From f76e6c13fb8d6cb2e824cefb1ba3873054f27f77 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 13 Mar 2013 22:10:25 +0000 Subject: Merge FreeBSD port generators. svn path=/trunk/; revision=5140 --- buildtools/build-freebsd-ca-port.py | 259 ------------------ buildtools/build-freebsd-ports.py | 530 ++++++++++++++++++++++++++++++++++++ buildtools/build-freebsd-rp-port.py | 351 ------------------------ 3 files changed, 530 insertions(+), 610 deletions(-) delete mode 100644 buildtools/build-freebsd-ca-port.py create mode 100644 buildtools/build-freebsd-ports.py delete mode 100644 buildtools/build-freebsd-rp-port.py (limited to 'buildtools') diff --git a/buildtools/build-freebsd-ca-port.py b/buildtools/build-freebsd-ca-port.py deleted file mode 100644 index d712048e..00000000 --- a/buildtools/build-freebsd-ca-port.py +++ /dev/null @@ -1,259 +0,0 @@ -""" -Construct a FreeBSD port template given the URL of a source tarball. - -$Id$ - -Copyright (C) 2012-2013 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import sys -import os -import subprocess -import urlparse -import errno -import glob - -try: - url = sys.argv[1] -except IndexError: - sys.exit("Usage: %s URL-of-source-tarball" % sys.argv[0]) - -def stripext(fn, *exts): - fn1, fn2 = os.path.splitext(fn) - return fn1 if fn2 in exts else fn - -def mkdir_maybe(d): - try: - print "Creating", d - os.makedirs(d) - except OSError, e: - if e.errno != errno.EEXIST: - raise - -name = os.path.basename(urlparse.urlparse(url).path) -name = stripext(name, ".gz", ".bz2", ".xz") -name = stripext(name, ".tar", ".tgz", ".tbz", ".txz") - -# Up until this point this is fairly generic, but we reach the point -# of diminishing returns when we have to parse the port name and -# version number out of the filename. This will need to be changed -# when we start doing this with something other than snapshot -# tarballs. - -try: - base, branch, vers = name.split("-") -except: - base, branch, vers = None - -if base not in ("rpkitools", "rpki"): - base = None - -if branch != "trunk" and (branch[:2] != "tk" or not branch[2:].isdigit()): - branch = None - -if not vers.isdigit() and (base != "rpki" or vers[0] != "r" or not vers[1:].isdigit()): - vers = None -else: - vers = vers[1:] - -if None in (base, branch, vers): - sys.exit("Unexpected tarball URL name format") - -base += "-ca" - -mkdir_maybe(base) - -with open(os.path.join(base, "Makefile"), "w") as f: - print "Writing", f.name - - f.write('''\ -PORTNAME= %(portname)s -PORTVERSION= 0.%(snapshot)s -CATEGORIES= net -MASTER_SITES= %(master_sites)s -DISTFILES= %(distfiles)s -WRKSRC= ${WRKDIR}/%(tarname)s -MAINTAINER= sra@hactrn.net -COMMENT= rpki.net RPKI CA tools - -GNU_CONFIGURE= yes -USE_PYTHON= 2.7+ -USE_GNOME= libxml2 libxslt -USE_MYSQL= server -USE_APACHE_RUN= 22+ - -USE_RC_SUBR= rpki-ca - -# For OpenSSL, not needed otherwise -USE_PERL5_BUILD=yes - -# For building OpenSSL, not needed otherwise -BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend - -# Needed at build to keep ./configure from complaining. -BUILD_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync - -RPKID_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>0:${PORTSDIR}/devel/py-lxml \\ - ${PYTHON_PKGNAMEPREFIX}MySQLdb>0:${PORTSDIR}/databases/py-MySQLdb \\ - ${PYTHON_PKGNAMEPREFIX}django>=1.3.7:${PORTSDIR}/www/py-django \\ - ${PYTHON_PKGNAMEPREFIX}vobject>0:${PORTSDIR}/deskutils/py-vobject \\ - ${PYTHON_PKGNAMEPREFIX}yaml>0:${PORTSDIR}/devel/py-yaml \\ - ${PYTHON_PKGNAMEPREFIX}south>=0.7.6:${PORTSDIR}/databases/py-south - -BUILD_DEPENDS+= ${RPKID_DEPENDS} -RUN_DEPENDS+= ${RPKID_DEPENDS} - -RUN_DEPENDS+= ${APACHE_PKGNAMEPREFIX}mod_wsgi>3:${PORTSDIR}/www/mod_wsgi3 - -# Try to use system OpenSSL if we can. -CONFIGURE_ENV= CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib" - -CONFIGURE_ARGS= --disable-target-installation --disable-rp-tools - -.include -''' % { "portname" : base, - "snapshot" : vers, - "tarname" : name, - "master_sites" : os.path.dirname(url) + "/", - "distfiles" : os.path.basename(url) }) - -with open(os.path.join(base, "pkg-descr"), "w") as f: - print "Writing", f.name - - f.write('''\ -This is a port of the rpki.net RPKI toolkit CA tools. - -WWW: http://rpki.net/ -''') - -mkdir_maybe(os.path.join(base, "files")) - -with open(os.path.join(base, "files", "rpki-ca.in"), "w") as f: - print "Writing", f.name - - f.write('''\ -#!