diff options
author | B. Watson <yalhcru@gmail.com> | 2018-08-03 05:57:19 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2018-08-04 08:17:11 +0700 |
commit | c307650f720584677c21b0d311ff566df8b83dfc (patch) | |
tree | 378182019151f2409c0ac346b3cd520e1cb322f5 | |
parent | f516576ada936b719baa671f569f1a4b2ffabea9 (diff) |
network/ipxnet: Added (tunnel IPX over TCP/IP).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r-- | network/ipxnet/README | 47 | ||||
-rw-r--r-- | network/ipxnet/doinst.sh | 32 | ||||
-rw-r--r-- | network/ipxnet/git2tarxz.sh | 42 | ||||
-rw-r--r-- | network/ipxnet/ipxnet.SlackBuild | 94 | ||||
-rw-r--r-- | network/ipxnet/ipxnet.info | 10 | ||||
-rw-r--r-- | network/ipxnet/rc.ipxnet | 63 | ||||
-rw-r--r-- | network/ipxnet/rc.ipxnet.conf | 15 | ||||
-rw-r--r-- | network/ipxnet/slack-desc | 19 |
8 files changed, 322 insertions, 0 deletions
diff --git a/network/ipxnet/README b/network/ipxnet/README new file mode 100644 index 0000000000000..1b7786bbf587c --- /dev/null +++ b/network/ipxnet/README @@ -0,0 +1,47 @@ +ipxnet (tunnel IPX over TCP/IP) + +Host a standalone IPX network over tcp for old DOS games running in +dosbox. + +For more information, see "https://www.dosbox.com/wiki/connectivity". Note +that the "Start IPX server" step is unnecessary when using this build +of ipxnet. + +There are two use cases for ipxnet, with two separate executables: + +- Users start the daemon as needed, and kill it when they're done. For + this, there's no need for an init script. The executable for users is + called "ipxnet". It logs to standard output only, and doesn't detach + from the terminal. The officially assigned UDP port number can't be + used, as it's port 213 and normal users can't bind to ports below 1024. + +- Persistent daemon, that starts at boot and runs until shutdown. The + executable for this is "ipxnet-system", but you don't normally run it + directly. Instead, there's an init script. To make ipxnet start at boot: + + # chmod 755 /etc/rc.d/rc.ipxnet + +...then edit /etc/rc.d/rc.local and add: + + if [ -x /etc/rc.d/rc.ipxnet ]; then + /etc/rc.d/rc.ipxnet start + fi + +The default UDP port for ipxnet-system is 213. To change this, edit +/etc/rc.d/rc.ipxnet.conf, then run "/etc/rc.d/rc.ipxnet restart" if the +daemon is already running. + +The ipxnet-system log file is /var/log/ipxnet.log. It will not be +overwritten when the package is reinstalled. + +The ipxnet-system binary is installed setuid nobody and setgid nogroup +by default. If you want to change this, set IPXUSER and/or IPXGROUP +in the SlackBuild's environment. It's a bad idea to run this as root, +since it hasn't been audited for security. If you're really paranoid, +you probably will want to create a dedicated ipxnet user and group. + +ipxnet-system also has the cap_net_bind_service capability set, meaning +it must be installed on a filesystem that supports capabilities (this +includes but is not limited to ext2/3/4 and reiserfs v3). This is required +for it to run as "nobody" yet be able to bind to low-numbered ports, +and is a much safer alternative to running it as root. diff --git a/network/ipxnet/doinst.sh b/network/ipxnet/doinst.sh new file mode 100644 index 0000000000000..5af0d51745ef4 --- /dev/null +++ b/network/ipxnet/doinst.sh @@ -0,0 +1,32 @@ + +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + rm $NEW + fi +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.ipxnet.new +config etc/rc.d/rc.ipxnet.conf.new + +# create log if missing, make sure ownership is correct. log +# will not be removed on package removal. +touch var/log/ipxnet.log +chown @IPXUSER@:@IPXGROUP@ var/log/ipxnet.log + +# 14.2 uses tar-1.15 for makepkg, can't handle capabilities, so: +[ -e /sbin/setcap] && /sbin/setcap cap_net_bind_service=epi usr/sbin/ipxnet-system diff --git a/network/ipxnet/git2tarxz.sh b/network/ipxnet/git2tarxz.sh new file mode 100644 index 0000000000000..43de757147d65 --- /dev/null +++ b/network/ipxnet/git2tarxz.