diff options
| author | anthraxx | 2016-11-13 02:25:51 +0100 |
|---|---|---|
| committer | anthraxx | 2016-11-13 02:25:51 +0100 |
| commit | af09ebc0ddac775029af8a1028d4888327f6e438 (patch) | |
| tree | e9c22012ad024b0ad66e9b5a3bc9cae7d48b3c83 | |
| parent | f51eb5fb7246fd897ce3ff2177a556f03241039d (diff) | |
| download | aur-af09ebc0ddac775029af8a1028d4888327f6e438.tar.gz | |
upgpkg: tlsdate-git 1:0.0.13-1 (ssl3 patch)
| -rw-r--r-- | .SRCINFO | 24 | ||||
| -rw-r--r-- | PKGBUILD | 66 | ||||
| -rw-r--r-- | no_sslv3.patch | 232 | ||||
| -rw-r--r-- | tlsdate.install | 11 |
4 files changed, 259 insertions, 74 deletions
@@ -1,18 +1,14 @@ -# Generated by mksrcinfo v8 -# Tue Mar 15 02:42:10 UTC 2016 pkgbase = tlsdate-git - pkgdesc = A secure rdate replacement to update local time over HTTPS, git version - pkgver = 707.ae396da - pkgrel = 2 + pkgdesc = Secure rdate replacement to update local time over HTTPS + pkgver = 0.0.13 + pkgrel = 1 + epoch = 1 url = https://github.com/ioerror/tlsdate install = tlsdate.install arch = i686 arch = x86_64 - arch = armv6l - arch = armv6h - arch = arm7l - arch = arm7h license = BSD + makedepends = git depends = openssl depends = ca-certificates depends = dbus @@ -24,14 +20,14 @@ pkgbase = tlsdate-git options = emptydirs backup = etc/conf.d/tlsdate backup = etc/tlsdate/tlsdated.conf - source = git+https://github.com/ioerror/tlsdate.git + source = tlsdate-git::git+https://github.com/ioerror/tlsdate source = tlsdate.conf.d source = tlsdate.service source = no_sslv3.patch - sha256sums = SKIP - sha256sums = 1498a74913feb66c6e2e7d982f43b07fc48881947543969668a75ef4323503aa - sha256sums = fe3fb8181be0a9214f351c64461680f603ea27b7b7c566c9eec189084783aa92 - sha256sums = 897661cd7a131e3b28678ffeb32477d44cccea7a4e069f9cbd27a1d17563a427 + sha512sums = SKIP + sha512sums = 0639dd4c7f4df14465da7a5efc8a59fa59bb0155ed0f453cab9cbcc74f22c320080b71ad5361ff2ebf83d64e8c205fbe605deb69a0cb503be5412eff5f1ac220 + sha512sums = 2b06abe8d7bc2133ca4f8d7cfbf63de4c2fad8356ea8d3f53e6d1c161c2ff86089c4d64f7de7ca6c6222db254ecaaccbc4706012fee50319d83860bfb3a2eab0 + sha512sums = 038590ebef55adae75a82fd4f697306ea56f9486f1b7ff1f9eb4c292f8ea2a960b720db72e100d1bb70f5b5e1391369a1fd9ce2e8b756e79152937289c159294 pkgname = tlsdate-git @@ -1,42 +1,45 @@ -# Maintainer: mutantmonkey <aur@mutantmonkey.in> +# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> +# Contributor: mutantmonkey <aur@mutantmonkey.in> # Contributor: skydrome <skydrome@tormail.org> + pkgname=tlsdate-git -pkgver=707.ae396da -pkgrel=2 -pkgdesc="A secure rdate replacement to update local time over HTTPS, git version" -arch=('i686' 'x86_64' 'armv6l' 'armv6h' 'arm7l' 'arm7h') -url="https://github.com/ioerror/tlsdate" +pkgver=0.0.13 +pkgrel=1 +epoch=1 +pkgdesc='Secure rdate replacement to update local time over HTTPS' +url='https://github.com/ioerror/tlsdate' +arch=('i686' 'x86_64') license=('BSD') depends=('openssl' 'ca-certificates' 'dbus' 'zlib' 'libevent' 'libseccomp') -conflicts=('tlsdate') -provides=('tlsdate') -options=(emptydirs) -install=tlsdate.install +makedepends=('git') backup=('etc/conf.d/tlsdate' 