1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-15 23:50:44 +00:00
freebsd-ports/net/cvsup-mirror/scripts/configure
John Polstra 3176ec22e7 This is a fairly substantial upgrade of the cvsup-mirror port. In
honor of the occasion I have bumped the version number to 1.1.

The port now depends upon the cvsup-bin and cvsupd-bin ports rather
than on the more trouble-prone cvsup port.

The CVSup server is run with "-C 100" (max. 100 clients at a time)
and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access"
file.  This is nice because you can change the limit by editing
the file; you don't have to restart the server.  The cvsupd.access
file also contains a rule to limit each individual host to one
connection at a time.

The CVSup client is now run under its own unprivileged user ID
instead of root.  This is a security enhancement.  It makes it
impossible for a compromised master site to install files into
places outside the mirror area of the filesystem.  The permissions
of various other files such as /usr/local/etc/cvsup have also been
strengthened to enhance security.

Both client and server now cd to /var/tmp to run, so that if they
decide to croak they'll be able to write the core file. :-)

The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start"
and "stop" arguments.

The configure script no longer attempts to tell you the sizes of
the various collections.  That's impossible to maintain.  When I
have time I plan to make a web page where one can obtain that
information from an automatically-updated source.  Then I will
reference the URL in the configure script.

It is possible to upgrade an existing cvsup-mirror-1.0 installation
to this new version, but it is tricky because of the change in
ownership of the mirrored files.  I will post instructions to the
freebsd-hubs mailing list after I make sure I have the procedure
just right.
2000-01-28 06:42:37 +00:00

220 lines
5.7 KiB
Bash

#! /bin/sh
base=${PREFIX}/etc/cvsup
variables="user group cuser cgroup host host_crypto interval \
maxclients facility distribs"
ask() {
local question default answer
question=$1
default=$2
if [ -z "${PACKAGE_BUILDING}" ]; then
read -p "${question} [${default}]? " answer
fi
if [ x${answer} = x ]; then
answer=${default}
fi
echo ${answer}
}
yesno() {
local dflt question answer
question=$1
dflt=$2
while :; do
answer=$(ask "${question}" "${dflt}")
case "${answer}" in
[Yy]*) return 0;;
[Nn]*) return 1;;
esac
echo "Please answer yes or no."
done
}
ask_distrib() {
local desc dflt link dir subdir
link=$1
dflt=$2
subdir=$3
desc=$4
if yesno "Do you wish to mirror the ${desc}" y; then
if [ "${subdir}" != "." ]; then
cat <<EOF
Note: the location for this must match "*/${subdir}", and
"${subdir}" must be a true subdirectory, not a symbolic link.
EOF
fi
while :; do
dir=$(ask "Where would you like to put it" ${dflt})
case ${dir} in
/*) ;;
*) echo "Please specify an absolute pathname."
continue;;
esac
if [ "${subdir}" = "." ]; then
break
fi
dir=$(expr "${dir}" : "\(.*\)/${subdir}\$")
if [ "x${dir}" != x ]; then
break
fi
echo "The location must match \"*/${subdir}\""
done
distribs="${distribs} ${link} ${dir} ${subdir}"
return 0
else
distribs="${distribs} ${link} SKIP ${subdir}"
return 1
fi
}
canonicalize() {
echo $1 | tr "[:upper:]" "[:lower:]"
}
#------------------------------------------------------------------------------
cat <<EOF
I am going to ask you a few questions so that I can set up your
FreeBSD mirror configuration. Every question has a [default]
answer. To accept the default, just press ENTER.
At this point, I am just gathering information. I will not touch
your system until you type "make install".
EOF
if [ x${USA_RESIDENT} = xYES ]; then
dflt_domestic=y
else
dflt_domestic=n
fi
if yesno "Is this host in the USA or Canada" ${dflt_domestic}; then
domestic=yes
else
domestic=no
fi
host=$(ask "Master site for your non-crypto updates" cvsup-master.freebsd.org)
if [ ${domestic} = yes ]; then
dflt_host_crypto=${host}
else
dflt_host_crypto=cvsup.internat.freebsd.org
fi
cat <<EOF
If you are not planning to mirror the crypto files, just accept
the default answer for the next question.
EOF
host_crypto=$(ask "Master site for your crypto updates" ${dflt_host_crypto})
host=$(canonicalize ${host})
host_crypto=$(canonicalize ${host_crypto})
while :; do
interval=$(ask "How many hours between updates of your files" 1)
case ${interval} in
1|2|3|4|6|8|12|24) break;;
esac
echo "Please answer 1, 2, 3, 4, 6, 8, 12, or 24"
done
cat <<EOF
Now you must decide which sets of files you wish to make available
from your mirror site. You can choose any combination, and you
can put each set anywhere you want to on your disks. Although each
set is optional, we strongly encourage every mirror site to carry
at least the main source tree.
EOF
distribs="distrib.self .. ."
ask_distrib FreeBSD.cvs /home/ncvs . \
"main source tree, except crypto code"
ask_distrib FreeBSD-crypto.cvs /home/ncvs . \
"crypto code"
ask_distrib FreeBSD-www.current /usr/local/www . \
"installed World Wide Web data"
ask_distrib FreeBSD-gnats.current /home/gnats gnats \
"GNATS bug tracking database"
ask_distrib FreeBSD-mail.current /home/mail . \
"mailing list archive"
cat <<EOF
Now, a few questions so that I can set up your CVSup server properly.
For security reasons, both the CVSup client and server should run
under their own unique user and group IDs. These IDs should have no
special access privileges. Normally, the user:group "cvsupin:cvsupin"
is used for the client and "cvsup:cvsup" is used for the server, but
you can choose other names if you wish. At "make install" time, I
will create the users and groups, if they don't already exist.
Use unique user and group IDs for these. Do not use "nobody",
"nonroot", or "nogroup".
EOF
cuser=$(ask "Unique unprivileged user ID for running the client" cvsupin)
cgroup=$(ask "Unique unprivileged group ID for running the client" cvsupin)
user=$(ask "Unique unprivileged user ID for running the server" cvsup)
group=$(ask "Unique unprivileged group ID for running the server" cvsup)
cat <<EOF
The CVSup server does its logging via syslog. At "make install"
time, I will set up the logging for you, if necessary. I will use
the "!program" feature of syslog to keep your CVSup log messages
separate from the messages of your other daemons.
EOF
while :; do
facility=$(ask "Syslog facility for the server log" daemon)
case ${facility} in
daemon|local[0-7]|ftp|user) break;;
esac
echo "Please answer daemon, local0-local7, ftp, or user"
done
cat <<EOF
You can control the load on your machine by limiting the number of
clients that the CVSup server will serve at once. CVSup won't load
your network especially heavily, but it is more CPU and disk
intensive than most other file server software.
EOF
while :; do
maxclients=$(ask "Maximum simultaneous client connections" 8)
if expr "${maxclients}" : "[0-9][0-9]*\$" >/dev/null 2>&1; then
break
fi
echo "Please answer with a number"
done
#------------------------------------------------------------------------------
echo ""
echo -n "Building the \"config.sh\" file ... "
for var in ${variables}; do
eval echo ${var}=\\\"\${${var}}\\\"
done > ${WRKSRC}/config.sh
echo "Done."
echo -n "Building the \"cvsupd.access\" file ... "
cat <<EOF > ${WRKSRC}/cvsupd.access
-0.0.0.0/0 ${maxclients} # Limit total connections
-0.0.0.0/0/32 1 # Allow only 1 connection from each host
+0.0.0.0/0 # If we reach this rule, we let the client in
EOF
echo "Done."