#!/bin/sh # Slackware build script for suPHP # Written by Menno Duursma # This program is free software. It comes without any warranty. # Granted WTFPLv2, as published by Sam Hocevar dec'04. # For details see http://sam.zoy.org/wtfpl/COPYING PRGNAM=suphp VERSION=${VERSION:-0.7.1} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) ARCH=i486 ;; arm*) ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) ARCH=$( uname -m ) ;; esac fi CWD=$(pwd) TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} # On capability enabled filesystems this may be enabled FCAPS=${FCAPS:-false} # The stock Apache on Slackware runs httpd under system # user/group account 'apache'. If you happen to use some # other account change the directives below HTTPD_USER=${HTTPD_USER:-apache} HTTPD_GROUP=${HTTPD_GROUP:-apache} if [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" LIBDIRSUFFIX="64" else SLKCFLAGS="-O2" LIBDIRSUFFIX="" fi set -e # Exit on most errors rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP rm -rf $PRGNAM-$VERSION tar xvf $CWD/$PRGNAM-$VERSION.tar.gz cd $PRGNAM-$VERSION chown -R root:root . chmod -R u+w,go+r-w,a-s . # FCAPS: remove ruid-root check from source if [ "$FCAPS" != "false" ]; then patch --verbose -p1 < $CWD/patches/suphp-0.7.1-nosuid.diff fi # Default to secure settings, as any of the configuration options # can be overwritten in the config file /etc/httpd/suphp.conf anyway CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ --with-apr=/usr/bin/apr-1-config \ --with-apxs=/usr/sbin/apxs \ --sysconfdir=/etc/httpd \ --with-apache-user=$HTTPD_USER \ --with-logfile=/var/log/httpd/suphp_log \ --enable-static=no \ --build=$ARCH-slackware-linux make # Following only strips the wrapper make install-strip DESTDIR=$PKG # Strip the DSO as well find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cp -a AUTHORS COPYING ChangeLog doc/* $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE mkdir -p $PKG/etc/httpd sed "s%@LIBDIR@%/usr/lib${LIBDIRSUFFIX}%" $CWD/config/mod_suphp.conf > \ $PKG/etc/httpd/mod_suphp.conf.new # Make sure the user Apache runs as in correctly reflected sed "s/@HTTPD_USER@/$HTTPD_USER/" \ $CWD/config/suphp.conf > $PKG/etc/httpd/suphp.conf.new mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh # Make sure the access permissions on target host are such that # only the group Apache runs as has access to it chown root:$HTTPD_GROUP $PKG/usr/sbin/suphp # Install setuid unless caller requested otherwise if [ "$FCAPS" != "false" ]; then chmod 0750 $PKG/usr/sbin/suphp # Note: on a chrooted Apache: this should fence the jail echo 'setcap "cap_setgid=ep cap_setuid=ep" usr/sbin/suphp' \ >> $PKG/install/doinst.sh else # Install setuid-root chmod 4750 $PKG/usr/sbin/suphp fi cd $PKG /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}