tinc: Provide SMF and user support.

Submitted by Antonio Huete in joyent/pkgsrc#108.  Bump PKGREVISION.

8 files changed, 231 insertions, 3 deletions

diff --git a/net/tinc/MESSAGE.smf b/net/tinc/MESSAGE.smf
new file mode 100644
index 00000000000..ff4259a1820
--- /dev/null
+++ b/net/tinc/MESSAGE.smf
@@ -0,0 +1,27 @@
+===========================================================================
+$NetBSD: MESSAGE.smf,v 1.1 2018/09/30 15:55:25 jperkin Exp $
+
+ This package supports multiple SMF instances.
+
+ By default a 'default' instance is created and a example tinc.conf
+ config file is put in place in the 'default' network directory.
+ No keys will be generated automatically, the user is expected to do so.
+
+ Configure using the SMF properties: user, chroot, memlock
+
+ 'user' is the user to setuid to after initialization.
+ 'chroot' will chroot the server process to the directory where the
+ network config is located.
+ 'memlock' locks tinc into the main memory.
+
+ For more information about these options check tincd(8) manpage.
+
+ Add a example service instance:
+
+  svccfg -s tinc add mynetwork
+  svccfg -s tinc:mynetwork addpg tinc application
+  svccfg -s tinc:mynetwork setprop tinc/user = astring: tincuser
+  svccfg -s tinc:mynetwork setprop tinc/chroot = boolean: true
+  svccfg -s tinc:mynetwork setprop tinc/memlock = boolean: true
+
+===========================================================================
diff --git a/net/tinc/Makefile b/net/tinc/Makefile
index 3aaccdaeada..d9d69c04e51 100644
--- a/net/tinc/Makefile
+++ b/net/tinc/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2017/09/08 13:53:25 jperkin Exp $
+# $NetBSD: Makefile,v 1.28 2018/09/30 15:55:25 jperkin Exp $
 
 DISTNAME=	tinc-1.0.32
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	http://www.tinc-vpn.org/packages/
 
@@ -9,6 +10,8 @@ HOMEPAGE=	http://www.tinc-vpn.org/
 COMMENT=	Virtual Private Network (VPN) daemon
 LICENSE=	gnu-gpl-v2
 
+BUILD_DEFS+=		VARBASE
+
 INFO_FILES=		yes
 USE_TOOLS+=		msgfmt
 GNU_CONFIGURE=		yes
@@ -16,7 +19,45 @@ GNU_CONFIGURE=		yes
 SUBST_CLASSES+=		mdoc
 SUBST_FILES.mdoc=	doc/tinc.conf.5.in
 SUBST_SED.mdoc+=	-e '/^$$/d'
-SUBST_STAGE.mdoc=	pre-patch
+SUBST_STAGE.mdoc=	pre-configure
+
+EGDIR=			${PREFIX}/share/examples/tinc
+TINC_USER?=		tinc
+TINC_GROUP?=		tinc
+
+PKG_GROUPS_VARS+=	TINC_GROUP
+PKG_USERS_VARS+=	TINC_USER
+
+PKG_GROUPS=		${TINC_GROUP}
+PKG_USERS=		${TINC_USER}:${TINC_GROUP}
+PKG_SHELL.${TINC_USER}=	${SH}
+
+OWN_DIRS+=		${VARBASE}/log/tinc
+MAKE_DIRS+=		${PKG_SYSCONFDIR}/default
+
+INSTALLATION_DIRS=	share/examples/tinc
+
+PKG_SYSCONFSUBDIR=	tinc
+
+CONF_FILES_PERMS+=	${EGDIR}/tinc.conf ${PKG_SYSCONFDIR}/default/tinc.conf \
+			${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 644
+CONF_FILES_PERMS+=	${EGDIR}/tinc-up ${PKG_SYSCONFDIR}/default/tinc-up \
+			${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 755
+CONF_FILES_PERMS+=	${EGDIR}/tinc-down ${PKG_SYSCONFDIR}/default/tinc-down \
+			${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 755
+
+.include "../../mk/bsd.prefs.mk"
+
+.if ${INIT_SYSTEM} == "smf"
+SMF_METHODS=		tinc
+MESSAGE_SRC+=		MESSAGE.smf
+MESSAGE_SUBST+=		PKG_SYSCONFDIR=${PKG_SYSCONFDIR:Q}
+.endif
+
+post-install:
+	${INSTALL_DATA} ${FILESDIR}/tinc.conf ${DESTDIR}${EGDIR}
+	${INSTALL_DATA} ${FILESDIR}/tinc-up ${DESTDIR}${EGDIR}
+	${INSTALL_DATA} ${FILESDIR}/tinc-down ${DESTDIR}${EGDIR}
 
