commit: 926ea83a6bf896333bdf10a58d240cfb500cb171
Author: Robin H. Johnson gentoo org>
AuthorDate: Thu Dec 21 21:56:43 2017 +
Commit: Robin H. Johnson gentoo org>
CommitDate: Thu Dec 21 21:56:59 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=926ea83a
net-analyzer/icinga: fix start under grsec
Package-Manager: Portage-2.3.16, Repoman-2.3.6
net-analyzer/icinga/files/icinga-init.d | 7 +-
net-analyzer/icinga/icinga-1.14.0-r2.ebuild | 274
2 files changed, 279 insertions(+), 2 deletions(-)
diff --git a/net-analyzer/icinga/files/icinga-init.d
b/net-analyzer/icinga/files/icinga-init.d
index af1f3c5d29e..3a20f31c194 100644
--- a/net-analyzer/icinga/files/icinga-init.d
+++ b/net-analyzer/icinga/files/icinga-init.d
@@ -1,5 +1,5 @@
#!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
: ${ICINGACFG:=/etc/icinga/icinga.cfg}
@@ -41,9 +41,12 @@ reload()
}
start_pre() {
- checkpath -d -o icinga:icinga $(get_config temp_path) $(dirname
$(get_config lock_file)) $(dirname $(get_config log_file)) $(dirname
$(get_config status_file))
+ checkpath -d -o icinga:icinga $(dirname $(get_config lock_file))
$(dirname $(get_config log_file)) $(dirname $(get_config status_file))
checkpath -f -o icinga:icinga $(get_config log_file)
rm -f $(get_config command_file)
+ # Temp dir must NOT be group-writable
+ # grsec: denied untrusted exec (due to file in group-writable directory)
+ checkpath -d -o icinga:icinga -m 0750 $(get_config temp_path)
}
stop_post() {
diff --git a/net-analyzer/icinga/icinga-1.14.0-r2.ebuild
b/net-analyzer/icinga/icinga-1.14.0-r2.ebuild
new file mode 100644
index 000..681ce94efa8
--- /dev/null
+++ b/net-analyzer/icinga/icinga-1.14.0-r2.ebuild
@@ -0,0 +1,274 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit depend.apache eutils multilib pax-utils toolchain-funcs user
versionator
+
+DESCRIPTION="Nagios Fork - Check daemon, CGIs, docs, IDOutils"
+HOMEPAGE="http://www.icinga.org/;
+#MY_PV=$(delete_version_separator 3)
+#SRC_URI="mirror://sourceforge/${PN}/${PN}-${MY_PV}.tar.gz"
+#S=${WORKDIR}/${PN}-${MY_PV}
+#SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+SRC_URI="https://github.com/${PN}/${PN}-core/archive/v${PV}/${P}.tar.gz;
+S="${WORKDIR}/${PN}-core-${PV}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86"
+IUSE="+apache2 contrib eventhandler +idoutils lighttpd +mysql perl +plugins
postgres ssl +vim-syntax +web"
+DEPEND="idoutils? ( dev-db/libdbi-drivers[mysql?,postgres?] )
+ perl? ( dev-lang/perl:= )
+ virtual/mailx
+ web? (
+ media-libs/gd[jpeg,png]
+ lighttpd? ( www-servers/lighttpd )
+ )
+ !net-analyzer/nagios-core"
+RDEPEND="${DEPEND}
+ plugins? ( || (
+ net-analyzer/monitoring-plugins
+ net-analyzer/nagios-plugins
+ ) )"
+RESTRICT="test"
+
+want_apache2
+
+pkg_setup() {
+ depend.apache_pkg_setup
+ enewgroup icinga
+ enewgroup nagios
+ enewuser icinga -1 -1 /var/lib/icinga "icinga,nagios"
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/fix-prestripped-binaries-1.7.0.patch"
+ eapply_user
+}
+
+src_configure() {
+ local myconf
+
+ myconf="$(use_enable perl embedded-perl)
+ $(use_with perl perlcache)
+ $(use_enable idoutils)
+ $(use_enable ssl)
+ --with-cgiurl=/icinga/cgi-bin
+ --with-log-dir=/var/log/icinga
+ --libdir=/usr/$(get_libdir)
+ --bindir=/usr/sbin
+ --sbindir=/usr/$(get_libdir)/icinga/cgi-bin
+ --datarootdir=/usr/share/icinga/htdocs
+ --localstatedir=/var/lib/icinga
+ --sysconfdir=/etc/icinga
+ --with-lockfile=/var/run/icinga/icinga.lock
+ --with-temp-dir=/tmp/icinga
+ --with-temp-file=/tmp/icinga/icinga.tmp"
+
+ if use idoutils ; then
+ myconf+=" --with-ido2db-lockfile=/var/run/icinga/ido2db.lock
+ --with-icinga-chkfile=/var/lib/icinga/icinga.chk
+ --with-ido-sockfile=/var/lib/icinga/ido.sock
+ --with-idomod-tmpfile=/tmp/icinga/idomod.tmp"
+ fi
+
+ if use eventhandler ; then
+ myconfig+=" --with-eventhandler-dir=/etc/icinga/eventhandlers"
+ fi
+
+ if use plugins ; then
+ myconf+=" --with-plugin-dir=/usr/$(get_libdir)/nagios/plugins"
+ else
+ myconf+=" --with-plugin-dir=/usr/$(get_libdir)/nagios/plugins"
+ fi
+
+ if use !apache2 && use !lighttpd ; then
+ myconf+=" --with-command-group=icinga"
+ else
+ if use apache2 ; then
+ myconf+=" --with-httpd-conf=/etc/apache2/conf.d"
+