commit: f995177fa0ec5b3886809d17666ab509c1476bfb
Author: Yixun Lan <dlan <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 13 15:21:57 2021 +0000
Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
CommitDate: Sat Feb 13 15:23:00 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f995177f
net-proxy/trojan: create dedicated UID/GID
create dedicated user/group for trojan, so not to expose sensitive info
for the security reason.
also drop the live ebuild while still kept the logic for easy future
updating.
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Yixun Lan <dlan <AT> gentoo.org>
net-proxy/trojan/files/README.gentoo | 14 +++++
net-proxy/trojan/files/trojan.initd | 6 +--
...an-1.16.0-r1.ebuild => trojan-1.16.0-r2.ebuild} | 37 +++++++------
net-proxy/trojan/trojan-9999.ebuild | 61 ----------------------
4 files changed, 39 insertions(+), 79 deletions(-)
diff --git a/net-proxy/trojan/files/README.gentoo
b/net-proxy/trojan/files/README.gentoo
new file mode 100644
index 00000000000..caaf236f4c1
--- /dev/null
+++ b/net-proxy/trojan/files/README.gentoo
@@ -0,0 +1,14 @@
+Notes:
+ 1) starting from version 1.16.0-r2, the daemon will
+run as user='trojan', previous it's run as user='nobody',
+you might want to fix the permissions at /etc/trojan/*.
+
+ 2) Running Trojan with multi instances
+
+ a) Using OpenRC
+ Prepare /etc/trojan/${foo}.json first
+ # ln -s /etc/init.d/trojan{,.${foo}}
+ # rc-update add trojan.${foo} default
+
+ b) Using Systemd
+ # systemctl enable trojan.${foo}
diff --git a/net-proxy/trojan/files/trojan.initd
b/net-proxy/trojan/files/trojan.initd
index 348d307c526..9c86bf704b9 100644
--- a/net-proxy/trojan/files/trojan.initd
+++ b/net-proxy/trojan/files/trojan.initd
@@ -1,9 +1,9 @@
#!/sbin/openrc-run
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-TJ_USER=nobody
-TJ_GROUP=nobody
+TJ_USER=trojan
+TJ_GROUP=trojan
TJ_NAME=${SVCNAME##*.}
if [ -n "${TJ_NAME}" -a "${SVCNAME}" != "trojan" ]; then
diff --git a/net-proxy/trojan/trojan-1.16.0-r1.ebuild
b/net-proxy/trojan/trojan-1.16.0-r2.ebuild
similarity index 60%
rename from net-proxy/trojan/trojan-1.16.0-r1.ebuild
rename to net-proxy/trojan/trojan-1.16.0-r2.ebuild
index 606095c5ab1..88eb4b02d0a 100644
--- a/net-proxy/trojan/trojan-1.16.0-r1.ebuild
+++ b/net-proxy/trojan/trojan-1.16.0-r2.ebuild
@@ -3,17 +3,23 @@
EAPI=7
+DISABLE_AUTOFORMATTING=1
+FORCE_PRINT_ELOG=1
PYTHON_COMPAT=( python3_{7..9} )
-inherit cmake python-any-r1 systemd
-
+inherit cmake python-any-r1 systemd readme.gentoo-r1
DESCRIPTION="An unidentifiable mechanism that helps you bypass GFW"
HOMEPAGE="https://github.com/trojan-gfw/trojan";
-SRC_URI="https://github.com/trojan-gfw/${PN}/archive/v${PV}.tar.gz ->
${P}.tar.gz"
+if [[ "${PV}" == 9999 ]] ; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/trojan-gfw/trojan.git";
+else
+ SRC_URI="https://github.com/trojan-gfw/${PN}/archive/v${PV}.tar.gz ->
${P}.tar.gz"
+ KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+fi
LICENSE="GPL-3+"
SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~x86"
IUSE="mysql test"
# Some hiccups setting up local network server.
@@ -25,9 +31,18 @@ RDEPEND="
mysql? ( dev-db/mysql-connector-c:= )
"
DEPEND="${RDEPEND}
+ acct-group/trojan
+ acct-user/trojan
test? ( net-misc/curl ${PYTHON_DEPS} )
"
+src_prepare() {
+ default
+ cmake_src_prepare
+ sed -i -e "/User/s/nobody/trojan/g" \
+ "${S}"/examples/trojan.service-example || die
+}
+
src_configure() {
local mycmakeargs=(
-DENABLE_MYSQL=$(usex mysql)
@@ -40,6 +55,8 @@ src_configure() {
src_install() {
cmake_src_install
newinitd "${FILESDIR}/trojan.initd" trojan
+
+ readme.gentoo_create_doc
}
src_test() {
@@ -47,15 +64,5 @@ src_test() {
}
pkg_postinst() {
- elog "Running Trojan with multi instances"
- elog ""
-
- elog "Prepare /etc/trojan/\${blah}.json first"
- elog "Config with Openrc"
- elog " ln -s /etc/init.d/trojan{,.\${blah}}"
- elog " rc-update add trojan.\${blah} default"
- elog ""
- elog "Config with Systemd"
- elog " systemctl enable trojan.\${blah}"
- elog ""
+ readme.gentoo_print_elog
}
diff --git a/net-proxy/trojan/trojan-9999.ebuild
b/net-proxy/trojan/trojan-9999.ebuild
deleted file mode 100644
index b9a12df1c16..00000000000
--- a/net-proxy/trojan/trojan-9999.ebuild
+++ /dev/null
@@ -1,61 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..9} )
-EGIT_REPO_URI="https://github.com/trojan-gfw/trojan.git";
-
-inherit cmake git-r3 python-any-r1 systemd
-
-DESCRIPTION="An unidentifiable mechanism that helps you bypass GFW"
-HOMEPAGE="https://github.com/trojan-gfw/trojan";
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS=""
-IUSE="mysql test"
-
-# Some hiccups setting up local network server.
-RESTRICT="test"
-
-RDEPEND="
- >=dev-libs/boost-1.66.0:=
- dev-libs/openssl:0=
- mysql? ( dev-db/mysql-connector-c:= )
-"
-DEPEND="${RDEPEND}
- test? ( net-misc/curl ${PYTHON_DEPS} )
-"
-
-src_configure() {
- local mycmakeargs=(
- -DENABLE_MYSQL=$(usex mysql)
- -DSYSTEMD_SERVICE=ON
- -DSYSTEMD_SERVICE_PATH=$(systemd_get_systemunitdir)
- )
- cmake_src_configure
-}
-
-src_install() {
- cmake_src_install
- newinitd "${FILESDIR}/trojan.initd" trojan
-}
-
-src_test() {
- cmake_src_test -j1
-}
-
-pkg_postinst() {
- elog "Running Trojan with multi instances"
- elog ""
-
- elog "Prepare /etc/trojan/\${blah}.json first"
- elog "Config with Openrc"
- elog " ln -s /etc/init.d/trojan{,.\${blah}}"
- elog " rc-update add trojan.\${blah} default"
- elog ""
- elog "Config with Systemd"
- elog " systemctl enable trojan.\${blah}"
- elog ""
-}
