From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.windriver.com (mail.windriver.com [147.11.1.11]) by mail.openembedded.org (Postfix) with ESMTP id 8F1616B19D for ; Thu, 18 Jul 2013 13:17:53 +0000 (UTC) Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail.windriver.com (8.14.5/8.14.3) with ESMTP id r6IDHsTF029164 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Thu, 18 Jul 2013 06:17:54 -0700 (PDT) Received: from yow-jmacdona-d1.ottawa.wrs.com (128.224.146.66) by ALA-HCA.corp.ad.wrs.com (147.11.189.40) with Microsoft SMTP Server (TLS) id 14.2.342.3; Thu, 18 Jul 2013 06:17:54 -0700 Received: from yow-jmacdona-l1 (yow-jmacdona-d2.wrs.com [128.224.146.166]) by yow-jmacdona-d1.ottawa.wrs.com (Postfix) with ESMTP id 465F87FE3; Thu, 18 Jul 2013 09:17:52 -0400 (EDT) Received: by yow-jmacdona-l1 (Postfix, from userid 1000) id 0D36C404D6; Thu, 18 Jul 2013 09:17:53 -0400 (EDT) Date: Thu, 18 Jul 2013 09:17:52 -0400 From: Joe MacDonald To: Rongqing Li Message-ID: <20130718131752.GA7744@windriver.com> References: <1373979075-15576-1-git-send-email-rongqing.li@windriver.com> <20130717184315.GA31259@windriver.com> <51E7A5D5.90403@windriver.com> MIME-Version: 1.0 In-Reply-To: <51E7A5D5.90403@windriver.com> X-URL: http://github.com/joeythesaint/joe-s-common-environment/tree/master X-Configuration: git://github.com/joeythesaint/joe-s-common-environment.git X-Editor: Vim-703 http://www.vim.org User-Agent: Mutt/1.5.21 (2010-09-15) Cc: openembedded-devel@lists.openembedded.org Subject: Re: [meta-networking][PATCH v2] Upgrade vsftpd to 3.0.0 X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: openembedded-devel@lists.openembedded.org List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2013 13:17:53 -0000 X-Groupsio-MsgNum: 45412 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [Re: [meta-networking][PATCH v2] Upgrade vsftpd to 3.0.0] On 13.07.18 (Thu = 16:22) Rongqing Li wrote: >=20 >=20 > On 07/18/2013 02:43 AM, Joe MacDonald wrote: > >Hi Roy, > > > >I merged this into my tree yesterday and on review it turns out I did > >have a question for you (and for anyone else on the list with an > >opinion) and a bit of feedback. > > > >This adds (unconditional) support for tcp-wrappers and makes it a > >requirement for the upgraded vsftp. Is this something we could make > >conditional based on tcp-wrappers being present? Or does anyone think > >this is something worth doing? tcp-wrappers is coming from oe-core and > >I don't have any systems where the new requirement would be a problem, > >but does anyone else have a system they'd want vsftp without > >tcp-wrappers? > > > >A couple of other things below ... > > > >[[meta-networking][PATCH v2] Upgrade vsftpd to 3.0.0] On 13.07.16 (Tue 2= 0:51) rongqing.li@windriver.com wrote: > > > >>From: "Roy.Li" > >> > >>Upgrade vsftpd to 3.0.0 with below modification: > >>1. more strict access limitation, like: do not allow anonymous access > >>2. use vsftpd.ftpusers and vsftpd.user_list to confine user access > >>3. enable pam if DISTRO_FEATURE includes pam > >>4. enable tcp-wrapper > >>5. install vsftpd.conf with 0600 permission, not 0755 > >> > >>Signed-off-by: Roy.Li > >>--- > >> .../recipes-daemons/vsftpd/files/vsftpd.conf | 43 +++++++++++= ++++++--- > >> .../recipes-daemons/vsftpd/files/vsftpd.ftpusers | 15 +++++++ > >> .../recipes-daemons/vsftpd/files/vsftpd.user_list | 20 +++++++++ > >> .../makefile-destdir.patch | 4 +- > >> .../makefile-libs.patch | 2 +- > >> .../makefile-strip.patch | 6 +-- > >> .../{vsftpd-2.3.5 =3D> vsftpd-3.0.0}/nopam.patch | 0 > >> .../vsftpd-3.0.0/vsftpd-tcp_wrappers-support.patch | 25 ++++++++++++ > >> .../vsftpd/{vsftpd_2.3.5.bb =3D> vsftpd_3.0.0.bb} | 36 +++++++++= ++++--- > >> 9 files changed, 133 insertions(+), 18 deletions(-) > >> mode change 100755 =3D> 100644 meta-networking/recipes-daemons/vsftpd= /files/vsftpd.conf > >> create mode 100644 meta-networking/recipes-daemons/vsftpd/files/vsftp= d.ftpusers > >> create mode 100644 meta-networking/recipes-daemons/vsftpd/files/vsftp= d.user_list > >> rename meta-networking/recipes-daemons/vsftpd/{vsftpd-2.3.5 =3D> vsft= pd-3.0.0}/makefile-destdir.patch (95%) > >> rename meta-networking/recipes-daemons/vsftpd/{vsftpd-2.3.5 =3D> vsft= pd-3.0.0}/makefile-libs.patch (92%) > >> rename meta-networking/recipes-daemons/vsftpd/{vsftpd-2.3.5 =3D> vsft= pd-3.0.0}/makefile-strip.patch (68%) > >> rename meta-networking/recipes-daemons/vsftpd/{vsftpd-2.3.5 =3D> vsft= pd-3.0.0}/nopam.patch (100%) > >> create mode 100644 meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.