diff options
Diffstat (limited to 'system/cfengine')
-rw-r--r-- | system/cfengine/README | 15 | ||||
-rw-r--r-- | system/cfengine/cfengine.SlackBuild | 74 | ||||
-rw-r--r-- | system/cfengine/cfengine.info | 8 | ||||
-rw-r--r-- | system/cfengine/config/cfagent.conf | 6 | ||||
-rw-r--r-- | system/cfengine/config/cfservd.conf | 5 | ||||
-rw-r--r-- | system/cfengine/doinst.sh | 20 | ||||
-rw-r--r-- | system/cfengine/rc.cfengine | 40 | ||||
-rw-r--r-- | system/cfengine/rc.cfenvd | 45 | ||||
-rw-r--r-- | system/cfengine/rc.cfservd | 57 |
9 files changed, 206 insertions, 64 deletions
diff --git a/system/cfengine/README b/system/cfengine/README index 8656958133..75eab9fbf6 100644 --- a/system/cfengine/README +++ b/system/cfengine/README @@ -5,10 +5,15 @@ at Oslo University College, Norway. It is used to implement policy-based configuration management on open systems (Unix-like environments) through the interpretation of its own declarative -language. +language. It emphasizes an 'immunological' viewpoint, making its modus +operandi convergence to a stable state. -It emphasizes an 'immunological' viewpoint, making its modus operandi -convergence to a stable state. +Note: Even though an rc file is included, at least an update.conf is needed +as well. A sample for which is included. For usage intros see: + +Cluster Management with GNU cfengine by Mark Burgess +http://www.ieeetcsc.org/newsletters/2002-01/burgess.html + +Automating Security with GNU cfengine by Kirk Bauer +http://www.linuxjournal.com/article/6848 -Note: Even though an rc file is included, at least an update.conf is -needed as well (a sample is also included in the package). diff --git a/system/cfengine/cfengine.SlackBuild b/system/cfengine/cfengine.SlackBuild index f88193da82..fdab1fad49 100644 --- a/system/cfengine/cfengine.SlackBuild +++ b/system/cfengine/cfengine.SlackBuild @@ -1,11 +1,14 @@ #!/bin/sh # Slackware build script for Cfengine +# Written by Menno E. Duursma <druiloor@zonnet.nl> -# Written by Menno Duursma <druiloor@zonnet.nl> +# This program is free software. It comes without any warranty. +# Granted WTFPL, Version 2, as published by Sam Hocevar. See +# http://sam.zoy.org/wtfpl/COPYING for more details. PRGNAM=cfengine -VERSION=2.2.3 +VERSION=2.2.8 ARCH=${ARCH:-i486} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -19,6 +22,8 @@ if [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" fi set -e # Exit on most errors @@ -29,8 +34,12 @@ cd $TMP rm -rf $PRGNAM-$VERSION tar xvf $CWD/$PRGNAM-$VERSION.tar.gz cd $PRGNAM-$VERSION -chown -R root:root . -chmod -R u+w,go+r-w,a-s . +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; # The system expects everything to live in /var/cfengine generally # Its configuration is maintained in a version control system @@ -44,23 +53,12 @@ CXXFLAGS="$SLKCFLAGS" \ --datadir=/usr/doc \ --libdir=/usr/lib \ --enable-shared=yes \ + --enable-static=no \ --with-docs make make install-strip DESTDIR=$PKG -# Create the server directory (may not be needed) -mkdir -p $PKG/var/cfengine/masterfiles - -# Include example config files -mkdir -p $PKG/etc/rc.d -cat $CWD/rc.cfengine > $PKG/etc/rc.d/rc.cfengine.new -mkdir -p $PKG/var/cfengine/inputs -cat $CWD/config/update.conf > $PKG/var/cfengine/inputs/update.conf.new -cat $CWD/config/cfagent.conf > $PKG/var/cfengine/inputs/cfagent.conf.new -cat $CWD/config/cfservd.conf > $PKG/var/cfengine/inputs/cfservd.conf.new -cat $CWD/config/cfrun.hosts > $PKG/var/cfengine/inputs/cfrun.hosts.new - ( cd $PKG/usr/man || exit 1 find . -type f -exec gzip -9 {} \; for i in $(find . -type l) ; @@ -68,27 +66,51 @@ cat $CWD/config/cfrun.hosts > $PKG/var/cfengine/inputs/cfrun.hosts.new done ) -rm -f $PKG/usr/info/dir -gzip -9 $PKG/usr/info/*.info* +# Create basic work dirs +for dir in bin inputs outputs masterfiles ; do + mkdir -p $PKG/var/$PRGNAM/$dir +done + +# Include example start/stop/restart/reload scripts +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.cfengine > $PKG/etc/rc.d/rc.cfengine.new +cat $CWD/rc.cfenvd > $PKG/etc/rc.d/rc.cfenvd.new +cat $CWD/rc.cfservd > $PKG/etc/rc.d/rc.cfservd.new +# Link the cfengine name to execd for compatibility +( cd $PKG/etc/rc.d ; ln -sf rc.cfengine rc.cfexecd ) + +# Include example config files +cat $CWD/config/update.conf > $PKG/var/$PRGNAM/inputs/update.conf.new +cat $CWD/config/cfagent.conf > $PKG/var/$PRGNAM/inputs/cfagent.conf.new +cat $CWD/config/cfservd.conf > $PKG/var/$PRGNAM/inputs/cfservd.conf.new +cat $CWD/config/cfrun.hosts > $PKG/var/$PRGNAM/inputs/cfrun.hosts.new + +# Try to be a bit more compatible to some other distros versions +( cd $PKG/etc + ln -sf /var/cfengine/inputs cfengine + ln -sf /var/cfengine/inputs cfengine2 + cd $PKG/var ; ln -sf cfengine cfengine2 +) + +# Following link is for backwards compatibility +mkdir -p $PKG/var/$PRGNAM/bin +( cd $PKG/var/cfengine/bin ; ln -sf /usr/sbin/cfagent . ) # Put docs in the versioned directory mv $PKG/usr/doc/$PRGNAM $PKG/usr/doc/$PRGNAM-$VERSION cp -a [A-Z][A-Z]* ChangeLog $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild -cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.SBo +cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README$TAG find $PKG/usr/doc/$PRGNAM-$VERSION -type f -exec chmod 644 {} \; +# Compress info pages and remove the package's dir file +rm -f $PKG/usr/info/dir +gzip -9 $PKG/usr/info/*.info* + mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz - -# Clean up the extra stuff -if [ "$1" = "--cleanup" ]; then - rm -rf $TMP/$PRGNAM-$VERSION - rm -rf $PKG -fi - diff --git a/system/cfengine/cfengine.info b/system/cfengine/cfengine.info index 79f6598e44..8026f1c21e 100644 --- a/system/cfengine/cfengine.info +++ b/system/cfengine/cfengine.info @@ -1,8 +1,8 @@ PRGNAM="cfengine" -VERSION="2.2.3" +VERSION="2.2.8" HOMEPAGE="http://www.cfengine.org/" -DOWNLOAD="http://www.cfengine.org/downloads/cfengine-2.2.3.tar.gz" -MD5SUM="903298e54e80fe0c617f1c51102caef1" +DOWNLOAD="http://www.cfengine.org/downloads/cfengine-2.2.8.tar.gz" +MD5SUM="8881c3c350f36b35845cdb1e6e53b8a1" MAINTAINER="Menno E. Duursma" EMAIL="druiloor@zonnet.nl" -APPROVED="rworkman" +APPROVED="David Somero"
\ No newline at end of file diff --git a/system/cfengine/config/cfagent.conf b/system/cfengine/config/cfagent.conf index 6fe5bc7e27..9645f08401 100644 --- a/system/cfengine/config/cfagent.conf +++ b/system/cfengine/config/cfagent.conf @@ -10,7 +10,7 @@ control: processes: # Make sure these processes are always running - "cfenvd" restart "/usr/sbin/cfenvd" - "cfservd" restart "/usr/sbin/cfservd" - "cfexecd" restart "/usr/sbin/cfexecd" + "cfenvd" restart "/etc/rc.d/rc.cfenvd restart" + "cfexecd" restart "/etc/rc.d/rc.cfexecd restart" + #"cfservd" restart "/etc/rc.d/rc.cfservd restart" diff --git a/system/cfengine/config/cfservd.conf b/system/cfengine/config/cfservd.conf index 84bd910599..292fbb96b5 100644 --- a/system/cfengine/config/cfservd.conf +++ b/system/cfengine/config/cfservd.conf @@ -1,3 +1,8 @@ +# /var/cfengine/cfservd.conf +# +# Note: in case cfservd is started with 'cfengine' user privs, the path to +# this file might instead be /home/cfengine/.cfagent/inputs/cfservd.conf + control: domain = ( localhost ) diff --git a/system/cfengine/doinst.sh b/system/cfengine/doinst.sh index 5740fda749..43efbf8aa3 100644 --- a/system/cfengine/doinst.sh +++ b/system/cfengine/doinst.sh @@ -11,16 +11,22 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } -# Keep same perms on rc.cfengine: -if [ -e etc/rc.d/rc.cfengine ]; then - cp -a etc/rc.d/rc.cfengine etc/rc.d/rc.cfengine.new.incoming - cat etc/rc.d/rc.cfengine.new > etc/rc.d/rc.cfengine.new.incoming - mv etc/rc.d/rc.cfengine.new.incoming etc/rc.d/rc.cfengine.new -fi +# Keep same permissions on rc files: +for PRGNAM in cfengine cfenvd cfservd ; do + if [ -e etc/rc.d/rc.$PRGNAM ]; then + cp -a etc/rc.d/rc.$PRGNAM etc/rc.d/rc.$PRGNAM.new.incoming + cat etc/rc.d/rc.$PRGNAM.new > etc/rc.d/rc.$PRGNAM.new.incoming + mv etc/rc.d/rc.$PRGNAM.new.incoming etc/rc.d/rc.$PRGNAM.new + fi + config etc/rc.d/rc.$PRGNAM.new +done -config etc/rc.d/rc.cfengine.new config var/cfengine/inputs/update.conf.new config var/cfengine/inputs/cfagent.conf.new config var/cfengine/inputs/cfservd.conf.new config var/cfengine/inputs/cfrun.hosts.new +# Following link is for some backwards compatibility +if [ ! -d var/cfengine/bin ]; then mkdir -p var/$PRGNAM/bin ; fi +( cd var/cfengine/bin ; ln -sf ../../../usr/sbin/cfagent . ) + diff --git a/system/cfengine/rc.cfengine b/system/cfengine/rc.cfengine index a58103c72a..08a3300d62 100644 --- a/system/cfengine/rc.cfengine +++ b/system/cfengine/rc.cfengine @@ -1,50 +1,52 @@ #!/bin/sh -# Start cfengine: -cfengine_start() { +# start/stop/restart/reload cfexecd + +# 'cfexecd' may be used to capture cfagent output and send it as +# mail when run. All control parameters are set in cfagent.conf. +# cfagent can in turn start any other service (e.g. cfenvd, cfservd) + +# Start cfexecd: +cfexecd_start() { if [ -x /usr/sbin/cfexecd ]; then # Make sure localhost keys exist first if [ ! -f /var/cfengine/ppkeys/localhost.priv ]; then /usr/sbin/cfkey fi - echo "Starting Cfengine: /usr/sbin/cfexecd" + echo "Starting the CFEngine scheduler service: /usr/sbin/cfexecd" /usr/sbin/cfexecd fi } -# Stop cfengine: -cfengine_stop() { - /bin/killall cfenvd 2> /dev/null +# Stop cfexecd: +cfexecd_stop() { /bin/killall cfexecd 2> /dev/null - /bin/killall cfservd 2> /dev/null } -# Restart cfengine: -cfengine_restart() { - cfengine_stop +# Restart cfexecd: +cfexecd_restart() { + cfexecd_stop sleep 1 - cfengine_start + cfexecd_start } -# Reload cfengine: -cfengine_reload() { - /bin/killall -HUP cfenvd +# Reload cfexecd: +cfexecd_reload() { /bin/killall -HUP cfexecd - /bin/killall -HUP cfservd } case "$1" in 'start') - cfengine_start + cfexecd_start ;; 'stop') - cfengine_stop + cfexecd_stop ;; 'restart') - cfengine_restart + cfexecd_restart ;; 'reload') - cfengine_reload + cfexecd_reload ;; *) echo "usage $0 start|stop|restart|reload" diff --git a/system/cfengine/rc.cfenvd b/system/cfengine/rc.cfenvd new file mode 100644 index 0000000000..03bf800b9c --- /dev/null +++ b/system/cfengine/rc.cfenvd @@ -0,0 +1,45 @@ +#!/bin/sh + +# start/stop/restart/reload cfenvd + +# Start cfenvd: +cfenvd_start() { + if [ -x /usr/sbin/cfenvd ]; then + echo "Starting the CFEengine environment service: /usr/sbin/cfexecd" + /usr/sbin/cfenvd + fi +} + +# Stop cfenvd: +cfenvd_stop() { + /bin/killall cfenvd 2> /dev/null +} + +# Restart cfenvd: +cfenvd_restart() { + cfenvd_stop + sleep 1 + cfenvd_start +} + +# Reload cfenvd: +cfenvd_reload() { + /bin/killall -HUP cfenvd +} + +case "$1" in +'start') + cfenvd_start + ;; +'stop') + cfenvd_stop + ;; +'restart') + cfenvd_restart + ;; +'reload') + cfenvd_reload + ;; +*) + echo "usage $0 start|stop|restart|reload" +esac diff --git a/system/cfengine/rc.cfservd b/system/cfengine/rc.cfservd new file mode 100644 index 0000000000..68db3261ab --- /dev/null +++ b/system/cfengine/rc.cfservd @@ -0,0 +1,57 @@ +#!/bin/sh + +# start/stop/restart/reload cfservd + +# 'cfservd' looks for a configuration file cfservd.conf by default. + +# Note: this daemon doesn't actually need to run under the root account, +# assuming an account named 'cfservd' exists, one way of configuring it +# to use its own account would be to to run 'cfkey' and 'cfagent' ones +# which creates the ~/.cfagent subdir then start the service with: +# /bin/su - cfservd -c /usr/sbin/cfservd + +# Start cfservd: +cfservd_start() { + if [ -x /usr/sbin/cfservd ]; then + # Make sure localhost keys exist first + if [ ! -f /var/cfengine/ppkeys/localhost.priv ]; then + /usr/sbin/cfkey + fi + echo "Starting Cfengine: /usr/sbin/cfservd" + /usr/sbin/cfservd + fi +} + +# Stop cfservd: +cfservd_stop() { + /bin/killall cfservd 2> /dev/null +} + +# Restart cfservd: +cfservd_restart() { + cfservd_stop + sleep 1 + cfservd_start +} + +# Reload cfservd: +cfservd_reload() { + /bin/killall -HUP cfservd +} + +case "$1" in +'start') + cfservd_start + ;; +'stop') + cfservd_stop + ;; +'restart') + cfservd_restart + ;; +'reload') + cfservd_reload + ;; +*) + echo "usage $0 start|stop|restart|reload" +esac |