aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralarig <alarig@swordarmor.fr>2020-03-13 12:06:48 +0100
committeralarig <alarig@swordarmor.fr>2020-03-13 13:16:00 +0100
commit306074bb6b298fbf0a3988372f7f10795b973faf (patch)
treea15b712fe0fe0f3ddf06a5987051c844b10dbe70 /net-misc
parentdev-python/black: EAPI bump (diff)
downloadguru-306074bb6b298fbf0a3988372f7f10795b973faf.tar.gz
guru-306074bb6b298fbf0a3988372f7f10795b973faf.tar.bz2
guru-306074bb6b298fbf0a3988372f7f10795b973faf.zip
net-misc/FORT-validator: RPKI validator (new ebuild)
Signed-off-by: Alarig Le Lay <alarig@swordarmor.fr>
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/FORT-validator/FORT-validator-1.2.0.ebuild77
-rw-r--r--net-misc/FORT-validator/Manifest1
-rw-r--r--net-misc/FORT-validator/files/fort-confd15
-rw-r--r--net-misc/FORT-validator/files/fort-config.json10
-rw-r--r--net-misc/FORT-validator/files/fort-initd26
-rw-r--r--net-misc/FORT-validator/files/fort.service35
-rw-r--r--net-misc/FORT-validator/metadata.xml12
7 files changed, 176 insertions, 0 deletions
diff --git a/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild b/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild
new file mode 100644
index 00000000..9598c518
--- /dev/null
+++ b/net-misc/FORT-validator/FORT-validator-1.2.0.ebuild
@@ -0,0 +1,77 @@
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools fcaps systemd
+
+DESCRIPTION="FORT validator is an open source RPKI validator."
+HOMEPAGE="https://fortproject.net/validator?2"
+SRC_URI="https://github.com/NICMx/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+MY_PN="fort"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="caps libressl"
+
+DEPEND="
+ acct-group/fort
+ acct-user/fort
+ caps? ( sys-libs/libcap )
+ dev-libs/jansson
+ libressl? ( dev-libs/libressl:0= )
+ !libressl? ( dev-libs/openssl:0= )
+"
+RDEPEND="
+ ${DEPEND}
+ net-misc/rsync
+"
+BDEPEND="
+ sys-devel/autoconf
+ sys-devel/automake
+"
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_install() {
+ newinitd "${FILESDIR}/${MY_PN}-initd" ${MY_PN}
+ newconfd "${FILESDIR}/${MY_PN}-confd" ${MY_PN}
+
+ emake DESTDIR="${D}" install
+ insinto /usr/share/${MY_PN}/
+ insopts -m0644 -o "${MY_PN}"
+ diropts -m0755 -o "${MY_PN}"
+ doins -r examples/tal/
+
+ dodoc -r examples/
+
+ insinto /etc/fort
+ newins "${FILESDIR}/fort-config.json" config.json
+
+ exeinto "/usr/libexec/${MY_PN}"
+ doexe fort_setup.sh
+
+ systemd_dounit "${FILESDIR}/${MY_PN}.service"
+}
+
+pkg_postinst() {
+ fcaps cap_net_bind_service usr/bin/fort
+
+ einfo ""
+ einfo "ARIN TAL is disabled by default because the ARIN Relying Party"
+ einfo "Agreement must be accepted beforehead. Start fort, run"
+ einfo ""
+ einfo " su -s /bin/sh -c '${EROOT}/usr/libexec/${MY_PN}/fort_setup.sh /usr/share/${MY_PN}/tal/' fort"
+ einfo ""
+ einfo "as root and restart fort to enable it."
+ einfo "The configuration file generation will fail because the script tries"
+ einfo "to write in your current directory. Plus, there is a configuration"
+ einfo "file with this ebuild, so you don’t have to use the generated one if"
+ einfo "you don’t want to."
