commit: a0ef1e9e72f0635a27178352d84d1fe603d5dfee Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Mon Mar 24 16:24:48 2025 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Mon Mar 24 16:24:59 2025 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=a0ef1e9e
net-im/prosody: new package, add 13.0.0 Closes: https://github.com/gentoo/libressl/issues/581 Signed-off-by: orbea <orbea <AT> riseup.net> net-im/prosody/Manifest | 1 + net-im/prosody/files/prosody-0.12.0-gentoo.patch | 29 ++++ net-im/prosody/files/prosody-0.13.0-libressl.patch | 128 +++++++++++++++++ net-im/prosody/files/prosody.initd-r6 | 46 ++++++ net-im/prosody/files/prosody.service-r3 | 17 +++ net-im/prosody/files/prosody.tmpfilesd-r2 | 1 + net-im/prosody/metadata.xml | 19 +++ net-im/prosody/prosody-13.0.0.ebuild | 156 +++++++++++++++++++++ 8 files changed, 397 insertions(+) diff --git a/net-im/prosody/Manifest b/net-im/prosody/Manifest new file mode 100644 index 0000000..b4ae179 --- /dev/null +++ b/net-im/prosody/Manifest @@ -0,0 +1 @@ +DIST prosody-13.0.0.tar.gz 731936 BLAKE2B d54edb90c76c3ec97efe8d8cdd25a2151fc8e2cb0ffa36a9eb43420e5ef88ac2ccb7dd68bd29c8004f9a3ebc93e51894054b56822e87e87ed4be9f64883ed090 SHA512 5e1ae2e3b4a772ce561f85c2de2467a19547b1f5bda3ad2a07fbf25f0e73559f663e3e16afbef6ab8240109add14d37973c2bbc5e2b431090eec1f87898808ff diff --git a/net-im/prosody/files/prosody-0.12.0-gentoo.patch b/net-im/prosody/files/prosody-0.12.0-gentoo.patch new file mode 100644 index 0000000..3b2ba75 --- /dev/null +++ b/net-im/prosody/files/prosody-0.12.0-gentoo.patch @@ -0,0 +1,29 @@ +--- a/prosody.cfg.lua.dist ++++ b/prosody.cfg.lua.dist +@@ -17,6 +17,15 @@ + -- Settings in this section apply to the whole server and are the default settings + -- for any virtual hosts + ++-- Prosody will use this user and group for launching the service. ++-- Gentoo uses by default prosody:prosody (uid:gid) for all Jabber related services. ++prosody_user = "prosody" ++prosody_group = "prosody" ++ ++-- Prosody will create this pid file after it has been successfully started. ++-- Please don't change that path, as it's being used by the Gentoo init scripts. ++pidfile = "/run/prosody/prosody.pid" ++ + -- This is a (by default, empty) list of accounts that are admins + -- for the server. Note that you must create the accounts separately + -- (see https://prosody.im/doc/creating_accounts for info) +@@ -26,7 +35,9 @@ + -- This option allows you to specify additional locations where Prosody + -- will search first for modules. For additional modules you can install, see + -- the community module repository at https://modules.prosody.im/ +---plugin_paths = {} ++-- The default included path is for the optional net-im/prosody-modules package, ++-- which provides additional community maintained modules. ++plugin_paths = { "/usr/GENTOO_LIBDIR/prosody/modules", "/usr/GENTOO_LIBDIR/prosody/community-modules" }; + + -- This is the list of modules Prosody will load on startup. + -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules diff --git a/net-im/prosody/files/prosody-0.13.0-libressl.patch b/net-im/prosody/files/prosody-0.13.0-libressl.patch new file mode 100644 index 0000000..0d4f076 --- /dev/null +++ b/net-im/prosody/files/prosody-0.13.0-libressl.patch @@ -0,0 +1,128 @@ +https://github.com/gentoo/libressl/issues/581 +https://github.com/openbsd/ports/commit/d34065ee251e858e620b2d5c6d4e4af926b13804#diff-9a7f97ecb58b66a9b0e20f0b427a653844409c229d66940e154a3845a90f7943 +https://github.com/openbsd/ports/commit/d34065ee251e858e620b2d5c6d4e4af926b13804#diff-39e1b332d3557a0d3dfeed7fd3bb6cbd7ceea1eaf41959a0bd746ebd52dbc39e + +LibreSSL doesn't provide OSSL_PARAM* + +Index: util-src/crypto.c +--- a/util-src/crypto.c.orig ++++ b/util-src/crypto.c +@@ -27,9 +27,18 @@ typedef unsigned __int32 uint32_t; + #include <openssl/err.h> + #include <openssl/evp.h> + #include <openssl/obj_mac.h> +-#include <openssl/param_build.h> + #include <openssl/pem.h> + ++#include <openssl/opensslv.h> ++#if OPENSSL_VERSION_NUMBER >= 0x30000000 ++#define HAVE_OSSL_PARAM ++#endif ++ ++#ifdef HAVE_OSSL_PARAM ++#include <openssl/param_build.h> ++#endif ++ ++ + #if (LUA_VERSION_NUM == 501) + #define luaL_setfuncs(L, R, N) luaL_register(L, NULL, R) + #endif +@@ -199,6 +208,7 @@ cleanup: + } + + static int Lpkey_meth_public_raw(lua_State *L) { ++#ifdef HAVE_OSSL_PARAM + OSSL_PARAM *params; + EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0); + +@@ -218,6 +228,12 @@ static int Lpkey_meth_public_raw(lua_State *L) { + } + + return 1; ++#else ++ EVP_PKEY *pkey = pkey_from_arg(L, 1, 0, 0); ++ lua_pushnil(L); ++ ++ return 1; ++#endif + } + + static int Lpkey_meth_public_pem(lua_State *L) { +@@ -334,6 +350,7 @@ static int Limport_private_pem(lua_State *L) { + } + + static int Limport_public_ec_raw(lua_State *L) { ++#ifdef HAVE_OSSL_PARAM + OSSL_PARAM_BLD *param_bld = NULL; + OSSL_PARAM *params = NULL; + EVP_PKEY_CTX *ctx = NULL; +@@ -367,6 +384,15 @@ err: + if (param_bld) OSSL_PARAM_BLD_free(param_bld); + lua_pushnil(L); + return 1; ++#else ++ size_t pubkey_bytes; ++ const char* pubkey_data = luaL_checklstring(L, 1, &pubkey_bytes); ++ const char* curve = luaL_checkstring(L, 2); ++ ++ lua_pushnil(L); ++ ++ return 1; ++#endif + } + + static int Limport_public_pem(lua_State *L) { +LibreSSL doesn't implement blake2. + +Index: util-src/hashes.c +--- a/util-src/hashes.c.orig ++++ b/util-src/hashes.c +@@ -115,14 +115,6 @@ static int Lmd5(lua_State *L) { + return Levp_hash(L, EVP_md5()); + } + +-static int Lblake2s256(lua_State *L) { +- return Levp_hash(L, EVP_blake2s256()); +-} +- +-static int Lblake2b512(lua_State *L) { +- return Levp_hash(L, EVP_blake2b512()); +-} +- + static int Lsha3_256(lua_State *L) { + return Levp_hash(L, EVP_sha3_256()); + } +@@ -188,15 +180,7 @@ static int Lhmac_sha3_512(lua_State *L) { + return Levp_hmac(L, EVP_sha3_512()); + } + +-static int Lhmac_blake2s256(lua_State *L) { +- return Levp_hmac(L, EVP_blake2s256()); +-} + +-static int Lhmac_blake2b512(lua_State *L) { +- return Levp_hmac(L, EVP_blake2b512()); +-} +- +- + static int Levp_pbkdf2(lua_State *L, const EVP_MD *evp, size_t out_len) { + unsigned char out[EVP_MAX_MD_SIZE]; + +@@ -292,8 +276,6 @@ static const luaL_Reg Reg[] = { + { "md5", Lmd5 }, + { "sha3_256", Lsha3_256 }, + { "sha3_512", Lsha3_512 }, +- { "blake2s256", Lblake2s256 }, +- { "blake2b512", Lblake2b512 }, + { "hmac_sha1", Lhmac_sha1 }, + { "hmac_sha224", Lhmac_sha224 }, + { "hmac_sha256", Lhmac_sha256 }, +@@ -302,8 +284,6 @@ static const luaL_Reg Reg[] = { + { "hmac_md5", Lhmac_md5 }, + { "hmac_sha3_256", Lhmac_sha3_256 }, + { "hmac_sha3_512", Lhmac_sha3_512 }, +- { "hmac_blake2s256", Lhmac_blake2s256 }, +- { "hmac_blake2b512", Lhmac_blake2b512 }, + { "scram_Hi_sha1", Lpbkdf2_sha1 }, /* COMPAT */ + { "pbkdf2_hmac_sha1", Lpbkdf2_sha1 }, + { "pbkdf2_hmac_sha256", Lpbkdf2_sha256 }, diff --git a/net-im/prosody/files/prosody.initd-r6 b/net-im/prosody/files/prosody.initd-r6 new file mode 100644 index 0000000..e4138c5 --- /dev/null +++ b/net-im/prosody/files/prosody.initd-r6 @@ -0,0 +1,46 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" +name="Prosody XMPP server" +prosody_config="/etc/prosody/prosody.cfg.lua" +prosody_data="/var/lib/prosody" +prosody_logs="/var/log/prosody" +prosody_pid="/run/prosody" +pidfile="${prosody_pid}/prosody.pid" + +command="/usr/bin/prosody" +command_args="--daemonize" +commandctl="/usr/bin/prosodyctl" +command_group="prosody" +command_user="prosody" + +checkconfig() { + if [ ! -f "${prosody_config}" ]; then + eerror "Please create ${prosody_config} before starting Prosody!" + return 1 + fi + + ${commandctl} check config + return $? +} + +depend() { + need net + use dns postgresql +} + +reload() { + ebegin "Reloading configuration" + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} + +start_pre() { + checkconfig || return 1 + + checkpath -d -m 0750 -o "${command_user}:${command_group}" -q "${prosody_data}" + checkpath -d -m 0750 -o "${command_user}:${command_group}" -q "${prosody_logs}" + checkpath -d -m 0750 -o "${command_user}:${command_group}" -q "${prosody_pid}" +} diff --git a/net-im/prosody/files/prosody.service-r3 b/net-im/prosody/files/prosody.service-r3 new file mode 100644 index 0000000..dec39e4 --- /dev/null +++ b/net-im/prosody/files/prosody.service-r3 @@ -0,0 +1,17 @@ +[Unit] +Description=Prosody XMPP server +After=network.target + +[Service] +Group=prosody +PIDFile=/run/prosody/prosody.pid +ExecStart=/usr/bin/prosody --daemonize +ExecReload=/bin/kill -HUP $MAINPID +User=prosody +ExecStartPre=!/bin/mkdir -p /var/log/prosody +ExecStartPre=!/bin/mkdir -p /var/lib/prosody +ExecStartPre=!/bin/chown -R prosody /var/log/prosody +ExecStartPre=!/bin/chown -R prosody /var/lib/prosody + +[Install] +WantedBy=multi-user.target diff --git a/net-im/prosody/files/prosody.tmpfilesd-r2 b/net-im/prosody/files/prosody.tmpfilesd-r2 new file mode 100644 index 0000000..78949f3 --- /dev/null +++ b/net-im/prosody/files/prosody.tmpfilesd-r2 @@ -0,0 +1 @@ +d /run/prosody 750 prosody prosody - - diff --git a/net-im/prosody/metadata.xml b/net-im/prosody/metadata.xml new file mode 100644 index 0000000..0cde39b --- /dev/null +++ b/net-im/prosody/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>[email protected]</email> + <name>Conrad Kostecki</name> + </maintainer> + <longdescription> + Prosody is a modern XMPP communication server. + It aims to be easy to set up and configure, + and efficient with system resources. + Additionally, for developers it aims to be easy to extend + and give a flexible system on which to rapidly develop + added functionality, or prototype new protocols. + </longdescription> + <use> + <flag name="libevent">Use libevent for event handling</flag> + </use> +</pkgmetadata> diff --git a/net-im/prosody/prosody-13.0.0.ebuild b/net-im/prosody/prosody-13.0.0.ebuild new file mode 100644 index 0000000..031cced --- /dev/null +++ b/net-im/prosody/prosody-13.0.0.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-{3..4} ) +LUA_REQ_USE="deprecated(+)" + +inherit eapi9-ver lua-single systemd tmpfiles toolchain-funcs + +DESCRIPTION="Prosody is a modern XMPP communication server" +HOMEPAGE="https://prosody.im/"; +SRC_URI="https://prosody.im/downloads/source/${P}.tar.gz"; + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~x86" +IUSE="icu +idn +libevent ldap mysql postgres selinux +sqlite +ssl test +zlib" +REQUIRED_USE=" + ^^ ( icu idn ) + ${LUA_REQUIRED_USE} +" +RESTRICT="!test? ( test )" + +DEPEND=" + acct-group/prosody + acct-user/prosody + $(lua_gen_cond_dep 'dev-lua/luaexpat[${LUA_USEDEP}]') + $(lua_gen_cond_dep 'dev-lua/luafilesystem[${LUA_USEDEP}]') + dev-lua/luarocks[${LUA_SINGLE_USEDEP}] + $(lua_gen_cond_dep 'dev-lua/luasocket[${LUA_USEDEP}]') + $(lua_gen_cond_dep 'dev-lua/lua-unbound[${LUA_USEDEP}]') + $(lua_gen_cond_dep 'dev-lua/readline[${LUA_USEDEP}]') + icu? ( dev-libs/icu:= ) + idn? ( net-dns/libidn:= ) + ldap? ( $(lua_gen_cond_dep 'dev-lua/lualdap[${LUA_USEDEP}]') ) + libevent? ( $(lua_gen_cond_dep 'dev-lua/luaevent[${LUA_USEDEP}]') ) + dev-libs/openssl:0= + mysql? ( $(lua_gen_cond_dep 'dev-lua/luadbi[mysql,${LUA_USEDEP}]') ) + postgres? ( $(lua_gen_cond_dep 'dev-lua/luadbi[postgres,${LUA_USEDEP}]') ) + sqlite? ( $(lua_gen_cond_dep 'dev-lua/luadbi[sqlite,${LUA_USEDEP}]') ) + ssl? ( $(lua_gen_cond_dep 'dev-lua/luasec[${LUA_USEDEP}]') ) + zlib? ( $(lua_gen_cond_dep 'dev-lua/lua-zlib[${LUA_USEDEP}]') ) + ${LUA_DEPS} +" + +RDEPEND=" + ${DEPEND} + selinux? ( sec-policy/selinux-jabber ) +" + +BDEPEND=" + virtual/pkgconfig + test? ( $(lua_gen_cond_dep 'dev-lua/busted[${LUA_USEDEP}]') ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.12.0-gentoo.patch" + "${FILESDIR}/${PN}-0.13.0-libressl.patch" +) + +src_prepare() { + default + + # Set correct plugin path for optional net-im/prosody-modules package + sed -e "s/GENTOO_LIBDIR/$(get_libdir)/g" -i prosody.cfg.lua.dist || die +} + +src_configure() { + local myeconfargs=( + --add-cflags="${CFLAGS}" + --add-ldflags="${LDFLAGS}" + --c-compiler="$(tc-getCC)" + --datadir="${EPREFIX}/var/lib/prosody" + --idn-library="$(usex idn 'idn' 'icu')" + --libdir="${EPREFIX}/usr/$(get_libdir)" + --linker="$(tc-getCC)" + --lua-version="$(ver_cut 1-2 $(lua_get_version))" + --no-example-certs + --ostype="linux" + --prefix="${EPREFIX}/usr" + --runwith="${ELUA}" + --sysconfdir="${EPREFIX}/etc/prosody" + --with-lua-include="${EPREFIX}/$(lua_get_include_dir)" + --with-lua-lib="${EPREFIX}/$(lua_get_cmod_dir)" + ) + + # Since the configure script is handcrafted, + # and yells at unknown options, do not use 'econf'. + ./configure "${myeconfargs[@]}" || die + + rm makefile || die + mv GNUmakefile Makefile || die +} + +src_install() { + default + + keepdir /var/lib/prosody + + newinitd "${FILESDIR}"/prosody.initd-r6 prosody + systemd_newunit "${FILESDIR}"/prosody.service-r3 prosody.service + + newtmpfiles "${FILESDIR}"/prosody.tmpfilesd-r2 prosody.conf +} + +pkg_postinst() { + tmpfiles_process prosody.conf + + # Starting with >=0.12.0, the prosody configuration is now in + # /etc/prosody and no longer in /etc/jabber. + # See if we need to migrate the configuration. Furthermore, + # prosody no longer runs under the, shared via net-im/jabber-base, + # 'jabber' use, but under its own user. + # This increase isolation and hence robustness and security. + if ver_replacing -lt 0.12.0; then + local -A dirs_to_migrate=( + [/etc/jabber]=/etc/prosody + [/var/log/jabber]=/var/log/prosody + [/var/spool/jabber]=/var/lib/prosody + ) + + for src_dir in "${!dirs_to_migrate[@]}"; do + local eroot_src_dir="${EROOT}/${src_dir}" + local eroot_dst_dir="${EROOT}/${dirs_to_migrate[${src_dir}]}" + + cp -r "${eroot_src_dir}"/. "${eroot_dst_dir}" || die "Could not copy ${eroot_src_dir} to ${eroot_dst_dir}" + + if [[ -f "${eroot_dst_dir}"/.keep_net-im_jabber-base-0 ]]; then + rm "${eroot_dst_dir}"/.keep_net-im_jabber-base-0 || die + fi + + if ! use prefix; then + chown --recursive prosody:prosody "${eroot_dst_dir}" || die + fi + done + + # Update configuration file to match new pathes and permissions + local mysedargs=( + -e "'s#/etc/jabber#/etc/prosody#g'" + -e "'s#/run/jabber#/run/prosody#g'" + -e "'s#/var/log/jabber#/var/log/prosody#g'" + -e "'s/prosody_user.*/prosody_user = \"prosody\";/g'" + -e "'s/prosody_group.*/prosody_group = \"prosody\";/g'" + -i /etc/prosody/prosody.cfg.lua + ) + + eval sed "${mysedargs[@]}" || die + + ewarn "Newer versions of the prosody (Gentoo) package use ${EROOT}/etc/prosody" + ewarn "(just as upstream) and *not* anymore ${EROOT}/etc/jabber." + ewarn "The files from ${EROOT}/etc/jabber where copied to ${EROOT}/etc/prosody." + ewarn "Also prosody's spool directory became ${EROOT}/var/lib/prosody (was ${EROOT}/var/spool/jabbber)." + ewarn "Please check your configuration." + fi +}
