diff options
| author |   Conrad Kostecki <conikost@gentoo.org> | 2021-03-14 21:23:03 +0100 |
|---|---|---|
| committer | Conrad Kostecki <conikost@gentoo.org> | 2021-03-14 21:25:34 +0100 |
| commit | 021b0cccd5ea0f8b0cdb764ef696a71a5e430487 (patch) | |
| tree | d9d90c308993fe65433c4bfdd665c4ec470033da /net-misc/stunnel | |
| parent | app-admin/lastpass-binary-component: bump to 4.67.1 (diff) | |
| download | gentoo-021b0cccd5ea0f8b0cdb764ef696a71a5e430487.tar.gz gentoo-021b0cccd5ea0f8b0cdb764ef696a71a5e430487.tar.bz2 gentoo-021b0cccd5ea0f8b0cdb764ef696a71a5e430487.zip | |
net-misc/stunnel: bump to version 5.58
Also added from PR 14362 the handling of pid file ownership, to support
the specified user and group from stunnel.conf.
Closes: https://github.com/gentoo/gentoo/pull/14362
Package-Manager: Portage-3.0.16, Repoman-3.0.2
Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
Diffstat (limited to 'net-misc/stunnel')
| -rw-r--r-- | net-misc/stunnel/Manifest | 1 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-r2 | 55 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-5.58.ebuild | 100 |
3 files changed, 156 insertions, 0 deletions
diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest index 432660d827e3..d27cdf861c37 100644 --- a/net-misc/stunnel/Manifest +++ b/net-misc/stunnel/Manifest @@ -1,3 +1,4 @@ DIST stunnel-5.50.tar.gz 973685 BLAKE2B e4185fa0c4f15ea118a8f6590bae14a9e1d7ccf1f73b75e46d8c7f04e4ece471c29b0a3715a24568301c5220fe385cbf42295c91ae9b295e3d7ab2b0ffec45a1 SHA512 96029b4f0dc0f04130e847bf47e56e8fdd22f2aaddb5fe0f581a0da6b870049152216795a0a9d9cdb6b93621df0a7d999e968a8c59989d261fd81c5f02cc1bac DIST stunnel-5.55.tar.gz 986873 BLAKE2B feb3a7d80aa2f67e0b8de2cdd2a134947f0715cc09c2d2778cd2aef4dcc55ffef45c55e010bd6048f38b143d22006beb90c7b76575a8d6d3d430d1f87dd271fa SHA512 278e39e87e080171d2bed3b193f8f7923b48c12c6d788afeb113a71bfc6077129305e8f93f5e7046b12cc8aa381e89909358756c978ef129d3067ceeb60e112a DIST stunnel-5.56.tar.gz 981163 BLAKE2B eef5a535165b1346d14e8fdd25ded7f497378bb63ab7d68642c5e1b3db2716c8e46db443146385a192a7e6042adcca295a5b107912e113f3f13f66e7a8d8b00b SHA512 db1be82b80bd5606568c5565f1c9a5710d4f7abca2d89388daa441bc395aaf2be998ac6403c7a17b8af01b89ade825186c20c50f73a809f9d64eca2e1b57a877 +DIST stunnel-5.58.tar.gz 988551 BLAKE2B 45ce3d43ff683fa1146ced00c6a2ef7c09a935da3dcd1a6529fa024e064c251798d96a1e45d4abf13195ca50fb7f1cf3ddc25c9e954a1cad8bb4745c4e35701d SHA512 6f62bf13bf53f174b2810ad6708a9dfdb70e9b4e2f60c0c9cf4df691169a63014901402ccbe2862010f4cee240c1a8eec34b70a7a3fcef36e7a2ca14a7f70ece diff --git a/net-misc/stunnel/files/stunnel-r2 b/net-misc/stunnel/files/stunnel-r2 new file mode 100644 index 000000000000..abd42987d2b4 --- /dev/null +++ b/net-misc/stunnel/files/stunnel-r2 @@ -0,0 +1,55 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" +SERVICENAME=${SVCNAME#*.} +SERVICENAME=${SERVICENAME:-stunnel} +STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf} + +depend() { + need net + before logger +} + +get_config() { + if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then + eerror "You need to create ${STUNNEL_CONFIGFILE} first." + return 1 + fi + CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + [ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}" + PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid} + SETUID=$(grep "^setuid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + SETUID=${SETUID:-stunnel} + SETGID=$(grep "^setgid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + SETGID=${SETGID:-stunnel} +} + +start() { + get_config || return 1 + checkpath -d -m 0775 -o root:stunnel /run/stunnel + if [ "$(dirname ${PIDFILE})" != "/run" ]; then + checkpath -d -m 0755 -o ${SETUID}:${SETGID} -q $(dirname ${PIDFILE}) + fi + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \ + --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS} + eend $? "Failed to start ${SVCNAME}" +} + +stop() { + get_config || return 1 + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet --exec /usr/bin/stunnel \ + --pidfile ${PIDFILE} + eend $? "Failed to stop ${SVCNAME}" +} + +reload() { + get_config || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} --name stunnel + eend $? +} diff --git a/net-misc/stunnel/stunnel-5.58.ebuild b/net-misc/stunnel/stunnel-5.58.ebuild new file mode 100644 index 000000000000..2fcb74bea807 --- /dev/null +++ b/net-misc/stunnel/stunnel-5.58.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit multilib ssl-cert systemd tmpfiles + +DESCRIPTION="TLS/SSL - Port Wrapper" +HOMEPAGE="https://www.stunnel.org/index.html" +SRC_URI=" + ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz + http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="ipv6 selinux stunnel3 tcpd" + +DEPEND=" + dev-libs/openssl:0= + tcpd? ( sys-apps/tcp-wrappers ) +" + +RDEPEND=" + acct-user/stunnel + acct-group/stunnel + ${DEPEND} + selinux? ( sec-policy/selinux-stunnel ) + stunnel3? ( dev-lang/perl ) +" + +RESTRICT="test" + +src_prepare() { + # Hack away generation of certificate + sed -i -e "s/^install-data-local:/do-not-run-this:/" \ + tools/Makefile.in || die "sed failed" + + echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel + + eapply_user +} + +src_configure() { + local myeconfargs=( + --libdir="${EPREFIX}/usr/$(get_libdir)" + $(use_enable ipv6) + $(use_enable tcpd libwrap) + --with-ssl="${EPREFIX}"/usr + --disable-fips + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + emake DESTDIR="${D}" install + rm -rf "${ED}"/usr/share/doc/${PN} + rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ + "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 + use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 + + # The binary was moved to /usr/bin with 4.21, + # symlink for backwards compatibility + dosym ../bin/stunnel /usr/sbin/stunnel + + dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md + docinto html + dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ + tools/importCA.html + + insinto /etc/stunnel + doins "${FILESDIR}"/stunnel.conf + newinitd "${FILESDIR}"/stunnel-r2 stunnel + + doenvd "${T}"/20stunnel + + systemd_dounit "${S}/tools/stunnel.service" + newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf +} + +pkg_postinst() { + if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then + install_cert /etc/stunnel/stunnel + chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + fi + + einfo "If you want to run multiple instances of stunnel, create a new config" + einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " + einfo "\'pid= \' with a unique filename. For openrc make a symlink from the" + einfo "stunnel init script to \'stunnel.name\' and use that to start|stop" + einfo "your custom instance" +} |