author: Hiroki Sato <hrs@FreeBSD.org> 2013-07-31 13:59:04 +0000
committer: Hiroki Sato <hrs@FreeBSD.org> 2013-07-31 13:59:04 +0000
commit: 1ad6282266f7bd69d990f4f297910158f521a3ee (patch)
tree: 900f03c94909591a4305c4c88b245eaf5492effe /security/trousers
parent: b19d5a14b51a33df85e6dfcdd30ba860eb93572a (diff)
download: ports-1ad6282266f7bd69d990f4f297910158f521a3ee.tar.gz
ports-1ad6282266f7bd69d990f4f297910158f521a3ee.zip
8 files changed, 107 insertions, 182 deletions
diff --git a/security/trousers/Makefile b/security/trousers/Makefile
index db5c769abdf5..914177082ceb 100644
--- a/security/trousers/Makefile
+++ b/security/trousers/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	trousers
 PORTVERSION=	0.3.10
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTVERSION}
 
@@ -15,7 +16,6 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 LICENSE_PERMS=	dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
 
 USES=	gmake iconv pkgconfig
-USE_GCC=	any
 USE_OPENSSL=	YES
 USE_LDCONFIG=	YES
 USE_AUTOTOOLS=	autoconf automake libtool
@@ -25,14 +25,12 @@ GNU_CONFIGURE=	YES
 CONFIGURE_ARGS=	--with-gui=none --enable-static \
 		--localstatedir=${PREFIX}/var \
 		--with-tssuser=${USERS} --with-tssgroup=${GROUPS}
-MAKE_JOBS_SAFE=	YES
 SUB_FILES=	pkg-message
 SUB_LIST=	USERS=${USERS} GROUPS=${GROUPS}
 USERS=		_tss
 GROUPS=		_tss
-PORTEXAMPLES=	tcsd.conf
 
-OPTIONS_DEFINE=	EMULATOR EXAMPLES DEBUG
+OPTIONS_DEFINE=	EMULATOR DEBUG
 EMULATOR_DESC=	Build for use with the tpm-emulator
 
 .include "Makefile.man"
@@ -62,29 +60,12 @@ run-autotools:	run-autotools-autoreconf
 run-autotools-autoreconf:
 	@cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOTOOLS_ENV} ${AUTORECONF} -i
 
-.if ${PORT_OPTIONS:MEXAMPLES}
-post-install: install-examples
-.endif
-
-install-examples:
-	@${MKDIR} ${EXAMPLESDIR}
-	${INSTALL_DATA} -o ${USERS} -g ${GROUPS} -m 0600 \
-		${WRKSRC}/dist/tcsd.conf ${EXAMPLESDIR}/tcsd.conf
-
 post-install:
+	${INSTALL_DATA} -o ${USERS} -g ${GROUPS} -m 0600 \
+		${WRKSRC}/dist/tcsd.conf ${PREFIX}/etc/tcsd.conf.dist
 	@[ -f ${PREFIX}/etc/tcsd.conf ] || \
-		${INSTALL_DATA} ${EXAMPLESDIR}/tcsd.conf ${PREFIX}/etc/tcsd.conf
-	@${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 /var/run/tpm
-	@${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 /var/run/ima
-	@${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 ${PREFIX}/var/lib/tpm
+		${INSTALL_DATA} -o ${USERS} -g ${GROUPS} -m 0600 \
+		${WRKSRC}/dist/tcsd.conf ${PREFIX}/etc/tcsd.conf
 	@${CAT} ${PKGMESSAGE}
 
-add-plist-post:
-	@(${ECHO_CMD} "@cwd /"; \
-	 ${ECHO_CMD} "@unexec ${RMDIR} var/run/tpm 2>/dev/null || true"; \
-	 ${ECHO_CMD} "@exec ${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 var/run/tpm"; \
-	 ${ECHO_CMD} "@unexec ${RMDIR} var/run/ima 2>/dev/null || true"; \
-	 ${ECHO_CMD} "@exec ${INSTALL} -d -o ${USERS} -g ${GROUPS} -m 0700 var/run/ima"; \
-	 ) >> ${TMPPLIST}
-
 .include <bsd.port.mk>
diff --git a/security/trousers/files/extra-patch-src-tcs-Makefile.am b/security/trousers/files/extra-patch-src-tcs-Makefile.am
new file mode 100644
index 000000000000..33a4ede949ec
--- /dev/null
+++ b/security/trousers/files/extra-patch-src-tcs-Makefile.am
@@ -0,0 +1,11 @@
+--- src/tcs/Makefile.am.orig	2013-07-27 04:22:06.000000000 +0900
++++ src/tcs/Makefile.am	2013-07-27 04:22:21.000000000 +0900
+@@ -1,7 +1,7 @@
+ noinst_LIBRARIES=libtcs.a
+ 
+ CFLAGS+=-I${top_srcdir}/src/include
+-libtcs_a_LIBADD=${top_builddir}/src/tddl/libtddl.a
++libtcs_a_LIBADD=${LOCALBASE}/lib/libtddl.a
+ libtcs_a_CFLAGS=-DAPPID=\"TCSD\ TCS\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -fPIE -DPIE
+ 
+ libtcs_a_SOURCES=log.c \
diff --git a/security/trousers/files/extra-patch-src-tcsd-Makefile.am b/security/trousers/files/extra-patch-src-tcsd-Makefile.am
new file mode 100644
index 000000000000..c8b73b26b908
--- /dev/null
+++ b/security/trousers/files/extra-patch-src-tcsd-Makefile.am
@@ -0,0 +1,11 @@
+--- src/tcsd/Makefile.am.orig	2013-07-27 04:22:53.000000000 +0900
++++ src/tcsd/Makefile.am	2013-07-27 04:24:06.000000000 +0900
+@@ -1,7 +1,7 @@
+ sbin_PROGRAMS=tcsd
+ 
+ tcsd_CFLAGS=-DAPPID=\"TCSD\" -DVAR_PREFIX=\"@localstatedir@\" -DETC_PREFIX=\"@sysconfdir@\" -I${top_srcdir}/src/include -fPIE -DPIE
+-tcsd_LDADD=${top_builddir}/src/tcs/libtcs.a ${top_builddir}/src/tddl/libtddl.a -lpthread @CRYPTOLIB@
++tcsd_LDADD=${LOCALBASE}/lib/libtcs.a ${LOCALBASE}/lib/libtddl.a ${PTHREAD_LIB} @CRYPTOLIB@
+ tcsd_LDFLAGS=-pie -Wl,-z,relro -Wl,-z,now
+ 
+ tcsd_SOURCES=svrside.c tcsd_conf.c tcsd_threads.c platform.c
diff --git a/security/trousers/files/extra-patch-src-tddl-Makefile.am b/security/trousers/files/extra-patch-src-tddl-Makefile.am
new file mode 100644
index 000000000000..247420c4bf22
--- /dev/null
+++ b/security/trousers/files/extra-patch-src-tddl-Makefile.am
@@ -0,0 +1,8 @@
+--- src/tddl/Makefile.am.orig	2013-07-27 04:24:29.000000000 +0900
++++ src/tddl/Makefile.am	2013-07-27 04:24:42.000000000 +0900
+@@ -1,4 +1,4 @@
+-lib_LIBRARIES=libtddl.a
++lib_LIBRARIES=
+ 
+ libtddl_a_SOURCES=tddl.c
+ libtddl_a_CFLAGS=-DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include -fPIE -DPIE
diff --git a/security/trousers/files/patch-src-tcs-ps-ps_utils.c b/security/trousers/files/patch-src-tcs-ps-ps_utils.c
index 50dacf86d1e1..fddc2d3e04f8 100644
--- a/security/trousers/files/patch-src-tcs-ps-ps_utils.c
+++ b/security/trousers/files/patch-src-tcs-ps-ps_utils.c
@@ -1,5 +1,5 @@
---- src/tcs/ps/ps_utils.c.orig	2010-07-01 00:15:00.000000000 +0900
-+++ src/tcs/ps/ps_utils.c	2010-10-24 21:04:04.832556427 +0900
+--- src/tcs/ps/ps_utils.c.orig	2012-09-20 02:24:48.000000000 +0900
++++ src/tcs/ps/ps_utils.c	2013-07-31 22:18:59.000000000 +0900
 @@ -16,10 +16,18 @@
  #if defined(HAVE_BYTEORDER_H)
  #include <sys/byteorder.h>
@@ -19,28 +19,27 @@
  #else
  #define LE_16(x) (x)
  #define LE_32(x) (x)
-@@ -39,6 +47,24 @@
- #include "tcs_utils.h"
- #include "tcslog.h"
- 
-+#ifndef LE_16
-+static UINT16 htole16(UINT16 x)
-+{
-+    BYTE *b = &x;
-+    return (UINT16) (b[0] + (b[1] << 8));
-+}
-+#define LE_16 htole16
-+#endif
-+
-+#ifndef LE_32
-+static UINT32 htole32(UINT32 x)
-+{
-+    BYTE *b = &x;
-+    return (UINT32) (b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24));
-+}
-+#define LE_32 htole32
-+#endif
-+
+@@ -42,11 +50,7 @@
  struct key_disk_cache *key_disk_cache_head = NULL;
  
