net-misc/FORT-validator: New release 1.5.0 and init adaptation
Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr>
This commit is contained in:
parent
b99eca59c6
commit
fcf5470f8c
GPG Key ID:
7AFE62C6DF8BCDEC
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2020 Gentoo Authors
|
||||
# Copyright 2020-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
|
@ -42,8 +42,8 @@ src_prepare() {
|
|||
}
|
||||
|
||||
src_install() {
|
||||
newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN}
|
||||
newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN}
|
||||
newinitd "${FILESDIR}/${MY_PN}-1.4-initd" ${MY_PN}
|
||||
newconfd "${FILESDIR}/${MY_PN}-1.4-confd" ${MY_PN}
|
||||
|
||||
emake DESTDIR="${D}" install
|
||||
insinto /usr/share/${MY_PN}/
|
||||
|
|
@ -59,7 +59,7 @@ src_install() {
|
|||
exeinto "/usr/libexec/${MY_PN}"
|
||||
doexe fort_setup.sh
|
||||
|
||||
systemd_dounit "${FILESDIR}/${MY_PN}.service"
|
||||
systemd_dounit "${FILESDIR}/${MY_PN}-1.4.service"
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2020 Gentoo Authors
|
||||
# Copyright 2020-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
|
@ -42,8 +42,8 @@ src_prepare() {
|
|||
}
|
||||
|
||||
src_install() {
|
||||
newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN}
|
||||
newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN}
|
||||
newinitd "${FILESDIR}/${MY_PN}-1.4-initd" ${MY_PN}
|
||||
newconfd "${FILESDIR}/${MY_PN}-1.4-confd" ${MY_PN}
|
||||
|
||||
emake DESTDIR="${D}" install
|
||||
insinto /usr/share/${MY_PN}/
|
||||
|
|
@ -59,7 +59,7 @@ src_install() {
|
|||
exeinto "/usr/libexec/${MY_PN}"
|
||||
doexe fort_setup.sh
|
||||
|
||||
systemd_dounit "${FILESDIR}/${MY_PN}.service"
|
||||
systemd_dounit "${FILESDIR}/${MY_PN}-1.4.service"
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2020 Gentoo Authors
|
||||
# Copyright 2020-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
|
@ -42,8 +42,8 @@ src_prepare() {
|
|||
}
|
||||
|
||||
src_install() {
|
||||
newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN}
|
||||
newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN}
|
||||
newinitd "${FILESDIR}/${MY_PN}-1.5-initd" ${MY_PN}
|
||||
newconfd "${FILESDIR}/${MY_PN}-1.5-confd" ${MY_PN}
|
||||
|
||||
emake DESTDIR="${D}" install
|
||||
insinto /usr/share/${MY_PN}/
|
||||
|
|
@ -59,19 +59,16 @@ src_install() {
|
|||
exeinto "/usr/libexec/${MY_PN}"
|
||||
doexe fort_setup.sh
|
||||
|
||||
systemd_dounit "${FILESDIR}/${MY_PN}.service"
|
||||
systemd_dounit "${FILESDIR}/${MY_PN}-1.5.service"
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
fcaps cap_net_bind_service usr/bin/fort
|
||||
|
||||
einfo ""
|
||||
einfo "ARIN TAL is disabled by default because the ARIN Relying Party"
|
||||
einfo "Agreement must be accepted beforehead. Start fort, run"
|
||||
einfo "You have to init the TALs before the first run. To do so, run "
|
||||
einfo ""
|
||||
einfo " su -s /bin/sh -c '${EROOT}/usr/libexec/${MY_PN}/fort_setup.sh /usr/share/${MY_PN}/tal/' fort"
|
||||
einfo " su -s /bin/sh -c '${EROOT}/usr/bin/${MY_PN} --init-tals --tal /usr/share/${MY_PN}/tal/' fort"
|
||||
einfo ""
|
||||
einfo "as root and restart fort to enable it."
|
||||
einfo "The configuration file generation will provide a config file, but a"
|
||||
einfo "simpler one is shiped with the ebuid. Use the one you prefer."
|
||||
einfo "as root."
