kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/shells/scponly/Makefile

148 lines
3.8 KiB
Makefile
Raw Normal View History

Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
# Created by: mcglk@artlogix.com
Add scponly 2.4, a tiny shell which only permits scp and sftp. PR: ports/40935 Submitted by: Ken McGlothlen <mcglk@artlogix.com>
2002-09-11 00:18:46 +02:00
# $FreeBSD$
PORTNAME= scponly
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
PORTVERSION= 4.8.20110526
- Update to 4.8 PR: ports/121651 Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com> Approved by: maintainer timeout (rushani; 3 weeks)
2008-04-03 16:14:28 +02:00
CATEGORIES= shells security
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
MASTER_SITES= SF
MASTER_SITE_SUBDIR= ${PORTNAME}/${PORTNAME}-snapshots
DISTNAME= ${PORTNAME}-20110526
Add scponly 2.4, a tiny shell which only permits scp and sftp. PR: ports/40935 Submitted by: Ken McGlothlen <mcglk@artlogix.com>
2002-09-11 00:18:46 +02:00
EXTRACT_SUFX= .tgz
Take maintainership
2013-02-26 03:56:57 +01:00
MAINTAINER= gjb@FreeBSD.org
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
COMMENT= A tiny shell that only permits scp and sftp
Add scponly 2.4, a tiny shell which only permits scp and sftp. PR: ports/40935 Submitted by: Ken McGlothlen <mcglk@artlogix.com>
2002-09-11 00:18:46 +02:00
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
MAN8= scponly.8
Add scponly 2.4, a tiny shell which only permits scp and sftp. PR: ports/40935 Submitted by: Ken McGlothlen <mcglk@artlogix.com>
2002-09-11 00:18:46 +02:00
-Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it -Drop long comment describing knobs - it just duplicates OPTIONS -For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though? -Drop dead site and just use Sourceforge -Use the PORTDOCS variable -Install some useful docs and drop useless one (TODO) -Drop pre-everything message about defaults changing; that was 5 years ago -LOCALBASE vs. PREFIX correction -Add post-install messages to the plist so package users see them too PR: ports/153115 Submitted by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
2010-12-15 08:12:02 +01:00
PORTDOCS= BUILDING-JAILS.TXT INSTALL README SECURITY
- Update to 4.8 PR: ports/121651 Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com> Approved by: maintainer timeout (rushani; 3 weeks)
2008-04-03 16:14:28 +02:00
GNU_CONFIGURE= yes
Unbreak rsync comatibility when long opts ("--server", "--sender" and "--delete" in this case) specified. PR: 96295 Suggested by: ueda _at_ drweb dot jp Obtained from: https://lists.ccs.neu.edu/pipermail/scponly/2006-March/001287.html Approved by: rushani (maintainer)
2006-08-06 19:38:15 +02:00
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
OPTIONS_DEFINE= WILDCARDS GFTP CHROOT RSYNC SCP SVN SVNSERVE UNISON WINSCP \
DEFAULT_CHDIR DOCS
OPTIONS_DEFAULT= WILDCARDS
DEFAULT_CHDIR_DESC= Chdir(2) by default
WILDCARDS_DESC= Wildcards processing
GFTP_DESC= gftp support
RSYNC_DESC= rsync support
CHROOT_DESC= chroot(8) functionality
SCP_DESC= vanilla scp support
SVNSERVE_DESC= Suversion support for svn+ssh://
UNISON_DESC= Unisson support
WINSCP_DESC= WinSCP support
.include <bsd.port.options.mk>
- If sftp is not available, use security/openssh-portable. This is the case if running base with WITHOUT_OPENSSH Approved by: gjb (maintainer)
2013-04-29 17:13:52 +02:00
RUN_DEPENDS+= sftp:${PORTSDIR}/security/openssh-portable
BUILD_DEPENDS+= sftp:${PORTSDIR}/security/openssh-portable
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MDEFAULT_CHDIR}
- Update to 4.0 PR: ports/74633 Submitted by: rushani (maintainer)
2004-12-05 00:56:24 +01:00
CONFIGURE_ARGS+=--with-default-chdir=${SCPONLY_DEFAULT_CHDIR}
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MWILDCARDS}
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
CONFIGURE_ARGS+=--enable-wildcards
.else
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
CONFIGURE_ARGS+=--disable-wildcards
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MGFTP}
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
CONFIGURE_ARGS+=--enable-gftp-compat
.else
fix configure arguments for gftp stuff. PR: 54843 Submitted by: rushani (maintainer)
2003-07-26 01:12:03 +02:00
CONFIGURE_ARGS+=--disable-gftp-compat
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MCHROOT}
- Add OPTIONS for included knobs PR: ports/110036 Approved by: maintainer (timeout), garga (mentor, implicit)
2007-08-13 12:34:17 +02:00
PLIST_SUB+= SCPONLY_CHROOT=""
o Respect scponly default configuration. o Introduce WITH_SCPONLY_CHROOT knob. o Use ${DOCSDIR} in Makefile. PR: ports/56300 Submitted by: rushani (maintainer)
2003-09-02 10:47:16 +02:00
CONFIGURE_ARGS+=--enable-chrooted-binary
- Remove USE_RC_SUR (typo), USE_RC_SUBR is conditionally defined later
2009-01-08 17:40:05 +01:00
USE_RC_SUBR+= scponlyc
- Add OPTIONS for included knobs PR: ports/110036 Approved by: maintainer (timeout), garga (mentor, implicit)
2007-08-13 12:34:17 +02:00
.else
PLIST_SUB+= SCPONLY_CHROOT="@comment "
o Respect scponly default configuration. o Introduce WITH_SCPONLY_CHROOT knob. o Use ${DOCSDIR} in Makefile. PR: ports/56300 Submitted by: rushani (maintainer)
2003-09-02 10:47:16 +02:00
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MRSYNC}
- Update to 4.0 PR: ports/74633 Submitted by: rushani (maintainer)
2004-12-05 00:56:24 +01:00
BUILD_DEPENDS+= rsync:${PORTSDIR}/net/rsync
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
CONFIGURE_ARGS+=--enable-rsync-compat
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
.else
CONFIGURE_ARGS+=--disable-rsync-compat
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MSCP}
o Update to 4.2. - Security fixes (local privilege escalation exploits). See https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html for details. - The scp and WinSCP compatibilities are turned off by default to improve scp argument processing. - The sftp-logging supported. - Etc. o Add SHA256 hash. PR: ports/90813 Submitted by: maintainer Security: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
2005-12-22 17:24:30 +01:00
CONFIGURE_ARGS+=--enable-scp-compat
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
.else
CONFIGURE_ARGS+=--disable-scp-compat
o Update to 4.2. - Security fixes (local privilege escalation exploits). See https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html for details. - The scp and WinSCP compatibilities are turned off by default to improve scp argument processing. - The sftp-logging supported. - Etc. o Add SHA256 hash. PR: ports/90813 Submitted by: maintainer Security: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
2005-12-22 17:24:30 +01:00
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MSVN}
- Update to 4.0 PR: ports/74633 Submitted by: rushani (maintainer)
2004-12-05 00:56:24 +01:00
CONFIGURE_ARGS+=--enable-svn-compat
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
.else
CONFIGURE_ARGS+=--disable-svn-compat
- Update to 4.0 PR: ports/74633 Submitted by: rushani (maintainer)
2004-12-05 00:56:24 +01:00
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MSVNSERVE}
Fix svn issue with scponly via ssh+svn://. Submitted by: Matthias Fechner <idefix@fechner.net> Reviewed by: rushani (maintainer)
2005-06-20 16:51:14 +02:00
CONFIGURE_ARGS+=--enable-svnserv-compat
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
.else
CONFIGURE_ARGS+=--disable-svnserv-compat
Add support ssh+svn://. PR: ports/81889 Submitted by: Matthias Fechner <idefix@fechner.net> Approved by: rushani (maintainer)
2005-06-18 20:50:26 +02:00
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MUNISON}
Update to 3.11 PR: ports/69179 Submitted by: maintainer
2004-07-17 15:02:01 +02:00
BUILD_DEPENDS+= unison:${PORTSDIR}/net/unison
CONFIGURE_ARGS+=--enable-unison-compat
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
.else
CONFIGURE_ARGS+=--disable-unison-compat
Update to 3.11 PR: ports/69179 Submitted by: maintainer
2004-07-17 15:02:01 +02:00
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MWINSCP}
o Update to 4.2. - Security fixes (local privilege escalation exploits). See https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html for details. - The scp and WinSCP compatibilities are turned off by default to improve scp argument processing. - The sftp-logging supported. - Etc. o Add SHA256 hash. PR: ports/90813 Submitted by: maintainer Security: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
2005-12-22 17:24:30 +01:00
CONFIGURE_ARGS+=--enable-winscp-compat
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
.else
CONFIGURE_ARGS+=--disable-winscp-compat
o Update to 4.2. - Security fixes (local privilege escalation exploits). See https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html for details. - The scp and WinSCP compatibilities are turned off by default to improve scp argument processing. - The sftp-logging supported. - Etc. o Add SHA256 hash. PR: ports/90813 Submitted by: maintainer Security: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
2005-12-22 17:24:30 +01:00
.endif
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
# svn, svnlook ... are per default in subversion
# only check for one of them!
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MSVN} || ${PORT_OPTIONS:MSVNSERVE}
-Add both versions of each configure flag (--enable-x/--disable-x) for safety -Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
2011-06-18 19:24:07 +02:00
BUILD_DEPENDS+= svn:${PORTSDIR}/devel/subversion
.endif
RUN_DEPENDS:= ${BUILD_DEPENDS}
-Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it -Drop long comment describing knobs - it just duplicates OPTIONS -For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though? -Drop dead site and just use Sourceforge -Use the PORTDOCS variable -Install some useful docs and drop useless one (TODO) -Drop pre-everything message about defaults changing; that was 5 years ago -LOCALBASE vs. PREFIX correction -Add post-install messages to the plist so package users see them too PR: ports/153115 Submitted by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
2010-12-15 08:12:02 +01:00
post-patch:
@${ECHO_MSG} "In addition to knobs available from the OPTIONS dialog,"
@${ECHO_MSG} "you may set SCPONLY_DEFAULT_CHDIR to make users 'cd' to"
@${ECHO_MSG} "this directory after authentication."
o Respect scponly default configuration. o Introduce WITH_SCPONLY_CHROOT knob. o Use ${DOCSDIR} in Makefile. PR: ports/56300 Submitted by: rushani (maintainer)
2003-09-02 10:47:16 +02:00
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
post-install:
Update to 3.9(support for WinSCP3). PR: ports/64076 Submitted by: Jim Shewmaker <jims@bluenotch.com> Reviewed by: rushani (maintainer) Committed at: CBUG Curry Camp in Yatsugatake, Yamanashi-ken, Japan.
2004-03-20 10:54:30 +01:00
@${ECHO_MSG} "Updating /etc/shells"
@${CP} /etc/shells /etc/shells.bak
@(${GREP} -v ${PREFIX}/bin/scponly /etc/shells.bak; \
${ECHO_CMD} ${PREFIX}/bin/scponly) > /etc/shells
@${RM} /etc/shells.bak
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MCHROOT}
Update to 3.9(support for WinSCP3). PR: ports/64076 Submitted by: Jim Shewmaker <jims@bluenotch.com> Reviewed by: rushani (maintainer) Committed at: CBUG Curry Camp in Yatsugatake, Yamanashi-ken, Japan.
2004-03-20 10:54:30 +01:00
@${CP} /etc/shells /etc/shells.bak
@(${GREP} -v ${PREFIX}/sbin/scponlyc /etc/shells.bak; \
${ECHO_CMD} ${PREFIX}/sbin/scponlyc) > /etc/shells
@${RM} /etc/shells.bak
@${MKDIR} ${EXAMPLESDIR}
@${INSTALL_SCRIPT} ${WRKSRC}/setup_chroot.sh ${EXAMPLESDIR}
@${INSTALL_DATA} ${WRKSRC}/config.h ${EXAMPLESDIR}
o Respect scponly default configuration. o Introduce WITH_SCPONLY_CHROOT knob. o Use ${DOCSDIR} in Makefile. PR: ports/56300 Submitted by: rushani (maintainer)
2003-09-02 10:47:16 +02:00
@${ECHO_MSG} ""
Make notes for setting up a chroot cage a bit more precise. PR: 144059 Submitted by: Michael Meelis <m.meelis@easybow.com> Patch by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer) Feature safe: yes
2010-06-28 15:47:19 +02:00
@${ECHO_MSG} "To setup chroot cage, run the following commands:"
@${ECHO_MSG} " 1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh"
@${ECHO_MSG} " 2) Set scponlyc_enable=\"YES\" in /etc/rc.conf"
-Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it -Drop long comment describing knobs - it just duplicates OPTIONS -For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though? -Drop dead site and just use Sourceforge -Use the PORTDOCS variable -Install some useful docs and drop useless one (TODO) -Drop pre-everything message about defaults changing; that was 5 years ago -LOCALBASE vs. PREFIX correction -Add post-install messages to the plist so package users see them too PR: ports/153115 Submitted by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
2010-12-15 08:12:02 +01:00
@${ECHO_MSG} " 3) Run ${PREFIX}/etc/rc.d/scponly start"
o Respect scponly default configuration. o Introduce WITH_SCPONLY_CHROOT knob. o Use ${DOCSDIR} in Makefile. PR: ports/56300 Submitted by: rushani (maintainer)
2003-09-02 10:47:16 +02:00
@${ECHO_MSG} ""
.endif
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.if ${PORT_OPTIONS:MDOCS}
o Respect scponly default configuration. o Introduce WITH_SCPONLY_CHROOT knob. o Use ${DOCSDIR} in Makefile. PR: ports/56300 Submitted by: rushani (maintainer)
2003-09-02 10:47:16 +02:00
@${MKDIR} ${DOCSDIR}
-Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it -Drop long comment describing knobs - it just duplicates OPTIONS -For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though? -Drop dead site and just use Sourceforge -Use the PORTDOCS variable -Install some useful docs and drop useless one (TODO) -Drop pre-everything message about defaults changing; that was 5 years ago -LOCALBASE vs. PREFIX correction -Add post-install messages to the plist so package users see them too PR: ports/153115 Submitted by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
2010-12-15 08:12:02 +01:00
.for i in ${PORTDOCS}
o Respect scponly default configuration. o Introduce WITH_SCPONLY_CHROOT knob. o Use ${DOCSDIR} in Makefile. PR: ports/56300 Submitted by: rushani (maintainer)
2003-09-02 10:47:16 +02:00
@${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
.endfor
-Patch SECURITY doc to include note about bypassing rsync argument checking with popt (from upstream) and tell people to read it -Drop long comment describing knobs - it just duplicates OPTIONS -For SCPONLY_DEFAULT_CHDIR, print a note about setting it. I'm not sure if post-patch is the best place for this, though? -Drop dead site and just use Sourceforge -Use the PORTDOCS variable -Install some useful docs and drop useless one (TODO) -Drop pre-everything message about defaults changing; that was 5 years ago -LOCALBASE vs. PREFIX correction -Add post-install messages to the plist so package users see them too PR: ports/153115 Submitted by: Rob Farmer <rfarmer@predatorlabs.net> (maintainer)
2010-12-15 08:12:02 +01:00
@${ECHO_MSG} ""
@${ECHO_MSG} "For information on several potential security concerns,"
@${ECHO_MSG} "please read:"
@${ECHO_MSG} "${DOCSDIR}/SECURITY"
@${ECHO_MSG} ""
o Update to 3.7. o Take up more safety default setting. PR: ports/48480, ports/48492, ports/50899 Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru> Adam Jette <jettea@fuzzynerd.com> Miguel Mendez <flynn@energyhq.homeip.net> Reviewed by: Sergey A. Osokin <osa@FreeBSD.org.ru> Miguel Mendez <flynn@energyhq.homeip.net> Ken McGlothlen <mcglk@artlogix.com> (maintainer) Approved by: Ken McGlothlen <mcglk@artlogix.com> (maintainer)
2003-04-17 20:40:51 +02:00
.endif
Add scponly 2.4, a tiny shell which only permits scp and sftp. PR: ports/40935 Submitted by: Ken McGlothlen <mcglk@artlogix.com>
2002-09-11 00:18:46 +02:00
Convert to new option framework Bump port revision as the options name has change a lot Add CHDIR and DOCS to options
2012-12-16 19:25:15 +01:00
.include <bsd.port.mk>
Reference in a new issue Copy permalink