new: net/tinc

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

new: net/tinc

Gregor Best
Hi ports@,

I am trying to create a port for the tinc VPN daemon. Attached are my
efforts this far, but they are not yet perfect.

tinc.conf.5 contains syntax errors which I was unable to fix. Mandoc complains

        "FATAL: child violates parent syntax"

if anyone could give me a hint on how to fix that, I'd be happy to
submit a fully working port.

--
    Gregor Best

net-tinc.tbz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new: net/tinc

Stuart Henderson
On 2012/12/09 22:16, Gregor Best wrote:

> Hi ports@,
>
> I am trying to create a port for the tinc VPN daemon. Attached are my
> efforts this far, but they are not yet perfect.
>
> tinc.conf.5 contains syntax errors which I was unable to fix. Mandoc complains
>
> "FATAL: child violates parent syntax"
>
> if anyone could give me a hint on how to fix that, I'd be happy to
> submit a fully working port.
>
> --
>     Gregor Best



USE_GROFF=Yes


Reply | Threaded
Open this post in threaded view
|

Re: new: net/tinc

Gregor Best
On Sun, Dec 09, 2012 at 11:08:02PM +0000, Stuart Henderson wrote:
> [...]
> USE_GROFF=Yes
> [...]

An updated port is attached. Should I write an introductory paragpraph
like the other "New: foo/bar" mails do for other ports?

--
    Gregor Best

net-tinc.tbz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new: net/tinc

Gregor Best
Ping?

Is there more testing needed or are there other issues preventing this
port from being included in the ports tree?

--
    Gregor Best

Reply | Threaded
Open this post in threaded view
|

Re: new: net/tinc

Gregor Best
Ping?

Still no news/opinion on this? I'd be satisfied with a "No, it won't be
added because you are stupid. Now go away" :)

--
    Gregor Best

Reply | Threaded
Open this post in threaded view
|

Re: new: net/tinc

Landry Breuil-6
On Fri, Dec 21, 2012 at 09:50:27AM +0100, Gregor Best wrote:
> Ping?
>
> Still no news/opinion on this? I'd be satisfied with a "No, it won't be
> added because you are stupid. Now go away" :)

- REVISION not needed
- missing $OpenBSD$ rcs ids comment at the beginning of makefile
- dont hardcode /usr/local, use ${LOCALBASE} to give the lzo path
- 'anonymizing' your e-mail that way wont fly. If you want to be the
maintainer put a real valid address.
- DISTFILES is not needed
- WANTLIB/DEPENDS is wrong. lzo2 is a LIB_DEPENDS. usr
  port-lib-depends-check.
- we dont handle config files that way. you might want to untar the
  doc/sample-config.tar.gz to  ${PREFIX}/share/examples/tinc/ and
@sample to ${SYSCONFDIR}/tinc/ it in the PLIST. Check how other ports
do.
- since it's a daemon, it'd be nice to write a rc script to properly
  handle its startup/teardown. And sinceit needs quite some
configuration, writing a README could be nice.

A somewhat fixed (without the last point) version is attached.

Landry

tinc.tgz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new: net/tinc

Gregor Best
On Fri, Dec 21, 2012 at 11:37:34AM +0100, Landry Breuil wrote:
> [...]
> - since it's a daemon, it'd be nice to write a rc script to properly
>   handle its startup/teardown. And sinceit needs quite some
> configuration, writing a README could be nice.
>
> A somewhat fixed (without the last point) version is attached.
> [...]

Thanks a lot for the feedback. I'll get right at it.

--
    Gregor Best

Reply | Threaded
Open this post in threaded view
|

Re: new: net/tinc

Stuart Henderson
In reply to this post by Gregor Best
On 2012/12/21 09:50, Gregor Best wrote:
> Ping?
>
> Still no news/opinion on this? I'd be satisfied with a "No, it won't be
> added because you are stupid. Now go away" :)
>
> --
>     Gregor Best
>

missing rcs id line at the top of Makefile

: COMMENT= Tinc VPN daemon

the name "Tinc" is already in PKGNAME so this is a bit of duplication,
COMMENT is usually best if it's a bit more descriptive, maybe something like:

mesh-routing cross-platform VPN daemon

: DISTNAME= tinc-1.0.19
: REVISION= 0

start without a REVISION line

: CATEGORIES=     net

spaces -> tabs

: HOMEPAGE= http://www.tinc-vpn.org/
:
: MAINTAINER= Gregor Best <gbe @ ring0 . de>

email address should be valid/correctly formatted

: # GPLv2

source files say "either version 2 of the License, or (at your
option) any later version" so we write GPLv2+

: PERMIT_PACKAGE_CDROM= Yes
: PERMIT_PACKAGE_FTP= Yes
: PERMIT_DISTFILES_CDROM= Yes
: PERMIT_DISTFILES_FTP= Yes
:
: WANTLIB= c ssl
: BUILD_DEPENDS= archivers/lzo2

make port-lib-depends-check says:

tinc-1.0.19p0(net/tinc):
Missing: crypto.21 (/usr/local/sbin/tincd) (system lib)
Missing lib: lzo2.0 (/usr/local/sbin/tincd) (NOT REACHABLE)
Missing: z.4 (/usr/local/sbin/tincd) (system lib)
Extra:  ssl.19
WANTLIB += crypto z

so libssl is not used, but you are missing libcrypto, libz and liblzo2.
the "NOT REACHABLE" means you need a LIB_DEPENDS line for lzo2 not a
BUILD_DEPENDS.

: CONFIGURE_ARGS= --with-lzo=/usr/local

use ${LOCALBASE} rather than hardcoding /usr/local

: DISTFILES= ${DISTNAME}.tar.gz

this is the default anyway; please zap

: MASTER_SITES= http://www.tinc-vpn.org/packages/
:
: CONFIGURE_STYLE=gnu
: USE_GROFF=Yes
:
: post-install:
: ${INSTALL_DATA_DIR} /etc/tinc

we are making a package, a port is to create a package, not install
something on the local system. you can create it in the PLIST instead
with @sample ${SYSCONFDIR}/tinc/

sample config is worth having though, so you could do this,
regenerate the plist, and @sample the relevant files into place:

post-install:
        ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/tinc
        tar xzf ${WRKSRC}/doc/sample-config.tar.gz -C \
            ${PREFIX}/share/examples/tinc

pkg/DESCR needs reformatting to fit a standard console width, and
could be fleshed out a bit e.g.:

-- -- --
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling
and encryption to create a private network between hosts on the Internet.
It uses its own protocol, however clients are available for
multiple operating systems. Features include:

- Encryption, authentication and compression (zlib/LZO)
- Automatic full mesh routing
- Simple configuration for additional nodes
- Ability to route or to bridge ethernet segments
- IPv6 support

WARNING! There are known weaknesses in the tinc 1.0 protocol; see
http://www.tinc-vpn.org/security/
-- -- --

the above changes are all in the attached tgz.

additionally, but I don't have time to look at this now, the
port should be setup so it can use the -U option easily; add the
relevant @newuser/@newgroup entries to PLIST, make sure that file
ownerships/permissions on the sample configs are usable in this way,
and add an rc.d script setup to use this option (and probably also
-R for chroot).


tinc.tgz (1K) Download Attachment