From: Michael Tremer Date: Thu, 7 Feb 2013 14:15:07 +0000 (+0000) Subject: net-snmp: Update to 5.7.2. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0302c83d0672b14805b03dd3cf47fb0dcd91db99;p=ipfire-3.x.git net-snmp: Update to 5.7.2. Adds a lot of functionality, because more MIBs are included as well as more helper libraries are linked against snmpd. --- diff --git a/net-snmp/net-snmp.nm b/net-snmp/net-snmp.nm index 4f8907449..5bc5ec2df 100644 --- a/net-snmp/net-snmp.nm +++ b/net-snmp/net-snmp.nm @@ -4,8 +4,8 @@ ############################################################################### name = net-snmp -version = 5.7.1 -release = 3 +version = 5.7.2 +release = 1 groups = Networking/Daemons url = http://net-snmp.sourceforge.net @@ -22,33 +22,134 @@ source_dl = https://sourceforge.net/projects/net-snmp/files/net-snmp/%{version} build requires + autoconf + automake + bzip2-devel + chrpath + elfutils-devel libselinux-devel - perl + lm-sensors-devel >= 3 + openssl-devel + perl(ExtUtils::Embed) + procps + python-setuptools + python-devel + systemd-devel + systemd-units end PARALLELISMFLAGS = # No parallel build + prepare_cmds + autoreconf -vfi + end + + MIBS = host agentx smux \ + ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \ + ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \ + ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \ + ip-mib/ipDefaultRouterTable/ipDefaultRouterTable \ + ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable \ + sctp-mib rmon-mib etherlike-mib ucd-snmp/lmsensorsMib + configure_options += \ - --with-default-snmp-version=2 \ - --with-sys-contact=root@ \ - --with-sys-location=localhost \ + --with-cflags="%{CFLAGS}" \ + --with-ldflags="%{LDFLAGS}" \ + --with-sys-contact="root@localhost" \ + --with-sys-location="Unknown" \ --with-logfile=/var/log/snmpd.log \ - --with-persistent-directory=/var/net-snmp \ - --without-perl-modules \ - --disable-embedded-perl + --with-persistent-directory=/var/lib/net-snmp \ + --with-mib-modules="%{MIBS}" \ + --sysconfdir=%{sysconfdir} \ + --enable-ipv6 \ + --enable-ucd-snmp-compatibility \ + --with-openssl \ + --with-pic \ + --enable-embedded-perl \ + --enable-as-needed \ + --with-perl-modules="INSTALLDIRS=vendor" \ + --enable-mfd-rewrites \ + --enable-local-smux \ + --with-temp-file-pattern=/var/run/net-snmp/snmp-tmp-XXXXXX \ + --with-transports="DTLSUDP TLSTCP" \ + --with-security-modules=tsm \ + --with-systemd + + build_cmds + # Remove rpath from compiled perl libs + find perl/blib -type f -name "*.so" -print -exec chrpath --delete {} \; + + # Compile python module + pushd python + %{python} setup.py --basedir=".." build + popd + end install_cmds - mkdir -pv %{BUILDROOT}/etc - install -v -m644 %{DIR_APP}/python/netsnmp/tests/snmpd.conf %{BUILDROOT}/etc/snmpd.conf + # Remove stuff we don't want to distribute. + rm -vf %{BUILDROOT}%{bindir}/snmpinform + ln -svf snmptrap %{BUILDROOT}%{bindir}/snmpinform + rm -vf %{BUILDROOT}%{bindir}/snmpcheck + rm -vf %{BUILDROOT}{%{bindir}/fixproc,%{mandir}/man1/fixproc*} + rm -vf %{BUILDROOT}%{bindir}/ipf-mod.pl + + # Copy missing mib2c.conf files. + install -v -m 644 local/mib2c.*.conf %{BUILDROOT}%{datadir}/snmp + + # Install python module. + pushd python + %{python} setup.py --basedir=".." install -O1 --skip-build --root %{BUILDROOT} + popd + + # Make libs executable. + find %{BUILDROOT} -name "*.so" | xargs chmod -v 755 + + # Install configuration files. + mkdir -pv %{BUILDROOT}%{sysconfdir}/snmp + install -v -m644 %{DIR_SOURCE}/snmpd.conf \ + %{BUILDROOT}%{sysconfdir}/snmp/snmpd.conf + install -v -m644 %{DIR_SOURCE}/snmptrapd.conf \ + %{BUILDROOT}%{sysconfdir}/snmp/snmptrapd.conf + + # Prepare runtime directories. + mkdir -pv %{BUILDROOT}%{localstatedir}/{lib,run}/net-snmp + + # Remove more RPATHs. + find %{BUILDROOT}{%{bindir},%{sbindir},%{libdir}} -type f -print \ + -exec chrpath --delete {} \; end end packages package %{name} - # XXX Although we don't want to build perl modules, - # we have this requirement?! - filter_requires - ^perl + configfiles + %{sysconfdir}/snmp + end + + datafiles + %{localstatedir}/lib/net-snmp + end + + script postin + systemctl daemon-reload >/dev/null 2>&1 || : + end + + script preun + systemctl --no-reload disable snmpd.service > /dev/null 2>&1 || : + systemctl stop snmpd.service > /dev/null 2>&1 || : + + systemctl --no-reload disable snmptrapd.service > /dev/null 2>&1 || : + systemctl stop snmptrapd.service > /dev/null 2>&1 || : + end + + script postun + systemctl daemon-reload >/dev/null 2>&1 || : + end + + script postup + systemctl daemon-reload 2>&1 || : + systemctl reload-or-try-restart snmpd.service >/dev/null 2>&1 || : + systemctl reload-or-try-restart snmptrapd.service >/dev/null 2>&1 || : end end @@ -56,6 +157,10 @@ packages template LIBS end + package %{name}-python + template PYTHON + end + package %{name}-devel template DEVEL end diff --git a/net-snmp/net-snmp.tmpfiles b/net-snmp/net-snmp.tmpfiles new file mode 100644 index 000000000..9f782d678 --- /dev/null +++ b/net-snmp/net-snmp.tmpfiles @@ -0,0 +1 @@ +d /run/net-snmp 0755 root root diff --git a/net-snmp/patches/net-snmp-5.5-apsl-copying.patch b/net-snmp/patches/net-snmp-5.5-apsl-copying.patch new file mode 100644 index 000000000..43b85b609 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.5-apsl-copying.patch @@ -0,0 +1,354 @@ +Add APSL 2.0 license to the COPYING file. + +There is only one file covered by this license: +net-snmp-5.5/agent/mibgroup/host/data_access/swrun_darwin.c + +This file is not used on Linux at all, it's only present in source +tarball and net-snmp.src.rpm. + +In addition, it's licensed under APSL 1.1, but it allows to relicense +the code to 'any subsequent version of this License published by Apple'. +According to http://fedoraproject.org/wiki/Licensing, APSL ver. 2.0 is +better for us. + +diff -up net-snmp-5.5/COPYING.apsl net-snmp-5.5/COPYING +--- net-snmp-5.5/COPYING.apsl 2010-08-04 12:40:27.494479126 +0200 ++++ net-snmp-5.5/COPYING 2010-08-04 12:45:47.713684755 +0200 +@@ -292,3 +292,337 @@ ON ANY THEORY OF LIABILITY, WHETHER IN C + TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + DAMAGE. ++ ++---- Part 10: APPLE PUBLIC SOURCE LICENSE (APSL 2.0) ---- ++ ++Version 2.0 - August 6, 2003 ++ ++Please read this License carefully before downloading this software. By ++downloading or using this software, you are agreeing to be bound by the terms ++of this License. If you do not or cannot agree to the terms of this License, ++please do not download or use the software. ++ ++Apple Note: In January 2007, Apple changed its corporate name from "Apple ++Computer, Inc." to "Apple Inc." This change has been reflected below and ++copyright years updated, but no other changes have been made to the APSL 2.0. ++ ++1. General; Definitions. This License applies to any program or other ++work which Apple Inc. ("Apple") makes publicly available and which contains a ++notice placed by Apple identifying such program or work as "Original Code" and ++stating that it is subject to the terms of this Apple Public Source License ++version 2.0 ("License"). As used in this License: ++ ++1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is the ++grantor of rights, (i) claims of patents that are now or hereafter acquired, ++owned by or assigned to Apple and (ii) that cover subject matter contained in ++the Original Code, but only to the extent necessary to use, reproduce and/or ++distribute the Original Code without infringement; and (b) in the case where ++You are the grantor of rights, (i) claims of patents that are now or hereafter ++acquired, owned by or assigned to You and (ii) that cover subject matter in ++Your Modifications, taken alone or in combination with Original Code. ++ ++1.2 "Contributor" means any person or entity that creates or contributes to ++the creation of Modifications. ++ ++1.3 "Covered Code" means the Original Code, Modifications, the combination ++of Original Code and any Modifications, and/or any respective portions thereof. ++ ++1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise ++make Covered Code available, directly or indirectly, to anyone other than You; ++and/or (b) to use Covered Code, alone or as part of a Larger Work, in any way ++to provide a service, including but not limited to delivery of content, through ++electronic communication with a client other than You. ++ ++1.5 "Larger Work" means a work which combines Covered Code or portions ++thereof with code not governed by the terms of this License. ++ ++1.6 "Modifications" mean any addition to, deletion from, and/or change to, ++the substance and/or structure of the Original Code, any previous ++Modifications, the combination of Original Code and any previous Modifications, ++and/or any respective portions thereof. When code is released as a series of ++files, a Modification is: (a) any addition to or deletion from the contents of ++a file containing Covered Code; and/or (b) any new file or other representation ++of computer program statements that contains any part of Covered Code. ++ ++1.7 "Original Code" means (a) the Source Code of a program or other work as ++originally made available by Apple under this License, including the Source ++Code of any updates or upgrades to such programs or works made available by ++Apple under this License, and that has been expressly identified by Apple as ++such in the header file(s) of such work; and (b) the object code compiled from ++such Source Code and originally made available by Apple under this License ++ ++1.8 "Source Code" means the human readable form of a program or other work ++that is suitable for making modifications to it, including all modules it ++contains, plus any associated interface definition files, scripts used to ++control compilation and installation of an executable (object code). ++ ++1.9 "You" or "Your" means an individual or a legal entity exercising rights ++under this License. For legal entities, "You" or "Your" includes any entity ++which controls, is controlled by, or is under common control with, You, where ++"control" means (a) the power, direct or indirect, to cause the direction or ++management of such entity, whether by contract or otherwise, or (b) ownership ++of fifty percent (50%) or more of the outstanding shares or beneficial ++ownership of such entity. ++ ++2. Permitted Uses; Conditions & Restrictions. Subject to the terms and ++conditions of this License, Apple hereby grants You, effective on the date You ++accept this License and download the Original Code, a world-wide, royalty-free, ++non-exclusive license, to the extent of Apple's Applicable Patent Rights and ++copyrights covering the Original Code, to do the following: ++ ++2.1 Unmodified Code. You may use, reproduce, display, perform, internally ++distribute within Your organization, and Externally Deploy verbatim, unmodified ++copies of the Original Code, for commercial or non-commercial purposes, ++provided that in each instance: ++ ++(a) You must retain and reproduce in all copies of Original Code the ++copyright and other proprietary notices and disclaimers of Apple as they appear ++in the Original Code, and keep intact all notices in the Original Code that ++refer to this License; and ++ ++(b) You must include a copy of this License with every copy of Source Code ++of Covered Code and documentation You distribute or Externally Deploy, and You ++may not offer or impose any