[net-misc/oidentd] add fedora patches, selinux dep, eapi6
This commit is contained in:
parent
62226e213b
commit
8216e363b9
net-misc/oidentd
Manifest
files
oidentd-2.0.7-confdoidentd-2.0.7-initoidentd-2.0.8-bind-to-ipv6-too.patchoidentd-2.0.8-gcc5.patchoidentd-2.0.8-log-conntrack-fails.patchoidentd-2.0.8-masquerading.patchoidentd-2.0.8-no-conntrack-masquerading.patchoidentd.confoidentd.serviceoidentd.socketoidentd_at.serviceoidentd_masq.conf
metadata.xmloidentd-2.0.8-r5.ebuildoidentd-2.0.8-r6.ebuild
1
net-misc/oidentd/Manifest
Normal file
1
net-misc/oidentd/Manifest
Normal file
@ -0,0 +1 @@
|
||||
DIST oidentd-2.0.8.tar.gz 212354 SHA256 a54cbed187281f8d5a301d1d8fd5cb0f30bfb13a5a8e9ab752ace76c1010fb6f SHA512 86229a4ef9892121c25a7140616e180f862ca34b73ea3ad9f0fbb008f657abb17e9f14c2c25ae14c14bfc14bf1ea10b50fd68318631a9c52227bbfd6e6d43288 WHIRLPOOL ac36130273ec6a4fc7f715a9518f99445c3f4af50b03e647846b152800940fd8f83222b78b7a12385a0c722a8d89b6bdbc557812d0b64e3253aa3231f95215cb
|
4
net-misc/oidentd/files/oidentd-2.0.7-confd
Normal file
4
net-misc/oidentd/files/oidentd-2.0.7-confd
Normal file
@ -0,0 +1,4 @@
|
||||
# oidentd start-up options
|
||||
USER="nobody"
|
||||
GROUP="nobody"
|
||||
OPTIONS=""
|
40
net-misc/oidentd/files/oidentd-2.0.7-init
Normal file
40
net-misc/oidentd/files/oidentd-2.0.7-init
Normal file
@ -0,0 +1,40 @@
|
||||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2004 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
depend() {
|
||||
need net
|
||||
}
|
||||
|
||||
check_config() {
|
||||
if [ -z "${USER}" ]
|
||||
then
|
||||
eerror "Please set \$USER in /etc/conf.d/oidentd!"
|
||||
return 1
|
||||
fi
|
||||
if [ -z "${GROUP}" ]
|
||||
then
|
||||
eerror "Please set \$GROUP in /etc/conf.d/oidentd!"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then
|
||||
eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
start() {
|
||||
check_config || return 1
|
||||
ebegin "Starting oidentd"
|
||||
OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}"
|
||||
start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
ebegin "Stopping oidentd"
|
||||
start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd
|
||||
eend $?
|
||||
}
|
17
net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
Normal file
17
net-misc/oidentd/files/oidentd-2.0.8-bind-to-ipv6-too.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Patch to bind to ipv6 socket as well
|
||||
Patch supplied by Fabian Knittel <fabian.knittel@avona.com>
|
||||
--- oidentd-2.0.8/src/oidentd_inet_util.c 2006-05-22 02:31:19.000000000 +0200
|
||||
+++ oidentd-2.0.8/src/oidentd_inet_util.c 2010-03-01 20:26:11.000000000 +0100
|
||||
@@ -60,6 +60,12 @@
|
||||
#ifdef WANT_IPV6
|
||||
case AF_INET6:
|
||||
SIN6(ai->ai_addr)->sin6_port = listen_port;
|
||||
+
|
||||
+ if (setsockopt(listenfd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
|
||||
+ sizeof(one)) != 0) {
|
||||
+ debug("setsockopt IPV6_V6ONLY: %s", strerror(errno));
|
||||
+ return (-1);
|
||||
+ }
|
||||
break;
|
||||
#endif
|
||||
|
25
net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
Normal file
25
net-misc/oidentd/files/oidentd-2.0.8-gcc5.patch
Normal file
@ -0,0 +1,25 @@
|
||||
Description: Fix a failure to build with gcc5.
|
||||
Bug: http://bugs.debian.org/778035
|
||||
|
||||
--- a/src/oidentd_util.c 2015-07-03 05:56:24.000000000 -0400
|
||||
+++ b/src/oidentd_util.c 2015-07-03 05:56:47.671378000 -0400
|
||||
@@ -75,7 +75,7 @@
|
||||
** PRNG functions on systems whose libraries provide them.)
|
||||
*/
|
||||
|
||||
-inline int randval(int i) {
|
||||
+extern __attribute__ ((gnu_inline)) int randval(int i) {
|
||||
/* Per _Numerical Recipes in C_: */
|
||||
return ((double) i * rand() / (RAND_MAX+1.0));
|
||||
}
|
||||
--- a/src/oidentd_util.h 2015-07-03 05:56:32.000000000 -0400
|
||||
+++ b/src/oidentd_util.h 2015-07-03 05:56:53.835378000 -0400
|
||||
@@ -58,7 +58,7 @@
|
||||
int find_group(const char *temp_group, gid_t *gid);
|
||||
|
||||
int random_seed(void);
|
||||
-inline int randval(int i);
|
||||
+extern __attribute__ ((gnu_inline)) int randval(int i);
|
||||
|
||||
#ifndef HAVE_SNPRINTF
|
||||
int snprintf(char *str, size_t n, char const *fmt, ...);
|
@ -0,0 +1,52 @@
|
||||
From 612f1d85dd59fc39b124392df38586769ebc8add Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
||||
Date: Fri, 11 Mar 2016 10:00:59 +0100
|
||||
Subject: [PATCH] Log Linux core_init failures as normal error
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Opening Linux conntracking table file failure for different reason than
|
||||
missing the file is fatal for deamon initizalization. But the failure
|
||||
was logged inly in debugging build.
|
||||
|
||||
This patch makes the fatal error visible in normal log.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1316308
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
src/kernel/linux.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/kernel/linux.c b/src/kernel/linux.c
|
||||
index 8bf265f..9103dbf 100644
|
||||
--- a/src/kernel/linux.c
|
||||
+++ b/src/kernel/linux.c
|
||||
@@ -73,21 +73,21 @@ bool core_init(void) {
|
||||
masq_fp = fopen(MASQFILE, "r");
|
||||
if (masq_fp == NULL) {
|
||||
if (errno != ENOENT) {
|
||||
- debug("fopen: %s: %s", MASQFILE, strerror(errno));
|
||||
+ o_log(NORMAL, "fopen: %s: %s", MASQFILE, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
masq_fp = fopen(CONNTRACK, "r");
|
||||
if (masq_fp == NULL) {
|
||||
if (errno != ENOENT) {
|
||||
- debug("fopen: %s: %s", CONNTRACK, strerror(errno));
|
||||
+ o_log(NORMAL, "fopen: %s: %s", CONNTRACK, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
masq_fp = fopen(NFCONNTRACK, "r");
|
||||
if (masq_fp == NULL) {
|
||||
if (errno != ENOENT) {
|
||||
- debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
|
||||
+ o_log(NORMAL, "fopen: %s: %s", NFCONNTRACK, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
masq_fp = fopen("/dev/null", "r");
|
||||
--
|
||||
2.5.0
|
||||
|
43
net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
Normal file
43
net-misc/oidentd/files/oidentd-2.0.8-masquerading.patch
Normal file
@ -0,0 +1,43 @@
|
||||
--- oidentd-2.0.8/src/kernel/linux.c 2006-05-22 06:58:53.000000000 +0300
|
||||
+++ oidentd-2.0.8/src/kernel/linux.c 2007-07-11 21:28:56.000000000 +0300
|
||||
@@ -48,6 +48,7 @@
|
||||
#define CFILE6 "/proc/net/tcp6"
|
||||
#define MASQFILE "/proc/net/ip_masquerade"
|
||||
#define CONNTRACK "/proc/net/ip_conntrack"
|
||||
+#define NFCONNTRACK "/proc/net/nf_conntrack"
|
||||
|
||||
static int netlink_sock;
|
||||
extern struct sockaddr_storage proxy;
|
||||
@@ -82,7 +83,15 @@
|
||||
debug("fopen: %s: %s", CONNTRACK, strerror(errno));
|
||||
return false;
|
||||
}
|
||||
- masq_fp = fopen("/dev/null", "r");
|
||||
+
|
||||
+ masq_fp = fopen(NFCONNTRACK, "r");
|
||||
+ if (masq_fp == NULL) {
|
||||
+ if (errno != ENOENT) {
|
||||
+ debug("fopen: %s: %s", NFCONNTRACK, strerror(errno));
|
||||
+ return false;
|
||||
+ }
|
||||
+ masq_fp = fopen("/dev/null", "r");
|
||||
+ }
|
||||
}
|
||||
|
||||
netfilter = true;
|
||||
@@ -367,6 +376,15 @@
|
||||
&nport_temp, &mport_temp);
|
||||
}
|
||||
|
||||
+ if (ret != 21) {
|
||||
+ ret = sscanf(buf,
|
||||
+ "%*15s %*d %15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d packets=%*d bytes=%*d src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d",
|
||||
+ proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
|
||||
+ &masq_lport_temp, &masq_fport_temp,
|
||||
+ &nl1, &nl2, &nl3, &nl4, &nr1, &nr2, &nr3, &nr4,
|
||||
+ &nport_temp, &mport_temp);
|
||||
+ }
|
||||
+
|
||||
if (ret != 21)
|
||||
continue;
|
||||
|
@ -0,0 +1,41 @@
|
||||
From 20a63ad8a90c36397cceedd34887298890dbafa3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
||||
Date: Fri, 11 Mar 2016 10:38:10 +0100
|
||||
Subject: [PATCH] Linux: Do not open conntracking table if masquerading is not
|
||||
enabled
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The contracking table was always opened. This is unnecessary because
|
||||
the table is used only when masquerading feature is requested on run
|
||||
time.
