libvirt-sasl.patch (NEW) - fix SASL...

baggins Thu, 28 Apr 2011 02:48:46 -0700

Author: baggins                      Date: Thu Apr 28 09:48:27 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- fix SASL paths


---- Files affected:
packages/libvirt:
   libvirt.spec (1.27 -> 1.28) , libvirt-sasl.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/libvirt/libvirt.spec
diff -u packages/libvirt/libvirt.spec:1.27 packages/libvirt/libvirt.spec:1.28
--- packages/libvirt/libvirt.spec:1.27  Tue Mar 29 11:53:00 2011
+++ packages/libvirt/libvirt.spec       Thu Apr 28 11:48:22 2011
@@ -26,7 +26,7 @@
 Summary:       Toolkit to interact with virtualization capabilities
 Name:          libvirt
 Version:       0.8.8
-Release:       3
+Release:       3.1
 License:       LGPL
 Group:         Base/Kernel
 URL:           http://www.libvirt.org/
@@ -34,6 +34,7 @@
 # Source0-md5: ac9235576352b84b8cb17df7456bbdfc
 Source1:       %{name}.init
 Patch0:                gcrypt.patch
+Patch1:                %{name}-sasl.patch
 %{?with_lokkit:BuildRequires:  /usr/sbin/lokkit}
 %{?with_polkit:BuildRequires:  PolicyKit >= 0.6}
 %{?with_polkit:BuildRequires:  PolicyKit-devel >= 0.6}
@@ -147,6 +148,8 @@
 %prep
 %setup -q
 #%patch0 -p1
+%patch1 -p1
+
 # weird translations
 rm -f po/{my,eu_ES}.{po,gmo}
 
@@ -250,7 +253,7 @@
 %files utils
 %defattr(644,root,root,755)
 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/libvirt
-%config(noreplace) %verify(not md5 mtime size) 
%{_sysconfdir}/sasl2/libvirt.conf
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sasl/libvirt.conf
 %attr(755,root,root) %{_bindir}/virsh
 %attr(755,root,root) %{_sbindir}/libvirtd
 %attr(754,root,root) /etc/rc.d/init.d/libvirtd
@@ -280,6 +283,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.28  2011/04/28 09:48:22  baggins
+- fix SASL paths
+
 Revision 1.27  2011/03/29 09:53:00  baggins
 - rel 3
 - fix gtkdoc packaging

================================================================
Index: packages/libvirt/libvirt-sasl.patch
diff -u /dev/null packages/libvirt/libvirt-sasl.patch:1.1
--- /dev/null   Thu Apr 28 11:48:27 2011
+++ packages/libvirt/libvirt-sasl.patch Thu Apr 28 11:48:22 2011
@@ -0,0 +1,286 @@
+diff -ru libvirt-0.8.8/daemon/libvirtd.conf 
libvirt-0.8.8-sasl/daemon/libvirtd.conf
+--- libvirt-0.8.8/daemon/libvirtd.conf 2010-12-20 14:35:22.000000000 +0100
++++ libvirt-0.8.8-sasl/daemon/libvirtd.conf    2011-04-28 11:45:47.727741165 
+0200
+@@ -111,7 +111,7 @@
+ #          the network providing auth (eg, TLS/x509 certificates)
+ #
+ #  - sasl: use SASL infrastructure. The actual auth scheme is then
+-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
++#          controlled from /etc/sasl/libvirt.conf. For the TCP
+ #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+ #          For non-TCP or TLS sockets,  any scheme is allowed.
+ #
+@@ -142,7 +142,7 @@
+ # If you don't enable SASL, then all TCP traffic is cleartext.
+ # Don't do this outside of a dev/test scenario. For real world
+ # use, always enable SASL and use the GSSAPI or DIGEST-MD5
+-# mechanism in /etc/sasl2/libvirt.conf
++# mechanism in /etc/sasl/libvirt.conf
+ #auth_tcp = "sasl"
+ 
+ # Change the authentication scheme for TLS sockets.
