tomwij 14/04/27 10:50:49
Added: fwknopd.confd fwknopd.tmpfiles.conf fwknopd.init
fwknop-2.6.0-remove-extra-run-from-paths.patch
Log:
New ebuild for net-firewall/fwknop, a Single Packet Authorization and Port
Knocking application; fixes bug #178546, proxied commit for Coacher (itumaykin)
who will maintain this package.
(Portage version: HEAD/cvs/Linux x86_64, signed Manifest commit with key
6D34E57D)
Revision Changes Path
1.1 net-firewall/fwknop/files/fwknopd.confd
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknopd.confd?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknopd.confd?rev=1.1&content-type=text/plain
Index: fwknopd.confd
===================================================================
# /etc/conf.d/fwknopd: config file for /etc/init.d/fwknopd
# Where are your fwknopd config files stored?
FWKNOPD_CONFDIR="/etc/fwknop"
# Options to pass to fwknopd daemon.
# See the fwknopd(8) manpage for more info.
FWKNOPD_OPTS=""
# Pid file to use (needs to be an absolute path).
#FWKNOPD_PIDFILE="/run/fwknop/fwknopd.pid"
# Path to the fwknopd binary (needs to be absolute path).
#FWKNOPD_BINARY="/usr/sbin/fwknopd"
1.1 net-firewall/fwknop/files/fwknopd.tmpfiles.conf
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknopd.tmpfiles.conf?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknopd.tmpfiles.conf?rev=1.1&content-type=text/plain
Index: fwknopd.tmpfiles.conf
===================================================================
d /run/fwknop 0700 root root -
1.1 net-firewall/fwknop/files/fwknopd.init
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknopd.init?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknopd.init?rev=1.1&content-type=text/plain
Index: fwknopd.init
===================================================================
#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/fwknop/files/fwknopd.init,v 1.1
2014/04/27 10:50:49 tomwij Exp $
extra_commands="checkconfig"
extra_started_commands="reload"
FWKNOPD_CONFDIR="${FWKNOPD_CONFDIR:-/etc/fwknop}"
FWKNOPD_CONFIG="${FWKNOPD_CONFDIR}/fwknopd.conf"
FWKNOPD_PIDFILE="${FWKNOPD_PIDFILE:-/run/fwknop/${SVCNAME}.pid}"
FWKNOPD_BINARY="${FWKNOPD_BINARY:-/usr/sbin/fwknopd}"
depend() {
need iptables
use logger
if [ "${rc_need+set}" = "set" ]; then
: # Do nothing, the user has explicitly set rc_need
else
warn_addr=''
for x in $(awk '/^PCAP_INTF/{ sub(";$", ""); print $2 }'
"${FWKNOPD_CONFIG}" 2>/dev/null); do
warn_addr="${warn_addr} $x"
done
unset x
if [ "${warn_addr:+set}" = "set" ]; then
need net
ewarn "You are binding an interface in PCAP_INTF
statement in your fwknopd.conf!"
ewarn "You must add rc_need=\"net.FOO\" to your
/etc/conf.d/${SVCNAME}"
ewarn "where FOO is the following interface(s):"
ewarn "${warn_addr}"
else
# if PCAP_INTF and PCAP_FILE are not set, then fwknopd
uses eth0
if [ -z "$(grep "^PCAP_FILE" "${FWKNOPD_CONFIG}")" ];
then
need net
ewarn "You are not binding any interface in
PCAP_INTF statement in your fwknopd.conf,"
ewarn "neither you providing PCAP_FILE option.
Therefore fwknopd will listen on eth0."
ewarn "You must add rc_need=\"net.eth0\" to
your /etc/conf.d/${SVCNAME}"
fi
fi
unset warn_addr
fi
}
checkconfig() {
if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then
eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run
fwknopd"
eerror "Example configuration located at
/etc/fwknop/fwknopd.conf.example"
return 1
fi
if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then
eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run
fwknopd"
eerror "Example configuration located at
/etc/fwknop/access.conf.example"
return 1
fi
[ "${FWKNOPD_PIDFILE}" != "/run/fwknop/fwknopd.pid" ] \
&& FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}"
[ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \
&& FWKNOPD_OPTS="${FWKNOPD_OPTS} -c
${FWKNOPD_CONFDIR}/fwknopd.conf -a ${FWKNOPD_CONFDIR}/access.conf"
return 0
}
start() {
checkconfig || return 1
ebegin "Starting ${SVCNAME}"
start-stop-daemon --start \
--exec "${FWKNOPD_BINARY}" --pidfile="${FWKNOPD_PIDFILE}" \
-- "${FWKNOPD_OPTS}"
eend $?
}
stop() {
if [ "${RC_CMD}" = "restart" ]; then
checkconfig || return 1
fi
ebegin "Stopping ${SVCNAME}"
start-stop-daemon --stop \
--exec "${FWKNOPD_BINARY}" --pidfile "${FWKNOPD_PIDFILE}"
eend $?
}
reload() {
checkconfig || return 1
ebegin "Reloading ${SVCNAME}"
start-stop-daemon --signal HUP \
--exec "${FWKNOPD_BINARY}" --pidfile "${FWKNOPD_PIDFILE}"
eend $?
}
1.1
net-firewall/fwknop/files/fwknop-2.6.0-remove-extra-run-from-paths.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknop-2.6.0-remove-extra-run-from-paths.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/fwknop/files/fwknop-2.6.0-remove-extra-run-from-paths.patch?rev=1.1&content-type=text/plain
Index: fwknop-2.6.0-remove-extra-run-from-paths.patch
===================================================================
diff --git a/doc/fwknopd.man.asciidoc b/doc/fwknopd.man.asciidoc
index 082b6fb..cad4d2b 100644
--- a/doc/fwknopd.man.asciidoc
+++ b/doc/fwknopd.man.asciidoc
@@ -68,7 +68,7 @@ COMMAND-LINE OPTIONS
*-d, --digest-file*='<digest-file>'::
Specify the location of the 'digest.cache' file. If this option is
not given, 'fwknopd' will use the compile-time default location (typically
- '@localstatedir@/run/fwknop/digest.cache').
+ '@localstatedir@/fwknop/digest.cache').
*-D, --dump-config*::
Dump the configuration values that *fwknopd* derives from the
@@ -98,7 +98,7 @@ COMMAND-LINE OPTIONS
*-p, --pid-file*='<pid-file>'::
Specify the location of the 'fwknopd.pid' file. If this option is
not given, 'fwknopd' will use the compile-time default location (typically
- '@localstatedir@/run/fwknop/fwknopd.pid).
+ '@localstatedir@/fwknop/fwknopd.pid).
*-P, --pcap-filter*='<filter>'::
Specify a Berkeley packet filter statement on the *fwknopd* command
@@ -132,7 +132,7 @@ COMMAND-LINE OPTIONS
*--rotate-digest-cache*::
Rotate the digest cache file by renaming it to ``<name>-old'', and
starting a new one. The digest cache file is typically found in
- '@localstatedir@/run/fwknop/digest.cache'.
+ '@localstatedir@/fwknop/digest.cache'.
*-S, --status*::
Display the status of any *fwknopd* processes that may or not be
diff --git a/extras/apparmor/usr.sbin.fwknopd b/extras/apparmor/usr.sbin.fwknopd
index e967a56..cacf767 100644
--- a/extras/apparmor/usr.sbin.fwknopd
+++ b/extras/apparmor/usr.sbin.fwknopd
@@ -1,6 +1,4 @@
# Last Modified: Sun Aug 18 22:54:57 2013
-# Assumes fwknopd was built with:
-# './configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var'
#include <tunables/global>
/usr/sbin/fwknopd {
diff --git a/server/fwknopd.8.in b/server/fwknopd.8.in
index bb41b6f..6235790 100644
--- a/server/fwknopd.8.in
+++ b/server/fwknopd.8.in
@@ -94,7 +94,7 @@ Specify the location of the
file\&. If this option is not given,
\fIfwknopd\fR
will use the compile\-time default location (typically
-\fI@localstatedir@/run/fwknop/digest\&.cache\fR)\&.
+\fI@localstatedir@/fwknop/digest\&.cache\fR)\&.
.RE
.PP
\fB\-D, \-\-dump\-config\fR
@@ -148,7 +148,7 @@ Specify the location of the
\fIfwknopd\&.pid\fR
file\&. If this option is not given,
\fIfwknopd\fR
-will use the compile\-time default location (typically
\*(Aq@localstatedir@/run/fwknop/fwknopd\&.pid)\&.
+will use the compile\-time default location (typically
\*(Aq@localstatedir@/fwknop/fwknopd\&.pid)\&.
.RE
.PP
\fB\-P, \-\-pcap\-filter\fR=\fI<filter>\fR
@@ -195,7 +195,7 @@ files\&. This will also force a flush of the current
\(lqFWKNOP\(rq iptables cha
\fB\-\-rotate\-digest\-cache\fR
.RS 4
Rotate the digest cache file by renaming it to \(lq<name>\-old\(rq, and
starting a new one\&. The digest cache file is typically found in
-\fI@localstatedir@/run/fwknop/digest\&.cache\fR\&.
+\fI@localstatedir@/fwknop/digest\&.cache\fR\&.
.RE
.PP
\fB\-S, \-\-status\fR
diff --git a/server/fwknopd.conf.inst b/server/fwknopd.conf.inst
index acf7a77..db653ee 100644
--- a/server/fwknopd.conf.inst
+++ b/server/fwknopd.conf.inst
@@ -370,7 +370,7 @@
# Directories - These can override compile-time defaults.
#
-#FWKNOP_RUN_DIR /var/run/fwknop;
+#FWKNOP_RUN_DIR /run/fwknop;
#FWKNOP_CONF_DIR /etc/fwknop;
# Files
diff --git a/server/fwknopd_common.h b/server/fwknopd_common.h
index 2e632ed..b416f91 100644
--- a/server/fwknopd_common.h
+++ b/server/fwknopd_common.h
@@ -70,7 +70,7 @@
/* Our default run directory is based on LOCALSTATEDIR as set by the
* configure script. This is where we put the PID and digest cache files.
*/
- #define DEF_RUN_DIR SYSRUNDIR"/run/"PACKAGE_NAME
+ #define DEF_RUN_DIR SYSRUNDIR"/"PACKAGE_NAME
#endif
/* More Conf defaults
