Attachment #45477 for bug #70106

View | Details | Raw Unified | Return to bug 70106
Collapse All | Expand All





PORTNAME=	cgiwrap
PORTVERSION=	3.9
PORTREVISION=	1
CATEGORIES=	www security
MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR=	${PORTNAME}

COMMENT=	Securely execute ~user CGI scripts

GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--with-httpd-user=${WWWOWN} \
		--with-install-group=${WWWGRP} \
		--with-install-dir=${MAINCGIDIR} \
		--with-cgi-dir=${CGIWRAP_CGIDIR} \
		--with-local-contact=${CGIWRAP_CONTACT} \
		--with-allow-file=${CGIWRAP_ALLOWFILE} \
		--with-deny-file=${CGIWRAP_DENYFILE}
		${WITHOUTCHECK}

#
# Set this to the directory (relative to each user's home) where CGI
# scripts will be found.  Common alternate values are "www/cgi-bin"
# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
#
CGIWRAP_CGIDIR?=	public_html/cgi-bin

#
# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
#
#WITHOUTCHECK?=	--without-check-owner --without-check-setuid \
#		--without-check-group --without-check-setgid \
#		--without-check-group-writable \
#		--without-check-world-writable
###
# Use these options for Apache:
###
MAINCGIDIR?=	${PREFIX}/www/cgi-bin

#
# The allow and deny files control access to cgiwrap.
#
CGIWRAP_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
CGIWRAP_DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny

#
# Set the contact Email address.
#
CGIWRAP_CONTACT?=	webmaster@dummy-host.example.com

#
# Define CGIWRAP_LOGGING and specify where you want the logfile.
#
.if defined(CGIWRAP_LOGGING)
CONFIGURE_ARGS+=	--with-logging-file=${CGIWRAP_LOGGING}
.endif

#
# Some users enjoy being able to debug their own CGI scripts, since
# the standard "Internal server error" response doesn't help much.
# Administrators may find this useful as well.  See the cgiwrap
# documentation for details on how to use this.
#
.if defined(CGIWRAP_DEBUG)
PLIST_SUB+=	CGIWRAPDFLAG=
.else
PLIST_SUB+=	CGIWRAPDFLAG="@comment "
.endif

#
# A slew of --without-* configure flags exist for cgiwrap.  You
# should refer to the cgiwrap documentation for details regarding
# what these do, and when (if) they're necessary.
#
###
.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
CONFIGURE_ARGS+=	--without-check-owner
.endif
.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
CONFIGURE_ARGS+=	--without-check-group
.endif
.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
CONFIGURE_ARGS+=	--without-check-setuid
.endif
.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
CONFIGURE_ARGS+=	--without-check-setgid
.endif
.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
CONFIGURE_ARGS+=	--without-check-group-writable
.endif
.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
CONFIGURE_ARGS+=	--without-check-world-writable
.endif

pre-install:
	@${MKDIR} ${MAINCGIDIR}

post-install:
	@${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
	@${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
.if !defined(CGIWRAP_WITH_DEBUG)
	@${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
.endif
.if !defined(NOPORTDOCS)
	@${MKDIR} ${DOCSDIR}
.for file in accesscontrol.html afs.html changes.html chroot.html	\

.endfor
	@${ECHO} "Documentation installed in ${DOCSDIR}"
.endif
	@${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g'

.include <bsd.port.mk>

Lines 9-14 Link Here

(-)pkg-descr (-3 lines)
9	server software that supports CGI.	9	server software that supports CGI.
10		10
11	WWW: http://cgiwrap.sourceforge.net/	11	WWW: http://cgiwrap.sourceforge.net/
12
13	- Pete
14	petef@databits.net




recommended to try the Apache web server package.

The cgiwrap scripts have been installed in:
    %%PREFIX%%/www/cgi-bin
...the default location for Apache's cgi-bin directory.

If cgiwrap's allow/deny control is enabled, you must create either
%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
before cgiwrap will function.

