aboutsummaryrefslogtreecommitdiffstats
path: root/www
diff options
context:
space:
mode:
authorsem <sem@FreeBSD.org>2004-08-17 13:29:01 +0800
committersem <sem@FreeBSD.org>2004-08-17 13:29:01 +0800
commit84727c8ce6730da386931be58a593a44721790c4 (patch)
treef1d46ec2d01a24a9115cd3480eb76f522004b73c /www
parent9bef5896cf6285abc1fd84f0ab218473b8c31456 (diff)
downloadfreebsd-ports-gnome-84727c8ce6730da386931be58a593a44721790c4.tar.gz
freebsd-ports-gnome-84727c8ce6730da386931be58a593a44721790c4.tar.zst
freebsd-ports-gnome-84727c8ce6730da386931be58a593a44721790c4.zip
* Uses WWWOWN and WWWGRP.
* Changes tweaks to CGIWRAP_ALLOWFILE and CGIWRAP_DENYFILE. * Add optional ability to build without some features. * Adds CGIWRAP_DEBUG, which adds support for the cgiwrapd/nph-cgiwrapd binaries. * Proper/secure permissions on the binaries. * Another cosmetic changes. * Pass maintainership to submitter. PR: ports/70106 Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
Diffstat (limited to 'www')
-rw-r--r--www/cgiwrap/Makefile109
-rw-r--r--www/cgiwrap/pkg-descr3
-rw-r--r--www/cgiwrap/pkg-message12
-rw-r--r--www/cgiwrap/pkg-plist4
4 files changed, 82 insertions, 46 deletions
diff --git a/www/cgiwrap/Makefile b/www/cgiwrap/Makefile
index 4c3444ec7f7c..0e89401eb7ab 100644
--- a/www/cgiwrap/Makefile
+++ b/www/cgiwrap/Makefile
@@ -7,56 +7,99 @@
PORTNAME= cgiwrap
PORTVERSION= 3.9
+PORTREVISION= 1
CATEGORIES= www security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
-MAINTAINER= jre@vineyard.net
+MAINTAINER= freebsd@jdc.parodius.com
COMMENT= Securely execute ~user CGI scripts
GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --with-httpd-user=${HTTPDUSER} \
+CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \
+ --with-install-group=${WWWGRP} \
--with-install-dir=${MAINCGIDIR} \
- --with-install-group=${BINGRP} \
- --with-cgi-dir=${CGIDIR} \
- --with-allow-file=${ALLOWFILE} \
- --with-deny-file=${DENYFILE} \
- ${WITHOUTCHECK}
+ --with-cgi-dir=${CGIWRAP_CGIDIR} \
+ --with-local-contact=${CGIWRAP_CONTACT} \
+ --with-allow-file=${CGIWRAP_ALLOWFILE} \
+ --with-deny-file=${CGIWRAP_DENYFILE}
-###
+#
# Set this to the directory (relative to each user's home) where CGI
-# scripts will be found. (Another common value is "www/cgi-bin".)
-###
-CGIDIR?= public_html/cgi-bin
-###
-# The default security settings are very tight; enable one or more
-# of these to loosen them. Run "configure -help" for information on
-# these and other options.
-###
-#WITHOUTCHECK?= --without-check-owner --without-check-setuid \
-# --without-check-group --without-check-setgid \
-# --without-check-group-writable \
-# --without-check-world-writable
-###
-# Use these options for Apache:
-###
+# scripts will be found. Common alternate values are "www/cgi-bin"
+# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
+#
+CGIWRAP_CGIDIR?= public_html/cgi-bin
+
+#
+# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
+#
MAINCGIDIR?= ${PREFIX}/www/cgi-bin
-HTTPDUSER?= www
-###
+
+#
# The allow and deny files control access to cgiwrap.
+#
+CGIWRAP_ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow
+CGIWRAP_DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny
+
+#
+# Set the contact Email address.
+#
+CGIWRAP_CONTACT?= webmaster@dummy-host.example.com
+
+#
+# Define CGIWRAP_LOGGING and specify where you want the logfile.