 .include "../../archivers/lzo/buildlink3.mk"
 .include "../../converters/libiconv/buildlink3.mk"
diff --git a/net/tinc/PLIST b/net/tinc/PLIST
index b8bc547dff5..d6588a5858e 100644
--- a/net/tinc/PLIST
+++ b/net/tinc/PLIST
@@ -1,5 +1,8 @@
-@comment $NetBSD: PLIST,v 1.4 2010/05/01 16:56:40 tonnerre Exp $
+@comment $NetBSD: PLIST,v 1.5 2018/09/30 15:55:25 jperkin Exp $
 info/tinc.info
 man/man5/tinc.conf.5
 man/man8/tincd.8
 sbin/tincd
+share/examples/tinc/tinc-down
+share/examples/tinc/tinc-up
+share/examples/tinc/tinc.conf
diff --git a/net/tinc/files/smf/manifest.xml b/net/tinc/files/smf/manifest.xml
new file mode 100644
index 00000000000..c8f912ac0d8
--- /dev/null
+++ b/net/tinc/files/smf/manifest.xml
@@ -0,0 +1,28 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='@SMF_PREFIX@/@SMF_NAME@' type='service' version='1'>
+    <create_default_instance enabled='false'/>
+    <dependency name='network' grouping='require_all' restart_on='refresh' type='service'>
+      <service_fmri value='svc:/milestone/network:default'/>
+    </dependency>
+    <dependency name='filesystem' grouping='require_all' restart_on='refresh' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <exec_method type='method' name='start' exec='@PREFIX@/@SMF_METHOD_FILE.tinc@ start' timeout_seconds='60'/>
+    <exec_method type='method' name='stop'  exec='@PREFIX@/@SMF_METHOD_FILE.tinc@ stop' timeout_seconds='60'/>
+    <property_group name='application' type='application'></property_group>
+    <property_group name='startd' type='framework'>
+      <propval name='duration' type='astring' value='contract'/>
+      <propval name='ignore_error' type='astring' value='core,signal'/>
+    </property_group>
+    <template>
+      <common_name>
+        <loctext xml:lang='C'>Virtual Private Network (VPN) daemon</loctext>
+      </common_name>
+      <documentation>
+        <manpage title='tincd' section='8' manpath='@PREFIX@/@PKGMANDIR@'/>
+      </documentation>
+    </template>
+  </service>
+</service_bundle>
diff --git a/net/tinc/files/smf/tinc.sh b/net/tinc/files/smf/tinc.sh
new file mode 100644
index 00000000000..20bca9be6ac
--- /dev/null
+++ b/net/tinc/files/smf/tinc.sh
@@ -0,0 +1,52 @@
+#!@SMF_METHOD_SHELL@
+#
+# Init script for tinc (SMF)
+#
+
+. /lib/svc/share/smf_include.sh
+
+getproparg() {
+	svcprop -p $1 $SMF_FMRI 2>/dev/null
+}
+
+METHOD=$1
+INSTANCE=$(echo $SMF_FMRI | sed s_.*:__)
+INSTANCE=${INSTANCE:=default}
+
+LOGDIR="@VARBASE@/log/tinc"
+LOGFILE="${LOGDIR}/tinc.${INSTANCE}.log"
+PIDFILE="@VARBASE@/run/tinc.${INSTANCE}.pid"
+_USER=$(getproparg tinc/user)
+_CHROOT=$(getproparg tinc/chroot)
+_MEMLOCK=$(getproparg tinc/memlock)
+
+USER=${_USER:=tinc}
+
+TINC_FLAGS=""
+
+# Check if there is a configuration directory for this instance
+if [ ! -d @PKG_SYSCONFDIR@/${INSTANCE} ]; then
+	echo "$0: No configuration directory found"
+	exit $SMF_EXIT_ERR_CONFIG
+fi
+
+# Chroot tinc into its config directory
+if [ "${_CHROOT}" == "true" ]; then
+	TINC_FLAGS="${TINC_FLAGS} -R"
+fi
+
+# Lock tinc memory to avoid going into swap
+if [ "${_MEMLOCK}" == "true" ]; then
+	TINC_FLAGS="${TINC_FLAGS} -L"
+fi
+
+case ${METHOD} in
+start)
+	@PREFIX@/sbin/tincd -n ${INSTANCE} -U ${USER} ${TINC_FLAGS} --logfile=${LOGFILE} --pidfile=${PIDFILE}
+	;;
+stop)
+	@PREFIX@/sbin/tincd -n ${INSTANCE} -k --pidfile=${PIDFILE}
+	;;
+esac
+
+exit ${SMF_EXIT_OK}
diff --git a/net/tinc/files/tinc-down b/net/tinc/files/tinc-down
new file mode 100644
index 00000000000..1d2b76c678d
--- /dev/null
+++ b/net/tinc/files/tinc-down
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+ifconfig $INTERFACE down
+ifconfig $INTERFACE unplumb
diff --git a/net/tinc/files/tinc-up b/net/tinc/files/tinc-up
new file mode 100644
index 00000000000..40c39fa7441
--- /dev/null
+++ b/net/tinc/files/tinc-up
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+ifconfig $INTERFACE plumb
+ifconfig $INTERFACE 192.168.100.1 netmask 255.255.255.0 up
+
+# Add the routes needed
+# route add -net 192.168.4.0/24 172.16.12.10 -interface
diff --git a/net/tinc/files/tinc.conf b/net/tinc/files/tinc.conf
new file mode 100644
index 00000000000..21ecd04db9f
--- /dev/null
+++ b/net/tinc/files/tinc.conf
@@ -0,0 +1,66 @@
+# $NetBSD: tinc.conf,v 1.1 2018/09/30 15:55:25 jperkin Exp $
+#
+# tinc-vpn example configuration file. Please do NOT rely solely in the
+# information of this template, the information tinc.conf(5) manpage might
+# be more current.
+#
+# -------------------------------------------------------------------------------
+#    Name = name [required]
+#      This is the name which identifies this tinc daemon.  It must be unique
+#      for the virtual private network this daemon will connect to.
+#      We're using 'default' to match the instance name of the SMF service which
+#      is created by default.
+# -------------------------------------------------------------------------------
+Name = default
+#
+#
+# -------------------------------------------------------------------------------
+#    Mode = router | switch | hub (router)
+#      This option selects the way packets are routed to other daemons.
+#
+#      router  In this mode Subnet variables in the host configuration files will
+#              be used to form a routing table.  Only unicast packets of routable
+#              protocols (IPv4 and IPv6) are supported in this mode.
+#
+#              This is the default mode, and unless you really know you need
+#              another mode, don't change it.
+#
+#      switch  In this mode the MAC addresses of the packets on the VPN will be
+#              used to dynamically create a routing table just like an Ethernet
+#              switch does.  Unicast, multicast and broadcast packets of every
+#              protocol that runs over Ethernet are supported in this mode at the
+#              cost of frequent broadcast ARP requests and routing table updates.
+#
+#              This mode is primarily useful if you want to bridge Ethernet
+#              segments.
+#
+#      hub     This mode is almost the same as the switch mode, but instead every
+#              packet will be broadcast to the other daemons while no routing
+#              table is managed.
+# -------------------------------------------------------------------------------
+# Mode = router
+#
+#
+# -------------------------------------------------------------------------------
+#   ConnectTo = name
+#      Specifies which other tinc daemon to connect to on startup.  Multiple
+#      ConnectTo variables may be specified, in which case outgoing connections
+#      to each specified tinc daemon are made.  The names should be known to this
+#      tinc daemon (i.e., there should be a host configuration file for the name
+#      on the ConnectTo line).
+#
+#      If you don't specify a host with ConnectTo, tinc won't try to connect to
+#      other daemons at all, and will instead just listen for incoming
+#      connections.
+# -------------------------------------------------------------------------------
+# ConnectTo = vpn1
+#
+#
+# -------------------------------------------------------------------------------
+#    DeviceType = type (platform dependent)
+#       The type of the virtual network device.  Tinc will normally automatically
+#       select the right type of tun/tap interface, and this option should not be
+#       used.  However, this option can be used to select one of the special
+#       interface types, if support for them is compiled in.
+# -------------------------------------------------------------------------------
+# DeviceType = tap