/[gentoo-x86]/net-misc/scponly/scponly-4.8-r4.ebuild
Gentoo

Contents of /net-misc/scponly/scponly-4.8-r4.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.7 - (show annotations) (download)
Sat Oct 15 23:12:17 2011 UTC (2 years, 11 months ago) by mattst88
Branch: MAIN
Changes since 1.6: +3 -13 lines
Drop ~mips, bug 371667.

(Portage version: 2.1.10.11/cvs/Linux x86_64)

1 # Copyright 1999-2011 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-misc/scponly/scponly-4.8-r4.ebuild,v 1.6 2010/06/22 18:54:31 arfrever Exp $
4
5 EAPI="1"
6 inherit eutils multilib toolchain-funcs
7
8 DESCRIPTION="A tiny pseudoshell which only permits scp and sftp"
9 HOMEPAGE="http://www.sublimation.org/scponly/"
10 SRC_URI="mirror://sourceforge/scponly/${P}.tgz"
11
12 LICENSE="as-is"
13 SLOT="0"
14 KEYWORDS="amd64 ppc sparc x86"
15 IUSE="+sftp scp winscp gftp rsync unison subversion wildcards quota passwd logging"
16
17 RDEPEND="sys-apps/sed
18 net-misc/openssh
19 quota? ( sys-fs/quota )
20 rsync? ( net-misc/rsync )
21 subversion? ( dev-vcs/subversion )"
22 DEPEND="${RDEPEND}"
23
24 myuser="scponly"
25 myhome="/home/${myuser}"
26 mysubdir="/pub"
27
28 pkg_setup() {
29 if use unison; then
30 if [ ! -e "${ROOT}usr/bin/unison" ]; then
31 eerror
32 eerror "please run 'eselect unison set <version>' first!"
33 die "can't find /usr/bin/unison"
34 fi
35 fi
36
37 if ! use subversion && ! use unison && ! use rsync && \
38 ! use sftp && ! use scp && ! use winscp; then
39 eerror
40 eerror "you have to enable at least one of the following use-flags:"
41 eerror "sftp scp winscp rsync unison subversion"
42 die "your build will quite useless without any compatibility mode"
43 fi
44
45 if use subversion || use unison || use rsync || use wildcards || use scp || use winscp; then
46 ewarn
47 ewarn "NOTE THE FOLLOWING SECURITY RISKS:"
48 ewarn
49 if use wildcards; then
50 ewarn "-- by enabling wildcards, there is a slightly higher chance of an exploit"
51 fi
52 if use scp || use winscp; then
53 ewarn "-- by enabling scp and/or winscp compatibility, more programs will need"
54 ewarn " to be installed in the chroot which increases the risk."
55 fi
56 if use subversion; then
57 ewarn "-- CAUTION: by enabling subversion the user WILL BE ABLE TO EXECUTE"
58 ewarn " SCRIPTS OR PROGRAMS INDIRECTLY! svn and svnserve will try to execute"
59 ewarn " pre-commit, post-commit hooks, as well as a few others. These files"
60 ewarn " have specific filenames at specific locations relative to the svn"
61 ewarn " repository root. Thus, unless you are *very* careful about security,"
62 ewarn " the user WILL BE ABLE TO EXECUTE SCRIPTS OR PROGRAMS INDIRECTLY!"
63 ewarn " This can be prevented by a careful configuration."
64 fi
65 if use subversion || use unison || use rsync; then
66 ewarn "-- The following programs use configuration files that might allow the"
67 ewarn " user to bypass security restrictions placed on command line arguments:"
68 ewarn " svn, svnserve, rsync, unison"
69 fi
70 ewarn
71 ewarn "please read /usr/share/doc/${PF}/SECURITY* after install!"
