pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/devel/cvsd Initial import of cvsd, a cvs pserver wrapp...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/99bb9716466b
branches:  trunk
changeset: 513084:99bb9716466b
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sat May 20 23:38:16 2006 +0000

description:
Initial import of cvsd, a cvs pserver wrapper that chroots the pserver.

Based on the work by Eric Schnoebelen and virtus@ in pkgsrc-wip.

DESCR:
cvsd is a wrapper program for cvs in pserver mode. It will run 'cvs
pserver' under a special uid/gid in a chroot jail.

cvsd is run as a daemon and is controlled through a configuration
file. It is relatively easy to configure and tools are provided
for easily setting up a rootjail.

This server can be useful if you want to run a public cvs pserver.
You should however be aware of the security limitations of running
a cvs pserver. If you want any kind of authentication you should
really consider using secure shell as a secure authentication
mechanism and transport. Passwords used in cvs pserver are transmitted
in plaintext and this wrapper won't change that.

This server adds a layer of security to cvs. cvs is a very powerful
tool and is capable of running scripts and other things. By running
cvs in a rootjail it is possible to limit the amount of "damage"
cvs can do if it is exploited.  It is generally a good idea to run
cvsd without any write permissions to any directory on the system.

diffstat:

 devel/cvsd/DESCR            |  19 +++++++++++++++++++
 devel/cvsd/MESSAGE          |   8 ++++++++
 devel/cvsd/Makefile         |  32 ++++++++++++++++++++++++++++++++
 devel/cvsd/PLIST            |  15 +++++++++++++++
 devel/cvsd/distinfo         |   9 +++++++++
 devel/cvsd/files/cvsd.sh    |  29 +++++++++++++++++++++++++++++
 devel/cvsd/patches/patch-aa |   9 +++++++++
 devel/cvsd/patches/patch-ab |   9 +++++++++
 devel/cvsd/patches/patch-ac |  40 ++++++++++++++++++++++++++++++++++++++++
 devel/cvsd/patches/patch-ad |  21 +++++++++++++++++++++
 10 files changed, 191 insertions(+), 0 deletions(-)

diffs (231 lines):

