Subject: pkg/21594: New PKG: cvsd -- run a cvs pserver in chroot-ed environment
To: None <gnats-bugs@gnats.netbsd.org>
From: None <eric@cirr.com>
List: netbsd-bugs
Date: 05/15/2003 22:06:52
>Number: 21594
>Category: pkg
>Synopsis: New PKG: cvsd -- run a cvs pserver in chroot-ed environment
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri May 16 03:07:01 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Eric Schnoebelen
>Release: NetBSD 1.6
>Organization:
Eric Schnoebelen eric@cirr.com http://www.cirr.com
"...Microsoft is to software what Miller (and the other big
American brewers) are to beer." -- Mark Bartelt in comp.sys.dec
>Environment:
System: NetBSD egsnore.cirr.com 1.6 NetBSD 1.6 (GENERIC) #0: Sun Sep 8 19:43:40 UTC 2002 autobuild@tgm.daemon.org:/autobuild/i386/OBJ/autobuild/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
I've created a new package for cvsd; a program that creates a
chroot-ed environment to run an anoncvs pserver.
>How-To-Repeat:
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# DESCR
# MESSAGE
# Makefile
# PLIST
# distinfo
# files
# patches
# files/cvsd.sh
# patches/patch-aa
# patches/patch-ab
# patches/patch-ac
# patches/patch-ad
#
echo x - DESCR
sed 's/^X//' >DESCR << 'END-of-DESCR'
X cvsd is a wrapper program for cvs in pserver mode. It will run
X 'cvs pserver' under a special uid/gid in a chroot jail.
X
X cvsd is run as a daemon and is controlled through a configuration
X file. It is relatively easy to configure and tools are provided
X for easily setting up a rootjail.
X
X This server can be useful if you want to run a public cvs
X pserver. You should however be aware of the security limitations
X of running a cvs pserver. If you want any kind of authentication
X you should really consider using secure shell as a secure
X authentication mechanism and transport. Passwords used in cvs
X pserver are transmitted in plaintext and this wrapper won't
X change that.
X
X This server adds a layer of security to cvs. cvs is a very
X powerful tool and is capable of running scripts and other
X things. By running cvs in a rootjail it is possible to limit
X the amount of "damage" cvs can do if it is exploited. It is
X generally a good idea to run cvsd without any write permissions
X to any directory on the system.
X
X WWW: http://tiefighter.et.tudelft.nl/~arthur/cvsd/
END-of-DESCR
echo x - MESSAGE
sed 's/^X//' >MESSAGE << 'END-of-MESSAGE'
X===========================================================================
X$NetBSD$
X
X You should set up user and group ids for cvsd, create a
X chrooted filesystem and create repositories.
X
X Read the README file in ${PREFIX}/share/doc/cvsd for more
X details on setting up the environment.
X
X===========================================================================
END-of-MESSAGE
echo x - Makefile
sed 's/^X//' >Makefile << 'END-of-Makefile'
X# $NetBSD$
X# FreeBSD Id: ports/devel/cvsd/Makefile,v 1.18 2003/04/26 22:38:53 nork Exp
X
XDISTNAME= cvsd-0.9.18
