diff options
Diffstat (limited to 'network/suphp/suphp.SlackBuild')
-rw-r--r-- | network/suphp/suphp.SlackBuild | 63 |
1 files changed, 39 insertions, 24 deletions
diff --git a/network/suphp/suphp.SlackBuild b/network/suphp/suphp.SlackBuild index 42515eb197..e3e9eff0cc 100644 --- a/network/suphp/suphp.SlackBuild +++ b/network/suphp/suphp.SlackBuild @@ -2,10 +2,14 @@ # Slackware build script for suPHP -# Written by Menno E. Duursma <druiloor@zonnet.nl> +# Written by Menno Duursma <druiloor@zonnet.nl> + +# This program is free software. It comes without any warranty. +# Granted WTFPLv2, as published by Sam Hocevar dec'04. +# For details see http://sam.zoy.org/wtfpl/COPYING PRGNAM=suphp -VERSION=0.6.3 +VERSION=${VERSION:-0.7.1} ARCH=${ARCH:-i486} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -13,7 +17,10 @@ TAG=${TAG:-_SBo} CWD=$(pwd) TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} # Drop the package in /tmp +OUTPUT=${OUTPUT:-/tmp} + +# On capability enabled filesystems this may be enabled +FCAPS=${FCAPS:-false} # The stock Apache on Slackware runs httpd under system # user/group account 'apache'. If you happen to use some @@ -40,11 +47,13 @@ cd $PRGNAM-$VERSION chown -R root:root . chmod -R u+w,go+r-w,a-s . -# Apply a patch to have it globally honor the suPHP_Engine directive -patch -p0 --verbose < $CWD/suphp-$VERSION-vhosts.patch +# FCAPS: remove ruid-root check from source +if [ "$FCAPS" != "false" ]; then + patch --verbose -p1 < $CWD/patches/suphp-0.7.1-nosuid.diff +fi # Default to secure settings, as any of the configuration options -# can be overwritten in the config-file /etc/httpd/suphp.conf anyway +# can be overwritten in the config file /etc/httpd/suphp.conf anyway CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ @@ -55,25 +64,28 @@ CXXFLAGS="$SLKCFLAGS" \ --with-apache-user=$HTTPD_USER \ --with-logfile=/var/log/httpd/suphp_log \ --enable-static=no \ - --build=$ARCH-slackware-linux \ - --host=$ARCH-slackware-linux + --build=$ARCH-slackware-linux make -make install DESTDIR=$PKG -( cd $PKG - find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null -) +# Following only strips the wrapper +make install-strip DESTDIR=$PKG + +# Strip the DSO as well +find $PKG -type f | xargs file | grep "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip -v --strip-unneeded 2> /dev/null mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cp -a AUTHORS COPYING ChangeLog doc/* $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild -cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.SBo +cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE mkdir -p $PKG/etc/httpd +cat $CWD/config/mod_suphp.conf > $PKG/etc/httpd/mod_suphp.conf.new + +# Make sure the user Apache runs as in correctly reflected sed s/'webserver_user=apache'/"webserver_user=$HTTPD_USER"/g \ - $CWD/suphp.conf >> $PKG/etc/httpd/suphp.conf.new + $CWD/config/suphp.conf > $PKG/etc/httpd/suphp.conf.new mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc @@ -81,15 +93,18 @@ cat $CWD/doinst.sh > $PKG/install/doinst.sh # Make sure the access permissions on target host are such that # only the group Apache runs as has access to it -echo "chgrp $HTTPD_GROUP usr/sbin/suphp" >> $PKG/install/doinst.sh -echo "chmod 4750 usr/sbin/suphp" >> $PKG/install/doinst.sh +chown root:$HTTPD_GROUP $PKG/usr/sbin/suphp + +# Install setuid unless caller requested otherwise +if [ "$FCAPS" != "false" ]; then + chmod 0750 $PKG/usr/sbin/suphp + # Note: on a chrooted Apache: this should fence the jail + echo 'setcap "cap_setgid=ep cap_setuid=ep" usr/sbin/suphp' \ + >> $PKG/install/doinst.sh +else + # Install setuid-root + chmod 4750 $PKG/usr/sbin/suphp +fi cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz - -# Clean up the extra stuff -if [ "$1" = "--cleanup" ]; then - rm -rf $TMP/$PRGNAM-$VERSION - rm -rf $PKG -fi - |