update to 0.101

disabled Werror, which fixes the build with OpenSSL 3 while still using deprecated functions
Resolves: #1958038

Signed-off-by: Chris Leech <cleech@redhat.com>
This commit is contained in:
Chris Leech 2021-05-18 15:24:13 -07:00
parent a379fce070
commit b4cbf8753d
13 changed files with 83 additions and 478 deletions

1
.gitignore vendored
View File

@ -2,3 +2,4 @@ open-isns-0.93.tar.bz2
/open-isns-0.94.tar.gz /open-isns-0.94.tar.gz
/open-isns-0.97.tar.gz /open-isns-0.97.tar.gz
/open-isns-0.100.tar.gz /open-isns-0.100.tar.gz
/open-isns-0.101.tar.gz

View File

@ -1,34 +0,0 @@
From 85fab42764fb063097ab8f7fb0a843f7320be8c8 Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Tue, 28 Jan 2020 11:49:12 -0800
Subject: [PATCH 1/7] Ignore common build files
---
.gitignore | 5 +++++
include/libisns/.gitignore | 1 +
2 files changed, 6 insertions(+)
create mode 100644 include/libisns/.gitignore
diff --git a/.gitignore b/.gitignore
index 5da7a8b..2a0f55d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,8 @@ isnsd
isnsdd
libisns.a
libisns*.so.?
+Makefile
+config.h
+config.log
+config.status
+autom4te.cache
diff --git a/include/libisns/.gitignore b/include/libisns/.gitignore
new file mode 100644
index 0000000..a3757fd
--- /dev/null
+++ b/include/libisns/.gitignore
@@ -0,0 +1 @@
+paths.h
--
2.18.1

View File

@ -1,188 +0,0 @@
From 0543f1d02ee733d34ee109d00e7d0efd432bb37b Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Tue, 28 Jan 2020 11:49:55 -0800
Subject: [PATCH 2/7] Fix compiler issue when not in security mode
---
client.c | 20 +++++++++++++-------
db-policy.c | 12 +++++++++---
include/libisns/util.h | 1 +
isnsadm.c | 2 +-
security.c | 14 ++++++++------
socket.c | 5 +++--
6 files changed, 35 insertions(+), 19 deletions(-)
diff --git a/client.c b/client.c
index 8487877..fda26be 100644
--- a/client.c
+++ b/client.c
@@ -122,22 +122,17 @@ isns_client_get_local_address(const isns_client_t *clnt,
/*
* Create a security context
*/
+#ifdef WITH_SECURITY
static isns_security_t *
__create_security_context(const char *name, const char *auth_key,
const char *server_key)
{
-#ifdef WITH_SECURITY
isns_security_t *ctx;
isns_principal_t *princ;
-#endif /* WITH_SECURITY */
if (!isns_config.ic_security)
return NULL;
-#ifndef WITH_SECURITY
- isns_error("Cannot create security context: security disabled at build time\n");
- return NULL;
-#else /* WITH_SECURITY */
ctx = isns_create_dsa_context();
if (ctx == NULL)
isns_fatal("Unable to create security context\n");
@@ -174,8 +169,19 @@ __create_security_context(const char *name, const char *auth_key,
}
return ctx;
-#endif /* WITH_SECURITY */
}
+#else /* WITH_SECURITY */
+static isns_security_t *
+__create_security_context(__attribute__((unused))const char *name,
+ __attribute__((unused))const char *auth_key,
+ __attribute__((unused))const char *server_key)
+{
+ if (!isns_config.ic_security)
+ return NULL;
+ isns_error("Cannot create security context: security disabled at build time\n");
+ return NULL;
+}
+#endif /* WITH_SECURITY */
/*
* Create the default security context
diff --git a/db-policy.c b/db-policy.c
index b1c46e2..d4a0cba 100644
--- a/db-policy.c
+++ b/db-policy.c
@@ -52,11 +52,11 @@ __isns_db_keystore_lookup(isns_db_keystore_t *store,
/*
* Load a DSA key from the DB store
*/
+#ifdef WITH_SECURITY
static EVP_PKEY *
__isns_db_keystore_find(isns_keystore_t *store_base,
const char *name, size_t namelen)
{
-#ifdef WITH_SECURITY
isns_db_keystore_t *store = (isns_db_keystore_t *) store_base;
isns_object_t *obj;
const void *key_data;
@@ -71,10 +71,16 @@ __isns_db_keystore_find(isns_keystore_t *store_base,
return NULL;
return isns_dsa_decode_public(key_data, key_size);
-#else
+}
+#else /* WITH_SECURITY */
+static EVP_PKEY *
+__isns_db_keystore_find(__attribute__((unused))isns_keystore_t *store_base,
+ __attribute__((unused))const char *name,
+ __attribute__((unused))size_t namelen)
+{
return NULL;
-#endif
}
+#endif /* WITH_SECURITY */
/*
* Retrieve policy from database
diff --git a/include/libisns/util.h b/include/libisns/util.h
index 4174480..e5ed037 100644
--- a/include/libisns/util.h
+++ b/include/libisns/util.h
@@ -14,6 +14,7 @@
#include <string.h> // for strdup
#include <signal.h>
#include <libisns/types.h>
+#include <stdlib.h>
#define array_num_elements(a) (sizeof(a) / sizeof((a)[0]))
diff --git a/isnsadm.c b/isnsadm.c
index 7a96007..94c705e 100644
--- a/isnsadm.c
+++ b/isnsadm.c
@@ -1162,7 +1162,7 @@ generate_key_callback(void)
}
isns_attr_t *
-load_key_callback(const char *pathname)
+load_key_callback(__attribute__((unused))const char *pathname)
{
isns_fatal("Authentication disabled in this build\n");
return NULL;
diff --git a/security.c b/security.c
index 673a26e..68eb779 100644
--- a/security.c
+++ b/security.c
@@ -408,32 +408,34 @@ isns_security_init(void)
}
isns_keystore_t *
-isns_create_keystore(const char *spec)
+isns_create_keystore(__attribute__((unused))const char *spec)
{
isns_no_security();
return NULL;
}
void
-isns_security_set_keystore(isns_security_t *ctx,
- isns_keystore_t *ks)
+isns_security_set_keystore(__attribute__((unused))isns_security_t *ctx,
+ __attribute__((unused))isns_keystore_t *ks)
{
isns_no_security();
}
void
-isns_principal_free(isns_principal_t *peer)
+isns_principal_free(__attribute__((unused))isns_principal_t *peer)
{
}
isns_principal_t *
-isns_get_principal(isns_security_t *ctx, const char *spi, size_t spi_len)
+isns_get_principal(__attribute__((unused))isns_security_t *ctx,
+ __attribute__((unused))const char *spi,
+ __attribute__((unused))size_t spi_len)
{
return NULL;
}
const char *
-isns_principal_name(const isns_principal_t *princ)
+isns_principal_name(__attribute__((unused))const isns_principal_t *princ)
{
return NULL;
}
diff --git a/socket.c b/socket.c
index da9f5dc..a76d593 100644
--- a/socket.c
+++ b/socket.c
@@ -322,8 +322,9 @@ failed:
}
#else /* WITH_SECURITY */
static int
-isns_pdu_authenticate(isns_security_t *sec,
- struct isns_partial_msg *msg, buf_t *bp)
+isns_pdu_authenticate(__attribute__((unused))isns_security_t *sec,
+ __attribute__((unused))struct isns_partial_msg *msg,
+ __attribute__((unused))buf_t *bp)
{
return 0;
}
--
2.18.1

View File

@ -1,89 +0,0 @@
From 4c39cb09735a494099fba0474d25ff26800de952 Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Wed, 29 Jan 2020 12:47:16 -0800
Subject: [PATCH 3/7] Do not ignore write() return value.
Some distros set the warn_unused_result attribute for the write()
system call, so check the return value.
---
pki.c | 37 ++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)
diff --git a/pki.c b/pki.c
index 486d9bb..57ea664 100644
--- a/pki.c
+++ b/pki.c
@@ -9,12 +9,13 @@
#include <unistd.h>
#include <limits.h>
#include "config.h"
+#include <fcntl.h>
+#include <assert.h>
#ifdef WITH_SECURITY
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#endif
-#include <fcntl.h>
#include <libisns/isns.h>
#include "security.h"
#include <libisns/util.h>
@@ -431,17 +432,43 @@ isns_dsa_load_params(const char *filename)
return dsa;
}
+/*
+ * write one 'status' character to stdout
+ */
+static void
+write_status_byte(int ch)
+{
+ static int stdout_fd = 1; /* fileno(stdout) */
+ char buf[2];
+ int res;
+
+ /*
+ * We don't actually care about the return value here, since
+ * we are just dumping a status byte to stdout, but
+ * some linux distrubutions set the warn_unused_result attribute
+ * for the write() API, so we might as well use the return value
+ * to make sure the write command isn't broken.
+ */
+ assert(ch);
+ buf[0] = ch;
+ buf[1] = '\0';
+ res = write(stdout_fd, buf, 1);
+ assert(res == 1);
+}
+
static int
isns_dsa_param_gen_callback(int stage,
__attribute__((unused))int index,
__attribute__((unused))void *dummy)
{
if (stage == 0)
- write(1, "+", 1);
+ write_status_byte('+');
else if (stage == 1)
- write(1, ".", 1);
+ write_status_byte('.');
else if (stage == 2)
- write(1, "/", 1);
+ write_status_byte('/');
+
+ /* as a callback, we must return a value, so just return success */
return 0;
}
@@ -478,7 +505,7 @@ isns_dsa_init_params(const char *filename)
dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0,
NULL, NULL, isns_dsa_param_gen_callback, NULL);
#endif
- write(1, "\n", 1);
+ write_status_byte('\n');
if (dsa == NULL) {
isns_dsasig_report_errors("Error generating DSA parameters",
--
2.18.1

