[alpine-devel] [PATCH] main/tinc: fixed init scripts + conf.d / chroot

Stuart Cardall
Details
Message ID
<1402368485-28753-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1402368485
DKIM signature
missing
Download raw message
Patch: +100 -89
This patch fixes the restart bug & creates a tincvpn user for
running in a chroot.

Extra options can now be set in /etc/conf.d/tinc

I modified stop() to detect chroot settings as it prevents most
functionality in tinc-down (& stop() is a good place to include
them).

I also added restart() as 'rc-service tincd restart' doesn't run
stop().
---
 main/tinc/APKBUILD          | 36 ++++++++++++------------
 main/tinc/tinc.confd        | 20 +++++++++++++
 main/tinc/tinc.networks     |  4 +--
 main/tinc/tinc.post-install | 15 ++++++++++
 main/tinc/tincd.initd       | 68 +++++++++++++++++++++++++++++----------------
 main/tinc/tincd.lo.initd    | 46 ------------------------------
 6 files changed, 100 insertions(+), 89 deletions(-)
 create mode 100644 main/tinc/tinc.confd
 create mode 100644 main/tinc/tinc.post-install
 delete mode 100644 main/tinc/tincd.lo.initd

diff --git a/main/tinc/APKBUILD b/main/tinc/APKBUILD
index ff98ecc..606ef8a 100644
--- a/main/tinc/APKBUILD
+++ b/main/tinc/APKBUILD
@@ -1,19 +1,21 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=tinc
 pkgver=1.0.24
-pkgrel=0
+pkgrel=1
 pkgdesc="tinc is a Virtual Private Network (VPN) daemon"
 url="http://www.tinc-vpn.org/"
 arch="all"
 license="GPL2+"
 depends=""
 makedepends="zlib-dev lzo-dev openssl-dev"
-install=""
+install="$pkgname.post-install"
+pkgusers=tincvpn
+pkggroups=tincvpn
 subpackages="$pkgname-doc"
 source="http://www.tinc-vpn.org/packages/tinc-$pkgver.tar.gz
 	musl.patch
 	tincd.initd
-	tincd.lo.initd
+	tinc.confd
 	tinc.networks"
 
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -35,6 +37,7 @@ build() {
 		--sysconfdir=/etc \
 		--mandir=/usr/share/man \
 		--infodir=/usr/share/info \
+		--localstatedir=/var \
 		--enable-jumbograms \
 		--enable-lzo \
 		--enable-zlib \
@@ -45,27 +48,26 @@ build() {
 package() {
 	cd "$_builddir"
 	make DESTDIR="$pkgdir" install || return 1
-
-	mkdir "$pkgdir"/etc/tinc
-	install -m755 -D "$srcdir"/tincd.initd "$pkgdir"/etc/init.d/tincd
-	install -m755 -D "$srcdir"/tincd.lo.initd \
-		"$pkgdir"/etc/init.d/tincd.lo
+	install -m755 -D "$srcdir"/tincd.initd \
+		"$pkgdir"/etc/init.d/tincd
 	install -m644 -D "$srcdir"/tinc.networks \
 		"$pkgdir"/etc/conf.d/tinc.networks
+	install -m644 -D "$srcdir"/tinc.confd \
+                "$pkgdir"/etc/conf.d/tinc
 }
 
