# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           github 1.0
PortGroup           openssl 1.0

github.setup        dun munge 0.5.16 munge-
revision            0
checksums           rmd160  d9d54e8bbc052e9b8aa616e56fc93d1d5f0f5f7e \
                    sha256  6fa6f14de41064c2b56422592df7ad1de2af483912c54460863db2827e6a2861 \
                    size    448120

categories          net security
license             {GPL-3+ LGPL-3+}
maintainers         {@akkornel stanford.edu:akkornel} openmaintainer
description         Creating and validating credentials in HPC clusters.
long_description    MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication \
                    service for creating and validating credentials.  It is \
                    designed to be highly scalable for use in an HPC cluster \
                    environment.  It allows a process to authenticate the UID \
                    and GID of another local or remote process within a group \
                    of hosts having common users and groups.  These hosts form \
                    a security realm that is defined by a shared cryptographic \
                    key.  Clients within this security realm can create and \
                    validate credentials without the use of root privileges, \
                    reserved ports, or platform-specific methods.

homepage            https://dun.github.io/munge/
github.tarball_from releases
use_xz              yes

openssl.branch      no_version

depends_lib         port:bzip2 \
                    port:zlib

patchfiles          libmissing.patch
post-extract {
    move ${worksrcpath}/src/libmissing ${worksrcpath}/portable
}

# We are patching configure.ac and Makefile.am
use_autoreconf      yes

configure.args      --disable-silent-rules

# We can either use OpenSSL or libgcrypt.  Let's default to OpenSSL.
variant openssl conflicts libgcrypt description {Use openssl for cryptographic routines} {
    openssl.branch          3
    configure.args-append   --with-crypto-lib=openssl \
                            --with-openssl-prefix=[openssl::install_area]
}

# Allow using libgcrypt instead of OpenSSL.
variant libgcrypt conflicts openssl description {Use libgcrypt for cryptographic routines} {
    depends_lib-append      port:libgcrypt
    configure.args-append   --with-crypto-lib=libgcrypt \
                            --with-libgcrypt-prefix=${prefix}
}

if {![variant_isset openssl] && ![variant_isset libgcrypt]} {
    default_variants +openssl
}

if {![variant_isset openssl] && ![variant_isset libgcrypt]} {
    return -code error "select either the openssl or libgcrypt variant"
}

# The test suite is disabled, because when munged is run, it performs strict
# security checks on certain directories where munge data live.  Those checks
# fail on the directory used for the build, and so any test that involve munged
# fails.
test.run            no
test.target         check

# Create some directories, with MUNGE-required permissions.
post-destroot {
    xinstall -m 700 -d ${destroot}${prefix}/etc/munge
    xinstall -m 711 -d ${destroot}${prefix}/var/lib/munge
    xinstall -m 755 -d ${destroot}${prefix}/var/run/munge
}
destroot.keepdirs-append    ${destroot}${prefix}/etc/munge \
                            ${destroot}${prefix}/var/lib/munge \
                            ${destroot}${prefix}/var/run/munge

# When activating, if a MUNGE key doesn't already exist, create a new one.
post-activate {
    if {![file exists ${prefix}/etc/munge/munge.key]} {
        system "${prefix}/sbin/mungekey"
        file attributes ${prefix}/etc/munge/munge.key -permissions 0600
    }
}
notes "Once munge is activated, a random key will be generated and placed at ${prefix}/etc/munge/munge.key.  If you put in your own key, make sure only root can access it, and remember to restart munged!"

# Create a startup item for munge
startupitem.create      yes
startupitem.name        munged
startupitem.executable  ${prefix}/sbin/munged --foreground
startupitem.logfile     ${prefix}/var/log/munged.log
startupitem.logevents   yes
startupitem.netchange   yes