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +# Create source tarball from git repo, with generated version +# number. We don't include the git history in the tarball. + +# Note that this script doesn't need to be run as root. It does +# need to be able to write to the current directory it's run from. + +PRGNAM=ipxnet +CLONE_URL=https://github.com/intangir/$PRGNAM.git + +set -e + +GITDIR=$( mktemp -dt $PRGNAM.git.XXXXXX ) +rm -rf $GITDIR +git clone $CLONE_URL $GITDIR + +CWD="$( pwd )" +cd $GITDIR + +VERSION=$( git log --date=format:%Y%m%d --pretty=format:%cd.%h -n1 ) + +rm -rf .git +find . -name .gitignore -print0 | xargs -0 rm -f + +cd "$CWD" +rm -rf $PRGNAM-$VERSION $PRGNAM-$VERSION.tar.xz +mv $GITDIR $PRGNAM-$VERSION +tar cvfJ $PRGNAM-$VERSION.tar.xz $PRGNAM-$VERSION + +cat <<EOF + +Archive created: $PRGNAM-$VERSION.tar.xz + +Update $PRGNAM.info with: + +VERSION="$VERSION" +DOWNLOAD="http://urchlay.naptime.net/~urchlay/src/$PRGNAM-$VERSION.tar.xz" +MD5SUM="$( md5sum $PRGNAM-$VERSION.tar.xz | cut -d' ' -f1 )" + +Don't forget to upload the new source! +EOF diff --git a/network/ipxnet/ipxnet.SlackBuild b/network/ipxnet/ipxnet.SlackBuild new file mode 100644 index 0000000000000..c6d4810cff14e --- /dev/null +++ b/network/ipxnet/ipxnet.SlackBuild @@ -0,0 +1,94 @@ +#!/bin/sh + +# Slackware build script for ipxnet + +# Written by B. Watson (yalhcru@gmail.com) + +# Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details. + +# We install the binary setuid nobody/nogroup by default. +IPXUSER="${IPXUSER:-nobody}" +IPXGROUP="${IPXGROUP:-nogroup}" + +PRGNAM=ipxnet +VERSION=${VERSION:-20120808.0dce97e} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.xz +cd $PRGNAM-$VERSION +chown -R root:root . +chmod 644 * + +# We build 2 binaries: One with logging enabled, setuid nobody/nogroup, +# for persistent daemon (init script) use... and one that doesn't log +# to a file or daemonize (just prints to stdout), for normal users to +# start at will. + +# System version first: +sed -i "/#define *LOGNAME/s, \".*, \"/var/log/$PRGNAM.log\"," config.h +make CXXFLAGS="$SLKCFLAGS" LIBS="-lSDL_net -lSDL" +install -D -m6550 -o$IPXUSER -g$IPXGROUP -s $PRGNAM $PKG/usr/sbin/${PRGNAM}-system + +# Now the user one: +sed -i "/#define *LOG_TO_FILE/s,#define,#undef," config.h +make clean +make CXXFLAGS="$SLKCFLAGS" LIBS="-lSDL_net -lSDL" +install -D -m755 -oroot -groot -s $PRGNAM $PKG/usr/bin/$PRGNAM + +# Startup script. Not enabled by default (README explains what to do). +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.$PRGNAM > $PKG/etc/rc.d/rc.$PRGNAM.new +cat $CWD/rc.$PRGNAM.conf > $PKG/etc/rc.d/rc.$PRGNAM.conf.new + +# doinst.sh installs blank log file, only need to include /var/log here. +mkdir -p $PKG/var/log + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a README.md $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +sed -e "s,@IPXUSER@,$IPXUSER,g" \ + -e "s,@IPXGROUP@,$IPXGROUP,g" \ + $CWD/doinst.sh > $PKG/install/doinst.sh + +# Our README includes init script instructions, include it. +cat $CWD/README > $PKG/install/README_SBo.txt + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/ipxnet/ipxnet.info b/network/ipxnet/ipxnet.info