| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Update EXTRA_DIST for the new release.
|
|
Add SPDX-License-Identifier headers to all substantial source files.
Collapse copyright years. Add some Emacs configuration for files
where the copyright notice is at the end. Add a test that every
file has SPDX-License-Identifier.
|
|
Numerous fixes to the README file by converging on standard
templates. Add a README.md for GitHub. Break thanks out into
a separate THANKS file following the convention used by remctl.
|
|
No problems found, so nothing to fix.
|
|
Update to rra-c-util 7.2:
* Improve configure output for krb5-config testing.
* Define UINT32_MAX for systems that don't have it.
* Add SPDX-License-Identifier headers to all substantial source files.
* Fix new warnings from GCC 7 and Clang warnings.
* Require Test::Strict 0.25 or later to run those tests.
* Fix off-by-one error in return-value checks for snprintf.
* Use Autoconf to probe for supported warning flags.
* Fix running module-version-t -u with current versions of Perl.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Update to C TAP Harness 4.3:
* Add support for valgrind and libtool in test lists.
* Report test failures as left and right, not wanted and expected.
* Fix string comparisons with NULL pointers and the string "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
* Avoid zero-length realloc allocations in breallocarray.
* Fix new warnings from GCC 7 and Clang warnings.
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
|
|
|
|
Use @PERL@ as the substitution variable instead of WALLET_PERL_PATH
to match normal Automake conventions. Write the scripts into the
build path, not the source path, to work properly with out-of-tree
builds. Clean up the distribution rules. Use separate Makefile rules
for each script so that make has proper dependencies.
Also fix the Perl paths in (some of) the test scripts, although there
are others for which this still isn't going to work.
|
|
The server scripts now have a unique string where the Perl path should
be, and the Makefile uses sed to insert the correct path at build time
(using the path determined by configure).
The server scripts now have .in extensions, and setting the executable
flag is handled by the Makefile.
We also have to change autogen, because it looks for the scripts in
the server directory when it generates the man pages.
|
|
Use configure to determine the path to Perl, and error out if Perl is
not found or is too old. This also means users can set a path to a
custom or weirdly-named Perl binary.
|
|
|
|
|
|
|
|
We want it to propagate to the other repository branches for Debian
packaging so that it will turn off builds in those branches.
|
|
|
|
|
|
|
|
Update to rra-c-util 5.10:
* Add missing va_end to xasprintf implementation.
* Fix Perl test suite framework for new Automake relative paths.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Test infrastructure builds cleanly with Clang warnings.
* Support comments and blank lines in test lists.
|
|
|
|
|
|
If the Test library directory already exists, we previously failed.
Use mkdir -p and probe for it in Autoconf to avoid this.
Change-Id: I1ad9f1a83af1f2ebfe1b2337aaab99913b4edeea
|
|
Otherwise, there are warnings from Build.PL due to the file missing
from the manifest.
Change-Id: I32db0199bfda25ab8235ab965bfbbca8bee180b8
Reviewed-on: https://gerrit.stanford.edu/1572
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I3dd9ae38d638cddf2307f5e07cb4a2e01422e172
Reviewed-on: https://gerrit.stanford.edu/1569
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Automake insists on not using DESTDIR for distcheck and instead
relying on prefix, but we don't want Perl module installation to
follow prefix since that may result in a module install directory that
isn't in Perl's search path. So, if and only if we're running under
distcheck, we pass the prefix in as --install_base.
When copying the Test::RRA Perl modules into the perl/t/lib tree,
use separate mkdir and $(INSTALL_DATA) instead of cp -R. The latter
copies the read-only permissions, and then distclean cannot remove
the files.
