diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2005-03-25 19:05:37 +0000 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2005-03-25 19:05:37 +0000 |
| commit | 103a9559a8eb01a9240490fdabd53002e0367eec (patch) | |
| tree | 19613a16bd6c1fd37278b592c13f6d53ed066ae2 | |
| parent | 362bedccdc6e27683e033798d8b0bbbba88d3228 (diff) | |
| download | ds-103a9559a8eb01a9240490fdabd53002e0367eec.tar.gz ds-103a9559a8eb01a9240490fdabd53002e0367eec.tar.xz ds-103a9559a8eb01a9240490fdabd53002e0367eec.zip | |
1) remove fortezza stuff
2) make sure the .chk files are there
3) fix secmod.db on 64 bit platforms to have the 32 bit nssckbi in there
| -rw-r--r-- | components.mk | 34 | ||||
| -rw-r--r-- | internal_comp_deps.mk | 51 | ||||
| -rw-r--r-- | ldap/admin/src/Makefile | 7 | ||||
| -rwxr-xr-x | ldap/admin/src/fix_secmod_db_64 | 73 | ||||
| -rwxr-xr-x | ldap/cm/newinst/ns-update | 13 |
5 files changed, 154 insertions, 24 deletions
diff --git a/components.mk b/components.mk index ad957f35..b9652e9a 100644 --- a/components.mk +++ b/components.mk @@ -177,38 +177,32 @@ else endif SECURITY_INCLUDE = -I$(SECURITY_INCDIR) # add crlutil and ocspclnt when we support CRL and OCSP cert checking in DS -ifeq ($(SECURITY_RELDATE), NSS_3_7_9_RTM) -SECURITY_BINNAMES = certutil derdump pp pk12util ssltap modutil -else SECURITY_BINNAMES = certutil derdump pp pk12util ssltap modutil shlibsign -endif SECURITY_LIBNAMES = ssl3 nss3 softokn3 +# these libs have a corresponding .chk file +SECURITY_NEED_CHK = softokn3 -SECURITY_LIBNAMES.pkg = $(SECURITY_LIBNAMES) -SECURITY_LIBNAMES.pkg += smime3 +SECURITY_LIBNAMES.pkg = $(SECURITY_LIBNAMES) smime3 + +# these are only needed on 32 bit Solaris and HP-UX +ifneq ($(USE_64), 1) ifeq ($(ARCH), SOLARIS) -SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3 fort swft +SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3 +# these libs have a corresponding .chk file +SECURITY_NEED_CHK += freebl_hybrid_3 freebl_pure32_3 endif ifeq ($(ARCH), HPUX) -SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3 fort swft -endif -ifeq ($(ARCH), AIX) -SECURITY_LIBNAMES.pkg += fort swft -endif -ifeq ($(ARCH), OSF1) -SECURITY_LIBNAMES.pkg += fort swft -endif -ifeq ($(ARCH), WINNT) -SECURITY_LIBNAMES.pkg += fort32 swft32 +SECURITY_LIBNAMES.pkg += freebl_hybrid_3 freebl_pure32_3 +# these libs have a corresponding .chk file +SECURITY_NEED_CHK += freebl_hybrid_3 freebl_pure32_3 endif +endif # USE_64 SECURITY_TOOLS = $(addsuffix $(EXE_SUFFIX),$(SECURITY_BINNAMES)) SECURITY_TOOLS_FULLPATH = $(addprefix $(SECURITY_BINPATH)/, $(SECURITY_TOOLS)) SECURITY_LIBS_TO_PKG = $(addsuffix .$(DLL_SUFFIX),$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_LIBNAMES.pkg))) -ifneq ($(SECURITY_RELDATE), NSS_3_7_9_RTM) -SECURITY_LIBS_TO_PKG += $(addsuffix .chk,$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_LIBNAMES.pkg))) -endif +SECURITY_LIBS_TO_PKG += $(addsuffix .chk,$(addprefix $(SECURITY_LIBPATH)/$(LIB_PREFIX),$(SECURITY_NEED_CHK))) LIBS_TO_PKG += $(SECURITY_LIBS_TO_PKG) LIBS_TO_PKG_SHARED += $(SECURITY_LIBS_TO_PKG) # for cmd line tools ifeq ($(USE_SETUPSDK), 1) diff --git a/internal_comp_deps.mk b/internal_comp_deps.mk index f78d8db1..96c1655a 100644 --- a/internal_comp_deps.mk +++ b/internal_comp_deps.mk @@ -65,6 +65,41 @@ ifeq ($(ARCH), WINNT) else SECURITY_DEP = $(SECURITY_LIBPATH)/libssl3.