Merge ~lvoytek/ubuntu/+source/open-isns:open-isns-101-update-jammy into ubuntu/+source/open-isns:ubuntu/devel
- Git
- lp:~lvoytek/ubuntu/+source/open-isns
- open-isns-101-update-jammy
- Merge into ubuntu/devel
Status: | Merged |
---|---|
Merged at revision: | bbb99d2d67c0ea3e782c9d438810cee8dfa30e6e |
Proposed branch: | ~lvoytek/ubuntu/+source/open-isns:open-isns-101-update-jammy |
Merge into: | ubuntu/+source/open-isns:ubuntu/devel |
Diff against target: |
870 lines (+223/-55) 21 files modified
.gitignore (+5/-0) ChangeLog (+25/-0) Makefile.in (+1/-0) TODO (+8/-0) client.c (+13/-7) configure (+10/-10) configure.ac (+2/-2) db-policy.c (+9/-3) debian/changelog (+18/-0) debian/open-isns-utils.install (+2/-0) dev/null (+0/-4) doc/isnssetup.8 (+64/-0) getnext.c (+1/-1) include/libisns/.gitignore (+1/-0) include/libisns/paths.h.in (+2/-2) include/libisns/util.h (+13/-4) isnsadm.c (+1/-1) isnsdd.c (+1/-1) pki.c (+35/-11) security.c (+8/-6) socket.c (+4/-3) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Canonical Server | Pending | ||
Canonical Server packageset reviewers | Pending | ||
Canonical Server Core Reviewers | Pending | ||
Review via email: mp+413102@code.launchpad.net |
Commit message
Description of the change
PPA: https:/
Updating to version 0.101 through a patch file until the version bump is approved in Debian, then this will become a sync. https:/
Package test result:
autopkgtest [13:31:11]: @@@@@@@
server PASS
discoveryd PASS
auth PASS
Christian Ehrhardt (paelzer) wrote : | # |
Christian Ehrhardt (paelzer) wrote : | # |
Arr, I consumed the canonical-server slot, could you please re-add one?
Lena Voytek (lvoytek) wrote : | # |
Ah that's fair, I can use a 0.101 tarball and update the version for this then. The new version does work without the no-werror patch. It even contains the other three patches too so they can all be removed with the version bump
Christian Ehrhardt (paelzer) wrote : | # |
Sounds good, ping back here once that is ready for re-review then.
Lena Voytek (lvoytek) wrote : | # |
I reuploaded using uscan and extraction of the 0.101 tar alongside adding the new version in the changelog. Confirmed dep-8 tests still work and builds succeeded in the ppa
Christian Ehrhardt (paelzer) wrote : | # |
This will have some bonus-fun with the coming openssl3.1 but is ok for now:
pki.c:184:9: warning: ‘EVP_PKEY_get0_DSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-
Christian Ehrhardt (paelzer) wrote : | # |
Double checked the git with upstream tar content, matches
Christian Ehrhardt (paelzer) wrote : | # |
One finding, "bf3ff8a Merge 0.101 from upstream" pretends to be just upstream 0.101
But I found that it also adds the same content twice via debian/
Only to remove it later via "2641a04 Remove patches fixed in version 0.101"
This is some useless back and forth that for clarity should be removed from "bf3ff8a Merge 0.101 from upstream".
If it is just that I can clean it up while sponsoring, let us see if I find more ...
Christian Ehrhardt (paelzer) wrote : | # |
Tests, Builds, Bug references, Changelog, ... all that LGTM.
I checked (a common case on new upstream versions) if we'd need to bump d/copyright.
But interestingly there was no bump in the upstream source v0.100->v0.101, so that should be fine as is.
One thing that I saw was that upstream added a man-page and that is great, but we usually want to ensure it is installed. The new file is doc/isnssetup.8.
I see the build does
/usr/bin/install -c -m 644 ./doc/isnssetup.8 /<<PKGBUILDDIR>
But it isn't picked up by the packaging and not in the binary package.
But that led me to this trail - and after a check I found a few things to be missing:
1. the isnssetup helpe rscript, directly available in the source probably a good candidate for either open-isns-utils in /usr/sbin/ along the other admin tools, or at least as example in /usr/share/
2. along that script the man page ./doc/isnssetup.8
3. There also is isnsd.socket which could be installed along the .service
Looking at the .service made me shiver as a lot of things might be discussed, but right now we
only want to package 0.101 as-is.
Christian Ehrhardt (paelzer) wrote : | # |
So to sum it up, the rebase to upload an 0.101-0ubuntu1 looks mostly good - thanks!
The following things I'd ask for:
1. do not add and later remove debian/
2. please let us install the new script, man page and .socket file
3. We are not in a hurry, maybe once we have that ready and team-reviewed have a look at sending a PR of the same to Debian?
If in January Debian did reply and upload it, we can make it a sync.
If not we can upload it to Ubuntu for now.
Lena Voytek (lvoytek) wrote : | # |
Removed version-
Lena Voytek (lvoytek) wrote : | # |
Added script, doc, and socket to install
Christian Ehrhardt (paelzer) wrote : | # |
Checked upgrade installs (had the service, but not the socket)
root@j-proposed:~# systemctl status isnsd
● isnsd.service - iSNS server
Loaded: loaded (/lib/systemd/
Active: active (running) since Thu 2021-12-16 06:30:24 UTC; 24s ago
TriggeredBy: ○ isnsd.socket
Docs: man:isnsd(8)
Main PID: 106675 (isnsd)
Tasks: 1 (limit: 38266)
Memory: 1.0M
CGroup: /system.
Dec 16 06:30:24 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:30:24 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:30:24 j-proposed isnsd[106675]: SLP support disabled in this build
root@j-proposed:~# systemctl status isnsd.socket
○ isnsd.socket
Loaded: loaded (/lib/systemd/
Active: inactive (dead)
Triggers: ● isnsd.service
Listen: /run/isnsctl (Stream)
Service stays running (good), socket stays off (good as it would be a crash otherwise).
Also no complains on the install
Setting up open-isns-server (0.101-
Created symlink /etc/systemd/
Setting up open-isns-
Christian Ehrhardt (paelzer) wrote : | # |
Checked new installs of the new version:
...
Unpacking open-isns-server (0.101-
Setting up open-isns-server (0.101-
Generating DSA parameters; this may take a while
+++++++
.......
.++.+++
Stored private key in /etc/isns/auth_key
Stored private key in /etc/isns/
Created symlink /etc/systemd/
Created symlink /etc/systemd/
...
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
○ isnsd.socket
Loaded: loaded (/lib/systemd/
Active: inactive (dead)
Triggers: ● isnsd.service
Listen: /run/isnsctl (Stream)
● isnsd.service - iSNS server
Loaded: loaded (/lib/systemd/
Active: active (running) since Thu 2021-12-16 06:31:35 UTC; 11s ago
TriggeredBy: ○ isnsd.socket
Docs: man:isnsd(8)
Process: 108263 ExecStart=
Main PID: 108264 (isnsd)
Tasks: 1 (limit: 38266)
Memory: 952.0K
CGroup: /system.
The state I'd have expected it in after install would be more like:
root@j-proposed:~# systemctl stop isnsd.service
root@j-proposed:~# systemctl start isnsd.socket
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
● isnsd.socket
Loaded: loaded (/lib/systemd/
Active: active (listening) since Thu 2021-12-16 06:45:07 UTC; 2s ago
Triggers: ● isnsd.service
Listen: /run/isnsctl (Stream)
CGroup: /system.
Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.
○ isnsd.service - iSNS server
Loaded: loaded (/lib/systemd/
Active: inactive (dead) since Thu 2021-12-16 06:45:01 UTC; 8s ago
TriggeredBy: ● isnsd.socket
Docs: man:isnsd(8)
Process: 108263 ExecStart=
Main PID: 108264 (code=exited, status=0/SUCCESS)
Dec 16 06:31:35 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:31:35 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:31:35 j-proposed isnsd[108264]: SLP support disabled in this build
Dec 16 06:45:01 j-proposed isnsd[108264]: SLP support disabled in this build
Dec 16 06:45:...
Christian Ehrhardt (paelzer) wrote : | # |
Hmm,
I've found that the socket integration of open-isnsd isn't perfect.
For example the following common init phase (from the man page of isnsadm) breaks it.
root@j-proposed:~# isnsd --init
root@j-proposed:~# isnsadm --local --keyfile=
No key given, generating one
Stored DSA private key in control.key
socket disconnect, killing socket
Warning: Timed out while waiting for reply
Warning: Failed to register object(s): Internal error
If we now look at the service/socket we see
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
× isnsd.socket
Loaded: loaded (/lib/systemd/
Active: failed (Result: service-
Triggers: ● isnsd.service
Listen: /run/isnsctl (Stream)
Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.socket: Failed with result 'service-
× isnsd.service - iSNS server
Loaded: loaded (/lib/systemd/
Active: failed (Result: exit-code) since Thu 2021-12-16 06:50:15 UTC; 4s ago
TriggeredBy: × isnsd.socket
Docs: man:isnsd(8)
Process: 108821 ExecStart=
Main PID: 108822 (code=exited, status=1/FAILURE)
Dec 16 06:50:15 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: New main PID 108821 does not exist or is a zombie.
Dec 16 06:50:15 j-proposed isnsd[108822]: Unable to bind socket: Address already in use
Dec 16 06:50:15 j-proposed isnsd[108822]: Unable to create server socket
Dec 16 06:50:15 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Main process exited, code=exited, status=1/FAILURE
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Failed with result 'exit-code'.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Start request repeated too quickly.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Failed with result 'exit-code'.
Dec 16 06:50:15 j-proposed systemd[1]: Failed to start iSNS server.
That means isnsadm reaches the socket in a way to start it, but then the service is blocked by the socket itself. As if there are multiple paths to start it and only one is transitioning, but the other one is blocking it.
A later start gets it running:
root@j-proposed:~# systemctl start isnsd.service
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
× isnsd.socket
Loaded: loaded (/lib/systemd/
Active: failed (Result: service-
Triggers: ● isnsd.service
Listen: /run/isnsctl (Stream)
Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.socket: Failed with result 'service-
● isnsd.service - iSNS server
Loaded...
Christian Ehrhardt (paelzer) wrote : | # |
BTW isnssetup works at least to the extend I understand what it is supposed to do.
It creates a working base setup AFAICS:
root@j-proposed:~# isnssetup
*** Initializing server security ***
*** Registering control node policy ***
No key given, generating one
Stored DSA private key in /etc/isns/
Successfully registered object(s)
*** Registering control node ***
Successfully registered object(s)
*** Registering policy for server ***
Successfully registered object(s)
root@j-proposed:~# isnsadm --control --query dd-name=mydomain
(Object list empty)
root@j-proposed:~# isnsadm --control --register entity=
Successfully registered object(s)
root@j-proposed:~# isnsadm --control --query entity-
object[0] = <Network Entity>
0001 string : Entity identifier = "client.bozo.org"
0002 uint32 : Entity protocol = iSCSI (2)
0006 uint32 : Registration Period = 600
0004 uint64 : Timestamp = Thu Dec 16 06:59:25 2021
0007 uint32 : Entity index = 5
Lena Voytek (lvoytek) wrote : | # |
Removed the socket file inclusion. Confirmed autopkgtest still passing and ppa builds
Christian Ehrhardt (paelzer) wrote : | # |
Ok, IMHO it is ready to upload as-is for Ubuntu now to resolve things here.
Please - before considering all of this fully done - submit the same to Debian please (https:/
I guess there you need to replace your former https:/
And probably to get it right adapt it to match the gbp workflow as I see upstream/master and pristine-tar there.
Would be something like:
gbp import-orig ../open-
Then add your .install change and submit all three branches there (three PRs).
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading open-isns_
Uploading open-isns_
Uploading open-isns_
Uploading open-isns_
Uploading open-isns_
Successfully uploaded packages.
Lena Voytek (lvoytek) wrote : | # |
The three merge requests are now up in Debian:
https:/
Preview Diff
1 | diff --git a/.gitignore b/.gitignore |
2 | index 5da7a8b..2a0f55d 100644 |
3 | --- a/.gitignore |
4 | +++ b/.gitignore |
5 | @@ -7,3 +7,8 @@ isnsd |
6 | isnsdd |
7 | libisns.a |
8 | libisns*.so.? |
9 | +Makefile |
10 | +config.h |
11 | +config.log |
12 | +config.status |
13 | +autom4te.cache |
14 | diff --git a/ChangeLog b/ChangeLog |
15 | index 34c1638..c379a74 100644 |
16 | --- a/ChangeLog |
17 | +++ b/ChangeLog |
18 | @@ -1,3 +1,28 @@ |
19 | +* Changes v0.100 to v0.101: |
20 | + |
21 | +Dmitry Bogdanov (1): |
22 | + Fix parsing of GetNextRsp |
23 | + |
24 | +Lee Duncan (10): |
25 | + Ignore common build files |
26 | + Fix compiler issue when not in security mode |
27 | + Do not ignore write() return value. |
28 | + Fix 586 compile issue and remove -Werror |
29 | + Added a TODO: 'make depend' not worrking |
30 | + Update version string to "0.100". |
31 | + Fix broken server authentication initialization. |
32 | + Add man page for isnssetup. |
33 | + Added TODO to test "isnsd --init" |
34 | + Preparing for version 0.101 |
35 | + |
36 | +Leo (1): |
37 | + socket.c: include poll.h instead of sys/poll.h for POSIX compatibility |
38 | + |
39 | +Rosen Penev (2): |
40 | + fix compilation without deprecated OpenSSL APIs |
41 | + libisns: remove sighold and sigrelse |
42 | + |
43 | + |
44 | * Changes v0.99 to v0.100: |
45 | |
46 | Chris Leech (1): |
47 | diff --git a/Makefile.in b/Makefile.in |
48 | index f76880a..f001a87 100644 |
49 | --- a/Makefile.in |
50 | +++ b/Makefile.in |
51 | @@ -118,6 +118,7 @@ install: |
52 | $(INSTALL) -m 644 $(srcdir)/doc/isnsd.8 $(MANDIR)/man8 |
53 | $(INSTALL) -m 644 $(srcdir)/doc/isnsdd.8 $(MANDIR)/man8 |
54 | $(INSTALL) -m 644 $(srcdir)/doc/isnsadm.8 $(MANDIR)/man8 |
55 | + $(INSTALL) -m 644 $(srcdir)/doc/isnssetup.8 $(MANDIR)/man8 |
56 | $(INSTALL) -m 644 $(srcdir)/doc/isns_config.5 $(MANDIR)/man5 |
57 | $(INSTALL) -m 644 $(srcdir)/isnsd.service $(SYSTEMDDIR) |
58 | $(INSTALL) -m 644 $(srcdir)/isnsd.socket $(SYSTEMDDIR) |
59 | diff --git a/TODO b/TODO |
60 | index 2ddf008..5e23667 100644 |
61 | --- a/TODO |
62 | +++ b/TODO |
63 | @@ -7,6 +7,7 @@ isnsd: |
64 | - make PGs children of the iSCSI storage node they're associated |
65 | with? |
66 | - Implement missing functions |
67 | + - Add test for "isnsd --init", to make sure it works correctly. |
68 | |
69 | isnsadm: |
70 | - support iSNS server discovery through DNS SRV |
71 | @@ -27,6 +28,10 @@ isnsdd: |
72 | we registered for ESI are seeing the server's |
73 | ESI messages. |
74 | |
75 | +isnssetup: |
76 | +- Update to support systemd, and perhaps have |
77 | + a few options? |
78 | + |
79 | DevAttrReg: |
80 | - Refuse registration of nodes inside the CONTROL |
81 | entity, unless it's a control node. |
82 | @@ -98,3 +103,6 @@ Renaming |
83 | |
84 | Socket code: |
85 | - impose upper limit on the reassembly buffer |
86 | + |
87 | +Compilation: |
88 | + - 'make depend' does not work |
89 | diff --git a/client.c b/client.c |
90 | index 8487877..fda26be 100644 |
91 | --- a/client.c |
92 | +++ b/client.c |
93 | @@ -122,22 +122,17 @@ isns_client_get_local_address(const isns_client_t *clnt, |
94 | /* |
95 | * Create a security context |
96 | */ |
97 | +#ifdef WITH_SECURITY |
98 | static isns_security_t * |
99 | __create_security_context(const char *name, const char *auth_key, |
100 | const char *server_key) |
101 | { |
102 | -#ifdef WITH_SECURITY |
103 | isns_security_t *ctx; |
104 | isns_principal_t *princ; |
105 | -#endif /* WITH_SECURITY */ |
106 | |
107 | if (!isns_config.ic_security) |
108 | return NULL; |
109 | |
110 | -#ifndef WITH_SECURITY |
111 | - isns_error("Cannot create security context: security disabled at build time\n"); |
112 | - return NULL; |
113 | -#else /* WITH_SECURITY */ |
114 | ctx = isns_create_dsa_context(); |
115 | if (ctx == NULL) |
116 | isns_fatal("Unable to create security context\n"); |
117 | @@ -174,8 +169,19 @@ __create_security_context(const char *name, const char *auth_key, |
118 | } |
119 | |
120 | return ctx; |
121 | -#endif /* WITH_SECURITY */ |
122 | } |
123 | +#else /* WITH_SECURITY */ |
124 | +static isns_security_t * |
125 | +__create_security_context(__attribute__((unused))const char *name, |
126 | + __attribute__((unused))const char *auth_key, |
127 | + __attribute__((unused))const char *server_key) |
128 | +{ |
129 | + if (!isns_config.ic_security) |
130 | + return NULL; |
131 | + isns_error("Cannot create security context: security disabled at build time\n"); |
132 | + return NULL; |
133 | +} |
134 | +#endif /* WITH_SECURITY */ |
135 | |
136 | /* |
137 | * Create the default security context |
138 | diff --git a/configure b/configure |
139 | index 8579a02..1559ab6 100755 |
140 | --- a/configure |
141 | +++ b/configure |
142 | @@ -1,6 +1,6 @@ |
143 | #! /bin/sh |
144 | # Guess values for system-dependent variables and create Makefiles. |
145 | -# Generated by GNU Autoconf 2.69 for open-isns 0.100. |
146 | +# Generated by GNU Autoconf 2.69 for open-isns 0.101. |
147 | # |
148 | # |
149 | # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. |
150 | @@ -577,8 +577,8 @@ MAKEFLAGS= |
151 | # Identity of this package. |
152 | PACKAGE_NAME='open-isns' |
153 | PACKAGE_TARNAME='open-isns' |
