[Nut-upsdev] NSS support in trunk (was: NSS branch pull request)

Michal Hlavinka mhlavink at redhat.com
Thu Oct 18 12:43:43 UTC 2012 

That's great! Big thanks to everyone who participated here

On 10/13/2012 12:55 AM, Arnaud Quette wrote:
>
> 2012/10/12 Emilien Kia <kiae.dev at gmail.com <mailto:kiae.dev at gmail.com>>
>
>     Hi guys,
>
>
> Hi Emilien and the list,
>
>     This is a pull request to finally merge NSS feature in nut trunk:
>     https://github.com/clepple/nut/pull/3
>
>
> I'd like to take a moment to shed some more light on this important
> development, which lasted 3 years:
>
> - the initial request
> <http://lists.alioth.debian.org/pipermail/nut-upsdev/2009-September/004023.html>
> to support Mozilla NSS (Network Security Services) was made by Michal
> Hlavinka (from Redhat) in September 2009.
> at that time, Redhat was pushing an effort to consolidate cryptographic
> services <http://fedoraproject.org/wiki/FedoraCryptoConsolidation> in
> Fedora.
> The same was true on the side of Suse / Novell (Stanislav Brabec).
>
> - as a Debian developer, I was very interested in the topic:
> for legal reasons, NUT can't be linked with OpenSSL without exiting from
> the 'main' Debian repository.
> since NSS is distributed under 3 licenses, including GPL, it will fix
> the missing crypto in Debian (and derivatives) NUT packages!
>
> - as a NUT dev, I made a preliminary audit a few months later: Alioth
> Task #456
> <https://alioth.debian.org/pm/task.php?func=detailtask&project_task_id=456&group_id=30602&group_project_id=315>
> (SSL support using Mozilla NSS).
> but lacking time on my side, another person was needed to work on it.
>
> - this happened through the Eaton sponsorship, half a year later:
> Emilien, a very knowledgeable and skilled in IT security and software
> development (perfect profile for this task), started to work on the topic.
>
> - actual development happened over 2 months (dec. 2010-jan. 2011),
> executed perfectly as planned.
> it successfully passed tests, and only received very few adjustments later.
>
> - some merge preparations were attempted over the past year. but the
> actual merge never happened, for various reasons.
>
> - Emilien devoted a lot of energy and personal time, over the past week,
> to get the merge approval.
> so thanks a lot, and kudos Emilien! you did it ;)
>
> - thus my review was easier and quicker. it resulted in my approval,
> with a tiny (but not minor) adjustment.
> namely, libupsclient version information was not bumped (my fault!).
> however, some improvements are already planned and will be tracked soon
> on Alioth.
>
> - Frédéric Bohé (from Eaton) also deserve his bunch of thanks, for
> having executed the NSS tests... several times over the past couple of
> years. so thanks a lot Fred. Wookiee power!
>
> - the final thanks goes to Charles Lepple, who counter approved the
> github pull request, and handled the final merge to the official
> development tree, a few hours ago:
>
>  > http://trac.networkupstools.org/projects/nut/changeset/3751
>  >
>  > Add Network Security Services (NSS) support
>  >
>  > Author: Emilien Kia <kiae.dev at gmail.com <mailto:kiae.dev at gmail.com>>
>  >
>  > Based on SVN: branches/ssl-nss-port
>  >
>  > Closes pull request #3: https://github.com/clepple/nut/pull/3
>  >
>  > Additional commits by Arnaud Quette and Arjen de Korte.
>
> - the compilation is successful on our Buildbots
> <http://buildbot.networkupstools.org/public/nut/builders>, except on Aix
> (not available, offline) and Windows (not applicable).
>
> - Emilien and I will work on completing the QA regression test script
> for NUT
> <http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/view/head:/scripts/test-nut.py>
> for NSS.
> for the time being, all the (few) current tests pass on the new trunk:
>
>  > test_CVE_2012_2944 (__main__.BasicTest)
>  > Test CVE-2012-2944 ... ok
>  > test_daemons_pid (__main__.BasicTest)
>  > Test daemons using PID files ... ok
>  > test_daemons_service (__main__.BasicTest)
>  > Test daemons using "service status" ... ok
>  > test_upsc_device_list (__main__.BasicTest)
>  > Test NUT client interface (upsc): device(s) listing ... ok
>  > test_upsd_IPv4 (__main__.BasicTest)
>  > Test upsd IPv4 reachability ... ok
>  > test_upsd_IPv6 (__main__.BasicTest)
>  > Test upsd IPv6 reachability ... ok
>  > test_upsmon_notif (__main__.BasicTest)
>  > Test upsmon notifications ... ok
>  > test_upsmon_shutdown (__main__.BasicTest)
>  > Test upsmon basic shutdown (single UPS, low battery status) ... ok
>  > test_upsrw (__main__.BasicTest)
>  > Test upsrw ... ok
>
>     ...
>     The DVT have been successfully passed by Fred Bohe (Eaton).
>
>
> for those interested in, this tests validation report is available here
> <http://www.networkupstools.org/tmp/NUT-NSS_Mini_DVT_exec10Oct2012-FBohe.pdf>.
>
> the current plan is still to release NSS support with 2.8.0.
> I will discuss, in a separate thread on -upsusers, the progress status
> of the 2.8.0.
>
> in the meantime, a snapshot
> <http://www.networkupstools.org/source/2.8/nut-trunk-r3751.tar.gz> is
> available for testing.
> you will need to have NSS development files, to use "configure --with-nss".
> refer to docs/security.txt, § "NSS backend usage" for configuration
> instructions.
> I will post a blog entry with more details.
>
> it's sometime a long road to reach the target.
> thanks again to Emilien, Fred and Charles.
> and to Eaton for this sponsorship.
>
> cheers,
> Arnaud
> --
> Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org
> Debian Developer - http://www.debian.org
> Free Software Developer - http://arnaud.quette.fr
>

More information about the Nut-upsdev mailing list