pushpin: Initial ebuild

Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>
2024-02-24 00:43:07 +01:00
parent 19362796d6
commit 5dfe1f19c3
9 changed files with 158 additions and 0 deletions
--- a/net-misc/pushpin/Manifest
+++ b/net-misc/pushpin/Manifest
@@ -0,0 +1,5 @@
+AUX pushpin.confd 0 BLAKE2B 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
+AUX pushpin.initd 1232 BLAKE2B 8d1eedb72f47ceacf3b19b6b211fd0a709bb53fbd4e4bfcb0b0b6764c079e2f6411fc0c35264d388a8c174466477467920baba0b047784a4c4378eb07ed350ac SHA512 41feecaf66e603104081d77ae82af65324d5b495c2bc80be3a2b04f3fed04580e667416ca7e9de2460c65d266f2e6174ff4603c6d1186baba31bb9db6aa0ec71
+AUX pushpin.service 1124 BLAKE2B 374455a3960c14c44244a953a487b58431a9255376b4a05a54ad44f7c18fe308dc06dbfcb53b4c1e4ce376281947a9173f1cd4054e484ca5eaae64b4fd37fe3b SHA512 c1a354cc3d75149d8b02fe60406d52a375a364fa4f94b5a14f3dc2fe539a7b26e3319a4b985075bf9902c1392c8c0653c5db0ac61c53aecf88c805757eae54da
+DIST pushpin-1.38.0.tar.bz2 35670096 BLAKE2B 9a71bba46e3f0b35bedeb545ecabea31eb8cc0d63b31563c871fd703b0c51aa5f06d79bede5cf9d88d6d106f1b96ecffd1a3a0fa1da37505f0522056cbbc1045 SHA512 417892b7d07a353beba0156e6680181ccb2baa4d3fa8ae16cd8b218e5dcd279a2b339bc2ea6a36fd25f7f1b6832f646181942d5a0e939c6864cc43a51a461163
+EBUILD pushpin-1.38.0.ebuild 801 BLAKE2B b99090153f57f2ea1be2d03b133c0b4d230550dd8fe83051207fcea39519d27261f2a4a92c47bbe1c919d6d6e2f5a9878a861785d31325100d4c3ab07562ef99 SHA512 563739fa3ce11014b72068a5da7b0cb1055fe2ec21b694c920b7efef9be3d327d427cbbf9326cff7e14d5be4d642f06307c281de173215eaf9b5ef44217d359c
--- a/net-misc/pushpin/files/pushpin.confd
+++ b/net-misc/pushpin/files/pushpin.confd
--- a/net-misc/pushpin/files/pushpin.initd
+++ b/net-misc/pushpin/files/pushpin.initd
@@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+PUSHPIN_USER="${PUSHPIN_USER:-pushpin}"
+PUSHPIN_GROUP="${PUSHPIN_GROUP:-pushpin}"
+PUSHPIN_CONFIG="${PUSHPIN_CONFIG:-/etc/pushpin/pushpin.conf}"
+PUSHPIN_DATA_DIR="${PUSHPIN_DATA_DIR:-/var/lib/pushpin}"
+PUSHPIN_LOG_DIR="${PUSHPIN_LOG_DIR:-/var/log/pushpin}"
+
+command="/usr/bin/pushpin"
+command_args="--config ${PUSHPIN_CONFIG} --logfile \"${PUSHPIN_LOG_DIR}/pushpin.log\""
+
+extra_started_commands="reload"
+description_reload="Reload the pushpin configuration"
+
+pidfile="/run/${RC_SVCNAME}.pid"
+command_background="true"
+start_stop_daemon_args="--user=\"${PUSHPIN_USER}\" --group=\"${PUSHPIN_GROUP}\""
+
+configtest() {
+	ebegin "Checking configuration file"
+	test -f "${PUSHPIN_CONFIG}"
+	eend $? "Please check configuration for errors"
+}
+
+start_pre() {
+	checkpath -d -o "${PUSHPIN_USER}:${PUSHPIN_GROUP}" -m750 "${PUSHPIN_DATA_DIR}"
+	checkpath -d -o "${PUSHPIN_USER}:${PUSHPIN_GROUP}" -m750 "${PUSHPIN_LOG_DIR}"
+	configtest || return 1
+}
+
+reload() {
+	configtest || return 1
+	ebegin "Refreshing pushpin configuration"
+	start-stop-daemon --signal SIGHUP --pidfile "${pidfile}"
+	eend $? "Failed to reload pushpin"
+}
--- a/net-misc/pushpin/files/pushpin.service
+++ b/net-misc/pushpin/files/pushpin.service
@@ -0,0 +1,51 @@
+[Unit]
+Description=Pushpin reverse proxy for realtime web services
+After=network.target
+
+[Service]
+User=pushpin
+Group=pushpin
+
+#ExecStartPre=/usr/bin/pushpin validate /etc/pushpin/pushpin.conf
+ExecStart=/usr/bin/pushpin --config /etc/pushpin/pushpin.conf
+#ExecReload=/usr/bin/pushpin validate /etc/pushpin/pushpin.conf
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=no
+
+# capabilities
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+# sandboxing
+ProtectHostname=yes
+ProtectClock=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+NoNewPrivileges=yes
+RemoveIPC=yes
+RestrictNamespaces=yes
+
+WorkingDirectory=/var/lib/pushpin
+StateDirectory=pushpin
+StateDirectoryMode=0750
+
+# syscall filtering
+SystemCallFilter=@system-service @debug
+SystemCallArchitectures=native
+
+# process properties
+UMask=077
+
+[Install]
+WantedBy=multi-user.target
--- a/net-misc/pushpin/pushpin-1.38.0.ebuild
+++ b/net-misc/pushpin/pushpin-1.38.0.ebuild
@@ -0,0 +1,40 @@
+#
+#
+#
+
+EAPI=8
+
+inherit cargo
+
+DESCRIPTION="Reverse proxy for realtime web services"
+HOMEPAGE="https://pushpin.org/"
+SRC_URI="https://github.com/fastly/pushpin/releases/download/v${PV}/${P}.tar.bz2"
+
+KEYWORDS="~amd64"
+SLOT="0"
+
+RDEPEND="
+	acct-group/pushpin
+	acct-user/pushpin
+	net-libs/zeromq
+"
+DEPEND="${RDEPEND}"
+
+src_install() {
+	cargo_src_install
+	dodoc README.md CHANGELOG.md SECURITY.md LICENSE
+	dodoc examples/config/pushpin.conf
+
+        newinitd "${FILESDIR}/pushpin.initd" pushpin
+        newconfd "${FILESDIR}/pushpin.initd" pushpin
+
+        systemd_dounit "${FILESDIR}/pushpin.service"
+
+        diropts -m 0750 -o pushpin -g pushpin
+        insinto /etc/pushpin
+        newins examples/config/pushpin.conf pushpin.conf
+
+        keepdir /var/lib/pushpin
+        keepdir /var/log/pushpin
+}
+