summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-misc/frr/Manifest1
-rw-r--r--net-misc/frr/files/frr-7.5-ipctl-forwarding.patch22
-rw-r--r--net-misc/frr/files/frr-openrc-v1300
-rw-r--r--net-misc/frr/files/frr.pam26
-rw-r--r--net-misc/frr/frr-7.5.ebuild143
-rw-r--r--net-misc/frr/metadata.xml28
6 files changed, 520 insertions, 0 deletions
diff --git a/net-misc/frr/Manifest b/net-misc/frr/Manifest
new file mode 100644
index 000000000000..7ae456fb3894
--- /dev/null
+++ b/net-misc/frr/Manifest
@@ -0,0 +1 @@
+DIST frr-7.5.tar.gz 6730659 BLAKE2B 12c915e7564b8f0157b20b0714b1efd8c2ad0c51dbaeb1eb3ef2d5ea50406c297d7f4bd854d9246b515d42f3fa326b2b3c7a30d83f35b64c374947b26709f6fe SHA512 d0d3c0bc0d30e2ebb93e20906768a996d21db23b23118c8e3c50d238e7bfdee7a789b4a90c9d7dbdc842d857f60bd44f0922b01b0c2c8b289ac860f008a430a9
diff --git a/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch b/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch
new file mode 100644
index 000000000000..f6b726b591f7
--- /dev/null
+++ b/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch
@@ -0,0 +1,22 @@
+Fix for missing definitions on some Hardened configurations
+Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=437292
+
+diff -Naur quagga-0.99.16.orig/zebra/ipforward_sysctl.c quagga-0.99.16/zebra/ipforward_sysctl.c
+--- quagga-0.99.16.orig/zebra/ipforward_sysctl.c 2010-03-11 12:11:32.000000000 -0500
++++ quagga-0.99.16/zebra/ipforward_sysctl.c 2010-03-11 12:11:39.000000000 -0500
+@@ -31,6 +31,15 @@
+
+ #define MIB_SIZ 4
+
++/* Fix for recent (2.6.14) kernel headers */
++#ifndef IPCTL_FORWARDING
++ #define IPCTL_FORWARDING NET_IPV4_FORWARD
++#endif
++
++#ifndef IP6CTL_FORWARDING
++ #define IP6CTL_FORWARDING NET_IPV6_FORWARDING
++#endif
++
+ extern struct zebra_privs_t zserv_privs;
+
+ /* IPv4 forwarding control MIB. */
diff --git a/net-misc/frr/files/frr-openrc-v1 b/net-misc/frr/files/frr-openrc-v1
new file mode 100644
index 000000000000..9e2f1ab914fd
--- /dev/null
+++ b/net-misc/frr/files/frr-openrc-v1
@@ -0,0 +1,300 @@
+#!/sbin/openrc-run
+#
+# FRR OpenRC init script.
+#
+# Copyright (C) 2020 Rafael F. Zalamena
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; only version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+description="FRR initialization script."
+
+# FRR variables.
+frr_dir="/usr/lib/frr"
+frr_state_dir="/run/frr"
+config_file="/etc/frr/frr.conf"
+daemon_file="/etc/frr/daemons"
+daemon_db="/run/frrdb"
+vty_config_file="/etc/frr/vtysh.conf"
+frr_reload="$frr_dir/frr-reload.py"
+frr_reload_log="$frr_state_dir/reload.log"
+
+# Don't change profile here, use $daemon_file. This is the default.
+frr_profile="traditional"
+
+# watchfrr variables.
+watchfrr_daemons=''
+watchfrr_pidfile="$frr_state_dir/watchfrr.pid"
+
+#
+# Helpers.
+#
+_check_daemon_binary() {
+ local daemon=$1
+
+ [ -x "$frr_dir/$daemon" ] && return 0
+
+ eerror "No binary found for $daemon in $frr_dir"
+ return 1
+}
+
+_load_daemon_list() {
+ # Load FRR daemons configuration file.
+ while read line <&3 ; do
+ case $line in
+ ""|"#"*)
+ # Skip empty/commented lines.
+ continue
+ ;;
+
+ *d=*|*_instances=*|*_options=*|*_wrap=*)
+ # Load daemon options.
+ eval "$line"
+ ;;
+
+ MAX_FDS=*|frr_profile=*|vtysh_enable=*)
+ # Load misc configuration.
+ eval "$line"
+ ;;
+ esac
+ done 3< $daemon_file
+
+ # `zebra` and `staticd` are mandatory.
+ _check_daemon_binary 'zebra' || return 1
+ _check_daemon_binary 'staticd' || return 1
+ watchfrr_daemons='zebra staticd'
+
+ # Create the watchfrr command line.
+ for daemon in \
+ babeld bfdd bgpd eigrpd fabricd isisd ldpd nhrpd ospfd ospf6d pbrd \
+ pimd ripd ripngd sharpd vrrpd \
+ ; do
+ # Trick to read variable name with variable.
+ cdaemon=$(eval echo \$$daemon)
+ cdaemon_instances=$(eval echo \$${daemon}_instances)
+
+ # Add daemon to command line if specified.
+ if [ ! -z $cdaemon ] && [ $cdaemon = 'yes' ]; then
+ _check_daemon_binary $daemon || return 1
+
+ # Multi instance daemon handling.
+ if [ ! -z $cdaemon_instances ]; then
+ for instance in $(echo $cdaemon_instances | tr ',' ' '); do
+ watchfrr_daemons="$watchfrr_daemons $daemon-$instance"
+ done
+ fi
+
+ # Single instance daemon handling.
+ watchfrr_daemons="$watchfrr_daemons $daemon"
+ continue
+ fi
+ done
+}
+
+_frr_start() {
+ # Apply MAX_FDS configuration if set.
+ if [ ! -z $MAX_FDS ]; then
+ veinfo " Setting maximum file descriptors to ${MAX_FDS}"
+ ulimit -n $MAX_FDS >/dev/null 2>/dev/null
+ fi
+
+ # Save started daemons to state database.
+ rm -f -- $daemon_db
+ for daemon in $watchfrr_daemons; do
+ echo $daemon >> $daemon_db
+ veinfo " Starting $daemon..."
+ done
+
+ veinfo " Starting watchfrr..."
+
+ # Start watchfrr which will start all configured daemons.
+ eval $all_wrap $frr_dir/watchfrr -d -F $frr_profile $watchfrr_daemons
+
+ veinfo " Loading configuration..."
+
+ # After starting the daemons, lets load the configuration.
+ if [ $vtysh_enable = 'yes' ]; then
+ vtysh -b -n
+ else
+ veinfo " Configuration loading disabled (vtysh_enable=$vtysh_enable)"
+ fi
+}
+
+_get_pid() {
+ local daemon=$1
+ local pid_file="$frr_state_dir/$daemon.pid"
+
+ # Test for file existence.
+ if [ ! -r "$pid_file" ]; then
+ eerror "Failed to find or read $daemon pid file"
+ return 1
+ fi
+
+ # Get PID if any.
+ pid=$(cat $pid_file)
+ if [ -z $pid ]; then
+ eerror "$daemon PID file empty"
+ return 1
+ fi
+
+ return 0
+}
+
+_stop_daemon() {
+ local daemon=$1
+ local pid_file="$frr_state_dir/$daemon.pid"
+
+ # Get daemon pid.
+ _get_pid $daemon
+
+ # Ask daemon to quit.
+ kill -2 "$pid"
+
+ # Test if daemon is still running.
+ attempts=1200
+ while kill -0 "$pid" 2>/dev/null; do
+ sleep 0.5
+ [ $((attempts - 1)) -gt 0 ] || break
+ done
+
+ # Tell user about our situation.
+ if kill -0 "$pid" 2>/dev/null ; then
+ eerror "Failed to stop $daemon (PID=${pid})"
+ return 1
+ else
+ rm -f -- $pid_file
+ fi
+}
+
+_frr_stop() {
+ local failures=0
+
+ # Stop watchfrr first so it doesn't restart anyone.
+ veinfo " Stopping watchfrr..."
+ _stop_daemon watchfrr || failures=1
+
+ # Read started daemon database.
+ while read line <&3 ; do
+ case $line in
+ ""|"#"*)
+ # Skip empty/commented lines.
+ continue
+ ;;
+
+ *)
+ # Get daemon name.
+ veinfo " Stopping $line..."
+ _stop_daemon $line || failures=1
+ ;;
+ esac
+ done 3< $daemon_db
+
+ # Remove daemon database file.
+ rm -f -- $daemon_db
+
+ return $failures
+}
+
+_check_watchfrr() {
+ _get_pid watchfrr || return 1
+ return 0
+}
+
+#
+# Main.
+#
+depend() {
+ # We need root to write logs.
+ need localmount
+ # Optionally wait for network to start.
+ use net
+ # Expect /run to be ready.
