system/cfengine: Updated for version 2.2.8

2010-05-11 22:26:30 +02:00 · 2010-05-11 22:26:30 +02:00 · ccd4daa81c
parent 588875632e
commit ccd4daa81c
9 changed files with 206 additions and 64 deletions
--- a/system/cfengine/README
+++ b/system/cfengine/README
@ -5,10 +5,15 @@ at Oslo University College, Norway.

 It is used to implement policy-based configuration management on open systems
 (Unix-like environments) through the interpretation of its own declarative
-language.
+language. It emphasizes an 'immunological' viewpoint, making its modus
+operandi convergence to a stable state.

-It emphasizes an 'immunological' viewpoint, making its modus operandi
-convergence to a stable state.
+Note: Even though an rc file is included, at least an update.conf is needed
+as well. A sample for which is included. For usage intros see:
+
+Cluster Management with GNU cfengine by Mark Burgess
+http://www.ieeetcsc.org/newsletters/2002-01/burgess.html
+
+Automating Security with GNU cfengine by Kirk Bauer
+http://www.linuxjournal.com/article/6848

-Note: Even though an rc file is included, at least an update.conf is
-needed as well (a sample is also included in the package).
--- a/system/cfengine/cfengine.SlackBuild
+++ b/system/cfengine/cfengine.SlackBuild
@ -1,11 +1,14 @@
 #!/bin/sh

 # Slackware build script for Cfengine
+# Written by Menno E. Duursma <druiloor@zonnet.nl>

-# Written by Menno Duursma <druiloor@zonnet.nl>
+# This program is free software. It comes without any warranty.
+# Granted WTFPL, Version 2, as published by Sam Hocevar. See
+# http://sam.zoy.org/wtfpl/COPYING for more details.

 PRGNAM=cfengine
-VERSION=2.2.3
+VERSION=2.2.8
 ARCH=${ARCH:-i486}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
@ -19,6 +22,8 @@ if [ "$ARCH" = "i486" ]; then
  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
 elif [ "$ARCH" = "i686" ]; then
  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
 fi

 set -e # Exit on most errors
@ -30,7 +35,11 @@ rm -rf $PRGNAM-$VERSION
 tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
 cd $PRGNAM-$VERSION
 chown -R root:root .
-chmod -R u+w,go+r-w,a-s .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;

 # The system expects everything to live in /var/cfengine generally
 # Its configuration is maintained in a version control system
@ -44,23 +53,12 @@ CXXFLAGS="$SLKCFLAGS" \
  --datadir=/usr/doc \
  --libdir=/usr/lib \
  --enable-shared=yes \
+  --enable-static=no \
  --with-docs

 make
 make install-strip DESTDIR=$PKG

-# Create the server directory (may not be needed)
-mkdir -p $PKG/var/cfengine/masterfiles
-
-# Include example config files
-mkdir -p $PKG/etc/rc.d
-cat $CWD/rc.cfengine > $PKG/etc/rc.d/rc.cfengine.new
-mkdir -p $PKG/var/cfengine/inputs
-cat $CWD/config/update.conf > $PKG/var/cfengine/inputs/update.conf.new
-cat $CWD/config/cfagent.conf > $PKG/var/cfengine/inputs/cfagent.conf.new
-cat $CWD/config/cfservd.conf > $PKG/var/cfengine/inputs/cfservd.conf.new
-cat $CWD/config/cfrun.hosts > $PKG/var/cfengine/inputs/cfrun.hosts.new
-
 ( cd $PKG/usr/man || exit 1
  find . -type f -exec gzip -9 {} \;
  for i in $(find . -type l) ;
@ -68,27 +66,51 @@ cat $CWD/config/cfrun.hosts > $PKG/var/cfengine/inputs/cfrun.hosts.new
  done
 )

-rm -f $PKG/usr/info/dir
-gzip -9 $PKG/usr/info/*.info*
+# Create basic work dirs
+for dir in bin inputs outputs masterfiles ; do
+  mkdir -p $PKG/var/$PRGNAM/$dir
+done
+
+# Include example start/stop/restart/reload scripts
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.cfengine > $PKG/etc/rc.d/rc.cfengine.new
+cat $CWD/rc.cfenvd > $PKG/etc/rc.d/rc.cfenvd.new
+cat $CWD/rc.cfservd > $PKG/etc/rc.d/rc.cfservd.new
+# Link the cfengine name to execd for compatibility
+( cd $PKG/etc/rc.d ; ln -sf rc.cfengine rc.cfexecd )
+
+# Include example config files
+cat $CWD/config/update.conf > $PKG/var/$PRGNAM/inputs/update.conf.new
+cat $CWD/config/cfagent.conf > $PKG/var/$PRGNAM/inputs/cfagent.conf.new
+cat $CWD/config/cfservd.conf > $PKG/var/$PRGNAM/inputs/cfservd.conf.new
+cat $CWD/config/cfrun.hosts > $PKG/var/$PRGNAM/inputs/cfrun.hosts.new
+
+# Try to be a bit more compatible to some other distros versions
+( cd $PKG/etc
+  ln -sf /var/cfengine/inputs cfengine
+  ln -sf /var/cfengine/inputs cfengine2
+  cd $PKG/var ; ln -sf cfengine cfengine2
+)
+
+# Following link is for backwards compatibility
+mkdir -p $PKG/var/$PRGNAM/bin
+( cd $PKG/var/cfengine/bin ; ln -sf /usr/sbin/cfagent . )

 # Put docs in the versioned directory
 mv $PKG/usr/doc/$PRGNAM $PKG/usr/doc/$PRGNAM-$VERSION

 cp -a [A-Z][A-Z]* ChangeLog $PKG/usr/doc/$PRGNAM-$VERSION
 cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
-cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.SBo
+cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README$TAG
 find $PKG/usr/doc/$PRGNAM-$VERSION -type f -exec chmod 644 {} \;

+# Compress info pages and remove the package's dir file
+rm -f $PKG/usr/info/dir
+gzip -9 $PKG/usr/info/*.info*
+
 mkdir -p $PKG/install
 cat $CWD/slack-desc > $PKG/install/slack-desc
 cat $CWD/doinst.sh > $PKG/install/doinst.sh

 cd $PKG
 /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
-
-# Clean up the extra stuff
-if [ "$1" = "--cleanup" ]; then
-  rm -rf $TMP/$PRGNAM-$VERSION
-  rm -rf $PKG
-fi
-
--- a/system/cfengine/cfengine.info
+++ b/system/cfengine/cfengine.info
@ -1,8 +1,8 @@
 PRGNAM="cfengine"
-VERSION="2.2.3"
+VERSION="2.2.8"
 HOMEPAGE="http://www.cfengine.org/"
-DOWNLOAD="http://www.cfengine.org/downloads/cfengine-2.2.3.tar.gz"
-MD5SUM="903298e54e80fe0c617f1c51102caef1"
+DOWNLOAD="http://www.cfengine.org/downloads/cfengine-2.2.8.tar.gz"
+MD5SUM="8881c3c350f36b35845cdb1e6e53b8a1"
 MAINTAINER="Menno E. Duursma"
 EMAIL="druiloor@zonnet.nl"
-APPROVED="rworkman"
+APPROVED="David Somero"
--- a/system/cfengine/config/cfagent.conf
+++ b/system/cfengine/config/cfagent.conf
@ -10,7 +10,7 @@ control:
 processes:

  # Make sure these processes are always running
-  "cfenvd" restart "/usr/sbin/cfenvd"
-  "cfservd" restart "/usr/sbin/cfservd"
-  "cfexecd" restart "/usr/sbin/cfexecd"
+  "cfenvd" restart "/etc/rc.d/rc.cfenvd restart"
+  "cfexecd" restart "/etc/rc.d/rc.cfexecd restart"
+  #"cfservd" restart "/etc/rc.d/rc.cfservd restart"

--- a/system/cfengine/config/cfservd.conf
+++ b/system/cfengine/config/cfservd.conf
@ -1,3 +1,8 @@
+# /var/cfengine/cfservd.conf
+#
+# Note: in case cfservd is started with 'cfengine' user privs, the path to
+# this file might instead be /home/cfengine/.cfagent/inputs/cfservd.conf
+
 control:

  domain = ( localhost )
--- a/system/cfengine/doinst.sh
+++ b/system/cfengine/doinst.sh
@ -11,16 +11,22 @@ config() {
  # Otherwise, we leave the .new copy for the admin to consider...
 }

-# Keep same perms on rc.cfengine:
-if [ -e etc/rc.d/rc.cfengine ]; then
-  cp -a etc/rc.d/rc.cfengine etc/rc.d/rc.cfengine.new.incoming
-  cat etc/rc.d/rc.cfengine.new > etc/rc.d/rc.cfengine.new.incoming
-  mv etc/rc.d/rc.cfengine.new.incoming etc/rc.d/rc.cfengine.new
-fi
+# Keep same permissions on rc files:
+for PRGNAM in cfengine cfenvd cfservd ; do
+  if [ -e etc/rc.d/rc.$PRGNAM ]; then
+    cp -a etc/rc.d/rc.$PRGNAM etc/rc.d/rc.$PRGNAM.new.incoming
+    cat etc/rc.d/rc.$PRGNAM.new > etc/rc.d/rc.$PRGNAM.new.incoming
+    mv etc/rc.d/rc.$PRGNAM.new.incoming etc/rc.d/rc.$PRGNAM.new
+  fi
+  config etc/rc.d/rc.$PRGNAM.new
+done

-config etc/rc.d/rc.cfengine.new
 config var/cfengine/inputs/update.conf.new
 config var/cfengine/inputs/cfagent.conf.new
 config var/cfengine/inputs/cfservd.conf.new
 config var/cfengine/inputs/cfrun.hosts.new

+# Following link is for some backwards compatibility
+if [ ! -d var/cfengine/bin ]; then mkdir -p var/$PRGNAM/bin ; fi
+( cd var/cfengine/bin ; ln -sf ../../../usr/sbin/cfagent . )
+
--- a/system/cfengine/rc.cfengine
+++ b/system/cfengine/rc.cfengine
@ -1,50 +1,52 @@
 #!/bin/sh

