Received: from vps892.directvps.nl (ikke.info [178.21.113.177]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id A4D16781AA0 for ; Fri, 4 Oct 2019 19:34:16 +0000 (UTC) Received: by vps892.directvps.nl (Postfix, from userid 1008) id 75A844400AE; Fri, 4 Oct 2019 21:34:16 +0200 (CEST) Date: Fri, 4 Oct 2019 21:34:16 +0200 From: Kevin Daudt To: "xrs =:-)" Cc: alpine-aports@lists.alpinelinux.org Subject: Re: [PATCH 3/4] testing/gnunet: new aport Message-ID: <20191004193416.GE160327@alpha> References: <20190928175728.4614-1-xrs@mail36.net> <20190928175728.4614-3-xrs@mail36.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190928175728.4614-3-xrs@mail36.net> User-Agent: Mutt/1.12.1 (2019-06-15) I have added some feedback inline. On Sat, Sep 28, 2019 at 07:57:28PM +0200, xrs =:-) wrote: > https://gnunet.org > A framework for secure and privacy enhancing peer-to-peer networking > testing/ > --- > testing/gnunet/APKBUILD | 102 ++++++++++++++++++++ > testing/gnunet/gnunet-system-services.initd | 16 +++ > testing/gnunet/gnunet-system.conf | 3 + > testing/gnunet/gnunet-user-services.initd | 33 +++++++ > testing/gnunet/gnunet-user.conf | 3 + > testing/gnunet/gnunet.post-deinstall | 6 ++ > testing/gnunet/gnunet.post-install | 44 +++++++++ > testing/gnunet/gnunet.pre-deinstall | 33 +++++++ > testing/gnunet/gnunet.pre-install | 17 ++++ > testing/gnunet/gnunet.xsession | 54 +++++++++++ > 10 files changed, 311 insertions(+) > create mode 100644 testing/gnunet/APKBUILD > create mode 100644 testing/gnunet/gnunet-system-services.initd > create mode 100644 testing/gnunet/gnunet-system.conf > create mode 100644 testing/gnunet/gnunet-user-services.initd > create mode 100644 testing/gnunet/gnunet-user.conf > create mode 100644 testing/gnunet/gnunet.post-deinstall > create mode 100644 testing/gnunet/gnunet.post-install > create mode 100644 testing/gnunet/gnunet.pre-deinstall > create mode 100644 testing/gnunet/gnunet.pre-install > create mode 100644 testing/gnunet/gnunet.xsession > > diff --git a/testing/gnunet/APKBUILD b/testing/gnunet/APKBUILD > new file mode 100644 > index 0000000000..c68e03d679 > --- /dev/null > +++ b/testing/gnunet/APKBUILD > @@ -0,0 +1,102 @@ > +# Contributor: xrs > +# Maintainer: xrs > +pkgname="gnunet" > +pkgver="0.11.6" > +pkgrel=0 > +pkgdesc="A framework for secure and privacy enhancing peer-to-peer networking" > +url="https://gnunet.org" > +arch="all" > +license="AGPL-3.0" > +depends="libgpg-error libgcrypt nettle unbound-libs gnutls gnutls-utils gnurl > + libgnurl libmicrohttpd openssl libunistring libidn2 nss sqlite zlib > + miniupnpc gmp gettext bash which iptables coreutils sudo" > +depends_dev="libgpg-error-dev libgcrypt-dev nettle-dev unbound-dev gnutls-dev > + gnurl-dev libmicrohttpd-dev openssl-dev libunistring-dev libidn2-dev > + nss-dev sqlite-dev zlib-dev miniupnpc-dev gmp-dev gettext" > +makedepends="$depends_dev autoconf automake libtool gettext-dev python3 > + texlive texinfo" > +install="$pkgname.pre-install $pkgname.post-install $pkgname.pre-deinstall > + $pkgname.post-deinstall" > +pkgusers="gnunet" > +pkggroups="gnunet gnunetdns" > +subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" > +builddir="$srcdir/$pkgname-$pkgver" > +options="!check suid" # No check because The GNUnet project lacks a good CI at the moment. > +source="https://mirrors.ocf.berkeley.edu/gnu/gnunet/$pkgname-$pkgver.tar.gz We discourage the use of `$pkgname` in the source url here. > + gnunet-system.conf > + gnunet-user.conf > + gnunet-system-services.initd Same as for the other patches, please use tabs consistently. > + gnunet-user-services.initd > + gnunet.xsession > + " > + > +prepare() { > + cd "$builddir" > + default_prepare > + autoreconf -if # FIXME: See https://bugs.gnunet.org/view.php?id=5902 > +} > + > +build() { > + cd "$builddir" This is now being done automatically