terms on such Source Code that alter or restrict ++this License or the recipients' rights hereunder, except as permitted under ++Section 6. ++ ++2.2 Modified Code. You may modify Covered Code and use, reproduce, ++display, perform, internally distribute within Your organization, and ++Externally Deploy Your Modifications and Covered Code, for commercial or ++non-commercial purposes, provided that in each instance You also meet all of ++these conditions: ++ ++(a) You must satisfy all the conditions of Section 2.1 with respect to the ++Source Code of the Covered Code; ++ ++(b) You must duplicate, to the extent it does not already exist, the notice ++in Exhibit A in each file of the Source Code of all Your Modifications, and ++cause the modified files to carry prominent notices stating that You changed ++the files and the date of any change; and ++ ++(c) If You Externally Deploy Your Modifications, You must make Source Code ++of all Your Externally Deployed Modifications either available to those to whom ++You have Externally Deployed Your Modifications, or publicly available. Source ++Code of Your Externally Deployed Modifications must be released under the terms ++set forth in this License, including the license grants set forth in Section 3 ++below, for as long as you Externally Deploy the Covered Code or twelve (12) ++months from the date of initial External Deployment, whichever is longer. You ++should preferably distribute the Source Code of Your Externally Deployed ++Modifications electronically (e.g. download from a web site). ++ ++2.3 Distribution of Executable Versions. In addition, if You Externally ++Deploy Covered Code (Original Code and/or Modifications) in object code, ++executable form only, You must include a prominent notice, in the code itself ++as well as in related documentation, stating that Source Code of the Covered ++Code is available under the terms of this License with information on how and ++where to obtain such Source Code. ++ ++2.4 Third Party Rights. You expressly acknowledge and agree that although ++Apple and each Contributor grants the licenses to their respective portions of ++the Covered Code set forth herein, no assurances are provided by Apple or any ++Contributor that the Covered Code does not infringe the patent or other ++intellectual property rights of any other entity. Apple and each Contributor ++disclaim any liability to You for claims brought by any other entity based on ++infringement of intellectual property rights or otherwise. As a condition to ++exercising the rights and licenses granted hereunder, You hereby assume sole ++responsibility to secure any other intellectual property rights needed, if any. ++For example, if a third party patent license is required to allow You to ++distribute the Covered Code, it is Your responsibility to acquire that license ++before distributing the Covered Code. ++ ++3. Your Grants. In consideration of, and as a condition to, the licenses ++granted to You under this License, You hereby grant to any person or entity ++receiving or distributing Covered Code under this License a non-exclusive, ++royalty-free, perpetual, irrevocable license, under Your Applicable Patent ++Rights and other intellectual property rights (other than patent) owned or ++controlled by You, to use, reproduce, display, perform, modify, sublicense, ++distribute and Externally Deploy Your Modifications of the same scope and ++extent as Apple's licenses under Sections 2.1 and 2.2 above. ++ ++4. Larger Works. You may create a Larger Work by combining Covered Code ++with other code not governed by the terms of this License and distribute the ++Larger Work as a single product. In each such instance, You must make sure the ++requirements of this License are fulfilled for the Covered Code or any portion ++thereof. ++ ++5. Limitations on Patent License. Except as expressly stated in Section ++2, no other patent rights, express or implied, are granted by Apple herein. ++Modifications and/or Larger Works may require additional patent licenses from ++Apple which Apple may grant in its sole discretion. ++ ++6. Additional Terms. You may choose to offer, and to charge a fee for, ++warranty, support, indemnity or liability obligations and/or other rights ++consistent with the scope of the license granted herein ("Additional Terms") to ++one or more recipients of Covered Code. However, You may do so only on Your own ++behalf and as Your sole responsibility, and not on behalf of Apple or any ++Contributor. You must obtain the recipient's agreement that any such Additional ++Terms are offered by You alone, and You hereby agree to indemnify, defend and ++hold Apple and every Contributor harmless for any liability incurred by or ++claims asserted against Apple or such Contributor by reason of any such ++Additional Terms. ++ ++7. Versions of the License. Apple may publish revised and/or new versions ++of this License from time to time. Each version will be given a distinguishing ++version number. Once Original Code has been published under a particular ++version of this License, You may continue to use it under the terms of that ++version. You may also choose to use such Original Code under the terms of any ++subsequent version of this License published by Apple. No one other than Apple ++has the right to modify the terms applicable to Covered Code created under this ++License. ++ ++8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in ++part pre-release, untested, or not fully tested works. The Covered Code may ++contain errors that could cause failures or loss of data, and may be incomplete ++or contain inaccuracies. You expressly acknowledge and agree that use of the ++Covered Code, or any portion thereof, is at Your sole and entire risk. THE ++COVERED CODE IS PROVIDED "AS IS" AND WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ++ANY KIND AND APPLE AND APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" ++FOR THE PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM ++ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT ++LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF ++SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF ++QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. APPLE AND EACH ++CONTRIBUTOR DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE ++COVERED CODE, THAT THE FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR ++REQUIREMENTS, THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR ++ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO ORAL OR ++WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE AUTHORIZED ++REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY. You acknowledge ++that the Covered Code is not intended for use in the operation of nuclear ++facilities, aircraft navigation, communication systems, or air traffic control ++machines in which case the failure of the Covered Code could lead to death, ++personal injury, or severe physical or environmental damage. ++ ++9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO ++EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL, SPECIAL, ++INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO THIS LICENSE OR ++YOUR USE OR INABILITY TO USE THE COVERED CODE, OR ANY PORTION THEREOF, WHETHER ++UNDER A THEORY OF CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCTS ++LIABILITY OR OTHERWISE, EVEN IF APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF ++THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL ++PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF ++LIABILITY OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT ++APPLY TO YOU. In no event shall Apple's total liability to You for all damages ++(other than as may be required by applicable law) under this License exceed the ++amount of fifty dollars ($50.00). ++ ++10. Trademarks. This License does not grant any rights to use the ++trademarks or trade names "Apple", "Mac", "Mac OS", "QuickTime", "QuickTime ++Streaming Server" or any other trademarks, service marks, logos or trade names ++belonging to Apple (collectively "Apple Marks") or to any trademark, service ++mark, logo or trade name belonging to any Contributor. You agree not to use ++any Apple Marks in or as part of the name of products derived from the Original ++Code or to endorse or promote products derived from the Original Code other ++than as expressly permitted by and in strict compliance at all times with ++Apple's third party trademark usage guidelines which are posted at ++http://www.apple.com/legal/guidelinesfor3rdparties.html. ++ ++11. Ownership. Subject to the licenses granted under this License, each ++Contributor retains all rights, title and interest in and to any Modifications ++made by such Contributor. Apple retains all rights, title and interest in and ++to the Original Code and any Modifications made by or on behalf of Apple ++("Apple Modifications"), and such Apple Modifications will not be automatically ++subject to this License. Apple may, at its sole discretion, choose to license ++such Apple Modifications under this License, or on different terms from those ++contained in this License or may choose not to license them at all. ++ ++12. Termination. ++ ++12.1 Termination. This License and the rights granted hereunder will ++terminate: ++ ++(a) automatically without notice from Apple if You fail to comply with any ++term(s) of this License and fail to cure such breach within 30 days of becoming ++aware of such breach; (b) immediately in the event of the circumstances ++described in Section 13.5(b); or (c) automatically without notice from Apple ++if You, at any time during the term of this License, commence an action for ++patent infringement against Apple; provided that Apple did not first commence ++an action for patent infringement against You in that instance. ++ ++12.2 Effect of Termination. Upon termination, You agree to immediately stop ++any further use, reproduction, modification, sublicensing and distribution of ++the Covered Code. All sublicenses to the Covered Code which have been properly ++granted prior to termination shall survive any termination of this License. ++Provisions which, by their nature, should remain in effect beyond the ++termination of this License shall survive, including but not limited to ++Sections 3, 5, 8, 9, 10, 11, 12.2 and 13. No party will be liable to any other ++for compensation, indemnity or damages of any sort solely as a result of ++terminating this License in accordance with its terms, and termination of this ++License will be without prejudice to any other right or remedy of any party. ++ ++13. Miscellaneous. ++ ++13.1 Government End Users. The Covered Code is a "commercial item" as ++defined in FAR 2.101. Government software and technical data rights in the ++Covered Code include only those rights customarily provided to the public as ++defined in this License. This customary commercial license in technical data ++and software is provided in accordance with FAR 12.211 (Technical Data) and ++12.212 (Computer Software) and, for Department of Defense purchases, DFAR ++252.227-7015 (Technical Data -- Commercial Items) and 227.7202-3 (Rights in ++Commercial Computer Software or Computer Software Documentation). Accordingly, ++all U.S. Government End Users acquire Covered Code with only those rights set ++forth herein. ++ ++13.2 Relationship of Parties. This License will not be construed as ++creating an agency, partnership, joint venture or any other form of legal ++association between or among You, Apple or any Contributor, and You will not ++represent to the contrary, whether expressly, by implication, appearance or ++otherwise. ++ ++13.3 Independent Development. Nothing in this License will impair Apple's ++right to acquire, license, develop, have others develop for it, market and/or ++distribute technology or products that perform the same or similar functions ++as, or otherwise compete with, Modifications, Larger Works, technology or ++products that You may develop, produce, market or distribute. ++ ++13.4 Waiver; Construction. Failure by Apple or any Contributor to enforce ++any provision of this License will not be deemed a waiver of future enforcement ++of that or any other provision. Any law or regulation which provides that the ++language of a contract shall be construed against the drafter will not apply to ++this License. ++ ++13.5 Severability. (a) If for any reason a court of competent jurisdiction ++finds any provision of this License, or portion thereof, to be unenforceable, ++that provision of the License will be enforced to the maximum extent ++permissible so as to effect the economic benefits and intent of the parties, ++and the remainder of this License will continue in full force and effect. (b) ++Notwithstanding the foregoing, if applicable law prohibits or restricts You ++from fully and/or specifically complying with Sections 2 and/or 3 or prevents ++the enforceability of either of those Sections, this License will immediately ++terminate and You must immediately discontinue any use of the Covered Code and ++destroy all copies of it that are in your possession or control. ++ ++13.6 Dispute Resolution. Any litigation or other dispute resolution between ++You and Apple relating to this License shall take place in the Northern ++District of California, and You and Apple hereby consent to the personal ++jurisdiction of, and venue in, the state and federal courts within that ++District with respect to this License. The application of the United Nations ++Convention on Contracts for the International Sale of Goods is expressly ++excluded. ++ ++13.7 Entire Agreement; Governing Law. This License constitutes the entire ++agreement between the parties with respect to the subject matter hereof. This ++License shall be governed by the laws of the United States and the State of ++California, except that body of California law concerning conflicts of law. ++ ++Where You are located in the province of Quebec, Canada, the following clause ++applies: The parties hereby confirm that they have requested that this License ++and all related documents be drafted in English. Les parties ont exigé que le ++présent contrat et tous les documents connexes soient rédigés en anglais. ++ ++EXHIBIT A. ++ ++"Portions Copyright (c) 1999-2007 Apple Inc. All Rights Reserved. ++ ++This file contains Original Code and/or Modifications of Original Code as ++defined in and that are subject to the Apple Public Source License Version 2.0 ++(the 'License'). You may not use this file except in compliance with the ++License. Please obtain a copy of the License at ++http://www.opensource.apple.com/apsl/ and read it before using this file. ++ ++The Original Code and all software distributed under the License are ++distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ++OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT ++LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR ++PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the ++specific language governing rights and limitations under the License." diff --git a/net-snmp/patches/net-snmp-5.5-dir-fix.patch b/net-snmp/patches/net-snmp-5.5-dir-fix.patch new file mode 100644 index 000000000..b726c4713 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.5-dir-fix.patch @@ -0,0 +1,14 @@ +Let net-snmp-create-v3-user save settings into /etc/ instead of /usr/ + +diff -up net-snmp-5.5/net-snmp-create-v3-user.in.orig net-snmp-5.5/net-snmp-create-v3-user.in +--- net-snmp-5.5/net-snmp-create-v3-user.in.orig 2008-07-22 16:33:25.000000000 +0200 ++++ net-snmp-5.5/net-snmp-create-v3-user.in 2009-09-29 16:30:36.000000000 +0200 +@@ -158,7 +158,7 @@ if test ! -d $outfile ; then + touch $outfile + fi + echo $line >> $outfile +-outfile="@datadir@/snmp/snmpd.conf" ++outfile="/etc/snmp/snmpd.conf" + line="$token $user" + echo "adding the following line to $outfile:" + echo " " $line diff --git a/net-snmp/patches/net-snmp-5.5-perl-linking.patch b/net-snmp/patches/net-snmp-5.5-perl-linking.patch new file mode 100644 index 000000000..ceb63630a --- /dev/null +++ b/net-snmp/patches/net-snmp-5.5-perl-linking.patch @@ -0,0 +1,16 @@ +554747 - net-snmp-config should not contain perl options + +Remove rpath from net-snmp-config --agent-libs output. + +diff -up net-snmp-5.7/net-snmp-config.in.perl-linking net-snmp-5.7/net-snmp-config.in +--- net-snmp-5.7/net-snmp-config.in.perl-linking 2011-07-02 00:35:46.000000000 +0200 ++++ net-snmp-5.7/net-snmp-config.in 2011-07-07 13:30:01.635798817 +0200 +@@ -50,7 +50,7 @@ NSC_LDFLAGS="@LDFLAGS@" + + NSC_LIBS="@LIBS@" + NSC_LNETSNMPLIBS="@LNETSNMPLIBS@" +-NSC_LAGENTLIBS="@LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@" ++NSC_LAGENTLIBS="@LAGENTLIBS@" + NSC_LMIBLIBS="@LMIBLIBS@" + + NSC_INCLUDEDIR=${includedir} diff --git a/net-snmp/patches/net-snmp-5.6-multilib.patch b/net-snmp/patches/net-snmp-5.6-multilib.patch new file mode 100644 index 000000000..a50f5a822 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.6-multilib.patch @@ -0,0 +1,47 @@ +Make the man pages multilib safe. + +diff -up net-snmp-5.6/man/netsnmp_config_api.3.def.multilib net-snmp-5.6/man/netsnmp_config_api.3.def +--- net-snmp-5.6/man/netsnmp_config_api.3.def.multilib 2010-09-08 17:41:37.000000000 +0200 ++++ net-snmp-5.6/man/netsnmp_config_api.3.def 2010-10-25 17:40:43.433726423 +0200 +@@ -295,7 +295,7 @@ for one particular machine. + .PP + The default list of directories to search is \fC SYSCONFDIR/snmp\fP, + followed by \fC DATADIR/snmp\fP, +-followed by \fC LIBDIR/snmp\fP, ++followed by \fC /usr/lib(64)/snmp\fP, + followed by \fC $HOME/.snmp\fP. + This list can be changed by setting the environmental variable + .I SNMPCONFPATH +@@ -365,7 +365,7 @@ function that it should abort the operat + SNMPCONFPATH + A colon separated list of directories to search for configuration + files in. +-Default: SYSCONFDIR/snmp:DATADIR/snmp:LIBDIR/snmp:$HOME/.snmp ++Default: SYSCONFDIR/snmp:DATADIR/snmp:/usr/lib(64)/snmp:$HOME/.snmp + .SH "SEE ALSO" + .BR mib_api "(3), " snmp_api (3) + .\" Local Variables: +diff -up net-snmp-5.6/man/snmp_config.5.def.multilib net-snmp-5.6/man/snmp_config.5.def +--- net-snmp-5.6/man/snmp_config.5.def.multilib 2010-09-17 11:51:52.000000000 +0200 ++++ net-snmp-5.6/man/snmp_config.5.def 2010-10-25 17:40:12.681976439 +0200 +@@ -10,7 +10,7 @@ First off, there are numerous places tha + found and read from. By default, the applications look for + configuration files in the following 4 directories, in order: + SYSCONFDIR/snmp, +-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these ++DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these + directories, it looks for files with the extension of both + .IR conf " and " local.conf + (reading the second ones last). In this manner, there are +diff -up net-snmp-5.6/man/snmpd.conf.5.def.multilib net-snmp-5.6/man/snmpd.conf.5.def +--- net-snmp-5.6/man/snmpd.conf.5.def.multilib 2010-09-17 11:51:52.000000000 +0200 ++++ net-snmp-5.6/man/snmpd.conf.5.def 2010-10-25 17:40:12.682976925 +0200 +@@ -1387,7 +1387,7 @@ filename), and call the initialisation r + .RS + .IP "Note:" + If the specified PATH is not a fully qualified filename, it will +-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR ++be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR + will be appended to the filename. + .RE + .PP diff --git a/net-snmp/patches/net-snmp-5.6-test-debug.patch b/net-snmp/patches/net-snmp-5.6-test-debug.patch new file mode 100644 index 000000000..4ae97fbee --- /dev/null +++ b/net-snmp/patches/net-snmp-5.6-test-debug.patch @@ -0,0 +1,29 @@ +Don't check tests which depend on DNS - it's disabled in Koji + +diff -up net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple +--- net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple.debug 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/testing/fulltests/default/T070com2sec_simple 2012-10-18 10:16:39.276416510 +0200 +@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25 + SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies + SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies + ++FINISHED ++ ++# don't test the later, it depends on DNS, which is not available in Koji ++ + CHECKAGENT '<"c408a"' + if [ "$snmp_last_test_result" -eq 0 ] ; then + CHECKAGENT 'line 32: Error:' +diff -up net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple +--- net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple.debug 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/testing/fulltests/default/T071com2sec6_simple 2012-10-18 10:16:39.276416510 +0200 +@@ -132,6 +132,9 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff + SAVECHECKAGENT 'line 27: Error:' + SAVECHECKAGENT 'line 28: Error:' + ++FINISHED ++ ++# don't test the later, it depends on DNS, which is not available in Koji + # 608 + CHECKAGENT '<"c608a"' + if [ "$snmp_last_test_result" -eq 0 ] ; then diff --git a/net-snmp/patches/net-snmp-5.7.2-pie.patch b/net-snmp/patches/net-snmp-5.7.2-pie.patch new file mode 100644 index 000000000..ee02001b3 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.7.2-pie.patch @@ -0,0 +1,24 @@ +diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in +--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200 +@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c + $(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $? + + snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG) +- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} ++ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS} + + libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS) + $(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@ +diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in +--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200 +@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX + $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS} + + snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS) +- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} ++ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS} + + snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS) + $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS} diff --git a/net-snmp/patches/net-snmp-5.7.2-python-ipaddress-size.patch b/net-snmp/patches/net-snmp-5.7.2-python-ipaddress-size.patch new file mode 100644 index 000000000..51a489f84 --- /dev/null +++ b/net-snmp/patches/net-snmp-5.7.2-python-ipaddress-size.patch @@ -0,0 +1,23 @@ +895357 - net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid + +Source: upstream commit 234158b8e84cc204cbac96e6e9be6959635404b8 + + --- a/python/netsnmp/client_intf.c ++++ a/python/netsnmp/client_intf.c +@@ -821,14 +821,14 @@ OCT: + + case TYPE_IPADDR: + vars->type = ASN_IPADDRESS; +- vars->val.integer = (long *)malloc(sizeof(long)); ++ vars->val.integer = (in_addr_t *)malloc(sizeof(in_addr_t)); + if (val) + *(vars->val.integer) = inet_addr(val); + else { + ret = FAILURE; + *(vars->val.integer) = 0; + } +- vars->val_len = sizeof(long); ++ vars->val_len = sizeof(in_addr_t); + break; + + case TYPE_OBJID: diff --git a/net-snmp/patches/net-snmp-5.7.2-systemd.patch b/net-snmp/patches/net-snmp-5.7.2-systemd.patch new file mode 100644 index 000000000..b349097ae --- /dev/null +++ b/net-snmp/patches/net-snmp-5.7.2-systemd.patch @@ -0,0 +1,1653 @@ +718183 - Provide native systemd unit file + +Gathered from following upstream git commits and backported to 5.7. + +commit 19499c3c90bf9d7b2b9e5d08baa26cc6bba28a11 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + CHANGES: snmpd: integrated with systemd, see README.systemd for details. + + It brings sd-daemon.c and .h directly downloaded from systemd. I've made very + few changes to it to match our NETSNMP_NO_SYSTEMD and include paths. + +commit fef6cddfdb94da1a6b1fb768af62918b80f11fd3 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + CHANGES: snmptrapd: integrate systemd notification support. + +commit 0641e43c694c485cbbffef0556efc4641bd3ff50 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + Add sd_find_inet_socket() and sd_find_inet_unisx() helpers into + system-specific code. This will help us to find various sockets + created by systemd much easier. + +commit 76530a89f1c8bbd0b63acce63e10d5d4812a1a16 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + Check sockets created by systemd when opening new server sockets. + + systemd can pass sockets to our daemons during startup using LISTEN_FDS + environment variable. So check this variable when opening new listening + socket - maybe system has already opened the socket for us. + +commit bf108d7f1354f6276fc43c129963f2c49b9fc242 +Author: Jan Safranek +Date: Mon Aug 8 15:48:54 2011 +0200 + + Added sample systemd service files. + +commit 884ec488a6596380ba283d707827dd926a52e0b2 +Author: Jan Safranek +Date: Mon Aug 8 15:48:55 2011 +0200 + + Run autoheader+autoconf. + +commit 86132e3f1e6ef7b4e0b96d8fa24e37c81b71b0e0 +Author: Jan Safranek +Date: Tue Aug 9 10:53:43 2011 +0200 + + Update systemd documentation and samples. + + - add socket unit for snmpd to paralelize boot + - update WantedBy in socket units as recommended by http://0pointer.de/blog/projects/socket-activation.html + - rephrase README.systemd + + +diff -up net-snmp-5.7.2/agent/snmpd.c.systemd net-snmp-5.7.2/agent/snmpd.c +--- net-snmp-5.7.2/agent/snmpd.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/snmpd.c 2012-11-12 10:18:46.084369548 +0100 +@@ -164,6 +164,10 @@ typedef long fd_mask; + + #endif + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + netsnmp_feature_want(logging_file) + netsnmp_feature_want(logging_stdio) + netsnmp_feature_want(logging_syslog) +@@ -441,18 +445,26 @@ main(int argc, char *argv[]) + int agent_mode = -1; + char *pid_file = NULL; + char option_compatability[] = "-Le"; ++ int prepared_sockets = 0; + #if HAVE_GETPID + int fd; + FILE *PID; + #endif + + #ifndef WIN32 ++#ifndef NETSNMP_NO_SYSYSTEMD ++ /* check if systemd has sockets for us and don't close them */ ++ prepared_sockets = netsnmp_sd_listen_fds(0); ++#endif /* NETSNMP_NO_SYSYSTEMD */ ++ + /* + * close all non-standard file descriptors we may have + * inherited from the shell. + */ +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); ++ if (!prepared_sockets) { ++ for (i = getdtablesize() - 1; i > 2; --i) { ++ (void) close(i); ++ } + } + #endif /* #WIN32 */ + +@@ -1100,6 +1112,19 @@ main(int argc, char *argv[]) + netsnmp_addrcache_initialise(); + + /* ++ * Let systemd know we're up. ++ */ ++#ifndef NETSNMP_NO_SYSTEMD ++ netsnmp_sd_notify(1, "READY=1\n"); ++ if (prepared_sockets) ++ /* ++ * Clear the environment variable, we already processed all the sockets ++ * by now. ++ */ ++ netsnmp_sd_listen_fds(1); ++#endif ++ ++ /* + * Forever monitor the dest_port for incoming PDUs. + */ + DEBUGMSGTL(("snmpd/main", "We're up. Starting to process data.\n")); +diff -up net-snmp-5.7.2/apps/snmptrapd.c.systemd net-snmp-5.7.2/apps/snmptrapd.c +--- net-snmp-5.7.2/apps/snmptrapd.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/apps/snmptrapd.c 2012-11-12 10:18:46.084369548 +0100 +@@ -125,6 +125,10 @@ SOFTWARE. + + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #ifndef BSD4_3 + #define BSD4_2 + #endif +@@ -655,15 +659,22 @@ main(int argc, char *argv[]) + int agentx_subagent = 1; + #endif + netsnmp_trapd_handler *traph; ++ int prepared_sockets = 0; + + + #ifndef WIN32 ++#ifndef NETSNMP_NO_SYSTEMD ++ /* check if systemd has sockets for us and don't close them */ ++ prepared_sockets = netsnmp_sd_listen_fds(0); ++#endif + /* + * close all non-standard file descriptors we may have + * inherited from the shell. + */ +- for (i = getdtablesize() - 1; i > 2; --i) { +- (void) close(i); ++ if (!prepared_sockets) { ++ for (i = getdtablesize() - 1; i > 2; --i) { ++ (void) close(i); ++ } + } + #endif /* #WIN32 */ + +@@ -1311,6 +1322,19 @@ main(int argc, char *argv[]) + #endif + #endif + ++ /* ++ * Let systemd know we're up. ++ */ ++#ifndef NETSNMP_NO_SYSTEMD ++ netsnmp_sd_notify(1, "READY=1\n"); ++ if (prepared_sockets) ++ /* ++ * Clear the environment variable, we already processed all the sockets ++ * by now. ++ */ ++ netsnmp_sd_listen_fds(1); ++#endif ++ + #ifdef WIN32SERVICE + trapd_status = SNMPTRAPD_RUNNING; + #endif +diff -up net-snmp-5.7.2/configure.d/config_modules_lib.systemd net-snmp-5.7.2/configure.d/config_modules_lib +--- net-snmp-5.7.2/configure.d/config_modules_lib.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/configure.d/config_modules_lib 2012-11-12 10:18:46.085369546 +0100 +@@ -53,6 +53,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" + other_ftobjs_list="$other_ftobjs_list winpipe.ft" + fi + ++# Linux systemd ++if test "x$with_systemd" == "xyes"; then ++ other_src_list="$other_src_list sd-daemon.c" ++ other_objs_list="$other_objs_list sd-daemon.o" ++ other_lobjs_list="$other_lobjs_list sd-daemon.lo" ++ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft" ++fi ++ + AC_SUBST(other_src_list) + AC_SUBST(other_objs_list) + AC_SUBST(other_lobjs_list) +diff -up net-snmp-5.7.2/configure.d/config_project_with_enable.systemd net-snmp-5.7.2/configure.d/config_project_with_enable +--- net-snmp-5.7.2/configure.d/config_project_with_enable.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/configure.d/config_project_with_enable 2012-11-12 10:18:46.086369544 +0100 +@@ -690,6 +690,15 @@ if test "x$with_dummy_values" != "xyes"; + data for]) + fi + ++NETSNMP_ARG_WITH(systemd, ++[ --with-systemd Provide systemd support. See README.systemd ++ for details.]) ++# Define unless specifically suppressed (i.e., option defaults to false). ++if test "x$with_systemd" != "xyes"; then ++ AC_DEFINE(NETSNMP_NO_SYSTEMD, 1, ++ [If you don't want to integrate with systemd.]) ++fi ++ + NETSNMP_ARG_ENABLE(set-support, + [ --disable-set-support Do not allow SNMP set requests.]) + if test "x$enable_set_support" = "xno"; then +diff -up net-snmp-5.7.2/configure.systemd net-snmp-5.7.2/configure +--- net-snmp-5.7.2/configure.systemd 2012-10-10 00:35:37.000000000 +0200 ++++ net-snmp-5.7.2/configure 2012-11-12 10:18:46.099369517 +0100 +@@ -950,6 +950,8 @@ with_kmem_usage + enable_kmem_usage + with_dummy_values + enable_dummy_values ++with_systemd ++enable_systemd + enable_set_support + with_set_support + with_sys_contact +@@ -1866,6 +1868,8 @@ Configuring the agent: + This is technically not compliant with the + SNMP specifications, but was how the agent + operated for versions < 4.0. ++ --with-systemd Provide systemd support. See README.systemd ++ for details. + --with-sys-contact="who@where" Default system contact. + (Default: LOGIN@DOMAINNAME) + --with-sys-location="location" Default system location. +@@ -4397,6 +4401,24 @@ $as_echo "#define NETSNMP_NO_DUMMY_VALUE + + fi + ++ ++# Check whether --with-systemd was given. ++if test "${with_systemd+set}" = set; then : ++ withval=$with_systemd; ++fi ++ ++ # Check whether --enable-systemd was given. ++if test "${enable_systemd+set}" = set; then : ++ enableval=$enable_systemd; as_fn_error $? "Invalid option. Use --with-systemd/--without-systemd instead" "$LINENO" 5 ++fi ++ ++# Define unless specifically suppressed (i.e., option defaults to false). ++if test "x$with_systemd" != "xyes"; then ++ ++$as_echo "#define NETSNMP_NO_SYSTEMD 1" >>confdefs.h ++ ++fi ++ + # Check whether --enable-set-support was given. + if test "${enable_set_support+set}" = set; then : + enableval=$enable_set_support; +@@ -18239,6 +18261,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" + other_ftobjs_list="$other_ftobjs_list winpipe.ft" + fi + ++# Linux systemd ++if test "x$with_systemd" == "xyes"; then ++ other_src_list="$other_src_list sd-daemon.c" ++ other_objs_list="$other_objs_list sd-daemon.o" ++ other_lobjs_list="$other_lobjs_list sd-daemon.lo" ++ other_ftobjs_list="$other_ftobjs_list sd-daemon.ft" ++fi ++ + + + +diff -up net-snmp-5.7.2/dist/snmpd.service.systemd net-snmp-5.7.2/dist/snmpd.service +--- net-snmp-5.7.2/dist/snmpd.service.systemd 2012-11-12 10:18:46.104369507 +0100 ++++ net-snmp-5.7.2/dist/snmpd.service 2012-11-12 10:18:46.104369507 +0100 +@@ -0,0 +1,18 @@ ++# ++# SNMP agent service file for systemd ++# ++# ++# The service should be enabled, i.e. snmpd should start during machine boot. ++# Socket activation shall not be used. See README.systemd for details. ++ ++[Unit] ++Description=Simple Network Management Protocol (SNMP) daemon. ++After=syslog.target network.target ++ ++[Service] ++# Type=notify is also supported. It should be set when snmpd.socket is not used. ++Type=simple ++ExecStart=/usr/sbin/snmpd -f ++ ++[Install] ++WantedBy=multi-user.target +diff -up net-snmp-5.7.2/dist/snmpd.socket.systemd net-snmp-5.7.2/dist/snmpd.socket +--- net-snmp-5.7.2/dist/snmpd.socket.systemd 2012-11-12 10:18:46.104369507 +0100 ++++ net-snmp-5.7.2/dist/snmpd.socket 2012-11-12 10:18:46.104369507 +0100 +@@ -0,0 +1,17 @@ ++[Unit] ++Description=Socket listening for SNMP and AgentX messages ++ ++[Socket] ++ListenDatagram=0.0.0.0:161 ++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. ++# It must match listening addresses/ports defined in snmpd.service ++# or snmpd.conf. ++# ListenStream=0.0.0.0:161 ++# ListenDatagram=[::]:161 ++# ListenStream=[::]:161 ++# ++# Uncomment AgentX socket if snmpd.conf enables AgentX protocol. ++# ListenStream=/var/agentx/master ++ ++[Install] ++WantedBy=sockets.target +diff -up net-snmp-5.7.2/dist/snmptrapd.service.systemd net-snmp-5.7.2/dist/snmptrapd.service +--- net-snmp-5.7.2/dist/snmptrapd.service.systemd 2012-11-12 10:18:46.105369505 +0100 ++++ net-snmp-5.7.2/dist/snmptrapd.service 2012-11-12 10:18:46.105369505 +0100 +@@ -0,0 +1,16 @@ ++# ++# SNMP trap-processing service file for systemd ++# ++ ++[Unit] ++Description=Simple Network Management Protocol (SNMP) Trap daemon. ++After=syslog.target network.target ++ ++[Service] ++# Type=notify is also supported. It should be set when snmptrapd.socket is not ++# used. ++Type=simple ++ExecStart=/usr/sbin/snmptrapd -f ++ ++[Install] ++WantedBy=multi-user.target +diff -up net-snmp-5.7.2/dist/snmptrapd.socket.systemd net-snmp-5.7.2/dist/snmptrapd.socket +--- net-snmp-5.7.2/dist/snmptrapd.socket.systemd 2012-11-12 10:18:46.105369505 +0100 ++++ net-snmp-5.7.2/dist/snmptrapd.socket 2012-11-12 10:18:46.105369505 +0100 +@@ -0,0 +1,14 @@ ++[Unit] ++Description=Socket