unrealircd 6.0.7, with fixes

* properly run configtest without starting the ircd * don't put unrealircd's pidfile where unrealircd could write it * add IUSE + RDEPEND to build geoip_classic compare with 6.0.4.2.ebuild, confd-r4, initd-r3
2023-04-11 22:30:25 -05:00 · 2023-04-11 22:30:25 -05:00 · 55ed83bdd2
parent 91d7f4fde5
commit 55ed83bdd2
4 changed files with 289 additions and 0 deletions
--- a/net-irc/unrealircd/Manifest
+++ b/net-irc/unrealircd/Manifest
@ -10,3 +10,5 @@ DIST unrealircd-6.0.4.2.tar.gz.asc 866 BLAKE2B cdfee99a09479d6099ef42e4caa05024b
 EBUILD unrealircd-5.2.4-r1.ebuild 5491 BLAKE2B a82c2aab7db44a19a1d752434d86f092e90c7ac88931a45bf1c7f12d0459759eef445ba73d03f9ba828debe30b79d56bd4b2d0d828462f1b21799b883469ebe6 SHA512 ba0fe9538fdc7bf601e318b30b3529fcb0c5da14c71689c7e2fe6ce2e4465d74c6e72ec4aab2db1ad6a20d7267feba745a302c068f2542a278c72b984b4aaa5f
 EBUILD unrealircd-6.0.4.2.ebuild 5948 BLAKE2B 967806cfeb0a4eb8df73ab60fe00bd11f3c09298854516825bb8a11728c810e22bc9d769da715afc0a37f27e90cba1d574de186ff085d6d30dfea208e9b19561 SHA512 11c43244a9febe879a28b8f44c20f080f0a775a989dc4706073ab7f483e0e096f14c553d7b8989f8d2db977c1f08ed3cc298b50960f82cff1a64d7b853c131c2
 MISC metadata.xml 978 BLAKE2B 7149e20723b563c08f93a7383b4f934104c24c945a4cf07510a7945d418a824db990eec1fca839f67c739296e519e67033b4181c7fbf0761336053dfd68a1898 SHA512 926d227e04485b71ce6f6cce4f8addebd4479837d5b9f4bb412f391edd74d72d38aefbe9275bc2a45ee25117990ceeb796722f7753c082e987dc09d07c277987
+DIST unrealircd-6.0.7.tar.gz 10293495 BLAKE2B 463bd2b38c712a1a9d1429d1142052750f859a9577772240c1a1094049a9d0768c3830f98204795049ff3f66d4c96a5de87503b44d01a402b72da9095078afe8 SHA512 2cbddb9510066c5a05fd5b907f8bcfa15b32bd345cd42f73cf5bc57a053aefee6bdd324e4dc149aff68887dc591cdbb1ea9db3d65c20703aee94a9c30aadcb64
+DIST unrealircd-6.0.7.tar.gz.asc 866 BLAKE2B 46b932d3d52e9211bbce4bfdb26ad2164fbbd60e593e632534563e87bff49c8fe6ae74725cce697f056204c1333a672b3bf4d7b96fa6d5e35b5eb07c4b3ef6f4 SHA512 5237def4849cf1f25928dba5fa4a3974a1641ff538f330408d233b5826b8d67aee0274e372946f8a1c46aeca4738db487ac40b0989450902bc5562c8ecada835
--- a/net-irc/unrealircd/files/unrealircd.confd-r5
+++ b/net-irc/unrealircd/files/unrealircd.confd-r5
@ -0,0 +1,37 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Where to chroot to
+# Uncomment this line for chrooting
+#UNREALIRCD_CHROOT="/var/chroot/ircd"
+UNREALIRCD_CHROOT=""
+
+# Which configuration file to load instead of unrealircd.conf. If you
+# want to run multiple instances of unrealircd, you must edit
+# files::pidfile to match UNREALIRCD_PIDFILE. You should also ensure
+# that files::tunefile is different for each unrealircd instance. See
+# https://www.unrealircd.org/docs/Configuration#Files_block
+#
+# To support multiple instances of unrealircd, you may create symlinks
+# in /etc/init.d pointing to /etc/init.d/unrealircd. It is recommended
+# that the scheme unrealircd.${instance_name} be used. For each
+# instance, you may make a copy of this file with the appropriate name
+# to override default options specific to that instance.