  
+-#ifdef SOLARIS
+ TSS_RESULT
+-#else
+-inline TSS_RESULT
+-#endif
+ read_data(int fd, void *data, UINT32 size)
+ {
+ 	int rc;
+@@ -64,11 +68,7 @@
+ }
+ 
+ 
+-#ifdef SOLARIS
+ TSS_RESULT
+-#else
+-inline TSS_RESULT
+-#endif
+ write_data(int fd, void *data, UINT32 size)
+ {
+ 	int rc;
diff --git a/security/trousers/files/patch-src-tcsd-svrside.c b/security/trousers/files/patch-src-tcsd-svrside.c
index bc06646ec1a9..17a5925d5839 100644
--- a/security/trousers/files/patch-src-tcsd-svrside.c
+++ b/security/trousers/files/patch-src-tcsd-svrside.c
@@ -1,37 +1,17 @@
 --- src/tcsd/svrside.c.orig	2012-09-25 23:23:01.000000000 +0900
-+++ src/tcsd/svrside.c	2013-07-27 04:04:45.000000000 +0900
-@@ -20,7 +20,6 @@
- #include <sys/stat.h>
- #include <sys/socket.h>
- #include <netdb.h>
--#include <pwd.h>
- #if (defined (__OpenBSD__) || defined (__FreeBSD__))
- #include <netinet/in.h>
- #endif
-@@ -72,6 +71,32 @@
++++ src/tcsd/svrside.c	2013-07-31 22:12:08.000000000 +0900
+@@ -66,12 +66,19 @@
+ 	close(sd);
+ }
+ 
+-void
++static void
+ tcsd_signal_hup(int signal)
+ {
  	hup = 1;
  }
  
-+void
-+tcsd_signal_int(int signal)
-+{
-+	switch (signal) {
-+	case SIGINT:
-+		LogInfo("Caught SIGINT. Cleaning up and exiting.");
-+		break;
-+	case SIGHUP:
-+		LogInfo("Caught SIGHUP. Cleaning up and exiting.");
-+		break;
-+	default:
-+		LogError("Caught signal %d (which I didn't register for!)."
-+		    " Ignoring.", signal);
-+		break;
-+	}
-+	tcsd_shutdown();
-+	exit(signal);
-+}
-+
-+void
++static void
 +tcsd_signal_chld(int signal)
 +{
 +
@@ -41,7 +21,7 @@
  static TSS_RESULT
  signals_init(void)
  {
-@@ -80,6 +105,14 @@
+@@ -80,6 +87,14 @@
  	struct sigaction sa;
  
  	sigemptyset(&sigmask);
@@ -56,31 +36,23 @@
  	if ((rc = sigaddset(&sigmask, SIGTERM))) {
  		LogError("sigaddset: %s", strerror(errno));
  		return TCSERR(TSS_E_INTERNAL_ERROR);
-@@ -94,25 +127,30 @@
+@@ -102,12 +117,24 @@
  		return TCSERR(TSS_E_INTERNAL_ERROR);
  	}
  
--	sa.sa_flags = 0;
--	sigemptyset(&sa.sa_mask);
--	sa.sa_handler = tcsd_signal_term;
--	if ((rc = sigaction(SIGTERM, &sa, NULL))) {
--		LogError("signal SIGTERM not registered: %s", strerror(errno));
-+	tcsd_sa_int.sa_handler = tcsd_signal_int;
-+	tcsd_sa_chld.sa_handler = tcsd_signal_chld;
-+	tcsd_sa_chld.sa_flags = SA_RESTART;
-+
-+	if ((rc = sigaction(SIGINT, &tcsd_sa_int, NULL))) {
++	if ((rc = sigaction(SIGINT, &sa, NULL))) {
 +		LogError("signal SIGINT not registered: %s", strerror(errno));
- 		return TCSERR(TSS_E_INTERNAL_ERROR);
- 	}
- 
--	sa.sa_handler = tcsd_signal_hup;	
--	if ((rc = sigaction(SIGHUP, &sa, NULL))) {
-+	if ((rc = sigaction(SIGHUP, &tcsd_sa_int, NULL))) {
++		return TCSERR(TSS_E_INTERNAL_ERROR);
++	}
++
+ 	sa.sa_handler = tcsd_signal_hup;	
+ 	if ((rc = sigaction(SIGHUP, &sa, NULL))) {
  		LogError("signal SIGHUP not registered: %s", strerror(errno));
  		return TCSERR(TSS_E_INTERNAL_ERROR);
  	}
  
++	sa.sa_flags = SA_RESTART;
++	sa.sa_handler = tcsd_signal_chld;
 +	if ((rc = sigaction(SIGCHLD, &tcsd_sa_chld, NULL))) {
 +		LogError("signal SIGCHLD not registered: %s", strerror(errno));
 +		return TCSERR(TSS_E_INTERNAL_ERROR);
@@ -89,53 +61,22 @@
  	return TSS_SUCCESS;
  }
  
--static TSS_RESULT
--tcsd_startup(void)
-+TSS_RESULT
-+tcsd_startup()
- {
- 	TSS_RESULT result;
- 
-@@ -186,7 +224,6 @@
- 	return TSS_SUCCESS;
- }
- 
--
- void
- usage(void)
- {
-@@ -199,19 +236,6 @@
- 	fprintf(stderr, "\n");
- }
- 
--static TSS_RESULT
--reload_config(void)
--{
--	TSS_RESULT result;
--	hup = 0;
--
--	// FIXME: reload the config - work in progress
--	result = TSS_SUCCESS;
--
--	return result;
--}
--
--
- int
- main(int argc, char **argv)
- {
-@@ -220,7 +244,6 @@
- 	int newsd, c, option_index = 0;
- 	unsigned client_len;
- 	char *hostname = NULL;
--	struct passwd *pwd;
- 	struct hostent *client_hostent = NULL;
- 	struct option long_options[] = {
- 		{"help", 0, NULL, 'h'},
-@@ -256,6 +279,14 @@
+@@ -256,6 +283,26 @@
  	if ((result = tcsd_startup()))
  		return (int)result;
  
