Valery Kartel: 1 main/net_snmp: init scripts cleanup and modify configs to run snmpd & snmptrapd out from the box 6 files changed, 40 insertions(+), 84 deletions(-)
Copy & paste the following snippet into your terminal to import this patchset into git:
curl -s https://lists.alpinelinux.org/~alpine/aports/patches/1320/mbox | git am -3Learn more about email & git
--- main/net-snmp/APKBUILD | 33 +++++++++++++++------------------ main/net-snmp/initd | 19 +++++++++++++++++++ main/net-snmp/snmpd.confd | 6 +++--- main/net-snmp/snmpd.initd | 37 ------------------------------------- main/net-snmp/snmptrapd.confd | 6 +++--- main/net-snmp/snmptrapd.initd | 23 ----------------------- 6 files changed, 40 insertions(+), 84 deletions(-) create mode 100644 main/net-snmp/initd delete mode 100644 main/net-snmp/snmpd.initd delete mode 100644 main/net-snmp/snmptrapd.initd diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD index 3c0c455..f7ccf81 100644 --- a/main/net-snmp/APKBUILD +++ b/main/net-snmp/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=net-snmp pkgver=5.7.3 -pkgrel=3 +pkgrel=4 pkgdesc="Simple Network Management Protocol" url="http://www.net-snmp.org/" arch="all" @@ -19,9 +19,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz fix-includes.patch CVE-2015-5621.patch - snmpd.initd + initd
Natanael Copa <ncopa@alpinelinux.org>I would like to call it snmpd.initd. I sometimes grep stuff */*.initd.
snmpd.confd - snmptrapd.initd snmptrapd.confd " @@ -92,11 +91,12 @@ package() { || return 1 ln -s snmptrap "$pkgdir"/usr/bin/snmpinform || return 1 - install -m755 -D "$srcdir"/snmpd.initd "$pkgdir"/etc/init.d/snmpd + install -m755 -D "$srcdir"/initd "$pkgdir"/etc/init.d/snmpd + install -m755 -D "$srcdir"/initd "$pkgdir"/etc/init.d/snmptrapd
Natanael Copa <ncopa@alpinelinux.org>Since snmpd and snmptrapd init script is identical, maybe we should just symlink it?
install -m644 -D "$srcdir"/snmpd.confd "$pkgdir"/etc/conf.d/snmpd - install -m755 -D "$srcdir"/snmptrapd.initd "$pkgdir"/etc/init.d/snmptrapd install -m644 -D "$srcdir"/snmptrapd.confd "$pkgdir"/etc/conf.d/snmptrapd - install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf.example + install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf + echo "authCommunity log,execute,net public" > "$pkgdir"/etc/snmp/snmptrapd.conf
Natanael Copa <ncopa@alpinelinux.org>Those example configs, are they secure by default? We want a default install be secure and let user enable stuff he needs rather than the opposite, that things works by default but user need to disable stuff or harden it afterwards.
mkdir -p "$pkgdir"/var/lib/net-snmp find "$pkgdir" -name perllocal.pod -delete } @@ -159,23 +159,20 @@ md5sums="d4a3459e1577d0efa8d96ca70a885e53 net-snmp-5.7.3.tar.gz 4fd189ec7154114c9bd19f2b0058ae9c netsnmp-swinst-crash.patch 0fe11859a55f8e2489d5de629971a242 fix-includes.patch 2267947dd243b4fa85a3cf0c23dbaa76 CVE-2015-5621.patch -15faba29c3a61aaa41e4ca9b04f3cebf snmpd.initd -ea1296c366d6a7b0dab8a5b46e02d139 snmpd.confd -b929515d53d6f5dbf7f85c92efc90455 snmptrapd.initd -363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd" +5d02ca50ba04fd9421cd059700dfabf5 initd +c7658acd05090f52c6a9e4b195d65b01 snmpd.confd +8095341bc4bb23bfc3be1d7e2d51bb4f snmptrapd.confd" sha256sums="12ef89613c7707dc96d13335f153c1921efc9d61d3708ef09f3fc4a7014fb4f0 net-snmp-5.7.3.tar.gz 