testing/gnunet: new aport

https://gnunet.org
A framework for secure and privacy enhancing peer-to-peer networking
testing/

Closes !1907

5 files changed, 118 insertions, 0 deletions

diff --git a/testing/gnunet/APKBUILD b/testing/gnunet/APKBUILD
new file mode 100644
index 0000000000..69f192c41d
--- /dev/null
+++ b/testing/gnunet/APKBUILD
@@ -0,0 +1,79 @@
+# Contributor: xrs <xrs@mail36.net>
+# Maintainer: xrs <xrs@mail36.net>
+pkgname=gnunet
+pkgver=0.12.2
+pkgrel=0
+pkgdesc="A framework for secure and privacy enhancing peer-to-peer networking"
+url="https://gnunet.org"
+arch="all"
+license="AGPL-3.0-only"
+depends="gnutls-utils bash which iptables coreutils runit"
+depends_dev="libgpg-error-dev libgcrypt-dev nettle-dev unbound-dev gnutls-dev
+	gnurl-dev libmicrohttpd-dev openssl-dev libunistring-dev libidn2-dev
+	nss-dev sqlite-dev zlib-dev miniupnpc-dev gmp-dev gettext openjpeg-dev
+	jansson-dev"
+makedepends="$depends_dev autoconf automake libtool gettext-dev python3
+	texlive texinfo"
+install="$pkgname.pre-install $pkgname.post-install"
+pkgusers="gnunet"
+pkggroups="gnunet gnunetdns"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang $pkgname-openrc"
+options="!check suid" # No check because The GNUnet project lacks a good CI at the moment.
+source="https://mirrors.ocf.berkeley.edu/gnu/gnunet/gnunet-$pkgver.tar.gz
+	gnunet-system.conf
+	gnunet-system-services.initd
+	"
+
+build() {
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var \
+		--enable-logging=verbose
+	make
+}
+
+check() {
+	make DESTDIR="$pkgdir" check
+}
+
+package() {
+	make DESTDIR="$pkgdir" -j1 install # Using more CPUs generates CI-errors.
+
+	libexecdir=$pkgdir/usr/lib/gnunet/libexec/
+	# Limit access to critical gnunet-helper-dns to group "gnunetdns"
+	chgrp gnunetdns $libexecdir/gnunet-helper-dns
+	chgrp gnunetdns $libexecdir/gnunet-service-dns
+	# Limit access to certain SUID binaries by group "gnunet"
+	chgrp gnunet    $libexecdir/gnunet-helper-exit
+	chgrp gnunet    $libexecdir/gnunet-helper-vpn
+	chgrp gnunet    $libexecdir/gnunet-helper-nat-client
+	chgrp gnunet    $libexecdir/gnunet-helper-nat-server
+	chmod u+s       $libexecdir/gnunet-helper-exit
+	chmod u+s       $libexecdir/gnunet-helper-vpn
+	chmod 2750      $libexecdir/gnunet-helper-dns
+	chmod 2700      $libexecdir/gnunet-service-dns
+	chmod u+s       $libexecdir/gnunet-helper-nat-client
+	chmod u+s       $libexecdir/gnunet-helper-nat-server
+
+	install -m644 -D $srcdir/$pkgname-system.conf \
+		$pkgdir/etc/$pkgname.conf
+	install -m755 -D $srcdir/$pkgname-system-services.initd \
+		$pkgdir/etc/init.d/$pkgname-system-services
+}
+
+dev() {
+	default_dev
+
+	# dev() will move gnunet-config from $pkg to $pkg-dev, but it's an
+	# intended part of $pkg.
+	install -m755 -D $builddir/src/util/.libs/gnunet-config \
+		$pkgdir/usr/bin/gnunet-config
+}
+
+sha512sums="210a9f06679d32dbb399a056e7a20e411cbfacf7945a282bd7e63eb8bfd7a324815efc48caedff32894d0a3f7a4ba9d1e879e2e04db0222282399ae6fc065c7b  gnunet-0.12.2.tar.gz
+a0f55413ed2c6edd6746a751d92ddac95ba70f20eefb07330817870d749456448f44bba95d245911a00f6078e0c2ac626004e3b764be5e5e049c00626c4c5ac0  gnunet-system.conf
+63f7c17a83fa6b44f2c4c9f067ac600904dacd7faf04515293544c4b001ee5e0c360894589b46175957971101f212879cc757af8e282b4e44aa4e4abdab9b4dc  gnunet-system-services.initd"
diff --git a/testing/gnunet/gnunet-system-services.initd b/testing/gnunet/gnunet-system-services.initd
new file mode 100644
index 0000000000..c28d7d3129
--- /dev/null
+++ b/testing/gnunet/gnunet-system-services.initd
@@ -0,0 +1,13 @@
+#!/sbin/openrc-run
+
+name="gnunet-system-service"
+description="A secure and privacy enhancing peer-to-peer overlay network"
+command="/usr/lib/gnunet/libexec/gnunet-service-arm"
+command_args="-c /etc/gnunet.conf"
+command_user="gnunet:gnunet"
+command_background="yes"
+pidfile="/run/${SVCNAME}.pid"
+
+depend() {
+	need net
+}
diff --git a/testing/gnunet/gnunet-system.conf b/testing/gnunet/gnunet-system.conf
new file mode 100644
index 0000000000..303cf5f16d
--- /dev/null
+++ b/testing/gnunet/gnunet-system.conf
@@ -0,0 +1,3 @@
+[arm]
+START_SYSTEM_SERVICES = YES
+START_USER_SERVICES = NO
diff --git a/testing/gnunet/gnunet.post-install b/testing/gnunet/gnunet.post-install
new file mode 100644
index 0000000000..9b01778a3a
--- /dev/null
+++ b/testing/gnunet/gnunet.post-install
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+printf "  *\n  * To setup GNUnet user services, regular users must do the following steps:\n"
+printf "    * add user to 'gnunet' group\n"
+printf "    * add the following lines to /home/USER/.config/gnunet.conf\n"
+printf "      [arm]\n"
+printf "      START_SYSTEM_SERVICES = NO\n"
+printf "      START_USER_SERVICES = YES\n"
+printf "    * start GNUnet system services with openrc\n"
+printf "    * start GNUnet user services with 'gnunet-arm -s'\n  *\n"
+
+exit 0
diff --git a/testing/gnunet/gnunet.pre-install b/testing/gnunet/gnunet.pre-install
new file mode 100644
index 0000000000..7eea70e752
--- /dev/null
+++ b/testing/gnunet/gnunet.pre-install
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Add special group gnunetdns for controlling access to "gnunet-helper-dns".
+addgroup -S gnunetdns 2>/dev/null
+addgroup -S gnunet 2>/dev/null
+
+# Add system user/group gnunet for system services
+adduser -S -h "/var/lib/gnunet" -s /bin/sh \
+	-G gnunet -g gnunet gnunet 2>/dev/null
+
+exit 0