From: Jennifer Richards Date: Tue, 11 Jul 2017 15:01:57 +0000 (-0400) Subject: Merge fixes from jennifer/filter-dev branch X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=a3c6cbaf3003fc86851f84c3640e9b454420ba38;hp=a883368f8ce1e2b362be31382301b25dca367850;p=trust_router.git Merge fixes from jennifer/filter-dev branch --- diff --git a/configure.ac b/configure.ac index dabfd1e..25f1340 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ(2.63) -AC_INIT([trust_router],[2.1.1], +AC_INIT([trust_router],[3.0.0], [bugs@project-moonshot.org]) AC_CONFIG_MACRO_DIR(m4) AC_CONFIG_AUX_DIR(build-aux) diff --git a/debian/.git-dpm b/debian/.git-dpm new file mode 100644 index 0000000..e28df73 --- /dev/null +++ b/debian/.git-dpm @@ -0,0 +1,8 @@ +# see git-dpm(1) from git-dpm package +f159988592bd2db0f7ef6662a9117af6b82b23ff +f159988592bd2db0f7ef6662a9117af6b82b23ff +bbf497cdf42f068cae597f3a38e2d2400470119b +bbf497cdf42f068cae597f3a38e2d2400470119b +moonshot-trust-router_1.4.1.orig.tar.gz +a8c6fb6b6f9cfd2bcec95a9433723147d24a48ba +371621 diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..c2d2f27 --- /dev/null +++ b/debian/README @@ -0,0 +1,6 @@ +The Debian Package moonshot-trust-router +---------------------------- + +Comments regarding the Package + + -- Sam Hartman Wed, 05 Dec 2012 14:24:54 -0500 diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..d15c432 --- /dev/null +++ b/debian/TODO @@ -0,0 +1,7 @@ +* Service files and possibly init scripts for trust_router and tids (tids already has service file) + +Sadly, the code in its current state really works a lot better with +journald than another logging approach, so there's a huge advantage to +using systemd. + +* Include pointers to what we have for current documentation. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..d837928 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,216 @@ +moonshot-trust-router (3.0.0-1) unstable; urgency=medium + + * New upstream release + * Support full TID and TRP filtering + * Add --version option + + -- Jennifer Richards Thu, 06 Jun 2017 12:22:37 -0400 + +moonshot-trust-router (2.1.1-1) unstable; urgency=medium + + * New upstream release + * Support community information flooding + * Support support multiple AAA servers for an IdP + * Support IPv6 addressing + + -- Jennifer Richards Thu, 26 Jan 2017 18:00:00 -0400 + +moonshot-trust-router (2.0-1) UNRELEASED; urgency=low + + * New upstream release + * Support dynamic trust route peering, flooding, and discovery + * Support TID request routing + * New configuration file format + + -- Jennifer Richards Tue, 20 Sep 2016 14:57:24 -0400 + +moonshot-trust-router (1.5.1~2) unstable; urgency=medium + + * Fix insert statement + + -- Sam Hartman Wed, 25 Mar 2015 21:20:54 -0400 + +moonshot-trust-router (1.5.1~1) unstable; urgency=medium + + * New Upstream version to fix key expiration schema/view + + -- Sam Hartman Wed, 25 Mar 2015 14:30:01 -0400 + +moonshot-trust-router (1.5~4) unstable; urgency=medium + + * Fix versioning because we want to fix the gss_delete_sec_context for wheezy + * Move logging section to tr_internal + + -- Sam Hartman Tue, 17 Mar 2015 15:20:21 -0400 + +moonshot-trust-router (1.5~3) unstable; urgency=medium + + * Pull in expiration fix + * Depend on sufficiently new moonshot-gss-eap to avoid + delete_sec_context problem + + -- Sam Hartman Tue, 17 Mar 2015 12:27:57 -0400 + +moonshot-trust-router (1.5~2) UNRELEASED; urgency=medium + + * Fix comparison operator + + -- Sam Hartman Fri, 13 Mar 2015 16:23:37 -0400 + +moonshot-trust-router (1.5~1) unstable; urgency=medium + + * New Upstream Release + * Support Key expiration and logging + + -- Sam Hartman Wed, 11 Mar 2015 10:52:39 -0400 + +moonshot-trust-router (1.4.1-2) unstable; urgency=medium + + * Print default realm from Config (LP: #1386654) + + -- Sam Hartman Tue, 04 Nov 2014 15:50:04 -0500 + +moonshot-trust-router (1.4.1-1) unstable; urgency=medium + + * New upstream version + * Fix major bug in handling of community lookups when defaulting is + not used. + + -- Sam Hartman Tue, 07 Oct 2014 07:19:13 -0400 + +moonshot-trust-router (1.4-9) unstable; urgency=medium + + * Fix lintian errors: + - Update LSB header for tids init script + - Make tids wrapper executable + - Override things lintian gets wrong + + -- Sam Hartman Fri, 03 Oct 2014 16:22:31 -0400 + +moonshot-trust-router (1.4-8) unstable; urgency=medium + + * Fix umask of database + + -- Sam Hartman Fri, 03 Oct 2014 11:15:57 -0400 + +moonshot-trust-router (1.4-7) unstable; urgency=medium + + * Remove debugging and fix postinst script to work when SHELL is not set. + + -- Sam Hartman Fri, 03 Oct 2014 10:20:15 -0400 + +moonshot-trust-router (1.4-6) unstable; urgency=medium + + * Even more debugging + + -- Sam Hartman Thu, 02 Oct 2014 16:44:20 -0400 + +moonshot-trust-router (1.4-5) unstable; urgency=medium + + * Even more debugging + + -- Sam Hartman Thu, 02 Oct 2014 16:01:30 -0400 + +moonshot-trust-router (1.4-4) unstable; urgency=medium + + * postinst quiet about user creation + * tids.init:fix run levels + * Add debugging to postinst to try and understand dvd creation bug + + -- Sam Hartman Wed, 01 Oct 2014 22:37:46 -0400 + +moonshot-trust-router (1.4-3) unstable; urgency=medium + + * Create a schema on upgrade or install + + -- Sam Hartman Tue, 30 Sep 2014 15:21:43 -0400 + +moonshot-trust-router (1.4-2) unstable; urgency=medium + + * Update to fix bug in init script, Thanks Stefan + + -- Sam Hartman Tue, 30 Sep 2014 14:53:39 -0400 + +moonshot-trust-router (1.4-1) unstable; urgency=medium + + * New Upstream version + * Install tids init script, thanks Stefan Paetow + + -- Sam Hartman Fri, 26 Sep 2014 10:45:18 -0400 + +moonshot-trust-router (1.3.1-1) unstable; urgency=medium + + * New Upstream Version + * Initial Debian release, Closes: #759398 + * Use git dpm and 3.0 quilt source format + + -- Sam Hartman Wed, 27 Aug 2014 19:13:23 -0400 + +moonshot-trust-router (1.3-1) unstable; urgency=medium + + * New upstream version + + -- Sam Hartman Tue, 22 Jul 2014 12:05:27 -0400 + +moonshot-trust-router (1.2-4) unstable; urgency=medium + + * Fix another bug in tids.service + + -- Sam Hartman Mon, 26 May 2014 15:43:46 -0400 + +moonshot-trust-router (1.2-3) unstable; urgency=medium + + * trust_router not trustrouter in tids.service + + -- Sam Hartman Wed, 21 May 2014 16:02:15 -0400 + +moonshot-trust-router (1.2-2) unstable; urgency=medium + + * Include systemd service and schema file + * Create trustrouter user on install + + -- Sam Hartman Mon, 19 May 2014 20:48:12 -0400 + +moonshot-trust-router (1.2-1) unstable; urgency=low + + * New upstream version. + * Includes constraints, gss-name change and settable port number. + + -- Margaret Wasserman Tue, 18 Mar 2014 18:00:19 -0400 + +moonshot-trust-router (1.0.1-1) unstable; urgency=low + + * New upstream version + + -- Sam Hartman Fri, 20 Dec 2013 15:17:17 -0500 + +moonshot-trust-router (1.0-2) unstable; urgency=low + + * New release including trustidentity for acceptor + + -- Sam Hartman Wed, 20 Nov 2013 08:26:16 -0500 + +moonshot-trust-router (1.0-1) unstable; urgency=low + + * New upstream version, 1.0 release + + -- Mark Donnelly Thu, 18 Jul 2013 11:00:32 -0400 + +moonshot-trust-router (0.2+20130506-1) unstable; urgency=low + + * New upstream version, beta release + + -- Margaret Wasserman Mon, 06 May 2013 15:40:43 -0400 + +moonshot-trust-router (0.1+20130418-1) unstable; urgency=low + + * New upstream version + * Includes trust router and working tids + + -- Sam Hartman Thu, 18 Apr 2013 11:47:21 -0400 + +moonshot-trust-router (0.0+20121205) unstable; urgency=low + + * Initial Release. + + -- Sam Hartman Wed, 05 Dec 2012 14:24:54 -0500 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..48c962f --- /dev/null +++ b/debian/compat @@ -0,0 +1,2 @@ +9 + diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..6c4df8a --- /dev/null +++ b/debian/control @@ -0,0 +1,65 @@ +Source: moonshot-trust-router +Section: net +Priority: extra +Maintainer: Sam Hartman +Build-Depends: debhelper (>= 9), autotools-dev, automake, autoconf, libtool, libjansson-dev, libkrb5-dev (>= 1.10~), dh-autoreconf, libssl-dev, libsqlite3-dev, libtalloc-dev, libglib2.0-dev, libevent-dev +Standards-Version: 3.9.5 +Homepage: http://www.project-moonshot.org/ +Vcs-Git: git://git.project-moonshot.org/trust_router.git + +Package: moonshot-trust-router +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, moonshot-gss-eap (>= 0.9.2-3+deb8u1), adduser, sqlite3 +Description: Moonshot Trust Router + Moonshot allows services using GSS-API applications to gain federated + access to identities provided by other organizations. Moonshot uses + EAP and RADIUS over TLS for authentication and federation and SAML + for enhanced attribute exchange. + . + This package provides the trust router and associated commands. The + trust router provides authenticated key exchange so that RADIUS + proxies in one organization can connect to RADIUS servers (providing + identities) in another organization. + +Package: moonshot-trust-router-dev +Section: libdevel +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libtr-tid2 (= ${binary:Version}) +Description: Development environment for the Trust Router + Moonshot allows services using GSS-API applications to gain federated + access to identities provided by other organizations. Moonshot uses + EAP and RADIUS over TLS for authentication and federation and SAML + for enhanced attribute exchange. + . + This package provides the trust router development environment. The + trust router provides authenticated key exchange so that RADIUS + proxies in one organization can connect to RADIUS servers (providing + identities) in another organization. + + +Package: libtr-tid2 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Breaks: moonshot-gss-eap (<< 0.9.2-3+deb8u1) +Pre-Depends: ${misc:Pre-Depends} +Multi-Arch: same +Description: Moonshot Temporary Identity Shared Libraries + Moonshot allows services using GSS-API applications to gain federated + access to identities provided by other organizations. Moonshot uses + EAP and RADIUS over TLS for authentication and federation and SAML + for enhanced attribute exchange. + . + This package provides the trust router's Temporary Identity Protocol + client and server library. The trust router provides authenticated + key exchange so that RADIUS proxies in one organization can connect + to RADIUS servers (providing identities) in another organization. + + +Package: moonshot-trust-router-dbg +Section: debug +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, moonshot-trust-router (= ${binary:Version}) |libtr-tid2 (= ${binary:Version}) +Description: Trust Router Debugging Symbols + This package includes debugging symbols for trust router libraries + and binaries. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..265970b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,121 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: git://git.project-moonshot.org/trust_router.git + +Files: * +Copyright: 2009-2014 JANET(UK) +License: BSD-3-clause + +Files: gsscon/* +Copyright: 2012-2014 JANET(UK) + 2004-2006 Massachusetts Institute of Technology. +License: BSD-3-clause and OLD-MIT-KERBEROS + Copyright (c) 2012, JANET(UK) + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + 3. Neither the name of JANET(UK) nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + . + This code was adapted from the MIT Kerberos Consortium's + GSS example code, which was distributed under the following + license: + Copyright 2004-2006 Massachusetts Institute of Technology. + All Rights Reserved. + . + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of M.I.T. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. Furthermore if you modify this software you must label + your software as modified software and not distribute it in such a + fashion that it might be confused with the original M.I.T. software. + M.I.T. makes no representations about the suitability of + this software for any purpose. It is provided "as is" without express + or implied warranty. + + +Files: common/jansson_iterators.h +Copyright: 2009-2013 Petri Lehtinen +License: JANSSON + Jansson is free software; you can redistribute it and/or modify + it under the terms of the MIT license. See LICENSE for details. + Copyright (c) 2009-2013 Petri Lehtinen + . + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + + +Files: debian/* +Copyright: 2012-2014 Sam Hartman +License: BSD-3-clause + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + 3. Neither the name of JANET(UK) nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..e69de29 diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..0347681 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,7 @@ +[DEFAULT] +pristine-tar=True +pristine-tar-commit=True +debian-branch=debian +debian-tag=debian/%(version)s +upstream-branch=master +upstream-tag=v%(version)s diff --git a/debian/libtr-tid2.install b/debian/libtr-tid2.install new file mode 100644 index 0000000..3de3b10 --- /dev/null +++ b/debian/libtr-tid2.install @@ -0,0 +1 @@ +usr/lib/*/*.so.* diff --git a/debian/libtr-tid2.symbols b/debian/libtr-tid2.symbols new file mode 100644 index 0000000..d70d8a3 --- /dev/null +++ b/debian/libtr-tid2.symbols @@ -0,0 +1,57 @@ +libtr_tid.so.2 libtr-tid2 #MINVER# + tid_dup_req@Base 1.3 + tid_req_free@Base 1.3 + tid_req_get_comm@Base 1.3 + tid_req_get_conn@Base 1.3 + tid_req_get_cookie@Base 1.3 + tid_req_get_gssctx@Base 1.3 + tid_req_get_next_req@Base 1.3 + tid_req_get_orig_coi@Base 1.3 + tid_req_get_realm@Base 1.3 + tid_req_get_resp_func@Base 1.3 + tid_req_get_resp_rcvd@Base 1.3 + tid_req_get_resp_sent@Base 1.3 + tid_req_get_rp_realm@Base 1.3 + tid_req_new@Base 1.3 + tid_resp_get_comm@Base 1.3 + tid_resp_get_err_msg@Base 1.3 + tid_resp_get_num_servers@Base 1.3 + tid_resp_get_orig_coi@Base 1.3 + tid_resp_get_realm@Base 1.3 + tid_resp_get_result@Base 1.3 + tid_resp_get_rp_realm@Base 1.3 + tid_resp_get_server@Base 