diff -r a62285925ece -r 99bb9716466b devel/cvsd/DESCR
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/DESCR  Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,19 @@
+cvsd is a wrapper program for cvs in pserver mode. It will run 'cvs
+pserver' under a special uid/gid in a chroot jail.
+
+cvsd is run as a daemon and is controlled through a configuration
+file. It is relatively easy to configure and tools are provided
+for easily setting up a rootjail.
+
+This server can be useful if you want to run a public cvs pserver.
+You should however be aware of the security limitations of running
+a cvs pserver. If you want any kind of authentication you should
+really consider using secure shell as a secure authentication
+mechanism and transport. Passwords used in cvs pserver are transmitted
+in plaintext and this wrapper won't change that.
+
+This server adds a layer of security to cvs. cvs is a very powerful
+tool and is capable of running scripts and other things. By running
+cvs in a rootjail it is possible to limit the amount of "damage"
+cvs can do if it is exploited.  It is generally a good idea to run
+cvsd without any write permissions to any directory on the system.
diff -r a62285925ece -r 99bb9716466b devel/cvsd/MESSAGE
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/MESSAGE        Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,8 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+    You should set up create a chrooted filesystem and create
+    repositories.  Read the README file in ${PREFIX}/share/doc/cvsd
+    for more details on setting up the environment.
+
+===========================================================================
diff -r a62285925ece -r 99bb9716466b devel/cvsd/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/Makefile       Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,32 @@
+# $NetBSD: Makefile,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+DISTNAME=              cvsd-1.0.10
+CATEGORIES=            devel
+MASTER_SITES=          http://ch.tudelft.nl/~arthur/cvsd/
+
+MAINTAINER=            eric%cirr.com@localhost
+HOMEPAGE=              http://ch.tudelft.nl/~arthur/cvsd/
+COMMENT=               Run CVS pserver in a chroot-ed environment
+
+USE_TOOLS+=            gmake perl
+GNU_CONFIGURE=         YES
+
+CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+=       --with-libwrap
+
+RCD_SCRIPTS=           cvsd
+
+EGDIR=                 ${PREFIX}/share/examples/cvsd
+CONF_FILES=            ${EGDIR}/cvsd.conf.example ${PKG_SYSCONFDIR}/cvsd.conf
+
+CVSD_USER?=            cvsd
+CVSD_GROUP?=           cvsd
+PKG_USERS=             ${CVSD_USER}:${CVSD_GROUP}
+PKG_GECOS.${CVSD_USER}=        CVS wrapper
+PKG_GROUPS=            ${CVSD_GROUP}
+
+pre-install:
+       ${INSTALL_DATA_DIR} ${EGDIR}
+
+.include "../../security/tcp_wrappers/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff -r a62285925ece -r 99bb9716466b devel/cvsd/PLIST
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/PLIST  Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,15 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+man/man5/cvsd.conf.5
+man/man8/cvsd-buginfo.8
+man/man8/cvsd-buildroot.8
+man/man8/cvsd-passwd.8
+man/man8/cvsd.8
+sbin/cvsd
+sbin/cvsd-buginfo
+sbin/cvsd-buildroot
+sbin/cvsd-passwd
+share/doc/cvsd/README
+share/examples/cvsd/cvsd.conf.example
+share/examples/rc.d/cvsd
+@dirrm share/examples/cvsd
+@dirrm share/doc/cvsd
diff -r a62285925ece -r 99bb9716466b devel/cvsd/distinfo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/distinfo       Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,9 @@
+$NetBSD: distinfo,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+SHA1 (cvsd-1.0.10.tar.gz) = f615a8830bb2a4f415b3267dc628b64561b53d9f
+RMD160 (cvsd-1.0.10.tar.gz) = 9a7129d9fa9b200bfeb8c54abeaae5e9c563cbcc
+Size (cvsd-1.0.10.tar.gz) = 206048 bytes
+SHA1 (patch-aa) = adfcecc2412aa30828c5b5cec1b0763bca599abb
+SHA1 (patch-ab) = f24f3ceac0c5e5d156c3ffc094b679d165e45e21
+SHA1 (patch-ac) = 02f4caa955d88eeadef14a05dd6e4ec19b9ee4b9
+SHA1 (patch-ad) = 2da407e6037ee3cd187b48d8ee668df281ae6907
diff -r a62285925ece -r 99bb9716466b devel/cvsd/files/cvsd.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/files/cvsd.sh  Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,29 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: cvsd.sh,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+#