Change-Id: Ic1879defad993c76384f7c207cd04cb67889a7ac
Reviewed-on: https://gerrit.stanford.edu/1568
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I36565462a248cef0ff1560b5a1d89a20353d566f
Reviewed-on: https://gerrit.stanford.edu/1567
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I0d56ea7b64cdcc43bf59f803077d076414b1a1ce
Reviewed-on: https://gerrit.stanford.edu/1566
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I5390ec1ea8ba90394454a75acb54f1f4a25f9c83
Reviewed-on: https://gerrit.stanford.edu/1564
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Fix strictness issues across the whole code base, and ensure that
all Perl scripts enable warnings. (Hopefully enabling warnings
won't cause problems for the server.)
Change-Id: I4dee49f7a6bcbeeee21d74bf61a1fd26514f832c
Reviewed-on: https://gerrit.stanford.edu/1532
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
The wallet server now requires Perl 5.8 or later (instead of 5.006 in
previous versions) and is now built with Module::Build instead of
ExtUtils::MakeMaker. This should be transparent to anyone not working
with the source code, since Perl 5.8 was released in 2002, but
Module::Build is now required to build the wallet server. It is
included in some versions of Perl, or can be installed separately from
CPAN, distribution packages, or other sources.
Also reorganize the test suite to use subdirectories.
Change-Id: Id06120ba2bad1ebbfee3d8a48ca2f25869463165
Reviewed-on: https://gerrit.stanford.edu/1530
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Update to rra-c-util 5.5:
* Use Lancaster Consensus environment variables to control tests.
* Use calloc or reallocarray for protection against integer overflows.
* Suppress warnings from Kerberos headers in non-system paths.
* Assume calloc initializes pointers to NULL.
* Assume free(NULL) is properly ignored.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
Update to C TAP Harness 3.1:
* Reopen standard input to /dev/null when running a test list.
* Don't leak extraneous file descriptors to tests.
* Suppress lazy plans and test summaries if the test failed with bail.
* runtests now treats the command line as a list of tests by default.
* The full test executable path can now be passed to runtests -o.
* Improved harness output for tests with lazy plans.
* Improved harness output to a terminal for some abort cases.
* Flush harness output after each test even when not on a terminal.
Change-Id: I05161eb3d3be49a98f7762e876cb114da0c84e9a
Reviewed-on: https://gerrit.stanford.edu/1529
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Otherwise, they won't be copied properly to the perl directory
when building out of tree.
Change-Id: Id178d1b58d14a3595f372e25744dbdc61a81ff34
Reviewed-on: https://gerrit.stanford.edu/1527
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
A new object type, duo (Wallet::Object::Duo), is now supported. This
creates an integration with the Duo Security cloud multifactor
authentication service and allows retrieval of the integration key,
secret key, and admin hostname. Currently, only UNIX integration
types are supported. The Net::Duo Perl module is required to use this
object type. New configuration settings are required as well; see
Wallet::Config for more information. To enable this object type for
an existing wallet database, use wallet-admin to register the new
object.
Change-Id: I2c0dac75e81f526b34d6b509c4bdaecb43dd4a9d
Reviewed-on: https://gerrit.stanford.edu/1516
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I4c2b5d7c807d6c27dd18a3b92eef66d21287d21e
Reviewed-on: https://gerrit.stanford.edu/1481
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I17a6661d8088de66dbdab04c0a3dc6e10a7913ca
Reviewed-on: https://gerrit.stanford.edu/984
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Ia131200709531645b47d3bbab065d688e94f211f
Reviewed-on: https://gerrit.stanford.edu/982
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Used by the new POD tests (and eventually by other things).
Change-Id: I9704bc287f8d61fb87af99d53d836900f589c557
Reviewed-on: https://gerrit.stanford.edu/981
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Also fix some of the Makefile.am formatting of escaped multi-line
commands.
Change-Id: I024b5a8836cb8c8e3c4154e87c83be8d05a0e5f0
Reviewed-on: https://gerrit.stanford.edu/980
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I316a35a9ca7c1305650f7bd4d90b31caf9e054f9
Reviewed-on: https://gerrit.stanford.edu/979
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: Iaaacf0df45f9ac5f2158d7c9bb695a856bcffd81
Reviewed-on: https://gerrit.stanford.edu/978
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Remove tests/data/README (now moved to tests/config) and perl/t/schema.t
(rolled into admin.t). Add tests/config/README.
Change-Id: I632c5c97064299ac5a63c53b78c5abbd1dd364d6
Reviewed-on: https://gerrit.stanford.edu/977
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Change-Id: I6a84920b0c0dc1849af8a34ecf8f3fb70b45e17c
Reviewed-on: https://gerrit.stanford.edu/843
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Update to rra-c-util 4.8:
* Look for krb5-config in /usr/kerberos/bin after the user's PATH.
* Kerberos library probing fixes without transitive shared libraries.
* Fix Autoconf warnings when probing for AIX's bundled Kerberos.
* Avoid using krb5-config if --with-{krb5,gssapi}-{include,lib} given.
* Correctly remove -I/usr/include from Kerberos and GSS-API flags.
* Build on systems where krb5/krb5.h exists but krb5.h does not.
* Pass --deps to krb5-config unless --enable-reduced-depends was used.
* Do not use krb5-config results unless gssapi is supported.
* Fix probing for Heimdal's libroken to work with older versions.
* Update warning flags for GCC 4.6.1.
* Update utility library and test suite for newer GCC warnings.
* Fix broken GCC attribute markers causing compilation problems.
* Suppress warnings on compilers that support gcc's __attribute__.
* Add notices to all files copied over from rra-c-util.
* Fix warnings when reporting memory allocation failure in messages.c.
* Fix message utility library compiler warnings on 64-bit systems.
* Include strings.h for additional POSIX functions where found.
* Use an atexit handler to clean up after Kerberos tests.
* Kerberos test configuration now goes in tests/config.
* The principal of the test keytab is determined automatically.
* Simplify the test suite calls for Kerberos and remctl tests.
* Check for a missing ssize_t.
* Improve the xstrndup utility function.
* Checked asprintf variants are now void functions and cannot fail.
* Fix use of long long in portable/mkstemp.c.
* Fix test suite portability to Solaris.
* Substantial improvements to the POD syntax and spelling checks.
Update to C TAP Harness 1.12:
* Fix compliation of runtests with more aggressive warnings.
* Add a more complete usage message and a -h command-line flag.
* Flush stderr before printing output from tests.
* Better handle running shell tests without BUILD and SOURCE set.
* Fix runtests to honor -s even if BUILD and -b aren't given.
* runtests now frees all allocated resources on exit.
* Only use feature-test macros when requested or built with gcc -ansi.
* Drop is_double from the C TAP library to avoid requiring -lm.
* Avoid using local in the shell libtap.sh library.
* Suppress warnings on compilers that support gcc's __attribute__.
Change-Id: I394294d5486ac1ce265c7713bec71a148aaaf1ce
Reviewed-on: https://gerrit.stanford.edu/841
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
Install the wallet schema files generated by DBIx::Class for the
various supported database engines into /usr/local/share/wallet
(by default, using pkgdatadir) on make install. Set the default
$DB_DDL_DIRECTORY value in Wallet::Config accordingly.
Change-Id: I7ec52b171bc6aca2c3e1040c037e7cf24553231f
Reviewed-on: https://gerrit.stanford.edu/794
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
Also create the Wallet/ACL/Krb5 directory when copying the Perl
files for srcdir != builddir builds.
|
|
Add -Wformat=2 -Winit-self -Wswitch-enum -Wdeclaration-after-statement
-Wshadow to the set of gcc warnings. Stop passing -DDEBUG=1 since I no
longer use that define anywhere. Change -W to -Wextra since I'm
requiring a fairly new GCC anyway.
|
|
This confirms basic functionality, but doesn't test more interesting
things like rekeying multiple keys in the same keytab or skipping
principals that aren't from the local realm.
|
|
|
|
Build a separate wallet-rekey client that rekeys every keytab given
on the command-line. Fix some coding style issues and add internal
prototypes. Build the shared source for both clients into an
uninstalled library to save compilation time.
|
