diff options
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/xrdp/Manifest | 1 | ||||
-rw-r--r-- | net-misc/xrdp/files/startwm.sh | 8 | ||||
-rw-r--r-- | net-misc/xrdp/files/xrdp-0.8.0-crypt-null-return.patch | 36 | ||||
-rw-r--r-- | net-misc/xrdp/files/xrdp-initd | 28 | ||||
-rw-r--r-- | net-misc/xrdp/files/xrdp-sesman.pamd | 4 | ||||
-rw-r--r-- | net-misc/xrdp/metadata.xml | 8 | ||||
-rw-r--r-- | net-misc/xrdp/xrdp-0.8.0-r1.ebuild | 152 |
7 files changed, 237 insertions, 0 deletions
diff --git a/net-misc/xrdp/Manifest b/net-misc/xrdp/Manifest new file mode 100644 index 0000000..acd8c0e --- /dev/null +++ b/net-misc/xrdp/Manifest @@ -0,0 +1 @@ +DIST xrdp-0.8.0.tar.xz 1671376 SHA256 433535039f8b8766d9c22f62de9599afa94dd553e72d9791cec85a5e2f436a60 SHA512 bb2afefce7f53b6c3bca30cb6913171211df63a700f7d70325c1722348d5d31981e1d417727e48fd14aad500d0454e4126e6e1f81f8c09da4928b02f4acff26b WHIRLPOOL 39c1d4852f6f927fd348d345a8d4f4a79824eca0d5682340908d28f3b6b497ae33bfed944294b061b118e4154ed7c5dce15878302145ffabc2ca6b3a2eb07818 diff --git a/net-misc/xrdp/files/startwm.sh b/net-misc/xrdp/files/startwm.sh new file mode 100644 index 0000000..df3dd78 --- /dev/null +++ b/net-misc/xrdp/files/startwm.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# try hard to respect Gentoo's wm choice +. /etc/profile +[ -f /etc/rc.conf ] && . /etc/rc.conf +export XSESSION + +. /etc/X11/xinit/xinitrc diff --git a/net-misc/xrdp/files/xrdp-0.8.0-crypt-null-return.patch b/net-misc/xrdp/files/xrdp-0.8.0-crypt-null-return.patch new file mode 100644 index 0000000..4454390 --- /dev/null +++ b/net-misc/xrdp/files/xrdp-0.8.0-crypt-null-return.patch @@ -0,0 +1,36 @@ +From 851c762ee722a84d15348b2512b3b578282e590b Mon Sep 17 00:00:00 2001 +From: Jay Sorg <jay.sorg@gmail.com> +Date: Wed, 29 Oct 2014 17:54:11 -0700 +Subject: [PATCH] sesman: check for null from crypt() + +--- + sesman/verify_user.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/sesman/verify_user.c b/sesman/verify_user.c +index 98d3dd3..49c475c 100644 +--- a/sesman/verify_user.c ++++ b/sesman/verify_user.c +@@ -51,6 +51,7 @@ long DEFAULT_CC + auth_userpass(char *user, char *pass, int *errorcode) + { + const char *encr; ++ const char *epass; + struct passwd *spw; + struct spwd *stp; + +@@ -84,8 +85,12 @@ auth_userpass(char *user, char *pass, int *errorcode) + /* old system with only passwd */ + encr = spw->pw_passwd; + } +- +- return (strcmp(encr, crypt(pass, encr)) == 0); ++ epass = crypt(pass, encr); ++ if (epass == 0) ++ { ++ return 0; ++ } ++ return (strcmp(encr, epass) == 0); + } + + /******************************************************************************/ diff --git a/net-misc/xrdp/files/xrdp-initd b/net-misc/xrdp/files/xrdp-initd new file mode 100644 index 0000000..8f943e1 --- /dev/null +++ b/net-misc/xrdp/files/xrdp-initd @@ -0,0 +1,28 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + use net logger +} + +start() { + ebegin "Starting X remote desktop daemon" + start-stop-daemon --start --pidfile /var/run/xrdp.pid --exec /usr/sbin/xrdp > /dev/null + eend $? || return $? + + ebegin "Starting remote desktop session manager" + start-stop-daemon --start --pidfile /var/run/xrdp-sesman.pid --exec /usr/sbin/xrdp-sesman > /dev/null + eend $? +} + +stop() { + ebegin "Stopping X remote desktop daemon" + start-stop-daemon --stop --pidfile /var/run/xrdp.pid + eend $? + + ebegin "Stopping remote desktop session manager" + start-stop-daemon --stop --pidfile /var/run/xrdp-sesman.pid + eend $? +} diff --git a/net-misc/xrdp/files/xrdp-sesman.pamd b/net-misc/xrdp/files/xrdp-sesman.pamd new file mode 100644 index 0000000..4712aa8 --- /dev/null +++ b/net-misc/xrdp/files/xrdp-sesman.pamd @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/net-misc/xrdp/metadata.xml b/net-misc/xrdp/metadata.xml new file mode 100644 index 0000000..064e361 --- /dev/null +++ b/net-misc/xrdp/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<!-- maintainer-needed --> + <use> + <flag name="fuse">Enable clipboard file / device redirection via <pkg>sys-fs/fuse</pkg></flag> + </use> +</pkgmetadata> diff --git a/net-misc/xrdp/xrdp-0.8.0-r1.ebuild b/net-misc/xrdp/xrdp-0.8.0-r1.ebuild new file mode 100644 index 0000000..0d94dcb --- /dev/null +++ b/net-misc/xrdp/xrdp-0.8.0-r1.ebuild @@ -0,0 +1,152 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools eutils pam systemd + +DESCRIPTION="An open source Remote Desktop Protocol server" +HOMEPAGE="http://www.xrdp.org/" +# mirrored from https://github.com/neutrinolabs/xrdp/releases +SRC_URI="https://dev.gentoo.org/~mgorny/dist/${P}.tar.xz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug fuse kerberos jpeg pam pulseaudio" + +RDEPEND="dev-libs/openssl:0= + x11-libs/libX11:0= + x11-libs/libXfixes:0= + x11-libs/libXrandr:0= + fuse? ( sys-fs/fuse:0= ) + jpeg? ( virtual/jpeg:0= ) + kerberos? ( virtual/krb5:0= ) + pam? ( virtual/pam:0= ) + pulseaudio? ( media-sound/pulseaudio:0= )" +DEPEND="${RDEPEND} + app-arch/xz-utils" +RDEPEND="${RDEPEND} + || ( + net-misc/tigervnc:0[server,xorgmodule] + net-misc/x11rdp:0 + )" + +# does not work with gentoo version of freerdp +# neutrinordp? ( net-misc/freerdp:0= ) +# incompatible with current ffmpeg/libav (surprising, isn't it?) +# xrdpvr? ( virtual/ffmpeg:0= ) + +src_prepare() { + epatch_user + + # #540630: crypt() unchecked for NULL return + epatch "${FILESDIR}"/${P}-crypt-null-return.patch + + # don't let USE=debug adjust CFLAGS + sed -i -e 's:-g -O0::' configure.ac || die + # disallow root login by default + sed -i -e '/^AllowRootLogin/s/1/0/' sesman/sesman.ini || die + # Fedora files, not included here + sed -i -e '/EnvironmentFile=/d' instfiles/*.service || die + # reorder so that X11rdp comes last again since it's not supported + sed -i -e '/^\[xrdp1\]$/,/^$/{wxrdp.ini.tmp + ;d}' xrdp/xrdp.ini || die + # move newline to the beginning + sed -i -e 'x' xrdp.ini.tmp || die + cat xrdp.ini.tmp >> xrdp/xrdp.ini || die + rm -f xrdp.ini.tmp || die + + eautoreconf + # part of ./bootstrap + ln -s ../config.c sesman/tools/config.c || die +} + +src_configure() { + use kerberos && use pam \ + && ewarn "Both kerberos & pam auth enabled, kerberos will take precedence." + + local myconf=( + # warning: configure.ac is completed flawed + + --localstatedir="${EPREFIX}"/var + + # -- authentication backends -- + # kerberos is inside !SESMAN_NOPAM conditional for no reason + $(use pam || use kerberos || echo --enable-nopam) + $(usex kerberos --enable-kerberos '') + # pam_userpass is not in Gentoo at the moment + #--disable-pamuserpass + + # -- jpeg support -- + $(usex jpeg --enable-jpeg '') + # the package supports explicit linking against libjpeg-turbo + # (no need for -ljpeg compat) + $(use jpeg && has_version 'media-libs/libjpeg-turbo:0' && echo --enable-tjpeg) + + # -- sound support -- + $(usex pulseaudio '--enable-simplesound --enable-loadpulsemodules' '') + + # -- others -- + $(usex debug --enable-xrdpdebug '') + $(usex fuse --enable-fuse '') + # $(usex neutrinordp --enable-neutrinordp '') + # $(usex xrdpvr --enable-xrdpvr '') + + "$(systemd_with_unitdir)" + ) + + econf "${myconf[@]}" +} + +src_install() { + default + prune_libtool_files --all + + # use our pam.d file since upstream's incompatible with Gentoo + use pam && newpamd "${FILESDIR}"/xrdp-sesman.pamd xrdp-sesman + # and our startwm.sh + exeinto /etc/xrdp + doexe "${FILESDIR}"/startwm.sh + + # Fedora stuff + rm -r "${ED}"/etc/default || die + + # own /etc/xrdp/rsakeys.ini + : > rsakeys.ini + insinto /etc/xrdp + doins rsakeys.ini + + # contributed by Jan Psota <jasiupsota@gmail.com> + newinitd "${FILESDIR}/${PN}-initd" ${PN} +} + +pkg_preinst() { + # either copy existing keys over to avoid CONFIG_PROTECT whining + # or generate new keys (but don't include them in binpkg!) + if [[ -f ${EROOT}/etc/xrdp/rsakeys.ini ]]; then + cp {"${EROOT}","${ED}"}/etc/xrdp/rsakeys.ini || die + else + einfo "Running xrdp-keygen to generate new rsakeys.ini ..." + "${S}"/keygen/xrdp-keygen xrdp "${ED}"/etc/xrdp/rsakeys.ini \ + || die "xrdp-keygen failed to generate RSA keys" + fi +} + +pkg_postinst() { + # check for use of bundled rsakeys.ini (installed by default upstream) + if [[ $(cksum "${EROOT}"/etc/xrdp/rsakeys.ini) == '2935297193 1019 '* ]] + then + ewarn "You seem to be using upstream bundled rsakeys.ini. This means that" + ewarn "your communications are encrypted using a well-known key. Please" + ewarn "consider regenerating rsakeys.ini using the following command:" + ewarn + ewarn " ${EROOT}/usr/bin/xrdp-keygen xrdp ${EROOT}/etc/xrdp/rsakeys.ini" + ewarn + fi + + elog "Various session types require different backend implementations:" + elog "- sesman-Xvnc requires net-misc/tigervnc[server,xorgmodule]" + elog "- sesman-X11rdp requires net-misc/x11rdp" +} |