154 | -PACKAGE_VERSION='0.100' |
155 | -PACKAGE_STRING='open-isns 0.100' |
156 | +PACKAGE_VERSION='0.101' |
157 | +PACKAGE_STRING='open-isns 0.101' |
158 | PACKAGE_BUGREPORT='' |
159 | PACKAGE_URL='' |
160 | |
161 | @@ -1250,7 +1250,7 @@ if test "$ac_init_help" = "long"; then |
162 | # Omit some internal or obsolete options to make the list less imposing. |
163 | # This message is too long to be a string in the A/UX 3.1 sh. |
164 | cat <<_ACEOF |
165 | -\`configure' configures open-isns 0.100 to adapt to many kinds of systems. |
166 | +\`configure' configures open-isns 0.101 to adapt to many kinds of systems. |
167 | |
168 | Usage: $0 [OPTION]... [VAR=VALUE]... |
169 | |
170 | @@ -1315,7 +1315,7 @@ fi |
171 | |
172 | if test -n "$ac_init_help"; then |
173 | case $ac_init_help in |
174 | - short | recursive ) echo "Configuration of open-isns 0.100:";; |
175 | + short | recursive ) echo "Configuration of open-isns 0.101:";; |
176 | esac |
177 | cat <<\_ACEOF |
178 | |
179 | @@ -1410,7 +1410,7 @@ fi |
180 | test -n "$ac_init_help" && exit $ac_status |
181 | if $ac_init_version; then |
182 | cat <<\_ACEOF |
183 | -open-isns configure 0.100 |
184 | +open-isns configure 0.101 |
185 | generated by GNU Autoconf 2.69 |
186 | |
187 | Copyright (C) 2012 Free Software Foundation, Inc. |
188 | @@ -1775,7 +1775,7 @@ cat >config.log <<_ACEOF |
189 | This file contains any messages produced by compilers while |
190 | running configure, to aid debugging if configure makes a mistake. |
191 | |
192 | -It was created by open-isns $as_me 0.100, which was |
193 | +It was created by open-isns $as_me 0.101, which was |
194 | generated by GNU Autoconf 2.69. Invocation command line was |
195 | |
196 | $ $0 $@ |
197 | @@ -3996,7 +3996,7 @@ _ACEOF |
198 | esac |
199 | |
200 | if test "$GCC" = "yes"; then |
201 | - CFLAGS="-Wall -Werror -Wextra $CFLAGS" |
202 | + CFLAGS="-Wall -Wextra $CFLAGS" |
203 | CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" |
204 | fi |
205 | |
206 | @@ -4985,7 +4985,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 |
207 | # report actual input values of CONFIG_FILES etc. instead of their |
208 | # values after options handling. |
209 | ac_log=" |
210 | -This file was extended by open-isns $as_me 0.100, which was |
211 | +This file was extended by open-isns $as_me 0.101, which was |
212 | generated by GNU Autoconf 2.69. Invocation command line was |
213 | |
214 | CONFIG_FILES = $CONFIG_FILES |
215 | @@ -5047,7 +5047,7 @@ _ACEOF |
216 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
217 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
218 | ac_cs_version="\\ |
219 | -open-isns config.status 0.100 |
220 | +open-isns config.status 0.101 |
221 | configured by $0, generated by GNU Autoconf 2.69, |
222 | with options \\"\$ac_cs_config\\" |
223 | |
224 | diff --git a/configure.ac b/configure.ac |
225 | index e4f3995..63ec143 100644 |
226 | --- a/configure.ac |
227 | +++ b/configure.ac |
228 | @@ -1,4 +1,4 @@ |
229 | -AC_INIT(open-isns, [0.100]) |
230 | +AC_INIT(open-isns, [0.101]) |
231 | AC_CONFIG_SRCDIR([isnsd.c]) |
232 | AC_CONFIG_AUX_DIR([aclocal]) |
233 | |
234 | @@ -17,7 +17,7 @@ AC_PATH_PROG(SH, sh) |
235 | dnl C Compiler features |
236 | AC_C_INLINE |
237 | if test "$GCC" = "yes"; then |
238 | - CFLAGS="-Wall -Werror -Wextra $CFLAGS" |
239 | + CFLAGS="-Wall -Wextra $CFLAGS" |
240 | CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" |
241 | fi |
242 | |
243 | diff --git a/db-policy.c b/db-policy.c |
244 | index b1c46e2..d4a0cba 100644 |
245 | --- a/db-policy.c |
246 | +++ b/db-policy.c |
247 | @@ -52,11 +52,11 @@ __isns_db_keystore_lookup(isns_db_keystore_t *store, |
248 | /* |
249 | * Load a DSA key from the DB store |
250 | */ |
251 | +#ifdef WITH_SECURITY |
252 | static EVP_PKEY * |
253 | __isns_db_keystore_find(isns_keystore_t *store_base, |
254 | const char *name, size_t namelen) |
255 | { |
256 | -#ifdef WITH_SECURITY |
257 | isns_db_keystore_t *store = (isns_db_keystore_t *) store_base; |
258 | isns_object_t *obj; |
259 | const void *key_data; |
260 | @@ -71,10 +71,16 @@ __isns_db_keystore_find(isns_keystore_t *store_base, |
261 | return NULL; |
262 | |
263 | return isns_dsa_decode_public(key_data, key_size); |
264 | -#else |
265 | +} |
266 | +#else /* WITH_SECURITY */ |
267 | +static EVP_PKEY * |
268 | +__isns_db_keystore_find(__attribute__((unused))isns_keystore_t *store_base, |
269 | + __attribute__((unused))const char *name, |
270 | + __attribute__((unused))size_t namelen) |
271 | +{ |
272 | return NULL; |
273 | -#endif |
274 | } |
275 | +#endif /* WITH_SECURITY */ |
276 | |
277 | /* |
278 | * Retrieve policy from database |
279 | diff --git a/debian/changelog b/debian/changelog |
280 | index 6e00fbe..745a31f 100644 |
281 | --- a/debian/changelog |
282 | +++ b/debian/changelog |
283 | @@ -1,3 +1,21 @@ |
284 | +open-isns (0.101-0ubuntu1) jammy; urgency=medium |
285 | + |
286 | + * Merge 0.101 from upstream (LP: #1946882), remaining changes |
287 | + - d/open-isns-utils.install: Include isnssetup script in /usr/sbin along with |
288 | + its man documentation |
289 | + * Dropped changes: |
290 | + - d/p/0001-Do-not-ignore-write-return-value.patch: Avoid warn_unused_result error |
291 | + [Fixed in 0.101] |