= 0/vsftpd-tcp_wrappers-support.patch > >> rename meta-networking/recipes-daemons/vsftpd/{vsftpd_2.3.5.bb =3D> v= sftpd_3.0.0.bb} (48%) > >> > >>diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf b= /meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf > >>old mode 100755 > >>new mode 100644 > >>index 08f91e0..bb19294 > >>--- a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf > >>+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf > >>@@ -12,17 +12,17 @@ > >> listen=3DYES > >> > >> # Allow anonymous FTP? (Beware - allowed by default if you comment th= is out). > >>-anonymous_enable=3DYES > >>+anonymous_enable=3DNO > >> # > >> # Uncomment this to allow local users to log in. > >>-#local_enable=3DYES > >>+local_enable=3DYES > >> # > >> # Uncomment this to enable any form of FTP write command. > >> write_enable=3DYES > >> # > >> # Default umask for local users is 077. You may wish to change this t= o 022, > >> # if your users expect that (022 is used by most other ftpd's) > >>-#local_umask=3D022 > >>+local_umask=3D022 > >> # > >> # Uncomment this to allow the anonymous FTP user to upload files. Thi= s only > >> # has an effect if the above global write enable is activated. Also, = you will > >>@@ -54,7 +54,7 @@ connect_from_port_20=3DYES > >> #xferlog_file=3D/var/log/vsftpd.log > >> # > >> # If you want, you can have your log file in standard ftpd xferlog fo= rmat > >>-#xferlog_std_format=3DYES > >>+xferlog_std_format=3DYES > >> # > >> # You may change the default value for timing out an idle session. > >> #idle_session_timeout=3D600 > >>@@ -64,7 +64,7 @@ connect_from_port_20=3DYES > >> # > >> # It is recommended that you define on your system a unique user whic= h the > >> # ftp server can use as a totally isolated and unprivileged user. > >>-#nopriv_user=3Dftpsecure > >>+#nopriv_user=3Dftp > >> # > >> # Enable this and the server will recognise asynchronous ABOR request= s. Not > >> # recommended for security (the code is non-trivial). Not enabling it, > >>@@ -105,4 +105,35 @@ connect_from_port_20=3DYES > >> # sites. However, some broken FTP clients such as "ncftp" and "mirror= " assume > >> # the presence of the "-R" option, so there is a strong case for enab= ling it. > >> #ls_recurse_enable=3DYES > >>- > >>+# > >>+# This string is the name of the PAM service vsftpd will use. > >>+pam_service_name=3Dvsftpd > > > >I haven't tried this, does it do the right thing when PAM is not present > >on the system? In particular, what's it do when nopam.patch is applied? > >In that same vein: > > > Yes, it works well when no pam. >=20 > It only tells vsftpd should find which files to apply pam library. >=20 > like: /etc/pam.d/vsftpd Okay, I'm mainly interested to know if it short-circuits anything in the configuration that would cause the non-PAM scenario to no longer allow anyone to log in when the above configuration says "no anonymous / local users allowed". Sounds like not, so that's cool. > >ERROR: Command Error: exit status: 1 Output: > >Applying patch nopam.patch > >patching file builddefs.h > >Hunk #1 FAILED at 2. > >1 out of 1 hunk FAILED -- rejects in file builddefs.h > >Patch nopam.patch does not apply (enforce with -f) > >ERROR: Function failed: patch_do_patch > >ERROR: Logfile of failure stored in: /home/jjm/yocto/yocto-build/tmp/wor= k/core2-poky-linux/vsftpd/3.0.0-r0/temp/log.do_patch.26623 > >ERROR: Task 1 (/home/jjm/yocto/meta-oe/meta-networking/recipes-daemons/v= sftpd/vsftpd_3.0.0.bb, do_patch) failed with exit code '1' > > > >I had to refresh nopam.patch. Can you send an updated version with a > >sign-off on it? >=20 >=20 > OK. >=20 > >>+# > >>+# This option is examined if userlist_enable is activated. If you set = this > >>+# setting to NO, then users will be denied login unless they are ex= plicitly > >>+# listed in the file specified by userlist_file. When login is denie= d, the > >>+# denial is issued before the user is asked for a password. > >>+userlist_deny=3DYES > >>+# > >>+# If enabled, vsftpd will load a list of usernames, from the filename = given by > >>+# userlist_file. If a user tries to log in using a name in this f= ile, they > >>+# will be denied before they are asked for a password. This may be use= ful in > >>+# preventing cleartext passwords being transmitted. See also userlist_= deny. > >>+userlist_enable=3DYES > > > >I've always disliked these options in vsftpd. They are confusing and > >lead to inconsistent configurations. That said, the behaviour is > >predictable right up until we factor in the (unused?) vsftp.ftpusers > >file. I think that was intended to be a whitelist and I think it's a > >redhatism, but I really don't know. Can you confirm (a) it's needed and > >(b) it does something when we already have vsftp.user_list? Or dump it > >from the commit? I'd really rather not install both unless both are > >absolutely necessary. The configuration you have with userlist_deny=3DY= ES > >is okay, though what's the behaviour of userlist_deny=3DNO, have an empty > >file and allow PAM logins? That seems to be the safest default > >configuration here, since you also are disabling anonymous logins > >(something I think is a good plan). > > > >-J. > > >=20 >=20 > I think vsftpd.user_list has given a good comments. It does. We're not looking to address how vsftpd implemented a solution that may or may not be simpler than hosts.allow/hosts.deny, I'm just saying that I'd like to see the default configuration as straightforward as possible. > >>+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list > >>@@ -0,0 +1,20 @@ > >>+# vsftpd userlist > >>+# If userlist_deny=3DNO, only allow users in this file > >>+# If userlist_deny=3DYES (default), never allow users in this file, and > >>+# do not even prompt for a password. > >>+# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpu= sers > >>+# for users that are denied. >=20 > They are not necessary, but I am keeping these configurations are same > as Fedora Core. I've not logged into a FC machine in a very long time, but if the comment above is to be taken at face value, then your install rule for vsftpd.ftpusers is incorrect. It installs the file into /etc/vsftpd.ftpusers, not /etc/vsftpd/ftpusers. I'd rather see ftpusers not installed at all, or left empty, but I'll be okay with this approach so long as the docs are accurate. -J. >=20 >=20 > -Roy >=20 >=20 > >>+# > >>+# If enabled, vsftpd will display directory listings with the time i= n your > >>+# local time zone. The default is to display GMT. The times returned b= y the > >>+# MDTM FTP command are also affected by this option. > >>+use_localtime=3DYES > >>+# > >>+# If set to YES, local users will be (by default) placed in a chroot()= jail in > >>+# their home directory after login. Warning: This option has securi= ty > >>+# implications, especially if the users have upload permission, or = shell access. > >>+# Only enable if you know what you are doing. Note that these securit= y implications > >>+# are not vsftpd specific. They apply to all FTP daemons which offer t= o put > >>+# local users in chroot() jails. > >>+chroot_local_user=3DYES > >>+# > >>+allow_writeable_chroot=3DYES > >>+# > >>+tcp_wrappers=3DYES > >>diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpuse= rs b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers > >>new file mode 100644 > >>index 0000000..096142f > >>--- /dev/null > >>+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers > >>@@ -0,0 +1,15 @@ > >>+# Users that are not allowed to login via ftp > >>+root > >>+bin > >>+daemon > >>+adm > >>+lp > >>+sync > >>+shutdown > >>+halt > >>+mail > >>+news > >>+uucp > >>+operator > >>+games > >>+nobody > >>diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_l= ist b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list > >>new file mode 100644 > >>index 0000000..3e2760f > >>--- /dev/null > >>+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list > >>@@ -0,0 +1,20 @@ > >>+# vsftpd userlist > >>+# If userlist_deny=3DNO, only allow users in this file > >>+# If userlist_deny=3DYES (default), never allow users in this file, and > >>+# do not even prompt for a password. > >>+# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpu= sers > >>+# for users that are denied. > >>+root > >>+bin > >>+daemon > >>+adm > >>+lp > >>+sync > >>+shutdown > >>+halt > >>+mail > >>+news > >>+uucp > >>+operator > >>+games > >>+nobody > >>diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefi= le-destdir.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/make= file-destdir.patch > >>similarity index 95% > >>rename from meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefil= e-destdir.patch > >>rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-= destdir.patch > >>index ee37f26..1980d09 100644 > >>--- a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-dest= dir.patch > >>+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-dest= dir.patch > >>@@ -7,8 +7,8 @@ Signed-off-by: Paul Eggleton > >> diff --git a/Makefile b/Makefile > >> --- a/Makefile > >> +++ b/Makefile > >>-@@ -24,21 +24,21 @@ vsftpd: $(OBJS) > >>- $(CC) -o vsftpd $(OBJS) $(LINK) $(LIBS) $(LDFLAGS) > >>+@@ -24,21 +24,21 @@ > >>+ $(CC) -o vsftpd $(OBJS) $(LINK) $(LIBS) > >> > >> install: > >> - if [ -x /usr/local/sbin ]; then \ > >>diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefi= le-libs.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefil= e-libs.patch > >>similarity index 92% > >>rename from meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefil= e-libs.patch > >>rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-= libs.patch > >>index 6a419db..9a10f72 100644 > >>--- a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-libs= =2Epatch > >>+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-libs= =2Epatch > >>@@ -10,7 +10,7 @@ Signed-off-by: Paul Eggleton > >> diff --git a/Makefile b/Makefile > >> --- a/Makefile > >> +++ b/Makefile > >>-@@ -5,7 +5,7 @@ IFLAGS =3D -idirafter dummyinc > >>+@@ -5,7 +5,7 @@ > >> #CFLAGS =3D -g > >> CFLAGS =3D -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion > >> > >>diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefi= le-strip.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefi= le-strip.patch > >>similarity index 68% > >>rename from meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefil= e-strip.patch > >>rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-= strip.patch > >>index a2e0cd0..fd31600 100644 > >>--- a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-stri= p.patch > >>+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-stri= p.patch > >>@@ -7,11 +7,11 @@ Signed-off-by: Paul Eggleton > >> diff --git a/Makefile b/Makefile > >> --- a/Makefile > >> +++ b/Makefile > >>-@@ -6,7 +6,6 @@ IFLAGS =3D -idirafter dummyinc > >>- CFLAGS =3D -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion > >>+@@ -9,7 +9,6 @@ CFLAGS =3D -O2 -fPIE -fstack-protector --param=3Dssp-b= uffer-size=3D4 \ > >>+ #-pedantic -Wconversion > >> > >> LIBS =3D -lssl -lcrypto -lnsl -lresolv > >> -LINK =3D -Wl,-s > >>+ LDFLAGS =3D -fPIE -pie -Wl,-z,relro -Wl,-z,now > >> > >> OBJS =3D main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock= =2Eo \ > >>- tunables.o ftpdataio.o secbuf.o ls.o \ > >>diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/nopam.= patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/nopam.patch > >>similarity index 100% > >>rename from meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/nopam.p= atch > >>rename to meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/nopam.pat= ch > >>diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/vsftpd= -tcp_wrappers-support.