dist_tmp
userv-utils-*.tar.gz
+build
+userv-utils (0.2.99.0.2) unstable; urgency=low
+
+ * debianisation
+ * new Makefiles in various directories, still all a bit crap
+ * removed some common stuff from */Makefile to settings.make
+
+ --
+
userv-utils (0.2.99.0.1) unstable; urgency=low
dyndns:
--- /dev/null
+sv-*
+tmp
+files
+userv-utils (0.2.99.0.2) unstable; urgency=low
+
+ * debianisation
+ * new Makefiles in various directories, still all a bit crap
+ * removed some common stuff from */Makefile to settings.make
+
+ --
+
userv-utils (0.2.99.0.1) unstable; urgency=low
dyndns:
--- /dev/null
+Source: userv-utils
+Section: admin
+Priority: extra
+Maintainer: Ian Jackson <ian@chiark.greenend.org.uk>
+Standards-Version: 2.1.1.0
+
+Package: userv-ipif
+Architecture: any
+Depends: userv
+Recommends: ssh
+Description: VPN system (and user-mode network interface)
+ userv-ipif is a userv service to allow non-root users to create
+ network interfaces implemented in user space. No kernel patches are
+ required (the kernel's built-in SLIP driver is used).
+ .
+ Based on this, udptunnel is a a simple but flexible VPN program which
+ uses ssh for authentication and key exchange but sends the packets
+ over UDP. (Other VPN-over-ssh programs typically do PPP-over-TCP,
+ which yields poor perfoormance.) Note that udptunnel is not IPSEC.
+ .
+ The default configuration does set up any users with permission to
+ create network interfaces such as VPN endpoints.
+
+Package: userv-dyndns
+Architecture: all
+Depends: userv, chiark-utils-bin
+Recommends: bind
+Description: dynamic DNS for shell account users
+ userv-dyndns is a userv service which allows non-root users to
+ modify individual DNS records in specified zones in a controlled way.
+ .
+ Typically, this can be used to provide a `dyndns.org'-like service
+ which is modifiable by shell account users.
+ .
+ The default configuration does not set up any users with permission
+ to modify the DNS.
+
+Package: userv-cgi
+Architecture: any
+Depends: userv
+Recommends: httpd
+Description: user-provided CGI scripts invoked by userv
+ This package contains ucgi, a userv service which allows CGI programs
+ to be provided which do not run as the webserver user, but instead
+ are owned by a particular other account.
+ .
+ Similar effects can be achieved with Apache's suexec; this package is
+ for administrators who do not trust suexec and wish to defend the
+ webserver from the CGI script providers, and vice versa, as much as
+ possible. This is achieved by using userv to do the cross-account
+ call, rather than a custom setuid helper.
+ .
+ The default configuration allows the webserver user to invoke users'
+ CGI programs from each user's ~/public-GI, but to allow external
+ callers to do this, the webserver will also need to be configured.
+
+Package: userv-groupmanage
+Architecture: all
+Depends: userv
+Description: user-controlled group membership
+ groupmanage is a userv service which allows individual shell users to
+ create UN*X groups, and/or to change the membership of existing
+ groups of which they are recorded as the manager.
+ .
+ The default configuration allows users to create and manage a few
+ groups, but is reasonably conservative.
+
+Package: userv-misc
+Architecture: all
+Depends: userv
+Description: miscellaneous small userv scripts
+ This package a few small userv services. Since you must choose
+ whether to install this package or not as one lump, the default
+ configuration for each script does not give users any new abilities.
+ .
+ mailq - allow users to view the mail queue
+ ndc-reload - allow certain users to reload the nameserver
--- /dev/null
+This package contains a number of small utilities and programs for use
+with the `userv' security boundary tool.
+
+This package, containing the moderately portable sources and Debian
+packaging information, and the resulting Debian binary packages, was
+put together by Ian Jackson. For both upstream and Debian packaging
+questions, please contact userv-utils@chiark.greenend.org.uk.
+
+
+userv and userv-utils are all free software; you can redistribute them
+and/or modify them under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2 of the
+License, or (at your option) any later version.
