Date: Thu, 11 Jul 2002 06:35:08 -0400 (EDT) From: Michael Handler <handler@grendel.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: handler@grendel.net, winter@jurai.net Subject: ports/40455: New port: SFS (Self-Certifying File System) Message-ID: <200207111035.g6BAZ8uQ092064@lair.grendel.net>
next in thread | raw e-mail | index | archive | help
>Number: 40455
>Category: ports
>Synopsis: New port: SFS (Self-Certifying File System)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 11 03:40:02 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Michael Handler
>Release: FreeBSD 4.6-RELEASE-p1 i386
>Organization:
Sub Rosa
>Environment:
System: FreeBSD lair.grendel.net 4.6-RELEASE-p1 FreeBSD 4.6-RELEASE-p1 #0: Tue Jul 2 23:48:13 EDT 2002 root@lair.grendel.net:/usr/obj/usr/src/sys/LAIR i386
>Description:
SFS (Self-Certifying File System) is a secure, global file system
with completely decentralized control. SFS lets you access your
files from anywhere and share them with anyone, anywhere. Anyone
can set up an SFS server, and any user can access any server from
any client. SFS lets you share files across administrative realms
without involving administrators or certification authorities.
>How-To-Repeat:
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# sfs
# sfs/files
# sfs/files/sfscd.sh
# sfs/files/sfssd.sh
# sfs/files/etc-sfsrwsd_config.sample
# sfs/files/share-doc-WELCOME
# sfs/files/share-doc-README
# sfs/pkg-plist
# sfs/Makefile
# sfs/distinfo
# sfs/pkg-comment
# sfs/pkg-descr
# sfs/pkg-install
# sfs/pkg-deinstall
#
echo c - sfs
mkdir -p sfs > /dev/null 2>&1
echo c - sfs/files
mkdir -p sfs/files > /dev/null 2>&1
echo x - sfs/files/sfscd.sh
sed 's/^X//' >sfs/files/sfscd.sh << 'END-of-sfs/files/sfscd.sh'
X#!/bin/sh
X
XPIDFILE=/var/run/sfscd.pid
X
Xcase "$1" in
Xstart)
X [ -x %%PREFIX%%/sbin/sfscd ] && %%PREFIX%%/sbin/sfscd && echo -n ' sfscd'
X ;;
Xstop)
X [ -r $PIDFILE ] && kill -TERM `cat $PIDFILE` && echo -n ' sfscd'
X ;;
X*)
X echo "Usage: `basename $0` {start|stop}" >&2
X ;;
Xesac
X
Xexit 0
END-of-sfs/files/sfscd.sh
echo x - sfs/files/sfssd.sh
sed 's/^X//' >sfs/files/sfssd.sh << 'END-of-sfs/files/sfssd.sh'
X#!/bin/sh
X
XPIDFILE=/var/run/sfssd.pid
X
Xcase "$1" in
Xstart)
X [ -x %%PREFIX%%/sbin/sfssd ] && %%PREFIX%%/sbin/sfssd && echo -n ' sfssd'
X ;;
Xstop)
X [ -r $PIDFILE ] && kill -TERM `cat $PIDFILE` && echo -n ' sfssd'
X ;;
X*)
X echo "Usage: `basename $0` {start|stop}" >&2
X ;;
Xesac
X
Xexit 0
END-of-sfs/files/sfssd.sh
echo x - sfs/files/etc-sfsrwsd_config.sample
sed 's/^X//' >sfs/files/etc-sfsrwsd_config.sample << 'END-of-sfs/files/etc-sfsrwsd_config.sample'
X# To configure sfsrwsd (part of the SFS server subsystem), copy this file
X# (sfsrwsd_config.sample) to sfsrwsd_config and edit as necessary.
X#
X# Normally, it should not be necessary for you to specify Hostname
X# or Keyfile options, only Export statements.
X#
X# Configuration reference:
X#
X# Hostname name
X# Set the Location part of the server's self-certifying pathname. The
X# default is the current host's fully-qualified hostname.
X#
X# Keyfile path
X# Tells sfsrwsd to look for its private key in file path. The default
X# is sfs_host_key. SFS looks for file names that do not start with /
X# in /etc/sfs, or whatever directory you specified if you used the
X# --with-etcdir option to configure (see configure).
X#
X# Export local-directory sfs-name [R|W]
X# Tells sfsrwsd to export local-directory, giving it the name sfs-name
X# with respect to the server's self-certifying pathname. Appending R
X# to an export directive gives anonymous users read-only access to
X# the file system (under user ID -2 and group ID -2). Appending W
X# gives anonymous users both read and write access. See Quick server
X# setup, for an example of the Export directive. There is almost no
X# reason to use the W flag. The R flag lets anyone on the Internet
X# issue NFS calls to your kernel as user -2. SFS filters these calls;
X# it makes sure that they operate on files covered by the export
X# directive, and it blocks any calls that would modify the file system.
X# This approach is safe given a perfect NFS3 implementation. If,
X# however, there are bugs in your NFS code, attackers may exploit
X# them if you have the R option--probably just crashing your server
X# but possibly doing worse
X
END-of-sfs/files/etc-sfsrwsd_config.sample
echo x - sfs/files/share-doc-WELCOME
sed 's/^X//' >sfs/files/share-doc-WELCOME << 'END-of-sfs/files/share-doc-WELCOME'
XSFS is now installed. To test your installation, try this (as root):
X
X# /usr/local/sbin/sfscd
X# cat /sfs/sfs.fs.net:eu4cvv6wcnzscer98yn4qjpjnn9iv6pi/CONGRATULATIONS
X
XIf it worked, you will see:
X
XYou have set up a working SFS client.
X
XAfterwards, kill sfscd:
X
X# kill -TERM `cat /var/run/sfscd.pid`
X
XSFS is a complex and potentially security-affecting set of programs,
Xand if you wish to do more with it, e.g. setting up an SFS server
Xof your own, it is strongly recommended that you read the documentation
Xfully before proceeding. Start with the documentation link on
X<URL:http://www.fs.net>, and see any supplemental documentation in
X/usr/local/share/doc/sfs/.
X
XThere are sample startup files for sfscd and sfssd in /usr/local/etc/rc.d,
Xunder the name sfscd.sh.sample and sfssd.sh.sample respectively.
XThese startup files are not enabled by default.
END-of-sfs/files/share-doc-WELCOME
echo x - sfs/files/share-doc-README
sed 's/^X//' >sfs/files/share-doc-README << 'END-of-sfs/files/share-doc-README'
X*** Notes on SFS configuration:
X
XSFS is a complex system to configure, and cannot be adequately
Xdescribed in these limited files. It is strongly suggested that you
Xread the SFS documentation on <URL://www.fs.net/> before configuring
Xany of the various programs. A limited roadmap is provided for
Xreference here, but that is no substitute for a reading of the full
Xdocumentation. GNU info documentation ("info sfs") and manual pages
Xare installed as well.
X
XThe various programs in the SFS package are configured via files
Xin two directories: /usr/local/share/sfs/ (henceforth "share/sfs")
Xand /usr/local/etc/sfs (henceforth "etc/sfs"). The port installs
Xvarious configuration files into share/sfs directly from the
Xcompilation of the SFS package. These files should never be edited
Xdirectly; they can be overridden by the creation of new files in
Xetc/sfs, as detailed below.
X
X*** IMPORTANT SECURITY NOTE:
X
XSFS operates by interfacing with NFS processes on localhost
X(127.0.0.1). While every effort is taken to insure security, NFS
Xis a large subsystem with a long history of security problems.
XUtilizing SFS thus may expose you to NFS-related problems and
Xattacks. It is strongly suggested that you read and ponder the
Xsecurity considerations section of the SFS documentation before
Xsetting up an SFS client or server. Additionally, it is STRONGLY
Xsuggested that you set up a software firewall on any SFS client or
Xserver machine to block unauthorized traffic to NFS-related programs
Xfrom other machines to the non-localhost IP addresses of your
Xmachine. Discussions of how best to do this are outside the scope
Xof this document; consult your local guru, users group, mailing
Xlist, or search engine.
X
X*** Starting the SFS daemons (client and server):
X
XThere are sample startup files for sfscd and sfssd in /usr/local/etc/rc.d,
Xunder the name sfscd.sh.sample and sfssd.sh.sample respectively.
