1 |
commit: 2402641769a87447a44869d97b79343725a48ec1 |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 30 13:55:01 2017 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 30 14:09:30 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24026417 |
7 |
|
8 |
net-analyzer/nagios-core: new version 4.3.4 for testing. |
9 |
|
10 |
This new version comes with few upstream changes, but I took a flaming |
11 |
sword to the ebuild. Upstream defaults to installing everything as |
12 |
nagios:nagios, and this creates a few easy-to-exploit scenarios. The |
13 |
ebuild will now install everything as root:root where I think we can |
14 |
get away with it, but this is all an experiment. I'll mask this |
15 |
version and ask for help testing. |
16 |
|
17 |
Package-Manager: Portage-2.3.6, Repoman-2.3.1 |
18 |
|
19 |
net-analyzer/nagios-core/Manifest | 1 + |
20 |
net-analyzer/nagios-core/nagios-core-4.3.4.ebuild | 214 ++++++++++++++++++++++ |
21 |
2 files changed, 215 insertions(+) |
22 |
|
23 |
diff --git a/net-analyzer/nagios-core/Manifest b/net-analyzer/nagios-core/Manifest |
24 |
index f1029f0cbd7..ffabb32a4f4 100644 |
25 |
--- a/net-analyzer/nagios-core/Manifest |
26 |
+++ b/net-analyzer/nagios-core/Manifest |
27 |
@@ -1,4 +1,5 @@ |
28 |
DIST nagios-3.5.1.tar.gz 1763584 SHA256 ca9dd68234fa090b3c35ecc8767b2c9eb743977eaf32612fa9b8341cc00a0f99 SHA512 48e2ecb91002b08203937b12a438c87c62cd3c5c401a0ed9e861cd6d79074c7017ed373e9379f013d87dea1fd7cb8e3d85112d55c87ac91aed96b256868c112d WHIRLPOOL 2c02584702c64dbb0e353e34b758fab079eee0dc7a401e7b5947a21733758d3596401e5519e2dd7f05c89ee4835c21965d2718157fd9d6d3d20af9c853d688ca |
29 |
DIST nagios-4.3.1.tar.gz 11095797 SHA256 dfc2f5f146eb508b2a28d28af7c338ef9eb604327efdc50142642026f7e79f82 SHA512 d5f1919e2b32b0b2f4c5766367f0992fcf9b1f6766f4d3386e15e318cc1f57cdae6bc07f09464fd8212bef1713948fcb25d233eab588438036f996b6c479c97e WHIRLPOOL 72032e93802fd28db71bb5a10bba703a9508c587de69ff24ce302ad4fbbd93996b4800ceb7dd4f5648e2717377409cd7a66591f177e775da1c69444d528be1a2 |
30 |
DIST nagios-4.3.3.tar.gz 11101531 SHA256 1fc4c72f76c720884dd3b538dc423b44f3bdde24e014f4212e58046a1fc114b6 SHA512 588292a95342cb2d95d7b58f70442b82b99a23dd9fdc1390e9ae0743626a047e5127d77b1d7e6a1d8edd6f34a425e581bcd42459b673a0ddea14125bde4b7d9e WHIRLPOOL 1452256a79190eae90076a9b50fdac3876557a6382d15d38a0c7930ec6d286c58e44220fee3243c9bcb1ae0ef337ddadd19e3552f02049959e69eaffd9fcd4a8 |
31 |
+DIST nagios-4.3.4.tar.gz 11101966 SHA256 c90b7812d9e343db12be19a572e15c415c5d6353a91c5e226e432c2d4aaa44f1 SHA512 f4e92aa98151739442a225a245871d93b5560d89510bdacb1a615959b9687f7a92675f10fcba71078b104ca8f237b0155a9261d67ec66f80aec7f033b4b3e316 WHIRLPOOL dae991fe44f2d8c5457cffec6647d2b8a7ace60450e0ec2409838aaf1a6f35af1f6c56d260a36cceeede21cfd4521e695146a8c18b38d4e6689d0801d3471157 |
32 |
DIST nagios-core-gentoo-icons-20141125.tar 40960 SHA256 68b715f636eb291343cab3259862bbed8b6b898520b58df522438524de3d8761 SHA512 bf109879cddd6136b76baba55d0b60b2596e37431dcf5ce0905d34a9fa292ebf7e4bde82d9a084362c486e8fac344c76d88f9298b1b85541ed70ffd608493766 WHIRLPOOL 7ec3a944b2a659b456d3168818ca5b1af3a427436e6af2f3e5d6cba6fc7b1c7bad6f552301f064df31988865b3b32fd117d9e6f61c630d6d817a51cbbbcb331d |
33 |
|
34 |
diff --git a/net-analyzer/nagios-core/nagios-core-4.3.4.ebuild b/net-analyzer/nagios-core/nagios-core-4.3.4.ebuild |
35 |
new file mode 100644 |
36 |
index 00000000000..6de6b181b22 |
37 |
--- /dev/null |
38 |
+++ b/net-analyzer/nagios-core/nagios-core-4.3.4.ebuild |
39 |
@@ -0,0 +1,214 @@ |
40 |
+# Copyright 1999-2017 Gentoo Foundation |
41 |
+# Distributed under the terms of the GNU General Public License v2 |
42 |
+ |
43 |
+EAPI=6 |
44 |
+ |
45 |
+inherit toolchain-funcs user |
46 |
+ |
47 |
+MY_P=${PN/-core}-${PV} |
48 |
+DESCRIPTION="Nagios core - monitoring daemon, web GUI, and documentation" |
49 |
+HOMEPAGE="http://www.nagios.org/" |
50 |
+ |
51 |
+# The name of the directory into which our Gentoo icons will be |
52 |
+# extracted, and also the basename of the archive containing it. |
53 |
+GENTOO_ICONS="${PN}-gentoo-icons-20141125" |
54 |
+SRC_URI="mirror://sourceforge/nagios/${MY_P}.tar.gz |
55 |
+ web? ( https://dev.gentoo.org/~mjo/distfiles/${GENTOO_ICONS}.tar )" |
56 |
+ |
57 |
+LICENSE="GPL-2" |
58 |
+SLOT="0" |
59 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" |
60 |
+IUSE="apache2 classicui lighttpd perl +web vim-syntax" |
61 |
+ |
62 |
+# In pkg_postinst(), we change the group of the Nagios configuration |
63 |
+# directory to that of the web server user. It can't belong to both |
64 |
+# apache/lighttpd groups at the same time, so we block this combination |
65 |
+# for our own sanity. |
66 |
+# |
67 |
+# This could be made to work, but we would need a better way to allow |
68 |
+# the web user read-only access to Nagios's configuration directory. |
69 |
+# |
70 |
+REQUIRED_USE="apache2? ( !lighttpd )" |
71 |
+ |
72 |
+# sys-devel/libtool dependency is bug #401237. |
73 |
+# |
74 |
+# Note, we require one of the apache2 CGI modules: |
75 |
+# |
76 |
+# * mod_cgi |
77 |
+# * mod_cgid |
78 |
+# * mod_fcgid |
79 |
+# |
80 |
+# We just don't care /which/ one. And of course PHP supports both CGI |
81 |
+# (USE=cgi) and FastCGI (USE=fpm). We're pretty lenient with the |
82 |
+# dependencies, and expect the user not to do anything /too/ |
83 |
+# stupid. (For example, installing Apache with only FastCGI support, and |
84 |
+# PHP with only CGI support.) |
85 |
+# |
86 |
+# Another annoyance is that the upstream Makefile uses app-arch/unzip to |
87 |
+# extract a snapshot of AngularJS, but that's only needed when USE=web. |
88 |
+# |
89 |
+MOD_ALIAS=apache2_modules_alias |
90 |
+DEPEND="sys-devel/libtool |
91 |
+ virtual/mailx |
92 |
+ perl? ( dev-lang/perl:= ) |
93 |
+ web? ( |
94 |
+ app-arch/unzip |
95 |
+ media-libs/gd[jpeg,png] |
96 |
+ lighttpd? ( www-servers/lighttpd[php] ) |
97 |
+ apache2? ( |
98 |
+ || ( |
99 |
+ >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgi] |
100 |
+ >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgid] |
101 |
+ >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_fcgid] ) |
102 |
+ || ( |
103 |
+ dev-lang/php:*[apache2] |
104 |
+ dev-lang/php:*[cgi] |
105 |
+ dev-lang/php:*[fpm] ) |
106 |
+ ) |
107 |
+ )" |
108 |
+RDEPEND="${DEPEND} |
109 |
+ vim-syntax? ( app-vim/nagios-syntax )" |
110 |
+ |
111 |
+S="${WORKDIR}/${MY_P}" |
112 |
+ |
113 |
+pkg_setup() { |
114 |
+ enewgroup nagios |
115 |
+ enewuser nagios -1 /bin/bash /var/nagios/home nagios |
116 |
+} |
117 |
+ |
118 |
+src_configure() { |
119 |
+ local myconf |
120 |
+ |
121 |
+ if use perl; then |
122 |
+ myconf="${myconf} --enable-embedded-perl --with-perlcache" |
123 |
+ fi |
124 |
+ |
125 |
+ if use !apache2 && use !lighttpd ; then |
126 |
+ myconf="${myconf} --with-command-group=nagios" |
127 |
+ else |
128 |
+ if use apache2 ; then |
129 |
+ myconf="${myconf} --with-command-group=apache" |
130 |
+ myconf="${myconf} --with-httpd-conf=/etc/apache2/conf.d" |
131 |
+ elif use lighttpd ; then |
132 |
+ myconf="${myconf} --with-command-group=lighttpd" |
133 |
+ fi |
134 |
+ fi |
135 |
+ |
136 |
+ econf ${myconf} \ |
137 |
+ --prefix=/usr \ |
138 |
+ --bindir=/usr/sbin \ |
139 |
+ --sbindir=/usr/$(get_libdir)/nagios/cgi-bin \ |
140 |
+ --datadir=/usr/share/nagios/htdocs \ |
141 |
+ --localstatedir=/var/nagios \ |
142 |
+ --sysconfdir=/etc/nagios \ |
143 |
+ --libexecdir=/usr/$(get_libdir)/nagios/plugins |
144 |
+} |
145 |
+ |
146 |
+src_compile() { |
147 |
+ emake CC=$(tc-getCC) nagios |
148 |
+ |
149 |
+ if use web; then |
150 |
+ # Only compile the CGIs/HTML when USE=web is set. |
151 |
+ emake CC=$(tc-getCC) DESTDIR="${D}" cgis html |
152 |
+ fi |
153 |
+} |
154 |
+ |
155 |
+src_install() { |
156 |
+ dodoc Changelog CONTRIBUTING.md README.asciidoc THANKS UPGRADING |
157 |
+ |
158 |
+ # There is no way to install the CGIs unstripped from the top-level |
159 |
+ # makefile, so descend into base/ here. The empty INSTALL_OPTS |
160 |
+ # ensures that root:root: owns the nagios executables. |
161 |
+ cd "${S}/base" || die |
162 |
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-unstripped |
163 |
+ cd "${S}" || die |
164 |
+ |
165 |
+ # Otherwise this gets installed as 770 and you get "access denied" |
166 |
+ # for some reason or other when starting nagios. The permissions |
167 |
+ # on nagiostats are just for consistency (these should both get |
168 |
+ # fixed upstream). |
169 |
+ fperms 775 /usr/sbin/nagios /usr/sbin/nagiostats |
170 |
+ |
171 |
+ # INSTALL_OPTS are needed for most of install-basic, but we don't |
172 |
+ # want them on the LIBEXECDIR, argh. |
173 |
+ emake DESTDIR="${D}" install-basic |
174 |
+ fowners root:root /usr/$(get_libdir)/nagios/plugins |
175 |
+ |
176 |
+ # Don't make the configuration owned by the nagios user, because |
177 |
+ # then he can edit nagios.cfg and trick nagios into running as root |
178 |
+ # and doing his bidding. |
179 |
