commit: 1df43041963603de62674b76888b68ddae5ee97f Author: Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za> AuthorDate: Mon Feb 8 16:55:39 2021 +0000 Commit: John Helmert III <ajak <AT> gentoo <DOT> org> CommitDate: Wed Mar 10 15:39:51 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1df43041
net-analyzer/nrpe: version bump + add USE=tcpd This includes a patch for ./configure that has also been submitted upstream: https://github.com/NagiosEnterprises/nrpe/pull/247 Dropped libressl support. Closes: https://bugs.gentoo.org/698794 Closes: https://bugs.gentoo.org/737038 Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/19376 Signed-off-by: John Helmert III <ajak <AT> gentoo.org> net-analyzer/nrpe/Manifest | 1 + .../nrpe/files/nrpe-4.0.2-disable-tcpd.patch | 62 +++++++++++++ net-analyzer/nrpe/nrpe-4.0.3.ebuild | 101 +++++++++++++++++++++ 3 files changed, 164 insertions(+) diff --git a/net-analyzer/nrpe/Manifest b/net-analyzer/nrpe/Manifest index 4fab8d8b80d..b156a037513 100644 --- a/net-analyzer/nrpe/Manifest +++ b/net-analyzer/nrpe/Manifest @@ -1,2 +1,3 @@ DIST nrpe-4.0.0.tar.gz 523846 BLAKE2B 850a420f0550e1dfe6b0ea98a9d9cafec0ec583c115be89b3ba8e88a309c40226c87f6ae880d12c582822e492c5991e3d2444b68f5644750fc74ad75596c96fd SHA512 8773102f28f3e7e96f3637e77489eb12ffe88fe839abfe3f150d2eb3d2efe05f7f812ab4d52a64cbd8d0a5e491aed93d5300b7ce9a8dd072b3a00d885b91276b DIST nrpe-4.0.2.tar.gz 524146 BLAKE2B dc100579420eeccaaa2a913f56c76b86b6ebdce8d1afdddcc428bfd4a8c12ad19050ab0395e7a109d4e8b43ca7d6a11e13ec4a4250a91483e37725c184382ca2 SHA512 4d7cf6abc974bc79df54afc42644418e3f086a279c8c17d0fd104f19e3c21c0f3dae4fb4268dd134446ff9fe505159b0446372c5cac71cfe03a97479ed41c09b +DIST nrpe-4.0.3.tar.gz 524160 BLAKE2B d2c99cadf718e7049c911388b105fb4f5248307c733d94a73fd02ac69c49be230dad58be0a182af9c8d7e0d1f34e8dba6b8fc46a7c01eb15d845f2b3a54499ed SHA512 31d932c481c8a53bd0f8865fb3cfeeb1466b9b05fa89382aa056aa9343a09843b51fe5398fd0388e6bba99e9c3d8093f6033799fd83afd43012bfe8fdc5a33e3 diff --git a/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch b/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch new file mode 100644 index 00000000000..7140c43d7e8 --- /dev/null +++ b/net-analyzer/nrpe/files/nrpe-4.0.2-disable-tcpd.patch @@ -0,0 +1,62 @@ +Stripped ./configure portion for Gentoo, instead relying on eautoreconf. + +From 8bce40cff68c0a7d88b465eb345267ad5176461a Mon Sep 17 00:00:00 2001 +From: Jaco Kroon <j...@iewc.co.za> +Date: Mon, 8 Feb 2021 17:07:30 +0200 +Subject: [PATCH] Patch to allow passing --enable-tcpd or --disable-tcpd. + +If passing --enable-tcpd and libwrap is not available, ./configure will +fail. + +If passing --disable-tcpd, libwrap will be completely ignore. + +If not passed, current behaviour still applies. + +Signed-off-by: Jaco Kroon <j...@iewc.co.za> +--- + configure.ac | 28 +++++++++++++++++++++++----- + 2 files changed, 52 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 3981bb0..e3c1a15 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -237,12 +237,30 @@ AC_CHECK_FUNCS([getopt_long],,AC_CHECK_LIB([iberty],[getopt_long],OTHERLIBS="$OT + dnl Checks for library functions. + AC_CHECK_LIB(nsl,main,SOCKETLIBS="$SOCKETLIBS -lnsl") + AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket") +-AC_CHECK_LIB(wrap,main,[ +- LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" +- AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library]) +- AC_TRY_LINK([#include <tcpd.h> +- ],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT)) ++ ++AC_ARG_ENABLE([tcpd], ++ AS_HELP_STRING([--disable-tcpd],[disables support for tcpd even if present]),[ ++ if test x$enableval = xyes; then ++ check_for_tcpd=yes ++ else ++ check_for_tcpd=no ++ fi ++ ],check_for_tcpd=optional) ++ ++AC_MSG_CHECKING(check_for_tcpd=$check_for_tcpd) ++if test x$check_for_tcpd != xno; then ++ AC_CHECK_LIB(wrap,main,[ ++ LIBWRAPLIBS="$LIBWRAPLIBS -lwrap" ++ AC_DEFINE(HAVE_LIBWRAP,[1],[Have the TCP wrappers library]) ++ AC_TRY_LINK([#include <tcpd.h> ++ ],[int a = rfc931_timeout;],AC_DEFINE(HAVE_RFC931_TIMEOUT)) ++ ],[ ++ if test x$check_for_tcpd = xyes; then ++ AC_MSG_ERROR(--enable-tcpd specified but unable to locate libwrap.) ++ fi + ]) ++fi ++ + AC_CHECK_FUNCS(strdup strstr strtoul strtok_r initgroups closesocket sigaction scandir) + + dnl socklen_t check - from curl +-- +2.26.2 + diff --git a/net-analyzer/nrpe/nrpe-4.0.3.ebuild b/net-analyzer/nrpe/nrpe-4.0.3.ebuild new file mode 100644 index 00000000000..5cbe3d9a63b --- /dev/null +++ b/net-analyzer/nrpe/nrpe-4.0.3.ebuild @@ -0,0 +1,101 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools systemd + +DESCRIPTION="Nagios Remote Plugin Executor" +HOMEPAGE="https://github.com/NagiosEnterprises/nrpe"; +SRC_URI="https://github.com/NagiosEnterprises/nrpe/releases/download/${P}/${P}.tar.gz"; + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="command-args selinux ssl tcpd" + +DEPEND="acct-group/nagios + acct-user/nagios + tcpd? ( + sys-apps/tcp-wrappers + ) + ssl? ( + dev-libs/openssl:= + )" +RDEPEND="${DEPEND} + || ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins ) + selinux? ( sec-policy/selinux-nagios )" + +PATCHES=( + "${FILESDIR}/nrpe-3.2.1-eliminate-systemd-pid.patch" + "${FILESDIR}/nrpe-4.0.2-disable-tcpd.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # The configure script tries to detect what OS, distribution, and + # init system you're running and changes the build/install process + # depending on what it comes up with. We specify fixed values + # because we don't want it guessing, for example, whether or not + # to install the tmpfiles.d entry based on whether or not systemd + # is currently running (OpenRC uses them too). + # + # Note: upstream defaults to using "nagios" as the default NRPE + # user and group. I have a feeling that this isn't quite correct + # on a system where "nagios" is also the user running the nagios + # server daemon. In the future, it would be nice if someone who + # actually uses NRPE could test with an unprivileged "nrpe" as + # the user and group. + econf \ + --libexecdir=/usr/$(get_libdir)/nagios/plugins \ + --localstatedir=/var/lib/nagios \ + --sysconfdir=/etc/nagios \ + --with-nrpe-user=nagios \ + --with-nrpe-group=nagios \ + --with-piddir=/run \ + --with-opsys=unknown \ + --with-dist-type=unknown \ + --with-init-type=unknown \ + --with-inetd-type=unknown \ + $(use_enable command-args) \ + $(use_enable ssl) \ + $(use_enable tcpd) +} + +src_compile() { + emake all +} + +src_install() { + default + + dodoc CHANGELOG.md SECURITY.md + insinto /etc/nagios + newins sample-config/nrpe.cfg nrpe.cfg + fowners root:nagios /etc/nagios/nrpe.cfg + fperms 0640 /etc/nagios/nrpe.cfg + + newinitd "startup/openrc-init" nrpe + newconfd "startup/openrc-conf" nrpe + systemd_newunit "startup/default-service" "${PN}.service" + + insinto /etc/xinetd.d/ + newins "${FILESDIR}/nrpe.xinetd.2" nrpe + + rm "${ED}/usr/bin/nrpe-uninstall" || die 'failed to remove uninstall tool' + rm -r "${ED}/run" || die 'failed to remove /run' +} + +pkg_postinst() { + if use command-args ; then + ewarn '' + ewarn 'You have enabled command-args for NRPE. That lets clients' + ewarn 'supply arguments to the commands that are run, and IS A' + ewarn 'SECURITY RISK!' + ewarn '' + fi +}