+diff -ru libvirt-0.8.8/daemon/Makefile.am libvirt-0.8.8-sasl/daemon/Makefile.am
+--- libvirt-0.8.8/daemon/Makefile.am   2011-01-31 02:30:59.000000000 +0100
++++ libvirt-0.8.8-sasl/daemon/Makefile.am      2011-04-28 11:45:47.703741165 
+0200
+@@ -326,12 +326,12 @@
+ # the WITH_LIBVIRTD conditional
+ if HAVE_SASL
+ install-data-sasl:
+-      mkdir -p $(DESTDIR)$(sysconfdir)/sasl2/
+-      $(INSTALL_DATA) $(srcdir)/libvirtd.sasl 
$(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
++      mkdir -p $(DESTDIR)$(sysconfdir)/sasl/
++      $(INSTALL_DATA) $(srcdir)/libvirtd.sasl 
$(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
+ 
+ uninstall-data-sasl:
+-      rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
+-      rmdir $(DESTDIR)$(sysconfdir)/sasl2/
++      rm -f $(DESTDIR)$(sysconfdir)/sasl/libvirt.conf
++      rmdir $(DESTDIR)$(sysconfdir)/sasl/
+ else
+ install-data-sasl:
+ uninstall-data-sasl:
+diff -ru libvirt-0.8.8/daemon/test_libvirtd.aug 
libvirt-0.8.8-sasl/daemon/test_libvirtd.aug
+--- libvirt-0.8.8/daemon/test_libvirtd.aug     2011-01-31 02:30:59.000000000 
+0100
++++ libvirt-0.8.8-sasl/daemon/test_libvirtd.aug        2011-04-28 
11:45:47.697741165 +0200
+@@ -108,7 +108,7 @@
+ #          the network providing auth (eg, TLS/x509 certificates)
+ #
+ #  - sasl: use SASL infrastructure. The actual auth scheme is then
+-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
++#          controlled from /etc/sasl/libvirt.conf. For the TCP
+ #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+ #          For non-TCP or TLS sockets,  any scheme is allowed.
+ #
+@@ -139,7 +139,7 @@
+ # If you don't enable SASL, then all TCP traffic is cleartext.
+ # Don't do this outside of a dev/test scenario. For real world
+ # use, always enable SASL and use the GSSAPI or DIGEST-MD5
+-# mechanism in /etc/sasl2/libvirt.conf
++# mechanism in /etc/sasl/libvirt.conf
+ auth_tcp = \"sasl\"
+ 
+ # Change the authentication scheme for TLS sockets.
+@@ -383,7 +383,7 @@
+         { "#comment" = "the network providing auth (eg, TLS/x509 
certificates)" }
+         { "#comment" = "" }
+         { "#comment" = "- sasl: use SASL infrastructure. The actual auth 
scheme is then" }
+-        { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" 
}
++        { "#comment" = "controlled from /etc/sasl/libvirt.conf. For the TCP" }
+         { "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be 
used." }
+         { "#comment" = "For non-TCP or TLS sockets,  any scheme is allowed." }
+         { "#comment" = "" }
+@@ -414,7 +414,7 @@
+         { "#comment" = "If you don't enable SASL, then all TCP traffic is 
cleartext." }
+         { "#comment" = "Don't do this outside of a dev/test scenario. For 
real world" }
+         { "#comment" = "use, always enable SASL and use the GSSAPI or 
DIGEST-MD5" }
+-        { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" }
++        { "#comment" = "mechanism in /etc/sasl/libvirt.conf" }
+         { "auth_tcp" = "sasl" }
+         { "#empty" }
+         { "#comment" = "Change the authentication scheme for TLS sockets." }
+diff -ru libvirt-0.8.8/docs/auth.html libvirt-0.8.8-sasl/docs/auth.html
+--- libvirt-0.8.8/docs/auth.html       2011-02-17 05:13:12.000000000 +0100
++++ libvirt-0.8.8-sasl/docs/auth.html  2011-04-28 11:45:43.429741167 +0200
+@@ -273,7 +273,7 @@
+ The plain TCP socket of the libvirt daemon defaults to using SASL for 
authentication.
