net-misc/FORT-validator: New release 1.5.0 and init adaptation

Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr>
2021-02-11 09:37:11 +01:00 · 2021-02-11 09:37:11 +01:00 · fcf5470f8c
parent b99eca59c6
commit fcf5470f8c
10 changed files with 93 additions and 20 deletions
--- a/net-misc/FORT-validator/FORT-validator-1.4.1.ebuild
+++ b/net-misc/FORT-validator/FORT-validator-1.4.1.ebuild
@ -1,4 +1,4 @@
-# Copyright 2020 Gentoo Authors
+# Copyright 2020-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7
@ -42,8 +42,8 @@ src_prepare() {
 }

 src_install() {
-	newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN}
-	newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN}
+	newinitd "${FILESDIR}/${MY_PN}-1.4-initd" ${MY_PN}
+	newconfd "${FILESDIR}/${MY_PN}-1.4-confd" ${MY_PN}

 	emake DESTDIR="${D}" install
 	insinto /usr/share/${MY_PN}/
@ -59,7 +59,7 @@ src_install() {
 	exeinto "/usr/libexec/${MY_PN}"
 	doexe fort_setup.sh

-	systemd_dounit "${FILESDIR}/${MY_PN}.service"
+	systemd_dounit "${FILESDIR}/${MY_PN}-1.4.service"
 }

 pkg_postinst() {
--- a/net-misc/FORT-validator/FORT-validator-1.4.2.ebuild
+++ b/net-misc/FORT-validator/FORT-validator-1.4.2.ebuild
@ -1,4 +1,4 @@
-# Copyright 2020 Gentoo Authors
+# Copyright 2020-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7
@ -42,8 +42,8 @@ src_prepare() {
 }

 src_install() {
-	newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN}
-	newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN}
+	newinitd "${FILESDIR}/${MY_PN}-1.4-initd" ${MY_PN}
+	newconfd "${FILESDIR}/${MY_PN}-1.4-confd" ${MY_PN}

 	emake DESTDIR="${D}" install
 	insinto /usr/share/${MY_PN}/
@ -59,7 +59,7 @@ src_install() {
 	exeinto "/usr/libexec/${MY_PN}"
 	doexe fort_setup.sh

-	systemd_dounit "${FILESDIR}/${MY_PN}.service"
+	systemd_dounit "${FILESDIR}/${MY_PN}-1.4.service"
 }

 pkg_postinst() {
--- a/net-misc/FORT-validator/FORT-validator-1.5.0.ebuild
+++ b/net-misc/FORT-validator/FORT-validator-1.5.0.ebuild
@ -1,4 +1,4 @@
-# Copyright 2020 Gentoo Authors
+# Copyright 2020-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=7
@ -42,8 +42,8 @@ src_prepare() {
 }

 src_install() {
-	newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN}
-	newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN}
+	newinitd "${FILESDIR}/${MY_PN}-1.5-initd" ${MY_PN}
+	newconfd "${FILESDIR}/${MY_PN}-1.5-confd" ${MY_PN}

 	emake DESTDIR="${D}" install
 	insinto /usr/share/${MY_PN}/
@ -59,19 +59,16 @@ src_install() {
 	exeinto "/usr/libexec/${MY_PN}"
 	doexe fort_setup.sh

-	systemd_dounit "${FILESDIR}/${MY_PN}.service"
+	systemd_dounit "${FILESDIR}/${MY_PN}-1.5.service"
 }

