From: <st...@us...> - 2008-09-29 15:30:38
|
Revision: 7091 http://smartfrog.svn.sourceforge.net/smartfrog/?rev=7091&view=rev Author: steve_l Date: 2008-09-29 15:29:40 +0000 (Mon, 29 Sep 2008) Log Message: ----------- SFOS-88 security exception when starting RPM installation with security turned on Modified Paths: -------------- trunk/core/release/build.xml trunk/core/release/metadata/rpm/rpm.properties trunk/core/release/metadata/rpm/smartfrog.spec trunk/core/release/src/ant/build.xml trunk/core/smartfrog/docs/sfReference.sxw trunk/core/smartfrog/docs/sfUserManual.sxw trunk/core/smartfrog/private/buildSecurity.xml trunk/core/smartfrog/src/org/smartfrog/sfcore/security/SFSecurity.java Modified: trunk/core/release/build.xml =================================================================== --- trunk/core/release/build.xml 2008-09-26 16:00:37 UTC (rev 7090) +++ trunk/core/release/build.xml 2008-09-29 15:29:40 UTC (rev 7091) @@ -1087,8 +1087,13 @@ value="/home/${rpm.ssh.user}/${rpm.ssh.dir}"/> <!--list of rpms--> + <property name="rpms.core.list" + value="smartfrog smartfrog-daemon smartfrog-demo smartfrog-javadocs smartfrog-ant smartfrog-anubis smartfrog-csvfiles smartfrog-database smartfrog-jmx smartfrog-junit smartfrog-logging smartfrog-networking smartfrog-quartz smartfrog-scripting smartfrog-www smartfrog-xml smartfrog-xmpp smartfrog-xunit smartfrog-velocity"/> + <property name="rpms.private.list" + value=" smartfrog-private-security-keys"/> <property name="rpms.list" - value="smartfrog smartfrog-daemon smartfrog-demo smartfrog-javadocs smartfrog-ant smartfrog-anubis smartfrog-csvfiles smartfrog-database smartfrog-jmx smartfrog-junit smartfrog-logging smartfrog-networking smartfrog-quartz smartfrog-scripting smartfrog-www smartfrog-xml smartfrog-xmpp smartfrog-xunit smartfrog-velocity smartfrog-private-keys"/> + value="${rpms.core.list} ${smartfrog-private-keys}"/> + <!--here are all the signed RPMs that are generated--> @@ -1170,8 +1175,11 @@ <target name="rpm-remote-uninstall" depends="rpm-upload-init" description="A forced uninstall of the RPMs, no dependency checking"> <rootssh - command="rpm --erase --nodeps ${rpm.verbosity} ${rpms.list} ${rpms.dependent.list}" + command="rpm --erase --nodeps --allmatches ${rpm.verbosity} ${rpms.private.list} ${rpms.dependent.list}" failonerror="false"/> + <rootssh + command="rpm --erase --nodeps --allmatches ${rpm.verbosity} ${rpms.core.list}" + failonerror="false"/> </target> <target name="rpm-remote-test" Modified: trunk/core/release/metadata/rpm/rpm.properties =================================================================== --- trunk/core/release/metadata/rpm/rpm.properties 2008-09-26 16:00:37 UTC (rev 7090) +++ trunk/core/release/metadata/rpm/rpm.properties 2008-09-29 15:29:40 UTC (rev 7091) @@ -42,6 +42,11 @@ rpm.vendor=Hewlett-Packard Company rpm.packager=${user.name} +#what is the start/stop value for the daemon in init.d scripts rpm.daemon.start.number=80 rpm.daemon.stop.number=20 +#What permissions to use for all /opt/smartfrog/private/hosts permissions in secure builds +#Ths +rpm.private.hosts.permissions=0555 + Modified: trunk/core/release/metadata/rpm/smartfrog.spec =================================================================== --- trunk/core/release/metadata/rpm/smartfrog.spec 2008-09-26 16:00:37 UTC (rev 7090) +++ trunk/core/release/metadata/rpm/smartfrog.spec 2008-09-29 15:29:40 UTC (rev 7091) @@ -589,28 +589,20 @@ # the security keys file only has content in it when the build property says so %files private-security-keys %{?_private_rpm:%{privatedir}} +#uncomment this to force in a host. It is here more as a development utility than +#anything anyone should need +#%{?_private_rpm:%{privatedir}/host1} -# ----------------------------------------------------------------------------- -# After installing, set up a symlink from signedLib to lib. This is -# done as a script to deal with upgrade problems. Any existing directory -# is blown away by this operation, as is a symlink. -%post -#if [ -x %{signedlib} ] ; then -#rm -rf %{signedlib} -#fi -#ln -s %{libdir} %{signedlib} -# the symlink is only deleted if there is none left; this avoids -# stamping on any newly created links. -%postun -#if [ "$1" = "0" ] ; then -# if [ -x %{signedlib} ] ; then -# rm -rf %{signedlib} -# fi -#fi +%post private-security-keys +#on a private installation, we crank back the security rights to be restricted to the user for which the RPM +#is targeted, with permissions as set at built time, ideally to something restrictive +%{?_private_rpm:chmod ${rpm.private.hosts.permissions} %{privatedir}/host*} +%{?