diff options
| -rwxr-xr-x | configure | 138 | ||||
| -rw-r--r-- | configure.ac | 132 | ||||
| -rw-r--r-- | rp/rcynic/Makefile.in | 80 | ||||
| -rwxr-xr-x | rp/rcynic/rc-scripts/darwin/RCynic | 42 | ||||
| -rw-r--r-- | rp/rcynic/rc-scripts/darwin/StartupParameters.plist | 19 | ||||
| -rwxr-xr-x | rp/rcynic/rc-scripts/freebsd/rc.d.rcynic | 44 | ||||
| -rwxr-xr-x | rp/rcynic/rcynic-cron | 46 | ||||
| -rwxr-xr-x | rp/rcynic/rcynic-dump | 2 | ||||
| -rwxr-xr-x | rp/rcynic/rcynicng | 9 | ||||
| -rw-r--r-- | rp/rcynic/rules.darwin.mk | 34 | ||||
| -rw-r--r-- | rp/rcynic/rules.freebsd.mk | 8 | ||||
| -rw-r--r-- | rp/rcynic/rules.linux.mk | 48 | ||||
| -rw-r--r-- | rp/rcynic/rules.unknown.mk | 2 | ||||
| -rw-r--r-- | rp/rcynic/static-rsync/Makefile.in | 44 | ||||
| -rw-r--r-- | rp/rcynic/static-rsync/README | 15 | ||||
| -rw-r--r-- | rp/rcynic/static-rsync/patches/patch-CVE-2007-4091 | 60 | ||||
| -rw-r--r-- | rp/rcynic/static-rsync/rsync-2.6.9.tar.gz | bin | 811841 -> 0 bytes | |||
| -rw-r--r-- | rpki/gui/cacheview/util.py | 2 |
18 files changed, 76 insertions, 649 deletions
@@ -636,17 +636,9 @@ CA_INSTALL_TARGETS RTR_ORIGIN_INSTALL_TARGETS RCYNIC_INSTALL_TARGETS RCYNIC_HTML_DIR -RCYNIC_STATIC_RSYNC +RCYNIC_CONF_DATA RPKI_GROUP RPKI_USER -RCYNIC_CRON_USER -RCYNIC_CONF_TA_DIR -RCYNIC_CONF_DATA -RCYNIC_CONF_RSYNC -RCYNIC_BIN_RCYNIC -RCYNIC_TA_DIR -RCYNIC_CONF_FILE -RCYNIC_JAIL_DIRS SUDO RSYNC TRANG @@ -656,7 +648,6 @@ AWK XSLTPROC PYTHON POW_LDFLAGS -LD_STATIC_FLAG EGREP GREP CPP @@ -724,7 +715,6 @@ CA_MAKE_RULES' ac_user_opts=' enable_option_checking with_system_openssl -enable_rcynic_jail enable_openssl_asm enable_ca_tools enable_rp_tools @@ -736,6 +726,7 @@ enable_runtime_dependencies enable_python enable_django enable_rpki_rtr +enable_rcynic_jail ' ac_precious_vars='build_alias host_alias @@ -1361,7 +1352,6 @@ Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-rcynic-jail Run rcynic in chroot jail --disable-openssl-asm Don't let OpenSSL build assembler code --disable-ca-tools Don't build any of the CA tools --disable-rp-tools Don't build any of the relying party tools @@ -1378,6 +1368,7 @@ Optional Features: --disable-python (Obsolete, do not use) --disable-django (Obsolete, do not use) --disable-rpki-rtr (Obsolete, do not use) + --enable-rcynic-jail (Obsolete, do not use) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -1385,8 +1376,7 @@ Optional Packages: --with-system-openssl Link against system copy of OpenSSL Some influential environment variables: - RCYNIC_DIR Where to put output files from rcynic and rpki-rtr; also - controls jail location for --enable-rcynic-jail + RCYNIC_DIR Where to put output files from rcynic and rpki-rtr APACHE_VERSION Version of Apache httpd, mostly used on FreeBSD where it determines some of the directory names @@ -2427,13 +2417,6 @@ else with_system_openssl=auto fi -# Check whether --enable-rcynic_jail was given. -if test "${enable_rcynic_jail+set}" = set; then : - enableval=$enable_rcynic_jail; -else - enable_rcynic_jail=no -fi - # Check whether --enable-openssl_asm was given. if test "${enable_openssl_asm+set}" = set; then : enableval=$enable_openssl_asm; @@ -2511,6 +2494,11 @@ if test "${enable_rpki_rtr+set}" = set; then : enableval=$enable_rpki_rtr; as_fn_error $? "--disable-rpki-rtr is obsolete. Please see the --disable-rp-tools option" "$LINENO" 5 fi +# Check whether --enable-rcynic_jail was given. +if test "${enable_rcynic_jail+set}" = set; then : + enableval=$enable_rcynic_jail; as_fn_error $? "--enable-rcynic-jail is obsolete." "$LINENO" 5 +fi + ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -3827,33 +3815,6 @@ _ACEOF -# We'd like to build rcynic as a static binary if we can, because that -# makes it much simpler to run rcynic in a chroot jail, but we don't -# know how to do it on all platforms, so we try the hack we know, and -# if that doesn't work, oh well. -# -# Sadly, it's even worse than this, because there are platforms like -# Fedora where the compiler and linker support -static just fine, but -# the default libraries do not, and if you start down the primrose -# path of installing the necessary libraries, you eventually hit a -# wall where one of the static libraries you downloaded depends on -# something that's not available as a static library, ie, you lose. -# -# So for now I'm just going to make this a FreeBSD-only option. -# Feh. Those of you who choose to use other platforms are welcome to -# fix this and send me the patch, if you care. - - -case $host_os in - freebsd*) - LD_STATIC_FLAG='-static' - ;; - *) - LD_STATIC_FLAG='' - ;; -esac - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler and linker support -Wl,-Bsymbolic" >&5 $as_echo_n "checking whether compiler and linker support -Wl,-Bsymbolic... " >&6; } old_LDFLAGS="$LDFLAGS" @@ -4551,13 +4512,9 @@ fi if test "X$RCYNIC_DIR" = "X" then - rcynic_base_dir='/var/rcynic' -else - rcynic_base_dir="${RCYNIC_DIR}" + RCYNIC_DIR='/var/rcynic' fi -RCYNIC_DIR='${DESTDIR}'"${rcynic_base_dir}" - # APACHE_VERSION is another "precious" argument to this script. It # mostly matters on FreeBSD, where most things involving Apache encode # the Apache version number into their filenames. @@ -4595,56 +4552,6 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $msg" >&5 $as_echo "$msg" >&6; } -# Figure out whether to run rcynic in a chroot jail, which determines -# a bunch of other settings. - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build chroot jail for rcynic" >&5 -$as_echo_n "checking whether to build chroot jail for rcynic... " >&6; } - -case $enable_rcynic_jail in - yes) - use_rcynic_jail=yes - RCYNIC_CONF_FILE='${RCYNIC_DIR}/etc/rcynic.conf' - RCYNIC_TA_DIR='${RCYNIC_DIR}/etc/trust-anchors' - RCYNIC_BIN_RCYNIC='${RCYNIC_DIR}/bin/rcynic' - RCYNIC_CONF_RSYNC='/bin/rsync' - RCYNIC_CONF_DATA='/data' - RCYNIC_CONF_TA_DIR='/etc/trust-anchors' - RCYNIC_CRON_USER='root' - RCYNIC_JAIL_DIRS='${RCYNIC_DIR}/bin ${RCYNIC_DIR}/dev ${RCYNIC_DIR}/etc' - if test "X$host_os" = "Xlinux" - then - RCYNIC_JAIL_DIRS="$RCYNIC_JAIL_DIRS "'${RCYNIC_DIR}/lib ${RCYNIC_DIR}/lib64 ${RCYNIC_DIR}/usr/lib' - fi - ;; - no) - use_rcynic_jail=no - RCYNIC_CONF_FILE='${DESTDIR}${sysconfdir}/rcynic.conf' - RCYNIC_TA_DIR='${DESTDIR}${sysconfdir}/rpki/trust-anchors' - RCYNIC_BIN_RCYNIC='${DESTDIR}${bindir}/rcynic' - RCYNIC_CONF_RSYNC="${RSYNC}" - RCYNIC_CONF_DATA="${rcynic_base_dir}/data" - RCYNIC_CONF_TA_DIR='${sysconfdir}/rpki/trust-anchors' - RCYNIC_CRON_USER='${RPKI_USER}' - RCYNIC_JAIL_DIRS='' - ;; - *) - as_fn_error $? "Unrecognized value for --enable-rcynic-jail: $enable_rcynic_jail" "$LINENO" 5 - ;; -esac - - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_rcynic_jail" >&5 -$as_echo "$use_rcynic_jail" >&6; } - # Perhaps there should be a way to set these, but for now just # wire them in here so at least they're consistent in all Makefiles. @@ -4653,12 +4560,7 @@ RPKI_USER=rpki RPKI_GROUP=rpki -if test $use_rcynic_jail = yes && test "X$LD_STATIC_FLAG" != "X" -then - RCYNIC_STATIC_RSYNC='static-rsync/rsync' -else - RCYNIC_STATIC_RSYNC='' -fi +RCYNIC_CONF_DATA="${RCYNIC_DIR}/data" @@ -4680,10 +4582,8 @@ esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_target_installation" >&5 $as_echo "$enable_target_installation" >&6; } -# rcynic jail setup is complicated enough that it's simplest to have -# different rule sets for different platforms. Icky, but.... -# rpki-rtr isn't as complicated, but has similar issues, same hack. -# ca isn't as complicated either, but same hack. +# Some bits of post-installation setup are complicated enough that +# it's simplest to have different rule sets for different platforms. case $host_os in darwin*) @@ -4733,7 +4633,7 @@ $as_echo "$RCYNIC_HTML_DIR" >&6; } -# Sort out which things to install, depending on rcynic jail status and whether +# Sort out which things to install, depending on whether # we're doing final target installation. # # As things have evolved, this a bit repetitive. Simplify someday, maybe. @@ -4743,11 +4643,6 @@ RTR_ORIGIN_INSTALL_TARGETS='install-always' CA_INSTALL_TARGETS='install-always' CFG_INSTALL_TARGETS='install-always' -if test $use_rcynic_jail = yes -then - RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-jailed" -fi - if test $enable_target_installation = yes then RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-postconf" @@ -4871,7 +4766,7 @@ $as_echo "$as_me: WARNING: I can't find Python.h. Python sources are required t { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: rcynic-html requires rrdtool." >&5 $as_echo "$as_me: WARNING: rcynic-html requires rrdtool." >&2;} fi - if test $use_rcynic_jail = no && test "X$RSYNC" = "X" + if test "X$RSYNC" = "X" then runtime_ok=no { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: The RPKI relying party tools require rsync." >&5 @@ -5118,7 +5013,7 @@ fi if test $build_rp_tools = yes then - ac_config_files="$ac_config_files rp/Makefile rp/config/Makefile rp/rcynic/Makefile rp/rcynic/static-rsync/Makefile rp/utils/Makefile rp/rpki-rtr/Makefile" + ac_config_files="$ac_config_files rp/Makefile rp/config/Makefile rp/rcynic/Makefile rp/utils/Makefile rp/rpki-rtr/Makefile" fi @@ -5874,7 +5769,6 @@ do "rp/Makefile") CONFIG_FILES="$CONFIG_FILES rp/Makefile" ;; "rp/config/Makefile") CONFIG_FILES="$CONFIG_FILES rp/config/Makefile" ;; "rp/rcynic/Makefile") CONFIG_FILES="$CONFIG_FILES rp/rcynic/Makefile" ;; - "rp/rcynic/static-rsync/Makefile") CONFIG_FILES="$CONFIG_FILES rp/rcynic/static-rsync/Makefile" ;; "rp/utils/Makefile") CONFIG_FILES="$CONFIG_FILES rp/utils/Makefile" ;; "rp/rpki-rtr/Makefile") CONFIG_FILES="$CONFIG_FILES rp/rpki-rtr/Makefile" ;; "ca/Makefile") CONFIG_FILES="$CONFIG_FILES