/bin/sh - -# PROVIDE: rpki-ca -# REQUIRE: LOGIN mysql -# KEYWORD: shutdown -# -# Add the following line to /etc/rc.conf[.local] to enable whatever -# RPKI CA services you have configured in rpki.conf -# -# rpkica_enable="YES" - -. /etc/rc.subr - -name="rpkica" -rcvar=rpkica_enable - -required_files="/usr/local/etc/rpki.conf" - -start_cmd="rpkica_start" -stop_cmd="rpkica_stop" - -load_rc_config $name - -: ${rpkica_enable="NO"} - -: ${rpkica_pid_dir="/var/run/rpki"} - -rpkica_start() -{ - /usr/bin/install -m 755 -d $rpkica_pid_dir - /usr/local/sbin/rpki-start-servers - return 0 -} - -rpkica_stop() -{ - for i in rpkid pubd irdbd rootd - do - if /bin/test -f $rpkica_pid_dir/$i.pid - then - /bin/kill `/bin/cat $rpkica_pid_dir/$i.pid` - fi - done - return 0 -} - -run_rc_command "$1" -''') - - -#with open(os.path.join(base, "pkg-plist"), "w") as f: -# print "Writing empty", f.name - -print "Generating checksum" - -subprocess.check_call(("make", "makesum", "DISTDIR=" + os.getcwd()), cwd = base) - -# We will need a pkg-install and perhaps a pkg-deinstall, but I don't -# know what they look like (yet). - -print "Building" - -# "USE_GNOME=" gets rid of annoying whining due to empty or -# non-existent pkg-plist. The (direct) Gnome dependency doesn't -# matter while constructing the port skeleton, so it's simplest just -# to disable it for this one command. - -subprocess.check_call(("make", "DISTDIR=" + os.getcwd(), "USE_GNOME="), cwd = base) - -print "Installing to temporary tree" - -tempdir = os.path.join(base, "work", "temp-install", "") - -subprocess.check_call(("make", "install", "DESTDIR=" + os.path.abspath(tempdir)), - cwd = os.path.join(base, "work", name)) - -print "Generating pkg-plist" - -with open(os.path.join(base, "pkg-plist"), "w") as f: - - dont_remove = ("usr", "etc", "bin", "var", "lib", "sbin", "share", "lib/python2.7", "lib/python2.7/site-packages") - - usr_local = None - - for dirpath, dirnames, filenames in os.walk(tempdir, topdown = False): - dn = dirpath[len(tempdir):] - - if dn.startswith("usr/local"): - if not usr_local and usr_local is not None: - f.write("@cwd\n") - usr_local = True - dn = dn[len("usr/local/"):] - else: - if usr_local: - f.write("@cwd /\n") - usr_local = False - - if not dirnames and not filenames: - f.write("@exec mkdir -p %%D/%s\n" % dn) - - for fn in filenames: - if fn == "rpki.conf.sample": - f.write("@unexec if cmp -s %%D/%s/rpki.conf.sample %%D/%s/rpki.conf; then rm -f %%D/%s/rpki.conf; fi\n" % (dn, dn, dn)) - f.write(os.path.join(dn, fn) + "\n") - if fn == "rpki.conf.sample": - f.write("@exec if [ ! -f %%D/%s/rpki.conf ] ; then cp -p %%D/%s/rpki.conf.sample %%D/%s/rpki.conf; fi\n" % (dn, dn, dn)) - - if dn and dn not in dont_remove: - f.write("@dirrm %s\n" % dn) - -print "Cleaning up" - -subprocess.check_call(("make", "clean"), cwd = base) diff --git a/buildtools/build-freebsd-ports.py b/buildtools/build-freebsd-ports.py new file mode 100644 index 00000000..3b7d3131 --- /dev/null +++ b/buildtools/build-freebsd-ports.py @@ -0,0 +1,530 @@ +""" +Construct FreeBSD ports templates given the URL of a source tarball. + +$Id$ + +Copyright (C) 2012-2013 Internet Systems Consortium ("ISC") + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. +""" + +import sys +import os +import subprocess +import urlparse +import errno +import glob + +try: + url = sys.argv[1] +except IndexError: + sys.exit("Usage: %s URL-of-source-tarball" % sys.argv[0]) + +def stripext(fn, *exts): + fn1, fn2 = os.path.splitext(fn) + return fn1 if fn2 in exts else fn + +def mkdir_maybe(d): + try: + print "Creating", d + os.makedirs(d) + except OSError, e: + if e.errno != errno.EEXIST: + raise + +name = os.path.basename(urlparse.urlparse(url).path) +name = stripext(name, ".gz", ".bz2", ".xz") +name = stripext(name, ".tar", ".tgz", ".tbz", ".txz") + +try: + base, branch, vers = name.split("-") +except: + base, branch, vers = None + +if base != "rpki": + base = None + +if branch != "trunk" and (branch[:2] != "tk" or not branch[2:].isdigit()): + branch = None + +if not vers.isdigit() and (base != "rpki" or vers[0] != "r" or not vers[1:].isdigit()): + vers = None +else: + vers = vers[1:] + +if None in (base, branch, vers): + sys.exit("Unexpected tarball URL name format") + +base_rp = base + "-rp" +base_ca = base + "-ca" + +mkdir_maybe(base_rp) +mkdir_maybe(base_ca) + +with open(os.path.join(base_rp, "Makefile"), "w") as f: + print "Writing", f.name + + f.write('''\ +PORTNAME= %(portname)s +PORTVERSION= 0.%(snapshot)s +CATEGORIES= net +MASTER_SITES= %(master_sites)s +DISTFILES= %(distfiles)s +WRKSRC= ${WRKDIR}/%(tarname)s +MAINTAINER= sra@hactrn.net +COMMENT= rpki.net RPKI relying party tools + +GNU_CONFIGURE= yes +USE_PYTHON= 2.7+ +USE_GNOME= libxml2 libxslt + +# For OpenSSL, not needed otherwise +USE_PERL5_BUILD=yes + +# For building OpenSSL, not needed otherwise +BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend + +# Needed at build to keep ./configure from complaining; +# needed at runtime for rcynic to do anything useful. +BUILD_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync +RUN_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync + +# For rcynic-html +RUN_DEPENDS+= rrdtool>0:${PORTSDIR}/databases/rrdtool + +# Just want relying party tools, try to use system OpenSSL if we can. + +CONFIGURE_ARGS= --disable-ca-tools +CONFIGURE_ENV= CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib" + +# rcynic's Makefile constructs an rcynic.conf for us if it doesn't +# find one already installed. This turns out to be exactly what +# FreeBSD's rules want us to install as rcynic.conf.sample, so we +# shuffle things around a bit just before and just after installation +# to make this all come out right. +# +# If I ever teach rcynic to construct a .conf.sample file per the +# FreeBSD way of doing things, this will need to change to match. + +pre-install: + PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + @if [ -f ${PREFIX}/etc/rcynic.conf ]; then \ + ${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.real ; \ + fi + +post-install: + PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + @if [ -f ${PREFIX}/etc/rcynic.conf.real ]; then \ + ${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample ; \ + ${MV} -f ${PREFIX}/etc/rcynic.conf.real ${PREFIX}/etc/rcynic.conf ; \ + else \ + ${CP} -p ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample ; \ + fi + +.include +''' % { "portname" : base_rp, + "snapshot" : vers, + "tarname" : name, + "master_sites" : os.path.dirname(url) + "/", + "distfiles" : os.path.basename(url) }) + +with open(os.path.join(base_rp, "pkg-descr"), "w") as f: + print "Writing", f.name + + f.write('''\ +This is a port of the rpki.net RPKI toolkit relying party tools. + +WWW: http://rpki.net/ +''') + +with open(os.path.join(base_rp, "pkg-plist"), "w") as f: + + print "Writing empty", f.name + +print "Generating checksum" + +subprocess.check_call(("make", "makesum", "DISTDIR=" + os.getcwd()), cwd = base_rp) + +print "Extracting list of trust anchors" + +trust_anchors = [os.path.basename(fn) + for fn in subprocess.check_output(("tar", "tf", os.path.basename(url))).splitlines() + if "/rcynic/sample-trust-anchors/" in fn and fn.endswith(".tal")] + +with open(os.path.join(base_rp, "pkg-plist"), "w") as f: + + print "Writing", f.name + + f.write('''\ +bin/find_roa +bin/hashdir +bin/print_roa +bin/print_rpki_manifest +bin/rcynic +bin/rcynic-cron +bin/rcynic-html +bin/rcynic-svn +bin/rcynic-text +bin/rtr-origin +bin/scan_roas +bin/validation_status +@unexec if cmp -s %D/etc/rcynic.conf.sample %D/etc/rcynic.conf; then rm -f %D/etc/rcynic.conf; fi +etc/rcynic.conf.sample +@exec if [ ! -f %D/etc/rcynic.conf ] ; then cp -p %D/%F %D/etc/rcynic.conf; fi +''') + + for trust_anchor in sorted(trust_anchors): + f.write("etc/rpki/trust-anchors/%s\n" % trust_anchor) + + f.write('''\ +@dirrm etc/rpki/trust-anchors +@dirrmtry etc/rpki +@dirrm www/apache22/data/rcynic +@cwd / +@exec install -d -o root -g wheel %D/var/rcynic +@exec install -d -o rcynic -g rcynic %D/var/rcynic/data +@dirrm var/rcynic/data +@exec install -d -o rcynic -g rcynic %D/var/rcynic/rpki-rtr +@dirrm var/rcynic/rpki-rtr/sockets +@dirrm var/rcynic/rpki-rtr +@dirrm var/rcynic +''') + +# 90% of this is $top/rcynic/installation-scripts/freebsd/install.sh. +# Somehow or another this duplication needs to go away, but priority +# for today is a working package. + +with open(os.path.join(base_rp, "pkg-install"), "w") as f: + + print "Writing", f.name + + f.write('''\ +#!/bin/sh - + +case $2 in + +PRE-INSTALL) + if /usr/sbin/pw groupshow "rcynic" 2>/dev/null; then + echo "You already have a group \\"rcynic\\", so I will use it." + elif /usr/sbin/pw groupadd rcynic; then + echo "Added group \\"rcynic\\"." + else + echo "Adding group \\"rcynic\\" failed..." + echo "Please create it, then try again." + exit 1 + fi + if /usr/sbin/pw usershow "rcynic" 2>/dev/null; then + echo "You already have a user \\"rcynic\\", so I will use it." + elif /usr/sbin/pw useradd rcynic -g rcynic -h - -d /nonexistant -s /usr/sbin/nologin -c "RPKI validation system"; then + echo "Added user \\"rcynic\\"." + else + echo "Adding user \\"rcynic\\" failed..." + echo "Please create it, then try again." + exit 1 + fi + ;; + +POST-INSTALL) + htmldir=/usr/local/www/apache22/data/rcynic + if ! test -d $htmldir ; then + echo "Creating $htmldir" + install -o rcynic -g rcynic -d $htmldir + fi + sockdir=/var/rcynic/rpki-rtr/sockets + if ! test -d $sockdir ; then + echo "Creating $sockdir" + install -o nobody -g rcynic -d $sockdir + fi + echo "Setting up rcynic's crontab to run rcynic-cron script" + /usr/bin/crontab -l -u rcynic 2>/dev/null | + /usr/bin/awk -v t=`hexdump -n 2 -e '"%u\\n"' /dev/random` ' + BEGIN { + cmd = "exec /usr/local/bin/rcynic-cron"; + } + $0 !~ cmd { + print; + } + END { + printf "%u * * * *\\t%s\\n", t % 60, cmd; + }' | + /usr/bin/crontab -u rcynic - + echo "Setting up rpki-rtr listener under inetd" + if /usr/bin/egrep -q '^rpki-rtr' /etc/services ; then + echo "You already have a /etc/services entry for rpki-rtr, so I will use it." + elif echo >>/etc/services "rpki-rtr 43779/tcp #RFC 6810" ; then + echo "Added rpki-rtr to /etc/services." + else + echo "Adding rpki-rtr to /etc/services failed, please fix this, then try again." + exit 1 + fi + if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp[ ]" /etc/inetd.conf; then + echo "You already have an inetd.conf entry for rpki-rtr on TCPv4, so I will use it." + elif echo >>/etc/inetd.conf "rpki-rtr stream tcp nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; then + echo "Added rpki-rtr for TCPv4 to /etc/inetd.conf." + else + echo "Adding rpki-rtr for TCPv4 to /etc/inetd.conf failed, please fix this, then try again." + exit 1 + fi + if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp6[ ]" /etc/inetd.conf; then + echo "You already have an inetd.conf entry for rpki-rtr on TCPv6, so I will use it." + elif echo >>/etc/inetd.conf "rpki-rtr stream tcp6 nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; then + echo "Added rpki-rtr for TCPv6 to /etc/inetd.conf." + else + echo "Adding rpki-rtr for TCPv6 to /etc/inetd.conf failed, please fix this, then try again." + exit 1 + fi + ;; + +*) + echo "No clue what this script is meant to do when invoked with arguments \\"$*\\". Punting." + exit 1 + ;; + +esac +''') + +with open(os.path.join(base_rp, "pkg-deinstall"), "w") as f: + + print "Writing", f.name + + f.write('''\ +#!/bin/sh - + +case $2 in + +DEINSTALL) + echo "Whacking rcynic's crontab" + /usr/bin/crontab -l -u rcynic 2>/dev/null | + /usr/bin/awk ' + $0 !~ "exec /usr/local/bin/rcynic-cron" { + line[++n] = $0; + } + END { + if (n) + for (i = 1; i <= n; i++) + print line[i] | "/usr/bin/crontab -u rcynic -"; + else + system("/usr/bin/crontab -u rcynic -r"); + }' + ;; + +POST-DEINSTALL) + ;; + +*) + echo "No clue what this script is meant to do when invoked with arguments \\"$*\\". Punting." + exit 1 + ;; + +esac +''') + +with open(os.path.join(base_rp, "pkg-message"), "w") as f: + + print "Writing", f.name + + f.write('''\ +You may want to customize /usr/local/etc/rcynic.conf. If you did not +install your own trust anchors, a default set of SAMPLE trust anchors +may have been installed for you, but you, the relying party, are the +only one who can decide whether you trust those anchors. rcynic will +not do anything useful without good trust anchors. + +rcynic-cron has been configured to run hourly, at a randomly selected +minute, to spread load on the global RPKI repository servers. Please +do NOT adjust this to run on the hour. In particular please do NOT +adjust this to run at midnight UTC. +''') + +with open(os.path.join(base_ca, "Makefile"), "w") as f: + print "Writing", f.name + + f.write('''\ +PORTNAME= %(portname)s +PORTVERSION= 0.%(snapshot)s +CATEGORIES= net +MASTER_SITES= %(master_sites)s +DISTFILES= %(distfiles)s +WRKSRC= ${WRKDIR}/%(tarname)s +MAINTAINER= sra@hactrn.net +COMMENT= rpki.net RPKI CA tools + +GNU_CONFIGURE= yes +USE_PYTHON= 2.7+ +USE_GNOME= libxml2 libxslt +USE_MYSQL= server +USE_APACHE_RUN= 22+ + +USE_RC_SUBR= rpki-ca + +# For OpenSSL, not needed otherwise +USE_PERL5_BUILD=yes + +# For building OpenSSL, not needed otherwise +BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend + +# Needed at build to keep ./configure from complaining. +BUILD_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync + +RPKID_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>0:${PORTSDIR}/devel/py-lxml \\ + ${PYTHON_PKGNAMEPREFIX}MySQLdb>0:${PORTSDIR}/databases/py-MySQLdb \\ + ${PYTHON_PKGNAMEPREFIX}django>=1.3.7:${PORTSDIR}/www/py-django \\ + ${PYTHON_PKGNAMEPREFIX}vobject>0:${PORTSDIR}/deskutils/py-vobject \\ + ${PYTHON_PKGNAMEPREFIX}yaml>0:${PORTSDIR}/devel/py-yaml \\ + ${PYTHON_PKGNAMEPREFIX}south>=0.7.6:${PORTSDIR}/databases/py-south + +BUILD_DEPENDS+= ${RPKID_DEPENDS} +RUN_DEPENDS+= ${RPKID_DEPENDS} + +RUN_DEPENDS+= ${APACHE_PKGNAMEPREFIX}mod_wsgi>3:${PORTSDIR}/www/mod_wsgi3 + +# Try to use system OpenSSL if we can. +CONFIGURE_ENV= CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib" + +CONFIGURE_ARGS= --disable-target-installation --disable-rp-tools + +.include +''' % { "portname" : base_ca, + "snapshot" : vers, + "tarname" : name, + "master_sites" : os.path.dirname(url) + "/", + "distfiles" : os.path.basename(url) }) + +with open(os.path.join(base_ca, "pkg-descr"), "w") as f: + print "Writing", f.name + + f.write('''\ +This is a port of the rpki.net RPKI toolkit CA tools. + +WWW: http://rpki.net/ +''') + +mkdir_maybe(os.path.join(base_ca, "files")) + +with open(os.path.join(base_ca, "files", "rpki-ca.in"), "w") as f: + print "Writing", f.name + + f.write('''\ +#!/bin/sh + +# PROVIDE: rpki-ca +# REQUIRE: LOGIN mysql +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf[.local] to enable whatever +# RPKI CA services you have configured in rpki.conf +# +# rpkica_enable="YES" + +. /etc/rc.subr + +name="rpkica" +rcvar=rpkica_enable + +required_files="/usr/local/etc/rpki.conf" + +start_cmd="rpkica_start" +stop_cmd="rpkica_stop" + +load_rc_config $name + +: ${rpkica_enable="NO"} + +: ${rpkica_pid_dir="/var/run/rpki"} + +rpkica_start() +{ + /usr/bin/install -m 755 -d $rpkica_pid_dir + /usr/local/sbin/rpki-start-servers + return 0 +} + +rpkica_stop() +{ + for i in rpkid pubd irdbd rootd + do + if /bin/test -f $rpkica_pid_dir/$i.pid + then + /bin/kill `/bin/cat $rpkica_pid_dir/$i.pid` + fi + done + return 0 +} + +run_rc_command "$1" +''') + + +#with open(os.path.join(base_ca, "pkg-plist"), "w") as f: +# print "Writing empty", f.name + +print "Generating