reinit the tree, so we can have metadata

6 files changed, 196 insertions, 0 deletions

diff --git a/net-firewall/nufw/files/nuauth-conf.d b/net-firewall/nufw/files/nuauth-conf.d
new file mode 100644
index 000000000000..1ac750cf49fd
--- /dev/null
+++ b/net-firewall/nufw/files/nuauth-conf.d
@@ -0,0 +1,2 @@
+# configuration file for /etc/init.d/nuauth
+NUAUTH_OPTIONS=""
diff --git a/net-firewall/nufw/files/nuauth-init.d b/net-firewall/nufw/files/nuauth-init.d
new file mode 100644
index 000000000000..db9c10b8a0d5
--- /dev/null
+++ b/net-firewall/nufw/files/nuauth-init.d
@@ -0,0 +1,27 @@
+#!/sbin/openrc-run
+
+depend() {
+	before net
+}
+
+checkconfig() {
+	if [ ! -e /etc/nufw/nuauth.conf ]; then
+		eerror "You need a /etc/nufw/nuauth.conf file to run nuauth"
+		eerror "There is sample file in /usr/share/doc/nufw-version/"
+		return 1
+	fi
+}
+
+start() {
+	checkpath -d /run/nuauth
+	checkconfig || return 1
+	ebegin "Starting nuauth"
+		start-stop-daemon --start --quiet --exec /usr/sbin/nuauth -- -D ${NUAUTH_OPTIONS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping nuauth"
+		start-stop-daemon --stop --quiet --pidfile /run/nuauth/nuauth.pid
+	eend $?
+}
diff --git a/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
new file mode 100644
index 000000000000..e75d2b3fd61d
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-2.2.22-gnutls-3.4.patch
@@ -0,0 +1,103 @@
+From cbe4cfe90322e5add59433d9dd8394f46e341fab Mon Sep 17 00:00:00 2001
+From: Alon Bar-Lev <alon.barlev@gmail.com>
+Date: Sat, 4 Mar 2017 01:00:40 +0200
+Subject: [PATCH] ssl: drop call of deprecated
+ gnutls_certificate_type_set_priority()
+
+CTYPE-X.509 is the default value. Closes: #624077
+
+Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+---
+ src/clients/lib/libnuclient.c | 15 ++-------------
+ src/nufw/tls.c                | 14 --------------
+ 2 files changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/src/clients/lib/libnuclient.c b/src/clients/lib/libnuclient.c
+index 917e75a..6e78c96 100644
+--- a/src/clients/lib/libnuclient.c
++++ b/src/clients/lib/libnuclient.c
+@@ -62,9 +62,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+ #  define DH_BITS 1024
+ #endif
+ 
+-static const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+-
+ void nu_exit_clean(nuauth_session_t * session)
+ {
+ 	if (session->ct) {
+@@ -270,7 +267,7 @@ int check_key_perms(const char* filename)
+ 	return 1;
+ }
+ 
+-static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st)
++static int _cb_request_cert(gnutls_session_t session, const gnutls_datum_t* req_ca_dn, int nreqs, const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st)
+ {
+ 	printf("TLS error: server requests certificate, none configured\n");
+ 	return 0;
+@@ -518,7 +515,7 @@ int nu_client_setup_tls(nuauth_session_t * session,
+ 			SET_ERROR(err, INTERNAL_ERROR, FILE_ACCESS_ERR);
+ 			return 0;
+ 		}
+-		gnutls_certificate_client_set_retrieve_function(session->cred,
++		gnutls_certificate_set_retrieve_function(session->cred,
+ 				&_cb_request_cert);
+ 	}
+ 
+@@ -604,12 +601,6 @@ int nu_client_reset_tls(nuauth_session_t *session)
+ 		return 0;
+ 	}
+ 
+-	ret =
+-	    gnutls_certificate_type_set_priority(session->tls,
+-						 cert_type_priority);
+-	if (ret < 0) {
+-		return 0;
+-	}
+ 	return 1;
+ }
+ 
+@@ -776,8 +767,6 @@ void nu_client_reset(nuauth_session_t * session)
+ 	gnutls_deinit(session->tls);
+ 	gnutls_init(&session->tls, GNUTLS_CLIENT);
+ 	gnutls_set_default_priority(session->tls);
+-	gnutls_certificate_type_set_priority(session->tls,
+-					     cert_type_priority);
+ 	session->need_set_cred = 1;
+ 
