pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/tinc tinc: Provide SMF and user support.
details: https://anonhg.NetBSD.org/pkgsrc/rev/076c65be6f31
branches: trunk
changeset: 385810:076c65be6f31
user: jperkin <jperkin%pkgsrc.org@localhost>
date: Sun Sep 30 15:55:25 2018 +0000
description:
tinc: Provide SMF and user support.
Submitted by Antonio Huete in joyent/pkgsrc#108. Bump PKGREVISION.
diffstat:
net/tinc/MESSAGE.smf | 27 ++++++++++++++++
net/tinc/Makefile | 45 ++++++++++++++++++++++++++-
net/tinc/PLIST | 5 ++-
net/tinc/files/smf/manifest.xml | 28 +++++++++++++++++
net/tinc/files/smf/tinc.sh | 52 ++++++++++++++++++++++++++++++++
net/tinc/files/tinc-down | 4 ++
net/tinc/files/tinc-up | 7 ++++
net/tinc/files/tinc.conf | 66 +++++++++++++++++++++++++++++++++++++++++
8 files changed, 231 insertions(+), 3 deletions(-)
diffs (289 lines):
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/MESSAGE.smf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/tinc/MESSAGE.smf Sun Sep 30 15:55:25 2018 +0000
@@ -0,0 +1,27 @@
+===========================================================================
+$NetBSD: MESSAGE.smf,v 1.1 2018/09/30 15:55:25 jperkin Exp $
+
+ This package supports multiple SMF instances.
+
+ By default a 'default' instance is created and a example tinc.conf
+ config file is put in place in the 'default' network directory.
+ No keys will be generated automatically, the user is expected to do so.
+
+ Configure using the SMF properties: user, chroot, memlock
+
+ 'user' is the user to setuid to after initialization.
+ 'chroot' will chroot the server process to the directory where the
+ network config is located.
+ 'memlock' locks tinc into the main memory.
+
+ For more information about these options check tincd(8) manpage.
+
+ Add a example service instance:
+
+ svccfg -s tinc add mynetwork
+ svccfg -s tinc:mynetwork addpg tinc application
+ svccfg -s tinc:mynetwork setprop tinc/user = astring: tincuser
+ svccfg -s tinc:mynetwork setprop tinc/chroot = boolean: true
+ svccfg -s tinc:mynetwork setprop tinc/memlock = boolean: true
+
+===========================================================================
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/Makefile
--- a/net/tinc/Makefile Sun Sep 30 15:17:54 2018 +0000
+++ b/net/tinc/Makefile Sun Sep 30 15:55:25 2018 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2017/09/08 13:53:25 jperkin Exp $
+# $NetBSD: Makefile,v 1.28 2018/09/30 15:55:25 jperkin Exp $
DISTNAME= tinc-1.0.32
+PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= http://www.tinc-vpn.org/packages/
@@ -9,6 +10,8 @@
COMMENT= Virtual Private Network (VPN) daemon
LICENSE= gnu-gpl-v2
+BUILD_DEFS+= VARBASE
+
INFO_FILES= yes
USE_TOOLS+= msgfmt
GNU_CONFIGURE= yes
@@ -16,7 +19,45 @@
SUBST_CLASSES+= mdoc
SUBST_FILES.mdoc= doc/tinc.conf.5.in
SUBST_SED.mdoc+= -e '/^$$/d'
-SUBST_STAGE.mdoc= pre-patch
+SUBST_STAGE.mdoc= pre-configure
+
+EGDIR= ${PREFIX}/share/examples/tinc
+TINC_USER?= tinc
+TINC_GROUP?= tinc
+
+PKG_GROUPS_VARS+= TINC_GROUP
+PKG_USERS_VARS+= TINC_USER
+
+PKG_GROUPS= ${TINC_GROUP}
+PKG_USERS= ${TINC_USER}:${TINC_GROUP}
+PKG_SHELL.${TINC_USER}= ${SH}
+
+OWN_DIRS+= ${VARBASE}/log/tinc
+MAKE_DIRS+= ${PKG_SYSCONFDIR}/default
+
+INSTALLATION_DIRS= share/examples/tinc
+
+PKG_SYSCONFSUBDIR= tinc
+
+CONF_FILES_PERMS+= ${EGDIR}/tinc.conf ${PKG_SYSCONFDIR}/default/tinc.conf \
+ ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 644
+CONF_FILES_PERMS+= ${EGDIR}/tinc-up ${PKG_SYSCONFDIR}/default/tinc-up \
+ ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 755
+CONF_FILES_PERMS+= ${EGDIR}/tinc-down ${PKG_SYSCONFDIR}/default/tinc-down \
+ ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 755
+
+.include "../../mk/bsd.prefs.mk"
+
+.if ${INIT_SYSTEM} == "smf"
+SMF_METHODS= tinc
+MESSAGE_SRC+= MESSAGE.smf
