[net-misc/oidentd] add fedora patches, selinux dep, eapi6

net-misc/oidentd/Manifest

@@ -0,0 +1 @@
+DIST oidentd-2.0.8.tar.gz 212354 SHA256 a54cbed187281f8d5a301d1d8fd5cb0f30bfb13a5a8e9ab752ace76c1010fb6f SHA512 86229a4ef9892121c25a7140616e180f862ca34b73ea3ad9f0fbb008f657abb17e9f14c2c25ae14c14bfc14bf1ea10b50fd68318631a9c52227bbfd6e6d43288 WHIRLPOOL ac36130273ec6a4fc7f715a9518f99445c3f4af50b03e647846b152800940fd8f83222b78b7a12385a0c722a8d89b6bdbc557812d0b64e3253aa3231f95215cb

net-misc/oidentd/files/oidentd-2.0.7-confd

@@ -0,0 +1,4 @@
+# oidentd start-up options
+USER="nobody"
+GROUP="nobody"
+OPTIONS=""

net-misc/oidentd/files/oidentd-2.0.7-init

@@ -0,0 +1,40 @@
+#!/sbin/openrc-run
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+    need net
+}
+
+check_config() {
+	if [ -z "${USER}" ]
+	then
+		eerror "Please set \$USER in /etc/conf.d/oidentd!"
+		return 1
+	fi
+	if [ -z "${GROUP}" ]
+	then
+		eerror "Please set \$GROUP in /etc/conf.d/oidentd!"
+		return 1
+	fi
+
+	if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then
+		eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0"
+		return 1
+	fi
+}
+
+
+start() {
+	check_config || return 1
+	ebegin "Starting oidentd"
+	OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}"
+	start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping oidentd"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd
+	eend $?
+}

net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch

@@ -0,0 +1,17 @@
+Patch to bind to ipv6 socket as well
+Patch supplied by Fabian Knittel <fabian.knittel@avona.com>
+--- oidentd-2.0.8/src/oidentd_inet_util.c	2006-05-22 02:31:19.000000000 +0200
++++ oidentd-2.0.8/src/oidentd_inet_util.c	2010-03-01 20:26:11.000000000 +0100
+@@ -60,6 +60,12 @@
+ #ifdef WANT_IPV6
+ 		case AF_INET6:
+ 			SIN6(ai->ai_addr)->sin6_port = listen_port;
++
++			if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
++							sizeof(one)) != 0) {
++				debug("setsockopt IPV6_V6ONLY: %s", strerror(errno));
++				return (-1);
++			}
+ 			break;
+ #endif
+ 

net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch

@@ -0,0 +1,25 @@
+Description: Fix a failure to build with gcc5.
+Bug: http://bugs.debian.org/778035
+
+--- a/src/oidentd_util.c	2015-07-03 05:56:24.000000000 -0400
++++ b/src/oidentd_util.c	2015-07-03 05:56:47.671378000 -0400
+@@ -75,7 +75,7 @@
+ ** PRNG functions on systems whose libraries provide them.)
+ */
+ 
+-inline int randval(int i) {
++extern __attribute__ ((gnu_inline)) int randval(int i) {
+ 	/* Per _Numerical Recipes in C_: */
+ 	return ((double) i * rand() / (RAND_MAX+1.0));
+ }
+--- a/src/oidentd_util.h	2015-07-03 05:56:32.000000000 -0400
++++ b/src/oidentd_util.h	2015-07-03 05:56:53.835378000 -0400
+@@ -58,7 +58,7 @@
+ int find_group(const char *temp_group, gid_t *gid);
+ 
+ int random_seed(void);
+-inline int randval(int i);
++extern __attribute__ ((gnu_inline)) int randval(int i);
+ 
+ #ifndef HAVE_SNPRINTF
+ 	int snprintf(char *str, size_t n, char const *fmt, ...);