XThese startup files are not enabled by default. Copy the files to
Xsfscd.sh or sfssd.sh to enable sfscd or sfssd (respectively) on
Xsystem boot.
X
Xsfscd and sfssd also run nicely under Daniel Bernstein's daemontools
Xpackage (/usr/ports/sysutils/daemontools or
X<URL:http://cr.yp.to/daemontools.html>); the -d flag makes the main
Xprocess stay in the foreground, and sends logs to stderr for easy
Xprocessing by multilog.
X
X*** Setting up an SFS client
X
X1) Set up sfscd to start on boot, via /usr/local/etc/rc.d/sfscd.sh or
X some other method of your preference.
X
X2) Put the following line into /etc/rc.conf:
X
Xnfs_client_enable="YES"
X
X3) Set up a firewall to prevent NFS traffic from outside the machine from
X contacting your NFS processes.
X
X4) Reboot. You should now have a working SFS client, which you can test
X via the following command:
X
X$ cat /sfs/sfs.fs.net:eu4cvv6wcnzscer98yn4qjpjnn9iv6pi/CONGRATULATIONS
XYou have set up a working SFS client.
X
X*** Setting up an SFS server
X
X(You do not need to set up an SFS host key on the server machine;
Xthe port installation does this for you in
X/usr/local/etc/sfs/sfs_host_key.)
X
X1) Set up sfssd to start on boot, via /usr/local/etc/rc.d/sfssd.sh or
X some other method of your preference.
X
X2) Put the following lines into /etc/rc.conf:
X
Xmountd_flags=""
Xnfs_reserved_port_only="YES"
Xnfs_server_enable="YES"
Xportmap_enable="YES"
X
X If the following line occurs in /etc/rc.conf, remove it:
X
Xweak_mountd_authentication="YES"
X
X3) Set up a firewall to prevent NFS traffic from outside the machine from
X contacting your NFS processes.
X
X4) Create a suitable /usr/local/etc/sfs/sfsrwsd_config file, e.g.:
X
XExport /root/sfsroot / R
XExport /usr/src /src R
XExport /usr/ports /ports R
XExport /local/baz /local/baz
X
X5) Add any local filesystems that are being exported to /etc/exports, and
X export them to localhost, e.g.:
X
X/root/sfsroot 127.0.0.1
X/usr/src /usr/ports 127.0.0.1
X/local/baz 127.0.0.1
X
X NOTA BENE: any directories exported via SFS must follow all NFS
X export rules, i.e. no symlinks in the exported directory pathname,
X the exported path must be absolute to the physical mount point. If
X you want to export /usr/ports via SFS, and /usr/ports is really a
X symlink to /vol/h0/ports, you have to use:
X
XExport /vol/h0/ports /ports
X
X not:
X
XExport /usr/ports /ports
X
X Similarly, /etc/exports must reference /vol/h0/ports rather than
X /usr/ports.
X
X6) Make an empty directory structure mirroring your SFS namespace, e.g.:
X
X# mkdir /root/sfsroot
X# mkdir /root/sfsroot/src
X# mkdir /root/sfsroot/ports
X# mkdir /root/sfsroot/local
X# mkdir /root/sfsroot/local/baz
X
X7) Reboot. You should now have a working SFS server. sfssd will emit a
X message into /var/log/messages like the following:
X
Xsfsrwsd: serving <hostname>:<SFS key>
X
X From a DIFFERENT machine with an SFS client already installed
X and running, attempt to access /sfs/<hostname>:<SFS key>. Note
X that the SFS client machine will have to be able to connect to
X TCP port 4 on the SFS server machine. Note also that you must
X test your SFS server from a separate SFS client machine to avoid
X deadlock issues; see the SFS documentation for more details.
X
X If your server setup has been successful, the client machine
X should be able to see src, ports, and local/baz in the root
X directory of the SFS mount.
X
X8) Consider using your machine's firewall to restrict who has access
X to your SFS server by restricting access to TCP port 4.
X
XAdvanced SFS server configurations, such as user authentication,
Xis outside the scope of this document. Read the full SFS documentation
Xfor details.
