Ubuntu
open-isns package

Merge ~lvoytek/ubuntu/+source/open-isns:open-isns-101-update-jammy into ubuntu/+source/open-isns:ubuntu/devel

  1. Git
  2. lp:~lvoytek/ubuntu/+source/open-isns
  3. open-isns-101-update-jammy
  4. Merge into ubuntu/devel
Proposed by Lena Voytek
Status: Merged
Merged at revision: bbb99d2d67c0ea3e782c9d438810cee8dfa30e6e
Proposed branch: ~lvoytek/ubuntu/+source/open-isns:open-isns-101-update-jammy
Merge into: ubuntu/+source/open-isns:ubuntu/devel
Diff against target: 870 lines (+223/-55)
21 files modified
.gitignore (+5/-0)
ChangeLog (+25/-0)
Makefile.in (+1/-0)
TODO (+8/-0)
client.c (+13/-7)
configure (+10/-10)
configure.ac (+2/-2)
db-policy.c (+9/-3)
debian/changelog (+18/-0)
debian/open-isns-utils.install (+2/-0)
dev/null (+0/-4)
doc/isnssetup.8 (+64/-0)
getnext.c (+1/-1)
include/libisns/.gitignore (+1/-0)
include/libisns/paths.h.in (+2/-2)
include/libisns/util.h (+13/-4)
isnsadm.c (+1/-1)
isnsdd.c (+1/-1)
pki.c (+35/-11)
security.c (+8/-6)
socket.c (+4/-3)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
Canonical Server Core Reviewers Pending
Review via email: mp+413102@code.launchpad.net

Description of the change

PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/open-isns-101-update-jammy

Updating to version 0.101 through a patch file until the version bump is approved in Debian, then this will become a sync. https://salsa.debian.org/linux-blocks-team/open-isns/-/merge_requests/2

Package test result:

autopkgtest [13:31:11]: @@@@@@@@@@@@@@@@@@@@ summary
server PASS
discoveryd PASS
auth PASS

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hmm, maybe I'm just blind to see the reason for "through a patch file until the version bump is approved in Debian", but could you explain why this can't just be 0.101-0ubuntu1 with proper orig tarball based on 0.101?

In the past Debian was rather slow at acting on that package, so I'd not expect things soon.
Which would make a "0.100-but-actually-0.101-we-are-not-tellng-you" version to stay around rather long.

Did you had a chance to check if the 0.101 version could work without my debian/patches/no-werror.patch? If it does, please drop it.

Oh and if you agree, just start the CL with "Merge 0.101 from upstream, remaining changes:"

review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Arr, I consumed the canonical-server slot, could you please re-add one?

Revision history for this message
Lena Voytek (lvoytek) wrote :

Ah that's fair, I can use a 0.101 tarball and update the version for this then. The new version does work without the no-werror patch. It even contains the other three patches too so they can all be removed with the version bump

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Sounds good, ping back here once that is ready for re-review then.

Revision history for this message
Lena Voytek (lvoytek) wrote :

I reuploaded using uscan and extraction of the 0.101 tar alongside adding the new version in the changelog. Confirmed dep-8 tests still work and builds succeeded in the ppa

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This will have some bonus-fun with the coming openssl3.1 but is ok for now:

pki.c:184:9: warning: ‘EVP_PKEY_get0_DSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Double checked the git with upstream tar content, matches

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

One finding, "bf3ff8a Merge 0.101 from upstream" pretends to be just upstream 0.101
But I found that it also adds the same content twice via debian/patches/version-101-update.patch
Only to remove it later via "2641a04 Remove patches fixed in version 0.101"

This is some useless back and forth that for clarity should be removed from "bf3ff8a Merge 0.101 from upstream".

If it is just that I can clean it up while sponsoring, let us see if I find more ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tests, Builds, Bug references, Changelog, ... all that LGTM.

I checked (a common case on new upstream versions) if we'd need to bump d/copyright.
But interestingly there was no bump in the upstream source v0.100->v0.101, so that should be fine as is.

One thing that I saw was that upstream added a man-page and that is great, but we usually want to ensure it is installed. The new file is doc/isnssetup.8.
I see the build does
  /usr/bin/install -c -m 644 ./doc/isnssetup.8 /<<PKGBUILDDIR>>/debian/tmp/usr/share/man/man8

But it isn't picked up by the packaging and not in the binary package.
But that led me to this trail - and after a check I found a few things to be missing:

1. the isnssetup helpe rscript, directly available in the source probably a good candidate for either open-isns-utils in /usr/sbin/ along the other admin tools, or at least as example in /usr/share/doc/open-isns-utils/. I guess /usr/sbin along the others is more expected.
2. along that script the man page ./doc/isnssetup.8

3. There also is isnsd.socket which could be installed along the .service
   Looking at the .service made me shiver as a lot of things might be discussed, but right now we
   only want to package 0.101 as-is.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

So to sum it up, the rebase to upload an 0.101-0ubuntu1 looks mostly good - thanks!

The following things I'd ask for:
1. do not add and later remove debian/patches/version-101-update.patch
2. please let us install the new script, man page and .socket file
3. We are not in a hurry, maybe once we have that ready and team-reviewed have a look at sending a PR of the same to Debian?

If in January Debian did reply and upload it, we can make it a sync.
If not we can upload it to Ubuntu for now.

review: Needs Fixing
Revision history for this message
Lena Voytek (lvoytek) wrote :

Removed version-101-update.patch from all commits, thanks for spotting that. Working on the script, man page and socket file now

Revision history for this message
Lena Voytek (lvoytek) wrote :

Added script, doc, and socket to install

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Checked upgrade installs (had the service, but not the socket)

root@j-proposed:~# systemctl status isnsd
● isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-12-16 06:30:24 UTC; 24s ago
TriggeredBy: ○ isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
   Main PID: 106675 (isnsd)
      Tasks: 1 (limit: 38266)
     Memory: 1.0M
     CGroup: /system.slice/isnsd.service
             └─106675 /usr/sbin/isnsd

Dec 16 06:30:24 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:30:24 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:30:24 j-proposed isnsd[106675]: SLP support disabled in this build
root@j-proposed:~# systemctl status isnsd.socket
○ isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: inactive (dead)
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

Service stays running (good), socket stays off (good as it would be a crash otherwise).

Also no complains on the install
Setting up open-isns-server (0.101-0ubuntu1~ppa4) ...
Created symlink /etc/systemd/system/sockets.target.wants/isnsd.socket → /lib/systemd/system/isnsd.socket.
Setting up open-isns-discoveryd (0.101-0ubuntu1~ppa4) ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
Download full text (3.4 KiB)

Checked new installs of the new version:

...

Unpacking open-isns-server (0.101-0ubuntu1~ppa4) ...
Setting up open-isns-server (0.101-0ubuntu1~ppa4) ...
Generating DSA parameters; this may take a while
+++++++++++++.++.+++++++++++++++++++++.+++++.++.++++++.+.+++.+++.++++.++++++++++.++++++++++.++++.+++++++++++++++.+++.++++++.++++.+++++++++++++.+++++++++.+.++.++.++.+.++.......................
........................................../++++.+.+.+++++++++++++++.+.+++.++++++++++++.+++++++.++++++++++++.+.++.+++.++++++++++++.+++++++++++++.++++++.++.+.++.+.+++++++++++++.++++++.+++++++.+
.++.++++++++++.+.+.++++++.+.++++.+.+++.++++.+++++++.+.+++.+.++++++++++.++.++.++.+++.+++.+++++++++.+++++++++++.+++++++.+.+++++................................................................./
Stored private key in /etc/isns/auth_key
Stored private key in /etc/isns/auth_key.pub
Created symlink /etc/systemd/system/multi-user.target.wants/isnsd.service → /lib/systemd/system/isnsd.service.
Created symlink /etc/systemd/system/sockets.target.wants/isnsd.socket → /lib/systemd/system/isnsd.socket.
...

root@j-proposed:~# systemctl status isnsd.socket isnsd.service
○ isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: inactive (dead)
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

● isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-12-16 06:31:35 UTC; 11s ago
TriggeredBy: ○ isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
    Process: 108263 ExecStart=/usr/sbin/isnsd (code=exited, status=0/SUCCESS)
   Main PID: 108264 (isnsd)
      Tasks: 1 (limit: 38266)
     Memory: 952.0K
     CGroup: /system.slice/isnsd.service
             └─108264 /usr/sbin/isnsd

The state I'd have expected it in after install would be more like:

root@j-proposed:~# systemctl stop isnsd.service
root@j-proposed:~# systemctl start isnsd.socket
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
● isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: active (listening) since Thu 2021-12-16 06:45:07 UTC; 2s ago
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)
     CGroup: /system.slice/isnsd.socket

Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.

○ isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Thu 2021-12-16 06:45:01 UTC; 8s ago
TriggeredBy: ● isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
    Process: 108263 ExecStart=/usr/sbin/isnsd (code=exited, status=0/SUCCESS)
   Main PID: 108264 (code=exited, status=0/SUCCESS)

Dec 16 06:31:35 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:31:35 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:31:35 j-proposed isnsd[108264]: SLP support disabled in this build
Dec 16 06:45:01 j-proposed isnsd[108264]: SLP support disabled in this build
Dec 16 06:45:...

Read more...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
Download full text (4.3 KiB)

Hmm,
I've found that the socket integration of open-isnsd isn't perfect.
For example the following common init phase (from the man page of isnsadm) breaks it.

root@j-proposed:~# isnsd --init
root@j-proposed:~# isnsadm --local --keyfile=control.key --enroll isns.control node-type=ALL functions=ALL object-type=ALL
No key given, generating one
Stored DSA private key in control.key
socket disconnect, killing socket
Warning: Timed out while waiting for reply
Warning: Failed to register object(s): Internal error

If we now look at the service/socket we see

root@j-proposed:~# systemctl status isnsd.socket isnsd.service
× isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: failed (Result: service-start-limit-hit) since Thu 2021-12-16 06:50:15 UTC; 4s ago
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.socket: Failed with result 'service-start-limit-hit'.

× isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2021-12-16 06:50:15 UTC; 4s ago
TriggeredBy: × isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
    Process: 108821 ExecStart=/usr/sbin/isnsd (code=exited, status=0/SUCCESS)
   Main PID: 108822 (code=exited, status=1/FAILURE)

Dec 16 06:50:15 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: New main PID 108821 does not exist or is a zombie.
Dec 16 06:50:15 j-proposed isnsd[108822]: Unable to bind socket: Address already in use
Dec 16 06:50:15 j-proposed isnsd[108822]: Unable to create server socket
Dec 16 06:50:15 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Main process exited, code=exited, status=1/FAILURE
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Failed with result 'exit-code'.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Start request repeated too quickly.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Failed with result 'exit-code'.
Dec 16 06:50:15 j-proposed systemd[1]: Failed to start iSNS server.

That means isnsadm reaches the socket in a way to start it, but then the service is blocked by the socket itself. As if there are multiple paths to start it and only one is transitioning, but the other one is blocking it.

A later start gets it running:
root@j-proposed:~# systemctl start isnsd.service
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
× isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: failed (Result: service-start-limit-hit) since Thu 2021-12-16 06:50:15 UTC; 5min ago
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.socket: Failed with result 'service-start-limit-hit'.

● isnsd.service - iSNS server
     Loaded...