72 ewarn
73 ebeep 5
74 fi
75 }
76
77 src_unpack() {
78 unpack ${A}
79 cd "${S}"
80 epatch "${FILESDIR}/${P}-rsync.patch"
81 # bug #269242
82 epatch "${FILESDIR}/${P}-gcc4.4.0.patch"
83 }
84
85 src_compile() {
86 CFLAGS="${CFLAGS} ${LDFLAGS}" econf \
87 --with-sftp-server="/usr/$(get_libdir)/misc/sftp-server" \
88 --with-default-chdir="/" \
89 --disable-restrictive-names \
90 --enable-chrooted-binary \
91 --enable-chroot-checkdir \
92 $(use_enable winscp winscp-compat) \
93 $(use_enable gftp gftp-compat) \
94 $(use_enable scp scp-compat) \
95 $(use_enable sftp sftp) \
96 $(use_enable quota quota-compat) \
97 $(use_enable passwd passwd-compat) \
98 $(use_enable rsync rsync-compat) \
99 $(use_enable unison unison-compat) \
100 $(use_enable subversion svn-compat) \
101 $(use_enable subversion svnserv-compat) \
102 $(use_enable logging sftp-logging-compat) \
103 $(use_enable wildcards wildcards) \
104 || die "econf failed"
105 emake CC=$(tc-getCC) || die "emake failed"
106 }
107
108 src_install() {
109 emake DESTDIR="${D}" install || die
110
111 dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README SECURITY TODO
112
113 # don't compress setup-script, so it is usable if necessary
114 insinto /usr/share/doc/${PF}/chroot
115 doins setup_chroot.sh config.h
116 }
117
118 pkg_postinst() {
119 elog
120 elog "You might want to run"
121 elog " emerge --config =${CATEGORY}/${PF}"
122 elog "to setup the chroot. Otherwise you will have to setup chroot manually."
123 elog
124 elog "Please read the docs in /usr/share/doc/${PF} for more informations!"
125 elog
126
127 # two slashes ('//') are used by scponlyc to determine the chroot point.
128 enewgroup "${myuser}"
129 enewuser "${myuser}" -1 /usr/sbin/scponlyc "${myhome}//" "${myuser}"
130 }
131
132 pkg_config() {
133 # pkg_postinst is based on ${S}/setup_chroot.sh.
134
135 einfo "Collecting binaries and libraries..."
136
137 # Binaries launched in sftp compat mode
138 if built_with_use =${CATEGORY}/${PF} sftp; then
139 BINARIES="/usr/$(get_libdir)/misc/sftp-server"
140 fi
141
142 # Binaries launched by vanilla- and WinSCP modes
143 if built_with_use =${CATEGORY}/${PF} scp || \
144 built_with_use =${CATEGORY}/${PF} winscp; then
145 BINARIES="${BINARIES} /usr/bin/scp /bin/ls /bin/rm /bin/ln /bin/mv"
146 BINARIES="${BINARIES} /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir"
147 fi
148
149 # Binaries launched in WinSCP compatibility mode
150 if built_with_use =${CATEGORY}/${PF} winscp; then
151 BINARIES="${BINARIES} /bin/pwd /bin/groups /usr/bin/id /bin/echo"
152 fi
153
154 # Rsync compatability mode
155 if built_with_use =${CATEGORY}/${PF} rsync; then
156 BINARIES="${BINARIES} /usr/bin/rsync"
157 fi
158
159 # Unison compatability mode
160 if built_with_use =${CATEGORY}/${PF} unison; then
161 BINARIES="${BINARIES} /usr/bin/unison"
162 fi
163
164 # subversion cli/svnserv compatibility
165 if built_with_use =${CATEGORY}/${PF} subversion; then
166 BINARIES="${BINARIES} /usr/bin/svn /usr/bin/svnserve"
167 fi
168
169 # passwd compatibility
170 if built_with_use =${CATEGORY}/${PF} passwd; then
171 BINARIES="${BINARIES} /bin/passwd"
172 fi
173
174 # quota compatibility
175 if built_with_use =${CATEGORY}/${PF} quota; then
176 BINARIES="${BINARIES} /usr/bin/quota"
177 fi
178
179 # build lib dependencies
180 LIB_LIST=$(ldd ${BINARIES} | sed -n 's:.* => \(/[^ ]\+\).*:\1:p' | sort -u)