listening for SNMP trap messages ++ ++[Socket] ++ListenDatagram=0.0.0.0:162 ++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6. ++# It must match listening addresses/ports defined in snmptrapd.service ++# or snmptrapd.conf. ++# ListenStream=0.0.0.0:162 ++# ListenDatagram=[::]:162 ++# ListenStream=[::]:162 ++ ++[Install] ++WantedBy=sockets.target +diff -up net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h.systemd net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h +--- net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h.systemd 2012-11-12 10:18:46.106369503 +0100 ++++ net-snmp-5.7.2/include/net-snmp/library/sd-daemon.h 2012-11-12 10:18:46.106369503 +0100 +@@ -0,0 +1,286 @@ ++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ ++ ++#ifndef SNMPD_SD_DAEMON_H ++#define SNMPD_SD_DAEMON_H ++ ++/*** ++ Copyright 2010 Lennart Poettering ++ ++ Permission is hereby granted, free of charge, to any person ++ obtaining a copy of this software and associated documentation files ++ (the "Software"), to deal in the Software without restriction, ++ including without limitation the rights to use, copy, modify, merge, ++ publish, distribute, sublicense, and/or sell copies of the Software, ++ and to permit persons to whom the Software is furnished to do so, ++ subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be ++ included in all copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++***/ ++ ++#include ++#include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ Reference implementation of a few systemd related interfaces for ++ writing daemons. These interfaces are trivial to implement. To ++ simplify porting we provide this reference implementation. ++ Applications are welcome to reimplement the algorithms described ++ here if they do not want to include these two source files. ++ ++ The following functionality is provided: ++ ++ - Support for logging with log levels on stderr ++ - File descriptor passing for socket-based activation ++ - Daemon startup and status notification ++ - Detection of systemd boots ++ ++ You may compile this with -DDISABLE_SYSTEMD to disable systemd ++ support. This makes all those calls NOPs that are directly related to ++ systemd (i.e. only sd_is_xxx() will stay useful). ++ ++ Since this is drop-in code we don't want any of our symbols to be ++ exported in any case. Hence we declare hidden visibility for all of ++ them. ++ ++ You may find an up-to-date version of these source files online: ++ ++ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h ++ http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c ++ ++ This should compile on non-Linux systems, too, but with the ++ exception of the sd_is_xxx() calls all functions will become NOPs. ++ ++ See sd-daemon(7) for more information. ++*/ ++ ++#ifndef _sd_printf_attr_ ++#if __GNUC__ >= 4 ++#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b))) ++#else ++#define _sd_printf_attr_(a,b) ++#endif ++#endif ++ ++/* ++ Log levels for usage on stderr: ++ ++ fprintf(stderr, SD_NOTICE "Hello World!\n"); ++ ++ This is similar to printk() usage in the kernel. ++*/ ++#define SD_EMERG "<0>" /* system is unusable */ ++#define SD_ALERT "<1>" /* action must be taken immediately */ ++#define SD_CRIT "<2>" /* critical conditions */ ++#define SD_ERR "<3>" /* error conditions */ ++#define SD_WARNING "<4>" /* warning conditions */ ++#define SD_NOTICE "<5>" /* normal but significant condition */ ++#define SD_INFO "<6>" /* informational */ ++#define SD_DEBUG "<7>" /* debug-level messages */ ++ ++/* The first passed file descriptor is fd 3 */ ++#define SD_LISTEN_FDS_START 3 ++ ++/* ++ Returns how many file descriptors have been passed, or a negative ++ errno code on failure. Optionally, removes the $LISTEN_FDS and ++ $LISTEN_PID file descriptors from the environment (recommended, but ++ problematic in threaded environments). If r is the return value of ++ this function you'll find the file descriptors passed as fds ++ SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative ++ errno style error code on failure. This function call ensures that ++ the FD_CLOEXEC flag is set for the passed file descriptors, to make ++ sure they are not passed on to child processes. If FD_CLOEXEC shall ++ not be set, the caller needs to unset it after this call for all file ++ descriptors that are used. ++ ++ See sd_listen_fds(3) for more information. ++*/ ++int netsnmp_sd_listen_fds(int unset_environment); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a FIFO in the file system stored under the ++ specified path, 0 otherwise. If path is NULL a path name check will ++ not be done and the call only verifies if the file descriptor ++ refers to a FIFO. Returns a negative errno style error code on ++ failure. ++ ++ See sd_is_fifo(3) for more information. ++*/ ++int netsnmp_sd_is_fifo(int fd, const char *path); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a special character device on the file ++ system stored under the specified path, 0 otherwise. ++ If path is NULL a path name check will not be done and the call ++ only verifies if the file descriptor refers to a special character. ++ Returns a negative errno style error code on failure. ++ ++ See sd_is_special(3) for more information. ++*/ ++int netsnmp_sd_is_special(int fd, const char *path); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is a socket of the specified family (AF_INET, ++ ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If ++ family is 0 a socket family check will not be done. If type is 0 a ++ socket type check will not be done and the call only verifies if ++ the file descriptor refers to a socket. If listening is > 0 it is ++ verified that the socket is in listening mode. (i.e. listen() has ++ been called) If listening is == 0 it is verified that the socket is ++ not in listening mode. If listening is < 0 no listening mode check ++ is done. Returns a negative errno style error code on failure. ++ ++ See sd_is_socket(3) for more information. ++*/ ++int netsnmp_sd_is_socket(int fd, int family, int type, int listening); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is an Internet socket, of the specified family ++ (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM, ++ SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version ++ check is not done. If type is 0 a socket type check will not be ++ done. If port is 0 a socket port check will not be done. The ++ listening flag is used the same way as in sd_is_socket(). Returns a ++ negative errno style error code on failure. ++ ++ See sd_is_socket_inet(3) for more information. ++*/ ++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port); ++ ++/* ++ Helper call for identifying a passed file descriptor. Returns 1 if ++ the file descriptor is an AF_UNIX socket of the specified type ++ (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0 ++ a socket type check will not be done. If path is NULL a socket path ++ check will not be done. For normal AF_UNIX sockets set length to ++ 0. For abstract namespace sockets set length to the length of the ++ socket name (including the initial 0 byte), and pass the full ++ socket path in path (including the initial 0 byte). The listening ++ flag is used the same way as in sd_is_socket(). Returns a negative ++ errno style error code on failure. ++ ++ See sd_is_socket_unix(3) for more information. ++*/ ++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length); ++ ++/* ++ Informs systemd about changed daemon state. This takes a number of ++ newline separated environment-style variable assignments in a ++ string. The following variables are known: ++ ++ READY=1 Tells systemd that daemon startup is finished (only ++ relevant for services of Type=notify). The passed ++ argument is a boolean "1" or "0". Since there is ++ little value in signaling non-readiness the only ++ value daemons should send is "READY=1". ++ ++ STATUS=... Passes a single-line status string back to systemd ++ that describes the daemon state. This is free-from ++ and can be used for various purposes: general state ++ feedback, fsck-like programs could pass completion ++ percentages and failing programs could pass a human ++ readable error message. Example: "STATUS=Completed ++ 66% of file system check..." ++ ++ ERRNO=... If a daemon fails, the errno-style error code, ++ formatted as string. Example: "ERRNO=2" for ENOENT. ++ ++ BUSERROR=... If a daemon fails, the D-Bus error-style error ++ code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut" ++ ++ MAINPID=... The main pid of a daemon, in case systemd did not ++ fork off the process itself. Example: "MAINPID=4711" ++ ++ Daemons can choose to send additional variables. However, it is ++ recommended to prefix variable names not listed above with X_. ++ ++ Returns a negative errno-style error code on failure. Returns > 0 ++ if systemd could be notified, 0 if it couldn't possibly because ++ systemd is not running. ++ ++ Example: When a daemon finished starting up, it could issue this ++ call to notify systemd about it: ++ ++ sd_notify(0, "READY=1"); ++ ++ See sd_notifyf() for more complete examples. ++ ++ See sd_notify(3) for more information. ++*/ ++int netsnmp_sd_notify(int unset_environment, const char *state); ++ ++/* ++ Similar to sd_notify() but takes a format string. ++ ++ Example 1: A daemon could send the following after initialization: ++ ++ sd_notifyf(0, "READY=1\n" ++ "STATUS=Processing requests...\n" ++ "MAINPID=%lu", ++ (unsigned long) getpid()); ++ ++ Example 2: A daemon could send the following shortly before ++ exiting, on failure: ++ ++ sd_notifyf(0, "STATUS=Failed to start up: %s\n" ++ "ERRNO=%i", ++ strerror(errno), ++ errno); ++ ++ See sd_notifyf(3) for more information. ++*/ ++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3); ++ ++/* ++ Returns > 0 if the system was booted with systemd. Returns < 0 on ++ error. Returns 0 if the system was not booted with systemd. Note ++ that all of the functions above handle non-systemd boots just ++ fine. You should NOT protect them with a call to this function. Also ++ note that this function checks whether the system, not the user ++ session is controlled by systemd. However the functions above work ++ for both user and system services. ++ ++ See sd_booted(3) for more information. ++*/ ++int netsnmp_sd_booted(void); ++ ++/** ++ * Find an socket with given parameters. See man sd_is_socket_inet for ++ * description of the arguments. ++ * ++ * Returns the file descriptor if it is found, 0 otherwise. ++ */ ++int netsnmp_sd_find_inet_socket(int family, int type, int listening, int port); ++ ++/** ++ * Find an unix socket with given parameters. See man sd_is_socket_unix for ++ * description of the arguments. ++ * ++ * Returns the file descriptor if it is found, 0 otherwise. ++ */ ++int ++netsnmp_sd_find_unix_socket(int type, int listening, const char *path); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* SNMPD_SD_DAEMON_H */ +diff -up net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in.systemd net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in +--- net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/include/net-snmp/net-snmp-config.h.in 2012-11-12 10:18:46.107369501 +0100 +@@ -1389,6 +1389,9 @@ + /* If you don't have root access don't exit upon kmem errors */ + #undef NETSNMP_NO_ROOT_ACCESS + ++/* If you don't want to integrate with systemd. */ ++#undef NETSNMP_NO_SYSTEMD ++ + /* Define if you want to remove all SET/write access from the code */ + #undef NETSNMP_NO_WRITE_SUPPORT + +diff -up net-snmp-5.7.2/README.systemd.systemd net-snmp-5.7.2/README.systemd +--- net-snmp-5.7.2/README.systemd.systemd 2012-11-12 10:18:46.108369499 +0100 ++++ net-snmp-5.7.2/README.systemd 2012-11-12 10:18:46.108369499 +0100 +@@ -0,0 +1,41 @@ ++README.systemd ++-------------- ++Net-SNMP provides two daemons, which support systemd system manager. ++See http://www.freedesktop.org/wiki/Software/systemd to learn how ++systemd works. Both socket activation and notification is supported by these ++daemons. ++ ++To enable systemd support, the sources must be compiled with ++--with-systemd configure option. ++ ++snmpd - The SNMP agent ++---------------------- ++Socket activation od snmpd daemon is implemented, but it's discouraged. ++The reason is simple - snmpd not only listens and processes SNMP requests ++from network, but also gathers system statistics counters, sends traps and ++communicates with subagents. It even opens few netlink sockets. ++ ++In other words, snmpd should run from system start to properly work. ++This can be done in two ways: ++1) either as snmpd service unit with 'Type=notification' and without a socket ++ unit ++2) or as snmpd service unit with 'Type=simple', appropriate socket socket unit ++ and the snmpd service enabled. This way systemd creates the snmpd listening ++ socket early during boot and passes the sockets to snmpd slightly later ++ (but still during machine boot). This way systemd can paralelize start of ++ services, which depend on snmpd. Admins must adjust the socket file manually, ++ depending if the snmpd support AgentX, IPv6, SMUX etc. ++ ++snmpd should be started with '-f' command line parameter to disable forking - ++systemd does that for us automatically. ++ ++ ++snmptrapd - The trap processing daemon ++-------------------------------------- ++snmptrapd supports full socket activation and also notification (if needed). ++Both 'Type=simple' (with appropriate socket unit) and 'Type=notify' services ++will work. Again, '-f' parameter should be provided on snmptrapd command line. ++ ++If integration with SNMP agent using AgentX protocol is enabled, snmptrapd should ++start during boot and not after first SNMP trap arrives. Same rules as for snmpd ++applies then. +\ No newline at end of file +diff -up net-snmp-5.7.2/snmplib/sd-daemon.c.systemd net-snmp-5.7.2/snmplib/sd-daemon.c +--- net-snmp-5.7.2/snmplib/sd-daemon.c.systemd 2012-11-12 10:18:46.109369497 +0100 ++++ net-snmp-5.7.2/snmplib/sd-daemon.c 2012-11-12 10:18:46.109369497 +0100 +@@ -0,0 +1,532 @@ ++/* ++ * Systemd integration parts. ++ * ++ * Most of this file is directly copied from systemd sources. ++ * Changes: ++ * - all functions were renamed to have netsnmp_ prefix ++ * - includes were changed to match Net-SNMP style. ++ * - removed gcc export macros ++ * - removed POSIX message queues ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef NETSNMP_NO_SYSTEMD ++ ++/*** ++ Copyright 2010 Lennart Poettering ++ ++ Permission is hereby granted, free of charge, to any person ++ obtaining a copy of this software and associated documentation files ++ (the "Software"), to deal in the Software without restriction, ++ including without limitation the rights to use, copy, modify, merge, ++ publish, distribute, sublicense, and/or sell copies of the Software, ++ and to permit persons to whom the Software is furnished to do so, ++ subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be ++ included in all copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS ++ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ++ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++***/ ++ ++#ifndef _GNU_SOURCE ++#define _GNU_SOURCE ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++int netsnmp_sd_listen_fds(int unset_environment) { ++ ++ int r, fd; ++ const char *e; ++ char *p = NULL; ++ unsigned long l; ++ ++ if (!(e = getenv("LISTEN_PID"))) { ++ r = 0; ++ goto finish; ++ } ++ ++ errno = 0; ++ l = strtoul(e, &p, 10); ++ ++ if (errno != 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (!p || *p || l <= 0) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ /* Is this for us? */ ++ if (getpid() != (pid_t) l) { ++ r = 0; ++ goto finish; ++ } ++ ++ if (!(e = getenv("LISTEN_FDS"))) { ++ r = 0; ++ goto finish; ++ } ++ ++ errno = 0; ++ l = strtoul(e, &p, 10); ++ ++ if (errno != 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (!p || *p) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) { ++ int flags; ++ ++ if ((flags = fcntl(fd, F_GETFD)) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (flags & FD_CLOEXEC) ++ continue; ++ ++ if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ } ++ ++ r = (int) l; ++ ++finish: ++ if (unset_environment) { ++ unsetenv("LISTEN_PID"); ++ unsetenv("LISTEN_FDS"); ++ } ++ ++ return r; ++} ++ ++int netsnmp_sd_is_fifo(int fd, const char *path) { ++ struct stat st_fd; ++ ++ if (fd < 0) ++ return -EINVAL; ++ ++ memset(&st_fd, 0, sizeof(st_fd)); ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISFIFO(st_fd.st_mode)) ++ return 0; ++ ++ if (path) { ++ struct stat st_path; ++ ++ memset(&st_path, 0, sizeof(st_path)); ++ if (stat(path, &st_path) < 0) { ++ ++ if (errno == ENOENT || errno == ENOTDIR) ++ return 0; ++ ++ return -errno; ++ } ++ ++ return ++ st_path.st_dev == st_fd.st_dev && ++ st_path.st_ino == st_fd.st_ino; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_special(int fd, const char *path) { ++ struct stat st_fd; ++ ++ if (fd < 0) ++ return -EINVAL; ++ ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode)) ++ return 0; ++ ++ if (path) { ++ struct stat st_path; ++ ++ if (stat(path, &st_path) < 0) { ++ ++ if (errno == ENOENT || errno == ENOTDIR) ++ return 0; ++ ++ return -errno; ++ } ++ ++ if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode)) ++ return ++ st_path.st_dev == st_fd.st_dev && ++ st_path.st_ino == st_fd.st_ino; ++ else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode)) ++ return st_path.st_rdev == st_fd.st_rdev; ++ else ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int sd_is_socket_internal(int fd, int type, int listening) { ++ struct stat st_fd; ++ ++ if (fd < 0 || type < 0) ++ return -EINVAL; ++ ++ if (fstat(fd, &st_fd) < 0) ++ return -errno; ++ ++ if (!S_ISSOCK(st_fd.st_mode)) ++ return 0; ++ ++ if (type != 0) { ++ int other_type = 0; ++ socklen_t l = sizeof(other_type); ++ ++ if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0) ++ return -errno; ++ ++ if (l != sizeof(other_type)) ++ return -EINVAL; ++ ++ if (other_type != type) ++ return 0; ++ } ++ ++ if (listening >= 0) { ++ int accepting = 0; ++ socklen_t l = sizeof(accepting); ++ ++ if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0) ++ return -errno; ++ ++ if (l != sizeof(accepting)) ++ return -EINVAL; ++ ++ if (!accepting != !listening) ++ return 0; ++ } ++ ++ return 1; ++} ++ ++union sockaddr_union { ++ struct sockaddr sa; ++ struct sockaddr_in in4; ++ struct sockaddr_in6 in6; ++ struct sockaddr_un un; ++ struct sockaddr_storage storage; ++}; ++ ++int netsnmp_sd_is_socket(int fd, int family, int type, int listening) { ++ int r; ++ ++ if (family < 0) ++ return -EINVAL; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ if (family > 0) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ return sockaddr.sa.sa_family == family; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ int r; ++ ++ if (family != 0 && family != AF_INET && family != AF_INET6) ++ return -EINVAL; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ if (sockaddr.sa.sa_family != AF_INET && ++ sockaddr.sa.sa_family != AF_INET6) ++ return 0; ++ ++ if (family > 0) ++ if (sockaddr.sa.sa_family != family) ++ return 0; ++ ++ if (port > 0) { ++ if (sockaddr.sa.sa_family == AF_INET) { ++ if (l < sizeof(struct sockaddr_in)) ++ return -EINVAL; ++ ++ return htons(port) == sockaddr.in4.sin_port; ++ } else { ++ if (l < sizeof(struct sockaddr_in6)) ++ return -EINVAL; ++ ++ return htons(port) == sockaddr.in6.sin6_port; ++ } ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) { ++ union sockaddr_union sockaddr; ++ socklen_t l; ++ int r; ++ ++ if ((r = sd_is_socket_internal(fd, type, listening)) <= 0) ++ return r; ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ l = sizeof(sockaddr); ++ ++ if (getsockname(fd, &sockaddr.sa, &l) < 0) ++ return -errno; ++ ++ if (l < sizeof(sa_family_t)) ++ return -EINVAL; ++ ++ if (sockaddr.sa.sa_family != AF_UNIX) ++ return 0; ++ ++ if (path) { ++ if (length <= 0) ++ length = strlen(path); ++ ++ if (length <= 0) ++ /* Unnamed socket */ ++ return l == offsetof(struct sockaddr_un, sun_path); ++ ++ if (path[0]) ++ /* Normal path socket */ ++ return ++ (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) && ++ memcmp(path, sockaddr.un.sun_path, length+1) == 0; ++ else ++ /* Abstract namespace socket */ ++ return ++ (l == offsetof(struct sockaddr_un, sun_path) + length) && ++ memcmp(path, sockaddr.un.sun_path, length) == 0; ++ } ++ ++ return 1; ++} ++ ++int netsnmp_sd_notify(int unset_environment, const char *state) { ++ int fd = -1, r; ++ struct msghdr msghdr; ++ struct iovec iovec; ++ union sockaddr_union sockaddr; ++ const char *e; ++ ++ if (!state) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ if (!(e = getenv("NOTIFY_SOCKET"))) ++ return 0; ++ ++ /* Must be an abstract socket, or an absolute path */ ++ if ((e[0] != '@' && e[0] != '/') || e[1] == 0) { ++ r = -EINVAL; ++ goto finish; ++ } ++ ++ if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ memset(&sockaddr, 0, sizeof(sockaddr)); ++ sockaddr.sa.sa_family = AF_UNIX; ++ strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); ++ ++ if (sockaddr.un.sun_path[0] == '@') ++ sockaddr.un.sun_path[0] = 0; ++ ++ memset(&iovec, 0, sizeof(iovec)); ++ iovec.iov_base = (char *)state; ++ iovec.iov_len = strlen(state); ++ ++ memset(&msghdr, 0, sizeof(msghdr)); ++ msghdr.msg_name = &sockaddr; ++ msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e); ++ ++ if (msghdr.msg_namelen > sizeof(struct sockaddr_un)) ++ msghdr.msg_namelen = sizeof(struct sockaddr_un); ++ ++ msghdr.msg_iov = &iovec; ++ msghdr.msg_iovlen = 1; ++ ++ if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ r = 1; ++ ++finish: ++ if (unset_environment) ++ unsetenv("NOTIFY_SOCKET"); ++ ++ if (fd >= 0) ++ close(fd); ++ ++ return r; ++} ++ ++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) { ++ va_list ap; ++ char *p = NULL; ++ int r; ++ ++ va_start(ap, format); ++ r = vasprintf(&p, format, ap); ++ va_end(ap); ++ ++ if (r < 0 || !p) ++ return -ENOMEM; ++ ++ r = netsnmp_sd_notify(unset_environment, p); ++ free(p); ++ ++ return r; ++} ++ ++int netsnmp_sd_booted(void) { ++ struct stat a, b; ++ ++ /* We simply test whether the systemd cgroup hierarchy is ++ * mounted */ ++ ++ if (lstat("/sys/fs/cgroup", &a) < 0) ++ return 0; ++ ++ if (lstat("/sys/fs/cgroup/systemd", &b) < 0) ++ return 0; ++ ++ return a.st_dev != b.st_dev; ++} ++ ++/* End of original sd-daemon.c from systemd sources */ ++ ++int ++netsnmp_sd_find_inet_socket(int family, int type, int listening, int port) ++{ ++ int count, fd; ++ ++ count = netsnmp_sd_listen_fds(0); ++ if (count <= 0) { ++ DEBUGMSGTL(("systemd:find_inet_socket", "No LISTEN_FDS found.\n")); ++ return 0; ++ } ++ DEBUGMSGTL(("systemd:find_inet_socket", "LISTEN_FDS reports %d sockets.