XCATEGORIES= devel
XMASTER_SITES= http://tiefighter.et.tudelft.nl/~arthur/cvsd/
X
XMAINTAINER= packages@netbsd.org
XHOMEPAGE= http://tiefighter.et.tudelft.nl/~arthur/cvsd/
XCOMMENT= run CVS pserver in a chroot-ed environment
X
X.include "../../mk/bsd.prefs.mk"
X
XUSE_BUILDLINK2= YES
XUSE_PERL5= YES
XUSE_GMAKE= YES
XUSE_PKGINSTALL= YES
X
XGNU_CONFIGURE= YES
X
XCONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
XCONFIGURE_ARGS+= --with-libwrap
X
XRCD_SCRIPTS= cvsd
X
XEGDIR= ${PREFIX}/share/examples/cvsd
XCONF_FILES= ${EGDIR}/cvsd.conf.example ${PKG_SYSCONFDIR}/cvsd.conf
X
Xpre-install:
X ${INSTALL_DATA_DIR} ${EGDIR}
X
X.include "../../security/tcp_wrappers/buildlink2.mk"
X.include "../../mk/bsd.pkg.mk"
END-of-Makefile
echo x - PLIST
sed 's/^X//' >PLIST << 'END-of-PLIST'
X@comment $NetBSD$
Xetc/rc.d/cvsd
Xsbin/cvsd
Xsbin/cvsd-buildroot
Xsbin/cvsd-passwd
Xman/man5/cvsd.conf.5
Xman/man8/cvsd-buildroot.8
Xman/man8/cvsd-passwd.8
Xman/man8/cvsd.8
Xshare/doc/cvsd/README
Xshare/examples/cvsd/cvsd.conf.example
X@dirrm share/examples/cvsd
X@dirrm share/doc/cvsd
END-of-PLIST
echo x - distinfo
sed 's/^X//' >distinfo << 'END-of-distinfo'
X$NetBSD$
X
XSHA1 (cvsd-0.9.18.tar.gz) = 27fb2e9b4a9a7110afec6857cc2833d992ef08bf
XSize (cvsd-0.9.18.tar.gz) = 149600 bytes
XSHA1 (patch-aa) = 96bc2a92dcd4972234417b87e09bd180386ff8dc
XSHA1 (patch-ab) = 6a94e9f34665c6641d4a9d15f6fa187882564835
XSHA1 (patch-ac) = 7c2b5969c4af88fe2b01497908617b4581488f58
XSHA1 (patch-ad) = 945a0a651a4882802d7d85b5a75c050335f36bad
END-of-distinfo
echo c - files
mkdir -p files > /dev/null 2>&1
echo c - patches
mkdir -p patches > /dev/null 2>&1
echo x - files/cvsd.sh
sed 's/^X//' >files/cvsd.sh << 'END-of-files/cvsd.sh'
X#!/bin/sh
X#
X# $NetBSD: conserver.sh,v 1.3 2002/09/20 02:01:55 grant Exp $
X#
X# PROVIDE: conserver
X# REQUIRE: DAEMON
X
Xif [ -e /etc/rc.subr ]
Xthen
X . /etc/rc.subr
Xfi
X
Xname="cvsd"
Xrcvar=$name
Xcommand="@PREFIX@/sbin/${name}"
Xrequired_files="@PREFIX@/etc/cvsd.conf"
Xpidfile=`awk '/^#/ {next}; /PidFile/ {print $1}' ${required_files}`
Xcommand_args=""
X # add more flags through ${${name}_flags}
X
Xif [ -e /etc/rc.subr ]
Xthen
X load_rc_config $name
X run_rc_command "$1"
Xelse
X echo -n ' ${name}'
X ${command} ${cvsd_flags} ${command_args}
Xfi
END-of-files/cvsd.sh
echo x - patches/patch-aa
sed 's/^X//' >patches/patch-aa << 'END-of-patches/patch-aa'
X$NetBSD$
X
X+++ configure.ac
X@@ -180,8 +180,7 @@ WANT_LIBWRAP="no"
X AC_ARG_WITH(libwrap,
X AC_HELP_STRING([--with-libwrap@<:@=PATH@:>@],
X [enable tcp wrapper support (disabled by default)]),
X- [if test "x$withval" = "xno"
X- then
X+ [if test "x$withval" = "xno"; then
X WANT_LIBWRAP="no"
X else
X WANT_LIBWRAP="yes"
X@@ -196,15 +195,26 @@ AC_ARG_WITH(libwrap,
X # check wether we can use tcp wrappers
X if test "x$WANT_LIBWRAP" != "xno"
X then
X- AC_CHECK_HEADERS(tcpd.h)
X- AC_SEARCH_LIBS(request_init,wrap)
X- AC_SEARCH_LIBS(hosts_access,wrap,,
X- # for some strange reason RedHat 8 needs NIS and CORBA stuff
