Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

1) remove fortezza stuff
2) make sure the .chk files are there
3) fix secmod.db on 64 bit platforms to have the 32 bit nssckbi in there

Rich Megginson 20 years ago
parent
362bedccdc
commit
103a9559a8
5 changed files with 154 additions and 24 deletions
Split View Show Diff Stats
  1. 14 20
      components.mk
  2. 50 1
      internal_comp_deps.mk
  3. 6 1
      ldap/admin/src/Makefile
  4. 73 0
      ldap/admin/src/fix_secmod_db_64
  5. 11 2
      ldap/cm/newinst/ns-update

+ 14 - 20
components.mk
View File 

@@ -177,38 +177,32 @@ else
 
 endif
 
 SECURITY_INCLUDE = -I$(SECURITY_INCDIR)
 
 # add crlutil and ocspclnt when we support CRL and OCSP cert checking in DS
 
-ifeq ($(SECURITY_RELDATE), NSS_3_7_9_RTM)
 
-SECURITY_BINNAMES = certutil derdump pp pk12util ssltap modutil
 
-else
 
 SECURITY_BINNAMES = certutil derdump pp pk12util ssltap modutil shlibsign
 
-endif
 
 SECURITY_LIBNAMES = ssl3 nss3 softokn3
 
+# these libs have a corresponding .chk file
 
+SECURITY_NEED_CHK = softokn3
 
 
-SECURITY_LIBNAMES.pkg = $(SECURITY_LIBNAMES)
 
-SECURITY_LIBNAMES.pkg += smime3
 
+SECURITY_LIBNAMES.pkg = $(SECURITY_LIBNAMES) smime3
 
+
 
+# these are only needed on 32 bit Solaris and HP-UX
 
+ifneq ($(USE_64), 1)
 
 ifeq ($(ARCH), SOLARIS)
 
-SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3 fort swft
 
+SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3
 
+# these libs have a corresponding .chk file
 
+SECURITY_NEED_CHK += freebl_hybrid_3 freebl_pure32_3
 
 endif
 
 ifeq ($(ARCH), HPUX)
 
-SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3 fort swft
 
-endif
 
-ifeq ($(ARCH), AIX)
 
-SECURITY_LIBNAMES.pkg += fort swft
 
-endif
 
-ifeq ($(ARCH), OSF1)
 
-SECURITY_LIBNAMES.pkg += fort swft
 
-endif
 
-ifeq ($(ARCH), WINNT)
 
-SECURITY_LIBNAMES.pkg += fort32 swft32
 
+SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3
 
+# these libs have a corresponding .chk file
 
+SECURITY_NEED_CHK += freebl_hybrid_3 freebl_pure32_3
 
 endif
 
+endif # USE_64
 
 
 SECURITY_TOOLS = $(addsuffix $(EXE_SUFFIX),$(SECURITY_BINNAMES))
 
 SECURITY_TOOLS_FULLPATH = $(addprefix $(SECURITY_BINPATH)/, $(SECURITY_TOOLS))
 
 
 SECURITY_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_LIBNAMES.pkg)))
 
-ifneq ($(SECURITY_RELDATE), NSS_3_7_9_RTM)
 
-SECURITY_LIBS_TO_PKG += $(addsuffix .chk,$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_LIBNAMES.pkg)))
 
-endif
 
+SECURITY_LIBS_TO_PKG += $(addsuffix .chk,$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_NEED_CHK)))
 
 LIBS_TO_PKG += $(SECURITY_LIBS_TO_PKG)
 
 LIBS_TO_PKG_SHARED += $(SECURITY_LIBS_TO_PKG) # for cmd line tools
 
 ifeq ($(USE_SETUPSDK), 1)

+ 50 - 1
internal_comp_deps.mk
View File 

@@ -65,6 +65,41 @@ ifeq ($(ARCH), WINNT)
 
 else
 
   SECURITY_DEP = $(SECURITY_LIBPATH)/libssl3.$(DLL_SUFFIX)
 
 endif
 
+# if building 64 bit version, also need the 32 bit version of nssckbi.so
 
+# rename it as nssckbi32.so
 
+ifeq ($(USE_64), 1)
 
+# assumes there is a 32 bit version
 
+  SHARED32_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/shared32
 
+  NSS32_IMPORT = $(subst $(NS64TAG),,$(SECURITY_IMPORT))
 
+  NSS32_BINNAMES = modutil
 
+  NSS32_LIBNAMES = $(SECURITY_LIBNAMES.pkg)
 
+  NSS32_NEED_CHK = $(SECURITY_NEED_CHK)
 
+  ifeq ($(ARCH), SOLARIS)
 
+    NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3
 
+# these libs have a corresponding .chk file
 
+    NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3
 
+  endif
 
+  ifeq ($(ARCH), HPUX)
 
+    NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3
 
+# these libs have a corresponding .chk file
 
+    NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3
 
+  endif
 
+  NSSCKBI_FILE = $(LIB_PREFIX)nssckbi.$(DLL_SUFFIX)
 
+  NSSCKBI32_FILE = $(LIB_PREFIX)nssckbi32.$(DLL_SUFFIX)
 
+  NSS32_PULLFILES = bin/modutil lib/$(NSSCKBI_FILE) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSS32_LIBNAMES))) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .chk,$(NSS32_NEED_CHK)))
 
+
 
+  NSPR32_IMPORT = $(subst $(NS64TAG),,$(NSPR_IMPORT))
 
+  NSPR32_LIBNAMES = $(NSPR_LIBNAMES)
 
+  NSPR32_PULLFILES = lib/$(LIB_PREFIX)$(subst $(SPACE),$(COMMA)lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSPR_LIBNAMES)))
 
+
 
+# we need to package the root cert file in the alias directory
 
+  PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) alias
 
+# all other files go under shared32/bin or /lib
 
+  PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/bin/modutil shared32/bin
 
+
 
+  NSS32_NSPR32_SRC_LIBS =$(wildcard $(SHARED32_BUILD_DIR)/lib/*)
 
+  PACKAGE_SRC_DEST += $(addsuffix $(SPACE)shared32/lib,$(NSS32_NSPR32_SRC_LIBS))
 
+endif # USE_64
 
 
 ifdef VSFTPD_HACK
 
 SECURITY_FILES=lib,bin/$(subst $(SPACE),$(COMMA)bin/,$(SECURITY_TOOLS))
 
@@ -88,7 +123,21 @@ ifdef VSFTPD_HACK
 
 		-objdir $(SECURITY_BUILD_DIR) -componentdir $(COMPONENTS_DIR)/nss/$(SECURITY_RELDATE) \
 
 		-files include
 
 endif
 
-endif
 
+# if building 64 bit version, also need the 32 bit version of nssckbi.so
 
+# rename it as nssckbi32.so
 
+# also need the 32 bit modutil, other NSS shared libraries and NSPR shared libraries
 
+ifeq ($(USE_64), 1)
 
+	mkdir -p $(SHARED32_BUILD_DIR)/bin
 
+	mkdir -p $(SHARED32_BUILD_DIR)/lib
 
+	$(FTP_PULL) -method $(SECURITY_PULL_METHOD) \
 
+		-objdir $(SHARED32_BUILD_DIR) -componentdir $(NSPR32_IMPORT) \
 
+		-files $(NSPR32_PULLFILES)
 
+	$(FTP_PULL) -method $(SECURITY_PULL_METHOD) \
 
+		-objdir $(SHARED32_BUILD_DIR) -componentdir $(NSS32_IMPORT) \
 
+		-files $(subst $(SPACE),$(COMMA),$(NSS32_PULLFILES))
 
+	mv $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE)
 
+endif # USE_64
 
+endif # COMPONENT_DEPS
 
 	-@if [ ! -f $@ ] ; \
 
 	then echo "Error: could not get component NSS file $@" ; \
 
 	fi

+ 6 - 1
ldap/admin/src/Makefile
View File 

@@ -209,6 +209,10 @@ INST_INCLUDES = $(OBJDIR)/install_keywords.h
 
 TEMPLATE_SCRIPTS_SRC = $(wildcard scripts/template-*)
 
 TEMPLATE_SCRIPTS_DEST = $(subst scripts/,$(SCRIPTSDIR)/,$(TEMPLATE_SCRIPTS_SRC))
 
 
+ifeq ($(USE_64), 1)
 
+  FIX_SECMOD_DEP = $(BINDIR)/fix_secmod_db_64
 
+endif
 
+
 
 # gmake 3.74 will remove "intermediate" files if generated via a pattern match rule
 
 # this is annoying for debugging since it tries to find the .o file
 
 # if you're debugging and you want to make sure your file does not get removed
 
@@ -217,7 +221,8 @@ TEMPLATE_SCRIPTS_DEST = $(subst scripts/,$(SCRIPTSDIR)/,$(TEMPLATE_SCRIPTS_SRC))
 
