Minimally-tested rcynic installation for Mac OS X

svn path=/rcynic/Makefile.in; revision=3660

4 files changed, 0 insertions, 268 deletions

diff --git a/rcynic/scripts/freebsd/install.sh b/rcynic/scripts/freebsd/install.sh
deleted file mode 100644
index 2b3d1f4b..00000000
--- a/rcynic/scripts/freebsd/install.sh
+++ /dev/null
@@ -1,151 +0,0 @@
-#!/bin/sh -
-# $Id$
-#
-# Create a chroot jail for rcynic.
-#
-# This is approximately what a pkg-install script might do if this were
-# a FreeBSD port.  Perhaps some day it will be.
-
-: ${jaildir="/var/rcynic"}
-: ${jailuser="rcynic"}
-: ${jailgroup="rcynic"}
-: ${setupcron="NO"}
-
-echo "Setting up \"${jaildir}\" as a chroot jail for rcynic."
-
-if /usr/sbin/pw groupshow "${jailgroup}" 2>/dev/null; then
-    echo "You already have a group \"${jailgroup}\", so I will use it."
-elif /usr/sbin/pw groupadd ${jailgroup}; then
-    echo "Added group \"${jailgroup}\"."
-else
-    echo "Adding group \"${jailgroup}\" failed..."
-    echo "Please create it, then try again."
-    exit 1
-fi
-
-if /usr/sbin/pw usershow "${jailuser}" 2>/dev/null; then
-    echo "You already have a user \"${jailuser}\", so I will use it."
-elif /usr/sbin/pw useradd ${jailuser} -g ${jailgroup} -h - -d /nonexistant -s /usr/sbin/nologin -c "RPKI validation system"; then
-    echo "Added user \"${jailuser}\"."
-else
-    echo "Adding user \"${jailuser}\" failed..."
-    echo "Please create it, then try again."
-    exit 1
-fi
-
-if ! /bin/test -d "${jaildir}"; then
-    /bin/mkdir "${jaildir}"
-fi
-
-if /usr/bin/install -m 555 -o root -g wheel -p rc.d.rcynic /usr/local/etc/rc.d/rcynic; then
-    echo "Installed rc.d.rcynic as /usr/local/etc/rc.d/rcynic"
-else
-    echo "Installing /usr/local/etc/rc.d/rcynic failed"
-    exit 1
-fi
-
-echo "Running /usr/local/etc/rc.d/rcynic to set up directories"
-
-if ! rcynic_jaildir="$jaildir" rcynic_user="$jailuser" rcynic_group="$jailgroup" /bin/sh /usr/local/etc/rc.d/rcynic start; then
-    echo "Directory setup failed"
-    exit 1
-fi
-
-if /bin/test -r "$jaildir/etc/rcynic.conf"; then
-    echo "You already have config file \"${jaildir}/etc/rcynic.conf\", so I will use it."
-elif /usr/bin/install -m 444 -o root -g wheel -p ../sample-rcynic.conf "${jaildir}/etc/rcynic.conf"; then
-    echo "Installed minimal ${jaildir}/etc/rcynic.conf, adding SAMPLE trust anchors"
-    for i in ../../sample-trust-anchors/*.cer; do
-	j="$jaildir/etc/trust-anchors/${i##*/}"
-	/bin/test -r "$i" || continue
-	/bin/test -r "$j" && continue
-	echo "Installing $i as $j"
-	/usr/bin/install -m 444 -o root -g wheel -p "$i" "$j"
-    done
-    j=1
-    for i in $jaildir/etc/trust-anchors/*.cer; do
-	echo >>"${jaildir}/etc/rcynic.conf" "trust-anchor.$j		= /etc/trust-anchors/${i##*/}"
-	j=$((j+1))
-    done
-else
-    echo "Installing minimal ${jaildir}/etc/rcynic.conf failed"
-    exit 1
-fi
-
-echo "Installing rcynic as ${jaildir}/bin/rcynic"
-
-/usr/bin/install -m 555 -o root -g wheel -p ../../rcynic "${jaildir}/bin/rcynic"
-
-if /bin/test ! -x "$jaildir/bin/rsync" -a ! -x ../../static-rsync/rsync; then
-    echo "Building static rsync for jail, this may take a little while"
-    (cd ../../static-rsync && exec make)
-fi
-
-if /bin/test -x "$jaildir/bin/rsync"; then
-    echo "You already have an executable \"$jaildir/bin/rsync\", so I will use it"
-elif /usr/bin/install -m 555 -o root -g wheel -p ../../static-rsync/rsync "${jaildir}/bin/rsync"; then
-    echo "Installed static rsync as \"${jaildir}/bin/rsync\""
-else
-    echo "Installing static rsync failed"
-    exit 1
-fi
-
-if /usr/bin/install -m 444 -o root -g wheel -p ../../rcynic.xsl "${jaildir}/etc/rcynic.xsl"; then
-    echo "Installed rcynic.xsl as \"${jaildir}/etc/rcynic.xsl\""
-else
-    echo "Installing rcynic.xsl failed"
-    exit 1
-fi
-
-echo "Setting up root's crontab to run jailed rcynic"
-
-case "$setupcron" in
-YES|yes)
-    /usr/bin/crontab -l -u root 2>/dev/null |
-    /usr/bin/awk -v "jailuser=$jailuser" -v "jailgroup=$jailgroup" -v "jaildir=$jaildir" '
-	BEGIN {
-	    cmd = "exec /usr/sbin/chroot -u " jailuser " -g " jailgroup " " jaildir;
-	    cmd = cmd " /bin/rcynic -c /etc/rcynic.conf";
-	}
-	$0 !~ cmd {
-	    print;
-	}
-	END {
-	    "/usr/bin/hexdump -n 2 -e \"\\\"%u\\\\\\n\\\"\" /dev/random" | getline;
-	    printf "%u * * * *\t%s\n", $1 % 60, cmd;
-	}' |
-    /usr/bin/crontab -u root -
-    /bin/cat <<EOF
-
-	crontab is set up to run rcynic hourly, at a randomly selected
-	minute (to spread load on the rsync servers).  Please do NOT
-	adjust this to run on the hour.  In particular please do NOT
-	adjust this to run at midnight UTC.
-EOF
-    ;;
-
-*)
-    /bin/cat <<EOF
-
-	You'll need to add a crontab entry running the following command as root:
-
-	    /usr/sbin/chroot -u $jailuser -g $jailgroup $jaildir /bin/rcynic -c /etc/rcynic.conf
-
-	Please try to pick a random time for this, don't just run it on the hour,
-	or at local midnight, or, worst of all, at midnight UTC.
-
-EOF
-    ;;
-
-esac
-
-/bin/cat <<EOF
-
-	Jail set up. You may need to customize $jaildir/etc/rcynic.conf.
-	If you did not install your own trust anchors, a default set
-	of SAMPLE trust anchors may have been installed for you, but
-	you, the relying party, are the only one who can decide
-	whether you trust those anchors.  rcynic will not do anything
-	useful without good trust anchors.
-
-EOF
diff --git a/rcynic/scripts/freebsd/rc.d.rcynic b/rcynic/scripts/freebsd/rc.d.rcynic
deleted file mode 100755
index b86c9b81..00000000
--- a/rcynic/scripts/freebsd/rc.d.rcynic
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh -
-#
-# $Id$
-#
-# PROVIDE: rcynic
-# REQUIRE: DAEMON
-# KEYWORD: nojail
-
-. /etc/rc.subr
-
-name="rcynic"
-start_cmd="rcynic_start"
-stop_cmd="rcynic_stop"
-
-: ${rcynic_jaildir="/var/rcynic"}
-: ${rcynic_user="rcynic"}
-: ${rcynic_group="rcynic"}
-
-rcynic_start()
-{
-	/bin/test -d "${rcynic_jaildir}" || /bin/mkdir "${rcynic_jaildir}"
-	/sbin/umount "${rcynic_jaildir}/dev" 2>/dev/null
-
-	/usr/sbin/mtree -deU -p "${rcynic_jaildir}" <<EOF
-
-		/set type=dir uname=root gname=wheel mode=0555
-		.
-			bin
-			..
-			dev
-			..
-			etc
-				trust-anchors
-				..
-			..
-			var
-				run
-				..
-			..
-			data	uname=${rcynic_user} gname=${rcynic_group} mode=0755
-			..
-		..
-EOF
-
-	/bin/chmod -R a-w "${rcynic_jaildir}/bin" "${rcynic_jaildir}/etc"
-	/usr/sbin/chown -R root:wheel "${rcynic_jaildir}/bin" "${rcynic_jaildir}/etc"
-
-	if ! /sbin/mount -t devfs dev "${rcynic_jaildir}/dev"; then
-		echo "Mounting devfs on ${rcynic_jaildir}/dev failed..."
-		exit 1
-	fi
-
-	/sbin/devfs -m "${rcynic_jaildir}/dev" rule apply hide
-	/sbin/devfs -m "${rcynic_jaildir}/dev" rule apply path null unhide
-	/sbin/devfs -m "${rcynic_jaildir}/dev" rule apply path random unhide
-
-	for i in /etc/localtime /etc/resolv.conf; do
-		j="${rcynic_jaildir}${i}"
-		if /bin/test -r "$i" && ! /usr/bin/cmp -s "$i" "$j"; then
-			/usr/bin/install -m 444 -o root -g wheel -p "$i" "$j"
-		fi
-	done
-}
-
-rcynic_stop()
-{
-	/sbin/umount "${rcynic_jaildir}/dev" 2>/dev/null
-}
-
-load_rc_config $name
-run_rc_command "$1"
diff --git a/rcynic/scripts/install.sh b/rcynic/scripts/install.sh
deleted file mode 100644
index 9c7fa3fb..00000000
--- a/rcynic/scripts/install.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh -
-# $Id$
-
-set -e
-
-case "$1" in
-
-freebsd*)
-	cd freebsd
-	. install.sh
-	;;
-
-# linux*) ;;
-# darwin*) ;;
-*)
-	echo 1>&2 "Don't know how to install rcynic jail on platform $uname"
-	exit 1
-	;;
-esac
diff --git a/rcynic/scripts/sample-rcynic.conf b/rcynic/scripts/sample-rcynic.conf
deleted file mode 100644
index 6e464e7e..00000000
--- a/rcynic/scripts/sample-rcynic.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# $Id$
-#
-# Sample rcynic configuration file for FreeBSD jailed environment
-
-[rcynic]
-rsync-program		= /bin/rsync
-authenticated		= /data/authenticated
-old-authenticated	= /data/authenticated.old
-unauthenticated		= /data/unauthenticated
-lockfile		= /data/lock
-jitter			= 600
-use-syslog		= true
-log-level		= log_usage_err
-
-# You need to specify some trust anchors here, eg:
-
-#trust-anchor.1		= /etc/trust-anchors/ta-1.cer
-#trust-anchor.2		= /etc/trust-anchors/ta-2.cer
-
-# or, using the "Trust Anchor Locator" form:
-
-#trust-anchor-locator.1	= /etc/trust-anchors/ta-1.tal
-#trust-anchor-locator.2	= /etc/trust-anchors/ta-2.tal
-
-# The choice between these two formats depends largely on the policies
-# of the entity generating the corresponding trust anchor, ie, will
-# probably be made for you by the generating entity.