diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-10-30 17:25:40 -0400 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-10-30 17:25:40 -0400 |
commit | 846174da30ba5e96c6537a1a5c88666b3120177b (patch) | |
tree | 14d3c35b4e7a317c0e776e1c5f1009df331b5e88 /packaging/freebsd/security | |
parent | 46cb105f343f7e9e97be60dcf32fae50a1463c29 (diff) |
reorganizing FreeBSD port to make it clearer where it in /usr/ports and to make it easier to rebuild the port
Diffstat (limited to 'packaging/freebsd/security')
9 files changed, 351 insertions, 0 deletions
diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile new file mode 100644 index 0000000..984bc87 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/Makefile @@ -0,0 +1,56 @@ +# New ports collection makefile for: monkeysphere +# Date created: 2008-09-11 23:38:27-0400 +# Whom: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# $FreeBSD$ +# + +PORTNAME= monkeysphere +PORTVERSION= 0.19 +CATEGORIES= security +MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ +# hack for debian orig tarballs +DISTFILES= ${PORTNAME}_${DISTVERSION}.orig.tar.gz + +MAINTAINER= dkg@fifthhorseman.net +COMMENT= use the OpenPGP web of trust to verify ssh connections + +LIB_DEPENDS= gnutls.26:${PORTSDIR}/security/gnutls +RUN_DEPENDS= base64:${PORTSDIR}/converters/base64 \ + gpg:${PORTSDIR}/security/gnupg1 \ + lockfile:${PORTSDIR}/mail/procmail \ + /usr/local/bin/getopt:${PORTSDIR}/misc/getopt \ + bash:${PORTSDIR}/shells/bash + +MAN1= monkeysphere.1 openpgp2ssh.1 monkeysphere-ssh-proxycommand.1 +MAN7= monkeysphere.7 +MAN8= monkeysphere-server.8 +MANCOMPRESSED= yes + +MAKE_ARGS= ETCPREFIX=${PREFIX} MANPREFIX=${PREFIX}/man ETCSUFFIX=.sample + +# get rid of cruft after the patching: +post-patch: + find . -iname '*.orig' -delete + +post-install: + @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-host.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-host.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-host.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf.sample ${PREFIX}/etc/monkeysphere/gnupg-authentication.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere.conf ; \ + fi + @if [ ! -f ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ]; then \ + ${CP} -p ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf.sample ${PREFIX}/etc/monkeysphere/monkeysphere-server.conf ; \ + fi +.if !defined(PACKAGE_BUILDING) + @${SETENV} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL +.endif + +post-deinstall: + @${SETENV} ${SH} ${PKGDEINSTALL} ${PKGNAME} POST-DEINSTALL + +.include <bsd.port.mk> diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo new file mode 100644 index 0000000..86aecd1 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/distinfo @@ -0,0 +1,3 @@ +MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e +SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522 +SIZE (monkeysphere_0.19.orig.tar.gz) = 68335 diff --git a/packaging/freebsd/security/monkeysphere/files/patch-etclocation b/packaging/freebsd/security/monkeysphere/files/patch-etclocation new file mode 100644 index 0000000..2ab3ac0 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-etclocation @@ -0,0 +1,54 @@ +diff --git etc/monkeysphere-server.conf etc/monkeysphere-server.conf +index c001f2d..d33fd36 100644 +--- etc/monkeysphere-server.conf ++++ etc/monkeysphere-server.conf +@@ -17,7 +17,7 @@ + # authorized_keys file. '%h' will be replaced by the home directory + # of the user, and %u will be replaced by the username of the user. + # For purely admin-controlled authorized_user_ids, you might put them +-# in /etc/monkeysphere/authorized_user_ids/%u, for instance. ++# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance. + #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" + + # Whether to add user controlled authorized_keys file to +diff --git man/man1/monkeysphere.1 man/man1/monkeysphere.1 +index 3ece735..09320d2 100644 +--- man/man1/monkeysphere.1 ++++ man/man1/monkeysphere.1 +@@ -111,7 +111,7 @@ Path to ssh authorized_keys file (~/.ssh/authorized_keys). + ~/.monkeysphere/monkeysphere.conf + User monkeysphere config file. + .TP +-/etc/monkeysphere/monkeysphere.conf ++/usr/local/etc/monkeysphere/monkeysphere.conf + System-wide monkeysphere config file. + .TP + ~/.monkeysphere/authorized_user_ids +diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 +index f207e2c..360408e 100644 +--- man/man8/monkeysphere-server.8 ++++ man/man8/monkeysphere-server.8 +@@ -203,10 +203,10 @@ User to control authentication keychain (monkeysphere). + .SH FILES + + .TP +-/etc/monkeysphere/monkeysphere-server.conf ++/usr/local/etc/monkeysphere/monkeysphere-server.conf + System monkeysphere-server config file. + .TP +-/etc/monkeysphere/monkeysphere.conf ++/usr/local/etc/monkeysphere/monkeysphere.conf + System-wide monkeysphere config file. + .TP + /var/lib/monkeysphere/authorized_keys/USER +--- src/common.orig 2008-10-12 14:58:00.000000000 -0400 ++++ src/common 2008-10-25 17:40:34.000000000 -0400 +@@ -16,7 +16,7 @@ + ### COMMON VARIABLES + + # managed directories +-SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} ++SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/usr/local/etc/monkeysphere"} + export SYSCONFIGDIR + + ######################################################################## diff --git a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation new file mode 100644 index 0000000..99c9604 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation @@ -0,0 +1,22 @@ +--- src/monkeysphere.orig 2008-10-12 14:58:00.000000000 -0400 ++++ src/monkeysphere 2008-10-25 17:41:41.000000000 -0400 +@@ -13,7 +13,7 @@ + ######################################################################## + PGRM=$(basename $0) + +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + +--- src/monkeysphere-server.orig 2008-10-25 14:17:50.000000000 -0400 ++++ src/monkeysphere-server 2008-10-25 17:42:50.000000000 -0400 +@@ -13,7 +13,7 @@ + ######################################################################## + PGRM=$(basename $0) + +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + diff --git a/packaging/freebsd/security/monkeysphere/files/patch-varlocation b/packaging/freebsd/security/monkeysphere/files/patch-varlocation new file mode 100644 index 0000000..c4d8dcd --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/files/patch-varlocation @@ -0,0 +1,90 @@ +diff --git man/man8/monkeysphere-server.8 man/man8/monkeysphere-server.8 +index f207e2c..29c7b6a 100644 +--- man/man8/monkeysphere-server.8 ++++ man/man8/monkeysphere-server.8 +@@ -128,7 +128,7 @@ command to push the key to a keyserver. You must also modify the + sshd_config on the server to tell sshd where the new server host key + is located: + +-HostKey /var/lib/monkeysphere/ssh_host_rsa_key ++HostKey /var/monkeysphere/ssh_host_rsa_key + + In order for users logging into the system to be able to verify the + host via the monkeysphere, at least one person (e.g. a server admin) +@@ -170,7 +170,7 @@ users. You must also tell sshd to look at the monkeysphere-generated + authorized_keys file for user authentication by setting the following + in the sshd_config: + +-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u ++AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u + + It is recommended to add "monkeysphere-server update-users" to a + system crontab, so that user keys are kept up-to-date, and key +@@ -209,17 +209,17 @@ System monkeysphere-server config file. + /etc/monkeysphere/monkeysphere.conf + System-wide monkeysphere config file. + .TP +-/var/lib/monkeysphere/authorized_keys/USER ++/var/monkeysphere/authorized_keys/USER + Monkeysphere-generated user authorized_keys files. + .TP +-/var/lib/monkeysphere/ssh_host_rsa_key ++/var/monkeysphere/ssh_host_rsa_key + Copy of the host's private key in ssh format, suitable for use by + sshd. + .TP +-/var/lib/monkeysphere/gnupg-host ++/var/monkeysphere/gnupg-host + Monkeysphere host GNUPG home directory. + .TP +-/var/lib/monkeysphere/gnupg-authentication ++/var/monkeysphere/gnupg-authentication + Monkeysphere authentication GNUPG home directory. + + .SH AUTHOR +diff --git doc/getting-started-admin.mdwn doc/getting-started-admin.mdwn +index 6c8ad53..67fdda1 100644 +--- doc/getting-started-admin.mdwn ++++ doc/getting-started-admin.mdwn +@@ -30,7 +30,7 @@ To use the newly-generated host key for ssh connections, put the + following line in `/etc/ssh/sshd_config` (be sure to remove references + to any other keys): + +- HostKey /var/lib/monkeysphere/ssh_host_rsa_key ++ HostKey /var/monkeysphere/ssh_host_rsa_key + + FIXME: should we just suggest symlinks in the filesystem here instead? + +@@ -40,7 +40,7 @@ To enable users to use the monkeysphere to authenticate using the + OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again, + making sure that no other AuthorizedKeysFile directive exists): + +- AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u ++ AuthorizedKeysFile /var/monkeysphere/authorized_keys/%u + + And then read the section below about how to ensure these files are + maintained. You'll need to restart `sshd` to have your changes take +--- src/monkeysphere-server.orig 2008-10-25 18:01:19.000000000 -0400 ++++ src/monkeysphere-server 2008-10-25 18:01:24.000000000 -0400 +@@ -17,7 +17,7 @@ + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + +-SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} ++SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/monkeysphere"} + export SYSDATADIR + + # UTC date in ISO 8601 format if needed +--- etc/gnupg-authentication.conf.orig 2008-10-25 18:02:58.000000000 -0400 ++++ etc/gnupg-authentication.conf 2008-10-25 18:03:04.000000000 -0400 +@@ -4,8 +4,8 @@ + # It is highly recommended that you + # DO NOT MODIFY + # these variables. +-primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg +-keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg ++primary-keyring /var/monkeysphere/gnupg-authentication/pubring.gpg ++keyring /var/monkeysphere/gnupg-host/pubring.gpg + + # PGP keyserver to use for PGP queries. + keyserver hkp://pgp.mit.edu diff --git a/packaging/freebsd/security/monkeysphere/pkg-deinstall b/packaging/freebsd/security/monkeysphere/pkg-deinstall new file mode 100755 index 0000000..3000878 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-deinstall @@ -0,0 +1,29 @@ +#!