From d2d7a46b1e12ee676c84d946c096457035929cf0 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 25 Apr 2014 12:42:52 +0200 Subject: [PATCH] stunnel: New package. --- config/backup/includes/stunnel | 1 + config/etc/passwd | 1 + config/rootfiles/common/armv5tel/initscripts | 1 + config/rootfiles/common/i586/initscripts | 1 + config/rootfiles/packages/stunnel | 41 ++++++++ config/stunnel/stunnel.conf | 21 ++++ lfs/stunnel | 101 +++++++++++++++++++ make.sh | 1 + src/initscripts/init.d/stunnel | 39 +++++++ src/paks/stunnel/install.sh | 37 +++++++ src/paks/stunnel/uninstall.sh | 28 +++++ src/paks/stunnel/update.sh | 26 +++++ 12 files changed, 298 insertions(+) create mode 100644 config/backup/includes/stunnel create mode 100644 config/rootfiles/packages/stunnel create mode 100644 config/stunnel/stunnel.conf create mode 100644 lfs/stunnel create mode 100644 src/initscripts/init.d/stunnel create mode 100644 src/paks/stunnel/install.sh create mode 100644 src/paks/stunnel/uninstall.sh create mode 100644 src/paks/stunnel/update.sh diff --git a/config/backup/includes/stunnel b/config/backup/includes/stunnel new file mode 100644 index 000000000..e5702f179 --- /dev/null +++ b/config/backup/includes/stunnel @@ -0,0 +1 @@ +/etc/stunnel/ diff --git a/config/etc/passwd b/config/etc/passwd index ebc82d55c..0c2527ca3 100644 --- a/config/etc/passwd +++ b/config/etc/passwd @@ -8,6 +8,7 @@ mysql:x:41:41:MySQL Server:/dev/null:/bin/false ftp:x:45:45:anonymous_user:/home/ftp:/bin/false vsftpd:x:47:47:vsftpd User:/home/ftp:/bin/false rsyncd:x:48:48:rsyncd Daemon:/home/rsync:/bin/false +stunnel:x:51:51:stunnel Daemon:/var/lib/stunnel:/bin/false sshd:x:74:74:sshd:/var/empty:/bin/false nobody:x:99:99:Nobody:/home/nobody:/bin/false postfix:x:100:100::/var/spool/postfix:/bin/false diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 4716b9726..ecd01ec1e 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -115,6 +115,7 @@ etc/rc.d/init.d/squid etc/rc.d/init.d/sshd #etc/rc.d/init.d/sslh etc/rc.d/init.d/static-routes +#etc/rc.d/init.d/stunnel etc/rc.d/init.d/swap etc/rc.d/init.d/sysctl etc/rc.d/init.d/sysklogd diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 07a39f463..b34ea9187 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -117,6 +117,7 @@ etc/rc.d/init.d/squid etc/rc.d/init.d/sshd #etc/rc.d/init.d/sslh etc/rc.d/init.d/static-routes +#etc/rc.d/init.d/stunnel etc/rc.d/init.d/swap etc/rc.d/init.d/sysctl etc/rc.d/init.d/sysklogd diff --git a/config/rootfiles/packages/stunnel b/config/rootfiles/packages/stunnel new file mode 100644 index 000000000..eaf7fcece --- /dev/null +++ b/config/rootfiles/packages/stunnel @@ -0,0 +1,41 @@ +etc/rc.d/init.d/stunnel +etc/stunnel +etc/stunnel/stunnel.conf +#etc/stunnel/stunnel.conf-sample +usr/bin/stunnel +#usr/bin/stunnel3 +#usr/lib/stunnel +#usr/lib/stunnel/libstunnel.la +usr/lib/stunnel/libstunnel.so +#usr/share/doc/stunnel +#usr/share/doc/stunnel/AUTHORS +#usr/share/doc/stunnel/BUGS +#usr/share/doc/stunnel/COPYING +#usr/share/doc/stunnel/COPYRIGHT.GPL +#usr/share/doc/stunnel/CREDITS +#usr/share/doc/stunnel/ChangeLog +#usr/share/doc/stunnel/INSTALL +#usr/share/doc/stunnel/INSTALL.FIPS +#usr/share/doc/stunnel/INSTALL.W32 +#usr/share/doc/stunnel/INSTALL.WCE +#usr/share/doc/stunnel/PORTS +#usr/share/doc/stunnel/README +#usr/share/doc/stunnel/TODO +#usr/share/doc/stunnel/examples +#usr/share/doc/stunnel/examples/ca.html +#usr/share/doc/stunnel/examples/ca.pl +#usr/share/doc/stunnel/examples/importCA.html +#usr/share/doc/stunnel/examples/importCA.sh +#usr/share/doc/stunnel/examples/script.sh +#usr/share/doc/stunnel/examples/stunnel.init +#usr/share/doc/stunnel/examples/stunnel.service +#usr/share/doc/stunnel/examples/stunnel.spec +#usr/share/doc/stunnel/stunnel.fr.html +#usr/share/doc/stunnel/stunnel.html +#usr/share/doc/stunnel/stunnel.pl.html +#usr/share/man/man8/stunnel.8 +#usr/share/man/man8/stunnel.fr.8 +#usr/share/man/man8/stunnel.pl.8 +var/ipfire/backup/addons/includes/stunnel +var/lib/stunnel +var/lib/stunnel/run diff --git a/config/stunnel/stunnel.conf b/config/stunnel/stunnel.conf new file mode 100644 index 000000000..b17220088 --- /dev/null +++ b/config/stunnel/stunnel.conf @@ -0,0 +1,21 @@ +; File: /etc/stunnel/stunnel.conf + +; Note: The pid and output locations are relative to the chroot location. + +pid = /run/stunnel.pid +chroot = /var/lib/stunnel +client = no +setuid = stunnel +setgid = stunnel +cert = /etc/stunnel/stunnel.pem + +;debug = 7 +;output = stunnel.log + +;[https] +;accept = 443 +;connect = 80 +;; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL +;; Microsoft implementations do not use SSL close-notify alert and thus +;; they are vulnerable to truncation attacks +;TIMEOUTclose = 0 diff --git a/lfs/stunnel b/lfs/stunnel new file mode 100644 index 000000000..f6f27e075 --- /dev/null +++ b/lfs/stunnel @@ -0,0 +1,101 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 5.01 + +THISAPP = stunnel-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = stunnel +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 7b63266b6fa05da696729e245100da65 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + + # Create secure directory + install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run + chown -v stunnel:stunnel /var/lib/stunnel + + # Install default configuration + -mkdir -pv /etc/stunnel + install -v -m 644 $(DIR_SRC)/config/stunnel/stunnel.conf \ + /etc/stunnel + + # Install backup include + install -v -m 644 $(DIR_SRC)/config/backup/includes/stunnel \ + /var/ipfire/backup/addons/includes + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 23b63ae85..259675ac9 100755 --- a/make.sh +++ b/make.sh @@ -798,6 +798,7 @@ buildipfire() { ipfiremake wavemon ipfiremake iptraf-ng ipfiremake iotop + ipfiremake stunnel } buildinstaller() { diff --git a/src/initscripts/init.d/stunnel b/src/initscripts/init.d/stunnel new file mode 100644 index 000000000..9494b5d9b --- /dev/null +++ b/src/initscripts/init.d/stunnel @@ -0,0 +1,39 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/stunnel +# +# Description : Provides an SSL encryption wrapper. +# +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +case "$1" in + start) + boot_mesg "Starting the Stunnel Daemon..." + loadproc /usr/bin/stunnel + ;; + + stop) + boot_mesg "Stopping the Stunnel Daemon..." + killproc /usr/bin/stunnel + ;; + + restart) + $0 stop + sleep 1 + $0 start + ;; + + status) + statusproc /usr/bin/stunnel + ;; + + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +# End $rc_base/init.d/stunnel diff --git a/src/paks/stunnel/install.sh b/src/paks/stunnel/install.sh new file mode 100644 index 000000000..efd3a9f47 --- /dev/null +++ b/src/paks/stunnel/install.sh @@ -0,0 +1,37 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh + +# Create Username and group. +getent passwd stunnel >/dev/null || \ + useradd -u 51 -g stunnel -d /var/lib/stunnel -s /bin/false \ + -c "stunnel Daemon" stunnel + +extract_files +ln -svf ../init.d/stunnel /etc/rc.d/rc3.d/S65stunnel +ln -svf ../init.d/stunnel /etc/rc.d/rc0.d/K35stunnel +ln -svf ../init.d/stunnel /etc/rc.d/rc6.d/K35stunnel + +restore_backup ${NAME} +start_service --background ${NAME} diff --git a/src/paks/stunnel/uninstall.sh b/src/paks/stunnel/uninstall.sh new file mode 100644 index 000000000..11f46d180 --- /dev/null +++ b/src/paks/stunnel/uninstall.sh @@ -0,0 +1,28 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +stop_service ${NAME} +make_backup ${NAME} +remove_files +rm -rf /etc/rc.d/rc*.d/*stunnel diff --git a/src/paks/stunnel/update.sh b/src/paks/stunnel/update.sh new file mode 100644 index 000000000..89c40d0d7 --- /dev/null +++ b/src/paks/stunnel/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh +./install.sh -- 2.39.2