Browse Source

Import upstream version 7

Nathaniel McCallum 1 year ago
parent
commit
2fc66e0892
21 changed files with 537 additions and 1017 deletions
  1. 26 9
      Makefile.am
  2. 94 104
      Makefile.in
  3. 22 22
      aclocal.m4
  4. 6 5
      compile
  5. 27 13
      config.guess
  6. 21 8
      config.sub
  7. 74 10
      configure
  8. 9 1
      configure.ac
  9. 4 4
      depcomp
  10. 0 70
      doc/tang-nagios.1
  11. 33 0
      doc/tang-show-keys.1.adoc
  12. 0 137
      doc/tang.8
  13. 143 0
      doc/tang.8.adoc
  14. 2 2
      install-sh
  15. 4 4
      missing
  16. 0 552
      src/nagios.c
  17. 14 22
      tests/nagios
  18. 4 4
      test-driver
  19. 50 47
      tests/adv
  20. 4 1
      units/tangd.socket.in
  21. 0 2
      units/tangd@.service.in

+ 26 - 9
Makefile.am

@@ -1,9 +1,12 @@
 DISTCHECK_CONFIGURE_FLAGS = --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
+BUILT_SOURCES=
+CLEANFILES=
+man1_MANS=
+man8_MANS=
 
 AM_CFLAGS = @TANG_CFLAGS@ @jose_CFLAGS@
 LDADD = @jose_LIBS@ @http_parser_LIBS@
 
-nagiosdir = $(libdir)/nagios/plugins
 cachedir = $(localstatedir)/cache/$(PACKAGE_NAME)
 jwkdir = $(localstatedir)/db/$(PACKAGE_NAME)
 
@@ -15,13 +18,28 @@ nodist_systemdsystemunit_DATA = \
     units/tangd-keygen.service
 
 dist_libexec_SCRIPTS = src/tangd-update src/tangd-keygen
+dist_bin_SCRIPTS = src/tang-show-keys
 libexec_PROGRAMS = src/tangd
-nagios_PROGRAMS = src/tang
-man1_MANS = doc/tang-nagios.1
-man8_MANS = doc/tang.8
+
+man_ADOC_FILES= \
+	doc/tang-show-keys.1.adoc \
+	doc/tang.8.adoc
+
+if HAVE_A2X
+man_ROFF_FILES = $(man_ADOC_FILES:.adoc=.roff)
+BUILT_SOURCES += $(man_ROFF_FILES)
+CLEANFILES += $(man_ROFF_FILES) $(man_ROFF_FILES:.roff=)
+
+$(top_builddir)/%.roff: %.adoc
+	$(MKDIR_P) $$(dirname $@)
+	$(A2X) -f manpage $^ -D $(top_builddir)/$$(dirname $@)
+	$(INSTALL) -m 644 $(top_builddir)/$(@:.roff=) $(top_builddir)/$@
+
+man1_MANS += doc/tang-show-keys.1
+man8_MANS += doc/tang.8
+endif
 
 src_tangd_SOURCES = src/http.c src/http.h src/tangd.c
-src_tang_SOURCES = src/nagios.c
 
 %: %.in
 	$(AM_V_GEN)mkdir -p "`dirname "$@"`"
@@ -32,12 +50,11 @@ src_tang_SOURCES = src/nagios.c
 		$(srcdir)/$@.in > $@
 
 AM_TESTS_ENVIRONMENT = SD_ACTIVATE="@SD_ACTIVATE@" PATH=$(srcdir)/src:$(builddir)/src:$(PATH)
-TESTS = tests/adv tests/rec tests/nagios
+TESTS = tests/adv tests/rec
 
-CLEANFILES = $(nodist_systemdsystemunit_DATA)
+CLEANFILES += $(nodist_systemdsystemunit_DATA)
 EXTRA_DIST = \
     $(foreach unit,$(nodist_systemdsystemunit_DATA),$(unit).in) \
     COPYING \
     $(TESTS) \
-    $(man1_MANS) \
-    $(man8_MANS)
+    $(man_ADOC_FILES)

+ 94 - 104
Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -92,29 +92,28 @@ build_triplet = @build@
 host_triplet = @host@
 target_triplet = @target@
 libexec_PROGRAMS = src/tangd$(EXEEXT)
-nagios_PROGRAMS = src/tang$(EXEEXT)
+@HAVE_A2X_TRUE@am__append_1 = $(man_ROFF_FILES)
+@HAVE_A2X_TRUE@am__append_2 = $(man_ROFF_FILES) $(man_ROFF_FILES:.roff=)
+@HAVE_A2X_TRUE@am__append_3 = doc/tang-show-keys.1
+@HAVE_A2X_TRUE@am__append_4 = doc/tang.8
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
-	$(am__configure_deps) $(dist_libexec_SCRIPTS) \
-	$(am__DIST_COMMON)
+	$(am__configure_deps) $(dist_bin_SCRIPTS) \
+	$(dist_libexec_SCRIPTS) $(am__DIST_COMMON)
 am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(nagiosdir)" \
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" \
 	"$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" \
 	"$(DESTDIR)$(man8dir)" "$(DESTDIR)$(systemdsystemunitdir)"
-PROGRAMS = $(libexec_PROGRAMS) $(nagios_PROGRAMS)
+PROGRAMS = $(libexec_PROGRAMS)
 am__dirstamp = $(am__leading_dot)dirstamp
-am_src_tang_OBJECTS = src/nagios.$(OBJEXT)
-src_tang_OBJECTS = $(am_src_tang_OBJECTS)
-src_tang_LDADD = $(LDADD)
-src_tang_DEPENDENCIES =
 am_src_tangd_OBJECTS = src/http.$(OBJEXT) src/tangd.$(OBJEXT)
 src_tangd_OBJECTS = $(am_src_tangd_OBJECTS)
 src_tangd_LDADD = $(LDADD)
@@ -146,7 +145,7 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-SCRIPTS = $(dist_libexec_SCRIPTS)
+SCRIPTS = $(dist_bin_SCRIPTS) $(dist_libexec_SCRIPTS)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -175,8 +174,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(src_tang_SOURCES) $(src_tangd_SOURCES)
-DIST_SOURCES = $(src_tang_SOURCES) $(src_tangd_SOURCES)
+SOURCES = $(src_tangd_SOURCES)
+DIST_SOURCES = $(src_tangd_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -403,6 +402,7 @@ distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
 distcleancheck_listfiles = find . -type f -print
+A2X = @A2X@
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
 AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
@@ -513,9 +513,12 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 DISTCHECK_CONFIGURE_FLAGS = --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir)
+BUILT_SOURCES = $(am__append_1)
+CLEANFILES = $(am__append_2) $(nodist_systemdsystemunit_DATA)
+man1_MANS = $(am__append_3)
+man8_MANS = $(am__append_4)
 AM_CFLAGS = @TANG_CFLAGS@ @jose_CFLAGS@
 LDADD = @jose_LIBS@ @http_parser_LIBS@
-nagiosdir = $(libdir)/nagios/plugins
 cachedir = $(localstatedir)/cache/$(PACKAGE_NAME)
 jwkdir = $(localstatedir)/db/$(PACKAGE_NAME)
 nodist_systemdsystemunit_DATA = \
@@ -526,21 +529,23 @@ nodist_systemdsystemunit_DATA = \
     units/tangd-keygen.service
 
 dist_libexec_SCRIPTS = src/tangd-update src/tangd-keygen
-man1_MANS = doc/tang-nagios.1
-man8_MANS = doc/tang.8
+dist_bin_SCRIPTS = src/tang-show-keys
+man_ADOC_FILES = \
+	doc/tang-show-keys.1.adoc \
+	doc/tang.8.adoc
+
+@HAVE_A2X_TRUE@man_ROFF_FILES = $(man_ADOC_FILES:.adoc=.roff)
 src_tangd_SOURCES = src/http.c src/http.h src/tangd.c
-src_tang_SOURCES = src/nagios.c
 AM_TESTS_ENVIRONMENT = SD_ACTIVATE="@SD_ACTIVATE@" PATH=$(srcdir)/src:$(builddir)/src:$(PATH)
-TESTS = tests/adv tests/rec tests/nagios
-CLEANFILES = $(nodist_systemdsystemunit_DATA)
+TESTS = tests/adv tests/rec
 EXTRA_DIST = \
     $(foreach unit,$(nodist_systemdsystemunit_DATA),$(unit).in) \
     COPYING \
     $(TESTS) \
-    $(man1_MANS) \
-    $(man8_MANS)
+    $(man_ADOC_FILES)
 
-all: all-am
+all: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) all-am
 
 .SUFFIXES:
 .SUFFIXES: .c .log .o .obj .test .test$(EXEEXT) .trs
@@ -619,66 +624,53 @@ uninstall-libexecPROGRAMS:
 
 clean-libexecPROGRAMS:
 	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-install-nagiosPROGRAMS: $(nagios_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	@list='$(nagios_PROGRAMS)'; test -n "$(nagiosdir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(nagiosdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(nagiosdir)" || exit 1; \
-	fi; \
-	for p in $$list; do echo "$$p $$p"; done | \
-	sed 's/$(EXEEXT)$$//' | \
-	while read p p1; do if test -f $$p \
-	  ; then echo "$$p"; echo "$$p"; else :; fi; \
-	done | \
-	sed -e 'p;s,.*/,,;n;h' \
-	    -e 's|.*|.|' \
-	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
-	sed 'N;N;N;s,\n, ,g' | \
-	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
-	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
-	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
-	    else { print "f", $$3 "/" $$4, $$1; } } \
-	  END { for (d in files) print "f", d, files[d] }' | \
-	while read type dir files; do \
-	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
-	    test -z "$$files" || { \
-	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(nagiosdir)$$dir'"; \
-	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(nagiosdir)$$dir" || exit $$?; \
-	    } \
-	; done
-
-uninstall-nagiosPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(nagios_PROGRAMS)'; test -n "$(nagiosdir)" || list=; \
-	files=`for p in $$list; do echo "$$p"; done | \
-	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-	      -e 's/$$/$(EXEEXT)/' \
-	`; \
-	test -n "$$list" || exit 0; \
-	echo " ( cd '$(DESTDIR)$(nagiosdir)' && rm -f" $$files ")"; \
-	cd "$(DESTDIR)$(nagiosdir)" && rm -f $$files
-
-clean-nagiosPROGRAMS:
-	-test -z "$(nagios_PROGRAMS)" || rm -f $(nagios_PROGRAMS)
 src/$(am__dirstamp):
 	@$(MKDIR_P) src
 	@: > src/$(am__dirstamp)
 src/$(DEPDIR)/$(am__dirstamp):
 	@$(MKDIR_P) src/$(DEPDIR)
 	@: > src/$(DEPDIR)/$(am__dirstamp)
-src/nagios.$(OBJEXT): src/$(am__dirstamp) \
-	src/$(DEPDIR)/$(am__dirstamp)
-
-src/tang$(EXEEXT): $(src_tang_OBJECTS) $(src_tang_DEPENDENCIES) $(EXTRA_src_tang_DEPENDENCIES) src/$(am__dirstamp)
-	@rm -f src/tang$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(src_tang_OBJECTS) $(src_tang_LDADD) $(LIBS)
 src/http.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp)
 src/tangd.$(OBJEXT): src/$(am__dirstamp) src/$(DEPDIR)/$(am__dirstamp)
 
 src/tangd$(EXEEXT): $(src_tangd_OBJECTS) $(src_tangd_DEPENDENCIES) $(EXTRA_src_tangd_DEPENDENCIES) src/$(am__dirstamp)
 	@rm -f src/tangd$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(src_tangd_OBJECTS) $(src_tangd_LDADD) $(LIBS)
+install-dist_binSCRIPTS: $(dist_bin_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	@list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-dist_binSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir)
 install-dist_libexecSCRIPTS: $(dist_libexec_SCRIPTS)
 	@$(NORMAL_INSTALL)
 	@list='$(dist_libexec_SCRIPTS)'; test -n "$(libexecdir)" || list=; \
@@ -723,7 +715,6 @@ distclean-compile:
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/http.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/nagios.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/tangd.Po@am__quote@
 
 .c.o:
@@ -1059,13 +1050,6 @@ tests/rec.log: tests/rec
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
-tests/nagios.log: tests/nagios
-	@p='tests/nagios'; \
-	b='tests/nagios'; \
-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -1245,13 +1229,15 @@ distcleancheck: distclean
 	       exit 1; } >&2
 check-am: all-am
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
+check: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) check-am
 all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA)
 installdirs:
-	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(nagiosdir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(systemdsystemunitdir)"; do \
+	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(systemdsystemunitdir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
-install: install-am
+install: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) install-am
 install-exec: install-exec-am
 install-data: install-data-am
 uninstall: uninstall-am
@@ -1287,10 +1273,10 @@ distclean-generic:
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
 clean: clean-am
 
-clean-am: clean-generic clean-libexecPROGRAMS clean-nagiosPROGRAMS \
-	mostlyclean-am
+clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am
 
 distclean: distclean-am
 	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
@@ -1311,14 +1297,14 @@ info: info-am
 
 info-am:
 
-install-data-am: install-man install-nagiosPROGRAMS \
-	install-nodist_systemdsystemunitDATA
+install-data-am: install-man install-nodist_systemdsystemunitDATA
 
 install-dvi: install-dvi-am
 
 install-dvi-am:
 
-install-exec-am: install-dist_libexecSCRIPTS install-libexecPROGRAMS
+install-exec-am: install-dist_binSCRIPTS install-dist_libexecSCRIPTS \
+	install-libexecPROGRAMS
 
 install-html: install-html-am
 
@@ -1359,40 +1345,44 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-dist_libexecSCRIPTS uninstall-libexecPROGRAMS \
-	uninstall-man uninstall-nagiosPROGRAMS \
+uninstall-am: uninstall-dist_binSCRIPTS uninstall-dist_libexecSCRIPTS \
+	uninstall-libexecPROGRAMS uninstall-man \
 	uninstall-nodist_systemdsystemunitDATA
 
 uninstall-man: uninstall-man1 uninstall-man8
 
-.MAKE: check-am install-am install-strip
+.MAKE: all check check-am install install-am install-strip
 
 .PHONY: CTAGS GTAGS TAGS all all-am am--refresh check check-TESTS \
 	check-am clean clean-cscope clean-generic \
-	clean-libexecPROGRAMS clean-nagiosPROGRAMS cscope \
-	cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
-	dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
-	distcheck distclean distclean-compile distclean-generic \
-	distclean-tags distcleancheck distdir distuninstallcheck dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dist_libexecSCRIPTS \
+	clean-libexecPROGRAMS cscope cscopelist-am ctags ctags-am dist \
+	dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
+	dist-xz dist-zip distcheck distclean distclean-compile \
+	distclean-generic distclean-tags distcleancheck distdir \
+	distuninstallcheck dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am \
+	install-dist_binSCRIPTS install-dist_libexecSCRIPTS \
 	install-dvi install-dvi-am install-exec install-exec-am \
 	install-html install-html-am install-info install-info-am \
 	install-libexecPROGRAMS install-man install-man1 install-man8 \
-	install-nagiosPROGRAMS install-nodist_systemdsystemunitDATA \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am \
+	install-nodist_systemdsystemunitDATA install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am recheck tags tags-am \
+	uninstall uninstall-am uninstall-dist_binSCRIPTS \
 	uninstall-dist_libexecSCRIPTS uninstall-libexecPROGRAMS \
 	uninstall-man uninstall-man1 uninstall-man8 \
-	uninstall-nagiosPROGRAMS \
 	uninstall-nodist_systemdsystemunitDATA
 
 .PRECIOUS: Makefile
 
 
+@HAVE_A2X_TRUE@$(top_builddir)/%.roff: %.adoc
+@HAVE_A2X_TRUE@	$(MKDIR_P) $$(dirname $@)
+@HAVE_A2X_TRUE@	$(A2X) -f manpage $^ -D $(top_builddir)/$$(dirname $@)
+@HAVE_A2X_TRUE@	$(INSTALL) -m 644 $(top_builddir)/$(@:.roff=) $(top_builddir)/$@
+
 %: %.in
 	$(AM_V_GEN)mkdir -p "`dirname "$@"`"
 	$(AM_V_GEN)$(SED) \

+ 22 - 22
aclocal.m4

@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.15 -*- Autoconf -*-
+# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
 
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -364,7 +364,7 @@ AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
         [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])])
 ])dnl PKG_HAVE_DEFINE_WITH_MODULES
 
-# Copyright (C) 2002-2014 Free Software Foundation, Inc.
+# Copyright (C) 2002-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -379,7 +379,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
 [am__api_version='1.15'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.15], [],
+m4_if([$1], [1.15.1], [],
       [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])
 
@@ -395,14 +395,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.15])dnl
+[AM_AUTOMAKE_VERSION([1.15.1])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
 
 # AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
 
-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -454,7 +454,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
 
 # AM_CONDITIONAL                                            -*- Autoconf -*-
 
-# Copyright (C) 1997-2014 Free Software Foundation, Inc.
+# Copyright (C) 1997-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -485,7 +485,7 @@ AC_CONFIG_COMMANDS_PRE(
 Usually this means the macro was only invoked conditionally.]])
 fi])])
 
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -676,7 +676,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
 
 # Generate code to set up dependency tracking.              -*- Autoconf -*-
 
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -752,7 +752,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
 
 # Do all the work for Automake.                             -*- Autoconf -*-
 
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -949,7 +949,7 @@ for _am_header in $config_headers :; do
 done
 echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
 