-# Start cfengine:
-cfengine_start() {
+# start/stop/restart/reload cfexecd
+
+# 'cfexecd' may be used to capture cfagent output and send it as
+# mail when run. All control parameters are set in cfagent.conf.
+# cfagent can in turn start any other service (e.g. cfenvd, cfservd)
+
+# Start cfexecd:
+cfexecd_start() {
  if [ -x /usr/sbin/cfexecd ]; then
    # Make sure localhost keys exist first
    if [ ! -f /var/cfengine/ppkeys/localhost.priv ]; then
      /usr/sbin/cfkey
    fi
-    echo "Starting Cfengine:  /usr/sbin/cfexecd"
+    echo "Starting the CFEngine scheduler service:  /usr/sbin/cfexecd"
    /usr/sbin/cfexecd
  fi
 }

-# Stop cfengine:
-cfengine_stop() {
-  /bin/killall cfenvd 2> /dev/null
+# Stop cfexecd:
+cfexecd_stop() {
  /bin/killall cfexecd 2> /dev/null
-  /bin/killall cfservd 2> /dev/null
 }

-# Restart cfengine:
-cfengine_restart() {
-  cfengine_stop
+# Restart cfexecd:
+cfexecd_restart() {
+  cfexecd_stop
  sleep 1
-  cfengine_start
+  cfexecd_start
 }

-# Reload cfengine:
-cfengine_reload() {
-  /bin/killall -HUP cfenvd
+# Reload cfexecd:
+cfexecd_reload() {
  /bin/killall -HUP cfexecd
-  /bin/killall -HUP cfservd
 }

 case "$1" in
 'start')
-  cfengine_start
+  cfexecd_start
  ;;
 'stop')
-  cfengine_stop
+  cfexecd_stop
  ;;
 'restart')
-  cfengine_restart
+  cfexecd_restart
  ;;
 'reload')
-  cfengine_reload
+  cfexecd_reload
  ;;
 *)
  echo "usage $0 start|stop|restart|reload"
--- a/system/cfengine/rc.cfenvd
+++ b/system/cfengine/rc.cfenvd
@ -0,0 +1,45 @@
+#!/bin/sh
+
+# start/stop/restart/reload cfenvd
+
+# Start cfenvd:
+cfenvd_start() {
+  if [ -x /usr/sbin/cfenvd ]; then
+    echo "Starting the CFEengine environment service:  /usr/sbin/cfexecd"
+    /usr/sbin/cfenvd
+  fi
+}
+
+# Stop cfenvd:
+cfenvd_stop() {
+  /bin/killall cfenvd 2> /dev/null
+}
+
+# Restart cfenvd:
+cfenvd_restart() {
+  cfenvd_stop
+  sleep 1
+  cfenvd_start
+}
+
+# Reload cfenvd:
+cfenvd_reload() {
+  /bin/killall -HUP cfenvd
+}
+
+case "$1" in
+'start')
+  cfenvd_start
+  ;;
+'stop')
+  cfenvd_stop
+  ;;
+'restart')
+  cfenvd_restart
+  ;;
+'reload')
+  cfenvd_reload
+  ;;
+*)
+  echo "usage $0 start|stop|restart|reload"
+esac
--- a/system/cfengine/rc.cfservd
+++ b/system/cfengine/rc.cfservd
@ -0,0 +1,57 @@
+#!/bin/sh
+
+# start/stop/restart/reload cfservd
+
+# 'cfservd' looks for a configuration file cfservd.conf by default.
+
+# Note: this daemon doesn't actually need to run under the root account,
+# assuming an account named 'cfservd' exists, one way of configuring it
+# to use its own account would be to to run 'cfkey' and 'cfagent' ones
+# which creates the ~/.cfagent subdir then start the service with:
+# /bin/su - cfservd -c /usr/sbin/cfservd
+
+# Start cfservd:
+cfservd_start() {
+  if [ -x /usr/sbin/cfservd ]; then
+    # Make sure localhost keys exist first
+    if [ ! -f /var/cfengine/ppkeys/localhost.priv ]; then
+      /usr/sbin/cfkey
+    fi
+    echo "Starting Cfengine:  /usr/sbin/cfservd"
+    /usr/sbin/cfservd
+  fi
+}
+
+# Stop cfservd:
+cfservd_stop() {
+  /bin/killall cfservd 2> /dev/null
+}
+
+# Restart cfservd:
+cfservd_restart() {
+  cfservd_stop
+  sleep 1
+  cfservd_start
+}
+
+# Reload cfservd:
+cfservd_reload() {
+  /bin/killall -HUP cfservd
+}
+
+case "$1" in
+'start')
+  cfservd_start
+  ;;
+'stop')
+  cfservd_stop
+  ;;
+'restart')
+  cfservd_restart
+  ;;
+'reload')
+  cfservd_reload
+  ;;
+*)
+  echo "usage $0 start|stop|restart|reload"
+esac