summaryrefslogtreecommitdiff
path: root/net-misc/scponly
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-02-29 18:01:47 +0000
committerV3n3RiX <venerix@redcorelinux.org>2020-02-29 18:01:47 +0000
commitceeeb463cc1eef97fd62eaee8bf2196ba04bc384 (patch)
tree9f47ee47c31a0f13f9496879cd88a1042550aa81 /net-misc/scponly
parent53cba99042fa967e2a93da9f8db806fe2d035543 (diff)
gentoo (leap year) resync : 29.02.2020
Diffstat (limited to 'net-misc/scponly')
-rw-r--r--net-misc/scponly/Manifest4
-rw-r--r--net-misc/scponly/files/scponly-4.8-sftp-server-path.patch42
-rw-r--r--net-misc/scponly/metadata.xml10
-rw-r--r--net-misc/scponly/scponly-4.8-r7.ebuild245
4 files changed, 299 insertions, 2 deletions
diff --git a/net-misc/scponly/Manifest b/net-misc/scponly/Manifest
index d63ee2342967..10c979f1f867 100644
--- a/net-misc/scponly/Manifest
+++ b/net-misc/scponly/Manifest
@@ -1,5 +1,7 @@
AUX scponly-4.8-gcc4.4.0.patch 555 BLAKE2B 0eff2d5cd94f60540dd1bbb6b6f9f1486abbb25e4a32d6eab5c94e55a3d14b77e4724b7c1e70f8a39369becc554d20953bc9f43d44923582f41ed02adc37f665 SHA512 fd9727364591d528e17845eb3e103728382fa7b476b9c0331f16f3e09dc469df7068412047a30b554578887e7897e80574ac820314ec0dae5d58909e3bb5f7de
AUX scponly-4.8-rsync.patch 7838 BLAKE2B 1d6191aee86b0e3e75e527dbb1f8dbf631940a34da3f29f36b0e55577555dc9ad02e2e787a8cd53aeab5a28d93da7dd528a486f1133fd7a04b91971774b4b2a1 SHA512 37885c9b46422ac034182f9c9f230b4e806ce8c894ebb6c621f0e2b3d5f46c91db902c2dae6aefe5471907025d400320e4eff37cc7c5cc4c6f7d8c88a38e53f8
+AUX scponly-4.8-sftp-server-path.patch 2692 BLAKE2B ead282d46cb25a6d8606fa65e538142c15dd0be82956c2c8a48c7d46cc9ec59605a4f1c10fc5235acb584945b00ee4c187391d198571d841b45225c328765b49 SHA512 86171549d894426d12eb2f8d65959d1be2e137327c135be31c762820a55256f5c4ac90a01f989c8bffd2b46b275de408912306209b5aba9a94b81dbc06ff5a24
DIST scponly-4.8.tgz 101687 BLAKE2B aa7250464fa3b51a439d35418c64d49f8595eaac6ffe710137c7c53b96bcf66a5ead38e9520b2cead7a829b57520f988f873eb713d5f52045cba4ef02c8e9b61 SHA512 134c008a7377cef7b8e0be483df8413e162a515967147f561d23b72bdef3dfbe70a8313811dfff6372b88f15c1ac8a4385831fcf329261276993c64d5040f29b
EBUILD scponly-4.8-r6.ebuild 6872 BLAKE2B 157742b3ba96711c41389bf038c112438de483145cfc30357499b3e2ddfb3cd9a1d7e5cdfa1c839cd7faaf9a0f82f938adb8f2f135ef7a6ca7ea1ba70728adb3 SHA512 a51fe4efa6d1aaf45aea4ad8c221e02f07533d5dbfff50b0bf34da73252ef5f6be80def1236611375bdbe18862dc60e5dbde24b7af3d56e664981247d34b2aa1
-MISC metadata.xml 1443 BLAKE2B 2a5a24d22c30cfafe590841b6d6e4eb73d9c42dddc469e617c79585eaa05a3a7b1bf31b6cc6fc0f7b1c521610d969e6c40d197af08e3dcce37b7ce65f67d259b SHA512 b44a26ac0944e8b0b99bfd62a21684b9846a52e416a2874a1af9bbcdf270ff337dd26a55a24c6b4dd131ba51ef3b7b40e1375478a14049392782a5adbb1fed07
+EBUILD scponly-4.8-r7.ebuild 6942 BLAKE2B 0a34a9674018a0ed6c4bc023fc2024c7cecc76dc9021a4512f30830ff13a9862db7d79eb38dc6e2042e8d462f4dfcc0f4e2303ce00cd15bfda953621e4bc986d SHA512 8f7564031f1f45c19aba9359225a6203d79f3a22a59c0cd7c5bbc547aa880447e9f1d18638cc73e8d3167751224b016e8370b7bbd5adbeefe5cd80d881801411
+MISC metadata.xml 1730 BLAKE2B b6663a37fe260a5e1552d5bf173d96021cf5588a917a54e3e892eddf7be9618e8b2244328ca6bf87fe8dda4777349fb703f09075975b754026403742a590238a SHA512 86aedd96e8b14fa8b86a2f69a253191777e9292e4547dd8e4e07e11b22068bf1a7b6404a7a0ee4108b7ecc4d99a952c81999482aa9488d45b92ae9c4ba451938
diff --git a/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch
new file mode 100644
index 000000000000..c191de877518
--- /dev/null
+++ b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch
@@ -0,0 +1,42 @@
+diff -urNp scponly-4.8-orig/configure scponly-4.8-dwok/configure
+--- scponly-4.8-orig/configure 2019-11-26 16:34:19.028544577 +0100
++++ scponly-4.8-dwok/configure 2019-11-26 16:33:24.571763528 +0100
+@@ -3244,7 +3244,7 @@ else
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" | sed -e 's/:/ /'`"
++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" | sed -e 's/:/ /'`"
+ for as_dir in $as_dummy
+ do
+ IFS=$as_save_IFS
+@@ -4240,7 +4240,7 @@ else
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-as_dummy="`echo "$PATH:/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" | sed -e 's/:/ /'`"
++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" | sed -e 's/:/ /'`"
+ for as_dir in $as_dummy
+ do
+ IFS=$as_save_IFS
+diff -urNp scponly-4.8-orig/configure.in scponly-4.8-dwok/configure.in
+--- scponly-4.8-orig/configure.in 2019-11-26 16:34:19.028544577 +0100
++++ scponly-4.8-dwok/configure.in 2019-11-26 16:33:28.491819749 +0100
+@@ -231,7 +231,7 @@ AC_ARG_ENABLE([quota-compat],
+
+ if test "x$scponly_scp_compat" != "x"; then
+ AC_MSG_NOTICE([enabling core WinSCP and Vanilla SCP binaries...])
+- SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh])
++ SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh])
+ SCPONLY_PATH_PROG_DEFINE([PROG_LS], [ls], [/bin:/usr/bin:/sbin:/usr/sbin])
+ SCPONLY_PATH_PROG_DEFINE([PROG_SCP], [scp], [/bin:/usr/bin:/sbin:/usr/sbin])
+ SCPONLY_PATH_PROG_DEFINE([PROG_RM], [rm], [/bin:/usr/bin:/sbin:/usr/sbin])
+@@ -297,7 +297,7 @@ if test "x$scponly_sftp_compat" != "x";
+ if test "x$scponly_explicit_sftpserver_path" = "x"; then
+ dnl Informed guess:
+ SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],
+- [/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec])
++ [/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec])
+ dnl Debian uses /usr/lib
+ dnl Red Hat uses /usr/libexec/openssh
+ dnl Many a *BSD uses $PATH itself (which is implicit + checked 1st)
diff --git a/net-misc/scponly/metadata.xml b/net-misc/scponly/metadata.xml
index cc5fae365f3a..38864027ac19 100644
--- a/net-misc/scponly/metadata.xml
+++ b/net-misc/scponly/metadata.xml
@@ -1,7 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
- <!-- maintainer-needed -->
+ <maintainer type="person">
+ <email>hlein@korelogic.com</email>
+ <name>Hank Leininger</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
<longdescription lang="en">
scponly is an alternative 'shell' (of sorts) for system administrators
who would like to provide access to remote users to both read and write
@@ -10,6 +17,7 @@
ssh suite of applications.
</longdescription>
<use>
+ <flag name="chroot">Enables adding and configuring an 'scponlyc' chrooted user</flag>
<flag name="rsync">Enables rsync compatibility with potential security risks</flag>
<flag name="unison">Enables Unison compatibility with potential security risks</flag>
<flag name="subversion">Enables Subversion compatibility with potential security risks</flag>
diff --git a/net-misc/scponly/scponly-4.8-r7.ebuild b/net-misc/scponly/scponly-4.8-r7.ebuild
new file mode 100644
index 000000000000..8128ad5d15a5
--- /dev/null
+++ b/net-misc/scponly/scponly-4.8-r7.ebuild
@@ -0,0 +1,245 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit multilib readme.gentoo-r1 toolchain-funcs
+
+DESCRIPTION="A tiny pseudoshell which only permits scp and sftp"
+HOMEPAGE="https://github.com/scponly/scponly"
+SRC_URI="mirror://sourceforge/scponly/${P}.tgz"
+
+LICENSE="BSD-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="chroot +sftp scp winscp gftp rsync unison subversion wildcards quota passwd logging"
+REQUIRED_USE="
+ || ( sftp scp winscp rsync unison subversion )
+"
+
+RDEPEND="
+ sys-apps/sed
+ net-misc/openssh
+ chroot? ( acct-user/scponly acct-group/scponly )
+ quota? ( sys-fs/quota )
+ rsync? ( net-misc/rsync )
+ subversion? ( dev-vcs/subversion )
+ unison? ( net-misc/unison:= )
+"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+ "${FILESDIR}/${P}-rsync.patch"
+ "${FILESDIR}/${P}-gcc4.4.0.patch"
+ "${FILESDIR}/${P}-sftp-server-path.patch"
+)
+
+src_configure() {
+ CFLAGS="${CFLAGS} ${LDFLAGS}" econf \
+ --with-sftp-server="/usr/$(get_libdir)/misc/sftp-server" \
+ --disable-restrictive-names \
+ $(use_enable chroot chrooted-binary) \
+ $(use_enable chroot chrooted-checkdir) \
+ $(use_enable winscp winscp-compat) \
+ $(use_enable gftp gftp-compat) \
+ $(use_enable scp scp-compat) \
+ $(use_enable sftp sftp) \
+ $(use_enable quota quota-compat) \
+ $(use_enable passwd passwd-compat) \
+ $(use_enable rsync rsync-compat) \
+ $(use_enable unison unison-compat) \
+ $(use_enable subversion svn-compat) \
+ $(use_enable subversion svnserv-compat) \
+ $(use_enable logging sftp-logging-compat) \
+ $(use_enable wildcards wildcards)
+}
+
+src_compile() {
+ emake CC=$(tc-getCC)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README SECURITY TODO
+
+ if use chroot ; then
+ local DOC_CONTENTS="You might want to run\n
+ emerge --config =${CATEGORY}/${PF}\n
+ \nto setup the chroot. Otherwise you will have to setup chroot
+ manually. Please read the docs in /usr/share/doc/${PF} for more
+ informations, also the SECURITY file."
+ ( docinto chroot; dodoc setup_chroot.sh config.h )
+ # don't compress setup-script, so it is usable if necessary
+ docompress -x /usr/share/doc/${PF}/chroot
+ readme.gentoo_create_doc
+ fi
+}
+
+pkg_config() {
+ if ! use chroot ; then
+ einfo "USE=chroot not enabled, nothing to configure."
+ return
+ fi
+
+ myuser="scponly"
+ myhome="/var/chroot/${myuser}"
+ mysubdir="/pub"
+
+ # pkg_postinst is based on ${S}/setup_chroot.sh.
+
+ einfo "Collecting binaries and libraries..."
+
+ # Binaries launched in sftp compat mode
+ if has_version "=${CATEGORY}/${PF}[sftp]" ; then
+ BINARIES="/usr/$(get_libdir)/misc/sftp-server"
+ fi
+
+ # Binaries launched by vanilla- and WinSCP modes
+ if has_version "=${CATEGORY}/${PF}[scp]" || \
+ has_version "=${CATEGORY}/${PF}[winscp]" ; then
+ BINARIES="${BINARIES} /usr/bin/scp /bin/ls /bin/rm /bin/ln /bin/mv"
+ BINARIES="${BINARIES} /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir"
+ fi
+
+ # Binaries launched in WinSCP compatibility mode
+ if has_version "=${CATEGORY}/${PF}[winscp]" ; then
+ BINARIES="${BINARIES} /bin/pwd /bin/groups /usr/bin/id /bin/echo"
+ fi
+
+ # Rsync compatability mode
+ if has_version "=${CATEGORY}/${PF}[rsync]" ; then
+ BINARIES="${BINARIES} /usr/bin/rsync"
+ fi
+
+ # Unison compatability mode
+ if has_version "=${CATEGORY}/${PF}[unison]" ; then
+ BINARIES="${BINARIES} /usr/bin/unison"
+ fi
+
+ # subversion cli/svnserv compatibility
+ if has_version "=${CATEGORY}/${PF}[subversion]" ; then
+ BINARIES="${BINARIES} /usr/bin/svn /usr/bin/svnserve"
+ fi
+
+ # passwd compatibility
+ if has_version "=${CATEGORY}/${PF}[passwd]" ; then
+ BINARIES="${BINARIES} /usr/bin/passwd"
+ fi
+
+ # quota compatibility
+ if has_version "=${CATEGORY}/${PF}[quota]" ; then
+ BINARIES="${BINARIES} /usr/bin/quota"
+ fi
+
+ # build lib dependencies
+ LIB_LIST=$(ldd ${BINARIES} | sed -n 's:.* => \(/[^ ]\+\).*:\1:p' | sort -u)
+
+ # search and add ld*.so
+ for LIB in /$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 \
+ /usr/libexec/ld.so /$(get_libdir)/ld-linux*.so.2 /usr/libexec/ld-elf.so.1; do
+ [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"
+ done
+
+ # search and add libnss_*.so
+ for LIB in /$(get_libdir)/libnss_{compat,files}*.so.*; do
+ [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"
+ done
+
+ # create base dirs
+ if [ ! -d "${myhome}" ]; then
+ die "Home '${myhome}' should have been created by acct-user but does not exist."
+ else
+ einfo "Setting owner for ${myhome}"
+ chown 0:0 "${myhome}"
+ fi
+
+ if [ ! -d "${myhome}/etc" ]; then
+ einfo "Creating ${myhome}/etc"
+ install -o0 -g0 -m0755 -d "${myhome}/etc"
+ fi
+
+ if [ ! -d "${myhome}/$(get_libdir)" ]; then
+ einfo "Creating ${myhome}/$(get_libdir)"
+ install -o0 -g0 -m0755 -d "${myhome}/$(get_libdir)"
+ fi
+
+ if [ ! -e "${myhome}/lib" ]; then
+ einfo "Creating ${myhome}/lib"
+ ln -snf $(get_libdir) "${myhome}/lib"
+ fi
+
+ if [ ! -d "${myhome}/usr/$(get_libdir)" ]; then
+ einfo "Creating ${myhome}/usr/$(get_libdir)"
+ install -o0 -g0 -m0755 -d "${myhome}/usr/$(get_libdir)"
+ fi
+
+ if [ ! -e "${myhome}/usr/lib" ]; then
+ einfo "Creating ${myhome}/usr/lib"
+ ln -snf $(get_libdir) "${myhome}/usr/lib"
+ fi
+
+ if [ ! -d "${myhome}${mysubdir}" ]; then
+ einfo "Creating ${myhome}${mysubdir} directory for uploading files"
+ install -o${myuser} -g${myuser} -m0755 -d "${myhome}${mysubdir}"
+ fi
+
+ # create /dev/null (Bug 135505)
+ if [ ! -e "${myhome}/dev/null" ]; then
+ install -o0 -g0 -m0755 -d "${myhome}/dev"
+ mknod -m0777 "${myhome}/dev/null" c 1 3
+ fi
+
+ # install binaries
+ for BIN in ${BINARIES}; do
+ einfo "Install ${BIN}"
+ install -o0 -g0 -m0755 -d "${myhome}$(dirname ${BIN})"
+ if [ "${BIN}" = "/usr/bin/passwd" ]; then # needs suid
+ install -p -o0 -g0 -m04711 "${BIN}" "${myhome}/${BIN}"
+ else
+ install -p -o0 -g0 -m0755 "${BIN}" "${myhome}/${BIN}"
+ fi
+ done
+
+ # install libs
+ for LIB in ${LIB_LIST}; do
+ einfo "Install ${LIB}"
+ install -o0 -g0 -m0755 -d "${myhome}$(dirname ${LIB})"
+ install -p -o0 -g0 -m0755 "${LIB}" "${myhome}/${LIB}"
+ done
+
+ # create ld.so.conf
+ einfo "Creating /etc/ld.so.conf"
+ for LIB in ${LIB_LIST}; do
+ dirname ${LIB}
+ done | sort -u | while read DIR; do
+ if ! grep 2>/dev/null -q "^${DIR}$" "${myhome}/etc/ld.so.conf"; then
+ echo "${DIR}" >> "${myhome}/etc/ld.so.conf"
+ fi
+ done
+ ldconfig -r "${myhome}"
+
+ # update shells
+ einfo "Updating /etc/shells"
+ grep 2>/dev/null -q "^/usr/bin/scponly$" /etc/shells \
+ || echo "/usr/bin/scponly" >> /etc/shells
+
+ grep 2>/dev/null -q "^/usr/sbin/scponlyc$" /etc/shells \
+ || echo "/usr/sbin/scponlyc" >> /etc/shells
+
+ # create /etc/passwd
+ if [ ! -e "${myhome}/etc/passwd" ]; then
+ (
+ echo "root:x:0:0:root:/:/bin/sh"
+ sed -n "s|^\(${myuser}:[^:]*:[^:]*:[^:]*:[^:]*:\).*|\1${mysubdir}:/bin/sh|p" /etc/passwd
+ ) > "${myhome}/etc/passwd"
+ fi
+
+ # create /etc/group
+ if [ ! -e "${myhome}/etc/group" ]; then
+ (
+ echo "root:x:0:"
+ sed -n "s|^\(${myuser}:[^:]*:[^:]*:\).*|\1|p" /etc/group
+ ) > "${myhome}/etc/group"
+ fi
+}