FreeBSD Bugzilla – Attachment 23512 Details for
Bug 40455
New port: SFS (Self-Certifying File System)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
file.shar
file.shar (text/plain), 23.15 KB, created by
Michael Handler
on 2002-07-11 11:40:02 UTC
(
hide
)
Description:
file.shar
Filename:
MIME Type:
Creator:
Michael Handler
Created:
2002-07-11 11:40:02 UTC
Size:
23.15 KB
patch
obsolete
># This is a shell archive. Save it in a file, remove anything before ># this line, and then unpack it by entering "sh file". Note, it may ># create directories; files and directories will be owned by you and ># have default permissions. ># ># This archive contains: ># ># sfs ># sfs/files ># sfs/files/sfscd.sh ># sfs/files/sfssd.sh ># sfs/files/etc-sfsrwsd_config.sample ># sfs/files/share-doc-WELCOME ># sfs/files/share-doc-README ># sfs/pkg-plist ># sfs/Makefile ># sfs/distinfo ># sfs/pkg-comment ># sfs/pkg-descr ># sfs/pkg-install ># sfs/pkg-deinstall ># >echo c - sfs >mkdir -p sfs > /dev/null 2>&1 >echo c - sfs/files >mkdir -p sfs/files > /dev/null 2>&1 >echo x - sfs/files/sfscd.sh >sed 's/^X//' >sfs/files/sfscd.sh << 'END-of-sfs/files/sfscd.sh' >X#!/bin/sh >X >XPIDFILE=/var/run/sfscd.pid >X >Xcase "$1" in >Xstart) >X [ -x %%PREFIX%%/sbin/sfscd ] && %%PREFIX%%/sbin/sfscd && echo -n ' sfscd' >X ;; >Xstop) >X [ -r $PIDFILE ] && kill -TERM `cat $PIDFILE` && echo -n ' sfscd' >X ;; >X*) >X echo "Usage: `basename $0` {start|stop}" >&2 >X ;; >Xesac >X >Xexit 0 >END-of-sfs/files/sfscd.sh >echo x - sfs/files/sfssd.sh >sed 's/^X//' >sfs/files/sfssd.sh << 'END-of-sfs/files/sfssd.sh' >X#!/bin/sh >X >XPIDFILE=/var/run/sfssd.pid >X >Xcase "$1" in >Xstart) >X [ -x %%PREFIX%%/sbin/sfssd ] && %%PREFIX%%/sbin/sfssd && echo -n ' sfssd' >X ;; >Xstop) >X [ -r $PIDFILE ] && kill -TERM `cat $PIDFILE` && echo -n ' sfssd' >X ;; >X*) >X echo "Usage: `basename $0` {start|stop}" >&2 >X ;; >Xesac >X >Xexit 0 >END-of-sfs/files/sfssd.sh >echo x - sfs/files/etc-sfsrwsd_config.sample >sed 's/^X//' >sfs/files/etc-sfsrwsd_config.sample << 'END-of-sfs/files/etc-sfsrwsd_config.sample' >X# To configure sfsrwsd (part of the SFS server subsystem), copy this file >X# (sfsrwsd_config.sample) to sfsrwsd_config and edit as necessary. >X# >X# Normally, it should not be necessary for you to specify Hostname >X# or Keyfile options, only Export statements. >X# >X# Configuration reference: >X# >X# Hostname name >X# Set the Location part of the server's self-certifying pathname. The >X# default is the current host's fully-qualified hostname. >X# >X# Keyfile path >X# Tells sfsrwsd to look for its private key in file path. The default >X# is sfs_host_key. SFS looks for file names that do not start with / >X# in /etc/sfs, or whatever directory you specified if you used the >X# --with-etcdir option to configure (see configure). >X# >X# Export local-directory sfs-name [R|W] >X# Tells sfsrwsd to export local-directory, giving it the name sfs-name >X# with respect to the server's self-certifying pathname. Appending R >X# to an export directive gives anonymous users read-only access to >X# the file system (under user ID -2 