From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 777371382C5 for ; Wed, 10 Mar 2021 15:40:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BED4EE0848; Wed, 10 Mar 2021 15:40:26 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 79D91E0848 for ; Wed, 10 Mar 2021 15:40:26 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id CBC8C335D24 for ; Wed, 10 Mar 2021 15:40:24 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 38734573 for ; Wed, 10 Mar 2021 15:40:23 +0000 (UTC) From: "John Helmert III" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "John Helmert III" Message-ID: <1615390791.1df43041963603de62674b76888b68ddae5ee97f.ajak@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nrpe/, net-analyzer/nrpe/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-analyzer/nrpe/Manifest net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch net-analyzer/nrpe/nrpe-4.0.3.ebuild X-VCS-Directories: net-analyzer/nrpe/ net-analyzer/nrpe/files/ X-VCS-Committer: ajak X-VCS-Committer-Name: John Helmert III X-VCS-Revision: 1df43041963603de62674b76888b68ddae5ee97f X-VCS-Branch: master Date: Wed, 10 Mar 2021 15:40:23 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 71c3b4c6-7e65-46aa-a052-bf367f1da585 X-Archives-Hash: 204e1b6348051613ad638d010174b4bc commit: 1df43041963603de62674b76888b68ddae5ee97f Author: Jaco Kroon uls co za> AuthorDate: Mon Feb 8 16:55:39 2021 +0000 Commit: John Helmert III gentoo org> CommitDate: Wed Mar 10 15:39:51 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1df43041 net-analyzer/nrpe: version bump + add USE=tcpd This includes a patch for ./configure that has also been submitted upstream: https://github.com/NagiosEnterprises/nrpe/pull/247 Dropped libressl support. Closes: https://bugs.gentoo.org/698794 Closes: https://bugs.gentoo.org/737038 Signed-off-by: Jaco Kroon uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/19376 Signed-off-by: John Helmert III gentoo.org> net-analyzer/nrpe/Manifest | 1 + .../nrpe/files/nrpe-4.0.2-disable-tcpd.patch | 62 +++++++++++++ net-analyzer/nrpe/nrpe-4.0.3.ebuild | 101 +++++++++++++++++++++ 3 files changed, 164 insertions(+) diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest index 4fab8d8b80d..b156a037513 100644 --- a/net-analyzer/nrpe/Manifest +++ b/net-analyzer/nrpe/Manifest @@ -1,2 +1,3 @@ DIST nrpe-4.0.0.tar.gz 523846 BLAKE2B 850a420f0550e1dfe6b0ea98a9d9cafec0ec583c115be89b3ba8e88a309c40226c87f6ae880d12c582822e492c5991e3d2444b68f5644750fc74ad75596c96fd SHA512 8773102f28f3e7e96f3637e77489eb12ffe88fe839abfe3f150d2eb3d2efe05f7f812ab4d52a64cbd8d0a5e491aed93d5300b7ce9a8dd072b3a00d885b91276b DIST nrpe-4.0.2.tar.gz 524146 BLAKE2B dc100579420eeccaaa2a913f56c76b86b6ebdce8d1afdddcc428bfd4a8c12ad19050ab0395e7a109d4e8b43ca7d6a11e13ec4a4250a91483e37725c184382ca2 SHA512 4d7cf6abc974bc79df54afc42644418e3f086a279c8c17d0fd104f19e3c21c0f3dae4fb4268dd134446ff9fe505159b0446372c5cac71cfe03a97479ed41c09b +DIST nrpe-4.0.3.tar.gz 524160 BLAKE2B d2c99cadf718e7049c911388b105fb4f5248307c733d94a73fd02ac69c49be230dad58be0a182af9c8d7e0d1f34e8dba6b8fc46a7c01eb15d845f2b3a54499ed SHA512 31d932c481c8a53bd0f8865fb3cfeeb1466b9b05fa89382aa056aa9343a09843b51fe5398fd0388e6bba99e9c3d8093f6033799fd83afd43012bfe8fdc5a33e3 diff --git a/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch b/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch new file mode 100644 index 00000000000..7140c43d7e8 --- /dev/null +++ b/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch @@ -0,0 +1,62 @@ +Stripped ./configure portion for Gentoo, instead relying on eautoreconf. + +From 8bce40cff68c0a7d88b465eb345267ad5176461a Mon Sep 17 00:00:00 2001 +From: Jaco Kroon +Date: Mon, 8 Feb 2021 17:07:30 +0200 +Subject: [PATCH] Patch to allow passing --enable-tcpd or --disable-tcpd. + +If passing --enable-tcpd and libwrap is not available, ./configure will +fail. + +If passing --disable-tcpd, libwrap will be completely ignore. + +If not passed, current behaviour still applies. + +Signed-off-by: Jaco Kroon +--- + configure.ac | 28 +++++++++++++++++++++++----- + 2 files changed, 52 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 3981bb0..e3c1a15 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -237,12 +237,30 @@ AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OT + dnl Checks for library functions. + AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl") + AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket") +-AC_CHECK_LIB(wrap,main,[ +- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" +- AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library]) +- AC_TRY_LINK([#include +- ],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT)) ++ ++AC_ARG_ENABLE([tcpd], ++ AS_HELP_STRING([--disable-tcpd],[disables support for tcpd even if present]),[ ++ if test x$enableval = xyes; then ++ check_for_tcpd=yes ++ else ++ check_for_tcpd=no ++ fi ++ ],check_for_tcpd=optional) ++ ++AC_MSG_CHECKING(check_for_tcpd=$check_for_tcpd) ++if test x$check_for_tcpd != xno; then ++ AC_CHECK_LIB(wrap,main,[ ++ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" ++ AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library]) ++ AC_TRY_LINK([#include ++ ],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT)) ++ ],[ ++ if test x$check_for_tcpd = xyes; then ++ AC_MSG_ERROR(--enable-tcpd specified but unable to locate libwrap.) ++ fi + ]) ++fi ++ + AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir) + + dnl socklen_t check - from curl +-- +2.26.2 + diff --git a/net-analyzer/nrpe/nrpe-4.0.3.ebuild b/net-analyzer/nrpe/nrpe-4.0.3.ebuild new file mode 100644 index 00000000000..5cbe3d9a63b --- /dev/null +++ b/net-analyzer/nrpe/nrpe-4.0.3.ebuild @@ -0,0 +1,101 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools systemd + +DESCRIPTION="Nagios Remote Plugin Executor" +HOMEPAGE="https://github.com/NagiosEnterprises/nrpe" +SRC_URI="https://github.com/NagiosEnterprises/nrpe/releases/download/${P}/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="command-args selinux ssl tcpd" + +DEPEND="acct-group/nagios + acct-user/nagios + tcpd? ( + sys-apps/tcp-wrappers + ) + ssl? ( + dev-libs/openssl:= + )" +RDEPEND="${DEPEND} + || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins ) + selinux? ( sec-policy/selinux-nagios )" + +PATCHES=( + "${FILESDIR}/nrpe-3.2.1-eliminate-systemd-pid.patch" + "${FILESDIR}/nrpe-4.0.2-disable-tcpd.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # The configure script tries to detect what OS, distribution, and + # init system you're running and changes the build/install process + # depending on what it comes up with. We specify fixed values + # because we don't want it guessing, for example, whether or not + # to install the tmpfiles.d entry based on whether or not systemd + # is currently running (OpenRC uses them too). + # + # Note: upstream defaults to using "nagios" as the default NRPE + # user and group. I have a feeling that this isn't quite correct + # on a system where "nagios" is also the user running the nagios + # server daemon. In the future, it would be nice if someone who + # actually uses NRPE could test with an unprivileged "nrpe" as + # the user and group. + econf \ + --libexecdir=/usr/$(get_libdir)/nagios/plugins \ + --localstatedir=/var/lib/nagios \ + --sysconfdir=/etc/nagios \ + --with-nrpe-user=nagios \ + --with-nrpe-group=nagios \ + --with-piddir=/run \ + --with-opsys=unknown \ + --with-dist-type=unknown \ + --with-init-type=unknown \ + --with-inetd-type=unknown \ + $(use_enable command-args) \ + $(use_enable ssl) \ + $(use_enable tcpd) +} + +src_compile() { + emake all +} + +src_install() { + default + + dodoc CHANGELOG.md SECURITY.md + insinto /etc/nagios + newins sample-config/nrpe.cfg nrpe.cfg + fowners root:nagios /etc/nagios/nrpe.cfg + fperms 0640 /etc/nagios/nrpe.cfg + + newinitd "startup/openrc-init" nrpe + newconfd "startup/openrc-conf" nrpe + systemd_newunit "startup/default-service" "${PN}.service" + + insinto /etc/xinetd.d/ + newins "${FILESDIR}/nrpe.xinetd.2" nrpe + + rm "${ED}/usr/bin/nrpe-uninstall" || die 'failed to remove uninstall tool' + rm -r "${ED}/run" || die 'failed to remove /run' +} + +pkg_postinst() { + if use command-args ; then + ewarn '' + ewarn 'You have enabled command-args for NRPE. That lets clients' + ewarn 'supply arguments to the commands that are run, and IS A' + ewarn 'SECURITY RISK!' + ewarn '' + fi +}