+ The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
+ username+password style authentication. To enable Kerberos single-sign-on 
instead,
+-the libvirt SASL configuration file must be changed. This is 
<code>/etc/sasl2/libvirt.conf</code>.
++the libvirt SASL configuration file must be changed. This is 
<code>/etc/sasl/libvirt.conf</code>.
+ The <code>mech_list</code> parameter must first be changed to 
<code>gssapi</code>
+ instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
+ and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the 
Kerberos
+diff -ru libvirt-0.8.8/docs/auth.html.in libvirt-0.8.8-sasl/docs/auth.html.in
+--- libvirt-0.8.8/docs/auth.html.in    2010-12-20 14:35:22.000000000 +0100
++++ libvirt-0.8.8-sasl/docs/auth.html.in       2011-04-28 11:45:43.586741167 
+0200
+@@ -115,7 +115,7 @@
+ The plain TCP socket of the libvirt daemon defaults to using SASL for 
authentication.
+ The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
+ username+password style authentication. To enable Kerberos single-sign-on 
instead,
+-the libvirt SASL configuration file must be changed. This is 
<code>/etc/sasl2/libvirt.conf</code>.
++the libvirt SASL configuration file must be changed. This is 
<code>/etc/sasl/libvirt.conf</code>.
+ The <code>mech_list</code> parameter must first be changed to 
<code>gssapi</code>
+ instead of the default <code>digest-md5</code>. If SASL is enabled on the UNIX
+ and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the 
Kerberos
+diff -ru libvirt-0.8.8/libvirt.spec libvirt-0.8.8-sasl/libvirt.spec
+--- libvirt-0.8.8/libvirt.spec 2011-02-17 05:13:09.000000000 +0100
++++ libvirt-0.8.8-sasl/libvirt.spec    2011-04-28 11:45:43.675741167 +0200
+@@ -933,7 +933,7 @@
+ %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
+ 
+ %if %{with_sasl}
+-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
++%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
+ %endif
+ 
+ %files devel
+diff -ru libvirt-0.8.8/libvirt.spec.in libvirt-0.8.8-sasl/libvirt.spec.in
+--- libvirt-0.8.8/libvirt.spec.in      2011-02-17 05:10:58.000000000 +0100
++++ libvirt-0.8.8-sasl/libvirt.spec.in 2011-04-28 11:45:43.672741167 +0200
+@@ -933,7 +933,7 @@
+ %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
+ 
+ %if %{with_sasl}
+-%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
++%config(noreplace) %{_sysconfdir}/sasl/libvirt.conf
+ %endif
+ 
+ %files devel
+diff -ru libvirt-0.8.8/src/qemu/qemu.conf libvirt-0.8.8-sasl/src/qemu/qemu.conf
+--- libvirt-0.8.8/src/qemu/qemu.conf   2011-02-16 07:36:53.000000000 +0100
++++ libvirt-0.8.8-sasl/src/qemu/qemu.conf      2011-04-28 11:45:47.091741165 
+0200
+@@ -74,18 +74,18 @@
+ # Examples include vinagre, virt-viewer and virt-manager
+ # itself. UltraVNC, RealVNC, TightVNC do not support this
+ #
+-# It is necessary to configure /etc/sasl2/qemu.conf to choose
++# It is necessary to configure /etc/sasl/qemu.conf to choose
+ # the desired SASL plugin (eg, GSSPI for Kerberos)
+ #
+ # vnc_sasl = 1
+ 
+ 
+-# The default SASL configuration file is located in /etc/sasl2/
++# The default SASL configuration file is located in /etc/sasl/
+ # When running libvirtd unprivileged, it may be desirable to
+ # override the configs in this location. Set this parameter to
+ # point to the directory, and create a qemu.conf in that location
