Date: Wed, 12 Mar 2008 15:58:03 -0400 (EDT) From: "Philip M. Gollucci" <pgollucci@p6m7g8.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: rushani@FreeBSD.org Subject: ports/121651: shells/scponly: [PATCH]: update 4.6 -> 4.8 Message-ID: <200803121958.m2CJw309046646@piccollo.p6m7g8.net> Resent-Message-ID: <200803122020.m2CKK3Dh085399@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 121651 >Category: ports >Synopsis: shells/scponly: [PATCH]: update 4.6 -> 4.8 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Mar 12 20:20:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Philip M. Gollucci >Release: FreeBSD 8.0-CURRENT i386 >Organization: Riderway Inc. >Environment: System: FreeBSD piccollo.p6m7g8.net 8.0-CURRENT FreeBSD 8.0-CURRENT #1: Sun Mar 2 09:48:59 EST 2008 root@krillin.p6m7g8.net:/usr/obj/usr/src/sys/PICCOLLO i386 >Description: Makefile: 1) Variable /etc/shells into ETCSHELLS 2) Use SF Macro 3) Remove files/patch-helper.c (these options are allowed by default now) a) remove PATCH_STRIP 4) Make setup chroot cage instructions cut and pasteable 5) Add secondary category security 6) Add USE_RC_SUBR pkg-descr: 1) Update URL (previous redirects to this) files/scponlyc.in: 1) Convert to RCng style 2) Bug Fix: mount_devfs is not mount -t devfs dev /foo 3) Add a 'stop' to umount devfs systems ports/UPDATING 1) Add note about USE_RC_SUBR >How-To-Repeat: >Fix: --- shells_scponly.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/shells/scponly/Makefile,v retrieving revision 1.28 diff -u -r1.28 Makefile --- Makefile 3 Oct 2007 13:07:55 -0000 1.28 +++ Makefile 12 Mar 2008 19:42:56 -0000 @@ -70,11 +70,10 @@ # to be installed. PORTNAME= scponly -PORTVERSION= 4.6 -PORTREVISION= 3 -CATEGORIES= shells +PORTVERSION= 4.8 +CATEGORIES= shells security MASTER_SITES= http://www.sublimation.org/scponly/ \ - ${MASTER_SITE_SOURCEFORGE} + SF MASTER_SITE_SUBDIR= scponly EXTRACT_SUFX= .tgz @@ -83,9 +82,9 @@ MAN8= scponly.8 -GNU_CONFIGURE= yes +USE_RC_SUR= scponlyc -PATCH_STRIP= -p1 +GNU_CONFIGURE= yes OPTIONS= SCPONLY_WILDCARDS "wildcards processing" on \ SCPONLY_GFTP "gftp compatibility" on \ @@ -156,6 +155,8 @@ CONFIGURE_ARGS+=--enable-winscp-compat .endif +ETCSHELLS=/etc/shells + pre-everything:: @${ECHO_MSG} "From scponly 4.2, scp & WinSCP compatibilities are not" @${ECHO_MSG} "enabled by default. To enable those compatibilities," @@ -166,22 +167,22 @@ @${ECHO_MSG} "" post-install: - @${ECHO_MSG} "Updating /etc/shells" - @${CP} /etc/shells /etc/shells.bak - @(${GREP} -v ${PREFIX}/bin/scponly /etc/shells.bak; \ - ${ECHO_CMD} ${PREFIX}/bin/scponly) > /etc/shells - @${RM} /etc/shells.bak + @${ECHO_MSG} "Updating ${ETCSHELLS}" + @${CP} ${ETCSHELLS} ${ETCSHELLS}.bak + @(${GREP} -v ${PREFIX}/bin/scponly ${ETCSHELLS}.bak; \ + ${ECHO_CMD} ${PREFIX}/bin/scponly) > ${ETCSHELLS} + @${RM} ${ETCSHELLS}.bak .if defined(WITH_SCPONLY_CHROOT) - @${CP} /etc/shells /etc/shells.bak - @(${GREP} -v ${PREFIX}/sbin/scponlyc /etc/shells.bak; \ - ${ECHO_CMD} ${PREFIX}/sbin/scponlyc) > /etc/shells - @${RM} /etc/shells.bak + @${CP} ${ETCSHELLS} ${ETCSHELLS}.bak + @(${GREP} -v ${PREFIX}/sbin/scponlyc ${ETCSHELLS}.bak; \ + ${ECHO_CMD} ${PREFIX}/sbin/scponlyc) > ${ETCSHELLS} + @${RM} ${ETCSHELLS}.bak @${MKDIR} ${EXAMPLESDIR} @${INSTALL_SCRIPT} ${WRKSRC}/setup_chroot.sh ${EXAMPLESDIR} @${INSTALL_DATA} ${WRKSRC}/config.h ${EXAMPLESDIR} @${ECHO_MSG} "" @${ECHO_MSG} "To setup chroot cage, run following command:" - @${ECHO_MSG} " cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh" + @${ECHO_MSG} " cd ${EXAMPLESDIR} && sudo ./setup_chroot.sh" @${ECHO_MSG} "" .endif .if !defined(NOPORTDOCS) Index: distinfo =================================================================== RCS file: /home/ncvs/ports/shells/scponly/distinfo,v retrieving revision 1.14 diff -u -r1.14 distinfo --- distinfo 3 Jun 2006 02:59:04 -0000 1.14 +++ distinfo 12 Mar 2008 18:33:43 -0000 @@ -1,3 +1,3 @@ -MD5 (scponly-4.6.tgz) = 0425cb868cadd026851238452f1db907 -SHA256 (scponly-4.6.tgz) = dfa5a334d66150289a391aea4dc00d1b039c644fd1c628bdeddaa7b0710e01a7 -SIZE (scponly-4.6.tgz) = 96578 +MD5 (scponly-4.8.tgz) = 139ac9abd7f3b8dbc5c5520745318f8a +SHA256 (scponly-4.8.tgz) = 1693dd678355749c5d9e48ecdd4628dbfe71d82955afde950ee8d88b5adc01cf +SIZE (scponly-4.8.tgz) = 101687 Index: pkg-descr =================================================================== RCS file: /home/ncvs/ports/shells/scponly/pkg-descr,v retrieving revision 1.2 diff -u -r1.2 pkg-descr --- pkg-descr 3 Jan 2003 18:15:43 -0000 1.2 +++ pkg-descr 12 Mar 2008 18:37:51 -0000 @@ -9,6 +9,6 @@ -c.) The only commands allowed are "scp", "sftp-server" and "ls". Arguments to these commands are passed along unmolested. -WWW: http://www.sublimation.org/scponly/ +WWW: http://sublimation.org/scponly/wiki/index.php/Main_Page ---Ken McGlothlen (mcglk@artlogix.com) Index: files/scponlyc.in =================================================================== RCS file: /home/ncvs/ports/shells/scponly/files/scponlyc.in,v retrieving revision 1.1 diff -u -r1.1 scponlyc.in --- files/scponlyc.in 3 Oct 2007 13:07:09 -0000 1.1 +++ files/scponlyc.in 12 Mar 2008 19:33:41 -0000 @@ -1,56 +1,79 @@ #!/bin/sh +# +# $FreeBSD$ +# -ETCSHELLS="${ETCSHELLS:-/etc/shells}" -ETCPASSWD="${ETCPASSWD:-/etc/passwd}" +# PROVIDE: scponlyc +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown -# script to create devfs filesystems at boot time for scponlyc -# chroot'ed users. We will read ${ETCSHELLS} to determine -# where scponlyc is installed. Then we'll iterate through -# each user in ${ETCPASSWD} to find users whose shell is set to -# scponlyc. For each such user found, we will create a -# minimal devfs under ~/dev. +# Add the following lines to /etc/rc.conf to enable scponly: +# spconlyc_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable scponly +# scponlyc_shells (str): Set to "/etc/shells" by default. +# scponlyc_passwd (str): Set