[Fedora-directory-commits] ldapserver/ldap/cm/newinst sec_tools_wrapper, NONE, 1.1 Makefile, 1.9, 1.10 ns-update, 1.10, 1.11 setup, 1.14, 1.15

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Thu Feb 23 19:30:49 UTC 2006 

Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2205/ldapserver/ldap/cm/newinst

Modified Files:
	Makefile ns-update setup 
Added Files:
	sec_tools_wrapper 
Log Message:
Bug(s) fixed: 182613
Bug Description: Upgrade wipes out sectool wrappers
Reviewed by: Pete and Nathan (Thanks!)
Fix Description: It's better if we just package those wrappers instead 
of creating them on the fly.  The new file sec_tools_wrappers is a 
simple shell script that assumes it's being run out of a parent/bin 
directory which contains a program called $0-bin, and the shared libs it 
needs are in parent/lib.  This shell script is copied to 
shared/bin/certutil, shared/bin/modutil, etc.  I had to create another 
makefile packaging macro to handle the case where you want to package a 
file under a different name than the original. Also
1) Add Red Hat and Fedora DS to upgradeServer
2) adminutil property directory is now adminutil-properties instead of 
property
3) General clean up of some upgrade install things
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no



--- NEW FILE sec_tools_wrapper ---
#!/bin/sh
#
# BEGIN COPYRIGHT BLOCK
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
# 
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
# 
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception. 
# 
# Copyright (C) 2006 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
# This file is the wrapper around the security tools.  It just sets the
# runtime library lookup path and invokes the actual binary with the given
# arguments.  This file is copied to the actual name of the command e.g.
# we get the binary certutil program from the NSS package.  When we package
# it, we rename it to certutil-bin e.g. cp $(NSS)/certutil shared/bin/certutil-bin
# This file is copied to certutil e.g. cp sec_tools_wrapper shared/bin/certutil

# figure out where the libdir is based on the location of this shell script
savedir=`pwd`
bindir=`dirname $0`
if test -n "$bindir" ; then
    cd $bindir/../lib
else
# could be running as e.g. ./certutil or certutil if current dir is in PATH
    cd ../lib
fi
# assume the libdir is ../lib from the bindir e.g. sroot/shared/bin and sroot/shared/lib
libdir=`pwd`
cd $savedir

# cover our bases on ld libpaths
SHLIB_PATH=$libdir
LIBPATH=$libdir
LD_LIBRARY_PATH=$libdir
DYLD_PATH=$libdir
export SHLIB_PATH LIBPATH LD_LIBRARY_PATH DYLD_PATH

$0-bin ${1+"$@"}


Index: Makefile
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/Makefile,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- Makefile	15 Feb 2006 22:54:02 -0000	1.9
+++ Makefile	23 Feb 2006 19:30:41 -0000	1.10
@@ -95,10 +95,13 @@
 # Source for staged installation utilities
 INCDIR=$(SETUPUTIL_INCLUDE) -I$(LDAP_SRC)/admin/include -I$(LDAP_SRC)/admin/lib -I$(LDAP_SRC)/admin/src
 
+# we wrap the security tools with a shell script wrapper for their ld libpath
+PACKAGE_SEC_T0OLS = $(addprefix $(RELDIR)/shared/bin/,$(SECURITY_TOOLS))
+
 # ADM_VERSDIR = admserv40
 # ADM_RELDATE = 19980112
 
-all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP)  $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall
+all: $(OBJDEST) $(BINDEST) $(SETUPUTIL_DEP) $(LDAPSDK_DEP) $(SECURITY_DEP)  $(NSPR_DEP) $(OSOBJS) $(OBJS1) $(OBJS2) $(BINS) $(INFO) $(BINDEST)/ns-update $(BINDEST)/uninstall $(PACKAGE_SEC_T0OLS)
 # removed ns-keygen from build - it was only used for Dir Lite
 # $(BINDEST)/ns-keygen 
 ifeq ($(ARCH), BSDI)
@@ -170,6 +173,11 @@
 		-o $(BINDEST)/ns-config $(RPATHFLAG_PREFIX)$(RPATHFLAG)$(RPATHFLAG_EXTRAS) $(OBJS1) $(OBJS2) $(SETUPUTILLINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) \
 	       $(EXTRA_LIBS) $(CURSES)
 
+$(RELDIR)/shared/bin/%: sec_tools_wrapper $(RELDIR)/shared/bin
+	-@$(RM) $@
+	$(CP) $< $@
+	chmod +x $@
+
 ifeq ($(ARCH), WINNT)
 $(INFO):
 	$(PERL) fixINF.pl $(BUILD_MODULE) $(NOSP_DIR_VERSION) $(BUILD_ROOT)/$(BUILD_ARCH)/buildnum.dat slapd.inf $(SECURITY) $(PRODUCT) $(IS_DIR_LITE) $(INSTANCE_NAME_PREFIX) $@.inf $(BUILD_BOMB) "bin/admin/ns-admin,bin/admin/ns-admin.so"


Index: ns-update
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/ns-update,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- ns-update	7 Dec 2005 21:29:14 -0000	1.10
+++ ns-update	23 Feb 2006 19:30:41 -0000	1.11
@@ -60,48 +60,6 @@
 	cd $cwd
 }
 
-wrap_security_tools()
-{
-	cwd=`pwd`
-	SECURITY_BINNAMES="certutil derdump modutil pk12util pp ssltap shlibsign"
-	arch=`uname`
-	if [ $arch = HP-UX ]; then
-		env_ld_library_path=SHLIB_PATH
-	elif [ $arch = AIX ]; then
-		env_ld_library_path=LIBPATH
-	else
-		env_ld_library_path=LD_LIBRARY_PATH
-	fi
-	cd $sroot/shared/bin
-	for file in $SECURITY_BINNAMES
-	do
-		if [ -f $file -a ! -f $file-bin ]; then
-			mv $file $file-bin
-			echo "#!/bin/sh" > $file
-			echo $env_ld_library_path=$sroot/shared/lib >> $file
-			echo "export $env_ld_library_path" >> $file
-			echo "$sroot/shared/bin/$file-bin " '${1+"$@"}' >> $file
-			chmod 755 $file
-		fi
-	done
-
-	if [ -d $sroot/shared32/bin ] ; then
-		cd $sroot/shared32/bin
-		for file in modutil
-		do
-			if [ -f $file -a ! -f $file-bin ]; then
-				mv $file $file-bin
-				echo "#!/bin/sh" > $file
-				echo $env_ld_library_path=$sroot/shared32/lib >> $file
-				echo "export $env_ld_library_path" >> $file
-				echo "$sroot/shared32/bin/$file-bin " '${1+"$@"}' >> $file
-				chmod 755 $file
-			fi
-		done
-	fi
-	cd $cwd
-}
-
 # if the -r flag is present, this means we're doing a
 # reinstall or an upgrade, so restart the servers
 for arg in $* ; do
@@ -161,8 +119,6 @@
 	$PERL $sroot/bin/slapd/admin/bin/upgradeServer $sroot
 fi
 
-wrap_security_tools $sroot
-
 cd `dirname $0`
 
 # we need to make sure the alias directory is owned by the server user/group
@@ -196,10 +152,6 @@
 ./ds_create $* $extraflags
 rc=$?
 
-if [ -f fix_secmod_db_64 ]; then
-    ./fix_secmod_db_64 $sroot/alias $sroot/shared32/bin
-fi
-
 # chown the cookie directory - bug 175098
 if [ "$ssuser" ] ; then
     if [ "$ssgrp" ] ; then


Index: setup
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- setup	17 Nov 2005 17:38:25 -0000	1.14
+++ setup	23 Feb 2006 19:30:41 -0000	1.15
@@ -289,8 +289,12 @@
 	if [ -d $sroot/admin-serv/config ]; then
 		adminSSLOff $sroot/admin-serv/config/adm.conf security: assecure.txt
 		adminSSLOff $sroot/admin-serv/config/local.conf configuration.nsServerSecurity: assecure.txt
-		adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt
-		adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt
+        if [ -f $sroot/admin-serv/config/magnus.conf ] ; then
+            adminSSLOff $sroot/admin-serv/config/magnus.conf Security assecure.txt
+        fi
+        if [ -f $sroot/admin-serv/config/server.xml ] ; then
+            adminXmlSSLOff $sroot/admin-serv/config/server.xml security assecure.txt
+        fi
 
 		if [ $isadminsslon -ne 0 ]; then
 			$sroot/start-admin

More information about the Fedora-directory-commits mailing list