and group ID -2). Appending W >X# gives anonymous users both read and write access. See Quick server >X# setup, for an example of the Export directive. There is almost no >X# reason to use the W flag. The R flag lets anyone on the Internet >X# issue NFS calls to your kernel as user -2. SFS filters these calls; >X# it makes sure that they operate on files covered by the export >X# directive, and it blocks any calls that would modify the file system. >X# This approach is safe given a perfect NFS3 implementation. If, >X# however, there are bugs in your NFS code, attackers may exploit >X# them if you have the R option--probably just crashing your server >X# but possibly doing worse >X >END-of-sfs/files/etc-sfsrwsd_config.sample >echo x - sfs/files/share-doc-WELCOME >sed 's/^X//' >sfs/files/share-doc-WELCOME << 'END-of-sfs/files/share-doc-WELCOME' >XSFS is now installed. To test your installation, try this (as root): >X >X# /usr/local/sbin/sfscd >X# cat /sfs/sfs.fs.net:eu4cvv6wcnzscer98yn4qjpjnn9iv6pi/CONGRATULATIONS >X >XIf it worked, you will see: >X >XYou have set up a working SFS client. >X >XAfterwards, kill sfscd: >X >X# kill -TERM `cat /var/run/sfscd.pid` >X >XSFS is a complex and potentially security-affecting set of programs, >Xand if you wish to do more with it, e.g. setting up an SFS server >Xof your own, it is strongly recommended that you read the documentation >Xfully before proceeding. Start with the documentation link on >X<URL:http://www.fs.net>, and see any supplemental documentation in >X/usr/local/share/doc/sfs/. >X >XThere are sample startup files for sfscd and sfssd in /usr/local/etc/rc.d, >Xunder the name sfscd.sh.sample and sfssd.sh.sample respectively. >XThese startup files are not enabled by default. >END-of-sfs/files/share-doc-WELCOME >echo x - sfs/files/share-doc-README >sed 's/^X//' >sfs/files/share-doc-README << 'END-of-sfs/files/share-doc-README' >X*** Notes on SFS configuration: >X >XSFS is a complex system to configure, and cannot be adequately >Xdescribed in these limited files. It is strongly suggested that you >Xread the SFS documentation on <URL://www.fs.net/> before configuring >Xany of the various programs. A limited roadmap is provided for >Xreference here, but that is no substitute for a reading of the full >Xdocumentation. GNU info documentation ("info sfs") and manual pages >Xare installed as well. >X >XThe various programs in the SFS package are configured via files >Xin two directories: /usr/local/share/sfs/ (henceforth "share/sfs") >Xand /usr/local/etc/sfs (henceforth "etc/sfs"). The port installs >Xvarious configuration files into share/sfs directly from the >Xcompilation of the SFS package. These files should never be edited >Xdirectly; they can be overridden by the creation of new files in >Xetc/sfs, as detailed below. >X >X*** IMPORTANT SECURITY NOTE: >X >XSFS operates by interfacing with NFS processes on localhost >X(127.0.0.1). While every effort is taken to insure security, NFS >Xis a large subsystem with a long history of security problems. >XUtilizing SFS thus may expose you to NFS-related problems and >Xattacks. It is strongly suggested that you read and ponder the >Xsecurity considerations section of the SFS documentation before >Xsetting up an SFS client or server. Additionally, it is STRONGLY >Xsuggested that you set up a software firewall on any SFS client or >Xserver machine to block unauthorized traffic to NFS-related programs >Xfrom other machines to the non-localhost IP addresses of your >Xmachine. Discussions of how best to do this are outside the scope >Xof this document; consult your local guru, users group, mailing >Xlist, or search engine. >X >X*** Starting the SFS daemons (client and server): >X >XThere are sample startup files for sfscd and sfssd in /usr/local/etc/rc.d, >Xunder the name sfscd.sh.sample and sfssd.sh.sample respectively. >XThese startup files are not enabled by default. Copy the files to >Xsfscd.sh or sfssd.sh to enable sfscd or sfssd (respectively) on >Xsystem boot. >X >Xsfscd and sfssd also run nicely under Daniel Bernstein's daemontools >Xpackage (/usr/ports/sysutils/daemontools or >X<URL:http://cr.yp.to/daemontools.html>); the -d flag makes the main >Xprocess stay in the foreground, and sends logs to stderr for easy >Xprocessing by multilog. >X >X*** Setting up an SFS client >X >X1) Set up sfscd to start on boot, via /usr/local/etc/rc.d/sfscd.sh or >X some other method of your preference. >X >X2) Put the following line into /etc/rc.conf: >X >Xnfs_client_enable="YES" >X >X3) Set up a firewall to prevent NFS traffic from outside the machine from >X contacting your NFS processes. >X >X4) Reboot. You should now have a working SFS client, which you can test >X via the following command: >X >X$ cat /sfs/sfs.fs.net:eu4cvv6wcnzscer98yn4qjpjnn9iv6pi/CONGRATULATIONS >XYou have set up a working SFS client. >X >X*** Setting up an SFS server >X >X(You do not need to set up an SFS host key on the server machine; >Xthe port installation does this for you in >X/usr/local/etc/sfs/sfs_host_key.) >X >X1) Set up sfssd to start on boot, via /usr/local/etc/rc.d/sfssd.sh or >X some other method of your preference. >X >X2) Put the following lines into /etc/rc.conf: >X >Xmountd_flags="" >Xnfs_reserved_port_only="YES" >Xnfs_server_enable="YES" >Xportmap_enable="YES" >X >X If the following line occurs in /etc/rc.conf, remove it: >X >Xweak_mountd_authentication="YES" >X >X3) Set up a firewall to prevent NFS traffic from outside the machine from >X contacting your NFS processes. >X >X4) Create a suitable /usr/local/etc/sfs/sfsrwsd_config file, e.g.: >X >XExport /root/sfsroot / R >XExport /usr/src /src R >XExport /usr/ports /ports R >XExport /local/baz /local/baz >X >X5) Add any local filesystems that are being exported to /etc/exports, and >X export them to localhost, e.g.: >X >X/root/sfsroot 127.0.0.1 >X/usr/src /usr/ports 127.0.0.1 >X/local/baz 127.0.0.1 >X >X NOTA BENE: any directories exported via SFS must follow all NFS >X export rules, i.e. no symlinks in the exported directory pathname, >X the exported path must be absolute to the physical mount point. If >X you want to export /usr/ports via SFS, and /usr/ports is really a >X symlink to /vol/h0/ports, you have to use: >X >XExport /vol/h0/ports /ports >X >X not: >X >XExport /usr/ports /ports >X >X Similarly, /etc/exports must reference /vol/h0/ports rather than >X /usr/ports. >X >X6) Make an empty directory structure mirroring your SFS namespace, e.g.: >X >X# mkdir /root/sfsroot >X# mkdir /root/sfsroot/src >X# mkdir /root/sfsroot/ports >X# mkdir /root/sfsroot/local >X# mkdir /root/sfsroot/local/baz >X >X7) Reboot. You should now have a working SFS server. sfssd will emit a >X message into /var/log/messages like the following: >X >Xsfsrwsd: serving <hostname>:<SFS key> >X >X From a DIFFERENT machine with an SFS client already installed >X and running, attempt to access /sfs/<hostname>:<SFS key>. Note >X that the SFS client machine will have to be able to connect to >X TCP port 4 on the SFS server machine. Note also that you must >X test your SFS server from a separate SFS client machine to avoid >X deadlock issues; see the SFS documentation for more details. >X >X If your server setup has been successful, the client machine >X should be able to see src, ports, and local/baz in the root >X directory of the SFS mount. >X >X8) Consider using your machine's firewall to restrict who has access >X to your SFS server by restricting access to TCP port 4. >X >XAdvanced SFS server configurations, such as user authentication, >Xis outside the scope of this document. Read the full SFS documentation >Xfor details. >X >X*** SFS configuration files: >X >X[ The following section is taken nearly verbatim from >X<URL:http://www.fs.net/sfs/new-york.lcs.mit.edu:85xq6pznt4mgfvj4mb23x6b8adak55ue/pub/sfswww/sfs.html#SFS%20configuration>. ] >X >XSFS comprises a number of programs, many of which have configuration >Xfiles. All programs look for configuration files in two directories--first >X/usr/local/etc/sfs, then, if they don't find the file there, in >X/usr/local/share/sfs. >X >XThis port installs reasonable defaults in /usr/local/share/sfs >Xfor all configuration files except sfsrwsd_config. On particular >Xhosts where you wish to change the default behavior, you can override >Xthe default configuration file by creating a new file of the same >Xname in /usr/local/etc/sfs. >X >XThe sfs_config file contains system-wide configuration parameters >Xfor most of the programs comprising SFS. Note that >X/usr/local/share/sfs/sfs_config is always parsed, even if >X/usr/local/etc/sfs/sfs_config exists. Options in >X/usr/local/etc/sfs/sfs_config simply override the defaults in >X/usr/local/share/sfs/sfs_config. For the other configuration files, >Xa file in /usr/local/etc/sfs/ entirely overrides the version in >X/usr/local/share/sfs/. >X >XIf you are running a server, you will need to create an sfsrwsd_config >Xfile to tell SFS what directories to export, and possibly an >Xsfsauthd_config if you wish to share the database of user public >Xkeys across several file servers. >X >XThe sfssd_config file contains information about which protocols >Xand services to route to which daemons on an SFS server, including >Xsupport for backwards compatibility across several versions of SFS. >XYou