1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-15 23:50:44 +00:00
freebsd-ports/net/cvsup-mirror/pkg-install

255 lines
6.2 KiB
Plaintext
Raw Normal View History

#! /bin/sh
base=${PREFIX}/etc/cvsup
prefixes=${base}/prefixes
chmods_done=" "
ask() {
local question default answer
question=$1
default=$2
if [ -z "${PACKAGE_BUILDING}" ]; then
read -p "${question} [${default}]? " answer
fi
if [ x${answer} = x ]; then
answer=${default}
fi
echo ${answer}
}
yesno() {
local dflt question answer
question=$1
dflt=$2
while :; do
answer=$(ask "${question}" "${dflt}")
case "${answer}" in
[Yy]*) return 0;;
[Nn]*) return 1;;
esac
echo "Please answer yes or no."
done
}
install_links() {
local link dir subdir path
while [ $# -ge 3 ]; do
link=$1
dir=$2
subdir=$3
echo " Linking ${link} -> ${dir}"
ln -sf ${dir} ${prefixes}/${link} || exit
if [ "x${dir}" != "xSKIP" -a "x${dir}" != "x.." ]; then
if [ "x${subdir}" = "x." ]; then
path=${dir}
else
path=${dir}/${subdir}
fi
( cd ${prefixes} || exit
if [ "x${subdir}" != "x." -a -h ${path} ]; then
cat <<EOF
"${subdir}" must be a true subdirectory of "${dir}", not a symbolic link.
Please remove the symbolic link and/or configure again using the true
directory path to "${subdir}".
EOF
exit 1
fi
test -d ${path} || mkdir -p ${path} || exit ) || exit
if ! expr "${chmods_done}" : ".* ${path} " >/dev/null 2>&1; then
This is a fairly substantial upgrade of the cvsup-mirror port. In honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
2000-01-28 06:42:37 +00:00
echo -n " Fixing ownerships and modes in ${path} ..."
( chdir ${prefixes} && \
chown -R ${cuser}:${cgroup} ${path} && \
chmod -R a+rX ${path} ) || exit
echo " done."
chmods_done="${chmods_done}${path} "
fi
fi
shift 3
done
}
This is a fairly substantial upgrade of the cvsup-mirror port. In honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
2000-01-28 06:42:37 +00:00
make_account() {
local u g gcos homeopt home
This is a fairly substantial upgrade of the cvsup-mirror port. In honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
2000-01-28 06:42:37 +00:00
u=$1
g=$2
gcos=$3
homeopt=${4:+"-d $4"}
This is a fairly substantial upgrade of the cvsup-mirror port. In honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
2000-01-28 06:42:37 +00:00
if pw group show "${g}" >/dev/null 2>&1; then
echo "You already have a group \"${g}\", so I will use it."
else
echo "You need a group \"${g}\"."
if which -s pw && yesno "Would you like me to create it" y; then
pw groupadd ${g} || exit
echo "Done."
else
echo "Please create it, and try again."
if ! grep -q "^${u}:" /etc/passwd; then
echo "While you're at it, please create a user \"${u}\" too,"
echo "with a default group of \"${g}\"."
fi
exit 1
fi
fi
if pw user show "${u}" >/dev/null 2>&1; then
echo "You already have a user \"${u}\", so I will use it."
else
echo "You need a user \"${u}\"."
if which -s pw && yesno "Would you like me to create it" y; then
pw useradd ${u} -g ${g} -h - ${homeopt} \
-s /nonexistent -c "${gcos}" || exit
This is a fairly substantial upgrade of the cvsup-mirror port. In honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
2000-01-28 06:42:37 +00:00
echo "Done."
else
echo "Please create it, and try again."
exit 1
fi
fi
if [ x"$homeopt" = x ]; then
eval home=~${u}
if [ ! -d "${home}" ]; then
if yesno \
"Would you like me to create ${u}'s home directory (${home})" y
then
(umask 77 && \
mkdir -p ${home}/.cvsup && \
touch ${home}/.cvsup/auth) || exit
chown -R ${u}:${g} ${home} || exit
else
echo "Please create it, and try again."
exit 1
fi
fi
fi
This is a fairly substantial upgrade of the cvsup-mirror port. In honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
2000-01-28 06:42:37 +00:00
}
case $2 in
POST-INSTALL)
. ${base}/config.sh || exit
if which -s pw && which -s lockf; then
:
else
cat <<EOF
This system looks like a pre-2.2 version of FreeBSD. I see that it
is missing the "lockf" and/or "pw" utilities. I need these utilities.
Please get them and install them, and try again. You can get the
sources from:
ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.bin/lockf.tar.gz
ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
EOF
exit 1
fi
echo ""
make_account ${user} ${group} "CVSup Daemon" "/nonexistent"
make_account ${cuser} ${cgroup} "CVSup Client"
echo "Fixing ownerships and modes in \"${base}\"."
This is a fairly substantial upgrade of the cvsup-mirror port. In honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
2000-01-28 06:42:37 +00:00
chown -R root:wheel ${base}
test -d ${base}/sup || mkdir -p ${base}/sup
test -d ${base}/sup.client || mkdir -p ${base}/sup.client
chown -R ${cuser}:${cgroup} ${base}/sup ${base}/sup.client
chmod -R go=u-w ${base}
echo "Setting up links and directories for distributions."
test -d ${prefixes} || mkdir ${prefixes} || exit
install_links ${distribs}
echo ""
if grep -q "^[^#]*${facility}.*/var/log/cvsupd.log" /etc/syslog.conf; then
echo -n "It looks like you already have some logging set up, so I "
echo "will use it."
else
if yesno "Would you like me to set up the syslog logging" y; then
echo "Setting up server logging in \"/etc/syslog.conf\"."
cat <<EOF >>/etc/syslog.conf
!cvsupd
${facility}.info /var/log/cvsupd.log
EOF
if [ ! -f /var/log/cvsupd.log ]; then
echo "Creating \"/var/log/cvsupd.log\"."
cp /dev/null /var/log/cvsupd.log
fi
if [ -f /var/run/syslog.pid ]; then
echo "Giving syslogd a kick in the pants."
kill -HUP $(cat /var/run/syslog.pid)
fi
echo "Adding cvsupd log entry to \"/etc/newsyslog.conf\"."
cat <<EOF >>/etc/newsyslog.conf
/var/log/cvsupd.log 664 7 * 24 Z
EOF
echo "Done."
else
cat <<EOF
OK, please remember to do it yourself. You should log "${facility}.info"
to "/var/log/cvsupd.log". Don't forget to add an entry to
"/etc/newsyslog.conf".
EOF
fi
fi
echo ""
if grep -q "^[^#]*${base}/update\.sh" /etc/crontab; then
echo "It looks like your crontab is already set up, so I'll use that."
else
if [ ${interval} -eq 1 ]; then
updstr="hourly updates"
else
updstr="updates every ${interval} hours"
fi
if yesno "Would you like me to set up your crontab for ${updstr}" y
then
echo "Scheduling ${updstr} in \"/etc/crontab\"."
delay=5
now=$(date "+%s")
start=$((${now} + ${delay}*60))
hh=$(date -r ${start} "+%H")
mm=$(date -r ${start} "+%M")
h=$((${hh}))
m=$((${mm}))
if [ ${interval} -eq 1 ]; then
hstr="*"
else
h0=$((${h} % ${interval}))
if [ ${interval} -eq 24 ]; then
hstr=${h0}
else
h1=$((${h0} + 24 - ${interval}))
hstr=${h0}-${h1}/${interval}
fi
fi
cat <<EOF >>/etc/crontab
${m} ${hstr} * * * root ${base}/update.sh
EOF
cat <<EOF
Done. The first update will be ${delay} minutes from now, at ${hh}:${mm}.
The cvsupd server will be started automatically after the first update,
and whenever you reboot.
EOF
else
cat <<EOF
OK, please remember to do it yourself. The crontab entry should run
"${base}/update.sh" as root.
EOF
fi
fi
echo ""
echo "You are now a FreeBSD mirror site."
;;
esac