From 85ae620c53f6c41dcc8344144ff0b00d85d70d0b Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:43 +0100 Subject: [PATCH 01/10] tlsdate-helper: Include the CA cert container path in error messages It makes debugging permission issues or incorrect paths more convenient. --- src/tlsdate-helper.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c index 9f1eac8..000ce28 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c @@ -842,7 +842,7 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion) { if (-1 == stat (ca_cert_container, &statbuf)) { - die("Unable to stat CA certficate container\n"); + die("Unable to stat CA certficate container %s\n", ca_cert_container); } else { @@ -857,7 +857,7 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion) fprintf(stderr, "x509parse_crtpath failed\n"); break; default: - die("Unable to load CA certficate container\n"); + die("Unable to load CA certficate container %s\n", ca_cert_container); } } } @@ -996,7 +996,7 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion) { if (-1 == stat(ca_cert_container, &statbuf)) { - die("Unable to stat CA certficate container\n"); + die("Unable to stat CA certficate container %s\n", ca_cert_container); } else { switch (statbuf.st_mode & S_IFMT) @@ -1013,7 +1013,7 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion) if (1 != SSL_CTX_load_verify_locations(ctx, NULL, ca_cert_container)) { fprintf(stderr, "SSL_CTX_load_verify_locations failed\n"); - die("Unable to load CA certficate container\n"); + die("Unable to load CA certficate container %s\n", ca_cert_container); } } } -- 1.8.1.5 From e3a9fdaaada7168a27cf7a5b5fa3e9a2ea05f58e Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:44 +0100 Subject: [PATCH 02/10] return-argc: Fix prototype to silence compiler complaint --- src/test/return-argc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/return-argc.c b/src/test/return-argc.c index 8cb22c8..3bcface 100644 --- a/src/test/return-argc.c +++ b/src/test/return-argc.c @@ -1,3 +1,3 @@ /* return-argc.c - returns argc */ -int main(int argc) { return argc; } +int main(int argc, char *argv[]) { return argc; } -- 1.8.1.5 From 6625554eb0b372fb8b15cd96b1225e9fd231aca2 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:43 +0100 Subject: [PATCH 03/10] tlsdate-helper: Remove a pointless assignment --- src/tlsdate-helper.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c index 000ce28..a553f1b 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c @@ -606,7 +606,6 @@ uint32_t check_name (SSL *ssl, const char *hostname) { uint32_t ret; - ret = 0; ret = check_cn(ssl, hostname); ret += check_san(ssl, hostname); if (0 != ret && 0 < ret) -- 1.8.1.5 From 77e5c1577d87d393ef7541aaa16bd42a7ffa7921 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:43 +0100 Subject: [PATCH 04/10] Fix a small memory leak in a conf_parse() error path --- src/conf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/conf.c b/src/conf.c index f57af88..be78573 100644 --- a/src/conf.c +++ b/src/conf.c @@ -58,6 +58,7 @@ struct conf_entry *conf_parse(FILE *f) if (!e->key || (val && !e->value)) { free(e->key); free(e->value); + free(e); goto fail; } if (!head) { -- 1.8.1.5 From f95e59d1fde44e780ba9d458055648d3a6cf8296 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:43 +0100 Subject: [PATCH 05/10] Fix a typo in the Mac OS X instructions --- INSTALL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index 263fe92..526ff63 