\n", ++ count)); ++ ++ for (fd = 3; fd < 3+count; fd++) { ++ int rc = netsnmp_sd_is_socket_inet(fd, family, type, listening, port); ++ if (rc < 0) ++ DEBUGMSGTL(("systemd:find_inet_socket", ++ "sd_is_socket_inet error: %d\n", rc)); ++ if (rc > 0) { ++ DEBUGMSGTL(("systemd:find_inet_socket", ++ "Found the socket in LISTEN_FDS\n")); ++ return fd; ++ } ++ } ++ DEBUGMSGTL(("systemd:find_inet_socket", "Socket not found in LISTEN_FDS\n")); ++ return 0; ++} ++ ++int ++netsnmp_sd_find_unix_socket(int type, int listening, const char *path) ++{ ++ int count, fd; ++ ++ count = netsnmp_sd_listen_fds(0); ++ if (count <= 0) { ++ DEBUGMSGTL(("systemd:find_unix_socket", "No LISTEN_FDS found.\n")); ++ return 0; ++ } ++ DEBUGMSGTL(("systemd:find_unix_socket", "LISTEN_FDS reports %d sockets.\n", ++ count)); ++ ++ for (fd = 3; fd < 3+count; fd++) { ++ int rc = netsnmp_sd_is_socket_unix(fd, type, listening, path, 0); ++ if (rc < 0) ++ DEBUGMSGTL(("systemd:find_unix_socket", ++ "netsnmp_sd_is_socket_unix error: %d\n", rc)); ++ if (rc > 0) { ++ DEBUGMSGTL(("systemd:find_unix_socket", ++ "Found the socket in LISTEN_FDS\n")); ++ return fd; ++ } ++ } ++ DEBUGMSGTL(("systemd:find_unix_socket", "Socket not found in LISTEN_FDS\n")); ++ return 0; ++} ++ ++#endif /* ! NETSNMP_NO_SYSTEMD */ +diff -up net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c +--- net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpTCPDomain.c 2012-11-12 10:19:41.767217067 +0100 +@@ -43,6 +43,10 @@ + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + /* + * needs to be in sync with the definitions in snmplib/snmpUDPDomain.c + * and perl/agent/agent.xs +@@ -149,6 +153,7 @@ netsnmp_tcp_transport(struct sockaddr_in + netsnmp_transport *t = NULL; + netsnmp_udp_addr_pair *addr_pair = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -178,7 +183,19 @@ netsnmp_tcp_transport(struct sockaddr_in + t->domain_length = + sizeof(netsnmp_snmpTCPDomain) / sizeof(netsnmp_snmpTCPDomain[0]); + +- t->sock = socket(PF_INET, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_STREAM, 1, ++ ntohs(addr->sin_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -215,11 +232,13 @@ netsnmp_tcp_transport(struct sockaddr_in + setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, + sizeof(opt)); + +- rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +@@ -235,12 +254,13 @@ netsnmp_tcp_transport(struct sockaddr_in + /* + * Now sit here and wait for connections to arrive. + */ +- +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +diff -up net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c +--- net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpTCPIPv6Domain.c 2012-11-12 10:20:32.019078971 +0100 +@@ -49,6 +49,10 @@ + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #include "inet_ntop.h" + + oid netsnmp_TCPIPv6Domain[] = { TRANSPORT_DOMAIN_TCP_IPV6 }; +@@ -140,6 +144,7 @@ netsnmp_tcp6_transport(struct sockaddr_i + { + netsnmp_transport *t = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -174,7 +179,19 @@ netsnmp_tcp6_transport(struct sockaddr_i + t->domain = netsnmp_TCPIPv6Domain; + t->domain_length = sizeof(netsnmp_TCPIPv6Domain) / sizeof(oid); + +- t->sock = socket(PF_INET6, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_STREAM, 1, ++ ntohs(addr->sin6_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET6, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -220,12 +237,14 @@ netsnmp_tcp6_transport(struct sockaddr_i + + setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(opt)); + +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr_in6)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr_in6)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +@@ -242,11 +261,13 @@ netsnmp_tcp6_transport(struct sockaddr_i + * Now sit here and wait for connections to arrive. + */ + +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + + /* +diff -up net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUDPIPv4BaseDomain.c 2012-11-12 10:22:30.279750750 +0100 +@@ -40,6 +40,10 @@ + + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #if (defined(linux) && defined(IP_PKTINFO)) \ + || defined(IP_RECVDSTADDR) && HAVE_STRUCT_MSGHDR_MSG_CONTROL \ + && HAVE_STRUCT_MSGHDR_MSG_FLAGS +@@ -67,6 +71,7 @@ netsnmp_udpipv4base_transport(struct soc + char *client_socket = NULL; + netsnmp_indexed_addr_pair addr_pair; + socklen_t local_addr_len; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -91,7 +96,20 @@ netsnmp_udpipv4base_transport(struct soc + free(str); + } + +- t->sock = socket(PF_INET, SOCK_DGRAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_DGRAM, -1, ++ ntohs(addr->sin_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET, SOCK_DGRAM, 0); ++ + DEBUGMSGTL(("UDPBase", "openned socket %d as local=%d\n", t->sock, local)); + if (t->sock < 0) { + netsnmp_transport_free(t); +@@ -141,13 +159,15 @@ netsnmp_udpipv4base_transport(struct soc + DEBUGMSGTL(("netsnmp_udp", "set IP_RECVDSTADDR\n")); + } + #endif +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; +- } ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } ++ } + t->data = NULL; + t->data_length = 0; + #else /* NETSNMP_NO_LISTEN_SUPPORT */ +diff -up net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUDPIPv6Domain.c 2012-11-12 10:23:19.713603003 +0100 +@@ -67,6 +67,10 @@ static const struct in6_addr in6addr_any + #include + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + #include "inet_ntop.h" + #include "inet_pton.h" + +@@ -190,6 +194,7 @@ netsnmp_udp6_transport(struct sockaddr_i + { + netsnmp_transport *t = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + if (local) +@@ -217,7 +222,19 @@ netsnmp_udp6_transport(struct sockaddr_i + t->domain_length = + sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]); + +- t->sock = socket(PF_INET6, SOCK_DGRAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1, ++ ntohs(addr->sin6_port)); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_INET6, SOCK_DGRAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -242,13 +259,14 @@ netsnmp_udp6_transport(struct sockaddr_i + } + } + #endif +- +- rc = bind(t->sock, (struct sockaddr *) addr, +- sizeof(struct sockaddr_in6)); +- if (rc != 0) { +- netsnmp_socketbase_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = bind(t->sock, (struct sockaddr *) addr, ++ sizeof(struct sockaddr_in6)); ++ if (rc != 0) { ++ netsnmp_socketbase_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } + t->local = (unsigned char*)malloc(18); + if (t->local == NULL) { +diff -up net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c.systemd net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c +--- net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c.systemd 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/snmplib/transports/snmpUnixDomain.c 2012-11-12 10:24:02.803466358 +0100 +@@ -37,6 +37,10 @@ + #include /* mkdirhier */ + #include + ++#ifndef NETSNMP_NO_SYSTEMD ++#include ++#endif ++ + netsnmp_feature_child_of(transport_unix_socket_all, transport_all) + netsnmp_feature_child_of(unix_socket_paths, transport_unix_socket_all) + +@@ -295,6 +299,7 @@ netsnmp_unix_transport(struct sockaddr_u + netsnmp_transport *t = NULL; + sockaddr_un_pair *sup = NULL; + int rc = 0; ++ int socket_initialized = 0; + + #ifdef NETSNMP_NO_LISTEN_SUPPORT + /* SPECIAL CIRCUMSTANCE: We still want AgentX to be able to operate, +@@ -333,7 +338,18 @@ netsnmp_unix_transport(struct sockaddr_u + t->data_length = sizeof(sockaddr_un_pair); + sup = (sockaddr_un_pair *) t->data; + +- t->sock = socket(PF_UNIX, SOCK_STREAM, 0); ++#ifndef NETSNMP_NO_SYSTEMD ++ /* ++ * Maybe the socket was already provided by systemd... ++ */ ++ if (local) { ++ t->sock = netsnmp_sd_find_unix_socket(SOCK_STREAM, 1, addr->sun_path); ++ if (t->sock) ++ socket_initialized = 1; ++ } ++#endif ++ if (!socket_initialized) ++ t->sock = socket(PF_UNIX, SOCK_STREAM, 0); + if (t->sock < 0) { + netsnmp_transport_free(t); + return NULL; +@@ -357,25 +373,26 @@ netsnmp_unix_transport(struct sockaddr_u + + t->flags |= NETSNMP_TRANSPORT_FLAG_LISTEN; + +- unlink(addr->sun_path); +- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); +- +- if (rc != 0 && errno == ENOENT && create_path) { +- rc = mkdirhier(addr->sun_path, create_mode, 1); ++ if (!socket_initialized) { ++ unlink(addr->sun_path); ++ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); ++ if (rc != 0 && errno == ENOENT && create_path) { ++ rc = mkdirhier(addr->sun_path, create_mode, 1); ++ if (rc != 0) { ++ netsnmp_unix_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } ++ rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); ++ } + if (rc != 0) { ++ DEBUGMSGTL(("netsnmp_unix_transport", ++ "couldn't bind \"%s\", errno %d (%s)\n", ++ addr->sun_path, errno, strerror(errno))); + netsnmp_unix_close(t); + netsnmp_transport_free(t); + return NULL; + } +- rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr)); +- } +- if (rc != 0) { +- DEBUGMSGTL(("netsnmp_unix_transport", +- "couldn't bind \"%s\", errno %d (%s)\n", +- addr->sun_path, errno, strerror(errno))); +- netsnmp_unix_close(t); +- netsnmp_transport_free(t); +- return NULL; + } + + /* +@@ -391,16 +408,17 @@ netsnmp_unix_transport(struct sockaddr_u + * Now sit here and listen for connections to arrive. + */ + +- rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); +- if (rc != 0) { +- DEBUGMSGTL(("netsnmp_unix_transport", +- "couldn't listen to \"%s\", errno %d (%s)\n", +- addr->sun_path, errno, strerror(errno))); +- netsnmp_unix_close(t); +- netsnmp_transport_free(t); +- return NULL; ++ if (!socket_initialized) { ++ rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN); ++ if (rc != 0) { ++ DEBUGMSGTL(("netsnmp_unix_transport", ++ "couldn't listen to \"%s\", errno %d (%s)\n", ++ addr->sun_path, errno, strerror(errno))); ++ netsnmp_unix_close(t); ++ netsnmp_transport_free(t); ++ return NULL; ++ } + } +- + } else { + t->remote = (u_char *)malloc(strlen(addr->sun_path)); + if (t->remote == NULL) { diff --git a/net-snmp/snmpd.conf b/net-snmp/snmpd.conf new file mode 100644 index 000000000..ee19ab887 --- /dev/null +++ b/net-snmp/snmpd.conf @@ -0,0 +1,462 @@ +############################################################################### +# +# snmpd.conf: +# An example configuration file for configuring the ucd-snmp snmpd agent. +# +############################################################################### +# +# This file is intended to only be as a starting point. Many more +# configuration directives exist than are mentioned in this file. For +# full details, see the snmpd.conf(5) manual page. +# +# All lines beginning with a '#' are comments and are intended for you +# to read. All other lines are configuration commands for the agent. + +############################################################################### +# Access Control +############################################################################### + +# As shipped, the snmpd demon will only respond to queries on the +# system mib group until this file is replaced or modified for +# security purposes. Examples are shown below about how to increase the +# level of access. + +# By far, the most common question I get about the agent is "why won't +# it work?", when really it should be "how do I configure the agent to +# allow me to access it?" +# +# By default, the agent responds to the "public" community for read +# only access, if run out of the box without any configuration file in +# place. The following examples show you other ways of configuring +# the