diff --git a/.devcontainer/Dockerfile-centos7 b/.devcontainer/Dockerfile-centos7 new file mode 100644 index 00000000..b581b913 --- /dev/null +++ b/.devcontainer/Dockerfile-centos7 @@ -0,0 +1,7 @@ +FROM centos:7 + +COPY library-scripts/*.sh /tmp/library-scripts/ +RUN \ + bash /tmp/library-scripts/add-repos-redhat.sh && \ + bash /tmp/library-scripts/common-redhat.sh false automatic automatic automatic true false && \ + bash /tmp/library-scripts/add-deps-redhat.sh diff --git a/.devcontainer/Dockerfile-centos9 b/.devcontainer/Dockerfile-centos9 new file mode 100644 index 00000000..f799654e --- /dev/null +++ b/.devcontainer/Dockerfile-centos9 @@ -0,0 +1,7 @@ +FROM quay.io/centos/centos:stream9 + +COPY library-scripts/*.sh /tmp/library-scripts/ +RUN \ + bash /tmp/library-scripts/add-repos-redhat.sh && \ + bash /tmp/library-scripts/common-redhat.sh false automatic automatic automatic true false && \ + bash /tmp/library-scripts/add-deps-redhat.sh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..5c15e705 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,40 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: +// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/docker-existing-docker-compose +// If you want to run as a non-root user in the container, see .devcontainer/docker-compose.yml. +{ + "name": "VOMS Devel", + + // Update the 'dockerComposeFile' list if you have more compose files or use different names. + // The .devcontainer/docker-compose.yml file contains any overrides you need/want to make. + "dockerComposeFile": [ + "../docker-compose.yml", + "docker-compose.yml" + ], + + // The 'service' property is the name of the service for the container that VS Code should + // use. Update this value and .devcontainer/docker-compose.yml to the real service name. + "service": "container-centos7", + + // Uncomment the next line if you want start specific services in your Docker Compose config. + "runServices": ["container-centos7"], + + // The optional 'workspaceFolder' property is the path VS Code should open by default when + // connected. This is typically a file mount in .devcontainer/docker-compose.yml + "workspaceFolder": "/workspace", + + "extensions": [ + "ms-vscode.cpptools", "eamodio.gitlens" + ], + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Uncomment the next line if you want to keep your containers running after VS Code shuts down. + // "shutdownAction": "none", + + // Uncomment the next line to run commands after the container is created - for example installing curl. + // "postCreateCommand": "apt-get update && apt-get install -y curl", + + // Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" +} diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml new file mode 100644 index 00000000..58ff8854 --- /dev/null +++ b/.devcontainer/docker-compose.yml @@ -0,0 +1,40 @@ + +services: + + container-centos9: + + build: + context: .devcontainer + dockerfile: Dockerfile-centos9 + + volumes: + - trustanchors:/etc/grid-security/certificates + - .:/workspace:cached + + cap_add: + - SYS_PTRACE + security_opt: + - seccomp:unconfined + + command: sleep infinity + + init: true + + container-centos7: + + build: + context: .devcontainer + dockerfile: Dockerfile-centos7 + + volumes: + - trustanchors:/etc/grid-security/certificates + - .:/workspace:cached + + cap_add: + - SYS_PTRACE + security_opt: + - seccomp:unconfined + + command: sleep infinity + + init: true diff --git a/.devcontainer/library-scripts/add-deps-redhat.sh b/.devcontainer/library-scripts/add-deps-redhat.sh new file mode 100644 index 00000000..8a594de5 --- /dev/null +++ b/.devcontainer/library-scripts/add-deps-redhat.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# +# Copyright (c) Istituto Nazionale di Fisica Nucleare +# Licensed under the EUPL +# +# Syntax: ./add-deps-redhat.sh [install doc tools] + +set -e + +. /etc/os-release + +INSTALL_DOC_TOOLS=${1:-"false"} + +package_list="\ + file \ + gdb \ + expat-devel \ + autoconf \ + automake \ + make \ + libtool \ + openssl-devel \ + gsoap-devel \ + bison \ + gcc-c++" + +if ! type git > /dev/null 2>&1; then + if [ "${ID}" = "centos" ] && [ "${VERSION_ID}" = "7" ]; then + package_list="${package_list} git236" + else + package_list="${package_list} git" + fi +fi + + +if [ ${INSTALL_DOC_TOOLS} = "true" ]; then + package_list="${package_list} \ + libxslt \ + docbook-style-xsl \ + doxygen" +fi + +yum install -y ${package_list} diff --git a/.devcontainer/library-scripts/add-repos-redhat.sh b/.devcontainer/library-scripts/add-repos-redhat.sh new file mode 100644 index 00000000..68b78163 --- /dev/null +++ b/.devcontainer/library-scripts/add-repos-redhat.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# +# Copyright (c) Istituto Nazionale di Fisica Nucleare +# Licensed under the EUPL +# +# Syntax: ./add-repos-redhat.sh + +set -e + +. /etc/os-release + +repo_list="epel-release" + +if [ "${ID}" = "centos" ] && [ "${VERSION_ID}" = "7" ]; then + repo_list="${repo_list} https://repo.ius.io/ius-release-el7.rpm" +fi + +yum install -y ${repo_list} diff --git a/.devcontainer/library-scripts/common-redhat.sh b/.devcontainer/library-scripts/common-redhat.sh new file mode 100644 index 00000000..3f9150da --- /dev/null +++ b/.devcontainer/library-scripts/common-redhat.sh @@ -0,0 +1,355 @@ +#!/usr/bin/env bash +#------------------------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. +#------------------------------------------------------------------------------------------------------------- +# +# ** This script is community supported ** +# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/common.md +# Maintainer: The VS Code and Codespaces Teams +# +# Syntax: ./common-redhat.sh [install zsh flag] [username] [user UID] [user GID] [upgrade packages flag] [install Oh My Zsh! flag] + +set -e + +INSTALL_ZSH=${1:-"true"} +USERNAME=${2:-"automatic"} +USER_UID=${3:-"automatic"} +USER_GID=${4:-"automatic"} +UPGRADE_PACKAGES=${5:-"true"} +INSTALL_OH_MYS=${6:-"true"} +SCRIPT_DIR="$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)" +MARKER_FILE="/usr/local/etc/vscode-dev-containers/common" + +if [ "$(id -u)" -ne 0 ]; then + echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' + exit 1 +fi + +# Ensure that login shells get the correct path if the user updated the PATH using ENV. +rm -f /etc/profile.d/00-restore-env.sh +echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh +chmod +x /etc/profile.d/00-restore-env.sh + +# If in automatic mode, determine if a user already exists, if not use vscode +if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then + USERNAME="" + POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)") + for CURRENT_USER in ${POSSIBLE_USERS[@]}; do + if id -u ${CURRENT_USER} > /dev/null 2>&1; then + USERNAME=${CURRENT_USER} + break + fi + done + if [ "${USERNAME}" = "" ]; then + USERNAME=vscode + fi +elif [ "${USERNAME}" = "none" ]; then + USERNAME=root + USER_UID=0 + USER_GID=0 +fi + +# Load markers to see which steps have already run +if [ -f "${MARKER_FILE}" ]; then + echo "Marker file found:" + cat "${MARKER_FILE}" + source "${MARKER_FILE}" +fi + +# Install common dependencies +if [ "${PACKAGES_ALREADY_INSTALLED}" != "true" ]; then + + package_list="\ + openssh-clients \ + gnupg2 \ + iproute \ + procps \ + lsof \ + net-tools \ + psmisc \ + wget \ + ca-certificates \ + rsync \ + unzip \ + zip \ + nano \ + vim-minimal \ + less \ + jq \ + openssl-libs \ + krb5-libs \ + libicu \ + zlib \ + sudo \ + sed \ + grep \ + which \ + man-db \ + strace" + + # Install OpenSSL 1.0 compat if needed + if yum -q list compat-openssl10 >/dev/null 2>&1; then + package_list="${package_list} compat-openssl10" + fi + + yum -y install ${package_list} + + if ! type curl > /dev/null 2>&1; then + yum -y install curl + fi + + PACKAGES_ALREADY_INSTALLED="true" +fi + +# Update to latest versions of packages +if [ "${UPGRADE_PACKAGES}" = "true" ]; then + yum upgrade -y +fi + +# Create or update a non-root user to match UID/GID. +group_name="${USERNAME}" +if id -u ${USERNAME} > /dev/null 2>&1; then + # User exists, update if needed + if [ "${USER_GID}" != "automatic" ] && [ "$USER_GID" != "$(id -g $USERNAME)" ]; then + group_name="$(id -gn $USERNAME)" + groupmod --gid $USER_GID ${group_name} + usermod --gid $USER_GID $USERNAME + fi + if [ "${USER_UID}" != "automatic" ] && [ "$USER_UID" != "$(id -u $USERNAME)" ]; then + usermod --uid $USER_UID $USERNAME + fi +else + # Create user + if [ "${USER_GID}" = "automatic" ]; then + groupadd $USERNAME + else + groupadd --gid $USER_GID $USERNAME + fi + if [ "${USER_UID}" = "automatic" ]; then + useradd -s /bin/bash --gid $USERNAME -m $USERNAME + else + useradd -s /bin/bash --uid $USER_UID --gid $USERNAME -m $USERNAME + fi +fi + +# Add sudo support for non-root user +if [ "${USERNAME}" != "root" ] && [ "${EXISTING_NON_ROOT_USER}" != "${USERNAME}" ]; then + echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME + chmod 0440 /etc/sudoers.d/$USERNAME + EXISTING_NON_ROOT_USER="${USERNAME}" +fi + +# ** Shell customization section ** +if [ "${USERNAME}" = "root" ]; then + user_rc_path="/root" +else + user_rc_path="/home/${USERNAME}" +fi + +# .bashrc/.zshrc snippet +rc_snippet="$(cat << 'EOF' + +if [ -z "${USER}" ]; then export USER=$(whoami); fi +if [[ "${PATH}" != *"$HOME/.local/bin"* ]]; then export PATH="${PATH}:$HOME/.local/bin"; fi + +# Display optional first run image specific notice if configured and terminal is interactive +if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then + if [ -f "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" ]; then + cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" + elif [ -f "/workspaces/.codespaces/shared/first-run-notice.txt" ]; then + cat "/workspaces/.codespaces/shared/first-run-notice.txt" + fi + mkdir -p $HOME/.config/vscode-dev-containers + # Mark first run notice as displayed after 10s to avoid problems with fast terminal refreshes hiding it + ((sleep 10s; touch "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed") &) +fi + +# Set the default git editor if not already set +if [ -z "$(git config --get core.editor)" ] && [ -z "${GIT_EDITOR}" ]; then + if [ "${TERM_PROGRAM}" = "vscode" ]; then + if [[ -n $(command -v code-insiders) && -z $(command -v code) ]]; then + export GIT_EDITOR="code-insiders --wait" + else + export GIT_EDITOR="code --wait" + fi + fi +fi + +EOF +)" + +# code shim, it fallbacks to code-insiders if code is not available +cat << 'EOF' > /usr/local/bin/code +#!/bin/sh + +get_in_path_except_current() { + which -a "$1" | grep -A1 "$0" | grep -v "$0" +} + +code="$(get_in_path_except_current code)" + +if [ -n "$code" ]; then + exec "$code" "$@" +elif [ "$(command -v code-insiders)" ]; then + exec code-insiders "$@" +else + echo "code or code-insiders is not installed" >&2 + exit 127 +fi +EOF +chmod +x /usr/local/bin/code + +# Codespaces bash and OMZ themes - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme +codespaces_bash="$(cat \ +<<'EOF' + +# Codespaces bash prompt theme +__bash_prompt() { + local userpart='`export XIT=$? \ + && [ ! -z "${GITHUB_USER}" ] && echo -n "\[\033[0;32m\]@${GITHUB_USER} " || echo -n "\[\033[0;32m\]\u " \ + && [ "$XIT" -ne "0" ] && echo -n "\[\033[1;31m\]➜" || echo -n "\[\033[0m\]➜"`' + local gitbranch='`\ + if [ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ]; then \ + export BRANCH=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD 2>/dev/null); \ + if [ "${BRANCH}" != "" ]; then \ + echo -n "\[\033[0;36m\](\[\033[1;31m\]${BRANCH}" \ + && if git ls-files --error-unmatch -m --directory --no-empty-directory -o --exclude-standard ":/*" > /dev/null 2>&1; then \ + echo -n " \[\033[1;33m\]✗"; \ + fi \ + && echo -n "\[\033[0;36m\]) "; \ + fi; \ + fi`' + local lightblue='\[\033[1;34m\]' + local removecolor='\[\033[0m\]' + PS1="${userpart} ${lightblue}\w ${gitbranch}${removecolor}\$ " + unset -f __bash_prompt +} +__bash_prompt + +EOF +)" + +codespaces_zsh="$(cat \ +<<'EOF' +# Codespaces zsh prompt theme +__zsh_prompt() { + local prompt_username + if [ ! -z "${GITHUB_USER}" ]; then + prompt_username="@${GITHUB_USER}" + else + prompt_username="%n" + fi + PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow + PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd + PROMPT+='$([ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ] && git_prompt_info)' # Git status + PROMPT+='%{$fg[white]%}$ %{$reset_color%}' + unset -f __zsh_prompt +} +ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg_bold[cyan]%}(%{$fg_bold[red]%}" +ZSH_THEME_GIT_PROMPT_SUFFIX="%{$reset_color%} " +ZSH_THEME_GIT_PROMPT_DIRTY=" %{$fg_bold[yellow]%}✗%{$fg_bold[cyan]%})" +ZSH_THEME_GIT_PROMPT_CLEAN="%{$fg_bold[cyan]%})" +__zsh_prompt + +EOF +)" + +# Add RC snippet and custom bash prompt +if [ "${RC_SNIPPET_ALREADY_ADDED}" != "true" ]; then + echo "${rc_snippet}" >> /etc/bashrc + echo "${codespaces_bash}" >> "${user_rc_path}/.bashrc" + if [ "${USERNAME}" != "root" ]; then + echo "${codespaces_bash}" >> "/root/.bashrc" + fi + chown ${USERNAME}:${group_name} "${user_rc_path}/.bashrc" + RC_SNIPPET_ALREADY_ADDED="true" +fi + +# Optionally install and configure zsh and Oh My Zsh! +if [ "${INSTALL_ZSH}" = "true" ]; then + if ! type zsh > /dev/null 2>&1; then + yum install -y zsh + fi + if [ "${ZSH_ALREADY_INSTALLED}" != "true" ]; then + echo "${rc_snippet}" >> /etc/zshrc + ZSH_ALREADY_INSTALLED="true" + fi + + # Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme. + # See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script. + oh_my_install_dir="${user_rc_path}/.oh-my-zsh" + if [ ! -d "${oh_my_install_dir}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then + template_path="${oh_my_install_dir}/templates/zshrc.zsh-template" + user_rc_file="${user_rc_path}/.zshrc" + umask g-w,o-w + mkdir -p ${oh_my_install_dir} + git clone --depth=1 \ + -c core.eol=lf \ + -c core.autocrlf=false \ + -c fsck.zeroPaddedFilemode=ignore \ + -c fetch.fsck.zeroPaddedFilemode=ignore \ + -c receive.fsck.zeroPaddedFilemode=ignore \ + "https://github.com/ohmyzsh/ohmyzsh" "${oh_my_install_dir}" 2>&1 + echo -e "$(cat "${template_path}")\nDISABLE_AUTO_UPDATE=true\nDISABLE_UPDATE_PROMPT=true" > ${user_rc_file} + sed -i -e 's/ZSH_THEME=.*/ZSH_THEME="codespaces"/g' ${user_rc_file} + mkdir -p ${oh_my_install_dir}/custom/themes + echo "${codespaces_zsh}" > "${oh_my_install_dir}/custom/themes/codespaces.zsh-theme" + # Shrink git while still enabling updates + cd "${oh_my_install_dir}" + git repack -a -d -f --depth=1 --window=1 + # Copy to non-root user if one is specified + if [ "${USERNAME}" != "root" ]; then + cp -rf "${user_rc_file}" "${oh_my_install_dir}" /root + chown -R ${USERNAME}:${group_name} "${user_rc_path}" + fi + fi +fi + +# Persist image metadata info, script if meta.env found in same directory +meta_info_script="$(cat << 'EOF' +#!/bin/sh +. /usr/local/etc/vscode-dev-containers/meta.env + +# Minimal output +if [ "$1" = "version" ] || [ "$1" = "image-version" ]; then + echo "${VERSION}" + exit 0 +elif [ "$1" = "release" ]; then + echo "${GIT_REPOSITORY_RELEASE}" + exit 0 +elif [ "$1" = "content" ] || [ "$1" = "content-url" ] || [ "$1" = "contents" ] || [ "$1" = "contents-url" ]; then + echo "${CONTENTS_URL}" + exit 0 +fi + +#Full output +echo +echo "Development container image information" +echo +if [ ! -z "${VERSION}" ]; then echo "- Image version: ${VERSION}"; fi +if [ ! -z "${DEFINITION_ID}" ]; then echo "- Definition ID: ${DEFINITION_ID}"; fi +if [ ! -z "${VARIANT}" ]; then echo "- Variant: ${VARIANT}"; fi +if [ ! -z "${GIT_REPOSITORY}" ]; then echo "- Source code repository: ${GIT_REPOSITORY}"; fi +if [ ! -z "${GIT_REPOSITORY_RELEASE}" ]; then echo "- Source code release/branch: ${GIT_REPOSITORY_RELEASE}"; fi +if [ ! -z "${BUILD_TIMESTAMP}" ]; then echo "- Timestamp: ${BUILD_TIMESTAMP}"; fi +if [ ! -z "${CONTENTS_URL}" ]; then echo && echo "More info: ${CONTENTS_URL}"; fi +echo +EOF +)" +if [ -f "${SCRIPT_DIR}/meta.env" ]; then + mkdir -p /usr/local/etc/vscode-dev-containers/ + cp -f "${SCRIPT_DIR}/meta.env" /usr/local/etc/vscode-dev-containers/meta.env + echo "${meta_info_script}" > /usr/local/bin/devcontainer-info + chmod +x /usr/local/bin/devcontainer-info +fi + +# Write marker file +mkdir -p "$(dirname "${MARKER_FILE}")" +echo -e "\ + PACKAGES_ALREADY_INSTALLED=${PACKAGES_ALREADY_INSTALLED}\n\ + EXISTING_NON_ROOT_USER=${EXISTING_NON_ROOT_USER}\n\ + RC_SNIPPET_ALREADY_ADDED=${RC_SNIPPET_ALREADY_ADDED}\n\ + ZSH_ALREADY_INSTALLED=${ZSH_ALREADY_INSTALLED}" > "${MARKER_FILE}" + +echo "Done!" diff --git a/.github/workflows/centos7-build.yml b/.github/workflows/centos7-build.yml deleted file mode 100644 index 213ec7bf..00000000 --- a/.github/workflows/centos7-build.yml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2020 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -name: CENTOS 7 build - -on: - push: - branches: '*' - pull_request: - branches: [ master ] - -jobs: - build: - runs-on: ubuntu-latest - container: italiangrid/voms-build-centos7 - - steps: - - uses: actions/checkout@v2 - - name: Build - run: ./autogen.sh && ./configure && make && make install diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..82d89e5a --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,57 @@ +name: CI + +on: + pull_request: + push: + +jobs: + + centos7: + runs-on: ubuntu-latest + container: centos:centos7 + steps: + - uses: actions/checkout@v3 + + - name: Install packages + run: | + yum install -y epel-release + yum install -y make file automake libtool gcc-c++ openssl-devel gsoap-devel gsoap expat-devel bison + + - name: Build + run: | + ./autogen.sh + ./configure + make + + centos9: + runs-on: ubuntu-latest + container: quay.io/centos/centos:stream9 + steps: + - uses: actions/checkout@v3 + + - name: Install packages + run: | + yum install -y epel-release + yum install -y make file automake libtool gcc-c++ openssl-devel gsoap-devel gsoap expat-devel bison + + - name: Build + run: | + ./autogen.sh + ./configure + make + + ubuntu2004: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - name: Install packages + run: | + sudo apt update + sudo apt install make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev + + - name: Build + run: | + ./autogen.sh + ./configure + make diff --git a/configure.ac b/configure.ac index 8f9f4e1b..0b75342e 100644 --- a/configure.ac +++ b/configure.ac @@ -31,9 +31,7 @@ AC_PROG_YACC AC_PROG_LEX AC_COMPILER -PKG_CHECK_MODULES([OPENSSL], [openssl]) -# AC_OPENSSL - +PKG_CHECK_MODULES([OPENSSL], [openssl], [AC_DEFINE([OPENSSL_API_COMPAT], [10100], [Build against OpenSSL 1.1 API])]) AC_CHECK_HEADER([expat.h], [], @@ -81,12 +79,8 @@ AC_CHECK_FUNCS([alarm atexit dup2 gethostbyaddr gethostname gethostbyname gethos AC_CHECK_DECLS(getopt_data) AC_REPLACE_FUNCS(getopt_long getopt_long_only daemon setenv memset) -TEST_USE_BSD -TEST_USE_POSIX - # NEW_ISSUES -AC_DEFINE(_SVID_SOURCE, 1, [Get SVID extensions]) AC_VOMS_TIME_T_TIMEZONE AM_WITH_DMALLOC diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..057c7daf --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,16 @@ +volumes: + trustanchors: + cabundle: + +services: + trust: + image: indigoiam/egi-trustanchors + + volumes: + - trustanchors:/tmp/certificates + - cabundle:/tmp/pki + + environment: + FORCE_TRUST_ANCHORS_UPDATE: 1 + TRUST_ANCHORS_TARGET: /tmp/certificates + CA_BUNDLE_TARGET: /tmp/pki diff --git a/m4/acinclude.m4 b/m4/acinclude.m4 index b67ac1e8..001ff33f 100644 --- a/m4/acinclude.m4 +++ b/m4/acinclude.m4 @@ -212,8 +212,8 @@ AC_DEFUN([AC_COMPILER], [ac_with_warnings="no"]) if test "x$ac_with_warnings" = "xyes" ; then - CFLAGS="-g -O0 -Wall -ansi -W $CFLAGS" - CXXFLAGS="-g -O0 -Wall -ansi -W $CXXFLAGS" + CFLAGS="$CFLAGS -Wall -Wextra" + CXXFLAGS="$CXXFLAGS -Wall -Wextra" fi ]) @@ -436,95 +436,6 @@ AC_DEFUN([PUT_PRIVATES], #define PUBLIC #endif])]) - -AC_DEFUN([TEST_USE_BSD], -[ - AC_MSG_CHECKING([whether _BSD_SOURCE must be defined]) - - AC_LANG_PUSH(C) - - cat >conftest.c < -char *f(void) -{ - return strdup("try"); -} -int main(int argc, char **argv) { - (void)f(); - return 0; -} -HERE - - if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then - AC_MSG_RESULT([no]) -else - cat >conftest.c < - char *f(void) - { - return strdup("try"); - } - int main(int argc, char **argv) { - (void)f(); - return 0; - } -HERE - if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then - AC_MSG_RESULT([Needs something else. Let's try and hope]) - else - AC_MSG_RESULT([yes]) - AC_DEFINE(_BSD_SOURCE, 1, [needed to get ansi functions definitions]) - fi -fi -rm -rf conftest* -AC_LANG_POP(C) -]) - -AC_DEFUN([TEST_USE_POSIX], -[ - AC_MSG_CHECKING([wether _POSIX_SOURCE must be defined]) - - AC_LANG_PUSH(C) - -cat >conftest.c < -int f(void) -{ - return fileno(stderr); -} -int main(int argc, char **argv) { - (void)f(); - return 0; -} -HERE -if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then -AC_MSG_RESULT([no]) -else - cat >conftest.c < - int f(void) - { - return fileno(stderr); - } - int main(int argc, char **argv) { - (void)f(); - return 0; - } -HERE - if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then - AC_MSG_RESULT([Needs something else. Let's try and hope]) - else - AC_MSG_RESULT([yes]) - AC_DEFINE(_POSIX_SOURCE, 1, [needed to get ansi functions definitions]) - fi -fi -rm -rf conftest* -AC_LANG_POP(C) - -]) - AC_DEFUN([AC_TESTSUITE], [ AC_ARG_WITH(report-dir, diff --git a/src/ac/write.c b/src/ac/write.c index 8575e951..783118b7 100644 --- a/src/ac/write.c +++ b/src/ac/write.c @@ -428,11 +428,17 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * } } - alg1 = X509_ALGOR_dup((X509_ALGOR*)X509_get0_tbs_sigalg(issuerc)); { - X509_ALGOR /*const*/* sig_alg; + const X509_ALGOR *sig_alg = X509_get0_tbs_sigalg(issuerc); + alg1 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); // const_cast + } + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + const +#endif + X509_ALGOR *sig_alg; X509_get0_signature(NULL, &sig_alg, issuerc); - alg2 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); + alg2 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); // possibly const_cast } { diff --git a/src/api/ccapi/voms_api.h b/src/api/ccapi/voms_api.h index 7a272cd4..0cb4e15b 100644 --- a/src/api/ccapi/voms_api.h +++ b/src/api/ccapi/voms_api.h @@ -26,6 +26,8 @@ #ifndef VOMS_API_H #define VOMS_API_H +#include "config.h" + #include #include #include diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 8bafcf43..6e5d74f2 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -121,11 +121,11 @@ static int pwstdin_callback(char * buf, int num, UNUSED(int w)) return i; } -static int kpcallback(int p, UNUSED(int n)) +static void kpcallback(int p, UNUSED(int n), UNUSED(void* v)) { char c='B'; - if (quiet) return 0; + if (quiet) return; if (p == 0) c='.'; if (p == 1) c='+'; @@ -133,8 +133,6 @@ static int kpcallback(int p, UNUSED(int n)) if (p == 3) c='\n'; if (!debug) c = '.'; fputc(c,stderr); - - return 0; } extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd); @@ -870,7 +868,7 @@ bool Client::CreateProxy(std::string data, AC ** aclist, int version) args->limited = limit_proxy; args->voID = strdup(voID.c_str()); - args->callback = (int (*)())kpcallback; + args->callback = kpcallback; int warn = 0; void *additional = NULL; diff --git a/src/include/ssl_compat.h b/src/include/ssl_compat.h index ffc69ec8..b8bcb3ab 100644 --- a/src/include/ssl_compat.h +++ b/src/include/ssl_compat.h @@ -1,3 +1,6 @@ +#ifndef VOMS_SSL_COMPAT_H +#define VOMS_SSL_COMPAT_H + #include #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -58,17 +61,13 @@ int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))(BIO *, int, bio_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, bio_info_cb *)); - -#if OPENSSL_VERSION_NUMBER < 0x10002000L - -int X509_get_signature_nid(const X509 *x); -void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x); - -#endif +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); #ifdef __cplusplus } #endif #endif + +#endif diff --git a/src/include/sslutils.h b/src/include/sslutils.h index 594c14ff..7c155a32 100644 --- a/src/include/sslutils.h +++ b/src/include/sslutils.h @@ -423,7 +423,7 @@ proxy_genreq( EVP_PKEY ** pkeyp, int bits, const char * newdn, - int (*callback)()); + void (*callback)(int, int, void*)); int proxy_sign( diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c index 31ccc646..8a1e2098 100644 --- a/src/sslutils/proxy.c +++ b/src/sslutils/proxy.c @@ -128,9 +128,8 @@ int VOMS_WriteProxy(const char *filename, struct VOMSProxy *proxy) } -static int kpcallback(int UNUSED(p), int UNUSED(n)) +static void kpcallback(int UNUSED(p), int UNUSED(n), UNUSED(void* v)) { - return 0; } #define SET_EXT(ex) (!sk_X509_EXTENSION_push(extensions, (ex)) ? \ @@ -157,7 +156,7 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, struct VOMSProxy *proxy = NULL; - int (*cback)(); + void (*cback)(int, int, void*); InitProxyCertInfoExtension(1); @@ -172,7 +171,7 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, if (args->proxyrequest == NULL) { if (proxy_genreq(args->cert, &req, &npkey, args->bits, args->newsubject ? args->newsubject : NULL, - (int (*)())cback)) { + cback)) { goto err; } } else { diff --git a/src/sslutils/proxycertinfo.c b/src/sslutils/proxycertinfo.c index 89fa222f..7dd26a2f 100644 --- a/src/sslutils/proxycertinfo.c +++ b/src/sslutils/proxycertinfo.c @@ -24,6 +24,7 @@ #include "doio.h" #include "proxycertinfo.h" +#include "ssl_compat.h" typedef PROXY_CERT_INFO_EXTENSION PROXYCERTINFO_OLD; @@ -82,7 +83,7 @@ char* PROXYCERTINFO_OLD_i2s(struct v3_ext_method* method, void* ext) output, ( dooid ? oid : ""), ( (pp && pp->policy) ? "\nPolicy Text: " : ""), - ( (pp && pp->policy) ? (char*)ASN1_STRING_data(pp->policy) : ""), + ( (pp && pp->policy) ? (const char*)ASN1_STRING_get0_data(pp->policy) : ""), ( (pp && pp->policy) ? "\n" : "")); free(output); diff --git a/src/sslutils/ssl_compat.c b/src/sslutils/ssl_compat.c index fd039e65..041ea859 100644 --- a/src/sslutils/ssl_compat.c +++ b/src/sslutils/ssl_compat.c @@ -342,22 +342,14 @@ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, i return 1; } -#if OPENSSL_VERSION_NUMBER < 0x10002000L - -int X509_get_signature_nid(const X509 *x) +BN_GENCB *BN_GENCB_new(void) { - return OBJ_obj2nid(x->sig_alg->algorithm); + return OPENSSL_malloc(sizeof(BN_GENCB)); } -void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x) +void BN_GENCB_free(BN_GENCB *cb) { - if (psig) - *psig = x->signature; - if (palg) - *palg = x->sig_alg; + OPENSSL_free(cb); } #endif - -#endif diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index ac8038fa..6bac77ea 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -701,7 +701,7 @@ proxy_genreq( EVP_PKEY ** pkeyp, int bits, const char * newdn, - int (*callback)()) + void (*callback)(int, int, void*)) { RSA * rsa = NULL; @@ -711,6 +711,8 @@ proxy_genreq( X509_REQ * req = NULL; X509_NAME_ENTRY * ne = NULL; int rbits; + BIGNUM * rsa_exp = NULL; + BN_GENCB * cb = NULL; if (bits) { @@ -744,15 +746,29 @@ proxy_genreq( goto err; } - /* - * Note: The cast of the callback function is consistent with - * the declaration of RSA_generate_key() in OpenSSL. It may - * trigger a warning if you compile with SSLeay. - */ - if ((rsa = RSA_generate_key(rbits, - RSA_F4, - (void (*)(int,int,void *))callback - ,NULL)) == NULL) + if ((rsa_exp = BN_new()) == NULL || ! BN_set_word(rsa_exp, RSA_F4)) + { + PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); + goto err; + } + + if ((cb = BN_GENCB_new()) == NULL) + { + PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); + goto err; + } + BN_GENCB_set_old(cb, callback, NULL); + + if ((rsa = RSA_new()) == NULL) { + PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); + goto err; + } + + if (RSA_generate_key_ex(rsa, rbits, rsa_exp, cb)) + { + BN_free(rsa_exp); + } + else { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; @@ -840,6 +856,14 @@ proxy_genreq( if (upkey) EVP_PKEY_free(upkey); + if (rsa_exp) + { + BN_free(rsa_exp); + } + if (cb) + { + BN_GENCB_free(cb); + } if(rsa) { RSA_free(rsa); diff --git a/src/sslutils/vomsproxy.h b/src/sslutils/vomsproxy.h index 5284d183..1980eba4 100644 --- a/src/sslutils/vomsproxy.h +++ b/src/sslutils/vomsproxy.h @@ -57,7 +57,7 @@ struct VOMSProxyArguments { int minutes; int limited; char *voID; - int (*callback)(); + void (*callback)(int, int, void*); STACK_OF(X509_EXTENSION) *extensions; STACK_OF(X509) *chain; int pastproxy; diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index 2cf1b23a..3817bdfe 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -89,7 +89,7 @@ extern int writeac(const X509 *issuerc, const STACK_OF(X509) *certstack, const X static int time_to_sec(std::string timestring); static long mystrtol(char *number, long int limit); static std::string hextostring(const std::string &data); -static int parse_ga_value(char *ga, char **id, char **value, char **qual); +static int parse_ga_value(char *ga, char **id, char **value, const char **qual); extern int AC_Init(); @@ -128,11 +128,11 @@ static int pwstdin_callback(char * buf, int num, UNUSED(int w)) return i; } -static int kpcallback(int p, int UNUSED(n)) +static void kpcallback(int p, int UNUSED(n), UNUSED(void* v)) { char c='B'; - if (quiet) return 0; + if (quiet) return; if (p == 0) c='.'; if (p == 1) c='+'; @@ -140,8 +140,6 @@ static int kpcallback(int p, int UNUSED(n)) if (p == 3) c='\n'; if (!debug) c = '.'; fputc(c,stderr); - - return 0; } extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd); @@ -398,7 +396,8 @@ Fake::Fake(int argc, char ** argv) : confile(conf_file_name), int down = 0; for (unsigned int i = 0; i < galist.size(); i++) { char *temp = strdup(galist[i].c_str()); - char *id, *value, *qual; + char *id, *value; + const char *qual; if (parse_ga_value(temp, &id, &value, &qual)) { std::string realga = std::string(qual) + "::" + id + "=" + value; voelem->gas[i] = (char*)strdup((realga.c_str())); @@ -541,9 +540,9 @@ bool Fake::Run() } -static int parse_ga_value(char *ga, char **id, char **value, char **qual) +static int parse_ga_value(char *ga, char **id, char **value, const char **qual) { - static char *empty=""; + static const char *empty=""; char *eqpoint = strchr(ga, '='); char *qualpoint = strchr(ga, '('); char *qualend = strchr(ga, ')'); @@ -617,7 +616,7 @@ bool Fake::CreateProxy(std::string data, AC ** aclist, int version) args->minutes = 0; args->limited = limit_proxy; args->voID = strdup(voID.c_str()); - args->callback = (int (*)())kpcallback; + args->callback = kpcallback; args->pastproxy = time_to_sec(pastproxy); if (!keyusage.empty())