[gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/, net-analyzer/nrpe/files/

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/, net-analyzer/nrpe/files/

[Michael Orlitzky]

commit:     e05d77e5b5a85672092c5c156b1371da178b520f
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 16:08:49 2015 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 16:08:49 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e05d77e5

net-analyzer/nrpe: revbump to add selinux and no-ssl support.

Add a conditional dep on sec-policy/selinux-nagios, and pull in an
(unreleased) upstream patch to fix the build when USE="-ssl". Also add
a slot on the openssl dependency to make repoman happy.

Bug: 462572
Bug: 554536

Package-Manager: portage-2.2.20.1

 net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch |  39 +++++++
 net-analyzer/nrpe/nrpe-2.15-r3.ebuild          | 137 +++++++++++++++++++++++++
 2 files changed, 176 insertions(+)

diff --git a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch
new file mode 100644
index 0000000..3b3fc13
--- /dev/null
+++ b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch
@@ -0,0 +1,39 @@
+Without this patch, you can't build nrpe without SSL support. It was
+originally submitted on the Nagios forums by user Matthew L. Daniel:
+
+  https://support.nagios.com/forum/viewtopic.php?t=27027
+
+It was merged into the upstream github repo (NagiosEnterprises/nrpe)
+in commit 3736fdeeac11a.
+
+
+diff --git a/src/nrpe.c b/src/nrpe.c
+index 4bc849b..1e55ab4 100644
+--- a/src/nrpe.c
++++ b/src/nrpe.c
+@@ -102,7 +102,9 @@ int     use_src=FALSE; /* Define parameter for SRC option */
+ int		listen_queue_size=DEFAULT_LISTEN_QUEUE_SIZE;
+ 
+ 
++#ifdef HAVE_SSL
+ void complete_SSL_shutdown( SSL *);
++#endif
+ 
+ 
+ int main(int argc, char **argv){
+@@ -1815,6 +1817,7 @@ int remove_pid_file(void){
+ 	return OK;
+         }
+ 
++#ifdef HAVE_SSL
+ void complete_SSL_shutdown( SSL *ssl) {
+ 
+ 	/*  
+@@ -1835,6 +1838,7 @@ void complete_SSL_shutdown( SSL *ssl) {
+ 		if( SSL_shutdown( ssl)) break;
+ 	}
+ }
++#endif/*HAVE_SSL*/
+ 
+ /* bail if daemon is running as root */
+ int check_privileges(void){

