[Nut-upsdev] NSS support in trunk (was: NSS branch pull request)

Arnaud Quette aquette.dev at gmail.com
Fri Oct 12 22:55:27 UTC 2012

2012/10/12 Emilien Kia <kiae.dev at gmail.com>

> Hi guys,

Hi Emilien and the list,

This is a pull request to finally merge NSS feature in nut trunk:
> https://github.com/clepple/nut/pull/3

I'd like to take a moment to shed some more light on this important
development, which lasted 3 years:

- the initial request<http://lists.alioth.debian.org/pipermail/nut-upsdev/2009-September/004023.html>to
support Mozilla NSS (Network Security Services) was made by Michal
Hlavinka (from Redhat) in September 2009.
at that time, Redhat was pushing an effort to consolidate cryptographic
services <http://fedoraproject.org/wiki/FedoraCryptoConsolidation> in
The same was true on the side of Suse / Novell (Stanislav Brabec).

- as a Debian developer, I was very interested in the topic:
for legal reasons, NUT can't be linked with OpenSSL without exiting from
the 'main' Debian repository.
since NSS is distributed under 3 licenses, including GPL, it will fix the
missing crypto in Debian (and derivatives) NUT packages!

- as a NUT dev, I made a preliminary audit a few months later: Alioth Task
support using Mozilla NSS).
but lacking time on my side, another person was needed to work on it.

- this happened through the Eaton sponsorship, half a year later:
Emilien, a very knowledgeable and skilled in IT security and software
development (perfect profile for this task), started to work on the topic.

- actual development happened over 2 months (dec. 2010-jan. 2011), executed
perfectly as planned.
it successfully passed tests, and only received very few adjustments later.

- some merge preparations were attempted over the past year. but the actual
merge never happened, for various reasons.

- Emilien devoted a lot of energy and personal time, over the past week, to
get the merge approval.
so thanks a lot, and kudos Emilien! you did it ;)

- thus my review was easier and quicker. it resulted in my approval, with a
tiny (but not minor) adjustment.
namely, libupsclient version information was not bumped (my fault!).
however, some improvements are already planned and will be tracked soon on

- Frédéric Bohé (from Eaton) also deserve his bunch of thanks, for having
executed the NSS tests... several times over the past couple of years. so
thanks a lot Fred. Wookiee power!

- the final thanks goes to Charles Lepple, who counter approved the github
pull request, and handled the final merge to the official development tree,
a few hours ago:

> http://trac.networkupstools.org/projects/nut/changeset/3751
> Add Network Security Services (NSS) support
> Author: Emilien Kia <kiae.dev at gmail.com>
> Based on SVN: branches/ssl-nss-port
> Closes pull request #3: https://github.com/clepple/nut/pull/3
> Additional commits by Arnaud Quette and Arjen de Korte.

- the compilation is successful on our
except on Aix (not available, offline) and Windows (not applicable).

- Emilien and I will work on completing the QA regression test script for
for the time being, all the (few) current tests pass on the new trunk:

> test_CVE_2012_2944 (__main__.BasicTest)
> Test CVE-2012-2944 ... ok
> test_daemons_pid (__main__.BasicTest)
> Test daemons using PID files ... ok
> test_daemons_service (__main__.BasicTest)
> Test daemons using "service status" ... ok
> test_upsc_device_list (__main__.BasicTest)
> Test NUT client interface (upsc): device(s) listing ... ok
> test_upsd_IPv4 (__main__.BasicTest)
> Test upsd IPv4 reachability ... ok
> test_upsd_IPv6 (__main__.BasicTest)
> Test upsd IPv6 reachability ... ok
> test_upsmon_notif (__main__.BasicTest)
> Test upsmon notifications ... ok
> test_upsmon_shutdown (__main__.BasicTest)
> Test upsmon basic shutdown (single UPS, low battery status) ... ok
> test_upsrw (__main__.BasicTest)
> Test upsrw ... ok

> The DVT have been successfully passed by Fred Bohe (Eaton).

for those interested in, this tests validation report is available

the current plan is still to release NSS support with 2.8.0.
I will discuss, in a separate thread on -upsusers, the progress status of
the 2.8.0.

in the meantime, a
available for testing.
you will need to have NSS development files, to use "configure --with-nss".
refer to docs/security.txt, § "NSS backend usage" for configuration
I will post a blog entry with more details.

it's sometime a long road to reach the target.
thanks again to Emilien, Fred and Charles.
and to Eaton for this sponsorship.

Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org
Debian Developer - http://www.debian.org
Free Software Developer - http://arnaud.quette.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/nut-upsdev/attachments/20121013/1d078aa7/attachment.html>

More information about the Nut-upsdev mailing list