and can be removed. > + ./configure \ > + --build=$CBUILD \ > + --host=$CHOST \ > + --prefix=/usr \ > + --sysconfdir=/etc \ > + --mandir=/usr/share/man \ > + --localstatedir=/var \ > + --enable-logging=verbose > + make > +} > + > +check() { > + make DESTDIR="$pkgdir" check > + exit 0 > +} > + > +package() { > + make DESTDIR="$pkgdir" install > + > + libexecdir=$pkgdir/usr/lib/gnunet/libexec/ > + # Limit access to critical gnunet-helper-dns to group "gnunetdns" > + chgrp gnunetdns $libexecdir/gnunet-helper-dns > + chgrp gnunetdns $libexecdir/gnunet-service-dns > + # Limit access to certain SUID binaries by group "gnunet" > + chgrp gnunet $libexecdir/gnunet-helper-exit > + chgrp gnunet $libexecdir/gnunet-helper-vpn > + chgrp gnunet $libexecdir/gnunet-helper-nat-client > + chgrp gnunet $libexecdir/gnunet-helper-nat-server > + chmod u+s $libexecdir/gnunet-helper-exit > + chmod u+s $libexecdir/gnunet-helper-vpn > + chmod 2750 $libexecdir/gnunet-helper-dns > + chmod 2700 $libexecdir/gnunet-service-dns > + chmod u+s $libexecdir/gnunet-helper-nat-client > + chmod u+s $libexecdir/gnunet-helper-nat-server > + > + install -m644 -D $srcdir/$pkgname-user.conf \ > + $pkgdir/etc/skel/.config/$pkgname.conf > + install -m644 -D $srcdir/$pkgname-system.conf \ > + $pkgdir/etc/$pkgname.conf > + install -m755 -D $srcdir/$pkgname-system-services.initd \ > + $pkgdir/etc/init.d/$pkgname-system-services > + install -m755 -D $srcdir/$pkgname-user-services.initd \ > + $pkgdir/etc/init.d/$pkgname-user-services > + install -m755 -D $srcdir/$pkgname.xsession \ > + $pkgdir/etc/X11/xinit/xinitrc.d/80-$pkgname-user-services > +} > + > +dev() { > + default_dev > + > + # dev() will move gnunet-config from $pkg to $pkg-dev, but it's an > + # intended part of $pkg. > + install -m755 -D $builddir/src/util/.libs/gnunet-config \ > + $pkgdir/usr/bin/gnunet-config > +} > + > +sha512sums="1c6ea2ac7280d2edb30df627b79e017d199e93cd3970ce49f3f049abfb1dddfed541118e55766c422edf4a80e140c4eb2cfc681e0d4a1384e39811d024df9278 gnunet-0.11.6.tar.gz > +a0f55413ed2c6edd6746a751d92ddac95ba70f20eefb07330817870d749456448f44bba95d245911a00f6078e0c2ac626004e3b764be5e5e049c00626c4c5ac0 gnunet-system.conf > +b21112ff16aee771332aa9c33f55b0c7f46fe0266053543241e3efbe25dba56482c0e11112a192eefe59f1c74d2af5d7071b6a4e1e875cfc7e9d55b5fe8a0a33 gnunet-user.conf > +ae7be0ecb8dfb9c4741706d5fe7a0ea2f87c88ddab549c80917a637b009922dfe3ad3ae6d8706c7a82b671da4e9f56f2208050ff7945c38100ca979438946413 gnunet-system-services.initd > +5936adcca52a3e199f2cea4faf40a53a0280d453e189921db88c3f5d9b8502ac51ed2b926ade4e2fdb844bfc897ad1216ddba8060ac0d0a0d6648837509dfa35 gnunet-user-services.initd > +0fe33317f99d0193a6eab9ce9bf9a3868a7021153f0e782839c086d5032ae164c40498fe7737a2c63ec11cb245132f86bda3f79fdcdf43c7497439b3aeac2bc7 gnunet.xsession" > diff --git a/testing/gnunet/gnunet-system-services.initd b/testing/gnunet/gnunet-system-services.initd > new file mode 100644 > index 0000000000..2dc603b2d7 > --- /dev/null > +++ b/testing/gnunet/gnunet-system-services.initd > @@ -0,0 +1,16 @@ > +#!/sbin/openrc-run > +# Contributor: xrs > +# Maintainer: xrs > + > +name="gnunet-system-service" > +description="A secure and privacy enhancing peer-to-peer overlay network" > +command="/usr/lib/gnunet/libexec/gnunet-service-arm" > +command_args="-c /etc/gnunet.conf" > +command_user="gnunet:gnunet" > +command_background="yes" > +pidfile="/run/${SVCNAME}.pid" > + > +depend() { > + need net > + before gnunet-user-services mixed tabs and spaces > +} > diff --git a/testing/gnunet/gnunet-system.conf b/testing/gnunet/gnunet-system.conf > new file mode 100644 > index 0000000000..303cf5f16d > --- /dev/null > +++ b/testing/gnunet/gnunet-system.conf > @@ -0,0 +1,3 @@ > +[arm] > +START_SYSTEM_SERVICES = YES > +START_USER_SERVICES = NO > diff --git a/testing/gnunet/gnunet-user-services.initd b/testing/gnunet/gnunet-user-services.initd > new file mode 100644 > index 0000000000..915ff203e1 > --- /dev/null > +++ b/testing/gnunet/gnunet-user-services.initd > @@ -0,0 +1,33 @@ > +#!