remctl 3.13 #5776
remctl 3.13 #5776
Conversation
From: Russ Allbery <[email protected]> To: [email protected] Subject: remctl 3.13 released Date: Mon, 10 Oct 2016 20:20:37 -0700 I'm pleased to announce release 3.13 of remctl. remctl is a client/server application that supports remote execution of specific commands, using Kerberos GSS-API for authentication. Authorization is controlled by a configuration file and ACL files and can be set separately for each command, unlike with rsh. remctl is like a Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh and sudo without most of the features and complexity of either. Changes from previous release: remctl-shell now also supports being run as a forced command from authorized_keys (or other methods). This may be preferrable to using it as a shell since it doesn't require setting non-standard sshd options. The summary configuration option is now allowed for commands with subcommands other than ALL. When generating a help summary (done in response to the command "help" with no arguments), command lines with a subcommand and a summary option will be run with two arguments: the value of the summary option and then the subcommand. This allows proper generation of command summaries even for users who only have access to a few subcommands of a command. Patch from Remi Ferrand. The build system now supports new REMCTL_PROGRAM_CFLAGS and REMCTL_PROGRAM_LDFLAGS variables that can be set at build time to pass in additional arguments when compiling and linking programs (like remctl and remctld) but not libraries and, more importantly, language bindings. This can be used in distribution builds to pass in -fPIE for additional binary hardening. (CFLAGS and LDFLAGS cannot be used since -fPIE breaks the builds of the dynamic modules for langauges like Perl.) Update to rra-c-util 6.1: * Correct return-value checks for snprintf. * Adjust Test::RRA::Config for new load path behavior in Perl 5.22.2. You can download it from: <http://www.eyrie.org/~eagle/software/remctl/> This package is maintained using Git; see the instructions on the above page to access the Git repository. Debian packages have been uploaded to Debian unstable. Please let me know of any problems or feature requests not already listed in the TODO file. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos Signed-off-by: Eugene Lee <[email protected]>
|
Additionally - as I understand it, this updated Formula will prompt @BrewTestBot to build a bottle for Sierra, and thereby resolve remctl's status on issue #5488. Something that I am unsure about, however, regarding bottles, is that remctl can and is built with both Heimdal and MIT Kerberos - I've found Heimdal broken in certain aspects especially with OpenSSH and do not trust it's use, and have opted to install the krb5 dupe and use that almost exclusively. Will BrewTestBot then only build bottles using Heimdal Kerberos and not provide packages using MIT's krb5? @ericmlujan, you may want to take a peek as this as well, since you handled the krb5 dupe Formula earlier this month. |
|
@BrewTestBot test this please |
| sha256 "b509ae099d9f39a5c9beecec9397ca5edd55e632bc4a94f5e896fb27016f2621" => :el_capitan | ||
| sha256 "766b3a13fdc77e8a98fb1989fb549f068475b80d675ab1341d993b9294d66010" => :yosemite | ||
| sha256 "5035361df688340431fbce01ea01d9ae0e5945a46d4ae4e0f0d059037fb8ed5f" => :mavericks | ||
| end |
There was a problem hiding this comment.
Leave the bottle do block as-is; we'll update it when we pull. Thanks!
There was a problem hiding this comment.
Sorry about that, placed back in!
Signed-off-by: Eugene Lee <[email protected]>
|
Thanks again for your contribution to Homebrew! Without people like you submitting PRs we couldn't run this project. You rock! |
|
@MikeMcQuaid - glad to help in any way I can! (commit may have been bungled somehow, by the way) |
|
@leee Sorry, missed the credit there somehow when squashing! |
|
Heh, sorry for the rebase! |
brew install <formula>(where<formula>is the name of the formula you're submitting)?brew audit --new-formula <formula>(after doingbrew install <formula>)?From: Russ Allbery [email protected]
To: [email protected]
Subject: remctl 3.13 released
Date: Mon, 10 Oct 2016 20:20:37 -0700
I'm pleased to announce release 3.13 of remctl.
remctl is a client/server application that supports remote execution of
specific commands, using Kerberos GSS-API for authentication.
Authorization is controlled by a configuration file and ACL files and can
be set separately for each command, unlike with rsh. remctl is like a
Kerberos-authenticated simple CGI server, or a combination of Kerberos rsh
and sudo without most of the features and complexity of either.
Changes from previous release:
You can download it from:
This package is maintained using Git; see the instructions on the above
page to access the Git repository.
Debian packages have been uploaded to Debian unstable.
Please let me know of any problems or feature requests not already listed
in the TODO file.
Russ Allbery ([email protected]) http://www.eyrie.org/~eagle/
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
Signed-off-by: Eugene Lee [email protected]
This pull request follows the announcement of remctl 3.13 by Russ Allbery on the MIT Kerberos mailing list and its' package upload to Debian unstable.
This also resolves issue #5092 although we are skipping straight from 3.10 to 3.13.
I'm not sure where the
ENV.appendcame from, butremctl 3.13builds and works just fine for both Heimdal Kerberos (provided as is in OS X) and with MIT Kerberos, available via homebrew/dupes/krb5, without it.