chiark / gitweb /
*** empty log message ***
authorian <ian>
Sun, 6 Jul 2003 20:32:27 +0000 (20:32 +0000)
committerian <ian>
Sun, 6 Jul 2003 20:32:27 +0000 (20:32 +0000)
22 files changed:
.cvsignore
changelog
debian/.cvsignore [new file with mode: 0644]
debian/changelog
debian/control [new file with mode: 0644]
debian/copyright [new file with mode: 0644]
debian/rules [new file with mode: 0755]
debian/userv-dyndns/postinst [new file with mode: 0755]
dyndns/INSTALL
dyndns/Makefile [new file with mode: 0644]
dyndns/dyndns
dyndns/install-script [moved from dyndns/install with 100% similarity]
dyndns/service
dyndns/update
groupmanage/Makefile [new file with mode: 0644]
ipif/Makefile
ipif/ipif
misc/Makefile [new file with mode: 0644]
misc/mailq-wrapper [new file with mode: 0755]
misc/ndc-reload
settings.make [new file with mode: 0644]
www-cgi/Makefile

index 799bfca..b8228f6 100644 (file)
@@ -1,2 +1,3 @@
 dist_tmp
 userv-utils-*.tar.gz
+build
index d6d6fe2..efad7bd 100644 (file)
--- a/changelog
+++ b/changelog
@@ -1,3 +1,11 @@
+userv-utils (0.2.99.0.2) unstable; urgency=low
+
+  * debianisation
+  * new Makefiles in various directories, still all a bit crap
+  * removed some common stuff from */Makefile to settings.make
+
+ --
+
 userv-utils (0.2.99.0.1) unstable; urgency=low
 
   dyndns:
diff --git a/debian/.cvsignore b/debian/.cvsignore
new file mode 100644 (file)
index 0000000..1e64510
--- /dev/null
@@ -0,0 +1,3 @@
+sv-*
+tmp
+files
index d6d6fe2..efad7bd 100644 (file)
@@ -1,3 +1,11 @@
+userv-utils (0.2.99.0.2) unstable; urgency=low
+
+  * debianisation
+  * new Makefiles in various directories, still all a bit crap
+  * removed some common stuff from */Makefile to settings.make
+
+ --
+
 userv-utils (0.2.99.0.1) unstable; urgency=low
 
   dyndns:
diff --git a/debian/control b/debian/control
new file mode 100644 (file)
index 0000000..3247d90
--- /dev/null
@@ -0,0 +1,77 @@
+Source: userv-utils
+Section: admin
+Priority: extra
+Maintainer: Ian Jackson <ian@chiark.greenend.org.uk>
+Standards-Version: 2.1.1.0
+
+Package: userv-ipif
+Architecture: any
+Depends: userv
+Recommends: ssh
+Description: VPN system (and user-mode network interface)
+ userv-ipif is a userv service to allow non-root users to create
+ network interfaces implemented in user space.  No kernel patches are
+ required (the kernel's built-in SLIP driver is used).
+ .
+ Based on this, udptunnel is a a simple but flexible VPN program which
+ uses ssh for authentication and key exchange but sends the packets
+ over UDP.  (Other VPN-over-ssh programs typically do PPP-over-TCP,
+ which yields poor perfoormance.)  Note that udptunnel is not IPSEC.
+ .
+ The default configuration does set up any users with permission to
+ create network interfaces such as VPN endpoints.
+
+Package: userv-dyndns
+Architecture: all
+Depends: userv, chiark-utils-bin
+Recommends: bind
+Description: dynamic DNS for shell account users
+ userv-dyndns is a userv service which allows non-root users to
+ modify individual DNS records in specified zones in a controlled way.
+ .
+ Typically, this can be used to provide a `dyndns.org'-like service
+ which is modifiable by shell account users.
+ .
+ The default configuration does not set up any users with permission
+ to modify the DNS.
+
+Package: userv-cgi
+Architecture: any
+Depends: userv
+Recommends: httpd
+Description: user-provided CGI scripts invoked by userv
+ This package contains ucgi, a userv service which allows CGI programs
+ to be provided which do not run as the webserver user, but instead
+ are owned by a particular other account.
+ .
+ Similar effects can be achieved with Apache's suexec; this package is
+ for administrators who do not trust suexec and wish to defend the
+ webserver from the CGI script providers, and vice versa, as much as
+ possible.  This is achieved by using userv to do the cross-account
+ call, rather than a custom setuid helper.
+ .
+ The default configuration allows the webserver user to invoke users'
+ CGI programs from each user's ~/public-GI, but to allow external
+ callers to do this, the webserver will also need to be configured.
+
+Package: userv-groupmanage
+Architecture: all
+Depends: userv
+Description: user-controlled group membership
+ groupmanage is a userv service which allows individual shell users to
+ create UN*X groups, and/or to change the membership of existing
+ groups of which they are recorded as the manager.
+ .
+ The default configuration allows users to create and manage a few
+ groups, but is reasonably conservative.
+
+Package: userv-misc
+Architecture: all
+Depends: userv
+Description: miscellaneous small userv scripts
+ This package a few small userv services.  Since you must choose
+ whether to install this package or not as one lump, the default
+ configuration for each script does not give users any new abilities.
+ .
+ mailq - allow users to view the mail queue
+ ndc-reload  - allow certain users to reload the nameserver
diff --git a/debian/copyright b/debian/copyright
new file mode 100644 (file)
index 0000000..8b85c39
--- /dev/null
@@ -0,0 +1,24 @@
+This package contains a number of small utilities and programs for use
+with the `userv' security boundary tool.
+
+This package, containing the moderately portable sources and Debian
+packaging information, and the resulting Debian binary packages, was
+put together by Ian Jackson.  For both upstream and Debian packaging
+questions, please contact userv-utils@chiark.greenend.org.uk.
+
+
+userv and userv-utils are all free software; you can redistribute them
+and/or modify them under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2 of the
+License, or (at your option) any later version.
+
+These programs are distributed in the hope that they will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License with
+your Debian GNU/Linux system, in /usr/doc/copyright/GPL, or with the
+chiark-utils source package as the file COPYING; if not, email me at
+one of the addresses above or write to the Free Software Foundation,
+59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
diff --git a/debian/rules b/debian/rules
new file mode 100755 (executable)
index 0000000..0349565
--- /dev/null
@@ -0,0 +1,117 @@
+#!/usr/bin/make -f
+
+subdirs_build= ipif www-cgi
+subdirs_nobuild=dyndns groupmanage misc
+package=       userv-utils
+packages_indep=        userv-dyndns userv-groupmanage userv-misc
+packages_arch= userv-ipif userv-cgi
+packages=      $(packages_indep) $(packages_arch)
+
+cwd=   $(shell pwd)
+d=     $(cwd)/debian
+t=     $d/tmp
+
+build:
+       $(checkdir)
+       set -e; for s in $(subdirs_build); do $(MAKE) -C $$s all; done
+       touch build
+
+clean:
+       $(checkdir)
+       rm -f build
+       set -e; for s in $(subdirs_build); do \
+               $(MAKE) -C $$s -i distclean || \
+               $(MAKE) -C $$s -f Makefile.in distclean; \
+       done
+       rm -rf *~ debian/tmp debian/*~ debian/files* debian/substvars*
+
+binary-prep:
+       $(checkdir)
+       rm -rf debian/tmp*
+       #
+       #
+       set -e; for s in $(subdirs_build) $(subdirs_nobuild); do \
+               $(MAKE) -C $$s install install-docs install-examples \
+                       prefix=$t/userv-$$s/usr \
+                       etcdir=$t/userv-$$s/etc \
+                       varlib=$t/userv-$$s/var/lib; \
+       done
+       #
+       mv debian/tmp/userv-www-cgi debian/tmp/userv-cgi
+       mv debian/tmp/userv-groupmanage/usr/share/doc/groupmanage \
+          debian/tmp/userv-groupmanage/usr/share/doc/userv-groupmanage
+       #
+       set -e; for p in $(packages); do \
+               install -d $t/$$p/DEBIAN $t/$$p/usr/share/doc/$$p; \
+               cp debian/copyright changelog \
+                       $t/$$p/usr/share/doc/$$p/; \
+               ln -s changelog.gz \
+                       $t/$$p/usr/share/doc/$$p/changelog.Debian.gz; \
+               gzip -9v $t/$$p/usr/share/doc/$$p/changelog; \
+               done
+       #
+       rename 's/\.example$$//' $t/userv-ipif/etc/userv/vpn/*.example \
+               $t/userv-dyndns/etc/userv/dyndns-service-users.example \
+               $t/userv-groupmanage/etc/groupmanage.conf.example
+       rename 's/\.distrib$$//' $t/*/etc/userv/services.d/*.distrib
+       rename 's/$$/\.disabled/' $t/userv-misc/etc/userv/services.d/mailq
+       set -e; for p in $(packages); do \
+               cd $t/$$p; \
+               test ! -d etc || \
+                 find etc -type f -exec printf '/%s\n' '{}' ';' \
+                       >>DEBIAN/conffiles; \
+       done
+       #
+       mv $t/userv-misc/usr/bin/mailq $t/userv-misc/usr/bin/mailq.userv
+       #
+#      gzip -9f $t/*/usr/share/man/man*/*
+
+binary-hook-userv-misc:
+binary-hook-userv-groupmanage:
+binary-hook-userv-cgi:
+binary-hook-userv-dyndns:
+binary-hook-userv-ipif:
+
+binary-one:
+       set -e; for f in preinst postinst prerm postrm conffiles; do \
+               test -f debian/$p/$$f || continue; \
+               cp debian/$p/$$f $t/$p/DEBIAN/$$f; \
+               chmod u=rwX,go=rX $t/$p/DEBIAN/$$f; \
+       done
+       dpkg-gencontrol -p$p -P$t/$p -Tdebian/sv-$p
+       chown -R root.root debian/tmp
+       chmod -R g-ws debian/tmp
+       debian/rules binary-hook-$p
+       dpkg --build $t/$p ..
+
+binary-indep:  checkroot build binary-prep
+       set -e; for p in $(packages_indep); do \
+               debian/rules binary-one p=$$p; done
+
+binary-arch:   checkroot build binary-prep
+       $(checkdir)
+       dpkg-shlibdeps -Tdebian/sv-userv-ipif \
+               $t/userv-ipif/usr/bin/udptunnel-forwarder \
+               $t/userv-ipif/usr/lib/userv/ipif
+       dpkg-shlibdeps -Tdebian/sv-userv-cgi \
+               $t/userv-cgi/usr/lib/userv/cgi/target \
+               $t/userv-cgi/usr/lib/userv/cgi/cgi/ucgi
+       set -e; for p in $(packages_arch); \
+               do debian/rules binary-one p=$$p; done
+
+define checkdir
+       test -f ipif/service.c
+endef
+
+# Below here is fairly generic really
+
+binary:                binary-indep binary-arch
+
+source diff:
+       @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false
+
+checkroot:
+       $(checkdir)
+       test root = "`whoami`"
+
+.PHONY: binary binary-arch binary-indep clean checkroot
diff --git a/debian/userv-dyndns/postinst b/debian/userv-dyndns/postinst
new file mode 100755 (executable)
index 0000000..fdceb76
--- /dev/null
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+user="$(sed -n '/^[a-z]/{p;q;}' /etc/userv/dyndns-service-users)"
+if id $user >/dev/null 2>&1; then exit 0; fi
+
+adduser --system --group --gecos 'userv dyndns' \
+       --home /etc/userv
index 800d5ad..7f8a24f 100644 (file)
@@ -3,13 +3,16 @@
 # 1. Install the scripts and configuration:
 #
 mkdir -p /usr/local/lib/userv/dyndns /var/lib/userv/dyndns/tmp
-cp install service update /usr/local/lib/userv/dyndns
+cp install-script /usr/local/lib/userv/dyndns/install
+cp service update /usr/local/lib/userv/dyndns
 cp dyndns /etc/userv/services.d/dyndns.distrib
 cp dyndns-domains /etc/userv/dyndns-domains.example
 
 #    Rename the .distrib and .example, or edit them to be how you
 #    want, or merge your changes.
 #
+#    Create the service user `usdyndns'.
+#
 # 2. For each zone, create
 #      /var/lib/userv/zone,<zone-name-without-trailing-dot>/
 #    and put in it the file
diff --git a/dyndns/Makefile b/dyndns/Makefile
new file mode 100644 (file)
index 0000000..307008f
--- /dev/null
@@ -0,0 +1,37 @@
+# Makefile
+# installation runes for userv-dyndns
+
+# Copyright (C) 2003 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+include ../settings.make
+
+install:
+               mkdir -p $(shareuserv)/dyndns $(varlibuserv)/dyndns/tmp
+               cp service update $(shareuserv)/dyndns
+               cp install-script $(shareuserv)/dyndns/install
+
+install-examples:
+               mkdir -p $(services)
+               cp dyndns $(services)/dyndns.distrib
+               cp dyndns-domains $(etcuserv)/dyndns-domains.example
+               echo usdyndns >$(etcuserv)/dyndns-service-users.example
+
+install-docs:
+               mkdir -p $(docdir)/userv-dyndns
+               cp INSTALL $(docdir)/userv-dyndns
index e73d793..95d3394 100644 (file)
@@ -1,9 +1,9 @@
 if ( grep calling-user-shell /etc/shells
-   & glob service-user dyndns
+   & grep service-user /etc/userv/dyndns-service-users
    )
        reset
        no-set-environment
        no-suppress-args
        no-disconnect-hup
-       execute /usr/local/lib/userv/dyndns/service
+       execute /usr/share/userv/dyndns/service
 fi
similarity index 100%
rename from dyndns/install
rename to dyndns/install-script
index 65b58ef..f9a6bde 100755 (executable)
@@ -12,7 +12,7 @@ use POSIX;
 BEGIN {
     $vardir= "/var/lib/userv/dyndns";
     $defconf= "/etc/userv/dyndns-domains";
-    $libdir= "/usr/local/lib/userv/dyndns";
+    $libdir= "/usr/share/userv/dyndns";
 }
 END {
     remove "$vardir/tmp/$$" or $! == ENOENT or
index 7a72503..5d334c1 100755 (executable)
@@ -48,4 +48,4 @@ echo $now $charge >$files,timings.new
 mv -f $files,timings.new $files,timings
 mv $files,new $files,data
 
