2012/10/12 Emilien Kia <[email protected]> > Hi guys, >
Hi Emilien and the list, This is a pull request to finally merge NSS feature in nut trunk: > https://github.com/clepple/nut/pull/3 > I'd like to take a moment to shed some more light on this important development, which lasted 3 years: - the initial request<http://lists.alioth.debian.org/pipermail/nut-upsdev/2009-September/004023.html>to support Mozilla NSS (Network Security Services) was made by Michal Hlavinka (from Redhat) in September 2009. at that time, Redhat was pushing an effort to consolidate cryptographic services <http://fedoraproject.org/wiki/FedoraCryptoConsolidation> in Fedora. The same was true on the side of Suse / Novell (Stanislav Brabec). - as a Debian developer, I was very interested in the topic: for legal reasons, NUT can't be linked with OpenSSL without exiting from the 'main' Debian repository. since NSS is distributed under 3 licenses, including GPL, it will fix the missing crypto in Debian (and derivatives) NUT packages! - as a NUT dev, I made a preliminary audit a few months later: Alioth Task #456<https://alioth.debian.org/pm/task.php?func=detailtask&project_task_id=456&group_id=30602&group_project_id=315>(SSL support using Mozilla NSS). but lacking time on my side, another person was needed to work on it. - this happened through the Eaton sponsorship, half a year later: Emilien, a very knowledgeable and skilled in IT security and software development (perfect profile for this task), started to work on the topic. - actual development happened over 2 months (dec. 2010-jan. 2011), executed perfectly as planned. it successfully passed tests, and only received very few adjustments later. - some merge preparations were attempted over the past year. but the actual merge never happened, for various reasons. - Emilien devoted a lot of energy and personal time, over the past week, to get the merge approval. so thanks a lot, and kudos Emilien! you did it ;) - thus my review was easier and quicker. it resulted in my approval, with a tiny (but not minor) adjustment. namely, libupsclient version information was not bumped (my fault!). however, some improvements are already planned and will be tracked soon on Alioth. - Frédéric Bohé (from Eaton) also deserve his bunch of thanks, for having executed the NSS tests... several times over the past couple of years. so thanks a lot Fred. Wookiee power! - the final thanks goes to Charles Lepple, who counter approved the github pull request, and handled the final merge to the official development tree, a few hours ago: > http://trac.networkupstools.org/projects/nut/changeset/3751 > > Add Network Security Services (NSS) support > > Author: Emilien Kia <[email protected]> > > Based on SVN: branches/ssl-nss-port > > Closes pull request #3: https://github.com/clepple/nut/pull/3 > > Additional commits by Arnaud Quette and Arjen de Korte. - the compilation is successful on our Buildbots<http://buildbot.networkupstools.org/public/nut/builders>, except on Aix (not available, offline) and Windows (not applicable). - Emilien and I will work on completing the QA regression test script for NUT<http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/view/head:/scripts/test-nut.py>for NSS. for the time being, all the (few) current tests pass on the new trunk: > test_CVE_2012_2944 (__main__.BasicTest) > Test CVE-2012-2944 ... ok > test_daemons_pid (__main__.BasicTest) > Test daemons using PID files ... ok > test_daemons_service (__main__.BasicTest) > Test daemons using "service status" ... ok > test_upsc_device_list (__main__.BasicTest) > Test NUT client interface (upsc): device(s) listing ... ok > test_upsd_IPv4 (__main__.BasicTest) > Test upsd IPv4 reachability ... ok > test_upsd_IPv6 (__main__.BasicTest) > Test upsd IPv6 reachability ... ok > test_upsmon_notif (__main__.BasicTest) > Test upsmon notifications ... ok > test_upsmon_shutdown (__main__.BasicTest) > Test upsmon basic shutdown (single UPS, low battery status) ... ok > test_upsrw (__main__.BasicTest) > Test upsrw ... ok ... > The DVT have been successfully passed by Fred Bohe (Eaton). > for those interested in, this tests validation report is available here<http://www.networkupstools.org/tmp/NUT-NSS_Mini_DVT_exec10Oct2012-FBohe.pdf> . the current plan is still to release NSS support with 2.8.0. I will discuss, in a separate thread on -upsusers, the progress status of the 2.8.0. in the meantime, a snapshot<http://www.networkupstools.org/source/2.8/nut-trunk-r3751.tar.gz>is available for testing. you will need to have NSS development files, to use "configure --with-nss". refer to docs/security.txt, § "NSS backend usage" for configuration instructions. I will post a blog entry with more details. it's sometime a long road to reach the target. thanks again to Emilien, Fred and Charles. and to Eaton for this sponsorship. cheers, Arnaud -- Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org Debian Developer - http://www.debian.org Free Software Developer - http://arnaud.quette.fr
_______________________________________________ Nut-upsdev mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsdev
