aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBruce M Simpson <bms@FreeBSD.org>2010-02-07 20:34:20 +0000
committerBruce M Simpson <bms@FreeBSD.org>2010-02-07 20:34:20 +0000
commite8f6999c1b3eea007da83a6e4388deb0e3bf03fb (patch)
treea62cfc6bce657b426d86d5694ed89685d5734b53
parent2f886f4efb083c9c04e0436f4f685170949d67af (diff)
downloadports-e8f6999c1b3eea007da83a6e4388deb0e3bf03fb.tar.gz
ports-e8f6999c1b3eea007da83a6e4388deb0e3bf03fb.zip
Add an RC script for saned, and borrow machinery for creating
a dedicated sandbox user account from the nullmailer port. Also add a pkg-message which describes how to tie down a USB scanner to this sandbox using devd(8) in FreeBSD 8, as well as describing what config files likely need editing. Note: This text probably belongs in the FreeBSD Handbook. Bump PORTREVISION. Reviewed by: dougb (with edits to saned.in)
Notes
Notes: svn path=/head/; revision=249398
-rw-r--r--graphics/sane-backends/Makefile12
-rw-r--r--graphics/sane-backends/files/pkg-install.in65
-rw-r--r--graphics/sane-backends/files/pkg-message.in46
-rw-r--r--graphics/sane-backends/files/saned.in37
-rw-r--r--graphics/sane-backends/pkg-deinstall63
5 files changed, 222 insertions, 1 deletions
diff --git a/graphics/sane-backends/Makefile b/graphics/sane-backends/Makefile
index eec1c3ff5435..3dc93def7684 100644
--- a/graphics/sane-backends/Makefile
+++ b/graphics/sane-backends/Makefile
@@ -7,7 +7,7 @@
PORTNAME= sane-backends
PORTVERSION= 1.0.20
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= graphics
MASTER_SITES= http://alioth.debian.org/frs/download.php/3026/ \
ftp://ftp.sane-project.org/pub/sane/%SUBDIR%/ \
@@ -43,6 +43,9 @@ CONFIGURE_ARGS= --with-docdir=${DOCSDIR} \
MAKE_ENV= NOPORTDOCS=${NOPORTDOCS}
USE_LDCONFIG= yes
+USE_RC_SUBR= saned
+SUB_FILES+= pkg-install pkg-message
+
.include "Makefile.man"
.include <bsd.port.pre.mk>
@@ -93,4 +96,11 @@ post-patch:
s|} -D_REENT|} ${PTHREAD_CFLAGS} -D_REENT|g ; \
s|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
+# Pass BATCH to pkg-install for Evil Things(tm)
+pre-install:
+ @BATCH="${BATCH}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+
+post-install:
+ @${CAT} ${PKGMESSAGE}
+
.include <bsd.port.post.mk>
diff --git a/graphics/sane-backends/files/pkg-install.in b/graphics/sane-backends/files/pkg-install.in
new file mode 100644
index 000000000000..4ff38c47598f
--- /dev/null
+++ b/graphics/sane-backends/files/pkg-install.in
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+user=saned
+group=saned
+
+ask() {
+ local question default answer
+
+ question=$1
+ default=$2
+ if [ -z "${PACKAGE_BUILDING}" ]; then
+ read -p "${question} [${default}]? " answer
+ fi
+ if [ x${answer} = x ]; then
+ answer=${default}
+ fi
+ echo ${answer}
+}
+
+yesno() {
+ local dflt question answer
+
+ question=$1
+ dflt=$2
+ while :; do
+ answer=$(ask "${question}" "${dflt}")
+ case "${answer}" in
+ [Yy]*) return 0;;
+ [Nn]*) return 1;;
+ esac
+ echo "Please answer yes or no."
+ done
+}
+
+if [ x"$2" = xPRE-INSTALL ]; then
+ if /usr/sbin/pw groupshow "${group}" 2>/dev/null; then
+ echo "You already have a group \"${group}\", so I will use it."
+ else
+ echo "You need a group \"${group}\"."
+ if ([ -n "$BATCH" ] || yesno "Would you like me to create it" y); then
+ /usr/sbin/pw groupadd ${group} -g 194 -h - || exit
+ echo "Done."
+ else
+ echo "Please create it, and try again."
+ exit 1
+ fi
+ fi
+
+ if /usr/sbin/pw user show "${user}" 2>/dev/null; then
+ echo "You already have a user \"${user}\", so I will use it."
+ pw usermod "${user}" -d /nonexistent
+ else
+ echo "You need a user \"${user}\"."
+ if ([ -n "$BATCH" ] || yesno "Would you like me to create it" y); then
+ /usr/sbin/pw useradd ${user} -u 194 -g ${group} -h - \
+ -d /nonexistent -s /bin/sh -c "SANE Scanner Daemon" || exit
+ echo "Done."
+ else
+ echo "Please create it, and try again."
+ exit 1
+ fi
+ fi
+
+ # TODO: Fix logging.
+fi
diff --git a/graphics/sane-backends/files/pkg-message.in b/graphics/sane-backends/files/pkg-message.in
new file mode 100644
index 000000000000..0716d8dd79c6
--- /dev/null
+++ b/graphics/sane-backends/files/pkg-message.in
@@ -0,0 +1,46 @@
+==================================================================
+
+saned will log to the 'daemon' facility; this is a hard-coded
+default. Also, saned has no support for SSL/TLS or cryptographic
+authentication; you may wish to deploy security/stunnel to wrap
+it if you have concerns about security.
+
+If you are using a USB scanner, you should edit /etc/devd.conf to
+allow saned access permissions. Currently, devfs.rules(5) has no
+support for USB specific filters such as vendor, product and
+serial number.
+
+Here is an example devd.conf(5) entry for an Epson CX3650
+multi-function scanner/printer device (assuming you are sharing
+the printer function with cups):
+
+attach 100 {
+ device-name "ugen[0-9].[0-9]";
+ match "vendor" "0x04b8";
+ match "product" "0x080e";
+ action "usb_devaddr=`echo $device-name | sed 's#^ugen##'` && \
+ chown cups:saned /dev/usb/${usb_devaddr}.* && \
+ chmod 660 /dev/usb/${usb_devaddr}.*";
+};
+
+Note: A backtick must be used above, due to how devd(8) performs
+variable substitutions.
+
+To determine which port your scanner is connected to, inspect the
+output of 'usbconfig list' before and after connecting your scanner,
+and note the numbers which appear after 'ugen' in the first column.
+Then, use 'usbconfig -d X.Y dump_device_desc' to learn the idVendor
+and idProduct fields, and plug them into the above example entry.
+
+Finally, restart devd with the command:
+ # /etc/rc.d/devd restart
+
+Please take %%PREFIX%%/etc/sane.d/dll.conf
+as an example only; you may wish to enable only the 'net' backend
+on client machines; be sure to point it at your scan server.
+
+If you are setting up a scan server, you may also wish to edit
+%%PREFIX%%/etc/sane.d/saned.conf
+to only permit specific machines.
+
+==================================================================
diff --git a/graphics/sane-backends/files/saned.in b/graphics/sane-backends/files/saned.in
new file mode 100644
index 000000000000..ae4345a58a05
--- /dev/null
+++ b/graphics/sane-backends/files/saned.in
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: saned
+# REQUIRE: netif routing mountcritlocal
+# BEFORE: NETWORKING
+#
+# A sample saned startup script.
+#
+# Add the following line to /etc/rc.conf to enable saned:
+# saned_enable="YES"
+#
+
+. /etc/rc.subr
+
+name="saned"
+rcvar=`set_rcvar`
+command="%%PREFIX%%/sbin/${name}"
+
+start_precmd=${name}_prestart
+
+saned_prestart()
+{
+ case "${saned_flags}" in
+ *-a\ *) err "saned_flags includes the -a option. Please use saned_uid instead." ;;
+ esac
+}
+
+load_rc_config $name
+
+: ${saned_enable="NO"}
+: ${saned_uid="saned"}
+
+command_args="-a $saned_uid"
+
+run_rc_command "$1"
diff --git a/graphics/sane-backends/pkg-deinstall b/graphics/sane-backends/pkg-deinstall
new file mode 100644
index 000000000000..1f1f4ecc8ef1
--- /dev/null
+++ b/graphics/sane-backends/pkg-deinstall
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+user=saned
+group=saned
+
+ask() {
+ local question default answer
+
+ question=$1
+ default=$2
+ if [ -z "${PACKAGE_BUILDING}" ]; then
+ read -p "${question} [${default}]? " answer
+ fi
+ if [ x${answer} = x ]; then
+ answer=${default}
+ fi
+ echo ${answer}
+}
+
+yesno() {
+ local dflt question answer
+
+ question=$1
+ dflt=$2
+ while :; do
+ answer=$(ask "${question}" "${dflt}")
+ case "${answer}" in
+ [Yy]*) return 0;;
+ [Nn]*) return 1;;
+ esac
+ echo "Please answer yes or no."
+ done
+}
+
+delete_account() {
+ local u g home
+
+ u=$1
+ g=$2
+ if yesno "Do you want me to remove group \"${g}\"" y; then
+ pw groupdel -n ${g}
+ echo "Done."
+ fi
+ if yesno "Do you want me to remove user \"${u}\"" y; then
+ eval home=~${u}
+ pw userdel -n ${u}
+ echo "Done."
+ fi
+}
+
+if [ x"$2" = xDEINSTALL ]; then
+ if [ ! -n "$BATCH" ]; then
+ if /bin/ps -axc | /usr/bin/grep -q saned; then
+ if yesno "There are some SANE processes running. Shall I kill them" y; then
+ ${PKG_PREFIX}/etc/rc.d/saned stop
+ sleep 2
+ else
+ echo "OK ... I hope you know what you are doing."
+ fi
+ fi
+
+ fi
+fi