diff options
| author |   Yixun Lan <dlan@gentoo.org> | 2021-02-13 23:21:57 +0800 |
|---|---|---|
| committer | Yixun Lan <dlan@gentoo.org> | 2021-02-13 23:23:00 +0800 |
| commit | f995177fa0ec5b3886809d17666ab509c1476bfb (patch) | |
| tree | ec502b0156b70f06538d89c502fe4a2c2f1d550f /net-proxy/trojan | |
| parent | acct-user/trojan: user for net-proxy/trojan (diff) | |
| download | gentoo-f995177fa0ec5b3886809d17666ab509c1476bfb.tar.gz gentoo-f995177fa0ec5b3886809d17666ab509c1476bfb.tar.bz2 gentoo-f995177fa0ec5b3886809d17666ab509c1476bfb.zip | |
net-proxy/trojan: create dedicated UID/GID
create dedicated user/group for trojan, so not to expose sensitive info
for the security reason.
also drop the live ebuild while still kept the logic for easy future
updating.
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Yixun Lan <dlan@gentoo.org>
Diffstat (limited to 'net-proxy/trojan')
| -rw-r--r-- | net-proxy/trojan/files/README.gentoo | 14 | ||||
| -rw-r--r-- | net-proxy/trojan/files/trojan.initd | 6 | ||||
| -rw-r--r-- | net-proxy/trojan/trojan-1.16.0-r2.ebuild (renamed from net-proxy/trojan/trojan-1.16.0-r1.ebuild) | 37 | ||||
| -rw-r--r-- | net-proxy/trojan/trojan-9999.ebuild | 61 |
4 files changed, 39 insertions, 79 deletions
diff --git a/net-proxy/trojan/files/README.gentoo b/net-proxy/trojan/files/README.gentoo new file mode 100644 index 000000000000..caaf236f4c1c --- /dev/null +++ b/net-proxy/trojan/files/README.gentoo @@ -0,0 +1,14 @@ +Notes: + 1) starting from version 1.16.0-r2, the daemon will +run as user='trojan', previous it's run as user='nobody', +you might want to fix the permissions at /etc/trojan/*. + + 2) Running Trojan with multi instances + + a) Using OpenRC + Prepare /etc/trojan/${foo}.json first + # ln -s /etc/init.d/trojan{,.${foo}} + # rc-update add trojan.${foo} default + + b) Using Systemd + # systemctl enable trojan.${foo} diff --git a/net-proxy/trojan/files/trojan.initd b/net-proxy/trojan/files/trojan.initd index 348d307c5264..9c86bf704b9b 100644 --- a/net-proxy/trojan/files/trojan.initd +++ b/net-proxy/trojan/files/trojan.initd @@ -1,9 +1,9 @@ #!/sbin/openrc-run -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -TJ_USER=nobody -TJ_GROUP=nobody +TJ_USER=trojan +TJ_GROUP=trojan TJ_NAME=${SVCNAME##*.} if [ -n "${TJ_NAME}" -a "${SVCNAME}" != "trojan" ]; then diff --git a/net-proxy/trojan/trojan-1.16.0-r1.ebuild b/net-proxy/trojan/trojan-1.16.0-r2.ebuild index 606095c5ab12..88eb4b02d0ad 100644 --- a/net-proxy/trojan/trojan-1.16.0-r1.ebuild +++ b/net-proxy/trojan/trojan-1.16.0-r2.ebuild @@ -3,17 +3,23 @@ EAPI=7 +DISABLE_AUTOFORMATTING=1 +FORCE_PRINT_ELOG=1 PYTHON_COMPAT=( python3_{7..9} ) -inherit cmake python-any-r1 systemd - +inherit cmake python-any-r1 systemd readme.gentoo-r1 DESCRIPTION="An unidentifiable mechanism that helps you bypass GFW" HOMEPAGE="https://github.com/trojan-gfw/trojan" -SRC_URI="https://github.com/trojan-gfw/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" +if [[ "${PV}" == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/trojan-gfw/trojan.git" +else + SRC_URI="https://github.com/trojan-gfw/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +fi LICENSE="GPL-3+" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~x86" IUSE="mysql test" # Some hiccups setting up local network server. @@ -25,9 +31,18 @@ RDEPEND=" mysql? ( dev-db/mysql-connector-c:= ) " DEPEND="${RDEPEND} + acct-group/trojan + acct-user/trojan test? ( net-misc/curl ${PYTHON_DEPS} ) " +src_prepare() { + default + cmake_src_prepare + sed -i -e "/User/s/nobody/trojan/g" \ + "${S}"/examples/trojan.service-example || die +} + src_configure() { local mycmakeargs=( -DENABLE_MYSQL=$(usex mysql) @@ -40,6 +55,8 @@ src_configure() { src_install() { cmake_src_install newinitd "${FILESDIR}/trojan.initd" trojan + + readme.gentoo_create_doc } src_test() { @@ -47,15 +64,5 @@ src_test() { } pkg_postinst() { - elog "Running Trojan with multi instances" - elog "" - - elog "Prepare /etc/trojan/\${blah}.json first" - elog "Config with Openrc" - elog " ln -s /etc/init.d/trojan{,.\${blah}}" - elog " rc-update add trojan.\${blah} default" - elog "" - elog "Config with Systemd" - elog " systemctl enable trojan.\${blah}" - elog "" + readme.gentoo_print_elog } diff --git a/net-proxy/trojan/trojan-9999.ebuild b/net-proxy/trojan/trojan-9999.ebuild deleted file mode 100644 index b9a12df1c16e..000000000000 --- a/net-proxy/trojan/trojan-9999.ebuild +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..9} ) -EGIT_REPO_URI="https://github.com/trojan-gfw/trojan.git" - -inherit cmake git-r3 python-any-r1 systemd - -DESCRIPTION="An unidentifiable mechanism that helps you bypass GFW" -HOMEPAGE="https://github.com/trojan-gfw/trojan" - -LICENSE="GPL-3+" -SLOT="0" -KEYWORDS="" -IUSE="mysql test" - -# Some hiccups setting up local network server. -RESTRICT="test" - -RDEPEND=" - >=dev-libs/boost-1.66.0:= - dev-libs/openssl:0= - mysql? ( dev-db/mysql-connector-c:= ) -" -DEPEND="${RDEPEND} - test? ( net-misc/curl ${PYTHON_DEPS} ) -" - -src_configure() { - local mycmakeargs=( - -DENABLE_MYSQL=$(usex mysql) - -DSYSTEMD_SERVICE=ON - -DSYSTEMD_SERVICE_PATH=$(systemd_get_systemunitdir) - ) - cmake_src_configure -} - -src_install() { - cmake_src_install - newinitd "${FILESDIR}/trojan.initd" trojan -} - -src_test() { - cmake_src_test -j1 -} - -pkg_postinst() { - elog "Running Trojan with multi instances" - elog "" - - elog "Prepare /etc/trojan/\${blah}.json first" - elog "Config with Openrc" - elog " ln -s /etc/init.d/trojan{,.\${blah}}" - elog " rc-update add trojan.\${blah} default" - elog "" - elog "Config with Systemd" - elog " systemctl enable trojan.\${blah}" - elog "" -} |