+MESSAGE_SUBST+= PKG_SYSCONFDIR=${PKG_SYSCONFDIR:Q}
+.endif
+
+post-install:
+ ${INSTALL_DATA} ${FILESDIR}/tinc.conf ${DESTDIR}${EGDIR}
+ ${INSTALL_DATA} ${FILESDIR}/tinc-up ${DESTDIR}${EGDIR}
+ ${INSTALL_DATA} ${FILESDIR}/tinc-down ${DESTDIR}${EGDIR}
.include "../../archivers/lzo/buildlink3.mk"
.include "../../converters/libiconv/buildlink3.mk"
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/PLIST
--- a/net/tinc/PLIST Sun Sep 30 15:17:54 2018 +0000
+++ b/net/tinc/PLIST Sun Sep 30 15:55:25 2018 +0000
@@ -1,5 +1,8 @@
-@comment $NetBSD: PLIST,v 1.4 2010/05/01 16:56:40 tonnerre Exp $
+@comment $NetBSD: PLIST,v 1.5 2018/09/30 15:55:25 jperkin Exp $
info/tinc.info
man/man5/tinc.conf.5
man/man8/tincd.8
sbin/tincd
+share/examples/tinc/tinc-down
+share/examples/tinc/tinc-up
+share/examples/tinc/tinc.conf
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/files/smf/manifest.xml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/tinc/files/smf/manifest.xml Sun Sep 30 15:55:25 2018 +0000
@@ -0,0 +1,28 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+ <service name='@SMF_PREFIX@/@SMF_NAME@' type='service' version='1'>
+ <create_default_instance enabled='false'/>
+ <dependency name='network' grouping='require_all' restart_on='refresh' type='service'>
+ <service_fmri value='svc:/milestone/network:default'/>
+ </dependency>
+ <dependency name='filesystem' grouping='require_all' restart_on='refresh' type='service'>
+ <service_fmri value='svc:/system/filesystem/local'/>
+ </dependency>
+ <exec_method type='method' name='start' exec='@PREFIX@/@SMF_METHOD_FILE.tinc@ start' timeout_seconds='60'/>
+ <exec_method type='method' name='stop' exec='@PREFIX@/@SMF_METHOD_FILE.tinc@ stop' timeout_seconds='60'/>
+ <property_group name='application' type='application'></property_group>
+ <property_group name='startd' type='framework'>
+ <propval name='duration' type='astring' value='contract'/>
+ <propval name='ignore_error' type='astring' value='core,signal'/>
+ </property_group>
+ <template>
+ <common_name>
+ <loctext xml:lang='C'>Virtual Private Network (VPN) daemon</loctext>
+ </common_name>
+ <documentation>
+ <manpage title='tincd' section='8' manpath='@PREFIX@/@PKGMANDIR@'/>
+ </documentation>
+ </template>
+ </service>
+</service_bundle>
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/files/smf/tinc.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/tinc/files/smf/tinc.sh Sun Sep 30 15:55:25 2018 +0000
@@ -0,0 +1,52 @@
+#!@SMF_METHOD_SHELL@
+#
+# Init script for tinc (SMF)
+#
+
+. /lib/svc/share/smf_include.sh
+
+getproparg() {
+ svcprop -p $1 $SMF_FMRI 2>/dev/null
+}
+
+METHOD=$1
+INSTANCE=$(echo $SMF_FMRI | sed s_.*:__)
+INSTANCE=${INSTANCE:=default}
+
+LOGDIR="@VARBASE@/log/tinc"
+LOGFILE="${LOGDIR}/tinc.${INSTANCE}.log"
+PIDFILE="@VARBASE@/run/tinc.${INSTANCE}.pid"
+_USER=$(getproparg tinc/user)
+_CHROOT=$(getproparg tinc/chroot)
+_MEMLOCK=$(getproparg tinc/memlock)
+
+USER=${_USER:=tinc}
+
+TINC_FLAGS=""
+
+# Check if there is a configuration directory for this instance
+if [ ! -d @PKG_SYSCONFDIR@/${INSTANCE} ]; then
+ echo "$0: No configuration directory found"
+ exit $SMF_EXIT_ERR_CONFIG
+fi
+
+# Chroot tinc into its config directory
+if [ "${_CHROOT}" == "true" ]; then
+ TINC_FLAGS="${TINC_FLAGS} -R"
+fi
+
+# Lock tinc memory to avoid going into swap
+if [ "${_MEMLOCK}" == "true" ]; then
+ TINC_FLAGS="${TINC_FLAGS} -L"
+fi
+
+case ${METHOD} in
+start)
+ @PREFIX@/sbin/tincd -n ${INSTANCE} -U ${USER} ${TINC_FLAGS} --logfile=${LOGFILE} --pidfile=${PIDFILE}
+ ;;
+stop)
+ @PREFIX@/sbin/tincd -n ${INSTANCE} -k --pidfile=${PIDFILE}
+ ;;
+esac
+
+exit ${SMF_EXIT_OK}
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/files/tinc-down
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/tinc/files/tinc-down Sun Sep 30 15:55:25 2018 +0000
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+ifconfig $INTERFACE down
+ifconfig $INTERFACE unplumb
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/files/tinc-up
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/tinc/files/tinc-up Sun Sep 30 15:55:25 2018 +0000
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+ifconfig $INTERFACE plumb
+ifconfig $INTERFACE 192.168.100.1 netmask 255.255.255.0 up
+
+# Add the routes needed
+# route add -net 192.168.4.0/24 172.16.12.10 -interface
diff -r 8725e0bbd803 -r 076c65be6f31 net/tinc/files/tinc.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/tinc/files/tinc.conf Sun Sep 30 15:55:25 2018 +0000
@@ -0,0 +1,66 @@
+# $NetBSD: tinc.conf,v 1.1 2018/09/30 15:55:25 jperkin Exp $
+#
+# tinc-vpn example configuration file. Please do NOT rely solely in the
+# information of this template, the information tinc.conf(5) manpage might
+# be more current.
+#
+# -------------------------------------------------------------------------------
+# Name = name [required]
+# This is the name which identifies this tinc daemon. It must be unique
+# for the virtual private network this daemon will connect to.
+# We're using 'default' to match the instance name of the SMF service which
+# is created by default.
+# -------------------------------------------------------------------------------
+Name = default
+#
+#
+# -------------------------------------------------------------------------------
+# Mode = router | switch | hub (router)
+# This option selects the way packets are routed to other daemons.
+#
+# router In this mode Subnet variables in the host configuration files will
+# be used to form a routing table. Only unicast packets of routable
+# protocols (IPv4 and IPv6) are supported in this mode.
+#
+# This is the default mode, and unless you really know you need
+# another mode, don't change it.
+#
+# switch In this mode the MAC addresses of the packets on the VPN will be
+# used to dynamically create a routing table just like an Ethernet
+# switch does. Unicast, multicast and broadcast packets of every
+# protocol that runs over Ethernet are supported in this mode at the
+# cost of frequent broadcast ARP requests and routing table updates.
+#
+# This mode is primarily useful if you want to bridge Ethernet
+# segments.
+#
+# hub This mode is almost the same as the switch mode, but instead every
+# packet will be broadcast to the other daemons while no routing
+# table is managed.
+# -------------------------------------------------------------------------------
+# Mode = router
+#
+#
+# -------------------------------------------------------------------------------
+# ConnectTo = name
+# Specifies which other tinc daemon to connect to on startup. Multiple
+# ConnectTo variables may be specified, in which case outgoing connections
+# to each specified tinc daemon are made. The names should be known to this
+# tinc daemon (i.e., there should be a host configuration file for the name
+# on the ConnectTo line).
+#
+# If you don't specify a host with ConnectTo, tinc won't try to connect to
+# other daemons at all, and will instead just listen for incoming
+# connections.
+# -------------------------------------------------------------------------------
+# ConnectTo = vpn1
+#
+#
+# -------------------------------------------------------------------------------
+# DeviceType = type (platform dependent)
+# The type of the virtual network device. Tinc will normally automatically
+# select the right type of tun/tap interface, and this option should not be
+# used. However, this option can be used to select one of the special
+# interface types, if support for them is compiled in.
+# -------------------------------------------------------------------------------
+# DeviceType = tap
Home |
Main Index |
Thread Index |
Old Index