jhogarth pushed to sslh (el5). "no libconfig on el5 so rmeove all traces of it, provide sysconfig/sslh to configure it instead"

notifications at fedoraproject.org notifications at fedoraproject.org
Sat Apr 18 01:32:04 UTC 2015 

>From ab701bbc9087a85faf6c4b15b4c4439302d78b94 Mon Sep 17 00:00:00 2001
From: James Hogarth <james.hogarth at gmail.com>
Date: Sat, 18 Apr 2015 02:31:53 +0100
Subject: no libconfig on el5 so rmeove all traces of it, provide
 sysconfig/sslh to configure it instead


diff --git a/patch-el5.patch b/patch-el5.patch
index 9d568b8..408abc8 100644
--- a/patch-el5.patch
+++ b/patch-el5.patch
@@ -1,18 +1,21 @@
-diff --git a/basic.cfg b/basic.cfg
-index 526ffbf..4234a5d 100644
---- a/basic.cfg
-+++ b/basic.cfg
-@@ -7,7 +7,7 @@ inetd: false;
- numeric: false;
- transparent: false;
- timeout: "2";
--user: "nobody";
-+user: "sslh";
- pidfile: "/var/run/sslh.pid";
+diff --git a/common.c b/common.c
+index 100753a..0e75188 100644
+--- a/common.c
++++ b/common.c
+@@ -574,10 +574,9 @@ void set_capabilities(void) {
+         cap_list[ncap++] = CAP_NET_ADMIN;
  
+     caps = cap_init();
++    cap_clear(caps);
  
