From patchwork Mon Sep 11 11:49:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dushara Jayasinghe X-Patchwork-Id: 812399 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="MNJFjRyg"; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xrW8P4Ctzz9s4q for ; Tue, 12 Sep 2017 00:51:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 039CA864E1; Mon, 11 Sep 2017 14:51:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yEFdKLlXpYXm; Mon, 11 Sep 2017 14:51:07 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 6559E86052; Mon, 11 Sep 2017 14:51:07 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 769B21C15D4 for ; Mon, 11 Sep 2017 14:51:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6F2BE8677B for ; Mon, 11 Sep 2017 14:51:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWPamyhKWycb for ; Mon, 11 Sep 2017 14:51:04 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f169.google.com (mail-pf0-f169.google.com [209.85.192.169]) by whitealder.osuosl.org (Postfix) with ESMTPS id 198C5871D5 for ; Mon, 11 Sep 2017 14:51:04 +0000 (UTC) Received: by mail-pf0-f169.google.com with SMTP id e1so14304784pfk.1 for ; Mon, 11 Sep 2017 07:51:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tjH4xnVvh/3RT7H/2mg9SYqDWu187L/f5qfkiqviSbE=; b=MNJFjRyg+ZFq+o9ZmG4WWpnizcRTTsxMJMAppaXyNvCASfDOl/+/624KO9B+A+0oCt dyjroyeozAMn19iyjhNRwOOwGw/iYfOJVMqv6zNLMhqu9GEY9Yy7NA5QpXUSsBwbv2bz YWCPA51OWK5bP2/sfRUQs392uNvfla73aKVPFkMqhEEypycsGezKaBwz6EIQob9wvopR N67omSKbNPdkQwDUI1ktQpE/vtK32UV6OYFD+KFPbyfqw0i8Yh+HWwLraRgPDyqt+t4c VNMcny2qhGjRuyCAHECOK+HaJXelQUfP+7DDBmlxfqnAGQ7mEP1Twn0L32CeZi5EukJI yzLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tjH4xnVvh/3RT7H/2mg9SYqDWu187L/f5qfkiqviSbE=; b=OUczNV2efZcIJLsGRHkd9FdIlxFculx2pypPGbfQI0nY5g7+mUfs9hTDgQqZ3bv2to K9zyM6LWGKfecbL8XBETCgKeDXaUFRr+5x5ao86ApSPJszkCk6G28iAkTG+16/oN7aww RFiVaWjL2kXBL5DRLcKLgV49bOKMHdwwehtHBRvvris4N4WNfm/TYbDsAx+l1BJC1N2E 4J92JbgQNpO31doPvRzK4TP5WELVbfM6lFLRoAMzoHbJQ4sBhzRkV2NmeyVj8hq4OpLH j43ZI2qKvJWCBgYPmvsBFhDRt8eEpT5XyZZZ6RGyAUAXbpqgIwyVhoi/XrN6EEQFCQiT DPzw== X-Gm-Message-State: AHPjjUj7bao9Zdl0rO6dxZgY3yq924X/rp6xVG83Tik9tMypPunYUvan 6ey8qyq3tTy5D8bnSDc= X-Google-Smtp-Source: ADKCNb7O96Ii86uzI5hIFIJj6QD/tIjc3H6/Mq32kFHqgf2TP0cF8rg4aYS0wCstYa7AI4FQSXqjOA== X-Received: by 10.84.238.131 with SMTP id v3mr13570209plk.342.1505130558578; Mon, 11 Sep 2017 04:49:18 -0700 (PDT) Received: from debian (124-170-16-137.dyn.iinet.net.au. [124.170.16.137]) by smtp.gmail.com with ESMTPSA id h10sm12415285pgq.86.2017.09.11.04.49.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Sep 2017 04:49:17 -0700 (PDT) Received: from dushara by debian with local (Exim 4.84_2) (envelope-from ) id 1drNDG-00055r-QP; Mon, 11 Sep 2017 21:49:14 +1000 From: Dushara Jayasinghe To: buildroot@busybox.net Date: Mon, 11 Sep 2017 21:49:02 +1000 Message-Id: <1505130542-19544-1-git-send-email-nidujay@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504909108-18547-2-git-send-email-nidujay@gmail.com> References: <1504909108-18547-2-git-send-email-nidujay@gmail.com> Cc: Thomas Petazzoni , developers@prosody.im, zash@zash.se, Dushara Jayasinghe , "Yann E. MORIN" Subject: [Buildroot] [PATCH v2] package/prosody: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" As stated by the upstream developers, Prosody only supports lua-5.1 or luajit (which is a lua-5.1 interpreter): > Response from zash at zash.se: > >> I pegged the package to lua 5,1 based on the contents of the >> INSTALL file. Is this a hard requirement? > > Up until Prosody 0.9 Lua 5.1 is required. However LuaJIT > implements Lua 5.1 so it works. The license terms are not very consistent: the source files all state to be "MIT/X11 licensed" and defer to the COPYING file for details, but that file only has the text for the MIT license. Thus, we believe the license to be MIT/X11, as stated in the source files. This installs the base system with certificates for two domains: localhost and example.com The default runtime configuration is tweaked during installation to properly setup logging and pid-file directories. Prosody doesn't like being executed as root, and thus the daemon is executed as the user prosody. The startup script creates the pid file write location with appropriate permissions. Signed-off-by: Dushara Jayasinghe --- DEVELOPERS | 3 + package/Config.in | 1 + package/prosody/Config.in | 18 ++++ package/prosody/S50prosody | 38 +++++++++ package/prosody/prosody.cfg.lua | 184 ++++++++++++++++++++++++++++++++++++++++ package/prosody/prosody.hash | 5 ++ package/prosody/prosody.mk | 70 +++++++++++++++ 7 files changed, 319 insertions(+) create mode 100644 package/prosody/Config.in create mode 100644 package/prosody/S50prosody create mode 100644 package/prosody/prosody.cfg.lua create mode 100644 package/prosody/prosody.hash create mode 100644 package/prosody/prosody.mk diff --git a/DEVELOPERS b/DEVELOPERS index f3944e2..c415ef9 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -485,6 +485,9 @@ F: package/nss-pam-ldapd/ F: package/sp-oops-extract/ F: package/unscd/ +N: Dushara Jayasinghe +F: package/prosody/ + N: Ed Swierk F: package/xxhash/ diff --git a/package/Config.in b/package/Config.in index a21c5f0..4291d97 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1716,6 +1716,7 @@ endif source "package/pptp-linux/Config.in" source "package/privoxy/Config.in" source "package/proftpd/Config.in" + source "package/prosody/Config.in" source "package/proxychains-ng/Config.in" source "package/ptpd/Config.in" source "package/ptpd2/Config.in" diff --git a/package/prosody/Config.in b/package/prosody/Config.in new file mode 100644 index 0000000..77eeb85 --- /dev/null +++ b/package/prosody/Config.in @@ -0,0 +1,18 @@ +config BR2_PACKAGE_PROSODY + bool "prosody" + depends on BR2_PACKAGE_LUA_5_1 || BR2_PACKAGE_LUAJIT + select BR2_PACKAGE_LUAEXPAT # runtime + select BR2_PACKAGE_LUASEC # runtime + select BR2_PACKAGE_LUASOCKET # runtime + select BR2_PACKAGE_OPENSSL + select BR2_PACKAGE_LIBIDN + select BR2_PACKAGE_LUAFILESYSTEM # runtime + help + Prosody is a modern XMPP communication server. It aims to be + easy to set up and configure, and efficient with system + resources. + + https://prosody.im + +comment "prosody needs the lua interpreter" + depends on !BR2_PACKAGE_LUA_5_1 && !BR2_PACKAGE_LUAJIT diff --git a/package/prosody/S50prosody b/package/prosody/S50prosody new file mode 100644 index 0000000..cb68dc9 --- /dev/null +++ b/package/prosody/S50prosody @@ -0,0 +1,38 @@ +#! /bin/sh + +NAME=prosody +DAEMON=/usr/bin/$NAME +PIDDIR=/var/run/$NAME + +# Gracefully exit if the package has been removed. +test -x $DAEMON || exit 0 + +case "$1" in + start) + printf "Starting $NAME: " + mkdir -p $PIDDIR + chown $NAME $PIDDIR + start-stop-daemon -S -c $NAME -q -x $DAEMON + [ $? = 0 ] && echo "OK" || echo "FAIL" + ;; + stop) + printf "Stopping $NAME: " + # The standard method of identifying the name doesn't + # work as the process name is lua. So add the prosody + # user as a match criteria when stopping the service + start-stop-daemon -K -n lua -u $NAME + [ $? = 0 ] && echo "OK" || echo "FAIL" + ;; + restart|reload) + echo "Restarting $NAME: " + $0 stop + sleep 1 + $0 start + ;; + *) + echo "Usage: $0 {start|stop|restart|reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/package/prosody/prosody.cfg.lua b/package/prosody/prosody.cfg.lua new file mode 100644 index 0000000..8329c0a --- /dev/null +++ b/package/prosody/prosody.cfg.lua @@ -0,0 +1,184 @@ +-- Prosody Example Configuration File +-- +-- Information on configuring Prosody can be found on our +-- website at http://prosody.im/doc/configure +-- +-- Tip: You can check that the syntax of this file is correct +-- when you have finished by running: luac -p prosody.cfg.lua +-- If there are any errors, it will let you know what and where +-- they are, otherwise it will keep quiet. +-- +-- The only thing left to do is rename this file to remove the .dist ending, and fill in the +-- blanks. Good luck, and happy Jabbering! + + +---------- Server-wide settings ---------- +-- Settings in this section apply to the whole server and are the default settings +-- for any virtual hosts + +-- This is a (by default, empty) list of accounts that are admins +-- for the server. Note that you must create the accounts separately +-- (see http://prosody.im/doc/creating_accounts for info) +-- Example: admins = { "user1@example.com", "user2@example.net" } +admins = { } + +-- Enable use of libevent for better performance under high load +-- For more information see: http://prosody.im/doc/libevent +--use_libevent = true; + +-- This is the list of modules Prosody will load on startup. +-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. +-- Documentation on modules can be found at: http://prosody.im/doc/modules +modules_enabled = { + + -- Generally required + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + + -- Not essential, but recommended + "private"; -- Private XML storage (for room bookmarks, etc.) + "vcard"; -- Allow users to set vCards + + -- These are commented by default as they have a performance impact + --"privacy"; -- Support privacy lists + --"compression"; -- Stream compression + + -- Nice to have + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "pep"; -- Enables users to publish their mood, activity, playing music and more + "register"; -- Allow users to register on this server using a client and change passwords + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"http_files"; -- Serve static files from a directory over HTTP + + -- Other specific functionality + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + --"groups"; -- Shared roster support + --"announce"; -- Send announcement to all online users + --"welcome"; -- Welcome users who register accounts + --"watchregistrations"; -- Alert admins of registrations + --"motd"; -- Send a message to users when they log in + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. +}; + +-- These modules are auto-loaded, but should you want +-- to disable them then uncomment them here: +modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections +}; + +-- Disable account creation by default, for security +-- For more information see http://prosody.im/doc/creating_accounts +allow_registration = false; + +-- These are the SSL/TLS-related settings. If you don't want +-- to use SSL/TLS, you may comment or remove this +ssl = { + key = "certs/localhost.key"; + certificate = "certs/localhost.crt"; +} + +-- Force clients to use encrypted connections? This option will +-- prevent clients from authenticating unless they are using encryption. + +c2s_require_encryption = false + +-- Force certificate authentication for server-to-server connections? +-- This provides ideal security, but requires servers you communicate +-- with to support encryption AND present valid, trusted certificates. +-- NOTE: Your version of LuaSec must support certificate verification! +-- For more information see http://prosody.im/doc/s2s#security + +s2s_secure_auth = false + +-- Many servers don't support encryption or have invalid or self-signed +-- certificates. You can list domains here that will not be required to +-- authenticate using certificates. They will be authenticated using DNS. + +--s2s_insecure_domains = { "gmail.com" } + +-- Even if you leave s2s_secure_auth disabled, you can still require valid +-- certificates for some domains by specifying a list here. + +--s2s_secure_domains = { "jabber.org" } + +-- Select the authentication backend to use. The 'internal' providers +-- use Prosody's configured data storage to store the authentication data. +-- To allow Prosody to offer secure authentication mechanisms to clients, the +-- default provider stores passwords in plaintext. If you do not trust your +-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed +-- for information about using the hashed backend. + +authentication = "internal_plain" + +-- Select the storage backend to use. By default Prosody uses flat files +-- in its configured data directory, but it also supports more backends +-- through modules. An "sql" backend is included by default, but requires +-- additional dependencies. See http://prosody.im/doc/storage for more info. + +--storage = "sql" -- Default is "internal" + +-- For the "sql" backend, you can uncomment *one* of the below to configure: +--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. +--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } +--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } + +-- Logging configuration +-- For advanced logging see http://prosody.im/doc/logging +log = { + -- info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging + -- error = "prosody.err"; + "*syslog"; -- Logging to syslog + -- "*console"; -- Log to the console, useful for debugging with daemonize=false +} + +pidfile = "/var/run/prosody/prosody.pid" + +----------- Virtual hosts ----------- +-- You need to add a VirtualHost entry for each domain you wish Prosody to serve. +-- Settings under each VirtualHost entry apply *only* to that host. + +VirtualHost "localhost" + +VirtualHost "example.com" + -- Assign this host a certificate for TLS, otherwise it would use the one + -- set in the global section (if any). + -- Note that old-style SSL on port 5223 only supports one certificate, and will always + -- use the global one. + ssl = { + key = "certs/example.com.key"; + certificate = "certs/example.com.crt"; + } + +------ Components ------ +-- You can specify components to add hosts that provide special services, +-- like multi-user conferences, and transports. +-- For more information on components, see http://prosody.im/doc/components + +---Set up a MUC (multi-user chat) room server on conference.example.com: +--Component "conference.example.com" "muc" + +-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: +--Component "proxy.example.com" "proxy65" + +---Set up an external component (default component port is 5347) +-- +-- External components allow adding various services, such as gateways/ +-- transports to other networks like ICQ, MSN and Yahoo. For more info +-- see: http://prosody.im/doc/components#adding_an_external_component +-- +--Component "gateway.example.com" +-- component_secret = "password" diff --git a/package/prosody/prosody.hash b/package/prosody/prosody.hash new file mode 100644 index 0000000..38942ea --- /dev/null +++ b/package/prosody/prosody.hash @@ -0,0 +1,5 @@ +# Hashes from: https://prosody.im/downloads/source/{MD5,SHA1,SHA256,SHA512}SUMS +md5 d743adea6cfbaacc3a24cc0c3928bb1b prosody-0.9.12.tar.gz +sha1 1ee224263a5b3d67960e12edbbe6b2f16b95d147 prosody-0.9.12.tar.gz +sha256 1a59a322b71928a21985522aa00d0eab3552208d7bf9ecb318542a1b2fee3e8d prosody-0.9.12.tar.gz +sha512 e87b5f3b3e327722cec9d8d0470684e2ec2788a1c5ae623c4f505a00572ef21f65afe84cd5b7de47d6a65fe8872506fe34e5e8886e20979ff84710669857ca76 prosody-0.9.12.tar.gz diff --git a/package/prosody/prosody.mk b/package/prosody/prosody.mk new file mode 100644 index 0000000..4a88d8f --- /dev/null +++ b/package/prosody/prosody.mk @@ -0,0 +1,70 @@ +################################################################################ +# +# prosody +# +################################################################################ + +PROSODY_VERSION = 0.9.12 +PROSODY_SOURCE = prosody-$(PROSODY_VERSION).tar.gz +PROSODY_SITE = https://prosody.im/downloads/source +PROSODY_LICENSE = MIT +PROSODY_LICENSE_FILES = COPYING +PROSODY_DEPENDENCIES = openssl libidn + +ifeq ($(BR2_PACKAGE_LUA_5_1),y) +PROSODY_DEPENDENCIES += lua +endif + +ifeq ($(BR2_PACKAGE_LUAJIT),y) +PROSODY_DEPENDENCIES += luajit +endif + +define PROSODY_CONFIGURE_CMDS + cd $(@D) && \ + $(TARGET_CONFIGURE_OPTS) \ + ./configure --prefix=/usr \ + --c-compiler=$(TARGET_CC) \ + --cflags="$(TARGET_CFLAGS)" \ + --linker=$(TARGET_CC) \ + --ldflags="$(TARGET_LDFLAGS) -shared" \ + --sysconfdir=/etc/prosody \ + --with-lua=$(STAGING_DIR)/usr +endef + +define PROSODY_BUILD_CMDS + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) +endef + +define PROSODY_INSTALL_TARGET_CMDS + $(TARGET_MAKE_ENV) $(MAKE) DESTDIR="$(TARGET_DIR)" -C $(@D) install +endef + +define PROSODY_INSTALL_INIT_SYSV + $(INSTALL) -D -m 0755 package/prosody/S50prosody \ + $(TARGET_DIR)/etc/init.d/S50prosody +endef + +define PROSODY_USERS + prosody -1 nogroup -1 * - - - Prosody user +endef + +# make install installs a Makefile and meta data to generate certs +define PROSODY_REMOVE_CERT_GENERATOR + rm -f $(TARGET_DIR)/etc/prosody/certs/Makefile + rm -f $(TARGET_DIR)/etc/prosody/certs/*.cnf +endef + +PROSODY_POST_INSTALL_TARGET_HOOKS += PROSODY_REMOVE_CERT_GENERATOR + +# 1. Enable posix functionality +# 2. Log to syslog +# 3. Specify pid file write location +# 4. Enable virtual host example.com +define PROSODY_TWEAK_DEFAULT_CONF + $(INSTALL) -D package/prosody/prosody.cfg.lua \ + $(TARGET_DIR)/etc/prosody/prosody.cfg.lua +endef + +PROSODY_POST_INSTALL_TARGET_HOOKS += PROSODY_TWEAK_DEFAULT_CONF + +$(eval $(generic-package))