Added --disable-setuid-gdomap option to configure

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@30539 72102866-910b-0410-8b05-ffd578937521

ChangeLog

@@ -1,3 +1,14 @@
+2010-06-02  Nicola Pero  <nicola.pero@meta-innovation.com>
+
+	* configure.ac: Added --disable-setuid-gdomap option to disable
+	installing gdomap as setuid.
+	* configure: Regenerated.
+	* config.mak.in (GNUSTEP_INSTALL_GDOMAP_AS_SETUID): New variable.
+	* Tools/Makefile.postamble:
+	(after-install): Instal gdomap as setuid only if
+	GNUSTEP_INSTALL_GDOMAP_AS_SETUID is set to 'yes'.  Updated
+	messages for the changes and generally tidied messages up.
+
 2010-06-01  Richard Frith-Macdonald <rfm@gnu.org>
 
 	* Source/NSTimeZone.m: add diagnostic to report the source of the

Tools/Makefile.postamble

@@ -50,7 +50,7 @@ after-install::
 	for file in $(MAN1_PAGES) __done; do \
 	  if [ $$file != __done ]; then \
 	    $(INSTALL_DATA) $$file $(GNUSTEP_DOC_MAN)/man1/$$file; \
-	    which gzip && rm -f $(GNUSTEP_DOC_MAN)/man1/$$file.gz \
+	    which gzip > /dev/null && rm -f $(GNUSTEP_DOC_MAN)/man1/$$file.gz \
 		&& gzip -9 $(GNUSTEP_DOC_MAN)/man1/$$file; \
 	  fi; \
 	done; \
@@ -59,26 +59,22 @@ after-install::
 	fi; \
 	for file in $(MAN8_PAGES); do \
 	  $(INSTALL_DATA) $$file $(GNUSTEP_DOC_MAN)/man8/$$file; \
-	    which gzip && rm -f $(GNUSTEP_DOC_MAN)/man8/$$file.gz \
+	    which gzip > /dev/null && rm -f $(GNUSTEP_DOC_MAN)/man8/$$file.gz \
 		&& gzip -9 $(GNUSTEP_DOC_MAN)/man8/$$file; \
-	done; \
-	if [ "`$(WHOAMI)`" != "root" ]; then \
-	  echo ""; \
-	  echo "************************************************************"; \
-	  echo "WARNING: gdomap has not been made setuid to root ..."; \
-	  echo "NOTE: Unless gdomap is started as root at system boot time,"; \
-	  echo "it MUST either be installed owned by root and with the"; \
-	  echo "'s-bit' or you must have defined 'GDOMAP_PORT_OVERRIDE' in"; \
-	  echo "gdomap.h before compiling gdomap.c and NSPortNameServer.m"; \
-	  echo "If either of those cases applies, ignore this message."; \
-	  echo "************************************************************"; \
-	  echo ""; \
-	else \
-	  echo "Making gdomap in $(GNUSTEP_TOOLS)/$(GNUSTEP_TARGET_DIR) setuid to root"; \
-	  echo "WARNING: if possible, you should remove the setuid flag and"; \
-	  echo "WARNING: have gdomap started as root at machine boot time."; \
-	  $(INSTALL) -m 05755 $(GNUSTEP_OBJ_DIR)/gdomap $(GNUSTEP_TOOLS)/$(GNUSTEP_TARGET_DIR); \
-	fi; \
+	done$(END_ECHO)
+ifeq ($(GNUSTEP_INSTALL_GDOMAP_AS_SETUID),no)
+	$(ECHO_NOTHING)echo ""; \
+	echo "Note: gdomap has not been made setuid to root, so you must"; \
+	echo "start it up as root.  Most often this is done at system boot"; \
+	echo "by executing 'gdomap -p' in the startup scripts."; \
+	echo ""$(END_ECHO)
+else
+	$(ECHO_NOTHING)echo ""; \
+	echo "WARNING: Making gdomap in $(GNUSTEP_TOOLS)/$(GNUSTEP_TARGET_DIR) setuid to root"; \
+	echo "WARNING: if possible, you should remove the setuid flag and"; \
+	echo "WARNING: have gdomap started by root at machine boot time."; \
+	echo ""; \
+	$(INSTALL) -m 05755 $(GNUSTEP_OBJ_DIR)/gdomap $(GNUSTEP_TOOLS)/$(GNUSTEP_TARGET_DIR); \
 	echo "************************************************************"; \
 	echo "WARNING: if gdomap is started automatically, it will probe"; \
 	echo "all machines on your network periodically so that it can make"; \
@@ -88,7 +84,8 @@ after-install::
 	echo "remote systems should be probed), and you should add this"; \
 	echo "startup command to your system boot scripts!"; \
 	echo "************************************************************"; \
-	$(END_ECHO)
+	echo ""$(END_ECHO)
+endif
 
 # Things to do before uninstalling
 before-uninstall::

config.mak.in

@@ -31,6 +31,8 @@ ifeq ($(shared),yes)
   CONFIG_SYSTEM_LIB_DIR += @LDIR_FLAGS@
 endif
 
+GNUSTEP_INSTALL_GDOMAP_AS_SETUID=@GNUSTEP_INSTALL_GDOMAP_AS_SETUID@
+
 GNUSTEP_BASE_HAVE_LIBXML=@HAVE_LIBXML@
 GNUSTEP_BASE_HAVE_GNUTLS=@HAVE_GNUTLS@
 

configure

@@ -310,7 +310,7 @@ ac_includes_default="\
 #endif"
 
 ac_subdirs_all="$ac_subdirs_all SSL"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS BASE_NATIVE_OBJC_EXCEPTIONS BASE_NONFRAGILE_ABI build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os GNUSTEP_BASE_DOMAIN GNUSTEP_BASE_RELATIVE_PATHS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP WHOAMI EGREP OBJC_WITH_GC GS_WORDS_BIGENDIAN GS_SINT8 GS_UINT8 ac_cv_sizeof_short ac_cv_sizeof_int ac_cv_sizeof_long ac_cv_sizeof_long_long ac_cv_sizeof_float ac_cv_sizeof_double ac_cv_sizeof_voidp GS_SADDR GS_UADDR GS_SINT16 GS_UINT16 GS_SINT32 GS_UINT32 GS_SINT64 GS_UINT64 GS_HAVE_I64 GS_SINT128 GS_UINT128 GS_HAVE_I128 GS_FLT32 GS_FLT64 _GSC_S_SHT _GSC_S_INT _GSC_S_LNG _GSC_S_LNG_LNG DYNAMIC_LINKER NX_CONST_STRING_OBJCFLAGS NX_CONST_STRING_CLASS OBJCSYNC OBJC2RUNTIME OBJCFLAGS GS_NONFRAGILE GS_MIXEDABI HAVE_OBJC_SYNC_ENTER GS_SIZEOF_MUTEX_T GS_SIZEOF_COND_T HAVE_PTS_STREAM_MODULES INCLUDE_STDINT DEFINE_INT8_T DEFINE_UINT8_T DEFINE_INT16_T DEFINE_UINT16_T DEFINE_INT32_T DEFINE_UINT32_T DEFINE_INT64_T DEFINE_UINT64_T DEFINE_INTPTR_T DEFINE_UINTPTR_T USE_ZLIB HAVE_INET_PTON HAVE_INET_NTOP GS_PASS_ARGUMENTS GS_FAKE_MAIN WITH_FFI XML2_CONFIG XML_CONFIG XML_CFLAGS XML_LIBS HAVE_LIBXSLT HAVE_LIBXML TLS_CONFIG TLS_CFLAGS TLS_LIBS HAVE_GNUTLS HAVE_MDNS USE_GMP INCLUDE_FLAGS LDIR_FLAGS WARN_FLAGS subdirs VERSION MAJOR_VERSION MINOR_VERSION SUBMINOR_VERSION GCC_VERSION LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS BASE_NATIVE_OBJC_EXCEPTIONS BASE_NONFRAGILE_ABI build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os GNUSTEP_BASE_DOMAIN GNUSTEP_BASE_RELATIVE_PATHS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP WHOAMI EGREP OBJC_WITH_GC GS_WORDS_BIGENDIAN GS_SINT8 GS_UINT8 ac_cv_sizeof_short ac_cv_sizeof_int ac_cv_sizeof_long ac_cv_sizeof_long_long ac_cv_sizeof_float ac_cv_sizeof_double ac_cv_sizeof_voidp GS_SADDR GS_UADDR GS_SINT16 GS_UINT16 GS_SINT32 GS_UINT32 GS_SINT64 GS_UINT64 GS_HAVE_I64 GS_SINT128 GS_UINT128 GS_HAVE_I128 GS_FLT32 GS_FLT64 _GSC_S_SHT _GSC_S_INT _GSC_S_LNG _GSC_S_LNG_LNG DYNAMIC_LINKER NX_CONST_STRING_OBJCFLAGS NX_CONST_STRING_CLASS OBJCSYNC OBJC2RUNTIME OBJCFLAGS GS_NONFRAGILE GS_MIXEDABI HAVE_OBJC_SYNC_ENTER GS_SIZEOF_MUTEX_T GS_SIZEOF_COND_T HAVE_PTS_STREAM_MODULES INCLUDE_STDINT DEFINE_INT8_T DEFINE_UINT8_T DEFINE_INT16_T DEFINE_UINT16_T DEFINE_INT32_T DEFINE_UINT32_T DEFINE_INT64_T DEFINE_UINT64_T DEFINE_INTPTR_T DEFINE_UINTPTR_T USE_ZLIB HAVE_INET_PTON HAVE_INET_NTOP GS_PASS_ARGUMENTS GS_FAKE_MAIN WITH_FFI XML2_CONFIG XML_CONFIG XML_CFLAGS XML_LIBS HAVE_LIBXSLT HAVE_LIBXML TLS_CONFIG TLS_CFLAGS TLS_LIBS HAVE_GNUTLS HAVE_MDNS USE_GMP INCLUDE_FLAGS LDIR_FLAGS WARN_FLAGS GNUSTEP_INSTALL_GDOMAP_AS_SETUID subdirs VERSION MAJOR_VERSION MINOR_VERSION SUBMINOR_VERSION GCC_VERSION LIBOBJS LTLIBOBJS'
 ac_subst_files=''
 
 # Initialize some variables set by options.
@@ -889,6 +889,20 @@ Optional Features:
   --disable-tls			Disable use of GNUTLS
   --disable-tlstest		Do not try to compile and run a test TLS program
   --disable-zeroconf		Disable NSNetServices support
+
+  --disable-setuid-gdomap       Disable installing gdomap as a setuid
+                                executable.  By default, it is
+                                installed as a setuid program, so that
+                                it can be started up automatically
+                                by any user at any time.  Use this
+                                option if you are happy starting
+                                gdomap manually at startup (typically
+                                by adding 'gdomap -p' to your
+                                /etc/rc.local or equivalent start up
+                                script), in which case you don't need
+                                gdomap to be setuid and can use a more
+                                secure setup where it isn't setuid.
+
   --disable-openssl		Disable support for openssl in URL classes
 
 Optional Packages:
@@ -22159,6 +22173,30 @@ fi
 
 
 
+#--------------------------------------------------------------------
+# Check if we should install gdomap as setuid
+#--------------------------------------------------------------------
+echo "$as_me:$LINENO: checking if we should install gdomap as setuid" >&5
+echo $ECHO_N "checking if we should install gdomap as setuid... $ECHO_C" >&6
+# Check whether --enable-setuid-gdomap or --disable-setuid-gdomap was given.
+if test "${enable_setuid_gdomap+set}" = set; then
+  enableval="$enable_setuid_gdomap"
+  ac_cv_setuid_gdomap=$enableval
+else
+  ac_cv_setuid_gdomap="yes"
+fi;
+
+if test "$ac_cv_setuid_gdomap" = "yes"; then
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6;
+  GNUSTEP_INSTALL_GDOMAP_AS_SETUID="yes"
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6;
+  GNUSTEP_INSTALL_GDOMAP_AS_SETUID="no"
+fi
+
+
 
 #--------------------------------------------------------------------
 # Configure flags from sub-configure runs, so they show up in our
@@ -22926,6 +22964,7 @@ s,@USE_GMP@,$USE_GMP,;t t
 s,@INCLUDE_FLAGS@,$INCLUDE_FLAGS,;t t
 s,@LDIR_FLAGS@,$LDIR_FLAGS,;t t
 s,@WARN_FLAGS@,$WARN_FLAGS,;t t
+s,@GNUSTEP_INSTALL_GDOMAP_AS_SETUID@,$GNUSTEP_INSTALL_GDOMAP_AS_SETUID,;t t
 s,@subdirs@,$subdirs,;t t
 s,@VERSION@,$VERSION,;t t
 s,@MAJOR_VERSION@,$MAJOR_VERSION,;t t

configure.ac

@@ -2636,6 +2636,36 @@ fi
 
 AC_SUBST(WARN_FLAGS)
 
+#--------------------------------------------------------------------
+# Check if we should install gdomap as setuid
+#--------------------------------------------------------------------
+AC_MSG_CHECKING([if we should install gdomap as setuid])
+AC_ARG_ENABLE(setuid-gdomap,[
+  --disable-setuid-gdomap       Disable installing gdomap as a setuid
+                                executable.  By default, it is
+                                installed as a setuid program, so that
+                                it can be started up automatically
+                                by any user at any time.  Use this
+                                option if you are happy starting
+                                gdomap manually at startup (typically
+                                by adding 'gdomap -p' to your
+                                /etc/rc.local or equivalent start up
+                                script), in which case you don't need
+                                gdomap to be setuid and can use a more
+                                secure setup where it isn't setuid.
+],
+  ac_cv_setuid_gdomap=$enableval,
+  ac_cv_setuid_gdomap="yes")
+
+if test "$ac_cv_setuid_gdomap" = "yes"; then
+  AC_MSG_RESULT(yes);
+  GNUSTEP_INSTALL_GDOMAP_AS_SETUID="yes"
+else
+  AC_MSG_RESULT(no);
+  GNUSTEP_INSTALL_GDOMAP_AS_SETUID="no"
+fi
+
+AC_SUBST(GNUSTEP_INSTALL_GDOMAP_AS_SETUID)
 
 #--------------------------------------------------------------------
 # Configure flags from sub-configure runs, so they show up in our