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-config |
180 |
+ |
181 |
+ # No INSTALL_OPTS used in install-commandmode, thankfully. |
182 |
+ emake DESTDIR="${D}" install-commandmode |
183 |
+ |
184 |
+ if use web; then |
185 |
+ # There is no way to install the CGIs unstripped from the |
186 |
+ # top-level makefile, so descend into cgi/ here. The empty |
187 |
+ # INSTALL_OPTS ensures that root:root: owns the CGI executables. |
188 |
+ cd "${S}/cgi" || die |
189 |
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-unstripped |
190 |
+ cd "${S}" || die |
191 |
+ |
192 |
+ # install-html installs the new exfoliation theme |
193 |
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-html |
194 |
+ |
195 |
+ if use classicui; then |
196 |
+ # This overwrites the already-installed exfoliation theme |
197 |
+ emake INSTALL_OPTS="" DESTDIR="${D}" install-classicui |
198 |
+ fi |
199 |
+ |
200 |
+ # Install cute Gentoo icons (bug #388323), setting their |
201 |
+ # owner, group, and mode to match those of the rest of Nagios's |
202 |
+ # images. |
203 |
+ insinto /usr/share/nagios/htdocs/images/logos |
204 |
+ doins "${WORKDIR}/${GENTOO_ICONS}"/*.* |
205 |
+ fi |
206 |
+ |
207 |
+ newinitd openrc-init nagios |
208 |
+ |
209 |
+ if use web ; then |
210 |
+ if use apache2 ; then |
211 |
+ # Install the Nagios configuration file for Apache. |
212 |
+ insinto "/etc/apache2/modules.d" |
213 |
+ doins "${FILESDIR}"/99_nagios4.conf |
214 |
+ elif use lighttpd ; then |
215 |
+ # Install the Nagios configuration file for Lighttpd. |
216 |
+ insinto /etc/lighttpd |
217 |
+ newins "${FILESDIR}/lighttpd_nagios4.conf" nagios.conf |
218 |
+ else |
219 |
+ ewarn "${CATEGORY}/${PF} only supports apache or lighttpd" |
220 |
+ ewarn "out of the box. Since you are not using one of them, you" |
221 |
+ ewarn "will have to configure your webserver yourself." |
222 |
+ fi |
223 |
+ fi |
224 |
+} |
225 |
+ |
226 |
+pkg_postinst() { |
227 |
+ |
228 |
+ if use web; then |
229 |
+ if use apache2 || use lighttpd ; then |
230 |
+ if use apache2; then |
231 |
+ elog "To enable the Nagios web front-end, please edit" |
232 |
+ elog "${ROOT}etc/conf.d/apache2 and add \"-D NAGIOS -D PHP\"" |
233 |
+ elog "to APACHE2_OPTS. Then Nagios will be available at," |
234 |
+ elog |
235 |
+ elif use lighttpd; then |
236 |
+ elog "To enable the Nagios web front-end, please add" |
237 |
+ elog "'include \"nagios.conf\"' to the lighttpd configuration" |
238 |
+ elog "file at ${ROOT}etc/lighttpd/lighttpd.conf. Then Nagios" |
239 |
+ elog "will be available at," |
240 |
+ elog |
241 |
+ fi |
242 |
+ |
243 |
+ elog " http://localhost/nagios/" |
244 |
+ fi |
245 |
+ fi |
246 |
+ |
247 |
+ elog |
248 |
+ elog "If your kernel has /proc protection, nagios" |
249 |
+ elog "will not be happy as it relies on accessing the proc" |
250 |
+ elog "filesystem. You can fix this by adding nagios into" |
251 |
+ elog "the group wheel, but this is not recomended." |
252 |
+ elog |
253 |
+} |