Date: Tue, 08 Jan 2008 15:03:10 +0100 From: Daniel Roethlisberger <daniel@roe.ch> To: FreeBSD-gnats-submit@FreeBSD.org Cc: daniel@roe.ch Subject: ports/119452: [patch] net/iodine - add rc script, UID/GID Message-ID: <E1JCF2s-0005NX-G5@calvin.roe.ch> Resent-Message-ID: <200801081450.m08Eo1PW020311@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119452 >Category: ports >Synopsis: [patch] net/iodine - add rc script, UID/GID >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Jan 08 14:50:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Daniel Roethlisberger >Release: FreeBSD 6.2-RELEASE-p9 i386 >Organization: >Environment: System: FreeBSD calvin.roe.ch 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 #0: Thu Nov 29 04:22:49 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386 >Description: Added files: files/iodined.in pkg-install Changes: * Add an rc script for automatically running iodined. It supports various options, including chroot/setuid support which "just works" and sensible defaults where they make sense. * Create user/group _iodined. * Symlink iodined(8) to iodine(8). * Fix pkg-message and actually display it in post-install. Note that there is a separate diff against /usr/ports/[UG]IDs >How-To-Repeat: Install iodine and notice that you have to run the daemon manually and that there is no manual page for iodined (only iodine). >Fix: --- iodine-rc.diff begins here --- diff -ruN iodine.orig/Makefile iodine/Makefile --- iodine.orig/Makefile Sat Dec 15 10:10:34 2007 +++ iodine/Makefile Tue Jan 8 14:18:17 2008 @@ -7,6 +7,7 @@ PORTNAME= iodine PORTVERSION= 0.4.1 +PORTREVISION= 1 CATEGORIES= net MASTER_SITES= http://code.kryo.se/iodine/ @@ -18,6 +19,8 @@ PORTDOCS= CHANGELOG README TODO MAN8= iodine.8 +MLINKS= iodine.8 iodined.8 +USE_RC_SUBR= iodined .include <bsd.port.pre.mk> @@ -36,5 +39,9 @@ ${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} .endfor .endif + +post-install: + @${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + @${CAT} ${PKGMESSAGE} .include <bsd.port.post.mk> diff -ruN iodine.orig/files/iodined.in iodine/files/iodined.in --- iodine.orig/files/iodined.in Thu Jan 1 01:00:00 1970 +++ iodine/files/iodined.in Tue Jan 8 14:30:38 2008 @@ -0,0 +1,49 @@ +#!/bin/sh + +# PROVIDE: iodined +# REQUIRE: LOGIN +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# iodined_enable (bool): Set to NO by default. +# Set it to YES to enable iodined. +# iodined_password (string): Not set by default, mandatory. +# Password used for client authentication. +# Note that the password will be visible to ps(1) et al. +# iodined_domain (string): Not set by default, mandatory. +# Tunnel domain delegated to iodined, e.g. "t.example.net". +# iodined_addr (string): Set to 172.16.0.1 by default. +# IPv4 address used for the daemon end of the tunnel. +# iodined_flags (string): Set to "-u _iodined -t /var/empty" by default. +# Additional flags to iodined, see manual page. +# + +. %%RC_SUBR%% + +name="iodined" +rcvar="${name}"_enable + +command=%%PREFIX%%/sbin/"${name}" + +load_rc_config "$name" + +: ${iodined_enable="NO"} +: ${iodined_password=""} +: ${iodined_domain=""} +: ${iodined_addr="172.16.0.1"} +: ${iodined_flags="-u _iodined -t /var/empty"} + +if checkyesno iodined_enable; then + if [ -z "$iodined_password" ]; then + err 1 'Must set $iodined_password in rc.conf or rc.conf.local' + fi + if [ -z "$iodined_domain" ]; then + err 1 'Must set $iodined_domain in rc.conf or rc.conf.local' + fi +fi + +command_args="-P $iodined_password $iodined_addr $iodined_domain" + +run_rc_command "$1" + diff -ruN iodine.orig/pkg-install iodine/pkg-install --- iodine.orig/pkg-install Thu Jan 1 01:00:00 1970 +++ iodine/pkg-install Tue Jan 8 12:25:01 2008 @@ -0,0 +1,36 @@ +#!/bin/sh + +case $2 in +POST-INSTALL) + USER=_iodined + GROUP=${USER} + UID=353 + GID=${UID} + PW=/usr/sbin/pw + + if ${PW} group show "${GROUP}" 2>/dev/null; then + echo "You already have a group \"${GROUP}\", so I will use it." + else + if ${PW} groupadd ${GROUP} -g ${GID}; then + echo "Added group \"${GROUP}\"." + else + echo "Adding group \"${GROUP}\" failed..." + exit 1 + fi + fi + + if ${PW} user show "${USER}" 2>/dev/null; then + echo "You already have a user \"${USER}\", so I will use it." + else + if ${PW} useradd ${USER} -u ${UID} -g ${GROUP} -h - \ + -d "/var/empty" -s /sbin/nologin -c "OSPF Daemon" + then + echo "Added user \"${USER}\"." + else + echo "Adding user \"${USER}\" failed..." + exit 1 + fi + fi + exit 0 + ;; +esac diff -ruN iodine.orig/pkg-message iodine/pkg-message --- iodine.orig/pkg-message Sat Feb 24 08:52:26 2007 +++ iodine/pkg-message Tue Jan 8 14:10:10 2008 @@ -1,19 +1,31 @@ -=== Quick Start === +**** This port installs the iodine daemon, but does not invoke iodined by + default. If you want to invoke iodined at startup, put these lines + into /etc/rc.conf or /etc/rc.conf.local: -Server: + iodined_enable="YES" # iodined enabled? + iodined_password="changeme" # password for clients + iodined_domain="t.example.net" # delegated tunnel domain -iodined -f -u nobody 10.0.0.1 tunnelhost.example.net + Optionally, you may override these defaults: -Client: + iodined_addr="172.16.0.1" # tunnel base IPv4 address + iodined_flags="-u _iodined -t /var/empty" # additional flags -iodine -f -u nobody 192.168.1.1 tunnelhost.example.net +**** You need to delegate the tunnel zone to your iodined instance. + Add lines like these to the DNS zone file for example.net: -You need add these lines to the DNS zone file: + iodinehost IN A 192.0.2.1 + t IN NS iodinehost.example.net. -tunnelhost IN A 192.168.1.1 -tunnel IN NS tunnelhost.example.net +**** If you want to start the server manually in the foreground, use + something like: -The server side of the tunnel is 10.0.0.1. + iodined -f -u _iodined -t /var/empty 172.16.0.1 t.example.net + + Run the client using something like: + + iodine -f -u _iodined -t /var/empty 192.168.1.1 t.example.net + + See iodine(1) for more information. -Please check README for details. --- iodine-rc.diff ends here --- --- iodine-uidgid.diff begins here --- --- UIDs.orig Sun Sep 30 09:19:48 2007 +++ UIDs Tue Jan 8 12:24:20 2008 @@ -102,6 +102,7 @@ dkfilter:*:325:325:DK Filter Owner:/nonexistent:/usr/sbin/nologin wildfire:*:340:340::0:0:Wildfire Daemon:/nonexistent:/usr/sbin/nologin stunnel:*:341:341::0:0:Stunnel Daemon:/nonexistent:/usr/sbin/nologin +_iodined:*:353:353:Iodine Daemon:/nonexistent:/usr/sbin/nologin ldap:*:389:389:OpenLDAP Server:/nonexistent:/usr/sbin/nologin tiarra:*:398:398:Tiarra IRC Proxy:/nonexistent:/usr/sbin/nologin drweb:*:426:426:Dr.Web Mail Scanner:/nonexistent:/usr/sbin/nologin --- GIDs.orig Fri Sep 7 05:08:58 2007 +++ GIDs Tue Jan 8 12:24:29 2008 @@ -92,6 +92,7 @@ dkfilter:*:325: wildfire:*:340: stunnel:*:341: +_iodined:*:353: ldap:*:389: tiarra:*:398: drweb:*:426: --- iodine-uidgid.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1JCF2s-0005NX-G5>