- Rename knonbs for more POLA compliant.

- Utilize PORTDOCS macro.
- Fix pkg-message for the package.
- Minor formating and typographic changes.

PR:		ports/71188
Submitted by:	maintainer

4 files changed, 89 insertions, 86 deletions

diff --git a/www/cgiwrap/Makefile b/www/cgiwrap/Makefile
index 0e89401eb7ab..2d6d8af6b190 100644
--- a/www/cgiwrap/Makefile
+++ b/www/cgiwrap/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	cgiwrap
 PORTVERSION=	3.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -18,99 +18,118 @@ COMMENT=	Securely execute ~user CGI scripts
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--with-httpd-user=${WWWOWN} \
 		--with-install-group=${WWWGRP} \
-		--with-install-dir=${MAINCGIDIR} \
-		--with-cgi-dir=${CGIWRAP_CGIDIR} \
-		--with-local-contact=${CGIWRAP_CONTACT} \
-		--with-allow-file=${CGIWRAP_ALLOWFILE} \
-		--with-deny-file=${CGIWRAP_DENYFILE}
+		--with-install-dir=${WITH_MAIN_CGIDIR} \
+		--with-cgi-dir=${WITH_USER_CGIDIR} \
+		--with-local-contact=${WITH_EMAIL} \
+		--with-allow-file=${WITH_ALLOWFILE} \
+		--with-deny-file=${WITH_DENYFILE}
 
-#
-# Set this to the directory (relative to each user's home) where CGI
-# scripts will be found.  Common alternate values are "www/cgi-bin"
-# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
-#
-CGIWRAP_CGIDIR?=	public_html/cgi-bin
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+PKGMESSAGE=	${WRKDIR}/pkg-message
 
+## Available knobs:
+##
+##   WITH_MAIN_CGIDIR:     location of the cgiwrap binaries
 #
-# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
+# This is the directory where the cgiwrap binaries (i.e. the setuid
+# root binaries) get installed to.
 #
-MAINCGIDIR?=	${PREFIX}/www/cgi-bin
+WITH_MAIN_CGIDIR?=	${PREFIX}/www/cgi-bin
 
+##   WITH_USER_CGIDIR:     location of the CGI directory per user
+##                         account (i.e. public_html/cgi-bin)
 #
-# The allow and deny files control access to cgiwrap.
+# Set this to the directory (relative to each user's home) where CGI
+# scripts will be found.  Common alternate values are "www/cgi-bin"
+# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
 #
-CGIWRAP_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
-CGIWRAP_DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny
+WITH_USER_CGIDIR?=	public_html/cgi-bin
 
+##   WITH_ALLOWFILE:       location/name of the cgiwrap.allow ACL file
+##   WITH_DENYFILE:        location/name of the cgiwrap.deny ACL file
 #
-# Set the contact Email address.
-#
-CGIWRAP_CONTACT?=	webmaster@dummy-host.example.com
+WITH_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
+WITH_DENYFILE?=		${PREFIX}/etc/${PORTNAME}.deny
 
+##   WITH_EMAIL:           cgiwrap administrator's Email address
 #
-# Define CGIWRAP_LOGGING and specify where you want the logfile.
+WITH_EMAIL?=		webmaster@dummy-host.example.com
+
+##   WITH_LOGGING:         enables cgiwrap logging; specifies the
+##                         path and filename of the logfile
 #
-.if defined(CGIWRAP_LOGGING)
-CONFIGURE_ARGS+=	--with-logging-file=${CGIWRAP_LOGGING}
+.if defined(WITH_LOGGING)
+CONFIGURE_ARGS+=	--with-logging-file=${WITH_LOGGING}
 .endif
 
+##   WITH_DEBUG:           enables cgiwrap debugging support, via
+##                         the 'cgiwrapd' binary
 #
-# Some users enjoy being able to debug their own CGI scripts, since
-# the standard "Internal server error" response doesn't help much.
-# Administrators may find this useful as well.  See the cgiwrap
-# documentation for details on how to use this.
-#
-.if defined(CGIWRAP_DEBUG)
+.if defined(WITH_DEBUG)
 PLIST_SUB+=	CGIWRAPDFLAG=
 .else
 PLIST_SUB+=	CGIWRAPDFLAG="@comment "
 .endif
 
-#
-# A slew of --without-* configure flags exist for cgiwrap.  You
-# should refer to the cgiwrap documentation for details regarding
-# what these do, and when (if) they're necessary.
-#
-###
-.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
+##   WITHOUT_CHECK_OWNER:  disable CGI file ownership checks
+##   WITHOUT_CHECK_GROUP:  disable CGI file group checks
+##   WITHOUT_CHECK_SETUID: disable CGI file setuid permissions check
+##   WITHOUT_CHECK_SETGID: disable CGI file setgid permissions check
+##   WITHOUT_CHECK_GROUP_WRITABLE:
+##          disable CGI file group-writable permissions check
+##   WITHOUT_CHECK_WORLD_WRITABLE:
+##          disable CGI file world-writable permissions check
+#
+.if defined(WITHOUT_CHECK_OWNER)
 CONFIGURE_ARGS+=	--without-check-owner
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
+.if defined(WITHOUT_CHECK_GROUP)
 CONFIGURE_ARGS+=	--without-check-group
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
+.if defined(WITHOUT_CHECK_SETUID)
 CONFIGURE_ARGS+=	--without-check-setuid
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
+.if defined(WITHOUT_CHECK_SETGID)
 CONFIGURE_ARGS+=	--without-check-setgid
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
+.if defined(WITHOUT_CHECK_GROUP_WRITABLE)
 CONFIGURE_ARGS+=	--without-check-group-writable
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
+.if defined(WITHOUT_CHECK_WORLD_WRITABLE)
 CONFIGURE_ARGS+=	--without-check-world-writable
 .endif
 
+.if !defined(NOPORTDOCS)
+PORTDOCS=	accesscontrol.html afs.html changes.html \
+		chroot.html comments.html download.html faq.html \
+		index.html install.html intro.html maillist.html \
+		notes.html pubs.html quickref.html setup.html \
+		thanks.html todo.html tricks.html y2k.html
+.endif
+
+show-options:
+	@${SED} -ne 's/^##//p' ${.CURDIR}/Makefile
+
 pre-install:
-	@${MKDIR} ${MAINCGIDIR}
+	@${MKDIR} ${WITH_MAIN_CGIDIR}
 
 post-install:
-	@${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
-	@${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
-.if !defined(CGIWRAP_WITH_DEBUG)
-	@${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	@${STRIP_CMD} ${WITH_MAIN_CGIDIR}/cgiwrap
+	@${CHMOD} 4550 ${WITH_MAIN_CGIDIR}/cgiwrap
+.if !defined(WITH_DEBUG)
+	@${RM} ${WITH_MAIN_CGIDIR}/cgiwrapd
+	@${RM} ${WITH_MAIN_CGIDIR}/nph-cgiwrapd
 .endif
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
-.for file in accesscontrol.html afs.html changes.html chroot.html	\
-		comments.html download.html faq.html index.html		\
-		install.html intro.html maillist.html notes.html	\
-		pubs.html quickref.html setup.html thanks.html		\
-		todo.html tricks.html y2k.html
-	@${INSTALL_DATA} ${WRKSRC}/htdocs/${file} ${DOCSDIR}
+.for f in ${PORTDOCS}
+	@${INSTALL_DATA} ${WRKSRC}/htdocs/${f} ${DOCSDIR}
 .endfor
-	@${ECHO} "Documentation installed in ${DOCSDIR}"
 .endif
-	@${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g'
+	@${SED}	-e's,%%MAIN_CGIDIR%%,${WITH_MAIN_CGIDIR},g' \
+		-e's,%%ALLOWFILE%%,${WITH_ALLOWFILE},g' \
+		-e's,%%DENYFILE%%,${WITH_DENYFILE},g' \
+		${MASTERDIR}/pkg-message > ${PKGMESSAGE}
+	@${CAT} ${PKGMESSAGE}
 
 .include <bsd.port.mk>
diff --git a/www/cgiwrap/pkg-descr b/www/cgiwrap/pkg-descr
index 239b326a78c8..74cc3438a710 100644
--- a/www/cgiwrap/pkg-descr
+++ b/www/cgiwrap/pkg-descr
@@ -1,11 +1,11 @@
 This is CGIWrap - a gateway that allows more secure user access to
-CGI programs on an HTTPd server than is provided by the http server
+CGI programs on an HTTPd server than is provided by the Web server
 itself. The primary function of CGIWrap is to make certain that
 any CGI script runs with the permissions of the user who installed
-it, and not those of the server.
+it, and not those of the Web server.
 
