Received: by mail.netbsd.org (Postfix, from userid 605) id 95E9584E6B; Mon, 19 Dec 2022 23:18:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C22C084D8C for ; Mon, 19 Dec 2022 23:18:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id Uqwx-meITb2j for ; Mon, 19 Dec 2022 23:18:37 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id C49CE84C2C for ; Mon, 19 Dec 2022 23:18:37 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 75907FA90; Mon, 19 Dec 2022 23:18:37 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1671491917255170" MIME-Version: 1.0 Date: Mon, 19 Dec 2022 23:18:37 +0000 From: "Greg Troxel" Subject: CVS commit: pkgsrc/security/cfs To: pkgsrc-changes@NetBSD.org Reply-To: gdt@netbsd.org X-Mailer: log_accum Message-Id: <20221219231837.75907FA90@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1671491917255170 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: gdt Date: Mon Dec 19 23:18:37 UTC 2022 Modified Files: pkgsrc/security/cfs: DESCR Makefile PLIST distinfo pkgsrc/security/cfs/files: README.NetBSD.txt pkgsrc/security/cfs/patches: patch-aa patch-ab patch-af Added Files: pkgsrc/security/cfs/files: README.netbsd do_make netbsd_make_with_bad_rpcgen pkgsrc/security/cfs/patches: patch-cfs__attach.c patch-cfs__fh.c patch-getpass.h Removed Files: pkgsrc/security/cfs/files: unansi.sh pkgsrc/security/cfs/patches: patch-ac patch-ad patch-ae patch-ag patch-ah patch-cfs.c patch-cfs__cipher.c Log Message: security/cfs: Update to 1.5.0b Shift to a continution fork of cfs, which has many of our patches applied, and which is buildable with modern rpcgen. Tested on NetBSD 9 amd64 with an encrypted directory that was made with older cfs. Upstream changes are mainly modernization of the code and removal of accomodations for the 80s and 90s. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/cfs/DESCR cvs rdiff -u -r1.39 -r1.40 pkgsrc/security/cfs/Makefile cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/cfs/PLIST cvs rdiff -u -r1.16 -r1.17 pkgsrc/security/cfs/distinfo cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/cfs/files/README.NetBSD.txt cvs rdiff -u -r0 -r1.1 pkgsrc/security/cfs/files/README.netbsd \ pkgsrc/security/cfs/files/do_make \ pkgsrc/security/cfs/files/netbsd_make_with_bad_rpcgen cvs rdiff -u -r1.1 -r0 pkgsrc/security/cfs/files/unansi.sh cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/cfs/patches/patch-aa cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/cfs/patches/patch-ab cvs rdiff -u -r1.3 -r0 pkgsrc/security/cfs/patches/patch-ac \ pkgsrc/security/cfs/patches/patch-ag pkgsrc/security/cfs/patches/patch-ah cvs rdiff -u -r1.1 -r0 pkgsrc/security/cfs/patches/patch-ad \ pkgsrc/security/cfs/patches/patch-cfs.c \ pkgsrc/security/cfs/patches/patch-cfs__cipher.c cvs rdiff -u -r1.2 -r0 pkgsrc/security/cfs/patches/patch-ae cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/cfs/patches/patch-af cvs rdiff -u -r0 -r1.1 pkgsrc/security/cfs/patches/patch-cfs__attach.c \ pkgsrc/security/cfs/patches/patch-cfs__fh.c \ pkgsrc/security/cfs/patches/patch-getpass.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1671491917255170 Content-Disposition: inline Content-Length: 21462 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/cfs/DESCR diff -u pkgsrc/security/cfs/DESCR:1.2 pkgsrc/security/cfs/DESCR:1.3 --- pkgsrc/security/cfs/DESCR:1.2 Mon Sep 26 16:31:20 2022 +++ pkgsrc/security/cfs/DESCR Mon Dec 19 23:18:36 2022 @@ -12,3 +12,6 @@ file system for its underlying storage w including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. + +This is a continuation fork which does not currently intend to make +substantial changes, but is buildable on modern systems. Index: pkgsrc/security/cfs/Makefile diff -u pkgsrc/security/cfs/Makefile:1.39 pkgsrc/security/cfs/Makefile:1.40 --- pkgsrc/security/cfs/Makefile:1.39 Mon Dec 19 15:14:34 2022 +++ pkgsrc/security/cfs/Makefile Mon Dec 19 23:18:36 2022 @@ -1,20 +1,25 @@ -# $NetBSD: Makefile,v 1.39 2022/12/19 15:14:34 gdt Exp $ +# $NetBSD: Makefile,v 1.40 2022/12/19 23:18:36 gdt Exp $ -DISTNAME= cfs-1.4.1 -#DISTNAME= cfs-1.5.0.beta -PKGREVISION= 7 +VERSION= 1.5.0 +VERSION_SUFFIX_DIST= .beta +VERSION_SUFFIX_PKG= b +DISTNAME= cfs-${VERSION}${VERSION_SUFFIX_DIST} +PKGNAME= cfs-${VERSION}${VERSION_SUFFIX_PKG} CATEGORIES= security -MASTER_SITES= https://www.mattblaze.org/software/cfs-1.4.1.tar.gz -#MASTER_SITES= https://www.bayofrum.net/dist/cfs/ - -# Thanks to crees@FreeBSD.org for a continuation fork. -# https://www.freshports.org/security/cfs/ -# https://www.bayofrum.net/cgi-bin/fossil/cfs/index +MASTER_SITES= https://www.bayofrum.net/dist/cfs/ +#OLD_MASTER_SITES= https://www.mattblaze.org/software/cfs-1.4.1.tar.gz MAINTAINER= gdt@NetBSD.org HOMEPAGE= https://www.mattblaze.org/software/ #HOMEPAGE+= https://www.bayofrum.net/cgi-bin/fossil/cfs/index COMMENT= Encrypting file system, using NFS as its interface +# The LICENSE is clearly free, and like mit, with minor differences in +# keeping the license in derived works. \todo resolve +#LICENSE= mit-very-close + +# Thanks to crees@FreeBSD.org for a continuation fork. +# https://www.freshports.org/security/cfs/ +# https://www.bayofrum.net/cgi-bin/fossil/cfs/index BUILD_TARGET= cfs INSTALL_TARGET= install_cfs @@ -35,9 +40,13 @@ CFS_SUBST+= cpasswd->cfs_passwd CPASSWD MAKE_ENV+= OPSYS=${OPSYS:Q} +# \todo evaluate + # Required settings necessary to build CFS on various platforms. This is # copied from ${WRKSRC}/Makefile and from browsing the various README files. # +# By default, we assume that the makefile is ok and we can just call it. +CFS_BUILD_SCRIPT= do_make .if ${OPSYS} == "NetBSD" CFLAGS+= -DPROTOTYPES=1 CFLAGS+= -DBSD44 -DANYPORT -DCFS_PORT=2049 -DSHORTLINKS @@ -50,7 +59,6 @@ MAKE_ENV+= RPCOPTS="-b" # CFS_SUBST+= getpassword->getpass CFLAGS+= -DHAVE_GETPASS -CFS_BUILD_SCRIPT= ${WRKSRC}/netbsd_make_with_bad_rpcgen .elif ${OPSYS} == "SunOS" . if ${CC_VERSION} == gcc CFLAGS+= -traditional @@ -61,7 +69,6 @@ MAKE_ENV+= MAKE=${MAKE_PROGRAM:Q} MAKE_ENV+= LIBS="-lsocket -lnsl" MAKE_ENV+= COMPAT= MAKE_ENV+= RPCOPTS= -CFS_BUILD_SCRIPT= ${WRKSRC}/make_with_bad_rpcgen .elif ${OPSYS} == "Linux" . if ${CC_VERSION} == gcc CFLAGS+= -traditional @@ -72,32 +79,40 @@ MAKE_ENV+= MAKE=${MAKE_PROGRAM:Q} MAKE_ENV+= LIBS= MAKE_ENV+= COMPAT= MAKE_ENV+= RPCOPTS="-k -b" -CFS_BUILD_SCRIPT= ${WRKSRC}/make_with_bad_rpcgen .endif +# Turn the list of transformations into a sed expression. CFS_SUBST_SED= ${CFS_SUBST:S/->/!/:S/$/!g/:S/^/ -e s!/} DOCDIR= ${PREFIX}/share/doc/cfs RCD_SCRIPTS= cfsd +# We install *.1 manually, because the cfs_install target doesn't +# install man pages. However, we aren't building esm, because no one +# has made it work and it probably isn't that useful in a post-ssh +# world, so just remove the man page to avoid it being installed later. post-extract: @${RM} -f ${WRKSRC}/esm.1 -post-patch: +# Rename cfoo to cfs_foo, literally everywhere. Use pre-configure so +# that one can "make patch" and then mkpatches without the patches +# ending up carrying this change. +pre-configure: @cd ${WRKSRC}; for file in *; do \ ${MV} -f $${file} $${file}.presubst; \ dest=`${ECHO} $${file} | ${SED} ${CFS_SUBST_SED}`; \ ${SED} ${CFS_SUBST_SED} $${file}.presubst > $${dest}; \ ${RM} -f $${file}.presubst; \ done - @${CHMOD} +x ${CFS_BUILD_SCRIPT} + # We use SH, do it doesn't need to be x + #@${CHMOD} +x ${CFS_BUILD_SCRIPT} + +# Copy our make non-wrapper script for use later. pre-build: - @${SED} -e "s|@AWK@|${AWK}|g" \ - -e "s|@MV@|${MV}|g" \ - ${FILESDIR}/unansi.sh > ${WRKSRC}/unansi - @${CHMOD} +x ${WRKSRC}/unansi + ${CP} ${FILESDIR}/do_make ${WRKSRC} + do-build: @cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} \ Index: pkgsrc/security/cfs/PLIST diff -u pkgsrc/security/cfs/PLIST:1.5 pkgsrc/security/cfs/PLIST:1.6 --- pkgsrc/security/cfs/PLIST:1.5 Tue Mar 11 14:05:13 2014 +++ pkgsrc/security/cfs/PLIST Mon Dec 19 23:18:36 2022 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.5 2014/03/11 14:05:13 jperkin Exp $ +@comment $NetBSD: PLIST,v 1.6 2022/12/19 23:18:36 gdt Exp $ bin/cfs_attach bin/cfs_cat bin/cfs_detach @@ -17,4 +17,5 @@ man/man8/cfs_cat.8 man/man8/cfs_name.8 man/man8/cfsd.8 sbin/cfsd +share/doc/cfs/README.NetBSD.txt share/doc/cfs/notes.ms Index: pkgsrc/security/cfs/distinfo diff -u pkgsrc/security/cfs/distinfo:1.16 pkgsrc/security/cfs/distinfo:1.17 --- pkgsrc/security/cfs/distinfo:1.16 Tue Oct 26 11:17:01 2021 +++ pkgsrc/security/cfs/distinfo Mon Dec 19 23:18:36 2022 @@ -1,15 +1,11 @@ -$NetBSD: distinfo,v 1.16 2021/10/26 11:17:01 nia Exp $ +$NetBSD: distinfo,v 1.17 2022/12/19 23:18:36 gdt Exp $ -BLAKE2s (cfs-1.4.1.tar.gz) = 8d259001109b0f371058df1721a1b201862d609a8f35e23c27dbcf3e96deac46 -SHA512 (cfs-1.4.1.tar.gz) = d2bd3bd7add01eccbdb6e459847185ae9ee067b266ec908dfb5fb6a713875f655e2208ad0790020647c4952044ba252e09f4e503292b0a0f11bc1117a64e02ff -Size (cfs-1.4.1.tar.gz) = 98943 bytes -SHA1 (patch-aa) = 7df79a1e84c0866edc11496a4b2cd438ed725936 -SHA1 (patch-ab) = 1ff2d2e32b87332ec66cc8f01299fa4b1ddac81a -SHA1 (patch-ac) = 354290ff606fab97b73980e6e512f10ef1397f01 -SHA1 (patch-ad) = 2ed5967d59d8f91948b2dd9ed4b18c5073d63615 -SHA1 (patch-ae) = 57fd63e8def95b809ed1ac6ba98567fc1def4150 -SHA1 (patch-af) = 9cc2e69c45c1653843b116207e598d821ec7d8e9 -SHA1 (patch-ag) = 3c0236d65fbf01d68c590fcecc264ac269e66a7a -SHA1 (patch-ah) = 5a57ca471dae4e05895cf6995d7d2c2617fd44ab -SHA1 (patch-cfs.c) = 5cb7cda91f2838668e4e8e0fe40d835bc3ec9982 -SHA1 (patch-cfs__cipher.c) = cdf80e8657dc346e04968ce2731491e2a9f84785 +BLAKE2s (cfs-1.5.0.beta.tar.gz) = 92d58624292cecaa6c76d079914a7936d7847696e7a229876e2a17de5f35076d +SHA512 (cfs-1.5.0.beta.tar.gz) = 2c4c91a357f845b9db0365c1f580dc1e267a51dc63690e7a389090fc9d937ee859025c680fa0fb490a7904c686c2fc05d10d81bae732478d4de869b0ec10fefe +Size (cfs-1.5.0.beta.tar.gz) = 108992 bytes +SHA1 (patch-aa) = ae76f3cfc4e6f45c6e468b724c8d33e003bf2f57 +SHA1 (patch-ab) = e1b0f40fea62ba4ea5f4d284e8e6b33626b1ab78 +SHA1 (patch-af) = 4d58687bf1f12caf63f8b501806c3e973fbf3c3b +SHA1 (patch-cfs__attach.c) = 19318ac7832c2c49d8b0a6ab357726cd38139691 +SHA1 (patch-cfs__fh.c) = 365bc16161c9633fc17cb0188212175112cbcc25 +SHA1 (patch-getpass.h) = dbc8174b4ec173ad9c5734a1f22488e7608960fc Index: pkgsrc/security/cfs/files/README.NetBSD.txt diff -u pkgsrc/security/cfs/files/README.NetBSD.txt:1.1 pkgsrc/security/cfs/files/README.NetBSD.txt:1.2 --- pkgsrc/security/cfs/files/README.NetBSD.txt:1.1 Mon Dec 19 14:54:10 2022 +++ pkgsrc/security/cfs/files/README.NetBSD.txt Mon Dec 19 23:18:37 2022 @@ -1,18 +1,24 @@ -=========================================================================== -$NetBSD: README.NetBSD.txt,v 1.1 2022/12/19 14:54:10 gdt Exp $ +$NetBSD: README.NetBSD.txt,v 1.2 2022/12/19 23:18:37 gdt Exp $ -The following mail from Steve Bellovin, which can also be viewed at +The following fstab entry works with NetBSD 9: - http://mail-index.netbsd.org/current-users/2002/07/15/0006.html +127.0.0.1:/null /crypt nfs rw,noauto,-u,-2,-i,-s,-r=1024,-w=1024 0 0 + +Note that it is necessary to specify UDP, because recent NetBSD +defaults to TCP. -is relevant to users of this package: + +Beware that the message below may no longer be accurate, as it was +written some time ago. See also the following mail from Steve +Bellovin, which can also be viewed at + + http://mail-index.netbsd.org/current-users/2002/07/15/0006.html Delivered-To: current-users@netbsd.org From: "Steven M. Bellovin" To: current-users@netbsd.org Subject: Re: CFS with NetBSD 1.6 Date: Mon, 15 Jul 2002 14:00:59 +0900 -Precedence: list In message <20020630000510.2a034cf4.520079546242-0001@t-online.de>, Michael Cor e writes: @@ -37,6 +43,3 @@ figure out why. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book) - - -=========================================================================== Index: pkgsrc/security/cfs/patches/patch-aa diff -u pkgsrc/security/cfs/patches/patch-aa:1.6 pkgsrc/security/cfs/patches/patch-aa:1.7 --- pkgsrc/security/cfs/patches/patch-aa:1.6 Fri Jun 20 01:09:33 2008 +++ pkgsrc/security/cfs/patches/patch-aa Mon Dec 19 23:18:37 2022 @@ -1,35 +1,54 @@ -$NetBSD: patch-aa,v 1.6 2008/06/20 01:09:33 joerg Exp $ +$NetBSD: patch-aa,v 1.7 2022/12/19 23:18:37 gdt Exp $ ---- Makefile.orig 2001-05-04 04:29:21.000000000 +1000 +--- Makefile.orig 2022-12-19 22:46:57.638664951 +0000 +++ Makefile -@@ -74,18 +74,19 @@ - #CC=cc - #COPT=-O -DNOT_ANSI_C -DPROTOTYPES=0 - # for gcc, use --CC=gcc --COPT=-O2 -DPROTOTYPES=1 -+#CC=gcc -+#COPT=-O2 -DPROTOTYPES=1 -+CFLAGS+=${CFS_CFLAGS} +@@ -48,12 +48,13 @@ - #1B: paths: + + CC?=cc +-CFLAGS?=-O2 ++# Use CFLAGS form the environment. + + #paths: #some peple like /usr/local/sbin instead of /usr/local/etc -BINDIR=/usr/local/bin -ETCDIR=/usr/local/etc ++SBINDIR=${PREFIX}/sbin +BINDIR=${PREFIX}/bin -+ETCDIR=${PREFIX}/sbin ++ETCDIR=${PREFIX}/etc PRINTCMD=enscript -Gr2 # you only need RSAREF for ESM # these paths WILL have to be changed... --RSALIB=/usr/mab/rsaref/install/rsaref.a --RINCLUDES=/usr/mab/rsaref/source -+#RSALIB=/usr/mab/rsaref/install/rsaref.a -+#RINCLUDES=/usr/mab/rsaref/source - - # if you're a paranoid fascist, you might want to configure - # default timeouts on the attach command. If you do, -@@ -229,7 +230,7 @@ RINCLUDES=/usr/mab/rsaref/source - # (3/3) CONFIGURE: one last thing +@@ -188,6 +189,13 @@ RINCLUDES=/usr/mab/rsaref/source + #COMPAT=-lcompat + #RPCOPTS=-b + ++#* Use these for NetBSD 9 ++# For mounting, use ++# mount -o intr,udp,-2 127.0.0.1:/null /crypt ++#CFLAGS=$(COPT) -DBSD44 -DANYPORT -DCFS_PORT=2049 -DSHORTLINKS -I$(RINCLUDES) ++#COMPAT=-lcompat ++#RPCOPTS=-b ++ + ## Solaris 2.3 / SUNOS 5.x + #CFLAGS=$(COPT) -DSOLARIS2X -DPORTMAP -I$(RINCLUDES) -DPTMX + #LIBS=-lsocket -lnsl +@@ -198,17 +206,17 @@ RINCLUDES=/usr/mab/rsaref/source + #CFLAGS=$(COPT) -posix -D_BSD -DANYPORT -I$(RINCLUDES) + + ## use these for FreeBSD +-CFLAGS+=-DBSD44 -DANYPORT -DSHORTLINKS +-LIBS=-lrpcsvc +-COMPAT=-lcompat +-RPCOPTS= ++#CFLAGS+=-DBSD44 -DANYPORT -DSHORTLINKS ++#LIBS=-lrpcsvc ++#COMPAT=-lcompat ++#RPCOPTS= + + + #========================================================================== + # CONFIGURE: one last thing #========================================================================== # finally, comment out the next line: -CC=you_forgot_to_edit_the_makefile @@ -37,34 +56,18 @@ $NetBSD: patch-aa,v 1.6 2008/06/20 01:09 # now you're done with local configuration. -@@ -322,6 +323,7 @@ nfsproto_svr.c: nfsproto.x - - nfsproto.h: nfsproto.x - rpcgen $(RPCOPTS) -h -o nfsproto.h nfsproto.x -+ ./unansi ${OPSYS} nfsproto.h - - admproto_xdr.c: admproto.x - rpcgen $(RPCOPTS) -c -o admproto_xdr.c admproto.x -@@ -331,6 +333,7 @@ admproto_svr.c: admproto.x - - admproto.h: admproto.x - rpcgen $(RPCOPTS) -h -o admproto.h admproto.x -+ ./unansi ${OPSYS} admproto.h - - admproto_clnt.c: admproto.x - rpcgen $(RPCOPTS) -l -o admproto_clnt.c admproto.x -@@ -359,10 +362,11 @@ printout: $(SRCS) cfs.h mcg.h safer.h ad +@@ -344,10 +352,11 @@ printout: $(SRCS) cfs.h mcg.h safer.h ad $(PRINTCMD) $(SRCS) cfs.h mcg.h safer.h admproto.h nfsproto.h install_cfs: cfsd cattach cdetach cmkdir - install -m 0755 -c -o root cfsd $(ETCDIR) - install -m 0755 -c -o root cattach cdetach cmkdir cpasswd cfssh \ -+ ${BSD_INSTALL_PROGRAM} cfsd ${DESTDIR}$(ETCDIR) +- cname ccat cmkkey $(BINDIR) +-# install -m 0755 i o $(BINDIR) ++ ${BSD_INSTALL_PROGRAM} cfsd ${DESTDIR}$(SBINDIR) + ${BSD_INSTALL_SCRIPT} cmkkey cfssh ${DESTDIR}$(BINDIR) + ${BSD_INSTALL_SCRIPT} cattach cdetach cmkdir cpasswd \ -- cname ccat cmkkey $(BINDIR) + cname ccat ${DESTDIR}$(BINDIR) --# install -m 0755 i o $(BINDIR) +# ${BSD_INSTALL_PROGRAM} i o ${DESTDIR}$(BINDIR) @echo "Kill any running cfsd prior to restarting." @echo "See the README file for more information." Index: pkgsrc/security/cfs/patches/patch-ab diff -u pkgsrc/security/cfs/patches/patch-ab:1.3 pkgsrc/security/cfs/patches/patch-ab:1.4 --- pkgsrc/security/cfs/patches/patch-ab:1.3 Thu Jun 7 15:36:52 2001 +++ pkgsrc/security/cfs/patches/patch-ab Mon Dec 19 23:18:37 2022 @@ -1,20 +1,20 @@ -$NetBSD: patch-ab,v 1.3 2001/06/07 15:36:52 jlam Exp $ +$NetBSD: patch-ab,v 1.4 2022/12/19 23:18:37 gdt Exp $ ---- getpass.c.orig Thu May 31 17:03:02 2001 -+++ getpass.c Thu May 31 17:03:40 2001 -@@ -45,6 +45,7 @@ - #include "cfs.h" +--- getpass.c.orig 2013-05-15 16:50:30.000000000 +0000 ++++ getpass.c +@@ -44,6 +44,7 @@ + #include "getpass.h" #include "shs.h" +#ifndef HAVE_GETPASS - #if defined(irix) || defined(linux) /* hacks to use POSIX style termios instead of old BSD style sgttyb */ + /* Should be simply replaced with POSIX functions when possible */ #include -@@ -95,6 +96,7 @@ +@@ -92,6 +93,7 @@ getpassword(char *prompt) fclose(fi); - return(pbuf); + return (pbuf[0] == '\0' ? NULL : pbuf); } +#endif - old_pwcrunch(b,k) - char *b; + int + old_pwcrunch(char *b, cfs_admkey *k) Index: pkgsrc/security/cfs/patches/patch-af diff -u pkgsrc/security/cfs/patches/patch-af:1.2 pkgsrc/security/cfs/patches/patch-af:1.3 --- pkgsrc/security/cfs/patches/patch-af:1.2 Fri Oct 26 20:24:19 2012 +++ pkgsrc/security/cfs/patches/patch-af Mon Dec 19 23:18:37 2022 @@ -1,8 +1,17 @@ -$NetBSD: patch-af,v 1.2 2012/10/26 20:24:19 joerg Exp $ +$NetBSD: patch-af,v 1.3 2022/12/19 23:18:37 gdt Exp $ ---- cfs.h.orig 2012-10-26 13:15:56.000000000 +0000 +--- cfs.h.orig 2013-05-15 16:50:30.000000000 +0000 +++ cfs.h -@@ -183,6 +183,11 @@ extern instance *instances[]; +@@ -22,6 +22,8 @@ + + #include + #include ++#include /* ? */ ++#include /* ? */ + #include + + /* include files specific to cipher modules go here */ +@@ -222,6 +224,11 @@ extern instance *instances[]; extern nfstime roottime; extern cfs_fileid rootnode; @@ -14,11 +23,3 @@ $NetBSD: patch-af,v 1.2 2012/10/26 20:24 #ifdef hpux #define seteuid(x) setresuid(-1,x,-1) #define setegid(x) setresgid(-1,x,-1) -@@ -224,4 +229,6 @@ extern cfs_fileid rootnode; - #define