292 | + - d/p/0002-Fix-different-signedness-integer-expression-comparis.patch: Fix sign error |
293 | + [Fixed in 0.101] |
294 | + - d/p/0003-Fix-broken-server-authentication-initialization.patch: Fix broken server |
295 | + authorization initialization |
296 | + [Fixed in 0.101] |
297 | + - d/p/no-werror.patch: Build without werror enabled |
298 | + [Fixed in 0.101] |
299 | + |
300 | + -- Lena Voytek <lena.voytek@canonical.com> Wed, 16 Dec 2021 07:15:31 -0700 |
301 | + |
302 | open-isns (0.100-3ubuntu5) jammy; urgency=medium |
303 | |
304 | * No-change rebuild against openssl3 |
305 | diff --git a/debian/open-isns-utils.install b/debian/open-isns-utils.install |
306 | index 89212a5..867a5fc 100644 |
307 | --- a/debian/open-isns-utils.install |
308 | +++ b/debian/open-isns-utils.install |
309 | @@ -1,5 +1,7 @@ |
310 | debian/extra/isnsadm.conf.5 /usr/share/man/man5 |
311 | etc/isns/isnsadm.conf |
312 | usr/sbin/isnsadm |
313 | +isnssetup usr/sbin/ |
314 | usr/share/man/man5/isns_config.5 |
315 | usr/share/man/man8/isnsadm.8 |
316 | +usr/share/man/man8/isnssetup.8 |
317 | diff --git a/debian/patches/0001-Do-not-ignore-write-return-value.patch b/debian/patches/0001-Do-not-ignore-write-return-value.patch |
318 | deleted file mode 100644 |
319 | index dcc48c2..0000000 |
320 | --- a/debian/patches/0001-Do-not-ignore-write-return-value.patch |
321 | +++ /dev/null |
322 | @@ -1,87 +0,0 @@ |
323 | -From: Ritesh Raj Sarraf <rrs@debian.org> |
324 | -Date: Thu, 19 Nov 2020 15:13:32 +0530 |
325 | -Subject: Do not ignore write() return value |
326 | - |
327 | -Some distros set the warn_unused_result attribute for the write() |
328 | -system call, so check the return value |
329 | - |
330 | -Patch cherry-picked from upstream commit: 4c39cb09735a494099fba0474d25ff26800de952 |
331 | ---- |
332 | - pki.c | 37 ++++++++++++++++++++++++++++++++----- |
333 | - 1 file changed, 32 insertions(+), 5 deletions(-) |
334 | - |
335 | -diff --git a/pki.c b/pki.c |
336 | -index 486d9bb..57ea664 100644 |
337 | ---- a/pki.c |
338 | -+++ b/pki.c |
339 | -@@ -9,12 +9,13 @@ |
340 | - #include <unistd.h> |
341 | - #include <limits.h> |
342 | - #include "config.h" |
343 | -+#include <fcntl.h> |
344 | -+#include <assert.h> |
345 | - #ifdef WITH_SECURITY |
346 | - #include <openssl/pem.h> |
347 | - #include <openssl/err.h> |
348 | - #include <openssl/evp.h> |
349 | - #endif |
350 | --#include <fcntl.h> |
351 | - #include <libisns/isns.h> |
352 | - #include "security.h" |
353 | - #include <libisns/util.h> |
354 | -@@ -431,17 +432,43 @@ isns_dsa_load_params(const char *filename) |
355 | - return dsa; |
356 | - } |
357 | - |
358 | -+/* |
359 | -+ * write one 'status' character to stdout |
360 | -+ */ |
361 | -+static void |
362 | -+write_status_byte(int ch) |
363 | -+{ |
364 | -+ static int stdout_fd = 1; /* fileno(stdout) */ |
365 | -+ char buf[2]; |
366 | -+ int res; |
367 | -+ |
368 | -+ /* |
369 | -+ * We don't actually care about the return value here, since |
370 | -+ * we are just dumping a status byte to stdout, but |
371 | -+ * some linux distrubutions set the warn_unused_result attribute |
372 | -+ * for the write() API, so we might as well use the return value |
373 | -+ * to make sure the write command isn't broken. |
374 | -+ */ |
375 | -+ assert(ch); |
376 | -+ buf[0] = ch; |
377 | -+ buf[1] = '\0'; |
378 | -+ res = write(stdout_fd, buf, 1); |
379 | -+ assert(res == 1); |
380 | -+} |
381 | -+ |
382 | - static int |
383 | - isns_dsa_param_gen_callback(int stage, |
384 | - __attribute__((unused))int index, |
385 | - __attribute__((unused))void *dummy) |
386 | - { |
387 | - if (stage == 0) |
388 | -- write(1, "+", 1); |
389 | -+ write_status_byte('+'); |
390 | - else if (stage == 1) |
391 | -- write(1, ".", 1); |
392 | -+ write_status_byte('.'); |
393 | - else if (stage == 2) |
394 | -- write(1, "/", 1); |
395 | -+ write_status_byte('/'); |
396 | -+ |
397 | -+ /* as a callback, we must return a value, so just return success */ |
398 | - return 0; |
399 | - } |
400 | - |
401 | -@@ -478,7 +505,7 @@ isns_dsa_init_params(const char *filename) |
402 | - dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0, |
403 | - NULL, NULL, isns_dsa_param_gen_callback, NULL); |
404 | - #endif |
405 | -- write(1, "\n", 1); |
406 | -+ write_status_byte('\n'); |
407 | - |
408 | - if (dsa == NULL) { |
409 | - isns_dsasig_report_errors("Error generating DSA parameters", |
410 | diff --git a/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch b/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch |
411 | deleted file mode 100644 |
412 | index 31c6cfb..0000000 |
413 | --- a/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch |
414 | +++ /dev/null |
415 | @@ -1,22 +0,0 @@ |
416 | -From: Ritesh Raj Sarraf <rrs@debian.org> |
417 | -Date: Mon, 23 Nov 2020 22:35:57 +0530 |
418 | -Subject: Fix different signedness integer expression comparison error |
419 | - |
420 | -Issue commonly seen on 32 bit systems |
421 | ---- |
422 | - isnsdd.c | 2 +- |
423 | - 1 file changed, 1 insertion(+), 1 deletion(-) |
424 | - |
425 | -diff --git a/isnsdd.c b/isnsdd.c |
426 | -index 58825cc..9cedb9f 100644 |
427 | ---- a/isnsdd.c |
428 | -+++ b/isnsdd.c |
429 | -@@ -401,7 +401,7 @@ check_portal_registration(__attribute__((unused))void *ptr) |
430 | - continue; |
431 | - |
432 | - last_modified = isns_object_last_modified(obj); |
433 | -- if (last_modified + 2 * interval > now) { |
434 | -+ if ((time_t)(last_modified + 2 * interval) > now) { |
435 | - good_portals++; |
436 | - continue; |
437 | - } |
438 | diff --git a/debian/patches/0003-Fix-broken-server-authentication-initialization.patch b/debian/patches/0003-Fix-broken-server-authentication-initialization.patch |
439 | deleted file mode 100644 |
440 | index eb6afa7..0000000 |
441 | --- a/debian/patches/0003-Fix-broken-server-authentication-initialization.patch |
442 | +++ /dev/null |
443 | @@ -1,55 +0,0 @@ |
444 | -From: Lee Duncan <lduncan@suse.com> |
445 | -Date: Fri, 4 Dec 2020 09:14:18 -0800 |
446 | -Subject: Fix broken server authentication initialization. |
447 | - |
448 | -Commit 86bf736873ed cleaned up a bunch of compiler complaints, |
449 | -and was supposed to have no effect on functionality. But the change |
450 | -to isns_dsa_param_gen_callback() from void to returning an |
451 | -integer (zero) broke "isnsd --init", causing the error message: |
452 | - |
453 | -> Generating DSA parameters; this may take a while |
454 | -> + |
455 | -> Warning: Error generating DSA parameters - OpenSSL errors follow: |
456 | - |
457 | -This commit changes isns_dsa_param_gen_callback() back to a void |
458 | -function, and fixes the compiler problem by properly declaring |
459 | -the callback, and using the proper openssl macro to set the |
460 | -callback. |
461 | - |
462 | -Fixes: 86bf736873ed General cleanup for the compiler. |
463 | ---- |
464 | - pki.c | 7 ++----- |
465 | - 1 file changed, 2 insertions(+), 5 deletions(-) |
466 | - |
467 | -diff --git a/pki.c b/pki.c |
468 | -index 57ea664..315b56b 100644 |
469 | ---- a/pki.c |
470 | -+++ b/pki.c |
471 | -@@ -456,7 +456,7 @@ write_status_byte(int ch) |
472 | - assert(res == 1); |
473 | - } |
474 | - |
475 | --static int |
476 | -+static void |
477 | - isns_dsa_param_gen_callback(int stage, |
478 | - __attribute__((unused))int index, |
479 | - __attribute__((unused))void *dummy) |
480 | -@@ -467,9 +467,6 @@ isns_dsa_param_gen_callback(int stage, |
481 | - write_status_byte('.'); |
482 | - else if (stage == 2) |
483 | - write_status_byte('/'); |
484 | -- |
485 | -- /* as a callback, we must return a value, so just return success */ |
486 | -- return 0; |
487 | - } |
488 | - |
489 | - int |
490 | -@@ -494,7 +491,7 @@ isns_dsa_init_params(const char *filename) |
491 | - isns_notice("Generating DSA parameters; this may take a while\n"); |
492 | - #if OPENSSL_VERSION_NUMBER >= 0x10002000L |
493 | - cb = BN_GENCB_new(); |
494 | -- BN_GENCB_set(cb, (int (*)(int, int, BN_GENCB *)) isns_dsa_param_gen_callback, NULL); |
495 | -+ BN_GENCB_set_old(cb, (void (*)(int, int, void *)) isns_dsa_param_gen_callback, NULL); |
496 | - dsa = DSA_new(); |
497 | - if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) { |
498 | - DSA_free(dsa); |
499 | diff --git a/debian/patches/no-werror.patch b/debian/patches/no-werror.patch |
500 | deleted file mode 100644 |
501 | index 0ab8c07..0000000 |
502 | --- a/debian/patches/no-werror.patch |
503 | +++ /dev/null |
504 | @@ -1,15 +0,0 @@ |
505 | -Description: Build without -Werror to fix FTBFS. |
506 | -Author: Dimitri John Ledkov <xnox@ubuntu.com> |
507 | - |
508 | - |
509 | ---- open-isns-0.100.orig/configure.ac |
510 | -+++ open-isns-0.100/configure.ac |
511 | -@@ -17,7 +17,7 @@ AC_PATH_PROG(SH, sh) |
512 | - dnl C Compiler features |
513 | - AC_C_INLINE |
514 | - if test "$GCC" = "yes"; then |
515 | -- CFLAGS="-Wall -Werror -Wextra $CFLAGS" |
516 | -+ CFLAGS="-Wall -Wextra $CFLAGS" |
517 | - CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" |
518 | - fi |
519 | - |
520 | diff --git a/debian/patches/series b/debian/patches/series |
521 | deleted file mode 100644 |
522 | index 27bb459..0000000 |
523 | --- a/debian/patches/series |
524 | +++ /dev/null |
525 | @@ -1,4 +0,0 @@ |
526 | -0001-Do-not-ignore-write-return-value.patch |
527 | -0002-Fix-different-signedness-integer-expression-comparis.patch |
528 | -0003-Fix-broken-server-authentication-initialization.patch |
529 | -no-werror.patch |
530 | diff --git a/doc/isnssetup.8 b/doc/isnssetup.8 |
531 | new file mode 100644 |
532 | index 0000000..3076af5 |
533 | --- /dev/null |
534 | +++ b/doc/isnssetup.8 |
535 | @@ -0,0 +1,64 @@ |
536 | +'\" t |
537 | +.TH ISNSSETUP 8 "4 Dec 2020" |
538 | +.SH NAME |
539 | +isnssetup \- a simple script to bootstrap an iSNS server, including security |
540 | +.SH SYNOPSIS |
541 | +.B isnssetup |
542 | +.SH DESCRIPTION |
543 | +.B isnssetup |
544 | +is a command line utility for for bootstrapping your iSNS |
545 | +installation. It sets up the authentication credentials, |
546 | +sets up the |
547 | +.B ServerAddress |
548 | +to be |
549 | +.IR localhost , |
550 | +and registers the appropriate values in the |
551 | +.B iSNS |
552 | +database. The |
553 | +.B isnssetup |
554 | +script does not take any options. |
555 | +.PP |
556 | +Running this script performs the following steps: |
557 | +.TP |
558 | +.B \(bu |
559 | +Set |
560 | +.B ServerAddress |
561 | +to |
562 | +.I localhost |
563 | +and |
564 | +.B Security |
565 | +to |
566 | +.I 1 |
567 | +for |
568 | +.B isnsadmin.conf |
569 | +and |
570 | +.BR isnsdd.conf . |
571 | +.TP |
572 | +.B \(bu |
573 | +Initialize security files by running |