ca/Makefile" ;; diff --git a/configure.ac b/configure.ac index 943783db..88480853 100644 --- a/configure.ac +++ b/configure.ac @@ -33,7 +33,6 @@ fi # Put the user option stuff up front. AC_ARG_WITH([system_openssl], [AS_HELP_STRING([--with-system-openssl], [Link against system copy of OpenSSL])], [], [with_system_openssl=auto]) -AC_ARG_ENABLE([rcynic_jail], [AS_HELP_STRING([--enable-rcynic-jail], [Run rcynic in chroot jail])], [], [enable_rcynic_jail=no]) AC_ARG_ENABLE([openssl_asm], [AS_HELP_STRING([--disable-openssl-asm], [Don't let OpenSSL build assembler code])], [], [enable_openssl_asm=auto]) AC_ARG_ENABLE([ca_tools], [AS_HELP_STRING([--disable-ca-tools], [Don't build any of the CA tools])], [], [enable_ca_tools=yes]) AC_ARG_ENABLE([rp_tools], [AS_HELP_STRING([--disable-rp-tools], [Don't build any of the relying party tools])], [], [enable_rp_tools=yes]) @@ -43,63 +42,21 @@ AC_ARG_ENABLE([python_install_layout], [AS_HELP_STRING([--enable-python-install- AC_ARG_ENABLE([wsgi_python_egg_cache], [AS_HELP_STRING([--enable-wsgi-python-egg-cache=dir[[:user]]], [Set up PYTHON_EGG_CACHE in wsgi wrapper])], [], [enable_wsgi_python_egg_cache=auto]) AC_ARG_ENABLE([runtime_dependencies], [AS_HELP_STRING([--disable-runtime-dependencies], [Don't enforce runtime dependencies])], [], [enable_runtime_dependencies=yes]) -AC_ARG_VAR([RCYNIC_DIR], [Where to put output files from rcynic and rpki-rtr; also controls jail location for --enable-rcynic-jail]) +AC_ARG_VAR([RCYNIC_DIR], [Where to put output files from rcynic and rpki-rtr]) AC_ARG_VAR([APACHE_VERSION], [Version of Apache httpd, mostly used on FreeBSD where it determines some of the directory names]) # Obsolete options. If you know of a better way to handle this, tell me. -AC_ARG_ENABLE([python], [AS_HELP_STRING([--disable-python], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-python is obsolete. Please see the --disable-ca-tools option])], []) -AC_ARG_ENABLE([django], [AS_HELP_STRING([--disable-django], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-django is obsolete. Please see the --disable-ca-tools option])], []) -AC_ARG_ENABLE([rpki_rtr], [AS_HELP_STRING([--disable-rpki-rtr], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-rpki-rtr is obsolete. Please see the --disable-rp-tools option])], []) +AC_ARG_ENABLE([python], [AS_HELP_STRING([--disable-python], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-python is obsolete. Please see the --disable-ca-tools option])], []) +AC_ARG_ENABLE([django], [AS_HELP_STRING([--disable-django], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-django is obsolete. Please see the --disable-ca-tools option])], []) +AC_ARG_ENABLE([rpki_rtr], [AS_HELP_STRING([--disable-rpki-rtr], [(Obsolete, do not use)])], [AC_MSG_ERROR([--disable-rpki-rtr is obsolete. Please see the --disable-rp-tools option])], []) +AC_ARG_ENABLE([rcynic_jail], [AS_HELP_STRING([--enable-rcynic-jail], [(Obsolete, do not use)])], [AC_MSG_ERROR([--enable-rcynic-jail is obsolete.])], []) AC_PROG_CC AC_PROG_INSTALL AC_CHECK_SIZEOF([long]) -# We'd like to build rcynic as a static binary if we can, because that -# makes it much simpler to run rcynic in a chroot jail, but we don't -# know how to do it on all platforms, so we try the hack we know, and -# if that doesn't work, oh well. -# -# Sadly, it's even worse than this, because there are platforms like -# Fedora where the compiler and linker support -static just fine, but -# the default libraries do not, and if you start down the primrose -# path of installing the necessary libraries, you eventually hit a -# wall where one of the static libraries you downloaded depends on -# something that's not available as a static library, ie, you lose. -# -# So for now I'm just going to make this a FreeBSD-only option. -# Feh. Those of you who choose to use other platforms are welcome to -# fix this and send me the patch, if you care. - -dnl AC_MSG_CHECKING([whether linker supports -static]) -dnl old_LDFLAGS="$LDFLAGS" -dnl LDFLAGS="$LDFLAGS -static" -dnl AC_LINK_IFELSE( -dnl [AC_LANG_SOURCE([[int main (int argc, char *argv[]) { return 0; }]])], -dnl [ -dnl AC_MSG_RESULT(yes) -dnl LD_STATIC_FLAG='-static' -dnl ], -dnl [ -dnl AC_MSG_RESULT(no) -dnl LD_STATIC_FLAG='' -dnl ] -dnl ) -dnl LDFLAGS="$old_LDFLAGS" -dnl unset old_LDFLAGS - -case $host_os in - freebsd*) - LD_STATIC_FLAG='-static' - ;; - *) - LD_STATIC_FLAG='' - ;; -esac -AC_SUBST(LD_STATIC_FLAG) - AC_MSG_CHECKING([whether compiler and linker support -Wl,-Bsymbolic]) old_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -Wl,-Bsymbolic" @@ -314,13 +271,9 @@ fi if test "X$RCYNIC_DIR" = "X" then - rcynic_base_dir='/var/rcynic' -else - rcynic_base_dir="${RCYNIC_DIR}" + RCYNIC_DIR='/var/rcynic' fi -RCYNIC_DIR='${DESTDIR}'"${rcynic_base_dir}" - # APACHE_VERSION is another "precious" argument to