From: Alin Năstac Date: Thu, 12 Apr 2007 07:38:33 +0000 (+0000) Subject: Fix security bug #174206. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ac7b15da5350e066419a1b42a91bfdca0952a0eb;p=gentoo.git Fix security bug #174206. Package-Manager: portage-2.1.2.3 --- diff --git a/net-misc/quagga/ChangeLog b/net-misc/quagga/ChangeLog index adb3be759060..aa0b922b89aa 100644 --- a/net-misc/quagga/ChangeLog +++ b/net-misc/quagga/ChangeLog @@ -2,7 +2,14 @@ # Copyright 1999-2007 Gentoo Foundation # Copyright 2003-2004 DataCore GmbH # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.49 2007/03/18 08:45:03 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.50 2007/04/12 07:38:33 mrness Exp $ + +*quagga-0.99.6-r1 (12 Apr 2007) +*quagga-0.98.6-r2 (12 Apr 2007) + + 12 Apr 2007; Alin Năstac +quagga-0.98.6-r2.ebuild, + +quagga-0.99.6-r1.ebuild: + Fix security bug #174206. 18 Mar 2007; Alin Năstac -quagga-0.99.5.ebuild: Remove obsolete testing version. diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest index f807c69f04e0..dbd908471dc8 100644 --- a/net-misc/quagga/Manifest +++ b/net-misc/quagga/Manifest @@ -38,21 +38,31 @@ MD5 6d51e9fca8d206a6d9d1d9fde793b48f files/zebra.init 1013 RMD160 1cb01c0b95fd8a49d442b2a0c1d900e1cee7d477 files/zebra.init 1013 SHA256 7eac27ca9661fb453a93b131bfbf69e409a06f65c2cedb83cdd55869d6871236 files/zebra.init 1013 DIST quagga-0.98.6-patches-20060511.tar.gz 19251 RMD160 0c46dc9aac99a74871bf12523e4ed5de17baba01 SHA1 a44a3c7323102e483401db95723f529097256672 SHA256 bb94ec2897fac3c15454c6f25e6346be087db04ba4718cb629b7b41b63da1173 +DIST quagga-0.98.6-patches-20070412.tar.gz 21339 RMD160 25263a2f4393f6610076f4292003e7bf83ef1b3a SHA1 26ecd5ac98a2f6db7e0edc199c186a79ebf9c166 SHA256 d5f713f1720b59910731236b2b5babe8d2a7bc1074114c16e00e41d504a4c01e DIST quagga-0.98.6.tar.gz 2019992 RMD160 e15cd93b5d321660d7e29fc27174352967342879 SHA1 2234d1235f504e9dc5865cc8d5fd4e250bf43ed5 SHA256 a84e1aac4e666929abd1942fa8958d9ef0d0bbf605f47d5c2a09f6be716987a1 DIST quagga-0.99.6-patches-20070112.tar.gz 17361 RMD160 d8704b3dbb8ba550fc7aa0fa9ad6e9ee5007aac6 SHA1 b8813902cf4354fe142e54924d9a3ce70614d691 SHA256 967e31f3bc8d79a107ad619b35204c1d626fba6eb4e4fb33418f56a815c5d213 +DIST quagga-0.99.6-patches-20070412.tar.gz 18681 RMD160 98522ee7c8ac9233458c855781c9a29c81706f44 SHA1 5e668a5cecacb2fc046cf9996ff91f114490a2df SHA256 3f6886a00cb2591f909c4f180a9e258ada78721b5267ef9dc61484c58b62cde7 DIST quagga-0.99.6.tar.gz 2324051 RMD160 0dbeedc6d64ea7266677e88f951adc2f63d02935 SHA1 eb35c4bf2a8da4fdf66f2a7eb7724852b0f7e017 SHA256 a22c927f9ceb7152b0c45c939ccb81217c8d614f3c411c86781b24520f2ec15a EBUILD quagga-0.98.6-r1.ebuild 5089 RMD160 5651737641dbb5646a6c020e6a99acac1edd70af SHA1 e9507728c1b9c36aa76f0cc154c092b678b748fc SHA256 2982a9d62c04d4b229557198bd3e5aae6e3b070dcd5cc42e941626595a065300 MD5 6255b83707ebb2d6d0a4bd77dbec5d71 quagga-0.98.6-r1.ebuild 5089 RMD160 5651737641dbb5646a6c020e6a99acac1edd70af quagga-0.98.6-r1.ebuild 5089 SHA256 