diff options
| author | fhajny <fhajny> | 2015-01-25 22:14:05 +0000 |
|---|---|---|
| committer | fhajny <fhajny> | 2015-01-25 22:14:05 +0000 |
| commit | 969a7e051e436b7db794452d055818cbee517539 (patch) | |
| tree | 3b96e24875bf6d91a0d86b8c0b2a16db31cede57 /net | |
| parent | 29d77f07dd3825d84cbb9efcd0ab742699ed3505 (diff) | |
| download | pkgsrc-969a7e051e436b7db794452d055818cbee517539.tar.gz | |
Backport an Illumos patch to fix the minimum privilege model, fixes quagga
on SunOS. Add SMF manifest and method.
Bump PKGREVISION.
Diffstat (limited to 'net')
| -rw-r--r-- | net/quagga/Makefile | 11 | ||||
| -rw-r--r-- | net/quagga/distinfo | 4 | ||||
| -rw-r--r-- | net/quagga/files/smf/manifest.xml | 454 | ||||
| -rw-r--r-- | net/quagga/patches/patch-lib_privs.c | 162 | ||||
| -rw-r--r-- | net/quagga/patches/patch-solaris_quagga.init.in | 38 |
5 files changed, 667 insertions, 2 deletions
diff --git a/net/quagga/Makefile b/net/quagga/Makefile index 090c21cfd8a..b817367e27f 100644 --- a/net/quagga/Makefile +++ b/net/quagga/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.48 2014/12/02 20:22:14 gdt Exp $ +# $NetBSD: Makefile,v 1.49 2015/01/25 22:14:05 fhajny Exp $ # DISTNAME= quagga-0.99.23.1 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= http://download.savannah.gnu.org/releases/quagga/ @@ -42,6 +43,14 @@ CONF_FILES_PERMS+= ${PREFIX}/share/examples/quagga/log_syslog.conf \ .include "options.mk" +.if ${INIT_SYSTEM} == "smf" +BUILD_DIRS= . solaris +SMF_INSTANCES= bgp ospf ospf6 rip ripng zebra +SMF_METHODS= quagga +SMF_METHOD_SRC.quagga= ${WRKSRC}/solaris/quagga.init +FILES_SUBST+= PKG_SMF_METHOD_DIR=${PKG_SMF_METHOD_DIR} +.endif + PLIST_CAT+= ${PKGDIR}/PLIST LIBS+= ${LDFLAGS} diff --git a/net/quagga/distinfo b/net/quagga/distinfo index ff94fa86ce9..e7768c0626f 100644 --- a/net/quagga/distinfo +++ b/net/quagga/distinfo @@ -1,7 +1,9 @@ -$NetBSD: distinfo,v 1.20 2014/12/02 20:22:14 gdt Exp $ +$NetBSD: distinfo,v 1.21 2015/01/25 22:14:05 fhajny Exp $ SHA1 (quagga-0.99.23.1.tar.gz) = 0501f527383cfa548a800de9816cf1423f6b2336 RMD160 (quagga-0.99.23.1.tar.gz) = 6102fdf118cf31de8155dfcaffee91207ff56164 Size (quagga-0.99.23.1.tar.gz) = 2526612 bytes SHA1 (patch-configure) = a58a698ba9b8a174c3623a9cd4b52518e410c0df +SHA1 (patch-lib_privs.c) = d86ec56c9f57f38af6cce5285fb95759efc7c8e9 +SHA1 (patch-solaris_quagga.init.in) = 85c63089ecc0852f737f3be347d0ad90093d844f SHA1 (patch-zebra-kernel_socket.c) = d9a2f3a301d4ac8392c246a2661859657a6dca5e diff --git a/net/quagga/files/smf/manifest.xml b/net/quagga/files/smf/manifest.xml new file mode 100644 index 00000000000..2660d59a819 --- /dev/null +++ b/net/quagga/files/smf/manifest.xml @@ -0,0 +1,454 @@ +<?xml version="1.0"?> +<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> +<service_bundle type='manifest' name='SUNWquagga-daemons:quagga'> + <service name='@SMF_PREFIX@/quagga' type='service' version='1'> + <instance name='zebra' enabled='false'> + <dependency name='fs' grouping='require_all' restart_on='none' type='service'> + <service_fmri value='svc:/system/filesystem/usr:default' /> + </dependency> + <dependency name='net' grouping='require_all' restart_on='none' type='service'> + <service_fmri value='svc:/network/initial' /> + </dependency> + <!-- do not not run unless routing-setup has run --> + <dependency name='network_routing_setup' grouping='require_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/routing-setup' /> + </dependency> + <exec_method type='method' name='start' exec='@PREFIX@/@PKG_SMF_METHOD_DIR@/quagga zebra' timeout_seconds='60'> + <method_context> + <method_credential user='root' group='root' /> + </method_context> + </exec_method> + <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60'></exec_method> + <!-- if we define these properties at the service level, each + instance inherits them, and it can override with + desired values. + --> + <property_group name='startd' type='framework'> + <!-- sub-process core dumps shouldn't restart session --> + <propval name='ignore_error' type='astring' value='core,signal' /> + </property_group> + <!-- Properties in this group are used by routeadm (1M) --> + <property_group name='routeadm' type='application'> + <stability value='Unstable' /> + <!-- Identifies service as a routing service --> + <propval name='daemon' type='astring' value='@PREFIX@/sbin/zebra' /> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <!-- zebra should not contribute to ipv4/ipv6 routing state --> + <propval name='protocol' type='astring' value='zebra' /> + </property_group> + <!-- Properties in this group are modifiable via routeadm (1M) --> + <property_group name='routing' type='application'> + <stability value='Evolving' /> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <!-- Options common to Quagga daemons + Property names are equivalent to the long + option name, consult Quagga documentation --> + <!-- The config file to use, if not the default --> + <propval name='config_file' type='astring' value='' /> + <!-- The vty_port to listen on if not the default. + 0 to disable --> + <propval name='vty_port' type='integer' value='0' /> + <!-- The address to bind the VTY interface to, if not any. --> + <propval name='vty_address' type='astring' value='' /> + <!-- The user to switch to after startup, if not the default --> + <propval name='user' type='astring' value='' /> + <!-- The group to switch to, if not the default. + If user is specified, this defaults to a group with + same name as user --> + <propval name='group' type='astring' value='' /> + <!-- The pidfile to use, if not the default of + /var/run/zebra --> + <propval name='pid_file' type='astring' value='' /> + <!-- Options specific to zebra --> + <propval name='batch' type='boolean' value='false' /> + </property_group> + <property_group name='general' type='framework'> + <!-- to start stop routing services --> + <propval name='action_authorization' type='astring' value='solaris.smf.manage.routing' /> + <propval name='value_authorization' type='astring' value='solaris.smf.manage.routing' /> + </property_group> + <template> + <common_name> + <loctext xml:lang='C'>Quagga: zebra, RIB, kernel intermediary and misc daemon</loctext> + </common_name> + <documentation> + <manpage title='zebra' section='1M' manpath='@PREFIX@/man' /> + <doc_link name='quagga.net' uri='http://www.quagga.net/' /> + </documentation> + </template> + </instance> + <instance name='rip' enabled='false'> + <dependency name='fs' grouping='require_all' restart_on='none' type='service'> + <service_fmri value='svc:/system/filesystem/usr:default' /> + </dependency> + <dependency name='ipv4-forwarding' grouping='optional_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/ipv4-forwarding' /> + </dependency> + <!-- do not not run unless routing-setup has run --> + <dependency name='network_routing_setup' grouping='require_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/routing-setup' /> + </dependency> + <!-- ensure that restart of zebra is propogated to daemon --> + <dependency name='zebra' grouping='optional_all' restart_on='restart' type='service'> + <service_fmri value='svc:/@SMF_PREFIX@/quagga:zebra' /> + </dependency> + <exec_method type='method' name='start' exec='@PREFIX@/@PKG_SMF_METHOD_DIR@/quagga ripd' timeout_seconds='60'> + <method_context> + <method_credential user='root' group='root' /> + </method_context> + </exec_method> + <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60'></exec_method> + <property_group name='startd' type='framework'> + <!-- sub-process core dumps shouldn't restart session --> + <propval name='ignore_error' type='astring' value='core,signal' /> + </property_group> + <!