181
182 # search and add ld*.so
183 for LIB in /$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 \
184 /usr/libexec/ld.so /$(get_libdir)/ld-linux*.so.2 /usr/libexec/ld-elf.so.1; do
185 [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"
186 done
187
188 # search and add libnss_*.so
189 for LIB in /$(get_libdir)/libnss_{compat,files}*.so.*; do
190 [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"
191 done
192
193 # create base dirs
194 if [ ! -d "${myhome}" ]; then
195 einfo "Creating ${myhome}"
196 install -o0 -g0 -m0755 -d "${myhome}"
197 else
198 einfo "Setting owner for ${myhome}"
199 chown 0:0 "${myhome}"
200 fi
201
202 if [ ! -d "${myhome}/etc" ]; then
203 einfo "Creating ${myhome}/etc"
204 install -o0 -g0 -m0755 -d "${myhome}/etc"
205 fi
206
207 if [ ! -d "${myhome}/$(get_libdir)" ]; then
208 einfo "Creating ${myhome}/$(get_libdir)"
209 install -o0 -g0 -m0755 -d "${myhome}/$(get_libdir)"
210 fi
211
212 if [ ! -e "${myhome}/lib" ]; then
213 einfo "Creating ${myhome}/lib"
214 ln -snf $(get_libdir) "${myhome}/lib"
215 fi
216
217 if [ ! -d "${myhome}/usr/$(get_libdir)" ]; then
218 einfo "Creating ${myhome}/usr/$(get_libdir)"
219 install -o0 -g0 -m0755 -d "${myhome}/usr/$(get_libdir)"
220 fi
221
222 if [ ! -e "${myhome}/usr/lib" ]; then
223 einfo "Creating ${myhome}/usr/lib"
224 ln -snf $(get_libdir) "${myhome}/usr/lib"
225 fi
226
227 if [ ! -d "${myhome}${mysubdir}" ]; then
228 einfo "Creating ${myhome}${mysubdir} directory for uploading files"
229 install -o${myuser} -g${myuser} -m0755 -d "${myhome}${mysubdir}"
230 fi
231
232 # create /dev/null (Bug 135505)
233 if [ ! -e "${myhome}/dev/null" ]; then
234 install -o0 -g0 -m0755 -d "${myhome}/dev"
235 mknod -m0777 "${myhome}/dev/null" c 1 3
236 fi
237
238 # install binaries
239 for BIN in ${BINARIES}; do
240 einfo "Install ${BIN}"
241 install -o0 -g0 -m0755 -d "${myhome}$(dirname ${BIN})"
242 if [ "${BIN}" = "/bin/passwd" ]; then # needs suid
243 install -p -o0 -g0 -m04711 "${BIN}" "${myhome}/${BIN}"
244 else
245 install -p -o0 -g0 -m0755 "${BIN}" "${myhome}/${BIN}"
246 fi
247 done
248
249 # install libs
250 for LIB in ${LIB_LIST}; do
251 einfo "Install ${LIB}"
252 install -o0 -g0 -m0755 -d "${myhome}$(dirname ${LIB})"
253 install -p -o0 -g0 -m0755 "${LIB}" "${myhome}/${LIB}"
254 done
255
256 # create ld.so.conf
257 einfo "Creating /etc/ld.so.conf"
258 for LIB in ${LIB_LIST}; do
259 dirname ${LIB}
260 done | sort -u | while read DIR; do
261 if ! grep 2>/dev/null -q "^${DIR}$" "${myhome}/etc/ld.so.conf"; then
262 echo "${DIR}" >> "${myhome}/etc/ld.so.conf"
263 fi
264 done
265 ldconfig -r "${myhome}"
266
267 # update shells
268 einfo "Updating /etc/shells"
269 grep 2>/dev/null -q "^/usr/bin/scponly$" /etc/shells \
270 || echo "/usr/bin/scponly" >> /etc/shells
271
272 grep 2>/dev/null -q "^/usr/sbin/scponlyc$" /etc/shells \
273 || echo "/usr/sbin/scponlyc" >> /etc/shells
274
275 # create /etc/passwd
276 if [ ! -e "${myhome}/etc/passwd" ]; then
277 (
278 echo "root:x:0:0:root:/:/bin/sh"
279 sed -n "s|^\(${myuser}:[^:]*:[^:]*:[^:]*:[^:]*:\).*|\1${mysubdir}:/bin/sh|p" /etc/passwd
280 ) > "${myhome}/etc/passwd"
281 fi
282
283 # create /etc/group
284 if [ ! -e "${myhome}/etc/group" ]; then
285 (
286 echo "root:x:0:"
287 sed -n "s|^\(${myuser}:[^:]*:[^:]*:\).*|\1|p" /etc/group
288 ) > "${myhome}/etc/group"
289 fi
290 }

  ViewVC Help
Powered by ViewVC 1.1.20