2982a9d62c04d4b229557198bd3e5aae6e3b070dcd5cc42e941626595a065300 quagga-0.98.6-r1.ebuild 5089 +EBUILD quagga-0.98.6-r2.ebuild 5170 RMD160 6ecee25c75467eeda5649c8d8b5e901a4f164497 SHA1 41988907f8efcbb349e820f9471e72caaa7f8fd2 SHA256 1485cfcaa90153fbcdebf86fed648441a9f33b630050885b4fe1e18c1dad86ff +MD5 82f2ba273a558cfcaca241d37a7cd381 quagga-0.98.6-r2.ebuild 5170 +RMD160 6ecee25c75467eeda5649c8d8b5e901a4f164497 quagga-0.98.6-r2.ebuild 5170 +SHA256 1485cfcaa90153fbcdebf86fed648441a9f33b630050885b4fe1e18c1dad86ff quagga-0.98.6-r2.ebuild 5170 +EBUILD quagga-0.99.6-r1.ebuild 4022 RMD160 71ca08b3ad6d7a5169e6cc6963c41ef8b270a0ee SHA1 3ed6591fe10813fbaa0dbfb2e6cdb9dbc8b3a270 SHA256 ab6c9d481e18765a5a0a06edf311f9e26b566bee9216ce35edd7075cf3ab2ddd +MD5 3e2e923706b94a4d130053b884bbcec9 quagga-0.99.6-r1.ebuild 4022 +RMD160 71ca08b3ad6d7a5169e6cc6963c41ef8b270a0ee quagga-0.99.6-r1.ebuild 4022 +SHA256 ab6c9d481e18765a5a0a06edf311f9e26b566bee9216ce35edd7075cf3ab2ddd quagga-0.99.6-r1.ebuild 4022 EBUILD quagga-0.99.6.ebuild 3943 RMD160 6734457d5ada5f3f1a923cd403952c92338f4ffe SHA1 831e6bfb67f7dec1f351070cd3ef947274b91862 SHA256 4e48c3b643d7fa1b929c3f5a3b5febd296325b4f13c53f7c629e918aa6fd0d38 MD5 6a7ef034bd6a351f38d5f2c0ad797497 quagga-0.99.6.ebuild 3943 RMD160 6734457d5ada5f3f1a923cd403952c92338f4ffe quagga-0.99.6.ebuild 3943 SHA256 4e48c3b643d7fa1b929c3f5a3b5febd296325b4f13c53f7c629e918aa6fd0d38 quagga-0.99.6.ebuild 3943 -MISC ChangeLog 13605 RMD160 93e0e485f65c7aea3552a5936b55775b68e0d6cd SHA1 9bbf9691aebcd48f64b5edf981dd5ddd4ceb54fc SHA256 a8f067a306d9fc5556684a5183fd80d658cf49ba71a5070d754f723bda0146f6 -MD5 889c3845c1b74579884942cfa7b34339 ChangeLog 13605 -RMD160 93e0e485f65c7aea3552a5936b55775b68e0d6cd ChangeLog 13605 -SHA256 a8f067a306d9fc5556684a5183fd80d658cf49ba71a5070d754f723bda0146f6 ChangeLog 13605 +MISC ChangeLog 13801 RMD160 d7d14438c22f39024dbd944cf1a939067a308a88 SHA1 2f4203d93f700417bcd173249fc0bc3e0abcfa10 SHA256 4919c08201d27ba71964a9a6c0ac20cfc54bf3ccfd1349ca4a3ed859d3a47a48 +MD5 d6b062afba151b2af98aa865eab3f2a2 ChangeLog 13801 +RMD160 d7d14438c22f39024dbd944cf1a939067a308a88 ChangeLog 13801 +SHA256 4919c08201d27ba71964a9a6c0ac20cfc54bf3ccfd1349ca4a3ed859d3a47a48 ChangeLog 13801 MISC metadata.xml 1301 RMD160 2f07ee712c18a121b153385c20a69ceee57395aa SHA1 0d1a07e1b3821ec910b98531511f51f733915a8d SHA256 b6b92c898b68e0c1a270fbd47b91321e9a0db76068990fcbbd93ad83246b4cbb MD5 558920a085e2065a8aef6eca3e1896fb metadata.xml 1301 RMD160 2f07ee712c18a121b153385c20a69ceee57395aa metadata.xml 1301 @@ -60,13 +70,19 @@ SHA256 b6b92c898b68e0c1a270fbd47b91321e9a0db76068990fcbbd93ad83246b4cbb metadata MD5 fd0be646cb5258a11bb1a1ab1c29435d files/digest-quagga-0.98.6-r1 533 RMD160 5639c4a7c18287a5f808a420bb58f29e210d5910 files/digest-quagga-0.98.6-r1 533 SHA256 16c8576b8842fd33e5545deed73e9d2c4a0a3530e8e9556b567695551a714716 files/digest-quagga-0.98.6-r1 533 +MD5 c6da0bf18d4cfb3ae7bbb66f5419a3dd files/digest-quagga-0.98.6-r2 533 +RMD160 3cb563e1955d78866bc24c3e55550cc2c6ee3037 