This thread contains a patchset. You're looking at the original emails,
but you may wish to use the patch review UI.
Review patch
[alpine-aports] [PATCH] main/net_snmp: init scripts cleanup and modify configs to run snmpd & snmptrapd out from the box
---
main/net-snmp/APKBUILD | 33 +++++++++++++++------------------
main/net-snmp/initd | 19 +++++++++++++++++++
main/net-snmp/snmpd.confd | 6 +++---
main/net-snmp/snmpd.initd | 37 -------------------------------------
main/net-snmp/snmptrapd.confd | 6 +++---
main/net-snmp/snmptrapd.initd | 23 -----------------------
6 files changed, 40 insertions(+), 84 deletions(-)
create mode 100644 main/net-snmp/initd
delete mode 100644 main/net-snmp/snmpd.initd
delete mode 100644 main/net-snmp/snmptrapd.initd
diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD
index 3c0c455..f7ccf81 100644
--- a/main/net-snmp/APKBUILD
+++ b/main/net-snmp/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=net-snmp
pkgver=5.7.3
-pkgrel=3
+pkgrel=4
pkgdesc="Simple Network Management Protocol"
url="http://www.net-snmp.org/"
arch="all"
@@ -19,9 +19,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
fix-includes.patch
CVE-2015-5621.patch
- snmpd.initd
+ initd
snmpd.confd
- snmptrapd.initd
snmptrapd.confd
"
@@ -92,11 +91,12 @@ package() {
|| return 1
ln -s snmptrap "$pkgdir"/usr/bin/snmpinform || return 1
- install -m755 -D "$srcdir"/snmpd.initd "$pkgdir"/etc/init.d/snmpd
+ install -m755 -D "$srcdir"/initd "$pkgdir"/etc/init.d/snmpd
+ install -m755 -D "$srcdir"/initd "$pkgdir"/etc/init.d/snmptrapd
install -m644 -D "$srcdir"/snmpd.confd "$pkgdir"/etc/conf.d/snmpd
- install -m755 -D "$srcdir"/snmptrapd.initd "$pkgdir"/etc/init.d/snmptrapd
install -m644 -D "$srcdir"/snmptrapd.confd "$pkgdir"/etc/conf.d/snmptrapd
- install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf.example
+ install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf
+ echo "authCommunity log,execute,net public" > "$pkgdir"/etc/snmp/snmptrapd.conf
mkdir -p "$pkgdir"/var/lib/net-snmp
find "$pkgdir" -name perllocal.pod -delete
}
@@ -159,23 +159,20 @@ md5sums="d4a3459e1577d0efa8d96ca70a885e53 net-snmp-5.7.3.tar.gz
4fd189ec7154114c9bd19f2b0058ae9c netsnmp-swinst-crash.patch
0fe11859a55f8e2489d5de629971a242 fix-includes.patch
2267947dd243b4fa85a3cf0c23dbaa76 CVE-2015-5621.patch
-15faba29c3a61aaa41e4ca9b04f3cebf snmpd.initd
-ea1296c366d6a7b0dab8a5b46e02d139 snmpd.confd
-b929515d53d6f5dbf7f85c92efc90455 snmptrapd.initd
-363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd"
+5d02ca50ba04fd9421cd059700dfabf5 initd
+c7658acd05090f52c6a9e4b195d65b01 snmpd.confd
+8095341bc4bb23bfc3be1d7e2d51bb4f snmptrapd.confd"
sha256sums="12ef89613c7707dc96d13335f153c1921efc9d61d3708ef09f3fc4a7014fb4f0 net-snmp-5.7.3.tar.gz
2de23959acf74d8f893129819149d016cc22f2d60e15f875e4d17de33931013e netsnmp-swinst-crash.patch
7528f7d368a0a4536915805c065f8496c37cb99dbc74d508bed89831cd5af37e fix-includes.patch
4cfe532b39877d90836d04079ab7bff14727719e8ca719ead9d615b21cade255 CVE-2015-5621.patch
-c8597688d848f10f305f883466300e48fa4976b782835a45781ad7e1a8374cd6 snmpd.initd
