summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabio Erculiani <lxnay@gentoo.org>2011-01-11 22:30:14 +0000
committerFabio Erculiani <lxnay@gentoo.org>2011-01-11 22:30:14 +0000
commite582a3b9c4b2ef57f53204a867255080ff374309 (patch)
tree23a54d459d93a11931ea018fb52ff3b2cf71005a /net-nds/389-admin
parentx86 stable, bug #350736 (diff)
downloadgentoo-2-e582a3b9c4b2ef57f53204a867255080ff374309.tar.gz
gentoo-2-e582a3b9c4b2ef57f53204a867255080ff374309.tar.bz2
gentoo-2-e582a3b9c4b2ef57f53204a867255080ff374309.zip
version bump
(Portage version: 2.1.9.28/cvs/Linux x86_64)
Diffstat (limited to 'net-nds/389-admin')
-rw-r--r--net-nds/389-admin/389-admin-1.1.13.ebuild169
-rw-r--r--net-nds/389-admin/ChangeLog12
-rw-r--r--net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch29
-rw-r--r--net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch69
4 files changed, 277 insertions, 2 deletions
diff --git a/net-nds/389-admin/389-admin-1.1.13.ebuild b/net-nds/389-admin/389-admin-1.1.13.ebuild
new file mode 100644
index 000000000000..c8b3c4affe0b
--- /dev/null
+++ b/net-nds/389-admin/389-admin-1.1.13.ebuild
@@ -0,0 +1,169 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/389-admin-1.1.13.ebuild,v 1.1 2011/01/11 22:30:13 lxnay Exp $
+
+EAPI="2"
+
+WANT_AUTOMAKE="1.9"
+
+MY_PV=${PV/_rc/.rc}
+MY_PV=${MY_PV/_a/.a}
+
+inherit eutils multilib autotools depend.apache
+
+DESCRIPTION="389 Directory Server (admin)"
+HOMEPAGE="http://port389.org/"
+SRC_URI="http://directory.fedoraproject.org/sources/${PN}-${MY_PV}.tar.bz2"
+
+LICENSE="GPL-2 Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug ipv6 selinux"
+
+# TODO snmp agent init script
+
+COMMON_DEPEND=">=app-admin/389-admin-console-1.1.0
+ >=app-admin/389-ds-console-1.1.0
+ app-misc/mime-types
+ dev-libs/389-adminutil
+ dev-libs/cyrus-sasl
+ dev-libs/icu
+ dev-libs/mozldap
+ dev-libs/nss[utils]
+ || ( <=dev-libs/nspr-4.8.3-r3[ipv6?] >=dev-libs/nspr-4.8.4 )
+ dev-libs/svrcore
+ net-analyzer/net-snmp[ipv6?]
+ selinux? (
+ sys-apps/checkpolicy
+ sys-apps/policycoreutils
+ sec-policy/selinux-base-policy
+ )
+ >=sys-libs/db-4.2.52
+ sys-libs/pam
+ sys-apps/tcp-wrappers[ipv6?]
+ www-apache/mod_nss
+ www-servers/apache:2[apache2_modules_actions,apache2_modules_alias,apache2_modules_auth_basic,apache2_modules_authz_default,apache2_modules_cgi,apache2_modules_mime_magic,apache2_modules_rewrite,apache2_modules_setenvif,suexec,threads]"
+RDEPEND="${COMMON_DEPEND} www-client/lynx"
+DEPEND="sys-apps/sed ${COMMON_DEPEND}"
+
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+need_apache2_2
+
+src_prepare() {
+ # as per 389 documentation, when 64bit, export USE_64
+ use amd64 && export USE_64=1
+
+ epatch "${FILESDIR}/1.1.11_rc1/0001-gentoo-apache-names.patch"
+ epatch "${FILESDIR}/1.1.11_rc1/0003-find-mod_nss.m4.patch"
+ epatch "${FILESDIR}/1.1.11_rc1/0004-rpath-fix.configure.ac.patch"
+ # Configuration fixes
+ epatch "${FILESDIR}/${PN}-cfgstuff-1.patch"
+
+ # 1.1.14 backports
+ epatch "${FILESDIR}/1.1.14_backports"/*.patch
+
+ sed -e "s!SUBDIRS!# SUBDIRS!g" -i Makefile.am || die "sed failed"
+ # Setup default user/group, in this case it's dirsrv
+ sed -e "s!nobody!dirsrv!g" -i configure.ac || die "sed failed"
+
+ eautoreconf
+}
+
+src_configure() {
+ # stub autoconf triplet :(
+ local myconf=""
+ use debug && myconf="--enable-debug"
+ use selinux && myconf="${myconf} --with-selinux"
+
+ econf \
+ --enable-threading \
+ --disable-rpath \
+ --with-fhs \
+ --with-apr-config \
+ --with-apxs=${APXS} \
+ --with-httpd=${APACHE_BIN} \
+ ${myconf} || die "econf failed"
+}
+
+src_install () {
+
+ emake DESTDIR="${D}" install || die "emake failed"
+ keepdir /var/log/dirsrv/admin-serv
+
+ # remove redhat style init script.
+ rm -rf "${D}"/etc/rc.d
+ rm -rf "${D}"/etc/default
+
+ # install gentoo style init script.
+ newinitd "${FILESDIR}"/${PN}.initd ${PN}
+ newconfd "${FILESDIR}"/${PN}.confd ${PN}
+
+ # remove redhat style wrapper scripts
+ # and install gentoo scripts.
+ rm -rf "${D}"/usr/sbin/*-ds-admin
+ dosbin "${FILESDIR}"/*-ds-admin || die "cannot install gentoo start/stop scripts"
+
+ # In this version build systems for modules is delete :(
+ # manually install modules, not using apache-modules eclass
+ # because use bindled library
+
+ # install mod_admserv
+ exeinto "${APACHE_MODULESDIR}"
+ doexe "${S}/.libs"/mod_admserv.so || die "internal ebuild error: mod_admserv not found"
+
+ insinto "${APACHE_MODULES_CONFDIR}"
+ newins "${FILESDIR}/1.1.11_rc1"/48_mod_admserv.conf 48_mod_admserv \
+ || die "internal ebuild error: 48_mod_admserv.conf not found"
+
+ # install mod_restard
+ exeinto "${APACHE_MODULESDIR}"
+ doexe "${S}/.libs"/mod_restartd.so || die "internal ebuild error: mod_restartd not found"
+
+ insinto "${APACHE_MODULES_CONFDIR}"
+ newins "${FILESDIR}/1.1.11_rc1"/48_mod_restartd.conf 48_mod_restartd \
+ || die "internal ebuild error: 48_mod_restard.conf not found"
+
+ if use selinux; then
+ local POLICY_TYPES="targeted"
+ cd "${S}"/selinux-build
+ cp /usr/share/selinux/${POLICY_TYPES}/include/Makefile .
+ make || die "selinux policy compile failed"
+ insinto /usr/share/selinux/${POLICY_TYPES}
+ doins -r "${S}/selinux-build/"*.pp
+ fi
+
+}
+
+pkg_postinst() {
+
+ # show setup information
+ elog "Once you configured www-servers/apache as written above,"
+ elog "you need to run (as root): /usr/sbin/setup-ds-admin.pl"
+ elog
+
+ # show security and sysctl info
+ elog "It is recommended to setup net.ipv4.tcp_keep_alive_time"
+ elog "in /etc/sysctl.conf (or via sysctl -w && sysctl -p) to a reasonable"
+ elog "value (in milliseconds) to avoid temporary server congestions"
+ elog "from lost client connections"
+ elog
+
+ # /etc/security/limits.conf settings
+ elog "It is also recommended to fine tune the maximum open files"
+ elog "settings inside /etc/security/limits.conf:"
+ elog "* soft nofile 2048"
+ elog "* hard nofile 4096"
+ elog
+
+ elog "To start 389 Directory Server Administration Interface at boot"
+ elog "please add 389-admin service to the default runlevel:"
+ elog
+ elog " rc-update add 389-admin default"
+ elog
+
+ elog "for 389 Directory Server Admin interface to work, you need"
+ elog "to setup a FQDN hostname and use it while running /usr/sbin/setup-ds-admin.pl"
+ elog
+
+}
diff --git a/net-nds/389-admin/ChangeLog b/net-nds/389-admin/ChangeLog
index 55c4e22bf1ca..3c0129f66df3 100644
--- a/net-nds/389-admin/ChangeLog
+++ b/net-nds/389-admin/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-nds/389-admin
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/ChangeLog,v 1.5 2010/11/12 06:36:48 lxnay Exp $
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/389-admin/ChangeLog,v 1.6 2011/01/11 22:30:13 lxnay Exp $
+
+*389-admin-1.1.13 (11 Jan 2011)
+
+ 11 Jan 2011; Fabio Erculiani <lxnay@gentoo.org>
+ +files/1.1.14_backports/0000-selinux-crash-fix.patch,
+ +389-admin-1.1.13.ebuild,
+ +files/1.1.14_backports/0001-ssl-segfault-fix.patch:
+ version bump
*389-admin-1.1.11_rc1-r1 (12 Nov 2010)
diff --git a/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch b/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch
new file mode 100644
index 000000000000..1917acd7aacd
--- /dev/null
+++ b/net-nds/389-admin/files/1.1.14_backports/0000-selinux-crash-fix.patch
@@ -0,0 +1,29 @@
+From 6d86721d58f9dd150c970f61911c8a8bc2c8c050 Mon Sep 17 00:00:00 2001
+From: Nathan Kinder <nkinder@redhat.com>
+Date: Tue, 4 Jan 2011 15:03:29 -0800
+Subject: [PATCH] Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
+
+On RHEL5, starting the dirsrv-admin service with SELinux enabled
+will cause httpd child processes to repeatedly crash. The context
+used by the dirsrv-admin start scripts needs some additional
+process capabilities to fix this problem.
