Date: Tue, 02 Sep 2003 16:29:10 +0900 (JST) From: Hideyuki KURASHINA <rushani@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: nork@FreeBSD.org Subject: ports/56300: [Maintainer update] shells/scponly: scp is not allowed(by default), and etc Message-ID: <20030902.162910.104110970.rushani@FreeBSD.org> Resent-Message-ID: <200309020740.h827e92Z079362@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 56300
>Category: ports
>Synopsis: [Maintainer update] shells/scponly: scp is not allowed (by default), and etc
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 02 00:40:09 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Hideyuki KURASHINA
>Release:
>Organization:
>Environment:
>Description:
1. Do `make install' in /usr/ports/shells/scponly, simply, it results
minimal configuration of scponly; e.g. Only sftp is allowed,
but scp is not. This is inconsistent with
# cd /usr/ports/shells/scponly/
# make -V COMMENT
A tiny shell that only permits scp and sftp
^^^
2. Current Makefile will install scponlyc, which is setuid to root,
_by default_. The fact that installed setuid to root binary is
known after install in SECURITY REPORT. However, this is not
clear before build if not checking the Makefile.
3. ${PREFIX}/share/doc/scponly is used in Makefile.
>How-To-Repeat:
1. Compare config.h generated by doing `make configure' from port
with config.h generated by doing `./configure' from scponly dist.
2 & 3. Check /usr/ports/shells/scponly/Makefile.
>Fix:
1. Respect scponly dist config. This will also help people who
uses pakcage of this port.
2. Introduce WITH_SCPONLY_CHROOT knob. Utilize ECHO_MSG in
`pre-everything' and `post-install' targets.
3. Use ${DOCSDIR} in Makefile.
# This is already used in pkg-plist.
Patch is added;
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/Makefile,v
retrieving revision 1.8
diff -u -r1.8 Makefile
--- Makefile 25 Jul 2003 23:15:46 -0000 1.8
+++ Makefile 2 Sep 2003 06:32:51 -0000
@@ -15,21 +15,25 @@
#
# Core funcionality:
#
-# WITH_SCPONLY_WILDCARDS
+# WITHOUT_SCPONLY_WILDCARDS
# default: undefined
-# define if you want to enable wildcard processing.
+# define if you want to disable wildcard processing.
#
-# WITH_SCPONLY_SCP
+# WITHOUT_SCPONLY_SCP
# default: undefined
-# define if you want to enable vanilla scp compatibility.
+# define if you want to disable vanilla scp compatibility.
#
-# WITH_SCPONLY_GFTP
+# WITHOUT_SCPONLY_GFTP
# default: undefined
-# define if you want to enable gftp compatibility.
+# define if you want to disable gftp compatibility.
#
-# WITH_SCPONLY_WINSCP
+# WITHOUT_SCPONLY_WINSCP
# default: undefined
-# define if you want to enable WinSCP compatibility.
+# define if you want to disable WinSCP compatibility.
+#
+# WITH_SCPONLY_CHROOT
+# default: undefined
+# define if you want to use chroot functionality (set UID to root).
#
# WITH_SCPONLY_RSYNC
# default: undefined
@@ -56,47 +60,53 @@
MAN8= scponly.8
GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --enable-chrooted-binary
+PLIST_SUB?= SCPONLY_CHROOT="@comment "
.include <bsd.port.pre.mk>
-.if defined(WITH_SCPONLY_WILDCARDS)
-CONFIGURE_ARGS+=--enable-wildcards
-.else
+.if defined(WITHOUT_SCPONLY_WILDCARDS)
CONFIGURE_ARGS+=--disable-wildcards
.endif
-.if defined(WITH_SCPONLY_SCP)
-CONFIGURE_ARGS+=--enable-scp-compat
-.else
+.if defined(WITHOUT_SCPONLY_SCP)
CONFIGURE_ARGS+=--disable-scp-compat
.endif
-.if defined(WITH_SCPONLY_GFTP)
-CONFIGURE_ARGS+=--enable-gftp-compat
-.else
+.if defined(WITHOUT_SCPONLY_GFTP)
CONFIGURE_ARGS+=--disable-gftp-compat
.endif
-.if defined(WITH_SCPONLY_WINSCP)
-CONFIGURE_ARGS+=--enable-winscp-compat
-.else
+.if defined(WITHOUT_SCPONLY_WINSCP)
CONFIGURE_ARGS+=--disable-winscp-compat
.endif
+.if defined(WITH_SCPONLY_CHROOT)
+PLIST_SUB= SCPONLY_CHROOT=""
+CONFIGURE_ARGS+=--enable-chrooted-binary
+.endif
+
.if defined(WITH_SCPONLY_RSYNC)
BUILD_DEPENDS= rsync:${PORTSDIR}/net/rsync
RUN_DEPENDS= ${BUILD_DEPENDS}
CONFIGURE_ARGS+=--enable-rsync-compat
-.else
-CONFIGURE_ARGS+=--disable-rsync-compat
.endif
+pre-everything::
+ @${ECHO_MSG} ""
+ @${ECHO_MSG} "You can enable chroot functionality by defining WITH_SCPONLY_CHROOT."
+ @${ECHO_MSG} ""
+
post-install:
+.if defined(WITH_SCPONLY_CHROOT)
+ @${ECHO_MSG} ""
+ @${ECHO_MSG} "Run following script to setup chroot cage;"
+ @${ECHO_MSG} "${WRKSRC}/setup_chroot.sh"
+ @${ECHO_MSG} ""
+.endif
.if !defined(NOPORTDOCS)
- @${MKDIR} ${PREFIX}/share/doc/scponly
+ @${MKDIR} ${DOCSDIR}
.for i in README INSTALL TODO
- @${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/doc/scponly
+ @${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
.endfor
.endif
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/pkg-plist,v
retrieving revision 1.3
diff -u -r1.3 pkg-plist
--- pkg-plist 17 Apr 2003 18:40:51 -0000 1.3
+++ pkg-plist 1 Sep 2003 20:01:39 -0000
@@ -1,5 +1,5 @@
bin/scponly
-sbin/scponlyc
+%%SCPONLY_CHROOT%%sbin/scponlyc
etc/scponly/debuglevel
%%PORTDOCS%%%%DOCSDIR%%/README
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030902.162910.104110970.rushani>