# New ports collection makefile for: scponly # Date created: 2002/07/23 # Whom: mcglk@artlogix.com # # $FreeBSD$ # PORTNAME= scponly PORTVERSION= 4.8.20110526 CATEGORIES= shells security MASTER_SITES= SF MASTER_SITE_SUBDIR= ${PORTNAME}/${PORTNAME}-snapshots DISTNAME= ${PORTNAME}-20110526 EXTRACT_SUFX= .tgz MAINTAINER= rfarmer@predatorlabs.net COMMENT= A tiny shell that only permits scp and sftp MAN8= scponly.8 PORTDOCS= BUILDING-JAILS.TXT INSTALL README SECURITY GNU_CONFIGURE= yes OPTIONS= SCPONLY_WILDCARDS "wildcards processing" on \ SCPONLY_GFTP "gftp compatibility" on \ SCPONLY_CHROOT "chroot functionality" off \ SCPONLY_RSYNC "rsync compatibility" off \ SCPONLY_SCP "vanilla scp compatibility" off \ SCPONLY_SVN "subversion compatibility" off \ SCPONLY_SVNSERVE "subversion compatibility svn+ssh://" off \ SCPONLY_UNISON "unison compatibility" off \ SCPONLY_WINSCP "WinSCP compatibility" off .include .if defined(SCPONLY_DEFAULT_CHDIR) && !empty(SCPONLY_DEFAULT_CHDIR) CONFIGURE_ARGS+=--with-default-chdir=${SCPONLY_DEFAULT_CHDIR} .endif .if defined(WITH_SCPONLY_WILDCARDS) CONFIGURE_ARGS+=--enable-wildcards .else CONFIGURE_ARGS+=--disable-wildcards .endif .if defined(WITH_SCPONLY_GFTP) CONFIGURE_ARGS+=--enable-gftp-compat .else CONFIGURE_ARGS+=--disable-gftp-compat .endif .if defined(WITH_SCPONLY_CHROOT) PLIST_SUB+= SCPONLY_CHROOT="" CONFIGURE_ARGS+=--enable-chrooted-binary USE_RC_SUBR+= scponlyc .else PLIST_SUB+= SCPONLY_CHROOT="@comment " .endif .if defined(WITH_SCPONLY_RSYNC) BUILD_DEPENDS+= rsync:${PORTSDIR}/net/rsync CONFIGURE_ARGS+=--enable-rsync-compat .else CONFIGURE_ARGS+=--disable-rsync-compat .endif .if defined(WITH_SCPONLY_SCP) CONFIGURE_ARGS+=--enable-scp-compat .else CONFIGURE_ARGS+=--disable-scp-compat .endif .if defined(WITH_SCPONLY_SVN) CONFIGURE_ARGS+=--enable-svn-compat .else CONFIGURE_ARGS+=--disable-svn-compat .endif .if defined(WITH_SCPONLY_SVNSERVE) CONFIGURE_ARGS+=--enable-svnserv-compat .else CONFIGURE_ARGS+=--disable-svnserv-compat .endif .if defined(WITH_SCPONLY_UNISON) BUILD_DEPENDS+= unison:${PORTSDIR}/net/unison CONFIGURE_ARGS+=--enable-unison-compat .else CONFIGURE_ARGS+=--disable-unison-compat .endif .if defined(WITH_SCPONLY_WINSCP) CONFIGURE_ARGS+=--enable-winscp-compat .else CONFIGURE_ARGS+=--disable-winscp-compat .endif # svn, svnlook ... are per default in subversion # only check for one of them! .if defined(WITH_SCPONLY_SVN) || defined(WITH_SCPONLY_SVNSERVE) BUILD_DEPENDS+= svn:${PORTSDIR}/devel/subversion .endif RUN_DEPENDS:= ${BUILD_DEPENDS} post-patch: @${ECHO_MSG} "In addition to knobs available from the OPTIONS dialog," @${ECHO_MSG} "you may set SCPONLY_DEFAULT_CHDIR to make users 'cd' to" @${ECHO_MSG} "this directory after authentication." post-install: @${ECHO_MSG} "Updating /etc/shells" @${CP} /etc/shells /etc/shells.bak @(${GREP} -v ${PREFIX}/bin/scponly /etc/shells.bak; \ ${ECHO_CMD} ${PREFIX}/bin/scponly) > /etc/shells @${RM} /etc/shells.bak .if defined(WITH_SCPONLY_CHROOT) @${CP} /etc/shells /etc/shells.bak @(${GREP} -v ${PREFIX}/sbin/scponlyc /etc/shells.bak; \ ${ECHO_CMD} ${PREFIX}/sbin/scponlyc) > /etc/shells @${RM} /etc/shells.bak @${MKDIR} ${EXAMPLESDIR} @${INSTALL_SCRIPT} ${WRKSRC}/setup_chroot.sh ${EXAMPLESDIR} @${INSTALL_DATA} ${WRKSRC}/config.h ${EXAMPLESDIR} @${ECHO_MSG} "" @${ECHO_MSG} "To setup chroot cage, run the following commands:" @${ECHO_MSG} " 1) cd ${EXAMPLESDIR}/ && ${SH} setup_chroot.sh" @${ECHO_MSG} " 2) Set scponlyc_enable=\"YES\" in /etc/rc.conf" @${ECHO_MSG} " 3) Run ${PREFIX}/etc/rc.d/scponly start" @${ECHO_MSG} "" .endif .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for i in ${PORTDOCS} @${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR} .endfor @${ECHO_MSG} "" @${ECHO_MSG} "For information on several potential security concerns," @${ECHO_MSG} "please read:" @${ECHO_MSG} "${DOCSDIR}/SECURITY" @${ECHO_MSG} "" .endif .include