Read more...

review: Needs Fixing
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

BTW isnssetup works at least to the extend I understand what it is supposed to do.
It creates a working base setup AFAICS:

root@j-proposed:~# isnssetup
*** Initializing server security ***
*** Registering control node policy ***
No key given, generating one
Stored DSA private key in /etc/isns/control.key
Successfully registered object(s)
*** Registering control node ***
Successfully registered object(s)
*** Registering policy for server ***
Successfully registered object(s)

root@j-proposed:~# isnsadm --control --query dd-name=mydomain
(Object list empty)

root@j-proposed:~# isnsadm --control --register entity=client.bozo.org initiator=iqn.org.bozo.client portal=191.168.7.1:860
Successfully registered object(s)

root@j-proposed:~# isnsadm --control --query entity-id=client.bozo.org
object[0] = <Network Entity>
  0001 string : Entity identifier = "client.bozo.org"
  0002 uint32 : Entity protocol = iSCSI (2)
  0006 uint32 : Registration Period = 600
  0004 uint64 : Timestamp = Thu Dec 16 06:59:25 2021
  0007 uint32 : Entity index = 5

Revision history for this message
Lena Voytek (lvoytek) wrote :

Removed the socket file inclusion. Confirmed autopkgtest still passing and ppa builds

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Ok, IMHO it is ready to upload as-is for Ubuntu now to resolve things here.

Please - before considering all of this fully done - submit the same to Debian please (https://salsa.debian.org/linux-blocks-team/open-isns)

I guess there you need to replace your former https://salsa.debian.org/linux-blocks-team/open-isns/-/merge_requests/2
And probably to get it right adapt it to match the gbp workflow as I see upstream/master and pristine-tar there.

Would be something like:
gbp import-orig ../open-isns_0.101.orig.tar.xz --pristine-tar -u 0.101 --debian-branch debian/master --upstream-branch upstream/master
Then add your .install change and submit all three branches there (three PRs).

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading open-isns_0.101-0ubuntu1.dsc: done.
  Uploading open-isns_0.101.orig.tar.gz: done.
  Uploading open-isns_0.101-0ubuntu1.debian.tar.xz: done.
  Uploading open-isns_0.101-0ubuntu1_source.buildinfo: done.
  Uploading open-isns_0.101-0ubuntu1_source.changes: done.
Successfully uploaded packages.

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

The three merge requests are now up in Debian:
https://salsa.debian.org/linux-blocks-team/open-isns/-/merge_requests

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/.gitignore b/.gitignore
2index 5da7a8b..2a0f55d 100644
3--- a/.gitignore
4+++ b/.gitignore
5@@ -7,3 +7,8 @@ isnsd
6 isnsdd
7 libisns.a
8 libisns*.so.?
9+Makefile
10+config.h
11+config.log
12+config.status
13+autom4te.cache
14diff --git a/ChangeLog b/ChangeLog
15index 34c1638..c379a74 100644
16--- a/ChangeLog
17+++ b/ChangeLog
18@@ -1,3 +1,28 @@
19+* Changes v0.100 to v0.101:
20+
21+Dmitry Bogdanov (1):
22+ Fix parsing of GetNextRsp
23+
24+Lee Duncan (10):
25+ Ignore common build files
26+ Fix compiler issue when not in security mode
27+ Do not ignore write() return value.
28+ Fix 586 compile issue and remove -Werror
29+ Added a TODO: 'make depend' not worrking
30+ Update version string to "0.100".
31+ Fix broken server authentication initialization.
32+ Add man page for isnssetup.
33+ Added TODO to test "isnsd --init"
34+ Preparing for version 0.101
35+
36+Leo (1):
37+ socket.c: include poll.h instead of sys/poll.h for POSIX compatibility
38+
39+Rosen Penev (2):
40+ fix compilation without deprecated OpenSSL APIs
41+ libisns: remove sighold and sigrelse
42+
43+
44 * Changes v0.99 to v0.100:
45
46 Chris Leech (1):
47diff --git a/Makefile.in b/Makefile.in
48index f76880a..f001a87 100644
49--- a/Makefile.in
50+++ b/Makefile.in
51@@ -118,6 +118,7 @@ install:
52 $(INSTALL) -m 644 $(srcdir)/doc/isnsd.8 $(MANDIR)/man8
53 $(INSTALL) -m 644 $(srcdir)/doc/isnsdd.8 $(MANDIR)/man8
54 $(INSTALL) -m 644 $(srcdir)/doc/isnsadm.8 $(MANDIR)/man8
55+ $(INSTALL) -m 644 $(srcdir)/doc/isnssetup.8 $(MANDIR)/man8
56 $(INSTALL) -m 644 $(srcdir)/doc/isns_config.5 $(MANDIR)/man5
57 $(INSTALL) -m 644 $(srcdir)/isnsd.service $(SYSTEMDDIR)
58 $(INSTALL) -m 644 $(srcdir)/isnsd.socket $(SYSTEMDDIR)
59diff --git a/TODO b/TODO
60index 2ddf008..5e23667 100644
61--- a/TODO
62+++ b/TODO
63@@ -7,6 +7,7 @@ isnsd:
64 - make PGs children of the iSCSI storage node they're associated
65 with?
66 - Implement missing functions
67+ - Add test for "isnsd --init", to make sure it works correctly.
68
69 isnsadm:
70 - support iSNS server discovery through DNS SRV
71@@ -27,6 +28,10 @@ isnsdd:
72 we registered for ESI are seeing the server's
73 ESI messages.
74
75+isnssetup:
76+- Update to support systemd, and perhaps have
77+ a few options?
78+
79 DevAttrReg:
80 - Refuse registration of nodes inside the CONTROL
81 entity, unless it's a control node.
82@@ -98,3 +103,6 @@ Renaming
83
84 Socket code:
85 - impose upper limit on the reassembly buffer
86+
87+Compilation:
88+ - 'make depend' does not work
89diff --git a/client.c b/client.c
90index 8487877..fda26be 100644
91--- a/client.c
92+++ b/client.c
93@@ -122,22 +122,17 @@ isns_client_get_local_address(const isns_client_t *clnt,
94 /*
95 * Create a security context
96 */
97+#ifdef WITH_SECURITY
98 static isns_security_t *
99 __create_security_context(const char *name, const char *auth_key,
100 const char *server_key)
101 {
102-#ifdef WITH_SECURITY
103 isns_security_t *ctx;
104 isns_principal_t *princ;
105-#endif /* WITH_SECURITY */
106
107 if (!isns_config.ic_security)
108 return NULL;
109
110-#ifndef WITH_SECURITY
111- isns_error("Cannot create security context: security disabled at build time\n");
112- return NULL;
113-#else /* WITH_SECURITY */
114 ctx = isns_create_dsa_context();
115 if (ctx == NULL)
116 isns_fatal("Unable to create security context\n");
117@@ -174,8 +169,19 @@ __create_security_context(const char *name, const char *auth_key,
118 }
119
120 return ctx;
121-#endif /* WITH_SECURITY */
122 }
123+#else /* WITH_SECURITY */
124+static isns_security_t *
125+__create_security_context(__attribute__((unused))const char *name,
126+ __attribute__((unused))const char *auth_key,
127+ __attribute__((unused))const char *server_key)
128+{
129+ if (!isns_config.ic_security)
130+ return NULL;
131+ isns_error("Cannot create security context: security disabled at build time\n");
132+ return NULL;
133+}
134+#endif /* WITH_SECURITY */
135
136 /*
137 * Create the default security context
138diff --git a/configure b/configure
139index 8579a02..1559ab6 100755
140--- a/configure
141+++ b/configure
142@@ -1,6 +1,6 @@
143 #! /bin/sh
144 # Guess values for system-dependent variables and create Makefiles.
145-# Generated by GNU Autoconf 2.69 for open-isns 0.100.
146+# Generated by GNU Autoconf 2.69 for open-isns 0.101.
147 #
148 #
149 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
150@@ -577,8 +577,8 @@ MAKEFLAGS=
151 # Identity of this package.
152 PACKAGE_NAME='open-isns'
153 PACKAGE_TARNAME='open-isns'
154-PACKAGE_VERSION='0.100'
155-PACKAGE_STRING='open-isns 0.100'
156+PACKAGE_VERSION='0.101'
157+PACKAGE_STRING='open-isns 0.101'
158 PACKAGE_BUGREPORT=''
159 PACKAGE_URL=''
160
161@@ -1250,7 +1250,7 @@ if test "$ac_init_help" = "long"; then
162 # Omit some internal or obsolete options to make the list less imposing.
163 # This message is too long to be a string in the A/UX 3.1 sh.
164 cat <<_ACEOF
165-\`configure' configures open-isns 0.100 to adapt to many kinds of systems.
166+\`configure' configures open-isns 0.101 to adapt to many kinds of systems.
167
168 Usage: $0 [OPTION]... [VAR=VALUE]...
169
170@@ -1315,7 +1315,7 @@ fi
171
172 if test -n "$ac_init_help"; then
173 case $ac_init_help in
174- short | recursive ) echo "Configuration of open-isns 0.100:";;
175+ short | recursive ) echo "Configuration of open-isns 0.101:";;
176 esac
177 cat <<\_ACEOF
178
179@@ -1410,7 +1410,7 @@ fi
180 test -n "$ac_init_help" && exit $ac_status
181 if $ac_init_version; then
182 cat <<\_ACEOF
183-open-isns configure 0.100
184+open-isns configure 0.101
185 generated by GNU Autoconf 2.69
186
187 Copyright (C) 2012 Free Software Foundation, Inc.
188@@ -1775,7 +1775,7 @@ cat >config.log <<_ACEOF
189 This file contains any messages produced by compilers while
190 running configure, to aid debugging if configure makes a mistake.
191
192-It was created by open-isns $as_me 0.100, which was
193+It was created by open-isns $as_me 0.101, which was
194 generated by GNU Autoconf 2.69. Invocation command line was
195
196 $ $0 $@
197@@ -3996,7 +3996,7 @@ _ACEOF
198 esac
199
200 if test "$GCC" = "yes"; then
201- CFLAGS="-Wall -Werror -Wextra $CFLAGS"
202+ CFLAGS="-Wall -Wextra $CFLAGS"
203 CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
204 fi
205
206@@ -4985,7 +4985,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
207 # report actual input values of CONFIG_FILES etc. instead of their
208 # values after options handling.
209 ac_log="
210-This file was extended by open-isns $as_me 0.100, which was
211+This file was extended by open-isns $as_me 0.101, which was
212 generated by GNU Autoconf 2.69. Invocation command line was
213
214 CONFIG_FILES = $CONFIG_FILES
215@@ -5047,7 +5047,7 @@ _ACEOF
216 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
217 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
218 ac_cs_version="\\
219-open-isns config.status 0.100
220+open-isns config.status 0.101
221 configured by $0, generated by GNU Autoconf 2.69,
222 with options \\"\$ac_cs_config\\"
223
224diff --git a/configure.ac b/configure.ac
225index e4f3995..63ec143 100644
226--- a/configure.ac
227+++ b/configure.ac
228@@ -1,4 +1,4 @@
229-AC_INIT(open-isns, [0.100])
230+AC_INIT(open-isns, [0.101])
231 AC_CONFIG_SRCDIR([isnsd.c])
232 AC_CONFIG_AUX_DIR([aclocal])
233
234@@ -17,7 +17,7 @@ AC_PATH_PROG(SH, sh)
235 dnl C Compiler features
236 AC_C_INLINE
237 if test "$GCC" = "yes"; then
238- CFLAGS="-Wall -Werror -Wextra $CFLAGS"
239+ CFLAGS="-Wall -Wextra $CFLAGS"
240 CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
241 fi
242
243diff --git a/db-policy.c b/db-policy.c
244index b1c46e2..d4a0cba 100644
245--- a/db-policy.c
246+++ b/db-policy.c
247@@ -52,11 +52,11 @@ __isns_db_keystore_lookup(isns_db_keystore_t *store,
248 /*
249 * Load a DSA key from the DB store
250 */
251+#ifdef WITH_SECURITY
252 static EVP_PKEY *
253 __isns_db_keystore_find(isns_keystore_t *store_base,
254 const char *name, size_t namelen)
255 {
256-#ifdef WITH_SECURITY
257 isns_db_keystore_t *store = (isns_db_keystore_t *) store_base;
258 isns_object_t *obj;
259 const void *key_data;
260@@ -71,10 +71,16 @@ __isns_db_keystore_find(isns_keystore_t *store_base,
261 return NULL;
262
263 return isns_dsa_decode_public(key_data, key_size);
264-#else
265+}
266+#else /* WITH_SECURITY */
267+static EVP_PKEY *
268+__isns_db_keystore_find(__attribute__((unused))isns_keystore_t *store_base,
269+ __attribute__((unused))const char *name,
270+ __attribute__((unused))size_t namelen)
271+{
272 return NULL;
273-#endif
274 }
275+#endif /* WITH_SECURITY */
276
277 /*
278 * Retrieve policy from database
279diff --git a/debian/changelog b/debian/changelog
280index 6e00fbe..745a31f 100644
281--- a/debian/changelog
282+++ b/debian/changelog
283@@ -1,3 +1,21 @@
284+open-isns (0.101-0ubuntu1) jammy; urgency=medium
285+
286+ * Merge 0.101 from upstream (LP: #1946882), remaining changes
287+ - d/open-isns-utils.install: Include isnssetup script in /usr/sbin along with
288+ its man documentation
289+ * Dropped changes:
290+ - d/p/0001-Do-not-ignore-write-return-value.patch: Avoid warn_unused_result error
291+ [Fixed in 0.101]
292+ - d/p/0002-Fix-different-signedness-integer-expression-comparis.patch: Fix sign error
293+ [Fixed in 0.101]
294+ - d/p/0003-Fix-broken-server-authentication-initialization.patch: Fix broken server
295+ authorization initialization
296+ [Fixed in 0.101]
297+ - d/p/no-werror.patch: Build without werror enabled
298+ [Fixed in 0.101]
299+
300+ -- Lena Voytek <lena.voytek@canonical.com> Wed, 16 Dec 2021 07:15:31 -0700
301+
302 open-isns (0.100-3ubuntu5) jammy; urgency=medium
303
304 * No-change rebuild against openssl3
305diff --git a/debian/open-isns-utils.install b/debian/open-isns-utils.install
306index 89212a5..867a5fc 100644
307--- a/debian/open-isns-utils.install
308+++ b/debian/open-isns-utils.install
309@@ -1,5 +1,7 @@
310 debian/extra/isnsadm.conf.5 /usr/share/man/man5
311 etc/isns/isnsadm.conf
312 usr/sbin/isnsadm
313+isnssetup usr/sbin/
314 usr/share/man/man5/isns_config.5
315 usr/share/man/man8/isnsadm.8
316+usr/share/man/man8/isnssetup.8
317diff --git a/debian/patches/0001-Do-not-ignore-write-return-value.patch b/debian/patches/0001-Do-not-ignore-write-return-value.patch
318deleted file mode 100644
319index dcc48c2..0000000
320--- a/debian/patches/0001-Do-not-ignore-write-return-value.patch
321+++ /dev/null
322@@ -1,87 +0,0 @@
323-From: Ritesh Raj Sarraf <rrs@debian.org>
324-Date: Thu, 19 Nov 2020 15:13:32 +0530
325-Subject: Do not ignore write() return value
326-
327-Some distros set the warn_unused_result attribute for the write()
328-system call, so check the return value
329-
330-Patch cherry-picked from upstream commit: 4c39cb09735a494099fba0474d25ff26800de952
331----
332- pki.c | 37 ++++++++++++++++++++++++++++++++-----
333- 1 file changed, 32 insertions(+), 5 deletions(-)
334-
335-diff --git a/pki.c b/pki.c
336-index 486d9bb..57ea664 100644
337---- a/pki.c
338-+++ b/pki.c
339-@@ -9,12 +9,13 @@
340- #include <unistd.h>
341- #include <limits.h>
342- #include "config.h"
343-+#include <fcntl.h>
344-+#include <assert.h>
345- #ifdef WITH_SECURITY
346- #include <openssl/pem.h>
347- #include <openssl/err.h>
348- #include <openssl/evp.h>
349- #endif
350--#include <fcntl.h>
351- #include <libisns/isns.h>
352- #include "security.h"
353- #include <libisns/util.h>
354-@@ -431,17 +432,43 @@ isns_dsa_load_params(const char *filename)
355- return dsa;
356- }
357-
358-+/*
359-+ * write one 'status' character to stdout
360-+ */
361-+static void
362-+write_status_byte(int ch)
363-+{
364-+ static int stdout_fd = 1; /* fileno(stdout) */
365-+ char buf[2];
366-+ int res;
367-+
368-+ /*
369-+ * We don't actually care about the return value here, since
370-+ * we are just dumping a status byte to stdout, but
371-+ * some linux distrubutions set the warn_unused_result attribute
372-+ * for the write() API, so we might as well use the return value
373-+ * to make sure the write command isn't broken.
374-+ */
375-+ assert(ch);
376-+ buf[0] = ch;
377-+ buf[1] = '\0';
378-+ res = write(stdout_fd, buf, 1);
379-+ assert(res == 1);
380-+}
381-+
382- static int
383- isns_dsa_param_gen_callback(int stage,
384- __attribute__((unused))int index,
385- __attribute__((unused))void *dummy)
386- {
387- if (stage == 0)
388-- write(1, "+", 1);
389-+ write_status_byte('+');
390- else if (stage == 1)
391-- write(1, ".", 1);
392-+ write_status_byte('.');
393- else if (stage == 2)
394-- write(1, "/", 1);
395-+ write_status_byte('/');
396-+
397-+ /* as a callback, we must return a value, so just return success */
398- return 0;
399- }
400-
401-@@ -478,7 +505,7 @@ isns_dsa_init_params(const char *filename)
402- dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0,
403- NULL, NULL, isns_dsa_param_gen_callback, NULL);
404- #endif
405-- write(1, "\n", 1);
406-+ write_status_byte('\n');
407-
408- if (dsa == NULL) {
409- isns_dsasig_report_errors("Error generating DSA parameters",
410diff --git a/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch b/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch
411deleted file mode 100644
412index 31c6cfb..0000000
413--- a/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch
414+++ /dev/null
415@@ -1,22 +0,0 @@
416-From: Ritesh Raj Sarraf <rrs@debian.org>
417-Date: Mon, 23 Nov 2020 22:35:57 +0530
418-Subject: Fix different signedness integer expression comparison error
419-
420-Issue commonly seen on 32 bit systems
421----
422- isnsdd.c | 2 +-
423- 1 file changed, 1 insertion(+), 1 deletion(-)
424-
425-diff --git a/isnsdd.c b/isnsdd.c
426-index 58825cc..9cedb9f 100644
427---- a/isnsdd.c
428-+++ b/isnsdd.c
429-@@ -401,7 +401,7 @@ check_portal_registration(__attribute__((unused))void *ptr)
430- continue;
431-
432- last_modified = isns_object_last_modified(obj);
433-- if (last_modified + 2 * interval > now) {
434-+ if ((time_t)(last_modified + 2 * interval) > now) {
435- good_portals++;
436- continue;
437- }
438diff --git a/debian/patches/0003-Fix-broken-server-authentication-initialization.patch b/debian/patches/0003-Fix-broken-server-authentication-initialization.patch
439deleted file mode 100644
440index eb6afa7..0000000
441--- a/debian/patches/0003-Fix-broken-server-authentication-initialization.patch
442+++ /dev/null
443@@ -1,55 +0,0 @@
444-From: Lee Duncan <lduncan@suse.com>
445-Date: Fri, 4 Dec 2020 09:14:18 -0800
446-Subject: Fix broken server authentication initialization.
447-
448-Commit 86bf736873ed cleaned up a bunch of compiler complaints,
449-and was supposed to have no effect on functionality. But the change
450-to isns_dsa_param_gen_callback() from void to returning an
451-integer (zero) broke "isnsd --init", causing the error message:
452-
453-> Generating DSA parameters; this may take a while
454-> +
455-> Warning: Error generating DSA parameters - OpenSSL errors follow:
456-
457-This commit changes isns_dsa_param_gen_callback() back to a void
458-function, and fixes the compiler problem by properly declaring
459-the callback, and using the proper openssl macro to set the
460-callback.
461-
462-Fixes: 86bf736873ed General cleanup for the compiler.
463----
464- pki.c | 7 ++-----
465- 1 file changed, 2 insertions(+), 5 deletions(-)
466-
467-diff --git a/pki.c b/pki.c
468-index 57ea664..315b56b 100644
469---- a/pki.c
470-+++ b/pki.c
471-@@ -456,7 +456,7 @@ write_status_byte(int ch)
472- assert(res == 1);
473- }
474-
475--static int
476-+static void
477- isns_dsa_param_gen_callback(int stage,
478- __attribute__((unused))int index,
479- __attribute__((unused))void *dummy)
480-@@ -467,9 +467,6 @@ isns_dsa_param_gen_callback(int stage,
481- write_status_byte('.');
482- else if (stage == 2)
483- write_status_byte('/');
484--
485-- /* as a callback, we must return a value, so just return success */
486-- return 0;
487- }
488-
489- int
490-@@ -494,7 +491,7 @@ isns_dsa_init_params(const char *filename)
491- isns_notice("Generating DSA parameters; this may take a while\n");
492- #if OPENSSL_VERSION_NUMBER >= 0x10002000L
493- cb = BN_GENCB_new();
494-- BN_GENCB_set(cb, (int (*)(int, int, BN_GENCB *)) isns_dsa_param_gen_callback, NULL);
495-+ BN_GENCB_set_old(cb, (void (*)(int, int, void *)) isns_dsa_param_gen_callback, NULL);
496- dsa = DSA_new();
497- if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) {
498- DSA_free(dsa);
499diff --git a/debian/patches/no-werror.patch b/debian/patches/no-werror.patch
500deleted file mode 100644
501index 0ab8c07..0000000
502--- a/debian/patches/no-werror.patch
503+++ /dev/null
504@@ -1,15 +0,0 @@
505-Description: Build without -Werror to fix FTBFS.
506-Author: Dimitri John Ledkov <xnox@ubuntu.com>
507-
508-
509---- open-isns-0.100.orig/configure.ac
510-+++ open-isns-0.100/configure.ac
511-@@ -17,7 +17,7 @@ AC_PATH_PROG(SH, sh)
512- dnl C Compiler features
513- AC_C_INLINE
514- if test "$GCC" = "yes"; then
515-- CFLAGS="-Wall -Werror -Wextra $CFLAGS"
516-+ CFLAGS="-Wall -Wextra $CFLAGS"
517- CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
518- fi
519-
520diff --git a/debian/patches/series b/debian/patches/series
521deleted file mode 100644
522index 27bb459..0000000
523--- a/debian/patches/series
524+++ /dev/null
525@@ -1,4 +0,0 @@
526-0001-Do-not-ignore-write-return-value.patch
527-0002-Fix-different-signedness-integer-expression-comparis.patch
528-0003-Fix-broken-server-authentication-initialization.patch
529-no-werror.patch
530diff --git a/doc/isnssetup.8 b/doc/isnssetup.8
531new file mode 100644
532index 0000000..3076af5
533--- /dev/null
534+++ b/doc/isnssetup.8
535@@ -0,0 +1,64 @@
536+'\" t
537+.TH ISNSSETUP 8 "4 Dec 2020"
538+.SH NAME
539+isnssetup \- a simple script to bootstrap an iSNS server, including security
540+.SH SYNOPSIS
541+.B isnssetup
542+.SH DESCRIPTION
543+.B isnssetup
544+is a command line utility for for bootstrapping your iSNS
545+installation. It sets up the authentication credentials,
546+sets up the
547+.B ServerAddress
548+to be
549+.IR localhost ,
550+and registers the appropriate values in the
551+.B iSNS
552+database. The
553+.B isnssetup
554+script does not take any options.
555+.PP
556+Running this script performs the following steps:
557+.TP
558+.B \(bu
559+Set
560+.B ServerAddress
561+to
562+.I localhost
563+and
564+.B Security
565+to
566+.I 1
567+for
568+.B isnsadmin.conf
569+and
570+.BR isnsdd.conf .
571+.TP
572+.B \(bu
573+Initialize security files by running
574+.BR "isnsd --init" ,
575+copying the public key to the server key, then restarting
576+the
577+.B isnsd
578+daemon, so that it sees the new authorization files.
579+.TP
580+.B \(bu
581+Registering the control node policy, the control node itself, and
582+lastly registering the server policy.
583+.PP
584+Note that this script is supplied as an example, although you should
585+be able to use it directly if you wish. You have to be
586+.B root
587+to run this script successfully.
588+.SH BUGS
589+This script does not take
590+.B systemd
591+into account, so you may have to modify it to get it to work on
592+a modern system.
593+.SH SEE ALSO
594+RFC 4171,
595+.BR isnsadm (8),
596+.BR isnsd (8),
597+.BR isns_config (5).
598+.SH AUTHORS
599+Olaf Kirch <olaf.kirch@oracle.com>
600diff --git a/getnext.c b/getnext.c
601index 2b3b3fe..9e39a5d 100644
602--- a/getnext.c
603+++ b/getnext.c
604@@ -244,7 +244,7 @@ isns_getnext_response_get_object(isns_simple_t *qry,
605 {
606 isns_object_template_t *tmpl;
607
608- tmpl = isns_object_template_for_key_attrs(&qry->is_operating_attrs);
609+ tmpl = isns_object_template_for_key_attrs(&qry->is_message_attrs);
610 if (tmpl == NULL) {
611 isns_error("Cannot determine object type in GetNext response\n");
612 return ISNS_ATTRIBUTE_NOT_IMPLEMENTED;
613diff --git a/include/libisns/.gitignore b/include/libisns/.gitignore
614new file mode 100644
615index 0000000..a3757fd
616--- /dev/null
617+++ b/include/libisns/.gitignore
618@@ -0,0 +1 @@
619+paths.h
620diff --git a/include/libisns/paths.h.in b/include/libisns/paths.h.in
621index 1e96e70..4d17adb 100644
622--- a/include/libisns/paths.h.in
623+++ b/include/libisns/paths.h.in
624@@ -9,8 +9,8 @@
625 #define ISNS_CONFIG_H
626
627 #define __OPENISNS_MKVERSION(maj, min) (((maj) << 8) + (min))
628-#define OPENISNS_VERSION __OPENISNS_MKVERSION(0, 99);
629-#define OPENISNS_VERSION_STRING "0.99"
630+#define OPENISNS_VERSION __OPENISNS_MKVERSION(0, 101);
631+#define OPENISNS_VERSION_STRING "0.101"
632
633 #define ISNS_ETCDIR "/etc/isns"
634 #define ISNS_RUNDIR "@RUNDIR@"
635diff --git a/include/libisns/util.h b/include/libisns/util.h
636index 4174480..f1b97f0 100644
637--- a/include/libisns/util.h
638+++ b/include/libisns/util.h
639@@ -14,6 +14,7 @@
640 #include <string.h> // for strdup
641 #include <signal.h>
642 #include <libisns/types.h>
643+#include <stdlib.h>
644
645 #define array_num_elements(a) (sizeof(a) / sizeof((a)[0]))
646
647@@ -40,14 +41,22 @@ char * print_size(unsigned long);
648 */
649 static inline void signals_hold(void)
650 {
651- sighold(SIGTERM);
652- sighold(SIGINT);
653+ sigset_t s;
654+
655+ sigemptyset(&s);
656+ sigaddset(&s, SIGTERM);
657+ sigaddset(&s, SIGINT);
658+ sigprocmask(SIG_BLOCK, &s, 0);
659 }
660
661 static inline void signals_release(void)
662 {
663- sigrelse(SIGTERM);
664- sigrelse(SIGINT);
665+ sigset_t s;
666+
667+ sigemptyset(&s);
668+ sigaddset(&s, SIGTERM);
669+ sigaddset(&s, SIGINT);
670+ sigprocmask(SIG_UNBLOCK, &s, 0);
671 }
672
673 /*
674diff --git a/isnsadm.c b/isnsadm.c
675index 7a96007..94c705e 100644
676--- a/isnsadm.c
677+++ b/isnsadm.c
678@@ -1162,7 +1162,7 @@ generate_key_callback(void)
679 }
680
681 isns_attr_t *
682-load_key_callback(const char *pathname)
