diff options
-rw-r--r-- | net-misc/scponly/ChangeLog | 9 | ||||
-rw-r--r-- | net-misc/scponly/files/digest-scponly-4.3 | 2 | ||||
-rw-r--r-- | net-misc/scponly/files/digest-scponly-4.6 | 2 | ||||
-rw-r--r-- | net-misc/scponly/files/digest-scponly-4.6-r1 | 3 | ||||
-rw-r--r-- | net-misc/scponly/files/scponly-4.6-helper.patch | 97 | ||||
-rw-r--r-- | net-misc/scponly/scponly-4.6-r1.ebuild | 143 |
6 files changed, 255 insertions, 1 deletions
diff --git a/net-misc/scponly/ChangeLog b/net-misc/scponly/ChangeLog index d9aa9b14c423..c85ba93910c3 100644 --- a/net-misc/scponly/ChangeLog +++ b/net-misc/scponly/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-misc/scponly # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/scponly/ChangeLog,v 1.24 2006/03/01 07:56:29 hansmi Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/scponly/ChangeLog,v 1.25 2006/05/20 05:37:27 matsuu Exp $ + +*scponly-4.6-r1 (20 May 2006) + + 20 May 2006; MATSUU Takuto <matsuu@gentoo.org> + +files/scponly-4.6-helper.patch, +scponly-4.6-r1.ebuild: + Fixed to work with rysnc, Bug 127983. + Fixed to move the user/group setup to pkg_postint, Bug 125796. 01 Mar 2006; Michael Hanselmann <hansmi@gentoo.org> scponly-4.3.ebuild: Stable on ppc, sparc. diff --git a/net-misc/scponly/files/digest-scponly-4.3 b/net-misc/scponly/files/digest-scponly-4.3 index 86b72bbb8528..30eb3e8ab1da 100644 --- a/net-misc/scponly/files/digest-scponly-4.3 +++ b/net-misc/scponly/files/digest-scponly-4.3 @@ -1 +1,3 @@ MD5 2cef26fe5ed740031a067f189c293e77 scponly-4.3.tgz 94889 +RMD160 780baf0a2be4b3042d721953c109c06ff0d9d1a2 scponly-4.3.tgz 94889 +SHA256 e707315e4f90ccc3f882e6b21617dc4543bab77edbe40546fe230119609b6143 scponly-4.3.tgz 94889 diff --git a/net-misc/scponly/files/digest-scponly-4.6 b/net-misc/scponly/files/digest-scponly-4.6 index faf07b395d69..7db9b807bbdd 100644 --- a/net-misc/scponly/files/digest-scponly-4.6 +++ b/net-misc/scponly/files/digest-scponly-4.6 @@ -1 +1,3 @@ MD5 0425cb868cadd026851238452f1db907 scponly-4.6.tgz 96578 +RMD160 c30d4b02314b53dce54d2f3f8e531c18792c7f60 scponly-4.6.tgz 96578 +SHA256 dfa5a334d66150289a391aea4dc00d1b039c644fd1c628bdeddaa7b0710e01a7 scponly-4.6.tgz 96578 diff --git a/net-misc/scponly/files/digest-scponly-4.6-r1 b/net-misc/scponly/files/digest-scponly-4.6-r1 new file mode 100644 index 000000000000..7db9b807bbdd --- /dev/null +++ b/net-misc/scponly/files/digest-scponly-4.6-r1 @@ -0,0 +1,3 @@ +MD5 0425cb868cadd026851238452f1db907 scponly-4.6.tgz 96578 +RMD160 c30d4b02314b53dce54d2f3f8e531c18792c7f60 scponly-4.6.tgz 96578 +SHA256 dfa5a334d66150289a391aea4dc00d1b039c644fd1c628bdeddaa7b0710e01a7 scponly-4.6.tgz 96578 diff --git a/net-misc/scponly/files/scponly-4.6-helper.patch b/net-misc/scponly/files/scponly-4.6-helper.patch new file mode 100644 index 000000000000..875de04fc1ce --- /dev/null +++ b/net-misc/scponly/files/scponly-4.6-helper.patch @@ -0,0 +1,97 @@ +--- scponly-4.6/helper.c.orig Tue Jan 31 22:04:16 2006 ++++ scponly-4.6/helper.c Thu Mar 23 00:53:01 2006 +@@ -133,6 +133,78 @@ + char **tmpptr=av; + int ch; + int ac=0; ++ char **av2 = NULL; ++ ++ /* ++ * first count the arguments in the vector ++ */ ++ tmpptr=av; ++ while (*tmpptr!