inetd/xinetd listener for rpki-rtr on source code installation, also needed for Ubuntu package.

svn path=/branches/tk377/; revision=5058
author: Rob Austein <sra@hactrn.net> 2013-02-24 03:22:00 +0000
committer: Rob Austein <sra@hactrn.net> 2013-02-24 03:22:00 +0000
commit: 7420e8df36b0156c73b19c45e2c25a389518fae1 (patch)
tree: 3d78451ed95b6ccb0354896453335dd2f53b7837
parent: f419595c47e338978c3263d22085e75d452f7283 (diff)
8 files changed, 114 insertions, 19 deletions
diff --git a/configure b/configure
index 03ce4c73..f131e9a8 100755
--- a/configure
+++ b/configure
@@ -631,6 +631,7 @@ OPENSSL_SO_GLOB
 OPENSSL_CONFIG_COMMAND
 TOP_LEVEL_SUBDIRS
 SETUP_PY_INSTALL_LAYOUT
+RTR_ORIGIN_INSTALL_TARGETS
 RCYNIC_INSTALL_TARGETS
 RCYNIC_HTML_DIR
 RCYNIC_STATIC_RSYNC
@@ -715,7 +716,8 @@ PACKAGE_TARNAME
 PACKAGE_NAME
 PATH_SEPARATOR
 SHELL'
-ac_subst_files='RCYNIC_MAKE_RULES'
+ac_subst_files='RCYNIC_MAKE_RULES
+RTR_ORIGIN_MAKE_RULES'
 ac_user_opts='
 enable_option_checking
 with_system_openssl
@@ -4643,24 +4645,30 @@ $as_echo "$enable_target_installation" >&6; }
 
 # rcynic jail setup is complicated enough that it's simplest to have
 # different rule sets for different platforms.  Icky, but....
+# rpki-rtr isn't as complicated, but has similar issues, same hack.
 
 case $host_os in
 	darwin*)
 		RCYNIC_MAKE_RULES='rcynic/rules.darwin.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.darwin.mk'
 		;;
 	freebsd*)
 		RCYNIC_MAKE_RULES='rcynic/rules.freebsd.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.freebsd.mk'
 		;;
 	linux*)
 		RCYNIC_MAKE_RULES='rcynic/rules.linux.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.linux.mk'
 		;;
 	*)
 		RCYNIC_MAKE_RULES='rcynic/rules.unknown.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.unknown.mk'
 		;;
 esac
 
 
 
+
 # Where to put HTML files is similarly platform dependent, we have to know.
 # rcynic-cron will skip generating HTML files if it has no place to put them.
 
@@ -4682,6 +4690,7 @@ esac
 # we're doing final target installation.
 
 RCYNIC_INSTALL_TARGETS='install-always'
+RTR_ORIGIN_INSTALL_TARGETS='install-always'
 
 if test $use_rcynic_jail = yes
 then
@@ -4691,10 +4700,12 @@ fi
 if test $enable_target_installation = yes
 then
 	RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-postconf"
+	RTR_ORIGIN_INSTALL_TARGETS="$RTR_ORIGIN_INSTALL_TARGETS install-postconf"
 fi
 
 
 
+
 # Now a bunch of checks to figure out what we can do with Python.  If
 # we don't have Python at all, none of the rest of this matters.  If
 # we do have Python, we need to check for required packages and
@@ -4936,11 +4947,10 @@ fi
 
 # Figure out which parts of this package we have to build.
 
-				TOP_LEVEL_SUBDIRS=""
-test $build_openssl = yes &&	TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS openssl"
-				TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS h"
-test $build_rp_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS h rcynic utils rtr-origin"
-test $build_ca_tools = yes &&	TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rpkid"
+			      TOP_LEVEL_SUBDIRS="h"
+test $build_openssl  = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS openssl"
+test $build_rp_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rcynic utils rtr-origin"
+test $build_ca_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rpkid"
 
 
 
diff --git a/configure.ac b/configure.ac
index 61b979ce..4398bbce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -330,23 +330,29 @@ AC_MSG_RESULT([$enable_target_installation])
 
 # rcynic jail setup is complicated enough that it's simplest to have
 # different rule sets for different platforms.  Icky, but....
+# rpki-rtr isn't as complicated, but has similar issues, same hack.
 
 case $host_os in
 	darwin*)
 		RCYNIC_MAKE_RULES='rcynic/rules.darwin.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.darwin.mk'
 		;;
 	freebsd*)
 		RCYNIC_MAKE_RULES='rcynic/rules.freebsd.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.freebsd.mk'
 		;;
 	linux*)
 		RCYNIC_MAKE_RULES='rcynic/rules.linux.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.linux.mk'
 		;;
 	*)
 		RCYNIC_MAKE_RULES='rcynic/rules.unknown.mk'
+		RTR_ORIGIN_MAKE_RULES='rtr-origin/rules.unknown.mk'
 		;;
 esac
 
 AC_SUBST_FILE(RCYNIC_MAKE_RULES)
+AC_SUBST_FILE(RTR_ORIGIN_MAKE_RULES)
 
 # Where to put HTML files is similarly platform dependent, we have to know.
 # rcynic-cron will skip generating HTML files if it has no place to put them.
@@ -369,6 +375,7 @@ AC_SUBST(RCYNIC_HTML_DIR)
 # we're doing final target installation.
 
 RCYNIC_INSTALL_TARGETS='install-always'
+RTR_ORIGIN_INSTALL_TARGETS='install-always'
 
 if test $use_rcynic_jail = yes
 then
@@ -378,9 +385,11 @@ fi
 if test $enable_target_installation = yes
 then
 	RCYNIC_INSTALL_TARGETS="$RCYNIC_INSTALL_TARGETS install-postconf"
+	RTR_ORIGIN_INSTALL_TARGETS="$RTR_ORIGIN_INSTALL_TARGETS install-postconf"
 fi
 
 AC_SUBST(RCYNIC_INSTALL_TARGETS)
+AC_SUBST(RTR_ORIGIN_INSTALL_TARGETS)
 
 # Now a bunch of checks to figure out what we can do with Python.  If
 # we don't have Python at all, none of the rest of this matters.  If
@@ -582,11 +591,10 @@ fi
 
 # Figure out which parts of this package we have to build.
 
-				TOP_LEVEL_SUBDIRS=""
-test $build_openssl = yes &&	TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS openssl"
-				TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS h"
-test $build_rp_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS h rcynic utils rtr-origin"
-test $build_ca_tools = yes &&	TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rpkid"
+			      TOP_LEVEL_SUBDIRS="h"
+test $build_openssl  = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS openssl"
+test $build_rp_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rcynic utils rtr-origin"
+test $build_ca_tools = yes && TOP_LEVEL_SUBDIRS="$TOP_LEVEL_SUBDIRS rpkid"
 
 AC_SUBST(TOP_LEVEL_SUBDIRS)
 
diff --git a/rcynic/Makefile.in b/rcynic/Makefile.in
index c8979dc2..71f46df2 100644
--- a/rcynic/Makefile.in
+++ b/rcynic/Makefile.in
@@ -52,12 +52,13 @@ RCYNIC_TA_DIR		= @RCYNIC_TA_DIR@
 RCYNIC_BIN_RCYNIC	= @RCYNIC_BIN_RCYNIC@
 RCYNIC_DATA_DIR		= ${RCYNIC_DIR}/data
 RCYNIC_RPKI_RTR_DIR	= ${RCYNIC_DIR}/rpki-rtr
-RCYNIC_DIRS		= ${RCYNIC_TA_DIR} ${RCYNIC_JAIL_DIRS} ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR}
+RCYNIC_DIRS		= ${RCYNIC_TA_DIR} ${RCYNIC_JAIL_DIRS} ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR}  ${RCYNIC_RPKI_RTR_DIR}/sockets
 RCYNIC_CONF_RSYNC	= @RCYNIC_CONF_RSYNC@
 RCYNIC_CONF_DATA	= @RCYNIC_CONF_DATA@
 RCYNIC_CONF_TA_DIR	= @RCYNIC_CONF_TA_DIR@
 RCYNIC_USER		= rcynic
 RCYNIC_GROUP		= rcynic
+NOBODY_USER		= nobody
 RCYNIC_GECOS		= RPKI Validation System
 RCYNIC_STATIC_RSYNC	= @RCYNIC_STATIC_RSYNC@
 RCYNIC_HTML_DIR		= @RCYNIC_HTML_DIR@
@@ -161,6 +162,7 @@ ${RCYNIC_DIRS} ${DESTDIR}${bindir} ${DESTDIR}${sysconfdir}:
 
 install-directory-ownership: ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR}
 	chown ${RCYNIC_USER}:${RCYNIC_GROUP} ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR}
+	chown ${NOBODY_USER}:${RCYNIC_GROUP} ${RCYNIC_RPKI_RTR_DIR}/sockets
 
 install-rcynic-conf: ${RCYNIC_CONF_FILE}
 
@@ -224,9 +226,6 @@ ${DESTDIR}${bindir}/validation_status: validation_status
 
 .FORCE:
 
-# Not sure we want this, test it both ways I guess
-#.PHONY: .FORCE
-
 install-crontab: .FORCE
 	@echo "Setting up ${RCYNIC_CRON_USER}'s crontab to run rcynic-cron script
 	@crontab -l -u ${RCYNIC_CRON_USER} 2>/dev/null | \
diff --git a/rtr-origin/Makefile.in b/rtr-origin/Makefile.in
index 39bd1994..ef15ac4c 100644
--- a/rtr-origin/Makefile.in
+++ b/rtr-origin/Makefile.in
@@ -4,8 +4,9 @@ BASE		= rtr-origin
 SRC		= ${BASE}.py
 BIN		= ${BASE}
 
-INSTALL		= @INSTALL@ -m 555
+INSTALL		= @INSTALL@
 PYTHON		= @PYTHON@
+AWK		= @AWK@
 
 prefix		= @prefix@
 exec_prefix	= @exec_prefix@
@@ -22,14 +23,22 @@ libdir		= @libdir@
 abs_top_srcdir	 = @abs_top_srcdir@
 abs_top_builddir = @abs_top_builddir@
 
+RTR_ORIGIN_INSTALL_TARGETS = @RCYNIC_INSTALL_TARGETS@
+
+RPKI_RTR_PORT	= 43779
+
 all: ${BIN}
 
 clean:
 	rm -f ${BIN}
 
-install: all
-	if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi
-	${INSTALL} ${BIN} ${DESTDIR}${bindir}/${BIN}
+install: all ${RTR_ORIGIN_INSTALL_TARGETS}
+
+install-always:
+	if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -m 555 -d ${DESTDIR}${bindir}; fi
+	${INSTALL} -m 555 ${BIN} ${DESTDIR}${bindir}/${BIN}
+
+install-postconf: install-listener
 
 deinstall uninstall:
 	rm -f ${DESTDIR}${bindir}/${BIN}
@@ -45,3 +54,9 @@ ${BIN} : ${SRC}
 