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd= -3.0.0/vsftpd-tcp_wrappers-support.patch > >>new file mode 100644 > >>index 0000000..69745b3 > >>--- /dev/null > >>+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/vsftpd-tcp_wr= appers-support.patch > >>@@ -0,0 +1,25 @@ > >>+Enable tcp_wrapper. > >>+ > >>+Upstream-Status: Inappropriate [configuration] > >>+ > >>+Signed-off-by: Roy.Li > >>+--- > >>+ builddefs.h | 2 +- > >>+ 1 files changed, 1 insertions(+), 1 deletions(-) > >>+ > >>+diff --git a/builddefs.h b/builddefs.h > >>+index e908352..0106d1a 100644 > >>+--- a/builddefs.h > >>++++ b/builddefs.h > >>+@@ -1,7 +1,7 @@ > >>+ #ifndef VSF_BUILDDEFS_H > >>+ #define VSF_BUILDDEFS_H > >>+ > >>+-#undef VSF_BUILD_TCPWRAPPERS > >>++#define VSF_BUILD_TCPWRAPPERS > >>+ #define VSF_BUILD_PAM > >>+ #undef VSF_BUILD_SSL > >>+ > >>+-- > >>+1.7.1 > >>+ > >>diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_2.3.5.bb b/m= eta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb > >>similarity index 48% > >>rename from meta-networking/recipes-daemons/vsftpd/vsftpd_2.3.5.bb > >>rename to meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb > >>index f146910..0ea1359 100644 > >>--- a/meta-networking/recipes-daemons/vsftpd/vsftpd_2.3.5.bb > >>+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb > >>@@ -4,18 +4,29 @@ SECTION =3D "network" > >> LICENSE =3D "GPLv2" > >> LIC_FILES_CHKSUM =3D "file://COPYING;md5=3Da6067ad950b28336613aed9dd4= 7b1271" > >> > >>-DEPENDS =3D "libcap openssl" > >>+DEPENDS =3D "libcap openssl tcp-wrappers" > >> > >> SRC_URI =3D "https://security.appspot.com/downloads/vsftpd-${PV}.tar.= gz \ > >> file://makefile-destdir.patch \ > >> file://makefile-libs.patch \ > >> file://makefile-strip.patch \ > >>- file://nopam.patch \ > >> file://init \ > >>- file://vsftpd.conf" > >>+ file://vsftpd.conf \ > >>+ file://vsftpd-tcp_wrappers-support.patch \ > >>+ file://vsftpd.user_list \ > >>+ file://vsftpd.ftpusers \ > >>+" > >> > >>-SRC_URI[md5sum] =3D "01398a5bef8e85b6cf2c213a4b011eca" > >>-SRC_URI[sha256sum] =3D "d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca= 965f6e2f60879e54f1" > >>+LIC_FILES_CHKSUM =3D "file://COPYING;md5=3Da6067ad950b28336613aed9dd47= b1271 \ > >>+ file://COPYRIGHT;md5=3D04251b2eb0f298dae376d92= 454f6f72e \ > >>+ file://LICENSE;md5=3D654df2042d44b8cac8a5654fc= 5be63eb" > >>+SRC_URI[md5sum] =3D "ad9fa952558c2c5b0426ccaccff0f972" > >>+SRC_URI[sha256sum] =3D "ef70205dcd0c7f03b008b9578fb44c0cbe31e66daab8cf= afb9904747c17fc2a8" > >>+ > >>+DEPENDS +=3D "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '',= d)}" > >>+RDEPENDS_${PN} +=3D "${@base_contains('DISTRO_FEATURES', 'pam', 'pam-p= lugin-listfile', '', d)}" > >>+SRC_URI +=3D "${@base_contains('DISTRO_FEATURES', 'pam', '', 'file://n= opam.patch', d)}" > >>+PAMLIB =3D "${@base_contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BA= SELIBDIR} -lpam', '', d)}" > >> > >> inherit update-rc.d useradd > >> > >>@@ -29,15 +40,28 @@ do_configure() { > >> mv tunables.c.new tunables.c > >> } > >> > >>+do_compile() { > >>+ oe_runmake "LIBS=3D-L${STAGING_LIBDIR} -lcrypt -lcap ${PAMLIB} -lwr= ap" > >>+} > >>+ > >> do_install() { > >> install -d ${D}${sbindir} > >> install -d ${D}${mandir}/man8 > >> install -d ${D}${mandir}/man5 > >> oe_runmake 'DESTDIR=3D${D}' install > >> install -d ${D}${sysconfdir} > >>- install -m 0755 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.co= nf > >>+ install -m 600 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf > >> install -d ${D}${sysconfdir}/init.d/ > >> install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/vsftpd > >>+ > >>+ install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/ > >>+ install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/ > >>+ if ! test -z ${PAMLIB} ; then > >>+ install -d ${D}${sysconfdir}/pam.d/ > >>+ cp ${S}/RedHat/vsftpd.pam ${D}${sysconfdir}/pam.d/vsftpd > >>+ sed -i "s:/lib/security:${base_libdir}/security:" ${D}${syscon= fdir}/pam.d/vsftpd > >>+ sed -i "s:ftpusers:vsftpd.ftpusers:" ${D}${sysconfdir}/pam.d/v= sftpd > >>+ fi > >> } > >> > >> INITSCRIPT_PACKAGES =3D "${PN}" >=20 --=20 -Joe MacDonald. :wq --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHn6wAACgkQPN8S4W6ZZndLagCfYbN7VZEY3/kXreoLe61r1qIN X/AAniUh+tS/r2Ry0trGLDVR7DWtNpm0 =EWo2 -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm--