[115009] trunk/dports/security/certsync
landonf at macports.org
landonf at macports.org
Sat Dec 21 16:40:05 PST 2013
Revision: 115009
https://trac.macports.org/changeset/115009
Author: landonf at macports.org
Date: 2013-12-21 16:40:04 -0800 (Sat, 21 Dec 2013)
Log Message:
-----------
Add support for Mac OS X 10.4.
Modified Paths:
--------------
trunk/dports/security/certsync/Portfile
trunk/dports/security/certsync/files/certsync.m
Added Paths:
-----------
trunk/dports/security/certsync/files/compat.h
Removed Paths:
-------------
trunk/dports/security/certsync/files/certsync-tiger.m
Modified: trunk/dports/security/certsync/Portfile
===================================================================
--- trunk/dports/security/certsync/Portfile 2013-12-21 22:16:52 UTC (rev 115008)
+++ trunk/dports/security/certsync/Portfile 2013-12-22 00:40:04 UTC (rev 115009)
@@ -4,7 +4,7 @@
name certsync
version 1.0.6
-revision 1
+revision 2
categories security
conflicts curl-ca-bundle
maintainers landonf openmaintainer
@@ -21,7 +21,7 @@
extract.mkdir yes
post-extract {
- xinstall -m 644 -W ${filespath} certsync.m certsync.plist update-ca-certificates ${worksrcpath}
+ xinstall -m 644 -W ${filespath} certsync.m compat.h certsync.plist update-ca-certificates ${worksrcpath}
}
post-patch {
@@ -43,7 +43,7 @@
build {
system -W ${worksrcpath} "${configure.objc} \
${configure.objcflags} \
- -mmacosx-version-min=10.5 \
+ -mmacosx-version-min=10.4 \
-Wall \
certsync.m -o certsync \
${configure.ldflags} \
Deleted: trunk/dports/security/certsync/files/certsync-tiger.m
===================================================================
--- trunk/dports/security/certsync/files/certsync-tiger.m 2013-12-21 22:16:52 UTC (rev 115008)
+++ trunk/dports/security/certsync/files/certsync-tiger.m 2013-12-22 00:40:04 UTC (rev 115009)
@@ -1,308 +0,0 @@
-/*
- * Author: Landon Fuller <landonf at plausiblelabs.com>
- * Copyright (c) 2008-2013 Plausible Labs Cooperative, Inc.
- * All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use,
- * copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following
- * conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- * OTHER DEALINGS IN THE SOFTWARE.
- */
-
-#import <Foundation/Foundation.h>
-#import <Security/Security.h>
-#import <AvailabilityMacros.h>
-
-#import <unistd.h>
-#import <stdio.h>
-
-/* A wrapper class that may be used to pass configuration through the
- * FSEvent callback API */
- at interface MPCertSyncConfig : NSObject {
- at public
- BOOL userAnchors;
- NSString *outputFile;
-}
- at end
-
- at implementation MPCertSyncConfig
-- (void) dealloc {
- [outputFile release];
- [super dealloc];
-}
- at end
-
-/**
- * Add CoreFoundation object to the current autorelease pool.
- *
- * @param cfObj Object to add to the current autorelease pool.
- */
-CFTypeRef PLCFAutorelease (CFTypeRef cfObj) {
- return [(id)cfObj autorelease];
-}
-
-int nsvfprintf (FILE *stream, NSString *format, va_list args) {
- int retval;
-
- NSString *str;
- str = (NSString *) CFStringCreateWithFormatAndArguments(NULL, NULL, (CFStringRef) format, args);
- retval = fprintf(stream, "%s", [str UTF8String]);
- [str release];
-
- return retval;
-}
-
-int nsfprintf (FILE *stream, NSString *format, ...) {
- va_list ap;
- int retval;
-
- va_start(ap, format);
- {
- retval = nsvfprintf(stream, format, ap);
- }
- va_end(ap);
-
- return retval;
-}
-
-int nsprintf (NSString *format, ...) {
- va_list ap;
- int retval;
-
- va_start(ap, format);
- {
- retval = nsvfprintf(stderr, format, ap);
- }
- va_end(ap);
-
- return retval;
-}
-
-/**
- * Fetch all trusted roots.