+#
+.if defined(CGIWRAP_LOGGING)
+CONFIGURE_ARGS+= --with-logging-file=${CGIWRAP_LOGGING}
+.endif
+
+#
+# Some users enjoy being able to debug their own CGI scripts, since
+# the standard "Internal server error" response doesn't help much.
+# Administrators may find this useful as well. See the cgiwrap
+# documentation for details on how to use this.
+#
+.if defined(CGIWRAP_DEBUG)
+PLIST_SUB+= CGIWRAPDFLAG=
+.else
+PLIST_SUB+= CGIWRAPDFLAG="@comment "
+.endif
+
+#
+# A slew of --without-* configure flags exist for cgiwrap. You
+# should refer to the cgiwrap documentation for details regarding
+# what these do, and when (if) they're necessary.
+#
###
-ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow
-DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny
+.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
+CONFIGURE_ARGS+= --without-check-owner
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
+CONFIGURE_ARGS+= --without-check-group
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
+CONFIGURE_ARGS+= --without-check-setuid
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
+CONFIGURE_ARGS+= --without-check-setgid
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
+CONFIGURE_ARGS+= --without-check-group-writable
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
+CONFIGURE_ARGS+= --without-check-world-writable
+.endif
pre-install:
@${MKDIR} ${MAINCGIDIR}
post-install:
- ${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
- ${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
- ${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd
- ${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
- ${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd
+ @${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+ @${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
+.if !defined(CGIWRAP_WITH_DEBUG)
+ @${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+.endif
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
.for file in accesscontrol.html afs.html changes.html chroot.html \
@@ -68,6 +111,6 @@ post-install:
.endfor
@${ECHO} "Documentation installed in ${DOCSDIR}"
.endif
- @${CAT} ${PKGMESSAGE}
+ @${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g'
.include <bsd.port.mk>
diff --git a/www/cgiwrap/pkg-descr b/www/cgiwrap/pkg-descr
index 4d6e2c28101c..239b326a78c8 100644
--- a/www/cgiwrap/pkg-descr
+++ b/www/cgiwrap/pkg-descr
@@ -9,6 +9,3 @@ and Communications servers, and probably any other Unix based web
server software that supports CGI.
WWW: http://cgiwrap.sourceforge.net/
-
-- Pete
-petef@databits.net
diff --git a/www/cgiwrap/pkg-message b/www/cgiwrap/pkg-message
index cc9557fe7320..b1d9d6e0c10c 100644
--- a/www/cgiwrap/pkg-message
+++ b/www/cgiwrap/pkg-message
@@ -6,14 +6,10 @@ a depend. If you are unsure of which webserver to use, it is
recommended to try the Apache web server package.
The cgiwrap scripts have been installed in:
- ${PREFIX}/www/cgi-bin
+ %%PREFIX%%/www/cgi-bin
...the default location for Apache's cgi-bin directory.
-The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they
-may give away sensitive information about the CGI environment. To
-enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd
-
-Access control enabled, you must create either
-${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
-cgiwrap will function.
+If cgiwrap's allow/deny control is enabled, you must create either
+%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
+before cgiwrap will function.
-----------------------------------------------------------------
diff --git a/www/cgiwrap/pkg-plist b/www/cgiwrap/pkg-plist
index 08221bfbc6e2..5ceb10ea2903 100644
--- a/www/cgiwrap/pkg-plist
+++ b/www/cgiwrap/pkg-plist
@@ -18,8 +18,8 @@
%%PORTDOCS%%%%DOCSDIR%%/tricks.html
%%PORTDOCS%%%%DOCSDIR%%/y2k.html
www/cgi-bin/cgiwrap
-www/cgi-bin/cgiwrapd
+%%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
www/cgi-bin/nph-cgiwrap
-www/cgi-bin/nph-cgiwrapd
+%%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
@unexec rmdir %D/www/cgi-bin 2>/dev/null || true
%%PORTDOCS%%@dirrm %%DOCSDIR%%