X- unset ac_cv_search_hosts_access
X- AC_SEARCH_LIBS(hosts_access,wrap,
X- LIBS="$LIBS -lORBitutil -lORBit -lIIOP",,
X- -lORBitutil -lORBit -lIIOP)
X- )
X+ AC_CHECK_HEADERS(tcpd.h,
X+ [LIBS="$LIBS -lwrap"
X+ AC_MSG_CHECKING(for TCP wrappers function request_init)
X+ AC_TRY_LINK([#include <tcpd.h>
X+ int allow_severity = 0;
X+ int deny_severity = 0;
X+ ],[request_init((void *)0, 0)],
X+ [AC_MSG_RESULT(yes)
X+ AC_DEFINE(ac_cv_search_request_init)],
X+ [AC_MSG_RESULT(no)])
X+ AC_MSG_CHECKING(for TCP wrappers function hosts_access)
X+ AC_TRY_LINK([#include <tcpd.h>
X+ int allow_severity = 0;
X+ int deny_severity = 0;
X+ ],[hosts_access((void *)0)],
X+ [AC_MSG_RESULT(yes)
X+ AC_DEFINE(ac_cv_search_hosts_access)],
X+ [AC_MSG_RESULT(no)])
X+ ],)
X+
X if test "x$ac_cv_search_request_init" != "xno" &&
X test "x$ac_cv_search_hosts_access" != "xno"
X then
X@@ -217,7 +227,7 @@ fi
X
X # where to find the configuration file
X # TODO: this should probably be fixed to be nicer
X-CONFIGFILE=`eval echo $sysconfdir/cvsd/cvsd.conf | \
X+CONFIGFILE=`eval echo $sysconfdir/cvsd.conf | \
X sed "s%^NONE/%${prefix}/%" | \
X sed "s%^NONE/%${ac_default_prefix}/%"`
X AC_SUBST(CONFIGFILE)
END-of-patches/patch-aa
echo x - patches/patch-ab
sed 's/^X//' >patches/patch-ab << 'END-of-patches/patch-ab'
X$NetBSD$
X
X+++ configure
X@@ -8588,8 +8588,7 @@ WANT_LIBWRAP="no"
X # Check whether --with-libwrap or --without-libwrap was given.
X if test "${with_libwrap+set}" = set; then
X withval="$with_libwrap"
X- if test "x$withval" = "xno"
X- then
X+ if test "x$withval" = "xno"; then
X WANT_LIBWRAP="no"
X else
X WANT_LIBWRAP="yes"
X@@ -8742,37 +8741,24 @@ if test `eval echo '${'$as_ac_Header'}'`
X cat >>confdefs.h <<_ACEOF
X #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
X _ACEOF
X-
X-fi
X-
X-done
X-
X-echo $ECHO_N "checking for library containing request_init... $ECHO_C" >&6
X-if test "${ac_cv_search_request_init+set}" = set; then
X- echo $ECHO_N "(cached) $ECHO_C" >&6
X-else
X- ac_func_search_save_LIBS=$LIBS
X-ac_cv_search_request_init=no
X-cat >conftest.$ac_ext <<_ACEOF
X+ LIBS="$LIBS -lwrap"
X+ echo "$as_me:$LINENO: checking for TCP wrappers function request_init" >&5
X+echo $ECHO_N "checking for TCP wrappers function request_init... $ECHO_C" >&6
X+ cat >conftest.$ac_ext <<_ACEOF
X #line $LINENO "configure"
X /* confdefs.h. */
X _ACEOF
X cat confdefs.h >>conftest.$ac_ext
X cat >>conftest.$ac_ext <<_ACEOF
X /* end confdefs.h. */
X+#include <tcpd.h>
X+ int allow_severity = 0;
X+ int deny_severity = 0;
X
X-/* Override any gcc2 internal prototype to avoid an error. */
X-#ifdef __cplusplus
X-extern "C"
X-#endif
X-/* We use char because int might match the return type of a gcc2
X- builtin and then its argument prototype would still apply. */
X-char request_init ();
X int
X main ()
X {
X-request_init ();
X+request_init((void *)0, 0)
X ;
X return 0;
X }
X@@ -8789,141 +8775,37 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
X ac_status=$?
X echo "$as_me:$LINENO: \$? = $ac_status" >&5
X (exit $ac_status); }; }; then
X- ac_cv_search_request_init="none required"
X-else
X-sed 's/^/| /' conftest.$ac_ext >&5
X-
X-fi
X-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
X-if test "$ac_cv_search_request_init" = no; then
X- for ac_lib in wrap; do
X- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
X- cat >conftest.$ac_ext <<_ACEOF
X-#line $LINENO "configure"
X-/* confdefs.h. */
X+ echo "$as_me:$LINENO: result: yes" >&5
X+echo "${ECHO_T}yes" >&6
X+ cat >>confdefs.h <<\_ACEOF
X+#define ac_cv_search_request_init 1
X _ACEOF
X-cat confdefs.h >>conftest.$ac_ext
X-cat >>conftest.$ac_ext <<_ACEOF
X-/* end confdefs.h. */
X
X-/* Override any gcc2 internal prototype to avoid an error. */
X-#ifdef __cplusplus
X-extern "C"
X-#endif
X-/* We use char because int might match the return type of a gcc2
X- builtin and then its argument prototype would still apply. */
X-char request_init ();
X-int
X-main ()
X-{
X-request_init ();
X- ;
X- return 0;
X-}
X-_ACEOF
X-rm -f conftest.$ac_objext conftest$ac_exeext
X- (eval $ac_link) 2>&5
X- ac_status=$?
X- (exit $ac_status); } &&
X- { ac_try='test -s conftest$ac_exeext'
X- (eval $ac_try) 2>&5
X- ac_status=$?
X- (exit $ac_status); }; }; then
X- ac_cv_search_request_init="-l$ac_lib"
X-break
X-else
X-sed 's/^/| /' conftest.$ac_ext >&5
X-
X-fi
X-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
X- done
X-fi
X-LIBS=$ac_func_search_save_LIBS
X-fi
X-echo "${ECHO_T}$ac_cv_search_request_init" >&6
X-if test "$ac_cv_search_request_init" != no; then
X- test "$ac_cv_search_request_init" = "none required" || LIBS="$ac_cv_search_request_init $LIBS"
X-
X-fi
X-
X-echo $ECHO_N "checking for library containing hosts_access... $ECHO_C" >&6
X-if test "${ac_cv_search_hosts_access+set}" = set; then
X- echo $ECHO_N "(cached) $ECHO_C" >&6
X-else
X- ac_func_search_save_LIBS=$LIBS
X-ac_cv_search_hosts_access=no
X-cat >conftest.$ac_ext <<_ACEOF
X-#line $LINENO "configure"
X-/* confdefs.h. */
X-_ACEOF
X-cat confdefs.h >>conftest.$ac_ext
X-cat >>conftest.$ac_ext <<_ACEOF
X-/* end confdefs.h. */
X-
X-/* Override any gcc2 internal prototype to avoid an error. */
X-#ifdef __cplusplus
X-extern "C"
X-#endif
X-/* We use char because int might match the return type of a gcc2
X- builtin and then its argument prototype would still apply. */
X-char hosts_access ();
X-int
X-main ()
X-{
X-hosts_access ();
X- ;
X- return 0;
X-}
X-_ACEOF
X-rm -f conftest.$ac_objext conftest$ac_exeext
X- (eval $ac_link) 2>&5
X- ac_status=$?
X- (exit $ac_status); } &&
X- { ac_try='test -s conftest$ac_exeext'
X- (eval $ac_try) 2>&5
X- ac_status=$?
X- (exit $ac_status); }; }; then
X- ac_cv_search_hosts_access="none required"
X else
X echo "$as_me: failed program was:" >&5
X sed 's/^/| /' conftest.$ac_ext >&5
X
X+echo "$as_me:$LINENO: result: no" >&5
X+echo "${ECHO_T}no" >&6
X fi
X rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
X-if test "$ac_cv_search_hosts_access" = no; then
X- for ac_lib in wrap; do
X- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
X- cat >conftest.$ac_ext <<_ACEOF
X+ echo "$as_me:$LINENO: checking for TCP wrappers function hosts_access" >&5
X+echo $ECHO_N "checking for TCP wrappers function hosts_access... $ECHO_C" >&6
X+ cat >conftest.$ac_ext <<_ACEOF
X #line $LINENO "configure"
X /* confdefs.h. */
X _ACEOF
X cat confdefs.h >>conftest.$ac_ext
X cat >>conftest.$ac_ext <<_ACEOF
X /* end confdefs.h. */
X+#include <tcpd.h>
X+ int allow_severity = 0;
X+ int deny_severity = 0;
X
X-/* Override any gcc2 internal prototype to avoid an error. */
X-#ifdef __cplusplus
X-extern "C"
X-#endif
X-/* We use char because int might match the return type of a gcc2
X- builtin and then its argument prototype would still apply. */
X-char hosts_access ();
X int
X main ()
X {
X-hosts_access ();
X+hosts_access((void *)0)
X ;
X return 0;
X }
X@@ -8940,134 +8822,25 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l
X ac_status=$?
X echo "$as_me:$LINENO: \$? = $ac_status" >&5
X (exit $ac_status); }; }; then
X- ac_cv_search_hosts_access="-l$ac_lib"
X-break
X-else
X-sed 's/^/| /' conftest.$ac_ext >&5
X-
X-fi
X-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
X- done
X-fi
X-LIBS=$ac_func_search_save_LIBS
X-fi
X-echo "${ECHO_T}$ac_cv_search_hosts_access" >&6
X-if test "$ac_cv_search_hosts_access" != no; then
X- test "$ac_cv_search_hosts_access" = "none required" || LIBS="$ac_cv_search_hosts_access $LIBS"
X-
X-else
X- # for some strange reason RedHat 8 needs NIS and CORBA stuff
X- unset ac_cv_search_hosts_access
X-echo $ECHO_N "checking for library containing hosts_access... $ECHO_C" >&6
X-if test "${ac_cv_search_hosts_access+set}" = set; then
X- echo $ECHO_N "(cached) $ECHO_C" >&6
X-else
X- ac_func_search_save_LIBS=$LIBS
X-ac_cv_search_hosts_access=no
X-cat >conftest.$ac_ext <<_ACEOF
X-#line $LINENO "configure"
X-/* confdefs.h. */
X+ echo "$as_me:$LINENO: result: yes" >&5
X+echo "${ECHO_T}yes" >&6
X+ cat >>confdefs.h <<\_ACEOF
X+#define ac_cv_search_hosts_access 1
X _ACEOF
X-cat confdefs.h >>conftest.$ac_ext
X-cat >>conftest.$ac_ext <<_ACEOF
X-/* end confdefs.h. */
X
X-/* Override any gcc2 internal prototype to avoid an error. */
X-#ifdef __cplusplus
X-extern "C"
X-#endif
X-/* We use char because int might match the return type of a gcc2
X- builtin and then its argument prototype would still apply. */
X-char hosts_access ();
X-int
X-main ()
X-{
X-hosts_access ();
X- ;
X- return 0;
X-}
X-_ACEOF
X-rm -f conftest.$ac_objext conftest$ac_exeext
X- (eval $ac_link) 2>&5
X- ac_status=$?
X- (exit $ac_status); } &&
X- { ac_try='test -s conftest$ac_exeext'
X- (eval $ac_try) 2>&5
X- ac_status=$?
X- (exit $ac_status); }; }; then
X- ac_cv_search_hosts_access="none required"
X else
X echo "$as_me: failed program was:" >&5
X sed 's/^/| /' conftest.$ac_ext >&5
X
X+echo "$as_me:$LINENO: result: no" >&5
X+echo "${ECHO_T}no" >&6
X fi
X rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
X-if test "$ac_cv_search_hosts_access" = no; then
X- for ac_lib in wrap; do
X- LIBS="-l$ac_lib -lORBitutil -lORBit -lIIOP $ac_func_search_save_LIBS"
X- cat >conftest.$ac_ext <<_ACEOF
X-#line $LINENO "configure"
X-/* confdefs.h. */
X-_ACEOF
X-cat confdefs.h >>conftest.$ac_ext
X-cat >>conftest.$ac_ext <<_ACEOF
X-/* end confdefs.h. */
X
X-/* Override any gcc2 internal prototype to avoid an error. */
X-#ifdef __cplusplus
X-extern "C"
X-#endif
X-/* We use char because int might match the return type of a gcc2
X- builtin and then its argument prototype would still apply. */
X-char hosts_access ();
X-int
X-main ()
X-{
X-hosts_access ();
X- ;
X- return 0;
X-}
X-_ACEOF
X-rm -f conftest.$ac_objext conftest$ac_exeext
X- (eval $ac_link) 2>&5
X- ac_status=$?
X- (exit $ac_status); } &&
X- { ac_try='test -s conftest$ac_exeext'
X- (eval $ac_try) 2>&5
X- ac_status=$?
X- (exit $ac_status); }; }; then
X- ac_cv_search_hosts_access="-l$ac_lib"
X-break
X-else
X-sed 's/^/| /' conftest.$ac_ext >&5
X-
X-fi
X-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
X- done
X-fi
X-LIBS=$ac_func_search_save_LIBS
X-fi
X-echo "${ECHO_T}$ac_cv_search_hosts_access" >&6
X-if test "$ac_cv_search_hosts_access" != no; then
X- test "$ac_cv_search_hosts_access" = "none required" || LIBS="$ac_cv_search_hosts_access $LIBS"
X- LIBS="$LIBS -lORBitutil -lORBit -lIIOP"
X fi
X
X+done
X
X-fi
X
X if test "x$ac_cv_search_request_init" != "xno" &&
X test "x$ac_cv_search_hosts_access" != "xno"
X@@ -9087,7 +8860,7 @@ fi
X
X # where to find the configuration file
X # TODO: this should probably be fixed to be nicer
X-CONFIGFILE=`eval echo $sysconfdir/cvsd/cvsd.conf | \
X+CONFIGFILE=`eval echo $sysconfdir/cvsd.conf | \
X sed "s%^NONE/%${prefix}/%" | \
X sed "s%^NONE/%${ac_default_prefix}/%"`
X
END-of-patches/patch-ab
echo x - patches/patch-ac
sed 's/^X//' >patches/patch-ac << 'END-of-patches/patch-ac'
X$NetBSD$
X
X+++ Makefile.in
X@@ -48,6 +48,8 @@ localstatedir = @localstatedir@
X libdir = @libdir@
X infodir = @infodir@
X mandir = @mandir@
X+exampledir = $(prefix)/share/examples/@PACKAGE@
X+docdir = $(prefix)/share/doc/@PACKAGE@
X includedir = @includedir@
X oldincludedir = /usr/include
X pkgdatadir = $(datadir)/@PACKAGE@
X@@ -616,17 +618,19 @@ uninstall-man: uninstall-man5 uninstall-
X
X
X # install configuration files
X+install-data-local: install-configfile install-readme
X
X- if [ ! -d $(DESTDIR)$(sysconfdir)/cvsd ]; then \
X- $(mkinstalldirs) $(DESTDIR)$(sysconfdir)/cvsd;\
X+install-readme:
X+ if [ ! -d $(DESTDIR)$(docdir) ]; then \
X+ $(mkinstalldirs) $(DESTDIR)$(docdir); \
X fi
X- if [ ! -f $(DESTDIR)$(CONFIGFILE) ]; then \
X- $(INSTALL_DATA) cvsd.conf-dist $(DESTDIR)$(CONFIGFILE); \
X- else \
X- echo "$(DESTDIR)$(CONFIGFILE) already exists, install will not overwrite"; \
X+ $(INSTALL_DATA) README $(DESTDIR)$(docdir)
X+
X+install-configfile:
X+ if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
X+ $(mkinstalldirs) $(DESTDIR)$(sysconfdir); \
X fi
X+ $(INSTALL_DATA) cvsd.conf-dist $(DESTDIR)$(exampledir)/cvsd.conf.example
X
X install-initscript:
X if [ ! -d $(DESTDIR)$(sysconfdir)/init.d ]; then \
END-of-patches/patch-ac
echo x - patches/patch-ad
sed 's/^X//' >patches/patch-ad << 'END-of-patches/patch-ad'
X$NetBSD$
X
X+++ cvsd.c
X@@ -68,6 +68,7 @@
X #include <fcntl.h>
X #endif /* HAVE_FCNTL_H */
X #ifdef USE_LIBWRAP
X+#include <syslog.h>
X #include <tcpd.h>
X #endif /* USE_LIBWRAP */
X #ifdef HAVE_GRP_H
X@@ -85,6 +86,11 @@
X /* the definition of the environment */
X extern char **environ;
X
X+/* libwrap logging settings */
X+#if USE_LIBWRAP
X+int allow_severity = LOG_INFO;
X+int deny_severity = LOG_NOTICE;
X+#endif /* USE_LIBWRAP */
X
X /* the name by which this program was run. */
X static char *program_name;
END-of-patches/patch-ad
exit
>Release-Note:
>Audit-Trail:
>Unformatted: