From: ian Date: Sun, 6 Jul 2003 20:32:27 +0000 (+0000) Subject: *** empty log message *** X-Git-Tag: debian_version_0_3~11 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv-utils.git;a=commitdiff_plain;h=6362f12ce73173b77cecddba14e33e6dfa203b7e *** empty log message *** --- diff --git a/.cvsignore b/.cvsignore index 799bfca..b8228f6 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,3 @@ dist_tmp userv-utils-*.tar.gz +build diff --git a/changelog b/changelog index d6d6fe2..efad7bd 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,11 @@ +userv-utils (0.2.99.0.2) unstable; urgency=low + + * debianisation + * new Makefiles in various directories, still all a bit crap + * removed some common stuff from */Makefile to settings.make + + -- + userv-utils (0.2.99.0.1) unstable; urgency=low dyndns: diff --git a/debian/.cvsignore b/debian/.cvsignore new file mode 100644 index 0000000..1e64510 --- /dev/null +++ b/debian/.cvsignore @@ -0,0 +1,3 @@ +sv-* +tmp +files diff --git a/debian/changelog b/debian/changelog index d6d6fe2..efad7bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +userv-utils (0.2.99.0.2) unstable; urgency=low + + * debianisation + * new Makefiles in various directories, still all a bit crap + * removed some common stuff from */Makefile to settings.make + + -- + userv-utils (0.2.99.0.1) unstable; urgency=low dyndns: diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..3247d90 --- /dev/null +++ b/debian/control @@ -0,0 +1,77 @@ +Source: userv-utils +Section: admin +Priority: extra +Maintainer: Ian Jackson +Standards-Version: 2.1.1.0 + +Package: userv-ipif +Architecture: any +Depends: userv +Recommends: ssh +Description: VPN system (and user-mode network interface) + userv-ipif is a userv service to allow non-root users to create + network interfaces implemented in user space. No kernel patches are + required (the kernel's built-in SLIP driver is used). + . + Based on this, udptunnel is a a simple but flexible VPN program which + uses ssh for authentication and key exchange but sends the packets + over UDP. (Other VPN-over-ssh programs typically do PPP-over-TCP, + which yields poor perfoormance.) Note that udptunnel is not IPSEC. + . + The default configuration does set up any users with permission to + create network interfaces such as VPN endpoints. + +Package: userv-dyndns +Architecture: all +Depends: userv, chiark-utils-bin +Recommends: bind +Description: dynamic DNS for shell account users + userv-dyndns is a userv service which allows non-root users to + modify individual DNS records in specified zones in a controlled way. + . + Typically, this can be used to provide a `dyndns.org'-like service + which is modifiable by shell account users. + . + The default configuration does not set up any users with permission + to modify the DNS. + +Package: userv-cgi +Architecture: any +Depends: userv +Recommends: httpd +Description: user-provided CGI scripts invoked by userv + This package contains ucgi, a userv service which allows CGI programs + to be provided which do not run as the webserver user, but instead + are owned by a particular other account. + . + Similar effects can be achieved with Apache's suexec; this package is + for administrators who do not trust suexec and wish to defend the + webserver from the CGI script providers, and vice versa, as much as + possible. This is achieved by using userv to do the cross-account + call, rather than a custom setuid helper. + . + The default configuration allows the webserver user to invoke users' + CGI programs from each user's ~/public-GI, but to allow external + callers to do this, the webserver will also need to be configured. + +Package: userv-groupmanage +Architecture: all +Depends: userv +Description: user-controlled group membership + groupmanage is a userv service which allows individual shell users to + create UN*X groups, and/or to change the membership of existing + groups of which they are recorded as the manager. + . + The default configuration allows users to create and manage a few + groups, but is reasonably conservative. + +Package: userv-misc +Architecture: all +Depends: userv +Description: miscellaneous small userv scripts + This package a few small userv services. Since you must choose + whether to install this package or not as one lump, the default + configuration for each script does not give users any new abilities. + . + mailq - allow users to view the mail queue + ndc-reload - allow certain users to reload the nameserver diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..8b85c39 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,24 @@ +This package contains a number of small utilities and programs for use +with the `userv' security boundary tool. + +This package, containing the moderately portable sources and Debian +packaging information, and the resulting Debian binary packages, was +put together by Ian Jackson. For both upstream and Debian packaging +questions, please contact userv-utils@chiark.greenend.org.uk. + + +userv and userv-utils are all free software; you can redistribute them +and/or modify them under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 of the +License, or (at your option) any later version. + +These programs are distributed in the hope that they will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License with +your Debian GNU/Linux system, in /usr/doc/copyright/GPL, or with the +chiark-utils source package as the file COPYING; if not, email me at +one of the addresses above or write to the Free Software Foundation, +59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..0349565 --- /dev/null +++ b/debian/rules @@ -0,0 +1,117 @@ +#!/usr/bin/make -f + +subdirs_build= ipif www-cgi +subdirs_nobuild=dyndns groupmanage misc +package= userv-utils +packages_indep= userv-dyndns userv-groupmanage userv-misc +packages_arch= userv-ipif userv-cgi +packages= $(packages_indep) $(packages_arch) + +cwd= $(shell pwd) +d= $(cwd)/debian +t= $d/tmp + +build: + $(checkdir) + set -e; for s in $(subdirs_build); do $(MAKE) -C $$s all; done + touch build + +clean: + $(checkdir) + rm -f build + set -e; for s in $(subdirs_build); do \ + $(MAKE) -C $$s -i distclean || \ + $(MAKE) -C $$s -f Makefile.in distclean; \ + done + rm -rf *~ debian/tmp debian/*~ debian/files* debian/substvars* + +binary-prep: + $(checkdir) + rm -rf debian/tmp* + # + # + set -e; for s in $(subdirs_build) $(subdirs_nobuild); do \ + $(MAKE) -C $$s install install-docs install-examples \ + prefix=$t/userv-$$s/usr \ + etcdir=$t/userv-$$s/etc \ + varlib=$t/userv-$$s/var/lib; \ + done + # + mv debian/tmp/userv-www-cgi debian/tmp/userv-cgi + mv debian/tmp/userv-groupmanage/usr/share/doc/groupmanage \ + debian/tmp/userv-groupmanage/usr/share/doc/userv-groupmanage + # + set -e; for p in $(packages); do \ + install -d $t/$$p/DEBIAN $t/$$p/usr/share/doc/$$p; \ + cp debian/copyright changelog \ + $t/$$p/usr/share/doc/$$p/; \ + ln -s changelog.gz \ + $t/$$p/usr/share/doc/$$p/changelog.Debian.gz; \ + gzip -9v $t/$$p/usr/share/doc/$$p/changelog; \ + done + # + rename 's/\.example$$//' $t/userv-ipif/etc/userv/vpn/*.example \ + $t/userv-dyndns/etc/userv/dyndns-service-users.example \ + $t/userv-groupmanage/etc/groupmanage.conf.example + rename 's/\.distrib$$//' $t/*/etc/userv/services.d/*.distrib + rename 's/$$/\.disabled/' $t/userv-misc/etc/userv/services.d/mailq + set -e; for p in $(packages); do \ + cd $t/$$p; \ + test ! -d etc || \ + find etc -type f -exec printf '/%s\n' '{}' ';' \ + >>DEBIAN/conffiles; \ + done + # + mv $t/userv-misc/usr/bin/mailq $t/userv-misc/usr/bin/mailq.userv + # +# gzip -9f $t/*/usr/share/man/man*/* + +binary-hook-userv-misc: +binary-hook-userv-groupmanage: +binary-hook-userv-cgi: +binary-hook-userv-dyndns: +binary-hook-userv-ipif: + +binary-one: + set -e; for f in preinst postinst prerm postrm conffiles; do \ + test -f debian/$p/$$f || continue; \ + cp debian/$p/$$f $t/$p/DEBIAN/$$f; \ + chmod u=rwX,go=rX $t/$p/DEBIAN/$$f; \ + done + dpkg-gencontrol -p$p -P$t/$p -Tdebian/sv-$p + chown -R root.root debian/tmp + chmod -R g-ws debian/tmp + debian/rules binary-hook-$p + dpkg --build $t/$p .. + +binary-indep: checkroot build binary-prep + set -e; for p in $(packages_indep); do \ + debian/rules binary-one p=$$p; done + +binary-arch: checkroot build binary-prep + $(checkdir) + dpkg-shlibdeps -Tdebian/sv-userv-ipif \ + $t/userv-ipif/usr/bin/udptunnel-forwarder \ + $t/userv-ipif/usr/lib/userv/ipif + dpkg-shlibdeps -Tdebian/sv-userv-cgi \ + $t/userv-cgi/usr/lib/userv/cgi/target \ + $t/userv-cgi/usr/lib/userv/cgi/cgi/ucgi + set -e; for p in $(packages_arch); \ + do debian/rules binary-one p=$$p; done + +define checkdir + test -f ipif/service.c +endef + +# Below here is fairly generic really + +binary: binary-indep binary-arch + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +checkroot: + $(checkdir) + test root = "`whoami`" + +.PHONY: binary binary-arch binary-indep clean checkroot diff --git a/debian/userv-dyndns/postinst b/debian/userv-dyndns/postinst new file mode 100755 index 0000000..fdceb76 --- /dev/null +++ b/debian/userv-dyndns/postinst @@ -0,0 +1,8 @@ +#!/bin/sh +set -e + +user="$(sed -n '/^[a-z]/{p;q;}' /etc/userv/dyndns-service-users)" +if id $user >/dev/null 2>&1; then exit 0; fi + +adduser --system --group --gecos 'userv dyndns' \ + --home /etc/userv diff --git a/dyndns/INSTALL b/dyndns/INSTALL index 800d5ad..7f8a24f 100644 --- a/dyndns/INSTALL +++ b/dyndns/INSTALL @@ -3,13 +3,16 @@ # 1. Install the scripts and configuration: # mkdir -p /usr/local/lib/userv/dyndns /var/lib/userv/dyndns/tmp -cp install service update /usr/local/lib/userv/dyndns +cp install-script /usr/local/lib/userv/dyndns/install +cp service update /usr/local/lib/userv/dyndns cp dyndns /etc/userv/services.d/dyndns.distrib cp dyndns-domains /etc/userv/dyndns-domains.example # Rename the .distrib and .example, or edit them to be how you # want, or merge your changes. # +# Create the service user `usdyndns'. +# # 2. For each zone, create # /var/lib/userv/zone,/ # and put in it the file diff --git a/dyndns/Makefile b/dyndns/Makefile new file mode 100644 index 0000000..307008f --- /dev/null +++ b/dyndns/Makefile @@ -0,0 +1,37 @@ +# Makefile +# installation runes for userv-dyndns + +# Copyright (C) 2003 Ian Jackson +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with userv-utils; if not, write to the Free Software +# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Id$ + +include ../settings.make + +install: + mkdir -p $(shareuserv)/dyndns $(varlibuserv)/dyndns/tmp + cp service update $(shareuserv)/dyndns + cp install-script $(shareuserv)/dyndns/install + +install-examples: + mkdir -p $(services) + cp dyndns $(services)/dyndns.distrib + cp dyndns-domains $(etcuserv)/dyndns-domains.example + echo usdyndns >$(etcuserv)/dyndns-service-users.example + +install-docs: + mkdir -p $(docdir)/userv-dyndns + cp INSTALL $(docdir)/userv-dyndns diff --git a/dyndns/dyndns b/dyndns/dyndns index e73d793..95d3394 100644 --- a/dyndns/dyndns +++ b/dyndns/dyndns @@ -1,9 +1,9 @@ if ( grep calling-user-shell /etc/shells - & glob service-user dyndns + & grep service-user /etc/userv/dyndns-service-users ) reset no-set-environment no-suppress-args no-disconnect-hup - execute /usr/local/lib/userv/dyndns/service + execute /usr/share/userv/dyndns/service fi diff --git a/dyndns/install b/dyndns/install-script similarity index 100% rename from dyndns/install rename to dyndns/install-script diff --git a/dyndns/service b/dyndns/service index 65b58ef..f9a6bde 100755 --- a/dyndns/service +++ b/dyndns/service @@ -12,7 +12,7 @@ use POSIX; BEGIN { $vardir= "/var/lib/userv/dyndns"; $defconf= "/etc/userv/dyndns-domains"; - $libdir= "/usr/local/lib/userv/dyndns"; + $libdir= "/usr/share/userv/dyndns"; } END { remove "$vardir/tmp/$$" or $! == ENOENT or diff --git a/dyndns/update b/dyndns/update index 7a72503..5d334c1 100755 --- a/dyndns/update +++ b/dyndns/update @@ -48,4 +48,4 @@ echo $now $charge >$files,timings.new mv -f $files,timings.new $files,timings mv $files,new $files,data -exec /usr/local/lib/userv/dyndns/install $zone +exec /usr/share/userv/dyndns/install $zone diff --git a/groupmanage/Makefile b/groupmanage/Makefile new file mode 100644 index 0000000..4de49f0 --- /dev/null +++ b/groupmanage/Makefile @@ -0,0 +1,35 @@ +# Makefile +# installation runes for userv-dyndns + +# Copyright (C) 2003 Ian Jackson +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with userv-utils; if not, write to the Free Software +# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Id$ + +include ../settings.make + +install: + mkdir -p $(bindir) + cp groupmanage $(bindir)/. + +install-examples: + mkdir -p $(etcdir) $(services) + cp groupmanage.conf $(etcdir)/groupmanage.conf.example + cp services $(services)/groupmanage.distrib + +install-docs: + mkdir -p $(docdir)/groupmanage + cp INSTALL groupmanage.text $(docdir)/groupmanage/. diff --git a/ipif/Makefile b/ipif/Makefile index ab3db07..879c013 100644 --- a/ipif/Makefile +++ b/ipif/Makefile @@ -18,27 +18,10 @@ # # $Id$ -OPTIMISE= -O2 -CFLAGS= -Wall -Wmissing-prototypes -Wstrict-prototypes -Wpointer-arith \ - -Wwrite-strings -g $(OPTIMISE) -D_GNU_SOURCE \ - $(XCFLAGS) - -etcdir= /etc -prefix= /usr/local -bindir= $(prefix)/bin -vardir= /var - -libdir= $(prefix)/lib -sharedir= $(prefix)/share -libuserv= $(libdir)/userv -shareuserv= $(sharedir)/userv -varlib= $(vardir)/lib -varlibuserv= $(varlib)/userv -varlibvpn= $(varlibuserv)/vpn +include ../settings.make -etcuserv= $(etcdir)/userv +varlibvpn= $(varlibuserv)/vpn etcvpn= $(etcdir)/userv/vpn -services= $(etcuserv)/services.d PROGRAM_TARGETS= udptunnel-forwarder udptunnel-reconf TARGETS= service blowfishtest $(PROGRAM_TARGETS) @@ -53,16 +36,21 @@ OBJS_BFTEST= blowfishtest.o blowfish.o hex.o all: $(TARGETS) install: all - mkdir -p $(libuserv) $(services) $(etcvpn) \ + mkdir -p $(bindir) $(libuserv) $(services) \ $(varlibvpn) $(shareuserv) cp -b service $(libuserv)/ipif cp -b $(PROGRAMS) $(bindir)/. cp ipif $(services)/ipif:new set -e; cd $(services); test -f ipif || mv ipif:new ipif - cp *.example $(etcvpn)/. cp udptunnel-vpn-config.m4 udptunnel-vpn-defaults \ $(shareuserv)/. +install-docs: + +install-examples: + mkdir -p $(etcvpn) + cp *.example $(etcvpn)/. + udptunnel-reconf: udptunnel-reconf.pl Makefile perl -pe ' \ print "\ diff --git a/ipif/ipif b/ipif/ipif index 6d283bc..f8c5838 100644 --- a/ipif/ipif +++ b/ipif/ipif @@ -5,5 +5,5 @@ if ( grep calling-user-shell /etc/shells no-set-environment no-suppress-args no-disconnect-hup - execute /usr/local/lib/userv/ipif /etc/userv/ipif-networks -- + execute /usr/lib/userv/ipif /etc/userv/ipif-networks -- fi diff --git a/misc/Makefile b/misc/Makefile new file mode 100644 index 0000000..0bfa61d --- /dev/null +++ b/misc/Makefile @@ -0,0 +1,32 @@ +# Makefile +# installation runes for userv-dyndns + +# Copyright (C) 2003 Ian Jackson +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with userv-utils; if not, write to the Free Software +# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# $Id$ + +include ../settings.make + +install: + mkdir -p $(bindir) + cp mailq-wrapper $(bindir)/mailq + +install-examples: + mkdir -p $(services) + cp mailq ndc-reload $(services)/. + +install-docs: diff --git a/misc/mailq-wrapper b/misc/mailq-wrapper new file mode 100755 index 0000000..b538e75 --- /dev/null +++ b/misc/mailq-wrapper @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +exec userv mail mailq