[gentoo-commits] repo/gentoo:master commit in: net-misc/scponly/files/, net-misc/scponly/ - gentoo-commits

From:	"Ulrich Müller" <ulm@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-misc/scponly/files/, net-misc/scponly/
Date:	Wed, 19 Feb 2020 20:26:48
Message-Id:	`1582143935.0cfdb10442be996e94f64bfaca9ba08317ac0e39.ulm@gentoo`

1

commit:     0cfdb10442be996e94f64bfaca9ba08317ac0e39

2

Author:     Hank Leininger <hlein <AT> korelogic <DOT> com>

3

AuthorDate: Tue Feb 18 19:51:48 2020 +0000

4

Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>

5

CommitDate: Wed Feb 19 20:25:35 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cfdb104

7

8

net-misc/scponly: GLEP-81, fix sftp-server path, add maintainer

9

10

Redone to address feedback in https://github.com/gentoo/gentoo/pull/14286

11

12

scponly's sftp support has been broken since profile 17.1's move

13

from /usr/lib/ to /usr/lib64/; this includes the fix for that.

14

15

Also moved scponly's creation of a chroot user behind a

16

USE=chroot flag, as it's entirely usable if you are setting up

17

your own chroots and do not need it to create one.

18

19

Added myself as proxy maintainer.

20

21

Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>

22

Closes: https://bugs.gentoo.org/701368

23

Package-Manager: Portage-2.3.84, Repoman-2.3.20

24

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

25

26

 .../files/scponly-4.8-sftp-server-path.patch       |  42 ++++

27

 net-misc/scponly/metadata.xml                      |  10 +-

28

 net-misc/scponly/scponly-4.8-r7.ebuild             | 245 +++++++++++++++++++++

29

 3 files changed, 296 insertions(+), 1 deletion(-)

30

31

diff --git a/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch

32

new file mode 100644

33

index 00000000000..c191de87751

34

--- /dev/null

35

+++ b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch

36

@@ -0,0 +1,42 @@

37

+diff -urNp scponly-4.8-orig/configure scponly-4.8-dwok/configure

38

+--- scponly-4.8-orig/configure	2019-11-26 16:34:19.028544577 +0100

39

++++ scponly-4.8-dwok/configure	2019-11-26 16:33:24.571763528 +0100

40

+@@ -3244,7 +3244,7 @@ else

41

+   ;;

42

+   *)

43

+   as_save_IFS=$IFS; IFS=$PATH_SEPARATOR

44

+-as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" | sed -e 's/:/ /'`"

45

++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" | sed -e 's/:/ /'`"

46

+ for as_dir in $as_dummy

47

+ do

48

+   IFS=$as_save_IFS

49

+@@ -4240,7 +4240,7 @@ else

50

+   ;;

51

+   *)

52

+   as_save_IFS=$IFS; IFS=$PATH_SEPARATOR

53

+-as_dummy="`echo "$PATH:/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" | sed -e 's/:/ /'`"

54

++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" | sed -e 's/:/ /'`"

55

+ for as_dir in $as_dummy

56

+ do

57

+   IFS=$as_save_IFS

58

+diff -urNp scponly-4.8-orig/configure.in scponly-4.8-dwok/configure.in

59

+--- scponly-4.8-orig/configure.in	2019-11-26 16:34:19.028544577 +0100

60

++++ scponly-4.8-dwok/configure.in	2019-11-26 16:33:28.491819749 +0100

61

+@@ -231,7 +231,7 @@ AC_ARG_ENABLE([quota-compat],

62

+

63

+ if test "x$scponly_scp_compat" != "x"; then

64

+ 	AC_MSG_NOTICE([enabling core WinSCP and Vanilla SCP binaries...])

65

+-	SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh])

66

++	SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh])

67

+ 	SCPONLY_PATH_PROG_DEFINE([PROG_LS],    [ls],    [/bin:/usr/bin:/sbin:/usr/sbin])

68

+ 	SCPONLY_PATH_PROG_DEFINE([PROG_SCP],   [scp],   [/bin:/usr/bin:/sbin:/usr/sbin])

69

+ 	SCPONLY_PATH_PROG_DEFINE([PROG_RM],    [rm],    [/bin:/usr/bin:/sbin:/usr/sbin])

70

+@@ -297,7 +297,7 @@ if test "x$scponly_sftp_compat" != "x";

71

+   if test "x$scponly_explicit_sftpserver_path" = "x"; then

72

+       dnl Informed guess:

73

+       SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],

74

+-       [/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec])

75

++       [/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec])

76

+       dnl Debian uses /usr/lib

77

+       dnl Red Hat uses /usr/libexec/openssh

78

+       dnl Many a *BSD uses $PATH itself (which is implicit + checked 1st)

79

80

diff --git a/net-misc/scponly/metadata.xml b/net-misc/scponly/metadata.xml

81

index cc5fae365f3..38864027ac1 100644

82

--- a/net-misc/scponly/metadata.xml

83

+++ b/net-misc/scponly/metadata.xml

84

@@ -1,7 +1,14 @@

85

 <?xml version="1.0" encoding="UTF-8"?>

86

 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">

87

 <pkgmetadata>

88

-	<!-- maintainer-needed -->

89

+	<maintainer type="person">

90

+		<email>hlein@×××××××××.com</email>

91

+		<name>Hank Leininger</name>

92

+	</maintainer>

93

+	<maintainer type="project">

94

+		<email>proxy-maint@g.o</email>

95

+		<name>Proxy Maintainers</name>

96

+	</maintainer>

97

 	<longdescription lang="en">

98

 		scponly is an alternative 'shell' (of sorts) for system administrators

99

 		who would like to provide access to remote users to both read and write

100

@@ -10,6 +17,7 @@

101

 		ssh suite of applications.

102

 	</longdescription>

103

 	<use>

104

+		<flag name="chroot">Enables adding and configuring an 'scponlyc' chrooted user</flag>

105

 		<flag name="rsync">Enables rsync compatibility with potential security risks</flag>

106

 		<flag name="unison">Enables Unison compatibility with potential security risks</flag>

107

 		<flag name="subversion">Enables Subversion compatibility with potential security risks</flag>

108

109

diff --git a/net-misc/scponly/scponly-4.8-r7.ebuild b/net-misc/scponly/scponly-4.8-r7.ebuild

110

new file mode 100644

111

index 00000000000..8128ad5d15a

112

--- /dev/null

113

+++ b/net-misc/scponly/scponly-4.8-r7.ebuild

114

@@ -0,0 +1,245 @@

115

+# Copyright 1999-2020 Gentoo Authors

116

+# Distributed under the terms of the GNU General Public License v2

117

+

118

+EAPI=7

119

+

120

+inherit multilib readme.gentoo-r1 toolchain-funcs

121

+

122

+DESCRIPTION="A tiny pseudoshell which only permits scp and sftp"

123

+HOMEPAGE="https://github.com/scponly/scponly"

124

+SRC_URI="mirror://sourceforge/scponly/${P}.tgz"

125

+

126

+LICENSE="BSD-2"

127

+SLOT="0"

128

+KEYWORDS="~amd64 ~ppc ~sparc ~x86"

129

+IUSE="chroot +sftp scp winscp gftp rsync unison subversion wildcards quota passwd logging"

130

+REQUIRED_USE="

131

+	|| ( sftp scp winscp rsync unison subversion )

132

+"

133

+

134

+RDEPEND="

135

+	sys-apps/sed

136

+	net-misc/openssh

137

+	chroot? ( acct-user/scponly acct-group/scponly )

138

+	quota? ( sys-fs/quota )

139

+	rsync? ( net-misc/rsync )

140

+	subversion? ( dev-vcs/subversion )

141

+	unison? ( net-misc/unison:= )

142

+"

143

+DEPEND="${RDEPEND}"

144

+

145

+PATCHES=(

146

+	"${FILESDIR}/${P}-rsync.patch"

147

+	"${FILESDIR}/${P}-gcc4.4.0.patch"

148

+	"${FILESDIR}/${P}-sftp-server-path.patch"

149

+)

150

+

151

+src_configure() {

152

+	CFLAGS="${CFLAGS} ${LDFLAGS}" econf \

153

+		--with-sftp-server="/usr/$(get_libdir)/misc/sftp-server" \

154

+		--disable-restrictive-names \

155

+		$(use_enable chroot chrooted-binary) \

156

+		$(use_enable chroot chrooted-checkdir) \

157

+		$(use_enable winscp winscp-compat) \

158

+		$(use_enable gftp gftp-compat) \

159

+		$(use_enable scp scp-compat) \

160

+		$(use_enable sftp sftp) \

161

+		$(use_enable quota quota-compat) \

162

+		$(use_enable passwd passwd-compat) \

163

+		$(use_enable rsync rsync-compat) \

164

+		$(use_enable unison unison-compat) \

165

+		$(use_enable subversion svn-compat) \

166

+		$(use_enable subversion svnserv-compat) \

167

+		$(use_enable logging sftp-logging-compat) \

168

+		$(use_enable wildcards wildcards)

169

+}

170

+

171

+src_compile() {

172

+	emake CC=$(tc-getCC)

173

+}

174

+

175

+src_install() {

176

+	emake DESTDIR="${D}" install

177

+

178

+	dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README SECURITY TODO

179

+

180

+	if use chroot ; then

181

+		local DOC_CONTENTS="You might want to run\n

182

+			emerge --config =${CATEGORY}/${PF}\n

183

+			\nto setup the chroot. Otherwise you will have to setup chroot

184

+			manually. Please read the docs in /usr/share/doc/${PF} for more

185

+			informations, also the SECURITY file."

186

+		( docinto chroot; dodoc setup_chroot.sh config.h )

187

+		# don't compress setup-script, so it is usable if necessary

188

+		docompress -x /usr/share/doc/${PF}/chroot

189

+		readme.gentoo_create_doc

190

+	fi

191

+}

192

+

193

+pkg_config() {

194

+	if ! use chroot ; then

195

+		einfo "USE=chroot not enabled, nothing to configure."

196

+		return

197

+	fi

198

+

199

+	myuser="scponly"

200

+	myhome="/var/chroot/${myuser}"

201

+	mysubdir="/pub"

202

+

203

+	# pkg_postinst is based on ${S}/setup_chroot.sh.

204

+

205

+	einfo "Collecting binaries and libraries..."

206

+

207

+	# Binaries launched in sftp compat mode

208

+	if has_version "=${CATEGORY}/${PF}[sftp]" ; then

209

+		BINARIES="/usr/$(get_libdir)/misc/sftp-server"

210

+	fi

211

+

212

+	# Binaries launched by vanilla- and WinSCP modes

213

+	if has_version "=${CATEGORY}/${PF}[scp]" || \

214

+		has_version "=${CATEGORY}/${PF}[winscp]" ; then

215

+		BINARIES="${BINARIES} /usr/bin/scp /bin/ls /bin/rm /bin/ln /bin/mv"

216

+		BINARIES="${BINARIES} /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir"

217

+	fi

218

+

219

+	# Binaries launched in WinSCP compatibility mode

220

+	if has_version "=${CATEGORY}/${PF}[winscp]" ; then

221

+		BINARIES="${BINARIES} /bin/pwd /bin/groups /usr/bin/id /bin/echo"

222

+	fi

223

+

224

+	# Rsync compatability mode

225

+	if has_version "=${CATEGORY}/${PF}[rsync]" ; then

226

+		BINARIES="${BINARIES} /usr/bin/rsync"

227

+	fi

228

+

229

+	# Unison compatability mode

230

+	if has_version "=${CATEGORY}/${PF}[unison]" ; then

231

+		BINARIES="${BINARIES} /usr/bin/unison"

232

+	fi

233

+

234

+	# subversion cli/svnserv compatibility

235

+	if has_version "=${CATEGORY}/${PF}[subversion]" ; then

236

+		BINARIES="${BINARIES} /usr/bin/svn /usr/bin/svnserve"

237

+	fi

238

+

239

+	# passwd compatibility

240

+	if has_version "=${CATEGORY}/${PF}[passwd]" ; then

241

+		BINARIES="${BINARIES} /usr/bin/passwd"

242

+	fi

243

+

244

+	# quota compatibility

245

+	if has_version "=${CATEGORY}/${PF}[quota]" ; then

246

+		BINARIES="${BINARIES} /usr/bin/quota"

247

+	fi

248

+

249

+	# build lib dependencies

250

+	LIB_LIST=$(ldd ${BINARIES} | sed -n 's:.* => \(/[^ ]\+\).*:\1:p' | sort -u)

251

+

252

+	# search and add ld*.so

253

+	for LIB in /$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 \

254

+		/usr/libexec/ld.so /$(get_libdir)/ld-linux*.so.2 /usr/libexec/ld-elf.so.1; do

255

+		[ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"

256

+	done

257

+

258

+	# search and add libnss_*.so

259

+	for LIB in /$(get_libdir)/libnss_{compat,files}*.so.*; do

260

+		[ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"

261

+	done

262

+

263

+	# create base dirs

264

+	if [ ! -d "${myhome}" ]; then

265

+		die "Home '${myhome}' should have been created by acct-user but does not exist."

266

+	else

267

+		einfo "Setting owner for ${myhome}"

268

+		chown 0:0 "${myhome}"

269

+	fi

270

+

271

+	if [ ! -d "${myhome}/etc" ]; then

272

+		einfo "Creating ${myhome}/etc"

273

+		install -o0 -g0 -m0755 -d "${myhome}/etc"

274

+	fi

275

+

276

+	if [ ! -d "${myhome}/$(get_libdir)" ]; then

277

+		einfo "Creating ${myhome}/$(get_libdir)"

278

+		install -o0 -g0 -m0755 -d "${myhome}/$(get_libdir)"

279

+	fi

280

+

281

+	if [ ! -e "${myhome}/lib" ]; then

282

+		einfo "Creating ${myhome}/lib"

283

+		ln -snf $(get_libdir) "${myhome}/lib"

284

+	fi

285

+

286

+	if [ ! -d "${myhome}/usr/$(get_libdir)" ]; then

287

+		einfo "Creating ${myhome}/usr/$(get_libdir)"

288

+		install -o0 -g0 -m0755 -d "${myhome}/usr/$(get_libdir)"

289

+	fi

290

+

291

+	if [ ! -e "${myhome}/usr/lib" ]; then

292

+		einfo "Creating ${myhome}/usr/lib"

293

+		ln -snf $(get_libdir) "${myhome}/usr/lib"

294

+	fi

295

+

296

+	if [ ! -d "${myhome}${mysubdir}" ]; then

297

+		einfo "Creating ${myhome}${mysubdir} directory for uploading files"

298

+		install -o${myuser} -g${myuser} -m0755 -d "${myhome}${mysubdir}"

299

+	fi

300

+

301

+	# create /dev/null (Bug 135505)

302

+	if [ ! -e "${myhome}/dev/null" ]; then

303

+		install -o0 -g0 -m0755 -d "${myhome}/dev"

304

+		mknod -m0777 "${myhome}/dev/null" c 1 3

305

+	fi

306

+

307

+	# install binaries

308

+	for BIN in ${BINARIES}; do

309

+		einfo "Install ${BIN}"

310

+		install -o0 -g0 -m0755 -d "${myhome}$(dirname ${BIN})"

311

+		if [ "${BIN}" = "/usr/bin/passwd" ]; then  # needs suid

312

+			install -p -o0 -g0 -m04711 "${BIN}" "${myhome}/${BIN}"

313

+		else

314

+			install -p -o0 -g0 -m0755 "${BIN}" "${myhome}/${BIN}"

315

+		fi

316

+	done

317

+

318

+	# install libs

319

+	for LIB in ${LIB_LIST}; do

320

+		einfo "Install ${LIB}"

321

+		install -o0 -g0 -m0755 -d "${myhome}$(dirname ${LIB})"

322

+		install -p -o0 -g0 -m0755 "${LIB}" "${myhome}/${LIB}"

323

+	done

324

+

325

+	# create ld.so.conf

326

+	einfo "Creating /etc/ld.so.conf"

327

+	for LIB in ${LIB_LIST}; do

328

+		dirname ${LIB}

329

+	done | sort -u | while read DIR; do

330

+		if ! grep 2>/dev/null -q "^${DIR}$" "${myhome}/etc/ld.so.conf"; then

331

+			echo "${DIR}" >> "${myhome}/etc/ld.so.conf"

332

+		fi

333

+	done

334

+	ldconfig -r "${myhome}"

335

+

336

+	# update shells

337

+	einfo "Updating /etc/shells"

338

+	grep 2>/dev/null -q "^/usr/bin/scponly$" /etc/shells \

339

+		|| echo "/usr/bin/scponly" >> /etc/shells

340

+

341

+	grep 2>/dev/null -q "^/usr/sbin/scponlyc$" /etc/shells \

342

+		|| echo "/usr/sbin/scponlyc" >> /etc/shells

343

+

344

+	# create /etc/passwd

345

+	if [ ! -e "${myhome}/etc/passwd" ]; then

346

+		(

347

+			echo "root:x:0:0:root:/:/bin/sh"

348

+			sed -n "s|^\(${myuser}:[^:]*:[^:]*:[^:]*:[^:]*:\).*|\1${mysubdir}:/bin/sh|p" /etc/passwd

349

+		) > "${myhome}/etc/passwd"

350

+	fi

351

+

352

+	# create /etc/group

353

+	if [ ! -e "${myhome}/etc/group" ]; then

354

+		(

355

+			echo "root:x:0:"

356

+			sed -n "s|^\(${myuser}:[^:]*:[^:]*:\).*|\1|p" /etc/group

357

+		) > "${myhome}/etc/group"

358

+	fi

359

+}

1	commit: 0cfdb10442be996e94f64bfaca9ba08317ac0e39
2	Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
3	AuthorDate: Tue Feb 18 19:51:48 2020 +0000
4	Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
5	CommitDate: Wed Feb 19 20:25:35 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cfdb104
7
8	net-misc/scponly: GLEP-81, fix sftp-server path, add maintainer
9
10	Redone to address feedback in https://github.com/gentoo/gentoo/pull/14286
11
12	scponly's sftp support has been broken since profile 17.1's move
13	from /usr/lib/ to /usr/lib64/; this includes the fix for that.
14
15	Also moved scponly's creation of a chroot user behind a
16	USE=chroot flag, as it's entirely usable if you are setting up
17	your own chroots and do not need it to create one.
18
19	Added myself as proxy maintainer.
20
21	Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
22	Closes: https://bugs.gentoo.org/701368
23	Package-Manager: Portage-2.3.84, Repoman-2.3.20
24	Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
25
26	.../files/scponly-4.8-sftp-server-path.patch \| 42 ++++
27	net-misc/scponly/metadata.xml \| 10 +-
28	net-misc/scponly/scponly-4.8-r7.ebuild \| 245 +++++++++++++++++++++
29	3 files changed, 296 insertions(+), 1 deletion(-)
30
31	diff --git a/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch
32	new file mode 100644
33	index 00000000000..c191de87751
34	--- /dev/null
35	+++ b/net-misc/scponly/files/scponly-4.8-sftp-server-path.patch
36	@@ -0,0 +1,42 @@
37	+diff -urNp scponly-4.8-orig/configure scponly-4.8-dwok/configure
38	+--- scponly-4.8-orig/configure 2019-11-26 16:34:19.028544577 +0100
39	++++ scponly-4.8-dwok/configure 2019-11-26 16:33:24.571763528 +0100
40	+@@ -3244,7 +3244,7 @@ else
41	+ ;;
42	+ *)
43	+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
44	+-as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" \| sed -e 's/:/ /'`"
45	++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh" \| sed -e 's/:/ /'`"
46	+ for as_dir in $as_dummy
47	+ do
48	+ IFS=$as_save_IFS
49	+@@ -4240,7 +4240,7 @@ else
50	+ ;;
51	+ *)
52	+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
53	+-as_dummy="`echo "$PATH:/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" \| sed -e 's/:/ /'`"
54	++as_dummy="`echo "$PATH:/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec" \| sed -e 's/:/ /'`"
55	+ for as_dir in $as_dummy
56	+ do
57	+ IFS=$as_save_IFS
58	+diff -urNp scponly-4.8-orig/configure.in scponly-4.8-dwok/configure.in
59	+--- scponly-4.8-orig/configure.in 2019-11-26 16:34:19.028544577 +0100
60	++++ scponly-4.8-dwok/configure.in 2019-11-26 16:33:28.491819749 +0100
61	+@@ -231,7 +231,7 @@ AC_ARG_ENABLE([quota-compat],
62	+
63	+ if test "x$scponly_scp_compat" != "x"; then
64	+ AC_MSG_NOTICE([enabling core WinSCP and Vanilla SCP binaries...])
65	+- SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh])
66	++ SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],[/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/libexec:/usr/libexec/openssh:/usr/lib/ssh:/usr/lib64/ssh:/usr/local/libexec:/usr/lib/misc:/usr/lib/openssh])
67	+ SCPONLY_PATH_PROG_DEFINE([PROG_LS], [ls], [/bin:/usr/bin:/sbin:/usr/sbin])
68	+ SCPONLY_PATH_PROG_DEFINE([PROG_SCP], [scp], [/bin:/usr/bin:/sbin:/usr/sbin])
69	+ SCPONLY_PATH_PROG_DEFINE([PROG_RM], [rm], [/bin:/usr/bin:/sbin:/usr/sbin])
70	+@@ -297,7 +297,7 @@ if test "x$scponly_sftp_compat" != "x";
71	+ if test "x$scponly_explicit_sftpserver_path" = "x"; then
72	+ dnl Informed guess:
73	+ SCPONLY_PATH_PROG_DEFINE([PROG_SFTP_SERVER], [sftp-server],
74	+- [/usr/lib:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec])
75	++ [/usr/lib:/usr/lib64:/usr/lib64/misc:/usr/lib/ssh:/usr/libexec/openssh:/usr/libexec:/usr/local/libexec])
76	+ dnl Debian uses /usr/lib
77	+ dnl Red Hat uses /usr/libexec/openssh
78	+ dnl Many a *BSD uses $PATH itself (which is implicit + checked 1st)
79
80	diff --git a/net-misc/scponly/metadata.xml b/net-misc/scponly/metadata.xml
81	index cc5fae365f3..38864027ac1 100644
82	--- a/net-misc/scponly/metadata.xml
83	+++ b/net-misc/scponly/metadata.xml
84	@@ -1,7 +1,14 @@
85	<?xml version="1.0" encoding="UTF-8"?>
86	<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
87	<pkgmetadata>
88	- <!-- maintainer-needed -->
89	+ <maintainer type="person">
90	+ <email>hlein@×××××××××.com</email>
91	+ <name>Hank Leininger</name>
92	+ </maintainer>
93	+ <maintainer type="project">
94	+ <email>proxy-maint@g.o</email>
95	+ <name>Proxy Maintainers</name>
96	+ </maintainer>
97	<longdescription lang="en">
98	scponly is an alternative 'shell' (of sorts) for system administrators
99	who would like to provide access to remote users to both read and write
100	@@ -10,6 +17,7 @@
101	ssh suite of applications.
102	</longdescription>
103	<use>
104	+ <flag name="chroot">Enables adding and configuring an 'scponlyc' chrooted user</flag>
105	<flag name="rsync">Enables rsync compatibility with potential security risks</flag>
106	<flag name="unison">Enables Unison compatibility with potential security risks</flag>
107	<flag name="subversion">Enables Subversion compatibility with potential security risks</flag>
108
109	diff --git a/net-misc/scponly/scponly-4.8-r7.ebuild b/net-misc/scponly/scponly-4.8-r7.ebuild
110	new file mode 100644
111	index 00000000000..8128ad5d15a
112	--- /dev/null
113	+++ b/net-misc/scponly/scponly-4.8-r7.ebuild
114	@@ -0,0 +1,245 @@
115	+# Copyright 1999-2020 Gentoo Authors
116	+# Distributed under the terms of the GNU General Public License v2
117	+
118	+EAPI=7
119	+
120	+inherit multilib readme.gentoo-r1 toolchain-funcs
121	+
122	+DESCRIPTION="A tiny pseudoshell which only permits scp and sftp"
123	+HOMEPAGE="https://github.com/scponly/scponly"
124	+SRC_URI="mirror://sourceforge/scponly/${P}.tgz"
125	+
126	+LICENSE="BSD-2"
127	+SLOT="0"
128	+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
129	+IUSE="chroot +sftp scp winscp gftp rsync unison subversion wildcards quota passwd logging"
130	+REQUIRED_USE="
131	+ \|\| ( sftp scp winscp rsync unison subversion )
132	+"
133	+
134	+RDEPEND="
135	+ sys-apps/sed
136	+ net-misc/openssh
137	+ chroot? ( acct-user/scponly acct-group/scponly )
138	+ quota? ( sys-fs/quota )
139	+ rsync? ( net-misc/rsync )
140	+ subversion? ( dev-vcs/subversion )
141	+ unison? ( net-misc/unison:= )
142	+"
143	+DEPEND="${RDEPEND}"
144	+
145	+PATCHES=(
146	+ "${FILESDIR}/${P}-rsync.patch"
147	+ "${FILESDIR}/${P}-gcc4.4.0.patch"
148	+ "${FILESDIR}/${P}-sftp-server-path.patch"
149	+)
150	+
151	+src_configure() {
152	+ CFLAGS="${CFLAGS} ${LDFLAGS}" econf \
153	+ --with-sftp-server="/usr/$(get_libdir)/misc/sftp-server" \
154	+ --disable-restrictive-names \
155	+ $(use_enable chroot chrooted-binary) \
156	+ $(use_enable chroot chrooted-checkdir) \
157	+ $(use_enable winscp winscp-compat) \
158	+ $(use_enable gftp gftp-compat) \
159	+ $(use_enable scp scp-compat) \
160	+ $(use_enable sftp sftp) \
161	+ $(use_enable quota quota-compat) \
162	+ $(use_enable passwd passwd-compat) \
163	+ $(use_enable rsync rsync-compat) \
164	+ $(use_enable unison unison-compat) \
165	+ $(use_enable subversion svn-compat) \
166	+ $(use_enable subversion svnserv-compat) \
167	+ $(use_enable logging sftp-logging-compat) \
168	+ $(use_enable wildcards wildcards)
169	+}
170	+
171	+src_compile() {
172	+ emake CC=$(tc-getCC)
173	+}
174	+
175	+src_install() {
176	+ emake DESTDIR="${D}" install
177	+
178	+ dodoc AUTHOR BUILDING-JAILS.TXT CHANGELOG CONTRIB README SECURITY TODO
179	+
180	+ if use chroot ; then
181	+ local DOC_CONTENTS="You might want to run\n
182	+ emerge --config =${CATEGORY}/${PF}\n
183	+ \nto setup the chroot. Otherwise you will have to setup chroot
184	+ manually. Please read the docs in /usr/share/doc/${PF} for more
185	+ informations, also the SECURITY file."
186	+ ( docinto chroot; dodoc setup_chroot.sh config.h )
187	+ # don't compress setup-script, so it is usable if necessary
188	+ docompress -x /usr/share/doc/${PF}/chroot
189	+ readme.gentoo_create_doc
190	+ fi
191	+}
192	+
193	+pkg_config() {
194	+ if ! use chroot ; then
195	+ einfo "USE=chroot not enabled, nothing to configure."
196	+ return
197	+ fi
198	+
199	+ myuser="scponly"
200	+ myhome="/var/chroot/${myuser}"
201	+ mysubdir="/pub"
202	+
203	+ # pkg_postinst is based on ${S}/setup_chroot.sh.
204	+
205	+ einfo "Collecting binaries and libraries..."
206	+
207	+ # Binaries launched in sftp compat mode
208	+ if has_version "=${CATEGORY}/${PF}[sftp]" ; then
209	+ BINARIES="/usr/$(get_libdir)/misc/sftp-server"
210	+ fi
211	+
212	+ # Binaries launched by vanilla- and WinSCP modes
213	+ if has_version "=${CATEGORY}/${PF}[scp]" \|\| \
214	+ has_version "=${CATEGORY}/${PF}[winscp]" ; then
215	+ BINARIES="${BINARIES} /usr/bin/scp /bin/ls /bin/rm /bin/ln /bin/mv"
216	+ BINARIES="${BINARIES} /bin/chmod /bin/chown /bin/chgrp /bin/mkdir /bin/rmdir"
217	+ fi
218	+
219	+ # Binaries launched in WinSCP compatibility mode
220	+ if has_version "=${CATEGORY}/${PF}[winscp]" ; then
221	+ BINARIES="${BINARIES} /bin/pwd /bin/groups /usr/bin/id /bin/echo"
222	+ fi
223	+
224	+ # Rsync compatability mode
225	+ if has_version "=${CATEGORY}/${PF}[rsync]" ; then
226	+ BINARIES="${BINARIES} /usr/bin/rsync"
227	+ fi
228	+
229	+ # Unison compatability mode
230	+ if has_version "=${CATEGORY}/${PF}[unison]" ; then
231	+ BINARIES="${BINARIES} /usr/bin/unison"
232	+ fi
233	+
234	+ # subversion cli/svnserv compatibility
235	+ if has_version "=${CATEGORY}/${PF}[subversion]" ; then
236	+ BINARIES="${BINARIES} /usr/bin/svn /usr/bin/svnserve"
237	+ fi
238	+
239	+ # passwd compatibility
240	+ if has_version "=${CATEGORY}/${PF}[passwd]" ; then
241	+ BINARIES="${BINARIES} /usr/bin/passwd"
242	+ fi
243	+
244	+ # quota compatibility
245	+ if has_version "=${CATEGORY}/${PF}[quota]" ; then
246	+ BINARIES="${BINARIES} /usr/bin/quota"
247	+ fi
248	+
249	+ # build lib dependencies
250	+ LIB_LIST=$(ldd ${BINARIES} \| sed -n 's:.* => \(/[^ ]\+\).*:\1:p' \| sort -u)
251	+
252	+ # search and add ld*.so
253	+ for LIB in /$(get_libdir)/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 \
254	+ /usr/libexec/ld.so /$(get_libdir)/ld-linux*.so.2 /usr/libexec/ld-elf.so.1; do
255	+ [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"
256	+ done
257	+
258	+ # search and add libnss_*.so
259	+ for LIB in /$(get_libdir)/libnss_{compat,files}.so.; do
260	+ [ -f "${LIB}" ] && LIB_LIST="${LIB_LIST} ${LIB}"
261	+ done
262	+
263	+ # create base dirs
264	+ if [ ! -d "${myhome}" ]; then
265	+ die "Home '${myhome}' should have been created by acct-user but does not exist."
266	+ else
267	+ einfo "Setting owner for ${myhome}"
268	+ chown 0:0 "${myhome}"
269	+ fi
270	+
271	+ if [ ! -d "${myhome}/etc" ]; then
272	+ einfo "Creating ${myhome}/etc"
273	+ install -o0 -g0 -m0755 -d "${myhome}/etc"
274	+ fi
275	+
276	+ if [ ! -d "${myhome}/$(get_libdir)" ]; then
277	+ einfo "Creating ${myhome}/$(get_libdir)"
278	+ install -o0 -g0 -m0755 -d "${myhome}/$(get_libdir)"
279	+ fi
280	+
281	+ if [ ! -e "${myhome}/lib" ]; then
282	+ einfo "Creating ${myhome}/lib"
283	+ ln -snf $(get_libdir) "${myhome}/lib"
284	+ fi
285	+
286	+ if [ ! -d "${myhome}/usr/$(get_libdir)" ]; then
287	+ einfo "Creating ${myhome}/usr/$(get_libdir)"
288	+ install -o0 -g0 -m0755 -d "${myhome}/usr/$(get_libdir)"
289	+ fi
290	+
291	+ if [ ! -e "${myhome}/usr/lib" ]; then
292	+ einfo "Creating ${myhome}/usr/lib"
293	+ ln -snf $(get_libdir) "${myhome}/usr/lib"
294	+ fi
295	+
296	+ if [ ! -d "${myhome}${mysubdir}" ]; then
297	+ einfo "Creating ${myhome}${mysubdir} directory for uploading files"
298	+ install -o${myuser} -g${myuser} -m0755 -d "${myhome}${mysubdir}"
299	+ fi
300	+
301	+ # create /dev/null (Bug 135505)
302	+ if [ ! -e "${myhome}/dev/null" ]; then
303	+ install -o0 -g0 -m0755 -d "${myhome}/dev"
304	+ mknod -m0777 "${myhome}/dev/null" c 1 3
305	+ fi
306	+
307	+ # install binaries
308	+ for BIN in ${BINARIES}; do
309	+ einfo "Install ${BIN}"
310	+ install -o0 -g0 -m0755 -d "${myhome}$(dirname ${BIN})"
311	+ if [ "${BIN}" = "/usr/bin/passwd" ]; then # needs suid
312	+ install -p -o0 -g0 -m04711 "${BIN}" "${myhome}/${BIN}"
313	+ else
314	+ install -p -o0 -g0 -m0755 "${BIN}" "${myhome}/${BIN}"
315	+ fi
316	+ done
317	+
318	+ # install libs
319	+ for LIB in ${LIB_LIST}; do
320	+ einfo "Install ${LIB}"
321	+ install -o0 -g0 -m0755 -d "${myhome}$(dirname ${LIB})"
322	+ install -p -o0 -g0 -m0755 "${LIB}" "${myhome}/${LIB}"
323	+ done
324	+
325	+ # create ld.so.conf
326	+ einfo "Creating /etc/ld.so.conf"
327	+ for LIB in ${LIB_LIST}; do
328	+ dirname ${LIB}
329	+ done \| sort -u \| while read DIR; do
330	+ if ! grep 2>/dev/null -q "^${DIR}$" "${myhome}/etc/ld.so.conf"; then
331	+ echo "${DIR}" >> "${myhome}/etc/ld.so.conf"
332	+ fi
333	+ done
334	+ ldconfig -r "${myhome}"
335	+
336	+ # update shells
337	+ einfo "Updating /etc/shells"
338	+ grep 2>/dev/null -q "^/usr/bin/scponly$" /etc/shells \
339	+ \|\| echo "/usr/bin/scponly" >> /etc/shells
340	+
341	+ grep 2>/dev/null -q "^/usr/sbin/scponlyc$" /etc/shells \
342	+ \|\| echo "/usr/sbin/scponlyc" >> /etc/shells
343	+
344	+ # create /etc/passwd
345	+ if [ ! -e "${myhome}/etc/passwd" ]; then
346	+ (
347	+ echo "root:x:0:0:root:/:/bin/sh"
348	+ sed -n "s\|^\(${myuser}:[^:]:[^:]:[^:]:[^:]:\).*\|\1${mysubdir}:/bin/sh\|p" /etc/passwd
349	+ ) > "${myhome}/etc/passwd"
350	+ fi
351	+
352	+ # create /etc/group
353	+ if [ ! -e "${myhome}/etc/group" ]; then
354	+ (
355	+ echo "root:x:0:"
356	+ sed -n "s\|^\(${myuser}:[^:]:[^:]:\).*\|\1\|p" /etc/group
357	+ ) > "${myhome}/etc/group"
358	+ fi
359	+}

Gentoo Archives: gentoo-commits