 pkg_postinst() {
 	fcaps cap_net_bind_service usr/bin/fort

 	einfo ""
-	einfo "ARIN TAL is disabled by default because the ARIN Relying Party"
-	einfo "Agreement must be accepted beforehead. Start fort, run"
+	einfo "You have to init the TALs before the first run. To do so, run "
 	einfo ""
-	einfo "  su -s /bin/sh -c '${EROOT}/usr/libexec/${MY_PN}/fort_setup.sh /usr/share/${MY_PN}/tal/' fort"
+	einfo "  su -s /bin/sh -c '${EROOT}/usr/bin/${MY_PN} --init-tals --tal /usr/share/${MY_PN}/tal/' fort"
 	einfo ""
-	einfo "as root and restart fort to enable it."
-	einfo "The configuration file generation will provide a config file, but a"
-	einfo "simpler one is shiped with the ebuid. Use the one you prefer."
+	einfo "as root."
 }
--- a/net-misc/FORT-validator/Manifest
+++ b/net-misc/FORT-validator/Manifest
@ -1,3 +1,3 @@
-DIST FORT-validator-1.4.0.tar.gz 468621 BLAKE2B f531f06136e8052ca8a001c91c8209bba7f0da6dcbb8cbccf9d7b3d39e2366951f48f254614def4749a8eb3f83bf01afaf9e2b013eecbc8fcd0c4274c4c3496a SHA512 dfbd94c9fbd8a4eac9f43030ebfa005febc01e4a39fccdd58fbfcc79aadfe0eeb2f8a2f4836c8d14c3e957f58e91466650ff1a266144f4b4f731495f8a74e460
 DIST FORT-validator-1.4.1.tar.gz 468737 BLAKE2B d1cbe115ba4d5e650d83e5793773028d545d7e56e8a7247ddc10673e0925ff278ebbc35f1161423d6f2b0bea6c8cb3416d8d87afea8c414bb69b5b95b9c8bf06 SHA512 aac4039bfad71fe9d9747abf8b2121d8b801c07feac83238c994b406241d2fefcf46bebc899298be84fddb90bbc345b117613a4bd4d45fbb38da89d1040ed393
 DIST FORT-validator-1.4.2.tar.gz 471694 BLAKE2B 9c5f3a2a6b79dbd62248e125d665d31561c2efee0b7df31215d16d55b56b56dee8dd6e5c34e9d01e36e82383dec49d6bb59fc3f078be000f166f46c4c08ead33 SHA512 c06c5552282584c0c671cec04d11a6072c5d19b3cc5a6e140088e6774c9b03a5fb00e9929e3f278f61207083f10f332282dba2c9395a28e78c190599c077c9fd
+DIST FORT-validator-1.5.0.tar.gz 482884 BLAKE2B 704f9d9f9c9cea54f8831f669eac62d5298da8ccacfdae5a4ecc30ee126be610679ff25a929d5ead64cb02fd63bdeaebc7027312d7fcb6d49bd0d563bb256fa2 SHA512 3da44896c69685c0a49e418b10e70ad34a5c621a32982203eb3def5462af014d1f807e29e3e9a7555b381ad976e8e19c2cc0973149c9c6253ee845a14fb86023
--- a/net-misc/FORT-validator/files/fort-1.4-confd
+++ b/net-misc/FORT-validator/files/fort-1.4-confd
--- a/net-misc/FORT-validator/files/fort-1.4-initd
+++ b/net-misc/FORT-validator/files/fort-1.4-initd
@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 2020 Gentoo Authors
+# Copyright 2020-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 name="fort validator daemon"
--- a/net-misc/FORT-validator/files/fort-1.4.service
+++ b/net-misc/FORT-validator/files/fort-1.4.service
--- a/net-misc/FORT-validator/files/fort-1.5-confd
+++ b/net-misc/FORT-validator/files/fort-1.5-confd
@ -0,0 +1,16 @@
+# /etc/init.d/fort
+
+# Options to pass to the fort process
+# See man fort for options
+
+# If you want to use commands arguments instead of the configuration file and
+# not the default TAL directory, please remove the comment for FORT_BASEDIR as
+# well
+
+#FORT_BASEDIR="/var/lib/fort/"
+#FORT_OPTS="--tal /usr/share/fort/tal/ \
+#	--local-repository ${FORT_BASEDIR}
+#	--log.output syslog
+#	--server.address ::
+#	--daemon"
+FORT_OPTS="--configuration-file /etc/fort/config.json --daemon"
--- a/net-misc/FORT-validator/files/fort-1.5-initd
+++ b/net-misc/FORT-validator/files/fort-1.5-initd
@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+# Copyright 2020-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="fort validator daemon"
+description="FORT validator is an open source RPKI validator."
+command=/usr/bin/fort
+command_args="${FORT_OPTS}"
+command_user="fort"
+pidfile="/run/${RC_SVCNAME}.pid"
+
+depend() {
+	need net
+}
+
+start_pre() {
+	if [ -z "${FORT_BASEDIR}" ]; then
+		FORT_BASEDIR=$(awk -F '"' '/local-repository/ { print $4 }' \
+			/etc/fort/config.json)
+		FORT_BASEDIR="${FORT_BASEDIR:-/var/cache/fort/repository/}"
+	fi
+
+	checkpath -d -m 0755 -o fort:fort "$(dirname "${FORT_BASEDIR}")"
+	checkpath -d -m 0755 -o fort:fort "${FORT_BASEDIR}"
+}
--- a/net-misc/FORT-validator/files/fort-1.5.service
+++ b/net-misc/FORT-validator/files/fort-1.5.service
@ -0,0 +1,35 @@
+[Unit]
+Description=FORT RPKI validator
+Documentation=man:fort(8)
+Documentation=https://nicmx.github.io/FORT-validator/
+
+[Service]
+ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json --daemon
+Type=simple
+User=fort
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+CacheDirectory=fort
+ReadWritePaths=/var/lib/fort/
+ConfigurationDirectory=fort
+ConfigurationDirectory=tals
+StateDirectory=fort
+NoNewPrivileges=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target