+ #
+-# vnc_sasl_dir = "/some/directory/sasl2"
++# vnc_sasl_dir = "/some/directory/sasl"
+ 
+ 
+ 
+diff -ru libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug 
libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug
+--- libvirt-0.8.8/src/qemu/test_libvirtd_qemu.aug      2011-01-31 
02:30:59.000000000 +0100
++++ libvirt-0.8.8-sasl/src/qemu/test_libvirtd_qemu.aug 2011-04-28 
11:45:47.103741165 +0200
+@@ -67,18 +67,18 @@
+ # Examples include vinagre, virt-viewer and virt-manager
+ # itself. UltraVNC, RealVNC, TightVNC do not support this
+ #
+-# It is necessary to configure /etc/sasl2/qemu.conf to choose
++# It is necessary to configure /etc/sasl/qemu.conf to choose
+ # the desired SASL plugin (eg, GSSPI for Kerberos)
+ #
+ vnc_sasl = 1
+ 
+ 
+-# The default SASL configuration file is located in /etc/sasl2/
++# The default SASL configuration file is located in /etc/sasl/
+ # When running libvirtd unprivileged, it may be desirable to
+ # override the configs in this location. Set this parameter to
+ # point to the directory, and create a qemu.conf in that location
+ #
+-vnc_sasl_dir = \"/some/directory/sasl2\"
++vnc_sasl_dir = \"/some/directory/sasl\"
+ 
+ security_driver = \"selinux\"
+ 
+@@ -181,18 +181,18 @@
+ { "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
+ { "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
+ { "#comment" = "" }
+-{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
++{ "#comment" = "It is necessary to configure /etc/sasl/qemu.conf to choose" }
+ { "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
+ { "#comment" = "" }
+ { "vnc_sasl" = "1" }
+ { "#empty" }
+ { "#empty" }
+-{ "#comment" = "The default SASL configuration file is located in 
/etc/sasl2/" }
++{ "#comment" = "The default SASL configuration file is located in /etc/sasl/" 
}
+ { "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
+ { "#comment" = "override the configs in this location. Set this parameter to" 
}
+ { "#comment" = "point to the directory, and create a qemu.conf in that 
location" }
+ { "#comment" = "" }
+-{ "vnc_sasl_dir" = "/some/directory/sasl2" }
++{ "vnc_sasl_dir" = "/some/directory/sasl" }
+ { "#empty" }
+ { "security_driver" = "selinux" }
+ { "#empty" }
+diff -ru libvirt-0.8.8/tests/confdata/libvirtd.conf 
libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf
+--- libvirt-0.8.8/tests/confdata/libvirtd.conf 2010-05-27 14:03:22.000000000 
+0200
++++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.conf    2011-04-28 
11:45:46.878741165 +0200
+@@ -102,7 +102,7 @@
+ #          the network providing auth (eg, TLS/x509 certificates)
+ #
+ #  - sasl: use SASL infrastructure. The actual auth scheme is then
+-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
++#          controlled from /etc/sasl/libvirt.conf. For the TCP
+ #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+ #          For non-TCP or TLS sockets,  any scheme is allowed.
+ #
+@@ -133,7 +133,7 @@
+ # If you don't enable SASL, then all TCP traffic is cleartext.
+ # Don't do this outside of a dev/test scenario. For real world
+ # use, always enable SASL and use the GSSAPI or DIGEST-MD5
+-# mechanism in /etc/sasl2/libvirt.conf
++# mechanism in /etc/sasl/libvirt.conf
+ auth_tcp = "sasl"
+ 
+ # Change the authentication scheme for TLS sockets.
