From 3b276edab882541d9d2e6cbef1064d3fd28d5774 Mon Sep 17 00:00:00 2001 From: Michał Górny Date: Fri, 27 Feb 2015 21:14:21 +0000 Subject: Add support for SOCKSv5 proxy, bug #537616. Needed for network-sandbox support in Portage. (Portage version: 2.2.17/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!) --- sys-devel/distcc/ChangeLog | 9 +- sys-devel/distcc/distcc-3.2_rc1-r3.ebuild | 207 +++++++++++++++++++++ sys-devel/distcc/files/distcc-3.2_rc1-socks5.patch | 191 +++++++++++++++++++ 3 files changed, 406 insertions(+), 1 deletion(-) create mode 100644 sys-devel/distcc/distcc-3.2_rc1-r3.ebuild create mode 100644 sys-devel/distcc/files/distcc-3.2_rc1-socks5.patch diff --git a/sys-devel/distcc/ChangeLog b/sys-devel/distcc/ChangeLog index 133262d046d9..635e372097a3 100644 --- a/sys-devel/distcc/ChangeLog +++ b/sys-devel/distcc/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-devel/distcc # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-devel/distcc/ChangeLog,v 1.240 2015/01/24 23:18:13 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-devel/distcc/ChangeLog,v 1.241 2015/02/27 21:14:21 mgorny Exp $ + +*distcc-3.2_rc1-r3 (27 Feb 2015) + + 27 Feb 2015; Michał Górny +distcc-3.2_rc1-r3.ebuild, + +files/distcc-3.2_rc1-socks5.patch: + Add support for SOCKSv5 proxy, bug #537616. Needed for network-sandbox support + in Portage. 24 Jan 2015; Michał Górny distcc-3.1-r10.ebuild, distcc-3.2_rc1-r2.ebuild: diff --git a/sys-devel/distcc/distcc-3.2_rc1-r3.ebuild b/sys-devel/distcc/distcc-3.2_rc1-r3.ebuild new file mode 100644 index 000000000000..7eb32bd58d6c --- /dev/null +++ b/sys-devel/distcc/distcc-3.2_rc1-r3.ebuild @@ -0,0 +1,207 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-devel/distcc/distcc-3.2_rc1-r3.ebuild,v 1.1 2015/02/27 21:14:21 mgorny Exp $ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) + +inherit autotools eutils fdo-mime flag-o-matic multilib python-single-r1 systemd toolchain-funcs user + +MY_P="${P/_}" +DESCRIPTION="Distribute compilation of C code across several machines on a network" +HOMEPAGE="http://distcc.org/" +SRC_URI="http://distcc.googlecode.com/files/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="avahi crossdev gnome gssapi gtk hardened ipv6 selinux xinetd" + +RESTRICT="test" + +CDEPEND="${PYTHON_DEPS} + dev-libs/popt + avahi? ( >=net-dns/avahi-0.6[dbus] ) + gnome? ( + >=gnome-base/libgnome-2 + >=gnome-base/libgnomeui-2 + x11-libs/gtk+:2 + x11-libs/pango + ) + gssapi? ( net-libs/libgssglue ) + gtk? ( x11-libs/gtk+:2 )" +DEPEND="${CDEPEND} + virtual/pkgconfig" +RDEPEND="${CDEPEND} + !net-misc/pump + >=sys-devel/gcc-config-1.4.1 + selinux? ( sec-policy/selinux-distcc ) + xinetd? ( sys-apps/xinetd )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +S="${WORKDIR}/${MY_P}" + +DCCC_PATH="/usr/$(get_libdir)/distcc/bin" +DISTCC_VERBOSE="0" + +pkg_setup() { + enewuser distcc 240 -1 -1 daemon + python-single-r1_pkg_setup +} + +src_prepare() { + epatch "${FILESDIR}/${PN}-3.0-xinetd.patch" + # bug #253786 + epatch "${FILESDIR}/${PN}-3.0-fix-fortify.patch" + # bug #255188 + epatch "${FILESDIR}/${PN}-3.2_rc1-freedesktop.patch" + # bug #258364 + epatch "${FILESDIR}/${PN}-3.2_rc1-python.patch" + # for net-libs/libgssglue + epatch "${FILESDIR}/${PN}-3.2_rc1-gssapi.patch" + # SOCKSv5 support needed for Portage, bug #537616 + epatch "${FILESDIR}/${PN}-3.2_rc1-socks5.patch" + epatch_user + + # Bugs #120001, #167844 and probably more. See patch for description. + use hardened && epatch "${FILESDIR}/distcc-hardened.patch" + + sed -i \ + -e "/PATH/s:\$distcc_location:${EPREFIX}${DCCC_PATH}:" \ + -e "s:@PYTHON@:${EPYTHON}:" \ + pump.in || die "sed failed" + + sed \ + -e "s:@EPREFIX@:${EPREFIX:-/}:" \ + -e "s:@libdir@:/usr/$(get_libdir):" \ + "${FILESDIR}/distcc-config-3.2_rc1" > "${T}/distcc-config" || die + + eaclocal -Im4 --output=aclocal.m4 + eautoconf +} + +src_configure() { + local myconf="--disable-Werror --with-docdir=/usr/share/doc/${PF}" + # More legacy stuff? + [ "$(gcc-major-version)" = "2" ] && filter-lfs-flags + + # --disable-rfc2553 b0rked, bug #254176 + use ipv6 && myconf="${myconf} --enable-rfc2553" + + econf \ + $(use_with avahi) \ + $(use_with gtk) \ + $(use_with gnome) \ + $(use_with gssapi auth) \ + ${myconf} +} + +src_install() { + default + python_optimize + + dobin "${FILESDIR}/3.0/distcc-config" + + newinitd "${FILESDIR}/3.1/init" distccd + systemd_dounit "${FILESDIR}/distccd.service" + systemd_install_serviced "${FILESDIR}/distccd.service.conf" + + cp "${FILESDIR}/3.0/conf" "${T}/distccd" || die + if use avahi; then + cat >> "${T}/distccd" <<-EOF + + # Enable zeroconf support in distccd + DISTCCD_OPTS="\${DISTCCD_OPTS} --zeroconf" + EOF + + sed -i '/ExecStart/ s|$| --zeroconf|' "${ED}"/usr/lib/systemd/system/distccd.service || die + fi + doconfd "${T}/distccd" || die + + cat > "${T}/02distcc" <<-EOF + # This file is managed by distcc-config; use it to change these settings. + # DISTCC_LOG and DISTCC_DIR should not be set. + DISTCC_VERBOSE="${DISTCC_VERBOSE:-0}" + DISTCC_FALLBACK="${DISTCC_FALLBACK:-1}" + DISTCC_SAVE_TEMPS="${DISTCC_SAVE_TEMPS:-0}" + DISTCC_TCP_CORK="${DISTCC_TCP_CORK}" + DISTCC_SSH="${DISTCC_SSH}" + UNCACHED_ERR_FD="${UNCACHED_ERR_FD}" + DISTCC_ENABLE_DISCREPANCY_EMAIL="${DISTCC_ENABLE_DISCREPANCY_EMAIL}" + DCC_EMAILLOG_WHOM_TO_BLAME="${DCC_EMAILLOG_WHOM_TO_BLAME}" + EOF + doenvd "${T}/02distcc" || die + + keepdir "${DCCC_PATH}" || die + + dobin "${T}/distcc-config" || die + + # create the distccd pid directory + keepdir /var/run/distccd || die + fowners distcc:daemon /var/run/distccd || die + + if use gnome || use gtk; then + einfo "Renaming /usr/bin/distccmon-gnome to /usr/bin/distccmon-gui" + einfo "This is to have a little sensability in naming schemes between distccmon programs" + mv "${ED}/usr/bin/distccmon-gnome" "${ED}/usr/bin/distccmon-gui" || die + dosym distccmon-gui /usr/bin/distccmon-gnome || die + fi + + if use xinetd; then + insinto /etc/xinetd.d || die + newins "doc/example/xinetd" distcc || die + fi + + rm -r "${ED}/etc/default" || die + rm "${ED}/etc/distcc/clients.allow" || die + rm "${ED}/etc/distcc/commands.allow.sh" || die +} + +pkg_postinst() { + if [ -x "${EPREFIX}/usr/bin/distcc-config" ] ; then + if use crossdev; then + "${EPREFIX}/usr/bin/distcc-config" --update-masquerade-with-crossdev + else + "${EPREFIX}/usr/bin/distcc-config" --update-masquerade + fi + fi + + use gnome && fdo-mime_desktop_database_update + + elog + elog "Tips on using distcc with Gentoo can be found at" + elog "http://www.gentoo.org/doc/en/distcc.xml" + elog + elog "How to use pump mode with Gentoo:" + elog "# distcc-config --set-hosts \"foo,cpp,lzo bar,cpp,lzo baz,cpp,lzo\"" + elog "# echo 'FEATURES=\"\${FEATURES} distcc distcc-pump\"' >> /etc/make.conf" + elog "# emerge -u world" + elog + elog "To use the distccmon programs with Gentoo you should use this command:" + elog "# DISTCC_DIR=\"${DISTCC_DIR:-${BUILD_PREFIX}/.distcc}\" distccmon-text 5" + + if use gnome || use gtk; then + elog "Or:" + elog "# DISTCC_DIR=\"${DISTCC_DIR:-${BUILD_PREFIX}/.distcc}\" distccmon-gnome" + fi + + elog + elog "***SECURITY NOTICE***" + elog "If you are upgrading distcc please make sure to run etc-update to" + elog "update your /etc/conf.d/distccd and /etc/init.d/distccd files with" + elog "added security precautions (the --listen and --allow directives)" + elog +} + +pkg_postrm() { + # delete the masquerade directory + if [ ! -f "${EPREFIX}/usr/bin/distcc" ] ; then + einfo "Remove masquerade symbolic links." + rm "${EPREFIX}${DCCC_PATH}/"*{cc,c++,gcc,g++} + rmdir "${EPREFIX}${DCCC_PATH}" + fi + + use gnome && fdo-mime_desktop_database_update +} diff --git a/sys-devel/distcc/files/distcc-3.2_rc1-socks5.patch b/sys-devel/distcc/files/distcc-3.2_rc1-socks5.patch new file mode 100644 index 000000000000..256a16ffd5ba --- /dev/null +++ b/sys-devel/distcc/files/distcc-3.2_rc1-socks5.patch @@ -0,0 +1,191 @@ +From fdd93b1e9545b66d1b3a2a1ec24d4c8613ee43fb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= +Date: Sat, 24 Jan 2015 23:59:21 +0100 +Subject: [PATCH] Support SOCKSv5 proxy + +Support using a SOCKSv5 proxy specified as DISTCC_SOCKS_PROXY. +The variable can either a hostname, a host:port pair or an absolute path +to a UNIX socket. When SOCKS is used, the hostname is passed to +the proxy and therefore the name resolution is done remotely. +--- + src/clinet.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 135 insertions(+), 2 deletions(-) + +diff --git a/src/clinet.c b/src/clinet.c +index 010a884..4773d8b 100644 +--- a/src/clinet.c ++++ b/src/clinet.c +@@ -31,6 +31,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -42,8 +43,10 @@ + #include + #include + ++#include + #include + #include ++#include + + #include + +@@ -161,7 +164,7 @@ out_failed: + /** + * Open a socket to a tcp remote host with the specified port. + **/ +-int dcc_connect_by_name(const char *host, int port, int *p_fd) ++static int dcc_connect_by_name_real(const char *host, int port, int *p_fd) + { + struct addrinfo hints; + struct addrinfo *res; +@@ -201,7 +204,7 @@ int dcc_connect_by_name(const char *host, int port, int *p_fd) + * + * @todo Don't try for too long to connect. + **/ +-int dcc_connect_by_name(const char *host, int port, int *p_fd) ++static int dcc_connect_by_name_real(const char *host, int port, int *p_fd) + { + struct sockaddr_in sock_out; + struct hostent *hp; +@@ -224,3 +227,133 @@ int dcc_connect_by_name(const char *host, int port, int *p_fd) + } + + #endif /* not ENABLE_RFC2553 */ ++ ++static int dcc_connect_via_socks5(const char *host, int port, int *p_fd, const char *proxy) ++{ ++ int ret; ++ char *proxy_host, *proxy_it; ++ int proxy_port; ++ char buf[262]; ++ int host_length; ++ struct sockaddr_in addr_buf; ++ int skip_bytes; ++ ++ host_length = strlen(host); ++ if (host_length > 255) { ++ rs_log_error("hostname \"%s\" too long for SOCKSv5 (over 255 chars)", host); ++ return EXIT_CONNECT_FAILED; ++ } ++ ++ if (proxy[0] == '/') { /* UNIX socket */ ++ struct sockaddr_un unix_addr; ++ ++ if (strlen(proxy) >= sizeof(unix_addr.sun_path)) ++ { ++ rs_log_error("UNIX socket path \"%s\" too long", proxy); ++ return EXIT_CONNECT_FAILED; ++ } ++ ++ unix_addr.sun_family = AF_UNIX; ++ strcpy(unix_addr.sun_path, proxy); ++ ++ ret = dcc_connect_by_addr((struct sockaddr *) &unix_addr, ++ offsetof(struct sockaddr_un, sun_path) + strlen(proxy) + 1, ++ p_fd); ++ ++ } else { /* hostname? IP address? */ ++ proxy_host = strdup(proxy); ++ if (proxy_host == NULL) return EXIT_OUT_OF_MEMORY; ++ ++ proxy_it = strrchr(proxy_host, ':'); ++ if (proxy_it) { ++ *(proxy_it++) = 0; ++ proxy_port = atoi(proxy_it); ++ ++ if (proxy_port <= 0) { ++ rs_log_error("invalid proxy port \"%s\"", proxy_it); ++ free(proxy_host); ++ return EXIT_CONNECT_FAILED; ++ } ++ } ++ else ++ proxy_port = 1080; ++ ++ ret = dcc_connect_by_name_real(proxy_host, proxy_port, p_fd); ++ free(proxy_host); ++ } ++ ++ if (ret != 0) ++ return ret; ++ ++ /* connected to proxy, now identifier/method selection */ ++ buf[0] = 0x05; /* SOCKSv5 */ ++ buf[1] = 0x01; /* one method */ ++ buf[2] = 0x00; /* NO AUTHENTICATION REQUIRED */ ++ ret = dcc_writex(*p_fd, buf, 3); ++ if (ret != 0) ++ return ret; ++ ++ /* wait for method selection */ ++ ret = dcc_readx(*p_fd, buf, 2); ++ if (ret != 0) ++ return ret; ++ if (buf[0] != 0x05 || buf[1] != 0x00) { /* version, method */ ++ rs_log_error("invalid proxy reply (version 0x%02x, method 0x%02x)", ++ buf[0], buf[1]); ++ return EXIT_CONNECT_FAILED; ++ } ++ ++ /* send connect request */ ++ buf[0] = 0x05; /* SOCKSv5 */ ++ buf[1] = 0x01; /* CONNECT command */ ++ buf[2] = 0x00; /* reserved */ ++ buf[3] = 0x03; /* DOMAINNAME address type */ ++ buf[4] = host_length; ++ memcpy(&buf[5], host, host_length); ++ addr_buf.sin_port = htons(port); ++ memcpy(&buf[5 + host_length], &addr_buf.sin_port, 2); ++ ret = dcc_writex(*p_fd, buf, 7 + host_length); ++ if (ret != 0) ++ return ret; ++ ++ /* wait for the connection */ ++ /* read first 4 bytes of reply + 2 extra bytes we know will be there */ ++ ret = dcc_readx(*p_fd, buf, 6); ++ if (ret != 0) ++ return ret; ++ if (buf[0] != 0x05 || buf[2] != 0x00) { /* version, reserved */ ++ rs_log_error("invalid proxy reply (version 0x%02x, reserved 0x%02x)", ++ buf[0], buf[2]); ++ return EXIT_CONNECT_FAILED; ++ } ++ if (buf[1] != 0x00) { /* reply */ ++ rs_log_error("proxy connection failed, reason=0x%02x", buf[1]); ++ return EXIT_CONNECT_FAILED; ++ } ++ ++ /* now read the remaining (packet size - 6) bytes */ ++ switch (buf[3]) { /* address type */ ++ case 0x01: skip_bytes = 4; break; /* IPv4 */ ++ case 0x03: skip_bytes = buf[4] + 1; break; /* hostname with length field */ ++ case 0x04: skip_bytes = 16; break; /* IPv6 */ ++ default: ++ rs_log_error("invalid proxy reply (address type 0x%02x)", buf[3]); ++ return EXIT_CONNECT_FAILED; ++ } ++ ret = dcc_readx(*p_fd, buf, skip_bytes); ++ if (ret != 0) ++ return ret; ++ ++ return 0; ++} ++ ++int dcc_connect_by_name(const char *host, int port, int *p_fd) ++{ ++ const char *proxy; ++ ++ proxy = getenv("DISTCC_SOCKS_PROXY"); ++ if (proxy) ++ return dcc_connect_via_socks5(host, port, p_fd, proxy); ++ else ++ return dcc_connect_by_name_real(host, port, p_fd); ++} +-- +2.3.0 + -- cgit v1.2.3-65-gdbad