+# PROVIDE: cvsd
+# REQUIRE: DAEMON
+
+if [ -e /etc/rc.subr ]
+then
+       . /etc/rc.subr
+fi
+
+name="cvsd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+required_files="@PREFIX@/etc/${name}.conf"
+pidfile=$(awk '/^#/ {next}; /PidFile/ {print $2}' ${required_files})
+# pidfile=/var/run/cvsd.pid
+command_args=""              
+                               # add more flags through ${${name}_flags}
+
+if [ -e /etc/rc.subr ]
+then
+       load_rc_config $name
+       run_rc_command "$1"
+else
+       echo -n ' ${name}'
+       ${command} ${cvsd_flags} ${command_args}
+fi
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-aa       Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,9 @@
+$NetBSD: patch-aa,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- configure.ac.orig  2004-08-07 23:11:01.000000000 +0300
++++ configure.ac       2004-09-13 14:25:08.000000000 +0300
+@@ -274,3 +274,3 @@
+ # TODO: this should probably be fixed to be nicer
+-CONFIGFILE=`eval echo $sysconfdir/cvsd/cvsd.conf | \
++CONFIGFILE=`eval echo $sysconfdir/cvsd.conf | \
+             sed "s%^NONE/%${prefix}/%" | \
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-ab       Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,9 @@
+$NetBSD: patch-ab,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- configure.orig     2004-08-07 23:11:20.000000000 +0300
++++ configure  2004-09-13 14:25:34.000000000 +0300
+@@ -9983,3 +9983,3 @@
+ # TODO: this should probably be fixed to be nicer
+-CONFIGFILE=`eval echo $sysconfdir/cvsd/cvsd.conf | \
++CONFIGFILE=`eval echo $sysconfdir/cvsd.conf | \
+             sed "s%^NONE/%${prefix}/%" | \
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-ac       Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ac,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- Makefile.in.orig   2005-07-24 09:19:45.000000000 -0500
++++ Makefile.in
+@@ -184,6 +184,8 @@ libdir = @libdir@
+ libexecdir = @libexecdir@
+ localstatedir = @localstatedir@
+ mandir = @mandir@
++exampledir = $(prefix)/share/examples/@PACKAGE@
++docdir = $(prefix)/share/doc/@PACKAGE@
+ mkdir_p = @mkdir_p@
+ oldincludedir = @oldincludedir@
+ prefix = @prefix@
+@@ -763,17 +765,19 @@ uninstall-man: uninstall-man5 uninstall-
+ 
+ 
+ #  install configuration files
+-install-data-local: install-configfile install-initscript
++install-data-local: install-configfile install-readme
++
++install-readme:
++      if [ ! -d $(DESTDIR)$(docdir) ]; then \
++          $(mkinstalldirs) $(DESTDIR)$(docdir); \
++      fi
++      $(INSTALL_DATA) $(srcdir)/README $(DESTDIR)$(docdir)
+ 
+ install-configfile:
+       if [ ! -d $(DESTDIR)$(sysconfdir)/cvsd ]; then \
+-        $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/cvsd;\
+-      fi
+-      if [ ! -f $(DESTDIR)$(CONFIGFILE) ]; then \
+-        $(INSTALL_DATA) $(srcdir)/cvsd.conf-dist $(DESTDIR)$(CONFIGFILE); \
+-      else \
+-        echo "$(DESTDIR)$(CONFIGFILE) already exists, install will not overwrite"; \
++        $(mkinstalldirs) $(DESTDIR)$(sysconfdir);\
+       fi
++      $(INSTALL_DATA) $(srcdir)/cvsd.conf-dist $(DESTDIR)$(exampledir)/cvsd.conf.example
+ 
+ install-initscript:
+       if [ ! -d $(DESTDIR)$(sysconfdir)/init.d ]; then \
diff -r a62285925ece -r 99bb9716466b devel/cvsd/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/cvsd/patches/patch-ad       Sat May 20 23:38:16 2006 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-ad,v 1.1.1.1 2006/05/20 23:38:16 wiz Exp $
+
+--- cvsd-buildroot.in.orig     2004-07-29 22:53:14.000000000 +0300
++++ cvsd-buildroot.in  2004-09-13 14:26:18.000000000 +0300
+@@ -51,2 +51,4 @@
+ EXTRALIBS="$EXTRALIBS /usr/libexec/ld.so"
++# for NetBSD
++EXTRALIBS="$EXTRALIBS /usr/libexec/ld.elf_so /libexec/ld.elf_so"
+ # for Solaris:
+@@ -294,3 +296,3 @@
+ 
+-# for systems with strange password files (OpenBSD)
++# for systems with strange password files (OpenBSD/NetBSD/FreeBSD)
+ if [ -r /etc/master.passwd ] && [ -r /etc/pwd.db ] && [ -x /usr/sbin/pwd_mkdb ]
+@@ -301,3 +303,5 @@
+     < "$ROOT/etc/passwd" > "$ROOT/etc/master.passwd"
+-  /usr/sbin/pwd_mkdb -p -d "$ROOT/etc" "$ROOT/etc/master.passwd"
++  # NetBSD expects -d to be the new root directory.
++  /usr/sbin/pwd_mkdb -p -d "$ROOT/etc" "$ROOT/etc/master.passwd" 2>/dev/null|| \
++  /usr/sbin/pwd_mkdb -p -d "$ROOT" "$ROOT/etc/master.passwd" 2>/dev/null
+   echo "done."



Home | Main Index | Thread Index | Old Index