| 1 | # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 |
|---|
| 2 | # $Id$ |
|---|
| 3 | |
|---|
| 4 | PortSystem 1.0 |
|---|
| 5 | PortGroup github 1.0 |
|---|
| 6 | |
|---|
| 7 | github.setup dun munge 0.5.12 munge- |
|---|
| 8 | categories net security |
|---|
| 9 | license GPL-3 |
|---|
| 10 | maintainers kornel.us:karl |
|---|
| 11 | description Creating and validating credentials in HPC clusters. |
|---|
| 12 | long_description MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication \ |
|---|
| 13 | service for creating and validating credentials. It is \ |
|---|
| 14 | designed to be highly scalable for use in an HPC cluster \ |
|---|
| 15 | environment. It allows a process to authenticate the UID \ |
|---|
| 16 | and GID of another local or remote process within a group \ |
|---|
| 17 | of hosts having common users and groups. These hosts form \ |
|---|
| 18 | a security realm that is defined by a shared cryptographic \ |
|---|
| 19 | key. Clients within this security realm can create and \ |
|---|
| 20 | validate credentials without the use of root privileges, \ |
|---|
| 21 | reserved ports, or platform-specific methods. |
|---|
| 22 | homepage https://dun.github.io/munge/ |
|---|
| 23 | |
|---|
| 24 | platforms darwin |
|---|
| 25 | checksums rmd160 0bc366a2d0a49875e7cf35ea2aebeef33490ed0c \ |
|---|
| 26 | sha256 23585c1da3f4ea7c2882511c0a08220a2be13d9c03e54486bb8546791fa6c89b |
|---|
| 27 | |
|---|
| 28 | # We can either use OpenSSL or libgcrypt. Let's default to OpenSSL. |
|---|
| 29 | depends_lib-append port:openssl |
|---|
| 30 | use_configure yes |
|---|
| 31 | configure.args --with-crypto-lib=openssl \ |
|---|
| 32 | --with-openssl-prefix=${prefix} |
|---|
| 33 | |
|---|
| 34 | # Allow using libgcrypt instead of OpenSSL. |
|---|
| 35 | variant libgcrypt description {Use libgcrypt for cryptograpic routines} { |
|---|
| 36 | depends_lib-delete port:openssl |
|---|
| 37 | depends_lib-append port:libgcrypt |
|---|
| 38 | configure.args-delete --with-crypto-lib=openssl \ |
|---|
| 39 | --with-openssl-prefix=${prefix} |
|---|
| 40 | configure.args-append --with-crypto-lib=libgcrypt \ |
|---|
| 41 | --with-libgcrypt-prefix=${prefix} |
|---|
| 42 | } |
|---|
| 43 | |
|---|
| 44 | # Allow doing testing |
|---|
| 45 | test.run yes |
|---|
| 46 | test.target check |
|---|
| 47 | |
|---|
| 48 | # When activating, make sure certain things are set |
|---|
| 49 | post-activate { |
|---|
| 50 | # Create directories for config and for munge runtime |
|---|
| 51 | xinstall -m 700 -d ${prefix}/etc/munge |
|---|
| 52 | xinstall -m 711 -d ${prefix}/var/lib/munge |
|---|
| 53 | xinstall -m 755 -d ${prefix}/var/run/munge |
|---|
| 54 | |
|---|
| 55 | # If a key doens't already exist, create a new one. |
|---|
| 56 | if {![file exists ${prefix}/etc/munge/munge.key]} { |
|---|
| 57 | system "dd if=/dev/urandom of=${prefix}/etc/munge/munge.key bs=1 count=1024" |
|---|
| 58 | file attributes ${prefix}/etc/munge/munge.key -permissions 0600 |
|---|
| 59 | } |
|---|
| 60 | |
|---|
| 61 | } |
|---|
| 62 | notes "Once munge is activated, a random key will be generated and placed at ${prefix}/etc/munge/munge.key. If you put in your own key, make sure only root can access it, and remember to restart munged!" |
|---|
| 63 | |
|---|
| 64 | # Create a startup item for munge |
|---|
| 65 | startupitem.create yes |
|---|
| 66 | startupitem.name munged |
|---|
| 67 | startupitem.executable ${prefix}/sbin/munged --foreground |
|---|
| 68 | startupitem.logfile ${prefix}/var/log/munged.log |
|---|
| 69 | startupitem.logevents yes |
|---|
| 70 | startupitem.netchange yes |
|---|