files/digest-quagga-0.98.6-r2 533 +SHA256 7b0ebb8fdc2a981af64fa6572f643290fd954224084fea2e0ed11d7051abfe19 files/digest-quagga-0.98.6-r2 533 MD5 020249364f04aca6a99c4a884a11a344 files/digest-quagga-0.99.6 533 RMD160 1f613d61d300c0a90644025df7e68b4845738c3e files/digest-quagga-0.99.6 533 SHA256 9ff7f2ca0f6759755a3679f8fea920f3d205e3e7f28af0d53a54bd582333bd07 files/digest-quagga-0.99.6 533 +MD5 19e5e99d1bb4599eede48e35b2b52789 files/digest-quagga-0.99.6-r1 533 +RMD160 2f4e183cd1f2f37fe2324a4fc0d9108a1fed07ea files/digest-quagga-0.99.6-r1 533 +SHA256 84863559e220e18d5c999681c2549385cf9f95aa95ee31c59e77d727fcca9bf4 files/digest-quagga-0.99.6-r1 533 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) -iD8DBQFF/PwVJnxX6mF440QRAiV/AKCZKO+e/yHbIwSRNUDb6cg32M0buACffckZ -B9PorXlzttuXs/Y1gR18Nd8= -=K8jn +iD8DBQFGHeIEJnxX6mF440QRAtdjAKDKimTaSf9KehmQVA6/IcX24MukWgCg4F7G +abnWf3uEszKSUUoC3MkCQHg= +=InZg -----END PGP SIGNATURE----- diff --git a/net-misc/quagga/files/digest-quagga-0.98.6-r2 b/net-misc/quagga/files/digest-quagga-0.98.6-r2 new file mode 100644 index 000000000000..040cbeeb22f3 --- /dev/null +++ b/net-misc/quagga/files/digest-quagga-0.98.6-r2 @@ -0,0 +1,6 @@ +MD5 edcad599d250b3533770a99b9087a7fd quagga-0.98.6-patches-20070412.tar.gz 21339 +RMD160 25263a2f4393f6610076f4292003e7bf83ef1b3a quagga-0.98.6-patches-20070412.tar.gz 21339 +SHA256 d5f713f1720b59910731236b2b5babe8d2a7bc1074114c16e00e41d504a4c01e quagga-0.98.6-patches-20070412.tar.gz 21339 +MD5 b0d4132039953a0214256873b7d23d68 quagga-0.98.6.tar.gz 2019992 +RMD160 e15cd93b5d321660d7e29fc27174352967342879 quagga-0.98.6.tar.gz 2019992 +SHA256 a84e1aac4e666929abd1942fa8958d9ef0d0bbf605f47d5c2a09f6be716987a1 quagga-0.98.6.tar.gz 2019992 diff --git a/net-misc/quagga/files/digest-quagga-0.99.6-r1 b/net-misc/quagga/files/digest-quagga-0.99.6-r1 new file mode 100644 index 000000000000..383937ea0ffc --- /dev/null +++ b/net-misc/quagga/files/digest-quagga-0.99.6-r1 @@ -0,0 +1,6 @@ +MD5 e36462c874d2ba0f71c830db87292fb1 quagga-0.99.6-patches-20070412.tar.gz 18681 +RMD160 98522ee7c8ac9233458c855781c9a29c81706f44 quagga-0.99.6-patches-20070412.tar.gz 18681 +SHA256 3f6886a00cb2591f909c4f180a9e258ada78721b5267ef9dc61484c58b62cde7 quagga-0.99.6-patches-20070412.tar.gz 18681 +MD5 78137ecaa66ff4c3780bd05f60e51cf5 quagga-0.99.6.tar.gz 2324051 +RMD160 0dbeedc6d64ea7266677e88f951adc2f63d02935 quagga-0.99.6.tar.gz 2324051 +SHA256 a22c927f9ceb7152b0c45c939ccb81217c8d614f3c411c86781b24520f2ec15a quagga-0.99.6.tar.gz 2324051 diff --git a/net-misc/quagga/quagga-0.98.6-r2.ebuild b/net-misc/quagga/quagga-0.98.6-r2.ebuild new file mode 100644 index 000000000000..7c35d7d668a8 --- /dev/null +++ b/net-misc/quagga/quagga-0.98.6-r2.ebuild @@ -0,0 +1,142 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.98.6-r2.ebuild,v 1.1 2007/04/12 07:38:33 mrness Exp $ + +WANT_AUTOMAKE="latest" +WANT_AUTOCONF="latest" + +inherit eutils multilib autotools + +DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Includes OSPFAPI, NET-SNMP and IPV6 support." +HOMEPAGE="http://quagga.net/" +SRC_URI="http://www.quagga.net/download/${P}.tar.gz + mirror://gentoo/${P}-patches-20070412.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86" +IUSE="ipv6 snmp pam tcpmd5 bgpclassless ospfapi realms fix-connected-rt multipath tcp-zebra" +RESTRICT="userpriv" + +DEPEND=">=sys-libs/libcap-1.10-r5 + snmp? ( net-analyzer/net-snmp ) + pam? ( sys-libs/pam )" +RDEPEND="${DEPEND} + sys-apps/iproute2" + +src_unpack() { + unpack ${A} || die "failed to unpack sources" + + cd "${S}" || die "source dir not found" + # Fix security quagga bug 355 + epatch "${WORKDIR}/patch/bgpd-bug-355.diff" + #Patch to fix RIP authentication problem in 0.98.6 (#132353) + #DO NOT USE IT IN ANY OTHER VERSIONS! + epatch "${WORKDIR}/patch/ripd-show-ifaces.diff" + + # TCP MD5 for BGP patch for Linux (RFC 2385) - http://hasso.linux.ee/doku.php/english:network:rfc2385 + use tcpmd5 && epatch "${WORKDIR}/patch/ht-20050321-0.98.2-bgp-md5.patch" + + # Classless prefixes for BGP - http://hasso.linux.ee/doku.php/english:network:quagga + use bgpclassless && epatch "${WORKDIR}/patch/ht-20040304-classless-bgp.patch" + + # Connected route fix (Amir Guindehi) - http://voidptr.sboost.org/quagga/amir-connected-route.patch.bz2 + # Dependant on the use flag 'fix-connected-rt' because it seems that more peoples have troubles + # with this than having a benefit. + # This patch fixes a bad behavior of the Linux kernel routing packets to interfaces which are + # down. Folks with PtP interfaces and VLans report troubles with this patch. Enable it again + # if you get a problem because your kernel routes packets to a downed interface. + use fix-connected-rt && epatch "${WORKDIR}/patch/amir-connected-route.patch" + + # Realms support (Calin Velea) - http://vcalinus.gemenii.ro/quaggarealms.html + use realms && epatch "${WORKDIR}/patch/${P}-realms.diff" + + # regenerate configure and co if we touch .ac or .am files + eautoreconf +} + +src_compile() { + local myconf="--disable-static --enable-dynamic" + + use ipv6 \ + && myconf="${myconf} --enable-ipv6 --enable-ripng --enable-ospf6d --enable-rtadv" \ + || myconf="${myconf} --disable-ipv6 --disable-ripngd --disable-ospf6d" + use ospfapi \ + && myconf="${myconf} --enable-opaque-lsa --enable-ospf-te --enable-ospfclient" + use snmp && myconf="${myconf} --enable-snmp" + use pam && myconf="${myconf} --with-libpam" + use tcpmd5 && myconf="${myconf} --enable-tcp-md5" + use realms && myconf="${myconf} --enable-realms" + use multipath && myconf="${myconf} --enable-multipath=0" + use tcp-zebra && myconf="${myconf} --enable-tcp-zebra" + + econf \ + --enable-nssa \ + --enable-user=quagga \ + --enable-group=quagga \ + --enable-vty-group=quagga \ + --with-cflags="${CFLAGS}" \ + --enable-vtysh \ + --sysconfdir=/etc/quagga \ + --enable-exampledir=/etc/quagga/samples \ + --localstatedir=/var/run/quagga \ + --libdir=/usr/$(get_libdir)/quagga \ + ${myconf} \ + || die "configure failed" + emake || die "make failed" +} + +src_install() { + einstall \ + localstatedir="${D}/var/run/quagga" \ + sysconfdir="${D}/etc/quagga" \ + exampledir="${D}/etc/quagga/samples" \ + libdir="${D}/usr/$(get_libdir)/quagga" || die "make install failed" + + keepdir /var/run/quagga || die + + local i MY_SERVICES_LIST="zebra ripd ospfd bgpd" + use ipv6 && MY_SERVICES_LIST="${MY_SERVICES_LIST} ripngd ospf6d" + for i in ${MY_SERVICES_LIST} ; do + newinitd "${FILESDIR}/${i}.init" ${i} || die "failed to install ${i} init.d script" + done + newconfd "${FILESDIR}/zebra.conf" zebra || die "failed to install zebra conf.d script" + + if use pam; then + insinto /etc/pam.d + newins "${FILESDIR}/quagga.pam" quagga + fi + + newenvd "${FILESDIR}/quagga.env" 99quagga +} + +pkg_preinst() { + enewgroup quagga + enewuser quagga -1 -1 /var/empty quagga +} + +pkg_postinst() { + # empty dir for pid files for the new priv separation auth + #set proper owner/group/perms even if dir already existed + install -d -m0770 -o root -g quagga "${ROOT}/etc/quagga" + install -d -m0755 -o quagga -g quagga "${ROOT}/var/run/quagga" + + einfo "Sample configuration files can be found in /etc/quagga/samples." + einfo "You have to create config files in /etc/quagga before" + einfo "starting one of the daemons." + + if use tcpmd5; then + echo + ewarn "TCP MD5 for BGP needs a patched kernel!" + einfo "See http://hasso.linux.ee/doku.php/english:network:rfc2385 for more info." + fi + + if use ipv6; then + echo + ewarn "This version of quagga contains a netlink race condition fix that triggered a kernel bug" + ewarn "which affects IPv6 users who have a kernel version < 2.6.13-rc6." + einfo "See following links for more info:" + einfo " http://lists.quagga.net/pipermail/quagga-dev/2005-June/003507.html" + einfo " http://bugzilla.quagga.net/show_bug.cgi?id=196" + fi +} diff --git a/net-misc/quagga/quagga-0.99.6-r1.ebuild b/net-misc/quagga/quagga-0.99.6-r1.ebuild new file mode 100644 index 000000000000..ad23d4e1023c --- /dev/null +++ b/net-misc/quagga/quagga-0.99.6-r1.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.99.6-r1.ebuild,v 1.1 2007/04/12 07:38:33 mrness Exp $ + +WANT_AUTOMAKE="latest" +WANT_AUTOCONF="latest" + +inherit eutils multilib autotools + +DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Includes OSPFAPI, NET-SNMP and IPV6 support." +HOMEPAGE="http://quagga.net/" +SRC_URI="http://www.quagga.net/download/${P}.tar.gz + mirror://gentoo/${P}-patches-20070412.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~s390 ~sparc ~x86" +IUSE="ipv6 snmp pam tcpmd5 bgpclassless ospfapi realms multipath tcp-zebra" +RESTRICT="userpriv" + +DEPEND=">=sys-libs/libcap-1.10-r5 + snmp? ( net-analyzer/net-snmp ) + pam? ( sys-libs/pam )" +RDEPEND="${DEPEND} + sys-apps/iproute2" + +src_unpack() { + unpack ${A} || die "failed to unpack sources" + + cd "${S}" || die "source dir not found" + # Fix security quagga bug 354 + epatch "${WORKDIR}/patch/bgpd-bug-354.diff" + epatch "${WORKDIR}/patch/${P}-link-libcap.patch" + + # TCP MD5 for BGP patch for Linux (RFC 2385) - http://hasso.linux.ee/doku.php/english:network:rfc2385 + use tcpmd5 && epatch "${WORKDIR}/patch/ht-20050321-0.99.6-bgp-md5_adapted.patch" + + # Classless prefixes for BGP - http://hasso.linux.ee/doku.php/english:network:quagga + use bgpclassless && epatch "${WORKDIR}/patch/ht-20040304-classless-bgp_adapted.patch" + + # Realms support (Calin Velea) - http://vcalinus.gemenii.ro/quaggarealms.html + use realms && epatch "${WORKDIR}/patch/${P}-realms.diff" + + eautoreconf +} + +src_compile() { + local myconf="--disable-static --enable-dynamic" + + use ipv6 \ + && myconf="${myconf} --enable-ipv6 --enable-ripng --enable-ospf6d --enable-rtadv" \ + || myconf="${myconf} --disable-ipv6 --disable-ripngd --disable-ospf6d" + use ospfapi \ + && myconf="${myconf} --enable-opaque-lsa --enable-ospf-te --enable-ospfclient" + use snmp && myconf="${myconf} --enable-snmp" + use pam && myconf="${myconf} --with-libpam" + use tcpmd5 && myconf="${myconf} --enable-tcp-md5" + use realms && myconf="${myconf} --enable-realms" + use multipath && myconf="${myconf} --enable-multipath=0" + use tcp-zebra && myconf="${myconf} --enable-tcp-zebra" + + econf \ + --enable-nssa \ + --enable-user=quagga \ + --enable-group=quagga \ + --enable-vty-group=quagga \ + --with-cflags="${CFLAGS}" \ + --enable-vtysh \ + --sysconfdir=/etc/quagga \ + --enable-exampledir=/etc/quagga/samples \ + --localstatedir=/var/run/quagga \ + --libdir=/usr/$(get_libdir)/quagga \ + ${myconf} \ + || die "configure failed" + emake || die "make failed" +} + +src_install() { + einstall \ + localstatedir="${D}/var/run/quagga" \ + sysconfdir="${D}/etc/quagga" \ + exampledir="${D}/etc/quagga/samples" \ + libdir="${D}/usr/$(get_libdir)/quagga" || die "make install failed" + + keepdir /var/run/quagga + + local i MY_SERVICES_LIST="zebra ripd ospfd bgpd" + use ipv6 && MY_SERVICES_LIST="${MY_SERVICES_LIST} ripngd ospf6d" + for i in ${MY_SERVICES_LIST} ; do + newinitd "${FILESDIR}/${i}.init" ${i} || die "failed to install ${i} init.d script" + done + newconfd "${FILESDIR}/zebra.conf" zebra || die "failed to install zebra conf.d script" + + if use pam; then + insinto /etc/pam.d + newins "${FILESDIR}/quagga.pam" quagga + fi + + newenvd "${FILESDIR}/quagga.env" 99quagga +} + +pkg_preinst() { + enewgroup quagga + enewuser quagga -1 -1 /var/empty quagga +} + +pkg_postinst() { + # empty dir for pid files for the new priv separation auth + #set proper owner/group/perms even if dir already existed + install -d -m0770 -o root -g quagga "${ROOT}/etc/quagga" + install -d -m0755 -o quagga -g quagga "${ROOT}/var/run/quagga" + + einfo "Sample configuration files can be found in /etc/quagga/samples." + einfo "You have to create config files in /etc/quagga before" + einfo "starting one of the daemons." + + if use tcpmd5; then + echo + ewarn "TCP MD5 for BGP needs a patched kernel!" + ewarn "See http://hasso.linux.ee/doku.php/english:network:rfc2385 for more info." + fi +}