|
||||
|
||||
This patch skips opening the conntracking table on Linux if
|
||||
masquerading is not requested.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1316308
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
src/kernel/linux.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/kernel/linux.c b/src/kernel/linux.c
|
||||
index 9103dbf..859f554 100644
|
||||
--- a/src/kernel/linux.c
|
||||
+++ b/src/kernel/linux.c
|
||||
@@ -70,6 +70,11 @@ bool netfilter;
|
||||
*/
|
||||
bool core_init(void) {
|
||||
#ifdef MASQ_SUPPORT
|
||||
+ if (!opt_enabled(MASQ)) {
|
||||
+ masq_fp = NULL;
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
masq_fp = fopen(MASQFILE, "r");
|
||||
if (masq_fp == NULL) {
|
||||
if (errno != ENOENT) {
|
||||
--
|
||||
2.5.0
|
||||
|
22
net-misc/oidentd/files/oidentd.conf
Normal file
22
net-misc/oidentd/files/oidentd.conf
Normal file
@ -0,0 +1,22 @@
|
||||
# Configuration for oidentd
|
||||
# see oidentd.conf(5)
|
||||
#
|
||||
default {
|
||||
default {
|
||||
deny spoof
|
||||
deny spoof_all
|
||||
deny spoof_privport
|
||||
allow random
|
||||
allow random_numeric
|
||||
allow numeric
|
||||
deny hide
|
||||
}
|
||||
}
|
||||
|
||||
# you may want to hide root connections
|
||||
#user "root" {
|
||||
# default {
|
||||
# force reply "UNKNOWN"
|
||||
# }
|
||||
#}
|
||||
|
9
net-misc/oidentd/files/oidentd.service
Normal file
9
net-misc/oidentd/files/oidentd.service
Normal file
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=TCP/IP IDENT protocol server
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/sbin/oidentd -i -S -u nobody -g nobody
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
10
net-misc/oidentd/files/oidentd.socket
Normal file
10
net-misc/oidentd/files/oidentd.socket
Normal file
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=Ident (RFC 1413) socket
|
||||
Conflicts=oidentd.service
|
||||
|
||||
[Socket]
|
||||
ListenStream=113
|
||||
Accept=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
7
net-misc/oidentd/files/oidentd_at.service
Normal file
7
net-misc/oidentd/files/oidentd_at.service
Normal file
@ -0,0 +1,7 @@
|
||||
[Unit]
|
||||
Description=Ident (RFC 1413) per-connection server
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/sbin/oidentd -I -S -u nobody -g nobody
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
StandardInput=socket
|
10
net-misc/oidentd/files/oidentd_masq.conf
Normal file
10
net-misc/oidentd/files/oidentd_masq.conf
Normal file
@ -0,0 +1,10 @@
|
||||
# oident masquarded connections configuration
|
||||
|
||||
# use this file if your host is masquarading connections for several
|
||||
# hosts and you want to return a reply based on the hostname of
|
||||
# the originating machine
|
||||
# add "-f" to OIDENT_OPTIONS in /etc/conf.d/oidentd if you want
|
||||
# to forward ident requests to the real host
|
||||
|
||||
# add hosts in the following format, see oidentd_masq.conf(5) for details:
|
||||
# <ip or host>[/mask] <username> <os>
|
10
net-misc/oidentd/metadata.xml
Normal file
10
net-misc/oidentd/metadata.xml
Normal file
@ -0,0 +1,10 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
||||
<pkgmetadata>
|
||||
<use>
|
||||
<flag name="masquerade">Enable support for masqueraded/NAT connections</flag>
|
||||
</use>
|
||||
<upstream>
|
||||
<remote-id type="sourceforge">ojnk</remote-id>
|