-e1434b38611a436278b1f0974a55ea3374863a975405b5dc2da836e9acb082ff snmpd.confd
-bad9efc1b131d7a0b5a05dedc589b011908ee9eb24472bffa6c5838d363db11e snmptrapd.initd
-095647b0e5be51e2bdd398267d7450da678b7d23cae6273f9b9461a26f89d69f snmptrapd.confd"
+30258e0e6e6699fbb655be378b5096b2bfefd77fad2a7aff98b32cf3e0ccb282 initd
+21ced816652de3dbae04970db8e465ffb119a2a0c1bddf9f12867d1c81eb0aac snmpd.confd
+2ff4dc5a94a3b78aeb88c85dc94e55bf01ef342cf02d536b5c71bb6654a9c025 snmptrapd.confd"
sha512sums="0758bba5844cfd6c80959ac16b83906a2f830ba49fd0ab1bf9e191dc6a79d312a2e4760bd53b3e1a1c82759481f0064d088d5a3cf475d84b25679a6bd0f049bb net-snmp-5.7.3.tar.gz
4ad92f50b14d5e27ba86256cc532a2dd055502f4d5fbb1700434f9f01f881fd09bb1eadb94e727554e1470f036707558314c64a66d0376b54e71ab31d5e4baa3 netsnmp-swinst-crash.patch
87a552bd2e41684bba6e87fbcf6454a85ee912d7a339411fda24cebddf7661f0856729e076a917920a542cf84b687ffd90a091daa15f2c48f0ff64f3a53c0ddb fix-includes.patch
2b2a7be54a570e3c1bb701f8ccfb98ea8e50a19fda021f43a521d4e968ded1bc5e794fc4348dff7fcdf57da34ff6b555398851bbccfcf92bb75ad6f365a80dba CVE-2015-5621.patch
-b19c039ad45b1802a243b6c2b870aca1f251f8fc22530bbe3c61b037f289891efa692dc1d6bd53148ee35c115367cbb22200af480b7898bfb2cb0a4b0d51cd73 snmpd.initd
-ad30bb027dbd18272a4ddb34009bdaa19df030f23956c5fa592e47cf76ad87175ae6b97659b8bbd866d79674bbc7b8b3a8a400746139c18de0eb86902706b65f snmpd.confd
-17239cdeac6bf8ea47bc1238567f72be9c755591ca386a87e58ee5d3ac074e228b5cdd399618e7434a8c535537d6c6a48c8d66d84380b8944fe00514f090c00d snmptrapd.initd
-9cafeece565ca09c2cc85fa9c805d9932a745aca45b999e7511ccd0ffe0a95eddc1441ed231acf52a811db124bc2f797612ebb182b0a8a959ad24506e790a0b1 snmptrapd.confd"
+32b93dd00d1fbf84edebb177b52caa26ac577e33f14f2c0af5dc04fcefd924adf28bd506cb377711eef5e543476f822f1aac0607f24a668e9d0df6268a06685e initd
+fb101aa758d741ed3ea88b11f1cd49cfd04bd03ce62435f3acb17724748131c57f00b71fd45cb7e7871d65a1aab576652cd6e158b6406aa6d0998582b8235ef5 snmpd.confd
+073fd2b83eedd6eda1f7345350268ce7946ef6d67a8f26f7c232e46feb75babf68272ae12071a2f9ea76ede71393b3ae4672d3cd47cfd14ab77e3a6482f2e124 snmptrapd.confd"
diff --git a/main/net-snmp/initd b/main/net-snmp/initd
new file mode 100644
index 0000000..3790d77
--- /dev/null
+++ b/main/net-snmp/initd
@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+
+pidfile="/var/run/${SVCNAME}.pid"
+command="/usr/sbin/${SVCNAME}"
+command_args="-p ${pidfile} ${OPTS}"
+required_files="/etc/snmp/${SVCNAME}.conf"
+extra_started_commands="reload"
+
+depend() {
+ use logger
+ need net
+ after firewall
+}
+
+reload() {
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP --pidfile ${pidfile} --name ${SVCNAME}
+ eend $?
+}
diff --git a/main/net-snmp/snmpd.confd b/main/net-snmp/snmpd.confd
index 7b178da..8495175 100644
--- a/main/net-snmp/snmpd.confd
+++ b/main/net-snmp/snmpd.confd
@@ -2,13 +2,13 @@
OPTS=""
# Enable connection logging.
-#SNMPD_FLAGS="${OPTS} -a"
+#OPTS="${OPTS} -a"
# Enable syslog and disable file log.
-SNMPD_FLAGS="${OPTS} -LSwd -Lf /dev/null"
+OPTS="${OPTS} -LSwd -Lf /dev/null"
# Enable agentx socket as /var/agentx/master
# *NOTE* Before uncommenting this, make sure
# the /var/agentx directory exists.
-#SNMPD_FLAGS="${OPTS} -x /var/agentx/master"
+#OPTS="${OPTS} -x /var/agentx/master"
diff --git a/main/net-snmp/snmpd.initd b/main/net-snmp/snmpd.initd
deleted file mode 100644
index 65d0555..0000000
--- a/main/net-snmp/snmpd.initd
@@ -1,37 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmpd.init.2,v 1.3 2012/10/22 02:57:05 flameeyes Exp $
-
-SNMPD_PIDFILE="${SNMPD_PIDFILE:-/var/run/snmpd.pid}"
-
-extra_started_commands="reload"
-
-command="/usr/sbin/snmpd"
-command_args="-p ${SNMPD_PIDFILE} ${SNMPD_FLAGS}"
-pidfile="${SNMPD_PIDFILE}"
-
-depend() {
- use logger
- need net
- after firewall
-}
-
-checkconfig() {
- if [ ! -e /etc/snmp/snmpd.conf ] ; then
- eerror "${SVCNAME} requires an /etc/snmp/snmpd.conf configuration file"
- return 1
- fi
-}
-
-start_pre() {
- checkconfig || return 1
-}
-
-reload() {
- checkconfig || return 1
-
- ebegin "Reloading ${SVCNAME} configuration"
- kill -HUP $(cat ${SNMPD_PIDFILE}) 2>&1 > /dev/null
- eend $?
-}
diff --git a/main/net-snmp/snmptrapd.confd b/main/net-snmp/snmptrapd.confd
index d9cee61..7f10cfe 100644
--- a/main/net-snmp/snmptrapd.confd
+++ b/main/net-snmp/snmptrapd.confd
@@ -2,11 +2,11 @@
OPTS=""
# ignore authentication failure traps
-#SNMPTRAPD_FLAGS="${OPTS} -a"
+#OPTS="${OPTS} -a"
# log messages to specified file
-#SNMPTRAPD_FLAGS="${OPTS} -Lf /var/log/snmptrapd.log"
+#OPTS="${OPTS} -Lf /var/log/snmptrapd.log"
# log messages to syslog with the specified facility
# where facility is: 'd' = LOG_DAEMON, 'u' = LOG_USER, [0-7] = LOG_LOCAL[0-7]
-#SNMPTRAPD_FLAGS="${OPTS} -Ls d"
+#OPTS="${OPTS} -Ls d"
diff --git a/main/net-snmp/snmptrapd.initd b/main/net-snmp/snmptrapd.initd
deleted file mode 100644
index 87e1bf5..0000000
--- a/main/net-snmp/snmptrapd.initd
@@ -1,23 +0,0 @@
-#!/sbin/openrc-run
-
-NAME=snmptrapd
-DAEMON=/usr/sbin/$NAME
-
-depend() {
- use logger
- need net
- after firewall
-}
-
-start() {
- ebegin "Starting ${NAME}"
- start-stop-daemon --start --quiet --background \
- --exec ${DAEMON} -- -p /var/run/${NAME}.pid ${OPTS}
- eend $?
-}
-
-stop() {
- ebegin "Stopping ${NAME}"
- start-stop-daemon --stop --quiet --pidfile /var/run/${NAME}.pid
- eend $?
-}
--
2.5.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---
On Wed, 30 Sep 2015 17:05:12 +0300
Valery Kartel <valery.kartel@gmail.com> wrote:
> ---
> main/net-snmp/APKBUILD | 33 +++++++++++++++------------------
> main/net-snmp/initd | 19 +++++++++++++++++++
> main/net-snmp/snmpd.confd | 6 +++---
> main/net-snmp/snmpd.initd | 37 -------------------------------------
> main/net-snmp/snmptrapd.confd | 6 +++---
> main/net-snmp/snmptrapd.initd | 23 -----------------------
> 6 files changed, 40 insertions(+), 84 deletions(-)
> create mode 100644 main/net-snmp/initd
> delete mode 100644 main/net-snmp/snmpd.initd
> delete mode 100644 main/net-snmp/snmptrapd.initd
>
> diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD
> index 3c0c455..f7ccf81 100644
> --- a/main/net-snmp/APKBUILD
> +++ b/main/net-snmp/APKBUILD
> @@ -2,7 +2,7 @@
> # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
> pkgname=net-snmp
> pkgver=5.7.3
> -pkgrel=3
> +pkgrel=4
> pkgdesc="Simple Network Management Protocol"
> url="http://www.net-snmp.org/"
> arch="all"
> @@ -19,9 +19,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
> fix-includes.patch
> CVE-2015-5621.patch
>
> - snmpd.initd
> + initd
I would like to call it snmpd.initd. I sometimes grep stuff */*.initd.
> snmpd.confd
> - snmptrapd.initd
> snmptrapd.confd
> "
>
> @@ -92,11 +91,12 @@ package() {
> || return 1
> ln -s snmptrap "$pkgdir"/usr/bin/snmpinform || return 1
>
> - install -m755 -D "$srcdir"/snmpd.initd "$pkgdir"/etc/init.d/snmpd
> + install -m755 -D "$srcdir"/initd "$pkgdir"/etc/init.d/snmpd
> + install -m755 -D "$srcdir"/initd "$pkgdir"/etc/init.d/snmptrapd
Since snmpd and snmptrapd init script is identical, maybe we should
just symlink it?
