diff options
author | kevlo <kevlo@FreeBSD.org> | 2005-01-26 05:13:28 +0000 |
---|---|---|
committer | kevlo <kevlo@FreeBSD.org> | 2005-01-26 05:13:28 +0000 |
commit | 8fdba03bfd9af7f649c10fdafc0e8adf2d288ddb (patch) | |
tree | 9462ca1fdd16c003fcfa5fdd40ebd55c85a90dfb /net-mgmt | |
parent | 4a6e3055fdd838ba7eee3b5e653eb266e3c0552f (diff) | |
download | FreeBSD-ports-8fdba03bfd9af7f649c10fdafc0e8adf2d288ddb.zip FreeBSD-ports-8fdba03bfd9af7f649c10fdafc0e8adf2d288ddb.tar.gz |
- Add privilege separation user handling.
- Bump PORTREVISION
PR: ports/76669
Submitted by: MAINTAINER
Diffstat (limited to 'net-mgmt')
-rw-r--r-- | net-mgmt/flowd/Makefile | 11 | ||||
-rw-r--r-- | net-mgmt/flowd/files/patch-flowd.h | 14 | ||||
-rw-r--r-- | net-mgmt/flowd/pkg-deinstall | 20 | ||||
-rw-r--r-- | net-mgmt/flowd/pkg-install | 42 |
4 files changed, 87 insertions, 0 deletions
diff --git a/net-mgmt/flowd/Makefile b/net-mgmt/flowd/Makefile index 27e031f..b211c32 100644 --- a/net-mgmt/flowd/Makefile +++ b/net-mgmt/flowd/Makefile @@ -7,6 +7,7 @@ PORTNAME= flowd PORTVERSION= 0.8 +PORTREVISION= 1 CATEGORIES= net-mgmt ipv6 MASTER_SITES= http://www2.mindrot.org/files/flowd/ @@ -16,9 +17,11 @@ COMMENT= The flowd is a small, fast and secure NetFlow collector GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var USE_GMAKE= yes +USE_REINPLACE= yes MAN8= flowd.8 flowd-reader.8 MAN5= flowd.conf.5 PORTDOCS= README INSTALL +FLOWD_USER?= _flowd .if defined(WITH_PERL) USE_PERL5= yes @@ -50,6 +53,12 @@ pre-extract: @${ECHO_MSG} "You can enable Python bindings by defining WITH_PYTHON." .endif +post-patch: + @${REINPLACE_CMD} -e "s;%%FLOWD_USER%%;${FLOWD_USER};g" \ + ${PKGDEINSTALL} + @${REINPLACE_CMD} -e "s;%%FLOWD_USER%%;${FLOWD_USER};g" \ + ${WRKSRC}/flowd.h + post-install: .if !defined(NOPORTDOCS) ${MKDIR} ${DOCSDIR} @@ -69,4 +78,6 @@ post-install: ${PYTHON_CMD} setup.py install .endif +@FLOWD_USER=${FLOWD_USER} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + .include <bsd.port.mk> diff --git a/net-mgmt/flowd/files/patch-flowd.h b/net-mgmt/flowd/files/patch-flowd.h new file mode 100644 index 0000000..bc80ac7 --- /dev/null +++ b/net-mgmt/flowd/files/patch-flowd.h @@ -0,0 +1,14 @@ + +$FreeBSD$ + +--- flowd.h.orig ++++ flowd.h +@@ -34,7 +34,7 @@ + + #define DEFAULT_CONFIG SYSCONFDIR "/flowd.conf" + #define DEFAULT_PIDFILE PIDFILEDIR "/flowd.pid" +-#define PRIVSEP_USER "_flowd" ++#define PRIVSEP_USER "%%FLOWD_USER%%" + + /* Initial stateholding limits */ + /* XXX these are not actually tunable yet */ diff --git a/net-mgmt/flowd/pkg-deinstall b/net-mgmt/flowd/pkg-deinstall new file mode 100644 index 0000000..44b1289 --- /dev/null +++ b/net-mgmt/flowd/pkg-deinstall @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +FLOWD_USER=${FLOWD_USER:=_flowd} + +delete_user() { + if pw usershow ${FLOWD_USER} 2>/dev/null 1>&2; then + echo "To delete flowd privilege separation user permanently, use 'pw userdel ${FLOWD_USER}'" + fi + +} + +case $2 in + POST-DEINSTALL) + delete_user + ;; + +esac diff --git a/net-mgmt/flowd/pkg-install b/net-mgmt/flowd/pkg-install new file mode 100644 index 0000000..787561e --- /dev/null +++ b/net-mgmt/flowd/pkg-install @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Based on cyrus-sasl2 port +# +# create 'flowd' user +# + +create_user() { + USER=${FLOWD_USER} + GROUP=nobody + PW=/usr/sbin/pw + + if [ -x /usr/sbin/nologin ]; then + shell=/usr/sbin/nologin + elif [ -x /sbin/nologin ]; then + shell=/sbin/nologin + else + shell=/nonexistent + fi + uhome="/nonexistent" + + if ! ${PW} show user ${USER} -q >/dev/null; then + if ! ${PW} add user ${USER} -g ${gid} -d "${uhome}" \ + -c "flowd privilege separation user" -s "${shell}" -p "*" \ + ; then + e=$? + echo "*** Failed to add user \`${USER}'. Please add it manually." + exit ${e} + fi + echo "*** Added user \`${USER}' (id ${uid})" + else + echo "*** You already have user \`${USER}'." + fi +} + +case $2 in + POST-INSTALL) + create_user + ;; +esac |