+
+These programs are distributed in the hope that they will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License with
+your Debian GNU/Linux system, in /usr/doc/copyright/GPL, or with the
+chiark-utils source package as the file COPYING; if not, email me at
+one of the addresses above or write to the Free Software Foundation,
+59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
--- /dev/null
+#!/usr/bin/make -f
+
+subdirs_build= ipif www-cgi
+subdirs_nobuild=dyndns groupmanage misc
+package= userv-utils
+packages_indep= userv-dyndns userv-groupmanage userv-misc
+packages_arch= userv-ipif userv-cgi
+packages= $(packages_indep) $(packages_arch)
+
+cwd= $(shell pwd)
+d= $(cwd)/debian
+t= $d/tmp
+
+build:
+ $(checkdir)
+ set -e; for s in $(subdirs_build); do $(MAKE) -C $$s all; done
+ touch build
+
+clean:
+ $(checkdir)
+ rm -f build
+ set -e; for s in $(subdirs_build); do \
+ $(MAKE) -C $$s -i distclean || \
+ $(MAKE) -C $$s -f Makefile.in distclean; \
+ done
+ rm -rf *~ debian/tmp debian/*~ debian/files* debian/substvars*
+
+binary-prep:
+ $(checkdir)
+ rm -rf debian/tmp*
+ #
+ #
+ set -e; for s in $(subdirs_build) $(subdirs_nobuild); do \
+ $(MAKE) -C $$s install install-docs install-examples \
+ prefix=$t/userv-$$s/usr \
+ etcdir=$t/userv-$$s/etc \
+ varlib=$t/userv-$$s/var/lib; \
+ done
+ #
+ mv debian/tmp/userv-www-cgi debian/tmp/userv-cgi
+ mv debian/tmp/userv-groupmanage/usr/share/doc/groupmanage \
+ debian/tmp/userv-groupmanage/usr/share/doc/userv-groupmanage
+ #
+ set -e; for p in $(packages); do \
+ install -d $t/$$p/DEBIAN $t/$$p/usr/share/doc/$$p; \
+ cp debian/copyright changelog \
+ $t/$$p/usr/share/doc/$$p/; \
+ ln -s changelog.gz \
+ $t/$$p/usr/share/doc/$$p/changelog.Debian.gz; \
+ gzip -9v $t/$$p/usr/share/doc/$$p/changelog; \
+ done
+ #
+ rename 's/\.example$$//' $t/userv-ipif/etc/userv/vpn/*.example \
+ $t/userv-dyndns/etc/userv/dyndns-service-users.example \
+ $t/userv-groupmanage/etc/groupmanage.conf.example
+ rename 's/\.distrib$$//' $t/*/etc/userv/services.d/*.distrib
+ rename 's/$$/\.disabled/' $t/userv-misc/etc/userv/services.d/mailq
+ set -e; for p in $(packages); do \
+ cd $t/$$p; \
+ test ! -d etc || \
+ find etc -type f -exec printf '/%s\n' '{}' ';' \
+ >>DEBIAN/conffiles; \
+ done
+ #
+ mv $t/userv-misc/usr/bin/mailq $t/userv-misc/usr/bin/mailq.userv
+ #
+# gzip -9f $t/*/usr/share/man/man*/*
+
+binary-hook-userv-misc:
+binary-hook-userv-groupmanage:
+binary-hook-userv-cgi:
+binary-hook-userv-dyndns:
+binary-hook-userv-ipif:
+
+binary-one:
+ set -e; for f in preinst postinst prerm postrm conffiles; do \
+ test -f debian/$p/$$f || continue; \
+ cp debian/$p/$$f $t/$p/DEBIAN/$$f; \
+ chmod u=rwX,go=rX $t/$p/DEBIAN/$$f; \
+ done
+ dpkg-gencontrol -p$p -P$t/$p -Tdebian/sv-$p
+ chown -R root.root debian/tmp
+ chmod -R g-ws debian/tmp
+ debian/rules binary-hook-$p
+ dpkg --build $t/$p ..