+ 	/* close socket */
+diff --git a/src/nufw/tls.c b/src/nufw/tls.c
+index e7223eb..2d46820 100644
+--- a/src/nufw/tls.c
++++ b/src/nufw/tls.c
+@@ -506,8 +506,6 @@ void tls_connect()
+ 	gnutls_session *tls_session;
+ 	int tls_socket, ret;
+ #if USE_X509
+-	const int cert_type_priority[3] = { GNUTLS_CRT_X509, 0 };
+-
+ 	tls.session = NULL;
+ 
+ 	/* compute patch key_file */
+@@ -655,18 +653,6 @@ void tls_connect()
+ 		return;
+ 	}
+ #if USE_X509
+-	ret = gnutls_certificate_type_set_priority(*(tls_session),
+-						   cert_type_priority);
+-	if (ret < 0) {
+-		log_area_printf(DEBUG_AREA_MAIN, DEBUG_LEVEL_WARNING,
+-				"TLS: gnutls_certificate_type_set_priority() failed: %s",
+-				gnutls_strerror(ret));
+-		gnutls_certificate_free_credentials(tls.xcred);
+-		gnutls_deinit(*tls_session);
+-		free(tls_session);
+-		return;
+-	}
+-
+ 	/* put the x509 credentials to the current session */
+ 	ret = gnutls_credentials_set(*(tls_session), GNUTLS_CRD_CERTIFICATE,
+ 				   tls.xcred);
+-- 
+2.10.2
+
diff --git a/net-firewall/nufw/files/nufw-2.2.22-var-run.patch b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch
new file mode 100644
index 000000000000..f6bcc95e0006
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-2.2.22-var-run.patch
@@ -0,0 +1,45 @@
+--- a/src/nuauth/auth_srv.h
++++ b/src/nuauth/auth_srv.h
+@@ -162,7 +162,7 @@
+ #ifdef S_SPLINT_S
+ #  define NUAUTH_PID_FILE  "/usr/local/var/run/nuauth/nuauth.pid"
+ #else
+-#  define NUAUTH_PID_FILE  LOCAL_STATE_DIR "/run/nuauth/nuauth.pid"
++#  define NUAUTH_PID_FILE  "/run/nuauth/nuauth.pid"
+ #endif
+ 
+ /* define the number of threads that will do user check */
+--- a/src/nuauth/command.c
++++ b/src/nuauth/command.c
+@@ -26,7 +26,7 @@
+ #include <sys/un.h>		/* unix socket */
+ #include <sys/stat.h>		/* fchmod() */
+ 
+-#define SOCKET_FILENAME LOCAL_STATE_DIR "/run/nuauth/nuauth-command.socket"
++#define SOCKET_FILENAME "/run/nuauth/nuauth-command.socket"
+ 
+ const char* COMMAND_HELP =
+ "version: display nuauth version\n"
+--- a/src/nufw/main.c
++++ b/src/nufw/main.c
+@@ -54,7 +54,7 @@
+ 
+ /*! Name of pid file prefixed by LOCAL_STATE_DIR (variable defined
+  * during compilation/installation) */
+-#define NUFW_PID_FILE  LOCAL_STATE_DIR "/run/nufw.pid"
++#define NUFW_PID_FILE   "/run/nufw.pid"
+ 
+ /**
+  * Stop threads and then wait until threads exit.
+--- a/src/nuauth/Makefile.am
++++ b/src/nuauth/Makefile.am
+@@ -26,9 +26,6 @@
+ 
+ nuauth_LDADD = $(GLIB_LIBS) -lm  -lgnutls -lsasl2 -lnufw -L$(top_builddir)/src/include/
+ 
+-install-exec-local:
+-	install -d "$(DESTDIR)$(localstatedir)/run/nuauth/"
+-
+ nuauth$(EXEEXT): $(nuauth_OBJECTS) $(nuauth_DEPENDENCIES)
+ 	@rm -f nuauth$(EXEEXT)
+ 	$(LINK) $(nuauth_LDFLAGS) $(nuauth_OBJECTS) $(nuauth_LDADD)
diff --git a/net-firewall/nufw/files/nufw-conf.d b/net-firewall/nufw/files/nufw-conf.d
new file mode 100644
index 000000000000..b2ea527744ec
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-conf.d
@@ -0,0 +1,2 @@
+# configuration file for /etc/init.d/nufw
+NUFW_OPTIONS="-k /etc/nufw/nufw.key -c /etc/nufw/nufw.pem -d 127.0.0.1 -p 4129"
diff --git a/net-firewall/nufw/files/nufw-init.d b/net-firewall/nufw/files/nufw-init.d
new file mode 100644
index 000000000000..fd97dd408c7b
--- /dev/null
+++ b/net-firewall/nufw/files/nufw-init.d
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+
+depend() {
+	before net
+}
+
+start() {
+	ebegin "Starting nufw"
+	start-stop-daemon --start --quiet --exec /usr/sbin/nufw -- -D ${NUFW_OPTIONS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping nufw"
+	start-stop-daemon --stop --quiet --pidfile /run/nufw.pid
+	eend $?
+}