++	pwd = getpwnam(TSS_USER_NAME);
++	if (pwd == NULL) {
++		if (errno == 0) {
++			LogError("User \"%s\" not found, please add this user"
++					" manually.", TSS_USER_NAME);
++		} else {
++			LogError("getpwnam(%s): %s", TSS_USER_NAME, strerror(errno));
++		}
++		return TCSERR(TSS_E_INTERNAL_ERROR);
++	}
++	setuid(pwd->pw_uid);
++
 +	if (getenv("TCSD_FOREGROUND") == NULL) {
 +		if (daemon(0, 0) == -1) {
 +			perror("daemon");
@@ -147,7 +88,7 @@
  	sd = socket(AF_INET, SOCK_STREAM, 0);
  	if (sd < 0) {
  		LogError("Failed socket: %s", strerror(errno));
-@@ -279,51 +310,20 @@
+@@ -279,33 +326,12 @@
  		LogError("Failed bind: %s", strerror(errno));
  		return -1;
  	}
@@ -181,41 +122,3 @@
  	LogInfo("%s: TCSD up and running.", PACKAGE_STRING);
  	do {
  		newsd = accept(sd, (struct sockaddr *) &client_addr, &client_len);
-+		LogDebug("accepted socket %i", newsd);
- 		if (newsd < 0) {
--			if (errno == EINTR) {
--				if (term)
--					break;
--				else if (hup) {
--					if (reload_config() != TSS_SUCCESS)
--						LogError("Failed reloading config");
--				}
--				continue;
--			} else {
--				LogError("Failed accept: %s", strerror(errno));
--				continue;
--			}
-+			LogError("Failed accept: %s", strerror(errno));
-+			break;
- 		}
--		LogDebug("accepted socket %i", newsd);
- 
- 		if ((client_hostent = gethostbyaddr((char *) &client_addr.sin_addr,
- 						    sizeof(client_addr.sin_addr),
-@@ -343,13 +343,9 @@
- 
- 		tcsd_thread_create(newsd, hostname);
- 		hostname = NULL;
--		if (hup) {
--			if (reload_config() != TSS_SUCCESS)
--				LogError("Failed reloading config");
--		}
--	} while (term ==0);
-+	} while (1);
- 
--	/* To close correctly, we must receive a SIGTERM */
--	tcsd_shutdown();
-+	/* To close correctly, we must recieve a SIGHUP */
-+	return -1;
- 	return 0;
- }
diff --git a/security/trousers/files/tcsd.in b/security/trousers/files/tcsd.in
index f9c3773da85b..d4cb80403fbb 100644
--- a/security/trousers/files/tcsd.in
+++ b/security/trousers/files/tcsd.in
@@ -18,8 +18,19 @@
 name=tcsd
 rcvar=tcsd_enable
 command="%%PREFIX%%/sbin/${name}"
+start_precmd="tcsd_precmd"
 required_files="%%PREFIX%%/etc/${name}.conf"
 
+tcsd_precmd()
+{
+	/usr/bin/install -d -m 0700 -o %%USERS%% -g %%GROUPS%% \
+		/var/run/tpm /var/run/ima %%PREFIX%%/var/lib/tpm
+	/usr/sbin/chown %%USERS%%:%%GROUPS%% \
+		%%PREFIX%%/etc/tcsd.conf
+	/bin/chmod 0600 \
+		%%PREFIX%%/etc/tcsd.conf
+}
+
 load_rc_config $name
 
 : tcsd_enable=${tcsd_enable-"NO"}
diff --git a/security/trousers/pkg-plist b/security/trousers/pkg-plist
index f9ace92b3b2f..24f4bec84695 100644
--- a/security/trousers/pkg-plist
+++ b/security/trousers/pkg-plist
@@ -1,6 +1,4 @@
 @comment $FreeBSD$
-@unexec cmp -s %D/etc/tcsd.conf %D/%%EXAMPLESDIR%%/tcsd.conf && rm -f %D/etc/tcsd.conf || true
-@exec [ -f %D/etc/tcsd.conf ] || cp -p %B/%f %D/etc/tcsd.conf
 include/trousers/trousers.h
 include/trousers/tss.h
 include/tss/compat11b.h
@@ -32,6 +30,9 @@ lib/libtspi.la
 lib/libtspi.so
 lib/libtspi.so.3
 sbin/tcsd
+@unexec cmp -s %D/etc/tcsd.conf %D/etc/tcsd.conf.dist && rm -f %D/etc/tcsd.conf || true
+etc/tcsd.conf.dist
+@exec [ -f %D/etc/tcsd.conf ] || cp -p %D/etc/tcsd.conf.dist %D/etc/tcsd.conf
 @dirrmtry var/lib/tpm
 @dirrmtry var/lib
 @dirrmtry var
author	Hiroki Sato <hrs@FreeBSD.org>	2013-07-31 13:59:04 +0000
committer	Hiroki Sato <hrs@FreeBSD.org>	2013-07-31 13:59:04 +0000
commit	1ad6282266f7bd69d990f4f297910158f521a3ee (patch)
tree	900f03c94909591a4305c4c88b245eaf5492effe /security/trousers
parent	b19d5a14b51a33df85e6dfcdd30ba860eb93572a (diff)
download	ports-1ad6282266f7bd69d990f4f297910158f521a3ee.tar.gz ports-1ad6282266f7bd69d990f4f297910158f521a3ee.zip