source: server/fedora/Makefile @ 823

Last change on this file since 823 was 823, checked in by geofft, 14 years ago
Add suexec support for things in a trusted directory, so we can make a trusted svn, etc. wrapper and su to the target user to use their permissions. This commit is being made with svnserve being invoked by such a trusted wrapper. Let's see if it works.
File size: 6.4 KB
Line 
1# Makefile for building scripts.mit.edu Fedora packages
2# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
3#                and  Joe Presbrey <presbrey@mit.edu>
4#
5# This program is free software; you can redistribute it and/or
6# modify it under the terms of the GNU General Public License
7# as published by the Free Software Foundation; either version 2
8# of the License, or (at your option) any later version.
9#
10# This program is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU General Public License for more details.
14#
15# You should have received a copy of the GNU General Public License
16# along with this program; if not, write to the Free Software
17# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
18#
19# See /COPYRIGHT in this repository for more information.
20
21upstream_yum    = krb5 httpd openssh
22upstream        = openafs $(upstream_yum)
23oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i386 whoisd mit-zephyr
24allsrc          = $(upstream) $(oursrc)
25oursrcdir       = ${PWD}/../common/oursrc
26patches         = ${PWD}/../common/patches
27specs           = ${PWD}/specs
28
29topdir          = ${HOME}/rpmbuild
30tmp_build       = $(topdir)/BUILD
31tmp_specs       = $(topdir)/SPECS
32tmp_src         = $(topdir)/SOURCES
33out_rpms        = $(topdir)/RPMS
34out_srpms       = $(topdir)/SRPMS
35out_sbin        = $(topdir)/sbin
36
37dload           = ${PWD}/.dload
38server_url      = "http://web.mit.edu/scripts/src"
39server_arch     = "fedora.stable"
40openafs_url     = "http://dl.openafs.org/dl/openafs/1.4.7/openafs-1.4.7-1.1.1.src.rpm"
41
42.PHONY: minimal-clean
43
44info:
45        @echo "The following packages are available:"; \
46        echo "$(allsrc)"; \
47        echo "Run 'make all' to build all packages."
48
49minimal-clean:
50        rm -rf $(topdir) $(dload)
51
52clean: minimal-clean
53        rm -rf $(out_rpms) $(out_srpms) $(out_sbin)
54
55mkdir-tree:
56        @rpmdev-setuptree
57        mkdir -p $(out_sbin)
58        ln -sTf $(topdir) rpmbuild
59
60download: download_stamp
61download_stamp:
62        @mkdir -p $(dload); \
63        #wget -qO- -nv $(server_url)/$(server_arch) | xargs make
64        cd $(dload) && yumdownloader --source $(upstream_yum)
65        wget -P $(dload) $(openafs_url)
66        touch download_stamp
67
68%.src.rpm:
69        wget -q -nv -N -B $(server_url) -nd -nH -P $(dload) $(server_url)/$*.src.rpm
70
71copy-patches: mkdir-tree
72        @cp $(patches)/*.patch $(tmp_src); \
73        cd $(tmp_src);
74
75install-srpms: mkdir-tree download
76        rpm $(rpm_args) -i $(dload)/*.src.rpm 2>/dev/null;
77
78copy-specs: mkdir-tree
79        cp ${specs}/*.spec $(tmp_specs)
80
81patch-specs: install-srpms
82        @cd ${tmp_specs}; \
83        list=`ls ${specs}/*.spec.patch`; \
84        for i in $$list; do \
85                patch < $$i; \
86        done;
87
88# 1. use the package's Makefile to delete leftover files and run autoconf
89# 2. create a tarball (we want it to contain the autoconf output)
90tarballs: mkdir-tree
91        @cd ${oursrcdir}; \
92        list=`find -mindepth 1 -maxdepth 1 -type d | grep -v ".svn"`; \
93        for i in $$list; do \
94                pushd $$i; \
95                if [ -x ./mrproper ]; then \
96                        ./mrproper; \
97                        autoconf; \
