update to v4.05
add chroot/privdrop from Michael Schubert
This commit is contained in:
parent
765d22c660
commit
0017031556
@ -1,18 +1,20 @@
|
||||
# $OpenBSD: Makefile,v 1.28 2003/11/23 02:06:46 pvalchev Exp $
|
||||
# $OpenBSD: Makefile,v 1.29 2004/02/16 12:33:18 jakob Exp $
|
||||
|
||||
COMMENT= "SSL encryption wrapper for standard network daemons"
|
||||
|
||||
DISTNAME= stunnel-4.04
|
||||
VERSION= 4.05
|
||||
DISTNAME= stunnel-${VERSION}
|
||||
CATEGORIES= security
|
||||
|
||||
MAINTAINER= Jakob Schlyter <jakob@openbsd.org>
|
||||
|
||||
# GPL
|
||||
PERMIT_PACKAGE_CDROM= Yes
|
||||
PERMIT_PACKAGE_FTP= Yes
|
||||
PERMIT_DISTFILES_CDROM= Yes
|
||||
PERMIT_DISTFILES_FTP= Yes
|
||||
|
||||
HOMEPAGE= http://stunnel.mirt.net/
|
||||
HOMEPAGE= http://www.stunnel.org/
|
||||
|
||||
MASTER_SITES= ftp://stunnel.mirt.net/stunnel/ \
|
||||
http://www.stunnel.org/download/stunnel/src/ \
|
||||
@ -25,9 +27,9 @@ MASTER_SITES= ftp://stunnel.mirt.net/stunnel/ \
|
||||
SEPARATE_BUILD= concurrent
|
||||
CONFIGURE_STYLE= gnu
|
||||
CONFIGURE_ARGS+= --with-tcp-wrappers \
|
||||
--with-pem-dir=${SYSCONFDIR}/ssl \
|
||||
--with-random=/dev/arandom \
|
||||
--with-ssl=/usr \
|
||||
--sysconfdir=${SYSCONFDIR} \
|
||||
--localstatedir=/var \
|
||||
${CONFIGURE_SHARED}
|
||||
NO_REGRESS= Yes
|
||||
|
@ -1,3 +1,3 @@
|
||||
MD5 (stunnel-4.04.tar.gz) = 2fcdf0311a0ab8a3223293c706a84e97
|
||||
RMD160 (stunnel-4.04.tar.gz) = cefc797f0f9cd3ebfffc5db11f1052b75435975a
|
||||
SHA1 (stunnel-4.04.tar.gz) = 9f0f85eb0620ee4f4f68d833eb3f39eb31960f31
|
||||
MD5 (stunnel-4.05.tar.gz) = e28a03cf694a43a7f144ec3d5c064456
|
||||
RMD160 (stunnel-4.05.tar.gz) = 69ff19147d9faf721c19b56b393015632a5a30f2
|
||||
SHA1 (stunnel-4.05.tar.gz) = a95b09ed88930fa432f47c5c5d3db770681fe715
|
||||
|
@ -1,4 +1,4 @@
|
||||
$OpenBSD$
|
||||
$OpenBSD: patch-Makefile_in,v 1.1 2004/02/16 12:33:18 jakob Exp $
|
||||
--- Makefile.in.orig Mon Sep 2 11:21:17 2002
|
||||
+++ Makefile.in Mon Sep 2 11:21:21 2002
|
||||
@@ -78,7 +78,7 @@ VERSION = @VERSION@
|
12
security/stunnel/patches/patch-src_stunnel_c
Normal file
12
security/stunnel/patches/patch-src_stunnel_c
Normal file
@ -0,0 +1,12 @@
|
||||
--- src/stunnel.c.orig 2004-02-14 15:12:27.000000000 +0100
|
||||
+++ src/stunnel.c 2004-02-16 13:06:48.000000000 +0100
|
||||
@@ -176,8 +176,8 @@ static void daemon_loop(void) {
|
||||
#if !defined (USE_WIN32) && !defined (__vms)
|
||||
if(!(options.option.foreground))
|
||||
daemonize();
|
||||
- drop_privileges();
|
||||
create_pid();
|
||||
+ drop_privileges();
|
||||
#endif /* !defined USE_WIN32 && !defined (__vms) */
|
||||
|
||||
/* create exec+connect services */
|
@ -1,8 +1,8 @@
|
||||
$OpenBSD: patch-tools_Makefile_in,v 1.1 2002/10/30 11:10:35 jakob Exp $
|
||||
--- tools/Makefile.in.orig Mon Sep 2 11:18:34 2002
|
||||
+++ tools/Makefile.in Mon Sep 2 11:18:43 2002
|
||||
$OpenBSD: patch-tools_Makefile_in,v 1.2 2004/02/16 12:33:18 jakob Exp $
|
||||
--- tools/Makefile.in.orig 2004-02-14 15:31:34.000000000 +0100
|
||||
+++ tools/Makefile.in 2004-02-16 13:06:48.000000000 +0100
|
||||
@@ -90,7 +90,7 @@ examplesdir = $(docdir)/examples
|
||||
examples_DATA = ca.html ca.pl importCA.html importCA.sh stunnel.spec stunnel.init
|
||||
examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh stunnel.spec stunnel.init
|
||||
|
||||
|
||||
-openssl = $(ssldir)/bin/openssl
|
||||
|
41
security/stunnel/patches/patch-tools_stunnel_conf-sample_in
Normal file
41
security/stunnel/patches/patch-tools_stunnel_conf-sample_in
Normal file
@ -0,0 +1,41 @@
|
||||
$OpenBSD: patch-tools_stunnel_conf-sample_in,v 1.1 2004/02/16 12:33:18 jakob Exp $
|
||||
--- tools/stunnel.conf-sample.in.orig 2004-01-26 20:26:18.000000000 +0100
|
||||
+++ tools/stunnel.conf-sample.in 2004-02-16 13:10:46.000000000 +0100
|
||||
@@ -1,13 +1,14 @@
|
||||
# Sample stunnel configuration file
|
||||
# Copyright by Michal Trojnara 2002
|
||||
+# Modified for OpenBSD by Michael Schubert 2003
|
||||
|
||||
# Comment it out on Win32
|
||||
-cert = @prefix@/etc/stunnel/mail.pem
|
||||
-chroot = @prefix@/var/run/stunnel/
|
||||
+cert = @sysconfdir@/ssl/private/stunnel.pem
|
||||
+chroot = @localstatedir@/stunnel/
|
||||
# PID is created inside chroot jail
|
||||
-pid = /stunnel.pid
|
||||
-setuid = nobody
|
||||
-setgid = nogroup
|
||||
+pid = /var/run/stunnel.pid
|
||||
+setuid = _stunnel
|
||||
+setgid = _stunnel
|
||||
|
||||
# Workaround for Eudora bug
|
||||
#options = DONT_INSERT_EMPTY_FRAGMENTS
|
||||
@@ -16,13 +17,13 @@ setgid = nogroup
|
||||
#verify = 2
|
||||
# don't forget about c_rehash CApath
|
||||
# it is located inside chroot jail:
|
||||
-#CApath = /certs
|
||||
+#CApath = @sysconfdir@/ssl/certs
|
||||
# or simply use CAfile instead:
|
||||
-#CAfile = @prefix@/etc/stunnel/certs.pem
|
||||
+#CAfile = @sysconfdir@/ssl/certs.pem
|
||||
# CRL path or file (inside chroot jail):
|
||||
-#CRLpath = /crls
|
||||
+#CRLpath = @sysconfdir@/ssl/crls
|
||||
# or simply use CAfile instead:
|
||||
-#CRLfile = @prefix@/etc/stunnel/crls.pem
|
||||
+#CRLfile = @sysconfdir@/ssl/crls.pem
|
||||
|
||||
# Some debugging stuff
|
||||
#debug = 7
|
26
security/stunnel/pkg/DEINSTALL
Normal file
26
security/stunnel/pkg/DEINSTALL
Normal file
@ -0,0 +1,26 @@
|
||||
#!/bin/sh
|
||||
# $OpenBSD: DEINSTALL
|
||||
#
|
||||
# Stunnel de-installation
|
||||
|
||||
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
||||
CONFIG_DIR=${SYSCONFDIR}/stunnel
|
||||
CHROOT_DIR=/var/stunnel
|
||||
STUNNELUSER=_stunnel
|
||||
STUNNELGROUP=_stunnel
|
||||
|
||||
echo
|
||||
echo " To completely deinstall the $1 package you need to perform"
|
||||
echo " these steps as root (make sure stunnel is not running!):"
|
||||
echo ""
|
||||
echo " userdel $STUNNELUSER"
|
||||
echo " groupdel $STUNNELGROUP"
|
||||
echo " rm -rf $CONFIG_DIR"
|
||||
echo " rm -rf $CHROOT_DIR"
|
||||
echo " rm /var/run/stunnel.pid"
|
||||
echo ""
|
||||
echo " Do not do this if you plan on re-installing $1"
|
||||
echo " at some future time."
|
||||
echo
|
||||
|
||||
exit 0
|
95
security/stunnel/pkg/INSTALL
Normal file
95
security/stunnel/pkg/INSTALL
Normal file
@ -0,0 +1,95 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $OpenBSD: INSTALL,v 1.1 2004/02/16 12:33:18 jakob Exp $
|
||||
#
|
||||
# Pre/post-installation setup of stunnel
|
||||
|
||||
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
||||
PREFIX=${PKG_PREFIX:-/usr/local}
|
||||
CONFIG_DIR=${SYSCONFDIR}/stunnel
|
||||
SAMPLE_CONFIG_DIR=$PREFIX/share/examples/stunnel
|
||||
CHROOT_DIR=/var/stunnel
|
||||
|
||||
STUNNELUSER=_stunnel
|
||||
STUNNELGROUP=_stunnel
|
||||
STUNNELUID=528
|
||||
STUNNELGID=528
|
||||
|
||||
do_usergroup_install()
|
||||
{
|
||||
# Create stunnel user and group
|
||||
groupinfo -e $STUNNELGROUP
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "===> Using $STUNNELGROUP group for stunnel"
|
||||
else
|
||||
echo "===> Creating $STUNNELGROUP group for stunnel"
|
||||
groupadd -g $STUNNELGID $STUNNELGROUP
|
||||
fi
|
||||
userinfo -e $STUNNELUSER
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "===> Using $STUNNELUSER user for stunnel"
|
||||
else
|
||||
echo "===> Creating $STUNNELUSER user for stunnel"
|
||||
useradd -u $STUNNELUID -g $STUNNELGROUP -d $CHROOT_DIR \
|
||||
-L daemon -c 'stunnel account' -s /sbin/nologin $STUNNELUSER
|
||||
fi
|
||||
}
|
||||
|
||||
do_chroot_dir_install()
|
||||
{
|
||||
install -d -o root -g wheel -m 755 $CHROOT_DIR
|
||||
}
|
||||
|
||||
do_notice_conf()
|
||||
{
|
||||
echo
|
||||
echo " The existing $1 configuration files in $CONFIG_DIR have NOT"
|
||||
echo " been changed. You may want to compare them to the current samples in"
|
||||
echo " $SAMPLE_CONFIG_DIR, and update your configuration"
|
||||
echo " files as needed."
|
||||
echo
|
||||
}
|
||||
|
||||
do_install_conf()
|
||||
{
|
||||
install -d -o root -g wheel -m 755 $CONFIG_DIR
|
||||
install -o root -g wheel -m 644 $SAMPLE_CONFIG_DIR/stunnel.conf-sample \
|
||||
$CONFIG_DIR/stunnel.conf
|
||||
echo
|
||||
echo " An $1 sample configuration file has been installed in $CONFIG_DIR."
|
||||
echo " Please view this file and change the configuration to meet your needs."
|
||||
echo
|
||||
}
|
||||
|
||||
# verify proper execution
|
||||
#
|
||||
if [ $# -ne 2 ]; then
|
||||
echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify/process the command
|
||||
#
|
||||
case $2 in
|
||||
PRE-INSTALL)
|
||||
do_usergroup_install
|
||||
;;
|
||||
POST-INSTALL)
|
||||
if [ ! -d $CHROOT_DIR ]; then
|
||||
do_chroot_dir_install
|
||||
fi
|
||||
if [ ! -d $CONFIG_DIR ]; then
|
||||
do_install_conf $1
|
||||
elif [ ! -f $CONFIG_DIR/stunnel.conf ]; then
|
||||
do_install_conf $1
|
||||
else
|
||||
do_notice_conf $1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
@ -2,3 +2,8 @@ After stunnel is installed, you have to create a server certificate and
|
||||
put the result in /etc/ssl/private/stunnel.pem. For more information on
|
||||
how to create certificates, read ssl(8). For more information on stunnel,
|
||||
read stunnel(8).
|
||||
|
||||
You can edit /etc/rc.local so that stunnel is started automatically:
|
||||
if [ -x ${PREFIX}/sbin/stunnel ]; then
|
||||
echo -n ' stunnel'; ${PREFIX}/sbin/stunnel
|
||||
fi
|
||||
|
@ -1,5 +1,5 @@
|
||||
@comment $OpenBSD: PLIST,v 1.4 2002/10/31 18:02:36 jakob Exp $
|
||||
share/examples/stunnel/stunnel.conf-sample
|
||||
@comment $OpenBSD: PLIST,v 1.5 2004/02/16 12:33:18 jakob Exp $
|
||||
man/man8/stunnel.8
|
||||
sbin/stunnel
|
||||
share/examples/stunnel/stunnel.conf-sample
|
||||
@dirrm share/examples/stunnel
|
||||
|
Loading…
Reference in New Issue
Block a user