[gentoo-commits] repo/gentoo:master commit in: net-analyzer/icinga/

["Matt Thode" <prometheanfire@gentoo.org>]

commit:     01be0da7e94079bca6b18567e6a81a4d1a7206b2
Author:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  1 01:14:13 2015 +0000
Commit:     Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Sun Nov  1 01:15:25 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01be0da7

net-analyzer/icinga: fixing CVE-2015-8010 bug 564242

Package-Manager: portage-2.2.20.1

 net-analyzer/icinga/Manifest             |   1 +
 net-analyzer/icinga/icinga-1.13.3.ebuild | 267 +++++++++++++++++++++++++++++++
 2 files changed, 268 insertions(+)

diff --git a/net-analyzer/icinga/Manifest b/net-analyzer/icinga/Manifest
index 05af21b..60eb54f 100644
--- a/net-analyzer/icinga/Manifest
+++ b/net-analyzer/icinga/Manifest
@@ -4,4 +4,5 @@ DIST icinga-1.11.4.tar.gz 18657247 SHA256 34e923d8daac0235513ece5f54a2065b9166cc
 DIST icinga-1.11.7.tar.gz 18657763 SHA256 b6526dd44d42c70e50ebfb58608f1fec8ba6d805fda4fde57f1078c248e25045 SHA512 3c06771f83257afc9096078ba5304ad9a3fbd8d75f22ca62113c45b06f1a015ef3758936dcb3376b3a18584a360ca4a629e5b071570b7215f7b199e414946af1 WHIRLPOOL 4f66389b467f77e5544239c9c1553e185e37f115f057df83330118e2e8883efa5d73b05bc1c9b3801ff522947e098f3169185b71a172bf9ac26173a033ce30d6
 DIST icinga-1.12.0.tar.gz 18670338 SHA256 6bcee5605d66a00444454514baeffd8084df6097cf8ebead2b8114387d5def14 SHA512 214eece3d5545f9157c25d83f1ed65eab82ae4508e713efa2aec83d69e0621ff53618a33c266e88f67b13e4734bd62d7e55cb2cbc547946d13e691f9b24c726b WHIRLPOOL 94fd7435f113e839e1d6a71a466060ab3e2f161a64643e011acb01f1a34bfe00a7313ea47434db6f74405b1b3fe7581c39bb39fd04887e4985fcd16f0cc0c827
 DIST icinga-1.12.2.tar.gz 18745366 SHA256 3eb3e623070996fffe8ba1d5c0fe8081d3074bca5109de4ee597a9515507a4cc SHA512 eac3d354fa555d8374757a07cc84f028dcead71eb611245e16597b050f8f050d4b955cf7bc70ff0230a7fa8eb004541827c2686b60ccd683a0646c1d7707b264 WHIRLPOOL fc1251966dfce7377e6f4017281b3f35cca2241ee1fb31b654126d8f045a957a6835cdb45d622efaaf0cf0cd89d45969f6a4c81dd628174dc7a9c29cef137b51
+DIST icinga-1.13.3.tar.gz 18738204 SHA256 d6994bcc9e137f6639b781a78a55d29c51d74cdfce7f35c13c47e09f200acd84 SHA512 babdbb823c6d7241aa67c39c35f67bdf9a4963688b6edd1190af32e056639c1e592791071c90eae3daa44bcb63beee2ff260ce5a0d5e7edb0ed3c99d69ffdaed WHIRLPOOL 6886f98f44cf2aed3b1f2a23d905cbbf5ecf22055ba66d44b44c46942947103863e47e8ba889ba97d98a22f9364946cd3e725563d05df105be519486e2f4857d
 DIST icinga-1.9.6.tar.gz 17082621 SHA256 a70a54d49813f8ea1b58688d5d2b3ecd00a0470a900c84943c044669f582274c SHA512 f2489d6c898e754ca162304651e71e071e5f1d0ce396ecd87ba9e6fd0a14343cca24fd860e661250b2723a696045d45602ebf2fc9aa16dbaf126415ba109b3ff WHIRLPOOL 599b3a257e1ef9b9d713cfbde0233ab171f46ee5f2fffaa2e5a3ab95daaad2c9ee88e61def2420d60e9262fb57dc4a18ea168c0d9b1da52dc85792d2d1389cbf

diff --git a/net-analyzer/icinga/icinga-1.13.3.ebuild b/net-analyzer/icinga/icinga-1.13.3.ebuild
new file mode 100644
index 0000000..24f28f8
--- /dev/null
+++ b/net-analyzer/icinga/icinga-1.13.3.ebuild
@@ -0,0 +1,267 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit depend.apache eutils multilib pax-utils toolchain-funcs user versionator
+
+DESCRIPTION="Nagios Fork - Check daemon, CGIs, docs, IDOutils"
+HOMEPAGE="http://www.icinga.org/"
+#MY_PV=$(delete_version_separator 3)
+#SRC_URI="mirror://sourceforge/${PN}/${PN}-${MY_PV}.tar.gz"
+#S=${WORKDIR}/${PN}-${MY_PV}
+#SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+SRC_URI="https://github.com/${PN}/${PN}-core/releases/download/v${PV}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~x86"
+IUSE="+apache2 contrib eventhandler +idoutils lighttpd +mysql perl +plugins postgres ssl +vim-syntax +web"
+DEPEND="idoutils? ( dev-db/libdbi-drivers[mysql?,postgres?] )
+	perl? ( dev-lang/perl )
+	virtual/mailx
+	web? (
+		media-libs/gd[jpeg,png]
+		lighttpd? ( www-servers/lighttpd )
+	)
+	!net-analyzer/nagios-core"
+RDEPEND="${DEPEND}
+	plugins? ( || (
+		net-analyzer/monitoring-plugins
+		net-analyzer/nagios-plugins
+	) )"
+RESTRICT="test"
+
+want_apache2
+
+pkg_setup() {
+	depend.apache_pkg_setup
+	enewgroup icinga
+	enewgroup nagios
+	enewuser icinga -1 -1 /var/lib/icinga "icinga,nagios"
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/fix-prestripped-binaries-1.7.0.patch"
+}
+
+src_configure() {
+	local myconf
+
+	myconf="$(use_enable perl embedded-perl)
+	$(use_with perl perlcache)
+	$(use_enable idoutils)
+	$(use_enable ssl)
+	--with-cgiurl=/icinga/cgi-bin
+	--with-log-dir=/var/log/icinga
+	--libdir=/usr/$(get_libdir)
+	--bindir=/usr/sbin
+	--sbindir=/usr/$(get_libdir)/icinga/cgi-bin
+	--datarootdir=/usr/share/icinga/htdocs
+	--localstatedir=/var/lib/icinga
+	--sysconfdir=/etc/icinga
+	--with-lockfile=/var/run/icinga/icinga.lock
+	--with-temp-dir=/tmp/icinga
+	--with-temp-file=/tmp/icinga/icinga.tmp"
+
+	if use idoutils ; then
+		myconf+=" --with-ido2db-lockfile=/var/run/icinga/ido2db.lock
+		--with-icinga-chkfile=/var/lib/icinga/icinga.chk
+		--with-ido-sockfile=/var/lib/icinga/ido.sock
+		--with-idomod-tmpfile=/tmp/icinga/idomod.tmp"
+	fi
+
+	if use eventhandler ; then
+		myconfig+=" --with-eventhandler-dir=/etc/icinga/eventhandlers"
+	fi
+
+	if use plugins ; then
+		myconf+=" --with-plugin-dir=/usr/$(get_libdir)/nagios/plugins"
+	else
+		myconf+=" --with-plugin-dir=/usr/$(get_libdir)/nagios/plugins"
+	fi
+
+	if use !apache2 && use !lighttpd ; then
+		myconf+=" --with-command-group=icinga"
+	else
+		if use apache2 ; then
+			myconf+=" --with-httpd-conf=/etc/apache2/conf.d"
+			myconf+=" --with-command-group=apache"
+		elif use lighttpd ; then
+			myconf+=" --with-command-group=lighttpd"
+		fi
+	fi
+
+	econf ${myconf}
+}
+
+src_compile() {
+	tc-export CC
+
+	emake icinga || die "make failed"
+
+	if use web ; then
+		emake DESTDIR="${D}" cgis || die
+	fi
+
+	if use contrib ; then
+		emake DESTDIR="${D}" -C contrib || die
+	fi
+
+	if use idoutils ; then
+		emake DESTDIR="${D}" idoutils || die
+	fi
+}
+
+src_install() {
+	dodoc Changelog README UPGRADING || die
+
+	if ! use web ; then
+		sed -i -e '/cd $(SRC_\(CGI\|HTM\))/d' Makefile || die
+	fi
+
+	emake DESTDIR="${D}" install{,-config,-commandmode} || die
+
+	if use idoutils ; then
+		 emake DESTDIR="${D}" install-idoutils || die
+	fi
+
+	if use contrib ; then
+		emake DESTDIR="${D}" -C contrib install || die
+	fi
+
+	if use eventhandler ; then
+		emake DESTDIR="${D}" install-eventhandlers || die
+	fi
+
+	newinitd "${FILESDIR}"/icinga-init.d icinga || die
+	newconfd "${FILESDIR}"/icinga-conf.d icinga || die
+	if use idoutils ; then
+		newinitd "${FILESDIR}"/ido2db-init.d ido2db || die
+		newconfd "${FILESDIR}"/ido2db-conf.d ido2db || die
+		insinto /usr/share/icinga/contrib/db
+		doins -r module/idoutils/db/* || die
+	fi
+	# Apache Module
+	if use web ; then
+		if use apache2 ; then
+			insinto "${APACHE_MODULES_CONFDIR}"
+			newins "${FILESDIR}"/icinga-apache.conf 99_icinga.conf || die
+		elif use lighttpd ; then
+			insinto /etc/lighttpd
+			newins "${FILESDIR}"/icinga-lighty.conf lighttpd_icinga.conf || die
+		else
+			ewarn "${CATEGORY}/${PF} only supports Apache-2.x or Lighttpd webserver"
+			ewarn "out-of-the-box. Since you are not using one of them, you"
+			ewarn "have to configure your webserver accordingly yourself."
+		fi
+		fowners -R root:root /usr/$(get_libdir)/icinga || die
+		cd "${D}" || die
+		find usr/$(get_libdir)/icinga -type d -exec fperms 755 {} +
+		find usr/$(get_libdir)/icinga/cgi-bin -type f -exec fperms 755 {} +
+	fi
+
+	if use eventhandler ; then
+		dodir /etc/icinga/eventhandlers || die
+		fowners icinga:icinga /etc/icinga/eventhandlers || die
+	fi
+
+	keepdir /etc/icinga
+	keepdir /var/lib/icinga
+	keepdir /var/lib/icinga/archives
+	keepdir /var/lib/icinga/rw
+	keepdir /var/lib/icinga/spool/checkresults
+
+	if use apache2 ; then
+		webserver=apache
+	elif use lighttpd ; then
+		webserver=lighttpd
+	else
+		webserver=icinga
+	fi
+
+	fowners icinga:icinga /var/lib/icinga || die "Failed chown of /var/lib/icinga"
+	fowners -R icinga:${webserver} /var/lib/icinga/rw || die "Failed chown of /var/lib/icinga/rw"
+
+	fperms 6755 /var/lib/icinga/rw || die "Failed Chmod of ${D}/var/lib/icinga/rw"
+	fperms 0750 /etc/icinga || die "Failed chmod of ${D}/etc/icinga"
+
+	# paxmarks
+	if use idoutils ; then
+		pax-mark m usr/sbin/ido2db
+	fi
+}
+
+pkg_postinst() {
+	if use web ; then
+		elog "This does not include cgis that are perl-dependent"
+		elog "Currently traceroute.cgi is perl-dependent"
+		elog "Note that the user your webserver is running as needs"
+		elog "read-access to /etc/icinga."
+		elog
+		if use apache2 || use lighttpd ; then
+			elog "There are several possible solutions to accomplish this,"
+			elog "choose the one you are most comfortable with:"
+			elog
+			if use apache2 ; then
+				elog "	usermod -G icinga apache"
+				elog "or"
+				elog "	chown icinga:apache /etc/icinga"
+				elog
+				elog "Also edit /etc/conf.d/apache2 and add a line like"
+				elog "APACHE2_OPTS=\"\$APACHE2_OPTS -D ICINGA\""
+				elog
+				elog "Icinga web service needs user authentication. If you"
+				elog "use the base configuration, you need a password file"
+				elog "with a password for user \"icingaadmin\""
+				elog "You can create this file by executing:"
+				elog "htpasswd -c /etc/icinga/htpasswd.users icingaadmin"
+				elog
+				elog "you may want to also add apache to the icinga group"
+				elog "to allow it access to the AuthUserFile"
+				elog
+			elif use lighttpd ; then
+				elog "  usermod -G icinga lighttpd "
+				elog "or"
+				elog "  chown icinga:lighttpd /etc/icinga"
+				elog "Also edit /etc/lighttpd/lighttpd.conf and add 'include \"lighttpd_icinga.conf\"'"
+			fi
+			elog
+			elog "That will make icinga's web front end visable via"
+			elog "http://localhost/icinga/"
+			elog
+		else
+			elog "IMPORTANT: Do not forget to add the user your webserver"
+			elog "is running as to the icinga group!"
+		fi
+	else
+		ewarn "Please note that you have installed Icinga without web interface."
+		ewarn "Please don't file any bugs about having no web interface when you do this."
+		ewarn "Thank you!"
+	fi
+	elog
+	elog "If you want icinga to start at boot time"
+	elog "remember to execute:"
+	elog "  rc-update add icinga default"
+	elog
+	elog "If your kernel has /proc protection, icinga"
+	elog "will not be happy as it relies on accessing the proc"
+	elog "filesystem. You can fix this by adding icinga into"
+	elog "the group wheel, but this is not recomended."
+	elog
+	if [ -d "${ROOT}"/var/icinga ] ; then
+		ewarn
+		ewarn "/var/icinga was moved to /var/lib/icinga"
+		ewarn "please move the files if this was an upgrade"
+		if use idoutils ; then
+			ewarn "and edit /etc/ido2db.cfg to change the location of the files"
+			ewarn "it accesses"
+			ewarn "update your db with the scripts under the directory"
+			ewarn "/usr/share/icinga/contrib/db/"
+		fi
+		ewarn
+		ewarn "The \"mv /var/icinga /var/lib/\" command works well to move the files"
+		ewarn "remove /var/icinga afterwards to make this warning disappear"
+	fi
+}