diff options
| -rw-r--r-- | buildtools/build-freebsd-ports.py | 204 | ||||
| -rw-r--r-- | buildtools/freebsd-skeleton/rpki-ca/Makefile | 20 | ||||
| -rw-r--r-- | buildtools/freebsd-skeleton/rpki-ca/pkg-plist | 0 | ||||
| -rw-r--r-- | buildtools/freebsd-skeleton/rpki-ca/pkg-upgrade | 18 | ||||
| -rw-r--r-- | buildtools/freebsd-skeleton/rpki-rp/Makefile | 30 | ||||
| -rw-r--r-- | buildtools/freebsd-skeleton/rpki-rp/pkg-plist | 0 | ||||
| -rw-r--r-- | buildtools/freebsd-skeleton/rpki-rp/pkg-upgrade | 18 | ||||
| -rwxr-xr-x | configure | 38 | ||||
| -rw-r--r-- | configure.ac | 28 | ||||
| -rw-r--r-- | rcynic/rcynic.c | 2 | ||||
| -rw-r--r-- | rpkid/portal-gui/scripts/rpkigui-reset-demo.py | 9 | ||||
| -rw-r--r-- | rpkid/rpki/gui/app/glue.py | 26 | ||||
| -rw-r--r-- | rpkid/setup.py | 8 | ||||
| -rw-r--r-- | utils/hashdir/hashdir.c | 1 | ||||
| -rw-r--r-- | utils/print_roa/print_roa.c | 4 | ||||
| -rw-r--r-- | utils/scan_roas/scan_roas.c | 5 |
16 files changed, 207 insertions, 204 deletions
diff --git a/buildtools/build-freebsd-ports.py b/buildtools/build-freebsd-ports.py index b560498c..c422f02f 100644 --- a/buildtools/build-freebsd-ports.py +++ b/buildtools/build-freebsd-ports.py @@ -1,46 +1,64 @@ -# Construct FreeBSD ports templates given the name of a Subversion -# working directory. -# # $Id$ # -# Copyright (C) 2012-2013 Internet Systems Consortium ("ISC") -# +# Copyright (C) 2014 Dragon Research Labs ("DRL") +# Portions copyright (C) 2012-2013 Internet Systems Consortium ("ISC") +# # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# copyright notices and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL +# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR +# ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA +# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. +""" +Construct FreeBSD port directories. + +This is a script because we need to generate package lists and update +version numbers in the Makefiles. +""" + import sys import os +import re import subprocess import errno import glob import shutil - -try: - svndir = sys.argv[1] -except IndexError: - sys.exit("Usage: %s subversion-working-directory" % sys.argv[0]) - -if not os.path.isdir(svndir): - sys.exit("Usage: %s subversion-working-directory" % sys.argv[0]) - -svnversion = subprocess.check_output(("svnversion", "-c", svndir)).strip().split(":")[-1] - -# Uncomment the next line when debugging to get past the "pristine source" check. -svnversion = svnversion.translate(None, "M") +import argparse + +def check_dir(s): + if not os.path.isdir(s): + raise argparse.ArgumentTypeError("%r is not a directory" % s) + return s + +parser = argparse.ArgumentParser(description = __doc__) +parser.add_argument("--allow-dirty", action = "store_true", + help = "don't insist on pristine subversion checkout") +parser.add_argument("--make-package", action = "store_true", + help = "build binary package") +parser.add_argument("--no-clean", action = "store_true", + help = "don't clean port after staging etc (implies --no-tarball)") +parser.add_argument("--no-tarball", action = "store_true", + help = "don't create tarball of generated port") +parser.add_argument("svndir", metavar = "subversion-working-directory", type = check_dir, + help = "directory containing subversion working tree") +args = parser.parse_args() + +svnversion = subprocess.check_output(("svnversion", "-c", args.svndir)).strip().split(":")[-1] + +if args.allow_dirty: + svnversion = svnversion.translate(None, "M") if not svnversion.isdigit(): sys.exit("Sources don't look pristine, not building (%r)" % svnversion) -branch = os.path.basename(svndir.rstrip(os.path.sep)) +branch = os.path.basename(args.svndir.rstrip(os.path.sep)) if branch != "trunk" and (branch[:2] != "tk" or not branch[2:].isdigit()): sys.exit("Could not parse branch from working directory name, not building (%r)" % branch) @@ -53,13 +71,20 @@ url = "http://download.rpki.net/" + tarball portsdir = os.path.abspath("freebsd-ports") portsdir_old = portsdir + ".old" +# Could perhaps use distutils.sysconfig.get_python_lib() instead of +# this regexp hack, but would be just as complicated in its own way, +# so just go with this for the moment. + +py_lib = re.compile(r"^lib/python\d+\.\d+") +py_sitelib = re.compile(r"^lib/python\d+\.\d+/site-packages") + if os.path.isdir(portsdir_old): shutil.rmtree(portsdir_old) if os.path.isdir(portsdir): os.rename(portsdir, portsdir_old) -shutil.copytree(os.path.join(svndir, "buildtools", "freebsd-skeleton"), portsdir) +shutil.copytree(os.path.join(args.svndir, "buildtools", "freebsd-skeleton"), portsdir) if os.path.exists(os.path.join(portsdir_old, tarball)): os.link(os.path.join(portsdir_old, tarball), os.path.join(portsdir, tarball)) @@ -69,97 +94,52 @@ elif os.path.exists(os.path.join("/usr/ports/distfiles", tarball)): if os.path.isdir(portsdir_old): shutil.rmtree(portsdir_old) -base_rp = os.path.join(portsdir, "rpki-rp") -base_ca = os.path.join(portsdir, "rpki-ca") +if args.make_package: + pkgdir = os.path.join(portsdir, "packages") + os.mkdir(pkgdir) + +formatdict = dict(SVNVERSION = svnversion, SVNBRANCH = branch) -formatdict = dict(SVNVERSION = svnversion, - SVNBRANCH = branch) +keepdirs = ("usr", "etc", "bin", "var", "lib", "libexec", "sbin", "share", "etc/rc.d", "%%PYTHON_SITELIBDIR%%") for port in ("rpki-rp", "rpki-ca"): + base = os.path.join(portsdir, port) + stage = os.path.join(base, "work", "stage") fn = os.path.join(portsdir, port, "Makefile") with open(fn, "r") as f: template = f.read() with open(fn, "w") as f: f.write(template % formatdict) -subprocess.check_call(("make", "makesum", "DISTDIR=" + portsdir), cwd = base_rp) -subprocess.check_call(("make", "makesum", "DISTDIR=" + portsdir), cwd = base_ca) - -trust_anchors = [os.path.basename(fn) - for fn in subprocess.check_output(("tar", "tf", os.path.join(portsdir, tarball))).splitlines() - if "/rcynic/sample-trust-anchors/" in fn and fn.endswith(".tal")] - -with open(os.path.join(base_rp, "pkg-plist"), "w") as f: - - f.write('''\ -bin/find_roa -bin/hashdir -bin/print_roa -bin/print_rpki_manifest -bin/rcynic -bin/rcynic-cron -bin/rcynic-html -bin/rcynic-svn -bin/rcynic-text -bin/rtr-origin -bin/scan_roas -bin/validation_status -etc/rcynic.conf.sample -''') - - for trust_anchor in sorted(trust_anchors): - f.write("etc/rpki/trust-anchors/%s\n" % trust_anchor) - - f.write('''\ -@dirrm etc/rpki/trust-anchors -@dirrmtry etc/rpki -@dirrm www/apache%%APACHE_VERSION%%/data/rcynic -@cwd / -@dirrm var/rcynic/data -@dirrm var/rcynic/rpki-rtr/sockets -@dirrm var/rcynic/rpki-rtr -@dirrm var/rcynic -''') - -# "USE_GNOME=" gets rid of annoying whining due to empty or -# non-existent pkg-plist. The (direct) Gnome dependency doesn't -# matter while constructing the port skeleton, so it's simplest just -# to disable it for this one command. - -subprocess.check_call(("make", "DISTDIR=" + portsdir, "USE_GNOME="), cwd = base_ca) - -tempdir = os.path.join(base_ca, "work", "temp-install", "") - -subprocess.check_call(("make", "install", "DESTDIR=" + os.path.abspath(tempdir)), - cwd = os.path.join(base_ca, "work", tarname)) - -with open(os.path.join(base_ca, "pkg-plist"), "w") as f: - - dont_remove = ("usr", "etc", "bin", "var", "lib", "libexec", "sbin", "share", "lib/python2.7", "lib/python2.7/site-packages") - - usr_local = None - - for dirpath, dirnames, filenames in os.walk(tempdir, topdown = False): - dn = dirpath[len(tempdir):] - - if dn.startswith("usr/local"): - if not usr_local and usr_local is not None: - f.write("@cwd\n") - usr_local = True - dn = dn[len("usr/local/"):] - else: - if usr_local: - f.write("@cwd /\n") - usr_local = False - - for fn in filenames: - f.write(os.path.join(dn, fn) + "\n") - - if dn and dn not in dont_remove: - f.write("@dirrm %s\n" % dn) - -subprocess.check_call(("make", "clean"), cwd = base_ca) - -for port in ("rpki-rp", "rpki-ca"): - subprocess.check_call(("tar", "czf", "%s-port.tgz" % port, port), cwd = portsdir) + subprocess.check_call(("make", "makesum", "stage", "DISTDIR=" + portsdir), cwd = base) + + with open(os.path.join(base, "pkg-plist"), "w") as f: + usr_local = None + for dirpath, dirnames, filenames in os.walk(stage, topdown = False): + dn = dirpath[len(stage)+1:] + if dn.startswith("usr/local"): + if not usr_local and usr_local is not None: + f.write("@cwd\n") + usr_local = True + dn = dn[len("usr/local/"):] + dn = py_sitelib.sub("%%PYTHON_SITELIBDIR%%", dn) + if dn == "etc/rc.d": + continue + else: + if usr_local: + f.write("@cwd /\n") + usr_local = False + for fn in filenames: + f.write(os.path.join(dn, fn) + "\n") + if dn and dn not in keepdirs and not py_lib.match(dn): + f.write("@dirrm %s\n" % dn) + + if args.make_package: + subprocess.check_call(("make", "clean", "package", "PKGREPOSITORY=" + pkgdir), cwd = base) + + if not args.no_clean: + subprocess.check_call(("make", "clean"), cwd = base) + + if not args.no_tarball and not args.no_clean: + subprocess.check_call(("tar", "czf", "%s-port.tgz" % port, port), cwd = portsdir) diff --git a/buildtools/freebsd-skeleton/rpki-ca/Makefile b/buildtools/freebsd-skeleton/rpki-ca/Makefile index 6cf890d6..71f38436 100644 --- a/buildtools/freebsd-skeleton/rpki-ca/Makefile +++ b/buildtools/freebsd-skeleton/rpki-ca/Makefile @@ -9,6 +9,7 @@ COMMENT= rpki.net RPKI CA tools WWW= http://rpki.net/ GNU_CONFIGURE= yes +NO_MTREE= yes USE_PYTHON= 2.7+ USE_GNOME= libxml2 libxslt USE_MYSQL= server @@ -16,9 +17,12 @@ USE_APACHE_RUN= 22+ USE_RC_SUBR= rpki-ca -# Disable a couple of recent whoopie cushions in the FreeBSD ports system +# Disable parallel builds, they failed last time I tried and we don't really need them MAKE_JOBS_UNSAFE= yes -NO_STAGE = yes + +# We depend on our own relying party code. Perhaps this should require our own version number? +BUILD_DEPENDS+= rpki-rp>0:${PORTSDIR}/net/rpki-rp +RUN_DEPENDS+= rpki-rp>0:${PORTSDIR}/net/rpki-rp # For OpenSSL, not needed otherwise USE_PERL5_BUILD=yes @@ -26,9 +30,6 @@ USE_PERL5_BUILD=yes # For building OpenSSL, not needed otherwise BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend -# Needed at build to keep ./configure from complaining. -BUILD_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync - RPKID_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>0:${PORTSDIR}/devel/py-lxml \ ${PYTHON_PKGNAMEPREFIX}MySQLdb>0:${PORTSDIR}/databases/py-MySQLdb \ ${PYTHON_PKGNAMEPREFIX}django>=1.3.7:${PORTSDIR}/www/py-django \ @@ -40,17 +41,14 @@ RPKID_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>0:${PORTSDIR}/devel/py-lxml BUILD_DEPENDS+= ${RPKID_DEPENDS} RUN_DEPENDS+= ${RPKID_DEPENDS} -RUN_DEPENDS+= ${APACHE_PKGNAMEPREFIX}mod_wsgi>3:${PORTSDIR}/www/mod_wsgi3 +RUN_DEPENDS+= ${APACHE_PKGNAMEPREFIX}mod_wsgi3>0:${PORTSDIR}/www/mod_wsgi3 # Try to use system OpenSSL if we can. CONFIGURE_ENV= CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib" -CONFIGURE_ARGS= --disable-target-installation --disable-rp-tools APACHE_VERSION=${APACHE_VERSION} +CONFIGURE_ARGS= --disable-target-installation --disable-runtime-dependencies --disable-rp-tools APACHE_VERSION=${APACHE_VERSION} pre-install: - PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL - -post-install: - PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + @test -d ${STAGEDIR}${PREFIX}/etc/rc.d || mkdir -p ${STAGEDIR}${PREFIX}/etc/rc.d .include <bsd.port.mk> diff --git a/buildtools/freebsd-skeleton/rpki-ca/pkg-plist b/buildtools/freebsd-skeleton/rpki-ca/pkg-plist deleted file mode 100644 index e69de29b..00000000 --- a/buildtools/freebsd-skeleton/rpki-ca/pkg-plist +++ /dev/null diff --git a/buildtools/freebsd-skeleton/rpki-ca/pkg-upgrade b/buildtools/freebsd-skeleton/rpki-ca/pkg-upgrade deleted file mode 100644 index f569a3d6..00000000 --- a/buildtools/freebsd-skeleton/rpki-ca/pkg-upgrade +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - - -echo 1>&2 "pkg-upgrade invoked with arguments \"$*\"." - -case $2 in - -PRE-UPGRADE) - ;; - -POST-UPGRADE) - ;; - -*) - echo "No clue what this script is meant to do when invoked with arguments \"$*\"." - #exit 1 - ;; - -esac diff --git a/buildtools/freebsd-skeleton/rpki-rp/Makefile b/buildtools/freebsd-skeleton/rpki-rp/Makefile index be88adc0..adae6ef0 100644 --- a/buildtools/freebsd-skeleton/rpki-rp/Makefile +++ b/buildtools/freebsd-skeleton/rpki-rp/Makefile @@ -9,6 +9,7 @@ COMMENT= rpki.net RPKI relying party tools WWW= http://rpki.net/ GNU_CONFIGURE= yes +NO_MTREE= yes USE_PYTHON= 2.7+ USE_GNOME= libxml2 libxslt USE_APACHE_RUN= 22+ @@ -35,37 +36,18 @@ RUN_DEPENDS+= rrdtool>0:${PORTSDIR}/databases/rrdtool # Just want relying party tools, try to use system OpenSSL if we can. -CONFIGURE_ARGS= --disable-ca-tools APACHE_VERSION=${APACHE_VERSION} +CONFIGURE_ARGS= --disable-target-installation --disable-runtime-dependencies --disable-ca-tools APACHE_VERSION=${APACHE_VERSION} CONFIGURE_ENV= CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib" -# Disable a couple of recent whoopie cushions in the FreeBSD ports system +# Disable parallel builds, they failed the last time I tried and we don't really need them MAKE_JOBS_UNSAFE= yes -NO_STAGE = yes # rcynic's Makefile constructs an rcynic.conf for us if it doesn't # find one already installed. This turns out to be exactly what -# FreeBSD's rules want us to install as rcynic.conf.sample, so we -# shuffle things around a bit just before and just after installation -# to make this