net/tinc: Add SMF support

net/tinc/MESSAGE.smf

@@ -0,0 +1,27 @@
+===========================================================================
+$NetBSD$
+
+ This package supports multiple SMF instances.
+
+ By default a 'default' instance is created and a example tinc.conf
+ config file is put in place in the 'default' network directory.
+ No keys will be generated automatically, the user is expected to do so.
+
+ Configure using the SMF properties: user, chroot, memlock
+
+ 'user' is the user to setuid to after initialization.
+ 'chroot' will chroot the server process to the directory where the
+ network config is located.
+ 'memlock' locks tinc into the main memory.
+
+ For more information about these options check tincd(8) manpage.
+
+ Add a example service instance:
+
+  svccfg -s tinc add mynetwork
+  svccfg -s tinc:mynetwork addpg tinc application
+  svccfg -s tinc:mynetwork setprop tinc/user = astring: noobnoob
+  svccfg -s tinc:mynetwork setprop tinc/chroot = boolean: true
+  svccfg -s tinc:mynetwork setprop tinc/memlock = boolean: true
+
+===========================================================================

net/tinc/Makefile

@@ -9,6 +9,8 @@ HOMEPAGE=	http://www.tinc-vpn.org/
 COMMENT=	Virtual Private Network (VPN) daemon
 LICENSE=	gnu-gpl-v2
 
+BUILD_DEFS+=		VARBASE
+
 INFO_FILES=		yes
 USE_TOOLS+=		msgfmt
 GNU_CONFIGURE=		yes
@@ -17,6 +19,45 @@ SUBST_CLASSES+=		mdoc
 SUBST_FILES.mdoc=	doc/tinc.conf.5.in
 SUBST_SED.mdoc+=	-e '/^$$/d'
 SUBST_STAGE.mdoc=	pre-patch
+EGDIR=			${PREFIX}/share/examples/tinc
+TINC_USER?=		tinc
+TINC_GROUP?=		tinc
+
+PKG_GROUPS_VARS+=       TINC_GROUP
+PKG_USERS_VARS+=        TINC_USER
+
+PKG_GROUPS=             ${TINC_GROUP}
+PKG_USERS=              ${TINC_USER}:${TINC_GROUP}
+PKG_SHELL.${TINC_USER}=	${SH}
+
+OWN_DIRS+=	${VARBASE}/log/tinc
+
+INSTALLATION_DIRS= share/examples/tinc
+
+PKG_SYSCONFSUBDIR= tinc
+
+CONF_FILES_PERMS+= ${EGDIR}/tinc.conf ${PKG_SYSCONFDIR}/default/tinc.conf \
+	${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 644
+CONF_FILES_PERMS+= ${EGDIR}/tinc-up ${PKG_SYSCONFDIR}/default/tinc-up \
+	${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 755
+CONF_FILES_PERMS+= ${EGDIR}/tinc-down ${PKG_SYSCONFDIR}/default/tinc-down \
+	${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 755
+
+
+MAKE_DIRS+=${PKG_SYSCONFDIR}/default
+
+.include "../../mk/bsd.prefs.mk"
+
+.if ${INIT_SYSTEM} == "smf"
+SMF_METHODS=	tinc
+MESSAGE_SRC+=	MESSAGE.smf
+MESSAGE_SUBST+=	PKG_SYSCONFDIR={PKG_SYSCONFDIR:Q}
+.endif
+
+post-install:
+	${INSTALL_DATA} ${FILESDIR}/tinc.conf ${DESTDIR}${EGDIR}
+	${INSTALL_DATA} ${FILESDIR}/tinc-up ${DESTDIR}${EGDIR}
+	${INSTALL_DATA} ${FILESDIR}/tinc-down ${DESTDIR}${EGDIR}
 
 .include "../../archivers/lzo/buildlink3.mk"
 .include "../../converters/libiconv/buildlink3.mk"

net/tinc/PLIST

@@ -1,5 +1,8 @@
-@comment $NetBSD: PLIST,v 1.4 2010/05/01 16:56:40 tonnerre Exp $
+@comment $NetBSD$
 info/tinc.info
 man/man5/tinc.conf.5
 man/man8/tincd.8
 sbin/tincd
+share/examples/tinc/tinc-down
+share/examples/tinc/tinc-up
+share/examples/tinc/tinc.conf

net/tinc/files/smf/manifest.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="export">
+	<service name="pkgsrc/tinc" type="service" version="1">
+		<create_default_instance enabled="false"/>
+
+		<dependency name="network" grouping="require_all" restart_on="refresh" type="service">
+			<service_fmri value="svc:/milestone/network:default"/>
+		</dependency>
+
+		<dependency name="filesystem" grouping="require_all" restart_on="refresh" type="service">
+			<service_fmri value="svc:/system/filesystem/local"/>
+		</dependency>
+
+		<exec_method type="method" name="start" exec="@PREFIX@/@SMF_METHOD_FILE.tinc@ start" timeout_seconds="60"/>
+		<exec_method type="method" name="stop"	exec="@PREFIX@/@SMF_METHOD_FILE.tinc@ stop" timeout_seconds="60"/>
+
+		<property_group name="application" type="application"></property_group>
+		<property_group name="startd" type="framework">
+			<propval name="duration" type="astring" value="contract"/>
+			<propval name="ignore_error" type="astring" value="core,signal"/>
+		</property_group>
+
+		<template>
+			<common_name>
+				<loctext xml:lang="C">Virtual Private Network (VPN) daemon</loctext>
+			</common_name>
+			<documentation>
+				<manpage title="tincd" section="8" manpath='@PREFIX@/share/man'/>
+			</documentation>
+		</template>
+
+	</service>
+</service_bundle>

