aboutsummaryrefslogtreecommitdiff
path: root/system/cfengine
diff options
context:
space:
mode:
Diffstat (limited to 'system/cfengine')
-rw-r--r--system/cfengine/README15
-rw-r--r--system/cfengine/cfengine.SlackBuild74
-rw-r--r--system/cfengine/cfengine.info8
-rw-r--r--system/cfengine/config/cfagent.conf6
-rw-r--r--system/cfengine/config/cfservd.conf5
-rw-r--r--system/cfengine/doinst.sh20
-rw-r--r--system/cfengine/rc.cfengine40
-rw-r--r--system/cfengine/rc.cfenvd45
-rw-r--r--system/cfengine/rc.cfservd57
9 files changed, 206 insertions, 64 deletions
diff --git a/system/cfengine/README b/system/cfengine/README
index 8656958133e6c..75eab9fbf6ed5 100644
--- a/system/cfengine/README
+++ b/system/cfengine/README
@@ -5,10 +5,15 @@ at Oslo University College, Norway.
It is used to implement policy-based configuration management on open systems
(Unix-like environments) through the interpretation of its own declarative
-language.
+language. It emphasizes an 'immunological' viewpoint, making its modus
+operandi convergence to a stable state.
-It emphasizes an 'immunological' viewpoint, making its modus operandi
-convergence to a stable state.
+Note: Even though an rc file is included, at least an update.conf is needed
+as well. A sample for which is included. For usage intros see:
+
+Cluster Management with GNU cfengine by Mark Burgess
+http://www.ieeetcsc.org/newsletters/2002-01/burgess.html
+
+Automating Security with GNU cfengine by Kirk Bauer
+http://www.linuxjournal.com/article/6848
-Note: Even though an rc file is included, at least an update.conf is
-needed as well (a sample is also included in the package).
diff --git a/system/cfengine/cfengine.SlackBuild b/system/cfengine/cfengine.SlackBuild
index f88193da82576..fdab1fad4975b 100644
--- a/system/cfengine/cfengine.SlackBuild
+++ b/system/cfengine/cfengine.SlackBuild
@@ -1,11 +1,14 @@
#!/bin/sh
# Slackware build script for Cfengine
+# Written by Menno E. Duursma <druiloor@zonnet.nl>
-# Written by Menno Duursma <druiloor@zonnet.nl>
+# This program is free software. It comes without any warranty.
+# Granted WTFPL, Version 2, as published by Sam Hocevar. See
+# http://sam.zoy.org/wtfpl/COPYING for more details.
PRGNAM=cfengine
-VERSION=2.2.3
+VERSION=2.2.8
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -19,6 +22,8 @@ if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
fi
set -e # Exit on most errors
@@ -29,8 +34,12 @@ cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION
-chown -R root:root .
-chmod -R u+w,go+r-w,a-s .
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
# The system expects everything to live in /var/cfengine generally
# Its configuration is maintained in a version control system
@@ -44,23 +53,12 @@ CXXFLAGS="$SLKCFLAGS" \
--datadir=/usr/doc \
--libdir=/usr/lib \
--enable-shared=yes \
+ --enable-static=no \
--with-docs
make
make install-strip DESTDIR=$PKG
-# Create the server directory (may not be needed)
