Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
>
jailkit
> Changes
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
Changes of Revision 5
[-]
[+]
Added
jailkit.spec
@@ -0,0 +1,169 @@ +# norootforbuild + +%if 0%{?suse_version} == 0 +%define has_cap 1 +%else +%if 0%{?suse_version} >= 1010 +%define has_cap 1 +%else +%define has_cap 0 +%endif +%endif + +Name: jailkit +Version: 2.9 +Release: 0 +Summary: Utilities for limited User Accounts +Source: http://olivier.sessink.nl/jailkit/jailkit-%{version}.tar.bz2 +Patch1: jailkit-fix_suse_init_script.patch +Patch2: jailkit-fix_lib_order.patch +URL: http://olivier.sessink.nl/jailkit/ +Group: Productivity/Security +License: BSD license (revised) +BuildRoot: %{_tmppath}/build-%{name}-%{version} +BuildRequires: python python-devel procmail +%if %has_cap +BuildRequires: libcap-devel +%else +PreReq: permissions +%endif +BuildRequires: gcc make glibc-devel +BuildRequires: autoconf automake libtool +Requires: /usr/bin/python +Requires: /usr/bin/procmail +PreReq: %insserv_prereq + +%description +Jailkit is a set of utilities to limit user accounts to specific files using +chroot() and or specific commands. Setting up a chroot shell, a shell limited +to some specific command, or a daemon inside a chroot jail is a lot easier and +can be automated using these utilities. + +Jailkit is used in network security appliances from several well known +manufacturers, internet servers from several large enterprise organisations, +servers from internet service providers, as well as many smaller companies and +private users that need to secure cvs, sftp, shell or daemon processes. + + + + +Authors: +-------- + Olivier Sessink <jailkit-dev@nongnu.org> + +%prep +%setup -q +%patch1 +%patch2 + +%build +%configure +%__make %{?jobs:-j%{jobs}} + +%install +%makeinstall + +%if !%has_cap +# remove SUID bits and install permissions file +%__install -d "%{buildroot}/etc/permissions.d" +>"%{buildroot}/etc/permissions.d/%{name}" +>"%{buildroot}/etc/permissions.d/%{name}.secure" +%endif + +for f in "%{_sbindir}/jk_chrootsh" \ + "%{_sbindir}/jk_procmailwrapper" \ + "%{_bindir}/jk_uchroot" \ +; do + %__chmod -s "%{buildroot}/$f" +%if !%has_cap + echo -e "$f\t\troot.root 4755" >> "%{buildroot}/etc/permissions.d/%{name}" + echo -e "$f\t\troot.root 0755" >> "%{buildroot}/etc/permissions.d/%{name}.secure" +%endif +done + +%__install -D -m0755 extra/jailkit.suse \ + "%{buildroot}/etc/init.d/jailkit" +%__install -d "%{buildroot}/usr/sbin" +%__ln_s ../../etc/init.d/jailkit "%{buildroot}/usr/sbin/rcjailkit" + +%post +%if !%has_cap +%run_permissions +%endif +%{fillup_and_insserv -f jailkit} + +%if !%has_cap +%verifyscript +%verify_permissions -e %{_sbindir}/jk_chrootsh +%verify_permissions -e %{_sbindir}/jk_procmailwrapper +%verify_permissions -e %{_bindir}/jk_uchroot +%endif + +%preun +%stop_on_removal jailkit + +%postun +%restart_on_update jailkit +%insserv_cleanup + +%clean +%__rm -rf "%{buildroot}" + +%files +%defattr(-,root,root) +%doc COPYRIGHT README.txt +%dir %{_sysconfdir}/jailkit +%config(noreplace) %{_sysconfdir}/jailkit/jk_*.ini +/etc/init.d/jailkit +/usr/sbin/rcjailkit +%if %has_cap +%{_bindir}/jk_uchroot +%{_sbindir}/jk_chrootsh +%{_sbindir}/jk_procmailwrapper +%else +%config /etc/permissions.d/%{name} +%config /etc/permissions.d/%{name}.secure +%verify(not mode) %{_bindir}/jk_uchroot +%verify(not mode) %{_sbindir}/jk_chrootsh +%verify(not mode) %{_sbindir}/jk_procmailwrapper +%endif +%{_sbindir}/jk_addjailuser +%{_sbindir}/jk_check +%{_sbindir}/jk_chrootlaunch +%{_sbindir}/jk_cp +%{_sbindir}/jk_init +%{_sbindir}/jk_jailuser +%{_sbindir}/jk_list +%{_sbindir}/jk_lsh +%{_sbindir}/jk_socketd +%{_sbindir}/jk_update +%{_datadir}/jailkit +%doc %{_mandir}/man8/jailkit.8* +%doc %{_mandir}/man8/jk_*.8* + +%changelog +* Thu Oct 15 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.9 +- update to 2.9: + * fixes symlink handling issues in previous versions, where symlinks in the jail that point to the real system caused jk_init and jk_cp to write to the real system instead of the jail + * bugfix: ISPConfig users detected a serious issue on 64-bit Linux machines where files in the /lib64 directory could become overwritten + +- changes from 2.8: + * capabilities are supported: on capability-enabled systems, you no longer need the setuid root bit on jk_chrootsh and jk_uchroot + +* Mon Apr 6 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.7 +- update to 2.7: + * fixes a regression in Jailkit 2.6 that may hang jk_chrootsh and jk_uchroot + in a certain situation with chroot'ed interactive shells + +* Thu Apr 2 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.6 +- update to 2.6: + * this maintenance update includes some small code cleanups + +* Mon Mar 16 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.5 +- new package + +# vim: set sw=3 ts=3 noet: +# Local Variables: +# mode: rpm-spec +# tab-width: 3 +# End:
