Clean up FreeBSD port builder, part one.

svn path=/trunk/; revision=5150
author: Rob Austein <sra@hactrn.net> 2013-03-14 22:15:29 +0000
committer: Rob Austein <sra@hactrn.net> 2013-03-14 22:15:29 +0000
commit: 860c999ed09bdffbdb9c3e07bfa4e2de376f7b44 (patch)
tree: fe2c8b45ab7eed9aad12ae20f212095e9bd3ac04 /buildtools
parent: 98c7b0f51824d34fe51d889f90f6dbe1c802ea3d (diff)
10 files changed, 308 insertions, 0 deletions
diff --git a/buildtools/build-freebsd-ports.py b/buildtools/build-freebsd-ports.py
index 3b7d3131..457e4978 100644
--- a/buildtools/build-freebsd-ports.py
+++ b/buildtools/build-freebsd-ports.py
@@ -24,6 +24,7 @@ import subprocess
 import urlparse
 import errno
 import glob
+import shutil
 
 try:
   url = sys.argv[1]
diff --git a/buildtools/freebsd-skeleton/rpki-ca/Makefile b/buildtools/freebsd-skeleton/rpki-ca/Makefile
new file mode 100644
index 00000000..aa0165b2
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-ca/Makefile
@@ -0,0 +1,44 @@
+PORTNAME=	rpki-ca
+PORTVERSION=	0.%(SVNVERSION)s
+CATEGORIES=	net
+MASTER_SITES=	http://download.rpki.net/
+DISTFILES=	rpki-trunk-r%(SVNVERSION)s.tar.xz
+WRKSRC=         ${WRKDIR}/rpki-trunk-r%(SVNVERSION)s
+MAINTAINER=	sra@hactrn.net
+COMMENT=	rpki.net RPKI CA tools
+
+GNU_CONFIGURE=  yes
+USE_PYTHON=	2.7+
+USE_GNOME=      libxml2 libxslt
+USE_MYSQL=      server
+USE_APACHE_RUN= 22+
+
+USE_RC_SUBR=	rpki-ca
+
+# For OpenSSL, not needed otherwise
+USE_PERL5_BUILD=yes
+
+# For building OpenSSL, not needed otherwise
+BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend
+
+# Needed at build to keep ./configure from complaining.
+BUILD_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync
+
+RPKID_DEPENDS=	${PYTHON_PKGNAMEPREFIX}lxml>0:${PORTSDIR}/devel/py-lxml                 \
+                ${PYTHON_PKGNAMEPREFIX}MySQLdb>0:${PORTSDIR}/databases/py-MySQLdb       \
+                ${PYTHON_PKGNAMEPREFIX}django>=1.3.7:${PORTSDIR}/www/py-django          \
+                ${PYTHON_PKGNAMEPREFIX}vobject>0:${PORTSDIR}/deskutils/py-vobject       \
+                ${PYTHON_PKGNAMEPREFIX}yaml>0:${PORTSDIR}/devel/py-yaml                 \
+                ${PYTHON_PKGNAMEPREFIX}south>=0.7.6:${PORTSDIR}/databases/py-south
+
+BUILD_DEPENDS+=	${RPKID_DEPENDS}
+RUN_DEPENDS+=	${RPKID_DEPENDS}
+
+RUN_DEPENDS+=	${APACHE_PKGNAMEPREFIX}mod_wsgi>3:${PORTSDIR}/www/mod_wsgi3
+
+# Try to use system OpenSSL if we can.
+CONFIGURE_ENV=  CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib"
+
+CONFIGURE_ARGS= --disable-target-installation --disable-rp-tools
+
+.include <bsd.port.mk>
diff --git a/buildtools/freebsd-skeleton/rpki-ca/files/rpki-ca.in b/buildtools/freebsd-skeleton/rpki-ca/files/rpki-ca.in
new file mode 100644
index 00000000..d6234a12
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-ca/files/rpki-ca.in
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+# PROVIDE: rpki-ca
+# REQUIRE: LOGIN mysql
+# KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf[.local] to enable whatever
+# RPKI CA services you have configured in rpki.conf
+#
+# rpkica_enable="YES"
+
+. /etc/rc.subr
+
+name="rpkica"
+rcvar=rpkica_enable
+
+required_files="/usr/local/etc/rpki.conf"
+
+start_cmd="rpkica_start"
+stop_cmd="rpkica_stop"
+
+load_rc_config $name
+
+: ${rpkica_enable="NO"}
+
+: ${rpkica_pid_dir="/var/run/rpki"}
+
+rpkica_start()
+{
+	/usr/bin/install -m 755 -d $rpkica_pid_dir
+	/usr/local/sbin/rpki-start-servers
+	return 0
+}
+
+rpkica_stop()
+{
+	for i in rpkid pubd irdbd rootd
+	do
+		if /bin/test -f $rpkica_pid_dir/$i.pid
+		then
+			/bin/kill `/bin/cat $rpkica_pid_dir/$i.pid`
+		fi
+	done
+	return 0
+}
+
+run_rc_command "$1"
diff --git a/buildtools/freebsd-skeleton/rpki-ca/pkg-descr b/buildtools/freebsd-skeleton/rpki-ca/pkg-descr
new file mode 100644
index 00000000..acffc5ee
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-ca/pkg-descr
@@ -0,0 +1,3 @@
+This is a port of the rpki.net RPKI toolkit CA tools.
+
+WWW: http://rpki.net/
diff --git a/buildtools/freebsd-skeleton/rpki-rp/Makefile b/buildtools/freebsd-skeleton/rpki-rp/Makefile
new file mode 100644
index 00000000..acf61df2
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-rp/Makefile
@@ -0,0 +1,50 @@
+PORTNAME=	rpki-rp
+PORTVERSION=	0.%(SVNVERSION)s
+CATEGORIES=	net
+MASTER_SITES=	http://download.rpki.net/
+DISTFILES=	rpki-trunk-r%(SVNVERSION)s.tar.xz
+WRKSRC=         ${WRKDIR}/rpki-trunk-r%(SVNVERSION)s
+MAINTAINER=	sra@hactrn.net
+COMMENT=	rpki.net RPKI relying party tools
+
+GNU_CONFIGURE=  yes
+USE_PYTHON=	2.7+
+USE_GNOME=      libxml2 libxslt
+
+# For OpenSSL, not needed otherwise
+USE_PERL5_BUILD=yes
+
+# For building OpenSSL, not needed otherwise
+BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend
+
+# Needed at build to keep ./configure from complaining;
+# needed at runtime for rcynic to do anything useful.
+BUILD_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync
+RUN_DEPENDS+=   rsync>0:${PORTSDIR}/net/rsync
+
+# For rcynic-html
+RUN_DEPENDS+=   rrdtool>0:${PORTSDIR}/databases/rrdtool
+
+# Just want relying party tools, try to use system OpenSSL if we can.
+
+CONFIGURE_ARGS= --disable-ca-tools
+CONFIGURE_ENV=  CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib"
+
+# rcynic's Makefile constructs an rcynic.conf for us if it doesn't
+# find one already installed.  This turns out to be exactly what
+# FreeBSD's rules want us to install as rcynic.conf.sample, so we
+# shuffle things around a bit just before and just after installation
+# to make this all come out right.
+# 
+# If I ever teach rcynic to construct a .conf.sample file per the
+# FreeBSD way of doing things, this will need to change to match.
+
+pre-install:
+	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+	@if [ -f ${PREFIX}/etc/rcynic.conf ]; then 		${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.real ; 	fi
+
+post-install:
+	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+	@if [ -f ${PREFIX}/etc/rcynic.conf.real ]; then 		${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample ; 		${MV} -f ${PREFIX}/etc/rcynic.conf.real ${PREFIX}/etc/rcynic.conf ; 	else 		${CP} -p ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample ; 	fi
+
+.include <bsd.port.mk>
diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-deinstall b/buildtools/freebsd-skeleton/rpki-rp/pkg-deinstall
new file mode 100644
index 00000000..2e87170b
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-rp/pkg-deinstall
@@ -0,0 +1,29 @@
+#!/bin/sh -
+
+case $2 in
+
+DEINSTALL)
+    echo "Whacking rcynic's crontab"
+    /usr/bin/crontab -l -u rcynic 2>/dev/null |
+    /usr/bin/awk '
+	$0 !~ "exec /usr/local/bin/rcynic-cron" {
+	    line[++n] = $0;
+	}
+	END {
+	    if (n)
+		for (i = 1; i <= n; i++)
+		    print line[i] | "/usr/bin/crontab -u rcynic -";
+	    else
+		system("/usr/bin/crontab -u rcynic -r");
+	}'
+    ;;
+
+POST-DEINSTALL)
+    ;;
+
+*)
+    echo "No clue what this script is meant to do when invoked with arguments \"$*\".  Punting."
+    exit 1
+    ;;
+
+esac
diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-descr b/buildtools/freebsd-skeleton/rpki-rp/pkg-descr
new file mode 100644
index 00000000..673f6f73
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-rp/pkg-descr
@@ -0,0 +1,3 @@
+This is a port of the rpki.net RPKI toolkit relying party tools.
+
+WWW: http://rpki.net/
diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-install b/buildtools/freebsd-skeleton/rpki-rp/pkg-install
new file mode 100644
index 00000000..c9e28875
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-rp/pkg-install
@@ -0,0 +1,82 @@
+#!/bin/sh -
+
+case $2 in
+
+PRE-INSTALL)
+    if /usr/sbin/pw groupshow "rcynic" 2>/dev/null; then
+        echo "You already have a group \"rcynic\", so I will use it."
+    elif /usr/sbin/pw groupadd rcynic; then
+        echo "Added group \"rcynic\"."
+    else
+        echo "Adding group \"rcynic\" failed..."
+        echo "Please create it, then try again."
+        exit 1
+    fi
+    if /usr/sbin/pw usershow "rcynic" 2>/dev/null; then
+        echo "You already have a user \"rcynic\", so I will use it."
+    elif /usr/sbin/pw useradd rcynic -g rcynic -h - -d /nonexistant -s /usr/sbin/nologin -c "RPKI validation system"; then
+        echo "Added user \"rcynic\"."
+    else
+        echo "Adding user \"rcynic\" failed..."
+        echo "Please create it, then try again."
+        exit 1
+    fi
+    ;;
+
+POST-INSTALL)
+    htmldir=/usr/local/www/apache22/data/rcynic
+    if ! test -d $htmldir ; then
+        echo "Creating $htmldir"
+        install -o rcynic -g rcynic -d $htmldir
+    fi
+    sockdir=/var/rcynic/rpki-rtr/sockets
+    if ! test -d $sockdir ; then
+        echo "Creating $sockdir"
+        install -o nobody -g rcynic -d $sockdir
+    fi
+    echo "Setting up rcynic's crontab to run rcynic-cron script"
+    /usr/bin/crontab -l -u rcynic 2>/dev/null |
+    /usr/bin/awk -v t=`hexdump -n 2 -e '"%u\n"' /dev/random` '
+        BEGIN {
+	    cmd = "exec /usr/local/bin/rcynic-cron";
+	}
+	$0 !~ cmd {
+	    print;
+	}
+	END {
+	    printf "%u * * * *\t%s\n", t % 60, cmd;
+	}' |
+    /usr/bin/crontab -u rcynic -
+    echo "Setting up rpki-rtr listener under inetd"
+    if /usr/bin/egrep -q '^rpki-rtr' /etc/services ; then
+        echo "You already have a /etc/services entry for rpki-rtr, so I will use it."
+    elif echo >>/etc/services "rpki-rtr	43779/tcp  #RFC 6810" ; then
+        echo "Added rpki-rtr to /etc/services."
+    else
+        echo "Adding rpki-rtr to /etc/services failed, please fix this, then try again."
+        exit 1
+    fi
+    if /usr/bin/egrep -q "rpki-rtr[ 	]+stream[ 	]+tcp[ 	]" /etc/inetd.conf; then
+        echo "You already have an inetd.conf entry for rpki-rtr on TCPv4, so I will use it."
+    elif echo >>/etc/inetd.conf "rpki-rtr	stream	tcp	nowait	nobody	/usr/local/bin/rtr-origin	rtr-origin --server /var/rcynic/rpki-rtr"; then
+        echo "Added rpki-rtr for TCPv4 to /etc/inetd.conf."
+    else
+        echo "Adding rpki-rtr for TCPv4 to /etc/inetd.conf failed, please fix this, then try again."
+        exit 1
+    fi
+    if /usr/bin/egrep -q "rpki-rtr[ 	]+stream[ 	]+tcp6[ 	]" /etc/inetd.conf; then
+        echo "You already have an inetd.conf entry for rpki-rtr on TCPv6, so I will use it."
+    elif echo >>/etc/inetd.conf "rpki-rtr	stream	tcp6	nowait	nobody	/usr/local/bin/rtr-origin	rtr-origin --server /var/rcynic/rpki-rtr"; then
+        echo "Added rpki-rtr for TCPv6 to /etc/inetd.conf."
+    else
+        echo "Adding rpki-rtr for TCPv6 to /etc/inetd.conf failed, please fix this, then try again."
+        exit 1
+    fi
+    ;;
+
+*)
+    echo "No clue what this script is meant to do when invoked with arguments \"$*\".  Punting."
+    exit 1
+    ;;
+
+esac
diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-message b/buildtools/freebsd-skeleton/rpki-rp/pkg-message
new file mode 100644
index 00000000..68ddd85b
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-rp/pkg-message
@@ -0,0 +1,10 @@
+You may want to customize /usr/local/etc/rcynic.conf.  If you did not
+install your own trust anchors, a default set of SAMPLE trust anchors
+may have been installed for you, but you, the relying party, are the
+only one who can decide whether you trust those anchors.  rcynic will
+not do anything useful without good trust anchors.
+
+rcynic-cron has been configured to run hourly, at a randomly selected
+minute, to spread load on the global RPKI repository servers.  Please
+do NOT adjust this to run on the hour.  In particular please do NOT
+adjust this to run at midnight UTC.
diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-plist b/buildtools/freebsd-skeleton/rpki-rp/pkg-plist
new file mode 100644
index 00000000..c4dd9b39
--- /dev/null
+++ b/buildtools/freebsd-skeleton/rpki-rp/pkg-plist
@@ -0,0 +1,39 @@
+bin/find_roa
+bin/hashdir
+bin/print_roa
+bin/print_rpki_manifest
+bin/rcynic
+bin/rcynic-cron
+bin/rcynic-html
+bin/rcynic-svn
+bin/rcynic-text
+bin/rtr-origin
+bin/scan_roas
+bin/validation_status
+@unexec if cmp -s %D/etc/rcynic.conf.sample %D/etc/rcynic.conf; then rm -f %D/etc/rcynic.conf; fi
+etc/rcynic.conf.sample
+@exec if [ ! -f  %D/etc/rcynic.conf ] ; then cp -p %D/%F %D/etc/rcynic.conf; fi
+etc/rpki/trust-anchors/afrinic.tal
+etc/rpki/trust-anchors/altCA.tal
+etc/rpki/trust-anchors/apnic-rpki-root-afrinic-origin.tal
+etc/rpki/trust-anchors/apnic-rpki-root-arin-origin.tal
+etc/rpki/trust-anchors/apnic-rpki-root-iana-origin.tal
+etc/rpki/trust-anchors/apnic-rpki-root-lacnic-origin.tal
+etc/rpki/trust-anchors/apnic-rpki-root-ripe-origin.tal
+etc/rpki/trust-anchors/jpnic.tal
+etc/rpki/trust-anchors/lacnic.tal
+etc/rpki/trust-anchors/ripe-ncc-root.tal
+etc/rpki/trust-anchors/ripe-pilot.tal
+etc/rpki/trust-anchors/rpki.net-testbed.tal
+etc/rpki/trust-anchors/testbed-apnicrpki.tal
+@dirrm etc/rpki/trust-anchors
+@dirrmtry etc/rpki
+@dirrm www/apache22/data/rcynic
+@cwd /
+@exec install -d -o root   -g wheel  %D/var/rcynic
+@exec install -d -o rcynic -g rcynic %D/var/rcynic/data
+@dirrm var/rcynic/data
+@exec install -d -o rcynic -g rcynic %D/var/rcynic/rpki-rtr
+@dirrm var/rcynic/rpki-rtr/sockets
+@dirrm var/rcynic/rpki-rtr
+@dirrm var/rcynic
author	Rob Austein <sra@hactrn.net>	2013-03-14 22:15:29 +0000
committer	Rob Austein <sra@hactrn.net>	2013-03-14 22:15:29 +0000
commit	860c999ed09bdffbdb9c3e07bfa4e2de376f7b44 (patch)
tree	fe2c8b45ab7eed9aad12ae20f212095e9bd3ac04 /buildtools
parent	98c7b0f51824d34fe51d889f90f6dbe1c802ea3d (diff)