+
+binary-indep: checkroot build binary-prep
+ set -e; for p in $(packages_indep); do \
+ debian/rules binary-one p=$$p; done
+
+binary-arch: checkroot build binary-prep
+ $(checkdir)
+ dpkg-shlibdeps -Tdebian/sv-userv-ipif \
+ $t/userv-ipif/usr/bin/udptunnel-forwarder \
+ $t/userv-ipif/usr/lib/userv/ipif
+ dpkg-shlibdeps -Tdebian/sv-userv-cgi \
+ $t/userv-cgi/usr/lib/userv/cgi/target \
+ $t/userv-cgi/usr/lib/userv/cgi/cgi/ucgi
+ set -e; for p in $(packages_arch); \
+ do debian/rules binary-one p=$$p; done
+
+define checkdir
+ test -f ipif/service.c
+endef
+
+# Below here is fairly generic really
+
+binary: binary-indep binary-arch
+
+source diff:
+ @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false
+
+checkroot:
+ $(checkdir)
+ test root = "`whoami`"
+
+.PHONY: binary binary-arch binary-indep clean checkroot
--- /dev/null
+#!/bin/sh
+set -e
+
+user="$(sed -n '/^[a-z]/{p;q;}' /etc/userv/dyndns-service-users)"
+if id $user >/dev/null 2>&1; then exit 0; fi
+
+adduser --system --group --gecos 'userv dyndns' \
+ --home /etc/userv
# 1. Install the scripts and configuration:
#
mkdir -p /usr/local/lib/userv/dyndns /var/lib/userv/dyndns/tmp
-cp install service update /usr/local/lib/userv/dyndns
+cp install-script /usr/local/lib/userv/dyndns/install
+cp service update /usr/local/lib/userv/dyndns
cp dyndns /etc/userv/services.d/dyndns.distrib
cp dyndns-domains /etc/userv/dyndns-domains.example
# Rename the .distrib and .example, or edit them to be how you
# want, or merge your changes.
#
+# Create the service user `usdyndns'.
+#
# 2. For each zone, create
# /var/lib/userv/zone,<zone-name-without-trailing-dot>/
# and put in it the file
--- /dev/null
+# Makefile
+# installation runes for userv-dyndns
+
+# Copyright (C) 2003 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+include ../settings.make
+
+install:
+ mkdir -p $(shareuserv)/dyndns $(varlibuserv)/dyndns/tmp
+ cp service update $(shareuserv)/dyndns
+ cp install-script $(shareuserv)/dyndns/install
+
+install-examples:
+ mkdir -p $(services)
+ cp dyndns $(services)/dyndns.distrib
+ cp dyndns-domains $(etcuserv)/dyndns-domains.example
+ echo usdyndns >$(etcuserv)/dyndns-service-users.example
+
+install-docs:
+ mkdir -p $(docdir)/userv-dyndns
+ cp INSTALL $(docdir)/userv-dyndns
if ( grep calling-user-shell /etc/shells
- & glob service-user dyndns
+ & grep service-user /etc/userv/dyndns-service-users
)
reset
no-set-environment
no-suppress-args
no-disconnect-hup
- execute /usr/local/lib/userv/dyndns/service
+ execute /usr/share/userv/dyndns/service
fi
BEGIN {
$vardir= "/var/lib/userv/dyndns";
$defconf= "/etc/userv/dyndns-domains";
- $libdir= "/usr/local/lib/userv/dyndns";
+ $libdir= "/usr/share/userv/dyndns";
}
END {
remove "$vardir/tmp/$$" or $! == ENOENT or
mv -f $files,timings.new $files,timings
mv $files,new $files,data
-exec /usr/local/lib/userv/dyndns/install $zone
+exec /usr/share/userv/dyndns/install $zone
--- /dev/null
+# Makefile
+# installation runes for userv-dyndns
+
+# Copyright (C) 2003 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+include ../settings.make
+
+install:
+ mkdir -p $(bindir)
+ cp groupmanage $(bindir)/.
+
+install-examples:
+ mkdir -p $(etcdir) $(services)
+ cp groupmanage.conf $(etcdir)/groupmanage.conf.example
+ cp services $(services)/groupmanage.distrib
+
+install-docs:
+ mkdir -p $(docdir)/groupmanage
+ cp INSTALL groupmanage.text $(docdir)/groupmanage/.
