commit: 306074bb6b298fbf0a3988372f7f10795b973faf Author: alarig <alarig <AT> swordarmor <DOT> fr> AuthorDate: Fri Mar 13 11:06:48 2020 +0000 Commit: Alarig Le Lay <alarig <AT> swordarmor <DOT> fr> CommitDate: Fri Mar 13 12:16:00 2020 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=306074bb
net-misc/FORT-validator: RPKI validator (new ebuild) Signed-off-by: Alarig Le Lay <alarig <AT> swordarmor.fr> acct-group/fort/fort-0.ebuild | 9 +++ acct-group/fort/metadata.xml | 12 ++++ acct-user/fort-0.ebuild | 13 ++++ acct-user/metadata.xml | 12 ++++ .../FORT-validator/FORT-validator-1.2.0.ebuild | 77 ++++++++++++++++++++++ net-misc/FORT-validator/Manifest | 1 + net-misc/FORT-validator/files/fort-confd | 15 +++++ net-misc/FORT-validator/files/fort-config.json | 10 +++ net-misc/FORT-validator/files/fort-initd | 26 ++++++++ net-misc/FORT-validator/files/fort.service | 35 ++++++++++ net-misc/FORT-validator/metadata.xml | 12 ++++ 11 files changed, 222 insertions(+) diff --git a/acct-group/fort/fort-0.ebuild b/acct-group/fort/fort-0.ebuild new file mode 100644 index 0000000..2e40814 --- /dev/null +++ b/acct-group/fort/fort-0.ebuild @@ -0,0 +1,9 @@ +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-group + +# Port 323 +ACCT_GROUP_ID=323 diff --git a/acct-group/fort/metadata.xml b/acct-group/fort/metadata.xml new file mode 100644 index 0000000..678ca7a --- /dev/null +++ b/acct-group/fort/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>[email protected]</email> + <name>Alarig Le Lay</name> + </maintainer> + <maintainer type="project"> + <email>[email protected]</email> + <name>Proxy Maintainers</name> + </maintainer> +</pkgmetadata> diff --git a/acct-user/fort-0.ebuild b/acct-user/fort-0.ebuild new file mode 100644 index 0000000..9c9fec7 --- /dev/null +++ b/acct-user/fort-0.ebuild @@ -0,0 +1,13 @@ +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-user + +DESCRIPTION="User for FORT RPKI validator" +ACCT_USER_ID=323 +ACCT_USER_GROUPS=( fort ) +ACCT_USER_HOME="/usr/share/${PN}/" + +acct-user_add_deps diff --git a/acct-user/metadata.xml b/acct-user/metadata.xml new file mode 100644 index 0000000..678ca7a --- /dev/null +++ b/acct-user/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>[email protected]</email> + <name>Alarig Le Lay</name> + </maintainer> + <maintainer type="project"> + <email>[email protected]</email> + <name>Proxy Maintainers</name> + </maintainer> +</pkgmetadata> diff --git a/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild b/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild new file mode 100644 index 0000000..9598c51 --- /dev/null +++ b/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild @@ -0,0 +1,77 @@ +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools fcaps systemd + +DESCRIPTION="FORT validator is an open source RPKI validator." +HOMEPAGE="https://fortproject.net/validator?2"; +SRC_URI="https://github.com/NICMx/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +MY_PN="fort" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="caps libressl" + +DEPEND=" + acct-group/fort + acct-user/fort + caps? ( sys-libs/libcap ) + dev-libs/jansson + libressl? ( dev-libs/libressl:0= ) + !libressl? ( dev-libs/openssl:0= ) +" +RDEPEND=" + ${DEPEND} + net-misc/rsync +" +BDEPEND=" + sys-devel/autoconf + sys-devel/automake +" + +src_prepare() { + default + + eautoreconf +} + +src_install() { + newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN} + newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN} + + emake DESTDIR="${D}" install + insinto /usr/share/${MY_PN}/ + insopts -m0644 -o "${MY_PN}" + diropts -m0755 -o "${MY_PN}" + doins -r examples/tal/ + + dodoc -r examples/ + + insinto /etc/fort + newins "${FILESDIR}/fort-config.json" config.json + + exeinto "/usr/libexec/${MY_PN}" + doexe fort_setup.sh + + systemd_dounit "${FILESDIR}/${MY_PN}.service" +} + +pkg_postinst() { + fcaps cap_net_bind_service usr/bin/fort + + einfo "" + einfo "ARIN TAL is disabled by default because the ARIN Relying Party" + einfo "Agreement must be accepted beforehead. Start fort, run" + einfo "" + einfo " su -s /bin/sh -c '${EROOT}/usr/libexec/${MY_PN}/fort_setup.sh /usr/share/${MY_PN}/tal/' fort" + einfo "" + einfo "as root and restart fort to enable it." + einfo "The configuration file generation will fail because the script tries" + einfo "to write in your current directory. Plus, there is a configuration" + einfo "file with this ebuild, so you don’t have to use the generated one if" + einfo "you don’t want to." +} diff --git a/net-misc/FORT-validator/Manifest b/net-misc/FORT-validator/Manifest new file mode 100644 index 0000000..abe9cf9 --- /dev/null +++ b/net-misc/FORT-validator/Manifest @@ -0,0 +1 @@ +DIST FORT-validator-1.2.0.tar.gz 427483 BLAKE2B 05fbec44fb17fa188b6196a2b166f2e112224dcf4071cc875ed1f3a147b28acff94c89b0c0a658aaee197e1820d9f53803e73add81e355f7df07713fcdb0df00 SHA512 e89b1aa7c0cd4036d04a017898e1a6017450f5dab96e57c35b0aa532b212b23f7fab17ca117a9461c9bdacca511ea70341e692a4d5e8f277ae8e277c1d48706e diff --git a/net-misc/FORT-validator/files/fort-confd b/net-misc/FORT-validator/files/fort-confd new file mode 100644 index 0000000..9293675 --- /dev/null +++ b/net-misc/FORT-validator/files/fort-confd @@ -0,0 +1,15 @@ +# /etc/init.d/fort + +# Options to pass to the fort process +# See man fort for options + +# If you want to use commands arguments instead of the configuration file and +# not the default TAL directory, please remove the comment for FORT_BASEDIR as +# well + +#FORT_BASEDIR="/var/lib/fort/" +#FORT_OPTS="--tal /usr/share/fort/tal/ \ +# --local-repository ${FORT_BASEDIR} +# --log.output syslog +# --server.address ::" +FORT_OPTS="--configuration-file /etc/fort/config.json" diff --git a/net-misc/FORT-validator/files/fort-config.json b/net-misc/FORT-validator/files/fort-config.json new file mode 100644 index 0000000..b3d5fec --- /dev/null +++ b/net-misc/FORT-validator/files/fort-config.json @@ -0,0 +1,10 @@ +{ + "tal": "/usr/share/fort/tal/", + "local-repository": "/var/cache/fort/repository/", + "server": { + "address": "::" + }, + "log": { + "output": "syslog" + } +} diff --git a/net-misc/FORT-validator/files/fort-initd b/net-misc/FORT-validator/files/fort-initd new file mode 100644 index 0000000..25e6b30 --- /dev/null +++ b/net-misc/FORT-validator/files/fort-initd @@ -0,0 +1,26 @@ +#!/sbin/openrc-run +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +name="fort validator daemon" +description="FORT validator is an open source RPKI validator." +command=/usr/bin/fort +command_args="${FORT_OPTS}" +command_user="fort" +pidfile="/run/${RC_SVCNAME}.pid" +command_background=true + +depend() { + need net +} + +start_pre() { + if [ -z "${FORT_BASEDIR}" ]; then + FORT_BASEDIR=$(awk -F '"' '/local-repository/ { print $4 }' \ + /etc/fort/config.json) + FORT_BASEDIR="${FORT_BASEDIR:-/var/cache/fort/repository/}" + fi + + checkpath -d -m 0755 -o fort:fort "$(dirname "${FORT_BASEDIR}")" + checkpath -d -m 0755 -o fort:fort "${FORT_BASEDIR}" +} diff --git a/net-misc/FORT-validator/files/fort.service b/net-misc/FORT-validator/files/fort.service new file mode 100644 index 0000000..4f24f8d --- /dev/null +++ b/net-misc/FORT-validator/files/fort.service @@ -0,0 +1,35 @@ +[Unit] +Description=FORT RPKI validator +Documentation=man:fort(8) +Documentation=https://nicmx.github.io/FORT-validator/ + +[Service] +ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json +Type=simple +User=fort +AmbientCapabilities=CAP_NET_BIND_SERVICE +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +ProtectSystem=strict +ProtectHome=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +CacheDirectory=fort +ReadWritePaths=/var/lib/fort/ +ConfigurationDirectory=fort +ConfigurationDirectory=tals +StateDirectory=fort +NoNewPrivileges=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/FORT-validator/metadata.xml b/net-misc/FORT-validator/metadata.xml new file mode 100644 index 0000000..678ca7a --- /dev/null +++ b/net-misc/FORT-validator/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>[email protected]</email> + <name>Alarig Le Lay</name> + </maintainer> + <maintainer type="project"> + <email>[email protected]</email> + <name>Proxy Maintainers</name> + </maintainer> +</pkgmetadata>
