pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel/cvsd Initial import of cvsd, a cvs pserver wrapp...
details: https://anonhg.NetBSD.org/pkgsrc/rev/99bb9716466b
branches: trunk
changeset: 513084:99bb9716466b
user: wiz <wiz%pkgsrc.org@localhost>
date: Sat May 20 23:38:16 2006 +0000
description:
Initial import of cvsd, a cvs pserver wrapper that chroots the pserver.
Based on the work by Eric Schnoebelen and virtus@ in pkgsrc-wip.
DESCR:
cvsd is a wrapper program for cvs in pserver mode. It will run 'cvs
pserver' under a special uid/gid in a chroot jail.
cvsd is run as a daemon and is controlled through a configuration
file. It is relatively easy to configure and tools are provided
for easily setting up a rootjail.
This server can be useful if you want to run a public cvs pserver.
You should however be aware of the security limitations of running
a cvs pserver. If you want any kind of authentication you should
really consider using secure shell as a secure authentication
mechanism and transport. Passwords used in cvs pserver are transmitted
in plaintext and this wrapper won't change that.
This server adds a layer of security to cvs. cvs is a very powerful
tool and is capable of running scripts and other things. By running
cvs in a rootjail it is possible to limit the amount of "damage"
cvs can do if it is exploited. It is generally a good idea to run
cvsd without any write permissions to any directory on the system.
diffstat:
devel/cvsd/DESCR | 19 +++++++++++++++++++
devel/cvsd/MESSAGE | 8 ++++++++
devel/cvsd/Makefile | 32 ++++++++++++++++++++++++++++++++
devel/cvsd/PLIST | 15 +++++++++++++++
devel/cvsd/distinfo | 9 +++++++++
devel/cvsd/files/cvsd.sh | 29 +++++++++++++++++++++++++++++
devel/cvsd/patches/patch-aa | 9 +++++++++
devel/cvsd/patches/patch-ab | 9 +++++++++
devel/cvsd/patches/patch-ac | 40 ++++++++++++++++++++++++++++++++++++++++
devel/cvsd/patches/patch-ad | 21 +++++++++++++++++++++
10 files changed, 191 insertions(+), 0 deletions(-)
diffs (231 lines):
diff -r a62285925ece -r 99bb9716466b devel/cvsd/DESCR
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/DESCR Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,19 @@
+cvsd is a wrapper program for cvs in pserver mode. It will run 'cvs
+pserver' under a special uid/gid in a chroot jail.
+
+cvsd is run as a daemon and is controlled through a configuration
+file. It is relatively easy to configure and tools are provided
+for easily setting up a rootjail.
+
+This server can be useful if you want to run a public cvs pserver.
+You should however be aware of the security limitations of running
+a cvs pserver. If you want any kind of authentication you should
+really consider using secure shell as a secure authentication
+mechanism and transport. Passwords used in cvs pserver are transmitted
+in plaintext and this wrapper won't change that.
+
+This server adds a layer of security to cvs. cvs is a very powerful
+tool and is capable of running scripts and other things. By running
+cvs in a rootjail it is possible to limit the amount of "damage"
+cvs can do if it is exploited. It is generally a good idea to run
+cvsd without any write permissions to any directory on the system.
diff -r a62285925ece -r 99bb9716466b devel/cvsd/MESSAGE
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/MESSAGE Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,8 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+ You should set up create a chrooted filesystem and create
+ repositories. Read the README file in ${PREFIX}/share/doc/cvsd
+ for more details on setting up the environment.
+
+===========================================================================
diff -r a62285925ece -r 99bb9716466b devel/cvsd/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/Makefile Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,32 @@
+# $NetBSD: Makefile,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+DISTNAME= cvsd-1.0.10
+CATEGORIES= devel
+MASTER_SITES= http://ch.tudelft.nl/~arthur/cvsd/
+
+MAINTAINER= eric%cirr.com@localhost
+HOMEPAGE= http://ch.tudelft.nl/~arthur/cvsd/
+COMMENT= Run CVS pserver in a chroot-ed environment
+
+USE_TOOLS+= gmake perl
+GNU_CONFIGURE= YES
+
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+= --with-libwrap
+
+RCD_SCRIPTS= cvsd
+
+EGDIR= ${PREFIX}/share/examples/cvsd
+CONF_FILES= ${EGDIR}/cvsd.conf.example ${PKG_SYSCONFDIR}/cvsd.conf
+
+CVSD_USER?= cvsd
+CVSD_GROUP?= cvsd
+PKG_USERS= ${CVSD_USER}:${CVSD_GROUP}
+PKG_GECOS.${CVSD_USER}= CVS wrapper
+PKG_GROUPS= ${CVSD_GROUP}
+
+pre-install:
+ ${INSTALL_DATA_DIR} ${EGDIR}
+
+.include "../../security/tcp_wrappers/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff -r a62285925ece -r 99bb9716466b devel/cvsd/PLIST
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/PLIST Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,15 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+man/man5/cvsd.conf.5
+man/man8/cvsd-buginfo.8
+man/man8/cvsd-buildroot.8
+man/man8/cvsd-passwd.8
+man/man8/cvsd.8
+sbin/cvsd
+sbin/cvsd-buginfo
+sbin/cvsd-buildroot
+sbin/cvsd-passwd
+share/doc/cvsd/README
+share/examples/cvsd/cvsd.conf.example
+share/examples/rc.d/cvsd
+@dirrm share/examples/cvsd
+@dirrm share/doc/cvsd
diff -r a62285925ece -r 99bb9716466b devel/cvsd/distinfo
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/distinfo Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,9 @@
+$NetBSD: distinfo,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+SHA1 (cvsd-1.0.10.tar.gz) = f615a8830bb2a4f415b3267dc628b64561b53d9f
+RMD160 (cvsd-1.0.10.tar.gz) = 9a7129d9fa9b200bfeb8c54abeaae5e9c563cbcc
+Size (cvsd-1.0.10.tar.gz) = 206048 bytes
+SHA1 (patch-aa) = adfcecc2412aa30828c5b5cec1b0763bca599abb
+SHA1 (patch-ab) = f24f3ceac0c5e5d156c3ffc094b679d165e45e21
+SHA1 (patch-ac) = 02f4caa955d88eeadef14a05dd6e4ec19b9ee4b9
+SHA1 (patch-ad) = 2da407e6037ee3cd187b48d8ee668df281ae6907
diff -r a62285925ece -r 99bb9716466b devel/cvsd/files/cvsd.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/files/cvsd.sh Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,29 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: cvsd.sh,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+#
+# PROVIDE: cvsd
+# REQUIRE: DAEMON
+
+if [ -e /etc/rc.subr ]
+then
+ . /etc/rc.subr
+fi
+
+name="cvsd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+required_files="@PREFIX@/etc/${name}.conf"
+pidfile=$(awk '/^#/ {next}; /PidFile/ {print $2}' ${required_files})
+# pidfile=/var/run/cvsd.pid
+command_args=""
+ # add more flags through ${${name}_flags}
+
+if [ -e /etc/rc.subr ]
+then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ echo -n ' ${name}'
+ ${command} ${cvsd_flags} ${command_args}
+fi
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-aa Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,9 @@
+$NetBSD: patch-aa,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- configure.ac.orig 2004-08-07 23:11:01.000000000 +0300
