diff options
| author | jlam <jlam@pkgsrc.org> | 2007-07-04 20:54:31 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2007-07-04 20:54:31 +0000 |
| commit | 98cdd9932cde6f42403278ca908a087e5bca9d36 (patch) | |
| tree | 651c1d29a5b557efafa04d2bb6f2cb512a979f64 /security | |
| parent | 0247ab7847e69210ea87ced5b0d8bf19ddb094c8 (diff) | |
| download | pkgsrc-98cdd9932cde6f42403278ca908a087e5bca9d36.tar.gz | |
Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Diffstat (limited to 'security')
| -rw-r--r-- | security/amavisd-new/Makefile | 6 | ||||
| -rw-r--r-- | security/base/Makefile | 6 | ||||
| -rw-r--r-- | security/courier-authlib/Makefile.common | 5 | ||||
| -rw-r--r-- | security/cyrus-sasl/Makefile | 5 | ||||
| -rw-r--r-- | security/dirmngr/Makefile | 4 | ||||
| -rw-r--r-- | security/libprelude/Makefile | 7 | ||||
| -rw-r--r-- | security/openssh+gssapi/Makefile | 5 | ||||
| -rw-r--r-- | security/openssh/Makefile | 6 | ||||
| -rw-r--r-- | security/pks/Makefile | 5 | ||||
| -rw-r--r-- | security/prelude-lml/Makefile | 5 | ||||
| -rw-r--r-- | security/prelude-manager/Makefile | 5 | ||||
| -rw-r--r-- | security/py-prewikka/Makefile | 5 |
12 files changed, 47 insertions, 17 deletions
diff --git a/security/amavisd-new/Makefile b/security/amavisd-new/Makefile index c8f556ffdb5..6e2fee00cb7 100644 --- a/security/amavisd-new/Makefile +++ b/security/amavisd-new/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.32 2007/07/03 14:21:06 xtraeme Exp $ +# $NetBSD: Makefile,v 1.33 2007/07/04 20:54:56 jlam Exp $ DISTNAME= amavisd-new-${VERSION}${PATCHLEVEL} PKGNAME= amavisd-new-${VERSION}${PATCHLEVEL:S/-//} @@ -47,7 +47,9 @@ DOCDIR= ${PREFIX}/share/doc/amavisd-new EGDIR= ${PREFIX}/share/examples/amavisd-new MESSAGE_SRC= ${PKGDIR}/MESSAGE -BUILD_DEFS+= AMAVIS_USER AMAVIS_GROUP AMAVIS_DIR AMAVIS_QUARANTINE +PKG_GROUPS_VARS+= AMAVIS_GROUP +PKG_USERS_VARS+= AMAVIS_USER +BUILD_DEFS+= AMAVIS_DIR AMAVIS_QUARANTINE FILES_SUBST+= AMAVIS_USER=${AMAVIS_USER:Q} FILES_SUBST+= AMAVIS_GROUP=${AMAVIS_GROUP:Q} FILES_SUBST+= AMAVIS_DIR=${AMAVIS_DIR:Q} diff --git a/security/base/Makefile b/security/base/Makefile index 25962166101..3ff38f4b19a 100644 --- a/security/base/Makefile +++ b/security/base/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.14 2007/06/30 13:47:38 joerg Exp $ +# $NetBSD: Makefile,v 1.15 2007/07/04 20:54:56 jlam Exp $ # DISTNAME= base-1.3.6 @@ -33,10 +33,12 @@ MESSAGE_SUBST+= EGDIR=${EGDIR:Q} BASE_DIR=${BASE_DIR:Q} PAX_DIRS= admin help images includes languages scripts setup sql styles WWW_USER?= ${APACHE_USER} WWW_GROUP?= ${APACHE_GROUP} -BUILD_DEFS+= WWW_USER WWW_GROUP USE_TOOLS+= perl:run REPLACE_PERL+= scripts/base_maintenance.pl +PKG_GROUPS_VARS+= WWW_GROUP +PKG_USERS_VARS+= WWW_USER + CONF_FILES= ${EGDIR}/base.conf ${PKG_SYSCONFDIR}/base.conf CONF_FILES_PERMS= ${EGDIR}/base_conf.php ${BASE_DIR}/base_conf.php \ diff --git a/security/courier-authlib/Makefile.common b/security/courier-authlib/Makefile.common index 9131c7feaf5..0bd034df792 100644 --- a/security/courier-authlib/Makefile.common +++ b/security/courier-authlib/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.9 2006/04/28 14:41:23 jlam Exp $ +# $NetBSD: Makefile.common,v 1.10 2007/07/04 20:54:56 jlam Exp $ COURIER_USER?= courier COURIER_GROUP?= mail @@ -10,6 +10,9 @@ MESSAGE_SUBST+= COURIER_GROUP=${COURIER_GROUP:Q} PKG_GROUPS= ${COURIER_GROUP} PKG_USERS= ${COURIER_USER}:${COURIER_GROUP} +PKG_GROUPS_VARS+= COURIER_GROUP +PKG_USERS_VARS+= COURIER_USER + GNU_CONFIGURE= yes CONFIGURE_ARGS+= --with-mailuser=${COURIER_USER:Q} CONFIGURE_ARGS+= --with-mailgroup=${COURIER_GROUP:Q} diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile index 032f3b8571a..9657c9abebe 100644 --- a/security/cyrus-sasl/Makefile +++ b/security/cyrus-sasl/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.54 2007/02/22 19:27:07 wiz Exp $ +# $NetBSD: Makefile,v 1.55 2007/07/04 20:54:57 jlam Exp $ .include "Makefile.common" @@ -55,7 +55,8 @@ CYRUS_USER?= cyrus CYRUS_GROUP?= mail FILES_SUBST+= CYRUS_USER=${CYRUS_USER:Q} FILES_SUBST+= ROOT_USER=${ROOT_USER:Q} -BUILD_DEFS+= CYRUS_USER CYRUS_GROUP +PKG_GROUPS_VARS+= CYRUS_GROUP +PKG_USERS_VARS+= CYRUS_USER PKG_GROUPS= ${CYRUS_GROUP} PKG_USERS= ${CYRUS_USER}:${CYRUS_GROUP} diff --git a/security/dirmngr/Makefile b/security/dirmngr/Makefile index 19c45cd834a..280c1d71895 100644 --- a/security/dirmngr/Makefile +++ b/security/dirmngr/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.28 2007/05/12 11:19:18 shannonjr Exp $ +# $NetBSD: Makefile,v 1.29 2007/07/04 20:54:57 jlam Exp $ # DISTNAME= dirmngr-1.0.0 @@ -19,6 +19,8 @@ DIRMNGR_USER?= dirmngr DIRMNGR_GROUP?= dirmngr PKG_GROUPS= ${DIRMNGR_GROUP} PKG_USERS= ${DIRMNGR_USER}:${DIRMNGR_GROUP} +PKG_GROUPS_VARS+= DIRMNGR_GROUP +PKG_USERS_VARS+= DIRMNGR_USER PKG_HOME.${DIRMNGR_USER}= ${VARBASE}/dirmngr diff --git a/security/libprelude/Makefile b/security/libprelude/Makefile index b836b494bac..6259ad95cb3 100644 --- a/security/libprelude/Makefile +++ b/security/libprelude/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.22 2007/06/05 05:37:00 wiz Exp $ +# $NetBSD: Makefile,v 1.23 2007/07/04 20:54:57 jlam Exp $ # DISTNAME= libprelude-0.9.14 PKGREVISION= 1 @@ -16,7 +16,10 @@ COMMENT= Provides the framework for using the Prelude system PRELUDE_USER?= _prelude PRELUDE_GROUP?= _prelude -BUILD_DEFS+= PRELUDE_USER PRELUDE_GROUP VARBASE +PKG_GROUPS_VARS+= PRELUDE_GROUP +PKG_USERS_VARS+= PRELUDE_USER + +BUILD_DEFS+= VARBASE USE_PKGLOCALEDIR= yes USE_LIBTOOL= yes diff --git a/security/openssh+gssapi/Makefile b/security/openssh+gssapi/Makefile index 78474dd63fc..4400982d4cb 100644 --- a/security/openssh+gssapi/Makefile +++ b/security/openssh+gssapi/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.38 2007/02/22 19:27:08 wiz Exp $ +# $NetBSD: Makefile,v 1.39 2007/07/04 20:54:57 jlam Exp $ # NOTE: This package is modeled on ../openssh, but does not share # files with it as that package may update faster than the gssapi @@ -44,6 +44,9 @@ INSTALL_TARGET= install-nokeys PLIST_SRC= # empty MESSAGE_SRC= ${.CURDIR}/MESSAGE +PKG_GROUPS_VARS+= OPENSSH_GROUP +PKG_USERS_VARS+= OPENSSH_USER + PKG_GROUPS= ${OPENSSH_GROUP} PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP} diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 77ec2bd4d51..fe81c40cb8c 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.179 2007/03/18 12:38:44 taca Exp $ +# $NetBSD: Makefile,v 1.180 2007/07/04 20:54:58 jlam Exp $ DISTNAME= openssh-4.6p1 PKGNAME= openssh-4.6.1 @@ -30,7 +30,9 @@ CRYPTO= yes # retain the following line, for IPv6-ready pkgsrc webpage BUILD_DEFS+= USE_INET6 -BUILD_DEFS+= OPENSSH_CHROOT OPENSSH_GROUP OPENSSH_USER +PKG_GROUPS_VARS+= OPENSSH_GROUP +PKG_USERS_VARS+= OPENSSH_USER +BUILD_DEFS+= OPENSSH_CHROOT BUILD_DEFS+= VARBASE INSTALL_TARGET= install-nokeys diff --git a/security/pks/Makefile b/security/pks/Makefile index 0b9b5238d01..5ad61ef4725 100644 --- a/security/pks/Makefile +++ b/security/pks/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.25 2006/04/23 00:12:42 jlam Exp $ +# $NetBSD: Makefile,v 1.26 2007/07/04 20:54:58 jlam Exp $ DISTNAME= pks-0.9.4 PKGREVISION= 3 @@ -18,6 +18,9 @@ COMMENT= PGP Public Key Server GNU_CONFIGURE= YES +PKG_GROUPS_VARS+= PKS_GROUP +PKG_USERS_VARS+= PKS_USER + PKS_USER= pks PKS_GROUP= pks PKS_SERVER?= localhost diff --git a/security/prelude-lml/Makefile b/security/prelude-lml/Makefile index 597ad382fed..74a6ab798bf 100644 --- a/security/prelude-lml/Makefile +++ b/security/prelude-lml/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.16 2007/06/05 05:37:34 wiz Exp $ +# $NetBSD: Makefile,v 1.17 2007/07/04 20:54:58 jlam Exp $ # DISTNAME= prelude-lml-0.9.9 @@ -16,6 +16,9 @@ COMMENT= Log analyzer monitoring your logfile and received syslog messages PRELUDE_USER?= _prelude PRELUDE_GROUP?= _prelude +PKG_GROUPS_VARS+= PRELUDE_GROUP +PKG_USERS_VARS+= PRELUDE_USER + USE_PKGLOCALEDIR= yes USE_LIBTOOL= yes GNU_CONFIGURE= yes diff --git a/security/prelude-manager/Makefile b/security/prelude-manager/Makefile index ce6a0a5cb06..47b18516b37 100644 --- a/security/prelude-manager/Makefile +++ b/security/prelude-manager/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.19 2007/06/05 05:37:34 wiz Exp $ +# $NetBSD: Makefile,v 1.20 2007/07/04 20:54:58 jlam Exp $ # DISTNAME= prelude-manager-0.9.8 @@ -26,6 +26,9 @@ PRELUDE_USER?= _prelude PRELUDE_GROUP?= _prelude PRELUDE_HOME?= /var/spool/prelude-manager +PKG_GROUPS_VARS+= PRELUDE_GROUP +PKG_USERS_VARS+= PRELUDE_USER + PKG_GROUPS= ${PRELUDE_GROUP} PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP} diff --git a/security/py-prewikka/Makefile b/security/py-prewikka/Makefile index 8e873267904..12548d76b44 100644 --- a/security/py-prewikka/Makefile +++ b/security/py-prewikka/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.20 2007/06/05 05:37:35 wiz Exp $ +# $NetBSD: Makefile,v 1.21 2007/07/04 20:54:59 jlam Exp $ # DISTNAME= prewikka-${VERSION} @@ -40,6 +40,9 @@ PKG_USERS= ${PREWIKKA_USER}:${PREWIKKA_GROUP} PKG_GECOS.${PREWIKKA_USER}= Prelude-IDS console PKG_HOME.${PREWIKKA_USER}= ${PREWIKKA_HOME} +PKG_GROUPS_VARS+= PREWIKKA_GROUP +PKG_USERS_VARS+= PREWIKKA_USER + SUBST_CLASSES+= code SUBST_STAGE.code= post-patch SUBST_FILES.code= runPrewikka.c |