diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-02-29 18:01:47 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-02-29 18:01:47 +0000 |
commit | ceeeb463cc1eef97fd62eaee8bf2196ba04bc384 (patch) | |
tree | 9f47ee47c31a0f13f9496879cd88a1042550aa81 /net-misc/scponly | |
parent | 53cba99042fa967e2a93da9f8db806fe2d035543 (diff) |
gentoo (leap year) resync : 29.02.2020
Diffstat (limited to 'net-misc/scponly')
-rw-r--r-- | net-misc/scponly/Manifest | 4 | ||||
-rw-r--r-- | net-misc/scponly/files/scponly-4.8-sftp-server-path.patch | 42 | ||||
-rw-r--r-- | net-misc/scponly/metadata.xml | 10 | ||||
-rw-r--r-- | net-misc/scponly/scponly-4.8-r7.ebuild | 245 |
4 files changed, 299 insertions, 2 deletions
diff --git a/net-misc/scponly/Manifest b/net-misc/scponly/Manifest index d63ee2342967..10c979f1f867 100644 --- a/net-misc/scponly/Manifest +++ b/net-misc/scponly/Manifest @@ -1,5 +1,7 @@ AUX scponly-4.8-gcc4.4.0.patch 555 BLAKE2B 0eff2d5cd94f60540dd1bbb6b6f9f1486abbb25e4a32d6eab5c94e55a3d14b77e4724b7c1e70f8a39369becc554d20953bc9f43d44923582f41ed02adc37f665 SHA512 fd9727364591d528e17845eb3e103728382fa7b476b9c0331f16f3e09dc469df7068412047a30b554578887e7897e80574ac820314ec0dae5d58909e3bb5f7de AUX scponly-4.8-rsync.patch 7838 BLAKE2B 1d6191aee86b0e3e75e527dbb1f8dbf631940a34da3f29f36b0e55577555dc9ad02e2e787a8cd53aeab5a28d93da7dd528a486f1133fd7a04b91971774b4b2a1 SHA512 37885c9b46422ac034182f9c9f230b4e806ce8c894ebb6c621f0e2b3d5f46c91db902c2dae6aefe5471907025d400320e4eff37cc7c5cc4c6f7d8c88a38e53f8 +AUX scponly-4.8-sftp-server-path.patch 2692 BLAKE2B ead282d46cb25a6d8606fa65e538142c15dd0be82956c2c8a48c7d46cc9ec59605a4f1c10fc5235acb584945b00ee4c187391d198571d841b45225c328765b49 SHA512 86171549d894426d12eb2f8d65959d1be2e137327c135be31c762820a55256f5c4ac90a01f989c8bffd2b46b275de408912306209b5aba9a94b81dbc06ff5a24 DIST scponly-4.8.tgz 101687 BLAKE2B aa7250464fa3b51a439d35418c64d49f8595eaac6ffe710137c7c53b96bcf66a5ead38e9520b2cead7a829b57520f988f873eb713d5f52045cba4ef02c8e9b61 SHA512 134c008a7377cef7b8e0be483df8413e162a515967147f561d23b72bdef3dfbe70a8313811dfff6372b88f15c1ac8a4385831fcf329261276993c64d5040f29b EBUILD scponly-4.8-r6.ebuild 6872 BLAKE2B 157742b3ba96711c41389bf038c112438de483145cfc30357499b3e2ddfb3cd9a1d7e5cdfa1c839cd7faaf9a0f82f938adb8f2f135ef7a6ca7ea1ba70728adb3 SHA512 a51fe4efa6d1aaf45aea4ad8c221e02f07533d5dbfff50b0bf34da73252ef5f6be80def1236611375bdbe18862dc60e5dbde24b7af3d56e664981247d34b2aa1 -MISC metadata.xml 1443 BLAKE2B 2a5a24d22c30cfafe590841b6d6e4eb73d9c42dddc469e617c79585eaa05a3a7b1bf31b6cc6fc0f7b1c521610d969e6c40d197af08e3dcce37b7ce65f67d259b SHA512 b44a26ac0944e8b0b99bfd62a21684b9846a52e416a2874a1af9bbcdf270ff337dd26a55a24c6b4dd131ba51ef3b7b40e1375478a14049392782a5adbb1fed07 +EBUILD scponly-4.8-r7.ebuild 6942 BLAKE2B 0a34a9674018a0ed6c4bc023fc2024c7cecc76dc9021a4512f30830ff13a9862db7d79eb38dc6e2042e8d462f4dfcc0f4e2303ce00cd15bfda953621e4bc986d SHA512 8f7564031f1f45c19aba9359225a6203d79f3a22a59c0cd7c5bbc547aa880447e9f1d18638cc73e8d3167751224b016e8370b7bbd5adbeefe5cd80d881801411 +MISC metadata.xml 1730 BLAKE2B b6663a37fe260a5e1552d5bf173d96021cf5588a917a54e3e892eddf7be9618e8b2244328ca6bf87fe8dda4777349fb703f09075975b754026403742a590238a SHA512 86aedd96e8b14fa8b86a2f69a253191777e9292e4547dd8e4e07e11b22068bf1a7b6404a7a0ee4108b7ecc4d99a952c81999482aa9488d45b92ae9c4ba451938 diff --git a/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch new file mode 100644 index 000000000000..c191de877518 --- /dev/null +++ b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch @@ -0,0 +1,42 @@ +diff -urNp scponly-4.8-orig/configure scponly-4.8-dwok/configure +--- scponly-4.8-orig/configure 2019-11-26 16:34:19.028544577 +0100 ++++ scponly-4.8-dwok/configure 2019-11-26 16:33:24.571763528 +0100 +@@ -3244,7 +3244,7 @@ else + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +-as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" | sed -e 's/:/ /'`" ++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" | sed -e 's/:/ /'`" + for as_dir in $as_dummy + do + IFS=$as_save_IFS +@@ -4240,7 +4240,7 @@ else + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +-as_dummy="`echo "$PATH:/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" | sed -e 's/:/ /'`" ++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" | sed -e 's/:/ /'`" + for as_dir in $as_dummy + do + IFS=$as_save_IFS +diff -urNp scponly-4.8-orig/configure.in scponly-4.8-dwok/configure.in +--- scponly-4.8-orig/configure.in 2019-11-26 16:34:19.028544577 +0100 ++++ scponly-4.8-dwok/configure.in 2019-11-26 16:33:28.491819749 +0100 +@@ -231,7 +231,7 @@ AC_ARG_ENABLE([quota-compat], + + if test "x$scponly_scp_compat" != "x"; then + AC_MSG_NOTICE([enabling core WinSCP and Vanilla SCP binaries...]) +- SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh]) ++ SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh]) + SCPONLY_PATH_PROG_DEFINE([PROG_LS], [ls], [/bin:/usr/bin:/sbin:/usr/sbin]) + SCPONLY_PATH_PROG_DEFINE([PROG_SCP], [scp], [/bin:/usr/bin:/sbin:/usr/sbin]) + SCPONLY_PATH_PROG_DEFINE([PROG_RM], [rm], [/bin:/usr/bin:/sbin:/usr/sbin]) +@@ -297,7 +297,7 @@ if test "x$scponly_sftp_compat" != "x"; + if test "x$scponly_explicit_sftpserver_path" = "x"; then + dnl Informed guess: + SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server], +- [/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec]) ++ [/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec]) + dnl Debian uses /usr/lib + dnl Red Hat uses /usr/libexec/openssh + dnl Many a *BSD uses $PATH itself (which is implicit + checked 1st) diff --git a/net-misc/scponly/metadata.xml b/net-misc/scponly/metadata.xml index cc5fae365f3a..38864027ac19 100644 --- a/net-misc/scponly/metadata.xml +++ b/net-misc/scponly/metadata.xml @@ -1,7 +1,14 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <!-- maintainer-needed --> + <maintainer type="person"> + <email>hlein@korelogic.com</email> + <name>Hank Leininger</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> <longdescription lang="en"> scponly is an alternative 'shell' (of sorts) for system administrators who would like to provide access to remote users to both read and write @@ -10,6 +17,7 @@ ssh suite of applications. </longdescription> <use> + <flag name="chroot">Enables adding and configuring an 'scponlyc' chrooted user</flag> <flag name="rsync">Enables rsync compatibility with potential security risks</flag> <flag name="unison">Enables Unison compatibility with potential security risks</flag> <flag name="subversion">Enables Subversion compatibility with potential security risks</flag> diff --git a/net-misc/scponly/scponly-4.8-r7.ebuild b/net-misc/scponly/scponly-4.8-r7.ebuild new file mode 100644 index 000000000000..8128ad5d15a5 --- /dev/null +++ b/net-misc/scponly/scponly-4.8-r7.ebuild @@ -0,0 +1,245 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit multilib readme.gentoo-r1 toolchain-funcs + +DESCRIPTION="A tiny pseudoshell which only permits scp and sftp" +HOMEPAGE="https://github.com/scponly/scponly" +SRC_URI="mirror://sourceforge/scponly/${P}.tgz" + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="chroot +sftp scp winscp gftp rsync unison subversion wildcards quota passwd logging" +REQUIRED_USE=" + || ( sftp scp winscp rsync unison subversion ) +" + +RDEPEND=" + sys-apps/sed + net-misc/openssh + chroot? ( acct-user/scponly acct-group/scponly ) + quota? ( sys-fs/quota ) + rsync? ( net-misc/rsync ) + subversion? ( dev-vcs/subversion ) + unison? ( net-misc/unison:= ) +" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}/${P}-rsync.patch" + "${FILESDIR}/${P}-gcc4.4.0.patch" + "${FILESDIR}/${P}-sftp-server-path.patch" +) + +src_configure() { + CFLAGS="${CFLAGS} ${LDFLAGS}" econf \ + --with-sftp-server="/usr/$(get_libdir)/misc/sftp-server" \ + --disable-restrictive-names \ + $(use_enable chroot chrooted-binary) \ + $(use_enable chroot chrooted-checkdir) \ + $(use_enable winscp winscp-compat) \ + $(use_enable gftp gftp-compat) \ + $(use_enable scp scp-compat) \ + $(use_enable sftp sftp) \ + $(use_enable quota quota-compat) \ + $(use_enable passwd passwd-compat) \ + $(use_enable rsync rsync-compat) \ + $(use_enable unison unison-compat) \ + $(use_enable subversion svn-compat) \ + $(use_enable subversion svnserv-compat) \ + $(use_enable logging sftp-logging-compat) \ + $(use_enable wildcards wildcards) +} + +src_compile() { + emake CC=$(tc-getCC) +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README SECURITY TODO + + if use chroot ; then + local DOC_CONTENTS="You might want to run\n + emerge --config =${CATEGORY}/${PF}\n + \nto setup the chroot. Otherwise you will have to setup chroot + manually. Please read the docs in /usr/share/doc/${PF} for more + informations, also the SECURITY file." + ( docinto chroot; dodoc setup_chroot.sh config.h ) + # don't compress setup-script, so it is usable if necessary + docompress -x /usr/share/doc/${PF}/chroot + readme.gentoo_create_doc + fi +} + +pkg_config() { + if ! use chroot ; then + einfo "USE=chroot not enabled, nothing to configure." + return + fi + + myuser="scponly" + myhome="/var/chroot/${myuser}" + mysubdir="/pub" + + # pkg_postinst is based on ${S}/setup_chroot.sh. + + einfo "Collecting binaries and libraries..." + + # Binaries launched in sftp compat mode + if has_version "=${CATEGORY}/${PF}[sftp]" ; then + BINARIES="/usr/$(get_libdir)/misc/sftp-server" + fi + + # Binaries launched by vanilla- and WinSCP modes + if has_version "=${CATEGORY}/${PF}[scp]" || \ + has_version "=${CATEGORY}/${PF}[winscp]" ; then + BINARIES="${BINARIES} /usr/bin/scp /bin/ls /bin/rm /bin/ln /bin/mv" + BINARIES="${BINARIES} /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir" + fi + + # Binaries launched in WinSCP compatibility mode + if has_version "=${CATEGORY}/${PF}[winscp]" ; then + BINARIES="${BINARIES} /bin/pwd /bin/groups /usr/bin/id /bin/echo" + fi + + # Rsync compatability mode + if has_version "=${CATEGORY}/${PF}[rsync]" ; then + BINARIES="${BINARIES} /usr/bin/rsync" + fi + + # Unison compatability mode + if has_version "=${CATEGORY}/${PF}[unison]" ; then + BINARIES="${BINARIES} /usr/bin/unison" + fi + + # subversion cli/svnserv compatibility + if has_version "=${CATEGORY}/${PF}[subversion]" ; then + BINARIES="${BINARIES} /usr/bin/svn /usr/bin/svnserve" + fi + + # passwd compatibility + if has_version "=${CATEGORY}/${PF}[passwd]" ; then + BINARIES="${BINARIES} /usr/bin/passwd" + fi + + # quota compatibility + if has_version "=${CATEGORY}/${PF}[quota]" ; then + BINARIES="${BINARIES} /usr/bin/quota" + fi + + # build lib dependencies + LIB_LIST=$(ldd ${BINARIES} | sed -n 's:.