+ after bootmisc
+}
+
+start_pre() {
+ # Check configuration file readability.
+ checkpath -f -m 0640 -o frr:frr $vty_config_file
+ checkpath -f -m 0640 -o frr:frr $daemon_file
+ checkpath -f -m 0640 -o frr:frr $config_file
+
+ # Check run state directory.
+ checkpath -d -o frr $frr_state_dir
+
+ # Load daemon list and peform checks.
+ _load_daemon_list
+}
+
+start() {
+ # Load daemon list.
+ _load_daemon_list
+
+ # Handle restarts.
+ if [ "$RC_CMD" = 'restart' ]; then
+ ebegin 'Reloading FRR configuration'
+ else
+ ebegin 'Starting FRR'
+ fi
+
+ # Start FRR.
+ _frr_start
+
+ # New daemons and watchfrr started, apply new configuration.
+ if [ "$RC_CMD" = 'restart' ]; then
+ "$frr_reload" --reload "$config_file" 2>/run/frr/reload.log
+ [ $? -ne 0 ] && ewarn " Failed to reload (check $frr_reload_log)"
+ # NOTE: we can't return bad status otherwise OpenRC will think we
+ # failed to start, lets print a helpful message instead.
+ fi
+
+ eend 0
+}
+
+stop() {
+ local failures=0
+
+ # Handle restarts.
+ if [ "$RC_CMD" = 'restart' ]; then
+ # Load daemon list.
+ _load_daemon_list
+
+ # We must restart 'watchfrr' in order to start new daemons.
+ veinfo " Stopping watchfrr..."
+ _stop_daemon watchfrr
+
+ # Stop daemons that are no longer in configuration file.
+ for daemon in $(ls -1 /run/frr/*.pid | cut -d '.' -f 1); do
+ # Filter daemon name.
+ daemon=$(basename "$daemon")
+
+ # Skip watchfrr.
+ [ "$daemon" = 'watchfrr' ] && continue
+
+ echo "$watchfrr_daemons" | grep "$daemon" >/dev/null
+ if [ $? -ne 0 ]; then
+ veinfo " Stopping $daemon..."
+ _stop_daemon $daemon
+ fi
+ done
+
+ return 0
+ fi
+
+ ebegin 'Stopping FRR'
+ _frr_stop || failures=1
+ eend $failures 'some daemons failed to stop'
+}
+
+status() {
+ _check_watchfrr || return 1
+}
diff --git a/net-misc/frr/files/frr.pam b/net-misc/frr/files/frr.pam
new file mode 100644
index 000000000000..5cef5d9d746e
--- /dev/null
+++ b/net-misc/frr/files/frr.pam
@@ -0,0 +1,26 @@
+#%PAM-1.0
+#
+
+##### if running frr as root:
+# Only allow root (and possibly wheel) to use this because enable access
+# is unrestricted.
+auth sufficient pam_rootok.so
+
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth sufficient pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth required pam_wheel.so use_uid
+###########################################################
+
+# If using frr privileges and with a seperate group for vty access, then
+# access can be controlled via the vty access group, and pam can simply
+# check for valid user/password, eg:
+#
+# only allow local users.
+#auth required pam_securetty.so
+#auth include system-auth
+#auth required pam_nologin.so
+#account include system-auth
+#password include system-auth
+#session include system-auth
+#session optional pam_console.so
diff --git a/net-misc/frr/frr-7.5.ebuild b/net-misc/frr/frr-7.5.ebuild
new file mode 100644
index 000000000000..b4a72f6ec316
--- /dev/null
+++ b/net-misc/frr/frr-7.5.ebuild
@@ -0,0 +1,143 @@
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7,8} )
+inherit autotools pam python-single-r1 systemd
+
+DESCRIPTION="The FRRouting Protocol Suite"
+HOMEPAGE="https://frrouting.org/"
+SRC_URI="https://github.com/FRRouting/frr/archive/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE="doc fpm grpc ipv6 kernel_linux nhrp ospfapi pam rpki snmp systemd"
+
+COMMON_DEPEND="
+ acct-user/frr
+ dev-libs/json-c:0=
+ >=net-libs/libyang-1.0.184
+ sys-libs/libcap
+ sys-libs/readline:0=
+ grpc? ( net-libs/grpc )
+ nhrp? ( net-dns/c-ares:0= )
+ pam? ( sys-libs/pam )
+ rpki? ( >=net-libs/rtrlib-0.6.3[ssh] )
+ snmp? ( net-analyzer/net-snmp )
+"
+
+BDEPEND="
+ ${COMMON_DEPEND}
+ doc? ( dev-python/sphinx )
+ sys-devel/flex
+ virtual/yacc
+"
+
+DEPEND="
+ ${PYTHON_DEPS}
+ ${COMMON_DEPEND}
+"
+
+RDEPEND="
+ ${DEPEND}
+ $(python_gen_cond_dep 'dev-python/ipaddr[${PYTHON_USEDEP}]')
+ !!net-misc/quagga
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-7.5-ipctl-forwarding.patch"
+)
+
+# FRR tarballs have weird format.