 md5sums="14a91eb2e85bdc0451a815612521b708  tinc-1.0.24.tar.gz
 f2c913659191a0c81ed13dde305ca8bc  musl.patch
-411a260ed9bb1fc441444c3efbeafd7b  tincd.initd
-b95471eab010c0ed002cf3d16a009ced  tincd.lo.initd
-475d64d9aa410ec7e91f5b079800abc9  tinc.networks"
+53cdd8b48866497c145183b312b5e5ef  tincd.initd
+2c630363be37dea68df5a22ce29fe27c  tinc.confd
+851cbc3e8ad83b001c80393132915807  tinc.networks"
 sha256sums="498e58f9f39e3922030a63cf62baf4b46a40fbda8d90b23ec0f084f4a9f9b687  tinc-1.0.24.tar.gz
 a394327605fa38e1b7bbbb49eda6461c96553d31370107e337482934ea8b042c  musl.patch
-0e8a18f9af03d967b30eac2c1de5d233449fae8a97342cdb88bf60e6b3867e73  tincd.initd
-bd0909202c2f5b6fb0d97cac4f7f02a392393acd4b300a04db3a5416f4345035  tincd.lo.initd
-7165721abd3706c95973118fbb503e18f9a008da6bdbf21a4ce35ecf7818d5ad  tinc.networks"
+4c9d191997876c0b6b3e1e343b93dca3fc2c17e1f5d141e9c7117f35d068e812  tincd.initd
+eb71af67b1054c277dbd9c0bfc6ef149cb0c1f8c98fb6eea803ffbfe19db224f  tinc.confd
+0b42e29a42d39bb203213eae18521e5ca5539dcf4398c73780d66ef8e2fbcc6e  tinc.networks"
 sha512sums="a59d4f996892b9aa4ce6adaf3f40c06dfb37c2546edb6b3858af15df7f4e6f7738dc186969df1676ad1dab7fcc081bec262bd9df4efc7620e00ca9be9121bc7d  tinc-1.0.24.tar.gz
 2a631b82e2d24139e8bf07057578d3f8e7f566829492cbbb82d030505ba00fe63943c57778156bca6985ab216e7b0d5ad8aeb25f7d7affa3189b7b3a005d0312  musl.patch
-4a5da677d030dd24d347a86e7e892ea9aab57c2b4de8c9fa6ef576e239e4169f3ee6934162edc004a00678405f199606f05c173dd1ff94ee2f711536b1dfc072  tincd.initd
-63df032f815b4a1e84c972e4cbfe115eda9fb80419b21d72811a947a8c9742f51442b5a06b0dbd220eb9a673b115fe62972019bdd4bac5855a36908c68bf5638  tincd.lo.initd
-f7cb459c170898e51176bd92c642335386db90b7bca2abb3f6eb2514546efbd74e5fd2c8845060111dd48a0dd2cc1890717a03315c9b86185047c259cdc27135  tinc.networks"
+4902bdac0964f2637d833dd14efe2ee51e849e838db00813d6ca2ce1bd8b4b32e8e417db82e7e84b85b88f186ff922cb15aaabd060b9a70d2b11c2ffc69bd295  tincd.initd
+e3f57f0f3fab651d89dfaa1b2cee7f22ebbde5530d30188a2828076eacf15639dbc1eb3aa60a560d3c34df50a8f1477f572b2846e62815f4a2aed54ec32eb9dc  tinc.confd
+7434b304fb8daee06dc0b55a0747a57e615aaec87d145957347fea18c1ec5df0f930b421888f335c744eb21361f309ee05cefc387df45449dcbf48d82321bf23  tinc.networks"
diff --git a/main/tinc/tinc.confd b/main/tinc/tinc.confd
new file mode 100644
index 0000000..42da186
--- /dev/null
+++ b/main/tinc/tinc.confd
@@ -0,0 +1,20 @@
+# Tinc VPN conf.d for Alpine Linux
+
+# Set extra tincd command line options here
+
+# Add vpns to /etc/conf.d/tinc.networks & tinc will use any 'EXTRA' settings
+# defined here below.
+#
+# Do NOT set '-L' to lock memory --> Alpine's Grsecurity Kernel will kill tincd.
+# If running tinc in a chroot iptables commands will not work in tinc-down.
+# See stop() in /etc/init.d/tincd for an example to add tinc-down functionality.
+
+## for debugging
+#EXTRA="--debug=5"
+
+## run as tincvpn user in a chroot:
+#EXTRA="--debug=1 -R -U tincvpn"
+
+## disable individual log files
+#SYSLOG=yes
+
diff --git a/main/tinc/tinc.networks b/main/tinc/tinc.networks
index e1844ce..b88b5dc 100644
--- a/main/tinc/tinc.networks
+++ b/main/tinc/tinc.networks
@@ -1,5 +1,5 @@
 # file: /etc/conf.d/tinc.networks for /etc/init.d/tincd
- 
+
 # In this file you define the tinc networks you want to connect to
 
 # USAGE:
@@ -9,5 +9,5 @@
 # if you want to connect to multiple VPN's just set them behind each other. e.g.
 # NETWORK: foo
 # NETWORK: bar
-# 
+#
 # this would join the network foo and the network bar.
diff --git a/main/tinc/tinc.post-install b/main/tinc/tinc.post-install
new file mode 100644
index 0000000..cabf018
--- /dev/null
+++ b/main/tinc/tinc.post-install
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+NORMAL="\033[1;0m"
+STRONG="\033[1;1m"
+GREEN="\033[1;32m"
+
+print_strong() {
+        local prompt="${STRONG}$1 ${GREEN}$2${NORMAL} ${STRONG}$3${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
+addgroup -S tincvpn 2>/dev/null
+adduser -H -h /etc/tinc -S -g tincvpn -D -s /sbin/nologin tincvpn 2>/dev/null
+print_strong "tincvpn user:group created " ">>> enable chroot in:" "/etc/conf.d/tinc"
+exit 0
diff --git a/main/tinc/tincd.initd b/main/tinc/tincd.initd
index 6ed1bef..0b806b9 100644
--- a/main/tinc/tincd.initd
+++ b/main/tinc/tincd.initd
@@ -1,19 +1,22 @@
 #!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd,v 1.5 2008/04/01 14:08:45 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd,v 1.9 2013/09/01 12:22:46 blueness Exp $
 
 extra_started_commands="reload"
 
+NETS="/etc/conf.d/tinc.networks"
+DAEMON="/usr/sbin/tincd"
+. /etc/conf.d/tinc
+
 depend() {
 	use logger dns
 	need net
 }
 
 checkconfig() {
-	if ! grep -q '^ *NETWORK:' /etc/conf.d/tinc.networks 
-	then
-		eerror "No VPN networks configured in /etc/conf.d/tinc.networks"
+	if ! grep -q '^ *NETWORK:' "${NETS}" ; then
+		eerror "No VPN networks configured in ${NETS}"
 		return 1
 	fi
 }
@@ -21,15 +24,21 @@ checkconfig() {
 start() {
 	checkconfig || return 1
 	ebegin "Starting tinc VPN networks"
-	eend 0
-	awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET
+	awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME
 	do
-		if [ ! -f /etc/tinc/"$TINCNET"/tinc.conf ] 
-		then
-			eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !"
+		CONFIG="/etc/tinc/${NETNAME}/tinc.conf"
+		PIDFILE="/var/run/tinc.${NETNAME}.pid"
+		if [ ! -f "${CONFIG}" ]; then
+			eerror "Cannot start network ${NETNAME}."
+			eerror "Please set up ${CONFIG} !"
 		else
-			ebegin "Starting tinc network $TINCNET"
-			/usr/sbin/tincd --net="$TINCNET" --logfile=/var/log/tinc.$TINCNET.log --pidfile=/var/run/tinc.$TINCNET.pid
+			ebegin "Starting tinc network ${NETNAME}"
+			if [ "${SYSLOG}" == "yes" ]; then
+				LOG=""
+			else
+				LOG="--logfile=/var/log/tinc.${NETNAME}.log"
+			fi
+			start-stop-daemon --start --exec "${DAEMON}" --pidfile "${PIDFILE}" -- --net="${NETNAME}" ${LOG} --pidfile "${PIDFILE}" ${EXTRA} 
 			eend $?
 		fi
 	done
@@ -37,28 +46,39 @@ start() {
 