98                fi; \
99                popd; \
100                tar -czf $(tmp_src)/$$i.tar.gz $$i; \
101        done;
102
103#setup: install-srpms copy-patches copy-specs patch-specs tarballs
104setup: copy-patches copy-specs tarballs
105
106oursrc:
107        make $(oursrc)
108
109upstream: mkdir-tree download
110        make $(upstream)
111
112all:
113        make $(allsrc)
114
115$(filter %.i386,$(oursrc)): %.i386: setup
116        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
117        setarch i386 rpmbuild $(rpmbuild_args) --target=i386 --define="_lib lib" -bb ${tmp_specs}/$**.spec
118
119$(filter-out %.i386,$(oursrc)): %: setup
120        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
121        rpmbuild $(rpmbuild_args) -bb ${tmp_specs}/$**.spec
122
123$(upstream): setup patch-specs
124        rpmbuild $(rpmbuild_args) -ba ${tmp_specs}/$@.spec
125
126openafs-kernel: setup
127        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
128        rpmbuild $(rpmbuild_args) -bb ${tmp_specs}/openafs*.spec
129
130#sort -n sorts "2.6.25-1" later than "2.6.25.1-1", so it's Wrong
131#kernvers = $(shell rpm -q --qf "%{Version}-%{Release}\n" --whatprovides kernel | sort -n | tail -n1)
132kernvers = $(shell uname -r | sed "s/\(.*\)[.].*/\1/")
133kvariants = ''
134openafs_rpmbuild_args = --define "fedorakmod 1" --define "kvariants $(kvariants)" --define "kernvers $(kernvers)" --nodeps
135openafs: rpmbuild_args += $(openafs_rpmbuild_args)
136openafs-kernel: rpmbuild_args += $(openafs_rpmbuild_args) --define "build_userspace 0" --define "build_modules 1"
137
138suexec: #install-srpms
139        @rm -rf ${tmp_src}/httpd-2*/; \
140        tar zxvf ${tmp_src}/httpd-2*.tar.gz; \
141        cd httpd-2*; \
142        patch -p1 < ${patches}/httpd-suexec-scripts.patch; \
143        autoreconf; \
144        ./configure --prefix=/etc/httpd --with-suexec-userdir=web_scripts --with-suexec-caller=apache --with-suexec-uidmin=50 --with-suexec-gidmin=50 --with-suexec-docroot=/ --with-suexec-trusteddir=/usr/libexec/scripts-trusted; \
145        pushd support; \
146        mkdir -p ${out_sbin}; make suexec && cp suexec ${out_sbin}; \
147        popd; \
148        rm -rf httpd-2*; \
149        echo; \
150        echo "suexec binary written to ${out_sbin}."; \
151        echo "Run 'make install-suexec' as root to install it.";
152
153install-suexec:
154        install -m 4510 -o 0 -g apache ${out_sbin}/suexec /usr/sbin/;
155
156frob-openafs:
157        @if [ ! -d "/etc/openafs/" ]; then \
158        echo "/etc/openafs does not exist"; \
159        exit 1; \
160        else \
161        ln -nfs /etc/openafs/* /usr/vice/etc/; \
162        fi
163
164# The following packages are needed for our packages
165basic-deps      = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation glibc-devel.i386
166oursrc-deps     = hesinfo openldap-clients
167httpdmods-deps  = httpd-devel
168httpd-deps      = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel
169krb5-deps       = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex
170openafs-deps    = pam-devel automake
171mit-zephyr-deps = readline-devel hesiod-devel hesiod-devel.i386 hesiod.i386 libXt.i386 #compat-readline43
172openssh-deps    = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth gobject-devel pango-devel cairo-devel libedit-devel nss-devel
173install-deps:
174        yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps)
175        rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm
176
177fedora:
178        make install-deps
179        make upstream
180        rpm -ivh $(out_rpms)/`uname -m`/openafs-devel*.rpm
181        make oursrc
Note: See TracBrowser for help on using the repository browser.