- *
- * @param outError On error, will contain an NSError instance describing the failure.
- *
- * @return Returns a (possibly empty) array of certificates on success, nil on failure.
- */
-static NSArray *certificatesForTrustDomain (NSError **outError) {
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
- CFArrayRef certs = nil;
- OSStatus err;
-
- /* Fetch all certificates in the given domain */
- err = SecTrustCopyAnchorCertificates(&certs);
- if (err == noErr) {
- PLCFAutorelease(certs);
- } else if (err == errSecTrustNotAvailable) {
- /* No data */
- [pool release];
- return [NSArray array];
- } else if (err != noErr) {
- /* Lookup failed */
- if (outError != NULL)
- *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
-
- [pool release];
- [*outError autorelease];
- return nil;
- }
-
- /* Extract trusted roots */
- NSMutableArray *results = [NSMutableArray arrayWithCapacity: CFArrayGetCount(certs)];
- NSEnumerator *resultEnumerator = [(NSArray *)certs objectEnumerator];
- id certObj;
- while ((certObj = [resultEnumerator nextObject]) != nil) {
- [results addObject: certObj];
- }
-
- [results retain];
- [pool release];
- return [results autorelease];
-}
-
-BOOL compare_oids (const CSSM_OID *oid1, const CSSM_OID *oid2) {
- if (oid1 == NULL || oid2 == NULL)
- return NO;
-
- if (oid1->Length != oid2->Length)
- return NO;
-
- if (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0)
- return YES;
-
- return NO;
-}
-
-static int exportCertificates (NSString *outputFile) {
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-
- /* Fetch all certificates */
- NSArray *anchors;
- NSError *error;
- OSStatus err;
-
- anchors = certificatesForTrustDomain(&error);
- if (anchors == nil) {
- nsfprintf(stderr, @"Failed to fetch system anchors: %@\n", error);
- [pool release];
- return EXIT_FAILURE;
- }
-
- /*
- * Perform export
- */
- CFDataRef pemData;
-
- /* Prefer the non-deprecated SecItemExport on Mac OS X >= 10.7. We use an ifdef to keep the code buildable with earlier SDKs, too. */
- nsfprintf(stderr, @"Exporting certificates from the keychain\n");
- err = SecKeychainItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
- PLCFAutorelease(pemData);
-
- if (err != noErr) {
- nsfprintf(stderr, @"Failed to export certificates: %@\n", [NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil]);
- [pool release];
- return EXIT_FAILURE;
- }
-
- nsfprintf(stderr, @"Writing exported certificates\n");
- if (outputFile == nil) {
- NSString *str = [[[NSString alloc] initWithData: (NSData *) pemData encoding:NSUTF8StringEncoding] autorelease];
- nsfprintf(stdout, @"%@", str);
- } else {
- if (![(NSData *) pemData writeToFile: outputFile options: NSAtomicWrite error: &error]) {
- nsfprintf(stderr, @"Failed to write to pem output file: %@\n", error);
- [pool release];
- return EXIT_FAILURE;
- }
- }
-
- [pool release];
- return EXIT_SUCCESS;
-}
-
-static void usage (const char *progname) {
- fprintf(stderr, "Usage: %s [-u] [-o <output file>]\n", progname);
- fprintf(stderr, "\t-s\t\t\tDo not exit; observe the system keychain(s) for changes and update the output file accordingly.");
- fprintf(stderr, "\t-o <output file>\tWrite the PEM certificates to the target file, rather than stdout\n");
-}
-
-#if 0
-static void certsync_keychain_cb (ConstFSEventStreamRef streamRef, void *clientCallBackInfo, size_t numEvents, void *eventPaths, const FSEventStreamEventFlags eventFlags[], const FSEventStreamEventId eventIds[])
