jhogarth pushed to sslh (el5). "no libconfig on el5 so rmeove all traces of it, provide sysconfig/sslh to configure it instead"
notifications at fedoraproject.org
notifications at fedoraproject.org
Sat Apr 18 01:32:04 UTC 2015
>From ab701bbc9087a85faf6c4b15b4c4439302d78b94 Mon Sep 17 00:00:00 2001
From: James Hogarth <james.hogarth at gmail.com>
Date: Sat, 18 Apr 2015 02:31:53 +0100
Subject: no libconfig on el5 so rmeove all traces of it, provide
sysconfig/sslh to configure it instead
diff --git a/patch-el5.patch b/patch-el5.patch
index 9d568b8..408abc8 100644
--- a/patch-el5.patch
+++ b/patch-el5.patch
@@ -1,18 +1,21 @@
-diff --git a/basic.cfg b/basic.cfg
-index 526ffbf..4234a5d 100644
---- a/basic.cfg
-+++ b/basic.cfg
-@@ -7,7 +7,7 @@ inetd: false;
- numeric: false;
- transparent: false;
- timeout: "2";
--user: "nobody";
-+user: "sslh";
- pidfile: "/var/run/sslh.pid";
+diff --git a/common.c b/common.c
+index 100753a..0e75188 100644
+--- a/common.c
++++ b/common.c
+@@ -574,10 +574,9 @@ void set_capabilities(void) {
+ cap_list[ncap++] = CAP_NET_ADMIN;
+ caps = cap_init();
++ cap_clear(caps);
+ #define _cap_set_flag(flag) do { \
+- res = cap_clear_flag(caps, flag); \
+- CHECK_RES_DIE(res, "cap_clear_flag(" #flag ")"); \
+ if (ncap > 0) { \
+ res = cap_set_flag(caps, flag, ncap, cap_list, CAP_SET); \
+ CHECK_RES_DIE(res, "cap_set_flag(" #flag ")"); \
diff --git a/scripts/etc.rc.d.init.d.sslh.centos b/scripts/etc.rc.d.init.d.sslh.centos
-index 6549545..105d36c 100755
+index 6549545..d334ef5 100755
--- a/scripts/etc.rc.d.init.d.sslh.centos
+++ b/scripts/etc.rc.d.init.d.sslh.centos
@@ -9,11 +9,12 @@
@@ -47,7 +50,7 @@ index 6549545..105d36c 100755
LANG=$SSLH_LANG daemon --pidfile="$PIDFILE" \
${SSLH_USER:+--user="${SSLH_USER}"} \
- "$SSLH" ${CONFIG:+-F "$CONFIG"} "$OPTIONS"
-+ "$SSLH" "$OPTIONS"
++ "$SSLH" -P "$PIDFILE" "$OPTIONS"
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch "$LOCKFILE"
@@ -89,3 +92,79 @@ index d9eeed5..e4ac97a 100644
#
-#PIDFILE=/var/run/sslh/sslh.pid
+#PIDFILE=/var/run/sslh.pid
+diff --git a/sslh-main.c b/sslh-main.c
+index 9cc8a06..4ae5e15 100644
+--- a/sslh-main.c
++++ b/sslh-main.c
+@@ -33,7 +33,7 @@
+ const char* USAGE_STRING =
+ "sslh " VERSION "\n" \
+ "usage:\n" \
+-"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent] [-F <file>]\n"
++"\tsslh [-v] [-i] [-V] [-f] [-n] [--transparent]\n"
+ "\t[-t <timeout>] [-P <pidfile>] -u <username> -p <add> [-p <addr> ...] \n" \
+ "%s\n\n" /* Dynamically built list of builtin protocols */ \
+ "\t[--on-timeout <addr>]\n" \
+@@ -43,7 +43,6 @@ const char* USAGE_STRING =
+ "-n: numeric output\n" \
+ "-u: specify under which user to run\n" \
+ "--transparent: behave as a transparent proxy\n" \
+-"-F: use configuration file\n" \
+ "--on-timeout: connect to specified address upon timeout (default: ssh address)\n" \
+ "-t: seconds to wait before connecting to --on-timeout address.\n" \
+ "-p: address and port to listen on.\n Can be used several times to bind to several addresses.\n" \
+diff --git a/sslh.pod b/sslh.pod
+index c0ce606..8f34f44 100644
+--- a/sslh.pod
++++ b/sslh.pod
+@@ -6,7 +6,7 @@
+
+ =head1 SYNOPSIS
+
