commit: 3e3e91f811c2f74ee5ef2acf2ab9333b2c9927f6 Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org> AuthorDate: Sun Mar 27 01:31:32 2022 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Sat Apr 16 13:45:00 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e3e91f8
net-ftp/pure-ftpd: migrate to stand-alone configuration This bump changed at lot of things: * Deprecating configuration via 'conf.d', since not all option are available via command line. User will be informed about this. * Using '/etc/pure-ftpd.conf' as main configuration file, since more option are available here. * Adding pure-certd init script and config script for using SNI via FTP * Splitting Uploadscript into it's own init script * Simplified init script by removing much old stuff, which it seems, that it's not needed any more today. At least in my tests. * Adding SVCNAME support. * Removed sed for MAX_USER_LENGTH, as it's already default * Removed DOCS for default docs * Removed keepdir, since it looks like it's not needed anymore * Overhauled eBuild Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/24592 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> net-ftp/pure-ftpd/files/pure-certd.initd | 19 ++++ net-ftp/pure-ftpd/files/pure-certd.script | 27 ++++++ net-ftp/pure-ftpd/files/pure-ftpd.confd-r4 | 5 + net-ftp/pure-ftpd/files/pure-ftpd.initd-r12 | 23 +++++ net-ftp/pure-ftpd/files/pure-uploadscript.confd | 8 ++ net-ftp/pure-ftpd/files/pure-uploadscript.initd | 30 ++++++ ...ftpd-9999.ebuild => pure-ftpd-1.0.50-r2.ebuild} | 101 ++++++++++++--------- net-ftp/pure-ftpd/pure-ftpd-9999.ebuild | 101 ++++++++++++--------- 8 files changed, 224 insertions(+), 90 deletions(-) diff --git a/net-ftp/pure-ftpd/files/pure-certd.initd b/net-ftp/pure-ftpd/files/pure-certd.initd new file mode 100644 index 000000000000..1d254e5274a9 --- /dev/null +++ b/net-ftp/pure-ftpd/files/pure-certd.initd @@ -0,0 +1,19 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +certd_scriptfile="/etc/${SVCNAME}.sh" +certd_socketfile="/run/${SVCNAME}.sock" +pidfile="/run/pure-certd.pid" + +command="/usr/sbin/pure-certd" +command_args="--pidfile ${pidfile} --run ${certd_scriptfile} --socket ${certd_socketfile}" +command_background="true" + +start_pre() { + if [ ! -f "${certd_scriptfile}" ] ; then + eerror "The file ${certd_scriptfile} does not exist!" + eerror "Please create and configure the script." + return 1 + fi +} diff --git a/net-ftp/pure-ftpd/files/pure-certd.script b/net-ftp/pure-ftpd/files/pure-certd.script new file mode 100644 index 000000000000..77aa1bf9f702 --- /dev/null +++ b/net-ftp/pure-ftpd/files/pure-certd.script @@ -0,0 +1,27 @@ +#!/bin/sh +# Copyright 1999-2022 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Set default ssl directory +SSL_DIR="/etc/ssl/pure-ftpd" + +# Check SNI and select certificate +case "${CERTD_SNI_NAME}" in + domain1.tld) + FILE_CERT="${SSL_DIR}/domain1.tld.crt" + FILE_KEY="${SSL_DIR}/domain1.tld.key" + ;; + + domain2.tld) + FILE_CERT="${SSL_DIR}/domain2.tld.crt" + FILE_KEY="${SSL_DIR}/domain2.tld.key" + ;; +esac + +# Print selected certificate for 'pure-certd'. +# You can modify 'action' for your needs. +# See man page of 'pure-certd' for more information. +echo "action:fallback" +echo "cert_file:${FILE_CERT}" +echo "key_file:${FILE_KEY}" +echo "end" diff --git a/net-ftp/pure-ftpd/files/pure-ftpd.confd-r4 b/net-ftp/pure-ftpd/files/pure-ftpd.confd-r4 new file mode 100644 index 000000000000..d49b6c509c58 --- /dev/null +++ b/net-ftp/pure-ftpd/files/pure-ftpd.confd-r4 @@ -0,0 +1,5 