# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 PortSystem 1.0 PortGroup github 1.0 PortGroup openssl 1.0 github.setup dun munge 0.5.16 munge- revision 0 checksums rmd160 d9d54e8bbc052e9b8aa616e56fc93d1d5f0f5f7e \ sha256 6fa6f14de41064c2b56422592df7ad1de2af483912c54460863db2827e6a2861 \ size 448120 categories net security license {GPL-3+ LGPL-3+} maintainers {@akkornel stanford.edu:akkornel} openmaintainer description Creating and validating credentials in HPC clusters. long_description MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication \ service for creating and validating credentials. It is \ designed to be highly scalable for use in an HPC cluster \ environment. It allows a process to authenticate the UID \ and GID of another local or remote process within a group \ of hosts having common users and groups. These hosts form \ a security realm that is defined by a shared cryptographic \ key. Clients within this security realm can create and \ validate credentials without the use of root privileges, \ reserved ports, or platform-specific methods. homepage https://dun.github.io/munge/ github.tarball_from releases use_xz yes openssl.branch no_version depends_lib port:bzip2 \ port:zlib patchfiles libmissing.patch post-extract { move ${worksrcpath}/src/libmissing ${worksrcpath}/portable } # We are patching configure.ac and Makefile.am use_autoreconf yes configure.args --disable-silent-rules # We can either use OpenSSL or libgcrypt. Let's default to OpenSSL. variant openssl conflicts libgcrypt description {Use openssl for cryptographic routines} { openssl.branch 3 configure.args-append --with-crypto-lib=openssl \ --with-openssl-prefix=[openssl::install_area] } # Allow using libgcrypt instead of OpenSSL. variant libgcrypt conflicts openssl description {Use libgcrypt for cryptographic routines} { depends_lib-append port:libgcrypt configure.args-append --with-crypto-lib=libgcrypt \ --with-libgcrypt-prefix=${prefix} } if {![variant_isset openssl] && ![variant_isset libgcrypt]} { default_variants +openssl } if {![variant_isset openssl] && ![variant_isset libgcrypt]} { return -code error "select either the openssl or libgcrypt variant" } # The test suite is disabled, because when munged is run, it performs strict # security checks on certain directories where munge data live. Those checks # fail on the directory used for the build, and so any test that involve munged # fails. test.run no test.target check # Create some directories, with MUNGE-required permissions. post-destroot { xinstall -m 700 -d ${destroot}${prefix}/etc/munge xinstall -m 711 -d ${destroot}${prefix}/var/lib/munge xinstall -m 755 -d ${destroot}${prefix}/var/run/munge } destroot.keepdirs-append ${destroot}${prefix}/etc/munge \ ${destroot}${prefix}/var/lib/munge \ ${destroot}${prefix}/var/run/munge # When activating, if a MUNGE key doesn't already exist, create a new one. post-activate { if {![file exists ${prefix}/etc/munge/munge.key]} { system "${prefix}/sbin/mungekey" file attributes ${prefix}/etc/munge/munge.key -permissions 0600 } } notes "Once munge is activated, a random key will be generated and placed at ${prefix}/etc/munge/munge.key. If you put in your own key, make sure only root can access it, and remember to restart munged!" # Create a startup item for munge startupitem.create yes startupitem.name munged startupitem.executable ${prefix}/sbin/munged --foreground startupitem.logfile ${prefix}/var/log/munged.log startupitem.logevents yes startupitem.netchange yes