diff options
| author |   Michael Orlitzky <mjo@gentoo.org> | 2016-09-26 09:22:03 -0400 |
|---|---|---|
| committer | Michael Orlitzky <mjo@gentoo.org> | 2016-09-26 09:24:06 -0400 |
| commit | fd0af54b57b1e8ed789373779ff560e87356dc24 (patch) | |
| tree | b5b6d660e58d74940fe2ade61085fa99c630e19f | |
| parent | net-analyzer/zabbix: Bump #593722 (diff) | |
| download | gentoo-fd0af54b.tar.gz gentoo-fd0af54b.tar.bz2 gentoo-fd0af54b.zip | |
net-analyzer/nagios-core: new version v4.2.1 with security fixes.
This new version adds fixes for CVE-2008-4796 and CVE-2013-4214.
The ebuild itself was updated to EAPI=6. That required dropping the
depend.apache eclass, but that eclass was only used to define the
$APACHE2_MODULES_CONFDIR variable, and it was easily inlined. The
eutils and multilib eclasses were also dropped; the former because our
patches are now obsolete, and the latter because get_libdir() is in
EAPI=6.
Gentoo-Bug: 595194
Package-Manager: portage-2.2.28
| -rw-r--r-- | net-analyzer/nagios-core/Manifest | 1 | ||||
| -rw-r--r-- | net-analyzer/nagios-core/nagios-core-4.2.1.ebuild | 248 |
2 files changed, 249 insertions, 0 deletions
diff --git a/net-analyzer/nagios-core/Manifest b/net-analyzer/nagios-core/Manifest index 9927c294164f..05969ae2c8cd 100644 --- a/net-analyzer/nagios-core/Manifest +++ b/net-analyzer/nagios-core/Manifest @@ -1,4 +1,5 @@ DIST nagios-3.5.1.tar.gz 1763584 SHA256 ca9dd68234fa090b3c35ecc8767b2c9eb743977eaf32612fa9b8341cc00a0f99 SHA512 48e2ecb91002b08203937b12a438c87c62cd3c5c401a0ed9e861cd6d79074c7017ed373e9379f013d87dea1fd7cb8e3d85112d55c87ac91aed96b256868c112d WHIRLPOOL 2c02584702c64dbb0e353e34b758fab079eee0dc7a401e7b5947a21733758d3596401e5519e2dd7f05c89ee4835c21965d2718157fd9d6d3d20af9c853d688ca DIST nagios-4.0.8.tar.gz 1805059 SHA256 8b268d250c97851775abe162f46f64724f95f367d752ae4630280cc5d368ca4b SHA512 d72fdbcc0beb2de72e5aa788b4ccc83aa30c7f4a4460edaa831f012db04647e4836b876bb7dc235e2a1b525827e9a2a0f4d348919f69fbfbfdaa4d13e968e18c WHIRLPOOL bdd9c63e0e495073b7b046952baa50b9e448fa56cda167806546a3b58fdd8fad328c9285ebb6d07da81786676d805671cad7295be389c4b8a4f3971264c97f74 DIST nagios-4.1.1.tar.gz 11142182 SHA256 58218e5e66c8078fc578a60db33b5c3da10fc6a793e97d2b00780517e3efa0a7 SHA512 09e7c335666efd7180dcc8766abfdc6482f9ef4dceb4bee076b99652c04cb2e04555a1afeec2e6ef8c5556f7ae8fb684e17db0aa5e869915e4684af2c2183565 WHIRLPOOL 4b03cb5193284a32a6b0dc979849b7ab31f903f628b449953807b18401307cd7290b91296407d5ce21ebdcd8d7f4d8ed047ea99e0c307327f41fe6b3a69a5b46 +DIST nagios-4.2.1.tar.gz 11155576 SHA256 cb62c5c16964cfc143b126a576a7f8130e634cb9dda4dd3bd3632598d7855a87 SHA512 9d68c18fe272e9b6fc131c686ee031c115ee2916af1c112f73744bc73202d0d6799aa30828db701e78b1c62013b9f871083c004c8317942df239afe6c6a72a36 WHIRLPOOL 389293718261097af480325075aa03e2348f109261ff63c6df66a3104ebd36b1161250150e8518b51ed29892e8b14892a7ba54ba41a6ddbdf51d626d5fccbeef DIST nagios-core-gentoo-icons-20141125.tar 40960 SHA256 68b715f636eb291343cab3259862bbed8b6b898520b58df522438524de3d8761 SHA512 bf109879cddd6136b76baba55d0b60b2596e37431dcf5ce0905d34a9fa292ebf7e4bde82d9a084362c486e8fac344c76d88f9298b1b85541ed70ffd608493766 WHIRLPOOL 7ec3a944b2a659b456d3168818ca5b1af3a427436e6af2f3e5d6cba6fc7b1c7bad6f552301f064df31988865b3b32fd117d9e6f61c630d6d817a51cbbbcb331d diff --git a/net-analyzer/nagios-core/nagios-core-4.2.1.ebuild b/net-analyzer/nagios-core/nagios-core-4.2.1.ebuild new file mode 100644 index 000000000000..f3d1d3e68a40 --- /dev/null +++ b/net-analyzer/nagios-core/nagios-core-4.2.1.ebuild @@ -0,0 +1,248 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit toolchain-funcs user + +MY_P=${PN/-core}-${PV} +DESCRIPTION="Nagios core - monitoring daemon, web GUI, and documentation" +HOMEPAGE="http://www.nagios.org/" + +# The name of the directory into which our Gentoo icons will be +# extracted, and also the basename of the archive containing it. +GENTOO_ICONS="${PN}-gentoo-icons-20141125" +SRC_URI="mirror://sourceforge/nagios/${MY_P}.tar.gz + web? ( https://dev.gentoo.org/~mjo/distfiles/${GENTOO_ICONS}.tar )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="apache2 classicui lighttpd perl +web vim-syntax" + +# In pkg_postinst(), we change the group of the Nagios configuration +# directory to that of the web server user. It can't belong to both +# apache/lighttpd groups at the same time, so we block this combination +# for our own sanity. +# +# This could be made to work, but we would need a better way to allow +# the web user read-only access to Nagios's configuration directory. +# +REQUIRED_USE="apache2? ( !lighttpd )" + +# sys-devel/libtool dependency is bug #401237. +# +# Note, we require one of the apache2 CGI modules: +# +# * mod_cgi +# * mod_cgid +# * mod_fcgid +# +# We just don't care /which/ one. And of course PHP supports both CGI +# (USE=cgi) and FastCGI (USE=fpm). We're pretty lenient with the +# dependencies, and expect the user not to do anything /too/ +# stupid. (For example, installing Apache with only FastCGI support, and +# PHP with only CGI support.) +# +# Another annoyance is that the upstream Makefile uses app-arch/unzip to +# extract a snapshot of AngularJS, but that's only needed when USE=web. +# +MOD_ALIAS=apache2_modules_alias +DEPEND="sys-devel/libtool + virtual/mailx + perl? ( dev-lang/perl ) + web? ( + app-arch/unzip + media-libs/gd[jpeg,png] + lighttpd? ( www-servers/lighttpd[php] ) + apache2? ( + || ( + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgi] + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_cgid] + >=www-servers/apache-2.4[${MOD_ALIAS},apache2_modules_fcgid] ) + || ( + dev-lang/php:*[apache2] + dev-lang/php:*[cgi] + dev-lang/php:*[fpm] ) + ) + )" +RDEPEND="${DEPEND} + vim-syntax? ( app-vim/nagios-syntax )" + +S="${WORKDIR}/${MY_P}" + +pkg_setup() { + enewgroup nagios + enewuser nagios -1 /bin/bash /var/nagios/home nagios +} + +src_configure() { + local myconf + + if use perl; then + myconf="${myconf} --enable-embedded-perl --with-perlcache" + fi + + if use !apache2 && use !lighttpd ; then + myconf="${myconf} --with-command-group=nagios" + else + if use apache2 ; then + myconf="${myconf} --with-command-group=apache" + myconf="${myconf} --with-httpd-conf=/etc/apache2/conf.d" + elif use lighttpd ; then + myconf="${myconf} --with-command-group=lighttpd" + fi + fi + + econf ${myconf} \ + --prefix=/usr \ + --bindir=/usr/sbin \ + --sbindir=/usr/$(get_libdir)/nagios/cgi-bin \ + --datadir=/usr/share/nagios/htdocs \ + --localstatedir=/var/nagios \ + --sysconfdir=/etc/nagios \ + --libexecdir=/usr/$(get_libdir)/nagios/plugins +} + +src_compile() { + emake CC=$(tc-getCC) nagios + + if use web; then + # Only compile the CGIs/HTML when USE=web is set. + emake CC=$(tc-getCC) DESTDIR="${D}" cgis html + fi +} + +src_install() { + dodoc Changelog INSTALLING LEGAL README.asciidoc UPGRADING + + emake DESTDIR="${D}" install-base + emake DESTDIR="${D}" install-basic + emake DESTDIR="${D}" install-config + emake DESTDIR="${D}" install-commandmode + + if use web; then + emake DESTDIR="${D}" install-cgis + + # install-html installs the new exfoliation theme + emake DESTDIR="${D}" install-html + + if use classicui; then + # This overwrites the already-installed exfoliation theme + emake DESTDIR="${D}" install-classicui + fi + + # Install cute Gentoo icons (bug #388323), setting their + # owner, group, and mode to match those of the rest of Nagios's + # images. + insopts --group=nagios --owner=nagios --mode=0664 + insinto /usr/share/nagios/htdocs/images/logos + doins "${WORKDIR}/${GENTOO_ICONS}"/*.