* [gentoo-commits] repo/gentoo:master commit in: net-nds/nsscache/files/, net-nds/nsscache/
@ 2016-01-02 23:29 Robin H. Johnson
0 siblings, 0 replies; 2+ messages in thread
From: Robin H. Johnson @ 2016-01-02 23:29 UTC (permalink / raw
To: gentoo-commits
commit: fd568c0975ab6ef95dc75af7d888cdfa4177c374
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 2 23:28:07 2016 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat Jan 2 23:29:29 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd568c09
net-nds/nsscache: backport LDAP fix, add safe AuthorizedKeysCommand (upstream example has security issue).
Package-Manager: portage-2.2.24
net-nds/nsscache/files/authorized-keys-command.py | 52 ++++++++++++++++++++++
net-nds/nsscache/files/nsscache-0.30-ldapssh.patch | 41 +++++++++++++++++
net-nds/nsscache/nsscache-0.30-r1.ebuild | 46 +++++++++++++++++++
3 files changed, 139 insertions(+)
diff --git a/net-nds/nsscache/files/authorized-keys-command.py b/net-nds/nsscache/files/authorized-keys-command.py
new file mode 100644
index 0000000..085be71
--- /dev/null
+++ b/net-nds/nsscache/files/authorized-keys-command.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python
+# vim: ts=4 sts=4 et:
+# pylint: disable=invalid-name
+"""
+OpenSSH AuthorizedKeysCommand: NSSCache input
+Copyright 2016 Gentoo Foundation
+Distributed is distributed under the BSD license.
+
+This script returns one or more authorized keys for use by SSH, by extracting
+them from a local cache file /etc/sshkey.cache.
+
+Two variants are supported, based on the existing nsscache code:
+Format 1:
+ username:key1
+ username:key2
+Format 2:
+ username:['key1', 'key2']
+
+Ensure this script is mentioned in the sshd_config like so:
+AuthorizedKeysCommand /path/to/nsscache/authorized-keys-command.py
+"""
+from __future__ import print_function
+from ast import literal_eval
+from os.path import basename
+import sys
+import errno
+
+SSHKEY_CACHE = '/etc/sshkey.cache'
+
+if __name__ == "__main__":
+ if len(sys.argv) != 2:
+ sys.exit("Usage: %s %s" % (basename(sys.argv[0]), 'USERNAME'))
+
+ try:
+ with open(SSHKEY_CACHE, 'r') as f:
+ for line in f:
+ (username, key) = line.split(':', 1)
+ if username != sys.argv[1]:
+ continue
+ key = key.strip()
+ if key.startswith("[") and key.endswith("]"):
+ # Python array
+ for i in literal_eval(key):
+ print(i.strip())
+ else:
+ # Raw key
+ print(key)
+ except IOError as err:
+ if err.errno in [errno.EPERM, errno.ENOENT]:
+ pass
+ else:
+ raise err
diff --git a/net-nds/nsscache/files/nsscache-0.30-ldapssh.patch b/net-nds/nsscache/files/nsscache-0.30-ldapssh.patch
new file mode 100644
index 0000000..59adde1
--- /dev/null
+++ b/net-nds/nsscache/files/nsscache-0.30-ldapssh.patch
@@ -0,0 +1,41 @@
+From cc0f2d7485205d6f9b8c434cb0da292e12448216 Mon Sep 17 00:00:00 2001
+From: Thomas Glanzmann <thomas@glanzmann.de>
+Date: Wed, 2 Sep 2015 17:01:40 +0200
+Subject: [PATCH] Provider parameter when calling SshkeyUpdateGetter in order
+ to fix sshkey
+
+Without this change retrieving the map sshkey results in the following exception:
+
+(localhost) [~/work/nsscache] nsscache update
+Traceback (most recent call last):
+ File "/usr/bin/nsscache", line 33, in <module>
+ return_value = nsscache_app.Run(sys.argv[1:], os.environ)
+ File "/usr/lib/python2.6/site-packages/nss_cache/app.py", line 240, in Run
+ retval = command_callable().Run(conf=conf, args=args)
+ File "/usr/lib/python2.6/site-packages/nss_cache/command.py", line 230, in Run
+ force_lock=options.force_lock)
+ File "/usr/lib/python2.6/site-packages/nss_cache/command.py", line 303, in UpdateMaps
+ force_write=force_write)
+ File "/usr/lib/python2.6/site-packages/nss_cache/update/updater.py", line 265, in UpdateFromSource
+ force_write, location=None)
+ File "/usr/lib/python2.6/site-packages/nss_cache/update/map_updater.py", line 75, in UpdateCacheFromSource
+ location=location)
+ File "/usr/lib/python2.6/site-packages/nss_cache/sources/source.py", line 65, in GetMap
+ return self.GetSshkeyMap(since)
+ File "/usr/lib/python2.6/site-packages/nss_cache/sources/ldapsource.py", line 274, in GetSshkeyMap
+ return SshkeyUpdateGetter().GetUpdates(source=self,
+TypeError: __init__() takes exactly 2 arguments (1 given)
+
+diff --git a/nss_cache/sources/ldapsource.py b/nss_cache/sources/ldapsource.py
+index 2af170e..5ffea81 100644
+--- a/nss_cache/sources/ldapsource.py
++++ b/nss_cache/sources/ldapsource.py
+@@ -271,7 +271,7 @@ class LdapSource(source.Source):
+ Returns:
+ instance of maps.SshkeyMap
+ """
+- return SshkeyUpdateGetter().GetUpdates(source=self,
++ return SshkeyUpdateGetter(self.conf).GetUpdates(source=self,
+ search_base=self.conf['base'],
+ search_filter=self.conf['filter'],
+ search_scope=self.conf['scope'],
diff --git a/net-nds/nsscache/nsscache-0.30-r1.ebuild b/net-nds/nsscache/nsscache-0.30-r1.ebuild
new file mode 100644
index 0000000..e34e87b
--- /dev/null
+++ b/net-nds/nsscache/nsscache-0.30-r1.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils distutils-r1
+
+DESCRIPTION="commandline tool to sync directory services to local cache"
+HOMEPAGE="https://github.com/google/nsscache"
+SRC_URI="https://github.com/google/nsscache/archive/version/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+IUSE="nssdb nsscache"
+
+DEPEND="${PYTHON_DEPS}
+ dev-python/python-ldap[${PYTHON_USEDEP}]
+ dev-python/pycurl[${PYTHON_USEDEP}]
+ dev-python/bsddb3[${PYTHON_USEDEP}]"
+RDEPEND="${DEPEND}
+ nssdb? ( sys-libs/nss-db )
+ nsscache? ( >=sys-auth/libnss-cache-0.10 )"
+RESTRICT="test"
+S="${WORKDIR}/${PN}-version-${PV}"
+
+src_prepare() {
+ find "${S}" -name '*.py' -exec \
+ sed -i '/^import bsddb$/s,bsddb,bsddb3 as bsddb,g' \
+ {} \+
+ distutils-r1_src_prepare
+}
+
+src_install() {
+ distutils-r1_src_install
+
+ doman nsscache.1 nsscache.conf.5
+ dodoc THANKS nsscache.cron CONTRIBUTING.md README.md
+ exeinto /usr/libexec/nsscache
+ doexe $FILESDIR/authorized-keys-command.py
+
+ keepdir /var/lib/nsscache
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-nds/nsscache/files/, net-nds/nsscache/
@ 2016-11-06 0:00 Robin H. Johnson
0 siblings, 0 replies; 2+ messages in thread
From: Robin H. Johnson @ 2016-11-06 0:00 UTC (permalink / raw
To: gentoo-commits
commit: ac6d3e8d3fd25f13f7459c7d92344b09fa699004
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 6 00:00:44 2016 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Nov 6 00:00:44 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac6d3e8d
net-nds/nsscache: cleanup googlecode references.
Package-Manager: portage-2.3.2
net-nds/nsscache/Manifest | 1 -
.../nsscache/files/nsscache-0.8.3-starttls.patch | 53 ----------------------
net-nds/nsscache/metadata.xml | 1 -
net-nds/nsscache/nsscache-0.23-r1.ebuild | 43 ------------------
net-nds/nsscache/nsscache-0.23-r2.ebuild | 43 ------------------
net-nds/nsscache/nsscache-0.23.ebuild | 42 -----------------
6 files changed, 183 deletions(-)
diff --git a/net-nds/nsscache/Manifest b/net-nds/nsscache/Manifest
index 702d918..867a64f 100644
--- a/net-nds/nsscache/Manifest
+++ b/net-nds/nsscache/Manifest
@@ -1,4 +1,3 @@
-DIST nsscache-0.23.tar.gz 92603 SHA256 b33ea574cd6e9c4f5ce57b8fae9dd64a710ec89d3f382c879f0af8c6215d0d9e SHA512 2bce655f6e8b64eb258779f80620d4514729d221ce9ed9ca7f675c22faeca400478827f27befa9cdac5e95f33934609d84d520af71f756721e22aa0c7cef82d6 WHIRLPOOL 78d6e8abdc4d66df667d2c9e3ab4c6e1c065a224283c94ab44bd51209db373d896b7221923d1948e7cdc36dcfc752d9f98162c3ece95955578b9b7c0c5b28dd8
DIST nsscache-0.30-gentoo-authorized-keys-command.py 8004 SHA256 956323bc311381da23c788e143706e732eef86ad37cf570209b28206ecea6a1f SHA512 58d3053aa140cbec214033ea3c524e7e7b670aa94a6ff306b9d816ffd4c23b8c781b1178ef7ce14009f8b45afaf05f75e9248e8c1eebef790b838baef5f50c26 WHIRLPOOL 5612cce26ab4172fcf019de702b5d26d830850cff3002dd23a2061b25ebb98d4c4a5436c17a6bcacc952ecdeb2027b677893552fce0520089a0d1f793cac7b75
DIST nsscache-0.30-r3-gentoo-authorized-keys-command.py 11974 SHA256 90069477763e1f81d5febe8d3d6d50c663da10cf8087512bb45c52bf0b109a05 SHA512 b660a6ae19e6e42efbb07d0a368704706b0a0bd1bf0b2c84855f0d1c00d4cda80872432f5a25384d0c27e99bf60072beb12975bcfa0201b52fa040d0e6bc2da2 WHIRLPOOL 91c94a867960ec0527af15be69107fb05d080f64e2a91bcbfa5f686cb98c34cb31551be47a76cc3616094bb5a36f31db07d3e6a5f5d14e85e2891781d3899d1c
DIST nsscache-0.30.tar.gz 109615 SHA256 9cbae8768b6671ec7d8a94d76c62be69cd4c704ea792b50b6dbfa2786cfe19e4 SHA512 22c58904eadd2e69405c42263c1c85c7b612151466386870fbea7685ab32835250a84f1acd83fca6f3289582c74df5371cbfb4f354679a302f240fd0ff334712 WHIRLPOOL b9b9384f8c238a49f44ab9037d598f7a4795a52ae6e62de352127a7a53546bb84861b943282c58680fb2c088a5b9a1a4a0c3bb921eecec2e26a2f92b83137718
diff --git a/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch b/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch
deleted file mode 100644
index 2ca9c1f..00000000
--- a/net-nds/nsscache/files/nsscache-0.8.3-starttls.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one.
-Add a new configuration file to do it.
-
-Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-
-diff -Nuar nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py nsscache-0.8.3/nss_cache/sources/ldapsource.py
---- nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py 2008-09-08 18:31:58.000000000 -0700
-+++ nsscache-0.8.3/nss_cache/sources/ldapsource.py 2009-05-24 16:50:59.579112740 -0700
-@@ -76,6 +76,8 @@
- self.conn = rlo(uri=conf['uri'],
- retry_max=conf['retry_max'],
- retry_delay=conf['retry_delay'])
-+ if conf['tls_starttls'] == 1:
-+ self.conn.start_tls_s()
- else:
- self.conn = conn
-
-@@ -107,6 +109,8 @@
- configuration['tls_cacertdir'] = self.TLS_CACERTDIR
- if not 'tls_cacertfile' in configuration:
- configuration['tls_cacertfile'] = self.TLS_CACERTFILE
-+ if not 'tls_starttls' in configuration:
-+ configuration['tls_starttls'] = 0
-
- # Translate tls_require into appropriate constant, if necessary.
- if configuration['tls_require_cert'] == 'never':
-@@ -120,6 +124,13 @@
- elif configuration['tls_require_cert'] == 'try':
- configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY
-
-+ # Should we issue STARTTLS?
-+ if configuration['tls_starttls'] in (1, '1', 'on', 'yes', 'true'):
-+ configuration['tls_starttls'] = 1
-+ #if not configuration['tls_starttls']:
-+ else:
-+ configuration['tls_starttls'] = 0
-+
- # Setting global ldap defaults.
- ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
- configuration['tls_require_cert'])
-diff -Nuar nsscache-0.8.3.orig/nsscache.conf nsscache-0.8.3/nsscache.conf
---- nsscache-0.8.3.orig/nsscache.conf 2008-09-08 18:31:58.000000000 -0700
-+++ nsscache-0.8.3/nsscache.conf 2009-05-24 16:51:25.468374563 -0700
-@@ -70,6 +70,9 @@
- # Default filename for trusted CAs
- #ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'
-
-+# Should we issue STARTTLS?
-+# ldap_tls_starttls = 1
-+
-
- ##
- # nssdb module defaults
diff --git a/net-nds/nsscache/metadata.xml b/net-nds/nsscache/metadata.xml
index f5fa464..90ba820 100644
--- a/net-nds/nsscache/metadata.xml
+++ b/net-nds/nsscache/metadata.xml
@@ -9,7 +9,6 @@
<flag name="nsscache">Depend on sys-auth/libnss-cache to handle flat files</flag>
</use>
<upstream>
- <remote-id type="google-code">nsscache</remote-id>
<remote-id type="github">google/nsscache</remote-id>
</upstream>
</pkgmetadata>
diff --git a/net-nds/nsscache/nsscache-0.23-r1.ebuild b/net-nds/nsscache/nsscache-0.23-r1.ebuild
deleted file mode 100644
index aaa5aad..00000000
--- a/net-nds/nsscache/nsscache-0.23-r1.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils distutils-r1
-
-DESCRIPTION="commandline tool to sync directory services to local cache"
-HOMEPAGE="https://github.com/google/nsscache"
-SRC_URI="https://nsscache.googlecode.com/files/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
-IUSE="nssdb nsscache"
-
-DEPEND="${PYTHON_DEPS}
- dev-python/python-ldap[${PYTHON_USEDEP}]
- dev-python/pycurl[${PYTHON_USEDEP}]
- nssdb? ( dev-python/bsddb3[${PYTHON_USEDEP}] )"
-RDEPEND="${DEPEND}
- nssdb? ( sys-libs/nss-db )
- nsscache? ( >=sys-auth/libnss-cache-0.10 )"
-RESTRICT="test"
-
-src_prepare() {
- find "${S}" -name '*.py' -exec \
- sed -i '/^import bsddb$/s,bsddb,bsddb3 as bsddb,g' \
- {} \+
- distutils-r1_src_prepare
-}
-
-src_install() {
- distutils-r1_src_install
-
- doman nsscache.1 nsscache.conf.5
- dodoc THANKS nsscache.cron
-
- keepdir /var/lib/nsscache
-}
diff --git a/net-nds/nsscache/nsscache-0.23-r2.ebuild b/net-nds/nsscache/nsscache-0.23-r2.ebuild
deleted file mode 100644
index 77d5e07..00000000
--- a/net-nds/nsscache/nsscache-0.23-r2.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils distutils-r1
-
-DESCRIPTION="commandline tool to sync directory services to local cache"
-HOMEPAGE="https://github.com/google/nsscache"
-SRC_URI="https://nsscache.googlecode.com/files/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
-IUSE="nssdb nsscache"
-
-DEPEND="${PYTHON_DEPS}
- dev-python/python-ldap[${PYTHON_USEDEP}]
- dev-python/pycurl[${PYTHON_USEDEP}]
- dev-python/bsddb3[${PYTHON_USEDEP}]"
-RDEPEND="${DEPEND}
- nssdb? ( sys-libs/nss-db )
- nsscache? ( >=sys-auth/libnss-cache-0.10 )"
-RESTRICT="test"
-
-src_prepare() {
- find "${S}" -name '*.py' -exec \
- sed -i '/^import bsddb$/s,bsddb,bsddb3 as bsddb,g' \
- {} \+
- distutils-r1_src_prepare
-}
-
-src_install() {
- distutils-r1_src_install
-
- doman nsscache.1 nsscache.conf.5
- dodoc THANKS nsscache.cron
-
- keepdir /var/lib/nsscache
-}
diff --git a/net-nds/nsscache/nsscache-0.23.ebuild b/net-nds/nsscache/nsscache-0.23.ebuild
deleted file mode 100644
index 5e93369..00000000
--- a/net-nds/nsscache/nsscache-0.23.ebuild
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_DEPEND="2"
-SUPPORT_PYTHON_ABIS="1"
-RESTRICT_PYTHON_ABIS="3.* *-jython 2.7-pypy-*"
-PYTHON_USE_WITH="berkdb"
-PYTHON_USE_WITH_OPT="nssdb"
-
-inherit eutils python distutils
-
-DESCRIPTION="commandline tool to sync directory services to local cache"
-HOMEPAGE="https://github.com/google/nsscache"
-SRC_URI="https://nsscache.googlecode.com/files/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="nssdb nsscache"
-
-DEPEND="dev-python/python-ldap
- dev-python/pycurl"
-RDEPEND="${DEPEND}
- nssdb? ( sys-libs/nss-db )
- nsscache? ( >=sys-auth/libnss-cache-0.10 )"
-RESTRICT="test"
-
-src_prepare() {
- distutils_src_prepare
-}
-
-src_install() {
- distutils_src_install
-
- doman nsscache.1 nsscache.conf.5
- dodoc THANKS nsscache.cron
-
- keepdir /var/lib/nsscache
-}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-11-06 0:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-02 23:29 [gentoo-commits] repo/gentoo:master commit in: net-nds/nsscache/files/, net-nds/nsscache/ Robin H. Johnson
-- strict thread matches above, loose matches on Subject: below --
2016-11-06 0:00 Robin H. Johnson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox