| Summary: | Replacement of NSS private headers . . . | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matthew Harmsen <mharmsen> | ||||||
| Component: | mod_revocator | Assignee: | Matthew Harmsen <mharmsen> | ||||||
| Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 27 | CC: | mharmsen, nkinder, rcritten, rrelyea | ||||||
| Target Milestone: | --- | Keywords: | Reopened | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 797346 797347 (view as bug list) | Environment: | |||||||
| Last Closed: | 2018-11-30 19:30:23 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Bug Depends On: | 879978 | ||||||||
| Bug Blocks: | 797346, 797347 | ||||||||
| Attachments: |
|
||||||||
|
Description
Matthew Harmsen
2012-01-18 04:53:56 UTC
Copying comments from the RHEL-6.4 bug as not everyone in fedora or upstream has access to it.
mod_revocator should not keep its own copies of ckfw or base. Removing the former doesn't seem to pose difficulties as I was experimenting but with the removal of base it failed to compile. The problem is that pkcs11layer.h includes base.h, a private header of the base module. It currently needs it because of the arena functionality.
In base,h I see
#define nss_ZNEW(arenaOpt, type) ((type *)nss_ZAlloc((arenaOpt), sizeof(type)))
Grepping elsewhere in the code I found.
./mod_revocator-1.0.3/rsession.cpp: rv = nss_ZNEW(arena, NSSCKMDSession);
./mod_revocator-1.0.3/rfind.cpp: rv = nss_ZNEW(arena, NSSCKMDFindObjects);
./mod_revocator-1.0.3/rfind.cpp: fo = nss_ZNEW(arena, struct revocatorFOStr);
./mod_revocator-1.0.3/rfind.cpp: temp = nss_ZNEWARRAY((NSSArena *)NULL, CRLInstance*,
./mod_revocator-1.0.3/rfind.cpp: fo->objs = nss_ZNEWARRAY(arena, CRLInstance *, fo->n);
These are all private exports visible only by modules in the nss source tree.
nssabase.h is a public header that exports a very minimal set of arena and error functions; namely, NSSArena_Create, NSSArena_Destroy, NSS_GetError and NSS_GetErrorStack.
To meet mod_revocator's needs something like macros NSS_ZNEW and NSS_ZNEWARRAY, plus functions NSS_ZAlloc, NSS_ZRealloc, NSS_ZFreeIf added to to nssbase.h. These would be small wrappers that call their nss_ counterparts to do the work.
nss needs to export thse functions via nssbase.h as mod_revocator, and other cfw type pkcs #11 modules, need them.
For arenas the more generic functions aren't suitable because they use PL_ArenaPool whereas ckfw uses an NSSArena.
As Bob Relya states:
> arena's are an integral part of the ckfw API.
mod-revocator for its part should not include ckfw private headers.
PRIVATE_EXPORTS: ck.h, ckfw.h, ckfwm.h, ckfwtm.h, ckmd.h, and ckt.h
EXPORTS: nssck.api, nssckepv.h, nssckft.h, nssckfw.h, nssckfwc.h, nssckfwt.h, nssckg.h, nssckmdt.h, and nssckt.h are fine.
Current usage with suggested changes
$ grep include mod_revocator-1.0.3/*.c* mod_revocator-1.0.3/*.h | grep ck
REPLACEMENT
mod_revocator-1.0.3/anchor.cpp:#include "nssck.api"
mod_revocator-1.0.3/constants.c:#include "nssckt.h"
mod_revocator-1.0.3/rinst.cpp:#include "ckfwtm.h" ---> ckfwtm.h + ckfw.h
mod_revocator-1.0.3/rinst.cpp:#include "ckfw.h" ---> nssckw.h
mod_revocator-1.0.3/rinst.cpp:#include "nssckfwt.h"
mod_revocator-1.0.3/pkcs11layer.h:#include "nssckmdt.h"
mod_revocator-1.0.3/pkcs11layer.h:#include "nssckfw.h"
mod_revocator-1.0.3/pkcs11layer.h:#include "ckt.h" ---> nssckt.h
nssck.api is one file we may need need to ship. The ckfw API seems otherwise complete.
Two others private functions used are:
mod_revocator-1.0.3/rfind.cpp: (void)nsslibc_memcpy(fo->objs, temp, sizeof(CRLInstance *) * fo->n);
mod_revocator-1.0.3/robject.cpp: prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
These two can be easily replaced with:
(void) PORT_Memcopy(fo->objs, temp, sizeof(CRLInstance *) * fo->n);
prb = PORT_Memcmp(a->pValue, b->data, b->size) == 0 ? PR_TRUE : PR_FALSE;
Created attachment 651735 [details]
Suggested changes to replace usage of nss private headers
Replaces usage of nss private headers with new public ones introduced in ss-3.14.
Created attachment 651736 [details]
Part2 - posssible spec file changes
Comment on attachment 651736 [details]
Part2 - posssible spec file changes
These are minimal changes as I tested with an nss that installed nsscki.api header template in the nss include direcotory as well as the documents area. If we opt to install nsscki.api in the nested documentation direcoyry, /usr/share/docs/nss3/template, as has been suggested then some additional changes to mod_revocator.spec will be required.
This updates and saves the work in progress. Matt, If it turns out that installing nsscki.api in the /usr/includes/nss3 is not allowed and we have to do it in /usr/share/docs/nss3/templates or some other directory then mod_revocator needs to know that path and tread is as an extra directory in the includes. To mod_revocator.spec we would need to add someting like this: %build ..... # FIXME: this is a hard-coded path, should find a way to # determine it at build time NSS_CKFW_NSSCK_API_DIR=/usr/shared/docs/nss3/templates' # To configure we could someting like # --with-nsscki-inc=$NSS_CKFW_NSSCK_API_DIR \ # and the appriopriate adjustment to conf %configure \ .... I don't know how to use autoconf so I'm leaving this for wiser folks :-) -Elio (In reply to comment #7) Good news, installing nsscki.api in /usr/includes/nss3 is okay https://bugzilla.redhat.com/show_bug.cgi?id=879978#c5 and #6 That takes care of keeping things simple here. This message is a reminder that Fedora 16 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '16'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 16's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 16 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase This message is a reminder that Fedora 24 is nearing its end of life. Approximately 2 (two) weeks from now Fedora will stop maintaining and issuing updates for Fedora 24. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '24'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 24 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. Working on applying Elio's changes. This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle. Changing version to '27'. This message is a reminder that Fedora 27 is nearing its end of life. On 2018-Nov-30 Fedora will stop maintaining and issuing updates for Fedora 27. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '27'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 27 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. Fedora 27 changed to end-of-life (EOL) status on 2018-11-30. Fedora 27 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. |