 CGIWrap works with NCSA httpd, Apache, CERN httpd, NetSite Commerce
-and Communications servers, and probably any other Unix based web
+and Communications servers, and probably any other Unix-based Web
 server software that supports CGI.
 
 WWW: http://cgiwrap.sourceforge.net/
diff --git a/www/cgiwrap/pkg-message b/www/cgiwrap/pkg-message
index b1d9d6e0c10c..b35046420fd2 100644
--- a/www/cgiwrap/pkg-message
+++ b/www/cgiwrap/pkg-message
@@ -1,15 +1,19 @@
 -----------------------------------------------------------------
 You have installed cgiwrap, a wrapper to securely execute user
-CGI programs.  cgiwrap is reported to work with most web servers
+CGI programs.  cgiwrap is reported to work with most Web servers
 that support CGI, so no one specific server has been included as
-a depend.  If you are unsure of which webserver to use, it is
-recommended to try the Apache web server package.
+a dependancy.  If you are unsure of which Web server to use, it
+is recommended that you try the Apache HTTP server.
 
-The cgiwrap scripts have been installed in:
-    %%PREFIX%%/www/cgi-bin
-...the default location for Apache's cgi-bin directory.
+The cgiwrap binaries have been installed in the following
+directory:
 
-If cgiwrap's allow/deny control is enabled, you must create either
-%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
-before cgiwrap will function.
+  %%MAIN_CGIDIR%%
+
+You should create/manage the following two files, otherwise
+cgiwrap will not function as expected.  These ACL files define
+which users can and cannot run CGI binaries via cgiwrap:
+
+  %%ALLOWFILE%%
+  %%DENYFILE%%
 -----------------------------------------------------------------
diff --git a/www/cgiwrap/pkg-plist b/www/cgiwrap/pkg-plist
index 5ceb10ea2903..53791763fdfb 100644
--- a/www/cgiwrap/pkg-plist
+++ b/www/cgiwrap/pkg-plist
@@ -1,25 +1,5 @@
-%%PORTDOCS%%%%DOCSDIR%%/accesscontrol.html
-%%PORTDOCS%%%%DOCSDIR%%/afs.html
-%%PORTDOCS%%%%DOCSDIR%%/changes.html
-%%PORTDOCS%%%%DOCSDIR%%/chroot.html
-%%PORTDOCS%%%%DOCSDIR%%/comments.html
-%%PORTDOCS%%%%DOCSDIR%%/download.html
-%%PORTDOCS%%%%DOCSDIR%%/faq.html
-%%PORTDOCS%%%%DOCSDIR%%/index.html
-%%PORTDOCS%%%%DOCSDIR%%/install.html
-%%PORTDOCS%%%%DOCSDIR%%/intro.html
-%%PORTDOCS%%%%DOCSDIR%%/maillist.html
-%%PORTDOCS%%%%DOCSDIR%%/notes.html
-%%PORTDOCS%%%%DOCSDIR%%/pubs.html
-%%PORTDOCS%%%%DOCSDIR%%/quickref.html
-%%PORTDOCS%%%%DOCSDIR%%/setup.html
-%%PORTDOCS%%%%DOCSDIR%%/thanks.html
-%%PORTDOCS%%%%DOCSDIR%%/todo.html
-%%PORTDOCS%%%%DOCSDIR%%/tricks.html
-%%PORTDOCS%%%%DOCSDIR%%/y2k.html
 www/cgi-bin/cgiwrap
 %%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
 www/cgi-bin/nph-cgiwrap
 %%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
 @unexec rmdir %D/www/cgi-bin 2>/dev/null || true
-%%PORTDOCS%%@dirrm %%DOCSDIR%%