|
||||
}
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
DIST FORT-validator-1.4.0.tar.gz 468621 BLAKE2B f531f06136e8052ca8a001c91c8209bba7f0da6dcbb8cbccf9d7b3d39e2366951f48f254614def4749a8eb3f83bf01afaf9e2b013eecbc8fcd0c4274c4c3496a SHA512 dfbd94c9fbd8a4eac9f43030ebfa005febc01e4a39fccdd58fbfcc79aadfe0eeb2f8a2f4836c8d14c3e957f58e91466650ff1a266144f4b4f731495f8a74e460
|
||||
DIST FORT-validator-1.4.1.tar.gz 468737 BLAKE2B d1cbe115ba4d5e650d83e5793773028d545d7e56e8a7247ddc10673e0925ff278ebbc35f1161423d6f2b0bea6c8cb3416d8d87afea8c414bb69b5b95b9c8bf06 SHA512 aac4039bfad71fe9d9747abf8b2121d8b801c07feac83238c994b406241d2fefcf46bebc899298be84fddb90bbc345b117613a4bd4d45fbb38da89d1040ed393
|
||||
DIST FORT-validator-1.4.2.tar.gz 471694 BLAKE2B 9c5f3a2a6b79dbd62248e125d665d31561c2efee0b7df31215d16d55b56b56dee8dd6e5c34e9d01e36e82383dec49d6bb59fc3f078be000f166f46c4c08ead33 SHA512 c06c5552282584c0c671cec04d11a6072c5d19b3cc5a6e140088e6774c9b03a5fb00e9929e3f278f61207083f10f332282dba2c9395a28e78c190599c077c9fd
|
||||
DIST FORT-validator-1.5.0.tar.gz 482884 BLAKE2B 704f9d9f9c9cea54f8831f669eac62d5298da8ccacfdae5a4ecc30ee126be610679ff25a929d5ead64cb02fd63bdeaebc7027312d7fcb6d49bd0d563bb256fa2 SHA512 3da44896c69685c0a49e418b10e70ad34a5c621a32982203eb3def5462af014d1f807e29e3e9a7555b381ad976e8e19c2cc0973149c9c6253ee845a14fb86023
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
#!/sbin/openrc-run
|
||||
# Copyright 2020 Gentoo Authors
|
||||
# Copyright 2020-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
name="fort validator daemon"
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
# /etc/init.d/fort
|
||||
|
||||
# Options to pass to the fort process
|
||||
# See man fort for options
|
||||
|
||||
# If you want to use commands arguments instead of the configuration file and
|
||||
# not the default TAL directory, please remove the comment for FORT_BASEDIR as
|
||||
# well
|
||||
|
||||
#FORT_BASEDIR="/var/lib/fort/"
|
||||
#FORT_OPTS="--tal /usr/share/fort/tal/ \
|
||||
# --local-repository ${FORT_BASEDIR}
|
||||
# --log.output syslog
|
||||
# --server.address ::
|
||||
# --daemon"
|
||||
FORT_OPTS="--configuration-file /etc/fort/config.json --daemon"
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
#!/sbin/openrc-run
|
||||
# Copyright 2020-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
name="fort validator daemon"
|
||||
description="FORT validator is an open source RPKI validator."
|
||||
command=/usr/bin/fort
|
||||
command_args="${FORT_OPTS}"
|
||||
command_user="fort"
|
||||
pidfile="/run/${RC_SVCNAME}.pid"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
if [ -z "${FORT_BASEDIR}" ]; then
|
||||
FORT_BASEDIR=$(awk -F '"' '/local-repository/ { print $4 }' \
|
||||
/etc/fort/config.json)
|
||||
FORT_BASEDIR="${FORT_BASEDIR:-/var/cache/fort/repository/}"
|
||||
fi
|
||||
|
||||
checkpath -d -m 0755 -o fort:fort "$(dirname "${FORT_BASEDIR}")"
|
||||
checkpath -d -m 0755 -o fort:fort "${FORT_BASEDIR}"
|
||||
}
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
[Unit]
|
||||
Description=FORT RPKI validator
|
||||
Documentation=man:fort(8)
|
||||
Documentation=https://nicmx.github.io/FORT-validator/
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json --daemon
|
||||
Type=simple
|
||||
User=fort
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
CacheDirectory=fort
|
||||
ReadWritePaths=/var/lib/fort/
|
||||
ConfigurationDirectory=fort
|
||||
ConfigurationDirectory=tals
|
||||
StateDirectory=fort
|
||||
NoNewPrivileges=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallFilter=@system-service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Reference in New Issue