-- Properties in this group are used by routeadm (1M) --> + <property_group name='routeadm' type='application'> + <stability value='Unstable' /> + <!-- Identifies service as a routing service --> + <propval name='daemon' type='astring' value='@PREFIX@/sbin/ripd' /> + <propval name='legacy-daemon' type='astring' value='/usr/sfw/sbin/ripdstart' /> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <propval name='protocol' type='astring' value='ipv4' /> + </property_group> + <!-- Properties in this group are modifiable via routeadm (1M) --> + <property_group name='routing' type='application'> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <!-- Options common to Quagga daemons --> + <!-- The config file to use, if not the default --> + <propval name='config_file' type='astring' value='' /> + <!-- The vty_port to listen on if not the default. + 0 to disable --> + <propval name='vty_port' type='integer' value='0' /> + <!-- The address to bind the VTY interface to, if not any. --> + <propval name='vty_address' type='astring' value='' /> + <!-- The user to switch to after startup, if not the default --> + <propval name='user' type='astring' value='' /> + <!-- The group to switch to, if not the default. + If user is specified, this defaults to a group with + same name as user --> + <propval name='group' type='astring' value='' /> + <!-- The pidfile to use, if not the default of + /var/run/zebra --> + <propval name='pid_file' type='astring' value='' /> + <!-- Options specific to ripd --> + <propval name='retain' type='boolean' value='false' /> + </property_group> + <property_group name='general' type='framework'> + <!-- to start stop routing services --> + <propval name='action_authorization' type='astring' value='solaris.smf.manage.routing' /> + <propval name='value_authorization' type='astring' value='solaris.smf.manage.routing' /> + </property_group> + <template> + <common_name> + <loctext xml:lang='C'>Quagga: ripd, RIPv1/2 IPv4 routing protocol daemon.</loctext> + </common_name> + <documentation> + <manpage title='ripd' section='1M' manpath='@PREFIX@/man' /> + <doc_link name='quagga.net' uri='http://www.quagga.net/' /> + </documentation> + </template> + </instance> + <instance name='ripng' enabled='false'> + <dependency name='fs' grouping='require_all' restart_on='none' type='service'> + <service_fmri value='svc:/system/filesystem/usr:default' /> + </dependency> + <dependency name='ipv6-forwarding' grouping='optional_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/ipv6-forwarding' /> + </dependency> + <!-- do not not run unless routing-setup has run --> + <dependency name='network_routing_setup' grouping='require_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/routing-setup' /> + </dependency> + <!-- ensure that restart of zebra is propogated to daemon --> + <dependency name='zebra' grouping='optional_all' restart_on='restart' type='service'> + <service_fmri value='svc:/@SMF_PREFIX@/quagga:zebra' /> + </dependency> + <exec_method type='method' name='start' exec='@PREFIX@/@PKG_SMF_METHOD_DIR@/quagga ripngd' timeout_seconds='60'> + <method_context> + <method_credential user='root' group='root' /> + </method_context> + </exec_method> + <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60'></exec_method> + <property_group name='startd' type='framework'> + <!-- sub-process core dumps shouldn't restart session --> + <propval name='ignore_error' type='astring' value='core,signal' /> + </property_group> + <!-- Properties in this group are used by routeadm (1M) --> + <property_group name='routeadm' type='application'> + <stability value='Unstable' /> + <!-- Identifies service as a routing service --> + <propval name='daemon' type='astring' value='@PREFIX@/sbin/ripngd' /> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <propval name='protocol' type='astring' value='ipv6' /> + </property_group> + <!-- Properties in this group are modifiable via routeadm (1M) --> + <property_group name='routing' type='application'> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <!-- Options common to Quagga daemons --> + <!-- The config file to use, if not the default --> + <propval name='config_file' type='astring' value='' /> + <!-- The vty_port to listen on if not the default. + 0 to disable --> + <propval name='vty_port' type='integer' value='0' /> + <!-- The address to bind the VTY interface to, if not any. --> + <propval name='vty_address' type='astring' value='' /> + <!-- The user to switch to after startup, if not the default --> + <propval name='user' type='astring' value='' /> + <!-- The group to switch to, if not the default. + If user is specified, this defaults to a group with + same name as user --> + <propval name='group' type='astring' value='' /> + <!-- The pidfile to use, if not the default of + /var/run/zebra --> + <propval name='pid_file' type='astring' value='' /> + <!-- Options specific to ripngd --> + <propval name='retain' type='boolean' value='false' /> + </property_group> + <property_group name='general' type='framework'> + <!-- to start stop routing services --> + <propval name='action_authorization' type='astring' value='solaris.smf.manage.routing' /> + <propval name='value_authorization' type='astring' value='solaris.smf.manage.routing' /> + </property_group> + <template> + <common_name> + <loctext xml:lang='C'>Quagga: ripngd, RIPng IPv6 routing protocol daemon.</loctext> + </common_name> + <documentation> + <manpage title='ripngd' section='1M' manpath='@PREFIX@/man' /> + <doc_link name='quagga.net' uri='http://www.quagga.net/' /> + </documentation> + </template> + </instance> + <instance name='ospf' enabled='false'> + <dependency name='fs' grouping='require_all' restart_on='none' type='service'> + <service_fmri value='svc:/system/filesystem/usr:default' /> + </dependency> + <dependency name='ipv4-forwarding' grouping='optional_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/ipv4-forwarding' /> + </dependency> + <!-- do not not run unless routing-setup has run --> + <dependency name='network_routing_setup' grouping='require_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/routing-setup' /> + </dependency> + <!-- ensure that restart of zebra is propogated to daemon --> + <dependency name='zebra' grouping='optional_all' restart_on='restart' type='service'> + <service_fmri value='svc:/@SMF_PREFIX@/quagga:zebra' /> + </dependency> + <exec_method type='method' name='start' exec='@PREFIX@/@PKG_SMF_METHOD_DIR@/quagga ospfd' timeout_seconds='60'> + <method_context> + <method_credential user='root' group='root' /> + </method_context> + </exec_method> + <!-- ospfd can take a long time to shutdown, due to graceful + shutdown + --> + <exec_method type='method' name='stop' exec=':kill' timeout_seconds='600'></exec_method> + <property_group name='startd' type='framework'> + <!-- sub-process core dumps shouldn't restart session --> + <propval name='ignore_error' type='astring' value='core,signal' /> + </property_group> + <!-- Properties in this group are used by routeadm (1M) --> + <property_group name='routeadm' type='application'> + <stability value='Unstable' /> + <!-- Identifies service as a routing service --> + <propval name='daemon' type='astring' value='@PREFIX@/sbin/ospfd' /> + <propval name='legacy-daemon' type='astring' value='/usr/sfw/sbin/ospfdstart' /> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <propval name='protocol' type='astring' value='ipv4' /> + </property_group> + <!-- Properties in this group are modifiable via routeadm (1M) --> + <property_group name='routing' type='application'> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <!-- Options common to Quagga daemons --> + <!-- The config file to use, if not the default --> + <propval name='config_file' type='astring' value='' /> + <!-- The vty_port to listen on if not the default. + 0 to disable --> + <propval name='vty_port' type='integer' value='0' /> + <!-- The address to bind the VTY interface to, if not any. --> + <propval name='vty_address' type='astring' value='' /> + <!-- The user to switch to after startup, if not the default --> + <propval name='user' type='astring' value='' /> + <!-- The group to switch to, if not the default. + If user is specified, this defaults to a group with + same name as user --> + <propval name='group' type='astring' value='' /> + <!-- The pidfile to use, if not the default of + /var/run/zebra --> + <propval name='pid_file' type='astring' value='' /> + </property_group> + <property_group name='general' type='framework'> + <!-- to start stop routing services --> + <propval name='action_authorization' type='astring' value='solaris.smf.manage.routing' /> + <propval name='value_authorization' type='astring' value='solaris.smf.manage.routing' /> + </property_group> + <template> + <common_name> + <loctext xml:lang='C'>Quagga: ospfd, OSPFv2 IPv4 routing protocol daemon.</loctext> + </common_name> + <documentation> + <manpage title='ospfd' section='1M' manpath='@PREFIX@/man' /> + <doc_link name='quagga.net' uri='http://www.quagga.net/' /> + </documentation> + </template> + </instance> + <instance name='ospf6' enabled='false'> + <dependency name='fs' grouping='require_all' restart_on='none' type='service'> + <service_fmri value='svc:/system/filesystem/usr:default' /> + </dependency> + <dependency name='ipv6-forwarding' grouping='optional_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/ipv6-forwarding' /> + </dependency> + <!-- do not not run unless routing-setup has run --> + <dependency name='network_routing_setup' grouping='require_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/routing-setup' /> + </dependency> + <!-- ensure that restart of zebra is propogated to daemon --> + <dependency name='zebra' grouping='optional_all' restart_on='restart' type='service'> + <service_fmri value='svc:/@SMF_PREFIX@/quagga:zebra' /> + </dependency> + <exec_method type='method' name='start' exec='@PREFIX@/@PKG_SMF_METHOD_DIR@/quagga ospf6d' timeout_seconds='60'> + <method_context> + <method_credential user='root' group='root' /> + </method_context> + </exec_method> + <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60'></exec_method> + <property_group name='startd' type='framework'> + <!-- sub-process core dumps shouldn't restart session --> + <propval name='ignore_error' type='astring' value='core,signal' /> + </property_group> + <!-- Properties in this group are used by routeadm (1M) --> + <property_group name='routeadm' type='application'> + <stability value='Unstable' /> + <!-- Identifies service as a routing service --> + <propval name='daemon' type='astring' value='@PREFIX@/sbin/ospf6d' /> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <propval name='protocol' type='astring' value='ipv6' /> + </property_group> + <!-- Properties in this group are modifiable via routeadm (1M) --> + <property_group name='routing' type='application'> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <!-- Options common to Quagga daemons --> + <!-- The config file to use, if not the default --> + <propval name='config_file' type='astring' value='' /> + <!-- The vty_port to listen on if not the default. + 0 to disable --> + <propval name='vty_port' type='integer' value='0' /> + <!-- The address to bind the VTY interface to, if not any. --> + <propval name='vty_address' type='astring' value='' /> + <!-- The user to switch to after startup, if not the default --> + <propval name='user' type='astring' value='' /> + <!-- The group to switch to, if not the default. + If user is specified, this defaults to a group with + same name as user --> + <propval name='group' type='astring' value='' /> + <!-- The pidfile to use, if not the default of + /var/run/zebra --> + <propval name='pid_file' type='astring' value='' /> + </property_group> + <property_group name='general' type='framework'> + <!-- to start stop routing services --> + <propval name='action_authorization' type='astring' value='solaris.smf.manage.routing' /> + <propval name='value_authorization' type='astring' value='solaris.smf.manage.routing' /> + </property_group> + <template> + <common_name> + <loctext xml:lang='C'>Quagga: ospf6d, OSPFv3 IPv6 routing protocol daemon.</loctext> + </common_name> + <documentation> + <manpage title='ospf6d' section='1M' manpath='@PREFIX@/man' /> + <doc_link name='quagga.net' uri='http://www.quagga.net/' /> + </documentation> + </template> + </instance> + <instance name='bgp' enabled='false'> + <dependency name='fs' grouping='require_all' restart_on='none' type='service'> + <service_fmri value='svc:/system/filesystem/usr:default' /> + </dependency> + <dependency name='ipv6-forwarding' grouping='optional_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/ipv6-forwarding' /> + </dependency> + <dependency name='ipv4-forwarding' grouping='optional_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/ipv4-forwarding' /> + </dependency> + <!-- do not not run unless routing-setup has run --> + <dependency name='network_routing_setup' grouping='require_all' restart_on='refresh' type='service'> + <service_fmri value='svc:/network/routing-setup' /> + </dependency> + <!-- ensure that restart of zebra is propogated to daemon --> + <dependency name='zebra' grouping='optional_all' restart_on='restart' type='service'> + <service_fmri value='svc:/@SMF_PREFIX@/quagga:zebra' /> + </dependency> + <exec_method type='method' name='start' exec='@PREFIX@/@PKG_SMF_METHOD_DIR@/quagga bgpd' timeout_seconds='60'> + <method_context> + <method_credential user='root' group='root' /> + </method_context> + </exec_method> + <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60'></exec_method> + <property_group name='startd' type='framework'> + <!-- sub-process core dumps shouldn't restart session --> + <propval name='ignore_error' type='astring' value='core,signal' /> + </property_group> + <!-- Properties in this group are used by routeadm (1M) --> + <property_group name='routeadm' type='application'> + <stability value='Unstable' /> + <!-- Identifies service as a routing service --> + <propval name='daemon' type='astring' value='@PREFIX@/sbin/bgpd' /> + <propval name='legacy-daemon' type='astring' value='/usr/sfw/sbin/bgpdstart' /> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <property name='protocol' type='astring'> + <astring_list> + <value_node value='ipv4' /> + <value_node value='ipv6' /> + </astring_list> + </property> + </property_group> + <!-- Properties in this group are modifiable via routeadm (1M) --> + <property_group name='routing' type='application'> + <propval name='value_authorization' type='astring' value='solaris.smf.value.routing' /> + <!-- Options common to Quagga daemons. --> + <!-- The config file to use, if not the default --> + <propval name='config_file' type='astring' value='' /> + <!-- The vty_port to listen on if not the default. + 0 to disable --> + <propval name='vty_port' type='integer' value='0' /> + <!-- The address to bind the VTY interface to, if not any. --> + <propval name='vty_address' type='astring' value='' /> + <!-- The user to switch to after startup, if not the default --> + <propval name='user' type='astring' value='' /> + <!-- The group to switch to, if not the default. + If user is specified, this defaults to a group with + same name as user --> + <propval name='group' type='astring' value='' /> + <!-- The pidfile to use, if not the default of + /var/run/zebra --> + <propval name='pid_file' type='astring' value='' /> + <!-- Options specific to bgpd --> + <propval name='retain' type='boolean' value='false' /> + <propval name='no_kernel' type='boolean' value='false' /> + <propval name='bgp_port' type='astring' value='' /> + <!-- + If enable_zebra is false, it will not be switched + on by the start method. + --> + <propval name='enable_zebra' type='boolean' value='true' /> + </property_group> + <property_group name='general' type='framework'> + <!-- to start stop routing services --> + <propval name='action_authorization' type='astring' value='solaris.smf.manage.routing' /> + <propval name='value_authorization' type='astring' value='solaris.smf.manage.routing' /> + </property_group> + <template> + <common_name> + <loctext xml:lang='C'>Quagga: bgpd, BGP routing protocol daemon.</loctext> + </common_name> + <documentation> + <manpage title='bgpd' section='1M' manpath='@PREFIX@/man' /> + <doc_link name='quagga.net' uri='http://www.quagga.net/' /> + </documentation> + </template> + </instance> + <stability value='Unstable' /> + </service> +</service_bundle> diff --git a/net/quagga/patches/patch-lib_privs.c b/net/quagga/patches/patch-lib_privs.c new file mode 100644 index 00000000000..c65d89b1bb9 --- /dev/null +++ b/net/quagga/patches/patch-lib_privs.c @@ -0,0 +1,162 @@ +$NetBSD: patch-lib_privs.c,v 1.1 2015/01/25 22:14:05 fhajny Exp $ + +Fix minimum privileges setup, makes Quagga work on SunOS. +https://github.com/illumos/illumos-userland/blob/master/components/quagga/patches/75-privs-basicprivset.patch +--- lib/privs.c.orig 2014-08-25 16:56:53.000000000 +0000 ++++ lib/privs.c +@@ -2,7 +2,7 @@ + * Zebra privileges. + * + * Copyright (C) 2003 Paul Jakma. +- * Copyright (C) 2005 Sun Microsystems, Inc. ++ * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * + * This file is part of GNU Zebra. + * +@@ -348,6 +348,26 @@ zprivs_caps_terminate (void) + * - http://blogs.sun.com/roller/page/gbrunett?entry=privilege_enabling_set_id_programs1 + */ + ++static pset_t * ++zprivs_caps_minimal () ++{ ++ pset_t *minimal; ++ ++ if ((minimal = priv_str_to_set("basic", ",", NULL)) == NULL) ++ { ++ fprintf (stderr, "%s: couldn't get basic set!\n", __func__); ++ exit (1); ++ } ++ ++ /* create a minimal privilege set from the basic set */ ++ (void) priv_delset(minimal, PRIV_PROC_EXEC); ++ (void) priv_delset(minimal, PRIV_PROC_INFO); ++ (void) priv_delset(minimal, PRIV_PROC_SESSION); ++ (void) priv_delset(minimal, PRIV_FILE_LINK_ANY); ++ ++ return minimal; ++} ++ + /* convert zebras privileges to system capabilities */ + static pset_t * + zcaps2sys (zebra_capabilities_t *zcaps, int num) +@@ -376,26 +396,34 @@ zcaps2sys (zebra_capabilities_t *zcaps, + int + zprivs_change_caps (zebra_privs_ops_t op) + { ++ pset_t *privset; + + /* should be no possibility of being called without valid caps */ + assert (zprivs_state.syscaps_p); + if (!zprivs_state.syscaps_p) + { ++ fprintf (stderr, "%s: Eek, missing privileged caps!", __func__); ++ exit (1); ++ } ++ ++ assert (zprivs_state.caps); ++ if (!zprivs_state.caps) ++ { + fprintf (stderr, "%s: Eek, missing caps!", __func__); + exit (1); + } +- +- /* to raise: copy original permitted into our working effective set +- * to lower: just clear the working effective set ++ ++ /* to raise: copy original permitted as our working effective set ++ * to lower: copy regular effective set stored in zprivs_state.caps + */ + if (op == ZPRIVS_RAISE) +- priv_copyset (zprivs_state.syscaps_p, zprivs_state.caps); ++ privset = zprivs_state.syscaps_p; + else if (op == ZPRIVS_LOWER) +- priv_emptyset (zprivs_state.caps); ++ privset = zprivs_state.caps; + else + return -1; + +- if (setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps) != 0) ++ if (setppriv (PRIV_SET, PRIV_EFFECTIVE, privset) != 0) + return -1; + + return 0; +@@ -423,15 +451,15 @@ zprivs_state_caps (void) + } + else + { +- if (priv_isemptyset (effective) == B_TRUE) ++ if (priv_isequalset (effective, zprivs_state.syscaps_p)) ++ result = ZPRIVS_RAISED; ++ else if (priv_isequalset (effective, zprivs_state.caps)) + result = ZPRIVS_LOWERED; + else +- result = ZPRIVS_RAISED; ++ result = ZPRIVS_UNKNOWN; + } + +- if (effective) +- priv_freeset (effective); +- ++ priv_freeset (effective); + return result; + } + +@@ -439,7 +467,7 @@ static void + zprivs_caps_init (struct zebra_privs_t *zprivs) + { + pset_t *basic; +- pset_t *empty; ++ pset_t *minimal; + + /* the specified sets */ + zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p); +@@ -467,14 +495,6 @@ zprivs_caps_init (struct zebra_privs_t * + priv_union (basic, zprivs_state.syscaps_p); + priv_freeset (basic); + +- /* we need an empty set for 'effective', potentially for inheritable too */ +- if ( (empty = priv_allocset()) == NULL) +- { +- fprintf (stderr, "%s: couldn't get empty set!\n", __func__); +- exit (1); +- } +- priv_emptyset (empty); +- + /* Hey kernel, we know about privileges! + * this isn't strictly required, use of setppriv should have same effect + */ +@@ -517,16 +537,19 @@ zprivs_caps_init (struct zebra_privs_t * + exit (1); + } + +- /* now clear the effective set and we're ready to go */ +- if (setppriv (PRIV_SET, PRIV_EFFECTIVE, empty)) ++ /* we need a minimal basic set for 'effective', potentially for inheritable too */ ++ minimal = zprivs_caps_minimal(); ++ ++ /* now set the effective set with a subset of basic privileges */ ++ if (setppriv (PRIV_SET, PRIV_EFFECTIVE, minimal)) + { + fprintf (stderr, "%s: error setting effective set!, %s\n", __func__, + safe_strerror (errno) ); + exit (1); + } + +- /* we'll use this as our working-storage privset */ +- zprivs_state.caps = empty; ++ /* we'll use the minimal set as our working-storage privset */ ++ zprivs_state.caps = minimal; + + /* set methods for the caller to use */ + zprivs->change = zprivs_change_caps; +@@ -538,8 +561,7 @@ zprivs_caps_terminate (void) + { + assert (zprivs_state.caps); + +- /* clear all capabilities */ +- priv_emptyset (zprivs_state.caps); ++ /* clear all capabilities by using working-storage privset */ + setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps); + setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.caps); + setppriv (PRIV_SET, PRIV_INHERITABLE, zprivs_state.caps); diff --git a/net/quagga/patches/patch-solaris_quagga.init.in b/net/quagga/patches/patch-solaris_quagga.init.in new file mode 100644 index 00000000000..cd16e28f8d6 --- /dev/null +++ b/net/quagga/patches/patch-solaris_quagga.init.in @@ -0,0 +1,38 @@ +$NetBSD: patch-solaris_quagga.init.in,v 1.1 2015/01/25 22:14:05 fhajny Exp $ + +Fix SMF method based on the manifest we provide. +--- solaris/quagga.init.in.orig 2014-08-25 16:56:53.000000000 +0000 ++++ solaris/quagga.init.in +@@ -156,16 +156,16 @@ routeadm_zebra_enable () { + enable_zebra=`/usr/bin/svcprop -p \ + routing/enable_zebra $SMF_FMRI 2> /dev/null` + if [ "$enable_zebra" != "false" ]; then +- zenabled=`/usr/bin/svcprop -p general/enabled zebra:quagga` +- zenabledt=`/usr/bin/svcprop -p general_ovr/enabled zebra:quagga` ++ zenabled=`/usr/bin/svcprop -p general/enabled quagga:zebra` ++ zenabledt=`/usr/bin/svcprop -p general_ovr/enabled quagga:zebra` + if [ "$zenabled" = "true" -o "$zenabledt" = "true" ]; then +- /usr/sbin/svcadm disable zebra:quagga +- /usr/sbin/svcadm enable -st zebra:quagga ++ /usr/sbin/svcadm disable quagga:zebra ++ /usr/sbin/svcadm enable -st quagga:zebra + else +- /usr/sbin/svcadm enable -st zebra:quagga ++ /usr/sbin/svcadm enable -st quagga:zebra + fi + if [ "$?" != "0" ]; then +- echo "Could not enable zebra:quagga" ++ echo "Could not enable quagga:zebra" + exit $SMF_EXIT_ERR_FATAL + fi + fi +@@ -255,7 +255,8 @@ else + fi + fi + +-upgrade_config "$DAEMON" ++# Do not try to upgrade, keep pkgsrc separate ++# upgrade_config "$DAEMON" + + if [ ! -f "@sysconfdir@/${DAEMON}.conf" ] ; then + echo "Could not find config file, @sysconfdir@/${DAEMON}.conf" |