-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -970,7 +970,7 @@ if test x"${install_sh+set}" != xset; then
 fi
 AC_SUBST([install_sh])])
 
-# Copyright (C) 2003-2014 Free Software Foundation, Inc.
+# Copyright (C) 2003-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -991,7 +991,7 @@ AC_SUBST([am__leading_dot])])
 
 # Check to see how 'make' treats includes.	            -*- Autoconf -*-
 
-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1041,7 +1041,7 @@ rm -f confinc confmf
 
 # Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
 
-# Copyright (C) 1997-2014 Free Software Foundation, Inc.
+# Copyright (C) 1997-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1080,7 +1080,7 @@ fi
 
 # Helper functions for option handling.                     -*- Autoconf -*-
 
-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1109,7 +1109,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
 AC_DEFUN([_AM_IF_OPTION],
 [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
 
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1156,7 +1156,7 @@ AC_LANG_POP([C])])
 # For backward compatibility.
 AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
 
-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1175,7 +1175,7 @@ AC_DEFUN([AM_RUN_LOG],
 
 # Check to make sure that the build environment is sane.    -*- Autoconf -*-
 
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1256,7 +1256,7 @@ AC_CONFIG_COMMANDS_PRE(
 rm -f conftest.file
 ])
 
-# Copyright (C) 2009-2014 Free Software Foundation, Inc.
+# Copyright (C) 2009-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1316,7 +1316,7 @@ AC_SUBST([AM_BACKSLASH])dnl
 _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
 ])
 
-# Copyright (C) 2001-2014 Free Software Foundation, Inc.
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1344,7 +1344,7 @@ fi
 INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
 AC_SUBST([INSTALL_STRIP_PROGRAM])])
 
-# Copyright (C) 2006-2014 Free Software Foundation, Inc.
+# Copyright (C) 2006-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1363,7 +1363,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
 
 # Check how to create a tarball.                            -*- Autoconf -*-
 
-# Copyright (C) 2004-2014 Free Software Foundation, Inc.
+# Copyright (C) 2004-2017 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

+ 6 - 5
compile

@@ -1,9 +1,9 @@
-#! /bin/sh
+#!/bin/sh
 # Wrapper for compilers which do not understand '-c -o'.
 
-scriptversion=2012-10-14.11; # UTC
+scriptversion=2016-01-11.22; # UTC
 
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 # Written by Tom Tromey <tromey@cygnus.com>.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -255,7 +255,8 @@ EOF
     echo "compile $scriptversion"
     exit $?
     ;;
-  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
+  icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
     func_cl_wrapper "$@"      # Doesn't return...
     ;;
 esac
@@ -342,6 +343,6 @@ exit $ret
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:

+ 27 - 13
config.guess

@@ -1,8 +1,8 @@
-#! /bin/sh
+#!/bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright 1992-2016 Free Software Foundation, Inc.
+#   Copyright 1992-2017 Free Software Foundation, Inc.
 
-timestamp='2016-10-02'
+timestamp='2017-08-08'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -50,7 +50,7 @@ version="\
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright 1992-2016 Free Software Foundation, Inc.
+Copyright 1992-2017 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -259,6 +259,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     *:Sortix:*:*)
 	echo ${UNAME_MACHINE}-unknown-sortix
 	exit ;;
+    *:Redox:*:*)
+	echo ${UNAME_MACHINE}-unknown-redox
+	exit ;;
     alpha:OSF1:*:*)
 	case $UNAME_RELEASE in
 	*4.0)
@@ -837,10 +840,11 @@ EOF
 	UNAME_PROCESSOR=`/usr/bin/uname -p`
 	case ${UNAME_PROCESSOR} in
 	    amd64)
-		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	    *)
-		echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+		UNAME_PROCESSOR=x86_64 ;;
+	    i386)
+		UNAME_PROCESSOR=i586 ;;
 	esac
+	echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
 	exit ;;
     i*:CYGWIN*:*)
 	echo ${UNAME_MACHINE}-pc-cygwin
@@ -1303,14 +1307,21 @@ EOF
 	if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
 	    if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
 		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
-		    (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
-		    grep IS_64BIT_ARCH >/dev/null
+		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		       grep IS_64BIT_ARCH >/dev/null
 		then
 		    case $UNAME_PROCESSOR in
 			i386) UNAME_PROCESSOR=x86_64 ;;
 			powerpc) UNAME_PROCESSOR=powerpc64 ;;
 		    esac
 		fi
+		# On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
+		if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
+		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		       grep IS_PPC >/dev/null
+		then
+		    UNAME_PROCESSOR=powerpc
+		fi
 	    fi
 	elif test "$UNAME_PROCESSOR" = i386 ; then
 	    # Avoid executing cc on OS X 10.9, as it ships with a stub
@@ -1334,15 +1345,18 @@ EOF
     *:QNX:*:4*)
 	echo i386-pc-qnx
 	exit ;;
-    NEO-?:NONSTOP_KERNEL:*:*)
+    NEO-*:NONSTOP_KERNEL:*:*)
 	echo neo-tandem-nsk${UNAME_RELEASE}
 	exit ;;
     NSE-*:NONSTOP_KERNEL:*:*)
 	echo nse-tandem-nsk${UNAME_RELEASE}
 	exit ;;
-    NSR-?:NONSTOP_KERNEL:*:*)
+    NSR-*:NONSTOP_KERNEL:*:*)
 	echo nsr-tandem-nsk${UNAME_RELEASE}
 	exit ;;
+    NSX-*:NONSTOP_KERNEL:*:*)
+	echo nsx-tandem-nsk${UNAME_RELEASE}
+	exit ;;
     *:NonStop-UX:*:*)
 	echo mips-compaq-nonstopux
 	exit ;;
@@ -1418,8 +1432,8 @@ cat >&2 <<EOF
 $0: unable to guess system type
 
 This script (version $timestamp), has failed to recognize the
-operating system you are using. If your script is old, overwrite
-config.guess and config.sub with the latest versions from:
+operating system you are using. If your script is old, overwrite *all*
+copies of config.guess and config.sub with the latest versions from:
 
   http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 and

+ 21 - 8
config.sub

@@ -1,8 +1,8 @@
-#! /bin/sh
+#!/bin/sh
 # Configuration validation subroutine script.
-#   Copyright 1992-2016 Free Software Foundation, Inc.
+#   Copyright 1992-2017 Free Software Foundation, Inc.
 
-timestamp='2016-09-05'
+timestamp='2017-04-02'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -67,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)
 
-Copyright 1992-2016 Free Software Foundation, Inc.
+Copyright 1992-2017 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -263,7 +263,7 @@ case $basic_machine in
 	| fido | fr30 | frv | ft32 \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| hexagon \
-	| i370 | i860 | i960 | ia64 \
+	| i370 | i860 | i960 | ia16 | ia64 \
 	| ip2k | iq2000 \
 	| k1om \
 	| le32 | le64 \
@@ -301,6 +301,7 @@ case $basic_machine in
 	| open8 | or1k | or1knd | or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle \
+	| pru \
 	| pyramid \
 	| riscv32 | riscv64 \
 	| rl78 | rx \
@@ -314,6 +315,7 @@ case $basic_machine in
 	| ubicom32 \
 	| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
 	| visium \
+	| wasm32 \
 	| we32k \
 	| x86 | xc16x | xstormy16 | xtensa \
 	| z8k | z80)
@@ -387,7 +389,7 @@ case $basic_machine in
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| hexagon-* \
-	| i*86-* | i860-* | i960-* | ia64-* \
+	| i*86-* | i860-* | i960-* | ia16-* | ia64-* \
 	| ip2k-* | iq2000-* \
 	| k1om-* \
 	| le32-* | le64-* \
@@ -428,6 +430,7 @@ case $basic_machine in
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+	| pru-* \
 	| pyramid-* \
 	| riscv32-* | riscv64-* \
 	| rl78-* | romp-* | rs6000-* | rx-* \
@@ -444,6 +447,7 @@ case $basic_machine in
 	| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
 	| vax-* \
 	| visium-* \
+	| wasm32-* \
 	| we32k-* \
 	| x86-* | x86_64-* | xc16x-* | xps100-* \
 	| xstormy16-* | xtensa*-* \
@@ -946,6 +950,9 @@ case $basic_machine in
 	nsr-tandem)
 		basic_machine=nsr-tandem
 		;;
+	nsx-tandem)
+		basic_machine=nsx-tandem
+		;;
 	op50n-* | op60c-*)
 		basic_machine=hppa1.1-oki
 		os=-proelf
@@ -1241,6 +1248,9 @@ case $basic_machine in
 		basic_machine=a29k-wrs
 		os=-vxworks
 		;;
+	wasm32)
+		basic_machine=wasm32-unknown
+		;;
 	w65*)
 		basic_machine=w65-wdc
 		os=-none
@@ -1395,7 +1405,7 @@ case $os in
 	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
 	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
 	      | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
 	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
@@ -1407,7 +1417,7 @@ case $os in
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
 	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
-	      | -onefs* | -tirtos* | -phoenix*)
+	      | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@@ -1636,6 +1646,9 @@ case $basic_machine in
 	sparc-* | *-sun)
 		os=-sunos4.1.1
 		;;
+	pru-*)
+		os=-elf
+		;;
 	*-be)
 		os=-beos
 		;;