=NULL) ++ { ++ *tmpptr++; ++ ac++; ++ } ++ ++#ifdef PROG_RSYNC ++ if (exact_match(PROG_RSYNC, av[0])) ++ { ++ /* ++ * these are the long opts (beginning "--") which we ++ * allow for rsync ++ */ ++ char *permitted_long_opts[] = { ++ "--server", ++ "--sender", ++ "--delete", ++ NULL /* last element must be NULL */ ++ }; ++ ++ /* ++ * make a copy of the args excluding any permitted long ++ * options ++ */ ++ int i, j; ++ av2 = malloc(ac * sizeof *av2); ++ av2[0] = av[0]; ++ for (i = 1, j = 1; i < ac; ++i) ++ { ++ if (0 == strncmp(av[i], "--", 2)) ++ { ++ char **p; ++ /* ++ * test against permitted opts ++ */ ++ for (p = permitted_long_opts; *p; ++p) ++ { ++ if (exact_match(av[i], *p)) ++ break; ++ } ++ ++ if (*p) ++ { ++ /* ++ * permitted; skip this one ++ */ ++ continue; ++ } ++ else ++ { ++ /* ++ * no match ++ */ ++ syslog(LOG_ERR, "option %s is not permitted for use with %s (%s)", ++ av[i], cmdarg->name, logstamp()); ++ return 1; ++ } ++ } ++ av2[j++] = av[i]; ++ ++ } ++ av2[j] = NULL; ++ ac = j; ++ av = av2; ++ } ++#endif /* PROG_RSYNC */ + + while (cmdarg != NULL) + { +@@ -151,15 +223,6 @@ + */ + if (1 == cmdarg->getoptflag) + { +- /* +- * first count the arguments in the vector +- */ +- tmpptr=av; +- while (*tmpptr!=NULL) +- { +- *tmpptr++; +- ac++; +- } + /* + * now use getopt to look for our problem option + */ diff --git a/net-misc/scponly/scponly-4.6-r1.ebuild b/net-misc/scponly/scponly-4.6-r1.ebuild new file mode 100644 index 000000000000..b29b82a1480d --- /dev/null +++ b/net-misc/scponly/scponly-4.6-r1.ebuild @@ -0,0 +1,143 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/scponly/scponly-4.6-r1.ebuild,v 1.1 2006/05/20 05:37:28 matsuu Exp $ + +inherit eutils + +DESCRIPTION="A tiny pseudoshell which only permits scp and sftp" +HOMEPAGE="http://www.sublimation.org/scponly/" +SRC_URI="http://www.sublimation.org/scponly/${P}.tgz" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="subversion" + +DEPEND="virtual/libc + net-misc/openssh + subversion? ( dev-util/subversion )" + +myuser="scponly" +myhome="/home/${myuser}" + +src_unpack() { + unpack ${A} + cd "${S}" + # Bug 125796 + epatch "${FILESDIR}"/${P}-helper.patch +} + +src_compile() { + PATH="${PATH}:/usr/$(get_libdir)/misc" \ + econf \ + --enable-scp-compat \ + --enable-winscp-compat \ + --enable-rsync-compat \ + --enable-chrooted-binary \ + $(use_enable subversion svn-compat) \ + $(use_enable subversion svnserv-compat) \ + || die "./configure failed" + emake || die +} + +src_install() { + make DESTDIR="${D}" install || die + + dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README TODO + dodoc setup_chroot.sh +} + +pkg_postinst() { + einfo "You might want to run:" + einfo "\"emerge --config =${CATEGORY}/${PF}\"" + einfo "to setup the chroot." + einfo "Otherwise you will have to setup chroot manually." + + # two slashes ('//') are used by scponlyc to determine the chroot point. + enewgroup ${myuser} + enewuser ${myuser} -1 /usr/sbin/scponlyc ${myhome}// ${myuser} +} + +pkg_config() { + # pkg_postinst is based on ${S}/setup_chroot.sh. + + einfo "Updating /etc/shells" + { grep -v "^/usr/bin/scponly$" /etc/shells; + echo "/usr/bin/scponly" + } > ${T}/shells + mv -f ${T}/shells /etc/shells + + { grep -v "^/usr/sbin/scponlyc$" /etc/shells; + echo "/usr/sbin/scponlyc" + } > ${T}/shells + mv -f ${T}/shells /etc/shells + + BINARIES="/usr/$(get_libdir)/misc/sftp-server /bin/ls /usr/bin/scp /bin/rm /bin/ln /bin/mv /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir /bin/pwd /bin/groups /usr/bin/ld /bin/echo /usr/bin/rsync" + if built_with_use ${PN} subversion; then + BINARIES="$BINARIES /usr/bin/svn /usr/bin/svnserve" + fi + LIB_LIST=`/usr/bin/ldd $BINARIES 2> /dev/null | /bin/cut -f2 -d\> | /bin/cut -f1 -d\( | /bin/grep "^ " | /bin/sort -u` + LDSO_LIST="/$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /$(get_libdir)/ld-linux.so.2 /usr/libexec/ld-elf.so.1" + for lib in $LDSO_LIST; do + if [ -f $lib ]; then + LIB_LIST="$LIB_LIST $lib" + fi + done + /bin/ls /$(get_libdir)/libnss_compat* > /dev/null 2>&1 + if [ $? -eq 0 ]; then + LIB_LIST="$LIB_LIST /$(get_libdir)/libnss_compat*" + fi + + ldconfig + LIB_LIST="$LIB_LIST /etc/ld.so.cache /etc/ld.so.conf" + + if [ ! -d ${myhome} ]; then + /bin/install -c -d ${myhome} + /bin/chmod 755 ${myhome} + fi + if [ ! -d ${myhome} ]; then + /bin/install -c -d ${myhome}/etc + /bin/chown 0:0 ${myhome}/etc + /bin/chmod 755 ${myhome}/etc + fi + if [ ! -d ${myhome}/$(get_libdir) ]; then + /bin/install -c -d ${myhome}/$(get_libdir) + /bin/chmod 755 ${myhome}/$(get_libdir) + fi + if [ ! -d ${myhome}/lib ]; then + /usr/bin/ln -s $(get_libdir) ${myhome}/lib + fi + if [ ! -d ${myhome}/usr/$(get_libdir) ]; then + /bin/install -c -d ${myhome}/usr/$(get_libdir) + /bin/chmod 755 ${myhome}/usr/$(get_libdir) + fi + if [ ! -d ${myhome}/usr/lib ]; then + /usr/bin/ln -s $(get_libdir) ${myhome}/usr/lib + fi + + for bin in $BINARIES; do + /bin/install -c -d ${myhome}/`/bin/dirname $bin` + /bin/install -c $bin ${myhome}/$bin + done + for lib in $LIB_LIST; do + /bin/install -c -d ${myhome}/`/bin/dirname $lib` + /bin/install -c $lib ${myhome}/$lib + done + + /bin/chown 0:0 ${myhome} + if [ -d ${myhome}/.ssh ]; then + /bin/chown 0:0 ${myhome}/.ssh + fi + + if [ ! -d ${myhome}/incoming ]; then + einfo "creating ${myhome}/incoming directory for uploading files" + /bin/install -c -o ${myuser} -d ${myhome}/incoming + fi + /bin/chown $myuser:$myuser ${myhome}/incoming + + grep "^${myuser}" /etc/passwd > ${myhome}/etc/passwd + + einfo "if you experience a warning with winscp regarding groups, please install" + einfo "the provided hacked out fake groups program into your chroot, like so:" + einfo "cp groups ${myhome}/bin/groups" +} |