Access control enabled, you must create either
${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
cgiwrap will function.
-----------------------------------------------------------------

Lines 18-25 Link Here

(-)pkg-plist (-2 / +2 lines)
18	%%PORTDOCS%%%%DOCSDIR%%/tricks.html	18	%%PORTDOCS%%%%DOCSDIR%%/tricks.html
19	%%PORTDOCS%%%%DOCSDIR%%/y2k.html	19	%%PORTDOCS%%%%DOCSDIR%%/y2k.html
20	www/cgi-bin/cgiwrap	20	www/cgi-bin/cgiwrap
21	www/cgi-bin/cgiwrapd	21	%%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
22	www/cgi-bin/nph-cgiwrap	22	www/cgi-bin/nph-cgiwrap
23	www/cgi-bin/nph-cgiwrapd	23	%%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
24	@unexec rmdir %D/www/cgi-bin 2>/dev/null \|\| true	24	@unexec rmdir %D/www/cgi-bin 2>/dev/null \|\| true
25	%%PORTDOCS%%@dirrm %%DOCSDIR%%	25	%%PORTDOCS%%@dirrm %%DOCSDIR%%

Return to bug 70106

Lines 7-12 Link Here

(-)Makefile (-32 / +75 lines)
7		7
8	PORTNAME= cgiwrap	8	PORTNAME= cgiwrap
9	PORTVERSION= 3.9	9	PORTVERSION= 3.9
		10	PORTREVISION= 1
10	CATEGORIES= www security	11	CATEGORIES= www security
11	MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}	12	MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
12	MASTER_SITE_SUBDIR= ${PORTNAME}	13	MASTER_SITE_SUBDIR= ${PORTNAME}
Lines 15-62 Link Here
15	COMMENT= Securely execute ~user CGI scripts	16	COMMENT= Securely execute ~user CGI scripts
16		17
17	GNU_CONFIGURE= yes	18	GNU_CONFIGURE= yes
18	CONFIGURE_ARGS= --with-httpd-user=${HTTPDUSER} \	19	CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \
		20	--with-install-group=${WWWGRP} \
19	--with-install-dir=${MAINCGIDIR} \	21	--with-install-dir=${MAINCGIDIR} \
20	--with-install-group=${BINGRP} \	22	--with-cgi-dir=${CGIWRAP_CGIDIR} \
21	--with-cgi-dir=${CGIDIR} \	23	--with-local-contact=${CGIWRAP_CONTACT} \
22	--with-allow-file=${ALLOWFILE} \	24	--with-allow-file=${CGIWRAP_ALLOWFILE} \
23	--with-deny-file=${DENYFILE} \	25	--with-deny-file=${CGIWRAP_DENYFILE}
24	${WITHOUTCHECK}
25		26
26	###	27	#
27	# Set this to the directory (relative to each user's home) where CGI	28	# Set this to the directory (relative to each user's home) where CGI
28	# scripts will be found. (Another common value is "www/cgi-bin".)	29	# scripts will be found. Common alternate values are "www/cgi-bin"
29	###	30	# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
30	CGIDIR?= public_html/cgi-bin	31	#
31	###	32	CGIWRAP_CGIDIR?= public_html/cgi-bin
32	# The default security settings are very tight; enable one or more	33
33	# of these to loosen them. Run "configure -help" for information on	34	#
34	# these and other options.	35	# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
35	###	36	#
36	#WITHOUTCHECK?= --without-check-owner --without-check-setuid \
37	# --without-check-group --without-check-setgid \
38	# --without-check-group-writable \
39	# --without-check-world-writable
40	###
41	# Use these options for Apache:
42	###
43	MAINCGIDIR?= ${PREFIX}/www/cgi-bin	37	MAINCGIDIR?= ${PREFIX}/www/cgi-bin
44	HTTPDUSER?= www	38
45	###	39	#
46	# The allow and deny files control access to cgiwrap.	40	# The allow and deny files control access to cgiwrap.
		41	#
		42	CGIWRAP_ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow
		43	CGIWRAP_DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny
		44
		45	#
		46	# Set the contact Email address.
		47	#
		48	CGIWRAP_CONTACT?= webmaster@dummy-host.example.com
		49
		50	#
		51	# Define CGIWRAP_LOGGING and specify where you want the logfile.
		52	#
		53	.if defined(CGIWRAP_LOGGING)
		54	CONFIGURE_ARGS+= --with-logging-file=${CGIWRAP_LOGGING}
		55	.endif
		56
		57	#
		58	# Some users enjoy being able to debug their own CGI scripts, since
