From 5dfe1f19c38dbbd7c7e19eb517ba7c919eae9ecb Mon Sep 17 00:00:00 2001
From: Stefan Knoblich <stkn@bitplumber.de>
Date: Sat, 24 Feb 2024 00:43:07 +0100
Subject: [PATCH] pushpin: Initial ebuild

Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
---
 acct-group/pushpin/Manifest            |  1 +
 acct-group/pushpin/pushpin-0.ebuild    |  9 +++++
 acct-user/pushpin/Manifest             |  1 +
 acct-user/pushpin/pushpin-0.ebuild     | 13 +++++++
 net-misc/pushpin/Manifest              |  5 +++
 net-misc/pushpin/files/pushpin.confd   |  0
 net-misc/pushpin/files/pushpin.initd   | 38 +++++++++++++++++++
 net-misc/pushpin/files/pushpin.service | 51 ++++++++++++++++++++++++++
 net-misc/pushpin/pushpin-1.38.0.ebuild | 40 ++++++++++++++++++++
 9 files changed, 158 insertions(+)
 create mode 100644 acct-group/pushpin/Manifest
 create mode 100644 acct-group/pushpin/pushpin-0.ebuild
 create mode 100644 acct-user/pushpin/Manifest
 create mode 100644 acct-user/pushpin/pushpin-0.ebuild
 create mode 100644 net-misc/pushpin/Manifest
 create mode 100644 net-misc/pushpin/files/pushpin.confd
 create mode 100644 net-misc/pushpin/files/pushpin.initd
 create mode 100644 net-misc/pushpin/files/pushpin.service
 create mode 100644 net-misc/pushpin/pushpin-1.38.0.ebuild

diff --git a/acct-group/pushpin/Manifest b/acct-group/pushpin/Manifest
new file mode 100644
index 0000000..b783395
--- /dev/null
+++ b/acct-group/pushpin/Manifest
@@ -0,0 +1 @@
+EBUILD pushpin-0.ebuild 179 BLAKE2B 80321f89fd82a643757bdc39ae6e87ab2f6af09b10a894b0c9ba64c077ee2aead19e625b0e8341380d880d15156f2f745230ce053273f2afa5d10d3ce206e7e6 SHA512 acc176c1441374607afb791d6485641a343f3658e9d5acd6823bf4b0639a4f622c6171d445e225eb2fa7829dc0989c36238685d22b1b9aeb8eaa4c68e3e79f59
diff --git a/acct-group/pushpin/pushpin-0.ebuild b/acct-group/pushpin/pushpin-0.ebuild
new file mode 100644
index 0000000..f10ac99
--- /dev/null
+++ b/acct-group/pushpin/pushpin-0.ebuild
@@ -0,0 +1,9 @@
+# Copyright 2019-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit acct-group
+
+DESCRIPTION="Pushpin group"
+ACCT_GROUP_ID=989
diff --git a/acct-user/pushpin/Manifest b/acct-user/pushpin/Manifest
new file mode 100644
index 0000000..01f3817
--- /dev/null
+++ b/acct-user/pushpin/Manifest
@@ -0,0 +1 @@
+EBUILD pushpin-0.ebuild 282 BLAKE2B 4c24eda2c76239b5e1f5d834aa2e1b63b37012b2b4700859c4f62bf34f8041b4da5ec6b42f788ddc38c1548cf4beb4dbfb58b020bec59d2cbfa2d2e2dc9a815a SHA512 0ee3294ba4d4734105dbbeb1eb02932672e1269887a5492565054c2f5c2f89dc443cc5318738b8d0cc0ab903f7eda74d8c221db43d0e0c6571aa9161359c3da2
diff --git a/acct-user/pushpin/pushpin-0.ebuild b/acct-user/pushpin/pushpin-0.ebuild
new file mode 100644
index 0000000..0905e59
--- /dev/null
