ports/56300: [Maintainer update] shells/scponly: scp is not allowed(by default), and etc

Hideyuki KURASHINA rushani at FreeBSD.org
Tue Sep 2 07:40:12 UTC 2003 

>Number:         56300
>Category:       ports
>Synopsis:       [Maintainer update] shells/scponly: scp is not allowed (by default), and etc
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 02 00:40:09 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Hideyuki KURASHINA
>Release:        
>Organization:
>Environment:

>Description:

	1. Do `make install' in /usr/ports/shells/scponly, simply, it results
	   minimal configuration of scponly;  e.g. Only sftp is allowed,
	   but scp is not.  This is inconsistent with

	     # cd /usr/ports/shells/scponly/
	     # make -V COMMENT
	     A tiny shell that only permits scp and sftp
                                            ^^^
	2. Current Makefile will install scponlyc, which is setuid to root,
	   _by default_.  The fact that installed setuid to root binary is
	   known after install in SECURITY REPORT.  However, this is not
	   clear before build if not checking the Makefile.

	3. ${PREFIX}/share/doc/scponly is used in Makefile.

>How-To-Repeat:

	1. Compare config.h generated by doing `make configure' from port
	   with config.h generated by doing `./configure' from scponly dist.

	2 & 3. Check /usr/ports/shells/scponly/Makefile.

>Fix:

	1. Respect scponly dist config.  This will also help people who
	   uses pakcage of this port.

	2. Introduce WITH_SCPONLY_CHROOT knob. Utilize ECHO_MSG in
	   `pre-everything' and `post-install' targets.
	   
	3. Use ${DOCSDIR} in Makefile.
	   # This is already used in pkg-plist.

	Patch is added;

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/Makefile,v
retrieving revision 1.8
diff -u -r1.8 Makefile
--- Makefile	25 Jul 2003 23:15:46 -0000	1.8
+++ Makefile	2 Sep 2003 06:32:51 -0000
@@ -15,21 +15,25 @@
 #
 # Core funcionality:
 #
-# WITH_SCPONLY_WILDCARDS
+# WITHOUT_SCPONLY_WILDCARDS
 # default: undefined
-# define if you want to enable wildcard processing.
+# define if you want to disable wildcard processing.
 #
-# WITH_SCPONLY_SCP
+# WITHOUT_SCPONLY_SCP
 # default: undefined
-# define if you want to enable vanilla scp compatibility.
+# define if you want to disable vanilla scp compatibility.
 #
-# WITH_SCPONLY_GFTP
+# WITHOUT_SCPONLY_GFTP
 # default: undefined
-# define if you want to enable gftp compatibility.
+# define if you want to disable gftp compatibility.
 #
-# WITH_SCPONLY_WINSCP
+# WITHOUT_SCPONLY_WINSCP
 # default: undefined
-# define if you want to enable WinSCP compatibility.
+# define if you want to disable WinSCP compatibility.
+#
+# WITH_SCPONLY_CHROOT
+# default: undefined
+# define if you want to use chroot functionality (set UID to root).
 #
 # WITH_SCPONLY_RSYNC
 # default: undefined
@@ -56,47 +60,53 @@
 MAN8=		scponly.8
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--enable-chrooted-binary
+PLIST_SUB?=	SCPONLY_CHROOT="@comment "
 
 .include <bsd.port.pre.mk>
 
-.if defined(WITH_SCPONLY_WILDCARDS)
-CONFIGURE_ARGS+=--enable-wildcards
-.else
+.if defined(WITHOUT_SCPONLY_WILDCARDS)
 CONFIGURE_ARGS+=--disable-wildcards
 .endif
 
-.if defined(WITH_SCPONLY_SCP)
-CONFIGURE_ARGS+=--enable-scp-compat
-.else
+.if defined(WITHOUT_SCPONLY_SCP)
 CONFIGURE_ARGS+=--disable-scp-compat
 .endif
 
-.if defined(WITH_SCPONLY_GFTP)
-CONFIGURE_ARGS+=--enable-gftp-compat
-.else
+.if defined(WITHOUT_SCPONLY_GFTP)
 CONFIGURE_ARGS+=--disable-gftp-compat
 .endif
 
-.if defined(WITH_SCPONLY_WINSCP)
-CONFIGURE_ARGS+=--enable-winscp-compat
-.else
+.if defined(WITHOUT_SCPONLY_WINSCP)
 CONFIGURE_ARGS+=--disable-winscp-compat
 .endif
 
+.if defined(WITH_SCPONLY_CHROOT)
+PLIST_SUB=	SCPONLY_CHROOT=""
+CONFIGURE_ARGS+=--enable-chrooted-binary
+.endif
+
 .if defined(WITH_SCPONLY_RSYNC)
 BUILD_DEPENDS=	rsync:${PORTSDIR}/net/rsync
 RUN_DEPENDS=	${BUILD_DEPENDS}
 CONFIGURE_ARGS+=--enable-rsync-compat
-.else
-CONFIGURE_ARGS+=--disable-rsync-compat
 .endif
 
+pre-everything::
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "You can enable chroot functionality by defining WITH_SCPONLY_CHROOT."
+	@${ECHO_MSG} ""
+
 post-install:
+.if defined(WITH_SCPONLY_CHROOT)
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "Run following script to setup chroot cage;"
+	@${ECHO_MSG} "${WRKSRC}/setup_chroot.sh"
+	@${ECHO_MSG} ""
+.endif
 .if !defined(NOPORTDOCS)
-	@${MKDIR} ${PREFIX}/share/doc/scponly
+	@${MKDIR} ${DOCSDIR}
 .for i in README INSTALL TODO
-	@${INSTALL_DATA} ${WRKSRC}/$i ${PREFIX}/share/doc/scponly
+	@${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
 .endfor
 .endif
 
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/pkg-plist,v
retrieving revision 1.3
diff -u -r1.3 pkg-plist
--- pkg-plist	17 Apr 2003 18:40:51 -0000	1.3
+++ pkg-plist	1 Sep 2003 20:01:39 -0000
@@ -1,5 +1,5 @@
 bin/scponly
-sbin/scponlyc
+%%SCPONLY_CHROOT%%sbin/scponlyc
 etc/scponly/debuglevel
 %%PORTDOCS%%%%DOCSDIR%%/README
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list