slackbuilds_ponce/network/suphp/suphp.SlackBuild
2010-05-13 00:38:24 +02:00

115 lines
3.2 KiB
Bash

#!/bin/sh
# Slackware build script for suPHP
# Written by Menno Duursma <druiloor@zonnet.nl>
# This program is free software. It comes without any warranty.
# Granted WTFPLv2, as published by Sam Hocevar dec'04.
# For details see http://sam.zoy.org/wtfpl/COPYING
PRGNAM=suphp
VERSION=${VERSION:-0.7.1}
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
# On capability enabled filesystems this may be enabled
FCAPS=${FCAPS:-false}
# The stock Apache on Slackware runs httpd under system
# user/group account 'apache'. If you happen to use some
# other account change the directives below
HTTPD_USER=${HTTPD_USER:-apache}
HTTPD_GROUP=${HTTPD_GROUP:-apache}
if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
fi
set -e # Exit on most errors
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION
chown -R root:root .
chmod -R u+w,go+r-w,a-s .
# FCAPS: remove ruid-root check from source
if [ "$FCAPS" != "false" ]; then
patch --verbose -p1 < $CWD/patches/suphp-0.7.1-nosuid.diff
fi
# Default to secure settings, as any of the configuration options
# can be overwritten in the config file /etc/httpd/suphp.conf anyway
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--with-apr=/usr/bin/apr-1-config \
--with-apxs=/usr/sbin/apxs \
--sysconfdir=/etc/httpd \
--with-apache-user=$HTTPD_USER \
--with-logfile=/var/log/httpd/suphp_log \
--enable-static=no \
--build=$ARCH-slackware-linux
make
# Following only strips the wrapper
make install-strip DESTDIR=$PKG
# Strip the DSO as well
find $PKG -type f | xargs file | grep "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip -v --strip-unneeded 2> /dev/null
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a AUTHORS COPYING ChangeLog doc/* $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
mkdir -p $PKG/etc/httpd
sed "s%@LIBDIR@%/usr/lib${LIBDIRSUFFIX}%" $CWD/config/mod_suphp.conf > \
$PKG/etc/httpd/mod_suphp.conf.new
# Make sure the user Apache runs as in correctly reflected
sed "s/@HTTPD_USER@/$HTTPD_USER/" \
$CWD/config/suphp.conf > $PKG/etc/httpd/suphp.conf.new
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh
# Make sure the access permissions on target host are such that
# only the group Apache runs as has access to it
chown root:$HTTPD_GROUP $PKG/usr/sbin/suphp
# Install setuid unless caller requested otherwise
if [ "$FCAPS" != "false" ]; then
chmod 0750 $PKG/usr/sbin/suphp
# Note: on a chrooted Apache: this should fence the jail
echo 'setcap "cap_setgid=ep cap_setuid=ep" usr/sbin/suphp' \
>> $PKG/install/doinst.sh
else
# Install setuid-root
chmod 4750 $PKG/usr/sbin/suphp
fi
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}