diff options
author | Peter Volkov <pva@gentoo.org> | 2011-06-14 11:42:16 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2011-06-14 11:42:16 +0000 |
commit | fd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0 (patch) | |
tree | cba0e122e8bcaa6e343f23e28caffc9702986d98 /net-im/ejabberd | |
parent | Added missed mkfontdir to DEPEND, bug #371231 thank Piotr Szymaniak for report. (diff) | |
download | gentoo-2-fd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0.tar.gz gentoo-2-fd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0.tar.bz2 gentoo-2-fd1a6ab2ed8b19d4941fa9a224ab12bfa2672da0.zip |
Version bump, fixes security bug #370201 thank Federico Cuello for report. Fix permissions of ssl certificate, but #369809 thank Gavin Pryke for the patch.
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Diffstat (limited to 'net-im/ejabberd')
-rw-r--r-- | net-im/ejabberd/ChangeLog | 9 | ||||
-rw-r--r-- | net-im/ejabberd/ejabberd-2.1.8.ebuild | 214 |
2 files changed, 222 insertions, 1 deletions
diff --git a/net-im/ejabberd/ChangeLog b/net-im/ejabberd/ChangeLog index 796c276bc357..d27ff42185ac 100644 --- a/net-im/ejabberd/ChangeLog +++ b/net-im/ejabberd/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-im/ejabberd # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-im/ejabberd/ChangeLog,v 1.93 2011/03/25 11:18:22 tomka Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-im/ejabberd/ChangeLog,v 1.94 2011/06/14 11:42:16 pva Exp $ + +*ejabberd-2.1.8 (14 Jun 2011) + + 14 Jun 2011; Peter Volkov <pva@gentoo.org> +ejabberd-2.1.8.ebuild: + Version bump, fixes security bug #370201 thank Federico Cuello for report. + Fix permissions of ssl certificate, but #369809 thank Gavin Pryke for the + patch. 25 Mar 2011; Thomas Kahle <tomka@gentoo.org> ejabberd-2.1.6.ebuild: x86 stable per bug 359961 diff --git a/net-im/ejabberd/ejabberd-2.1.8.ebuild b/net-im/ejabberd/ejabberd-2.1.8.ebuild new file mode 100644 index 000000000000..5258d77b1145 --- /dev/null +++ b/net-im/ejabberd/ejabberd-2.1.8.ebuild @@ -0,0 +1,214 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-im/ejabberd/ejabberd-2.1.8.ebuild,v 1.1 2011/06/14 11:42:16 pva Exp $ + +EAPI=4 + +inherit eutils multilib pam ssl-cert + +DESCRIPTION="The Erlang Jabber Daemon" +HOMEPAGE="http://www.ejabberd.im/" +SRC_URI="http://www.process-one.net/downloads/${PN}/${PV}/${P}.tar.gz + mod_statsdx? ( mirror://gentoo/ejabberd-mod_statsdx-1080.patch.gz )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ia64 ~ppc ~sparc ~x86" +EJABBERD_MODULES="mod_irc mod_muc mod_proxy65 mod_pubsub mod_statsdx" +IUSE="captcha debug ldap odbc pam +web zlib ${EJABBERD_MODULES}" + +DEPEND=">=net-im/jabber-base-0.01 + >=dev-libs/expat-1.95 + >=dev-lang/erlang-12.2.5[ssl] + odbc? ( dev-db/unixODBC ) + ldap? ( =net-nds/openldap-2* ) + >=dev-libs/openssl-0.9.8e + captcha? ( media-gfx/imagemagick[truetype,png] ) + zlib? ( sys-libs/zlib )" +#>=sys-apps/shadow-4.1.4.2-r3 - fixes bug in su that made ejabberdctl unworkable. +RDEPEND="${DEPEND} + >=sys-apps/shadow-4.1.4.2-r3 + pam? ( virtual/pam )" + +S=${WORKDIR}/${P}/src + +# paths in net-im/jabber-base +JABBER_ETC="${EPREFIX}/etc/jabber" +#JABBER_RUN="/var/run/jabber" +JABBER_SPOOL="${EPREFIX}/var/spool/jabber" +JABBER_LOG="${EPREFIX}/var/log/jabber" +JABBER_DOC="${EPREFIX}/usr/share/doc/${PF}" + +src_prepare() { + if use mod_statsdx; then + ewarn "mod_statsdx is not a part of upstream tarball but is a third-party module" + ewarn "taken from here: http://www.ejabberd.im/mod_stats2file" + epatch "${WORKDIR}/2.1.1-mod_statsdx.patch" + fi + + # don't install release notes (we'll do this manually) + sed '/install .