ports/155876: [PATCH] security/shibboleth2-sp: do not clobber/remove customizable files; rc.d script fixes

Craig Leres leres at ee.lbl.gov
Wed Mar 23 01:10:01 UTC 2011 

>Number:         155876
>Category:       ports
>Synopsis:       [PATCH] security/shibboleth2-sp: do not clobber/remove
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 23 01:10:00 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Craig Leres
>Release:        FreeBSD 7.2-RELEASE i386
>Organization:
Lawrence Berkeley National Laboratory
>Environment:
	FreeBSD lns.lbl.gov 7.2-RELEASE FreeBSD 7.2-RELEASE #5: Wed May  5
13:33:30 PDT 2010
leres at fun.ee.lbl.gov:/usr/src/7.2-RELEASE/sys/i386/compile/LBLSMP  i386

>Description:
	On package installation, the shibboleth2-sp port clobbers
	configurable files. On un-installation, it removes them.

	Also, there are a number of problems with the rc.d script.
	It does not obey the shibboleth_sp_flags, shibboleth_sp_program
	or shibboleth_sp_pidfile rc.conf options. And the backgrounding
	(&) of shibd is not needed.

>How-To-Repeat:
>Fix:
	The attached patch always installs the .dist versions of
	config files and only installs the non-dist versions when
	they do not already exist. When the package is deleted, the
	non-dist versions are not removed if they have been changed.

	This allows the package to be uninstalled and reinstalled
	without trashing the config.

	The is also a patch for the rc.d script to honor rc.conf
	shibboleth_sp_* settings.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2JR5EACgkQWxlAhAje3Ju14QCfR5JNNPjA9p5i9r7qiGZrSaPg
CwsAnijXP2/83SmFSSsgymsbFbStre7r
=YfDh
-----END PGP SIGNATURE-----

--------------040500090704010309070004
Content-Type: text/plain;
 name="patch-Makefile"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="patch-Makefile"

--- Makefile.orig	2010-12-04 00:49:02.000000000 -0800
+++ Makefile	2011-03-22 17:49:47.000000000 -0700
@@ -2,12 +2,12 @@
 # Date created:		17 Sept2008
 # Whom:			Janos Mohacsi <janos.mohacsi at bsd.hu>
 #
-# $FreeBSD: ports/security/shibboleth2-sp/Makefile,v 1.8 2010/12/04 07:33:31 ade Exp $
+# $FreeBSD$
 #
 
 PORTNAME=	shibboleth-sp
 PORTVERSION=	2.3.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security www
 MASTER_SITES=	http://shibboleth.internet2.edu/downloads/shibboleth/cppsp/${PORTVERSION}/
 
@@ -53,4 +53,31 @@
 	${RM} ${WRKSRC}/aclocal.m4
 	@cd ${WRKSRC} && ${AUTORECONF} -fvi
 
+SHIB_DISTFILES= \
+	etc/shibboleth/accessError.html \
+	etc/shibboleth/attribute-map.xml \
+	etc/shibboleth/attribute-policy.xml \
+	etc/shibboleth/bindingTemplate.html \
+	etc/shibboleth/console.logger \
+	etc/shibboleth/discoveryTemplate.html \
+	etc/shibboleth/example-metadata.xml \
+	etc/shibboleth/globalLogout.html \
+	etc/shibboleth/localLogout.html \
+	etc/shibboleth/metadataError.html \
+	etc/shibboleth/native.logger \
+	etc/shibboleth/partialLogout.html \
+	etc/shibboleth/postTemplate.html \
+	etc/shibboleth/sessionError.html \
+	etc/shibboleth/shibboleth2.xml \
+	etc/shibboleth/shibd.logger \
+	etc/shibboleth/sslError.html \
+	etc/shibboleth/syslog.logger
+
+post-install:
+	@for fn in ${SHIB_DISTFILES}; do \
+		if [ ! -f ${PREFIX}/$${fn} ]; then \
+			${CP} -p ${PREFIX}/$${fn}.dist ${PREFIX}/$${fn} ; \
+		fi \
+	done
+
 .include <bsd.port.post.mk>

--------------040500090704010309070004
Content-Type: text/plain;
 name="patch-files-shibboleth-sp.in"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="patch-files-shibboleth-sp.in"

--- files/shibboleth-sp.in.orig	2010-03-27 04:27:29.000000000 -0700
+++ files/shibboleth-sp.in	2011-03-22 17:28:11.000000000 -0700
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: ports/security/shibboleth2-sp/files/shibboleth-sp.in,v 1.3 2010/03/27 00:14:48 dougb Exp $
+# $FreeBSD$
 #
 # PROVIDE: shibboleth_sp
 # REQUIRE: DAEMON
@@ -11,10 +11,10 @@
 name="shibboleth_sp"
 rcvar=${name}_enable
 
-[ -z "$shibboleth_sp_enable" ] && shibboleth_sp_enable="NO"
-pidfile="/var/run/${name}.pid"
-command="%%PREFIX%%/sbin/shibd"
-start_cmd="${command} -f -p ${pidfile} &"
-
 load_rc_config $name
+
+command=${shibboleth_sp_program:-%%PREFIX%%/sbin/shibd}
+pidfile="${shibboleth_sp_pidfile:-/var/run/${name}.pid}"
+command_args="-f -p ${pidfile}"
+
 run_rc_command "$1"

--------------040500090704010309070004
Content-Type: text/plain;
 name="patch-pkg-plist"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="patch-pkg-plist"

--- pkg-plist.orig	2010-01-26 04:25:20.000000000 -0800
+++ pkg-plist	2011-03-22 17:46:56.000000000 -0700
@@ -1,37 +1,37 @@
 bin/mdquery
 bin/resolvertest
 etc/shibboleth/metagen.sh
-etc/shibboleth/native.logger
+ at unexec if cmp -s %D/etc/shibboleth/native.logger.dist %D/etc/shibboleth/native.logger; then rm -f %D/etc/shibboleth/native.logger; fi
 etc/shibboleth/native.logger.dist
-etc/shibboleth/shibd.logger
+ at unexec if cmp -s %D/etc/shibboleth/shibd.logger.dist %D/etc/shibboleth/shibd.logger; then rm -f %D/etc/shibboleth/shibd.logger; fi
 etc/shibboleth/shibd.logger.dist
-etc/shibboleth/shibboleth2.xml
+ at unexec if cmp -s %D/etc/shibboleth/shibboleth2.xml.dist %D/etc/shibboleth/shibboleth2.xml; then rm -f %D/etc/shibboleth/shibboleth2.xml; fi
 etc/shibboleth/shibboleth2.xml.dist
-etc/shibboleth/attribute-map.xml
+ at unexec if cmp -s %D/etc/shibboleth/attribute-map.xml.dist %D/etc/shibboleth/attribute-map.xml; then rm -f %D/etc/shibboleth/attribute-map.xml; fi
 etc/shibboleth/attribute-map.xml.dist
-etc/shibboleth/attribute-policy.xml
+ at unexec if cmp -s %D/etc/shibboleth/attribute-policy.xml.dist %D/etc/shibboleth/attribute-policy.xml; then rm -f %D/etc/shibboleth/attribute-policy.xml; fi
 etc/shibboleth/attribute-policy.xml.dist
-etc/shibboleth/example-metadata.xml
+ at unexec if cmp -s %D/etc/shibboleth/example-metadata.xml.dist %D/etc/shibboleth/example-metadata.xml; then rm -f %D/etc/shibboleth/example-metadata.xml; fi
 etc/shibboleth/example-metadata.xml.dist
-etc/shibboleth/console.logger
+ at unexec if cmp -s %D/etc/shibboleth/console.logger.dist %D/etc/shibboleth/console.logger; then rm -f %D/etc/shibboleth/console.logger; fi
 etc/shibboleth/console.logger.dist
-etc/shibboleth/syslog.logger
+ at unexec if cmp -s %D/etc/shibboleth/syslog.logger.dist %D/etc/shibboleth/syslog.logger; then rm -f %D/etc/shibboleth/syslog.logger; fi
 etc/shibboleth/syslog.logger.dist
-etc/shibboleth/accessError.html
+ at unexec if cmp -s %D/etc/shibboleth/accessError.html.dist %D/etc/shibboleth/accessError.html; then rm -f %D/etc/shibboleth/accessError.html; fi
 etc/shibboleth/accessError.html.dist
-etc/shibboleth/sessionError.html
+ at unexec if cmp -s %D/etc/shibboleth/sessionError.html.dist %D/etc/shibboleth/sessionError.html; then rm -f %D/etc/shibboleth/sessionError.html; fi
 etc/shibboleth/sessionError.html.dist
-etc/shibboleth/metadataError.html
+ at unexec if cmp -s %D/etc/shibboleth/metadataError.html.dist %D/etc/shibboleth/metadataError.html; then rm -f %D/etc/shibboleth/metadataError.html; fi
 etc/shibboleth/metadataError.html.dist
-etc/shibboleth/bindingTemplate.html
+ at unexec if cmp -s %D/etc/shibboleth/bindingTemplate.html.dist %D/etc/shibboleth/bindingTemplate.html; then rm -f %D/etc/shibboleth/bindingTemplate.html; fi
 etc/shibboleth/bindingTemplate.html.dist
-etc/shibboleth/discoveryTemplate.html
+ at unexec if cmp -s %D/etc/shibboleth/discoveryTemplate.html.dist %D/etc/shibboleth/discoveryTemplate.html; then rm -f %D/etc/shibboleth/discoveryTemplate.html; fi
 etc/shibboleth/discoveryTemplate.html.dist
-etc/shibboleth/localLogout.html
+ at unexec if cmp -s %D/etc/shibboleth/localLogout.html.dist %D/etc/shibboleth/localLogout.html; then rm -f %D/etc/shibboleth/localLogout.html; fi
 etc/shibboleth/localLogout.html.dist
-etc/shibboleth/globalLogout.html
+ at unexec if cmp -s %D/etc/shibboleth/globalLogout.html.dist %D/etc/shibboleth/globalLogout.html; then rm -f %D/etc/shibboleth/globalLogout.html; fi
 etc/shibboleth/globalLogout.html.dist
-etc/shibboleth/sslError.html
+ at unexec if cmp -s %D/etc/shibboleth/sslError.html.dist %D/etc/shibboleth/sslError.html; then rm -f %D/etc/shibboleth/sslError.html; fi
 etc/shibboleth/sslError.html.dist
 etc/shibboleth/shibd-redhat
 etc/shibboleth/shibd-debian
@@ -44,9 +44,9 @@
 etc/shibboleth/upgrade.xsl
 etc/shibboleth/sp-key.pem
 etc/shibboleth/sp-cert.pem
-etc/shibboleth/postTemplate.html
+ at unexec if cmp -s %D/etc/shibboleth/postTemplate.html.dist %D/etc/shibboleth/postTemplate.html; then rm -f %D/etc/shibboleth/postTemplate.html; fi
 etc/shibboleth/postTemplate.html.dist
-etc/shibboleth/partialLogout.html
+ at unexec if cmp -s %D/etc/shibboleth/partialLogout.html.dist %D/etc/shibboleth/partialLogout.html; then rm -f %D/etc/shibboleth/partialLogout.html; fi
 etc/shibboleth/partialLogout.html.dist
 include/shibsp/attribute/filtering/AttributeFilter.h
 include/shibsp/attribute/filtering/BasicFilteringContext.h

--------------040500090704010309070004
Content-Type: application/octet-stream;
 name="patch-Makefile.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="patch-Makefile.sig"

iEYEABECAAYFAk2JR5EACgkQWxlAhAje3JsLWwCeIsbeLNVVS8H/rwTdiRehenz25e0An3v5
GcvyqPlm3PaMZ4ruQJ7eY/x6
--------------040500090704010309070004
Content-Type: application/octet-stream;
 name="patch-files-shibboleth-sp.in.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="patch-files-shibboleth-sp.in.sig"

iEYEABECAAYFAk2JR5EACgkQWxlAhAje3JvFlwCfWSGkIv5fBWMei9GDYIt3edfQZZ8An0Ok
2+OH58jpvfub+J1LnmP3xiDX
--------------040500090704010309070004
Content-Type: application/octet-stream;
 name="patch-pkg-plist.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="patch-pkg-plist.sig"

iEYEABECAAYFAk2JR5EACgkQWxlAhAje3JvN7gCfT8QBXyIQtAYoHcusj6eNWTd4so4AoJM1
7KZ7Q0emov/42jI8g0yUEUm9
--------------040500090704010309070004--
>Release-Note:
>Audit-Trail:
>Unformatted:
 This is a multi-part message in MIME format.
 --------------040500090704010309070004
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 
 customizable files; rc.d script fixes

More information about the freebsd-ports-bugs mailing list