+}
diff --git a/net-misc/FORT-validator/Manifest b/net-misc/FORT-validator/Manifest
new file mode 100644
index 00000000..abe9cf95
--- /dev/null
+++ b/net-misc/FORT-validator/Manifest
@@ -0,0 +1 @@
+DIST FORT-validator-1.2.0.tar.gz 427483 BLAKE2B 05fbec44fb17fa188b6196a2b166f2e112224dcf4071cc875ed1f3a147b28acff94c89b0c0a658aaee197e1820d9f53803e73add81e355f7df07713fcdb0df00 SHA512 e89b1aa7c0cd4036d04a017898e1a6017450f5dab96e57c35b0aa532b212b23f7fab17ca117a9461c9bdacca511ea70341e692a4d5e8f277ae8e277c1d48706e
diff --git a/net-misc/FORT-validator/files/fort-confd b/net-misc/FORT-validator/files/fort-confd
new file mode 100644
index 00000000..92936757
--- /dev/null
+++ b/net-misc/FORT-validator/files/fort-confd
@@ -0,0 +1,15 @@
+# /etc/init.d/fort
+
+# Options to pass to the fort process
+# See man fort for options
+
+# If you want to use commands arguments instead of the configuration file and
+# not the default TAL directory, please remove the comment for FORT_BASEDIR as
+# well
+
+#FORT_BASEDIR="/var/lib/fort/"
+#FORT_OPTS="--tal /usr/share/fort/tal/ \
+# --local-repository ${FORT_BASEDIR}
+# --log.output syslog
+# --server.address ::"
+FORT_OPTS="--configuration-file /etc/fort/config.json"
diff --git a/net-misc/FORT-validator/files/fort-config.json b/net-misc/FORT-validator/files/fort-config.json
new file mode 100644
index 00000000..b3d5fecd
--- /dev/null
+++ b/net-misc/FORT-validator/files/fort-config.json
@@ -0,0 +1,10 @@
+{
+ "tal": "/usr/share/fort/tal/",
+ "local-repository": "/var/cache/fort/repository/",
+ "server": {
+ "address": "::"
+ },
+ "log": {
+ "output": "syslog"
+ }
+}
diff --git a/net-misc/FORT-validator/files/fort-initd b/net-misc/FORT-validator/files/fort-initd
new file mode 100644
index 00000000..25e6b309
--- /dev/null
+++ b/net-misc/FORT-validator/files/fort-initd
@@ -0,0 +1,26 @@
+#!/sbin/openrc-run
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="fort validator daemon"
+description="FORT validator is an open source RPKI validator."
+command=/usr/bin/fort
+command_args="${FORT_OPTS}"
+command_user="fort"
+pidfile="/run/${RC_SVCNAME}.pid"
+command_background=true
+
+depend() {
+ need net
+}
+
+start_pre() {
+ if [ -z "${FORT_BASEDIR}" ]; then
+ FORT_BASEDIR=$(awk -F '"' '/local-repository/ { print $4 }' \
+ /etc/fort/config.json)
+ FORT_BASEDIR="${FORT_BASEDIR:-/var/cache/fort/repository/}"
+ fi
+
+ checkpath -d -m 0755 -o fort:fort "$(dirname "${FORT_BASEDIR}")"
+ checkpath -d -m 0755 -o fort:fort "${FORT_BASEDIR}"
+}
diff --git a/net-misc/FORT-validator/files/fort.service b/net-misc/FORT-validator/files/fort.service
new file mode 100644
index 00000000..4f24f8d1
--- /dev/null
+++ b/net-misc/FORT-validator/files/fort.service
@@ -0,0 +1,35 @@
+[Unit]
+Description=FORT RPKI validator
+Documentation=man:fort(8)
+Documentation=https://nicmx.github.io/FORT-validator/
+
+[Service]
+ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json
+Type=simple
+User=fort
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+ProtectSystem=strict
+ProtectHome=yes
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+CacheDirectory=fort
+ReadWritePaths=/var/lib/fort/
+ConfigurationDirectory=fort
+ConfigurationDirectory=tals
+StateDirectory=fort
+NoNewPrivileges=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-misc/FORT-validator/metadata.xml b/net-misc/FORT-validator/metadata.xml
new file mode 100644
index 00000000..678ca7a1
--- /dev/null
+++ b/net-misc/FORT-validator/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>alarig@swordarmor.fr</email>
+ <name>Alarig Le Lay</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+</pkgmetadata>