* [.][.]\/doc\/[*][.]txt $(DOCDIR)/d' -i Makefile.in || die + # Set correct paths + sed -e "/^EJABBERDDIR[[:space:]]*=/{s:ejabberd:${PF}:}" \ + -e "/^ETCDIR[[:space:]]*=/{s:@sysconfdir@/ejabberd:${JABBER_ETC}:}" \ + -e "/^LOGDIR[[:space:]]*=/{s:@localstatedir@/log/ejabberd:${JABBER_LOG}:}" \ + -e "/^SPOOLDIR[[:space:]]*=/{s:@localstatedir@/lib/ejabberd:${JABBER_SPOOL}:}" \ + -i Makefile.in || die + sed -e "/EJABBERDDIR=/{s:ejabberd:${PF}:}" \ + -e "s|\(ETCDIR=\)@SYSCONFDIR@.*|\1${JABBER_ETC}|" \ + -e "s|\(LOGS_DIR=\)@LOCALSTATEDIR@.*|\1${JABBER_LOG}|" \ + -e "s|\(SPOOLDIR=\)@LOCALSTATEDIR@.*|\1${JABBER_SPOOL}|" \ + -i ejabberdctl.template || die + + # Set shell, so it'll work even in case jabber user have no shell + # This is gentoo specific I guess since other distributions may have + # ejabberd user with reall shell, while we share this user among different + # jabberd implementations. + sed '/^HOME/aSHELL=/bin/sh' -i ejabberdctl.template || die + sed '/^export HOME/aexport SHELL' -i ejabberdctl.template || die + + #sed -e "s:/share/doc/ejabberd/:${JABBER_DOC}:" -i web/ejabberd_web_admin.erl + + # fix up the ssl cert paths in ejabberd.cfg to use our cert + sed -e "s:/path/to/ssl.pem:/etc/ssl/ejabberd/server.pem:g" \ + -i ejabberd.cfg.example || die "Failed sed ejabberd.cfg.example" + + # correct path to captcha script in default ejabberd.cfg + sed -e 's|\({captcha_cmd,[[:space:]]*"\).\+"}|\1/usr/'$(get_libdir)'/erlang/lib/'${P}'/priv/bin/captcha.sh"}|' \ + -i ejabberd.cfg.example || die "Failed sed ejabberd.cfg.example" + + # disable mod_irc in ejabberd.cfg + if ! use mod_irc; then + sed -i -e "s/{mod_irc,/%{mod_irc,/" \ + -i ejabberd.cfg.example || die "Failed to disable mod_irc" + fi + +} + +src_configure() { + econf \ + --docdir="${EPREFIX}/usr/share/doc/${PF}/html" \ + --libdir="${EPREFIX}/usr/$(get_libdir)/erlang/lib/" \ + $(use_enable mod_irc) \ + $(use_enable ldap eldap) \ + $(use_enable mod_muc) \ + $(use_enable mod_proxy65) \ + $(use_enable mod_pubsub) \ + $(use_enable web) \ + $(use_enable odbc) \ + $(use_enable zlib ejabberd_zlib) \ + $(use_enable pam) \ + --enable-user=jabber +} + +src_compile() { + emake $(use debug && echo debug=true ejabberd_debug=true) || die "compiling ejabberd core failed" +} + +src_install() { + emake DESTDIR="${ED}" install || die "install failed" + + # Pam helper module permissions + # http://www.process-one.net/docs/ejabberd/guide_en.html + if use pam; then + pamd_mimic_system xmpp auth account || die "Cannot create pam.d file" + fowners root:jabber "/usr/$(get_libdir)/erlang/lib/${PF}/priv/bin/epam" || die + fperms 4750 "/usr/$(get_libdir)/erlang/lib/${PF}/priv/bin/epam" || die "Cannot adjust epam permissions" + fi + + cd "${WORKDIR}/${P}/doc" + dodoc "release_notes_${PV%%_rc*}.txt" || die + + #dodir /var/lib/ejabberd + newinitd "${FILESDIR}/${PN}-3.initd" ${PN} || die "Cannot install init.d script" + newconfd "${FILESDIR}/${PN}-3.confd" ${PN} || die "Cannot install conf.d file" +} + +pkg_postinst() { + elog "For configuration instructions, please see" + elog "/usr/share/doc/${PF}/html/guide.html, or the online version at" + elog "http://www.process-one.net/en/ejabberd/docs/guide_en/" + + if ! use web ; then + ewarn + ewarn "The web USE flag is off, this has disabled the web admin interface." + ewarn + fi + + elog + elog '====================================================================' + elog 'Quick Start Guide:' + elog '1) Add output of `hostname -f` to /etc/jabber/ejabberd.cfg line 91' + elog ' {hosts, ["localhost", "thehost"]}.' + elog '2) Add an admin user to /etc/jabber/ejabberd.cfg line 360' + elog ' {acl, admin, {user, "theadmin", "thehost"}}.' + elog '3) Start the server' + elog ' # /etc/init.d/ejabberd start' + elog '4) Register the admin user' + elog ' # /usr/sbin/ejabberdctl register theadmin thehost thepassword' + elog '5) Log in with your favourite jabber client or using the web admin' + + # Upgrading from ejabberd-2.0.x: + if grep -E '^[^#]*EJABBERD_NODE=' "${EROOT}/etc/conf.d/ejabberd" >/dev/null 2>&1; then + source "${EROOT}/etc/conf.d/ejabberd" + ewarn + ewarn "!!! WARNING !!! WARNING !!! WARNING !!! WARNING !!!" + ewarn "Starting with 2.1.x some paths and configuration files were" + ewarn "changed to reflect upstream intentions better. Notable changes are:" + ewarn + ewarn "1. Everything (even init scripts) is now handled with ejabberdctl script." + ewarn "Thus main configuration file became /etc/jabberd/ejabberdctl.cfg" + ewarn "You must update ERLANG_NODE there with the value of EJABBERD_NODE" + ewarn "from /etc/conf.d/ejebberd or ejabberd will refuse to start." + ewarn + ewarn "2. SSL certificate is now generated with ssl-cert eclass and resides" + ewarn "at standard location: /etc/ssl/ejabberd/server.pem." + ewarn + ewarn "3. Cookie now resides at /var/spool/jabber/.erlang.cookie" + ewarn + ewarn "4. /var/log/jabber/sasl.log is now /var/log/jabber/erlang.log" + ewarn + ewarn "5. Crash dumps (if any) will be located at /var/log/jabber" + + local i ctlcfg new_ctlcfg + i=0 + ctlcfg=${EROOT}/etc/jabber/ejabberdctl.cfg + while :; do + new_ctlcfg=$(printf "${EROOT}/etc/jabber/._cfg%04d_ejabberdctl.cfg" ${i}) + [[ ! -e ${new_ctlcfg} ]] && break + ctlcfg=${new_ctlcfg} + ((i++)) + done + + ewarn + ewarn "Updating ${ctlcfg} (debug: ${new_ctlcfg})" + sed -e "/#ERLANG_NODE=/aERLANG_NODE=$EJABBERD_NODE" "${ctlcfg}" > "${new_ctlcfg}" || die + + if [[ -e ${EROOT}/var/run/jabber/.erlang.cookie ]]; then + ewarn "Moving .erlang.cookie..." + if [[ -e ${EROOT}/var/spool/jabber/.erlang.cookie ]]; then + mv -v "${EROOT}"/var/spool/jabber/.erlang.cookie{,bak} + fi + mv -v "${EROOT}"/var/{run/jabber,spool/jabber}/.erlang.cookie + fi + ewarn + ewarn "We'll try to handle upgrade automagically but, please, do your" + ewarn "own checks and do not forget to run 'etc-update'!" + ewarn "PLEASE! Run 'etc-update' now!" + fi + + SSL_ORGANIZATION="${SSL_ORGANIZATION:-Ejabberd XMPP Server}" + install_cert /etc/ssl/ejabberd/server + # Fix ssl cert permissions bug #369809 + chown root:jabber "${EROOT}/etc/ssl/ejabberd/server.pem" + chmod 0440 "${EROOT}/etc/ssl/ejabberd/server.pem" + if [[ -e ${EROOT}/etc/jabber/ssl.pem ]]; then + ewarn + ewarn "The location of SSL certificates has changed. If you are" + ewarn "upgrading from ${CATEGORY}/${PN}-2.0.5* or earlier you might" + ewarn "want to move your old certificates from /etc/jabber into" + ewarn "/etc/ssl/ejabberd/, update config files and" + ewarn "rm /etc/jabber/ssl.pem to avoid this message." + ewarn + fi +} |