From eb727c86b2d3e68855e9af7a3a85f3503e970d4c Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Thu, 28 Nov 2024 21:30:18 +0100 Subject: [PATCH] Remove imsg patch and update the other patches. --- ...ding-default-user-and-file-locations.patch | 30 +++++++++---------- ...ly-placeholders-for-portability-shim.patch | 16 +++++----- ...utput-formats-on-non-OpenBSD-systems.patch | 12 ++++---- ...onfig_set_ca_mem-when-pledge-is-used.patch | 8 ++--- patches/patch-imsg.c | 18 ----------- update.sh | 1 - 6 files changed, 33 insertions(+), 52 deletions(-) delete mode 100644 patches/patch-imsg.c diff --git a/patches/0001-Allow-overriding-default-user-and-file-locations.patch b/patches/0001-Allow-overriding-default-user-and-file-locations.patch index 9d5d741..27308dc 100644 --- a/patches/0001-Allow-overriding-default-user-and-file-locations.patch +++ b/patches/0001-Allow-overriding-default-user-and-file-locations.patch @@ -1,4 +1,4 @@ -From 7b01108679335ba29111a27e85375f0ca62c55ce Mon Sep 17 00:00:00 2001 +From 894d81f3775e8ecfb56b93c9202aa0d790069e51 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Tue, 14 Apr 2020 22:43:56 +0200 Subject: [PATCH 1/4] Allow overriding default user and file locations @@ -10,10 +10,10 @@ Adjust version string for -portable 2 files changed, 26 insertions(+), 8 deletions(-) diff --git src/usr.sbin/rpki-client/extern.h src/usr.sbin/rpki-client/extern.h -index b811b485e..f2518f180 100644 +index ab86f44fa..dd7393488 100644 --- src/usr.sbin/rpki-client/extern.h +++ src/usr.sbin/rpki-client/extern.h -@@ -979,10 +979,27 @@ time_t get_current_time(void); +@@ -989,10 +989,27 @@ time_t get_current_time(void); int mkpath(const char *); int mkpathat(int, const char *); @@ -40,13 +40,13 @@ index b811b485e..f2518f180 100644 -#define DEFAULT_SKIPLIST_FILE "/etc/rpki/skiplist" +#define DEFAULT_SKIPLIST_FILE RPKI_PATH_TAL_DIR "/skiplist" - /* Maximum number of TAL files we'll load. */ - #define TALSZ_MAX 8 + /* Interval in which random reinitialization to an RRDP snapshot happens. */ + #define RRDP_RANDOM_REINIT_MAX 12 /* weeks */ diff --git src/usr.sbin/rpki-client/main.c src/usr.sbin/rpki-client/main.c -index 342548ce3..6b3c9e4f3 100644 +index 3dd01dad3..da1237e10 100644 --- src/usr.sbin/rpki-client/main.c +++ src/usr.sbin/rpki-client/main.c -@@ -800,7 +800,7 @@ sum_repostats(const struct repo *rp, const struct repostats *in, void *arg) +@@ -806,7 +806,7 @@ sum_repostats(const struct repo *rp, const struct repostats *in, void *arg) } /* @@ -55,7 +55,7 @@ index 342548ce3..6b3c9e4f3 100644 * returning the number of files found and filled-in. * This may be zero. * Don't exceed "max" filenames. -@@ -808,7 +808,7 @@ sum_repostats(const struct repo *rp, const struct repostats *in, void *arg) +@@ -814,7 +814,7 @@ sum_repostats(const struct repo *rp, const struct repostats *in, void *arg) static int tal_load_default(void) { @@ -64,16 +64,16 @@ index 342548ce3..6b3c9e4f3 100644 int s = 0; char *path; DIR *dirp; -@@ -971,7 +971,7 @@ main(int argc, char *argv[]) +@@ -979,7 +979,7 @@ main(int argc, char *argv[]) + struct pollfd pfd[NPFD]; struct msgbuf *queues[NPFD]; - struct ibuf *b, *httpbuf = NULL, *procbuf = NULL; - struct ibuf *rrdpbuf = NULL, *rsyncbuf = NULL; + struct ibuf *b; - char *rsync_prog = "openrsync"; + char *rsync_prog = RPKI_RSYNC_CMD; char *bind_addr = NULL; const char *cachedir = NULL, *outputdir = NULL; const char *errs, *name; -@@ -989,9 +989,9 @@ main(int argc, char *argv[]) +@@ -997,9 +997,9 @@ main(int argc, char *argv[]) if (getuid() == 0) { struct passwd *pw; @@ -85,7 +85,7 @@ index 342548ce3..6b3c9e4f3 100644 if (setgroups(1, &pw->pw_gid) == -1 || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) -@@ -1082,7 +1082,8 @@ main(int argc, char *argv[]) +@@ -1087,7 +1087,8 @@ main(int argc, char *argv[]) verbose++; break; case 'V': @@ -95,7 +95,7 @@ index 342548ce3..6b3c9e4f3 100644 return 0; case 'x': experimental = 1; -@@ -1131,7 +1132,7 @@ main(int argc, char *argv[]) +@@ -1136,7 +1137,7 @@ main(int argc, char *argv[]) if (talsz == 0) talsz = tal_load_default(); if (talsz == 0) @@ -105,5 +105,5 @@ index 342548ce3..6b3c9e4f3 100644 /* Load optional constraint files sitting next to the TALs. */ constraints_load(); -- -2.45.2 +2.47.0 diff --git a/patches/0002-Apply-placeholders-for-portability-shim.patch b/patches/0002-Apply-placeholders-for-portability-shim.patch index 186246e..fe05794 100644 --- a/patches/0002-Apply-placeholders-for-portability-shim.patch +++ b/patches/0002-Apply-placeholders-for-portability-shim.patch @@ -1,4 +1,4 @@ -From d697673c11aac273f13b60334a98c8efaf9ab5d0 Mon Sep 17 00:00:00 2001 +From fb829d43f086b6632bdfd7ccd519325aba6a7ae3 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Mon, 20 Apr 2020 12:16:46 +0200 Subject: [PATCH 2/4] Apply placeholders for portability shim @@ -9,7 +9,7 @@ From Robert Scheck 1 file changed, 13 insertions(+), 13 deletions(-) diff --git src/usr.sbin/rpki-client/rpki-client.8 src/usr.sbin/rpki-client/rpki-client.8 -index f74d9dceb..67237c571 100644 +index aada53f8f..bbd3bc596 100644 --- src/usr.sbin/rpki-client/rpki-client.8 +++ src/usr.sbin/rpki-client/rpki-client.8 @@ -45,7 +45,7 @@ The @@ -36,7 +36,7 @@ index f74d9dceb..67237c571 100644 to fetch repositories. It must accept the .Fl rt -@@ -194,7 +194,7 @@ The skip filter is enforced during processing of the +@@ -188,7 +188,7 @@ The skip filter is enforced during processing of the .Em Subject Information Access Pq SIA extension in CA certificates, thus applies to both RSYNC and RRDP connections. By default load entries from @@ -45,7 +45,7 @@ index f74d9dceb..67237c571 100644 .It Fl s Ar timeout Terminate after .Ar timeout -@@ -220,7 +220,7 @@ This option can be used multiple times to load multiple TALs. +@@ -214,7 +214,7 @@ This option can be used multiple times to load multiple TALs. By default .Nm will load all TAL files in @@ -54,7 +54,7 @@ index f74d9dceb..67237c571 100644 TAL are small files containing a public key and URL endpoint address. .It Fl V Show the version and exit. -@@ -241,7 +241,7 @@ The directory where +@@ -235,7 +235,7 @@ The directory where .Nm will write the output files. Defaults to @@ -63,7 +63,7 @@ index f74d9dceb..67237c571 100644 .El .Pp By default -@@ -303,22 +303,22 @@ utilizes the following environment variables: +@@ -297,22 +297,22 @@ utilizes the following environment variables: URL of HTTP proxy to use. .El .Sh FILES @@ -92,7 +92,7 @@ index f74d9dceb..67237c571 100644 default roa-set output file. .El .Pp -@@ -329,7 +329,7 @@ agreement regarding ARIN service restrictions. +@@ -323,7 +323,7 @@ agreement regarding ARIN service restrictions. .Sh EXIT STATUS .Ex -std .Sh SEE ALSO @@ -102,5 +102,5 @@ index f74d9dceb..67237c571 100644 .Sh STANDARDS .Rs -- -2.45.2 +2.47.0 diff --git a/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch b/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch index 9409360..08004e6 100644 --- a/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch +++ b/patches/0003-Emit-all-output-formats-on-non-OpenBSD-systems.patch @@ -1,4 +1,4 @@ -From f2687537fce37c1fda73eebf926cfd327dbcc7ec Mon Sep 17 00:00:00 2001 +From bdb8539cf5f5b234d120af618c07af3bd55bfd02 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Fri, 6 Nov 2020 13:19:45 +0100 Subject: [PATCH 3/4] Emit all output formats on non-OpenBSD systems @@ -9,10 +9,10 @@ Subject: [PATCH 3/4] Emit all output formats on non-OpenBSD systems 2 files changed, 4 insertions(+), 3 deletions(-) diff --git src/usr.sbin/rpki-client/main.c src/usr.sbin/rpki-client/main.c -index 6b3c9e4f3..322150a12 100644 +index da1237e10..52d4b3250 100644 --- src/usr.sbin/rpki-client/main.c +++ src/usr.sbin/rpki-client/main.c -@@ -1124,7 +1124,8 @@ main(int argc, char *argv[]) +@@ -1129,7 +1129,8 @@ main(int argc, char *argv[]) if ((outdirfd = open(outputdir, O_RDONLY | O_DIRECTORY)) == -1) err(1, "output directory %s", outputdir); if (outformats == 0) @@ -23,10 +23,10 @@ index 6b3c9e4f3..322150a12 100644 check_fs_size(cachefd, cachedir); diff --git src/usr.sbin/rpki-client/rpki-client.8 src/usr.sbin/rpki-client/rpki-client.8 -index 67237c571..13eaea94f 100644 +index bbd3bc596..1bf43f173 100644 --- src/usr.sbin/rpki-client/rpki-client.8 +++ src/usr.sbin/rpki-client/rpki-client.8 -@@ -247,8 +247,8 @@ Defaults to +@@ -241,8 +241,8 @@ Defaults to By default .Nm outputs validated payloads in @@ -38,5 +38,5 @@ index 67237c571..13eaea94f 100644 .Nm should be run hourly by -- -2.45.2 +2.47.0 diff --git a/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch b/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch index ae41d7e..82030fe 100644 --- a/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch +++ b/patches/0004-Only-call-tls_config_set_ca_mem-when-pledge-is-used.patch @@ -1,4 +1,4 @@ -From 95ac765c21c3d792fc45c1c3054480bdbed11bbe Mon Sep 17 00:00:00 2001 +From b3c3247146438fcd79224555e1afee459ef63f82 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 1 Sep 2021 16:23:36 +0200 Subject: [PATCH 4/4] Only call tls_config_set_ca_mem() when pledge() is used. @@ -11,7 +11,7 @@ This is one giant hole but landlock is not capable to do proper protection. 1 file changed, 16 insertions(+) diff --git src/usr.sbin/rpki-client/http.c src/usr.sbin/rpki-client/http.c -index 78ee91e57..02ebf8184 100644 +index abc8c38ab..117805bf4 100644 --- src/usr.sbin/rpki-client/http.c +++ src/usr.sbin/rpki-client/http.c @@ -64,6 +64,9 @@ @@ -25,7 +25,7 @@ index 78ee91e57..02ebf8184 100644 #include "extern.h" @@ -166,8 +169,10 @@ static unsigned int http_conn_count; - static struct msgbuf msgq; + static struct msgbuf *msgq; static struct sockaddr_storage http_bindaddr; static struct tls_config *tls_config; +#ifdef HAVE_PLEDGE @@ -60,5 +60,5 @@ index 78ee91e57..02ebf8184 100644 if ((httpproxy = getenv("http_proxy")) != NULL && *httpproxy == '\0') httpproxy = NULL; -- -2.45.2 +2.47.0 diff --git a/patches/patch-imsg.c b/patches/patch-imsg.c deleted file mode 100644 index 0636c93..0000000 --- a/patches/patch-imsg.c +++ /dev/null @@ -1,18 +0,0 @@ ---- imsg.c.orig 2015-07-17 23:57:48.000000000 +0000 -+++ imsg.c 2015-07-17 23:58:57.000000000 +0000 -@@ -71,6 +71,7 @@ - return (-1); - - again: -+#ifdef HAVE_GETDTABLECOUNT - if (getdtablecount() + imsg_fd_overhead + - (CMSG_SPACE(sizeof(int))-CMSG_SPACE(0))/sizeof(int) - >= getdtablesize()) { -@@ -78,6 +79,7 @@ - free(ifd); - return (-1); - } -+#endif - - if ((n = recvmsg(ibuf->fd, &msg, 0)) == -1) { - if (errno == EMSGSIZE) diff --git a/update.sh b/update.sh index d3fa547..54d037b 100755 --- a/update.sh +++ b/update.sh @@ -68,7 +68,6 @@ ${CP} "${arc4random_src}"/arc4random_*.h compat ${CP} "${libutil_src}/imsg.c" compat/ ${CP} "${libutil_src}/imsg-buffer.c" compat/ -(cd compat; ${PATCH} -p0 < "${patches}/patch-imsg.c") for i in as.c aspa.c cert.c cms.c crl.c constraints.c encoding.c extern.h filemode.c \ gbr.c geofeed.c http.c io.c ip.c json.c json.h main.c mft.c \