summaryrefslogtreecommitdiffstats
path: root/net-mgmt
diff options
context:
space:
mode:
authorkevlo <kevlo@FreeBSD.org>2005-01-26 05:13:28 +0000
committerkevlo <kevlo@FreeBSD.org>2005-01-26 05:13:28 +0000
commit8fdba03bfd9af7f649c10fdafc0e8adf2d288ddb (patch)
tree9462ca1fdd16c003fcfa5fdd40ebd55c85a90dfb /net-mgmt
parent4a6e3055fdd838ba7eee3b5e653eb266e3c0552f (diff)
downloadFreeBSD-ports-8fdba03bfd9af7f649c10fdafc0e8adf2d288ddb.zip
FreeBSD-ports-8fdba03bfd9af7f649c10fdafc0e8adf2d288ddb.tar.gz
- Add privilege separation user handling.
- Bump PORTREVISION PR: ports/76669 Submitted by: MAINTAINER
Diffstat (limited to 'net-mgmt')
-rw-r--r--net-mgmt/flowd/Makefile11
-rw-r--r--net-mgmt/flowd/files/patch-flowd.h14
-rw-r--r--net-mgmt/flowd/pkg-deinstall20
-rw-r--r--net-mgmt/flowd/pkg-install42
4 files changed, 87 insertions, 0 deletions
diff --git a/net-mgmt/flowd/Makefile b/net-mgmt/flowd/Makefile
index 27e031f..b211c32 100644
--- a/net-mgmt/flowd/Makefile
+++ b/net-mgmt/flowd/Makefile
@@ -7,6 +7,7 @@
PORTNAME= flowd
PORTVERSION= 0.8
+PORTREVISION= 1
CATEGORIES= net-mgmt ipv6
MASTER_SITES= http://www2.mindrot.org/files/flowd/
@@ -16,9 +17,11 @@ COMMENT= The flowd is a small, fast and secure NetFlow collector
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --localstatedir=/var
USE_GMAKE= yes
+USE_REINPLACE= yes
MAN8= flowd.8 flowd-reader.8
MAN5= flowd.conf.5
PORTDOCS= README INSTALL
+FLOWD_USER?= _flowd
.if defined(WITH_PERL)
USE_PERL5= yes
@@ -50,6 +53,12 @@ pre-extract:
@${ECHO_MSG} "You can enable Python bindings by defining WITH_PYTHON."
.endif
+post-patch:
+ @${REINPLACE_CMD} -e "s;%%FLOWD_USER%%;${FLOWD_USER};g" \
+ ${PKGDEINSTALL}
+ @${REINPLACE_CMD} -e "s;%%FLOWD_USER%%;${FLOWD_USER};g" \
+ ${WRKSRC}/flowd.h
+
post-install:
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
@@ -69,4 +78,6 @@ post-install:
${PYTHON_CMD} setup.py install
.endif
+@FLOWD_USER=${FLOWD_USER} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+
.include <bsd.port.mk>
diff --git a/net-mgmt/flowd/files/patch-flowd.h b/net-mgmt/flowd/files/patch-flowd.h
new file mode 100644
index 0000000..bc80ac7
--- /dev/null
+++ b/net-mgmt/flowd/files/patch-flowd.h
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- flowd.h.orig
++++ flowd.h
+@@ -34,7 +34,7 @@
+
+ #define DEFAULT_CONFIG SYSCONFDIR "/flowd.conf"
+ #define DEFAULT_PIDFILE PIDFILEDIR "/flowd.pid"
+-#define PRIVSEP_USER "_flowd"
++#define PRIVSEP_USER "%%FLOWD_USER%%"
+
+ /* Initial stateholding limits */
+ /* XXX these are not actually tunable yet */
diff --git a/net-mgmt/flowd/pkg-deinstall b/net-mgmt/flowd/pkg-deinstall
new file mode 100644
index 0000000..44b1289
--- /dev/null
+++ b/net-mgmt/flowd/pkg-deinstall
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+FLOWD_USER=${FLOWD_USER:=_flowd}
+
+delete_user() {
+ if pw usershow ${FLOWD_USER} 2>/dev/null 1>&2; then
+ echo "To delete flowd privilege separation user permanently, use 'pw userdel ${FLOWD_USER}'"
+ fi
+
+}
+
+case $2 in
+ POST-DEINSTALL)
+ delete_user
+ ;;
+
+esac
diff --git a/net-mgmt/flowd/pkg-install b/net-mgmt/flowd/pkg-install
new file mode 100644
index 0000000..787561e
--- /dev/null
+++ b/net-mgmt/flowd/pkg-install
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Based on cyrus-sasl2 port
+#
+# create 'flowd' user
+#
+
+create_user() {
+ USER=${FLOWD_USER}
+ GROUP=nobody
+ PW=/usr/sbin/pw
+
+ if [ -x /usr/sbin/nologin ]; then
+ shell=/usr/sbin/nologin
+ elif [ -x /sbin/nologin ]; then
+ shell=/sbin/nologin
+ else
+ shell=/nonexistent
+ fi
+ uhome="/nonexistent"
+
+ if ! ${PW} show user ${USER} -q >/dev/null; then
+ if ! ${PW} add user ${USER} -g ${gid} -d "${uhome}" \
+ -c "flowd privilege separation user" -s "${shell}" -p "*" \
+ ; then
+ e=$?
+ echo "*** Failed to add user \`${USER}'. Please add it manually."
+ exit ${e}
+ fi
+ echo "*** Added user \`${USER}' (id ${uid})"
+ else
+ echo "*** You already have user \`${USER}'."
+ fi
+}
+
+case $2 in
+ POST-INSTALL)
+ create_user
+ ;;
+esac
OpenPOWER on IntegriCloud