commit: b87c18c6676bdd262e676eacbc65352e5404bb07 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Wed Dec 23 20:43:18 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Wed Dec 23 20:44:44 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b87c18c6
sys-apps/xinetd: default to clearing active env It's rare that we want the active shell environment to be passed down to xinetd services, so default to clearing things. If a service wants an env var to be set, they can do so explicitly. sys-apps/xinetd/files/xinetd-2.3.15-config.patch | 22 ++++++++++ sys-apps/xinetd/xinetd-2.3.15-r3.ebuild | 55 ++++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/sys-apps/xinetd/files/xinetd-2.3.15-config.patch b/sys-apps/xinetd/files/xinetd-2.3.15-config.patch new file mode 100644 index 0000000..b362a97 --- /dev/null +++ b/sys-apps/xinetd/files/xinetd-2.3.15-config.patch @@ -0,0 +1,22 @@ +set up some secure defaults: + - services can only be accessed from localhost + - sanitize the runtime environment (so root's shell vars don't bleed through) + +--- contrib/xinetd.conf ++++ contrib/xinetd.conf +@@ -22,5 +22,5 @@ + # + # no_access = +-# only_from = ++ only_from = localhost + # max_load = 0 + cps = 50 10 +@@ -35,7 +35,7 @@ defaults + + # setup environmental attributes + # +-# passenv = ++ passenv = + groups = yes + umask = 002 + diff --git a/sys-apps/xinetd/xinetd-2.3.15-r3.ebuild b/sys-apps/xinetd/xinetd-2.3.15-r3.ebuild new file mode 100644 index 0000000..7e46776 --- /dev/null +++ b/sys-apps/xinetd/xinetd-2.3.15-r3.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils flag-o-matic systemd toolchain-funcs + +DESCRIPTION="powerful replacement for inetd" +HOMEPAGE="http://www.xinetd.org/ https://github.com/xinetd-org/xinetd"; +SRC_URI="http://www.xinetd.org/${P}.tar.gz"; + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +IUSE="perl rpc tcpd" + +DEPEND="tcpd? ( >=sys-apps/tcp-wrappers-7.6-r2 ) + rpc? ( net-libs/libtirpc:= )" +RDEPEND="${DEPEND} + perl? ( dev-lang/perl )" +DEPEND="${DEPEND} + virtual/pkgconfig" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.3.14-DESTDIR.patch + epatch "${FILESDIR}"/${PN}-2.3.14-install-contrib.patch + epatch "${FILESDIR}"/${PN}-2.3.15-config.patch + epatch "${FILESDIR}"/${PN}-2.3.15-creds.patch #488158 + find -name Makefile.in -exec sed -i 's:\<ar\>:$(AR):' {} + +} + +src_configure() { + if ! use rpc ; then + append-cppflags -DNO_RPC + export ac_cv_header_{rpc_{rpc,rpcent,pmap_clnt},netdb}_h=no + fi + tc-export AR PKG_CONFIG + LIBS=$(${PKG_CONFIG} --libs libtirpc) \ + econf \ + $(use_with tcpd libwrap) \ + --with-loadavg +} + +src_install() { + emake DESTDIR="${ED}" install install-contrib + use perl || rm -f "${ED}"/usr/sbin/xconv.pl + + newinitd "${FILESDIR}"/xinetd.rc6 xinetd + newconfd "${FILESDIR}"/xinetd.confd xinetd + systemd_dounit "${FILESDIR}/${PN}.service" + + newdoc contrib/xinetd.conf xinetd.conf.dist.sample + dodoc AUDIT INSTALL README TODO CHANGELOG +}