+ 74 - 10
configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tang 6.
+# Generated by GNU Autoconf 2.69 for tang 7.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='tang'
 PACKAGE_TARNAME='tang'
-PACKAGE_VERSION='6'
-PACKAGE_STRING='tang 6'
+PACKAGE_VERSION='7'
+PACKAGE_STRING='tang 7'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -586,6 +586,9 @@ ac_subst_vars='am__EXEEXT_FALSE
 am__EXEEXT_TRUE
 LTLIBOBJS
 LIBOBJS
+HAVE_A2X_FALSE
+HAVE_A2X_TRUE
+A2X
 TANG_CFLAGS
 SD_ACTIVATE
 systemdsystemunitdir
@@ -1255,7 +1258,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures tang 6 to adapt to many kinds of systems.
+\`configure' configures tang 7 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1326,7 +1329,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of tang 6:";;
+     short | recursive ) echo "Configuration of tang 7:";;
    esac
   cat <<\_ACEOF
 
@@ -1433,7 +1436,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-tang configure 6
+tang configure 7
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1565,7 +1568,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by tang $as_me 6, which was
+It was created by tang $as_me 7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3697,7 +3700,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='tang'
- VERSION='6'
+ VERSION='7'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -4498,6 +4501,63 @@ TANG_CFLAGS="\
 "
 
 
+for ac_prog in a2x
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_A2X+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$A2X"; then
+  ac_cv_prog_A2X="$A2X" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_A2X="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+A2X=$ac_cv_prog_A2X
+if test -n "$A2X"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $A2X" >&5
+$as_echo "$A2X" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$A2X" && break
+done
+
+
+if test "x$A2X" = "x"; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: asciidoc / a2x not found -- man pages will not be generated and installed" >&5
+$as_echo "$as_me: WARNING: asciidoc / a2x not found -- man pages will not be generated and installed" >&2;}
+fi
+
+ if test -n "$A2X"; then
+  HAVE_A2X_TRUE=
+  HAVE_A2X_FALSE='#'
+else
+  HAVE_A2X_TRUE='#'
+  HAVE_A2X_FALSE=
+fi
+
+
 ac_config_files="$ac_config_files Makefile"
 
 cat >confcache <<\_ACEOF
@@ -4669,6 +4729,10 @@ else
   am__EXEEXT_FALSE=
 fi
 
+if test -z "${HAVE_A2X_TRUE}" && test -z "${HAVE_A2X_FALSE}"; then
+  as_fn_error $? "conditional \"HAVE_A2X\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 
 : "${CONFIG_STATUS=./config.status}"
 ac_write_fail=0
@@ -5066,7 +5130,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tang $as_me 6, which was
+This file was extended by tang $as_me 7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -5123,7 +5187,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-tang config.status 6
+tang config.status 7
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

+ 9 - 1
configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ(2.59)
-AC_INIT(tang, 6)
+AC_INIT(tang, 7)
 AC_CANONICAL_SYSTEM
 AC_PROG_CC_C99
 AC_PROG_SED
@@ -75,5 +75,13 @@ TANG_CFLAGS="\
 "
 AC_SUBST([TANG_CFLAGS])
 
+AC_CHECK_PROGS(A2X, [a2x])
+
+if test "x$A2X" = "x"; then
+   AC_MSG_WARN([asciidoc / a2x not found -- man pages will not be generated and installed])
+fi
+
+AM_CONDITIONAL(HAVE_A2X, [test -n "$A2X"])
+
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT

+ 4 - 4
depcomp

@@ -1,9 +1,9 @@
-#! /bin/sh
+#!/bin/sh
 # depcomp - compile a program generating dependencies as side-effects
 
-scriptversion=2013-05-30.07; # UTC
+scriptversion=2016-01-11.22; # UTC
 
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -786,6 +786,6 @@ exit 0
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:

+ 0 - 70
doc/tang-nagios.1

@@ -1,70 +0,0 @@
-.\" generated with Ronn/v0.7.3
-.\" http://github.com/rtomayko/ronn/tree/0.7.3
-.
-.TH "TANG\-NAGIOS" "1" "June 2017" "" ""
-.
-.SH "NAME"
-\fBtang\-nagios\fR \- A Nagios plugin for Tang
-.
-.SH "SYNOPSIS"
-\fBtang\fR \-u URL
-.
-.SH "OVERVIEW"
-This Nagios plugin for Tang enables Nagios to monitor a Tang server for its basic functionality as well as performance metrics\. The plugin is executed simply by providing the base URL to the Tang service\.
-.
-.P
-The plugin will test the following functionality:
-.
-.IP "1." 4
-Downloading the advertisement\.
-.
-.IP "2." 4
-Verification of advertisement semantics\.
-.
-.IP "3." 4
-Verification of signatures for all advertised signing keys\.
-.
-.IP "4." 4
-Verification of key exchanges for all advertised exchange keys\.
-.
-.IP "" 0
-.
-.P
-If any of these tests fail, an error will be generated\. Upon success, the plugin will output the following performance metrics:
-.
-.IP "\(bu" 4
-\fBadv\fR : Time it took to fetch the advertisement (in μs)\.
-.
-.IP "\(bu" 4
-\fBexc\fR : Average time of all key exchange operations (in μs)\.
-.
-.IP "\(bu" 4
-\fBnkeys\fR : Number of keys in the advertisement\.
-.
-.IP "\(bu" 4
-\fBnsigk\fR : Number of signing keys in the advertisement\.
-.
-.IP "\(bu" 4
-\fBnexck\fR : Number of exchange keys in the advertisement\.
-.
-.IP "" 0
-.
-.SH "EXAMPLES"
-A simple test against a localhost Tang server:
-.
-.IP "" 4
-.
-.nf
-
-$ \./tang \-u http://localhost/
-OK|adv=21430 exc=44587 nkeys=2 nsigk=1 nexck=1
-.
-.fi
-.
-.IP "" 0
-.
-.SH "AUTHOR"
-Nathaniel McCallum <npmccallum@redhat\.com>
-.
-.SH "SEE ALSO"
-\fBtang\fR(8)

+ 33 - 0
doc/tang-show-keys.1.adoc

@@ -0,0 +1,33 @@
+tang-show-keys(1)
+=================
+:doctype: manpage
+
+== NAME
+
+tang-show-keys - Output signing key thumbprints
+
+== SYNOPSIS
+
+*tang-show-keys* [<PORT>]
+
+== DESCRIPTION
+
+It is sometimes necessary to manually verify that a client has
+received the expected Tang advertisement.
+
+The client will usually show the thumbprints of the signing keys in
+the advertisement it got, and this tool will show the thumbprints of
+the signing keys used by the Tang server on localhost.  If these two
+sets of thumbprints agree, the client has the right advertisement and
+it is safe to let the client use it.
+
+<PORT> is the port that the Tang server is listening on on localhost.
+It defaults to 80.
+
+== AUTHOR
+
+Marius Vollmer <marius.vollmer@redhat.com>
+
+== SEE ALSO
+
+link:tang.8.adoc[*tang*(8)]

