From f3820b972d502161542e121eee4b18bc64e36037 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 22 Jan 2007 21:23:54 +0000 Subject: [PATCH] - preserve timestamps on profile.d shell scriptlets - first cut at making RPM scriptlets failproof for install-info - pull up pre-generated PDF docs so that we don't have multiarch differences due to document IDs, timestamps, and compressed data, - pull up the script to make sure that the PDF matches its source to guard against the package maintainer forgetting to update when we move to a new release --- krb5-tex-pdf.sh | 55 ++++++++++++++++++++++++++++++++ krb5.conf | 3 ++ krb5.spec | 85 +++++++++++++++++++++++++++++-------------------- krb5kdc.init | 3 ++ sources | 1 + 5 files changed, 113 insertions(+), 34 deletions(-) create mode 100644 krb5-tex-pdf.sh diff --git a/krb5-tex-pdf.sh b/krb5-tex-pdf.sh new file mode 100644 index 0000000..ed72d2b --- /dev/null +++ b/krb5-tex-pdf.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +# Based on Enrico's snippet for using pdflatex for building PDFs, except we're +# switching to pregenerating the docs for the SRPM so that we don't get +# different contents when we build on multiple build machines and architectures +# (timestamps and IDs change, and even some of the compressed content looks +# different). The filename and checksum are used to verify that the PDF always +# matches the doc which was used to generate it, and we flag an error if that +# isn't the case. + +create() { + pushd "$1" > /dev/null + touch "$2".ind + pdflatex "$2" + test ! -e "$2".idx || makeindex ${3:+-s "$3".ist} "$2".idx + pdflatex "$2" + pdflatex "$2" + sum=`sha1sum "$2".tex | sed 's,[[:blank:]].*,,g'` + sed -ri \ + -e 's|^/ID \[<.{32}> <.{32}>\]|/ID [<'"$1/$2"'> <'"$sum"'>]|g' \ + "$2".pdf + popd > /dev/null +} + +check() { + pushd "$1" > /dev/null + sum=`sha1sum "$2".tex | sed 's, .*,,g'` + id=`sed -rn -e '/^\/ID \[<[^>]*> <[^>]*>\]/p' "$2".pdf` + filename=`echo "$id" | sed -r 's|^.*\[<([^>]*)> <([^>]*)>\].*|\1|g'` + checksum=`echo "$id" | sed -r 's|^.*\[<([^>]*)> <([^>]*)>\].*|\2|g'` + echo $filename + echo $checksum $sum + popd > /dev/null + test "$filename" = "$1/$2" && test "$checksum" = "$sum" +} + +mode=$1 +case $mode in + create) + while read subdir doc style ; do + if ! create $subdir $doc $style ; then + exit 1 + fi + done + ;; + check) + while read subdir doc style ; do + if ! check $subdir $doc $style ; then + exit 1 + fi + done + ;; +esac + +exit 0 diff --git a/krb5.conf b/krb5.conf index e57cf45..18b8f15 100644 --- a/krb5.conf +++ b/krb5.conf @@ -21,6 +21,9 @@ .example.com = EXAMPLE.COM example.com = EXAMPLE.COM +[kdc] + profile = /var/kerberos/krb5kdc/kdc.conf + [appdefaults] pam = { debug = false diff --git a/krb5.spec b/krb5.spec index 02272c1..ce50621 100644 --- a/krb5.spec +++ b/krb5.spec @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system. Name: krb5 Version: 1.5 -Release: 15 +Release: 18 # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar Source0: krb5-%{version}.tar.gz @@ -36,7 +36,11 @@ Source19: krb5kdc.sysconfig Source20: kadmin.sysconfig Source21: krb524.sysconfig Source22: ekrb5-telnet.xinetd - +# The same source files we "check", generated with "krb5-tex-pdf create" and +# tarred up. +Source23: krb5-%{version}-pdf.tar.gz +Source24: krb5-tex-pdf.sh +Patch1: krb5-1.5.1-1.6-pal.patch Patch2: krb5-1.3-manpage-paths.patch Patch3: krb5-1.3-netkit-rsh.patch Patch4: krb5-1.3-rlogind-environ.patch @@ -77,7 +81,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root Prereq: grep, info, sh-utils, /sbin/install-info BuildPrereq: autoconf, bison, e2fsprogs-devel >= 1.35, flex BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar -BuildRequires: tetex-latex +BuildRequires: tetex-latex %description Kerberos V5 is a trusted-third-party network authentication system, @@ -135,20 +139,36 @@ network uses Kerberos, this package should be installed on every workstation. %changelog -* Tue Jan 9 2007 Nalin Dahyabhai - 1.5-15 +* Mon Jan 22 2007 Nalin Dahyabhai - 1.5-18 +- make use of install-info more failsafe (Ville Skyttä, #223704) +- preserve timestamps on shell scriptlets at %%install-time + +* Tue Jan 16 2007 Nalin Dahyabhai - 1.5-17 +- move to using pregenerated PDF docs to cure multilib conflicts (#222721) + +* Fri Jan 12 2007 Nalin Dahyabhai - 1.5-16 +- update backport of the preauth module interface (part of #194654) + +* Tue Jan 9 2007 Nalin Dahyabhai - 1.5-14 - apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456) - apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456) -* Mon Oct 23 2006 Nalin Dahyabhai - 1.5-11 -- don't bail from the KDC init script if there's no database, it may be in - a different location than the default (fenlason) -- remove the [kdc] section from the default krb5.conf -- doesn't seem to have - been applicable for a while +* Wed Dec 20 2006 Nalin Dahyabhai - 1.5-12 +- update backport of the preauth module interface + +* Mon Oct 30 2006 Nalin Dahyabhai - 1.5-11 +- update backport of the preauth module interface +- add proposed patches 4566, 4567 +- add proposed edata reporting interface for KDC +- add temporary placeholder for module global context fixes * Wed Oct 18 2006 Nalin Dahyabhai - 1.5-10 - rename krb5.sh and krb5.csh so that they don't overlap (#210623) - way-late application of added error info in kadmind.init (#65853) +* Wed Oct 18 2006 Nalin Dahyabhai - 1.5-9.pal_18695 +- add backport of in-development preauth module interface (#208643) + * Mon Oct 9 2006 Nalin Dahyabhai - 1.5-9 - provide docs in PDF format instead of as tex source (Enrico Scholz, #209943) @@ -326,7 +346,7 @@ workstation. * Fri Dec 17 2004 Martin Stransky 1.3.5-7 - fix deadlock during file transfer via rsync/krsh -- thanks goes to James Antil for hint +- thanks goes to James Antill for hint * Fri Nov 26 2004 Nalin Dahyabhai 1.3.5-6 - rebuild @@ -938,7 +958,9 @@ workstation. - added --force to makeinfo commands to skip errors during build %prep -%setup -q +%setup -q -a 23 +%patch1 -p1 -b .pal + %patch2 -p1 -b .manpage-paths %patch3 -p1 -b .netkit-rsh %patch4 -p1 -b .rlogind-environ @@ -978,6 +1000,7 @@ popd %patch48 -p0 -b .2006-003 cp src/krb524/README README.krb524 gzip doc/*.ps + sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex sed -i -e '1c\ \\documentclass{article}\ @@ -986,6 +1009,18 @@ sed -i -e '1c\ \\usepackage{fancyheadings}\ \\usepackage{hyperref}' doc/implement/implement.tex +# Check that the PDFs we built earlier match this source tree. +$RPM_SOURCE_DIR/krb5-tex-pdf.sh check << EOF +doc/api library krb5 +doc/api libdes +doc/implement implement +doc/kadm5 adb-unit-test +doc/kadm5 api-unit-test +doc/kadm5 api-funcspec +doc/kadm5 api-server-design +EOF + +# Rebuild the configure scripts. cd src top=`pwd` for configurein in `find -name configure.in -type f` ; do @@ -995,28 +1030,7 @@ for configurein in `find -name configure.in -type f` ; do popd done - %build -# Usage: mkpdf -function mkpdf() -{ - cd "$1" - touch "$2".ind - pdflatex "$2" - test ! -e "$2".idx || makeindex ${3:+-s "$3".ist} "$2".idx - pdflatex "$2" - pdflatex "$2" - cd - -} - -mkpdf doc/api library krb5 -mkpdf doc/api libdes -mkpdf doc/implement implement -mkpdf doc/kadm5 adb-unit-test -mkpdf doc/kadm5 api-unit-test -mkpdf doc/kadm5 api-funcspec -mkpdf doc/kadm5 api-server-design - cd src INCLUDES=-I%{_includedir}/et @@ -1076,9 +1090,9 @@ install -m 644 $RPM_SOURCE_DIR/kadm5.acl $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc mkdir -p $RPM_BUILD_ROOT/etc/profile.d install -m 644 $RPM_SOURCE_DIR/krb5.conf $RPM_BUILD_ROOT/etc/krb5.conf for subpackage in devel workstation ; do - install -m 755 $RPM_SOURCE_DIR/krb5.sh \ + install -pm 755 $RPM_SOURCE_DIR/krb5.sh \ $RPM_BUILD_ROOT/etc/profile.d/krb5-${subpackage}.sh - install -m 755 $RPM_SOURCE_DIR/krb5.csh \ + install -pm 755 $RPM_SOURCE_DIR/krb5.csh \ $RPM_BUILD_ROOT/etc/profile.d/krb5-${subpackage}.csh done @@ -1146,6 +1160,7 @@ install -m644 src/util/ac_check_krb5.m4 $RPM_BUILD_ROOT/%{_datadir}/aclocal/ /sbin/install-info %{_infodir}/krb425.info.gz %{_infodir}/dir /sbin/install-info %{_infodir}/krb5-admin.info.gz %{_infodir}/dir /sbin/install-info %{_infodir}/krb5-install.info.gz %{_infodir}/dir +exit 0 %preun server if [ "$1" = "0" ] ; then @@ -1161,6 +1176,7 @@ if [ "$1" = "0" ] ; then /sbin/install-info --delete %{_infodir}/krb5-admin.info.gz %{_infodir}/dir /sbin/install-info --delete %{_infodir}/krb5-install.info.gz %{_infodir}/dir fi +exit 0 %postun server if [ "$1" -ge 1 ] ; then @@ -1178,6 +1194,7 @@ fi if [ "$1" = "0" ] ; then /sbin/install-info --delete %{_infodir}/krb5-user.info %{_infodir}/dir fi +exit 0 %postun workstation /sbin/service xinetd reload > /dev/null 2>&1 || : diff --git a/krb5kdc.init b/krb5kdc.init index 76cb56c..82b4088 100755 --- a/krb5kdc.init +++ b/krb5kdc.init @@ -28,6 +28,9 @@ krb5kdc=/usr/kerberos/sbin/krb5kdc # Sheel functions to cut down on useless shell instances. start() { + if [ ! -f /var/kerberos/krb5kdc/principal ] ; then + exit 0 + fi echo -n $"Starting $prog: " daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS RETVAL=$? diff --git a/sources b/sources index 5b659aa..1b9e583 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ fe62bcd315fe4139e4fa05732ce8abde krb5-1.5.tar.gz 86a3c9ef729920279a45d0573055bf99 krb5-1.5.tar.gz.asc +18da410f1e0a4500b0f3d4020567ce99 krb5-1.5-pdf.tar.gz