- Rename knonbs for more POLA compliant.

- Utilize PORTDOCS macro.
- Fix pkg-message for the package.
- Minor formating and typographic changes.

PR:		ports/71188
Submitted by:	maintainer

www/cgiwrap/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	cgiwrap
 PORTVERSION=	3.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -18,99 +18,118 @@ COMMENT=	Securely execute ~user CGI scripts
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--with-httpd-user=${WWWOWN} \
 		--with-install-group=${WWWGRP} \
-		--with-install-dir=${MAINCGIDIR} \
+		--with-install-dir=${WITH_MAIN_CGIDIR} \
-		--with-cgi-dir=${CGIWRAP_CGIDIR} \
+		--with-cgi-dir=${WITH_USER_CGIDIR} \
-		--with-local-contact=${CGIWRAP_CONTACT} \
+		--with-local-contact=${WITH_EMAIL} \
-		--with-allow-file=${CGIWRAP_ALLOWFILE} \
+		--with-allow-file=${WITH_ALLOWFILE} \
-		--with-deny-file=${CGIWRAP_DENYFILE}
+		--with-deny-file=${WITH_DENYFILE}
 
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+PKGMESSAGE=	${WRKDIR}/pkg-message
+
+## Available knobs:
+##
+##   WITH_MAIN_CGIDIR:     location of the cgiwrap binaries
+#
+# This is the directory where the cgiwrap binaries (i.e. the setuid
+# root binaries) get installed to.
+#
+WITH_MAIN_CGIDIR?=	${PREFIX}/www/cgi-bin
+
+##   WITH_USER_CGIDIR:     location of the CGI directory per user
+##                         account (i.e. public_html/cgi-bin)
 #
 # Set this to the directory (relative to each user's home) where CGI
 # scripts will be found.  Common alternate values are "www/cgi-bin"
 # (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
 #
-CGIWRAP_CGIDIR?=	public_html/cgi-bin
+WITH_USER_CGIDIR?=	public_html/cgi-bin
 
+##   WITH_ALLOWFILE:       location/name of the cgiwrap.allow ACL file
+##   WITH_DENYFILE:        location/name of the cgiwrap.deny ACL file
 #
-# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
+WITH_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
-#
+WITH_DENYFILE?=		${PREFIX}/etc/${PORTNAME}.deny
-MAINCGIDIR?=	${PREFIX}/www/cgi-bin
 
+##   WITH_EMAIL:           cgiwrap administrator's Email address
 #
-# The allow and deny files control access to cgiwrap.
+WITH_EMAIL?=		webmaster@dummy-host.example.com
-#
-CGIWRAP_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
-CGIWRAP_DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny
 
+##   WITH_LOGGING:         enables cgiwrap logging; specifies the
+##                         path and filename of the logfile
 #
-# Set the contact Email address.
+.if defined(WITH_LOGGING)
-#
+CONFIGURE_ARGS+=	--with-logging-file=${WITH_LOGGING}
-CGIWRAP_CONTACT?=	webmaster@dummy-host.example.com
-
-#
-# Define CGIWRAP_LOGGING and specify where you want the logfile.
-#
-.if defined(CGIWRAP_LOGGING)
-CONFIGURE_ARGS+=	--with-logging-file=${CGIWRAP_LOGGING}
 .endif
 
+##   WITH_DEBUG:           enables cgiwrap debugging support, via
+##                         the 'cgiwrapd' binary
 #
-# Some users enjoy being able to debug their own CGI scripts, since
+.if defined(WITH_DEBUG)
-# the standard "Internal server error" response doesn't help much.
-# Administrators may find this useful as well.  See the cgiwrap
-# documentation for details on how to use this.
-#
-.if defined(CGIWRAP_DEBUG)
 PLIST_SUB+=	CGIWRAPDFLAG=
 .else
 PLIST_SUB+=	CGIWRAPDFLAG="@comment "
 .endif
 
+##   WITHOUT_CHECK_OWNER:  disable CGI file ownership checks
+##   WITHOUT_CHECK_GROUP:  disable CGI file group checks
+##   WITHOUT_CHECK_SETUID: disable CGI file setuid permissions check
+##   WITHOUT_CHECK_SETGID: disable CGI file setgid permissions check
+##   WITHOUT_CHECK_GROUP_WRITABLE:
+##          disable CGI file group-writable permissions check
+##   WITHOUT_CHECK_WORLD_WRITABLE:
+##          disable CGI file world-writable permissions check
 #
-# A slew of --without-* configure flags exist for cgiwrap.  You
+.if defined(WITHOUT_CHECK_OWNER)
-# should refer to the cgiwrap documentation for details regarding
-# what these do, and when (if) they're necessary.
-#
-###
-.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
 CONFIGURE_ARGS+=	--without-check-owner
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
+.if defined(WITHOUT_CHECK_GROUP)
 CONFIGURE_ARGS+=	--without-check-group
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
+.if defined(WITHOUT_CHECK_SETUID)
 CONFIGURE_ARGS+=	--without-check-setuid
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
+.if defined(WITHOUT_CHECK_SETGID)
 CONFIGURE_ARGS+=	--without-check-setgid
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
+.if defined(WITHOUT_CHECK_GROUP_WRITABLE)
 CONFIGURE_ARGS+=	--without-check-group-writable
 .endif
-.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
+.if defined(WITHOUT_CHECK_WORLD_WRITABLE)
 CONFIGURE_ARGS+=	--without-check-world-writable
 .endif
 
