From 278145991d581bb0ef815b99f586b0c429622014 Mon Sep 17 00:00:00 2001 From: jym Date: Fri, 30 Oct 2009 23:54:52 +0000 Subject: [PATCH] - create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION. --- security/stunnel/Makefile | 30 +++++++++++++++++++++++++++++- security/stunnel/options.mk | 14 +++++++------- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index 88141231cc19..5eaa1bdff1ca 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.66 2009/07/10 11:23:10 tron Exp $ +# $NetBSD: Makefile,v 1.67 2009/10/30 23:54:52 jym Exp $ DISTNAME= stunnel-4.27 +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.fu-berlin.de/unix/security/stunnel/ \ ftp://stunnel.mirt.net/stunnel/ \ @@ -13,6 +14,7 @@ LICENSE= gnu-gpl-v2 PKG_DESTDIR_SUPPORT= user-destdir +BUILD_DEFS+= VARBASE USE_LIBTOOL= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+= --localstatedir=${VARBASE} @@ -21,12 +23,38 @@ CONFIGURE_ARGS+= --with-cert-dir=${SSLCERTS:Q} CONFIGURE_ARGS+= --with-pem-dir=${SSLCERTS:Q} CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q} +STUNNEL_USER?= stunnel +STUNNEL_GROUP?= stunnel +PKG_HOME?= ${VARBASE}/chroot/stunnel +PKG_USERS= ${STUNNEL_USER}:${STUNNEL_GROUP}::Stunnel:${PKG_HOME} +PKG_GROUPS= ${STUNNEL_GROUP} +USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP} + PKG_SYSCONFSUBDIR= stunnel +PKG_SYSCONFDIR_PERMS= ${USER_GROUP} 0700 + +OWN_DIRS_PERMS= ${PKG_HOME} ${USER_GROUP} 0700 +CONF_FILES_PERMS+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \ + ${PKG_SYSCONFDIR}/stunnel.conf ${USER_GROUP} 0644 RCD_SCRIPTS= stunnel + REPLACE_PERL+= src/stunnel3.in USE_TOOLS+= perl:run +SUBST_CLASSES+= chroot +SUBST_MESSAGE.chroot= Fix chroot path +SUBST_STAGE.chroot= pre-configure +SUBST_FILES.chroot= tools/stunnel.conf-sample.in +SUBST_SED.chroot+= -e 's|@prefix@/var/lib|@localstatedir@/chroot|' + +SUBST_CLASSES+= stunnel +SUBST_MESSAGE.stunnel= Fix user and group +SUBST_STAGE.stunnel= post-configure +SUBST_FILES.stunnel= tools/stunnel.conf-sample +SUBST_SED.stunnel= -e 's|setuid = nobody|setuid = ${STUNNEL_USER}|' +SUBST_SED.stunnel+= -e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|' + .include "options.mk" .include "../../security/openssl/buildlink3.mk" diff --git a/security/stunnel/options.mk b/security/stunnel/options.mk index 23aa6d2c54da..b14affd8f448 100644 --- a/security/stunnel/options.mk +++ b/security/stunnel/options.mk @@ -1,14 +1,14 @@ -# $NetBSD: options.mk,v 1.6 2008/10/17 07:31:58 adam Exp $ +# $NetBSD: options.mk,v 1.7 2009/10/30 23:54:52 jym Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.stunnel -PKG_SUPPORTED_OPTIONS= inet6 pthread libwrap -PKG_SUGGESTED_OPTIONS= libwrap +PKG_SUPPORTED_OPTIONS= inet6 threads tcpwrappers +PKG_SUGGESTED_OPTIONS= tcpwrappers CHECK_BUILTIN.pthread:= yes .include "../../mk/pthread.builtin.mk" CHECK_BUILTIN.pthread:= no .if !empty(BUILTIN_LIB_FOUND.pthread:M[yY][eE][sS]) -PKG_SUGGESTED_OPTIONS+= pthread +PKG_SUGGESTED_OPTIONS+= threads .endif .include "../../mk/bsd.options.mk" @@ -25,7 +25,7 @@ CONFIGURE_ARGS+= --disable-ipv6 ### ### Support pthreads ### -.if !empty(PKG_OPTIONS:Mpthread) +.if !empty(PKG_OPTIONS:Mthreads) PTHREAD_AUTO_VARS= yes .include "../../mk/pthread.buildlink3.mk" CONFIGURE_ARGS+= --with-threads=pthread @@ -34,9 +34,9 @@ CONFIGURE_ARGS+= --with-threads=fork .endif ### -### Support libwrap +### Support tcp_wrappers ### -.if !empty(PKG_OPTIONS:Mlibwrap) +.if !empty(PKG_OPTIONS:Mtcpwrappers) .include "../../security/tcp_wrappers/buildlink3.mk" .else CONFIGURE_ARGS+= --disable-libwrap