 #.PRECIOUS: $(OBJDEST)/ds_db2bak.o
 
 
 all: $(BINDIR) $(OBJDEST) $(INST_INCLUDES) $(ALLOBJS) $(BINS) \
 
-	installPerlFiles $(SCRIPTSDIR) $(TEMPLATE_SCRIPTS_DEST)
 
+	installPerlFiles $(SCRIPTSDIR) $(TEMPLATE_SCRIPTS_DEST) \
 
+	$(FIX_SECMOD_DEP)
 
 
 $(SCRIPTSDIR):
 
 	$(MKDIR) $@

+ 73 - 0
ldap/admin/src/fix_secmod_db_64
View File 

@@ -0,0 +1,73 @@
 
+#!/bin/sh
 
+#
 
+# BEGIN COPYRIGHT BLOCK
 
+# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
 
+# Copyright (C) 2005 Red Hat, Inc.
 
+# All rights reserved.
 
+# END COPYRIGHT BLOCK
 
+#
 
+
 
+# We still have 32 bit applications shipped with the 64 bit DS
 
+# that need to access secmod.db and the root certs file
 
+# nssckbi shared library.  However, 32 bit apps cannot load
 
+# the 64 bit version of this shared library.  This script
 
+# changes secmod.db to have both the 32 bit and 64 bit versions
 
+# of nssckbi.
 
+
 
+# The first argument is the name of the directory where secmod.db
 
+# and the nssckbi shared libraries (64 bit and 32 bit) are.  If
 
+# secmod.db does not exist an error will occur.
 
+
 
+# The second argument is the path of the modutil
 
+# command.  If the path is omitted then PATH will be used.
 
+
 
+usage()
 
+{
 
+	echo Error: $1
 
+	echo The first argument is the name of the directory where secmod.db
 
+	echo and the nssckbi shared libraries '(64 bit and 32 bit)' are.  If
 
+	echo secmod.db does not exist an error will occur.
 
+	echo The second argument is the path where the modutil command
 
+	echo is found.
 
+}
 
+
 
+dir="$1"
 
+shift
 
+modutildir="$1"
 
+modutil=$modutildir/modutil
 
+LD_LIBRARY_PATH=$modutildir/../lib:$LD_LIBRARY_PATH
 
+SHLIB_PATH=$modutildir/../lib:$SHLIB_PATH
 
+export LD_LIBRARY_PATH SHLIB_PATH
 
+
 
+# see if correct argument was given
 
+if test \! \( "$dir" -a -d "$dir" \) ; then
 
+	usage "Invalid directory $dir"
 
+	exit 1
 
+fi
 
+
 
+# see if the files are there
 
+
 
+lib64=$dir/*nssckbi.*
 
+lib32=$dir/*nssckbi32.*
 
+
 
+if test \! \( -f $lib64 -a -f $lib32 \) ; then
 
+	usage "Files $lib64 and/or $lib32 do not exist in dir $dir"
 
+	exit 2
 
+fi
 
+
 
+if test \! -f $dir/secmod.db ; then
 
+	usage "$dir/secmod.db does not exist"
 
+	exit 3
 
+fi
 
+
 
+modname="Root Certs 32 bit"
 
+
 
+# see if the module already exists
 
+exists=0
 
+$modutil -force -nocertdb -dbdir $dir -list | grep "$modname" > /dev/null 2>&1 && exists=1
 
+
 
+if test $exists -ne 1 ; then
 
+	$modutil -force -nocertdb -dbdir $dir -add "$modname" -libfile $lib32 || usage "Could not add $modname to $dir/secmod.db: $?"
 
+else
 
+	echo "Module $modname already added to secmod.db"
 
+fi

+ 11 - 2
ldap/cm/newinst/ns-update
View File 

@@ -128,8 +128,17 @@ wrap_security_tools $sroot
 
 
 cd `dirname $0`
 
 
+rc=0
 
 if [ "$iDSISolaris" = "" ]; then  
-	exec ./ds_create $* $extraflags 
+	./ds_create $* $extraflags
 
+	rc=$?
 
 else
 
-	exec $PERL -w Install.pl $* $extraflags
 
+	$PERL -w Install.pl $* $extraflags
 
+	rc=$?
 
 fi
 
+
 
+if [ -f fix_secmod_db_64 ]; then
 
+    ./fix_secmod_db_64 $sroot/alias $sroot/shared32/bin
 
+fi
 
+
 
+exit $rc