||||
</upstream>
|
||||
</pkgmetadata>
|
53
net-misc/oidentd/oidentd-2.0.8-r5.ebuild
Normal file
53
net-misc/oidentd/oidentd-2.0.8-r5.ebuild
Normal file
@ -0,0 +1,53 @@
|
||||
# Copyright 1999-2017 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=5
|
||||
|
||||
inherit eutils systemd
|
||||
|
||||
DESCRIPTION="Another (RFC1413 compliant) ident daemon"
|
||||
HOMEPAGE="http://ojnk.sourceforge.net/"
|
||||
SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ~s390 ~sh sparc x86 ~x86-fbsd"
|
||||
IUSE="debug ipv6 masquerade"
|
||||
|
||||
PATCHES=(
|
||||
"${FILESDIR}/${P}-masquerading.patch"
|
||||
"${FILESDIR}/${P}-bind-to-ipv6-too.patch"
|
||||
"${FILESDIR}/${P}-gcc5.patch"
|
||||
)
|
||||
|
||||
src_prepare() {
|
||||
epatch -p1 "${PATCHES[@]}"
|
||||
}
|
||||
|
||||
src_configure() {
|
||||
econf \
|
||||
$(use_enable debug) \
|
||||
$(use_enable ipv6) \
|
||||
$(use_enable masquerade masq) \
|
||||
$(use_enable masquerade nat)
|
||||
}
|
||||
|
||||
src_install() {
|
||||
default
|
||||
|
||||
dodoc AUTHORS ChangeLog README TODO NEWS \
|
||||
"${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf
|
||||
|
||||
newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN}
|
||||
newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN}
|
||||
|
||||
systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service
|
||||
systemd_dounit "${FILESDIR}"/${PN}.socket
|
||||
systemd_dounit "${FILESDIR}"/${PN}.service
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
echo
|
||||
elog "Example configuration files are in /usr/share/doc/${PF}"
|
||||
echo
|
||||
}
|
55
net-misc/oidentd/oidentd-2.0.8-r6.ebuild
Normal file
55
net-misc/oidentd/oidentd-2.0.8-r6.ebuild
Normal file
@ -0,0 +1,55 @@
|
||||
# Copyright 1999-2017 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=6
|
||||
|
||||
inherit systemd
|
||||
|
||||
DESCRIPTION="Another (RFC1413 compliant) ident daemon"
|
||||
HOMEPAGE="http://ojnk.sourceforge.net/"
|
||||
SRC_URI="mirror://sourceforge/ojnk/${P}.tar.gz"
|
||||
|
||||
LICENSE="GPL-2"
|
||||
SLOT="0"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
|
||||
IUSE="debug ipv6 masquerade selinux"
|
||||
|
||||
DEPEND=""
|
||||
|
||||
RDEPEND="${DEPEND}
|
||||
selinux? ( sec-policy/selinux-oident )"
|
||||
|
||||
DOCS=( AUTHORS ChangeLog README TODO NEWS "${FILESDIR}"/${PN}_masq.conf "${FILESDIR}"/${PN}.conf )
|
||||
|
||||
PATCHES=(
|
||||
"${FILESDIR}/${P}-masquerading.patch"
|
||||
"${FILESDIR}/${P}-bind-to-ipv6-too.patch"
|
||||
"${FILESDIR}/${P}-gcc5.patch"
|
||||
"${FILESDIR}/${P}-log-conntrack-fails.patch"
|
||||
"${FILESDIR}/${P}-no-conntrack-masquerading.patch"
|
||||
)
|
||||
|
||||
src_configure() {
|
||||
econf \
|
||||
$(use_enable debug) \
|
||||
$(use_enable ipv6) \
|
||||
$(use_enable masquerade masq) \
|
||||
$(use_enable masquerade nat)
|
||||
}
|
||||
|
||||
src_install() {
|
||||
default
|
||||
|
||||
newinitd "${FILESDIR}"/${PN}-2.0.7-init ${PN}
|
||||
newconfd "${FILESDIR}"/${PN}-2.0.7-confd ${PN}
|
||||
|
||||
systemd_newunit "${FILESDIR}"/${PN}_at.service ${PN}@.service
|
||||
systemd_dounit "${FILESDIR}"/${PN}.socket
|
||||
systemd_dounit "${FILESDIR}"/${PN}.service
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
echo
|
||||
elog "Example configuration files are in /usr/share/doc/${PF}"
|
||||
echo
|
||||
}
|
Loading…
Reference in New Issue
Block a user