net-misc/oidentd/files/oidentd-2.0.8-log-conntrack-fails.patch

@@ -0,0 +1,52 @@
+From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 11 Mar 2016 10:00:59 +0100
+Subject: [PATCH] Log Linux core_init failures as normal error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Opening Linux conntracking table file failure for different reason than
+missing the file is fatal for deamon initizalization. But the failure
+was logged inly in debugging build.
+
+This patch makes the fatal error visible in normal log.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1316308
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/kernel/linux.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/kernel/linux.c b/src/kernel/linux.c
+index 8bf265f..9103dbf 100644
+--- a/src/kernel/linux.c
++++ b/src/kernel/linux.c
+@@ -73,21 +73,21 @@ bool core_init(void) {
+ 	masq_fp = fopen(MASQFILE, "r");
+ 	if (masq_fp == NULL) {
+ 		if (errno != ENOENT) {
+-			debug("fopen: %s: %s", MASQFILE, strerror(errno));
++			o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno));
+ 			return false;
+ 		}
+ 
+ 		masq_fp = fopen(CONNTRACK, "r");
+ 		if (masq_fp == NULL) {
+ 			if (errno != ENOENT) {
+-				debug("fopen: %s: %s", CONNTRACK, strerror(errno));
++				o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno));
+ 				return false;
+ 			}
+ 
+ 			masq_fp = fopen(NFCONNTRACK, "r");
+ 			if (masq_fp == NULL) {
+ 				if (errno != ENOENT) {
+-					debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
++					o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno));
+ 					return false;
+ 				}
+ 				masq_fp = fopen("/dev/null", "r");
+-- 
+2.5.0
+

net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch

@@ -0,0 +1,43 @@
+--- oidentd-2.0.8/src/kernel/linux.c	2006-05-22 06:58:53.000000000 +0300
++++ oidentd-2.0.8/src/kernel/linux.c	2007-07-11 21:28:56.000000000 +0300
+@@ -48,6 +48,7 @@
+ #define CFILE6		"/proc/net/tcp6"
+ #define MASQFILE	"/proc/net/ip_masquerade"
+ #define CONNTRACK	"/proc/net/ip_conntrack"
++#define NFCONNTRACK	"/proc/net/nf_conntrack"
+ 
+ static int netlink_sock;
+ extern struct sockaddr_storage proxy;
+@@ -82,7 +83,15 @@
+ 				debug("fopen: %s: %s", CONNTRACK, strerror(errno));
+ 				return false;
+ 			}
+-			masq_fp = fopen("/dev/null", "r");
++
++			masq_fp = fopen(NFCONNTRACK, "r");
++			if (masq_fp == NULL) {
++				if (errno != ENOENT) {
++					debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
++					return false;
++				}
++				masq_fp = fopen("/dev/null", "r");
++			}
+ 		}
+ 
+ 		netfilter = true;
+@@ -367,6 +376,15 @@
+ 				&nport_temp, &mport_temp);
+ 			}
+ 
++			if (ret != 21) {
++				ret = sscanf(buf,
++					"%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d",
++				proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
++				&masq_lport_temp, &masq_fport_temp,
++				&nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4,
++				&nport_temp, &mport_temp);
++			}
++
+ 			if (ret != 21)
+ 				continue;
+ 

net-misc/oidentd/files/oidentd-2.0.8-no-conntrack-masquerading.patch

@@ -0,0 +1,41 @@
+From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 11 Mar 2016 10:38:10 +0100
+Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not
+ enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The contracking table was always opened. This is unnecessary because
+the table is used only when masquerading feature is requested on run
+time.
+
+This patch skips opening the conntracking table on Linux if
+masquerading is not requested.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1316308
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/kernel/linux.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/kernel/linux.c b/src/kernel/linux.c
+index 9103dbf..859f554 100644
+--- a/src/kernel/linux.c
++++ b/src/kernel/linux.c
+@@ -70,6 +70,11 @@ bool netfilter;
+ */
+ bool core_init(void) {
+ #ifdef MASQ_SUPPORT
++	if (!opt_enabled(MASQ)) {
++	    masq_fp = NULL;
++	    return true;
++	}
++
+ 	masq_fp = fopen(MASQFILE, "r");
+ 	if (masq_fp == NULL) {
+ 		if (errno != ENOENT) {
+-- 
+2.5.0
+

