From 6abbf81ef2f298e3221ff5e67a1f3c5f23958212 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 14 Dec 2020 13:26:14 +0000 Subject: gentoo resync : 14.12.2020 --- net-misc/frr/Manifest | 6 + net-misc/frr/files/frr-7.5-ipctl-forwarding.patch | 22 ++ net-misc/frr/files/frr-openrc-v1 | 300 ++++++++++++++++++++++ net-misc/frr/files/frr.pam | 26 ++ net-misc/frr/frr-7.5.ebuild | 150 +++++++++++ net-misc/frr/metadata.xml | 28 ++ 6 files changed, 532 insertions(+) create mode 100644 net-misc/frr/Manifest create mode 100644 net-misc/frr/files/frr-7.5-ipctl-forwarding.patch create mode 100644 net-misc/frr/files/frr-openrc-v1 create mode 100644 net-misc/frr/files/frr.pam create mode 100644 net-misc/frr/frr-7.5.ebuild create mode 100644 net-misc/frr/metadata.xml (limited to 'net-misc/frr') diff --git a/net-misc/frr/Manifest b/net-misc/frr/Manifest new file mode 100644 index 000000000000..9bd543432ae4 --- /dev/null +++ b/net-misc/frr/Manifest @@ -0,0 +1,6 @@ +AUX frr-7.5-ipctl-forwarding.patch 731 BLAKE2B 9c97d7fdc7b7facb59a73f4b693c285ebd91cb0ba8f7fea0ef49d5eddd8660100315ca7d74ece8d553cdd8ad79a9a0b1a4c173c6dedf90e0be2bdc72d948b2be SHA512 56bdeb8a1f350fea3ad8ed0cdba28964b00384878853e584746d8ce80c6f9ea5ca5adc4539e314f7fd82203c08d5f2ce6adeec61dac9a7a28282131d0d371447 +AUX frr-openrc-v1 7068 BLAKE2B c790c783ea9c289110b1e85aa23a1adccba36122524cde36798f26c31f82e5381eefb3e5e16b497e84a5aa2faf5bf1f59d12fe8f9b7b3c5d0f504c26ce13fb86 SHA512 34e371bb9bb34e494536091a811084d543c18b302489ce0a56ec3e69c805c22d84d7a928e24e17eba5d4fe6d4e33ac847060da95ded5a02975ba2a2e5a568243 +AUX frr.pam 969 BLAKE2B 227dc91f51fab504229fa5489486fed1aa393d33c024849724ea3fb934e3fd78ee6c9147240133d458ec52021f13e8a27a2d8a0b4625415007c4595222b815ee SHA512 9a169d58232eba7481aee83d92b4e104b6c4ca95e5b31befe29117fbcebc187ad87c061f37ec7c571ff5702101a329ae0c113cf714e2d0dcd39ca4212734a9ed +DIST frr-7.5.tar.gz 6730659 BLAKE2B 12c915e7564b8f0157b20b0714b1efd8c2ad0c51dbaeb1eb3ef2d5ea50406c297d7f4bd854d9246b515d42f3fa326b2b3c7a30d83f35b64c374947b26709f6fe SHA512 d0d3c0bc0d30e2ebb93e20906768a996d21db23b23118c8e3c50d238e7bfdee7a789b4a90c9d7dbdc842d857f60bd44f0922b01b0c2c8b289ac860f008a430a9 +EBUILD frr-7.5.ebuild 3371 BLAKE2B 4540d279f5b9816cd9abfe404928d335e6792df572e154a10302d53fb661892ea068c04ab160c841d7d6b8a3faa2de3bf39e6acfac50816c9d787a1f7dddd83c SHA512 fbe577b9cacd4e29ced2c035c3d26d627c2cd969c110717577cec59371fcd3f4de84879a49b45f84b422c28c7bf150fd1cfb1ded85580f1f8cc6ce7195128dde +MISC metadata.xml 701 BLAKE2B 69812cc3ccd29487acd06afe28dbc936c671ee20741790045e39546720c1745311cae6dbba2bf612311e7ae27a708039006f0f92f04f512b724d291ebb33398a SHA512 4979d8ec46e7a874f9cff76f5b06b98692db749764d649bcbd8a06a51265cacdd466004ca4b7c5f7cabc7a4969908eb4840da2b85fd1dde3ee19815819b4a66a diff --git a/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch b/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch new file mode 100644 index 000000000000..f6b726b591f7 --- /dev/null +++ b/net-misc/frr/files/frr-7.5-ipctl-forwarding.patch @@ -0,0 +1,22 @@ +Fix for missing definitions on some Hardened configurations +Gentoo bug: https://bugs.gentoo.org/show_bug.cgi?id=437292 + +diff -Naur quagga-0.99.16.orig/zebra/ipforward_sysctl.c quagga-0.99.16/zebra/ipforward_sysctl.c +--- quagga-0.99.16.orig/zebra/ipforward_sysctl.c 2010-03-11 12:11:32.000000000 -0500 ++++ quagga-0.99.16/zebra/ipforward_sysctl.c 2010-03-11 12:11:39.000000000 -0500 +@@ -31,6 +31,15 @@ + + #define MIB_SIZ 4 + ++/* Fix for recent (2.6.14) kernel headers */ ++#ifndef IPCTL_FORWARDING ++ #define IPCTL_FORWARDING NET_IPV4_FORWARD ++#endif ++ ++#ifndef IP6CTL_FORWARDING ++ #define IP6CTL_FORWARDING NET_IPV6_FORWARDING ++#endif ++ + extern struct zebra_privs_t zserv_privs; + + /* IPv4 forwarding control MIB. */ diff --git a/net-misc/frr/files/frr-openrc-v1 b/net-misc/frr/files/frr-openrc-v1 new file mode 100644 index 000000000000..9e2f1ab914fd --- /dev/null +++ b/net-misc/frr/files/frr-openrc-v1 @@ -0,0 +1,300 @@ +#!/sbin/openrc-run +# +# FRR OpenRC init script. +# +# Copyright (C) 2020 Rafael F. Zalamena +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; only version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +description="FRR initialization script." + +# FRR variables. +frr_dir="/usr/lib/frr" +frr_state_dir="/run/frr" +config_file="/etc/frr/frr.conf" +daemon_file="/etc/frr/daemons" +daemon_db="/run/frrdb" +vty_config_file="/etc/frr/vtysh.conf" +frr_reload="$frr_dir/frr-reload.py" +frr_reload_log="$frr_state_dir/reload.log" + +# Don't change profile here, use $daemon_file. This is the default. +frr_profile="traditional" + +# watchfrr variables. +watchfrr_daemons='' +watchfrr_pidfile="$frr_state_dir/watchfrr.pid" + +# +# Helpers. +# +_check_daemon_binary() { + local daemon=$1 + + [ -x "$frr_dir/$daemon" ] && return 0 + + eerror "No binary found for $daemon in $frr_dir" + return 1 +} + +_load_daemon_list() { + # Load FRR daemons configuration file. + while read line <&3 ; do + case $line in + ""|"#"*) + # Skip empty/commented lines. + continue + ;; + + *d=*|*_instances=*|*_options=*|*_wrap=*) + # Load daemon options. + eval "$line" + ;; + + MAX_FDS=*|frr_profile=*|vtysh_enable=*) + # Load misc configuration. + eval "$line" + ;; + esac + done 3< $daemon_file + + # `zebra` and `staticd` are mandatory. + _check_daemon_binary 'zebra' || return 1 + _check_daemon_binary 'staticd' || return 1 + watchfrr_daemons='zebra staticd' + + # Create the watchfrr command line. + for daemon in \ + babeld bfdd bgpd eigrpd fabricd isisd ldpd nhrpd ospfd ospf6d pbrd \ + pimd ripd ripngd sharpd vrrpd \ + ; do + # Trick to read variable name with variable. + cdaemon=$(eval echo \$$daemon) + cdaemon_instances=$(eval echo \$${daemon}_instances) + + # Add daemon to command line if specified. + if [ ! -z $cdaemon ] && [ $cdaemon = 'yes' ]; then + _check_daemon_binary $daemon || return 1 + + # Multi instance daemon handling. + if [ ! -z $cdaemon_instances ]; then + for instance in $(echo $cdaemon_instances | tr ',' ' '); do + watchfrr_daemons="$watchfrr_daemons $daemon-$instance" + done + fi + + # Single instance daemon handling. + watchfrr_daemons="$watchfrr_daemons $daemon" + continue + fi + done +} + +_frr_start() { + # Apply MAX_FDS configuration if set. + if [ ! -z $MAX_FDS ]; then + veinfo " Setting maximum file descriptors to ${MAX_FDS}" + ulimit -n $MAX_FDS >/dev/null 2>/dev/null + fi + + # Save started daemons to state database. + rm -f -- $daemon_db + for daemon in $watchfrr_daemons; do + echo $daemon >> $daemon_db + veinfo " Starting $daemon..." + done + + veinfo " Starting watchfrr..." + + # Start watchfrr which will start all configured daemons. + eval $all_wrap $frr_dir/watchfrr -d -F $frr_profile $watchfrr_daemons + + veinfo " Loading configuration..." + + # After starting the daemons, lets load the configuration. + if [ $vtysh_enable = 'yes' ]; then + vtysh -b -n + else + veinfo " Configuration loading disabled (vtysh_enable=$vtysh_enable)" + fi +} + +_get_pid() { + local daemon=$1 + local pid_file="$frr_state_dir/$daemon.pid" + + # Test for file existence. + if [ ! -r "$pid_file" ]; then + eerror "Failed to find or read $daemon pid file" + return 1 + fi + + # Get PID if any. + pid=$(cat $pid_file) + if [ -z $pid ]; then + eerror "$daemon PID file empty" + return 1 + fi + + return 0 +} + +_stop_daemon() { + local daemon=$1 + local pid_file="$frr_state_dir/$daemon.pid" + + # Get daemon pid. + _get_pid $daemon + + # Ask daemon to quit. + kill -2 "$pid" + + # Test if daemon is still running. + attempts=1200 + while kill -0 "$pid" 2>/dev/null; do + sleep 0.5 + [ $((attempts - 1)) -gt 0 ] || break + done + + # Tell user about our situation. + if kill -0 "$pid" 2>/dev/null ; then + eerror "Failed to stop $daemon (PID=${pid})" + return 1 + else + rm -f -- $pid_file + fi +} + +_frr_stop() { + local failures=0 + + # Stop watchfrr first so it doesn't restart anyone. + veinfo " Stopping watchfrr..." + _stop_daemon watchfrr || failures=1 + + # Read started daemon database. + while read line <&3 ; do + case $line in + ""|"#"*) + # Skip empty/commented lines. + continue + ;; + + *) + # Get daemon name. + veinfo " Stopping $line..." + _stop_daemon $line || failures=1 + ;; + esac + done 3< $daemon_db + + # Remove daemon database file. + rm -f -- $daemon_db + + return $failures +} + +_check_watchfrr() { + _get_pid watchfrr || return 1 + return 0 +} + +# +# Main. +# +depend() { + # We need root to write logs. + need localmount + # Optionally wait for network to start. + use net + # Expect /run to be ready. + after bootmisc +} + +start_pre() { + # Check configuration file readability. + checkpath -f -m 0640 -o frr:frr $vty_config_file + checkpath -f -m 0640 -o frr:frr $daemon_file + checkpath -f -m 0640 -o frr:frr $config_file + + # Check run state directory. + checkpath -d -o frr $frr_state_dir + + # Load daemon list and peform checks. + _load_daemon_list +} + +start() { + # Load daemon list. + _load_daemon_list + + # Handle restarts. + if [ "$RC_CMD" = 'restart' ]; then + ebegin 'Reloading FRR configuration' + else + ebegin 'Starting FRR' + fi + + # Start FRR. + _frr_start + + # New daemons and watchfrr started, apply new configuration. + if [ "$RC_CMD" = 'restart' ]; then + "$frr_reload" --reload "$config_file" 2>/run/frr/reload.log + [ $? -ne 0 ] && ewarn " Failed to reload (check $frr_reload_log)" + # NOTE: we can't return bad status otherwise OpenRC will think we + # failed to start, lets print a helpful message instead. + fi + + eend 0 +} + +stop() { + local failures=0 + + # Handle restarts. + if [ "$RC_CMD" = 'restart' ]; then + # Load daemon list. + _load_daemon_list + + # We must restart 'watchfrr' in order to start new daemons. + veinfo " Stopping watchfrr..." + _stop_daemon watchfrr + + # Stop daemons that are no longer in configuration file. + for daemon in $(ls -1 /run/frr/*.pid | cut -d '.' -f 1); do + # Filter daemon name. + daemon=$(basename "$daemon") + + # Skip watchfrr. + [ "$daemon" = 'watchfrr' ] && continue + + echo "$watchfrr_daemons" | grep "$daemon" >/dev/null + if [ $? -ne 0 ]; then + veinfo " Stopping $daemon..." + _stop_daemon $daemon + fi + done + + return 0 + fi + + ebegin 'Stopping FRR' + _frr_stop || failures=1 + eend $failures 'some daemons failed to stop' +} + +status() { + _check_watchfrr || return 1 +} diff --git a/net-misc/frr/files/frr.pam b/net-misc/frr/files/frr.pam new file mode 100644 index 000000000000..5cef5d9d746e --- /dev/null +++ b/net-misc/frr/files/frr.pam @@ -0,0 +1,26 @@ +#%PAM-1.0 +# + +##### if running frr as root: +# Only allow root (and possibly wheel) to use this because enable access +# is unrestricted. +auth sufficient pam_rootok.so + +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +########################################################### + +# If using frr privileges and with a seperate group for vty access, then +# access can be controlled via the vty access group, and pam can simply +# check for valid user/password, eg: +# +# only allow local users. +#auth required pam_securetty.so +#auth include system-auth +#auth required pam_nologin.so +#account include system-auth +#password include system-auth +#session include system-auth +#session optional pam_console.so diff --git a/net-misc/frr/frr-7.5.ebuild b/net-misc/frr/frr-7.5.ebuild new file mode 100644 index 000000000000..425a59944037 --- /dev/null +++ b/net-misc/frr/frr-7.5.ebuild @@ -0,0 +1,150 @@ +# Copyright 2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7,8} ) +inherit autotools pam python-single-r1 systemd + +DESCRIPTION="The FRRouting Protocol Suite" +HOMEPAGE="https://frrouting.org/" +SRC_URI="https://github.com/FRRouting/frr/archive/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +IUSE="doc fpm grpc ipv6 kernel_linux nhrp ospfapi pam rpki snmp systemd test" + +COMMON_DEPEND=" + ${PYTHON_DEPS} + acct-user/frr + dev-libs/json-c:0= + >=net-libs/libyang-1.0.184 + sys-libs/libcap + sys-libs/readline:0= + grpc? ( net-libs/grpc ) + nhrp? ( net-dns/c-ares:0= ) + pam? ( sys-libs/pam ) + rpki? ( >=net-libs/rtrlib-0.6.3[ssh] ) + snmp? ( net-analyzer/net-snmp ) +" + +BDEPEND=" + doc? ( dev-python/sphinx ) + sys-devel/flex + virtual/yacc +" + +DEPEND=" + ${COMMON_DEPEND} + test? ( $(python_gen_cond_dep 