'etc/tlsdate/tlsdated.conf') -source=('git+https://github.com/ioerror/tlsdate.git' - 'tlsdate.conf.d' - 'tlsdate.service' - 'no_sslv3.patch') -sha256sums=('SKIP' - '1498a74913feb66c6e2e7d982f43b07fc48881947543969668a75ef4323503aa' - 'fe3fb8181be0a9214f351c64461680f603ea27b7b7c566c9eec189084783aa92' - '897661cd7a131e3b28678ffeb32477d44cccea7a4e069f9cbd27a1d17563a427') +provides=('tlsdate') +conflicts=('tlsdate') +options=('emptydirs') +install=tlsdate.install +source=(${pkgname}::git+https://github.com/ioerror/tlsdate + tlsdate.conf.d + tlsdate.service + no_sslv3.patch) +sha512sums=('SKIP' + '0639dd4c7f4df14465da7a5efc8a59fa59bb0155ed0f453cab9cbcc74f22c320080b71ad5361ff2ebf83d64e8c205fbe605deb69a0cb503be5412eff5f1ac220' + '2b06abe8d7bc2133ca4f8d7cfbf63de4c2fad8356ea8d3f53e6d1c161c2ff86089c4d64f7de7ca6c6222db254ecaaccbc4706012fee50319d83860bfb3a2eab0' + '038590ebef55adae75a82fd4f697306ea56f9486f1b7ff1f9eb4c292f8ea2a960b720db72e100d1bb70f5b5e1391369a1fd9ce2e8b756e79152937289c159294') pkgver() { - cd "$srcdir/tlsdate" - echo $(git rev-list --count master).$(git rev-parse --short master) + cd ${pkgname} + git describe --tags|sed -r 's|tlsdate-(.+)|\1|'|sed 's|-|+|g' } prepare() { - cd "$srcdir/tlsdate" - patch -N -p1 -i ../no_sslv3.patch + cd ${pkgname} + patch -p1 < "${srcdir}/no_sslv3.patch" ./autogen.sh } build() { - cd "$srcdir/tlsdate" - + cd ${pkgname} ./configure \ --prefix=/usr \ --sbindir=/usr/bin \ @@ -49,12 +52,13 @@ build() { } package() { - cd "$srcdir/tlsdate" - - make DESTDIR="$pkgdir" install - install -Dm644 LICENSE "$pkgdir/usr/share/licenses/tlsdate/LICENSE" - install -Dm644 "$srcdir/tlsdate.conf.d" "$pkgdir/etc/conf.d/tlsdate" - install -Dm644 "$srcdir/tlsdate.service" "$pkgdir/usr/lib/systemd/system/tlsdate.service" + cd ${pkgname} + make DESTDIR="${pkgdir}" install + install -Dm 644 README -t "${pkgdir}/usr/share/doc/${pkgname}" + install -Dm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" + install -Dm 644 "${srcdir}/tlsdate.conf.d" "${pkgdir}/etc/conf.d/tlsdate" + install -Dm 644 "${srcdir}/tlsdate.service" -t "${pkgdir}/usr/lib/systemd/system" + install -d "${pkgdir}/var/cache/tlsdated" } -# vim:set ts=2 sw=2 et: +# vim: ts=2 sw=2 et: diff --git a/no_sslv3.patch b/no_sslv3.patch index 7d7cb0b690e8..d009103cbf8b 100644 --- a/no_sslv3.patch +++ b/no_sslv3.patch @@ -1,5 +1,28 @@ +From b1afb00818c8d269c52d4b914e62fd5a9985df69 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +Date: Wed, 27 Apr 2016 21:10:03 +0200 +Subject: [PATCH] Drop explicit support SSLv3 and TLSv1 + +There is no addedd value in using only SSLv3 or TLSv1. With current openssl +implementation the sslv3 functions can be disabled and TLSv1 functions may be +removed as well. Further the TLSv1 function offers the TLSv1 protocol while +we have today upto TLSv1.2. + +Therefore I remove the explicit SSLv3 and TLSv1 functions and use only SSLv23 +function which is the only one which supports multiple SSL versions. + +Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +--- + man/tlsdate.1 | 4 +--- + src/tlsdate-helper-plan9.c | 38 ++++++++++++-------------------------- + src/tlsdate-helper.c | 44 +++++++++++++++----------------------------- + src/tlsdate-helper.h | 2 -- + src/tlsdate.c | 6 +----- + src/tlsdate.h | 2 -- + 6 files changed, 29 insertions(+), 67 deletions(-) + diff --git a/man/tlsdate.1 b/man/tlsdate.1 -index b052e48..b2ea687 100644 +index b052e48..fce06cd 100644 --- a/man/tlsdate.1 +++ b/man/tlsdate.1 @@ -5,7 +5,7 @@ @@ -7,59 +30,222 @@ index b052e48..b2ea687 100644 tlsdate \- secure parasitic rdate replacement .SH SYNOPSIS -.B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] [\-P [sslv23|sslv3|tlsv1]] \ -+.B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] [\-P [sslv23|tlsv1]] \ ++.B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] \ [\-\-certdir [dirname]] [\-x [\-\-proxy] proxy\-type://proxyhost:proxyport] .SH DESCRIPTION .B tlsdate -@@ -30,7 +30,7 @@ Set remote hostname (default: 'google.com') +@@ -30,8 +30,6 @@ Set remote hostname (default: 'google.com') Do not set the system clock to the time of the remote server .IP "\-p | \-\-port [port]" Set remote port (default: '443') -.IP "\-P | \-\-protocol [sslv23|sslv3|tlsv1]" -+.IP "\-P | \-\-protocol [sslv23|tlsv1]" - Set protocol to use when communicating with server (default: 'tlsv1') +-Set protocol to use when communicating with server (default: 'tlsv1') .IP "\-C | \-\-certdir [dirname]" Set the local directory where certificates are located + (default: '/etc/ssl/certs') diff --git a/src/tlsdate-helper-plan9.c b/src/tlsdate-helper-plan9.c -index 3c532aa..bd79cf5 100644 +index 3c532aa..369d168 100644 --- a/src/tlsdate-helper-plan9.c +++ b/src/tlsdate-helper-plan9.c -@@ -978,10 +978,6 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion) - { - verb ("V: using SSLv23_client_method()\n"); - ctx = SSL_CTX_new(SSLv23_client_method()); +@@ -974,23 +974,10 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion) + SSL_library_init(); + + ctx = NULL; +- if (0 == strcmp("sslv23", protocol)) +- { +- verb ("V: using SSLv23_client_method()\n"); +- ctx = SSL_CTX_new(SSLv23_client_method()); - } else if (0 == strcmp("sslv3", protocol)) - { - verb ("V: using SSLv3_client_method()\n"); - ctx = SSL_CTX_new(SSLv3_client_method()); - } else if (0 == strcmp("tlsv1", protocol)) +- } else if (0 == strcmp("tlsv1", protocol)) +- { +- verb ("V: using TLSv1_client_method()\n"); +- ctx = SSL_CTX_new(TLSv1_client_method()); +- } else +- die("Unsupported protocol `%s'\n", protocol); +- ++ verb ("V: using SSLv23_client_method()\n"); ++ ctx = SSL_CTX_new(SSLv23_client_method()); + if (ctx == NULL) +- die("OpenSSL failed to support protocol `%s'\n", protocol); ++ die("OpenSSL failed to support protocol `sslv23'\n"); + + verb("V: Using OpenSSL for SSL\n"); + if (ca_racket) +@@ -1077,20 +1064,19 @@ main(int argc, char **argv) + int timewarp; + int leap; + +- if (argc != 12) ++ if (argc != 11) + return 1; + host = argv[1]; + hostname_to_verify = argv[1]; + port = argv[2]; +- protocol = argv[3]; +- ca_cert_container = argv[6]; +- ca_racket = (0 != strcmp ("unchecked", argv[4])); +- verbose = (0 != strcmp ("quiet", argv[5])); +- setclock = (0 == strcmp ("setclock", argv[7])); +- showtime = (0 == strcmp ("showtime", argv[8])); +- timewarp = (0 == strcmp ("timewarp", argv[9])); +- leap = (0 == strcmp ("leapaway", argv[10])); +- proxy = (0 == strcmp ("none", argv[11]) ? NULL : argv[11]); ++ ca_cert_container = argv[5]; ++ ca_racket = (0 != strcmp ("unchecked", argv[3])); ++ verbose = (0 != strcmp ("quiet", argv[4])); ++ setclock = (0 == strcmp ("setclock", argv[6])); ++ showtime = (0 == strcmp ("showtime", argv[7])); ++ timewarp = (0 == strcmp ("timewarp", argv[8])); ++ leap = (0 == strcmp ("leapaway", argv[9])); ++ proxy = (0 == strcmp ("none", argv[10]) ? NULL : argv[10]); + + if (timewarp) { - verb ("V: using TLSv1_client_method()\n"); diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c -index 877c67e..ba115e7 100644 +index 877c67e..1fe48d9 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c -@@ -1133,10 +1133,6 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http) - { - verb ("V: using SSLv23_client_method()"); - ctx = SSL_CTX_new(SSLv23_client_method()); +@@ -1129,23 +1129,10 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http) + SSL_library_init(); + + ctx = NULL; +- if (0 == strcmp("sslv23", protocol)) +- { +- verb ("V: using SSLv23_client_method()"); +- ctx = SSL_CTX_new(SSLv23_client_method()); - } else if (0 == strcmp("sslv3", protocol)) - { - verb ("V: using SSLv3_client_method()"); - ctx = SSL_CTX_new(SSLv3_client_method()); - } else if (0 == strcmp("tlsv1", protocol)) - { - verb ("V: using TLSv1_client_method()"); +- } else if (0 == strcmp("tlsv1", protocol)) +- { +- verb ("V: using TLSv1_client_method()"); +- ctx = SSL_CTX_new(TLSv1_client_method()); +- } else +- die("Unsupported protocol `%s'", protocol); +- ++ verb ("V: using SSLv23_client_method()"); ++ ctx = SSL_CTX_new(SSLv23_client_method()); + if (ctx == NULL) +- die("OpenSSL failed to support protocol `%s'", protocol); ++ die("OpenSSL failed to support protocol `sslv23'"); + + verb("V: Using OpenSSL for SSL"); + if (ca_racket) +@@ -1257,23 +1244,22 @@ main(int argc, char **argv) + int leap; + int http; + +- if (argc != 13) ++ if (argc != 12) + return 1; + host = argv[1]; + hostname_to_verify = argv[1]; + port = argv[2]; +- protocol = argv[3]; +- ca_cert_container = argv[6]; +- ca_racket = (0 != strcmp ("unchecked", argv[4])); +- verbose = (0 != strcmp ("quiet", argv[5])); +- verbose_debug = (0 != strcmp ("verbose", argv[5])); +- setclock = (0 == strcmp ("setclock", argv[7])); +- showtime = (0 == strcmp ("showtime", argv[8])); +- showtime_raw = (0 == strcmp ("showtime=raw", argv[8])); +- timewarp = (0 == strcmp ("timewarp", argv[9])); +- leap = (0 == strcmp ("leapaway", argv[10])); +- proxy = (0 == strcmp ("none", argv[11]) ? NULL : argv[11]); +- http = (0 == (strcmp("http", argv[12]))); ++ ca_cert_container = argv[5]; ++ ca_racket = (0 != strcmp ("unchecked", argv[3])); ++ verbose = (0 != strcmp ("quiet", argv[4])); ++ verbose_debug = (0 != strcmp ("verbose", argv[4])); ++ setclock = (0 == strcmp ("setclock", argv[6])); ++ showtime = (0 == strcmp ("showtime", argv[7])); ++ showtime_raw = (0 == strcmp ("showtime=raw", argv[7])); ++ timewarp = (0 == strcmp ("timewarp", argv[8])); ++ leap = (0 == strcmp ("leapaway", argv[9])); ++ proxy = (0 == strcmp ("none", argv[10]) ? NULL : argv[10]); ++ http = (0 == (strcmp("http", argv[11]))); + + /* Initalize warp_time with RECENT_COMPILE_DATE */ + clock_init_time(&warp_time, RECENT_COMPILE_DATE, 0); +diff --git a/src/tlsdate-helper.h b/src/tlsdate-helper.h +index 64e4092..810ee7e 100644 +--- a/src/tlsdate-helper.h ++++ b/src/tlsdate-helper.h +@@ -118,8 +118,6 @@ static const char *hostname_to_verify; + + static const char *port; + +-static const char *protocol; +- + static char *proxy; + + static const char *ca_cert_container; diff --git a/src/tlsdate.c b/src/tlsdate.c -index dd7f993..b4404d7 100644 +index dd7f993..c85ca35 100644 --- a/src/tlsdate.c +++ b/src/tlsdate.c -@@ -88,7 +88,7 @@ usage (void) +@@ -88,7 +88,6 @@ usage (void) " [-n|--dont-set-clock]\n" " [-H|--host] [hostname|ip]\n" " [-p|--port] [port number]\n" - " [-P|--protocol] [sslv23|sslv3|tlsv1]\n" -+ " [-P|--protocol] [sslv23|tlsv1]\n" " [-C|--certcontainer] [dirname|filename]\n" " [-v|--verbose]\n" " [-V|--showtime] [human|raw]\n" +@@ -108,7 +107,6 @@ main (int argc, char **argv) + int setclock; + const char *host; + const char *port; +- const char *protocol; + const char *ca_cert_container; + int timewarp; + int leap; +@@ -117,7 +115,6 @@ main (int argc, char **argv) + + host = DEFAULT_HOST; + port = DEFAULT_PORT; +- protocol = DEFAULT_PROTOCOL; + ca_cert_container = DEFAULT_CERTFILE; + verbose = 0; + ca_racket = 1; +@@ -176,7 +173,7 @@ main (int argc, char **argv) + port = optarg; + break; + case 'P': +- protocol = optarg; ++ /* ignore for compatibility */ + break; + case 'n': + setclock = 0; +@@ -219,7 +216,6 @@ main (int argc, char **argv) + "tlsdate", + host, + port, +- protocol, + (ca_racket ? "racket" : "unchecked"), + (verbose ? "verbose" : "quiet"), + ca_cert_container, +diff --git a/src/tlsdate.h b/src/tlsdate.h +index 52305eb..d236b67 100644 +--- a/src/tlsdate.h ++++ b/src/tlsdate.h +@@ -27,7 +27,6 @@ + #define DEFAULT_HOST "google.com" + #define DEFAULT_PORT "443" + #define DEFAULT_PROXY "none" +-#define DEFAULT_PROTOCOL "tlsv1" + #define DEFAULT_CERTDIR "/etc/ssl/certs" + #define DEFAULT_CERTFILE TLSDATE_CERTFILE + #define DEFAULT_DAEMON_CACHEDIR "/var/cache/tlsdated" +@@ -239,7 +238,6 @@ typedef struct + time_t manual_time; + char *host; + char *port; +- char *protocol; + } tlsdate_options_t; + + #endif /* TLSDATE_H */ diff --git a/tlsdate.install b/tlsdate.install index 35258a40cdb2..ce46b6e1215e 100644 --- a/tlsdate.install +++ b/tlsdate.install @@ -1,13 +1,12 @@ post_install() { - getent passwd tlsdate > /dev/null || useradd -U -r -M -d /var/cache/tlsdated -s /bin/false tlsdate - mkdir -p /var/cache/tlsdated + getent group tlsdate &> /dev/null || groupadd tlsdate + getent passwd tlsdate &> /dev/null || \ + useradd -M -r -d /var/cache/tlsdate -g tlsdate -s /bin/nologin tlsdate chown -R tlsdate:tlsdate /var/cache/tlsdated } post_upgrade() { - post_install $1 + post_install } -pre_remove() { - userdel tlsdate -} +# vim: ts=2 sw=2 et: |