+ 0 - 137
doc/tang.8

@@ -1,137 +0,0 @@
-.\" generated with Ronn/v0.7.3
-.\" http://github.com/rtomayko/ronn/tree/0.7.3
-.
-.TH "TANG" "8" "June 2017" "" ""
-.
-.SH "NAME"
-\fBtang\fR \- Network\-Based Cryptographic Binding Server
-.
-.SH "OVERVIEW"
-Tang is a service for binding cryptographic keys to network presence\. It offers a secure, stateless, anonymous alternative to key escrow services\.
-.
-.P
-The Tang project arose as a tool to help the automation of decryption\. Existing mechanisms predominantly use key escrow systems where a client encrypts some data with a symmetric key and stores the symmetric key in a remote server for later retrieval\. The desired goal of this setup is that the client can automatically decrypt the data when it is able to contact the escrow server and fetch the key\.
-.
-.P
-However, escrow servers have many additional requirements, including authentication (so that clients can\'t get keys they aren\'t suppossed to have) and transport encryption (so that attackers listening on the network can\'t eavesdrop on the keys in transit)\.
-.
-.P
-Tang avoids this complexity\. Instead of storing a symmetric key remotely, the client performs an asymmetric key exchange with the Tang server\. Since the Tang server doesn\'t store or transport symmetric keys, neither authentication nor encryption are required\. Thus, Tang is completely stateless and zero\-configuration\. Further, clients can be completely anonymous\.
-.
-.P
-Tang does not provide a client\. But it does export a simple REST API and it transfers only standards compliant JSON Object Signing and Encryption (JOSE) objects, allowing you to create your own clients using off the shelf components\. For an off\-the\-shelf automated encryption framework with support for Tang, see the Clevis project\. For the full technical details of the Tang protocol, see the Tang project\'s homepage\.
-.
-.SH "GETTING STARTED"
-Getting a Tang server up and running is simple:
-.
-.IP "" 4
-.
-.nf
-
-$ sudo systemctl enable tangd\.socket \-\-now
-.
-.fi
-.
-.IP "" 0
-.
-.P
-That\'s it\. The server is now running with a fresh set of cryptographic keys and will automatically start on the next reboot\.
-.
-.SH "CONFIGURATION"
-Tang intends to be a minimal network service and therefore does not have any configuration\. To adjust the network settings, you can override the \fBtangd\.socket\fR unit file using the standard systemd mechanisms\. See \fBsystemd\.unit\fR(5) and \fBsystemd\.socket\fR(5) for more information\.
-.
-.SH "KEY ROTATION"
-In order to preserve the security of the system over the long run, you need to periodically rotate your keys\. The precise interval at which you should rotate depends upon your application, key sizes and institutional policy\. For some common recommendations, see: https://www\.keylength\.com\.
-.
-.P
-To rotate keys, first we need to generate new keys in the key database directory\. This is typically \fB/var/db/tang\fR\. For example, you can create new signature and exchange keys with the following commands:
-.
-.IP "" 4
-.
-.nf
-
-# DB=/var/db/tang
-# jose jwk gen \-i \'{"alg":"ES512"}\' \-o $DB/new_sig\.jwk
-# jose jwk gen \-i \'{"alg":"ECMR"}\' \-o $DB/new_exc\.jwk
-.
-.fi
-.
-.IP "" 0
-.
-.P
-Next, rename the old keys to have a leading \fB\.\fR in order to hide them from advertisement:
-.
-.IP "" 4
-.
-.nf
-
-# mv $DB/old_sig\.jwk $DB/\.old_sig\.jwk
-# mv $DB/old_exc\.jwk $DB/\.old_exc\.jwk
-.
-.fi
-.
-.IP "" 0
-.
-.P
-Tang will immediately pick up all changes\. No restart is required\.
-.
-.P
-At this point, new client bindings will pick up the new keys and old clients can continue to utilize the old keys\. Once you are sure that all the old clients have been migrated to use the new keys, you can remove the old keys\. Be aware that removing the old keys while clients are still using them can result in data loss\. You have been warned\.
-.
-.SH "HIGH PERFORMANCE"
-The Tang protocol is extremely fast\. However, in the default setup we use systemd socket activiation to start one process per connection\. This imposes a performance overhead\. For most deployments, this is still probably quick enough, given that Tang is extremely lightweight\. But for larger deployments, greater performance can be achieved\.
-.
-.P
-Our recommendation for achieving higher throughput is to proxy traffic to Tang through your existing web services using a connection pool\. Since there is one process per connection, keeping a number of connections open in this setup will enable effective parallelism since there are no internal locks in Tang\.
-.
-.P
-For Apache, this is possible using the \fBProxyPass\fR directive of the \fBmod_proxy\fR module\.
-.
-.SH "HIGH AVAILABILITY"
-Tang provides two methods for building a high availability deployment\.
-.
-.IP "1." 4
-Client redundency (recommended)
-.
-.IP "2." 4
-Key sharing with DNS round\-robin
-.
-.IP "" 0
-.
-.P
-While it may be tempting to share keys between Tang servers, this method should be avoided\. Sharing keys increases the risk of key compromise and requires additional automation infrastructure\.
-.
-.P
-Instead, clients should be coded with the ability to bind to multiple Tang servers\. In this setup, each Tang server will have its own keys and clients will be able to decrypt by contacting a subset of these servers\.
-.
-.P
-Clevis already supports this workflow through its \fBsss\fR plugin\.
-.
-.P
-However, if you still feel that key sharing is the right deployment strategy, Tang will do nothing to stop you\. Just (securely!) transfer all the contents of the database directory to all your servers\. Make sure you don\'t forget the unadvertised keys! Then set up DNS round\-robin so that clients will be load balanced across your servers\.
-.
-.SH "COMMANDS"
-The Tang server provides no public commands\.
-.
-.SH "AUTHOR"
-Nathaniel McCallum <npmccallum@redhat\.com>
-.
-.SH "SEE ALSO"
-\fBsystemd\.unit\fR(5), \fBsystemd\.socket\fR(5), \fBjose\-jwk\-gen\fR(1)
-.
-.SH "FURTHER READING"
-.
-.IP "\(bu" 4
-Clevis : https://github\.com/latchset/clevis
-.
-.IP "\(bu" 4
-Tang : https://github\.com/latchset/tang
-.
-.IP "\(bu" 4
-JOSE : https://datatracker\.ietf\.org/wg/jose/charter/
-.
-.IP "\(bu" 4
-mod_proxy : https://httpd\.apache\.org/docs/2\.4/mod/mod_proxy\.html
-.
-.IP "" 0
-

+ 143 - 0
doc/tang.8.adoc

@@ -0,0 +1,143 @@
+tang(8)
+=======
+:doctype: manpage
+
+== NAME
+
+tang - Network-Based Cryptographic Binding Server
+
+== OVERVIEW
+
+Tang is a service for binding cryptographic keys to network presence. It
+offers a secure, stateless, anonymous alternative to key escrow services.
+
+The Tang project arose as a tool to help the automation of decryption.
+Existing mechanisms predominantly use key escrow systems where a client
+encrypts some data with a symmetric key and stores the symmetric key in a
+remote server for later retrieval. The desired goal of this setup is that the
+client can automatically decrypt the data when it is able to contact the
+escrow server and fetch the key.
+
+However, escrow servers have many additional requirements, including
+authentication (so that clients can't get keys they aren't suppossed to have)
+and transport encryption (so that attackers listening on the network can't
+eavesdrop on the keys in transit).
+
+Tang avoids this complexity. Instead of storing a symmetric key remotely,
+the client performs an asymmetric key exchange with the Tang server. Since
+the Tang server doesn't store or transport symmetric keys, neither
+authentication nor encryption are required. Thus, Tang is completely stateless
+and zero-configuration. Further, clients can be completely anonymous.
+
+Tang does not provide a client. But it does export a simple REST API and
+it transfers only standards compliant JSON Object Signing and Encryption
+(JOSE) objects, allowing you to create your own clients using off the shelf
+components. For an off-the-shelf automated encryption framework with support
+for Tang, see the Clevis project. For the full technical details of the Tang
+protocol, see the Tang project's homepage.
+
+== GETTING STARTED
+
+Getting a Tang server up and running is simple:
+
+    $ sudo systemctl enable tangd.socket --now
+
+That's it. The server is now running with a fresh set of cryptographic keys
+and will automatically start on the next reboot.
+
+== CONFIGURATION
+
+Tang intends to be a minimal network service and therefore does not have any
+configuration. To adjust the network settings, you can override the
+*tangd.socket* unit file using the standard systemd mechanisms. See
+link:systemd.unit.5.adoc[*systemd.unit*(5)] and link:systemd.socket.5.adoc[*systemd.socket*(5)] for more information.
+
+== KEY ROTATION
+
+In order to preserve the security of the system over the long run, you need to
+periodically rotate your keys. The precise interval at which you should rotate
+depends upon your application, key sizes and institutional policy. For some
+common recommendations, see: https://www.keylength.com.
+
+To rotate keys, first we need to generate new keys in the key database
+directory. This is typically */var/db/tang*. For example, you can create
+new signature and exchange keys with the following commands:
+
+    # DB=/var/db/tang
+    # jose jwk gen -i '{"alg":"ES512"}' -o $DB/new_sig.jwk
+    # jose jwk gen -i '{"alg":"ECMR"}' -o $DB/new_exc.jwk
+
+Next, rename the old keys to have a leading *.* in order to hide them from
+advertisement:
+
+    # mv $DB/old_sig.jwk $DB/.old_sig.jwk
+    # mv $DB/old_exc.jwk $DB/.old_exc.jwk
+
+Tang will immediately pick up all changes. No restart is required.
+
+At this point, new client bindings will pick up the new keys and old clients
+can continue to utilize the old keys. Once you are sure that all the old
+clients have been migrated to use the new keys, you can remove the old keys.
+Be aware that removing the old keys while clients are still using them can
+result in data loss. You have been warned.
+
+== HIGH PERFORMANCE
+
+The Tang protocol is extremely fast. However, in the default setup we
+use systemd socket activiation to start one process per connection. This
+imposes a performance overhead. For most deployments, this is still probably
+quick enough, given that Tang is extremely lightweight. But for larger
+deployments, greater performance can be achieved.
+
+Our recommendation for achieving higher throughput is to proxy traffic to Tang
+through your existing web services using a connection pool. Since there is one
+process per connection, keeping a number of connections open in this setup
+will enable effective parallelism since there are no internal locks in Tang.
+
+For Apache, this is possible using the *ProxyPass* directive of the *mod_proxy*
+module.
+
+== HIGH AVAILABILITY
+
+Tang provides two methods for building a high availability deployment.
+
+1. Client redundency (recommended)
+2. Key sharing with DNS round-robin
+
+While it may be tempting to share keys between Tang servers, this method
+should be avoided. Sharing keys increases the risk of key compromise and
+requires additional automation infrastructure.
+
+Instead, clients should be coded with the ability to bind to multiple Tang
+servers. In this setup, each Tang server will have its own keys and clients
+will be able to decrypt by contacting a subset of these servers.
+
+Clevis already supports this workflow through its *sss* plugin.
+
+However, if you still feel that key sharing is the right deployment strategy,
+Tang will do nothing to stop you. Just (securely!) transfer all the contents
+of the database directory to all your servers. Make sure you don't forget the
+unadvertised keys! Then set up DNS round-robin so that clients will be load
+balanced across your servers.
+
+== COMMANDS
+
+The Tang server provides no public commands.
+
+== AUTHOR
+
+Nathaniel McCallum <npmccallum@redhat.com>
+
+== SEE ALSO
+
+link:systemd.unit.5.adoc[*systemd.unit*(5)],
+link:systemd.socket.5.adoc[*systemd.socket*(5)],
+link:jose-jwk-gen.1.adoc[*jose-jwk-gen*(1)],
+link:tang-show-keys.1.adoc[*tang-show-keys*(1)]
+
+== FURTHER READING
+
+* Clevis    : https://github.com/latchset/clevis
+* Tang      : https://github.com/latchset/tang
+* JOSE      : https://datatracker.ietf.org/wg/jose/charter/
+* mod_proxy : https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

+ 2 - 2
install-sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # install - install a program, script, or datafile
 
-scriptversion=2013-12-25.23; # UTC
+scriptversion=2016-01-11.22; # UTC
 
 # This originates from X11R5 (mit/util/scripts/install.sh), which was
 # later released in X11R6 (xc/config/util/install.sh) with the
@@ -496,6 +496,6 @@ done
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:

+ 4 - 4
missing

@@ -1,9 +1,9 @@
-#! /bin/sh
+#!/bin/sh
 # Common wrapper for a few potentially missing GNU programs.
 
-scriptversion=2013-10-28.13; # UTC
+scriptversion=2016-01-11.22; # UTC
 
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
 # Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
 
 # This program is free software; you can redistribute it and/or modify
@@ -210,6 +210,6 @@ exit $st
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:

+ 0 - 552
src/nagios.c

@@ -1,552 +0,0 @@
-/* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
-/*
- * Copyright (c) 2016 Red Hat, Inc.
- * Author: Nathaniel McCallum <npmccallum@redhat.com>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- * NOTE WELL: This code is completely insecure for real-world workflows!
- *
- * In particular, it has two glaring security problems:
- *
- *   1. Server keys are implicitly trusted.
- *   2. No ephemeral keys are used to protect the recovery phase.
- *
- * However, the goal of this Nagios plugin is to determine if the server is
- * alive and properly handles well-formed requests. So we don't care about
- * security. If you are looking for an example of how to securely use Tang,
- * check out the Clevis project.
- */
-
-#define _GNU_SOURCE
-
-#include <http_parser.h>
-#include <jose/jose.h>
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-#include <errno.h>
-#include <getopt.h>
-#include <limits.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
-#define conn_auto_t conn_t __attribute__((cleanup(conn_cleanup)))
-
-enum {
-    NAGIOS_OK = 0,
-    NAGIOS_WARN = 1,
-    NAGIOS_CRIT = 2,
-    NAGIOS_UNKN = 3
-};
-
-typedef struct {
-    char data[4096];
-    size_t used;
-    int sock;
-} conn_t;
-
-typedef struct {
-    char *data;
-    size_t size;
-} body_t;
-
-typedef struct {
-    char schm[PATH_MAX];
-    char host[PATH_MAX];
-    char srvc[PATH_MAX];
-    char path[PATH_MAX];
-} url_t;
-
-static void
-conn_cleanup(conn_t **conn)
-{
-    if (conn && *conn) {
-        close((*conn)->sock);
-        free(*conn);
-    }
-}
-
-static conn_t *
-conn_open(const char *host, const char *srvc, int family)
-{
-    const struct addrinfo hint = {
-        .ai_socktype = SOCK_STREAM,
-        .ai_family = family,
-    };
-
-    struct addrinfo *ais = NULL;
-    conn_t *conn = NULL;
-    int sock = -1;
-
-    sock = getaddrinfo(host, srvc, &hint, &ais);
-    switch (sock) {
-        case 0: break;
-        case EAI_AGAIN:    errno = -EAGAIN;  return NULL;
-        case EAI_BADFLAGS: errno = -EINVAL;  return NULL;
-        case EAI_FAMILY:   errno = -ENOTSUP; return NULL;
-        case EAI_MEMORY:   errno = -ENOMEM;  return NULL;
-        case EAI_SERVICE:  errno = -EINVAL;  return NULL;
-        default:           errno = -EIO;     return NULL;
-    }
-
-    conn = calloc(1, sizeof(*conn));
-    if (!conn) {
-        freeaddrinfo(ais);
-        return NULL;
-    }
-
-    for (const struct addrinfo *ai = ais; ai; ai = ai->ai_next) {
-        conn->sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-        if (conn->sock < 0)
-            continue;
-
-        if (connect(conn->sock, ai->ai_addr, ai->ai_addrlen) != 0) {
-            close(conn->sock);
-            continue;
-        }
-
-        freeaddrinfo(ais);
-        return conn;
-    }
-
-    freeaddrinfo(ais);
-    free(conn);
-
-    errno = -ENOENT;
-    return NULL;
-}
-
-static int
-conn_send(const conn_t *conn, const char *fmt, ...)
-{
-    va_list ap;
-    int r;
-
-    va_start(ap, fmt);
-    r = vdprintf(conn->sock, fmt, ap);
-    va_end(ap);
-    return r;
-}
-
-static int
-on_body(http_parser *parser, const char *at, size_t length)
-{
-    body_t *body = parser->data;
-    char *tmp = NULL;
-
-    tmp = realloc(body->data, body->size + length + 1);
-    if (!tmp)
-        return -errno;
-
-    memcpy(&tmp[body->size], at, length);
-    body->size += length;
-    body->data = tmp;
-
-    body->data[body->size] = 0;
-    return 0;
-}
-
-static int
-on_message_complete(http_parser *parser)
-{
-    http_parser_pause(parser, true);
-    return 0;
-}
-
-static int
-conn_recv(conn_t *conn, char **body)
-{
-    static const http_parser_settings settings = {
-        .on_body = on_body,
-        .on_message_complete = on_message_complete
-    };
-
-    body_t data = {};
-    http_parser parser = { .data = &data };
-
-    http_parser_init(&parser, HTTP_RESPONSE);
-
-    for (;;) {
-        ssize_t rcvd = 0;
-        size_t prsd = 0;
-
-        rcvd = recv(conn->sock, &conn->data[conn->used],
-                    sizeof(conn->data) - conn->used, 0);
-        if (rcvd < 0) {
-            free(data.data);
-            return -errno;
-        } else if (rcvd == 0) {
-            free(data.data);
-            return -EIO;
-        }
-
-        conn->used += rcvd;
-
-        prsd = http_parser_execute(&parser, &settings, conn->data, conn->used);
-
-        conn->used -= prsd;
-        memmove(conn->data, &conn->data[prsd], conn->used);
-
-        switch (parser.http_errno) {
-        case HPE_OK: /* We need to process more data. */
-            break;
-
-        case HPE_PAUSED: /* We got one request. */
-            *body = data.data;
-            return parser.status_code;
-
-        default: /* An error occurred. */
-            free(data.data);
-            return -EBADMSG;
-        }
-    }
-}
-
-static double
-curtime(void)
-{
-    struct timespec ts = {};
-    double out = 0;
-
-    if (clock_gettime(CLOCK_MONOTONIC_RAW, &ts) == 0) {
-        out = ts.tv_nsec;
-        out /= 1000000000L;
-        out += ts.tv_sec;
-    }
-
-    return out;
-}
-
-static void
-dump_perf(json_t *time)
-{
-    const char *key = NULL;
-    bool first = true;
-    json_t *val = 0;
-
-    json_object_foreach(time, key, val) {
-        int v = 0;
-
-        if (!first)
-            printf(" ");
-        else
-            first = false;
-
-        if (json_is_integer(val))
-            v = json_integer_value(val);
-        else if (json_is_real(val))
-            v = json_real_value(val) * 1000000;
-
-        printf("%s=%d", key, v);
-    }
-}
-
-static int
-parse_url(const char *url, url_t *parts)
-{
-    static const uint16_t mask = (1 << UF_SCHEMA) | (1 << UF_HOST);
-    struct http_parser_url purl = {};
-
-    if (http_parser_parse_url(url, strlen(url), false, &purl) != 0)
-        return -EINVAL;
-
-    if ((purl.field_set & mask) != mask)
-        return -EINVAL;
-
-    if (purl.field_data[UF_SCHEMA].len >= sizeof(parts->schm) ||
-        purl.field_data[UF_HOST].len >= sizeof(parts->host) ||
-        purl.field_data[UF_PORT].len >= sizeof(parts->srvc) ||
-        purl.field_data[UF_PATH].len >= sizeof(parts->path))
-        return -E2BIG;
-
-    strncpy(parts->schm, &url[purl.field_data[UF_SCHEMA].off],