/sbin/openrc-run > +# Contributor: xrs > +# Maintainer: xrs > + > +name="gnunet-user-services" > +description="GNUnet user services" > +command_background="yes" > +pidfile="/run/${SVCNAME}.pid" > +users=`awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd` > + > +depend() { > + need gnunet-system-services Mixed tabs and spaces > +} > + > +start() { > + for user in $users; do > + if test -z "`ps|grep $user|grep gnunet-service-arm`" > /dev/null 2>&1 > + then > + sudo -u $user gnunet-arm \ > + -c /home/$user/.config/gnunet.conf -s > + fi > + done > +} > + > +stop() { > + for user in $users; do > + if test -n "`ps|grep $user|grep gnunet-service-arm`" > /dev/null 2>&1 > + then > + sudo -u $user gnunet-arm \ > + -c /home/$user/.config/gnunet.conf -e > + fi > + done > +} > diff --git a/testing/gnunet/gnunet-user.conf b/testing/gnunet/gnunet-user.conf > new file mode 100644 > index 0000000000..22f1fe37a8 > --- /dev/null > +++ b/testing/gnunet/gnunet-user.conf > @@ -0,0 +1,3 @@ > +[arm] > +START_SYSTEM_SERVICES = NO > +START_USER_SERVICES = YES > diff --git a/testing/gnunet/gnunet.post-deinstall b/testing/gnunet/gnunet.post-deinstall > new file mode 100644 > index 0000000000..ab98ab535e > --- /dev/null > +++ b/testing/gnunet/gnunet.post-deinstall > @@ -0,0 +1,6 @@ > +#!/bin/sh > + > +deluser --remove-home gnunet # implicitly removes group gnunet > +delgroup gnunetdns Alpine Linux policy is to not delete users / groups on deinstall. > + > +exit 0 > diff --git a/testing/gnunet/gnunet.post-install b/testing/gnunet/gnunet.post-install > new file mode 100644 > index 0000000000..926f8fdb1c > --- /dev/null > +++ b/testing/gnunet/gnunet.post-install > @@ -0,0 +1,44 @@ > +#!/bin/sh > + > +# Enumerate users. > +users=`awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd` > + > +# Install gnunet.conf for existing users. > +for user in $users; do > + install -m644 -o $user -g $user -D /etc/skel/.config/gnunet.conf \ > + /home/$user/.config/gnunet.conf > +done > + > +# Enable GNS proxy for users, if desired. > +echo "Use GNU Name System in Firefox/Chromium by default? [y,N]" > +read -r yn > +case $yn in > +y|Y ) > + # Enable GNS proxy for existant users. > + for user in $users; do > + port=$((8000+$(id -u $user))) > + gnunet-config -c /home/$user/.config/gnunet.conf \ > + --rewrite \ > + --section=gns-proxy \ > + --option=IMMEDIATE_START \ > + --value=YES > + gnunet-config -c /home/$user/.config/gnunet.conf \ > + --rewrite \ > + --section=gns-proxy \ > + --option=OPTIONS \ > + --value="-p $port" > + done > + > + # Enable GNS proxy for future users. > + echo "[gns-proxy]" >> /etc/skel/.config/gnunet.conf > + echo "IMMEDIATE_START = YES" >> /etc/skel/.config/gnunet.conf > + ;; > +* ) > + ;; > +esac > + > +rc-update add gnunet-system-services > +rc-update add gnunet-user-services > +rc-service gnunet-user-services start # starts system services Alpine Linux policy is not to enable / start services on install. > + > +exit 0 > diff --git a/testing/gnunet/gnunet.pre-deinstall b/testing/gnunet/gnunet.pre-deinstall > new file mode 100644 > index 0000000000..8bb8737f8b > --- /dev/null > +++ b/testing/gnunet/gnunet.pre-deinstall > @@ -0,0 +1,33 @@ > +#!/bin/sh > + > +# Stop and disable GNUnet system services. > +rc-service gnunet-system-services stop # stops user services > +rc-update del gnunet-system-services > +rc-update del gnunet-user-services Alpine Linux policy is to not delete users / groups on deinstall. > + > +# Remove proxy settings from browser. > +users=`awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd` > +for user in $users; do > + gnunet_proxy=`grep -i "gns-proxy" /home/$user/.config/gnunet.conf` > + if [ "$gnunet_proxy" ]; then > + for ffprofile in /home/"$user"/.mozilla/firefox/*.*/; do > + # Reset proxy preferences > + js=$ffprofile/user.js > + if [ -f $js ]; then > + sed -i '/Preferences for using the GNU Name System/d' $js > + sed -i '/network.proxy.socks/d' $js > + sed -i '/network.proxy.socks_port/d' $js > + sed -i '/network.proxy.socks_remote_dns/d' $js > + sed -i '/network.proxy.type/d' $js > + fi > + done > + > + # Chromium > + profile=/home/$user/.profile > + if [ -f $profile ]; then > + sed -i '/CHROMIUM_USER_FLAGS/d' $profile > + fi > + fi > +done > + > +exit 0 > diff --git a/testing/gnunet/gnunet.pre-install b/testing/gnunet/gnunet.pre-install > new file mode 100644 > index 0000000000..7166279f95 > --- /dev/null > +++ b/testing/gnunet/gnunet.pre-install > @@ -0,0 +1,17 @@ > +#!/bin/sh > + > +# Add special group gnunetdns for controlling access to "gnunet-helper-dns". > +addgroup -S gnunetdns 2>/dev/null > +addgroup -S gnunet 2>/dev/null > + > +# Add system user/group gnunet for system services > +adduser -S -h "/var/lib/gnunet" -s /bin/sh \ > + -G gnunet -g gnunet gnunet 2>/dev/null > + > +# add users on host system to group "gnunet" > +users=`awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd` > +for user in $users; do > + adduser $user gnunet 2>/dev/null > +done > + > +exit 0 > diff --git a/testing/gnunet/gnunet.xsession b/testing/gnunet/gnunet.xsession > new file mode 100644 > index 0000000000..2d2bb392a9 > --- /dev/null > +++ b/testing/gnunet/gnunet.xsession > @@ -0,0 +1,54 @@ > +#!/bin/sh > +user=`whoami` The preference is to use $() for subshells. > +gnunet_proxy=`gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy|grep 'IMMEDIATE_START = YES'` > + > +# Enable GNS proxy for new users informed by /etc/skel. > +if [ "$gnunet_proxy" ]; then > + > + # Calculate user specific port > + port=$((8000+$(id -u $user))) > + > + gnunet-config -c /home/$user/.config/gnunet.conf \ > + --rewrite \ > + --section=gns-proxy \ > + --option=OPTIONS \ > + --value="-p $port" > + > + # Firefox > + if [ ! -d ~/.mozilla/firefox/*.default ];then > + timeout 3s firefox --headless # dirty: create profile if not existent > + fi > + for ffprofile in ~/.mozilla/firefox/*.*/; do > + js=$ffprofile/user.js > + if [ -f $js ]; then > + sed -i '/Preferences for using the GNU Name System/d' $js > + sed -i '/network.proxy.socks/d' $js > + sed -i '/network.proxy.socks_port/d' $js > + sed -i '/network.proxy.socks_remote_dns/d' $js > + sed -i '/network.proxy.type/d' $js > + fi > + echo "// Preferences for using the GNU Name System" >> $js > + echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> $js > + echo "user_pref(\"network.proxy.socks_port\", $port);" >> $js > + echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> $js > + echo "user_pref(\"network.proxy.type\", 1);" >> $js > + done > + > + # Chromium > + profile=/home/$user/.profile > + if [ -f $profile ]; then > + sed -i '/CHROMIUM_USER_FLAGS/d' $profile > + fi > + echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ > + >> $profile > +fi > + > +# Create/Renew GNS certificate authority (CA) per user. > +gnunet-gns-proxy-setup-ca > + > +# In case a new user was added and gnunet-user-services has not been > +# restarted afterwards, start user services after login. > +if test -z "`ps|grep -v grep|grep $user|grep gnunet-service-arm`" > /dev/null 2>&1 > +then > + gnunet-arm -c /home/$user/.config/gnunet.conf -s > +fi The package seems to fail to build: > /usr/lib/gcc/x86_64-alpine-linux-musl/9.2.0/../../../../x86_64-alpine-linux-musl/bin/ld: > cannot find -lgnunetats > collect2: error: ld returned 1 exit status > libtool: error: error: relink 'libgnunet_plugin_ats_proportional.la' > with the above command before installing it. You can find the complete build log here[0]. [0]:https://gitlab.alpinelinux.org/kdaudt/aports/-/jobs/2151