From: Michael Orlitzky Date: Mon, 31 Aug 2015 16:08:49 +0000 (-0400) Subject: net-analyzer/nrpe: revbump to add selinux and no-ssl support. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e05d77e5b5a85672092c5c156b1371da178b520f;p=gentoo.git net-analyzer/nrpe: revbump to add selinux and no-ssl support. Add a conditional dep on sec-policy/selinux-nagios, and pull in an (unreleased) upstream patch to fix the build when USE="-ssl". Also add a slot on the openssl dependency to make repoman happy. Bug: 462572 Bug: 554536 Package-Manager: portage-2.2.20.1 --- diff --git a/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch new file mode 100644 index 000000000000..3b3fc135455f --- /dev/null +++ b/net-analyzer/nrpe/files/nrpe-2.15-no-ssl.patch @@ -0,0 +1,39 @@ +Without this patch, you can't build nrpe without SSL support. It was +originally submitted on the Nagios forums by user Matthew L. Daniel: + + https://support.nagios.com/forum/viewtopic.php?t=27027 + +It was merged into the upstream github repo (NagiosEnterprises/nrpe) +in commit 3736fdeeac11a. + + +diff --git a/src/nrpe.c b/src/nrpe.c +index 4bc849b..1e55ab4 100644 +--- a/src/nrpe.c ++++ b/src/nrpe.c +@@ -102,7 +102,9 @@ int use_src=FALSE; /* Define parameter for SRC option */ + int listen_queue_size=DEFAULT_LISTEN_QUEUE_SIZE; + + ++#ifdef HAVE_SSL + void complete_SSL_shutdown( SSL *); ++#endif + + + int main(int argc, char **argv){ +@@ -1815,6 +1817,7 @@ int remove_pid_file(void){ + return OK; + } + ++#ifdef HAVE_SSL + void complete_SSL_shutdown( SSL *ssl) { + + /* +@@ -1835,6 +1838,7 @@ void complete_SSL_shutdown( SSL *ssl) { + if( SSL_shutdown( ssl)) break; + } + } ++#endif/*HAVE_SSL*/ + + /* bail if daemon is running as root */ + int check_privileges(void){ diff --git a/net-analyzer/nrpe/nrpe-2.15-r3.ebuild b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild new file mode 100644 index 000000000000..906120d2359c --- /dev/null +++ b/net-analyzer/nrpe/nrpe-2.15-r3.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils systemd toolchain-funcs multilib user autotools + +DESCRIPTION="Nagios Remote Plugin Executor" +HOMEPAGE="http://www.nagios.org/" +SRC_URI="mirror://sourceforge/nagios/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="command-args minimal selinux ssl tcpd" + +DEPEND="ssl? ( dev-libs/openssl:0 ) + !minimal? ( tcpd? ( sys-apps/tcp-wrappers ) )" +RDEPEND="${DEPEND} + !minimal? ( + || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins ) + ) + selinux? ( sec-policy/selinux-nagios )" + +pkg_setup() { + enewgroup nagios + enewuser nagios -1 /bin/bash /dev/null nagios + + elog "If you plan to use \"nrpe_check_control\" then you may want to specify" + elog "different command and services files. You can override the defaults" + elog "through the \"NAGIOS_COMMAND_FILE\" and \"NAGIOS_SERVICES_FILE\" environment variables." + elog "NAGIOS_COMMAND_FILE=${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}" + elog "NAGIOS_SERVICES_FILE=${NAGIOS_SERVICES_FILE:-/etc/services.cfg}" +} + +src_prepare() { + # Add support for large output, + # http://opsview-blog.opsera.com/dotorg/2008/08/enhancing-nrpe.html + epatch "${FILESDIR}"/${PN}-2.14-multiline.patch + + # fix configure, among others #326367, #397603 + epatch "${FILESDIR}"/${PN}-2.15-tcpd-et-al.patch + + # otherwise autoconf will overwrite the custom include/config.h.in + epatch "${FILESDIR}"/${PN}-2.15-autoconf-header.patch + + # improve handling of metachars for security + epatch "${FILESDIR}"/${PN}-2.15-metachar-security-fix.patch + + # Fix build with USE="-ssl". + epatch "${FILESDIR}"/${PN}-2.15-no-ssl.patch + + sed -i -e '/define \(COMMAND\|SERVICES\)_FILE/d' \ + contrib/nrpe_check_control.c || die + + # change the default location of the pid file + sed -i -e '/pid_file/s:/var/run:/run:' sample-config/nrpe.cfg.in || die + + # fix TFU handling of autoheader + sed -i -e '/#undef/d' include/config.h.in || die + + eautoreconf +} + +src_configure() { + local myconf + if use minimal; then + myconf="--disable-tcp-wrapper --disable-command-args" + else + myconf="$(use_enable tcpd tcp-wrapper) $(use_enable command-args)" + fi + + econf \ + --libexecdir=/usr/$(get_libdir)/nagios/plugins \ + --localstatedir=/var/nagios \ + --sysconfdir=/etc/nagios \ + --with-nrpe-user=nagios \ + --with-nrpe-group=nagios \ + $(use_enable ssl) \ + ${myconf} +} + +src_compile() { + emake -C src check_nrpe $(use minimal || echo nrpe) + + # Add nifty nrpe check tool + $(tc-getCC) ${CPPFLAGS} ${CFLAGS} \ + -DCOMMAND_FILE=\"${NAGIOS_COMMAND_FILE:-/var/rw/nagios.cmd}\" \ + -DSERVICES_FILE=\"${NAGIOS_SERVICES_FILE:-/etc/services.cfg}\" \ + ${LDFLAGS} -o nrpe_check_control contrib/nrpe_check_control.c || die +} + +src_install() { + dodoc LEGAL Changelog README SECURITY \ + contrib/README.nrpe_check_control \ + $(use ssl && echo README.SSL) + + exeinto /usr/$(get_libdir)/nagios/plugins + doexe src/check_nrpe nrpe_check_control + + use minimal && return 0 + + ## NON-MINIMAL INSTALL FOLLOWS ## + + insinto /etc/nagios + newins sample-config/nrpe.cfg nrpe.cfg + fowners root:nagios /etc/nagios/nrpe.cfg + fperms 0640 /etc/nagios/nrpe.cfg + + exeinto /usr/libexec + doexe src/nrpe + + newinitd "${FILESDIR}"/nrpe.init nrpe + systemd_dounit "${FILESDIR}/${PN}.service" + + insinto /etc/xinetd.d/ + newins "${FILESDIR}/nrpe.xinetd.2" nrpe + + if use tcpd; then + sed -i -e '/^reload()/, /^}/ d' -e '/extra_started_commands/s:reload::' \ + "${D}"/etc/init.d/nrpe + fi +} + +pkg_postinst() { + elog "If you are using the nrpe daemon, remember to edit" + elog "the config file /etc/nagios/nrpe.cfg" + + if use command-args ; then + ewarn "" + ewarn "You have enabled command-args for NRPE. This enables" + ewarn "the ability for clients to supply arguments to commands" + ewarn "which should be run. " + ewarn "THIS IS CONSIDERED A SECURITY RISK!" + ewarn "Please read /usr/share/doc/${PF}/SECURITY.bz2 for more info" + fi +}