1.3 + tid_srvr_get_address@Base 1.3 + tid_srvr_get_dh@Base 1.3 + tid_srvr_get_key_name@Base 1.3 + tidc_create@Base 1.3 + tidc_destroy@Base 1.3 + tidc_fwd_request@Base 1.3 + tidc_get_dh@Base 1.3 + tidc_open_connection@Base 1.3 + tidc_send_request@Base 1.3 + tidc_set_dh@Base 1.3 + tids_create@Base 1.3 + tids_destroy@Base 1.3 + tids_send_err_response@Base 1.3 + tids_send_response@Base 1.3 + tids_start@Base 1.3 + tr_bin_to_hex@Base 1.3 + tr_compute_dh_key@Base 1.3 + tr_constraint_add_to_set@Base 1.3 + tr_constraint_set_filter@Base 1.3 + tr_constraint_set_get_match_strings@Base 1.3 + tr_constraint_set_intersect@Base 1.3 + tr_constraint_set_validate@Base 1.3 + tr_create_dh_params@Base 1.3 + tr_create_matching_dh@Base 1.3 + tr_destroy_dh_params@Base 1.3 + tr_dh_free@Base 1.3 + tr_dh_pub_hash@Base 1.3 + tr_dup_name@Base 1.3 + tr_free_name@Base 1.3 + tr_name_cmp@Base 1.3 + tr_name_strdup@Base 1.3 + tr_name_strlcat@Base 1.3 + tr_new_name@Base 1.3 + tr_prefix_wildcard_match@Base 1.3 diff --git a/debian/moonshot-trust-router-dev.install b/debian/moonshot-trust-router-dev.install new file mode 100644 index 0000000..371f0ee --- /dev/null +++ b/debian/moonshot-trust-router-dev.install @@ -0,0 +1,3 @@ +usr/lib/*/*so +usr/lib/*/*.a +usr/include diff --git a/debian/moonshot-trust-router.dirs b/debian/moonshot-trust-router.dirs new file mode 100644 index 0000000..7cee9c9 --- /dev/null +++ b/debian/moonshot-trust-router.dirs @@ -0,0 +1 @@ +usr/lib/trust_router diff --git a/debian/moonshot-trust-router.install b/debian/moonshot-trust-router.install new file mode 100644 index 0000000..a44bfaf --- /dev/null +++ b/debian/moonshot-trust-router.install @@ -0,0 +1,8 @@ +usr/bin/tidc +usr/bin/tids +usr/bin/trpc +usr/bin/trust_router +usr/share/trust_router/* +lib/systemd/system/* + +debian/tids-wrapper usr/lib/trust_router diff --git a/debian/moonshot-trust-router.lintian-overrides b/debian/moonshot-trust-router.lintian-overrides new file mode 100644 index 0000000..e61e544 --- /dev/null +++ b/debian/moonshot-trust-router.lintian-overrides @@ -0,0 +1,6 @@ +moonshot-trust-router: binary-without-manpage usr/bin/tidc +moonshot-trust-router: binary-without-manpage usr/bin/trust_router +moonshot-trust-router: binary-without-manpage usr/bin/tids +moonshot-trust-router: script-not-executable usr/share/trust_router/redhat/* +# No, actually we do test earlier and exit if the default file is not present +moonshot-trust-router: init.d-script-sourcing-without-test diff --git a/debian/moonshot-trust-router.postinst b/debian/moonshot-trust-router.postinst new file mode 100644 index 0000000..b2cbbdb --- /dev/null +++ b/debian/moonshot-trust-router.postinst @@ -0,0 +1,44 @@ +#!/bin/sh + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + if dpkg --compare-versions "$2" lt 1.2-2; then + adduser --quiet --system --home /var/lib/trust_router --group --disabled-login trustrouter + fi + if dpkg --compare-versions "$2" lt-nl 1.5.1 ; then + # Schema updated + rm -f /var/lib/trust_router/keys + fi + su -s /bin/sh -c "umask 027&&sqlite3 &2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/moonshot-trust-router.tids.init b/debian/moonshot-trust-router.tids.init new file mode 100644 index 0000000..95f6bd1 --- /dev/null +++ b/debian/moonshot-trust-router.tids.init @@ -0,0 +1,104 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: tids +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Required-Start: $local_fs $remote_fs $network +# Required-Stop:local_fs $remote_fs $network +# Should-Start: freeradius +# Short-Description: Starts Moonshot TIDS +# Description: Starts the Moonshot Temporary ID Service +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +. /lib/lsb/init-functions + +[ -z "$HOME" ] && export HOME=/ + +usage() { + echo "Usage: $0 {start|stop|status}" +} + +# Load the configuration +[ -f /etc/default/trust_router ] || exit 0 +. /etc/default/trust_router +TIDS_PIDDIR=/var/run/trust_router +TIDS_LOGDIR=/var/log/trust_router + +# Create the PID and LOG directories +[ -d "$TIDS_PIDDIR" ] || mkdir -p $TIDS_PIDDIR && chown $TIDS_USER:$TIDS_GROUP $TIDS_PIDDIR +[ -d "$TIDS_LOGDIR" ] || mkdir -p $TIDS_LOGDIR && chown $TIDS_USER:$TIDS_GROUP $TIDS_LOGDIR + +# Some variables +prog=/usr/lib/trust_router/tids-wrapper +PIDFILE="$TIDS_PIDDIR/tids.pid" +LOGFILE="$TIDS_LOGDIR/tids.log" + +# Does the trust router and wrapper exist +[ -x /usr/bin/tids ] || exit 5 +[ -x $prog ] || exit 5 + +[ -f "$LOGFILE" ] || touch $LOGFILE && chown $TIDS_USER:$TIDS_GROUP $LOGFILE + +OPTIONS="$PIDFILE $LOGFILE $ipaddr $gssname $hostname /var/lib/trust_router/keys" + +case $1 in + start) + if [ -f ${PIDFILE} ] ; + then + OLD_PID=$(cat "$PIDFILE") + + if [ -d "/proc/$OLD_PID" ] ; + then + echo "Error: TIDS already running" ; exit 1 + else + rm $PIDFILE + fi + fi + + timestamp=$(date) + echo "$timestamp Starting TIDS..." >> $LOGFILE + log_daemon_msg "Starting TIDS" "tids" + start-stop-daemon --start --chuid $TIDS_USER --pidfile $PIDFILE --oknodo --startas $prog $OPTIONS + status=$? + log_end_msg $status + ;; + stop) + timestamp=$(date) + echo "$timestamp Stopping TIDS..." >> $LOGFILE + log_daemon_msg "Stopping TIDS" "tids" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE + status=$? + log_end_msg $status + rm -f $PIDFILE + ;; + status) + if [ -f $PIDFILE ] ; + then + PID=$(cat "$PIDFILE") + + if [ -d "/proc/$PID" ] ; + then + echo "TIDS is running (pid $PID)" + else + if [ -e $PIDFILE ] ; then + echo "TIDS appears to be dead but its PID file exists" + else + echo "TIDS appears to be stopped" + fi + fi + else + echo "TIDS appears to be stopped" + fi + exit 0 + ;; + reload | force-reload | condrestart | try-restart) + usage + exit 3 + ;; + *) + usage + exit 2 + ;; +esac diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..fa83728 --- /dev/null +++ b/debian/rules @@ -0,0 +1,26 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ --with autoreconf --parallel + +override_dh_auto_configure: + dh_auto_configure -- --with-systemdsystemunitdir=/lib/systemd/system + +override_dh_install: + chmod a+x debian/tids-wrapper + dh_install + +override_dh_strip: + dh_strip --dbg-package=moonshot-trust-router-dbg + +override_dh_installinit: + dh_installinit --name tids diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tids-wrapper b/debian/tids-wrapper new file mode 100755 index 0000000..831cb3a --- /dev/null +++ b/debian/tids-wrapper @@ -0,0 +1,14 @@ +#! /usr/bin/env bash + +PIDFILE=$1 +LOGFILE=$2 +shift 2 + +unset DISPLAY +/usr/bin/tids $@ >> $LOGFILE 2>&1 & +BGPID=$! +RET=$? + +echo $BGPID > $PIDFILE + +exit $RET diff --git a/tr/.gitignore b/tr/.gitignore deleted file mode 100644 index 5231f6e..0000000 --- a/tr/.gitignore +++ /dev/null @@ -1 +0,0 @@ -tr diff --git a/trust_router.spec b/trust_router.spec index b2be331..69701ed 100644 --- a/trust_router.spec +++ b/trust_router.spec @@ -1,6 +1,6 @@ %global optflags %{optflags} -Wno-parentheses Name: trust_router -Version: 2.1.1 +Version: 3.0.0 Release: 1%{?dist} Summary: Moonshot Trust Router