+1. Note that the answer to the second part of 3.4.3 is not required
since the first part is no.
-- Garrett
Wyllys Ingersoll wrote:
> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
> This information is Copyright 2009 Sun Microsystems
> 1. Introduction
> 1.1. Project/Component Working Name:
> GnuPG and friends
> 1.2. Name of Document Author/Supplier:
> Author: Wyllys Ingersoll
> 1.3 Date of This Document:
> 16 July, 2009
> 4. Technical Description
> 1. Introduction
> 1.1. Project/Component Working Name:
> GnuPG and friends
>
> 1.2. Name of Document Author/Supplier:
> Wyllys Ingersoll
>
> 1.3. Date of This Document:
> 07/01/2009
>
> 2. Project Summary
> 2.1. Project Description:
> This project proposes to deliver GnuPG and it's associated dependencies
> to
> Solaris SFW consolidation.
>
> [from the GnuPG.org website]
> ---
> GnuPG is the GNU project's complete and free implementation of the
> OpenPGP
> standard as defined by RFC4880 . GnuPG allows to encrypt and sign your
> data and
> communication, features a versatile key managment system as well as
> access modules
> for all kind of public key directories. GnuPG, also known as GPG, is a
> command line
> tool with features for easy integration with other applications. A
> ---
>
> GnuPG is a commonly used free implementation of PGP software which is
> used
> to protect private data and communications. Several Linux distributions
> as well as BSD variants already deliver GnuPG support, [Open]Solaris is
> lacking this important security feature.
>
> The following open source packages will be delivered:
> GnuPG (current version 2.0.12)
> - GnuPG command and support tools, including gpg-agent
> and more.
> GPGME (current version 1.1.8)
> - GnuPG Made Easy is a library designed to make access
> to GnuPG easier for applications.
> libksba (current version 1.0.6)
> - Libksba provides an easy API to create and parse
> X.509 and CMS related objects.
> libassuan (current version 1.0.5)
> - Libassuan is the IPC library used by some GnuPG
> related software.
> Gnu Pth (current version 2.0.7)
> - Pth is a very portable POSIX/ANSI-C based library for
> Unix platforms
> which provides non-preemptive priority-based scheduling
> for multiple
> threads of execution (aka ``multithreading'') inside
> event-driven
> applications.
> - GnuPG depends on Pth support for the gpg-agent and
> gpg-connect-agent
> utilities that it delivers.
> - GPGME libraries also require Pth support
>
> The Gnome desktop team has requested that Solaris deliver GnuPG. GnuPG
> has several dependencies (enumerated above) that also must be integrated
> at the same time in order to deliver all of the functionality.
>
> Gnome desktop software needs GnuPG and GPGME in order to keep Evolution
> current.
> Seahorse also has a plugin module that depends on gnupg.
>
> All of the above will be packaged into separate packages so they can be
> individually
> maintained and updated without requiring a complete rebuild of the
> whole set.
> SUNWgnupg - Uncommitted
> SUNWgpgme - Uncommitted
> SUNWlibassuan - Uncommitted
> SUNWlibksba - Uncommitted
> SUNWpth - Uncommitted
>
> 2.2 Release Binding
> What is is the release binding?
> (see http://opensolaris.org/os/community/arc/policies/release-taxonomy/)
> [ ] Major
> [*] Minor
> [ ] Patch or Micro
> [ ] Unknown -- ARC review required
>
> 2.3 Type of project
> Is this case a Linux Familiarity project?
> [ ] Yes
> [*] No
>
> 2.4 Originating Community
> 2.4.1 Community Name
> Gnu Privacy Guard (GnuPG.org)
> GnuPG, GPGME, libassuan, libksba
> Gnu Portable Threads (gnu.org/software/pth)
> Pth library
>
> 2.4.2 Community Involvement
> Indicate Sun's involvement in the community
> [ ] Maintainer
> [ ] Contributor
> [*] Monitoring
>
> Will the project team work with the upstream community to resolve
> architectural issues of interest to Sun?
> [*] Yes
> [ ] No - briefly explain
>
> Will we or are we forking from the community?
> [ ] Yes - ARC review required prior to forking
> [*] No
>
>
> 3.0 Technical Description
> 3.1 Installation & Sharable
> 3.1.1S Solaris Installation - section only required for Solaris Software
> (see http://opensolaris.org/os/community/arc/policies/install-locations/
> for details)
> Does this project follow the Install Locations best practice?
> [*] Yes
> [ ] No - ARC review required
>
> Does this project install into /usr under
> [sbin|bin|lib|include|man|share]?
> [*] Yes
> [ ] No or N/A
>
> Does this project install into /opt?