++++ configure.ac 2004-09-13 14:25:08.000000000 +0300
+@@ -274,3 +274,3 @@
+ # TODO: this should probably be fixed to be nicer
+-CONFIGFILE=`eval echo $sysconfdir/cvsd/cvsd.conf | \
++CONFIGFILE=`eval echo $sysconfdir/cvsd.conf | \
+ sed "s%^NONE/%${prefix}/%" | \
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-ab Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,9 @@
+$NetBSD: patch-ab,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- configure.orig 2004-08-07 23:11:20.000000000 +0300
++++ configure 2004-09-13 14:25:34.000000000 +0300
+@@ -9983,3 +9983,3 @@
+ # TODO: this should probably be fixed to be nicer
+-CONFIGFILE=`eval echo $sysconfdir/cvsd/cvsd.conf | \
++CONFIGFILE=`eval echo $sysconfdir/cvsd.conf | \
+ sed "s%^NONE/%${prefix}/%" | \
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-ac Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ac,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- Makefile.in.orig 2005-07-24 09:19:45.000000000 -0500
++++ Makefile.in
+@@ -184,6 +184,8 @@ libdir = @libdir@
+ libexecdir = @libexecdir@
+ localstatedir = @localstatedir@
+ mandir = @mandir@
++exampledir = $(prefix)/share/examples/@PACKAGE@
++docdir = $(prefix)/share/doc/@PACKAGE@
+ mkdir_p = @mkdir_p@
+ oldincludedir = @oldincludedir@
+ prefix = @prefix@
+@@ -763,17 +765,19 @@ uninstall-man: uninstall-man5 uninstall-
+
+
+ # install configuration files
+-install-data-local: install-configfile install-initscript
++install-data-local: install-configfile install-readme
++
++install-readme:
++ if [ ! -d $(DESTDIR)$(docdir) ]; then \
++ $(mkinstalldirs) $(DESTDIR)$(docdir); \
++ fi
++ $(INSTALL_DATA) $(srcdir)/README $(DESTDIR)$(docdir)
+
+ install-configfile:
+ if [ ! -d $(DESTDIR)$(sysconfdir)/cvsd ]; then \
+- $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/cvsd;\
+- fi
+- if [ ! -f $(DESTDIR)$(CONFIGFILE) ]; then \
+- $(INSTALL_DATA) $(srcdir)/cvsd.conf-dist $(DESTDIR)$(CONFIGFILE); \
+- else \
+- echo "$(DESTDIR)$(CONFIGFILE) already exists, install will not overwrite"; \
++ $(mkinstalldirs) $(DESTDIR)$(sysconfdir);\
+ fi
++ $(INSTALL_DATA) $(srcdir)/cvsd.conf-dist $(DESTDIR)$(exampledir)/cvsd.conf.example
+
+ install-initscript:
+ if [ ! -d $(DESTDIR)$(sysconfdir)/init.d ]; then \
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-ad Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-ad,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- cvsd-buildroot.in.orig 2004-07-29 22:53:14.000000000 +0300
++++ cvsd-buildroot.in 2004-09-13 14:26:18.000000000 +0300
+@@ -51,2 +51,4 @@
+ EXTRALIBS="$EXTRALIBS /usr/libexec/ld.so"
++# for NetBSD
++EXTRALIBS="$EXTRALIBS /usr/libexec/ld.elf_so /libexec/ld.elf_so"
+ # for Solaris:
+@@ -294,3 +296,3 @@
+
+-# for systems with strange password files (OpenBSD)
++# for systems with strange password files (OpenBSD/NetBSD/FreeBSD)
+ if [ -r /etc/master.passwd ] && [ -r /etc/pwd.db ] && [ -x /usr/sbin/pwd_mkdb ]
+@@ -301,3 +303,5 @@
+ < "$ROOT/etc/passwd" > "$ROOT/etc/master.passwd"
+- /usr/sbin/pwd_mkdb -p -d "$ROOT/etc" "$ROOT/etc/master.passwd"
++ # NetBSD expects -d to be the new root directory.
++ /usr/sbin/pwd_mkdb -p -d "$ROOT/etc" "$ROOT/etc/master.passwd" 2>/dev/null|| \
++ /usr/sbin/pwd_mkdb -p -d "$ROOT" "$ROOT/etc/master.passwd" 2>/dev/null
+ echo "done."
Home |
Main Index |
Thread Index |
Old Index