net-analyzer/nrpe: new revision to eliminate PID files with systemd.

The NRPE systemd service is "simple," which means that it runs in the
foreground. As a result, no PID file is needed to later kill it.
Nevertheless, the systemd service file that ships with NRPE tries to
create one. And in order to do that, it messes with some permissions
(Gentoo bug 648992) that shouldn't be messed with. This commit adds a
patch to remove the PID file from the service.

A related problem that this revision fixes is the automagic detection
of the operating system, distribution, and init system by the NRPE
autotools. The new revision hard-codes all of these to "unknown,"
which should result in behavior that is consistent across machines. In
particular, it should cause the problematic tmpfiles.d entry
(associated with the PID file) to not be installed.

Bug: https://bugs.gentoo.org/648992
Package-Manager: Portage-2.3.49, Repoman-2.3.10
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

2 files changed, 127 insertions, 0 deletions

diff --git a/net-analyzer/nrpe/files/nrpe-3.2.1-eliminate-systemd-pid.patch b/net-analyzer/nrpe/files/nrpe-3.2.1-eliminate-systemd-pid.patch
new file mode 100644
index 000000000000..6ee520dfa69d
--- /dev/null
+++ b/net-analyzer/nrpe/files/nrpe-3.2.1-eliminate-systemd-pid.patch
@@ -0,0 +1,38 @@
+From c4ad513294e8db25ebaf25127948cce37c13e1b2 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 29 Sep 2018 20:23:53 -0400
+Subject: [PATCH 1/1] startup/default-service.in: remove PIDFile and
+ ExecStopPost lines.
+
+The nrpe systemd service is a "simple" service, which means that it
+runs in the foreground and doesn't need any PID file tracking to begin
+with. The tmpfiles.d entry associated with the PID file is causing
+problems in Gentoo bug 648992, and so as a prerequisite for deleting
+it, this commit eliminates the PID file.
+
+Bug: https://bugs.gentoo.org/648992
+Bug: https://github.com/NagiosEnterprises/nrpe/issues/188
+---
+ startup/default-service.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/startup/default-service.in b/startup/default-service.in
+index b6c6063..110a0cd 100644
+--- a/startup/default-service.in
++++ b/startup/default-service.in
+@@ -11,12 +11,10 @@ WantedBy=multi-user.target
+ [Service]
+ Type=simple
+ Restart=on-abort
+-PIDFile=@piddir@/nrpe.pid
+ RuntimeDirectory=nrpe
+ RuntimeDirectoryMode=0755
+ ExecStart=@sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f
+ ExecReload=/bin/kill -HUP $MAINPID
+-ExecStopPost=/bin/rm -f @piddir@/nrpe.pid
+ TimeoutStopSec=60
+ User=@nrpe_user@
+ Group=@nrpe_group@
+-- 
+2.16.4
+
diff --git a/net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild b/net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild
new file mode 100644
index 000000000000..af8c100f0f30
--- /dev/null
+++ b/net-analyzer/nrpe/nrpe-3.2.1-r1.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit systemd user
+
+DESCRIPTION="Nagios Remote Plugin Executor"
+HOMEPAGE="https://github.com/NagiosEnterprises/nrpe"
+SRC_URI="${HOMEPAGE}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="command-args libressl selinux ssl"
+
+DEPEND="sys-apps/tcp-wrappers
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)"
+RDEPEND="${DEPEND}
+	|| ( net-analyzer/nagios-plugins net-analyzer/monitoring-plugins )
+	selinux? ( sec-policy/selinux-nagios )"
+
+PATCHES=( "${FILESDIR}/nrpe-3.2.1-eliminate-systemd-pid.patch" )
+
+pkg_setup() {
+	enewgroup nagios
+	enewuser nagios -1 /bin/bash /var/nagios/home nagios
+}
+
+src_configure() {
+	# The configure script tries to detect what OS, distribution, and
+	# init system you're running and changes the build/install process
+	# depending on what it comes up with. We specify fixed values
+	# because we don't want it guessing, for example, whether or not
+	# to install the tmpfiles.d entry based on whether or not systemd
+	# is currently running (OpenRC uses them too).
+	econf \
+		--libexecdir=/usr/$(get_libdir)/nagios/plugins \
+		--localstatedir=/var/nagios \
+		--sysconfdir=/etc/nagios \
+		--with-nrpe-user=nagios \
+		--with-nrpe-group=nagios \
+		--with-piddir=/run \
+		--with-opsys=unknown \
+		--with-dist-type=unknown \
+		--with-init-type=unknown \
+		--with-inetd-type=unknown \
+		$(use_enable command-args) \
+		$(use_enable ssl)
+}
+
+src_compile() {
+	emake all
+}
+
+src_install() {
+	default
+
+	dodoc CHANGELOG.md SECURITY.md
+	insinto /etc/nagios
+	newins sample-config/nrpe.cfg nrpe.cfg
+	fowners root:nagios /etc/nagios/nrpe.cfg
+	fperms 0640 /etc/nagios/nrpe.cfg
+
+	newinitd "startup/openrc-init" nrpe
+	newconfd "startup/openrc-conf" nrpe
+	systemd_newunit "startup/default-service" "${PN}.service"
+
+	insinto /etc/xinetd.d/
+	newins "${FILESDIR}/nrpe.xinetd.2" nrpe
+
+	rm "${D}/usr/bin/nrpe-uninstall" || die 'failed to remove uninstall tool'
+}
+
+pkg_postinst(){
+	elog 'Some users have reported incompatibilities between nrpe-2.x and'
+	elog 'nrpe-3.x. We recommend that you use the same major version for'
+	elog 'both your server and clients.'
+
+	if use command-args ; then
+		ewarn ''
+		ewarn 'You have enabled command-args for NRPE. That lets clients'
+		ewarn 'supply arguments to the commands that are run, and IS A'
+		ewarn 'SECURITY RISK!'
+		ewarn''
+	fi
+}