#
# $Id$
-OPTIMISE= -O2
-CFLAGS= -Wall -Wmissing-prototypes -Wstrict-prototypes -Wpointer-arith \
- -Wwrite-strings -g $(OPTIMISE) -D_GNU_SOURCE \
- $(XCFLAGS)
-
-etcdir= /etc
-prefix= /usr/local
-bindir= $(prefix)/bin
-vardir= /var
-
-libdir= $(prefix)/lib
-sharedir= $(prefix)/share
-libuserv= $(libdir)/userv
-shareuserv= $(sharedir)/userv
-varlib= $(vardir)/lib
-varlibuserv= $(varlib)/userv
-varlibvpn= $(varlibuserv)/vpn
+include ../settings.make
-etcuserv= $(etcdir)/userv
+varlibvpn= $(varlibuserv)/vpn
etcvpn= $(etcdir)/userv/vpn
-services= $(etcuserv)/services.d
PROGRAM_TARGETS= udptunnel-forwarder udptunnel-reconf
TARGETS= service blowfishtest $(PROGRAM_TARGETS)
all: $(TARGETS)
install: all
- mkdir -p $(libuserv) $(services) $(etcvpn) \
+ mkdir -p $(bindir) $(libuserv) $(services) \
$(varlibvpn) $(shareuserv)
cp -b service $(libuserv)/ipif
cp -b $(PROGRAMS) $(bindir)/.
cp ipif $(services)/ipif:new
set -e; cd $(services); test -f ipif || mv ipif:new ipif
- cp *.example $(etcvpn)/.
cp udptunnel-vpn-config.m4 udptunnel-vpn-defaults \
$(shareuserv)/.
+install-docs:
+
+install-examples:
+ mkdir -p $(etcvpn)
+ cp *.example $(etcvpn)/.
+
udptunnel-reconf: udptunnel-reconf.pl Makefile
perl -pe ' \
print "\
no-set-environment
no-suppress-args
no-disconnect-hup
- execute /usr/local/lib/userv/ipif /etc/userv/ipif-networks --
+ execute /usr/lib/userv/ipif /etc/userv/ipif-networks --
fi
--- /dev/null
+# Makefile
+# installation runes for userv-dyndns
+
+# Copyright (C) 2003 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+include ../settings.make
+
+install:
+ mkdir -p $(bindir)
+ cp mailq-wrapper $(bindir)/mailq
+
+install-examples:
+ mkdir -p $(services)
+ cp mailq ndc-reload $(services)/.
+
+install-docs:
--- /dev/null
+#!/bin/sh
+set -e
+exec userv mail mailq </dev/null
#
-if ( glob calling-user ian ijackson
+if ( ( grep calling-user /etc/userv/dyndns-service-users
+ | glob calling-group add-groups-to-allow-to-reload-here
+ | glob calling-user add-users-to-allow-to-reload-here
+ )
& glob service-user root
)
reset
--- /dev/null
+# common makefile settings for userv-utils
+
+# Copyright (C) 1999-2000 Ian Jackson
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with userv-utils; if not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# $Id$
+
+etcdir= /etc
+prefix= /usr/local
+bindir= $(prefix)/bin
+vardir= /var
+
+libdir= $(prefix)/lib
+sharedir= $(prefix)/share
+
+docdir= $(sharedir)/doc
+
+libuserv= $(libdir)/userv
+shareuserv= $(sharedir)/userv
+varlib= $(vardir)/lib
+varlibuserv= $(varlib)/userv
+
+etcuserv= $(etcdir)/userv
+services= $(etcuserv)/services.d
+
+CFLAGS= -Wall -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes \
+ -Wpointer-arith -D_GNU_SOURCE \
+ $(OPTIMISE) $(DEBUG) $(SUBDIR_CFLAGS)
+LDFLAGS= $(SUBDIR_LDFLAGS)
+
+OPTIMISE= -O2
+DEBUG= -g
+
#
# $Id$
-CFLAGS= -Wall -Wwrite-strings -Wmissing-prototypes -Wstrict-prototypes \
- -Wpointer-arith -O2 -g
-LDFLAGS=
+
+include ../settings.make
+
+uslibdir= $(libdir)/userv/cgi
+uslibcgidir= $(uslibdir)/cgi
TARGETS= ucgi ucgitarget
$(OBJS): ucgi.h
+install: all
+ mkdir -p $(uslibcgidir)
+ cp -b ucgitarget $(uslibdir)/target
+ cp -b ucgi $(uslibcgidir)/
+ ln -sf ucgi $(uslibcgidir)/ucgi-debug
+
+install-examples:
+
+install-docs:
+
clean distclean realclean:
rm -f $(TARGETS)