> install -m644 -D "$srcdir"/snmpd.confd "$pkgdir"/etc/conf.d/snmpd
> - install -m755 -D "$srcdir"/snmptrapd.initd "$pkgdir"/etc/init.d/snmptrapd
> install -m644 -D "$srcdir"/snmptrapd.confd "$pkgdir"/etc/conf.d/snmptrapd
> - install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf.example
> + install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf
> + echo "authCommunity log,execute,net public" > "$pkgdir"/etc/snmp/snmptrapd.conf
Those example configs, are they secure by default? We want a default
install be secure and let user enable stuff he needs rather than the
opposite, that things works by default but user need to disable stuff
or harden it afterwards.
> mkdir -p "$pkgdir"/var/lib/net-snmp
> find "$pkgdir" -name perllocal.pod -delete
> }
...
> diff --git a/main/net-snmp/initd b/main/net-snmp/initd
> new file mode 100644
> index 0000000..3790d77
> --- /dev/null
> +++ b/main/net-snmp/initd
> @@ -0,0 +1,19 @@
> +#!/sbin/openrc-run
> +
> +pidfile="/var/run/${SVCNAME}.pid"
> +command="/usr/sbin/${SVCNAME}"
> +command_args="-p ${pidfile} ${OPTS}"
> +required_files="/etc/snmp/${SVCNAME}.conf"
> +extra_started_commands="reload"
> +
> +depend() {
> + use logger
> + need net
> + after firewall
> +}
> +
> +reload() {
> + ebegin "Reloading ${SVCNAME}"
> + start-stop-daemon --signal HUP --pidfile ${pidfile} --name ${SVCNAME}
> + eend $?
> +}
I like this, that we use the default start/stop functions and that we
reuse same init.d script for both snmpd and snmptrapd. However, this
will also break existing configs, which I want to avoid if possible.
We could maybe do something like:
# for backward compat
case "$SVCNAME" in
snmpd) : ${OPTS:=$SNMPD_FLAGS} ;;
esac
That way will users who have their setting in SNMPD_FLAGS be able to
upgrade without any problems.
> diff --git a/main/net-snmp/snmpd.confd b/main/net-snmp/snmpd.confd
> index 7b178da..8495175 100644
> --- a/main/net-snmp/snmpd.confd
> +++ b/main/net-snmp/snmpd.confd
> @@ -2,13 +2,13 @@
> OPTS=""
>
> # Enable connection logging.
> -#SNMPD_FLAGS="${OPTS} -a"
> +#OPTS="${OPTS} -a"
>
> # Enable syslog and disable file log.
> -SNMPD_FLAGS="${OPTS} -LSwd -Lf /dev/null"
> +OPTS="${OPTS} -LSwd -Lf /dev/null"
>
> # Enable agentx socket as /var/agentx/master
> # *NOTE* Before uncommenting this, make sure
> # the /var/agentx directory exists.
> -#SNMPD_FLAGS="${OPTS} -x /var/agentx/master"
> +#OPTS="${OPTS} -x /var/agentx/master"
>
> diff --git a/main/net-snmp/snmpd.initd b/main/net-snmp/snmpd.initd
> deleted file mode 100644
> index 65d0555..0000000
> --- a/main/net-snmp/snmpd.initd
> +++ /dev/null
...
> diff --git a/main/net-snmp/snmptrapd.confd b/main/net-snmp/snmptrapd.confd
> index d9cee61..7f10cfe 100644
> --- a/main/net-snmp/snmptrapd.confd
> +++ b/main/net-snmp/snmptrapd.confd
> @@ -2,11 +2,11 @@
> OPTS=""
>
> # ignore authentication failure traps
> -#SNMPTRAPD_FLAGS="${OPTS} -a"
> +#OPTS="${OPTS} -a"
>
> # log messages to specified file
> -#SNMPTRAPD_FLAGS="${OPTS} -Lf /var/log/snmptrapd.log"
> +#OPTS="${OPTS} -Lf /var/log/snmptrapd.log"
>
> # log messages to syslog with the specified facility
> # where facility is: 'd' = LOG_DAEMON, 'u' = LOG_USER, [0-7] = LOG_LOCAL[0-7]
> -#SNMPTRAPD_FLAGS="${OPTS} -Ls d"
> +#OPTS="${OPTS} -Ls d"
...
-nc
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---