 test:
 	@true
+
+.FORCE:
+
+# Platform-specific rules below here.
+
+@RTR_ORIGIN_MAKE_RULES@
diff --git a/rtr-origin/rules.darwin.mk b/rtr-origin/rules.darwin.mk
new file mode 100644
index 00000000..570b704a
--- /dev/null
+++ b/rtr-origin/rules.darwin.mk
@@ -0,0 +1,5 @@
+# $Id$
+
+install-listener:
+	@echo "No rule for $@ on this platform (yet), you'll have to do that yourself if it matters."
+
diff --git a/rtr-origin/rules.freebsd.mk b/rtr-origin/rules.freebsd.mk
new file mode 100644
index 00000000..5db4cb72
--- /dev/null
+++ b/rtr-origin/rules.freebsd.mk
@@ -0,0 +1,33 @@
+# $Id$
+
+install-listener: .FORCE
+	@if /usr/bin/egrep -q '^rpki-rtr' /etc/services ; \
+	then \
+	    echo "You already have a /etc/services entry for rpki-rtr, so I will use it."; \
+	elif echo >>/etc/services "rpki-rtr	${RPKI_RTR_PORT}/tcp  #RFC 6810" ; \
+	then \
+	    echo "Added rpki-rtr to /etc/services."; \
+	else \
+	    echo "Adding rpki-rtr to /etc/services failed, please fix this, then try again."; \
+	    exit 1; \
+	fi
+	@if /usr/bin/egrep -q "rpki-rtr[ 	]+stream[ 	]+tcp[ 	]" /etc/inetd.conf; \
+	then \
+	    echo "You already have an inetd.conf entry for rpki-rtr on TCPv4, so I will use it."; \
+	elif echo >>/etc/inetd.conf "rpki-rtr	stream	tcp	nowait	nobody	/usr/local/bin/rtr-origin	rtr-origin --server /var/rcynic/rpki-rtr"; \
+	then \
+	    echo "Added rpki-rtr for TCPv4 to /etc/inetd.conf."; \
+	else \
+	    echo "Adding rpki-rtr for TCPv4 to /etc/inetd.conf failed, please fix this, then try again."; \
+	    exit 1; \
+	fi
+	@if /usr/bin/egrep -q "rpki-rtr[ 	]+stream[ 	]+tcp6[ 	]" /etc/inetd.conf; \
+	then \
+	    echo "You already have an inetd.conf entry for rpki-rtr on TCPv6, so I will use it."; \
+	elif echo >>/etc/inetd.conf "rpki-rtr	stream	tcp6	nowait	nobody	/usr/local/bin/rtr-origin	rtr-origin --server /var/rcynic/rpki-rtr"; \
+	then \
+	    echo "Added rpki-rtr for TCPv6 to /etc/inetd.conf."; \
+	else \
+	    echo "Adding rpki-rtr for TCPv6 to /etc/inetd.conf failed, please fix this, then try again."; \
+	    exit 1; \
+	fi
diff --git a/rtr-origin/rules.linux.mk b/rtr-origin/rules.linux.mk
new file mode 100644
index 00000000..e6840f47
--- /dev/null
+++ b/rtr-origin/rules.linux.mk
@@ -0,0 +1,21 @@
+# $Id$
+
+# Only need to make listener if not already present
+
+install-listener: ${DESTDIR}/etc/xinetd.d/rpki-rtr
+
+${DESTDIR}/etc/xinetd.d/rpki-rtr:
+	@${AWK} 'BEGIN { \
+	    print "service rpki-rtr"; \
+	    print "{"; \
+	    print "    socket_type    = stream"; \
+	    print "    protocol       = tcp"; \
+	    print "    port           = ${RPKI_RTR_PORT}"; \
+	    print "    wait           = no"; \
+	    print "    user           = nobody"; \
+	    print "    server         = /usr/bin/rtr-origin"; \
+	    print "    server_args    = --server /var/rpki-rtr"; \
+	    print "}"; \
+	}' >xinetd.rpki-rtr
+	${INSTALL} -m 644 xinetd.rpki-rtr $@
+	rm  xinetd.rpki-rtr
diff --git a/rtr-origin/rules.unknown.mk b/rtr-origin/rules.unknown.mk
new file mode 100644
index 00000000..58c412a3
--- /dev/null
+++ b/rtr-origin/rules.unknown.mk
@@ -0,0 +1,4 @@
+# $Id$
+
+install-listener:
+	@echo "Don't know how to make $@ on this platform"; exit 1
author	Rob Austein <sra@hactrn.net>	2013-02-24 03:22:00 +0000
committer	Rob Austein <sra@hactrn.net>	2013-02-24 03:22:00 +0000
commit	7420e8df36b0156c73b19c45e2c25a389518fae1 (patch)
tree	3d78451ed95b6ccb0354896453335dd2f53b7837
parent	f419595c47e338978c3263d22085e75d452f7283 (diff)