> [ ] Yes - explain below
> [*] No or N/A
>
> Does this project install into a different directory structure?
> [ ] Yes - ARC review required
> [*] No or N/A
>
> Do any of the components of this project conflict with anything under
> /usr?
> (see http://opensolaris.org/os/community/arc/caselog/2007/047/ for
> details)
> [ ] Yes - explain below
> [*] No
>
> If conflicts exist then will this project install under /usr/gnu?
> [ ] Yes
> [ ] No - ARC review required
> [*] N/A
>
> Is this project installing into /usr/sfw?
> [ ] Yes - ARC review required
> [*] No
>
> 3.1.1W Windows Installation - section only required for Windows Software
> N/A
>
> 3.1.2 Share and Sharable
> Does the module include any components that are used or shared by
> other projects?
> [*] Yes
> [ ] No
>
> GnuPG is needed by Evolution and other parts of the Gnome desktop
> software suite.
>
> If yes are these components packaged to be shared with the other FOSS?
> [*] Yes
> [ ] No - ARC review required
> [ ] N/A
>
> Are these components already in the Solaris WOS?
> [ ] Yes
> [*] No - continue with next section (section 3.2)
>
> If yes are these newer versions being delivered?
> [ ] Yes
> [ ] No - ARC review required
>
> If yes are the newer versions replacing the existing versions?
> [ ] Yes
> [ ] No - ARC review required
>
> 3.2 Exported Libraries
> Are libraries being delivered by this project?
> [*] Yes
> [ ] No - continue with next section (section 3.3)
>
> Are 64-bit versions of the libraries being delivered?
> [*] Yes
> [ ] No - ARC review required
>
> Are static versions of the libraries being delivered?
> [*] Yes - ARC review required
> [ ] No
>
> -libassuan is designed and intended to be delivered as a static
> library. It is
> licensed under LGPLv2.1+
>
> - All other libraries are delivered as shared objects.
> 3.3 Services and the /etc Directory
> (see http://opensolaris.org/os/community/arc/policies/SMF-policy/)
> Does the project integrate anything into /etc/init.d or /etc/rc?.d?
> [ ] Yes - ARC review required
> [*] No
>
> Does the project integrate any new entries into /etc/inittab or
> /etc/inetd.conf?
> [ ] Yes - ARC review required
> [*] No
>
> Does the project integrate any private non-public files into
> /etc/default
> or /etc/ configuration files?
> [ ] Yes - ARC review required
> [*] No
>
> Does the service manifests method context grant rights above that
> of the noaccess user and basic privilege set?
> [ ] Yes - ARC review required
> [*] No
>
> 3.4 Security
> 3.4.1 Secure By Default
> (see
> http://opensolaris.org/os/community/arc/policies/secure-by-default/ for
> details)
> (see http://www.opensolaris.org/os/community/arc/policies/NITS-policy/
> for details)
> (see parts of
> http://opensolaris.org/os/community/arc/policies/SMF-policy/ for
> addtional details)
> Are there any network services provided by this project?
> [*] Yes
> [ ] No - continue with the next section (section 3.4.2)
>
> Are network services enabled by default?
> [ ] Yes - ARC review required
> [*] No
> [ ] N/A
>
> 3.4.2 Authorization
> (see http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/
> and
>
> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ and
>
> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/
> for details)
> Are there any setuid/setgid privileged binaries in the project?
> [ ] Yes - ARC review required
> [*] No - continue with next section (section 3.4.3)
>
> If yes then are the setuid/setgid privileges handled by the use of
> roles?
> [ ] Yes
> [ ] No - ARC review required
>
> 3.4.3 Auditing
> (see http://opensolaris.org/os/community/arc/policies/audit-policy/ for
> details)
> (see http://opensolaris.org/os/community/arc/caselog/2003/397 for
> details)
> Does this component contain administrative or security enforcing
> software?
> [ ] Yes - ARC review required
> [*] No - continue to next section (section 3.4.4)
>
> (see http://opensolaris.org/os/community/arc/caselog/2003/397 for
> details)
> Do the components create audit logs detailing what took place including
> what event
> took place, who was involved, when the event took place?
> [ ] Yes - ARC contract and Audit project team review required
> [*] No - ARC review required
>
> 3.4.4 Authentication
> (see http://opensolaris.org/os/community/arc/policies/PAM/)
> Do the components contain any authentication code?
> [ ] Yes
> [*] No - continue to next section (section 3.4.5)
>
> If yes do the components use PAM (plugable authentication modules) for
> authentication?
> [ ] Yes
> [ ] No - ARC review required
>
> If yes is a single PAM session maintained during authentication?
> [ ] Yes
> [ ] No - ARC review required
>
> If yes are the components sufficiently privileged to allow the
> requested
> operations (authentication, password change, process credential
> manipulation,
> audit state initialization)?
> [ ] Yes - briefly describe below
> [ ] No - ARC review required
>
> 3.4.5 Passwords
> (see
> http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/ and
>
> http://opensolaris.org/os/community/arc/bestpractices/passwords-files/ for
> details)
> Do any of the components for the project deal with passwords?
> [*] Yes
> [ ] No - continue to next section (section 3.4.6)
>
> GnuPG prompts for PINs and pass phrases in order to compute the keys for
> encrypting and decrypting data.
>
> If yes are these passwords entered via the CLI or environment?
> [*] Yes - ARC review required
> [ ] No
>
> Are passwords stored within the file system for the component?
> [ ] Yes
> [*] No - continue to next section (section 3.4.6)
>
> If yes are the permissions on the file such to protect exposing the
> password(s)?
> [ ] Yes
> [ ] No - ARC review required
>
> 3.4.6 General Security Questions
> (see
> http://opensolaris.org/os/community/arc/bestpractices/security-questions/ for
> details)
> Are there any network protocols used by this project?
> [ ] Yes
> [*] No - continue with the next section (section 3.5)
>
> 3.5 Networking
> Do the components access the network?
> [*] Yes
> [ ] No - continue with the next section (section 3.6)
>
> If yes do the components support IPv6?
> [*] Yes
> [ ] No - ARC review required
>
> - GnuPG uses libcurl to get IPv6 support.
>
> 3.6 Core Solaris Components
> Do the components of this project compete with or duplicate core
> Solaris components?
> [ ] Yes - ARC review required
> [*] No
>
> Examples of Core Solaris Components include but are not limited to:
>
> Secure By Default
> Authorizations
> PAM -- Plugable Authentication Module
> Privilege
> PRM -- Process Rights Management -- Privilege
> Audit
> xVm -- Virtualization
> zones / Solaris Containers
> PRM -- Process Rights Management
> RBAC -- Role Based Access Control
> TX / Trusted Extensions
> ZFS
> SMF -- Service Management Facility
> FMA -- Fault Management Architecture
> SCF -- Smart Card Facility
> IPsec
>
> 4.0 Interfaces
> (see
> http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/ for
> details)
> 4.1 Exported Interfaces
>
> Interface Name Classification Comments
> --------------------------- -------------------
> ---------------------------
> SUNWgnupg Uncommitted Package
> /usr/bin/gpg Uncommitted Command
> /usr/bin/kbxutil Uncommitted Command
> /usr/bin/gpg2 Uncommitted Command
> /usr/bin/gpgv2 Uncommitted Command
> /usr/bin/gpgsm Uncommitted Command
> /usr/bin/gpg-agent Uncommitted Command
> /usr/bin/scdaemon Uncommitted Command
> /usr/bin/gpgconf Uncommitted Command
> /usr/bin/gpg-connect-agent Uncommitted Command
> /usr/bin/gpgkey2ssh Uncommitted Command
> /usr/bin/gpgparsemail Uncommitted Command
> /usr/bin/gpgsm-gencert.sh Uncommitted Command Script
> /usr/sbin/addgnupghome Uncommitted Command
> /usr/sbin/applygnupgdefaults Uncommitted Command
>
> /usr/lib/gpg-check-pattern Uncommitted Command
> /usr/lib/gpg2keys_ldap Uncommitted Command
> /usr/lib/gpg2keys_hkp Uncommitted Command
> /usr/lib/gpg2keys_finger Uncommitted Command
> /usr/lib/gpg2keys_curl Uncommitted Command
>
> /usr/share/gnupg/help.*.txt Volatile Localized Help Text
> Files
> /usr/share/gnupg/gpg-conf.skel Volatile Build Configuration
> /usr/share/info/gnupg.info-1 Volatile Info file
> /usr/share/info/gnupg.info-2 Volatile Info file
>
> /usr/share/man/man1/gpg2.1 Uncommitted Manpage
> /usr/share/man/man1/gpgsm.1 Uncommitted Manpage
> /usr/share/man/man1/gpg-agend.1 Uncommitted Manpage
> /usr/share/man/man1/scdaemon.1 Uncommitted Manpage
> /usr/share/man/man1/gpgv2.1 Uncommitted Manpage
> /usr/share/man/man1/watchgnupg.1 Uncommitted Manpage
> /usr/share/man/man1/gpgconf.1 Uncommitted Manpage
> /usr/share/man/man1/gpg-preset-passphrase.1 Uncommitted Manpage
> /usr/share/man/man1/gpg-connect-agent.1 Uncommitted Manpage
> /usr/share/man/man1/gpgparsemail.1 Uncommitted Manpage
> /usr/share/man/man1/symcryptrun.1 Uncommitted Manpage
> /usr/share/man/man1/gpgsm-gencert.1 Uncommitted Manpage
> /usr/share/man/man1/gpg-zip.1 Uncommitted Manpage
>
> /usr/share/man/man8/addgnupghome.8 Uncommitted Manpage
> /usr/share/man/man8/applygnupgdefaults.8 Uncommitted Manpage
>
> /usr/share/doc/gnupg/* Uncommitted Documents and Examples
>
> SUNWgpgme Uncommitted Package
> /usr/include/gpgme.h Uncommitted header file
> /usr/lib/libgpgme-pth.so Uncommmitted Shared library
> /usr/lib/libgpgme-pthread.so Uncommmitted Shared library
> /usr/bin/gpgme-config Uncommitted config info script
> /usr/share/info/gpgme.info Volatile info file
> /usr/share/info/gpgme.info-1 Volatile info file
> /usr/share/info/gpgme.info-2 Volatile info file
> /usr/share/common-lisp/source/gpgme/gpgme.asd Volatile lisp
> packages
> /usr/share/common-lisp/source/gpgme/gpgme-package.lisp Volatile
> lisp packages
> /usr/share/common-lisp/source/gpgme/gpgme.lisp Volatile lisp
> packages
> /usr/share/aclocal/gpgme.m4 Volatile M4 file.
> /usr/lib/libgpgme.so Uncommmitted Shared library
>
> SUNWlibassuan Uncommitted Package
> /usr/bin/libassuan-config Uncommitted config info script
> /usr/include/assuan.h Uncommitted header file
> /usr/lib/libassuan.a Uncommitted assuan library (static)
> /usr/lib/libassuan-pth.a Uncommitted assuan library with pth
> support (static)
> /usr/share/aclocal/libassuan.m4 Volatile M4 file
> /usr/share/info/assuan.info Volatile info file
>
> SUNWlibksba Uncommitted Package
> /usr/lib/libksba.so Uncommitted ksba shared library
> /usr/include/ksba.h Uncommitted ksba header file
> /usr/bin/ksba-config Uncommitted ksba config script
> /usr/share/aclocal/ksba.m4 Volatile M4 file
> /usr/share/info/ksba.info Volatile info file
>
> SUNWpth Uncommitted Package
> /usr/bin/pth-config Uncommitted pth config script
> /usr/man/man1/pth-config.1 Uncommitted pth config script
> manpage
> /usr/man/man3/pth.3 Uncommitted pth library man page
> /usr/include/pth.h Uncommitted Pth header file
> /usr/lib/libpth.so Uncommitted Pth library
> /usr/share/aclocal/pth.m4 Volatile M4 file
>
>
> 4.2 Imported Interfaces
> Interface Name Classification Comments
> --------------------------- --------------------
> --------------------------
> libbz2 Committed SUNWbzip
> libreadline Uncommitted SUNWgnu-readline
> libgcrypt Volatile SUNWlibgcrypt
> libgpg-error Volatile SUNWlibgpg-error
> libcurl Uncommitted SUNWcurl
> libssl Volatile SUNWopenssl *
> contract required
> libcrypto Volatile SUNWopenssl *
> contract required
> libgss Committed SUNWgss
> libidn Uncommitted SUNWlibidn
> libusb External SUNWlibusb
> libresolv Committed
> libsocket Committed
> libnsl Committed
> libdl Committed
> libz Committed PSARC 2006/537
> libassuan Uncommmited * delivered by this
> project *
> libksba Uncommmited * delivered by this
> project *
> libpth Uncommmited * delivered by this
> project *
>
>
> Appendix A - References
> GnuPG home page: http://www.gnupg.org
> GnuPG 2.0 Manual:
> http://www.gnupg.org/documentation/manuals/gnupg/
> libksba Manual: http://www.gnupg.org/documentation/manuals/ksba
> libassuan Manual:
> http://www.gnupg.org/documentation/manuals/assuan
> GPGME Information:
> http://www.gnupg.org/related_software/gpgme/index.en.html
> Gnu Pth manual: http://www.gnu.org/software/pth/pth-manual.html
>
> 6. Resources and Schedule
> 6.4. Steering Committee requested information
> 6.4.1. Consolidation C-team Name:
> SFW
> 6.5. ARC review type: FastTrack
> 6.6. ARC Exposure: open
>
>