+-sslh [B<-F> I<config file>] [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
++sslh [ B<-t> I<num> ] [B<--transparent>] [B<-p> I<listening address> [B<-p> I<listening address> ...] [B<--ssl> I<target address for SSL>] [B<--ssh> I<target address for SSH>] [B<--openvpn> I<target address for OpenVPN>] [B<--http> I<target address for HTTP>] [B<--anyprot> I<default target address>] [B<--on-timeout> I<protocol name>] [B<-u> I<username>] [B<-P> I<pidfile>] [-v] [-i] [-V] [-f] [-n]
+
+ =head1 DESCRIPTION
+
+@@ -37,28 +37,6 @@ check accesses defined in F</etc/hosts.allow> and
+ F</etc/hosts.deny>. Libwrap services can be defined using
+ the configuration file.
+
+-=head2 Configuration file
+-
+-A configuration file can be supplied to B<sslh>. Command
+-line arguments override file settings. B<sslh> uses
+-B<libconfig> to parse the configuration file, so the general
+-file format is indicated in
+-L<http://www.hyperrealm.com/libconfig/libconfig_manual.html>.
+-Please refer to the example configuration file provided with
+-B<sslh> for the specific format (Options have the same names
+-as on the command line, except for the list of listen ports
+-and the list of protocols).
+-
+-The configuration file makes it possible to specify
+-protocols using regular expressions: a list of regular
+-expressions is given as the I<probe> parameter, and if the
+-first packet received from the client matches any of these
+-expressions, B<sslh> connects to that protocol.
+-
+-Alternatively, the I<probe> parameter can be set to
+-"builtin", to use the compiled probes which are much faster
+-than regular expressions.
+-
+ =head2 Probing protocols
+
+ When receiving an incoming connection, B<sslh> will read the
+@@ -82,12 +60,6 @@ connections and LOG_ERR for failures.
+
+ =over 4
+
+-=item B<-F> I<filename>, B<--config> I<filename>
+-
+-Uses I<filename> has configuration file. If other
+-command-line options are specified, they will override the
+-configuration file's settings.
+-
+ =item B<-t> I<num>, B<--timeout> I<num>
+
+ Timeout before forwarding the connection to the timeout
diff --git a/sslh.spec b/sslh.spec
index c51dafb..d1711fb 100644
--- a/sslh.spec
+++ b/sslh.spec
@@ -59,11 +59,13 @@ mkdir -p %{buildroot}%{_pkgdocdir}
mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{_initddir}
+mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
cp -p %{name}-fork %{buildroot}%{_sbindir}/%{name}
cp -p %{name}-select %{buildroot}%{_sbindir}/%{name}-select
cp -p {README.md,COPYING,ChangeLog} %{buildroot}%{_pkgdocdir}/
cp -p %{name}.8 %{buildroot}%{_mandir}/man8/
cp -p scripts/etc.rc.d.init.d.sslh.centos %{buildroot}%{_initddir}/sslh
+cp -p scripts/etc.sysconfig.sslh %{buildroot}%{_sysconfdir}/sysconfig/sslh
%clean
rm -rf %{buildroot}
@@ -98,6 +100,7 @@ fi
%attr(0755,root,root) %{_sbindir}/%{name}
%attr(0755,root,root) %{_sbindir}/%{name}-select
%attr(0755,root,root) %{_initddir}/sslh
+%config(noreplace) %{_sysconfdir}/sysconfig/sslh
%changelog
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/sslh.git/commit/?h=el5&id=ab701bbc9087a85faf6c4b15b4c4439302d78b94
More information about the scm-commits
mailing list