + + # install mod_admserv + exeinto "${APACHE_MODULESDIR}" + doexe "${S}/.libs"/mod_admserv.so || die "internal ebuild error: mod_admserv not found" + + insinto "${APACHE_MODULES_CONFDIR}" + newins "${FILESDIR}/1.1.11_rc1"/48_mod_admserv.conf 48_mod_admserv \ + || die "internal ebuild error: 48_mod_admserv.conf not found" + + # install mod_restard + exeinto "${APACHE_MODULESDIR}" + doexe "${S}/.libs"/mod_restartd.so || die "internal ebuild error: mod_restartd not found" + + insinto "${APACHE_MODULES_CONFDIR}" + newins "${FILESDIR}/1.1.11_rc1"/48_mod_restartd.conf 48_mod_restartd \ + || die "internal ebuild error: 48_mod_restard.conf not found" + + if use selinux; then + local POLICY_TYPES="targeted" + cd "${S}"/selinux-build + cp /usr/share/selinux/${POLICY_TYPES}/include/Makefile . + make || die "selinux policy compile failed" + insinto /usr/share/selinux/${POLICY_TYPES} + doins -r "${S}/selinux-build/"*.pp + fi + +} + +pkg_postinst() { + + # show setup information + elog "Once you configured www-servers/apache as written above," + elog "you need to run (as root): /usr/sbin/setup-ds-admin.pl" + elog + + # show security and sysctl info + elog "It is recommended to setup net.ipv4.tcp_keep_alive_time" + elog "in /etc/sysctl.conf (or via sysctl -w && sysctl -p) to a reasonable" + elog "value (in milliseconds) to avoid temporary server congestions" + elog "from lost client connections" + elog + + # /etc/security/limits.conf settings + elog "It is also recommended to fine tune the maximum open files" + elog "settings inside /etc/security/limits.conf:" + elog "* soft nofile 2048" + elog "* hard nofile 4096" + elog + + elog "To start 389 Directory Server Administration Interface at boot" + elog "please add 389-admin service to the default runlevel:" + elog + elog " rc-update add 389-admin default" + elog + + elog "for 389 Directory Server Admin interface to work, you need" + elog "to setup a FQDN hostname and use it while running /usr/sbin/setup-ds-admin.pl" + elog + +} diff --git a/net-nds/389-admin/ChangeLog b/net-nds/389-admin/ChangeLog index 55c4e22bf1ca..3c0129f66df3 100644 --- a/net-nds/389-admin/ChangeLog +++ b/net-nds/389-admin/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-nds/389-admin -# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/ChangeLog,v 1.5 2010/11/12 06:36:48 lxnay Exp $ +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/ChangeLog,v 1.6 2011/01/11 22:30:13 lxnay Exp $ + +*389-admin-1.1.13 (11 Jan 2011) + + 11 Jan 2011; Fabio Erculiani <lxnay@gentoo.org> + +files/1.1.14_backports/0000-selinux-crash-fix.patch, + +389-admin-1.1.13.ebuild, + +files/1.1.14_backports/0001-ssl-segfault-fix.patch: + version bump *389-admin-1.1.11_rc1-r1 (12 Nov 2010) diff --git a/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch b/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch new file mode 100644 index 000000000000..1917acd7aacd --- /dev/null +++ b/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch @@ -0,0 +1,29 @@ +From 6d86721d58f9dd150c970f61911c8a8bc2c8c050 Mon Sep 17 00:00:00 2001 +From: Nathan Kinder <nkinder@redhat.com> +Date: Tue, 4 Jan 2011 15:03:29 -0800 +Subject: [PATCH] Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled + +On RHEL5, starting the dirsrv-admin service with SELinux enabled +will cause httpd child processes to repeatedly crash. The context +used by the dirsrv-admin start scripts needs some additional +process capabilities to fix this problem. +--- + selinux/dirsrv-admin.te | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te +index 51c2dc6..4c842d9 100644 +--- a/selinux/dirsrv-admin.te ++++ b/selinux/dirsrv-admin.te +@@ -78,7 +78,7 @@ ifdef(`targeted_policy',` + + # Needed for stop and restart scripts + dirsrv_read_var_run(dirsrvadmin_t) +-allow dirsrvadmin_t httpd_t:process signal; ++allow dirsrvadmin_t httpd_t:process { signal siginh rlimitinh noatsecure }; + allow dirsrvadmin_t httpd_var_run_t:file read_file_perms; + + ######################################## +-- +1.5.5.6 + diff --git a/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch b/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch new file mode 100644 index 000000000000..f56b00253900 --- /dev/null +++ b/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch @@ -0,0 +1,69 @@ +From f08ab2ae5a9ce1ed7d5187f5e93a7e7854faacf3 Mon Sep 17 00:00:00 2001 +From: Rich Megginson <rmeggins@redhat.com> +Date: Wed, 5 Jan 2011 15:47:28 -0700 +Subject: [PATCH] Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) required + +https://bugzilla.redhat.com/show_bug.cgi?id=664671 +Resolves: bug 664671 +Bug Description: Admin server segfault when full SSL access (http+ldap+console) required +Reviewed by: ??? +Branch: master +Fix Description: Do not call NSS_Shutdown in mod_admserv. It should always +be called in mod_nss, after mod_admserv_unload is called. The only thing +we need to do in mod_admserv_unload() is to clear the session cache to +release any resources acquired by mod_admserv. mod_nss unload will take +care of the rest. +Platforms tested: RHEL5 i386 +Flag Day: no +Doc impact: no +--- + mod_admserv/mod_admserv.c | 27 +++++++++++---------------- + 1 files changed, 11 insertions(+), 16 deletions(-) + +diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c +index ec7397c..6f96669 100644 +--- a/mod_admserv/mod_admserv.c ++++ b/mod_admserv/mod_admserv.c +@@ -2223,28 +2223,23 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog, + * NSS caches SSL client session information - this cache must be cleared, otherwise + * NSS_Shutdown will give an error. mod_nss also does this (along with the NSS_Shutdown) + * It is ok to call SSL_ClearSessionCache multiple times. ++ * The actual NSS_Shutdown is done in mod_nss. Note that we cannot call NSS_Shutdown ++ * here - if NSS_Shutdown fails because mod_nss still has server caches referenced, ++ * NSS will be left in a bad state - it won't really be shutdown because of the outstanding ++ * references, but NSS_IsInitialized will return false, and NSS_Initialize will fail. ++ * So we must be careful here to just release any references we have. ++ * The assumption here is that mod_nss is loaded before mod_admserv (which will usually ++ * happen since it is listed first in the httpd.conf) - but note that module unload ++ * happens in _reverse_ order - so mod_admserv_unload will be called _before_ the ++ * mod_nss unload function. If this ever changes, we will need to figure out some other ++ * way to ensure that NSS_Shutdown is only ever called once, and only after all caches ++ * and other resources have been released. + */ + static + apr_status_t mod_admserv_unload(void *data) + { + if (NSS_IsInitialized()) { +- SECStatus status; + SSL_ClearSessionCache(); +- status = NSS_Shutdown(); +- if (status != SECSuccess) { +- PRErrorCode prerr = PR_GetError(); +- if (prerr == SEC_ERROR_NOT_INITIALIZED) { +- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, +- "Unable to shutdown NSS - not initialized"); +- } else if (prerr == SEC_ERROR_BUSY) { +- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, +- "Unable to shutdown NSS - still busy - assume mod_nss is holding references - continuing"); +- } else { +- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, +- "Unable to shutdown NSS - [%d:%s]", +- prerr, SSL_Strerror(prerr)); +- } +- } + } + return OK; + } +-- +1.5.5.6 + |