d_fileno d_ino - */ - #endif --#include -+#include -+#include -+#include Added files: Index: pkgsrc/security/cfs/files/README.netbsd diff -u /dev/null pkgsrc/security/cfs/files/README.netbsd:1.1 --- /dev/null Mon Dec 19 23:18:37 2022 +++ pkgsrc/security/cfs/files/README.netbsd Mon Dec 19 23:18:37 2022 @@ -0,0 +1,49 @@ +This file is from upstream but missing in the distribution tarball. +It is very old and likely not longer accurate. + + +---------------------------------------- +There are a number of little details you have to pay attention to +when building CFS on NetBSD 1.5 or later. + +First, read and follow the generic instructions. Note in particular +the Makefile lines that need to be changed. + +Second, check for a bug in your distribution of NetBSD. In +/usr/include/netdb.h and /usr/include/sys/socket.h, there are +#define's for socklen_t. They should read + + #define socklen_t __socklen_t + +but some versions say + + #define socklen_t socklen_t + +The compiler doesn't like that version... + +Third, the rpcgen on NetBSD 1.5 is a variant not covered by the +generic instructions with CFS. Use the shell script + + ./netbsd_make_with_bad_rpcgen cfs + +to build CFS with the proper options. + +To run CFS, set + + rpcbind=YES + +in /etc/rc.conf. Make sure that nfs_server is set to NO (the default). +Because NFS apparently must live on port 2049 on NetBSD, it is not +possible to run an NFS server on the same machine. + +To mount /crypt, use + + mountd && \ + cfsd && \ + mount -o intr,-2 127.0.0.1:/null /crypt + +The -2 specifies version 2 of NFS. It isn't completely clear +why you have to say 127.0.0.1 instead of localhost, but it seems +to be related to v6 support. + +I have made no attempt to compile esm. Index: pkgsrc/security/cfs/files/do_make diff -u /dev/null pkgsrc/security/cfs/files/do_make:1.1 --- /dev/null Mon Dec 19 23:18:37 2022 +++ pkgsrc/security/cfs/files/do_make Mon Dec 19 23:18:37 2022 @@ -0,0 +1,8 @@ +#!/bin/sh + +# This file exists just so that we can "sh do_make" instead of calling +# make, to fit into an awkward build flow that sometimes needs a +# wrapper script. + +make $* + Index: pkgsrc/security/cfs/files/netbsd_make_with_bad_rpcgen diff -u /dev/null pkgsrc/security/cfs/files/netbsd_make_with_bad_rpcgen:1.1 --- /dev/null Mon Dec 19 23:18:37 2022 +++ pkgsrc/security/cfs/files/netbsd_make_with_bad_rpcgen Mon Dec 19 23:18:37 2022 @@ -0,0 +1,33 @@ +#!/bin/sh +# This file is missing from the upstream distfile. +# this will make CFS for NetBSD (and other) systems with the +# wrong version of rpcgen +make CC="cc -traditional \ + -Dnfsproc_null_2_svc=nfsproc_null_2 \ + -Dnfsproc_getattr_2_svc=nfsproc_getattr_2 \ + -Dnfsproc_setattr_2_svc=nfsproc_setattr_2 \ + -Dnfsproc_root_2_svc=nfsproc_root_2 \ + -Dnfsproc_lookup_2_svc=nfsproc_lookup_2 \ + -Dnfsproc_readlink_2_svc=nfsproc_readlink_2 \ + -Dnfsproc_read_2_svc=nfsproc_read_2 \ + -Dnfsproc_writecache_2_svc=nfsproc_writecache_2 \ + -Dnfsproc_write_2_svc=nfsproc_write_2 \ + -Dnfsproc_create_2_svc=nfsproc_create_2 \ + -Dnfsproc_remove_2_svc=nfsproc_remove_2 \ + -Dnfsproc_rename_2_svc=nfsproc_rename_2 \ + -Dnfsproc_link_2_svc=nfsproc_link_2 \ + -Dnfsproc_symlink_2_svc=nfsproc_symlink_2 \ + -Dnfsproc_mkdir_2_svc=nfsproc_mkdir_2 \ + -Dnfsproc_rmdir_2_svc=nfsproc_rmdir_2 \ + -Dnfsproc_readdir_2_svc=nfsproc_readdir_2 \ + -Dnfsproc_statfs_2_svc=nfsproc_statfs_2 \ + -Dadmproc_null_2_svc=admproc_null_2 \ + -Dadmproc_attach_2_svc=admproc_attach_2 \ + -Dadmproc_detach_2_svc=admproc_detach_2 \ + -Dadmproc_null_1_svc=admproc_null_1 \ + -Dadmproc_attach_1_svc=admproc_attach_1 \ + -Dadmproc_detach_1_svc=admproc_detach_1 \ + -Dadmproc_ls_1_svc=admproc_ls_1 \ + " $* + + Index: pkgsrc/security/cfs/patches/patch-cfs__attach.c diff -u /dev/null pkgsrc/security/cfs/patches/patch-cfs__attach.c:1.1 --- /dev/null Mon Dec 19 23:18:37 2022 +++ pkgsrc/security/cfs/patches/patch-cfs__attach.c Mon Dec 19 23:18:37 2022 @@ -0,0 +1,21 @@ +$NetBSD: patch-cfs__attach.c,v 1.1 2022/12/19 23:18:37 gdt Exp $ + +For NetBSD, use statvfs. + +\todo Send upstream. + +--- cattach.c.orig 2022-12-19 22:34:48.224422733 +0000 ++++ cattach.c +@@ -83,8 +83,12 @@ main(int argc, char *argv[]) + struct fs_data sfb; + #define f_blocks fd_req.btot + #else ++#if defined(__NetBSD_Version__) && __NetBSD_Version__ >= 299000900 ++ struct statvfs sfb; ++#else + struct statfs sfb; + #endif ++#endif + char *flg; + int ciph; + FILE *fp; Index: pkgsrc/security/cfs/patches/patch-cfs__fh.c diff -u /dev/null pkgsrc/security/cfs/patches/patch-cfs__fh.c:1.1 --- /dev/null Mon Dec 19 23:18:37 2022 +++ pkgsrc/security/cfs/patches/patch-cfs__fh.c Mon Dec 19 23:18:37 2022 @@ -0,0 +1,14 @@ +$NetBSD: patch-cfs__fh.c,v 1.1 2022/12/19 23:18:37 gdt Exp $ + +--- cfs_fh.c.orig 2013-05-15 16:50:30.000000000 +0000 ++++ cfs_fh.c +@@ -492,7 +492,9 @@ fhtofd(cfs_fileid *f, int mode) + openfd=NULL; + } + ++#if 0 + if (mode==0) { mode=CFS_WRITE; } ++#endif + /* Phil Karn's hack for R/O file systems */ + if ((fd=open(f->name,mode,0))<0 && errno == EROFS) { + mode = CFS_READ; /* Force read and try again */ Index: pkgsrc/security/cfs/patches/patch-getpass.h diff -u /dev/null pkgsrc/security/cfs/patches/patch-getpass.h:1.1 --- /dev/null Mon Dec 19 23:18:37 2022 +++ pkgsrc/security/cfs/patches/patch-getpass.h Mon Dec 19 23:18:37 2022 @@ -0,0 +1,18 @@ +$NetBSD: patch-getpass.h,v 1.1 2022/12/19 23:18:37 gdt Exp $ + +See scheme in pkgsrc Makefile to use getpass rather than cfs's getpassword. + +The entire scheme needs discussion with upstream. + +--- getpass.h.orig 2022-12-19 22:34:48.546071775 +0000 ++++ getpass.h +@@ -4,7 +4,9 @@ + /* Historically getpass only allowed 127 chars, but stdin entry allowed 255 */ + #define MAX_PASSPHRASE_LEN 255 + ++#ifndef HAVE_GETPASS + char *getpassword(char *); ++#endif + int old_pwcrunch(char *, cfs_admkey *); + int new_pwcrunch(char *, cfs_admkey *); + void decrypt_key(cfs_admkey *, u_char *); --_----------=_1671491917255170--