-exec /usr/local/lib/userv/dyndns/install $zone
+exec /usr/share/userv/dyndns/install $zone
diff --git a/groupmanage/Makefile b/groupmanage/Makefile
new file mode 100644 (file)
index 0000000..4de49f0
--- /dev/null
@@ -0,0 +1,35 @@
+# Makefile
+# installation runes for userv-dyndns
+
+# Copyright (C) 2003 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+include ../settings.make
+
+install:
+               mkdir -p $(bindir)
+               cp groupmanage $(bindir)/.
+
+install-examples:
+               mkdir -p $(etcdir) $(services)
+               cp groupmanage.conf $(etcdir)/groupmanage.conf.example
+               cp services $(services)/groupmanage.distrib
+
+install-docs:
+               mkdir -p $(docdir)/groupmanage
+               cp INSTALL groupmanage.text $(docdir)/groupmanage/.
index ab3db07..879c013 100644 (file)
 #
 # $Id$
 
-OPTIMISE=      -O2
-CFLAGS=                -Wall -Wmissing-prototypes -Wstrict-prototypes -Wpointer-arith \
-               -Wwrite-strings -g $(OPTIMISE) -D_GNU_SOURCE \
-               $(XCFLAGS)
-
-etcdir=                /etc
-prefix=                /usr/local
-bindir=                $(prefix)/bin
-vardir=                /var
-
-libdir=                $(prefix)/lib
-sharedir=      $(prefix)/share
-libuserv=      $(libdir)/userv
-shareuserv=    $(sharedir)/userv
-varlib=                $(vardir)/lib
-varlibuserv=   $(varlib)/userv
-varlibvpn=     $(varlibuserv)/vpn
+include ../settings.make
 
-etcuserv=      $(etcdir)/userv
+varlibvpn=     $(varlibuserv)/vpn
 etcvpn=                $(etcdir)/userv/vpn
-services=      $(etcuserv)/services.d
 
 PROGRAM_TARGETS=       udptunnel-forwarder udptunnel-reconf
 TARGETS=               service blowfishtest $(PROGRAM_TARGETS)
@@ -53,16 +36,21 @@ OBJS_BFTEST=        blowfishtest.o blowfish.o hex.o
 all:           $(TARGETS)
 
 install:       all
-               mkdir -p $(libuserv) $(services) $(etcvpn) \
+               mkdir -p $(bindir) $(libuserv) $(services) \
                        $(varlibvpn) $(shareuserv)
                cp -b service $(libuserv)/ipif
                cp -b $(PROGRAMS) $(bindir)/.
                cp ipif $(services)/ipif:new
                set -e; cd $(services); test -f ipif || mv ipif:new ipif
-               cp *.example $(etcvpn)/.
                cp udptunnel-vpn-config.m4 udptunnel-vpn-defaults \
                        $(shareuserv)/.
 