-{
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-
- MPCertSyncConfig *config = (MPCertSyncConfig *) clientCallBackInfo;
-
- int ret;
- if ((ret = exportCertificates(config->userAnchors, config->outputFile)) != EXIT_SUCCESS)
- exit(ret);
-
- [pool release];
-}
-#endif
-
-int main (int argc, char * const argv[]) {
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-
- /* Parse the command line arguments */
- BOOL runServer = NO;
- NSString *outputFile = nil;
-
- int ch;
- while ((ch = getopt(argc, argv, "hsuo:")) != -1) {
- switch (ch) {
- case 's':
- runServer = YES;
- break;
-
- case 'o':
- outputFile = [NSString stringWithUTF8String: optarg];
- break;
-
- case 'h':
- usage(argv[0]);
- exit(EXIT_SUCCESS);
-
- default:
- usage(argv[0]);
- exit(EXIT_FAILURE);
- }
- }
- argc -= optind;
- argv += optind;
-
- /* Perform single-shot export */
- if (!runServer)
- return exportCertificates(outputFile);
-
-#if 0
- /* Formulate the list of directories to observe; We use FSEvents rather than SecKeychainAddCallback(), as during testing the keychain
- * API never actually fired a callback for the target keychains. */
- FSEventStreamRef eventStream;
- {
- NSAutoreleasePool *streamPool = [[NSAutoreleasePool alloc] init];
-
- NSSearchPathDomainMask searchPathDomains = NSLocalDomainMask|NSSystemDomainMask;
- if (userAnchors)
- searchPathDomains |= NSUserDomainMask;
-
- NSArray *libraryDirectories = NSSearchPathForDirectoriesInDomains(NSAllLibrariesDirectory, searchPathDomains, YES);
- NSMutableArray *keychainDirectories = [NSMutableArray arrayWithCapacity: [libraryDirectories count]];
- for (NSString *dir in libraryDirectories) {
- [keychainDirectories addObject: [dir stringByAppendingPathComponent: @"Keychains"]];
- [keychainDirectories addObject: [dir stringByAppendingPathComponent: @"Security/Trust Settings"]];
- }
-
- /* Configure the listener */
- MPCertSyncConfig *config = [[[MPCertSyncConfig alloc] init] autorelease];
- config->userAnchors = userAnchors;
- config->outputFile = [outputFile retain];
-
- FSEventStreamContext ctx = {
- .version = 0,
- .info = config,
- .retain = CFRetain,
- .release = CFRelease,
- .copyDescription = CFCopyDescription
- };
- eventStream = FSEventStreamCreate(NULL, certsync_keychain_cb, &ctx, (CFArrayRef)keychainDirectories, kFSEventStreamEventIdSinceNow, 0.0, kFSEventStreamCreateFlagUseCFTypes);
- FSEventStreamScheduleWithRunLoop(eventStream, CFRunLoopGetCurrent(), kCFRunLoopCommonModes);
- FSEventStreamStart(eventStream);
-
- [streamPool release];
- }
-
- /* Perform an initial one-shot export, and then run forever */
- {
- NSAutoreleasePool *shotPool = [[NSAutoreleasePool alloc] init];
- int ret;
- if ((ret = exportCertificates(userAnchors, outputFile)) != EXIT_SUCCESS)
- return EXIT_FAILURE;
- [shotPool release];
- }
-
- CFRunLoopRun();
- FSEventStreamRelease(eventStream);
-#endif
- [pool release];
-
- return EXIT_SUCCESS;
-}
-
Modified: trunk/dports/security/certsync/files/certsync.m
===================================================================
--- trunk/dports/security/certsync/files/certsync.m 2013-12-21 22:16:52 UTC (rev 115008)
+++ trunk/dports/security/certsync/files/certsync.m 2013-12-22 00:40:04 UTC (rev 115009)
@@ -26,31 +26,13 @@
*/
#import <Foundation/Foundation.h>
-#import <AvailabilityMacros.h>
+#import <Security/Security.h>
#import <unistd.h>
#import <stdio.h>
-#import <objc/message.h>
+#import "compat.h"
-/* Allow building with SDKs < 10.6 */
-#ifndef MAC_OS_X_VERSION_10_6
-#define MAC_OS_X_VERSION_10_6 1060
-#endif /* !MAC_OS_X_VERSION_10_6 */
-
-/* Allow building with SDKs < 10.5 */
-#ifndef MAC_OS_X_VERSION_10_5
-#define MAC_OS_X_VERSION_10_5 1050
-#endif /* !MAC_OS_X_VERSION_10_5 */
-
-#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5
-/* errSecSuccess was not defined until 10.6 */
-#define errSecSuccess noErr
-
-/* NSDataWritingAtomic was not defined until 10.6 */
-#define NSDataWritingAtomic NSAtomicWrite
-#endif
-
/* A wrapper class that may be used to pass configuration through the
* FSEvent callback API */
@interface MPCertSyncConfig : NSObject {
@@ -123,68 +105,99 @@
*/
static NSArray *certificatesForTrustDomain (SecTrustSettingsDomain domain, NSError **outError) {
NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+ NSArray *trusted = nil;
CFArrayRef certs = nil;
OSStatus err;
- /* Fetch all certificates in the given domain */
- err = SecTrustSettingsCopyCertificates(domain, &certs);
- if (err == errSecSuccess) {
- PLCFAutorelease(certs);
- } else if (err == errSecNoTrustSettings ) {
- /* No data */
+ /* Mac OS X >= 10.5 provides SecTrustSettingsCopyCertificates() */
+ if (SecTrustSettingsCopyCertificates != NULL) {
+ /* Fetch all certificates in the given domain */
+ err = SecTrustSettingsCopyCertificates(domain, &certs);
+ if (err == errSecSuccess) {
+ PLCFAutorelease(certs);
+ } else if (err == errSecNoTrustSettings ) {
+ /* No data */
- [pool release];
- return [NSArray array];
- } else if (err != errSecSuccess) {
- /* Lookup failed */
- if (outError != NULL)
- *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
+ [pool release];
+ return [NSArray array];
+ } else if (err != errSecSuccess) {
+ /* Lookup failed */
+ if (outError != NULL)
+ *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
- [pool release];
- [*outError autorelease];
- return nil;
- }
+ [pool release];
+ [*outError autorelease];
+ return nil;
+ }
- /* Extract trusted roots */
- NSMutableArray *results = [NSMutableArray arrayWithCapacity: CFArrayGetCount(certs)];
- for (id certObj in (NSArray *) certs) {
- SecCertificateRef cert = (SecCertificateRef) certObj;
+ /* Extract trusted roots */
+ NSMutableArray *results = [NSMutableArray arrayWithCapacity: CFArrayGetCount(certs)];
+ trusted = results;
- /* Fetch the trust settings */
- CFArrayRef trustSettings = nil;
- err = SecTrustSettingsCopyTrustSettings(cert, domain, &trustSettings);
- if (err != errSecSuccess) {
- /* Shouldn't happen */
- nsfprintf(stderr, @"Failed to fetch trust settings\n");
- continue;
- } else {
- PLCFAutorelease(trustSettings);
- }
+ NSEnumerator *resultEnumerator = [(NSArray *)certs objectEnumerator];
+ id certObj;
+ while ((certObj = [resultEnumerator nextObject]) != nil) {
+ SecCertificateRef cert = (SecCertificateRef) certObj;
- /* If empty, trust for everything (as per the Security Framework documentation) */
- if (CFArrayGetCount(trustSettings) == 0) {
- [results addObject: certObj];
- } else {
- /* Otherwise, walk the properties and evaluate the trust settings result */
- for (NSDictionary *trustProps in (NSArray *) trustSettings) {
- CFNumberRef settingsResultNum;
- SInt32 settingsResult;
+ /* Fetch the trust settings */
+ CFArrayRef trustSettings = nil;
+ err = SecTrustSettingsCopyTrustSettings(cert, domain, &trustSettings);
+ if (err != errSecSuccess) {
+ /* Shouldn't happen */
+ nsfprintf(stderr, @"Failed to fetch trust settings\n");
+ continue;
+ } else {
+ PLCFAutorelease(trustSettings);
+ }
+
+ /* If empty, trust for everything (as per the Security Framework documentation) */
+ if (CFArrayGetCount(trustSettings) == 0) {
+ [results addObject: certObj];
+ } else {
+ /* Otherwise, walk the properties and evaluate the trust settings result */
+ NSEnumerator *trustEnumerator = [(NSArray *)trustSettings objectEnumerator];
+ NSDictionary *trustProps;
+ while ((trustProps = [trustEnumerator nextObject]) != nil) {
+ CFNumberRef settingsResultNum;
+ SInt32 settingsResult;
- settingsResultNum = (CFNumberRef) [trustProps objectForKey: (id) kSecTrustSettingsResult];
- CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
+ settingsResultNum = (CFNumberRef) [trustProps objectForKey: (id) kSecTrustSettingsResult];
+ CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
- /* If a root, add to the result set */
- if (settingsResult == kSecTrustSettingsResultTrustRoot || settingsResult == kSecTrustSettingsResultTrustAsRoot) {
- [results addObject: certObj];
- break;
+ /* If a root, add to the result set */
+ if (settingsResult == kSecTrustSettingsResultTrustRoot || settingsResult == kSecTrustSettingsResultTrustAsRoot) {
+ [results addObject: certObj];
+ break;
+ }
}
}
}
+ } else {
+ /* Fetch all certificates in the given domain */
+ err = SecTrustCopyAnchorCertificates(&certs);
+ if (err == noErr) {
+ PLCFAutorelease(certs);
+ } else if (err == errSecTrustNotAvailable) {
+ /* No data */
+ [pool release];
+ return [NSArray array];
+ } else if (err != noErr) {
+ /* Lookup failed */
+ if (outError != NULL)
+ *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
+
+ [pool release];
+ [*outError autorelease];
+ return nil;
+ }
+
+ /* All certs are trusted */
+ trusted = (NSArray *) certs;
}
-
- [results retain];
+
+ [trusted retain];
[pool release];
- return [results autorelease];
+ return [trusted autorelease];
}
static int exportCertificates (BOOL userAnchors, NSString *outputFile) {
@@ -231,34 +244,39 @@
return EXIT_FAILURE;
}
- for (id certObj in result) {
- CFErrorRef cferror = NULL;
- CFStringRef subject;
+ NSEnumerator *resultEnumerator = [result objectEnumerator];
+ id certObj;
+ while ((certObj = [resultEnumerator nextObject]) != nil) {
+ NSError *subjectError = NULL;
+ CFStringRef subject = NULL;
+ BOOL subjectUnsupported = NO;
-#if MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6
- if (SecCertificateCopyShortDescription != NULL) {
- subject = PLCFAutorelease(SecCertificateCopyShortDescription(NULL, (SecCertificateRef) certObj, &cferror));
- } else {
+ if (SecCertificateCopyShortDescription != NULL /* 10.7 */) {
+ subject = PLCFAutorelease(SecCertificateCopyShortDescription(NULL, (SecCertificateRef) certObj, (CFErrorRef *) &subjectError));
+
+ } else if (SecCertificateCopySubjectSummary != NULL /* 10.6 */) {
subject = PLCFAutorelease(SecCertificateCopySubjectSummary((SecCertificateRef) certObj));
+
+ } else if (SecCertificateCopyCommonName != NULL /* 10.5 */) {
+ if ((err = SecCertificateCopyCommonName((SecCertificateRef) certObj, &subject)) == errSecSuccess && subject != NULL) {
+ PLCFAutorelease(subject);
+ } else {
