ports/119452: [patch] net/iodine - add rc script, UID/GID
Daniel Roethlisberger
daniel at roe.ch
Tue Jan 8 14:50:01 UTC 2008
>Number: 119452
>Category: ports
>Synopsis: [patch] net/iodine - add rc script, UID/GID
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 08 14:50:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Daniel Roethlisberger
>Release: FreeBSD 6.2-RELEASE-p9 i386
>Organization:
>Environment:
System: FreeBSD calvin.roe.ch 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 #0: Thu Nov 29 04:22:49 UTC 2007 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
Added files:
files/iodined.in
pkg-install
Changes:
* Add an rc script for automatically running iodined.
It supports various options, including chroot/setuid support
which "just works" and sensible defaults where they make sense.
* Create user/group _iodined.
* Symlink iodined(8) to iodine(8).
* Fix pkg-message and actually display it in post-install.
Note that there is a separate diff against /usr/ports/[UG]IDs
>How-To-Repeat:
Install iodine and notice that you have to run the daemon manually
and that there is no manual page for iodined (only iodine).
>Fix:
--- iodine-rc.diff begins here ---
diff -ruN iodine.orig/Makefile iodine/Makefile
--- iodine.orig/Makefile Sat Dec 15 10:10:34 2007
+++ iodine/Makefile Tue Jan 8 14:18:17 2008
@@ -7,6 +7,7 @@
PORTNAME= iodine
PORTVERSION= 0.4.1
+PORTREVISION= 1
CATEGORIES= net
MASTER_SITES= http://code.kryo.se/iodine/
@@ -18,6 +19,8 @@
PORTDOCS= CHANGELOG README TODO
MAN8= iodine.8
+MLINKS= iodine.8 iodined.8
+USE_RC_SUBR= iodined
.include <bsd.port.pre.mk>
@@ -36,5 +39,9 @@
${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
.endfor
.endif
+
+post-install:
+ @${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+ @${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>
diff -ruN iodine.orig/files/iodined.in iodine/files/iodined.in
--- iodine.orig/files/iodined.in Thu Jan 1 01:00:00 1970
+++ iodine/files/iodined.in Tue Jan 8 14:30:38 2008
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# PROVIDE: iodined
+# REQUIRE: LOGIN
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# iodined_enable (bool): Set to NO by default.
+# Set it to YES to enable iodined.
+# iodined_password (string): Not set by default, mandatory.
+# Password used for client authentication.
+# Note that the password will be visible to ps(1) et al.
+# iodined_domain (string): Not set by default, mandatory.
+# Tunnel domain delegated to iodined, e.g. "t.example.net".
+# iodined_addr (string): Set to 172.16.0.1 by default.
+# IPv4 address used for the daemon end of the tunnel.
+# iodined_flags (string): Set to "-u _iodined -t /var/empty" by default.
+# Additional flags to iodined, see manual page.
+#
+
+. %%RC_SUBR%%
+
+name="iodined"
+rcvar="${name}"_enable
+
+command=%%PREFIX%%/sbin/"${name}"
+
+load_rc_config "$name"
+
+: ${iodined_enable="NO"}
+: ${iodined_password=""}
+: ${iodined_domain=""}
+: ${iodined_addr="172.16.0.1"}
+: ${iodined_flags="-u _iodined -t /var/empty"}
+
+if checkyesno iodined_enable; then
+ if [ -z "$iodined_password" ]; then
+ err 1 'Must set $iodined_password in rc.conf or rc.conf.local'
+ fi
+ if [ -z "$iodined_domain" ]; then
+ err 1 'Must set $iodined_domain in rc.conf or rc.conf.local'
+ fi
+fi
+
+command_args="-P $iodined_password $iodined_addr $iodined_domain"
+
+run_rc_command "$1"
+
diff -ruN iodine.orig/pkg-install iodine/pkg-install
--- iodine.orig/pkg-install Thu Jan 1 01:00:00 1970
+++ iodine/pkg-install Tue Jan 8 12:25:01 2008
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+case $2 in
+POST-INSTALL)
+ USER=_iodined
+ GROUP=${USER}
+ UID=353
+ GID=${UID}
+ PW=/usr/sbin/pw
+
+ if ${PW} group show "${GROUP}" 2>/dev/null; then
+ echo "You already have a group \"${GROUP}\", so I will use it."
+ else
+ if ${PW} groupadd ${GROUP} -g ${GID}; then
+ echo "Added group \"${GROUP}\"."
+ else
+ echo "Adding group \"${GROUP}\" failed..."
+ exit 1
+ fi
+ fi
+
+ if ${PW} user show "${USER}" 2>/dev/null; then
+ echo "You already have a user \"${USER}\", so I will use it."
+ else
+ if ${PW} useradd ${USER} -u ${UID} -g ${GROUP} -h - \
+ -d "/var/empty" -s /sbin/nologin -c "OSPF Daemon"
+ then
+ echo "Added user \"${USER}\"."
+ else
+ echo "Adding user \"${USER}\" failed..."
+ exit 1
+ fi
+ fi
+ exit 0
+ ;;
+esac
diff -ruN iodine.orig/pkg-message iodine/pkg-message
--- iodine.orig/pkg-message Sat Feb 24 08:52:26 2007
+++ iodine/pkg-message Tue Jan 8 14:10:10 2008
@@ -1,19 +1,31 @@
-=== Quick Start ===
+**** This port installs the iodine daemon, but does not invoke iodined by
+ default. If you want to invoke iodined at startup, put these lines
+ into /etc/rc.conf or /etc/rc.conf.local:
-Server:
+ iodined_enable="YES" # iodined enabled?
+ iodined_password="changeme" # password for clients
+ iodined_domain="t.example.net" # delegated tunnel domain
-iodined -f -u nobody 10.0.0.1 tunnelhost.example.net
+ Optionally, you may override these defaults:
-Client:
+ iodined_addr="172.16.0.1" # tunnel base IPv4 address
+ iodined_flags="-u _iodined -t /var/empty" # additional flags
-iodine -f -u nobody 192.168.1.1 tunnelhost.example.net
+**** You need to delegate the tunnel zone to your iodined instance.
+ Add lines like these to the DNS zone file for example.net:
-You need add these lines to the DNS zone file:
+ iodinehost IN A 192.0.2.1
+ t IN NS iodinehost.example.net.
-tunnelhost IN A 192.168.1.1
-tunnel IN NS tunnelhost.example.net
+**** If you want to start the server manually in the foreground, use
+ something like:
-The server side of the tunnel is 10.0.0.1.
+ iodined -f -u _iodined -t /var/empty 172.16.0.1 t.example.net
+
+ Run the client using something like:
+
+ iodine -f -u _iodined -t /var/empty 192.168.1.1 t.example.net
+
+ See iodine(1) for more information.
-Please check README for details.
--- iodine-rc.diff ends here ---
--- iodine-uidgid.diff begins here ---
--- UIDs.orig Sun Sep 30 09:19:48 2007
+++ UIDs Tue Jan 8 12:24:20 2008
@@ -102,6 +102,7 @@
dkfilter:*:325:325:DK Filter Owner:/nonexistent:/usr/sbin/nologin
wildfire:*:340:340::0:0:Wildfire Daemon:/nonexistent:/usr/sbin/nologin
stunnel:*:341:341::0:0:Stunnel Daemon:/nonexistent:/usr/sbin/nologin
+_iodined:*:353:353:Iodine Daemon:/nonexistent:/usr/sbin/nologin
ldap:*:389:389:OpenLDAP Server:/nonexistent:/usr/sbin/nologin
tiarra:*:398:398:Tiarra IRC Proxy:/nonexistent:/usr/sbin/nologin
drweb:*:426:426:Dr.Web Mail Scanner:/nonexistent:/usr/sbin/nologin
--- GIDs.orig Fri Sep 7 05:08:58 2007
+++ GIDs Tue Jan 8 12:24:29 2008
@@ -92,6 +92,7 @@
dkfilter:*:325:
wildfire:*:340:
stunnel:*:341:
+_iodined:*:353:
ldap:*:389:
tiarra:*:398:
drweb:*:426:
--- iodine-uidgid.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list