probably don't need to change this file. >X >Xsfs_srp_params contains some cryptographic parameters for retrieving >Xkeys securely over the network with a passphrase (as with the sfskey >Xadd usr@server command). >X >Xsfscd_config contains information about extensions to the SFS >Xprotocol and which kinds of file servers to route to which daemons. >XYou almost certainly should not touch this file unless you are >Xdeveloping new versions of the SFS software. >X >XNote that configuration command names are case-insensitive in all >Xconfiguration files (though the arguments are not). >END-of-sfs/files/share-doc-README >echo x - sfs/pkg-plist >sed 's/^X//' >sfs/pkg-plist << 'END-of-sfs/pkg-plist' >Xbin/dirsearch >Xbin/newaid >Xbin/rex >Xbin/rpcc >Xbin/sfsagent >Xbin/sfskey >Xbin/ssu >X@unexec if [ -f %D/etc/rc.d/sfscd.sh ]; then cmp -s %D/etc/rc.d/sfscd.sh.sample %D/etc/rc.d/sfscd.sh && rm -f %D/etc/rc.d/sfscd.sh || echo "${PKG_PREFIX}/etc/rc.d/sfscd.sh is different than distribution sample, leaving for manual cleanup." | fmt; fi >Xetc/rc.d/sfscd.sh.sample >X@unexec if [ -f %D/etc/rc.d/sfssd.sh ]; then cmp -s %D/etc/rc.d/sfssd.sh.sample %D/etc/rc.d/sfssd.sh && rm -f %D/etc/rc.d/sfssd.sh || echo "${PKG_PREFIX}/etc/rc.d/sfssd.sh is different than distribution sample, leaving for manual cleanup." | fmt; fi >Xetc/rc.d/sfssd.sh.sample >Xetc/sfs/sfsrwsd_config.sample >Xinclude/sfs >Xinclude/sfs-0.6/aclnt.h >Xinclude/sfs-0.6/aes.h >Xinclude/sfs-0.6/afsnode.h >Xinclude/sfs-0.6/agentconn.h >Xinclude/sfs-0.6/agentmisc.h >Xinclude/sfs-0.6/aiod.h >Xinclude/sfs-0.6/aiod_prot.h >Xinclude/sfs-0.6/aios.h >Xinclude/sfs-0.6/amisc.h >Xinclude/sfs-0.6/arc4.h >Xinclude/sfs-0.6/arena.h >Xinclude/sfs-0.6/arpc.h >Xinclude/sfs-0.6/array.h >Xinclude/sfs-0.6/asrv.h >Xinclude/sfs-0.6/async.h >Xinclude/sfs-0.6/autoconf.h >Xinclude/sfs-0.6/axprt.h >Xinclude/sfs-0.6/axprt_crypt.h >Xinclude/sfs-0.6/backoff.h >Xinclude/sfs-0.6/bbuddy.h >Xinclude/sfs-0.6/bench.h >Xinclude/sfs-0.6/bigint.h >Xinclude/sfs-0.6/bitvec.h >Xinclude/sfs-0.6/blowfish.h >Xinclude/sfs-0.6/callback.h >Xinclude/sfs-0.6/cbuf.h >Xinclude/sfs-0.6/crypt.h >Xinclude/sfs-0.6/crypt_prot.h >Xinclude/sfs-0.6/crypt_prot.x >Xinclude/sfs-0.6/crypthash.h >Xinclude/sfs-0.6/dns.h >Xinclude/sfs-0.6/dnsparse.h >Xinclude/sfs-0.6/err.h >Xinclude/sfs-0.6/esign.h >Xinclude/sfs-0.6/fdlim.h >Xinclude/sfs-0.6/getfh3.h >Xinclude/sfs-0.6/hashcash.h >Xinclude/sfs-0.6/ihash.h >Xinclude/sfs-0.6/init.h >Xinclude/sfs-0.6/itree.h >Xinclude/sfs-0.6/keyfunc.h >Xinclude/sfs-0.6/list.h >Xinclude/sfs-0.6/modalg.h >Xinclude/sfs-0.6/mount_prot.h >Xinclude/sfs-0.6/mount_prot.x >Xinclude/sfs-0.6/msb.h >Xinclude/sfs-0.6/nfs3_ext.x >Xinclude/sfs-0.6/nfs3_nonnul.h >Xinclude/sfs-0.6/nfs3_prot.h >Xinclude/sfs-0.6/nfs3_prot.x >Xinclude/sfs-0.6/nfs3close_prot.h >Xinclude/sfs-0.6/nfs3close_prot.x >Xinclude/sfs-0.6/nfs3exp_prot.h >Xinclude/sfs-0.6/nfs3exp_prot.x >Xinclude/sfs-0.6/nfs_prot.h >Xinclude/sfs-0.6/nfs_prot.x >Xinclude/sfs-0.6/nfsmounter.h >Xinclude/sfs-0.6/nfsmounter.x >Xinclude/sfs-0.6/nfsserv.h >Xinclude/sfs-0.6/nfstrans.h >Xinclude/sfs-0.6/opnew.h >Xinclude/sfs-0.6/parseopt.h >Xinclude/sfs-0.6/password.h >Xinclude/sfs-0.6/pcre.h >Xinclude/sfs-0.6/pmap_prot.h >Xinclude/sfs-0.6/pmap_prot.x >Xinclude/sfs-0.6/prime.h >Xinclude/sfs-0.6/prng.h >Xinclude/sfs-0.6/qhash.h >Xinclude/sfs-0.6/rabin.h >Xinclude/sfs-0.6/refcnt.h >Xinclude/sfs-0.6/rex.h >Xinclude/sfs-0.6/rex_prot.h >Xinclude/sfs-0.6/rex_prot.x >Xinclude/sfs-0.6/rpctypes.h >Xinclude/sfs-0.6/rwfd.h >Xinclude/sfs-0.6/rxx.h >Xinclude/sfs-0.6/seqno.h >Xinclude/sfs-0.6/serial.h >Xinclude/sfs-0.6/sfs-internal.h >Xinclude/sfs-0.6/sfs_prot.h >Xinclude/sfs-0.6/sfs_prot.x >Xinclude/sfs-0.6/sfsagent.h >Xinclude/sfs-0.6/sfsagent.x >Xinclude/sfs-0.6/sfsauth_prot.h >Xinclude/sfs-0.6/sfsauth_prot.x >Xinclude/sfs-0.6/sfscd_prot.h >Xinclude/sfs-0.6/sfscd_prot.x >Xinclude/sfs-0.6/sfsclient.h >Xinclude/sfs-0.6/sfsconnect.h >Xinclude/sfs-0.6/sfskeymisc.h >Xinclude/sfs-0.6/sfsmisc.h >Xinclude/sfs-0.6/sfsro_prot.h >Xinclude/sfs-0.6/sfsro_prot.x >Xinclude/sfs-0.6/sfsserv.h >Xinclude/sfs-0.6/sfstty.h >Xinclude/sfs-0.6/sha1.h >Xinclude/sfs-0.6/srp.h >Xinclude/sfs-0.6/stllike.h >Xinclude/sfs-0.6/str.h >Xinclude/sfs-0.6/suio++.h >Xinclude/sfs-0.6/sysconf.h >Xinclude/sfs-0.6/tiger.h >Xinclude/sfs-0.6/union.h >Xinclude/sfs-0.6/uvfstrans.h >Xinclude/sfs-0.6/vatmpl.h >Xinclude/sfs-0.6/vec.h >Xinclude/sfs-0.6/wmstr.h >Xinclude/sfs-0.6/xdr_suio.h >Xinclude/sfs-0.6/xdrmisc.h >Xinclude/sfs-0.6/xhinfo.h >Xinclude/sfs.h >X@dirrm include/sfs-0.6 >X@unexec install-info --delete %D/info/sfs.info %D/info/dir >Xinfo/sfs.info >Xinfo/sfs.info-1 >Xinfo/sfs.info-2 >X@exec install-info %D/info/sfs.info %D/info/dir >Xlib/libsfs.a >Xlib/sfs >Xlib/sfs-0.6/aiod >Xlib/sfs-0.6/connect >Xlib/sfs-0.6/libarpc.a >Xlib/sfs-0.6/libarpc.la >Xlib/sfs-0.6/libasync.a >Xlib/sfs-0.6/libasync.la >Xlib/sfs-0.6/libsfscrypt.a >Xlib/sfs-0.6/libsfscrypt.la >Xlib/sfs-0.6/libsfsmisc.a >Xlib/sfs-0.6/libsfsmisc.la >Xlib/sfs-0.6/libsvc.a >Xlib/sfs-0.6/libsvc.la >Xlib/sfs-0.6/listen >Xlib/sfs-0.6/mallock.o >Xlib/sfs-0.6/moduled >Xlib/sfs-0.6/newaid >Xlib/sfs-0.6/nfsmounter >Xlib/sfs-0.6/pathinfo >Xlib/sfs-0.6/proxy >Xlib/sfs-0.6/ptyd >Xlib/sfs-0.6/rexd >Xlib/sfs-0.6/sfsauthd >Xlib/sfs-0.6/sfsrwcd >Xlib/sfs-0.6/sfsrwsd >Xlib/sfs-0.6/suidconnect >Xlib/sfs-0.6/ttyd >Xlib/sfs-0.6/xfer >X@dirrm lib/sfs-0.6 >Xsbin/funmount >Xsbin/sfscd >Xsbin/sfssd >Xshare/doc/sfs/WELCOME >Xshare/doc/sfs/README >Xshare/doc/sfs/README.packageblurb >X@dirrm share/doc/sfs >Xshare/sfs/sfs_config >Xshare/sfs/sfs_srp_parms >Xshare/sfs/sfsauthd_config >Xshare/sfs/sfscd_config >Xshare/sfs/sfssd_config >X@dirrm share/sfs >END-of-sfs/pkg-plist >echo x - sfs/Makefile >sed 's/^X//' >sfs/Makefile << 'END-of-sfs/Makefile' >X# Ports collection makefile for: sfs >X# Date created: 2002-07-11 >X# Whom: Michael Handler <handler@grendel.net> >X# Matthew Dodd <winter@jurai.net> >X# >X# $FreeBSD$ >X# >X >XPORTNAME= sfs >XPORTVERSION= 0.6 >XPORTREVISION= 0 >XCATEGORIES= security net >XMASTER_SITES= http://www.fs.net/sfs/new-york.lcs.mit.edu:85xq6pznt4mgfvj4mb23x6b8adak55ue/pub/sfswww/dist/ >X >XMAINTAINER= handler@grendel.net >X >X.include <bsd.port.pre.mk> >X >XUSE_GMAKE= yes >XUSE_OPENSSL= yes >X >XGNU_CONFIGURE= yes >XCONFIGURE_ARGS+=--with-sfsuser=sfs \ >X --with-sfsgroup=sfs \ >X --with-sfsdir=/var/spool/sfs \ >X --with-etcdir=${PREFIX}/etc/sfs \ >X --with-openssl=${OPENSSLBASE} \ >X --disable-uvfs >X >X.if ${OSVERSION} > 500000 >XLIB_DEPENDS+= gmp.5:${PORTSDIR}/math/libgmp4 >XCONFIGURE_ARGS+=--with-gmp=${PREFIX} >X.else >XCONFIGURE_ARGS+=--with-gmp=/usr >X.endif >X >XMAN1= \ >X rex.1 \ >X sfsagent.1 \ >X sfskey.1 \ >X ssu.1 >X >XMAN5= \ >X sfs_config.5 \ >X sfs_users.5 \ >X sfscd_config.5 \ >X sfssd_config.5 \ >X sfs_srp_params.5 \ >X sfsauthd_config.5 \ >X sfsrwsd_config.5 >X >XMAN8= \ >X sfsauthd.8 \ >X sfscd.8 \ >X sfsrwsd.8 \ >X sfssd.8 >X >Xpost-extract: >X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/sfscd.sh > ${WRKSRC}/sfscd.sh >X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" ${FILESDIR}/sfssd.sh > ${WRKSRC}/sfssd.sh >X >Xpost-install: >X ${INSTALL_SCRIPT} ${WRKSRC}/sfscd.sh ${PREFIX}/etc/rc.d/sfscd.sh.sample >X ${INSTALL_SCRIPT} ${WRKSRC}/sfssd.sh ${PREFIX}/etc/rc.d/sfssd.sh.sample >X ${MKDIR} ${PREFIX}/etc/sfs >X ${INSTALL_DATA} ${FILESDIR}/etc-sfsrwsd_config.sample ${PREFIX}/etc/sfs/sfsrwsd_config.sample >X ${MKDIR} ${PREFIX}/share/doc/sfs >X ${INSTALL_DATA} ${FILESDIR}/share-doc-WELCOME ${PREFIX}/share/doc/sfs/WELCOME >X ${INSTALL_DATA} ${FILESDIR}/share-doc-README ${PREFIX}/share/doc/sfs/README >X ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sfs/README.packageblurb >X PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} POST-INSTALL >X >X.include <bsd.port.post.mk> >END-of-sfs/Makefile >echo x - sfs/distinfo >sed 's/^X//' >sfs/distinfo << 'END-of-sfs/distinfo' >XMD5 (sfs-0.6.tar.gz) = 0965e874ba18568655e1a7a3f273dc19 >END-of-sfs/distinfo >echo x - sfs/pkg-comment >sed 's/^X//' >sfs/pkg-comment << 'END-of-sfs/pkg-comment' >XSelf-Certifying File System: A secure global network file system. >END-of-sfs/pkg-comment >echo x - sfs/pkg-descr >sed 's/^X//' >sfs/pkg-descr << 'END-of-sfs/pkg-descr' >XWWW: http://www.fs.net/ >X >XSFS (Self-Certifying File System) is a secure, global file system >Xwith completely decentralized control. SFS lets you access your >Xfiles from anywhere and share them with anyone, anywhere. Anyone >Xcan set up an SFS server, and any user can access any server from >Xany client. SFS lets you share files across administrative realms >Xwithout involving administrators or certification authorities. >X >XSFS names file systems by public keys. Every remote file server is >Xmounted on a self-certifying pathname -- a directory of the form >X/sfs/LOCATION:HOSTID, where LOCATION is a DNS hostname and HOSTID >Xis a cryptographic hash of a public key. This naming scheme allows >Xfor completely decentralized control -- anyone can create a file >Xserver, and any user can access any file server from any client. >XVarious key management schemes can be built on top of SFS using >Xsymbolic links to map human-readable names to self-certifying >Xpathnames. >END-of-sfs/pkg-descr >echo x - sfs/pkg-install >sed 's/^X//' >sfs/pkg-install << 'END-of-sfs/pkg-install' >X#!