diff options
| author | Dale Mellor <mcron-lsfnyl@rdmp.org> | 2023-03-18 14:18:17 +0000 |
|---|---|---|
| committer | Dale Mellor <mcron-lsfnyl@rdmp.org> | 2023-03-18 14:18:17 +0000 |
| commit | 0fe4d2cc9544d24ecc3e74a2d92433e01b9e25c6 (patch) | |
| tree | 2cf2ffe793211a8c48ff86a9db57b156f2cddd88 /Makefile.am | |
| parent | fd19e63490e30fb5ae4cc159f72b8f40952ceb9d (diff) | |
| parent | 4727c770c2a723d46b4162cff21ab8f0b75c3998 (diff) | |
| download | mcron-0fe4d2cc9544d24ecc3e74a2d92433e01b9e25c6.tar.gz mcron-0fe4d2cc9544d24ecc3e74a2d92433e01b9e25c6.tar.bz2 mcron-0fe4d2cc9544d24ecc3e74a2d92433e01b9e25c6.zip | |
Merge system-wide Vixie cron updates.
I don't believe that anyone should be running system-wide cron processes these
days (the attack surface is rather large), but should use separate per-user or
per-service mcron daemon processes. But mcron is advertised as a drop-in
Vixie replacement, so we should do what we can to make it safe in this use
case.
I've performed a basic vetting of the changes against vandalism, but haven't
verified the correctness of the code or done any checking; the changes are
being accepted on the basis that almost anything is an improvement on what
currently exists.
Diffstat (limited to 'Makefile.am')
| -rwxr-xr-x | Makefile.am | 53 |
1 files changed, 39 insertions, 14 deletions
diff --git a/Makefile.am b/Makefile.am index 09a0d6d..2a87d72 100755 --- a/Makefile.am +++ b/Makefile.am @@ -27,10 +27,17 @@ noinst_SCRIPTS = if MULTI_USER bin_SCRIPTS += bin/crontab sbin_SCRIPTS = bin/cron +libexec_SCRIPTS = bin/crontab-access-real +sbin_PROGRAMS = bin/crontab-access else -noinst_SCRIPTS += bin/cron bin/crontab +noinst_SCRIPTS += bin/cron bin/crontab bin/crontab-access-real +noinst_PROGRAMS = bin/crontab-access endif +# The dynamic linker should detect that it's being run for a setuid program, +# but we take no chances. +bin_crontab_access_LDFLAGS = -static + # wrapper to be used in the build environment and for running tests. noinst_SCRIPTS += pre-inst-env @@ -68,6 +75,7 @@ pkgscriptdir = $(pkgmoduledir)/scripts dist_pkgscript_DATA = \ src/mcron/scripts/cron.scm \ src/mcron/scripts/crontab.scm \ + src/mcron/scripts/crontab-access.scm \ src/mcron/scripts/mcron.scm pkgscriptgodir = $(pkgmodulegodir)/scripts @@ -77,7 +85,13 @@ compiled_modules = \ $(pkgmodulego_DATA) \ $(pkgscriptgo_DATA) -CLEANFILES = $(compiled_modules) bin/crontab bin/cron bin/mcron +CLEANFILES = $(compiled_modules) \ + bin/crontab \ + bin/crontab-access \ + src/crontab-access.c \ + bin/crontab-access-real \ + bin/cron \ + bin/mcron DISTCLEANFILES = src/mcron/config.scm # Unset 'GUILE_LOAD_COMPILED_PATH' altogether while compiling. Otherwise, if @@ -100,10 +114,9 @@ DISTCLEANFILES = src/mcron/config.scm --warn=format --warn=unbound-variable --warn=arity-mismatch \ --target="$(host)" --output="$@" "$<" $(devnull_verbose) - -bin/% : src/%.in Makefile - $(AM_V_GEN)$(MKDIR_P) bin ; \ - sed -e 's,%PREFIX%,${prefix},g' \ +do_subst = sed -e 's,%PREFIX%,${prefix},g' \ + -e 's,%sbindir%,${sbindir},g' \ + -e 's,%libexecdir%,${libexecdir},g' \ -e 's,%modsrcdir%,${guilesitedir},g' \ -e 's,%modbuilddir%,${guilesitegodir},g' \ -e 's,%localstatedir%,${localstatedir},g' \ @@ -114,8 +127,17 @@ bin/% : src/%.in Makefile -e 's,%PACKAGE_BUGREPORT%,@PACKAGE_BUGREPORT@,g' \ -e 's,%PACKAGE_NAME%,@PACKAGE_NAME@,g' \ -e 's,%PACKAGE_URL%,@PACKAGE_URL@,g' \ - -e 's,%GUILE%,$(GUILE),g' \ - $< > $@ ; \ + -e 's,%GUILE%,$(GUILE),g' + +src/mcron/config.scm: src/mcron/config.scm.in Makefile + $(AM_V_GEN)$(do_subst) $< > $@ + +src/crontab-access.c: src/crontab-access.c.in Makefile + $(AM_V_GEN)$(do_subst) $< > $@ + +bin/% : src/%.in Makefile + $(AM_V_GEN)$(MKDIR_P) bin ; \ + $(do_subst) $< > $@ ; \ chmod a+x $@ @@ -153,6 +175,8 @@ EXTRA_DIST = \ HACKING \ src/cron.in \ src/crontab.in \ + src/crontab-access-real.in \ + src/crontab-access.c.in \ src/mcron.in \ tests/init.sh \ $(TESTS) @@ -166,10 +190,10 @@ transform_exe = s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/ install-exec-hook: if MULTI_USER - tcrontab=`echo crontab | sed '$(transform_exe)'`; \ - chmod u+s $(DESTDIR)$(bindir)/$${tcrontab} - tcron=`echo cron | sed '$(transform_exe)'`; \ - chmod u+s $(DESTDIR)$(sbindir)/$${tcron} + tcrontab=`echo crontab | sed '$(transform_exe)'`; + tcrontab_access=`echo crontab-access | sed '$(transform_exe)'`; \ + chmod u+s $(DESTDIR)$(sbindir)/$${tcrontab_access} + tcron=`echo cron | sed '$(transform_exe)'`; endif tmcron=`echo mcron | sed '$(transform_exe)'`; @@ -178,8 +202,9 @@ installcheck-local: tmcron=`echo mcron | sed '$(transform_exe)'`; \ test -e $(DESTDIR)$(bindir)/$${tmcron} if MULTI_USER - tcrontab=`echo crontab | sed '$(transform_exe)'`; \ - test -u $(DESTDIR)$(bindir)/$${tcrontab} + tcrontab=`echo crontab | sed '$(transform_exe)'`; + tcrontab_access=`echo crontab | sed '$(transform_exe)'`; \ + test -u $(DESTDIR)$(bindir)/$${tcrontab_access} tcron=`echo cron | sed '$(transform_exe)'`; \ test -e $(DESTDIR)$(sbindir)/$${tcron} else !MULTI_USER |