+ /* In the case that the CN is simply unavailable, provide a more useful error code */
+ if (err == errSecSuccess)
+ err = errSecNoSuchAttr;
+
+ NSDictionary *userInfo = [NSDictionary dictionaryWithObjectsAndKeys: @"SecCertificateCopyCommonName() failed", NSLocalizedDescriptionKey, nil];
+ subjectError = [NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo: userInfo];
+ subject = NULL;
+ }
+ } else /* <= 10.4 */ {
+ subjectUnsupported = YES;
}
-#elif MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_6
- subject = PLCFAutorelease(SecCertificateCopySubjectSummary((SecCertificateRef) certObj));
-#elif MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5
- if ((err = SecCertificateCopyCommonName((SecCertificateRef) certObj, &subject)) == errSecSuccess && subject != NULL) {
- PLCFAutorelease(subject);
- } else {
- /* In the case that the CN is simply unavailable, provide a more useful error code */
- if (err == errSecSuccess)
- err = errSecNoSuchAttr;
-
- NSDictionary *userInfo = [NSDictionary dictionaryWithObjectsAndKeys: @"SecCertificateCopyCommonName() failed", NSLocalizedDescriptionKey, nil];
- cferror = (CFErrorRef) [NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo: userInfo];
- subject = NULL;
- }
-#endif
if (subject == NULL) {
- nsfprintf(stderr, @"Failed to extract certificate description: %@\n", cferror);
+ /* Don't print an error if fetching the subject is unsupported on the platform (eg, <= 10.4) */
+ if (!subjectUnsupported)
+ nsfprintf(stderr, @"Failed to extract certificate description: %@\n", subjectError);
} else {
nsfprintf(stderr, @"Found %@\n", subject);
}
@@ -271,15 +289,11 @@
/* Prefer the non-deprecated SecItemExport on Mac OS X >= 10.7. We use an ifdef to keep the code buildable with earlier SDKs, too. */
nsfprintf(stderr, @"Exporting certificates from the keychain\n");
-#if MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6
if (SecItemExport != NULL) {
err = SecItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
} else {
err = SecKeychainItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
}
-#else
- err = SecKeychainItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
-#endif
PLCFAutorelease(pemData);
if (err != errSecSuccess) {
Added: trunk/dports/security/certsync/files/compat.h
===================================================================
--- trunk/dports/security/certsync/files/compat.h (rev 0)
+++ trunk/dports/security/certsync/files/compat.h 2013-12-22 00:40:04 UTC (rev 115009)
@@ -0,0 +1,105 @@
+#import <AvailabilityMacros.h>
+
+/*
+ * We provide forward-compatibility defines for build environments
+ * back to 10.4.
+ */
+
+/* Define version constants for use on earlier systems */
+#ifndef MAC_OS_X_VERSION_10_6
+# define MAC_OS_X_VERSION_10_6 1060
+#endif /* !MAC_OS_X_VERSION_10_6 */
+
+#ifndef MAC_OS_X_VERSION_10_5
+# define MAC_OS_X_VERSION_10_5 1050
+#endif /* !MAC_OS_X_VERSION_10_5 */
+
+/*
+ * Weak Linking Note:
+ *
+ * Correctly linking against weak symbols relies on actually having
+ * the symbol available at link time, such that dyld can create its two-level
+ * weak reference.
+ *
+ * Since we have to support building on earlier systems where the symbols
+ * are not available at all, we #define the functions to NULL (with appropriate
+ * function typedefs), allowing the standard approach of checking for
+ * symbol != NULL to succeed.
