blob: 9267db3720ecbae394b55729d0a8b0ddef4e3b9f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
# Created by: mcglk@artlogix.com
# $FreeBSD$
PORTNAME= scponly
PORTVERSION= 4.8.20110526
PORTREVISION= 1
CATEGORIES= shells security
MASTER_SITES= SF
MASTER_SITE_SUBDIR= ${PORTNAME}/${PORTNAME}-snapshots
DISTNAME= ${PORTNAME}-20110526
EXTRACT_SUFX= .tgz
MAINTAINER= gjb@FreeBSD.org
COMMENT= A tiny shell that only permits scp and sftp
MAN8= scponly.8
PORTDOCS= BUILDING-JAILS.TXT INSTALL README SECURITY
GNU_CONFIGURE= yes
OPTIONS_DEFINE= WILDCARDS GFTP CHROOT RSYNC SCP SVN SVNSERVE UNISON WINSCP \
DEFAULT_CHDIR DOCS
OPTIONS_DEFAULT= WILDCARDS
DEFAULT_CHDIR_DESC= Chdir(2) by default
WILDCARDS_DESC= Wildcards processing
GFTP_DESC= gftp support
RSYNC_DESC= rsync support
CHROOT_DESC= chroot(8) functionality
SCP_DESC= vanilla scp support
SVNSERVE_DESC= Suversion support for svn+ssh://
UNISON_DESC= Unisson support
WINSCP_DESC= WinSCP support
NO_STAGE= yes
.include <bsd.port.options.mk>
.if(!exists(/usr/bin/sftp))
RUN_DEPENDS+= sftp:${PORTSDIR}/security/openssh-portable
BUILD_DEPENDS+= sftp:${PORTSDIR}/security/openssh-portable
.endif
.if ${PORT_OPTIONS:MDEFAULT_CHDIR}
CONFIGURE_ARGS+=--with-default-chdir=${SCPONLY_DEFAULT_CHDIR}
.endif
.if ${PORT_OPTIONS:MWILDCARDS}
CONFIGURE_ARGS+=--enable-wildcards
.else
CONFIGURE_ARGS+=--disable-wildcards
.endif
.if ${PORT_OPTIONS:MGFTP}
CONFIGURE_ARGS+=--enable-gftp-compat
.else
CONFIGURE_ARGS+=--disable-gftp-compat
.endif
.if ${PORT_OPTIONS:MCHROOT}
PLIST_SUB+= SCPONLY_CHROOT=""
CONFIGURE_ARGS+=--enable-chrooted-binary
USE_RC_SUBR+= scponlyc
.else
PLIST_SUB+= SCPONLY_CHROOT="@comment "
.endif
.if ${PORT_OPTIONS:MRSYNC}
BUILD_DEPENDS+= rsync:${PORTSDIR}/net/rsync
CONFIGURE_ARGS+=--enable-rsync-compat
.else
CONFIGURE_ARGS+=--disable-rsync-compat
.endif
.if ${PORT_OPTIONS:MSCP}
CONFIGURE_ARGS+=--enable-scp-compat
.else
CONFIGURE_ARGS+=--disable-scp-compat
.endif
.if ${PORT_OPTIONS:MSVN}
CONFIGURE_ARGS+=--enable-svn-compat
.else
CONFIGURE_ARGS+=--disable-svn-compat
.endif
.if ${PORT_OPTIONS:MSVNSERVE}
CONFIGURE_ARGS+=--enable-svnserv-compat
.else
CONFIGURE_ARGS+=--disable-svnserv-compat
.endif
.if ${PORT_OPTIONS:MUNISON}
BUILD_DEPENDS+= unison:${PORTSDIR}/net/unison
CONFIGURE_ARGS+=--enable-unison-compat
.else
CONFIGURE_ARGS+=--disable-unison-compat
.endif
.if ${PORT_OPTIONS:MWINSCP}
CONFIGURE_ARGS+=--enable-winscp-compat
.else
CONFIGURE_ARGS+=--disable-winscp-compat
.endif
# svn, svnlook ... are per default in subversion
# only check for one of them!
.if ${PORT_OPTIONS:MSVN} || ${PORT_OPTIONS:MSVNSERVE}
BUILD_DEPENDS+= svn:${PORTSDIR}/devel/subversion
.endif
RUN_DEPENDS:= ${BUILD_DEPENDS}
post-patch:
@${ECHO_MSG} "In addition to knobs available from the OPTIONS dialog,"
@${ECHO_MSG} "you may set SCPONLY_DEFAULT_CHDIR to make users 'cd' to"
@${ECHO_MSG} "this directory after authentication."
post-install:
@${ECHO_MSG} "Updating /etc/shells"
@${CP} /etc/shells /etc/shells.bak
@(${GREP} -v ${PREFIX}/bin/scponly /etc/shells.bak; \
${ECHO_CMD} ${PREFIX}/bin/scponly) > /etc/shells
@${RM} /etc/shells.bak
.if ${PORT_OPTIONS:MCHROOT}
@${CP} /etc/shells /etc/shells.bak
@(${GREP} -v ${PREFIX}/sbin/scponlyc /etc/shells.bak; \
${ECHO_CMD} ${PREFIX}/sbin/scponlyc) > /etc/shells
@${RM} /etc/shells.bak
@${MKDIR} ${EXAMPLESDIR}
@${INSTALL_SCRIPT} ${WRKSRC}/setup_chroot.sh ${EXAMPLESDIR}
@${INSTALL_DATA} ${WRKSRC}/config.h ${EXAMPLESDIR}
@${ECHO_MSG} ""
@${ECHO_MSG} "To setup chroot cage, run the following commands:"
@${ECHO_MSG} " 1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh"
@${ECHO_MSG} " 2) Set scponlyc_enable=\"YES\" in /etc/rc.conf"
@${ECHO_MSG} " 3) Run ${PREFIX}/etc/rc.d/scponly start"
@${ECHO_MSG} ""
.endif
.if ${PORT_OPTIONS:MDOCS}
@${MKDIR} ${DOCSDIR}
.for i in ${PORTDOCS}
@${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
.endfor
@${ECHO_MSG} ""
@${ECHO_MSG} "For information on several potential security concerns,"
@${ECHO_MSG} "please read:"
@${ECHO_MSG} "${DOCSDIR}/SECURITY"
@${ECHO_MSG} ""
.endif
.include <bsd.port.mk>
|