_private_rpm:chown ${rpm.username} %{privatedir}/host*} + %files demo %defattr(0644,${rpm.username},${rpm.username},0755) %{srcdir} Modified: trunk/core/release/src/ant/build.xml =================================================================== --- trunk/core/release/src/ant/build.xml 2008-09-26 16:00:37 UTC (rev 7090) +++ trunk/core/release/src/ant/build.xml 2008-09-29 15:29:40 UTC (rev 7091) @@ -102,11 +102,15 @@ location="${core.install.dir}/lib"/> <property name="rpm.signed.lib.dir" location="${core.install.dir}/signedLib"/> + <property name="rpm.private.dir" + location="${core.install.dir}/private"/> <!--and now some file names--> <property name="smartfrog.rpmfiles.tar" location="${rpm.SOURCES}/smartfrog-${smartfrog.version}.tar"/> + <property name="smartfrog.rpmfiles.tar.gz" + location="${smartfrog.rpmfiles.tar}.gz"/> <property name="rpm.suffix" value="${smartfrog.version}-${rpm.release.version}.noarch.rpm"/> <property name="target.rpm.shortname" @@ -142,7 +146,7 @@ <target name="ready-to-prepare-binary-rpm" - depends="rpmmacros,signjars,symlink-signed-lib"/> + depends="rpmmacros,signjars,symlink-signed-lib,copy-host-directories"/> <target name="build-rpm" depends="ready-to-rpm" description="create an RPM file of the core smartfrog libraries"> @@ -168,16 +172,13 @@ <arg value="var"/> <arg value="usr"/> </exec> - <!-- - <sf-tar destfile="${smartfrog.rpmfiles.tar}" > - <fileset dir="${build.rpm.dir}/root/" includes="**/*" /> - </sf-tar> - --> <!-- now we have a sanity check --> <loadresource property="homepage"> <tarentry archive="${smartfrog.rpmfiles.tar}" name="etc/sysconfig/smartfrog"/> </loadresource> + <gzip src="${smartfrog.rpmfiles.tar}" + destfile="${smartfrog.rpmfiles.tar.gz}"/> </target> @@ -290,7 +291,7 @@ description="Create a new set of daemon host keys "> <dist target="newDaemon"> <property name="host.dir.suffix" value="" /> - <property name="CA.dir" location="security.ca.dir" /> + <property name="CA.dir" location="${security.ca.dir}" /> </dist> </target> @@ -324,5 +325,22 @@ <arg value="${rpm.signed.lib.dir}"/> </exec> </target> - + + + <!-- + This target copies the host key information from the CA dir; all hosts get copied over + The source directory is defined as host.directories.basedir (defaults to ${security.private.dir}) + And the pattern, host*, is set in host.dir.pattern. Accordingly, this target can + be set to copy over directories from a different location than that of the CA + --> + <target name="copy-host-directories" depends="ready-to-sign" + unless="copy.host.directories.disabled"> + <property name="host.directories.basedir" location="${security.private.dir}" /> + <property name="host.dir.pattern" value="host*/*" /> + <copy todir="${rpm.private.dir}"> + <fileset dir="${host.directories.basedir}" includes="${host.dir.pattern}" /> + </copy> + </target> + + </project> \ No newline at end of file Modified: trunk/core/smartfrog/private/buildSecurity.xml =================================================================== --- trunk/core/smartfrog/private/buildSecurity.xml 2008-09-26 16:00:37 UTC (rev 7090) +++ trunk/core/smartfrog/private/buildSecurity.xml 2008-09-29 15:29:40 UTC (rev 7091) @@ -108,6 +108,15 @@ </fail> </target> + <target name="echo-CA-setup" depends="ready-to-create-CA"> + <echo> + host.dir.suffix = "${host.dir.suffix}" + host.subdir = "${host.subdir}" + CA.dir = "${CA.dir}" + CAsubdir = "${CAsubdir}" + </echo> + </target> + <!-- Override point: do everything needed to create a CA --> Modified: trunk/core/smartfrog/src/org/smartfrog/sfcore/security/SFSecurity.java =================================================================== --- trunk/core/smartfrog/src/org/smartfrog/sfcore/security/SFSecurity.java 2008-09-26 16:00:37 UTC (rev 7090) +++ trunk/core/smartfrog/src/org/smartfrog/sfcore/security/SFSecurity.java 2008-09-29 15:29:40 UTC (rev 7091) @@ -26,6 +26,8 @@ import java.rmi.registry.Registry; import java.rmi.server.RMISocketFactory; import java.net.InetAddress; +import java.security.AccessControlException; + import org.smartfrog.sfcore.processcompound.SFServerSocketFactory; @@ -65,8 +67,19 @@ try { if (!alreadyInit) { // Add the new RMIClassLoaderSpi - System.setProperty("java.rmi.server.RMIClassLoaderSpi", "org.smartfrog.sfcore.security." + "SFRMIClassLoaderSpi"); + try { + System.setProperty("java.rmi.server.RMIClassLoaderSpi", + "org.smartfrog.sfcore.security." + "SFRMIClassLoaderSpi"); + } catch (AccessControlException e) { + throw (SFGeneralSecurityException) new SFGeneralSecurityException( + ("Java Security Access control exception - " + + "SmartFrog is configured to run with security on, but the smartfrog JAR is not " + + "signed by a trusted CA: " + + e.getMessage())) + .initCause(e); + } + SFSecurityProperties.readSecurityProperties(); if (Boolean.getBoolean(SFSecurityProperties.propSecurityOn)) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |