diff options
author | Michael Orlitzky <mjo@gentoo.org> | 2017-11-02 13:08:14 -0400 |
---|---|---|
committer | Michael Orlitzky <mjo@gentoo.org> | 2017-11-04 19:37:20 -0400 |
commit | 184ae2c637ba60cd8f65d33c9098a2f4a079b4dc (patch) | |
tree | 0fb6652493df8fad58409b7a4c9e950e7e553c3a /net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild | |
parent | net-analyzer/pnp4nagios: new revision to fix nagios/icinga "or" dependency. (diff) | |
download | gentoo-184ae2c637ba60cd8f65d33c9098a2f4a079b4dc.tar.gz gentoo-184ae2c637ba60cd8f65d33c9098a2f4a079b4dc.tar.bz2 gentoo-184ae2c637ba60cd8f65d33c9098a2f4a079b4dc.zip |
net-analyzer/pnp4nagios: new revision with a better fix for CVE-2012-3457.
In CVE-2012-3457, it was reported that one particular file should not
be world-readable. To fix that, our ebuild made all of /etc/pnp
unreadable; that made other permissions issues difficult to work
around. This r2 sets o-rwx only on /etc/pnp/process_perfdata.cfg.
Bug: https://bugs.gentoo.org/430358
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Diffstat (limited to 'net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild')
-rw-r--r-- | net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild b/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild new file mode 100644 index 000000000000..818bc3104ffe --- /dev/null +++ b/net-analyzer/pnp4nagios/pnp4nagios-0.6.26-r2.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +DESCRIPTION="A performance data analyzer for nagios" +HOMEPAGE="http://www.pnp4nagios.org/" +SRC_URI="mirror://sourceforge/${PN}/PNP-0.6/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +IUSE="apache2 icinga icinga2 +nagios" +KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86" + +REQUIRED_USE="^^ ( icinga icinga2 nagios )" + +# Some things (sync mode, for one) are broken with nagios-4.x, but since +# nagios-3.x has been end-of-life'd, we don't have much choice here but +# to accept it. +DEPEND=" + dev-lang/php:*[filter,gd,json,simplexml,xml,zlib] + >=net-analyzer/rrdtool-1.2[graph,perl] + icinga? ( net-analyzer/icinga ) + icinga2? ( net-analyzer/icinga2 ) + nagios? ( net-analyzer/nagios-core )" + +# A list of modules used in our Apache config file. +APACHE_MODS="apache2_modules_alias," # "Alias" directive +APACHE_MODS+="apache2_modules_authz_core," # "Require" directive +APACHE_MODS+="apache2_modules_rewrite" # "RewriteEngine" and friends + +RDEPEND="${DEPEND} + virtual/perl-Getopt-Long + virtual/perl-Time-HiRes + media-fonts/dejavu + apache2? ( >=www-servers/apache-2.4[${APACHE_MODS}] )" + +PATCHES=( "${FILESDIR}/${PN}-0.6.14-makefile.patch" ) + +src_configure() { + local var_dir user_group + + if use icinga; then + var_dir=/var/lib/icinga + user_group=icinga + elif use icinga2; then + var_dir=/var/lib/icinga2 + user_group=icinga + else + # Thanks to REQUIRED_USE, "use nagios" is the only other case. + var_dir=/var/nagios + user_group=nagios + fi + + econf \ + --sysconfdir="${EPREFIX}"/etc/pnp \ + --datarootdir="${EPREFIX}"/usr/share/pnp \ + --with-perfdata-dir="${EPREFIX}"${var_dir}/perfdata \ + --with-nagios-user=${user_group} \ + --with-nagios-group=${user_group} \ + --with-perfdata-logfile="${EPREFIX}"${var_dir}/perfdata.log \ + --with-perfdata-spool-dir="${EPREFIX}"/var/spool/pnp +} + +src_compile() { + # The default target just shows a help + emake all +} + +src_install() { + emake DESTDIR="${D}" install install-config + einstalldocs + newinitd "${FILESDIR}"/npcd.initd npcd + rm "${ED%/}/usr/share/pnp/install.php" || \ + die "unable to remove ${ED%/}/usr/share/pnp/install.php" + + # Fix CVE-2012-3457 (Gentoo bug 430358) + fperms o-rwx /etc/pnp/process_perfdata.cfg + + if use apache2 ; then + insinto "${APACHE_MODULES_CONFDIR}" + newins "${FILESDIR}"/98_pnp4nagios-2.4.conf 98_pnp4nagios.conf + + # This one file isn't world-readable, but it should be group- + # readable. Give it to the "apache" group to let the web + # server read it. + fowners :apache /etc/pnp/process_perfdata.cfg + fi +} + +pkg_postinst() { + elog "To enable the pnp4nagios web front-end, please visit" + elog "${EROOT%/}/etc/conf.d/apache2 and add \"-D PNP -D PHP5\"" + elog "to APACHE2_OPTS. Then pnp4nagios will be available at," + elog + elog " http://localhost/pnp4nagios" + elog +} |