'dev-python/pytest[${PYTHON_USEDEP}]') ) +" + +RDEPEND=" + ${COMMON_DEPEND} + $(python_gen_cond_dep 'dev-python/ipaddr[${PYTHON_USEDEP}]') + !!net-misc/quagga +" + +PATCHES=( + "${FILESDIR}/${PN}-7.5-ipctl-forwarding.patch" +) + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RESTRICT="!test? ( test )" + +# FRR tarballs have weird format. +S="${WORKDIR}/frr-${P}" + +src_prepare() { + default + + python_fix_shebang tools + eautoreconf +} + +src_configure() { + econf \ + --disable-static \ + --with-pkg-extra-version="-gentoo" \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ + --prefix=/usr \ + --libdir=/usr/lib/frr \ + --sbindir=/usr/lib/frr \ + --libexecdir=/usr/lib/frr \ + --sysconfdir=/etc/frr \ + --localstatedir=/run/frr \ + --with-moduledir=/usr/lib/frr/modules \ + --enable-exampledir=/usr/share/doc/${PF}/samples \ + --enable-user=frr \ + --enable-group=frr \ + --enable-vty-group=frr \ + --enable-multipath=64 \ + $(use_enable doc) \ + $(use_enable fpm) \ + $(use_enable grpc) \ + $(use_enable ipv6 ospf6d) \ + $(use_enable ipv6 ripngd) \ + $(use_enable ipv6 rtadv) \ + $(use_enable kernel_linux realms) \ + $(use_enable nhrp nhrpd) \ + $(usex ospfapi '--enable-ospfclient' '' '' '') \ + $(use_enable rpki) \ + $(use_enable snmp) \ + $(use_enable systemd) +} + +src_compile() { + default + + use doc && (cd doc; make html) +} + +src_install() { + default + find "${D}" -name '*.la' -delete || die + + # Install user documentation if asked + use doc && dodoc -r doc/user/_build/html + + # Create configuration directory with correct permissions + keepdir /etc/frr + fowners frr:frr /etc/frr + fperms 775 /etc/frr + + # Create logs directory with the correct permissions + keepdir /var/log/frr + fowners frr:frr /var/log/frr + fperms 775 /var/log/frr + + # Install the default configuration files + insinto /etc/frr + doins tools/etc/frr/vtysh.conf + doins tools/etc/frr/frr.conf + doins tools/etc/frr/daemons + + # Fix permissions/owners. + fowners frr:frr /etc/frr/vtysh.conf + fowners frr:frr /etc/frr/frr.conf + fowners frr:frr /etc/frr/daemons + fperms 640 /etc/frr/vtysh.conf + fperms 640 /etc/frr/frr.conf + fperms 640 /etc/frr/daemons + + # Install logrotate configuration + insinto /etc/logrotate.d + newins redhat/frr.logrotate frr + + # Install PAM configuration file + use pam && newpamd "${FILESDIR}/frr.pam" frr + + # Install init scripts + systemd_dounit tools/frr.service + newinitd "${FILESDIR}/frr-openrc-v1" frr + + # Conflict files, installed by net-libs/libsmi, bug #758383 + rm "${D}/usr/share/yang/ietf-interfaces.yang" || die +} diff --git a/net-misc/frr/metadata.xml b/net-misc/frr/metadata.xml new file mode 100644 index 000000000000..043dceace198 --- /dev/null +++ b/net-misc/frr/metadata.xml @@ -0,0 +1,28 @@ + + + + + pinkbyte@gentoo.org + Sergey Popov + + + + Enable gRPC plugin + + + Build Next Hop Resolution Protocol daemon + + + Enable Forwarding Plane Manager support + + + Enable RPKI + + + Add support for PAM (via sys-libs/pam) to the Virtual Terminal Interface Shell (vtysh); + + + Build OSPFAPI support + + + -- cgit v1.2.3