this script. It # mostly matters on FreeBSD, where most things involving Apache encode # the Apache version number into their filenames. @@ -356,68 +309,15 @@ fi AC_MSG_RESULT([$msg]) -# Figure out whether to run rcynic in a chroot jail, which determines -# a bunch of other settings. - -AC_MSG_CHECKING([whether to build chroot jail for rcynic]) - -case $enable_rcynic_jail in - yes) - use_rcynic_jail=yes - RCYNIC_CONF_FILE='${RCYNIC_DIR}/etc/rcynic.conf' - RCYNIC_TA_DIR='${RCYNIC_DIR}/etc/trust-anchors' - RCYNIC_BIN_RCYNIC='${RCYNIC_DIR}/bin/rcynic' - RCYNIC_CONF_RSYNC='/bin/rsync' - RCYNIC_CONF_DATA='/data' - RCYNIC_CONF_TA_DIR='/etc/trust-anchors' - RCYNIC_CRON_USER='root' - RCYNIC_JAIL_DIRS='${RCYNIC_DIR}/bin ${RCYNIC_DIR}/dev ${RCYNIC_DIR}/etc' - if test "X$host_os" = "Xlinux" - then - RCYNIC_JAIL_DIRS="$RCYNIC_JAIL_DIRS "'${RCYNIC_DIR}/lib ${RCYNIC_DIR}/lib64 ${RCYNIC_DIR}/usr/lib' - fi - ;; - no) - use_rcynic_jail=no - RCYNIC_CONF_FILE='${DESTDIR}${sysconfdir}/rcynic.conf' - RCYNIC_TA_DIR='${DESTDIR}${sysconfdir}/rpki/trust-anchors' - RCYNIC_BIN_RCYNIC='${DESTDIR}${bindir}/rcynic' - RCYNIC_CONF_RSYNC="${RSYNC}" - RCYNIC_CONF_DATA="${rcynic_base_dir}/data" - RCYNIC_CONF_TA_DIR='${sysconfdir}/rpki/trust-anchors' - RCYNIC_CRON_USER='${RPKI_USER}' - RCYNIC_JAIL_DIRS='' - ;; - *) - AC_MSG_ERROR([Unrecognized value for --enable-rcynic-jail: $enable_rcynic_jail]) - ;; -esac - -AC_SUBST(RCYNIC_JAIL_DIRS) -AC_SUBST(RCYNIC_CONF_FILE) -AC_SUBST(RCYNIC_TA_DIR) -AC_SUBST(RCYNIC_BIN_RCYNIC) -AC_SUBST(RCYNIC_CONF_RSYNC) -AC_SUBST(RCYNIC_CONF_DATA) -AC_SUBST(RCYNIC_CONF_TA_DIR) -AC_SUBST(RCYNIC_CRON_USER) - -AC_MSG_RESULT([$use_rcynic_jail]) - # Perhaps there should be a way to set these, but for now just # wire them in here so at least they're consistent in all Makefiles. AC_SUBST(RPKI_USER, [rpki]) AC_SUBST(RPKI_GROUP, [rpki]) -if test $use_rcynic_jail = yes && test "X$LD_STATIC_FLAG" != "X" -then - RCYNIC_STATIC_RSYNC='static-rsync/rsync' -else - RCYNIC_STATIC_RSYNC='' -fi +RCYNIC_CONF_DATA="${RCYNIC_DIR}/data" -AC_SUBST(RCYNIC_STATIC_RSYNC) +AC_SUBST(RCYNIC_CONF_DATA) # Check whether to do "final target installation". This means actions # that can only be done when installing a package, as opposed to when @@ -435,10 +335,8 @@ esac AC_MSG_RESULT([$enable_target_installation]) -# rcynic jail setup is complicated enough that it's simplest to have -# different rule sets for different platforms. Icky, but.... -# rpki-rtr isn't as complicated, but has similar issues, same hack. -# ca isn't as complicated either, but same hack. +# Some bits of post-installation setup are complicated enough that +# it's simplest to have different rule sets for different platforms. case $host_os in darwin*) @@ -486,7 +384,7 @@ AC_MSG_RESULT([$RCYNIC_HTML_DIR]) AC_SUBST(RCYNIC_HTML_DIR) -# Sort out which things to install, depending on rcynic jail status and whether +# Sort out which things to install, depending on whether # we're doing final target installation. # # As things have evolved, this a bit repetitive. Simplify someday, maybe. @@ -496,11 +394,6 @@ RTR_ORIGIN_INSTALL_TARGETS='install-always' CA_INSTALL_TARGETS='install-always' CFG_INSTALL_TARGETS='install-always' -if test $use_rcynic_jail = yes -then - RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-jailed" -fi - if test $enable_target_installation = yes then RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-postconf" @@ -595,7 +488,7 @@ then runtime_ok=no AC_MSG_WARN([rcynic-html requires rrdtool.]) fi - if test $use_rcynic_jail = no && test "X$RSYNC" = "X" + if test "X$RSYNC" = "X" then runtime_ok=no AC_MSG_WARN([The RPKI relying party tools require rsync.]) @@ -823,7 +716,6 @@ then AC_CONFIG_FILES([rp/Makefile rp/config/Makefile rp/rcynic/Makefile - rp/rcynic/static-rsync/Makefile rp/utils/Makefile rp/rpki-rtr/Makefile]) fi diff --git a/rp/rcynic/Makefile.in b/rp/rcynic/Makefile.in index ce19ab81..52c67fde 100644 --- a/rp/rcynic/Makefile.in +++ b/rp/rcynic/Makefile.in @@ -1,17 +1,7 @@ # $Id$ -NAME = rcynic - -BIN = ${NAME} -SRC = ${NAME}.c -OBJ = ${NAME}.o - -GEN = defstack.h - -OBJS = ${OBJ} bio_f_linebreak.o - CFLAGS = @CFLAGS@ -Wall -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror-implicit-function-declaration -LDFLAGS = @LDFLAGS@ @LD_STATIC_FLAG@ +LDFLAGS = @LDFLAGS@ LIBS = @LIBS@ AWK = @AWK@ @@ -40,49 +30,48 @@ abs_top_srcdir = @abs_top_srcdir@ abs_top_builddir = @abs_top_builddir@ srcdir = @srcdir@ -RCYNIC_BIN_RCYNIC = @RCYNIC_BIN_RCYNIC@ +RCYNIC_BIN_RCYNIC = ${DESTDIR}${bindir}/rcynic RCYNIC_CONF_DATA = @RCYNIC_CONF_DATA@ -RCYNIC_CONF_FILE = @RCYNIC_CONF_FILE@ -RCYNIC_CONF_RSYNC = @RCYNIC_CONF_RSYNC@ -RCYNIC_CONF_TA_DIR = @RCYNIC_CONF_TA_DIR@ -RCYNIC_CRON_USER = @RCYNIC_CRON_USER@ -RCYNIC_DATA_DIR = ${RCYNIC_DIR}/data +RCYNIC_CONF_FILE = ${DESTDIR}${sysconfdir}/rcynic.conf +RCYNIC_CONF_RSYNC = @RSYNC@ +RCYNIC_CONF_TA_DIR = ${sysconfdir}/rpki/trust-anchors +RCYNIC_CRON_USER = ${RPKI_USER} +RCYNIC_DATA_DIR = ${DESTDIR}${RCYNIC_DIR}/data RCYNIC_DIR = @RCYNIC_DIR@ -RCYNIC_DIRS = ${RCYNIC_TA_DIR} ${RCYNIC_JAIL_DIRS} ${RCYNIC_DATA_DIR} ${RPKIRTR_DIR} ${RPKIRTR_DIR}/sockets +RCYNIC_DIRS = ${RCYNIC_TA_DIR} ${RCYNIC_DATA_DIR} ${RPKIRTR_DIR} ${RPKIRTR_DIR}/sockets RPKI_GECOS = RPKI System Software RPKI_GROUP = @RPKI_GROUP@ RCYNIC_HTML_DIR = @RCYNIC_HTML_DIR@ RCYNIC_INSTALL_TARGETS = @RCYNIC_INSTALL_TARGETS@ -RCYNIC_JAIL_DIRS = @RCYNIC_JAIL_DIRS@ -RCYNIC_STATIC_RSYNC = @RCYNIC_STATIC_RSYNC@ -RCYNIC_TA_DIR = @RCYNIC_TA_DIR@ +RCYNIC_TA_DIR = ${DESTDIR}${sysconfdir}/rpki/trust-anchors RPKI_USER = @RPKI_USER@ -RPKIRTR_DIR = ${RCYNIC_DIR}/rpki-rtr +RPKIRTR_DIR = ${DESTDIR}${RCYNIC_DIR}/rpki-rtr -all: ${BIN} ${RCYNIC_STATIC_RSYNC} +OBJS = rcynic.o bio_f_linebreak.o + +all: rcynicng clean: - if test -r static-rsync/Makefile; then cd static-rsync; ${MAKE} $@; fi - rm -f ${BIN} ${OBJS} + rm -f rcynic ${OBJS} -${OBJ}: ${SRC} ${GEN} +rcynic.o: rcynic.c defstack.h -${BIN}: ${OBJS} +rcynic: ${OBJS} ${CC} ${CFLAGS} -o $@ ${OBJS} ${LDFLAGS} ${LIBS} -${GEN}: ${SRC} - ${PYTHON} ${abs_top_srcdir}/buildtools/defstack.py ${SRC} >$@.tmp +defstack.h: rcynic.c + ${PYTHON} ${abs_top_srcdir}/buildtools/defstack.py rcynic.c >$@.tmp mv $@.tmp $@ tags: TAGS -TAGS: ${SRC} ${GEN} - etags ${SRC} ${GEN} +TAGS: rcynic.c defstack.h + etags rcynic.c defstack.h -test: ${BIN} +test: rcynic if test -r rcynic.conf; \ then \ - ./${BIN} -j 0 && \ + ./rcynic -j 0 && \ test -r rcynic.xml && \ echo && \ ./rcynic-text rcynic.xml; \ @@ -104,14 +93,11 @@ static-rsync/rsync: install: all ${RCYNIC_INSTALL_TARGETS} install-always: \ - install-directories install-rcynic install-rcynic-conf + install-directories install-rcynic install-tals install-postconf: \ install-user-and-group install-directory-ownership install-crontab -install-jailed: \ - install-static-rsync install-shared-libraries install-rc-scripts - install-directories: ${RCYNIC_DIRS} ${RCYNIC_DIRS} ${DESTDIR}${bindir} ${DESTDIR}${sysconfdir}: @@ -120,15 +106,18 @@ ${RCYNIC_DIRS} ${DESTDIR}${bindir} ${DESTDIR}${sysconfdir}: install-directory-ownership: ${RCYNIC_DATA_DIR} ${RPKIRTR_DIR} ${RPKIRTR_DIR}/sockets chown ${RPKI_USER}:${RPKI_GROUP} ${RCYNIC_DATA_DIR} ${RPKIRTR_DIR} ${RPKIRTR_DIR}/sockets -install-rcynic-conf: ${RCYNIC_CONF_FILE} +install-tals: + ${INSTALL} -v -d ${RCYNIC_TA_DIR} + ${INSTALL} -v -p -m 444 sample-trust-anchors/*.tal ${RCYNIC_TA_DIR} + +# We don't install rcynic.conf anymore. Keep this for now as internal documentation, +# clean up later. ${RCYNIC_CONF_FILE}: @echo - @echo Found no ${RCYNIC_CONF_FILE}, creating basic config and installing default trust anchor locators. + @echo Found no ${RCYNIC_CONF_FILE}, creating basic configuration. @echo You might want to edit this. @echo - ${INSTALL} -v -d ${RCYNIC_TA_DIR} - ${INSTALL} -v -p -m 444 sample-trust-anchors/*.tal ${RCYNIC_TA_DIR} @echo > $@.tmp '# Basic rcynic configuration file with default trust anchors.' @echo >>$@.tmp '# See documentation for details.' @echo >>$@.tmp '' @@ -147,13 +136,8 @@ ${RCYNIC_CONF_FILE}: install-rcynic: ${RCYNIC_BIN_RCYNIC} -${RCYNIC_BIN_RCYNIC}: ${BIN} - ${INSTALL} -p -m 555 ${BIN} $@ - -install-static-rsync: ${RCYNIC_DIR}/bin/rsync - -${RCYNIC_DIR}/bin/rsync: static-rsync/rsync - ${INSTALL} -p -m 555 static-rsync/rsync $@ +${RCYNIC_BIN_RCYNIC}: rcynicng + ${INSTALL} -p -m 555 rcynicng $@ .FORCE: diff --git a/rp/rcynic/rc-scripts/darwin/RCynic b/rp/rcynic/rc-scripts/darwin/RCynic deleted file mode 100755 index d486a3c3..00000000 --- a/rp/rcynic/rc-scripts/darwin/RCynic +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -# -# $Id$ -# -. /etc/rc.common - -name="rcynic" -start_cmd="rcynic_start" -stop_cmd="rcynic_stop" - -: ${rcynic_dir="/var/rcynic"} - -StartService() -{ - /sbin/umount "${rcynic_dir}/dev" 2>/dev/null - - if ! /sbin/mount_devfs devfs "${rcynic_dir}/dev"; then - echo "Mounting devfs on ${rcynic_dir}/dev failed..." - exit 1 - fi - - for i in /etc/localtime /etc/resolv.conf; do - j="${rcynic_dir}${i}" - if /bin/test -r "$i" && ! /usr/bin/cmp -s "$i" "$j"; then - /usr/bin/install -m 444 -o root -g wheel -p "$i" "$j" - fi - done - - /bin/ln -f /var/run/mDNSResponder "${rcynic_dir}/var/run/mDNSResponder" -} - -StopService() -{ - /sbin/umount "${rcynic_dir}/dev" 2>/dev/null -} - -RestartService() -{ - StartService -} - -RunService "$1" diff --git a/rp/rcynic/rc-scripts/darwin/StartupParameters.plist b/rp/rcynic/rc-scripts/darwin/StartupParameters.plist deleted file mode 100644 index ca46b676..00000000 --- a/rp/rcynic/rc-scripts/darwin/StartupParameters.plist +++ /dev/null @@ -1,19 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>Description</key> - <string>RCynic