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# Optionally depend on started Pure-Certd +# RC_NEED="pure-certd" diff --git a/net-ftp/pure-ftpd/files/pure-ftpd.initd-r12 b/net-ftp/pure-ftpd/files/pure-ftpd.initd-r12 new file mode 100644 index 000000000000..c971125784b7 --- /dev/null +++ b/net-ftp/pure-ftpd/files/pure-ftpd.initd-r12 @@ -0,0 +1,23 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +ftpd_configfile="/etc/${SVCNAME}.conf" +pidfile="/run/pure-ftpd.pid" + +command="/usr/sbin/pure-ftpd" +command_args="${ftpd_configfile}" +command_background="true" + +depend() { + need localmount + use netmount +} + +start_pre() { + if [ ! -f "${ftpd_configfile}" ] ; then + eerror "The file ${ftpd_configfile} does not exist!" + eerror "Please create and configure the configuration file." + return 1 + fi +} diff --git a/net-ftp/pure-ftpd/files/pure-uploadscript.confd b/net-ftp/pure-ftpd/files/pure-uploadscript.confd new file mode 100644 index 000000000000..4b8fca0deb8f --- /dev/null +++ b/net-ftp/pure-ftpd/files/pure-uploadscript.confd @@ -0,0 +1,8 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# If you want to process each file uploaded through Pure-FTPd, enter the name +# of the script that should process the files below. +# Use man pure-uploadscript to learn more about how to write this script. +# UPLOADSCRIPT="/path/to/uploadscript" diff --git a/net-ftp/pure-ftpd/files/pure-uploadscript.initd b/net-ftp/pure-ftpd/files/pure-uploadscript.initd new file mode 100644 index 000000000000..f0c57742e749 --- /dev/null +++ b/net-ftp/pure-ftpd/files/pure-uploadscript.initd @@ -0,0 +1,30 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +ftpd_configfile="/etc/${SVCNAME/uploadscript/ftpd}.conf" +pidfile="/run/pure-uploadscript.pid" + +command="/usr/sbin/pure-uploadscript" +command_args="${UPLOADSCRIPT}" +command_background="true" + +depend() { + need localmount + use netmount +} + +start_pre() { + if [ -n "${UPLOADSCRIPT}" ] ; then + eerror "The file ${ftpd_configfile} does not exist!" + eerror "Please create and configure the uploadscript file." + return 1 + fi + + if ! grep "^CallUploadScript" "${ftpd_configfile}" ; then + eerror "You cannot start this uploadscript," + eerror "unless you enable the option CallUploadScript" + eerror "in your main Pure-FTPd configuration file ${ftpd_configfile}" + return 1 + fi +} diff --git a/net-ftp/pure-ftpd/pure-ftpd-9999.ebuild b/net-ftp/pure-ftpd/pure-ftpd-1.0.50-r2.ebuild similarity index 59% copy from net-ftp/pure-ftpd/pure-ftpd-9999.ebuild copy to net-ftp/pure-ftpd/pure-ftpd-1.0.50-r2.ebuild index 4be40c54c4ef..3d32b367c5cd 100644 --- a/net-ftp/pure-ftpd/pure-ftpd-9999.ebuild +++ b/net-ftp/pure-ftpd/pure-ftpd-1.0.50-r2.ebuild @@ -6,66 +6,63 @@ EAPI=8 inherit flag-o-matic DESCRIPTION="Fast, production-quality, standard-conformant FTP server" -HOMEPAGE="http://www.pureftpd.org/"; +HOMEPAGE="https://www.pureftpd.org/project/pure-ftpd/"; if [[ "${PV}" == 9999 ]] ; then inherit autotools git-r3 EGIT_REPO_URI="https://github.com/jedisct1/pure-ftpd.git"; else - SRC_URI="ftp://ftp.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2 - http://download.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2"; + SRC_URI=" + ftp://ftp.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2 + http://download.