net/tinc/files/smf/tinc.sh

@@ -0,0 +1,52 @@
+#!@SMF_METHOD_SHELL@
+#
+# Init script for tinc (SMF)
+#
+
+. /lib/svc/share/smf_include.sh
+
+getproparg() {
+	svcprop -p $1 $SMF_FMRI 2>/dev/null
+}
+
+METHOD=$1
+INSTANCE=$(echo $SMF_FMRI | sed s_.*:__)
+INSTANCE=${INSTANCE:=default}
+
+LOGDIR="@VARBASE@/log/tinc"
+LOGFILE="${LOGDIR}/tinc.${INSTANCE}.log"
+PIDFILE="@VARBASE@/run/tinc.${INSTANCE}.pid"
+_USER=$(getproparg tinc/user)
+_CHROOT=$(getproparg tinc/chroot)
+_MEMLOCK=$(getproparg tinc/memlock)
+
+USER=${_USER:=tinc}
+
+TINC_FLAGS=""
+
+# Check if there is a configuration directory for this instance
+if [ ! -d @PKG_SYSCONFDIR@/${INSTANCE} ]; then
+	echo "$0: No configuration directory found"
+	exit $SMF_EXIT_ERR_CONFIG
+fi
+
+# Chroot tinc into its config directory
+if [ "${_CHROOT}" == "true" ]; then
+	TINC_FLAGS="${TINC_FLAGS} -R"
+fi
+
+# Lock tinc memory to avoid going into swap
+if [ "${_MEMLOCK}" == "true" ]; then
+	TINC_FLAGS="${TINC_FLAGS} -L"
+fi
+
+case ${METHOD} in
+start)
+	@PREFIX@/sbin/tincd -n ${INSTANCE} -U ${USER} ${TINC_FLAGS} --logfile=${LOGFILE} --pidfile=${PIDFILE}
+	;;
+stop)
+	@PREFIX@/sbin/tincd -n ${INSTANCE} -k --pidfile=${PIDFILE}
+	;;
+esac
+
+exit ${SMF_EXIT_OK}

net/tinc/files/tinc-down

@@ -0,0 +1,4 @@
+#! /bin/sh
+
+ifconfig $INTERFACE down
+ifconfig $INTERFACE unplumb

net/tinc/files/tinc-up

@@ -0,0 +1,7 @@
+#! /bin/sh
+
+ifconfig $INTERFACE plumb
+ifconfig $INTERFACE 192.168.100.1 netmask 255.255.255.0 up
+
+# Add the routes needed
+# route add -net 192.168.4.0/24 172.16.12.10 -interface

net/tinc/files/tinc.conf

@@ -0,0 +1,66 @@
+# $NetBSD $
+#
+# tinc-vpn example configuration file. Please do NOT rely solely in the
+# information of this template, the information tinc.conf(5) manpage might
+# be more current.
+#
+# -------------------------------------------------------------------------------
+#    Name = name [required]
+#      This is the name which identifies this tinc daemon.  It must be unique
+#      for the virtual private network this daemon will connect to.
+#      We're using 'default' to match the instance name of the SMF service which
+#      is created by default.
+# -------------------------------------------------------------------------------
+Name = default
+#
+#
+# -------------------------------------------------------------------------------
+#    Mode = router | switch | hub (router)
+#      This option selects the way packets are routed to other daemons.
+#
+#      router  In this mode Subnet variables in the host configuration files will
+#              be used to form a routing table.  Only unicast packets of routable
+#              protocols (IPv4 and IPv6) are supported in this mode.
+#
+#              This is the default mode, and unless you really know you need
+#              another mode, don't change it.
+#
+#      switch  In this mode the MAC addresses of the packets on the VPN will be
+#              used to dynamically create a routing table just like an Ethernet
+#              switch does.  Unicast, multicast and broadcast packets of every
+#              protocol that runs over Ethernet are supported in this mode at the
+#              cost of frequent broadcast ARP requests and routing table updates.
+#
+#              This mode is primarily useful if you want to bridge Ethernet
+#              segments.
+#
+#      hub     This mode is almost the same as the switch mode, but instead every
+#              packet will be broadcast to the other daemons while no routing
+#              table is managed.
+# -------------------------------------------------------------------------------
+# Mode = router
+#
+#
+# -------------------------------------------------------------------------------
+#   ConnectTo = name
+#      Specifies which other tinc daemon to connect to on startup.  Multiple
+#      ConnectTo variables may be specified, in which case outgoing connections
+#      to each specified tinc daemon are made.  The names should be known to this
+#      tinc daemon (i.e., there should be a host configuration file for the name
+#      on the ConnectTo line).
+#
+#      If you don't specify a host with ConnectTo, tinc won't try to connect to
+#      other daemons at all, and will instead just listen for incoming
+#      connections.
+# -------------------------------------------------------------------------------
+# ConnectTo = vpn1
+#
+#
+# -------------------------------------------------------------------------------
+#    DeviceType = type (platform dependent)
+#       The type of the virtual network device.  Tinc will normally automatically
+#       select the right type of tun/tap interface, and this option should not be
+#       used.  However, this option can be used to select one of the special
+#       interface types, if support for them is compiled in.
+# -------------------------------------------------------------------------------
+# DeviceType = tap