2de23959acf74d8f893129819149d016cc22f2d60e15f875e4d17de33931013e netsnmp-swinst-crash.patch 7528f7d368a0a4536915805c065f8496c37cb99dbc74d508bed89831cd5af37e fix-includes.patch 4cfe532b39877d90836d04079ab7bff14727719e8ca719ead9d615b21cade255 CVE-2015-5621.patch -c8597688d848f10f305f883466300e48fa4976b782835a45781ad7e1a8374cd6 snmpd.initd -e1434b38611a436278b1f0974a55ea3374863a975405b5dc2da836e9acb082ff snmpd.confd -bad9efc1b131d7a0b5a05dedc589b011908ee9eb24472bffa6c5838d363db11e snmptrapd.initd -095647b0e5be51e2bdd398267d7450da678b7d23cae6273f9b9461a26f89d69f snmptrapd.confd" +30258e0e6e6699fbb655be378b5096b2bfefd77fad2a7aff98b32cf3e0ccb282 initd +21ced816652de3dbae04970db8e465ffb119a2a0c1bddf9f12867d1c81eb0aac snmpd.confd +2ff4dc5a94a3b78aeb88c85dc94e55bf01ef342cf02d536b5c71bb6654a9c025 snmptrapd.confd" sha512sums="0758bba5844cfd6c80959ac16b83906a2f830ba49fd0ab1bf9e191dc6a79d312a2e4760bd53b3e1a1c82759481f0064d088d5a3cf475d84b25679a6bd0f049bb net-snmp-5.7.3.tar.gz 4ad92f50b14d5e27ba86256cc532a2dd055502f4d5fbb1700434f9f01f881fd09bb1eadb94e727554e1470f036707558314c64a66d0376b54e71ab31d5e4baa3 netsnmp-swinst-crash.patch 87a552bd2e41684bba6e87fbcf6454a85ee912d7a339411fda24cebddf7661f0856729e076a917920a542cf84b687ffd90a091daa15f2c48f0ff64f3a53c0ddb fix-includes.patch 2b2a7be54a570e3c1bb701f8ccfb98ea8e50a19fda021f43a521d4e968ded1bc5e794fc4348dff7fcdf57da34ff6b555398851bbccfcf92bb75ad6f365a80dba CVE-2015-5621.patch -b19c039ad45b1802a243b6c2b870aca1f251f8fc22530bbe3c61b037f289891efa692dc1d6bd53148ee35c115367cbb22200af480b7898bfb2cb0a4b0d51cd73 snmpd.initd -ad30bb027dbd18272a4ddb34009bdaa19df030f23956c5fa592e47cf76ad87175ae6b97659b8bbd866d79674bbc7b8b3a8a400746139c18de0eb86902706b65f snmpd.confd -17239cdeac6bf8ea47bc1238567f72be9c755591ca386a87e58ee5d3ac074e228b5cdd399618e7434a8c535537d6c6a48c8d66d84380b8944fe00514f090c00d snmptrapd.initd -9cafeece565ca09c2cc85fa9c805d9932a745aca45b999e7511ccd0ffe0a95eddc1441ed231acf52a811db124bc2f797612ebb182b0a8a959ad24506e790a0b1 snmptrapd.confd" +32b93dd00d1fbf84edebb177b52caa26ac577e33f14f2c0af5dc04fcefd924adf28bd506cb377711eef5e543476f822f1aac0607f24a668e9d0df6268a06685e initd +fb101aa758d741ed3ea88b11f1cd49cfd04bd03ce62435f3acb17724748131c57f00b71fd45cb7e7871d65a1aab576652cd6e158b6406aa6d0998582b8235ef5 snmpd.confd +073fd2b83eedd6eda1f7345350268ce7946ef6d67a8f26f7c232e46feb75babf68272ae12071a2f9ea76ede71393b3ae4672d3cd47cfd14ab77e3a6482f2e124 snmptrapd.confd" diff --git a/main/net-snmp/initd b/main/net-snmp/initd new file mode 100644 index 0000000..3790d77 --- /dev/null +++ b/main/net-snmp/initd @@ -0,0 +1,19 @@ +#!/sbin/openrc-run + +pidfile="/var/run/${SVCNAME}.pid" +command="/usr/sbin/${SVCNAME}" +command_args="-p ${pidfile} ${OPTS}" +required_files="/etc/snmp/${SVCNAME}.conf" +extra_started_commands="reload" + +depend() { + use logger + need net + after firewall +} + +reload() { + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile ${pidfile} --name ${SVCNAME} + eend $? +}
Natanael Copa <ncopa@alpinelinux.org>I like this, that we use the default start/stop functions and that we reuse same init.d script for both snmpd and snmptrapd. However, this will also break existing configs, which I want to avoid if possible. We could maybe do something like: # for backward compat case "$SVCNAME" in snmpd) : ${OPTS:=$SNMPD_FLAGS} ;; esac That way will users who have their setting in SNMPD_FLAGS be able to upgrade without any problems.
diff --git a/main/net-snmp/snmpd.confd b/main/net-snmp/snmpd.confd index 7b178da..8495175 100644 --- a/main/net-snmp/snmpd.confd +++ b/main/net-snmp/snmpd.confd @@ -2,13 +2,13 @@ OPTS="" # Enable connection logging. -#SNMPD_FLAGS="${OPTS} -a" +#OPTS="${OPTS} -a" # Enable syslog and disable file log. -SNMPD_FLAGS="${OPTS} -LSwd -Lf /dev/null" +OPTS="${OPTS} -LSwd -Lf /dev/null" # Enable agentx socket as /var/agentx/master # *NOTE* Before uncommenting this, make sure # the /var/agentx directory exists. -#SNMPD_FLAGS="${OPTS} -x /var/agentx/master" +#OPTS="${OPTS} -x /var/agentx/master" diff --git a/main/net-snmp/snmpd.initd b/main/net-snmp/snmpd.initd deleted file mode 100644 index 65d0555..0000000 --- a/main/net-snmp/snmpd.initd @@ -1,37 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmpd.init.2,v 1.3 2012/10/22 02:57:05 flameeyes Exp $ - -SNMPD_PIDFILE="${SNMPD_PIDFILE:-/var/run/snmpd.pid}" - -extra_started_commands="reload" - -command="/usr/sbin/snmpd" -command_args="-p ${SNMPD_PIDFILE} ${SNMPD_FLAGS}" -pidfile="${SNMPD_PIDFILE}" - -depend() { - use logger - need net - after firewall -} - -checkconfig() { - if [ ! -e /etc/snmp/snmpd.conf ] ; then - eerror "${SVCNAME} requires an /etc/snmp/snmpd.conf configuration file" - return 1 - fi -} - -start_pre() { - checkconfig || return 1 -} - -reload() { - checkconfig || return 1 - - ebegin "Reloading ${SVCNAME} configuration" - kill -HUP $(cat ${SNMPD_PIDFILE}) 2>&1 > /dev/null - eend $? -} diff --git a/main/net-snmp/snmptrapd.confd b/main/net-snmp/snmptrapd.confd index d9cee61..7f10cfe 100644 --- a/main/net-snmp/snmptrapd.confd +++ b/main/net-snmp/snmptrapd.confd @@ -2,11 +2,11 @@ OPTS="" # ignore authentication failure traps -#SNMPTRAPD_FLAGS="${OPTS} -a" +#OPTS="${OPTS} -a" # log messages to specified file -#SNMPTRAPD_FLAGS="${OPTS} -Lf /var/log/snmptrapd.log" +#OPTS="${OPTS} -Lf /var/log/snmptrapd.log" # log messages to syslog with the specified facility # where facility is: 'd' = LOG_DAEMON, 'u' = LOG_USER, [0-7] = LOG_LOCAL[0-7] -#SNMPTRAPD_FLAGS="${OPTS} -Ls d" +#OPTS="${OPTS} -Ls d" diff --git a/main/net-snmp/snmptrapd.initd b/main/net-snmp/snmptrapd.initd
Natanael Copa <ncopa@alpinelinux.org>... -nc --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---
deleted file mode 100644 index 87e1bf5..0000000 --- a/main/net-snmp/snmptrapd.initd @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -NAME=snmptrapd -DAEMON=/usr/sbin/$NAME - -depend() { - use logger - need net - after firewall -} - -start() { - ebegin "Starting ${NAME}" - start-stop-daemon --start --quiet --background \ - --exec ${DAEMON} -- -p /var/run/${NAME}.pid ${OPTS} - eend $? -} - -stop() { - ebegin "Stopping ${NAME}" - start-stop-daemon --stop --quiet --pidfile /var/run/${NAME}.pid - eend $? -} -- 2.5.3 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---