name = bind
version = 9.8.1
-release = 2
+release = 3
groups = Networking/Tools
url = http://www.isc.org/products/BIND/
libidn-devel
pkg-config
openssl-devel
+ shadow-utils
end
configure_options += \
libtoolize -c -f
aclocal -I m4 --force
autoconf -f
+
+ # Create user and group for /run directory.
+ %{create_user}
end
install
ln -svf ../../lib/libirs-export.so.80 %{BUILDROOT}/usr/lib/libirs-export.so
ln -svf ../../lib/libisccfg-export.so.82 %{BUILDROOT}/usr/lib/libisccfg-export.so
ln -svf ../../lib/libisc-export.so.83 %{BUILDROOT}/usr/lib/libisc-export.so
+
+ # Create /run/named.
+ mkdir -pv %{BUILDROOT}/run/named
+ chown -Rv named.named %{BUILDROOT}/run/named/
end
end
+create_user
+ getent group named >/dev/null || /usr/sbin/groupadd -r named
+ getent passwd named >/dev/null || /usr/sbin/useradd -r -g named \
+ -d /var/named -c "User for bind DNS server" -s /sbin/nologin named
+end
+
packages
package %{name}
requires
prerequires += shadow-utils
script prein
- # Create unprivileged user and group.
- getent group named > /dev/null || groupadd -r named
- getent passwd named > /dev/null || \
- useradd -r -g named -d /var/named -s /sbin/nologin \
- -c "User for bind DNS server" named
- exit 0
+ %{create_user}
end
# XXX Add systemd scriptlet if a service file becomes available
-d /var/run/named 0755 named named -
+d /run/named 0755 named named -
+++ /dev/null
-#!/bin/sh
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-#
-# Partly based on scripts by DJ Lucas - dj@linuxfromscratch.org
-#
-
-# Distro Information
-DISTRO="$(</etc/system-release)" # The distro name
-DISTRO_CONTACT="http://bugtracker.ipfire.org" # Bug report address
-
-# This sets default terminal options.
-# stty sane - this has been removed as nobody recalls
-# the reason for it in the first place - if no problems arize,
-# then it will be removed completely at a later date.
-
-# Setup default values for the environment
-umask 022
-
-# If we boot, we should only allow the
-# use tools that are available in /bin:/sbin
-if [ -n "${UPSTART_JOB}" ]; then
- PATH="/bin:/sbin"
-fi
-
-# Find current screen size
-if [ -z "${COLUMNS}" ]; then
- COLUMNS=$(stty size)
- COLUMNS=${COLUMNS##* }
-fi
-
-# When using remote connections, such as a serial port, stty size returns 0
-if [ "${COLUMNS}" = "0" ]; then
- COLUMNS=80
-fi
-
-## Measurements for positioning result messages
-COL=$((${COLUMNS} - 8))
-WCOL=$((${COL} - 2))
-
-# Set Cursur Position Commands, used via echo -e
-SET_COL="\\033[${COL}G" # at the $COL char
-SET_WCOL="\\033[${WCOL}G" # at the $WCOL char
-CURS_UP="\\033[1A\\033[0G" # Up one line, at the 0'th char
-
-# Normal colors
-CLR_NORM_BLK="\\033[0;30m" # black
-CLR_NORM_RED="\\033[0;31m" # red
-CLR_NORM_GRN="\\033[0;32m" # green
-CLR_NORM_YEL="\\033[0;33m" # yellow
-CLR_NORM_BLU="\\033[0;34m" # blue
-CLR_NORM_MAG="\\033[0;35m" # magenta
-CLR_NORM_CYN="\\033[0;36m" # cyan
-CLR_NORM_WHT="\\033[0;37m" # white
-CLR_NORM_GRY="\\033[0;39m" # grey
-
-# Emphased colors
-CLR_BOLD_BLK="\\033[1;30m" # black
-CLR_BOLD_RED="\\033[1;31m" # red
-CLR_BOLD_GRN="\\033[1;32m" # green
-CLR_BOLD_YEL="\\033[1;33m" # yellow
-CLR_BOLD_BLU="\\033[1;34m" # blue
-CLR_BOLD_MAG="\\033[1;35m" # magenta
-CLR_BOLD_CYN="\\033[1;36m" # cyan
-CLR_BOLD_WHT="\\033[1;37m" # white
-CLR_BOLD_GRY="\\033[1;39m" # grey
-
-# Background colors
-CLR_BACK_BLK="\\033[40m" # black
-CLR_BACK_RED="\\033[41m" # red
-CLR_BACK_GRN="\\033[42m" # green
-CLR_BACK_YEL="\\033[43m" # yellow
-CLR_BACK_BLU="\\033[44m" # blue
-CLR_BACK_MAG="\\033[45m" # magenta
-CLR_BACK_CYN="\\033[46m" # cyan
-CLR_BACK_WHT="\\033[47m" # white
-
-# Action colors
-BOLD=$CLR_BOLD_GRY
-DONE=$CLR_BOLD_GRN
-SKIP=$CLR_BOLD_BLU
-WARN=$CLR_BOLD_MAG
-FAIL=$CLR_BOLD_RED
-NORMAL=$CLR_NORM_GRY
-
-# Color hooks
-BRACKET_L="${CLR_BOLD_BLU}[${NORMAL}"
-BRACKET_R="${CLR_BOLD_BLU}]${NORMAL}"
-
-# Define custom colors used in messages printed to the screen
-BRACKET=${CLR_BOLD_BLU} # Blue
-FAILURE=${CLR_BOLD_RED} # Red
-INFO=${CLR_BOLD_CYN} # Cyan
-NORMAL=${CLR_NORM_GRY} # Grey
-SUCCESS=${CLR_BOLD_GRN} # Green
-WARNING=${CLR_BOLD_YEL} # Yellow
-
-# Prefix boot messages for easier reading on framebuffer consoles
-PREFIX_SUCCESS=" ${SUCCESS}*${NORMAL} "
-PREFIX_WARNING="${WARNING}**${NORMAL} "
-PREFIX_FAILURE="${FAILURE}***${NORMAL}"
-
-welcome_message="Welcome to ${INFO}${DISTRO}${NORMAL}"
-welcome_message_length=$((${#DISTRO} + 11))
-
-# Error message displayed when a script's exit value is not zero
-print_error_msg() {
- # ${link} and ${error_value} are defined by the rc script
- echo -e "${FAILURE}FAILURE: You should not be reading this error message."
- echo -e ""
- echo -e -n "${FAILURE}It means that an unforseen error took place in"
- echo -e -n "${INFO} ${link}"
- echo -e "${FAILURE},"
- echo -e "${FAILURE}which exited with a return value of ${error_value}."
- echo -e ""
- echo -e -n "${FAILURE}If you are able to track this error down to a bug"
- echo -e "${FAILURE}in one of the files"
- echo -e -n "provided by ${INFO}${DISTRO}${FAILURE}, "
- echo -e -n "${FAILURE}please be so kind to inform us at "
- echo -e "${INFO}${DISTRO_CONTACT}${FAILURE}.${NORMAL}"
- echo -e ""
- echo -e "${INFO}Press Enter to continue..."
- echo -e "${NORMAL}"
- read ENTER
-}
-
-################################################################################
-# log_success_msg() #
-# Usage: log_success_msg [$MESSAGE | "message"] #
-# #
-# Purpose: Print a successful status message to the screen and optionally #
-# a boot log file. #
-# #
-# Inputs: accepts one string value, either a quoted string or optionally #
-# the value of $MESSAGE if set in the running environment. #
-# #
-# Return values: Not used #
-################################################################################
-log_success_msg() {
- echo -n -e "${PREFIX_SUCCESS}${INDENT}${@}"
- echo -e "${SET_COL}${BRACKET}[${SUCCESS} OK ${BRACKET}]${NORMAL}"
-}
-
-################################################################################
-# log_failure_msg() #
-# Usage: log_failure_msg [$MESSAGE | "message"] #
-# #
-# Purpose: Print a failure status message to the screen and optionally #
-# a boot log file. #
-# #
-# Inputs: accepts one string value, either a quoted string or optionally #
-# the value of $MESSAGE if set in the running environment. #
-# #
-# Return values: Not used #
-################################################################################
-log_failure_msg() {
- echo -n -e "${PREFIX_FAILURE}${INDENT}${@}"
- echo -e "${SET_COL}${BRACKET}[${FAILURE} FAIL ${BRACKET}]${NORMAL}"
-}
-
-################################################################################
-# log_warning_msg() #
-# Usage: log_warning_msg [$MESSAGE | "message"] #
-# #
-# Purpose: Print a warning status message to the screen and optionally #
-# a boot log file. #
-# #
-# Inputs: accepts one string value, either a quoted string or optionally #
-# the value of $MESSAGE if set in the running environment. #
-# #
-# Return values: Not used #
-################################################################################
-log_warning_msg() {
- echo -n -e "${PREFIX_WARNING}${INDENT}${@}"
- echo -e "${SET_COL}${BRACKET}[${WARNING} WARN ${BRACKET}]${NORMAL}"
-}
-
-############################## evaluate_retval() ###############################
-# evaluate_retval requires that you pass exactly one evaluation parameter of #
-# (start, stop, other) based on the previous action that is being evaluated. #
-# This function is intended for use with start_daemon and killproc to #
-# interpret the LSB exit codes properly, othewise the checks only for success #
-# or failure. #
-################################################################################
-evaluate_retval() {
- local error_value="${?}"
-
- # Handle LSB defined return values
- case "${1}" in
- start)
- case "${error_value}" in
- 0)
- log_success_msg "Starting ${MESSAGE} "
- return "${error_value}"
- ;;
- 2)
- log_failure_msg "Starting ${MESSAGE} Error: Invalid argument!"
- return "${error_value}"
- ;;
- 5)
- log_failure_msg "Starting ${MESSAGE} Error: Not available!"
- return "${error_value}"
- ;;
- *)
- log_failure_msg "Starting ${MESSAGE} Error: General failure!"
- return "${error_value}"
- ;;
- esac
- ;;
-
- stop)
- case "${error_value}" in
- 0)
- log_success_msg "Stopping ${MESSAGE} "
- return "${error_value}"
- ;;
- 2)
- log_failure_msg "Stopping ${MESSAGE} Error: Invalid argument!"
- return "${error_value}"
- ;;
- 5)
- log_failure_msg "Stopping ${MESSAGE} Error: Not available!"
- return "${error_value}"
- ;;
- 7)
- log_warning_msg "Stopping ${MESSAGE} Warning: Not running!"
- return "${error_value}"
- ;;
- *)
- log_failure_msg "Stopping ${MESSAGE} Error: General failure!"
- return "${error_value}"
- ;;
- esac
- ;;
-
- force-reload)
- message="Forcefully reloading "
- ;;
-
- reload)
- message="Reloading "
- ;;
-
- restart)
- message="Restarting "
- ;;
-
- try-restart)
- message="Trying restart "
- ;;
-
- standard)
- # $message or $MESSAGE must be set, but not both in order
- # to use the 'standard' target.
- ;;
- esac
-
- # Print messages for the generic force-reload, reload, restart,
- # and try-restart targets
- if [ "${error_value}" = "0" ]; then
- log_success_msg "${message}${MESSAGE} "
- return "${error_value}"
- else
- log_failure_msg "${message}${MESSAGE} "
- return "${error_value}"
- fi
-}
name = initscripts
epoch = 1
version = 2.99
-release = 8
+release = 11
groups = Base System/Boot
url =
install
cd src && make install clean DESTDIR=%{BUILDROOT}
- mkdir -pv %{BUILDROOT}/etc/{init,sysconfig}
-
- cp -vf %{DIR_SOURCE}/functions %{BUILDROOT}/etc/init/
-
- for i in %{DIR_SOURCE}/sysconfig/*; do
- install -v -m 644 $i %{BUILDROOT}/etc/sysconfig/
- done
- chmod -v 755 %{BUILDROOT}/etc/sysconfig/rc.local
-
- cp -vf %{DIR_SOURCE}/sysctl.conf %{BUILDROOT}/etc
+ # Install rc.local
+ install -v -m 755 %{DIR_SOURCE}/rc.local %{BUILDROT}/etc/rc.local
# Install udev rules
mkdir -pv %{BUILDROOT}/lib/udev/rules.d/
util-linux
end
+ configfiles
+ /etc/rc.local
+ end
+
prerequires = coreutils shadow-utils
script prein
chown root:utmp /var/log/{b,w}tmp /var/run/utmp
chmod 664 /var/log/wtmp /var/run/utmp
chmod 600 /var/log/btmp
+
+ # Just search for new unit files that were just installed.
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+ # Enable rc.local as default.
+ /bin/systemctl --no-reload enable rc-local.service >/dev/null 2>&1 || :
+ end
+
+ # Disable the service that is to be removed and stop it if it is still running.
+ script preun
+ /bin/systemctl --no-reload disable rc-local.service >/dev/null 2>&1 || :
+ /bin/systemctl stop rc-local.service >/dev/null 2>&1 || :
+ end
+
+ # Just tell systemd that unitfiles have been removed.
+ script postun
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
end
end
end
--- /dev/null
+#!/bin/sh
+#
+# This script will be executed at the end of the boot process.
+# You can put your own initialization stuff in here.
+++ /dev/null
-########################################################################
-# Begin /etc/sysconfig/createfiles
-#
-# Description : Createfiles script config file
-#
-# Authors :
-#
-# Version : 00.00
-#
-# Notes : The syntax of this file is as follows:
-# if type is equal to "file" or "dir"
-# <filename> <type> <permissions> <user> <group>
-# if type is equal to "dev"
-# <filename> <type> <permissions> <user> <group> <devtype> <major> <minor>
-#
-# <filename> is the name of the file which is to be created
-# <type> is either file, dir, or dev.
-# file creates a new file
-# dir creates a new directory
-# dev creates a new device
-# <devtype> is either block, char or pipe
-# block creates a block device
-# char creates a character deivce
-# pipe creates a pipe, this will ignore the <major> and <minor> fields
-# <major> and <minor> are the major and minor numbers used for the device.
-########################################################################
-
-# End /etc/sysconfig/createfiles
+++ /dev/null
-########################################################################
-# Begin /etc/sysconfig/modules
-#
-# Description : Module auto-loading configuration
-#
-# Authors :
-#
-# Version : 00.00
-#
-# Notes : The syntax of this file is as follows:
-# <module> [<arg1> <arg2> ...]
-#
-# Each module should be on it's own line, and any options that you want
-# passed to the module should follow it. The line deliminator is either
-# a space or a tab.
-########################################################################
-
-# For dialin with pppd
-ppp_generic
-
-# End /etc/sysconfig/modules
+++ /dev/null
-HOSTNAME=ipfire.localdomain
+++ /dev/null
-# Begin /etc/sysconfig/rc
-
-# Author: DJ Lucas - dj@linuxfromscratch.org
-# Version: 1.0 LSB V.3.1
-
-# Global variable inherited by initscripts are in caps
-# Local variables for the rc script are in lowercase
-
-# Source site specific rc configuration
-. /etc/sysconfig/rc.site
-
-# This sets default terminal options.
-# stty sane - this has been removed as nobody recalls
-# the reason for it in the first place - if no problems arize,
-# then it will be removed completely at a later date.
-
-# Setup default values for the environment
-umask 022
-PATH="/bin:/sbin"
-
-# Find current screen size
-if [ -z "${COLUMNS}" ]; then
- COLUMNS=$(stty size)
- COLUMNS=${COLUMNS##* }
-fi
-
-# When using remote connections, such as a serial port, stty size returns 0
-if [ "${COLUMNS}" = "0" ]; then
- COLUMNS=80
-fi
-
-## Measurements for positioning result messages
-COL=$((${COLUMNS} - 8))
-WCOL=$((${COL} - 2))
-
-# Set Cursur Position Commands, used via echo -e
-SET_COL="\\033[${COL}G" # at the $COL char
-SET_WCOL="\\033[${WCOL}G" # at the $WCOL char
-CURS_UP="\\033[1A\\033[0G" # Up one line, at the 0'th char
-
-# Bootlogging and interactive startup require a valid tempfs mount
-# if this mount is not present, disable them
-if [ "${TEMPFS_MOUNT}" = "" -o ! -d "${TEMPFS_MOUNT}" ]; then
- TEMPFS_MOUNT=""
- iprompt=""
- BOOTLOG_ENAB=""
-fi
-
-# Export the environment variables so they are inherited by the scripts
-export PATH SET_COL SET_WCOL CURS_UP TEMPFS_MOUNT BOOTLOG_ENAB RUNLEVEL
-
-# End /etc/sysconfig/rc
+++ /dev/null
-#!/bin/sh
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-# Used for private calls after boot #
-###############################################################################
-
-# power button shutdown
-if grep -q '^button' /proc/modules ; then
- head -1 /proc/acpi/event | grep -q 'button/power PWRF' && init 0 &
-fi
+++ /dev/null
-# Set base directory information
-RC_BASE="/etc"
-RC_FUNCTIONS="${RC_BASE}/init.d/ipfire-functions"
-
-# Location of network device scripts and config files
-NETWORK_SCRIPTS="/etc/init.d/networking"
-NETWORK_DEVICES="/etc/sysconfig/network-devices"
-
-# Directory to store boot process accounting information
-# Used for boot logging and interactive flag when rootfs
-# is not writable
-TEMPFS_MOUNT="${RC_BASE}/init.d/boottemp"
-
-# Bootlogging (requires a tempfs mount)
-BOOTLOG_ENAB="yes"
-
-# Distro Information
-DISTRO="$(cat /etc/system-release)" # The distro name
-DISTRO_CONTACT="http://bugtracker.ipfire.org" # Bug report address
-DISTRO_MINI="ipfire" # Short name used in filenames for distro config
-
-# Define custom colors used in messages printed to the screen
-BRACKET="\\033[1;34m" # Blue
-FAILURE="\\033[1;31m" # Red
-INFO="\\033[1;36m" # Cyan
-NORMAL="\\033[0;39m" # Grey
-SUCCESS="\\033[1;32m" # Green
-WARNING="\\033[1;33m" # Yellow
-
-# Prefix boot messages for easier reading on framebuffer consoles
-PREFIX_SUCCESS=" ${SUCCESS}*${NORMAL} "
-PREFIX_WARNING="${WARNING}**${NORMAL} "
-PREFIX_FAILURE="${FAILURE}***${NORMAL}"
-
-# Export varialbles so that they are inherited by the initscripts
-export RC_BASE RC_FUNCTIONS TEMPFS_MOUNT BOOTLOG_ENAB
-export NETWORK_DEVICES NETWORK_SCRIPTS
-export DISTRO DISTRO_CONTACT DISTRO_MINI
-export BRACKET FAILURE INFO NORMAL SUCCESS WARNING
-export PREFIX_SUCCESS PREFIX_WARNING PREFIX_FAILURE
-
-# Interactive startup
-iprompt="yes" # Wether to display the interactive boot promp
-itime="2" # The ammount of time (in seconds) to display the prompt
-dlen="$(( 11 + ${#DISTRO} ))" # The total length of the distro welcome string
-ilen="38" # The total length of the interactive message
-welcome_message="Welcome to ${INFO}${DISTRO}${NORMAL}"
-i_message="Press '${FAILURE}I${NORMAL}' to enter interactive startup"
-
-# Error message displayed when a script's exit value is not zero
-print_error_msg()
-{
- # ${link} and ${error_value} are defined by the rc script
- echo -e "${FAILURE}FAILURE: You should not be reading this error message."
- echo -e ""
- echo -e -n "${FAILURE}It means that an unforseen error took place in"
- echo -e -n "${INFO} ${link}"
- echo -e "${FAILURE},"
- echo -e "${FAILURE}which exited with a return value of ${error_value}."
- echo -e ""
- echo -e -n "${FAILURE}If you are able to track this error down to a bug"
- echo -e "${FAILURE}in one of the files"
- echo -e -n "provided by ${INFO}${DISTRO}${FAILURE}, "
- echo -e -n "${FAILURE}please be so kind to inform us at "
- echo -e "${INFO}${DISTRO_CONTACT}${FAILURE}.${NORMAL}"
- echo -e ""
- echo -e "${INFO}Press Enter to continue..."
- echo -e "${NORMAL}"
- read ENTER
-}
-
+++ /dev/null
-net.ipv4.ip_forward = 1
-net.ipv4.ip_dynaddr = 1
-net.ipv4.icmp_echo_ignore_broadcasts = 1
-net.ipv4.icmp_ignore_bogus_error_responses = 1
-
-net.ipv4.tcp_sack = 0
-net.ipv4.tcp_timestamps = 0
-net.ipv4.tcp_syncookies = 1
-net.ipv4.tcp_fin_timeout = 30
-net.ipv4.tcp_window_scaling = 0
-net.ipv4.tcp_syn_retries = 3
-net.ipv4.tcp_synack_retries = 3
-
-net.ipv4.conf.default.rp_filter = 0
-net.ipv4.conf.default.accept_redirects = 0
-net.ipv4.conf.default.accept_source_route = 0
-net.ipv4.conf.default.log_martians = 1
-
-net.ipv4.conf.all.rp_filter = 0
-net.ipv4.conf.all.accept_redirects = 0
-net.ipv4.conf.all.accept_source_route = 0
-net.ipv4.conf.all.log_martians = 1
-
-# IPv6 settings
-net.ipv6.conf.default.forwarding = 1
-net.ipv6.conf.default.autoconf = 0
-
-kernel.printk = 1 4 1 7
--- /dev/null
+[Unit]
+Description=/etc/rc.local Compatiblity
+ConditionFileIsExecuteable=/etc/rc.local
+Requires=multi-user.target
+After=multi-user.target network.target
+
+[Service]
+Type=forking
+ExecStart=/etc/rc.local
+TimeoutSec=0
+StandardOutput=tty
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
name = lighttpd
version = 1.4.29
-release = 1
+ver_major = 1.4
+release = 2
maintainer = Michael Tremer <michael.tremer@ipfire.org>
groups = Networking/Webservers
summary = Lightning fast webserver with light system requirements.
description
- Secure, fast, compliant and very flexible web-server which has been optimized \
- for high-performance environments. It has a very low memory footprint compared \
- to other webservers and takes care of cpu-load. Its advanced feature-set \
- (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make \
- it the perfect webserver-software for every server that is suffering load \
+ Secure, fast, compliant and very flexible web-server which has been optimized
+ for high-performance environments. It has a very low memory footprint compared
+ to other webservers and takes care of cpu-load. Its advanced feature-set
+ (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make
+ it the perfect webserver-software for every server that is suffering load
problems.
end
-source_dl =
+source_dl = http://download.lighttpd.net/lighttpd/releases-%{ver_major}.x/
build
requires
openssl-devel
pcre-devel
pkg-config
+ shadow-utils
zlib-devel
end
--with-ldap \
--with-openssl
+ prepare_cmds
+ %{create_user}
+ end
+
install_cmds
mkdir -pv %{BUILDROOT}/etc
cp -vf %{DIR_SOURCE}/%{name}.conf %{BUILDROOT}/etc/%{name}.conf
mkdir -pv %{BUILDROOT}/var/log/%{name}
touch %{BUILDROOT}/var/log/%{name}/{access,error}.log
- chown nobody.nobody -R %{BUILDROOT}/var/log/%{name}
+ chown lighttpd.lighttpd -R %{BUILDROOT}/var/log/%{name}
mkdir -pv %{BUILDROOT}/var/cache/lighttpd/compress
- chown nobody.nobody -Rv %{BUILDROOT}/var/cache/lighttpd/
+ chown lighttpd.lighttpd -Rv %{BUILDROOT}/var/cache/lighttpd/
+
+ mkdir -pv %{BUILDROOT}/run/lighttpd
+ chown lighttpd.lighttpd -Rv %{BUILDROOT}/run/lighttpd/
end
end
+create_user
+ getent group lighttpd >/dev/null || /usr/sbin/groupadd -r lighttpd
+ getent passwd lighttpd >/dev/null || /usr/sbin/useradd -r -g lighttpd \
+ -d /var/www/lighttpd -s /sbin/nologin lighttpd
+end
+
packages
package %{name}
+ configfiles
+ /etc/lighttpd.conf
+ end
+
+ prerequires = shadow-utils systemd-units
+
+ script prein
+ %{create_user}
+ end
+
+ script postin
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script preun
+ /bin/systemctl --no-reload disable lighttpd.service >/dev/null 2>&1 || :
+ /bin/systemctl stop lighttpd.service >/dev/null 2>&1 || :
+ end
+
+ script postup
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl try-restart lighttpd.service >/dev/null 2>&1 || :
+ end
end
end
-d /var/run/lighttpd 0750 lighttpd lighttpd -
+d /run/lighttpd 0750 lighttpd lighttpd -
###############################################################################
name = lldpd
-version = 0.5.2
-release = 5
+version = 0.5.4
+release = 1
groups = Networking/Tools
url = https://trac.luffy.cx/lldpd/
summary = Utilities for the Link Layer Discovery Protocol.
description
- The LLDPD project aims to provide a comprehensive implementation of \
+ The LLDPD project aims to provide a comprehensive implementation of
the IEEE standard 802.1AB Link Layer Discovery Protocol.
end
requires
libxml2-devel
pkg-config
+ shadow-utils
zlib-devel
end
--with-xml \
--with-privsep-user=lldpd \
--with-privsep-group=lldpd
+
+ prepare_cmds
+ %{create_user}
+ end
+
+ install_cmds
+ # Create tmp directory.
+ mkdir -pv -m 700 %{BUILDROOT}/run/lldpd
+ chown -v lldpd.lldpd %{BUILDROOT}/run/lldpd
+ end
+end
+
+create_user
+ getent group lldpd >/dev/null || groupadd -r lldpd
+ getent passwd lldpd >/dev/null || \
+ useradd -r -g lldpd -d / -s /sbin/nologin lldpd
end
packages
package %{name}
+ prerequires = shadow-utils systemd-units
+
+ script prein
+ %{create_user}
+ end
+
+ script postin
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script preun
+ /bin/systemctl --no-reload disable lldpd.service >/dev/null 2>&1 || :
+ /bin/systemctl stop lldpd.service >/dev/null 2>&1 || :
+ end
+
+ script postun
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script postup
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl try-restart lldpd.service >/dev/null 2>&1 || :
+ end
end
end
-d /var/run/lldpd 0700 lldpd lldpd -
+d /run/lldpd 0700 lldpd lldpd -
+++ /dev/null
-commit ae87586a12eaf4e8329b88f6e0c629e7b14f27bc
-Author: Michael Tremer <michael.tremer@ipfire.org>
-Date: Sat May 28 14:29:33 2011 +0200
-
- Add support to read /etc/os-release for system information.
-
- /etc/os-release is introduced with systemd which will be in all the
- major distributions, soon. For backwards-compatibility, the lsb_release
- method is still there and will be used if no /etc/os-release is available.
-
-diff --git a/src/lldpd.c b/src/lldpd.c
-index b19af11..1641f13 100644
---- a/src/lldpd.c
-+++ b/src/lldpd.c
-@@ -89,6 +89,7 @@ static void lldpd_decode(struct lldpd *, char *, int,
- static void lldpd_update_chassis(struct lldpd_chassis *,
- const struct lldpd_chassis *);
- static char *lldpd_get_lsb_release(void);
-+static char *lldpd_get_os_release(void);
- #ifdef ENABLE_LLDPMED
- static void lldpd_med(struct lldpd_chassis *);
- #endif
-@@ -553,6 +554,46 @@ lldpd_get_lsb_release() {
- return NULL;
- }
-
-+/* Same like lldpd_get_lsb_release but reads /etc/os-release for PRETTY_NAME=. */
-+static char *
-+lldpd_get_os_release() {
-+ static char release[1024];
-+
-+ FILE *fp = fopen("/etc/os-release", "r");
-+ if (!fp) {
-+ LLOG_WARN("Could not open /etc/os-release to read system information");
-+ return NULL;
-+ }
-+
-+ char line[1024];
-+ char *key, *val;
-+
-+ while ((fgets(line, 1024, fp) != NULL)) {
-+ key = strtok(line, "=");
-+ val = strtok(NULL, "=");
-+
-+ if (strncmp(key, "PRETTY_NAME", 1024) == 0) {
-+ strncpy(release, val, 1024);
-+ break;
-+ }
-+ }
-+ fclose(fp);
-+
-+ /* Remove trailing newline and all " in the string. */
-+ char *ptr1 = release;
-+ char *ptr2 = release;
-+ while (*ptr1 != 0) {
-+ if ((*ptr1 == '"') || (*ptr1 == '\n')) {
-+ ++ptr1;
-+ } else {
-+ *ptr2++ = *ptr1++;
-+ }
-+ }
-+ *ptr2 = 0;
-+
-+ return release;
-+}
-+
- int
- lldpd_callback_add(struct lldpd *cfg, int fd, void(*fn)(CALLBACK_SIG), void *data)
- {
-@@ -889,7 +930,7 @@ lldpd_update_localchassis(struct lldpd *cfg)
- fatal("failed to set full system description");
- } else {
- if (cfg->g_advertise_version) {
-- if (asprintf(&LOCAL_CHASSIS(cfg)->c_descr, "%s%s %s %s",
-+ if (asprintf(&LOCAL_CHASSIS(cfg)->c_descr, "%s %s %s %s",
- cfg->g_lsb_release?cfg->g_lsb_release:"",
- un.sysname, un.release, un.machine)
- == -1)
-@@ -1189,7 +1230,12 @@ lldpd_main(int argc, char *argv[])
- close(pid);
- }
-
-- lsb_release = lldpd_get_lsb_release();
-+ /* Try to read system information from /etc/os-release if possible.
-+ Fall back to lsb_release for compatibility. */
-+ lsb_release = lldpd_get_os_release();
-+ if (!lsb_release) {
-+ lsb_release = lldpd_get_lsb_release();
-+ }
-
- priv_init(PRIVSEP_CHROOT);
-
[Service]
RemainAfterExit=yes
ExecStartPre=/sbin/modprobe 8021q
-ExecStart=/usr/sbin/lldpd -c
+ExecStart=/usr/sbin/lldpd -d -c
+Restart=on-failure
[Install]
WantedBy=multi-user.target
name = openssh
version = 5.9p1
-release = 1
+release = 2
groups = Application/Internet
url = http://www.openssh.com/portable.html
end
install_cmds
- mkdir -pv %{BUILDROOT}/etc/ssh
- cp -vf %{DIR_SOURCE}/sshd_config %{BUILDROOT}/etc/ssh/sshd_config
+ # Disable GSS API authentication because KRB5 is required for that.
+ sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
# Install scriptfile for key generation
install -m 754 %{DIR_SOURCE}/ssh-keygen %{BUILDROOT}/usr/lib/openssh/
/usr/share/man/cat5/ssh_config.5
/usr/share/man/cat8/ssh-pkcs11-helper.8
end
+
+ configfiles
+ /etc/ssh/ssh_config
+ end
end
package openssh-server
/var/lib/sshd
end
+ configfiles
+ /etc/ssh/sshd_config
+ end
+
prerequires = shadow-utils systemd-units
script prein
+++ /dev/null
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options change a
-# default value.
-
-Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-# Disable legacy (protocol version 1) support in the server for new
-# installations. In future the default will change to require explicit
-# activation of protocol 1
-Protocol 2
-
-# HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
-# HostKeys for protocol version 2
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 1024
-
-# Logging
-# obsoletes QuietMode and FascistLogging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-LoginGraceTime 30s
-#PermitRootLogin yes
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-RSAAuthentication yes
-PubkeyAuthentication yes
-#AuthorizedKeysFile .ssh/authorized_keys
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
-IgnoreUserKnownHosts yes
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to no to disable s/key passwords
-ChallengeResponseAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PrintMotd yes
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#UsePrivilegeSeparation yes
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS yes
-#PidFile /var/run/sshd.pid
-MaxStartups 5
-#PermitTunnel no
-#ChrootDirectory none
-
-# no default banner path
-#Banner none
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# ForceCommand cvs server
name = pdns-recursor
version = 3.3
-release = 5
+release = 6
groups = Networking/DNS
url = http://powerdns.com/
package if you need a dns cache for your network.
end
-source_dl =
+source_dl = http://downloads.powerdns.com/releases/
sources = %{thisapp}.tar.bz2
build
gcc-c++
boost-devel
lua-devel
+ shadow-utils
+ end
+
+ prepare_cmds
+ %{create_user}
end
build
# Create folder for chroot
mkdir -pv %{BUILDROOT}/var/lib/pdns-recursor
+
+ # Create directory for socket and stuff.
+ mkdir -pv %{BUILDROOT}/run/pdns-recursor
+ chown -v pdns-recursor.pdns-recursor %{BUILDROOT}/run/pdns-recursor
end
end
+create_user
+ getent group pdns-recursor >/dev/null || groupadd -r pdns-recursor
+ getent passwd pdns-recursor >/dev/null || \
+ useradd -r -g pdns-recursor -d /var/lib/pdns-recursor -s /sbin/nologin \
+ pdns-recursor
+end
+
packages
package %{name}
configfiles
prerequires = shadow-utils systemd-units
script prein
- getent group pdns-recursor >/dev/null || groupadd -r pdns-recursor
- getent passwd pdns-recursor >/dev/null || \
- useradd -r -g pdns-recursor -d /var/lib/pdns-recursor -s /sbin/nologin \
- pdns-recursor
+ %{create_user}
end
script postin
name = radvd
version = 1.8.3
-release = 3
+release = 4
groups = System/Daemons
url = http://www.litech.org/radvd/
flex
flex-devel
bison
+ shadow-utils
end
configure_options += \
--with-pidfile=/run/radvd/radvd.pid
prepare_cmds
+ %{create_user}
+
sed -e "s/-lfl/-lfl_pic/g" -i Makefile.*
end
+
+ install_cmds
+ mkdir -pv -m 750 %{BUILDROOT}/run/radvd
+ chown -v radvd.radvd %{BUILDROOT}/run/radvd
+ end
+end
+
+create_user
+ getent group radvd >/dev/null || groupadd -r radvd
+
+ # The radvd user also needs to be in the wheel group to get access to
+ # /proc.
+ getent passwd radvd >/dev/null || \
+ useradd -r -g radvd -G wheel -d / -s /sbin/nologin \
+ -c "User for the Router Advertisement daemon." radvd
end
packages
prerequires += shadow-utils
script prein
- getent group radvd >/dev/null || groupadd -r radvd
-
- # The radvd user also needs to be in the wheel group to get access to
- # /proc.
- getent passwd radvd >/dev/null || \
- useradd -r -g radvd -G wheel -d / -s /sbin/nologin \
- -c "User for the Router Advertisement daemon." radvd
- exit 0
+ %{create_user}
end
# Just search for new unit files that were just installed.
-d /var/run/radvd 0750 radvd radvd -
+d /run/radvd 0750 radvd radvd -