diff options
Diffstat (limited to 'rcynic')
| -rw-r--r-- | rcynic/Makefile.in | 141 | ||||
| -rw-r--r-- | rcynic/installation-scripts/deinstall.sh | 5 | ||||
| -rw-r--r-- | rcynic/installation-scripts/freebsd/install.sh | 19 | ||||
| -rw-r--r-- | rcynic/installation-scripts/linux/install.sh | 46 | ||||
| -rw-r--r-- | rcynic/installation-scripts/manifest.sh | 23 | ||||
| -rw-r--r-- | rcynic/rules.darwin.mk | 38 | ||||
| -rw-r--r-- | rcynic/rules.freebsd.mk | 25 | ||||
| -rw-r--r-- | rcynic/rules.linux.mk | 27 | ||||
| -rw-r--r-- | rcynic/rules.unknown.mk | 4 | ||||
| -rw-r--r-- | rcynic/static-rsync/Makefile.in | 3 |
10 files changed, 252 insertions, 79 deletions
diff --git a/rcynic/Makefile.in b/rcynic/Makefile.in index 777fe18f..58522a7f 100644 --- a/rcynic/Makefile.in +++ b/rcynic/Makefile.in @@ -14,22 +14,37 @@ CFLAGS = @CFLAGS@ -Wall -Wshadow -Wmissing-prototypes -Wmissing-declarations -We LDFLAGS = @LDFLAGS@ @LD_STATIC_FLAG@ LIBS = @LIBS@ -AWK = @AWK@ -SORT= @SORT@ -PYTHON = @PYTHON@ -RRDTOOL = @RRDTOOL@ - -abs_top_srcdir = @abs_top_srcdir@ -abs_top_builddir = @abs_top_builddir@ - -host_os = @host_os@ +AWK = @AWK@ +SORT = @SORT@ +PYTHON = @PYTHON@ +RRDTOOL = @RRDTOOL@ +INSTALL = @INSTALL@ + +abs_top_srcdir = @abs_top_srcdir@ +abs_top_builddir = @abs_top_builddir@ + +RCYNIC_INSTALL_TARGETS = @RCYNIC_INSTALL_TARGETS@ +RCYNIC_DIR = @RCYNIC_DIR@ +RCYNIC_JAIL_DIRS = @RCYNIC_JAIL_DIRS@ +RCYNIC_CONF_FILE = @RCYNIC_CONF_FILE@ +RCYNIC_TA_DIR = @RCYNIC_TA_DIR@ +RCYNIC_DATA_DIR = ${RCYNIC_DIR}/data +RCYNIC_RPKI_RTR_DIR = ${RCYNIC_DIR}/rpki-rtr +RCYNIC_DIRS = ${RCYNIC_TA_DIR} ${RCYNIC_JAIL_DIRS} ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR} +RCYNIC_CONF_RSYNC = @RCYNIC_CONF_RSYNC@ +RCYNIC_CONF_DATA = @RCYNIC_CONF_DATA@ +RCYNIC_CONF_TA_DIR = @RCYNIC_CONF_TA_DIR@ +RCYNIC_USER = rcynic +RCYNIC_GROUP = rcynic +RCYNIC_GECOS = RPKI Validation System +RCYNIC_STATIC_RSYNC = @RCYNIC_STATIC_RSYNC@ SCRIPTS = rcynic-text rcynic-html rcynic-svn validation_status -all: ${BIN} ${SCRIPTS} +all: ${BIN} ${SCRIPTS} ${RCYNIC_STATIC_RSYNC} clean: - cd static-rsync; ${MAKE} $@ + if test -r static-rsync/Makefile; then cd static-rsync; ${MAKE} $@; fi rm -f ${BIN} ${OBJS} ${SCRIPTS} ${OBJ}: ${SRC} ${GEN} @@ -41,30 +56,6 @@ ${GEN}: ${SRC} ${PYTHON} ${abs_top_srcdir}/buildtools/defstack.py ${SRC} >$@.tmp mv $@.tmp $@ -test: ${BIN} - if test -r rcynic.conf; \ - then \ - ./${BIN} -j 0 && \ - test -r rcynic.xml && \ - echo && \ - ./rcynic-text rcynic.xml; \ - else \ - echo No rcynic.conf, skipping test; \ - fi - -install: ${BIN} installation-scripts/install.sh - cd installation-scripts; host_os="${host_os}"; DESTDIR="${DESTDIR}"; AWK="${AWK}"; SORT="${SORT}"; . ./install.sh - -uninstall deinstall: - cd installation-scripts; host_os="${host_os}"; DESTDIR="${DESTDIR}"; . ./deinstall.sh - -installation-manifest: - cd installation-scripts; host_os="${host_os}"; abs_top_builddir="${abs_top_builddir}"; . ./manifest.sh - -distclean: clean - cd static-rsync; ${MAKE} $@ - rm -f Makefile - COMPILE_PYTHON = \ AC_PYTHON_INTERPRETER='${PYTHON}' \ AC_RRDTOOL_BINARY='${RRDTOOL}' \ @@ -87,3 +78,83 @@ tags: TAGS TAGS: ${SRC} ${GEN} etags ${SRC} ${GEN} + +test: ${BIN} + if test -r rcynic.conf; \ + then \ + ./${BIN} -j 0 && \ + test -r rcynic.xml && \ + echo && \ + ./rcynic-text rcynic.xml; \ + else \ + echo No rcynic.conf, skipping test; \ + fi + +uninstall deinstall: + @echo Sorry, automated deinstallation of rcynic is not implemented yet + +distclean: clean + if test -r static-rsync/Makefile; then cd static-rsync; ${MAKE} $@; fi + rm -f Makefile + +static-rsync/rsync: + @echo "Building static rsync for use in chroot jail" + cd static-rsync; ${MAKE} all + +install: ${BIN} ${RSYNC_INSTALL_TARGETS} + +# From here down is a long list of rules to handle installation on +# various platforms. This used to be a set of nasty shell scripts, +# now it's nasty Makefile autoconf AC_SUBST_FILE snippets. +# +# Still working out details here. + +create-rcynic-directories: ${RCYNIC_DIRS} + +${RCYNIC_DIRS}: + mkdir -p -v -555 $@ + +postconf-rcynic-directories: ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR} + chown ${RCYNIC_USER}:${RCYNIC_GROUP} ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR} + +# Old script only installed trust anchors if rcynic.conf was missing. +# Haven't decided yet whether we want to preserve that behavior. + +install-rcynic-trust-anchors: ${RCYNIC_TA_DIR} + @cd sample-trust-anchors; \ + for i in *.tal; \ + do \ + ${INSTALL} -C -p -m 444 "$$i" "${RCYNIC_TA_DIR}/$$i"; \ + done + +install-rcynic-conf: ${RCYNIC_CONF_FILE} + +${RCYNIC_CONF_FILE}: + @echo Found no ${RCYNIC_CONF_FILE}, creating sample config. You might want to edit this. + @echo > $@.tmp '# Sample rcynic configuration file. See documentation for details.' + @echo >>$@.tmp '' + @echo >>$@.tmp '[rcynic]' + @echo >>$@.tmp 'rsync-program = ${RCYNIC_CONF_RSYNC}' + @echo >>$@.tmp 'authenticated = ${RCYNIC_CONF_DATA}/authenticated' + @echo >>$@.tmp 'unauthenticated = ${RCYNIC_CONF_DATA}/unauthenticated' + @echo >>$@.tmp 'lockfile = ${RCYNIC_CONF_DATA}/lock' + @echo >>$@.tmp 'xml-summary = ${RCYNIC_CONF_DATA}/rcynic.xml' + @echo >>$@.tmp 'jitter = 600' + @echo >>$@.tmp 'use-syslog = true' + @echo >>$@.tmp 'log-level = log_usage_err' + @cd ${RCYNIC_TA_DIR}; \ + j=1; \ + for i in *.tal; \ + do \ + echo >>$@ "trust-anchor-locator.$$j = ${RCYNIC_CONF_TA_DIR}/$$i"; \ + j=$$((j+1)); \ + done + @chmod 444 $@.tmp + @mv $@.tmp $@ + +.FORCE: + +# Not sure we want this, test it both ways I guess +#.PHONY: .FORCE + +@RCYNIC_MAKE_RULES@ diff --git a/rcynic/installation-scripts/deinstall.sh b/rcynic/installation-scripts/deinstall.sh deleted file mode 100644 index 113794a4..00000000 --- a/rcynic/installation-scripts/deinstall.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -# $Id$ - -echo Sorry, automated deinstallation of rcynic is not implemented yet -exit 1 diff --git a/rcynic/installation-scripts/freebsd/install.sh b/rcynic/installation-scripts/freebsd/install.sh index 105de21b..7f3e9f02 100644 --- a/rcynic/installation-scripts/freebsd/install.sh +++ b/rcynic/installation-scripts/freebsd/install.sh @@ -34,7 +34,7 @@ else fi if ! /bin/test -d "${jaildir}"; then - /bin/mkdir "${jaildir}" + /bin/mkdir -p "${jaildir}" fi if /usr/bin/install -m 555 -o root -g wheel -p rc.d.rcynic ${DESTDIR}/usr/local/etc/rc.d/rcynic; then @@ -51,10 +51,8 @@ if ! rcynic_jaildir="$jaildir" rcynic_user="$jailuser" rcynic_group="$jailgroup" exit 1 fi -if /bin/test -r "$jaildir/etc/rcynic.conf"; then - echo "You already have config file \"${jaildir}/etc/rcynic.conf\", so I will use it." -elif /usr/bin/install -m 444 -o root -g wheel -p ../sample-rcynic.conf "${jaildir}/etc/rcynic.conf"; then - echo "Installed minimal ${jaildir}/etc/rcynic.conf, adding SAMPLE trust anchors" +if /usr/bin/install -m 444 -o root -g wheel -p ../sample-rcynic.conf "${jaildir}/etc/rcynic.conf.sample"; then + echo "Installed minimal ${jaildir}/etc/rcynic.conf.sample, adding SAMPLE trust anchors" for i in ../../sample-trust-anchors/*.tal; do j="$jaildir/etc/trust-anchors/${i##*/}" /bin/test -r "$i" || continue @@ -64,10 +62,19 @@ elif /usr/bin/install -m 444 -o root -g wheel -p ../sample-rcynic.conf "${jaildi done j=1 for i in $jaildir/etc/trust-anchors/*.tal; do - echo >>"${jaildir}/etc/rcynic.conf" "trust-anchor-locator.$j = /etc/trust-anchors/${i##*/}" + echo >>"${jaildir}/etc/rcynic.conf.sample" "trust-anchor-locator.$j = /etc/trust-anchors/${i##*/}" j=$((j+1)) done else + echo "Installing minimal ${jaildir}/etc/rcynic.conf.sample failed" + exit 1 +fi + +if /bin/test -r "$jaildir/etc/rcynic.conf"; then + echo "You already have config file \"${jaildir}/etc/rcynic.conf\", so I will use it." +elif /bin/cp -p "$jaildir/etc/rcynic.conf.sample" "$jaildir/etc/rcynic.conf"; then + echo "Installed minimal ${jaildir}/etc/rcynic.conf" +else echo "Installing minimal ${jaildir}/etc/rcynic.conf failed" exit 1 fi diff --git a/rcynic/installation-scripts/linux/install.sh b/rcynic/installation-scripts/linux/install.sh index 3c9a6412..039c753b 100644 --- a/rcynic/installation-scripts/linux/install.sh +++ b/rcynic/installation-scripts/linux/install.sh @@ -10,9 +10,21 @@ : ${jailgroup="rcynic"} : ${setupcron="NO"} +echo "Checking whether we are running under fakeroot" + +if test `whoami` = `(unset LD_PRELOAD; whoami)` +then + running_fakeroot=no +else + running_fakeroot=yes +fi + echo "Setting up \"${jaildir}\" as a chroot jail for rcynic." -if ${AWK} -F: -v jailgroup="${jailgroup}" 'BEGIN {status = 1} $1 == jailgroup {status = 0} END {exit status}' /etc/group +if test $running_fakeroot = yes +then + echo "Running under fakeroot, so skipping ${jailgroup} group setup" +elif ${AWK} -F: -v jailgroup="${jailgroup}" 'BEGIN {status = 1} $1 == jailgroup {status = 0} END {exit status}' /etc/group then echo "You already have a group \"${jailgroup}\", so I will use it." elif /usr/sbin/groupadd ${jailgroup} @@ -34,7 +46,10 @@ if test -f /etc/redhat-release; then fi fi -if ${AWK} -F: -v jailuser="${jailuser}" 'BEGIN {status = 1} $1 == jailuser {status = 0} END {exit status}' /etc/passwd +if test $running_fakeroot = yes +then + echo "Running under fakeroot, so skipping ${jailuser} user setup" +elif ${AWK} -F: -v jailuser="${jailuser}" 'BEGIN {status = 1} $1 == jailuser {status = 0} END {exit status}' /etc/passwd then echo "You already have a user \"${jailuser}\", so I will use it." elif /usr/sbin/useradd -g ${jailgroup} -M $nogroup -d "${jaildir}" -s /sbin/nologin -c "RPKI validation system" ${jailuser} @@ -69,7 +84,10 @@ fi echo "Installing device inodes" -if ! (cd /dev; /bin/ls null zero random urandom | /bin/cpio -puv "${jaildir}/dev") +if test $running_fakeroot = yes +then + echo "Running under fakeroot, so skipping ${jaildir}/dev device inode setup" +elif ! (cd /dev; /bin/ls null zero random urandom | /bin/cpio -puv "${jaildir}/dev") then echo "Unable to install device inodes in ${jaildir}/dev/, please fix this then try again" exit 1 @@ -93,17 +111,21 @@ echo "Whacking file permissions" if ! /bin/chmod -R a-w "${jaildir}/bin" "${jaildir}/etc" || ! /bin/chmod -R 755 "${jaildir}/data" || - ! /bin/chown -R root:root "${jaildir}/bin" "${jaildir}/etc" || - ! /bin/chown -R "${jailuser}:${jailgroup}" "${jaildir}/data" + ( test -f "${jaildir}/etc/rsa_key" && ! /bin/chmod 400 "${jaildir}/etc/rsa_key" ) then - echo "Unable to set file permissions and ownerships correctly, please fix this and try again" + echo "Unable to set file permissions correctly, please fix this and try again" exit 1 fi -if test -f "${jaildir}/etc/rsa_key" +if test $running_fakeroot = yes +then + echo "Running under fakeroot, so skipping ${jaildir} chown calls" +elif ! /bin/chown -R root:root "${jaildir}/bin" "${jaildir}/etc" || + ! /bin/chown -R "${jailuser}:${jailgroup}" "${jaildir}/data" || + ( test -f "${jaildir}/etc/rsa_key" && ! /bin/chown "${jailuser}" "${jaildir}/etc/rsa_key" ) then - /bin/chmod 400 "${jaildir}/etc/rsa_key" - /bin/chown "${jailuser}" "${jaildir}/etc/rsa_key" + echo "Unable to set file ownership correctly, please fix this and try again" + exit 1 fi if test -r "$jaildir/etc/rcynic.conf"; then @@ -196,10 +218,14 @@ else exit 1 fi -echo "Setting up root's crontab to run jailed rcynic" +if test $running_fakeroot = yes +then + setupcron=NO +fi case "$setupcron" in YES|yes) + echo "Setting up root's crontab to run jailed rcynic" /usr/bin/crontab -l -u root 2>/dev/null | ${AWK} -v "jailuser=$jailuser" -v "jailgroup=$jailgroup" -v "jaildir=$jaildir" ' BEGIN { diff --git a/rcynic/installation-scripts/manifest.sh b/rcynic/installation-scripts/manifest.sh deleted file mode 100644 index 26872b1a..00000000 --- a/rcynic/installation-scripts/manifest.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -# $Id$ - -echo >>${abs_top_builddir}/installation-manifest D %%RCYNICJAILDIR%% -echo >>${abs_top_builddir}/installation-manifest D %%RCYNICJAILDIR%%/bin -echo >>${abs_top_builddir}/installation-manifest D %%RCYNICJAILDIR%%/dev -echo >>${abs_top_builddir}/installation-manifest D %%RCYNICJAILDIR%%/etc -echo >>${abs_top_builddir}/installation-manifest D %%RCYNICJAILDIR%%/etc/trust-anchors -echo >>${abs_top_builddir}/installation-manifest D %%RCYNICJAILDIR%%/var -echo >>${abs_top_builddir}/installation-manifest D %%RCYNICJAILDIR%%/data - -echo >>${abs_top_builddir}/installation-manifest F %%RCYNICJAILDIR%%/bin/rcynic -echo >>${abs_top_builddir}/installation-manifest F %%RCYNICJAILDIR%%/bin/rsync -echo >>${abs_top_builddir}/installation-manifest F %%RCYNICJAILDIR%%/bin/rcynic-html - -# Not sure what to do about %%RCYNICJAILDIR%%/${libdir}/* on Linux, as we -# don't know what goes there until we compute the transitive closure -# of ldd dependencies. Ick. Ignore for now. - -case "${host_os}" in -freebsd*) echo >>${abs_top_builddir}/installation-manifest F %%RCDIR%%/rcynic;; -darwin*) echo >>${abs_top_builddir}/installation-manifest F /Library/StartupItems/RCynic;; -esac diff --git a/rcynic/rules.darwin.mk b/rcynic/rules.darwin.mk new file mode 100644 index 00000000..8f0e87b7 --- /dev/null +++ b/rcynic/rules.darwin.mk @@ -0,0 +1,38 @@ +# $Id$ + +create-rcynic-user-and-group: .FORCE + if /usr/bin/dscl . -read "/Groups/${RCYNIC_GROUP}" >/dev/null 2>&1; \ + then \ + echo "You already have a group \"${RCYNIC_GROUP}\", so I will use it."; \ + elif gid="$$(/usr/bin/dscl . -list /Groups PrimaryGroupID | /usr/bin/awk 'BEGIN {gid = 501} $$2 >= gid {gid = 1 + $$2} END {print gid}')" && \ + /usr/bin/dscl . -create "/Groups/${RCYNIC_GROUP}" && \ + /usr/bin/dscl . -create "/Groups/${RCYNIC_GROUP}" RealName "${RCYNIC_GECOS}" && \ + /usr/bin/dscl . -create "/Groups/${RCYNIC_GROUP}" PrimaryGroupID "$$gid" && \ + /usr/bin/dscl . -create "/Groups/${RCYNIC_GROUP}" GeneratedUID "$$(/usr/bin/uuidgen)" && \ + /usr/bin/dscl . -create "/Groups/${RCYNIC_GROUP}" Password "*"; \ + then \ + echo "Added group \"${RCYNIC_GROUP}\"."; \ + else \ + echo "Adding group \"${RCYNIC_GROUP}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi; \ + if /usr/bin/dscl . -read "/Users/${RCYNIC_USER}" >/dev/null 2>&1; \ + then \ + echo "You already have a user \"${RCYNIC_USER}\", so I will use it."; \ + elif uid="$$(/usr/bin/dscl . -list /Users UniqueID | /usr/bin/awk 'BEGIN {uid = 501} $$2 >= uid {uid = 1 + $$2} END {print uid}')" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" UserShell "/usr/bin/false" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" RealName "${RCYNIC_GECOS}" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" UniqueID "$$uid" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" PrimaryGroupID "$$gid" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" NFSHomeDirectory "/var/empty" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" GeneratedUID "$$(/usr/bin/uuidgen)" && \ + /usr/bin/dscl . -create "/Users/${RCYNIC_USER}" Password "*"; \ + then \ + echo "Added user \"${RCYNIC_USER}\"."; \ + else \ + echo "Adding user \"${RCYNIC_USER}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi diff --git a/rcynic/rules.freebsd.mk b/rcynic/rules.freebsd.mk new file mode 100644 index 00000000..3eab4780 --- /dev/null +++ b/rcynic/rules.freebsd.mk @@ -0,0 +1,25 @@ +# $Id$ + +create-rcynic-user-and-group: .FORCE + if /usr/sbin/pw groupshow "${RCYNIC_GROUP}" 2>/dev/null; \ + then \ + echo "You already have a group \"${RCYNIC_GROUP}\", so I will use it."; \ + elif /usr/sbin/pw groupadd ${RCYNIC_GROUP}; \ + then \ + echo "Added group \"${RCYNIC_GROUP}\"."; \ + else \ + echo "Adding group \"${RCYNIC_GROUP}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi + if /usr/sbin/pw usershow "${RCYNIC_USER}" 2>/dev/null; \ + then \ + echo "You already have a user \"${RCYNIC_USER}\", so I will use it."; \ + elif /usr/sbin/pw useradd ${RCYNIC_USER} -g ${RCYNIC_GROUP} -h - -d /nonexistant -s /usr/sbin/nologin -c "${RCYNIC_GECOS}"; \ + then \ + echo "Added user \"${RCYNIC_USER}\"."; \ + else \ + echo "Adding user \"${RCYNIC_USER}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi diff --git a/rcynic/rules.linux.mk b/rcynic/rules.linux.mk new file mode 100644 index 00000000..3ed5b730 --- /dev/null +++ b/rcynic/rules.linux.mk @@ -0,0 +1,27 @@ +# $Id$ + +create-rcynic-user-and-group: .FORCE + if ${AWK} -F: 'BEGIN {status = 1} $$1 == ${RCYNIC_GROUP} {status = 0} END {exit status}' /etc/group; \ + then \ + echo "You already have a group \"${RCYNIC_GROUP}\", so I will use it."; \ + elif /usr/sbin/groupadd ${RCYNIC_GROUP}; \ + then \ + echo "Added group \"${RCYNIC_GROUP}\"."; \ + else \ + echo "Adding group \"${RCYNIC_GROUP}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi + nogroup='-N'; \ + if test -f /etc/redhat-release; then; read vendor release version < /etc/redhat-release; if test $$vendor = CentOS; then; nogroup='-n'; fi; fi; \ + if ${AWK} -F: 'BEGIN {status = 1} $$1 == ${RCYNIC_USER} {status = 0} END {exit status}' /etc/passwd; \ + then \ + echo "You already have a user \"${RCYNIC_USER}\", so I will use it." \ + elif /usr/sbin/useradd -g ${RCYNIC_GROUP} -M $$nogroup -d "${RCYNIC_DIR}" -s /sbin/nologin -c "${RCYNIC_GECOS}" ${RCYNIC_USER}; \ + then \ + echo "Added user \"${RCYNIC_USER}\"."; \ + else \ + echo "Adding user \"${RCYNIC_USER}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi diff --git a/rcynic/rules.unknown.mk b/rcynic/rules.unknown.mk new file mode 100644 index 00000000..fea2aebc --- /dev/null +++ b/rcynic/rules.unknown.mk @@ -0,0 +1,4 @@ +# $Id$ + +create-rcynic-user-and-group: .FORCE + @echo "Don't know how to make $@ on this platform"; exit 1 diff --git a/rcynic/static-rsync/Makefile.in b/rcynic/static-rsync/Makefile.in index 9c8556e0..8a433c7b 100644 --- a/rcynic/static-rsync/Makefile.in +++ b/rcynic/static-rsync/Makefile.in @@ -13,6 +13,9 @@ BIN_LOG = > ../build.log 2>&1 BIN = rsync +abs_top_srcdir = @abs_top_srcdir@ +abs_top_builddir = @abs_top_builddir@ + all: ${BIN} ${BIN}: ${DIRNAME}/${BIN} |