View File

@ -1,44 +0,0 @@
From 40eb9ce75518817762a0eac4a93016ab817add89 Mon Sep 17 00:00:00 2001
From: Lee Duncan <lduncan@suse.com>
Date: Sat, 1 Feb 2020 10:23:04 -0800
Subject: [PATCH 4/7] Fix 586 compile issue and remove -Werror
Using -Werror causes any issue to break the build, whereas
I'd rather let the build continue and address the issue.
Also, fixed one signed-vs-unsigned compare for time_t, which
shows up only on 586 (32-bit).
---
configure.ac | 2 +-
isnsdd.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index e4f3995..d956e58 100644
--- a/configure.ac
+++ b/configure.ac
@@ -17,7 +17,7 @@ AC_PATH_PROG(SH, sh)
dnl C Compiler features
AC_C_INLINE
if test "$GCC" = "yes"; then
- CFLAGS="-Wall -Werror -Wextra $CFLAGS"
+ CFLAGS="-Wall -Wextra $CFLAGS"
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
fi
diff --git a/isnsdd.c b/isnsdd.c
index 58825cc..9cedb9f 100644
--- a/isnsdd.c
+++ b/isnsdd.c
@@ -401,7 +401,7 @@ check_portal_registration(__attribute__((unused))void *ptr)
continue;
last_modified = isns_object_last_modified(obj);
- if (last_modified + 2 * interval > now) {
+ if ((time_t)(last_modified + 2 * interval) > now) {
good_portals++;
continue;
}
--
2.18.1

View File

@ -1,27 +0,0 @@
From 2e27c43228210eaa7aaabc2048c78645f319d080 Mon Sep 17 00:00:00 2001
From: Leo <thinkabit.ukim@gmail.com>
Date: Tue, 4 Feb 2020 05:42:22 +0100
Subject: [PATCH 5/7] socket.c: include poll.h instead of sys/poll.h for POSIX
compatibility
https://pubs.opengroup.org/onlinepubs/009695399/basedefs/poll.h.html
---
socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/socket.c b/socket.c
index a76d593..432a9bd 100644
--- a/socket.c
+++ b/socket.c
@@ -5,7 +5,7 @@
*/
#include <sys/socket.h>
-#include <sys/poll.h>
+#include <poll.h>
#include <sys/time.h>
#include <sys/un.h>
#include <string.h>
--
2.18.1

View File

@ -1,41 +0,0 @@
From 18de2f0670ede5e15a45a94ddecd4218e9267831 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Wed, 22 Apr 2020 14:35:54 -0700
Subject: [PATCH 6/7] fix compilation without deprecated OpenSSL APIs
Needed two missing headers and a small ifdef fix.
---
pki.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pki.c b/pki.c
index 57ea664..00dc383 100644
--- a/pki.c
+++ b/pki.c
@@ -15,6 +15,8 @@
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
#endif
#include <libisns/isns.h>
#include "security.h"
@@ -97,13 +99,11 @@ isns_create_dsa_context(void)
isns_security_t *ctx;
if (!isns_openssl_init) {
- ERR_load_crypto_strings();
#if OPENSSL_API_COMPAT < 0x10100000L
+ ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
-#else
- OPENSSL_init_crypto();
#endif
isns_openssl_init = 1;
}
--
2.18.1

View File

@ -1,44 +0,0 @@
From e7dac76ce61039fefa58985c955afccb60dabe87 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Wed, 29 Apr 2020 15:55:55 -0700
Subject: [PATCH 7/7] libisns: remove sighold and sigrelse
The man page says that these are deprecated. Use sugprocmask as a replacement.
---
include/libisns/util.h | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/include/libisns/util.h b/include/libisns/util.h
index e5ed037..f1b97f0 100644
--- a/include/libisns/util.h
+++ b/include/libisns/util.h
@@ -41,14 +41,22 @@ char * print_size(unsigned long);
*/
static inline void signals_hold(void)
{
- sighold(SIGTERM);
- sighold(SIGINT);
+ sigset_t s;
+
+ sigemptyset(&s);
+ sigaddset(&s, SIGTERM);
+ sigaddset(&s, SIGINT);
+ sigprocmask(SIG_BLOCK, &s, 0);
}
static inline void signals_release(void)
{
- sigrelse(SIGTERM);
- sigrelse(SIGINT);
+ sigset_t s;
+
+ sigemptyset(&s);
+ sigaddset(&s, SIGTERM);
+ sigaddset(&s, SIGINT);
+ sigprocmask(SIG_UNBLOCK, &s, 0);
}
/*
--
2.18.1

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1,20 +1,13 @@
Name: isns-utils Name: isns-utils
Version: 0.100 Version: 0.101
Release: 2%{?dist} Release: 1%{?dist}
Summary: The iSNS daemon and utility programs Summary: The iSNS daemon and utility programs
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/open-iscsi/open-isns URL: https://github.com/open-iscsi/open-isns
Source0: https://github.com/open-iscsi/open-isns/archive/v%{version}.tar.gz#/open-isns-%{version}.tar.gz Source0: https://github.com/open-iscsi/open-isns/archive/v%{version}.tar.gz#/open-isns-%{version}.tar.gz
Source1: isnsd.service Source1: isnsd.service
Patch1: test_as_installed.patch
Patch0001: 0001-Ignore-common-build-files.patch
Patch0002: 0002-Fix-compiler-issue-when-not-in-security-mode.patch
Patch0003: 0003-Do-not-ignore-write-return-value.patch
Patch0004: 0004-Fix-586-compile-issue-and-remove-Werror.patch
Patch0005: 0005-socket.c-include-poll.h-instead-of-sys-poll.h-for-PO.patch
Patch0006: 0006-fix-compilation-without-deprecated-OpenSSL-APIs.patch
Patch0007: 0007-libisns-remove-sighold-and-sigrelse.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: openssl-devel automake pkgconfig systemd-devel systemd BuildRequires: openssl-devel automake pkgconfig systemd-devel systemd
@ -111,6 +104,11 @@ install -p -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/isnsd.service
%changelog %changelog
* Wed May 26 2021 Chris Leech <cleech@redhat.com> - 0.101-1
- update to 0.101
- bz#1958038 disabled Werror, which fixes the build with OpenSSL 3 while still using deprecated functions
- setup new upstream tests as gating
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.100-2 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.100-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

View File

@ -1 +1 @@
SHA512 (open-isns-0.100.tar.gz) = ccf49ba1c60d46ae49b75424a966abc1f7e104c8ffa13013951a58a8f0ccaa1cf550f24fd2743fcaba1211a0ec8033c5df5249b7a108ae5974d4f1144dd3b169 SHA512 (open-isns-0.101.tar.gz) = e5a392127b0d85f36e9e4aa963c0c502af8c5aea0aba6d12abb4425649969dcc20ba6e87a99083626d981438439b17b71a86320f816042d82ed5dbe7e7a63e77

47
test_as_installed.patch Normal file
View File

@ -0,0 +1,47 @@
From 420ae1af11fad3151b5bfa676e7218168e4e6f3f Mon Sep 17 00:00:00 2001
From: Chris Leech <cleech@redhat.com>
Date: Wed, 26 May 2021 10:00:17 -0700
Subject: [PATCH 1/1] run tests with binaries from arbitrary paths
---
tests/Makefile | 4 ++++
tests/harness.py | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/tests/Makefile b/tests/Makefile
index 372572d..2c61183 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -48,3 +48,7 @@ quick: tests-no-security
tests-no-security:
@echo running tests without security -- takes about 2 minutes
./test-isns.py
+
+tests-as-installed:
+ @echo running tests from installed executables -- takes about 2 minutes
+ ./test-isns.py -s --path="/usr/sbin"
diff --git a/tests/harness.py b/tests/harness.py
index 39fc5e6..b710f5a 100644
--- a/tests/harness.py
+++ b/tests/harness.py
@@ -137,6 +137,9 @@ def new_initArgParsers(self):
self._main_parser.add_argument('-d', '--debug', dest='debug',
action='store_true',
help='Enable developer debugging')
+ self._main_parser.add_argument('--path', dest='path',
+ action='store', default='..',
+ help='Set isns bin path, to run from installed executables')
def new_parseArgs(self, argv):
"""
@@ -148,6 +151,7 @@ def new_parseArgs(self, argv):
Global.verbosity = self.verbosity
Global.security = self.security
Global.debug = self.debug
+ Global._isns_bin_dir = self.path
dprint("found: verbosity=%d, security=%s" % \
(Global.verbosity, Global.security))
--
2.31.1

20
tests/tests.yml Normal file
View File

@ -0,0 +1,20 @@
---
- hosts: localhost
roles:
- role: standard-test-source
tags:
- always
- role: standard-test-basic
tags:
- classic
required_packages:
- make
- python3
- isns-utils
- openssl
tests:
- smoke:
dir: ./source/tests/
run: make tests-as-installed