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2 + " KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" fi LICENSE="BSD" SLOT="0" - IUSE="anondel anonperm anonren anonres caps implicittls ldap mysql noiplog pam paranoidmsg postgres resolveids selinux ssl sysquota vchroot xinetd" - REQUIRED_USE="implicittls? ( ssl )" -BDEPEND="sys-devel/autoconf-archive" - -DEPEND="dev-libs/libsodium:= +DEPEND=" + dev-libs/libsodium:= virtual/libcrypt:= caps? ( sys-libs/libcap ) ldap? ( >=net-nds/openldap-2.0.25:= ) mysql? ( || ( - dev-db/mariadb-connector-c - dev-db/mysql-connector-c - ) ) + dev-db/mariadb-connector-c + dev-db/mysql-connector-c + ) + ) pam? ( sys-libs/pam ) postgres? ( dev-db/postgresql:= ) - ssl? ( - >=dev-libs/openssl-0.9.6g:0=[-bindist(-)] - ) + ssl? ( dev-libs/openssl:0=[-bindist(-)] ) sysquota? ( sys-fs/quota[-rpc] ) - xinetd? ( virtual/inetd )" + xinetd? ( virtual/inetd ) +" -RDEPEND="${DEPEND} +RDEPEND=" + ${DEPEND} net-ftp/ftpbase - selinux? ( sec-policy/selinux-ftp )" + selinux? ( sec-policy/selinux-ftp ) +" -PATCHES=( - "${FILESDIR}/${PN}-1.0.28-pam.patch" -) +BDEPEND="sys-devel/autoconf-archive" + +PATCHES=( "${FILESDIR}/${PN}-1.0.28-pam.patch" ) src_prepare() { default + [[ "${PV}" == 9999 ]] && eautoreconf } src_configure() { - # adjust max user length to something more appropriate - # for virtual hosts. See bug #62472 for details. - sed -e "s:# define MAX_USER_LENGTH 32U:# define MAX_USER_LENGTH 127U:" \ - -i "${S}/src/ftpd.h" || die "sed failed" - # Those features are only configurable like this, see bug #179375. - use anondel && append-cppflags -DANON_CAN_DELETE - use anonperm && append-cppflags -DANON_CAN_CHANGE_PERMS - use anonren && append-cppflags -DANON_CAN_RENAME - use anonres && append-cppflags -DANON_CAN_RESUME - use resolveids && append-cppflags -DALWAYS_RESOLVE_IDS + use anondel && append-cppflags -DANON_CAN_DELETE + use anonperm && append-cppflags -DANON_CAN_CHANGE_PERMS + use anonren && append-cppflags -DANON_CAN_RENAME + use anonres && append-cppflags -DANON_CAN_RESUME + use resolveids && append-cppflags -DALWAYS_RESOLVE_IDS # Do not auto-use SSP -- let the user select this. export ax_cv_check_cflags___fstack_protector_all=no @@ -73,7 +70,7 @@ src_configure() { local myeconfargs=( --enable-largefile # Required for correct pid file location. - # pure-ftpd appends "/run/pure-ftpd.pid" to the localstatedir + # Pure-FTPd appends "/run/pure-ftpd.pid" to the localstatedir # path, and tries to write to that file even when being # started in foreground. So we need to pin this to / --localstatedir="${EPREFIX}"/ @@ -91,40 +88,41 @@ src_configure() { --with-throttling --with-uploadscript --with-virtualhosts + $(use_with implicittls) $(use_with ldap) $(use_with mysql) $(use_with pam) $(use_with paranoidmsg) $(use_with postgres pgsql) $(use_with ssl tls) - $(use_with implicittls) - $(use_with vchroot virtualchroot) $(use_with sysquota sysquotas) + $(use_with vchroot virtualchroot) $(usex caps '' '--without-capabilities') $(usex noiplog '--without-iplogging' '') $(usex xinetd '' '--without-inetd') ) + econf "${myeconfargs[@]}" } src_install() { - local DOCS=( AUTHORS ChangeLog FAQ HISTORY README* NEWS ) - default - newinitd "${FILESDIR}/pure-ftpd.rc11" ${PN} - newconfd "${FILESDIR}/pure-ftpd.conf_d-3" ${PN} + newinitd "${FILESDIR}/pure-ftpd.initd-r12" pure-ftpd + newconfd "${FILESDIR}/pure-ftpd.confd-r4" pure-ftpd + + newinitd "${FILESDIR}/pure-uploadscript.initd" pure-uploadscript + newconfd "${FILESDIR}/pure-uploadscript.confd" pure-uploadscript if use implicittls ; then - sed -i '/^SERVER/s@21@990@' "${ED}"/etc/conf.d/${PN} \ - || die "Adjusting default server port for implicittls usage failed!" + sed -e '/^# Bind/s@21@990@' -i "${ED}"/etc/pure-ftpd.conf || die fi - keepdir /var/lib/run/${PN} + if use ssl ; then + newinitd "${FILESDIR}/pure-certd.initd" pure-certd - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/pure-ftpd.xinetd" ${PN} + exeinto /etc + newexe "${FILESDIR}/pure-certd.script" pure-certd.sh fi if use ldap ; then @@ -134,17 +132,30 @@ src_install() { insopts -m 0600 doins pureftpd-ldap.conf fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/pure-ftpd.xinetd" pure-ftpd + fi } pkg_postinst() { - if [[ -z "${REPLACING_VERSIONS}" ]]; then + if [[ -z "${REPLACING_VERSIONS}" ]] ; then # This is a new installation elog - elog "Before starting Pure-FTPd, you have to edit the /etc/conf.d/pure-ftpd file!" + elog "Before starting Pure-FTPd, you have to edit the /etc/pure-ftpd.conf file!" elog ewarn "It's *really* important to read the README provided with Pure-FTPd!" ewarn "Check out http://download.pureftpd.org/pub/pure-ftpd/doc/README for general info" ewarn "and http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS for SSL/TLS info." ewarn + else + for v in ${REPLACING_VERSIONS} ; do + if ver_test "${v}" -le "1.0.50" ; then + einfo "Configuration through /etc/conf.d/pure-ftpd is now deprecated!" + einfo "Please migrate your settings to the new configuration file." + einfo "Use /etc/pure-ftpd.conf to adjust your settings." + fi + done fi } diff --git a/net-ftp/pure-ftpd/pure-ftpd-9999.ebuild b/net-ftp/pure-ftpd/pure-ftpd-9999.ebuild index 4be40c54c4ef..3d32b367c5cd 100644 --- a/net-ftp/pure-ftpd/pure-ftpd-9999.ebuild +++ b/net-ftp/pure-ftpd/pure-ftpd-9999.ebuild @@ -6,66 +6,63 @@ EAPI=8 inherit flag-o-matic DESCRIPTION="Fast, production-quality, standard-conformant FTP server" -HOMEPAGE="http://www.pureftpd.org/"; +HOMEPAGE="https://www.pureftpd.org/project/pure-ftpd/"; if [[ "${PV}" == 9999 ]] ; then inherit autotools git-r3 EGIT_REPO_URI="https://github.com/jedisct1/pure-ftpd.git"; else - SRC_URI="ftp://ftp.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2 - http://download.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2"; + SRC_URI=" + ftp://ftp.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2 + http://download.pureftpd.org/pub/${PN}/releases/${P}.tar.bz2 + " KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" fi LICENSE="BSD" SLOT="0" - IUSE="anondel anonperm anonren anonres caps implicittls ldap mysql noiplog pam paranoidmsg postgres resolveids selinux ssl sysquota vchroot xinetd" - REQUIRED_USE="implicittls? ( ssl )" -BDEPEND="sys-devel/autoconf-archive" - -DEPEND="dev-libs/libsodium:= +DEPEND=" + dev-libs/libsodium:= virtual/libcrypt:= caps? ( sys-libs/libcap ) ldap? ( >=net-nds/openldap-2.0.25:= ) mysql? ( || ( - dev-db/mariadb-connector-c - dev-db/mysql-connector-c - ) ) + dev-db/mariadb-connector-c + dev-db/mysql-connector-c + ) + ) pam? ( sys-libs/pam ) postgres? ( dev-db/postgresql:= ) - ssl? ( - >=dev-libs/openssl-0.9.6g:0=[-bindist(-)] - ) + ssl? ( dev-libs/openssl:0=[-bindist(-)] ) sysquota? ( sys-fs/quota[-rpc] ) - xinetd? ( virtual/inetd )" + xinetd? ( virtual/inetd ) +" -RDEPEND="${DEPEND} +RDEPEND=" + ${DEPEND} net-ftp/ftpbase - selinux? ( sec-policy/selinux-ftp )" + selinux? ( sec-policy/selinux-ftp ) +" -PATCHES=( - "${FILESDIR}/${PN}-1.0.28-pam.patch" -) +BDEPEND="sys-devel/autoconf-archive" + +PATCHES=( "${FILESDIR}/${PN}-1.0.28-pam.patch" ) src_prepare() { default + [[ "${PV}" == 9999 ]] && eautoreconf } src_configure() { - # adjust max user length to something more appropriate - # for virtual hosts. See bug #62472 for details. - sed -e "s:# define MAX_USER_LENGTH 32U:# define MAX_USER_LENGTH 127U:" \ - -i "${S}/src/ftpd.h" || die "sed failed" - # Those features are only configurable like this, see bug #179375. - use anondel && append-cppflags -DANON_CAN_DELETE - use anonperm && append-cppflags -DANON_CAN_CHANGE_PERMS - use anonren && append-cppflags -DANON_CAN_RENAME - use anonres && append-cppflags -DANON_CAN_RESUME - use resolveids && append-cppflags -DALWAYS_RESOLVE_IDS + use anondel && append-cppflags -DANON_CAN_DELETE + use anonperm && append-cppflags -DANON_CAN_CHANGE_PERMS + use anonren && append-cppflags -DANON_CAN_RENAME + use anonres && append-cppflags -DANON_CAN_RESUME + use resolveids && append-cppflags -DALWAYS_RESOLVE_IDS # Do not auto-use SSP -- let the user select this. export ax_cv_check_cflags___fstack_protector_all=no @@ -73,7 +70,7 @@ src_configure() { local myeconfargs=( --enable-largefile # Required for correct pid file location. - # pure-ftpd appends "/run/pure-ftpd.pid" to the localstatedir + # Pure-FTPd appends "/run/pure-ftpd.pid" to the localstatedir # path, and tries to write to that file even when being # started in foreground. So we need to pin this to / --localstatedir="${EPREFIX}"/ @@ -91,40 +88,41 @@ src_configure() { --with-throttling --with-uploadscript --with-virtualhosts + $(use_with implicittls) $(use_with ldap) $(use_with mysql) $(use_with pam) $(use_with paranoidmsg) $(use_with postgres pgsql) $(use_with ssl tls) - $(use_with implicittls) - $(use_with vchroot virtualchroot) $(use_with sysquota sysquotas) + $(use_with vchroot virtualchroot) $(usex caps '' '--without-capabilities') $(usex noiplog '--without-iplogging' '') $(usex xinetd '' '--without-inetd') ) + econf "${myeconfargs[@]}" } src_install() { - local DOCS=( AUTHORS ChangeLog FAQ HISTORY README* NEWS ) - default - newinitd "${FILESDIR}/pure-ftpd.rc11" ${PN} - newconfd "${FILESDIR}/pure-ftpd.conf_d-3" ${PN} + newinitd "${FILESDIR}/pure-ftpd.initd-r12" pure-ftpd + newconfd "${FILESDIR}/pure-ftpd.confd-r4" pure-ftpd + + newinitd "${FILESDIR}/pure-uploadscript.initd" pure-uploadscript + newconfd "${FILESDIR}/pure-uploadscript.confd" pure-uploadscript if use implicittls ; then - sed -i '/^SERVER/s@21@990@' "${ED}"/etc/conf.d/${PN} \ - || die "Adjusting default server port for implicittls usage failed!" + sed -e '/^# Bind/s@21@990@' -i "${ED}"/etc/pure-ftpd.conf || die fi - keepdir /var/lib/run/${PN} + if use ssl ; then + newinitd "${FILESDIR}/pure-certd.initd" pure-certd - if use xinetd ; then - insinto /etc/xinetd.d - newins "${FILESDIR}/pure-ftpd.xinetd" ${PN} + exeinto /etc + newexe "${FILESDIR}/pure-certd.script" pure-certd.sh fi if use ldap ; then @@ -134,17 +132,30 @@ src_install() { insopts -m 0600 doins pureftpd-ldap.conf fi + + if use xinetd ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/pure-ftpd.xinetd" pure-ftpd + fi } pkg_postinst() { - if [[ -z "${REPLACING_VERSIONS}" ]]; then + if [[ -z "${REPLACING_VERSIONS}" ]] ; then # This is a new installation elog - elog "Before starting Pure-FTPd, you have to edit the /etc/conf.d/pure-ftpd file!" + elog "Before starting Pure-FTPd, you have to edit the /etc/pure-ftpd.conf file!" elog ewarn "It's *really* important to read the README provided with Pure-FTPd!" ewarn "Check out http://download.pureftpd.org/pub/pure-ftpd/doc/README for general info" ewarn "and http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS for SSL/TLS info." ewarn + else + for v in ${REPLACING_VERSIONS} ; do + if ver_test "${v}" -le "1.0.50" ; then + einfo "Configuration through /etc/conf.d/pure-ftpd is now deprecated!" + einfo "Please migrate your settings to the new configuration file." + einfo "Use /etc/pure-ftpd.conf to adjust your settings." + fi + done fi }
