mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-31 21:57:12 +00:00
3176ec22e7
honor of the occasion I have bumped the version number to 1.1. The port now depends upon the cvsup-bin and cvsupd-bin ports rather than on the more trouble-prone cvsup port. The CVSup server is run with "-C 100" (max. 100 clients at a time) and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access" file. This is nice because you can change the limit by editing the file; you don't have to restart the server. The cvsupd.access file also contains a rule to limit each individual host to one connection at a time. The CVSup client is now run under its own unprivileged user ID instead of root. This is a security enhancement. It makes it impossible for a compromised master site to install files into places outside the mirror area of the filesystem. The permissions of various other files such as /usr/local/etc/cvsup have also been strengthened to enhance security. Both client and server now cd to /var/tmp to run, so that if they decide to croak they'll be able to write the core file. :-) The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start" and "stop" arguments. The configure script no longer attempts to tell you the sizes of the various collections. That's impossible to maintain. When I have time I plan to make a web page where one can obtain that information from an automatically-updated source. Then I will reference the URL in the configure script. It is possible to upgrade an existing cvsup-mirror-1.0 installation to this new version, but it is tricky because of the change in ownership of the mirrored files. I will post instructions to the freebsd-hubs mailing list after I make sure I have the procedure just right.
235 lines
5.8 KiB
Bash
235 lines
5.8 KiB
Bash
#! /bin/sh
|
|
|
|
base=${PREFIX}/etc/cvsup
|
|
prefixes=${base}/prefixes
|
|
|
|
chmods_done=" "
|
|
|
|
ask() {
|
|
local question default answer
|
|
|
|
question=$1
|
|
default=$2
|
|
if [ -z "${PACKAGE_BUILDING}" ]; then
|
|
read -p "${question} [${default}]? " answer
|
|
fi
|
|
if [ x${answer} = x ]; then
|
|
answer=${default}
|
|
fi
|
|
echo ${answer}
|
|
}
|
|
|
|
yesno() {
|
|
local dflt question answer
|
|
|
|
question=$1
|
|
dflt=$2
|
|
while :; do
|
|
answer=$(ask "${question}" "${dflt}")
|
|
case "${answer}" in
|
|
[Yy]*) return 0;;
|
|
[Nn]*) return 1;;
|
|
esac
|
|
echo "Please answer yes or no."
|
|
done
|
|
}
|
|
|
|
install_links() {
|
|
local link dir subdir path
|
|
|
|
while [ $# -ge 3 ]; do
|
|
link=$1
|
|
dir=$2
|
|
subdir=$3
|
|
echo " Linking ${link} -> ${dir}"
|
|
ln -sf ${dir} ${prefixes}/${link} || exit
|
|
if [ "x${dir}" != "xSKIP" -a "x${dir}" != "x.." ]; then
|
|
if [ "x${subdir}" = "x." ]; then
|
|
path=${dir}
|
|
else
|
|
path=${dir}/${subdir}
|
|
fi
|
|
( cd ${prefixes} || exit
|
|
if [ "x${subdir}" != "x." -a -h ${path} ]; then
|
|
cat <<EOF
|
|
"${subdir}" must be a true subdirectory of "${dir}", not a symbolic link.
|
|
Please remove the symbolic link and/or configure again using the true
|
|
directory path to "${subdir}".
|
|
EOF
|
|
exit 1
|
|
fi
|
|
test -d ${path} || mkdir -p ${path} || exit ) || exit
|
|
if ! expr "${chmods_done}" : ".* ${path} " >/dev/null 2>&1; then
|
|
echo -n " Fixing ownerships and modes in ${path} ..."
|
|
( chdir ${prefixes} && \
|
|
chown -R ${cuser}:${cgroup} ${path} && \
|
|
chmod -R a+rX ${path} ) || exit
|
|
echo " done."
|
|
chmods_done="${chmods_done}${path} "
|
|
fi
|
|
fi
|
|
shift 3
|
|
done
|
|
}
|
|
|
|
make_account() {
|
|
local u g
|
|
|
|
u=$1
|
|
g=$2
|
|
if pw group show "${g}" >/dev/null 2>&1; then
|
|
echo "You already have a group \"${g}\", so I will use it."
|
|
else
|
|
echo "You need a group \"${g}\"."
|
|
if which -s pw && yesno "Would you like me to create it" y; then
|
|
pw groupadd ${g} || exit
|
|
echo "Done."
|
|
else
|
|
echo "Please create it, and try again."
|
|
if ! grep -q "^${u}:" /etc/passwd; then
|
|
echo "While you're at it, please create a user \"${u}\" too,"
|
|
echo "with a default group of \"${g}\"."
|
|
fi
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
if pw user show "${u}" >/dev/null 2>&1; then
|
|
echo "You already have a user \"${u}\", so I will use it."
|
|
else
|
|
echo "You need a user \"${u}\"."
|
|
if which -s pw && yesno "Would you like me to create it" y; then
|
|
pw useradd ${u} -g ${g} -h - -d /nonexistent \
|
|
-s /nonexistent -c "CVSup Daemon" || exit
|
|
echo "Done."
|
|
else
|
|
echo "Please create it, and try again."
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
case $2 in
|
|
|
|
POST-INSTALL)
|
|
. ${base}/config.sh || exit
|
|
|
|
if which -s pw && which -s lockf; then
|
|
:
|
|
else
|
|
cat <<EOF
|
|
|
|
This system looks like a pre-2.2 version of FreeBSD. I see that it
|
|
is missing the "lockf" and/or "pw" utilities. I need these utilities.
|
|
Please get them and install them, and try again. You can get the
|
|
sources from:
|
|
|
|
ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.bin/lockf.tar.gz
|
|
ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz
|
|
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
make_account ${user} ${group}
|
|
make_account ${cuser} ${cgroup}
|
|
|
|
echo "Fixing ownerships and modes in \"${base}\"."
|
|
chown -R root:wheel ${base}
|
|
test -d ${base}/sup || mkdir -p ${base}/sup
|
|
test -d ${base}/sup.client || mkdir -p ${base}/sup.client
|
|
chown -R ${cuser}:${cgroup} ${base}/sup ${base}/sup.client
|
|
chmod -R go=u-w ${base}
|
|
|
|
echo "Setting up links and directories for distributions."
|
|
test -d ${prefixes} || mkdir ${prefixes} || exit
|
|
install_links ${distribs}
|
|
|
|
echo ""
|
|
if grep -q "^[^#]*${facility}.*/var/log/cvsupd.log" /etc/syslog.conf; then
|
|
echo -n "It looks like you already have some logging set up, so I "
|
|
echo "will use it."
|
|
else
|
|
if yesno "Would you like me to set up the syslog logging" y; then
|
|
echo "Setting up server logging in \"/etc/syslog.conf\"."
|
|
cat <<EOF >>/etc/syslog.conf
|
|
!cvsupd
|
|
${facility}.info /var/log/cvsupd.log
|
|
EOF
|
|
|
|
if [ ! -f /var/log/cvsupd.log ]; then
|
|
echo "Creating \"/var/log/cvsupd.log\"."
|
|
cp /dev/null /var/log/cvsupd.log
|
|
fi
|
|
|
|
if [ -f /var/run/syslog.pid ]; then
|
|
echo "Giving syslogd a kick in the pants."
|
|
kill -HUP $(cat /var/run/syslog.pid)
|
|
fi
|
|
|
|
echo "Adding cvsupd log entry to \"/etc/newsyslog.conf\"."
|
|
cat <<EOF >>/etc/newsyslog.conf
|
|
/var/log/cvsupd.log 664 7 * 24 Z
|
|
EOF
|
|
echo "Done."
|
|
else
|
|
cat <<EOF
|
|
OK, please remember to do it yourself. You should log "${facility}.info"
|
|
to "/var/log/cvsupd.log". Don't forget to add an entry to
|
|
"/etc/newsyslog.conf".
|
|
EOF
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
if grep -q "^[^#]*${base}/update\.sh" /etc/crontab; then
|
|
echo "It looks like your crontab is already set up, so I'll use that."
|
|
else
|
|
if [ ${interval} -eq 1 ]; then
|
|
updstr="hourly updates"
|
|
else
|
|
updstr="updates every ${interval} hours"
|
|
fi
|
|
if yesno "Would you like me to set up your crontab for ${updstr}" y
|
|
then
|
|
echo "Scheduling ${updstr} in \"/etc/crontab\"."
|
|
delay=5
|
|
now=$(date "+%s")
|
|
start=$((${now} + ${delay}*60))
|
|
hh=$(date -r ${start} "+%H")
|
|
mm=$(date -r ${start} "+%M")
|
|
h=$((${hh}))
|
|
m=$((${mm}))
|
|
if [ ${interval} -eq 1 ]; then
|
|
hstr="*"
|
|
else
|
|
h0=$((${h} % ${interval}))
|
|
if [ ${interval} -eq 24 ]; then
|
|
hstr=${h0}
|
|
else
|
|
h1=$((${h0} + 24 - ${interval}))
|
|
hstr=${h0}-${h1}/${interval}
|
|
fi
|
|
fi
|
|
cat <<EOF >>/etc/crontab
|
|
${m} ${hstr} * * * root ${base}/update.sh
|
|
EOF
|
|
cat <<EOF
|
|
Done. The first update will be ${delay} minutes from now, at ${hh}:${mm}.
|
|
The cvsupd server will be started automatically after the first update,
|
|
and whenever you reboot.
|
|
EOF
|
|
else
|
|
cat <<EOF
|
|
OK, please remember to do it yourself. The crontab entry should run
|
|
"${base}/update.sh" as root.
|
|
EOF
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
echo "You are now a FreeBSD mirror site."
|
|
;;
|
|
esac
|