commit: 6e5281720ed938c39aa169cca856955527937a10 Author: Sergey Popov <pinkbyte <AT> gentoo <DOT> org> AuthorDate: Fri Dec 4 09:48:34 2020 +0000 Commit: Sergey Popov <pinkbyte <AT> gentoo <DOT> org> CommitDate: Fri Dec 4 09:48:45 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e528172
net-misc/frr: new package The FRRouting Protocol Suite, fork of quagga Signed-off-by: Sergey Popov <pinkbyte <AT> gentoo.org> net-misc/frr/Manifest | 1 + net-misc/frr/files/frr-7.5-ipctl-forwarding.patch | 22 ++ net-misc/frr/files/frr-openrc-v1 | 300 ++++++++++++++++++++++ net-misc/frr/files/frr.pam | 26 ++ net-misc/frr/frr-7.5.ebuild | 143 +++++++++++ net-misc/frr/metadata.xml | 28 ++ 6 files changed, 520 insertions(+) diff --git a/net-misc/frr/Manifest b/net-misc/frr/Manifest new file mode 100644 index 00000000000..7ae456fb389 --- /dev/null +++ b/net-misc/frr/Manifest @@ -0,0 +1 @@ +DIST frr-7.5.tar.gz 6730659 BLAKE2B 12c915e7564b8f0157b20b0714b1efd8c2ad0c51dbaeb1eb3ef2d5ea50406c297d7f4bd854d9246b515d42f3fa326b2b3c7a30d83f35b64c374947b26709f6fe SHA512 d0d3c0bc0d30e2ebb93e20906768a996d21db23b23118c8e3c50d238e7bfdee7a789b4a90c9d7dbdc842d857f60bd44f0922b01b0c2c8b289ac860f008a430a9 diff --git a/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch b/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch new file mode 100644 index 00000000000..f6b726b591f --- /dev/null +++ b/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch @@ -0,0 +1,22 @@ +Fix for missing definitions on some Hardened configurations +Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=437292 + +diff -Naur quagga-0.99.16.orig/zebra/ipforward_sysctl.c quagga-0.99.16/zebra/ipforward_sysctl.c +--- quagga-0.99.16.orig/zebra/ipforward_sysctl.c 2010-03-11 12:11:32.000000000 -0500 ++++ quagga-0.99.16/zebra/ipforward_sysctl.c 2010-03-11 12:11:39.000000000 -0500 +@@ -31,6 +31,15 @@ + + #define MIB_SIZ 4 + ++/* Fix for recent (2.6.14) kernel headers */ ++#ifndef IPCTL_FORWARDING ++ #define IPCTL_FORWARDING NET_IPV4_FORWARD ++#endif ++ ++#ifndef IP6CTL_FORWARDING ++ #define IP6CTL_FORWARDING NET_IPV6_FORWARDING ++#endif ++ + extern struct zebra_privs_t zserv_privs; + + /* IPv4 forwarding control MIB. */ diff --git a/net-misc/frr/files/frr-openrc-v1 b/net-misc/frr/files/frr-openrc-v1 new file mode 100644 index 00000000000..9e2f1ab914f --- /dev/null +++ b/net-misc/frr/files/frr-openrc-v1 @@ -0,0 +1,300 @@ +#!/sbin/openrc-run +# +# FRR OpenRC init script. +# +# Copyright (C) 2020 Rafael F. Zalamena +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; only version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +description="FRR initialization script." + +# FRR variables. +frr_dir="/usr/lib/frr" +frr_state_dir="/run/frr" +config_file="/etc/frr/frr.conf" +daemon_file="/etc/frr/daemons" +daemon_db="/run/frrdb" +vty_config_file="/etc/frr/vtysh.conf" +frr_reload="$frr_dir/frr-reload.py" +frr_reload_log="$frr_state_dir/reload.log" + +# Don't change profile here, use $daemon_file. This is the default. +frr_profile="traditional" + +# watchfrr variables. +watchfrr_daemons='' +watchfrr_pidfile="$frr_state_dir/watchfrr.pid" + +# +# Helpers. +# +_check_daemon_binary() { + local daemon=$1 + + [ -x "$frr_dir/$daemon" ] && return 0 + + eerror "No binary found for $daemon in $frr_dir" + return 1 +} + +_load_daemon_list() { + # Load FRR daemons configuration file. + while read line <&3 ; do + case $line in + ""|"#"*) + # Skip