=== modified file 'Makefile' --- Makefile 2013-10-24 20:38:44 +0000 +++ Makefile 2013-10-30 21:05:47 +0000 @@ -36,6 +36,7 @@ # MANDIR=$(PREFIX)/man # INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools # STATEDIR=$(DESTDIR)/var/lib/mandos +# LIBDIR=$(PREFIX)/lib ## ## These settings are for a package-type install @@ -45,8 +46,19 @@ MANDIR=$(PREFIX)/share/man INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools STATEDIR=$(DESTDIR)/var/lib/mandos +LIBDIR=$(shell \ + for d in \ + "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \ + "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \ + if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \ + echo "$(DESTDIR)$$d"; \ + break; \ + fi; \ + done) ## +SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir) + GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls) GNUTLS_LIBS=$(shell pkg-config --libs gnutls) AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core) @@ -292,8 +304,12 @@ install-server: doc install --directory $(CONFDIR) - install --directory --mode=u=rwx --owner=$(USER) \ - --group=$(GROUP) $(STATEDIR) + if install --directory --mode=u=rwx --owner=$(USER) \ + --group=$(GROUP) $(STATEDIR); then \ + :; \ + elif install --directory --mode=u=rwx $(STATEDIR); then \ + chown -- $(USER):$(GROUP) $(STATEDIR) || :; \ + fi install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \ mandos-ctl @@ -307,6 +323,9 @@ $(DESTDIR)/etc/dbus-1/system.d/mandos.conf install --mode=u=rwx,go=rx init.d-mandos \ $(DESTDIR)/etc/init.d/mandos + if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \ + install --mode=u=rw,go=r mandos.service $(SYSTEMD); \ + fi install --mode=u=rw,go=r default-mandos \ $(DESTDIR)/etc/default/mandos if [ -z $(DESTDIR) ]; then \ @@ -326,36 +345,36 @@ > $(MANDIR)/man8/intro.8mandos.gz install-client-nokey: all doc - install --directory $(PREFIX)/lib/mandos $(CONFDIR) + install --directory $(LIBDIR)/mandos $(CONFDIR) install --directory --mode=u=rwx $(KEYDIR) \ - $(PREFIX)/lib/mandos/plugins.d - if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \ + $(LIBDIR)/mandos/plugins.d + if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \ install --mode=u=rwx \ --directory "$(CONFDIR)/plugins.d"; \ fi install --mode=u=rwx,go=rx --directory \ "$(CONFDIR)/network-hooks.d" install --mode=u=rwx,go=rx \ - --target-directory=$(PREFIX)/lib/mandos plugin-runner + --target-directory=$(LIBDIR)/mandos plugin-runner install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \ mandos-keygen install --mode=u=rwx,go=rx \ - --target-directory=$(PREFIX)/lib/mandos/plugins.d \ + --target-directory=$(LIBDIR)/mandos/plugins.d \ plugins.d/password-prompt install --mode=u=rwxs,go=rx \ - --target-directory=$(PREFIX)/lib/mandos/plugins.d \ + --target-directory=$(LIBDIR)/mandos/plugins.d \ plugins.d/mandos-client install --mode=u=rwxs,go=rx \ - --target-directory=$(PREFIX)/lib/mandos/plugins.d \ + --target-directory=$(LIBDIR)/mandos/plugins.d \ plugins.d/usplash install --mode=u=rwxs,go=rx \ - --target-directory=$(PREFIX)/lib/mandos/plugins.d \ + --target-directory=$(LIBDIR)/mandos/plugins.d \ plugins.d/splashy install --mode=u=rwxs,go=rx \ - --target-directory=$(PREFIX)/lib/mandos/plugins.d \ + --target-directory=$(LIBDIR)/mandos/plugins.d \ plugins.d/askpass-fifo install --mode=u=rwxs,go=rx \ - --target-directory=$(PREFIX)/lib/mandos/plugins.d \ + --target-directory=$(LIBDIR)/mandos/plugins.d \ plugins.d/plymouth install initramfs-tools-hook \ $(INITRAMFSTOOLS)/hooks/mandos @@ -407,13 +426,13 @@ ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \ $(DESTDIR)/etc/crypttab -rm --force $(PREFIX)/sbin/mandos-keygen \ - $(PREFIX)/lib/mandos/plugin-runner \ - $(PREFIX)/lib/mandos/plugins.d/password-prompt \ - $(PREFIX)/lib/mandos/plugins.d/mandos-client \ - $(PREFIX)/lib/mandos/plugins.d/usplash \ - $(PREFIX)/lib/mandos/plugins.d/splashy \ - $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \ - $(PREFIX)/lib/mandos/plugins.d/plymouth \ + $(LIBDIR)/mandos/plugin-runner \ + $(LIBDIR)/mandos/plugins.d/password-prompt \ + $(LIBDIR)/mandos/plugins.d/mandos-client \ + $(LIBDIR)/mandos/plugins.d/usplash \ + $(LIBDIR)/mandos/plugins.d/splashy \ + $(LIBDIR)/mandos/plugins.d/askpass-fifo \ + $(LIBDIR)/mandos/plugins.d/plymouth \ $(INITRAMFSTOOLS)/hooks/mandos \ $(INITRAMFSTOOLS)/conf-hooks.d/mandos \ $(INITRAMFSTOOLS)/scripts/init-premount/mandos \ @@ -425,8 +444,8 @@ $(MANDIR)/man8/splashy.8mandos.gz \ $(MANDIR)/man8/askpass-fifo.8mandos.gz \ $(MANDIR)/man8/plymouth.8mandos.gz \ - -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \ - $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR) + -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \ + $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) update-initramfs -k all -u purge: purge-server purge-client @@ -436,7 +455,9 @@ $(DESTDIR)/etc/dbus-1/system.d/mandos.conf $(DESTDIR)/etc/default/mandos \ $(DESTDIR)/etc/init.d/mandos \ - $(DESTDIR)/run/mandos.pid + $(SYSTEMD)/mandos.service \ + $(DESTDIR)/run/mandos.pid \ + $(DESTDIR)/var/run/mandos.pid -rmdir $(CONFDIR) purge-client: uninstall-client === modified file 'TODO' --- TODO 2013-10-22 19:46:35 +0000 +++ TODO 2014-01-20 20:54:47 +0000 @@ -1,5 +1,17 @@ -*- org -*- +* GIT +** General: [[https://www.atlassian.com/git/workflows][Git Workflows]], [[http://gitimmersion.com/][Git Immersion]], [[https://news.ycombinator.com/item?id=7036628][Simple git workflow is simple]] +** Intro: [[http://www.eyrie.org/~eagle/notes/debian/git.html#combine][Using Git for Debian Packaging]] +** Use: [[https://honk.sigxcpu.org/piki/projects/git-buildpackage/][git-buildpackage]] +** Migration + tailor? + Using bzr-fastimport: [[http://www.fusonic.net/en/blog/2013/03/26/migrating-from-bazaar-to-git/][Migrating from Bazaar to Git]] +** Unresolved: [[http://jameswestby.net/bzr/builddeb/user_manual/split.html][bzr builddeb split mode]] + Maybe: [[http://honk.sigxcpu.org/projects/git-buildpackage/manual-html/gbp.import.html#GBP.IMPORT.UPSTREAM.GIT.NOTARBALL][git-buildpackage - No upstream tarballs]] + [[http://www.python.org/dev/peps/pep-0374/][PEP 374 - Choosing a distributed VCS for the Python project]] + [[http://www.emacswiki.org/emacs/GitForEmacsDevs][Git For Emacs Devs]] + * [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]] * Testing @@ -54,9 +66,6 @@ + SetPass(u"gazonk", True) -> Approval, persistent + Approve(False) -> Close client connection immediately ** TODO [#C] python-parsedatetime -** TODO [#C] systemd/launchd - http://0pointer.de/blog/projects/systemd.html - http://wiki.debian.org/systemd ** TODO Separate logging logic to own object ** TODO [#A] Limit approval_delay to max gnutls/tls timeout value ** TODO [#B] break the wait on approval_delay if connection dies === modified file 'debian/control' --- debian/control 2013-10-24 20:21:45 +0000 +++ debian/control 2013-12-15 15:38:51 +0000 @@ -6,7 +6,7 @@ Björn Påhlsson Build-Depends: debhelper (>= 9), docbook-xml, docbook-xsl, libavahi-core-dev, libgpgme11-dev, libgnutls-dev, xsltproc, - pkg-config + pkg-config, systemd Standards-Version: 3.9.4 Vcs-Bzr: http://ftp.recompile.se/pub/mandos/trunk