+.if !defined(NOPORTDOCS)
+PORTDOCS=	accesscontrol.html afs.html changes.html \
+		chroot.html comments.html download.html faq.html \
+		index.html install.html intro.html maillist.html \
+		notes.html pubs.html quickref.html setup.html \
+		thanks.html todo.html tricks.html y2k.html
+.endif
+
+show-options:
+	@${SED} -ne 's/^##//p' ${.CURDIR}/Makefile
+
 pre-install:
-	@${MKDIR} ${MAINCGIDIR}
+	@${MKDIR} ${WITH_MAIN_CGIDIR}
 
 post-install:
-	@${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+	@${STRIP_CMD} ${WITH_MAIN_CGIDIR}/cgiwrap
-	@${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
+	@${CHMOD} 4550 ${WITH_MAIN_CGIDIR}/cgiwrap
-.if !defined(CGIWRAP_WITH_DEBUG)
+.if !defined(WITH_DEBUG)
-	@${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	@${RM} ${WITH_MAIN_CGIDIR}/cgiwrapd
+	@${RM} ${WITH_MAIN_CGIDIR}/nph-cgiwrapd
 .endif
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
-.for file in accesscontrol.html afs.html changes.html chroot.html	\
+.for f in ${PORTDOCS}
-		comments.html download.html faq.html index.html		\
+	@${INSTALL_DATA} ${WRKSRC}/htdocs/${f} ${DOCSDIR}
-		install.html intro.html maillist.html notes.html	\
-		pubs.html quickref.html setup.html thanks.html		\
-		todo.html tricks.html y2k.html
-	@${INSTALL_DATA} ${WRKSRC}/htdocs/${file} ${DOCSDIR}
 .endfor
-	@${ECHO} "Documentation installed in ${DOCSDIR}"
 .endif
-	@${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g'
+	@${SED}	-e's,%%MAIN_CGIDIR%%,${WITH_MAIN_CGIDIR},g' \
+		-e's,%%ALLOWFILE%%,${WITH_ALLOWFILE},g' \
+		-e's,%%DENYFILE%%,${WITH_DENYFILE},g' \
+		${MASTERDIR}/pkg-message > ${PKGMESSAGE}
+	@${CAT} ${PKGMESSAGE}
 
 .include <bsd.port.mk>

www/cgiwrap/pkg-descr

@@ -1,11 +1,11 @@
 This is CGIWrap - a gateway that allows more secure user access to
-CGI programs on an HTTPd server than is provided by the http server
+CGI programs on an HTTPd server than is provided by the Web server
 itself. The primary function of CGIWrap is to make certain that
 any CGI script runs with the permissions of the user who installed
-it, and not those of the server.
+it, and not those of the Web server.
 
 CGIWrap works with NCSA httpd, Apache, CERN httpd, NetSite Commerce
-and Communications servers, and probably any other Unix based web
+and Communications servers, and probably any other Unix-based Web
 server software that supports CGI.
 
 WWW: http://cgiwrap.sourceforge.net/

www/cgiwrap/pkg-message

@@ -1,15 +1,19 @@
 -----------------------------------------------------------------
 You have installed cgiwrap, a wrapper to securely execute user
-CGI programs.  cgiwrap is reported to work with most web servers
+CGI programs.  cgiwrap is reported to work with most Web servers
 that support CGI, so no one specific server has been included as
-a depend.  If you are unsure of which webserver to use, it is
+a dependancy.  If you are unsure of which Web server to use, it
-recommended to try the Apache web server package.
+is recommended that you try the Apache HTTP server.
 
-The cgiwrap scripts have been installed in:
+The cgiwrap binaries have been installed in the following
-    %%PREFIX%%/www/cgi-bin
+directory:
-...the default location for Apache's cgi-bin directory.
 
-If cgiwrap's allow/deny control is enabled, you must create either
+  %%MAIN_CGIDIR%%
-%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
+
-before cgiwrap will function.
+You should create/manage the following two files, otherwise
+cgiwrap will not function as expected.  These ACL files define
+which users can and cannot run CGI binaries via cgiwrap:
+
+  %%ALLOWFILE%%
+  %%DENYFILE%%
 -----------------------------------------------------------------

www/cgiwrap/pkg-plist

@@ -1,25 +1,5 @@
-%%PORTDOCS%%%%DOCSDIR%%/accesscontrol.html
-%%PORTDOCS%%%%DOCSDIR%%/afs.html
-%%PORTDOCS%%%%DOCSDIR%%/changes.html
-%%PORTDOCS%%%%DOCSDIR%%/chroot.html
-%%PORTDOCS%%%%DOCSDIR%%/comments.html
-%%PORTDOCS%%%%DOCSDIR%%/download.html
-%%PORTDOCS%%%%DOCSDIR%%/faq.html
-%%PORTDOCS%%%%DOCSDIR%%/index.html
-%%PORTDOCS%%%%DOCSDIR%%/install.html
-%%PORTDOCS%%%%DOCSDIR%%/intro.html
-%%PORTDOCS%%%%DOCSDIR%%/maillist.html
-%%PORTDOCS%%%%DOCSDIR%%/notes.html
-%%PORTDOCS%%%%DOCSDIR%%/pubs.html
-%%PORTDOCS%%%%DOCSDIR%%/quickref.html
-%%PORTDOCS%%%%DOCSDIR%%/setup.html
-%%PORTDOCS%%%%DOCSDIR%%/thanks.html
-%%PORTDOCS%%%%DOCSDIR%%/todo.html
-%%PORTDOCS%%%%DOCSDIR%%/tricks.html
-%%PORTDOCS%%%%DOCSDIR%%/y2k.html
 www/cgi-bin/cgiwrap
 %%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
 www/cgi-bin/nph-cgiwrap
 %%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
 @unexec rmdir %D/www/cgi-bin 2>/dev/null || true
-%%PORTDOCS%%@dirrm %%DOCSDIR%%