agent so that you can change the community names, and give +# yourself write access to the mib tree as well. +# +# For more information, read the FAQ as well as the snmpd.conf(5) +# manual page. + +#### +# First, map the community name "public" into a "security name" + +# sec.name source community +com2sec notConfigUser default public + +#### +# Second, map the security name into a group name: + +# groupName securityModel securityName +group notConfigGroup v1 notConfigUser +group notConfigGroup v2c notConfigUser + +#### +# Third, create a view for us to let the group have rights to: + +# Make at least snmpwalk -v 1 localhost -c public system fast again. +# name incl/excl subtree mask(optional) +view systemview included .1.3.6.1.2.1.1 +view systemview included .1.3.6.1.2.1.25.1.1 + +#### +# Finally, grant the group read-only access to the systemview view. + +# group context sec.model sec.level prefix read write notif +access notConfigGroup "" any noauth exact systemview none none + +# ----------------------------------------------------------------------------- + +# Here is a commented out example configuration that allows less +# restrictive access. + +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY +# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. + +## sec.name source community +#com2sec local localhost COMMUNITY +#com2sec mynetwork NETWORK/24 COMMUNITY + +## group.name sec.model sec.name +#group MyRWGroup any local +#group MyROGroup any mynetwork +# +#group MyRWGroup any otherv3user +#... + +## incl/excl subtree mask +#view all included .1 80 + +## -or just the mib2 tree- + +#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc + + +## context sec.model sec.level prefix read write notif +#access MyROGroup "" any noauth 0 all none none +#access MyRWGroup "" any noauth 0 all all all + + +############################################################################### +# Sample configuration to make net-snmpd RFC 1213. +# Unfortunately v1 and v2c don't allow any user based authentification, so +# opening up the default config is not an option from a security point. +# +# WARNING: If you uncomment the following lines you allow write access to your +# snmpd daemon from any source! To avoid this use different names for your +# community or split out the write access to a different community and +# restrict it to your local network. +# Also remember to comment the syslocation and syscontact parameters later as +# otherwise they are still read only (see FAQ for net-snmp). +# + +# First, map the community name "public" into a "security name" +# sec.name source community +#com2sec notConfigUser default public + +# Second, map the security name into a group name: +# groupName securityModel securityName +#group notConfigGroup v1 notConfigUser +#group notConfigGroup v2c notConfigUser + +# Third, create a view for us to let the group have rights to: +# Open up the whole tree for ro, make the RFC 1213 required ones rw. +# name incl/excl subtree mask(optional) +#view roview included .1 +#view rwview included system.sysContact +#view rwview included system.sysName +#view rwview included system.sysLocation +#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus +#view rwview included at.atTable.atEntry.atPhysAddress +#view rwview included at.atTable.atEntry.atNetAddress +#view rwview included ip.ipForwarding +#view rwview included ip.ipDefaultTTL +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5 +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType +#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState +#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger +#view rwview included snmp.snmpEnableAuthenTraps + +# Finally, grant the group read-only access to the systemview view. +# group context sec.model sec.level prefix read write notif +#access notConfigGroup "" any noauth exact roview rwview none + + + +############################################################################### +# System contact information +# + +# It is also possible to set the sysContact and sysLocation system +# variables through the snmpd.conf file: + +syslocation Unknown (edit /etc/snmp/snmpd.conf) +syscontact Root (configure /etc/snmp/snmp.local.conf) + +# Example output of snmpwalk: +# % snmpwalk -v 1 localhost -c public system +# system.sysDescr.0 = "SunOS name sun4c" +# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 +# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 +# system.sysContact.0 = "Me " +# system.sysName.0 = "name" +# system.sysLocation.0 = "Right here, right now." +# system.sysServices.0 = 72 + + +############################################################################### +# Logging +# + +# We do not want annoying "Connection from UDP: " messages in syslog. +# If the following option is commented out, snmpd will print each incoming +# connection, which can be useful for debugging. + +dontLogTCPWrappersConnects yes + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Process checks. +# +# The following are examples of how to use the agent to check for +# processes running on the host. The syntax looks something like: +# +# proc NAME [MAX=0] [MIN=0] +# +# NAME: the name of the process to check for. It must match +# exactly (ie, http will not find httpd processes). +# MAX: the maximum number allowed to be running. Defaults to 0. +# MIN: the minimum number to be running. Defaults to 0. + +# +# Examples (commented out by default): +# + +# Make sure mountd is running +#proc mountd + +# Make sure there are no more than 4 ntalkds running, but 0 is ok too. +#proc ntalkd 4 + +# Make sure at least one sendmail, but less than or equal to 10 are running. +#proc sendmail 10 1 + +# A snmpwalk of the process mib tree would look something like this: +# +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 +# +# Note that the errorFlag for mountd is set to 1 because one is not +# running (in this case an rpc.mountd is, but thats not good enough), +# and the ErrMessage tells you what's wrong. The configuration +# imposed in the snmpd.conf file is also shown. +# +# Special Case: When the min and max numbers are both 0, it assumes +# you want a max of infinity and a min of 1. +# + + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Executables/scripts +# + +# +# You can also have programs run by the agent that return a single +# line of output and an exit code. Here are two examples. +# +# exec NAME PROGRAM [ARGS ...] +# +# NAME: A generic name. The name must be unique for each exec statement. +# PROGRAM: The program to run. Include the path! +# ARGS: optional arguments to be passed to the program + +# a simple hello world + +#exec echotest /bin/echo hello world + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +#exec shelltest /bin/sh /tmp/shtest + +# Then, +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 + +# Note that the second line of the /tmp/shtest shell script is cut +# off. Also note that the exit status of 35 was returned. + +# ----------------------------------------------------------------------------- + + +############################################################################### +# disk checks +# + +# The agent can check the amount of available disk space, and make +# sure it is above a set limit. + +# disk PATH [MIN=100000] +# +# PATH: mount path to the disk in question. +# MIN: Disks with space below this value will have the Mib's errorFlag set. +# Default value = 100000. + +# Check the / partition and make sure it contains at least 10 megs. + +#disk / 10000 + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# load average checks +# + +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] +# +# 1MAX: If the 1 minute load average is above this limit at query +# time, the errorFlag will be set. +# 5MAX: Similar, but for 5 min average. +# 15MAX: Similar, but for 15 min average. + +# Check for loads: +#load 12 14 14 + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Extensible sections. +# + +# This alleviates the multiple line output problem found in the +# previous executable mib by placing each mib in its own mib table: + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50 +# enterprises.ucdavis.50.1.1 = 1 +# enterprises.ucdavis.50.2.1 = "shelltest" +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.50.100.1 = 35 +# enterprises.ucdavis.50.101.1 = "hello world." +# enterprises.ucdavis.50.101.2 = "hi there." +# enterprises.ucdavis.50.102.1 = 0 + +# Now the Output has grown to two lines, and we can see the 'hi +# there.' output as the second line from our shell script. +# +# Note that you must alter the mib.txt file to be correct if you want +# the .50.* outputs above to change to reasonable text descriptions. + +# Other ideas: +# +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Pass through control. +# + +# Usage: +# pass MIBOID EXEC-COMMAND +# +# This will pass total control of the mib underneath the MIBOID +# portion of the mib to the EXEC-COMMAND. +# +# Note: You'll have to change the path of the passtest script to your +# source directory or install it in the given location. +# +# Example: (see the script for details) +# (commented out here since it requires that you place the +# script in the right location. (its not installed by default)) + +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255 +# enterprises.ucdavis.255.1 = "life the universe and everything" +# enterprises.ucdavis.255.2.1 = 42 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 +# enterprises.ucdavis.255.5 = 42 +# enterprises.ucdavis.255.6 = Gauge: 42 +# +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 +# enterprises.ucdavis.255.5 = 42 +# +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" +# enterprises.ucdavis.255.1 = "New string" +# + +# For specific usage information, see the man/snmpd.conf.5 manual page +# as well as the local/passtest script used in the above example. + +############################################################################### +# Further Information +# +# See the snmpd.conf manual page, and the output of "snmpd -H". diff --git a/net-snmp/snmptrapd.conf b/net-snmp/snmptrapd.conf new file mode 100644 index 000000000..72ce1ccca --- /dev/null +++ b/net-snmp/snmptrapd.conf @@ -0,0 +1,6 @@ +# Example configuration file for snmptrapd +# +# No traps are handled by default, you must edit this file! +# +# authCommunity log,execute,net public +# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold diff --git a/net-snmp/systemd/snmpd.service b/net-snmp/systemd/snmpd.service index c6f032a86..3af5ea7da 100644 --- a/net-snmp/systemd/snmpd.service +++ b/net-snmp/systemd/snmpd.service @@ -1,9 +1,11 @@ [Unit] -Description=Simple Network Management Protocol Daemon +Description=Simple Network Management Protocol (SNMP) Daemon. +After=syslog.target network.target [Service] -Type=forking -ExecStart=/usr/sbin/snmpd -c /etc/snmpd.conf +Type=notify +ExecStart=/usr/sbin/snmpd -LS0-6d -f +ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target diff --git a/net-snmp/systemd/snmptrapd.service b/net-snmp/systemd/snmptrapd.service new file mode 100644 index 000000000..e4689a6d7 --- /dev/null +++ b/net-snmp/systemd/snmptrapd.service @@ -0,0 +1,11 @@ +[Unit] +Description=Simple Network Management Protocol (SNMP) Trap Daemon. +After=syslog.target network.target + +[Service] +Type=notify +ExecStart=/usr/sbin/snmptrapd -Lsd -f +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target