- create a specific user:group for stunnel

- fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-30 23:54:52 +00:00 · 2009-10-30 23:54:52 +00:00 · 278145991d
commit 278145991d
parent 9b915a3bb4
2 changed files with 36 additions and 8 deletions
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.66 2009/07/10 11:23:10 tron Exp $
+# $NetBSD: Makefile,v 1.67 2009/10/30 23:54:52 jym Exp $

 DISTNAME=		stunnel-4.27
+PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.fu-berlin.de/unix/security/stunnel/ \
 			ftp://stunnel.mirt.net/stunnel/ \
@ -13,6 +14,7 @@ LICENSE=		gnu-gpl-v2

 PKG_DESTDIR_SUPPORT=	user-destdir

+BUILD_DEFS+=		VARBASE
 USE_LIBTOOL=		yes
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
@ -21,12 +23,38 @@ CONFIGURE_ARGS+=	--with-cert-dir=${SSLCERTS:Q}
 CONFIGURE_ARGS+=	--with-pem-dir=${SSLCERTS:Q}
 CONFIGURE_ARGS+=	--with-ssl=${SSLBASE:Q}

+STUNNEL_USER?=		stunnel
+STUNNEL_GROUP?=		stunnel
+PKG_HOME?=		${VARBASE}/chroot/stunnel
+PKG_USERS=		${STUNNEL_USER}:${STUNNEL_GROUP}::Stunnel:${PKG_HOME}
+PKG_GROUPS=		${STUNNEL_GROUP}
+USER_GROUP=		${STUNNEL_USER} ${STUNNEL_GROUP}
+
 PKG_SYSCONFSUBDIR=	stunnel
+PKG_SYSCONFDIR_PERMS=	${USER_GROUP} 0700
+
+OWN_DIRS_PERMS=		${PKG_HOME} ${USER_GROUP} 0700
+CONF_FILES_PERMS+=	${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
+			    ${PKG_SYSCONFDIR}/stunnel.conf ${USER_GROUP} 0644

 RCD_SCRIPTS=		stunnel
+
 REPLACE_PERL+=		src/stunnel3.in
 USE_TOOLS+=		perl:run

+SUBST_CLASSES+=		chroot
+SUBST_MESSAGE.chroot=	Fix chroot path
+SUBST_STAGE.chroot=	pre-configure
+SUBST_FILES.chroot=	tools/stunnel.conf-sample.in
+SUBST_SED.chroot+=	-e 's|@prefix@/var/lib|@localstatedir@/chroot|'
+
+SUBST_CLASSES+=		stunnel
+SUBST_MESSAGE.stunnel=	Fix user and group
+SUBST_STAGE.stunnel=	post-configure
+SUBST_FILES.stunnel=	tools/stunnel.conf-sample
+SUBST_SED.stunnel=	-e 's|setuid = nobody|setuid = ${STUNNEL_USER}|'
+SUBST_SED.stunnel+=	-e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|'
+
 .include "options.mk"

 .include "../../security/openssl/buildlink3.mk"
--- a/security/stunnel/options.mk
+++ b/security/stunnel/options.mk
@ -1,14 +1,14 @@
-# $NetBSD: options.mk,v 1.6 2008/10/17 07:31:58 adam Exp $
+# $NetBSD: options.mk,v 1.7 2009/10/30 23:54:52 jym Exp $

 PKG_OPTIONS_VAR=	PKG_OPTIONS.stunnel
-PKG_SUPPORTED_OPTIONS=	inet6 pthread libwrap
-PKG_SUGGESTED_OPTIONS=	libwrap
+PKG_SUPPORTED_OPTIONS=	inet6 threads tcpwrappers
+PKG_SUGGESTED_OPTIONS=	tcpwrappers
 CHECK_BUILTIN.pthread:=		yes
 .include "../../mk/pthread.builtin.mk"
 CHECK_BUILTIN.pthread:=		no

 .if !empty(BUILTIN_LIB_FOUND.pthread:M[yY][eE][sS])
-PKG_SUGGESTED_OPTIONS+=	pthread
+PKG_SUGGESTED_OPTIONS+=	threads
 .endif

 .include "../../mk/bsd.options.mk"
@ -25,7 +25,7 @@ CONFIGURE_ARGS+=	--disable-ipv6
 ###
 ### Support pthreads
 ###
-.if !empty(PKG_OPTIONS:Mpthread)
+.if !empty(PKG_OPTIONS:Mthreads)
 PTHREAD_AUTO_VARS=	yes
 .include "../../mk/pthread.buildlink3.mk"
 CONFIGURE_ARGS+=	--with-threads=pthread
@ -34,9 +34,9 @@ CONFIGURE_ARGS+=	--with-threads=fork
 .endif

 ###
-### Support libwrap
+### Support tcp_wrappers
 ###
-.if !empty(PKG_OPTIONS:Mlibwrap)
+.if !empty(PKG_OPTIONS:Mtcpwrappers)
 .include "../../security/tcp_wrappers/buildlink3.mk"
 .else
 CONFIGURE_ARGS+=	--disable-libwrap