new file mode 100644 index 0000000000000..c17a1eaea5bf7 --- /dev/null +++ b/network/ipxnet/ipxnet.info @@ -0,0 +1,10 @@ +PRGNAM="ipxnet" +VERSION="20120808.0dce97e" +HOMEPAGE="https://github.com/intangir/ipxnet" +DOWNLOAD="http://urchlay.naptime.net/~urchlay/src/ipxnet-20120808.0dce97e.tar.xz" +MD5SUM="a6bebe9513240e145285e4526ea3114c" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="B. Watson" +EMAIL="yalhcru@gmail.com" diff --git a/network/ipxnet/rc.ipxnet b/network/ipxnet/rc.ipxnet new file mode 100644 index 0000000000000..22733ce0e8a3f --- /dev/null +++ b/network/ipxnet/rc.ipxnet @@ -0,0 +1,63 @@ +#!/bin/sh + +# "Simple" init script for SBo ipxnet, by B. Watson <yalhcru@gmail.com>. If +# you need something fancier (multiple instances of ipxnet), feel free +# to implement it here and send me the updated script. I'll add it to +# the SBo build. + +# Note that ipxnet daemonizes itself immediately (before even checking if +# it got the right number of command line arguments) and doesn't create a +# PID file. Trying to capture the PID of the just-spawned ipxnet process +# in this script is problematic, so I didn't bother with a PID file. We +# can't even capture error messages (because it closed its stdout/stderr). + +# The default settings: +IPXPORT=19900 + +# If config file found, source it (can override IPXPORT) +[ -e /etc/rc.d/rc.ipxnet.conf ] && source /etc/rc.d/rc.ipxnet.conf + +ok_fail() { + if [ "$?" = "0" ]; then + echo "OK" + exit 0 + else + echo "FAIL" + exit 1 + fi +} + +# returns success if an ipxnet process is listening on our port. +is_running() { + lsof +c 0 -i 4UDP:$IPXPORT | grep -q ipxnet-system +} + +# ipxnet doesn't exit with error status if it fails to start. So we have +# to check whether it started or not... we wait up to 20 sec or so, then +# give up. +check_start() { + for i in 0.2 0.5 1 3 6 10; do + sleep $i + is_running && return 0 + done + return 1 +} + +case "${1:-start}" in + start) + echo -n "Starting ipxnet on UDP port $IPXPORT: " + if is_running; then + echo "Already running!" + exit 1 + fi + /usr/sbin/ipxnet-system $IPXPORT + check_start + ok_fail + ;; + + stop) echo -n "Stopping ipxnet: "; killall ipxnet-system ; ok_fail ;; + + restart) $0 stop ; sleep 1; exec $0 start ;; + + *) echo "Usage: $0 stop|stop|restart" +esac diff --git a/network/ipxnet/rc.ipxnet.conf b/network/ipxnet/rc.ipxnet.conf new file mode 100644 index 0000000000000..bc9bfa34a0e16 --- /dev/null +++ b/network/ipxnet/rc.ipxnet.conf @@ -0,0 +1,15 @@ +# Config file for SBo ipxnet startup script, by B. Watson <yalhcru@gmail.com>. + +# ipxnet-system binary runs setuid nobody by default, but has the +# cap_net_bind_service capability set. This gives the ipxnet-system +# process the capability to open low-numbered ports (any port < 1024), +# which could be a security concern: if ipxnet can be exploited, the +# exploit code could listen on e.g. the ssh or http port. The alternative +# (running ipxnet with root privileges) is much worse though: the exploit +# code could do *anything* in that case. + +# The official assigned port number: +IPXPORT=213 + +# The port number from the DOSBox examples: +# IPXPORT=19900 diff --git a/network/ipxnet/slack-desc b/network/ipxnet/slack-desc new file mode 100644 index 0000000000000..54274192e95ec --- /dev/null +++ b/network/ipxnet/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +ipxnet: ipxnet (tunnel IPX over TCP/IP) +ipxnet: +ipxnet: Host a standalone IPX network over tcp for old DOS games running +ipxnet: in dosbox. +ipxnet: +ipxnet: +ipxnet: +ipxnet: +ipxnet: +ipxnet: +ipxnet: |