+---
+ selinux/dirsrv-admin.te | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te
+index 51c2dc6..4c842d9 100644
+--- a/selinux/dirsrv-admin.te
++++ b/selinux/dirsrv-admin.te
+@@ -78,7 +78,7 @@ ifdef(`targeted_policy',`
+
+ # Needed for stop and restart scripts
+ dirsrv_read_var_run(dirsrvadmin_t)
+-allow dirsrvadmin_t httpd_t:process signal;
++allow dirsrvadmin_t httpd_t:process { signal siginh rlimitinh noatsecure };
+ allow dirsrvadmin_t httpd_var_run_t:file read_file_perms;
+
+ ########################################
+--
+1.5.5.6
+
diff --git a/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch b/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch
new file mode 100644
index 000000000000..f56b00253900
--- /dev/null
+++ b/net-nds/389-admin/files/1.1.14_backports/0001-ssl-segfault-fix.patch
@@ -0,0 +1,69 @@
+From f08ab2ae5a9ce1ed7d5187f5e93a7e7854faacf3 Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins@redhat.com>
+Date: Wed, 5 Jan 2011 15:47:28 -0700
+Subject: [PATCH] Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) required
+
+https://bugzilla.redhat.com/show_bug.cgi?id=664671
+Resolves: bug 664671
+Bug Description: Admin server segfault when full SSL access (http+ldap+console) required
+Reviewed by: ???
+Branch: master
+Fix Description: Do not call NSS_Shutdown in mod_admserv. It should always
+be called in mod_nss, after mod_admserv_unload is called. The only thing
+we need to do in mod_admserv_unload() is to clear the session cache to
+release any resources acquired by mod_admserv. mod_nss unload will take
+care of the rest.
+Platforms tested: RHEL5 i386
+Flag Day: no
+Doc impact: no
+---
+ mod_admserv/mod_admserv.c | 27 +++++++++++----------------
+ 1 files changed, 11 insertions(+), 16 deletions(-)
+
+diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
+index ec7397c..6f96669 100644
+--- a/mod_admserv/mod_admserv.c
++++ b/mod_admserv/mod_admserv.c
+@@ -2223,28 +2223,23 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog,
+ * NSS caches SSL client session information - this cache must be cleared, otherwise
+ * NSS_Shutdown will give an error. mod_nss also does this (along with the NSS_Shutdown)
+ * It is ok to call SSL_ClearSessionCache multiple times.
++ * The actual NSS_Shutdown is done in mod_nss. Note that we cannot call NSS_Shutdown
++ * here - if NSS_Shutdown fails because mod_nss still has server caches referenced,
++ * NSS will be left in a bad state - it won't really be shutdown because of the outstanding
++ * references, but NSS_IsInitialized will return false, and NSS_Initialize will fail.
++ * So we must be careful here to just release any references we have.
++ * The assumption here is that mod_nss is loaded before mod_admserv (which will usually
++ * happen since it is listed first in the httpd.conf) - but note that module unload
++ * happens in _reverse_ order - so mod_admserv_unload will be called _before_ the
++ * mod_nss unload function. If this ever changes, we will need to figure out some other
++ * way to ensure that NSS_Shutdown is only ever called once, and only after all caches
++ * and other resources have been released.
+ */
+ static
+ apr_status_t mod_admserv_unload(void *data)
+ {
+ if (NSS_IsInitialized()) {
+- SECStatus status;
+ SSL_ClearSessionCache();
+- status = NSS_Shutdown();
+- if (status != SECSuccess) {
+- PRErrorCode prerr = PR_GetError();
+- if (prerr == SEC_ERROR_NOT_INITIALIZED) {
+- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+- "Unable to shutdown NSS - not initialized");
+- } else if (prerr == SEC_ERROR_BUSY) {
+- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+- "Unable to shutdown NSS - still busy - assume mod_nss is holding references - continuing");
+- } else {
+- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
+- "Unable to shutdown NSS - [%d:%s]",
+- prerr, SSL_Strerror(prerr));
+- }
+- }
+ }
+ return OK;
+ }
+--
+1.5.5.6
+