summaryrefslogtreecommitdiff
path: root/network/suphp/suphp.SlackBuild
diff options
context:
space:
mode:
Diffstat (limited to 'network/suphp/suphp.SlackBuild')
-rw-r--r--network/suphp/suphp.SlackBuild63
1 files changed, 39 insertions, 24 deletions
diff --git a/network/suphp/suphp.SlackBuild b/network/suphp/suphp.SlackBuild
index 42515eb197..e3e9eff0cc 100644
--- a/network/suphp/suphp.SlackBuild
+++ b/network/suphp/suphp.SlackBuild
@@ -2,10 +2,14 @@
# Slackware build script for suPHP
-# Written by Menno E. Duursma <druiloor@zonnet.nl>
+# Written by Menno Duursma <druiloor@zonnet.nl>
+
+# This program is free software. It comes without any warranty.
+# Granted WTFPLv2, as published by Sam Hocevar dec'04.
+# For details see http://sam.zoy.org/wtfpl/COPYING
PRGNAM=suphp
-VERSION=0.6.3
+VERSION=${VERSION:-0.7.1}
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -13,7 +17,10 @@ TAG=${TAG:-_SBo}
CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
-OUTPUT=${OUTPUT:-/tmp} # Drop the package in /tmp
+OUTPUT=${OUTPUT:-/tmp}
+
+# On capability enabled filesystems this may be enabled
+FCAPS=${FCAPS:-false}
# The stock Apache on Slackware runs httpd under system
# user/group account 'apache'. If you happen to use some
@@ -40,11 +47,13 @@ cd $PRGNAM-$VERSION
chown -R root:root .
chmod -R u+w,go+r-w,a-s .
-# Apply a patch to have it globally honor the suPHP_Engine directive
-patch -p0 --verbose < $CWD/suphp-$VERSION-vhosts.patch
+# FCAPS: remove ruid-root check from source
+if [ "$FCAPS" != "false" ]; then
+ patch --verbose -p1 < $CWD/patches/suphp-0.7.1-nosuid.diff
+fi
# Default to secure settings, as any of the configuration options
-# can be overwritten in the config-file /etc/httpd/suphp.conf anyway
+# can be overwritten in the config file /etc/httpd/suphp.conf anyway
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
@@ -55,25 +64,28 @@ CXXFLAGS="$SLKCFLAGS" \
--with-apache-user=$HTTPD_USER \
--with-logfile=/var/log/httpd/suphp_log \
--enable-static=no \
- --build=$ARCH-slackware-linux \
- --host=$ARCH-slackware-linux
+ --build=$ARCH-slackware-linux
make
-make install DESTDIR=$PKG
-( cd $PKG
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
-)
+# Following only strips the wrapper
+make install-strip DESTDIR=$PKG
+
+# Strip the DSO as well
+find $PKG -type f | xargs file | grep "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip -v --strip-unneeded 2> /dev/null
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a AUTHORS COPYING ChangeLog doc/* $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
-cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.SBo
+cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
mkdir -p $PKG/etc/httpd
+cat $CWD/config/mod_suphp.conf > $PKG/etc/httpd/mod_suphp.conf.new
+
+# Make sure the user Apache runs as in correctly reflected
sed s/'webserver_user=apache'/"webserver_user=$HTTPD_USER"/g \
- $CWD/suphp.conf >> $PKG/etc/httpd/suphp.conf.new
+ $CWD/config/suphp.conf > $PKG/etc/httpd/suphp.conf.new
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
@@ -81,15 +93,18 @@ cat $CWD/doinst.sh > $PKG/install/doinst.sh
# Make sure the access permissions on target host are such that
# only the group Apache runs as has access to it
-echo "chgrp $HTTPD_GROUP usr/sbin/suphp" >> $PKG/install/doinst.sh
-echo "chmod 4750 usr/sbin/suphp" >> $PKG/install/doinst.sh
+chown root:$HTTPD_GROUP $PKG/usr/sbin/suphp
+
+# Install setuid unless caller requested otherwise
+if [ "$FCAPS" != "false" ]; then
+ chmod 0750 $PKG/usr/sbin/suphp
+ # Note: on a chrooted Apache: this should fence the jail
+ echo 'setcap "cap_setgid=ep cap_setuid=ep" usr/sbin/suphp' \
+ >> $PKG/install/doinst.sh
+else
+ # Install setuid-root
+ chmod 4750 $PKG/usr/sbin/suphp
+fi
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
-
-# Clean up the extra stuff
-if [ "$1" = "--cleanup" ]; then
- rm -rf $TMP/$PRGNAM-$VERSION
- rm -rf $PKG
-fi
-