1 |
commit: e05d77e5b5a85672092c5c156b1371da178b520f |
2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Aug 31 16:08:49 2015 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Aug 31 16:08:49 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e05d77e5 |
7 |
|
8 |
net-analyzer/nrpe: revbump to add selinux and no-ssl support. |
9 |
|
10 |
Add a conditional dep on sec-policy/selinux-nagios, and pull in an |
11 |
(unreleased) upstream patch to fix the build when USE="-ssl". Also add |
12 |
a slot on the openssl dependency to make repoman happy. |
13 |
|
14 |
Bug: 462572 |
15 |
Bug: 554536 |
16 |
|
17 |
Package-Manager: portage-2.2.20.1 |
18 |
|
19 |
net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch | 39 +++++++ |
20 |
net-analyzer/nrpe/nrpe-2.15-r3.ebuild | 137 +++++++++++++++++++++++++ |
21 |
2 files changed, 176 insertions(+) |
22 |
|
23 |
diff --git a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch |
24 |
new file mode 100644 |
25 |
index 0000000..3b3fc13 |
26 |
--- /dev/null |
27 |
+++ b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch |
28 |
@@ -0,0 +1,39 @@ |
29 |
+Without this patch, you can't build nrpe without SSL support. It was |
30 |
+originally submitted on the Nagios forums by user Matthew L. Daniel: |
31 |
+ |
32 |
+ https://support.nagios.com/forum/viewtopic.php?t=27027 |
33 |
+ |
34 |
+It was merged into the upstream github repo (NagiosEnterprises/nrpe) |
35 |
+in commit 3736fdeeac11a. |
36 |
+ |
37 |
+ |
38 |
+diff --git a/src/nrpe.c b/src/nrpe.c |
39 |
+index 4bc849b..1e55ab4 100644 |
40 |
+--- a/src/nrpe.c |
41 |
++++ b/src/nrpe.c |
42 |
+@@ -102,7 +102,9 @@ int use_src=FALSE; /* Define parameter for SRC option */ |
43 |
+ int listen_queue_size=DEFAULT_LISTEN_QUEUE_SIZE; |
44 |
+ |
45 |
+ |
46 |
++#ifdef HAVE_SSL |
47 |
+ void complete_SSL_shutdown( SSL *); |
48 |
++#endif |
49 |
+ |
50 |
+ |
51 |
+ int main(int argc, char **argv){ |
52 |
+@@ -1815,6 +1817,7 @@ int remove_pid_file(void){ |
53 |
+ return OK; |
54 |
+ } |
55 |
+ |
56 |
++#ifdef HAVE_SSL |
57 |
+ void complete_SSL_shutdown( SSL *ssl) { |
58 |
+ |
59 |
+ /* |
60 |
+@@ -1835,6 +1838,7 @@ void complete_SSL_shutdown( SSL *ssl) { |
61 |
+ if( SSL_shutdown( ssl)) break; |
62 |
+ } |
63 |
+ } |
64 |
++#endif/*HAVE_SSL*/ |
65 |
+ |
66 |
+ /* bail if daemon is running as root */ |
67 |
+ int check_privileges(void){ |
68 |
|
69 |
diff --git a/net-analyzer/nrpe/nrpe-2.15-r3.ebuild b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild |
70 |
new file mode 100644 |
71 |
index 0000000..906120d |
72 |
--- /dev/null |
73 |
+++ b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild |
74 |
@@ -0,0 +1,137 @@ |
75 |
+# Copyright 1999-2015 Gentoo Foundation |
76 |
+# Distributed under the terms of the GNU General Public License v2 |
77 |
+# $Id$ |
78 |
+ |
79 |
+EAPI=5 |
80 |
+inherit eutils systemd toolchain-funcs multilib user autotools |
81 |
+ |
82 |
+DESCRIPTION="Nagios Remote Plugin Executor" |
83 |
+HOMEPAGE="http://www.nagios.org/" |
84 |
+SRC_URI="mirror://sourceforge/nagios/${P}.tar.gz" |
85 |
+ |
86 |
+LICENSE="GPL-2+" |
87 |
+SLOT="0" |
88 |
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" |
89 |
+IUSE="command-args minimal selinux ssl tcpd" |
90 |
+ |
91 |
+DEPEND="ssl? ( dev-libs/openssl:0 ) |
92 |
+ !minimal? ( tcpd? ( sys-apps/tcp-wrappers ) )" |
93 |
+RDEPEND="${DEPEND} |
94 |
+ !minimal? ( |
95 |
+ || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins ) |
96 |
+ ) |
97 |
+ selinux? ( sec-policy/selinux-nagios )" |
98 |
+ |
99 |
+pkg_setup() { |
100 |
+ enewgroup nagios |
101 |
+ enewuser nagios -1 /bin/bash /dev/null nagios |
102 |
+ |
103 |
+ elog "If you plan to use \"nrpe_check_control\" then you may want to specify" |
104 |
+ elog "different command and services files. You can override the defaults" |
105 |
+ elog "through the \"NAGIOS_COMMAND_FILE\" and \"NAGIOS_SERVICES_FILE\" environment variables." |
106 |
+ elog "NAGIOS_COMMAND_FILE=${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}" |
107 |
+ elog "NAGIOS_SERVICES_FILE=${NAGIOS_SERVICES_FILE:-/etc/services.cfg}" |
108 |
+} |
109 |
+ |
110 |
+src_prepare() { |
111 |
+ # Add support for large output, |
112 |
+ # http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.html |
113 |
+ epatch "${FILESDIR}"/${PN}-2.14-multiline.patch |
114 |
+ |
115 |
+ # fix configure, among others #326367, #397603 |
116 |
+ epatch "${FILESDIR}"/${PN}-2.15-tcpd-et-al.patch |
117 |
+ |
118 |
+ # otherwise autoconf will overwrite the custom include/config.h.in |
119 |
+ epatch "${FILESDIR}"/${PN}-2.15-autoconf-header.patch |
120 |
+ |
121 |
+ # improve handling of metachars for security |
122 |
+ epatch "${FILESDIR}"/${PN}-2.15-metachar-security-fix.patch |
123 |
+ |
124 |
+ # Fix build with USE="-ssl". |
125 |
+ epatch "${FILESDIR}"/${PN}-2.15-no-ssl.patch |
126 |
+ |
127 |
+ sed -i -e '/define \(COMMAND\|SERVICES\)_FILE/d' \ |
128 |
+ contrib/nrpe_check_control.c || die |
129 |
+ |
130 |
+ # change the default location of the pid file |
131 |
+ sed -i -e '/pid_file/s:/var/run:/run:' sample-config/nrpe.cfg.in || die |
132 |
+ |
133 |
+ # fix TFU handling of autoheader |
134 |
+ sed -i -e '/#undef/d' include/config.h.in || die |
135 |
+ |
136 |
+ eautoreconf |
137 |
+} |
138 |
+ |
139 |
+src_configure() { |
140 |
+ local myconf |
141 |
+ if use minimal; then |
142 |
+ myconf="--disable-tcp-wrapper --disable-command-args" |
143 |
+ else |
144 |
+ myconf="$(use_enable tcpd tcp-wrapper) $(use_enable command-args)" |
145 |
+ fi |
146 |
+ |
147 |
+ econf \ |
148 |
+ --libexecdir=/usr/$(get_libdir)/nagios/plugins \ |
149 |
+ --localstatedir=/var/nagios \ |
150 |
+ --sysconfdir=/etc/nagios \ |
151 |
+ --with-nrpe-user=nagios \ |
152 |
+ --with-nrpe-group=nagios \ |
153 |
+ $(use_enable ssl) \ |
154 |
+ ${myconf} |
155 |
+} |
156 |
+ |
157 |
+src_compile() { |
158 |
+ emake -C src check_nrpe $(use minimal || echo nrpe) |
159 |
+ |
160 |
+ # Add nifty nrpe check tool |
161 |
+ $(tc-getCC) ${CPPFLAGS} ${CFLAGS} \ |
162 |
+ -DCOMMAND_FILE=\"${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}\" \ |
163 |
+ -DSERVICES_FILE=\"${NAGIOS_SERVICES_FILE:-/etc/services.cfg}\" \ |
164 |
+ ${LDFLAGS} -o nrpe_check_control contrib/nrpe_check_control.c || die |
165 |
+} |
166 |
+ |
167 |
+src_install() { |
168 |
+ dodoc LEGAL Changelog README SECURITY \ |
169 |
+ contrib/README.nrpe_check_control \ |
170 |
+ $(use ssl && echo README.SSL) |
171 |
+ |
172 |
+ exeinto /usr/$(get_libdir)/nagios/plugins |
173 |
+ doexe src/check_nrpe nrpe_check_control |
174 |
+ |
175 |
+ use minimal && return 0 |
176 |
+ |
177 |
+ ## NON-MINIMAL INSTALL FOLLOWS ## |
178 |
+ |
179 |
+ insinto /etc/nagios |
180 |
+ newins sample-config/nrpe.cfg nrpe.cfg |
181 |
+ fowners root:nagios /etc/nagios/nrpe.cfg |
182 |
+ fperms 0640 /etc/nagios/nrpe.cfg |
183 |
+ |
184 |
+ exeinto /usr/libexec |
185 |
+ doexe src/nrpe |
186 |
+ |
187 |
+ newinitd "${FILESDIR}"/nrpe.init nrpe |
188 |
+ systemd_dounit "${FILESDIR}/${PN}.service" |
189 |
+ |
190 |
+ insinto /etc/xinetd.d/ |
191 |
+ newins "${FILESDIR}/nrpe.xinetd.2" nrpe |
192 |
+ |
193 |
+ if use tcpd; then |
194 |
+ sed -i -e '/^reload()/, /^}/ d' -e '/extra_started_commands/s:reload::' \ |
195 |
+ "${D}"/etc/init.d/nrpe |
196 |
+ fi |
197 |
+} |
198 |
+ |
199 |
+pkg_postinst() { |
200 |
+ elog "If you are using the nrpe daemon, remember to edit" |
201 |
+ elog "the config file /etc/nagios/nrpe.cfg" |
202 |
+ |
203 |
+ if use command-args ; then |
204 |
+ ewarn "" |
205 |
+ ewarn "You have enabled command-args for NRPE. This enables" |
206 |
+ ewarn "the ability for clients to supply arguments to commands" |
207 |
+ ewarn "which should be run. " |
208 |
+ ewarn "THIS IS CONSIDERED A SECURITY RISK!" |
209 |
+ ewarn "Please read /usr/share/doc/${PF}/SECURITY.bz2 for more info" |
210 |
+ fi |
211 |
+} |