diff --git a/net-analyzer/nrpe/nrpe-2.15-r3.ebuild b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild
new file mode 100644
index 0000000..906120d
--- /dev/null
+++ b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils systemd toolchain-funcs multilib user autotools
+
+DESCRIPTION="Nagios Remote Plugin Executor"
+HOMEPAGE="http://www.nagios.org/"
+SRC_URI="mirror://sourceforge/nagios/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="command-args minimal selinux ssl tcpd"
+
+DEPEND="ssl? ( dev-libs/openssl:0 )
+	!minimal? ( tcpd? ( sys-apps/tcp-wrappers ) )"
+RDEPEND="${DEPEND}
+	!minimal? (
+		|| ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins )
+	)
+	selinux? ( sec-policy/selinux-nagios )"
+
+pkg_setup() {
+	enewgroup nagios
+	enewuser nagios -1 /bin/bash /dev/null nagios
+
+	elog "If you plan to use \"nrpe_check_control\" then you may want to specify"
+	elog "different command and services files. You can override the defaults"
+	elog "through the \"NAGIOS_COMMAND_FILE\" and \"NAGIOS_SERVICES_FILE\" environment variables."
+	elog "NAGIOS_COMMAND_FILE=${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}"
+	elog "NAGIOS_SERVICES_FILE=${NAGIOS_SERVICES_FILE:-/etc/services.cfg}"
+}
+
+src_prepare() {
+	# Add support for large output,
+	# http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.html
+	epatch "${FILESDIR}"/${PN}-2.14-multiline.patch
+
+	# fix configure, among others #326367, #397603
+	epatch "${FILESDIR}"/${PN}-2.15-tcpd-et-al.patch
+
+	# otherwise autoconf will overwrite the custom include/config.h.in
+	epatch "${FILESDIR}"/${PN}-2.15-autoconf-header.patch
+
+	# improve handling of metachars for security
+	epatch "${FILESDIR}"/${PN}-2.15-metachar-security-fix.patch
+
+	# Fix build with USE="-ssl".
+	epatch "${FILESDIR}"/${PN}-2.15-no-ssl.patch
+
+	sed -i -e '/define \(COMMAND\|SERVICES\)_FILE/d' \
+		contrib/nrpe_check_control.c || die
+
+	# change the default location of the pid file
+	sed -i -e '/pid_file/s:/var/run:/run:' sample-config/nrpe.cfg.in || die
+
+	# fix TFU handling of autoheader
+	sed -i -e '/#undef/d' include/config.h.in || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myconf
+	if use minimal; then
+		myconf="--disable-tcp-wrapper --disable-command-args"
+	else
+		myconf="$(use_enable tcpd tcp-wrapper) $(use_enable command-args)"
+	fi
+
+	econf \
+		--libexecdir=/usr/$(get_libdir)/nagios/plugins \
+		--localstatedir=/var/nagios \
+		--sysconfdir=/etc/nagios \
+		--with-nrpe-user=nagios \
+		--with-nrpe-group=nagios \
+		$(use_enable ssl) \
+		${myconf}
+}
+
+src_compile() {
+	emake -C src check_nrpe $(use minimal || echo nrpe)
+
+	# Add nifty nrpe check tool
+	$(tc-getCC) ${CPPFLAGS} ${CFLAGS} \
+		-DCOMMAND_FILE=\"${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}\" \
+		-DSERVICES_FILE=\"${NAGIOS_SERVICES_FILE:-/etc/services.cfg}\" \
+		${LDFLAGS} -o nrpe_check_control contrib/nrpe_check_control.c || die
+}
+
+src_install() {
+	dodoc LEGAL Changelog README SECURITY \
+		contrib/README.nrpe_check_control \
+		$(use ssl && echo README.SSL)
+
+	exeinto /usr/$(get_libdir)/nagios/plugins
+	doexe src/check_nrpe nrpe_check_control
+
+	use minimal && return 0
+
+	## NON-MINIMAL INSTALL FOLLOWS ##
+
+	insinto /etc/nagios
+	newins sample-config/nrpe.cfg nrpe.cfg
+	fowners root:nagios /etc/nagios/nrpe.cfg
+	fperms 0640 /etc/nagios/nrpe.cfg
+
+	exeinto /usr/libexec
+	doexe src/nrpe
+
+	newinitd "${FILESDIR}"/nrpe.init nrpe
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	insinto /etc/xinetd.d/
+	newins "${FILESDIR}/nrpe.xinetd.2" nrpe
+
+	if use tcpd; then
+		sed -i -e '/^reload()/, /^}/ d' -e '/extra_started_commands/s:reload::' \
+			"${D}"/etc/init.d/nrpe
+	fi
+}
+
+pkg_postinst() {
+	elog "If you are using the nrpe daemon, remember to edit"
+	elog "the config file /etc/nagios/nrpe.cfg"
+
+	if use command-args ; then
+		ewarn ""
+		ewarn "You have enabled command-args for NRPE. This enables"
+		ewarn "the ability for clients to supply arguments to commands"
+		ewarn "which should be run. "
+		ewarn "THIS IS CONSIDERED A SECURITY RISK!"
+		ewarn "Please read /usr/share/doc/${PF}/SECURITY.bz2 for more info"
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/, net-analyzer/nrpe/files/

[Michael Orlitzky]

commit:     563a03380b72349d215d57be76f7c5de3e3a24d3
Author:     Tomas Mozes <hydrapolic <AT> gmail <DOT> com>
AuthorDate: Thu Jun 29 13:41:58 2017 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Sat Jul 15 19:15:13 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=563a0338

net-analyzer/nrpe: bump to 3.2.0, drop old

Package-Manager: Portage-2.3.6, Repoman-2.3.2

Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 net-analyzer/nrpe/Manifest                                   | 2 +-
 net-analyzer/nrpe/files/{nrpe-3.1.1.init => nrpe-3.2.0.init} | 0
 net-analyzer/nrpe/{nrpe-3.1.1.ebuild => nrpe-3.2.0.ebuild}   | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest
index 1ec17f2638d..9142d44c45a 100644
--- a/net-analyzer/nrpe/Manifest
+++ b/net-analyzer/nrpe/Manifest
@@ -1,2 +1,2 @@
 DIST nrpe-2.15.tar.gz 419695 SHA256 66383b7d367de25ba031d37762d83e2b55de010c573009c6f58270b137131072 SHA512 03ce9774b5112d03235dc9da075770d89d1bcc5ffa5faf221ff7ea8ec5c92ded1e1ae9222581a87cf53736d190ac047e1acce7edc2f31f26c432d786cdef0e73 WHIRLPOOL f97ad7431138fd96588bb4e9d13404a0425bbdb8582c7c472cb20621bb77a9e9ecdeed88b9247ea20815da33c5b123368a540c5a0a058921e59367c2ce2a2b10
-DIST nrpe-3.1.1.tar.gz 515215 SHA256 cfb3d4fb036e81cbb8a6d9c34f24b7d9395ecfaa55234a0572382ea30c54fd8d SHA512 1d4cb6e35ad88f1dcd66b552ac1b3892cbd894f182b2ab35929bb656423187a7e93ac3e9c812a72f10aaecd0924fc7bc36719abbeec2d65363534830972b5d92 WHIRLPOOL f77db69c351488ea2e83d60094f82447c1bf4adea9da0cff2264346fdc7679941fb148546bd290da3d498851f84859164ac13c55e58e24785f808309bb8e14ae
+DIST nrpe-3.2.0.tar.gz 517743 SHA256 6f4a0cfe1d7b7b38e43f9f87909f5cb1e3a7150a2ccfc0a6822e3b1e7d76cf8e SHA512 a2fe7971ce0ab1bdc55cdecb96d096b45db493cfefdb414930a1eb4cf99b92660a99784d14e6e9dc0b951769cf14f066507ee8b0fec0aa13d46288dcc069d473 WHIRLPOOL 5094f04a2e7672c1489a7364c6bb5c20e1f33477e6df22974ed44cfa97839174d537b309bb8f196f74ecc04f643f71e2f77adafd7d9027c1a84356c52f5aa23f

diff --git a/net-analyzer/nrpe/files/nrpe-3.1.1.init b/net-analyzer/nrpe/files/nrpe-3.2.0.init
similarity index 100%
rename from net-analyzer/nrpe/files/nrpe-3.1.1.init
rename to net-analyzer/nrpe/files/nrpe-3.2.0.init

diff --git a/net-analyzer/nrpe/nrpe-3.1.1.ebuild b/net-analyzer/nrpe/nrpe-3.2.0.ebuild
similarity index 97%
rename from net-analyzer/nrpe/nrpe-3.1.1.ebuild
rename to net-analyzer/nrpe/nrpe-3.2.0.ebuild
index 6ad8fe398f1..47ab35e74b4 100644
--- a/net-analyzer/nrpe/nrpe-3.1.1.ebuild
+++ b/net-analyzer/nrpe/nrpe-3.2.0.ebuild
@@ -42,7 +42,7 @@ src_compile() {
 src_install() {
 	default
 
-	dodoc Changelog SECURITY.md
+	dodoc CHANGELOG.md SECURITY.md
 	insinto /etc/nagios
 	newins sample-config/nrpe.cfg nrpe.cfg
 	fowners root:nagios /etc/nagios/nrpe.cfg

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/, net-analyzer/nrpe/files/

[Michael Orlitzky]

commit:     2ddfa65c2244d92429897a51b1d8a8e3dc8a92dc
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 30 12:26:56 2018 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Sun Sep 30 12:27:53 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ddfa65c

net-analyzer/nrpe: new revision to eliminate PID files with systemd.

The NRPE systemd service is "simple," which means that it runs in the
foreground. As a result, no PID file is needed to later kill it.
Nevertheless, the systemd service file that ships with NRPE tries to
create one. And in order to do that, it messes with some permissions
(Gentoo bug 648992) that shouldn't be messed with. This commit adds a
patch to remove the PID file from the service.

A related problem that this revision fixes is the automagic detection
of the operating system, distribution, and init system by the NRPE
autotools. The new revision hard-codes all of these to "unknown,"
which should result in behavior that is consistent across machines. In
particular, it should cause the problematic tmpfiles.d entry
(associated with the PID file) to not be installed.