-            purl.field_data[UF_SCHEMA].len);
-
-    strncpy(parts->host, &url[purl.field_data[UF_HOST].off],
-            purl.field_data[UF_HOST].len);
-
-    if (purl.field_set & (1 << UF_PORT)) {
-        strncpy(parts->srvc, &url[purl.field_data[UF_PORT].off],
-                purl.field_data[UF_PORT].len);
-    } else {
-        strcpy(parts->srvc, parts->schm);
-    }
-
-    if (purl.field_set & (1 << UF_PATH)) {
-        strncpy(parts->path, &url[purl.field_data[UF_PATH].off],
-                purl.field_data[UF_PATH].len);
-    }
-
-    return 0;
-}
-
-static json_t *
-validate(const json_t *jws)
-{
-    json_auto_t *jwkset = NULL;
-    json_t *keys = NULL;
-    size_t sigs = 0;
-
-    jwkset = jose_b64_dec_load(json_object_get(jws, "payload"));
-    if (!jwkset)
-        return NULL;
-
-    keys = json_object_get(jwkset, "keys");
-    if (!json_is_array(keys))
-        return NULL;
-
-    for (size_t i = 0; i < json_array_size(keys); i++) {
-        json_t *key = json_array_get(keys, i);
-
-        if (!jose_jwk_prm(NULL, key, true, "verify"))
-            continue;
-
-        if (!jose_jws_ver(NULL, jws, NULL, key, true))
-            return NULL;
-
-        sigs++;
-    }
-
-    if (sigs == 0)
-        return NULL;
-
-    return json_incref(keys);
-}
-
-static bool
-nagios_recover(conn_t *con, const char *host, const char *path,
-               const json_t *jwk, size_t *sig, size_t *rec, json_t *time)
-{
-    json_auto_t *exc = NULL;
-    json_auto_t *rep = NULL;
-    json_auto_t *lcl = NULL;
-    json_auto_t *kid = NULL;
-    char *body = NULL;
-    double s = 0;
-    double e = 0;
-    int r = 0;
-
-    if (jose_jwk_prm(NULL, jwk, true, "verify")) {
-        *sig += 1;
-        return true;
-    }
-
-    if (!jose_jwk_prm(NULL, jwk, true, "deriveKey"))
-        return true;
-
-    kid = jose_jwk_thp(NULL, jwk, "S256");
-    if (!kid)
-        return true;
-
-    lcl = json_pack("{s:O,s:O,s:s,s:[s]}",
-                    "kty", json_object_get(jwk, "kty"),
-                    "crv", json_object_get(jwk, "crv"),
-                    "alg", "ECMR",
-                    "key_ops", "deriveKey");
-    if (!lcl)
-        return false;
-
-    if (!jose_jwk_gen(NULL, lcl))
-        return false;
-
-    exc = jose_jwk_exc(NULL, lcl, jwk);
-    if (!exc)
-        return false;
-
-    if (!jose_jwk_pub(NULL, lcl))
-        return false;
-
-    body = json_dumps(lcl, JSON_SORT_KEYS | JSON_COMPACT);
-    if (!body)
-        return false;
-
-    r = conn_send(con,
-                  "POST %s/rec/%s HTTP/1.1\r\n"
-                  "Content-Type: application/jwk+json\r\n"
-                  "Accept: application/jwk+json\r\n"
-                  "Content-Length: %zu\r\n"
-                  "Host: %s\r\n"
-                  "\r\n%s",
-                  path, json_string_value(kid), strlen(body), host, body);
-    free(body);
-    body = NULL;
-    if (r < 0)
-        return false;
-
-    s = curtime();
-    r = conn_recv(con, &body);
-    e = curtime();
-    if (r != 200) {
-        if (r < 0)
-            printf("Error performing recovery! %s\n", strerror(-r));
-        else
-            printf("Error performing recovery! HTTP Status %d\n", r);
-
-        free(body);
-        return false;
-    }
-
-    rep = json_loads(body, 0, NULL);
-    free(body);
-    if (!rep) {
-        printf("Received invalid JSON in response body!\n");
-        return false;
-    }
-
-    if (s == 0.0 || e == 0.0 ||
-        json_array_append_new(time, json_real(e - s)) < 0) {
-        printf("Error calculating performance metrics!\n");
-        return false;
-    }
-
-    if (!jose_jwk_eql(NULL, exc, rep)) {
-        printf("Recovered key doesn't match!\n");
-        return false;
-    }
-
-    *rec += 1;
-    return true;
-}
-
-static const struct option opts[] = {
-    { "help",   no_argument,      .val = INT_MAX },
-    { "url",   required_argument, .val = 'u' },
-    {}
-};
-
-int
-main(int argc, char *argv[])
-{
-    json_auto_t *perf = NULL;
-    json_auto_t *time = NULL;
-    json_auto_t *keys = NULL;
-    json_auto_t *adv = NULL;
-    conn_auto_t *con = NULL;
-    const char *url = NULL;
-    char *body = NULL;
-    url_t parts = {};
-    size_t sig = 0;
-    size_t exc = 0;
-    double sum = 0;
-    double s = 0;
-    double e = 0;
-    int r = 0;
-
-    perf = json_object();
-    time = json_array();
-    if (!perf || !time)
-        return NAGIOS_CRIT;
-
-    for (int c; (c = getopt_long(argc, argv, "u:", opts, NULL)) >= 0; ) {
-        switch (c) {
-        case 'u': url = optarg; break;
-        default: goto usage;
-        }
-    }
-
-    if (!url)
-        goto usage;
-
-    r = parse_url(url, &parts);
-    if (r < 0)
-        return NAGIOS_CRIT;
-
-    con = conn_open(parts.host, parts.srvc, AF_UNSPEC);
-    if (!con) {
-        printf("Unable to connect to server!\n");
-        return NAGIOS_CRIT;
-    }
-
-    r = conn_send(con,
-                  "GET %s/adv HTTP/1.1\r\n"
-                  "Accept: application/jose+json\r\n"
-                  "Content-Length: 0\r\n"
-                  "Host: %s\r\n"
-                  "\r\n", parts.path, parts.host);
-    if (r < 0)
-        return NAGIOS_CRIT;
-
-    s = curtime();
-    r = conn_recv(con, &body);
-    e = curtime();
-    if (r != 200) {
-        if (r < 0)
-            printf("Error fetching advertisement! %s\n", strerror(-r));
-        else
-            printf("Error fetching advertisement! HTTP Status %d\n", r);
-
-        free(body);
-        return NAGIOS_CRIT;
-    }
-
-    if (s == 0.0 || e == 0.0 ||
-        json_object_set_new(perf, "adv", json_real(e - s)) != 0) {
-        printf("Error calculating performance metrics!\n");
-        free(body);
-        return NAGIOS_CRIT;
-    }
-
-    adv = json_loads(body, 0, NULL);
-    free(body);
-    if (!adv) {
-        printf("Received invalid advertisement!\n");
-        return NAGIOS_CRIT;
-    }
-
-    keys = validate(adv);
-    if (!keys) {
-        printf("Error validating advertisement!\n");
-        return NAGIOS_CRIT;
-    }
-
-    for (size_t i = 0; i < json_array_size(keys); i++) {
-        json_t *jwk = json_array_get(keys, i);
-        if (!nagios_recover(con, parts.host, parts.path, jwk,
-                            &sig, &exc, time))
-            return NAGIOS_CRIT;
-    }
-
-    if (exc == 0) {
-        printf("Advertisement contains no exchange keys!\n");
-        return NAGIOS_CRIT;
-    }
-
-    for (size_t i = 0; i < json_array_size(time); i++)
-        sum += json_real_value(json_array_get(time, i));
-
-    json_object_set_new(perf, "exc", json_real(sum / json_array_size(time)));
-    json_object_set_new(perf, "nkeys", json_integer(json_array_size(keys)));
-    json_object_set_new(perf, "nsigk", json_integer(sig));
-    json_object_set_new(perf, "nexck", json_integer(exc));
-
-    printf("OK|");
-    dump_perf(perf);
-    printf("\n");
-    return NAGIOS_OK;
-
-usage:
-    fprintf(stderr,
-            "Usage: %s -u URL\n"
-            "\n"
-            "            --help       Show this usage message\n"
-            "    -u URL, --url URL    Test the server at this URL\n"
-            "", argv[0]);
-    return NAGIOS_CRIT;
-}