/bin/sh >X >Xif [ -n "${PACKAGE_BUILDING}" ]; then >X exit 0 >Xfi >X >Xif [ "$2" != "POST-INSTALL" ]; then >X exit 0 >Xfi >X >XKEYFILE="$PKG_PREFIX/etc/sfs/sfs_host_key" >X >XUSER=sfs >XGROUP=sfs >XUID=71 >XGID=71 >XPW=/usr/sbin/pw >X >XSFSDIR=/var/spool/sfs >X >Xecho -n "Checking for group '$GROUP'... " >X >Xif ! ${PW} groupshow $GROUP >/dev/null 2>&1; then >X echo -n "doesn't exist, adding... " >X if ${PW} groupadd $GROUP -g ${GID}; then >X echo "success." >X else >X echo "FAILED!" >X exit 1 >X fi >Xelse >X echo "exists." >Xfi >X >Xecho -n "Checking for user '$USER'... " >X >Xif ! ${PW} usershow $USER >/dev/null 2>&1; then >X echo -n "doesn't exist, adding... " >X if ${PW} useradd $USER -u ${UID} -c 'Self-Certifying File System' -d /nonexistent -g $GROUP -s /sbin/nologin -h -; then >X echo "success." >X else >X echo "FAILED!" >X exit 1 >X fi >Xelse >X echo "exists." >Xfi >X >Xecho -n "Checking for SFS directory ($SFSDIR)... " >X >Xif [ -d "$SFSDIR" ]; then >X echo "already exists." >Xelse >X echo -n "creating... " >X if mkdir $SFSDIR; then >X echo "success." >X else >X echo "FAILED!" >X exit 1 >X fi >Xfi >X >Xif ! chmod 750 $SFSDIR; then >X echo "chmod 750 $SFSDIR FAILED!" >X exit 1 >Xfi >X >Xif ! chown $USER:$GROUP $SFSDIR; then >X echo "chown $USER:$GROUP $SFSDIR FAILED!" >X exit 1 >Xfi >X >Xecho -n "Checking for SFS host key ($KEYFILE)... " >X >Xif [ -f "$KEYFILE" ]; then >X echo "already exists, not generating." >Xelse >X echo "doesn't exist, generating." >X echo "Starting sfscd for entropy services." >X $PKG_PREFIX/sbin/sfscd >X echo -n "Sleeping ten seconds to give sfscd time to start up... " >X sleep 10 >X echo "done." >X $PKG_PREFIX/bin/sfskey gen -KP -n `uname -n` $KEYFILE >X echo -n "Key generation done, killing sfscd... " >X kill -TERM `cat /var/run/sfscd.pid` >X echo "done." >Xfi >X >Xcat $PKG_PREFIX/share/doc/sfs/WELCOME >X >Xexit 0 >END-of-sfs/pkg-install >echo x - sfs/pkg-deinstall >sed 's/^X//' >sfs/pkg-deinstall << 'END-of-sfs/pkg-deinstall' >X#!/bin/sh >X >Xif [ -n "${PACKAGE_BUILDING}" ]; then >X exit 0 >Xfi >X >Xif [ "$2" != "POST-DEINSTALL" ]; then >X exit 0 >Xfi >X >XUSER=sfs >XGROUP=sfs >XPW=/usr/sbin/pw >X >XSFSDIR=/var/spool/sfs >X >Xif ${PW} groupshow "${GROUP}" >/dev/null 2>&1; then >X echo "If you're done with SFS permanently, delete the sfs group manually: pw groupdel ${GROUP}" | fmt >Xfi >X >Xif ${PW} usershow "${USER}" >/dev/null 2>&1; then >X echo >X echo "If you're done with SFS permanently, delete the sfs user manually: pw userdel ${USER}" | fmt >Xfi >X >Xif [ -d "$PKG_PREFIX/etc/sfs" ] && ! rmdir $PKG_PREFIX/etc/sfs 2>/dev/null; then >X echo >X echo "You may wish to investigate the contents of $PKG_PREFIX/etc/sfs and delete the directory if you're done with SFS permanently." | fmt >Xfi >X >Xif [ -d "$SFSDIR" ] && ! rmdir $SFSDIR 2>/dev/null; then >X echo >X echo "You may wish to investigate the contents of $SFSDIR and delete the directory if you're done with SFS permanently." | fmt >Xfi >END-of-sfs/pkg-deinstall >exit
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=23512">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 40455
: 23512