+UNREALIRCD_CONF="${UNREALIRCD_CHROOT}/etc/unrealircd/${SVCNAME}.conf"
+
+# The path where unrealircd is configured to create its pidfile.
+UNREALIRCD_PIDFILE="${UNREALIRCD_CHROOT}/run/${SVCNAME}.pid"
+
+# extra options to pass to unrealircd ...
+# You should not specify the -f option here; use
+# UNREALIRCD_CONF instead.
+#
+# [-h servername]
+# [-p portnumber]
+# [-x loglevel]
+# [-t] (to enable debug output)
+UNREALIRCD_OPTS=""
+
+# Extra flags to pass to start-stop-daemon. When initially
+# debugging, removing --quiet may help.
+UNREALIRCD_SSD_OPTS="--quiet"
--- a/net-irc/unrealircd/files/unrealircd.initd-r4
+++ b/net-irc/unrealircd/files/unrealircd.initd-r4
@ -0,0 +1,57 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Defaults
+: ${UNREALIRCD_CONF:=/etc/unrealircd/${SVCNAME}.conf}
+: ${UNREALIRCD_PIDFILE:=/run/${SVCNAME#unreal}.pid}
+
+# Convenience variable for the chroot bits, not actually user-controllable via conf.d
+UNREALIRCD_USER="unrealircd"
+UNREALIRCD_BIN="/usr/bin/unrealircd"
+UNREALIRCD_COMMAND_ARGS="-F -f ${UNREALIRCD_CONF} ${UNREALIRCD_OPTS}"
+
+# Run the daemon in the foreground and let OpenRC background it.
+# This way the PID file is created securely, as root.
+# https://bugs.unrealircd.org/view.php?id=4990
+# https://bugs.gentoo.org/628434
+command_args="${UNREALIRCD_COMMAND_ARGS}"
+command_background=true
+pidfile="${UNREALIRCD_PIDFILE}"
+
+start_stop_daemon_args="${UNREALIRCD_SSD_OPTS}"
+extra_started_commands="checkconfig reload"
+
+if [ -n "${UNREALIRCD_CHROOT}" ]; then
+	command=/usr/bin/chroot
+	command_args="--userspec ${UNREALIRCD_USER}:${UNREALIRCD_USER} ${UNREALIRCD_CHROOT} ${UNREALIRCD_BIN} ${UNREALIRCD_COMMAND_ARGS}"
+else
+	# We're running it directly so no need for anything special.
+	command="${UNREALIRCD_BIN}"
+	command_user=${UNREALIRCD_USER}
+fi
+
+checkconfig() {
+	# command_args weirdness because we want to preserve the chroot arguments if it's set
+	# Only run the configtest for the main instance; it can't work right now for others (no way to specify config file)
+	[ ${SVCNAME} = unrealircd ] && su -s /bin/sh ${command_user:=root} -c "${command} ${command_args%${UNREALIRCD_COMMAND_ARGS}} -c"
+}
+
+depend() {
+	use dns net
+	provide ircd
+}
+
+start_pre() {
+	checkconfig || return $?
+}
+
+reload() {
+	checkconfig || return $?
+
+	ebegin "Reloading ${RC_SVCNAME}"
+	start-stop-daemon --signal HUP \
+			  --pidfile "${pidfile}" \
+			  ${UNREALIRCD_SSD_OPTS}
+	eend $?
+}
--- a/net-irc/unrealircd/unrealircd-6.0.7.ebuild
+++ b/net-irc/unrealircd/unrealircd-6.0.7.ebuild
@ -0,0 +1,193 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+SSL_CERT_MANDATORY=1
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/unrealircd.asc
+inherit autotools ssl-cert systemd tmpfiles verify-sig
+
+DESCRIPTION="An advanced Internet Relay Chat daemon"
+HOMEPAGE="https://www.unrealircd.org/"
+SRC_URI="https://www.unrealircd.org/downloads/${P}.tar.gz"
+SRC_URI+=" verify-sig? ( https://www.unrealircd.org/downloads/${P}.tar.gz.asc )"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86 ~amd64-linux"
+IUSE="class-nofakelag curl geoip geoip-classic +operoverride operoverride-verify"
+
+RDEPEND="
+	acct-group/unrealircd
+	acct-user/unrealircd
+	>=app-crypt/argon2-20171227-r1:=
+	dev-libs/libpcre2
+	dev-libs/libsodium:=
+	dev-libs/openssl:=
+	dev-libs/jansson:=
+	>=net-dns/c-ares-1.7:=
+	virtual/libcrypt:=
+	curl? ( net-misc/curl[adns] )
+	geoip? ( dev-libs/libmaxminddb )
+	geoip-classic? ( dev-libs/geoip )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-unrealircd )
+"
+
+DOCS=( doc/{Authors,Donation,RELEASE-NOTES.md,tao.of.irc,technical/,translations.txt} )
+
+src_prepare() {
+	# QA check against bundled pkgs
+	rm -r extras || die
+
+	# building third-party modules (which we don't do) cause a sandbox violation
+	# bug 704444
+	echo "" > src/buildmod || die
+
+	sed -e 's/$(MODULEFLAGS)/$(LDFLAGS) &/' -i src/modules/{,*/}Makefile.in || die
+
+	if use class-nofakelag; then
+		sed -i -e 's:^//#undef\( FAKELAG_CONFIGURABLE\):#define\1:' include/config.h || die
+	fi
+
+	# File is missing from the 5.0.9.1 tarball
+	sed -i -e '/unrealircd-upgrade-script/d' configure.ac || die
+
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# Default value for privatelibdir adds a build path to -Wl,-rpath.
+	econf \
+		--with-bindir="${EPREFIX}"/usr/bin \
+		--with-cachedir="${EPREFIX}"/var/lib/${PN} \
+		--with-confdir="${EPREFIX}"/etc/${PN} \
+		--with-datadir="${EPREFIX}"/var/lib/${PN} \
+		--with-docdir="${EPREFIX}"/usr/share/doc/${PF} \
+		--with-logdir="${EPREFIX}"/var/log/${PN} \
+		--with-modulesdir="${EPREFIX}/usr/$(get_libdir)"/${PN}/modules \
+		--without-privatelibdir \
+		--with-pidfile="${EPREFIX}"/run/${PN}.pid \
+		--with-tmpdir="${EPREFIX}"/var/lib/${PN}/tmp \
+		--with-maxconnections=1024 \
+		--with-nick-history=2000 \
+		--with-permissions=0640 \
+		--with-system-argon2 \
+		--with-system-cares \
+		--with-system-pcre2 \
+		--with-system-sodium \
+		--with-system-jansson \
+		--enable-dynamic-linking \
+		--with-controlfile="${EPREFIX}"/run/${PN}/${PN}.ctl \
+		--enable-ssl="${EPREFIX}"/usr \
+		$(use_enable curl libcurl "${EPREFIX}"/usr) \
+		$(use_with !operoverride no-operoverride) \
+		$(use_with operoverride-verify) \
+		$(use_enable geoip libmaxminddb) \
+		$(use_enable geoip-classic geoip-classic)
+}
+
+src_install() {
+	keepdir /var/log/${PN}
+	keepdir /var/lib/${PN}/tmp
+
+	newbin src/ircd ${PN}
+	dobin src/unrealircdctl
+
+	newtmpfiles "${FILESDIR}"/unrealircd.tmpfiles unrealircd.conf
+
+	(
+		cd src/modules || die
+		for subdir in $(find . -type d -print); do
+			if [[ -n $(shopt -s nullglob; echo ${subdir}/*.so) ]]; then
+				exeinto /usr/$(get_libdir)/${PN}/modules/"${subdir}"
+				doexe "${subdir}"/*.so
+			fi
+		done
+	)
+
+	insinto /etc/${PN}
+	# Purposefully omitting the examples/ and ssl/ subdirectories. ssl
+	# is redundant with app-misc/ca-certificates and examples will all
+	# be in docs anyway.
+	doins -r doc/conf/{aliases,help}
+	doins doc/conf/*.conf
+	newins doc/conf/examples/example.conf ${PN}.conf
+	keepdir /etc/${PN}/tls
+
+	einstalldocs
+
+	newinitd "${FILESDIR}"/${PN}.initd-r4 ${PN}
+	newconfd "${FILESDIR}"/${PN}.confd-r5 ${PN}
+
+	# config should be read-only
+	fperms -R 0640 /etc/${PN}
+	fperms 0750 /etc/${PN}{,/aliases,/help}
+	fperms 0750 /etc/${PN}/tls
+	# state is editable but not owned by unrealircd directly
+	fperms 0770 /var/log/${PN}
+	fperms 0770 /var/lib/${PN}{,/tmp}
+	fowners -R root:unrealircd /{etc,var/{lib,log}}/${PN}
+
+	# By default looks in /etc/unrealircd/ssl/curl-ca-bundle.crt. Fix
+	# that to look for ca-certificates-provided file instead. %s is
+	# CONFDIR. #618066
+	dosym ../../ssl/certs/ca-certificates.crt /etc/${PN}/tls/curl-ca-bundle.crt
+
+	systemd_dounit "${FILESDIR}"/${PN}.service
+}
+
+pkg_postinst() {
+	tmpfiles_process unrealircd.conf
+
+	# Move docert call from src_install() to install_cert in pkg_postinst for
+	# bug #201682
+	if [[ ! -f "${EROOT}"/etc/${PN}/tls/server.cert.key ]]; then
+		if [[ -f "${EROOT}"/etc/${PN}/ssl/server.cert.key ]]; then
+			ewarn "The location ${PN} looks for SSL certificates has changed"
+			ewarn "from ${EROOT}/etc/${PN}/ssl to ${EROOT}/etc/${PN}/tls."
+			ewarn "Please move your existing certificates."
+		else
+			(
+				umask 0037
+				install_cert /etc/${PN}/tls/server.cert
+				chown unrealircd "${EROOT}"/etc/${PN}/tls/server.cert.*
+				ln -snf server.cert.key "${EROOT}"/etc/${PN}/tls/server.key.pem
+			)
+		fi
+	fi
+
+	local unrealircd_conf="${EROOT}"/etc/${PN}/${PN}.conf
+	# Fix up the default cloak keys.
+	if grep -qe '"and another one";$' "${unrealircd_conf}" && grep -qe '"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";$' "${unrealircd_conf}"; then
+		ebegin "Generating cloak-keys"
+		local keys=(
+			$(su ${PN} -s "${EPREFIX}"/bin/sh -c "${PN} -k 2>&1 | tail -n 6 | head -n 3")
+		)
+		[[ -n ${keys[0]} || -n ${keys[1]} || -n ${keys[2]} ]]
+		eend $?
+
+		ebegin "Substituting cloak-keys into ${unrealircd_conf}"
+		sed -i \
+			-e '/cloak-keys/ {
+n
+s/"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";/'${keys[0]}'/
+n
+s/"and another one";/'${keys[1]}'/
+n
+s/"and another one";/'${keys[2]}'/
+}' \
+			"${unrealircd_conf}"
+		eend $?
+	fi
+
+	elog "UnrealIRCd will not run until you've set up ${EROOT}/etc/unrealircd/unrealircd.conf"
+	elog
+	elog "You can also configure ${PN} start at boot with rc-update(1)."
+	elog "It is recommended to run unrealircd as an unprivileged user."
+	elog "The provided init.d script does this for you."
+}