Setup</string> - <key>OrderPreference</key> - <string>None</string> - <key>Provides</key> - <array> - <string>RCynic</string> - </array> - <key>Uses</key> - <array> - <string>Network</string> - <string>Resolver</string> - </array> - </dict> -</plist> diff --git a/rp/rcynic/rc-scripts/freebsd/rc.d.rcynic b/rp/rcynic/rc-scripts/freebsd/rc.d.rcynic deleted file mode 100755 index 9b7aa545..00000000 --- a/rp/rcynic/rc-scripts/freebsd/rc.d.rcynic +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -# -# $Id$ -# -# PROVIDE: rcynic -# REQUIRE: DAEMON -# KEYWORD: nojail - -. /etc/rc.subr - -name="rcynic" -start_cmd="rcynic_start" -stop_cmd="rcynic_stop" - -: ${rcynic_dir="/var/rcynic"} - -rcynic_start() -{ - /sbin/umount "${rcynic_dir}/dev" 2>/dev/null - - if ! /sbin/mount -t devfs dev "${rcynic_dir}/dev"; then - echo "Mounting devfs on ${rcynic_dir}/dev failed..." - exit 1 - fi - - /sbin/devfs -m "${rcynic_dir}/dev" rule apply hide - /sbin/devfs -m "${rcynic_dir}/dev" rule apply path null unhide - /sbin/devfs -m "${rcynic_dir}/dev" rule apply path random unhide - - for i in /etc/localtime /etc/resolv.conf; do - j="${rcynic_dir}${i}" - if /bin/test -r "$i" && ! /usr/bin/cmp -s "$i" "$j"; then - /usr/bin/install -m 444 -o root -g wheel -p "$i" "$j" - fi - done -} - -rcynic_stop() -{ - /sbin/umount "${rcynic_dir}/dev" 2>/dev/null -} - -load_rc_config $name -run_rc_command "$1" diff --git a/rp/rcynic/rcynic-cron b/rp/rcynic/rcynic-cron index fcf38e53..93abb822 100755 --- a/rp/rcynic/rcynic-cron +++ b/rp/rcynic/rcynic-cron @@ -28,28 +28,16 @@ our purposes. In theory this is portable to any Unix-like system. import os import sys -import pwd import fcntl import errno -import argparse import rpki.autoconf def run(*cmd, **kwargs): - chroot_this = kwargs.pop("chroot_this", False) cwd = kwargs.pop("cwd", None) pid = os.fork() if pid == 0: - if chroot_this: - os.chdir(rpki.autoconf.RCYNIC_DIR) - elif cwd is not None: + if cwd is not None: os.chdir(cwd) - if we_are_root: - os.initgroups(pw.pw_name, pw.pw_gid) - if chroot_this: - os.chroot(rpki.autoconf.RCYNIC_DIR) - if we_are_root: - os.setgid(pw.pw_gid) - os.setuid(pw.pw_uid) os.closerange(3, os.sysconf("SC_OPEN_MAX")) os.execvp(cmd[0], cmd) os._exit(1) # pylint: disable=W0212 @@ -64,45 +52,27 @@ def run(*cmd, **kwargs): else: sys.exit("Program %s exited for unknown reason %s" % (" ".join(cmd), status)) -parser = argparse.ArgumentParser(description = __doc__) -parser.add_argument("--chroot", action = "store_true", help = "run chrooted") -args = parser.parse_args() - -we_are_root = os.getuid() == 0 - -if args.chroot and not we_are_root: - sys.exit("Only root can --chroot") - -try: - pw = pwd.getpwnam(rpki.autoconf.RPKI_USER) -except KeyError: - sys.exit("Could not find passwd entry for user %s" % rpki.autoconf.RPKI_USER) - try: - lock = os.open(os.path.join(rpki.autoconf.RCYNIC_DIR, "data/lock"), + lock = os.open(os.path.join(rpki.autoconf.RCYNIC_DIR, "data", "lock"), os.O_RDONLY | os.O_CREAT | os.O_NONBLOCK, 0666) fcntl.flock(lock, fcntl.LOCK_EX | fcntl.LOCK_NB) - if we_are_root: - os.fchown(lock, pw.pw_uid, pw.pw_gid) except (IOError, OSError), e: if e.errno == errno.EAGAIN: sys.exit(0) # Another instance of this script is already running, exit silently else: sys.exit("Error %r opening lock %r" % (e.strerror, os.path.join(rpki.autoconf.RCYNIC_DIR, "data/lock"))) -if args.chroot: - run("/bin/rcynic", "-c", "/etc/rcynic.conf", chroot_this = True) -else: - run(os.path.join(rpki.autoconf.bindir, "rcynic"), "-c", os.path.join(rpki.autoconf.sysconfdir, "rcynic.conf")) +run(os.path.join(rpki.autoconf.bindir, "rcynic")) run(os.path.join(rpki.autoconf.bindir, "rpki-rtr"), "cronjob", - os.path.join(rpki.autoconf.RCYNIC_DIR, "data/authenticated"), cwd = os.path.join(rpki.autoconf.RCYNIC_DIR, "rpki-rtr")) -prog = os.path.join(rpki.autoconf.libexecdir, "rpkigui-rcynic") -if os.path.exists(prog): - run(prog) +# rpkigui-rcynic isn't working with rcynicng yet, sorry. +if False: + prog = os.path.join(rpki.autoconf.libexecdir, "rpkigui-rcynic") + if os.path.exists(prog): + run(prog) if rpki.autoconf.RCYNIC_HTML_DIR and os.path.exists(os.path.dirname(rpki.autoconf.RCYNIC_HTML_DIR)): run(os.path.join(rpki.autoconf.bindir, "rcynic-html"), diff --git a/rp/rcynic/rcynic-dump b/rp/rcynic/rcynic-dump index a217d063..0c7f898f 100755 --- a/rp/rcynic/rcynic-dump +++ b/rp/rcynic/rcynic-dump @@ -35,8 +35,6 @@ parser.add_argument("-c", "--config") parser.add_argument("output_tree", nargs = "?", default = "rcynic-data") args = parser.parse_args() -rpki.config.rpki_conf_envname = "RCYNIC_CONF" -rpki.config.default_filename = os.path.join(rpki.autoconf.sysconfdir, "rcynic.conf") rpki.config.parser(set_filename = args.config, section = "rcynic") import django diff --git a/rp/rcynic/rcynicng b/rp/rcynic/rcynicng index 2f3b4a75..b05bf0ac 100755 --- a/rp/rcynic/rcynicng +++ b/rp/rcynic/rcynicng @@ -1387,11 +1387,12 @@ def main(): cfg, parser = rpki.config.argparser(section = "rcynic", doc = __doc__, cfg_optional = True) - parser.add_argument("--authenticated", default = "rcynic-data/authenticated") - parser.add_argument("--unauthenticated", default = "rcynic-data/unauthenticated") - parser.add_argument("--xml-file", default = "rcynicng.xml", type = argparse.FileType("w")) + parser.add_argument("--unauthenticated", default = os.path.join(rpki.autoconf.RCYNIC_DIR, "data", "unauthenticated")) - parser.add_argument("--tals", default = "sample-trust-anchors") + parser.add_argument("--xml-file", default = os.path.join(rpki.autoconf.RCYNIC_DIR, "data", "rcynic.xml"), + type = argparse.FileType("w")) + + parser.add_argument("--tals", default = os.path.join(rpki.autoconf.sysconfdir, "rpki", "trust-anchors")) parser.add_argument("--workers", default = 10, type = posint) diff --git a/rp/rcynic/rules.darwin.mk b/rp/rcynic/rules.darwin.mk index b5979979..f1eed3ce 100644 --- a/rp/rcynic/rules.darwin.mk +++ b/rp/rcynic/rules.darwin.mk @@ -36,37 +36,3 @@ install-user-and-group: .FORCE echo "Please create it, then try again."; \ exit 1; \ fi - -install-shared-libraries: .FORCE - @echo "Copying required shared libraries" - @shared_libraries="${RCYNIC_DIR}/bin/rcynic ${RCYNIC_DIR}/bin/rsync"; \ - while true; \ - do \ - closure="$$(/usr/bin/otool -L $${shared_libraries} | /usr/bin/awk '/:$$/ {next} {print $$1}' | /usr/bin/sort -u)"; \ - if test "x$$shared_libraries" = "x$$closure"; - then \ - break; \ - else \ - shared_libraries="$$closure"; \ - fi; \ - done; \ - for shared in /usr/lib/dyld $$shared_libraries; \ - do \ - if /bin/test -r "${RCYNIC_DIR}/$${shared}"; \ - then \ - echo "You already have a \"${RCYNIC_DIR}/$${shared}\", so I will use it"; \ - elif /usr/bin/install -m 555 -o root -g wheel -p "$${shared}" "${RCYNIC_DIR}/$${shared}"; \ - then \ - echo "Copied $${shared} into ${RCYNIC_DIR}"; \ - else \ - echo "Unable to copy $${shared} into ${RCYNIC_DIR}"; \ - exit 1; \ - fi; \ - done - -install-rc-scripts: - ${INSTALL} -o root -g wheel -d ${DESTDIR}/Library/StartupItems/RCynic - ${INSTALL} -o root -g wheel -m 555 \ - rc-scripts/darwin/RCynic \ - rc-scripts/darwin/StartupParameters.plist \ - ${DESTDIR}/Library/Startup/RCynic diff --git a/rp/rcynic/rules.freebsd.mk b/rp/rcynic/rules.freebsd.mk index 880ce3f4..0f022a2e 100644 --- a/rp/rcynic/rules.freebsd.mk +++ b/rp/rcynic/rules.freebsd.mk @@ -23,11 +23,3 @@ install-user-and-group: .FORCE echo "Please create it, then try again."; \ exit 1; \ fi - -# We use static compilation on FreeBSD, so no need for shared libraries - -install-shared-libraries: - @true - -install-rc-scripts: - ${INSTALL} -m 555 -o root -g wheel -p rc-scripts/freebsd/rc.d.rcynic ${DESTDIR}/usr/local/etc/rc.d/rcynic diff --git a/rp/rcynic/rules.linux.mk b/rp/rcynic/rules.linux.mk index 016b0582..c116f75c 100644 --- a/rp/rcynic/rules.linux.mk +++ b/rp/rcynic/rules.linux.mk @@ -17,7 +17,7 @@ install-user-and-group: .FORCE if getent passwd ${RPKI_USER} >/dev/null; \ then \ echo "You already have a user \"${RPKI_USER}\", so I will use it."; \ - elif /usr/sbin/useradd -g ${RPKI_GROUP} -M $$nogroup -d "${RCYNIC_DIR}" -s /sbin/nologin -c "${RPKI_GECOS}" ${RPKI_USER}; \ + elif /usr/sbin/useradd -g ${RPKI_GROUP} -M $$nogroup -d "${DESTDIR}${RCYNIC_DIR}" -s /sbin/nologin -c "${RPKI_GECOS}" ${RPKI_USER}; \ then \ echo "Added user \"${RPKI_USER}\"."; \ else \ @@ -25,49 +25,3 @@ install-user-and-group: .FORCE echo "Please create it, then try again."; \ exit 1; \ fi - -# This all looks like a relic of the days when we still tried to support rcynic running in a chroot jail, which -# never really worked properly except on FreeBSD, and has since been overtaken by many other events. Do we -# still need this, even assuming anybody uses this installation instead of Debian packaging? -# -# Cleanup left for another day, but this looks pretty iffy. - -install-shared-libraries: .FORCE - @echo "Copying required shared libraries" - @if test -d /lib64; then libdir=/lib64; else libdir=/lib; fi; \ - shared_libraries="${RCYNIC_DIR}/bin/rcynic ${RCYNIC_DIR}/bin/rsync $$(/usr/bin/find $${libdir} -name 'libnss*.so*' -print)"; \ - while true; \ - do \ - closure="$$(/usr/bin/ldd $${shared_libraries} | \ - ${AWK} ' \ - { sub(/:$/, "") } \ - $$0 == "${RCYNIC_DIR}/bin/rcynic" { next } \ - $$0 == "${RCYNIC_DIR}/bin/rsync" { next } \ - $$1 ~ /\/ld-linux\.so/ { next } \ - { for (i = 1; i <= NF; i++) if ($$i ~ /^\//) print $$i } \ - ' | \ - ${SORT} -u)"; \ - if test "X$$shared_libraries" = "X$$closure"; \ - then \ - break; \ - else \ - shared_libraries="$$closure"; \ - fi; \ - done; \ - if test -f $${libdir}/libresolv.so.2; \ - then \ - shared_libraries="$${shared_libraries} $${libdir}/libresolv.so.2"; - fi; \ - for shared in $${libdir}/*ld*.so* $$shared_libraries; \ - do \ - if test ! -r "${RCYNIC_DIR}/$${shared}"; \ - then \ - ${INSTALL} -m 555 -d `dirname "${RCYNIC_DIR}$${shared}"` && \ - ${INSTALL} -m 555 -p "$${shared}" "${RCYNIC_DIR}$${shared}"; \ - fi; \ - done - -# No devfs, so no rc script - -install-rc-scripts: - @true diff --git a/rp/rcynic/rules.unknown.mk b/rp/rcynic/rules.unknown.mk index 6ce3ea18..03cbd858 100644 --- a/rp/rcynic/rules.unknown.mk +++ b/rp/rcynic/rules.unknown.mk @@ -1,4 +1,4 @@ # $Id$ -install-user-and-group install-shared-libraries install-rc-scripts: .FORCE +install-user-and-group: .FORCE @echo "Don't know how to make $@ on this platform"; exit 1 diff --git a/rp/rcynic/static-rsync/Makefile.in b/rp/rcynic/static-rsync/Makefile.in deleted file mode 100644 index 8a433c7b..00000000 --- a/rp/rcynic/static-rsync/Makefile.in +++ /dev/null @@ -1,44 +0,0 @@ -# $Id$ - -VERSION = 2.6.9 - -CFG_ENV = CFLAGS='@CFLAGS@' LDFLAGS='@LDFLAGS@ @LD_STATIC_FLAG@' -CFG_ARG = - -TARBALL = rsync-${VERSION}.tar.gz -DIRNAME = rsync-${VERSION} - -CFG_LOG = > ../config.log 2>&1 -BIN_LOG = > ../build.log 2>&1 - -BIN = rsync - -abs_top_srcdir = @abs_top_srcdir@ -abs_top_builddir = @abs_top_builddir@ - -all: ${BIN} - -${BIN}: ${DIRNAME}/${BIN} - ln ${DIRNAME}/${BIN} $@ - file $@ - -${DIRNAME}/${BIN}: configured.stamp - cd ${DIRNAME} && ${MAKE} ${BIN_LOG} - -extracted.stamp: ${TARBALL} - gzip -c -d ${TARBALL} | tar -xf - - touch $@ - -patched.stamp: extracted.stamp - for i in patches/patch-*; do if test -f "$$i"; then patch -d ${DIRNAME} <"$$i"; else :; fi; done - touch $@ - -configured.stamp: patched.stamp - cd ${DIRNAME} && ${CFG_ENV} ./configure ${CFG_ARG} ${CFG_LOG} - touch $@ - -clean: - rm -rf ${BIN} ${DIRNAME} *.stamp *.log - -distclean: clean - rm -f Makefile diff --git a/rp/rcynic/static-rsync/README b/rp/rcynic/static-rsync/README deleted file mode 100644 index 9ff5afa8..00000000 --- a/rp/rcynic/static-rsync/README +++ /dev/null @@ -1,15 +0,0 @@ -$Id$ - -Hack to build a static rsync binary suitable for use in a chroot jail. - -The default configuration is for gcc, since that's the most widely -used compiler on the platforms we use. I've provided hooks intended -to make it simple to support other compilers just by overriding make -variables on the command line: if you need to do something more -drastic than this to get your compiler working, please tell me. - -If your platform doesn't support static binaries at all, you're on -your own (and should whine at your OS vendor, as this is nuts). - -We try to stick with rsync release code, but apply security patches -when necessary. diff --git a/rp/rcynic/static-rsync/patches/patch-CVE-2007-4091 b/rp/rcynic/static-rsync/patches/patch-CVE-2007-4091 deleted file mode 100644 index 201af96a..00000000 --- a/rp/rcynic/static-rsync/patches/patch-CVE-2007-4091 +++ /dev/null @@ -1,60 +0,0 @@ ---- sender.c 2006-09-20 03:53:32.000000000 +0200 -+++ sender.c 2007-07-25 15:33:05.000000000 +0200 -@@ -123,6 +123,7 @@ - char fname[MAXPATHLEN]; - struct file_struct *file; - unsigned int offset; -+ size_t l = 0; - - if (ndx < 0 || ndx >= the_file_list->count) - return; -@@ -133,6 +134,20 @@ - file->dir.root, "/", NULL); - } else - offset = 0; -+ -+ l = offset + 1; -+ if (file) { -+ if (file->dirname) -+ l += strlen(file->dirname); -+ if (file->basename) -+ l += strlen(file->basename); -+ } -+ -+ if (l >= sizeof(fname)) { -+ rprintf(FERROR, "Overlong pathname\n"); -+ exit_cleanup(RERR_FILESELECT); -+ } -+ - f_name(file, fname + offset); - if (remove_source_files) { - if (do_unlink(fname) == 0) { -@@ -224,6 +239,7 @@ - enum logcode log_code = log_before_transfer ? FLOG : FINFO; - int f_xfer = write_batch < 0 ? batch_fd : f_out; - int i, j; -+ size_t l = 0; - - if (verbose > 2) - rprintf(FINFO, "send_files starting\n"); -@@ -259,6 +275,20 @@ - fname[offset++] = '/'; - } else - offset = 0; -+ -+ l = offset + 1; -+ if (file) { -+ if (file->dirname) -+ l += strlen(file->dirname); -+ if (file->basename) -+ l += strlen(file->basename); -+ } -+ -+ if (l >= sizeof(fname)) { -+ rprintf(FERROR, "Overlong pathname\n"); -+ exit_cleanup(RERR_FILESELECT); -+ } -+ - fname2 = f_name(file, fname + offset); - - if (verbose > 2) diff --git a/rp/rcynic/static-rsync/rsync-2.6.9.tar.gz b/rp/rcynic/static-rsync/rsync-2.6.9.tar.gz Binary files differdeleted file mode 100644 index 6377f639..00000000 --- a/rp/rcynic/static-rsync/rsync-2.6.9.tar.gz +++ /dev/null diff --git a/rpki/gui/cacheview/util.py b/rpki/gui/cacheview/util.py index e843b7cd..3ff2094c 100644 --- a/rpki/gui/cacheview/util.py +++ b/rpki/gui/cacheview/util.py @@ -424,7 +424,7 @@ def import_rcynic_xml(root=default_root, logfile=default_logfile): start = time.time() process_labels(logfile) - object_accepted = LABEL_CACHE['object_accepted'] + object_accepted = LABEL_CACHE['OBJECT_ACCEPTED'] fetch_published_objects() process_cache(root, logfile) notify_invalid() |