aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMenno E. Duursma <druiloor@zonnet.nl>2010-05-13 00:37:16 +0200
committerRobby Workman <rworkman@slackbuilds.org>2010-05-13 00:37:16 +0200
commit46e038ecd35e767749e11ad8362446cea38758ad (patch)
treef76c4290d914a27b8bfaccf4d31bccc40fc4d72f
parent8900f695e50fd4af41fc9cfbdbf821ee8a2b29ef (diff)
network/mod_hosts_access: Updated for version 1.1.0
-rw-r--r--network/mod_hosts_access/README6
-rw-r--r--network/mod_hosts_access/doinst.sh15
-rw-r--r--network/mod_hosts_access/mod_hosts_access.SlackBuild25
-rw-r--r--network/mod_hosts_access/mod_hosts_access.conf17
-rw-r--r--network/mod_hosts_access/mod_hosts_access.info4
-rw-r--r--network/mod_hosts_access/slack-desc10
6 files changed, 60 insertions, 17 deletions
diff --git a/network/mod_hosts_access/README b/network/mod_hosts_access/README
index 2486db84ecdde..2fab50ad9e036 100644
--- a/network/mod_hosts_access/README
+++ b/network/mod_hosts_access/README
@@ -1,14 +1,14 @@
mod_hosts_access
This is a DSO (dynamically shared object) module for the Apache webserver
-that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed.
+that uses libwrap (TCP Wrappers) to check if the connecting hosts is allowed.
This system works well with dynamic blocking scripts, such as DenyHosts, and
configfile distribution systems, such as Cfengine. Especially if other blocking
methods differ between hosts at a site (e.g. kernel-level firewalling means).
-At an appropriate place (i.e. where other modules are loaded similarly),
-add to /etc/httpd/httpd.conf following line:
+You'll need to add the following line to /etc/httpd/httpd.conf:
+ Include /etc/httpd/mod_hosts_access.conf
LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
diff --git a/network/mod_hosts_access/doinst.sh b/network/mod_hosts_access/doinst.sh
new file mode 100644
index 0000000000000..d32f2a6362ed3
--- /dev/null
+++ b/network/mod_hosts_access/doinst.sh
@@ -0,0 +1,15 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/mod_hosts_access.conf.new
+
diff --git a/network/mod_hosts_access/mod_hosts_access.SlackBuild b/network/mod_hosts_access/mod_hosts_access.SlackBuild
index 905266cf976ca..dd9c76d4d2c5d 100644
--- a/network/mod_hosts_access/mod_hosts_access.SlackBuild
+++ b/network/mod_hosts_access/mod_hosts_access.SlackBuild
@@ -13,17 +13,21 @@ VERSION=1.1.0
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
-CWD=`pwd`
+
+CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
fi
set -e # exit on most errors
@@ -32,23 +36,27 @@ rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
-tar -xzvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1
cd $PRGNAM-$VERSION
chown -R root:root .
chmod -R a-s,u+w,go+r-w .
# Create target dir
-mkdir -p $PKG/usr/lib/httpd/modules
+mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules
# Compile module as DSO (dynmically shared object)
-CFLAGS="$SLACKFLAGS" \
-apxs -ca mod_hosts_access.c -lwrap -lnsl
+CFLAGS="$SLACKFLAGS" apxs -ca mod_hosts_access.c -lwrap -lnsl
# copy into place
-cp .libs/mod_hosts_access.so $PKG/usr/lib/httpd/modules
+cp .libs/mod_hosts_access.so $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules
+
+mkdir -p $PKG/etc/httpd
+sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/mod_hosts_access.conf > \
+ $PKG/etc/httpd/mod_hosts_access.conf.new
( cd $PKG || exit 1
- find . -type f | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+ find . -type f | xargs file | grep -e "executable" -e "shared object" | \
+ grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
@@ -57,6 +65,7 @@ cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
cd $PKG
-/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/mod_hosts_access/mod_hosts_access.conf b/network/mod_hosts_access/mod_hosts_access.conf
new file mode 100644
index 0000000000000..da8e6b3a7608e
--- /dev/null
+++ b/network/mod_hosts_access/mod_hosts_access.conf
@@ -0,0 +1,17 @@
+# Apache config for mod_hosts_access
+
+LoadModule hosts_access_module @baselibdir@/httpd/modules/mod_hosts_access.so
+
+<Directory />
+ HostsAccess On
+ Options FollowSymLinks
+ AllowOverride None
+</Directory>
+
+# To test, restart apache for it to load the module; edit /etc/hosts.allow
+# adding a line like the following:
+# httpd: localhost: deny
+# Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
+# the index page should fail, to verify try:
+# lynx -dump localhost
+# The same can be done in a .htaccess file if AllowOverride Limit has been set.
diff --git a/network/mod_hosts_access/mod_hosts_access.info b/network/mod_hosts_access/mod_hosts_access.info
index 5c6bdb1b3604e..e0f9c8064c8fa 100644
--- a/network/mod_hosts_access/mod_hosts_access.info
+++ b/network/mod_hosts_access/mod_hosts_access.info
@@ -3,6 +3,8 @@ VERSION="1.1.0"
HOMEPAGE="http://www.klomp.org/mod_hosts_access/"
DOWNLOAD="http://downloads.sourceforge.net/httpd-garage/mod_hosts_access-1.1.0.tar.gz"
MD5SUM="2e4fd22e778c8d98d433344a46421eb7"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
MAINTAINER="Menno E. Duursma"
EMAIL="druiloor@zonnet.nl"
-APPROVED="robw810,Erik Hanson"
+APPROVED="rworkman,Erik Hanson"
diff --git a/network/mod_hosts_access/slack-desc b/network/mod_hosts_access/slack-desc
index 16ec11ff64399..33a0d81cb330f 100644
--- a/network/mod_hosts_access/slack-desc
+++ b/network/mod_hosts_access/slack-desc
@@ -5,15 +5,15 @@
# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
- |-----handy-ruler------------------------------------------------------|
+ |-----handy-ruler------------------------------------------------------|
mod_hosts_access: mod_hosts_access (Apache hosts ACL module)
mod_hosts_access:
-mod_hosts_access: Httpd support for Wietse Venema's TCP Wrapper (libwrap)
-mod_hosts_access: hosts based access control system
+mod_hosts_access: This module provides httpd support for Wietse Venema's TCP Wrappers
+mod_hosts_access: (libwrap) hosts-based access control system.
mod_hosts_access:
-mod_hosts_access: mod_hosts_access is developed by
-mod_hosts_access: Vincent Partington, Ken Coar
+mod_hosts_access: mod_hosts_access is developed by Vincent Partington and Ken Coar.
mod_hosts_access:
mod_hosts_access: Please see the README for instructions no how to enable it.
mod_hosts_access:
mod_hosts_access:
+mod_hosts_access: