stunnel: New package.
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 25 Apr 2014 10:42:52 +0000 (12:42 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 25 Apr 2014 10:42:52 +0000 (12:42 +0200)
12 files changed:
config/backup/includes/stunnel [new file with mode: 0644]
config/etc/passwd
config/rootfiles/common/armv5tel/initscripts
config/rootfiles/common/i586/initscripts
config/rootfiles/packages/stunnel [new file with mode: 0644]
config/stunnel/stunnel.conf [new file with mode: 0644]
lfs/stunnel [new file with mode: 0644]
make.sh
src/initscripts/init.d/stunnel [new file with mode: 0644]
src/paks/stunnel/install.sh [new file with mode: 0644]
src/paks/stunnel/uninstall.sh [new file with mode: 0644]
src/paks/stunnel/update.sh [new file with mode: 0644]

diff --git a/config/backup/includes/stunnel b/config/backup/includes/stunnel
new file mode 100644 (file)
index 0000000..e5702f1
--- /dev/null
@@ -0,0 +1 @@
+/etc/stunnel/
index ebc82d5..0c2527c 100644 (file)
@@ -8,6 +8,7 @@ mysql:x:41:41:MySQL Server:/dev/null:/bin/false
 ftp:x:45:45:anonymous_user:/home/ftp:/bin/false
 vsftpd:x:47:47:vsftpd User:/home/ftp:/bin/false
 rsyncd:x:48:48:rsyncd Daemon:/home/rsync:/bin/false
+stunnel:x:51:51:stunnel Daemon:/var/lib/stunnel:/bin/false
 sshd:x:74:74:sshd:/var/empty:/bin/false
 nobody:x:99:99:Nobody:/home/nobody:/bin/false
 postfix:x:100:100::/var/spool/postfix:/bin/false
index 4716b97..ecd01ec 100644 (file)
@@ -115,6 +115,7 @@ etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 #etc/rc.d/init.d/sslh
 etc/rc.d/init.d/static-routes
+#etc/rc.d/init.d/stunnel
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/sysklogd
index 07a39f4..b34ea91 100644 (file)
@@ -117,6 +117,7 @@ etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 #etc/rc.d/init.d/sslh
 etc/rc.d/init.d/static-routes
+#etc/rc.d/init.d/stunnel
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/sysklogd
diff --git a/config/rootfiles/packages/stunnel b/config/rootfiles/packages/stunnel
new file mode 100644 (file)
index 0000000..eaf7fce
--- /dev/null
@@ -0,0 +1,41 @@
+etc/rc.d/init.d/stunnel
+etc/stunnel
+etc/stunnel/stunnel.conf
+#etc/stunnel/stunnel.conf-sample
+usr/bin/stunnel
+#usr/bin/stunnel3
+#usr/lib/stunnel
+#usr/lib/stunnel/libstunnel.la
+usr/lib/stunnel/libstunnel.so
+#usr/share/doc/stunnel
+#usr/share/doc/stunnel/AUTHORS
+#usr/share/doc/stunnel/BUGS
+#usr/share/doc/stunnel/COPYING
+#usr/share/doc/stunnel/COPYRIGHT.GPL
+#usr/share/doc/stunnel/CREDITS
+#usr/share/doc/stunnel/ChangeLog
+#usr/share/doc/stunnel/INSTALL
+#usr/share/doc/stunnel/INSTALL.FIPS
+#usr/share/doc/stunnel/INSTALL.W32
+#usr/share/doc/stunnel/INSTALL.WCE
+#usr/share/doc/stunnel/PORTS
+#usr/share/doc/stunnel/README
+#usr/share/doc/stunnel/TODO
+#usr/share/doc/stunnel/examples
+#usr/share/doc/stunnel/examples/ca.html
+#usr/share/doc/stunnel/examples/ca.pl
+#usr/share/doc/stunnel/examples/importCA.html
+#usr/share/doc/stunnel/examples/importCA.sh
+#usr/share/doc/stunnel/examples/script.sh
+#usr/share/doc/stunnel/examples/stunnel.init
+#usr/share/doc/stunnel/examples/stunnel.service
+#usr/share/doc/stunnel/examples/stunnel.spec
+#usr/share/doc/stunnel/stunnel.fr.html
+#usr/share/doc/stunnel/stunnel.html
+#usr/share/doc/stunnel/stunnel.pl.html
+#usr/share/man/man8/stunnel.8
+#usr/share/man/man8/stunnel.fr.8
+#usr/share/man/man8/stunnel.pl.8
+var/ipfire/backup/addons/includes/stunnel
+var/lib/stunnel
+var/lib/stunnel/run
diff --git a/config/stunnel/stunnel.conf b/config/stunnel/stunnel.conf
new file mode 100644 (file)
index 0000000..b172200
--- /dev/null
@@ -0,0 +1,21 @@
+; File: /etc/stunnel/stunnel.conf
+
+; Note: The pid and output locations are relative to the chroot location.
+
+pid    = /run/stunnel.pid
+chroot = /var/lib/stunnel
+client = no
+setuid = stunnel
+setgid = stunnel
+cert   = /etc/stunnel/stunnel.pem
+
+;debug = 7
+;output = stunnel.log
+
+;[https]
+;accept  = 443
+;connect = 80
+;; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
+;; Microsoft implementations do not use SSL close-notify alert and thus
+;; they are vulnerable to truncation attacks
+;TIMEOUTclose = 0
diff --git a/lfs/stunnel b/lfs/stunnel
new file mode 100644 (file)
index 0000000..f6f27e0
--- /dev/null
@@ -0,0 +1,101 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 5.01
+
+THISAPP    = stunnel-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = stunnel
+PAK_VER    = 1
+
+DEPS       = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 7b63266b6fa05da696729e245100da65
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && ./configure \
+               --prefix=/usr \
+               --sysconfdir=/etc \
+               --localstatedir=/var
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+
+       # Create secure directory
+       install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run
+       chown -v stunnel:stunnel /var/lib/stunnel
+
+       # Install default configuration
+       -mkdir -pv /etc/stunnel
+       install -v -m 644 $(DIR_SRC)/config/stunnel/stunnel.conf \
+               /etc/stunnel
+
+       # Install backup include
+       install -v -m 644 $(DIR_SRC)/config/backup/includes/stunnel \
+               /var/ipfire/backup/addons/includes
+
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 23b63ae..259675a 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -798,6 +798,7 @@ buildipfire() {
   ipfiremake wavemon
   ipfiremake iptraf-ng
   ipfiremake iotop
+  ipfiremake stunnel
 }
 
 buildinstaller() {
diff --git a/src/initscripts/init.d/stunnel b/src/initscripts/init.d/stunnel
new file mode 100644 (file)
index 0000000..9494b5d
--- /dev/null
@@ -0,0 +1,39 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/stunnel
+#
+# Description : Provides an SSL encryption wrapper.
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+case "$1" in
+       start)
+               boot_mesg "Starting the Stunnel Daemon..."
+               loadproc /usr/bin/stunnel
+               ;;
+
+       stop)
+               boot_mesg "Stopping the Stunnel Daemon..."
+               killproc /usr/bin/stunnel
+               ;;
+
+       restart)
+               $0 stop
+               sleep 1
+               $0 start
+               ;;
+
+       status)
+               statusproc /usr/bin/stunnel
+               ;;
+
+       *)
+               echo "Usage: $0 {start|stop|restart|status}"
+               exit 1
+               ;;
+esac
+
+# End $rc_base/init.d/stunnel
diff --git a/src/paks/stunnel/install.sh b/src/paks/stunnel/install.sh
new file mode 100644 (file)
index 0000000..efd3a9f
--- /dev/null
@@ -0,0 +1,37 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+
+# Create Username and group.
+getent passwd stunnel >/dev/null || \
+      useradd -u 51 -g stunnel -d /var/lib/stunnel -s /bin/false \
+      -c "stunnel Daemon" stunnel
+
+extract_files
+ln -svf  ../init.d/stunnel /etc/rc.d/rc3.d/S65stunnel
+ln -svf  ../init.d/stunnel /etc/rc.d/rc0.d/K35stunnel
+ln -svf  ../init.d/stunnel /etc/rc.d/rc6.d/K35stunnel
+
+restore_backup ${NAME}
+start_service --background ${NAME}
diff --git a/src/paks/stunnel/uninstall.sh b/src/paks/stunnel/uninstall.sh
new file mode 100644 (file)
index 0000000..11f46d1
--- /dev/null
@@ -0,0 +1,28 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+stop_service ${NAME}
+make_backup ${NAME}
+remove_files
+rm -rf /etc/rc.d/rc*.d/*stunnel
diff --git a/src/paks/stunnel/update.sh b/src/paks/stunnel/update.sh
new file mode 100644 (file)
index 0000000..89c40d0
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh