| Summary: | bfilter-0.9.4.ebuild (New Package) | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Alan Swanson <reiver> |
| Component: | New packages | Assignee: | Default Assignee for New Packages <maintainer-wanted> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | CC: | net-proxy+disabled, reiver |
| Priority: | High | Keywords: | EBUILD |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bfilter.sourceforge.net | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
bfilter-0.9.4.ebuild
bfilter.8 bfilter-init.d bfilter-conf.d bfilter-0.9.4-droppriv.patch bfilter.8 bfilter-0.9.4-droppriv.patch |
||
|
Description
Alan Swanson
2005-08-27 12:14:12 UTC
Created attachment 67006 [details]
bfilter-0.9.4.ebuild
The ebuild. Uses a local "gui" USE flag which I've tested but expect nobody to
actually use.
Created attachment 67008 [details]
bfilter.8
Man page for bfilter.
Created attachment 67009 [details]
bfilter-init.d
The init script.
Created attachment 67010 [details]
bfilter-conf.d
Configuration settings. This is secure by default as I'm paranoid...
Created attachment 67013 [details, diff]
bfilter-0.9.4-droppriv.patch
The privilege dropping patch for chrooting and changing users and groups. The
parent process exits if user, group or chroot directory do not exist and
subsequent child processes which handle the proxy requests exit if the chroot
directory no longer exists.
To allow for an empty chroot directory you need to call gethostbyname for a
non-local host (i.e. not in /etc/hosts) before chrooting. This is run by each
child started but as bfilter supports persistent connections and pipelining
it's not really a worry. I've defaulted it to slashdot.org but you might want
it to be forums.gentoo.org for popularity!
Created attachment 67058 [details]
bfilter.8
Tweaks to the man page fixing a spelling mistake, adding long options and
correcting the section number.
Also dithering regarding having the chroot configuration by default. The
default setting is to bind to 127.0.0.1 only so only local users would be using
the proxy. Other proxies in Gentoo are generally not chrooted by default. Not
chrooting would save two milliseconds for a local DNS server or approximately
50 milliseconds for a remote DNS server from startup time for each child
started to handle requests.
If the developer that decides to maintain this doesn't wany to chroot by
default, remove the /var/empty directory creation in the ebuild.
Created attachment 67063 [details, diff]
bfilter-0.9.4-droppriv.patch
Tweak to the privilege dropping patch. If chroot is not set then the parent
process can also change to the unprivileged user.
That should be it for now, no more changes I promise.
First, congratulations for this pretty well written ebuild! All I had to do was to replace gui useflag with gtk (no need to invent yet another useflag) and move the pkg_preinst function after src_install. However, upstream appears to be dead (more than a year since last release) and HTTPS isn't supported (as you already observed). Also, the popularity of this package isn't impressive (just a few downloads per month). Is this package really useful for you? If you say so, I will submit it to the tree , but I doubt you'll find another gentooer who would use this package. BFilter isn't well advertised IYKWIM and I'd only found it while doing a search for proxies prior to (re)writing one for myself. Upstream are still developing it and commits are currently being made to CVS (though without anything useful like comments for each commit). The GUI interface is not really useful in Linux. To explain, the GUI can't be used with the proxy started by init as the GUI starts its own completely seperate proxy. Users would have an always open window which allows editing of their local configuration files only. I'd decided to disable it by default with the undocumented USE flag (with the advantage that gtkmm would not be an additional dependancy for GTK users). I'm currently using bfilter in preference to privoxy or wwwoffle for filtering though the lack of CONNECT (HTTPS) support is a wee bit inconvenient I'd agree. To cut this ramble short I don't mind if bfilter is not added to Gentoo, anyone else can use this bug as a reference and reopen it if they do start using bfilter (showing I'm not alone in the Gentoo world). Main problem was upstream being dead, so I'll submit it to the tree.
My changes are:
- replaced gui useflag with X - seems the best replacement
- double quote ${D} strings
- add info messages to die calls
- correct useflag? ( dep ) atom - you must use parentheses
Please send your patch and man page to upstream for inclusion in future versions.
|