to "/etc/passwd" by default. + +. %%RC_SUBR%% + +scponlyc_shells="${scponlyc_shells:-/etc/shells}" +scponlyc_passwd="${scponlyc_passwd:-/etc/passwd}" + +name="scponlyc" +rcvar=`set_rcvar` + +start_cmd="scponlyc_startcmd" +stop_cmd="scponlyc_stopcmd" + +required_files="$scponlyc_shells $scponlyc_passwd" + +scponlyc=%%PREFIX%%/sbin/scponlyc make_devfs() { # $1 is the user name whose home directory needs a minimal # devfs created. If ~/dev exists, it will be deleted. eval DEV="~$1/dev" - while /sbin/umount "${DEV}" 2>/dev/null; do :; done + while umount "${DEV}" 2>/dev/null; do :; done rm -rf "${DEV}" mkdir -p "${DEV}" - if /sbin/mount_devfs devfs "${DEV}"; then - /sbin/devfs -m "${DEV}" rule -s 1 applyset && \ - /sbin/devfs -m "${DEV}" rule -s 2 applyset || \ - /sbin/umount "${DEV}" 2>/dev/null + if mount -t devfs dev "${DEV}"; then + devfs -m "${DEV}" rule -s 1 applyset && \ + devfs -m "${DEV}" rule -s 2 applyset || \ + umount "${DEV}" 2>/dev/null + fi +} + +users_configured() { + + if [ `grep -c "/scponlyc$" ${scponlyc_shells} 2>/dev/null` -ne 1 ]; then + exit 1 fi } +scponlyc_startcmd() { -scponlyc_startup() { - # $1 is the path to the /etc/passwd file + users_configured - grep "^[^#]*:.*:.*:.*:.*:.*:${SCPONLYC}$" < "$1" | - /usr/bin/awk -F: {'print $1'} | + grep "^[^#]*:.*:.*:.*:.*:.*:${scponlyc}$" ${scponlyc_passwd} | + awk -F: {'print $1'} | while read USER; do + echo "${USER}/dev" make_devfs "${USER}" done } -SCPONLYC=`/usr/bin/grep "/scponlyc$" ${ETCSHELLS} 2>/dev/null | /usr/bin/tail -1` +scponlyc_stopcmd() { + + users_configured -if [ "x${SCPONLYC}" = "x" ]; then - echo scponlyc is not defined in ${ETCSHELLS} >&2 - exit 1 -fi - -case "$1" in -start) - scponlyc_startup "${ETCPASSWD}" - echo -n ' scponlyc' - ;; -*) - echo "Usage: `basename $0` start" >&2 - ;; -esac + grep "^[^#]*:.*:.*:.*:.*:.*:${scponlyc}$" ${scponlyc_passwd} | + awk -F: {'print $1'} | + while read USER; do + echo "${USER}/dev" + eval DEV="~${USER}/dev" + umount ${DEV} 2>/dev/null + done +} -exit 0 +load_rc_config $name +run_rc_command "$1" --- shells_scponly.diff ends here --- --- UPDATING.diff begins here --- Index: UPDATING =================================================================== RCS file: /home/ncvs/ports/UPDATING,v retrieving revision 1.593 diff -u -r1.593 UPDATING --- UPDATING 5 Mar 2008 23:59:00 -0000 1.593 +++ UPDATING 12 Mar 2008 19:54:33 -0000 @@ -6,6 +6,17 @@ time you update your ports collection, before attempting any port upgrades. +20080312: + AFFECTS: users of shells/scponly + AUTHOR: pgollucci@p6m7g8.com + + Updated to 4.8. The rc.d script has been converted to the RCng framework. + + if you use the chrooted version you must now do: + echo "scponlyc_enable="YES" >> /etc/rc.conf + + See ${PREFIX}/etc/rc.d/scponlyc for other tunables. + 20080306: AFFECTS: users of mail/dovecot AUTHOR: ehaupt@FreeBSD.org --- UPDATING.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803121958.m2CJw309046646>