+ #define _cap_set_flag(flag) do { \
+-        res = cap_clear_flag(caps, flag); \
+-        CHECK_RES_DIE(res, "cap_clear_flag(" #flag ")"); \
+         if (ncap > 0) { \
+             res = cap_set_flag(caps, flag, ncap, cap_list, CAP_SET); \
+             CHECK_RES_DIE(res, "cap_set_flag(" #flag ")"); \
 diff --git a/scripts/etc.rc.d.init.d.sslh.centos b/scripts/etc.rc.d.init.d.sslh.centos
-index 6549545..105d36c 100755
+index 6549545..d334ef5 100755
 --- a/scripts/etc.rc.d.init.d.sslh.centos
 +++ b/scripts/etc.rc.d.init.d.sslh.centos
 @@ -9,11 +9,12 @@
@@ -47,7 +50,7 @@ index 6549545..105d36c 100755
      LANG=$SSLH_LANG daemon --pidfile="$PIDFILE" \
                             ${SSLH_USER:+--user="${SSLH_USER}"} \
 -                           "$SSLH" ${CONFIG:+-F "$CONFIG"} "$OPTIONS"
-+                           "$SSLH" "$OPTIONS"
++                           "$SSLH" -P "$PIDFILE" "$OPTIONS"
      RETVAL=$?
      echo
      [ $RETVAL = 0 ] && touch "$LOCKFILE"
@@ -89,3 +92,79 @@ index d9eeed5..e4ac97a 100644
  #
 -#PIDFILE=/var/run/sslh/sslh.pid
 +#PIDFILE=/var/run/sslh.pid
+diff --git a/sslh-main.c b/sslh-main.c
+index 9cc8a06..4ae5e15 100644
+--- a/sslh-main.c
++++ b/sslh-main.c
+@@ -33,7 +33,7 @@
+ const char* USAGE_STRING =
+ "sslh " VERSION "\n" \
+ "usage:\n" \
+-"\tsslh  [-v] [-i] [-V] [-f] [-n] [--transparent] [-F <file>]\n"
++"\tsslh  [-v] [-i] [-V] [-f] [-n] [--transparent]\n"
+ "\t[-t <timeout>] [-P <pidfile>] -u <username> -p <add> [-p <addr> ...] \n" \
+ "%s\n\n" /* Dynamically built list of builtin protocols */  \
+ "\t[--on-timeout <addr>]\n" \
+@@ -43,7 +43,6 @@ const char* USAGE_STRING =
+ "-n: numeric output\n" \
+ "-u: specify under which user to run\n" \
+ "--transparent: behave as a transparent proxy\n" \
+-"-F: use configuration file\n" \
+ "--on-timeout: connect to specified address upon timeout (default: ssh address)\n" \
+ "-t: seconds to wait before connecting to --on-timeout address.\n" \
+ "-p: address and port to listen on.\n    Can be used several times to bind to several addresses.\n" \
+diff --git a/sslh.pod b/sslh.pod
+index c0ce606..8f34f44 100644
+--- a/sslh.pod
++++ b/sslh.pod
+@@ -6,7 +6,7 @@
+ 
+ =head1 SYNOPSIS
+ 
+-sslh [B<-F> I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
++sslh [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
+ 
+ =head1 DESCRIPTION
+ 
+@@ -37,28 +37,6 @@ check accesses defined in F</etc/hosts.allow> and
+ F</etc/hosts.deny>.  Libwrap services can be defined using
+ the configuration file.
+ 
+-=head2 Configuration file
+-
+-A configuration file can be supplied to B<sslh>. Command
+-line arguments override file settings. B<sslh> uses
+-B<libconfig> to parse the configuration file, so the general
+-file format is indicated in
+-L<http://www.hyperrealm.com/libconfig/libconfig_manual.html>.
+-Please refer to the example configuration file provided with
+-B<sslh> for the specific format (Options have the same names
+-as on the command line, except for the list of listen ports
+-and the list of protocols).
+-
+-The configuration file makes it possible to specify
+-protocols using regular expressions: a list of regular
+-expressions is given as the I<probe> parameter, and if the
+-first packet received from the client matches any of these
+-expressions, B<sslh> connects to that protocol.
+-
+-Alternatively, the I<probe> parameter can be set to
+-"builtin", to use the compiled probes which are much faster
+-than regular expressions.
+-
+ =head2 Probing protocols
+ 
+ When receiving an incoming connection, B<sslh> will read the
+@@ -82,12 +60,6 @@ connections and LOG_ERR for failures.
+ 
+ =over 4
+ 
+-=item B<-F> I<filename>, B<--config> I<filename>
+-
+-Uses I<filename> has configuration file. If other
+-command-line options are specified, they will override the
+-configuration file's settings.
+-
+ =item B<-t> I<num>, B<--timeout> I<num>
+ 
+ Timeout before forwarding the connection to the timeout
diff --git a/sslh.spec b/sslh.spec
index c51dafb..d1711fb 100644
--- a/sslh.spec
+++ b/sslh.spec
@@ -59,11 +59,13 @@ mkdir -p %{buildroot}%{_pkgdocdir}
 mkdir -p %{buildroot}%{_mandir}/man8
 mkdir -p %{buildroot}%{_unitdir}
 mkdir -p %{buildroot}%{_initddir}
+mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
 cp -p %{name}-fork %{buildroot}%{_sbindir}/%{name}
 cp -p %{name}-select %{buildroot}%{_sbindir}/%{name}-select
 cp -p {README.md,COPYING,ChangeLog} %{buildroot}%{_pkgdocdir}/
 cp -p %{name}.8 %{buildroot}%{_mandir}/man8/
 cp -p scripts/etc.rc.d.init.d.sslh.centos %{buildroot}%{_initddir}/sslh
+cp -p scripts/etc.sysconfig.sslh %{buildroot}%{_sysconfdir}/sysconfig/sslh
 
 %clean
 rm -rf %{buildroot}
@@ -98,6 +100,7 @@ fi
 %attr(0755,root,root) %{_sbindir}/%{name}
 %attr(0755,root,root) %{_sbindir}/%{name}-select
 %attr(0755,root,root) %{_initddir}/sslh
+%config(noreplace) %{_sysconfdir}/sysconfig/sslh
 
 
 %changelog
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/sslh.git/commit/?h=el5&id=ab701bbc9087a85faf6c4b15b4c4439302d78b94

More information about the scm-commits mailing list