* => \(/[^ ]\+\).*:\1:p' | sort -u) + + # search and add ld*.so + for LIB in /$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 \ + /usr/libexec/ld.so /$(get_libdir)/ld-linux*.so.2 /usr/libexec/ld-elf.so.1; do + [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}" + done + + # search and add libnss_*.so + for LIB in /$(get_libdir)/libnss_{compat,files}*.so.*; do + [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}" + done + + # create base dirs + if [ ! -d "${myhome}" ]; then + die "Home '${myhome}' should have been created by acct-user but does not exist." + else + einfo "Setting owner for ${myhome}" + chown 0:0 "${myhome}" + fi + + if [ ! -d "${myhome}/etc" ]; then + einfo "Creating ${myhome}/etc" + install -o0 -g0 -m0755 -d "${myhome}/etc" + fi + + if [ ! -d "${myhome}/$(get_libdir)" ]; then + einfo "Creating ${myhome}/$(get_libdir)" + install -o0 -g0 -m0755 -d "${myhome}/$(get_libdir)" + fi + + if [ ! -e "${myhome}/lib" ]; then + einfo "Creating ${myhome}/lib" + ln -snf $(get_libdir) "${myhome}/lib" + fi + + if [ ! -d "${myhome}/usr/$(get_libdir)" ]; then + einfo "Creating ${myhome}/usr/$(get_libdir)" + install -o0 -g0 -m0755 -d "${myhome}/usr/$(get_libdir)" + fi + + if [ ! -e "${myhome}/usr/lib" ]; then + einfo "Creating ${myhome}/usr/lib" + ln -snf $(get_libdir) "${myhome}/usr/lib" + fi + + if [ ! -d "${myhome}${mysubdir}" ]; then + einfo "Creating ${myhome}${mysubdir} directory for uploading files" + install -o${myuser} -g${myuser} -m0755 -d "${myhome}${mysubdir}" + fi + + # create /dev/null (Bug 135505) + if [ ! -e "${myhome}/dev/null" ]; then + install -o0 -g0 -m0755 -d "${myhome}/dev" + mknod -m0777 "${myhome}/dev/null" c 1 3 + fi + + # install binaries + for BIN in ${BINARIES}; do + einfo "Install ${BIN}" + install -o0 -g0 -m0755 -d "${myhome}$(dirname ${BIN})" + if [ "${BIN}" = "/usr/bin/passwd" ]; then # needs suid + install -p -o0 -g0 -m04711 "${BIN}" "${myhome}/${BIN}" + else + install -p -o0 -g0 -m0755 "${BIN}" "${myhome}/${BIN}" + fi + done + + # install libs + for LIB in ${LIB_LIST}; do + einfo "Install ${LIB}" + install -o0 -g0 -m0755 -d "${myhome}$(dirname ${LIB})" + install -p -o0 -g0 -m0755 "${LIB}" "${myhome}/${LIB}" + done + + # create ld.so.conf + einfo "Creating /etc/ld.so.conf" + for LIB in ${LIB_LIST}; do + dirname ${LIB} + done | sort -u | while read DIR; do + if ! grep 2>/dev/null -q "^${DIR}$" "${myhome}/etc/ld.so.conf"; then + echo "${DIR}" >> "${myhome}/etc/ld.so.conf" + fi + done + ldconfig -r "${myhome}" + + # update shells + einfo "Updating /etc/shells" + grep 2>/dev/null -q "^/usr/bin/scponly$" /etc/shells \ + || echo "/usr/bin/scponly" >> /etc/shells + + grep 2>/dev/null -q "^/usr/sbin/scponlyc$" /etc/shells \ + || echo "/usr/sbin/scponlyc" >> /etc/shells + + # create /etc/passwd + if [ ! -e "${myhome}/etc/passwd" ]; then + ( + echo "root:x:0:0:root:/:/bin/sh" + sed -n "s|^\(${myuser}:[^:]*:[^:]*:[^:]*:[^:]*:\).*|\1${mysubdir}:/bin/sh|p" /etc/passwd + ) > "${myhome}/etc/passwd" + fi + + # create /etc/group + if [ ! -e "${myhome}/etc/group" ]; then + ( + echo "root:x:0:" + sed -n "s|^\(${myuser}:[^:]*:[^:]*:\).*|\1|p" /etc/group + ) > "${myhome}/etc/group" + fi +} |