X
X*** SFS configuration files:
X
X[ The following section is taken nearly verbatim from
X<URL:http://www.fs.net/sfs/new-york.lcs.mit.edu:85xq6pznt4mgfvj4mb23x6b8adak55ue/pub/sfswww/sfs.html#SFS%20configuration>. ]
X
XSFS comprises a number of programs, many of which have configuration
Xfiles. All programs look for configuration files in two directories--first
X/usr/local/etc/sfs, then, if they don't find the file there, in
X/usr/local/share/sfs.
X
XThis port installs reasonable defaults in /usr/local/share/sfs
Xfor all configuration files except sfsrwsd_config. On particular
Xhosts where you wish to change the default behavior, you can override
Xthe default configuration file by creating a new file of the same
Xname in /usr/local/etc/sfs.
X
XThe sfs_config file contains system-wide configuration parameters
Xfor most of the programs comprising SFS. Note that
X/usr/local/share/sfs/sfs_config is always parsed, even if
X/usr/local/etc/sfs/sfs_config exists. Options in
X/usr/local/etc/sfs/sfs_config simply override the defaults in
X/usr/local/share/sfs/sfs_config. For the other configuration files,
Xa file in /usr/local/etc/sfs/ entirely overrides the version in
X/usr/local/share/sfs/.
X
XIf you are running a server, you will need to create an sfsrwsd_config
Xfile to tell SFS what directories to export, and possibly an
Xsfsauthd_config if you wish to share the database of user public
Xkeys across several file servers.
X
XThe sfssd_config file contains information about which protocols
Xand services to route to which daemons on an SFS server, including
Xsupport for backwards compatibility across several versions of SFS.
XYou probably don't need to change this file.
X
Xsfs_srp_params contains some cryptographic parameters for retrieving
Xkeys securely over the network with a passphrase (as with the sfskey
Xadd usr@server command).
X
Xsfscd_config contains information about extensions to the SFS
Xprotocol and which kinds of file servers to route to which daemons.
XYou almost certainly should not touch this file unless you are
Xdeveloping new versions of the SFS software.
X
XNote that configuration command names are case-insensitive in all
Xconfiguration files (though the arguments are not).
END-of-sfs/files/share-doc-README
echo x - sfs/pkg-plist
sed 's/^X//' >sfs/pkg-plist << 'END-of-sfs/pkg-plist'
Xbin/dirsearch
Xbin/newaid
Xbin/rex
Xbin/rpcc
Xbin/sfsagent
Xbin/sfskey
Xbin/ssu
X@unexec if [ -f %D/etc/rc.d/sfscd.sh ]; then cmp -s %D/etc/rc.d/sfscd.sh.sample %D/etc/rc.d/sfscd.sh && rm -f %D/etc/rc.d/sfscd.sh || echo "${PKG_PREFIX}/etc/rc.d/sfscd.sh is different than distribution sample, leaving for manual cleanup." | fmt; fi
Xetc/rc.d/sfscd.sh.sample
X@unexec if [ -f %D/etc/rc.d/sfssd.sh ]; then cmp -s %D/etc/rc.d/sfssd.sh.sample %D/etc/rc.d/sfssd.sh && rm -f %D/etc/rc.d/sfssd.sh || echo "${PKG_PREFIX}/etc/rc.d/sfssd.sh is different than distribution sample, leaving for manual cleanup." | fmt; fi
Xetc/rc.d/sfssd.sh.sample
Xetc/sfs/sfsrwsd_config.sample
Xinclude/sfs
Xinclude/sfs-0.6/aclnt.h
Xinclude/sfs-0.6/aes.h
Xinclude/sfs-0.6/afsnode.h
Xinclude/sfs-0.6/agentconn.h
Xinclude/sfs-0.6/agentmisc.h
Xinclude/sfs-0.6/aiod.h
Xinclude/sfs-0.6/aiod_prot.h
Xinclude/sfs-0.6/aios.h
Xinclude/sfs-0.6/amisc.h
Xinclude/sfs-0.6/arc4.h
Xinclude/sfs-0.6/arena.h
Xinclude/sfs-0.6/arpc.h
Xinclude/sfs-0.6/array.h
Xinclude/sfs-0.6/asrv.h
Xinclude/sfs-0.6/async.h
Xinclude/sfs-0.6/autoconf.h
Xinclude/sfs-0.6/axprt.h
Xinclude/sfs-0.6/axprt_crypt.h
Xinclude/sfs-0.6/backoff.h
Xinclude/sfs-0.6/bbuddy.h
Xinclude/sfs-0.6/bench.h
Xinclude/sfs-0.6/bigint.h
Xinclude/sfs-0.6/bitvec.h
Xinclude/sfs-0.6/blowfish.h
Xinclude/sfs-0.6/callback.h
Xinclude/sfs-0.6/cbuf.h
Xinclude/sfs-0.6/crypt.h
Xinclude/sfs-0.6/crypt_prot.h
Xinclude/sfs-0.6/crypt_prot.x
Xinclude/sfs-0.6/crypthash.h
Xinclude/sfs-0.6/dns.h
Xinclude/sfs-0.6/dnsparse.h
Xinclude/sfs-0.6/err.h
Xinclude/sfs-0.6/esign.h
Xinclude/sfs-0.6/fdlim.h
Xinclude/sfs-0.6/getfh3.h
Xinclude/sfs-0.6/hashcash.h
Xinclude/sfs-0.6/ihash.h
Xinclude/sfs-0.6/init.h
Xinclude/sfs-0.6/itree.h
Xinclude/sfs-0.6/keyfunc.h
Xinclude/sfs-0.6/list.h
Xinclude/sfs-0.6/modalg.h
Xinclude/sfs-0.6/mount_prot.h
Xinclude/sfs-0.6/mount_prot.x
Xinclude/sfs-0.6/msb.h
Xinclude/sfs-0.6/nfs3_ext.x
Xinclude/sfs-0.6/nfs3_nonnul.h
Xinclude/sfs-0.6/nfs3_prot.h
Xinclude/sfs-0.6/nfs3_prot.x
Xinclude/sfs-0.6/nfs3close_prot.h
Xinclude/sfs-0.6/nfs3close_prot.x
Xinclude/sfs-0.6/nfs3exp_prot.h
Xinclude/sfs-0.6/nfs3exp_prot.x
Xinclude/sfs-0.6/nfs_prot.h
Xinclude/sfs-0.6/nfs_prot.x
Xinclude/sfs-0.6/nfsmounter.h
Xinclude/sfs-0.6/nfsmounter.x
Xinclude/sfs-0.6/nfsserv.h
Xinclude/sfs-0.6/nfstrans.h
Xinclude/sfs-0.6/opnew.h
Xinclude/sfs-0.6/parseopt.h
Xinclude/sfs-0.6/password.h
Xinclude/sfs-0.6/pcre.h
Xinclude/sfs-0.6/pmap_prot.h
Xinclude/sfs-0.6/pmap_prot.x
Xinclude/sfs-0.6/prime.h
Xinclude/sfs-0.6/prng.h
Xinclude/sfs-0.6/qhash.h
Xinclude/sfs-0.6/rabin.h
Xinclude/sfs-0.6/refcnt.h
Xinclude/sfs-0.6/rex.h
Xinclude/sfs-0.6/rex_prot.h
Xinclude/sfs-0.6/rex_prot.x
Xinclude/sfs-0.6/rpctypes.h
Xinclude/sfs-0.6/rwfd.h
Xinclude/sfs-0.6/rxx.h
Xinclude/sfs-0.6/seqno.h
Xinclude/sfs-0.6/serial.h
Xinclude/sfs-0.6/sfs-internal.h
Xinclude/sfs-0.6/sfs_prot.h
Xinclude/sfs-0.6/sfs_prot.x
Xinclude/sfs-0.6/sfsagent.h
Xinclude/sfs-0.6/sfsagent.x