$(DLL_SUFFIX) endif +# if building 64 bit version, also need the 32 bit version of nssckbi.so +# rename it as nssckbi32.so +ifeq ($(USE_64), 1) +# assumes there is a 32 bit version + SHARED32_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/shared32 + NSS32_IMPORT = $(subst $(NS64TAG),,$(SECURITY_IMPORT)) + NSS32_BINNAMES = modutil + NSS32_LIBNAMES = $(SECURITY_LIBNAMES.pkg) + NSS32_NEED_CHK = $(SECURITY_NEED_CHK) + ifeq ($(ARCH), SOLARIS) + NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3 +# these libs have a corresponding .chk file + NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3 + endif + ifeq ($(ARCH), HPUX) + NSS32_LIBNAMES += freebl_hybrid_3 freebl_pure32_3 +# these libs have a corresponding .chk file + NSS32_NEED_CHK += freebl_hybrid_3 freebl_pure32_3 + endif + NSSCKBI_FILE = $(LIB_PREFIX)nssckbi.$(DLL_SUFFIX) + NSSCKBI32_FILE = $(LIB_PREFIX)nssckbi32.$(DLL_SUFFIX) + NSS32_PULLFILES = bin/modutil lib/$(NSSCKBI_FILE) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSS32_LIBNAMES))) $(addprefix lib/$(LIB_PREFIX),$(addsuffix .chk,$(NSS32_NEED_CHK))) + + NSPR32_IMPORT = $(subst $(NS64TAG),,$(NSPR_IMPORT)) + NSPR32_LIBNAMES = $(NSPR_LIBNAMES) + NSPR32_PULLFILES = lib/$(LIB_PREFIX)$(subst $(SPACE),$(COMMA)lib/$(LIB_PREFIX),$(addsuffix .$(DLL_SUFFIX),$(NSPR_LIBNAMES))) + +# we need to package the root cert file in the alias directory + PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) alias +# all other files go under shared32/bin or /lib + PACKAGE_SRC_DEST += $(SHARED32_BUILD_DIR)/bin/modutil shared32/bin + + NSS32_NSPR32_SRC_LIBS =$(wildcard $(SHARED32_BUILD_DIR)/lib/*) + PACKAGE_SRC_DEST += $(addsuffix $(SPACE)shared32/lib,$(NSS32_NSPR32_SRC_LIBS)) +endif # USE_64 ifdef VSFTPD_HACK SECURITY_FILES=lib,bin/$(subst $(SPACE),$(COMMA)bin/,$(SECURITY_TOOLS)) @@ -88,7 +123,21 @@ ifdef VSFTPD_HACK -objdir $(SECURITY_BUILD_DIR) -componentdir $(COMPONENTS_DIR)/nss/$(SECURITY_RELDATE) \ -files include endif -endif +# if building 64 bit version, also need the 32 bit version of nssckbi.so +# rename it as nssckbi32.so +# also need the 32 bit modutil, other NSS shared libraries and NSPR shared libraries +ifeq ($(USE_64), 1) + mkdir -p $(SHARED32_BUILD_DIR)/bin + mkdir -p $(SHARED32_BUILD_DIR)/lib + $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ + -objdir $(SHARED32_BUILD_DIR) -componentdir $(NSPR32_IMPORT) \ + -files $(NSPR32_PULLFILES) + $(FTP_PULL) -method $(SECURITY_PULL_METHOD) \ + -objdir $(SHARED32_BUILD_DIR) -componentdir $(NSS32_IMPORT) \ + -files $(subst $(SPACE),$(COMMA),$(NSS32_PULLFILES)) + mv $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI_FILE) $(SHARED32_BUILD_DIR)/lib/$(NSSCKBI32_FILE) +endif # USE_64 +endif # COMPONENT_DEPS -@if [ ! -f $@ ] ; \ then echo "Error: could not get component NSS file $@" ; \ fi diff --git a/ldap/admin/src/Makefile b/ldap/admin/src/Makefile index 0bde63e7..3fb8c671 100644 --- a/ldap/admin/src/Makefile +++ b/ldap/admin/src/Makefile @@ -209,6 +209,10 @@ INST_INCLUDES = $(OBJDIR)/install_keywords.h TEMPLATE_SCRIPTS_SRC = $(wildcard scripts/template-*) TEMPLATE_SCRIPTS_DEST = $(subst scripts/,$(SCRIPTSDIR)/,$(TEMPLATE_SCRIPTS_SRC)) +ifeq ($(USE_64), 1) + FIX_SECMOD_DEP = $(BINDIR)/fix_secmod_db_64 +endif + # gmake 3.74 will remove "intermediate" files if generated via a pattern match rule # this is annoying for debugging since it tries to find the .o file # if you're debugging and you want to make sure your file does not get removed @@ -217,7 +221,8 @@ TEMPLATE_SCRIPTS_DEST = $(subst scripts/,$(SCRIPTSDIR)/,$(TEMPLATE_SCRIPTS_SRC)) #.PRECIOUS: $(OBJDEST)/ds_db2bak.o all: $(BINDIR) $(OBJDEST) $(INST_INCLUDES) $(ALLOBJS) $(BINS) \ - installPerlFiles $(SCRIPTSDIR) $(TEMPLATE_SCRIPTS_DEST) + installPerlFiles $(SCRIPTSDIR) $(TEMPLATE_SCRIPTS_DEST) \ + $(FIX_SECMOD_DEP) $(SCRIPTSDIR): $(MKDIR) $@ diff --git a/ldap/admin/src/fix_secmod_db_64 b/ldap/admin/src/fix_secmod_db_64 new file mode 100755 index 00000000..d2c530e4 --- /dev/null +++ b/ldap/admin/src/fix_secmod_db_64 @@ -0,0 +1,73 @@ +#!/bin/sh +# +# BEGIN COPYRIGHT BLOCK +# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +# Copyright (C) 2005 Red Hat, Inc. +# All rights reserved. +# END COPYRIGHT BLOCK +# + +# We still have 32 bit applications shipped with the 64 bit DS +# that need to access secmod.db and the root certs file +# nssckbi shared library. However, 32 bit apps cannot load +# the 64 bit version of this shared library. This script +# changes secmod.db to have both the 32 bit and 64 bit versions +# of nssckbi. + +# The first argument is the name of the directory where secmod.db +# and the nssckbi shared libraries (64 bit and 32 bit) are. If +# secmod.db does not exist an error will occur. + +# The second argument is the path of the modutil +# command. If the path is omitted then PATH will be used. + +usage() +{ + echo Error: $1 + echo The first argument is the name of the directory where secmod.db + echo and the nssckbi shared libraries '(64 bit and 32 bit)' are. If + echo secmod.db does not exist an error will occur. + echo The second argument is the path where the modutil command + echo is found. +} + +dir="$1" +shift +modutildir="$1" +modutil=$modutildir/modutil +LD_LIBRARY_PATH=$modutildir/../lib:$LD_LIBRARY_PATH +SHLIB_PATH=$modutildir/../lib:$SHLIB_PATH +export LD_LIBRARY_PATH SHLIB_PATH + +# see if correct argument was given +if test \! \( "$dir" -a -d "$dir" \) ; then + usage "Invalid directory $dir" + exit 1 +fi + +# see if the files are there + +lib64=$dir/*nssckbi.* +lib32=$dir/*nssckbi32.* + +if test \! \( -f $lib64 -a -f $lib32 \) ; then + usage "Files $lib64 and/or $lib32 do not exist in dir $dir" + exit 2 +fi + +if test \! -f $dir/secmod.db ; then + usage "$dir/secmod.db does not exist" + exit 3 +fi + +modname="Root Certs 32 bit" + +# see if the module already exists +exists=0 +$modutil -force -nocertdb -dbdir $dir -list | grep "$modname" > /dev/null 2>&1 && exists=1 + +if test $exists -ne 1 ; then + $modutil -force -nocertdb -dbdir $dir -add "$modname" -libfile $lib32 || usage "Could not add $modname to $dir/secmod.db: $?" +else + echo "Module $modname already added to secmod.db" +fi diff --git a/ldap/cm/newinst/ns-update b/ldap/cm/newinst/ns-update index b521aebd..997c436b 100755 --- a/ldap/cm/newinst/ns-update +++ b/ldap/cm/newinst/ns-update @@ -128,8 +128,17 @@ wrap_security_tools $sroot cd `dirname $0` +rc=0 if [ "$iDSISolaris" = "" ]; then - exec ./ds_create $* $extraflags + ./ds_create $* $extraflags + rc=$? else - exec $PERL -w Install.pl $* $extraflags + $PERL -w Install.pl $* $extraflags + rc=$? fi + +if [ -f fix_secmod_db_64 ]; then + ./fix_secmod_db_64 $sroot/alias $sroot/shared32/bin +fi + +exit $rc |