Bug: https://bugs.gentoo.org/648992
Package-Manager: Portage-2.3.49, Repoman-2.3.10
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 .../files/nrpe-3.2.1-eliminate-systemd-pid.patch   | 38 +++++++++
 net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild             | 89 ++++++++++++++++++++++
 2 files changed, 127 insertions(+)

diff --git a/net-analyzer/nrpe/files/nrpe-3.2.1-eliminate-systemd-pid.patch b/net-analyzer/nrpe/files/nrpe-3.2.1-eliminate-systemd-pid.patch
new file mode 100644
index 00000000000..6ee520dfa69
--- /dev/null
+++ b/net-analyzer/nrpe/files/nrpe-3.2.1-eliminate-systemd-pid.patch
@@ -0,0 +1,38 @@
+From c4ad513294e8db25ebaf25127948cce37c13e1b2 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 29 Sep 2018 20:23:53 -0400
+Subject: [PATCH 1/1] startup/default-service.in: remove PIDFile and
+ ExecStopPost lines.
+
+The nrpe systemd service is a "simple" service, which means that it
+runs in the foreground and doesn't need any PID file tracking to begin
+with. The tmpfiles.d entry associated with the PID file is causing
+problems in Gentoo bug 648992, and so as a prerequisite for deleting
+it, this commit eliminates the PID file.
+
+Bug: https://bugs.gentoo.org/648992
+Bug: https://github.com/NagiosEnterprises/nrpe/issues/188
+---
+ startup/default-service.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/startup/default-service.in b/startup/default-service.in
+index b6c6063..110a0cd 100644
+--- a/startup/default-service.in
++++ b/startup/default-service.in
+@@ -11,12 +11,10 @@ WantedBy=multi-user.target
+ [Service]
+ Type=simple
+ Restart=on-abort
+-PIDFile=@piddir@/nrpe.pid
+ RuntimeDirectory=nrpe
+ RuntimeDirectoryMode=0755
+ ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f
+ ExecReload=/bin/kill -HUP $MAINPID
+-ExecStopPost=/bin/rm -f @piddir@/nrpe.pid
+ TimeoutStopSec=60
+ User=@nrpe_user@
+ Group=@nrpe_group@
+-- 
+2.16.4
+

diff --git a/net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild b/net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild
new file mode 100644
index 00000000000..af8c100f0f3
--- /dev/null
+++ b/net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit systemd user
+
+DESCRIPTION="Nagios Remote Plugin Executor"
+HOMEPAGE="https://github.com/NagiosEnterprises/nrpe"
+SRC_URI="${HOMEPAGE}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="command-args libressl selinux ssl"
+
+DEPEND="sys-apps/tcp-wrappers
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)"
+RDEPEND="${DEPEND}
+	|| ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins )
+	selinux? ( sec-policy/selinux-nagios )"
+
+PATCHES=( "${FILESDIR}/nrpe-3.2.1-eliminate-systemd-pid.patch" )
+
+pkg_setup() {
+	enewgroup nagios
+	enewuser nagios -1 /bin/bash /var/nagios/home nagios
+}
+
+src_configure() {
+	# The configure script tries to detect what OS, distribution, and
+	# init system you're running and changes the build/install process
+	# depending on what it comes up with. We specify fixed values
+	# because we don't want it guessing, for example, whether or not
+	# to install the tmpfiles.d entry based on whether or not systemd
+	# is currently running (OpenRC uses them too).
+	econf \
+		--libexecdir=/usr/$(get_libdir)/nagios/plugins \
+		--localstatedir=/var/nagios \
+		--sysconfdir=/etc/nagios \
+		--with-nrpe-user=nagios \
+		--with-nrpe-group=nagios \
+		--with-piddir=/run \
+		--with-opsys=unknown \
+		--with-dist-type=unknown \
+		--with-init-type=unknown \
+		--with-inetd-type=unknown \
+		$(use_enable command-args) \
+		$(use_enable ssl)
+}
+
+src_compile() {
+	emake all
+}
+
+src_install() {
+	default
+
+	dodoc CHANGELOG.md SECURITY.md
+	insinto /etc/nagios
+	newins sample-config/nrpe.cfg nrpe.cfg
+	fowners root:nagios /etc/nagios/nrpe.cfg
+	fperms 0640 /etc/nagios/nrpe.cfg
+
+	newinitd "startup/openrc-init" nrpe
+	newconfd "startup/openrc-conf" nrpe
+	systemd_newunit "startup/default-service" "${PN}.service"
+
+	insinto /etc/xinetd.d/
+	newins "${FILESDIR}/nrpe.xinetd.2" nrpe
+
+	rm "${D}/usr/bin/nrpe-uninstall" || die 'failed to remove uninstall tool'
+}
+
+pkg_postinst(){
+	elog 'Some users have reported incompatibilities between nrpe-2.x and'
+	elog 'nrpe-3.x. We recommend that you use the same major version for'
+	elog 'both your server and clients.'
+
+	if use command-args ; then
+		ewarn ''
+		ewarn 'You have enabled command-args for NRPE. That lets clients'
+		ewarn 'supply arguments to the commands that are run, and IS A'
+		ewarn 'SECURITY RISK!'
+		ewarn''
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/, net-analyzer/nrpe/files/

