From e9d89fb958a3b4d2c1041607785a13a2ea570511 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Mon, 4 Jul 2022 10:47:00 +0200 Subject: [PATCH] Regen patches and define DEFAULT_SKIPLIST_FILE as "RPKI_PATH_TAL_DIR/skiplist" --- ...ding-default-user-and-file-locations.patch | 29 ++++++++++--------- ...ly-placeholders-for-portability-shim.patch | 25 +++++++++------- ...utput-formats-on-non-OpenBSD-systems.patch | 12 ++++---- ...onfig_set_ca_mem-when-pledge-is-used.patch | 10 +++---- 4 files changed, 42 insertions(+), 34 deletions(-) diff --git a/patches/0001-Allow-overriding-default-user-and-file-locations.patch b/patches/0001-Allow-overriding-default-user-and-file-locations.patch index fb12cf5..dbeb000 100644 --- a/patches/0001-Allow-overriding-default-user-and-file-locations.patch +++ b/patches/0001-Allow-overriding-default-user-and-file-locations.patch @@ -1,19 +1,19 @@ -From 80af3e39c597a1c430e59cb1d055be461266610e Mon Sep 17 00:00:00 2001 +From b4076cff92329ade57513ba8d713201c78785af5 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Tue, 14 Apr 2020 22:43:56 +0200 Subject: [PATCH 1/4] Allow overriding default user and file locations Adjust version string for -portable --- - src/usr.sbin/rpki-client/extern.h | 17 +++++++++++++++++ + src/usr.sbin/rpki-client/extern.h | 19 ++++++++++++++++++- src/usr.sbin/rpki-client/main.c | 15 ++++++++------- - 2 files changed, 25 insertions(+), 7 deletions(-) + 2 files changed, 26 insertions(+), 8 deletions(-) diff --git src/usr.sbin/rpki-client/extern.h src/usr.sbin/rpki-client/extern.h -index 53d020241..d249a2d0a 100644 +index fc79967a6..bab7a440f 100644 --- src/usr.sbin/rpki-client/extern.h +++ src/usr.sbin/rpki-client/extern.h -@@ -680,8 +680,25 @@ time_t getmonotime(void); +@@ -696,10 +696,27 @@ time_t getmonotime(void); int mkpath(const char *); int mkpathat(int, const char *); @@ -37,13 +37,16 @@ index 53d020241..d249a2d0a 100644 +#define RPKI_RSYNC_CMD "openrsync" +#endif +-#define DEFAULT_SKIPLIST_FILE "/etc/rpki/skiplist" ++#define DEFAULT_SKIPLIST_FILE RPKI_PATH_TAL_DIR "/skiplist" + /* Maximum number of TAL files we'll load. */ #define TALSZ_MAX 8 diff --git src/usr.sbin/rpki-client/main.c src/usr.sbin/rpki-client/main.c -index 283d0e55a..0ae248e26 100644 +index 4949d7583..aa46ef594 100644 --- src/usr.sbin/rpki-client/main.c +++ src/usr.sbin/rpki-client/main.c -@@ -620,7 +620,7 @@ rrdp_process(struct ibuf *b) +@@ -633,7 +633,7 @@ rrdp_process(struct ibuf *b) } /* @@ -52,7 +55,7 @@ index 283d0e55a..0ae248e26 100644 * returning the number of files found and filled-in. * This may be zero. * Don't exceed "max" filenames. -@@ -628,7 +628,7 @@ rrdp_process(struct ibuf *b) +@@ -641,7 +641,7 @@ rrdp_process(struct ibuf *b) static int tal_load_default(void) { @@ -61,7 +64,7 @@ index 283d0e55a..0ae248e26 100644 int s = 0; char *path; DIR *dirp; -@@ -722,7 +722,7 @@ main(int argc, char *argv[]) +@@ -786,7 +786,7 @@ main(int argc, char *argv[]) struct msgbuf *queues[NPFD]; struct ibuf *b, *httpbuf = NULL, *procbuf = NULL; struct ibuf *rrdpbuf = NULL, *rsyncbuf = NULL; @@ -70,7 +73,7 @@ index 283d0e55a..0ae248e26 100644 char *bind_addr = NULL; const char *cachedir = NULL, *outputdir = NULL; const char *errs, *name; -@@ -737,9 +737,9 @@ main(int argc, char *argv[]) +@@ -802,9 +802,9 @@ main(int argc, char *argv[]) if (getuid() == 0) { struct passwd *pw; @@ -82,7 +85,7 @@ index 283d0e55a..0ae248e26 100644 if (setgroups(1, &pw->pw_gid) == -1 || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) -@@ -810,7 +810,8 @@ main(int argc, char *argv[]) +@@ -879,7 +879,8 @@ main(int argc, char *argv[]) verbose++; break; case 'V': @@ -92,7 +95,7 @@ index 283d0e55a..0ae248e26 100644 return 0; default: goto usage; -@@ -856,7 +857,7 @@ main(int argc, char *argv[]) +@@ -925,7 +926,7 @@ main(int argc, char *argv[]) if (talsz == 0) talsz = tal_load_default(); if (talsz == 0) @@ -102,5 +105,5 @@ index 283d0e55a..0ae248e26 100644 /* * Create the file reader as a jailed child process. -- -2.36.0 +2.36.1 diff --git a/patches/0002-Apply-placeholders-for-portability-shim.patch b/patches/0002-Apply-placeholders-for-portability-shim.patch index fa3d140..24a5999 100644 --- a/patches/0002-Apply-placeholders-for-portability-shim.patch +++ b/patches/0002-Apply-placeholders-for-portability-shim.patch @@ -1,18 +1,18 @@ -From d9d0a41cf4734c39efead1c21624a83903233aca Mon Sep 17 00:00:00 2001 +From 4720d051928686f8ab20601d4d41bc52a5c16f5f Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Mon, 20 Apr 2020 12:16:46 +0200 Subject: [PATCH 2/4] Apply placeholders for portability shim From Robert Scheck --- - src/usr.sbin/rpki-client/rpki-client.8 | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) + src/usr.sbin/rpki-client/rpki-client.8 | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) diff --git src/usr.sbin/rpki-client/rpki-client.8 src/usr.sbin/rpki-client/rpki-client.8 -index 0ba292aeb..0c702db7e 100644 +index 5c30428fb..e204ae6bc 100644 --- src/usr.sbin/rpki-client/rpki-client.8 +++ src/usr.sbin/rpki-client/rpki-client.8 -@@ -41,7 +41,7 @@ The +@@ -42,7 +42,7 @@ The .Nm utility queries the RPKI repository system with a built-in HTTP client and @@ -21,7 +21,7 @@ index 0ba292aeb..0c702db7e 100644 to fetch all X.509 certificates, manifests, and revocation lists under a given .Em Trust Anchor . .Nm -@@ -86,12 +86,12 @@ The directory where +@@ -87,12 +87,12 @@ The directory where .Nm will store the cached repository data. Defaults to @@ -36,7 +36,7 @@ index 0ba292aeb..0c702db7e 100644 to fetch repositories. It must accept the .Fl rt -@@ -174,7 +174,7 @@ This option can be used multiple times to load multiple TALs. +@@ -192,7 +192,7 @@ This option can be used multiple times to load multiple TALs. By default .Nm will load all TAL files in @@ -45,7 +45,7 @@ index 0ba292aeb..0c702db7e 100644 .It Fl V Show the version and exit. .It Fl v -@@ -185,7 +185,7 @@ The directory where +@@ -203,7 +203,7 @@ The directory where .Nm will write the output files. Defaults to @@ -54,7 +54,7 @@ index 0ba292aeb..0c702db7e 100644 .El .Pp By default -@@ -210,20 +210,20 @@ utilizes the following environment variables: +@@ -228,24 +228,24 @@ utilizes the following environment variables: URL of HTTP proxy to use. .El .Sh FILES @@ -65,6 +65,11 @@ index 0ba292aeb..0c702db7e 100644 default TAL files used unless .Fl t Ar tal is specified. +-.It Pa /etc/rpki/skiplist ++.It Pa @RPKI_TAL_DIR@/skiplist + default skiplist file, unless + .Fl S Ar skiplist + is specified. -.It Pa /var/cache/rpki-client +.It Pa @RPKI_BASE_DIR@ cached repository data. @@ -81,5 +86,5 @@ index 0ba292aeb..0c702db7e 100644 .Sh STANDARDS The following standards are used or referenced in -- -2.36.0 +2.36.1 diff --git a/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch b/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch index c0b7222..4ff7576 100644 --- a/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch +++ b/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch @@ -1,4 +1,4 @@ -From f1813677efd3f2216c939743e26d7f3918a2b77c Mon Sep 17 00:00:00 2001 +From 0b9a93bf06eb3b7d89a35cc35fa0be2202e9c41b Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Fri, 6 Nov 2020 13:19:45 +0100 Subject: [PATCH 3/4] Emit all output formats on non-OpenBSD systems @@ -9,10 +9,10 @@ Subject: [PATCH 3/4] Emit all output formats on non-OpenBSD systems 2 files changed, 5 insertions(+), 6 deletions(-) diff --git src/usr.sbin/rpki-client/main.c src/usr.sbin/rpki-client/main.c -index 0ae248e26..f8d0387b9 100644 +index aa46ef594..118445029 100644 --- src/usr.sbin/rpki-client/main.c +++ src/usr.sbin/rpki-client/main.c -@@ -849,7 +849,8 @@ main(int argc, char *argv[]) +@@ -918,7 +918,8 @@ main(int argc, char *argv[]) if ((outdirfd = open(outputdir, O_RDONLY | O_DIRECTORY)) == -1) err(1, "output directory %s", outputdir); if (outformats == 0) @@ -23,10 +23,10 @@ index 0ae248e26..f8d0387b9 100644 check_fs_size(cachefd, cachedir); diff --git src/usr.sbin/rpki-client/rpki-client.8 src/usr.sbin/rpki-client/rpki-client.8 -index 0c702db7e..0f2aef5fc 100644 +index e204ae6bc..90553b7ce 100644 --- src/usr.sbin/rpki-client/rpki-client.8 +++ src/usr.sbin/rpki-client/rpki-client.8 -@@ -190,11 +190,9 @@ Defaults to +@@ -208,11 +208,9 @@ Defaults to .Pp By default .Nm @@ -42,5 +42,5 @@ index 0c702db7e..0f2aef5fc 100644 .Nm should be run hourly by -- -2.36.0 +2.36.1 diff --git a/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch b/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch index 192779b..7013c1d 100644 --- a/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch +++ b/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch @@ -1,4 +1,4 @@ -From 1c6c7b9d561414b765099ee482db2d114814df4f Mon Sep 17 00:00:00 2001 +From 5270cfa51f5679597c3766972ea3ac940791479d Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 1 Sep 2021 16:23:36 +0200 Subject: [PATCH 4/4] Only call tls_config_set_ca_mem() when pledge() is used. @@ -8,10 +8,10 @@ Subject: [PATCH 4/4] Only call tls_config_set_ca_mem() when pledge() is used. 1 file changed, 4 insertions(+) diff --git src/usr.sbin/rpki-client/http.c src/usr.sbin/rpki-client/http.c -index fa8d1be66..c4981dc72 100644 +index f5339afcb..1bded9128 100644 --- src/usr.sbin/rpki-client/http.c +++ src/usr.sbin/rpki-client/http.c -@@ -155,8 +155,10 @@ static unsigned int http_conn_count; +@@ -154,8 +154,10 @@ static unsigned int http_conn_count; static struct msgbuf msgq; static struct sockaddr_storage http_bindaddr; static struct tls_config *tls_config; @@ -22,7 +22,7 @@ index fa8d1be66..c4981dc72 100644 /* HTTP request API */ static void http_req_new(unsigned int, char *, char *, int, int); -@@ -1752,12 +1754,14 @@ http_setup(void) +@@ -1751,12 +1753,14 @@ http_setup(void) tls_config_error(tls_config)); #endif @@ -38,5 +38,5 @@ index fa8d1be66..c4981dc72 100644 if ((httpproxy = getenv("http_proxy")) != NULL && *httpproxy == '\0') httpproxy = NULL; -- -2.36.0 +2.36.1