Xinclude/sfs-0.6/sfsauth_prot.h
Xinclude/sfs-0.6/sfsauth_prot.x
Xinclude/sfs-0.6/sfscd_prot.h
Xinclude/sfs-0.6/sfscd_prot.x
Xinclude/sfs-0.6/sfsclient.h
Xinclude/sfs-0.6/sfsconnect.h
Xinclude/sfs-0.6/sfskeymisc.h
Xinclude/sfs-0.6/sfsmisc.h
Xinclude/sfs-0.6/sfsro_prot.h
Xinclude/sfs-0.6/sfsro_prot.x
Xinclude/sfs-0.6/sfsserv.h
Xinclude/sfs-0.6/sfstty.h
Xinclude/sfs-0.6/sha1.h
Xinclude/sfs-0.6/srp.h
Xinclude/sfs-0.6/stllike.h
Xinclude/sfs-0.6/str.h
Xinclude/sfs-0.6/suio++.h
Xinclude/sfs-0.6/sysconf.h
Xinclude/sfs-0.6/tiger.h
Xinclude/sfs-0.6/union.h
Xinclude/sfs-0.6/uvfstrans.h
Xinclude/sfs-0.6/vatmpl.h
Xinclude/sfs-0.6/vec.h
Xinclude/sfs-0.6/wmstr.h
Xinclude/sfs-0.6/xdr_suio.h
Xinclude/sfs-0.6/xdrmisc.h
Xinclude/sfs-0.6/xhinfo.h
Xinclude/sfs.h
X@dirrm include/sfs-0.6
X@unexec install-info --delete %D/info/sfs.info %D/info/dir
Xinfo/sfs.info
Xinfo/sfs.info-1
Xinfo/sfs.info-2
X@exec install-info %D/info/sfs.info %D/info/dir
Xlib/libsfs.a
Xlib/sfs
Xlib/sfs-0.6/aiod
Xlib/sfs-0.6/connect
Xlib/sfs-0.6/libarpc.a
Xlib/sfs-0.6/libarpc.la
Xlib/sfs-0.6/libasync.a
Xlib/sfs-0.6/libasync.la
Xlib/sfs-0.6/libsfscrypt.a
Xlib/sfs-0.6/libsfscrypt.la
Xlib/sfs-0.6/libsfsmisc.a
Xlib/sfs-0.6/libsfsmisc.la
Xlib/sfs-0.6/libsvc.a
Xlib/sfs-0.6/libsvc.la
Xlib/sfs-0.6/listen
Xlib/sfs-0.6/mallock.o
Xlib/sfs-0.6/moduled
Xlib/sfs-0.6/newaid
Xlib/sfs-0.6/nfsmounter
Xlib/sfs-0.6/pathinfo
Xlib/sfs-0.6/proxy
Xlib/sfs-0.6/ptyd
Xlib/sfs-0.6/rexd
Xlib/sfs-0.6/sfsauthd
Xlib/sfs-0.6/sfsrwcd
Xlib/sfs-0.6/sfsrwsd
Xlib/sfs-0.6/suidconnect
Xlib/sfs-0.6/ttyd
Xlib/sfs-0.6/xfer
X@dirrm lib/sfs-0.6
Xsbin/funmount
Xsbin/sfscd
Xsbin/sfssd
Xshare/doc/sfs/WELCOME
Xshare/doc/sfs/README
Xshare/doc/sfs/README.packageblurb
X@dirrm share/doc/sfs
Xshare/sfs/sfs_config
Xshare/sfs/sfs_srp_parms
Xshare/sfs/sfsauthd_config
Xshare/sfs/sfscd_config
Xshare/sfs/sfssd_config
X@dirrm share/sfs
END-of-sfs/pkg-plist
echo x - sfs/Makefile
sed 's/^X//' >sfs/Makefile << 'END-of-sfs/Makefile'
X# Ports collection makefile for: sfs
X# Date created: 2002-07-11
X# Whom: Michael Handler <handler@grendel.net>
X# Matthew Dodd <winter@jurai.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME= sfs
XPORTVERSION= 0.6
XPORTREVISION= 0
XCATEGORIES= security net
XMASTER_SITES= http://www.fs.net/sfs/new-york.lcs.mit.edu:85xq6pznt4mgfvj4mb23x6b8adak55ue/pub/sfswww/dist/
X
XMAINTAINER= handler@grendel.net
X
X.include <bsd.port.pre.mk>
X
XUSE_GMAKE= yes
XUSE_OPENSSL= yes
X
XGNU_CONFIGURE= yes
XCONFIGURE_ARGS+=--with-sfsuser=sfs \
X --with-sfsgroup=sfs \
X --with-sfsdir=/var/spool/sfs \
X --with-etcdir=${PREFIX}/etc/sfs \
X --with-openssl=${OPENSSLBASE} \
X --disable-uvfs
X
X.if ${OSVERSION} > 500000
XLIB_DEPENDS+= gmp.5:${PORTSDIR}/math/libgmp4
XCONFIGURE_ARGS+=--with-gmp=${PREFIX}
X.else
XCONFIGURE_ARGS+=--with-gmp=/usr
X.endif
X
XMAN1= \
X rex.1 \
X sfsagent.1 \
X sfskey.1 \
X ssu.1
X
XMAN5= \
X sfs_config.5 \
X sfs_users.5 \
X sfscd_config.5 \
X sfssd_config.5 \
X sfs_srp_params.5 \
X sfsauthd_config.5 \
X sfsrwsd_config.5
X
XMAN8= \
X sfsauthd.8 \
X sfscd.8 \
X sfsrwsd.8 \
X sfssd.8
X
Xpost-extract:
X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/sfscd.sh > ${WRKSRC}/sfscd.sh
X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/sfssd.sh > ${WRKSRC}/sfssd.sh
X
Xpost-install:
X ${INSTALL_SCRIPT} ${WRKSRC}/sfscd.sh ${PREFIX}/etc/rc.d/sfscd.sh.sample
X ${INSTALL_SCRIPT} ${WRKSRC}/sfssd.sh ${PREFIX}/etc/rc.d/sfssd.sh.sample
X ${MKDIR} ${PREFIX}/etc/sfs
X ${INSTALL_DATA} ${FILESDIR}/etc-sfsrwsd_config.sample ${PREFIX}/etc/sfs/sfsrwsd_config.sample
X ${MKDIR} ${PREFIX}/share/doc/sfs
X ${INSTALL_DATA} ${FILESDIR}/share-doc-WELCOME ${PREFIX}/share/doc/sfs/WELCOME
X ${INSTALL_DATA} ${FILESDIR}/share-doc-README ${PREFIX}/share/doc/sfs/README
X ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sfs/README.packageblurb
X PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} POST-INSTALL
X
X.include <bsd.port.post.mk>
END-of-sfs/Makefile
echo x - sfs/distinfo
sed 's/^X//' >sfs/distinfo << 'END-of-sfs/distinfo'
XMD5 (sfs-0.6.tar.gz) = 0965e874ba18568655e1a7a3f273dc19
END-of-sfs/distinfo
echo x - sfs/pkg-comment
sed 's/^X//' >sfs/pkg-comment << 'END-of-sfs/pkg-comment'
XSelf-Certifying File System: A secure global network file system.
END-of-sfs/pkg-comment
echo x - sfs/pkg-descr
sed 's/^X//' >sfs/pkg-descr << 'END-of-sfs/pkg-descr'
XWWW: http://www.fs.net/
X
XSFS (Self-Certifying File System) is a secure, global file system
Xwith completely decentralized control. SFS lets you access your
Xfiles from anywhere and share them with anyone, anywhere. Anyone
Xcan set up an SFS server, and any user can access any server from
Xany client. SFS lets you share files across administrative realms
Xwithout involving administrators or certification authorities.
X
XSFS names file systems by public keys. Every remote file server is
Xmounted on a self-certifying pathname -- a directory of the form
X/sfs/LOCATION:HOSTID, where LOCATION is a DNS hostname and HOSTID
Xis a cryptographic hash of a public key. This naming scheme allows
Xfor completely decentralized control -- anyone can create a file
Xserver, and any user can access any file server from any client.
XVarious key management schemes can be built on top of SFS using
Xsymbolic links to map human-readable names to self-certifying
Xpathnames.
