net-misc/stunnel: bump to version 5.58

Also added from PR 14362 the handling of pid file ownership, to support the specified user and group from stunnel.conf. Closes: gentoo#14362 Package-Manager: Portage-3.0.16, Repoman-3.0.2 Signed-off-by: Conrad Kostecki <[email protected]>
hanetzer · Mar 14, 2021 · 021b0cc · 021b0cc
1 parent 414b971
commit 021b0cc
Show file tree

Hide file tree

Showing 3 changed files with 156 additions and 0 deletions.
diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
@@ -1,3 +1,4 @@
 DIST stunnel-5.50.tar.gz 973685 BLAKE2B e4185fa0c4f15ea118a8f6590bae14a9e1d7ccf1f73b75e46d8c7f04e4ece471c29b0a3715a24568301c5220fe385cbf42295c91ae9b295e3d7ab2b0ffec45a1 SHA512 96029b4f0dc0f04130e847bf47e56e8fdd22f2aaddb5fe0f581a0da6b870049152216795a0a9d9cdb6b93621df0a7d999e968a8c59989d261fd81c5f02cc1bac
 DIST stunnel-5.55.tar.gz 986873 BLAKE2B feb3a7d80aa2f67e0b8de2cdd2a134947f0715cc09c2d2778cd2aef4dcc55ffef45c55e010bd6048f38b143d22006beb90c7b76575a8d6d3d430d1f87dd271fa SHA512 278e39e87e080171d2bed3b193f8f7923b48c12c6d788afeb113a71bfc6077129305e8f93f5e7046b12cc8aa381e89909358756c978ef129d3067ceeb60e112a
 DIST stunnel-5.56.tar.gz 981163 BLAKE2B eef5a535165b1346d14e8fdd25ded7f497378bb63ab7d68642c5e1b3db2716c8e46db443146385a192a7e6042adcca295a5b107912e113f3f13f66e7a8d8b00b SHA512 db1be82b80bd5606568c5565f1c9a5710d4f7abca2d89388daa441bc395aaf2be998ac6403c7a17b8af01b89ade825186c20c50f73a809f9d64eca2e1b57a877
+DIST stunnel-5.58.tar.gz 988551 BLAKE2B 45ce3d43ff683fa1146ced00c6a2ef7c09a935da3dcd1a6529fa024e064c251798d96a1e45d4abf13195ca50fb7f1cf3ddc25c9e954a1cad8bb4745c4e35701d SHA512 6f62bf13bf53f174b2810ad6708a9dfdb70e9b4e2f60c0c9cf4df691169a63014901402ccbe2862010f4cee240c1a8eec34b70a7a3fcef36e7a2ca14a7f70ece
diff --git a/net-misc/stunnel/files/stunnel-r2 b/net-misc/stunnel/files/stunnel-r2
@@ -0,0 +1,55 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload"
+SERVICENAME=${SVCNAME#*.}
+SERVICENAME=${SERVICENAME:-stunnel}
+STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf}
+
+depend() {
+    need net
+    before logger
+}
+
+get_config() {
+	if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then
+		eerror "You need to create ${STUNNEL_CONFIGFILE} first."
+		return 1
+	fi
+	CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+	[ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}"
+	PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+	PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid}
+	SETUID=$(grep "^setuid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+	SETUID=${SETUID:-stunnel}
+	SETGID=$(grep "^setgid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+	SETGID=${SETGID:-stunnel}
+}
+
+start() {
+	get_config || return 1
+	checkpath -d -m 0775 -o root:stunnel /run/stunnel
+	if [ "$(dirname ${PIDFILE})" != "/run" ]; then
+		checkpath -d -m 0755 -o ${SETUID}:${SETGID} -q $(dirname ${PIDFILE})
+	fi
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \
+	                  --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS}
+	eend $? "Failed to start ${SVCNAME}"
+}
+
+stop() {
+	get_config || return 1
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --quiet --exec /usr/bin/stunnel \
+		--pidfile ${PIDFILE}
+	eend $? "Failed to stop ${SVCNAME}"
+}
+
+reload() {
+	get_config || return 1
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile ${PIDFILE} --name stunnel
+	eend $?
+}
diff --git a/net-misc/stunnel/stunnel-5.58.ebuild b/net-misc/stunnel/stunnel-5.58.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit multilib ssl-cert systemd tmpfiles
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="https://www.stunnel.org/index.html"
+SRC_URI="
+	ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
+	http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="ipv6 selinux stunnel3 tcpd"
+
+DEPEND="
+	dev-libs/openssl:0=
+	tcpd? ( sys-apps/tcp-wrappers )
+"
+
+RDEPEND="
+	acct-user/stunnel
+	acct-group/stunnel
+	${DEPEND}
+	selinux? ( sec-policy/selinux-stunnel )
+	stunnel3? ( dev-lang/perl )
+"
+
+RESTRICT="test"
+
+src_prepare() {
+	# Hack away generation of certificate
+	sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+		tools/Makefile.in || die "sed failed"
+
+	echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
+
+	eapply_user
+}
+
+src_configure() {
+	local myeconfargs=(
+		--libdir="${EPREFIX}/usr/$(get_libdir)"
+		$(use_enable ipv6)
+		$(use_enable tcpd libwrap)
+		--with-ssl="${EPREFIX}"/usr
+		--disable-fips
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	rm -rf "${ED}"/usr/share/doc/${PN}
+	rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
+		"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
+	use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
+
+	# The binary was moved to /usr/bin with 4.21,
+	# symlink for backwards compatibility
+	dosym ../bin/stunnel /usr/sbin/stunnel
+
+	dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
+	docinto html
+	dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+		tools/importCA.html
+
+	insinto /etc/stunnel
+	doins "${FILESDIR}"/stunnel.conf
+	newinitd "${FILESDIR}"/stunnel-r2 stunnel
+
+	doenvd "${T}"/20stunnel
+
+	systemd_dounit "${S}/tools/stunnel.service"
+	newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
+}
+
+pkg_postinst() {
+	if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
+		install_cert /etc/stunnel/stunnel
+		chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+		chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+	fi
+
+	einfo "If you want to run multiple instances of stunnel, create a new config"
+	einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+	einfo "\'pid= \' with a unique filename.  For openrc make a symlink from the"
+	einfo "stunnel init script to \'stunnel.name\' and use that to start|stop"
+	einfo "your custom instance"
+}