+S="${WORKDIR}/frr-${P}"
+
+src_prepare() {
+ default
+
+ python_fix_shebang tools
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --disable-static \
+ --with-pkg-extra-version="-gentoo" \
+ --enable-configfile-mask=0640 \
+ --enable-logfile-mask=0640 \
+ --prefix=/usr \
+ --libdir=/usr/lib/frr \
+ --sbindir=/usr/lib/frr \
+ --libexecdir=/usr/lib/frr \
+ --sysconfdir=/etc/frr \
+ --localstatedir=/run/frr \
+ --with-moduledir=/usr/lib/frr/modules \
+ --enable-exampledir=/usr/share/doc/${PF}/samples \
+ --enable-user=frr \
+ --enable-group=frr \
+ --enable-vty-group=frr \
+ --enable-multipath=64 \
+ $(use_enable doc) \
+ $(use_enable fpm) \
+ $(use_enable grpc) \
+ $(use_enable ipv6 ospf6d) \
+ $(use_enable ipv6 ripngd) \
+ $(use_enable ipv6 rtadv) \
+ $(use_enable kernel_linux realms) \
+ $(use_enable nhrp nhrpd) \
+ $(usex ospfapi '--enable-ospfclient' '' '' '') \
+ $(use_enable rpki) \
+ $(use_enable snmp) \
+ $(use_enable systemd)
+}
+
+src_compile() {
+ default
+
+ use doc && (cd doc; make html)
+}
+
+src_install() {
+ default
+ find "${D}" -name '*.la' -delete || die
+
+ # Install user documentation if asked
+ use doc && dodoc -r doc/user/_build/html
+
+ # Create configuration directory with correct permissions
+ keepdir /etc/frr
+ fowners frr:frr /etc/frr
+ fperms 775 /etc/frr
+
+ # Create logs directory with the correct permissions
+ keepdir /var/log/frr
+ fowners frr:frr /var/log/frr
+ fperms 775 /var/log/frr
+
+ # Install the default configuration files
+ insinto /etc/frr
+ doins tools/etc/frr/vtysh.conf
+ doins tools/etc/frr/frr.conf
+ doins tools/etc/frr/daemons
+
+ # Fix permissions/owners.
+ fowners frr:frr /etc/frr/vtysh.conf
+ fowners frr:frr /etc/frr/frr.conf
+ fowners frr:frr /etc/frr/daemons
+ fperms 640 /etc/frr/vtysh.conf
+ fperms 640 /etc/frr/frr.conf
+ fperms 640 /etc/frr/daemons
+
+ # Install logrotate configuration
+ insinto /etc/logrotate.d
+ newins redhat/frr.logrotate frr
+
+ # Install PAM configuration file
+ use pam && newpamd "${FILESDIR}/frr.pam" frr
+
+ # Install init scripts
+ systemd_dounit tools/frr.service
+ newinitd "${FILESDIR}/frr-openrc-v1" frr
+}
diff --git a/net-misc/frr/metadata.xml b/net-misc/frr/metadata.xml
new file mode 100644
index 000000000000..043dceace198
--- /dev/null
+++ b/net-misc/frr/metadata.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>pinkbyte@gentoo.org</email>
+ <name>Sergey Popov</name>
+ </maintainer>
+ <use>
+ <flag name="grpc">
+ Enable gRPC plugin
+ </flag>
+ <flag name="nhrp">
+ Build Next Hop Resolution Protocol daemon
+ </flag>
+ <flag name="fpm">
+ Enable Forwarding Plane Manager support
+ </flag>
+ <flag name="rpki">
+ Enable RPKI
+ </flag>
+ <flag name="pam">
+ Add support for PAM (via <pkg>sys-libs/pam</pkg>) to the Virtual Terminal Interface Shell (vtysh);
+ </flag>
+ <flag name="ospfapi">
+ Build OSPFAPI support
+ </flag>
+ </use>
+</pkgmetadata>