+install-docs:
+
+install-examples:
+               mkdir -p $(etcvpn)
+               cp *.example $(etcvpn)/.
+
 udptunnel-reconf:      udptunnel-reconf.pl Makefile
                perl -pe '      \
        print "\
index 6d283bc..f8c5838 100644 (file)
--- a/ipif/ipif
+++ b/ipif/ipif
@@ -5,5 +5,5 @@ if ( grep calling-user-shell /etc/shells
        no-set-environment
        no-suppress-args
        no-disconnect-hup
-       execute /usr/local/lib/userv/ipif /etc/userv/ipif-networks --
+       execute /usr/lib/userv/ipif /etc/userv/ipif-networks --
 fi
diff --git a/misc/Makefile b/misc/Makefile
new file mode 100644 (file)
index 0000000..0bfa61d
--- /dev/null
@@ -0,0 +1,32 @@
+# Makefile
+# installation runes for userv-dyndns
+
+# Copyright (C) 2003 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+include ../settings.make
+
+install:
+               mkdir -p $(bindir)
+               cp mailq-wrapper $(bindir)/mailq
+
+install-examples:
+               mkdir -p $(services)
+               cp mailq ndc-reload $(services)/.
+
+install-docs:
diff --git a/misc/mailq-wrapper b/misc/mailq-wrapper
new file mode 100755 (executable)
index 0000000..b538e75
--- /dev/null
@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+exec userv mail mailq </dev/null
index ac3b684..0e98e35 100644 (file)
@@ -1,5 +1,8 @@
 #
-if ( glob calling-user ian ijackson
+if ( ( grep calling-user /etc/userv/dyndns-service-users
+     | glob calling-group add-groups-to-allow-to-reload-here
+     | glob calling-user add-users-to-allow-to-reload-here
+     )
    & glob service-user root
    )
        reset
diff --git a/settings.make b/settings.make
new file mode 100644 (file)
index 0000000..95c0f19
--- /dev/null
@@ -0,0 +1,46 @@
+# common makefile settings for userv-utils
+
+# Copyright (C) 1999-2000 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+etcdir=                /etc
+prefix=                /usr/local
+bindir=                $(prefix)/bin
+vardir=                /var
+
+libdir=                $(prefix)/lib
+sharedir=      $(prefix)/share
+
+docdir=                $(sharedir)/doc
+
+libuserv=      $(libdir)/userv
+shareuserv=    $(sharedir)/userv
+varlib=                $(vardir)/lib
+varlibuserv=   $(varlib)/userv
+
+etcuserv=      $(etcdir)/userv
+services=      $(etcuserv)/services.d
+
+CFLAGS=        -Wall -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes \
+       -Wpointer-arith -D_GNU_SOURCE \
+       $(OPTIMISE) $(DEBUG) $(SUBDIR_CFLAGS)
+LDFLAGS= $(SUBDIR_LDFLAGS)
+
+OPTIMISE=      -O2
+DEBUG=         -g
+
index 1626d0d..53dbf0a 100644 (file)
 #
 # $Id$
 
-CFLAGS=        -Wall -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes \
-       -Wpointer-arith -O2 -g
-LDFLAGS=
+
+include ../settings.make
+
+uslibdir=      $(libdir)/userv/cgi
+uslibcgidir=   $(uslibdir)/cgi
 
 TARGETS=       ucgi ucgitarget
 
@@ -31,5 +33,15 @@ ucgitarget:  ucgitarget.o ucgicommon.o
 
 $(OBJS):       ucgi.h
 
+install:       all
+               mkdir -p $(uslibcgidir)
+               cp -b ucgitarget $(uslibdir)/target
+               cp -b ucgi $(uslibcgidir)/
+               ln -sf ucgi $(uslibcgidir)/ucgi-debug
+
+install-examples:
+
+install-docs:
+
 clean distclean realclean:
                rm -f $(TARGETS)