summaryrefslogtreecommitdiff
blob: a768d8ee2efb95b9d4cc1009c3a4d16faa679dae (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7

inherit systemd toolchain-funcs user

DESCRIPTION="P2P mesh VPN"
HOMEPAGE="https://github.com/peervpn/peervpn"
EGIT_COMMIT="eb35174277fbf745c5ee0d5875d659dad819adfc"
SRC_URI="https://github.com/peervpn/peervpn/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"

LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="libressl"
RDEPEND="libressl? ( dev-libs/libressl:0= )
	!libressl? ( <dev-libs/openssl-1.1:0= )"
DEPEND="${RDEPEND}"

S=${WORKDIR}/${PN}-${EGIT_COMMIT}

PATCHES=(
	"${FILESDIR}/${P}-strncpy-null-terminator.patch"
)

pkg_setup() {
	enewgroup ${PN}
	enewuser ${PN} -1 -1 -1 ${PN}
}

src_prepare() {
	default
	sed -e 's|^CFLAGS+=-O2||' -i Makefile || die
}

src_compile() {
	emake CC=$(tc-getCC)
}

src_install() {
	dosbin ${PN}

	insinto /etc/${PN}
	newins peervpn.conf peervpn.conf.example
	# read-only group access for bug 629418
	fowners root:${PN} /etc/${PN}
	fperms 0750 /etc/${PN}

	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
	systemd_dounit "${FILESDIR}/${PN}.service"

	keepdir /var/log/${PN}
	insinto /etc/logrotate.d
	newins "${FILESDIR}/${PN}.logrotated" "${PN}"
}

pkg_preinst() {
	if ! has_version '>=net-vpn/peervpn-0.044-r4' && \
		[[ -d ${EROOT}/etc/${PN} && ! -L ${EROOT}/etc/${PN} &&
		$(find "${EROOT}/etc/${PN}" -maxdepth 1 -user "${PN}" ! -type l -print) ]]; then
		ewarn "Tightening '${EROOT}/etc/${PN}' permissions for bug 629418"
		# Tighten the parent directory permissions first, in
		# order to protect against race conditions involving a
		# less-privileged user.
		chown root:${PN} "${EROOT}/etc/${PN}"
		chmod g+rX-w,o-rwx "${EROOT}/etc/${PN}"
		# Don't chown/chmod the referent of a symlink
		# owned by a less-privileged user.
		while read -r -d ''; do
			chown root:${PN} "${REPLY}" || die
			chmod g+rX-w,o-rwx "${REPLY}" || die
		done < <(find "${EROOT}/etc/${PN}" -mindepth 1 -maxdepth 1 -user "${PN}" ! -type l -print0)
	fi
}