# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 PortSystem 1.0 PortGroup github 1.0 github.setup dun munge 0.5.14 munge- revision 2 categories net security license {GPL-3+ LGPL-3+} maintainers kornel.us:karl openmaintainer description Creating and validating credentials in HPC clusters. long_description MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication \ service for creating and validating credentials. It is \ designed to be highly scalable for use in an HPC cluster \ environment. It allows a process to authenticate the UID \ and GID of another local or remote process within a group \ of hosts having common users and groups. These hosts form \ a security realm that is defined by a shared cryptographic \ key. Clients within this security realm can create and \ validate credentials without the use of root privileges, \ reserved ports, or platform-specific methods. homepage https://dun.github.io/munge/ platforms darwin checksums rmd160 e16e770d5c9697da521c6537ebcd3787357ef7dd \ sha256 1007d3ea6abd85f7712f5d2601ecb24c16b189ba5b0ec9aa563c11b7e0e9d600 \ size 274981 # We can either use OpenSSL or libgcrypt. Let's default to OpenSSL. depends_lib-append path:lib/libssl.dylib:openssl use_autoreconf yes configure.args --with-crypto-lib=openssl \ --with-openssl-prefix=${prefix} # Allow using libgcrypt instead of OpenSSL. variant libgcrypt description {Use libgcrypt for cryptographic routines} { depends_lib-replace path:lib/libssl.dylib:openssl port:libgcrypt depends_lib-append port:libgcrypt configure.args-delete --with-crypto-lib=openssl \ --with-openssl-prefix=${prefix} configure.args-append --with-crypto-lib=libgcrypt \ --with-libgcrypt-prefix=${prefix} } # The test suite is disabled, because when munged is run, it performs strict # security checks on certain directories where munge data live. Those checks # fail on the directory used for the build, and so any test that involve munged # fails. test.run no test.target check # Create some directories, with MUNGE-required permissions. post-destroot { xinstall -m 700 -d ${destroot}${prefix}/etc/munge xinstall -m 711 -d ${destroot}${prefix}/var/lib/munge xinstall -m 755 -d ${destroot}${prefix}/var/run/munge } destroot.keepdirs-append ${destroot}${prefix}/etc/munge \ ${destroot}${prefix}/var/lib/munge \ ${destroot}${prefix}/var/run/munge # When activating, if a MUNGE key doesn't already exist, create a new one. post-activate { if {![file exists ${prefix}/etc/munge/munge.key]} { system "${prefix}/sbin/mungekey" file attributes ${prefix}/etc/munge/munge.key -permissions 0600 } } notes "Once munge is activated, a random key will be generated and placed at ${prefix}/etc/munge/munge.key. If you put in your own key, make sure only root can access it, and remember to restart munged!" # Create a startup item for munge startupitem.create yes startupitem.name munged startupitem.executable ${prefix}/sbin/munged --foreground startupitem.logfile ${prefix}/var/log/munged.log startupitem.logevents yes startupitem.netchange yes