		59	# the standard "Internal server error" response doesn't help much.
		60	# Administrators may find this useful as well. See the cgiwrap
		61	# documentation for details on how to use this.
		62	#
		63	.if defined(CGIWRAP_DEBUG)
		64	PLIST_SUB+= CGIWRAPDFLAG=
		65	.else
		66	PLIST_SUB+= CGIWRAPDFLAG="@comment "
		67	.endif
		68
		69	#
		70	# A slew of --without-* configure flags exist for cgiwrap. You
		71	# should refer to the cgiwrap documentation for details regarding
		72	# what these do, and when (if) they're necessary.
		73	#
47	###	74	###
48	ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow	75	.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
49	DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny	76	CONFIGURE_ARGS+= --without-check-owner
		77	.endif
		78	.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
		79	CONFIGURE_ARGS+= --without-check-group
		80	.endif
		81	.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
		82	CONFIGURE_ARGS+= --without-check-setuid
		83	.endif
		84	.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
		85	CONFIGURE_ARGS+= --without-check-setgid
		86	.endif
		87	.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
		88	CONFIGURE_ARGS+= --without-check-group-writable
		89	.endif
		90	.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
		91	CONFIGURE_ARGS+= --without-check-world-writable
		92	.endif
50		93
51	pre-install:	94	pre-install:
52	@${MKDIR} ${MAINCGIDIR}	95	@${MKDIR} ${MAINCGIDIR}
53		96
54	post-install:	97	post-install:
55	${STRIP_CMD} ${MAINCGIDIR}/cgiwrap	98	@${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
56	${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd	99	@${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
57	${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd	100	.if !defined(CGIWRAP_WITH_DEBUG)
58	${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd	101	@${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
59	${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd	102	.endif
60	.if !defined(NOPORTDOCS)	103	.if !defined(NOPORTDOCS)
61	@${MKDIR} ${DOCSDIR}	104	@${MKDIR} ${DOCSDIR}
62	.for file in accesscontrol.html afs.html changes.html chroot.html \	105	.for file in accesscontrol.html afs.html changes.html chroot.html \
Lines 68-73 Link Here
68	.endfor	111	.endfor
69	@${ECHO} "Documentation installed in ${DOCSDIR}"	112	@${ECHO} "Documentation installed in ${DOCSDIR}"
70	.endif	113	.endif
71	@${CAT} ${PKGMESSAGE}	114	@${CAT} ${PKGMESSAGE} \| ${SED} -e's#%%PREFIX%%#${PREFIX}#g'
72		115
73	.include <bsd.port.mk>	116	.include <bsd.port.mk>

Lines 6-19 Link Here

(-)pkg-message (-8 / +4 lines)
6	recommended to try the Apache web server package.	6	recommended to try the Apache web server package.
7		7
8	The cgiwrap scripts have been installed in:	8	The cgiwrap scripts have been installed in:
9	${PREFIX}/www/cgi-bin	9	%%PREFIX%%/www/cgi-bin
10	...the default location for Apache's cgi-bin directory.	10	...the default location for Apache's cgi-bin directory.
11		11
12	The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they	12	If cgiwrap's allow/deny control is enabled, you must create either
13	may give away sensitive information about the CGI environment. To	13	%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
14	enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd	14	before cgiwrap will function.
15
16	Access control enabled, you must create either
17	${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
18	cgiwrap will function.
19	-----------------------------------------------------------------	15	-----------------------------------------------------------------