+ */
+
+/* Allow building with SDKs <= 10.4 */
+#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_4
+ /* SecTrustSettings constants were not available until 10.5 */
+ enum {
+ kSecTrustSettingsDomainUser = 0,
+ kSecTrustSettingsDomainAdmin,
+ kSecTrustSettingsDomainSystem
+ };
+ typedef uint32_t SecTrustSettingsDomain;
+
+ enum {
+ kSecTrustSettingsResultInvalid = 0,
+ kSecTrustSettingsResultTrustRoot,
+ kSecTrustSettingsResultTrustAsRoot,
+ kSecTrustSettingsResultDeny,
+ kSecTrustSettingsResultUnspecified
+ };
+ typedef uint32_t SecTrustSettingsResult;
+ #define kSecTrustSettingsResult CFSTR("kSecTrustSettingsResult")
+
+ /* SecCertificateCopyCommonName() was added in 10.5 */
+ extern OSStatus SecCertificateCopyCommonName (SecCertificateRef certificate, CFStringRef *commonName) __attribute__((weak_import));
+ #define SecCertificateCopyCommonName ((OSStatus(*)(SecCertificateRef, CFStringRef *)) NULL) /* We can't safely weak-link what we don't have */
+
+ /* SecTrustSettingsCopyCertificates() was added in 10.5 */
+ extern OSStatus SecTrustSettingsCopyCertificates (SecTrustSettingsDomain domain, CFArrayRef *certArray) __attribute__((weak_import));
+ #define SecTrustSettingsCopyCertificates ((OSStatus(*)(SecTrustSettingsDomain, CFArrayRef *)) NULL) /* We can't safely weak-link what we don't have */
+
+ /* CFError was added in 10.5 */
+ typedef CFTypeRef CFErrorRef;
+
+ /* errSecNoTrustSettings was added in 10.5 */
+ #define errSecNoTrustSettings -25263
+#endif
+
+/* Allow building with SDKs <= 10.5 */
+#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5
+ /* errSecSuccess was not defined until 10.6 */
+ #define errSecSuccess noErr
+
+ /* NSDataWritingAtomic was not defined until 10.6, but it has an identical
+ * value as the now-deprecated NSDataWritingAtomic */
+ #define NSDataWritingAtomic NSAtomicWrite
+
+ /* SecCertificateCopySubjectSummary() was added in 10.6 */
+ extern CFStringRef SecCertificateCopySubjectSummary (SecCertificateRef certificate) __attribute__((weak_import));
+ #define SecCertificateCopySubjectSummary ((CFStringRef(*)(SecCertificateRef)) NULL) /* We can't safely weak-link what we don't have */
+#endif
+
+/* Allow building with SDKs <= 10.6 */
+#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_6
+ /* SecCertificateCopyShortDescription() was added in 10.7 */
+ extern CFStringRef SecCertificateCopyShortDescription (CFAllocatorRef alloc, SecCertificateRef certificate, CFErrorRef *error) __attribute__((weak_import));
+ #define SecCertificateCopyShortDescription ((CFStringRef(*)(CFAllocatorRef, SecCertificateRef, CFErrorRef *)) NULL) /* We can't safely weak-link what we don't have */
+
+ /* SecItemExport() was added in 10.7 */
+ typedef struct {
+ uint32_t version;
+ SecKeyImportExportFlags flags;
+ CFTypeRef passphrase;
+ CFStringRef alertTitle;
+ CFStringRef alertPrompt;
+ SecAccessRef accessRef;
+ CFArrayRef keyUsage;
+ CFArrayRef keyAttributes;
+ } SecItemImportExportKeyParameters;
+
+ extern OSStatus SecItemExport (
+ CFTypeRef secItemOrArray,
+ SecExternalFormat outputFormat,
+ SecItemImportExportFlags flags,
+ const SecItemImportExportKeyParameters *keyParams,
+ CFDataRef *exportedData
+ ) __attribute__((weak_import));
+ #define SecItemExport ((OSStatus(*)(CFTypeRef, SecExternalFormat, SecItemImportExportFlags, const SecItemImportExportKeyParameters *, CFDataRef *)) NULL) /* We can't safely weak-link what we don't have */
+#endif
\ No newline at end of file
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20131221/86b0eb7c/attachment-0001.html>
More information about the macports-changes
mailing list