/[gentoo-x86]/net-misc/xrdp/xrdp-0.8.0-r1.ebuild
Gentoo

Contents of /net-misc/xrdp/xrdp-0.8.0-r1.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Thu Feb 19 16:58:37 2015 UTC (4 years, 9 months ago) by mgorny
Branch: MAIN
CVS Tags: HEAD
Patch out crypt() NULL return check vulnerability, bug #540630. Remove old.

(Portage version: 2.2.17/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!)

1 # Copyright 1999-2015 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/xrdp-0.8.0.ebuild,v 1.4 2014/10/27 14:33:09 mgorny Exp $
4
5 EAPI=5
6
7 inherit autotools eutils pam systemd
8
9 DESCRIPTION="An open source Remote Desktop Protocol server"
10 HOMEPAGE="http://www.xrdp.org/"
11 # mirrored from https://github.com/neutrinolabs/xrdp/releases
12 SRC_URI="http://dev.gentoo.org/~mgorny/dist/${P}.tar.xz"
13
14 LICENSE="Apache-2.0"
15 SLOT="0"
16 KEYWORDS="~amd64 ~x86"
17 IUSE="debug fuse kerberos jpeg pam pulseaudio"
18
19 RDEPEND="dev-libs/openssl:0=
20 x11-libs/libX11:0=
21 x11-libs/libXfixes:0=
22 x11-libs/libXrandr:0=
23 fuse? ( sys-fs/fuse:0= )
24 jpeg? ( virtual/jpeg:0= )
25 kerberos? ( virtual/krb5:0= )
26 pam? ( virtual/pam:0= )
27 pulseaudio? ( media-sound/pulseaudio:0= )"
28 DEPEND="${RDEPEND}
29 app-arch/xz-utils"
30 RDEPEND="${RDEPEND}
31 || (
32 net-misc/tigervnc:0=[server,xorgmodule]
33 net-misc/x11rdp:0=
34 )"
35
36 # does not work with gentoo version of freerdp
37 # neutrinordp? ( net-misc/freerdp:0= )
38 # incompatible with current ffmpeg/libav (surprising, isn't it?)
39 # xrdpvr? ( virtual/ffmpeg:0= )
40
41 src_prepare() {
42 epatch_user
43
44 # #540630: crypt() unchecked for NULL return
45 epatch "${FILESDIR}"/${P}-crypt-null-return.patch
46
47 # don't let USE=debug adjust CFLAGS
48 sed -i -e 's:-g -O0::' configure.ac || die
49 # disallow root login by default
50 sed -i -e '/^AllowRootLogin/s/1/0/' sesman/sesman.ini || die
51 # Fedora files, not included here
52 sed -i -e '/EnvironmentFile=/d' instfiles/*.service || die
53 # reorder so that X11rdp comes last again since it's not supported
54 sed -i -e '/^\[xrdp1\]$/,/^$/{wxrdp.ini.tmp
55 ;d}' xrdp/xrdp.ini || die
56 # move newline to the beginning
57 sed -i -e 'x' xrdp.ini.tmp || die
58 cat xrdp.ini.tmp >> xrdp/xrdp.ini || die
59 rm -f xrdp.ini.tmp || die
60
61 eautoreconf
62 # part of ./bootstrap
63 ln -s ../config.c sesman/tools/config.c || die
64 }
65
66 src_configure() {
67 use kerberos && use pam \
68 && ewarn "Both kerberos & pam auth enabled, kerberos will take precedence."
69
70 local myconf=(
71 # warning: configure.ac is completed flawed
72
73 --localstatedir="${EPREFIX}"/var
74
75 # -- authentication backends --
76 # kerberos is inside !SESMAN_NOPAM conditional for no reason
77 $(use pam || use kerberos || echo --enable-nopam)
78 $(usex kerberos --enable-kerberos '')
79 # pam_userpass is not in Gentoo at the moment
80 #--disable-pamuserpass
81
82 # -- jpeg support --
83 $(usex jpeg --enable-jpeg '')
84 # the package supports explicit linking against libjpeg-turbo
85 # (no need for -ljpeg compat)
86 $(use jpeg && has_version 'media-libs/libjpeg-turbo:0' && echo --enable-tjpeg)
87
88 # -- sound support --
89 $(usex pulseaudio '--enable-simplesound --enable-loadpulsemodules' '')
90
91 # -- others --
92 $(usex debug --enable-xrdpdebug '')
93 $(usex fuse --enable-fuse '')
94 # $(usex neutrinordp --enable-neutrinordp '')
95 # $(usex xrdpvr --enable-xrdpvr '')
96
97 "$(systemd_with_unitdir)"
98 )
99
100 econf "${myconf[@]}"
101 }
102
103 src_install() {
104 default
105 prune_libtool_files --all
106
107 # use our pam.d file since upstream's incompatible with Gentoo
108 use pam && newpamd "${FILESDIR}"/xrdp-sesman.pamd xrdp-sesman
109 # and our startwm.sh
110 exeinto /etc/xrdp
111 doexe "${FILESDIR}"/startwm.sh
112
113 # Fedora stuff
114 rm -r "${ED}"/etc/default || die
115
116 # own /etc/xrdp/rsakeys.ini
117 : > rsakeys.ini
118 insinto /etc/xrdp
119 doins rsakeys.ini
120
121 # contributed by Jan Psota <jasiupsota@gmail.com>
122 newinitd "${FILESDIR}/${PN}-initd" ${PN}
123 }
124
125 pkg_preinst() {
126 # either copy existing keys over to avoid CONFIG_PROTECT whining
127 # or generate new keys (but don't include them in binpkg!)
128 if [[ -f ${EROOT}/etc/xrdp/rsakeys.ini ]]; then
129 cp {"${EROOT}","${ED}"}/etc/xrdp/rsakeys.ini || die
130 else
131 einfo "Running xrdp-keygen to generate new rsakeys.ini ..."
132 "${S}"/keygen/xrdp-keygen xrdp "${ED}"/etc/xrdp/rsakeys.ini \
133 || die "xrdp-keygen failed to generate RSA keys"
134 fi
135 }
136
137 pkg_postinst() {
138 # check for use of bundled rsakeys.ini (installed by default upstream)
139 if [[ $(cksum "${EROOT}"/etc/xrdp/rsakeys.ini) == '2935297193 1019 '* ]]
140 then
141 ewarn "You seem to be using upstream bundled rsakeys.ini. This means that"
142 ewarn "your communications are encrypted using a well-known key. Please"
143 ewarn "consider regenerating rsakeys.ini using the following command:"
144 ewarn
145 ewarn " ${EROOT}/usr/bin/xrdp-keygen xrdp ${EROOT}/etc/xrdp/rsakeys.ini"
146 ewarn
147 fi
148
149 elog "Various session types require different backend implementations:"
150 elog "- sesman-Xvnc requires net-misc/tigervnc[server,xorgmodule]"
151 elog "- sesman-X11rdp requires net-misc/x11rdp"
152 }

  ViewVC Help
Powered by ViewVC 1.1.20