all come out right. -# -# If I ever teach rcynic to construct a .conf.sample file per the -# FreeBSD way of doing things, this will need to change to match. - -pre-install: - PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL - @if test -f ${PREFIX}/etc/rcynic.conf; \ - then \ - ${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.real; \ - fi +# FreeBSD's rules want us to install as rcynic.conf.sample, so we just +# rename it. post-install: - PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL - @if test -f ${PREFIX}/etc/rcynic.conf.real; \ - then \ - ${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample; \ - ${MV} -f ${PREFIX}/etc/rcynic.conf.real ${PREFIX}/etc/rcynic.conf; \ - else \ - ${CP} -p ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample; \ - fi + ${MV} -vf ${STAGEDIR}${PREFIX}/etc/rcynic.conf ${STAGEDIR}${PREFIX}/etc/rcynic.conf.sample .include <bsd.port.mk> diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-plist b/buildtools/freebsd-skeleton/rpki-rp/pkg-plist deleted file mode 100644 index e69de29b..00000000 --- a/buildtools/freebsd-skeleton/rpki-rp/pkg-plist +++ /dev/null diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-upgrade b/buildtools/freebsd-skeleton/rpki-rp/pkg-upgrade deleted file mode 100644 index f569a3d6..00000000 --- a/buildtools/freebsd-skeleton/rpki-rp/pkg-upgrade +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - - -echo 1>&2 "pkg-upgrade invoked with arguments \"$*\"." - -case $2 in - -PRE-UPGRADE) - ;; - -POST-UPGRADE) - ;; - -*) - echo "No clue what this script is meant to do when invoked with arguments \"$*\"." - #exit 1 - ;; - -esac @@ -726,6 +726,7 @@ enable_target_installation enable_wsgi_daemon_mode enable_python_install_layout enable_wsgi_python_egg_cache +enable_runtime_dependencies enable_python enable_django enable_rpki_rtr @@ -1366,6 +1367,8 @@ Optional Features: Specify Python --install-layout --enable-wsgi-python-egg-cache=dir[:user] Set up PYTHON_EGG_CACHE in wsgi wrapper + --disable-runtime-dependencies + Don't enforce runtime dependencies --disable-python (Obsolete, do not use) --disable-django (Obsolete, do not use) --disable-rpki-rtr (Obsolete, do not use) @@ -2474,6 +2477,13 @@ else enable_wsgi_python_egg_cache=auto fi +# Check whether --enable-runtime_dependencies was given. +if test "${enable_runtime_dependencies+set}" = set; then : + enableval=$enable_runtime_dependencies; +else + enable_runtime_dependencies=yes +fi + @@ -4233,6 +4243,20 @@ fi +# See whether we need to check for dependencies that we only need at +# runtime. We do this by default when compiling from source to avoid +# surprises after installation, but this just adds pain when building +# binary packages within a platform framework which already handles +# all the dependencies for us, so we need a way to turn it off. + +case $enable_runtime_dependencies in + yes|no) + ;; + *) + as_fn_error $? "Unrecognized value for --enable-runtime-dependencies: $enable_runtime_dependencies" "$LINENO" 5 + ;; +esac + # Figure out whether we need to build our own OpenSSL library or can # use the system libraries. We're looking for two recent features: # CMS and RFC 3779 support. We also have to check whether the user @@ -4528,11 +4552,7 @@ fi # Check whether to do "final target installation". This means actions # that can only be done when installing a package, as opposed to when -# building a package. On FreeBSD this is sort of irrelevant, because -# of the way package installs work when building from source, but on -# Debian and Ubuntu, for example, there's a strict separation between -# things that are done during package build and things that are done -# by the binary package's {pre,post}inst scripts. +# building a package. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to do final target installation on \"make install\"" >&5 $as_echo_n "checking whether to do final target installation on \"make install\"... " >&6; } @@ -4858,7 +4878,13 @@ fi if test $ok = no then - as_fn_error $? "Please correct the problems above then re-run this configuration script." "$LINENO" 5 + if test $enable_runtime_dependencies = yes + then + as_fn_error $? "Please correct the problems above then re-run this configuration script." "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Runtime dependency enforcement disabled, proceeding (at your own risk)" >&5 +$as_echo "$as_me: WARNING: Runtime dependency enforcement disabled, proceeding (at your own risk)" >&2;} + fi fi # Figure out whether we are on a Debian-derived system where we need diff --git a/configure.ac b/configure.ac index 0d8f15c5..adeb2fa1 100644 --- a/configure.ac +++ b/configure.ac @@ -41,6 +41,7 @@ AC_ARG_ENABLE([target_installation], [AS_HELP_STRING([--disable-target-installat AC_ARG_ENABLE([wsgi_daemon_mode], [AS_HELP_STRING([--enable-wsgi-daemon-mode=user[[:group]]], [Run the web portal as a separate process])], [], [enable_wsgi_daemon_mode=no]) AC_ARG_ENABLE([python_install_layout], [AS_HELP_STRING([--enable-python-install-layout=layout], [Specify Python --install-layout])], [], [enable_python_install_layout=auto]) AC_ARG_ENABLE([wsgi_python_egg_cache], [AS_HELP_STRING([--enable-wsgi-python-egg-cache=dir[[:user]]], [Set up PYTHON_EGG_CACHE in wsgi wrapper])], [], [enable_wsgi_python_egg_cache=auto]) +AC_ARG_ENABLE([runtime_dependencies], [AS_HELP_STRING([--disable-runtime-dependencies], [Don't enforce runtime dependencies])], [], [enable_runtime_dependencies=yes]) AC_ARG_VAR([RCYNIC_DIR], [Where to put output files from rcynic and rtr-origin; also controls jail location for --enable-rcynic-jail]) AC_ARG_VAR([APACHE_VERSION], [Version of Apache httpd, mostly used on FreeBSD where it determines some of the directory names]) @@ -138,6 +139,20 @@ AC_PATH_PROG([RRDTOOL], [rrdtool]) AC_PATH_PROG([TRANG], [trang], [\${abs_top_srcdir}/buildtools/trang-not-found]) AC_PATH_PROG([RSYNC], [rsync]) +# See whether we need to check for dependencies that we only need at +# runtime. We do this by default when compiling from source to avoid +# surprises after installation, but this just adds pain when building +# binary packages within a platform framework which already handles +# all the dependencies for us, so we need a way to turn it off. + +case $enable_runtime_dependencies in + yes|no) + ;; + *) + AC_MSG_ERROR([Unrecognized value for --enable-runtime-dependencies: $enable_runtime_dependencies]) + ;; +esac + # Figure out whether we need to build our own OpenSSL library or can # use the system libraries. We're looking for two recent features: # CMS and RFC 3779 support. We also have to check whether the user @@ -351,11 +366,7 @@ AC_SUBST(RCYNIC_STATIC_RSYNC) # Check whether to do "final target installation". This means actions # that can only be done when installing a package, as opposed to when -# building a package. On FreeBSD this is sort of irrelevant, because -# of the way package installs work when building from source, but on -# Debian and Ubuntu, for example, there's a strict separation between -# things that are done during package build and things that are done -# by the binary package's {pre,post}inst scripts. +# building a package. AC_MSG_CHECKING([whether to do final target installation on "make install"]) @@ -636,7 +647,12 @@ fi if test $ok = no then - AC_MSG_ERROR([Please correct the problems above then re-run this configuration script.]) + if test $enable_runtime_dependencies = yes + then + AC_MSG_ERROR([Please correct the problems above then re-run this configuration script.]) + else + AC_MSG_WARN([Runtime dependency enforcement disabled, proceeding (at your own risk)]) + fi fi # Figure out whether we are on a Debian-derived system where we need diff --git a/rcynic/rcynic.c b/rcynic/rcynic.c index 5e90df89..dea9c48f 100644 --- a/rcynic/rcynic.c +++ b/rcynic/rcynic.c @@ -5686,7 +5686,7 @@ int main(int argc, char *argv[]) goto done; } - memset(&ta_dir, 0, sizeof(&ta_dir)); + memset(&ta_dir, 0, sizeof(ta_dir)); opterr = 0; diff --git a/rpkid/portal-gui/scripts/rpkigui-reset-demo.py b/rpkid/portal-gui/scripts/rpkigui-reset-demo.py index e1ff6134..0a3a1537 100644 --- a/rpkid/portal-gui/scripts/rpkigui-reset-demo.py +++ b/rpkid/portal-gui/scripts/rpkigui-reset-demo.py @@ -1,4 +1,4 @@ -# Copyright (C) 2012, 2013 SPARTA, Inc. a Parsons Company +# Copyright (C) 2012, 2013, 2014 SPARTA, Inc. a Parsons Company # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -39,3 +39,10 @@ for n in xrange(1, 33): conf.clear_alerts() print '... updating resource certificate cache' list_received_resources(sys.stdout, conf) + + # Remove delegated resources (see https://trac.rpki.net/ticket/544) + # Note that we do not remove the parent-child relationship, just the + # resources. + for child in conf.children(): + child.asns.delete() + child.address_ranges.delete() diff --git a/rpkid/rpki/gui/app/glue.py b/rpkid/rpki/gui/app/glue.py index f6ec4344..a9f6441e 100644 --- a/rpkid/rpki/gui/app/glue.py +++ b/rpkid/rpki/gui/app/glue.py @@ -28,12 +28,13 @@ from datetime import datetime from rpki.resource_set import (resource_set_as, resource_set_ipv4, resource_set_ipv6, resource_range_ipv4, resource_range_ipv6) -from rpki.left_right import list_received_resources_elt +from rpki.left_right import list_received_resources_elt, report_error_elt from rpki.irdb.zookeeper import Zookeeper from rpki.gui.app import models from rpki.exceptions import BadIPResource from django.contrib.auth.models import User +from django.db.transaction import commit_on_success def ghostbuster_to_vcard(gbr): @@ -65,6 +66,19 @@ def ghostbuster_to_vcard(gbr): return vcard.serialize() +class LeftRightError(Exception): + """Class for wrapping report_error_elt errors from Zookeeper.call_rpkid(). + + It expects a single argument, which is the associated report_error_elt instance.""" + + def __str__(self): + return 'Error occurred while communicating with rpkid: handle=%s code=%s text=%s' % ( + self.args[0].self_handle, + self.args[0].error_code, + self.args[0].error_text) + + +@commit_on_success def list_received_resources(log, conf): """ Query rpkid for this resource handle's received resources. @@ -77,11 +91,19 @@ def list_received_resources(log, conf): z = Zookeeper(handle=conf.handle) pdus = z.call_rpkid(list_received_resources_elt.make_pdu(self_handle=conf.handle)) + # pdus is sometimes None (see https://trac.rpki.net/ticket/681) + if pdus is None: + print >>log, 'error: call_rpkid() returned None for handle %s when fetching received resources' % conf.handle + return models.ResourceCert.objects.filter(conf=conf).delete() for pdu in pdus: - if isinstance(pdu, list_received_resources_elt): + if isinstance(pdu, report_error_elt): + # this will cause the db to be rolled back so the above delete() + # won't clobber existing resources + raise LeftRightError, pdu + elif isinstance(pdu, list_received_resources_elt): if pdu.parent_handle != conf.handle: parent = models.Parent.objects.get(issuer=conf, handle=pdu.parent_handle) diff --git a/rpkid/setup.py b/rpkid/setup.py index 7850d6d4..39aad552 100644 --- a/rpkid/setup.py +++ b/rpkid/setup.py @@ -26,10 +26,16 @@ except ImportError: "Fake autoconf object to let --help work without autoconf." sbindir = libexecdir = datarootdir = sysconfdir = CFLAGS = LDFLAGS = LIBS = "" +try: + from rpki.version import VERSION + +except ImportError: + VERSION = "0.0" + # pylint: disable=W0622 setup(name = "rpkitoolkit", - version = "1.0", + version = VERSION, description = "RPKI Toolkit", license = "BSD", url = "http://rpki.net/", diff --git a/utils/hashdir/hashdir.c b/utils/hashdir/hashdir.c index 6de778b5..1b5b0f46 100644 --- a/utils/hashdir/hashdir.c +++ b/utils/hashdir/hashdir.c @@ -36,6 +36,7 @@ #include <openssl/bio.h> #include <openssl/pem.h> #include <openssl/x509.h> +#include <openssl/err.h> #ifndef FILENAME_MAX #define FILENAME_MAX 1024 diff --git a/utils/print_roa/print_roa.c b/utils/print_roa/print_roa.c index cb186251..c88fc092 100644 --- a/utils/print_roa/print_roa.c +++ b/utils/print_roa/print_roa.c @@ -86,9 +86,9 @@ extract_signingTime(CMS_ContentInfo *cms, char *buffer, size_t buflen) switch (so->type) { case V_ASN1_UTCTIME: strcpy(buffer, (so->value.utctime->data[0] >= '5') ? "19" : "20"); - return strncpy(buffer + 2, so->value.utctime->data, buflen - 3); + return strncpy(buffer + 2, (const char *) so->value.utctime->data, buflen - 3); case V_ASN1_GENERALIZEDTIME: - return strncpy(buffer, so->value.generalizedtime->data, buflen - 1); + return strncpy(buffer, (const char *) so->value.generalizedtime->data, buflen - 1); default: return NULL; } diff --git a/utils/scan_roas/scan_roas.c b/utils/scan_roas/scan_roas.c index fc883bf6..f32e3827 100644 --- a/utils/scan_roas/scan_roas.c +++ b/utils/scan_roas/scan_roas.c @@ -90,9 +90,9 @@ extract_signingTime(CMS_ContentInfo *cms, char *buffer, size_t buflen) switch (so->type) { case V_ASN1_UTCTIME: strcpy(buffer, (so->value.utctime->data[0] >= '5') ? "19" : "20"); - return strncpy(buffer + 2, so->value.utctime->data, buflen - 3); + return strncpy(buffer + 2, (const char *) so->value.utctime->data, buflen - 3); case V_ASN1_GENERALIZEDTIME: - return strncpy(buffer, so->value.generalizedtime->data, buflen - 1); + return strncpy(buffer, (const char *) so->value.generalizedtime->data, buflen - 1); default: return NULL; } @@ -271,6 +271,7 @@ static int walk(const char *name) done: closedir(dir); + return ok; } |