empty/commented lines. + continue + ;; + + *d=*|*_instances=*|*_options=*|*_wrap=*) + # Load daemon options. + eval "$line" + ;; + + MAX_FDS=*|frr_profile=*|vtysh_enable=*) + # Load misc configuration. + eval "$line" + ;; + esac + done 3< $daemon_file + + # `zebra` and `staticd` are mandatory. + _check_daemon_binary 'zebra' || return 1 + _check_daemon_binary 'staticd' || return 1 + watchfrr_daemons='zebra staticd' + + # Create the watchfrr command line. + for daemon in \ + babeld bfdd bgpd eigrpd fabricd isisd ldpd nhrpd ospfd ospf6d pbrd \ + pimd ripd ripngd sharpd vrrpd \ + ; do + # Trick to read variable name with variable. + cdaemon=$(eval echo \$$daemon) + cdaemon_instances=$(eval echo \$${daemon}_instances) + + # Add daemon to command line if specified. + if [ ! -z $cdaemon ] && [ $cdaemon = 'yes' ]; then + _check_daemon_binary $daemon || return 1 + + # Multi instance daemon handling. + if [ ! -z $cdaemon_instances ]; then + for instance in $(echo $cdaemon_instances | tr ',' ' '); do + watchfrr_daemons="$watchfrr_daemons $daemon-$instance" + done + fi + + # Single instance daemon handling. + watchfrr_daemons="$watchfrr_daemons $daemon" + continue + fi + done +} + +_frr_start() { + # Apply MAX_FDS configuration if set. + if [ ! -z $MAX_FDS ]; then + veinfo " Setting maximum file descriptors to ${MAX_FDS}" + ulimit -n $MAX_FDS >/dev/null 2>/dev/null + fi + + # Save started daemons to state database. + rm -f -- $daemon_db + for daemon in $watchfrr_daemons; do + echo $daemon >> $daemon_db + veinfo " Starting $daemon..." + done + + veinfo " Starting watchfrr..." + + # Start watchfrr which will start all configured daemons. + eval $all_wrap $frr_dir/watchfrr -d -F $frr_profile $watchfrr_daemons + + veinfo " Loading configuration..." + + # After starting the daemons, lets load the configuration. + if [ $vtysh_enable = 'yes' ]; then + vtysh -b -n + else + veinfo " Configuration loading disabled (vtysh_enable=$vtysh_enable)" + fi +} + +_get_pid() { + local daemon=$1 + local pid_file="$frr_state_dir/$daemon.pid" + + # Test for file existence. + if [ ! -r "$pid_file" ]; then + eerror "Failed to find or read $daemon pid file" + return 1 + fi + + # Get PID if any. + pid=$(cat $pid_file) + if [ -z $pid ]; then + eerror "$daemon PID file empty" + return 1 + fi + + return 0 +} + +_stop_daemon() { + local daemon=$1 + local pid_file="$frr_state_dir/$daemon.pid" + + # Get daemon pid. + _get_pid $daemon + + # Ask daemon to quit. + kill -2 "$pid" + + # Test if daemon is still running. + attempts=1200 + while kill -0 "$pid" 2>/dev/null; do + sleep 0.5 + [ $((attempts - 1)) -gt 0 ] || break + done + + # Tell user about our situation. + if kill -0 "$pid" 2>/dev/null ; then + eerror "Failed to stop $daemon (PID=${pid})" + return 1 + else + rm -f -- $pid_file + fi +} + +_frr_stop() { + local failures=0 + + # Stop watchfrr first so it doesn't restart anyone. + veinfo " Stopping watchfrr..." + _stop_daemon watchfrr || failures=1 + + # Read started daemon database. + while read line <&3 ; do + case $line in + ""|"#"*) + # Skip empty/commented lines. + continue + ;; + + *) + # Get daemon name. + veinfo " Stopping $line..." + _stop_daemon $line || failures=1 + ;; + esac + done 3< $daemon_db + + # Remove daemon database file. + rm -f -- $daemon_db + + return $failures +} + +_check_watchfrr() { + _get_pid watchfrr || return 1 + return 0 +} + +# +# Main. +# +depend() { + # We need root to write logs. + need localmount + # Optionally wait for network to start. + use net + # Expect /run to be ready. + after bootmisc +} + +start_pre() { + # Check configuration file readability. + checkpath -f -m 0640 -o frr:frr $vty_config_file + checkpath -f -m 0640 -o frr:frr $daemon_file + checkpath -f -m 0640 -o frr:frr $config_file + + # Check run state directory. + checkpath -d -o frr $frr_state_dir + + # Load daemon list and peform checks. + _load_daemon_list +} + +start() { + # Load daemon list. + _load_daemon_list + + # Handle restarts. + if [ "$RC_CMD" = 'restart' ]; then + ebegin 'Reloading FRR configuration' + else + ebegin 'Starting FRR' + fi + + # Start FRR. + _frr_start + + # New daemons and watchfrr started, apply new configuration. + if [ "$RC_CMD" = 'restart' ]; then + "$frr_reload" --reload "$config_file" 2>/run/frr/reload.log + [ $? -ne 0 ] && ewarn " Failed to reload (check $frr_reload_log)" + # NOTE: we can't return bad status otherwise OpenRC will think we + # failed to start, lets print a helpful message instead. + fi + + eend 0 +} + +stop() { + local failures=0 + + # Handle restarts. + if [ "$RC_CMD" = 'restart' ]; then + # Load daemon list. + _load_daemon_list + + # We must restart 'watchfrr' in order to start new daemons. + veinfo " Stopping watchfrr..." + _stop_daemon watchfrr + + # Stop daemons that are no longer in configuration file. + for daemon in $(ls -1 /run/frr/*.pid | cut -d '.' -f 1); do + # Filter daemon name. + daemon=$(basename "$daemon") + + # Skip watchfrr. + [ "$daemon" = 'watchfrr' ] && continue + + echo "$watchfrr_daemons" | grep "$daemon" >/dev/null + if [ $? -ne 0 ]; then + veinfo " Stopping $daemon..." + _stop_daemon $daemon + fi + done + + return 0 + fi + + ebegin 'Stopping FRR' + _frr_stop || failures=1 + eend $failures 'some daemons failed to stop' +} + +status() { + _check_watchfrr || return 1 +} diff --git a/net-misc/frr/files/frr.pam b/net-misc/frr/files/frr.pam new file mode 100644 index 00000000000..5cef5d9d746 --- /dev/null +++ b/net-misc/frr/files/frr.pam @@ -0,0 +1,26 @@ +#%PAM-1.0 +# + +##### if running frr as root: +# Only allow root (and possibly wheel) to use this because enable access +# is unrestricted. +auth sufficient pam_rootok.so + +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +########################################################### + +# If using frr privileges and with a seperate group for vty access, then +# access can be controlled via the vty access group, and pam can simply +# check for valid user/password, eg: +# +# only allow local users. +#auth required pam_securetty.so +#auth include system-auth +#auth required pam_nologin.so +#account include system-auth +#password include system-auth +#session include system-auth +#session optional pam_console.so diff --git a/net-misc/frr/frr-7.5.ebuild b/net-misc/frr/frr-7.5.ebuild new file mode 100644 index 00000000000..b4a72f6ec31 --- /dev/null +++ b/net-misc/frr/frr-7.5.ebuild @@ -0,0 +1,143 @@ +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7,8} ) +inherit autotools pam python-single-r1 systemd + +DESCRIPTION="The FRRouting Protocol Suite" +HOMEPAGE="https://frrouting.org/"; +SRC_URI="https://github.com/FRRouting/frr/archive/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +IUSE="doc fpm grpc ipv6 kernel_linux nhrp ospfapi pam rpki snmp systemd" + +COMMON_DEPEND=" + acct-user/frr + dev-libs/json-c:0= + >=net-libs/libyang-1.0.184 + sys-libs/libcap + sys-libs/readline:0= + grpc? ( net-libs/grpc ) + nhrp? ( net-dns/c-ares:0= ) + pam? ( sys-libs/pam ) + rpki? ( >=net-libs/rtrlib-0.6.3[ssh] ) + snmp? ( net-analyzer/net-snmp ) +" + +BDEPEND=" + ${COMMON_DEPEND} + doc? ( dev-python/sphinx ) + sys-devel/flex + virtual/yacc +" + +DEPEND=" + ${PYTHON_DEPS} + ${COMMON_DEPEND} +" + +RDEPEND=" + ${DEPEND} + $(python_gen_cond_dep 'dev-python/ipaddr[${PYTHON_USEDEP}]') + !!net-misc/quagga +" + +PATCHES=( + "${FILESDIR}/${PN}-7.5-ipctl-forwarding.patch" +) + +# FRR tarballs have weird format. +S="${WORKDIR}/frr-${P}" + +src_prepare() { + default + + python_fix_shebang tools + eautoreconf +} + +src_configure() { + econf \ + --disable-static \ + --with-pkg-extra-version="-gentoo" \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + --prefix=/usr \ + --libdir=/usr/lib/frr \ + --sbindir=/usr/lib/frr \ + --libexecdir=/usr/lib/frr \ + --sysconfdir=/etc/frr \ + --localstatedir=/run/frr \ + --with-moduledir=/usr/lib/frr/modules \ + --enable-exampledir=/usr/share/doc/${PF}/samples \ + --enable-user=frr \ + --enable-group=frr \ + --enable-vty-group=frr \ + --enable-multipath=64 \ + $(use_enable doc) \ + $(use_enable fpm) \ + $(use_enable grpc) \ + $(use_enable ipv6 ospf6d) \ + $(use_enable ipv6 ripngd) \ + $(use_enable ipv6 rtadv) \ + $(use_enable kernel_linux realms) \ + $(use_enable nhrp nhrpd) \ + $(usex ospfapi '--enable-ospfclient' '' '' '') \ + $(use_enable rpki) \ + $(use_enable snmp) \ + $(use_enable systemd) +} + +src_compile() { + default + + use doc && (cd doc; make html) +} + +src_install() { + default + find "${D}" -name '*.la' -delete || die + + # Install user documentation if asked + use doc && dodoc -r doc/user/_build/html + + # Create configuration directory with correct permissions + keepdir /etc/frr + fowners frr:frr /etc/frr + fperms 775 /etc/frr + + # Create logs directory with the correct permissions + keepdir /var/log/frr + fowners frr:frr /var/log/frr + fperms 775 /var/log/frr + + # Install the default configuration files + insinto /etc/frr + doins tools/etc/frr/vtysh.conf + doins tools/etc/frr/frr.conf + doins tools/etc/frr/daemons + + # Fix permissions/owners. + fowners frr:frr /etc/frr/vtysh.conf + fowners frr:frr /etc/frr/frr.conf + fowners frr:frr /etc/frr/daemons + fperms 640 /etc/frr/vtysh.conf + fperms 640 /etc/frr/frr.conf + fperms 640 /etc/frr/daemons + + # Install logrotate configuration + insinto /etc/logrotate.d + newins redhat/frr.logrotate frr + + # Install PAM configuration file + use pam && newpamd "${FILESDIR}/frr.pam" frr + + # Install init scripts + systemd_dounit tools/frr.service + newinitd "${FILESDIR}/frr-openrc-v1" frr +} diff --git a/net-misc/frr/metadata.xml b/net-misc/frr/metadata.xml new file mode 100644 index 00000000000..043dceace19 --- /dev/null +++ b/net-misc/frr/metadata.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person"> + <email>[email protected]</email> + <name>Sergey Popov</name> + </maintainer> + <use> + <flag name="grpc"> + Enable gRPC plugin + </flag> + <flag name="nhrp"> + Build Next Hop Resolution Protocol daemon + </flag> + <flag name="fpm"> + Enable Forwarding Plane Manager support + </flag> + <flag name="rpki"> + Enable RPKI + </flag> + <flag name="pam"> + Add support for PAM (via <pkg>sys-libs/pam</pkg>) to the Virtual Terminal Interface Shell (vtysh); + </flag> + <flag name="ospfapi"> + Build OSPFAPI support + </flag> + </use> +</pkgmetadata>