[John Helmert III]

commit:     1df43041963603de62674b76888b68ddae5ee97f
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Mon Feb  8 16:55:39 2021 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Wed Mar 10 15:39:51 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1df43041

net-analyzer/nrpe: version bump + add USE=tcpd

This includes a patch for ./configure that has also been submitted
upstream:

https://github.com/NagiosEnterprises/nrpe/pull/247

Dropped libressl support.

Closes:  https://bugs.gentoo.org/698794
Closes:  https://bugs.gentoo.org/737038
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/19376
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 net-analyzer/nrpe/Manifest                         |   1 +
 .../nrpe/files/nrpe-4.0.2-disable-tcpd.patch       |  62 +++++++++++++
 net-analyzer/nrpe/nrpe-4.0.3.ebuild                | 101 +++++++++++++++++++++
 3 files changed, 164 insertions(+)

diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest
index 4fab8d8b80d..b156a037513 100644
--- a/net-analyzer/nrpe/Manifest
+++ b/net-analyzer/nrpe/Manifest
@@ -1,2 +1,3 @@
 DIST nrpe-4.0.0.tar.gz 523846 BLAKE2B 850a420f0550e1dfe6b0ea98a9d9cafec0ec583c115be89b3ba8e88a309c40226c87f6ae880d12c582822e492c5991e3d2444b68f5644750fc74ad75596c96fd SHA512 8773102f28f3e7e96f3637e77489eb12ffe88fe839abfe3f150d2eb3d2efe05f7f812ab4d52a64cbd8d0a5e491aed93d5300b7ce9a8dd072b3a00d885b91276b
 DIST nrpe-4.0.2.tar.gz 524146 BLAKE2B dc100579420eeccaaa2a913f56c76b86b6ebdce8d1afdddcc428bfd4a8c12ad19050ab0395e7a109d4e8b43ca7d6a11e13ec4a4250a91483e37725c184382ca2 SHA512 4d7cf6abc974bc79df54afc42644418e3f086a279c8c17d0fd104f19e3c21c0f3dae4fb4268dd134446ff9fe505159b0446372c5cac71cfe03a97479ed41c09b
+DIST nrpe-4.0.3.tar.gz 524160 BLAKE2B d2c99cadf718e7049c911388b105fb4f5248307c733d94a73fd02ac69c49be230dad58be0a182af9c8d7e0d1f34e8dba6b8fc46a7c01eb15d845f2b3a54499ed SHA512 31d932c481c8a53bd0f8865fb3cfeeb1466b9b05fa89382aa056aa9343a09843b51fe5398fd0388e6bba99e9c3d8093f6033799fd83afd43012bfe8fdc5a33e3

diff --git a/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch b/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch
new file mode 100644
index 00000000000..7140c43d7e8
--- /dev/null
+++ b/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch
@@ -0,0 +1,62 @@
+Stripped ./configure portion for Gentoo, instead relying on eautoreconf.
+
+From 8bce40cff68c0a7d88b465eb345267ad5176461a Mon Sep 17 00:00:00 2001
+From: Jaco Kroon <jaco@iewc.co.za>
+Date: Mon, 8 Feb 2021 17:07:30 +0200
+Subject: [PATCH] Patch to allow passing --enable-tcpd or --disable-tcpd.
+
+If passing --enable-tcpd and libwrap is not available, ./configure will
+fail.
+
+If passing --disable-tcpd, libwrap will be completely ignore.
+
+If not passed, current behaviour still applies.
+
+Signed-off-by: Jaco Kroon <jaco@iewc.co.za>
+---
+ configure.ac | 28 +++++++++++++++++++++++-----
+ 2 files changed, 52 insertions(+), 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 3981bb0..e3c1a15 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -237,12 +237,30 @@ AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OT
+ dnl Checks for library functions.
+ AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl")
+ AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket")
+-AC_CHECK_LIB(wrap,main,[
+-	LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
+-	AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
+-	AC_TRY_LINK([#include <tcpd.h>
+-		],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT))
++
++AC_ARG_ENABLE([tcpd],
++	AS_HELP_STRING([--disable-tcpd],[disables support for tcpd even if present]),[
++	if test x$enableval = xyes; then
++		check_for_tcpd=yes
++	else
++		check_for_tcpd=no
++	fi
++	],check_for_tcpd=optional)
++
++AC_MSG_CHECKING(check_for_tcpd=$check_for_tcpd)
++if test x$check_for_tcpd != xno; then
++	AC_CHECK_LIB(wrap,main,[
++		LIBWRAPLIBS="$LIBWRAPLIBS -lwrap"
++		AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library])
++		AC_TRY_LINK([#include <tcpd.h>
++			],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT))
++	],[
++		if test x$check_for_tcpd = xyes; then
++			AC_MSG_ERROR(--enable-tcpd specified but unable to locate libwrap.)
++		fi
+ 	])
++fi
++
+ AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir)
+ 
+ dnl socklen_t check - from curl
+-- 
+2.26.2
+