+ 14 - 22
tests/nagios

@@ -1,8 +1,8 @@
-#!/bin/bash -x
+#!/bin/bash
 # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
 #
-# Copyright (c) 2016 Red Hat, Inc.
-# Author: Nathaniel McCallum <npmccallum@redhat.com>
+# Copyright (c) 2018 Red Hat, Inc.
+# Author: Marius Vollmer <marius.vollmer@redhat.com>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,26 +18,18 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-function on_exit() {
-    if [ "$PID" ]; then kill $PID; wait $PID || true; fi
-    [ -d "$TMP" ] && rm -rf $TMP
-}
+set -e
 
-trap 'on_exit' EXIT
-trap 'exit' ERR
+if [ $# -gt 1 ]; then
+    echo "Usage: $0 [<port>]" >&2
+    exit 1
+fi
 
-export TMP=`mktemp -d`
-mkdir -p $TMP/db
-mkdir -p $TMP/cache
+port=${1-80}
 
-# Generate the server keys
-tangd-keygen $TMP/db
-tangd-update $TMP/db $TMP/cache
+adv=$(curl -sSf localhost:$port/adv)
 
-# Start the server
-port=`shuf -i 1024-65536 -n 1`
-$SD_ACTIVATE -l 127.0.0.1:$port -a $VALGRIND tangd $TMP/cache &
-export PID=$!
-sleep 0.5
-
-tang -u http://127.0.0.1:$port
+echo $adv \
+    | jose fmt -j- -g payload -y -o- \
+    | jose jwk use -i- -r -u verify -o- \
+    | jose jwk thp -i-

+ 4 - 4
test-driver

@@ -1,9 +1,9 @@
-#! /bin/sh
+#!/bin/sh
 # test-driver - basic testsuite driver script.
 
-scriptversion=2013-07-13.22; # UTC
+scriptversion=2016-01-11.22; # UTC
 
-# Copyright (C) 2011-2014 Free Software Foundation, Inc.
+# Copyright (C) 2011-2017 Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -143,6 +143,6 @@ echo ":copy-in-global-log: $gcopy" >> $trs_file
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
 # time-stamp-end: "; # UTC"
 # End:

+ 50 - 47
tests/adv

@@ -18,6 +18,14 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+function fetch() {
+    curl -sfg http://127.0.0.1:$PORT$1
+}
+
+function ver() {
+    jose jws ver -i- -k "$1"
+}
+
 function on_exit() {
     if [ "$PID" ]; then kill $PID; wait $PID || true; fi
     [ -d "$TMP" ] && rm -rf $TMP
@@ -35,50 +43,45 @@ jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.sig.jwk
 jose jwk gen -i '{"alg": "ES512"}' -o $TMP/db/.oth.jwk
 tangd-update $TMP/db $TMP/cache
 
-for addr in "127.0.0.1" "[::1]"; do
-  port=`shuf -i 1024-65536 -n 1`
-  $SD_ACTIVATE -l "$addr:$port" -a $VALGRIND tangd $TMP/cache &
-  export PID=$!
-  sleep 0.5
-
-  # Make sure requests on the root fail
-  ! curl -sfg http://$addr:$port/
-
-  # The request should fail (404) for non-signature key IDs
-  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/exc.jwk`
-  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -a S512 -i $TMP/db/exc.jwk`
-
-  # The default advertisement fetch should succeed and pass verification
-  curl -sfg http://$addr:$port/adv
-  curl -sfg http://$addr:$port/adv | jose jws ver -i- -k $TMP/db/sig.jwk
-  curl -sfg http://$addr:$port/adv/ | jose jws ver -i- -k $TMP/db/sig.jwk
-
-  # Fetching by any thumbprint should work
-  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/sig.jwk
-  curl -sfg http://$addr:$port/adv/`jose jwk thp -a S512 -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/sig.jwk
-
-  # Requesting an adv by an advertised key ID should't be signed by hidden keys
-  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/.sig.jwk
-  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/sig.jwk` | jose jws ver -i- -k $TMP/db/.oth.jwk
-
-  # Verify that the default advertisement is not signed with hidden signature keys
-  ! curl -sfg http://$addr:$port/adv/ | jose jws ver -i- -k $TMP/db/.oth.jwk
-  ! curl -sfg http://$addr:$port/adv/ | jose jws ver -i- -k $TMP/db/.sig.jwk
-
-  # A private key advertisement is signed by all advertised keys and the requested private key
-  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` | jose jws ver -i- -k $TMP/db/sig.jwk
-  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` | jose jws ver -i- -k $TMP/db/.sig.jwk
-  ! curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` | jose jws ver -i- -k $TMP/db/.oth.jwk
-
-  # Verify that the advertisements contain the cty parameter
-  curl -sfg http://$addr:$port/adv \
-      | jose fmt -j- -Og protected -SyOg cty -Sq "jwk-set+json" -E
-  curl -sfg http://$addr:$port/adv/`jose jwk thp -i $TMP/db/.sig.jwk` \
-      | jose fmt -j- -Og signatures -A \
-                 -g 0 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU \
-                 -g 1 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU
-
-  kill $PID
-  wait $PID || true
-  unset PID
-done
+export PORT=`shuf -i 1024-65536 -n 1`
+$SD_ACTIVATE -l "127.0.0.1:$PORT" -a $VALGRIND tangd $TMP/cache &
+export PID=$!
+sleep 0.5
+
+# Make sure requests on the root fail
+! fetch /
+
+# The request should fail (404) for non-signature key IDs
+! fetch /adv/`jose jwk thp -i $TMP/db/exc.jwk`
+! fetch /adv/`jose jwk thp -a S512 -i $TMP/db/exc.jwk`
+
+# The default advertisement fetch should succeed and pass verification
+fetch /adv
+fetch /adv | ver $TMP/db/sig.jwk
+fetch /adv/ | ver $TMP/db/sig.jwk
+
+# Fetching by any thumbprint should work
+fetch /adv/`jose jwk thp -i $TMP/db/sig.jwk` | ver $TMP/db/sig.jwk
+fetch /adv/`jose jwk thp -a S512 -i $TMP/db/sig.jwk` | ver $TMP/db/sig.jwk
+
+# Requesting an adv by an advertised key ID should't be signed by hidden keys
+! fetch /adv/`jose jwk thp -i $TMP/db/sig.jwk` | ver $TMP/db/.sig.jwk
+! fetch /adv/`jose jwk thp -i $TMP/db/sig.jwk` | ver $TMP/db/.oth.jwk
+
+# Verify that the default advertisement is not signed with hidden signature keys
+! fetch /adv/ | ver $TMP/db/.oth.jwk
+! fetch /adv/ | ver $TMP/db/.sig.jwk
+
+# A private key advertisement is signed by all advertised keys and the requested private key
+fetch /adv/`jose jwk thp -i $TMP/db/.sig.jwk` | ver $TMP/db/sig.jwk
+fetch /adv/`jose jwk thp -i $TMP/db/.sig.jwk` | ver $TMP/db/.sig.jwk
+! fetch /adv/`jose jwk thp -i $TMP/db/.sig.jwk` | ver $TMP/db/.oth.jwk
+
+# Verify that the advertisements contain the cty parameter
+fetch /adv | jose fmt -j- -Og protected -SyOg cty -Sq "jwk-set+json" -E
+fetch /adv/`jose jwk thp -i $TMP/db/.sig.jwk` \
+    | jose fmt -j- -Og signatures -A \
+               -g 0 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU \
+               -g 1 -Og protected -SyOg cty -Sq "jwk-set+json" -EUUUUU
+
+test $(tang-show-keys $PORT) == $(jose jwk thp -i $TMP/db/sig.jwk)

+ 4 - 1
units/tangd.socket.in

@@ -1,7 +1,10 @@
 [Unit]
 Description=Tang Server socket
-Requires=tangd-update.path
 Requires=tangd-keygen.service
+Requires=tangd-update.service
+Requires=tangd-update.path
+After=tangd-keygen.service
+After=tangd-update.service
 
 [Socket]
 ListenStream=80

+ 0 - 2
units/tangd@.service.in

@@ -1,7 +1,5 @@
 [Unit]
 Description=Tang Server
-Requires=tangd-update.path
-Requires=tangd-keygen.service
 
 [Service]
 StandardInput=socket