100644 --- a/INSTALL +++ b/INSTALL @@ -5,7 +5,7 @@ Building and install of tlsdate on GNU/Linux should be as easy as: make make install -On Mac OS X, we requrie that you have XCode installed. You may also need brew +On Mac OS X, we require that you have XCode installed. You may also need brew for autoconf and automake packages: brew install autoconf automake libtool pkg-config -- 1.8.1.5 From 6dd86375dcabe73c009a64c367ed6c3810e9668b Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:43 +0100 Subject: [PATCH 06/10] autogen.sh: Ignore autoconf warnings on FreeBSD Prevents "upstream" issues like: fk@r500 ~/git/tlsdate $./autogen.sh autoreconf-2.69: Entering directory `.' autoreconf-2.69: configure.ac: not using Gettext autoreconf-2.69: running: aclocal --force -I m4 aclocal-1.12: warnings are treated as errors /usr/local/share/aclocal/libxosd.m4:9: warning: underquoted definition of AM_PATH_LIBXOSD /usr/local/share/aclocal/libxosd.m4:9: run info Automake 'Extending aclocal' /usr/local/share/aclocal/libxosd.m4:9: or see http://www.gnu.org/software/automake/manual/automake.html#Extending-aclocal autoreconf-2.69: aclocal failed with exit status: 1 --- autogen.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/autogen.sh b/autogen.sh index bd7a15f..c014aee 100755 --- a/autogen.sh +++ b/autogen.sh @@ -10,8 +10,10 @@ if [ ! -d config ]; then mkdir config; fi - -WARNINGS="all,error" -export WARNINGS +if [ $(uname) != FreeBSD ]; +then + WARNINGS="all,error" + export WARNINGS +fi autoreconf --install --verbose --force -- 1.8.1.5 From 23e06d9568f8187cabc8e5b32005346fa979ca08 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:44 +0100 Subject: [PATCH 07/10] Add FreeBSD support for tlsdate and tlsdate-helper --- CHANGELOG | 1 + INSTALL | 2 +- configure.ac | 13 +++++++++++++ m4/ax_platform.m4 | 6 ++++-- src/Makefile.am | 9 +++++++++ src/compat/clock.h | 2 +- src/compat/include.am | 4 ++++ src/include.am | 24 +++++++++++++++++++++++- src/proxy-bio-unittest.c | 4 ++++ 9 files changed, 60 insertions(+), 5 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 7806fa2..e201a16 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ Fix a race in tlsdate-dbus-announce that can cause signal drops. Support -l argument to tlsdated. Pass -l and -v arguments from tlsdated to tlsdate. + Add FreeBSD support for tlsdate and tlsdate-helper. 0.0.6 Mon 18 Feb, 2013 Ensure that tlsdate compiles with g++ by explicit casting rather than implicit casting by whatever compiler is compiling tlsdate. diff --git a/INSTALL b/INSTALL index 526ff63..a4181cc 100644 --- a/INSTALL +++ b/INSTALL @@ -1,4 +1,4 @@ -Building and install of tlsdate on GNU/Linux should be as easy as: +Building and install of tlsdate on GNU/Linux and FreeBSD should be as easy as: ./autogen.sh ./configure diff --git a/configure.ac b/configure.ac index 5d52d16..b95a8be 100644 --- a/configure.ac +++ b/configure.ac @@ -159,6 +159,19 @@ case "$host" in [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; + *-freebsd*) + dnl This is for FreeBSD + dnl clock_gettime is either part of libc or unavailable. + AC_CHECK_FUNC([clock_gettime], , + [AC_MSG_ERROR([Your system lacks clock_gettime])]) + AC_ARG_WITH([unpriv-group], + [AS_HELP_STRING([--with-unpriv-group=], + [Group to drop privs to @<:@default: nobody@:>@])]) + AS_CASE([$with_unpriv_group], + [""|yes|no], [UNPRIV_GROUP="nobody"], + [*], [UNPRIV_GROUP=$with_unpriv_group]) + AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) + ;; *-linux*) dnl This is for GNU/Linux dnl Check for clock_gettime. Some systems put it into -lc, while diff --git a/m4/ax_platform.m4 b/m4/ax_platform.m4 index a689fa7..405a2d4 100644 --- a/m4/ax_platform.m4 +++ b/m4/ax_platform.m4 @@ -46,8 +46,9 @@ # define SHUT_RDWR SD_BOTH #endif ])], - [*freebsd*],[AC_DEFINE([TARGET_OS_FREEBSD],[1],[Whether we are building for FreeBSD]) - AC_DEFINE([__APPLE_CC__],[1],[Workaround for bug in FreeBSD headers])], + [*freebsd*], + [TARGET_OS_FREEBSD="true" + AC_DEFINE([TARGET_OS_FREEBSD],[1],[Whether we are building for FreeBSD])], [*solaris*],[AC_DEFINE([TARGET_OS_SOLARIS],[1],[Whether we are building for Solaris])], [*darwin*], [TARGET_OSX="true" @@ -59,4 +60,5 @@ AM_CONDITIONAL([BUILD_WIN32],[test "x${TARGET_WINDOWS}" = "xtrue"]) AM_CONDITIONAL([TARGET_OSX],[test "x${TARGET_OSX}" = "xtrue"]) AM_CONDITIONAL([TARGET_LINUX],[test "x${TARGET_LINUX}" = "xtrue"]) + AM_CONDITIONAL([TARGET_FREEBSD],[test "x${TARGET_OS_FREEBSD}" = "xtrue"]) ]) diff --git a/src/Makefile.am b/src/Makefile.am index 443e1a3..68553be 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -8,6 +8,10 @@ bin_PROGRAMS = tlsdate-routeup tlsdate tlsdate-helper \ tlsdated tlsdated_unittest endif +if TARGET_FREEBSD +bin_PROGRAMS = tlsdate tlsdate-helper +endif + if TARGET_OSX bin_PROGRAMS = tlsdate tlsdate-helper endif @@ -37,6 +41,11 @@ tlsdate_helper_LDADD = @SSL_LIBS@ @SSL_LDFLAGS@ -lrt \ $(top_builddir)/src/compat/libtlsdate_compat.la endif +if TARGET_FREEBSD +tlsdate_helper_LDADD = @SSL_LIBS@ @SSL_LDFLAGS@ -lrt \ + $(top_builddir)/src/compat/libtlsdate_compat.la +endif + if TARGET_OSX tlsdate_helper_LDADD = @SSL_LIBS@ @SSL_LDFLAGS@ -lrt \ $(top_builddir)/src/compat/.libs/libtlsdate_compat.dylib diff --git a/src/compat/clock.h b/src/compat/clock.h index ffd7f4b..4e172a8 100644 --- a/src/compat/clock.h +++ b/src/compat/clock.h @@ -26,7 +26,7 @@ #endif struct tlsdate_time { -#ifdef __linux__ +#if defined(__linux__) || defined(__FreeBSD__) struct timespec tp; #elif defined(__APPLE__) mach_timespec_t tp; diff --git a/src/compat/include.am b/src/compat/include.am index 43168d8..a13b91d 100644 --- a/src/compat/include.am +++ b/src/compat/include.am @@ -16,4 +16,8 @@ if TARGET_LINUX src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif +if TARGET_FREEBSD +src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c +endif + src_compat_libtlsdate_compat_la_LIBADD+= @RT_LIB@ diff --git a/src/include.am b/src/include.am index 9711973..9b3d132 100644 --- a/src/include.am +++ b/src/include.am @@ -23,12 +23,22 @@ check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif +if TARGET_FREEBSD +bin_PROGRAMS+= src/tlsdate +bin_PROGRAMS+= src/tlsdate-helper + +src_conf_unittest_SOURCES = src/conf.c +src_conf_unittest_SOURCES+= src/conf-unittest.c +check_PROGRAMS+= src/conf_unittest +noinst_PROGRAMS+= src/conf_unittest +endif + if TARGET_OSX bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper endif -# This doesn't work on Mac OS X +# This doesn't work on Mac OS X or FreeBSD if TARGET_LINUX src_tlsdate_routeup_CFLAGS = -DROUTEUP_MAIN src_tlsdate_routeup_SOURCES = src/routeup.c @@ -86,6 +96,18 @@ noinst_PROGRAMS+= src/proxy-bio_unittest endif endif +if TARGET_FREEBSD +if !POLARSSL +src_proxy_bio_unittest_LDADD = @SSL_LIBS@ +src_proxy_bio_unittest_SOURCES = src/proxy-bio.c +src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c +src_proxy_bio_unittest_SOURCES+= src/test-bio.c +src_proxy_bio_unittest_SOURCES+= src/util.c +check_PROGRAMS+= src/proxy-bio_unittest +noinst_PROGRAMS+= src/proxy-bio_unittest +endif +endif + # We're not shipping headers noinst_HEADERS+= src/routeup.h noinst_HEADERS+= src/test_harness.h diff --git a/src/proxy-bio-unittest.c b/src/proxy-bio-unittest.c index ec562fc..a9f6c94 100644 --- a/src/proxy-bio-unittest.c +++ b/src/proxy-bio-unittest.c @@ -5,7 +5,11 @@ * found in the LICENSE file. */ +#if defined(__linux__) #include +#elseif defined(__FreeBSD__) +#include +#endif #include "src/proxy-bio.h" #include "src/test-bio.h" -- 1.8.1.5 From daab369e50641a76f4d240d783713e10a4992db1 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:44 +0100 Subject: [PATCH 08/10] configure.ac: Add an explicit check for fmemopen on FreeBSD The unit tests need it and segfault if the autoconf goo picks up a compiler that hides the prototype. --- configure.ac | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configure.ac b/configure.ac index b95a8be..0df7d5f 100644 --- a/configure.ac +++ b/configure.ac @@ -164,6 +164,11 @@ case "$host" in dnl clock_gettime is either part of libc or unavailable. AC_CHECK_FUNC([clock_gettime], , [AC_MSG_ERROR([Your system lacks clock_gettime])]) + dnl If the autoconf goo picks up a compiler that runs in pre-POSIX mode, + dnl the fmemopen prototype is hidden causing the unit tests to segfault. + dnl This can happen if gcc is a symlink to gcc46 and is preferred to clang. + AC_CHECK_FUNC([fmemopen], , + [AC_MSG_ERROR([Missing fmemopen, unit tests are likely to segfault. Try CC=clang.])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) -- 1.8.1.5 From 8fdfc577c1995cc83fc3c3e81b5f9c5eeaca31a6 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:44 +0100 Subject: [PATCH 09/10] Makefile.am: Only try to run tlsdated_unittest on GNU/Linux It currently doesn't compile on FreeBSD (and probably Mac OS X). Only tested on FreeBSD where this commit gets the "check" target working. --- Makefile.am | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 26d0439..caa6da9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,7 +14,10 @@ noinst_LTLIBRARIES= noinst_PROGRAMS= # GNU style is "make check", this will make check and test work -TESTS+= src/conf_unittest src/tlsdated_unittest src/proxy-bio_unittest +TESTS+= src/conf_unittest src/proxy-bio_unittest +if TARGET_LINUX +TESTS+= src/tlsdated_unittest +endif test: check ACLOCAL_AMFLAGS= -I m4 -- 1.8.1.5 From 2357df232086c0e42ce59f6e328cbccacacbc0ee Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 15 Mar 2013 15:50:44 +0100 Subject: [PATCH 10/10] Install GNU/Linux-only files only on GNU/Linux Only tested on FreeBSD. --- Makefile.am | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index caa6da9..2691e0d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -63,16 +63,22 @@ cert_DATA = ca-roots/tlsdate-ca-roots.conf EXTRA_DIST+= $(cert_DATA) confdir = @TLSDATE_CONF_DIR@ +if TARGET_LINUX conf_DATA = etc/tlsdated.conf EXTRA_DIST+= $(conf_DATA) +endif # Our documentation man_MANS+= man/tlsdate.1 -man_MANS+= man/tlsdated.1 man_MANS+= man/tlsdate-helper.1 + +if TARGET_LINUX +man_MANS+= man/tlsdated.1 man_MANS+= man/tlsdate-routeup.1 man_MANS+= man/tlsdated.conf.5 man_MANS+= man/tlsdate-dbus-announce.1 +endif + EXTRA_DIST+= $(man_MANS) .PHONY: debian_orig git-tag git-push git-tag-debian deb really-clean valgrind_test -- 1.8.1.5