* + insopts --mode=0644 # Back to the default... + fi + + newinitd "${FILESDIR}"/nagios4 nagios + newconfd "${FILESDIR}"/conf.d nagios + + if use web ; then + if use apache2 ; then + # Install the Nagios configuration file for Apache. + insinto "/etc/apache2/modules.d" + doins "${FILESDIR}"/99_nagios4.conf + elif use lighttpd ; then + # Install the Nagios configuration file for Lighttpd. + insinto /etc/lighttpd + newins "${FILESDIR}/lighttpd_nagios4.conf" nagios.conf + else + ewarn "${CATEGORY}/${PF} only supports apache or lighttpd" + ewarn "out of the box. Since you are not using one of them, you" + ewarn "will have to configure your webserver yourself." + fi + fi + + for dir in etc/nagios var/nagios ; do + chown -R nagios:nagios "${D}/${dir}" \ + || die "failed chown of ${D}/${dir}" + done + + chown -R root:root "${D}/usr/$(get_libdir)/nagios" \ + || die "failed chown of ${D}/usr/$(get_libdir)/nagios" + + # The following two find...exec statements will die properly as long + # as chmod is only called once (that is, as long as the argument + # list is small enough). + find "${D}/usr/$(get_libdir)/nagios" -type d \ + -exec chmod 755 '{}' + || die 'failed to make nagios dirs traversable' + + if use web; then + find "${D}/usr/$(get_libdir)/nagios/cgi-bin" -type f \ + -exec chmod 755 '{}' + || die 'failed to make cgi-bins executable' + fi + + keepdir /etc/nagios + keepdir /var/nagios + keepdir /var/nagios/archives + keepdir /var/nagios/rw + keepdir /var/nagios/spool/checkresults + + if use !apache2 && use !lighttpd; then + chown -R nagios:nagios "${D}"/var/nagios/rw \ + || die "failed chown of ${D}/var/nagios/rw" + else + if use apache2 ; then + chown -R nagios:apache "${D}"/var/nagios/rw \ + || die "failed chown of ${D}/var/nagios/rw" + elif use lighttpd ; then + chown -R nagios:lighttpd "${D}"/var/nagios/rw \ + || die "failed chown of ${D}/var/nagios/rw" + fi + fi + + chmod ug+s "${D}"/var/nagios/rw || die "failed chmod of ${D}/var/nagios/rw" + chmod 0750 "${D}"/etc/nagios || die "failed chmod of ${D}/etc/nagios" +} + +pkg_postinst() { + + if use web; then + elog "Note that your web server user requires read-only access to" + elog "${ROOT}etc/nagios." + + if use apache2 || use lighttpd ; then + elog + elog "To that end, we have changed the group of ${ROOT}etc/nagios" + elog "to that of your web server user." + elog + if use apache2; then + chown nagios:apache "${ROOT}etc/nagios" \ + || die "failed to change group of ${ROOT}etc/nagios" + + elog "To enable the Nagios web front-end, please edit" + elog "${ROOT}etc/conf.d/apache2 and add \"-D NAGIOS -D PHP5\"" + elog "to APACHE2_OPTS. Then Nagios will be available at," + elog + elif use lighttpd; then + chown nagios:lighttpd "${ROOT}etc/nagios" \ + || die "failed to change group of ${ROOT}etc/nagios" + elog "To enable the Nagios web front-end, please add" + elog "'include \"nagios.conf\"' to the lighttpd configuration" + elog "file at ${ROOT}etc/lighttpd/lighttpd.conf. Then Nagios" + elog "will be available at," + elog + fi + + elog " http://localhost/nagios/" + else + elog "Since you're not using either Apache or Lighttpd, you" + elog "will have to grant the necessary permissions yourself." + fi + fi + + elog + elog "If your kernel has /proc protection, nagios" + elog "will not be happy as it relies on accessing the proc" + elog "filesystem. You can fix this by adding nagios into" + elog "the group wheel, but this is not recomended." + elog +} |