net-misc/oidentd/files/oidentd.conf

@@ -0,0 +1,22 @@
+# Configuration for oidentd
+# see oidentd.conf(5)
+# 
+default {
+	default {
+		deny spoof
+		deny spoof_all
+		deny spoof_privport
+		allow random
+		allow random_numeric
+		allow numeric
+		deny hide
+	}
+}
+
+# you may want to hide root connections
+#user "root" {
+#	default {
+#		force reply "UNKNOWN"
+#	}
+#}
+

net-misc/oidentd/files/oidentd.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=TCP/IP IDENT protocol server
+
+[Service]
+ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

net-misc/oidentd/files/oidentd.socket

@@ -0,0 +1,10 @@
+[Unit]
+Description=Ident (RFC 1413) socket
+Conflicts=oidentd.service
+
+[Socket]
+ListenStream=113
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

net-misc/oidentd/files/oidentd_at.service

@@ -0,0 +1,7 @@
+[Unit]
+Description=Ident (RFC 1413) per-connection server
+
+[Service]
+ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket

net-misc/oidentd/files/oidentd_masq.conf

@@ -0,0 +1,10 @@
+# oident masquarded connections configuration
+
+# use this file if your host is masquarading connections for several
+# hosts and you want to return a reply based on the hostname of
+# the originating machine
+# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want
+# to forward ident requests to the real host
+
+# add hosts in the following format, see oidentd_masq.conf(5) for details:
+# <ip or host>[/mask] <username> <os>

net-misc/oidentd/metadata.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <use>
+    <flag name="masquerade">Enable support for masqueraded/NAT connections</flag>
+  </use>
+  <upstream>
+    <remote-id type="sourceforge">ojnk</remote-id>
+  </upstream>
+</pkgmetadata>

net-misc/oidentd/oidentd-2.0.8-r5.ebuild

@@ -0,0 +1,53 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit eutils systemd
+
+DESCRIPTION="Another (RFC1413 compliant) ident daemon"
+HOMEPAGE="http://ojnk.sourceforge.net/"
+SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ~s390 ~sh sparc x86 ~x86-fbsd"
+IUSE="debug ipv6 masquerade"
+
+PATCHES=(
+	"${FILESDIR}/${P}-masquerading.patch"
+	"${FILESDIR}/${P}-bind-to-ipv6-too.patch"
+	"${FILESDIR}/${P}-gcc5.patch"
+)
+
+src_prepare() {
+	epatch -p1 "${PATCHES[@]}"
+}
+
+src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable ipv6) \
+		$(use_enable masquerade masq) \
+		$(use_enable masquerade nat)
+}
+
+src_install() {
+	default
+
+	dodoc AUTHORS ChangeLog README TODO NEWS \
+		"${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf
+
+	newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN}
+	newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service
+	systemd_dounit "${FILESDIR}"/${PN}.socket
+	systemd_dounit "${FILESDIR}"/${PN}.service
+}
+
+pkg_postinst() {
+	echo
+	elog "Example configuration files are in /usr/share/doc/${PF}"
+	echo
+}

net-misc/oidentd/oidentd-2.0.8-r6.ebuild

@@ -0,0 +1,55 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd
+
+DESCRIPTION="Another (RFC1413 compliant) ident daemon"
+HOMEPAGE="http://ojnk.sourceforge.net/"
+SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="debug ipv6 masquerade selinux"
+
+DEPEND=""
+
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-oident )"
+
+DOCS=( AUTHORS ChangeLog README TODO NEWS "${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf )
+
+PATCHES=(
+	"${FILESDIR}/${P}-masquerading.patch"
+	"${FILESDIR}/${P}-bind-to-ipv6-too.patch"
+	"${FILESDIR}/${P}-gcc5.patch"
+	"${FILESDIR}/${P}-log-conntrack-fails.patch"
+	"${FILESDIR}/${P}-no-conntrack-masquerading.patch"
+)
+
+src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable ipv6) \
+		$(use_enable masquerade masq) \
+		$(use_enable masquerade nat)
+}
+
+src_install() {
+	default
+
+	newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN}
+	newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN}
+
+	systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service
+	systemd_dounit "${FILESDIR}"/${PN}.socket
+	systemd_dounit "${FILESDIR}"/${PN}.service
+}
+
+pkg_postinst() {
+	echo
+	elog "Example configuration files are in /usr/share/doc/${PF}"
+	echo
+}