checksum" + +subprocess.check_call(("make", "makesum", "DISTDIR=" + os.getcwd()), cwd = base_ca) + +# We will need a pkg-install and perhaps a pkg-deinstall, but I don't +# know what they look like (yet). + +print "Building" + +# "USE_GNOME=" gets rid of annoying whining due to empty or +# non-existent pkg-plist. The (direct) Gnome dependency doesn't +# matter while constructing the port skeleton, so it's simplest just +# to disable it for this one command. + +subprocess.check_call(("make", "DISTDIR=" + os.getcwd(), "USE_GNOME="), cwd = base_ca) + +print "Installing to temporary tree" + +tempdir = os.path.join(base_ca, "work", "temp-install", "") + +subprocess.check_call(("make", "install", "DESTDIR=" + os.path.abspath(tempdir)), + cwd = os.path.join(base_ca, "work", name)) + +print "Generating pkg-plist" + +with open(os.path.join(base_ca, "pkg-plist"), "w") as f: + + dont_remove = ("usr", "etc", "bin", "var", "lib", "sbin", "share", "lib/python2.7", "lib/python2.7/site-packages") + + usr_local = None + + for dirpath, dirnames, filenames in os.walk(tempdir, topdown = False): + dn = dirpath[len(tempdir):] + + if dn.startswith("usr/local"): + if not usr_local and usr_local is not None: + f.write("@cwd\n") + usr_local = True + dn = dn[len("usr/local/"):] + else: + if usr_local: + f.write("@cwd /\n") + usr_local = False + + if not dirnames and not filenames: + f.write("@exec mkdir -p %%D/%s\n" % dn) + + for fn in filenames: + if fn == "rpki.conf.sample": + f.write("@unexec if cmp -s %%D/%s/rpki.conf.sample %%D/%s/rpki.conf; then rm -f %%D/%s/rpki.conf; fi\n" % (dn, dn, dn)) + f.write(os.path.join(dn, fn) + "\n") + if fn == "rpki.conf.sample": + f.write("@exec if [ ! -f %%D/%s/rpki.conf ] ; then cp -p %%D/%s/rpki.conf.sample %%D/%s/rpki.conf; fi\n" % (dn, dn, dn)) + + if dn and dn not in dont_remove: + f.write("@dirrm %s\n" % dn) + +print "Cleaning up" + +subprocess.check_call(("make", "clean"), cwd = base_ca) diff --git a/buildtools/build-freebsd-rp-port.py b/buildtools/build-freebsd-rp-port.py deleted file mode 100644 index 2b37c5a5..00000000 --- a/buildtools/build-freebsd-rp-port.py +++ /dev/null @@ -1,351 +0,0 @@ -""" -Construct a FreeBSD port template given the URL of a source tarball. - -$Id$ - -Copyright (C) 2012-2013 Internet Systems Consortium ("ISC") - -Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. -""" - -import sys -import os -import subprocess -import urlparse -import errno -import glob - -try: - url = sys.argv[1] -except IndexError: - sys.exit("Usage: %s URL-of-source-tarball" % sys.argv[0]) - -def stripext(fn, *exts): - fn1, fn2 = os.path.splitext(fn) - return fn1 if fn2 in exts else fn - -def mkdir_maybe(d): - try: - print "Creating", d - os.makedirs(d) - except OSError, e: - if e.errno != errno.EEXIST: - raise - -name = os.path.basename(urlparse.urlparse(url).path) -name = stripext(name, ".gz", ".bz2", ".xz") -name = stripext(name, ".tar", ".tgz", ".tbz", ".txz") - -# Up until this point this is fairly generic, but we reach the point -# of diminishing returns when we have to parse the port name and -# version number out of the filename. This will need to be changed -# when we start doing this with something other than snapshot -# tarballs. - -try: - base, branch, vers = name.split("-") -except: - base, branch, vers = None - -if base not in ("rpkitools", "rpki"): - base = None - -if branch != "trunk" and (branch[:2] != "tk" or not branch[2:].isdigit()): - branch = None - -if not vers.isdigit() and (base != "rpki" or vers[0] != "r" or not vers[1:].isdigit()): - vers = None -else: - vers = vers[1:] - -if None in (base, branch, vers): - sys.exit("Unexpected tarball URL name format") - -base += "-rp" - -mkdir_maybe(base) - -with open(os.path.join(base, "Makefile"), "w") as f: - print "Writing", f.name - - f.write('''\ -PORTNAME= %(portname)s -PORTVERSION= 0.%(snapshot)s -CATEGORIES= net -MASTER_SITES= %(master_sites)s -DISTFILES= %(distfiles)s -WRKSRC= ${WRKDIR}/%(tarname)s -MAINTAINER= sra@hactrn.net -COMMENT= rpki.net RPKI relying party tools - -GNU_CONFIGURE= yes -USE_PYTHON= 2.7+ -USE_GNOME= libxml2 libxslt - -# For OpenSSL, not needed otherwise -USE_PERL5_BUILD=yes - -# For building OpenSSL, not needed otherwise -BUILD_DEPENDS+= makedepend>0:${PORTSDIR}/devel/makedepend - -# Needed at build to keep ./configure from complaining; -# needed at runtime for rcynic to do anything useful. -BUILD_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync -RUN_DEPENDS+= rsync>0:${PORTSDIR}/net/rsync - -# For rcynic-html -RUN_DEPENDS+= rrdtool>0:${PORTSDIR}/databases/rrdtool - -# Just want relying party tools, try to use system OpenSSL if we can. - -CONFIGURE_ARGS= --disable-ca-tools -CONFIGURE_ENV= CFLAGS="-I${LOCALBASE}/include" LDFLAGS="-L${LOCALBASE}/lib" - -# rcynic's Makefile constructs an rcynic.conf for us if it doesn't -# find one already installed. This turns out to be exactly what -# FreeBSD's rules want us to install as rcynic.conf.sample, so we -# shuffle things around a bit just before and just after installation -# to make this all come out right. -# -# If I ever teach rcynic to construct a .conf.sample file per the -# FreeBSD way of doing things, this will need to change to match. - -pre-install: - PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL - @if [ -f ${PREFIX}/etc/rcynic.conf ]; then \ - ${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.real ; \ - fi - -post-install: - PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL - @if [ -f ${PREFIX}/etc/rcynic.conf.real ]; then \ - ${MV} -f ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample ; \ - ${MV} -f ${PREFIX}/etc/rcynic.conf.real ${PREFIX}/etc/rcynic.conf ; \ - else \ - ${CP} -p ${PREFIX}/etc/rcynic.conf ${PREFIX}/etc/rcynic.conf.sample ; \ - fi - -.include -''' % { "portname" : base, - "snapshot" : vers, - "tarname" : name, - "master_sites" : os.path.dirname(url) + "/", - "distfiles" : os.path.basename(url) }) - -with open(os.path.join(base, "pkg-descr"), "w") as f: - print "Writing", f.name - - f.write('''\ -This is a port of the rpki.net RPKI toolkit relying party tools. - -WWW: http://rpki.net/ -''') - -with open(os.path.join(base, "pkg-plist"), "w") as f: - - print "Writing empty", f.name - -print "Generating checksum" - -subprocess.check_call(("make", "makesum", "DISTDIR=" + os.getcwd()), cwd = base) - -print "Extracting list of trust anchors" - -trust_anchors = [os.path.basename(fn) - for fn in subprocess.check_output(("tar", "tf", os.path.basename(url))).splitlines() - if "/rcynic/sample-trust-anchors/" in fn and fn.endswith(".tal")] - -with open(os.path.join(base, "pkg-plist"), "w") as f: - - print "Writing", f.name - - f.write('''\ -bin/find_roa -bin/hashdir -bin/print_roa -bin/print_rpki_manifest -bin/rcynic -bin/rcynic-cron -bin/rcynic-html -bin/rcynic-svn -bin/rcynic-text -bin/rtr-origin -bin/scan_roas -bin/validation_status -@unexec if cmp -s %D/etc/rcynic.conf.sample %D/etc/rcynic.conf; then rm -f %D/etc/rcynic.conf; fi -etc/rcynic.conf.sample -@exec if [ ! -f %D/etc/rcynic.conf ] ; then cp -p %D/%F %D/etc/rcynic.conf; fi -''') - - for trust_anchor in sorted(trust_anchors): - f.write("etc/rpki/trust-anchors/%s\n" % trust_anchor) - - f.write('''\ -@dirrm etc/rpki/trust-anchors -@dirrmtry etc/rpki -@dirrm www/apache22/data/rcynic -@cwd / -@exec install -d -o root -g wheel %D/var/rcynic -@exec install -d -o rcynic -g rcynic %D/var/rcynic/data -@dirrm var/rcynic/data -@exec install -d -o rcynic -g rcynic %D/var/rcynic/rpki-rtr -@dirrm var/rcynic/rpki-rtr/sockets -@dirrm var/rcynic/rpki-rtr -@dirrm var/rcynic -''') - -# 90% of this is $top/rcynic/installation-scripts/freebsd/install.sh. -# Somehow or another this duplication needs to go away, but priority -# for today is a working package. - -with open(os.path.join(base, "pkg-install"), "w") as f: - - print "Writing", f.name - - f.write('''\ -#!/bin/sh - - -case $2 in - -PRE-INSTALL) - if /usr/sbin/pw groupshow "rcynic" 2>/dev/null; then - echo "You already have a group \\"rcynic\\", so I will use it." - elif /usr/sbin/pw groupadd rcynic; then - echo "Added group \\"rcynic\\"." - else - echo "Adding group \\"rcynic\\" failed..." - echo "Please create it, then try again." - exit 1 - fi - if /usr/sbin/pw usershow "rcynic" 2>/dev/null; then - echo "You already have a user \\"rcynic\\", so I will use it." - elif /usr/sbin/pw useradd rcynic -g rcynic -h - -d /nonexistant -s /usr/sbin/nologin -c "RPKI validation system"; then - echo "Added user \\"rcynic\\"." - else - echo "Adding user \\"rcynic\\" failed..." - echo "Please create it, then try again." - exit 1 - fi - ;; - -POST-INSTALL) - htmldir=/usr/local/www/apache22/data/rcynic - if ! test -d $htmldir ; then - echo "Creating $htmldir" - install -o rcynic -g rcynic -d $htmldir - fi - sockdir=/var/rcynic/rpki-rtr/sockets - if ! test -d $sockdir ; then - echo "Creating $sockdir" - install -o nobody -g rcynic -d $sockdir - fi - echo "Setting up rcynic's crontab to run rcynic-cron script" - /usr/bin/crontab -l -u rcynic 2>/dev/null | - /usr/bin/awk -v t=`hexdump -n 2 -e '"%u\\n"' /dev/random` ' - BEGIN { - cmd = "exec /usr/local/bin/rcynic-cron"; - } - $0 !~ cmd { - print; - } - END { - printf "%u * * * *\\t%s\\n", t % 60, cmd; - }' | - /usr/bin/crontab -u rcynic - - echo "Setting up rpki-rtr listener under inetd" - if /usr/bin/egrep -q '^rpki-rtr' /etc/services ; then - echo "You already have a /etc/services entry for rpki-rtr, so I will use it." - elif echo >>/etc/services "rpki-rtr 43779/tcp #RFC 6810" ; then - echo "Added rpki-rtr to /etc/services." - else - echo "Adding rpki-rtr to /etc/services failed, please fix this, then try again." - exit 1 - fi - if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp[ ]" /etc/inetd.conf; then - echo "You already have an inetd.conf entry for rpki-rtr on TCPv4, so I will use it." - elif echo >>/etc/inetd.conf "rpki-rtr stream tcp nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; then - echo "Added rpki-rtr for TCPv4 to /etc/inetd.conf." - else - echo "Adding rpki-rtr for TCPv4 to /etc/inetd.conf failed, please fix this, then try again." - exit 1 - fi - if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp6[ ]" /etc/inetd.conf; then - echo "You already have an inetd.conf entry for rpki-rtr on TCPv6, so I will use it." - elif echo >>/etc/inetd.conf "rpki-rtr stream tcp6 nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; then - echo "Added rpki-rtr for TCPv6 to /etc/inetd.conf." - else - echo "Adding rpki-rtr for TCPv6 to /etc/inetd.conf failed, please fix this, then try again." - exit 1 - fi - ;; - -*) - echo "No clue what this script is meant to do when invoked with arguments \\"$*\\". Punting." - exit 1 - ;; - -esac -''') - -with open(os.path.join(base, "pkg-deinstall"), "w") as f: - - print "Writing", f.name - - f.write('''\ -#!/bin/sh - - -case $2 in - -DEINSTALL) - echo "Whacking rcynic's crontab" - /usr/bin/crontab -l -u rcynic 2>/dev/null | - /usr/bin/awk ' - $0 !~ "exec /usr/local/bin/rcynic-cron" { - line[++n] = $0; - } - END { - if (n) - for (i = 1; i <= n; i++) - print line[i] | "/usr/bin/crontab -u rcynic -"; - else - system("/usr/bin/crontab -u rcynic -r"); - }' - ;; - -POST-DEINSTALL) - ;; - -*) - echo "No clue what this script is meant to do when invoked with arguments \\"$*\\". Punting." - exit 1 - ;; - -esac -''') - -with open(os.path.join(base, "pkg-message"), "w") as f: - - print "Writing", f.name - - f.write('''\ -You may want to customize /usr/local/etc/rcynic.conf. If you did not -install your own trust anchors, a default set of SAMPLE trust anchors -may have been installed for you, but you, the relying party, are the -only one who can decide whether you trust those anchors. rcynic will -not do anything useful without good trust anchors. - -rcynic-cron has been configured to run hourly, at a randomly selected -minute, to spread load on the global RPKI repository servers. Please -do NOT adjust this to run on the hour. In particular please do NOT -adjust this to run at midnight UTC. -''') -- cgit v1.2.3