Vcs-Browser: http://bzr.recompile.se/loggerhead/mandos/trunk/files @@ -17,7 +17,8 @@ Depends: ${misc:Depends}, python (>=2.6), python-gnutls, python-dbus, python-avahi, python-gobject, avahi-daemon, adduser, python-urwid, python (>=2.7) | python-argparse, gnupg (<< 2), - initscripts (>= 2.88dsf-13.3) + initscripts (>= 2.88dsf-13.3), avahi-daemon (>= 0.6.31-3) + | systemd-sysv Recommends: fping Description: server giving encrypted passwords to Mandos clients This is the server part of the Mandos system, which allows === modified file 'debian/mandos-client.README.Debian' --- debian/mandos-client.README.Debian 2013-09-29 15:52:19 +0000 +++ debian/mandos-client.README.Debian 2013-10-28 10:04:05 +0000 @@ -16,7 +16,8 @@ is possible to verify that the correct password will be received by this client by running the command, on the client: - /usr/lib/mandos/plugins.d/mandos-client \ + /usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH \ + )/mandos/plugins.d/mandos-client \ --pubkey=/etc/keys/mandos/pubkey.txt \ --seckey=/etc/keys/mandos/seckey.txt; echo @@ -90,4 +91,4 @@ work, "--options-for=mandos-client:--connect=
:" needs to be manually added to the file "/etc/mandos/plugin-runner.conf". - -- Teddy Hogeborn , Sun, 23 Jun 2013 17:31:53 +0200 + -- Teddy Hogeborn , Mon, 28 Oct 2013 11:02:26 +0100 === modified file 'debian/mandos-client.lintian-overrides' --- debian/mandos-client.lintian-overrides 2010-10-13 06:12:52 +0000 +++ debian/mandos-client.lintian-overrides 2014-01-20 21:50:11 +0000 @@ -2,12 +2,12 @@ # mandos-client binary: non-standard-dir-perm etc/keys/mandos/ 0700 != 0755 -# The directory /usr/lib/mandos/plugins.d contains setuid binaries -# which are not meant to be run outside an initial RAM disk +# The directory /usr/lib//mandos/plugins.d contains setuid +# binaries which are not meant to be run outside an initial RAM disk # environment (except for test purposes). It would be insecure to # allow anyone to run them. # -mandos-client binary: non-standard-dir-perm usr/lib/mandos/plugins.d/ 0700 != 0755 +mandos-client binary: non-standard-dir-perm usr/lib/*/mandos/plugins.d/ 0700 != 0755 # These binaries must be setuid root, since they need root powers, but # are started by plugin-runner(8mandos), which runs all plugins as @@ -15,14 +15,14 @@ # system, but in an initial RAM disk environment. Here they are # protected from non-root access by the directory permissions, above. # -mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/mandos-client 4755 root/root -mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/askpass-fifo 4755 root/root -mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/splashy 4755 root/root -mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/usplash 4755 root/root -mandos-client binary: setuid-binary usr/lib/mandos/plugins.d/plymouth 4755 root/root +mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/mandos-client 4755 root/root +mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/askpass-fifo 4755 root/root +mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/splashy 4755 root/root +mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/usplash 4755 root/root +mandos-client binary: setuid-binary usr/lib/*/mandos/plugins.d/plymouth 4755 root/root # The directory /etc/mandos/plugins.d can be used by local system # administrators to place plugins in, overriding and complementing -# /usr/lib/mandos/plugins.d, and must be likewise protected. +# /usr/lib//mandos/plugins.d, and must be likewise protected. # mandos-client binary: non-standard-dir-perm etc/mandos/plugins.d/ 0700 != 0755 === modified file 'debian/mandos.dirs' --- debian/mandos.dirs 2011-11-26 22:22:20 +0000 +++ debian/mandos.dirs 2013-10-27 17:42:23 +0000 @@ -5,3 +5,4 @@ etc/dbus-1/system.d usr/sbin var/lib/mandos +lib/systemd/system === modified file 'debian/mandos.postinst' --- debian/mandos.postinst 2011-11-26 22:22:20 +0000 +++ debian/mandos.postinst 2014-01-06 17:22:30 +0000 @@ -47,6 +47,16 @@ ;; esac +# Avahi version 0.6.31-2 and older provides "avahi" (instead of +# "avahi-daemon") in its /etc/init.d script header. To make +# insserv(8) happy, we edit our /etc/init.d script header to contain +# the correct string before the code added by dh_installinit calls +# update.rd-c, which calls insserv. +avahi_version="`dpkg-query --showformat='${Version}' --show avahi-daemon`" +if dpkg --compare-versions "$avahi_version" le 0.6.31-2; then + sed --in-place --expression='/^### BEGIN INIT INFO$/,/^### END INIT INFO$/s/^\(# Required-\(Stop\|Start\):.*avahi\)-daemon\>/\1/g' /etc/init.d/mandos +fi + #DEBHELPER# exit 0 === modified file 'debian/rules' --- debian/rules 2013-10-05 19:34:40 +0000 +++ debian/rules 2014-01-20 21:50:11 +0000 @@ -23,7 +23,7 @@ dh_fixperms --exclude etc/keys/mandos \ --exclude etc/mandos/clients.conf \ --exclude etc/mandos/plugins.d \ - --exclude usr/lib/mandos/plugins.d \ + --exclude usr/lib/$(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null)/mandos/plugins.d \ --exclude usr/share/doc/mandos-client/examples/network-hooks.d chmod --recursive g-w -- \ "$(CURDIR)/debian/mandos-client/usr/share/doc/mandos-client/examples/network-hooks.d" === modified file 'init.d-mandos' --- init.d-mandos 2013-10-20 15:25:09 +0000 +++ init.d-mandos 2014-01-06 15:56:54 +0000 @@ -1,12 +1,12 @@ #! /bin/sh ### BEGIN INIT INFO # Provides: mandos -# Required-Start: $remote_fs $syslog avahi -# Required-Stop: $remote_fs $syslog avahi +# Required-Start: $remote_fs $syslog avahi-daemon +# Required-Stop: $remote_fs $syslog avahi-daemon # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Mandos server -# Description: Gives encrypted passwords to Mandos clients +# Description: Server of encrypted passwords to Mandos clients ### END INIT INFO # Author: Teddy Hogeborn @@ -23,7 +23,11 @@ NAME=mandos DAEMON=/usr/sbin/$NAME DAEMON_ARGS="" -PIDFILE=/run/$NAME.pid +if [ -d /run/. ]; then + PIDFILE=/run/$NAME.pid +else + PIDFILE=/var/run/$NAME.pid +fi SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed @@ -40,7 +44,8 @@ . /lib/init/vars.sh # Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. . /lib/lsb/init-functions # @@ -118,6 +123,9 @@ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; + status) + status_of_proc "$DAEMON" "$NAME" -p "$PIDFILE" && exit 0 || exit $? + ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out @@ -144,17 +152,14 @@ esac ;; *) - # Failed to stop + # Failed to stop log_end_msg 1 ;; esac ;; - status) - status_of_proc "$DAEMON" "$NAME" -p "$PIDFILE" - ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac === modified file 'initramfs-tools-hook' --- initramfs-tools-hook 2013-10-13 01:49:18 +0000 +++ initramfs-tools-hook 2013-10-28 08:38:47 +0000 @@ -29,13 +29,15 @@ . /usr/share/initramfs-tools/hook-functions -for d in /usr /usr/local; do - if [ -d "$d"/lib/mandos ]; then - prefix="$d" +for d in /usr/lib \ + "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \ + "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/local/lib; do + if [ -d "$d"/mandos ]; then + libdir="$d" break fi done -if [ -z "$prefix" ]; then +if [ -z "$libdir" ]; then # Mandos not found exit 1 fi @@ -77,12 +79,12 @@ --mode=u=rwx "${DESTDIR}${PLUGINDIR}" # Copy the Mandos plugin runner -copy_exec "$prefix"/lib/mandos/plugin-runner "${MANDOSDIR}" +copy_exec "$libdir"/mandos/plugin-runner "${MANDOSDIR}" # Copy the plugins # Copy the packaged plugins -for file in "$prefix"/lib/mandos/plugins.d/*; do +for file in "$libdir"/mandos/plugins.d/*; do base="`basename \"$file\"`" # Is this plugin overridden? if [ -e "/etc/mandos/plugins.d/$base" ]; then === modified file 'mandos' --- mandos 2013-10-24 20:38:44 +0000 +++ mandos 2014-01-06 16:01:46 +0000 @@ -11,8 +11,8 @@ # "AvahiService" class, and some lines in "main". # # Everything else is -# Copyright © 2008-2013 Teddy Hogeborn -# Copyright © 2008-2013 Björn Påhlsson +# Copyright © 2008-2014 Teddy Hogeborn +# Copyright © 2008-2014 Björn Påhlsson # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -690,10 +690,11 @@ # If a checker exists, make sure it is not a zombie try: pid, status = os.waitpid(self.checker.pid, os.WNOHANG) - except (AttributeError, OSError) as error: - if (isinstance(error, OSError) - and error.errno != errno.ECHILD): - raise error + except AttributeError: + pass + except OSError as error: + if error.errno != errno.ECHILD: + raise else: if pid: logger.warning("Checker was a zombie") @@ -933,7 +934,9 @@ # The byte_arrays option is not supported yet on # signatures other than "ay". if prop._dbus_signature != "ay": - raise ValueError + raise ValueError("Byte arrays not supported for non-" + "'ay' signature {0!r}" + .format(prop._dbus_signature)) value = dbus.ByteArray(b''.join(chr(byte) for byte in value)) prop(value) @@ -1702,7 +1705,7 @@ logger.debug("Protocol version: %r", line) try: if int(line.strip().split()[0]) > 1: - raise RuntimeError + raise RuntimeError(line) except (ValueError, IndexError, RuntimeError) as error: logger.error("Unknown protocol version: %s", error) return @@ -1915,7 +1918,7 @@ def add_pipe(self, parent_pipe, proc): """Dummy function; override as necessary""" - raise NotImplementedError + raise NotImplementedError() class IPv6_TCPServer(MultiprocessingMixInWithPipe, @@ -2258,7 +2261,7 @@ else: raise ValueError("Unknown suffix {0!r}" .format(suffix)) - except (ValueError, IndexError) as e: + except IndexError as e: raise ValueError(*(e.args)) timevalue += delta return timevalue @@ -2457,6 +2460,8 @@ or None)) if not foreground: pidfilename = "/run/mandos.pid" + if not os.path.isdir("/run/."): + pidfilename = "/var/run/mandos.pid" pidfile = None try: pidfile = open(pidfilename, "w") @@ -2479,7 +2484,7 @@ os.setuid(uid) except OSError as error: if error.errno != errno.EPERM: - raise error + raise if debug: # Enable all possible GnuTLS debugging @@ -2790,7 +2795,7 @@ else: logger.warning("Could not save persistent state:", exc_info=e) - raise e + raise # Delete all clients, and settings from config while tcp_server.clients: === added file 'mandos.service' --- mandos.service 1970-01-01 00:00:00 +0000 +++ mandos.service 2013-12-31 16:02:18 +0000 @@ -0,0 +1,21 @@ +[Unit] +Description=Server of encrypted passwords to Mandos clients + +[Service] +Type=simple +## Type=dbus is not appropriate, because Mandos also needs to announce +## its ZeroConf service and be reachable on the network. +#Type=dbus +BusName=se.recompile.Mandos +# If you add --no-dbus, also comment out BusName above, and vice versa +ExecStart=/usr/sbin/mandos --foreground +Restart=always +KillMode=process +## Using socket activation won't work either, because systemd always +## does bind() on the socket, and also won't announce the ZeroConf +## service. +#ExecStart=/usr/sbin/mandos --foreground --socket=0 +#StandardInput=socket + +[Install] +WantedBy=multi-user.target === modified file 'mandos.xml' --- mandos.xml 2013-10-24 20:21:45 +0000 +++ mandos.xml 2013-10-26 19:05:21 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -523,6 +523,10 @@ The file containing the process id of the &COMMANDNAME; process started last. + Note: If the /run directory does not + exist, /var/run/mandos.pid will be + used instead. === modified file 'plugin-runner.c' --- plugin-runner.c 2013-10-20 15:25:09 +0000 +++ plugin-runner.c 2013-12-15 22:21:28 +0000 @@ -1071,8 +1071,20 @@ goto fallback; } +#if defined (__GNUC__) and defined (__GLIBC__) +#if not __GLIBC_PREREQ(2, 16) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-conversion" +#endif +#endif FD_SET(new_plugin->fd, &rfds_all); /* Spurious warning from - -Wconversion */ + -Wconversion in GNU libc + before 2.16 */ +#if defined (__GNUC__) and defined (__GLIBC__) +#if not __GLIBC_PREREQ(2, 16) +#pragma GCC diagnostic pop +#endif +#endif if(maxfd < new_plugin->fd){ maxfd = new_plugin->fd; @@ -1132,8 +1144,20 @@ } /* Remove the plugin */ +#if defined (__GNUC__) and defined (__GLIBC__) +#if not __GLIBC_PREREQ(2, 16) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-conversion" +#endif +#endif FD_CLR(proc->fd, &rfds_all); /* Spurious warning from - -Wconversion */ + -Wconversion in GNU libc + before 2.16 */ +#if defined (__GNUC__) and defined (__GLIBC__) +#if not __GLIBC_PREREQ(2, 16) +#pragma GCC diagnostic pop +#endif +#endif /* Block signal while modifying process_list */ ret = (int)TEMP_FAILURE_RETRY(sigprocmask @@ -1179,9 +1203,23 @@ } /* This process has not completed. Does it have any output? */ +#if defined (__GNUC__) and defined (__GLIBC__) +#if not __GLIBC_PREREQ(2, 16) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-conversion" +#endif +#endif if(proc->eof or not FD_ISSET(proc->fd, &rfds)){ /* Spurious warning from - -Wconversion */ + -Wconversion + in GNU libc + before + 2.16 */ +#if defined (__GNUC__) and defined (__GLIBC__) +#if not __GLIBC_PREREQ(2, 16) +#pragma GCC diagnostic pop +#endif +#endif /* This process had nothing to say at this time */ proc = proc->next; continue; === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2013-10-20 15:25:09 +0000 +++ plugins.d/mandos-client.c 2013-12-15 22:21:28 +0000 @@ -736,9 +736,15 @@ } if(af == AF_INET6){ to.in6.sin6_port = htons(port); +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */ - (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower and - -Wunreachable-code*/ + (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower */ +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif if(if_index == AVAHI_IF_UNSPEC){ fprintf_plus(stderr, "An IPv6 link-local address is" " incomplete without a network interface\n"); @@ -749,9 +755,7 @@ to.in6.sin6_scope_id = (uint32_t)if_index; } } else { - to.in.sin_port = htons(port); /* Spurious warnings from - -Wconversion and - -Wunreachable-code */ + to.in.sin_port = htons(port); } if(quit_now){ === modified file 'plugins.d/mandos-client.xml' --- plugins.d/mandos-client.xml 2013-10-20 15:25:09 +0000 +++ plugins.d/mandos-client.xml 2014-01-20 20:54:47 +0000 @@ -2,7 +2,7 @@ - + %common; ]> @@ -219,8 +219,9 @@ assumed to separate the address from the port number. - This option is normally only useful for testing and - debugging. + Normally, Zeroconf would be used to locate Mandos servers, + in which case this option would only be used when testing + and debugging.