diff --git a/net-analyzer/nrpe/nrpe-4.0.3.ebuild b/net-analyzer/nrpe/nrpe-4.0.3.ebuild
new file mode 100644
index 00000000000..5cbe3d9a63b
--- /dev/null
+++ b/net-analyzer/nrpe/nrpe-4.0.3.ebuild
@@ -0,0 +1,101 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools systemd
+
+DESCRIPTION="Nagios Remote Plugin Executor"
+HOMEPAGE="https://github.com/NagiosEnterprises/nrpe"
+SRC_URI="https://github.com/NagiosEnterprises/nrpe/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="command-args selinux ssl tcpd"
+
+DEPEND="acct-group/nagios
+	acct-user/nagios
+	tcpd? (
+		sys-apps/tcp-wrappers
+	)
+	ssl? (
+		dev-libs/openssl:=
+	)"
+RDEPEND="${DEPEND}
+	|| ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins )
+	selinux? ( sec-policy/selinux-nagios )"
+
+PATCHES=(
+	"${FILESDIR}/nrpe-3.2.1-eliminate-systemd-pid.patch"
+	"${FILESDIR}/nrpe-4.0.2-disable-tcpd.patch"
+)
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# The configure script tries to detect what OS, distribution, and
+	# init system you're running and changes the build/install process
+	# depending on what it comes up with. We specify fixed values
+	# because we don't want it guessing, for example, whether or not
+	# to install the tmpfiles.d entry based on whether or not systemd
+	# is currently running (OpenRC uses them too).
+	#
+	# Note: upstream defaults to using "nagios" as the default NRPE
+	# user and group. I have a feeling that this isn't quite correct
+	# on a system where "nagios" is also the user running the nagios
+	# server daemon. In the future, it would be nice if someone who
+	# actually uses NRPE could test with an unprivileged "nrpe" as
+	# the user and group.
+	econf \
+		--libexecdir=/usr/$(get_libdir)/nagios/plugins \
+		--localstatedir=/var/lib/nagios \
+		--sysconfdir=/etc/nagios \
+		--with-nrpe-user=nagios \
+		--with-nrpe-group=nagios \
+		--with-piddir=/run \
+		--with-opsys=unknown \
+		--with-dist-type=unknown \
+		--with-init-type=unknown \
+		--with-inetd-type=unknown \
+		$(use_enable command-args) \
+		$(use_enable ssl) \
+		$(use_enable tcpd)
+}
+
+src_compile() {
+	emake all
+}
+
+src_install() {
+	default
+
+	dodoc CHANGELOG.md SECURITY.md
+	insinto /etc/nagios
+	newins sample-config/nrpe.cfg nrpe.cfg
+	fowners root:nagios /etc/nagios/nrpe.cfg
+	fperms 0640 /etc/nagios/nrpe.cfg
+
+	newinitd "startup/openrc-init" nrpe
+	newconfd "startup/openrc-conf" nrpe
+	systemd_newunit "startup/default-service" "${PN}.service"
+
+	insinto /etc/xinetd.d/
+	newins "${FILESDIR}/nrpe.xinetd.2" nrpe
+
+	rm "${ED}/usr/bin/nrpe-uninstall" || die 'failed to remove uninstall tool'
+	rm -r "${ED}/run" || die 'failed to remove /run'
+}
+
+pkg_postinst() {
+	if use command-args ; then
+		ewarn ''
+		ewarn 'You have enabled command-args for NRPE. That lets clients'
+		ewarn 'supply arguments to the commands that are run, and IS A'
+		ewarn 'SECURITY RISK!'
+		ewarn ''
+	fi
+}