END-of-sfs/pkg-descr
echo x - sfs/pkg-install
sed 's/^X//' >sfs/pkg-install << 'END-of-sfs/pkg-install'
X#!/bin/sh
X
Xif [ -n "${PACKAGE_BUILDING}" ]; then
X exit 0
Xfi
X
Xif [ "$2" != "POST-INSTALL" ]; then
X exit 0
Xfi
X
XKEYFILE="$PKG_PREFIX/etc/sfs/sfs_host_key"
X
XUSER=sfs
XGROUP=sfs
XUID=71
XGID=71
XPW=/usr/sbin/pw
X
XSFSDIR=/var/spool/sfs
X
Xecho -n "Checking for group '$GROUP'... "
X
Xif ! ${PW} groupshow $GROUP >/dev/null 2>&1; then
X echo -n "doesn't exist, adding... "
X if ${PW} groupadd $GROUP -g ${GID}; then
X echo "success."
X else
X echo "FAILED!"
X exit 1
X fi
Xelse
X echo "exists."
Xfi
X
Xecho -n "Checking for user '$USER'... "
X
Xif ! ${PW} usershow $USER >/dev/null 2>&1; then
X echo -n "doesn't exist, adding... "
X if ${PW} useradd $USER -u ${UID} -c 'Self-Certifying File System' -d /nonexistent -g $GROUP -s /sbin/nologin -h -; then
X echo "success."
X else
X echo "FAILED!"
X exit 1
X fi
Xelse
X echo "exists."
Xfi
X
Xecho -n "Checking for SFS directory ($SFSDIR)... "
X
Xif [ -d "$SFSDIR" ]; then
X echo "already exists."
Xelse
X echo -n "creating... "
X if mkdir $SFSDIR; then
X echo "success."
X else
X echo "FAILED!"
X exit 1
X fi
Xfi
X
Xif ! chmod 750 $SFSDIR; then
X echo "chmod 750 $SFSDIR FAILED!"
X exit 1
Xfi
X
Xif ! chown $USER:$GROUP $SFSDIR; then
X echo "chown $USER:$GROUP $SFSDIR FAILED!"
X exit 1
Xfi
X
Xecho -n "Checking for SFS host key ($KEYFILE)... "
X
Xif [ -f "$KEYFILE" ]; then
X echo "already exists, not generating."
Xelse
X echo "doesn't exist, generating."
X echo "Starting sfscd for entropy services."
X $PKG_PREFIX/sbin/sfscd
X echo -n "Sleeping ten seconds to give sfscd time to start up... "
X sleep 10
X echo "done."
X $PKG_PREFIX/bin/sfskey gen -KP -n `uname -n` $KEYFILE
X echo -n "Key generation done, killing sfscd... "
X kill -TERM `cat /var/run/sfscd.pid`
X echo "done."
Xfi
X
Xcat $PKG_PREFIX/share/doc/sfs/WELCOME
X
Xexit 0
END-of-sfs/pkg-install
echo x - sfs/pkg-deinstall
sed 's/^X//' >sfs/pkg-deinstall << 'END-of-sfs/pkg-deinstall'
X#!/bin/sh
X
Xif [ -n "${PACKAGE_BUILDING}" ]; then
X exit 0
Xfi
X
Xif [ "$2" != "POST-DEINSTALL" ]; then
X exit 0
Xfi
X
XUSER=sfs
XGROUP=sfs
XPW=/usr/sbin/pw
X
XSFSDIR=/var/spool/sfs
X
Xif ${PW} groupshow "${GROUP}" >/dev/null 2>&1; then
X echo "If you're done with SFS permanently, delete the sfs group manually: pw groupdel ${GROUP}" | fmt
Xfi
X
Xif ${PW} usershow "${USER}" >/dev/null 2>&1; then
X echo
X echo "If you're done with SFS permanently, delete the sfs user manually: pw userdel ${USER}" | fmt
Xfi
X
Xif [ -d "$PKG_PREFIX/etc/sfs" ] && ! rmdir $PKG_PREFIX/etc/sfs 2>/dev/null; then
X echo
X echo "You may wish to investigate the contents of $PKG_PREFIX/etc/sfs and delete the directory if you're done with SFS permanently." | fmt
Xfi
X
Xif [ -d "$SFSDIR" ] && ! rmdir $SFSDIR 2>/dev/null; then
X echo
X echo "You may wish to investigate the contents of $SFSDIR and delete the directory if you're done with SFS permanently." | fmt
Xfi
END-of-sfs/pkg-deinstall
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207111035.g6BAZ8uQ092064>