 stop() {
 	ebegin "Stopping tinc VPN networks"
-	eend 0
-	awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET
+	awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME
 	do
-		if [ -f /var/run/tinc."$TINCNET".pid ]
-		then
-			ebegin "Stopping tinc network $TINCNET"
-			/usr/sbin/tincd --kill --pidfile=/var/run/tinc."$TINCNET".pid
+		PIDFILE="/var/run/tinc.${NETNAME}.pid"
+		if [ -f "${PIDFILE}" ]; then
+			ebegin "Stopping tinc network ${NETNAME}"
+			start-stop-daemon --stop --pidfile "${PIDFILE}"
 			eend $?
 		fi
 	done
+
+	# tinc chroot means iptables commands will not work in tinc-down
+        if echo "${EXTRA}" | grep "R -U tincvpn" 1>/dev/null; then
+                ewarn "modify stop() in /etc/init.d/tincd to include tinc-down functionality"
+		# einfo "Flushing & Restoring iptables with default deny policy"
+                # iptables-restore < /etc/iptables/up.rules
+        fi
 }
 
 reload() {
 	ebegin "Reloading configuration for tinc VPN networks"
-	eend 0
-	awk '/^ *NETWORK:/ { print $2 }' /etc/conf.d/tinc.networks | while read TINCNET
+	awk '/^ *NETWORK:/ { print $2 }' "${NETS}" | while read NETNAME
 	do
-		if [ -f /var/run/tinc."$TINCNET".pid ]
-		then
-			ebegin "Reloading tinc network $TINCNET"
-			/usr/sbin/tincd --kill HUP  --pidfile=/var/run/tinc."$TINCNET".pid
+		PIDFILE="/var/run/tinc.${NETNAME}.pid"
+		if [ -f "${PIDFILE}" ]; then
+			ebegin "Reloading tinc network ${NETNAME}"
+			start-stop-daemon --signal HUP --pidfile ${PIDFILE}
 			eend $?
 		fi
 	done
 }
+
+restart() {
+	# 'rc-service tincd restart' does not run stop()
+        stop; start
+}
+
diff --git a/main/tinc/tincd.lo.initd b/main/tinc/tincd.lo.initd
deleted file mode 100644
index afa0156..0000000
--- a/main/tinc/tincd.lo.initd
@@ -1,46 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tinc/files/tincd.lo,v 1.1 2010/07/18 10:04:56 dragonheart Exp $
-
-extra_started_commands="reload"
-
-depend()
-{
-	use logger dns
-	need net
-}
-
-start()
-{
-	TINCNET=${RC_SVCNAME#*.}
-	if [ -f /etc/tinc/"$TINCNET"/tinc.conf ] ; then
-		ebegin "Starting tinc network $TINCNET"
-		/usr/sbin/tincd --debug=1 --net="$TINCNET" --logfile=/var/log/tinc.$TINCNET.log --pidfile=/var/run/tinc.$TINCNET.pid
-		eend $?
-	else
-		eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !"
-	fi
-}
-
-stop()
-{
-	TINCNET=${RC_SVCNAME#*.}
-	if [ -f /var/run/tinc."$TINCNET".pid ] ; then
-		ebegin "Stopping tinc network $TINCNET"
-		/usr/sbin/tincd --kill --pidfile=/var/run/tinc."$TINCNET".pid
-		eend $?
-	else
-		eerror "Cannot start network $TINCNET, /etc/tinc/$TINCNET/tinc.conf does not exist !"
-	fi
-}
-
-reload()
-{
-	TINCNET=${RC_SVCNAME#*.}
-	if [ -f /var/run/tinc."$TINCNET".pid ] ; then
-		ebegin "Reloading configuration for tinc network $TINCNET"
-		/usr/sbin/tincd --kill HUP --pidfile=/var/run/tinc."$TINCNET".pid
-		eend $?
-	fi
-}
-- 
1.9.1



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---