+++ b/acct-user/pushpin/pushpin-0.ebuild
@@ -0,0 +1,13 @@
+# Copyright 2019-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit acct-user
+
+DESCRIPTION="Pushpin user"
+ACCT_USER_ID=989
+ACCT_USER_HOME=/var/lib/pushpin
+ACCT_USER_HOME_PERMS=0750
+ACCT_USER_GROUPS=( pushpin )
+acct-user_add_deps
diff --git a/net-misc/pushpin/Manifest b/net-misc/pushpin/Manifest
new file mode 100644
index 0000000..4ed7d52
--- /dev/null
+++ b/net-misc/pushpin/Manifest
@@ -0,0 +1,5 @@
+AUX pushpin.confd 0 BLAKE2B 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
+AUX pushpin.initd 1232 BLAKE2B 8d1eedb72f47ceacf3b19b6b211fd0a709bb53fbd4e4bfcb0b0b6764c079e2f6411fc0c35264d388a8c174466477467920baba0b047784a4c4378eb07ed350ac SHA512 41feecaf66e603104081d77ae82af65324d5b495c2bc80be3a2b04f3fed04580e667416ca7e9de2460c65d266f2e6174ff4603c6d1186baba31bb9db6aa0ec71
+AUX pushpin.service 1124 BLAKE2B 374455a3960c14c44244a953a487b58431a9255376b4a05a54ad44f7c18fe308dc06dbfcb53b4c1e4ce376281947a9173f1cd4054e484ca5eaae64b4fd37fe3b SHA512 c1a354cc3d75149d8b02fe60406d52a375a364fa4f94b5a14f3dc2fe539a7b26e3319a4b985075bf9902c1392c8c0653c5db0ac61c53aecf88c805757eae54da
+DIST pushpin-1.38.0.tar.bz2 35670096 BLAKE2B 9a71bba46e3f0b35bedeb545ecabea31eb8cc0d63b31563c871fd703b0c51aa5f06d79bede5cf9d88d6d106f1b96ecffd1a3a0fa1da37505f0522056cbbc1045 SHA512 417892b7d07a353beba0156e6680181ccb2baa4d3fa8ae16cd8b218e5dcd279a2b339bc2ea6a36fd25f7f1b6832f646181942d5a0e939c6864cc43a51a461163
+EBUILD pushpin-1.38.0.ebuild 801 BLAKE2B b99090153f57f2ea1be2d03b133c0b4d230550dd8fe83051207fcea39519d27261f2a4a92c47bbe1c919d6d6e2f5a9878a861785d31325100d4c3ab07562ef99 SHA512 563739fa3ce11014b72068a5da7b0cb1055fe2ec21b694c920b7efef9be3d327d427cbbf9326cff7e14d5be4d642f06307c281de173215eaf9b5ef44217d359c
diff --git a/net-misc/pushpin/files/pushpin.confd b/net-misc/pushpin/files/pushpin.confd
new file mode 100644
index 0000000..e69de29
diff --git a/net-misc/pushpin/files/pushpin.initd b/net-misc/pushpin/files/pushpin.initd
new file mode 100644
index 0000000..3e84e4f
--- /dev/null
+++ b/net-misc/pushpin/files/pushpin.initd
@@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+PUSHPIN_USER="${PUSHPIN_USER:-pushpin}"
+PUSHPIN_GROUP="${PUSHPIN_GROUP:-pushpin}"
+PUSHPIN_CONFIG="${PUSHPIN_CONFIG:-/etc/pushpin/pushpin.conf}"
+PUSHPIN_DATA_DIR="${PUSHPIN_DATA_DIR:-/var/lib/pushpin}"
+PUSHPIN_LOG_DIR="${PUSHPIN_LOG_DIR:-/var/log/pushpin}"
+
+command="/usr/bin/pushpin"
+command_args="--config ${PUSHPIN_CONFIG} --logfile \"${PUSHPIN_LOG_DIR}/pushpin.log\""
+
+extra_started_commands="reload"
+description_reload="Reload the pushpin configuration"
+
+pidfile="/run/${RC_SVCNAME}.pid"
+command_background="true"
+start_stop_daemon_args="--user=\"${PUSHPIN_USER}\" --group=\"${PUSHPIN_GROUP}\""
+
+configtest() {
+	ebegin "Checking configuration file"
+	test -f "${PUSHPIN_CONFIG}"
+	eend $? "Please check configuration for errors"
+}
+
+start_pre() {
+	checkpath -d -o "${PUSHPIN_USER}:${PUSHPIN_GROUP}" -m750 "${PUSHPIN_DATA_DIR}"
+	checkpath -d -o "${PUSHPIN_USER}:${PUSHPIN_GROUP}" -m750 "${PUSHPIN_LOG_DIR}"
+	configtest || return 1
+}
+
+reload() {
+	configtest || return 1
+	ebegin "Refreshing pushpin configuration"
+	start-stop-daemon --signal SIGHUP --pidfile "${pidfile}"
+	eend $? "Failed to reload pushpin"
+}
diff --git a/net-misc/pushpin/files/pushpin.service b/net-misc/pushpin/files/pushpin.service
new file mode 100644
index 0000000..8f4edd1
--- /dev/null
+++ b/net-misc/pushpin/files/pushpin.service
@@ -0,0 +1,51 @@
+[Unit]
+Description=Pushpin reverse proxy for realtime web services
+After=network.target
+
+[Service]
+User=pushpin
+Group=pushpin
+
+#ExecStartPre=/usr/bin/pushpin validate /etc/pushpin/pushpin.conf
+ExecStart=/usr/bin/pushpin --config /etc/pushpin/pushpin.conf
+#ExecReload=/usr/bin/pushpin validate /etc/pushpin/pushpin.conf
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=no
+
+# capabilities
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+# sandboxing
+ProtectHostname=yes
+ProtectClock=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+NoNewPrivileges=yes
+RemoveIPC=yes
+RestrictNamespaces=yes
+
+WorkingDirectory=/var/lib/pushpin
+StateDirectory=pushpin
+StateDirectoryMode=0750
+
+# syscall filtering
+SystemCallFilter=@system-service @debug
+SystemCallArchitectures=native
+
+# process properties
+UMask=077
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-misc/pushpin/pushpin-1.38.0.ebuild b/net-misc/pushpin/pushpin-1.38.0.ebuild
new file mode 100644
index 0000000..57e21b9
--- /dev/null
+++ b/net-misc/pushpin/pushpin-1.38.0.ebuild
@@ -0,0 +1,40 @@
+#
+#
+#
+
+EAPI=8
+
+inherit cargo
+
+DESCRIPTION="Reverse proxy for realtime web services"
+HOMEPAGE="https://pushpin.org/"
+SRC_URI="https://github.com/fastly/pushpin/releases/download/v${PV}/${P}.tar.bz2"
+
+KEYWORDS="~amd64"
+SLOT="0"
+
+RDEPEND="
+	acct-group/pushpin
+	acct-user/pushpin
+	net-libs/zeromq
+"
+DEPEND="${RDEPEND}"
+
+src_install() {
+	cargo_src_install
+	dodoc README.md CHANGELOG.md SECURITY.md LICENSE
+	dodoc examples/config/pushpin.conf
+
+        newinitd "${FILESDIR}/pushpin.initd" pushpin
+        newconfd "${FILESDIR}/pushpin.initd" pushpin
+
+        systemd_dounit "${FILESDIR}/pushpin.service"
+
+        diropts -m 0750 -o pushpin -g pushpin
+        insinto /etc/pushpin
+        newins examples/config/pushpin.conf pushpin.conf
+
+        keepdir /var/lib/pushpin
+        keepdir /var/log/pushpin
+}
+