683+load_key_callback(__attribute__((unused))const char *pathname)
684 {
685 isns_fatal("Authentication disabled in this build\n");
686 return NULL;
687diff --git a/isnsdd.c b/isnsdd.c
688index 58825cc..9cedb9f 100644
689--- a/isnsdd.c
690+++ b/isnsdd.c
691@@ -401,7 +401,7 @@ check_portal_registration(__attribute__((unused))void *ptr)
692 continue;
693
694 last_modified = isns_object_last_modified(obj);
695- if (last_modified + 2 * interval > now) {
696+ if ((time_t)(last_modified + 2 * interval) > now) {
697 good_portals++;
698 continue;
699 }
700diff --git a/pki.c b/pki.c
701index 486d9bb..6617b8a 100644
702--- a/pki.c
703+++ b/pki.c
704@@ -9,12 +9,15 @@
705 #include <unistd.h>
706 #include <limits.h>
707 #include "config.h"
708+#include <fcntl.h>
709+#include <assert.h>
710 #ifdef WITH_SECURITY
711 #include <openssl/pem.h>
712 #include <openssl/err.h>
713 #include <openssl/evp.h>
714+#include <openssl/dsa.h>
715+#include <openssl/bn.h>
716 #endif
717-#include <fcntl.h>
718 #include <libisns/isns.h>
719 #include "security.h"
720 #include <libisns/util.h>
721@@ -96,13 +99,11 @@ isns_create_dsa_context(void)
722 isns_security_t *ctx;
723
724 if (!isns_openssl_init) {
725- ERR_load_crypto_strings();
726 #if OPENSSL_API_COMPAT < 0x10100000L
727+ ERR_load_crypto_strings();
728 OpenSSL_add_all_algorithms();
729 OpenSSL_add_all_ciphers();
730 OpenSSL_add_all_digests();
731-#else
732- OPENSSL_init_crypto();
733 #endif
734 isns_openssl_init = 1;
735 }
736@@ -431,18 +432,41 @@ isns_dsa_load_params(const char *filename)
737 return dsa;
738 }
739
740-static int
741+/*
742+ * write one 'status' character to stdout
743+ */
744+static void
745+write_status_byte(int ch)
746+{
747+ static int stdout_fd = 1; /* fileno(stdout) */
748+ char buf[2];
749+ int res;
750+
751+ /*
752+ * We don't actually care about the return value here, since
753+ * we are just dumping a status byte to stdout, but
754+ * some linux distrubutions set the warn_unused_result attribute
755+ * for the write() API, so we might as well use the return value
756+ * to make sure the write command isn't broken.
757+ */
758+ assert(ch);
759+ buf[0] = ch;
760+ buf[1] = '\0';
761+ res = write(stdout_fd, buf, 1);
762+ assert(res == 1);
763+}
764+
765+static void
766 isns_dsa_param_gen_callback(int stage,
767 __attribute__((unused))int index,
768 __attribute__((unused))void *dummy)
769 {
770 if (stage == 0)
771- write(1, "+", 1);
772+ write_status_byte('+');
773 else if (stage == 1)
774- write(1, ".", 1);
775+ write_status_byte('.');
776 else if (stage == 2)
777- write(1, "/", 1);
778- return 0;
779+ write_status_byte('/');
780 }
781
782 int
783@@ -467,7 +491,7 @@ isns_dsa_init_params(const char *filename)
784 isns_notice("Generating DSA parameters; this may take a while\n");
785 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
786 cb = BN_GENCB_new();
787- BN_GENCB_set(cb, (int (*)(int, int, BN_GENCB *)) isns_dsa_param_gen_callback, NULL);
788+ BN_GENCB_set_old(cb, (void (*)(int, int, void *)) isns_dsa_param_gen_callback, NULL);
789 dsa = DSA_new();
790 if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) {
791 DSA_free(dsa);
792@@ -478,7 +502,7 @@ isns_dsa_init_params(const char *filename)
793 dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0,
794 NULL, NULL, isns_dsa_param_gen_callback, NULL);
795 #endif
796- write(1, "\n", 1);
797+ write_status_byte('\n');
798
799 if (dsa == NULL) {
800 isns_dsasig_report_errors("Error generating DSA parameters",
801diff --git a/security.c b/security.c
802index 673a26e..68eb779 100644
803--- a/security.c
804+++ b/security.c
805@@ -408,32 +408,34 @@ isns_security_init(void)
806 }
807
808 isns_keystore_t *
809-isns_create_keystore(const char *spec)
810+isns_create_keystore(__attribute__((unused))const char *spec)
811 {
812 isns_no_security();
813 return NULL;
814 }
815
816 void
817-isns_security_set_keystore(isns_security_t *ctx,
818- isns_keystore_t *ks)
819+isns_security_set_keystore(__attribute__((unused))isns_security_t *ctx,
820+ __attribute__((unused))isns_keystore_t *ks)
821 {
822 isns_no_security();
823 }
824
825 void
826-isns_principal_free(isns_principal_t *peer)
827+isns_principal_free(__attribute__((unused))isns_principal_t *peer)
828 {
829 }
830
831 isns_principal_t *
832-isns_get_principal(isns_security_t *ctx, const char *spi, size_t spi_len)
833+isns_get_principal(__attribute__((unused))isns_security_t *ctx,
834+ __attribute__((unused))const char *spi,
835+ __attribute__((unused))size_t spi_len)
836 {
837 return NULL;
838 }
839
840 const char *
841-isns_principal_name(const isns_principal_t *princ)
842+isns_principal_name(__attribute__((unused))const isns_principal_t *princ)
843 {
844 return NULL;
845 }
846diff --git a/socket.c b/socket.c
847index da9f5dc..432a9bd 100644
848--- a/socket.c
849+++ b/socket.c
850@@ -5,7 +5,7 @@
851 */
852
853 #include <sys/socket.h>
854-#include <sys/poll.h>
855+#include <poll.h>
856 #include <sys/time.h>
857 #include <sys/un.h>
858 #include <string.h>
859@@ -322,8 +322,9 @@ failed:
860 }
861 #else /* WITH_SECURITY */
862 static int
863-isns_pdu_authenticate(isns_security_t *sec,
864- struct isns_partial_msg *msg, buf_t *bp)
865+isns_pdu_authenticate(__attribute__((unused))isns_security_t *sec,
866+ __attribute__((unused))struct isns_partial_msg *msg,
867+ __attribute__((unused))buf_t *bp)
868 {
869 return 0;
870 }

Subscribers

People subscribed via source and target branches