-mkdir -p $PKG/var/cfengine/masterfiles
-
-# Include example config files
-mkdir -p $PKG/etc/rc.d
-cat $CWD/rc.cfengine > $PKG/etc/rc.d/rc.cfengine.new
-mkdir -p $PKG/var/cfengine/inputs
-cat $CWD/config/update.conf > $PKG/var/cfengine/inputs/update.conf.new
-cat $CWD/config/cfagent.conf > $PKG/var/cfengine/inputs/cfagent.conf.new
-cat $CWD/config/cfservd.conf > $PKG/var/cfengine/inputs/cfservd.conf.new
-cat $CWD/config/cfrun.hosts > $PKG/var/cfengine/inputs/cfrun.hosts.new
-
( cd $PKG/usr/man || exit 1
find . -type f -exec gzip -9 {} \;
for i in $(find . -type l) ;
@@ -68,27 +66,51 @@ cat $CWD/config/cfrun.hosts > $PKG/var/cfengine/inputs/cfrun.hosts.new
done
)
-rm -f $PKG/usr/info/dir
-gzip -9 $PKG/usr/info/*.info*
+# Create basic work dirs
+for dir in bin inputs outputs masterfiles ; do
+ mkdir -p $PKG/var/$PRGNAM/$dir
+done
+
+# Include example start/stop/restart/reload scripts
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.cfengine > $PKG/etc/rc.d/rc.cfengine.new
+cat $CWD/rc.cfenvd > $PKG/etc/rc.d/rc.cfenvd.new
+cat $CWD/rc.cfservd > $PKG/etc/rc.d/rc.cfservd.new
+# Link the cfengine name to execd for compatibility
+( cd $PKG/etc/rc.d ; ln -sf rc.cfengine rc.cfexecd )
+
+# Include example config files
+cat $CWD/config/update.conf > $PKG/var/$PRGNAM/inputs/update.conf.new
+cat $CWD/config/cfagent.conf > $PKG/var/$PRGNAM/inputs/cfagent.conf.new
+cat $CWD/config/cfservd.conf > $PKG/var/$PRGNAM/inputs/cfservd.conf.new
+cat $CWD/config/cfrun.hosts > $PKG/var/$PRGNAM/inputs/cfrun.hosts.new
+
+# Try to be a bit more compatible to some other distros versions
+( cd $PKG/etc
+ ln -sf /var/cfengine/inputs cfengine
+ ln -sf /var/cfengine/inputs cfengine2
+ cd $PKG/var ; ln -sf cfengine cfengine2
+)
+
+# Following link is for backwards compatibility
+mkdir -p $PKG/var/$PRGNAM/bin
+( cd $PKG/var/cfengine/bin ; ln -sf /usr/sbin/cfagent . )
# Put docs in the versioned directory
mv $PKG/usr/doc/$PRGNAM $PKG/usr/doc/$PRGNAM-$VERSION
cp -a [A-Z][A-Z]* ChangeLog $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
-cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.SBo
+cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README$TAG
find $PKG/usr/doc/$PRGNAM-$VERSION -type f -exec chmod 644 {} \;
+# Compress info pages and remove the package's dir file
+rm -f $PKG/usr/info/dir
+gzip -9 $PKG/usr/info/*.info*
+
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
-
-# Clean up the extra stuff
-if [ "$1" = "--cleanup" ]; then
- rm -rf $TMP/$PRGNAM-$VERSION
- rm -rf $PKG
-fi
-
diff --git a/system/cfengine/cfengine.info b/system/cfengine/cfengine.info
index 79f6598e4468a..8026f1c21e37a 100644
--- a/system/cfengine/cfengine.info
+++ b/system/cfengine/cfengine.info
@@ -1,8 +1,8 @@
PRGNAM="cfengine"
-VERSION="2.2.3"
+VERSION="2.2.8"
HOMEPAGE="http://www.cfengine.org/"
-DOWNLOAD="http://www.cfengine.org/downloads/cfengine-2.2.3.tar.gz"
-MD5SUM="903298e54e80fe0c617f1c51102caef1"
+DOWNLOAD="http://www.cfengine.org/downloads/cfengine-2.2.8.tar.gz"
+MD5SUM="8881c3c350f36b35845cdb1e6e53b8a1"
MAINTAINER="Menno E. Duursma"
EMAIL="druiloor@zonnet.nl"
-APPROVED="rworkman"
+APPROVED="David Somero" \ No newline at end of file
diff --git a/system/cfengine/config/cfagent.conf b/system/cfengine/config/cfagent.conf
index 6fe5bc7e279f7..9645f08401ba4 100644
--- a/system/cfengine/config/cfagent.conf
+++ b/system/cfengine/config/cfagent.conf
@@ -10,7 +10,7 @@ control:
processes:
# Make sure these processes are always running
- "cfenvd" restart "/usr/sbin/cfenvd"
- "cfservd" restart "/usr/sbin/cfservd"
- "cfexecd" restart "/usr/sbin/cfexecd"
+ "cfenvd" restart "/etc/rc.d/rc.cfenvd restart"
+ "cfexecd" restart "/etc/rc.d/rc.cfexecd restart"
+ #"cfservd" restart "/etc/rc.d/rc.cfservd restart"
diff --git a/system/cfengine/config/cfservd.conf b/system/cfengine/config/cfservd.conf
index 84bd910599755..292fbb96b5053 100644
--- a/system/cfengine/config/cfservd.conf
+++ b/system/cfengine/config/cfservd.conf
@@ -1,3 +1,8 @@
+# /var/cfengine/cfservd.conf
+#
+# Note: in case cfservd is started with 'cfengine' user privs, the path to
+# this file might instead be /home/cfengine/.cfagent/inputs/cfservd.conf
+
control:
domain = ( localhost )
diff --git a/system/cfengine/doinst.sh b/system/cfengine/doinst.sh
index 5740fda749da5..43efbf8aa35e9 100644
--- a/system/cfengine/doinst.sh
+++ b/system/cfengine/doinst.sh
@@ -11,16 +11,22 @@ config() {
# Otherwise, we leave the .new copy for the admin to consider...
}
-# Keep same perms on rc.cfengine:
-if [ -e etc/rc.d/rc.cfengine ]; then
- cp -a etc/rc.d/rc.cfengine etc/rc.d/rc.cfengine.new.incoming
- cat etc/rc.d/rc.cfengine.new > etc/rc.d/rc.cfengine.new.incoming
- mv etc/rc.d/rc.cfengine.new.incoming etc/rc.d/rc.cfengine.new
-fi
+# Keep same permissions on rc files:
+for PRGNAM in cfengine cfenvd cfservd ; do
+ if [ -e etc/rc.d/rc.$PRGNAM ]; then
+ cp -a etc/rc.d/rc.$PRGNAM etc/rc.d/rc.$PRGNAM.new.incoming
+ cat etc/rc.d/rc.$PRGNAM.new > etc/rc.d/rc.$PRGNAM.new.incoming
+ mv etc/rc.d/rc.$PRGNAM.new.incoming etc/rc.d/rc.$PRGNAM.new
+ fi
+ config etc/rc.d/rc.$PRGNAM.new
+done
-config etc/rc.d/rc.cfengine.new
config var/cfengine/inputs/update.conf.new
config var/cfengine/inputs/cfagent.conf.new
config var/cfengine/inputs/cfservd.conf.new
config var/cfengine/inputs/cfrun.hosts.new
+# Following link is for some backwards compatibility
+if [ ! -d var/cfengine/bin ]; then mkdir -p var/$PRGNAM/bin ; fi
+( cd var/cfengine/bin ; ln -sf ../../../usr/sbin/cfagent . )
+
diff --git a/system/cfengine/rc.cfengine b/system/cfengine/rc.cfengine
index a58103c72a8c2..08a3300d627ba 100644
--- a/system/cfengine/rc.cfengine
+++ b/system/cfengine/rc.cfengine
@@ -1,50 +1,52 @@
#!/bin/sh
-# Start cfengine:
-cfengine_start() {
+# start/stop/restart/reload cfexecd
+
+# 'cfexecd' may be used to capture cfagent output and send it as
+# mail when run. All control parameters are set in cfagent.conf.
+# cfagent can in turn start any other service (e.g. cfenvd, cfservd)
+
+# Start cfexecd:
+cfexecd_start() {
if [ -x /usr/sbin/cfexecd ]; then
# Make sure localhost keys exist first
if [ ! -f /var/cfengine/ppkeys/localhost.priv ]; then
/usr/sbin/cfkey
fi
- echo "Starting Cfengine: /usr/sbin/cfexecd"
+ echo "Starting the CFEngine scheduler service: /usr/sbin/cfexecd"
/usr/sbin/cfexecd
fi
}
-# Stop cfengine:
-cfengine_stop() {
- /bin/killall cfenvd 2> /dev/null
+# Stop cfexecd:
+cfexecd_stop() {
/bin/killall cfexecd 2> /dev/null
- /bin/killall cfservd 2> /dev/null
}
-# Restart cfengine:
-cfengine_restart() {
- cfengine_stop
+# Restart cfexecd:
+cfexecd_restart() {
+ cfexecd_stop
sleep 1
- cfengine_start
+ cfexecd_start
}
-# Reload cfengine:
-cfengine_reload() {
- /bin/killall -HUP cfenvd
+# Reload cfexecd:
+cfexecd_reload() {
/bin/killall -HUP cfexecd
- /bin/killall -HUP cfservd
}
case "$1" in
'start')
- cfengine_start
+ cfexecd_start
;;
'stop')
- cfengine_stop
+ cfexecd_stop
;;
'restart')
- cfengine_restart
+ cfexecd_restart
;;
'reload')
- cfengine_reload
+ cfexecd_reload
;;
*)
echo "usage $0 start|stop|restart|reload"
diff --git a/system/cfengine/rc.cfenvd b/system/cfengine/rc.cfenvd
new file mode 100644
index 0000000000000..03bf800b9c653
--- /dev/null
+++ b/system/cfengine/rc.cfenvd
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# start/stop/restart/reload cfenvd
+
+# Start cfenvd:
+cfenvd_start() {
+ if [ -x /usr/sbin/cfenvd ]; then
+ echo "Starting the CFEengine environment service: /usr/sbin/cfexecd"
+ /usr/sbin/cfenvd
+ fi
+}
+
+# Stop cfenvd:
+cfenvd_stop() {
+ /bin/killall cfenvd 2> /dev/null
+}
+
+# Restart cfenvd:
+cfenvd_restart() {
+ cfenvd_stop
+ sleep 1
+ cfenvd_start
+}
+
+# Reload cfenvd:
+cfenvd_reload() {
+ /bin/killall -HUP cfenvd
+}
+
+case "$1" in
+'start')
+ cfenvd_start
+ ;;
+'stop')
+ cfenvd_stop
+ ;;
+'restart')
+ cfenvd_restart
+ ;;
+'reload')
+ cfenvd_reload
+ ;;
+*)
+ echo "usage $0 start|stop|restart|reload"
+esac
diff --git a/system/cfengine/rc.cfservd b/system/cfengine/rc.cfservd
new file mode 100644
index 0000000000000..68db3261ab9ec
--- /dev/null
+++ b/system/cfengine/rc.cfservd
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# start/stop/restart/reload cfservd
+
+# 'cfservd' looks for a configuration file cfservd.conf by default.
+
+# Note: this daemon doesn't actually need to run under the root account,
+# assuming an account named 'cfservd' exists, one way of configuring it
+# to use its own account would be to to run 'cfkey' and 'cfagent' ones
+# which creates the ~/.cfagent subdir then start the service with:
+# /bin/su - cfservd -c /usr/sbin/cfservd
+
+# Start cfservd:
+cfservd_start() {
+ if [ -x /usr/sbin/cfservd ]; then
+ # Make sure localhost keys exist first
+ if [ ! -f /var/cfengine/ppkeys/localhost.priv ]; then
+ /usr/sbin/cfkey
+ fi
+ echo "Starting Cfengine: /usr/sbin/cfservd"
+ /usr/sbin/cfservd
+ fi
+}
+
+# Stop cfservd:
+cfservd_stop() {
+ /bin/killall cfservd 2> /dev/null
+}
+
+# Restart cfservd:
+cfservd_restart() {
+ cfservd_stop
+ sleep 1
+ cfservd_start
+}
+
+# Reload cfservd:
+cfservd_reload() {
+ /bin/killall -HUP cfservd
+}
+
+case "$1" in
+'start')
+ cfservd_start
+ ;;
+'stop')
+ cfservd_stop
+ ;;
+'restart')
+ cfservd_restart
+ ;;
+'reload')
+ cfservd_reload
+ ;;
+*)
+ echo "usage $0 start|stop|restart|reload"
+esac