+diff -ru libvirt-0.8.8/tests/confdata/libvirtd.out 
libvirt-0.8.8-sasl/tests/confdata/libvirtd.out
+--- libvirt-0.8.8/tests/confdata/libvirtd.out  2010-05-27 14:03:22.000000000 
+0200
++++ libvirt-0.8.8-sasl/tests/confdata/libvirtd.out     2011-04-28 
11:45:46.875741165 +0200
+@@ -82,7 +82,7 @@
+ #          the network providing auth (eg, TLS/x509 certificates)
+ #
+ #  - sasl: use SASL infrastructure. The actual auth scheme is then
+-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
++#          controlled from /etc/sasl/libvirt.conf. For the TCP
+ #          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+ #          For non-TCP or TLS sockets,  any scheme is allowed.
+ #
+@@ -111,7 +111,7 @@
+ # If you don't enable SASL, then all TCP traffic is cleartext.
+ # Don't do this outside of a dev/test scenario. For real world
+ # use, always enable SASL and use the GSSAPI or DIGEST-MD5
+-# mechanism in /etc/sasl2/libvirt.conf
++# mechanism in /etc/sasl/libvirt.conf
+ auth_tcp = "sasl"
+ # Change the authentication scheme for TLS sockets.
+ #
+diff -ru libvirt-0.8.8/tests/qemuargv2xmltest.c 
libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c
+--- libvirt-0.8.8/tests/qemuargv2xmltest.c     2011-01-24 03:59:21.000000000 
+0100
++++ libvirt-0.8.8-sasl/tests/qemuargv2xmltest.c        2011-04-28 
11:45:46.964741165 +0200
+@@ -181,7 +181,7 @@
+     DO_TEST("graphics-vnc-socket");
+ 
+     driver.vncSASL = 1;
+-    driver.vncSASLdir = strdup("/root/.sasl2");
++    driver.vncSASLdir = strdup("/root/.sasl");
+     DO_TEST("graphics-vnc-sasl");
+     driver.vncTLS = 1;
+     driver.vncTLSx509verify = 1;
+diff -ru 
libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args 
libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
+--- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args   
2011-02-03 15:05:31.000000000 +0100
++++ 
libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args   
   2011-04-28 11:45:46.860741165 +0200
+@@ -1,5 +1,5 @@
+ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
+-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
++SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
+ -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
+ /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
+ 127.0.0.1:3,sasl -vga cirrus
+diff -ru 
libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args 
libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
+--- libvirt-0.8.8/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args    
2011-02-03 15:05:31.000000000 +0100
++++ 
libvirt-0.8.8-sasl/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args    
   2011-04-28 11:45:46.864741165 +0200
+@@ -1,5 +1,5 @@
+ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test \
+-SASL_CONF_DIR=/root/.sasl2 QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
++SASL_CONF_DIR=/root/.sasl QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc -m 214 \
+ -smp 1 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
+ /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc \
+ 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
+diff -ru libvirt-0.8.8/tests/qemuxml2argvtest.c 
libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c
+--- libvirt-0.8.8/tests/qemuxml2argvtest.c     2011-02-11 10:46:59.000000000 
+0100
++++ libvirt-0.8.8-sasl/tests/qemuxml2argvtest.c        2011-04-28 
11:45:46.767741165 +0200
+@@ -335,7 +335,7 @@
+     DO_TEST("graphics-vnc-socket", 0, false);
+ 
+     driver.vncSASL = 1;
+-    driver.vncSASLdir = strdup("/root/.sasl2");
++    driver.vncSASLdir = strdup("/root/.sasl");
+     DO_TEST("graphics-vnc-sasl", QEMUD_CMD_FLAG_VGA, false);
+     driver.vncTLS = 1;
+     driver.vncTLSx509verify = 1;
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/libvirt/libvirt.spec?r1=1.27&r2=1.28&f=u

_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

packages: libvirt/libvirt.spec, libvirt/libvirt-sasl.patch (NEW) - fix SASL...

Reply via email to