diff options
author | bms <bms@FreeBSD.org> | 2010-02-08 04:34:20 +0800 |
---|---|---|
committer | bms <bms@FreeBSD.org> | 2010-02-08 04:34:20 +0800 |
commit | 99e90722844a4fb7d9df56a0e587b7c526601f51 (patch) | |
tree | bdfeac35dc27badcf256dd0cfb491bf41a5f0dc3 | |
parent | 4f4429a35ae5b739797a59810993656c266c6778 (diff) | |
download | freebsd-ports-gnome-99e90722844a4fb7d9df56a0e587b7c526601f51.tar.gz freebsd-ports-gnome-99e90722844a4fb7d9df56a0e587b7c526601f51.tar.zst freebsd-ports-gnome-99e90722844a4fb7d9df56a0e587b7c526601f51.zip |
Add an RC script for saned, and borrow machinery for creating
a dedicated sandbox user account from the nullmailer port.
Also add a pkg-message which describes how to tie down a USB
scanner to this sandbox using devd(8) in FreeBSD 8, as well as
describing what config files likely need editing.
Note: This text probably belongs in the FreeBSD Handbook.
Bump PORTREVISION.
Reviewed by: dougb (with edits to saned.in)
-rw-r--r-- | graphics/sane-backends/Makefile | 12 | ||||
-rw-r--r-- | graphics/sane-backends/files/pkg-install.in | 65 | ||||
-rw-r--r-- | graphics/sane-backends/files/pkg-message.in | 46 | ||||
-rw-r--r-- | graphics/sane-backends/files/saned.in | 37 | ||||
-rw-r--r-- | graphics/sane-backends/pkg-deinstall | 63 |
5 files changed, 222 insertions, 1 deletions
diff --git a/graphics/sane-backends/Makefile b/graphics/sane-backends/Makefile index eec1c3ff5435..3dc93def7684 100644 --- a/graphics/sane-backends/Makefile +++ b/graphics/sane-backends/Makefile @@ -7,7 +7,7 @@ PORTNAME= sane-backends PORTVERSION= 1.0.20 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= graphics MASTER_SITES= http://alioth.debian.org/frs/download.php/3026/ \ ftp://ftp.sane-project.org/pub/sane/%SUBDIR%/ \ @@ -43,6 +43,9 @@ CONFIGURE_ARGS= --with-docdir=${DOCSDIR} \ MAKE_ENV= NOPORTDOCS=${NOPORTDOCS} USE_LDCONFIG= yes +USE_RC_SUBR= saned +SUB_FILES+= pkg-install pkg-message + .include "Makefile.man" .include <bsd.port.pre.mk> @@ -93,4 +96,11 @@ post-patch: s|} -D_REENT|} ${PTHREAD_CFLAGS} -D_REENT|g ; \ s|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure +# Pass BATCH to pkg-install for Evil Things(tm) +pre-install: + @BATCH="${BATCH}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + +post-install: + @${CAT} ${PKGMESSAGE} + .include <bsd.port.post.mk> diff --git a/graphics/sane-backends/files/pkg-install.in b/graphics/sane-backends/files/pkg-install.in new file mode 100644 index 000000000000..4ff38c47598f --- /dev/null +++ b/graphics/sane-backends/files/pkg-install.in @@ -0,0 +1,65 @@ +#!/bin/sh + +user=saned +group=saned + +ask() { + local question default answer + + question=$1 + default=$2 + if [ -z "${PACKAGE_BUILDING}" ]; then + read -p "${question} [${default}]? " answer + fi + if [ x${answer} = x ]; then + answer=${default} + fi + echo ${answer} +} + +yesno() { + local dflt question answer + + question=$1 + dflt=$2 + while :; do + answer=$(ask "${question}" "${dflt}") + case "${answer}" in + [Yy]*) return 0;; + [Nn]*) return 1;; + esac + echo "Please answer yes or no." + done +} + +if [ x"$2" = xPRE-INSTALL ]; then + if /usr/sbin/pw groupshow "${group}" 2>/dev/null; then + echo "You already have a group \"${group}\", so I will use it." + else + echo "You need a group \"${group}\"." + if ([ -n "$BATCH" ] || yesno "Would you like me to create it" y); then + /usr/sbin/pw groupadd ${group} -g 194 -h - || exit + echo "Done." + else + echo "Please create it, and try again." + exit 1 + fi + fi + + if /usr/sbin/pw user show "${user}" 2>/dev/null; then + echo "You already have a user \"${user}\", so I will use it." + pw usermod "${user}" -d /nonexistent + else + echo "You need a user \"${user}\"." + if ([ -n "$BATCH" ] || yesno "Would you like me to create it" y); then + /usr/sbin/pw useradd ${user} -u 194 -g ${group} -h - \ + -d /nonexistent -s /bin/sh -c "SANE Scanner Daemon" || exit + echo "Done." + else + echo "Please create it, and try again." + exit 1 + fi + fi + + # TODO: Fix logging. +fi diff --git a/graphics/sane-backends/files/pkg-message.in b/graphics/sane-backends/files/pkg-message.in new file mode 100644 index 000000000000..0716d8dd79c6 --- /dev/null +++ b/graphics/sane-backends/files/pkg-message.in @@ -0,0 +1,46 @@ +================================================================== + +saned will log to the 'daemon' facility; this is a hard-coded +default. Also, saned has no support for SSL/TLS or cryptographic +authentication; you may wish to deploy security/stunnel to wrap +it if you have concerns about security. + +If you are using a USB scanner, you should edit /etc/devd.conf to +allow saned access permissions. Currently, devfs.rules(5) has no +support for USB specific filters such as vendor, product and +serial number. + +Here is an example devd.conf(5) entry for an Epson CX3650 +multi-function scanner/printer device (assuming you are sharing +the printer function with cups): + +attach 100 { + device-name "ugen[0-9].[0-9]"; + match "vendor" "0x04b8"; + match "product" "0x080e"; + action "usb_devaddr=`echo $device-name | sed 's#^ugen##'` && \ + chown cups:saned /dev/usb/${usb_devaddr}.* && \ + chmod 660 /dev/usb/${usb_devaddr}.*"; +}; + +Note: A backtick must be used above, due to how devd(8) performs +variable substitutions. + +To determine which port your scanner is connected to, inspect the +output of 'usbconfig list' before and after connecting your scanner, +and note the numbers which appear after 'ugen' in the first column. +Then, use 'usbconfig -d X.Y dump_device_desc' to learn the idVendor +and idProduct fields, and plug them into the above example entry. + +Finally, restart devd with the command: + # /etc/rc.d/devd restart + +Please take %%PREFIX%%/etc/sane.d/dll.conf +as an example only; you may wish to enable only the 'net' backend +on client machines; be sure to point it at your scan server. + +If you are setting up a scan server, you may also wish to edit +%%PREFIX%%/etc/sane.d/saned.conf +to only permit specific machines. + +================================================================== diff --git a/graphics/sane-backends/files/saned.in b/graphics/sane-backends/files/saned.in new file mode 100644 index 000000000000..ae4345a58a05 --- /dev/null +++ b/graphics/sane-backends/files/saned.in @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: saned +# REQUIRE: netif routing mountcritlocal +# BEFORE: NETWORKING +# +# A sample saned startup script. +# +# Add the following line to /etc/rc.conf to enable saned: +# saned_enable="YES" +# + +. /etc/rc.subr + +name="saned" +rcvar=`set_rcvar` +command="%%PREFIX%%/sbin/${name}" + +start_precmd=${name}_prestart + +saned_prestart() +{ + case "${saned_flags}" in + *-a\ *) err "saned_flags includes the -a option. Please use saned_uid instead." ;; + esac +} + +load_rc_config $name + +: ${saned_enable="NO"} +: ${saned_uid="saned"} + +command_args="-a $saned_uid" + +run_rc_command "$1" diff --git a/graphics/sane-backends/pkg-deinstall b/graphics/sane-backends/pkg-deinstall new file mode 100644 index 000000000000..1f1f4ecc8ef1 --- /dev/null +++ b/graphics/sane-backends/pkg-deinstall @@ -0,0 +1,63 @@ +#!/bin/sh + +user=saned +group=saned + +ask() { + local question default answer + + question=$1 + default=$2 + if [ -z "${PACKAGE_BUILDING}" ]; then + read -p "${question} [${default}]? " answer + fi + if [ x${answer} = x ]; then + answer=${default} + fi + echo ${answer} +} + +yesno() { + local dflt question answer + + question=$1 + dflt=$2 + while :; do + answer=$(ask "${question}" "${dflt}") + case "${answer}" in + [Yy]*) return 0;; + [Nn]*) return 1;; + esac + echo "Please answer yes or no." + done +} + +delete_account() { + local u g home + + u=$1 + g=$2 + if yesno "Do you want me to remove group \"${g}\"" y; then + pw groupdel -n ${g} + echo "Done." + fi + if yesno "Do you want me to remove user \"${u}\"" y; then + eval home=~${u} + pw userdel -n ${u} + echo "Done." + fi +} + +if [ x"$2" = xDEINSTALL ]; then + if [ ! -n "$BATCH" ]; then + if /bin/ps -axc | /usr/bin/grep -q saned; then + if yesno "There are some SANE processes running. Shall I kill them" y; then + ${PKG_PREFIX}/etc/rc.d/saned stop + sleep 2 + else + echo "OK ... I hope you know what you are doing." + fi + fi + + fi +fi |