summaryrefslogtreecommitdiff
path: root/network/suphp/suphp.SlackBuild
blob: 2852b31ff70d2b51f76b2520a07d3ea508eee187 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/bin/sh

# Slackware build script for suPHP

# Written by Menno Duursma <druiloor@zonnet.nl>

# This program is free software. It comes without any warranty.
# Granted WTFPLv2, as published by Sam Hocevar dec'04.
# For details see http://sam.zoy.org/wtfpl/COPYING

PRGNAM=suphp
VERSION=${VERSION:-0.7.1}
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}

CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}

# On capability enabled filesystems this may be enabled
FCAPS=${FCAPS:-false}

# The stock Apache on Slackware runs httpd under system
# user/group account 'apache'. If you happen to use some
# other account change the directives below
HTTPD_USER=${HTTPD_USER:-apache}
HTTPD_GROUP=${HTTPD_GROUP:-apache}

if [ "$ARCH" = "i486" ]; then
  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"
  LIBDIRSUFFIX="64"
fi

set -e # Exit on most errors

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION
chown -R root:root .
chmod -R u+w,go+r-w,a-s .

# FCAPS: remove ruid-root check from source
if [ "$FCAPS" != "false" ]; then
  patch --verbose -p1 < $CWD/patches/suphp-0.7.1-nosuid.diff
fi

# Default to secure settings, as any of the configuration options 
# can be overwritten in the config file /etc/httpd/suphp.conf anyway
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
  --prefix=/usr \
  --libdir=/usr/lib${LIBDIRSUFFIX} \
  --with-apr=/usr/bin/apr-1-config \
  --with-apxs=/usr/sbin/apxs \
  --sysconfdir=/etc/httpd \
  --with-apache-user=$HTTPD_USER \
  --with-logfile=/var/log/httpd/suphp_log \
  --enable-static=no \
  --build=$ARCH-slackware-linux

make

# Following only strips the wrapper
make install-strip DESTDIR=$PKG

# Strip the DSO as well
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true

mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a AUTHORS COPYING ChangeLog doc/* $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE

mkdir -p $PKG/etc/httpd
sed "s%@LIBDIR@%/usr/lib${LIBDIRSUFFIX}%" $CWD/config/mod_suphp.conf > \
  $PKG/etc/httpd/mod_suphp.conf.new

# Make sure the user Apache runs as in correctly reflected
sed "s/@HTTPD_USER@/$HTTPD_USER/" \
  $CWD/config/suphp.conf > $PKG/etc/httpd/suphp.conf.new

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh

# Make sure the access permissions on target host are such that
# only the group Apache runs as has access to it
chown root:$HTTPD_GROUP $PKG/usr/sbin/suphp

# Install setuid unless caller requested otherwise
if [ "$FCAPS" != "false" ]; then
  chmod 0750 $PKG/usr/sbin/suphp
  # Note: on a chrooted Apache: this should fence the jail
  echo 'setcap "cap_setgid=ep cap_setuid=ep" usr/sbin/suphp' \
    >> $PKG/install/doinst.sh
else
  # Install setuid-root
  chmod 4750 $PKG/usr/sbin/suphp
fi

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}