From 5e0e6e053311ddf68ed9b285b6202b61e0a27c2e Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Fri, 10 Nov 2017 15:23:28 +0100 Subject: [PATCH] net/stunnel: add uci config support Add uci config support. Signed-off-by: Florian Eckert --- net/stunnel/Makefile | 5 +- net/stunnel/files/stunnel.init | 168 ++++++++++++++++++++++++++++++++- net/stunnel/files/stunnel.uci | 10 ++ 3 files changed, 180 insertions(+), 3 deletions(-) create mode 100644 net/stunnel/files/stunnel.uci diff --git a/net/stunnel/Makefile b/net/stunnel/Makefile index 132aa26a3..8bac6fc9f 100644 --- a/net/stunnel/Makefile +++ b/net/stunnel/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=stunnel PKG_VERSION:=5.44 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-2.0+ PKG_MAINTAINER:=Daniel Engberg @@ -46,6 +46,7 @@ endef define Package/stunnel/conffiles /etc/stunnel/stunnel.conf +/etc/config/stunnel endef @@ -77,6 +78,8 @@ define Package/stunnel/install $(INSTALL_CONF) ./files/stunnel.conf $(1)/etc/stunnel/stunnel.conf $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/stunnel.init $(1)/etc/init.d/stunnel + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/stunnel.uci $(1)/etc/config/stunnel endef $(eval $(call BuildPackage,stunnel)) diff --git a/net/stunnel/files/stunnel.init b/net/stunnel/files/stunnel.init index e622205b8..d0b147e98 100644 --- a/net/stunnel/files/stunnel.init +++ b/net/stunnel/files/stunnel.init @@ -4,9 +4,173 @@ START=90 USE_PROCD=1 +PID_FILE="/var/run/stunnel.pid" +CONF_FILE="/tmp/stunnel.conf" +BIN="/usr/bin/stunnel" + +global_defs() { + local debug compression + + config_get alt_config_file 'globals' alt_config_file + [ -z "$alt_config_file" ] || return 0 + + # Set default settings + printf "foreground = yes\n" >> "$CONF_FILE" + printf "pid = %s\n" "$PID_FILE" >> "$CONF_FILE" + printf "syslog = yes\n" >> "$CONF_FILE" + + config_get debug 'globals' debug '5' + printf "debug = %s\n" "$debug" >> "$CONF_FILE" + + config_get compression 'globals' compression + [ -z "$compression" ] || printf "compression = %s\n" "$compression" >> "$CONF_FILE" +} + +print_options() { + local config=$1 + shift + for opt in "$@"; do + local $opt + local value + local is_boolean=0 + + if [ "${opt:0:5}" == "bool_" ]; then + opt="${opt:5}" + is_boolean=1 + fi + + config_get "value" "$config" "$opt" + [ -z "$value" ] || { + if [ "$value" = '1' ] && [ "$is_boolean" -eq "1" ]; then + value="yes" + elif [ "$value" = '0' ] && [ "$is_boolean" -eq "1" ] ; then + value="no" + fi + printf "%s = %s\n" "$opt" "$value" >> "$CONF_FILE" + } + done +} + +print_list() { + local config=$1 + shift + for opt in "$@"; do + local $opt + local elements + config_get "elements" "$config" "$opt" + for element in $elements; do + printf "%s = %s\n" "$opt" "$element" >> "$CONF_FILE" + done + done +} + +print_list_colon() { + local config=$1 + local value + shift + for opt in "$@"; do + local $opt + local elements + config_get "elements" "$config" "$opt" + for element in $elements; do + value="${value}:${element}" + done + printf "%s = %s\n" "$opt" "${value#*:}" >> "$CONF_FILE" + done +} + +service_section() { + local cfg="$1" + local accept_host accept_port + + printf "\n" >> "$CONF_FILE" + printf "[%s]\n" "$cfg" >> "$CONF_FILE" + + config_get accept_host "$cfg" accept_host 'localhost' + config_get accept_port "$cfg" accept_port + printf "accept = %s:%s\n" "$accept_host" "$accept_port" >> "$CONF_FILE" + + print_options "$cfg" CApath \ + CAfile \ + cert \ + CRLpath \ + CRLfile \ + curve \ + logId \ + debug \ + engineId \ + engineNum \ + failover \ + ident \ + key \ + local \ + PSKidentity \ + PSKsecrets \ + sslVersion \ + TIMEOUTbusy \ + TIMEOUTclose \ + TIMEOUTconnect \ + TIMEOUTidle \ + bool_delay \ + bool_libwrap \ + bool_reset \ + bool_requireCert \ + bool_verifyChain \ + bool_verifyPeer \ + bool_client + + print_list "$cfg" checkEmail \ + checkHost \ + checkIP \ + connect \ + options + + print_list_colon "$cfg" ciphers +} + +process_config() { + local alt_config_file + + rm -f "$CONF_FILE" + + # First line + printf "; STunnel configuration file generated by uci\n" > "$CONF_FILE" + printf "; Written %s\n\n" "$(date +'%c')" >> "$CONF_FILE" + + [ -f /etc/config/stunnel ] || return 0 + + config_load stunnel + global_defs + + # If "alt_config_file" specified, use that instead + [ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && { + rm -f "$CONF_FILE" + # Symlink "alt_config_file" since it's a bit easier and safer + ln -s "$alt_config_file" "$CONF_FILE" + return 0 + } + + config_foreach service_section service +} + +reload_service() { + process_config + # SIGHUP is used by stunnel to do init.d reload + procd_send_signal stunnel +} + +service_triggers() { + procd_add_reload_trigger "stunnel" +} + start_service() { procd_open_instance - procd_set_param command /usr/bin/stunnel /etc/stunnel/stunnel.conf - procd_set_param respawn # respawn automatically if something died + procd_set_param command "$BIN" + procd_append_param command "$CONF_FILE" + + process_config + + # set auto respawn behavior + procd_set_param respawn procd_close_instance } diff --git a/net/stunnel/files/stunnel.uci b/net/stunnel/files/stunnel.uci new file mode 100644 index 000000000..6fad1c6c7 --- /dev/null +++ b/net/stunnel/files/stunnel.uci @@ -0,0 +1,10 @@ +config globals 'globals' + option alt_config_file '/etc/stunnel/stunnel.conf' + option debug '5' + +config service 'dummy' + option client '1' + option accept_host 'localhost' + option accept_port '6000' + list connect 'localhost:6001' +