Update to 2.3.2 and add the following modifications:

+ add user _icecast (home directory in /var/icecast)
+ enable chroot by default
+ populate chroot with all the necessary files

ok okan@ sthen@ ajacoutot@
This commit is contained in:
pea 2008-11-18 21:22:02 +00:00
parent 169c1b3595
commit 89578d2faf
14 changed files with 224 additions and 180 deletions

View File

@ -1,9 +1,8 @@
# $OpenBSD: Makefile,v 1.36 2007/11/17 20:39:02 steven Exp $
# $OpenBSD: Makefile,v 1.37 2008/11/18 21:22:02 pea Exp $
COMMENT= server for streaming various media formats
DISTNAME= icecast-2.3.1
PKGNAME= ${DISTNAME}p2
DISTNAME= icecast-2.3.2
CATEGORIES= net audio
HOMEPAGE= http://www.icecast.org/
@ -35,11 +34,8 @@ LIB_DEPENDS= curl.>=2::net/curl \
SEPARATE_BUILD= simple
post-build:
@sed -e 's,##PREFIX##,${TRUEPREFIX},g' < ${FILESDIR}/README.OpenBSD > \
${WRKBUILD}/README.OpenBSD
post-install:
${SUBST_CMD} -c ${FILESDIR}/README.OpenBSD ${WRKBUILD}/README.OpenBSD
${INSTALL_DATA} ${WRKBUILD}/README.OpenBSD \
${PREFIX}/share/doc/icecast/README.OpenBSD

View File

@ -1,5 +1,5 @@
MD5 (icecast-2.3.1.tar.gz) = LYCiSfqFKfgtAYxiFhCOqA==
RMD160 (icecast-2.3.1.tar.gz) = OUFI8GDaypedSXh1MMSShVjdMlw=
SHA1 (icecast-2.3.1.tar.gz) = 6HT/x9vtgqFYiRhqHNO3t946ul0=
SHA256 (icecast-2.3.1.tar.gz) = e8wqHiE3oUPe6s12Gc00gwBnKq+HdPz8suQ6p8PnRmA=
SIZE (icecast-2.3.1.tar.gz) = 1094154
MD5 (icecast-2.3.2.tar.gz) = /1FrPM0rzDHmj0YM0xYJPw==
RMD160 (icecast-2.3.2.tar.gz) = 7BRVPM5lL7gIIzFslwX0y2F5zCo=
SHA1 (icecast-2.3.2.tar.gz) = pSsTUFVIwu/yxkqrlaQtyv2hEic=
SHA256 (icecast-2.3.2.tar.gz) = R0Kzj8VbY3OJWnwKNbrtSahI/smfXoU44/AVc4PQs/A=
SIZE (icecast-2.3.2.tar.gz) = 1152319

View File

@ -1,105 +1,66 @@
Icecast v2 is very versatile and can be used in many different setups.
Since there is not "one true way" to install and configure it and every
user will have individual preferences and needs. A streaming service
provider has different requirements than someone who wants to set up a
jukebox at home.
$OpenBSD: README.OpenBSD,v 1.4 2008/11/18 21:22:02 pea Exp $
To make things easier, here is a small step-by-step guide to get Icecast v2
running in a basic setup, which uses its chrooting feature and drops
privileges to an unprivileged account.
Icecast v2 is very versatile and can be used in many different
envionrments. A streaming service provider has different requirements
than someone who wants to set up a jukebox at home.
1. Read the documentation, so you know what you are doing. It is also
very helpful to know what Icecast v2 is doing for you, and what it
is not. If you do not understand the concept of streaming with Icecast,
yet, http://liveice.sourceforge.net/understanding.html might be of use
to you.
To get a better understanding of streaming with Icecast,
http://liveice.sourceforge.net/understanding.html may be of use.
2. Create an unprivileged user _icecast - preferrably with an UID that
does not conflict with other ports, system UIDs or regular users.
I suggest something between 200 and 499. This example uses the UID/
GID combo 400:
This is a small step-by-step guide to get Icecast v2 running in a basic
setup, using its chrooting feature, dropping privileges to an
unprivileged account.
# useradd -c "Icecast Server" -d /nonexistent -g =uid \
-s /sbin/nologin -u 400 _icecast
1. Complete the chroot environment with additional system files.
While this is optional, it allows YP directory listings (DNS
lookups are required for those) to work and the log files to
contain correct timestamps.
3. Create a working directory for Icecast.
# mkdir /var/icecast
4. Copy the examples into the working directory
# cp -R ##PREFIX##/share/examples/icecast/* /var/icecast
5. Create Icecast's log directory and -files, make them accessible
to the Icecast user.
# cd /var/icecast
# mkdir log
# touch log/error.log log/access.log
# chown _icecast:_icecast log/*.log
6. Complete the chroot environment with additional system files --
this is optional, but it allows YP directory listing (DNS lookups are
required for those) to work and the log files will contain correct
timestamps.
# mkdir /var/icecast/etc
# cp -p /etc/{hosts,localtime,resolv.conf} /var/icecast/etc
7. There is an icecast.xml.dist in /var/icecast - rename it and adjust it.
Consult the documentation and comments about the various options.
Important settings for this particular setup are outlined below.
# mv icecast.xml.dist icecast.xml
# chmod 600 icecast.xml
(Mode 600 is highly recommended; icecast.xml contains plain-text
passwords. At least keep it inaccessible to "others".)
Now load icecast.xml in your favorite editor, and:
2. Adjust /var/icecast/icecast.xml. Consult the documentation and
comments about the various options.
* CHANGE THE DEFAULT PASSWORDS FOR SOURCE CLIENTS, RELAYS AND
THE ADMIN INTERFACE
THE ADMIN INTERFACE.
* Change <basedir> to /var/icecast
Mode 600 is highly recommended, for icecast.xml contains plain-text
passwords.
* Change <logdir> to /log
* Change <webroot> to /web
* Change <adminroot> to /admin
* Change <chroot> to 1
* Uncomment the <changeowner> directive, replace both "nobody" and
"nogroup" with "_icecast".
8. Start Icecast and monitor error.log for errors and clues on how to
solve any issues.
3. Start Icecast and monitor the logs in /var/icecast/log and resolve
any errors.
# icecast -c /var/icecast/icecast.xml
If things look good, add the command line parameter `-b' to send
Icecast into daemon land.
Add the command line parameter `-b' to daemonize.
9. Test your server.
Use a source client to create a stream and listen to it with your
favorite player that supports streaming.
Also test Icecast's web interface. Be aware that Icecast sends
everything located in <webroot> to those who request it like a regular
(basic) web server. You can restrict this behavior to serve only
.xsl files by setting <fileserve> to 0 in your icecast.xml, however,
you should definitely take a closer look at what you actually want
to show the world here. There is no reason for paranoia, it's all
safe, but you should spend some time thinking about it. Note that
disabling <fileserve> will also prevent CSS stylesheets and images
from being sent, making the web interface less pleasant to look at.
4. Test your server. Use a source client to create a stream and
listen to it with your favorite player that supports streaming.
Also test Icecast's web interface. Be aware that Icecast sends
everything located in <webroot> to those who request it like a
regular (basic) web server. You can restrict this behavior to
serve only .xsl files by setting <fileserve> to 0 in your
icecast.xml; however, you should definitely take a closer look at
what you actually want to show the world here. There is no reason
for paranoia, it's all safe, but you should spend some time
thinking about it. Note that disabling <fileserve> will also
prevent CSS stylesheets and images from being sent, making the web
interface less pleasant to look at.
Random hints:
5. Add the following to your /etc/rc.local:
* Remember to give your mountpoint a proper name -- MP3 streams should
use no extension, Ogg Vorbis streams should use .ogg, so that dumb or
broken players can send the stream to the appropriate decoder.
if [ -x ${TRUEPREFIX}/bin/icecast ] ; then
echo -n ' icecast'
${TRUEPREFIX}/bin/icecast -b -c /var/icecast/icecast.xml
fi
* There are many different source clients available for different
platforms. On OpenBSD, there are at least the ices-0 and ices-2
packages available to stream MP3 and Ogg Vorbis audio respectively.
There are a lot more alternatives available that are easy to find
with a search engine like Google.
Random hints:
* Remember to give your mountpoint a proper name -- MP3 streams
should use no extension, Ogg Vorbis streams should use .ogg, so
that dumb or broken players can send the stream to the appropriate
decoder.
* The default "bind to any address" only opens an IPv6 socket.
Specify a specific address or use 0.0.0.0 to accept any IPv4 address.

View File

@ -1,12 +1,12 @@
$OpenBSD: patch-Makefile_in,v 1.3 2005/10/21 15:59:54 naddy Exp $
--- Makefile.in.orig Sat Aug 20 21:36:59 2005
+++ Makefile.in Tue Aug 23 11:30:09 2005
@@ -137,7 +137,7 @@ EXTRA_DIST = HACKING m4/acx_pthread.m4 m
$OpenBSD: patch-Makefile_in,v 1.4 2008/11/18 21:22:02 pea Exp $
--- Makefile.in.orig Fri May 30 01:58:59 2008
+++ Makefile.in Fri Nov 7 10:39:29 2008
@@ -242,7 +242,7 @@ EXTRA_DIST = HACKING m4/acx_pthread.m4 m4/ogg.m4 \
m4/xiph_compiler.m4 m4/xiph_curl.m4 m4/xiph_net.m4 \
m4/xiph_types.m4 m4/xiph_xml2.m4 icecast.spec
docdir = $(datadir)/doc/$(PACKAGE)
-doc_DATA = README AUTHORS COPYING NEWS TODO ChangeLog
+doc_DATA = AUTHORS NEWS
subdir = .
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive

View File

@ -1,12 +1,12 @@
$OpenBSD: patch-admin_Makefile_in,v 1.1 2004/02/02 19:32:37 fgsch Exp $
--- admin/Makefile.in.orig 2004-01-07 22:52:09.000000000 +0100
+++ admin/Makefile.in 2004-01-08 15:53:04.000000000 +0100
@@ -33,7 +33,7 @@ infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
$OpenBSD: patch-admin_Makefile_in,v 1.2 2008/11/18 21:22:02 pea Exp $
--- admin/Makefile.in.orig Fri May 30 01:58:57 2008
+++ admin/Makefile.in Fri Nov 7 10:40:00 2008
@@ -15,7 +15,7 @@
@SET_MAKE@
VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
+pkgdatadir = $(datadir)/examples/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd

View File

@ -1,20 +1,20 @@
$OpenBSD: patch-conf_Makefile_in,v 1.3 2005/10/21 15:59:54 naddy Exp $
--- conf/Makefile.in.orig Tue Aug 23 11:30:19 2005
+++ conf/Makefile.in Tue Aug 23 11:31:07 2005
@@ -130,7 +130,7 @@ AUTOMAKE_OPTIONS = foreign
EXTRA_DIST = icecast.xml.in icecast_minimal.xml.in icecast_shoutcast_compat.xml.in icecast_urlauth.xml.in
DISTCLEANFILES = icecast.xml.dist icecast_minimal.xml.dist icecast_shoutcast_compat.xml.dist icecast_urlauth.xml.dist
$OpenBSD: patch-conf_Makefile_in,v 1.4 2008/11/18 21:22:02 pea Exp $
--- conf/Makefile.in.orig Fri May 30 01:58:57 2008
+++ conf/Makefile.in Fri Nov 7 10:40:48 2008
@@ -176,7 +176,7 @@ build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
-docdir = $(datadir)/$(PACKAGE)/doc
+docdir = $(datadir)/examples/$(PACKAGE)
doc_DATA = icecast.xml.dist icecast_minimal.xml.dist icecast_shoutcast_compat.xml.dist icecast_urlauth.xml.dist
edit = sed -e 's,@pkgdatadir\@,$(pkgdatadir),g' \
@@ -260,7 +260,6 @@ info-am:
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
@@ -354,7 +354,6 @@ info-am:
install-data-am: install-docDATA
@$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
install-dvi: install-dvi-am

View File

@ -0,0 +1,29 @@
$OpenBSD: patch-conf_icecast_minimal_xml_in,v 1.1 2008/11/18 21:22:02 pea Exp $
--- conf/icecast_minimal.xml.in.orig Mon Jul 4 00:11:52 2005
+++ conf/icecast_minimal.xml.in Fri Nov 7 13:38:36 2008
@@ -22,9 +22,10 @@
</listen-socket>
<fileserve>1</fileserve>
<paths>
- <logdir>@localstatedir@/log/@PACKAGE@</logdir>
- <webroot>@pkgdatadir@/web</webroot>
- <adminroot>@pkgdatadir@/admin</adminroot>
+ <basedir>/var/icecast</basedir>
+ <logdir>/log</logdir>
+ <webroot>/web</webroot>
+ <adminroot>/admin</adminroot>
<alias source="/" dest="/status.xsl"/>
</paths>
<logging>
@@ -32,4 +33,11 @@
<errorlog>error.log</errorlog>
<loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
</logging>
+ <security>
+ <chroot>1</chroot>
+ <changeowner>
+ <user>_icecast</user>
+ <group>_icecast</group>
+ </changeowner>
+ </security>
</icecast>

View File

@ -1,12 +1,39 @@
$OpenBSD: patch-conf_icecast_xml_in,v 1.4 2005/10/21 15:59:54 naddy Exp $
--- conf/icecast.xml.in.orig Thu Sep 8 16:03:51 2005
+++ conf/icecast.xml.in Sat Sep 24 15:23:12 2005
@@ -139,7 +139,7 @@
<logdir>@localstatedir@/log/@PACKAGE@</logdir>
<webroot>@pkgdatadir@/web</webroot>
<adminroot>@pkgdatadir@/admin</adminroot>
$OpenBSD: patch-conf_icecast_xml_in,v 1.5 2008/11/18 21:22:02 pea Exp $
--- conf/icecast.xml.in.orig Fri Apr 4 17:14:10 2008
+++ conf/icecast.xml.in Fri Nov 7 13:38:41 2008
@@ -125,14 +125,14 @@
<paths>
<!-- basedir is only used if chroot is enabled -->
- <basedir>@pkgdatadir@</basedir>
+ <basedir>/var/icecast</basedir>
<!-- Note that if <chroot> is turned on below, these paths must both
be relative to the new root, not the original root -->
- <logdir>@localstatedir@/log/@PACKAGE@</logdir>
- <webroot>@pkgdatadir@/web</webroot>
- <adminroot>@pkgdatadir@/admin</adminroot>
- <!-- <pidfile>@pkgdatadir@/icecast.pid</pidfile> -->
+ <logdir>/log</logdir>
+ <webroot>/web</webroot>
+ <adminroot>/admin</adminroot>
+ <!-- <pidfile>@localstatedir@/run/icecast.pid</pidfile> -->
<!-- Aliases: treat requests for 'source' path as being for 'dest' path
May be made specific to a port or bound address using the "port"
@@ -163,12 +163,10 @@
</logging>
<security>
- <chroot>0</chroot>
- <!--
+ <chroot>1</chroot>
<changeowner>
- <user>nobody</user>
- <group>nogroup</group>
+ <user>_icecast</user>
+ <group>_icecast</group>
</changeowner>
- -->
</security>
</icecast>

View File

@ -0,0 +1,21 @@
$OpenBSD: patch-configure,v 1.9 2008/11/18 21:22:02 pea Exp $
--- configure.orig Fri Nov 7 11:02:00 2008
+++ configure Fri Nov 7 11:02:31 2008
@@ -24495,7 +24495,7 @@ fi
if test "x$openssl_prefix" != "x" -a "x$openssl_prefix" != "xyes"; then
- OPENSSL_LIBS="-L$openssl_prefix/lib -lssl"
+ OPENSSL_LIBS="-L$openssl_prefix/lib -lssl -lcrypto"
OPENSSL_CFLAGS="-I$openssl_prefix/include"
else
# Extract the first word of "pkg-config", so it can be a program name with args.
@@ -24548,7 +24548,7 @@ fi
else
openssl_prefix="$prefix"
fi
- OPENSSL_LIBS="-L$openssl_prefix/lib -lssl"
+ OPENSSL_LIBS="-L$openssl_prefix/lib -lssl -lcrypto"
OPENSSL_CFLAGS="-I$openssl_prefix/include"
fi
fi

View File

@ -1,12 +1,12 @@
$OpenBSD: patch-doc_Makefile_in,v 1.3 2005/10/21 15:59:54 naddy Exp $
--- doc/Makefile.in.orig Sat Aug 20 21:36:59 2005
+++ doc/Makefile.in Tue Aug 23 11:30:10 2005
@@ -127,7 +127,7 @@ install_sh = @install_sh@
AUTOMAKE_OPTIONS = foreign
$OpenBSD: patch-doc_Makefile_in,v 1.4 2008/11/18 21:22:03 pea Exp $
--- doc/Makefile.in.orig Fri May 30 01:58:57 2008
+++ doc/Makefile.in Fri Nov 7 10:44:18 2008
@@ -176,7 +176,7 @@ build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
-docdir = $(datadir)/doc/icecast
+docdir = $(datadir)/doc/@PACKAGE@
doc_DATA = index.html icecast2_admin.html icecast2_basicsetup.html \
icecast2_config_file.html icecast2_faq.html icecast2_glossary.html \
icecast2_introduction.html icecast2_relay.html icecast2_stats.html \
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@

View File

@ -1,26 +0,0 @@
$OpenBSD: patch-src_auth_url_c,v 1.1 2006/11/16 17:06:21 naddy Exp $
--- src/auth_url.c.orig Thu Nov 16 18:00:51 2006
+++ src/auth_url.c Thu Nov 16 18:01:18 2006
@@ -112,14 +112,6 @@ static void auth_url_clear(auth_t *self)
}
-/* make sure that prompting at the console does not occur */
-static int my_getpass(void *client, char *prompt, char *buffer, int buflen)
-{
- buffer[0] = '\0';
- return 0;
-}
-
-
static int handle_returned_header (void *ptr, size_t size, size_t nmemb, void *stream)
{
auth_client *auth_user = stream;
@@ -518,7 +510,6 @@ int auth_get_url_auth (auth_t *authentic
curl_easy_setopt (url_info->handle, CURLOPT_WRITEDATA, url_info->handle);
curl_easy_setopt (url_info->handle, CURLOPT_NOSIGNAL, 1L);
curl_easy_setopt (url_info->handle, CURLOPT_TIMEOUT, 15L);
- curl_easy_setopt (url_info->handle, CURLOPT_PASSWDFUNCTION, my_getpass);
curl_easy_setopt (url_info->handle, CURLOPT_ERRORBUFFER, &url_info->errormsg[0]);
if (url_info->username && url_info->password)

View File

@ -1,12 +1,12 @@
$OpenBSD: patch-web_Makefile_in,v 1.1 2004/02/02 19:32:37 fgsch Exp $
--- web/Makefile.in.orig 2004-01-07 22:52:11.000000000 +0100
+++ web/Makefile.in 2004-01-08 15:51:52.000000000 +0100
@@ -33,7 +33,7 @@ infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
$OpenBSD: patch-web_Makefile_in,v 1.2 2008/11/18 21:22:03 pea Exp $
--- web/Makefile.in.orig Fri May 30 01:58:59 2008
+++ web/Makefile.in Fri Nov 7 10:42:57 2008
@@ -15,7 +15,7 @@
@SET_MAKE@
VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
+pkgdatadir = $(datadir)/examples/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd

2
net/icecast/pkg/MESSAGE Normal file
View File

@ -0,0 +1,2 @@
Please see ${PREFIX}/share/doc/icecast/README.OpenBSD for
a brief intro to using icecast on OpenBSD.

View File

@ -1,5 +1,7 @@
@comment $OpenBSD: PLIST,v 1.8 2005/10/21 15:59:54 naddy Exp $
bin/icecast
@comment $OpenBSD: PLIST,v 1.9 2008/11/18 21:22:03 pea Exp $
@newgroup _icecast:611
@newuser _icecast:611:_icecast:daemon:Icecast Server:/var/empty:/sbin/nologin
@bin bin/icecast
share/doc/icecast/
share/doc/icecast/AUTHORS
share/doc/icecast/NEWS
@ -20,30 +22,62 @@ share/doc/icecast/index.html
share/doc/icecast/listener_auth1.jpg
share/doc/icecast/listener_auth2.jpg
share/doc/icecast/listener_auth3.jpg
share/doc/icecast/masterslave.png
share/doc/icecast/relay.png
share/examples/icecast/
@owner _icecast
@group _icecast
@sample /var/icecast/
@sample /var/icecast/admin/
share/examples/icecast/admin/
share/examples/icecast/admin/listclients.xsl
@sample /var/icecast/admin/listclients.xsl
share/examples/icecast/admin/listmounts.xsl
@sample /var/icecast/admin/listmounts.xsl
share/examples/icecast/admin/manageauth.xsl
@sample /var/icecast/admin/manageauth.xsl
share/examples/icecast/admin/moveclients.xsl
@sample /var/icecast/admin/moveclients.xsl
share/examples/icecast/admin/response.xsl
@sample /var/icecast/admin/response.xsl
share/examples/icecast/admin/stats.xsl
@sample /var/icecast/admin/stats.xsl
share/examples/icecast/admin/updatemetadata.xsl
@sample /var/icecast/admin/updatemetadata.xsl
@mode 600
share/examples/icecast/icecast.xml.dist
@sample /var/icecast/icecast.xml
@mode
share/examples/icecast/icecast_minimal.xml.dist
share/examples/icecast/icecast_shoutcast_compat.xml.dist
share/examples/icecast/icecast_urlauth.xml.dist
share/examples/icecast/web/
@sample /var/icecast/web/
share/examples/icecast/web/auth.xsl
@sample /var/icecast/web/auth.xsl
share/examples/icecast/web/corner_bottomleft.jpg
@sample /var/icecast/web/corner_bottomleft.jpg
share/examples/icecast/web/corner_bottomright.jpg
@sample /var/icecast/web/corner_bottomright.jpg
share/examples/icecast/web/corner_topleft.jpg
@sample /var/icecast/web/corner_topleft.jpg
share/examples/icecast/web/corner_topright.jpg
@sample /var/icecast/web/corner_topright.jpg
share/examples/icecast/web/icecast.png
@sample /var/icecast/web/icecast.png
share/examples/icecast/web/key.gif
@sample /var/icecast/web/key.gif
share/examples/icecast/web/key.png
@sample /var/icecast/web/key.png
share/examples/icecast/web/server_version.xsl
@sample /var/icecast/web/server_version.xsl
share/examples/icecast/web/status.xsl
@sample /var/icecast/web/status.xsl
share/examples/icecast/web/status2.xsl
@sample /var/icecast/web/status2.xsl
share/examples/icecast/web/style.css
@sample /var/icecast/web/style.css
share/examples/icecast/web/tunein.png
@sample /var/icecast/web/tunein.png
@sample /var/icecast/log/
@sample /var/icecast/etc/