574 | +.BR "isnsd --init" , |
575 | +copying the public key to the server key, then restarting |
576 | +the |
577 | +.B isnsd |
578 | +daemon, so that it sees the new authorization files. |
579 | +.TP |
580 | +.B \(bu |
581 | +Registering the control node policy, the control node itself, and |
582 | +lastly registering the server policy. |
583 | +.PP |
584 | +Note that this script is supplied as an example, although you should |
585 | +be able to use it directly if you wish. You have to be |
586 | +.B root |
587 | +to run this script successfully. |
588 | +.SH BUGS |
589 | +This script does not take |
590 | +.B systemd |
591 | +into account, so you may have to modify it to get it to work on |
592 | +a modern system. |
593 | +.SH SEE ALSO |
594 | +RFC 4171, |
595 | +.BR isnsadm (8), |
596 | +.BR isnsd (8), |
597 | +.BR isns_config (5). |
598 | +.SH AUTHORS |
599 | +Olaf Kirch <olaf.kirch@oracle.com> |
600 | diff --git a/getnext.c b/getnext.c |
601 | index 2b3b3fe..9e39a5d 100644 |
602 | --- a/getnext.c |
603 | +++ b/getnext.c |
604 | @@ -244,7 +244,7 @@ isns_getnext_response_get_object(isns_simple_t *qry, |
605 | { |
606 | isns_object_template_t *tmpl; |
607 | |
608 | - tmpl = isns_object_template_for_key_attrs(&qry->is_operating_attrs); |
609 | + tmpl = isns_object_template_for_key_attrs(&qry->is_message_attrs); |
610 | if (tmpl == NULL) { |
611 | isns_error("Cannot determine object type in GetNext response\n"); |
612 | return ISNS_ATTRIBUTE_NOT_IMPLEMENTED; |
613 | diff --git a/include/libisns/.gitignore b/include/libisns/.gitignore |
614 | new file mode 100644 |
615 | index 0000000..a3757fd |
616 | --- /dev/null |
617 | +++ b/include/libisns/.gitignore |
618 | @@ -0,0 +1 @@ |
619 | +paths.h |
620 | diff --git a/include/libisns/paths.h.in b/include/libisns/paths.h.in |
621 | index 1e96e70..4d17adb 100644 |
622 | --- a/include/libisns/paths.h.in |
623 | +++ b/include/libisns/paths.h.in |
624 | @@ -9,8 +9,8 @@ |
625 | #define ISNS_CONFIG_H |
626 | |
627 | #define __OPENISNS_MKVERSION(maj, min) (((maj) << 8) + (min)) |
628 | -#define OPENISNS_VERSION __OPENISNS_MKVERSION(0, 99); |
629 | -#define OPENISNS_VERSION_STRING "0.99" |
630 | +#define OPENISNS_VERSION __OPENISNS_MKVERSION(0, 101); |
631 | +#define OPENISNS_VERSION_STRING "0.101" |
632 | |
633 | #define ISNS_ETCDIR "/etc/isns" |
634 | #define ISNS_RUNDIR "@RUNDIR@" |
635 | diff --git a/include/libisns/util.h b/include/libisns/util.h |
636 | index 4174480..f1b97f0 100644 |
637 | --- a/include/libisns/util.h |
638 | +++ b/include/libisns/util.h |
639 | @@ -14,6 +14,7 @@ |
640 | #include <string.h> // for strdup |
641 | #include <signal.h> |
642 | #include <libisns/types.h> |
643 | +#include <stdlib.h> |
644 | |
645 | #define array_num_elements(a) (sizeof(a) / sizeof((a)[0])) |
646 | |
647 | @@ -40,14 +41,22 @@ char * print_size(unsigned long); |
648 | */ |
649 | static inline void signals_hold(void) |
650 | { |
651 | - sighold(SIGTERM); |
652 | - sighold(SIGINT); |
653 | + sigset_t s; |
654 | + |
655 | + sigemptyset(&s); |
656 | + sigaddset(&s, SIGTERM); |
657 | + sigaddset(&s, SIGINT); |
658 | + sigprocmask(SIG_BLOCK, &s, 0); |
659 | } |
660 | |
661 | static inline void signals_release(void) |
662 | { |
663 | - sigrelse(SIGTERM); |
664 | - sigrelse(SIGINT); |
665 | + sigset_t s; |
666 | + |
667 | + sigemptyset(&s); |
668 | + sigaddset(&s, SIGTERM); |
669 | + sigaddset(&s, SIGINT); |
670 | + sigprocmask(SIG_UNBLOCK, &s, 0); |
671 | } |
672 | |
673 | /* |
674 | diff --git a/isnsadm.c b/isnsadm.c |
675 | index 7a96007..94c705e 100644 |
676 | --- a/isnsadm.c |
677 | +++ b/isnsadm.c |
678 | @@ -1162,7 +1162,7 @@ generate_key_callback(void) |
679 | } |
680 | |
681 | isns_attr_t * |
682 | -load_key_callback(const char *pathname) |
683 | +load_key_callback(__attribute__((unused))const char *pathname) |
684 | { |
685 | isns_fatal("Authentication disabled in this build\n"); |
686 | return NULL; |
687 | diff --git a/isnsdd.c b/isnsdd.c |
688 | index 58825cc..9cedb9f 100644 |
689 | --- a/isnsdd.c |
690 | +++ b/isnsdd.c |
691 | @@ -401,7 +401,7 @@ check_portal_registration(__attribute__((unused))void *ptr) |
692 | continue; |
693 | |
694 | last_modified = isns_object_last_modified(obj); |
695 | - if (last_modified + 2 * interval > now) { |
696 | + if ((time_t)(last_modified + 2 * interval) > now) { |
697 | good_portals++; |
698 | continue; |
699 | } |
700 | diff --git a/pki.c b/pki.c |
701 | index 486d9bb..6617b8a 100644 |
702 | --- a/pki.c |
703 | +++ b/pki.c |
704 | @@ -9,12 +9,15 @@ |
705 | #include <unistd.h> |
706 | #include <limits.h> |
707 | #include "config.h" |
708 | +#include <fcntl.h> |
709 | +#include <assert.h> |
710 | #ifdef WITH_SECURITY |
711 | #include <openssl/pem.h> |
712 | #include <openssl/err.h> |
713 | #include <openssl/evp.h> |
714 | +#include <openssl/dsa.h> |
715 | +#include <openssl/bn.h> |
716 | #endif |
717 | -#include <fcntl.h> |
718 | #include <libisns/isns.h> |
719 | #include "security.h" |
720 | #include <libisns/util.h> |
721 | @@ -96,13 +99,11 @@ isns_create_dsa_context(void) |
722 | isns_security_t *ctx; |
723 | |
724 | if (!isns_openssl_init) { |
725 | - ERR_load_crypto_strings(); |
726 | #if OPENSSL_API_COMPAT < 0x10100000L |
727 | + ERR_load_crypto_strings(); |
728 | OpenSSL_add_all_algorithms(); |