/bin/sh + +# a package removal script for monkeysphere (borrowing from +# monkeysphere's debian/monkeysphere.postrm) + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Copyright 2008 + +# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FreeBSD? +VARLIB="/var/monkeysphere" + + +case $2 in +POST-DEINSTALL) + USER=monkeysphere +# FIXME: This doesn't do anything! Under what circumstances do we +# want to actually automatically purge all of /var/monkeysphere? + +# (note: FreeBSD does not seem to want the package-specific user to be +# purged at package removal) + if pw user show "${USER}" 2>/dev/null >/dev/null; then + echo "Warning: If you will *NOT* use this package anymore, please remove the monkeysphere user manually." + fi + if [ -d "$VARLIB" ] ; then + echo "Warning: You may want to remove monkeysphere's cached authentication data and keyrings in $VARLIB" + fi +;; +esac diff --git a/packaging/freebsd/security/monkeysphere/pkg-descr b/packaging/freebsd/security/monkeysphere/pkg-descr new file mode 100644 index 0000000..9adc44f --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-descr @@ -0,0 +1,7 @@ +SSH key-based authentication is tried-and-true, but it lacks a true +Public Key Infrastructure for key certification, revocation and +expiration. Monkeysphere is a framework that uses the OpenPGP web of +trust for these PKI functions. It can be used in both directions: for +users to get validated host keys, and for hosts to authenticate users. + +WWW: http://web.monkeysphere.info/ diff --git a/packaging/freebsd/security/monkeysphere/pkg-install b/packaging/freebsd/security/monkeysphere/pkg-install new file mode 100755 index 0000000..70d37b5 --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-install @@ -0,0 +1,72 @@ +#!/bin/sh + +# an installation script for monkeysphere (borrowing liberally from +# postgresql and mysql pkg-install scripts, and from monkeysphere's +# debian/monkeysphere.postinst) + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Copyright 2008 + +# FIXME: is /var/lib/monkeysphere the right place for this stuff on +# FreeBSD? + +# PostgreSQL puts its data in /usr/local/pgsql/data + +# MySQL puts its data in /var/db/mysql + +VARLIB="/var/monkeysphere" +ETCDIR="/usr/local/etc/monkeysphere" + +case $2 in +POST-INSTALL) + USER=monkeysphere + GROUP=${USER} + UID=641 + GID=${UID} + SHELL=/usr/local/bin/bash + + if pw group show "${GROUP}" >/dev/null 2>&1; then + echo "You already have a group \"${GROUP}\", so I will use it." + else + if pw groupadd ${GROUP} -g ${GID}; then + echo "Added group \"${GROUP}\"." + else + echo "Adding group \"${GROUP}\" failed..." + exit 1 + fi + fi + + if pw user show "${USER}" >/dev/null 2>&1; then + oldshell=`pw user show "${USER}" 2>/dev/null | cut -f10 -d:` + if [ x"$oldshell" != x"$SHELL" ]; then + echo "You already have a \"${USER}\" user, but its shell is '$oldshell'." + echo "This package requires that \"${USER}\"'s shell be '$SHELL'." + echo "You should fix this by hand and then re-install the package." + echo " hint: pw usermod '$USER' -s '$SHELL'" + exit 1 + fi + echo "You already have a user \"${USER}\" with the proper shell, so I will use it." + else + if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ + -d "$VARLIB" -s /usr/local/bin/bash -c "monkeysphere authentication user,,," + then + echo "Added user \"${USER}\"." + else + echo "Adding user \"${USER}\" failed..." + exit 1 + fi + fi + + ## set up the cache directories, and link them to the config files: + + install -d -o root -g monkeysphere -m 750 "$VARLIB"/gnupg-host + ln -sf "$ETCDIR"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf + + install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication + ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf + + install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys + + monkeysphere-server diagnostics + ;; +esac diff --git a/packaging/freebsd/security/monkeysphere/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist new file mode 100644 index 0000000..04a704a --- /dev/null +++ b/packaging/freebsd/security/monkeysphere/pkg-plist @@ -0,0 +1,18 @@ +sbin/monkeysphere-server +share/doc/monkeysphere/TODO +share/doc/monkeysphere/MonkeySpec +share/doc/monkeysphere/getting-started-user.mdwn +share/doc/monkeysphere/getting-started-admin.mdwn +bin/openpgp2ssh +bin/monkeysphere-ssh-proxycommand +bin/monkeysphere +share/monkeysphere/common +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere.conf.sample %D/etc/monkeysphere/monkeysphere.conf; then rm -f %D/etc/monkeysphere/monkeysphere.conf; fi +etc/monkeysphere/monkeysphere.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere.conf ] ; then cp -p %D/%F %B/monkeysphere.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi +etc/monkeysphere/monkeysphere-server.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi +@dirrm share/doc/monkeysphere +@dirrm share/monkeysphere +@dirrm etc/monkeysphere |