729 | OpenSSL_add_all_ciphers(); |
730 | OpenSSL_add_all_digests(); |
731 | -#else |
732 | - OPENSSL_init_crypto(); |
733 | #endif |
734 | isns_openssl_init = 1; |
735 | } |
736 | @@ -431,18 +432,41 @@ isns_dsa_load_params(const char *filename) |
737 | return dsa; |
738 | } |
739 | |
740 | -static int |
741 | +/* |
742 | + * write one 'status' character to stdout |
743 | + */ |
744 | +static void |
745 | +write_status_byte(int ch) |
746 | +{ |
747 | + static int stdout_fd = 1; /* fileno(stdout) */ |
748 | + char buf[2]; |
749 | + int res; |
750 | + |
751 | + /* |
752 | + * We don't actually care about the return value here, since |
753 | + * we are just dumping a status byte to stdout, but |
754 | + * some linux distrubutions set the warn_unused_result attribute |
755 | + * for the write() API, so we might as well use the return value |
756 | + * to make sure the write command isn't broken. |
757 | + */ |
758 | + assert(ch); |
759 | + buf[0] = ch; |
760 | + buf[1] = '\0'; |
761 | + res = write(stdout_fd, buf, 1); |
762 | + assert(res == 1); |
763 | +} |
764 | + |
765 | +static void |
766 | isns_dsa_param_gen_callback(int stage, |
767 | __attribute__((unused))int index, |
768 | __attribute__((unused))void *dummy) |
769 | { |
770 | if (stage == 0) |
771 | - write(1, "+", 1); |
772 | + write_status_byte('+'); |
773 | else if (stage == 1) |
774 | - write(1, ".", 1); |
775 | + write_status_byte('.'); |
776 | else if (stage == 2) |
777 | - write(1, "/", 1); |
778 | - return 0; |
779 | + write_status_byte('/'); |
780 | } |
781 | |
782 | int |
783 | @@ -467,7 +491,7 @@ isns_dsa_init_params(const char *filename) |
784 | isns_notice("Generating DSA parameters; this may take a while\n"); |
785 | #if OPENSSL_VERSION_NUMBER >= 0x10002000L |
786 | cb = BN_GENCB_new(); |
787 | - BN_GENCB_set(cb, (int (*)(int, int, BN_GENCB *)) isns_dsa_param_gen_callback, NULL); |
788 | + BN_GENCB_set_old(cb, (void (*)(int, int, void *)) isns_dsa_param_gen_callback, NULL); |
789 | dsa = DSA_new(); |
790 | if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) { |
791 | DSA_free(dsa); |
792 | @@ -478,7 +502,7 @@ isns_dsa_init_params(const char *filename) |
793 | dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0, |
794 | NULL, NULL, isns_dsa_param_gen_callback, NULL); |
795 | #endif |
796 | - write(1, "\n", 1); |
797 | + write_status_byte('\n'); |
798 | |
799 | if (dsa == NULL) { |
800 | isns_dsasig_report_errors("Error generating DSA parameters", |
801 | diff --git a/security.c b/security.c |
802 | index 673a26e..68eb779 100644 |
803 | --- a/security.c |
804 | +++ b/security.c |
805 | @@ -408,32 +408,34 @@ isns_security_init(void) |
806 | } |
807 | |
808 | isns_keystore_t * |
809 | -isns_create_keystore(const char *spec) |
810 | +isns_create_keystore(__attribute__((unused))const char *spec) |
811 | { |
812 | isns_no_security(); |
813 | return NULL; |
814 | } |
815 | |
816 | void |
817 | -isns_security_set_keystore(isns_security_t *ctx, |
818 | - isns_keystore_t *ks) |
819 | +isns_security_set_keystore(__attribute__((unused))isns_security_t *ctx, |
820 | + __attribute__((unused))isns_keystore_t *ks) |
821 | { |
822 | isns_no_security(); |
823 | } |
824 | |
825 | void |
826 | -isns_principal_free(isns_principal_t *peer) |
827 | +isns_principal_free(__attribute__((unused))isns_principal_t *peer) |
828 | { |
829 | } |
830 | |
831 | isns_principal_t * |
832 | -isns_get_principal(isns_security_t *ctx, const char *spi, size_t spi_len) |
833 | +isns_get_principal(__attribute__((unused))isns_security_t *ctx, |
834 | + __attribute__((unused))const char *spi, |
835 | + __attribute__((unused))size_t spi_len) |
836 | { |
837 | return NULL; |
838 | } |
839 | |
840 | const char * |
841 | -isns_principal_name(const isns_principal_t *princ) |
842 | +isns_principal_name(__attribute__((unused))const isns_principal_t *princ) |
843 | { |
844 | return NULL; |
845 | } |
846 | diff --git a/socket.c b/socket.c |
847 | index da9f5dc..432a9bd 100644 |
848 | --- a/socket.c |
849 | +++ b/socket.c |
850 | @@ -5,7 +5,7 @@ |
851 | */ |
852 | |
853 | #include <sys/socket.h> |
854 | -#include <sys/poll.h> |
855 | +#include <poll.h> |
856 | #include <sys/time.h> |
857 | #include <sys/un.h> |
858 | #include <string.h> |
859 | @@ -322,8 +322,9 @@ failed: |
860 | } |
861 | #else /* WITH_SECURITY */ |
862 | static int |
863 | -isns_pdu_authenticate(isns_security_t *sec, |
864 | - struct isns_partial_msg *msg, buf_t *bp) |
865 | +isns_pdu_authenticate(__attribute__((unused))isns_security_t *sec, |
866 | + __attribute__((unused))struct isns_partial_msg *msg, |
867 | + __attribute__((unused))buf_t *bp) |
868 | { |
869 | return 0; |
870 | } |
Hmm, maybe I'm just blind to see the reason for "through a patch file until the version bump is approved in Debian", but could you explain why this can't just be 0.101-0ubuntu1 with proper orig tarball based on 0.101?
In the past Debian was rather slow at acting on that package, so I'd not expect things soon. but-actually- 0.101-we- are-not- tellng- you" version to stay around rather long.
Which would make a "0.100-
Did you had a chance to check if the 0.101 version could work without my debian/ patches/ no-werror. patch? If it does, please drop it.
Oh and if you agree, just start the CL with "Merge 0.101 from upstream, remaining changes:"